Your message dated Sun, 06 Mar 2016 19:19:24 +0000 with message-id <E1aceD7-0001QU-02@franck.debian.org> and subject line Bug#816837: fixed in apt 1.2.5 has caused the Debian Bug report #816837, regarding dropped .ed.date.gz files in cwd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 816837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816837 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: dropped .ed.date.gz files in cwd
- From: Joey Hess <id@joeyh.name>
- Date: Sat, 5 Mar 2016 12:40:15 -0400
- Message-id: <[🔎] 20160305164015.GA10150@kitenet.net>
Package: apt Version: 1.2.3 Severity: normal Tags: security I ran sudo apt-get update in a directory (~/src/git-annex), interrupted it, and noticed all these temp files, which contain ed diffs to Packages. -rw-r--r-- 1 root root 29 Feb 23 23:06 .ed.2016-02-24-0258.17.gz -rw-r--r-- 1 root root 949 Feb 24 04:57 .ed.2016-02-24-0852.43.gz -rw-r--r-- 1 root root 12K Feb 24 11:09 .ed.2016-02-24-1501.06.gz -rw-r--r-- 1 root root 36K Feb 24 16:54 .ed.2016-02-24-2052.14.gz -rw-r--r-- 1 root root 44 Feb 24 22:52 .ed.2016-02-25-0249.22.gz -rw-r--r-- 1 root root 22K Feb 25 04:57 .ed.2016-02-25-0855.02.gz As well as being the wrong place to put temp files, this could be exploitable, since a regular user can replace these files with malicious ones. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; APT::Sandbox ""; APT::Sandbox::User "_apt"; APT::Authentication ""; APT::Authentication::TrustCDROM "true"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-image-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.3\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.2\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.3\.0-1-amd64$"; APT::VersionedKernelPackages ""; APT::VersionedKernelPackages:: "linux-image"; APT::VersionedKernelPackages:: "linux-headers"; APT::VersionedKernelPackages:: "linux-image-extra"; APT::VersionedKernelPackages:: "linux-signed-image"; APT::VersionedKernelPackages:: "kfreebsd-image"; APT::VersionedKernelPackages:: "kfreebsd-headers"; APT::VersionedKernelPackages:: "gnumach-image"; APT::VersionedKernelPackages:: ".*-modules"; APT::VersionedKernelPackages:: ".*-kernel"; APT::VersionedKernelPackages:: "linux-backports-modules-.*"; APT::VersionedKernelPackages:: "linux-tools"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "contrib/metapackages"; APT::Never-MarkAuto-Sections:: "non-free/metapackages"; APT::Never-MarkAuto-Sections:: "restricted/metapackages"; APT::Never-MarkAuto-Sections:: "universe/metapackages"; APT::Never-MarkAuto-Sections:: "multiverse/metapackages"; APT::Move-Autobit-Sections ""; APT::Move-Autobit-Sections:: "oldlibs"; APT::Move-Autobit-Sections:: "contrib/oldlibs"; APT::Move-Autobit-Sections:: "non-free/oldlibs"; APT::Move-Autobit-Sections:: "restricted/oldlibs"; APT::Move-Autobit-Sections:: "universe/oldlibs"; APT::Move-Autobit-Sections:: "multiverse/oldlibs"; APT::Update ""; APT::Update::Post-Invoke-Success ""; APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; APT::Architectures ""; APT::Architectures:: "amd64"; APT::Architectures:: "i386"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "0"; APT::Compressor::lz4 ""; APT::Compressor::lz4::Name "lz4"; APT::Compressor::lz4::Extension ".lz4"; APT::Compressor::lz4::Binary "false"; APT::Compressor::lz4::Cost "50"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "100"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-6n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "200"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "300"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-6"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "400"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-6"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::mirrors "mirrors/"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Bin::lz4 "/usr/bin/lz4"; Dir::Bin::lzma "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/cdrom"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::AllowInsecureRepositories "1"; Acquire::AllowDowngradeToInsecureRepositories "0"; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom"; Acquire::IndexTargets ""; Acquire::IndexTargets::deb ""; Acquire::IndexTargets::deb::Packages ""; Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages"; Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages"; Acquire::IndexTargets::deb::Packages::ShortDescription "Packages"; Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages"; Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages"; Acquire::IndexTargets::deb::Packages::Optional "0"; Acquire::IndexTargets::deb::Translations ""; Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb-src ""; Acquire::IndexTargets::deb-src::Sources ""; Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources"; Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources"; Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources"; Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources"; Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources"; Acquire::IndexTargets::deb-src::Sources::Optional "0"; Acquire::Changelogs ""; Acquire::Changelogs::URI ""; Acquire::Changelogs::URI::Origin ""; Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog"; Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; DPkg ""; DPkg::Pre-Invoke ""; DPkg::Pre-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper pre-install; fi"; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi"; DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; RPM ""; RPM::Pre-Invoke ""; RPM::Pre-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper pre-install; fi"; RPM::Post-Invoke ""; RPM::Post-Invoke:: "if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi"; Binary "apt-config"; Binary::apt ""; Binary::apt::APT ""; Binary::apt::APT::Color "1"; Binary::apt::APT::Cache ""; Binary::apt::APT::Cache::Show ""; Binary::apt::APT::Cache::Show::Version "2"; Binary::apt::APT::Cache::AllVersions "0"; Binary::apt::APT::Cache::ShowVirtuals "1"; Binary::apt::APT::Cache::Search ""; Binary::apt::APT::Cache::Search::Version "2"; Binary::apt::APT::Cache::ShowDependencyType "1"; Binary::apt::APT::Cache::ShowVersion "1"; Binary::apt::APT::Get ""; Binary::apt::APT::Get::Upgrade-Allow-New "1"; Binary::apt::APT::Cmd ""; Binary::apt::APT::Cmd::Show-Update-Stats "1"; Binary::apt::APT::Keep-Downloaded-Packages "0"; Binary::apt::DPkg ""; Binary::apt::DPkg::Progress-Fancy "1"; Binary::apt::Acquire ""; Binary::apt::Acquire::AllowInsecureRepositories "0"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- /etc/apt/sources.list -- deb http://httpredir.debian.org/debian unstable main contrib non-free #deb-src http://httpredir.debian.org/debian unstable main contrib non-free deb http://httpredir.debian.org/debian experimental main contrib non-free #deb-src http://httpredir.debian.org/debian experimental main contrib non-free -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.113+nmu3 ii debian-archive-keyring 2014.3 ii gnupg 1.4.20-3 ii gnupg2 2.1.11-5 ii gpgv 1.4.20-3 ii gpgv2 2.1.11-5 ii libapt-pkg5.0 1.2.3 ii libc6 2.21-8 ii libgcc1 1:5.3.1-8 ii libstdc++6 5.3.1-8 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.7.5-3 ii dpkg-dev 1.18.4 ii python-apt 1.1.0~beta1 ii synaptic 0.83+b1 -- no debconf information -- see shy joAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 816837-close@bugs.debian.org
- Subject: Bug#816837: fixed in apt 1.2.5
- From: Julian Andres Klode <jak@debian.org>
- Date: Sun, 06 Mar 2016 19:19:24 +0000
- Message-id: <E1aceD7-0001QU-02@franck.debian.org>
Source: apt Source-Version: 1.2.5 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 816837@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Andres Klode <jak@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 06 Mar 2016 19:47:45 +0100 Source: apt Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 1.2.5 Distribution: unstable Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package management related utility programs libapt-inst2.0 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg5.0 - package management runtime library Closes: 751688 812251 816691 816837 Changes: apt (1.2.5) unstable; urgency=medium . [ Daniel Kahn Gillmor ] * apt-key del should correctly handle keyids prefixed with 0x . [ David Kalnischkies ] * support APT::Get::Build-Dep-Automatic again in build-dep * add test for apt-key 0xKEY and use parameter expansion. Thanks to James McCoy for the suggestion. (Closes: 816691) * do not move not-failed pdiff-patches into CWD on failure (Closes: #816837) * get group again after potential remap in Source: parse. Thanks to Francesco Poli and Marc Haber for testdata. (Closes: 812251) . [ Colin Watson ] * Fix lzma write support to handle "try again" case (Closes: #751688) . [ Julian Andres Klode ] * Prevent double remapping of iterators and string views * debian/control: Set Standards-Version to 3.9.7 Checksums-Sha1: e1f0f2899572173dac6a1b905538654f3ec84380 2323 apt_1.2.5.dsc 39bea5b453fb53eaf54e9e86ae6f1a838d4c2e2f 2021276 apt_1.2.5.tar.xz Checksums-Sha256: 555b532ea99b760fecc53a87b5060f2a0c356c9de5f0b9de42a806e0f622882d 2323 apt_1.2.5.dsc cc61eeeb32309d295f6348ba5e9c37bc54d5af7cdd1fa9e75abfbbd9c4c827b6 2021276 apt_1.2.5.tar.xz Files: b68e6b93fa2f4f40f903c70ab4e2b608 2323 admin important apt_1.2.5.dsc 19ee3d6c146c57e16a31f802540d1bf0 2021276 admin important apt_1.2.5.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJW3HvqAAoJENc8OeVlgLOGkPAP/2J8lMPhXtZGvqcd9GFEOzQt h24zDcCkKu0tZ0XmMhSAvEMIL3V88fKfEA1Gf2TJm3rDwyBKio5FLAheP/+b+apa xNPCQE6TuRvsyemyeGkN0eE6JPsGy72+RA+Ut3/hg104/grKPcW3ejc8uFuKxHl5 aBoNkDCKCoUe7pnP9iwJUzytj9od2gqzSjWJFoJr4OumhtSXZzqoGwuWckKp349J wxnQrj4ODAhaX+vLn0n01BsFNwgb34q1v4TXtRDd3wtpX6s4ZwZM1VBLP2C6mYNw 3mMy8fkLvUcOqW1wlgvKDk4E5+t1KRzTGFfVkDIrkMK8J6vypOXz3LQ1KVplNB9Q YrDViUDxeOzGor/1ZT9TD+kUDAI4ynTIWHV29UROiEOX9JJu1K5A/ZnnINN70OdF H5yZSFA4lv6EYYvXYpdGkSHj2xVSyBBamAOtUV+H+E88u9mbT1TeLb1uqCNNoTdo aJ966xzYuKKXPrT3h07EiQzh6jJ5/ih6OXgVE3w1tB0fA06hoNiwtnUcD1w3AU0Q akHYIVgJn8eGlxbjswh2hBwL1OxxsBMMSiykZvOAGZacZfXbk7iBqb3C4WEztLRl 7RJ4HMhmy7A/Z8KlK2Xcfu+ytzc6QuF1lWFP2puBETV11LWqNLgmBySW/aRo5dVV 1efRhL785tiTAXpBKDNj =jdyZ -----END PGP SIGNATURE-----
--- End Message ---