Your message dated Thu, 18 Feb 2010 21:32:55 +0000 with message-id <E1NiDzT-0006UM-FG@ries.debian.org> and subject line Bug#538917: fixed in apt 0.7.26~exp1 has caused the Debian Bug report #538917, regarding apt: integer overflow if the list section size is bigger than USHORT_MAX to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 538917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538917 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: integer overflow if the list section size is bigger than USHORT_MAX
- From: Víctor Manuel Jáquez Leal <vjaquez@igalia.com>
- Date: Tue, 28 Jul 2009 00:29:58 +0200
- Message-id: <20090727222958.GA18448@lit.local.igalia.com>
Package: apt Version: 0.7.20.2 Severity: important Tags: patch *** Please type your report below this line *** Header.MaxVerFileSize determines the buffer size used to parse the list files. By default is 64k, but it is resized here apt-pkg/pkgcachegen.cc:379 VF->Size = List.Size(); if (Cache.HeaderP->MaxVerFileSize < VF->Size) Cache.HeaderP->MaxVerFileSize = VF->Size; Header.MaxVerFileSize is an unsigned long ListParser.Size() returns unsigned long but VerFileIterator->Size is an unsigned short !!! This generates, if the ListParser.Size is bigger than USHORT_MAX, an integer overflow, and the list parsing will fail, because the buffer won't contain the whole section. I think this is related to #275852 Here's the patch, for making the size unsigned long diff --git a/apt-pkg/pkgcache.h b/apt-pkg/pkgcache.h index 59d5003..14bec69 100644 --- a/apt-pkg/pkgcache.h +++ b/apt-pkg/pkgcache.h @@ -244,7 +244,7 @@ struct pkgCache::VerFile map_ptrloc File; // PackageFile map_ptrloc NextFile; // PkgVerFile map_ptrloc Offset; // File offset - unsigned short Size; + unsigned long Size; }; struct pkgCache::DescFile @@ -252,7 +252,7 @@ struct pkgCache::DescFile map_ptrloc File; // PackageFile map_ptrloc NextFile; // PkgVerFile map_ptrloc Offset; // File offset - unsigned short Size; + unsigned long Size; }; struct pkgCache::Version -- Package-specific info: -- (/etc/apt/preferences present, but not submitted) -- -- (/etc/apt/sources.list present, but not submitted) -- -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apt depends on: ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a ii libc6 2.9-12 GNU C Library: Shared libraries ii libgcc1 1:4.4.0-5 GCC support library ii libstdc++6 4.4.0-5 The GNU Standard C++ Library v3 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> (no description available) ii aptitude 0.4.11.11-1+b1 terminal-based package manager ii bzip2 1.0.5-2 high-quality block-sorting file co ii dpkg-dev 1.15.2 Debian package development tools ii lzma 4.43-14 Compression method of 7z format in ii python-apt 0.7.10.4 Python interface to libapt-pkg ii synaptic 0.62.7 Graphical package manager -- no debconf informationAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 538917-close@bugs.debian.org
- Subject: Bug#538917: fixed in apt 0.7.26~exp1
- From: Michael Vogt <mvo@debian.org>
- Date: Thu, 18 Feb 2010 21:32:55 +0000
- Message-id: <E1NiDzT-0006UM-FG@ries.debian.org>
Source: apt Source-Version: 0.7.26~exp1 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive: apt-doc_0.7.26~exp1_all.deb to main/a/apt/apt-doc_0.7.26~exp1_all.deb apt-transport-https_0.7.26~exp1_i386.deb to main/a/apt/apt-transport-https_0.7.26~exp1_i386.deb apt-utils_0.7.26~exp1_i386.deb to main/a/apt/apt-utils_0.7.26~exp1_i386.deb apt_0.7.26~exp1.dsc to main/a/apt/apt_0.7.26~exp1.dsc apt_0.7.26~exp1.tar.gz to main/a/apt/apt_0.7.26~exp1.tar.gz apt_0.7.26~exp1_i386.deb to main/a/apt/apt_0.7.26~exp1_i386.deb libapt-pkg-dev_0.7.26~exp1_i386.deb to main/a/apt/libapt-pkg-dev_0.7.26~exp1_i386.deb libapt-pkg-doc_0.7.26~exp1_all.deb to main/a/apt/libapt-pkg-doc_0.7.26~exp1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 538917@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 18 Feb 2010 16:11:39 +0100 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all i386 Version: 0.7.26~exp1 Distribution: experimental Urgency: low Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 319710 329814 444222 448216 463260 538917 545699 550564 558103 564137 567669 568294 569488 Changes: apt (0.7.26~exp1) experimental; urgency=low . [ David Kalnischkies ] * [BREAK] add possibility to download and use multiply Translation files, configurable with Acquire::Translation (Closes: #444222, #448216, #550564) * Ignore :qualifiers after package name in build dependencies for now as long we don't understand them (Closes: #558103) * apt-pkg/contrib/mmap.{cc,h}: - extend it to have a growable flag - unused now but maybe... * apt-pkg/pkgcache.h: - use long instead of short for {Ver,Desc}File size, patch from Víctor Manuel Jáquez Leal, thanks! (Closes: #538917) * apt-pkg/acquire-item.cc: - allow also to skip the last patch if target is reached, thanks Bernhard R. Link! (Closes: #545699) * ftparchive/writer.{cc,h}: - add --arch option for packages and contents commands - if an arch is given accept only *_all.deb and *_arch.deb instead of *.deb. Thanks Stephan Bosch for the patch! (Closes: #319710) - add APT::FTPArchive::AlwaysStat to disable the too aggressive caching if versions are build multiply times (not recommend) Patch by Christoph Goehre, thanks! (Closes: #463260) * apt-pkg/deb/dpkgpm.cc: - stdin redirected to /dev/null takes all CPU (Closes: #569488) Thanks to Aurelien Jarno for providing (again) a patch! * buildlib/apti18n.h.in, po/makefile: - add ngettext support with P_() * aptconfiguration.cc: - include all existing Translation files in the Cache (Closes: 564137) * debian/control: - update with no changes to debian policy 3.8.4 * doc/apt_preferences.5.xml: - explicitly warn against careless use (Closes: #567669) * debian/rules: - remove creation of empty dir /usr/share/apt * doc/apt-cdrom.8.xml: - fix typo spotted by lintian: proc(c)eed . [ Ivan Masár ] * Slovak translation update. Closes: #568294 . [ Michael Vogt ] * [BREAK] merged lp:~mvo/apt/history - this writes a /var/log/apt/history tagfile that contains details from the transaction (complements term.log) * methods/http.cc: - add cache-control headers even if no cache is given to allow adding options for intercepting proxies - add Acquire::http::ProxyAutoDetect configuration that can be used to call a external helper to figure out the proxy configuration and return it to apt via stdout (this is a step towards WPAD and zeroconf/avahi support) * abicheck/ - add new abitest tester using the ABI Compliance Checker from http://ispras.linuxfoundation.org/index.php/ABI_compliance_checker . [ Robert Collins ] * Change the package index Info methods to allow apt-cache policy to be useful when using several different archives on the same host. (Closes: #329814, LP: #22354) Checksums-Sha1: 1b333a9378e04e6f821c295eda3c6f6bd1b96e3a 1224 apt_0.7.26~exp1.dsc f86fb2494f8118ead7cbd8bd893df9e28d53feca 2718601 apt_0.7.26~exp1.tar.gz fbdf05f5272ec55c9eeb679dd03a97672241bd60 139632 apt-doc_0.7.26~exp1_all.deb e8263af7ac2237626f9dbbff5ee16bd6c3431922 134522 libapt-pkg-doc_0.7.26~exp1_all.deb cfb9e67056da35f16c6a40c1bd56c3363e48eae1 1762920 apt_0.7.26~exp1_i386.deb 682c40ff086d06d1e4fcaf3865c28b24d4b331ce 124440 libapt-pkg-dev_0.7.26~exp1_i386.deb 8a614b5abc0acbf97f309e07630c9cb719a719d4 225548 apt-utils_0.7.26~exp1_i386.deb 97e4b90aa15baf280b235e3502400dbb2ad1d97d 70832 apt-transport-https_0.7.26~exp1_i386.deb Checksums-Sha256: 93b08d431060d0632d40ce04b29c45999cb7957566d67e2a96e1cdb1d9b66321 1224 apt_0.7.26~exp1.dsc 0b9e9ea65bf65312c5976e664a45d5404e7a3052b9e8105561baab261a94fd91 2718601 apt_0.7.26~exp1.tar.gz 291cd8dd2a1a8e94eed4090fce02422b4d741248701133a7fbe5027a7cbc9405 139632 apt-doc_0.7.26~exp1_all.deb 362b6921c439278c630b5bfbfcc3e9ac6879468b3ea35c00a6fb92eeb03ae80f 134522 libapt-pkg-doc_0.7.26~exp1_all.deb 77b6959fc53fe9e8fa0e5eaf6211a63bcd2c7584090498a997f7673082869313 1762920 apt_0.7.26~exp1_i386.deb f128aaac25a605707272e45afd66aca694e32bdf73609d2a7569f8dc9c086bad 124440 libapt-pkg-dev_0.7.26~exp1_i386.deb 50c8de5b602b5d55b0316fee1a86d8140ce5c697911cf00dd21957ec1759cfe7 225548 apt-utils_0.7.26~exp1_i386.deb d342d68a8bb00294292e65dcc64abbbc7bc0ac7b0d2af7df91473d8c07a87358 70832 apt-transport-https_0.7.26~exp1_i386.deb Files: fac13b1bc6701d21450e40e98d7e8244 1224 admin important apt_0.7.26~exp1.dsc 84db59e8513b0b4231083879e873c515 2718601 admin important apt_0.7.26~exp1.tar.gz 696e1a8acd5057028ce142963f962490 139632 doc optional apt-doc_0.7.26~exp1_all.deb 6a20dd9826217a4a20d5aeeebb7218a0 134522 doc optional libapt-pkg-doc_0.7.26~exp1_all.deb a0d0954295d5be5bc5b8cb222490ef1e 1762920 admin important apt_0.7.26~exp1_i386.deb 5ced505531758673bc33d8757f90fe9a 124440 libdevel optional libapt-pkg-dev_0.7.26~exp1_i386.deb 25441686419cde721addf20dd97b35f7 225548 admin important apt-utils_0.7.26~exp1_i386.deb 5c72c9514dabeff77d293c50d741578a 70832 admin optional apt-transport-https_0.7.26~exp1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkt9pm8ACgkQliSD4VZixzTWVQCfQy4g5Att3XnbEpOJmtFKrgpP +f4An1V8sAVgD2rgFtjPr1afSHjhdF+b =sb1I -----END PGP SIGNATURE-----
--- End Message ---