[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#704653: marked as done (apt: segfault with http sources whose name contains '[')

Your message dated Wed, 08 May 2013 17:03:09 +0000
with message-id <E1Ua7ll-0005UZ-7C@franck.debian.org>
and subject line Bug#704653: fixed in apt 0.9.8
has caused the Debian Bug report #704653,
regarding apt: segfault with http sources whose name contains '['
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
704653: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704653
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 0.9.7.8
Severity: minor

Issue also reproduced with the package in experimental: 0.9.7.9~exp2

I accidentally wrote a sources.list line that contained a ']' character.

I expect 'apt-get update' to fail to resolve the host name and fail in
one way or another. Instead, apt-get just segfailts.

An example sources.list file:

deb http://ftp.us.debian.org/debian sid main
deb http://hostname[ whatever

# apt-get update
Segmentation fault

# aptitude update
Segmentation fault

# apt-cache search apt
Segmentation fault

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.utf8, LC_CTYPE=he_IL.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2012.4
ii  gnupg                   1.4.12-7
ii  libapt-pkg4.12          0.9.7.8
ii  libc6                   2.13-38
ii  libgcc1                 1:4.7.2-5
ii  libstdc++6              4.7.2-5

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.8.2-1
ii  dpkg-dev    1.16.10
ii  python-apt  0.8.8.2
ii  synaptic    0.75.12
ii  xz-utils    5.1.1alpha+20120614-2

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 0.9.8

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 704653@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 08 May 2013 18:43:28 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.9.8
Distribution: unstable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package managment related utility programs
 libapt-inst1.5 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package managment runtime library
Closes: 154868 322074 620344 651640 699759 704653 704723 705087 705648
Changes: 
 apt (0.9.8) unstable; urgency=low
 .
   [ Ludovico Cavedon ]
   * properly handle if-modfied-since with libcurl/https
     (closes: #705648)
 .
   [ Andreas Beckman ]
   * apt-pkg/algorithms.cc:
     - Do not propagate negative scores from rdepends. Propagating the absolute
       value of a negative score may boost obsolete packages and keep them
       installed instead of installing their successors.  (Closes: #699759)
 .
   [ Michael Vogt ]
   * apt-pkg/sourcelist.cc:
     - fix segfault when a hostname contains a [, thanks to
       Tzafrir Cohen (closes: #704653)
   * debian/control:
     - replace manpages-it (closes: #704723)
 .
   [ David Kalnischkies ]
   * various simple changes to fix cppcheck warnings
   * apt-pkg/pkgcachegen.cc:
     - do not store the MD5Sum for every description language variant as
       it will be the same for all so it can be shared to save cache space
     - handle language tags for descriptions are unique strings to be shared
     - factor version string creation out of NewDepends, so we can easily reuse
       version strings e.g. for implicit multi-arch dependencies
     - equal comparisions are used mostly in same-source relations,
       so use this to try to reuse some version strings
     - sort group and package names in the hashtable on insert
     - share version strings between same versions (of different architectures)
       to save some space and allow quick comparisions later on
   * apt-pkg/pkgcache.cc:
     - assume sorted hashtable entries for groups/packages
   * apt-pkg/cacheiterators.h:
     - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
   * apt-pkg/deb/debversion.cc:
     - add a string-equal shortcut for equal version comparisions
 .
   [ Marc Deslauriers ]
   * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
 .
   [ Yaroslav Halchenko ]
   * Fix English spelling error in a message ('A error'). Unfuzzy
     translations. Closes: #705087
 .
   [ Programs translations ]
   * French translation completed (Christian Perrier)
 .
   [ Manpages translations ]
   * French translation completed (Christian Perrier)
 .
   [ Daniel Hartwig ]
   * apt-pkg/contrib/strutl.cc:
     - include port in shortened URIs (e.g. with apt-cache policy, progress
       display) thanks to James McCoy (Closes: #154868, #322074)
     - percent-encode username and password when writing URIs
   * methods/http.cc:
     - properly escape IP-literals (e.g. IPv6 address) when building
       Host headers and URIs (Closes: #620344)
   * methods/https.cc:
     - use https_proxy environment variable if present, falling back to
       http_proxy otherwise
     - use authentication credentials from proxy URI
       (Closes: #651640, LP: #1087512)
     - environment variables do not override an explicit no proxy
       directive ("DIRECT") in apt.conf
     - disregard all_proxy environment variable, like other methods
Checksums-Sha1: 
 116360c77f1f8c54891b327d39acf363a41261bc 1682 apt_0.9.8.dsc
 5b76a6358b11ab485dbef2bc16ba5328cdea7948 3500796 apt_0.9.8.tar.gz
 89461f552f12ee6f0274855736a8a588bc47948a 290444 apt-doc_0.9.8_all.deb
 3cb37e9e8382c3abb1525b9e3e891f15475b17c6 964930 libapt-pkg-doc_0.9.8_all.deb
 4883ad8769334cec21be7b811ee4825860cd7ed7 896220 libapt-pkg4.12_0.9.8_amd64.deb
 7f5f6ab632bb27d7ca22051c95588136c49ff9bd 168314 libapt-inst1.5_0.9.8_amd64.deb
 43bc95f409d0e949506b759b78c638b746ad7d5e 1313098 apt_0.9.8_amd64.deb
 0796669c1b3a13e0d78397e2351b35e2bcd6f146 189842 libapt-pkg-dev_0.9.8_amd64.deb
 9d7dabe9ea311a2b7ae69d0cb63c5860e33755e8 389146 apt-utils_0.9.8_amd64.deb
 f1a5ca9a3a3e69786789da741549a24408a885a1 110600 apt-transport-https_0.9.8_amd64.deb
Checksums-Sha256: 
 e27e8507f97cc1a3e8f2cfd9a3a488fec1af4559a87c19b27eb950275c4db475 1682 apt_0.9.8.dsc
 91937aff743892892949e54d0329496ddbfb6181d126406a05f6762cdbbab594 3500796 apt_0.9.8.tar.gz
 1b266da0a5ddcd9015e4475507399371fee4b4b282a18f2c6ba004d4a5ce0af3 290444 apt-doc_0.9.8_all.deb
 0864bba06d93ae00b65f469ed8a25b5d0562a50477515a1af0d640e7e562d521 964930 libapt-pkg-doc_0.9.8_all.deb
 adedd7b43c0eb542b7137071ecaf8a27c363618d483a6a9364ba73c5fa05baca 896220 libapt-pkg4.12_0.9.8_amd64.deb
 899892c2bf8daac6da30da3be265c15a5e3959d94ec3be3a8352f047238d8562 168314 libapt-inst1.5_0.9.8_amd64.deb
 dbccf49f58e0d9de654566dd913a25db2bc5989cb356ed98be6450f7c0b9fcec 1313098 apt_0.9.8_amd64.deb
 a8e67828dd4426ea11943970e63908e5c435a9aac126ef8f4c076364e9933b44 189842 libapt-pkg-dev_0.9.8_amd64.deb
 fe2c2b0eb57e8cf0721f5c1075e01a81833a668331206628787ca12439b334af 389146 apt-utils_0.9.8_amd64.deb
 9dc84186723b66b7b335b3e149fefe61b1c5b7c8e759633c09a262b784965fd3 110600 apt-transport-https_0.9.8_amd64.deb
Files: 
 ca35aee225910dec2e3cb19df376cd71 1682 admin important apt_0.9.8.dsc
 90aa29992d8b8a43885c6a28ccf507d4 3500796 admin important apt_0.9.8.tar.gz
 bc44fced1b97e5ef24d807fcf777646a 290444 doc optional apt-doc_0.9.8_all.deb
 71b09b35661f93f5c8e9f87e71fb10fd 964930 doc optional libapt-pkg-doc_0.9.8_all.deb
 6a813bfe8a601fa320b936b0ee716efc 896220 libs important libapt-pkg4.12_0.9.8_amd64.deb
 e79d8e6799a69d8a9939629780109c3c 168314 libs important libapt-inst1.5_0.9.8_amd64.deb
 b627de5b3fe06182475120d008ad3773 1313098 admin important apt_0.9.8_amd64.deb
 829606dd9ec7e0cdad7080232eabfc9d 189842 libdevel optional libapt-pkg-dev_0.9.8_amd64.deb
 623d0730b1d36443a3341e79371ab67b 389146 admin important apt-utils_0.9.8_amd64.deb
 09d97f139dba326bc8ba0412b3a0648b 110600 admin optional apt-transport-https_0.9.8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlGKgy4ACgkQliSD4VZixzSsWwCeILYp85ky0KJWPqr+W67M7uXq
Hw0An2jzGjzbOQtOkiQA7+OGa5wQoIWC
=tem2
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: