Bug#753921: getfem++: Bogus patch disallows dpkg-source unpack
Guillem Jover
guillem at debian.org
Sun Jul 6 08:49:08 UTC 2014
Source: getfem++
Source-Version: 4.1.1-6
Severity: serious
Tags: wheezy
Control: fixed -1 4.2.1~beta1~svn4422~dfsg-1
Hi!
This package contains a bogus patch, which makes latest dpkg-source in
stable to be unable to correctly unpack the source, due to more strict
parsing of patches required to disallow path traversal vulnerabilities.
The broken patch has a stray @@ patch hunk marker.
Here's a simple patch fixing this. It would be nice if this could be
fixed in stable, otherwise the source cannot be unpacked normally. I'm
ready to help with such release if needed, given that the “regression”
was caused by the dpkg update. (Unstable is unaffected.)
This was found by David Suárez in an archive-wide check:
<https://lists.debian.org/debian-dpkg/2014/07/msg00002.html>
Thanks,
Guillem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: getfem++_4.1.1+dfsg1-11.1.dsc.patch
Type: text/x-diff
Size: 1021 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20140706/3de2f28d/attachment.patch>
More information about the debian-science-maintainers
mailing list