1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
apt (2.3.12) unstable; urgency=medium
The solver will no longer try to remove Essential or Protected packages,
any dependency problem that would need such a solution will have to be
resolved manually.
The "Yes, do as I say" prompt for removing essential packages has been
replaced by an error message. The appropriate command-line option needs
to be used instead.
Thank you to Linus Tech Tips and System76 for bringing this issue
to our attention.
-- Julian Andres Klode <jak@debian.org> Wed, 17 Nov 2021 18:26:40 +0100
apt (2.1.16) unstable; urgency=medium
Automatically remove unused kernels on apt {dist,full}-upgrade. To revert
to previous behavior, set APT::Get::AutomaticRemove::Kernels to false or
pass --no-auto-remove to the command. apt-get remains unchanged.
Packages files can now set the Phased-Update-Percentage field to restrict
update rollout to a specified percentage of machines. Previously, this has
only been available to users of Ubuntu's update-manager tool. See
apt_preferences(5) for details and how to configure multiple systems to get
the same updates. Phased updates are disabled in chroots for now to not
break buildd-style setups.
-- Julian Andres Klode <jak@debian.org> Fri, 08 Jan 2021 22:01:50 +0100
apt (1.9.11) experimental; urgency=medium
apt(8) now waits for the lock indefinitely if connected to a tty, or
for 120 seconds if not.
-- Julian Andres Klode <jak@debian.org> Wed, 26 Feb 2020 20:30:33 +0100
apt (1.9.6) experimental; urgency=medium
apt(8) no longer treats package names passed as regular expressions or fnmatch
expressions, requiring the use of patterns (apt-patterns(5)) to perform complex
searches. For ease of use, regular expressions starting with ^ or ending with
$ continue to work.
This fixes the problem where e.g. g++ could mean either "the package g++"
or, if there is no g++ package, "all packages containing g". This change
will propagate to apt-* after the release of Debian bullseye.
-- Julian Andres Klode <jak@debian.org> Wed, 15 Jan 2020 21:45:18 +0100
apt (1.9.5) unstable; urgency=medium
Credentials in apt_auth.conf(5) now only apply to https and tor+https
sources to avoid them being leaked over plaintext (Closes: #945911). To
opt-in to http, add http:// before the hostname. Note that this will transmit
credentials in plain text, which you do not want on devices that could be
operating in an untrusted network.
-- Julian Andres Klode <juliank@ubuntu.com> Mon, 02 Dec 2019 11:45:52 +0100
apt (1.8.0~alpha3) unstable; urgency=medium
The PATH for running dpkg is now configured by the option DPkg::Path,
and defaults to "/usr/sbin:/usr/bin:/sbin:/bin". Previous behavior of
not changing PATH may be restored by setting the option to an empty string.
Support for /etc/apt/auth.conf.d/ has been added, see apt_auth.conf(5).
-- Julian Andres Klode <jak@debian.org> Tue, 18 Dec 2018 15:02:11 +0100
apt (1.6~rc1) unstable; urgency=medium
Seccomp sandboxing has been turned off by default for now. If it works
for you, you are encouraged to re-enable it by setting APT::Sandbox::Seccomp
to true.
-- Julian Andres Klode <jak@debian.org> Fri, 06 Apr 2018 14:14:29 +0200
apt (1.6~beta1) unstable; urgency=medium
APT now verifies that the date of Release files is not in the future. By
default, it may be 10 seconds in the future to allow for some clock drift.
Two new configuration options can be used to tweak the behavior:
Acquire::Check-Date
Acquire::Max-DateFuture
These can be overridden in sources.list entries using the check-date
and date-future-max options. Note that disabling check-date also
disables checks on valid-until: It is considered to mean that your
machine's time is not reliable.
-- Julian Andres Klode <jak@debian.org> Mon, 26 Feb 2018 13:14:13 +0100
apt (1.6~alpha1) unstable; urgency=medium
All methods provided by apt except for cdrom, gpgv, and rsh now
use seccomp-BPF sandboxing to restrict the list of allowed system
calls, and trap all others with a SIGSYS signal. Three options
can be used to configure this further:
APT::Sandbox::Seccomp is a boolean to turn it on/off
APT::Sandbox::Seccomp::Trap is a list of names of more syscalls to trap
APT::Sandbox::Seccomp::Allow is a list of names of more syscalls to allow
Also, sandboxing is now enabled for the mirror method.
-- Julian Andres Klode <jak@debian.org> Mon, 23 Oct 2017 01:58:18 +0200
apt (1.5~beta1) unstable; urgency=medium
[ New HTTPS method ]
The default http method now supports HTTPS itself, including encrypted proxies
and connecting to HTTPS sites via HTTPS proxies; and the apt-transport-https
package only provides a "curl+https" method now as a fallback, but will be
removed shortly. If TLS support is unwanted, it can be disabled overall by
setting the option Acquire::AllowTLS to "false".
As for backwards compatibility, the options IssuerCert and SslForceVersion
are not supported anymore, and any specified certificate files must be in the
PEM format (curl might have allowed DER files as well).
[ Changes to unauthenticated repositories ]
The security exception for apt-get to only raise warnings if it encounters
unauthenticated repositories in the "update" command is gone now, so that it
will raise errors just like apt and all other apt-based front-ends do since
at least apt version 1.3.
It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
behaviour of apt-get by setting the option
Binary::apt-get::Acquire::AllowInsecureRepositories "true";
See apt-secure(8) manpage for configuration details.
[ Release Info Changes ]
If values like Origin, Label, and Codename change in a Release file,
update fails, or asks a user (if interactive). Various
--allow-releaseinfo-change are provided for non-interactive use.
-- Julian Andres Klode <jak@debian.org> Mon, 03 Jul 2017 15:09:23 +0200
apt (1.4.2) unstable; urgency=medium
If periodic updates and unattended upgrades are enabled, the start of
periodic updates are now distributed over 24 hour intervals (as in 1.2
to 1.4), whereas starting unattended-upgrade has been restricted to a
time between 6 and 7 am. This only affects systems using systemd, other
systems still use the classical hourly cron job.
-- Julian Andres Klode <jak@debian.org> Thu, 04 May 2017 22:54:02 +0200
apt (1.4~beta1) unstable; urgency=medium
Support for GPG signatures using the SHA1 or RIPE-MD/160 hash
algorithms has been disabled. Repositories using Release files
signed in such a way will stop working. This change has been made
due to security considerations, especially with regards to possible
further breakthroughs in SHA1 breaking during the lifetime
of this APT release series.
It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
behaviour by setting the options
APT::Hashes::SHA1::Weak "yes";
APT::Hashes::RIPE-MD/160::Weak "yes";
Note that setting these options only affects the verification of the overall
repository signature.
-- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100
apt (1.2~exp1) experimental; urgency=medium
[ Automatic removal of debs after install ]
After packages are successfully installed by apt(8),
the corresponding .deb package files will be
removed from the /var/cache/apt/archives cache directory.
This can be changed by setting the apt configuration option
"Binary::apt::APT::Keep-Downloaded-Packages" to "true". E.g:
# echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' \
> /etc/apt/apt.conf.d/01keep-debs
Please note that the behavior of apt-get is unchanged. The
downloaded debs will be kept in the cache directory after they
are installed. To enable the behavior for other tools, you can set
"APT::Keep-Downloaded-Packages" to false.
[ Compressed indices ]
If you use Acquire::gzipIndexes, or any other compressed index targets,
those will now be compressed with the fastest supported algorithm,
currently lz4.
-- Michael Vogt <mvo@debian.org> Tue, 05 Jan 2016 19:22:16 +0100
apt (1.1~exp9) experimental; urgency=medium
A new algorithm for pinning has been implemented, it now assigns a
pin priority to a version instead of assigning a pin to a package.
This might break existing corner cases of pinning, if they use multiple
pins involving the same package name or patterns matching the same
package name, but should overall lead to pinning that actually works
as intended and documented.
-- Julian Andres Klode <jak@debian.org> Mon, 17 Aug 2015 14:45:17 +0200
apt (0.8.11) unstable; urgency=low
* apt-get install pkg/experimental will now not only switch the
candidate of package pkg to the version from the release experimental
but also of all dependencies of pkg if the current candidate can't
satisfy a versioned dependency.
-- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100
apt (0.7.26~exp3) experimental; urgency=low
* apt-ftparchive now reads the standard configuration files in
/etc/apt/apt.conf and /etc/apt/apt.conf.d.
-- Julian Andres Klode <jak@debian.org> Fri, 26 Mar 2010 15:34:16 +0100
apt (0.7.24) unstable; urgency=low
* Already included in the last version but now with better documentation
is the possibility to add/prefer different compression types while
downloading archive information, which can decrease the time needed for
update on slow machines. See apt.conf (5) manpage for details.
* APT manages his manpage translations now with po4a, thanks to Nicolas
François and Kurasawa Nozomu, who also provide the ja translation.
Thanks to Christian Perrier we have already a fr translation and
a few more are hopefully added in the near future.
* This version also introduces some _experimental_ configuration options
to make more aggressive use of dpkg's triggers. If you want to help
testing these _experimental_ options see apt.conf (5) manpage.
-- David Kalnischkies <kalnischkies@gmail.com> Thu, 24 Sep 2009 15:13:16 +0200
apt (0.7.23) unstable; urgency=low
* Code that determines which proxy to use was changed. Now
'Acquire::{http,ftp}::Proxy[::<host>]' options have the highest priority,
and '{http,ftp}_proxy' environment variables are used only if options
mentioned above are not specified.
-- Eugene V. Lyubimkin <jackyf.devel@gmail.com> Thu, 19 Aug 2009 11:26:16 +0200
apt (0.6.44) unstable; urgency=low
* apt-ftparchive --db now uses Berkeley DB_BTREE instead of DB_HASH.
If you use a database created by an older version of apt, delete
it and allow it to be recreated the next time.
-- Michael Vogt <mvo@debian.org> Wed, 26 Apr 2006 12:57:53 +0200
apt (0.5.25) unstable; urgency=low
* apt-ftparchive --db now uses Berkeley DB version 4.2. If used with a
database created by an older version of apt, an attempt will be made
to upgrade the database, but this may not work in all cases. If your
database is not automatically upgraded, delete it and allow it to be
recreated the next time.
-- Matt Zimmerman <mdz@debian.org> Sat, 8 May 2004 12:38:07 -0700
|