Diff between apt-0.9.7.9+deb7u4 and apt-0.9.7.9+deb7u5
| diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc | |
| --- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700 | |
| +++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700 | |
| @@ -970,6 +970,12 @@ | |
| else | |
| Local = true; | |
| + // do not reverify cdrom sources as apt-cdrom may rewrite the Packages | |
| + // file when its doing the indexcopy | |
| + if (RealURI.substr(0,6) == "cdrom:" && | |
| + StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) | |
| + return; | |
| + | |
| // The files timestamp matches | |
| if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) | |
| { | |
| diff -ru _1/apt-0.9.7.9+deb7u4/debian/changelog _2/apt-0.9.7.9+deb7u5/debian/changelog | |
| --- _1/apt-0.9.7.9+deb7u4/debian/changelog 2014-09-18 02:32:09.000000000 -0700 | |
| +++ _2/apt-0.9.7.9+deb7u5/debian/changelog 2014-09-23 00:07:36.000000000 -0700 | |
| @@ -1,3 +1,15 @@ | |
| +apt (0.9.7.9+deb7u5) wheezy-security; urgency=high | |
| + | |
| + * SECURITY UPDATE: | |
| + - methods/http.cc: fix potential buffer overflow, thanks to the | |
| + Google Security Team (CVE-2014-6273) | |
| + * fix regression when Dir::state::lists is set to a relative | |
| + path (closes: 762160) | |
| + * fix regression when cdrom: sources got rewriten by apt-cdrom | |
| + add | |
| + | |
| + -- Michael Vogt <mvo@debian.org> Tue, 23 Sep 2014 08:56:27 +0200 | |
| + | |
| apt (0.9.7.9+deb7u4) wheezy-security; urgency=high | |
| * Fix regression in 0.9.7.9+deb7u3 when file:/// sources | |
| diff -ru _1/apt-0.9.7.9+deb7u4/methods/copy.cc _2/apt-0.9.7.9+deb7u5/methods/copy.cc | |
| --- _1/apt-0.9.7.9+deb7u4/methods/copy.cc 2014-08-20 01:32:37.000000000 -0700 | |
| +++ _2/apt-0.9.7.9+deb7u5/methods/copy.cc 2014-09-23 00:08:18.000000000 -0700 | |
| @@ -55,7 +55,7 @@ | |
| bool CopyMethod::Fetch(FetchItem *Itm) | |
| { | |
| URI Get = Itm->Uri; | |
| - std::string File = Get.Path; | |
| + std::string File = Get.Host + Get.Path; // To account for relative paths | |
| // Stat the file and send a start message | |
| struct stat Buf; | |
| diff -ru _1/apt-0.9.7.9+deb7u4/methods/http.cc _2/apt-0.9.7.9+deb7u5/methods/http.cc | |
| --- _1/apt-0.9.7.9+deb7u4/methods/http.cc 2013-03-01 02:51:21.000000000 -0800 | |
| +++ _2/apt-0.9.7.9+deb7u5/methods/http.cc 2014-09-18 05:26:56.000000000 -0700 | |
| @@ -666,18 +666,14 @@ | |
| URI Uri = Itm->Uri; | |
| // The HTTP server expects a hostname with a trailing :port | |
| - char Buf[1000]; | |
| + std::string Buf; | |
| string ProperHost = Uri.Host; | |
| if (Uri.Port != 0) | |
| { | |
| - sprintf(Buf,":%u",Uri.Port); | |
| + strprintf(Buf,":%u",Uri.Port); | |
| ProperHost += Buf; | |
| } | |
| - // Just in case. | |
| - if (Itm->Uri.length() >= sizeof(Buf)) | |
| - abort(); | |
| - | |
| /* Build the request. We include a keep-alive header only for non-proxy | |
| requests. This is to tweak old http/1.0 servers that do support keep-alive | |
| but not HTTP/1.1 automatic keep-alive. Doing this with a proxy server | |
| @@ -685,32 +681,34 @@ | |
| pass it on, HTTP/1.1 says the connection should default to keep alive | |
| and we expect the proxy to do this */ | |
| if (Proxy.empty() == true || Proxy.Host.empty()) | |
| - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", | |
| + strprintf(Buf, "GET %s HTTP/1.1\r\nHost: %s\r\nConnection: keep-alive\r\n", | |
| QuoteString(Uri.Path,"~").c_str(),ProperHost.c_str()); | |
| else | |
| { | |
| /* Generate a cache control header if necessary. We place a max | |
| cache age on index files, optionally set a no-cache directive | |
| and a no-store directive for archives. */ | |
| - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", | |
| + strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", | |
| Itm->Uri.c_str(),ProperHost.c_str()); | |
| } | |
| // generate a cache control header (if needed) | |
| if (_config->FindB("Acquire::http::No-Cache",false) == true) | |
| { | |
| - strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n"); | |
| + Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n"; | |
| } | |
| else | |
| { | |
| if (Itm->IndexFile == true) | |
| { | |
| - sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n", | |
| - _config->FindI("Acquire::http::Max-Age",0)); | |
| + std::string Tmp; | |
| + strprintf(Tmp, "Cache-Control: max-age=%u\r\n", | |
| + _config->FindI("Acquire::http::Max-Age",0)); | |
| + Buf += Tmp; | |
| } | |
| else | |
| { | |
| if (_config->FindB("Acquire::http::No-Store",false) == true) | |
| - strcat(Buf,"Cache-Control: no-store\r\n"); | |
| + Buf += "Cache-Control: no-store\r\n"; | |
| } | |
| } | |
| @@ -724,7 +722,7 @@ | |
| size_t const filepos = Itm->Uri.find_last_of('/'); | |
| string const file = Itm->Uri.substr(filepos + 1); | |
| if (flExtension(file) == file) | |
| - strcat(Buf,"Accept: text/*\r\n"); | |
| + Buf += "Accept: text/*\r\n"; | |
| } | |
| string Req = Buf; | |
| @@ -734,7 +732,7 @@ | |
| if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) | |
| { | |
| // In this case we send an if-range query with a range header | |
| - sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1, | |
| + strprintf(Buf, "Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size - 1, | |
| TimeRFC1123(SBuf.st_mtime).c_str()); | |
| Req += Buf; | |
| } | |
| @@ -742,7 +740,7 @@ | |
| { | |
| if (Itm->LastModified != 0) | |
| { | |
| - sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); | |
| + strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); | |
| Req += Buf; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment