[ubuntu/xenial-security] apt 1.2.29ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jan 22 12:13:21 UTC 2019
apt (1.2.29ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: content injection in http method (CVE-2019-3462)
(LP: #1812353)
apt (1.2.29) xenial; urgency=medium
* Set DPKG_FRONTEND_LOCKED when running {pre,post}-invoke scripts.
Some post-invoke scripts install packages, which fails because
the environment variable is not set. This sets the variable for
all three kinds of scripts {pre,post-}invoke and pre-install-pkgs,
but we will only allow post-invoke at a later time.
(LP: #1796808)
apt (1.2.28) xenial; urgency=medium
[ Julian Andres Klode ]
* apt.conf.autoremove: Add linux-cloud-tools to list (LP: #1698159)
* Add support for dpkg frontend lock (Closes: #869546) (LP: #1781169)
* Set DPKG_FRONTEND_LOCKED as needed when doing selection changes
* http: Stop pipeline after close only if it was not filled before
(LP: #1794957)
* pkgCacheFile: Only unlock in destructor if locked before (LP: #1794053)
* Update libapt-pkg5.0 symbols for frontend locking
[ David Kalnischkies ]
* Support records larger than 32kb in 'apt show' (Closes: #905527)
(LP: #1787120)
apt (1.2.27) xenial; urgency=medium
[ David Kalnischkies ]
* don't hang if multiple sources use unavailable method (Closes: 870675)
(LP: #1762766)
[ Julian Andres Klode ]
* Fix lock counting in debSystem (LP: #1778547)
* apt.conf.autoremove: Catch some new Ubuntu module packages (LP: #1778551)
apt (1.2.26) xenial; urgency=medium
* Revert "http: A response with Content-Length: 0 has no content"
- broke Content-Length: 0 redirects (in xenial only) (LP: #1751225)
* travis: Migrate to Docker to make CI work again
apt (1.2.25) xenial; urgency=medium
* Microrelease covering 1.4.7 (LP: #1702326) and 1.4.8
[ Robert Luberda ]
* fix a "critical" typo in old changelog entry (Closes: 866358)
[ David Kalnischkies ]
* use port from SRV record instead of initial port
* don't ask an uninit _system for supported archs (LP: #1613184)
[ Julian Andres Klode ]
* Reset failure reason when connection was successful
* http: A response with Content-Length: 0 has no content
* apt-daily: Pull in network-online.target in service, not timer
(LP: #1716973)
[ Balint Reczey ]
* Gracefully terminate process when stopping apt-daily-upgrade (LP: #1690980)
apt (1.2.24) xenial; urgency=medium
* Microrelease covering fixes of 1.4.6
* Fix parsing of or groups in build-deps with ignored packages (LP: #1694697)
* apt.systemd.daily: Use unattended-ugrade --download-only if available.
Instead of passing -d, which enables a debugging mode; check if
unattended-upgrade supports an option --download-only (which is yet
to be implemented) and use that (Closes: #863859)
apt (1.2.23) xenial; urgency=medium
* Microrelease covering fixes of 1.4.4
[ Alan Jenkins ]
* apt.systemd.daily: fix error from locking code (Closes: #862567)
apt (1.2.22) xenial; urgency=medium
[ Julian Andres Klode ]
* Run unattended-upgrade -d in download part
* apt.systemd.daily: Add locking
* Split apt-daily timer into two (LP: #1686470)
[ Matt Kraai ]
* bash-completion: Fix spelling of autoclean (Closes: #861846)
apt (1.2.21) xenial; urgency=medium
* Microrelease covering fixes of 1.4 and 1.4.1
[ Julian Andres Klode ]
* Ignore \.ucf-[a-z]+$ like we do for \.dpkg-[a-z]+$
* systemd: Rework timing and add After=network-online (was LP #1615482)
[ David Kalnischkies ]
* Fix and avoid quoting in CommandLine::AsString (LP: #1672710)
[ Unit 193 ]
* apt-ftparchive: Support '.ddeb' dbgsym packages
apt (1.2.20) xenial; urgency=medium
* Microrelease covering fixes of 1.4~rc2 (LP: #1668285)
[ David Kalnischkies ]
* don't install new deps of candidates for kept back pkgs
* keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
(LP: #1657440)
* reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
* add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
* let {dsc,tar,diff}-only implicitly enable download-only
* don't show update stats if cache generation is disabled
* don't lock dpkg in 'apt-get clean'
* don't lock dpkg in update commands
* avoid validate/delete/load race in cache generation
* remove 'old' FAILED files in the next acquire call (Closes: 846476)
* stop rred from leaking debug messages on recovered errors (Closes: #850759)
[ Paul Wise ]
* show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
[ John R. Lenton ]
* bash-completion: Only complete understood file paths for install
(LP: #1645815)
[ Lukasz Kawczynski ]
* Honour Acquire::ForceIPv4/6 in the https transport
[ Julian Andres Klode ]
* basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
* Only merge acquire items with the same meta key (Closes: #838441)
* Do not package names representing .dsc/.deb/... files (Closes: #854794)
* Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
Thanks to James Clarke for debugging these issues
apt (1.2.19) xenial; urgency=medium
* https: Quote path in URL before passing it to curl (LP: #1651923)
apt (1.2.18) xenial; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
Thanks to Jann Horn, Google Project Zero for reporting the issue
(LP: #1647467)
* gpgv: Flush the files before checking for errors
apt (1.2.17) xenial; urgency=medium
[ David Kalnischkies ]
* apt-key: warn instead of fail on unreadable keyrings (LP: #1642386)
* show apt-key warnings in apt update (Closes: 834973)
[ Julian Andres Klode ]
* test-releasefile-verification: installaptold: Clean up before run
apt (1.2.16) xenial; urgency=medium
[ David Kalnischkies ]
* avoid changing the global LC_TIME for Release writing
* use de-localed std::put_time instead rolling our own
* accept only the expected UTC timezones in date parsing (Closes: 819697)
* avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583)
* imbue datetime parsing with C.UTF-8 locale (Closes: 828011)
* prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044)
* prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010)
(LP: #1592817)
* imbue .diff/Index parsing with C.UTF-8 as well
[ Julian Andres Klode ]
* Use C locale instead of C.UTF-8 for protocol strings
* Add shippable.yml for CI on Shippable
* Revert "if the FileFd failed already following calls should fail, too"
(LP: #1641905)
Date: 2019-01-18 19:56:21.813026+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/apt/1.2.29ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list