summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-06-21check when finished downloading the InRelease file if it has the expected ↵Michael Vogt
gpg clearsign signature and if not download Release/Release.gpg instead
2012-04-19* apt-inst/contrib/extracttar.cc:Michael Vogt
- ensure that in StartGzip the InFd is set to "AutoClose" to ensure that the pipe is closed when InFd is closed. This fixes a Fd leak (LP: #985452)
2012-03-27* apt-pkg/deb/dpkgpm.cc:Michael Vogt
- do not crash if (*I).Pkg is NULL (LP: #939867)
2012-03-13add APT::pkgPackageManager::MaxLoopCount to ensure that theMichael Vogt
ordering code does not get into a endless loop when it flip-flops between two states
2012-03-13merged from debian-experimental2Michael Vogt
2012-03-13merged from lp:~donkult/apt/experimentalMichael Vogt
2012-03-13recheck dependencies in SmartUnpack after a change, tooDavid Kalnischkies
2012-03-13* apt-pkg/packagemanager.cc:David Kalnischkies
- recheck all dependencies if we changed a package in SmartConfigure as this could break an earlier dependency (LP: #940396)
2012-03-12ensure that the fullname of a package is displayed in the debug outputDavid Kalnischkies
2012-03-12improve the testcode so that we do not depend on the order of unpackingDavid Kalnischkies
of specific packages as long as the order is okay in general
2012-03-12now that the package name 'apt' is a magic word enabling essential statusDavid Kalnischkies
for said package i can't use it anymore in the testcase, so use another name
2012-03-07show which dependency couldn't be satisfied in the debug outputDavid Kalnischkies
2012-03-07* apt-pkg/packagemanager.cc:Michael Vogt
- fix inconsistent clog/cout usage in the debug output
2012-03-06releasing version 0.8.16~exp13Michael Vogt
2012-03-06merged from lp:~donkult/apt/experimentalMichael Vogt
2012-03-06add Debug::pkgAcqArchive::NoQueue to disable package downloadingDavid Kalnischkies
2012-03-06merge with apt/experimentalDavid Kalnischkies
* apt-pkg/packagemanager.cc: - fix bug in predepends handling - ensure that packages that needs unpackaging are unpacked before they are configured (LP: #927993) [ Julian Andres Klode ] * apt-pkg/deb/deblistparser.cc: - Set the Essential flag on APT instead of only Important * apt-pkg/packagemanager.cc: - Do not use immediate configuration for packages with the Important flag * Treat the Important flag like the Essential flag with those differences: - No Immediate configuration (see above) - Not automatically installed during dist-upgrade - No higher score for installation ordering
2012-03-06* apt-pkg/packagemanager.cc:Michael Vogt
- fix bug in predepends handling - ensure that packages that needs unpackaging are unpacked before they are configured (LP: #927993)
2012-03-06* apt-pkg/contrib/fileutl.cc:David Kalnischkies
- do not warn about the ignoring of directories (Closes: #662762)
2012-03-05changelog: Document scoring difference for Important flagJulian Andres Klode
* Treat the Important flag like the Essential flag with those differences: - No higher score for installation ordering
2012-03-05* Treat the Important flag like the Essential flag with two differences:Julian Andres Klode
- No Immediate configuration (see above) - Not automatically installed during dist-upgrade
2012-03-05* apt-pkg/packagemanager.cc:Julian Andres Klode
- Do not use immediate configuration for packages with the Important flag
2012-03-05* apt-pkg/deb/deblistparser.cc:Julian Andres Klode
- Set the Essential flag on APT instead of only Important
2012-03-05as we parse datestrings from external sources a lot specify the lengthDavid Kalnischkies
of the integer fields as well to avoid crashes in scanf as cppchecks warns: "(warning) scanf without field width limits can crash with huge input data"
2012-03-05fix "(style) The scope of the variable 'count' can be reduced"David Kalnischkies
2012-03-05micro-optimize "(performance) Prefer prefix ++/-- operators for ↵David Kalnischkies
non-primitive types."
2012-03-05set char-limits for the scanf parsing previous crash-reportsDavid Kalnischkies
2012-03-05fix "(performance) Possible inefficient checking for 'R' emptiness."David Kalnischkies
2012-03-05fix "(style) Checking if unsigned variable 'Minor' is less than zero."David Kalnischkies
2012-03-05ensure that (s)scanf doesn't parse a too long Code now that a previousDavid Kalnischkies
commit lifted the Line-length limit
2012-03-04fix two "(style) Variable 'Res' is assigned a value that is never used"David Kalnischkies
2012-03-04fix "(error) Possible null pointer dereference: BindAddr" by ensuringDavid Kalnischkies
that BindAddr isn't NULL after getaddrinfo()
2012-03-04fix "(style) Statements following return, break, continue, goto or throwDavid Kalnischkies
will never be executed." from cppcheck. The fd was closed only after a return, so invert the order of lines and be happy
2012-03-04fix a bunch of cppcheck "(warning) Member variable '<#>' is notDavid Kalnischkies
initialized in the constructor." messages (no functional change)
2012-03-04handle a SIGINT in all modes as a break after the currently runningDavid Kalnischkies
dpkg transaction instead of ignoring it completely
2012-03-04* apt-pkg/acquire-item.cc:David Kalnischkies
- remove 'old' InRelease file if we can't get a new one before proceeding with Release.gpg to avoid the false impression of a still trusted repository by a (still present) old InRelease file. Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214) Effected are all versions >= 0.8.11 Possible attack summary: - Attacker needs to find a user which has run at least one successful 'apt-get update' against an archive providing InRelease files. - Create a Packages file with his preferred content. - Attacker then prevents the download of InRelease, Release and Release.gpg (alternatively he creates a valid Release file and sends this, the other two files need to be missing either way). - User updates against this, getting the modified Packages file without any indication of being unsigned (beside the "Ign InRelease" and "Ign Release.gpg" in the output of 'apt-get update'). => deb files from this source are considered 'trusted' (and therefore the user isn't asked for an additional confirmation before install)
2012-03-03testcase for CVE-2012-0214Simon Ruderich
2012-03-03* apt-pkg/packagemanager.cc:David Kalnischkies
- do not try to a void a breaks if the broken package pre-depends on the breaker, but let dpkg auto-deconfigure it
2012-03-03allow msgtest to be used with only one parameterDavid Kalnischkies
2012-03-03show in the debug output if we are looping in the avoid breaksDavid Kalnischkies
2012-03-03eanup the ordering-code avoiding a break (no function change)David Kalnischkies
2012-03-02* apt-pkg/packagemanager.cc:Michael Vogt
- when calculating pre-dependencies ensure that both unpack and configure are considered (instead of only configure) LP: #927993
2012-02-27fix the string in the testcasesDavid Kalnischkies
2012-02-25* cmdline/apt-cache.cc:David Kalnischkies
- correct --pre-depends option by using dash consistently (LP: #940837)
2012-02-18improve 'error' message for packages which are only referencedDavid Kalnischkies
e.g. in a Depends line and are now requested for removal
2012-02-18* cmdline/apt-get.cc:David Kalnischkies
- if a package can't be removed as it is not installed, suggest to the user an (installed) multiarch silbing with 'Did you mean?'
2012-02-18use pdiff for Translation-* files if available (Closes: #657902)David Kalnischkies
Beware: pdiffs for Translation-* are only acquired if their availability is advertised in the Release file.
2012-02-18* apt-pkg/acquire-item.cc:David Kalnischkies
- drop support for i18n/Index file (introduced in 0.8.11) and use the Release file instead to get the Translations (Closes: #649314) * ftparchive/writer.cc: - add 'Translation-*' to the default patterns i18n/Index was never used outside debian - and even here it isn't used consistently as only 'main' has such a file. As the Release file now includes the Translation-* files we therefore drop support for i18n/Index. A version supporting it was never part of a debian release and still supporting it would mean that we get 99% of the time a 404 as response to the request anyway and confuse archive maintainers who want to provide all files APT tries to acquire.
2012-02-18ensure that the cache-directories are really directories beforeDavid Kalnischkies
trying to get a list of included files from them
2012-02-18* apt-pkg/indexrecords.cc:David Kalnischkies
- do not create empty Entries as a sideeffect of Lookup()