The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DPKG SHOWSTOPPER! (need confirmation and additional analysys)



It looks like fixing epochs support in dpkg exposed a MEGA bug in the
pre-depends support that affects upgrading dpkg.

I think I have a solution, etc., but I would like some additional eyes
on this.

First, the easiest way to verify the problem yourself is to make sure
dpkg-1.4.0.6 is installed, and try and install dpkg---you should get a
message saying:

Version of dpkg with Pre-Depends support not yet configured.
 Please use `dpkg --configure dpkg', and then try again.

Unfortunately, dpkg --configure dpkg doesn't work.

This message comes from the following code from main/enquire.c:

void assertpredep(const char *const *argv) {
  static struct versionrevision predepversion = {~0UL,0,0};
  struct pkginfo *pkg;
  
  if (*argv) badusage("--assert-support-predepends does not take any arguments");

  modstatdb_init(admindir,msdbrw_readonly);
  pkg= findpackage("dpkg");
  if (!predepversion.epoch == ~0UL) {
    predepversion.epoch= 0;
    predepversion.version= nfstrsave("1.1.0");
    predepversion.revision= 0;
  }
  switch (pkg->status) {
  case stat_installed:
    break;
  case stat_unpacked: case stat_halfconfigured: case stat_halfinstalled:
    if (versionsatisfied3(&pkg->configversion,&predepversion,dvr_laterequal))
      break;
    printf("Version of dpkg with Pre-Depends support not yet configured.\n"
           " Please use `dpkg --configure dpkg', and then try again.\n");
    exit(1);
  default:
    printf("dpkg not recorded as installed, cannot check for Pre-Depends support !\n");
    exit(1);
  }
}

This is the routine that handles --assert-support-predepends, which is
called in the dpkg preinst.

It looks to me like the problem is that the epoch for the
predepversion is being set impossibly high, and the test which it
seems should be setting it correctly was done backwards, and thus is
not setting it correctly.

Now, with the old, broken versionsatisfied3, which didn't take epochs
into account correctly, it was able to get away with it since the
predepversion's version and revision were both impossibly
low---however, now that the epoch support works, the impossibly high
epoch trumps anything a real package might show.

So, it seems to me (and testing seems to confirm this) that the proper
solution is to change the line:

  if (!predepversion.epoch == ~0UL) {

to:

  if (!predepversion.epoch == 0UL) {

which will then result in the info on the version supporting
pre-depends getting set correctly.

So, could anyone with some free time try and verify my suppositions?
Anyone who has time to try and figure out whether the change to
versionsatisfied3 that enable epochs is going to break anything else
would be a godsend.

I'm going to be building a dpkg-1.4.0.7 and making it available at:

ftp://debian.med.miami.edu/pub/mdorman/

It will have the bug fix in it, as well as a slightly modified preinst
which will bypass the --assert-supports-predepends test, which should
allow it to install on systems with 1.4.0.6.  I'd appreciate any
adventurous testers having a go with this.

Cheers,

Mike.


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com