| Age | Commit message (Collapse) | Author |
|---|
|
dpkg transaction instead of ignoring it completely
|
|
- remove 'old' InRelease file if we can't get a new one before
proceeding with Release.gpg to avoid the false impression of a still
trusted repository by a (still present) old InRelease file.
Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)
Effected are all versions >= 0.8.11
Possible attack summary:
- Attacker needs to find a user which has run at least one successful
'apt-get update' against an archive providing InRelease files.
- Create a Packages file with his preferred content.
- Attacker then prevents the download of InRelease, Release and
Release.gpg (alternatively he creates a valid Release file and sends
this, the other two files need to be missing either way).
- User updates against this, getting the modified Packages file without
any indication of being unsigned (beside the "Ign InRelease" and
"Ign Release.gpg" in the output of 'apt-get update').
=> deb files from this source are considered 'trusted' (and therefore the
user isn't asked for an additional confirmation before install)
|
|
- do not try to a void a breaks if the broken package pre-depends
on the breaker, but let dpkg auto-deconfigure it
|
|
- correct --pre-depends option by using dash consistently (LP: #940837)
|
|
e.g. in a Depends line and are now requested for removal
|
|
- if a package can't be removed as it is not installed, suggest to
the user an (installed) multiarch silbing with 'Did you mean?'
|
|
Beware: pdiffs for Translation-* are only acquired if their
availability is advertised in the Release file.
|
|
- drop support for i18n/Index file (introduced in 0.8.11) and use
the Release file instead to get the Translations (Closes: #649314)
* ftparchive/writer.cc:
- add 'Translation-*' to the default patterns
i18n/Index was never used outside debian - and even here it isn't used
consistently as only 'main' has such a file. As the Release file now
includes the Translation-* files we therefore drop support for i18n/Index.
A version supporting it was never part of a debian release and still
supporting it would mean that we get 99% of the time a 404 as response
to the request anyway and confuse archive maintainers who want to
provide all files APT tries to acquire.
|
|
- do not create empty Entries as a sideeffect of Lookup()
|
|
- clean up lost atomic cachefiles with 'clean' (Closes: #650513)
|
|
|
|
with this name is not installed (Closes: #619646)
|
|
|
|
- detect if dpkg has multiarch support before calling --set-selections
|
|
|
|
|
|
- fix compat with FileFd::OpenDescriptor() in ReadOnlyGzip mode
|
|
- fix compat with FileFd::OpenDescriptor() in ReadOnlyGzip mode
|
|
handle compressed files again (LP: #924182, closes: #658096)
|
|
- fix crash when a package is in removed but residual config state
(LP: #923807)
|
|
- chroot if needed before calling dpkg --print-foreign-architectures
|
|
- if a file without an extension is requested send an 'Accept: text/*'
header to avoid that the server chooses unsupported compressed files
in a content-negotation attempt (Closes: #657560)
|
|
- do not stop parent transversal in FindDir if the value is empty
See http://lists.debian.org/deity/2012/01/msg00053.html , too.
|
|
- if a M-A:same package is marked for reinstall, mark all it's installed
silbings for reinstallation as well (LP: #859188)
|
|
- use a signed int instead of short for score calculation as upgrades
become so big now that it can overflow (Closes: #657732, LP: #917173)
|
|
- don't break out of the main-resolver loop for Breaks to deal with all
of them in a single iteration (Closes: #657695, LP: #922485)
|
|
- for cross-build-dependencies M-A: none should be DEB_HOST_ARCH,
not DEB_BUILD_ARCH (Closes: #646288)
|
|
|
|
- chroot if needed before dpkg --assert-multi-arch
|
|
|
|
- hurd doesn't have dmesg yet and we don't really need it either,
so use with $0 a more stable data source for hashsumming
|
|
- errno 0 has a different strerror on hurd, so generate the expected
message dynamically instead of hardcoding 'Success' (Closes: #656530)
|
|
- use curls list append instead of appending Range and If-Range by hand
which generates malformed requests, thanks Mel Collins for the hint!
(Closes: #646381)
|
|
|
|
- apply patch to enable usage of hardning CPPFLAGS and LDFLAGS by
Moritz Muehlenhoff, thanks! (Closes: #653504)
|
|
- remove APT from the short descriptions as lintian doesn't like it
and it doesn't transport any information for a reader anyway
|
|
- ignore breaks on not-installed versions while searching for
breakage loops as we don't have to avoid them
|
|
- return the correct version arch for all+foreign, too
The flag is interpreted at a few other places in different styles so
this commit ensures that the flag check is consistent everywhere
(checking for Same in flag style is a bit too much as it isn't used
in combination with others anyway, but who knows and just for
consistency)
|
|
- fix segfault on pkg removal
|
|
|
|
Versions with arch:all are added to the package with the native arch,
so we can't rely on Pkg.Arch() for the architecture
|
|
- redirect out/input of dpkg --assert-multi-arch to /dev/null
|
|
|
|
- store the offset in the internal fd before calculate size of
the zlib-handled file to jump back to this place again
* apt-pkg/contrib/fileutl.h:
|
|
- parse dpkg --print-foreign-architectures correctly in
case archs are separated by newline instead of space, too.
(Closes: #655590)
* Slovak (Ivan Masar). Closes: #652985
* Russian (Yuri Kozlov). Closes: #654844
* Hungarian (Gabor Kelemen). Closes: #655238
|
|
- fix segfault from python-apt testsuite
|
|
- store the offset in the internal fd before calculate size of
the zlib-handled file to jump back to this place again
It jumped back to the position of the content - which is wrong as
the internal fd is compressed and even reseting to the beginning of
the file doesn't work as zlib uses an internal buffer, so while we
might haven't read anything yet zlib might have done so already…
|
|
- fix segfault from python-apt testsuite
|
|
|
|
- check if dpkg supports multiarch with --assert-multi-arch
and if it does be always explicit about the architecture
|
