Your message dated Thu, 31 Dec 2020 12:50:02 +0000 with message-id <[email protected]> and subject line Bug#950319: fixed in libreoffice 1:7.0.4-1 has caused the Debian Bug report #950319, regarding libreoffice: filename replacements in mime entries for mailcap must not be quoted within the given command to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 950319: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950319 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libreoffice Version: 1:5.2.7-1+deb9u11 Severity: normal Dear Maintainer, * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? Using mutt, I created a new email, added an attachment with a file name containing spaces (a pptx file, thus libreoffice), and without sending the email yet, I tried to open that file from within mutt. * What was the outcome of this action? libreoffice opened, but complained about not finding files with each component of the filename containing spaces. Mutt used /etc/mailcap. I understand those are generated from the files DEBIAN/*.mime. Those lines look like this: application/rtf; soffice --nologo --writer '%s'; edit=soffice --nologo --writer '%s'; test=test -n "$DISPLAY"; description="Rich Text Format"; nametemplate=%s.rtf; priority=3 Note the quotes around the filename placeholder %s. What happened is that, as it should, mutt properly quoted whatever it was replacing %s with, in that case using single quote. So, in effect, the following command was executed: soffice --nologo --writer ''file with spaces'' And since '' is starting and immediately ending the quotation, libreoffice saw three arguments. * What outcome did you expect instead? The filename should have been given as one argument to libreoffice. Following #928037 and references therein, I believe that the correct solution is to not use '%s' in the mime files distributed with the Debian packages: it should just be a simple %s, no quotes. Quoting is the task of the program replacing %s. Also note, that while using quotes is likely due to security concerns, no amount of quoting can actually help here, as this very bug shows. I even believe that this is a security bug and should be fixed in stable and oldstable as well: using properly constructed filenames, commands can be injected when using these commands, due to undoing quotations done by the replacing program. Since these lines are commonly used to, e.g., display email attachments, this can be an easy way to gain access to a system just by having someone open an attachment marked to be handled by libreoffice. While this bug is submitted against oldstable, even current git includes the same definitions, e.g., see: https://salsa.debian.org/libreoffice-team/libreoffice/libreoffice/blob/master/libreoffice-writer.mime *** End of the template - remove these template lines *** -- System Information: Debian Release: 9.11 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.16.0-0.bpo.2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libreoffice depends on: ii dpkg 1.18.25 ii fonts-dejavu 2.37-1 ii libreoffice-avmedia-backend-gstreamer 1:5.2.7-1+deb9u11 ii libreoffice-base 1:5.2.7-1+deb9u11 ii libreoffice-calc 1:5.2.7-1+deb9u11 ii libreoffice-core 1:5.2.7-1+deb9u11 ii libreoffice-draw 1:5.2.7-1+deb9u11 ii libreoffice-impress 1:5.2.7-1+deb9u11 ii libreoffice-java-common 1:5.2.7-1+deb9u11 ii libreoffice-math 1:5.2.7-1+deb9u11 ii libreoffice-report-builder-bin 1:5.2.7-1+deb9u11 ii libreoffice-writer 1:5.2.7-1+deb9u11 ii python3-uno 1:5.2.7-1+deb9u11 Versions of packages libreoffice recommends: ii fonts-crosextra-caladea 20130214-1 ii fonts-crosextra-carlito 20130920-1 ii fonts-linuxlibertine 5.3.0-2 ii fonts-sil-gentium-basic 1.1-7 ii libreoffice-librelogo 1:5.2.7-1+deb9u11 ii libreoffice-nlpsolver 0.9+LibO5.2.7-1+deb9u11 ii libreoffice-ogltrans 1:5.2.7-1+deb9u11 ii libreoffice-pdfimport 1:5.2.7-1+deb9u11 ii libreoffice-report-builder 1:5.2.7-1+deb9u11 ii libreoffice-script-provider-bsh 1:5.2.7-1+deb9u11 ii libreoffice-script-provider-js 1:5.2.7-1+deb9u11 ii libreoffice-script-provider-python 1:5.2.7-1+deb9u11 ii libreoffice-sdbc-postgresql 1:5.2.7-1+deb9u11 ii libreoffice-wiki-publisher 1.2.0+LibO5.2.7-1+deb9u11 Versions of packages libreoffice suggests: ii cups-bsd 2.2.1-8+deb9u4 ii default-jre [java5-runtime] 2:1.8-58+deb9u1 ii gstreamer1.0-libav 1:1.10.4-dmo1 ii gstreamer1.0-plugins-bad 1:1.10.4-dmo2 ii gstreamer1.0-plugins-base 1.10.4-1+deb9u1 ii gstreamer1.0-plugins-good 1.10.4-1 ii gstreamer1.0-plugins-ugly 1:1.10.4-dmo1 ii hunspell-en-us [hunspell-dictionary] 20070829-7 ii hyphen-en-us [hyphen-hyphenation-patterns] 2.8.8-5 ii hyphen-sh [hyphen-hyphenation-patterns] 1:3.3.0-4+deb8u1 ii iceweasel 68.4.1esr-1~deb9u1 ii imagemagick 8:6.9.7.4+dfsg-11+deb9u7 ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-11+deb9u7 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libreoffice-gnome 1:5.2.7-1+deb9u11 pn libreoffice-grammarcheck <none> ii libreoffice-help-en-us [libreoffice-help-5.2] 1:5.2.7-1+deb9u11 pn libreoffice-l10n-5.2 <none> pn libreoffice-officebean <none> ii libsane 1.0.25-4.1 ii libxrender1 1:0.9.10-1 pn myspell-dictionary <none> ii mythes-en-us [mythes-thesaurus] 1:5.2.5-1 pn openclipart2-libreoffice | openclipart-libreoffic <none> ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1 ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1 ii pstoedit 3.70-3+b2 ii thunderbird [icedove] 1:68.4.1-1~deb9u1 pn unixodbc <none> Versions of packages libreoffice-core depends on: ii fontconfig 2.11.0-6.7+b1 ii fonts-opensymbol 2:102.7+LibO5.2.7-1+deb9u11 ii libboost-date-time1.62.0 1.62.0+dfsg-4 ii libc6 2.24-11+deb9u4 ii libcairo2 1.14.8-1 ii libclucene-contribs1v5 2.3.3.4+dfsg-1 ii libclucene-core1v5 2.3.3.4+dfsg-1 ii libcmis-0.5-5v5 0.5.1+git20160603-3+b1 ii libcups2 2.2.1-8+deb9u4 ii libcurl3-gnutls 7.52.1-5+deb9u9 ii libdbus-1-3 1.10.28-0+deb9u1 ii libdbus-glib-1-2 0.108-2 ii libdconf1 0.26.0-2+b1 ii libeot0 0.01-4+b1 ii libexpat1 2.2.0-2+deb9u3 ii libexttextcat-2.0-0 3.4.4-2+b1 ii libfontconfig1 2.11.0-6.7+b1 ii libfreetype6 2.6.3-3.2 ii libgcc1 1:6.3.0-18+deb9u1 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglew2.0 2.0.0-3+b1 ii libglib2.0-0 2.50.3-2+deb9u1 ii libgltf-0.0-0v5 0.0.2-5 ii libglu1-mesa [libglu1] 9.0.0-2.1 ii libgraphite2-3 1.3.10-1 ii