When calling SourcesList.add don't duplicate disabled sources. Continue
to permit enabling disabled sources during addition, but not disabling
enabled sources.
Tests are included for both duplicate suppression and the enabling
functionality (which didn't seem to be covered by the existing tests),
as well as tests for pos.
New changelog entries:
* SECURITY REGRESSION: crash with ubuntu-release-upgrader (LP: #1860606)
- apt/cache.py: make allow_unauthenticated argument to
fetch_archives() optional.
New changelog entries:
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
- Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu21.2), as it will have
to set that parameter after having done validation.
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- Automatic mirror list update
New changelog entries:
* Frontend locking and related locking improvements (LP: #1795407)
- apt.Cache: Keep / Re-establish the system lock in commit()
- apt.Cache: Keep archive locked during commit()/ in fetch_archives()
- apt.Cache: Reinstate locks in a finally / run dpkg inside try
- Introduce frontend locking
- Convert apt.Cache.commit and apt_pkg.DepCache.commit to FE lock
* Other changes to make that work:
- Cherry-pick apt_pkg.Error type hint from 1.7
- travis CI: bionic only; stretch does not have FE locking nor PPA
* As always, updated mirror lists
New changelog entries:
* Introduce gitlab ci
* Document whatsnew in 1.6.y
* Add more extensive test cases for cache remapping
* Do not override __hash__ in apt.package.Package (LP: #1780099)
* debian/python-apt.docs: README is README.md since some time
* debian/control: Point to salsa instead of anonscm
New changelog entries:
* apt: Fix typing errors to get CI pass again
* apt.Cache: Remap objects when reopening cache (LP: #1773316)
* apt_pkg.DepCache: Raise CacheMismatchError if argument belongs to diff. cache
* Set branch to 1.6.y and adjust travis CI to run against stable releases
* travis CI / Dockerfile: Pin mypy to 0.600 to prevent future changes breaking CI
* utils/get_debian_mirrors.py: Get data from salsa
New changelog entries:
* Revert change to make apt.Cache subclass of dict
* Fix get_changelog() to correctly decode non-unicode changelogs
* Try to work around memory corruption in PackageRecords.*_hash
* apt/auth.py: Protect against race with gpg when removing tmpdir
(Closes: #871585)
* Document Architecture: all handling in Package.{fullname,architecture()}
(Closes: #863193)
* python/tag.cc: Fix invalid read in TagFileNext
* Raise ValueError if objects passed to DepCache are from different cache
(LP: #1737441)
* DepCache: Check that candidate we are setting belongs to package
* debian/gbp.conf: Default branch is master now