| Age | Commit message (Collapse) | Author |
|---|
|
This new field allows a repository to declare that access to
packages requires authorization. The current implementation will
set the pin to -32768 if no authorization has been provided in
the auth.conf(.d) files.
This implementation is suboptimal in two aspects:
(1) A repository should behave more like NotSource repositories
(2) We only have the host name for the repository, we cannot use
paths yet.
- We can fix those after an ABI break.
The code also adds a check to acquire-item.cc to not use the
specified repository as a download source, mimicking NotSource.
(cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618)
LP: #1814727
(cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e)
(cherry picked from commit 19075f52174199fe7665334ad1815c747c26c10b)
Conflicts:
apt-pkg/deb/debmetaindex.cc
apt-pkg/pkgcache.h
|
|
This allows disabling a repository by pinning it to 'never',
which is internally translated to a value of -32768 (or whatever
the minimum of short is).
This overrides any other pin for that repository. It can be used
to make sure certain sources are never used; for example, in
unattended-upgrades.
To prevent semantic changes to existing files, we substitute
min + 1 for every pin-priority: <min>. This is a temporary
solution, as we are waiting for an ABI break.
To add pins with that value, the special Pin-Priority
"never" may be used for now. It's unclear if that will
persist, or if the interface will change eventually.
(similar to commit 8bb2a91a070170d7d8e71206d1c66a26809bdbc3)
LP: #1814727
|
|
Commit cbcdd3ee9d86379d1b3a44e41ae8b17dc23111d0 removes the space at the
end of the debfile name dpkg send to us and we previously had included
in the pmerror message we printed on the statusfd.
(cherry-picked from commit f920cbe8527ce523974da2563ca1165790c1d40e)
LP: #1817088
|
|
This breaks a lot of test cases
(cherry picked from commit 1ba0302352b320108b3ca23130ceca1d46f0a999)
also: test framework: Unset no_proxy as well
This caused test-bug-717891-abolute-uris-for-proxies to fail
Gbp-Dch: ignore
(cherry picked from commit 59f57473ab85d3fb3354d086db2df2466c1c3896)
LP: #1817065
|
|
apt (1.0.1ubuntu2.18) trusty; urgency=medium
* ExecFork: Use /proc/self/fd to determine which files to close
(Closes: #764204) (LP: #1332440).
apt (1.0.1ubuntu2.17) trusty-security; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
Thanks to Jann Horn, Google Project Zero for reporting the issue
(LP: #1647467)
apt (1.0.1ubuntu2.15) trusty; urgency=medium
* Fixes failure to download the Package index file when using
mirror:// URL in sources.list and the archive fails to profile
a file. APT would try the next archive in the list for .deb
packages but did not retry when the index file failed to download.
(LP: #1625667)
apt (1.0.1ubuntu2.14) trusty; urgency=medium
* When using the https transport mechanism, $no_proxy is ignored if apt is
getting it's proxy information from $https_proxy (as opposed to
Acquire::https::Proxy somewhere in apt config). If the source of proxy
information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
then $no_proxy is honored. This patch makes the behavior similar for
both methods of setting the proxy. (LP: #1575877)
apt (1.0.1ubuntu2.13) trusty; urgency=medium
* Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
systemd, util-linux, and other packages with Pre-Depends. Many thanks to
David Kalnischkies for figuring out the patch and Winfried PLappert for
testing! Patch taken from Debian git. (LP: #1560797)
apt (1.0.1ubuntu2.12) trusty; urgency=medium
[ Colin Watson ]
* Fix lzma write support to handle "try again" case (closes: #751688,
LP: #1553770).
[ David Kalnischkies ]
* Handle moved mmap after UniqFindTagWrite call (closes: #753941,
LP: #1445436).
apt (1.0.1ubuntu2.11) trusty; urgency=medium
* apt-pkg/packagemanager.cc:
- fix incorrect configure ordering in the SmartConfigure step by skipping
packages that do not need immediate action. (LP: #1347721, #1497688)
apt (1.0.1ubuntu2.10) trusty; urgency=medium
* Fix regression from the previous upload by ensuring we're actually
testing for the right member before iterating on it (LP: #1480592)
apt (1.0.1ubuntu2.9) trusty; urgency=medium
* Fix regression in the Never-MarkAuto-Sections feature caused by the
previous auto-removal fix, with inspiration drawn from the patches
and conversation from http://bugs.debian.org/793360 (LP: #1479207)
apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low
* fix crash for packages that have no section in their instVersion
(LP: #1449394)
apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low
* fix auto-removal behavior (thanks to Adam Conrad)
LP: #1429041
apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium
* apt-pkg/deb/dpkgpm.cc:
- update string matching for dpkg I/O errors. (LP: #1363257)
- properly parse the dpkg status line so that package name is properly set
and an apport report is created. Thanks to Anders Kaseorg for the patch.
(LP: #1353171)
apt (1.0.1ubuntu2.5) trusty-security; urgency=low
* SECURITY UPDATE:
- cmdline/apt-get.cc: fix insecure tempfile handling in
apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover
apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low
* SECURITY UPDATE:
- fix potential buffer overflow, thanks to the
Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
are used and those are on a different partition than
the apt state directory
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add
apt (1.0.1ubuntu2.3) trusty-security; urgency=low
* SECURITY UPDATE:
- incorrect invalidating of unauthenticated data (CVE-2014-0488)
- incorect verification of 304 reply (CVE-2014-0487)
- incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
|
|
|
|
|
|
Conflicts:
.travis.yml
|
|
dpkg on Ubuntu 12.04 does not seem to support parsing arch-specific
dependencies, so we try to detect if we face such a dpkg in the test.
