Univention Bugzilla – Bug 35969
apt: Multiple issues (3.2)
Last modified: 2014-11-04 18:32:12 CET
The test case 33source fails since Friday on all roles. Either the test case needs to be adapted or the original bug has to be rechecked. *************************************************************************** *** BEGIN *** ['/bin/bash', '33source'] *** *** 09_updater/33source *** Update localhost repository with sources 1. setup local repository with sources 2. check if including sources works *** 6599 blocks gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created OK Stopping periodic command scheduler: cron. done. WARNUNG: Die folgenden Pakete können nicht authentifiziert werden! test-18821-25368 E: Einige Pakete konnten nicht authentifiziert werden **************** Test failed above this line **************** ERROR 33source:37 0 ERROR apt-get -qq source "${pkgname}" === RESULT: 110 === *** END *** 110 *** *************************************************************************** +++ This bug was initially created as a clone of Bug #35948 +++ Multiple issues have been found in the implementation of Secure Apt: Incorrect handling of 304 replies (CVE-2014-0487) Incorrect invalidation when switching between authenticated and unauthenticated sources (CVE-2014-0488) Missing verification when using Acquire::Gzip indexes (CVE-2014-0489) One issue (CVE-2014-0490) doesn't apply to UCS 3.2, the affected code isn't present yet.
APT from Bug #35948 now requires more signed files. r53815 | Bug #35969 test/updater: Fix unsigned source file test Fix signing *.dsc and Release files Package: ucs-test Version: 4.0.166-81.797.201409221413 Branch: ucs_3.2-0 Scope: errata3.2-3
r53820 | Bug #35969 test/updater: Fix unsigned source file test Successful build Package: ucs-test Version: 5.0.10-1.798.201409221446 Branch: ucs_4.0-0
OK, it works again.