Bug#775313: debsums -c don't report all changed files

Tue, 13 Jan 2015 15:40:05 -0800 

Package: debsums
Version: 2.0.52+deb7u1
Severity: serious
Tags: patch
Justification: required

Hi,
  I'd like to notice, than the patch [2.0.52+nmu2 from Axel Beckert, see: 
https://launchpadlibrarian.net/176696862/debsums_2.0.52%2Bnmu1_2.0.52%2Bnmu2.diff.gz]
creates this issue:
when there are two (or more) files (starting with the same string in the path), 
so the changes of the shorter files are not reported
by debsums -c ... .

In my case for example:
# dpkg-query "--admindir=/var/lib/dpkg" -S "bin/ls"
util-linux: /bin/lsblk
syslinux-common: /usr/bin/lss16toppm
kmod: /bin/lsmod
e2fsprogs: /usr/bin/lsattr
lsb-release: /usr/bin/lsb_release
pciutils: /usr/bin/lspci
lsof: /usr/bin/lsof
usbutils: /usr/bin/lsusb
gnupg: /usr/bin/lspgpot
klibc-utils: /usr/lib/klibc/bin/ls
coreutils: /bin/ls
util-linux: /usr/bin/lscpu
initramfs-tools: /usr/bin/lsinitramfs
kmod: /sbin/lsmod

# dpkg-query "--admindir=/var/lib/dpkg" -S "bin/ls"| awk -F: '{print $1}'
util-linux
syslinux-common
kmod
e2fsprogs
lsb-release
pciutils
lsof
usbutils
gnupg
klibc-utils
coreutils
util-linux
initramfs-tools
kmod


So then $correct_package = 
"util-linux\nsyslinux-common\nkmod\ne2fsprogs\nlsb-release\npciutils\nlsof\nusbutils\ngnupg\nklibc-utils\ncoreutils\nutil-linux\ninitramfs-tools\nkmod"

These files are silently skipped by the check:
if ($pack ne $correct_package) {
    # print "$pack != $correct_package\n";
    return 0;
}

The starting slash of the '-S' argument can repare the main bug (this will not 
use pattern *usr/sbin/inchange-reporting* is used):
# dpkg-query "--admindir=/var/lib/dpkg" -S "/bin/ls"| awk -F: '{print $1}'
coreutils

For example, change of /bin/ls will report nothing in wheeze, ..., unstable 
will not report anything:
# cp -a /bin/ls /tmp/ls ; echo "bad addon" >> /bin/ls; debsums -c coreutils; cp 
-a /tmp/ls  /bin/ls

Since patched version report it:
# cp -a /bin/ls /tmp/ls ; echo "bad addon" >> /bin/ls; debsums.new -c 
coreutils; cp -a /tmp/ls  /bin/ls
/bin/ls

Please aply this patch to fix this issue:
# diff -Nu /usr/bin/debsums /usr/bin/debsums.new 
--- /usr/bin/debsums    2014-09-01 20:47:24.000000000 +0200
+++ /usr/bin/debsums.new    2015-01-13 08:20:17.000000000 +0100
@@ -462,7 +462,7 @@
        return 0;
    }
 
-   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "$path" | awk -F: 
'{print \$1}'`;
+   my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk -F: 
'{print \$1}'`;
    chomp($correct_package);
    if ($pack ne $correct_package) {
        #print "$pack != $correct_package\n";

Please fix it in wheeze, ...

With regards
-- Marek Veber


-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages debsums depends on:
ii  dpkg                  8:1.16.9+nmu1
ii  libdpkg-perl          8:1.16.9+nmu1
ii  libfile-fnmatch-perl  0.02-1+b2
ii  perl                  5.14.2-21+deb7u2
ii  ucf                   8:3.0025+nmu4.1

debsums recommends no packages.

debsums suggests no packages.

-- debconf information excluded

--- /usr/bin/debsums	2015-01-13 15:26:23.000000000 +0100
+++ /usr/bin/debsums.new	2015-01-13 08:20:17.000000000 +0100
@@ -462,7 +462,7 @@
 	    return 0;
 	}
 
-	my $correct_package = `dpkg-query "--admindir=$DPKG" -S "$path" | awk -F: '{print \$1}'`;
+	my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk -F: '{print \$1}'`;
 	chomp($correct_package);
 	if ($pack ne $correct_package) {
 	    #print "$pack != $correct_package\n";

Reply via email to