Diff between apt-0.9.7.9+deb7u4 and apt-0.9.7.9+deb7u5
diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc | |
--- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700 | |
+++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700 | |
@@ -970,6 +970,12 @@ | |
else | |
Local = true; | |
+ // do not reverify cdrom sources as apt-cdrom may rewrite the Packages | |
+ // file when its doing the indexcopy | |
+ if (RealURI.substr(0,6) == "cdrom:" && | |
+ StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) | |
+ return; | |
+ | |
// The files timestamp matches | |
if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) | |
{ | |
diff -ru _1/apt-0.9.7.9+deb7u4/debian/changelog _2/apt-0.9.7.9+deb7u5/debian/changelog | |
--- _1/apt-0.9.7.9+deb7u4/debian/changelog 2014-09-18 02:32:09.000000000 -0700 | |
+++ _2/apt-0.9.7.9+deb7u5/debian/changelog 2014-09-23 00:07:36.000000000 -0700 | |
@@ -1,3 +1,15 @@ | |
+apt (0.9.7.9+deb7u5) wheezy-security; urgency=high | |
+ | |
+ * SECURITY UPDATE: | |
+ - methods/http.cc: fix potential buffer overflow, thanks to the | |
+ Google Security Team (CVE-2014-6273) | |
+ * fix regression when Dir::state::lists is set to a relative | |
+ path (closes: 762160) | |
+ * fix regression when cdrom: sources got rewriten by apt-cdrom | |
+ add | |
+ | |
+ -- Michael Vogt <mvo@debian.org> Tue, 23 Sep 2014 08:56:27 +0200 | |
+ | |
apt (0.9.7.9+deb7u4) wheezy-security; urgency=high | |
* Fix regression in 0.9.7.9+deb7u3 when file:/// sources | |
diff -ru _1/apt-0.9.7.9+deb7u4/methods/copy.cc _2/apt-0.9.7.9+deb7u5/methods/copy.cc | |
--- _1/apt-0.9.7.9+deb7u4/methods/copy.cc 2014-08-20 01:32:37.000000000 -0700 | |
+++ _2/apt-0.9.7.9+deb7u5/methods/copy.cc 2014-09-23 00:08:18.000000000 -0700 | |
@@ -55,7 +55,7 @@ | |
bool CopyMethod::Fetch(FetchItem *Itm) | |
{ | |
URI Get = Itm->Uri; | |
- std::string File = Get.Path; | |
+ std::string File = Get.Host + Get.Path; // To account for relative paths | |
// Stat the file and send a start message | |
struct stat Buf; | |
diff -ru _1/apt-0.9.7.9+deb7u4/methods/http.cc _2/apt-0.9.7.9+deb7u5/methods/http.cc | |
--- _1/apt-0.9.7.9+deb7u4/methods/http.cc 2013-03-01 02:51:21.000000000 -0800 | |
+++ _2/apt-0.9.7.9+deb7u5/methods/http.cc 2014-09-18 05:26:56.000000000 -0700 | |
@@ -666,18 +666,14 @@ | |
URI Uri = Itm->Uri; | |
// The HTTP server expects a hostname with a trailing :port | |
- char Buf[1000]; | |
+ std::string Buf; | |
string ProperHost = Uri.Host; | |
if (Uri.Port != 0) | |
{ | |
- sprintf(Buf,":%u",Uri.Port); | |
+ strprintf(Buf,":%u",Uri.Port); | |
ProperHost += Buf; | |
} | |
- // Just in case. | |
- if (Itm->Uri.length() >= sizeof(Buf)) | |
- abort(); | |
- | |
/* Build the request. We include a keep-alive header only for non-proxy | |
requests. This is to tweak old http/1.0 servers that do support keep-alive | |
but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server | |
@@ -685,32 +681,34 @@ | |
pass it on, HTTP/1.1 says the connection should default to keep alive | |
and we expect the proxy to do this */ | |
if (Proxy.empty() == true || Proxy.Host.empty()) | |
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", | |
+ strprintf(Buf, "GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", | |
QuoteString(Uri.Path,"~").c_str(),ProperHost.c_str()); | |
else | |
{ | |
/* Generate a cache control header if necessary. We place a max | |
cache age on index files, optionally set a no-cache directive | |
and a no-store directive for archives. */ | |
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", | |
+ strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", | |
Itm->Uri.c_str(),ProperHost.c_str()); | |
} | |
// generate a cache control header (if needed) | |
if (_config->FindB("Acquire::http::No-Cache",false) == true) | |
{ | |
- strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n"); | |
+ Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n"; | |
} | |
else | |
{ | |
if (Itm->IndexFile == true) | |
{ | |
- sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n", | |
- _config->FindI("Acquire::http::Max-Age",0)); | |
+ std::string Tmp; | |
+ strprintf(Tmp, "Cache-Control: max-age=%u\r\n", | |
+ _config->FindI("Acquire::http::Max-Age",0)); | |
+ Buf += Tmp; | |
} | |
else | |
{ | |
if (_config->FindB("Acquire::http::No-Store",false) == true) | |
- strcat(Buf,"Cache-Control: no-store\r\n"); | |
+ Buf += "Cache-Control: no-store\r\n"; | |
} | |
} | |
@@ -724,7 +722,7 @@ | |
size_t const filepos = Itm->Uri.find_last_of('/'); | |
string const file = Itm->Uri.substr(filepos + 1); | |
if (flExtension(file) == file) | |
- strcat(Buf,"Accept: text/*\r\n"); | |
+ Buf += "Accept: text/*\r\n"; | |
} | |
string Req = Buf; | |
@@ -734,7 +732,7 @@ | |
if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) | |
{ | |
// In this case we send an if-range query with a range header | |
- sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1, | |
+ strprintf(Buf, "Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1, | |
TimeRFC1123(SBuf.st_mtime).c_str()); | |
Req += Buf; | |
} | |
@@ -742,7 +740,7 @@ | |
{ | |
if (Itm->LastModified != 0) | |
{ | |
- sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); | |
+ strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); | |
Req += Buf; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment