Processed: Re: Bug#964234: dpkg-source: Considers missing symlink targets directory traversals
Processing control commands: > reassign -1 dpkg-dev Bug #964234 [src:dpkg,src:firmware-nonfree] dpkg,firmware-nonfree: cannot unpack: dpkg-source: error: pathname 'firmware-nonfree-20190717/debian/config/libertas/sd8688_helper.bin' points outside source root Bug reassigned from package 'src:dpkg,src:firmware-nonfree' to 'dpkg-dev'. No longer marked as found in versions dpkg/20190717-2, dpkg,firmware-nonfree/20190717-2, dpkg/1.20.3, firmware-nonfree/1.20.3, and firmware-nonfree/20190717-2. Ignoring request to alter fixed versions of bug #964234 to the same values previously set > retitle -1 dpkg-source: Considers missing symlink targets directory traversals Bug #964234 [dpkg-dev] dpkg,firmware-nonfree: cannot unpack: dpkg-source: error: pathname 'firmware-nonfree-20190717/debian/config/libertas/sd8688_helper.bin' points outside source root Changed Bug title to 'dpkg-source: Considers missing symlink targets directory traversals' from 'dpkg,firmware-nonfree: cannot unpack: dpkg-source: error: pathname 'firmware-nonfree-20190717/debian/config/libertas/sd8688_helper.bin' points outside source root'. > found -1 1.20.0 Bug #964234 [dpkg-dev] dpkg-source: Considers missing symlink targets directory traversals Marked as found in versions dpkg/1.20.0. -- 964234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964234 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#964234: dpkg-source: Considers missing symlink targets directory traversals
Control: reassign -1 dpkg-dev Control: retitle -1 dpkg-source: Considers missing symlink targets directory traversals Control: found -1 1.20.0 On Sat, 2020-07-04 at 01:20:18 +0200, Andreas Beckmann wrote: > Source: dpkg,firmware-nonfree > Version: 20190717-2 > Severity: serious > Tags: ftbfs > Justification: fails to build from source > Control: found -1 20190717-2 > Control: found -1 1.20.3 > src:firmware-nonfree fails to unpack in sid with latest dpkg: > > dpkg-source: info: extracting firmware-nonfree in firmware-nonfree-20190717 > dpkg-source: info: unpacking firmware-nonfree_20190717.orig.tar.xz > dpkg-source: info: unpacking firmware-nonfree_20190717-2.debian.tar.xz > dpkg-source: info: using patch list from debian/patches/series > dpkg-source: info: applying gitignore.patch > Use of uninitialized value $canon_pathname in pattern match (m//) at > /usr/share/perl5/Dpkg/Source/Package.pm line 550. > dpkg-source: error: pathname > 'firmware-nonfree-20190717/debian/config/libertas/sd8688_helper.bin' points > outside source root > > Since this could also be a dpkg error (see the perl warning before the > failure) > I'm assigning this bug to both packages, please reassign as appropriate. It is, the pathname above is a symlink to a missing target, which is definitely not a directory traversal attempt. I'm fixing this now, and will upload tomorrow. Thanks, Guillem
