[Bug 1668280] Re: [SRU] Update apt/yakkety to 1.3.5
Launchpad Bug Tracker
1668280 at bugs.launchpad.net
Tue Apr 25 17:56:25 UTC 2017
This bug was fixed in the package apt - 1.3.5
---------------
apt (1.3.5) yakkety; urgency=medium
* Microrelease covering important fixes of 1.4~rc2 (LP: #1668280)
[ David Kalnischkies ]
* don't install new deps of candidates for kept back pkgs
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
(LP: #1657440)
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
* react to trig-pend only if we have nothing else to do
* correct cross & disappear progress detection
* improve arch-unqualified dpkg-progress parsing
* don't perform implicit crossgrades involving M-A:same
* do not configure unconfigured to be removed packages
* skip unconfigure for unconfigured to-be removed pkgs
* get pdiff files from the same mirror as the index
* let {dsc,tar,diff}-only implicitly enable download-only
* ensure generation of valid EDSP error stanzas
* fix minimum pkgs option for dpkg --recursive usage
* don't show update stats if cache generation is disabled
* don't lock dpkg in 'apt-get clean'
* don't lock dpkg in update commands
* avoid validate/delete/load race in cache generation
* fix 'install --no-download' mode
* remove 'old' FAILED files in the next acquire call (Closes: 846476)
* stop rred from leaking debug messages on recovered errors (Closes: #850759)
[ Edgar Fuß ]
* http: clear content before reporting the failure (Closes: #465572)
[ Paul Wise ]
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
[ John R. Lenton ]
* bash-completion: Only complete understood file paths for install
(LP: #1645815)
[ Lukasz Kawczynski ]
* Honour Acquire::ForceIPv4/6 in the https transport
[ Julian Andres Klode ]
* basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
* Only merge acquire items with the same meta key (Closes: #838441)
* Do not package names representing .dsc/.deb/... files (Closes: #854794)
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
Thanks to James Clarke for debugging these issues
* CMake: Install statvfs.h to include/sys, not just include/
-- Julian Andres Klode <juliank at ubuntu.com> Mon, 27 Feb 2017 15:02:40
+0100
** Changed in: apt (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1668280
Title:
[SRU] Update apt/yakkety to 1.3.5
Status in apt package in Ubuntu:
Fix Released
Status in apt source package in Yakkety:
Fix Released
Bug description:
[Impact]
This collects several bug fixes from the 1.4 branch. Most of the stuff has been in Debian since 20 days, and in testing since Feb 12.
Fixes in the acquire system - mostly error cases.
* basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
* Only merge acquire items with the same meta key (Closes: #838441)
-> hit often these days, ask Riddel
* get pdiff files from the same mirror as the index
-> we are not really affected by this, but it does not hurt
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
(LP: #1657440)
-> breaks the assumption of adding untrusted repo; installing keyring, and update
* remove 'old' FAILED files in the next acquire call (Closes: 846476)
* stop rred from leaking debug messages on recovered errors (Closes: #850759)
* http: clear content before reporting the failure (Closes: #465572)
Security improvements - dropping environment variables for workers:
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
Installation ordering changes - that changed a lot in 1.3:
* react to trig-pend only if we have nothing else to do
* correct cross & disappear progress detection
* improve arch-unqualified dpkg-progress parsing
* don't perform implicit crossgrades involving M-A:same
* do not configure unconfigured to be removed packages
* skip unconfigure for unconfigured to-be removed pkgs
* fix minimum pkgs option for dpkg --recursive usage
Locking fixes to reduce chance of breaking running install/upgrade commands:
* don't lock dpkg in 'apt-get clean'
* don't lock dpkg in update commands
Other important fixes:
* Do not package names representing .dsc/.deb/... files (Closes: #854794)
* avoid validate/delete/load race in cache generation
Bugfix to not install garbage because it was a dep of something that was hold back:
* don't install new deps of candidates for kept back pkgs
Minor fixes:
* let {dsc,tar,diff}-only implicitly enable download-only
* ensure generation of valid EDSP error stanzas
* don't show update stats if cache generation is disabled
* fix 'install --no-download' mode
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
* bash-completion: Only complete understood file paths for install
(LP: #1645815)
* Honour Acquire::ForceIPv4/6 in the https transport
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
Thanks to James Clarke for debugging these issues
* CMake: Install statvfs.h to include/sys, not just include/
[Test case]
Mentioned launchpad bugs have their own test case sections. The rest is checked in the CI, so we should just do some updates upgrades and check that everything works.
[Regression Potential]
About 80% of the code difference is covered by test cases. So, there is less than a 20% chance something is wrong. But I think we would have caught these in the three weeks or more these changes spent in Debian unstable and (1 week less) testing.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1668280/+subscriptions
More information about the foundations-bugs
mailing list