apt (1.6~rc1) unstable; urgency=medium Seccomp sandboxing has been turned off by default for now. If it works for you, you are encouraged to re-enable it by setting APT::Sandbox::Seccomp to true. -- Julian Andres Klode <jak@debian.org> Fri, 06 Apr 2018 14:14:29 +0200 apt (1.6~beta1) unstable; urgency=medium APT now verifies that the date of Release files is not in the future. By default, it may be 10 seconds in the future to allow for some clock drift. Two new configuration options can be used to tweak the behavior: Acquire::Check-Date Acquire::Max-DateFuture These can be overridden in sources.list entries using the check-date and date-future-max options. Note that disabling check-date also disables checks on valid-until: It is considered to mean that your machine's time is not reliable. -- Julian Andres Klode <jak@debian.org> Mon, 26 Feb 2018 13:14:13 +0100 apt (1.6~alpha1) unstable; urgency=medium All methods provided by apt except for cdrom, gpgv, and rsh now use seccomp-BPF sandboxing to restrict the list of allowed system calls, and trap all others with a SIGSYS signal. Three options can be used to configure this further: APT::Sandbox::Seccomp is a boolean to turn it on/off APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow Also, sandboxing is now enabled for the mirror method. -- Julian Andres Klode <jak@debian.org> Mon, 23 Oct 2017 01:58:18 +0200 apt (1.5~beta1) unstable; urgency=medium [ New HTTPS method ] The default http method now supports HTTPS itself, including encrypted proxies and connecting to HTTPS sites via HTTPS proxies; and the apt-transport-https package only provides a "curl+https" method now as a fallback, but will be removed shortly. If TLS support is unwanted, it can be disabled overall by setting the option Acquire::AllowTLS to "false". As for backwards compatibility, the options IssuerCert and SslForceVersion are not supported anymore, and any specified certificate files must be in the PEM format (curl might have allowed DER files as well). [ Changes to unauthenticated repositories ] The security exception for apt-get to only raise warnings if it encounters unauthenticated repositories in the "update" command is gone now, so that it will raise errors just like apt and all other apt-based front-ends do since at least apt version 1.3. It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous behaviour of apt-get by setting the option Binary::apt-get::Acquire::AllowInsecureRepositories "true"; See apt-secure(8) manpage for configuration details. [ Release Info Changes ] If values like Origin, Label, and Codename change in a Release file, update fails, or asks a user (if interactive). Various --allow-releaseinfo-change are provided for non-interactive use. -- Julian Andres Klode <jak@debian.org> Mon, 03 Jul 2017 15:09:23 +0200 apt (1.4.2) unstable; urgency=medium If periodic updates and unattended upgrades are enabled, the start of periodic updates are now distributed over 24 hour intervals (as in 1.2 to 1.4), whereas starting unattended-upgrade has been restricted to a time between 6 and 7 am. This only affects systems using systemd, other systems still use the classical hourly cron job. -- Julian Andres Klode <jak@debian.org> Thu, 04 May 2017 22:54:02 +0200 apt (1.4~beta1) unstable; urgency=medium Support for GPG signatures using the SHA1 or RIPE-MD/160 hash algorithms has been disabled. Repositories using Release files signed in such a way will stop working. This change has been made due to security considerations, especially with regards to possible further breakthroughs in SHA1 breaking during the lifetime of this APT release series. It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous behaviour by setting the options APT::Hashes::SHA1::Weak "yes"; APT::Hashes::RIPE-MD/160::Weak "yes"; Note that setting these options only affects the verification of the overall repository signature. -- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100 apt (1.2~exp1) experimental; urgency=medium [ Automatic removal of debs after install ] After packages are successfully installed by apt(8), the corresponding .deb package files will be removed from the /var/cache/apt/archives cache directory. This can be changed by setting the apt configuration option "Binary::apt::APT::Keep-Downloaded-Packages" to "true". E.g: # echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' \ > /etc/apt/apt.conf.d/01keep-debs Please note that the behavior of apt-get is unchanged. The downloaded debs will be kept in the cache directory after they are installed. To enable the behavior for other tools, you can set "APT::Keep-Downloaded-Packages" to false. [ Compressed indices ] If you use Acquire::gzipIndexes, or any other compressed index targets, those will now be compressed with the fastest supported algorithm, currently lz4. -- Michael Vogt <mvo@debian.org> Tue, 05 Jan 2016 19:22:16 +0100 apt (1.1~exp9) experimental; urgency=medium A new algorithm for pinning has been implemented, it now assigns a pin priority to a version instead of assigning a pin to a package. This might break existing corner cases of pinning, if they use multiple pins involving the same package name or patterns matching the same package name, but should overall lead to pinning that actually works as intended and documented. -- Julian Andres Klode <jak@debian.org> Mon, 17 Aug 2015 14:45:17 +0200 apt (0.8.11) unstable; urgency=low * apt-get install pkg/experimental will now not only switch the candidate of package pkg to the version from the release experimental but also of all dependencies of pkg if the current candidate can't satisfy a versioned dependency. -- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100 apt (0.7.26~exp3) experimental; urgency=low * apt-ftparchive now reads the standard configuration files in /etc/apt/apt.conf and /etc/apt/apt.conf.d. -- Julian Andres Klode <jak@debian.org> Fri, 26 Mar 2010 15:34:16 +0100 apt (0.7.24) unstable; urgency=low * Already included in the last version but now with better documentation is the possibility to add/prefer different compression types while downloading archive information, which can decrease the time needed for update on slow machines. See apt.conf (5) manpage for details. * APT manages his manpage translations now with po4a, thanks to Nicolas François and Kurasawa Nozomu, who also provide the ja translation. Thanks to Christian Perrier we have already a fr translation and a few more are hopefully added in the near future. * This version also introduces some _experimental_ configuration options to make more aggressive use of dpkg's triggers. If you want to help testing these _experimental_ options see apt.conf (5) manpage. -- David Kalnischkies <kalnischkies@gmail.com> Thu, 24 Sep 2009 15:13:16 +0200 apt (0.7.23) unstable; urgency=low * Code that determines which proxy to use was changed. Now 'Acquire::{http,ftp}::Proxy[::<host>]' options have the highest priority, and '{http,ftp}_proxy' environment variables are used only if options mentioned above are not specified. -- Eugene V. Lyubimkin <jackyf.devel@gmail.com> Thu, 19 Aug 2009 11:26:16 +0200 apt (0.6.44) unstable; urgency=low * apt-ftparchive --db now uses Berkeley DB_BTREE instead of DB_HASH. If you use a database created by an older version of apt, delete it and allow it to be recreated the next time. -- Michael Vogt <mvo@debian.org> Wed, 26 Apr 2006 12:57:53 +0200 apt (0.5.25) unstable; urgency=low * apt-ftparchive --db now uses Berkeley DB version 4.2. If used with a database created by an older version of apt, an attempt will be made to upgrade the database, but this may not work in all cases. If your database is not automatically upgraded, delete it and allow it to be recreated the next time. -- Matt Zimmerman <mdz@debian.org> Sat, 8 May 2004 12:38:07 -0700