Your message dated Sat, 12 Dec 2015 17:06:50 +0000
with message-id <[email protected]>
and subject line Bug#746467: fixed in pixz 1.0.6-1
has caused the Debian Bug report #746467,
regarding pixz creates new file with default permissions and does not preserve 
permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
746467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746467
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pixz
Version: 1.0.2-2
Severity: important
Tags: security upstream


When pixz creates a file for the result of (de)compression, it uses
default umask, so file gets created with, say, 0644 permissions.
Even if the original file we're about to (de)compress has stricter
permissions.

This way, the data can be read by others during whole (de)compression
process, which, depending on the size of the input, can be quite
slow/long.

 $ ls -l data
 -rw-r----- 1 mjt mjt  8589942784 Apr 30 13:50 data
 $ pixz data &
 $ ls -l data.xz
 -rw-r--r-- 1 mjt mjt   135106560 Apr 30 13:52 data.xz

It is even more than this: the permissions are never restored even
after the process is completed.  The final data.xz has the same
0644 permissions as the temp file:

 $ wait; ls -l data.xz
 -rw-r--r-- 1 mjt mjt   725922432 Apr 30 13:55 data.xz

So the file stays with wide-open permissions, unlike the original.

Other compressors - gzip, xz, etc - tries to preserve the permissions,
and tries to keep the new/temp file (during compression) unreadable.
That's why user does not expect the new file created by pixz to have
wider permissions than its original.

(It looks like pixz does not preserve any attributes, including the
date, and it also looks like it modifies mtime of the _source_ file
too).

--- End Message ---
--- Begin Message ---
Source: pixz
Source-Version: 1.0.6-1

We believe that the bug you reported is fixed in the latest version of
pixz, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Bremner <[email protected]> (supplier of updated pixz package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Dec 2015 12:30:46 -0400
Source: pixz
Binary: pixz
Architecture: source
Version: 1.0.6-1
Distribution: unstable
Urgency: medium
Maintainer: David Bremner <[email protected]>
Changed-By: David Bremner <[email protected]>
Description:
 pixz       - parallel, indexing XZ compressor/decompressor
Closes: 746467
Changes:
 pixz (1.0.6-1) unstable; urgency=medium
 .
   * New upstream release
   * Bug fix: "pixz creates new file with default permissions and does not
     preserve permissions", thanks to Michael Tokarev (Closes: #746467).
     See upstream commit e5ba30f9.
   * Assert compliance with policy 3.9.6
Checksums-Sha1:
 4a2e26af4c6f85e3ebcc26184a75745f21ac7afc 1641 pixz_1.0.6-1.dsc
 35cd219dda7ec5a3cb993e3ce7acdaa878fa3cca 119516 pixz_1.0.6.orig.tar.xz
 464c68b56fe8934f08802af7d28284b5ee6e6c59 2784 pixz_1.0.6-1.debian.tar.xz
Checksums-Sha256:
 7f23de8c3588fb3fc9244a20324da668d6a75f425230223b150fd36d52ac06f7 1641 
pixz_1.0.6-1.dsc
 02c50746b134fa1b1aae41fcc314d7c6f1919b3d48bcdea01bf11769f83f72e8 119516 
pixz_1.0.6.orig.tar.xz
 8db8c76438788e57784143aa8e2a49b56d075980377c481db7cf58e34cbe44d3 2784 
pixz_1.0.6-1.debian.tar.xz
Files:
 203c20b49f72832bb6fe239b9a4084c2 1641 utils optional pixz_1.0.6-1.dsc
 f6dc5909c9a31b192f69aa397ae8df48 119516 utils optional pixz_1.0.6.orig.tar.xz
 d91acf6cb04789446cf3e05499c0931b 2784 utils optional pixz_1.0.6-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCAAGBQJWbE+jAAoJEPIClx2kp54sCwwL/2ZAZOSh2puEQ0qMs0OzePp/
bFpOZGURnQQtFFM8THNulpImQ8ypZfiCtgiiUfiQ07vw1VgvQv1JEepCwhl0XQcn
z3P7NdUzXHwhf3vpawrVvXMfqzSOVM6rWILMEsr46eWk5fEMP5p5lSCV/iQtHpwt
rWFLd7vfCl9U1i+qyqsmfc8gTNvPBgbAmWQF/VMGDOrTvJJf2NkOqfF34f1aSBoC
qTbaj/UaPDUbHkau9cZALPemO+71FX5T8e4U+TAdkXnCkjtVgsi/UaQrNNnmUEXs
NzkdnUKC4qNdYLA/UJUn21HjCR1UOeUpu4G3i67jSJVxFbo5W/TQmH2UPxmXc/Ra
BoTXtB9jJ7FWqWfq/bo8nXoHzQIA0gj/jiPKiZ566W4EJCt9MFBcZXTWYQ5Y0RKU
F9n54/IZtKYtoJBY//miRIJfEvE2ALIwMlOfRX2gmAV7OcgNxnEn2ygZdLbGtW8G
AoNO2lDS6Z5xckxZ1CzMn+vSLUCq4fQMllgnVQyrPg==
=KzlI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to