Skip to content

Instantly share code, notes, and snippets.

@AGWA AGWA/apt.diff
Created Sep 23, 2014

Embed
What would you like to do?
Diff between apt-0.9.7.9+deb7u4 and apt-0.9.7.9+deb7u5
diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc
--- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700
+++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700
@@ -970,6 +970,12 @@
else
Local = true;
+ // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+ // file when its doing the indexcopy
+ if (RealURI.substr(0,6) == "cdrom:" &&
+ StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
+ return;
+
// The files timestamp matches
if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
{
diff -ru _1/apt-0.9.7.9+deb7u4/debian/changelog _2/apt-0.9.7.9+deb7u5/debian/changelog
--- _1/apt-0.9.7.9+deb7u4/debian/changelog 2014-09-18 02:32:09.000000000 -0700
+++ _2/apt-0.9.7.9+deb7u5/debian/changelog 2014-09-23 00:07:36.000000000 -0700
@@ -1,3 +1,15 @@
+apt (0.9.7.9+deb7u5) wheezy-security; urgency=high
+
+ * SECURITY UPDATE:
+ - methods/http.cc: fix potential buffer overflow, thanks to the
+ Google Security Team (CVE-2014-6273)
+ * fix regression when Dir::state::lists is set to a relative
+ path (closes: 762160)
+ * fix regression when cdrom: sources got rewriten by apt-cdrom
+ add
+
+ -- Michael Vogt <mvo@debian.org> Tue, 23 Sep 2014 08:56:27 +0200
+
apt (0.9.7.9+deb7u4) wheezy-security; urgency=high
* Fix regression in 0.9.7.9+deb7u3 when file:/// sources
diff -ru _1/apt-0.9.7.9+deb7u4/methods/copy.cc _2/apt-0.9.7.9+deb7u5/methods/copy.cc
--- _1/apt-0.9.7.9+deb7u4/methods/copy.cc 2014-08-20 01:32:37.000000000 -0700
+++ _2/apt-0.9.7.9+deb7u5/methods/copy.cc 2014-09-23 00:08:18.000000000 -0700
@@ -55,7 +55,7 @@
bool CopyMethod::Fetch(FetchItem *Itm)
{
URI Get = Itm->Uri;
- std::string File = Get.Path;
+ std::string File = Get.Host + Get.Path; // To account for relative paths
// Stat the file and send a start message
struct stat Buf;
diff -ru _1/apt-0.9.7.9+deb7u4/methods/http.cc _2/apt-0.9.7.9+deb7u5/methods/http.cc
--- _1/apt-0.9.7.9+deb7u4/methods/http.cc 2013-03-01 02:51:21.000000000 -0800
+++ _2/apt-0.9.7.9+deb7u5/methods/http.cc 2014-09-18 05:26:56.000000000 -0700
@@ -666,18 +666,14 @@
URI Uri = Itm->Uri;
// The HTTP server expects a hostname with a trailing :port
- char Buf[1000];
+ std::string Buf;
string ProperHost = Uri.Host;
if (Uri.Port != 0)
{
- sprintf(Buf,":%u",Uri.Port);
+ strprintf(Buf,":%u",Uri.Port);
ProperHost += Buf;
}
- // Just in case.
- if (Itm->Uri.length() >= sizeof(Buf))
- abort();
-
/* Build the request. We include a keep-alive header only for non-proxy
requests. This is to tweak old http/1.0 servers that do support keep-alive
but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server
@@ -685,32 +681,34 @@
pass it on, HTTP/1.1 says the connection should default to keep alive
and we expect the proxy to do this */
if (Proxy.empty() == true || Proxy.Host.empty())
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n",
+ strprintf(Buf, "GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n",
QuoteString(Uri.Path,"~").c_str(),ProperHost.c_str());
else
{
/* Generate a cache control header if necessary. We place a max
cache age on index files, optionally set a no-cache directive
and a no-store directive for archives. */
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
+ strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
Itm->Uri.c_str(),ProperHost.c_str());
}
// generate a cache control header (if needed)
if (_config->FindB("Acquire::http::No-Cache",false) == true)
{
- strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n");
+ Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n";
}
else
{
if (Itm->IndexFile == true)
{
- sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n",
- _config->FindI("Acquire::http::Max-Age",0));
+ std::string Tmp;
+ strprintf(Tmp, "Cache-Control: max-age=%u\r\n",
+ _config->FindI("Acquire::http::Max-Age",0));
+ Buf += Tmp;
}
else
{
if (_config->FindB("Acquire::http::No-Store",false) == true)
- strcat(Buf,"Cache-Control: no-store\r\n");
+ Buf += "Cache-Control: no-store\r\n";
}
}
@@ -724,7 +722,7 @@
size_t const filepos = Itm->Uri.find_last_of('/');
string const file = Itm->Uri.substr(filepos + 1);
if (flExtension(file) == file)
- strcat(Buf,"Accept: text/*\r\n");
+ Buf += "Accept: text/*\r\n";
}
string Req = Buf;
@@ -734,7 +732,7 @@
if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
{
// In this case we send an if-range query with a range header
- sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1,
+ strprintf(Buf, "Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1,
TimeRFC1123(SBuf.st_mtime).c_str());
Req += Buf;
}
@@ -742,7 +740,7 @@
{
if (Itm->LastModified != 0)
{
- sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
+ strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
Req += Buf;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.