[Touch-packages] [Bug 1638021] Re: [SRU] Update apt/xenial to 1.2.15
This bug was fixed in the package apt - 1.2.15 --- apt (1.2.15) xenial; urgency=medium New micro release with bug fixes up to (and including) 1.3.1 (LP: #1638021) [ Julian Andres Klode ] * methods/ftp: Cope with weird PASV responses. Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) * cache: Bump minor version to 6 * indextargets: Check that cache could be built before using it (Closes: #829651) * gpgv: Unlink the correct temp file in error case * fileutl: empty file support: Avoid fstat() on -1 fd and check result * Ignore SIGINT and SIGQUIT for Pre-Install hooks * install-progress: Call the real ::fork() in our fork() method * Accept --autoremove as alias for --auto-remove * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary * changelog: Respect Dir setting for local changelog getting * Fix segfault and out-of-bounds read in Binary fields * Merge translations from 1.3~rc3 * TagFile: Fix off-by-one errors in comment stripping * Base256ToNum: Fix uninitialized value * VersionHash: Do not skip too long dependency lines * Do not read stderr from proxy autodetection scripts [ Nicolas Le Cam ] * Use the ConditionACPower feature of systemd in the apt-daily service (Closes: #827930) [ David Kalnischkies ] * close server if parsing of header field failed * don't do atomic overrides with failed files (Closes: 828908) * if reading of autobit state failed, let write fail * write auto-bits before calling dpkg & again after if needed * factor out Pkg/DepIterator prettyprinters into own header * protect only the latest same-source providers from autoremove * reinstalling local deb file is no downgrade * do not treat same-version local debs as downgrade * avoid 416 response teardown binding to null pointer * don't change owner/perms/times through file:// symlinks * report all instead of first error up the acquire chain * keep trying with next if connection to a SRV host failed * call flush on the wrapped writebuffered FileFd * verify hash of input file in rred * use proper warning for automatic pipeline disable * rred: truncate result file before writing to it (Closes: #831762) * if the FileFd failed already following calls should fail, too * pass --force-remove-essential to dpkg only if needed * allow user@host (aka: no password) in URI parsing * drop incorrect const attribute from DirectoryExists (LP: 1473674) * http(s): allow empty values for header fields (Closes: 834048) * don't try pipelining if server closes connections (Closes: #832113) * don't loop on pinning pkgs from absolute debs by regex (Closes: 835818) * try not to call memcpy with length 0 in hash calculations * abort connection on '.' target replies in SRV [ Andrew Patterson ] * Add kernels with "+" in the package name to APT::NeverAutoRemove (Closes: #830159) [ Mert Dirik ] * Turkish program translation update (Closes: 832039) [ Zhou Mo ] * zh_CN.po: update simplified chinese translation -- Julian Andres Klode Mon, 31 Oct 2016 15:29:08 +0100 ** Changed in: apt (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1638021 Title: [SRU] Update apt/xenial to 1.2.15 Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Fix Released Bug description: [Impact] 1.2.15 is a somewhat larger bugfix release because I screwed up a bit with backporting fixes: 1.2.14 was released in June, and quite a few bugs have been fixed since then in the 1.3 series, but I never managed to release a new 1.2.y release. See Bug #1595177 for the 1.2.14 details. This changes the cache format to fix buffer overflows (the cache format is in sync with the 1.3 series and thus has the same version number). It also fixes several invalid states in the updating code (where we got mismatches before). Then there are several smaller bugfixes and more checks for file sanity I cannot really all recall, and some translation updates. This release also changes the autoremoval algorithm to only protect the latest same-source provider of a given package. infinity wanted this in for handling virtual ZFS modules provided by the kernel causing the kernels not to be autoremoved or something. We have this code in Debian testing and unstable since 1.3~pre1 early July and its in yakkety, and are reasonably sure it's stable now. This change also needs the two refactoring commits for the removal methods and the new pretty printers mentioned in the changelog. apt (1.2.15) xenial; urgency=medium [ Julian Andres Klode ] * methods/ftp: Cope with weird PASV responses. Thanks to Lukasz Stelmach for the initial
[Touch-packages] [Bug 1638021] Re: [SRU] Update apt/xenial to 1.2.15
It's been more than a month now that I've been running that on my server, and no regressions popped up, so I think we are good to go. And the individual bugs have automatic test cases if they can be tested, so there's no point in going over each of them individually and doing the same tests manually. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1638021 Title: [SRU] Update apt/xenial to 1.2.15 Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Fix Committed Bug description: [Impact] 1.2.15 is a somewhat larger bugfix release because I screwed up a bit with backporting fixes: 1.2.14 was released in June, and quite a few bugs have been fixed since then in the 1.3 series, but I never managed to release a new 1.2.y release. See Bug #1595177 for the 1.2.14 details. This changes the cache format to fix buffer overflows (the cache format is in sync with the 1.3 series and thus has the same version number). It also fixes several invalid states in the updating code (where we got mismatches before). Then there are several smaller bugfixes and more checks for file sanity I cannot really all recall, and some translation updates. This release also changes the autoremoval algorithm to only protect the latest same-source provider of a given package. infinity wanted this in for handling virtual ZFS modules provided by the kernel causing the kernels not to be autoremoved or something. We have this code in Debian testing and unstable since 1.3~pre1 early July and its in yakkety, and are reasonably sure it's stable now. This change also needs the two refactoring commits for the removal methods and the new pretty printers mentioned in the changelog. apt (1.2.15) xenial; urgency=medium [ Julian Andres Klode ] * methods/ftp: Cope with weird PASV responses. Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) * cache: Bump minor version to 6 * indextargets: Check that cache could be built before using it (Closes: #829651) * gpgv: Unlink the correct temp file in error case * fileutl: empty file support: Avoid fstat() on -1 fd and check result * Ignore SIGINT and SIGQUIT for Pre-Install hooks * install-progress: Call the real ::fork() in our fork() method * Accept --autoremove as alias for --auto-remove * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary * changelog: Respect Dir setting for local changelog getting * Fix segfault and out-of-bounds read in Binary fields * Merge translations from 1.3~rc3 * TagFile: Fix off-by-one errors in comment stripping * Base256ToNum: Fix uninitialized value * VersionHash: Do not skip too long dependency lines * Do not read stderr from proxy autodetection scripts [ Nicolas Le Cam ] * Use the ConditionACPower feature of systemd in the apt-daily service (Closes: #827930) [ David Kalnischkies ] * close server if parsing of header field failed * don't do atomic overrides with failed files (Closes: 828908) * if reading of autobit state failed, let write fail * write auto-bits before calling dpkg & again after if needed * factor out Pkg/DepIterator prettyprinters into own header * protect only the latest same-source providers from autoremove * reinstalling local deb file is no downgrade * do not treat same-version local debs as downgrade * avoid 416 response teardown binding to null pointer * don't change owner/perms/times through file:// symlinks * report all instead of first error up the acquire chain * keep trying with next if connection to a SRV host failed * call flush on the wrapped writebuffered FileFd * verify hash of input file in rred * use proper warning for automatic pipeline disable * rred: truncate result file before writing to it (Closes: #831762) * if the FileFd failed already following calls should fail, too * pass --force-remove-essential to dpkg only if needed * allow user@host (aka: no password) in URI parsing * drop incorrect const attribute from DirectoryExists (LP: 1473674) * http(s): allow empty values for header fields (Closes: 834048) * don't try pipelining if server closes connections (Closes: #832113) * don't loop on pinning pkgs from absolute debs by regex (Closes: 835818) * try not to call memcpy with length 0 in hash calculations * abort connection on '.' target replies in SRV [ Andrew Patterson ] * Add kernels with "+" in the package name to APT::NeverAutoRemove (Closes: #830159) [ Mert Dirik ] * Turkish program translation update (Closes: 832039) [ Zhou Mo ] * zh_C
[Touch-packages] [Bug 1638021] Re: [SRU] Update apt/xenial to 1.2.15
Hello Julian, or anyone else affected, Accepted apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.2.15 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apt (Ubuntu Xenial) Status: New => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1638021 Title: [SRU] Update apt/xenial to 1.2.15 Status in apt package in Ubuntu: Fix Released Status in apt source package in Xenial: Fix Committed Bug description: [Impact] 1.2.15 is a somewhat larger bugfix release because I screwed up a bit with backporting fixes: 1.2.14 was released in June, and quite a few bugs have been fixed since then in the 1.3 series, but I never managed to release a new 1.2.y release. See Bug #1595177 for the 1.2.14 details. This changes the cache format to fix buffer overflows (the cache format is in sync with the 1.3 series and thus has the same version number). It also fixes several invalid states in the updating code (where we got mismatches before). Then there are several smaller bugfixes and more checks for file sanity I cannot really all recall, and some translation updates. This release also changes the autoremoval algorithm to only protect the latest same-source provider of a given package. infinity wanted this in for handling virtual ZFS modules provided by the kernel causing the kernels not to be autoremoved or something. We have this code in Debian testing and unstable since 1.3~pre1 early July and its in yakkety, and are reasonably sure it's stable now. This change also needs the two refactoring commits for the removal methods and the new pretty printers mentioned in the changelog. apt (1.2.15) xenial; urgency=medium [ Julian Andres Klode ] * methods/ftp: Cope with weird PASV responses. Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) * cache: Bump minor version to 6 * indextargets: Check that cache could be built before using it (Closes: #829651) * gpgv: Unlink the correct temp file in error case * fileutl: empty file support: Avoid fstat() on -1 fd and check result * Ignore SIGINT and SIGQUIT for Pre-Install hooks * install-progress: Call the real ::fork() in our fork() method * Accept --autoremove as alias for --auto-remove * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary * changelog: Respect Dir setting for local changelog getting * Fix segfault and out-of-bounds read in Binary fields * Merge translations from 1.3~rc3 * TagFile: Fix off-by-one errors in comment stripping * Base256ToNum: Fix uninitialized value * VersionHash: Do not skip too long dependency lines * Do not read stderr from proxy autodetection scripts [ Nicolas Le Cam ] * Use the ConditionACPower feature of systemd in the apt-daily service (Closes: #827930) [ David Kalnischkies ] * close server if parsing of header field failed * don't do atomic overrides with failed files (Closes: 828908) * if reading of autobit state failed, let write fail * write auto-bits before calling dpkg & again after if needed * factor out Pkg/DepIterator prettyprinters into own header * protect only the latest same-source providers from autoremove * reinstalling local deb file is no downgrade * do not treat same-version local debs as downgrade * avoid 416 response teardown binding to null pointer * don't change owner/perms/times through file:// symlinks * report all instead of first error up the acquire chain * keep trying with next if connection to a SRV host failed * call flush on the wrapped writebuffered FileFd * verify hash of input file in rred * use proper warning for automatic pipeline disable * rred: truncate result file before writing to it (Closes: #831762) * if the FileFd failed already following calls should fail, too * pass --force-remove-essential to
[Touch-packages] [Bug 1638021] Re: [SRU] Update apt/xenial to 1.2.15
** Description changed: [Impact] 1.2.15 is a somewhat larger bugfix release because I screwed up a bit with backporting fixes: 1.2.14 was released in June, and quite a few bugs have been fixed since then in the 1.3 series, but I never managed to release a new 1.2.y release. See Bug #1595177 for the 1.2.14 details. This changes the cache format to fix buffer overflows (the cache format is in sync with the 1.3 series and thus has the same version number). It also fixes several invalid states in the updating code (where we got mismatches before). Then there are several smaller bugfixes and more checks for file sanity I cannot really all recall, and some translation updates. This release also changes the autoremoval algorithm to only protect the latest same-source provider of a given package. infinity wanted this in for handling virtual ZFS modules provided by the kernel causing the kernels not to be autoremoved or something. We have this code in Debian testing and unstable since 1.3~pre1 early July and its in yakkety, and - are reasonably sure it's stable now. + are reasonably sure it's stable now. This change also needs the two + refactoring commits for the removal methods and the new pretty printers + mentioned in the changelog. apt (1.2.15) xenial; urgency=medium - (Most bugfixes until to and including 1.3.1) + [ Julian Andres Klode ] + * methods/ftp: Cope with weird PASV responses. + Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) + * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) + * cache: Bump minor version to 6 + * indextargets: Check that cache could be built before using it + (Closes: #829651) + * gpgv: Unlink the correct temp file in error case + * fileutl: empty file support: Avoid fstat() on -1 fd and check result + * Ignore SIGINT and SIGQUIT for Pre-Install hooks + * install-progress: Call the real ::fork() in our fork() method + * Accept --autoremove as alias for --auto-remove + * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary + * changelog: Respect Dir setting for local changelog getting + * Fix segfault and out-of-bounds read in Binary fields + * Merge translations from 1.3~rc3 + * TagFile: Fix off-by-one errors in comment stripping + * Base256ToNum: Fix uninitialized value + * VersionHash: Do not skip too long dependency lines + * Do not read stderr from proxy autodetection scripts - [ Julian Andres Klode ] - * methods/ftp: Cope with weird PASV responses. - Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) - * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) - * cache: Bump minor version to 6 - * indextargets: Check that cache could be built before using it - (Closes: #829651) - * gpgv: Unlink the correct temp file in error case - * fileutl: empty file support: Avoid fstat() on -1 fd and check result - * Ignore SIGINT and SIGQUIT for Pre-Install hooks - * install-progress: Call the real ::fork() in our fork() method - * Accept --autoremove as alias for --auto-remove - * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary - * changelog: Respect Dir setting for local changelog getting - * Fix segfault and out-of-bounds read in Binary fields - * Merge translations from 1.3~rc3 - * TagFile: Fix off-by-one errors in comment stripping - * Base256ToNum: Fix uninitialized value - * VersionHash: Do not skip too long dependency lines - * Do not read stderr from proxy autodetection scripts + [ Nicolas Le Cam ] + * Use the ConditionACPower feature of systemd in the apt-daily service + (Closes: #827930) - [ Nicolas Le Cam ] - * Use the ConditionACPower feature of systemd in the apt-daily service - (Closes: #827930) + [ David Kalnischkies ] + * close server if parsing of header field failed + * don't do atomic overrides with failed files (Closes: 828908) + * if reading of autobit state failed, let write fail + * write auto-bits before calling dpkg & again after if needed + * factor out Pkg/DepIterator prettyprinters into own header + * protect only the latest same-source providers from autoremove + * reinstalling local deb file is no downgrade + * do not treat same-version local debs as downgrade + * avoid 416 response teardown binding to null pointer + * don't change owner/perms/times through file:// symlinks + * report all instead of first error up the acquire chain + * keep trying with next if connection to a SRV host failed + * call flush on the wrapped writebuffered FileFd + * verify hash of input file in rred + * use proper warning for automatic pipeline disable + * rred: truncate result file before writing to it (Closes: #831762) + * if the FileFd failed already following calls should fail, too + * pass --force-remove-essential to dpkg only if needed + * allow user@host (aka: no password) in URI parsing +