libharfbuzz-icu0 1.4.2-1 ii libharfbuzz0b 1.4.2-1 ii libhunspell-1.4-0 1.4.1-2+b2 ii libhyphen0 2.8.8-5 ii libice6 2:1.0.9-2 ii libicu57 57.1-6+deb9u3 ii libjpeg62-turbo 1:1.5.1-2 ii liblangtag1 0.6.2-1 ii liblcms2-2 2.8-4+deb9u1 ii libldap-2.4-2 2.4.44+dfsg-5+deb9u3 ii libmythes-1.2-0 2:1.2.4-3 ii libneon27-gnutls 0.30.2-2 ii libnspr4 2:4.12-6 ii libnss3 2:3.26.2-1.1+deb9u1 ii libodfgen-0.1-1 0.1.6-2 ii libpcre3 2:8.39-3 ii libpng16-16 1.6.28-1+deb9u1 ii librdf0 1.0.17-1.1 ii libreoffice-common 1:5.2.7-1+deb9u11 ii librevenge-0.0-0 0.0.4-6 ii libsm6 2:1.2.2-1+b3 ii libstdc++6 6.3.0-18+deb9u1 ii libx11-6 2:1.6.4-3+deb9u1 ii libxext6 2:1.3.3-1+b2 ii libxinerama1 2:1.1.3-1+b3 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii libxrandr2 2:1.5.1-1 ii libxrender1 1:0.9.10-1 ii libxslt1.1 1.1.29-2.1+deb9u1 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libreoffice-core recommends: ii libpaper-utils 1.1.24+nmu5 Versions of packages libreoffice-writer depends on: ii dpkg 1.18.25 ii libabw-0.1-1 0.1.1-4 ii libc6 2.24-11+deb9u4 ii libe-book-0.1-1 0.1.2-4 ii libetonyek-0.1-1 0.1.6-5 ii libgcc1 1:6.3.0-18+deb9u1 ii libicu57 57.1-6+deb9u3 ii libmwaw-0.3-3 0.3.9-2 ii libodfgen-0.1-1 0.1.6-2 ii libreoffice-base-core 1:5.2.7-1+deb9u11 ii libreoffice-core 1:5.2.7-1+deb9u11 ii librevenge-0.0-0 0.0.4-6 ii libstdc++6 6.3.0-18+deb9u1 ii libwpd-0.10-10 0.10.1-5+deb9u1 ii libwpg-0.3-3 0.3.1-3 ii libwps-0.4-4 0.4.5-1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libreoffice-writer recommends: ii libreoffice-math 1:5.2.7-1+deb9u11 Versions of packages libreoffice-writer suggests: ii default-jre [java5-runtime] 2:1.8-58+deb9u1 ii fonts-crosextra-caladea 20130214-1 ii fonts-crosextra-carlito 20130920-1 ii libreoffice-base 1:5.2.7-1+deb9u11 pn libreoffice-gcj <none> ii libreoffice-java-common 1:5.2.7-1+deb9u11 ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1 ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1 Versions of packages libreoffice-calc depends on: ii coinor-libcbc3 2.8.12-1+b2 ii coinor-libcoinmp1v5 1.7.6+dfsg1-2 ii coinor-libcoinutils3v5 2.9.15-4 ii dpkg 1.18.25 ii libatlas3-base [liblapack.so.3] 3.10.3-1+b1 ii libblas3 [libblas.so.3] 3.7.0-2 ii libboost-filesystem1.62.0 1.62.0+dfsg-4 ii libboost-iostreams1.62.0 1.62.0+dfsg-4 ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-11+deb9u4 ii libetonyek-0.1-1 0.1.6-5 ii libgcc1 1:6.3.0-18+deb9u1 ii libicu57 57.1-6+deb9u3 ii liblapack3 [liblapack.so.3] 3.7.0-2 ii liblcms2-2 2.8-4+deb9u1 ii libmwaw-0.3-3 0.3.9-2 ii libodfgen-0.1-1 0.1.6-2 ii liborcus-0.11-0 0.11.2-3+b1 ii libreoffice-base-core 1:5.2.7-1+deb9u11 ii libreoffice-core 1:5.2.7-1+deb9u11 ii librevenge-0.0-0 0.0.4-6 ii libstdc++6 6.3.0-18+deb9u1 ii libwps-0.4-4 0.4.5-1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii lp-solve 5.5.0.15-4+b1 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libreoffice-calc suggests: ii ocl-icd-libopencl1 2.2.11-1 Versions of packages libreoffice-base depends on: ii dpkg 1.18.25 ii libc6 2.24-11+deb9u4 ii libgcc1 1:6.3.0-18+deb9u1 ii libreoffice-base-core 1:5.2.7-1+deb9u11 ii libreoffice-base-drivers 1:5.2.7-1+deb9u11 ii libreoffice-core 1:5.2.7-1+deb9u11 ii libstdc++6 6.3.0-18+deb9u1 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 Versions of packages libreoffice-base recommends: ii default-jre [java5-runtime] 2:1.8-58+deb9u1 ii libreoffice-java-common 1:5.2.7-1+deb9u11 ii libreoffice-writer 1:5.2.7-1+deb9u11 ii openjdk-11-jre [java5-runtime] 11.0.5+10-1~bpo9+1 ii openjdk-8-jre [java5-runtime] 8u232-b09-1~deb9u1 Versions of packages libreoffice-base suggests: pn libreoffice-gcj <none> ii libreoffice-report-builder 1:5.2.7-1+deb9u11 pn unixodbc <none> Versions of packages libreoffice-draw depends on: ii dpkg 1.18.25 ii libavahi-client3 0.6.32-2 ii libavahi-common3 0.6.32-2 ii libc6 2.24-11+deb9u4 ii libcdr-0.1-1 0.1.3-3+b1 ii libdbus-1-3 1.10.28-0+deb9u1 ii libdbus-glib-1-2 0.108-2 ii libfreehand-0.1-1 0.1.1-2 ii libgcc1 1:6.3.0-18+deb9u1 ii libglib2.0-0 2.50.3-2+deb9u1 ii libicu57 57.1-6+deb9u3 ii liblcms2-2 2.8-4+deb9u1 ii libmspub-0.1-1 0.1.2-4+b1 ii libmwaw-0.3-3 0.3.9-2 ii libodfgen-0.1-1 0.1.6-2 ii libpagemaker-0.0-0 0.0.3-2 ii libreoffice-core 1:5.2.7-1+deb9u11 ii librevenge-0.0-0 0.0.4-6 ii libstdc++6 6.3.0-18+deb9u1 ii libvisio-0.1-1 0.1.5-4+b1 ii libwpd-0.10-10 0.10.1-5+deb9u1 ii libwpg-0.3-3 0.3.1-3 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libreoffice-impress depends on: ii dpkg 1.18.25 ii libc6 2.24-11+deb9u4 ii libetonyek-0.1-1 0.1.6-5 ii libgcc1 1:6.3.0-18+deb9u1 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglew2.0 2.0.0-3+b1 ii libglu1-mesa [libglu1] 9.0.0-2.1 ii libmwaw-0.3-3 0.3.9-2 ii libodfgen-0.1-1 0.1.6-2 ii libreoffice-core 1:5.2.7-1+deb9u11 ii libreoffice-draw 1:5.2.7-1+deb9u11 ii librevenge-0.0-0 0.0.4-6 ii libstdc++6 6.3.0-18+deb9u1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages libreoffice-impress recommends: ii libreoffice-avmedia-backend-gstreamer 1:5.2.7-1+deb9u11 Versions of packages libreoffice-impress suggests: ii bluez 5.43-2+deb9u1 Versions of packages libreoffice-math depends on: ii dpkg 1.18.25 ii fonts-opensymbol 2:102.7+LibO5.2.7-1+deb9u11 ii libc6 2.24-11+deb9u4 ii libgcc1 1:6.3.0-18+deb9u1 ii libreoffice-core 1:5.2.7-1+deb9u11 ii libstdc++6 6.3.0-18+deb9u1 ii uno-libs3 5.2.7-1+deb9u11 ii ure 5.2.7-1+deb9u11 -- no debconf information
--- End Message ---
--- Begin Message ---Source: libreoffice Source-Version: 1:7.0.4-1 Done: Rene Engelhard <[email protected]> We believe that the bug you reported is fixed in the latest version of libreoffice, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Rene Engelhard <[email protected]> (supplier of updated libreoffice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 31 Dec 2020 13:00:06 +0100 Source: libreoffice Architecture: source Version: 1:7.0.4-1 Distribution: unstable Urgency: medium Maintainer: Debian LibreOffice Maintainers <[email protected]> Changed-By: Rene Engelhard <[email protected]> Closes: 950319 978713 Changes: libreoffice (1:7.0.4-1) unstable; urgency=medium . * LibreOffice 7.0.4 final release (identical to rc2) . * debian/patches/pdfium-m68k.diff: fix pdfium build on m68k . * debian/rules, debian/control*in: s/noinsttests/noinsttest/, thanks lintian * debian/rules: - revert clang (>= 1:11) build-dep for buster-backports; doesn't exist in buster and we resort back to gcc - don't rm LICENSE.html, it is used by Help -> License Information -> Show License * debian/control.mediawiki.in: remove Homepage: (closes: #978713) * debian/*.mime: stop quoting %s (closes: #950319) Checksums-Sha1: bafc52afa913a82235c3ec27b7513acda11b1e25 31313 libreoffice_7.0.4-1.dsc cdbd0cc8c305db165d117e12de86c93e98d6e7c3 110142616 libreoffice_7.0.4.orig-helpcontent2.tar.xz 12a5024b20272d8e20d6d503bfbb46c35b6c4d1e 176691588 libreoffice_7.0.4.orig-translations.tar.xz 8ffff9e324ec3b72ef521cfaea9600b783d0c53c 236477520 libreoffice_7.0.4.orig.tar.xz 66cea38b1450e5527dba5f074733ac937e0bc029 833 libreoffice_7.0.4.orig.tar.xz.asc a2a4051ad95e1c9bf59f498a42f96bc317006743 19482816 libreoffice_7.0.4-1.debian.tar.xz 127b2d7dbe648bd01bffcf7e54501be15b8baf59 36129 libreoffice_7.0.4-1_source.buildinfo Checksums-Sha256: 016cd4e4eff2f2dc61e05befd4d0c6f27fc3d905a9e0ebf2b2e220bbdc0e297e 31313 libreoffice_7.0.4-1.dsc 8311462f214e27841ba4970bbae518b9a4b2088380877b8dff5e2005587357c1 110142616 libreoffice_7.0.4.orig-helpcontent2.tar.xz 28d7421771af20a310983dec5c64da8103eb6a159e098c6e5f1a1c1e6731e146 176691588 libreoffice_7.0.4.orig-translations.tar.xz 9fa9d2cc8d02f12b1f302b93056d5c0ff986090a6f309bafa506ba53779f2abd 236477520 libreoffice_7.0.4.orig.tar.xz 773a0034f2f4a26e3e285ac605e704df6d90b06722af64b95e42ea4452a34b91 833 libreoffice_7.0.4.orig.tar.xz.asc d777eaeb9ab118ed6db7aebb9da2c5e73be54a5c8caa6a777e50031eed04418c 19482816 libreoffice_7.0.4-1.debian.tar.xz c2b426060f7e9d5551b49c0b757794c74a3bc6482ee1e47ff828b8a057750fa2 36129 libreoffice_7.0.4-1_source.buildinfo Files: ea183a7b0e085ab932596a50f021936a 31313 editors optional libreoffice_7.0.4-1.dsc f76a9b75c5b2e334751b3bda4c3bce9c 110142616 editors optional libreoffice_7.0.4.orig-helpcontent2.tar.xz ec39192b68eabc0b56405a96f31bc165 176691588 editors optional libreoffice_7.0.4.orig-translations.tar.xz cad93ef2c87928b5a2971ae7e6474fe1 236477520 editors optional libreoffice_7.0.4.orig.tar.xz 95f6830c549f3393ac49f0c743ba9a20 833 editors optional libreoffice_7.0.4.orig.tar.xz.asc 8985c4febd01c61dd5c12cd34b3df58f 19482816 editors optional libreoffice_7.0.4-1.debian.tar.xz 8d20907e2dc54c14f726f967943b525c 36129 editors optional libreoffice_7.0.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAl/twcAQHHJlbmVAZGVi aWFuLm9yZwAKCRAKoEVx0D4+cIUvEADAjtV+leJ56FFWkPjEq6d5s8clhY1Znstm IjTFjgNJ4PE1jFOIewjU5K2yanxunNHg/w4pior+CcFVEvGLd4fmBPb1Eh+LWDq+ QjkXeISl54WntW97CibV05FT+tMC5kALhaErakB/0/O5qCkLl2n0Wg4jNAihTy8e Go6X+7ABSaiSMV/chVN5oopFQj+vXxL6+basL+VRe/QlYu05QDf4i7/Fqgnd2bmv I1F6+YmS4Q6gSwx/NwQNErL+uXmcGtESbk3Oz8Yua6LRUlzOV+GrJfGMr0spMGvR 0rJIvXyM699hKjxURcB1ytlB3TWKnmuIbkkCqgAGo1bC2agMeZ2wU8AyqU0+Iz/n +tomG7OJP2l1CsH02p/fqpA4hrUkz4oat2QY9Su9Cj2KDarmdGaJJTYN5e1fhZpi F1f3cbTZKGgVhGs50pBLW9QVv4l1lpXrRKrfXOQGYX4gENQCp5O+3GO7SnMOJRJP w3KTgwa0CxT/Dga/0DDlEhs9/KOJvWS9m2puywcn0kqaEi7PCefTOHo5DhXcRjOB 2xSbhOOjp0Wg499MahrWHfqB7/7pYdPJ6jZ/mN43OBM4zlZIdzsIVHGWpVndfgpA Ep+QKGiLniow+vQ6L3BUxqbWbNQkTwZR6dCUhilMWCBpmUl8utK07h50KlAXq8zG O14HuOJLew== =KM7a -----END PGP SIGNATURE-----
--- End Message ---
