Your message dated Thu, 18 May 2017 03:18:40 +0000
with message-id <[email protected]>
and subject line Bug#858004: fixed in dpkg 1.18.24
has caused the Debian Bug report #858004,
regarding [patch] dpkg --root=/dir handles conffile transition incorrectly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
858004: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858004
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg
Version: 1.18.23
As discussed on irc yesterday there is a bug in dpkg when a conffile
moves from pkg-a to pkg-b and the "dpkg --root=/dir" option is used.
The Ubuntu bugreport is
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1673247
Attached is a patch for the dpkg-tests.git repository that reproduces
the issue and a patch (from Guillem Jover) that fixes the issue. I
tested the patch both against the minimal test-case and also against
the "real" issue we were seeing on the Ubuntu live-cd with ubiquity.
Thanks,
Michael
>From 4da6ee05156257972fc461b9e2b2634026354cc8 Mon Sep 17 00:00:00 2001
From: Michael Vogt <[email protected]>
Date: Fri, 17 Mar 2017 08:36:44 +0100
Subject: [PATCH] add test for LP:1673247
---
Makefile | 1 +
t-conffile-root-option/Makefile | 30 ++++++++++++++++++++++
.../pkg-conff-a.v1/DEBIAN/conffiles | 1 +
.../pkg-conff-a.v1/DEBIAN/control | 8 ++++++
.../pkg-conff-a.v1/test-conffile | 1 +
.../pkg-conff-a.v2/DEBIAN/control | 8 ++++++
.../pkg-conff-b.v1/DEBIAN/control | 8 ++++++
.../pkg-conff-b.v2/DEBIAN/conffiles | 1 +
.../pkg-conff-b.v2/DEBIAN/control | 8 ++++++
.../pkg-conff-b.v2/test-conffile | 1 +
10 files changed, 67 insertions(+)
create mode 100644 t-conffile-root-option/Makefile
create mode 100644 t-conffile-root-option/pkg-conff-a.v1/DEBIAN/conffiles
create mode 100644 t-conffile-root-option/pkg-conff-a.v1/DEBIAN/control
create mode 100644 t-conffile-root-option/pkg-conff-a.v1/test-conffile
create mode 100644 t-conffile-root-option/pkg-conff-a.v2/DEBIAN/control
create mode 100644 t-conffile-root-option/pkg-conff-b.v1/DEBIAN/control
create mode 100644 t-conffile-root-option/pkg-conff-b.v2/DEBIAN/conffiles
create mode 100644 t-conffile-root-option/pkg-conff-b.v2/DEBIAN/control
create mode 100644 t-conffile-root-option/pkg-conff-b.v2/test-conffile
diff --git a/Makefile b/Makefile
index 996fab1..75a34b9 100644
--- a/Makefile
+++ b/Makefile
@@ -137,6 +137,7 @@ TESTS_PASS += t-substvars
TESTS_PASS += t-failinst-failrm
TESTS_PASS += t-dir-extension-check
TESTS_PASS += t-multiarch
+TESTS_PASS += t-conffile-root-option
ifneq (,$(filter test-all,$(DPKG_TESTSUITE_OPTIONS)))
TESTS := $(TESTS_PASS) $(TESTS_FAIL) $(TESTS_MANUAL)
diff --git a/t-conffile-root-option/Makefile b/t-conffile-root-option/Makefile
new file mode 100644
index 0000000..bbbba0a
--- /dev/null
+++ b/t-conffile-root-option/Makefile
@@ -0,0 +1,30 @@
+TESTS_DEB := pkg-conff-a.v1 pkg-conff-a.v2 pkg-conff-b.v1 pkg-conff-b.v2
+
+include ../Test.mk
+
+TEST_CASES += test-conffile-travels-packages-no-rootdir test-conffile-travels-packages-rootdir
+
+test-case: $(TEST_CASES)
+
+test-conffile-travels-packages-no-rootdir:
+ # install base version
+ $(DPKG_INSTALL) pkg-conff-a.v1.deb pkg-conff-b.v1.deb
+ # instlal update, conffile traves from a to b
+ $(DPKG_INSTALL) pkg-conff-a.v2.deb pkg-conff-b.v2.deb
+ -$(DPKG_PURGE) pkg-conff-b
+ -$(DPKG_PURGE) pkg-conff-a
+
+test-conffile-travels-packages-rootdir:
+ # install base version
+ mkdir -p $(CURDIR)/target/var/lib/dpkg/info
+ mkdir -p $(CURDIR)/target/var/lib/dpkg/updates
+ touch $(CURDIR)/target/var/lib/dpkg/status
+ $(DPKG_INSTALL) --root=$(CURDIR)/target pkg-conff-a.v1.deb pkg-conff-b.v1.deb
+ # instlal update, conffile traves from a to b
+ $(DPKG_INSTALL) --root=$(CURDIR)/target pkg-conff-a.v2.deb pkg-conff-b.v2.deb
+ -$(DPKG_PURGE) --root=$(CURDIR)/target pkg-conff-b
+ -$(DPKG_PURGE) --root=$(CURDIR)/target pkg-conff-a
+
+test-clean:
+ -$(DPKG_PURGE) pkg-conff-a pkg-conff-b
+ -rm -rf $(CURDIR)/target
diff --git a/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/conffiles b/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/conffiles
new file mode 100644
index 0000000..4fad7e9
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/conffiles
@@ -0,0 +1 @@
+/test-conffile
diff --git a/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/control b/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/control
new file mode 100644
index 0000000..e97fe2e
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-a.v1/DEBIAN/control
@@ -0,0 +1,8 @@
+Package: pkg-conff-a
+Version: 1
+Section: test
+Priority: extra
+Maintainer: Dpkg Developers <[email protected]>
+Architecture: all
+Description: test package - conflicting conffile
+
diff --git a/t-conffile-root-option/pkg-conff-a.v1/test-conffile b/t-conffile-root-option/pkg-conff-a.v1/test-conffile
new file mode 100644
index 0000000..024da49
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-a.v1/test-conffile
@@ -0,0 +1 @@
+pkg-conff-a
diff --git a/t-conffile-root-option/pkg-conff-a.v2/DEBIAN/control b/t-conffile-root-option/pkg-conff-a.v2/DEBIAN/control
new file mode 100644
index 0000000..1174243
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-a.v2/DEBIAN/control
@@ -0,0 +1,8 @@
+Package: pkg-conff-a
+Version: 2
+Section: test
+Priority: extra
+Maintainer: Dpkg Developers <[email protected]>
+Architecture: all
+Description: test package - conflicting conffile
+
diff --git a/t-conffile-root-option/pkg-conff-b.v1/DEBIAN/control b/t-conffile-root-option/pkg-conff-b.v1/DEBIAN/control
new file mode 100644
index 0000000..6281f4d
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-b.v1/DEBIAN/control
@@ -0,0 +1,8 @@
+Package: pkg-conff-b
+Version: 1
+Section: test
+Priority: extra
+Maintainer: Dpkg Developers <[email protected]>
+Architecture: all
+Description: test package - conflicting conffile
+
diff --git a/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/conffiles b/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/conffiles
new file mode 100644
index 0000000..4fad7e9
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/conffiles
@@ -0,0 +1 @@
+/test-conffile
diff --git a/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/control b/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/control
new file mode 100644
index 0000000..7eddd27
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-b.v2/DEBIAN/control
@@ -0,0 +1,8 @@
+Package: pkg-conff-b
+Version: 2
+Section: test
+Priority: extra
+Maintainer: Dpkg Developers <[email protected]>
+Architecture: all
+Description: test package - conflicting conffile
+
diff --git a/t-conffile-root-option/pkg-conff-b.v2/test-conffile b/t-conffile-root-option/pkg-conff-b.v2/test-conffile
new file mode 100644
index 0000000..006fbc7
--- /dev/null
+++ b/t-conffile-root-option/pkg-conff-b.v2/test-conffile
@@ -0,0 +1 @@
+pkg-conff-b
--
2.9.3
diff --git i/src/archives.c w/src/archives.c
index d91a07588..5b7c575f5 100644
--- i/src/archives.c
+++ w/src/archives.c
@@ -875,14 +875,7 @@ tarobject(void *ctx, struct tar_entry *ti)
conff = conff->next) {
if (!conff->obsolete)
continue;
- if (stat(conff->name, &stabtmp)) {
- if (errno == ENOENT || errno == ENOTDIR || errno == ELOOP)
- continue;
- else
- ohshite(_("cannot stat file '%s'"), conff->name);
- }
- if (stabtmp.st_dev == stab.st_dev &&
- stabtmp.st_ino == stab.st_ino)
+ if (strcmp(conff->name, nifd->namenode->name) == 0)
break;
}
if (conff) {
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.18.24
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 May 2017 13:16:25 +0200
Source: dpkg
Binary: dpkg libdpkg-dev dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.18.24
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 813454 824742 837051 850834 857449 858004 860238 860979 861217
Changes:
dpkg (1.18.24) unstable; urgency=medium
.
[ Guillem Jover ]
* Add missing symbols to the libdpkg map file.
* Fix dpkg-shlibdeps to preserve the Dpkg::Shlibs::find_library() order
when scanning symbols/shlibs files. This was causing generation of bogus
dependencies when multiple packages provide the same SONAME on different
directories. Regression introduced in dpkg 1.18.17. Closes: #860979
* Make dpkg-maintscript-helper print all unowned files from a directory
when printing the error message, to ease debugging those problems after
the fact. Closes: #813454, #860238
Based on a patch by Bastien ROUCARIÈS <[email protected]>.
* Add duplicate prevention code for debian/files to dpkg-genbuildinfo, so
that successive runs with different versions and equivalent build types
do not generate multiple .buildinfo entries to be uploaded, which is
similar to what dpkg-gencontrol is doing for .deb files.
* Fix conffile takeover handling during unpack in dpkg on --root or
on diversions. Closes: #837051, #858004
* Fix digest inference for shared conffiles, causing bogus takeover
unpack errors. Regression introduced in dpkg 1.16.9. Closes: #861217
* Improve tar entry metadata parsing in dpkg:
- Do not parse device numbers for non block nor char tar entry objects.
- Make the existing octal parser more robust, by checking for the
expected format of leading zeros or spaces, followed by any ASCII
octal characters (0-7), followed by zero or more space or NULs.
- Add support for base-256 encoded numeric fields, to support large
values, for UID/GID, device number, size and even signed timestamps.
This is necessary not only to be able to store larger values, but to
cover packages that can already be generated by dpkg-deb, given that
it uses the system GNU tar when building. Closes: #850834
* Architecture support:
- Add support for ARM64 ILP32. Closes: #824742
Thanks to Wookey <[email protected]>.
* Perl modules:
- Remove obsolete hardening-wrapper support from Dpkg::Vendor::Ubuntu.
Thanks to Adam Conrad <[email protected]>.
- Bump $Dpkg::Deps::VERSION to match the one documented in CHANGES.
- Ignore by default debian/files.new and debian/files for all source
formats in Dpkg::Source::Package, because these are generated files
with well known pathnames, part of the public interface, and with
dpkg-genbuildinfo always injecting .buildinfo entries into
debian/files, this meant this could disrupt previous workflows based
on not cleaning the source tree.
* Documentation:
- Many spelling fixes. Thanks to Josh Soref <[email protected]>.
- Do not include mispellings in changelogs, as that makes detecting them
more difficult.
* Build system:
- Use libexec variable for auxiliary internal programs, and set it to
/usr/lib on Debian and derivatives.
- Check that the detected tar is a GNU tar.
- Check that the detected patch is a GNU patch, so that we get a directory
traversal resistant patch implementation. This fixes CVE-2017-8283 by
delegating those checks to patch(1), so that we trap blank-indented
diff hunks trying to escape from the source tree.
* Test suite:
- Add a test case for blank-indented patches which were the cause for
CVE-2017-8283.
- Handle files with non-zero sizes in c-tarextract libdpkg test code.
.
[ Updated programs translations ]
* Catalan (Guillem Jover).
* Czech (Miroslav Kure).
.
[ Updated dselect translations ]
* Catalan (Guillem Jover).
.
[ Updated scripts translations ]
* Catalan (Guillem Jover).
.
[ Updated man pages translations ]
* German (Helge Kreutzmann, David Rabel). Closes: #857449
* Spanish (Javier Fernández-Sanguino).
Checksums-Sha1:
50bb679a90095d6466345db327426649f9f0ec1f 2032 dpkg_1.18.24.dsc
155fe5c91728bdf82756674d5aa85e4ff2e3eac6 4530444 dpkg_1.18.24.tar.xz
f6485a48925083c714615accf84668e58e3b8aa0 7371 dpkg_1.18.24_amd64.buildinfo
Checksums-Sha256:
9f1560a0d237ec570f98f8aacfd1cbdd372371cce40e4c7ee4a31315b0c40823 2032
dpkg_1.18.24.dsc
d853081d3e06bfd46a227056e591f094e42e78fa8a5793b0093bad30b710d7b4 4530444
dpkg_1.18.24.tar.xz
d7e7756b4ddf7db4f9df0612c019c795cd9715e0fe84783cf2763baa559bb362 7371
dpkg_1.18.24_amd64.buildinfo
Files:
fcc066dbc043e32b1238567052ff437d 2032 admin required dpkg_1.18.24.dsc
02e8af8faf1e689228da806c3e8c6882 4530444 admin required dpkg_1.18.24.tar.xz
6c5714c7ea0701f57165e8b888e818cd 7371 admin required
dpkg_1.18.24_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAlkdC5QACgkQuXK/PqSu
V6OmURAA5Htm0CZ3KiH1rfBX8l7E+Zzp10vHhryH+V29uKjnTebxFxqO295x2+ku
Os4DH1ShnO77ALU04d5HXfd9zLisxzycXl4nEkio3zsgX87v2jlxpM/HQJswl3qh
FH1rs8fxGbxLN8deu8poJobFLFSsEtD5QQOL/iDNRhq8aWUjtiGZ5jpy8t0v9vi+
I7eHFtP6GJL+5l8kxH6GPBmxSiP4RPeVADfVFnhnw+DPbtuJuC3oBk/pDRDVi7dZ
94qQLqhQZ/3sbBORI72TM81/FeDiTsLfl9zXGF36BUbR20O8gG/+nE5zjevIAYBo
9GshCY1ZKX+Uk3uOULTHQaH2UJ4mZVjoyByHmwPkAlj5ZNntL8iYG899Sa2F+OTT
iRgPyD+BU9pI0iXUrd8bKiZgtKG7Byk/jj8d2Uftgkl9IQ0Q1t4OdTbLEuM1AESf
IjF6MCf9aWo38GBf7h1ubAGgo5NFYeftjMjFBjQu5NUDzQeYW4zUc7Oljw9qmLYF
qVSAfDOxwPcEjbC2gxKGqGyD3o7xA418kA+A0TiRFe/LRJ7bh3lGEDYqXDtq8Kkh
dPkXYPA4MToRRGLxvk3gsgZTdu3UTnJDFEF3vWG4TXhHVhiVP8mMf52he00Xqmot
KtuzHZ98yBd/LlXdeXP9AS01bXfjuSopsLZwrRg6kCQ0IpM/dtE=
=Abdj
-----END PGP SIGNATURE-----
--- End Message ---
