On Sun, Jul 24, 2005, Matthias Kurz wrote: > On Sun, Jul 24, 2005, Ralf S. Engelschall wrote: > > > On Sun, Jul 24, 2005, Matthias Kurz wrote: > > > > > There is something wrong. I guess with the patch, but i do not know > > > the background... > > > > > > Well, the problem is that when a path to a file is given the result > > > ends in the current dir and not in the "original" dir. > > > Example: gzip /foo/bar/baz creates ./baz.gz instead of /foo/bar/baz.gz > > > > Yes, AFAIK this nasty semantic change is > > part of the security fix corresponding to > > http://www.openpkg.org/security/OpenPKG-SA-2005.009-gzip.html Hmmm... > > I'm wondering how one can adjust the patch to still fix the security > > issue and keep the old semantics...? > > Wasn't the problem the usage of the '-N' option ? So, what is done > should probably only done when '-N' was given.
I still did not look in the code, but perhaps it is possible to set a flag when the name is _really_ taken from the archive. I don't know how the semantics should be when '-N' is given and there is no name in the archive. I'd say it should work as if the '-N' was not given. It still cripples the behaviour with '-N' - but i never heard about this option before, anyway. Hmmm, the best would be to _remove_ the '-N' option :) Else, the only solution i can see is to inform the user about the problem and point to the option (it has to be created when it does not exist) that _lists_ the stored filenames. (mk) -- Matthias Kurz; Fuldastr. 3; D-28199 Bremen; VOICE +49 421 53 600 47 >> Im prämotorischen Cortex kann jeder ein Held sein. (bdw) << ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List openpkg-dev@openpkg.org