X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/424ff669be2d1871592247907d977ed9fba3229f..c1b21367668fb435cfb8a2a18c3292e006c2e795:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 0f6dceb86..239fb308c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,397 @@ -apt (0.9.6.1) UNRELEASED; urgency=low +apt (0.9.7.9~exp2) UNRELEASED; urgency=low + + [ Programs translations ] + * Update all PO files and apt-all.pot + * French translation completed (Christian Perrier) + + [ Daniel Hartwig ] + * cmdline/apt-get.cc: + - do not have space between "-a" and option when cross building + (closes: #703792) + * test/integration/test-apt-get-download: + - fix test now that #1098752 is fixed + * po/{ca,cs,ru}.po: + - fix merge artifact + + [ David Kalnischkies ] + * apt-pkg/indexcopy.cc: + - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc + * apt-pkg/contrib/gpgv.cc: + - ExecGPGV is a method which should never return, so mark it as such + and fix the inconsistency of returning in error cases + - don't close stdout/stderr if it is also the statusfd + - if ExecGPGV deals with a clear-signed file it will split this file + into data and signatures, pass it to gpgv for verification + - add method to open (maybe) clearsigned files transparently + * apt-pkg/acquire-item.cc: + - keep the last good InRelease file around just as we do it with + Release.gpg in case the new one we download isn't good for us + * apt-pkg/deb/debmetaindex.cc: + - reenable InRelease by default + * ftparchive/writer.cc, + apt-pkg/deb/debindexfile.cc, + apt-pkg/deb/deblistparser.cc: + - use OpenMaybeClearSignedFile to be free from detecting and + skipping clearsigning metadata in dsc and Release files + + [ Michael Vogt ] + * add regression test for CVE-2013-1051 + * implement GPGSplit() based on the idea from Ansgar Burchardt + (many thanks!) + * methods/connect.cc: + - use Errno() instead of strerror(), thanks to David Kalnischk + * doc/apt.conf.5.xml: + - document Acquire::ForceIPv{4,6} + + -- Michael Vogt Tue, 02 Apr 2013 15:13:50 +0200 + +apt (0.9.7.9~exp1) experimental; urgency=low + + [ Niels Thykier ] + * test/libapt/assert.h, test/libapt/run-tests: + - exit with status 1 on test failure + + [ Daniel Hartwig ] + * test/integration/framework: + - continue after test failure but preserve exit status + + [ Programs translation updates ] + * Turkish (Mert Dirik). Closes: #703526 + + [ Colin Watson ] + * methods/connect.cc: + - provide useful error message in case of EAI_SYSTEM + (closes: #703603) + + [ Michael Vogt ] + * add new config options "Acquire::ForceIPv4" and + "Acquire::ForceIPv6" to allow focing one or the other + (closes: #611891) + * lp:~mvo/apt/fix-tagfile-hash: + - fix false positives in pkgTagSection.Exists(), thanks to + Niels Thykier for the testcase (closes: #703240) + - this will require rebuilds of the clients as this used to + be a inline function + + -- Michael Vogt Fri, 22 Mar 2013 21:57:08 +0100 + +apt (0.9.7.8) unstable; urgency=criticial + + * SECURITY UPDATE: InRelease verification bypass + - CVE-2013-1051 + + [ David Kalnischk ] + * apt-pkg/deb/debmetaindex.cc, + test/integration/test-bug-595691-empty-and-broken-archive-files, + test/integration/test-releasefile-verification: + - disable InRelease downloading until the verification issue is + fixed, thanks to Ansgar Burchardt for finding the flaw + + -- Michael Vogt Thu, 14 Mar 2013 07:47:36 +0100 + +apt (0.9.7.8~exp2) experimental; urgency=low + + * include two missing patches to really fix bug #696225, thanks to + Guillem Jover + * ensure sha512 is really used when available, thanks to Tyler Hicks + (LP: #1098752) + + -- Michael Vogt Fri, 01 Mar 2013 19:06:55 +0100 + +apt (0.9.7.8~exp1) experimental; urgency=low + + [ Manpages translation updates ] + * Italian (Beatrice Torracca). Closes: #696601 + + [ Programs translation updates ] + * Japanese (Kenshi Muto). Closes: #699783 + + [ Michael Vogt ] + * fix pkgProblemResolver::Scores, thanks to Paul Wise. + Closes: #697577 + * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann + for the report. Closes: #696923 + * apt-pkg/contrib/progress.cc: + - Make "..." translatable to fix inconsistencies in the output + of e.g. apt-get update. While this adds new translatable strings, + not having translations for them will not break anything. + Thanks to Guillem Jover. Closes: #696225 + * debian/apt.cron.daily: + - when reading from /dev/urandom, use less entropy and fix a rare + bug when the random number chksum is less than 1000. + Closes: #695285 + * methods/https.cc: + - reuse connection in https, thanks to Thomas Bushnell, BSG for the + patch. LP: #1087543, Closes: #695359 + - add missing curl_easy_cleanup() + * methods/http.cc: + - quote spaces in filenames to ensure as the http method is also + (potentially) used for non deb,dsc content that may contain + spaces, thanks to Daniel Hartwig and Thomas Bushnell + (LP: #1086997) + - quote plus in filenames to work around a bug in the S3 server + (LP: #1003633) + * apt-pkg/indexrecords.cc: + - support '\r' in the Release file + + [ David Kalnischkies ] + * apt-pkg/depcache.cc: + - prefer to install packages which have an already installed M-A:same + sibling while choosing providers (LP: #1130419) + + -- Michael Vogt Fri, 01 Mar 2013 14:16:42 +0100 + +apt (0.9.7.7) unstable; urgency=low + + [ Program translation updates ] + * Catalan (Jordi Mallach) + * Drop a confusing non-breaking space. Closes: #691024 + * Thai (Theppitak Karoonboonyanan). Closes: #691613 + * Vietnamese (Trần Ngọc Quân). Closes: #693773 + * Fix Plural forms in German, French, Japanese and Portuguese + translations. Thanks to Jakub Wilk for reporting these errors. + + [ David Kalnischkies ] + * apt-pkg/packagemanager.cc: + - do not do lock-step configuration for a M-A:same package if it isn't + unpacked yet in SmartConfigure and do not unpack a M-A:same package + again in SmartUnPack if we have already configured it (LP: #1062503) + * apt-pkg/depcache.cc: + - don't call MarkInstall with the FromUser flag set for packages + which are dependencies of APT::Never-MarkAuto-Sections matchers + - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk + * cmdline/apt-get.cc: + - do not call Mark{Install,Delete} from the autoremove code with + the FromUser bit set to avoid modifying the auto-installed bit + * apt-pkg/algorithms.cc: + - ensure pkgProblemResolver calls MarkDelete without FromUser set + so that it can't overrule holds and the protection flag + + [ Michael Vogt ] + * change permissions of /var/log/apt/term.log to 0640 (LP: #975199) + + [ Jonathan Thomas ] + * apt-pkg/algorithms.cc: + - fix package-pointer array memory leak in ResolveByKeepInternal() + + -- Michael Vogt Thu, 13 Dec 2012 09:52:19 +0100 + +apt (0.9.7.6) unstable; urgency=low + + [ Program translation updates ] + * Ukrainian (A. Bondarenko) + + [ David Kalnischkies ] + * apt-pkg/pkgcachegen.cc: + - ensure that dependencies for packages:none are always generated + - add 2 missing remap registrations causing a segfault in case + we use the not remapped iterators after a move of the mmap again + - write the native architecture as unique string into the cache header + as it is used for arch:all packages as a map to arch:native. + Otherwise arch comparisons later will see differences (Closes: #689323) + * apt-pkg/pkgcache.cc: + - ignore negative dependencies applying in the same group for M-A:same + packages on the real package name as self-conflicts (Closes: #688863) + * cmdline/apt-cache.cc: + - print versioned dependency relations in (r)depends if the option + APT::Cache::ShowVersion is true (default: false) as discussed in + #218995 to help debian-cd fixing #687949. Thanks to Sam Lidder + for initial patch and Steve McIntyre for nagging and testing! + * apt-pkg/edsp.cc: + - include reinstall requests and already installed (= protected) packages + in the install-request for external resolvers (Closes: #689331) + * apt-pkg/policy.cc: + - match pins with(out) an architecture as we do on the commandline + (partly fixing #687255, b= support has to wait for jessie) + * apt-pkg/contrib/netrc.cc: + - remove the 64 char limit for login/password in internal usage + - remove 256 char line limit by using getline() (POSIX.1-2008) + + [ Colin Watson ] + * apt-pkg/pkgcachegen.cc: + - Fix crash if the cache is remapped while writing a Provides version + (LP: #1066445). + + -- Michael Vogt Tue, 16 Oct 2012 18:08:53 +0200 + +apt (0.9.7.5) unstable; urgency=low + + [ Manpages translation updates ] + * Japanese (KURASAWA Nozomu) (Closes: #684435) + * Portuguese (Américo Monteiro) (Closes: #686975) + + [ David Kalnischkies ] + * handle packages without a mandatory architecture (debian-policy §5.3) + by introducing a pseudo-architecture 'none' so that the small group of + users with these packages can get right of them without introducing too + much hassle for other users (Closes: #686346) + * apt-pkg/cdrom.cc: + - copy only configured translation files from a CD-ROM and not all + available translation files preventing new installs with d-i from + being initialized with all translations (Closes: #678227) + - handle Components in the reduction for the source.list as multi-arch CDs + otherwise create duplicated source entries (e.g. "wheezy main main") + * apt-pkg/packagemanager.cc: + - unpack versions only in case a different version from the package + is currently in unpack state to recover from broken system states + (like different file in M-A:same package and other dpkg errors) + and avoid re-unpack otherwise (Closes: #670900) + * debian/control: + - let libapt-pkg break apt < 0.9.4 to ensure that the installed http- + method supports the new redirection-style, thanks to Raphael Geissert + for reporting & testing (Closes: #685192) + * doc/apt_preferences.5.xml: + - use the correct interval (x <= P < y) for pin value documentation as + these are the intervals used by the code (Closes: #685989) + * apt-pkg/indexcopy.cc: + - do not create duplicated flat-archive CD-ROM sources for foreign + architectures on multi-arch CD-ROMs + - do not warn about files which have a record in the Release file, but + are not present on the CD to mirror the behavior of the other methods + and to allow uncompressed indexes to be dropped without scaring users + * apt-pkg/pkgcachegen.cc: + - do not create 'native' (or now 'none') package structures as a side + effect of description translation parsing as it pollutes the cache + + -- Michael Vogt Tue, 11 Sep 2012 15:56:44 +0200 + +apt (0.9.7.4) unstable; urgency=low + + [ Manpages translation updates ] + * Polish (Robert Luberda) (Closes: #683109) + + [ Program translation updates ] + * Polish (Michał Kułach) + + [ Pino Toscano ] + * apt-pkg/contrib/mmap.cc: + - guard only the msync call with _POSIX_SYNCHRONIZED_IO rather + than also the fallback code as it breaks APT on hurd since 0.9.7.3 + as the fallback is now always used on non-linux (Closes: #683354) + + [ David Kalnischkies ] + * apt-pkg/contrib/fileutl.cc: + - remove _POSIX_SYNCHRONIZED_IO guard in FileFd::Sync() around fsync + as this guard is only needed for fdatasync and not defined on hurd + * cmdline/apt-get.cc: + - error out on (unsatisfiable) build-deps on purly virtual packages + instead of ignoring these dependencies; thanks to Johannes Schauer + for the detailed report! (Closes: #683786) + - ensure that the right architecture is used for cross-dependencies in + cases we have to choose a provider by defaulting on host-arch + instead of build-arch + * doc/apt-verbatim.ent: + - denote 'wheezy' as stable codename and 'jessie' as testing codename + in the documentation in preparation for release + * apt-pkg/indexcopy.cc: + - do not use atomic writing if the target is /dev/null as we don't want + to replace it, not even automically. (Closes: #683410) + * apt-pkg/cdrom.cc: + - do not link() but rename() the cdroms.list to cdroms.list~ as a backup + to ensure that apt-cdrom can be run multiple times (Closes: #676302) + + -- Michael Vogt Mon, 06 Aug 2012 15:55:04 +0200 + +apt (0.9.7.3) unstable; urgency=low + + [ Manpages translation updates ] + * Spanish; (Omar Campagne). Closes: #681566 + + [ Program translation updates ] + * Czech (Miroslav Kure). Closes: #680758 + + [ David Kalnischkies ] + * apt-pkg/cacheset.cc: + - handle :all and :native correctly as architectures again + in the commandline parsing (regression in 0.9.7) + * apt-pkg/packagemanager.cc: + - do not segfault if nothing can be configured to statisfy + a pre-depends (e.g. in a pre-depends loop) (Closes: #681958) + * apt-pkg/contrib/mmap.cc: + - trigger the usage of the fallback code for kfreebsd also in the + second (filebased) constructor of DynamicMMap (Closes: #677704) + - refer to