Hi,
Log of an IRC conversation on the status of this bug is attached. In
short, it might be easier to workaround this problem at the nautilus
level, it's way riskier at the gnome-vfs2 level.
Tentative patch for nautilus which didn't work is attached.
Bye,
--
Loïc Minier <[EMAIL PROTECTED]>
10:16 < HE> lool: Hmmm, I don't see a discussion about #408948. Is soemone
working on that bug?
10:31 < lool> HE: I tried to, but the gnome-vfs2 side of things seem very risky
to change, so I thought I would patch nautilus as a started; I wrote a
preliminary patch which didn't work, but this made we wonder about a huge
problem of the suggested fix: it might break all files without extensions or
which have currently working non-recognized extensions
10:32 < lool> HE: In short, the proposed approach is to check that the data
maps to a mime type which is the same than the MIME type of the file extensions
10:32 < lool> HE: But you *must* fail when the extension has no corresponding
mime type (such as ".jpg ")
10:33 < lool> HE: But that would break for files named without extension
("foo") or files named with weird extensions which seem logical for the user
(foo.text, foo.dissertation, foo.notes, foo.readme, foo.clob)
10:33 < lool> HE: So, when I realized I might be breaking opening of a lot of
files, I gave up to think about it a little
10:34 < lool> That, and my tentative patch didn't work :)
10:34 < lool> HE: Both security issues can be handled in the same area of
nautilus, and I think this would lower the gnome-vfs side of things
10:35 < lool> HE: Oh, did I mention upstream isn't maintaining gnome-vfs2
anymore?
10:35 < HE> lool: It isn't?
10:35 < HE> lool: I seem to be a bit out of the loop wrt Gnome stuff.
10:35 < HE> lool: Has it shown to be too useful?
10:36 < lool> HE: There was a massive debunk of the POSIX semantics mapping by
Alex and he's been working hard on a glib level replacement
10:37 < lool> But obviously, gnome-vfs2 is going to stay for a little while
before apps are rewritten; and upstream is probably still taking patches
10:37 < HE> lool: Well, gnome-vfs being gnome-something was always a weirdo
idea, but changing that sounds like something you would do when moving to
glib3...
10:37 < lool> I doubt they are intereted in adding disruptive security checks
like #408948 proposes :-/
Index: debian/changelog
===================================================================
--- debian/changelog (révision 8527)
+++ debian/changelog (copie de travail)
@@ -1,8 +1,15 @@
-nautilus (2.14.3-8) UNRELEASED; urgency=low
+nautilus (2.14.3-8) unstable; urgency=medium
* Add a get-orig-source target to retrieve the upstream tarball.
+ * SECURITY: New patch, 20_warn-unknown-file-extension, to warn when opening
+ files for which we could compute a MIME type based on file magic, but
+ where the file extension has no associated MIME type; this should best be
+ done in gnome-vfs2, see #408948, GNOME #405052, and Novell #258503, but
+ meanwhile this lowers the impact of the bug. This would also need some
+ specialized UI instead of the generic warning message, but we don't have
+ infrastructure to translate UI additions at the Debian level for now.
- -- Loic Minier <[EMAIL PROTECTED]> Sat, 13 Jan 2007 23:33:58 +0100
+ -- Loic Minier <[EMAIL PROTECTED]> Wed, 7 Feb 2007 11:52:53 +0100
nautilus (2.14.3-7) unstable; urgency=medium
Index: debian/patches/20_warn-unknown-file-extension.patch
===================================================================
--- debian/patches/20_warn-unknown-file-extension.patch (révision 0)
+++ debian/patches/20_warn-unknown-file-extension.patch (révision 0)
@@ -0,0 +1,17 @@
+diff -Nur nautilus-2.14.3/src/file-manager/fm-directory-view.c nautilus-2.14.3.new/src/file-manager/fm-directory-view.c
+--- nautilus-2.14.3/src/file-manager/fm-directory-view.c 2007-02-07 11:43:37.000000000 +0100
++++ nautilus-2.14.3.new/src/file-manager/fm-directory-view.c 2007-02-07 11:46:23.000000000 +0100
+@@ -5008,9 +5008,10 @@
+ (mime_type);
+ guessed_default_app = gnome_vfs_mime_get_default_application
+ (guessed_mime_type);
+- if (default_app != NULL &&
+- guessed_default_app != NULL &&
+- !gnome_vfs_mime_application_equal (default_app, guessed_default_app)) {
++ if ((default_app != NULL && guessed_default_app == NULL) ||
++ (default_app != NULL &&
++ guessed_default_app != NULL &&
++ !gnome_vfs_mime_application_equal (default_app, guessed_default_app))) {
+ if (warn_on_mismatch) {
+ warn_mismatched_mime_types (view, file);
+ }
