[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#689582: marked as done (ExtractTar: 100 char long path names get truncated to 99 chars)

Your message dated Fri, 20 Sep 2013 15:18:55 +0000
with message-id <E1VN2Tv-000146-Vr@franck.debian.org>
and subject line Bug#689582: fixed in apt 0.9.11.4
has caused the Debian Bug report #689582,
regarding ExtractTar: 100 char long path names get truncated to 99 chars
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
689582: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689582
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 0.9.7.5
Severity: important

Dear Maintainer,

When a data.tar.{gz,xz} contains a path name that is exactly
100 characters long, it will get truncated to 99 chars upon
extraction in ExtractTar::Go().

It seems in older gnu tar versions (pre-wheezy) the behavior
was more conservative and to use the 100 byte path field only
for path names less than 100 chars long, and to switch to
using long names already at 100 chars. In wheezy the
behavior seems to be different and path names of exactly
100 chars long can fill the whole reserved space in the tar
and then get truncated in ExtractTar::Go():

      // Grab the filename
      if (LastLongName.empty() == false)
         Itm.Name = (char *)LastLongName.c_str();
      else
      {
         Tar->Name[sizeof(Tar->Name)-1] = 0;
         Itm.Name = Tar->Name;
      }

Quick way to reproducing the problem using a generated dummy
deb package and "python-apt" is included as an attachment.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/11 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2012.4
ii  gnupg                   1.4.12-4+b1
ii  libapt-pkg4.12          0.9.7.5
ii  libc6                   2.13-35
ii  libgcc1                 1:4.7.1-7
ii  libstdc++6              4.7.1-7

apt recommends no packages.

#! /usr/bin/python
import os
import apt_inst

paths = []
for i in range(98,103):
	path = ("%03d" % i).ljust(i,"x")
        file(path, "w")
        paths.append(path)

assert not os.system("tar zcf data.tar.gz %s" % " ".join(paths))
file("control.tar.gz", "w")
file("debian-binary", "w")
assert not os.system("ar cr test.deb data.tar.gz control.tar.gz debian-binary")

def cb(a, b):
        print "%3d %s"  % (len(a.name), a.name)

apt_inst.DebFile(file("test.deb", "rb")).data.go(cb)

--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 0.9.11.4

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689582@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 20 Sep 2013 16:12:07 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.9.11.4
Distribution: unstable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst1.5 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package management runtime library
Closes: 689582 723705
Changes: 
 apt (0.9.11.4) unstable; urgency=low
 .
   [ Oskari Saarenmaa ]
   * don't truncate 100 char long paths in tar extraction.
     Thanks to Mika Eloranta for the testcase! (Closes: #689582)
 .
   [ David Kalnischkies ]
   * do not trust FileFd::Eof() in pkgTagFile::Fill()
     Thanks to Cyril Brulebois (Closes: 723705)
Checksums-Sha1: 
 d2bf3a8fa8f90a41f63e649889811f94099546a8 1692 apt_0.9.11.4.dsc
 96009198cee219219990dc978d3836a5d3f43dbf 3407511 apt_0.9.11.4.tar.gz
 891ee6c0d96228c7010682d89ccc509cc17a1901 265746 apt-doc_0.9.11.4_all.deb
 a87d88e14f8e1e7b4ae19fd47ced1ce6d1dfe011 553134 libapt-pkg-doc_0.9.11.4_all.deb
 73b6afc01859267aea57011603263c8b59d6b204 716774 libapt-pkg4.12_0.9.11.4_amd64.deb
 7e9b62cb013a9263f9ef7760d175ea90f1af6c30 157688 libapt-inst1.5_0.9.11.4_amd64.deb
 f1c869e7def3ccd675ae878241f0d9b521c70208 1041256 apt_0.9.11.4_amd64.deb
 e3ce9641390fe55f7fd262579b4f033a5f17736a 178262 libapt-pkg-dev_0.9.11.4_amd64.deb
 5bf463288eed81bf1fd461014383ffe07ecfe55e 344612 apt-utils_0.9.11.4_amd64.deb
 a4f6a808eb1209004110527659e0e80fee92e7dd 112752 apt-transport-https_0.9.11.4_amd64.deb
Checksums-Sha256: 
 ddfcd4e86507059dec78f6db9e9330d3f5292790576ec9680e845b931d972933 1692 apt_0.9.11.4.dsc
 f466b00f277f010b32028dbcd81ad5525a5b8ee72b4fdd4b85023e8eae2201fc 3407511 apt_0.9.11.4.tar.gz
 431ed0f84083b95f11edc26a35236a60e4b1be4f8c04f0a2f10616b4abb43017 265746 apt-doc_0.9.11.4_all.deb
 34b271f3f5c6dc4d7d317c4f33051a62975d74fb4d3cc04fe6c8c360a7211c84 553134 libapt-pkg-doc_0.9.11.4_all.deb
 b32301b81584847bd73bc7f4ecfa8968d10f54b310efa1e971d765d77236dd4c 716774 libapt-pkg4.12_0.9.11.4_amd64.deb
 996f49919c2e3a0b3581504dfb71c4ef5bec28e97ded3c2f2bb241679cf931d5 157688 libapt-inst1.5_0.9.11.4_amd64.deb
 34c1c19a60a01b2d7c75a73f05a8d7b13bc87b49945c8cf5d670cd51ebc7d4f2 1041256 apt_0.9.11.4_amd64.deb
 33641e5fbc2cc64068188bb3474714d84289700d1aaea3e650febcbebf2f2b29 178262 libapt-pkg-dev_0.9.11.4_amd64.deb
 d2fddef92b928c558b55f85482fff09f9330434ad60fce43c8ace70774692a96 344612 apt-utils_0.9.11.4_amd64.deb
 c91bdca5ad71086f014053827602c28d5a8d10b05c3d0c018d0f0e2e761f0b3a 112752 apt-transport-https_0.9.11.4_amd64.deb
Files: 
 48097bcc7bfb96851dcb941b7ba86b1f 1692 admin important apt_0.9.11.4.dsc
 1f8dfacfd7ce4a68ed1fdfa4fa73e628 3407511 admin important apt_0.9.11.4.tar.gz
 0143e98a0ba22386ed5600b66ca342b0 265746 doc optional apt-doc_0.9.11.4_all.deb
 dd95133e90461697019fc567eeea4dc6 553134 doc optional libapt-pkg-doc_0.9.11.4_all.deb
 2d24f521305080a3752d21f588cb2ee9 716774 libs important libapt-pkg4.12_0.9.11.4_amd64.deb
 e6f1600435927a695a32ce64fbd749c4 157688 libs important libapt-inst1.5_0.9.11.4_amd64.deb
 bae7b39917a4b8cfee769b6c4e7a70a2 1041256 admin important apt_0.9.11.4_amd64.deb
 17f4c4ab345846d3a22ab6c2a527cadd 178262 libdevel optional libapt-pkg-dev_0.9.11.4_amd64.deb
 ef958c1e829fc5f8a68d8fb236b619eb 344612 admin important apt-utils_0.9.11.4_amd64.deb
 fc3f89a035a2e42885c4ddd9cb35aae5 112752 admin optional apt-transport-https_0.9.11.4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iEYEARECAAYFAlI8Wm0ACgkQliSD4VZixzSE5ACgoTPcNl9+GXGoQL1h/94amAwH
31gAmQGWwN8NQof5AQaffr77lqZfkA4Y
=58Vn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: