unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
[parent not found: <E1Y8Bor-0003yH-Mu@fencepost.gnu.org>]
* bug#19536: [PATCH] package-upload-buffer-internal fails for tar files
@ 2015-01-08  3:33 Kelly Dean
  2015-01-08  5:50 ` Stefan Monnier
  2015-02-18  1:03 ` bug#19536: package-upload-buffer-internal fails for tar files Kelly Dean
  0 siblings, 2 replies; 46+ messages in thread
From: Kelly Dean @ 2015-01-08  3:33 UTC (permalink / raw)
  To: 19536

[-- Attachment #1: Type: text/plain, Size: 410 bytes --]

It creates a file with a ⌜.tar⌝ extension that isn't a valid tar file.

Since elpa.gnu.org _does_ have valid tar files, I guess somebody wrote a script to work around this bug by overwriting the invalid tar files with the originals.

I'm submitting a patch for this since it affects validation of my patch for bug #19479, and I'm submitting the latter patch because it fixes a security vulnerability.

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: package-upload-bug.patch --]
[-- Type: text/x-diff, Size: 446 bytes --]

--- emacs-24.4/lisp/emacs-lisp/package-x.el
+++ emacs-24.4/lisp/emacs-lisp/package-x.el
@@ -243,7 +243,7 @@
 	        	     (concat (symbol-name pkg-name) "-readme.txt")
 	        	     package-archive-upload-base)))
 
-	    (set-buffer pkg-buffer)
+	    (set-buffer (if (eq file-type 'tar) tar-data-buffer pkg-buffer))
 	    (write-region (point-min) (point-max)
 			  (expand-file-name
 			   (format "%s-%s.%s" pkg-name pkg-version extension)

^ permalink raw reply	[flat|nested] 46+ messages in thread
[parent not found: <0ylhjngoxs.fsf@fencepost.gnu.org>]

end of thread, other threads:[~2020-11-26  3:56 UTC | newest]

Thread overview: 46+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <qRgJhF1EfrtAmBqmyTLGcOkoyCcHP7kWm6t8KBDxra2@local>
2015-01-01 12:38 ` bug#19479: Package manager vulnerable Kelly Dean
2015-01-04 20:00   ` Stefan Monnier
2015-01-05  1:11     ` Kelly Dean
2015-01-05  2:16       ` Stefan Monnier
2015-01-08  3:31         ` bug#19479: [PATCH] " Kelly Dean
2015-01-08  3:44           ` Glenn Morris
2015-01-08  5:29             ` Kelly Dean
2015-01-08 14:39               ` Stefan Monnier
2015-01-08 21:06                 ` Kelly Dean
2015-01-09  2:37                   ` Stefan Monnier
2015-01-09  6:59               ` bug#19479: Copyright issue (was: Re: bug#19479: Package manager vulnerable) Kelly Dean
2015-01-09 15:17                 ` bug#19479: Copyright issue Stefan Monnier
2015-01-09 15:29                   ` David Kastrup
2015-01-09 19:57                   ` Kelly Dean
     [not found]                   ` <EitH3yok1Itmynw5Ex1Vi3AuvkREurR1ccm1J5MQD4E@local>
2015-01-09 20:24                     ` Glenn Morris
     [not found]                     ` <0etwzzu2gd.fsf@fencepost.gnu.org>
2015-01-09 20:32                       ` Glenn Morris
2015-02-24  8:47           ` bug#19479: Emacs package manager vulnerable to replay attacks Kelly Dean
2015-01-11  2:56   ` bug#19479: (on-topic) Re: bug#19479: Package manager vulnerable Kelly Dean
2015-01-20 21:18   ` bug#19479: Disclaimer is now on file at FSF Kelly Dean
2015-02-24 18:11     ` Glenn Morris
2017-09-03  1:10   ` bug#19479: Package manager vulnerable Glenn Morris
2019-10-04  9:49   ` Stefan Kangas
2020-05-06  0:55     ` Noam Postavsky
2020-09-06 23:59       ` Stefan Kangas
2020-09-07 14:14         ` Noam Postavsky
2020-09-07 18:11           ` Stefan Kangas
2020-11-21 23:51     ` bug#19479: Package manager vulnerable to replay attacks Stefan Kangas
2020-11-26  0:43       ` Stefan Monnier
2020-11-26  2:06         ` Stefan Kangas
2020-11-26  2:30           ` Stefan Monnier
2020-11-26  3:02             ` Stefan Kangas
2020-11-26  3:11               ` Stefan Monnier
2020-11-26  3:56           ` Jean Louis
2020-09-07 17:19   ` bug#19479: Package manager vulnerable Stefan Kangas
2020-09-07 23:54     ` Noam Postavsky
2020-09-08  8:10       ` Stefan Kangas
     [not found] <E1Y8Bor-0003yH-Mu@fencepost.gnu.org>
2015-01-06  6:38 ` Kelly Dean
2015-01-07  4:27   ` Richard Stallman
2015-01-08  3:33 bug#19536: [PATCH] package-upload-buffer-internal fails for tar files Kelly Dean
2015-01-08  5:50 ` Stefan Monnier
2015-01-08  7:10   ` Kelly Dean
2015-01-08 11:40   ` bug#19479: Package manager vulnerable Kelly Dean
2015-02-18  1:03 ` bug#19536: package-upload-buffer-internal fails for tar files Kelly Dean
     [not found] <0ylhjngoxs.fsf@fencepost.gnu.org>
2015-02-24 23:02 ` bug#19479: Disclaimer is now on file at FSF Kelly Dean
     [not found] ` <5j6SB8Hmg5euoiN2VLa1iolGVWZxTvwQ1LnsgFUQiDZ@local>
2015-02-25 21:09   ` Glenn Morris
     [not found]   ` <yuegpd8zq2.fsf@fencepost.gnu.org>
2017-09-02 12:24     ` Eli Zaretskii

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).