summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2014-11-06releasing package apt version 1.1~exp81.1.exp8Michael Vogt
2014-11-06Update symbols fileMichael Vogt
Git-Dch: ignore
2014-11-05Bump ABI to 4.15Michael Vogt
2014-11-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-10-21Ensure /etc/apt/auth.conf has _apt:root ownerMichael Vogt
Ensure in SetupAPTPartialDirectory() that the /etc/apt/auth.conf file can be read by the priv sep apt methods.
2014-10-21debian/apt.postinst: chown _apt:root /etc/apt/auth.confMichael Vogt
If the methods drop privileges we need to ensure that /etc/apt/apt.conf is still readable by the _apt user.
2014-10-15releasing package apt version 1.1~exp71.1.exp7Michael Vogt
2014-10-15releasing package apt version 1.0.9.31.0.9.3Michael Vogt
2014-10-15releasing package apt version 1.1~exp61.1.exp6Michael Vogt
2014-10-14Merge branch 'debian/sid' into debian/experimentalMichael Vogt
2014-10-13releasing package apt version 1.1~exp51.1.exp5Michael Vogt
2014-10-13update symbols fileDavid Kalnischkies
Git-Dch: Ignore
2014-10-08add CVE-2014-7206 to 1.0.9.2Michael Vogt
2014-10-08releasing package apt version 1.1~exp41.1.exp4Michael Vogt
2014-10-08prepare 1.1~exp4Michael Vogt
2014-10-08Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-10-07Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt
feature/acq-trans Conflicts: apt-pkg/acquire-item.cc
2014-10-07use _apt:root only for partial directoriesDavid Kalnischkies
Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
2014-10-03Bump library version to libapt-pkg4.14Michael Vogt
2014-10-02releasing package apt version 1.0.9.21.0.9.2Michael Vogt
2014-10-02ensure world-readability for trusted.gpg in postinstDavid Kalnischkies
apt-key creates trusted.gpg if it needs it with 644 nowadays, but before it ensured this, it was gpg creating it, which gives it by default 600. Not a problem as long as our gpgv is run as root, but now that we drop privileges we have to ensure that we can also read trusted.gpg files created by earlier apt-key versions. Closes: 647001
2014-10-01debian/rules: add hardening=+allMichael Vogt
Because of dpkg-buildflags we already get most of the hardening features, +all adds -fPIE and ld -z now Thanks: Simon Ruderich, Markus Waldeck
2014-10-01debian/rules: add hardening=+allMichael Vogt
Because of dpkg-buildflags we already get most of the hardening features, +all adds -fPIE and ld -z now Thanks: Simon Ruderich, Markus Waldeck
2014-09-30Merge remote-tracking branch 'donkult/debian/experimental' into ↵Michael Vogt
debian/experimental
2014-09-30adjust version numbers for the planed uploadMichael Vogt
2014-09-30support parsing of all hashes for pdiffDavid Kalnischkies
The fileformat of a pdiff index stores currently only SHA1 hashes. With this change, we look for all other hashes we support as well and take what we get, so that we can work after the release of jessie to get right of SHA1 if we want to. Note that the completely patched file is and was checked against the hashes collected from the Release file, so this transition isn't mission critical.
2014-09-30mark private methods as hiddenDavid Kalnischkies
We are the only possible users of private methods, so we are also the only users who can potentially export them via using them in inline methods. The point is: We don't need these symbols exported if we don't do this, so marking them as hidden removes some methods from the API without breaking anything as nobody could have used them. Git-Dch: Ignore
2014-09-29fix Configuration::FindVector APIDavid Kalnischkies
Git-Dch: Ignore
2014-09-29update symbols fileDavid Kalnischkies
2014-09-29Add missing "adduser" dependency (for the new _apt user)Michael Vogt
Closes: #763004 Thanks: Russ Allbery
2014-09-27add gnupg and gnupg2 as test-dependencyDavid Kalnischkies
apt can work with both, so it has an or-dependency on them, but the tests want to play with both of them. Git-Dch: Ignore
2014-09-27remove empty keyrings in trusted.gpg.d on upgradeDavid Kalnischkies
Adding and deleting many repositories could cause (empty) keyring files to pill up in older apt-key versions, which in the end might cause gnupg to run into its internal limit of at most 40 keyrings
2014-09-27add and use 'apt-key verify' which prefers gpgv over gpgDavid Kalnischkies
gnupg/gnupg2 can do verify just fine of course, so we don't need to use gpgv here, but it is what we always used in the past, so there might be scripts expecting a certain output and more importantly the output of apt-cdrom contains messages from gpg and even with all the settings we activate to prevent it, it still shows (in some versions) a quiet scary: "gpg: WARNING: Using untrusted key!" message. Keeping the use of gpgv is the simplest way to prevent it. We are increasing also the "Breaks: apt" version from libapt as it requires a newer apt-key than might be installed in partial upgrades.
2014-09-27support gnupg2 as drop-in replacement for gnupgDavid Kalnischkies
If both are available APT will still prefer gpg over gpg2 as it is a bit more lightweight, but it shouldn't be a problem to use one or the other (at least at the moment, who knows what will happen in the future).
2014-09-27rename postrm to apt.postrmDavid Kalnischkies
It helps in identifying its affiliation. Also removes the old postinst which was hidden by apt.postinst for a long time now and would just install a sources.list in edgecases which is probably not a good idea (e.g. on my system /etc/apt/sources.list does not exist). It is better done by the installer of the distro. Git-Dch: Ignore
2014-09-25Use /var/empty as the homedir for _aptMichael Vogt
Thanks to Axel Beckert
2014-09-24releasing package apt version 1.1~exp3Michael Vogt
2014-09-24Use _apt as our unprivileged user nameJulian Andres Klode
Some people want to standardize on it, and BSDs do it too, so let's do the same. Reported-by: Paul Wise <pabs@debian.org>
2014-09-24Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-17releasing package apt version 1.0.9.11.0.9.1Michael Vogt
2014-09-16prepare 1.0.9.1Michael Vogt
2014-09-16merge previous uploadMichael Vogt
2014-09-09prepare 1.0.81.0.8Michael Vogt
2014-09-09debian/gbp.conf: use export-dirMichael Vogt
2014-09-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pt.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/da.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/mr.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/vi.po po/zh_CN.po po/zh_TW.po test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
2014-09-03Run autopkgtest tests with "env -i" to avoid pollution from the host envMichael Vogt
Closes: #759655
2014-08-27prepare 1.0.7Michael Vogt
2014-07-17Use @builddeps@ in the debian/tests/control fileMichael Vogt
2014-07-10restore breaks against libapt-inst1.5 (<< 0.9.9)Michael Vogt