X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/ad6946e73ca11f79ffd306b511883131dc7babe6..ad000f6b68f9216412a6a70bcfe6cb11fb0c2fe6:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 569136b7a..3ef652c56 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,118 @@ -apt (0.9.7.5) UNRELEASED; urgency=low +apt (0.9.7.9) UNRELEASED; urgency=low + + [ David Kalnischkies ] + * apt-pkg/indexcopy.cc: + - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc + * apt-pkg/contrib/gpgv.cc: + - ExecGPGV is a method which should never return, so mark it as such + and fix the inconsistency of returning in error cases + - don't close stdout/stderr if it is also the statusfd + - if ExecGPGV deals with a clear-signed file it will split this file + into data and signatures, pass it to gpgv for verification and + recombines it after that in a known-good way without unsigned blocks + and whitespaces resulting usually in more or less the same file as + before, but later code can be sure about the format + * apt-pkg/acquire-item.cc: + - keep the last good InRelease file around just as we do it with + Release.gpg in case the new one we download isn't good for us + * apt-pkg/deb/debmetaindex.cc: + - reenable InRelease by default + + [ Michael Vogt ] + * add regression test for CVE-2013-1051 + * implement GPGSplit() based on the idea from Ansgar Burchardt + (many thanks!) + + -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 + +apt (0.9.7.8) unstable; urgency=criticial + + * SECURITY UPDATE: InRelease verification bypass + - CVE-2013-1051 + + [ David Kalnischk ] + * apt-pkg/deb/debmetaindex.cc, + test/integration/test-bug-595691-empty-and-broken-archive-files, + test/integration/test-releasefile-verification: + - disable InRelease downloading until the verification issue is + fixed, thanks to Ansgar Burchardt for finding the flaw + + -- Michael Vogt Thu, 14 Mar 2013 07:47:36 +0100 + +apt (0.9.7.7) unstable; urgency=low + + [ Program translation updates ] + * Catalan (Jordi Mallach) + * Drop a confusing non-breaking space. Closes: #691024 + * Thai (Theppitak Karoonboonyanan). Closes: #691613 + * Vietnamese (Trần Ngọc Quân). Closes: #693773 + * Fix Plural forms in German, French, Japanese and Portuguese + translations. Thanks to Jakub Wilk for reporting these errors. + + [ David Kalnischkies ] + * apt-pkg/packagemanager.cc: + - do not do lock-step configuration for a M-A:same package if it isn't + unpacked yet in SmartConfigure and do not unpack a M-A:same package + again in SmartUnPack if we have already configured it (LP: #1062503) + * apt-pkg/depcache.cc: + - don't call MarkInstall with the FromUser flag set for packages + which are dependencies of APT::Never-MarkAuto-Sections matchers + - no mode changes should obviously be ok for pkgDepCache::IsModeChangeOk + * cmdline/apt-get.cc: + - do not call Mark{Install,Delete} from the autoremove code with + the FromUser bit set to avoid modifying the auto-installed bit + * apt-pkg/algorithms.cc: + - ensure pkgProblemResolver calls MarkDelete without FromUser set + so that it can't overrule holds and the protection flag + + [ Michael Vogt ] + * change permissions of /var/log/apt/term.log to 0640 (LP: #975199) + + [ Jonathan Thomas ] + * apt-pkg/algorithms.cc: + - fix package-pointer array memory leak in ResolveByKeepInternal() + + -- Michael Vogt Thu, 13 Dec 2012 09:52:19 +0100 + +apt (0.9.7.6) unstable; urgency=low + + [ Program translation updates ] + * Ukrainian (A. Bondarenko) + + [ David Kalnischkies ] + * apt-pkg/pkgcachegen.cc: + - ensure that dependencies for packages:none are always generated + - add 2 missing remap registrations causing a segfault in case + we use the not remapped iterators after a move of the mmap again + - write the native architecture as unique string into the cache header + as it is used for arch:all packages as a map to arch:native. + Otherwise arch comparisons later will see differences (Closes: #689323) + * apt-pkg/pkgcache.cc: + - ignore negative dependencies applying in the same group for M-A:same + packages on the real package name as self-conflicts (Closes: #688863) + * cmdline/apt-cache.cc: + - print versioned dependency relations in (r)depends if the option + APT::Cache::ShowVersion is true (default: false) as discussed in + #218995 to help debian-cd fixing #687949. Thanks to Sam Lidder + for initial patch and Steve McIntyre for nagging and testing! + * apt-pkg/edsp.cc: + - include reinstall requests and already installed (= protected) packages + in the install-request for external resolvers (Closes: #689331) + * apt-pkg/policy.cc: + - match pins with(out) an architecture as we do on the commandline + (partly fixing #687255, b= support has to wait for jessie) + * apt-pkg/contrib/netrc.cc: + - remove the 64 char limit for login/password in internal usage + - remove 256 char line limit by using getline() (POSIX.1-2008) + + [ Colin Watson ] + * apt-pkg/pkgcachegen.cc: + - Fix crash if the cache is remapped while writing a Provides version + (LP: #1066445). + + -- Michael Vogt Tue, 16 Oct 2012 18:08:53 +0200 + +apt (0.9.7.5) unstable; urgency=low [ Manpages translation updates ] * Japanese (KURASAWA Nozomu) (Closes: #684435) @@ -37,7 +151,7 @@ apt (0.9.7.5) UNRELEASED; urgency=low - do not create 'native' (or now 'none') package structures as a side effect of description translation parsing as it pollutes the cache - -- David Kalnischkies Sun, 26 Aug 2012 10:49:17 +0200 + -- Michael Vogt Tue, 11 Sep 2012 15:56:44 +0200 apt (0.9.7.4) unstable; urgency=low