Import Debian version 1.0.1ubuntu2.18

apt (1.0.1ubuntu2.18) trusty; urgency=medium

  * ExecFork: Use /proc/self/fd to determine which files to close
    (Closes: #764204) (LP: #1332440).

apt (1.0.1ubuntu2.17) trusty-security; urgency=high

  * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
    Thanks to Jann Horn, Google Project Zero for reporting the issue
    (LP: #1647467)

apt (1.0.1ubuntu2.15) trusty; urgency=medium

  * Fixes failure to download the Package index file when using
    mirror:// URL in sources.list and the archive fails to profile
    a file. APT would try the next archive in the list for .deb
    packages but did not retry when the index file failed to download.
    (LP: #1625667)

apt (1.0.1ubuntu2.14) trusty; urgency=medium

  * When using the https transport mechanism, $no_proxy is ignored if apt is
    getting it's proxy information from $https_proxy (as opposed to
    Acquire::https::Proxy somewhere in apt config). If the source of proxy
    information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
    then $no_proxy is honored. This patch makes the behavior similar for
    both methods of setting the proxy. (LP: #1575877)

apt (1.0.1ubuntu2.13) trusty; urgency=medium

  * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
    Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
    systemd, util-linux, and other packages with Pre-Depends. Many thanks to
    David Kalnischkies for figuring out the patch and Winfried PLappert for
    testing! Patch taken from Debian git. (LP: #1560797)

apt (1.0.1ubuntu2.12) trusty; urgency=medium

  [ Colin Watson ]
  * Fix lzma write support to handle "try again" case (closes: #751688,
    LP: #1553770).

  [ David Kalnischkies ]
  * Handle moved mmap after UniqFindTagWrite call (closes: #753941,
    LP: #1445436).

apt (1.0.1ubuntu2.11) trusty; urgency=medium

  * apt-pkg/packagemanager.cc:
    - fix incorrect configure ordering in the SmartConfigure step by skipping
      packages that do not need immediate action. (LP: #1347721, #1497688)

apt (1.0.1ubuntu2.10) trusty; urgency=medium

  * Fix regression from the previous upload by ensuring we're actually
    testing for the right member before iterating on it (LP: #1480592)

apt (1.0.1ubuntu2.9) trusty; urgency=medium

  * Fix regression in the Never-MarkAuto-Sections feature caused by the
    previous auto-removal fix, with inspiration drawn from the patches
    and conversation from http://bugs.debian.org/793360 (LP: #1479207)

apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low

  * fix crash for packages that have no section in their instVersion
    (LP: #1449394)

apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low

  * fix auto-removal behavior (thanks to Adam Conrad)
    LP: #1429041

apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium

  * apt-pkg/deb/dpkgpm.cc:
    - update string matching for dpkg I/O errors. (LP: #1363257)
    - properly parse the dpkg status line so that package name is properly set
      and an apport report is created. Thanks to Anders Kaseorg for the patch.
      (LP: #1353171)

apt (1.0.1ubuntu2.5) trusty-security; urgency=low

  * SECURITY UPDATE:
      - cmdline/apt-get.cc: fix insecure tempfile handling in
        apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover

apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low

  * SECURITY UPDATE:
    - fix potential buffer overflow, thanks to the
      Google Security Team (CVE-2014-6273)
  * Fix regression from the previous upload when file:/// sources
    are used and those are on a different partition than
    the apt state directory
  * Fix regression when Dir::state::lists is set to a relative path
  * Fix regression when cdrom: sources got rewriten by apt-cdrom add

apt (1.0.1ubuntu2.3) trusty-security; urgency=low

  * SECURITY UPDATE:
    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
    - incorect verification of 304 reply (CVE-2014-0487)
    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)

1 files changed, 11 insertions, 13 deletions

diff --git a/methods/http.cc b/methods/http.cc
index ed6e3517d..d3a5d718f 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -667,7 +667,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
    URI Uri = Itm->Uri;
 
    // The HTTP server expects a hostname with a trailing :port
-   char Buf[1000];
+   string Buf;
    string ProperHost;
 
    if (Uri.Host.find(':') != string::npos)
@@ -676,14 +676,10 @@ void HttpMethod::SendReq(FetchItem *Itm)
       ProperHost = Uri.Host;
    if (Uri.Port != 0)
    {
-      sprintf(Buf,":%u",Uri.Port);
+      strprintf(Buf,":%u",Uri.Port);
       ProperHost += Buf;
    }   
       
-   // Just in case.
-   if (Itm->Uri.length() >= sizeof(Buf))
-       abort();
-
    /* RFC 2616 §5.1.2 requires absolute URIs for requests to proxies,
       but while its a must for all servers to accept absolute URIs,
       it is assumed clients will sent an absolute path for non-proxies */
@@ -701,25 +697,27 @@ void HttpMethod::SendReq(FetchItem *Itm)
       in 1.1, can cause problems with proxies, and we are an HTTP/1.1
       client anyway.
       C.f. https://tools.ietf.org/wg/httpbis/trac/ticket/158 */
-   sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
+   strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
 	   requesturi.c_str(),ProperHost.c_str());
 
    // generate a cache control header (if needed)
    if (_config->FindB("Acquire::http::No-Cache",false) == true) 
    {
-      strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n");
+      Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n";
    }
    else
    {
       if (Itm->IndexFile == true) 
       {
-	 sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n",
+         string Tmp;
+	 strprintf(Tmp,"Cache-Control: max-age=%u\r\n",
 		 _config->FindI("Acquire::http::Max-Age",0));
+         Buf += Tmp;
       }
       else
       {
 	 if (_config->FindB("Acquire::http::No-Store",false) == true)
-	    strcat(Buf,"Cache-Control: no-store\r\n");
+	    Buf += "Cache-Control: no-store\r\n";
       }
    }
 
@@ -733,7 +731,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
       size_t const filepos = Itm->Uri.find_last_of('/');
       string const file = Itm->Uri.substr(filepos + 1);
       if (flExtension(file) == file)
-	 strcat(Buf,"Accept: text/*\r\n");
+	 Buf += "Accept: text/*\r\n";
    }
 
    string Req = Buf;
@@ -743,7 +741,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
    if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
    {
       // In this case we send an if-range query with a range header
-      sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size,
+      strprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size,
 	      TimeRFC1123(SBuf.st_mtime).c_str());
       Req += Buf;
    }
@@ -751,7 +749,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
    {
       if (Itm->LastModified != 0)
       {
-	 sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
+	 strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
 	 Req += Buf;
       }
    }