Control: tags -1 confirmed Am 15.05.2017 um 00:01 schrieb Nikolaus Rath: > Package: xarchiver > Version: 1:0.5.4-1+deb8u1 > Severity: critical > Justification: causes serious data loss > > As far as I can tell, using xarchiver to add additional files to a > .tar.xz file will destroy the existing data. > > Steps to reproduce: > > $ echo foo > "Kieran Daycare Contract.pdf" > $ echo bar > "Kieran Daycare 2.pdf" > $ tar cJvf "Kieran Daycare Contract.pdf.tar.xz" "Kieran Daycare Contract.pdf" > Kieran Daycare Contract.pdf > > $ xarchiver Kieran\ Daycare\ Contract.pdf.tar.xz > # Select Action->Add > # Select the "bar.txt" file > > Now the existing file is gone, and only the new file is > in the archive. > > Please note that the filename seems to matter, I wasn't able > to recreate this when using "foo.txt", "bar.txt" and "test.tar.xz".
Hi, thank you for the report. I can reproduce this behavior with all tar archives and all supported compression methods. Non-tar archives like 7z or zip are not affected. This happens only when the archive name includes shell characters that are usually escaped with a backslash. I believe the bug is either in src/main.c or src/tar.c and is related to the xa_escape_filename function or a similar function which tries to sanitize these "bad" characters. Apparently it is missing somewhere, perhaps in the xa_tar_add function. I am still investigating. Regards, Markus
signature.asc
Description: OpenPGP digital signature
