[Bug 856311] Re: apt-ftparchive CacheDB truncates SHA512 hashes
Michael Vogt
michaelvogt at imap.cc
Wed Jan 30 07:53:24 UTC 2013
This is the relevant upload:
...
apt (0.8.16~exp5ubuntu11) oneiric; urgency=low
[ Colin Watson ]
* ftparchive/cachedb.cc:
- fix buffersize in bytes2hex
...
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/856311
Title:
apt-ftparchive CacheDB truncates SHA512 hashes
Status in “apt” package in Ubuntu:
Fix Released
Bug description:
$ cat >apt.conf
Dir {
ArchiveDir ".";
CacheDir ".";
};
BinDirectory "." {
Packages "Packages";
BinCacheDB "pkgcache.apt";
};
$ apt-get download hello
Get:1 Downloading hello 2.7-1 [25.9 kB]
Fetched 25.9 kB in 3s (6,601 B/s)
$ apt-ftparchive generate apt.conf
.: New 1,831 B 1 files 25.9 kB 0s
Packages done, Starting contents.
Done. 25.9 kB in 1 archives. Took 0s
$ cat Packages
Package: hello
Priority: optional
Section: devel
Installed-Size: 100
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Original-Maintainer: Santiago Vila <sanvila at debian.org>
Architecture: i386
Version: 2.7-1
Depends: libc6 (>= 2.4), dpkg (>= 1.15.4) | install-info
Filename: ./hello_2.7-1_i386.deb
Size: 25852
MD5sum: 0aaf7ad02dd0ec873b37ed2e6ca8bbf1
SHA1: 07d3b6cb9cd54dc04d10c40af8d3deacd673e671
SHA256: 982294094b87d40387d5e36cf8b7c3873449d6f8f01e8c058fc75d92f50ba18b
SHA512: a703d095e8ad346d8b610d20efc70dcc3bc4df0f9e7da5ad9cd21bd9ec583c501ad30d65c44024b7001b4c23690e594c81321ff34afe97e68769d03932567d8f
Description: The classic greeting, and a good example
The GNU hello program produces a familiar, friendly greeting. It
allows non-programmers to use a classic computer science tool which
would otherwise be unavailable to them.
.
Seriously, though: this is an example of how to do a Debian package.
It is the Debian version of the GNU Project's `hello world' program
(which is itself an example for the GNU Project).
Homepage: http://www.gnu.org/software/hello/
$ apt-ftparchive generate apt.conf
.: New 1,721 B 1 files 25.9 kB 0s
Packages done, Starting contents.
Done. 25.9 kB in 1 archives. Took 0s
$ cat Packages
Package: hello
Priority: optional
Section: devel
Installed-Size: 100
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Original-Maintainer: Santiago Vila <sanvila at debian.org>
Architecture: i386
Version: 2.7-1
Depends: libc6 (>= 2.4), dpkg (>= 1.15.4) | install-info
Filename: ./hello_2.7-1_i386.deb
Size: 25852
MD5sum: 0aaf7ad02dd0ec873b37ed2e6ca8bbf1
SHA1: 07d3b6cb9cd54dc04d10c40af8d3deacd673e671
SHA256: 982294094b87d40387d5e36cf8b7c3873449d6f8f01e8c058fc75d92f50ba18b
SHA512: a703d095e8ad346d8b610d20efc70dcc3bc4df0f9e7da5ad9cd21bd9ec583c50
Description: The classic greeting, and a good example
The GNU hello program produces a familiar, friendly greeting. It
allows non-programmers to use a classic computer science tool which
would otherwise be unavailable to them.
.
Seriously, though: this is an example of how to do a Debian package.
It is the Debian version of the GNU Project's `hello world' program
(which is itself an example for the GNU Project).
Homepage: http://www.gnu.org/software/hello/
Notice that the second Packages file has the SHA512 hash truncated to
the length of a SHA256 hash. This is because the space allocated in
bytes2hex() is only sufficient for a SHA256 hash. Patch attached.
(Discovered while writing new build-dependency installation code for
xdeb.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/856311/+subscriptions
More information about the foundations-bugs
mailing list