summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-18SECURITY UPDATE: content injection in http method (CVE-2019-3462)Julian Andres Klode
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353
2017-09-13Release 1.4.81.4.8Julian Andres Klode
2017-09-13Fix translator comment location for legacy target warningJulian Andres Klode
In commit Do not warn about duplicate "legacy" targets, we we added an if, that changed the .po files... (cherry picked from commit e9db5ba7c7631d51359967afb1d563da7637be11) Gbp-Dch: ignore
2017-09-13apt-daily: Pull in network-online.target in service, not timerJulian Andres Klode
There's no real point in pulling it in in the timer already, and it it somewhat saver to do so in the service. (cherry picked from commit 11417c1058e1b8441ee8f30f948e854b7a6ce89e) LP: #1716973
2017-09-13Do not warn about duplicate "legacy" targetsJulian Andres Klode
If a source has a legacy Contents file, and two lines mention the same archive but different components, a warning would be issued that is confusing. So, as the field is named Contents-deb-legacy, let's just not print warnings for fields containing "legacy". LP: #1697120 Closes: #839259 (cherry picked from commit 5a747462baef6cecf6ed389c7b7492443930f7ed)
2017-09-13don't ask an uninit _system for supported archsDavid Kalnischkies
A libapt user who hasn't initialized _system likely has a reason, so we shouldn't greet back with a segfault usually deep down in the callstack for no reason. If the user had intended to pick up information from the system, _system wouldn't be uninitialized after all. LP: #1613184 SRU: 1.4.y (cherry picked from commit cba5c5a26a9bf00724f8ea647ac61b30e32734ba)
2017-09-13Gracefully terminate process when stopping apt-daily-upgradeBalint Reczey
The main process is guessed by systemd. This prevents killing dpkg run by unattended-upgrades in the middle of installing packages and ensures graceful shutdown. The timeout of 900 seconds after which apt-daily-upgrade.service is killed is in sync with unattended-upgrades's timer. LP: #1690980 (cherry picked from commit 78bc10d4702b30b46d802294ac43cffc34d9c431)
2017-07-14Release 1.4.7, take 21.4.7Julian Andres Klode
Make the changelog more detailed so release team is happy about it.
2017-07-04Release 1.4.7Julian Andres Klode
2017-07-04travis: Migrate to DockerJulian Andres Klode
This is based on master, just with one less variant, and stretch as the base image. Gbp-Dch: ignore
2017-07-02http: A response with Content-Length: 0 has no contentJulian Andres Klode
APT considered any response with a Content-Length to have a body, even if the value of the header was 0. A 0 length body however, is equal to no body. (cherry picked from commit d47fb34ae03566feec7fec6dccba80e45fa03e6f)
2017-07-02debian/gbp.conf: Set debian-branch to 1.4.yJulian Andres Klode
2017-06-30Reset failure reason when connection was successfulJulian Andres Klode
When APT was trying multiple addresses, any later error somewhere else would be reported with ConnectionRefused or ConnectionTimedOut as the FailReason because that was set by early connect attempts. This causes APT to handle the failures differently, leading to some weirdly breaking test cases (like the changed one). Add debugging to the previously failing test case so we can find out when something goes wrong there again. (cherry picked from commit d3a70c3e5ae68a0e5a3d4667dd1d0fc0887e6263)
2017-06-29use port from SRV record instead of initial portDavid Kalnischkies
An SRV record includes a portnumber to use with the host given, but apt was ignoring the portnumber and instead used either the port given by the user for the initial host or the default port for the service. In practice the service usually runs on another host on the default port, so it tends to work as intended and even if not and apt can't get a connection there it will gracefully fallback to contacting the initial host with the right port, so its a user invisible bug most of the time. (cherry picked from commit 9bdc09016f9570389451dd619d7e878bfeaa91df)
2017-06-29fix a "critical" typo in old changelog entryRobert Luberda
This typo exposes a bug in apt-listchanges that prevents commands like `apt-listchanges --show-all apt_*.deb' from showing the changelog. The bug will be fixed in next upload of apt-listchanges, but I think it would be nice have the typo fixed as well. Closes: 866358 (cherry picked from commit ec0ebf784d15821786334a4781d0b58b0b163363)
2017-06-28travis: ignore profiling warning in progress linesDavid Kalnischkies
On Travis CI running tests with code coverage enabled sometimes generates profiling lines, which we filter out for a while now, but that misses lines generated showing progress still causing test failures, so more sed logic is added in the hopes to ignore them. Extends: 58608941e6b58a46109b7cd875716b3d8054c4bf Gbp-Dch: Ignore (cherry picked from commit fc251c8c9e2a76ab5c350900e9e032830c81e2b3)
2017-06-01Release 1.4.61.4.6Julian Andres Klode
2017-06-01apt.systemd.daily: Use unattend-ugrade --download-only if availableJulian Andres Klode
Using dry-run as in the previous commit is not really correct, as it logs dpkg debugging output too. So, let's assume unattended-upgrade gets a --download-only option and use that if it is available. This lets us add the downloading part to unattended-upgrades later on, without requiring versioned dependencies between the two. Closes: #863859
2017-06-01apt.systemd.daily: Pass --dry-run to unattended-upgrade, not -dJulian Andres Klode
We want to download stuff: --dry-run Simulation, download but do not install not debug: -d, --debug print debug messages Confusion everywhere! Closes: #863859
2017-05-31Release 1.4.51.4.5Julian Andres Klode
2017-05-31Fix parsing of or groups in build-deps with ignored packagesJulian Andres Klode
If the last alternative(s) of an Or group is ignored, because it does not match an architecture list, we would end up keeping the or flag, effectively making the next AND an OR. For example, when parsing (on amd64): debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386] => debhelper (>= 9), libnacl-dev | Which can cause python-apt to crash. Even worse: debhelper (>= 9), libnacl-dev [amd64] | libnacl-dev [i386], foobar => debhelper (>= 9), libnacl-dev [amd64] | foobar By setting the previous alternatives Or flag to the current Or flag if the current alternative is ignored, we solve the issue. LP: #1694697
2017-05-16Release 1.4.41.4.4Julian Andres Klode
2017-05-16apt.systemd.daily: Drop the LOCKFD variableJulian Andres Klode
Gbp-Dch: ignore
2017-05-16apt.systemd.daily: fix error from locking codeAlan Jenkins
Error: pkgs that look like they should be upgraded: Error in function stop Traceback (most recent call last): File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 240, in stop apt_pkg.size_to_str(self.current_cps))).rstrip("\n")) File "/usr/lib/python3/dist-packages/apt/progress/text.py", line 51, in _write self._file.write("\r") AttributeError: 'NoneType' object has no attribute 'write' fetch.run() result: 0 Caused by: LOCKFD=3 unattended_upgrades $LOCKFD>&- Unfortunately this code does not work, it is equivalent to unattended_upgrades 3 >&- I.e. it left fd 3 open, but closed stdout! Closes: #862567
2017-05-11Release 1.4.31.4.3Julian Andres Klode
2017-05-07Updated Czech translation of aptMiroslav Kure
Closes: #861943
2017-05-07Do not try to (re)start timers outside 'apt' packageJulian Andres Klode
dh_systemd_start inserted postinst commands in all packages, rather than just the package containing the timers. This also gets rid of postinst scripts for all other packages, yay. Closes: #862001
2017-05-04Release 1.4.21.4.2Julian Andres Klode
2017-05-04Merge branch 'lp1686470'Julian Andres Klode
2017-05-04bash-completion: Fix spelling of autocleanMatt Kraai
Closes: #861846
2017-05-04Split apt-daily timer into twoJulian Andres Klode
The timer doing downloading runs throughout the day, whereas automatic upgrade and clean actions only happen in the morning. The upgrade service and timer have After= ordering requirements on their non-upgrade counterparts to ensure that upgrading at boot takes place after downloading. LP: #1686470
2017-05-04apt.systemd.daily: Add lockingJulian Andres Klode
Use a lock file to make sure only one instance of the script is running at the same time.
2017-05-03Run unattended-upgrade -d in download partJulian Andres Klode
We want to download the upgrades first, if unattended-upgrades is configured. We don't want to use the normal dist-upgrade -d thing for it, though, as unattended-upgrades only upgrades a subset.
2017-04-26Allow the daily script to be run in two phasesJulian Andres Klode
This adds an argument to the script which may be update, install, or empty. In the update cases, downloads are performed. In the install case, installs are performed. If empty, both are run. Gbp-Dch: ignore
2017-04-24Release 1.4.11.4.1Julian Andres Klode
2017-04-24apt-ftparchive: Support '.ddeb' dbgsym packagesUnit 193
2017-04-24debian/rules: Actually invoke dh_clean in override_dh_cleanJulian Andres Klode
Regression from commit f5e9be1da89725f9bf1915bdf86fdc4a77edf917
2017-04-24systemd: Rework timing and add After=network-onlineJulian Andres Klode
The timeout values were so large that the timer could run at any random time of the day, possibly easily interfering with business hours, and causing trouble. Reduce them to 30 minutes of random delay and an accuracy to the default value (1 minute). Also drop the 18:00 event. People still actively use their device during that time, and for servers, there might be less attendance than in the regular 06:00 time slot, so longer time to fix things if something breaks. During a boot, the service might be run to catch up with a timer that would have normally elapsed. Due to no dependencies, it would have run before the network is online - that's bad. Adding an After and a Wants fixes that for boots, but still leaves the same issue for Resume. LP: #1615482
2017-04-01Release the April Fools' release1.4Julian Andres Klode
2017-04-01da.po: Fix overtranslated "show" commandJulian Andres Klode
Reported-By: Niels Thykier on IRC Gbp-Dch: ignore
2017-03-19Ignore AutomaticRemove conffile option in upgradeDavid Kalnischkies
We are in a dilemma here: The regression of sorts was introduced in 2013 with commit d8a8f9d7f0 allowing pkg modifiers for the upgrade commands. That calls the autoremover as a sideeffect through and with it comes the option to remove the garbage packages in these commands (similar to aptitude). Having the option on the commandline is no problem – people aren't going to request what they don't want (or so I hope), but the documentation explicitly states that this option only effects install/remove and mentions a config knob users might use and expect to not suddenly apply (especially without documentation) to more commands. Just reverting the commit is out of question, completely ignoring the option breaks the workflow of every user who happened to use --autoremove on the commandline for upgrade and expects that to work given that it was accepted and worked in a stable release. Changing the documentation to reflect reality while perhaps the simplest and cleanest option contradicts freeze and is a surprising change we tend to avoid like the plague while just leaving it be confuses all users who end up believing the documentation even if was different in the last 3 years. So what we do is a tricky compromise: The configuration option if read from a file does apply only for install/remove as documented, while if the option is encountered on the commandline it is accepted and applies to the upgrade which should make 99% of the users happy. The rest has to wait for us to figure out for buster how to get that documented and implemented in a saner way. Closes: #855891
2017-03-19Fix and avoid quoting in CommandLine::AsStringDavid Kalnischkies
In the intended usecase where this serves as a hack there is no problem with double/single quotes being present as we write it to a log file only, but nowadays our calling of apt-key produces a temporary config file containing this "setting" as well and suddently quoting is important as the config file syntax is allergic to it. So the fix is to ignore all quoting whatsoever in the input and just quote (with singles) the option values with spaces. That gives us 99% of the time the correct result and the 1% where the quote is an integral element of the option … doesn't exist – or has bigger problems than a log file not containing the quote. Same goes for newlines in values. LP: #1672710
2017-03-14Danish program translation updateJoe Dalton
Closes: #856723
2017-03-13Fix mistake in CHANGEPATH comment exampleJulian Andres Klode
It says SRCNAME_SRCVER, but the example just gives the SRCVER part. Reported-By: Nishanth Aravamudan (nacc) in #ubuntu-devel
2017-03-13auto-removal: Ignore running kernel if attempting a reproducible buildChris Lamb
If one is attempting to create a reproducible ISO image we do not want to include the build system's kernel version, not only due to it breaking reproducibility, but it could be somewhat misleading and/or the wrong thing to put in this file anyway. Closes: #857632
2017-03-07Ignore \.ucf-[a-z]+$ like we do for \.dpkg-[a-z]+$Julian Andres Klode
This gets rid of warnings about .ucf-dist files Reported-By: Axel Beckert (on IRC)
2017-02-22Release 1.4~rc21.4_rc2Julian Andres Klode
2017-02-12debian: Generate debian/copyright during cleanJulian Andres Klode
Ubuntu servers / Launchpad rejects uploads where debian/copyright is a symbolic link, and lintian warns about them. I think that's crazy, but I'm tired of having to work around this in SRUs, so let's just solve it by copying the file during clean: This way, it won't be in git, but it will be generated during the export by git-buildpackage.
2017-02-12CMake: Install statvfs.h to include/sys, not just include/Julian Andres Klode
We are including sys/statvfs.h, not statvfs.h, so make sure our dummy in the correct spot.
2017-02-11Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()Julian Andres Klode
-1 is not an allowed value for the file descriptor, the only allowed non-file-descriptor value is AT_FDCWD. So use that instead. AT_SYMLINK_NOFOLLOW has a weird semantic: It checks whether we have the specified access on the symbolic link. It also is implemented only by glibc on Linux, so it's inherently non-portable. We should just drop it. Thanks: James Clarke for debugging these issues Reported-by: James Clarke <jrtc27@jrtc27.com>