Bug#1041329: marked as done (debconf-set-selections mishandles funny filenames)

Sun, 24 Dec 2023 04:54:14 -0800 

Your message dated Sun, 24 Dec 2023 12:49:59 +0000
with message-id <[email protected]>
and subject line Bug#1041329: fixed in debconf 1.5.83
has caused the Debian Bug report #1041329,
regarding debconf-set-selections mishandles funny filenames
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1041329: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: debconf
Version: 1.5.77
Severity: important

debconf-set-selections(1) does various funny things if a filename contains
characters that are not usually used in filenames:

# echo > '>t0'
# ls -l
total 4
-rw-rw-r-- 1 root root 1 Jul 17 14:47 '>t0'
# debconf-set-selections '>t0'
# ls -l
total 4
-rw-rw-r-- 1 root root 1 Jul 17 14:47 '>t0'
-rw-rw-r-- 1 root root 0 Jul 17 14:48  t0
# echo > 't1 '
# debconf-set-selections 't1 '
Can't open t1 : No such file or directory at /usr/bin/debconf-set-selections 
line 114.
# echo > '|echo wibble'
# debconf-set-selections '|echo wibble'
wibble
#

These arise from its use of the <> Perl operator, which is not suitable
for the implementation of a read-from-list-of-files kind of command.
Because the range of misbehaviour includes writing to arbitrary files
and running arbitrary commands, this is a more severe bug than normal.

-zefram

--- End Message ---
--- Begin Message --- 
Source: debconf
Source-Version: 1.5.83
Done: Colin Watson <[email protected]>

We believe that the bug you reported is fixed in the latest version of
debconf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated debconf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 24 Dec 2023 12:34:57 +0000
Source: debconf
Architecture: source
Version: 1.5.83
Distribution: unstable
Urgency: medium
Maintainer: Debconf Developers <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1041329
Changes:
 debconf (1.5.83) unstable; urgency=medium
 .
   [ Ani Hay ]
   * Recompress debian-logo.png.
 .
   [ Alexandre Detiste ]
   * debconf.py: Add typing information to ease apt-listchanges testing.
   * Rename debian/postinst to debian/debconf.postinst for debhelper 14/15
     compatibility.
 .
   [ Colin Watson ]
   * Avoid Perl's unsafe "<>" operator (closes: #1041329).
Checksums-Sha1:
 ae2faf5d994241f0f50d0775228731b637d41b0e 2035 debconf_1.5.83.dsc
 c675546a898f4bee081d5e00bd96e1c94a1b523d 571476 debconf_1.5.83.tar.xz
Checksums-Sha256:
 07b630b78ed15cceccf022f309b45ded9ea68490424954402bcb110b669bc86d 2035 
debconf_1.5.83.dsc
 8f894d4649c0b46214e7c098734ba42d0e3b7d83a4db224d01ea9b76dc4e7bc0 571476 
debconf_1.5.83.tar.xz
Files:
 351a10fc15190e85f56ac744acf00afe 2035 admin optional debconf_1.5.83.dsc
 cc6bbae32266ba8c61d8f7cb76b69f8b 571476 admin optional debconf_1.5.83.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmWIJaEACgkQOTWH2X2G
UAtOrg//SBF+xAuwFxr1mizcBqlKz23ZClDynxk60FBxAFGR+LuEed3GYskrpZBE
hutxm5DhdU3OCVxiF5I/J1FZMtlC5v1DH1hEDx8WdfJ7AkF3c7ZtlicYxwNZo4Yi
BKf6Wnw/QmdCTNQx4d/eyp+/kwqt6gw8MnO+eEkJmPZyjOBvsQ9AOF9aq8OGZzkQ
taSBEqLTJJzp+eBXn6dLllhnb0xDDbnSfHGLnxMYjAC+8ZXEi3tHa+BcuASVC6Zt
hldi/mDwBnD99WOLeXb3Y8Wg9aGlb0s6GefeJycihg3J1swwJ82dQ488igFqfV5h
q/JQSBl34utC6KiXB4EA9fJuE8qOJVsecInoOAhk2Q4zoxfKfPXtamjGRSAFDQ8/
E6g4W9idPbHuvSfTnuukZK787V7gAE7GtIpgzAwltD0Ba1Kcu6bXqkkG1IuGoPK8
pFMZi4mDwbS1W0r9nZU7qTImFL2cGlV0tMVGjg3EdwHrMByD9wlfu7nu/5qzTF/p
RhqEkcT688UH5wgx7v29WBW+URDMwPOqNt90D3PEkPgXT36U29ZxmLdZwzrpF5Ga
y8vDLL8bO30s1boV7cZ3RtbEIDGm3Ys3YBvCwui/exehhKT9CQqRtALRNZ5JMVYF
gNSS3n8nMuO7LNEq+MAqHAu6C5RMDFuramlwWdu7EotTJA43EQM=
=C77Y
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to