Bug#742882: marked as done (apt: Does not support LFS .deb packages on 32-bit systems)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 11 Jul 2014 10:00:09 +0000
with message-id <E1X5Xcf-0006kK-6H@franck.debian.org>
and subject line Bug#742882: fixed in apt 1.1~exp2
has caused the Debian Bug report #742882,
regarding apt: Does not support LFS .deb packages on 32-bit systems
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
742882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742882
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: apt: Does not support LFS .deb packages on 32-bit systems
• From: Guillem Jover <guillem@debian.org>
• Date: Fri, 28 Mar 2014 14:42:41 +0100
• Message-id: <20140328134241.GA31745@gaara.hadrons.org>

Package: apt
Version: 0.9.16.1
Severity: normal

Hi!

Somewhat recently apt was fixed to add LFS for the ar containers, but
the tarballs within are still not LFS-safe on 32-bit systems.

Here's a list of issues I've spotted by code staring, I've not tested
anything, and I should create LFS .deb tests for the tar members too
in dpkg/pkg-tests.git.

Types (should be off_t, long long or any other 64-bit-safe type):

 - ARArchive::Member::Start.
 - pkgDirStream::Size.
 - pkgDirStream::Process(), Size and Pos arguments.
 - ExtractTar::Go(), Size and Read variables, and cast truncation.

The following I guess more out of correctness, as I don't expect to
see > 4 GiB control files around:

 - debDebFile::MemControlExtract::Length.
 - debDebFile::MemControlExtract::Process(), Size and Pos arguments.
 - debDebFile::MemControlExtract::TakeControl(), Size argument.

These are minor issues, and would be related to either bogus or
malicious archives, but probably still good to handle:

 - ExtractTar::Go(), GNU_LongLink and GNU_LongName short Length which
   would truncate from Itm.Size.

Thanks,
Guillem

--- End Message ---

--- Begin Message ---

• To: 742882-close@bugs.debian.org
• Subject: Bug#742882: fixed in apt 1.1~exp2
• From: Michael Vogt <mvo@debian.org>
• Date: Fri, 11 Jul 2014 10:00:09 +0000
• Message-id: <E1X5Xcf-0006kK-6H@franck.debian.org>

Source: apt
Source-Version: 1.1~exp2

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742882@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 10 Jul 2014 13:18:08 +0200
Source: apt
Binary: apt libapt-pkg4.13 libapt-inst1.6 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 1.1~exp2
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst1.6 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.13 - package management runtime library
Closes: 742882 752327
Changes:
 apt (1.1~exp2) experimental; urgency=medium
 .
   [ Guillem Jover ]
   * Add new Base256ToNum long long overload function
   * Fix ar and tar code to be LFS-safe (Closes: #742882)
 .
   [ Michael Vogt ]
   * increase libapt-inst to version 1.6
   * Only allow "apt-get build-dep path" when path starts with ./ or /
   * Allow passing a full path to apt-get install /foo/bar.deb (CLoses: #752327)
   * merge changes from the 1.0.6 upload
Checksums-Sha1:
 e6b691549974d7ed0b91b565a6419f769511f5ce 1717 apt_1.1~exp2.dsc
 4ed2da9bbdc764df48db88d64baa57de867de540 1798784 apt_1.1~exp2.tar.xz
 beae1b63100450dc20c609d2b104a86b589b082b 276140 apt-doc_1.1~exp2_all.deb
 48cd5c565a24ee116391fb553c4cb737cf102fbc 814068 libapt-pkg-doc_1.1~exp2_all.deb
 dffef457ee6cbd5f8604b046849d04822ffc202f 789836 libapt-pkg4.13_1.1~exp2_amd64.deb
 2ee1d8791cebff416a1267dfb269da73e80535da 166838 libapt-inst1.6_1.1~exp2_amd64.deb
 be5a7dba2b4521a7a70bd4a55c7f7b6818f1f6db 1080272 apt_1.1~exp2_amd64.deb
 b785da1a128d18d3f4cd46ad6e929e4b4c95ed41 193524 libapt-pkg-dev_1.1~exp2_amd64.deb
 c1492317728909ec564d66473e5b8b79dedf815c 359434 apt-utils_1.1~exp2_amd64.deb
 b691645ef6f3b45dfec4877d37de682da13e6da6 133574 apt-transport-https_1.1~exp2_amd64.deb
Checksums-Sha256:
 da014ed401c789bd407d32b10bdd8b40889d321a3c9729a8f9ae98fd38b460f5 1717 apt_1.1~exp2.dsc
 6e2a0c97a4bf7bd7f6e28082329a3018972afddeb9eadc87a0d03ee8171a33db 1798784 apt_1.1~exp2.tar.xz
 c5939e0a276275afb2e3905068e769a8d3dbf415b0b03f1eb7a7ff60ccf04000 276140 apt-doc_1.1~exp2_all.deb
 8c1ec705296299c5f8d83abc84211457b2eef735b4d1fe9ace38cea884ac1bca 814068 libapt-pkg-doc_1.1~exp2_all.deb
 53e55b45752eaa4942d5de56f03029fe7f67d08d238579277e6e332dd1dd4701 789836 libapt-pkg4.13_1.1~exp2_amd64.deb
 1dad15f8d69dedb869e57dfb054ba4a6976e2567b3dd484ebf6453d018d7f4b8 166838 libapt-inst1.6_1.1~exp2_amd64.deb
 8b0d128524d70da436da717a2c47669ff6eb4a19b4be77647bdf9f8274a38f90 1080272 apt_1.1~exp2_amd64.deb
 2febb74e219e78be67dbb0bcc9eee33fb0161d11bfa2e4c95d41103c1cfde65f 193524 libapt-pkg-dev_1.1~exp2_amd64.deb
 43e59e82c8ee9957f716c9fabedc09651fe7bcd9d8b17cfb1e67ea45a6197d27 359434 apt-utils_1.1~exp2_amd64.deb
 19fd5445ce063c74768b4b5998ecb82d28519c838a79e0116e0507b213cfe8f2 133574 apt-transport-https_1.1~exp2_amd64.deb
Files:
 94227661f4a63cf28d9e4a300df0666b 276140 doc optional apt-doc_1.1~exp2_all.deb
 8fb73ae1099d5db2ec4755491c7943d1 814068 doc optional libapt-pkg-doc_1.1~exp2_all.deb
 2fb5b786fe4ee56b60a529a69d3d2b35 789836 libs important libapt-pkg4.13_1.1~exp2_amd64.deb
 318f283fc5594f05d4396c098a81f509 166838 libs important libapt-inst1.6_1.1~exp2_amd64.deb
 b854ff061069fee88b4c2b7d01750d59 1080272 admin important apt_1.1~exp2_amd64.deb
 bdd89f4389edea4556f43f4d3bd353b8 193524 libdevel optional libapt-pkg-dev_1.1~exp2_amd64.deb
 3194cd6409819506c7596b9c0e85b1e3 359434 admin important apt-utils_1.1~exp2_amd64.deb
 e76b36e319609be884462b7e2824e264 133574 admin optional apt-transport-https_1.1~exp2_amd64.deb
 93894e712f75e741b25cd7c85b4b4663 1717 admin important apt_1.1~exp2.dsc
 1b1ce7ca1d0f0665dab3d8629455682e 1798784 admin important apt_1.1~exp2.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlO+gkUACgkQliSD4VZixzSl+QCdENIvevDK+6vzMxlyTyt4YzX+
N18An3w11H74wo+8nef7sdymK2pSfl8x
=GjXU
-----END PGP SIGNATURE-----

--- End Message ---