Age | Commit message (Collapse) | Author |
|
apt Debian release 1.4.9
|
|
|
|
|
|
|
|
This fixes a security issue that can be exploited to inject arbritrary debs
or other files into a signed repository as followed:
(1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is
\n encoded)
(2) apt method decodes the redirect (because the method encodes the URLs before
sending them out), writting something like
somewhere\n
<headers>
into its output
(3) apt then uses the headers injected for validation purposes.
Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec
LP: #1812353
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In commit Do not warn about duplicate "legacy" targets, we
we added an if, that changed the .po files...
(cherry picked from commit e9db5ba7c7631d51359967afb1d563da7637be11)
Gbp-Dch: ignore
|
|
There's no real point in pulling it in in the timer already,
and it it somewhat saver to do so in the service.
(cherry picked from commit 11417c1058e1b8441ee8f30f948e854b7a6ce89e)
LP: #1716973
|
|
If a source has a legacy Contents file, and two lines mention
the same archive but different components, a warning would be
issued that is confusing. So, as the field is named Contents-deb-legacy,
let's just not print warnings for fields containing "legacy".
LP: #1697120
Closes: #839259
(cherry picked from commit 5a747462baef6cecf6ed389c7b7492443930f7ed)
|
|
A libapt user who hasn't initialized _system likely has a reason, so we
shouldn't greet back with a segfault usually deep down in the callstack
for no reason. If the user had intended to pick up information from the
system, _system wouldn't be uninitialized after all.
LP: #1613184
SRU: 1.4.y
(cherry picked from commit cba5c5a26a9bf00724f8ea647ac61b30e32734ba)
|
|
The main process is guessed by systemd. This prevents killing dpkg
run by unattended-upgrades in the middle of installing packages
and ensures graceful shutdown.
The timeout of 900 seconds after which apt-daily-upgrade.service
is killed is in sync with unattended-upgrades's timer.
LP: #1690980
(cherry picked from commit 78bc10d4702b30b46d802294ac43cffc34d9c431)
|
|
Make the changelog more detailed so release team is happy
about it.
|
|
|
|
This is based on master, just with one less variant, and
stretch as the base image.
Gbp-Dch: ignore
|
|
APT considered any response with a Content-Length to have a
body, even if the value of the header was 0. A 0 length body
however, is equal to no body.
(cherry picked from commit d47fb34ae03566feec7fec6dccba80e45fa03e6f)
|
|
|
|
When APT was trying multiple addresses, any later error
somewhere else would be reported with ConnectionRefused
or ConnectionTimedOut as the FailReason because that
was set by early connect attempts. This causes APT to
handle the failures differently, leading to some weirdly
breaking test cases (like the changed one).
Add debugging to the previously failing test case so
we can find out when something goes wrong there again.
(cherry picked from commit d3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263)
|
|
An SRV record includes a portnumber to use with the host given, but apt
was ignoring the portnumber and instead used either the port given by
the user for the initial host or the default port for the service.
In practice the service usually runs on another host on the default
port, so it tends to work as intended and even if not and apt can't get
a connection there it will gracefully fallback to contacting the initial
host with the right port, so its a user invisible bug most of the time.
(cherry picked from commit 9bdc09016f9570389451dd619d7e878bfeaa91df)
|
|
This typo exposes a bug in apt-listchanges that prevents commands like
`apt-listchanges --show-all apt_*.deb' from showing the changelog.
The bug will be fixed in next upload of apt-listchanges, but I think
it would be nice have the typo fixed as well.
Closes: 866358
(cherry picked from commit ec0ebf784d15821786334a4781d0b58b0b163363)
|
|
On Travis CI running tests with code coverage enabled sometimes
generates profiling lines, which we filter out for a while now,
but that misses lines generated showing progress still causing test
failures, so more sed logic is added in the hopes to ignore them.
Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf
Gbp-Dch: Ignore
(cherry picked from commit fc251c8c9e2a76ab5c350900e9e032830c81e2b3)
|
|
|
|
Using dry-run as in the previous commit is not really correct, as
it logs dpkg debugging output too. So, let's assume unattended-upgrade
gets a --download-only option and use that if it is available.
This lets us add the downloading part to unattended-upgrades later
on, without requiring versioned dependencies between the two.
Closes: #863859
|
|
We want to download stuff:
--dry-run Simulation, download but do not install
not debug:
-d, --debug print debug messages
Confusion everywhere!
Closes: #863859
|
|
|
|
If the last alternative(s) of an Or group is ignored, because it does
not match an architecture list, we would end up keeping the or flag,
effectively making the next AND an OR.
For example, when parsing (on amd64):
debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386]
=> debhelper (>= 9), libnacl-dev |
Which can cause python-apt to crash.
Even worse:
debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar
=> debhelper (>= 9), libnacl-dev [amd64] | foobar
By setting the previous alternatives Or flag to the current Or flag
if the current alternative is ignored, we solve the issue.
LP: #1694697
|
|
|
|
Gbp-Dch: ignore
|
|
Error:
pkgs that look like they should be upgraded:
Error in function stop
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240,
in stop
apt_pkg.size_to_str(self.current_cps))).rstrip("\n"))
File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51,
in _write
self._file.write("\r")
AttributeError: 'NoneType' object has no attribute 'write'
fetch.run() result: 0
Caused by:
LOCKFD=3
unattended_upgrades $LOCKFD>&-
Unfortunately this code does not work, it is equivalent to
unattended_upgrades 3 >&-
I.e. it left fd 3 open, but closed stdout!
Closes: #862567
|
|
|
|
Closes: #861943
|
|
dh_systemd_start inserted postinst commands in all packages,
rather than just the package containing the timers.
This also gets rid of postinst scripts for all other
packages, yay.
Closes: #862001
|
|
|
|
|
|
Closes: #861846
|
|
The timer doing downloading runs throughout the day, whereas
automatic upgrade and clean actions only happen in the morning.
The upgrade service and timer have After= ordering requirements
on their non-upgrade counterparts to ensure that upgrading at
boot takes place after downloading.
LP: #1686470
|
|
Use a lock file to make sure only one instance of the
script is running at the same time.
|
|
We want to download the upgrades first, if unattended-upgrades
is configured. We don't want to use the normal dist-upgrade -d
thing for it, though, as unattended-upgrades only upgrades a
subset.
|