When calling SourcesList.add don't duplicate disabled sources. Continue
to permit enabling disabled sources during addition, but not disabling
enabled sources.
Tests are included for both duplicate suppression and the enabling
functionality (which didn't seem to be covered by the existing tests),
as well as tests for pos.
New changelog entries:
* SECURITY REGRESSION: crash with ubuntu-release-upgrader (LP: #1860606)
- apt/cache.py: make allow_unauthenticated argument to
fetch_archives() optional.
New changelog entries:
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
- Bump Breaks aptdaemon (<< 1.1.1+bzr982-0ubuntu14.2), as it will have
to set that parameter after having done validation.
* Necessary backports:
- turn elements in apt_pkg.SourceRecords.files into a class, rather than
a tuple (w/ legacy compat), so we can get to their hashes
- add apt_pkg.HashStringList
- add apt_pkg.Hashes.hashes
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- Automatic mirror list update
New changelog entries:
* Fix erronous use of apt_pkg.Error
apt_pkg.Error was introduced in later versions, and accidentally
used when backporting fixes in the previous SRU. (LP: #1830635)
* Update mirror lists
New changelog entries:
* Frontend locking and related locking improvements (LP: #1795407)
- apt.Cache: Keep / Re-establish the system lock in commit()
- apt.Cache: Keep archive locked during commit()/ in fetch_archives()
- apt.Cache: Reinstate locks in a finally / run dpkg inside try
- Introduce frontend locking
- Convert apt.Cache.commit and apt_pkg.DepCache.commit to FE lock
* Other changes to make that work:
- travis CI: enable PPA for new apt versions
* As always, updated mirror lists
New changelog entries:
* python/tag.cc: Fix invalid read in TagFileNext
* DepCache: Check that candidate we are setting belongs to package
* Raise CacheMismatchError if objects passed to DepCache are from different cache
(LP: #1737441); also includes the following regression fixes from bionic:
- apt.Cache: Remap objects when reopening cache (LP: 1773316 in bionic+), incl. regression fixes:
+ Add more extensive test cases for cache remapping
+ Regression fix: Do not override __hash__ in apt.package.Package (LP: 1780099 in bionic+)
* CI / pre-build / data changes:
- Replace broken travis CI integration with current docker-based one
- utils/get_debian_mirrors.py: Get data from salsa (for pre-build hook)
- debian/control: Point to salsa instead of anonscm
- debian/gbp.conf: Point to 1.1.y-xenial branch
- Updated mirror list
New changelog entries:
* Upload to unstable
[ Michael Vogt ]
* Do not show pulse progress when the output is not a tty
* Fix build-dependencies parsing from debian/control
* Print the failed function name in PyPkgManager::res()
[ Julian Andres Klode ]
* test_paths.py: Catch the IndexRecords warning
* Release 1.0.1
* changelog: Fix up the uploader name and close Barry's bug
* doc: tutorials: contribution: Rewrite for git and other changes
(Closes: #802084)
* Build with cleaner headers
* Use pkgCache::Version::No instead of pkgCache::Version::None
* apt.utils: Support parsing InRelease files (LP: #1503979)
Thanks to Brian Murray <email address hidden> for the initial patch.
* apt.utils: Open the release files using a 'with' statement
[ Jakub Wilk ]
* apt/debfile.py: Fix typo
* apt/debfile.py: Fix typo
[ Martin Pitt ]
* ./data/templates/Ubuntu.info.in: Add Xenial template.
* doc/source/examples/apt-cdrom.py: Fix PEP-8 errors.
