Bug#689582: ExtractTar: 100 char long path names get truncated to 99 chars

2012-10-04 Thread Mika Eloranta 
Package: apt
Version: 0.9.7.5
Severity: important

Dear Maintainer,

When a data.tar.{gz,xz} contains a path name that is exactly
100 characters long, it will get truncated to 99 chars upon
extraction in ExtractTar::Go().

It seems in older gnu tar versions (pre-wheezy) the behavior
was more conservative and to use the 100 byte path field only
for path names less than 100 chars long, and to switch to
using long names already at 100 chars. In wheezy the
behavior seems to be different and path names of exactly
100 chars long can fill the whole reserved space in the tar
and then get truncated in ExtractTar::Go():

  // Grab the filename
  if (LastLongName.empty() == false)
 Itm.Name = (char *)LastLongName.c_str();
  else
  {
 Tar-Name[sizeof(Tar-Name)-1] = 0;
 Itm.Name = Tar-Name;
  }

Quick way to reproducing the problem using a generated dummy
deb package and python-apt is included as an attachment.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/11 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2012.4
ii  gnupg   1.4.12-4+b1
ii  libapt-pkg4.12  0.9.7.5
ii  libc6   2.13-35
ii  libgcc1 1:4.7.1-7
ii  libstdc++6  4.7.1-7

apt recommends no packages.
#! /usr/bin/python
import os
import apt_inst

paths = []
for i in range(98,103):
	path = (%03d % i).ljust(i,x)
file(path, w)
paths.append(path)

assert not os.system(tar zcf data.tar.gz %s %  .join(paths))
file(control.tar.gz, w)
file(debian-binary, w)
assert not os.system(ar cr test.deb data.tar.gz control.tar.gz debian-binary)

def cb(a, b):
print %3d %s  % (len(a.name), a.name)

apt_inst.DebFile(file(test.deb, rb)).data.go(cb)

Bug#689313: python-debian: arfile.ArFile.extractfile is broken

2012-10-01 Thread Mika Eloranta 
Package: python-debian
Version: 0.1.18+squeeze1
Severity: normal
Tags: patch

arfile.ArFile.extractfile(self, member) will only find the matching
member if
it happens to be the first file in the archive. The method returns from
the
search loop during the first iteration.

The fix is trivial and is attached as a patch.


-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.2-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages python-debian depends on:
ii  python  2.6.6-3+squeeze7 interactive high-level
object-orie
ii  python-chardet  2.0.1-1  universal character
encoding detec
ii  python-support  1.0.10   automated rebuilding
support for P

Versions of packages python-debian recommends:
ii  python-apt0.7.100.1+squeeze1 Python interface to
libapt-pkg

Versions of packages python-debian suggests:
ii  gpgv  1.4.10-4   GNU privacy guard -
signature veri

-- no debconf information


python-debian.patch
Description: Binary data