mat2 issueshttps://0xacab.org/jvoisin/mat2/-/issues2018-10-02T12:54:58Zhttps://0xacab.org/jvoisin/mat2/-/issues/72Should we warn about local references in office documents?2018-10-02T12:54:58ZjvoisinShould we warn about local references in office documents?I just stumbled upon a document with the following `word/_rels/settings.xml.rels` file:
```xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
...I just stumbled upon a document with the following `word/_rels/settings.xml.rels` file:
```xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship
Id="rId1"
Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate"
Target="file:///C:\DOCUME~1\easte\LOCALS~1\Temp\TCD59E.tmp\Employment%20application.dot"
TargetMode="External"
/>
</Relationships>
```
The `Target` attribute leaks some information by referring to a local file, and albeit those are not metadata, I think that it's worth discussing what mat2 should do about it.
In my opinion, MAT2 should remove the whole `Relationship`, since it's a dead link anyway.1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/39What do we want to do with files that have a "revision mode"2018-07-05T23:02:54ZjvoisinWhat do we want to do with files that have a "revision mode"@joe pointed out that MAT2 doesn't handle (as in "remove") revisions from office files.
What should we do about this? Shall we keep the revisions and pretend that they are data, or shall we only keep the latest one?@joe pointed out that MAT2 doesn't handle (as in "remove") revisions from office files.
What should we do about this? Shall we keep the revisions and pretend that they are data, or shall we only keep the latest one?0.1.3 - ostrichjvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/119Respect file permission2019-10-13T09:58:53ZVipulRespect file permission```
$ ls -l test1.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png
$ mat2 test1.png
$ ls -l test1*
-rw-r--r--. 1 finn finn 278091 Sep 14 04:14 test1.cleaned.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png
```
Is it e...```
$ ls -l test1.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png
$ mat2 test1.png
$ ls -l test1*
-rw-r--r--. 1 finn finn 278091 Sep 14 04:14 test1.cleaned.png
-rw-------. 1 finn finn 278088 Sep 14 04:12 test1.png
```
Is it expected behavior? Shouldn't `test1.cleaned.png` also have same file permission as `test1.png` (i.e. 600 instead of 644)?1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/86Potential harmful printing of binary Exif metadata in terminal2018-11-10T12:54:09ZSherry TaylorPotential harmful printing of binary Exif metadata in terminal## Description
Mat2 prints binary values of Exif metadata fields on the terminal (`mat2 --show`).
Depending on the used terminal emulator, this can mess up the terminal settings or execute code. (Reference: https://security.stackexchan...## Description
Mat2 prints binary values of Exif metadata fields on the terminal (`mat2 --show`).
Depending on the used terminal emulator, this can mess up the terminal settings or execute code. (Reference: https://security.stackexchange.com/questions/56307/can-cat-ing-a-file-be-a-potential-security-risk).
### Exploit (Code Execution):
Here is an example JPG file with binary data in the comment field:
![Binary_data_in_Exif_Comment](/uploads/2fa4fe3b3e0d1af115856c29ee0141dc/Binary_data_in_Exif_Comment.jpg)
In rxvt-unicode (urxvt) v9.22 showing the metadata of that file with `mat2 --show` results in the following:
```bash
[user:/tmp] % mat2 --show Binary_data_in_Exif_Comment.jpg
[+] Metadata for Binary_data_in_Exif_Comment.jpg:
Comment:
^[G0
[user:/tmp] % 0
bash: command not found: 0
```
In this case, the binary `0` does not exist in the system, however, it would have been executed without any user interaction if it had existed.
## Suggested Fix
Filter or replace all non-printable characters of metadata before printing.
## System information
- MAT2 0.4.0
- perl-image-exiftool 11.110.6.0 - Slothjvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/38Warn the user of "harmless" filetypes2018-06-21T21:36:02ZZachary SpectorWarn the user of "harmless" filetypesmat2 currently considers plain application/xml files as being free of metadata, when it's really entirely possible that an XML file could have metadata in a schema that we don't know about. We can't support every possible schema, of cour...mat2 currently considers plain application/xml files as being free of metadata, when it's really entirely possible that an XML file could have metadata in a schema that we don't know about. We can't support every possible schema, of course, but currently the tool runs the same way whether it's actually removing metadata or it isn't, and this could result in someone getting a false sense of security.
I'm imagining someone wanting to leak some in-house, totally undocumented schema in a hurry; knowing what metadata is; but not knowing a lot about how file formats really work. That person might run mat2 on their file and think it's clean. We should tell them not to assume this.0.1.2 - Duckjvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/31Prevent argument injection in `exiftool`2018-06-21T21:36:01ZjvoisinPrevent argument injection in `exiftool`We're using [exiftool]( https://www.sno.phy.queensu.ca/~phil/exiftool/ ) with `Popen`, thus making us vulnerable to argument injection. We can't simply blacklist files starting with a dash (`-`) because that's kind of legitimate.We're using [exiftool]( https://www.sno.phy.queensu.ca/~phil/exiftool/ ) with `Popen`, thus making us vulnerable to argument injection. We can't simply blacklist files starting with a dash (`-`) because that's kind of legitimate.0.1.2 - Duckhttps://0xacab.org/jvoisin/mat2/-/issues/181Skip errors instead of exiting program2022-12-31T11:06:53ZMegamindSkip errors instead of exiting programI have came across a few instances (#180) where the program would throw an error for one attribute, but would otherwise be able to clean the many other ones. When this happens the program just exits. This can be a bit annoying, so I sugg...I have came across a few instances (#180) where the program would throw an error for one attribute, but would otherwise be able to clean the many other ones. When this happens the program just exits. This can be a bit annoying, so I suggest remove all possible metadata attributes but leave out and notify the user about ERRORs. This way all the possible metadata could be removed.2.0 - Eaglehttps://0xacab.org/jvoisin/mat2/-/issues/176Add support for Nautilus 432023-07-13T06:20:27ZjvoisinAdd support for Nautilus 43As said on the [mailing list](https://lists.autistici.org/message/20220912.221557.187e40a4.en.html):
> Just wanted to let you know that due to Nautilus API changes in the
upcoming 43 release scheduled for September 21, I had to change
n...As said on the [mailing list](https://lists.autistici.org/message/20220912.221557.187e40a4.en.html):
> Just wanted to let you know that due to Nautilus API changes in the
upcoming 43 release scheduled for September 21, I had to change
nautilus-python’s API as well. It looks like you will be mainly
affected by the removal of `LocationWidgetProvider`, which probably
needs to be replaced by a string of GTK dialogues. Hopefully, the
migration guide will help you. Feel free to e-mail me or ask on
Nautilus’s Matrix chat if you have any questions.
> - GNOME Schedule: https://wiki.gnome.org/FortyThree
> - GtkDialog docs: https://docs.gtk.org/gtk4/class.Dialog.html
> - Migration guide: https://gnome.pages.gitlab.gnome.org/nautilus-python/nautilus-python-migrating-to-4.html
> - Nautilus’s chat: https://matrix.to/#/#nautilus:gnome.orghttps://0xacab.org/jvoisin/mat2/-/issues/133Cleaned PDFs wont print correctly (on some printers at least)2021-07-25T12:14:51ZgagzCleaned PDFs wont print correctly (on some printers at least)Hey,
I generated a PDF from a LibreOffice document, passed it to mat2 and tried to print it on a Xerox 7545, by pluging my USB stick directly into the printer.
It did something quite weird: the printed doc was only the bottom left quart...Hey,
I generated a PDF from a LibreOffice document, passed it to mat2 and tried to print it on a Xerox 7545, by pluging my USB stick directly into the printer.
It did something quite weird: the printed doc was only the bottom left quarter of the original document, zoomed to fit the entire A4.
We tried with other documents, PDFs generated by other programs, but same happened.
We also tried a A3 document, same happened.
Printing the same documents but before it goes through mat2 works fine.
I didn't have the chance to test it on other printers yet though, so it might come from the printer.
(i'm not sure if creating an issue for this is fine, but i didn't know how to raise the problem otherwise)
thank you for the hard work!https://0xacab.org/jvoisin/mat2/-/issues/117Change the way we're dealing with "backup" file2019-10-25T23:34:27ZjvoisinChange the way we're dealing with "backup" fileCurrently, when running `mat2` on `myfile.jpg`, two files are outputted:
- `myfile.jpg`: the original file
- `myfile.cleaned.jpg`: the cleaned file
I think that it would make more sense to have this instead:
- `myfile.jpg`: the cleaned ...Currently, when running `mat2` on `myfile.jpg`, two files are outputted:
- `myfile.jpg`: the original file
- `myfile.cleaned.jpg`: the cleaned file
I think that it would make more sense to have this instead:
- `myfile.jpg`: the cleaned file
- `myfile.jpg.bak`: the original file
The main drawback is that if the cleaning process fails, the user will be left with a `myfile.jpg.bak` and might wonder where their file is.
The reason why I'm suggesting this change is that some users have been confused by the current scheme, and I think that the new one makes more sense.
Any opinions?1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/116Ignore files if pass as an argument with -l (--list) option2019-08-01T15:14:23ZVipulIgnore files if pass as an argument with -l (--list) optionA cleaned copy of file is created when passed with `-l | --list` option as an argument.
```
mat2 -l photo.jpeg
ls
```
output:
```
photo.cleaned.jpeg
photo.jpeg
```
Same is true with `--check-dependencies`, `-L, --lightweight` and `-V...A cleaned copy of file is created when passed with `-l | --list` option as an argument.
```
mat2 -l photo.jpeg
ls
```
output:
```
photo.cleaned.jpeg
photo.jpeg
```
Same is true with `--check-dependencies`, `-L, --lightweight` and `-V, --verbose`https://0xacab.org/jvoisin/mat2/-/issues/113Setting output destination folder2019-07-19T15:26:54ZVipulSetting output destination folderAdd an option (-o or --output) to set output of a file to destination folder. This will reduce the number of steps if user wants to keep that file at specific location.
For ex:
mat2 my.jpeg -o ~/Documents/photo.jpeg
mat2 my.jpeg -o...Add an option (-o or --output) to set output of a file to destination folder. This will reduce the number of steps if user wants to keep that file at specific location.
For ex:
mat2 my.jpeg -o ~/Documents/photo.jpeg
mat2 my.jpeg -o ~/Documents/
(if name of file is not provided, save it with same name)
jvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/111Add option to preserve TOC in PDFs2023-08-02T23:18:10ZGhost UserAdd option to preserve TOC in PDFsNow, even with `-L` option, TOC is erased. It would be nice to have an option to wipe only creator, author, dates, etc. but preserve useful data like table of contents.Now, even with `-L` option, TOC is erased. It would be nice to have an option to wipe only creator, author, dates, etc. but preserve useful data like table of contents.1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/110Create a folder à la Dropbox as a GUI?2020-03-04T16:30:58ZjvoisinCreate a folder à la Dropbox as a GUI?Someone suggested that we should maybe try to create something like Dropbox does: a magical folder when files would get their metadata cleaned as soon at they're inside it. A small icon on the file would indicate if the files is cleaned,...Someone suggested that we should maybe try to create something like Dropbox does: a magical folder when files would get their metadata cleaned as soon at they're inside it. A small icon on the file would indicate if the files is cleaned, being cleaned, unable to be cleaned.
I don't know how practical this is to implement on Nautilus and its KDE/Xfce friends.https://0xacab.org/jvoisin/mat2/-/issues/109Improve zip compression2019-07-13T13:05:19ZjvoisinImprove zip compressionAs mentionned in #107, mat2 is currently using the default `ZIP_STORED` compression method for all zipfiles.
Maybe we should instead use the same method as the one used by the file being cleaned. This would make fingerprinting a bit easi...As mentionned in #107, mat2 is currently using the default `ZIP_STORED` compression method for all zipfiles.
Maybe we should instead use the same method as the one used by the file being cleaned. This would make fingerprinting a bit easier, but could also dramatically decrease produced archive sizes. I think that it's worth it.
This is a good first issue, since it involves designing a proper integration of this feature in the already-quite-complex archive handling code :)1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/106Pdf: Nautilus Extension does not work?2019-07-15T11:16:23Znigra blackPdf: Nautilus Extension does not work?hello,
i just installed mat2 and the nautilus extension on my debian stretch. i used this manual: https://0xacab.org/jvoisin/mat2/blob/master/INSTALL.md#debian
it works fine for nearly all formats, but not for pdf. if i open the contex...hello,
i just installed mat2 and the nautilus extension on my debian stretch. i used this manual: https://0xacab.org/jvoisin/mat2/blob/master/INSTALL.md#debian
it works fine for nearly all formats, but not for pdf. if i open the context-menue of a pdf there is no "clean metadata".
do you know this problem?
greetings, nigra1.0 - Ponygeorggeorghttps://0xacab.org/jvoisin/mat2/-/issues/105Verbose options is not verbose at all2019-08-01T15:13:06ZVaracVerbose options is not verbose at allThis is on ubuntu 19.04:
```
$ mat2 --verbose IMG_20190508_105854.jpg
$ mat2 --version
MAT2 0.8.0
$
```This is on ubuntu 19.04:
```
$ mat2 --verbose IMG_20190508_105854.jpg
$ mat2 --version
MAT2 0.8.0
$
```1.0 - Ponyhttps://0xacab.org/jvoisin/mat2/-/issues/104Add option to replace in-place2019-11-05T02:57:34ZVaracAdd option to replace in-placeMany tools have an option to replace files in place, without creating a seperate file.
It would be great if mat2 could offer this, since it's easier and less steps for the user.Many tools have an option to replace files in place, without creating a seperate file.
It would be great if mat2 could offer this, since it's easier and less steps for the user.1.0 - Ponyjvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/88Debian package status and build instructions are outdated2018-12-15T16:06:12ZAlanDebian package status and build instructions are outdated[0001-Fix-debian-build-instructions.patch](/uploads/0051c1baf37b536614a0983e12d37ea6/0001-Fix-debian-build-instructions.patch)
[0002-Update-debian-packaging-status.patch](/uploads/34882d960718fc9a25379aeb5dd1f8e0/0002-Update-debian-pack...[0001-Fix-debian-build-instructions.patch](/uploads/0051c1baf37b536614a0983e12d37ea6/0001-Fix-debian-build-instructions.patch)
[0002-Update-debian-packaging-status.patch](/uploads/34882d960718fc9a25379aeb5dd1f8e0/0002-Update-debian-packaging-status.patch)jvoisinjvoisinhttps://0xacab.org/jvoisin/mat2/-/issues/84Implement lightweight cleaning for images2018-11-10T12:38:25ZjvoisinImplement lightweight cleaning for imagesCurrently, images are re-renderer, it would be nice to implement a lightweight cleaning mode that doesn't alter their quality.Currently, images are re-renderer, it would be nice to implement a lightweight cleaning mode that doesn't alter their quality.0.6.0 - Sloth