apt, branch 1.8.0_alpha3.1 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.8.0_alpha3.1 2019-01-22T18:52:42Z Release 1.8.0~alpha3.1 2019-01-22T18:52:42Z Julian Andres Klode julian.klode@canonical.com 2019-01-22T18:51:09Z urn:sha1:f397feb72d964924daa85c8cfad18db3a0570ab7 SECURITY UPDATE: content injection in http method (CVE-2019-3462) 2019-01-22T18:50:36Z Julian Andres Klode julian.klode@canonical.com 2019-01-18T08:13:52Z urn:sha1:c31d65e76810f72c356e381818174bf100605de7 This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353 (cherry picked from commit 5eb01ec13f3ede4bae5e60eb16bd8cffb7c03e1b) Release 1.8.0~alpha3 2018-12-18T14:03:59Z Julian Andres Klode julian.klode@canonical.com 2018-12-18T14:03:59Z urn:sha1:68362f7996f4e72d73b40d61dc821610a1a4a148 Merge branch 'pu/dpkg-path' into 'master' 2018-12-10T17:35:33Z Julian Andres Klode jak@debian.org 2018-12-10T17:35:33Z urn:sha1:d57834a36e6adebbad28819360a984819995b376 Set PATH=/usr/sbin:/usr/bin:/sbin:/bin when running dpkg See merge request apt-team/apt!38 Set PATH=/usr/sbin:/usr/bin:/sbin:/bin when running dpkg 2018-12-10T16:31:24Z Julian Andres Klode julian.klode@canonical.com 2018-12-10T15:52:59Z urn:sha1:806e94dcd8dbdf7bf1909657fd4331cfe17b4ab0 This avoids a lot of problems from local installations of scripting languages and other stuff in /usr/local for which maintainer scripts are not prepared. [v3: Inherit PATH during tests, check overrides work] [v2: Add testing] Merge branch 'pu/netrcparts' into 'master' 2018-12-04T20:14:45Z Julian Andres Klode jak@debian.org 2018-12-04T20:14:45Z urn:sha1:294b5e77a25d2600e7f3ce12a996d1694b5be817 Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) See merge request apt-team/apt!37 Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) 2018-12-04T16:48:41Z Julian Andres Klode julian.klode@canonical.com 2018-12-03T16:39:03Z urn:sha1:bbfcc05c1978decd28df9681fd73e2a7d9a8c2a5 This allows us to install matching auth files for sources.list.d files, for example; very useful. This converts aptmethod's authfd from one FileFd to a vector of pointers to FileFd, as FileFd cannot be copied, and move operators are hard. Override FileFd copy constructor to prevent copying 2018-12-04T15:34:26Z Julian Andres Klode julian.klode@canonical.com 2018-12-04T15:31:07Z urn:sha1:37bdbe03d44975951d2518bb9b3d3636081dca6a FileFd could be copied using the default copy constructor, which does not work, and then causes code to crash. Merge branch 'bugfix/spaceinconfig' into 'master' 2018-12-04T11:53:05Z Julian Andres Klode jak@debian.org 2018-12-04T11:53:05Z urn:sha1:b9d405d4074bb1de10e869038fe9685bf660fd16 Use quoted tagnames in config dumps See merge request apt-team/apt!32 Merge branch 'remove_old_derivatives' into 'master' 2018-12-04T11:52:28Z Julian Andres Klode jak@debian.org 2018-12-04T11:52:28Z urn:sha1:dbf202ff9d20a043855d41f4bea1d954b0cef579 Remove old derivatives See merge request apt-team/apt!31