Your message dated Wed, 22 Sep 2010 08:36:11 +0000 with message-id <[email protected]> and subject line Bug#597672: fixed in tar 1.23-3 has caused the Debian Bug report #597672, regarding rmt broken by the security fix in 1.20-1+lenny1 version of tar to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 597672: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597672 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: tar Version: 1.20-1+lenny1 Severity: important Tag: patch According to the changelog, the latest version of tar package in lenny replaced rmt source with the one from paxutils for security reasons. Unfortunately, it also made it impossible to use tar and rmt together. Here's what happens if one tries to tar to a remote file (ssh plays the role of rsh, as is common nowadays): $ tar cf localhost:foo.tar a-file Password: <... hangs forever ...> Here's what the rmt binary is doing at the other end: ... fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f5000 read(0, "Ofoo.tar\n65 O_WRONLY|O_CREAT\n"..., 4096) = 29 fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f4000 read(0, <... hangs forever ...> So, rmt receives the O command from tar, does not respond and expects more commands. And tar keeps awaiting the response to the O command. Both hang indefinitely. After looking at the new rmt source code, it is rather puzzling how that rmt from paxutils could ever work. The problem is that it uses stdio for its stdout, and by default that is block buffered. Let's try fixing that for stdout, and to boot, for the debug file output of the new rmt, that has the same problem: --- tar-1.20/rmt/rmt.c 2010-09-22 12:12:15.000000000 +1200 +++ tar-1.20/rmt/rmt.c 2010-09-22 12:16:09.000000000 +1200 @@ -696,6 +696,7 @@ parse_opt (int key, char *arg, struct ar dbgout = fopen (arg, "w"); if (!dbgout) error (EXIT_FAILURE, errno, _("cannot open %s"), arg); + setlinebuf(dbgout); break; case ARGP_KEY_FINI: @@ -745,6 +746,7 @@ main (int argc, char **argv) int idx; int stop = 0; + setlinebuf(stdout); program_name = argv[0]; // argp_version_setup ("rmt", rmt_authors); That isn't enough, however: $ tar cf localhost:foo.tar a-file Password: tar: localhost\:foo.tar: Cannot open: Invalid argument tar: Error is not recoverable: exiting now This further problem is now revealed by strace of the rmt side: ... fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77bf000 read(0, "Ofoo.tar\n65 O_WRONLY|O_CREAT\n"..., 4096) = 29 fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77be000 write(1, "E22\n"..., 4) = 4 write(1, "invalid open mode\n"..., 18) = 18 read(0, ""..., 4096) = 0 exit_group(0) = ? The decode_open_flag() function in the rmt from paxutils can not cope with the `65 O_WRONLY|O_CREAT' value of the `mode' argument (as rmt(8) calls it) that tar emits. The coexistence of numeric and symbolic flag values breaks it. More quick fixing: --- tar-1.20/rmt/rmt.c 2010-09-22 12:12:15.000000000 +1200 +++ tar-1.20/rmt/rmt.c 2010-09-22 12:16:09.000000000 +1200 @@ -238,8 +238,14 @@ decode_open_flag (const char *mstr, int if (*mstr == 0) break; else if (c_isdigit (*mstr)) - v = strtol (mstr, (char**) &p, 10); - else if (xlat_kw (mstr, "O_", open_flag_kw, &v, &p)) + { + *pmode = strtol (mstr, (char**) &mstr, 10); + if (*mstr && !c_isblank (*mstr)) + rmt_error_message (EINVAL, "invalid open mode"); + continue; + } + + if (xlat_kw (mstr, "O_", open_flag_kw, &v, &p)) { rmt_error_message (EINVAL, "invalid open mode"); return 1; @@ -265,7 +271,8 @@ decode_open_flag (const char *mstr, int return 1; } } - *pmode = mode; + if (mode) + *pmode = mode; return 0; } Now my remote tar backups seem to work again, as they did with tar 1.20-1 and earlier. Whatever is best to do (applying fixes like the above to the rmt from paxutils, properly porting the original security fix from a safe version of tar upstream, or something yet different), but anyhow, rmt in lenny had better work at all. Cheers, -- /Awesome Walrus <[email protected]>
--- End Message ---
--- Begin Message ---Source: tar Source-Version: 1.23-3 We believe that the bug you reported is fixed in the latest version of tar, which is due to be installed in the Debian FTP archive: tar_1.23-3.diff.gz to main/t/tar/tar_1.23-3.diff.gz tar_1.23-3.dsc to main/t/tar/tar_1.23-3.dsc tar_1.23-3_i386.deb to main/t/tar/tar_1.23-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bdale Garbee <[email protected]> (supplier of updated tar package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Sep 2010 00:33:16 -0600 Source: tar Binary: tar Architecture: source i386 Version: 1.23-3 Distribution: unstable Urgency: medium Maintainer: Bdale Garbee <[email protected]> Changed-By: Bdale Garbee <[email protected]> Description: tar - GNU version of the tar archiving utility Closes: 561598 587702 597672 Changes: tar (1.23-3) unstable; urgency=medium . * add xz-utils back to the Suggests list since it may not be 'required' forever * current debhelper includes trigger support, closes: #561598 * patch from upstream to fix ability of rmt to accept mixed file mode representations, closes: #587702, #597672 Checksums-Sha1: 6951fff8f186dd0210f903745ea174626d7e4e5b 1612 tar_1.23-3.dsc 05133e179883596abd07b417789e353135dec399 19399 tar_1.23-3.diff.gz fa47b144b917239e63bd811cccda9750fd2f1907 912416 tar_1.23-3_i386.deb Checksums-Sha256: b6ee7a1ad208932e6e159b699537a43c44284e1b1ef4310da74c8d4a7e157f1e 1612 tar_1.23-3.dsc cd1a682e61ef15beb2b25473684bb0c981938153cc1bd9ba26d7d292ae855afe 19399 tar_1.23-3.diff.gz 3efbeff4e2a0d0ce8b4a3fc1fbc18c1e9062b3e05b76248d2b2e358bcf82c46d 912416 tar_1.23-3_i386.deb Files: c1bf4407418951e56438717f2215f1d4 1612 utils required tar_1.23-3.dsc fa716697beb6561d7ccedc3989a731b8 19399 utils required tar_1.23-3.diff.gz 62b4a1f7f53c2b7264216245fc5287f6 912416 utils required tar_1.23-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIVAwUBTJm5nTqTYZbAldlBAQpCwBAAoTIs8ChdEnggbnvsfSuRrqLluOFe2VrF X3/Xa4ZWnkps8VuUswA0mMHNWpSSiY0rAUUMoSwfiPhKdqU4AIUlc3jt+cK4gEEt UmxDjvVzTWrvH7+CQ/O1gDT6Q+9hBvHbevgpgF8O0HZqEgixYfBb2+pRgEKcssiQ ShtYF8AVQKr0Ez13R0U/OuJA1Mui8fmX8K0wV1nrXPw8ZGQzzOxygbwOaLhaHQak SPUou+zky6oOUZrnVn1Fb5i/GaahEMVGC+ZahM/ei7HFrQXeGOWL/hoeHTwPKCn0 LflIJwefEYQTRiosqq+zy71hRlD5lwTaEDHgOraFpPDFWxmpsmUl9Rs0pVvNIRpk YquaiNZi35AHreiQTYKAP+3LKT5IaENUQkzlSnbJ8GnbkT/mCIxbX9hHOMs2r9B4 YZz2QINYNHnKH/1ySDOvWFif9J6KYrwmQVEx14uXArlWXJXxCc/roVIQifvBrEJc sdjN9Z42TZbaBd9Fl8KHO/uKcd5VueUeYdiVT9R34SSBB+Et9pWvw727YHKsqnSE kGZC7qhGBe4fV5jzKosQhvaMWVF2IlY5hChDOYKL9AFwJ3V+JVoxa9/PHpWc/v9w oKeNZ7pbTlZ0pfnKPNG0vjMdS9TtIDqXg0DrFRiEjTSWOH99nI9EeibMzRq5Hr7n 3th4Trpih8A= =N51f -----END PGP SIGNATURE-----
--- End Message ---
