summaryrefslogtreecommitdiff
path: root/apt-pkg
AgeCommit message (Collapse)Author
2013-06-24do not modify DepIterator as we might check againDavid Kalnischkies
fixup for 42d51f333e8ef522fed02cdfc48663488d56c3a3 The for-loop iterating over the DepIterators which need configuration can (and will be in 'complicated' situations) run multiple times, so we can't just GlobOr on the DepIterator as it modifies it, so that the next iteration over the list ends up checking another dependency leading us into a 'Internal error, packages left unconfigured. foopkg' maybe or we are 'lucky' and calculate a solution which might break down the line Git-Dch: Ignore
2013-06-20trigger NODATA error for invalid InRelease filesDavid Kalnischkies
With the selfgrown splitting we got the problem of not recovering from networks which just reply with invalid data like those sending us login pages to authenticate with the network (e.g. hotels) back. The good thing about the InRelease file is that we know that it must be clearsigned (a Release file might or might not have a detached sig) so if we get a file but are unable to split it something is seriously wrong, so there is not much point in trying further. The Acquire system already looks out for a NODATA error from gpgv, so this adds a new error message sent to the acquire system in case the splitting we do now ourselves failed including this magic word. Closes: #712486
2013-06-20do not redownload unchanged InRelease filesDavid Kalnischkies
Before we download the 'new' InRelease file the old file will be moved out of the way with the name 'foobar_InRelease.reverify', so if no partial file for the 'new' file exists take the modification time from this reverify file, so that if we get an IMS hit for the InRelease file we can move back the reverify file as new file rather than downloading the 'new' file even though we already have it. We do the same for Release files and this happened to work until the reverify renaming was corrected for InRelease files.
2013-06-20support \n and \r\n line endings in ReadMessagesDavid Kalnischkies
2013-06-20handle missing "Description" in apt-cache showDavid Kalnischkies
do not blindly assume that all packages stanzas have a "Description:" field in 'apt-cache show' as well as in the cache creation itself. We instead assume now that if the stanza has a Description, it will not be the first field as we look out for "\nDescription" to take care of MD5sum as well as (maybe ignored) translated Descriptions embedded in the package stanza. Closes: #712435
2013-06-09ensure state-dir exists before coyping cdrom filesDavid Kalnischkies
We do the same in the acquire system which handles the 'normal' downloads, so do it here as well even though its unlikely anyone will ever notice (beside testcases of course …)
2013-06-09fail in CopyFile if the FileFds have error flag setDavid Kalnischkies
Testing for global PendingErrors in users of CopyFile is incorrect in so far as unrelated errors will prevent us from copying perfectly fine files and checking for the validity of the files is just better in CopyFiles as it already checks if files are at least opened. Add also a higher-level error message to the error stack if it fails.
2013-06-09OpenDescriptor should autoclose fd always on errorDavid Kalnischkies
OpenInternDescriptor failures would cause additional errors to be generated by double-closing an fd. Other errors (although these are generated if the method is used incorrectly, so unlikely) didn't close the fd aswell. Closes: 704608
2013-06-09set Fail flag in FileFd on all errors consistentlyDavid Kalnischkies
Previously some errors would set the Fail flag while some didn't without a clear reason as all errors leave a bad FileFd behind, so we use a helper now to ensure that all errors set the flag.
2013-06-09make the vprintf like _error->Insert publicDavid Kalnischkies
Git-Dch: Ignore
2013-06-09deprecate InstallProtect as a cpu-eating no-opDavid Kalnischkies
In the past packages were flagged "Protected" so that install/ remove markings where issued before the ProblemResolver. Nowadays, the marking methods check if they are allowed to modify the marking of a package instead, so that markings set by FromUser calls are not overwritten anymore by automatic calls which elimates the need for InstallProtect which just eats CPU now. The method itself is left untouched for now in case frontend needs it still for some wierd usecase, but they should be eliminated.
2013-06-09do unpacks before configures in SmartConfigureDavid Kalnischkies
Splits the big loop over dependencies in SmartConfigure which unpacks and configures dependencies into two loops and reverse their order, so that all dependencies which need to be unpacked are handled first and only after that configures are issued for dependencies. This is needed as otherwise the unpack of a (new) dependency will be issued in between a configure call for two (or more) packages which form a loop, which means the configure calls aren't part of the same dpkg call and therefore dpkg bails out. Such tight loops should really be avoided as they are usually wrong – and in reality the dependencies in libreoffice were greatly simplified thanks to Rene Engelhard so the problem is gone for the benefit of all. Closes: 707578
2013-06-09try all providers in order if uninstallable in MarkInstallDavid Kalnischkies
2013-06-09fix priority sorting by prefering higher in MarkInstallDavid Kalnischkies
Used to work until a certain (here unnamed) person came along and used the wrong operator causing low-priority packages to be sorted above high-priority packages while choosing a provider in commit 2b5c35c7bb915dbd46fefd7c79f05364ba22f93b from Nov 2011
2013-06-09prefer Essentials over Removals in ordering scoreDavid Kalnischkies
Doing Removes early is good to have them out of the way, so they don't break 'Inst' or 'Conf' chains, but scoring them above Essentials means that we end up upgrading (many) less important packages before we handle big stuff like libc6 or debconf which not only fails if those less important packages have unannounced (strict) dependencies, but also leads to having these packages unconfigured for a long time triggering bugs in maintainer scripts for no good reason (#708831). So this commits sets the default value for remove scores to 100, which is below the one for essentials (200) and a lot lower than the previous default value (500).
2013-06-09rewrite pkgOrderList::DepRemove to stop incorrect immediate settingDavid Kalnischkies
Some squeeze → wheezy upgrades indicate that DepRemove runs amok in complicated setups as it wasn't correctly working with or-groups. Completely rewritten the check is now moving from or-group to or-group instead. The behavior should be the same as the code before, but (hopefully) with less bugs and more comments. Closes: 645713
2013-06-06fix double free (closes: #711045)Michael Vogt
2013-05-16non-inline RunGPGV methods to restore ABI compatibility with previous ↵David Kalnischkies
versions to fix partial upgrades (Closes: #707771) The rename in 0.9.7.9~exp2 moved the method body to the class definition which means it became inline, which isn't ABI compatibile. The reverse of moving inline to non-inline is safe though.
2013-05-08merged patch from Daniel Hartwig to fix URI and proxy releated issuesMichael Vogt
2013-05-08merged from the debian-wheezy branchMichael Vogt
2013-05-08* apt-pkg/algorithms.cc:Michael Vogt
- Do not propagate negative scores from rdepends. Propagating the absolute value of a negative score may boost obsolete packages and keep them installed instead of installing their successors. (Closes: #699759)
2013-05-08properly handle if-modfied-since with libcurl/https Michael Vogt
(closes: #705648)
2013-04-10Fix English spelling error in a message ('A error'). Unfuzzybubulle@debian.org
translations. Closes: #705087
2013-04-08merged bundle from davidMichael Vogt
2013-04-04* apt-pkg/sourcelist.cc:Michael Vogt
- fix segfault when a hostname contains a [, thanks to Tzafrir Cohen (closes: #704653)
2013-04-03share version strings between same versions (of different architectures)David Kalnischkies
to save some space and allow quick comparisions later on
2013-04-03* apt-pkg/cacheiterators.h:David Kalnischkies
- provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
2013-04-03apt-pkg/contrib/gpgv.cc: fix InRelease checkMichael Vogt
2013-04-03 - sort group and package names in the hashtable on insertDavid Kalnischkies
* apt-pkg/pkgcache.cc: - assume sorted hashtable entries for groups/packages
2013-04-02merged lp:~mvo/apt/fix-inrelease5Michael Vogt
2013-04-01micro-optimize and enhance readability of ListParser::VersionHashDavid Kalnischkies
2013-04-01equal comparisions are used mostly in same-source relations,David Kalnischkies
so use this to try to reuse some version strings
2013-04-01* apt-pkg/deb/debversion.cc:David Kalnischkies
- add a string-equal shortcut for equal version comparisions
2013-03-22merged lp:~mvo/apt/fix-tagfile-hashMichael Vogt
2013-03-22merged the debian-wheezy branchMichael Vogt
2013-03-20apt-pkg/edsp.cc: do not use stderr in WriteSolution at allMichael Vogt
2013-03-20apt-pkg/edsp.cc: do not spam stderr in WriteSolutionMichael Vogt
2013-03-19support dash-escaped text in clearsigned files as implementations areDavid Kalnischkies
free to escape all lines (we have no lines in our files which need to be escaped as these would be invalid fieldnames) and while ExecGPGV would detect dash-escaped text as invalid (as its not expected in messages with detached signatures) it would be possible to "comment" lines in (signed) dsc files which are only parsed but not verified
2013-03-19use FileFd instead of int fds to tidy up the interface a bitDavid Kalnischkies
2013-03-18* apt-pkg/deb/debindexfile.cc,David Kalnischkies
apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files
2013-03-18 - add method to open (maybe) clearsigned files transparentlyDavid Kalnischkies
* ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files
2013-03-18fix pkgTagSection::Exists() and add testMichael Vogt
2013-03-16ensure that we fclose/unlink/free in the new gpg-code as soon as possibleDavid Kalnischkies
2013-03-15 - if ExecGPGV deals with a clear-signed file it will split this fileDavid Kalnischkies
into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default
2013-03-15split out a method to strip whitespaces only on the right sideMichael Vogt
2013-03-15* apt-pkg/acquire-item.cc:David Kalnischkies
- keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us
2013-03-15don't close stdout/stderr if it is also the statusfdDavid Kalnischkies
2013-03-15* apt-pkg/contrib/gpgv.cc:David Kalnischkies
- ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases
2013-03-15* apt-pkg/indexcopy.cc:David Kalnischkies
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
2013-03-14* SECURITY UPDATE: InRelease verification bypass0.9.7.8Michael Vogt
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw