1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
apt (1.6~rc1) unstable; urgency=medium
Seccomp sandboxing has been turned off by default for now. If it works
for you, you are encouraged to re-enable it by setting APT::Sandbox::Seccomp
to true.
-- Julian Andres Klode <jak@debian.org> Fri, 06 Apr 2018 14:14:29 +0200
apt (1.6~beta1) unstable; urgency=medium
APT now verifies that the date of Release files is not in the future. By
default, it may be 10 seconds in the future to allow for some clock drift.
Two new configuration options can be used to tweak the behavior:
Acquire::Check-Date
Acquire::Max-DateFuture
These can be overridden in sources.list entries using the check-date
and date-future-max options. Note that disabling check-date also
disables checks on valid-until: It is considered to mean that your
machine's time is not reliable.
-- Julian Andres Klode <jak@debian.org> Mon, 26 Feb 2018 13:14:13 +0100
apt (1.6~alpha1) unstable; urgency=medium
All methods provided by apt except for cdrom, gpgv, and rsh now
use seccomp-BPF sandboxing to restrict the list of allowed system
calls, and trap all others with a SIGSYS signal. Three options
can be used to configure this further:
APT::Sandbox::Seccomp is a boolean to turn it on/off
APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap
APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow
Also, sandboxing is now enabled for the mirror method.
-- Julian Andres Klode <jak@debian.org> Mon, 23 Oct 2017 01:58:18 +0200
apt (1.5~beta1) unstable; urgency=medium
[ New HTTPS method ]
The default http method now supports HTTPS itself, including encrypted proxies
and connecting to HTTPS sites via HTTPS proxies; and the apt-transport-https
package only provides a "curl+https" method now as a fallback, but will be
removed shortly. If TLS support is unwanted, it can be disabled overall by
setting the option Acquire::AllowTLS to "false".
As for backwards compatibility, the options IssuerCert and SslForceVersion
are not supported anymore, and any specified certificate files must in the
PEM format (curl might have allowed DER files as well).
[ Changes to unauthenticated repositories ]
The security exception for apt-get to only raise warnings if it encounters
unauthenticated repositories in the "update" command is gone now, so that it
will raise errors just like apt and all other apt-based front-ends do since
at least apt version 1.3.
It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
behaviour of apt-get by setting the option
Binary::apt-get::Acquire::AllowInsecureRepositories "true";
See apt-secure(8) manpage for configuration details.
[ Release Info Changes ]
If values like Origin, Label, and Codename change in a Release file,
update fails, or asks a user (if interactive). Various
--allow-releaseinfo-change are provided for non-interactive use.
-- Julian Andres Klode <jak@debian.org> Mon, 03 Jul 2017 15:09:23 +0200
apt (1.4.2) unstable; urgency=medium
If periodic updates and unattended upgrades are enabled, the start of
periodic updates are now distributed over 24 hour intervals (as in 1.2
to 1.4), whereas starting unattended-upgrade has been restricted to a
time between 6 and 7 am. This only affects systems using systemd, other
systems still use the classical hourly cron job.
-- Julian Andres Klode <jak@debian.org> Thu, 04 May 2017 22:54:02 +0200
apt (1.4~beta1) unstable; urgency=medium
Support for GPG signatures using the SHA1 or RIPE-MD/160 hash
algorithms has been disabled. Repositories using Release files
signed in such a way will stop working. This change has been made
due to security considerations, especially with regards to possible
further breakthroughs in SHA1 breaking during the lifetime
of this APT release series.
It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
behaviour by setting the options
APT::Hashes::SHA1::Weak "yes";
APT::Hashes::RIPE-MD/160::Weak "yes";
Note that setting these options only affects the verification of the overall
repository signature.
-- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100
apt (1.2~exp1) experimental; urgency=medium
[ Automatic removal of debs after install ]
After packages are successfully installed by apt(8),
the corresponding .deb package files will be
removed from the /var/cache/apt/archives cache directory.
This can be changed by setting the apt configuration option
"Binary::apt::APT::Keep-Downloaded-Packages" to "true". E.g:
# echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' \
> /etc/apt/apt.conf.d/01keep-debs
Please note that the behavior of apt-get is unchanged. The
downloaded debs will be kept in the cache directory after they
are installed. To enable the behavior for other tools, you can set
"APT::Keep-Downloaded-Packages" to false.
[ Compressed indices ]
If you use Acquire::gzipIndexes, or any other compressed index targets,
those will now be compressed with the fastest supported algorithm,
currently lz4.
-- Michael Vogt <mvo@debian.org> Tue, 05 Jan 2016 19:22:16 +0100
apt (1.1~exp9) experimental; urgency=medium
A new algorithm for pinning has been implemented, it now assigns a
pin priority to a version instead of assigning a pin to a package.
This might break existing corner cases of pinning, if they use multiple
pins involving the same package name or patterns matching the same
package name, but should overall lead to pinning that actually works
as intended and documented.
-- Julian Andres Klode <jak@debian.org> Mon, 17 Aug 2015 14:45:17 +0200
apt (0.8.11) unstable; urgency=low
* apt-get install pkg/experimental will now not only switch the
candidate of package pkg to the version from the release experimental
but also of all dependencies of pkg if the current candidate can't
satisfy a versioned dependency.
-- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100
apt (0.7.26~exp3) experimental; urgency=low
* apt-ftparchive now reads the standard configuration files in
/etc/apt/apt.conf and /etc/apt/apt.conf.d.
-- Julian Andres Klode <jak@debian.org> Fri, 26 Mar 2010 15:34:16 +0100
apt (0.7.24) unstable; urgency=low
* Already included in the last version but now with better documentation
is the possibility to add/prefer different compression types while
downloading archive information, which can decrease the time needed for
update on slow machines. See apt.conf (5) manpage for details.
* APT manages his manpage translations now with po4a, thanks to Nicolas
François and Kurasawa Nozomu, who also provide the ja translation.
Thanks to Christian Perrier we have already a fr translation and
a few more are hopefully added in the near future.
* This version also introduces some _experimental_ configuration options
to make more aggressive use of dpkg's triggers. If you want to help
testing these _experimental_ options see apt.conf (5) manpage.
-- David Kalnischkies <kalnischkies@gmail.com> Thu, 24 Sep 2009 15:13:16 +0200
apt (0.7.23) unstable; urgency=low
* Code that determines which proxy to use was changed. Now
'Acquire::{http,ftp}::Proxy[::<host>]' options have the highest priority,
and '{http,ftp}_proxy' environment variables are used only if options
mentioned above are not specified.
-- Eugene V. Lyubimkin <jackyf.devel@gmail.com> Thu, 19 Aug 2009 11:26:16 +0200
apt (0.6.44) unstable; urgency=low
* apt-ftparchive --db now uses Berkeley DB_BTREE instead of DB_HASH.
If you use a database created by an older version of apt, delete
it and allow it to be recreated the next time.
-- Michael Vogt <mvo@debian.org> Wed, 26 Apr 2006 12:57:53 +0200
apt (0.5.25) unstable; urgency=low
* apt-ftparchive --db now uses Berkeley DB version 4.2. If used with a
database created by an older version of apt, an attempt will be made
to upgrade the database, but this may not work in all cases. If your
database is not automatically upgraded, delete it and allow it to be
recreated the next time.
-- Matt Zimmerman <mdz@debian.org> Sat, 8 May 2004 12:38:07 -0700
|