Please unblock safe-rm/0.3-1

To: debian-release@lists.debian.org
Subject: Please unblock safe-rm/0.3-1
From: Francois Marier <francois@debian.org>
Date: Fri, 24 Oct 2008 08:21:41 +1300
Message-id: <20081023192141.GB5960@isafjordur.dyndns.org>

(Please CC me on your replies, thanks!)

Hello,

I would like to request that you please unblock the safe-rm package to let
0.3-1 propagate to testing.

It has a fix for a bug which I believe is quite serious (though no Debian
bugs were ever filed for it). The package wasn't protecting files in the
current directory even if it claimed to do so and that users were relying
on this.

Here is the only change between the 0.2 and 0.3 upstream versions:

  --- safe-rm-0.2/safe-rm 2008-10-24 08:14:57.000000000 +1300
  +++ safe-rm-0.3/safe-rm 2008-09-09 19:12:19.000000000 +1200
  @@ -131,7 +131,7 @@
  
       # Normalize the pathname
       my $normalized_pathname = $pathname;
  -    if ($normalized_pathname =~ m|/|) {
  +    if ($normalized_pathname =~ m|/| or -e "$normalized_pathname") {
           # Convert to an absolute path (e.g. remove "..")
           $normalized_pathname = realpath($normalized_pathname);
           $normalized_pathname = $pathname unless $normalized_pathname;

I am both the Debian maintainer and the upstream developer and I don't
believe that there are any risks associated with this upgrade. (It has been
in unstable for a month and a half already.)

Thank you,

Francois

Reply to:

Follow-Ups:
- Re: Please unblock safe-rm/0.3-1
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: please accept node_0.3.2-5_i386.changes into testing
Next by Date: Some missing builds for security issues
Previous by thread: Re: Please, allow ejabberd 2.0.1-5 to testing
Next by thread: Re: Please unblock safe-rm/0.3-1
Index(es):
- Date
- Thread