Bug#142916: marked as done (dpkg: can install a blatantly corrupt package)

To: Wichert Akkerman <wakkerma@debian.org>
Cc: Dpkg Development <debian-dpkg@lists.debian.org>
Subject: Bug#142916: marked as done (dpkg: can install a blatantly corrupt package)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 17 May 2002 11:03:07 -0500
Message-id: <[🔎] handler.142916.D138569.102165072326064.ackdone@bugs.debian.org>
In-reply-to: <E178jtu-0001PX-00@auric.debian.org>
References: <E178jtu-0001PX-00@auric.debian.org> <20020415003439.B0386FB3A@ivanova.coker.com.au>

Your message dated Fri, 17 May 2002 11:44:14 -0400
with message-id <E178jtu-0001PX-00@auric.debian.org>
and subject line Bug#138569: fixed in dpkg 1.9.21
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Apr 2002 23:34:46 +0000
>From russell@coker.com.au Sun Apr 14 18:34:46 2002
Return-path: <russell@coker.com.au>
Received: from ivanova.coker.com.au [203.36.46.209] (postfix)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16wtW9-0006G2-00; Sun, 14 Apr 2002 18:34:46 -0500
Received: by ivanova.coker.com.au (Postfix, from userid 1001)
	id B0386FB3A; Mon, 15 Apr 2002 10:34:39 +1000 (EST)
From: <russell@coker.com.au>
Subject: dpkg: can install a blatantly corrupt package
To: submit@bugs.debian.org
X-Mailer: bug 3.3.10
Message-Id: <20020415003439.B0386FB3A@ivanova.coker.com.au>
Date: Mon, 15 Apr 2002 10:34:39 +1000 (EST)
Delivered-To: submit@bugs.debian.org

Package: dpkg
Version: 1.9.20
Severity: important

$ ar -x kernel-image-2.4.18-lsm_601_i386.deb
ar: kernel-image-2.4.18-lsm_601_i386.deb is not a valid archive

This package is corrupted by a few K.  It installs without reporting any
errors, lilo gets run and installs an appropriate boot map, then at boot time
LILO reports a CRC error because the vmlinuz file is truncated!

This is wrong, even ar can tell it's a corrupt package, and dpkg should do
further checks and catch an error from gzip if it's CRC doesn't match!

This is a serious error, it can result in data loss when the files that are
installed don't match the correct contents of the package.

-- System Information
Debian Release: 3.0
Kernel Version: Linux ivanova 2.4.18rc1-lsm #1 Thu Feb 14 19:41:55 EST 2002 i686 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library

---------------------------------------
Received: (at 138569-close) by bugs.debian.org; 17 May 2002 15:52:03 +0000
>From katie@auric.debian.org Fri May 17 10:52:03 2002
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 178k1T-0006mL-00; Fri, 17 May 2002 10:52:03 -0500
Received: from katie by auric.debian.org with local (Exim 3.12 1 (Debian))
	id 178jtu-0001PX-00; Fri, 17 May 2002 11:44:14 -0400
From: Wichert Akkerman <wakkerma@debian.org>
To: 138569-close@bugs.debian.org
X-Katie: $Revision: 1.10 $
Subject: Bug#138569: fixed in dpkg 1.9.21
Message-Id: <E178jtu-0001PX-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Fri, 17 May 2002 11:44:14 -0400
Delivered-To: 138569-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:

dpkg-dev_1.9.21_all.deb
  to pool/main/d/dpkg/dpkg-dev_1.9.21_all.deb
dpkg-doc_1.9.21_all.deb
  to pool/main/d/dpkg/dpkg-doc_1.9.21_all.deb
dpkg_1.9.21.dsc
  to pool/main/d/dpkg/dpkg_1.9.21.dsc
dpkg_1.9.21.tar.gz
  to pool/main/d/dpkg/dpkg_1.9.21.tar.gz
dpkg_1.9.21_i386.deb
  to pool/main/d/dpkg/dpkg_1.9.21_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 138569@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wichert Akkerman <wakkerma@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 16 May 2002 19:42:29 +0200
Source: dpkg
Binary: dpkg-dev dpkg-doc dpkg
Architecture: source all i386
Version: 1.9.21
Distribution: unstable
Urgency: low
Maintainer: Dpkg Development <debian-dpkg@lists.debian.org>
Changed-By: Wichert Akkerman <wakkerma@debian.org>
Description: 
 dpkg       - Package maintenance system for Debian
 dpkg-dev   - Package building tools for Debian
 dpkg-doc   - Dpkg Internals Documentation
Closes: 138569
Changes: 
 dpkg (1.9.21) unstable; urgency=low
 .
   * Fix corrupt Swedish translations that would some error messages display
     incorrectly.
   * Enable --force-overwrite by default in /etc/dpkg/dpkg.cfg
   * dpkg.cfg is now no longer a conffile. This means the installer can
     change defaults depending on how an install is done
   * Detect truncated debs, and abort the unpack.  Closes: #138569.
   * Improve dpkg(8) --force documentation
   * Fix error in Russian dselect translation
Files: 
 dd5a00a27cb2ad0a35b3b58f3aef2df5 1336 base required dpkg_1.9.21.dsc
 fbd279854e724103fec3358c76d47c69 1378272 base required dpkg_1.9.21.tar.gz
 b9d57059f643a22d566285428bd87153 1073426 base required dpkg_1.9.21_i386.deb
 b31d5010682b1a791c0e0e1054a12723 1063127 byhand - dpkg-1.9.21_i386.nondebbin.tar.gz
 5f06c80596c6e0a3015e1e06ec1999b2 111176 devel important dpkg-dev_1.9.21_all.deb
 130615337b08082c13de3c99b32cd8cc 10724 doc extra dpkg-doc_1.9.21_all.deb
 fbd279854e724103fec3358c76d47c69 1378272 byhand - dpkg-1.9.21.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQIXAwUBPOPxlX18BjbHbzjSFAJcWwf/U616kCCxbxxqPOBQWNOOneafoJ4aDgo8
/18scR6/zlCcICVp+7re52YqqXYZcRPCiXaePxsCaVHyW9hplE+OkIbA4NFf9j1y
Dp/KpsiImq+UtVrD3yaZrUaGqdv4NkuckI4orLeX2ekezHVQi0cPjm+eu+Romje8
NBXBdRhg3mpzLYodt49NVsjKzaVn3btamk7EpJ9jtvQLzXS81FbUl8VBJkl9vpJe
R8qjHsfFnEsai+8mafr5e5zfHqPDn+vfKuQsMci5D2032Q0fcY42ypoxeyoGvrMg
zZm+W2UnxaTfjtbuKW9YE5IVhtu50AV5/z+0dAa5647JbRA+ZVZpcQf+N1y17dVX
JWhtf+GQcgZnplHI1Pz6QUY9F4FQDQSDQbkKzSSO769oEMU0060sUTlIrRbGkTOD
+WeeuXym4y+Th67shlnPNybAeAfGQTGNqg5PADZXzO1sfZxTklIf3OcXhjF+7kN3
koDDnVQMvGQeLgQVLL8YiCfhVXWXJ+VH3MncN+I+z4ulvFrPDe3+Vtp1pgAXYH5x
bGKzLW8/ZkRUBEOyxjYdwZn19hzvfvqEqXtP9h0nulftOY+7Ltw7sBJcWBTXakpg
YZ2bUofEeGdmSCiEBaRS41WL9GRZ4um6Ayqb3Ns/iLdvFinoLH24f9Jaof6DvjHX
CAwuksb4Zi/5Lw==
=1HED
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: dpkg_1.9.21_i386.changes ACCEPTED
Next by Date: Bug#138569: marked as done (dpkg can install corrupted *.debs!)
Previous by thread: dpkg_1.9.21_i386.changes ACCEPTED
Next by thread: Bug#138569: marked as done (dpkg can install corrupted *.debs!)
Index(es):
- Date
- Thread