[Bug 217311] Review Request: xarchiver - Archive manager for Xfce

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: xarchiver - Archive manager for Xfce


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217311





------- Additional Comments From pertusus at free.fr  2006-11-28 11:28 EST -------

Unused dependency on sonames. I haven't investigated where they 
come from, most probable is .pc file not using correctly *.private
(libm and libdl are certainly not problematic):

        /usr/lib/libatk-1.0.so.0
        /lib/libm.so.6
        /usr/lib/libpangocairo-1.0.so.0
        /usr/lib/libpango-1.0.so.0
        /usr/lib/libcairo.so.2
        /lib/libgmodule-2.0.so.0
        /lib/libdl.so.2

There is a requires for binutils, for ar, for .deb. Also reading
src/deb.c, it seems to me that the files in /tmp are not safely
created, opening the possibility of a symlink in tmp attack. Maybe
the manipulation should be done in a /tmp subdir. I haven't checked
the other /tmp use, some look clearly right, for others there is
a need to look at the code.

in src/callback.c, in xa_activate_link, I think it would be 
relevant to add a search from htmlview, and add a Requires for
htmlview. Otherwise a Requires firefox could be used, but I think 
it would be much better to call htmlview.

There is also a missing requires of cpio for rpm.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.