From: Kelly Dean <kelly@prtime.org>
To: 19536@debbugs.gnu.org
Subject: bug#19536: [PATCH] package-upload-buffer-internal fails for tar files
Date: Thu, 08 Jan 2015 03:33:06 +0000 [thread overview]
Message-ID: <aAe2F0eQLktC57QR1tWdF80pyx8eKH6CkGRzD9a4CTf@local> (raw)
[-- Attachment #1: Type: text/plain, Size: 410 bytes --]
It creates a file with a ⌜.tar⌝ extension that isn't a valid tar file.
Since elpa.gnu.org _does_ have valid tar files, I guess somebody wrote a script to work around this bug by overwriting the invalid tar files with the originals.
I'm submitting a patch for this since it affects validation of my patch for bug #19479, and I'm submitting the latter patch because it fixes a security vulnerability.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: package-upload-bug.patch --]
[-- Type: text/x-diff, Size: 446 bytes --]
--- emacs-24.4/lisp/emacs-lisp/package-x.el
+++ emacs-24.4/lisp/emacs-lisp/package-x.el
@@ -243,7 +243,7 @@
(concat (symbol-name pkg-name) "-readme.txt")
package-archive-upload-base)))
- (set-buffer pkg-buffer)
+ (set-buffer (if (eq file-type 'tar) tar-data-buffer pkg-buffer))
(write-region (point-min) (point-max)
(expand-file-name
(format "%s-%s.%s" pkg-name pkg-version extension)
next reply other threads:[~2015-01-08 3:33 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-08 3:33 Kelly Dean [this message]
2015-01-08 5:50 ` bug#19536: [PATCH] package-upload-buffer-internal fails for tar files Stefan Monnier
2015-01-08 7:10 ` Kelly Dean
2015-01-08 11:40 ` bug#19479: Package manager vulnerable Kelly Dean
2015-02-18 1:03 ` bug#19536: package-upload-buffer-internal fails for tar files Kelly Dean
-- strict thread matches above, loose matches on Subject: below --
2014-12-30 10:42 Emacs package manager vulnerable to replay attacks Kelly Dean
2014-12-30 11:45 ` Ivan Shmakov
2015-01-01 12:38 ` bug#19479: Package manager vulnerable Kelly Dean
2015-01-04 20:00 ` Stefan Monnier
2015-01-05 1:11 ` Kelly Dean
2015-01-05 2:16 ` Stefan Monnier
2015-01-08 3:31 ` bug#19479: [PATCH] " Kelly Dean
2015-01-08 3:44 ` Glenn Morris
2015-01-08 5:29 ` Kelly Dean
2015-01-08 14:39 ` Stefan Monnier
2015-01-08 21:06 ` Kelly Dean
2015-01-09 2:37 ` Stefan Monnier
2015-01-09 6:59 ` bug#19479: Copyright issue (was: Re: bug#19479: Package manager vulnerable) Kelly Dean
2015-01-09 15:17 ` bug#19479: Copyright issue Stefan Monnier
2015-01-09 15:29 ` David Kastrup
2015-01-09 15:29 ` David Kastrup
2015-01-09 21:00 ` Kelly Dean
2015-01-09 21:49 ` Kelly Dean
2015-01-09 23:47 ` Stefan Monnier
2015-01-10 1:18 ` Kelly Dean
2015-01-11 1:39 ` Stefan Monnier
2015-01-11 3:20 ` Kelly Dean
2015-01-11 6:33 ` Werner LEMBERG
2015-01-12 15:38 ` Richard Stallman
2015-01-10 19:29 ` Richard Stallman
2015-01-09 19:57 ` Kelly Dean
2015-01-09 20:24 ` bug#19479: " Glenn Morris
2015-01-09 20:24 ` Glenn Morris
2015-01-09 20:32 ` Glenn Morris
2015-01-09 20:32 ` Glenn Morris
2015-01-09 19:57 ` Kelly Dean
2015-02-24 8:47 ` Emacs package manager vulnerable to replay attacks Kelly Dean
2015-02-24 8:47 ` bug#19479: " Kelly Dean
2015-01-11 2:56 ` bug#19479: (on-topic) Re: bug#19479: Package manager vulnerable Kelly Dean
2015-01-20 21:18 ` bug#19479: Disclaimer is now on file at FSF Kelly Dean
2015-02-24 18:11 ` Glenn Morris
2015-02-24 18:11 ` Glenn Morris
2015-02-24 23:02 ` Kelly Dean
2015-02-24 23:02 ` Kelly Dean
2015-02-25 21:09 ` Glenn Morris
2015-02-25 21:09 ` Glenn Morris
2017-09-02 12:24 ` Eli Zaretskii
2015-02-25 4:41 ` Vibhav Pant
2015-02-25 5:32 ` Stephen J. Turnbull
2017-09-03 1:10 ` bug#19479: Package manager vulnerable Glenn Morris
2019-10-04 9:49 ` Stefan Kangas
2020-05-06 0:55 ` Noam Postavsky
2020-09-06 23:59 ` Stefan Kangas
2020-09-07 14:14 ` Noam Postavsky
2020-09-07 18:11 ` Stefan Kangas
2020-11-21 23:51 ` bug#19479: Package manager vulnerable to replay attacks Stefan Kangas
2020-11-26 0:43 ` Stefan Monnier
2020-11-26 2:06 ` Stefan Kangas
2020-11-26 2:30 ` Stefan Monnier
2020-11-26 3:02 ` Stefan Kangas
2020-11-26 3:11 ` Stefan Monnier
2020-11-26 3:56 ` Jean Louis
2020-09-07 17:19 ` bug#19479: Package manager vulnerable Stefan Kangas
2020-09-07 23:54 ` Noam Postavsky
2020-09-08 8:10 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aAe2F0eQLktC57QR1tWdF80pyx8eKH6CkGRzD9a4CTf@local \
--to=kelly@prtime.org \
--cc=19536@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.