[Bug 1234705] Re: apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources
Colin Watson
cjwatson at canonical.com
Fri Oct 4 10:15:57 UTC 2013
** Description changed:
- [Impact] apt-ftparchive generates SHA256 checksums for source packages and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive.
- [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc without the Checksums-Sha512 field. Check that the filled-in checksums are correct.
+ [Impact] apt-ftparchive generates SHA256 checksums for .dsc files and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive, although only for .dsc files that contain Checksums-Sha512 (which is not yet the default).
+ [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc with the Checksums-Sha512 field (you may need to generate one manually). Check that the filled-in checksum for the .dsc itself is correct.
[Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.
When apt-ftparchive is called upon to generate SHA512 checksums for a
- source package (e.g. when generating a Sources file referring to a .dsc
- that doesn't contain such checksums), the version in precise, quantal,
- and raring generate SHA256 checksums instead and claim they're SHA512.
- This is due to this line which is obviously incorrect once you notice
- it:
+ .dsc file that itself contains a Checksums-Sha512 field, the version in
+ precise, quantal, and raring generate a SHA256 checksum instead and
+ claim it's SHA512. This is due to this line which is obviously
+ incorrect once you notice it:
SHA256Summation SHA512;
We need to fix this before Launchpad production is upgraded from lucid
to precise.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1234705
Title:
apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources
Status in “apt” package in Ubuntu:
Fix Released
Status in “apt” source package in Precise:
Fix Committed
Status in “apt” source package in Quantal:
Fix Committed
Status in “apt” source package in Raring:
Fix Committed
Bug description:
[Impact] apt-ftparchive generates SHA256 checksums for .dsc files and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive, although only for .dsc files that contain Checksums-Sha512 (which is not yet the default).
[Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc with the Checksums-Sha512 field (you may need to generate one manually). Check that the filled-in checksum for the .dsc itself is correct.
[Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.
When apt-ftparchive is called upon to generate SHA512 checksums for a
.dsc file that itself contains a Checksums-Sha512 field, the version
in precise, quantal, and raring generate a SHA256 checksum instead and
claim it's SHA512. This is due to this line which is obviously
incorrect once you notice it:
SHA256Summation SHA512;
We need to fix this before Launchpad production is upgraded from lucid
to precise.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1234705/+subscriptions
More information about the foundations-bugs
mailing list