-apt (0.9.7.5) UNRELEASED; urgency=low
+apt (0.9.10~exp1) UNRELEASED; urgency=low
+
+ [ Daniel Hartwig ]
+ * Clarify units of Acquire::http::Dl-Limit (closes: #705445)
+ * Show a error message if {,dist-}upgrade is used with additional
+ arguments (closes: #705510)
+
+ [ Michael Vogt ]
+ * lp:~mvo/apt/webserver-simulate-broken-with-fix346386:
+ - fix invalid InRelease file download checking and add regression
+ test to server broken files to the buildin test webserver
+ * stop exporting the accidently exported parsenetrc() symbol
+ * lp:~mvo/apt/add-glob-function:
+ - add Glob() to fileutl.{cc,h}
+ * lp:~mvo/apt/config-clear:
+ - support Configuration.Clear() for a clear of the entire
+ configuration
+ * apt-pkg/deb/dpkgpm.cc:
+ - use tcgetattr() on STDOUT instead of STDIN so that term.log
+ works for redirected stdin
+ - print error in log if tcgetattr() fails instead of writing
+ a empty file
+ * use sha512 when available (LP: #1098752)
+ * [ABI-Break] lp:~mvo/apt/source-hashes:
+ - use sha{512,256,1} for deb-src when available LP: #1098738
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 12:12:39 +0100
+
+apt (0.9.10) unstable; urgency=low
+
+ The "Hello to Debconf" upload
+
+ [ Christian Perrier ]
+ * Vietnamese translation update. Closes: #718615
+ * Japanese translation update. Closes: #719279
+
+ [ Michael Vogt ]
+ * work on fixing coverity scan results:
+ - fix some off-by-one errors
+ - fix some resource leaks
+ - fixes in chroot() handling
+ - fix some missing va_end()
+ * make the code -Wall clean again
+ * remove duplicated #include<list>
+ * add .travis.yml
+ * use the 'abi-complicance-checker' package and remove the buildin
+ copy for the abi checks
+
+ [ David Kalnischkies ]
+ * ensure that FileFd::Size returns 0 in error cases
+ * add missing Turkish (tr) to po/LINGUAS
+ * correct management-typo in description found by lintian
+ * implement debian/rules build-{arch,indep} as required by policy 3.9.4
+ * reenable automatic parallel build of APT
+ * exclude config.{sub,guess} from source package
+ * update the symbol files to reflect current state
+ * unset LANGUAGE for showing [Y/n] answer hints
+ * fix some unitialized data members
+ * specific pins below 1000 cause downgrades (Closes: 543966)
+ * use pkgTagFile to parse "header" of Release files
+ * fix: --print-uris removes authentication (Closes: 719263)
+ * always use our own trustdb.gpg in apt-key
+ * use a tmpfile for trustdb.gpg in apt-key.
+ Thanks to Andreas Beckmann for the initial patch! (Closes: #687611)
+ * do not double-slash paths in apt-key (Closes: 665411)
+ * make the keyring locations in apt-key configurable
+ * let apt-key del work better with softlink and single key keyrings
+ * do not call 'apt-key update' in apt.postinst
+
+ [ Colin Watson ]
+ * prefer native arch over higher priority for providers (Closes: #718482)
+
+ -- Michael Vogt <mvo@debian.org> Mon, 12 Aug 2013 21:45:07 +0200
+
+apt (0.9.9.4) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * pick up Translation-* even if only compressed available (Closes: 717665)
+ * request absolute URIs from proxies again (0.9.9.3 regession)
+ (Closes: 717891)
+
+ [ Michael vogt ]
+ * fix missing changelog entry for 0.9.9.3 (git-dch issue)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 26 Jul 2013 09:58:17 +0200
+
+apt (0.9.9.3) unstable; urgency=low
+
+ [ Ben Hutchings ]
+ * debian/apt.auto-removal.sh:
+ - do not include debug symbol packages for the kernel in the
+ blacklist (closes: #717616)
+
+ [ Michael Vogt ]
+ * debian/apt.postinst:
+ - run /etc/kernel/postinst.d/apt-auto-removal once on upgrade
+ to ensure that the correct auto-removal list is generated
+ (closes: #717615)
+
+ [ David Kalnischkies ]
+ * skip all Description fields in apt-cache, not just first (Closes: 717254)
+ * fix 'apt-cache search' crash with missing description (Closes: 647590)
+
+ [ Raphael Geissert ]
+ * Do not send a connection: keep-alive, at all
+
+ -- Michael Vogt <mvo@debian.org> Thu, 25 Jul 2013 17:14:58 +0200
+
+apt (0.9.9.2) unstable; urgency=low
+
+ [ Programs translations ]
+ * Vietnamese updated by Tran Ngoc Quan. Closes: #717016
+
+ [ David Kalnischkies ]
+ * fix if-clause to generate hook-info for 'rc' packages (Closes: 717006)
+
+ -- Michael Vogt <mvo@debian.org> Wed, 17 Jul 2013 14:56:34 +0200
+
+apt (0.9.9.1) unstable; urgency=low
+
+ [ Michael Vogt ]
+ * debian/rules:
+ - call dh_clean in clean (closes: #714980)
+ * apt-pkg/packagemanager.cc:
+ - increate APT::pkgPackageManager::MaxLoopCount to 5000
+ * cherry pick debian/apt.auto-removal.sh feature from the
+ ubuntu/master branch
+
+ [ Steve Langasek ]
+ * debian/apt.conf.autoremove: don't include linux-image*,
+ linux-restricted-modules*, and linux-ubuntu-modules* packages in the
+ list to never be autoremoved.
+ * debian/apt.auto-removal.sh, debian/rules, debian/apt.dirs: install new
+ script to /etc/kernel/postinst.d/ which ensures we only automatically
+ keep the currently-running kernel, the being-installed kernel, and the
+ newest kernel, so we don't fill /boot up with an unlimited number of
+ kernels. LP: #923876.
+
+ [ Adam Conrad ]
+ * Fix up two things in debian/apt.auto-removal.sh:
+ - Use exact matches with $-terminated regexes, so we don't get
+ confusion between similarly-named kernel flavours.
+ - Keep linux-backports-modules in sync with installed kernels.
+
+ [ David Kalnischkies ]
+ * Version 3 for DPkg::Pre-Install-Pkgs with MultiArch info (Closes: #712116)
+ * implement arch+= and arch-= for sources.list
+ * prevent MarkInstall of unsynced Multi-Arch:same siblings
+
+ -- Michael Vogt <mvo@debian.org> Thu, 11 Jul 2013 20:44:31 +0200
+
+apt (0.9.9) unstable; urgency=low
+
+ [ Michael Vogt ]
+ * improve debug output for the Debug::pkgProblemResolver and
+ Debug::pkgDepCache::AutoInstall
+ * improve apt-cdrom output when no CD-ROM can be auto-detected
+ * document --no-auto-detect in apt-cdrom
+
+ [ David Kalnischkies ]
+ * build the en manpages in subdirectory doc/en
+ * remove -ldl from cdrom and -lutil from apt-get linkage
+ * rewrite pkgOrderList::DepRemove to stop incorrect immediate setting
+ (Closes: 645713)
+ * prefer Essentials over Removals in ordering score
+ * fix priority sorting by prefering higher in MarkInstall
+ * try all providers in order if uninstallable in MarkInstall
+ * do unpacks before configures in SmartConfigure (Closes: #707578)
+ * fix support for multiple patterns in apt-cache search (Closes: #691453)
+ * set Fail flag in FileFd on all errors consistently
+ * don't explicitly init ExtractTar InFd with invalid fd
+ * OpenDescriptor should autoclose fd always on error (Closes: #704608)
+ * fail in CopyFile if the FileFds have error flag set
+ * ensure state-dir exists before coyping cdrom files
+ * fix file location for configure-index.gz in apt.conf(5) (Closes: #711921)
+ * handle missing "Description" in apt-cache show (Closes: #712435)
+ * try defaults if auto-detection failed in apt-cdrom (Closes: #712433)
+ * support \n and \r\n line endings in ReadMessages
+ * do not redownload unchanged InRelease files
+ * trigger NODATA error for invalid InRelease files (Closes: #712486)
+
+ -- Michael Vogt <mvo@debian.org> Tue, 02 Jul 2013 08:58:33 +0200
+
+apt (0.9.8.2) unstable; urgency=low
+
+ [ Programs translations ]
+ * French translation : typo fix. Closes: #677272
+
+ [ Guillem Jover ]
+ * Update Vcs fields (Closes: #708562)
+
+ [ Michael Vogt ]
+ * buildlib/apti18n.h.in:
+ - fix build failure when building without NLS (closes: #671587)
+
+ [ Gregoire Menuel ]
+ * Fix double free (closes: #711045)
+
+ [ Raphael Geissert ]
+ * Fix crash when the "mirror" method does not find any entry
+ (closes: #699303)
+
+ [ Johan Kiviniemi ]
+ * cmdline/apt-key:
+ - Create new keyrings with mode 0644 instead of 0600.
+ - Accept a nonexistent --keyring file with the adv subcommand as well.
+
+ -- Michael Vogt <mvo@debian.org> Thu, 06 Jun 2013 19:15:14 +0200
+
+apt (0.9.8.1) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - non-inline RunGPGV methods to restore ABI compatibility with previous
+ versions to fix partial upgrades (Closes: #707771)
+
+ [ Michael Vogt ]
+ * moved source to http://git.debian.org/apt/apt.git
+ * updated gbp.conf to match what bzr-buildpackage is doing
+ * remove .bzr-buildpackage/default.conf (superseeded by gbp.conf)
+
+ -- Michael Vogt <mvo@debian.org> Thu, 16 May 2013 14:50:43 +0200
+
+apt (0.9.8) unstable; urgency=low
+
+ [ Ludovico Cavedon ]
+ * properly handle if-modfied-since with libcurl/https
+ (closes: #705648)
+
+ [ Andreas Beckman ]
+ * apt-pkg/algorithms.cc:
+ - Do not propagate negative scores from rdepends. Propagating the absolute
+ value of a negative score may boost obsolete packages and keep them
+ installed instead of installing their successors. (Closes: #699759)
+
+ [ Michael Vogt ]
+ * apt-pkg/sourcelist.cc:
+ - fix segfault when a hostname contains a [, thanks to
+ Tzafrir Cohen (closes: #704653)
+ * debian/control:
+ - replace manpages-it (closes: #704723)
+
+ [ David Kalnischkies ]
+ * various simple changes to fix cppcheck warnings
+ * apt-pkg/pkgcachegen.cc:
+ - do not store the MD5Sum for every description language variant as
+ it will be the same for all so it can be shared to save cache space
+ - handle language tags for descriptions are unique strings to be shared
+ - factor version string creation out of NewDepends, so we can easily reuse
+ version strings e.g. for implicit multi-arch dependencies
+ - equal comparisions are used mostly in same-source relations,
+ so use this to try to reuse some version strings
+ - sort group and package names in the hashtable on insert
+ - share version strings between same versions (of different architectures)
+ to save some space and allow quick comparisions later on
+ * apt-pkg/pkgcache.cc:
+ - assume sorted hashtable entries for groups/packages
+ * apt-pkg/cacheiterators.h:
+ - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
+ * apt-pkg/deb/debversion.cc:
+ - add a string-equal shortcut for equal version comparisions
+
+ [ Marc Deslauriers ]
+ * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
+
+ [ Yaroslav Halchenko ]
+ * Fix English spelling error in a message ('A error'). Unfuzzy
+ translations. Closes: #705087
+
+ [ Programs translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Manpages translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * apt-pkg/contrib/strutl.cc:
+ - include port in shortened URIs (e.g. with apt-cache policy, progress
+ display) thanks to James McCoy (Closes: #154868, #322074)
+ - percent-encode username and password when writing URIs
+ * methods/http.cc:
+ - properly escape IP-literals (e.g. IPv6 address) when building
+ Host headers and URIs (Closes: #620344)
+ * methods/https.cc:
+ - use https_proxy environment variable if present, falling back to
+ http_proxy otherwise
+ - use authentication credentials from proxy URI
+ (Closes: #651640, LP: #1087512)
+ - environment variables do not override an explicit no proxy
+ directive ("DIRECT") in apt.conf
+ - disregard all_proxy environment variable, like other methods
+
+ -- Michael Vogt <mvo@debian.org> Wed, 08 May 2013 18:43:28 +0200
+
+apt (0.9.7.9~exp2) experimental; urgency=low
+
+ [ Programs translations ]
+ * Update all PO files and apt-all.pot
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * cmdline/apt-get.cc:
+ - do not have space between "-a" and option when cross building
+ (closes: #703792)
+ * test/integration/test-apt-get-download:
+ - fix test now that #1098752 is fixed
+ * po/{ca,cs,ru}.po:
+ - fix merge artifact
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+ * apt-pkg/contrib/gpgv.cc:
+ - ExecGPGV is a method which should never return, so mark it as such
+ and fix the inconsistency of returning in error cases
+ - don't close stdout/stderr if it is also the statusfd
+ - if ExecGPGV deals with a clear-signed file it will split this file
+ into data and signatures, pass it to gpgv for verification
+ - add method to open (maybe) clearsigned files transparently
+ * apt-pkg/acquire-item.cc:
+ - keep the last good InRelease file around just as we do it with
+ Release.gpg in case the new one we download isn't good for us
+ * apt-pkg/deb/debmetaindex.cc:
+ - reenable InRelease by default
+ * ftparchive/writer.cc,
+ apt-pkg/deb/debindexfile.cc,
+ apt-pkg/deb/deblistparser.cc:
+ - use OpenMaybeClearSignedFile to be free from detecting and
+ skipping clearsigning metadata in dsc and Release files
+
+ [ Michael Vogt ]
+ * add regression test for CVE-2013-1051
+ * implement GPGSplit() based on the idea from Ansgar Burchardt
+ (many thanks!)
+ * methods/connect.cc:
+ - use Errno() instead of strerror(), thanks to David Kalnischk
+ * doc/apt.conf.5.xml:
+ - document Acquire::ForceIPv{4,6}
+
+ -- Michael Vogt <mvo@debian.org> Wed, 03 Apr 2013 14:19:58 +0200
+
+apt (0.9.7.9~exp1) experimental; urgency=low
+
+ [ Niels Thykier ]
+ * test/libapt/assert.h, test/libapt/run-tests:
+ - exit with status 1 on test failure
+
+ [ Daniel Hartwig ]
+ * test/integration/framework:
+ - continue after test failure but preserve exit status
+
+ [ Programs translation updates ]
+ * Turkish (Mert Dirik). Closes: #703526
+
+ [ Colin Watson ]
+ * methods/connect.cc:
+ - provide useful error message in case of EAI_SYSTEM
+ (closes: #703603)
+
+ [ Michael Vogt ]
+ * add new config options "Acquire::ForceIPv4" and
+ "Acquire::ForceIPv6" to allow focing one or the other
+ (closes: #611891)
+ * lp:~mvo/apt/fix-tagfile-hash:
+ - fix false positives in pkgTagSection.Exists(), thanks to
+ Niels Thykier for the testcase (closes: #703240)
+ - this will require rebuilds of the clients as this used to
+ be a inline function
+
+ -- Michael Vogt <mvo@debian.org> Fri, 22 Mar 2013 21:57:08 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ Programs translation updates ]
+ * Japanese (Kenshi Muto). Closes: #699783
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ * [ABI BREAK] apt-pkg/pkgcache.h:
+ - adjust pkgCache::State::VerPriority enum, to match reality
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+ - quote plus in filenames to work around a bug in the S3 server
+ (LP: #1003633)
+ * apt-pkg/indexrecords.cc:
+ - support '\r' in the Release file
+
+ -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
+
+apt (0.9.7.8~exp2) experimental; urgency=low
+
+ * include two missing patches to really fix bug #696225, thanks to
+ Guillem Jover
+ * ensure sha512 is really used when available, thanks to Tyler Hicks
+ (LP: #1098752)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 19:06:55 +0100
+
+apt (0.9.7.8~exp1) experimental; urgency=low
+
+ [ Manpages translation updates ]
+ * Italian (Beatrice Torracca). Closes: #696601
+
+ [ Programs translation updates ]
+ * Japanese (Kenshi Muto). Closes: #699783
+
+ [ Michael Vogt ]
+ * fix pkgProblemResolver::Scores, thanks to Paul Wise.
+ Closes: #697577
+ * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann
+ for the report. Closes: #696923
+ * apt-pkg/contrib/progress.cc:
+ - Make "..." translatable to fix inconsistencies in the output
+ of e.g. apt-get update. While this adds new translatable strings,
+ not having translations for them will not break anything.
+ Thanks to Guillem Jover. Closes: #696225
+ * debian/apt.cron.daily:
+ - when reading from /dev/urandom, use less entropy and fix a rare
+ bug when the random number chksum is less than 1000.
+ Closes: #695285
+ * methods/https.cc:
+ - reuse connection in https, thanks to Thomas Bushnell, BSG for the
+ patch. LP: #1087543, Closes: #695359
+ - add missing curl_easy_cleanup()
+ * methods/http.cc:
+ - quote spaces in filenames to ensure as the http method is also
+ (potentially) used for non deb,dsc content that may contain
+ spaces, thanks to Daniel Hartwig and Thomas Bushnell
+ (LP: #1086997)
+ - quote plus in filenames to work around a bug in the S3 server
+ (LP: #1003633)
+ * apt-pkg/indexrecords.cc:
+ - support '\r' in the Release file
+
+ [ David Kalnischkies ]
+ * apt-pkg/depcache.cc:
+ - prefer to install packages which have an already installed M-A:same
+ sibling while choosing providers (LP: #1130419)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 14:16:42 +0100
+
+apt (0.9.7.7) unstable; urgency=low
+
+ [ Program translation updates ]
+ * Catalan (Jordi Mallach)
+ * Drop a confusing non-breaking space. Closes: #691024
+ * Thai (Theppitak Karoonboonyanan). Closes: #691613
+ * Vietnamese (Trần Ngọc Quân). Closes: #693773
+ * Fix Plural forms in German, French, Japanese and Portuguese
+ translations. Thanks to Jakub Wilk for reporting these errors.
+
+ [ David Kalnischkies ]
+ * apt-pkg/packagemanager.cc:
+ - do not do lock-step configuration for a M-A:same package if it isn't
+ unpacked yet in SmartConfigure and do not unpack a M-A:same package
+ again in SmartUnPack if we have already configured it (LP: #1062503)
+ * apt-pkg/depcache.cc:
+ - don't call MarkInstall with the FromUser flag set for packages
+ which are dependencies of APT::Never-MarkAuto-Sections matchers
+ - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk
+ * cmdline/apt-get.cc:
+ - do not call Mark{Install,Delete} from the autoremove code with
+ the FromUser bit set to avoid modifying the auto-installed bit
+ * apt-pkg/algorithms.cc:
+ - ensure pkgProblemResolver calls MarkDelete without FromUser set
+ so that it can't overrule holds and the protection flag
+
+ [ Michael Vogt ]
+ * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
+
+ [ Jonathan Thomas ]
+ * apt-pkg/algorithms.cc:
+ - fix package-pointer array memory leak in ResolveByKeepInternal()
+
+ -- Michael Vogt <mvo@debian.org> Thu, 13 Dec 2012 09:52:19 +0100
+
+apt (0.9.7.6) unstable; urgency=low
+
+ [ Program translation updates ]
+ * Ukrainian (A. Bondarenko)
+
+ [ David Kalnischkies ]
+ * apt-pkg/pkgcachegen.cc:
+ - ensure that dependencies for packages:none are always generated
+ - add 2 missing remap registrations causing a segfault in case
+ we use the not remapped iterators after a move of the mmap again
+ - write the native architecture as unique string into the cache header
+ as it is used for arch:all packages as a map to arch:native.
+ Otherwise arch comparisons later will see differences (Closes: #689323)
+ * apt-pkg/pkgcache.cc:
+ - ignore negative dependencies applying in the same group for M-A:same
+ packages on the real package name as self-conflicts (Closes: #688863)
+ * cmdline/apt-cache.cc:
+ - print versioned dependency relations in (r)depends if the option
+ APT::Cache::ShowVersion is true (default: false) as discussed in
+ #218995 to help debian-cd fixing #687949. Thanks to Sam Lidder
+ for initial patch and Steve McIntyre for nagging and testing!
+ * apt-pkg/edsp.cc:
+ - include reinstall requests and already installed (= protected) packages
+ in the install-request for external resolvers (Closes: #689331)
+ * apt-pkg/policy.cc:
+ - match pins with(out) an architecture as we do on the commandline
+ (partly fixing #687255, b= support has to wait for jessie)
+ * apt-pkg/contrib/netrc.cc:
+ - remove the 64 char limit for login/password in internal usage
+ - remove 256 char line limit by using getline() (POSIX.1-2008)
+
+ [ Colin Watson ]
+ * apt-pkg/pkgcachegen.cc:
+ - Fix crash if the cache is remapped while writing a Provides version
+ (LP: #1066445).
+
+ -- Michael Vogt <mvo@debian.org> Tue, 16 Oct 2012 18:08:53 +0200
+
+apt (0.9.7.5) unstable; urgency=low
[ Manpages translation updates ]
* Japanese (KURASAWA Nozomu) (Closes: #684435)
* Portuguese (Américo Monteiro) (Closes: #686975)
[ David Kalnischkies ]
+ * handle packages without a mandatory architecture (debian-policy §5.3)
+ by introducing a pseudo-architecture 'none' so that the small group of
+ users with these packages can get right of them without introducing too
+ much hassle for other users (Closes: #686346)
* apt-pkg/cdrom.cc:
- copy only configured translation files from a CD-ROM and not all
available translation files preventing new installs with d-i from
- do not warn about files which have a record in the Release file, but
are not present on the CD to mirror the behavior of the other methods
and to allow uncompressed indexes to be dropped without scaring users
+ * apt-pkg/pkgcachegen.cc:
+ - do not create 'native' (or now 'none') package structures as a side
+ effect of description translation parsing as it pollutes the cache
- -- David Kalnischkies <kalnischkies@gmail.com> Sun, 26 Aug 2012 10:49:17 +0200
+ -- Michael Vogt <mvo@debian.org> Tue, 11 Sep 2012 15:56:44 +0200
apt (0.9.7.4) unstable; urgency=low