-apt (0.9.7.8) unstable; urgency=criticial
+apt (0.9.8.2) UNRELEASED; urgency=low
- * SECURITY UPDATE: InRelease verification bypass
- - CVE-2013-1051
+ [ Programs translations ]
+ * French translation : typo fix. Closes: #677272
+
+ [ Guillem Jover ]
+ * Update Vcs fields (Closes: #708562)
- [ David Kalnischk ]
- * apt-pkg/deb/debmetaindex.cc,
- test/integration/test-bug-595691-empty-and-broken-archive-files,
- test/integration/test-releasefile-verification:
- - disable InRelease downloading until the verification issue is
- fixed, thanks to Ansgar Burchardt for finding the flaw
+ [ Michael Vogt ]
+ * buildlib/apti18n.h.in:
+ - fix build failure when building without NLS (closes: #671587)
- -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
+ -- Christian Perrier <bubulle@debian.org> Thu, 16 May 2013 22:28:22 +0200
+
+apt (0.9.8.1) unstable; urgency=low
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - non-inline RunGPGV methods to restore ABI compatibility with previous
+ versions to fix partial upgrades (Closes: #707771)
+
+ [ Michael Vogt ]
+ * moved source to http://git.debian.org/apt/apt.git
+ * updated gbp.conf to match what bzr-buildpackage is doing
+ * remove .bzr-buildpackage/default.conf (superseeded by gbp.conf)
+
+ -- Michael Vogt <mvo@debian.org> Thu, 16 May 2013 14:50:43 +0200
+
+apt (0.9.8) unstable; urgency=low
+
+ [ Ludovico Cavedon ]
+ * properly handle if-modfied-since with libcurl/https
+ (closes: #705648)
+
+ [ Andreas Beckman ]
+ * apt-pkg/algorithms.cc:
+ - Do not propagate negative scores from rdepends. Propagating the absolute
+ value of a negative score may boost obsolete packages and keep them
+ installed instead of installing their successors. (Closes: #699759)
+
+ [ Michael Vogt ]
+ * apt-pkg/sourcelist.cc:
+ - fix segfault when a hostname contains a [, thanks to
+ Tzafrir Cohen (closes: #704653)
+ * debian/control:
+ - replace manpages-it (closes: #704723)
+
+ [ David Kalnischkies ]
+ * various simple changes to fix cppcheck warnings
+ * apt-pkg/pkgcachegen.cc:
+ - do not store the MD5Sum for every description language variant as
+ it will be the same for all so it can be shared to save cache space
+ - handle language tags for descriptions are unique strings to be shared
+ - factor version string creation out of NewDepends, so we can easily reuse
+ version strings e.g. for implicit multi-arch dependencies
+ - equal comparisions are used mostly in same-source relations,
+ so use this to try to reuse some version strings
+ - sort group and package names in the hashtable on insert
+ - share version strings between same versions (of different architectures)
+ to save some space and allow quick comparisions later on
+ * apt-pkg/pkgcache.cc:
+ - assume sorted hashtable entries for groups/packages
+ * apt-pkg/cacheiterators.h:
+ - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
+ * apt-pkg/deb/debversion.cc:
+ - add a string-equal shortcut for equal version comparisions
+
+ [ Marc Deslauriers ]
+ * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
+
+ [ Yaroslav Halchenko ]
+ * Fix English spelling error in a message ('A error'). Unfuzzy
+ translations. Closes: #705087
+
+ [ Programs translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Manpages translations ]
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * apt-pkg/contrib/strutl.cc:
+ - include port in shortened URIs (e.g. with apt-cache policy, progress
+ display) thanks to James McCoy (Closes: #154868, #322074)
+ - percent-encode username and password when writing URIs
+ * methods/http.cc:
+ - properly escape IP-literals (e.g. IPv6 address) when building
+ Host headers and URIs (Closes: #620344)
+ * methods/https.cc:
+ - use https_proxy environment variable if present, falling back to
+ http_proxy otherwise
+ - use authentication credentials from proxy URI
+ (Closes: #651640, LP: #1087512)
+ - environment variables do not override an explicit no proxy
+ directive ("DIRECT") in apt.conf
+ - disregard all_proxy environment variable, like other methods
+
+ -- Michael Vogt <mvo@debian.org> Wed, 08 May 2013 18:43:28 +0200
+
+apt (0.9.7.9~exp2) experimental; urgency=low
+
+ [ Programs translations ]
+ * Update all PO files and apt-all.pot
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * cmdline/apt-get.cc:
+ - do not have space between "-a" and option when cross building
+ (closes: #703792)
+ * test/integration/test-apt-get-download:
+ - fix test now that #1098752 is fixed
+ * po/{ca,cs,ru}.po:
+ - fix merge artifact
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+ * apt-pkg/contrib/gpgv.cc:
+ - ExecGPGV is a method which should never return, so mark it as such
+ and fix the inconsistency of returning in error cases
+ - don't close stdout/stderr if it is also the statusfd
+ - if ExecGPGV deals with a clear-signed file it will split this file
+ into data and signatures, pass it to gpgv for verification
+ - add method to open (maybe) clearsigned files transparently
+ * apt-pkg/acquire-item.cc:
+ - keep the last good InRelease file around just as we do it with
+ Release.gpg in case the new one we download isn't good for us
+ * apt-pkg/deb/debmetaindex.cc:
+ - reenable InRelease by default
+ * ftparchive/writer.cc,
+ apt-pkg/deb/debindexfile.cc,
+ apt-pkg/deb/deblistparser.cc:
+ - use OpenMaybeClearSignedFile to be free from detecting and
+ skipping clearsigning metadata in dsc and Release files
-apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low
+ [ Michael Vogt ]
+ * add regression test for CVE-2013-1051
+ * implement GPGSplit() based on the idea from Ansgar Burchardt
+ (many thanks!)
+ * methods/connect.cc:
+ - use Errno() instead of strerror(), thanks to David Kalnischk
+ * doc/apt.conf.5.xml:
+ - document Acquire::ForceIPv{4,6}
+
+ -- Michael Vogt <mvo@debian.org> Wed, 03 Apr 2013 14:19:58 +0200
+
+apt (0.9.7.9~exp1) experimental; urgency=low
[ Niels Thykier ]
* test/libapt/assert.h, test/libapt/run-tests:
- this will require rebuilds of the clients as this used to
be a inline function
- -- Michael Vogt <mvo@debian.org> Sun, 17 Mar 2013 19:46:23 +0100
+ -- Michael Vogt <mvo@debian.org> Fri, 22 Mar 2013 21:57:08 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
apt (0.9.7.8~exp2) experimental; urgency=low