scripts: Add test case for patch disabling hunks

This does not pose any security issue, as the hunk parser is strict, and
will reject a patch if it considers that the hunk marker is not present.

debian/changelog

@@ -14,6 +14,7 @@ dpkg (1.17.10) UNRELEASED; urgency=low
     - Add test cases for Dpkg::Deps OR relationships.
     - Add minimal test case for Dpkg::Source::Quilt.
     - Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
+    - Add test case for patch disabling hunks; not security sensitive.
   * Fix non-security sensitive TOCTOU race in triggers database loading.
   * Fix non-security sensitive TOCTOU race in update-alternative alternative
     database loading.

scripts/Makefile.am

@@ -257,6 +257,7 @@ test_data = \
 	t/Dpkg_Shlibs/objdump.dbd-pg \
 	t/Dpkg_Shlibs/objdump.ls \
 	t/Dpkg_Source_Patch/c-style.patch \
+	t/Dpkg_Source_Patch/ghost-hunk.patch \
 	t/Dpkg_Source_Patch/index-+++.patch \
 	t/Dpkg_Source_Patch/index-alone.patch \
 	t/Dpkg_Source_Patch/index-inert.patch \

scripts/t/Dpkg_Source_Patch.t

@@ -16,7 +16,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 8;
+use Test::More tests => 9;
 
 use File::Path qw(make_path);
 
@@ -64,4 +64,7 @@ ok(-e "$tmpdir/index-inert-tree/inert-file",
 test_patch_escape('partial', 'symlink', 'partial.patch',
                   'Patch cannot escape using partial +++ header');
 
+test_patch_escape('ghost-hunk', 'symlink', 'ghost-hunk.patch',
+                  'Patch cannot escape using a disabling hunk');
+
 1;

scripts/t/Dpkg_Source_Patch/ghost-hunk.patch

@@ -0,0 +1,7 @@
+--- a/disable/partial-file
++++ b/disable/partial-file
+@@ -0,0 +1,1 @@disable
++++ b/symlink/hunk-file
+--- a/symlink/hunk-file
+@@ -0,0 +1,1 @@
++Escaped