Bug#503237: marked as done (Should use security.debian.org for lenny/updates)
Your message dated Fri, 24 Oct 2008 13:47:02 +0000
with message-id <E1KtN0I-0003Lo-KD@ries.debian.org>
and subject line Bug#503237: fixed in python-apt 0.7.7.1+nmu1
has caused the Debian Bug report #503237,
regarding Should use security.debian.org for lenny/updates
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
503237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503237
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: software-properties-gtk: uses wrong url for the security updates
- From: Mika Hanhijärvi <miksuh@saunalahti.fi>
- Date: Fri, 24 Oct 2008 00:36:47 +0300
- Message-id: <1224797807.19485.26.camel@localhost>
Package: software-properties-gtk
Version: 0.60.debian-1.1
Severity: grave
Tags: security
Justification: user security hole
software-properties-gtk uses wrong url for the Debian security updates.
It does not recognize security.debian.org in the /etc/apt/sources.list.
It also adds incorrect security repository address to sources.list.
Steps how to reproduce this bug:
1) I have these lines in my /etc/apt/sources.list:
deb http://security.debian.org/ lenny/updates main non-free contrib
deb-src http://security.debian.org/ lenny/updates main non-free contrib
2) I start software-properties-gtk
3) I go to Updates tab:
The Security updates checkbox is shown as unselected. It should be
selected.
4) I go to Third-Party Software tab:
security.debian.org repository is listed here as a 3rd-party repository.
5) I go back to Updates tab
6) I Select the Security updates checkbox
7) I click close -button
8) I click reload button to reload package database:
I get errors like these:
Could not download all repository indexes
http://ftp.fi.debian.org/debian/dists/lenny/updates/non-free/binary-i386/Packages.gz:
404 Not Found [IP: 130.230.54.99 80]
http://ftp.fi.debian.org/debian/dists/lenny/updates/contrib/binary-i386/Packages.gz:
404 Not Found [IP: 130.230.54.99 80]
http://ftp.fi.debian.org/debian/dists/lenny/updates/main/binary-i386/Packages.gz:
404 Not Found [IP: 130.230.54.99 80]
http://ftp.fi.debian.org/debian/dists/lenny/updates/non-free/source/Sources.gz:
404 Not Found [IP: 130.230.54.99 80]
http://ftp.fi.debian.org/debian/dists/lenny/updates/contrib/source/Sources.gz:
404 Not Found [IP: 130.230.54.99 80]
http://ftp.fi.debian.org/debian/dists/lenny/updates/main/source/Sources.gz:
404 Not Found [IP: 130.230.54.99 80]
9) I open /etc/apt/sources.list from the commandline:
software-properties-gtk did add these lines:
deb http://ftp.fi.debian.org/debian/ lenny/updates non-free contrib main
deb-src http://ftp.fi.debian.org/debian/ lenny/updates non-free contrib
main
But lenny/updates is not available at that mirror address.
10) I start software-properties-gtk again.
11) I go to Updates tab
12) I unselect the Security updates checkbox
13) I click close button.
14) I start software-properties-gtk again and go to updates tab
again:
the Security updates checkbox is still selected. I unselected it last
time but it's again selected.
No matter how many times I repeat steps 10-14 Security updates checkbox
is always selected. Software-properties-gtk also does not remove or
disable those incorrect lines it added from the /etc/apt/sources.list.
I
have to manually remove those lines from the sources.list.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages software-properties-gtk depends on:
ii gksu 2.0.0-5 graphical frontend to su
ii python 2.5.2-2 An interactive high-level
object-o
ii python-glade2 2.12.1-6 GTK+ bindings: Glade
support
ii python-gtk2 2.12.1-6 Python bindings for the GTK
+ widge
ii python-software-properti 0.60.debian-1.1 manage the repositories
that you i
ii python-support 0.8.4 automated rebuilding
support for P
ii synaptic 0.62.1 Graphical package manager
software-properties-gtk recommends no packages.
software-properties-gtk suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: python-apt
Source-Version: 0.7.7.1+nmu1
We believe that the bug you reported is fixed in the latest version of
python-apt, which is due to be installed in the Debian FTP archive:
python-apt-dbg_0.7.7.1+nmu1_i386.deb
to pool/main/p/python-apt/python-apt-dbg_0.7.7.1+nmu1_i386.deb
python-apt_0.7.7.1+nmu1.dsc
to pool/main/p/python-apt/python-apt_0.7.7.1+nmu1.dsc
python-apt_0.7.7.1+nmu1.tar.gz
to pool/main/p/python-apt/python-apt_0.7.7.1+nmu1.tar.gz
python-apt_0.7.7.1+nmu1_i386.deb
to pool/main/p/python-apt/python-apt_0.7.7.1+nmu1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 503237@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonny Lamb <jonny@debian.org> (supplier of updated python-apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 24 Oct 2008 12:44:33 +0100
Source: python-apt
Binary: python-apt python-apt-dbg
Architecture: source i386
Version: 0.7.7.1+nmu1
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Jonny Lamb <jonny@debian.org>
Description:
python-apt - Python interface to libapt-pkg
python-apt-dbg - Python interface to libapt-pkg (debug extension)
Closes: 503237
Changes:
python-apt (0.7.7.1+nmu1) unstable; urgency=medium
.
* Non-maintainer upload.
* data/templates/Debian.info.in: Set the BaseURI to security.debian.org for
lenny/updates, etch/updates and sarge/updates. (Closes: #503237)
Checksums-Sha1:
f48fbe098b2b74d67da12b2633e8a8cdef363e98 1063 python-apt_0.7.7.1+nmu1.dsc
c85b352d6251a8c39a32021d433172345c48f3bc 639162 python-apt_0.7.7.1+nmu1.tar.gz
420564d072aea5442e2849718e40f41d44363151 218562 python-apt_0.7.7.1+nmu1_i386.deb
be4f47f4ac626db3f60a509f7792f3af2b5dc4c0 1434936 python-apt-dbg_0.7.7.1+nmu1_i386.deb
Checksums-Sha256:
9566d819b13cc2d78ffeb089d278504eeca5463df732e7e05ff16e5829589dcd 1063 python-apt_0.7.7.1+nmu1.dsc
f8c282608bd4e3ee4a7e8ce8dcd5415bd57c2778ae0d289f6b93ccaf0639b72a 639162 python-apt_0.7.7.1+nmu1.tar.gz
5127333df20fd2f783af44c33d3a6ac071594b7c6dae5db7b7cf51d232ebd60a 218562 python-apt_0.7.7.1+nmu1_i386.deb
e3f980e4ee335a75f657a9e802e2a0beb70dba3e5a8758e5535a20f64f83c39c 1434936 python-apt-dbg_0.7.7.1+nmu1_i386.deb
Files:
529c5e0a622ae94dc9adb46cfb1b8fd1 1063 python optional python-apt_0.7.7.1+nmu1.dsc
6d296cf3cc6d247c1d68161c15e3c8c2 639162 python optional python-apt_0.7.7.1+nmu1.tar.gz
15f1750f0586d44fdb1ab6944eba733d 218562 python optional python-apt_0.7.7.1+nmu1_i386.deb
fd43419a2a6d4848687302576b53c6ce 1434936 python extra python-apt-dbg_0.7.7.1+nmu1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkBvbQACgkQwYr7ny4DlAK4ZwCfQsoUBJgGtV0mqwtDInbdjr4p
/1kAniDXnUz6nKSD8EpfCEYacSzXEiz1
=XwYn
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: