From acfbd607bd92cc1ba391873ce0ccec7103d858e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tr=E1=BA=A7n=20Ng=E1=BB=8Dc=20Qu=C3=A2n?= Date: Fri, 12 Sep 2014 14:13:36 +0700 Subject: l10n: vi.po (636t): Update program translation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Trần Ngọc Quân --- po/vi.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/po/vi.po b/po/vi.po index 1100281eb..71dcfa553 100644 --- a/po/vi.po +++ b/po/vi.po @@ -6,10 +6,10 @@ # msgid "" msgstr "" -"Project-Id-Version: apt 1.0.6\n" +"Project-Id-Version: apt 1.0.8\n" "Report-Msgid-Bugs-To: APT Development Team \n" "POT-Creation-Date: 2014-09-09 20:35+0200\n" -"PO-Revision-Date: 2014-07-24 14:58+0700\n" +"PO-Revision-Date: 2014-09-12 13:48+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" "Language: vi\n" @@ -647,7 +647,7 @@ msgstr "" #: cmdline/apt-helper.cc:36 msgid "Need one URL as argument" -msgstr "" +msgstr "Cần một URL làm đối số" #: cmdline/apt-helper.cc:49 msgid "Must specify at least one pair url/filename" @@ -658,7 +658,6 @@ msgid "Download Failed" msgstr "Gặp lỗi khi tải về" #: cmdline/apt-helper.cc:80 -#, fuzzy msgid "" "Usage: apt-helper [options] command\n" " apt-helper [options] download-file uri target-path\n" @@ -678,6 +677,7 @@ msgstr "" "\n" "Các lệnh:\n" " download-file - tải về uri đã cho về đường-dẫn-đích\n" +" auto-detect-proxy - dò tìm proxy dùng apt.conf\n" "\n" " Lệnh trợ giúp APT này có Sức Mạnh của Siêu “Meep”.\n" @@ -1767,7 +1767,7 @@ msgid "%i package can be upgraded. Run 'apt list --upgradable' to see it.\n" msgid_plural "" "%i packages can be upgraded. Run 'apt list --upgradable' to see them.\n" msgstr[0] "" -"%i gói có thể được cập nhật. Chạy 'apt list --upgradable' để xem chúng.\n" +"%i gói có thể được cập nhật. Chạy “apt list --upgradable” để xem chúng.\n" #: apt-private/private-update.cc:94 msgid "All packages are up to date." -- cgit v1.2.3 From daff4aa356128310f022370f7825bdc369c66ba8 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 17 Sep 2014 14:57:05 +0200 Subject: Fix regression for file:/// uris from CVE-2014-0487 Do not run ReverifyAfterIMS() for local file URIs as this will causes apt to mess around in the file:/// uri space. This is wrong in itself, but it will also cause a incorrect verification failure when the archive and the lists directory are on different partitions as rename(). --- apt-pkg/acquire-item.cc | 18 ++++++------------ test/integration/test-apt-update-file | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 12 deletions(-) create mode 100755 test/integration/test-apt-update-file diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 058b8bf74..2ced65aa2 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1120,12 +1120,6 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash, string FileName = LookupTag(Message,"Alt-Filename"); if (FileName.empty() == false) { - // The files timestamp matches - if (StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false) == true) - { - ReverifyAfterIMS(FileName); - return; - } Decompression = true; Local = true; DestFile += ".decomp"; @@ -1142,18 +1136,18 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash, ErrorText = "Method gave a blank filename"; } + if (FileName == DestFile) + Erase = true; + else + Local = true; + // The files timestamp matches - if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) + if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) { ReverifyAfterIMS(FileName); return; } - if (FileName == DestFile) - Erase = true; - else - Local = true; - string decompProg; // If we enable compressed indexes, queue for hash verification diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file new file mode 100755 index 000000000..069f8ba2f --- /dev/null +++ b/test/integration/test-apt-update-file @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Ensure that we do not modify file:/// uris (regression test for +# CVE-2014-0487 +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "amd64" +configcompression 'bz2' 'gz' + +insertpackage 'unstable' 'foo' 'all' '1.0' + +umask 022 +setupaptarchive --no-update + +# ensure the archive is not writable +chmod 550 aptarchive/dists/unstable/main/binary-amd64 + +testsuccess aptget update -qq +testsuccess aptget update -qq + +# the cleanup should still work +chmod 750 aptarchive/dists/unstable/main/binary-amd64 -- cgit v1.2.3 From 23d0a6fbee9e8880107481502e14411961c44a7b Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 17 Sep 2014 17:48:27 +0200 Subject: improve test for commit daff4a --- apt-pkg/acquire-item.cc | 5 +++-- test/integration/test-apt-update-file | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 2ced65aa2..5df43726b 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1141,13 +1141,14 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash, else Local = true; - // The files timestamp matches + // The files timestamp matches, for non-local URLs reverify the local + // file, for local file, uncompress again to ensure the hashsum is still + // matching the Release file if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true) { ReverifyAfterIMS(FileName); return; } - string decompProg; // If we enable compressed indexes, queue for hash verification diff --git a/test/integration/test-apt-update-file b/test/integration/test-apt-update-file index 069f8ba2f..e267c71da 100755 --- a/test/integration/test-apt-update-file +++ b/test/integration/test-apt-update-file @@ -22,6 +22,13 @@ chmod 550 aptarchive/dists/unstable/main/binary-amd64 testsuccess aptget update -qq testsuccess aptget update -qq +aptget update -qq -o Debug::pkgAcquire::Auth=1 2> output.log + +# ensure that the hash of the uncompressed file was verified even on a local +# ims hit +canary="SHA512:$(bzcat aptarchive/dists/unstable/main/binary-amd64/Packages.bz2 | sha512sum |cut -f1 -d' ')" +grep -q "RecivedHash: $canary" output.log + # the cleanup should still work chmod 750 aptarchive/dists/unstable/main/binary-amd64 -- cgit v1.2.3 From e438bafe7d578a04837c520ca5d69f38a6b993cf Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 17 Sep 2014 22:05:51 +0200 Subject: releasing package apt version 1.0.9.1 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 140e35d4d..36353bd95 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,12 @@ apt (1.0.9.1) unstable; urgency=high * Allow override of Proxy-Auto-Detect by the users configuration (Closes: 759264) * fix ci autopkgtest + * fix regression from 1.0.9 when file:/// source are used and + those are on a different partition than the apt state directory + and add regression test + + [ Trần Ngọc Quân ] + * l10n: vi.po (636t): Update program translation [ Chris Leick ] * Updated German documentation translation -- cgit v1.2.3