ChangeLog: dpkg-deb: Use fd_fd_copy instead of stream_fd_copy dpkg-deb/extract.c: if (fd_fd_copy(arfd, p1[1], memberlen, &err) < 0)
need to check &err I think. --- TS http://www.southofheaven.org/ Life begins and ends with chaos, live between the chaos! On 2013-10-31, at 12:03 PM, Martin Costabel <costa...@wanadoo.fr> wrote: > On 29/10/13 16:31, TheSin wrote: >> I honestly believe we need to patch tar to have a fallback when they aren't >> set. All this patching everywhere could easily be fixed if we fix tar >> instead. Sadly I'm not well enough versed in C to do so but if someone >> could that would be super. > > I think I found it. At least I have now fixed versions of dpkg and tar that > no longer crash as before. > > In fact, the crash of dpkg comes from a bug in dpkg that is independent of a > similar bug in tar. That is, if you only fix dpkg as described below, it will > work correctly even with the unfixed tar, but tar has its own crash that > happens when it is run with LANG unset. > > The fix is a one-line patch for dpkg that can be written as a perl pie: > > perl -pi.bak -e 's| (_\(\"failed)| N$1|' dpkg-deb/extract.c > > or as a diff: > > --- dpkg-deb/extract.c~ 2003-10-25 22:03:21.000000000 +0200 > +++ dpkg-deb/extract.c 2013-10-31 18:00:47.000000000 +0100 > @@ -247 +247 @@ > - stream_fd_copy(ar, p1[1], memberlen, _("failed to write to pipe in > copy")); > + stream_fd_copy(ar, p1[1], memberlen, N_("failed to write to pipe in > copy")); > > (this is for Fink's dpkg-1.10.21; I don't know if the bug is still present in > the same form in new versions of dpkg). > > For tar, the corresponding perl script fixes 4 lines (it is possible that > only one of them is essential) > > perl -pi.bak -e 's|_\(\"tar|N$&|g' src/system.c > > (Here the bug is still present in the new version 1.27). > > Explanation: > The error appears when a child process (tar in the case of dpkg, gzip or > similar in the case of tar) is spawned via 'fork' and a string of the form > _("string") appears between 'fork' and 'exec' commands. This calls gettext > and hence libintl and the CoreFoundation framework. Calling frameworks > between 'fork' and 'exec' is not safe, see CAVEATS in `man fork`. If one > replaces '_("string")' by 'N_("string")', no gettext call is involved. One > could also just replace it by '"string"', which is the same thing. > > -- > Martin > > > ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
