group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1814727] Re: Backport never pinning and Packages-Require-Authorization

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1814727@xxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Mar 2019 11:00:26 -0000
Reply-to: Bug 1814727 <1814727@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apt - 1.2.31

---------------
apt (1.2.31) xenial; urgency=medium

  * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
  * apt.dirs: Install auth.conf.d directory (LP: #1818996)
  * Merge translations from 1.6.10 (via 1.4.y branch)

apt (1.2.30) xenial; urgency=medium

  * merge security upload for content injection in http method (CVE-2019-3462);
    with fixed autopkgtest (LP: #1815750)
  * Introduce experimental 'never' pinning for sources (LP: #1814727)
  * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120)
  * Add a Packages-Require-Authorization Release file field (LP: #1814727)
  * NeverAutoRemove kernel meta packages (LP: #1787460)
  * doc: Set ubuntu-codename to xenial (LP: #1812696)
  * update: Provide APT::Update-Post-Invoke-Stats script hook point
    (LP: #1815760)
  * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761)

 -- Julian Andres Klode <juliank@xxxxxxxxxx>  Tue, 12 Mar 2019 14:59:01
+0100

** Changed in: apt (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-3462

** Changed in: apt (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1814727

Title:
  Backport never pinning and Packages-Require-Authorization

Status in apt package in Ubuntu:
  Fix Released
Status in apt source package in Trusty:
  Fix Released
Status in apt source package in Xenial:
  Fix Released
Status in apt source package in Bionic:
  Fix Released
Status in apt source package in Cosmic:
  Fix Released
Status in apt source package in Disco:
  Fix Released

Bug description:
  [Impact]
  These are not driven from a direct user experience, but are related to other developments:

  (1) unattended-upgrades could use the never pinning to disable
  repositories rather than switching candidates. That would simplify
  code quite a bit.

  (2) Packages-Require-Authorization lets a repository declare that
  downloading packages from it requires authorization. This is useful
  both for private repositories, as it can prevent unattended-upgrades
  failures if you remove authorization info; and it also allows creating
  a new form of semi-private repository, where only pool/ requires
  authorization.

  [Test case]
  Tests are included in autopkgtests and cover the common scenarios
  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-packages-require-authorization:
  (1) Add repository with Packages-Require-Authorization and no auth.conf entry: pin -32768
  (2) Add repository with Packages-Require-Authorization and a auth.conf entry: pin 500
  (3) As (2), but a custom pin still applies

  https://salsa.debian.org/apt-team/apt/blob/master/test/integration/test-policy-pinning#L365
  (1) Test that Pin-Priority: never overrides both per-package pins and per-repository pins
  (2) Test that Pin-Priority: never is only applied for per-repository (Package: *) pins

  [Regression potential]
  The changes might introduce regressions in pinning. The pinning implementation in trusty is substantially different from the other releases, and should thus require more testing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1814727/+subscriptions