[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#816837: marked as done (dropped .ed.date.gz files in cwd)

Your message dated Sun, 06 Mar 2016 19:19:24 +0000
with message-id <E1aceD7-0001QU-02@franck.debian.org>
and subject line Bug#816837: fixed in apt 1.2.5
has caused the Debian Bug report #816837,
regarding dropped .ed.date.gz files in cwd
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
816837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816837
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 1.2.3
Severity: normal
Tags: security

I ran sudo apt-get update in a directory (~/src/git-annex), interrupted it,
and noticed all these temp files, which contain ed diffs to Packages.

-rw-r--r-- 1 root root   29 Feb 23 23:06 .ed.2016-02-24-0258.17.gz
-rw-r--r-- 1 root root  949 Feb 24 04:57 .ed.2016-02-24-0852.43.gz
-rw-r--r-- 1 root root  12K Feb 24 11:09 .ed.2016-02-24-1501.06.gz
-rw-r--r-- 1 root root  36K Feb 24 16:54 .ed.2016-02-24-2052.14.gz
-rw-r--r-- 1 root root   44 Feb 24 22:52 .ed.2016-02-25-0249.22.gz
-rw-r--r-- 1 root root  22K Feb 25 04:57 .ed.2016-02-25-0855.02.gz

As well as being the wrong place to put temp files, this could be exploitable,
since a regular user can replace these files with malicious ones.

-- Package-specific info:

-- apt-config dump --

APT "";
APT::Architecture "amd64";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "1";
APT::Install-Suggests "0";
APT::Sandbox "";
APT::Sandbox::User "_apt";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-image-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-headers-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-image-extra-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-signed-image-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-image-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^kfreebsd-headers-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^gnumach-image-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^.*-modules-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^.*-kernel-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.3\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.2\.0-1-amd64$";
APT::NeverAutoRemove:: "^linux-tools-4\.3\.0-1-amd64$";
APT::VersionedKernelPackages "";
APT::VersionedKernelPackages:: "linux-image";
APT::VersionedKernelPackages:: "linux-headers";
APT::VersionedKernelPackages:: "linux-image-extra";
APT::VersionedKernelPackages:: "linux-signed-image";
APT::VersionedKernelPackages:: "kfreebsd-image";
APT::VersionedKernelPackages:: "kfreebsd-headers";
APT::VersionedKernelPackages:: "gnumach-image";
APT::VersionedKernelPackages:: ".*-modules";
APT::VersionedKernelPackages:: ".*-kernel";
APT::VersionedKernelPackages:: "linux-backports-modules-.*";
APT::VersionedKernelPackages:: "linux-tools";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "contrib/metapackages";
APT::Never-MarkAuto-Sections:: "non-free/metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Move-Autobit-Sections "";
APT::Move-Autobit-Sections:: "oldlibs";
APT::Move-Autobit-Sections:: "contrib/oldlibs";
APT::Move-Autobit-Sections:: "non-free/oldlibs";
APT::Move-Autobit-Sections:: "restricted/oldlibs";
APT::Move-Autobit-Sections:: "universe/oldlibs";
APT::Move-Autobit-Sections:: "multiverse/oldlibs";
APT::Update "";
APT::Update::Post-Invoke-Success "";
APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
APT::Architectures "";
APT::Architectures:: "amd64";
APT::Architectures:: "i386";
APT::Compressor "";
APT::Compressor::. "";
APT::Compressor::.::Name ".";
APT::Compressor::.::Extension "";
APT::Compressor::.::Binary "";
APT::Compressor::.::Cost "0";
APT::Compressor::lz4 "";
APT::Compressor::lz4::Name "lz4";
APT::Compressor::lz4::Extension ".lz4";
APT::Compressor::lz4::Binary "false";
APT::Compressor::lz4::Cost "50";
APT::Compressor::gzip "";
APT::Compressor::gzip::Name "gzip";
APT::Compressor::gzip::Extension ".gz";
APT::Compressor::gzip::Binary "gzip";
APT::Compressor::gzip::Cost "100";
APT::Compressor::gzip::CompressArg "";
APT::Compressor::gzip::CompressArg:: "-6n";
APT::Compressor::gzip::UncompressArg "";
APT::Compressor::gzip::UncompressArg:: "-d";
APT::Compressor::xz "";
APT::Compressor::xz::Name "xz";
APT::Compressor::xz::Extension ".xz";
APT::Compressor::xz::Binary "xz";
APT::Compressor::xz::Cost "200";
APT::Compressor::xz::CompressArg "";
APT::Compressor::xz::CompressArg:: "-6";
APT::Compressor::xz::UncompressArg "";
APT::Compressor::xz::UncompressArg:: "-d";
APT::Compressor::bzip2 "";
APT::Compressor::bzip2::Name "bzip2";
APT::Compressor::bzip2::Extension ".bz2";
APT::Compressor::bzip2::Binary "bzip2";
APT::Compressor::bzip2::Cost "300";
APT::Compressor::bzip2::CompressArg "";
APT::Compressor::bzip2::CompressArg:: "-6";
APT::Compressor::bzip2::UncompressArg "";
APT::Compressor::bzip2::UncompressArg:: "-d";
APT::Compressor::lzma "";
APT::Compressor::lzma::Name "lzma";
APT::Compressor::lzma::Extension ".lzma";
APT::Compressor::lzma::Binary "xz";
APT::Compressor::lzma::Cost "400";
APT::Compressor::lzma::CompressArg "";
APT::Compressor::lzma::CompressArg:: "--format=lzma";
APT::Compressor::lzma::CompressArg:: "-6";
APT::Compressor::lzma::UncompressArg "";
APT::Compressor::lzma::UncompressArg:: "--format=lzma";
APT::Compressor::lzma::UncompressArg:: "-d";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::solvers "";
Dir::Bin::solvers:: "/usr/lib/apt/solvers";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Bin::bzip2 "/bin/bzip2";
Dir::Bin::xz "/usr/bin/xz";
Dir::Bin::lz4 "/usr/bin/lz4";
Dir::Bin::lzma "/usr/bin/xz";
Dir::Media "";
Dir::Media::MountPath "/media/cdrom";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
Dir::Ignore-Files-Silently:: "\.save$";
Dir::Ignore-Files-Silently:: "\.orig$";
Dir::Ignore-Files-Silently:: "\.distUpgrade$";
Acquire "";
Acquire::AllowInsecureRepositories "1";
Acquire::AllowDowngradeToInsecureRepositories "0";
Acquire::cdrom "";
Acquire::cdrom::mount "/media/cdrom";
Acquire::IndexTargets "";
Acquire::IndexTargets::deb "";
Acquire::IndexTargets::deb::Packages "";
Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages";
Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages";
Acquire::IndexTargets::deb::Packages::ShortDescription "Packages";
Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages";
Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages";
Acquire::IndexTargets::deb::Packages::Optional "0";
Acquire::IndexTargets::deb::Translations "";
Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)";
Acquire::IndexTargets::deb-src "";
Acquire::IndexTargets::deb-src::Sources "";
Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources";
Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources";
Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources";
Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources";
Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources";
Acquire::IndexTargets::deb-src::Sources::Optional "0";
Acquire::Changelogs "";
Acquire::Changelogs::URI "";
Acquire::Changelogs::URI::Origin "";
Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog";;
Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog";;
Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt";;
Acquire::Languages "";
Acquire::Languages:: "en";
Acquire::Languages:: "none";
DPkg "";
DPkg::Pre-Invoke "";
DPkg::Pre-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper pre-install; fi";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi";
DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
RPM "";
RPM::Pre-Invoke "";
RPM::Pre-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper pre-install; fi";
RPM::Post-Invoke "";
RPM::Post-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi";
Binary "apt-config";
Binary::apt "";
Binary::apt::APT "";
Binary::apt::APT::Color "1";
Binary::apt::APT::Cache "";
Binary::apt::APT::Cache::Show "";
Binary::apt::APT::Cache::Show::Version "2";
Binary::apt::APT::Cache::AllVersions "0";
Binary::apt::APT::Cache::ShowVirtuals "1";
Binary::apt::APT::Cache::Search "";
Binary::apt::APT::Cache::Search::Version "2";
Binary::apt::APT::Cache::ShowDependencyType "1";
Binary::apt::APT::Cache::ShowVersion "1";
Binary::apt::APT::Get "";
Binary::apt::APT::Get::Upgrade-Allow-New "1";
Binary::apt::APT::Cmd "";
Binary::apt::APT::Cmd::Show-Update-Stats "1";
Binary::apt::APT::Keep-Downloaded-Packages "0";
Binary::apt::DPkg "";
Binary::apt::DPkg::Progress-Fancy "1";
Binary::apt::Acquire "";
Binary::apt::Acquire::AllowInsecureRepositories "0";
CommandLine "";
CommandLine::AsString "apt-config dump";

-- (no /etc/apt/preferences present) --


-- /etc/apt/sources.list --

deb http://httpredir.debian.org/debian unstable main contrib non-free
#deb-src http://httpredir.debian.org/debian unstable main contrib non-free
deb http://httpredir.debian.org/debian experimental main contrib non-free
#deb-src http://httpredir.debian.org/debian experimental main contrib non-free

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser                 3.113+nmu3
ii  debian-archive-keyring  2014.3
ii  gnupg                   1.4.20-3
ii  gnupg2                  2.1.11-5
ii  gpgv                    1.4.20-3
ii  gpgv2                   2.1.11-5
ii  libapt-pkg5.0           1.2.3
ii  libc6                   2.21-8
ii  libgcc1                 1:5.3.1-8
ii  libstdc++6              5.3.1-8

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.7.5-3
ii  dpkg-dev    1.18.4
ii  python-apt  1.1.0~beta1
ii  synaptic    0.83+b1

-- no debconf information

-- 
see shy jo

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: apt
Source-Version: 1.2.5

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 816837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Mar 2016 19:47:45 +0100
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source
Version: 1.2.5
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 751688 812251 816691 816837
Changes:
 apt (1.2.5) unstable; urgency=medium
 .
   [ Daniel Kahn Gillmor ]
   * apt-key del should correctly handle keyids prefixed with 0x
 .
   [ David Kalnischkies ]
   * support APT::Get::Build-Dep-Automatic again in build-dep
   * add test for apt-key 0xKEY and use parameter expansion.
     Thanks to James McCoy for the suggestion. (Closes: 816691)
   * do not move not-failed pdiff-patches into CWD on failure (Closes: #816837)
   * get group again after potential remap in Source: parse.
     Thanks to Francesco Poli and Marc Haber for testdata. (Closes: 812251)
 .
   [ Colin Watson ]
   * Fix lzma write support to handle "try again" case (Closes: #751688)
 .
   [ Julian Andres Klode ]
   * Prevent double remapping of iterators and string views
   * debian/control: Set Standards-Version to 3.9.7
Checksums-Sha1:
 e1f0f2899572173dac6a1b905538654f3ec84380 2323 apt_1.2.5.dsc
 39bea5b453fb53eaf54e9e86ae6f1a838d4c2e2f 2021276 apt_1.2.5.tar.xz
Checksums-Sha256:
 555b532ea99b760fecc53a87b5060f2a0c356c9de5f0b9de42a806e0f622882d 2323 apt_1.2.5.dsc
 cc61eeeb32309d295f6348ba5e9c37bc54d5af7cdd1fa9e75abfbbd9c4c827b6 2021276 apt_1.2.5.tar.xz
Files:
 b68e6b93fa2f4f40f903c70ab4e2b608 2323 admin important apt_1.2.5.dsc
 19ee3d6c146c57e16a31f802540d1bf0 2021276 admin important apt_1.2.5.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJW3HvqAAoJENc8OeVlgLOGkPAP/2J8lMPhXtZGvqcd9GFEOzQt
h24zDcCkKu0tZ0XmMhSAvEMIL3V88fKfEA1Gf2TJm3rDwyBKio5FLAheP/+b+apa
xNPCQE6TuRvsyemyeGkN0eE6JPsGy72+RA+Ut3/hg104/grKPcW3ejc8uFuKxHl5
aBoNkDCKCoUe7pnP9iwJUzytj9od2gqzSjWJFoJr4OumhtSXZzqoGwuWckKp349J
wxnQrj4ODAhaX+vLn0n01BsFNwgb34q1v4TXtRDd3wtpX6s4ZwZM1VBLP2C6mYNw
3mMy8fkLvUcOqW1wlgvKDk4E5+t1KRzTGFfVkDIrkMK8J6vypOXz3LQ1KVplNB9Q
YrDViUDxeOzGor/1ZT9TD+kUDAI4ynTIWHV29UROiEOX9JJu1K5A/ZnnINN70OdF
H5yZSFA4lv6EYYvXYpdGkSHj2xVSyBBamAOtUV+H+E88u9mbT1TeLb1uqCNNoTdo
aJ966xzYuKKXPrT3h07EiQzh6jJ5/ih6OXgVE3w1tB0fA06hoNiwtnUcD1w3AU0Q
akHYIVgJn8eGlxbjswh2hBwL1OxxsBMMSiykZvOAGZacZfXbk7iBqb3C4WEztLRl
7RJ4HMhmy7A/Z8KlK2Xcfu+ytzc6QuF1lWFP2puBETV11LWqNLgmBySW/aRo5dVV
1efRhL785tiTAXpBKDNj
=jdyZ
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: