[Bug 1694697] Re: build-depends keeps OR flag if end of or group is ignored

Julian Andres Klode jak at jak-linux.org
Wed May 31 22:01:17 UTC 2017 

This affects all active releases AFAICT, so we should issue SRUs for
these. It's questionable how to test the pre-1.1 release in trusty,
though - they do not support build-dep from a file, so the test will be
more complex - maybe it's not really worth it.

** Also affects: apt (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: apt (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: apt (Ubuntu Zesty)
   Importance: Undecided
       Status: New

** Also affects: apt (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1694697

Title:
  build-depends keeps OR flag if end of or group is ignored

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Trusty:
  New
Status in apt source package in Xenial:
  New
Status in apt source package in Yakkety:
  New
Status in apt source package in Zesty:
  New

Bug description:
  [Impact]
  If the last alternative(s) of an Or group is ignored, because it does
  not match an architecture list, we would end up keeping the or flag,
  effectively making the next AND an OR.

  For example, when parsing (on amd64):

      debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386]
   => debhelper (>= 9), libnacl-dev |

  Which can cause python-apt and apt-get build-dep to crash.

  Even worse:

       debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar
    => debhelper (>= 9), libnacl-dev [amd64] | foobar

  [Test case]
  On amd64:

  cat > segv.dsc  << EOF
  Format: 3.0 (native)
  Source: foobar
  Binary: foobar
  Architecture: all
  Version: 1
  Maintainer: Joe Sixpack <joe at example.org>
  Build-Depends: build-essential [amd64] | build-essential [fancy]
  Standards-Version: 3.9.8
  EOF
  cat > failure.dsc  << EOF
  Format: 3.0 (native)
  Source: foobar
  Binary: foobar
  Architecture: all
  Version: 1
  Maintainer: Joe Sixpack <joe at example.org>
  Build-Depends: build-essential [amd64] | build-essential [fancy], a-non-existing-package
  Standards-Version: 3.9.8
  EOF

  (1) apt-get build-dep -s ./segv.dsc should succeed instead of crash
  (2) apt-get build-dep -s ./failure.dsc should complain about "Depends: a-non-existing-package but it is not installable" instead of succeeding.

  This is the same test as run by CI and autopkgtests, so if they pass
  the tests passed. You can also run apt-get build-dep -s dq for a real
  life example that should not segfault.

  [Regression Potential]
  apt-get build-dep and friends can now fail where they succeeded previously for packages that employ architecture-limited alternatives in their build depends, as in the second example given above, because now additional packages need to be installed (which is correct, though).

  [Other info]
  By setting the previous alternatives Or flag to the current Or flag
  if the current alternative is ignored, we solve the issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1694697/+subscriptions

More information about the foundations-bugs mailing list