Bug#754463: RFS: pdf2htmlex/0.11+ds-1

To: 754463@bugs.debian.org
Subject: Bug#754463: RFS: pdf2htmlex/0.11+ds-1
From: Jakub Wilk <jwilk@debian.org>
Date: Sat, 19 Jul 2014 23:38:14 +0200
Message-id: <[🔎] 20140719213814.GA2486@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 754463@bugs.debian.org
In-reply-to: <[🔎] 20140718100000.31130.24913@hoothoot>
References: <[🔎] 20140713182400.GA3712@jwilk.net> <[🔎] 20140713202337.31130.43100@hoothoot> <[🔎] 20140715222609.GA4361@jwilk.net> <[🔎] 20140716063637.31130.98246@hoothoot> <[🔎] 20140716192115.GA7019@jwilk.net> <[🔎] 20140717063133.31130.61773@hoothoot> <[🔎] 20140717074658.GA4572@jwilk.net> <[🔎] 20140717075311.31130.14851@hoothoot> <[🔎] 20140717113647.GA8355@jwilk.net> <[🔎] 20140718100000.31130.24913@hoothoot>

* Johannes Schauer <j.schauer@email.de>, 2014-07-18, 12:00:

But there's a good reason --dry-run is described as “unsafe” in themktemp manpage.
What is the reason? I thought the reason for it being called "unsafe"was that if you use --dry-run first and then create the directory withthat name yourself then somebody else could hijack that location in themeantime.


That's right.

But this is no problem for this use case.

If an attacker can predict what the victim's $HOME is going to be, theycan overwrite arbitrary files by creating a $HOME/.FontForge/prefssymlink. More sophisticated attacks might be also possible.



Your d/copyright says:

Files: *
Copyright: 2012 WANG Lu <coolwanglu@gmail.com>

Shouldn't it be s/WANG Lu/Lu Wang/? The latter seems to be the spellingused in the code.

More importantly, some files have newer copyright dates. For example,src/pdf2htmlEX.cc reads:


// Copyright (C) 2012-2014 Lu Wang <coolwanglu@gmail.com>


Please bump date in d/changelog. :-)


From the wishlist department:
You might want to implement DEP-8 tests.

--
Jakub Wilk

Reply to:

References:
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Jakub Wilk <jwilk@debian.org>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Johannes Schauer <j.schauer@email.de>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Jakub Wilk <jwilk@debian.org>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Johannes Schauer <j.schauer@email.de>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Jakub Wilk <jwilk@debian.org>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Johannes Schauer <j.schauer@email.de>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Jakub Wilk <jwilk@debian.org>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Johannes Schauer <j.schauer@email.de>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Jakub Wilk <jwilk@debian.org>
- Bug#754463: RFS: pdf2htmlex/0.11+ds-1
  - From: Johannes Schauer <j.schauer@email.de>

Prev by Date: Processed: take charmap.app
Next by Date: Bug#755380: RFS: simple-scan/3.13.3-1 [ITA]
Previous by thread: Bug#754463: RFS: pdf2htmlex/0.11+ds-1
Next by thread: Bug#754463: RFS: pdf2htmlex/0.11+ds-1
Index(es):
- Date
- Thread