diff -Nru software-properties-0.81.13.2/debian/changelog software-properties-0.81.13.4/debian/changelog --- software-properties-0.81.13.2/debian/changelog 2011-11-30 08:46:12.000000000 +0000 +++ software-properties-0.81.13.4/debian/changelog 2012-04-25 19:55:55.000000000 +0000 @@ -1,3 +1,21 @@ +software-properties (0.81.13.4) oneiric-proposed; urgency=low + + * manually shift the policy index to work around wrong upgrade policy being + set. (LP: #944876) + + -- Jonathan Riddell Wed, 25 Apr 2012 20:55:20 +0100 + +software-properties (0.81.13.3) oneiric-security; urgency=low + + * SECURITY UPDATE: incorrect ssl certificate validation (LP: #915210) + - softwareproperties/ppa.py: use pycurl to download the signing key + fingerprint. + - tests/test_lp.py: add test. + - debian/control: add python-pycurl dependency. + - CVE-2011-4407 + + -- Marc Deslauriers Thu, 26 Jan 2012 10:51:26 -0500 + software-properties (0.81.13.2) oneiric-proposed; urgency=low * add-apt-repository: diff -Nru software-properties-0.81.13.2/debian/control software-properties-0.81.13.4/debian/control --- software-properties-0.81.13.2/debian/control 2011-10-20 08:45:56.000000000 +0000 +++ software-properties-0.81.13.4/debian/control 2012-01-26 15:51:11.000000000 +0000 @@ -18,7 +18,7 @@ Architecture: all Depends: ${python:Depends}, ${misc:Depends}, python, python-apt (>= 0.6.20ubuntu16), lsb-release, python-gnupginterface, - unattended-upgrades, iso-codes + unattended-upgrades, iso-codes, python-pycurl Description: manage the repositories that you install software from This software provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software diff -Nru software-properties-0.81.13.2/preview.diff software-properties-0.81.13.4/preview.diff --- software-properties-0.81.13.2/preview.diff 1970-01-01 00:00:00.000000000 +0000 +++ software-properties-0.81.13.4/preview.diff 2012-04-25 19:26:41.000000000 +0000 @@ -0,0 +1,41 @@ +=== modified file 'debian/changelog' +--- debian/changelog 2012-03-13 19:12:54 +0000 ++++ debian/changelog 2012-04-25 19:26:45 +0000 +@@ -1,3 +1,10 @@ ++software-properties (0.82.7.1) precise-proposed; urgency=low ++ ++ * manually shift the policy index to work around wrong upgrade policy being ++ set. (LP: #944876) ++ ++ -- Philip Muškovac Wed, 25 Apr 2012 21:11:57 +0200 ++ + software-properties (0.82.7) precise; urgency=low + + * software-properties-dbus: Use GLib instead of the deprecated gobject. + +=== modified file 'softwareproperties/kde/SoftwarePropertiesKDE.py' +--- softwareproperties/kde/SoftwarePropertiesKDE.py 2011-11-21 16:32:49 +0000 ++++ softwareproperties/kde/SoftwarePropertiesKDE.py 2012-04-25 19:26:45 +0000 +@@ -149,6 +149,10 @@ + def init_release_upgrades(self): + " setup the widgets that allow configuring the release upgrades " + i = self.get_release_upgrades_policy() ++ ++ # FIXME: hack for LP: #944876 ++ i = (i + 1) % 3 ++ + self.userinterface.combobox_release_upgrades.setCurrentIndex(i) + kapp.connect(self.userinterface.combobox_release_upgrades, SIGNAL("currentIndexChanged(int)"), self.on_combobox_release_upgrades_changed) + +@@ -395,6 +399,10 @@ + def on_combobox_release_upgrades_changed(self, combobox): + """ set the release upgrades policy """ + i = self.userinterface.combobox_release_upgrades.currentIndex() ++ ++ # FIXME: hack for LP: #944876 ++ i = (i - 1) % 3 ++ + self.set_release_upgrades_policy(i) + + def on_combobox_server_changed(self, combobox): + diff -Nru software-properties-0.81.13.2/softwareproperties/kde/SoftwarePropertiesKDE.py software-properties-0.81.13.4/softwareproperties/kde/SoftwarePropertiesKDE.py --- software-properties-0.81.13.2/softwareproperties/kde/SoftwarePropertiesKDE.py 2011-10-20 08:30:04.000000000 +0000 +++ software-properties-0.81.13.4/softwareproperties/kde/SoftwarePropertiesKDE.py 2012-04-25 19:54:02.000000000 +0000 @@ -149,6 +149,10 @@ def init_release_upgrades(self): " setup the widgets that allow configuring the release upgrades " i = self.get_release_upgrades_policy() + + # FIXME: hack for LP: #944876 + i = (i + 1) % 3 + self.userinterface.combobox_release_upgrades.setCurrentIndex(i) kapp.connect(self.userinterface.combobox_release_upgrades, SIGNAL("currentIndexChanged(int)"), self.on_combobox_release_upgrades_changed) @@ -395,6 +399,10 @@ def on_combobox_release_upgrades_changed(self, combobox): """ set the release upgrades policy """ i = self.userinterface.combobox_release_upgrades.currentIndex() + + # FIXME: hack for LP: #944876 + i = (i - 1) % 3 + self.set_release_upgrades_policy(i) def on_combobox_server_changed(self, combobox): diff -Nru software-properties-0.81.13.2/softwareproperties/ppa.py software-properties-0.81.13.4/softwareproperties/ppa.py --- software-properties-0.81.13.2/softwareproperties/ppa.py 2011-10-20 08:29:33.000000000 +0000 +++ software-properties-0.81.13.4/softwareproperties/ppa.py 2012-01-26 15:51:11.000000000 +0000 @@ -24,13 +24,13 @@ import re import subprocess from threading import Thread -import urllib -from urllib2 import urlopen, Request, URLError -from urlparse import urlparse +import pycurl DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/" # maintained until 2015 LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s' +# None means use pycurl default +LAUNCHPAD_PPA_CERT = None def encode(s): return re.sub("[^a-zA-Z0-9_-]","_", s) @@ -56,13 +56,30 @@ sourceslistd, encode(ppa_owner), encode(ppa_name), distro_codename) return (line, filename) +class CurlCallback: + def __init__(self): + self.contents = '' + + def body_callback(self, buf): + self.contents = self.contents + buf + def get_ppa_info_from_lp(owner_name, ppa_name): lp_url = LAUNCHPAD_PPA_API % (owner_name, ppa_name) # we ask for a JSON structure from lp_page, we could use # simplejson, but the format is simple enough for the regexp - req = Request(lp_url) - req.add_header("Accept","application/json") - lp_page = urlopen(req).read() + callback = CurlCallback() + curl = pycurl.Curl() + curl.setopt(pycurl.SSL_VERIFYPEER, 1) + curl.setopt(pycurl.SSL_VERIFYHOST, 2) + curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback) + # only useful for testing + if LAUNCHPAD_PPA_CERT: + curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT) + curl.setopt(pycurl.URL, str(lp_url)) + curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"]) + curl.perform() + curl.close() + lp_page = callback.contents return json.loads(lp_page) class AddPPASigningKeyThread(Thread): @@ -86,8 +103,8 @@ owner_name, ppa_name, distro = ppa_path[1:].split('/') try: ppa_info = get_ppa_info_from_lp(owner_name, ppa_name) - except URLError as e: - print "Error reading %s: %s" % (lp_url, e) + except pycurl.error as e: + print "Error reading %s: %s" % (lp_url, e[1]) return False try: signing_key_fingerprint = ppa_info["signing_key_fingerprint"] diff -Nru software-properties-0.81.13.2/tests/test_lp.py software-properties-0.81.13.4/tests/test_lp.py --- software-properties-0.81.13.2/tests/test_lp.py 1970-01-01 00:00:00.000000000 +0000 +++ software-properties-0.81.13.4/tests/test_lp.py 2012-01-26 15:51:11.000000000 +0000 @@ -0,0 +1,26 @@ +#!/usr/bin/python + +import pycurl +import unittest +import sys +sys.path.insert(0, "..") + +import softwareproperties.ppa + +class TestLP(unittest.TestCase): + + def test_ppa_info_from_lp(self): + # use correct data + info = softwareproperties.ppa.get_ppa_info_from_lp("mvo", "ppa") + self.assertNotEqual(info, {}) + self.assertEqual(info["name"], "ppa") + # use empty CERT file + softwareproperties.ppa.LAUNCHPAD_PPA_CERT = "/dev/null" + self.assertRaises( + pycurl.error, softwareproperties.ppa.get_ppa_info_from_lp, "mvo", "ppa") + + + + +if __name__ == "__main__": + unittest.main()