Re: apt-get changelog is unsuccessful, but changelog exists
On Sat, 5 Nov 2016, davidson@freevolt.org wrote:
[snip]
In the example above, I sought to read a description of the differences
between my currently installed libxslt1.1 package, and the more recent
available version.
Instead, to obtain changelogs, the 8-step workflow outlined below is
typical for me. It seems to work fine, but I am curious why steps 1--4
alone do not suffice.
If anyone can give me a clue here, I would be grateful.
WORKFLOW
[snap]
In case it helps clarify what is going on, here is example output from
that workflow:
# apt-get update # STEP 1
[Copious output about gets and hits, which i did not capture. Sorry.]
Fetched [xyz] kB in [u]s ([pqr] kB/s)
Reading package lists... Done
# apt-get -s upgrade # STEP 2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
libxslt1.1
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst libxslt1.1 [1.1.26-14.1+deb7u1] (1.1.26-14.1+deb7u2 Debian-Security:7.0/oldstable [i386])
Conf libxslt1.1 (1.1.26-14.1+deb7u1 Debian-Security:7.0/oldstable [i386])
$ apt-cache --no-all-versions show libxslt1.1 |sed -n '/^Description-en/,/^[^[:blank:]]/ p' # STEP 3
Description-en: XSLT 1.0 processing library - runtime library
XSLT is an XML language for defining transformations of XML files from
XML to some other arbitrary format, such as XML, HTML, plain text, etc.
using standard XSLT stylesheets. libxslt is a C library which
implements XSLT version 1.0.
.
This package contains the libxslt library used by applications for XSLT
transformations.
Homepage: http://xmlsoft.org/xslt/
$ apt-get changelog libxslt1.1 # STEP 4
Err Changelog for libxslt1.1 (http://packages.debian.org/changelogs/pool/updates/main/libx/libxslt/libxslt_1.1.26-14.1+deb7u2/changelog)
404 Not Found [IP: 5.153.231.3 80]
Err Changelog for libxslt1.1 (http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.26-14.1+deb7u2.changelog)
404 Not Found [IP: 128.31.0.63 80]
E: changelog download failed
$ apt-get --diff-only source libxslt1.1 # STEP 5
Reading package lists...
Building dependency tree...
Reading state information...
Picking 'libxslt' as source package instead of 'libxslt1.1'
NOTICE: 'libxslt' packaging is maintained in the 'Git' version control system at:
git://git.debian.org/debian-xml-sgml/libxslt.git
Need to get 47.0 kB of source archives.
Get:1 http://security.debian.org/ wheezy/updates/main libxslt 1.1.26-14.1+deb7u2 (diff) [47.0 kB]
Fetched 47.0 kB in 0s (91.1 kB/s)
$ gunzip libxslt_1.1.26-14.1+deb7u2.debian.tar.gz && tar xf libxslt_1.1.26-14.1+deb7u2.debian.tar # STEP 6
$ ls debian/ # STEP 7
changelog
compat
control
copyright
libxslt1.1.install
libxslt1.1.lintian-overrides
libxslt1.1.symbols
libxslt1-dev.doc-base
libxslt1-dev.install
libxslt1-dev.manpages
patches
python-libxslt1-dbg.install
python-libxslt1-dbg.lintian-overrides
python-libxslt1-dbg.preinst
python-libxslt1.examples
python-libxslt1.install
README.Debian
rules
source
TODO
watch
xslt-config.1
xsltproc.install
xsltproc.manpages
$ sed -n '1,/^[^[:blank:]]/ p' debian/changelog # STEP 8
libxslt (1.1.26-14.1+deb7u2) wheezy-security; urgency=medium
* Non-maintainer upload by the LTS team.
* 0019-Fix-heap-overread-in-xsltFormatNumberConversion.patch:
+ CVE-2016-4738: Patch from upstream to fix a potential heap overread
that can cause arbitrary code execution or denial of service.
Closes: #842570.
-- Emilio Pozuelo Monfort <pochu@debian.org> Sat, 05 Nov 2016 11:26:56 +0100
libxslt (1.1.26-14.1+deb7u1) wheezy-security; urgency=medium
Reply to: