support dash-escaped text in clearsigned files as implementations are
free to escape all lines (we have no lines in our files which need
to be escaped as these would be invalid fieldnames) and while ExecGPGV
would detect dash-escaped text as invalid (as its not expected in
messages with detached signatures) it would be possible to "comment"
lines in (signed) dsc files which are only parsed but not verified
* apt-pkg/deb/debindexfile.cc,
apt-pkg/deb/deblistparser.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc and Release files
We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files
- add method to open (maybe) clearsigned files transparently
* ftparchive/writer.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc files
- if ExecGPGV deals with a clear-signed file it will split this file
into data and signatures, pass it to gpgv for verification and
recombines it after that in a known-good way without unsigned blocks
and whitespaces resulting usually in more or less the same file as
before, but later code can be sure about the format
* apt-pkg/deb/debmetaindex.cc:
- reenable InRelease by default
* apt-pkg/acquire-item.cc:
- keep the last good InRelease file around just as we do it with
Release.gpg in case the new one we download isn't good for us
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
* apt-pkg/depcache.cc:
- don't call MarkInstall with the FromUser flag set for packages
which are dependencies of APT::Never-MarkAuto-Sections matchers
* apt-pkg/packagemanager.cc:
- do not do lock-step configuration for a M-A:same package if it isn't
unpacked yet in SmartConfigure and do not unpack a M-A:same package
again in SmartUnPack if we have already configured it (LP: #1062503)
Add a Closes tag for the self-conflict fix:
ignore negative dependencies applying in the same group for M-A:same
packages on the real package name as self-conflicts (Closes: #688863)
* apt-pkg/edsp.cc:
- include reinstall requests and already installed (= protected) packages
in the install-request for external resolvers (Closes: #689331)
write the native architecture as unique string into the cache header
as it is used for arch:all packages as a map to arch:native.
Otherwise arch comparisons later will see differences (Closes: #689323)
* cmdline/apt-cache.cc:
- print versioned dependency relations in (r)depends if the option
APT::Cache::ShowVersion is true (default: false) as discussed in
#218995 to help debian-cd fixing #687949. Thanks to Sam Lidder
for initial patch and Steve McIntyre for nagging and testing!
* apt-pkg/pkgcachegen.cc:
- do not create 'native' (or now 'none') package structures as a side
effect of description translation parsing as it pollutes the cache
handle packages without a mandatory architecture (debian-policy §5.3)
by introducing a pseudo-architecture 'none' so that the small group of
users with these packages can get right of them without introducing too
much hassle for other users (Closes: #686346)
* apt-pkg/cdrom.cc:
- copy only configured translation files from a CD-ROM and not all
available translation files preventing new installs with d-i from
being initialized with all translations (Closes: #678227)
- handle Components in the reduction for the source.list as multi-arch CDs
otherwise create duplicated source entries (e.g. "wheezy main main")
- do not create duplicated flat-archive CD-ROM sources for foreign
architectures on multi-arch CD-ROMs
- do not warn about files which have a record in the Release file, but
are not present on the CD to mirror the behavior of the other methods
and to allow uncompressed indexes to be dropped without scaring users
- handle Components in the reduction for the source.list as multi-arch CDs
* apt-pkg/cdrom.cc:
- handle Components in the reduction for the source.list as multi-arch cds
otherwise create duplicated source entries (e.g. "wheezy main main")
* doc/apt_preferences.5.xml:
- use the correct interval (x <= P < y) for pin value documentation as
these are the intervals used by the code (Closes: #685989)
Raphael Geissert [Thu, 30 Aug 2012 10:30:26 +0000 (12:30 +0200)]
* debian/control:
- let libapt-pkg break apt < 0.9.4 to ensure that the installed http-
method supports the new redirection-style, thanks to Raphael Geissert
for reporting & testing (Closes: #685192)
* apt-pkg/packagemanager.cc:
- unpack versions in case a different version from the package
is currently in unpack state to recover from broken system states
(like different file in M-A:same package and other dpkg errors)
* apt-pkg/cdrom.cc:
- do not link() but rename() the cdroms.list to cdroms.list~ as a backup
to ensure that apt-cdrom can be run multiple times (Closes: #676302)
ensure that the right architecture is used for cross-dependencies in
cases we have to choose a provider by defaulting on host-arch
instead of build-arch
* cmdline/apt-get.cc:
- error out on (unsatisfiable) build-deps on purly virtual packages
instead of ignoring these dependencies; thanks to Johannes Schauer
for the detailed report! (Closes: #683786)
* apt-pkg/contrib/fileutl.cc:
- remove _POSIX_SYNCHRONIZED_IO guard in FileFd::Sync() around fsync
as this guard is only needed for fdatasync and not defined on hurd
Pino Toscano [Sat, 4 Aug 2012 08:20:30 +0000 (10:20 +0200)]
apt-pkg/contrib/mmap.cc:
- guard only the msync call with _POSIX_SYNCHRONIZED_IO rather
than also the fallback code as it breaks APT on hurd since 0.9.7.3
as the fallback is now always used on non-linux (Closes: #683354)
* apt-pkg/contrib/mmap.cc:
- refer to APT::Cache-Start in case the growing failed as if -Limit is
really the offender it will be noted in a previous error message.
* apt-pkg/cachefilter.cc:
- remove architecture-specific arch to tuple expansion-rules as they lead
to the same tuples for different architectures (e.g. linux-arm for arm,
armel and armhf) while the dpkg-architecture code uses triples which
are different (in the first part, which we omit in our tuples), so e.g.
build-dep restrictions for armel ended up effecting armhf as well
* apt-pkg/deb/deblistparser.cc:
- negative dependencies need to apply to all architectures,
but those with a specific architecture only apply to this one