Public bug reported:
[Impact]
This collects several bug fixes from the 1.4 branch. Most of the stuff has been
in Debian since 20 days, and in testing since Feb 12.
Fixes in the acquire system - mostly error cases.
* basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
* Only merge acquire items with the same meta key (Closes: #838441)
-> hit often these days, ask Riddel
* get pdiff files from the same mirror as the index
-> we are not really affected by this, but it does not hurt
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
(LP: #1657440)
-> breaks the assumption of adding untrusted repo; installing keyring, and
update
* remove 'old' FAILED files in the next acquire call (Closes: 846476)
* stop rred from leaking debug messages on recovered errors (Closes: #850759)
* http: clear content before reporting the failure (Closes: #465572)
Security improvements - dropping environment variables for workers:
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
Installation ordering changes - that changed a lot in 1.3:
* react to trig-pend only if we have nothing else to do
* correct cross & disappear progress detection
* improve arch-unqualified dpkg-progress parsing
* don't perform implicit crossgrades involving M-A:same
* do not configure unconfigured to be removed packages
* skip unconfigure for unconfigured to-be removed pkgs
* fix minimum pkgs option for dpkg --recursive usage
Locking fixes to reduce chance of breaking running install/upgrade commands:
* don't lock dpkg in 'apt-get clean'
* don't lock dpkg in update commands
Other important fixes:
* Do not package names representing .dsc/.deb/... files (Closes: #854794)
* avoid validate/delete/load race in cache generation
Bugfix to not install garbage because it was a dep of something that was hold
back:
* don't install new deps of candidates for kept back pkgs
Minor fixes:
* let {dsc,tar,diff}-only implicitly enable download-only
* ensure generation of valid EDSP error stanzas
* don't show update stats if cache generation is disabled
* fix 'install --no-download' mode
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
* bash-completion: Only complete understood file paths for install
(LP: #1645815)
* Honour Acquire::ForceIPv4/6 in the https transport
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
Thanks to James Clarke for debugging these issues
* CMake: Install statvfs.h to include/sys, not just include/
[Test case]
Mentioned launchpad bugs have their own test case sections. The rest is checked
in the CI, so we should just do some updates upgrades and check that everything
works.
[Regression Potential]
About 80% of the code difference is covered by test cases. So, there is less
than a 20% chance something is wrong. But I think we would have caught these in
the three weeks or more these changes spent in Debian unstable and (1 week
less) testing.
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1668280
Title:
[SRU] Update apt/yakkety to 1.3.5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1668280/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
