Your message dated Fri, 03 Jan 2025 06:04:15 +0000
with message-id <[email protected]>
and subject line Bug#1091693: fixed in 7zip 24.09+dfsg-3
has caused the Debian Bug report #1091693,
regarding document "7z a"/"7z d" behavior
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1091693: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091693
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: 7zip
Version: 24.09+dfsg-2
Severity: grave
Dear Maintainer,
The 7z program in the "7zip" package has a
dangerous default behavior. When only one file
name argument is given, 7z uses that file as the
archive name and starts archiving the files and
directories in the current working directory.
In other words, the command:
7z a archive
behaves exactly the same as the commands:
7z a archive *
7z a archive .
This is DANGEROUS as it may lead to unintended
out of space disk errors. In contrast, other
common archival tools default to doing nothing
when only one file name is given.
This bug should be fixed ASAP. If not, please
considering removing the 7zip package from the
Debian repository until the bug is fixed.
Below is an example sequence of commands that
will demonstrate this "oddity" of 7z's default
behavior in comparison to other GNU/Linux
command-line archival tools.
It can be copied and placed into a file named
"test.sh" and run as a bash or zsh script.
(Note: the packages "zpaq", "bsdtar", "zip" and
"busybox" might need to be installed.)
# BEGIN TEST SCRIPT
mkdir Working_Dir.d
# change to working directory
cd Working_Dir.d
zpaq add Test_Archive
bsdtar cf Test_Archive
tar cf Test_Archive
zip Test_Archive
busybox cf Test_Archive
7z a Test_Archive
# change to parent directory
cd ..
echo "Only 7z outputs an empty archive."
ls Working_Dir.d/*
# END TEST SCRIPT
A more severe case of this weird default behavior
is when using the "7z rn" (rename) function.
When only one file name argument is supplied,
"7z rn" behaves exactly like "7z a".
For example, the command "7z rn archive.7z"
wiil create the file "archive.7z", if it doesn't
exist, and archive the files and directories in
the current working directory.
If a valid 7z archive named "archive.7z" already
exists, the "7z rn" command will use that archive
and do the same (i.e. add files and directories
from the current directory).
This has the potential of clobbering (replacing)
old versions in the existing archive.
I feel that, under the Debian bug reporting
guidelines this merits the severity level "grave"
(https://www.debian.org/Bugs/Developer#severities)
as this would result in "data loss" (e.g. the
current version of a file in the filesystem
might be damaged).
I quote:
grave: makes the package in question unusable
by most or all users, or causes data loss, or
introduces a security hole allowing access to
the accounts of users who use the package.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (900, 'testing'), (90, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 6.11.10-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_SG.UTF-8, LC_CTYPE=en_SG.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages 7zip depends on:
ii libc6 2.40-4
ii libgcc-s1 14.2.0-8
ii libstdc++6 14.2.0-8
7zip recommends no packages.
Versions of packages 7zip suggests:
pn 7zip-rar <none>
pn 7zip-standalone <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: 7zip
Source-Version: 24.09+dfsg-3
Done: YOKOTA Hiroshi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
7zip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
YOKOTA Hiroshi <[email protected]> (supplier of updated 7zip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Jan 2025 12:51:08 +0900
Source: 7zip
Architecture: source
Version: 24.09+dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: YOKOTA Hiroshi <[email protected]>
Changed-By: YOKOTA Hiroshi <[email protected]>
Closes: 1091693
Changes:
7zip (24.09+dfsg-3) unstable; urgency=medium
.
* Add note for unexpected recursive operations behavior (Closes: #1091693)
* Add note for unexpected recursive operations behavior to usage text
* Rediff patches
* Rediff patches
Checksums-Sha1:
db821722420836710d6169ef308c6d61e640a8a9 1982 7zip_24.09+dfsg-3.dsc
3b18465c1138bad819a3dfa63ea85548240de51a 16732 7zip_24.09+dfsg-3.debian.tar.xz
b859d18accfcac8ada1ba94563a40ce5a97e2593 5577
7zip_24.09+dfsg-3_source.buildinfo
Checksums-Sha256:
7b2672c41099e243ea013e5f6326adcd34bbd9164e893e46574c24d5b21afb6a 1982
7zip_24.09+dfsg-3.dsc
742a898781dc0ee10919d63efffcc49b03a54d0f5e1b58d730623d91133b0005 16732
7zip_24.09+dfsg-3.debian.tar.xz
e36cbe61fd0b1589f7bbcd18b08f981c0eadf53f93ebcb24e573f07d86604055 5577
7zip_24.09+dfsg-3_source.buildinfo
Files:
e14797112e12b035c8f1cecbed3c6899 1982 utils optional 7zip_24.09+dfsg-3.dsc
b807ac84ecb82cf3a191977d6059cd5f 16732 utils optional
7zip_24.09+dfsg-3.debian.tar.xz
233c6c92b7cc51bcb4a5707de715b745 5577 utils optional
7zip_24.09+dfsg-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEErjlfKHqxT11VFyPEqem2T5LebcoFAmd3dxUWHHlva290YS5o
Z21sQGdtYWlsLmNvbQAKCRCp6bZPkt5tyjcZD/wKcJer7QU1eCuLhcp14a4YSw++
ZDByn3Gve4qwVvNGrBJQItg2l//JpOaO5f+BL4GOLZHH2k7SGgkVV+FfwZ2ybTN2
9kKOWqYWI5qswUGrUK7yyAog9y7g5whHW71l2GavCEFVEKfv4H3Z+o3qImf4WyK7
oczdjK9JRys0lBDBisjo2IZUa19ijQKHS/YprZpKnmr1OYOoK4qUysOHpcFyazCc
EO3wqgnBdSvzZeV73dw3zU5QWSD6ysR3Kd++pNlJLSX1X+xnJSi1pY8a3fRxgBks
+F9Ua69dMfibjwaHpvTX9oDD88MY0kVcZKSqNxBZM+nuNLaAZXL56tICh4WXdm6N
5ZMfnOaVVgyscSLWgruGNF5iIXTEthbPKh7ZBqZxsMOQFNiXBgh3RiLBgSiFGOCe
rWnoIrHZ27KBoQXqPBNPwh4liJs2+uD4RcNvt5UW+0P7tMvOlcFQKzOIT1n/KJNU
AhjsvQZ9TjKTB8j0AfbunENjYW0TMrjn+IXTb1f8lcaSwP6D6aWa2yXbako1rw2C
XuxIvQjBw6eaqGDYWCRTU/4Am1VPdAC9ZbGAY2gP6BAJWYwl7RAp5AivUqrNSW95
KDopFCKB0O6IFDgBiiuAoqG1phnSJ1xO76xgdZiZZuLFG1UpPsHsLnd8xjS6VTsd
P9S/S1aSV8Uuszzw8A==
=PiJ7
-----END PGP SIGNATURE-----
pgpirhZeCrPks.pgp
Description: PGP signature
--- End Message ---
