Package: apt Version: 0.8.15.10 Severity: critical Justification: breaks unrelated software
Hi. I've noticed by chance the following: When upgrading to this version (0.8.15.10), the file /usr/share/keyrings/debian-archive-removed-keys.gpg was somehow modified. At some places a 0x00 was replaced by 0x03. I reproduced this on 4 different sid machines... Every time I did 1) debsums -asc debian-archive-keyring => all fine 2) upgrade apt 3) debsums -asc debian-archive-keyring => /usr/share/keyrings/debian-archive-removed-keys.gpg "corrupted" 4) reinstalled debian-archive-keyring Also strange,... during the upgrade there was this warning about MD5: Setting up apt (0.8.15.10) ... gpg: key F42584E6: "Lenny Stable Release Key <debian-rele...@lists.debian.org>" not changed gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmas...@debian.org>" not changed gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" not changed gpg: key B98321F9: "Squeeze Stable Release Key <debian-rele...@lists.debian.org>" not changed gpg: key 473041FA: "Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmas...@debian.org>" not changed gpg: Total number processed: 5 gpg: unchanged: 5 gpg: checking the trustdb gpg: WARNING: digest algorithm MD5 is deprecated gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more information gpg: no ultimately trusted keys found Marking this as critical, as it _could_ (though I don't believe it) be security relvant and as it modifies data from another package. Any ideas? Chris. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image.*"; APT::NeverAutoRemove:: "^kfreebsd-image.*"; APT::NeverAutoRemove:: "^linux-restricted-modules.*"; APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*"; APT::NeverAutoRemove:: "^gnumach$"; APT::NeverAutoRemove:: "^gnumach-image.*"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "restricted/metapackages"; APT::Never-MarkAuto-Sections:: "universe/metapackages"; APT::Never-MarkAuto-Sections:: "multiverse/metapackages"; APT::Never-MarkAuto-Sections:: "oldlibs"; APT::Never-MarkAuto-Sections:: "restricted/oldlibs"; APT::Never-MarkAuto-Sections:: "universe/oldlibs"; APT::Never-MarkAuto-Sections:: "multiverse/oldlibs"; APT::Architectures ""; APT::Architectures:: "amd64"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::mirrors "mirrors/"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::vendorlist "vendors.list"; Dir::Etc::vendorparts "vendors.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Media ""; Dir::Media::MountPath "/media/apt"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Acquire ""; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom/"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; DPkg ""; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/sbin/apt-listbugs apt || exit 10"; DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -ne 10"; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; DPkg::Tools ""; DPkg::Tools::Options ""; DPkg::Tools::Options::/usr/sbin/apt-listbugs ""; DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "2"; DPkg::Tools::Options::/usr/bin/apt-listchanges ""; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi"; DPkg::Post-Invoke:: "if [ -x /usr/bin/rkhunter ] && grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- (/etc/apt/sources.list present, but not submitted) -- -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.9-heisenberg (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2010.08.28 ii gnupg 1.4.12-3 ii libc6 2.13-27 ii libgcc1 1:4.6.3-1 ii libstdc++6 4.6.3-1 ii zlib1g 1:1.2.6.dfsg-2 apt recommends no packages. Versions of packages apt suggests: ii apt-doc 0.8.15.10 ii aptitude 0.6.5-1 ii bzip2 1.0.6-1 ii dpkg-dev 1.16.1.2 ii python-apt 0.8.3+nmu1 ii xz-lzma [lzma] 5.1.1alpha+20110809-3 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org