In the other test the order depends on libdb, which changes per arch, so
we just run it through our sorting binary and be happy (hopefully).
Git-Dch: Ignore
|
|
In bugreport #747261 I confirmed with this testcase that apt actually
supports the requested architecture-specific conflicts already since
2012 with commit cef094c2ec8214b2783a2ac3aa70cf835381eae1.
The old test only does simulations which are handy to check apt,
this one builds 'real' packages to see if dpkg agrees with us.
Git-Dch: Ignore
|
|
|
|
ubuntu/trusty
|
|
Closes: 746434
|
|
|
|
|
|
|
|
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug
that caused FileFd to create insecure permissions when FileFd::Atomic
is used. This commit fixes the permissions and adds a test.
The bug is most likely caused by the confusing "Perm" parameter
that is passed to Open() - its not the file permissions but intead
the "mode" part of open/creat.
|
|
This patch should fix spurious test failures in jenkins or travis
that are caused by a race condition in the {stunnel,aptwebserver}.pid
file creation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
apt-pkg/deb/dpkgpm.cc
debian/apt.auto-removal.sh
debian/changelog
vendor/debian/sources.list.in
|
|
|
|
|
|
Use mkstemp() in apt-extractemplates and add a integrationtest
for apt-extracttemplates too. Thanks to Steve Kemp for the report.
|
|
A text progressbar is now displayed in the Dpkg::Progress-Fancy
mode. It can be turned off via the apt option
Dpkg::Progress-Fancy::Progress-Bar=false
|
|
In commit 446551c8 I changed MarkInstall to discard the candidate if the
candidate can't satisfy the dependency. This breaks interactive solvers
like aptitude which can change the candidate on-the-fly later.
In commit df77d8a5 I introduced this 'early' loop-breaking to begin with
which can't be that helpful for interactive solvers as well, but makes
perfect sense for non-interactives to stop them from exploring trees
which can't be satisfied, but it isn't perfect as ideally we would check
this before auto-installing the first dependency.
This commit therefore moves the loop into its own IsInstallOk hook so
that frontends can override this check if they want to and in exchange
removes the loop-breaking from MarkInstall itself and does it before any
dependency is installed.
Closes: 740750
|
|
We have to properly close our pseudo terminals even in error cases
before we call post-invoke scripts. This is done now by breaking from
the dpkg calling loop instead of copying the handling, which did it in
the wrong order before.
This also ensures that our state file is written in error cases to
record autobit and co as this was forgotten before.
Closes: 738969
|
|
Git-Dch: Ignore
|
|
Metapackages like "linux-image-amd64" are otherwise matched by our
extraction as well, which later on can't be successfully compared via
dpkg --compare-versions as the 'amd64' bit isn't a version number.
(Luckily none of our architectures starts with a digit.)
This was broken by me in 0.9.16 as I moved a shell-glob matcher to a
regex-based one which has slightly different semantics regarding '*'.
Closes: 741962
|
|
|
|
The framework can be configured to use different compression algorithms
to test different ones, but a testcase testing for gz support should
always be run with gz, regardless of what compressions are configured
otherwise.
Git-Dch: Ignore
|
|
Beside fixing this minor code duplication it also resolves the problem
of messing up vim syntax-highlighting.
Git-Dch: Ignore
|
|
Mostly ensures that we use the build methods and not the system
provided methods in the tests (if we don't want it that way).
Git-Dch: Ignore
|
|
As we deal with regex matchers here the dots are treated as wildcards if
we don't take care of escaping them. Not very likely that this could be
a real-world problem, but just to be sure.
|
|
kfreebsd as well as hurd kernel packages call the postinst script as
well so we just need to enable the correct parsing for installed
packages and disable the "protect every version" hammer for them.
|
|
With APT::VersionedKernelPackages users have the option of adding
packages like pre-build out-of-tree modules to the list of automatically
protected from being autoremoved.
|
|
Git-Dch: Ignore
|
|
fixes some messages and their translation so that all of them have three
dots for messages with an elipse. Many translations already had this.
|
|
Old code limited lines to 250 characters which is probably enough for
everybody, but who knows… It also takes care of device nodes which start
with the same prefix.
|
|
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
The unpack of a M-A:same package will force the unpack of all its
siblings directly to prevent that they could be separated by later
immediate actions. In commit 634985f8 a call to SmartConfigure was
introduced to configure these packages at the time the installation
order encounters them. Usually, the unpack order is already okay, so
that this 'earlier' unpack was not needed and if it wouldn't have been
done, the package would now only be unpacked, but by configuring the package
now we impose new requirements which must be satisfied. The code is
clever enough to handle this most of the time (it worked for 2 years!),
but it isn't needed and in very coupled cases this can fail.
Removing this call again removes this extra burden and so simplifies the
ordering as can be seen in the modified tests. Famous last words, but I
don't see a reason for this extra burden to exist hence the remove.
Closes: 740843
|
|
Git-Dch: Ignore
Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
|
Reported-By: gcc -Wunused-parameter
Git-Dch: Ignore
|
|
Reported-By: gcc -Wignored-qualifiers
Git-Dch: Ignore
|
