ncmpcpp (version < 0. 5.4) can cause unexpected deletion of files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ncmpcpp (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ncmpcpp
From an email to the Ubuntu bugSquad:
Dear Madam/Sir,
I am using Ubuntu 10.04 and I installed program ncmpcpp 0.4.1. from Ubuntu
repositories. There's bug described on the page http://
ATTENTION: Feature, that allows you to physically remove directories from your
disk while being in browser is BROKEN IN ALL VERSIONS < 0.5.4 and may, under
some random circumstances, cause UNWANTED DELETION OF OTHER FILES. It needs to
be manually enabled in configuration file though, so if you don't use it, you're
fine. Otherwise you should upgrade to 0.5.4 or higher version immediately.
I used the feature, that can cause UNWANTED DELETION OF OTHER FILES. (I read
the ATTENTION notice too late.)
It removed about 1/2 of my HOME folder!!!!!
I would like to ask you, if you can remove this program from all
repositories, where it is included or fix the bug or use another version.
Yours sincerely
Natty already has ncmpcpp version 0.5.4-1, which is not affected.
All versions packaged for Ubuntu:
ncmpcpp | 0.3.4-1 | karmic/universe | source, amd64, i386
ncmpcpp | 0.4.1-1 | lucid/universe | source, amd64, i386
ncmpcpp | 0.5.2-1 | maverick/universe | source, amd64, i386
ncmpcpp | 0.5.4-1 | natty/universe | source, amd64, i386
TESTCASE:
/!\ ***WARNING*** This test case is destructive /!\
0. Install mpd and add music files into the music directory and verify that the user running ncmpcpp has write privileges on this directory. Configure ncmpcpp to point to this directory and allow files and directory deletion.
1. Start mpd
2. Start ncmpcpp
3. Switch to brower mode
4. Select the directory
5. Press the 'Del' key to delete the directory
=> Verify that some /random/ directory/files are deleted and that the deletion of the selected directory fails. Repeat until it deletes unselected files/directories
6. Install the version from -proposed
7. Repeat steps 2 to 5 and verify that only the selected directory is deleted.
Related branches
- Artur Rona (community): Approve
- C de-Avillez (community): Needs Resubmitting
-
Diff: 112 lines (+80/-1)4 files modifieddebian/changelog (+9/-0)
debian/control (+2/-1)
debian/patches/incorrect_dir_removal.patch (+68/-0)
debian/patches/series (+1/-0)
visibility: | private → public |
tags: | added: patch |
Changed in ncmpcpp (Ubuntu): | |
assignee: | nobody → Artur Rona (ari-tczew) |
status: | Triaged → In Progress |
description: | updated |
More than a bug I think it's human error as specified in the notice of the package the risk of any unexpected deletion of files. Nevertheless, I think is actually not necessary keep packages harmful to the system in the repository, or possibly eliminate the risk reported by the package itself. In the meantime, please upgrade to the next version of the file for a possible reorganization of the file in Home.