-apt (0.9.7.7) UNRELEASED; urgency=low
+apt (0.9.11.2) UNRELEASED; urgency=low
+
+ [ Milo Casagrande ]
+ * Update Italian translation. Closes: #721030
+
+ [ Trần Ngọc Quân ]
+ * Update Vietnamese translation. Closes: #720752
+
+ [ Michael Vogt ]
+ * dselect/install:
+ - remove "-f" option for apt-get clean/auto-clean (closes: #720532)
+ * apt-private/private-cmndline.cc:
+ - fix typo in CmdMatches() selection for dselect-upgrade (closes: #720532)
+
+ -- Christian Perrier <bubulle@debian.org> Sun, 25 Aug 2013 15:39:40 +0200
+
+apt (0.9.11.1) unstable; urgency=low
+
+ [ Michael Vogt ]
+ * more coverity fixes:
+ - explicit init
+ - always chdir("/") after chroot()
+ - ftparchive/override.cc: fix "skip empty lines" code, the pointer
+ needs to get de-referenced first
+ * dselect/update:
+ - remove "-f" option for apt-get update to fix breakage (closes: 720532)
+
+ [ Christopher Baines ]
+ * Add test for bug #507998
+
+ [ David Kalnischkies ]
+ * add a breaks libapt-inst for FileFd changes in 0.9.9 (Closes: 720449)
+ * add versions to manpages-it Replaces+Breaks
+
+ [ Ángel Guzmán Maeso ]
+ * apt-pkg:contrib Avoid compiler warning about sign-compare
+
+ -- Michael Vogt <mvo@debian.org> Sat, 24 Aug 2013 09:13:27 +0200
+
+apt (0.9.11) unstable; urgency=low
+
+ [ Daniel Hartwig ]
+ * Clarify units of Acquire::http::Dl-Limit (closes: #705445)
+ * Show a error message if {,dist-}upgrade is used with additional
+ arguments (closes: #705510)
+
+ [ Michael Vogt ]
+ * lp:~mvo/apt/config-clear:
+ - support Configuration.Clear() for a clear of the entire
+ configuration
+ * lp:~mvo/apt/add-glob-function:
+ - add Glob() to fileutl.{cc,h}
+ * feature/apt-binary2
+ - refactor large chunks of cmdline/*.cc into a new libapt-private
+ library that is shared between the internal apt cmdline tools
+ - install libapt-private* into the apt binary
+ - add PACKAGE_MATCHER_ABI_COMPAT define so that this branch can be
+ merged without breaking ABI
+ - add lintian override for no-shlibs-control-file so that
+ the internal libapt-private.so.0.0.0 can be shipped
+ - adjust apt.install.in to only install libapt-private.so.*
+
+ [ David Kalnischkies ]
+ * ensure that pkgTagFile isn't writing past Buffer length (Closes: 719629)
+ * allow Pre-Install-Pkgs hooks to get info over an FD != stdin
+ (Closes: #671726)
+
+ [ Christian PERRIER ]
+ * French translation update.
+
+ -- Michael Vogt <mvo@debian.org> Wed, 21 Aug 2013 17:51:09 +0200
+
+apt (0.9.10) unstable; urgency=low
+
+ The "Hello to Debconf" upload
+
+ [ Christian Perrier ]
+ * Vietnamese translation update. Closes: #718615
+ * Japanese translation update. Closes: #719279
+ * French translation update.
+
+ [ Michael Vogt ]
+ * work on fixing coverity scan results:
+ - fix some off-by-one errors
+ - fix some resource leaks
+ - fixes in chroot() handling
+ - fix some missing va_end()
+ * make the code -Wall clean again
+ * remove duplicated #include<list>
+ * add .travis.yml
+ * use the 'abi-complicance-checker' package and remove the buildin
+ copy for the abi checks
+
+ [ David Kalnischkies ]
+ * ensure that FileFd::Size returns 0 in error cases
+ * add missing Turkish (tr) to po/LINGUAS
+ * correct management-typo in description found by lintian
+ * implement debian/rules build-{arch,indep} as required by policy 3.9.4
+ * reenable automatic parallel build of APT
+ * exclude config.{sub,guess} from source package
+ * update the symbol files to reflect current state
+ * unset LANGUAGE for showing [Y/n] answer hints
+ * fix some unitialized data members
+ * specific pins below 1000 cause downgrades (Closes: 543966)
+ * use pkgTagFile to parse "header" of Release files
+ * fix: --print-uris removes authentication (Closes: 719263)
+ * always use our own trustdb.gpg in apt-key
+ * use a tmpfile for trustdb.gpg in apt-key.
+ Thanks to Andreas Beckmann for the initial patch! (Closes: #687611)
+ * do not double-slash paths in apt-key (Closes: 665411)
+ * make the keyring locations in apt-key configurable
+ * let apt-key del work better with softlink and single key keyrings
+ * do not call 'apt-key update' in apt.postinst
+
+ [ Colin Watson ]
+ * prefer native arch over higher priority for providers (Closes: #718482)
+
+ -- Michael Vogt <mvo@debian.org> Mon, 12 Aug 2013 21:45:07 +0200
+
+apt (0.9.9.4) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * pick up Translation-* even if only compressed available (Closes: 717665)
+ * request absolute URIs from proxies again (0.9.9.3 regession)
+ (Closes: 717891)
+
+ [ Michael vogt ]
+ * fix missing changelog entry for 0.9.9.3 (git-dch issue)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 26 Jul 2013 09:58:17 +0200
+
+apt (0.9.9.3) unstable; urgency=low
+
+ [ Ben Hutchings ]
+ * debian/apt.auto-removal.sh:
+ - do not include debug symbol packages for the kernel in the
+ blacklist (closes: #717616)
+
+ [ Michael Vogt ]
+ * debian/apt.postinst:
+ - run /etc/kernel/postinst.d/apt-auto-removal once on upgrade
+ to ensure that the correct auto-removal list is generated
+ (closes: #717615)
+
+ [ David Kalnischkies ]
+ * skip all Description fields in apt-cache, not just first (Closes: 717254)
+ * fix 'apt-cache search' crash with missing description (Closes: 647590)
+
+ [ Raphael Geissert ]
+ * Do not send a connection: keep-alive, at all
+
+ -- Michael Vogt <mvo@debian.org> Thu, 25 Jul 2013 17:14:58 +0200
+
+apt (0.9.9.2) unstable; urgency=low
+
+ [ Programs translations ]
+ * Vietnamese updated by Tran Ngoc Quan. Closes: #717016
+
+ [ David Kalnischkies ]
+ * fix if-clause to generate hook-info for 'rc' packages (Closes: 717006)
+
+ -- Michael Vogt <mvo@debian.org> Wed, 17 Jul 2013 14:56:34 +0200
+
+apt (0.9.9.1) unstable; urgency=low
+
+ [ Michael Vogt ]
+ * debian/rules:
+ - call dh_clean in clean (closes: #714980)
+ * apt-pkg/packagemanager.cc:
+ - increate APT::pkgPackageManager::MaxLoopCount to 5000
+ * cherry pick debian/apt.auto-removal.sh feature from the
+ ubuntu/master branch
+
+ [ Steve Langasek ]
+ * debian/apt.conf.autoremove: don't include linux-image*,
+ linux-restricted-modules*, and linux-ubuntu-modules* packages in the
+ list to never be autoremoved.
+ * debian/apt.auto-removal.sh, debian/rules, debian/apt.dirs: install new
+ script to /etc/kernel/postinst.d/ which ensures we only automatically
+ keep the currently-running kernel, the being-installed kernel, and the
+ newest kernel, so we don't fill /boot up with an unlimited number of
+ kernels. LP: #923876.
+
+ [ Adam Conrad ]
+ * Fix up two things in debian/apt.auto-removal.sh:
+ - Use exact matches with $-terminated regexes, so we don't get
+ confusion between similarly-named kernel flavours.
+ - Keep linux-backports-modules in sync with installed kernels.
+
+ [ David Kalnischkies ]
+ * Version 3 for DPkg::Pre-Install-Pkgs with MultiArch info (Closes: #712116)
+ * implement arch+= and arch-= for sources.list
+ * prevent MarkInstall of unsynced Multi-Arch:same siblings
+
+ -- Michael Vogt <mvo@debian.org> Thu, 11 Jul 2013 20:44:31 +0200
+
+apt (0.9.9) unstable; urgency=low
+
+ [ Michael Vogt ]
+ * improve debug output for the Debug::pkgProblemResolver and
+ Debug::pkgDepCache::AutoInstall
+ * improve apt-cdrom output when no CD-ROM can be auto-detected
+ * document --no-auto-detect in apt-cdrom
+
+ [ David Kalnischkies ]
+ * build the en manpages in subdirectory doc/en
+ * remove -ldl from cdrom and -lutil from apt-get linkage
+ * rewrite pkgOrderList::DepRemove to stop incorrect immediate setting
+ (Closes: 645713)
+ * prefer Essentials over Removals in ordering score
+ * fix priority sorting by prefering higher in MarkInstall
+ * try all providers in order if uninstallable in MarkInstall
+ * do unpacks before configures in SmartConfigure (Closes: #707578)
+ * fix support for multiple patterns in apt-cache search (Closes: #691453)
+ * set Fail flag in FileFd on all errors consistently
+ * don't explicitly init ExtractTar InFd with invalid fd
+ * OpenDescriptor should autoclose fd always on error (Closes: #704608)
+ * fail in CopyFile if the FileFds have error flag set
+ * ensure state-dir exists before coyping cdrom files
+ * fix file location for configure-index.gz in apt.conf(5) (Closes: #711921)
+ * handle missing "Description" in apt-cache show (Closes: #712435)
+ * try defaults if auto-detection failed in apt-cdrom (Closes: #712433)
+ * support \n and \r\n line endings in ReadMessages
+ * do not redownload unchanged InRelease files
+ * trigger NODATA error for invalid InRelease files (Closes: #712486)
+
+ -- Michael Vogt <mvo@debian.org> Tue, 02 Jul 2013 08:58:33 +0200
+
+apt (0.9.8.2) unstable; urgency=low
+
+ [ Programs translations ]
+ * French translation : typo fix. Closes: #677272
+
+ [ Guillem Jover ]
+ * Update Vcs fields (Closes: #708562)
+
+ [ Michael Vogt ]
+ * buildlib/apti18n.h.in:
+ - fix build failure when building without NLS (closes: #671587)
+
+ [ Gregoire Menuel ]
+ * Fix double free (closes: #711045)
+
+ [ Raphael Geissert ]
+ * Fix crash when the "mirror" method does not find any entry
+ (closes: #699303)
+
+ [ Johan Kiviniemi ]
+ * cmdline/apt-key:
+ - Create new keyrings with mode 0644 instead of 0600.
+ - Accept a nonexistent --keyring file with the adv subcommand as well.
+
+ -- Michael Vogt <mvo@debian.org> Thu, 06 Jun 2013 19:15:14 +0200
+
+apt (0.9.8.1) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - non-inline RunGPGV methods to restore ABI compatibility with previous
+ versions to fix partial upgrades (Closes: #707771)
+
+ [ Michael Vogt ]
+ * moved source to http://git.debian.org/apt/apt.git
+ * updated gbp.conf to match what bzr-buildpackage is doing
+ * remove .bzr-buildpackage/default.conf (superseeded by gbp.conf)
+
+ -- Michael Vogt <mvo@debian.org> Thu, 16 May 2013 14:50:43 +0200
+
+apt (0.9.8) unstable; urgency=low
+
+ [ Ludovico Cavedon ]
+ * properly handle if-modfied-since with libcurl/https
+ (closes: #705648)
+
+ [ Andreas Beckman ]
+ * apt-pkg/algorithms.cc:
+ - Do not propagate negative scores from rdepends. Propagating the absolute
+ value of a negative score may boost obsolete packages and keep them
+ installed instead of installing their successors. (Closes: #699759)
+
+ [ Michael Vogt ]
+ * apt-pkg/sourcelist.cc:
+ - fix segfault when a hostname contains a [, thanks to
+ Tzafrir Cohen (closes: #704653)
+ * debian/control:
+ - replace manpages-it (closes: #704723)
+
+ [ David Kalnischkies ]
+ * various simple changes to fix cppcheck warnings
+ * apt-pkg/pkgcachegen.cc:
+ - do not store the MD5Sum for every description language variant as
+ it will be the same for all so it can be shared to save cache space
+ - handle language tags for descriptions are unique strings to be shared
+ - factor version string creation out of NewDepends, so we can easily reuse
+ version strings e.g. for implicit multi-arch dependencies
+ - equal comparisions are used mostly in same-source relations,
+ so use this to try to reuse some version strings
+ - sort group and package names in the hashtable on insert
+ - share version strings between same versions (of different architectures)
+ to save some space and allow quick comparisions later on
+ * apt-pkg/pkgcache.cc:
+ - assume sorted hashtable entries for groups/packages
+ * apt-pkg/cacheiterators.h:
+ - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
+ * apt-pkg/deb/debversion.cc:
+ - add a string-equal shortcut for equal version comparisions
+
+ [ Marc Deslauriers ]
+ * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
+
+ [ Yaroslav Halchenko ]
+ * Fix English spelling error in a message ('A error'). Unfuzzy
+ translations. Closes: #705087
+
+ [ Programs translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Manpages translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * apt-pkg/contrib/strutl.cc:
+ - include port in shortened URIs (e.g. with apt-cache policy, progress
+ display) thanks to James McCoy (Closes: #154868, #322074)
+ - percent-encode username and password when writing URIs
+ * methods/http.cc:
+ - properly escape IP-literals (e.g. IPv6 address) when building
+ Host headers and URIs (Closes: #620344)
+ * methods/https.cc:
+ - use https_proxy environment variable if present, falling back to
+ http_proxy otherwise
+ - use authentication credentials from proxy URI
+ (Closes: #651640, LP: #1087512)
+ - environment variables do not override an explicit no proxy
+ directive ("DIRECT") in apt.conf
+ - disregard all_proxy environment variable, like other methods
+
+ -- Michael Vogt <mvo@debian.org> Wed, 08 May 2013 18:43:28 +0200
+
+apt (0.9.7.9~exp2) experimental; urgency=low
+
+ [ Programs translations ]
+ * Update all PO files and apt-all.pot
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * cmdline/apt-get.cc:
+ - do not have space between "-a" and option when cross building
+ (closes: #703792)
+ * test/integration/test-apt-get-download:
+ - fix test now that #1098752 is fixed
+ * po/{ca,cs,ru}.po:
+ - fix merge artifact
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+ * apt-pkg/contrib/gpgv.cc:
+ - ExecGPGV is a method which should never return, so mark it as such
+ and fix the inconsistency of returning in error cases
+ - don't close stdout/stderr if it is also the statusfd
+ - if ExecGPGV deals with a clear-signed file it will split this file
+ into data and signatures, pass it to gpgv for verification
+ - add method to open (maybe) clearsigned files transparently
+ * apt-pkg/acquire-item.cc:
+ - keep the last good InRelease file around just as we do it with
+ Release.gpg in case the new one we download isn't good for us
+ * apt-pkg/deb/debmetaindex.cc:
+ - reenable InRelease by default
+ * ftparchive/writer.cc,
+ apt-pkg/deb/debindexfile.cc,
+ apt-pkg/deb/deblistparser.cc:
+ - use OpenMaybeClearSignedFile to be free from detecting and
+ skipping clearsigning metadata in dsc and Release files
+
+ [ Michael Vogt ]
+ * add regression test for CVE-2013-1051
+ * implement GPGSplit() based on the idea from Ansgar Burchardt
+ (many thanks!)
+ * methods/connect.cc:
+ - use Errno() instead of strerror(), thanks to David Kalnischk
+ * doc/apt.conf.5.xml:
+ - document Acquire::ForceIPv{4,6}
+
+ -- Michael Vogt <mvo@debian.org> Wed, 03 Apr 2013 14:19:58 +0200
+
+apt (0.9.7.9~exp1) experimental; urgency=low
+
+ [ Niels Thykier ]
+ * test/libapt/assert.h, test/libapt/run-tests:
+ - exit with status 1 on test failure
+
+ [ Daniel Hartwig ]
+ * test/integration/framework:
+ - continue after test failure but preserve exit status
+
+ [ Programs translation updates ]
+ * Turkish (Mert Dirik). Closes: #703526
+
+ [ Colin Watson ]
+ * methods/connect.cc:
+ - provide useful error message in case of EAI_SYSTEM
+ (closes: #703603)
+
+ [ Michael Vogt ]
+ * add new config options "Acquire::ForceIPv4" and
+ "Acquire::ForceIPv6" to allow focing one or the other
+ (closes: #611891)
+ * lp:~mvo/apt/fix-tagfile-hash:
+ - fix false positives in pkgTagSection.Exists(), thanks to
+ Niels Thykier for the testcase (closes: #703240)
+ - this will require rebuilds of the clients as this used to
+ be a inline function
+
+ -- Michael Vogt <mvo@debian.org> Fri, 22 Mar 2013 21:57:08 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
+
+apt (0.9.7.8~exp2) experimental; urgency=low
+
+ * include two missing patches to really fix bug #696225, thanks to
+ Guillem Jover
+ * ensure sha512 is really used when available, thanks to Tyler Hicks
+ (LP: #1098752)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 19:06:55 +0100
+
+apt (0.9.7.8~exp1) experimental; urgency=low
+
+ [ Manpages translation updates ]
+ * Italian (Beatrice Torracca). Closes: #696601
+
+ [ Programs translation updates ]
+ * Japanese (Kenshi Muto). Closes: #699783
+
+ [ Michael Vogt ]
+ * fix pkgProblemResolver::Scores, thanks to Paul Wise.
+ Closes: #697577
+ * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann
+ for the report. Closes: #696923
+ * apt-pkg/contrib/progress.cc:
+ - Make "..." translatable to fix inconsistencies in the output
+ of e.g. apt-get update. While this adds new translatable strings,
+ not having translations for them will not break anything.
+ Thanks to Guillem Jover. Closes: #696225
+ * debian/apt.cron.daily:
+ - when reading from /dev/urandom, use less entropy and fix a rare
+ bug when the random number chksum is less than 1000.
+ Closes: #695285
+ * methods/https.cc:
+ - reuse connection in https, thanks to Thomas Bushnell, BSG for the
+ patch. LP: #1087543, Closes: #695359
+ - add missing curl_easy_cleanup()
+ * methods/http.cc:
+ - quote spaces in filenames to ensure as the http method is also
+ (potentially) used for non deb,dsc content that may contain
+ spaces, thanks to Daniel Hartwig and Thomas Bushnell
+ (LP: #1086997)
+ - quote plus in filenames to work around a bug in the S3 server
+ (LP: #1003633)
+ * apt-pkg/indexrecords.cc:
+ - support '\r' in the Release file
+
+ [ David Kalnischkies ]
+ * apt-pkg/depcache.cc:
+ - prefer to install packages which have an already installed M-A:same
+ sibling while choosing providers (LP: #1130419)
+
+ -- Michael Vogt <mvo@debian.org> Fri, 01 Mar 2013 14:16:42 +0100
+
+apt (0.9.7.7) unstable; urgency=low
[ Program translation updates ]
* Catalan (Jordi Mallach)
- do not do lock-step configuration for a M-A:same package if it isn't
unpacked yet in SmartConfigure and do not unpack a M-A:same package
again in SmartUnPack if we have already configured it (LP: #1062503)
+ * apt-pkg/depcache.cc:
+ - don't call MarkInstall with the FromUser flag set for packages
+ which are dependencies of APT::Never-MarkAuto-Sections matchers
+ - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk
+ * cmdline/apt-get.cc:
+ - do not call Mark{Install,Delete} from the autoremove code with
+ the FromUser bit set to avoid modifying the auto-installed bit
+ * apt-pkg/algorithms.cc:
+ - ensure pkgProblemResolver calls MarkDelete without FromUser set
+ so that it can't overrule holds and the protection flag
+
+ [ Michael Vogt ]
+ * change permissions of /var/log/apt/term.log to 0640 (LP: #975199)
+
+ [ Jonathan Thomas ]
+ * apt-pkg/algorithms.cc:
+ - fix package-pointer array memory leak in ResolveByKeepInternal()
- -- Jordi Mallach <jordi@debian.org> Thu, 18 Oct 2012 23:30:46 +0200
+ -- Michael Vogt <mvo@debian.org> Thu, 13 Dec 2012 09:52:19 +0100
apt (0.9.7.6) unstable; urgency=low