[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#725483: marked as done (apt: libapt-inst fails with >2G debs)

Your message dated Wed, 09 Oct 2013 21:04:42 +0000
with message-id <E1VU0vy-0000ne-5c@franck.debian.org>
and subject line Bug#725483: fixed in apt 0.9.12
has caused the Debian Bug report #725483,
regarding apt: libapt-inst fails with >2G debs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
725483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725483
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 0.9.11.4
Severity: important
Tags: lfs patch

Hi,

Whilst doing some dak testing with large (fake) debs for
data.debian.org, I came across an issue with the following test code:

=============
#!/usr/bin/python

import apt_inst
deb = apt_inst.DebFile('/home/mark/bigdeb.deb')
deb.control.extractall('/home/mark/testex')
deb.data.extractall('/home/mark/testex')
=============

mark@mhy-sid:~$ ls -l bigdeb.deb 
-rw-r--r-- 2 mark mark 2147595076 Oct  5 11:31 bigdeb.deb

On sid-amd64, we get the following:
=============
mark@wheezy-amd64:~$ python
Python 2.7.3 (default, Jan  2 2013, 13:56:14) 
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import apt_inst
>>> deb = apt_inst.DebFile('bigdeb.deb')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  SystemError: E:Unable to seek ahead 2147592128
=============

On sid-i386, we get the following:
=============
mark@mhy-sid:~$ python test.py 
Traceback (most recent call last):
  File "test.py", line 4, in <module>
      deb = apt_inst.DebFile('/home/mark/bigdeb.deb')
      SystemError: E:Failed to read the archive headers
=============

Both of which point to LFS issues in parts of apt.  I've traced this
back to bugs in arfile.cc and fileutl.cc.  This bug also exists in
wheezy (and squeeze, although I don't think we need to fix that).

Attached are two patches - one for the version of apt in sid, one for
wheezy which fix the problem - I've checked that we can then extract the
control and data members properly with these fixes and it seems to work
fine.

I'm not an expert C++ programmer so I'd appreciate someone reviewing
these patches to see if they're sane.  Assuming the patches are
acceptable, from the ftpmaster point of view, we probably need to talk
to the stable team about getting this patched in stable too because dak
uses the python-apt bindings (which in turn use libapt-inst and
libapt-pkg) and as franck.d.o runs stable, we'll need this fixing to get
data.d.o up and running.

As far as I can see, these patches don't cause any ABI changes to the
libraries.

Thanks,

Mark

-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2012.4
ii  gnupg                   1.4.14-1
ii  libapt-pkg4.12          0.9.11.4
ii  libc6                   2.17-93
ii  libgcc1                 1:4.8.1-10
ii  libstdc++6              4.8.1-10

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.8.2-1.2
ii  dpkg-dev    1.17.1
ii  python-apt  0.8.9.1+b1
ii  xz-utils    5.1.1alpha+20120614-2

-- no debconf information

diff --git a/apt-inst/contrib/arfile.cc b/apt-inst/contrib/arfile.cc
index 2dee1a4..b77c77d 100644
--- a/apt-inst/contrib/arfile.cc
+++ b/apt-inst/contrib/arfile.cc
@@ -64,7 +64,7 @@ ARArchive::~ARArchive()
    byte plain text header then the file data, another header, data, etc */
 bool ARArchive::LoadHeaders()
 {
-   signed long Left = File.Size();
+   off_t Left = File.Size();
    
    // Check the magic byte
    char Magic[8];
@@ -120,7 +120,7 @@ bool ARArchive::LoadHeaders()
       }
 
       // Account for the AR header alignment 
-      unsigned Skip = Memb->Size % 2;
+      off_t Skip = Memb->Size % 2;
       
       // Add it to the list
       Memb->Next = List;
@@ -128,7 +128,7 @@ bool ARArchive::LoadHeaders()
       Memb->Start = File.Tell();
       if (File.Skip(Memb->Size + Skip) == false)
 	 return false;
-      if (Left < (signed)(Memb->Size + Skip))
+      if (Left < (off_t)(Memb->Size + Skip))
 	 return _error->Error(_("Archive is too short"));
       Left -= Memb->Size + Skip;
    }   
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 90e49cb..136a9d7 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -650,9 +650,9 @@ string flNoLink(string File)
    while (1)
    {
       // Read the link
-      int Res;
+      ssize_t Res;
       if ((Res = readlink(NFile.c_str(),Buffer,sizeof(Buffer))) <= 0 || 
-	  (unsigned)Res >= sizeof(Buffer))
+	  (size_t)Res >= sizeof(Buffer))
 	  return File;
       
       // Append or replace the previous path
@@ -1221,7 +1221,7 @@ FileFd::~FileFd()
    gracefully. */
 bool FileFd::Read(void *To,unsigned long long Size,unsigned long long *Actual)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    if (Actual != 0)
       *Actual = 0;
@@ -1323,7 +1323,7 @@ char* FileFd::ReadLine(char *To, unsigned long long const Size)
 /* */
 bool FileFd::Write(const void *From,unsigned long long Size)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    do
    {
@@ -1379,7 +1379,7 @@ bool FileFd::Write(const void *From,unsigned long long Size)
 }
 bool FileFd::Write(int Fd, const void *From, unsigned long long Size)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    do
    {
@@ -1458,14 +1458,14 @@ bool FileFd::Seek(unsigned long long To)
       d->seekpos = To;
       return true;
    }
-   int res;
+   off_t res;
 #ifdef HAVE_ZLIB
    if (d != NULL && d->gz)
       res = gzseek(d->gz,To,SEEK_SET);
    else
 #endif
       res = lseek(iFd,To,SEEK_SET);
-   if (res != (signed)To)
+   if (res != (off_t)To)
    {
       Flags |= Fail;
       return _error->Error("Unable to seek to %llu", To);
@@ -1502,7 +1502,7 @@ bool FileFd::Skip(unsigned long long Over)
       return true;
    }
 
-   int res;
+   off_t res;
 #ifdef HAVE_ZLIB
    if (d != NULL && d->gz != NULL)
       res = gzseek(d->gz,Over,SEEK_CUR);

diff --git a/apt-inst/contrib/arfile.cc b/apt-inst/contrib/arfile.cc
index d7ee528..9d84c17 100644
--- a/apt-inst/contrib/arfile.cc
+++ b/apt-inst/contrib/arfile.cc
@@ -64,7 +64,7 @@ ARArchive::~ARArchive()
    byte plain text header then the file data, another header, data, etc */
 bool ARArchive::LoadHeaders()
 {
-   signed long Left = File.Size();
+   off_t Left = File.Size();
    
    // Check the magic byte
    char Magic[8];
@@ -123,7 +123,7 @@ bool ARArchive::LoadHeaders()
       }
 
       // Account for the AR header alignment 
-      unsigned Skip = Memb->Size % 2;
+      off_t Skip = Memb->Size % 2;
       
       // Add it to the list
       Memb->Next = List;
@@ -131,7 +131,7 @@ bool ARArchive::LoadHeaders()
       Memb->Start = File.Tell();
       if (File.Skip(Memb->Size + Skip) == false)
 	 return false;
-      if (Left < (signed)(Memb->Size + Skip))
+      if (Left < (off_t)(Memb->Size + Skip))
 	 return _error->Error(_("Archive is too short"));
       Left -= Memb->Size + Skip;
    }   
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 3966eb0..0261119 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -656,9 +656,9 @@ string flNoLink(string File)
    while (1)
    {
       // Read the link
-      int Res;
+      ssize_t Res;
       if ((Res = readlink(NFile.c_str(),Buffer,sizeof(Buffer))) <= 0 || 
-	  (unsigned)Res >= sizeof(Buffer))
+	  (size_t)Res >= sizeof(Buffer))
 	  return File;
       
       // Append or replace the previous path
@@ -1244,7 +1244,7 @@ FileFd::~FileFd()
    gracefully. */
 bool FileFd::Read(void *To,unsigned long long Size,unsigned long long *Actual)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    if (Actual != 0)
       *Actual = 0;
@@ -1344,7 +1344,7 @@ char* FileFd::ReadLine(char *To, unsigned long long const Size)
 /* */
 bool FileFd::Write(const void *From,unsigned long long Size)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    do
    {
@@ -1398,7 +1398,7 @@ bool FileFd::Write(const void *From,unsigned long long Size)
 }
 bool FileFd::Write(int Fd, const void *From, unsigned long long Size)
 {
-   int Res;
+   ssize_t Res;
    errno = 0;
    do
    {
@@ -1471,14 +1471,14 @@ bool FileFd::Seek(unsigned long long To)
       d->seekpos = To;
       return true;
    }
-   int res;
+   off_t res;
 #ifdef HAVE_ZLIB
    if (d != NULL && d->gz)
       res = gzseek(d->gz,To,SEEK_SET);
    else
 #endif
       res = lseek(iFd,To,SEEK_SET);
-   if (res != (signed)To)
+   if (res != (off_t)To)
       return FileFdError("Unable to seek to %llu", To);
 
    if (d != NULL)
@@ -1509,7 +1509,7 @@ bool FileFd::Skip(unsigned long long Over)
       return true;
    }
 
-   int res;
+   off_t res;
 #ifdef HAVE_ZLIB
    if (d != NULL && d->gz != NULL)
       res = gzseek(d->gz,Over,SEEK_CUR);

--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 0.9.12

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 725483@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 09 Oct 2013 22:39:41 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.9.12
Distribution: unstable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst1.5 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package management runtime library
Closes: 617643 617690 667699 710924 722207 722710 723586 724073 724995 725483
Changes: 
 apt (0.9.12) unstable; urgency=low
 .
   [ Christian Perrier ]
   * Fix typo in apt-private/private-show.cc. Thanks to Benjamin
     Keresa. Closes: #724073
 .
   [ Mark Hymers ]
   * fix libapt-inst for >2G debs (closes: #725483)
 .
   [ David Kalnischkies ]
   * don't strip :any from dependencies in single-arch (Closes: 723586)
   * pkg from only trusted sources keeps being trusted (Closes: 617690)
   * compression-neutral message for missing data.tar member (Closes: 722710)
   * print-uris prints regardless of quiet-level again (Closes: 722207)
   * retry without partial data after a 416 response (Closes: 710924)
   * replace "filesize - 1" trick in http with proper 416 handling
   * fix partial (206 and 416) support in https
   * handle complete responses to https range requests (Closes: 617643, 667699)
     (LP: 1157943)
   * don't consider holds for autoremoval (Closes: 724995)
   * put fetch errors in 'source' on our errorstack
   * use pkgAcqArchive in 'download' for proper errors
   * fix lzma-support detection via xz binary
   * do not ++ on erased package pointers in autoremove
 .
   [ Michael Vogt ]
   * Add new "apt-get upgrade --with-new-pkgs" option (and add man-page for it).
     So "apt-get upgrade --with-new-pkgs" will pull in new dependencies but
     never remove packages
   * Rename "--dpkg-progress" to "--show-progress" and document it in
     apt-get.8. This will show global install progress information in the
     terminal.
   * Fix status-fd progress calculation for certain multi-arch install/upgrade
     situations
   * add new -o DpkgPM::Progress-Fancy for nicer dpkg progress output
     on vt100+ terminals
   * fix libapt-inst for >2G debs (closes: #725483), thanks to Mark Hymers
   * debian/apt.postinst: use --compare-versions lt instead of lt-nl,
     to ensure the apt-auto-removal file is correctly create,
     thanks to Ben Hutchings
   * update Uploaders to match recent uploaders better
   * Set the default "Acquire::PDiffs::FileLimit" to 20. If the amount
     of pdiffs is bigger things tend to get slower. Set
       Acquire::PDiffs::FileLimit "0";
     in /etc/apt/apt.conf to get the old behavior back.
Checksums-Sha1: 
 f30d3d9a0d4ebfb020f041c25ac949eb245de582 1609 apt_0.9.12.dsc
 2224fad62772ef680a69357c502f591497661260 3419550 apt_0.9.12.tar.gz
 eecd0f1cb9548d12e20ea90e745dea7669542971 266314 apt-doc_0.9.12_all.deb
 2696057cabfc260de12f03fc449663e5151d8bce 555266 libapt-pkg-doc_0.9.12_all.deb
 0181c031db98b81923d0ab9cf7fdfc83b1e2f0f3 718538 libapt-pkg4.12_0.9.12_amd64.deb
 760c0684d431cd56bcba3d8fba39bfcf2c162428 157690 libapt-inst1.5_0.9.12_amd64.deb
 cf5f9f98cb3f7a91046737986893ba457e5ef047 1046148 apt_0.9.12_amd64.deb
 dd88ce5ba4490dcb6eca49aa3fc67ddcbf44a0aa 179468 libapt-pkg-dev_0.9.12_amd64.deb
 ec3b2bc19f2b2f440b16bcd0bdcc2c952b0f7a6b 345404 apt-utils_0.9.12_amd64.deb
 bb59de5c0700e00fc96b524419c3a36e6cccc38e 124516 apt-transport-https_0.9.12_amd64.deb
Checksums-Sha256: 
 78f24fd16bf6c254c23e19f53b83710d8839808d1090c327c2b32b5045c8a467 1609 apt_0.9.12.dsc
 513f3601229973dd50cba8d8f15dc1cf132055ffb1c719392d6a24625ccb83b7 3419550 apt_0.9.12.tar.gz
 7face62fa792b822d1343e1200e30db234250f737aab66231fab541cd23adf31 266314 apt-doc_0.9.12_all.deb
 605a91c4501520140bc3115264b7c80c1c142de8fb97f52c1c3c303e783cd44f 555266 libapt-pkg-doc_0.9.12_all.deb
 ec9c773acb5db60a2d1967e052c2a2a1a421712fef86f2b79f8694c4e05c4357 718538 libapt-pkg4.12_0.9.12_amd64.deb
 a27cf901e23add6e7dd36366c4dcedb2a722f51e8597ae022032213ade6e5626 157690 libapt-inst1.5_0.9.12_amd64.deb
 b15111fa0f182441fb7a4618964e690f70b1cd313fc81b18b9354de3153eaf9b 1046148 apt_0.9.12_amd64.deb
 c5158266624c96d73a90256e145e7301a45eb830d68d77025bb15245c4f2e412 179468 libapt-pkg-dev_0.9.12_amd64.deb
 43c1fcf32fe3b6fca479fce4d45b138df95d91e0cc33440c813a51124cad3762 345404 apt-utils_0.9.12_amd64.deb
 35dec3a27c91d249227f780164823f33f10d0e3175d7315bc0d7b7cae3bb7250 124516 apt-transport-https_0.9.12_amd64.deb
Files: 
 312e8d9df65d80b4bef2a8ec14a88054 1609 admin important apt_0.9.12.dsc
 0dbe02d0054d0886d6f21586bb84c8fb 3419550 admin important apt_0.9.12.tar.gz
 638d20811f837847c438bdb784757d56 266314 doc optional apt-doc_0.9.12_all.deb
 1b6e1c2d85e48c2552156a5264f63d65 555266 doc optional libapt-pkg-doc_0.9.12_all.deb
 c8dda7aea9305c969db4f0cc57372c77 718538 libs important libapt-pkg4.12_0.9.12_amd64.deb
 7b2273106d08b906fb41e4c47dfdaf3b 157690 libs important libapt-inst1.5_0.9.12_amd64.deb
 668965baa0d2dc197ef08e7bf5a9995b 1046148 admin important apt_0.9.12_amd64.deb
 adf956bc624f31f5c0ae002896137460 179468 libdevel optional libapt-pkg-dev_0.9.12_amd64.deb
 a5562bba051294a97652e756364d1028 345404 admin important apt-utils_0.9.12_amd64.deb
 237639eabd7b9adb206b023dd455c877 124516 admin optional apt-transport-https_0.9.12_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJVwLwACgkQliSD4VZixzRgiwCeOvrieGtTn5UYcu4VS2VFJgO6
9pEAn39VFRNyBeTa2ODwfUPsVshnskv0
=yZZr
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: