Bug#433091: marked as done (ignores expiry of archive keys)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 02 May 2009 13:53:45 +0000
with message-id <E1M0Fez-0004RO-RJ@ries.debian.org>
and subject line Bug#433091: fixed in apt 0.7.20.2+lenny1
has caused the Debian Bug report #433091,
regarding ignores expiry of archive keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
433091: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ignores expiry of archive keys
• From: martin f krafft <madduck@debian.org>
• Date: Sat, 14 Jul 2007 13:29:41 +0200
• Message-id: <20070714112941.GA13373@piper.oerlikon.madduck.net>

Package: apt
Version: 0.7.3
Severity: important

If I update from an archive whose key recently expired and I have
not yet updated the local copy via apt-key -- the local keyring says
it's expired -- APT does not complain but just proceeds. I think it
should *at least* warn.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2007.02.19-0.1   GnuPG archive keys of the Debian a
ii  libc6                   2.6-2            GNU C Library: Shared libraries
ii  libgcc1                 1:4.2-20070707-1 GCC support library
ii  libstdc++6              4.2-20070707-1   The GNU Standard C++ Library v3

apt recommends no packages.

-- no debconf information

-- 
 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

--- End Message ---

--- Begin Message ---

• To: 433091-close@bugs.debian.org
• Subject: Bug#433091: fixed in apt 0.7.20.2+lenny1
• From: Michael Vogt <mvo@debian.org>
• Date: Sat, 02 May 2009 13:53:45 +0000
• Message-id: <E1M0Fez-0004RO-RJ@ries.debian.org>

Source: apt
Source-Version: 0.7.20.2+lenny1

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive:

apt-doc_0.7.20.2+lenny1_all.deb
  to pool/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb
apt-transport-https_0.7.20.2+lenny1_i386.deb
  to pool/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb
apt-utils_0.7.20.2+lenny1_i386.deb
  to pool/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb
apt_0.7.20.2+lenny1.dsc
  to pool/main/a/apt/apt_0.7.20.2+lenny1.dsc
apt_0.7.20.2+lenny1.tar.gz
  to pool/main/a/apt/apt_0.7.20.2+lenny1.tar.gz
apt_0.7.20.2+lenny1_i386.deb
  to pool/main/a/apt/apt_0.7.20.2+lenny1_i386.deb
libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
  to pool/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
libapt-pkg-doc_0.7.20.2+lenny1_all.deb
  to pool/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 433091@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 19 Apr 2009 21:23:46 +0200
Source: apt
Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all i386
Version: 0.7.20.2+lenny1
Distribution: stable-security
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-transport-https - APT https transport
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Closes: 433091 523213
Changes: 
 apt (0.7.20.2+lenny1) stable-security; urgency=high
 .
   * debian/apt.cron.daily:
     - fix possible DST timestamp releated auto-update problem
       (CVE-2009-1300, closes: #523213)
   * methods/gpgv.cc:
     - properly check for expired and revoked keys (closes: #433091)
Checksums-Sha1: 
 80d7d53646c2e3fd3604b7d6dc507fb68ed6357d 1540 apt_0.7.20.2+lenny1.dsc
 bdb5687a0ade523d395da3bf21bddfb5ebb31f9a 2043258 apt_0.7.20.2+lenny1.tar.gz
 07f88ed68e5d5576e8ab28e2bec144f74147be68 102110 apt-doc_0.7.20.2+lenny1_all.deb
 3a1590b2a583928cb1f2bac9f7e150e69e2db562 125292 libapt-pkg-doc_0.7.20.2+lenny1_all.deb
 10c8643be9c1725f266349f8ec9cb16afffedb0b 1639116 apt_0.7.20.2+lenny1_i386.deb
 ef2602d7b81295cc70f0f3fec01837d493f1f848 107586 libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
 d0acf24212f4ae67bc5259cbb009c23f95274115 188158 apt-utils_0.7.20.2+lenny1_i386.deb
 aef12bbd95a37b1a1e2870ab0ba78be769d5b800 58824 apt-transport-https_0.7.20.2+lenny1_i386.deb
Checksums-Sha256: 
 1d2459ddfcf220064412b4053ea9248c0107c8800710852372abba6e97f2bbad 1540 apt_0.7.20.2+lenny1.dsc
 fd8091400ab45b24950211dd22f1a26457adbd4e37a9d13923aed57e8a9c5269 2043258 apt_0.7.20.2+lenny1.tar.gz
 2b8e00bcc16992d5df403c67e27e0d89b97ea49b5febde5a50f20846e10db8d8 102110 apt-doc_0.7.20.2+lenny1_all.deb
 e5be5ac36657d1e52d4c6b7124f5c0a8f874e27b37112f9599d5ad3a1e8fe6de 125292 libapt-pkg-doc_0.7.20.2+lenny1_all.deb
 0c376bf8208292c3b1100a61e40adab95501d2f7cc2e6cabbd70643cfb70f733 1639116 apt_0.7.20.2+lenny1_i386.deb
 2f7a1a8903aac858d4dc23bb483948c6ee0849a296a9cf6cf8030ee77572c45c 107586 libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
 5a75db904448e43a0713b68622f90fbb2ab87c7468fee5a67eeb39ce43075bb0 188158 apt-utils_0.7.20.2+lenny1_i386.deb
 e04bd88a41f174bff59e5b8227fdaeb0903c1537459ffdaeb5ed31d17e4d366a 58824 apt-transport-https_0.7.20.2+lenny1_i386.deb
Files: 
 60e740d25e23101d5f7a9c90b90ee698 1540 admin important apt_0.7.20.2+lenny1.dsc
 c23dc4256af67c1644a9dbc5ae0115c8 2043258 admin important apt_0.7.20.2+lenny1.tar.gz
 099c1c85cb08d668e9e4668516ebc763 102110 doc optional apt-doc_0.7.20.2+lenny1_all.deb
 68c3671fa441778e16dbbe838cc893e5 125292 doc optional libapt-pkg-doc_0.7.20.2+lenny1_all.deb
 f2021728f2e92ffe32f7eb1bdc2d6231 1639116 admin important apt_0.7.20.2+lenny1_i386.deb
 e5ac47a6a1892c8ae12b0c25136b163d 107586 libdevel optional libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
 a0f4a903e2fc11d9d6535d310e7f5a9e 188158 admin important apt-utils_0.7.20.2+lenny1_i386.deb
 68cbda40b139645b347d3168e09c722b 58824 admin optional apt-transport-https_0.7.20.2+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJ7NNGAAoJECIIoQCMVaAcWmYIAIxLk0Hbhs9eOAt4asY5U4/g
8Brl5T2Fj+W7QB9sclmohdsejy6sVqPB34Wxscfdff1EacVMv2ZeLPWiQmx1GaEV
T5LiMlxbDMAhyVYnRRfKqLiguH0zXbZOc8wfehe2l1Lk8WzHpfJ2KBxPaAHBnyKC
atpd4rSutNPfyF+8uV9oD5/PqmdSecFrO56hw3rrVNTJiOO+YAjtZDn+cwPRm+Er
ldxzn1fTbT7g4IwwUVab93TeZxSbQqYjZbiI9Dgm5Y7pPnJJnHHVN+spUnYGdpvM
dVwU5LnULsc1GqHoovsXzcmZYVHx5b+7Ve1Y4MosG6rJogGrPQLRb3Lk6vqoDt8=
=i8fJ
-----END PGP SIGNATURE-----

--- End Message ---