Bug#767339: dh-python: [patch] Please add Multi-Arch: foreign
Package: dh-python Version: 1.20141026-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu vivid ubuntu-patch *** /tmp/tmpoAZ0Kv/bug_body In Ubuntu, the attached patch was applied to achieve the following: * debian/control: - add Multi-Arch: foreign to dh-python Thanks for considering the patch. Cheers, Michael -- System Information: Debian Release: jessie/sid Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-24-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru dh-python-1.20141026/debian/changelog dh-python-1.20141026/debian/changelog diff -Nru dh-python-1.20141026/debian/control dh-python-1.20141026/debian/control --- dh-python-1.20141026/debian/control 2014-10-26 23:41:17.0 +0100 +++ dh-python-1.20141026/debian/control 2014-10-30 11:12:37.0 +0100 @@ -14,6 +14,7 @@ Package: dh-python Architecture: all +Multi-Arch: foreign Depends: ${misc:Depends}, ${python3:Depends} Breaks: # due to /usr/bin/dh_python3 and debhelper files
Bug#767253: Please provide hashes for uncompressed Translation-*
Package: debian-cd Version: 3.1.15 Please include the uncompressed hashes for the i18n/Translation-* files in the cdrom Release file in addition to the compressed ones. This is required so that apt can ensure that the hashes are correct after uncompressing and will also allow us to unify the code path for Packages/Translation verification in apt. Cheeers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767253: Acknowledgement (Please provide hashes for uncompressed Translation-* )
Hi, I had a quick look at the debian-cd scripts and something like the attached (and totally untested) patch is probably sufficient. The idea is that we keep both Translation-* and Translation-*.gz around, then generate the Release file with the hashes and then remove the uncompressed files from the CD. Apt should really not need the uncompressed files on the cdrom, but it does need them in the Release file for the verification. Sorry that I have not tested this, I'm not familiar with the cd building and I couldn't find unittests. But I'm happy to dig into it if needed. Thanks for your consideration, Michael diff -Nru debian-cd-3.1.15/tools/make_disc_trees.pl debian-cd-3.1.16/tools/make_disc_trees.pl --- debian-cd-3.1.15/tools/make_disc_trees.pl 2014-06-03 16:45:55.0 +0200 +++ debian-cd-3.1.16/tools/make_disc_trees.pl 2014-10-29 16:43:15.0 +0100 @@ -574,6 +574,16 @@ $st = stat($filename) || die Stat error on '$filename': $!\n; return ($checksum, $st-size); } +sub remove_uncompressed { + my ($filename); + + $filename = $File::Find::name; +if ($filename =~ m/\/.*\/(Packages|Sources)$/o || +$filename =~ m/\/.*\/i18n\/(Translation-[a-z]+)$/o) +{ +unlink($filename); +} +} sub recompress { # Recompress various files @@ -588,7 +598,7 @@ # Translation files need to be compressed in .gz format on CD? if ($filename =~ m/\/.*\/i18n\/(Translation.*)$/o ! ($filename =~ m/\/.*\/i18n\/(Translation.*gz)$/o)) { - system(gzip -9 $_); + system(gzip -9c $_ $_.gz); } } @@ -829,6 +839,7 @@ find (\recompress, .); checksum_files_for_release(); close(RELEASE); +find (\remove_uncompressed, .); chdir(../..); print Finishing off md5sum.txt\n;
Bug#767253: Please provide hashes for uncompressed Translation-*
On Wed, Oct 29, 2014 at 04:28:42PM +, Steve McIntyre wrote: Hi Michael! Hi Steve, thanks for your quick reply! On Wed, Oct 29, 2014 at 04:31:13PM +0100, Michael Vogt wrote: Package: debian-cd Version: 3.1.15 Please include the uncompressed hashes for the i18n/Translation-* files in the cdrom Release file in addition to the compressed ones. This is required so that apt can ensure that the hashes are correct after uncompressing and will also allow us to unify the code path for Packages/Translation verification in apt. OK, no problem. Would you also like the uncompressed files too, or is just the hashes OK? Also: if you're revisiting this area of code, are we still wanting .gz files or could/should we use stronger compression methods? Having the uncompressed files on the cdrom should not be needed, apt should simply fetch the compressed ones if the uncompressed ones are missing. It does need the hash of the uncompressed one in the Release so that it can verify that it matches after the uncompression. Having something stronger than gzip is certainly a good idea, apt should deal just fine with .xz. If its easy for you then maybe we could generate a netinst image with the above changes (plus switching to .xz) and I can test against the current apt and fix (potential) issue on my side. Alternatively if you could give me a quick hint how to generate a netinst (or similar iso) I can try to generate a testimage myself. Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759693: unattended-upgrades: please document how to configure the logging options
On Wed, Oct 22, 2014 at 07:35:40AM +0200, Alexandre Detiste wrote: control: reopen -1 Since this change, the mail I receive contains the changes from all previous days. See multiple 'Log Started' in attached mail. Thanks for your bugreport. The attached patch should fix this problem. It will be part of the next upload to unstable. Cheers, Michael === modified file 'test/test_mail.py' --- test/test_mail.py 2014-02-06 00:06:25 + +++ test/test_mail.py 2014-10-28 10:49:03 + @@ -5,6 +5,7 @@ import apt_pkg import os import sys +from textwrap import dedent import unittest from io import StringIO @@ -18,9 +19,12 @@ class CommonTestsForMailxAndSendmail(object): EXPECTED_MAIL_CONTENT_STRINGS = [ -logfile_dpkg text, +random logfile_dpkg text, mem_log text, ] +NOT_EXPECTED_MAIL_CONTENT_STRINGS = [ +old logfile text, +] def common_setup(self): # monkey patch to make it testable @@ -49,12 +53,25 @@ ) logfile_dpkg = ./apt-term.log with open(./apt-term.log, w) as fp: -fp.write(logfile_dpkg text) +# note that we intentionally not have a Log ended: here +# because this may happen if something crashes power goes +# down etc +fp.write(dedent(\ +Log started: 2014-10-28 10:00 +random logfile_dpkg text + +Log started: 2013-01-01 12:00 +old logfile text +Log ended: 2013-01-01 12:20 +)) return (pkgs, res, pkgs_kept_back, mem_log, logfile_dpkg) def _verify_common_mail_content(self, mail_txt): for expected_string in self.EXPECTED_MAIL_CONTENT_STRINGS: self.assertTrue(expected_string in mail_txt) +for not_expected_string in self.NOT_EXPECTED_MAIL_CONTENT_STRINGS: +self.assertFalse(not_expected_string in mail_txt) +self.assertEqual(mail_txt.count(Log started: ), 1) def test_summary_mail_reboot(self): with open(./reboot-required, w) as fp: === modified file 'unattended-upgrade' --- unattended-upgrade 2014-10-15 08:05:10 + +++ unattended-upgrade 2014-10-28 10:48:02 + @@ -790,7 +790,10 @@ if os.path.exists(logfile_dpkg): body += _(Package installation log:) + \n with open(logfile_dpkg) as fp: -body += fp.read() +for i, line in enumerate(fp.readlines()): +if i 0 and line.startswith(Log started: ): +break +body += line body += \n\n body += _(Unattended-upgrades log:\n) body += mem_log.getvalue()
Bug#753892: Regular expressions are indeed mandatory
On Wed, Oct 22, 2014 at 02:08:19PM +0200, Kai Storbeck wrote: Dear Maintainer, Hi Kai, thanks for your bugreport. I tried adding this package to the package-blacklist: libstdc++6 This will fail, as it is an invalid regular expression: [..] File /usr/lib/python2.7/re.py, line 242, in _compile raise error, v # invalid expression sre_constants.error: multiple repeat (this is on wheezy) Is this intentional, or is this a bug? This is sort-of intentional but I think you raise a interessting usability issue here. The blacklist/whitelist consists of regular expressions but that is actually not super user friendly as its not obvious and they are also hard to use compared to something like glob/fnmatch style matching (or plain packagenames). I can't change this easily without breaking existing setups though. So I think better documenting it is the first step. It could simply use it as a plain string if the regexp fails and display a warning. Or I could add a new Unattended-Upgrade::Package-Blacklist-Plain list for non-regexp content (it really should be the other way around, Unattended-Upgrade::Package-Blacklist-Regex and Unattended-Upgrade::Package-Blacklist would be plain but that is tricky due to the compatibility concerns I outlined earlier. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#767126: python-couchdb: [patch] ship couchdb-replicate as well and fix install failure
Package: python-couchdb Version: 0.10-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu ubuntu-patch *** /tmp/tmp8IDN70/bug_body In Ubuntu, the attached patch was applied to achieve the following: * Merged from debian, remaining changes: - ship couchdb-replicate - fix postinst failure by disable pyexec in python3 this needs a proper fix once py3 is supported by the packages Thanks for considering the patch. For the postinst failure a better fix is probably the patch that gentoo did (and that really should go upstream IMO): https://www.mail-archive.com/gentoo-commits@lists.gentoo.org/msg38169.html -- System Information: Debian Release: jessie/sid APT prefers utopic-updates APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -Nru python-couchdb-0.10/debian/changelog python-couchdb-0.10/debian/changelog diff -Nru python-couchdb-0.10/debian/install python-couchdb-0.10/debian/install --- python-couchdb-0.10/debian/install 2014-09-28 18:14:36.0 +0200 +++ python-couchdb-0.10/debian/install 2014-10-28 17:02:46.0 +0100 @@ -1,5 +1,6 @@ couchdb-dumpusr/bin/ couchdb-loadusr/bin/ couchpy usr/bin/ +couchdb-replicate usr/bin/ debian/extra/python-couchdbetc/couchdb/default.d/ diff -Nru python-couchdb-0.10/debian/manpages python-couchdb-0.10/debian/manpages --- python-couchdb-0.10/debian/manpages 2014-09-28 18:14:36.0 +0200 +++ python-couchdb-0.10/debian/manpages 2014-10-28 17:02:46.0 +0100 @@ -1,3 +1,4 @@ couchdb-dump.1 couchdb-load.1 couchpy.1 +couchdb-replicate.1 diff -Nru python-couchdb-0.10/debian/patches/04-fix-py3 python-couchdb-0.10/debian/patches/04-fix-py3 --- python-couchdb-0.10/debian/patches/04-fix-py3 1970-01-01 01:00:00.0 +0100 +++ python-couchdb-0.10/debian/patches/04-fix-py3 2014-10-28 17:06:19.0 +0100 @@ -0,0 +1,13 @@ +Index: python-couchdb-0.10/couchdb/util3.py +=== +--- python-couchdb-0.10.orig/couchdb/util3.py python-couchdb-0.10/couchdb/util3.py +@@ -14,7 +14,7 @@ from urllib.parse import urlsplit, urlun + from urllib.parse import quote as urlquote + from urllib.parse import unquote as urlunquote + +-pyexec = exec ++#pyexec = exec + + def funcode(fun): + return fun.__code__ diff -Nru python-couchdb-0.10/debian/patches/series python-couchdb-0.10/debian/patches/series --- python-couchdb-0.10/debian/patches/series 2014-09-28 18:14:36.0 +0200 +++ python-couchdb-0.10/debian/patches/series 2014-10-28 17:04:15.0 +0100 @@ -1,2 +1,3 @@ 01-improve_bin_scripts.patch 03-remove_module_shebang.patch +04-fix-py3 diff -Nru python-couchdb-0.10/debian/rules python-couchdb-0.10/debian/rules --- python-couchdb-0.10/debian/rules 2014-09-28 18:14:36.0 +0200 +++ python-couchdb-0.10/debian/rules 2014-10-28 17:02:46.0 +0100 @@ -19,10 +19,10 @@ help2man -N -n a CouchDB dump utility ./couchdb-dump couchdb-dump.1 help2man -N -n a CouchDB load utility ./couchdb-load couchdb-load.1 help2man -N -n a CouchDB Python view server ./couchpy couchpy.1 + help2man -N -n a CouchDB Python replication tool --version-string=$(UPVER) ./couchdb-replicate couchdb-replicate.1 override_dh_auto_install: dh_auto_install -- --single-version-externally-managed - -rm -rf $(CURDIR)/debian/usr/share/doc/python-couchdb/html/_static/jquery.js override_dh_clean:
Bug#766524: dpkg: Please provide a way to install/unpack/configure without using argv[]
Package: dpkg Severity: wishlist Dear Dpkg Maintainer, apt is currently unpacking/configuring packages by running dpkg --unpack pkg1.deb pkg2.deb ... pkgN.deb dpkg --configure pkg1 pkg2 ... pkgN this can be problematic for big installations when the commandline gets very long and exceeds _SC_ARG_MAX. One possible solution might be to have something like --archivefiles-fd or --arg-file argument where frontends to apt can feed data into. If thats a direction that sounds sensible I can start working on a patch for this. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764678: dh-systemd: Please support systemd user services
Package: dh-systemd Severity: wishlist It would be very nice if dh-systemd would support systemd user units (both for detecting them during build time and to add something like systemctl --global enable my-user-unit to the debian/postinst). My use case is that the package installs a unit that should run at login time for all users. In the past this was done via the upstart session support. If you agree with the general idea I can help and work on a patch. Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#763780: apt-get: Insecure temporary changelog handling
On Thu, Oct 02, 2014 at 06:29:45PM +0200, Guillem Jover wrote: Package: apt Version: 0.8.7 Severity: serious Tags: security patch Thanks for your bugreport and your patch! I've found an instance of insecure temporary filenames handling. The problem is that the code correctly creates a temporary directory, but then uses that name as just a prefix for the created changelog filename, thus creating it alongside the tamporary directory (instead of inside of it), and making it very much predictable. This is worsened due to the time it takes apt-get to download the changelog from the net, which gives a very huge window to use that pathname. Attached a patch fixing this. This affects all versions starting from the one in squeeze. I'm not sure if this deserves a CVE or perhaps a lower severity? [..] I uploaded a fix for wheezy now, squeeze is not affected, this feature got added in 0.8.11 in debian so we should be safe here. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764442: apt: String overrun in RSHConn::WriteMsg() (transports rsh: and ssh:)
On Wed, Oct 08, 2014 at 02:49:40AM -0400, David Garfield wrote: Package: apt Version: 1.0.9.2 Severity: normal Thanks for your bugreport. In examining the sources in method/rsh.cc I ran across the function RSHConn::WriteMsg() The first thing it does is make a buffer of 512 bytes, put up to 508 bytes of data in it (the vsnprintf call), and then add at least 14 more bytes of data (the strcat calls). Good catch, thanks you! [..] The simplest fix is probably to change the - 4 on the vsnprintf() to - 24 or thereabouts. A more complex fix (probably not needed) might send the two strings separately. It also might be wise to consider if the buffer should be enlarged. I have not fully examined other sources for similar code, but do see where this came from in method/ftp.cc. [..] I fixed this in git and replaced the strcat with a C++ std::string so that we do not run into the fixed buffer issue. I also enlarged the buffer while doing so. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#763399: Hardening dpkg/apt
On Mon, Sep 29, 2014 at 09:24:35PM +, ban...@openmailbox.org wrote: Package: apt Version: all Thanks for your bugreport. Sometimes apt/dpkg can contain vulnerable, remotely exploitable bugs which s a big risk when used over the untrusted internet. As it happens, anyone could have been in a position to run man-in-the-middle attacks with the latest security hole [CVE-2014-6273] in apt-get. What makes this bug cripling is that updating apt to fix it would have exposed it to what the fix was supposed to rpevent, so manually downloading the package out of band was the safest option this time. I totally agree that we need to do more to protect the downloaders (and Julian pointed to some efforts for this already). In this particular case got some protection from the fact that we build apt with the default dpkg-buildflags which include _FORITY_SOURCE=2 [1]. This helps to mitigate the recent apt buffer overflow, the sprintf() call is translated to sprintf_chk() and I'm not aware of a way to exploit this other than to trigger a abort(). I checked the generated assembler for the __sprintf_chk call and the max buffer size is correctly loaded into %edx so it seems like the protection is working. If there is a way to circumvent this, then I would love to hear more about the details of such a attack! In order to drastically limit an attackers options I recommend creating a seccomp-bpf filter for apt and dpkg to limit what they can do should a weak function be remotely exploited. Other options include enabling any and all compile-time binary hardening such as PIE, RELRO, CANARY etc. [..] All hardening except for PIE and ld -z are currently enabled, these two will be enabled with the next upload (probably in experimental first). We do want to go further and protect the downloaders but there is some more work involved here, we need to move the proxy auto-detection out of the acquire method first but once that is done, we can further lock down the downloader code. Help with this effort is of course very welcome :) ! Thanks, Michael [1] Apt has all hardening features enabled in the debian/experimenal branch now and we plan to move this to unstable soon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#710924: bug still exists
On Sun, Sep 28, 2014 at 11:21:29AM +0800, 積丹尼 Dan Jacobson wrote: # aptitude update [..] Err http://ftp.tw.debian.org experimental/main i386 Packages 406 Not Acceptable Err http://ftp.tw.debian.org experimental/contrib i386 Packages [..] E: Some index files failed to download. They have been ignored, or old ones used instead. E: Couldn't rebuild package cache Thanks for your bugreport. What version of apt are you using? And how can we reproduce it (i.e. is using your sources.list enough in a clean chroot, does that trigger the bug for you as well?). Thanks, michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762178: apt: massive a-g update slowdowns due to recent security fixes
On Fri, Sep 19, 2014 at 09:00:43AM +, Thorsten Glaser wrote: Package: apt Version: 1.0.9.1 Severity: minor Thanks for your bugreport. Michael Vogt requested I file this as official bugreport: The recent revalidation changes lead to a simple apt-get update on my buildd machine (m68k VM with 198 MHz CPU) with only the incoming.d-p.o repository modified, but not unstable, taking: Fetched 156 kB in 8min 33s (304 B/s) The sources.list on that chroot is just: deb http://ftp.de.debian.org/debian-ports unstable main deb http://ftp.de.debian.org/debian-ports unreleased main deb-src http://ftp.de.debian.org/debian unstable main # plus the “incoming” repository With almost 200 MHz, this is one of the faster “machines”. Our regular buildds have 25, 33, 50 MHz. [..] This is indeed a pretty big hit on this hardware :/ The following patch should fix most of this: diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 5df4372..28ede30 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1558,8 +1558,9 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/ } - // Download further indexes with verification - QueueIndexes(true); + // Download further indexes with verification if something has changed + if(IMSHit == false) + QueueIndexes(true); // is it a clearsigned MetaIndex file? if (DestFile == SigFile) The downside if of course that if a Packages file is missing (because of a earlier download error for example) then it won't be fetched again, so the patch is probably too simplistic. But I think something like this should be done to avoid the extra verify step if we know that nothing has changed. Cheers, Michael The cause for this is that even a not-modified now triggers reverification of all downloaded files. The visible effect is a process called “copy” taking 90% CPU for minutes, in top(1). Michael and I think that apt should, when the Release and Release.gpg (or InRelease, but we aren’t using them any more, IIRC?) files are not modified, just reverify these, and, if they pass, assume the other data on the disc is valid/verified (because the files only get moved out of partial/ once verified AFAIK, and because if an unmodified Release file passes reverification, it would have passed initial verification as well, normally). Michael also thinks apt could cache more information, such as the original hashes, to speed up things more. -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture m68k; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends 0; APT::Install-Suggests 0; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-image-3\.16-1-m68k$; APT::NeverAutoRemove:: ^linux-headers-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-headers-3\.16-1-m68k$; APT::NeverAutoRemove:: ^linux-image-extra-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-image-extra-3\.16-1-m68k$; APT::NeverAutoRemove:: ^linux-signed-image-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-signed-image-3\.16-1-m68k$; APT::NeverAutoRemove:: ^kfreebsd-image-3\.14-2-m68k$; APT::NeverAutoRemove:: ^kfreebsd-image-3\.16-1-m68k$; APT::NeverAutoRemove:: ^kfreebsd-headers-3\.14-2-m68k$; APT::NeverAutoRemove:: ^kfreebsd-headers-3\.16-1-m68k$; APT::NeverAutoRemove:: ^gnumach-image-3\.14-2-m68k$; APT::NeverAutoRemove:: ^gnumach-image-3\.16-1-m68k$; APT::NeverAutoRemove:: ^.*-modules-3\.14-2-m68k$; APT::NeverAutoRemove:: ^.*-modules-3\.16-1-m68k$; APT::NeverAutoRemove:: ^.*-kernel-3\.14-2-m68k$; APT::NeverAutoRemove:: ^.*-kernel-3\.16-1-m68k$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-3\.16-1-m68k$; APT::NeverAutoRemove:: ^linux-tools-3\.14-2-m68k$; APT::NeverAutoRemove:: ^linux-tools-3\.16-1-m68k$; APT::VersionedKernelPackages ; APT::VersionedKernelPackages:: linux-image; APT::VersionedKernelPackages:: linux-headers; APT::VersionedKernelPackages:: linux-image-extra; APT::VersionedKernelPackages:: linux-signed-image; APT::VersionedKernelPackages:: kfreebsd-image; APT::VersionedKernelPackages:: kfreebsd-headers; APT::VersionedKernelPackages:: gnumach-image; APT::VersionedKernelPackages:: .*-modules; APT::VersionedKernelPackages:: .*-kernel; APT::VersionedKernelPackages:: linux-backports-modules-.*; APT::VersionedKernelPackages:: linux-tools; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto
Bug#762160: apt: [regression] 406 Not acceptable errors
On Fri, Sep 19, 2014 at 01:31:04PM +0800, Paul Wise wrote: Package: apt Version: 0.9.7.9+deb7u4 Severity: important Thanks for your bugreport and sorry for the trouble this is causing you. The recent apt security updates broke the Debian derivatives census scripts, various sites now return 406 Not acceptable errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. I debugged this issue and it turns out apt does no longer deal well with the relative path for Dir (in the new ReverifyAfterIMSHit step). Thats a regression and need fixing, I look into this. In the meantime you can set: Dir $(pwd)/apt; to unblock your script. Cheers, Michael I also note that if I use the same sources.list with chdist from devscripts I do *not* get the same errors. Looking at the wireshark log, the difference is that chdist only gets 304 and 404 HTTP codes but plain apt gets 304, 404, 416 and 406 codes. These sources.list files exhibit the issue: https://dex.alioth.debian.org/census/Aptosid/sources.list https://dex.alioth.debian.org/census/ArcheOS/sources.list https://dex.alioth.debian.org/census/AstraLinux/sources.list https://dex.alioth.debian.org/census/BCCD/sources.list https://dex.alioth.debian.org/census/HandyLinux/sources.list https://dex.alioth.debian.org/census/Ordissimo/sources.list https://dex.alioth.debian.org/census/SteamOS/sources.list https://dex.alioth.debian.org/census/Tucunare/sources.list https://dex.alioth.debian.org/census/sources.list https://dex.alioth.debian.org/census/sources.list rm -rf sources.list apt.conf apt cat EOF sources.list deb [arch=i386,amd64] http://aptosid.com/debian/ sid main fix.main deb-src http://aptosid.com/debian/ sid main fix.main EOF cat EOF apt.conf Dir apt; Dir::State::status ./apt/var/lib/dpkg/status; Dir::Etc::sourcelist ./sources.list; EOF mkdir --parents apt/var/lib/dpkg apt/etc/apt/apt.conf.d apt/etc/apt/trusted.gpg.d apt/etc/apt/preferences.d apt/etc/apt/sources.list.d apt/var/lib/apt/lists/partial apt/var/cache/apt/archives/partial touch apt/var/lib/dpkg/status apt/etc/apt/trusted.gpg export APT_CONFIG=`pwd`/apt.conf apt-get update apt-get update -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-7+deb7u6 ii libapt-pkg4.12 0.9.7.9+deb7u4 ii libc6 2.13-38+deb7u4 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 apt recommends no packages. Versions of packages apt suggests: pn apt-doc none ii aptitude0.6.8.2-1 ii dpkg-dev1.16.15 pn python-apt none ii xz-utils5.1.1alpha+20120614-2 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762160: apt: [regression] 406 Not acceptable errors
On Fri, Sep 19, 2014 at 01:31:04PM +0800, Paul Wise wrote: The recent apt security updates broke the Debian derivatives census scripts, various sites now return 406 Not acceptable errors. The set of instructions below produces the errors on the second apt-get update run with apt 0.9.7.9+deb7u4 but not with apt 0.9.7.9+deb7u2. This patch should fix it, if you could double check, that would be great. I'm also curious if your second bugreport is fixed with this too: diff --git a/methods/copy.cc b/methods/copy.cc index 5570f31..b78053d 100644 --- a/methods/copy.cc +++ b/methods/copy.cc @@ -55,8 +55,8 @@ void CopyMethod::CalculateHashes(FetchResult Res) /* */ bool CopyMethod::Fetch(FetchItem *Itm) { - URI Get = Itm-Uri; - std::string File = Get.Path; + // this ensures that relative paths work in copy + std::string File = Itm-Uri.substr(Itm-Uri.find(':')+1); // Stat the file and send a start message struct stat Buf; Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762079: apt: Hash Sum mismatch while sum checks since security update
On Thu, Sep 18, 2014 at 10:26:41AM +0200, b...@debian.org wrote: Package: apt Version: 0.9.7.9+deb7u3 Severity: important Thanks for your bugreport. [..] W: Failed to fetch file:/usr/src/debian-repository/local/Packages Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. [..] Interestingly, right after building the local packages, my autobuild script issue a 'apt-get update' that completes successfully. But when I issue another 'apt-get update' even one second later I get the above behavior. Regenerating the packages produced the same behavior. But everything checks! What's wrong? There is a regression in the recent security update that causes file:/// uris that are on a different partition (or nfs) than the apt lists dir to misbehave. The fix is commited as http://anonscm.debian.org/cgit/apt/apt.git/commit/?h=debian/wheezyid=3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 and we will upload fixed packages shortly. If you could test the fix that would be much appreciated. Sorry for the trouble, Michael Cheers! Sylvain -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture amd64; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends 1; APT::Install-Suggests 0; APT::Authentication ; APT::Authentication::TrustCDROM true; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image.*; APT::NeverAutoRemove:: ^kfreebsd-image.*; APT::NeverAutoRemove:: ^linux-restricted-modules.*; APT::NeverAutoRemove:: ^linux-ubuntu-modules-.*; APT::NeverAutoRemove:: ^gnumach$; APT::NeverAutoRemove:: ^gnumach-image.*; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto-Sections:: multiverse/oldlibs; APT::Periodic ; APT::Periodic::Update-Package-Lists 1; APT::Periodic::Download-Upgradeable-Packages 0; APT::Periodic::AutocleanInterval 0; APT::Update ; APT::Update::Post-Invoke ; APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 2/dev/null || true; APT::Archives ; APT::Archives::MaxAge 30; APT::Archives::MinAge 2; APT::Archives::MaxSize 500; APT::Architectures ; APT::Architectures:: amd64; APT::Compressor ; APT::Compressor::. ; APT::Compressor::.::Name .; APT::Compressor::.::Extension ; APT::Compressor::.::Binary ; APT::Compressor::.::Cost 1; APT::Compressor::gzip ; APT::Compressor::gzip::Name gzip; APT::Compressor::gzip::Extension .gz; APT::Compressor::gzip::Binary gzip; APT::Compressor::gzip::Cost 2; APT::Compressor::gzip::CompressArg ; APT::Compressor::gzip::CompressArg:: -9n; APT::Compressor::gzip::UncompressArg ; APT::Compressor::gzip::UncompressArg:: -d; APT::Compressor::bzip2 ; APT::Compressor::bzip2::Name bzip2; APT::Compressor::bzip2::Extension .bz2; APT::Compressor::bzip2::Binary bzip2; APT::Compressor::bzip2::Cost 3; APT::Compressor::bzip2::CompressArg ; APT::Compressor::bzip2::CompressArg:: -9; APT::Compressor::bzip2::UncompressArg ; APT::Compressor::bzip2::UncompressArg:: -d; APT::Compressor::xz ; APT::Compressor::xz::Name xz; APT::Compressor::xz::Extension .xz; APT::Compressor::xz::Binary xz; APT::Compressor::xz::Cost 4; APT::Compressor::xz::CompressArg ; APT::Compressor::xz::CompressArg:: -6; APT::Compressor::xz::UncompressArg ; APT::Compressor::xz::UncompressArg:: -d; APT::Compressor::lzma ; APT::Compressor::lzma::Name lzma; APT::Compressor::lzma::Extension .lzma; APT::Compressor::lzma::Binary xz; APT::Compressor::lzma::Cost 5; APT::Compressor::lzma::CompressArg ; APT::Compressor::lzma::CompressArg:: --format=lzma; APT::Compressor::lzma::CompressArg:: -9; APT::Compressor::lzma::UncompressArg ; APT::Compressor::lzma::UncompressArg:: --format=lzma; APT::Compressor::lzma::UncompressArg:: -d; APT::CompressorName ; APT::CompressorExtension .; APT::CompressorBinary ; APT::CompressorCost 100; APT::CompressorCompressArg ; APT::CompressorCompressArg:: -9; APT::CompressorUncompressArg ; APT::CompressorUncompressArg:: -d; Dir /; Dir::State var/lib/apt/; Dir::State::lists lists/; Dir::State::cdroms cdroms.list; Dir::State::mirrors mirrors/; Dir::State::extended_states extended_states; Dir::State::status /var/lib/dpkg/status; Dir::Cache var/cache/apt/; Dir::Cache::archives archives/; Dir::Cache::srcpkgcache srcpkgcache.bin; Dir::Cache::pkgcache pkgcache.bin; Dir::Etc etc/apt/; Dir::Etc::sourcelist sources.list; Dir::Etc::sourceparts sources.list.d; Dir::Etc::vendorlist vendors.list; Dir::Etc::vendorparts
Bug#757438: exposes entire dpkg upgrade log to non-root users
On Fri, Aug 08, 2014 at 03:00:19AM -0400, Joey Hess wrote: Package: unattended-upgrades Version: 0.79.5 Severity: normal Tags: security Thanks for your bugreport and sorry for my slow reply. /var/log/unattended-upgrades/ is readable by all, so when this package is run on a multi-user system, non-admin users can trawl the upgrade logs for interesting information. [..] I totally agree with the concern and fixed the permissions of the dir to root:adm 0750 (as you suggested) and the dpkg log to root:adm 0640 too. This will be part of my next upload. Any reason not to make the directory 750 root.adm? No, fixed. Do you think this should go out to stable as well? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759693: unattended-upgrades: please document how to configure the logging options
On Fri, Aug 29, 2014 at 05:21:02PM +0300, Martin-Éric Racine wrote: Package: unattended-upgrades Version: 0.82.8 Severity: normal Thanks for your bugreport. [..] While the number of older files kept as unattended-upgrades.log.[1-7].gz and unattended-upgrades-shutdown.log.[1-7].gz remains reasonable, the sheer quantity of dated log files quickly reaches a ridiculous amount. Additionally, keeping gzipped copies of each dated log files seems excessive. [..] I changed the code in bzr now so that there is only a single unattended-upgrades-dpkg.log with date/time headers similar to what the /var/log/apt/term.log is doing. This will keep the number of logs as small as for the other two log files. I'm not sure if I should keep the logs using the date, it would be straightforward to add a option, so if someone really feels like the individual file format has advantages I could add it back. Cheers, Michael As such, I am wondering whether there are configuration options to perform the following: 1) Output one's choice of clear/gzipped/both logs. 2) Delete dated logs older than NN months back. If there are, the options listed in /etc/apt/apt.conf.d/50unattended-upgrades configuration file don't make any mention of this. Could you please document how this can be configured? Thanks! -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (1001, 'testing'), (1001, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.14-2-686-pae (SMP w/1 CPU core) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages unattended-upgrades depends on: ii apt1.0.6 ii apt-utils 1.0.6 ii debconf [debconf-2.0] 1.5.53 ii init-system-helpers1.21 ii lsb-base 4.1+Debian13 ii lsb-release4.1+Debian13 ii python33.4.1-1 ii python3-apt0.9.3.8 ii ucf3.0030 ii xz-utils 5.1.1alpha+20120614-2 unattended-upgrades recommends no packages. Versions of packages unattended-upgrades suggests: ii bsd-mailx 8.1.2-0.20131005cvs-1 ii nullmailer [mail-transport-agent] 1:1.13-1 -- debconf information: * unattended-upgrades/enable_auto_updates: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759264: This change broke proxy support in apt for me
On Wed, Sep 10, 2014 at 05:24:37PM -0400, Lennart Sorensen wrote: After this change proxy handling is completely broken for me. I have this for a config: Acquire::http::Proxy-Auto-Detect /usr/local/sbin/getproxy; Acquire::http::Proxy::rceng02.eng.lan DIRECT; Acquire::http::Proxy::mirror.eng.lan DIRECT; Acquire::http::Proxy::cache.eng.lan DIRECT; With apt 1.0.7 it works perfectly, using direct access to sources on the 3 listed hosts and proxy returned by a script for everything else. With 1.0.8 it now randomly tries to use the proxy for hostnames configured to be direct. I highly suspect this change is the cause of the breakage. Indeed, sorry for that. I attached a patch that should fix the issue by not running the auto-detect if the user already has a proxy set for the given specific host. This seems to be the most sensible option, autodetect everything that is not set explicitly already in the config. Cheers, Michael diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc index b58db84..9750f71 100644 --- a/apt-pkg/contrib/proxy.cc +++ b/apt-pkg/contrib/proxy.cc @@ -26,6 +26,10 @@ bool AutoDetectProxy(URI URL) // we support both http/https debug options bool Debug = _config-FindB(Debug::Acquire::+URL.Access,false); + // the user already explicitly set a proxy for this host + if(_config-FindS(Acquire::+URL.Access+::proxy::+URL.Host, ) != ) + return true; + // option is Acquire::http::Proxy-Auto-Detect but we allow the old // name without the dash (-) std::string AutoDetectProxyCmd = _config-Find(Acquire::+URL.Access+::Proxy-Auto-Detect,
Bug#760666: squid-deb-proxy writes to /var/log/squid3/netdb.state
On Sat, Sep 06, 2014 at 12:45:11PM -0500, Vagrant Cascadian wrote: Control: tag -1 patch On 2014-09-06 12:27:42 -0500, Vagrant Cascadian wrote: It seems like it should probably be writing to /var/log/squid-deb-proxy/netdb.state instead. Thanks a lot for the bugreport and the patch (and sorry for my slow reply). I merged it into my bzr tree and it will be part of the next upload. Cheers, Michael The following patch might fix this: diff --git a/squid-deb-proxy/squid-deb-proxy.conf b/squid-deb-proxy/squid-deb-proxy.conf index 7672e69..5e4b267 100644 --- a/squid-deb-proxy/squid-deb-proxy.conf +++ b/squid-deb-proxy/squid-deb-proxy.conf @@ -91,3 +91,11 @@ http_access allow allowed_networks # And finally deny all other access to this proxy http_access deny all + +# TAG: netdb_filename +# Where Squid stores it's netdb journal. +# When enabled this journal preserves netdb state between restarts. +# +# To disable, enter none. +#Default: +netdb_filename stdio:/var/log/squid-deb-proxy/netdb.state live well, vagrant -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#283718: no_proxy variable not honored by apt-transport-https
On Tue, Sep 09, 2014 at 04:27:32PM +0200, Raoul Bhatia wrote: I'm seeing this issue with correctly working no_proxy settings via /etc/environment and/or /root/.bashrc, which are correctly working for e.g. w3m but are not honored via apt-transport-https. Thanks for your bugreport. [..] apt-get update -o Debug::Acquire::Https=true still shows that APT is trying to use the proxy. Could you please test the attached patch? It seems like the proxy setting is not properly reset for libcurl. Cheers, Michael diff --git a/methods/https.cc b/methods/https.cc index 0499af0..1b3d867 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -132,8 +132,14 @@ void HttpsMethod::SetupProxy() /*{{{*/ { // Parse no_proxy, a comma (,) separated list of domains we don't want to use // a proxy for so we stop right here if it is in the list - if (getenv(no_proxy) != 0 CheckDomainList(ServerName.Host,getenv(no_proxy)) == true) + if (getenv(no_proxy) != 0 + CheckDomainList(ServerName.Host,getenv(no_proxy)) == true) + { + Proxy = ; + curl_easy_setopt(curl, CURLOPT_PROXY, NULL); + curl_easy_setopt(curl, CURLOPT_PROXYPORT, 0); return; + } } else { const char* result = getenv(https_proxy); // FIXME: Fall back to http_proxy is to remain compatible with
Bug#753297: apt list --upgradable gives lot of false positives: possible solution
On Mon, Jul 21, 2014 at 05:52:11PM +0200, Michael Musenbrock wrote: Package: apt Version: 1.0.6 Followup-For: Bug #753297 Thanks for your patch! [..] for me the problem (listing packages as upgradable if they are not) occurs for all packages, which have a newer version in an archive with lower APT:Pinning score. So if I understood the source correctly, the pkgPolicy handles the candidate version in respect to the correct pinning. The attached patch [1] should do the trick. [..] This is fixed in git now and it will be part of the next upload. Your patch was superhelpful to get to the bottom of the problem, the new apt binary did not always initialize the depcache/policy in the right order so that the depcache ended up with the wrong pkgPolicy. This should be fixed in HEAD and a test was added. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755874: gobject-introspection: [patch] use multi-arch pathes for the .typelib files
On Sun, Aug 24, 2014 at 10:04:43PM +0100, Iain Lane wrote: Hi mvo, Hi Ian, On Thu, Jul 24, 2014 at 09:05:48AM +0200, Michael Vogt wrote: […] With this change most packages that ship a gir1.2-* package need a small change to their debian/gir1.2-foo.install file: - usr/lib/girepository-1.0/* + usr/lib/*/girepository-1.0/* Without they will fail to build. Cool - I'm interested in this change since a package I care about is no longer x-buildable due to this problem. Didn't review the patch yet, but I will do before uploading. Since this requires source changes, I made a dd-list of all packages which ship files in /usr/lib/girepository-1.0. There are two packages - workrave and ibus-anthy - which I think would need splitting because they ship typelibs along with programs. I've got an opportunity at Debconf to spend some time on this. What's the best way? Do it in unstable and NMU after an announce/fix perioud because packages will be broken or use experimental and do this more gradually with MBF and prodding? Thanks a lot for your experimental upload! I played with the new version in a PPA and did a bunch of package updates in my test repo (ppa:mvo/gir-multiarch). While doing that I noticed that the dh_girepository needs a small tweak (attached). Without that it fails for me for json-glib (and probably more, it was just the first failure I noticed). The update the for individual is mostly a very mechanical process, I created a script in lp:~mvo/+junk/gir-multiarch that automates the work. It has a pretty high success rate, some packages need manual tweaks of course, I put a list into the update.sh for the ones I know about. Hope that helps the transition, I'm very excited about it! Thanks, Michael diff -Nru gobject-introspection-1.41.4/debian/dh_girepository gobject-introspection-1.41.4/debian/dh_girepository --- gobject-introspection-1.41.4/debian/dh_girepository 2014-08-30 21:40:04.0 + +++ gobject-introspection-1.41.4/debian/dh_girepository 2014-09-04 09:28:25.0 + @@ -196,8 +196,8 @@ } if (! $found) { addsubstvar ($package, gir:Depends, $deppkg); -return; } +return; } } error(Could not find $req dependency);
Bug#758615: [patch] more error handling remove global state
On Sun, Aug 31, 2014 at 06:10:36AM +0200, Guillem Jover wrote: Hi! Hello, On Tue, 2014-08-19 at 11:23:41 +0200, Michael Vogt wrote: [..] Some comments on the points raised in the review, although it's true that dpkg itself should only be dealing with “trusted” data, otherwise you are going to be happily giving root accesss away, dpkg-deb does not, so it must be picky and suspicious when parsing .deb packages. And for most (if not all) of the dpkg .deb parsing code I've either rewritten or at least extensively reviewed it by now, that obviously does not mean there will be no bugs, but besides code staring, unit tests, functional tests [F], code checkers like clang, cppcheck and coverity among others do help. So I do trust more the dpkg code than the debsig-verify code. Precisely one of the reasons for taking it over was to update its .deb format support, including LFS. Of course debsig-verify code should be considered more sensitive, because it's not just about inspecting, but about deciding to end up giving direct root access to possibly untrusted packages. [..] thanks for these comments, that is good to know! Regarding adoption of debsig-verify, I'm planning to work on updating the layout of the signatures, and to properly integrate this into dpkg proper. Once I start those discussions, I'll try to make sure to keep you and Colin Watson on the loop, as you guys seem to be interested in this? Yes, please keep us in the loop. Attached are two patches that add some additional error checking. I'll review and merge those in few days, after I finish up some other stuff, thanks! Thanks, that is much appreciated. I also started with the removal of the global state (attached as well). However it is not very elegant and I wonder if it would make more sense to have a struct ds_ctx { char *deb, FILE *deb_fs, char *originID } that is passed around as the context instead of my current approach. Ah, yeah, I thought I had started doing something like that already, but I cannot find any branch or stashed change, so either I just thought about it or I discarded it at the time. Anyway I'll check it out in few days. [..] Great, looking forward for your feedback. I guess I need to rework the coding style a bit (based on the previous review I had) but I guess its best if I wait for further feedback. Attached are my remaining patches that add _FILE_OFFSET_BITS 64, add a README and add a (simple) integration test (with a test origin key). The test is not using a test framework currently, I'm happy to use whatever you suggest, shunit2 seems like a good one but I have no strong preferences either way. Feedback welcome, and I hope my latest stuff does not contain silly (debconf jetlag) issues :) Cheers, MichaelFrom 1a4ee2063424f94f4d481f737870892bcf50e8aa Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Thu, 21 Aug 2014 08:30:22 +0200 Subject: [PATCH 7/9] add _FILE_OFFSET_BITS 64 --- debsig.h | 1 + 1 file changed, 1 insertion(+) diff --git a/debsig.h b/debsig.h index ea6edb7..39e78ab 100644 --- a/debsig.h +++ b/debsig.h @@ -16,6 +16,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see https://www.gnu.org/licenses/. */ +#define _FILE_OFFSET_BITS 64 #define DEBSIG_POLICIES_DIR_FMT %sDEBSIG_POLICIES_DIR/%s #define DEBSIG_KEYRINGS_FMT %sDEBSIG_KEYRINGS_DIR/%s/%s -- 2.0.0.rc0 From 79318503b0039b4705019e0308544ceee7f24305 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Thu, 21 Aug 2014 08:36:18 +0200 Subject: [PATCH 8/9] add README --- README | 22 ++ 1 file changed, 22 insertions(+) create mode 100644 README diff --git a/README b/README new file mode 100644 index 000..150a35f --- /dev/null +++ b/README @@ -0,0 +1,22 @@ += Debian package signature verification tool = + +This tool inspects and verifies binary package digital signatures based +on predetermined policies, complementing repository signatures or allowing +to verify the authenticity of a package even after download when detached +from a repository. + +== How to build == + +Ensure the build-dependencies are instaleld by running +``` +$ dpkg-checkbuilddeps debian/control +``` + +then type: +``` +$ make +``` + +== Testing == + +No automatic testsuite yet, manual testing needs to be performed. -- 2.0.0.rc0 From df421bdccf43ae520f676c9d1da0ab5788f1e3a0 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Tue, 2 Sep 2014 09:52:48 +0200 Subject: [PATCH 9/9] add simple integration test --- Makefile | 3 + README| 6 +- testing/keyrings/FAD46790DE88C7E2/pubring.gpg | Bin 0 - 1245 bytes testing/keyrings/FAD46790DE88C7E2/secring.gpg | Bin 0 - 2547 bytes testing/policies/FAD46790DE88C7E2/generic.pol | 22 +++ testing/test_debsig
Bug#759612: apt: apt-cache segfaults when given some options
On Fri, Aug 29, 2014 at 10:45:09AM -0700, Dima Kogan wrote: David Kalnischkies da...@kalnischkies.de writes: [..] Hi David. Thank you for looking at this. Looking a bit more deeply, it looks like my shell was expanding ^xxx- to a list of all files in the local directory, and the cause of the crash was simply too many arguments. The following crashes consistently for me: apt-cache search xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx There are 133 'xxx' here. This appears to be the threshold. = 133 arguments causes a crash. 133 arguments works ok. This is admittedly more of a corner case, but it still shouldn't crash. This should be fixed in the git tree now, thanks for the instructions how to reproduce the bug. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759655: tests fail with proxy
On Fri, Aug 29, 2014 at 09:13:00AM +0200, Martin Pitt wrote: Package: apt Version: 1.0.4 Thanks for your bugreport. Hello, In our CI environment we need to use a proxy to get to most internet sites: http_proxy=http://squid.internal:3128 https_proxy=http://squid.internal:3128 no_proxy=localhost,ubuntu.com,launchpad.net [..] I changed the run-tests now to run the tests with env -i to ensure that we start with a clean environment. As a by-product this should also fix the proxy env pollution. Thanks! Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759264: apt: Please help with PAC support - proxy autoconfiguration files
On Mon, Aug 25, 2014 at 07:17:18PM -0700, Michael Vogt wrote: It would be useful to support PAC (proxy autoconfiguration files) with apt. Specifically, PAC files are simple javascript files that given a URL and HOST output a proxy setting. This can be trivially hooked up with Acquire::http::Proxy-Auto-Detect, however Proxy-Auto-Detect is called only once, instead of per-host, hence one cannot easily mix repositories that require different proxies or proxy only for some repositories. Extending Proxy-Auto-Detect to pass host parameter and calling that for each host/repository would be beneficial to integrate (optionally) pac file support with apt. (Similar to how deb squid proxy support is done). Attached is a (untested) patch that make the Proxy-Auto-Detect a per-host thing. If this looks vaguely like what you need we need to add a testcase before it can go in. Looks like I forgot to attach the patch. I attach it now, Raphael Geissert pointed out that by using command proxy from the libproxy-tools package your use-case should be solved. Along the way I added the auto-detect to https as well. If you could give it a test-run, that would be awesome. Cheers, Michaeldiff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc index b68a053..d1f8274 100644 --- a/apt-pkg/contrib/proxy.cc +++ b/apt-pkg/contrib/proxy.cc @@ -1,9 +1,18 @@ +#includeapt-pkg/configuration.h +#includeapt-pkg/error.h +#includeapt-pkg/fileutl.h + +#includeiostream +#include unistd.h + #include proxy.h + + // AutoDetectProxy - auto detect proxy /*{{{*/ // - /* */ -bool AutoDetectProxy(const URI URL) +bool AutoDetectProxy(URI URL) { bool Debug = _config-FindB(Debug::Acquire::http,false); // option is Acquire::http::Proxy-Auto-Detect but we allow the old @@ -15,7 +24,7 @@ bool AutoDetectProxy(const URI URL) return true; if (Debug) - clog Using auto proxy detect command: AutoDetectProxyCmd endl; + std::clog Using auto proxy detect command: AutoDetectProxyCmd std::endl; int Pipes[2] = {-1,-1}; if (pipe(Pipes) != 0) @@ -30,10 +39,10 @@ bool AutoDetectProxy(const URI URL) const char *Args[4]; Args[0] = AutoDetectProxyCmd.c_str(); - Args[1] = URL.c_str(); + Args[1] = string(URL).c_str(); Args[2] = 0; execv(Args[0],(char **)Args); - cerr Failed to exec method Args[0] endl; + std::cerr Failed to exec method Args[0] std::endl; _exit(100); } char buf[512]; @@ -51,7 +60,7 @@ bool AutoDetectProxy(const URI URL) buf[res] = 0; if (Debug) - clog auto detect command returned: ' buf ' endl; + std::clog auto detect command returned: ' buf ' std::endl; URI Tmp(URL); if (strstr(buf, http://;) == buf) diff --git a/apt-pkg/contrib/proxy.h b/apt-pkg/contrib/proxy.h index b7ebf61..be31791 100644 --- a/apt-pkg/contrib/proxy.h +++ b/apt-pkg/contrib/proxy.h @@ -11,7 +11,7 @@ #include apt-pkg/strutl.h -bool AutoDetectProxy(const URI URL); +bool AutoDetectProxy(URI URL); #endif diff --git a/methods/http.cc b/methods/http.cc index 7c7949e..06325e9 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -34,6 +34,7 @@ #include apt-pkg/hashes.h #include apt-pkg/netrc.h #include apt-pkg/strutl.h +#include apt-pkg/proxy.h #include stddef.h #include stdlib.h @@ -51,6 +52,7 @@ #include connect.h #include http.h + #include apti18n.h /*}}}*/ using namespace std; @@ -60,6 +62,7 @@ unsigned long long CircleBuf::BwTickReadData=0; struct timeval CircleBuf::BwReadTick={0,0}; const unsigned int CircleBuf::BW_HZ=10; + // CircleBuf::CircleBuf - Circular input buffer/*{{{*/ // - /* */ @@ -304,8 +307,10 @@ bool HttpServerState::Open() Persistent = true; // Determine the proxy setting + AutoDetectProxy(ServerName); + string SpecificProxy = _config-Find(Acquire::http::Proxy:: + ServerName.Host); - if (!SpecificProxy.empty()) + if (SpecificProxy != ) { if (SpecificProxy == DIRECT) Proxy = ; @@ -762,66 +767,6 @@ bool HttpMethod::Configuration(string Message) PipelineDepth); Debug = _config-FindB(Debug::Acquire::http,false); - // Get the proxy to use - AutoDetectProxy(); - - return true; -} - /*}}}*/ -// HttpMethod::AutoDetectProxy - auto detect proxy /*{{{*/ -// - -/* */ -bool HttpMethod::AutoDetectProxy() -{ - // option is Acquire::http::Proxy-Auto-Detect but we allow the old - // name without the dash (-) - AutoDetectProxyCmd = _config-Find(Acquire::http::Proxy-Auto-Detect, - _config-Find(Acquire::http::ProxyAutoDetect)); - - if (AutoDetectProxyCmd.empty()) - return true; - - if (Debug) - clog Using auto proxy detect command
Bug#759264: apt: Please help with PAC support - proxy autoconfiguration files
On Mon, Aug 25, 2014 at 06:18:22PM +0100, Dimitri John Ledkov wrote: Package: apt Version: 1.0.4ubuntu6 Severity: wishlist Thanks for your bugreport. It would be useful to support PAC (proxy autoconfiguration files) with apt. Specifically, PAC files are simple javascript files that given a URL and HOST output a proxy setting. This can be trivially hooked up with Acquire::http::Proxy-Auto-Detect, however Proxy-Auto-Detect is called only once, instead of per-host, hence one cannot easily mix repositories that require different proxies or proxy only for some repositories. Extending Proxy-Auto-Detect to pass host parameter and calling that for each host/repository would be beneficial to integrate (optionally) pac file support with apt. (Similar to how deb squid proxy support is done). Attached is a (untested) patch that make the Proxy-Auto-Detect a per-host thing. If this looks vaguely like what you need we need to add a testcase before it can go in. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758826: [patch] fix if $HOME is not writable
On Fri, Aug 22, 2014 at 05:12:53PM +0200, Guillem Jover wrote: Hi! Hi, On Thu, 2014-08-21 at 21:12:20 +0200, Michael Vogt wrote: Package: debsig-verify Version: 0.10 I ran into a issue today that debsig-verify would fail if $HOME was not writable to the debsig-verify progress. The reason is that gpg tries to create/read a ~/.gnupg/{pubring,secring}.gpg. Attached is a patch that run gpg with its own GNUPGHOME instead of the users. Ah, makes sense, given that the gpg invoked is not using any default options nor default keyrings. It should also have a more predictable behavior. Thanks for the patch! [..] Thanks a lot for your thorough review of the patch. I addressed your point and attached a new version. Review welcome! Please let me know if I went overbord with the free()/unset gpg_tempdir in cleanup_gpg_tmpdir(). I understand this is not needed given that its the exit handler, but I was thinking that this code might be used in a different context at some point. But then it may well be a instance of YAGNI. Just let me know and I'm happy to remove it again. Thanks! Michael From a2e6c4e797e46ae2d5b7af11bda4e98c1a67d276 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Fri, 22 Aug 2014 18:08:47 +0200 Subject: [PATCH] run gpg with its own temporary GNUPGHOME directory --- gpg-parse.c | 32 ++-- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/gpg-parse.c b/gpg-parse.c index bae2181..df59a3b 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -21,6 +21,9 @@ * routines to parse gpg output */ +#include dpkg/path.h + +#include errno.h #include stdio.h #include string.h #include sys/types.h @@ -32,16 +35,33 @@ #include debsig.h static int gpg_inited = 0; +static char *gpg_tmpdir; + +static void +cleanup_gpg_tmpdir(void) +{ + execlp(rm, rm, -rf, gpg_tmpdir, NULL); + free(gpg_tmpdir); + gpg_tmpdir = NULL; +} -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ -static void gpg_init(void) { +/* Ensure that gpg has a writable HOME to put its keyrings */ +static void +gpg_init(void) +{ int rc; if (gpg_inited) return; -rc = system(GPG_PROG --options /dev/null /dev/null /dev/null 21); -if (rc 0) -ds_fail_printf(DS_FAIL_INTERNAL, error writing initializing gpg); + +gpg_tmpdir = mkdtemp(path_make_temp_template(debsig-verify)); +if(!gpg_tmpdir) + ds_fail_printf(DS_FAIL_INTERNAL, Cannot create temporary directory '%s', gpg_tmpdir); +rc = setenv(GNUPGHOME, gpg_tmpdir, 1); +if(rc 0) + ds_fail_printf(DS_FAIL_INTERNAL, Can not set environment GNUPGHOME to '%s' (%s), gpg_tmpdir, strerror(errno)); +rc = atexit(cleanup_gpg_tmpdir); +if(rc != 0) + ds_fail_printf(DS_FAIL_INTERNAL, Can not set atexit cleanup handler); gpg_inited = 1; } -- 2.0.0.rc0
Bug#758826: updated patch
Hi, the previous patch has a really silly error, sorry for that. The fork() in the atexit() handler is missing :( Attached a updated version. I will try to write a very basic test ASAP to avoid this kind of mistake. Sorry, Michael From 9f327ecc7abae8234029a57bc9bfc28c7aee962f Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Fri, 22 Aug 2014 18:08:47 +0200 Subject: [PATCH] run gpg with its own temporary GNUPGHOME directory --- gpg-parse.c | 39 +-- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/gpg-parse.c b/gpg-parse.c index bae2181..6d5d66e 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -21,6 +21,9 @@ * routines to parse gpg output */ +#include dpkg/path.h + +#include errno.h #include stdio.h #include string.h #include sys/types.h @@ -32,16 +35,40 @@ #include debsig.h static int gpg_inited = 0; +static char *gpg_tmpdir; + +static void +cleanup_gpg_tmpdir(void) +{ + pid_t pid = fork(); + if (pid 0) + ds_fail_printf(DS_FAIL_INTERNAL, Cleanup failed to fork() (%s), + strerror(errno)); + if (pid == 0) + execlp(rm, rm, -rf, gpg_tmpdir, NULL); + waitpid(pid, NULL, 0); + + free(gpg_tmpdir); + gpg_tmpdir = NULL; +} -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ -static void gpg_init(void) { +/* Ensure that gpg has a writable HOME to put its keyrings */ +static void +gpg_init(void) +{ int rc; if (gpg_inited) return; -rc = system(GPG_PROG --options /dev/null /dev/null /dev/null 21); -if (rc 0) -ds_fail_printf(DS_FAIL_INTERNAL, error writing initializing gpg); + +gpg_tmpdir = mkdtemp(path_make_temp_template(debsig-verify)); +if(!gpg_tmpdir) + ds_fail_printf(DS_FAIL_INTERNAL, Cannot create temporary directory '%s', gpg_tmpdir); +rc = setenv(GNUPGHOME, gpg_tmpdir, 1); +if(rc 0) + ds_fail_printf(DS_FAIL_INTERNAL, Can not set environment GNUPGHOME to '%s' (%s), gpg_tmpdir, strerror(errno)); +rc = atexit(cleanup_gpg_tmpdir); +if(rc != 0) + ds_fail_printf(DS_FAIL_INTERNAL, Can not set atexit cleanup handler); gpg_inited = 1; } -- 2.0.0.rc0
Bug#758826: [patch] fix if $HOME is not writable
Package: debsig-verify Version: 0.10 Hi, I ran into a issue today that debsig-verify would fail if $HOME was not writable to the debsig-verify progress. The reason is that gpg tries to create/read a ~/.gnupg/{pubring,secring}.gpg. Attached is a patch that run gpg with its own GNUPGHOME instead of the users. Feedback welcome! Thanks, Michael diff -Nru debsig-verify-0.10/gpg-parse.c debsig-verify-0.10ubuntu1/gpg-parse.c --- debsig-verify-0.10/gpg-parse.c 2014-06-07 22:17:34.0 +0200 +++ debsig-verify-0.10ubuntu1/gpg-parse.c 2014-08-21 20:59:04.0 +0200 @@ -32,16 +32,28 @@ #include debsig.h static int gpg_inited = 0; +static char gpg_tmpdir[256] = {0,}; -/* Crazy damn hack to make sure gpg has created ~/.gnupg, else it will - * fail first time called */ +/* Crazy damn hack to make sure gpg has a writable HOME to put its + trustdb and secret keyring etc */ +static void cleanup_gpg_tmpdir(void) { + execl(/bin/rm, rm, -rf, gpg_tmpdir, NULL); +} static void gpg_init(void) { int rc; -if (gpg_inited) return; -rc = system(GPG_PROG --options /dev/null /dev/null /dev/null 21); -if (rc 0) -ds_fail_printf(DS_FAIL_INTERNAL, error writing initializing gpg); +if (gpg_inited) + return; + +char *tmpdir = getenv(TMPDIR); +if(!tmpdir) + tmpdir = /tmp; +snprintf(gpg_tmpdir, sizeof(gpg_tmpdir) -1, + %s/%s, tmpdir, debsig-verify.XX); +if(!mkdtemp(gpg_tmpdir)) + ds_fail_printf(DS_FAIL_INTERNAL, mkdtemp() failed for '%s', gpg_tmpdir); +setenv(GNUPGHOME, gpg_tmpdir, 1); +atexit(cleanup_gpg_tmpdir); gpg_inited = 1; }
Bug#758615: new patch
Hi, attached my attempt to make my previous patches a bit nicer, it applies on top of the previous set and adds a struct debsig_ctx to avoid passing three args (originID, deb, deb_fs) to the functions. As always, feedback welcome :) Thanks, Michael From 6db400f2d938dc967e657d29e483420636d5080d Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Wed, 20 Aug 2014 14:13:29 +0200 Subject: [PATCH] use new struct debsig_ctx instead of a global state --- Makefile| 4 +-- ar-parse.c | 20 +++--- debsig-verify.c | 82 ++--- debsig.h| 15 --- gpg-parse.c | 16 +-- misc.c | 4 +-- 6 files changed, 71 insertions(+), 70 deletions(-) diff --git a/Makefile b/Makefile index 2dc0256..6a72b72 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ CC = gcc -CFLAGS = -Wall -Wextra -g -O2 +DS_CFLAGS = -Wall -Wextra -g3 -O2 #TESTING=1 @@ -31,7 +31,7 @@ MANPAGES = debsig-verify.1 all: $(PROGRAM) $(MANPAGES) $(PROGRAM): $(OBJS) - $(CC) $(MK_CFLAGS) $(CFLAGS) $(OBJS) $(MK_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(MK_CFLAGS) $(DS_CFLAGS) $(OBJS) $(MK_LDFLAGS) $(LDFLAGS) -o $@ install: all install -d -m755 $(DESTDIR)/usr/bin diff --git a/ar-parse.c b/ar-parse.c index 5ff558a..8138e55 100644 --- a/ar-parse.c +++ b/ar-parse.c @@ -39,7 +39,7 @@ * nothing important is going to be zero length anyway, so we treat it as * non-existant. */ off_t -findMember(const char *deb, const char *name, FILE *deb_fs) +findMember(const struct debsig_ctx *ds_ctx, const char *name) { char magic[SARMAG+1]; struct ar_hdr arh; @@ -53,12 +53,14 @@ findMember(const char *deb, const char *name, FILE *deb_fs) } /* This shouldn't happen, but... */ -if (deb_fs == NULL) +if (ds_ctx == NULL) + ds_fail_printf(DS_FAIL_INTERNAL, findMember: called while ds_ctx == NULL); +if (ds_ctx-deb_fs == NULL) ds_fail_printf(DS_FAIL_INTERNAL, findMember: called while deb_fs == NULL); -rewind(deb_fs); +rewind(ds_ctx-deb_fs); -if (!fgets(magic,sizeof(magic),deb_fs)) +if (!fgets(magic,sizeof(magic), ds_ctx-deb_fs)) ds_fail_printf(DS_FAIL_INTERNAL, findMember: failure to read package (%s), strerror(errno)); @@ -68,9 +70,9 @@ findMember(const char *deb, const char *name, FILE *deb_fs) return 0; } -while(!feof(deb_fs)) { - if (fread(arh, 1, sizeof(arh),deb_fs) != sizeof(arh)) { - if (ferror(deb_fs)) +while(!feof(ds_ctx-deb_fs)) { + if (fread(arh, 1, sizeof(arh), ds_ctx-deb_fs) != sizeof(arh)) { + if (ferror(ds_ctx-deb_fs)) ds_fail_printf(DS_FAIL_INTERNAL, findMember: error while parsing archive header (%s), strerror(errno)); return 0; @@ -80,7 +82,7 @@ findMember(const char *deb, const char *name, FILE *deb_fs) ds_fail_printf(DS_FAIL_INTERNAL, findMember: archive appears to be corrupt, fmag incorrect); dpkg_ar_normalize_name(arh); - mem_len = dpkg_ar_member_get_size(deb, arh); + mem_len = dpkg_ar_member_get_size(ds_ctx-deb, arh); /* * If all looks well, then we return the length of the member, and @@ -97,7 +99,7 @@ findMember(const char *deb, const char *name, FILE *deb_fs) return mem_len; /* fseek to the start of the next member, and try again */ - if (fseek(deb_fs, mem_len + (mem_len 1), SEEK_CUR) == -1 ferror(deb_fs)) + if (fseek(ds_ctx-deb_fs, mem_len + (mem_len 1), SEEK_CUR) == -1 ferror(ds_ctx-deb_fs)) ds_fail_printf(DS_FAIL_INTERNAL, findMember: error during file seek (%s), strerror(errno)); } diff --git a/debsig-verify.c b/debsig-verify.c index 069cc7c..f5042a2 100644 --- a/debsig-verify.c +++ b/debsig-verify.c @@ -41,7 +41,7 @@ char *ver_magic_member = debian-binary; char *ver_ctrl_members[] = { CTAR(), CTAR(.gz), CTAR(.xz), 0 }; char *ver_data_members[] = { DTAR(), DTAR(.gz), DTAR(.xz), DTAR(.bz2), DTAR(.lzma), 0 }; -static int checkSelRules(const char *originID, struct group *grp, const char *deb, FILE *deb_fs) { +static int checkSelRules(struct debsig_ctx *ds_ctx, struct group *grp) { int opt_count = 0; struct match *mtc; int len; @@ -53,8 +53,8 @@ static int checkSelRules(const char *originID, struct group *grp, const char *de /* If we have an ID for this match, check to make sure it exists, and * matches the signature we are about to check. */ if (mtc-id) { -char *m_id = getKeyID(originID, mtc); -char *d_id = getSigKeyID(deb, mtc-name); +char *m_id = getKeyID(ds_ctx-originID, mtc); +char *d_id = getSigKeyID(ds_ctx, mtc-name); if (m_id == NULL || d_id == NULL || strcmp(m_id, d_id)) return 0; } @@ -64,7 +64,7 @@ static int checkSelRules(const char *originID, struct group *grp, const char *de * specified, don't we? */ -len = checkSigExist(deb, mtc-name, deb_fs); +len = checkSigExist(ds_ctx, mtc-name
Bug#758525: Acknowledgement ([patch] Please allow a alternative policy directory)
My previous patch contained a missing instance of DEBSIG_KEYRINGS_FMT, I'm sorry for that. Attached is a updated version. From f2e7429cbc583d878f369498984729c7dc67126b Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Mon, 18 Aug 2014 15:55:41 +0200 Subject: [PATCH] Add a new --rootdir commandline option to allow a different rootdir This option allows to verify against a alternative policy location. Useful for testing or verification as non-root user. --- debian/changelog | 6 ++ debsig-verify.c | 13 ++--- debsig.h | 5 +++-- gpg-parse.c | 4 ++-- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8967e8d..2d5aca1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +debsig-verify (0.10.1) UNRELEASED; urgency=low + + * add --rootdir option to use a alternative root directory + + -- Michael Vogt michael.v...@ubuntu.com Mon, 18 Aug 2014 15:41:53 +0200 + debsig-verify (0.10) unstable; urgency=low * Add exit status codes to the man page. diff --git a/debsig-verify.c b/debsig-verify.c index a09f534..4319caf 100644 --- a/debsig-verify.c +++ b/debsig-verify.c @@ -34,6 +34,7 @@ #include debsig.h char originID[2048]; +char *rootdir = ; char *deb = NULL; FILE *deb_fs = NULL; @@ -286,7 +287,8 @@ Usage: %s [ options ] deb\n\n\ 'Selection' block of the policies only.\n\ --use-policy name Used in conjunction with the above\n\ option. This allows you to specify the\n\ - short name of the policy you wish to try.\n, + short name of the policy you wish to try.\n\ + --rootdir dir Use a alternative root directory for policy lookup\n, dpkg_get_progname()); exit(1); } @@ -347,6 +349,12 @@ int main(int argc, char *argv[]) { ds_printf(DS_LEV_ERR, --use-policy requires an argument); outputUsage(); } + } else if (!strcmp(argv[i], --rootdir)) { + rootdir = argv[++i]; + if (i == argc || rootdir[0] == '-') { + ds_printf(DS_LEV_ERR, --rootdir requires an argument); + outputUsage(); + } } else outputUsage(); } @@ -371,8 +379,7 @@ int main(int argc, char *argv[]) { strncpy(originID, tmpID, sizeof(originID)); /* Now we have an ID, let's check the policy to use */ - -snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, originID); +snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, rootdir, originID); if ((pd = opendir(buf)) == NULL) ds_fail_printf(DS_FAIL_UNKNOWN_ORIGIN, Could not open Origin dir %s: %s\n, buf, strerror(errno)); diff --git a/debsig.h b/debsig.h index 3c492b0..1b81681 100644 --- a/debsig.h +++ b/debsig.h @@ -17,8 +17,8 @@ * along with this program. If not, see https://www.gnu.org/licenses/. */ -#define DEBSIG_POLICIES_DIR_FMT DEBSIG_POLICIES_DIR/%s -#define DEBSIG_KEYRINGS_FMT DEBSIG_KEYRINGS_DIR/%s/%s +#define DEBSIG_POLICIES_DIR_FMT %sDEBSIG_POLICIES_DIR/%s +#define DEBSIG_KEYRINGS_FMT %sDEBSIG_KEYRINGS_DIR/%s/%s #define GPG_PROG /usr/bin/gpg @@ -93,3 +93,4 @@ extern int ds_debug_level; extern FILE *deb_fs; extern char *deb; extern char originID[]; +extern char *rootdir; diff --git a/gpg-parse.c b/gpg-parse.c index bae2181..ab450af 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -56,7 +56,7 @@ char *getKeyID (const struct match *mtc) { gpg_init(); snprintf(buf, sizeof(buf) - 1, GPG_PROG GPG_ARGS_FMT --list-packets -q DEBSIG_KEYRINGS_FMT, - GPG_ARGS, originID, mtc-file); + GPG_ARGS, rootdir, originID, mtc-file); if ((ds = popen(buf, r)) == NULL) { perror(gpg); @@ -180,7 +180,7 @@ int gpgVerify(const char *data, struct match *mtc, const char *sig) { gpg_init(); -snprintf(keyring, sizeof(keyring) - 1, DEBSIG_KEYRINGS_FMT, originID, mtc-file); +snprintf(keyring, sizeof(keyring) - 1, DEBSIG_KEYRINGS_FMT, rootdir, originID, mtc-file); if (stat(keyring, st)) { ds_printf(DS_LEV_DEBUG, gpgVerify: could not stat %s, keyring); return 0; -- 2.0.0.rc0
Bug#758615: [patch] more error handling remove global state
Package: debsig-verify Version: 0.10 Hello, because we want to use debsig-verify as part of the click project I asked the ubuntu security team for a quick code review [1]. There were some issues raised, notably that some error checks are missing and that the use of the global state. Attached are two patches that add some additional error checking. I also started with the removal of the global state (attached as well). However it is not very elegant and I wonder if it would make more sense to have a struct ds_ctx { char *deb, FILE *deb_fs, char *originID } that is passed around as the context instead of my current approach. And please let me know if you prefer a different workflow for (many) patches like this, I can also publish my git branch somewhere if that is easier for you. Feedback/review welcome! Thanks, Michael [1] https://bugs.launchpad.net/ubuntu/+source/debsig-verify/+bug/1358272/comments/2 From 8b89723dc6618d2718b4fa83d01c5df03ac83fca Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Tue, 19 Aug 2014 10:09:24 +0200 Subject: [PATCH 1/5] add error checking on fork() --- gpg-parse.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/gpg-parse.c b/gpg-parse.c index ab450af..14a9175 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -20,7 +20,7 @@ /* * routines to parse gpg output */ - +#include errno.h #include stdio.h #include string.h #include sys/types.h @@ -120,7 +120,10 @@ char *getSigKeyID (const char *deb, const char *type) { (ds_write = fdopen(pwrite[1], w)) == NULL) ds_fail_printf(DS_FAIL_INTERNAL, error opening file stream for gpg); -if (!(pid = fork())) { +pid = fork(); +if(pid 0) + ds_fail_printf(DS_FAIL_INTERNAL, failed to fork (errno %s), strerror(errno)); +if (pid == 0) { /* Here we go */ dup2(pread[1],1); close(pread[0]); close(pread[1]); dup2(pwrite[0],0); close(pwrite[0]); close(pwrite[1]); @@ -186,7 +189,10 @@ int gpgVerify(const char *data, struct match *mtc, const char *sig) { return 0; } -if (!(pid = fork())) { +pid = fork(); +if(pid 0) + ds_fail_printf(DS_FAIL_INTERNAL, failed to fork (%s), strerror(errno)); +if (pid == 0) { if (DS_LEV_DEBUG ds_debug_level) { close(0); close(1); close(2); } -- 2.0.0.rc0 From 8bc395f20d958cde6bf079d130a3de7118a922d5 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Tue, 19 Aug 2014 10:30:20 +0200 Subject: [PATCH 2/5] add error/eof checking into getSigKeyID() --- gpg-parse.c | 16 ++-- 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/gpg-parse.c b/gpg-parse.c index 14a9175..e051519 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -98,13 +98,13 @@ char *getKeyID (const struct match *mtc) { } char *getSigKeyID (const char *deb, const char *type) { -static char buf[2048]; +char buf[2048]; int pread[2], pwrite[2], t; -off_t len = checkSigExist(type); pid_t pid; FILE *ds_read, *ds_write; char *c, *ret = NULL; +off_t len = checkSigExist(type); if (!len) return NULL; @@ -134,15 +134,19 @@ char *getSigKeyID (const char *deb, const char *type) { /* First, let's feed gpg our signature. Don't forget, our call to * checkSigExist() above positioned the deb_fs file pointer already. */ -t = fread(buf, 1, sizeof(buf), deb_fs); -while(len 0) { +do { + t = fread(buf, 1, sizeof(buf), deb_fs); + if (ferror(deb_fs)) + ds_fail_printf(DS_FAIL_INTERNAL, getSigKeyID: error reading signature (%s), + strerror(errno)); + if (t len) fwrite(buf, 1, len, ds_write); else fwrite(buf, 1, t, ds_write); len -= t; - t = fread(buf, 1, sizeof(buf), deb_fs); -} +} while(len 0 || !feof(deb_fs)); + if (ferror(ds_write)) ds_fail_printf(DS_FAIL_INTERNAL, error writing to gpg); fclose(ds_write); -- 2.0.0.rc0 From 3096b1471e3248b09d4d5eaec618a1002e6acf8c Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Tue, 19 Aug 2014 10:44:58 +0200 Subject: [PATCH 3/5] remove global *deb var --- ar-parse.c | 2 +- debsig-verify.c | 23 +++ debsig.h| 4 ++-- gpg-parse.c | 2 +- misc.c | 4 ++-- 5 files changed, 17 insertions(+), 18 deletions(-) diff --git a/ar-parse.c b/ar-parse.c index 477bf15..5146491 100644 --- a/ar-parse.c +++ b/ar-parse.c @@ -39,7 +39,7 @@ * nothing important is going to be zero length anyway, so we treat it as * non-existant. */ off_t -findMember(const char *name) +findMember(const char *deb, const char *name) { char magic[SARMAG+1]; struct ar_hdr arh; diff --git a/debsig-verify.c b/debsig-verify.c index 6adf7a9..33aaa1a 100644 --- a/debsig-verify.c +++ b/debsig-verify.c @@ -36,7 +36,6 @@ char originID[2048]; char *rootdir = ; -char *deb = NULL; FILE *deb_fs = NULL; #define CTAR(x) control.tar # x @@ -68,7 +67,7 @@ static
Bug#756357: squid-deb-proxy: refresh_pattern for .tar.xz and .tar.bz2
On Tue, Jul 29, 2014 at 12:34:00AM -0700, Vagrant Cascadian wrote: Package: squid-deb-proxy Version: 0.8.8 Severity: wishlist Tags: patch Thanks for your bugreport and your patch. I added this to the bzr tree and it will be part of the next upload. Thanks, Michael squid-deb-proxy.conf sets a refresh_pattern on .tar.gz files, and it seems like it should also do so with .tar.xz and .tar.bz2 files as well, as these are now used by many source packages both upstream and within Debian. --- squid-deb-proxy.conf.dpkg-dist2014-07-18 04:25:52.0 -0700 +++ squid-deb-proxy.conf 2014-07-29 00:10:59.114247495 -0700 @@ -54,6 +54,8 @@ refresh_pattern deb$ 129600 100% 129600 refresh_pattern udeb$ 129600 100% 129600 refresh_pattern tar.gz$ 129600 100% 129600 +refresh_pattern tar.xz$ 129600 100% 129600 +refresh_pattern tar.bz2$ 129600 100% 129600 # always refresh Packages and Release files refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims live well, vagrant -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (120, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 armhf Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid-deb-proxy depends on: ii debconf [debconf-2.0] 1.5.53 ii squid3 3.3.8-1.1+b1 Versions of packages squid-deb-proxy recommends: ii avahi-utils 0.6.31-4 squid-deb-proxy suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#758525: [patch] Please allow a alternative policy directory
Package: debsig-verify Version: 0.10 Hello, when I wrote a bunch of integration tests for a project that uses debsig-verify I noticed that it would be great to be able to use a alternative root directory to store my keyrings/policies so that my test setup can run entirely as a user. Attached is a patch that implements this via a new --rootdir option (similar to the dpkg --root option). Alternatively I could add a --keyring-dir and --policy-dir option if you prefer that. I couldn't find a test directory but I'm happy to add a integration test for this new feature (as its exactly what its meant for :). The man-page update is also missing but I'm happy to add that too if you are fine with the general idea. Thanks, Michael From da91646d4e910360eced3650732e4d2cdcd72296 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Mon, 18 Aug 2014 15:55:41 +0200 Subject: [PATCH] Add a new --rootdir commandline option to allow a different rootdir This option allows to verify against a alternative policy location. Useful for testing or verification as non-root user. --- debian/changelog | 6 ++ debsig-verify.c | 13 ++--- debsig.h | 5 +++-- gpg-parse.c | 2 +- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8967e8d..2d5aca1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +debsig-verify (0.10.1) UNRELEASED; urgency=low + + * add --rootdir option to use a alternative root directory + + -- Michael Vogt michael.v...@ubuntu.com Mon, 18 Aug 2014 15:41:53 +0200 + debsig-verify (0.10) unstable; urgency=low * Add exit status codes to the man page. diff --git a/debsig-verify.c b/debsig-verify.c index a09f534..4319caf 100644 --- a/debsig-verify.c +++ b/debsig-verify.c @@ -34,6 +34,7 @@ #include debsig.h char originID[2048]; +char *rootdir = ; char *deb = NULL; FILE *deb_fs = NULL; @@ -286,7 +287,8 @@ Usage: %s [ options ] deb\n\n\ 'Selection' block of the policies only.\n\ --use-policy name Used in conjunction with the above\n\ option. This allows you to specify the\n\ - short name of the policy you wish to try.\n, + short name of the policy you wish to try.\n\ + --rootdir dir Use a alternative root directory for policy lookup\n, dpkg_get_progname()); exit(1); } @@ -347,6 +349,12 @@ int main(int argc, char *argv[]) { ds_printf(DS_LEV_ERR, --use-policy requires an argument); outputUsage(); } + } else if (!strcmp(argv[i], --rootdir)) { + rootdir = argv[++i]; + if (i == argc || rootdir[0] == '-') { + ds_printf(DS_LEV_ERR, --rootdir requires an argument); + outputUsage(); + } } else outputUsage(); } @@ -371,8 +379,7 @@ int main(int argc, char *argv[]) { strncpy(originID, tmpID, sizeof(originID)); /* Now we have an ID, let's check the policy to use */ - -snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, originID); +snprintf(buf, sizeof(buf) - 1, DEBSIG_POLICIES_DIR_FMT, rootdir, originID); if ((pd = opendir(buf)) == NULL) ds_fail_printf(DS_FAIL_UNKNOWN_ORIGIN, Could not open Origin dir %s: %s\n, buf, strerror(errno)); diff --git a/debsig.h b/debsig.h index 3c492b0..1b81681 100644 --- a/debsig.h +++ b/debsig.h @@ -17,8 +17,8 @@ * along with this program. If not, see https://www.gnu.org/licenses/. */ -#define DEBSIG_POLICIES_DIR_FMT DEBSIG_POLICIES_DIR/%s -#define DEBSIG_KEYRINGS_FMT DEBSIG_KEYRINGS_DIR/%s/%s +#define DEBSIG_POLICIES_DIR_FMT %sDEBSIG_POLICIES_DIR/%s +#define DEBSIG_KEYRINGS_FMT %sDEBSIG_KEYRINGS_DIR/%s/%s #define GPG_PROG /usr/bin/gpg @@ -93,3 +93,4 @@ extern int ds_debug_level; extern FILE *deb_fs; extern char *deb; extern char originID[]; +extern char *rootdir; diff --git a/gpg-parse.c b/gpg-parse.c index bae2181..f28a5b5 100644 --- a/gpg-parse.c +++ b/gpg-parse.c @@ -56,7 +56,7 @@ char *getKeyID (const struct match *mtc) { gpg_init(); snprintf(buf, sizeof(buf) - 1, GPG_PROG GPG_ARGS_FMT --list-packets -q DEBSIG_KEYRINGS_FMT, - GPG_ARGS, originID, mtc-file); + GPG_ARGS, rootdir, originID, mtc-file); if ((ds = popen(buf, r)) == NULL) { perror(gpg); -- 2.0.0.rc0
Bug#755088: please show removals *last* in dist-upgrade
On Thu, Jul 17, 2014 at 12:28:09PM -0400, Joey Hess wrote: Package: apt Version: 1.0.5 Severity: wishlist Thanks for your bugreport. Many of apt's users are human, and thus prone to making mistakes. A common mistake seems to be running apt-get dist-upgrade and not noticing that it wants to remove your backup system and/or terminal emulator and/or steam. Or not noticing that it wants to install horrible-enormous-thing and/or steam. It doesn't help that the message about this is buried in the middle of masses of other data that are liable to be skimmed at best, and scroll right off the terminal at worst. [..] So, I suggest sorting the output with the most important items last, to go with the UPPERCASE highlighting apt already gives them. This is a excellent idea! Attached is a patch that implements it as the new default for apt. As for apt-get I am a little bit concerned that changing this breaks some peoples workflow. So maybe switching the default for apt-get in 1.2? Or am I too conservative here :) ? Cheers, Michael diff --git a/apt-private/private-install.cc b/apt-private/private-install.cc index e08cd80..58639b2 100644 --- a/apt-private/private-install.cc +++ b/apt-private/private-install.cc @@ -61,19 +61,33 @@ bool InstallPackages(CacheFile Cache,bool ShwKept,bool Ask, bool Safety) bool Fail = false; bool Essential = false; - // Show all the various warning indicators - ShowDel(c1out,Cache); - ShowNew(c1out,Cache); - if (ShwKept == true) - ShowKept(c1out,Cache); - Fail |= !ShowHold(c1out,Cache); - if (_config-FindB(APT::Get::Show-Upgraded,true) == true) - ShowUpgraded(c1out,Cache); + // Show all the various warning indicators in the users prefered way + std::vectorstd::string StatsOrder = _config-FindVector( + APT::Cmd::Stats-Order, remove,new,keep,hold,upgrade,stats); + for(std::vectorstd::string::const_iterator I = StatsOrder.begin(); + I != StatsOrder.end(); ++I) + { + if(*I == remove) + ShowDel(c1out,Cache); + else if (*I == new) + ShowNew(c1out,Cache); + else if (*I == keep) + { + if (ShwKept == true) +ShowKept(c1out,Cache); + } else if (*I == hold) + Fail |= !ShowHold(c1out,Cache); + else if (*I == upgrade) + { + if (_config-FindB(APT::Get::Show-Upgraded,true) == true) +ShowUpgraded(c1out,Cache); + } else if (*I == stats) + Stats(c1out,Cache); + } Fail |= !ShowDowngraded(c1out,Cache); if (_config-FindB(APT::Get::Download-Only,false) == false) -Essential = !ShowEssential(c1out,Cache); + Essential = !ShowEssential(c1out,Cache); Fail |= Essential; - Stats(c1out,Cache); // Sanity check if (Cache-BrokenCount() != 0) diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 2cfdf8e..329c33d 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -117,6 +117,8 @@ int main(int argc, const char *argv[]) /*{{{*/ _config-CndSet(Apt::Color, 1); _config-CndSet(APT::Get::Upgrade-Allow-New, true); _config-CndSet(APT::Cmd::Show-Update-Stats, true); + _config-CndSet(APT::Cmd::Stats-Order, + keep,hold,upgrade,new,remove,stats); // Parse the command line and initialize the package library CommandLine CmdL(Args.data(), _config); diff --git a/test/integration/test-apt-get-upgrade b/test/integration/test-apt-get-upgrade index 2344629..44f6a80 100755 --- a/test/integration/test-apt-get-upgrade +++ b/test/integration/test-apt-get-upgrade @@ -76,3 +76,28 @@ Conf new-dep (1.0 stable [all]) Conf upgrade-simple (2.0 unstable [all]) Conf upgrade-with-new-dep (2.0 unstable [all])' aptget -s dist-upgrade +# see if we can customize the order +testequal 'Reading package lists... +Building dependency tree... +The following packages will be upgraded: + upgrade-simple upgrade-with-conflict upgrade-with-new-dep +The following NEW packages will be installed: + new-dep +The following packages will be REMOVED: + conflicting-dep +3 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. +After this operation, 0 B of additional disk space will be used. +E: Trivial Only specified but this is not a trivial operation.' aptget --trivial-only dist-upgrade -o Apt::Cmd::Stats-Order=keep,hold,upgrade,new,remove,stats + +# the cmdline apt has a different default ordering +testequal 'Reading package lists... +Building dependency tree... +The following packages will be upgraded: + upgrade-simple upgrade-with-conflict upgrade-with-new-dep +The following NEW packages will be installed: + new-dep +The following packages will be REMOVED: + conflicting-dep +3 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. +After this operation, 0 B of additional disk space will be used. +E: Trivial Only specified but this is not a trivial operation.' apt --trivial-only full-upgrade
Bug#756056: apt(8) manpage: bad grammar in description of upgrade
On Fri, Jul 25, 2014 at 09:02:27PM +0200, Jakub Wilk wrote: Package: apt Version: 1.1~exp2 Severity: minor Thanks a bunch! The apt(8) manpage reads: New package will be installed, but existing package will never removed. It should be s/will never/will be never/. Perhaps also s/package/packages/g. This is fixed in git now and it will be part of the next upload! Thanks again, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756162: nonexistent target release makes apt update segfault
On Sun, Jul 27, 2014 at 01:10:19AM +0200, Jakub Wilk wrote: Package: apt Version: 1.0.6 Thanks for your bugreport. # apt -t moostable update Hit http://ftp.debian.org unstable InRelease Hit http://ftp.debian.org experimental InRelease Hit http://ftp.debian.org unstable/main amd64 Packages/DiffIndex Hit http://ftp.debian.org experimental/main amd64 Packages/DiffIndex Reading package lists... Done Segmentation fault I wasn't able to reproduce this crash. Could you please try to get a gdb backtrace, ideally from the apt build tree and attach it to the bugreport? Thanks a bunch, Michael -- Package-specific info: -- (no /etc/apt/preferences present) -- -- /etc/apt/sources.list -- deb http://ftp.debian.org/debian/ unstable main deb http://ftp.debian.org/debian/ experimental main -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.18-2 ii libapt-pkg4.12 1.0.6 ii libc6 2.19-7 ii libgcc1 1:4.9.1-2 ii libstdc++6 4.9.1-2 -- Jakub Wilk -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140726231019.ga7...@jwilk.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#756200: apt: [INTL:pt] Updated Portuguese translation of manpage
On Sun, Jul 27, 2014 at 02:17:27PM +0100, Américo Monteiro wrote: Package: apt Version: 1.0.6 Tags: l10n, patch Severity: wishlist Updated Portuguese translation for apt's manpage. Translator: Américo Monteiro a_monte...@gmx.com Feel free to use it. For translation updates please contact 'Last Translator' or the Portuguese Translation Team traduz _at_ debianpt.org. Thanks a bunch! Merged into git and it will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#755874: gobject-introspection: [patch] use multi-arch pathes for the .typelib files
Package: gobject-introspection Version: 1.40.0-1ubuntu0.1 Severity: wishlist Tags: patch Hello, to install a cross build environment it would be great if the typelibs could be co-installed in a multiarch environment. Right now all foo-dev packages depend on gir1.2-foo. So when trying to install foo-dev for cross-building that won't work because the gir1.2-foo is not multi-arch ready. The attached patch moves gobject-introspection to multiarch triplet pathes, adds compatiblity for the old path and updates dh_girepository to look at both the new and old path. This part could probably do with a review of someone more familiar with perl than I am :) With this change most packages that ship a gir1.2-* package need a small change to their debian/gir1.2-foo.install file: - usr/lib/girepository-1.0/* + usr/lib/*/girepository-1.0/* Without they will fail to build. Here is a draft announcement: Dear developers, we would like to move the gnome introspection typelib data from /usr/lib/girepository-1.0 to /usr/lib/triplet/girepository-1.0 so that we can install them in parallel on a multiarch system. A updated version of gobject-introspection is ready in experimental that will look into the new multiarch path and have the old path as a fallback. But because the pkg-config libdir is now also a multiarch path most gir1.2-* packages need adjustments to their debian/install file(s). The change is straightforward, just change your debian/install file: - usr/lib/girepository-1.0/* + usr/lib/*/girepository-1.0/* because the typelib files are now in e.g. /usr/lib/x86_64-linux-gnu. Thanks, Thanks for your consideration! Michael -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-32-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gobject-introspection depends on: ii build-essential11.6ubuntu6 ii libc6 2.19-0ubuntu6 ii libffi63.1~rc1+r3.0.13-12 ii libgirepository-1.0-1 1.40.0-1ubuntu0.1 ii libglib2.0-0 2.40.0-2 ii python-mako0.9.1-1 ii python2.7 2.7.6-8 pn python:any none gobject-introspection recommends no packages. gobject-introspection suggests no packages. -- no debconf information diff -Nru gobject-introspection-1.40.0/debian/dh_girepository gobject-introspection-1.40.0/debian/dh_girepository --- gobject-introspection-1.40.0/debian/dh_girepository 2011-12-01 22:22:10.0 +0100 +++ gobject-introspection-1.40.0/debian/dh_girepository 2014-07-23 17:07:14.0 +0200 @@ -75,8 +75,12 @@ my $bin_version = $dh{VERSION}; my @archpackages = getpackages(arch); +my $triplet = `dpkg-architecture -qDEB_HOST_MULTIARCH`; +chomp $triplet; +my $typelib_multiarch_path = /usr/lib/$triplet/girepository-1.0; my $typelib_path = /usr/lib/girepository-1.0; -my @typelibdirs = (@ARGV, $typelib_path); + +my @typelibdirs = (@ARGV, $typelib_path, $typelib_multiarch_path); my $gir_path = /usr/share/gir-1.0; my @girdirs = (@ARGV, $gir_path); my $arch_triplet = `dpkg-architecture -qDEB_HOST_MULTIARCH`; @@ -146,28 +150,31 @@ sub require_typelib { my $req = shift; my $package = shift; -my $fullpath = $typelib_path/$req; +my $fullpath = ; +foreach my $typelibdir (@typelibdirs) { +$fullpath = $typelibdir/$req; -verbose_print (Dependency: $req); -foreach my $girdir (@girdirs) { -if (-f tmpdir($package).$girdir/$req) { -verbose_print( found in the same package); -return; +verbose_print (Dependency: $req); +foreach my $girdir (@girdirs) { +if (-f tmpdir($package).$girdir/$req) { +verbose_print( found in the same package); +return; +} } -} -foreach my $otherpkg (@archpackages) { -if (-f tmpdir($otherpkg).$fullpath) { -verbose_print ( found in $otherpkg); -error(Dependency on $otherpkg with a different format than $format) unless $otherpkg =~ /^gir$format/; -addsubstvar ($package, gir:Depends, $otherpkg, = $bin_version); -return; +foreach my $otherpkg (@archpackages) { +if (-f tmpdir($otherpkg).$fullpath) { +verbose_print ( found in $otherpkg); +error(Dependency on $otherpkg with a different format than $format) unless $otherpkg =~ /^gir$format/; +addsubstvar ($package, gir:Depends, $otherpkg, = $bin_version); +return; +} } -} -foreach my $privpath (@privdirs) { -if (-f $privpath/$req) { -verbose_print ( found in $privpath); -$fullpath = $privpath/$req; -
Bug#755389: synaptic: List remaining files for package Not installed (residual config)
On Sun, Jul 20, 2014 at 11:19:06AM +0200, Christophe wrote: Package: synaptic Version: 0.81.2 Severity: wishlist Tags: upstream Thanks for your bugreport. After un-installing some packages, they end up in the Not installed (residual config) state. In general case, this is ok as is and we can mark them for complete removal, but in some case it would be interresting first to be able to check the files that remains, so we can cross-check them before removal (my current use case being the package sysvinit-core for which I would like to be sure it is not linked to some customised stuff that I need to port to systemd's config). Would it be thinkable to list these files in the package - Property - Installed Files tab, or something similar? It should display the leftover files already when there are any. However it seems that dpkg marks quite a few packages with Status: deinstall ok config-files even if there are no config files left. I see this on my box for e.g. abiword which afaict from a quick glance at various old version never had a config files. This sounds like something to talk to dpkg about. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754817: apt-doc: [INTL:ja] New Japanese document translation
On Tue, Jul 15, 2014 at 01:15:04AM +0900, victory wrote: Package: apt-doc Version: 1.0.6 Severity: wishlist Tags: patch l10n Dear apt package maintainer, Here's Japanese document translation (ja.po) file that reviewed by several Japanese Debian developers and users. Could you apply it, please? Thanks a bunch! I added it to git and it will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754904: apt-get install /dev/null segfaults
On Tue, Jul 15, 2014 at 09:26:31PM +0200, Jakub Wilk wrote: Package: apt Version: 1.1~exp2 Severity: minor Thanks for your bugreport. # apt-get install -qq /dev/null Segmentation fault It would be nice if apt could print a helpful error message instead of segfaulting. For example, this is what dpkg says: # dpkg -i /dev/null dpkg-deb: error: `/dev/null' is not a debian format archive dpkg: error processing archive /dev/null (--install): subprocess dpkg-deb --control returned error exit status 2 Errors were encountered while processing: /dev/null This is fixed in git now. Cheers, Michael -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.18-2 ii libapt-pkg4.13 1.1~exp2 ii libc6 2.19-7 ii libgcc1 1:4.9.0-10 ii libstdc++6 4.9.0-10 -- Jakub Wilk -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140715192630.ga9...@jwilk.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#742882: apt: Does not support LFS .deb packages on 32-bit systems
On Sat, Jul 05, 2014 at 01:17:24AM +0200, Guillem Jover wrote: [..] Ok, here's a first rough go at a patch. It breaks ABI, and just noticed an ABI breaking release was recently uploaded to experimental. :( Just wanted to publish it for now, in case your policy allows to merge this in the ABI breaking release. Otherwise I could rework it to stage the change in preprocessor macros in a similar way as how you seem to handle these. I've only test-built it though. Thanks a bunch. This looks good! I updated the version of libapt-inst to 1.6 in the branch as well. Breaking the ABI is ok at this point because the package has only reached experimental so far. python-apt is now updated too so that is uses the new long long in Process() and the testsuite is also happy, so all appears to be well :) Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Sun, Jul 06, 2014 at 01:05:16PM +0200, Cédric Barboiron wrote: On Thu, 3 Jul 2014 08:59:57 +0200 [..] Hi Michael, and thanks for your answer. The use-case was indeed to disable the bin cache. Your patch is a good protection against misreading the manual. Btw, I tried with '/dev/null' only because it is handled differently in configuration.cc, I don't think it's useful to protect against this. For the manpage, I believe changing their names and empty string to the actual values would be clear enough (attached patch). Great, that looks good! Your patch (and the patch to error when cleaning /) is now part of the debian/sid branch and it will be part of the next upload. Thanks for your help with making the documentation better! Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754124: Error in `apt-extracttemplates': double free or corruption (fasttop)
On Mon, Jul 07, 2014 at 08:20:41PM +0200, Jakub Wilk wrote: Package: apt-utils Version: 1.1~exp1 Severity: important Thanks for your bugreport. $ apt-extracttemplates -h apt 1.1~exp1 for i386 compiled on Jun 22 2014 10:39:33 Usage: apt-extracttemplates file1 [file2 ...] apt-extracttemplates is a tool to extract config and template info from debian packages Options: -h This help text -t Set the temp dir -c=? Read this configuration file -o=? Set an arbitrary configuration option, eg -o dir::cache=/tmp *** Error in `apt-extracttemplates': double free or corruption (fasttop): 0x08ddd8a8 *** Aborted I can reproduce the error in a clean debian/experimental environment when installing the packages from experimental. Turns out there is a (subtle) ABI break in libapt-inst, sorry for that. As a workaround, you could use the libapt-inst1.5 from experimental or wait a little bit and I will upload a fixed package to experimental. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754041: apt-get build-dep pkgname no longer secure when cwd=/tmp
On Sun, Jul 06, 2014 at 11:49:26PM +0200, Jakub Wilk wrote: Package: apt Version: 1.1~exp1 Severity: minor Tags: security Thanks for your bugreport. First of all, thanks for bringing new exciting features to apt! I'm afraid, however, that one of these features, namely * add support for apt-get build-dep unpacked-source-dir brought an unanticipated security regression. Consider the following command: # apt-get build-dep nyancat It used to be safe to execute it regardless of what your working directory was. But in apt_1.1~exp1, this is no longer secure if cwd is a world-writable, for example /tmp. A local malicious user could create crafted /tmp/nyancat/debian/control, tricking apt into installing packages of their choice. Or they could symlink /tmp/nyancat/debian/control to /dev/urandom... Good point, thanks a lot for bring this to our attention. I changed the code now so that it prints when using a file/directory so that the user is aware of it (as suggested by David). And as you suggested it now enforces that it needs a path starting with ./ or /. Thanks, Michael -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.18-1 ii libapt-pkg4.13 1.1~exp1 ii libc6 2.19-4 ii libgcc1 1:4.9.0-10 ii libstdc++6 4.9.0-10 -- Jakub Wilk -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140706214926.ga8...@jwilk.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#753297: apt list --upgradable gives lot of false positives
On Mon, Jun 30, 2014 at 03:27:01PM +0530, shirish शिरीष wrote: Package: apt Version: 1.0.5 Severity: normal Thanks for your bugreport. [..] apt list --upgradable gives lot of false positives. I did a run of index update and it said :- Reading package lists... Done Building dependency tree Reading state information... Done 25 packages can be upgraded. Run 'apt list --upgradable' to see them. But running the command itself gave lot of false positives. [..] $ apt list --upgradable Listing... Done advancecomp/testing,now 1.16-1 amd64 [installed,upgradable to: 1.16-1] aegisub/testing,now 3.0.4-2+b1 amd64 [installed,upgradable to: 3.0.4-2+b1] alsa-base/testing,now 1.0.25+3 all [installed,upgradable to: 1.0.25+3] anacron/testing,now 2.3-20 amd64 [installed,upgradable to: 2.3-20] autoconf/testing,now 2.69-6 all [installed,upgradable to: 2.69-6] It is possible that it might be some configuration issue at my end, but still it would be nice if somebody can clarify. [..] I wasn't able to directly reproduce this, but I think the following commit fixes the false positives: http://anonscm.debian.org/gitweb/?p=apt/apt.git;a=commitdiff;h=7d1b93d94083a3856efc821bacd9e91f80bbf760 Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#752702: apt: please add a way to to retrieve the location of Packages/Sources files in /var/lib/apt/lists/
On Thu, Jun 26, 2014 at 11:13:28PM +0200, Johannes Schauer wrote: Hi, Hi, [..] I was thinking that it would nice if apt would provide an API to retrieve the location and properties of Packages and Sources files in /var/lib/apt/lists If apt had such an interface, then third party applications which make use of Packages and Sources files like dose3, ben and botch could directly make use of those files and the user would not have to retrieve them from somewhere else. `apt-cache dumpavail` doesnt work well here because it prints all available binary packages and doesnt allow to select a suite or distribution. It also doesnt allow listing source packages. [..] Ok, that is certainly doable, attached is a very simple patch that adds a local filename (abi break). I guess we probably want to return a struct instead that describes it a bit more. But as David points out, there are flat archives that are really just a Packages file with mixed architectures so its not always meaningful. Cheers, Michael You mentioned creating a mapping between sources.list and files in /var/lib/apt/lists. This could be one way to solve this but it would not be the only way. Here more detail about he use case: a 3rd party application (like botch or dose3 or ben) work on Packages and Sources files. If the user now wants to let Debian sid amd64 be analyzed by any of these utilities, then they first have to require Packages and Sources files for Debian sid amd64. They'd have to do that even though apt might already have usable ones in /var/lib/apt/lists. Unfortunately, as you already pointed out it is not safe to use anything in /var/lib/apt/lists yet. It would be nice if apt could be queried about the content of /var/lib/apt/lists so that 3rd party applications can then decide whether they can make use of those contents and can thus avoid extra downloads. I hope this makes more sense now? cheers, josch -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140626211328.3886.46854@hoothoot diff --git a/apt-pkg/deb/debindexfile.h b/apt-pkg/deb/debindexfile.h index 18322dc..266a1b7 100644 --- a/apt-pkg/deb/debindexfile.h +++ b/apt-pkg/deb/debindexfile.h @@ -51,6 +51,8 @@ class debStatusIndex : public pkgIndexFile bool Merge(pkgCacheGenerator Gen,OpProgress *Prog, unsigned long const Flag) const; virtual pkgCache::PkgFileIterator FindInCache(pkgCache Cache) const; + virtual std::string LocalFileName() const {return File;}; + debStatusIndex(std::string File); virtual ~debStatusIndex() {}; }; @@ -87,6 +89,8 @@ class debPackagesIndex : public pkgIndexFile virtual bool Merge(pkgCacheGenerator Gen,OpProgress *Prog) const; virtual pkgCache::PkgFileIterator FindInCache(pkgCache Cache) const; + virtual std::string LocalFileName() const {return IndexFile(Packages);}; + debPackagesIndex(std::string const URI, std::string const Dist, std::string const Section, bool const Trusted, std::string const Arch = native); virtual ~debPackagesIndex() {}; @@ -123,6 +127,8 @@ class debTranslationsIndex : public pkgIndexFile virtual bool Merge(pkgCacheGenerator Gen,OpProgress *Prog) const; virtual pkgCache::PkgFileIterator FindInCache(pkgCache Cache) const; + virtual std::string LocalFileName() const {return IndexFile(Language);}; + debTranslationsIndex(std::string URI,std::string Dist,std::string Section, char const * const Language); virtual ~debTranslationsIndex() {}; }; @@ -160,6 +166,8 @@ class debSourcesIndex : public pkgIndexFile virtual bool HasPackages() const {return false;}; virtual unsigned long Size() const; + virtual std::string LocalFileName() const {return IndexFile(Sources);}; + debSourcesIndex(std::string URI,std::string Dist,std::string Section,bool Trusted); virtual ~debSourcesIndex() {}; }; @@ -190,6 +198,8 @@ class debDebPkgFileIndex : public pkgIndexFile // Interface for acquire virtual std::string ArchiveURI(std::string /*File*/) const; + virtual std::string LocalFileName() const {return DebFile;}; + debDebPkgFileIndex(std::string DebFile); virtual ~debDebPkgFileIndex() {}; }; @@ -207,6 +217,7 @@ class debDscFileIndex : public pkgIndexFile virtual std::string Describe(bool /*Short*/) const { return DscFile; }; + virtual std::string LocalFileName() const {return DscFile;}; debDscFileIndex(std::string DscFile); virtual ~debDscFileIndex() {}; diff --git a/apt-pkg/indexfile.h b/apt-pkg/indexfile.h index 817165f..9a95725 100644 --- a/apt-pkg/indexfile.h +++ b/apt-pkg/indexfile.h @@ -95,6 +95,9 @@ class pkgIndexFile static std::string LanguageCode(); bool IsTrusted() const { return Trusted; }; + + // returns the path of the local file (or if its not available) + virtual std::string LocalFileName() const {return ;};
Bug#753531: apt-get clean executes 'rm /*' if Dir::Cache is set to
On Wed, Jul 02, 2014 at 09:41:07PM +0200, Cédric Barboiron wrote: Package: apt Version: 1.0.5 Severity: important Thanks for your bugreport. (warning: attached patch is not a solution, it is just intended to show the problem) Setting Dir::Cache::archives and Dir::Cache to the empty string (as instructed by man 5 apt.conf) do NOT disable cache but set it to '/'. Consequence: apt-get clean then effectively cleans '/' and removes all files here. Not true anymore but even worse, on squeeze it also removes the '/lib64' symlink, breaking the loader and preventing any new dynamically linked binary to be launched. This sounds like we want to improve the description of the apt.conf manpage. I assume your use-case was to disable the binary cache? Maybe you can suggest a way to make the description clearer to avoid the issue for others? As for protecting against this, I attached a patch that makes clean a bit more careful and fix the example where Dir::Cache::archives= is empty. But there is only so much we can do, e.g. if someone sets Dir::Cache=/vmlinuz its hard to have a programmatic way to detect that this is a bad idea. But I'm happy to protect against obvious ones (like Clean(/)). Cheers, Michael - - - all following tests done on debian testing, up to date on 2014-07-02 current result: debdev# cat apt.conf Dir::Cache ; Dir::Cache::archives ; debdev# touch /VERY_SECRET debdev# ls / bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var VERY_SECRET vmlinuz vmlinuz.old debdev# apt-get clean debdev# ls / bin boot dev etc home lib lib64 lock lost+found media mnt opt proc root run sbin srv sys tmp usr var reading source code (contrib/configuration.cc) instead of the man page of apt.conf: debdev# cat apt.conf Dir::Cache /dev/null; Dir::Cache::archives /dev/null; debdev# touch /VERY_SECRET debdev# ls / bin boot dev etc home lib lib64 lock lost+found media mnt opt proc root run sbin srv sys tmp usr var VERY_SECRET debdev# apt-get clean debdev# ls / bin boot dev etc home lib lib64 lock lost+found media mnt opt proc root run sbin srv sys tmp usr var VERY_SECRET expected result, BUT BUT BUT its not a good idea at all : debdev# cat /etc/apt/apt.conf Dir::Cache /dev/null; Dir::Cache::archives /dev/null; debdev# ls -l /dev/null crw-rw-rw- 1 root root 1, 3 Jul 2 20:11 /dev/null debdev# apt-get install libcaca Reading package lists... Error! E: Write error - write (28: No space left on device) E: Can't mmap an empty file E: Failed to truncate file - ftruncate (9: Bad file descriptor) E: The package lists or status file could not be parsed or opened. debdev# ls -l /dev/null -rw-r--r-- 1 root root 0 Jul 2 20:17 /dev/null debdev# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/debdev-root 95G 5.0G 85G 6% / udev 10M 10M 0 100% /dev tmpfs202M 200K 201M 1% /run tmpfs5.0M 0 5.0M 0% /run/lock tmpfs403M 0 403M 0% /run/shm /dev/sda1228M 80M 137M 37% /boot none 4.0K 0 4.0K 0% /sys/fs/cgroup and finally with attached patch (built without make test because it has other side-effects): debdev# cat /etc/apt/apt.conf Dir::Cache ; Dir::Cache::archives ; debdev# touch /MYTRALALA debdev# ls / bin dev home lib64 lost+found mntopt root sbin sys usr boot etc lib lock media MYTRALALA proc run srv tmp var debdev# apt-get clean E: Ignored empty string directory configuration (would have been expanded to '/' otherwise) debdev# ls / bin dev home lib64 lost+found mntopt root sbin sys usr boot etc lib lock media MYTRALALA proc run srv tmp var diff --git a/apt-pkg/contrib/configuration.cc b/apt-pkg/contrib/configuration.cc index 00f6ad0..3dd63aa 100644 --- a/apt-pkg/contrib/configuration.cc +++ b/apt-pkg/contrib/configuration.cc @@ -240,6 +240,11 @@ string Configuration::FindFile(const char *Name,const char *Default) const string Configuration::FindDir(const char *Name,const char *Default) const { string Res = FindFile(Name,Default); + if (Res == ) + { + _error-Error(_(Ignored empty string directory configuration (would have been expanded to '/' otherwise))); + return Res; + } if (Res.end()[-1] != '/') { size_t const found = Res.rfind(/dev/null); diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index fcbf20d..e30898c 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -607,8 +607,8 @@ DPkg::Pre-Install-Pkgs {/usr/sbin/dpkg-preconfigure --apt;}; paraliteralDir::Cache/literal
Bug#752327: apt: Passes full path to .deb to mkstemp
On Sun, Jun 22, 2014 at 06:25:12PM +0200, Axel Beckert wrote: Package: apt Version: 1.1~exp1 Severity: normal Thanks for your bugreport. first let me say Yay for apt install file.deb. We can finally get rid of gdebi! ;-) :) Playing around with this new feature, I ran into the following issue: # apt install /var/cache/apt/archives/bc_1.06.95-9_amd64.deb Reading package lists... Error! E: Unable to mkstemp /tmp/deb-file-/var/cache/apt/archives/bc_1.06.95-9_amd64.deb.dqKFUj - GetTempFile (2: No such file or directory) E: The package lists or status file could not be parsed or opened. I think, only the file name but not the full path should be passed to mkstemp. Yeah, thanks for reporting. Currently it can only install in cwd because of the issue you found and also because / is used as a commandline modified for normal packages. Attached is a patch that fixes it. It would be nice if David could have a look before I commit, I was pondering if the CacheSet should have a new ::FromFile() or something instead of putting it into VersionContainerInterface::FromString. Cheers, Michael diff --git a/apt-pkg/cacheset.cc b/apt-pkg/cacheset.cc index 5d7f285..346bad3 100644 --- a/apt-pkg/cacheset.cc +++ b/apt-pkg/cacheset.cc @@ -24,6 +24,7 @@ #include apt-pkg/depcache.h #include apt-pkg/macros.h #include apt-pkg/pkgcache.h +#include apt-pkg/fileutl.h #include stddef.h #include stdio.h @@ -445,6 +446,13 @@ bool VersionContainerInterface::FromString(VersionContainerInterface * const vci pkgCacheFile Cache, std::string pkg, Version const fallback, CacheSetHelper helper, bool const onlyFromName) { +PackageSet pkgset; +if(FileExists(pkg)) +{ +PackageContainerInterface::FromString(pkgset, Cache, pkg, helper); +return VersionContainerInterface::FromPackage(vci, Cache, pkgset.begin(), fallback, helper); +} + std::string ver; bool verIsRel = false; size_t const vertag = pkg.find_last_of(/=); @@ -453,7 +461,6 @@ bool VersionContainerInterface::FromString(VersionContainerInterface * const vci verIsRel = (pkg[vertag] == '/'); pkg.erase(vertag); } - PackageSet pkgset; if (onlyFromName == false) PackageContainerInterface::FromString(pkgset, Cache, pkg, helper); else { diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc index c1c2b72..5717b01 100644 --- a/apt-pkg/deb/debindexfile.cc +++ b/apt-pkg/deb/debindexfile.cc @@ -710,7 +710,7 @@ bool debDebPkgFileIndex::Merge(pkgCacheGenerator Gen, OpProgress* Prog) const ExecWait(Child, Popen); // now write the control data to a tempfile - SPtrFileFd DebControl = GetTempFile(deb-file- + DebFile); + SPtrFileFd DebControl = GetTempFile(deb-file- + flNotDir(DebFile)); if(DebControl == NULL) return false; DebControl-Write(buf, n);
Bug#705995: squid-deb-proxy: unowned files after purge (policy 6.8, 10.8): /etc/squid-deb-proxy/*.d/10-default
On Thu, Jun 19, 2014 at 02:44:48PM -0700, Vagrant Cascadian wrote: [..] The following patch should fix this, using the same variable names in postinst: [..] Though simply rm -f /etc/squid-deb-proxy/*.d/10-default would be simpler, at risk of deleting some randomly created file dropped in some other .d dir and happened to be named 10-default... Thanks a bunch! I merged the patch into my bzr tree and it will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Mon, Jun 16, 2014 at 11:18:27AM +0200, Jakub Wilk wrote: * Michael Vogt m...@debian.org, 2014-06-16, 09:35: + _error-Warning(_(The data from '%s' is not signed. All packages from + that repository can not be authenticated.), s/can not/cannot/ Also, All with a negated verb sounds awkward to me (but that may be due to my non-native-englishness). How about: No packages from that repository can be authenticated. or simply Packages from that repository cannot be authenticated. ? I like the second string, I updated my branch. Thanks! Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#751388: apt: Run 'apt list --upgradable' to see them. when no packages can be upgraded
On Thu, Jun 12, 2014 at 01:54:16PM +0200, Jakub Wilk wrote: Package: apt Version: 1.0.4 Severity: minor Thanks for your bugreport. apt update has just told me: 0 packages can be upgraded. Run 'apt list --upgradable' to see them. Technically this is true that I can run 'apt list --upgradable' to see all of the 0 packages that can be upgraded. But practically the advice to run it is a bit useless in this case. :-) Indeed, I changed that so that apt update not prints: All packages are up to date. when there are 0 upgradable packages. Cheers, Michael -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.14-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.16-1.1 ii libapt-pkg4.12 1.0.4 ii libc6 2.19-1 ii libgcc1 1:4.9.0-6 ii libstdc++6 4.9.0-6 -- Jakub Wilk -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140612115416.ga4...@jwilk.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Mon, Jun 16, 2014 at 02:58:28PM +0200, Christoph Anton Mitterer wrote: On Mon, 2014-06-16 at 09:35 +0200, Michael Vogt wrote: I think for the future we actually should not allow a apt-get update of untrusted repos without --allow-unauthenticated or [trusted=no]. But this will probably break some setups so we need to be careful and not rush it. And what about the setups, which assume secure data to be retrieved (as far as I can see the whole build stack of Debian), which is already broken now? Security is much more critical here then things continuing to work... if someone's setup really depend on not verifying integrity... he will immediately notice (and can add the flag),... but no one notices if his security is compromised by MitMs... :-( So I see not much of a reason to not implement that right away. Absolutely, security is (much!) more important. However with the fix that recently went into -security apt-get source foo will fail if foo comes from a not-authenticated source. What I wrote above is about not allowing apt-get update at all for unsigned repositories (unless --allow-unauthenticated is used). But maybe you are right and the warning that I added to git should be a error that tells the user to use --allow-unauthenticated if he/she really wants to use a repository that we can not authenticate. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Fri, May 30, 2014 at 03:21:20PM +0200, Michael Vogt wrote: [..] Hmm. There is no warning suggesting that anything fishy is going on, and the exit code indicates success. (Perhaps the Igns could raise suspicion of an observant sysadmin. But who knows what Ign exactly means? At least the apt-get(1) manpage doesn't know.) Right, I think apt should show a more prominent warning here. I will look into this next. [..] I create a git branch that shows a warning if it comes accross a unauthenticated repository: + _error-Warning(_(The data from '%s' is not signed. All packages from + that repository can not be authenticated.), + MetaIndexURIDesc.c_str()); I think for the future we actually should not allow a apt-get update of untrusted repos without --allow-unauthenticated or [trusted=no]. But this will probably break some setups so we need to be careful and not rush it. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote: Hi, apt: no authentication checks for source packages The Debian security team has assigned CVE-2014-0478 to this issue. APT developers: we should fix this in wheezy. Are you able to provide an update for wheezy for this issue? Yes, I will work on a backport for this today. As for squeeze, if it's not too much extra work it would be great if an update for squeeze was also possible. Perhaps it could also even include the fix for https://security-tracker.debian.org/tracker/CVE-2011-3634? I look into this too, I don't know yet how much extra work it is. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote: apt: no authentication checks for source packages The Debian security team has assigned CVE-2014-0478 to this issue. APT developers: we should fix this in wheezy. Are you able to provide an update for wheezy for this issue? [..] Attached is the fix for wheezy with a regression test, a additional test run is very welcome (works in my wheezy container both the testcase and a manual test when removing /var/lib/apt/lists/*Release*). Cheers, Michael diff -Nru apt-0.9.7.9+deb7u1/cmdline/apt-get.cc apt-0.9.7.9+deb7u2/cmdline/apt-get.cc --- apt-0.9.7.9+deb7u1/cmdline/apt-get.cc 2013-03-01 11:51:21.0 +0100 +++ apt-0.9.7.9+deb7u2/cmdline/apt-get.cc 2014-06-12 13:35:58.0 +0200 @@ -1046,25 +1046,8 @@ return true; } /*}}}*/ -// CheckAuth - check if each download comes form a trusted source /*{{{*/ -// - -/* */ -static bool CheckAuth(pkgAcquire Fetcher) +static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) { - string UntrustedList; - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I Fetcher.ItemsEnd(); ++I) - { - if (!(*I)-IsTrusted()) - { - UntrustedList += string((*I)-ShortDesc()) + ; - } - } - - if (UntrustedList == ) - { - return true; - } - ShowList(c2out,_(WARNING: The following packages cannot be authenticated!),UntrustedList,); if (_config-FindB(APT::Get::AllowUnauthenticated,false) == true) @@ -1073,6 +1056,9 @@ return true; } + if (PromptUser == false) + return _error-Error(_(Some packages could not be authenticated)); + if (_config-FindI(quiet,0) 2 _config-FindB(APT::Get::Assume-Yes,false) == false) { @@ -1090,6 +1076,27 @@ return _error-Error(_(There are problems and -y was used without --force-yes)); } /*}}}*/ +// CheckAuth - check if each download comes form a trusted source /*{{{*/ +// - +/* */ +static bool CheckAuth(pkgAcquire Fetcher, bool PromptUser=true) +{ + string UntrustedList; + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I Fetcher.ItemsEnd(); ++I) + { + if (!(*I)-IsTrusted()) + { + UntrustedList += string((*I)-ShortDesc()) + ; + } + } + + if (UntrustedList == ) + { + return true; + } + + return AuthPrompt(UntrustedList, PromptUser); +} // InstallPackages - Actually download and install the packages /*{{{*/ // - /* This displays the informative messages describing what is going to @@ -2483,6 +2490,7 @@ // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -2492,6 +2500,9 @@ delete[] Dsc; return _error-Error(_(Unable to find a source package for %s),Src.c_str()); } + + if (Last-Index().IsTrusted() == false) + UntrustedList += Src + ; string srec = Last-AsStr(); string::size_type pos = srec.find(\nVcs-); @@ -2576,6 +2587,10 @@ Last-Index().SourceInfo(*Last,*I),Src); } } + + // check authentication status of the source as well + if (UntrustedList != !AuthPrompt(UntrustedList, false)) + return false; // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); diff -Nru apt-0.9.7.9+deb7u1/debian/changelog apt-0.9.7.9+deb7u2/debian/changelog --- apt-0.9.7.9+deb7u1/debian/changelog 2013-11-16 12:47:12.0 +0100 +++ apt-0.9.7.9+deb7u2/debian/changelog 2014-06-12 13:22:44.0 +0200 @@ -1,3 +1,10 @@ +apt (0.9.7.9+deb7u2) wheezy; urgency=low + + * SECURITY UPDATE: apt-get source validation +- CVE-2014-0478 + + -- Michael Vogt m...@debian.org Thu, 12 Jun 2014 12:47:25 +0200 + apt (0.9.7.9+deb7u1) wheezy; urgency=low * Non-maintainer upload. diff -Nru apt-0.9.7.9+deb7u1/test/integration/framework apt-0.9.7.9+deb7u2/test/integration/framework --- apt-0.9.7.9+deb7u1/test/integration/framework 2013-03-01 11:51:21.0 +0100 +++ apt-0.9.7.9+deb7u2/test/integration/framework 2014-06-12 13:21:11.0 +0200 @@ -130,7 +130,7 @@ mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p var/cache var/lib var/log + mkdir -p var/cache var/lib var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt
Bug#749795: apt: no authentication checks for source packages
On Thu, Jun 12, 2014 at 11:44:20AM +0200, Thijs Kinkhorst wrote: [..] apt: no authentication checks for source packages The Debian security team has assigned CVE-2014-0478 to this issue. [..] As for squeeze, if it's not too much extra work it would be great if an update for squeeze was also possible. Perhaps it could also even include the fix for https://security-tracker.debian.org/tracker/CVE-2011-3634? Attached is the debdiff for squeeze. Additional testing welcome (work in my debian-squeeze environment). Cheers, Michael diff -Nru apt-0.8.10.3+squeeze1/cmdline/apt-get.cc apt-0.8.10.3+squeeze2/cmdline/apt-get.cc --- apt-0.8.10.3+squeeze1/cmdline/apt-get.cc2011-04-15 09:30:33.0 +0200 +++ apt-0.8.10.3+squeeze2/cmdline/apt-get.cc2014-06-12 15:03:48.0 +0200 @@ -959,25 +959,8 @@ return true; } /*}}}*/ -// CheckAuth - check if each download comes form a trusted source /*{{{*/ -// - -/* */ -static bool CheckAuth(pkgAcquire Fetcher) +static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) { - string UntrustedList; - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I Fetcher.ItemsEnd(); ++I) - { - if (!(*I)-IsTrusted()) - { - UntrustedList += string((*I)-ShortDesc()) + ; - } - } - - if (UntrustedList == ) - { - return true; - } - ShowList(c2out,_(WARNING: The following packages cannot be authenticated!),UntrustedList,); if (_config-FindB(APT::Get::AllowUnauthenticated,false) == true) @@ -986,6 +969,9 @@ return true; } + if (PromptUser == false) + return _error-Error(_(Some packages could not be authenticated)); + if (_config-FindI(quiet,0) 2 _config-FindB(APT::Get::Assume-Yes,false) == false) { @@ -1003,6 +989,27 @@ return _error-Error(_(There are problems and -y was used without --force-yes)); } /*}}}*/ +// CheckAuth - check if each download comes form a trusted source /*{{{*/ +// - +/* */ +static bool CheckAuth(pkgAcquire Fetcher, bool PromptUser=true) +{ + string UntrustedList; + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I Fetcher.ItemsEnd(); ++I) + { + if (!(*I)-IsTrusted()) + { + UntrustedList += string((*I)-ShortDesc()) + ; + } + } + + if (UntrustedList == ) + { + return true; + } + + return AuthPrompt(UntrustedList, PromptUser); +} // InstallPackages - Actually download and install the packages /*{{{*/ // - /* This displays the informative messages describing what is going to @@ -2229,6 +2236,7 @@ // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -2237,6 +2245,9 @@ if (Last == 0) return _error-Error(_(Unable to find a source package for %s),Src.c_str()); + if (Last-Index().IsTrusted() == false) + UntrustedList += Src + ; + string srec = Last-AsStr(); string::size_type pos = srec.find(\nVcs-); while (pos != string::npos) @@ -2319,6 +2330,11 @@ } } + // check authentication status of the source as well + if (UntrustedList != !AuthPrompt(UntrustedList, false)) + return false; + + // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); unsigned long long FetchPBytes = Fetcher.PartialPresent(); diff -Nru apt-0.8.10.3+squeeze1/debian/changelog apt-0.8.10.3+squeeze2/debian/changelog --- apt-0.8.10.3+squeeze1/debian/changelog 2011-04-15 09:30:33.0 +0200 +++ apt-0.8.10.3+squeeze2/debian/changelog 2014-06-12 15:07:49.0 +0200 @@ -1,3 +1,14 @@ +apt (0.8.10.3+squeeze2) squeeze-security; urgency=high + + * SECURITY UPDATE: apt-get source validation (closes: #749795) +- CVE-2014-0478 + * SECURITY UPDATE: sensitive information disclosure via incorrect +hostname validation (LP: #868353) +- methods/https.cc: properly set CURLOPT_SSL_VERIFYHOST. +- CVE-2011-3634 + + -- Michael Vogt m...@debian.org Thu, 12 Jun 2014 14:30:59 +0200 + apt (0.8.10.3+squeeze1) stable; urgency=low [ Michael Vogt ] diff -Nru apt-0.8.10.3+squeeze1/methods/https.cc apt-0.8.10.3+squeeze2/methods/https.cc --- apt-0.8.10.3+squeeze1/methods/https.cc 2011-04-15 09:30:33.0 +0200 +++ apt-0.8.10.3+squeeze2/methods/https.cc 2014-06-12 14:32:46.0 +0200 @@ -143,13 +143,11 @@ curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); // ... and hostname against cert CN or subjectAltName - int
Bug#747498: python-apt: Please consider adding information templates for blankon
On Fri, May 09, 2014 at 11:36:23AM +, Rahman Yusri Aftian wrote: Package: python-apt Version: 0.9.3.6 Severity: normal Tags: patch Thanks for your bugreport. Dear Maintainer, I notice that you include settings for debian and ubuntu in the debian source package. Please consider also including the settings for blankon. This is added now and will be part of the next upload. Cheers, Michael -- Package-specific info: -- (no /usr/share/python-apt/templates/ present) -- -- /usr/share/python-apt/templates/Blankon.mirrors -- #LOC:ID http://kambing.ui.ac.id/blankon/ http://mirror.omadata.com/blankon/ http://repo.ugm.ac.id/repo/blankon/ http://buaya.klas.or.id/blankon/ http://bos.fkip.uns.ac.id/blankon http://pandawa.ipb.ac.id/blankon/ http://dl2.foss-id.web.id/blankon/ http://shol.vlsm.org/blankon/ http://openstorage.gunadarma.ac.id/blankon/ http://debian.rab.co.id/blankon/ http://singo.ub.ac.id/blankon/ http://ftp.paudni.kemdiknas.go.id/blankon/ http://blankon.idrepo.or.id/blankon/ http://mirror.kioss.undip.ac.id/blankon/ http://repo.unnes.ac.id/repo/blankon/ http://kartolo.sby.datautama.net.id/blankon/ -- /usr/share/python-apt/templates/Blankon.info -- ChangelogURI: http://arsip.blankonlinux.or.id/blankon/changelogs/pool/%s/%s/%s/%s_%s/changelog Suite: tambora RepositoryType: deb BaseURI: http://arsip.blankonlinux.or.id/blankon/ MatchURI: arsip.blankonlinux.or.id/blankon MirrorsFile-amd64: /usr/share/python-apt/templates/Blankon.mirrors MirrorsFile-i386: /usr/share/python-apt/templates/Blankon.mirrors Description: Blankon 10.0 'Tambora' Component: main CompDescription: Officially supported CompDescriptionLong: Blankon-supported Free/Open Source software Component: extras CompDescription: Community-maintained CompDescriptionLong: Community-maintained Free/Open Source software Component: restricted CompDescription: Non-free drivers CompDescriptionLong: Proprietary drivers for devices Component: extras-restricted CompDescription: Restricted software CompDescriptionLong: Software restricted by copyright or legal issues Suite: tambora MatchName: .* BaseURI: cdrom:\[Blankon.*10.0 MatchURI: cdrom:\[Blankon.*10.0 Description: CDROM with Blankon 10.0 'Tambora' Available: False Component: main CompDescription: Officially supported Component: restricted CompDescription: Restricted copyright Suite: tambora-security ParentSuite: tambora RepositoryType: deb BaseURI: http://arsip.blankonlinux.or.id/blankon/ MatchURI: arsip.blankonlinux.or.id/blankon Description: Important security updates Suite: tambora-updates ParentSuite: tambora RepositoryType: deb Description: Recommended updates Suite: suroboyo RepositoryType: deb BaseURI: http://arsip.blankonlinux.or.id/blankon/ MatchURI: arsip.blankonlinux.or.id/blankon MirrorsFile-amd64: /usr/share/python-apt/templates/Blankon.mirrors MirrorsFile-i386: /usr/share/python-apt/templates/Blankon.mirrors Description: Blankon 9.0 'Suroboyo' Component: main CompDescription: Officially supported CompDescriptionLong: Blankon-supported Free/Open Source software Component: extras CompDescription: Community-maintained CompDescriptionLong: Community-maintained Free/Open Source software Component: restricted CompDescription: Non-free drivers CompDescriptionLong: Proprietary drivers for devices Component: extras-restricted CompDescription: Restricted software CompDescriptionLong: Software restricted by copyright or legal issues Suite: suroboyo MatchName: .* BaseURI: cdrom:\[Blankon.*9.0 MatchURI: cdrom:\[Blankon.*9.0 Description: CDROM with Blankon 9.0 'Suroboyo' Available: False Component: main CompDescription: Officially supported Component: restricted CompDescription: Restricted copyright Suite: suroboyo-security ParentSuite: suroboyo RepositoryType: deb BaseURI: http://arsip.blankonlinux.or.id/blankon/ MatchURI: arsip.blankonlinux.or.id/blankon Description: Important security updates Suite: suroboyo-updates ParentSuite: suroboyo RepositoryType: deb Description: Recommended updates Suite: rote RepositoryType: deb BaseURI: http://arsip.blankonlinux.or.id/blankon/ MatchURI: arsip.blankonlinux.or.id/blankon MirrorsFile-amd64: /usr/share/python-apt/templates/Blankon.mirrors MirrorsFile-i386: /usr/share/python-apt/templates/Blankon.mirrors Description: Blankon 8.0 'Rote' Component: main CompDescription: Officially supported CompDescriptionLong: Blankon-supported Free/Open Source software Component: extras CompDescription: Community-maintained CompDescriptionLong: Community-maintained Free/Open Source software Component: restricted CompDescription: Non-free drivers CompDescriptionLong: Proprietary drivers for devices Component: extras-restricted CompDescription: Restricted software CompDescriptionLong: Software restricted by copyright or legal issues Suite: rote MatchName: .* BaseURI: cdrom:\[Blankon.*8.0 MatchURI:
Bug#750120: python-apt: Some locales use no-breaking space for LC_NUMBER, so return unicode for SizeToStr
On Sun, Jun 01, 2014 at 09:18:45PM +0200, Odin Hørthe Omdal wrote: Package: python-apt Version: 0.9.3.5 Severity: normal Tags: upstream l10n patch Thanks for your bugreport and your patch! this is on Ubuntu, but this was the closest I could find to the python-apt upstream :) This is breaking the distribution upgrade on my girlfriends computer (since she is using nn_NO.UTF8 as her language). Ubuntu's upgrading python script is not expecting that the str returned will have undecodeable chars. This could also be fixed at Ubuntu's level, but looking at it, I thought it hit closer to home for apt_pkg.size_to_str() to return a ready decoded unicode string to all its users. [..] Indeed, thanks for this fix! Unfortunately as it is right now it breaks the API of size_to_str(), i.e. there are probably apps who expect a type str. So we either need to add a size_to_unicode() or a kwarg like as_unicode or add a warning in the documentation for the py2 users. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#748922: python-apt: TagFile doesnt close file
On Thu, May 22, 2014 at 11:57:12AM +0200, Johannes Schauer wrote: Package: python-apt Version: 0.9.3.5 Severity: normal Thanks for your bugreport. Consider the following snippet: --%--- import gc import os import sys import apt_pkg print os.listdir(/proc/self/fd/) f = apt_pkg.TagFile(sys.argv[1]) print os.listdir(/proc/self/fd/) del f print os.listdir(/proc/self/fd/) gc.collect print os.listdir(/proc/self/fd/) --%--- There is a small typo in the above script. gc.collect should be gc.collect(). I verified that the following works and does not leak fds: class LeakTestCase(unittest.TestCase): def test_leak(self): # clenaup gc first import gc gc.collect() # see what fds we have fds = os.listdir(/proc/self/fd) testfile = __file__ tagf = apt_pkg.TagFile(testfile) tagf.step() del tagf import gc gc.collect() # ensure fd is closed self.assertEqual(fds, os.listdir(/proc/self/fd)) Unfortunately just doing a del tagf is not enough, the gc call is needed afterwards. The reason that the del is not enough is that there is there is a cyclic reference from the tagf to tagf.section. The garbage collector breaks it, but a simple del sees a refcount 0. This particular case could maybe fixed by copying the data from the pkgTagFile to a pkgTagSection instead of letting it operator on the Buffer of pkgTagFile. But that requires somework (plus additional memory for the copied data). Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#750528: celery: build-depend on python-sphinxcontrib.issuetracker no longer needed(?)
Source: celery Version: 3.1.11-1 Severity: minor Hi, it appears that with the latest version of shpinx the build-depend on python-sphinxcontrib.issuetracker is no longer needed. It builds fine without and it was removed from requirements/docs.txt too. Thanks, Michael -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Sat, May 31, 2014 at 12:07:48AM +0200, David Kalnischkies wrote: On Fri, May 30, 2014 at 03:21:20PM +0200, Michael Vogt wrote: From b7f501b5cc8583f61467f0c7a0282acbb88e4b29 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@debian.org Date: Fri, 30 May 2014 14:47:56 +0200 Subject: [PATCH] Show unauthenticated warning for source packages as well This will show the same unauthenticated warning for source packages as for binary packages and will not download a source package if it is unauthenticated. This can be overriden with typo: overridden Thanks, fixed. + // check authentication status of the source as well + if (UntrustedList != !AuthPrompt(UntrustedList, true)) + return false; As said, I don't think 'apt-get source' should be interactive, so this true should be a false, right? Reasons (as a repeat): - it was not interactive before - the error message on 'no' talks about install, so we would need a new string - 'apt-get download' isn't interactive either (- it is more in line with your own commit summary) Counter arguments? [..] Good point! No counter arguments, the risk of breaking script by prompting is indeed a good reason not to show the prompt (and we do the same for download). I changed it to non-interactive now. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749795: apt: no authentication checks for source packages
On Thu, May 29, 2014 at 11:04:35PM +0200, Jakub Wilk wrote: Package: apt Version: 1.0.3 Severity: grave Tags: security Thanks for your bugreport. You raise a important issue, but I agree with David that its best if this goes through the security team for coordination. I've been investigating how apt behaves when the repository doesn't contain any Release signatures (possibly because they were stripped off by a man-in-the-middle attacker). This is what I found out: | # cat /etc/apt/sources.list | deb http://ftp.debian.org/debian/ unstable main | deb-src http://ftp.debian.org/debian/ unstable main | | # apt-get update | Ign http://ftp.debian.org unstable InRelease | Ign http://ftp.debian.org unstable Release.gpg | Get:1 http://ftp.debian.org unstable Release [205 kB] | Get:2 http://ftp.debian.org unstable/main Sources [7249 kB] | Get:3 http://ftp.debian.org unstable/main amd64 Packages [6758 kB] | Fetched 14.2 MB in 29s (479 kB/s) | Reading package lists... Done | | # echo $? | 0 Hmm. There is no warning suggesting that anything fishy is going on, and the exit code indicates success. (Perhaps the Igns could raise suspicion of an observant sysadmin. But who knows what Ign exactly means? At least the apt-get(1) manpage doesn't know.) Right, I think apt should show a more prominent warning here. I will look into this next. [..] So far, so good. However, apt-get happily downloads unauthenticated source packages, with no warning: | $ apt-get source -d nyancat | Reading package lists... Done | Building dependency tree | Reading state information... Done | Selected version '1.2.2-1' (unstable) for nyancat | Need to get 20.6 kB of source archives. | Get:1 http://ftp.debian.org/debian/ unstable/main nyancat 1.2.2-1 (dsc) [1782 B] | Get:2 http://ftp.debian.org/debian/ unstable/main nyancat 1.2.2-1 (tar) [14.1 kB] | Get:3 http://ftp.debian.org/debian/ unstable/main nyancat 1.2.2-1 (diff) [4748 B] | Fetched 20.6 kB in 0s (1838 kB/s) | Download complete and in download only mode [..] Indeed, this is a problem that needs fixing. Attached is a patch that addresses the issue. Cheers, Michael From b7f501b5cc8583f61467f0c7a0282acbb88e4b29 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@debian.org Date: Fri, 30 May 2014 14:47:56 +0200 Subject: [PATCH] Show unauthenticated warning for source packages as well This will show the same unauthenticated warning for source packages as for binary packages and will not download a source package if it is unauthenticated. This can be overriden with --allow-unauthenticated Closes: #749795 --- apt-private/private-download.cc| 5 + apt-private/private-download.h | 6 + cmdline/apt-get.cc | 9 test/integration/test-apt-get-source-authenticated | 26 ++ 4 files changed, 46 insertions(+) create mode 100755 test/integration/test-apt-get-source-authenticated diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc index a095f0c..be7d23c 100644 --- a/apt-private/private-download.cc +++ b/apt-private/private-download.cc @@ -28,6 +28,11 @@ bool CheckAuth(pkgAcquire Fetcher, bool const PromptUser) if (UntrustedList == ) return true; + return AuthPrompt(UntrustedList, PromptUser); +} + +bool AuthPrompt(std::string UntrustedList, bool const PromptUser) +{ ShowList(c2out,_(WARNING: The following packages cannot be authenticated!),UntrustedList,); if (_config-FindB(APT::Get::AllowUnauthenticated,false) == true) diff --git a/apt-private/private-download.h b/apt-private/private-download.h index a108aa5..a90ac7e 100644 --- a/apt-private/private-download.h +++ b/apt-private/private-download.h @@ -5,7 +5,13 @@ class pkgAcquire; +// Check if all files in the fetcher are authenticated APT_PUBLIC bool CheckAuth(pkgAcquire Fetcher, bool const PromptUser); + +// show a authentication warning prompt and return true if the system +// should continue +APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser); + APT_PUBLIC bool AcquireRun(pkgAcquire Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure); #endif diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 0f18b0e..d74d6d5 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -76,6 +76,7 @@ #include stdio.h #include stdlib.h #include string.h +#include sys/ioctl.h #include sys/stat.h #include sys/statfs.h #include sys/statvfs.h @@ -755,6 +756,7 @@ static bool DoSource(CommandLine CmdL) // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -763,6 +765,9 @@ static bool DoSource(CommandLine CmdL) if (Last == 0) { return _error-Error(_(Unable to find a source package for %s),Src.c_str
Bug#748389: apt: verbose option
On Fri, May 16, 2014 at 10:10:07PM +0200, Reiner wrote: Package: apt Version: 1.0.3 Severity: wishlist Thanks for your bugreport. it would be nice to get a verbose option in apt similar aptitude -v update like this: apt -v update Hit ... Hit ... Current status: 0 broken [+0], 3 updates [+0], 42665 new [+0]. I added a similar feature to my feature/apt-update-info git branch, apt does not currently track what packages are new so thats missing. Would be good to have this directly in libapt though. Cheers, Michael Thank you. -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture i386; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends 1; APT::Install-Suggests 0; APT::Authentication ; APT::Authentication::TrustCDROM true; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-image-686-pae$; APT::NeverAutoRemove:: ^linux-headers-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-headers-686-pae$; APT::NeverAutoRemove:: ^linux-image-extra-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-image-extra-686-pae$; APT::NeverAutoRemove:: ^linux-signed-image-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-signed-image-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-image-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-image-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-headers-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-headers-686-pae$; APT::NeverAutoRemove:: ^gnumach-image-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^gnumach-image-686-pae$; APT::NeverAutoRemove:: ^.*-modules-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^.*-modules-686-pae$; APT::NeverAutoRemove:: ^.*-kernel-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^.*-kernel-686-pae$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-686-pae$; APT::NeverAutoRemove:: ^linux-tools-3\.14-1-686-pae$; APT::NeverAutoRemove:: ^linux-tools-686-pae$; APT::VersionedKernelPackages ; APT::VersionedKernelPackages:: linux-image; APT::VersionedKernelPackages:: linux-headers; APT::VersionedKernelPackages:: linux-image-extra; APT::VersionedKernelPackages:: linux-signed-image; APT::VersionedKernelPackages:: kfreebsd-image; APT::VersionedKernelPackages:: kfreebsd-headers; APT::VersionedKernelPackages:: gnumach-image; APT::VersionedKernelPackages:: .*-modules; APT::VersionedKernelPackages:: .*-kernel; APT::VersionedKernelPackages:: linux-backports-modules-.*; APT::VersionedKernelPackages:: linux-tools; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto-Sections:: multiverse/oldlibs; APT::Periodic ; APT::Periodic::Update-Package-Lists 1; APT::Periodic::Download-Upgradeable-Packages 0; APT::Periodic::AutocleanInterval 0; APT::Update ; APT::Update::Post-Invoke ; APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 2/dev/null || true; APT::Update::Post-Invoke-Success ; APT::Update::Post-Invoke-Success:: /usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service /usr/bin/test -S /var/run/dbus/system_bus_socket /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update /dev/null; /bin/echo /dev/null; APT::Archives ; APT::Archives::MaxAge 30; APT::Archives::MinAge 2; APT::Archives::MaxSize 500; APT::Architectures ; APT::Architectures:: i386; APT::Compressor ; APT::Compressor::. ; APT::Compressor::.::Name .; APT::Compressor::.::Extension ; APT::Compressor::.::Binary ; APT::Compressor::.::Cost 1; APT::Compressor::gzip ; APT::Compressor::gzip::Name gzip; APT::Compressor::gzip::Extension .gz; APT::Compressor::gzip::Binary gzip; APT::Compressor::gzip::Cost 2; APT::Compressor::gzip::CompressArg ; APT::Compressor::gzip::CompressArg:: -9n; APT::Compressor::gzip::UncompressArg ; APT::Compressor::gzip::UncompressArg:: -d; APT::Compressor::bzip2 ; APT::Compressor::bzip2::Name bzip2; APT::Compressor::bzip2::Extension .bz2; APT::Compressor::bzip2::Binary bzip2; APT::Compressor::bzip2::Cost 3; APT::Compressor::bzip2::CompressArg ; APT::Compressor::bzip2::CompressArg:: -9; APT::Compressor::bzip2::UncompressArg ; APT::Compressor::bzip2::UncompressArg:: -d; APT::Compressor::xz ; APT::Compressor::xz::Name xz; APT::Compressor::xz::Extension .xz; APT::Compressor::xz::Binary xz; APT::Compressor::xz::Cost 4;
Bug#747566: synaptic: Filtered list rendered incorrectly after refresh
On Fri, May 09, 2014 at 09:22:44PM -0400, Scott Talbert wrote: Package: synaptic Version: 0.81.1 Severity: normal Thanks for your bugreport. Problem originally reported in Ubuntu (#1309369) but reproducible in Debian unstable: 1) Open Synaptic 2) (with apt-xapian-index) Search for something in Quick filter 3) Choose a package and mark it for changed status 4) List refreshes and item count is the same but these are phantom items from the top of this same listing, but as if it was not filtered 5) Move cursor over the list and the real items are revealed I can reproduce this only sometimes, I think the attached patch fixes it, it would be great if you (or someone else) could confirm, then I can push a update to debian and ubuntu. Thanks, Michael -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages synaptic depends on: ii hicolor-icon-theme 0.13-1 ii libapt-inst1.5 1.0.3 ii libapt-pkg4.12 1.0.3 ii libatk1.0-0 2.12.0-1 ii libc62.18-5 ii libcairo-gobject21.12.16-2 ii libcairo21.12.16-2 ii libept1.4.12 1.0.12 ii libgcc1 1:4.9.0-2 ii libgdk-pixbuf2.0-0 2.30.7-1 ii libglib2.0-0 2.40.0-3 ii libgtk-3-0 3.12.1-1 ii libpango-1.0-0 1.36.3-1 ii libpangocairo-1.0-0 1.36.3-1 ii libstdc++6 4.9.0-2 ii libvte-2.90-91:0.36.1-1 ii libx11-6 2:1.6.2-1 ii libxapian22 1.2.17-1 ii libxext6 2:1.3.2-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages synaptic recommends: ii libgtk2-perl 2:1.2491-1 ii policykit-10.105-5 ii rarian-compat 0.8.1-5 Versions of packages synaptic suggests: ii apt-xapian-index 0.46 pn deborphannone pn dwww none pn menu none pn software-properties-gtk none ii tasksel 3.20 -- no debconf information === modified file 'gtk/rgmainwindow.cc' --- gtk/rgmainwindow.cc 2014-03-18 19:58:18 + +++ gtk/rgmainwindow.cc 2014-05-10 20:00:10 + @@ -321,6 +321,9 @@ GTK_TREE_MODEL(_pkgList)); } + // debian bug #747566 + gtk_widget_queue_draw(_treeView); + #if 0 // set selected pkg to be selected again if(selectedPkg != NULL) {
Bug#726163: multiarch upgrade issue
On Wed, Apr 30, 2014 at 04:14:37PM +0200, Jelmer Vernooij wrote: Hi Michael, Hi Jelmer, [..] 3. move libpytalloc-util.so.2 into its own libtalloc2-python (or similar) package I think this is the most reasonable option, though it's a pity we'd have to package something so small separately. [..] I'm happy to work on a patch to get rid of the python-talloc dependency and unblock the multiarch upgrade, but I would like to hear from you what option you prefer. Hope this helps, It did, thanks a bunch! Attached is a small patch for option 3 that seperates the libpytalloc-util.so.2 into a new libtalloc2-pylibs package. Feedback, especially on the package name would be great as I would like to apply this on Ubuntu as well and don't want to diverge on the packagename of course :) Cheers, Michael diff -Nru talloc-2.1.0/debian/changelog talloc-2.1.0/debian/changelog --- talloc-2.1.0/debian/changelog 2014-04-21 14:47:47.0 +0200 +++ talloc-2.1.0/debian/changelog 2014-05-05 08:10:02.0 +0200 @@ -1,3 +1,12 @@ +talloc (2.1.0-3) unstable; urgency=low + + * debian/control: +- move libpytalloc-util.so.2 into its own library package + to support multiarch upgrades of e.g. libsmbclient + (LP: #1308657) + + -- Michael Vogt michael.v...@ubuntu.com Mon, 05 May 2014 08:07:41 +0200 + talloc (2.1.0-2) unstable; urgency=medium * Change maintainer to Samba Debian maintainers. diff -Nru talloc-2.1.0/debian/control talloc-2.1.0/debian/control --- talloc-2.1.0/debian/control 2014-04-21 14:47:47.0 +0200 +++ talloc-2.1.0/debian/control 2014-05-05 08:23:54.0 +0200 @@ -42,6 +42,20 @@ . This package contains the development files. +Package: libtalloc2-pylibs +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Section: libs +Breaks: python-talloc ( 2.1.0-3) +Replaces: python-talloc ( 2.1.0-3) +Description: hierarchical pool based memory allocator - Python helper library + A hierarchical pool based memory allocator with destructors. It uses + reference counting to determine when memory should be freed. + . + This package contains the shared libraries for Python support. + Package: python-talloc Pre-Depends: ${misc:Pre-Depends} Architecture: any diff -Nru talloc-2.1.0/debian/libtalloc2-pylibs.install talloc-2.1.0/debian/libtalloc2-pylibs.install --- talloc-2.1.0/debian/libtalloc2-pylibs.install 1970-01-01 01:00:00.0 +0100 +++ talloc-2.1.0/debian/libtalloc2-pylibs.install 2014-05-05 08:14:53.0 +0200 @@ -0,0 +1 @@ +usr/lib/*/libpytalloc-util.so.* diff -Nru talloc-2.1.0/debian/libtalloc2-pylibs.symbols talloc-2.1.0/debian/libtalloc2-pylibs.symbols --- talloc-2.1.0/debian/libtalloc2-pylibs.symbols 1970-01-01 01:00:00.0 +0100 +++ talloc-2.1.0/debian/libtalloc2-pylibs.symbols 2014-05-05 08:14:44.0 +0200 @@ -0,0 +1,11 @@ +libpytalloc-util.so.2 #PACKAGE# #MINVER# + PYTALLOC_UTIL_2.0.6@PYTALLOC_UTIL_2.0.6 2.0.6 + PYTALLOC_UTIL_2.0.7@PYTALLOC_UTIL_2.0.7 2.0.7 + PYTALLOC_UTIL_2.0.8@PYTALLOC_UTIL_2.0.8 2.0.8 + PYTALLOC_UTIL_2.1.0@PYTALLOC_UTIL_2.1.0 2.1.0 + pytalloc_CObject_FromTallocPtr@PYTALLOC_UTIL_2.0.6 2.0.6 + pytalloc_Check@PYTALLOC_UTIL_2.0.6 2.0.6 + pytalloc_GetObjectType@PYTALLOC_UTIL_2.0.6 2.0.6 + pytalloc_reference_ex@PYTALLOC_UTIL_2.0.6 2.0.6 + pytalloc_steal@PYTALLOC_UTIL_2.0.6 2.0.6 + pytalloc_steal_ex@PYTALLOC_UTIL_2.0.6 2.0.6 diff -Nru talloc-2.1.0/debian/python-talloc.install talloc-2.1.0/debian/python-talloc.install --- talloc-2.1.0/debian/python-talloc.install 2014-04-21 14:47:47.0 +0200 +++ talloc-2.1.0/debian/python-talloc.install 2014-05-05 08:14:12.0 +0200 @@ -1,2 +1 @@ usr/lib/python*/*-packages/talloc.so -usr/lib/*/libpytalloc-util.so.* diff -Nru talloc-2.1.0/debian/python-talloc.symbols talloc-2.1.0/debian/python-talloc.symbols --- talloc-2.1.0/debian/python-talloc.symbols 2014-04-21 14:47:47.0 +0200 +++ talloc-2.1.0/debian/python-talloc.symbols 2014-05-05 08:14:36.0 +0200 @@ -1,13 +1,2 @@ -libpytalloc-util.so.2 #PACKAGE# #MINVER# - PYTALLOC_UTIL_2.0.6@PYTALLOC_UTIL_2.0.6 2.0.6 - PYTALLOC_UTIL_2.0.7@PYTALLOC_UTIL_2.0.7 2.0.7 - PYTALLOC_UTIL_2.0.8@PYTALLOC_UTIL_2.0.8 2.0.8 - PYTALLOC_UTIL_2.1.0@PYTALLOC_UTIL_2.1.0 2.1.0 - pytalloc_CObject_FromTallocPtr@PYTALLOC_UTIL_2.0.6 2.0.6 - pytalloc_Check@PYTALLOC_UTIL_2.0.6 2.0.6 - pytalloc_GetObjectType@PYTALLOC_UTIL_2.0.6 2.0.6 - pytalloc_reference_ex@PYTALLOC_UTIL_2.0.6 2.0.6 - pytalloc_steal@PYTALLOC_UTIL_2.0.6 2.0.6 - pytalloc_steal_ex@PYTALLOC_UTIL_2.0.6 2.0.6 talloc.so #PACKAGE# #MINVER# inittalloc@Base 2.0.6
Bug#747094: bash-completion: [patch] add support for the new apt command
Package: bash-completion Version: 1:2.1-4 Severity: wishlist Tags: patch Hi, please consider adding bash completion support for the new apt command. I filed a bug upstream with a patch some days ago: https://alioth.debian.org/tracker/index.php?func=detailaid=314652group_id=100114atid=413095 The diff itself is here https://alioth.debian.org/tracker/download.php/100114/413095/314652/6460/0001-add-bash-completions-for-the-new-apt-command.patch Maybe we can add it as a distro patch until its merged upstream? I'm happy to provide a debdiff if that helps. Thanks, Michael -- System Information: Debian Release: jessie/sid APT prefers trusty-updates APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500, 'trusty'), (100, 'trusty-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13.0-22-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages bash-completion depends on: ii bash 4.3-6ubuntu1 ii dpkg 1.17.5ubuntu5.2 bash-completion recommends no packages. bash-completion suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746200: apt: Apt-get install doesn't respect /target_release
On Sun, Apr 27, 2014 at 06:15:21PM -0500, Wayne Rowcliffe wrote: Package: apt Version: 1.0.2 Severity: normal Thanks for your bugreport. With the recent upgrade of apt to 1.0, /target_release flags do not seem to have any effect. For my particuluar situation, I am trying to upgrade gnome to use 3.12. This involves pulling packages from both experimental and unstable. So I attempt to do: `apt-get install gnome-shell/experimental empathy/unstable`, etc. However, when I do this apt seems to completely ignore the flags and instead tries to install the versions from testing. I have used this method many times in the past to specify a set of packages from different releases that won't conflict with each other. Since the upgrade to apt 1.0, I am not able to. [..] Could you include the output of same examples where it fails for you please? We have some testcases that cover this feature and they are still working, so it would be good to know some more details how to reproduce the issue. Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#746434: apt: new apt breaks a shell script by reading from standard input when it shouldn't
On Tue, Apr 29, 2014 at 10:40:52PM +, Gianluca Borello wrote: Package: apt Version: 1.0.2 Severity: normal Thanks for your bugeport. I have an automated installation script that doesn't work anymore on Sid. This is a snippet of code: #!/bin/bash apt-get -qq -y install iftop neverexecuted If executed by piping it to bash, the very first time (when the package is not installed), I get: [..] I can reproduce this and bisected it to commit 872816. The attached diff fixes it for me, would be great if you could confirm. Cheers, Michael diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 959d064..bc86258 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -1239,9 +1239,9 @@ bool pkgDPkgPM::Go(int OutStatusFd) // if tcgetattr does not return zero there was a error // and we do not do any pty magic _error-PushToStack(); - if (tcgetattr(STDOUT_FILENO, tt) == 0) + if (tcgetattr(STDIN_FILENO, tt) == 0) { - ioctl(0, TIOCGWINSZ, (char *)win); + ioctl(STDIN_FILENO, TIOCGWINSZ, (char *)win); if (openpty(master, slave, NULL, tt, win) 0) { _error-Errno(openpty, _(Can not write log (%s)), _(Is /dev/pts mounted?));
Bug#726163: multiarch upgrade issue
Hi, just wanted to mention that the current dependency of libsmbclient to python-talloc cause a regression when upgrading from a samba3 based libsmbclient to a samba4 based libsmbclient in certain multiarch environments. The problem is that libsmbclient:i386 and libsmbclient:amd64 can be co-installed with samba3 but no longer with samba4 because of the python-talloc dependency. Right now samba-libs contains a dependency on libpytalloc-util.so.2 library which is part of python-talloc. See https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/1308657 for the details. The options are: 1. move libpytalloc-util.so.2 to libtalloc2 2. move /usr/lib/x86_64-linux-gnu/samba/libsamba_python.so.0 to samba-python 3. move libpytalloc-util.so.2 into its own libtalloc2-python (or similar) package I don't know enough about the samba4 packaging to have a strong opinion, but it seems like (1) is a reasonable solution as it does not require changing existing dependencies. It would mean a tiny additional lib (libpytalloc-util.so.2 - 11k on my system) in libtalloc2 that not everyone needs. I'm happy to work on a patch to get rid of the python-talloc dependency and unblock the multiarch upgrade, but I would like to hear from you what option you prefer. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745992: Please add the attached systemd service file
On Sun, Apr 27, 2014 at 12:12:05AM +0200, Michael Stapelberg wrote: Package: unattended-upgrades Version: 0.82.6 Severity: wishlist User: pkg-systemd-maintain...@lists.alioth.debian.org Usertags: systemd-units Thanks for your bugreport and your patch! Dear maintainer, please add the attached systemd service file. [..] This is merged and will be part of the next upload. Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745726: apt: shell is left colored when abborting colored output of apt
On Thu, Apr 24, 2014 at 03:44:28PM +0200, Sven Bartscher wrote: Package: apt Version: 1.0.1 Severity: minor Thanks for your bugreport. When pressing ctrl+c to interrupt apt while downloading packages the color doesn't get reset for the rest of the shell session. So the shell is colored orange until the color is set to something else. This is fixed in git and will be part of the next upload. Cheers, Michael -- Package-specific info: -- apt-config dump -- APT ; APT::Architecture i386; APT::Build-Essential ; APT::Build-Essential:: build-essential; APT::Install-Recommends true; APT::Install-Suggests 0; APT::Authentication ; APT::Authentication::TrustCDROM true; APT::NeverAutoRemove ; APT::NeverAutoRemove:: ^firmware-linux.*; APT::NeverAutoRemove:: ^linux-firmware$; APT::NeverAutoRemove:: ^linux-image-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^linux-image-686-pae$; APT::NeverAutoRemove:: ^linux-headers-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^linux-headers-686-pae$; APT::NeverAutoRemove:: ^linux-image-extra-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^linux-image-extra-686-pae$; APT::NeverAutoRemove:: ^linux-signed-image-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^linux-signed-image-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-image-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-image-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-headers-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^kfreebsd-headers-686-pae$; APT::NeverAutoRemove:: ^gnumach-image-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^gnumach-image-686-pae$; APT::NeverAutoRemove:: ^.*-modules-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^.*-modules-686-pae$; APT::NeverAutoRemove:: ^.*-kernel-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^.*-kernel-686-pae$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-3\.13-1-686-pae$; APT::NeverAutoRemove:: ^linux-backports-modules-.*-686-pae$; APT::VersionedKernelPackages ; APT::VersionedKernelPackages:: linux-image; APT::VersionedKernelPackages:: linux-headers; APT::VersionedKernelPackages:: linux-image-extra; APT::VersionedKernelPackages:: linux-signed-image; APT::VersionedKernelPackages:: kfreebsd-image; APT::VersionedKernelPackages:: kfreebsd-headers; APT::VersionedKernelPackages:: gnumach-image; APT::VersionedKernelPackages:: .*-modules; APT::VersionedKernelPackages:: .*-kernel; APT::VersionedKernelPackages:: linux-backports-modules-.*; APT::Never-MarkAuto-Sections ; APT::Never-MarkAuto-Sections:: metapackages; APT::Never-MarkAuto-Sections:: restricted/metapackages; APT::Never-MarkAuto-Sections:: universe/metapackages; APT::Never-MarkAuto-Sections:: multiverse/metapackages; APT::Never-MarkAuto-Sections:: oldlibs; APT::Never-MarkAuto-Sections:: restricted/oldlibs; APT::Never-MarkAuto-Sections:: universe/oldlibs; APT::Never-MarkAuto-Sections:: multiverse/oldlibs; APT::Periodic ; APT::Periodic::Update-Package-Lists 1; APT::Periodic::Download-Upgradeable-Packages 0; APT::Periodic::AutocleanInterval 0; APT::Update ; APT::Update::Post-Invoke ; APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 2/dev/null || true; APT::Update::Post-Invoke-Success ; APT::Update::Post-Invoke-Success:: /usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service /usr/bin/test -S /var/run/dbus/system_bus_socket /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update /dev/null; /bin/echo /dev/null; APT::Archives ; APT::Archives::MaxAge 30; APT::Archives::MinAge 2; APT::Archives::MaxSize 500; APT::Architectures ; APT::Architectures:: i386; APT::Compressor ; APT::Compressor::. ; APT::Compressor::.::Name .; APT::Compressor::.::Extension ; APT::Compressor::.::Binary ; APT::Compressor::.::Cost 1; APT::Compressor::gzip ; APT::Compressor::gzip::Name gzip; APT::Compressor::gzip::Extension .gz; APT::Compressor::gzip::Binary gzip; APT::Compressor::gzip::Cost 2; APT::Compressor::gzip::CompressArg ; APT::Compressor::gzip::CompressArg:: -9n; APT::Compressor::gzip::UncompressArg ; APT::Compressor::gzip::UncompressArg:: -d; APT::Compressor::bzip2 ; APT::Compressor::bzip2::Name bzip2; APT::Compressor::bzip2::Extension .bz2; APT::Compressor::bzip2::Binary bzip2; APT::Compressor::bzip2::Cost 3; APT::Compressor::bzip2::CompressArg ; APT::Compressor::bzip2::CompressArg:: -9; APT::Compressor::bzip2::UncompressArg ; APT::Compressor::bzip2::UncompressArg:: -d; APT::Compressor::xz ; APT::Compressor::xz::Name xz; APT::Compressor::xz::Extension .xz; APT::Compressor::xz::Binary xz; APT::Compressor::xz::Cost 4; APT::Compressor::xz::CompressArg ; APT::Compressor::xz::CompressArg:: -6; APT::Compressor::xz::UncompressArg ; APT::Compressor::xz::UncompressArg:: -d; APT::Compressor::lzma ; APT::Compressor::lzma::Name lzma; APT::Compressor::lzma::Extension .lzma;
Bug#745487: apt python library leak memory and file descriptors
On Tue, Apr 22, 2014 at 11:23:24AM +0200, Petter Reinholdtsen wrote: Package: python-apt Version: 0.8.8.2 Severity: important Thanks for your bugreport. Since I wrote the isenkram package, it have been plagued with a nasty resourse leak. It leak memory and file descriptors every time some hardware is inserted. The amount of leaked memory varies, but seem to be 30-40 MiB every time. The amount of file descriptors depend on the number of APT sources listed in /etc/apt/. URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730704 is an example on what happen when the process run out of file descriptors, and URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719837 is the initial report about leaking memory. This is a good test scenario, afaik python-apt is not being used in daemons so far. I've been able to track down the problem to the python-apt library, and the following test program demonstrate the leak: #!/usr/bin/python import apt while True: cache = apt.Cache() cache.open(None) When left alone running for a while, it crashes like this: % ./apt-leak.py Traceback (most recent call last): File ./apt-leak.py, line 6, in module cache.open(None) File /usr/lib/python2.7/dist-packages/apt/cache.py, line 147, in open self._records = apt_pkg.PackageRecords(self._cache) Thanks for this demo, I can reproduce the issue with it. However, if I change it a little bit and force the python garbage collector there seems to be no leak (or a small memory leak but no fd leak). #!/usr/bin/python import gc import os import timeit import apt def show_resource_stats(): mem = open(/proc/self/statm).read().strip().split()[0:2] open_fds = len(os.listdir(/proc/self/fd/)) print(mem: %s % mem) print(open fds: %s % open_fds) if __name__ == __main__: i=0 while True: cache = apt.Cache() cache.open() i += 1 if i%10 == 0: print(\nAfter %s runs % i) show_resource_stats() print(timeit.timeit(gc.collect, number=1)) print(After collect:) show_resource_stats() I see numbers like: After 20 runs mem: ['181774', '165966'] open fds: 653 0.236461877823 After collect: mem: ['68298', '57910'] open fds: 63 After 30 runs mem: ['181774', '165980'] open fds: 653 0.229271888733 After collect: mem: ['68938', '58564'] open fds: 63 Mem is size (VmSize) first and resident (VmRSS) second. I suspect that the behavior without running the GC is caused by the way we handle the pkgCache and pkgDepCache internally. Both are managed via a CacheFile and it seems that a del of the pkgCache/pkgDepCache leave the CacheFile (that really has the resources open) with zero references, but the resources are only really freed once the GC runs. This needs some investigation in the python/cache.cc code to see if we can explicitly trigger the free. Am I using the library wrong (ie should I do something to release the resources when I am done with the cache), or is it a bug in the library leaking memory and file descriptors? Setting severity to important. I guess one could argue that it should be critical because it causes isenkram to fail, but that severity seemed a bit high when I do not know if I am using the library wrong or not. Even if you would use the library wrong I would argue its a bug because the library should work well in the simple test case you provided. Cheers, Michael#!/usr/bin/python import gc import os import timeit import apt def show_resource_stats(): mem = open(/proc/self/statm).read().strip().split()[0:2] open_fds = len(os.listdir(/proc/self/fd/)) print(mem: %s % mem) print(open fds: %s % open_fds) if __name__ == __main__: i=0 while True: cache = apt.Cache() cache.open() i += 1 if i%10 == 0: print(\nAfter %s runs % i) show_resource_stats() print(timeit.timeit(gc.collect, number=1)) print(After collect:) show_resource_stats()
Bug#744297: apt: doesn't reset colors after Ctrl+C
On Sat, Apr 12, 2014 at 05:48:55PM +0200, Jakub Wilk wrote: Package: apt Version: 1.0.1 Severity: minor Thanks for your bugreport. When I press Ctrl+C when apt is working, it doesn't reset colors, leaving my shell prompt yellowish. See the attached screenshot. This is fixed in the git tree and it will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745120: apt: [INTL] Updated Thai program translation
On Sun, Apr 20, 2014 at 09:42:52AM +0700, Theppitak Karoonboonyanan wrote: On Fri, Apr 18, 2014 at 9:31 PM, David Kalnischkies da...@kalnischkies.de wrote: Refreshing the po file (attached) with the latest git reveals a fuzzy string (changing 'record' to 'version'), so I would like to ask if you could update accordingly so that we have 100% translated for th. :) Here you are. I've also fixed a few other translations with this. [..] Thanks! Merged to git and will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745452: apt: Consistently use Dpkg::Progress* in documentation
On Mon, Apr 21, 2014 at 04:54:04PM -0400, James McCoy wrote: Package: apt Version: 1.0.1 Severity: minor Thanks for your bugreport and your patch. Dear Maintainer, Apt's documentation refers to DpkgPM::Progress, Dpkg::Progress-Fancy, and DpkgPM::Progress-Fancy. DpkgPM::Progress was renamed to Dpkg::Progress in 6c5ae8ed, although the former is still understood for backwards-compatibility, and DpkgPM::Progress-Fancy was renamed to Dpkg::Progress-Fancy in 1c6089d7. The attached patch updates the documentation to consistently use the Dpkg:: variants of the options. Thanks for the cleanup, I merged your patch and it will be part of the next upload. Cheers, Michael -- Package-specific info: -- (no /etc/apt/preferences present) -- -- (/etc/apt/sources.list present, but not submitted) -- -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.16-1.1 ii libapt-pkg4.12 1.0.1 ii libc6 2.18-4 ii libgcc1 1:4.9-20140411-2 ii libstdc++6 4.9-20140411-2 apt recommends no packages. Versions of packages apt suggests: pn apt-doc none ii aptitude0.6.10-1 ii dpkg-dev1.17.6 ii python-apt 0.9.3.5 -- no debconf information From 10bc7148eedba84b237b3b91b41f97dc5596db80 Mon Sep 17 00:00:00 2001 From: James McCoy james...@debian.org Date: Mon, 21 Apr 2014 16:35:28 -0400 Subject: [PATCH] Consistently use Dpkg::Progress* in documentation Signed-off-by: James McCoy james...@debian.org --- doc/apt-get.8.xml | 2 +- doc/apt.8.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml index 1ed0890..a3bfc33 100644 --- a/doc/apt-get.8.xml +++ b/doc/apt-get.8.xml @@ -536,7 +536,7 @@ terminal window when packages are installed, upgraded or removed. For a machine parsable version of this data see README.progress-reporting in the apt doc directory. - Configuration Item: literalDpkgPM::Progress/literal and literalDpkg::Progress-Fancy/literal./para/listitem + Configuration Item: literalDpkg::Progress/literal and literalDpkg::Progress-Fancy/literal./para/listitem /varlistentry diff --git a/doc/apt.8.xml b/doc/apt.8.xml index 85e7276..bcad5ee 100644 --- a/doc/apt.8.xml +++ b/doc/apt.8.xml @@ -148,7 +148,7 @@ itemizedlist listitem - paraThe option literalDPkgPM::Progress-Fancy/literal is enabled. + paraThe option literalDPkg::Progress-Fancy/literal is enabled. /para /listitem listitem -- 1.9.2 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#745130: apt should tell if updates are available
On Fri, Apr 18, 2014 at 05:13:46PM +0200, David Kalnischkies wrote: On Fri, Apr 18, 2014 at 02:44:06PM +0530, shirish शिरीष wrote: I tried apt few days back and it's refreshing from aptitude in the sense it doesn't take as many resources as aptitude to update the index. There is one issue though, it doesn't tell if there are any updates and I have to manually run aptitude safe-upgrade in order to figure out if there are any updates or not. […] Unlike aptitude, apt doesn't tell if there are any updates. Just having that info. would make my life much easier. Could you perhaps mention what sort of info that might be and in which form? Also what 'updates' are in this context depends on which operation will be used to apply these updates (think: ugrade vs. dist-upgrade), so I would tend to say no at the moment as I don't know which info you ask for here and displaying potentially wrong info could be confusing at best and might even be dangerous. (a package manager confusing its users is never a good idea) (/me has never really used aptitude) [..] I like the idea, attached is a trivial patch that implements some very simple information for apt update. But I agree with Davids concerns, that we need to be careful about the message displayed to avoid confusing the users. Cheers, Michael From 72610548d2993e30fb5b8d633044c7f2af3fb392 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@debian.org Date: Tue, 22 Apr 2014 16:07:32 +0200 Subject: [PATCH] show upgradable packages after apt update --- apt-private/private-update.cc| 18 ++ cmdline/apt.cc | 1 + test/integration/test-apt-cli-update | 17 + 3 files changed, 36 insertions(+) create mode 100755 test/integration/test-apt-cli-update diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index da83d77..fa827de 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -75,6 +75,24 @@ bool DoUpdate(CommandLine CmdL) return false; } + // show basic stats (if the user whishes) + if (_config-FindB(APT::Cmd::Show-Update-Stats, false) == true) + { + int upgradable = 0; + Cache.Open(); + for (pkgCache::PkgIterator I = Cache-PkgBegin(); I.end() != true; ++I) + { + pkgDepCache::StateCache state = Cache[I]; + if (I-CurrentVer != 0 state.Upgradable()) +upgradable++; + } + const char *msg = ngettext( + %i package can be upgraded. Run 'apt list --upgradable' to see it.\n, + %i packages can be upgraded. Run 'apt list --upgradable' to see them.\n, + upgradable); + ioprintf(c1out, msg, upgradable); + } + return true; } /*}}}*/ diff --git a/cmdline/apt.cc b/cmdline/apt.cc index 4813861..8a6f96a 100644 --- a/cmdline/apt.cc +++ b/cmdline/apt.cc @@ -112,6 +112,7 @@ int main(int argc, const char *argv[]) /*{{{*/ _config-CndSet(DPkg::Progress-Fancy, 1); _config-CndSet(Apt::Color, 1); _config-CndSet(APT::Get::Upgrade-Allow-New, true); + _config-CndSet(APT::Cmd::Show-Update-Stats, true); // Parse the command line and initialize the package library CommandLine CmdL(Args.data(), _config); diff --git a/test/integration/test-apt-cli-update b/test/integration/test-apt-cli-update new file mode 100755 index 000..8237bf0 --- /dev/null +++ b/test/integration/test-apt-cli-update @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture i386 + +insertpackage 'unstable' 'foo' 'all' '2.0' +insertinstalledpackage 'foo' 'all' '1.0' + +setupaptarchive + +APTARCHIVE=$(readlink -f ./aptarchive) + +testequal 1 package can be upgraded. Run 'apt list --upgradable' to see it. apt update -q -- 1.9.1
Bug#743616: Adding sun-java 5,6-jdk in breaks / replaces forces removal of apt on oracle 7 and 8 package install
On Fri, Apr 04, 2014 at 06:36:53PM +1000, Bryan Cebuliak wrote: package: apt version: 1.0 Thanks for your bugreport. Why does oracle-java 7 and 8 installer from http://www.webupd8.org force a remove of apt 1.0 in Debian Sid if the Java apt binary is deprecated?? [..] The older sun-java-{5,6}-jdk packages shiped a apt alternative for their annotation processing tool. This is why the breaks/replaces was added. This was also discussed in https://bugs.edge.launchpad.net/ubuntu/+bug/1302736 Attached is a simple patch that make the replaces versionized and also adds a versionized openjdk-6-jdk (which is against a very old version so its probably not needed). Cheers, Michael From a75a293f19d315b491972b688747702e017a5625 Mon Sep 17 00:00:00 2001 From: Michael Vogt m...@ubuntu.com Date: Mon, 7 Apr 2014 08:18:14 +0200 Subject: [PATCH] make Replaces/Breaks for sun-java-{5,6}-jdk versionized and add missing openjdk-6-jdk versionized breaks too (LP: #1302736) Closes: #743616 --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 41c9529..ce43ac9 100644 --- a/debian/control +++ b/debian/control @@ -19,8 +19,8 @@ XS-Testsuite: autopkgtest Package: apt Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${apt:keyring}, gnupg -Replaces: manpages-pl ( 20060617-3~), manpages-it ( 2.80-4~), sun-java6-jdk, sun-java5-jdk -Breaks: manpages-pl ( 20060617-3~), manpages-it ( 2.80-4~), sun-java6-jdk, sun-java5-jdk +Replaces: manpages-pl ( 20060617-3~), manpages-it ( 2.80-4~), sun-java6-jdk ( 6.24-1build0.8.04.1), sun-java5-jdk ( 1.5.0-22-0ubuntu0.8.04), openjdk-6-jdk ( 6b24-1.11-0ubuntu1) +Breaks: manpages-pl ( 20060617-3~), manpages-it ( 2.80-4~), sun-java6-jdk ( 6.24-1build0.8.04.1), sun-java5-jdk ( 1.5.0-22-0ubuntu0.8.04), openjdk-6-jdk ( 6b24-1.11-0ubuntu1) Conflicts: python-apt ( 0.7.93.2~) Suggests: aptitude | synaptic | wajig, dpkg-dev (= 1.17.2), apt-doc, python-apt Description: commandline package manager -- 1.9.1
Bug#743594: +1
On Sun, Apr 06, 2014 at 08:16:30AM -0700, Martin Gallant wrote: Same here on all 3 of my jessie machines, amd64 i386 Thanks everyone, I have a testcase now and work on a fix. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743771: synaptic: fix french translation : History Historique des opérations
On Sun, Apr 06, 2014 at 10:57:38AM +0200, Ghent wrote: Package: synaptic Version: 0.81.1 Severity: minor Tags: l10n Dear Maintainer, In the french translation, History of File menu is translate Historique des recherches, search history in english but it's the history of actions performed on the packages. I suggest to replace by Historique des opérations. Thanks for your bugreport. I merged your patch and it will be part of the next upload. Cheers, Michael Regards, Ghent -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (960, 'testing'), (950, 'stable-updates'), (950, 'testing'), (950, 'stable'), (180, 'unstable'), (60, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages synaptic depends on: ii hicolor-icon-theme 0.13-1 ii libapt-inst1.5 0.9.16.1 ii libapt-pkg4.12 0.9.16.1 ii libatk1.0-0 2.10.0-2 ii libc62.18-4 ii libcairo-gobject21.12.16-2 ii libcairo21.12.16-2 ii libept1.4.12 1.0.12 ii libgcc1 1:4.8.2-16 ii libgdk-pixbuf2.0-0 2.30.6-1 ii libglib2.0-0 2.38.2-5 ii libgtk-3-0 3.10.7-1 ii libpango-1.0-0 1.36.3-1 ii libpangocairo-1.0-0 1.36.3-1 ii libstdc++6 4.8.2-16 ii libvte-2.90-91:0.34.9-1 ii libx11-6 2:1.6.2-1 ii libxapian22 1.2.17-1 ii libxext6 2:1.3.2-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages synaptic recommends: ii gksu 2.0.2-6 ii libgtk2-perl 2:1.249-2 ii policykit-10.105-4 ii rarian-compat 0.8.1-5 Versions of packages synaptic suggests: ii apt-xapian-index 0.46 ii deborphan1.7.28.8 pn dwww none ii menu 2.1.46 ii software-properties-gtk 0.92.25debian1 ii tasksel 3.20 -- no debconf information --- fr.po 2014-03-18 21:02:04.0 +0100 +++ fr-new.po 2014-04-06 10:39:00.901347032 +0200 @@ -2512,7 +2512,7 @@ #: ../gtk/gtkbuilder/window_main.ui.h:62 msgid _History -msgstr _Historique des recherches +msgstr _Historique des opérations #: ../gtk/gtkbuilder/window_main.ui.h:63 msgid _Icons Only -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743594: +1
Thanks for your bugreport. Could you please attach or mail privately the /var/lib/dpkg/stautus file? This should help me to reproduce the bug. Thanks, Michael On 6 April 2014 17:16:30 CEST, Martin Gallant mar...@goodbit.net wrote: Same here on all 3 of my jessie machines, amd64 i386 -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Bug#743413: 'apt list' seg-faults if sources.list file is unreadable
On Wed, Apr 02, 2014 at 02:22:50PM +0100, Ben Hutchings wrote: Package: apt Version: 1.0 Severity: normal Thanks for your bugreport. I accidentally gave /etc/apt/sources.list permissions 640 rather than 644. 'apt list' would then consistently seg-fault. This is fixed in git and will be part of the next upload. Cheers, Michael Ben. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.16-1.1 ii libapt-pkg4.12 1.0 ii libc6 2.18-4 ii libgcc1 1:4.8.2-18 ii libstdc++6 4.8.2-18 apt recommends no packages. Versions of packages apt suggests: pn apt-doc none ii aptitude0.6.10-1 ii dpkg-dev1.17.6 ii python-apt 0.9.3.5 ii synaptic0.81.1 -- no debconf information -- To UNSUBSCRIBE, email to deity-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140402132250.9973.53933.report...@deadeye.wl.decadent.org.uk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#743295: RM: vdkxdb2, vdkbuilder2 - old unmaintained software
On Tue, Apr 01, 2014 at 04:10:41PM +0200, Matthias Klose wrote: Package: ftp.debian.org According to the maintainer (CCed Michael Vogt), these packages are old and unmaintained, and should be removed from the archive. #726232 already suggests removing vdkbuilder2. I agree with this request, there haven't been updates since ~2011 and I don't have the time to put lots of effort into the package. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#740551: documentation for APT::Periodic::MaxSize v.s. processing in apt.cron.daily
On Sun, Mar 02, 2014 at 01:09:55PM -0500, Nathan Stratton Treadway wrote: Package: apt Severity: minor Version: 0.9.15.5 Thanks for your bugreport. Near the top of /etc/cron.daily/apt, the documentation for the MaxSize variable says: # APT::Periodic::MaxSize 0; (new) # - Set maximum size of the cache in MB (0=disable). If the cache #is bigger, cached package files are deleted until the size #requirement is met (the biggest packages will be deleted #first). (This same text is also found in /usr/share/doc/apt/examples/configure-index.gz ) [..] Indeed, this is incorrect since a very long time. I updated the documentation to match what the script is really doing. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741867: apt: [INTL:it] Updated Italian translation of apt po4a docs
On Sun, Mar 16, 2014 at 07:00:03PM +0100, Beatrice Torracca wrote: Package: apt Version: 0.9.15.5 Severity: wishlist Tags: l10n patch Hi! I updated the po4a docs of apt. You can find the gzipped file attached here. Please include it in your next upload. Thanks for your translation update. I merged it into the git repository and it will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741627: insecure temporary file usage in apt-extracttemplates
On Fri, Mar 14, 2014 at 05:10:05PM +, Steve Kemp wrote: Package: apt Version: 0.9.7.9+deb7u1 Severity: important Tags: security Thanks for your bugreport. [..] Anyway given that the generated file names are output to the console it feels like we should use mkstemp and do it properly, right? [..] I agree and changed the code to use mkstemp() now instead of using the pid/static integer combination. Changing this means that the format of the ouput changes slightly, the last field after the . is fixed size now and no longer contains only numbers. I don't expect this to cause issues, but I will run it on my system first for a couple of days (I also added a small integration test for this functionatlity). Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#742166: closed by Michael Vogt m...@debian.org (Bug#742166: fixed in synaptic 0.81.1)
On Wed, Mar 26, 2014 at 09:45:06PM -0400, Filipus Klutiero wrote: [..] Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Michael Vogt m...@debian.org by replying to this email. The issue appears to remain the same in 0.81.1. Thanks and sorry for the premature closing of bug. I assumed that adding iceweasel would fix it. So just to clarify - the effect is the same when using gksu or kdesu? It could be that gksu does not provide any information what UID the calling user has. If you run kdesu env, do you see anything that indicates your username or your userid in the environment? Thanks, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741154: fixed in bzr
Thanks for your bugreport and your description how to reproduce the issue. This is fixed in bzr now and the fix will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#742212: synaptic: Quick search field is missing
On Thu, Mar 20, 2014 at 08:02:14PM +0100, Piotr Jurkiewicz wrote: Package: synaptic Version: 0.80.4 Severity: important Thanks for your bugreport. As in topic, on the present Jessie preview quick search field in toolbar is missing. Do you have apt-xapian-index installed? This is what is needed to create the quick-search box. Its only a suggests at this point, iirc because there were bugreports from low-power system that building the xapian cache is too demanding on low(er)-end hardware. Cheers, Michael -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages synaptic depends on: ii hicolor-icon-theme 0.13-1 ii libapt-inst1.5 0.9.15.5+b1 ii libapt-pkg4.12 0.9.15.5+b1 ii libatk1.0-0 2.10.0-2 ii libc62.18-4 ii libcairo-gobject21.12.16-2 ii libcairo21.12.16-2 ii libept1.4.12 1.0.12 ii libgcc1 1:4.8.2-16 ii libgdk-pixbuf2.0-0 2.30.6-1 ii libglib2.0-0 2.38.2-5 ii libgtk-3-0 3.10.7-1 ii libpango-1.0-0 1.36.2-2 ii libpangocairo-1.0-0 1.36.2-2 ii libstdc++6 4.8.2-16 ii libvte-2.90-91:0.34.9-1 ii libx11-6 2:1.6.2-1 ii libxapian22 1.2.17-1 ii libxext6 2:1.3.2-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages synaptic recommends: ii libgtk2-perl 2:1.249-1 ii policykit-10.105-4 ii rarian-compat 0.8.1-5 Versions of packages synaptic suggests: ii apt-xapian-index 0.46 pn deborphannone pn dwww none pn menu none pn software-properties-gtk none ii tasksel 3.20 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#742166: [synaptic] Visit Homepage has no effect (KDE)
On Wed, Mar 19, 2014 at 11:00:07PM -0400, Filipus Klutiero wrote: Package: synaptic Version: 0.81 Severity: normal Thanks for your bugreport. Many packages define their homepage. For example, filelight does. Synaptic now displays a curious Visit Homepage link for these packages (initially looks like a simple link, but looks like a button when clicked). When I click this button, Synaptic fails to open the requested homepage. Note that in previous versions, it crashed, as reported in #725885. Synaptic can still help to reach the homepage as one can right-click the link and copy the URL. I use KDE 4.11. This happens for 2 users on 2 tested. All homepages appear to be affected. My default browser is Iceweasel. There is no error message, even in .xsession-errors, just nothing happens - whether Iceweasel is already open or not. I added a fallback to iceweasel now in bzr and this should work in the next upload. Currently synaptic is using xdg-open to find the default browser. There is already a fallback for konqueror - if this is installed, the fallback mechanism is not working for some reason. If you have xdg-open installed, could you please run xdg-open http://www.debian.org in this case and let me know what happens? Cheers, Michael --- System information. --- Architecture: i386 Kernel: Linux 3.12-1-amd64 Debian Release: jessie/sid 990 testing debian.mirror.iweb.ca 500 unstable debian.mirror.iweb.ca 1 experimental ftp3.nrc.ca --- Package information. --- Depends (Version) | Installed =-+-== libapt-inst1.5 (= 0.8.16~exp12) | 0.9.15.5 libapt-pkg4.12 (= 0.9.11) | 0.9.15.5 libatk1.0-0 (= 1.12.4) | 2.10.0-2 libc6 (= 2.3.6-6~) | 2.18-4 libcairo-gobject2 (= 1.10.0) | 1.12.16-2 libcairo2 (= 1.2.4) | 1.12.16-2 libept1.4.12 | 1.0.12 libgcc1 (= 1:4.1.1) | 1:4.8.2-16 libgdk-pixbuf2.0-0 (= 2.22.0) | 2.30.6-1 libglib2.0-0 (= 2.14.0) | 2.38.2-5 libgtk-3-0 (= 3.0.0) | 3.10.7-1 libpango-1.0-0 (= 1.14.0) | 1.36.2-2 libpangocairo-1.0-0 (= 1.14.0) | 1.36.2-2 libstdc++6 (= 4.6) | 4.8.2-16 libvte-2.90-9 (= 1:0.27.2) | 1:0.34.9-1 libx11-6 | 2:1.6.2-1 libxapian22 | 1.2.17-1 libxext6 | 2:1.3.2-1 zlib1g (= 1:1.1.4) | 1:1.2.8.dfsg-1 hicolor-icon-theme | 0.13-1 Recommends (Version) | Installed ==-+-= gksu | 2.0.2-6 OR kdebase-bin | OR policykit-1 | 0.105-4 libgtk2-perl (= 1:1.130) | rarian-compat | 0.8.1-5 Suggests (Version) | Installed ==-+-=== dwww | menu | 2.1.46 deborphan | apt-xapian-index | 0.46 tasksel | 3.20 software-properties-gtk | 0.82.7.1debian1 -- Filipus Klutiero http://www.philippecloutier.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741109: can not open synaptic package manager
On Sun, Mar 09, 2014 at 12:01:57AM +0700, gil79 wrote: Package: synaptic Version: 0.70~pre1+b1 Severity: important Thanks for your bugreport. I can not open synaptic, and a message window appears, stated: E: The package needs to be reinstalled giada, but I can not find an archive for it. E: Internal error opening cache (1). Please report. W: Ignoring file 'google-chrome.list.save' in directory '/ etc / apt / sources.list.d /' as it has an invalid filename extension Please run: $ sudo dpkg --remove giada Your system is in a inconsitent state for some reason (maybe the install of giada failed earlier). Cheers, Michael -- System Information: Debian Release: 6.0.9 APT prefers oldstable-proposed-updates APT policy: (500, 'oldstable-proposed-updates'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.6.11.2-avl1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages synaptic depends on: ii apt [libapt-pkg4. 0.8.10.3+squeeze1 Advanced front-end for dpkg ii apt-utils [libapt 0.8.10.3+squeeze1 APT utility programs ii hicolor-icon-them 0.12-1 default fallback theme for FreeDes ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.13-21Embedded GNU C Library: Shared lib ii libcairo2 1.10.2-7~bpo60+1 The Cairo 2D vector graphics libra ii libept1 1.0.4 High-level library for managing De ii libfontconfig12.9.0-5generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libgcc1 1:4.6.1-15 GCC support library ii libglade2-0 1:2.6.4-1 library to load .glade files at ru ii libglib2.0-0 2.33.12+really2.32.4-3 GLib library of C routines ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio ii libstdc++64.6.1-15 GNU Standard C++ Library v3 ii libvte9 1:0.24.3-4 Terminal emulator widget for GTK+ ii libx11-6 2:1.3.3-4+squeeze1 X11 client-side library ii libxapian22 1.2.3-2Search engine library ii libxml2 2.7.8.dfsg-2+squeeze8 GNOME XML library ii zlib1g1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages synaptic recommends: ii apt-xapian-index 0.41 maintenance and search tools for a ii gksu 2.0.2-5 graphical frontend to su ii libgnome2-perl 1.042-2 Perl interface to the GNOME librar ii rarian-compat 0.8.1-5 Documentation meta-data library (c ii software-properties-gtk0.60.debian-3 manage the repositories that you i Versions of packages synaptic suggests: pn deborphan none (no description available) pn dwww none (no description available) ii menu 2.1.44 generates programs menu for all me -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#735385: synaptic: quick search / xapian not installed by default in jessie
On Thu, Jan 16, 2014 at 04:46:21PM +0100, Andreas Cadhalpun wrote: On 15.01.2014 04:33, Lars Cebulla wrote: On a new installed Debian Jessie, I can't see the quick search input field in synaptic. After searching on the internet, I've found a solution: apt-get install apt-xapian-index update-apt-xapian-index http://debianforum.de/forum/viewtopic.php?f=12t=144140 This should be done by default ! I agree that this should be the default, since the normal search is not really an alternative. But I fear that this will not happen, because it was explicitly reduced to a Suggests from a Recommends due to performance problems on low end hardware, see [1]. [..] Its really a bit tricky to get this right it seems :) I guess what we could do is to add a button to install the quick search package if its missing. Something like Install quick filter support in the preferences window or even in the toolbar? Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#276655: [synaptic] Bug#276655: replace 'lock version' with dpkg holds
On Fri, Nov 15, 2013 at 06:07:30PM +0100, Andreas Cadhalpun wrote: Package: synaptic Version: 0.80.4 Thanks for your mail. I want to second Daniel Hartwig: synaptic should really use the universal dpkg holds. Anything else is quite confusing. Back when the locks got implemented in synaptic apt was not honoring dpkg hold iirc and there was also the worry about portability (i.e. using it on rpm systems). But I agree that nowdays it should use dpkg holds. I expect that 'apt-get (dist)upgrade' respects the holds I have set with synaptic. If anyone does not, there should at least be an option were one can choose which behavior is wanted. I pushed a branch to lp:~mvo/synaptic/use-dpkg-hold that implements the hold via dpkg holds. Its not doing a transition from the old to the new style yet, that probably needs fixing but otherwise I think its ready. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#720605: [synaptic] Bug#720605: Gtk-CRITICAL: assertion `iter_is_valid (iter, list_store)' failed
On Fri, Nov 15, 2013 at 05:44:53PM +0100, Andreas Cadhalpun wrote: Package: synaptic Version: 0.80.4 Thanks for the mail. for me the error in the terminal has one more line, which I suspect is the main problem, since it is called 'CRITICAL': (synaptic:30019): Gtk-CRITICAL **: gtk_list_store_get_value: assertion `iter_is_valid (iter, list_store)' failed (synaptic:30019): GLib-GObject-WARNING **: /tmp/buildd/glib2.0-2.36.4/./gobject/gtype.c:4239: type id `0' is invalid (synaptic:30019): GLib-GObject-WARNING **: can't peek value table for type `invalid' which is not currently referenced I was able to reproduce this and I fixed it in my repository. It will be part of the next upload. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724709: [synaptic] Bug#724709: custom filters are quite broken
On Fri, Nov 15, 2013 at 05:35:24PM +0100, Andreas Cadhalpun wrote: Package: synaptic Version: 0.80.4 Thanks for your mail. I can confirm this problem and report another, probably closely related bug, that can be reproduced as follows: * Create a custom filter and change any setting. * Close the filter creation window. * Open the window again and find, that the setting you changed for the custom filter was also changed in the topmost filter (for me the filter for defect packages). Example: If your custom filter only looks in section admin, the defect package filter will also look only in this section and not for defect packages anymore. This is very weird behavior which renders the custom filters quite unusable. Sorry for the long wait, this is fixed in bzr now and it will be part of the next upload. I (or someone :) will need to check if that fix also fixes the original report. I hope to find time for this soon(ish). Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#682365: Possible dpkg fix?
Hi, I stumbled on this today and was wondering if something like the attached patch might help. It will allow packages that are normally not co-installable on the system if the other package(s) are in stat_configfiles. The patch is a bit of a proof-of-concept for now, but I'm happy to clean it up and look (much) more deeply into the issue if you are ok with the general direction of the idea, its against the ubuntu dpkg verson as I ran into the problem on a ubuntu machine. I'm happy to make it a proper git am mergable patch, give really_installed_instances a better name and add a test for the new really_installed_instances member. It might even be possible to merge it with installed_instances if that is desired, I took the conservative approach here because I don't know if on the other places where its used the stat_configfiles might be relevant. Thanks for your consideration, Michael diff -Nru dpkg-1.17.5ubuntu5/lib/dpkg/dpkg-db.h dpkg-1.17.5ubuntu6/lib/dpkg/dpkg-db.h --- dpkg-1.17.5ubuntu5/lib/dpkg/dpkg-db.h 2013-12-10 07:14:22.0 +0100 +++ dpkg-1.17.5ubuntu6/lib/dpkg/dpkg-db.h 2014-03-20 21:35:13.0 +0100 @@ -215,6 +215,7 @@ struct deppossi *installed; } depended; int installed_instances; + int really_installed_instances; }; /*** from dbdir.c ***/ diff -Nru dpkg-1.17.5ubuntu5/lib/dpkg/parse.c dpkg-1.17.5ubuntu6/lib/dpkg/parse.c --- dpkg-1.17.5ubuntu5/lib/dpkg/parse.c 2014-01-17 00:01:36.0 +0100 +++ dpkg-1.17.5ubuntu6/lib/dpkg/parse.c 2014-03-20 22:08:16.0 +0100 @@ -297,6 +297,7 @@ struct pkgcount { int single; int multi; + int configfiles; int total; }; @@ -307,7 +308,9 @@ if (pkg-status == stat_notinstalled) return; - if (pkgbin-multiarch == multiarch_same) + if (pkg-status == stat_configfiles) +count-configfiles++; + else if (pkgbin-multiarch == multiarch_same) count-multi++; else count-single++; @@ -326,7 +328,7 @@ parse_find_set_slot(struct parsedb_state *ps, struct pkginfo *new_pkg, struct pkgbin *new_pkgbin) { - struct pkgcount count = { .single = 0, .multi = 0, .total = 0 }; + struct pkgcount count = { .single = 0, .multi = 0, .configfiles = 0,.total = 0 }; struct pkgset *set; struct pkginfo *pkg; @@ -405,7 +407,7 @@ selection = true; /* Verify we don't allow something that will mess up the db. */ -if (pkgset_installed_instances(db_set) 1 +if (pkgset_really_installed_instances(db_set) 1 !selection new_pkgbin-multiarch != multiarch_same) ohshit(_(%s %s (Multi-Arch: %s) is not co-installable with %s which has multiple installed instances), diff -Nru dpkg-1.17.5ubuntu5/lib/dpkg/pkg.c dpkg-1.17.5ubuntu6/lib/dpkg/pkg.c --- dpkg-1.17.5ubuntu5/lib/dpkg/pkg.c 2013-12-10 07:15:02.0 +0100 +++ dpkg-1.17.5ubuntu6/lib/dpkg/pkg.c 2014-03-20 21:52:08.0 +0100 @@ -37,13 +37,18 @@ { if (pkg-status == status) return; - else if (pkg-status == stat_notinstalled) + if (pkg-status == stat_notinstalled) pkg-set-installed_instances++; else if (status == stat_notinstalled) pkg-set-installed_instances--; assert(pkg-set-installed_instances = 0); +if((pkg-status == stat_notinstalled || pkg-status == stat_configfiles) (status != stat_notinstalled status != stat_configfiles)) +pkg-set-really_installed_instances++; +else if ((pkg-status != stat_notinstalled pkg-status != stat_configfiles) (status == stat_notinstalled || status == stat_configfiles)) +pkg-set-really_installed_instances--; + pkg-status = status; } @@ -145,6 +150,7 @@ set-depended.installed = NULL; pkg_blank(set-pkg); set-installed_instances = 0; + set-really_installed_instances = 0; set-pkg.set = set; set-pkg.arch_next = NULL; } @@ -176,6 +182,12 @@ return set-installed_instances; } +int +pkgset_really_installed_instances(struct pkgset *set) +{ + return set-really_installed_instances; +} + /** * Check if a pkg is informative. *