Your message dated Sat, 15 Nov 2014 23:33:43 +0000
with message-id <[email protected]>
and subject line Bug#525749: fixed in wmbiff 0.4.28-1
has caused the Debian Bug report #525749,
regarding wmbiff: security.debian.rb is broken
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
525749: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525749
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wmbiff
Version: 0.4.27-2+b2
Severity: normal
Tags: patch
security.debian.rb claims that there are no security updates available even if
there are some. This is because it fails to download the Packages files from
s.d.o for various reasons:
- the urlpath isn't correct (there should be '/debian-security' between
'security.debian.org' and '/dists'
- there is no Packages file on the server, only Packages.gz and Packages.bz2
- with the above corrected, the file was still not downloaded correctly, maybe
a problem with the warning ruby1.8 gives, didn't investigate on this
The appended patch fixes these problems. Note that the patch uses ftp to access
s.d.o. (is it reliable to do so or is there a special reason for using http per
default in /etc/apt/sources.list?). Furthermore, the whole .stamp thing isn't
there anymore after applying the patch.
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wmbiff depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
wmbiff recommends no packages.
Versions of packages wmbiff suggests:
ii ruby 4.2 An interpreter of object-oriented
pn ssh-askpass <none> (no description available)
-- no debconf information
--- wmbiff-0.4.27/scripts/security.debian.rb.orig 2004-07-04 01:43:59.000000000 +0200
+++ wmbiff-0.4.27/scripts/security.debian.rb 2009-04-26 22:43:08.000000000 +0200
@@ -7,7 +7,7 @@
# Based on security-update-check.py by Rob Bradford
-require 'net/http'
+require 'net/ftp'
#require 'profile'
@@ -67,16 +67,13 @@
# file, the url, the system's cache of the file, and a
# per-user cache of the file.
packagelists = Dir.glob("/var/lib/apt/lists/#{Server}*Packages").map { |pkgfile|
- [ pkgfile.gsub(/.*#{Server}/, '').tr('_','/'), # the url path
+ [ '/debian-security' + pkgfile.gsub(/.*#{Server}/, '').tr('_','/').gsub(/Packages/, ''), # the url path
pkgfile, # the system cache of the packages file. probably up-to-date.
# and finally, a user's cache of the page, if needed.
"%s/%s" % [ Cachedir, pkgfile.gsub(/.*#{Server}_/,'') ]
]
}
-# we'll open a persistent session, but only if we need it.
-session = nil
-
# update the user's cache if necessary.
packagelists.each { |urlpath, sc, uc|
sctime = File.stat(sc).mtime
@@ -91,31 +88,23 @@
uctime
end
else
- # the user cache doesn't exist, but we might have
- # talked to the server recently.
- if(test(?e, uc + '.stamp')) then
- File.stat(uc + '.stamp').mtime
- else
- sctime
- end
+ sctime
end
if(Time.now > cached_time + Refetch_Interval_Sec) then
debugmsg "fetching #{urlpath} %s > %s + %d" % [Time.now, cached_time, Refetch_Interval_Sec]
begin
- if(session == nil) then
- session = Net::HTTP.new(Server)
- # session.set_pipe($stderr);
- end
- begin
- # the warning with ruby1.8 on the following line
- # has to do with the resp, data bit, which should
- # eventually be replaced with (copied from the
- # docs with the 1.8 net/http.rb)
- # response = http.get('/index.html')
- # puts response.body
- resp, data = session.get(urlpath,
- { 'If-Modified-Since' =>
- cached_time.strftime( "%a, %d %b %Y %H:%M:%S GMT" ) })
+ test(?e, Cachedir) or Dir.mkdir(Cachedir)
+
+ ftp = Net::FTP.new(Server)
+ ftp.login
+ ftp.chdir(urlpath)
+ ftp.getbinaryfile('Packages.gz', uc + '.gz', 1024)
+ ftp.close
+
+ # need to unzip Packages.gz
+ cmd_gunzip = "gzip -df %s" % [ uc + '.gz' ]
+ Kernel.system(cmd_gunzip)
+
rescue SocketError => e
# if the net is down, we'll get this error; avoid printing a stack trace.
puts "XX old"
@@ -127,24 +116,7 @@
puts "XX old"
exit 1;
end
- test(?e, Cachedir) or Dir.mkdir(Cachedir)
- File.open(uc, 'w') { |o| o.puts data }
- test(?e, uc + '.stamp') and File.unlink(uc + '.stamp') # we have a copy, don't need the stamp.
debugmsg "urlpath updated"
- rescue Net::ProtoRetriableError => detail
- head = detail.data
- if head.code != "304"
- raise "unexpected error occurred: " + detail
- end
- test(?e, Cachedir) or Dir.mkdir(Cachedir)
- if(test(?e, uc)) then
- touch(uc)
- else
- # we didn't get an update, but we don't have a cached
- # copy in the user directory.
- touch(uc + '.stamp')
- end
- end
else
debugmsg "skipping #{urlpath}"
end
--- End Message ---
--- Begin Message ---
Source: wmbiff
Source-Version: 0.4.28-1
We believe that the bug you reported is fixed in the latest version of
wmbiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Doug Torrance <[email protected]> (supplier of updated wmbiff
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 13 Nov 2014 21:48:26 -0600
Source: wmbiff
Binary: wmbiff
Architecture: source amd64
Version: 0.4.28-1
Distribution: unstable
Urgency: medium
Maintainer: Doug Torrance <[email protected]>
Changed-By: Doug Torrance <[email protected]>
Description:
wmbiff - Dockable app that displays information about mailboxes
Closes: 449774 525749 589408 626393 663876 767915
Changes:
wmbiff (0.4.28-1) unstable; urgency=medium
.
* New upstream release.
- Fix security.debian.rb script (Closes: #525749).
- Fix connection leak (Closes: #663876).
- Allow usernames with more than 32 characters (Closes: #626393).
- Increase number of actions to 40 (Closes: #589408).
* New maintainer (Closes: #767915).
* debian/compat:
- Bump to 9.
* debian/control:
- Bump versioned dependency on debhelper to >=9.
- Bump Standards-Version to 3.9.6.
- Add ${misc:Depends} to Depends.
- Remove article from beginning of Description.
- Add Homepage and Vcs-* fields.
- Add dh-autoreconf to Build-Depends.
- Remove cdbs from Build-Depends.
- Remove Uploaders field.
- Remove references to Licq and GnomeICU support in Description.
* debian/copyright:
- Convert to machine-readable format version 1.0.
* debian/dirs:
- Remove unnecessary file.
* debian/docs:
- Remove README.licq, which no longer exists.
* debian/menu:
- Update section.
* debian/patches:
- Remove directory; patches either applied upstream or not needed because
of
dh_autoreconf.
* debian/rules:
- Add get-orig-source target.
- Update to use dh and dh_autoreconf.
- Add nocheck to DEB_BUILD_OPTIONS; otherwise dh_auto_test sometimes fails.
* debian/watch:
- Bump to version 3; update with new location (Closes: #449774).
Checksums-Sha1:
8a2c8d6296436d5f8873dd9d6572c08195b7bd0a 1900 wmbiff_0.4.28-1.dsc
cf54154a2c1a99b5b9f23529238567107c278874 111395 wmbiff_0.4.28.orig.tar.gz
6f1a78979607bfc8f666ff8ef2a359d09d96a788 8008 wmbiff_0.4.28-1.debian.tar.xz
5593bad452259c81203d7cc045e220056d527e6f 94214 wmbiff_0.4.28-1_amd64.deb
Checksums-Sha256:
4f847e4bc4e56a55216ce8b454ca47901c6171b1a0ea92f72140f6f141fabc83 1900
wmbiff_0.4.28-1.dsc
618b87a63ad9ce58bcf4284015c1a8baf458f47101e83b74fa0253f01f33a7f7 111395
wmbiff_0.4.28.orig.tar.gz
21f1d1d5ca28306f9463bc64b6171fbda32ddead533897d77b6b90825b330e8b 8008
wmbiff_0.4.28-1.debian.tar.xz
7278ba86adf6ff8032459f691b3e2c264cb6c5be8ec4a59a3a3f4000730b512c 94214
wmbiff_0.4.28-1_amd64.deb
Files:
227196be7c554302de3f74c106b727cb 1900 x11 optional wmbiff_0.4.28-1.dsc
55c13fa890dbeaa217e74618f95b02a1 111395 x11 optional wmbiff_0.4.28.orig.tar.gz
3b56acde914c5b7f206c4bce41726910 8008 x11 optional
wmbiff_0.4.28-1.debian.tar.xz
d12d1967cfaf148b71121dbc9321c16e 94214 x11 optional wmbiff_0.4.28-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUZ+CPAAoJEHQmOzf1tfkTyl4QAI/HW0xYlRLF3euDsszt7aSl
gFWa7Q1j2QQE1ZJEjGa5GOPDdt02Ealj47MyQ6TM13dX4XKNDG5S6qkh87Q/5ljp
8L/4TCp3FT2nBho93n/y/eQodaXXf4hx/eXtrLmzlpe0U8/G3gWa6+3EFLo+rTqA
tAQgjGHSlhbWuXaVNduS3DfCHzlVghRy47MhMHH5KHF38wMc1XfNk11PCqUPg2BB
/KK8KWpWJNfa45NMzjeM2RKtO16OTUpFAW1/Kl08xI4x+2utYxxaCbmXJW62Spl2
qHgG967bUNCy/Gh0Fb5J4cXt+vgBGJk4kwki2I4OHThKwr51nb7dDBs3erVLcZVc
GmRJ2HFTJTfjeqNjUHG5H5KSKIL1QGs0XRnDUod/fV3rGRmvZpi6vnlDSXFII20m
7OpsImqZpWhhsKX+2qEEg33k70E1KcbAX1IrRQ8ffE9dHIIrZoc+o/1xpJxtnoqW
DK7ycZO/maltSDu/07Ob7LkEjX+HYKF4TEdQYpiCWpfK0L3q0TGegVTjsPcNwAKn
YH7rFgs05AsXKT5vj/qr4o44dcIq9GXByKWr576+1utOIKNzy2TKT3Am4AWOeHr5
NJGuWQKOLIvU/3NaTbBnmcrmgzGyo5Xnj9oI2r8wV+vN0Rwcd1go+hVrwVKUmFyQ
BEhefshwIfuP8mQopTjq
=Venw
-----END PGP SIGNATURE-----
--- End Message ---
