[pkg-fso-maint] [PATCH 1/2] Give an error message if data.tar.gz can not be extracted from tar*.deb

Timo Juhani Lindfors timo.lindfors at iki.fi
Fri Dec 24 22:13:36 UTC 2010


Timo Juhani Lindfors <timo.lindfors at iki.fi> writes:
>  		wget $TAR_PACKAGE -O /tmp/tar.deb
>  		rm -f /tmp/data.tar.gz # FIXME: ar should just overwrite it
>  		( cd /tmp && ar -x tar.deb data.tar.gz )

Wondering why wget can succeed but ar can fail? /tmp/tar.deb contained

<html>
        <head>
                <title>  </title>
                <script type="text/javascript">
                function bredir(d,u,r,v,c){var w,h,wd,hd,bi;var b=false;var p=false;var s=[[300,250,false],[250,250,false],[240,400,false],[336,280,false],[180,150,false],[468,60,false],[234,60,false],[88,31,false],[120,90,false],[120,60,false],[120,240,false],[125,125,false],[728,90,false],[160,600,false],[120,600,false],[300,600,false],[300,125,false],[530,300,false],[190,200,false],[470,250,false],[720,300,true],[500,350,true],[550,480,true]];if(typeof(window.innerHeight)=='number'){h=window.innerHeight;w=window.innerWidth;}else if(typeof(document.body.offsetHeight)=='number'){h=document.body.offsetHeight;w=document.body.offsetWidth;}for(var i=0;i<s.length;i++){bi=s[i];wd=Math.abs(w-bi[0]);hd=Math.abs(h-bi[1]);if(wd<=2&&hd<=2){b=true;p=bi[2];}}if(b||(w<100&&w!==0)||(h<100&&h!==0)){if(p&&self==parent){self.close();return;}return'/b'+'anner.php?w='+w+'&h='+h+'&d='+d+'&u='+u+'&r='+r+'&view='+v;}else{return c;}}
                </script>
        </head>
        <body onLoad="window.location = bredir('ftp.cc.debian.org', 'ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb', '', 'error', '/main?url=ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb');" style="margin: 0px;">
                <noscript>
                        <iframe frameborder="0" src="/main?url=ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb" width="100%" height="100%"></iframe>
                </noscript>
        </body>
</html>

apparently since some ISP is cathing 404s?

This is a good reminder on how install.sh just blindly executes
untrusted code from the internet...

-Timo



More information about the pkg-fso-maint mailing list