Bug#745563: debsig-verify: only handles data.tar.gz member, not xz, bz2 or lzma

Tue, 22 Apr 2014 13:36:27 -0700 

Package: debsig-verify
Version: 0.8
Severity: normal
Tags: patch

debsig-verify only handles a main data archive member of data.tar.gz,
packages can contain bz2, xz or lzma compressed members instead.

Attached is the patch I used to get it to work for me.
diff --exclude TAGS --exclude changelog -ur debsig-verify-0.8.orig/debsig-verify.c debsig-verify-0.8/debsig-verify.c
--- debsig-verify-0.8.orig/debsig-verify.c	2014-04-22 18:25:43.156139964 +0100
+++ debsig-verify-0.8/debsig-verify.c	2014-04-22 18:15:10.605619731 +0100
@@ -38,7 +38,9 @@
 char *deb = NULL;
 FILE *deb_fs = NULL;
 
-char *ver_members[] = { "debian-binary", "control.tar.gz", "data.tar.gz", 0 };
+char *ver_members[] = { "debian-binary", "control.tar.gz", 0 };
+#define DTAR(x) "data.tar." # x
+char *ver_mem_maybe[] = { DTAR(gz), DTAR(xz), DTAR(bz2), DTAR(lzma), 0 };
 
 static char *prog_name = NULL;
 
@@ -97,6 +99,7 @@
     int opt_count = 0, t, i, fd;
     struct match *mtc;
     int len;
+    int data_tar = 0;
 
     /* If we don't have any matches, we fail. We don't want blank,
      * take-all rules. This actually gets checked while we parse the
@@ -127,6 +130,22 @@
 	    len -= t;
 	}
     }
+
+    for (i = 0; ver_mem_maybe[i]; i++) {
+        if (!(len = findMember(ver_mem_maybe[i])))
+            continue;
+        while (len > 0){
+            t = fread(buf, 1, sizeof(buf), deb_fs);
+            fwrite(buf, 1, (t > len) ? len : t, fp);
+            len -= t;
+        }
+        data_tar = 1;
+        break;
+    }
+
+    if(!data_tar)
+        goto fail_and_close;
+
     fclose(fp);
     fd = -1;
 
@@ -209,14 +228,23 @@
 
 static int checkIsDeb(void) {
     int i;
-    if (!findMember("debian-binary"))
-        return 0;
+    const char *mem;
 
-    for (i = 0; ver_members[i]; i++)
-        if (!findMember(ver_members[i]))
-	    return 0;
+    for (i = 0; mem = ver_members[i]; i++)
+        if (!findMember(mem)) {
+            ds_printf(DS_LEV_VER, "Missing archive member %s", mem);
+            return 0;
+        }
 
-    return 1;
+    for (i = 0; mem = ver_mem_maybe[i]; i++)
+        if (findMember(mem))
+            return 1;
+
+    ds_printf(DS_LEV_VER, "Missing archive data member, checked:");
+    for (i = 0; mem = ver_mem_maybe[i]; i++)
+        ds_printf(DS_LEV_VER, "    %s", mem);
+
+    return 0;
 }
 
 static void outputVersion(void) {



-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages debsig-verify depends on:
ii  gnupg       1.4.12-7
ii  libc6       2.15-0ubuntu10.33.1
ii  libxmltok1  1.2-3

debsig-verify recommends no packages.

Versions of packages debsig-verify suggests:
ii  debian-keyring  2013.04.21

-- no debconf information

Reply via email to