Subject: apt-listdifferences: diff goes outside package tree
Date: Tue, 23 Dec 2014 01:03:29 +0100
Package: apt-listdifferences
Version: 1.20141011
Severity: important
Dear Maintainer,
when running apt-listdifferences, it happens sometimes, diff is comparing data outside the tmp source dir.
E.g. this now happens with docker.io:
diff: /tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs/a/d: Datei oder Verzeichnis nicht gefunden
diff: /tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs/a/e/h/.kde/socket-data: Datei oder Verzeichnis nicht gefunden
This is basically in my home dir.
Here one of the examples, what we see in the original source:
root@data:/tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs# ls -l
insgesamt 0
drwxr-xr-x 2 root root 100 Nov 24 18:38 a
drwxr-xr-x 2 root root 60 Nov 24 18:38 b
lrwxrwxrwx 1 root root 40 Nov 24 18:38 g -> ../../../../../../../../../../../../root
lrwxrwxrwx 1 root root 1 Nov 24 18:38 i -> a
drwxr-xr-x 2 root root 60 Nov 24 18:38 j
root@data:/tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs#
Thanks
Achim
-- System Information:
Debian Release: 8.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.17.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt-listdifferences depends on:
ii debconf [debconf-2.0] 1.5.54
ii debian-keyring 2014.12.10
ii devscripts 2.14.11
ii python3 3.4.2-2
ii python3-apt 0.9.3.11
ii python3-debian 0.1.25
Versions of packages apt-listdifferences recommends:
ii diffstat 1.58-1
apt-listdifferences suggests no packages.
-- debconf information:
apt-listdifferences/purge: false
* apt-listdifferences/initialize: true
Information forwarded
to [email protected]: Bug#773762; Package apt-listdifferences.
(Wed, 13 Jul 2016 03:36:43 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <[email protected]>:
Extra info received and forwarded to list.
(Wed, 13 Jul 2016 03:36:43 GMT) (full text, mbox, link).
Subject: Re: Bug#773762: apt-listdifferences: diff goes outside package tree
Date: Tue, 12 Jul 2016 21:44:32 -0400
control: severity -1 wishlist
control: reassign -1 devscripts
control: affects -1 apt-listdifferences
control: retitle -1 [debdiff] option to avoid dereferencing symlinks
On Mon, Dec 22, 2014 at 7:03 PM, Achim Schaefer wrote:
> when running apt-listdifferences, it happens sometimes, diff is comparing data outside the tmp source dir.
> E.g. this now happens with docker.io:
> diff: /tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs/a/d: Datei oder Verzeichnis nicht gefunden
> diff: /tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs/a/e/h/.kde/socket-data: Datei oder Verzeichnis nicht gefunden
> This is basically in my home dir.
> Here one of the examples, what we see in the original source:
> root@data:/tmp/BsDox6gACB/docker.io-1.3.2~dfsg1/pkg/symlink/testdata/fs# ls -l
> insgesamt 0
> drwxr-xr-x 2 root root 100 Nov 24 18:38 a
> drwxr-xr-x 2 root root 60 Nov 24 18:38 b
> lrwxrwxrwx 1 root root 40 Nov 24 18:38 g -> ../../../../../../../../../../../../root
> lrwxrwxrwx 1 root root 1 Nov 24 18:38 i -> a
> drwxr-xr-x 2 root root 60 Nov 24 18:38 j
debdiff would need to provide an option that passes --no-dereference to diff.
Best wishes,
Mike
Changed Bug title to '[debdiff] option to avoid dereferencing symlinks' from 'apt-listdifferences: diff goes outside package tree'.
Request was from Michael Gilbert <[email protected]>
to [email protected].
(Wed, 13 Jul 2016 03:36:46 GMT) (full text, mbox, link).
Acknowledgement sent
to "Adam D. Barratt" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Devscripts Devel Team <[email protected]>.
(Wed, 13 Jul 2016 19:03:10 GMT) (full text, mbox, link).
Subject: Re: Bug#773762: apt-listdifferences: diff goes outside package tree
Date: Wed, 13 Jul 2016 20:01:25 +0100
Your reply was not CCed to either the devscripts package alias or the
submitter. I had to manually download the mbox from the BTS in order to
reply. Please remember to CC people when reassigning. :-(
On Tue, 2016-07-12 at 21:44 -0400, Michael Gilbert wrote:
> control: severity -1 wishlist
> control: reassign -1 devscripts
> control: affects -1 apt-listdifferences
> control: retitle -1 [debdiff] option to avoid dereferencing symlinks
>
> On Mon, Dec 22, 2014 at 7:03 PM, Achim Schaefer wrote:
> > when running apt-listdifferences, it happens sometimes, diff is comparing data outside the tmp source dir.
[...]
> debdiff would need to provide an option that passes --no-dereference to diff.
Regards,
Adam
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.