Bug#737160: [uupdate] symlink directory traversal

[Jakub Wilk]

* Jakub Wilk <jwilk at debian.org>, 2014-02-23, 12:11:
>Perhaps a more viable way would be to construct a temporary new source 
>package, and let dpkg-source deal with all the corner cases of 
>unpacking it?

Now I realized that this won't work, because dpkg-source insist that 
patches apply without fuzz.

So here's a different strategy, similar to what tar(1) implements to 
defend against symlink attacks:

1) Unpack .orig.tar.
2) Delete all symlinks (and maybe also other non-regular files).
3) Apply the diff.
4) Restore all the files deleted in step 2.

-- 
Jakub Wilk