Your message dated Sat, 26 Nov 2016 00:03:23 +0000 with message-id <E1cAQSh-000Bg8-Om@fasolo.debian.org> and subject line Bug#842877: fixed in apt 1.4~beta1 has caused the Debian Bug report #842877, regarding apt: should sanitize environment more thoroughly to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 842877: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842877 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: does not set HOME before invoking gnupg
- From: "brian m. carlson" <sandals@crustytoothpaste.net>
- Date: Tue, 1 Nov 2016 23:49:39 +0000
- Message-id: <[🔎] 20161101234937.zksibrq54u7o6an3@genre.crustytoothpaste.net>
Package: apt Version: 1.3.1 Severity: important Steps to reproduce: 1. Add a new mirror to /etc/apt/sources.list. 2. Set "extra-socket ~/.gnupg/S.gpg-agent-extra" in your user's ~/.gnupg/gpg-agent.conf 3. As an unprivileged user in the sudo group, run "sudo -E apt-get update". 4. Notice that there is now a root-owned gpg-agent running which has inherited your user's homedir and configuration settings. 5. Notice that your extra socket has been overwritten by root's gpg-agent. In my particular case, this causes my extra socket, which I forward to a VM for commit-signing purposes, to no longer work. apt needs to set HOME before invoking gnupg so that the spawned gpg-agent does not inherit the user's (or root's) homedir. The gpg-agent also inherits all of the other gpg-agent.conf settings, including log-file, pinentry, and other settings. Behavior which may be fine and secure for a user may not be fine and secure for root. apt also shouldn't be inheriting settings from the homedir of any user (including root). I can't think of a way to actually exploit this, since the HOME is explicitly or implicitly (e.g. via sudo -E) set by root, but it seems risky. This is new with the use of GnuPG 2.1 by apt. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; APT::Sandbox ""; APT::Sandbox::User "_apt"; APT::Authentication ""; APT::Authentication::TrustCDROM "true"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^linux-image-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-image-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-headers-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-image-extra-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-signed-image-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-image-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^kfreebsd-headers-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^gnumach-image-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-modules-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^.*-kernel-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-4\.7\.0-rc7-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.7\.0-1-amd64$"; APT::NeverAutoRemove:: "^linux-tools-4\.7\.0-rc7-amd64$"; APT::VersionedKernelPackages ""; APT::VersionedKernelPackages:: "linux-image"; APT::VersionedKernelPackages:: "linux-headers"; APT::VersionedKernelPackages:: "linux-image-extra"; APT::VersionedKernelPackages:: "linux-signed-image"; APT::VersionedKernelPackages:: "kfreebsd-image"; APT::VersionedKernelPackages:: "kfreebsd-headers"; APT::VersionedKernelPackages:: "gnumach-image"; APT::VersionedKernelPackages:: ".*-modules"; APT::VersionedKernelPackages:: ".*-kernel"; APT::VersionedKernelPackages:: "linux-backports-modules-.*"; APT::VersionedKernelPackages:: "linux-tools"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "contrib/metapackages"; APT::Never-MarkAuto-Sections:: "non-free/metapackages"; APT::Never-MarkAuto-Sections:: "restricted/metapackages"; APT::Never-MarkAuto-Sections:: "universe/metapackages"; APT::Never-MarkAuto-Sections:: "multiverse/metapackages"; APT::Move-Autobit-Sections ""; APT::Move-Autobit-Sections:: "oldlibs"; APT::Move-Autobit-Sections:: "contrib/oldlibs"; APT::Move-Autobit-Sections:: "non-free/oldlibs"; APT::Move-Autobit-Sections:: "restricted/oldlibs"; APT::Move-Autobit-Sections:: "universe/oldlibs"; APT::Move-Autobit-Sections:: "multiverse/oldlibs"; APT::Update ""; APT::Update::Post-Invoke-Success ""; APT::Update::Post-Invoke-Success:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; APT::Architectures ""; APT::Architectures:: "amd64"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "0"; APT::Compressor::lz4 ""; APT::Compressor::lz4::Name "lz4"; APT::Compressor::lz4::Extension ".lz4"; APT::Compressor::lz4::Binary "false"; APT::Compressor::lz4::Cost "50"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "100"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-6n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "200"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "300"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-6"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "400"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-6"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::mirrors "mirrors/"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Etc::apt-file-main "apt-file.conf"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::planners ""; Dir::Bin::planners:: "/usr/lib/apt/planners"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::gzip "/bin/gzip"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Bin::lz4 "/usr/bin/lz4"; Dir::Bin::lzma "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/cdrom"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Log::Planner "eipp.log.xz"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::AllowInsecureRepositories "0"; Acquire::AllowWeakRepositories "0"; Acquire::AllowDowngradeToInsecureRepositories "0"; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom"; Acquire::IndexTargets ""; Acquire::IndexTargets::deb ""; Acquire::IndexTargets::deb::Packages ""; Acquire::IndexTargets::deb::Packages::MetaKey "$(COMPONENT)/binary-$(ARCHITECTURE)/Packages"; Acquire::IndexTargets::deb::Packages::flatMetaKey "Packages"; Acquire::IndexTargets::deb::Packages::ShortDescription "Packages"; Acquire::IndexTargets::deb::Packages::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Packages"; Acquire::IndexTargets::deb::Packages::flatDescription "$(RELEASE) Packages"; Acquire::IndexTargets::deb::Packages::Optional "0"; Acquire::IndexTargets::deb::Translations ""; Acquire::IndexTargets::deb::Translations::MetaKey "$(COMPONENT)/i18n/Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatMetaKey "$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::ShortDescription "Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::Description "$(RELEASE)/$(COMPONENT) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Translations::flatDescription "$(RELEASE) Translation-$(LANGUAGE)"; Acquire::IndexTargets::deb::Contents-deb ""; Acquire::IndexTargets::deb::Contents-deb::MetaKey "$(COMPONENT)/Contents-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-deb::ShortDescription "Contents-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-deb::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Contents (deb)"; Acquire::IndexTargets::deb::Contents-deb::flatMetaKey "Contents-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-deb::flatDescription "$(RELEASE) Contents (deb)"; Acquire::IndexTargets::deb::Contents-deb::PDiffs "true"; Acquire::IndexTargets::deb::Contents-deb::KeepCompressed "true"; Acquire::IndexTargets::deb::Contents-udeb ""; Acquire::IndexTargets::deb::Contents-udeb::MetaKey "$(COMPONENT)/Contents-udeb-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-udeb::ShortDescription "Contents-udeb-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-udeb::Description "$(RELEASE)/$(COMPONENT) $(ARCHITECTURE) Contents (udeb)"; Acquire::IndexTargets::deb::Contents-udeb::flatMetaKey "Contents-udeb-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-udeb::flatDescription "$(RELEASE) Contents (udeb)"; Acquire::IndexTargets::deb::Contents-udeb::KeepCompressed "true"; Acquire::IndexTargets::deb::Contents-udeb::PDiffs "true"; Acquire::IndexTargets::deb::Contents-udeb::DefaultEnabled "false"; Acquire::IndexTargets::deb::Contents-deb-legacy ""; Acquire::IndexTargets::deb::Contents-deb-legacy::MetaKey "Contents-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-deb-legacy::ShortDescription "Contents-$(ARCHITECTURE)"; Acquire::IndexTargets::deb::Contents-deb-legacy::Description "$(RELEASE) $(ARCHITECTURE) Contents (deb)"; Acquire::IndexTargets::deb::Contents-deb-legacy::PDiffs "true"; Acquire::IndexTargets::deb::Contents-deb-legacy::KeepCompressed "true"; Acquire::IndexTargets::deb::Contents-deb-legacy::Fallback-Of "Contents-deb"; Acquire::IndexTargets::deb::Contents-deb-legacy::Identifier "Contents-deb"; Acquire::IndexTargets::deb-src ""; Acquire::IndexTargets::deb-src::Sources ""; Acquire::IndexTargets::deb-src::Sources::MetaKey "$(COMPONENT)/source/Sources"; Acquire::IndexTargets::deb-src::Sources::flatMetaKey "Sources"; Acquire::IndexTargets::deb-src::Sources::ShortDescription "Sources"; Acquire::IndexTargets::deb-src::Sources::Description "$(RELEASE)/$(COMPONENT) Sources"; Acquire::IndexTargets::deb-src::Sources::flatDescription "$(RELEASE) Sources"; Acquire::IndexTargets::deb-src::Sources::Optional "0"; Acquire::IndexTargets::deb-src::Contents-dsc ""; Acquire::IndexTargets::deb-src::Contents-dsc::MetaKey "$(COMPONENT)/Contents-source"; Acquire::IndexTargets::deb-src::Contents-dsc::ShortDescription "Contents-source"; Acquire::IndexTargets::deb-src::Contents-dsc::Description "$(RELEASE)/$(COMPONENT) source Contents (dsc)"; Acquire::IndexTargets::deb-src::Contents-dsc::flatMetaKey "Contents-source"; Acquire::IndexTargets::deb-src::Contents-dsc::flatDescription "$(RELEASE) Contents (dsc)"; Acquire::IndexTargets::deb-src::Contents-dsc::PDiffs "true"; Acquire::IndexTargets::deb-src::Contents-dsc::KeepCompressed "true"; Acquire::IndexTargets::deb-src::Contents-dsc::DefaultEnabled "false"; Acquire::Changelogs ""; Acquire::Changelogs::URI ""; Acquire::Changelogs::URI::Origin ""; Acquire::Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Tanglu "http://metadata.tanglu.org/changelogs/@CHANGEPATH@_changelog"; Acquire::Changelogs::URI::Origin::Ubuntu "http://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog"; Acquire::Changelogs::URI::Origin::Ultimedia "http://packages.ultimediaos.com/changelogs/pool/@CHANGEPATH@/changelog.txt"; Acquire::Changelogs::AlwaysOnline ""; Acquire::Changelogs::AlwaysOnline::Origin ""; Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu "1"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; Acquire::Languages:: "fr"; Acquire::CompressionTypes ""; Acquire::CompressionTypes::xz "xz"; Acquire::CompressionTypes::bz2 "bzip2"; Acquire::CompressionTypes::lzma "lzma"; Acquire::CompressionTypes::gz "gzip"; Acquire::CompressionTypes::lz4 "lz4"; Aptitude ""; Aptitude::Get-Root-Command "sudo:/usr/bin/sudo"; DPkg ""; DPkg::Post-Invoke ""; DPkg::Post-Invoke:: "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"; DPkg::Pre-Install-Pkgs ""; DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; apt-file ""; apt-file::Index-Names "deb"; Binary "apt-config"; Binary::apt ""; Binary::apt::APT ""; Binary::apt::APT::Color "1"; Binary::apt::APT::Cache ""; Binary::apt::APT::Cache::Show ""; Binary::apt::APT::Cache::Show::Version "2"; Binary::apt::APT::Cache::AllVersions "0"; Binary::apt::APT::Cache::ShowVirtuals "1"; Binary::apt::APT::Cache::Search ""; Binary::apt::APT::Cache::Search::Version "2"; Binary::apt::APT::Cache::ShowDependencyType "1"; Binary::apt::APT::Cache::ShowVersion "1"; Binary::apt::APT::Get ""; Binary::apt::APT::Get::Upgrade-Allow-New "1"; Binary::apt::APT::Cmd ""; Binary::apt::APT::Cmd::Show-Update-Stats "1"; Binary::apt::APT::Keep-Downloaded-Packages "0"; Binary::apt::DPkg ""; Binary::apt::DPkg::Progress-Fancy "1"; Binary::apt-get ""; Binary::apt-get::Acquire ""; Binary::apt-get::Acquire::AllowInsecureRepositories "1"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- (no /etc/apt/preferences.d/* present) -- -- /etc/apt/sources.list -- #deb http://httpredir.debian.org/debian/ sid main contrib non-free #deb-src http://httpredir.debian.org/debian/ sid main contrib non-free # #deb http://httpredir.debian.org/debian/ stretch main contrib non-free #deb-src http://httpredir.debian.org/debian/ stretch main contrib non-free # #deb http://httpredir.debian.org/debian/ experimental main contrib non-free #deb-src http://httpredir.debian.org/debian/ experimental main contrib non-free deb http://debian.osuosl.org/debian/ sid main contrib non-free deb http://debug.mirrors.debian.org/debian-debug/ unstable-debug main deb http://debug.mirrors.debian.org/debian-debug/ experimental-debug main deb https://mirror.steadfast.net/debian/ sid main contrib non-free deb-src https://mirror.steadfast.net/debian/ sid main contrib non-free deb https://mirror.steadfast.net/debian/ stretch main contrib non-free deb-src https://mirror.steadfast.net/debian/ stretch main contrib non-free deb https://mirror.steadfast.net/debian/ experimental main contrib non-free deb-src https://mirror.steadfast.net/debian/ experimental main contrib non-free -- /etc/apt/sources.list.d/google-cloud-sdk.list -- deb http://packages.cloud.google.com/apt cloud-sdk-sid main -- /etc/apt/sources.list.d/google-talkplugin.list -- ### THIS FILE IS AUTOMATICALLY CONFIGURED ### # You may comment out this entry, but any other modifications may be lost. deb http://dl.google.com/linux/talkplugin/deb/ stable main -- /etc/apt/sources.list.d/keybase.list -- ### THIS FILE IS AUTOMATICALLY CONFIGURED ### # You may comment out this entry, but any other modifications may be lost. deb http://prerelease.keybase.io/deb stable main -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apt depends on: ii adduser 3.115 ii debian-archive-keyring 2014.3 ii gpgv 2.1.15-8 ii init-system-helpers 1.45 ii libapt-pkg5.0 1.3.1 ii libc6 2.24-5 ii libgcc1 1:6.2.0-10 ii libstdc++6 6.2.0-10 Versions of packages apt recommends: ii gnupg 2.1.15-8 ii gnupg1 1.4.21-1+b1 ii gnupg2 2.1.15-8 Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.8.3-1+b1 ii dpkg-dev 1.18.10 ii powermgmt-base 1.31+nmu1 pn python-apt <none> ii synaptic 0.83+nmu1 -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 842877-close@bugs.debian.org
- Subject: Bug#842877: fixed in apt 1.4~beta1
- From: Julian Andres Klode <jak@debian.org>
- Date: Sat, 26 Nov 2016 00:03:23 +0000
- Message-id: <E1cAQSh-000Bg8-Om@fasolo.debian.org>
Source: apt Source-Version: 1.4~beta1 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 842877@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julian Andres Klode <jak@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 25 Nov 2016 23:49:54 +0100 Source: apt Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source Version: 1.4~beta1 Distribution: unstable Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package management related utility programs libapt-inst2.0 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg5.0 - package management runtime library Closes: 272557 465572 644610 767891 837395 838779 840552 840757 841763 841874 842877 844724 845599 Changes: apt (1.4~beta1) unstable; urgency=medium . [ Chris Leick ] * Updated German documentation translation * fix three typos in sources & manpages * German translation proof read by Helge Kreutzmann . [ Frans Spiesschaert ] * Dutch program translation update (Closes: #840552) * Dutch manpages translation update (Closes: #840757) . [ David Kalnischkies ] * don't install new deps of candidates for kept back pkgs * keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779) * fix testcase expecting incorrect remove log from