Your message dated Thu, 7 Jan 2016 14:04:27 +0100 with message-id <20160107130427.GA3049@crossbow> and subject line Re: Bug#809838: [apt] Download size check overflow has caused the Debian Bug report #809838, regarding [apt] Download size check overflow to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 809838: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809838 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: <submit@bugs.debian.org>
- Subject: [apt] Download size check overflow
- From: Daniel Hornung <daniel.hornung@ds.mpg.de>
- Date: Mon, 4 Jan 2016 16:52:04 +0100
- Message-id: <[🔎] 1717725.YeKpiW6mGO@tiersen>
Package: apt Version: 1.1.5 Severity: normal --- Please enter the report below this line. --- After a few weeks without updates, running `apt-get dist-upgrade` failed with the following massage: [...] 724 upgraded, 0 newly installed, 0 to remove and 187 not upgraded. 18446744072246931048,2832346728 How odd... The sizes didn't match, email apt@packages.debian.org Need to get 18.4 EB of archives. After this operation, 77.8 MB of additional disk space will be used. E: You don't have enough free space in /var/cache/apt/archives/. [...] Upgrading all texlive-* packages and then trying again worked. This looks suspiciously like a 32bit overflow (log2(2832346728) ~ 31.4, 18.4EB ~ 2^64B), combined with casting to 64bit later in the process, also the upgrade download size was something below 2GB _after_ upgrading the texlive packages manually. --- System information. --- Architecture: amd64 Kernel: Linux 4.2.0-1-amd64 Debian Release: stretch/sid 500 testing www.deb-multimedia.org 500 testing security.debian.org 500 testing ftp5.gwdg.de 500 stretch neurodebian.ovgu.de 500 data neurodebian.ovgu.de --- Package information. --- Depends (Version) | Installed =======================================-+-============= libapt-pkg4.12 (>= 1.0.9.6) | 1.0.9.10 libc6 (>= 2.15) | libgcc1 (>= 1:4.1.1) | libstdc++6 (>= 4.9) | debian-archive-keyring | gnupg | Package's Recommends field is empty. Suggests (Version) | Installed ==========================-+-============ aptitude | 0.6.11-1+b1 OR synaptic | 0.82 OR wajig | dpkg-dev (>= 1.17.2) | 1.18.4 apt-doc | python-apt | 1.1.0~beta1 --- Output from package bug script --- -- Max-Planck-Institute for Dynamics and Self-Organization Research Group Biomedical Physics Am Fassberg 17 D-37077 Goettingen (+49) 551 5176 373 You can obtain my public key 0xF197B128 from all keyservers, e.g. pgp.mit.edu Fingerprint: 9698 BDD4 71CC 1274 B7E2 2049 1EDD 012D F197 B128Attachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
- To: Daniel Hornung <daniel.hornung@ds.mpg.de>
- Cc: 809838-done@bugs.debian.org
- Subject: Re: Bug#809838: [apt] Download size check overflow
- From: David Kalnischkies <david@kalnischkies.de>
- Date: Thu, 7 Jan 2016 14:04:27 +0100
- Message-id: <20160107130427.GA3049@crossbow>
- In-reply-to: <[🔎] 3844937.UP0crZt6fT@tiersen>
- References: <[🔎] 1717725.YeKpiW6mGO@tiersen> <[🔎] 20160104211304.GA27457@crossbow> <[🔎] 3844937.UP0crZt6fT@tiersen>
Version: 1.1.4 On Tue, Jan 05, 2016 at 09:15:00AM +0100, Daniel Hornung wrote: > On Monday 04 January 2016 22:13:05 David Kalnischkies wrote: > > On Mon, Jan 04, 2016 at 04:52:04PM +0100, Daniel Hornung wrote: > > > Package: apt > > > Version: 1.1.5 > > > Severity: normal > > > > Are you sure about he used version? There was a bug regarding the > > calculation of the sizes – but it was fixed by 1.1.4. > > > > I am asking specifically as the list of upgraded packages is long and: > > > Depends (Version) | Installed > > > =======================================-+-============= > > > libapt-pkg4.12 (>= 1.0.9.6) | 1.0.9.10 > > > > This should be libapt-pkg5.0 in the 1.1.x series of apt which suggests > > to me that the report was made from a machine (running Debian stable) > > which isn't the machine the bug was observed on (as the report claims > > to be against a Debian testing/unstable verion). > > Yes, a very good observation. The bug was on testing indeed, but I reported > it after successfully running the dist-upgrade. Checking apt/history.log > showed that the problem was with 1.1.3 as suspected, but when reporting, apt > was at 1.1.5 already: > > Upgrade: [...] apt:amd64 (1.1.3, 1.1.5), [...] > > So this bug report can probably be closed for good, if the problem was fixed > in 1.1.4. Great! The relevant changelog for history purposes was: apt (1.1.4) unstable; urgency=medium [ Julian Andres Klode ] […] * Avoid overflow when summing up file sizes […] -- Julian Andres Klode <jak@debian.org> Mon, 07 Dec 2015 15:31:31 +0100 Best regards David KalnischkiesAttachment: signature.asc
Description: PGP signature
--- End Message ---