CVE-2019-13241: Zip Slip Vulnerability in FlightCrew · Issue #52 · Sigil-Ebook/flightcrew

Given flightcrew cli was never meant for production use on a website server or even a library, and no one has ever indicated to us they have used it in this way, that is probably a good idea as we would be constantly supporting it for things we no longer use in Sigil itself.

All of this attention for something that could only ever unpack files into places the user has write permission to anyway, and given that flightcrew in plugin form is used only when an epub has already been unzipped, gives us even more reason to reduce it to only a Sigil plugin.

When we add in the high overall age of the flightcrew codebase (Sigil itself dropped using boost, and Xerces long ago) plus flightcrew only supporting epub2, and flightcrew having its functionality basically replaced by epubcheck which can handle both epub2 and epub3, it does seem the right thing to do.

So I am okay with killing flightcrew, and putting it back in stripped down form, removing all use of zipios, and even boost, and Qt, and just making it a Sigil plugin. It will take some work, but it will prevent longterm headaches.

That said, given how important epubcheck passage is to professional epub production, perhaps we should just kill flightcrew completely and not replace it as it is just upkeep work the two of us as do not need.

What about just killing it completely? That would be the easiest. If we still want an internal check feature, we could probably put one together in python (ala calibre’s check) that would be a lot easier to maintain and just include it in our Sigil codebase.

I think my vote would be to kill it completely, recommend the epubcheck plugin for Sigil, and then extend our simple well-formed check in Sigil with some additional python code that will catch glaring issues.