Your message dated Sat, 22 Jul 2017 13:18:56 +0100
with message-id <1500725936.14212.4.ca...@adam-barratt.org.uk>
and subject line Closing bugs for 8.9 fixes
has caused the Debian Bug report #863953,
regarding jessie-pu: package xarchiver/1:0.5.4-1+deb8u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
863953: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863953
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
Hi,
I would like to update xarchiver in Jessie. It was discovered that
data loss could occur when an archive name contained shell
metacharacters. [1]
Please find attached the debdiff.
Regards,
Markus
[1] https://bugs.debian.org/862593
diff -Nru xarchiver-0.5.4/debian/changelog xarchiver-0.5.4/debian/changelog
--- xarchiver-0.5.4/debian/changelog 2016-05-15 00:05:35.000000000 +0200
+++ xarchiver-0.5.4/debian/changelog 2017-06-02 10:29:41.000000000 +0200
@@ -1,3 +1,15 @@
+xarchiver (1:0.5.4-1+deb8u2) jessie; urgency=medium
+
+ [ Chris Lamb ]
+ * Fix data-loss issue where adding files to a tar-based archive removed all
+ existing content when the target filename included shell metacharacters.
+ The test to see whether it already existed to determine whether to create
+ a new archive or simply add a new file incorrectly used an escaped path.
+ Thanks to Nikolaus Rath for the report and Chris Lamb for the patch.
+ (Closes: #862593)
+
+ -- Markus Koschany <a...@debian.org> Fri, 02 Jun 2017 10:29:41 +0200
+
xarchiver (1:0.5.4-1+deb8u1) jessie; urgency=medium
* Add cancel-extraction-crash.patch.
diff -Nru
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch
---
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch
1970-01-01 01:00:00.000000000 +0100
+++
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch
2017-06-02 10:29:41.000000000 +0200
@@ -0,0 +1,61 @@
+Description: Pass unescaped filenames to g_file_test
+Author: Chris Lamb <la...@debian.org>
+Last-Update: 2017-05-19
+Debian-Bug: #862593
+
+--- xarchiver-0.5.4.orig/src/tar.c
++++ xarchiver-0.5.4/src/tar.c
+@@ -197,7 +197,7 @@ void xa_tar_add (XArchive *archive,GStri
+ switch (archive->type)
+ {
+ case XARCHIVETYPE_TAR:
+- if ( g_file_test (archive->escaped_path,G_FILE_TEST_EXISTS))
++ if ( g_file_test (archive->path,G_FILE_TEST_EXISTS))
+ command = g_strconcat (tar, " ",
+
archive->add_recurse ? "" : "--no-recursion ",
+
archive->remove_files ? "--remove-files " : "",
+@@ -213,7 +213,7 @@ void xa_tar_add (XArchive *archive,GStri
+ break;
+
+ case XARCHIVETYPE_TAR_BZ2:
+- if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS )
)
++ if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+ xa_add_delete_bzip2_gzip_lzma_compressed_tar
(files,archive,1);
+ else
+ command = g_strconcat (tar, " ",
+@@ -224,7 +224,7 @@ void xa_tar_add (XArchive *archive,GStri
+ break;
+
+ case XARCHIVETYPE_TAR_GZ:
+- if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS )
)
++ if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+ xa_add_delete_bzip2_gzip_lzma_compressed_tar
(files,archive,1);
+ else
+ command = g_strconcat (tar, " ",
+@@ -235,7 +235,7 @@ void xa_tar_add (XArchive *archive,GStri
+ break;
+
+ case XARCHIVETYPE_TAR_LZMA:
+- if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS )
)
++ if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+ xa_add_delete_bzip2_gzip_lzma_compressed_tar
(files,archive,1);
+ else
+ command = g_strconcat (tar, " ",
+@@ -246,7 +246,7 @@ void xa_tar_add (XArchive *archive,GStri
+ break;
+
+ case XARCHIVETYPE_TAR_XZ:
+- if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS )
)
++ if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+ xa_add_delete_bzip2_gzip_lzma_compressed_tar
(files,archive,1);
+ else
+ command = g_strconcat (tar, " ",
+@@ -257,7 +257,7 @@ void xa_tar_add (XArchive *archive,GStri
+ break;
+
+ case XARCHIVETYPE_TAR_LZOP:
+- if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS )
)
++ if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+ xa_add_delete_bzip2_gzip_lzma_compressed_tar
(files,archive,1);
+ else
+ command = g_strconcat (tar, " ",
diff -Nru xarchiver-0.5.4/debian/patches/series
xarchiver-0.5.4/debian/patches/series
--- xarchiver-0.5.4/debian/patches/series 2016-05-15 00:05:35.000000000
+0200
+++ xarchiver-0.5.4/debian/patches/series 2017-06-02 10:29:41.000000000
+0200
@@ -1,3 +1,4 @@
desktop-file.patch
encrypted-7z-archives.patch
cancel-extraction-crash.patch
+pass-unescaped-filenames-to-g_file_test.patch
--- End Message ---
--- Begin Message ---
Version: 8.9
Hi,
These bugs all relate for updates which were included in today's jessie
point release.
Regards,
Adam
--- End Message ---
