X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/0425a56bf14c2411534326a0d3410a512c5ddeaa..ba6913111f2ae62ad8066d61240fc43df6b3fb88:/debian/changelog diff --git a/debian/changelog b/debian/changelog index e308eb02c..59f01c5d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,15 +1,98 @@ -apt (0.9.7.8) UNRELEASED; urgency=low +apt (0.9.7.8) unstable; urgency=criticial + + * SECURITY UPDATE: InRelease verification bypass + - CVE-2013-1051 + + [ David Kalnischk ] + * apt-pkg/deb/debmetaindex.cc, + test/integration/test-bug-595691-empty-and-broken-archive-files, + test/integration/test-releasefile-verification: + - disable InRelease downloading until the verification issue is + fixed, thanks to Ansgar Burchardt for finding the flaw + + -- Michael Vogt Thu, 14 Mar 2013 07:47:36 +0100 + +apt (0.9.7.8~exp3) UNRELEASEDexperimental; urgency=low + + [ Niels Thykier ] + * test/libapt/assert.h, test/libapt/run-tests: + - exit with status 1 on test failure + + [ Daniel Hartwig ] + * test/integration/framework: + - continue after test failure but preserve exit status + + [ Programs translation updates ] + * Turkish (Mert Dirik). Closes: #703526 + + [ Colin Watson ] + * methods/connect.cc: + - provide useful error message in case of EAI_SYSTEM + (closes: #703603) + + [ Michael Vogt ] + * add new config options "Acquire::ForceIPv4" and + "Acquire::ForceIPv6" to allow focing one or the other + (closes: #611891) + * lp:~mvo/apt/fix-tagfile-hash: + - fix false positives in pkgTagSection.Exists(), thanks to + Niels Thykier for the testcase (closes: #703240) + - this will require rebuilds of the clients as this used to + be a inline function + + -- Michael Vogt Sun, 17 Mar 2013 19:46:23 +0100 + +apt (0.9.7.8~exp2) experimental; urgency=low + + * include two missing patches to really fix bug #696225, thanks to + Guillem Jover + * ensure sha512 is really used when available, thanks to Tyler Hicks + (LP: #1098752) + + -- Michael Vogt Fri, 01 Mar 2013 19:06:55 +0100 + +apt (0.9.7.8~exp1) experimental; urgency=low [ Manpages translation updates ] * Italian (Beatrice Torracca). Closes: #696601 + [ Programs translation updates ] + * Japanese (Kenshi Muto). Closes: #699783 + [ Michael Vogt ] * fix pkgProblemResolver::Scores, thanks to Paul Wise. Closes: #697577 - * add missing translated apt.8 manpages, thanks to Helge Kreutzmann. - Closes: #696923 + * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann + for the report. Closes: #696923 + * apt-pkg/contrib/progress.cc: + - Make "..." translatable to fix inconsistencies in the output + of e.g. apt-get update. While this adds new translatable strings, + not having translations for them will not break anything. + Thanks to Guillem Jover. Closes: #696225 + * debian/apt.cron.daily: + - when reading from /dev/urandom, use less entropy and fix a rare + bug when the random number chksum is less than 1000. + Closes: #695285 + * methods/https.cc: + - reuse connection in https, thanks to Thomas Bushnell, BSG for the + patch. LP: #1087543, Closes: #695359 + - add missing curl_easy_cleanup() + * methods/http.cc: + - quote spaces in filenames to ensure as the http method is also + (potentially) used for non deb,dsc content that may contain + spaces, thanks to Daniel Hartwig and Thomas Bushnell + (LP: #1086997) + - quote plus in filenames to work around a bug in the S3 server + (LP: #1003633) + * apt-pkg/indexrecords.cc: + - support '\r' in the Release file + + [ David Kalnischkies ] + * apt-pkg/depcache.cc: + - prefer to install packages which have an already installed M-A:same + sibling while choosing providers (LP: #1130419) - -- Christian Perrier Mon, 24 Dec 2012 07:01:20 +0100 + -- Michael Vogt Fri, 01 Mar 2013 14:16:42 +0100 apt (0.9.7.7) unstable; urgency=low