Package: reprepro
Version: 3.5.2-4
Severity: important
Tags: patch
If reprepro has Contents file creation enabled (i.e., conf has "Contents: ."
directive),
then inserting a large binary package (larger than about 1GB, or more
precisely,
one whose data.tar.gz component is larger than 999,999,999 bytes) leads to the
following error:
etch:~# reprepro includedeb hardy bigpackage_1.0-1_amd64.deb
Exporting indices...
Error calculating length field in ar file
/var/www/reprepro/pool/localrepo/b/bigpackage/bigpackage_1.0-1_amd64.deb
Could not find a data.tar.gz file within
'/var/www/reprepro/pool/localrepo/b/bigpackage/bigpackage_1.0-1_amd64.deb'!
See patch below. The code in ar.c parses the header structs of an AR format
file.
The ASCII decimal size field of that header is 10 bytes long, right-padded with
spaces if the byte size is 999,999,999 or less. To call strtoul(), the code in
ar.c tries to force a 0-byte ('\0') after that header field, but is off by one
byte.
This isn't usually a problem, because strtoul() stops parsing when it hits
the space-padding. But once the file size exceeds 999,999,999 bytes,
the space-padding is no longer present, and the 0-byte is in the wrong place.
In this case *p would equal to '`' instead of '\0'.
Here is a patch that fixes this problem:
diff -ruN orig.reprepro-3.5.2/ar.c reprepro-3.5.2/ar.c
--- orig.reprepro-3.5.2/ar.c 2008-03-06 07:34:39.000000000 -0700
+++ reprepro-3.5.2/ar.c 2008-11-03 11:51:34.000000000 -0700
@@ -190,7 +190,7 @@
/* calculate the length and mark possible fillers being needed */
- ar->currentheader.ah_size[11] = '\0'; // ugly, but it works
+ ar->currentheader.ah_size[10] = '\0'; // ugly, but it works
ar->bytes_left = strtoul(ar->currentheader.ah_size,&p,10);
if( *p != '\0' && *p != ' ' ) {
Thanks,
Aramian
Credits: The author would like to thank Alexander Perlis for his help in
putting together this bug report.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages reprepro depends on:
ii libarchive1 2.4.17-2 Single library to read/write tar,
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [
ii libgpg-error0 1.4-2 library for common error values an
ii libgpgme11 1.1.6-2 GPGME - GnuPG Made Easy
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages reprepro recommends:
ii apt 0.6.46.4-0.1 Advanced front-end for dpkg
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
