Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package apt We have three categories of changes: 1. We recently changed apt to reject Release.gpg files that do not contain exclusively ASCII-armored signatures. This broke some repositories which relied on non-armored signatures to work as well, which was accidentally possible. The error message we printed was just "NODATA", which causes people to waste a lot of time analysing their repositories and then file bugs against apt. We added an extra check that tells them that the file should be ASCII-armored if found to be an non-armored file. This is known as Bug #921685, and while the bug only says important, I believe it is somewhat release-critical, so we don't get flooded with bug reports after the release. 2. Two tiny fixes have been applied to fix (a) a typo in the name of a recently introduced hook "APT::Update-Post-Invoke-Stats" ^^ should be :: (b) a missing auth.conf.d directory We don't have bugs for those, but they are completely harmless, and the first one would be terrible to miss out on, as we'd end up having to support two names of that hook $forever. 3. Translation updates unblock apt/1.8.0 -- System Information: Debian Release: buster/sid APT prefers disco APT policy: (991, 'disco'), (500, 'disco'), (500, 'cosmic-security') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-13-generic (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en
diff -Nru apt-1.8.0~rc4/apt-pkg/contrib/gpgv.cc apt-1.8.0/apt-pkg/contrib/gpgv.cc --- apt-1.8.0~rc4/apt-pkg/contrib/gpgv.cc 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/apt-pkg/contrib/gpgv.cc 2019-03-08 09:41:20.000000000 +0100 @@ -297,10 +297,24 @@ } if (found_signatures == 0 && statusfd != -1) { - // This is not an attack attempt but a file even gpgv would complain about - // likely the result of a paywall which is covered by the gpgv method auto const errtag = "[GNUPG:] NODATA\n"; FileFd::Write(fd[1], errtag, strlen(errtag)); + // guess if this is a binary signature, we never officially supported them, + // but silently accepted them via passing them unchecked to gpgv + if (found_badcontent) + { + rewind(detached.get()); + auto ptag = fgetc(detached.get()); + // §4.2 says that the first bit is always set and gpg seems to generate + // only old format which is indicated by the second bit not set + if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0) + { + apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str()); + local_exit(112); + } + } + // This is not an attack attempt but a file even gpgv would complain about + // likely the result of a paywall which is covered by the gpgv method local_exit(113); } else if (found_badcontent) diff -Nru apt-1.8.0~rc4/apt-private/private-update.cc apt-1.8.0/apt-private/private-update.cc --- apt-1.8.0~rc4/apt-private/private-update.cc 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/apt-private/private-update.cc 2019-03-08 09:41:20.000000000 +0100 @@ -139,7 +139,7 @@ else ioprintf(c1out, msg, upgradable); - RunScripts("APT::Update-Post-Invoke-Stats"); + RunScripts("APT::Update::Post-Invoke-Stats"); } return true; diff -Nru apt-1.8.0~rc4/CMakeLists.txt apt-1.8.0/CMakeLists.txt --- apt-1.8.0~rc4/CMakeLists.txt 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/CMakeLists.txt 2019-03-08 09:41:20.000000000 +0100 @@ -188,7 +188,7 @@ # Configure some variables like package, version and architecture. set(PACKAGE ${PROJECT_NAME}) set(PACKAGE_MAIL "APT Development Team <de...@lists.debian.org>") -set(PACKAGE_VERSION "1.8.0~rc4") +set(PACKAGE_VERSION "1.8.0") if (NOT DEFINED DPKG_DATADIR) execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;" @@ -243,6 +243,7 @@ # Create our directories. install_empty_directories( ${CONF_DIR}/apt.conf.d + ${CONF_DIR}/auth.conf.d ${CONF_DIR}/preferences.d ${CONF_DIR}/sources.list.d ${CONF_DIR}/trusted.gpg.d diff -Nru apt-1.8.0~rc4/debian/changelog apt-1.8.0/debian/changelog --- apt-1.8.0~rc4/debian/changelog 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/debian/changelog 2019-03-08 09:41:20.000000000 +0100 @@ -1,3 +1,21 @@ +apt (1.8.0) unstable; urgency=medium + + [ David Kalnischkies ] + * Add explicit message for unsupported binary signature (Closes: #921685) + + [ Milo Casagrande ] + * [l10n] Update Italian translation + + [ Julian Andres Klode ] + * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...) + * CMake: Install auth.conf.d directory (LP: #1818996) + + [ Frans Spiesschaert ] + * Dutch program translation update (Closes: #923728) + * Dutch manpages translation update (Closes: #923834) + + -- Julian Andres Klode <j...@debian.org> Fri, 08 Mar 2019 09:41:20 +0100 + apt (1.8.0~rc4) unstable; urgency=medium * update: Provide APT::Update-Post-Invoke-Stats script hook point diff -Nru apt-1.8.0~rc4/doc/apt-verbatim.ent apt-1.8.0/doc/apt-verbatim.ent --- apt-1.8.0~rc4/doc/apt-verbatim.ent 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/doc/apt-verbatim.ent 2019-03-08 09:41:20.000000000 +0100 @@ -268,7 +268,7 @@ "> <!-- this will be updated by 'prepare-release' --> -<!ENTITY apt-product-version "1.8.0~rc4"> +<!ENTITY apt-product-version "1.8.0"> <!-- (Code)names for various things used all over the place --> <!ENTITY debian-oldstable-codename "stretch"> diff -Nru apt-1.8.0~rc4/doc/po/apt-doc.pot apt-1.8.0/doc/po/apt-doc.pot --- apt-1.8.0~rc4/doc/po/apt-doc.pot 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/doc/po/apt-doc.pot 2019-03-08 09:41:20.000000000 +0100 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: apt-doc 1.8.0~rc4\n" +"Project-Id-Version: apt-doc 1.8.0\n" "Report-Msgid-Bugs-To: APT Development Team <de...@lists.debian.org>\n" -"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" diff -Nru apt-1.8.0~rc4/doc/po/nl.po apt-1.8.0/doc/po/nl.po --- apt-1.8.0~rc4/doc/po/nl.po 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/doc/po/nl.po 2019-03-08 09:41:20.000000000 +0100 @@ -4,10 +4,10 @@ # msgid "" msgstr "" -"Project-Id-Version: apt-doc 1.8.0~beta1\n" +"Project-Id-Version: apt-doc 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team <de...@lists.debian.org>\n" -"POT-Creation-Date: 2019-02-10 14:34+0100\n" -"PO-Revision-Date: 2019-01-30 12:49+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" +"PO-Revision-Date: 2019-02-16 20:46+0100\n" "Last-Translator: Frans Spiesschaert <frans.spiesscha...@yucom.be>\n" "Language-Team: Debian Dutch l10n Team <debian-l10n-du...@lists.debian.org>\n" "Language: nl\n" @@ -1241,16 +1241,12 @@ #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para> #: apt-get.8.xml -#, fuzzy -#| msgid "" -#| "A new <literal>list</literal> command is available similar to " -#| "<literal>dpkg --list</literal>." msgid "" "<literal>reinstall</literal> is an alias for <literal>install --reinstall</" "literal>." msgstr "" -"Een nieuw commando <literal>list</literal> staat ter beschikking, " -"vergelijkbaar met <literal>dpkg --list</literal>." +"<literal>reinstall</literal> is een alias voor <literal>install --reinstall</" +"literal>." #. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para> #: apt-get.8.xml diff -Nru apt-1.8.0~rc4/po/apt-all.pot apt-1.8.0/po/apt-all.pot --- apt-1.8.0~rc4/po/apt-all.pot 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/po/apt-all.pot 2019-03-08 09:41:20.000000000 +0100 @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: apt 1.8.0~rc4\n" +"Project-Id-Version: apt 1.8.0\n" "Report-Msgid-Bugs-To: APT Development Team <de...@lists.debian.org>\n" -"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" diff -Nru apt-1.8.0~rc4/po/it.po apt-1.8.0/po/it.po --- apt-1.8.0~rc4/po/it.po 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/po/it.po 2019-03-08 09:41:20.000000000 +0100 @@ -1,15 +1,15 @@ # Italian translation of apt -# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018 The Free Software Foundation, Inc. +# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019 The Free Software Foundation, Inc. # This file is distributed under the same license as the apt package. # Samuele Giovanni Tonon <s...@debian.org>, 2002. -# Milo Casagrande <m...@milo.name>, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018. +# Milo Casagrande <m...@milo.name>, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019. # msgid "" msgstr "" "Project-Id-Version: apt\n" "Report-Msgid-Bugs-To: APT Development Team <de...@lists.debian.org>\n" -"POT-Creation-Date: 2019-02-04 15:34+0100\n" -"PO-Revision-Date: 2018-12-04 09:33+0100\n" +"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"PO-Revision-Date: 2019-03-04 11:05+0100\n" "Last-Translator: Milo Casagrande <m...@milo.name>\n" "Language-Team: Italian <t...@lists.linux.it>\n" "Language: it\n" @@ -17,7 +17,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -"X-Generator: Poedit 2.1.1\n" +"X-Generator: Poedit 2.2.1\n" #: apt-inst/contrib/arfile.cc msgid "Invalid archive signature" @@ -433,6 +433,8 @@ "The method '%s' is unsupported and disabled by default. Consider switching " "to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again." msgstr "" +"Il metodo \"%s\" non è supportato ed è disabilitato: passare a http(s). Per " +"abilitarlo nuovamente, impostare Dir::Bin::Methods::%s a \"%s\"." #: apt-pkg/acquire-worker.cc #, c-format @@ -1632,6 +1634,8 @@ msgid "" "%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records" msgstr "" +"%s: il valore speciale \"Pin-Priority: %s\" può essere usato solamente con " +"voci \"Package: *\"" #: apt-pkg/policy.cc #, c-format @@ -2944,10 +2948,8 @@ msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)" #: cmdline/apt-get.cc -#, fuzzy -#| msgid "Install new packages (pkg is libc6 not libc6.deb)" msgid "Reinstall packages (pkg is libc6 not libc6.deb)" -msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)" +msgstr "Installa nuovamente pacchetti (PKG è libc6 non libc6.deb)" #: cmdline/apt-get.cc msgid "Remove packages" @@ -3102,13 +3104,11 @@ #: cmdline/apt-mark.cc msgid "No changes necessary" -msgstr "" +msgstr "Nessuna modifica necessaria" #: cmdline/apt-mark.cc -#, fuzzy -#| msgid "The following NEW packages will be installed:" msgid "The following packages will be marked as automatically installed:" -msgstr "I seguenti pacchetti NUOVI saranno installati:" +msgstr "I seguenti pacchetti verranno segnati come installati automaticamente:" #: cmdline/apt-mark.cc #, c-format @@ -3177,10 +3177,9 @@ msgstr "Segna i pacchetti forniti come installati manualmente" #: cmdline/apt-mark.cc -#, fuzzy -#| msgid "Mark the given packages as automatically installed" msgid "Mark all dependencies of meta packages as automatically installed." -msgstr "Segna i pacchetti forniti come installati automaticamente" +msgstr "" +"Segna tutte le dipendenze dei meta pacchetti come installate automaticamente" #: cmdline/apt-mark.cc msgid "Mark a package as held back" @@ -3260,10 +3259,8 @@ msgstr "Installa pacchetti" #: cmdline/apt.cc -#, fuzzy -#| msgid "install packages" msgid "reinstall packages" -msgstr "Installa pacchetti" +msgstr "Installa nuovamente pacchetti" #: cmdline/apt.cc msgid "remove packages" diff -Nru apt-1.8.0~rc4/po/nl.po apt-1.8.0/po/nl.po --- apt-1.8.0~rc4/po/nl.po 2019-02-26 08:32:01.000000000 +0100 +++ apt-1.8.0/po/nl.po 2019-03-08 09:41:20.000000000 +0100 @@ -10,10 +10,10 @@ # msgid "" msgstr "" -"Project-Id-Version: apt 1.8.0~beta1\n" +"Project-Id-Version: apt 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team <de...@lists.debian.org>\n" -"POT-Creation-Date: 2019-02-10 13:19+0100\n" -"PO-Revision-Date: 2019-01-29 17:31+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" +"PO-Revision-Date: 2019-02-16 20:35+0100\n" "Last-Translator: Frans Spiesschaert <frans.spiesscha...@yucom.be>\n" "Language-Team: Debian Dutch l10n Team <debian-l10n-du...@lists.debian.org>\n" "Language: nl\n" @@ -439,6 +439,9 @@ "The method '%s' is unsupported and disabled by default. Consider switching " "to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again." msgstr "" +"Methode '%s' wordt niet ondersteund en is standaard uitgeschakeld. U " +"schakelt best over op http(s). Stel Dir::Bin::Methods::%s in op \"%s\" om " +"deze opnieuw in te schakelen." #: apt-pkg/acquire-worker.cc #, c-format @@ -1632,6 +1635,8 @@ msgid "" "%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records" msgstr "" +"%s: Het bijzondere 'Pin-Priority: %s' kan enkel gebruikt worden voor " +"structuren van het type 'Package: *'" #: apt-pkg/policy.cc #, c-format @@ -2937,10 +2942,8 @@ msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)" #: cmdline/apt-get.cc -#, fuzzy -#| msgid "Install new packages (pkg is libc6 not libc6.deb)" msgid "Reinstall packages (pkg is libc6 not libc6.deb)" -msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)" +msgstr "Pakketten opnieuw installeren (pakket is libc6, niet libc6.deb)" #: cmdline/apt-get.cc msgid "Remove packages" @@ -3247,10 +3250,8 @@ msgstr "pakketten installeren" #: cmdline/apt.cc -#, fuzzy -#| msgid "install packages" msgid "reinstall packages" -msgstr "pakketten installeren" +msgstr "pakketten opnieuw installeren" #: cmdline/apt.cc msgid "remove packages" diff -Nru apt-1.8.0~rc4/test/integration/test-bug-921685-binary-detached-signature apt-1.8.0/test/integration/test-bug-921685-binary-detached-signature --- apt-1.8.0~rc4/test/integration/test-bug-921685-binary-detached-signature 1970-01-01 01:00:00.000000000 +0100 +++ apt-1.8.0/test/integration/test-bug-921685-binary-detached-signature 2019-03-08 09:41:20.000000000 +0100 @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'foo' 'all' '1' + +buildaptarchive +setupdistsaptarchive + +for RELEASE in $(find aptarchive -name 'Release'); do + # note the missing --armor + dosigning "keys/joesixpack" --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" +done + +testfailure apt show foo +testfailure aptget update +testsuccess grep 'W: .* Detached signature file .* is in unsupported binary format' rootdir/tmp/testfailure.output +testfailure apt show foo