Debian Bug report logs -
#837075
debootstrap: does not validate `suite` parameter against Release file
Reported by: Ansgar Burchardt <ansgar@debian.org>
Date: Thu, 8 Sep 2016 14:12:02 UTC
Severity: normal
Found in version debootstrap/1.0.81
Fixed in version debootstrap/1.0.83
Done: Steve McIntyre <93sam@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#837075; Package debootstrap.
(Thu, 08 Sep 2016 14:12:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Ansgar Burchardt <ansgar@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>.
(Thu, 08 Sep 2016 14:12:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: debootstrap
Version: 1.0.81
Severity: normal
Running
debootstrap ${suite} ${suite} ${mirror}
will install whatever the mirror serves as dists/${suite}, even when that
is not the requested suite. This can easily be checked with a few Redirect
statements in a .htaccess file:
Redirect /debian-wrong/pool http://ftp.de.debian.org/debian/pool
Redirect /debian-wrong/dists/stable http://ftp.de.debian.org/debian/dists/unstable
Then
debootstrap stable stable http://[...]/debian-wrong
will install unstable instead of stable.
debootstrap should validate that ${suite} is listed in the Release
file in either the Suite: or Codename: fields. Additionally storing
the codename in a variable would also be useful for suite-specific
workarounds, such as [1].
Ansgar
[1] <https://bugs.debian.org/810301#69>
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (300, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages debootstrap depends on:
ii wget 1.18-2+b1
Versions of packages debootstrap recommends:
ii debian-archive-keyring 2014.3
ii gnupg 2.1.14-5
debootstrap suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Install System Team <debian-boot@lists.debian.org>:
Bug#837075; Package debootstrap.
(Thu, 08 Sep 2016 15:51:15 GMT) (full text, mbox, link).
Acknowledgement sent
to Ansgar Burchardt <ansgar@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Install System Team <debian-boot@lists.debian.org>.
(Thu, 08 Sep 2016 15:51:15 GMT) (full text, mbox, link).
Message #10 received at 837075@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, 2016-09-08 at 16:09 +0200, Ansgar Burchardt wrote:
>
> debootstrap should validate that ${suite} is listed in the Release
> file in either the Suite: or Codename: fields. Additionally storing
> the codename in a variable would also be useful for suite-specific
> workarounds, such as [1].
>
> [1] <https://bugs.debian.org/810301#69>
>
I've attached a patch that implements this.
Ansgar
[0001-Validate-SUITE-against-Release-s-Suite-or-Codename.patch (text/x-patch, attachment)]
Reply sent
to Steve McIntyre <93sam@debian.org>:
You have taken responsibility.
(Tue, 13 Sep 2016 12:51:12 GMT) (full text, mbox, link).
Notification sent
to Ansgar Burchardt <ansgar@debian.org>:
Bug acknowledged by developer.
(Tue, 13 Sep 2016 12:51:12 GMT) (full text, mbox, link).
Message #15 received at 837075-close@bugs.debian.org (full text, mbox, reply):
Source: debootstrap
Source-Version: 1.0.83
We believe that the bug you reported is fixed in the latest version of
debootstrap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 837075@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <93sam@debian.org> (supplier of updated debootstrap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 13 Sep 2016 13:16:41 +0100
Source: debootstrap
Binary: debootstrap debootstrap-udeb
Architecture: source all
Version: 1.0.83
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Steve McIntyre <93sam@debian.org>
Description:
debootstrap - Bootstrap a basic Debian system
debootstrap-udeb - Bootstrap the Debian system (udeb)
Closes: 810301 837075 837185
Changes:
debootstrap (1.0.83) unstable; urgency=medium
.
[ Ansgar Burchardt ]
* functions: Validate that the requested suite is listed in the
Release file's Suite or Codename field. (Closes: #837075)
* Add support for merged-/usr, enabled by a new --merged-usr option.
(Closes: #810301)
* Feign install of dpkg in second stage. This avoids problems when
using dpkg-deb together with busybox' tar. (Closes: #837185)
* README: Use https://.
.
[ Steve McIntyre ]
* Update Standards-Version to 3.9.8 (no changes needed)
Checksums-Sha1:
6188946fc8ad972a5b720322623afb0d3d930559 1812 debootstrap_1.0.83.dsc
e3dd550523fb8f30b5217df99e44cd9340bce6dd 65551 debootstrap_1.0.83.tar.gz
761bb5d56a0364a33fcd9c0d996b874ac86f785c 18574 debootstrap-udeb_1.0.83_all.udeb
17e5a6cdef48a16936644e9e5a63ca9f1e774f7f 65192 debootstrap_1.0.83_all.deb
Checksums-Sha256:
203e64ff912d3a926d57515d7d1537a4e6c91e393eaa5344c8614f8424ce2fe5 1812 debootstrap_1.0.83.dsc
64d571e8807643ce098e2c4eff0ce17ae246569f1f07224244649be36eaac6b4 65551 debootstrap_1.0.83.tar.gz
877fe5281a0e424bd6c71d121cbb725b8f56694e66558cd47c20c3aa87ceff72 18574 debootstrap-udeb_1.0.83_all.udeb
e9abe794bad681b184179e8ab04a41c5d1567cee082e4adc95ed61ad0dce084f 65192 debootstrap_1.0.83_all.deb
Files:
a02f87d143eb0bed5ee4060162b13fe5 1812 admin extra debootstrap_1.0.83.dsc
fa5a79d4fddeb50465a9506df9b464bc 65551 admin extra debootstrap_1.0.83.tar.gz
5811209f3861f7b4ea0c08eb0b48b729 18574 debian-installer extra debootstrap-udeb_1.0.83_all.udeb
e5e42bdbc243e2922c3f9fb367eab625 65192 admin extra debootstrap_1.0.83_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJX1/LOAAoJEFh5eVc0QmhOsWkQAI9x5weQwEwHfEceuwM/fKBu
RCXh2X01iDMnK4QxnMQemp+r0fNnwpCDjhcfKOzvcSiqTkzCFwXUiNJXdeX3s3tL
MhywDxZr4l7U7mdON5DKJkbN4PmI8P5XH41IeO5uXPet+1poUtg5OjkRoM/jTqjw
pvFNqLX8lNNiqL8rmuYQ+O2maJRxNgigVw76+UVr2eVz01qEIrmUfzmvx8DQJrnK
w3W7VX68ZMOZxCUH0rqaWlxsLuJzV7/TJHwtc71bxmkD6BtgtMHJdpw8idAJVFci
jwIW4sj1m/LtePSZBV+uQbRGxXcP41d84ogQASjQKejUMaPRtRx5X1qiG3p1hVeq
qEiw8Z/JYDej38Pa8ZQD1LKoH6H764EsmPeR0lNv/Zzqr5HGXkQo3gUTBWMLZk87
cdMuQfmJtmIA86yZSTTBfIUHcKnN8MOzLV9VesXVJ+M6ezYKk2TYKW8sdWbF4eAF
OdD95lQxt0tVtj3ioQHMnlYTmr3cWRBE1RTGNQNMlVrrxAMxOmgjleyIW3lRvIMc
CKo2CD+ndNsQVM6h4iDDIoh+VfAoYEu5+DepCBFIj/mWkQ69Mrtqz3l1vuMZQPSy
b1eWIBEXpovm+fZ9jmNPV+oWx/9F79n+zhjqfd7lvY6FwVhJbfUCxZ7Ic/pG/+As
pE2lFrUXFhY2wTrsEs3Y
=VC5c
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 17 Oct 2016 07:28:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jun 4 06:52:04 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.