Bug#862593: xarchiver: Adding files to .tar.xz deletes existing content

Chris Lamb Fri, 19 May 2017 14:36:18 -0700

tags 862593 + pending patch
thanks

I've uploaded xarchiver 0.5.4-6.1 to DELAYED/5:
  
  xarchiver (1:0.5.4-6.1) unstable; urgency=medium
  
    * Non-maintainer upload.
    * Fix data-loss issue where adding files to a tar-based archive removed all
      existing content when the target filename included shell metacharacters.
      The test to see whether it already existed to determine whether to create
      a new archive or simply add a new file incorrectly used an escaped path.
      (Closes: #862593)


The full debdiff is attached.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      la...@debian.org / chris-lamb.co.uk
       `-

diffstat for xarchiver-0.5.4 xarchiver-0.5.4

 changelog                                             |   11 +++
 patches/pass-unescaped-filenames-to-g_file_test.patch |   61 ++++++++++++++++++
 patches/series                                        |    1 
 3 files changed, 73 insertions(+)

diff -Nru xarchiver-0.5.4/debian/changelog xarchiver-0.5.4/debian/changelog
--- xarchiver-0.5.4/debian/changelog    2017-01-04 16:10:53.000000000 +0100
+++ xarchiver-0.5.4/debian/changelog    2017-05-19 23:25:18.000000000 +0200
@@ -1,3 +1,14 @@
+xarchiver (1:0.5.4-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix data-loss issue where adding files to a tar-based archive removed all
+    existing content when the target filename included shell metacharacters.
+    The test to see whether it already existed to determine whether to create
+    a new archive or simply add a new file incorrectly used an escaped path.
+    (Closes: #862593)
+
+ -- Chris Lamb <la...@debian.org>  Fri, 19 May 2017 23:25:18 +0200
+
 xarchiver (1:0.5.4-6) unstable; urgency=medium
 
   * Suggest binutils because it provides the ar command which is required for
diff -Nru 
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch 
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch
--- 
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch    
    1970-01-01 01:00:00.000000000 +0100
+++ 
xarchiver-0.5.4/debian/patches/pass-unescaped-filenames-to-g_file_test.patch    
    2017-05-19 23:25:18.000000000 +0200
@@ -0,0 +1,61 @@
+Description: Pass unescaped filenames to g_file_test
+Author: Chris Lamb <la...@debian.org>
+Last-Update: 2017-05-19
+Debian-Bug: #862593
+
+--- xarchiver-0.5.4.orig/src/tar.c
++++ xarchiver-0.5.4/src/tar.c
+@@ -197,7 +197,7 @@ void xa_tar_add (XArchive *archive,GStri
+       switch (archive->type)
+       {
+               case XARCHIVETYPE_TAR:
+-              if ( g_file_test (archive->escaped_path,G_FILE_TEST_EXISTS))
++              if ( g_file_test (archive->path,G_FILE_TEST_EXISTS))
+                       command = g_strconcat (tar, " ",
+                                                                       
archive->add_recurse ? "" : "--no-recursion ",
+                                                                       
archive->remove_files ? "--remove-files " : "",
+@@ -213,7 +213,7 @@ void xa_tar_add (XArchive *archive,GStri
+               break;
+ 
+               case XARCHIVETYPE_TAR_BZ2:
+-              if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS ) 
)
++              if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+                       xa_add_delete_bzip2_gzip_lzma_compressed_tar 
(files,archive,1);
+               else
+                       command = g_strconcat (tar, " ",
+@@ -224,7 +224,7 @@ void xa_tar_add (XArchive *archive,GStri
+               break;
+ 
+               case XARCHIVETYPE_TAR_GZ:
+-              if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS ) 
)
++              if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+                       xa_add_delete_bzip2_gzip_lzma_compressed_tar 
(files,archive,1);
+               else
+                       command = g_strconcat (tar, " ",
+@@ -235,7 +235,7 @@ void xa_tar_add (XArchive *archive,GStri
+               break;
+               
+               case XARCHIVETYPE_TAR_LZMA:
+-              if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS ) 
)
++              if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+                       xa_add_delete_bzip2_gzip_lzma_compressed_tar 
(files,archive,1);
+               else
+                       command = g_strconcat (tar, " ",
+@@ -246,7 +246,7 @@ void xa_tar_add (XArchive *archive,GStri
+               break;
+               
+               case XARCHIVETYPE_TAR_XZ:
+-              if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS ) 
)
++              if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+                       xa_add_delete_bzip2_gzip_lzma_compressed_tar 
(files,archive,1);
+               else
+                       command = g_strconcat (tar, " ",
+@@ -257,7 +257,7 @@ void xa_tar_add (XArchive *archive,GStri
+               break;
+               
+               case XARCHIVETYPE_TAR_LZOP:
+-              if ( g_file_test ( archive->escaped_path , G_FILE_TEST_EXISTS ) 
)
++              if ( g_file_test ( archive->path , G_FILE_TEST_EXISTS ) )
+                       xa_add_delete_bzip2_gzip_lzma_compressed_tar 
(files,archive,1);
+               else
+                       command = g_strconcat (tar, " ",
diff -Nru xarchiver-0.5.4/debian/patches/series 
xarchiver-0.5.4/debian/patches/series
--- xarchiver-0.5.4/debian/patches/series       2017-01-04 16:10:53.000000000 
+0100
+++ xarchiver-0.5.4/debian/patches/series       2017-05-19 23:25:18.000000000 
+0200
@@ -1,3 +1,4 @@
 desktop-file.patch
 encrypted-7z-archives.patch
 cancel-extraction-crash.patch
+pass-unescaped-filenames-to-g_file_test.patch

Bug#862593: xarchiver: Adding files to .tar.xz deletes existing content

Reply via email to