Your message dated Tue, 13 Jul 2021 12:33:44 +0000
with message-id <e1m3hbc-000g4m...@fasolo.debian.org>
and subject line Bug#990906: fixed in xarchiver 1:0.5.4.17-2
has caused the Debian Bug report #990906,
regarding xarchiver Deleting Files Outside of Archive
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
990906: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990906
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xarchiver
Version: 1:0.5.4.14-1
Severity: critical
Justification: causes serious data loss
Dear Maintainer,
Subject: xarchiver Deleting Files Outside of Archive
The deleted files are linked to (ln -s) from within the archive
(tar.gz), but reside outside of the archive.
These external files get deleted if one double clicks on the link line
within xarchiver and the file resides on an ntfs disk.
#--------
# The behaviour can be repeated as follows
cd /home/david/
mkdir Example
# Write a txt file to within Example
echo "file red" > Example/red.txt
# Utilise much spare disk space on ntfs drive
# it needs to be ntfs
cd /mnt/win7/david/
mkdir MoreColours
echo "file green" > MoreColours/green.txt
echo "file blue" > MoreColours/blue.txt
# Make symbolic link to MoreColours
# from within dir Example
cd /home/david/Example
ln -s -T /mnt/win7/david/MoreColours MoreColours
# Make a tape archive of Example
cd /home/david/
tar -czvf example.tar.gz Example
# Open using xarchiver, and
# note that MoreColours points to correct location
xarchiver example.tar.gz
thunar /mnt/win7/david/MoreColours
# Now double click on this line in xarchiver AND
# watch the files in MoreColours in thunar above
# at the same time. They get REMOVED.
# I would have expected a default action of double
# clicking to be something like opening thunar above.
# An error message pops up:
'Failed to open "/tmp/xa-43Y950/MoreColours".
Error when getting information for the file
"/tmp/xa-43Y950/MoreColours": No such file or directory.'
# Goto the /tmp dir named in the Error Pop-up
cd /tmp/xa-43Y950/
ls -l
-rwxrwxrwx 1 david david 10 Jul 10 13:14 blue.txt
-rwxrwxrwx 1 david david 11 Jul 10 13:14 green.txt
drwx------ 3 david david 4096 Jul 10 13:32 xa-tmp.0XTI60
-rw-r--r-- 1 david david 10240 Jul 10 13:30 xa-tmp.decompressed
#--------
The files blue.txt and green.txt have been MOVED to /tmp/xa-43Y950/.
xarchiver should not have the permission to move/delete files that are
not within the archive specified by the user.
When one closes xarchiver the /tmp dir is deleted along with all of ones
files, 2.7Gb in my case. I lost them before seeing what was happening.
There is a conflict with ntfs, the above does not happen if the linked
directory is on the local ext4 disk.
Is this related to the following bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862593
Possibly some escaped characters with ntfs mounts are not being dealt
with properly?
The ntfs disk mount is configured in /etc/fstab:
UUID=id.here /mnt/win7 ntfs user,auto,uid=a.number,gid=a.number 0 0
Regards
David Harte
-- System Information:
Debian Release: 10.10
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-17-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ.utf8, LC_CTYPE=en_NZ.utf8 (charmap=UTF-8),
LANGUAGE=en_NZ:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages xarchiver depends on:
ii libc6 2.28-10
ii libgdk-pixbuf2.0-0 2.38.1+dfsg-1
ii libglib2.0-0 2.58.3-2+deb10u3
ii libgtk-3-0 3.24.5-1
Versions of packages xarchiver recommends:
ii bzip2 1.0.6-9.2~deb10u1
ii p7zip-full 16.02+dfsg-6
ii unzip 6.0-23+deb10u2
ii xdg-utils 1.1.3-1+deb10u1
ii xz-utils 5.2.4-1
Versions of packages xarchiver suggests:
pn arj <none>
ii binutils 2.31.1-16
ii cpio 2.12+dfsg-9
pn lhasa <none>
pn liblz4-tool <none>
pn lrzip <none>
pn lzip <none>
pn lzop <none>
pn ncompress <none>
pn rar <none>
pn unar <none>
ii zip 3.0-11+b1
pn zstd <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xarchiver
Source-Version: 1:0.5.4.17-2
Done: Markus Koschany <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
xarchiver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 990...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated xarchiver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Jul 2021 14:02:25 +0200
Source: xarchiver
Architecture: source
Version: 1:0.5.4.17-2
Distribution: unstable
Urgency: medium
Maintainer: Markus Koschany <a...@debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Closes: 990906
Changes:
xarchiver (1:0.5.4.17-2) unstable; urgency=medium
.
* Fix Debian bug #990906. Do not follow symbolic links if the files reside
outside the archive. (Closes: #990906)
Thanks to David Harte for the report and Ingo Brückl for the patch.
Checksums-Sha1:
28e1e20a2e1899bafe490bf37995f075e5339735 2038 xarchiver_0.5.4.17-2.dsc
779f6c8c90c05bb0e5ed13946688c7ed9304c694 9240
xarchiver_0.5.4.17-2.debian.tar.xz
76e64201a519be940ddb12ee0a89008422dfbffa 14651
xarchiver_0.5.4.17-2_amd64.buildinfo
Checksums-Sha256:
61e9da347e12f4c932b57526931e861d8b9efd6ade8893a86cbfc14ec0cbf832 2038
xarchiver_0.5.4.17-2.dsc
c2f4109cdd8afdc9400e799a4c347f1c7282f5e5d50220422488329b62c2fbe0 9240
xarchiver_0.5.4.17-2.debian.tar.xz
b680a899057a661e2b6d022cbb212d4fac14674b6c9e835d216faab410f490ed 14651
xarchiver_0.5.4.17-2_amd64.buildinfo
Files:
8889b32465fa06d09ac83eadb71d33e7 2038 x11 optional xarchiver_0.5.4.17-2.dsc
37b58ada45fbdddb46f5c28d40135346 9240 x11 optional
xarchiver_0.5.4.17-2.debian.tar.xz
a244ba35d0be13cba90f9458839f8398 14651 x11 optional
xarchiver_0.5.4.17-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmDthChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk6tAP/jdAAfo34tnIaBgwEKT0e+io6lhaB9drZSyX
iP1RQ3wa6DK/Lr8J4jqg5xiEsZ6KX3WNcP3+eQ8ygL5q8SoyII4XZTZw1qwdbs3k
jy0CsbG+C7tK25sVrizE8ijtFc3QP0JG868qN17rObUt/uT2SlrGs/XPz+nGZS44
BjWoiQ0UcomOQDi6MpznCdrB0kDWt6PhrO8hQzXdS7gYsPUMkk6GeX50g71jTgnr
6HHwxRF4+zFl2yDSpwk5juER8f2Q6vgYIH1WyRElcx9lIu3dUyC3dsaki8/fTS+r
RcgRdtw3cdW1uuwtI5cPCpkSMOPy0NfSwNtE+0/Pw9WNuhX2YEwUP0eOaQREjgel
u6FaEtY3PSSsRJVY1/shG6Ms3ENRe+KGdyLNPOUfrpq9GstgA5dejPsi82TeADsT
zPSjRkBjN6cZuqQKyEK2yX/QorNVMLQZBZWIHD1L3op9lzS9gydAJbRTHvF4Y3Ww
wDPC33WzqF2xHoXOTFBmkhjjxffmDp2WXlsVMtHKrJ8q5S4rSWjm5PxlB3Dp4lkq
pBQxB0HkAGQsWqYgOykCmW61XWH8EjsUcQXzOyQSo3hqldFm2BIxl45e1ZqPlEed
ps8+7XHqOdic/o2Hyumo3J7hAuIScMZSX+yt7xMcKyvENDuuJJCWPTjXFLxy2RPX
SbkUconM
=Hho/
-----END PGP SIGNATURE-----
--- End Message ---
