[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: [SECURITY] [DSA 4371-1] apt security update

Thanks a lot Yves-Alexis for reply and advice!

> Also it's likely that
> you need to ask this to Raspbian, not Debian.

Please give me a 2.nd try in this list. If it will become obviosly to be
a problem of Raspbian I will change to them.

> It would help to paste the exact error messages.

The command "sudo apt -o Acquire::http::AllowRedirect=false update" ran
By apt "list --upgradable" these 5 packages are displayed:

apt/stable 1.4.9 armhf [upgradable from: 1.4.8]
apt-transport-https/stable 1.4.9 armhf [upgradable from: 1.4.8]
apt-utils/stable 1.4.9 armhf [upgradable from: 1.4.8]
libapt-inst2.0/stable 1.4.9 armhf [upgradable from: 1.4.8]
libapt-pkg5.0/stable 1.4.9 armhf [upgradable from: 1.4.8]

But by sudo "apt -o Acquire::http::AllowRedirect=false upgrade"
I always got the following error messages after my confirm to install:

Err:1 http://raspbian.raspberrypi.org/raspbian stretch/main armhf
libapt-pkg5.0 armhf 1.4.9
  302  Found [IP: 80]
Err:2 http://raspbian.raspberrypi.org/raspbian stretch/main armhf
libapt-inst2.0 armhf 1.4.9
  302  Found [IP: 80]
Err:3 http://raspbian.raspberrypi.org/raspbian stretch/main armhf apt
armhf 1.4.9
  302  Found [IP: 80]
Err:4 http://raspbian.raspberrypi.org/raspbian stretch/main armhf
apt-utils armhf 1.4.9
  302  Found [IP: 80]
Err:5 http://raspbian.raspberrypi.org/raspbian stretch/main armhf
apt-transport-https armhf 1.4.9
  302  Found [IP: 80]
E: Failed to fetch
 302  Found [IP: 80]
E: Failed to fetch
 302  Found [IP: 80]
E: Failed to fetch
 302  Found [IP: 80]
E: Failed to fetch
 302  Found [IP: 80]
E: Failed to fetch
 302  Found [IP: 80]
E: Unable to fetch some archives, maybe run apt-get update or try with

I tried to use a command with --fix-missing but this didn't work. Maybe
I used the wrong syntax.

> Can you provide the links you used and the hash it gives you locally?

This was a second problem when I tried to solve it by manual
instalaltion. For the downloads I used the links you have posted and
found some dismatched hashes in these files:

Local Hash =

apt-utils-dbgsym_1.4.9_armhf.deb -
Local Hash =

Local Hash =

Local Hash =

But meanwhile I see that I don't need those files because they are
obviosly not displayed by apt --upgradable list.
And the hashes for the 5 needed packages seem to match.

 > Try dpkg - -l |grep apt

dpkg --list |grep apt worked for me.

That's the result:

ii  apt                             1.4.8                        armhf
     commandline package manager
ii  apt-listchanges                 3.10                         all
     package change history notification tool
ii  apt-transport-https             1.4.8                        armhf
     https download transport for APT
ii  apt-utils                       1.4.8                        armhf
     package management related utility programs
ii  aptitude                        0.8.7-1                      armhf
     terminal-based package manager
ii  aptitude-common                 0.8.7-1                      all
     architecture independent files for the aptitude package manager
ii  firmware-realtek                1:20161130-3+rpt4            all
     Binary firmware for Realtek wired/wifi/BT adapters
ii  libapt-inst2.0:armhf            1.4.8                        armhf
     deb package format runtime library
ii  libapt-pkg5.0:armhf             1.4.8                        armhf
     package management runtime library
ii  python-apt-common               1.1.0~beta5                  all
     Python interface to libapt-pkg (locales)
ii  python3-apt                     1.1.0~beta5                  armhf

Besides according to your recommendation I tried this too:

deb http://cdn-fastly.deb.debian.org/debian-security stable/updates main
in /etc/apt/sources.list.

But running an update command an error showed up that the key doesn't
match, so this failed too.

So please let me know - what is your conclusion?

It's a question for Raspbian - and I should ask there now?
Or can I install the 5 upgrade files qouted above manually without
greater danger of a system crash? What do you recommend to be the very
next step?

Thank you in advance.


Reply to: