Bug#762161: marked as done (apt: [regression] relative paths for Dir are broken)

To: Michael Vogt <mvo@debian.org>
Subject: Bug#762161: marked as done (apt: [regression] relative paths for Dir are broken)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 23 Sep 2014 16:21:13 +0000
Message-id: <[🔎] handler.762161.D762160.141148912917031.ackdone@bugs.debian.org>
References: <E1XWSnf-0001Sw-Vz@franck.debian.org> <[🔎] 1411105980.18352.15.camel@debian.org>

Your message dated Tue, 23 Sep 2014 16:18:47 +0000
with message-id <E1XWSnf-0001Sw-Vz@franck.debian.org>
and subject line Bug#762160: fixed in apt 0.8.10.3+squeeze5
has caused the Debian Bug report #762160,
regarding apt: [regression] relative paths for Dir are broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
762160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762160
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apt: [regression] Bad header line and 404 errors
From: Paul Wise <pabs@debian.org>
Date: Fri, 19 Sep 2014 13:53:00 +0800
Message-id: <[🔎] 1411105980.18352.15.camel@debian.org>

Package: apt
Version: 0.9.7.9+deb7u4
Severity: important

The recent apt security updates broke the Debian derivatives census
scripts, various sites now return "Bad header line" and 404 errors.

The set of instructions below produces the errors on the second apt-get
update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2.

I also note that if I use the same sources.list with chdist from
devscripts I do *not* get the same errors.

This may be the same bug as #762160, I'm not sure.

These sources.list files exhibit the issue:

https://dex.alioth.debian.org/census/siduction/sources.list
https://dex.alioth.debian.org/census/Kali/sources.list
https://dex.alioth.debian.org/census/Maemo/sources.list
https://dex.alioth.debian.org/census/Canaima/sources.list
https://dex.alioth.debian.org/census/Raspbian/sources.list

rm -rf sources.list apt.conf apt
cat <<EOF > sources.list
deb [arch=i386,amd64] http://packages.siduction.org/base unstable main
deb-src http://packages.siduction.org/base unstable main
deb [arch=i386,amd64] http://packages.siduction.org/fixes unstable main
deb-src http://packages.siduction.org/fixes unstable main
EOF
cat <<EOF > apt.conf
Dir "apt";
Dir::State::status "./apt/var/lib/dpkg/status";
Dir::Etc::sourcelist "./sources.list";
EOF
mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial
touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg
export APT_CONFIG=`pwd`/apt.conf
apt-get update
apt-get update

-- System Information:
Debian Release: 7.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2012.4
ii  gnupg                   1.4.12-7+deb7u6
ii  libapt-pkg4.12          0.9.7.9+deb7u4
ii  libc6                   2.13-38+deb7u4
ii  libgcc1                 1:4.7.2-5
ii  libstdc++6              4.7.2-5

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.8.2-1
ii  dpkg-dev    1.16.15
pn  python-apt  <none>
ii  xz-utils    5.1.1alpha+20120614-2

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

To: 762160-close@bugs.debian.org
Subject: Bug#762160: fixed in apt 0.8.10.3+squeeze5
From: Michael Vogt <mvo@debian.org>
Date: Tue, 23 Sep 2014 16:18:47 +0000
Message-id: <E1XWSnf-0001Sw-Vz@franck.debian.org>

Source: apt
Source-Version: 0.8.10.3+squeeze5

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 762160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Sep 2014 08:54:46 +0200
Source: apt
Binary: apt apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.8.10.3+squeeze5
Distribution: squeeze-lts
Urgency: high
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - Advanced front-end for dpkg
 apt-doc    - Documentation for APT
 apt-transport-https - APT https transport
 apt-utils  - APT utility programs
 libapt-pkg-dev - Development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - Documentation for APT development
Closes: 762160
Changes: 
 apt (0.8.10.3+squeeze5) squeeze-lts; urgency=high
 .
   * SECURITY UPDATE:
     - fix potential buffer overflow, thanks to the
       Google Security Team (CVE-2014-6273)
   * fix regression when Dir::state::lists is set to a relative
     path (closes: 762160)
   * fix regression when cdrom: sources got rewriten by apt-cdrom
     add
Checksums-Sha1: 
 ef81272678516299c11ed2b80ab1f48b44a1439a 1991 apt_0.8.10.3+squeeze5.dsc
 0724490b1a40b846fa92e8deabb9b378711a3315 3154123 apt_0.8.10.3+squeeze5.tar.gz
 c02f7f2bb2838f014be02751101d9429501534b8 235506 apt-doc_0.8.10.3+squeeze5_all.deb
 b537ae7ad0ab3719e18f969807edc04f06e371a4 698852 libapt-pkg-doc_0.8.10.3+squeeze5_all.deb
 1c14aabea5d4837d8453cff0453443cb87d5df64 2185702 apt_0.8.10.3+squeeze5_amd64.deb
 7ae5f0581b22c7856a4b968d354cc6846f2a29f7 151560 libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb
 1eb5704ef0cb00622682f5c86d66b748c3e2e508 275822 apt-utils_0.8.10.3+squeeze5_amd64.deb
 1021e1242cfdfe9179a69d1edfa8861b9dc34096 84106 apt-transport-https_0.8.10.3+squeeze5_amd64.deb
Checksums-Sha256: 
 42ce0bcd753b359442c489c16e5b71395eecc693e33d16c92b99573c6c778d21 1991 apt_0.8.10.3+squeeze5.dsc
 3876033029bc13662a4de1579fa2d10315fd3b759bea141260bacdf3c6c35f3b 3154123 apt_0.8.10.3+squeeze5.tar.gz
 f2180f67fc119ff94050d2f4f35b91cbee1219cd41cb0bed3d5fc8ed58378d35 235506 apt-doc_0.8.10.3+squeeze5_all.deb
 3bc35dd8ad94077b837403c6df5a3d2c948d48d9828886cc0e2987d329385b12 698852 libapt-pkg-doc_0.8.10.3+squeeze5_all.deb
 644c718b6712e8d7b479b24717115d4b1dfd611935596ea6d44fb49ed710deb9 2185702 apt_0.8.10.3+squeeze5_amd64.deb
 21981a71028156821c9a8fe98b14fe7fc3660b797d8af7ee150f362be88bdec4 151560 libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb
 180d74289184fe5a7bff0f61ad9f6570d4e86faf73e57a7dafdccacc06950486 275822 apt-utils_0.8.10.3+squeeze5_amd64.deb
 3562e4598edc6554a60bf8c42ffa9c93b37a0524ff12983f634720afbf91bd4f 84106 apt-transport-https_0.8.10.3+squeeze5_amd64.deb
Files: 
 23356be8a099e29e81c0fd8aae7c18d3 1991 admin important apt_0.8.10.3+squeeze5.dsc
 30c8b4322247d869e5b61f140813dc81 3154123 admin important apt_0.8.10.3+squeeze5.tar.gz
 c8235f00568080ade9099605c37741b9 235506 doc optional apt-doc_0.8.10.3+squeeze5_all.deb
 43ed16493fa11f11530fa2bb94152b16 698852 doc optional libapt-pkg-doc_0.8.10.3+squeeze5_all.deb
 7d1038e98d43fde646782702cf74bc90 2185702 admin important apt_0.8.10.3+squeeze5_amd64.deb
 75152c525e93b3dd73b315e05232b48f 151560 libdevel optional libapt-pkg-dev_0.8.10.3+squeeze5_amd64.deb
 647be04f70d58152723a9a3fe6de97cd 275822 admin important apt-utils_0.8.10.3+squeeze5_amd64.deb
 fcb9f2a541ff18f625a01f509b482e68 84106 admin optional apt-transport-https_0.8.10.3+squeeze5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJUISK/AAoJEJjKuzq9TKWev40P/RBjLY9mmpnFpDsRHWhJiDxA
6WwDmaovVSxaaXw1YuWMzyO/pIdv3k3mvMJLY1xOOQUpDuc9AuiW9NCMD5u88KTJ
Y68coXUnG4Hx9RRf/h35p8V02IucSoRgU9v8kz68PN7ji9+vEHEhKgOmomW++ZSf
SO8hzb9XiS0P04n8hVPvEjQk5ZdX4Oq1AzLdZ26nxrZfjqLsdudSnHOvCFSHC2HR
s+3pQAeSFf4PwWgFJZDFASkjbVASZ1QT5uIN3itJw9RH5B2t7rxGrelK5kHRq4MZ
pmQQ+2o+70dWdiZ2wPMlJA4jfRZbyZWhg3IT3NKc+JOoHMwScFiSMfJZLwAbw6BB
oP9uhDCEt2irnIpDu7IZKt3yTaOJaUzTMPls8ohztntDbRKwZ4Xw68ZvY2jK5w6X
f5oRBqCIojgn1nYjlQNXziky/9PtQf1/oBN/AXaBVkgMb7Yn1PifvX06GnR3OMs1
r+R4Zym/gQsjozkD/kG0W0gtK6pWpP8UaQQb3T3fFtoW1jC1do9phX8hT6jZRvI4
C2UebmFfzvXmiguHo360MamEuRbU8byACpIZMfC6fPv9zQR3fW1fbTLH+tPleVqW
Nh0DZ+YY/bFQ0X9IFYMS9B0jJLBjEkrI3CZcoEnhdwGPSvHfX7xiaawtPSm4PF6W
qhrUrhUm4ShMrOnp1wvK
=lbjM
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#762161: apt: [regression] Bad header line and 404 errors
  - From: Paul Wise <pabs@debian.org>

Prev by Date: apt_0.8.10.3+squeeze5_amd64.changes ACCEPTED into squeeze-lts
Next by Date: Bug#762160: marked as done (apt: [regression] relative paths for Dir are broken)
Previous by thread: Bug#762161: apt: [regression] Bad header line and 404 errors
Next by thread: Bug#762161: marked as done (apt: [regression] relative paths for Dir are broken)
Index(es):
- Date
- Thread