[Bug 1234705] Re: apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

Colin Watson cjwatson at canonical.com
Fri Oct 4 09:16:23 UTC 2013 

** Description changed:

+ [Impact] apt-ftparchive generates SHA256 checksums for source packages and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive.
+ [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc without the Checksums-Sha512 field.  Check that the filled-in checksums are correct.
+ [Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.
+ 
  When apt-ftparchive is called upon to generate SHA512 checksums for a
  source package (e.g. when generating a Sources file referring to a .dsc
  that doesn't contain such checksums), the version in precise, quantal,
  and raring generate SHA256 checksums instead and claim they're SHA512.
  This is due to this line which is obviously incorrect once you notice
  it:
  
-   SHA256Summation SHA512;
+   SHA256Summation SHA512;
  
  We need to fix this before Launchpad production is upgraded from lucid
  to precise.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1234705

Title:
  apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Committed
Status in “apt” source package in Quantal:
  Fix Committed
Status in “apt” source package in Raring:
  Fix Committed

Bug description:
  [Impact] apt-ftparchive generates SHA256 checksums for source packages and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive.
  [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc without the Checksums-Sha512 field.  Check that the filled-in checksums are correct.
  [Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.

  When apt-ftparchive is called upon to generate SHA512 checksums for a
  source package (e.g. when generating a Sources file referring to a
  .dsc that doesn't contain such checksums), the version in precise,
  quantal, and raring generate SHA256 checksums instead and claim
  they're SHA512.  This is due to this line which is obviously incorrect
  once you notice it:

    SHA256Summation SHA512;

  We need to fix this before Launchpad production is upgraded from lucid
  to precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1234705/+subscriptions

More information about the foundations-bugs mailing list