From 872504c016c3e682b5acb4164886ae3669e1d30d Mon Sep 17 00:00:00 2001 From: Sérgio M. Basto Date: Jul 29 2018 10:15:30 +0000 Subject: Security fix: directory traversal via /DEBIAN symlink --- diff --git a/.gitignore b/.gitignore index 64b68eb..3a80b9f 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ dpkg_1.15.5.6.tar.bz2 /dpkg_1.18.15.tar.xz /dpkg_1.18.22.tar.xz /dpkg_1.18.24.tar.xz +/dpkg_1.18.25.tar.xz diff --git a/dpkg.spec b/dpkg.spec index 33cf045..dd4ebf1 100644 --- a/dpkg.spec +++ b/dpkg.spec @@ -2,8 +2,8 @@ %global pkgdatadir %{_datadir}/dpkg Name: dpkg -Version: 1.18.24 -Release: 9%{?dist} +Version: 1.18.25 +Release: 1%{?dist} Summary: Package maintenance system for Debian Linux Group: System Environment/Base # The entire source code is GPLv2+ with exception of the following @@ -17,6 +17,7 @@ URL: https://tracker.debian.org/pkg/dpkg Source0: http://ftp.debian.org/debian/pool/main/d/dpkg/%{name}_%{version}.tar.xz Patch1: dpkg-fix-logrotate.patch Patch2: dpkg-perl-libexecdir.epel6.patch + BuildRequires: gcc-c++ BuildRequires: zlib-devel bzip2-devel libselinux-devel gettext ncurses-devel BuildRequires: autoconf automake gettext-devel libtool @@ -159,6 +160,7 @@ user interfaces. %if 0%{?rhel} && 0%{?rhel} < 7 %patch2 -p1 %endif + # Filter unwanted Requires: cat << \EOF > %{name}-req #!/bin/sh @@ -449,6 +451,10 @@ create_logfile %changelog +* Sun Jul 29 2018 Sérgio Basto - 1.18.25-1 +- Update dpkg to 1.18.25 +- Security fix: directory traversal via /DEBIAN symlink + * Sun Jul 29 2018 Sérgio Basto - 1.18.24-9 - Requires(post): coreutils (#1598872) diff --git a/sources b/sources index 50dfe94..4870415 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (dpkg_1.18.24.tar.xz) = 74df36a49a1b6b2243db14bd7ee0b69e50c2f0e79fc87e86e9b3cba2261fb717e421f7190a3ba54b4680a2f83855e5857dcb2625aa56847133258567392f1d42 +SHA512 (dpkg_1.18.25.tar.xz) = a26907c32ea02044d8729b70996b786204d3ce89ac294a8422b009688ab9bf886f593cb37430e84593dec2c26cfbc01a458d47fbda749decdf8acbfb72e07bb3