dpkg * reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877) * show the conflicting distribution warning again (Closes: 841874) * rename Checksum-FileSize to Filesize in hashsum mismatch * improve SOCKS error messages for http slightly * support 'apt build-dep .' (aka: without /) * add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance * http: skip connection cleanup if we close it anyhow * add hidden config to set packages as Essential/Important. Thanks to Anthony Towns for initial patch (Closes: 767891) * don't warn if untransformed distribution matches. Thanks to Lukas Anzinger for initial patch (Closes: 644610) * show distribution mismatch for changed codenames * react to trig-pend only if we have nothing else to do * correct cross & disappear progress detection * improve arch-unqualified dpkg-progress parsing * don't perform implicit crossgrades involving M-A:same * do not configure unconfigured to be removed packages * skip unconfigure for unconfigured to-be removed pkgs * report apt-key errors via status-fd messages (LP: #1522988) * add apt-key support for armored GPG key files (*.asc) * document which keyring formats are supported by apt-key (Closes: 844724) * get pdiff files from the same mirror as the index * follow the googletest merge in build-depends . [ Michael Vogt ] * Do not (re)start "apt-daily.system" Thanks to Alexandre Detiste (Closes: #841763) . [ Johannes Schauer ] * add support for Build-Depends/Conflicts-Arch (Closes: #837395) . [ Edgar Fuß ] * http: clear content before reporting the failure (Closes: #465572) . [ James Clarke ] * apt-ftparchive: Support NotAutomatic and ButAutomaticUpgrades fields (Closes: #272557) . [ Julian Andres Klode ] * TagSection: Split AlphaIndexes into AlphaIndexes and BetaIndexes * TagSection: Extract Find() methods taking Pos instead of Key * Squashed 'triehash/' content from commit 16f59e1 * TagSection: Introduce functions for looking up by key ids * debListParser: Convert to use pkgTagSection::Key-based lookup * Bump the cache major version for non-backportable changes * Introduce tolower_ascii_unsafe() and use it for hashing * Optimize VersionHash() to not need temporary copy of input * Compare size before data when ordering cache bucket entries * debListParser: Micro-optimize AvailableDescriptionLanguages() * Do not use MD5SumValue for Description_md5() * gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weak . [ Paul Wise ] * show output as documented for APT::Periodic::Verbose 2 (Closes: 845599) Checksums-Sha1: 9f49c6a174ec4da92b27041060cb3531dfa93337 2565 apt_1.4~beta1.dsc bde0ba2ec01caa7856bb02255ab96ed0bba6d56d 2053936 apt_1.4~beta1.tar.xz Checksums-Sha256: 59965ea9f2489feeb510d945f8ec681f8cedf6ff9ddc413c02423b2f48b0d9c1 2565 apt_1.4~beta1.dsc 7321ec058d2a7d664e1b5123a1d73fc0d63738eb97783df8dce45e8a2b2898c1 2053936 apt_1.4~beta1.tar.xz Files: 0bd8495d92665d653fc0552a29a1e707 2565 admin important apt_1.4~beta1.dsc 08e36fb472189a177a8f1b55949e41ae 2053936 admin important apt_1.4~beta1.tar.xz -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEzeVhi4gF/W4gLOnC1zw55WWAs4YFAlg4wOQPHGpha0BkZWJp YW4ub3JnAAoJENc8OeVlgLOGoDcP/0TuSlspjqIdw0V7mP8jvDg69jH2WDVv4GGJ 8/+JTSry8k7x7X07GaZX7bPmSUbFB1JMeP1+SWyFYa/J3e/GwqTWhKllojjvCo79 XnduRT6KsMrzznzB4CIlS9MwpIn6Wz3hxogJYiJcST+8243m59QsqhdnnD+fWrHG IpLk8cPgxrVPnw+9cSXt/zuJVuuZL2ExMBk+QaRYpSXXCdMN7rUuBCoWP4RE5hTy isGA2K53tHt7QYpo6175N3zwcuFyOTzp4XuuOlemG2FcIHjIpZ978EhA8bLdh5QW OSbW8suti7IwX7+TJyOjYOOGmZSwa+34f6lq4ED0N79SRQAaCpOKqx6OMWFnvDhN vEeMXpaWZSsf1QIgQ6V27fMWHVncQJ5SO+Dz8E1VTmgqVU/kMSb6JKW06WCkH5fO ebNfv1l9UndWQQAvVrLTS8SduR334lZN2Z1FfJLPVHLZTqfSNZjLQWuVwbnZReDR GIEgmXge1MEmHFDW33/xISOe3kLJfWtSjQxe2NbvTKKKGvwEzawVQNlJxAOGmhMW ZbGXSx4j7YWlUmBVObHSIsHqCLZov4pLA08CsYu6g3DE/YyuQqrzmIRC/cS6yR5K lZ+6sJLnaWaTxjEsBsT5AKNpdoOB6vnodNJY4bY0malBcCDfv8BpnuApmyFRzyCw sUscE3+G =eM/Q -----END PGP SIGNATURE-----
--- End Message ---