Your message dated Wed, 7 Oct 2009 16:48:15 -0500
with message-id <6f8c04400910071448q5cc08081p38a1824ae4597...@mail.gmail.com>
and subject line Closing xz-utils bugs fixed by version 4.999.9beta-1
has caused the Debian Bug report #544872,
regarding xz-utils: data corruption in the compression code
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
544872: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544872
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xz-utils
Version: 4.999.8beta-1
Severity: critical
Justification: causes serious data loss
http://tukaani.org/xz/ says:
XZ Utils 4.999.9beta was released on 2009-08-27. Among many less
important changes, this release fixes a data corruption in the
compression code. (The bug was specific to XZ Utils and was not
present in 7-Zip or LZMA SDK.) Everyone using an older version
of XZ Utils should upgrade.
The bug report by Jonathan Stott on Arch Linux (FS#15964) says:
Certain files (quite rarely) can become corrupted when extracting
from xz compressed files, due to the truncation of the last few
bytes.
So, if I understand correctly (upstream doesn't provide a test case),
once a file is compressed, its original content can definitely be
lost since the bug is in the compression code.
The patch:
http://git.archlinux.de/xz/commit/?id=3ce1916c83041113b9cad9ead5c97a527cf8aa1d
-- System Information:
Debian Release: squeeze/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26.5-20080922 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages xz-utils depends on:
ii libc6 2.9-26 GNU C Library: Shared libraries
ii liblzma0 4.999.8beta-1 high compression-ratio compression
xz-utils recommends no packages.
xz-utils suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 4.999.9beta-1
I believe the listed bugs are fixed in the new xz-utils prerelease
4.999.9beta+20091002-1, which is due to be installed in the Debian FTP
archive.
| xz-utils (4.999.9beta-1) experimental; urgency=low
|
| [ Jonathan Nieder ]
| * New upstream release.
| - Fix a data corruption in the compression code. (Closes: #544872)
| - xzdiff: Fix comparing two compressed files. (Closes: #540543)
| - Most of XZ Utils is now in the public domain. (Closes: #541391)
| - Add doc/history.txt to the distributed tarball. (Closes: #541540)
| * Update and clarify copyright file.
| * Drop lzma compatibility commands for now. (Closes: #542060, #540232)
| Add instructions to README.Debian for installing them locally.
[...]
| -- Jonathan Nieder <jrnie...@gmail.com> Wed, 30 Sep 2009 01:44:04 -0500
Thank you for reporting them. If you have further thoughts, please let
me know, and I will reopen the bug report if appropriate.
Kind regards,
Jonathan
--- End Message ---
