[Bug 1234705] Re: apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

Launchpad Bug Tracker 1234705 at bugs.launchpad.net
Thu Oct 10 17:05:02 UTC 2013 

This bug was fixed in the package apt - 0.9.7.5ubuntu5.6

---------------
apt (0.9.7.5ubuntu5.6) quantal; urgency=low

  * Fix apt-ftparchive's generation of SHA512 checksums for Sources,
    previously incorrectly generated as SHA256 (LP: #1234705).
 -- Colin Watson <cjwatson at ubuntu.com>   Thu, 03 Oct 2013 14:51:28 +0100

** Changed in: apt (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

** Changed in: apt (Ubuntu Raring)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1234705

Title:
  apt-ftparchive writes SHA256 checksums in place of SHA512 in Sources

Status in “apt” package in Ubuntu:
  Fix Released
Status in “apt” source package in Precise:
  Fix Released
Status in “apt” source package in Quantal:
  Fix Released
Status in “apt” source package in Raring:
  Fix Released

Bug description:
  [Impact] apt-ftparchive generates SHA256 checksums for .dsc files and claims they're SHA512; this is likely to cause clients to fail to acquire source packages from Sources files generated with affected versions of apt-ftparchive, although only for .dsc files that contain Checksums-Sha512 (which is not yet the default).
  [Test Case] Use "apt-ftparchive sources" to generate Sources files for a tree containing a .dsc with the Checksums-Sha512 field (you may need to generate one manually).  Check that the filled-in checksum for the .dsc itself is correct.
  [Regression Potential] Confined to apt-ftparchive. Probably best to diff Packages/Sources files before and after.

  When apt-ftparchive is called upon to generate SHA512 checksums for a
  .dsc file that itself contains a Checksums-Sha512 field, the version
  in precise, quantal, and raring generate a SHA256 checksum instead and
  claim it's SHA512.  This is due to this line which is obviously
  incorrect once you notice it:

    SHA256Summation SHA512;

  We need to fix this before Launchpad production is upgraded from lucid
  to precise.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1234705/+subscriptions

More information about the foundations-bugs mailing list