← Back to team overview

touch-packages team mailing list archive

[Bug 1274466] Re: apt-ftparchive on-disk cache format changed between lucid and precise, results in Packages files with silently corrupted checksums fields

 

This SRU has been shadowed by a security update and needs to be re-
merged.

** Changed in: apt (Ubuntu Trusty)
       Status: Fix Committed => In Progress

** Changed in: apt (Ubuntu Precise)
       Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1274466

Title:
  apt-ftparchive on-disk cache format changed between lucid and precise,
  results in Packages files with silently corrupted checksums fields

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  In Progress
Status in “apt” source package in Trusty:
  In Progress

Bug description:
  TEST CASE:
  1. generate a cachedb with apt-ftparchive from lucid via
     apt-ftparchive --db old-db packages 2vcard_0.5-3_all.deb > Packages.1
  - use apt-ftparchive from precise and run
     apt-ftparchive --db old-db packages 2vcard_0.5-3_all.deb > Packages.2
    and verify that it generates different hashes than Packages.1 (diff -u Packages.1 Packages.2)
  - use apt-ftparchive from precise-proposed and run:
      apt-ftparchive --db old-db packages 2vcard_0.5-3_all.deb > Packages.3
    and verify that the hashes are identical to the ones in Packages.1

  The archive.ubuntu.com master server has just been upgraded from lucid
  to precise.  As a result, the apt version went from 0.7.25.3 to
  0.8.16~exp12, and apparently some time in that interval the on-disk
  format of apt-ftparchive's cache changed.

  This wouldn't be a problem, except apt-ftparchive itself doesn't
  *notice* that the cache format has changed, and instead happily reads
  the existing files and parses them incorrectly, resulting in corrupted
  checksums output in the Packages file for each of the .debs.

  apt-ftparchive should version its file formats so that it correctly
  notices incompatible cache files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1274466/+subscriptions