[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: vfu (updated package)

Hi

2008/5/31 Vincent Bernat <bernat@debian.org>:
> OoO En  cette soirée bien amorcée  du vendredi 30 mai  2008, vers 22:42,
> "William Vera" <billy@billy.com.mx> disait:
>
>>>> In fact, is not a bug, because vfu say 'support' for list and read,
>>>> does not depend on them (unzip, bzip2, etc) for build o run the
>>>> program.
>>>
>>> Well, without unzip,  vfu is unable to read a zip  file. Without tar and
>>> gzip, it is not  able to read a tar.gz. If you  look at wrappers in rx/,
>>> you see that they use tar, unzip, etc.
>
>> should include them in control then?
>
> Yes. As Depends or as Recommends.

Done, package updated:
http://mentors.debian.net/debian/pool/main/v/vfu/

>
>>> Moreover, those  wrappers are some security issue.  They use predictable
>>> name in  a world writable directory  (/tmp/XXXXXX.rx.cache). They should
>>> use mktemp based filename instead.
>
>> Suggests a patch for this case?
>
> You should  discuss this issue  with upstream. The cache  should survive
> accross invocations  so you cannot  just use mktemp. vfu  should provide
> those wrappers a unique directory to store this cache.

I sent an email to upstream to discuss about it. I think that will be
a new upstream version.
Thanks

> --
> BOFH excuse #269:
> Melting hard drives
>



-- 
William Vera <billy@billy.com.mx>
PGP Key: 1024D/F5CC22A4
Fingerprint: 3E73 FA1F 5C57 6005 0439  4D75 1FD2 BF96 F5CC 22A4
Reply to: