Bug 35969
| Summary: | apt: Multiple issues (3.2) | ||
|---|---|---|---|
| Product: | UCS Test | Reporter: | Stefan Gohmann <gohmann> |
| Component: | Updater | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Stefan Gohmann <gohmann> |
| Severity: | normal | ||
| Priority: | P1 | CC: | gohmann, jmm, walkenhorst |
| Version: | unspecified | ||
| Target Milestone: | UCS 3.2-3-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | 35948 | ||
| Bug Blocks: | |||
APT from Bug #35948 now requires more signed files. r53815 | Bug #35969 test/updater: Fix unsigned source file test Fix signing *.dsc and Release files Package: ucs-test Version: 4.0.166-81.797.201409221413 Branch: ucs_3.2-0 Scope: errata3.2-3 r53820 | Bug #35969 test/updater: Fix unsigned source file test Successful build Package: ucs-test Version: 5.0.10-1.798.201409221446 Branch: ucs_4.0-0 OK, it works again. |
The test case 33source fails since Friday on all roles. Either the test case needs to be adapted or the original bug has to be rechecked. *************************************************************************** *** BEGIN *** ['/bin/bash', '33source'] *** *** 09_updater/33source *** Update localhost repository with sources 1. setup local repository with sources 2. check if including sources works *** 6599 blocks gpg: keyring `/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' created OK Stopping periodic command scheduler: cron. done. WARNUNG: Die folgenden Pakete können nicht authentifiziert werden! test-18821-25368 E: Einige Pakete konnten nicht authentifiziert werden **************** Test failed above this line **************** ERROR 33source:37 0 ERROR apt-get -qq source "${pkgname}" === RESULT: 110 === *** END *** 110 *** *************************************************************************** +++ This bug was initially created as a clone of Bug #35948 +++ Multiple issues have been found in the implementation of Secure Apt: Incorrect handling of 304 replies (CVE-2014-0487) Incorrect invalidation when switching between authenticated and unauthenticated sources (CVE-2014-0488) Missing verification when using Acquire::Gzip indexes (CVE-2014-0489) One issue (CVE-2014-0490) doesn't apply to UCS 3.2, the affected code isn't present yet.