Age | Commit message (Collapse) | Author |
|
- use Dump() to generate the configuration output
|
|
- use Dump() to generate the configuration message for sending
|
|
- add a more versatile Dump() method
|
|
- remove the message size limit from ioprintf and strprintf
|
|
|
|
preference given by the Order setting is really available before adding
it as possible CompressionType.
|
|
|
|
- actually return to the fallback modifier if we have detected we
should for packagenames which look like modifiers (Closes: #669591)
|
|
- do not use the input data directly but memcpy it instead as
it could be unaligned as in the http-transport which causes
a sigbus error on sparc (Closes: #669061)
|
|
- if the compressor is not installed, but we link against it's
library accept it as a CompressionType (Closes: #669328)
|
|
|
|
|
|
- iterate over all pre-depends or-group member instead of looping
endlessly over the first member in SmartUnpack (LP: #985852)
|
|
- redirect stderr from compressors to /dev/null
|
|
- only treat the native apt as essential by default
|
|
with g++-4.1 it complains about this so lets be extra clear
|
|
- init counter in SmartConfigure so that the loop-breaker isn't
triggered at random… (Closes: #669060)
|
|
message
|
|
|
|
|
|
ignore the presents (or absence) of lzma if we decided to use xz
|
|
- remove the libz-dev alternative from zlib1g-dev build-dependency
- do the same for bz2 builtin if available
* apt-pkg/contrib/fileutl.cc:
- use libz2 library for (de)compression instead of the bzip2 binary as
the first is a dependency of dpkg and the later just priority:optional
so we gain 'easier' access to bz2-compressed Translation files this way
|
|
|
|
- if present, prefer xz binary over lzma
|
|
compatible with users accessing it directly, but this prepares for a drop
of this strict requirement in the future
|
|
- do not crash if (*I).Pkg is NULL (LP: #939867)
|
|
|
|
to the more standard PACKAGE_VERSION and make it work in every file
|
|
- check return of writev() as gcc recommends
* methods/mirror.cc:
- check return of chdir() as gcc recommends
* apt-pkg/deb/dpkgpm.cc:
- check return of write() a gcc recommends
* apt-inst/deb/debfile.cc:
- check return of chdir() as gcc recommends
* apt-inst/deb/dpkgdb.cc:
- check return of chdir() as gcc recommends
|
|
- check return of write() as gcc recommends
* apt-pkg/acquire.cc:
- check return of write() as gcc recommends
* apt-pkg/cdrom.cc:
- check return of chdir() and link() as gcc recommends
* apt-pkg/clean.cc:
- check return of chdir() as gcc recommends
* apt-pkg/contrib/netrc.cc:
- check return of asprintf() as gcc recommends
|
|
ordering code does not get into a endless loop when it flip-flops
between two states
|
|
|
|
|
|
- recheck all dependencies if we changed a package in SmartConfigure
as this could break an earlier dependency (LP: #940396)
|
|
|
|
|
|
- fix inconsistent clog/cout usage in the debug output
|
|
|
|
* apt-pkg/packagemanager.cc:
- fix bug in predepends handling - ensure that packages that needs
unpackaging are unpacked before they are configured (LP: #927993)
[ Julian Andres Klode ]
* apt-pkg/deb/deblistparser.cc:
- Set the Essential flag on APT instead of only Important
* apt-pkg/packagemanager.cc:
- Do not use immediate configuration for packages with the Important flag
* Treat the Important flag like the Essential flag with those differences:
- No Immediate configuration (see above)
- Not automatically installed during dist-upgrade
- No higher score for installation ordering
|
|
- fix bug in predepends handling - ensure that packages that needs
unpackaging are unpacked before they are configured (LP: #927993)
|
|
- do not warn about the ignoring of directories (Closes: #662762)
|
|
- No Immediate configuration (see above)
- Not automatically installed during dist-upgrade
|
|
- Do not use immediate configuration for packages with the Important flag
|
|
- Set the Essential flag on APT instead of only Important
|
|
of the integer fields as well to avoid crashes in scanf as cppchecks warns:
"(warning) scanf without field width limits can crash with huge input data"
|
|
|
|
initialized in the constructor." messages (no functional change)
|
|
dpkg transaction instead of ignoring it completely
|
|
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
Effected are all versions >= 0.8.11
Possible attack summary:
- Attacker needs to find a user which has run at least one successful
'apt-get update' against an archive providing InRelease files.
- Create a Packages file with his preferred content.
- Attacker then prevents the download of InRelease, Release and
Release.gpg (alternatively he creates a valid Release file and sends
this, the other two files need to be missing either way).
- User updates against this, getting the modified Packages file without
any indication of being unsigned (beside the "Ign InRelease" and
"Ign Release.gpg" in the output of 'apt-get update').
=> deb files from this source are considered 'trusted' (and therefore the
user isn't asked for an additional confirmation before install)
|
|
- do not try to a void a breaks if the broken package pre-depends
on the breaker, but let dpkg auto-deconfigure it
|