Your message dated Wed, 24 Sep 2014 22:17:25 +0000 with message-id <E1XWusH-0006qx-Ol@franck.debian.org> and subject line Bug#762160: fixed in apt 0.9.7.9+deb7u5 has caused the Debian Bug report #762160, regarding apt: [regression] relative paths for Dir are broken to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 762160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762160 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: [regression] Bad header line and 404 errors
- From: Paul Wise <pabs@debian.org>
- Date: Fri, 19 Sep 2014 13:53:00 +0800
- Message-id: <[🔎] 1411105980.18352.15.camel@debian.org>
Package: apt Version: 0.9.7.9+deb7u4 Severity: important The recent apt security updates broke the Debian derivatives census scripts, various sites now return "Bad header line" and 404 errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. I also note that if I use the same sources.list with chdist from devscripts I do *not* get the same errors. This may be the same bug as #762160, I'm not sure. These sources.list files exhibit the issue: https://dex.alioth.debian.org/census/siduction/sources.list https://dex.alioth.debian.org/census/Kali/sources.list https://dex.alioth.debian.org/census/Maemo/sources.list https://dex.alioth.debian.org/census/Canaima/sources.list https://dex.alioth.debian.org/census/Raspbian/sources.list rm -rf sources.list apt.conf apt cat <<EOF > sources.list deb [arch=i386,amd64] http://packages.siduction.org/base unstable main deb-src http://packages.siduction.org/base unstable main deb [arch=i386,amd64] http://packages.siduction.org/fixes unstable main deb-src http://packages.siduction.org/fixes unstable main EOF cat <<EOF > apt.conf Dir "apt"; Dir::State::status "./apt/var/lib/dpkg/status"; Dir::Etc::sourcelist "./sources.list"; EOF mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg export APT_CONFIG=`pwd`/apt.conf apt-get update apt-get update -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-7+deb7u6 ii libapt-pkg4.12 0.9.7.9+deb7u4 ii libc6 2.13-38+deb7u4 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.6.8.2-1 ii dpkg-dev 1.16.15 pn python-apt <none> ii xz-utils 5.1.1alpha+20120614-2 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWiseAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 762160-close@bugs.debian.org
- Subject: Bug#762160: fixed in apt 0.9.7.9+deb7u5
- From: Michael Vogt <mvo@debian.org>
- Date: Wed, 24 Sep 2014 22:17:25 +0000
- Message-id: <E1XWusH-0006qx-Ol@franck.debian.org>
Source: apt Source-Version: 0.9.7.9+deb7u5 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 762160@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 Sep 2014 08:56:27 +0200 Source: apt Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all amd64 Version: 0.9.7.9+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package managment related utility programs libapt-inst1.5 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg4.12 - package managment runtime library Closes: 762160 Changes: apt (0.9.7.9+deb7u5) wheezy-security; urgency=high . * SECURITY UPDATE: - methods/http.cc: fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * fix regression when Dir::state::lists is set to a relative path (closes: 762160) * fix regression when cdrom: sources got rewriten by apt-cdrom add Checksums-Sha1: 62736ce6b979f8979262b788863adddf7818f4c4 2364 apt_0.9.7.9+deb7u5.dsc 07443ad2fdeae339e7b65e1a61c8a97126caaabd 3387096 apt_0.9.7.9+deb7u5.tar.gz cc1ea58cb95f1f54df1f3e3ef108e2fb688c2b2a 261746 apt-doc_0.9.7.9+deb7u5_all.deb 633301137d829701e5e84b2bbf9348334788bec2 964220 libapt-pkg-doc_0.9.7.9+deb7u5_all.deb fde1fbe3072354a2ada678391a6eff9a666ce7f8 891260 libapt-pkg4.12_0.9.7.9+deb7u5_amd64.deb b9bc6e62aca0f0df094bce4715f35cd5a3c574e9 166942 libapt-inst1.5_0.9.7.9+deb7u5_amd64.deb 4eca7305ca25d2607d510516e34715ed60933195 1261662 apt_0.9.7.9+deb7u5_amd64.deb b4cd2716407882863c7b8bd4beeb154b2b309b40 187296 libapt-pkg-dev_0.9.7.9+deb7u5_amd64.deb 596e87c7e2c59dc0b4778b2fb4fdcc84465d2db2 377764 apt-utils_0.9.7.9+deb7u5_amd64.deb 08ac2b7f5192ea0f04017a91e3e3f2cf4612ca1b 109112 apt-transport-https_0.9.7.9+deb7u5_amd64.deb Checksums-Sha256: ea217d60486d41a25401631c66e705b29733e0c92b13503c0103c6b74095d17b 2364 apt_0.9.7.9+deb7u5.dsc 69b45a86607cb178e5892522d66bcf95307145181dc8b5101aafeb79d8298d71 3387096 apt_0.9.7.9+deb7u5.tar.gz 1d45222f95ac6e2d89aed7c0ccc113ab6b72bb6e2dd295d048319cfe551e4bb9 261746 apt-doc_0.9.7.9+deb7u5_all.deb 55564d52387c3a24fd0f0e322b98e50c4f728eb40fb011f54ab7876cc0e503d9 964220 libapt-pkg-doc_0.9.7.9+deb7u5_all.deb 034fdb30dbeef9e31cff6acc24fce82ece27a8c2d372fecadbba3976733e7535 891260 libapt-pkg4.12_0.9.7.9+deb7u5_amd64.deb 4ad87b5c9d9951e666dd877da241632643c18079bae5055e9fe75fc836b7ff5f 166942 libapt-inst1.5_0.9.7.9+deb7u5_amd64.deb a2ae022c424f8e38a261fb428a92885fab5a1facafbe019a4c362345aadb1b09 1261662 apt_0.9.7.9+deb7u5_amd64.deb babf380caff6f115530789b66b3a9794dd6e7a9733ac17fa71784fc6cdf75973 187296 libapt-pkg-dev_0.9.7.9+deb7u5_amd64.deb 53b41771c2898e63fa54cae023a4e9e6393b08b3d2313ed45cf1959cf422acda 377764 apt-utils_0.9.7.9+deb7u5_amd64.deb 3033b5402357539d957e4b6ce0813f1d5a0d399d5d49ef138dea7a58e703b815 109112 apt-transport-https_0.9.7.9+deb7u5_amd64.deb Files: 7fc9e059dac553d7293d02f995785423 2364 admin important apt_0.9.7.9+deb7u5.dsc 6d3cdf9a5c57e67a7564eb0d980aa1db 3387096 admin important apt_0.9.7.9+deb7u5.tar.gz 39d0f20bc16987da79f16dda3c81041d 261746 doc optional apt-doc_0.9.7.9+deb7u5_all.deb c28c8bfbb4e84d0db202e1844f6103ef 964220 doc optional libapt-pkg-doc_0.9.7.9+deb7u5_all.deb 363b8ffb80eeee750f3ac7a7fa9c358e 891260 libs important libapt-pkg4.12_0.9.7.9+deb7u5_amd64.deb 4b455ccda772776f7fcaa4e1fb8f5a3b 166942 libs important libapt-inst1.5_0.9.7.9+deb7u5_amd64.deb f105122b977dfeb41b788997dee2b377 1261662 admin important apt_0.9.7.9+deb7u5_amd64.deb 868c365e4bcd1a0eaedabee4f679d572 187296 libdevel optional libapt-pkg-dev_0.9.7.9+deb7u5_amd64.deb 3235d760eeec6186d5c8bef5261c8358 377764 admin important apt-utils_0.9.7.9+deb7u5_amd64.deb 408d0eb61aa48ac2e017482bba0bec6e 109112 admin optional apt-transport-https_0.9.7.9+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJUISh1AAoJEJjKuzq9TKWezeUQAKb+T8jg6wxZc693ivth6LK+ g/jfdgq2pXn6fe+6+ImDdnrnV/xgtXR5ky8n8QnLsEjIAnEKDEgKeiI53hGQ7l8E DBcc00Xwi80WrTw9tIdzqCgqU1drfn7Vr5CDpNOIU+WNHHBiBza/3ROgN+UzovfD g1R5sKZGkXqEGW0Sc12egrf3FGC+gFb+FdMSpf61eg3s8+S95/tiKzeQPFFuFL2t 1o8+63hXI+9BMf0Wm3K+yqtMODSnNdAZqE9xZ430cmzvLxJjKyHQgSFVz3sZ4ttW zMxDMYjsjWpkgLBamQ4TKmUhZjphm7jQIhadK+4VhhbPehp4gxz8maX/tWHgS8ip ny1v6Xb6ZSzF3+T//NGJqJ00XB7fUq4rhxnvlNiHd7fCb239CFu/Ax2GY7aGxPkO 2dgirtH6ndgsmbNEIx93at1x6poscDOlq1lW3RjOLTcgjcGWEYyeaicDrM+2EihE PWmXmwXRkQe8cz3NElqm9meffv/77TPVg0aVhjw+aQLH7C8AiG7ibB6XfnrIPrp6 8495wsOU6egA5TozjtTmdZwGnAi8ThsBra289LwX1n3k5QTDqJOE6mOVklNoRoFN 6mVv5r6tb8tQWr2xvHt6QOpIq8tSdT5JaWCBMYhC6UTm9ATMetUVpPmmVcH/67LL qfH3+lXQHmkgRcxj53KR =TTJg -----END PGP SIGNATURE-----
--- End Message ---