touch-packages team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

** Information type changed from Private Security to Public Security

** Also affects: click (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: click (Ubuntu Wily)
   Importance: Critical
     Assignee: Colin Watson (cjwatson)
       Status: In Progress

** Also affects: click (Ubuntu Vivid)
   Importance: Undecided
       Status: New

** Changed in: click (Ubuntu Trusty)
       Status: New => In Progress

** Changed in: click (Ubuntu Vivid)
       Status: New => In Progress

** Changed in: click (Ubuntu Trusty)
   Importance: Undecided => Critical

** Changed in: click (Ubuntu Vivid)
   Importance: Undecided => Critical

** Changed in: click (Ubuntu Trusty)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: click (Ubuntu Vivid)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1506467

Title:
  click install does not ignore shipped files without leading './'

Status in Canonical System Image:
  In Progress
Status in click package in Ubuntu:
  Fix Committed
Status in click source package in Trusty:
  In Progress
Status in click source package in Vivid:
  In Progress
Status in click source package in Wily:
  Fix Committed

Bug description:
  The click install process does not filter out all illegitimate paths
  during the install process. For example, an app can ship '.click' in
  data.tar.gz which interferes with package installs. './.click/' is
  correctly filtered.

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1506467/+subscriptions