Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.7 2016-03-15T17:55:02Z 2016-03-15T17:55:02Z Michael Vogt mvo@ubuntu.com 2016-03-15T12:13:54Z urn:sha1:0390edd5452b081f8efcf412f96d535a1d959457 The problemresolver will set the candidate version for pkg P back to the current version if it encounters an impossible to satisfy critical dependency on P. However it did not set the State of the package back as well which lead to a situation where P is neither in Keep,Install,Upgrade,Delete state. Note that this can not be tested via the traditional sh based framework. I added a python-apt based test for this. LP: #1550741 [jak@debian.org: Make the test not fail if apt_pkg cannot be imported] 2016-03-14T12:49:25Z Julian Andres Klode jak@debian.org 2016-03-14T12:49:25Z urn:sha1:0cbb7e29c5dad2178896d8eaf41ad616bb0111da This was wrong and caused some issues because apt-key invoked host apt-config with our library. Gbp-Dch: ignore 2016-03-14T12:46:33Z Julian Andres Klode jak@debian.org 2016-03-14T12:24:17Z urn:sha1:493a813e8a743cfe763bf5eb18073ef9f51dabc2 This makes the test suite safe if we ever need to reject SHA1 signatures in an update. 2016-03-14T10:54:08Z David Kalnischkies david@kalnischkies.de 2016-03-13T21:44:37Z urn:sha1:d4c45145553781418c25343ac1478f62da645851 The structure we parse the data into has a dedicated size field, but it tends to be easier to handle it as a (very weak) checksum. 2016-03-14T10:47:19Z David Kalnischkies david@kalnischkies.de 2016-03-13T00:02:30Z urn:sha1:b7a1076f18022cbeb7baf4d82ab8bae0f725a573 The URI descibing an item can change via mirrors/redirectors which causes the .diff/Index files to get the wrong names in storage. Git-Dch: Ignore 2016-03-14T10:47:19Z David Kalnischkies david@kalnischkies.de 2016-03-10T12:06:29Z urn:sha1:915f4ac6d9ae239bd1aef47892075d019ec8b581 All other interactions with std::cout are flushed directly, just in the stop case we hadn't done it – no problem expect if there is still output coming after apt is done like in the case of a post-invoke script producing output. Closes: 793672 2016-03-14T10:47:19Z David Kalnischkies david@kalnischkies.de 2016-03-13T22:30:05Z urn:sha1:12f40394b3940573c0e63d74722a95148fb1ad39 Iceweasel^WFirefox complains about the missing encoding in its console which can be a bit annoying in interactive sessions, so fixing these issues has no effect on apt itself, but on the testers. Git-Dch: Ignore 2016-03-14T10:47:19Z David Kalnischkies david@kalnischkies.de 2016-03-14T00:09:32Z urn:sha1:4a808deaac462e7714a345dac676c6da294a2ee0 Now that we ignore SHA1-only files it makes sense to require also the provision of hashes for the compressed patches as this was introduced in the same patchset as support for non-SHA1 hashes in the file itself in dak and adding support in other archive creators (if they support pdiffs at all) will likely be in the same batch. The reason for the change itself is simple: If you are 'scared' enough about the security of SHA1, you shouldn't uncompress a file you haven't verified at all – after all, it could be exploiting a bug or a zip bomb. 2016-03-14T10:47:18Z David Kalnischkies david@kalnischkies.de 2016-03-13T20:49:37Z urn:sha1:8d0d92558c00d1825e413ce67be51a46a5c18aea Given that we refuse to use SHA1-only .diff/Indexes no point in shipping and running code which pretends to check support for it which given that all these tests are run 3 times eats a noticeable amount of time. Git-Dch: Ignore 2016-03-13T12:05:30Z Julian Andres Klode jak@debian.org 2016-03-13T12:05:30Z urn:sha1:f345d0571d055c2cd5da3a9e423753f1ac21a9aa Ensure that .diff/Index files that only contain SHA1 values and no SHA2 values are not used.