summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2015-08-10change to libapt-pkg abi 5.0 with versioned symbolsDavid Kalnischkies
We changed an aweful lot of stuff, so 5.0 is properly better than 4.X as a semantic version and as we are at it lets add some trivial symbol versioning as well: We just mark all exported symbols with the same version for now. This isn't really the proper thing to do as if we add symbols in later versions (with the same abi) they will get the same symbols version, but our .symbols file will protect us from the problems arising from this as it will ensure that a package acutally depends on a version of the abi high enough to include the symbol.
2015-08-10update symbols file to current state of affairsDavid Kalnischkies
cxx11abi transition happens, we changed a bunch of methods and all that stuff which is really good™ for an abi. Lets just slowly start to stop changing more and a first step is to document the current so changes aren't hidding in a big wall of change anymore. Git-Dch: Ignore
2015-08-10enforce GCC5 C++11 ABI and usageDavid Kalnischkies
The library(s) make an API break anyhow, so lets ensure we use gcc5 for this break and enable c++11 as standard as gcc6 will use it as default and should provide some API parts for c++11 – beside that it can't hurt to use c++11 itself. We just have to keep our headers c++03 compatible to not enforce a standrd bump in our reverse dependencies.
2015-08-10merge keyrings with cat instead of gpg in apt-keyDavid Kalnischkies
If all keyrings are simple keyrings we can merge the keyrings with cat rather than doing a detour over gpg --export | --import (see #790665), which means 'apt-key verify' can do without gpg and just use gpgv as before the merging change. We declare this gpgv usage explicit now in the dependencies. This isn't a new dependency as gnupg as well as debian-archive-keyring depend on and we used it before unconditionally, just that we didn't declare it. The handling of the merged keyring needs to be slightly different as our merged keyring can end up containing the same key multiple times, but at least currently gpg does remove only the first occurrence with --delete-keys, so we move the handling to a if one is gone, all are gone rather than an (implicit) quid pro quo or even no effect. Thanks: Daniel Kahn Gillmor for the suggestion
2015-06-23Merge remote-tracking branch 'donkult/debian/experimental' into ↵Michael Vogt
debian/experimental
2015-05-22Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/pkgcache.h debian/changelog methods/https.cc methods/server.cc test/integration/test-apt-download-progress
2015-05-11sync TFRewrite*Order arrays with dpkg and dakDavid Kalnischkies
dpkg and dak know various field names and order them in their output, while we have yet another order and have to play catch up with them as we are sitting between chairs here and neither order is ideal for us, too. A little testcase is from now on supposed to help ensureing that we do not derivate to far away from which fields dpkg knows and orders.
2015-04-28releasing package apt version 1.0.9.91.0.9.9Michael Vogt
2015-04-19Merge branch 'debian/jessie' into debian/experimentalDavid Kalnischkies
Conflicts: apt-pkg/acquire-item.cc cmdline/apt-key.in methods/https.cc test/integration/test-apt-key test/integration/test-multiarch-foreign
2015-04-13release 1.0.9.8David Kalnischkies
2015-03-17Add "ca-certificates" recommends to apt-transport-httpsMichael Vogt
The rational is that https downloads fail with cryptic error messages if the certificates are missing.
2015-03-16merge debian/sid into debian/experimentalDavid Kalnischkies
2015-02-23releasing package apt version 1.0.9.71.0.9.7Michael Vogt
2015-01-16prepare 1.0.9.61.0.9.6Michael Vogt
2014-12-23release 1.0.9.51.0.9.5David Kalnischkies
2014-12-23tighten filtering of kernel images in apt.auto-removalJames McCoy
The current filtering matches the names of the image metapackages on the i386 architecture: $ dpkg-query -l | awk '/^ii[ ]+(linux|kfreebsd|gnumach)-image-[0-9]/ && $2 !~ /-dbg$/ { print $2 }' linux-image-3.16.0-4-586 linux-image-586 This results in an extra image package being removed from APT::NeverAutoRemove, losing the intended effect of keeping the {current, previous, latest} set of images installed. Requiring a “.” in the package name tightens the matched package names to those that are installing a specific version of the image, thus eliding the meta-packages. Closes: 772732
2014-12-03release 1.0.9.41.0.9.4David Kalnischkies
2014-11-10use 'best' hash for source authenticationDavid Kalnischkies
Collect all hashes we can get from the source record and put them into a HashStringList so that 'apt-get source' can use it instead of using always the MD5sum. We therefore also deprecate the MD5 struct member in favor of the list. While at it, the parsing of the Files is enhanced so that records which miss "Files" (aka MD5 checksums) are still searched for other checksums as they include just as much data, just not with a nice and catchy name. This is a cherry-pick of 1262d35 with some dirty tricks to preserve ABI. LP: 1098738
2014-11-10add a simple container for HashStringsDavid Kalnischkies
APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. The cherry-pick here the un-const-ification of HashType() compared to f4c3850ea335545e297504941dc8c7a8f1c83358. The point of this commit is adding infrastructure for the next one. All by itself, it just adds new symbols. Git-Dch: Ignore
2014-11-09streamline display of --help in all toolsDavid Kalnischkies
By convention, if I run a tool with --help or --version I expect it to exit successfully with the usage, while if I do call it wrong (like without any parameters) I expect the usage message shown with a non-zero exit.
2014-11-08restore ABI of pkgTagSectionDavid Kalnischkies
We have a d-pointer available here, so go ahead and use it which also helps in hidding some dirty details here. The "hard" part is keeping the abi for the inlined methods so that they don't break – at least not more than before as much of the point beside a speedup is support for more than 256 fields in a single section.
2014-11-08explicit overload methods instead of adding parametersDavid Kalnischkies
Adding a new parameter (with a default) is an ABI break, but you can overload a method, which is "just" an API break for everyone doing references to this method (aka: nobody). Git-Dch: Ignore
2014-11-08mark internal interfaces as hiddenDavid Kalnischkies
We have a bunch of classes which are of no use for the outside world, but were still exported and so needed to preserve ABI/API. Marking them as hidden to not export them any longer is a big API break in theory, but in practice nobody is using them – as if they would its a bug.
2014-11-08better non-virtual metaIndex.LocalFileName() implementationDavid Kalnischkies
We can't add a new virtual method without breaking the ABI, but we can freely add new methods, so for older ABIs we just implement this method with a dynamic_cast, so that clients can be more ignorant about the API here and especially don't need to pull a very dirty trick by assuming internal knowledge (like apt-get did here).
2014-11-06releasing package apt version 1.1~exp81.1.exp8Michael Vogt
2014-11-06Update symbols fileMichael Vogt
Git-Dch: ignore
2014-11-05Bump ABI to 4.15Michael Vogt
2014-11-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-10-21Ensure /etc/apt/auth.conf has _apt:root ownerMichael Vogt
Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file can be read by the priv sep apt methods.
2014-10-21debian/apt.postinst: chown _apt:root /etc/apt/auth.confMichael Vogt
If the methods drop privileges we need to ensure that /etc/apt/apt.conf is still readable by the _apt user.
2014-10-15releasing package apt version 1.1~exp71.1.exp7Michael Vogt
2014-10-15releasing package apt version 1.0.9.31.0.9.3Michael Vogt
2014-10-15releasing package apt version 1.1~exp61.1.exp6Michael Vogt
2014-10-14Merge branch 'debian/sid' into debian/experimentalMichael Vogt
2014-10-13releasing package apt version 1.1~exp51.1.exp5Michael Vogt
2014-10-13update symbols fileDavid Kalnischkies
Git-Dch: Ignore
2014-10-08add CVE-2014-7206 to 1.0.9.2Michael Vogt
2014-10-08releasing package apt version 1.1~exp41.1.exp4Michael Vogt
2014-10-08prepare 1.1~exp4Michael Vogt
2014-10-08Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-10-07Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc
2014-10-07use _apt:root only for partial directoriesDavid Kalnischkies
Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
2014-10-03Bump library version to libapt-pkg4.14Michael Vogt
2014-10-02releasing package apt version 1.0.9.21.0.9.2Michael Vogt
2014-10-02ensure world-readability for trusted.gpg in postinstDavid Kalnischkies
apt-key creates trusted.gpg if it needs it with 644 nowadays, but before it ensured this, it was gpg creating it, which gives it by default 600. Not a problem as long as our gpgv is run as root, but now that we drop privileges we have to ensure that we can also read trusted.gpg files created by earlier apt-key versions. Closes: 647001
2014-10-01debian/rules: add hardening=+allMichael Vogt
Because of dpkg-buildflags we already get most of the hardening features, +all adds -fPIE and ld -z now Thanks: Simon Ruderich, Markus Waldeck
2014-10-01debian/rules: add hardening=+allMichael Vogt
Because of dpkg-buildflags we already get most of the hardening features, +all adds -fPIE and ld -z now Thanks: Simon Ruderich, Markus Waldeck
2014-09-30Merge remote-tracking branch 'donkult/debian/experimental' into ↵Michael Vogt
debian/experimental
2014-09-30adjust version numbers for the planed uploadMichael Vogt
2014-09-30support parsing of all hashes for pdiffDavid Kalnischkies
The fileformat of a pdiff index stores currently only SHA1 hashes. With this change, we look for all other hashes we support as well and take what we get, so that we can work after the release of jessie to get right of SHA1 if we want to. Note that the completely patched file is and was checked against the hashes collected from the Release file, so this transition isn't mission critical.