X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/3663572002ef82c146c125afea8942fe842f25c4..b57220d815aedbc023847d0885e08c6ed50e629a:/debian/changelog diff --git a/debian/changelog b/debian/changelog index e62f0b681..87fe0bb04 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,240 @@ -apt (0.9.7.5) UNRELEASED; urgency=low +apt (0.9.7.9~exp3) UNRELEASED; urgency=low + + * apt-pkg/sourcelist.cc: + - fix segfault when a hostname contains a [, thanks to + Tzafrir Cohen (closes: #704653) + * debian/control: + - replace manpages-it (closes: #704723) + + -- Michael Vogt Thu, 04 Apr 2013 18:21:06 +0200 + +apt (0.9.7.9~exp2) experimental; urgency=low + + [ Programs translations ] + * Update all PO files and apt-all.pot + * French translation completed (Christian Perrier) + + [ Daniel Hartwig ] + * cmdline/apt-get.cc: + - do not have space between "-a" and option when cross building + (closes: #703792) + * test/integration/test-apt-get-download: + - fix test now that #1098752 is fixed + * po/{ca,cs,ru}.po: + - fix merge artifact + + [ David Kalnischkies ] + * apt-pkg/indexcopy.cc: + - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc + * apt-pkg/contrib/gpgv.cc: + - ExecGPGV is a method which should never return, so mark it as such + and fix the inconsistency of returning in error cases + - don't close stdout/stderr if it is also the statusfd + - if ExecGPGV deals with a clear-signed file it will split this file + into data and signatures, pass it to gpgv for verification + - add method to open (maybe) clearsigned files transparently + * apt-pkg/acquire-item.cc: + - keep the last good InRelease file around just as we do it with + Release.gpg in case the new one we download isn't good for us + * apt-pkg/deb/debmetaindex.cc: + - reenable InRelease by default + * ftparchive/writer.cc, + apt-pkg/deb/debindexfile.cc, + apt-pkg/deb/deblistparser.cc: + - use OpenMaybeClearSignedFile to be free from detecting and + skipping clearsigning metadata in dsc and Release files + + [ Michael Vogt ] + * add regression test for CVE-2013-1051 + * implement GPGSplit() based on the idea from Ansgar Burchardt + (many thanks!) + * methods/connect.cc: + - use Errno() instead of strerror(), thanks to David Kalnischk + * doc/apt.conf.5.xml: + - document Acquire::ForceIPv{4,6} + + -- Michael Vogt Wed, 03 Apr 2013 14:19:58 +0200 + +apt (0.9.7.9~exp1) experimental; urgency=low + + [ Niels Thykier ] + * test/libapt/assert.h, test/libapt/run-tests: + - exit with status 1 on test failure + + [ Daniel Hartwig ] + * test/integration/framework: + - continue after test failure but preserve exit status + + [ Programs translation updates ] + * Turkish (Mert Dirik). Closes: #703526 + + [ Colin Watson ] + * methods/connect.cc: + - provide useful error message in case of EAI_SYSTEM + (closes: #703603) + + [ Michael Vogt ] + * add new config options "Acquire::ForceIPv4" and + "Acquire::ForceIPv6" to allow focing one or the other + (closes: #611891) + * lp:~mvo/apt/fix-tagfile-hash: + - fix false positives in pkgTagSection.Exists(), thanks to + Niels Thykier for the testcase (closes: #703240) + - this will require rebuilds of the clients as this used to + be a inline function + + -- Michael Vogt Fri, 22 Mar 2013 21:57:08 +0100 + +apt (0.9.7.8) unstable; urgency=criticial + + * SECURITY UPDATE: InRelease verification bypass + - CVE-2013-1051 + + [ David Kalnischk ] + * apt-pkg/deb/debmetaindex.cc, + test/integration/test-bug-595691-empty-and-broken-archive-files, + test/integration/test-releasefile-verification: + - disable InRelease downloading until the verification issue is + fixed, thanks to Ansgar Burchardt for finding the flaw + + -- Michael Vogt Thu, 14 Mar 2013 07:47:36 +0100 + +apt (0.9.7.8~exp2) experimental; urgency=low + + * include two missing patches to really fix bug #696225, thanks to + Guillem Jover + * ensure sha512 is really used when available, thanks to Tyler Hicks + (LP: #1098752) + + -- Michael Vogt Fri, 01 Mar 2013 19:06:55 +0100 + +apt (0.9.7.8~exp1) experimental; urgency=low + + [ Manpages translation updates ] + * Italian (Beatrice Torracca). Closes: #696601 + + [ Programs translation updates ] + * Japanese (Kenshi Muto). Closes: #699783 + + [ Michael Vogt ] + * fix pkgProblemResolver::Scores, thanks to Paul Wise. + Closes: #697577 + * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann + for the report. Closes: #696923 + * apt-pkg/contrib/progress.cc: + - Make "..." translatable to fix inconsistencies in the output + of e.g. apt-get update. While this adds new translatable strings, + not having translations for them will not break anything. + Thanks to Guillem Jover. Closes: #696225 + * debian/apt.cron.daily: + - when reading from /dev/urandom, use less entropy and fix a rare + bug when the random number chksum is less than 1000. + Closes: #695285 + * methods/https.cc: + - reuse connection in https, thanks to Thomas Bushnell, BSG for the + patch. LP: #1087543, Closes: #695359 + - add missing curl_easy_cleanup() + * methods/http.cc: + - quote spaces in filenames to ensure as the http method is also + (potentially) used for non deb,dsc content that may contain + spaces, thanks to Daniel Hartwig and Thomas Bushnell + (LP: #1086997) + - quote plus in filenames to work around a bug in the S3 server + (LP: #1003633) + * apt-pkg/indexrecords.cc: + - support '\r' in the Release file + + [ David Kalnischkies ] + * apt-pkg/depcache.cc: + - prefer to install packages which have an already installed M-A:same + sibling while choosing providers (LP: #1130419) + + -- Michael Vogt Fri, 01 Mar 2013 14:16:42 +0100 + +apt (0.9.7.7) unstable; urgency=low + + [ Program translation updates ] + * Catalan (Jordi Mallach) + * Drop a confusing non-breaking space. Closes: #691024 + * Thai (Theppitak Karoonboonyanan). Closes: #691613 + * Vietnamese (Trần Ngọc Quân). Closes: #693773 + * Fix Plural forms in German, French, Japanese and Portuguese + translations. Thanks to Jakub Wilk for reporting these errors. + + [ David Kalnischkies ] + * apt-pkg/packagemanager.cc: + - do not do lock-step configuration for a M-A:same package if it isn't + unpacked yet in SmartConfigure and do not unpack a M-A:same package + again in SmartUnPack if we have already configured it (LP: #1062503) + * apt-pkg/depcache.cc: + - don't call MarkInstall with the FromUser flag set for packages + which are dependencies of APT::Never-MarkAuto-Sections matchers + - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk + * cmdline/apt-get.cc: + - do not call Mark{Install,Delete} from the autoremove code with + the FromUser bit set to avoid modifying the auto-installed bit + * apt-pkg/algorithms.cc: + - ensure pkgProblemResolver calls MarkDelete without FromUser set + so that it can't overrule holds and the protection flag + + [ Michael Vogt ] + * change permissions of /var/log/apt/term.log to 0640 (LP: #975199) + + [ Jonathan Thomas ] + * apt-pkg/algorithms.cc: + - fix package-pointer array memory leak in ResolveByKeepInternal() + + -- Michael Vogt Thu, 13 Dec 2012 09:52:19 +0100 + +apt (0.9.7.6) unstable; urgency=low + + [ Program translation updates ] + * Ukrainian (A. Bondarenko) + + [ David Kalnischkies ] + * apt-pkg/pkgcachegen.cc: + - ensure that dependencies for packages:none are always generated + - add 2 missing remap registrations causing a segfault in case + we use the not remapped iterators after a move of the mmap again + - write the native architecture as unique string into the cache header + as it is used for arch:all packages as a map to arch:native. + Otherwise arch comparisons later will see differences (Closes: #689323) + * apt-pkg/pkgcache.cc: + - ignore negative dependencies applying in the same group for M-A:same + packages on the real package name as self-conflicts (Closes: #688863) + * cmdline/apt-cache.cc: + - print versioned dependency relations in (r)depends if the option + APT::Cache::ShowVersion is true (default: false) as discussed in + #218995 to help debian-cd fixing #687949. Thanks to Sam Lidder + for initial patch and Steve McIntyre for nagging and testing! + * apt-pkg/edsp.cc: + - include reinstall requests and already installed (= protected) packages + in the install-request for external resolvers (Closes: #689331) + * apt-pkg/policy.cc: + - match pins with(out) an architecture as we do on the commandline + (partly fixing #687255, b= support has to wait for jessie) + * apt-pkg/contrib/netrc.cc: + - remove the 64 char limit for login/password in internal usage + - remove 256 char line limit by using getline() (POSIX.1-2008) + + [ Colin Watson ] + * apt-pkg/pkgcachegen.cc: + - Fix crash if the cache is remapped while writing a Provides version + (LP: #1066445). + + -- Michael Vogt Tue, 16 Oct 2012 18:08:53 +0200 + +apt (0.9.7.5) unstable; urgency=low [ Manpages translation updates ] * Japanese (KURASAWA Nozomu) (Closes: #684435) + * Portuguese (Américo Monteiro) (Closes: #686975) [ David Kalnischkies ] + * handle packages without a mandatory architecture (debian-policy §5.3) + by introducing a pseudo-architecture 'none' so that the small group of + users with these packages can get right of them without introducing too + much hassle for other users (Closes: #686346) * apt-pkg/cdrom.cc: - copy only configured translation files from a CD-ROM and not all available translation files preventing new installs with d-i from @@ -28,8 +259,11 @@ apt (0.9.7.5) UNRELEASED; urgency=low - do not warn about files which have a record in the Release file, but are not present on the CD to mirror the behavior of the other methods and to allow uncompressed indexes to be dropped without scaring users + * apt-pkg/pkgcachegen.cc: + - do not create 'native' (or now 'none') package structures as a side + effect of description translation parsing as it pollutes the cache - -- David Kalnischkies Sun, 26 Aug 2012 10:49:17 +0200 + -- Michael Vogt Tue, 11 Sep 2012 15:56:44 +0200 apt (0.9.7.4) unstable; urgency=low