Your message dated Wed, 18 May 2022 00:45:53 +0900 with message-id <CA+0c0dVme9fpgcy_6Yudnsj+=VyRa6VAFGf39Fn6tEck9zBu=q...@mail.gmail.com> and subject line Re: unrar corrupts filenames given as arguments has caused the Debian Bug report #948108, regarding unrar corrupts filenames given as arguments to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 948108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948108 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: unrar Version: 1:5.6.6-2 Severity: normal Dear Maintainer, when passing certain (archive) filenames to unrar, unrar will corrupt them and not be able to open them. The peculiar way this corruption occurs hints at possible security issues. Example: strace -feexecve,stat perl -e 'system "unrar", "x", "x\x92.rar"' Outputs, among other things: [pid 9326] execve("/bin/unrar", ["unrar", "x", "x\222.rar"], 0x5555557679f0 /* 112 vars */) = 0 [pid 9326] stat("x\222.ra", 0x7ffffffef1d0) = -1 ENOENT (No such file or directory) Cannot open x�.ra (the later filename is written like this): [pid 9390] write(2, "x", 1x) = 1 [pid 9390] write(2, "\357\277\276", 3�) = 3 [pid 9390] write(2, "\356\202\222", 3) = 3 [pid 9390] write(2, ".", 1.) = 1 [pid 9390] write(2, "r", 1r) = 1 [pid 9390] write(2, "a", 1a) = 1 [pid 9390] write(2, "\nN", 2 So somehow the \x92 character gets replaced, but also the trailing "r" (from rar) is removed. This happened in a utf-8 based locale (en_DK.UTF-8), which is probably related. Obviously, unrar should not mangle filenames, as filenames are octet-strings, not locale-encoded. -- System Information: Debian Release: 10.2 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-debug'), (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, x32 Kernel: Linux 5.4.7-050407-generic (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unrar depends on: ii libc6 2.28-10 ii libgcc1 1:9.2.1-15 ii libstdc++6 8.3.0-6 unrar recommends no packages. unrar suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Tags: wontfix This file name bug comes from conversion between wide char strings and multi byte strings. These encoding conversion has so many wired pitfalls, and there is no trivial fix. -- YOKOTA
--- End Message ---

