[SRU] Update apt/yakkety to 1.3.5

Bug #1668280 reported by Julian Andres Klode on 2017-02-27
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

[Impact]
This collects several bug fixes from the 1.4 branch. Most of the stuff has been in Debian since 20 days, and in testing since Feb 12.

Fixes in the acquire system - mostly error cases.
  * basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
  * Only merge acquire items with the same meta key (Closes: #838441)
  -> hit often these days, ask Riddel
  * get pdiff files from the same mirror as the index
  -> we are not really affected by this, but it does not hurt
  * keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
    (LP: #1657440)
  -> breaks the assumption of adding untrusted repo; installing keyring, and update
  * remove 'old' FAILED files in the next acquire call (Closes: 846476)
  * stop rred from leaking debug messages on recovered errors (Closes: #850759)
  * http: clear content before reporting the failure (Closes: #465572)
Security improvements - dropping environment variables for workers:
  * reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
  * add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance

Installation ordering changes - that changed a lot in 1.3:
  * react to trig-pend only if we have nothing else to do
  * correct cross & disappear progress detection
  * improve arch-unqualified dpkg-progress parsing
  * don't perform implicit crossgrades involving M-A:same
  * do not configure unconfigured to be removed packages
  * skip unconfigure for unconfigured to-be removed pkgs
  * fix minimum pkgs option for dpkg --recursive usage

Locking fixes to reduce chance of breaking running install/upgrade commands:
  * don't lock dpkg in 'apt-get clean'
  * don't lock dpkg in update commands

Other important fixes:
  * Do not package names representing .dsc/.deb/... files (Closes: #854794)
  * avoid validate/delete/load race in cache generation

Bugfix to not install garbage because it was a dep of something that was hold back:
  * don't install new deps of candidates for kept back pkgs

Minor fixes:
  * let {dsc,tar,diff}-only implicitly enable download-only
  * ensure generation of valid EDSP error stanzas
  * don't show update stats if cache generation is disabled
  * fix 'install --no-download' mode
  * show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)
  * bash-completion: Only complete understood file paths for install
    (LP: #1645815)
  * Honour Acquire::ForceIPv4/6 in the https transport
  * Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
    Thanks to James Clarke for debugging these issues
  * CMake: Install statvfs.h to include/sys, not just include/

[Test case]
Mentioned launchpad bugs have their own test case sections. The rest is checked in the CI, so we should just do some updates upgrades and check that everything works.

[Regression Potential]
About 80% of the code difference is covered by test cases. So, there is less than a 20% chance something is wrong. But I think we would have caught these in the three weeks or more these changes spent in Debian unstable and (1 week less) testing.

summary: - New upstream microrelease 1.3.5
+ [SRU] Update apt/yakkety to1.3.5
summary: - [SRU] Update apt/yakkety to1.3.5
+ [SRU] Update apt/yakkety to 1.3.5
Julian Andres Klode (juliank) wrote :

Also see #1668285 for the xenial bug.

Changed in apt (Ubuntu):
status: New → Fix Released
Changed in apt (Ubuntu Yakkety):
status: New → In Progress
Julian Andres Klode (juliank) wrote :

Uploaded now.

Hello Julian, or anyone else affected,

Accepted apt into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.3.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in apt (Ubuntu Yakkety):
status: In Progress → Fix Committed
tags: added: verification-needed
Julian Andres Klode (juliank) wrote :

1.3.5 looks good in update and upgrade scenarios.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.3.5

---------------
apt (1.3.5) yakkety; urgency=medium

  * Microrelease covering important fixes of 1.4~rc2 (LP: #1668280)

  [ David Kalnischkies ]
  * don't install new deps of candidates for kept back pkgs
  * keep Release.gpg on untrusted to trusted IMS-Hit (Closes: 838779)
    (LP: #1657440)
  * reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges (Closes: 842877)
  * add TMP/TEMP/TEMPDIR to the TMPDIR DropPrivileges dance
  * react to trig-pend only if we have nothing else to do
  * correct cross & disappear progress detection
  * improve arch-unqualified dpkg-progress parsing
  * don't perform implicit crossgrades involving M-A:same
  * do not configure unconfigured to be removed packages
  * skip unconfigure for unconfigured to-be removed pkgs
  * get pdiff files from the same mirror as the index
  * let {dsc,tar,diff}-only implicitly enable download-only
  * ensure generation of valid EDSP error stanzas
  * fix minimum pkgs option for dpkg --recursive usage
  * don't show update stats if cache generation is disabled
  * don't lock dpkg in 'apt-get clean'
  * don't lock dpkg in update commands
  * avoid validate/delete/load race in cache generation
  * fix 'install --no-download' mode
  * remove 'old' FAILED files in the next acquire call (Closes: 846476)
  * stop rred from leaking debug messages on recovered errors (Closes: #850759)

  [ Edgar Fuß ]
  * http: clear content before reporting the failure (Closes: #465572)

  [ Paul Wise ]
  * show output as documented for APT::Periodic::Verbose 2 (Closes: 845599)

  [ John R. Lenton ]
  * bash-completion: Only complete understood file paths for install
    (LP: #1645815)

  [ Lukasz Kawczynski ]
  * Honour Acquire::ForceIPv4/6 in the https transport

  [ Julian Andres Klode ]
  * basehttp: Only read Content-Range on 416 and 206 responses (LP: #1657567)
  * Only merge acquire items with the same meta key (Closes: #838441)
  * Do not package names representing .dsc/.deb/... files (Closes: #854794)
  * Don't use -1 fd and AT_SYMLINK_NOFOLLOW for faccessat()
    Thanks to James Clarke for debugging these issues
  * CMake: Install statvfs.h to include/sys, not just include/

 -- Julian Andres Klode <email address hidden> Mon, 27 Feb 2017 15:02:40 +0100

Changed in apt (Ubuntu Yakkety):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for apt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers