Debian Bug report logs - #710659
pu: package pristine-tar/1.25+deb7u1

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Ivo De Decker <ivo.dedecker@ugent.be>

Date: Sat, 1 Jun 2013 10:51:02 UTC

Severity: normal

Tags: confirmed, pending, wheezy

Fixed in version 7.1

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, joeyh@debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#710659; Package release.debian.org. (Sat, 01 Jun 2013 10:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to Ivo De Decker <ivo.dedecker@ugent.be>:
New Bug report received and forwarded. Copy sent to joeyh@debian.org, Debian Release Team <debian-release@lists.debian.org>. (Sat, 01 Jun 2013 10:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ivo De Decker <ivo.dedecker@ugent.be>
To: submit@bugs.debian.org
Subject: pu: package pristine-tar/1.25+deb7u1
Date: Sat, 1 Jun 2013 12:48:26 +0200
[Message part 1 (text/plain, inline)]
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu


Hi,

The version of pristine-tar in jessie creates files which cannot be
used with the version of pristine-tar in wheezy. This means that wheezy users
cannot use a repository which stores an orig.tar.xz created with pristine-tar
on jessie to recreate the orig.tar.xz. This is bug #707820.

The newer version of pristine-xz specifies additional options to xz in the
pristine-tar file. These options are passed to xz when the pristine-xz tries
to recreate the original file. To avoid potentially malicious pristine-xz
files, pristine-xz contains a whitelist of known options which are passed
through to xz. Files with other xz options are not accepted. The attached
patch adds the options used by the newer version to the whitelist for
pristine-xz in wheezy.

These options are on the whitelist for pristine-tar/1.28 (in jessie and sid).

With this patch, it is possible to recreate the orig.tar.xz on a wheezy
system.

Would this change be acceptable for wheezy?

Thanks in advance,

Ivo


[pristine-tar_1.25+deb7u1.debdiff (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#710659; Package release.debian.org. (Sat, 01 Jun 2013 18:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 01 Jun 2013 18:33:05 GMT) (full text, mbox, link).

Message #10 received at 710659@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Ivo De Decker <ivo.dedecker@ugent.be>, <710659@bugs.debian.org>
Subject: Re: Bug#710659: pu: package pristine-tar/1.25+deb7u1
Date: Sat, 01 Jun 2013 19:32:15 +0100
Control: tags -1 + confirmed wheezy

On 2013-06-01 11:48, Ivo De Decker wrote:
> The version of pristine-tar in jessie creates files which cannot be
> used with the version of pristine-tar in wheezy. This means that 
> wheezy users
> cannot use a repository which stores an orig.tar.xz created with 
> pristine-tar
> on jessie to recreate the orig.tar.xz. This is bug #707820.
[...]
> With this patch, it is possible to recreate the orig.tar.xz on a 
> wheezy
> system.

Please go ahead; thanks.

Regards,

Adam

Added tag(s) wheezy and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to 710659-submit@bugs.debian.org. (Sat, 01 Jun 2013 18:33:05 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#710659; Package release.debian.org. (Sat, 01 Jun 2013 19:06:10 GMT) (full text, mbox, link).

Acknowledgement sent to Ivo De Decker <ivo.dedecker@ugent.be>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 01 Jun 2013 19:06:11 GMT) (full text, mbox, link).

Message #17 received at 710659@bugs.debian.org (full text, mbox, reply):

From: Ivo De Decker <ivo.dedecker@ugent.be>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Ivo De Decker <ivo.dedecker@ugent.be>, 710659@bugs.debian.org
Subject: Re: Bug#710659: pu: package pristine-tar/1.25+deb7u1
Date: Sat, 1 Jun 2013 21:04:05 +0200
Hi Adam,

On Sat, Jun 01, 2013 at 07:32:15PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed wheezy
> 
> On 2013-06-01 11:48, Ivo De Decker wrote:
> >The version of pristine-tar in jessie creates files which cannot be
> >used with the version of pristine-tar in wheezy. This means that
> >wheezy users
> >cannot use a repository which stores an orig.tar.xz created with
> >pristine-tar
> >on jessie to recreate the orig.tar.xz. This is bug #707820.
> [...]
> >With this patch, it is possible to recreate the orig.tar.xz on a
> >wheezy
> >system.
> 
> Please go ahead; thanks.

Thanks for the review. Uploaded.

Cheers,

Ivo

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#710659; Package release.debian.org. (Sun, 02 Jun 2013 10:51:15 GMT) (full text, mbox, link).

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 02 Jun 2013 10:51:16 GMT) (full text, mbox, link).

Message #22 received at 710659@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Ivo De Decker <ivo.dedecker@ugent.be>, <710659@bugs.debian.org>
Subject: Re: Bug#710659: pu: package pristine-tar/1.25+deb7u1
Date: Sun, 02 Jun 2013 11:50:19 +0100
Control: tags -1 + pending

On 2013-06-01 20:04, Ivo De Decker wrote:
> On Sat, Jun 01, 2013 at 07:32:15PM +0100, Adam D. Barratt wrote:
>> On 2013-06-01 11:48, Ivo De Decker wrote:
>> >The version of pristine-tar in jessie creates files which cannot be
>> >used with the version of pristine-tar in wheezy. This means that
>> >wheezy users
>> >cannot use a repository which stores an orig.tar.xz created with
>> >pristine-tar
>> >on jessie to recreate the orig.tar.xz. This is bug #707820.
>> [...]
>> >With this patch, it is possible to recreate the orig.tar.xz on a
>> >wheezy system.
>>
>> Please go ahead; thanks.
>
> Thanks for the review. Uploaded.

Flagged for acceptance.

Regards,

Adam

Added tag(s) pending. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to 710659-submit@bugs.debian.org. (Sun, 02 Jun 2013 10:51:16 GMT) (full text, mbox, link).

Marked as fixed in versions 7.1. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 15 Jun 2013 11:43:20 GMT) (full text, mbox, link).

Marked Bug as done Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 15 Jun 2013 11:43:21 GMT) (full text, mbox, link).

Notification sent to Ivo De Decker <ivo.dedecker@ugent.be>:
Bug acknowledged by developer. (Sat, 15 Jun 2013 11:43:22 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 14 Jul 2013 07:34:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jul 1 15:20:25 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.