Some files in Zip file starts with '..'

[tagoh]

Defect Report

Title

Some files in Zip file starts with '..'

Font

N/A

Where the font came from, and when

https://github.com/notofonts/khmer/releases/download/NotoSerifKhmer-v2.003/NotoSerifKhmer-v2.003.zip https://github.com/notofonts/khmer/releases/download/NotoSansKhmer-v2.003/NotoSansKhmer-v2.003.zip

Issue

ZIP files in GitHub assets contains some files started with '..'. unzip warns them, and some extracting method/libraries in Python ignores it because of the security reason.

1. Steps to reproduce
   1. Download the above ZIP files.
   2. Check the file list of ZIP
2. Observed results Some files started with '..'
3. Expected results They should be extracted onto NotoSerifKhmer or NotoSansKhmer sub-directory for this project.
4. Additional information

   $ unzip -l NotoSerifKhmer-v2.003.zip

   tail -10 150704 07-05-2022 07:03 NotoSerifKhmer/hinted/ttf/NotoSerifKhmer-SemiCondensedMedium.ttf 147968 07-05-2022 07:03 NotoSerifKhmer/hinted/ttf/NotoSerifKhmer-CondensedExtraBold.ttf 149640 07-05-2022 07:03 NotoSerifKhmer/hinted/ttf/NotoSerifKhmer-Condensed.ttf 146668 07-05-2022 07:03 NotoSerifKhmer/hinted/ttf/NotoSerifKhmer-CondensedSemiBold.ttf 247 07-05-2022 07:02 ../AUTHORS.txt 471 07-05-2022 07:02 ../CONTRIBUTORS.txt 4381 07-05-2022 07:02 ../OFL.txt 100 07-05-2022 07:02 ../requirements.txt

   24136015 214 files

[Jehan-h20220012]

Can I work on this issue?

[simoncozens]

Sure. The problem is coming from here:

https://github.com/notofonts/notobuilder/blob/6fa2972a1c90b733ab0eadf5380f3c0a9e1fd048/.github/workflows/build.yaml#L320

[simoncozens]

This was fixed in https://github.com/notofonts/notobuilder/commit/79c97029140ea7c71e43826f8e25781300473c56 ; new releases will not do this.