Smart crashes on malformed "Installed-Size" deb package field
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Smart Package Manager |
Fix Released
|
Undecided
|
Unassigned | ||
smart (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Request for SRU
===============
1. Statement explaining the impact
If you happen to have a package that has an incorrect installed-size field which is not all numeric, smart will crash. For Landscape users, since Landscape uses smart on the client side, it means the managed machine will stop reporting package information to the server and any package activity won't work.
2. How has the bug been addressed
The bug was fixed by upstream in smart 1.3.1. For this SRU, that specific change has been used for a patch which applied cleanly.
3. Patch
The patch is attached to this bug report as a debdiff for each nominated ubuntu release. It includes the fix for the deb backend, a similar fix for the rpm backend and a test. It was taken from smart trunk and applies cleanly.
4. How to reproduce
a) With the affected version of smart installed, edit /var/lib/
"""
Package: xserver-
Status: install ok installed
Priority: optional
Section: x11
Installed-Size: 176
(...)
"""
Change it to:
"""
Installed-Size: 176k
(...)
"""
b) Run "/usr/share/
c) Install the fixed version of python-smartpm
d) Run the command from (c) again. No backtrace this time, and installed size will be reported as unknown.
5. Regression potential
Minimal. The patch is very focused and has been in smart since 1.3.1. Upstream is now at 1.4.0.
If suddenly many packages start reporting this field with a letter, smart, by ignoring it, would probably not be able to tell if there would be enough disk space after the installation, so users could be left with an out of disk error after installations. I don't know what apt does with that field. A quick test shows that installed-size is displayed when it has a letter, but I don't know if it's interpreted and taken into account in the disk free space calculations.
Original bug description below
-------
Happened with a support customer:
2010-01-24 16:26:20,947 ERROR [MainThread] None
Traceback (most recent call last):
File "/usr/lib/
self.result = callback(
File "/usr/lib/
result.
File "/usr/lib/
self.
File "/usr/lib/
result = self.handle_
File "/usr/lib/
return self._handle_
File "/usr/lib/
result = self._handle_
File "/usr/lib/
skeleton = self._facade.
File "/usr/lib/
return build_skeleton(pkg, with_info)
File "/usr/lib/
skeleton.
File "/usr/lib/
return long(size)*1024
ValueError: invalid literal for long() with base 10: '221M'
I'm im touch with him to discover which package this is.
visibility: | private → public |
affects: | landscape → smart |
Changed in smart: | |
milestone: | none → 1.3.1 |
Changed in smart: | |
status: | New → Fix Committed |
Changed in smart: | |
status: | Fix Committed → Fix Released |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Sounds like a bogus .deb ?
http:// www.debian. org/doc/ debian- policy/ ch-controlfield s.html# s-f-Installed- Size