[Bug 217311] Review Request: xarchiver - Archive manager for Xfce
bugzilla at redhat.com
bugzilla at redhat.com
Tue Nov 28 16:28:23 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: xarchiver - Archive manager for Xfce
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217311
------- Additional Comments From pertusus at free.fr 2006-11-28 11:28 EST -------
Unused dependency on sonames. I haven't investigated where they
come from, most probable is .pc file not using correctly *.private
(libm and libdl are certainly not problematic):
/usr/lib/libatk-1.0.so.0
/lib/libm.so.6
/usr/lib/libpangocairo-1.0.so.0
/usr/lib/libpango-1.0.so.0
/usr/lib/libcairo.so.2
/lib/libgmodule-2.0.so.0
/lib/libdl.so.2
There is a requires for binutils, for ar, for .deb. Also reading
src/deb.c, it seems to me that the files in /tmp are not safely
created, opening the possibility of a symlink in tmp attack. Maybe
the manipulation should be done in a /tmp subdir. I haven't checked
the other /tmp use, some look clearly right, for others there is
a need to look at the code.
in src/callback.c, in xa_activate_link, I think it would be
relevant to add a search from htmlview, and add a Requires for
htmlview. Otherwise a Requires firefox could be used, but I think
it would be much better to call htmlview.
There is also a missing requires of cpio for rpm.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the Fedora-package-review
mailing list