[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Another weird tar issue (100 character filenames)

I just built new xml-security-c packages to fix the current FTBFS bug, and
lintian returned the following error message:

E: libxml-security-c-doc: deb-created-with-broken-tar file: /usr/share/doc/libxml-security-c-doc/c/apiDocs/winutils_2XSECBinHTTPURIInputStream_8hpp-source.html
N:   The binary package was created with a broken version of tar. Some
N:   versions of tar contain a bug, which make the resulting .deb broken.
N:   On unpack, some filenames are going to be corrupted.
N:   This package was build with such a version of tar, and the mentioned
N:   filename is corrupted. Refer to Debian bug #230910 for more
N:   information, or simply update your tar-version and rebuild.

(along with several other files).  These filenames are indeed exactly 100
characters long, as mentioned in the referenced bug.  The bug, however,
indicates that this may not have really been a bug in tar but rather was a
bug in dpkg with its inability to handle filenames that were exactly 100
characters (apparently one isn't supposed to nul-terminate in that case).

I can't find any reference of this issue in dpkg's changelog, and I can't
find any explicit note in the latest tar changelog or NEWS entry that
indicates there was an intended change, but the patch in that bug appears
to no longer be applied to the Debian tar source.  Is this lintian error
just obsolete and should now be removed?  Or is there something more
complex going on?

dpkg -i installed the resulting *.deb without any difficulty and without
any file name corruption that at least I can see on my Debian testing
system, but I don't know if that proves this bug is gone.

I don't know if this is related, but I've also started seeing the
following messages from tar during package building:

dpkg-deb: building package `libxml-security-c12' in `../libxml-security-c12_1.2.1-3_i386.deb'.
tar: -: file name read contains nul character
dpkg-deb: building package `libxml-security-c-dev' in `../libxml-security-c-dev_1.2.1-3_i386.deb'.
tar: -: file name read contains nul character

Is there some sort of mismatch happening between what dpkg and related
tools are generating and what tar is now expecting?

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: