Your message dated Fri, 08 Jan 2021 04:33:38 +0000
with message-id <[email protected]>
and subject line Bug#966083: fixed in dpkg 1.20.6
has caused the Debian Bug report #966083,
regarding perl crash in eval command trying a failing require statement
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
966083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966083
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: perl
Version: 5.30.3-4
Severity: important
User: [email protected]
Usertags: origin-kali
X-Debbugs-Cc: [email protected]
Control: found -1 5.32.0-2
In Kali, any source package build started to fail with a mysterious
error:
> dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 127
After quite some investigation, I tracked this down to perl exiting with
that error code in the middle of an eval statement that should have failed:
https://sources.debian.org/src/dpkg/1.20.5/scripts/Dpkg/Vendor.pm/#L166
The $name tried is "Kali" and we don't ship any Dpkg::Vendor::Kali. The
code should fallback to Dpkg::Vendor::Debian and this works a few times
but after multiples calls, at some point it no longer works and the
require statement in the eval block just never returns, it seems to crash
the perl interpreter.
You can easily reproduce this on an up-to-date testing or unstable system
with dpkg 1.20.5 (that version is failing, the former version we had
in Kali was 1.19.7 and it was not triggering this issue):
$ sudo tee /etc/dpkg/origins/kali >/dev/null <<END
> Vendor: Kali
> Vendor-URL: https://www.kali.org/
> Parent: debian
> Bugs: https://bugs.kali.org/
> END
$ sudo ln -sf kali /etc/dpkg/origins/default
$ apt source hello
[...]
$ cd hello-*
$ dpkg-buildpackage -S
[...]
dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building hello using existing ./hello_2.10.orig.tar.gz
dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 127
Note that I only reproduce this with "3.0 (quilt)" source packages. Native
packages have different code paths likely involving fewer calls to
run_vendor_hook() and the problem can't be reproduced with such a source
package.
I can also reproduce the bug with version 5.32.0-2 available in
experimental.
FWIW I'm working around this issue in Kali with the attached patch but
this really smells like a bug in perl, thus I'm reporting it here.
Guillem, I believe the attached patch should be applied to dpkg in any
case as it's a small optimization that avoids running the evaled code too
often.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages perl depends on:
ii dpkg 1.20.5
ii libperl5.30 5.30.3-4
ii perl-base 5.30.3-4
ii perl-modules-5.30 5.30.3-4
Versions of packages perl recommends:
ii netbase 6.1
Versions of packages perl suggests:
pn libtap-harness-archive-perl <none>
ii libterm-readline-gnu-perl 1.36-2+b1
ii make 4.3-4
ii perl-doc 5.30.3-4
-- no debconf information
>From 75631da697b9d2c5b3ff2c54bc225fc55d3ab9c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <[email protected]>
Date: Thu, 3 Sep 2020 11:26:58 +0200
Subject: [PATCH] Work-around a perl crash during any package build
Somehow perl doesn't like the multiple execution of the eval code that tries
to "require Dpkg::Vendor::Kali;" and at some point perl just exits with
an error code of 127 when it tries to execute this line of code. When
it happens, the eval doesn't return.
To avoid the multiple execution of this code, we cache the result of the
lookup made on the parent vendor as the good result for the current
vendor as well.
There's likely some bug in perl here and somehow the update from
dpkg 1.19.7 to dpkg 1.20.5 started to trigger that bug.
---
scripts/Dpkg/Vendor.pm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/scripts/Dpkg/Vendor.pm b/scripts/Dpkg/Vendor.pm
index 196159156..5b8f66fd8 100644
--- a/scripts/Dpkg/Vendor.pm
+++ b/scripts/Dpkg/Vendor.pm
@@ -174,10 +174,12 @@ sub get_vendor_object {
my $info = get_vendor_info($vendor);
if (defined $info and defined $info->{'Parent'}) {
- return get_vendor_object($info->{'Parent'});
+ $obj = get_vendor_object($info->{'Parent'});
} else {
- return get_vendor_object('Default');
+ $obj = get_vendor_object('Default');
}
+ $OBJECT_CACHE{$vendor} = $obj;
+ return $obj;
}
=item run_vendor_hook($hookid, @params)
--
2.28.0
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.20.6
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Jan 2021 04:39:40 +0100
Source: dpkg
Architecture: source
Version: 1.20.6
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 822462 849752 964749 964751 966083 966110 966111 968294 968397 968442
968743 968744 969472 970083 970545 971203 972580 974087 975896 976249 977240
978983
Changes:
dpkg (1.20.6) unstable; urgency=medium
.
[ Guillem Jover ]
* libdpkg: Fix undefined behavior in varbuf functions.
Reported by KOLANICH <[email protected]>.
* libdpkg: Fix memory leaks in tar_extractor().
* libdpkg: Fix memory leak in trigger deferred processing.
Reported by KOLANICH <[email protected]>.
* libdpkg: Fix memory leak in filesystem treewalk node free function.
* libdpkg: Fix memory leak in filesystem treewalk iterator.
* libdpkg: Fix single-instance memory leak with fsys dir.
* libdpkg: Fix short-lived memory leaks.
* libdpkg: Reset error context errmsg after free().
* dpkg: Fix memory leak for cidir.
Reported by KOLANICH <[email protected]>.
* dpkg: Fix short-lived memory leak in --force-help output.
Based on a patch by KOLANICH <[email protected]>.
* dpkg-deb: Fix single-instance memory leak on missing conffiles control
file.
* dpkg-divert: Fix short-lived memory leaks.
* dpkg-realpath: Add new -z, --zero option.
Requested by Johannes Schauer <[email protected]>.
* dpkg-deb: Make decompression error message more descriptive.
Closes: #968442
* dpkg-architecture: Add a --print-format option.
Prompted by #968963.
* dpkg-buildpackage: Warn on known R³ values in uppercase.
Reported by Niels Thykier <[email protected]>.
* dpkg-buildpackage: Error out on R³ "yes" value.
Requested by Niels Thykier <[email protected]>.
* dpkg-buildpackage: Clarify R³ keyword diagnostic messages.
* dpkg-deb, dpkg-split: Fix time handling to support 64-bit time.
* libdpkg: Check that the ar archive time is within bounds.
* libdpkg: Ignore not-installed packages for source related virtual fields.
Closes: #972580
* libdpkg: Make source version parsing more robust on missing data.
See #972580.
* libdpkg: Do not forget not-installed packages that are set on hold.
Reported by David Kalnischkies <[email protected]>.
* update-alternatives: Fix memory leaks for alternative database context on
load errors.
* update-alternatives: Fix short-lived memory leaks for alternative structs.
* update-alternatives: Fix memory leaks with new_choice.
* update-alternatives: Fix short-lived memory leaks for log_file and admdir.
* dpkg-buildflags: Add support for DFLAGS. Closes: #975896
* dpkg-parsechanaglog: Document --file in --help output.
* libdpkg: Fix allocation size wrap around when growing a varbuf.
* dpkg-query: Do not print database loading progress. Closes: #977240
* Rename taint tag to merged-usr-via-aliased-dirs.
* dpkg-buildflags: Enable reproducible=fixfilepath by default.
Thanks to Vagrant Cascadian <[email protected]>.
See https://lists.debian.org/debian-devel/2020/10/msg00222.html.
Closes: #974087
* start-stop-daemon: Move umask setup before any file has been created.
* start-stop-daemon: Add a new --output option to redirect stderr and stdout.
* dpkg-maintscript-helper: Do not pass DPKG_ROOT prefixed pathmames to
dpkg-realpath.
* dpkg: When removing old files check the pathname with diversion and
instdir.
* dpkg-realpath: Make 'link includes root prefix' error more verbose.
* libdpkg: Make sure we do not walk on rootless trees.
* dpkg: Fix incorrect logic around printing dependency warnings.
Thanks to Jessica Clarke <[email protected]>.
Reported by Helmut Grohne <[email protected]>.
* Support remove-on-upgrade conffile flag via DEBIAN/conffiles.
Based on a patch by Niels Thykier <[email protected]>. Closes: #822462
* dpkg-fsys-usrunmess: New program.
* Perl modules:
- Dpkg::Index: Add new item_opts option.
- Dpkg::Exit: Fix exit handler on program termination. Closes: #966083
- Dpkg::Changelog::Entry::Debian: Fix format string.
Prompted by #967911.
- Dpkg::Changelog::Parse: Add new verbose option.
Prompted by #967911.
- Dpkg::Changelog::Parse: Document 'label' option.
- Dpkg::Source::Package::V1: Print a message when verifying tarball
signatures.
- Dpkg::Path: Fix pathname traversal check for symlinks. Closes: #971203
- Dpkg::Source::Package: Honor no_check for directory traversal checks.
See #971203.
- Dpkg::Source::Package: Call syserr() instead of syserror().
Reported by Drew Parsons <[email protected]>.
See #849752. Closes: #976249
- Dpkg::Path: Check first whether the files are the same by comparing
string-wise. Closes: #849752
- Dpkg::OpenPGP: Refactor gpg armor code into its own function.
* Documentation:
- man: Fix typo in --print-unset option reference.
Reported by Ferenc Wágner <[email protected]>. Closes: #966110
- man: Clarify that dpkg-architecture uses some of its own variables.
Closes: #966111
- man: Fix casing and namespacing in VARIABLES definitions.
- man: Fix typo in dpkg-source(1).
Thanks to Paul Wise <[email protected]>.
- man: Add a reference to deb-symbols(5) in deb-src-symbols(5) DESCRIPTION.
Prompted by #970083.
- man: Specify that symbol, version and id are separated by a single
whitespace. Closes: #970083
- man: Clarify day-of-month format in deb-changelog(5).
Reported by Axel Beckert <[email protected]>.
See #971977.
- man: Update update-alternatives maintainer script usage information.
Prompted by Niels Thykier <[email protected]>.
- man: Switch to use L<> markup for URLs instead of B<>.
- doc, man: Clarify that R³ values are case sensitive.
Prompted by Niels Thykier <[email protected]>.
- man: Add references to deb822(5) to file formats based on it.
Prompted by Niels Thykier <[email protected]>.
- man: Clarify config-files state in dpkg(1).
Prompted by Stuart Prescott <[email protected]>.
- man: Fix typos.
- man: Hyphenate multiple words in deb-override(5) format description.
- man: Uppercase acronyms and logic operators.
- man: Empty or whitespace-only lines in deb-conffiles(5) are not accepted.
* Code internals:
- libcompat, dpkg: Stop using deprecated security_context_t data type.
- update-alternatives: Refactor alternative database context freeing into a
new function.
- libdpkg: Do not define the clamp macro when compiling C++ code.
Reported by Helmut Grohne <[email protected]>.
- libdpkg: Replace FSF address by pointing to the gnu.org URL.
- libdpkg: Initialize pkgbin's newhash to NULL.
Prompted by Steinar H. Gunderson <[email protected]>.
- libdpkg: Use memset() instead of open-coding struct blanking.
Prompted by Steinar H. Gunderson <[email protected]>.
- Do not call fsys_hash_init() before command actions.
Prompted by Steinar H. Gunderson <[email protected]>.
- libdpkg: Fix m_pipe() function definition prototype to match declaration.
- libdpkg: Refactor new str_rtrim_spaces().
Based on a patch by Niels Thykier <[email protected]>.
- dpkg: Call fsys_hash_find_node() outside tar_fsys_namenode_queue_push().
- Use a conffilename variable to track the actual conffile name in the
buffer.
Thanks to Niels Thykier <[email protected]>.
* Build system:
- Add new gen-changelog tool.
- Pre-process the curses header before parsing it. Closes: #970545
- Fix variable substitution in man pages.
Reported by Niels Thykier <[email protected]>. Closes: #978983
- Add a README.cpan to be installed as README in the CPAN distribution.
- Do not try to use <sys/sysctl.h> on GNU/Linux.
- Fix «make distcheck» for man pages.
- Update GitLab CI configuration to use built-in functional test suite.
- Make it possible to override PKGDATADIR on built scripts too.
- Disable umask to 0 for Docker executor in GitLab CI.
- Disable functional test suite debug mode on GitLab CI.
- Sort po4a entries in po4a.cfg.
* Packaging:
- Do not fail the bug-script if readlink fails. Closes: #968397
- Improve cron file robustness on missing or empty backup files.
Closes: #969472
- Use AUTOPKGTEST_TMP instead of writing into the source tree.
- Hook the functional test suite into autopkgtest.
- Remove trailing comma from lintian profile file.
- Do not hardcode libdpkg-perl dependency on perl:any.
Thanks to Sven Joachim <[email protected]>.
* Test suite:
- Fix short lived memory leaks in unit tests.
- Print the ehandle unit test error output on verbose mode.
- Improve dpkg-divert test to output stdout and stderr.
- Use intermediate variable for directory traversal item iteration.
- Refactor root handling in Dpkg::Path unit tests.
- Refactor test verbose check into an inline function.
- Make it possible to include test.h from benchmarks.
- Disable hash reports in benchmark tests unless verbose.
- Add support for basic test try/catch/finally keywords.
- Merge the dpkg-tests.git repository into tests/.
- Update merged functional test suite assumptions.
- Remove redundant test cases from the functional test suite.
- Remove source package building support from functional test suite.
- When using DPKG_BUILDTREE add scripts/ to DPKG_PATH.
.
[ Add man pages translations ]
* Portuguese (Américo Monteiro). Closes: #964751
.
[ Update dselect translations ]
* Dutch (Frans Spiesschaert). Closes: #968294
* French (Didier Vidal). Closes: #964749
.
[ Update man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #968743
* German (Helge Kreutzmann).
.
[ Update programs translations ]
* Dutch (Frans Spiesschaert). Closes: #968744
* German (Sven Joachim).
.
[ Update scripts translations ]
* German (Helge Kreutzmann).
Checksums-Sha1:
eb00b9ca66254659ab4961df985523907cf4c941 2120 dpkg_1.20.6.dsc
bca459b239edb8a8a20a97da483070479bd3becb 4946636 dpkg_1.20.6.tar.xz
4f347b025d9aff04483f037b73eb4c4caa2d7857 7692 dpkg_1.20.6_amd64.buildinfo
Checksums-Sha256:
08929f0e853b9cf0fe6817b6eb1249f04baa994507d5428a38985ec23fde8ffd 2120
dpkg_1.20.6.dsc
fc2128a1ef85935252855a3ace0e907ddd6872baebfc784987f822cfc33c4ff9 4946636
dpkg_1.20.6.tar.xz
28e46bf0ecffa7b77dfcd42b293bc4018d1043677beb9dec956379ae92145536 7692
dpkg_1.20.6_amd64.buildinfo
Files:
673f24dd8bf192f5baf8b0f55770bab9 2120 admin required dpkg_1.20.6.dsc
40c403db33f66eb52b6c27c337a31b1c 4946636 admin required dpkg_1.20.6.tar.xz
d43e74de33bb7c937a43dccdf4515bcb 7692 admin required
dpkg_1.20.6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAl/320YACgkQuXK/PqSu
V6MBXg//eD/BPokIMinuIkdCnPbIGOz0qjke4AuEnU6x1a9u8g5GvHeqwOpJT974
IwdXkVuKfEvjOqFgwbmNazTtt8YedINa0gKBd7+OJXVe2S3tOe26G7AfwP0mdb5a
8lPiFddPEvJYRnS417LvtCQaHL/lpz1ZSndIchx/11gshWZMDgPDkpoIiu/TfNL8
p76knS/Y2MZQuytkvdd6BHw7viSuG8kjevhoSOcLADCQheWwJRps6oebQyfucIys
03ODtGU106npu0NYiS3DwAIfFTyUkZtc1Mf86OwL5NVzKKOwurRkrjSL3QmGXOOZ
+4einlcWbSUJLoqebOKtOfs1ykIsQ7Qq0vxrxqMPnHeB7Gu/+K4zXtGVwhp8O+ab
oTe+We0tzvUKi7q7nLQTUPODJHZa4G35E7DkyF69MUPgAv+WIY71os9ciamBdJmz
YbeHo7M6RowWb8TbBXGxPwauPGjpSi2uuieHAhegYWQqsRamJDB2Ag4kGrKbx16p
6gO4H+5FGDiMWa4n7IKSbUiZhxZxutwbsWbaI465n9RIKX9pR482CnkeR/WFrqJq
SKVlaVvxgs0PU/G6g27r/q00F3x9Cu1gVRnb0vJOXP3DAYWxNTqnMGBAkS4TEWnV
CmWEWLzxbzOA81FgwqYag6/NAzpIUJesgeF+FspNr+a+JzaBMd0=
=5I2V
-----END PGP SIGNATURE-----
--- End Message ---
