Package: wmbiff
Version: 0.4.27-2+b2
Severity: normal
Tags: patch
security.debian.rb claims that there are no security updates available even if
there are some. This is because it fails to download the Packages files from
s.d.o for various reasons:
- the urlpath isn't correct (there should be '/debian-security' between
'security.debian.org' and '/dists'
- there is no Packages file on the server, only Packages.gz and Packages.bz2
- with the above corrected, the file was still not downloaded correctly, maybe
a problem with the warning ruby1.8 gives, didn't investigate on this
The appended patch fixes these problems. Note that the patch uses ftp to access
s.d.o. (is it reliable to do so or is there a special reason for using http per
default in /etc/apt/sources.list?). Furthermore, the whole .stamp thing isn't
there anymore after applying the patch.
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages wmbiff depends on:
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
wmbiff recommends no packages.
Versions of packages wmbiff suggests:
ii ruby 4.2 An interpreter of object-oriented
pn ssh-askpass <none> (no description available)
-- no debconf information
--- wmbiff-0.4.27/scripts/security.debian.rb.orig 2004-07-04 01:43:59.000000000 +0200
+++ wmbiff-0.4.27/scripts/security.debian.rb 2009-04-26 22:43:08.000000000 +0200
@@ -7,7 +7,7 @@
# Based on security-update-check.py by Rob Bradford
-require 'net/http'
+require 'net/ftp'
#require 'profile'
@@ -67,16 +67,13 @@
# file, the url, the system's cache of the file, and a
# per-user cache of the file.
packagelists = Dir.glob("/var/lib/apt/lists/#{Server}*Packages").map { |pkgfile|
- [ pkgfile.gsub(/.*#{Server}/, '').tr('_','/'), # the url path
+ [ '/debian-security' + pkgfile.gsub(/.*#{Server}/, '').tr('_','/').gsub(/Packages/, ''), # the url path
pkgfile, # the system cache of the packages file. probably up-to-date.
# and finally, a user's cache of the page, if needed.
"%s/%s" % [ Cachedir, pkgfile.gsub(/.*#{Server}_/,'') ]
]
}
-# we'll open a persistent session, but only if we need it.
-session = nil
-
# update the user's cache if necessary.
packagelists.each { |urlpath, sc, uc|
sctime = File.stat(sc).mtime
@@ -91,31 +88,23 @@
uctime
end
else
- # the user cache doesn't exist, but we might have
- # talked to the server recently.
- if(test(?e, uc + '.stamp')) then
- File.stat(uc + '.stamp').mtime
- else
- sctime
- end
+ sctime
end
if(Time.now > cached_time + Refetch_Interval_Sec) then
debugmsg "fetching #{urlpath} %s > %s + %d" % [Time.now, cached_time, Refetch_Interval_Sec]
begin
- if(session == nil) then
- session = Net::HTTP.new(Server)
- # session.set_pipe($stderr);
- end
- begin
- # the warning with ruby1.8 on the following line
- # has to do with the resp, data bit, which should
- # eventually be replaced with (copied from the
- # docs with the 1.8 net/http.rb)
- # response = http.get('/index.html')
- # puts response.body
- resp, data = session.get(urlpath,
- { 'If-Modified-Since' =>
- cached_time.strftime( "%a, %d %b %Y %H:%M:%S GMT" ) })
+ test(?e, Cachedir) or Dir.mkdir(Cachedir)
+
+ ftp = Net::FTP.new(Server)
+ ftp.login
+ ftp.chdir(urlpath)
+ ftp.getbinaryfile('Packages.gz', uc + '.gz', 1024)
+ ftp.close
+
+ # need to unzip Packages.gz
+ cmd_gunzip = "gzip -df %s" % [ uc + '.gz' ]
+ Kernel.system(cmd_gunzip)
+
rescue SocketError => e
# if the net is down, we'll get this error; avoid printing a stack trace.
puts "XX old"
@@ -127,24 +116,7 @@
puts "XX old"
exit 1;
end
- test(?e, Cachedir) or Dir.mkdir(Cachedir)
- File.open(uc, 'w') { |o| o.puts data }
- test(?e, uc + '.stamp') and File.unlink(uc + '.stamp') # we have a copy, don't need the stamp.
debugmsg "urlpath updated"
- rescue Net::ProtoRetriableError => detail
- head = detail.data
- if head.code != "304"
- raise "unexpected error occurred: " + detail
- end
- test(?e, Cachedir) or Dir.mkdir(Cachedir)
- if(test(?e, uc)) then
- touch(uc)
- else
- # we didn't get an update, but we don't have a cached
- # copy in the user directory.
- touch(uc + '.stamp')
- end
- end
else
debugmsg "skipping #{urlpath}"
end
