Bugzilla – Bug 919233
dpkg-deb is broken after tar update
Last modified: 2017-01-28 13:13:47 UTC
After upgrade to tar version v1.28-2.13.1 (Described in Bug 913058) dpkg-deb includes the folder DEBIAN into the data part of generated packages. So the the generated packages are unusable. dpkg-deb executes the following commands to generate the data part of the package: > find . -path ./DEBIAN -prune -o -print0 | tar -cf - --format=gnu --null -T - --no-recursion Due to Bug 918487 tar includes ./DEBIAN even it is not included in the file list generated by find.
Bug 918487 describes a workaround which is not suitable here, because tar is executed by dpkg-deb. So it is not possible to rearrange the parameters without recompilation of dpkg-deb. Up to now I have to suppress the recommended update openSUSE-2015-151 to ensure dpkg-deb is still working. Will this bug be fixed sometime?
(In reply to Sven Franken from comment #1) > Bug 918487 describes a workaround which is not suitable here, because tar is > executed by dpkg-deb. So it is not possible to rearrange the parameters > without recompilation of dpkg-deb. > > Up to now I have to suppress the recommended update openSUSE-2015-151 to > ensure dpkg-deb is still working. > > Will this bug be fixed sometime? An update was started that will revert the problematic tar patch.
This is an autogenerated message for OBS integration: This bug (919233) was mentioned in https://build.opensuse.org/request/show/295670 13.2+13.1 / tar
Update released for openSUSE 13.2. Resolved fixed.
openSUSE-RU-2015:0738-1: An update that has two recommended fixes can now be installed. Category: recommended (important) Bug References: 918487,919233 CVE References: Sources used: openSUSE 13.2 (src): tar-1.28-2.16.1
This is an autogenerated message for OBS integration: This bug (919233) was mentioned in https://build.opensuse.org/request/show/439557 13.2 / dpkg
(In reply to Vítězslav Čížek from comment #2) > An update was started that will revert the problematic tar patch. It seems that tar upstream doesn't consider this a regression but intended change in behaviour instead [1]. Dpkg upstream has already moved tar option --no-recursion before -T [2]. The patch was backported for: - openSUSE 13.2 #439557 - SLE12SP1 (Leap) #123855 [1] http://lists.gnu.org/archive/html/bug-tar/2016-05/msg00010.html [2] https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=fcfe4f3aa2f3cb7f8179d4f2fe6dd65e75f7bbdf
openSUSE-RU-2016:2906-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 913058,919233 CVE References: Sources used: openSUSE 13.2 (src): dpkg-1.16.16-8.6.1, update-alternatives-1.16.16-8.6.1
SUSE-RU-2017:0202-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 913058,919233 CVE References: Sources used: SUSE Linux Enterprise Server 12-SP1 (src): update-alternatives-1.16.10-12.3.1 SUSE Linux Enterprise Desktop 12-SP1 (src): update-alternatives-1.16.10-12.3.1
openSUSE-RU-2017:0317-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 913058,919233 CVE References: Sources used: openSUSE Leap 42.1 (src): dpkg-1.16.10-11.1, update-alternatives-1.16.10-11.1