[Bug 1086997] Re: apt-get fails if a package has a space in its Filename
Launchpad Bug Tracker
1086997 at bugs.launchpad.net
Wed Jul 10 20:07:55 UTC 2013
This bug was fixed in the package apt - 0.9.9.1~ubuntu1
---------------
apt (0.9.9.1~ubuntu1) saucy; urgency=low
* merged from the debian/sid branch:
- debian/gbp.conf: change build branch to ubuntu/master
- use ubuntu keyring and ubuntu archive keyring in apt-key
- run update-apt-xapian-index in apt.cron
- run apt-key net-update in cron.daily
- different example sources.list
- APT::pkgPackageManager::MaxLoopCount set to 5000
- apport pkgfailure handling
- ubuntu changelog download handling
- patch for apt cross-building, see http://bugs.debian.org/666772
- debian/apt.auto-removal.sh
+ make kernels auto-removable
apt (0.9.9.1) UNRELEASED; urgency=low
* debian/rules:
- call dh_clean in clean (closes: #714980)
apt (0.9.9) unstable; urgency=low
[ Michael Vogt ]
* improve debug output for the Debug::pkgProblemResolver and
Debug::pkgDepCache::AutoInstall
* improve apt-cdrom output when no CD-ROM can be auto-detected
* document --no-auto-detect in apt-cdrom
[ David Kalnischkies ]
* build the en manpages in subdirectory doc/en
* remove -ldl from cdrom and -lutil from apt-get linkage
* rewrite pkgOrderList::DepRemove to stop incorrect immediate setting
(Closes: 645713)
* prefer Essentials over Removals in ordering score
* fix priority sorting by prefering higher in MarkInstall
* try all providers in order if uninstallable in MarkInstall
* do unpacks before configures in SmartConfigure (Closes: #707578)
* fix support for multiple patterns in apt-cache search (Closes: #691453)
* set Fail flag in FileFd on all errors consistently
* don't explicitly init ExtractTar InFd with invalid fd
* OpenDescriptor should autoclose fd always on error (Closes: #704608)
* fail in CopyFile if the FileFds have error flag set
* ensure state-dir exists before coyping cdrom files
* fix file location for configure-index.gz in apt.conf(5) (Closes: #711921)
* handle missing "Description" in apt-cache show (Closes: #712435)
* try defaults if auto-detection failed in apt-cdrom (Closes: #712433)
* support \n and \r\n line endings in ReadMessages
* do not redownload unchanged InRelease files
* trigger NODATA error for invalid InRelease files (Closes: #712486)
apt (0.9.8.2) unstable; urgency=low
[ Programs translations ]
* French translation : typo fix. Closes: #677272
[ Guillem Jover ]
* Update Vcs fields (Closes: #708562)
[ Michael Vogt ]
* buildlib/apti18n.h.in:
- fix build failure when building without NLS (closes: #671587)
[ Gregoire Menuel ]
* Fix double free (closes: #711045)
[ Raphael Geissert ]
* Fix crash when the "mirror" method does not find any entry
(closes: #699303)
[ Johan Kiviniemi ]
* cmdline/apt-key:
- Create new keyrings with mode 0644 instead of 0600.
- Accept a nonexistent --keyring file with the adv subcommand as well.
apt (0.9.8.1) unstable; urgency=low
[ David Kalnischkies ]
* apt-pkg/indexcopy.cc:
- non-inline RunGPGV methods to restore ABI compatibility with previous
versions to fix partial upgrades (Closes: #707771)
[ Michael Vogt ]
* moved source to http://git.debian.org/apt/apt.git
* updated gbp.conf to match what bzr-buildpackage is doing
* remove .bzr-buildpackage/default.conf (superseeded by gbp.conf)
apt (0.9.8) unstable; urgency=low
[ Ludovico Cavedon ]
* properly handle if-modfied-since with libcurl/https
(closes: #705648)
[ Andreas Beckman ]
* apt-pkg/algorithms.cc:
- Do not propagate negative scores from rdepends. Propagating the absolute
value of a negative score may boost obsolete packages and keep them
installed instead of installing their successors. (Closes: #699759)
[ Michael Vogt ]
* apt-pkg/sourcelist.cc:
- fix segfault when a hostname contains a [, thanks to
Tzafrir Cohen (closes: #704653)
* debian/control:
- replace manpages-it (closes: #704723)
[ David Kalnischkies ]
* various simple changes to fix cppcheck warnings
* apt-pkg/pkgcachegen.cc:
- do not store the MD5Sum for every description language variant as
it will be the same for all so it can be shared to save cache space
- handle language tags for descriptions are unique strings to be shared
- factor version string creation out of NewDepends, so we can easily reuse
version strings e.g. for implicit multi-arch dependencies
- equal comparisions are used mostly in same-source relations,
so use this to try to reuse some version strings
- sort group and package names in the hashtable on insert
- share version strings between same versions (of different architectures)
to save some space and allow quick comparisions later on
* apt-pkg/pkgcache.cc:
- assume sorted hashtable entries for groups/packages
* apt-pkg/cacheiterators.h:
- provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
* apt-pkg/deb/debversion.cc:
- add a string-equal shortcut for equal version comparisions
[ Marc Deslauriers ]
* make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
[ Yaroslav Halchenko ]
* Fix English spelling error in a message ('A error'). Unfuzzy
translations. Closes: #705087
[ Programs translations ]
* French translation completed (Christian Perrier)
[ Manpages translations ]
* French translation completed (Christian Perrier)
[ Daniel Hartwig ]
* apt-pkg/contrib/strutl.cc:
- include port in shortened URIs (e.g. with apt-cache policy, progress
display) thanks to James McCoy (Closes: #154868, #322074)
- percent-encode username and password when writing URIs
* methods/http.cc:
- properly escape IP-literals (e.g. IPv6 address) when building
Host headers and URIs (Closes: #620344)
* methods/https.cc:
- use https_proxy environment variable if present, falling back to
http_proxy otherwise
- use authentication credentials from proxy URI
(Closes: #651640, LP: #1087512)
- environment variables do not override an explicit no proxy
directive ("DIRECT") in apt.conf
- disregard all_proxy environment variable, like other methods
apt (0.9.7.9~exp3) experimental; urgency=low
[ Michael Vogt ]
* apt-pkg/sourcelist.cc:
- fix segfault when a hostname contains a [, thanks to
Tzafrir Cohen (closes: #704653)
* debian/control:
- replace manpages-it (closes: #704723)
[ David Kalnischkies ]
* various simple changes to fix cppcheck warnings
* apt-pkg/pkgcachegen.cc:
- do not store the MD5Sum for every description language variant as
it will be the same for all so it can be shared to save cache space
- handle language tags for descriptions are unique strings to be shared
- factor version string creation out of NewDepends, so we can easily reuse
version strings e.g. for implicit multi-arch dependencies
- equal comparisions are used mostly in same-source relations,
so use this to try to reuse some version strings
- sort group and package names in the hashtable on insert
- share version strings between same versions (of different architectures)
to save some space and allow quick comparisions later on
* apt-pkg/pkgcache.cc:
- assume sorted hashtable entries for groups/packages
* apt-pkg/cacheiterators.h:
- provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
* apt-pkg/deb/debversion.cc:
- add a string-equal shortcut for equal version comparisions
[ Marc Deslauriers ]
* make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
[ Yaroslav Halchenko ]
* Fix English spelling error in a message ('A error'). Unfuzzy
translations. Closes: #705087
[ Programs translations ]
* French translation completed (Christian Perrier)
[ Manpages translations ]
* French translation completed (Christian Perrier)
[ Daniel Hartwig ]
* apt-pkg/contrib/strutl.cc:
- include port in shortened URIs (e.g. with apt-cache policy, progress
display) thanks to James McCoy (Closes: #154868, #322074)
- percent-encode username and password when writing URIs
* methods/http.cc:
- properly escape IP-literals (e.g. IPv6 address) when building
Host headers and URIs (Closes: #620344)
* methods/https.cc:
- use https_proxy environment variable if present, falling back to
http_proxy otherwise
- use authentication credentials from proxy URI
(Closes: #651640, LP: #1087512)
- environment variables do not override an explicit no proxy
directive ("DIRECT") in apt.conf
- disregard all_proxy environment variable, like other methods
apt (0.9.7.9~exp2) experimental; urgency=low
[ Programs translations ]
* Update all PO files and apt-all.pot
* French translation completed (Christian Perrier)
[ Daniel Hartwig ]
* cmdline/apt-get.cc:
- do not have space between "-a" and option when cross building
(closes: #703792)
* test/integration/test-apt-get-download:
- fix test now that #1098752 is fixed
* po/{ca,cs,ru}.po:
- fix merge artifact
[ David Kalnischkies ]
* apt-pkg/indexcopy.cc:
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
* apt-pkg/contrib/gpgv.cc:
- ExecGPGV is a method which should never return, so mark it as such
and fix the inconsistency of returning in error cases
- don't close stdout/stderr if it is also the statusfd
- if ExecGPGV deals with a clear-signed file it will split this file
into data and signatures, pass it to gpgv for verification
- add method to open (maybe) clearsigned files transparently
* apt-pkg/acquire-item.cc:
- keep the last good InRelease file around just as we do it with
Release.gpg in case the new one we download isn't good for us
* apt-pkg/deb/debmetaindex.cc:
- reenable InRelease by default
* ftparchive/writer.cc,
apt-pkg/deb/debindexfile.cc,
apt-pkg/deb/deblistparser.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc and Release files
[ Michael Vogt ]
* add regression test for CVE-2013-1051
* implement GPGSplit() based on the idea from Ansgar Burchardt
(many thanks!)
* methods/connect.cc:
- use Errno() instead of strerror(), thanks to David Kalnischk
* doc/apt.conf.5.xml:
- document Acquire::ForceIPv{4,6}
apt (0.9.7.9~exp1) experimental; urgency=low
[ Niels Thykier ]
* test/libapt/assert.h, test/libapt/run-tests:
- exit with status 1 on test failure
[ Daniel Hartwig ]
* test/integration/framework:
- continue after test failure but preserve exit status
[ Programs translation updates ]
* Turkish (Mert Dirik). Closes: #703526
[ Colin Watson ]
* methods/connect.cc:
- provide useful error message in case of EAI_SYSTEM
(closes: #703603)
[ Michael Vogt ]
* add new config options "Acquire::ForceIPv4" and
"Acquire::ForceIPv6" to allow focing one or the other
(closes: #611891)
* lp:~mvo/apt/fix-tagfile-hash:
- fix false positives in pkgTagSection.Exists(), thanks to
Niels Thykier for the testcase (closes: #703240)
- this will require rebuilds of the clients as this used to
be a inline function
apt (0.9.7.8) unstable; urgency=criticial
* SECURITY UPDATE: InRelease verification bypass
- CVE-2013-1051
[ David Kalnischk ]
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
apt (0.9.7.8~exp2) experimental; urgency=low
* include two missing patches to really fix bug #696225, thanks to
Guillem Jover
* ensure sha512 is really used when available, thanks to Tyler Hicks
(LP: #1098752)
apt (0.9.7.8~exp1) experimental; urgency=low
[ Manpages translation updates ]
* Italian (Beatrice Torracca). Closes: #696601
[ Programs translation updates ]
* Japanese (Kenshi Muto). Closes: #699783
[ Michael Vogt ]
* fix pkgProblemResolver::Scores, thanks to Paul Wise.
Closes: #697577
* fix missing translated apt.8 manpages, thanks to Helge Kreutzmann
for the report. Closes: #696923
* apt-pkg/contrib/progress.cc:
- Make "..." translatable to fix inconsistencies in the output
of e.g. apt-get update. While this adds new translatable strings,
not having translations for them will not break anything.
Thanks to Guillem Jover. Closes: #696225
* debian/apt.cron.daily:
- when reading from /dev/urandom, use less entropy and fix a rare
bug when the random number chksum is less than 1000.
Closes: #695285
* methods/https.cc:
- reuse connection in https, thanks to Thomas Bushnell, BSG for the
patch. LP: #1087543, Closes: #695359
- add missing curl_easy_cleanup()
* methods/http.cc:
- quote spaces in filenames to ensure as the http method is also
(potentially) used for non deb,dsc content that may contain
spaces, thanks to Daniel Hartwig and Thomas Bushnell
(LP: #1086997)
- quote plus in filenames to work around a bug in the S3 server
(LP: #1003633)
* apt-pkg/indexrecords.cc:
- support '\r' in the Release file
[ David Kalnischkies ]
* apt-pkg/depcache.cc:
- prefer to install packages which have an already installed M-A:same
sibling while choosing providers (LP: #1130419)
-- Michael Vogt <michael.vogt at ubuntu.com> Wed, 10 Jul 2013 17:03:52 +0200
** Changed in: apt (Ubuntu)
Status: Fix Committed => Fix Released
** Bug watch added: Debian Bug tracker #666772
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666772
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1051
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1086997
Title:
apt-get fails if a package has a space in its Filename
Status in “apt” package in Ubuntu:
Fix Released
Bug description:
If a package has a space in its Filename: entry in the Packages file,
you get errors on HTTP resolution.
Normal Debian repos don't have a case like that, but the Packages file
should work even if packages are not stored in the pool in the most
usual way.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1086997/+subscriptions
More information about the foundations-bugs
mailing list