Package: wmbiff Version: 0.4.27-2+b2 Severity: normal Tags: patch
security.debian.rb claims that there are no security updates available even if there are some. This is because it fails to download the Packages files from s.d.o for various reasons: - the urlpath isn't correct (there should be '/debian-security' between 'security.debian.org' and '/dists' - there is no Packages file on the server, only Packages.gz and Packages.bz2 - with the above corrected, the file was still not downloaded correctly, maybe a problem with the warning ruby1.8 gives, didn't investigate on this The appended patch fixes these problems. Note that the patch uses ftp to access s.d.o. (is it reliable to do so or is there a special reason for using http per default in /etc/apt/sources.list?). Furthermore, the whole .stamp thing isn't there anymore after applying the patch. -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wmbiff depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxpm4 1:3.5.7-1 X11 pixmap library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime wmbiff recommends no packages. Versions of packages wmbiff suggests: ii ruby 4.2 An interpreter of object-oriented pn ssh-askpass <none> (no description available) -- no debconf information
--- wmbiff-0.4.27/scripts/security.debian.rb.orig 2004-07-04 01:43:59.000000000 +0200 +++ wmbiff-0.4.27/scripts/security.debian.rb 2009-04-26 22:43:08.000000000 +0200 @@ -7,7 +7,7 @@ # Based on security-update-check.py by Rob Bradford -require 'net/http' +require 'net/ftp' #require 'profile' @@ -67,16 +67,13 @@ # file, the url, the system's cache of the file, and a # per-user cache of the file. packagelists = Dir.glob("/var/lib/apt/lists/#{Server}*Packages").map { |pkgfile| - [ pkgfile.gsub(/.*#{Server}/, '').tr('_','/'), # the url path + [ '/debian-security' + pkgfile.gsub(/.*#{Server}/, '').tr('_','/').gsub(/Packages/, ''), # the url path pkgfile, # the system cache of the packages file. probably up-to-date. # and finally, a user's cache of the page, if needed. "%s/%s" % [ Cachedir, pkgfile.gsub(/.*#{Server}_/,'') ] ] } -# we'll open a persistent session, but only if we need it. -session = nil - # update the user's cache if necessary. packagelists.each { |urlpath, sc, uc| sctime = File.stat(sc).mtime @@ -91,31 +88,23 @@ uctime end else - # the user cache doesn't exist, but we might have - # talked to the server recently. - if(test(?e, uc + '.stamp')) then - File.stat(uc + '.stamp').mtime - else - sctime - end + sctime end if(Time.now > cached_time + Refetch_Interval_Sec) then debugmsg "fetching #{urlpath} %s > %s + %d" % [Time.now, cached_time, Refetch_Interval_Sec] begin - if(session == nil) then - session = Net::HTTP.new(Server) - # session.set_pipe($stderr); - end - begin - # the warning with ruby1.8 on the following line - # has to do with the resp, data bit, which should - # eventually be replaced with (copied from the - # docs with the 1.8 net/http.rb) - # response = http.get('/index.html') - # puts response.body - resp, data = session.get(urlpath, - { 'If-Modified-Since' => - cached_time.strftime( "%a, %d %b %Y %H:%M:%S GMT" ) }) + test(?e, Cachedir) or Dir.mkdir(Cachedir) + + ftp = Net::FTP.new(Server) + ftp.login + ftp.chdir(urlpath) + ftp.getbinaryfile('Packages.gz', uc + '.gz', 1024) + ftp.close + + # need to unzip Packages.gz + cmd_gunzip = "gzip -df %s" % [ uc + '.gz' ] + Kernel.system(cmd_gunzip) + rescue SocketError => e # if the net is down, we'll get this error; avoid printing a stack trace. puts "XX old" @@ -127,24 +116,7 @@ puts "XX old" exit 1; end - test(?e, Cachedir) or Dir.mkdir(Cachedir) - File.open(uc, 'w') { |o| o.puts data } - test(?e, uc + '.stamp') and File.unlink(uc + '.stamp') # we have a copy, don't need the stamp. debugmsg "urlpath updated" - rescue Net::ProtoRetriableError => detail - head = detail.data - if head.code != "304" - raise "unexpected error occurred: " + detail - end - test(?e, Cachedir) or Dir.mkdir(Cachedir) - if(test(?e, uc)) then - touch(uc) - else - # we didn't get an update, but we don't have a cached - # copy in the user directory. - touch(uc + '.stamp') - end - end else debugmsg "skipping #{urlpath}" end