cp, mv, install: data loss due to free memory read

This bug was fixed in the package coreutils - 8.13-3.2ubuntu7

---------------
coreutils (8.13-3.2ubuntu7) raring; urgency=low

  * Backport require_valgrind_ so that tests work better.
  * Make valgrind failures non-fatal; we don't have sufficiently accurate
    suppressions for linker startup issues on all architectures. However,
    do still run those tests and check for corrupted output.
  * Don't build-depend on valgrind on armhf, as it apparently breaks there.
 -- Colin Watson <email address hidden> Fri, 09 Nov 2012 10:01:28 +0000

Hello C, or anyone else affected,

Accepted coreutils into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/coreutils/8.13-3.2ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello C, or anyone else affected,

Accepted coreutils into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/coreutils/8.13-3ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hi,

I've tested successfully the -proposed updates for precise

$ cat /etc/issue
Ubuntu 12.04 LTS \n \l

$ apt-cache policy coreutils
coreutils:
  Installed: 8.13-3ubuntu3.2
  Candidate: 8.13-3ubuntu3.2
  Version table:
 *** 8.13-3ubuntu3.2 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     8.13-3ubuntu3 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages

$ rm -f j j2 && perl -e 'for (1..600) { sysseek (*STDOUT, 4096, 1) && syswrite (*STDOUT, "a" x 1024) or die "$!" }' > j && valgrind --quiet --error-exitcode=3 cp j j2 && cmp j j2

With no output

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Hi,

I've tested successfully the -proposed updates for quantal

$ cat /etc/issue
Ubuntu 12.10 \n \l

% apt-cache policy coreutils
coreutils:
  Installed: 8.13-3.2ubuntu2.1
  Candidate: 8.13-3.2ubuntu2.1
  Version table:
 *** 8.13-3.2ubuntu2.1 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal-proposed/main i386 Packages
        100 /var/lib/dpkg/status
     8.13-3.2ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ quantal/main i386 Packages

$ rm -f j j2 && perl -e 'for (1..600) { sysseek (*STDOUT, 4096, 1) && syswrite (*STDOUT, "a" x 1024) or die "$!" }' > j && valgrind --quiet --error-exitcode=3 cp j j2 && cmp j j2

With no output, I'm adding the verification-done tag

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package coreutils - 8.13-3.2ubuntu2.1

---------------
coreutils (8.13-3.2ubuntu2.1) quantal-proposed; urgency=low

  * Backport upstream patch to avoid data-corrupting free-memory-read in
    cp/mv/install when dealing with a very fragmented and sparse input file
    on certain filesystems (LP: #1073514).
  * Build-depend on valgrind (except on armhf, where it breaks) in order to
    be able to run the test for the above fix.
  * Fix 99_sort_-u_data_loss.dpatch so that the added test is actually run.
  * Backport require_valgrind_ so that tests work better.
  * Make valgrind failures non-fatal; we don't have sufficiently accurate
    suppressions for linker startup issues on all architectures. However,
    do still run those tests and check for corrupted output.
 -- Colin Watson <email address hidden> Fri, 09 Nov 2012 13:30:42 +0000

This bug was fixed in the package coreutils - 8.13-3ubuntu3.2

---------------
coreutils (8.13-3ubuntu3.2) precise-proposed; urgency=low

  * Backport upstream patch to avoid data-corrupting free-memory-read in
    cp/mv/install when dealing with a very fragmented and sparse input file
    on certain filesystems (LP: #1073514).
  * Build-depend on valgrind (except on armhf, where it breaks) in order to
    be able to run the test for the above fix.
  * Fix 99_sort_-u_data_loss.dpatch so that the added test is actually run.
  * Backport require_valgrind_ so that tests work better.
  * Make valgrind failures non-fatal; we don't have sufficiently accurate
    suppressions for linker startup issues on all architectures. However,
    do still run those tests and check for corrupted output.
 -- Colin Watson <email address hidden> Fri, 09 Nov 2012 14:23:10 +0000