From 891ec1325de619eff19fd9d01a4bbec0ee061bc2 Mon Sep 17 00:00:00 2001
From: Frank Lichtenheld <djpig@debian.org>
Date: Sun, 29 Jan 2006 19:32:30 +0000
Subject: [PATCH] Make dpkg-source -b more robust regarding to existing
 symlinks by creating all files in secure temporary files and renaming them
 afterwards. This fixes problems with packages retrieved with apt-get source
 from local repositories. Closes: #178839, #338591

---
 ChangeLog              |  6 ++++++
 debian/changelog       |  2 ++
 scripts/dpkg-source.pl | 21 ++++++++++++++++-----
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0dcb830d..6f5462a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,12 @@
 	* scripts/dpkg-source.pl: Warn if more than one -sX switch
 	is specified on the command line.
 
+	* scripts/dpkg-source.pl: Make dpkg-source -b more robust
+	regarding to existing symlinks by creating all files
+	in secure temporary files and renaming them afterwards.
+	This fixes problems with packages retrieved with
+	apt-get source from local repositories.
+
 2006-01-29  Don Armstrong  <don@debian.org>
 
 	* scripts/dpkg-scanpackages.pl: Rewrite the script to support
diff --git a/debian/changelog b/debian/changelog
index e3432e16..8098a4eb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ dpkg (1.13.14~) UNRELEASED; urgency=low
   * Let warn dpkg-source if more than one -sX option was given and
     document the behaviour in this case in the man page.
     Closes: #246637
+  * Make dpkg-source -b more robust regarding to existing symlinks
+    by creating new files in a secure manner. Closes: #178839, #338591
 
  -- Guillem Jover <guillem@debian.org>  Sun, 29 Jan 2006 06:02:58 +0200
 
diff --git a/scripts/dpkg-source.pl b/scripts/dpkg-source.pl
index 8c1cb3ff..4306d2f9 100755
--- a/scripts/dpkg-source.pl
+++ b/scripts/dpkg-source.pl
@@ -33,8 +33,9 @@ $max_dscformat = 2;
 $def_dscformat = "1.0"; # default format for -b
 
 use POSIX;
-use POSIX qw (:errno_h :signal_h);
 use Fcntl qw (:mode);
+use File::Temp qw (tempfile);
+use Cwd;
 
 use strict 'refs';
 
@@ -338,7 +339,9 @@ if ($opmode eq 'build') {
 
         print("$progname: building $sourcepackage in $tarname\n")
             || &syserr("write building tar message");
-        &forkgzipwrite("$tarname.new");
+	my ($ntfh, $newtar) = tempfile( "$tarname.new.XXXXXX",
+					DIR => &getcwd, UNLINK => 0 );
+        &forkgzipwrite($newtar);
         defined($c2= fork) || &syserr("fork for tar");
         if (!$c2) {
             chdir($tardirbase) || &syserr("chdir to above (orig) source $tardirbase");
@@ -350,8 +353,10 @@ if ($opmode eq 'build') {
         &reapgzip;
         $c2 == waitpid($c2,0) || &syserr("wait for tar");
         $? && !(WIFSIGNALED($c2) && WTERMSIG($c2) == SIGPIPE) && subprocerr("tar");
-        rename("$tarname.new",$tarname) ||
-            &syserr("unable to rename `$tarname.new' (newly created) to `$tarname'");
+        rename($newtar,$tarname) ||
+            &syserr("unable to rename `$newtar' (newly created) to `$tarname'");
+	chmod(0666 &~ umask(), $tarname) ||
+	    &syserr("unable to change permission of `$tarname'");
 
     } else {
         
@@ -396,7 +401,9 @@ if ($opmode eq 'build') {
         
         print("$progname: building $sourcepackage in $basenamerev.diff.gz\n")
             || &syserr("write building diff message");
-        &forkgzipwrite("$basenamerev.diff.gz");
+	my ($ndfh, $newdiffgz) = tempfile( "$basenamerev.diff.gz.new.XXXXXX",
+					DIR => &getcwd, UNLINK => 0 );
+        &forkgzipwrite($newdiffgz);
 
         defined($c2= open(FIND,"-|")) || &syserr("fork for find");
         if (!$c2) {
@@ -494,6 +501,10 @@ if ($opmode eq 'build') {
         close(FIND); $? && subprocerr("find on $dir");
         close(GZIP) || &syserr("finish write to gzip pipe");
         &reapgzip;
+        rename($newdiffgz,"$basenamerev.diff.gz") ||
+            &syserr("unable to rename `$newdiffgz' (newly created) to `$basenamerev.diff.gz'");
+	chmod(0666 &~ umask(), "$basenamerev.diff.gz") ||
+	    &syserr("unable to change permission of `$basenamerev.diff.gz'");
 
         defined($c2= open(FIND,"-|")) || &syserr("fork for 2nd find");
         if (!$c2) {
-- 
2.39.5