Re: RFS: isomaster
* David Johnson <dj@david-web.co.uk> [070317 18:07]:
> On Saturday 17 March 2007 16:24, I wrote:
> >
> > I'll need to look into the CFLAGS issue; the other items you mention I can
> > fix easily. If nobody else finds anything further, I'll re-upload once I've
> > fixed those identified so far.
> >
> OK, I reckon I've fixed the issues thus identified and have re-uploaded. I'd
> appreciate it if people could take another look.
> [...]
> http://mentors.debian.net/debian/pool/main/i/isomaster/isomaster_0.8-1.dsc
I was almost complaining that the .orig.tar is still not original, but
then I realized your upstream changed (without changing the version or
the filename) and your current .orig.tar is indeed the same as the
current upstream .tar.
Some things left to do:
1) While the main directory now builds with -g, the subdirectories still
do not. (And not with -O2 (resp. -O0 when noopt is given in DEB_BUILD_OPTIONS))
2) There is a little security bug when extracing:
If an .iso contains a symlink and a file of same name in that
directory, extracting will write that file to where the symlink is.
(To test: create with isomaster a image containing a directory
harmless, in which a symlink foobar to ../.ssh/authorized_keys is
and a file foobaz which contains some data. Save it and edit the
generated .iso file to rename foobaz in foobar. Then open the
image with isomaster and tell it to extract the harmless directory
out of it. There is some question, but that does not look very
dangerous to answer yes to for non-paranoid people).
This is a minor problem as I doubt much people will use it to extract
things from .iso files they get from untrusted sources. But I think
it should be fixed nevertheless before putting it in Debian.
Hochachtungsvoll,
Bernhard R. Link
P.S: some minor bugs you could tell upstream:
- clicking on extract while nothing is selected gives:
(isomaster:12327): Gtk-CRITICAL **: gtk_widget_destroy: assertion `GTK_IS_WIDGET (widget)' failed
- it's quite verbose on stdout by default when saving images
- it should warn against creating directories called . or .. in the iso
Reply to: