summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-04-12Don't access invalid string indexesSam Bingner
2019-04-10Merge tag '1.4.9'Sam Bingner
apt Debian release 1.4.9
2019-01-22Workaround for shell scriptsSam Bingner
2019-01-22Remove RunCmdSam Bingner
2019-01-19Release 1.4.91.4.9Julian Andres Klode
2019-01-18SECURITY UPDATE: content injection in http method (CVE-2019-3462)Julian Andres Klode
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353
2018-12-26Merge bingner.com:apt1.4.8+iPhone-1Sam Bingner
2018-12-26Merge nitotv apt fixes into 1.4.81.4.8+nitotvSam Bingner
2018-09-30Use access instead of faccessat for iOS5 compatibilitySam Bingner
2018-09-28Remove errors that we don't needSam Bingner
2018-02-08build changes to work with our new httpJaywalker
2018-02-07Added kirb's TLS1.2 patchJaywalker
2018-02-07Lets get those sizes rightJaywalker
2018-02-07Reverting to kb's gpgv version for nowJaywalker
2018-02-07Fixed last few errors. APT is strict...Jaywalker
2018-02-07Missed a semicolonJaywalker
2018-02-06Fixed system() using coolstar's patch and added other required patchesJaywalker
2018-02-06Added seemingly missing filesJaywalker
2018-02-06Build system changesJaywalker
2017-09-13Release 1.4.81.4.8Julian Andres Klode
2017-09-13Fix translator comment location for legacy target warningJulian Andres Klode
In commit Do not warn about duplicate "legacy" targets, we we added an if, that changed the .po files... (cherry picked from commit e9db5ba7c7631d51359967afb1d563da7637be11) Gbp-Dch: ignore
2017-09-13apt-daily: Pull in network-online.target in service, not timerJulian Andres Klode
There's no real point in pulling it in in the timer already, and it it somewhat saver to do so in the service. (cherry picked from commit 11417c1058e1b8441ee8f30f948e854b7a6ce89e) LP: #1716973
2017-09-13Do not warn about duplicate "legacy" targetsJulian Andres Klode
If a source has a legacy Contents file, and two lines mention the same archive but different components, a warning would be issued that is confusing. So, as the field is named Contents-deb-legacy, let's just not print warnings for fields containing "legacy". LP: #1697120 Closes: #839259 (cherry picked from commit 5a747462baef6cecf6ed389c7b7492443930f7ed)
2017-09-13don't ask an uninit _system for supported archsDavid Kalnischkies
A libapt user who hasn't initialized _system likely has a reason, so we shouldn't greet back with a segfault usually deep down in the callstack for no reason. If the user had intended to pick up information from the system, _system wouldn't be uninitialized after all. LP: #1613184 SRU: 1.4.y (cherry picked from commit cba5c5a26a9bf00724f8ea647ac61b30e32734ba)
2017-09-13Gracefully terminate process when stopping apt-daily-upgradeBalint Reczey
The main process is guessed by systemd. This prevents killing dpkg run by unattended-upgrades in the middle of installing packages and ensures graceful shutdown. The timeout of 900 seconds after which apt-daily-upgrade.service is killed is in sync with unattended-upgrades's timer. LP: #1690980 (cherry picked from commit 78bc10d4702b30b46d802294ac43cffc34d9c431)
2017-07-14Release 1.4.7, take 21.4.7Julian Andres Klode
Make the changelog more detailed so release team is happy about it.
2017-07-04Release 1.4.7Julian Andres Klode
2017-07-04travis: Migrate to DockerJulian Andres Klode
This is based on master, just with one less variant, and stretch as the base image. Gbp-Dch: ignore
2017-07-02http: A response with Content-Length: 0 has no contentJulian Andres Klode
APT considered any response with a Content-Length to have a body, even if the value of the header was 0. A 0 length body however, is equal to no body. (cherry picked from commit d47fb34ae03566feec7fec6dccba80e45fa03e6f)
2017-07-02debian/gbp.conf: Set debian-branch to 1.4.yJulian Andres Klode
2017-06-30Reset failure reason when connection was successfulJulian Andres Klode
When APT was trying multiple addresses, any later error somewhere else would be reported with ConnectionRefused or ConnectionTimedOut as the FailReason because that was set by early connect attempts. This causes APT to handle the failures differently, leading to some weirdly breaking test cases (like the changed one). Add debugging to the previously failing test case so we can find out when something goes wrong there again. (cherry picked from commit d3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263)
2017-06-29use port from SRV record instead of initial portDavid Kalnischkies
An SRV record includes a portnumber to use with the host given, but apt was ignoring the portnumber and instead used either the port given by the user for the initial host or the default port for the service. In practice the service usually runs on another host on the default port, so it tends to work as intended and even if not and apt can't get a connection there it will gracefully fallback to contacting the initial host with the right port, so its a user invisible bug most of the time. (cherry picked from commit 9bdc09016f9570389451dd619d7e878bfeaa91df)
2017-06-29fix a "critical" typo in old changelog entryRobert Luberda
This typo exposes a bug in apt-listchanges that prevents commands like `apt-listchanges --show-all apt_*.deb' from showing the changelog. The bug will be fixed in next upload of apt-listchanges, but I think it would be nice have the typo fixed as well. Closes: 866358 (cherry picked from commit ec0ebf784d15821786334a4781d0b58b0b163363)
2017-06-28travis: ignore profiling warning in progress linesDavid Kalnischkies
On Travis CI running tests with code coverage enabled sometimes generates profiling lines, which we filter out for a while now, but that misses lines generated showing progress still causing test failures, so more sed logic is added in the hopes to ignore them. Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf Gbp-Dch: Ignore (cherry picked from commit fc251c8c9e2a76ab5c350900e9e032830c81e2b3)
2017-06-01Release 1.4.61.4.6Julian Andres Klode
2017-06-01apt.systemd.daily: Use unattend-ugrade --download-only if availableJulian Andres Klode
Using dry-run as in the previous commit is not really correct, as it logs dpkg debugging output too. So, let's assume unattended-upgrade gets a --download-only option and use that if it is available. This lets us add the downloading part to unattended-upgrades later on, without requiring versioned dependencies between the two. Closes: #863859
2017-06-01apt.systemd.daily: Pass --dry-run to unattended-upgrade, not -dJulian Andres Klode
We want to download stuff: --dry-run Simulation, download but do not install not debug: -d, --debug print debug messages Confusion everywhere! Closes: #863859
2017-05-31Release 1.4.51.4.5Julian Andres Klode
2017-05-31Fix parsing of or groups in build-deps with ignored packagesJulian Andres Klode
If the last alternative(s) of an Or group is ignored, because it does not match an architecture list, we would end up keeping the or flag, effectively making the next AND an OR. For example, when parsing (on amd64): debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386] => debhelper (>= 9), libnacl-dev | Which can cause python-apt to crash. Even worse: debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar => debhelper (>= 9), libnacl-dev [amd64] | foobar By setting the previous alternatives Or flag to the current Or flag if the current alternative is ignored, we solve the issue. LP: #1694697
2017-05-16Release 1.4.41.4.4Julian Andres Klode
2017-05-16apt.systemd.daily: Drop the LOCKFD variableJulian Andres Klode
Gbp-Dch: ignore
2017-05-16apt.systemd.daily: fix error from locking codeAlan Jenkins
Error: pkgs that look like they should be upgraded: Error in function stop Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240, in stop apt_pkg.size_to_str(self.current_cps))).rstrip("\n")) File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51, in _write self._file.write("\r") AttributeError: 'NoneType' object has no attribute 'write' fetch.run() result: 0 Caused by: LOCKFD=3 unattended_upgrades $LOCKFD>&- Unfortunately this code does not work, it is equivalent to unattended_upgrades 3 >&- I.e. it left fd 3 open, but closed stdout! Closes: #862567
2017-05-11Release 1.4.31.4.3Julian Andres Klode
2017-05-07Updated Czech translation of aptMiroslav Kure
Closes: #861943
2017-05-07Do not try to (re)start timers outside 'apt' packageJulian Andres Klode
dh_systemd_start inserted postinst commands in all packages, rather than just the package containing the timers. This also gets rid of postinst scripts for all other packages, yay. Closes: #862001
2017-05-04Release 1.4.21.4.2Julian Andres Klode
2017-05-04Merge branch 'lp1686470'Julian Andres Klode
2017-05-04bash-completion: Fix spelling of autocleanMatt Kraai
Closes: #861846
2017-05-04Split apt-daily timer into twoJulian Andres Klode
The timer doing downloading runs throughout the day, whereas automatic upgrade and clean actions only happen in the morning. The upgrade service and timer have After= ordering requirements on their non-upgrade counterparts to ensure that upgrading at boot takes place after downloading. LP: #1686470
2017-05-04apt.systemd.daily: Add lockingJulian Andres Klode
Use a lock file to make sure only one instance of the script is running at the same time.