apt/apt-pkg, branch 1.2.7

Fix bug where the problemresolve can put a pkg into a heisenstate

2016-03-15T17:55:02Z

The problemresolver will set the candidate version for pkg P back to the current version if it encounters an impossible to satisfy critical dependency on P. However it did not set the State of the package back as well which lead to a situation where P is neither in Keep,Install,Upgrade,Delete state. Note that this can not be tested via the traditional sh based framework. I added a python-apt based test for this. LP: #1550741 [jak@debian.org: Make the test not fail if apt_pkg cannot be imported]

apt-pkg/acquire-worker.cc: Introduce 104 Warning message

2016-03-15T11:33:21Z

This can be used by workers to send warnings to the main program. The messages will be passed to _error->Warning() by APT with the URI prepended. We are not going to make that really public now, as the interface might change a bit.

enforce verify of filesize in 'apt-get source'

2016-03-14T10:54:08Z

The structure we parse the data into has a dedicated size field, but it tends to be easier to handle it as a (very weak) checksum.

don't use Desc.URI to calculate .diff/Index filenames

2016-03-14T10:47:19Z

The URI descibing an item can change via mirrors/redirectors which causes the .diff/Index files to get the wrong names in storage. Git-Dch: Ignore

streamline dpkgpm cleanup-handling

2016-03-14T10:47:19Z

The (unlikely) waitpid failure case should fallthrough the code just like the other failures (and successes) instead of taking a shortcut avoiding all the cleanup (progress) and finishing touches (log, state). This also delays the cleanup of the progress until apt is really done with everything and "just" has the post-invokes left to do, so the period of 'apt looks finished as it stopped the progress' and 'apt really finished as I have the shell-prompt back' is shorter even if there is no progress reported anymore, so the bar lingers at 100%… Ideally even the post-invokes would be covered by progress, but they can have their own output and dealing with that could be hard. Git-Dch: Ignore

flush line-clearing on progress stop before post-invoke

2016-03-14T10:47:19Z

All other interactions with std::cout are flushed directly, just in the stop case we hadn't done it – no problem expect if there is still output coming after apt is done like in the case of a post-invoke script producing output. Closes: 793672

require $(HASH)-Download field in .diff/Index files

2016-03-14T10:47:19Z

Now that we ignore SHA1-only files it makes sense to require also the provision of hashes for the compressed patches as this was introduced in the same patchset as support for non-SHA1 hashes in the file itself in dak and adding support in other archive creators (if they support pdiffs at all) will likely be in the same batch. The reason for the change itself is simple: If you are 'scared' enough about the security of SHA1, you shouldn't uncompress a file you haven't verified at all – after all, it could be exploiting a bug or a zip bomb.

Do not consider SHA1 usable

2016-03-13T12:01:14Z

SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this.

apt-pkg/algorithms.cc: Avoid stack buffer overflow in KillList

2016-03-07T00:41:39Z

Dynamically allocate KillList in order to avoid an overflow when more than 100 elements would be written to it. This happened while playing around with the status file from Bug#701069 on a modern system.

Fix several typos

2016-03-06T23:14:48Z

This effectively merges branch 'typofixes-vlajos-20150807' of github.com:vlajos/apt with the following commit: commit 13cacb3e2e2352ba701e769fc889e3344fabbf7e Author: Veres Lajos Date: Sun Aug 9 00:12:53 2015 +0100 typofix - https://github.com/vlajos/misspell_fixer It has been rebased for a better commit message.