-apt (0.9.5.2) UNRELEASED; urgency=low
+apt (0.9.7.9~exp2) experimental; urgency=low
+
+ [ Programs translations ]
+ * Update all PO files and apt-all.pot
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * cmdline/apt-get.cc:
+ - do not have space between "-a" and option when cross building
+ (closes: #703792)
+ * test/integration/test-apt-get-download:
+ - fix test now that #1098752 is fixed
+ * po/{ca,cs,ru}.po:
+ - fix merge artifact
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+ * apt-pkg/contrib/gpgv.cc:
+ - ExecGPGV is a method which should never return, so mark it as such
+ and fix the inconsistency of returning in error cases
+ - don't close stdout/stderr if it is also the statusfd
+ - if ExecGPGV deals with a clear-signed file it will split this file
+ into data and signatures, pass it to gpgv for verification
+ - add method to open (maybe) clearsigned files transparently
+ * apt-pkg/acquire-item.cc:
+ - keep the last good InRelease file around just as we do it with
+ Release.gpg in case the new one we download isn't good for us
+ * apt-pkg/deb/debmetaindex.cc:
+ - reenable InRelease by default
+ * ftparchive/writer.cc,
+ apt-pkg/deb/debindexfile.cc,
+ apt-pkg/deb/deblistparser.cc:
+ - use OpenMaybeClearSignedFile to be free from detecting and
+ skipping clearsigning metadata in dsc and Release files
+
+ [ Michael Vogt ]
+ * add regression test for CVE-2013-1051
+ * implement GPGSplit() based on the idea from Ansgar Burchardt
+ (many thanks!)
+ * methods/connect.cc:
+ - use Errno() instead of strerror(), thanks to David Kalnischk
+ * doc/apt.conf.5.xml:
+ - document Acquire::ForceIPv{4,6}
+
+ -- Michael Vogt <mvo@debian.org> Wed, 03 Apr 2013 14:19:58 +0200
+
+apt (0.9.7.9~exp1) experimental; urgency=low
+
+ [ Niels Thykier ]
+ * test/libapt/assert.h, test/libapt/run-tests:
+ - exit with status 1 on test failure
+
+ [ Daniel Hartwig ]
+ * test/integration/framework:
+ - continue after test failure but preserve exit status
+
+ [ Programs translation updates ]
+ * Turkish (Mert Dirik). Closes: #703526
+
+ [ Colin Watson ]
+ * methods/connect.cc:
+ - provide useful error message in case of EAI_SYSTEM
+ (closes: #703603)
+
+ [ Michael Vogt ]
+ * add new config options "Acquire::ForceIPv4" and
+ "Acquire::ForceIPv6" to allow focing one or the other
+ (closes: #611891)
+ * lp:~mvo/apt/fix-tagfile-hash:
+ - fix false positives in pkgTagSection.Exists(), thanks to
+ Niels Thykier for the testcase (closes: #703240)
+ - this will require rebuilds of the clients as this used to
+ be a inline function
+
+ -- Michael Vogt <mvo@debian.org> Fri, 22 Mar 2013 21:57:08 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
+
+apt (0.9.7.8~exp2) experimental; urgency=low
+
+ * include two missing patches to really fix bug #696225, thanks to
+ Guillem Jover
+ * ensure sha512 is really used when available, thanks to Tyler Hicks
+ (LP: #1098752)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 19:06:55 +0100
+
+apt (0.9.7.8~exp1) experimental; urgency=low
+
+ [ Manpages translation updates ]
+ * Italian (Beatrice Torracca). Closes: #696601
+
+ [ Programs translation updates ]
+ * Japanese (Kenshi Muto). Closes: #699783
+
+ [ Michael Vogt ]
+ * fix pkgProblemResolver::Scores, thanks to Paul Wise.
+ Closes: #697577
+ * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann
+ for the report. Closes: #696923
+ * apt-pkg/contrib/progress.cc:
+ - Make "..." translatable to fix inconsistencies in the output
+ of e.g. apt-get update. While this adds new translatable strings,
+ not having translations for them will not break anything.
+ Thanks to Guillem Jover. Closes: #696225
+ * debian/apt.cron.daily:
+ - when reading from /dev/urandom, use less entropy and fix a rare
+ bug when the random number chksum is less than 1000.
+ Closes: #695285
+ * methods/https.cc:
+ - reuse connection in https, thanks to Thomas Bushnell, BSG for the
+ patch. LP: #1087543, Closes: #695359
+ - add missing curl_easy_cleanup()
+ * methods/http.cc:
+ - quote spaces in filenames to ensure as the http method is also
+ (potentially) used for non deb,dsc content that may contain
+ spaces, thanks to Daniel Hartwig and Thomas Bushnell
+ (LP: #1086997)
+ - quote plus in filenames to work around a bug in the S3 server
+ (LP: #1003633)
+ * apt-pkg/indexrecords.cc:
+ - support '\r' in the Release file
+
+ [ David Kalnischkies ]
+ * apt-pkg/depcache.cc:
+ - prefer to install packages which have an already installed M-A:same
+ sibling while choosing providers (LP: #1130419)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 14:16:42 +0100
+
+apt (0.9.7.7) unstable; urgency=low
+
+ [ Program translation updates ]
+ * Catalan (Jordi Mallach)
+ * Drop a confusing non-breaking space. Closes: #691024
+ * Thai (Theppitak Karoonboonyanan). Closes: #691613
+ * Vietnamese (Trần Ngọc Quân). Closes: #693773
+ * Fix Plural forms in German, French, Japanese and Portuguese
+ translations. Thanks to Jakub Wilk for reporting these errors.
+
+ [ David Kalnischkies ]
+ * apt-pkg/packagemanager.cc:
+ - do not do lock-step configuration for a M-A:same package if it isn't
+ unpacked yet in SmartConfigure and do not unpack a M-A:same package
+ again in SmartUnPack if we have already configured it (LP: #1062503)
+ * apt-pkg/depcache.cc:
+ - don't call MarkInstall with the FromUser flag set for packages
+ which are dependencies of APT::Never-MarkAuto-Sections matchers
+ - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk
+ * cmdline/apt-get.cc:
+ - do not call Mark{Install,Delete} from the autoremove code with
+ the FromUser bit set to avoid modifying the auto-installed bit
+ * apt-pkg/algorithms.cc:
+ - ensure pkgProblemResolver calls MarkDelete without FromUser set
+ so that it can't overrule holds and the protection flag
+
+ [ Michael Vogt ]
+ * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
+
+ [ Jonathan Thomas ]
+ * apt-pkg/algorithms.cc:
+ - fix package-pointer array memory leak in ResolveByKeepInternal()
+
+ -- Michael Vogt <mvo@debian.org> Thu, 13 Dec 2012 09:52:19 +0100
+
+apt (0.9.7.6) unstable; urgency=low
+
+ [ Program translation updates ]
+ * Ukrainian (A. Bondarenko)
+
+ [ David Kalnischkies ]
+ * apt-pkg/pkgcachegen.cc:
+ - ensure that dependencies for packages:none are always generated
+ - add 2 missing remap registrations causing a segfault in case
+ we use the not remapped iterators after a move of the mmap again
+ - write the native architecture as unique string into the cache header
+ as it is used for arch:all packages as a map to arch:native.
+ Otherwise arch comparisons later will see differences (Closes: #689323)
+ * apt-pkg/pkgcache.cc:
+ - ignore negative dependencies applying in the same group for M-A:same
+ packages on the real package name as self-conflicts (Closes: #688863)
+ * cmdline/apt-cache.cc:
+ - print versioned dependency relations in (r)depends if the option
+ APT::Cache::ShowVersion is true (default: false) as discussed in
+ #218995 to help debian-cd fixing #687949. Thanks to Sam Lidder
+ for initial patch and Steve McIntyre for nagging and testing!
+ * apt-pkg/edsp.cc:
+ - include reinstall requests and already installed (= protected) packages
+ in the install-request for external resolvers (Closes: #689331)
+ * apt-pkg/policy.cc:
+ - match pins with(out) an architecture as we do on the commandline
+ (partly fixing #687255, b= support has to wait for jessie)
+ * apt-pkg/contrib/netrc.cc:
+ - remove the 64 char limit for login/password in internal usage
+ - remove 256 char line limit by using getline() (POSIX.1-2008)
+
+ [ Colin Watson ]
+ * apt-pkg/pkgcachegen.cc:
+ - Fix crash if the cache is remapped while writing a Provides version
+ (LP: #1066445).
+
+ -- Michael Vogt <mvo@debian.org> Tue, 16 Oct 2012 18:08:53 +0200
+
+apt (0.9.7.5) unstable; urgency=low
+
+ [ Manpages translation updates ]
+ * Japanese (KURASAWA Nozomu) (Closes: #684435)
+ * Portuguese (Américo Monteiro) (Closes: #686975)
+
+ [ David Kalnischkies ]
+ * handle packages without a mandatory architecture (debian-policy §5.3)
+ by introducing a pseudo-architecture 'none' so that the small group of
+ users with these packages can get right of them without introducing too
+ much hassle for other users (Closes: #686346)
+ * apt-pkg/cdrom.cc:
+ - copy only configured translation files from a CD-ROM and not all
+ available translation files preventing new installs with d-i from
+ being initialized with all translations (Closes: #678227)
+ - handle Components in the reduction for the source.list as multi-arch CDs
+ otherwise create duplicated source entries (e.g. "wheezy main main")
+ * apt-pkg/packagemanager.cc:
+ - unpack versions only in case a different version from the package
+ is currently in unpack state to recover from broken system states
+ (like different file in M-A:same package and other dpkg errors)
+ and avoid re-unpack otherwise (Closes: #670900)
+ * debian/control:
+ - let libapt-pkg break apt < 0.9.4 to ensure that the installed http-
+ method supports the new redirection-style, thanks to Raphael Geissert
+ for reporting & testing (Closes: #685192)
+ * doc/apt_preferences.5.xml:
+ - use the correct interval (x <= P < y) for pin value documentation as
+ these are the intervals used by the code (Closes: #685989)
+ * apt-pkg/indexcopy.cc:
+ - do not create duplicated flat-archive CD-ROM sources for foreign
+ architectures on multi-arch CD-ROMs
+ - do not warn about files which have a record in the Release file, but
+ are not present on the CD to mirror the behavior of the other methods
+ and to allow uncompressed indexes to be dropped without scaring users
+ * apt-pkg/pkgcachegen.cc:
+ - do not create 'native' (or now 'none') package structures as a side
+ effect of description translation parsing as it pollutes the cache
+
+ -- Michael Vogt <mvo@debian.org> Tue, 11 Sep 2012 15:56:44 +0200
+
+apt (0.9.7.4) unstable; urgency=low
+
+ [ Manpages translation updates ]
+ * Polish (Robert Luberda) (Closes: #683109)
+
+ [ Program translation updates ]
+ * Polish (Michał Kułach)
+
+ [ Pino Toscano ]
+ * apt-pkg/contrib/mmap.cc:
+ - guard only the msync call with _POSIX_SYNCHRONIZED_IO rather
+ than also the fallback code as it breaks APT on hurd since 0.9.7.3
+ as the fallback is now always used on non-linux (Closes: #683354)
+
+ [ David Kalnischkies ]
+ * apt-pkg/contrib/fileutl.cc:
+ - remove _POSIX_SYNCHRONIZED_IO guard in FileFd::Sync() around fsync
+ as this guard is only needed for fdatasync and not defined on hurd
+ * cmdline/apt-get.cc:
+ - error out on (unsatisfiable) build-deps on purly virtual packages
+ instead of ignoring these dependencies; thanks to Johannes Schauer
+ for the detailed report! (Closes: #683786)
+ - ensure that the right architecture is used for cross-dependencies in
+ cases we have to choose a provider by defaulting on host-arch
+ instead of build-arch
+ * doc/apt-verbatim.ent:
+ - denote 'wheezy' as stable codename and 'jessie' as testing codename
+ in the documentation in preparation for release
+ * apt-pkg/indexcopy.cc:
+ - do not use atomic writing if the target is /dev/null as we don't want
+ to replace it, not even automically. (Closes: #683410)
+ * apt-pkg/cdrom.cc:
+ - do not link() but rename() the cdroms.list to cdroms.list~ as a backup
+ to ensure that apt-cdrom can be run multiple times (Closes: #676302)
+
+ -- Michael Vogt <mvo@debian.org> Mon, 06 Aug 2012 15:55:04 +0200
+
+apt (0.9.7.3) unstable; urgency=low
+
+ [ Manpages translation updates ]
+ * Spanish; (Omar Campagne). Closes: #681566
+
+ [ Program translation updates ]
+ * Czech (Miroslav Kure). Closes: #680758
+
+ [ David Kalnischkies ]
+ * apt-pkg/cacheset.cc:
+ - handle :all and :native correctly as architectures again
+ in the commandline parsing (regression in 0.9.7)
+ * apt-pkg/packagemanager.cc:
+ - do not segfault if nothing can be configured to statisfy
+ a pre-depends (e.g. in a pre-depends loop) (Closes: #681958)
+ * apt-pkg/contrib/mmap.cc:
+ - trigger the usage of the fallback code for kfreebsd also in the
+ second (filebased) constructor of DynamicMMap (Closes: #677704)
+ - refer to APT::Cache-Start in case the growing failed as if -Limit is
+ really the offender it will be noted in a previous error message.
+ - for filesystems not supporting mmap'ing a file we need to use a
+ SyncToFd dummy just as we did for compressed files in 0.9.5
+
+ -- Michael Vogt <mvo@debian.org> Fri, 27 Jul 2012 17:53:41 +0200
+
+apt (0.9.7.2) unstable; urgency=low
+
+ [ Manpages translation updates ]
+ * French (Christian Perrier)
+ * German (Chris Leick)
+
+ [ Program translation updates ]
+ * Greek (Θανάσης Νάτσης)
+ * Japanese (Kenshi Muto) (Closes: #679662)
+ * Russian (Yuri Kozlov) (Closes: #679599)
+ * Danish (Joe Dalton) (Closes: #680119)
+ * Portuguese (Miguel Figueiredo) (Closes: #680616)
+
+ [ David Kalnischkies ]
+ * debian/apt.cron.daily:
+ - do not try to backup extended_states file if it doesn't
+ exist (Closes: #680287)
+ * ftparchive/writer.cc:
+ - handle the APT::FTPArchive::Packages::SHA512 option correctly instead
+ of overriding SHA256, thanks Christian Marillat! (Closes: #680252)
+ * cmdline/apt-mark.cc:
+ - arch:all packages are treated as arch:native packages, but dpkg
+ expects pkg:all for selections, so use the arch of the installed
+ version instead of the package structure if possible.
+ Thanks to Stepan Golosunov for the report! (Closes: #680041)
+ * apt-pkg/clean.cc:
+ - run autoclean against pkg:arch and not always against pkg:native as
+ this removes valid cache entries (Closes: #679371)
+ * apt-pkg/deb/deblistparser.cc:
+ - negative dependencies need to apply to all architectures,
+ but those with a specific architecture only apply to this one
+ * apt-pkg/cachefilter.cc:
+ - remove architecture-specific arch to tuple expansion-rules as they lead
+ to the same tuples for different architectures (e.g. linux-arm for arm,
+ armel and armhf) while the dpkg-architecture code uses triples which
+ are different (in the first part, which we omit in our tuples), so e.g.
+ build-dep restrictions for armel ended up effecting armhf as well
+
+ -- Michael Vogt <mvo@debian.org> Fri, 13 Jul 2012 21:33:56 +0200
+
+apt (0.9.7.1) unstable; urgency=low
+
+ [ Program translation updates ]
+ * Bulgarian (Damyan Ivanov) (Closes: #678983)
+ * Hungarian (Gabor Kelemen)
+ * Italian (Milo Casagrande)
+ * Slovenian (Andrej Znidarsic)
+ * German (Holger Wansing) (Closes: #679314)
+ * Slovak (Ivan Masár) (Closes: #679448)
[ David Kalnischkies ]
+ * cmdline/apt-internal-solver.cc, cmdline/apt-mark.cc:
+ - typo fixes and unfuzzy translations
+ * debian/control:
+ - libapt-{pkg,inst} packages should be in section 'libs' instead
+ of 'admin' as by ftp-master override request in #677596
+ - demote debiandoc-sgml to Build-Depends-Indep
+ * doc/makefile:
+ - separate translation building of debiandoc from manpages
+ so that we don't need to build debiandoc for binary packages
+
+ -- Michael Vogt <mvo@debian.org> Fri, 29 Jun 2012 14:26:32 +0200
+
+apt (0.9.7) unstable; urgency=low
+
+ [ Julian Andres Klode ]
+ * apt-pkg/contrib/mmap.cc:
+ - Fix the Fallback option to work correctly, by not calling
+ realloc() on a map mapped by mmap(), and by using malloc
+ and friends instead of new[].
+ - Zero out the new memory allocated with realloc().
+
+ [ Daniel Hartwig ]
+ * apt-pkg/pkgcachegen.cc:
+ - always reset _error->StackCount in MakeStatusCache (Closes: #677175)
+
+ [ David Kalnischkies ]
+ * apt-pkg/deb/deblistparser.cc:
+ - ensure that mixed positive/negative architecture wildcards
+ are handled in the same way as dpkg handles them
+ - use PackageArchitectureMatchesSpecification filter
+ * apt-pkg/cachefilter.cc:
+ - add PackageArchitectureMatchesSpecification (Closes: #672603)
+ * apt-pkg/cacheset.cc:
+ - add PackageContainerInterface::FromGroup to support
+ architecture specifications with wildcards on the commandline
+ * apt-pkg/pkgcache.cc:
+ - do a string comparision for architecture checking in IsMultiArchImplicit
+ as 'unique' strings in the pkgcache aren't unique (Closes: #677454)
+ * buildlib/configure.mak:
+ - print a message detailing how to get config.guess and config.sub
+ in case they are not in /usr/share/misc (Closes: #677312)
+ * cmdline/apt-get.cc:
+ - print a friendly message in 'download' if a package can't be
+ downloaded (Closes: #677887)
+
+ -- Michael Vogt <mvo@debian.org> Tue, 19 Jun 2012 16:42:43 +0200
+
+apt (0.9.6) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * apt-pkg/cdrom.cc:
+ - fix regression from 0.9.3 which dumped the main configuration
+ _config instead of the cdrom settings (Cnf) as identified and
+ tested by Milan Kupcevic, thanks! (Closes: #674100)
* cmdline/apt-get.cc:
- do not show 'list of broken packages' header if no package
is broken as it happens e.g. for external resolver errors
+ - print URIs for all changelogs in case of --print-uris,
+ thanks to Daniel Hartwig for the patch! (Closes: #674897)
+ - show 'bzr branch' as 'bzr get' is deprecated (LP: #1011032)
+ - check build-dep candidate if install is forbidden
* debian/apt-utils.links:
- the internal resolver 'apt' is now directly installed in
/usr/lib/apt/solvers, so don't instruct dh to create a broken link
+ * doc/apt-verbatim.ent:
+ - APT doesn't belong to the product 'Linux', so use 'APT' instead
+ as after all APT is a big suite of applications
+ * doc/examples/sources.list:
+ - use the codename instead of 'stable' in the examples sources.list
+ as we do in the manpage and as the debian-installer does
+ * doc/apt-get.8.xml:
+ - use apt-utils as package example instead of libc6
+ * apt-pkg/contrib/cmdline.cc:
+ - apply patch from Daniel Hartwig to fix a segfault in case
+ the LongOpt is empty (Closes: #676331)
+ - fix segfault with empty LongOpt in --no-* branch
+ * ftparchive/apt-ftparchive.cc:
+ - default to putting the Contents-* files below $(SECTION) as apt-file
+ expects them there - thanks Martin-Éric Racine! (Closes: #675827)
+ * apt-pkg/deb/deblistparser.cc:
+ - set pkgCacheGen::Essential to "all" again (Closes: #675449)
+ * apt-pkg/algorithms.cc:
+ - force install only for one essential package out of a group
+ * apt-pkg/aptconfiguration.cc:
+ - if APT::Languages=none save "none" in allCodes so that the detected
+ configuration is cached as intended (Closes: #674690, LP: #1004947)
+ * apt-pkg/cacheiterators.h:
+ - add an IsMultiArchImplicit() method for Dep- and PrvIterator
[ Justin B Rye ]
* doc/apt-cdrom.8.xml:
- replace CDROM with the proper CD-ROM in text
- correct disc vs. disk issues
- * doc/apt-config.8.xml:
+ * doc/apt-extracttemplates.1.xml:
+ - debconf is not DebConf
+ * doc/apt-get.8.xml:
+ - move dselect-upgrade below dist-upgrade
- review and fix spelling issues
+ * doc/apt-ftparchive.8.xml, doc/apt-config.8.xml,
+ doc/apt-key.8.xml, doc/apt-mark.8.xml,
+ doc/apt_preferences.5.xml, doc/apt-secure.8.xml,
+ doc/apt-sortpkgs.1.xml, sources.list.5.xml:
+ - review and fix typo, grammar and style issues
+ * doc/apt.conf.5.xml:
+ - review and fix typo, grammar and style issues
+ - rephrase APT::Immediate-Configuration and many others
+
+ [ Sebastian Heinlein ]
+ * cmdline/apt-key:
+ - do not hardcode /etc but use Dir::Etc instead
+
+ [ Robert Luberda ]
+ * Polish manpage translation update (Closes: #675603)
+ * doc/apt-mark.8.xml:
+ - in hold, the option name is --file not --filename
+
+ [ Christian Perrier ]
+ * French program and manpage translation update
+ * Danish program translation by Joe Hansen. Closes: #675605
+ [ Thibaut Girka ]
+ * cmdline/apt-get.cc:
+ - complain correctly about :any build-dep on M-A:none packages
+ * apt-pkg/deb/deblistparser.cc:
+ - add support for arch-specific qualifiers in dependencies
- -- David Kalnischkies <kalnischkies@gmail.com> Thu, 24 May 2012 19:40:58 +0200
+ -- Michael Vogt <mvo@debian.org> Mon, 11 Jun 2012 16:21:53 +0200
apt (0.9.5.1) unstable; urgency=low