GitLab

Using 'pureos/latest' is the current recommendation due
https://tracker.pureos.net/w/development/packaging_overview

python-apt Debian release 2.2.1

The mirror list location moved, without any communication,
breaking the release process :/ Update to new location dug
out of d-i bug report.

+ python-apt-common: Add Multi-Arch: foreign.

Changes-By: apply-multiarch-hints
Closes: #968458
Gbp-Dch: full

Passing the binary causes it to fail trying to find the `false`
compressor when a binary for a given compressor is not installed.

Gbp-Dch: full
LP: #1926437

We disabled that in 2016, but it does not seem necessary anymore,
seems to break LTO and possibly reduces security.

python-apt Debian release 2.1.7

Closes: #980719

The internal FileFd object now owned the PyObject* that gave us
the descriptor but we were never visiting that object during garbage
collection, so if there was a cycle, Python could not realize that.

Make the objects garbage collectable, by adding VISIT and CLEAR
calls for self->Fd, and by making the FileFd object support garbage
collection in the first place.

correctly

The lines that created self->Fd and that then made use of it were
swapped, causing a segmentation fault.

Also the life of the file object was tracked incorrectly, causing
the file to be closed if it was a temporary one.

Closes: #977000

apt_inst.DebFile provides two members `data` and `control` for
easy access to those tarballs. Each of those members stores a
reference to the DebFile as its owner:

           v-----------------\
        control ----\        |
                     -> deb -|
        data    ----/        |
           ^-----------------/

This means that whenever a DebFile is successfully constructed,
and no longer needed, it won't be collected until the GC runs,
which is bad, as the DebFile holds an open FileFd.

Introduce a __FileFd wrapper that holds the FileFd and becomes
the owner of both control and data, and replaces the direct use
of the FileFd in ArArchive/DebFile:

          v-----------------------------\
        control ----\                    \
                     -> __FileFd <- deb -|
        data    ----/                    /
          ^-----------------------------/

This avoids the reference cycle, ensuring the memory and file
descriptor are released by the reference counter as soon as
the reference count drops to 0.

A future version should move `apt_inst.__FileFd` to `apt_pkg.FileFd`
and expose all the methods, such that people can make use of FileFd's
extensive compression support.

We have a similar cycle in TagFile that we have yet to address,
the problem there is arguably more frustrating, as the buffer
I believe is stored inside the TagFile, and that's really shared
between the TagSection objects.

This is related to LP: #1899193 and CVE-2020-27351, but an additional
hardening measure - the fix for those bugs was for more direct leaks.

Fix various file descritor, and memory leaks in ArArchive, DebFile,
and TagFile by introducing a new PyApt_UniqueObject smart pointer
that is like a unique_ptr, but backportable to older releases, and
automatically clears subobjects, so objects with cycles like DebFile
and TagFile will be released on error paths.

LP: #1899193
GHSL-2020-170
CVE-2020-27351

Varying cases and one is just shortened to medium, but
oh well, it's all better than the previous words.

LP: #1849406

Do not hardcode Debian + Ubuntu codenames, use distro-info-data

See merge request apt-team/python-apt!52

Code cleanup I did not want to mix with the actual work.

Gbp-Dch: ignore

The new name is less confusing, and makes stuff easier, but
also harder for pinning, but who cares really.

and Ubuntu

Read the data from distro-info-data and expand templates
in-memory such that we don't have to duplicate data.

For Ubuntu, this changes some historical releases a bit more, but the
changes do seem correct, and the test suite still passes. Mostly just
some reorganization that was done in later releases passed down to older
releases.

LP: #1727470

Also remove the APT PPA

Mypy 0.790 complains that:

apt/package.py:473: error: Variable "builtins.NotImplemented" is not valid as a type
apt/package.py:473: note: See https://mypy.readthedocs.io/en/latest/common_issues.html#variables-vs-type-aliases

This worked fine in 0.782.

As a workaround, use Any instead of NotImplemented. Ugh

See https://github.com/python/mypy/issues/4791 for more
information.

Fix some issues reported by lintian

See merge request apt-team/python-apt!49

Fix sphinx docs

See merge request apt-team/python-apt!51

Fix a trivial "unused comment" complaint from mypy

Squash lots of warnings about improper C syntax by switching the docs
to use the sphinx cpp domain instead (which also required switching
c:data definitions to cpp:var as the latter domain lacks the "data"
definition).

The highlightlang directive was deprecated in favour of highlight.
Also fix a warning about parsing a code-block (which is actually an
e-mail snippet).