Your message dated Tue, 23 Sep 2014 16:18:47 +0000 with message-id <E1XWSnf-0001Sw-Vz@franck.debian.org> and subject line Bug#762160: fixed in apt 0.8.10.3+squeeze5 has caused the Debian Bug report #762160, regarding apt: [regression] relative paths for Dir are broken to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 762160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762160 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: [regression] 406 Not acceptable errors
- From: Paul Wise <pabs@debian.org>
- Date: Fri, 19 Sep 2014 13:31:04 +0800
- Message-id: <[🔎] 1411104663.18352.13.camel@debian.org>
Package: apt Version: 0.9.7.9+deb7u4 Severity: important The recent apt security updates broke the Debian derivatives census scripts, various sites now return "406 Not acceptable" errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. I also note that if I use the same sources.list with chdist from devscripts I do *not* get the same errors. Looking at the wireshark log, the difference is that chdist only gets 304 and 404 HTTP codes but plain apt gets 304, 404, 416 and 406 codes. These sources.list files exhibit the issue: https://dex.alioth.debian.org/census/Aptosid/sources.list https://dex.alioth.debian.org/census/ArcheOS/sources.list https://dex.alioth.debian.org/census/AstraLinux/sources.list https://dex.alioth.debian.org/census/BCCD/sources.list https://dex.alioth.debian.org/census/HandyLinux/sources.list https://dex.alioth.debian.org/census/Ordissimo/sources.list https://dex.alioth.debian.org/census/SteamOS/sources.list https://dex.alioth.debian.org/census/Tucunare/sources.list https://dex.alioth.debian.org/census/sources.list https://dex.alioth.debian.org/census/sources.list rm -rf sources.list apt.conf apt cat <<EOF > sources.list deb [arch=i386,amd64] http://aptosid.com/debian/ sid main fix.main deb-src http://aptosid.com/debian/ sid main fix.main EOF cat <<EOF > apt.conf Dir "apt"; Dir::State::status "./apt/var/lib/dpkg/status"; Dir::Etc::sourcelist "./sources.list"; EOF mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg export APT_CONFIG=`pwd`/apt.conf apt-get update apt-get update -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-7+deb7u6 ii libapt-pkg4.12 0.9.7.9+deb7u4 ii libc6 2.13-38+deb7u4 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.6.8.2-1 ii dpkg-dev 1.16.15 pn python-apt <none> ii xz-utils 5.1.1alpha+20120614-2 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWiseAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 762160-close@bugs.debian.org
- Subject: Bug#762160: fixed in apt 0.8.10.3+squeeze5
- From: Michael Vogt <mvo@debian.org>
- Date: Tue, 23 Sep 2014 16:18:47 +0000
- Message-id: <E1XWSnf-0001Sw-Vz@franck.debian.org>
Source: apt Source-Version: 0.8.10.3+squeeze5 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762160@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 Sep 2014 08:54:46 +0200 Source: apt Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all amd64 Version: 0.8.10.3+squeeze5 Distribution: squeeze-lts Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - Advanced front-end for dpkg apt-doc - Documentation for APT apt-transport-https - APT https transport apt-utils - APT utility programs libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - Documentation for APT development Closes: 762160 Changes: apt (0.8.10.3+squeeze5) squeeze-lts; urgency=high . * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * fix regression when Dir::state::lists is set to a relative path (closes: 762160) * fix regression when cdrom: sources got rewriten by apt-cdrom add Checksums-Sha1: ef81272678516299c11ed2b80ab1f48b44a1439a 1991 apt_0.8.10.3+squeeze5.dsc 0724490b1a40b846fa92e8deabb9b378711a3315 3154123 apt_0.8.10.3+squeeze5.tar.gz c02f7f2bb2838f014be02751101d9429501534b8 235506 apt-doc_0.8.10.3+squeeze5_all.deb b537ae7ad0ab3719e18f969807edc04f06e371a4 698852 libapt-pkg-doc_0.8.10.3+squeeze5_all.deb 1c14aabea5d4837d8453cff0453443cb87d5df64 2185702 apt_0.8.10.3+squeeze5_amd64.deb 7ae5f0581b22c7856a4b968d354cc6846f2a29f7 151560 libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb 1eb5704ef0cb00622682f5c86d66b748c3e2e508 275822 apt-utils_0.8.10.3+squeeze5_amd64.deb 1021e1242cfdfe9179a69d1edfa8861b9dc34096 84106 apt-transport-https_0.8.10.3+squeeze5_amd64.deb Checksums-Sha256: 42ce0bcd753b359442c489c16e5b71395eecc693e33d16c92b99573c6c778d21 1991 apt_0.8.10.3+squeeze5.dsc 3876033029bc13662a4de1579fa2d10315fd3b759bea141260bacdf3c6c35f3b 3154123 apt_0.8.10.3+squeeze5.tar.gz f2180f67fc119ff94050d2f4f35b91cbee1219cd41cb0bed3d5fc8ed58378d35 235506 apt-doc_0.8.10.3+squeeze5_all.deb 3bc35dd8ad94077b837403c6df5a3d2c948d48d9828886cc0e2987d329385b12 698852 libapt-pkg-doc_0.8.10.3+squeeze5_all.deb 644c718b6712e8d7b479b24717115d4b1dfd611935596ea6d44fb49ed710deb9 2185702 apt_0.8.10.3+squeeze5_amd64.deb 21981a71028156821c9a8fe98b14fe7fc3660b797d8af7ee150f362be88bdec4 151560 libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb 180d74289184fe5a7bff0f61ad9f6570d4e86faf73e57a7dafdccacc06950486 275822 apt-utils_0.8.10.3+squeeze5_amd64.deb 3562e4598edc6554a60bf8c42ffa9c93b37a0524ff12983f634720afbf91bd4f 84106 apt-transport-https_0.8.10.3+squeeze5_amd64.deb Files: 23356be8a099e29e81c0fd8aae7c18d3 1991 admin important apt_0.8.10.3+squeeze5.dsc 30c8b4322247d869e5b61f140813dc81 3154123 admin important apt_0.8.10.3+squeeze5.tar.gz c8235f00568080ade9099605c37741b9 235506 doc optional apt-doc_0.8.10.3+squeeze5_all.deb 43ed16493fa11f11530fa2bb94152b16 698852 doc optional libapt-pkg-doc_0.8.10.3+squeeze5_all.deb 7d1038e98d43fde646782702cf74bc90 2185702 admin important apt_0.8.10.3+squeeze5_amd64.deb 75152c525e93b3dd73b315e05232b48f 151560 libdevel optional libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb 647be04f70d58152723a9a3fe6de97cd 275822 admin important apt-utils_0.8.10.3+squeeze5_amd64.deb fcb9f2a541ff18f625a01f509b482e68 84106 admin optional apt-transport-https_0.8.10.3+squeeze5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJUISK/AAoJEJjKuzq9TKWev40P/RBjLY9mmpnFpDsRHWhJiDxA 6WwDmaovVSxaaXw1YuWMzyO/pIdv3k3mvMJLY1xOOQUpDuc9AuiW9NCMD5u88KTJ Y68coXUnG4Hx9RRf/h35p8V02IucSoRgU9v8kz68PN7ji9+vEHEhKgOmomW++ZSf SO8hzb9XiS0P04n8hVPvEjQk5ZdX4Oq1AzLdZ26nxrZfjqLsdudSnHOvCFSHC2HR s+3pQAeSFf4PwWgFJZDFASkjbVASZ1QT5uIN3itJw9RH5B2t7rxGrelK5kHRq4MZ pmQQ+2o+70dWdiZ2wPMlJA4jfRZbyZWhg3IT3NKc+JOoHMwScFiSMfJZLwAbw6BB oP9uhDCEt2irnIpDu7IZKt3yTaOJaUzTMPls8ohztntDbRKwZ4Xw68ZvY2jK5w6X f5oRBqCIojgn1nYjlQNXziky/9PtQf1/oBN/AXaBVkgMb7Yn1PifvX06GnR3OMs1 r+R4Zym/gQsjozkD/kG0W0gtK6pWpP8UaQQb3T3fFtoW1jC1do9phX8hT6jZRvI4 C2UebmFfzvXmiguHo360MamEuRbU8byACpIZMfC6fPv9zQR3fW1fbTLH+tPleVqW Nh0DZ+YY/bFQ0X9IFYMS9B0jJLBjEkrI3CZcoEnhdwGPSvHfX7xiaawtPSm4PF6W qhrUrhUm4ShMrOnp1wvK =lbjM -----END PGP SIGNATURE-----
--- End Message ---