Package: debmirror
Version: 1:2.16
Severity: grave
Justification: renders package unusable
Hi *,
For a fews days (Dec 09, to be exact, in GMT+8), my debmirror cronjob pulling
from ftp.us is running in an infinite loop - using up 100% of a core. After
having a closer look, it seems that the culprit code is in lines 2460ff with a
$_ value of e.g. 'SHA256-Current:
d4228ed8d1591732f9a3af33f4064c4e0d173d16218d12b930d1c5de3673d7ce39582357\n',
when parsing my .temp/dists/sid/main/binary-i386/Packages.diff/Index file.
As I see it, SHA256 hashes were added just on the day before (Dec 08) and the
code in lines 2460ff seems to not handle that hashes (at least as far as I
understand this at the moment).
Let me know if you need more information.
I'm opening this bug against the stable version, as this is the version that's
affected here and I don't see a changelog entry for later versions.
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages debmirror depends on:
ii bzip2 1.0.6-7+b3
pn libdigest-md5-perl
ii liblockfile-simple-perl 0.208-1
ii libnet-inet6glue-perl 0.603-1
ii libwww-perl 6.08-1
ii perl [libdigest-sha-perl] 5.20.2-3+deb8u1
ii perl-modules [libnet-perl] 5.20.2-3+deb8u1
ii rsync 3.1.1-3
Versions of packages debmirror recommends:
ii ed 1.10-2
ii gpgv 1.4.18-7
ii patch 2.7.5-1
Versions of packages debmirror suggests:
ii gnupg 1.4.18-7
-- no debconf information