e0dc594...
by
Niels Thykier
on 2013-04-16
Release lintian/2.5.10.5 into unstable
Signed-off-by: Niels Thykier <email address hidden>
cc64e9b...
by
Niels Thykier
on 2013-04-16
d/changelog: Add reference to CVE-2013-1429
Signed-off-by: Niels Thykier <email address hidden>
619936c...
by
Niels Thykier
on 2013-04-04
L::C::Package: Check filenames for possible traversals
Make _fetch_ extracted_ dir verify that input filename will not escape
the "root" dir it is serving from. Particularly, this protects checks
that naively passes filenames to unpacked, debfiles or/and control.
This check only catches poor input filenames; it cannot prevent the
check from reading across an unsafe symlink.
Signed-off-by: Niels Thykier <email address hidden>
b78050c...
by
Niels Thykier
on 2013-04-05
checks/po-debconf: Set INTLTOOL_EXTRACT unconditionally
Signed-off-by: Niels Thykier <email address hidden>
32d2649...
by
Niels Thykier
on 2013-04-05
checks/*: Check for symlinks before opening files
Signed-off-by: Niels Thykier <email address hidden>
684a310...
by
Niels Thykier
on 2013-04-05
coll/*: Fix traversal via symlink in multiple collections
Signed-off-by: Niels Thykier <email address hidden>
d0b2dc6...
by
Niels Thykier
on 2013-04-05
coll/debian-readme: Check that usr/share/doc/<pkg> is safe
At the same time, stop looking at files in usr/doc/<pkg>.
Signed-off-by: Niels Thykier <email address hidden>
3de00b8...
by
Niels Thykier
on 2013-04-05
coll/changelog- file: Check usr/share/doc/<pkg> is safe
At the same time, stop looking at files in usr/doc/<pkg>.
Signed-off-by: Niels Thykier <email address hidden>
e725c58...
by
Niels Thykier
on 2013-04-05
L::Util: Add is_ancestor_of function
This function can test if a given path is "contained" within a given
dir (or is the dir itself).
Signed-off-by: Niels Thykier <email address hidden>
f9b569f...
by
Niels Thykier
on 2013-04-04
c/shared-libs: Ignore maintscript that are symlinks
Signed-off-by: Niels Thykier <email address hidden>