On Sun, Jul 24, 2005, Matthias Kurz wrote: > On Sun, Jul 24, 2005, Ralf S. Engelschall wrote: > > > On Sun, Jul 24, 2005, Matthias Kurz wrote: > > > > > There is something wrong. I guess with the patch, but i do not know > > > the background... > > > > > > Well, the problem is that when a path to a file is given the result > > > ends in the current dir and not in the "original" dir. > > > Example: gzip /foo/bar/baz creates ./baz.gz instead of /foo/bar/baz.gz > > > > Yes, AFAIK this nasty semantic change is > > part of the security fix corresponding to > > http://www.openpkg.org/security/OpenPKG-SA-2005.009-gzip.html Hmmm... > > I'm wondering how one can adjust the patch to still fix the security > > issue and keep the old semantics...? > > Is anybody working on this ?
Not as far as I know. > I looked around and "found" the following thread: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 > There is a better patch that removes the dirname part in > gzip.c:get_method() (where it is taken from the compressed file). Hey, cool. Feel free to come up with a patch providing a more reasonable solution than what we currently have in the OpenPKG package(s). Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List openpkg-dev@openpkg.org
