[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#799070: marked as done (jessie-pu: package apt/1.0.9.8.2)

Your message dated Sat, 23 Jan 2016 13:57:15 +0000
with message-id <1453557435.1835.52.camel@adam-barratt.org.uk>
and subject line 8.3 point release cleanup
has caused the Debian Bug report #799070,
regarding jessie-pu: package apt/1.0.9.8.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
799070: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799070
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

The APT team would like to update APT to 1.0.9.8.2 in stable, with
the following changes (full diff | filterdiff -p1 -x "po/*.po*"
is attached):

+  [ David Kalnischkies ]
+  * hide first pdiff merge failure debug message (Closes: 793444)

-> This was a debugging message that was printed by default

+  * mark again deps of pkgs in APT::Never-MarkAuto-Sections as manual.
+    Thanks to Raphaël Hertzog and Adam Conrad for detailed reports and initial patches
+    (Closes: 793360) (LP: 1479207)

-> Dependencies of meta packages were not marked as manually installed

+
+  [ Julian Andres Klode ]
+  * Do not parse Status fields from remote sources

-> Remote sources could set "Status: install ok installed" on a package making
   APT believe that the package was already installed, and causing APT to
   "upgrade" it during an 'apt upgrade' or 'apt-get dist-upgrade' run.

   While this sounds like a horrible security issue, because it can be used
   to forcibly install new packages, the impact is not high: Sources could
   set the Essential field on any package which has almost the same effect,
   although being listed in the NEW installs section instead of the upgrade
   section.

+  [ Michael Vogt ]
+  * Use xgettext --no-location in make update-pot

-> This (and two other sorting changes) in po/makefile are just there to clean
   up our pot file handling, as that currently depends on the order in the
   file system, and thus produces a huge diff with every release, as the files
   are found in a different order and because line numbers have changed.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (100, 'experimental'), (1, 'buildd-experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
    - If you don't I might ignore you.

diff -Nru apt-1.0.9.8.1/apt-pkg/acquire-item.cc apt-1.0.9.8.2/apt-pkg/acquire-item.cc
--- apt-1.0.9.8.1/apt-pkg/acquire-item.cc	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/apt-pkg/acquire-item.cc	2015-09-15 17:08:27.000000000 +0200
@@ -834,7 +834,8 @@
 
    // first failure means we should fallback
    State = StateErrorDiff;
-   std::clog << "Falling back to normal index file acquire" << std::endl;
+   if (Debug)
+      std::clog << "Falling back to normal index file acquire" << std::endl;
    new pkgAcqIndex(Owner, RealURI, Description,Desc.ShortDesc,
 		   ExpectedHash);
 }
diff -Nru apt-1.0.9.8.1/apt-pkg/deb/debindexfile.cc apt-1.0.9.8.2/apt-pkg/deb/debindexfile.cc
--- apt-1.0.9.8.1/apt-pkg/deb/debindexfile.cc	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/apt-pkg/deb/debindexfile.cc	2015-09-15 17:08:27.000000000 +0200
@@ -621,7 +621,7 @@
    FileFd Pkg(File,FileFd::ReadOnly, FileFd::Extension);
    if (_error->PendingError() == true)
       return false;
-   debListParser Parser(&Pkg);
+   debStatusListParser Parser(&Pkg);
    if (_error->PendingError() == true)
       return false;
 
diff -Nru apt-1.0.9.8.1/apt-pkg/deb/deblistparser.cc apt-1.0.9.8.2/apt-pkg/deb/deblistparser.cc
--- apt-1.0.9.8.1/apt-pkg/deb/deblistparser.cc	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/apt-pkg/deb/deblistparser.cc	2015-09-15 17:08:27.000000000 +0200
@@ -333,7 +333,7 @@
    return Result;
 }
 									/*}}}*/
-// ListParser::ParseStatus - Parse the status field			/*{{{*/
+// StatusListParser::ParseStatus - Parse the status field		/*{{{*/
 // ---------------------------------------------------------------------
 /* Status lines are of the form,
      Status: want flag status
@@ -345,6 +345,11 @@
 bool debListParser::ParseStatus(pkgCache::PkgIterator &Pkg,
 				pkgCache::VerIterator &Ver)
 {
+   return true;
+}
+bool debStatusListParser::ParseStatus(pkgCache::PkgIterator &Pkg,
+				pkgCache::VerIterator &Ver)
+{
    const char *Start;
    const char *Stop;
    if (Section.Find("Status",Start,Stop) == false)
diff -Nru apt-1.0.9.8.1/apt-pkg/deb/deblistparser.h apt-1.0.9.8.2/apt-pkg/deb/deblistparser.h
--- apt-1.0.9.8.1/apt-pkg/deb/deblistparser.h	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/apt-pkg/deb/deblistparser.h	2015-09-15 17:08:27.000000000 +0200
@@ -117,4 +117,11 @@
       : debListParser(File, Arch) {};
 };
 
+class APT_HIDDEN debStatusListParser : public debListParser
+{
+ public:
+   virtual bool ParseStatus(pkgCache::PkgIterator &Pkg,pkgCache::VerIterator &Ver);
+   debStatusListParser(FileFd *File)
+      : debListParser(File) {};
+};
 #endif
diff -Nru apt-1.0.9.8.1/apt-pkg/depcache.cc apt-1.0.9.8.2/apt-pkg/depcache.cc
--- apt-1.0.9.8.1/apt-pkg/depcache.cc	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/apt-pkg/depcache.cc	2015-09-15 17:08:27.000000000 +0200
@@ -1103,7 +1103,12 @@
    if (DebugMarker == true)
       std::clog << OutputInDepth(Depth) << "MarkInstall " << Pkg << " FU=" << FromUser << std::endl;
 
-   DepIterator Dep = P.InstVerIter(*this).DependsList();
+   VerIterator const PV = P.InstVerIter(*this);
+   if (unlikely(PV.end() == true))
+      return false;
+   bool const PinNeverMarkAutoSection = (PV->Section != 0 && ConfigValueInSubTree("APT::Never-MarkAuto-Sections", PV.Section()));
+
+   DepIterator Dep = PV.DependsList();
    for (; Dep.end() != true;)
    {
       // Grok or groups
@@ -1226,7 +1231,7 @@
 	       continue;
 	    }
 	    // now check if we should consider it a automatic dependency or not
-	    if(InstPkg->CurrentVer == 0 && InstVer->Section != 0 && ConfigValueInSubTree("APT::Never-MarkAuto-Sections", InstVer.Section()))
+	    if(InstPkg->CurrentVer == 0 && PinNeverMarkAutoSection)
 	    {
 	       if(DebugAutoInstall == true)
 		  std::clog << OutputInDepth(Depth) << "Setting NOT as auto-installed (direct "
diff -Nru apt-1.0.9.8.1/configure apt-1.0.9.8.2/configure
--- apt-1.0.9.8.1/configure	2015-06-10 09:40:53.000000000 +0200
+++ apt-1.0.9.8.2/configure	2015-09-15 17:08:33.000000000 +0200
@@ -2436,7 +2436,7 @@
 
 
 PACKAGE="apt"
-PACKAGE_VERSION="1.0.9.8.1"
+PACKAGE_VERSION="1.0.9.8.2"
 PACKAGE_MAIL="APT Development Team <deity@lists.debian.org>"
 cat >>confdefs.h <<_ACEOF
 #define PACKAGE "$PACKAGE"
diff -Nru apt-1.0.9.8.1/configure.ac apt-1.0.9.8.2/configure.ac
--- apt-1.0.9.8.1/configure.ac	2015-06-10 09:40:52.000000000 +0200
+++ apt-1.0.9.8.2/configure.ac	2015-09-15 17:08:32.000000000 +0200
@@ -18,7 +18,7 @@
 AC_CONFIG_HEADER(include/config.h:buildlib/config.h.in include/apti18n.h:buildlib/apti18n.h.in)
 
 PACKAGE="apt"
-PACKAGE_VERSION="1.0.9.8.1"
+PACKAGE_VERSION="1.0.9.8.2"
 PACKAGE_MAIL="APT Development Team <deity@lists.debian.org>"
 AC_DEFINE_UNQUOTED(PACKAGE,"$PACKAGE")
 AC_DEFINE_UNQUOTED(PACKAGE_VERSION,"$PACKAGE_VERSION")
diff -Nru apt-1.0.9.8.1/debian/changelog apt-1.0.9.8.2/debian/changelog
--- apt-1.0.9.8.1/debian/changelog	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/debian/changelog	2015-09-15 17:08:27.000000000 +0200
@@ -1,3 +1,19 @@
+apt (1.0.9.8.2) jessie; urgency=medium
+
+  [ David Kalnischkies ]
+  * hide first pdiff merge failure debug message (Closes: 793444)
+  * mark again deps of pkgs in APT::Never-MarkAuto-Sections as manual.
+    Thanks to Raphaël Hertzog and Adam Conrad for detailed reports and initial patches
+    (Closes: 793360) (LP: 1479207)
+
+  [ Julian Andres Klode ]
+  * Do not parse Status fields from remote sources
+
+  [ Michael Vogt ]
+  * Use xgettext --no-location in make update-pot
+
+ -- Julian Andres Klode <jak@debian.org>  Tue, 15 Sep 2015 16:48:35 +0200
+
 apt (1.0.9.8.1) stable; urgency=medium
 
   [ David Kalnischkies ]
diff -Nru apt-1.0.9.8.1/debian/gbp.conf apt-1.0.9.8.2/debian/gbp.conf
--- apt-1.0.9.8.1/debian/gbp.conf	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/debian/gbp.conf	2015-09-15 17:08:27.000000000 +0200
@@ -4,4 +4,4 @@
 debian-branch = debian/jessie
 debian-tag = %(version)s
 export-dir = ../build-area
-sign-tags = True
\ No newline at end of file
+sign-tags = True
diff -Nru apt-1.0.9.8.1/doc/apt-verbatim.ent apt-1.0.9.8.2/doc/apt-verbatim.ent
--- apt-1.0.9.8.1/doc/apt-verbatim.ent	2015-06-10 09:40:52.000000000 +0200
+++ apt-1.0.9.8.2/doc/apt-verbatim.ent	2015-09-15 17:08:32.000000000 +0200
@@ -225,7 +225,7 @@
 ">
 
 <!-- this will be updated by 'prepare-release' -->
-<!ENTITY apt-product-version "1.0.9.8.1">
+<!ENTITY apt-product-version "1.0.9.8.2">
 
 <!-- (Code)names for various things used all over the place -->
 <!ENTITY oldstable-codename "wheezy">
diff -Nru apt-1.0.9.8.1/doc/po/apt-doc.pot apt-1.0.9.8.2/doc/po/apt-doc.pot
--- apt-1.0.9.8.1/doc/po/apt-doc.pot	2015-06-10 09:40:50.000000000 +0200
+++ apt-1.0.9.8.2/doc/po/apt-doc.pot	2015-09-15 17:08:27.000000000 +0200
@@ -6,9 +6,9 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: apt-doc 1.0.9.8\n"
+"Project-Id-Version: apt-doc 1.0.9.8.2\n"
 "Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2015-06-10 09:40+0200\n"
+"POT-Creation-Date: 2015-09-15 14:59+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
diff -Nru apt-1.0.9.8.1/po/makefile apt-1.0.9.8.2/po/makefile
--- apt-1.0.9.8.1/po/makefile	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/po/makefile	2015-09-15 17:08:27.000000000 +0200
@@ -15,7 +15,7 @@
 include ../buildlib/defaults.mak
 
 CATALOGS := $(addsuffix .gmo, $(shell sed -e '/^\#/ d' -e '/^$$/ d' LINGUAS | tr '\n' ' '))
-DOMAINS := $(notdir $(wildcard $(PO_DOMAINS)/*))
+DOMAINS := $(sort $(notdir $(wildcard $(PO_DOMAINS)/*)))
 POTFILES := $(addsuffix .pot,$(addprefix $(PO)/,$(DOMAINS)))
 
 # Construct a list of all mo files for all domains under $(PO_DOMAINS)
@@ -37,9 +37,10 @@
 	cmp --silent $(PO)/domains/$*/sh.pot.tmp $(PO)/domains/$*/sh.pot || \
 		mv $(PO)/domains/$*/sh.pot.tmp $(PO)/domains/$*/sh.pot
 # From C/C++ source
-	cat $(PO)/domains/$*/*.srclist > $(PO)/POTFILES_$*.in
+	cat $(PO)/domains/$*/*.srclist | sort > $(PO)/POTFILES_$*.in
 	$(XGETTEXT) --default-domain=$* --directory=$(BASE) \
 	  --add-comments --foreign --keyword=_ --keyword=N_ \
+          --no-location \
 	  --keyword=P_:1,2 \
 	  --files-from=$(PO)/POTFILES_$*.in -o $(PO)/domains/$*/c.pot.tmp
 	cmp --silent $(PO)/domains/$*/c.pot.tmp $(PO)/domains/$*/c.pot || \
diff -Nru apt-1.0.9.8.1/test/integration/framework apt-1.0.9.8.2/test/integration/framework
--- apt-1.0.9.8.1/test/integration/framework	2015-06-10 09:40:35.000000000 +0200
+++ apt-1.0.9.8.2/test/integration/framework	2015-09-15 17:08:27.000000000 +0200
@@ -508,10 +508,12 @@
 
  -- Joe Sixpack <joe@example.org>  $(date -R)" > ${BUILDDIR}/debian/changelog
 	echo "Source: $NAME
-Section: $SECTION
 Priority: $PRIORITY
 Maintainer: Joe Sixpack <joe@example.org>
 Standards-Version: 3.9.3" > ${BUILDDIR}/debian/control
+	if [ "$SECTION" != '<none>' ]; then
+		echo "Section: $SECTION" >> ${BUILDDIR}/debian/control
+	fi
 	local BUILDDEPS="$(echo "$DEPENDENCIES" | grep '^Build-')"
 	test -z "$BUILDDEPS" || echo "$BUILDDEPS" >> ${BUILDDIR}/debian/control
 	echo "
diff -Nru apt-1.0.9.8.1/test/integration/test-apt-never-markauto-sections apt-1.0.9.8.2/test/integration/test-apt-never-markauto-sections
--- apt-1.0.9.8.1/test/integration/test-apt-never-markauto-sections	1970-01-01 01:00:00.000000000 +0100
+++ apt-1.0.9.8.2/test/integration/test-apt-never-markauto-sections	2015-09-15 17:08:27.000000000 +0200
@@ -0,0 +1,106 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64' 'i386'
+
+aptconfig dump --no-empty --format '%v%n' APT::Never-MarkAuto-Sections > nevermarkauto.sections
+testsuccess grep '^metapackages$' nevermarkauto.sections
+
+# this is a very crude regression test, not a "this is how it should be" test:
+# In theory mydesktop-core and texteditor should be marked as manual, but
+# texteditor is installed as a dependency of bad-texteditor, not of
+# mydesktop-core and mydesktop-core is removed while bad-texteditor is
+# installed losing the manual bit as the problem resolver will later decide to
+# drop bad-texteditor and re-instate mydesktop-core which is considered an
+# auto-install at that point (in theory the never-auto handling should be
+# copied to this place – as to the many other places dependencies are resolved
+# 'by hand' instead of via MarkInstall AutoInst…
+#
+# Both could be fixed if apt would figure out early that installing
+# bad-texteditor is a bad idea and eventually it should (as mydesktop-core is
+# a direct descendant of mydesktop which was a user-request mydesktop-core should
+# be as protected from removal as mydesktop is), but this is hard in the general case
+# as with more or-groups and provides you can produce 'legal' examples for this.
+
+buildsimplenativepackage 'mydesktop' 'all' '1' 'unstable' 'Depends: mydesktop-core, foreignpkg
+Recommends: notavailable' '' 'metapackages'
+buildsimplenativepackage 'mydesktop-core' 'amd64' '1' 'unstable' 'Depends: bad-texteditor | texteditor, browser (>= 42), nosection, foreignpkg
+Recommends: notavailable
+Multi-Arch: foreign' '' 'metapackages'
+buildsimplenativepackage 'browser' 'amd64' '41' 'stable'
+buildsimplenativepackage 'browser' 'amd64' '42' 'unstable'
+buildsimplenativepackage 'texteditor' 'amd64' '1' 'stable'
+buildsimplenativepackage 'bad-texteditor' 'amd64' '1' 'stable' 'Depends: texteditor
+Conflicts: mydesktop-core'
+buildsimplenativepackage 'nosection' 'amd64' '1' 'stable' '' '' '<none>'
+buildsimplenativepackage 'foreignpkg' 'i386' '1' 'stable' 'Multi-Arch: foreign'
+setupaptarchive
+
+testsuccess aptcache show nosection
+testfailure grep 'Section' rootdir/tmp/testsuccess.output
+testequal 'dpkg' aptmark showmanual
+
+testsuccess aptget install mydesktop -y -o Debug::pkgProblemResolver=1 -o Debug::pkgDepCache::Marker=1
+
+testequal 'browser
+dpkg
+foreignpkg:i386
+mydesktop
+nosection' aptmark showmanual
+testmarkedauto 'mydesktop-core' 'texteditor'
+
+testequal 'Reading package lists...
+Building dependency tree...
+Reading state information...
+The following packages will be REMOVED:
+  mydesktop mydesktop-core texteditor
+0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
+Remv mydesktop [1]
+Remv mydesktop-core [1]
+Remv texteditor [1]' aptget autoremove mydesktop -s
+
+testequal 'Reading package lists...
+Building dependency tree...
+Reading state information...
+The following packages will be REMOVED:
+  mydesktop mydesktop-core texteditor
+0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
+Remv mydesktop [1]
+Remv mydesktop-core [1]
+Remv texteditor [1]' aptget autoremove texteditor -s
+testsuccess aptget autoremove texteditor -y
+
+testdpkgnotinstalled mydesktop mydesktop-core texteditor
+testdpkginstalled browser
+
+testequal 'browser
+dpkg
+foreignpkg:i386
+nosection' aptmark showmanual
+testmarkedauto
+
+# test that installed/upgraded auto-pkgs are not set to manual
+
+testsuccess aptget install browser=41 -y --force-yes
+
+testequal 'browser
+dpkg
+foreignpkg:i386
+nosection' aptmark showmanual
+testmarkedauto
+testsuccess aptmark auto browser
+testmarkedauto 'browser'
+testsuccess aptmark auto nosection
+testmarkedauto 'browser' 'nosection'
+testequal 'dpkg
+foreignpkg:i386' aptmark showmanual
+
+testsuccess aptget install mydesktop -y
+
+testequal 'dpkg
+foreignpkg:i386
+mydesktop' aptmark showmanual
+testmarkedauto 'browser' 'nosection' 'mydesktop-core' 'texteditor'
diff -Nru apt-1.0.9.8.1/test/integration/test-security-no-remote-status apt-1.0.9.8.2/test/integration/test-security-no-remote-status
--- apt-1.0.9.8.1/test/integration/test-security-no-remote-status	1970-01-01 01:00:00.000000000 +0100
+++ apt-1.0.9.8.2/test/integration/test-security-no-remote-status	2015-09-15 17:08:27.000000000 +0200
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# Test that packages from remote sources cannot set the Status field.
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64'
+
+TMPDIR=$(readlink -f .)
+
+insertpackage 'unstable' 'pretends-installed' 'all' '1' 'Status: install ok installed'
+insertinstalledpackage 'really-installed' 'all' '1'
+setupaptarchive
+
+testequal "pretends-installed:
+  Installed: (none)
+  Candidate: 1
+  Version table:
+     1 0
+        500 file:${TMPDIR}/aptarchive/ unstable/main amd64 Packages" aptcache policy pretends-installed
+
+testequal "really-installed:
+  Installed: 1
+  Candidate: 1
+  Version table:
+ *** 1 0
+        100 ${TMPDIR}/rootdir/var/lib/dpkg/status" aptcache policy really-installed

--- End Message ---
--- Begin Message --- 
Version: 8.3

Hi,

The updates referred to in these bugs were included in today's 8.3
Jessie point release.

Regards,

Adam

--- End Message ---
Reply to: