[pkg-fso-maint] [PATCH 1/2] Give an error message if data.tar.gz can not be extracted from tar*.deb
Timo Juhani Lindfors
timo.lindfors at iki.fi
Fri Dec 24 22:13:36 UTC 2010
Timo Juhani Lindfors <timo.lindfors at iki.fi> writes:
> wget $TAR_PACKAGE -O /tmp/tar.deb
> rm -f /tmp/data.tar.gz # FIXME: ar should just overwrite it
> ( cd /tmp && ar -x tar.deb data.tar.gz )
Wondering why wget can succeed but ar can fail? /tmp/tar.deb contained
<html>
<head>
<title> </title>
<script type="text/javascript">
function bredir(d,u,r,v,c){var w,h,wd,hd,bi;var b=false;var p=false;var s=[[300,250,false],[250,250,false],[240,400,false],[336,280,false],[180,150,false],[468,60,false],[234,60,false],[88,31,false],[120,90,false],[120,60,false],[120,240,false],[125,125,false],[728,90,false],[160,600,false],[120,600,false],[300,600,false],[300,125,false],[530,300,false],[190,200,false],[470,250,false],[720,300,true],[500,350,true],[550,480,true]];if(typeof(window.innerHeight)=='number'){h=window.innerHeight;w=window.innerWidth;}else if(typeof(document.body.offsetHeight)=='number'){h=document.body.offsetHeight;w=document.body.offsetWidth;}for(var i=0;i<s.length;i++){bi=s[i];wd=Math.abs(w-bi[0]);hd=Math.abs(h-bi[1]);if(wd<=2&&hd<=2){b=true;p=bi[2];}}if(b||(w<100&&w!==0)||(h<100&&h!==0)){if(p&&self==parent){self.close();return;}return'/b'+'anner.php?w='+w+'&h='+h+'&d='+d+'&u='+u+'&r='+r+'&view='+v;}else{return c;}}
</script>
</head>
<body onLoad="window.location = bredir('ftp.cc.debian.org', 'ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb', '', 'error', '/main?url=ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb');" style="margin: 0px;">
<noscript>
<iframe frameborder="0" src="/main?url=ftp.cc.debian.org%2Fdebian%2Fpool%2Fmain%2Ft%2Ftar%2Ftar_1.20-1_armel.deb" width="100%" height="100%"></iframe>
</noscript>
</body>
</html>
apparently since some ISP is cathing 404s?
This is a good reminder on how install.sh just blindly executes
untrusted code from the internet...
-Timo
More information about the pkg-fso-maint
mailing list