APT::Cache-Start in case the growing failed as if -Limit is + really the offender it will be noted in a previous error message. + - for filesystems not supporting mmap'ing a file we need to use a + SyncToFd dummy just as we did for compressed files in 0.9.5 + + -- Michael Vogt Fri, 27 Jul 2012 17:53:41 +0200 + +apt (0.9.7.2) unstable; urgency=low + + [ Manpages translation updates ] + * French (Christian Perrier) + * German (Chris Leick) + + [ Program translation updates ] + * Greek (Θανάσης Νάτσης) + * Japanese (Kenshi Muto) (Closes: #679662) + * Russian (Yuri Kozlov) (Closes: #679599) + * Danish (Joe Dalton) (Closes: #680119) + * Portuguese (Miguel Figueiredo) (Closes: #680616) + + [ David Kalnischkies ] + * debian/apt.cron.daily: + - do not try to backup extended_states file if it doesn't + exist (Closes: #680287) + * ftparchive/writer.cc: + - handle the APT::FTPArchive::Packages::SHA512 option correctly instead + of overriding SHA256, thanks Christian Marillat! (Closes: #680252) + * cmdline/apt-mark.cc: + - arch:all packages are treated as arch:native packages, but dpkg + expects pkg:all for selections, so use the arch of the installed + version instead of the package structure if possible. + Thanks to Stepan Golosunov for the report! (Closes: #680041) + * apt-pkg/clean.cc: + - run autoclean against pkg:arch and not always against pkg:native as + this removes valid cache entries (Closes: #679371) + * apt-pkg/deb/deblistparser.cc: + - negative dependencies need to apply to all architectures, + but those with a specific architecture only apply to this one + * apt-pkg/cachefilter.cc: + - remove architecture-specific arch to tuple expansion-rules as they lead + to the same tuples for different architectures (e.g. linux-arm for arm, + armel and armhf) while the dpkg-architecture code uses triples which + are different (in the first part, which we omit in our tuples), so e.g. + build-dep restrictions for armel ended up effecting armhf as well + + -- Michael Vogt Fri, 13 Jul 2012 21:33:56 +0200 + +apt (0.9.7.1) unstable; urgency=low + + [ Program translation updates ] + * Bulgarian (Damyan Ivanov) (Closes: #678983) + * Hungarian (Gabor Kelemen) + * Italian (Milo Casagrande) + * Slovenian (Andrej Znidarsic) + * German (Holger Wansing) (Closes: #679314) + * Slovak (Ivan Masár) (Closes: #679448) + + [ David Kalnischkies ] + * cmdline/apt-internal-solver.cc, cmdline/apt-mark.cc: + - typo fixes and unfuzzy translations + * debian/control: + - libapt-{pkg,inst} packages should be in section 'libs' instead + of 'admin' as by ftp-master override request in #677596 + - demote debiandoc-sgml to Build-Depends-Indep + * doc/makefile: + - separate translation building of debiandoc from manpages + so that we don't need to build debiandoc for binary packages + + -- Michael Vogt Fri, 29 Jun 2012 14:26:32 +0200 + +apt (0.9.7) unstable; urgency=low + + [ Julian Andres Klode ] + * apt-pkg/contrib/mmap.cc: + - Fix the Fallback option to work correctly, by not calling + realloc() on a map mapped by mmap(), and by using malloc + and friends instead of new[]. + - Zero out the new memory allocated with realloc(). + + [ Daniel Hartwig ] + * apt-pkg/pkgcachegen.cc: + - always reset _error->StackCount in MakeStatusCache (Closes: #677175) [ David Kalnischkies ] * apt-pkg/deb/deblistparser.cc: @@ -7,8 +400,20 @@ apt (0.9.6.1) UNRELEASED; urgency=low - use PackageArchitectureMatchesSpecification filter * apt-pkg/cachefilter.cc: - add PackageArchitectureMatchesSpecification (Closes: #672603) + * apt-pkg/cacheset.cc: + - add PackageContainerInterface::FromGroup to support + architecture specifications with wildcards on the commandline + * apt-pkg/pkgcache.cc: + - do a string comparision for architecture checking in IsMultiArchImplicit + as 'unique' strings in the pkgcache aren't unique (Closes: #677454) + * buildlib/configure.mak: + - print a message detailing how to get config.guess and config.sub + in case they are not in /usr/share/misc (Closes: #677312) + * cmdline/apt-get.cc: + - print a friendly message in 'download' if a package can't be + downloaded (Closes: #677887) - -- David Kalnischkies Thu, 14 Jun 2012 15:45:13 +0200 + -- Michael Vogt Tue, 19 Jun 2012 16:42:43 +0200 apt (0.9.6) unstable; urgency=low