Bug#611088: apt-dater-host silently ignores ABI-incompatible updates

Tue, 25 Jan 2011 09:18:17 -0800 

severity #611088 critical
thanks

Indeed, this is critical

Am 25.01.2011 15:10, schrieb Thomas Liske:
> Package: apt-dater-host
> Version: 0.8.4-2
> Severity: important
> Tags: upstream patch
> 
> 
> Hi,
> 
> this bug is related to SF Bug#3158198 reported by Mathieu PARENT:
> 
> apt-dater-host does silently ignore any ABI-incompatible updates (like 
> bind9). Users of apt-dater might think that their hosts are up to date while 
> they are missing important security fixes (i.e. recent bind9 updates).
> 
> There is a simple patch to solve this issue:
> 
> ===================================================================
> --- apt-dater-host/trunk/debian/apt-dater-host  2011-01-21 08:51:02 UTC (rev 
> 543)
> +++ apt-dater-host/trunk/debian/apt-dater-host  2011-01-21 08:57:45 UTC (rev 
> 544)
> @@ -191,8 +191,8 @@
>         $DPKGARGS = "--quiet --simulate --fix-broken --allow-unauthenticated";
>      }
>  
> -    unless(open(HAPT, "$_GETROOT $DPKGTOOL $DPKGARGS upgrade |")) {
> -       print "\nADPERR: Failed to execute '$_GETROOT $DPKGTOOL $DPKGARGS 
> upgrade' ($!).\n";
> +    unless(open(HAPT, "$_GETROOT $DPKGTOOL $DPKGARGS dist-upgrade |")) {
> +       print "\nADPERR: Failed to execute '$_GETROOT $DPKGTOOL $DPKGARGS 
> dist-upgrade' ($!).\n";
>         exit(1);
>      }
>      while(<HAPT>) {
> @@ -224,7 +224,7 @@
>      }
>      close(HAPT);
>      if($?) {
> -       print "\nADPERR: Error executing '$GETROOT $DPKGTOOL $DPKGARGS 
> upgrade' ($?).\n";
> +       print "\nADPERR: Error executing '$GETROOT $DPKGTOOL $DPKGARGS 
> dist-upgrade' ($?).\n";
>         exit(1);
>      }
> 
> 
> HTH,
> Thomas
> 
> -- System Information:
> Debian Release: 6.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages apt-dater-host depends on:
> ii  debconf [debconf-2.0]   1.5.36           Debian configuration management 
> sy
> ii  libapt-pkg-perl         0.1.24+b1        Perl interface to libapt-pkg
> ii  lsb-release             3.2-23.2squeeze1 Linux Standard Base version 
> report
> ii  openssh-server          1:5.5p1-6        secure shell (SSH) server, for 
> sec
> ii  perl                    5.10.1-17        Larry Wall's Practical 
> Extraction 
> 
> Versions of packages apt-dater-host recommends:
> ii  aptitude                      0.6.3-3.2  terminal-based package manager 
> (te
> ii  imvirt                        0.9.1-pre1 I'm virtualized?
> ii  sudo                          1.7.4p4-2  Provide limited super user 
> privile
> 
> apt-dater-host suggests no packages.
> 
> -- Configuration Files:
> /etc/apt-dater-host.conf changed [not included]
> 
> -- debconf information excluded
> 
> 


-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatth...@debian.org
        patr...@linux-dev.org

Comment:
Always if we think we are right,
we were maybe wrong.
*/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to