On Sun, Jul 24, 2005, Ralf S. Engelschall wrote: > On Sun, Jul 24, 2005, Matthias Kurz wrote: > > > There is something wrong. I guess with the patch, but i do not know > > the background... > > > > Well, the problem is that when a path to a file is given the result > > ends in the current dir and not in the "original" dir. > > Example: gzip /foo/bar/baz creates ./baz.gz instead of /foo/bar/baz.gz > > Yes, AFAIK this nasty semantic change is > part of the security fix corresponding to > http://www.openpkg.org/security/OpenPKG-SA-2005.009-gzip.html Hmmm... > I'm wondering how one can adjust the patch to still fix the security > issue and keep the old semantics...?
Is anybody working on this ? I looked around and "found" the following thread: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 There is a better patch that removes the dirname part in gzip.c:get_method() (where it is taken from the compressed file). (mk) -- Matthias Kurz; Fuldastr. 3; D-28199 Bremen; VOICE +49 421 53 600 47 >> Im prämotorischen Cortex kann jeder ein Held sein. (bdw) << ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List openpkg-dev@openpkg.org
