Smart crashes on malformed "Installed-Size" deb package field

Bug #512302 reported by Andreas Hasenack on 2010-01-25
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Smart Package Manager
Undecided
Unassigned
smart (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

Request for SRU
===============

1. Statement explaining the impact
If you happen to have a package that has an incorrect installed-size field which is not all numeric, smart will crash. For Landscape users, since Landscape uses smart on the client side, it means the managed machine will stop reporting package information to the server and any package activity won't work.

2. How has the bug been addressed
The bug was fixed by upstream in smart 1.3.1. For this SRU, that specific change has been used for a patch which applied cleanly.

3. Patch
The patch is attached to this bug report as a debdiff for each nominated ubuntu release. It includes the fix for the deb backend, a similar fix for the rpm backend and a test. It was taken from smart trunk and applies cleanly.

4. How to reproduce
a) With the affected version of smart installed, edit /var/lib/dpkg/status and change the installed size field of the first package you see in there to include the letter "k" after the number. For example:
"""
Package: xserver-xorg-input-vmmouse
Status: install ok installed
Priority: optional
Section: x11
Installed-Size: 176
(...)
"""

Change it to:
"""
Installed-Size: 176k
(...)
"""

b) Run "/usr/share/smart/smart info xserver-xorg-input-vmmouse" (or the package that you changed). You will get a backtrace

c) Install the fixed version of python-smartpm

d) Run the command from (c) again. No backtrace this time, and installed size will be reported as unknown.

5. Regression potential
Minimal. The patch is very focused and has been in smart since 1.3.1. Upstream is now at 1.4.0.
If suddenly many packages start reporting this field with a letter, smart, by ignoring it, would probably not be able to tell if there would be enough disk space after the installation, so users could be left with an out of disk error after installations. I don't know what apt does with that field. A quick test shows that installed-size is displayed when it has a letter, but I don't know if it's interpreted and taken into account in the disk free space calculations.

Original bug description below
-------------------------------

Happened with a support customer:

2010-01-24 16:26:20,947 ERROR [MainThread] None
Traceback (most recent call last):
  File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 317, in _runCallbacks
    self.result = callback(self.result, *args, **kw)
  File "/usr/lib/python2.5/site-packages/landscape/package/reporter.py", line 47, in <lambda>
    result.addCallback(lambda x: self.handle_tasks())
  File "/usr/lib/python2.5/site-packages/landscape/package/taskhandler.py", line 37, in handle_tasks
    self._handle_next_task(None, deferred)
  File "/usr/lib/python2.5/site-packages/landscape/package/taskhandler.py", line 49, in _handle_next_task
    result = self.handle_task(task)
  File "/usr/lib/python2.5/site-packages/landscape/package/reporter.py", line 163, in handle_task
    return self._handle_package_ids(message)
  File "/usr/lib/python2.5/site-packages/landscape/package/reporter.py", line 191, in _handle_package_ids
    result = self._handle_unknown_packages(unknown_hashes)
  File "/usr/lib/python2.5/site-packages/landscape/package/reporter.py", line 234, in _handle_unknown_packages
    skeleton = self._facade.get_package_skeleton(package)
  File "/usr/lib/python2.5/site-packages/landscape/package/facade.py", line 127, in get_package_skeleton
    return build_skeleton(pkg, with_info)
  File "/usr/lib/python2.5/site-packages/landscape/package/skeleton.py", line 89, in build_skeleton
    skeleton.installed_size = info.getInstalledSize()
  File "/usr/lib/python2.5/site-packages/smart/backends/deb/loader.py", line 71, in getInstalledSize
    return long(size)*1024
ValueError: invalid literal for long() with base 10: '221M'

I'm im touch with him to discover which package this is.

visibility: private → public
affects: landscape → smart
Anders F Björklund (afb) wrote :

Patch to return "None" on invalid deb installed-size...

Anders F Björklund (afb) wrote :
Free Ekanayaka (free.ekanayaka) wrote :

Most probably a broken deb indeed, we're trying to check this with the Landscape user that reported the problem.

The patch looks good to me, provided with a test. We might want to ask Gustavo for an ack.

Andreas Hasenack (ahasenack) wrote :

With this patch, will the admin be aware there is a package with a wrong reported size?

Anders F Björklund (afb) wrote :

The size will be "missing", rather than "wrong". It could whine in the log, but that also gets tedious ?

Anders F Björklund (afb) wrote :
summary: - Smart crashes on malformed "Size" package field
+ Smart crashes on malformed "Installed-Size" deb package field
Andreas Hasenack (ahasenack) wrote :

FYI, the package came from here:

ftp://ftp.sara.nl/pub/sara-omsa/dists/dell/sara/binary-i386/

andreas@nsn2:~/x$ dpkg --info ./dellomsa_5.5.0-3_i386.deb
 new debian package, version 2.0.
 size 82910142 bytes: control archive= 1535 bytes.
     192 bytes, 8 lines conffiles
     383 bytes, 10 lines control
     389 bytes, 10 lines control.amd64
    1763 bytes, 88 lines * postinst #!/bin/sh
     702 bytes, 42 lines * postrm #!/bin/sh
 Package: dellomsa
 Version: 5.5.0-3
 Section: admin
 Priority: extra
 Architecture: i386
 Depends: openipmi (>= 2.0.2), lsb-base, lsb-release, libxml2, libstdc++5, rpm, procmail
 Installed-Size: 221M <============================
 Maintainer: Bas van der Vlies <email address hidden> and Jaap Dijkshoorn <email address hidden>
 Description: Dell OpenManage Server Administrator 5.
  OMSA is a hardware monitoring and configuration tool.
andreas@nsn2:~/x$

Changed in smart:
milestone: none → 1.3.1
Changed in smart:
status: New → Fix Committed
Changed in smart:
status: Fix Committed → Fix Released
Andreas Hasenack (ahasenack) wrote :

Debdiff for Lucid

Andreas Hasenack (ahasenack) wrote :

Debdiff for Maverick

Andreas Hasenack (ahasenack) wrote :

Debdiff for Natty

Andreas Hasenack (ahasenack) wrote :

Debdiff for Oneiric

Andreas Hasenack (ahasenack) wrote :

Test builds with the above debdiffs (minus the -proposed part of the debian/changelog entry) are available at this ppa:

ppa:ahasenack/smart-installed-size-fix

description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package smart - 1.3-1.3ubuntu1

---------------
smart (1.3-1.3ubuntu1) oneiric; urgency=low

  * Fix for dealing with incorrect installed-size fields. (LP: #512302)
 -- Andreas Hasenack <email address hidden> Mon, 30 May 2011 16:33:16 -0300

Changed in smart (Ubuntu):
status: New → Fix Released

Accepted smart into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in smart (Ubuntu Lucid):
status: New → Fix Committed
tags: added: verification-needed
Changed in smart (Ubuntu Maverick):
status: New → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Accepted smart into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in smart (Ubuntu Natty):
status: New → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Accepted smart into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Andreas Hasenack (ahasenack) wrote :

Verified for lucid using python-smartpm 1.2-5ubuntu0.1 from proposed:

root@domU-12-31-39-14-35-50:~# smart info libxml-libxml-perl
Loading cache...
Updating cache... ########################################################################################## [100%]

Name: libxml-libxml-perl
Version: 1.70.ds-1
Priority: 0
Group: perl
Installed Size: Unknown <-----------------------
Reference URLs:
Flags:
Channels: DEB System; lucid - main universe
Summary: Perl interface to the libxml2 library
Description:
 XML::LibXML is a Perl interface to the GNOME libxml2 library, which provides
 interfaces for parsing and manipulating XML files. This module allows Perl
 programmers to make use of the highly capable validating XML parser and the
 high performance Document Object Model (DOM) implementation. Additionally, it
 supports using the XML Path Language (XPath) to find and extract information.

root@domU-12-31-39-14-35-50:~# dpkg -l python-smartpm
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==================================-==================================-====================================================================================
ii python-smartpm 1.2-5ubuntu0.1 Python library of the Smart Package Manager
root@domU-12-31-39-14-35-50:~# apt-cache policy python-smartpm
python-smartpm:
  Installed: 1.2-5ubuntu0.1
  Candidate: 1.2-5ubuntu0.1
  Version table:
 *** 1.2-5ubuntu0.1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
        100 /var/lib/dpkg/status
     1.2-5 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ lucid/main Packages

Andreas Hasenack (ahasenack) wrote :

Verified for maverick using python-smartpm 1.3-1ubuntu0.1 from proposed:

root@domU-12-31-39-0F-D6-26:~# /usr/share/smart/smart info python-pkg-resources
Updating cache... ########################################################################################## [100%]

Name: python-pkg-resources
Version: 0.6.14-3ubuntu1
Priority: 0
Source: distribute_0.6.14-3ubuntu1
Group: python
License:
Installed Size: Unknown <---------------------------------
Reference URLs: http://packages.python.org/distribute
Flags:
Channels: DEB System
Summary: Package Discovery and Resource Access using pkg_resources
Description:
 The pkg_resources module provides an API for Python libraries to
 access their resource files, and for extensible applications and
 frameworks to automatically discover plugins. It also provides
 runtime support for using C extensions that are inside zipfile-format
 eggs, support for merging packages that have separately-distributed
 modules or subpackages, and APIs for managing Python's current
 "working set" of active packages.

Saving cache...

root@domU-12-31-39-0F-D6-26:~# dpkg -l python-smartpm
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==================================-==================================-====================================================================================
ii python-smartpm 1.3-1ubuntu0.1 Python library of the Smart Package Manager
root@domU-12-31-39-0F-D6-26:~# apt-cache policy python-smartpm
python-smartpm:
  Installed: 1.3-1ubuntu0.1
  Candidate: 1.3-1ubuntu0.1
  Version table:
 *** 1.3-1ubuntu0.1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ maverick-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     1.3-1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages

Andreas Hasenack (ahasenack) wrote :

Verified for natty using python-smartpm 1.3-1.3ubuntu0.1 from proposed:

root@domU-12-31-39-0A-AA-D0:~# /usr/share/smart/smart info python-pkg-resources
Updating cache... ########################################################################################## [100%]

Name: python-pkg-resources
Version: 0.6.15-1ubuntu1
Priority: 0
Source: distribute_0.6.15-1ubuntu1
Group: python
License:
Installed Size: Unknown
Reference URLs: http://packages.python.org/distribute
Flags:
Channels: DEB System; natty - main
Summary: Package Discovery and Resource Access using pkg_resources
Description:
 The pkg_resources module provides an API for Python libraries to
 access their resource files, and for extensible applications and
 frameworks to automatically discover plugins. It also provides
 runtime support for using C extensions that are inside zipfile-format
 eggs, support for merging packages that have separately-distributed
 modules or subpackages, and APIs for managing Python's current
 "working set" of active packages.

Saving cache...

root@domU-12-31-39-0A-AA-D0:~# dpkg -l python-smartpm
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==================================-==================================-====================================================================================
ii python-smartpm 1.3-1.3ubuntu0.1 Python library of the Smart Package Manager
root@domU-12-31-39-0A-AA-D0:~# apt-cache policy python-smartpm
python-smartpm:
  Installed: 1.3-1.3ubuntu0.1
  Candidate: 1.3-1.3ubuntu0.1
  Version table:
 *** 1.3-1.3ubuntu0.1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ natty-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     1.3-1.3build1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ natty/main i386 Packages

Andreas Hasenack (ahasenack) wrote :

Also verified working in current oneiric using python-smartpm 1.3-1.3ubuntu1:

root@domU-12-31-39-16-2A-A2:~# /usr/share/smart/smart info python-pkg-resources
Updating cache... ########################################################################################## [100%]

Name: python-pkg-resources
Version: 0.6.16-1
Priority: 0
Source: distribute_0.6.16-1
Group: python
License:
Installed Size: Unknown <---------------------------------------------
Reference URLs: http://packages.python.org/distribute
Flags:
Channels: DEB System
Summary: Package Discovery and Resource Access using pkg_resources
Description:
 The pkg_resources module provides an API for Python libraries to
 access their resource files, and for extensible applications and
 frameworks to automatically discover plugins. It also provides
 runtime support for using C extensions that are inside zipfile-format
 eggs, support for merging packages that have separately-distributed
 modules or subpackages, and APIs for managing Python's current
 "working set" of active packages.

Saving cache...

root@domU-12-31-39-16-2A-A2:~# dpkg -l python-smartpm
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==================================-==================================-====================================================================================
ii python-smartpm 1.3-1.3ubuntu1 Python library of the Smart Package Manager
root@domU-12-31-39-16-2A-A2:~# apt-cache policy python-smartpm
python-smartpm:
  Installed: 1.3-1.3ubuntu1
  Candidate: 1.3-1.3ubuntu1
  Version table:
 *** 1.3-1.3ubuntu1 0
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ oneiric/main i386 Packages
        100 /var/lib/dpkg/status

Martin Pitt (pitti) on 2011-06-05
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package smart - 1.2-5ubuntu0.1

---------------
smart (1.2-5ubuntu0.1) lucid-proposed; urgency=low

  * Fix for dealing with incorrect installed-size fields. (LP: #512302)
 -- Andreas Hasenack <email address hidden> Mon, 30 May 2011 16:55:42 -0300

Changed in smart (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package smart - 1.3-1ubuntu0.1

---------------
smart (1.3-1ubuntu0.1) maverick-proposed; urgency=low

  * Fix for dealing with incorrect installed-size fields. (LP: #512302)
 -- Andreas Hasenack <email address hidden> Fri, 27 May 2011 18:27:15 -0300

Changed in smart (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package smart - 1.3-1.3ubuntu0.1

---------------
smart (1.3-1.3ubuntu0.1) natty-proposed; urgency=low

  * Fix for dealing with incorrect installed-size fields. (LP: #512302)
 -- Andreas Hasenack <email address hidden> Mon, 30 May 2011 16:33:16 -0300

Changed in smart (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers