Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.8 2016-03-21T21:47:17Z 2016-03-21T21:47:17Z David Kalnischkies david@kalnischkies.de 2016-03-21T17:47:10Z urn:sha1:8fa99570816d3a644a9c4386c6a8f2ca21480329 Using erase(pos) is invalid in our case here as pos must be a valid and derefenceable iterator, which isn't the case for an end-iterator (like if we had no good signature). The problem runs deeper still through as VALIDSIG is a keyid while GOODSIG is just a longid so comparing them will always fail. Closes: 818910 2016-03-19T08:48:44Z David Kalnischkies david@kalnischkies.de 2016-03-18T10:37:31Z urn:sha1:28b2efcb190edd97b802ac9055eaf417f141f724 On launchpad #1558484 a user reports that @ in the authentication tokens parsing of sources.list isn't working in an older (precise) version. It isn't the recommended way of specifying passwords and co (auth.conf is), but we can at least test for regressions (and in this case test at all… who was that "clever" boy disabling a test with exit……… oh, nevermind. Git-Dch: Ignore 2016-03-17T11:49:03Z Julian Andres Klode jak@debian.org 2016-03-17T11:49:03Z urn:sha1:6970f6e6c73116e7c5b488eefe81cd4de98c9170 There is no point in resolving all addresses to their names, this just seriously slows the setup phase down. So just pass -n to not resolve names anymore. Gbp-Dch: ignore 2016-03-15T17:55:02Z Michael Vogt mvo@ubuntu.com 2016-03-15T12:13:54Z urn:sha1:0390edd5452b081f8efcf412f96d535a1d959457 The problemresolver will set the candidate version for pkg P back to the current version if it encounters an impossible to satisfy critical dependency on P. However it did not set the State of the package back as well which lead to a situation where P is neither in Keep,Install,Upgrade,Delete state. Note that this can not be tested via the traditional sh based framework. I added a python-apt based test for this. LP: #1550741 [jak@debian.org: Make the test not fail if apt_pkg cannot be imported] 2016-03-14T12:49:25Z Julian Andres Klode jak@debian.org 2016-03-14T12:49:25Z urn:sha1:0cbb7e29c5dad2178896d8eaf41ad616bb0111da This was wrong and caused some issues because apt-key invoked host apt-config with our library. Gbp-Dch: ignore 2016-03-14T12:46:33Z Julian Andres Klode jak@debian.org 2016-03-14T12:24:17Z urn:sha1:493a813e8a743cfe763bf5eb18073ef9f51dabc2 This makes the test suite safe if we ever need to reject SHA1 signatures in an update. 2016-03-13T12:01:14Z Julian Andres Klode jak@debian.org 2016-03-13T11:21:09Z urn:sha1:51c04562559d0924aa52cc8c9b69901bc8a5c945 SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this. 2016-03-06T08:39:30Z David Kalnischkies david@kalnischkies.de 2016-02-16T15:02:46Z urn:sha1:a66e1837812cefc1f08788f8696724d4931e8022 This way we hopefully notice (new) warnings in this little helper. Git-Dch: Ignore 2016-02-04T17:13:05Z Julian Andres Klode jak@debian.org 2016-02-04T17:13:05Z urn:sha1:eb5113c486955d9cd66126aa59d3a27e52c52e58 2016-01-27T15:39:52Z David Kalnischkies david@kalnischkies.de 2016-01-27T14:28:17Z urn:sha1:6fc2e03084c7e027c2b9a63c1fe99ff743aae3b6 The Date field in the Release file is useful to avoid allowing an attacker to 'downgrade' a user to earlier Release files (and hence to older states of the archieve with open security bugs). It is also needed to allow a user to define min/max values for the validation of a Release file (with or without the Release file providing a Valid-Until field). APT wasn't formally requiring this field before through and (agrueable not binding and still incomplete) online documentation declares it optional (until now), so we downgrade the error to a warning for now to give repository creators a bit more time to adapt – the bigger ones should have a Date field for years already, so the effected group should be small in any case. It should be noted that earlier apt versions had this as an error already, but only showed it if a Valid-Until field was present (or the user tried to used the configuration items for min/max valid-until). Closes: 809329