[SRU] Update apt/xenial to 1.2.15
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
[Impact]
1.2.15 is a somewhat larger bugfix release because I screwed up a bit with backporting fixes: 1.2.14 was released in June, and quite a few bugs have been fixed since then in the 1.3 series, but I never managed to release a new 1.2.y release. See Bug #1595177 for the 1.2.14 details.
This changes the cache format to fix buffer overflows (the cache format is in sync with the 1.3 series and thus has the same version number). It also fixes several invalid states in the updating code (where we got mismatches before). Then there are several smaller bugfixes and more checks for file sanity I cannot really all recall, and some translation updates.
This release also changes the autoremoval algorithm to only protect the latest same-source provider of a given package. infinity wanted this in for handling virtual ZFS modules provided by the kernel causing the kernels not to be autoremoved or something. We have this code in Debian testing and unstable since 1.3~pre1 early July and its in yakkety, and are reasonably sure it's stable now. This change also needs the two refactoring commits for the removal methods and the new pretty printers mentioned in the changelog.
apt (1.2.15) xenial; urgency=medium
[ Julian Andres Klode ]
* methods/ftp: Cope with weird PASV responses.
Thanks to Lukasz Stelmach for the initial patch (Closes: #420940)
* Fix buffer overflow in debListParser:
* cache: Bump minor version to 6
* indextargets: Check that cache could be built before using it
(Closes: #829651)
* gpgv: Unlink the correct temp file in error case
* fileutl: empty file support: Avoid fstat() on -1 fd and check result
* Ignore SIGINT and SIGQUIT for Pre-Install hooks
* install-progress: Call the real ::fork() in our fork() method
* Accept --autoremove as alias for --auto-remove
* apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary
* changelog: Respect Dir setting for local changelog getting
* Fix segfault and out-of-bounds read in Binary fields
* Merge translations from 1.3~rc3
* TagFile: Fix off-by-one errors in comment stripping
* Base256ToNum: Fix uninitialized value
* VersionHash: Do not skip too long dependency lines
* Do not read stderr from proxy autodetection scripts
[ Nicolas Le Cam ]
* Use the ConditionACPower feature of systemd in the apt-daily service
(Closes: #827930)
[ David Kalnischkies ]
* close server if parsing of header field failed
* don't do atomic overrides with failed files (Closes: 828908)
* if reading of autobit state failed, let write fail
* write auto-bits before calling dpkg & again after if needed
* factor out Pkg/DepIterator prettyprinters into own header
* protect only the latest same-source providers from autoremove
* reinstalling local deb file is no downgrade
* do not treat same-version local debs as downgrade
* avoid 416 response teardown binding to null pointer
* don't change owner/perms/times through file:// symlinks
* report all instead of first error up the acquire chain
* keep trying with next if connection to a SRV host failed
* call flush on the wrapped writebuffered FileFd
* verify hash of input file in rred
* use proper warning for automatic pipeline disable
* rred: truncate result file before writing to it (Closes: #831762)
* if the FileFd failed already following calls should fail, too
* pass --force-
* allow user@host (aka: no password) in URI parsing
* drop incorrect const attribute from DirectoryExists (LP: 1473674)
* http(s): allow empty values for header fields (Closes: 834048)
* don't try pipelining if server closes connections (Closes: #832113)
* don't loop on pinning pkgs from absolute debs by regex (Closes: 835818)
* try not to call memcpy with length 0 in hash calculations
* abort connection on '.' target replies in SRV
[ Andrew Patterson ]
* Add kernels with "+" in the package name to APT::NeverAutoR
(Closes: #830159)
[ Mert Dirik ]
* Turkish program translation update (Closes: 832039)
[ Zhou Mo ]
* zh_CN.po: update simplified chinese translation
-- Julian Andres Klode <email address hidden> Mon, 31 Oct 2016 14:59:55 +0100
[Test case]
Most of the code has automated regression tests included in the code. We can still run some upgrade tests, but I've been running this since Oct 5 on my machine from the PPA and it works fine.
[Regression Potential]
Very low. The release has been tested by a thorough integration test suite on Travis CI, and all of the fixes have been in apt 1.3.1 and older versions. I also ran the version for weeks on my "server" laptop with unattended-upgrades and everything worked fine.
| Changed in apt (Ubuntu): | |
| status: | New → Fix Released |
| description: | updated |
| Brian Murray (brian-murray) wrote Please test proposed package | #1 |
| Changed in apt (Ubuntu Xenial): | |
| status: | New → Fix Committed |
| tags: | added: verification-needed |
| Julian Andres Klode (juliank) wrote | #2 |
| tags: |
added: verification-done removed: verification-needed |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in apt (Ubuntu Xenial): | |
| status: | Fix Committed → Fix Released |
| Martin Pitt (pitti) wrote Update Released | #3 |
Hello Julian, or anyone else affected,
Accepted apt into xenial-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/