Package: debsums Version: 2.0.52+deb7u1 Severity: serious Tags: patch Justification: required
Hi, I'd like to notice, than the patch [2.0.52+nmu2 from Axel Beckert, see: https://launchpadlibrarian.net/176696862/debsums_2.0.52%2Bnmu1_2.0.52%2Bnmu2.diff.gz] creates this issue: when there are two (or more) files (starting with the same string in the path), so the changes of the shorter files are not reported by debsums -c ... . In my case for example: # dpkg-query "--admindir=/var/lib/dpkg" -S "bin/ls" util-linux: /bin/lsblk syslinux-common: /usr/bin/lss16toppm kmod: /bin/lsmod e2fsprogs: /usr/bin/lsattr lsb-release: /usr/bin/lsb_release pciutils: /usr/bin/lspci lsof: /usr/bin/lsof usbutils: /usr/bin/lsusb gnupg: /usr/bin/lspgpot klibc-utils: /usr/lib/klibc/bin/ls coreutils: /bin/ls util-linux: /usr/bin/lscpu initramfs-tools: /usr/bin/lsinitramfs kmod: /sbin/lsmod # dpkg-query "--admindir=/var/lib/dpkg" -S "bin/ls"| awk -F: '{print $1}' util-linux syslinux-common kmod e2fsprogs lsb-release pciutils lsof usbutils gnupg klibc-utils coreutils util-linux initramfs-tools kmod So then $correct_package = "util-linux\nsyslinux-common\nkmod\ne2fsprogs\nlsb-release\npciutils\nlsof\nusbutils\ngnupg\nklibc-utils\ncoreutils\nutil-linux\ninitramfs-tools\nkmod" These files are silently skipped by the check: if ($pack ne $correct_package) { # print "$pack != $correct_package\n"; return 0; } The starting slash of the '-S' argument can repare the main bug (this will not use pattern *usr/sbin/inchange-reporting* is used): # dpkg-query "--admindir=/var/lib/dpkg" -S "/bin/ls"| awk -F: '{print $1}' coreutils For example, change of /bin/ls will report nothing in wheeze, ..., unstable will not report anything: # cp -a /bin/ls /tmp/ls ; echo "bad addon" >> /bin/ls; debsums -c coreutils; cp -a /tmp/ls /bin/ls Since patched version report it: # cp -a /bin/ls /tmp/ls ; echo "bad addon" >> /bin/ls; debsums.new -c coreutils; cp -a /tmp/ls /bin/ls /bin/ls Please aply this patch to fix this issue: # diff -Nu /usr/bin/debsums /usr/bin/debsums.new --- /usr/bin/debsums 2014-09-01 20:47:24.000000000 +0200 +++ /usr/bin/debsums.new 2015-01-13 08:20:17.000000000 +0100 @@ -462,7 +462,7 @@ return 0; } - my $correct_package = `dpkg-query "--admindir=$DPKG" -S "$path" | awk -F: '{print \$1}'`; + my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk -F: '{print \$1}'`; chomp($correct_package); if ($pack ne $correct_package) { #print "$pack != $correct_package\n"; Please fix it in wheeze, ... With regards -- Marek Veber -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages debsums depends on: ii dpkg 8:1.16.9+nmu1 ii libdpkg-perl 8:1.16.9+nmu1 ii libfile-fnmatch-perl 0.02-1+b2 ii perl 5.14.2-21+deb7u2 ii ucf 8:3.0025+nmu4.1 debsums recommends no packages. debsums suggests no packages. -- debconf information excluded
--- /usr/bin/debsums 2015-01-13 15:26:23.000000000 +0100 +++ /usr/bin/debsums.new 2015-01-13 08:20:17.000000000 +0100 @@ -462,7 +462,7 @@ return 0; } - my $correct_package = `dpkg-query "--admindir=$DPKG" -S "$path" | awk -F: '{print \$1}'`; + my $correct_package = `dpkg-query "--admindir=$DPKG" -S "/$path" | awk -F: '{print \$1}'`; chomp($correct_package); if ($pack ne $correct_package) { #print "$pack != $correct_package\n";