Bug#781915: Patch (potential NMU) for multiple RC-grade issues in apt-zip

Axel Beckert Wed, 08 Apr 2015 19:13:10 -0700

Control: tag -1 + patch

Hi,


attached a debdiff which should fix the following issues:

    #782179 [G|+|  ] [apt-zip] apt-zip: apt-zip-list
    --aptgetaction=update doesn't do anything because "apt-get -qq
    --print-uris update" outputs nothing

    #781915 [G|  |  ] [apt-zip] Checksum fails and other issues in
    Jessie

    #638840 [i|+|  ] [apt-zip] apt-zip: wrong checksum: checksum
    calculation broken

The last one (#638840) is currently only set to severity "important",
but IMHO validates for severity "grave", too.

This patch does not fix #718376 (Most deb data.tar member files are
unsupported) and there seem similar issues with package lists.

Additionally the patch also fixes this non-RC and no-op issue:

    #624368 [m|  |  ] [apt-zip] Updating the apt-zip Uploaders list

I'll check with the release team if the attached patch would be
suitable for a freeze exception. If so, I'd upload it as NMU either
directly or to DELAYED/1 to get it in Jessie before the deadline for
the release.

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

diff -Nru apt-zip-0.18/apt-zip-inst apt-zip-0.18+nmu1/apt-zip-inst
--- apt-zip-0.18/apt-zip-inst   2008-02-01 08:07:37.000000000 +0100
+++ apt-zip-0.18+nmu1/apt-zip-inst      2015-04-09 03:44:21.000000000 +0200
@@ -36,8 +36,9 @@
             tar xvf ${MEDIUM}/${APTZIPTARFILE} |
             while read FILE
             do
-              [ `basename "$FILE" .bz2` != "$FILE" ] && bunzip2 -f "$FILE"
-              [ `basename "$FILE" .gz`  != "$FILE" ] && gunzip  -f "$FILE"
+              [ ! -s "$FILE" ] && rm -f "$FILE"
+              [ -e "$FILE" -a `basename "$FILE" .bz2` != "$FILE" ] && bunzip2 
-f "$FILE"
+              [ -e "$FILE" -a `basename "$FILE" .gz`  != "$FILE" ] && gunzip  
-f "$FILE"
             done
             rm -f foo-stamp
         )
diff -Nru apt-zip-0.18/apt-zip-list apt-zip-0.18+nmu1/apt-zip-list
--- apt-zip-0.18/apt-zip-list   2008-02-01 07:57:01.000000000 +0100
+++ apt-zip-0.18+nmu1/apt-zip-list      2015-04-09 02:35:38.000000000 +0200
@@ -33,9 +33,15 @@
 TMP=$(tempfile -p aptzip)
 TEMP=$(tempfile -p aptzip)
 
+if [ "$APTGETACTION" = update ]; then
+    APTGETQUIETLEVEL=-q
+else
+    APTGETQUIETLEVEL=-qq
+fi
+
 [ -n "$PACKAGES" ] && apt-get ${APTGETEXTRAOPTS} -qq --print-uris install 
$PACKAGES > "$TMP"
-[ -n "$APTGETACTION" ] && apt-get ${APTGETEXTRAOPTS} -qq --print-uris 
${APTGETACTION} >> "$TMP"
-grep $GREP < "$TMP" | tr -d "'" | sed 's/SHA256://' | sort -u > "$TEMP"
+[ -n "$APTGETACTION" ] && apt-get ${APTGETEXTRAOPTS} ${APTGETQUIETLEVEL} 
--print-uris ${APTGETACTION} >> "$TMP"
+grep $GREP < "$TMP" | tr -d "'" | sed 's/MD5Sum://' | sort -u > "$TEMP"
 if [ $? != 0 ]
 then
     error "apt-get failed"
diff -Nru apt-zip-0.18/debian/changelog apt-zip-0.18+nmu1/debian/changelog
--- apt-zip-0.18/debian/changelog       2008-02-01 08:18:33.000000000 +0100
+++ apt-zip-0.18+nmu1/debian/changelog  2015-04-09 03:49:29.000000000 +0200
@@ -1,3 +1,20 @@
+apt-zip (0.18+nmu1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload
+  * Fix updating package lists by using -q instead of -qq for "apt-get
+    update" (Closes: #782179)
+  * Properly handle package list downloads (Closes: #781915)
+    + Don't try to bunzip2 empty files
+    + Don't save files with .bz2 or .gz suffix without suffix
+    + Don't try to add .bz2 or .gz suffix to URIs which already have them.
+    + Honour the fact that apt can't know checksums of package list in
+      advance.
+  * Fix checksum verification of packages (Closes: #638840; patch by
+    Rainer Dorsch <rdor...@web.de>, thanks!)
+  * Remove François Févotte from Uploaders (Closes: #624368)
+
+ -- Axel Beckert <a...@debian.org>  Thu, 09 Apr 2015 01:30:22 +0200
+
 apt-zip (0.18) unstable; urgency=medium
   
   * Use sha256 instead of md5 for checksum, as in apt 0.7.7.
diff -Nru apt-zip-0.18/debian/control apt-zip-0.18+nmu1/debian/control
--- apt-zip-0.18/debian/control 2008-02-01 08:24:00.000000000 +0100
+++ apt-zip-0.18+nmu1/debian/control    2015-04-09 01:50:07.000000000 +0200
@@ -4,7 +4,7 @@
 Build-Depends-Indep: docbook-utils, docbook
 Build-Depends: debhelper (>= 5), cdbs
 Maintainer: Giacomo Catenazzi <c...@debian.org>
-Uploaders: Eddy Petrișor <eddy.petri...@gmail.com>, François Févotte 
<francois.fevo...@ensta.org>
+Uploaders: Eddy Petrișor <eddy.petri...@gmail.com>
 Standards-Version: 3.7.3
 Homepage: http://alioth.debian.org/projects/apt-zip
 
diff -Nru apt-zip-0.18/methods/wget apt-zip-0.18+nmu1/methods/wget
--- apt-zip-0.18/methods/wget   2008-02-01 07:54:37.000000000 +0100
+++ apt-zip-0.18+nmu1/methods/wget      2015-04-09 03:34:04.000000000 +0200
@@ -31,10 +31,12 @@
 [ ! "${USECHECKSUMS}" = 'no' ] && cat <<-EOF
        check(){
            [ ! -r "\$1" ] && return 1
+           [ ! -s "\$1" ] && return 1
            [ "\$2" = "0" ] && return \$3
            [ "\$2" = "" ] && return \$3
-           [ "\`type sha256sum\`" ] &&
-               if [ "\`sha256sum \$1 | cut -d' ' -f1\`" = \$2 ]
+           [ "\$2" = ":" ] && return \$3
+           [ "\`type md5sum\`" ] &&
+               if [ "\`md5sum \$1 | cut -d' ' -f1\`" = \$2 ]
                then return 0
                else err \$1 "wrong checksum"; return 1
                fi
@@ -158,7 +160,11 @@
            FILE=""
            for EXT in ".bz2" ".gz" ""
            do
-             do_wget \$1\$EXT \$2\$EXT \$3 \$4 &&
+             if echo "\$1" | grep -Eq "\$EXT\$"; then
+               do_wget \$1 \$2\$EXT \$3 \$4
+             else
+               do_wget \$1\$EXT \$2\$EXT \$3 \$4
+             fi &&
              FILE=\$2\$EXT &&
              break
              rm -f \$2\$EXT

Bug#781915: Patch (potential NMU) for multiple RC-grade issues in apt-zip

Reply via email to