Age | Commit message (Collapse) | Author |
|
This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:
(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
\n encoded)
(2) apt method decodes the redirect (because the method encodes the URLs before
sending them out), writting something like
somewhere\n
<headers>
into its output
(3) apt then uses the headers injected for validation purposes.
Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec
LP: #1812353
|
|
|
|
In commit Do not warn about duplicate "legacy" targets, we
we added an if, that changed the .po files...
(cherry picked from commit e9db5ba7c7631d51359967afb1d563da7637be11)
Gbp-Dch: ignore
|
|
There's no real point in pulling it in in the timer already,
and it it somewhat saver to do so in the service.
(cherry picked from commit 11417c1058e1b8441ee8f30f948e854b7a6ce89e)
LP: #1716973
|
|
If a source has a legacy Contents file, and two lines mention
the same archive but different components, a warning would be
issued that is confusing. So, as the field is named Contents-deb-legacy,
let's just not print warnings for fields containing "legacy".
LP: #1697120
Closes: #839259
(cherry picked from commit 5a747462baef6cecf6ed389c7b7492443930f7ed)
|
|
A libapt user who hasn't initialized _system likely has a reason, so we
shouldn't greet back with a segfault usually deep down in the callstack
for no reason. If the user had intended to pick up information from the
system, _system wouldn't be uninitialized after all.
LP: #1613184
SRU: 1.4.y
(cherry picked from commit cba5c5a26a9bf00724f8ea647ac61b30e32734ba)
|
|
The main process is guessed by systemd. This prevents killing dpkg
run by unattended-upgrades in the middle of installing packages
and ensures graceful shutdown.
The timeout of 900 seconds after which apt-daily-upgrade.service
is killed is in sync with unattended-upgrades's timer.
LP: #1690980
(cherry picked from commit 78bc10d4702b30b46d802294ac43cffc34d9c431)
|
|
Make the changelog more detailed so release team is happy
about it.
|
|
|
|
This is based on master, just with one less variant, and
stretch as the base image.
Gbp-Dch: ignore
|
|
APT considered any response with a Content-Length to have a
body, even if the value of the header was 0. A 0 length body
however, is equal to no body.
(cherry picked from commit d47fb34ae03566feec7fec6dccba80e45fa03e6f)
|
|
|
|
When APT was trying multiple addresses, any later error
somewhere else would be reported with ConnectionRefused
or ConnectionTimedOut as the FailReason because that
was set by early connect attempts. This causes APT to
handle the failures differently, leading to some weirdly
breaking test cases (like the changed one).
Add debugging to the previously failing test case so
we can find out when something goes wrong there again.
(cherry picked from commit d3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263)
|
|
An SRV record includes a portnumber to use with the host given, but apt
was ignoring the portnumber and instead used either the port given by
the user for the initial host or the default port for the service.
In practice the service usually runs on another host on the default
port, so it tends to work as intended and even if not and apt can't get
a connection there it will gracefully fallback to contacting the initial
host with the right port, so its a user invisible bug most of the time.
(cherry picked from commit 9bdc09016f9570389451dd619d7e878bfeaa91df)
|
|
This typo exposes a bug in apt-listchanges that prevents commands like
`apt-listchanges --show-all apt_*.deb' from showing the changelog.
The bug will be fixed in next upload of apt-listchanges, but I think
it would be nice have the typo fixed as well.
Closes: 866358
(cherry picked from commit ec0ebf784d15821786334a4781d0b58b0b163363)
|
|
On Travis CI running tests with code coverage enabled sometimes
generates profiling lines, which we filter out for a while now,
but that misses lines generated showing progress still causing test
failures, so more sed logic is added in the hopes to ignore them.
Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf
Gbp-Dch: Ignore
(cherry picked from commit fc251c8c9e2a76ab5c350900e9e032830c81e2b3)
|
|
|
|
Using dry-run as in the previous commit is not really correct, as
it logs dpkg debugging output too. So, let's assume unattended-upgrade
gets a --download-only option and use that if it is available.
This lets us add the downloading part to unattended-upgrades later
on, without requiring versioned dependencies between the two.
Closes: #863859
|
|
We want to download stuff:
--dry-run Simulation, download but do not install
not debug:
-d, --debug print debug messages
Confusion everywhere!
Closes: #863859
|
|
|
|
If the last alternative(s) of an Or group is ignored, because it does
not match an architecture list, we would end up keeping the or flag,
effectively making the next AND an OR.
For example, when parsing (on amd64):
debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386]
=> debhelper (>= 9), libnacl-dev |
Which can cause python-apt to crash.
Even worse:
debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar
=> debhelper (>= 9), libnacl-dev [amd64] | foobar
By setting the previous alternatives Or flag to the current Or flag
if the current alternative is ignored, we solve the issue.
LP: #1694697
|
|
|
|
Gbp-Dch: ignore
|
|
Error:
pkgs that look like they should be upgraded:
Error in function stop
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240,
in stop
apt_pkg.size_to_str(self.current_cps))).rstrip("\n"))
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51,
in _write
self._file.write("\r")
AttributeError: 'NoneType' object has no attribute 'write'
fetch.run() result: 0
Caused by:
LOCKFD=3
unattended_upgrades $LOCKFD>&-
Unfortunately this code does not work, it is equivalent to
unattended_upgrades 3 >&-
I.e. it left fd 3 open, but closed stdout!
Closes: #862567
|
|
|
|
Closes: #861943
|
|
dh_systemd_start inserted postinst commands in all packages,
rather than just the package containing the timers.
This also gets rid of postinst scripts for all other
packages, yay.
Closes: #862001
|
|
|
|
|
|
Closes: #861846
|
|
The timer doing downloading runs throughout the day, whereas
automatic upgrade and clean actions only happen in the morning.
The upgrade service and timer have After= ordering requirements
on their non-upgrade counterparts to ensure that upgrading at
boot takes place after downloading.
LP: #1686470
|
|
Use a lock file to make sure only one instance of the
script is running at the same time.
|
|
We want to download the upgrades first, if unattended-upgrades
is configured. We don't want to use the normal dist-upgrade -d
thing for it, though, as unattended-upgrades only upgrades a
subset.
|
|
This adds an argument to the script which may be update, install,
or empty. In the update cases, downloads are performed. In the
install case, installs are performed. If empty, both are run.
Gbp-Dch: ignore
|
|
|
|
|
|
Regression from commit f5e9be1da89725f9bf1915bdf86fdc4a77edf917
|
|
The timeout values were so large that the timer could run at any
random time of the day, possibly easily interfering with business
hours, and causing trouble. Reduce them to 30 minutes of random
delay and an accuracy to the default value (1 minute).
Also drop the 18:00 event. People still actively use their device
during that time, and for servers, there might be less attendance
than in the regular 06:00 time slot, so longer time to fix things
if something breaks.
During a boot, the service might be run to catch up with a timer
that would have normally elapsed. Due to no dependencies, it would
have run before the network is online - that's bad. Adding an After
and a Wants fixes that for boots, but still leaves the same issue
for Resume.
LP: #1615482
|
|
|
|
Reported-By: Niels Thykier on IRC
Gbp-Dch: ignore
|
|
We are in a dilemma here: The regression of sorts was introduced in 2013
with commit d8a8f9d7f0 allowing pkg modifiers for the upgrade commands.
That calls the autoremover as a sideeffect through and with it comes the
option to remove the garbage packages in these commands (similar to aptitude).
Having the option on the commandline is no problem – people aren't going
to request what they don't want (or so I hope), but the documentation
explicitly states that this option only effects install/remove and
mentions a config knob users might use and expect to not suddenly apply
(especially without documentation) to more commands.
Just reverting the commit is out of question, completely ignoring the
option breaks the workflow of every user who happened to use
--autoremove on the commandline for upgrade and expects that to work
given that it was accepted and worked in a stable release. Changing the
documentation to reflect reality while perhaps the simplest and cleanest
option contradicts freeze and is a surprising change we tend to avoid
like the plague while just leaving it be confuses all users who end up
believing the documentation even if was different in the last 3 years.
So what we do is a tricky compromise: The configuration option if read
from a file does apply only for install/remove as documented, while if
the option is encountered on the commandline it is accepted and applies
to the upgrade which should make 99% of the users happy. The rest has to
wait for us to figure out for buster how to get that documented and
implemented in a saner way.
Closes: #855891
|
|
In the intended usecase where this serves as a hack there is no problem
with double/single quotes being present as we write it to a log file
only, but nowadays our calling of apt-key produces a temporary config
file containing this "setting" as well and suddently quoting is
important as the config file syntax is allergic to it.
So the fix is to ignore all quoting whatsoever in the input and just
quote (with singles) the option values with spaces. That gives us 99% of
the time the correct result and the 1% where the quote is an integral
element of the option … doesn't exist – or has bigger problems than a
log file not containing the quote. Same goes for newlines in values.
LP: #1672710
|
|
Closes: #856723
|
|
It says SRCNAME_SRCVER, but the example just gives
the SRCVER part.
Reported-By: Nishanth Aravamudan (nacc) in #ubuntu-devel
|
|
If one is attempting to create a reproducible ISO image we do not want to
include the build system's kernel version, not only due to it breaking
reproducibility, but it could be somewhat misleading and/or the
wrong thing to put in this file anyway.
Closes: #857632
|
|
This gets rid of warnings about .ucf-dist files
Reported-By: Axel Beckert (on IRC)
|
|
|
|
Ubuntu servers / Launchpad rejects uploads where debian/copyright
is a symbolic link, and lintian warns about them. I think that's
crazy, but I'm tired of having to work around this in SRUs, so
let's just solve it by copying the file during clean: This way,
it won't be in git, but it will be generated during the export
by git-buildpackage.
|
|
We are including sys/statvfs.h, not statvfs.h, so make sure our
dummy in the correct spot.
|
|
-1 is not an allowed value for the file descriptor, the only
allowed non-file-descriptor value is AT_FDCWD. So use that
instead.
AT_SYMLINK_NOFOLLOW has a weird semantic: It checks whether
we have the specified access on the symbolic link. It also
is implemented only by glibc on Linux, so it's inherently
non-portable. We should just drop it.
Thanks: James Clarke for debugging these issues
Reported-by: James Clarke <jrtc27@jrtc27.com>
|