]> git.saurik.com Git - apt.git/log
apt.git
12 years agonewer gcc versions seems to have no problem with that, but while working
David Kalnischkies [Tue, 17 Apr 2012 21:47:35 +0000 (23:47 +0200)] 
newer gcc versions seems to have no problem with that, but while working
with g++-4.1 it complains about this so lets be extra clear

12 years agoensure that not --assert-multi-arch supporting dpkg's do not generate
David Kalnischkies [Tue, 17 Apr 2012 21:45:52 +0000 (23:45 +0200)] 
ensure that not --assert-multi-arch supporting dpkg's do not generate
output in the testcases by redirecting to /dev/null

12 years agoreleasing version 0.9.1 0.9.1
Michael Vogt [Tue, 17 Apr 2012 07:56:44 +0000 (09:56 +0200)] 
releasing version 0.9.1

12 years agodoc/* i18n refresh
Michael Vogt [Tue, 17 Apr 2012 07:55:54 +0000 (09:55 +0200)] 
doc/* i18n refresh

12 years agomerged from lp:~donkult/apt/sid
Michael Vogt [Tue, 17 Apr 2012 07:18:34 +0000 (09:18 +0200)] 
merged from lp:~donkult/apt/sid

12 years ago* apt-pkg/packagemanager.cc:
David Kalnischkies [Mon, 16 Apr 2012 21:55:39 +0000 (23:55 +0200)] 
* apt-pkg/packagemanager.cc:
  - init counter in SmartConfigure so that the loop-breaker isn't
    triggered at random… (Closes: #669060)

12 years ago* cmdline/apt-get.cc:
David Kalnischkies [Mon, 16 Apr 2012 21:55:21 +0000 (23:55 +0200)] 
* cmdline/apt-get.cc:
  - if pkgCacheFile::Generate is disabled in 'update' don't
    remove the caches (and don't try to open them)

12 years agomerge from the expermental2 branch
Michael Vogt [Mon, 16 Apr 2012 17:24:07 +0000 (19:24 +0200)] 
merge from the expermental2 branch

12 years agoreleasing version 0.9.0 0.9.0
Michael Vogt [Mon, 16 Apr 2012 17:05:31 +0000 (19:05 +0200)] 
releasing version 0.9.0

12 years agoreleasing version 0.9.0~exp1
Michael Vogt [Thu, 12 Apr 2012 13:14:57 +0000 (15:14 +0200)] 
releasing version 0.9.0~exp1

12 years ago(semi)automatic translations update
Michael Vogt [Thu, 12 Apr 2012 13:13:53 +0000 (15:13 +0200)] 
(semi)automatic translations update

12 years agoapt-pkg/packagemanager.cc: tweak MaxLoopCount to 500 and improve the error message
Michael Vogt [Thu, 12 Apr 2012 13:13:08 +0000 (15:13 +0200)] 
apt-pkg/packagemanager.cc: tweak MaxLoopCount to 500 and improve the error message

12 years agomerged r1972 from lp:~paolorotolo/apt/fix-for-967393
Michael Vogt [Thu, 12 Apr 2012 10:23:57 +0000 (12:23 +0200)] 
merged r1972 from lp:~paolorotolo/apt/fix-for-967393

12 years agomerged r1970 lp:~vorlon/apt/lp.968828
Michael Vogt [Thu, 12 Apr 2012 10:18:43 +0000 (12:18 +0200)] 
merged r1970 lp:~vorlon/apt/lp.968828

12 years agoprepare new experimtnal upload
Michael Vogt [Wed, 11 Apr 2012 16:12:50 +0000 (18:12 +0200)] 
prepare new experimtnal upload

12 years agomerged from donkults experimental branch
Michael Vogt [Wed, 11 Apr 2012 15:45:36 +0000 (17:45 +0200)] 
merged from donkults experimental branch

12 years agouse a static FileFd::Write overload to reduce duplication of write()-retry code
David Kalnischkies [Wed, 11 Apr 2012 11:25:28 +0000 (13:25 +0200)] 
use a static FileFd::Write overload to reduce duplication of write()-retry code

12 years agofix the remaining lzma calls with xz --format=lzma in the testcases
David Kalnischkies [Wed, 11 Apr 2012 10:36:32 +0000 (12:36 +0200)] 
fix the remaining lzma calls with xz --format=lzma in the testcases

12 years ago* cmdline/apt-get.cc:
David Kalnischkies [Wed, 11 Apr 2012 10:12:24 +0000 (12:12 +0200)] 
* cmdline/apt-get.cc:
  - print list of autoremoves in alphabetical order (Closes: #639008)

12 years agouse xz-utils in the testcases instead of lzma and ensure that we really
David Kalnischkies [Wed, 11 Apr 2012 09:57:48 +0000 (11:57 +0200)] 
use xz-utils in the testcases instead of lzma and ensure that we really
ignore the presents (or absence) of lzma if we decided to use xz

12 years ago* debian/control:
Michael Vogt [Wed, 11 Apr 2012 08:21:05 +0000 (10:21 +0200)] 
* debian/control:
  - suggest xz-lzma instead of lzma

12 years agoDrop hardcoded "en.html" suffix in apt-secure manpage.
bubulle@debian.org [Fri, 6 Apr 2012 18:09:13 +0000 (20:09 +0200)] 
Drop hardcoded "en.html" suffix in apt-secure manpage.
Thanks to David Prevot.

12 years agosuggest xz-utils instead of bzip2 and lzma
David Kalnischkies [Thu, 5 Apr 2012 19:37:57 +0000 (21:37 +0200)] 
suggest xz-utils instead of bzip2 and lzma

12 years ago - add libbz2-dev as new build-dependency
David Kalnischkies [Thu, 5 Apr 2012 18:51:36 +0000 (20:51 +0200)] 
  - add libbz2-dev as new build-dependency
  - remove the libz-dev alternative from zlib1g-dev build-dependency
  - do the same for bz2 builtin if available
* apt-pkg/contrib/fileutl.cc:
  - use libz2 library for (de)compression instead of the bzip2 binary as
    the first is a dependency of dpkg and the later just priority:optional
    so we gain 'easier' access to bz2-compressed Translation files this way

12 years agoif we have zlib builtin insert add a dummy gzip compressor for FileFD
David Kalnischkies [Thu, 5 Apr 2012 17:02:08 +0000 (19:02 +0200)] 
if we have zlib builtin insert add a dummy gzip compressor for FileFD

12 years ago* methods/bzip2.cc:
David Kalnischkies [Thu, 5 Apr 2012 16:51:06 +0000 (18:51 +0200)] 
* methods/bzip2.cc:
  - remove it as the functionality for all compressors can be
    provided by gzip.cc now with the usage of FileFD

12 years ago* apt-pkg/aptconfiguration.cc:
David Kalnischkies [Thu, 5 Apr 2012 16:49:13 +0000 (18:49 +0200)] 
* apt-pkg/aptconfiguration.cc:
  - if present, prefer xz binary over lzma

12 years agodetect zlib correctly. We still don't allow to build without it to remain
David Kalnischkies [Thu, 5 Apr 2012 13:18:03 +0000 (15:18 +0200)] 
detect zlib correctly. We still don't allow to build without it to remain
compatible with users accessing it directly, but this prepares for a drop
of this strict requirement in the future

12 years agodb2 isn't used for ages now, so complain about missing libdb instead
David Kalnischkies [Thu, 5 Apr 2012 12:54:45 +0000 (14:54 +0200)] 
db2 isn't used for ages now, so complain about missing libdb instead

12 years ago* cmdline/apt-get.cc:
Bogdan Purcareata [Thu, 5 Apr 2012 10:03:37 +0000 (12:03 +0200)] 
* cmdline/apt-get.cc:
  - distinguish information about 'apt-get autoremove' based on the
    number of auto-removed packages both before and after the list
    of packages (Closes: #665833)

12 years ago* doc/*:
David Kalnischkies [Thu, 5 Apr 2012 09:54:36 +0000 (11:54 +0200)] 
* doc/*:
  - move the command synopsis out of each manpage into apt-verbatim.ent
    as they are a hell to translate and just single out the parameters
    which can be translated to apt.ent

12 years agoapt-verbatim.ent is an INCLUDE file as well
David Kalnischkies [Wed, 4 Apr 2012 21:04:57 +0000 (23:04 +0200)] 
apt-verbatim.ent is an INCLUDE file as well

12 years ago[ Bogdan Purcareata ]
Bogdan Purcareata [Wed, 4 Apr 2012 20:43:53 +0000 (22:43 +0200)] 
[ Bogdan Purcareata ]
* doc/apt-get.8.xml:
  - add 'download' to the usage line (Closes: #649340)

12 years agoReplace "argument" by "paramètre" in French translation.
bubulle@debian.org [Tue, 3 Apr 2012 19:39:06 +0000 (21:39 +0200)] 
Replace "argument" by "paramètre" in French translation.
Merci, les Titeps!

12 years agoFix typo in apt-get(8). Closes: #664833
bubulle@debian.org [Tue, 27 Mar 2012 18:32:10 +0000 (20:32 +0200)] 
Fix typo in apt-get(8). Closes: #664833

12 years ago* apt-pkg/deb/dpkgpm.cc:
Michael Vogt [Tue, 27 Mar 2012 13:14:38 +0000 (15:14 +0200)] 
* apt-pkg/deb/dpkgpm.cc:
  - do not crash if (*I).Pkg is NULL (LP: #939867)

12 years agomake these retry_write methods static so that they don't end up as symbols
David Kalnischkies [Thu, 22 Mar 2012 21:18:05 +0000 (22:18 +0100)] 
make these retry_write methods static so that they don't end up as symbols

12 years ago* debian/rules:
David Kalnischkies [Thu, 22 Mar 2012 18:29:53 +0000 (19:29 +0100)] 
* debian/rules:
  - do not sed in configure.in to set the version-number
* prepare-release:
  - add as a small script to lazy check and prepare releases

12 years agomerge with debian-sid (some version screw going on here)
David Kalnischkies [Thu, 22 Mar 2012 16:34:41 +0000 (17:34 +0100)] 
merge with debian-sid (some version screw going on here)

12 years agouse the variables as the rest of the tests to avoid escapes in the output
David Kalnischkies [Thu, 22 Mar 2012 12:42:59 +0000 (13:42 +0100)] 
use the variables as the rest of the tests to avoid escapes in the output

12 years ago* apt-inst/database.{cc,h}, apt-inst/deb/dpkgdb.{cc,h}:
David Kalnischkies [Thu, 22 Mar 2012 12:09:22 +0000 (13:09 +0100)] 
* apt-inst/database.{cc,h}, apt-inst/deb/dpkgdb.{cc,h}:
  - drop instead of fix as it is only needed if you want to reimplement dpkg
    and comes straight from the beginning of last decade (Closes: #663372)
* apt-inst/deb/debfile.cc:
  - {Extract,Merge}Control() is another instance of "lets reimplement dpkg"
    so shot of this code before someone ends up using this…

12 years ago* doc/apt-get.8.xml:
Mike Erickson [Thu, 22 Mar 2012 09:37:53 +0000 (10:37 +0100)] 
* doc/apt-get.8.xml:
  - typofix: respect → respecting, thanks Mike Erickson! (Closes: #664833)

12 years ago* debian/control
David Kalnischkies [Thu, 22 Mar 2012 00:02:22 +0000 (01:02 +0100)] 
* debian/control
  - bump Standards-Version to 3.9.3 (no changes needed)

12 years agouse the correct line to get the currently configure.in version
David Kalnischkies [Wed, 21 Mar 2012 23:59:51 +0000 (00:59 +0100)] 
use the correct line to get the currently configure.in version

12 years ago* debian/apt-utils.install:
David Kalnischkies [Wed, 21 Mar 2012 23:51:44 +0000 (00:51 +0100)] 
* debian/apt-utils.install:
  - ship the ftparchive, apt-extractemplates and apt-sortpkgs locales
    in the apt-utils package instead of the apt package

12 years agothe previously used VERSION didn't work everywhere so we are switching
David Kalnischkies [Wed, 21 Mar 2012 23:16:11 +0000 (00:16 +0100)] 
the previously used VERSION didn't work everywhere so we are switching
to the more standard PACKAGE_VERSION and make it work in every file

12 years agodo not update po and pot files in the process of the build as this
David Kalnischkies [Wed, 21 Mar 2012 22:47:54 +0000 (23:47 +0100)] 
do not update po and pot files in the process of the build as this
causes timestamp changes for the mo files which therefore can't
be refcounted by dpkg for your M-A: same packages
(Closes: #659333, LP: #924628)

The commit also enables a top-level 'make update-po' and does
all the needed changes to let this work now that update-po might
be called in a freshly checkout tree

12 years agofor these helpers we don't need too much checks,
David Kalnischkies [Tue, 20 Mar 2012 20:08:15 +0000 (21:08 +0100)] 
for these helpers we don't need too much checks,
but no warnings from gcc helps

12 years ago* methods/rred.cc:
David Kalnischkies [Tue, 20 Mar 2012 18:23:32 +0000 (19:23 +0100)] 
* methods/rred.cc:
  - check return of writev() as gcc recommends
* methods/mirror.cc:
  - check return of chdir() as gcc recommends
* apt-pkg/deb/dpkgpm.cc:
  - check return of write() a gcc recommends
* apt-inst/deb/debfile.cc:
  - check return of chdir() as gcc recommends
* apt-inst/deb/dpkgdb.cc:
  - check return of chdir() as gcc recommends

12 years ago* debian/libapt-pkg4.12:
David Kalnischkies [Tue, 20 Mar 2012 17:30:32 +0000 (18:30 +0100)] 
* debian/libapt-pkg4.12:
  - update symbols file

12 years ago* methods/makefile:
David Kalnischkies [Tue, 20 Mar 2012 16:08:08 +0000 (17:08 +0100)] 
* methods/makefile:
  - do not link rred against libz anymore as FileFd handles all
    this transparently now

12 years ago* apt-pkg/acquire-worker.cc:
David Kalnischkies [Tue, 20 Mar 2012 16:05:11 +0000 (17:05 +0100)] 
* apt-pkg/acquire-worker.cc:
  - check return of write() as gcc recommends
* apt-pkg/acquire.cc:
  - check return of write() as gcc recommends
* apt-pkg/cdrom.cc:
  - check return of chdir() and link() as gcc recommends
* apt-pkg/clean.cc:
  - check return of chdir() as gcc recommends
* apt-pkg/contrib/netrc.cc:
  - check return of asprintf() as gcc recommends

12 years agoupdate the versionnumber of the faked dpkg in the testcases for multiarch
David Kalnischkies [Tue, 20 Mar 2012 16:03:35 +0000 (17:03 +0100)] 
update the versionnumber of the faked dpkg in the testcases for multiarch
and add a comment about the need of this number

12 years agomerged from lp:~mvo/apt/mvo
Michael Vogt [Tue, 13 Mar 2012 13:33:23 +0000 (14:33 +0100)] 
merged from lp:~mvo/apt/mvo

12 years agoadd APT::pkgPackageManager::MaxLoopCount to ensure that the
Michael Vogt [Tue, 13 Mar 2012 13:32:40 +0000 (14:32 +0100)] 
add APT::pkgPackageManager::MaxLoopCount to ensure that the
ordering code does not get into a endless loop when it flip-flops
between two states

12 years agomerged from debian-experimental2
Michael Vogt [Tue, 13 Mar 2012 13:21:00 +0000 (14:21 +0100)] 
merged from debian-experimental2

12 years agonow that stdout/stdlog are used consistently, the message order changed
David Kalnischkies [Tue, 13 Mar 2012 12:34:47 +0000 (13:34 +0100)] 
now that stdout/stdlog are used consistently, the message order changed

12 years agomerged from lp:~donkult/apt/experimental
Michael Vogt [Tue, 13 Mar 2012 12:29:52 +0000 (13:29 +0100)] 
merged from lp:~donkult/apt/experimental

12 years agorecheck dependencies in SmartUnpack after a change, too
David Kalnischkies [Tue, 13 Mar 2012 11:39:05 +0000 (12:39 +0100)] 
recheck dependencies in SmartUnpack after a change, too

12 years ago* apt-pkg/packagemanager.cc:
David Kalnischkies [Tue, 13 Mar 2012 10:37:15 +0000 (11:37 +0100)] 
* apt-pkg/packagemanager.cc:
  - recheck all dependencies if we changed a package in SmartConfigure
    as this could break an earlier dependency (LP: #940396)

12 years agoensure that the fullname of a package is displayed in the debug output
David Kalnischkies [Mon, 12 Mar 2012 18:30:48 +0000 (19:30 +0100)] 
ensure that the fullname of a package is displayed in the debug output

12 years agoimprove the testcode so that we do not depend on the order of unpacking
David Kalnischkies [Mon, 12 Mar 2012 18:29:59 +0000 (19:29 +0100)] 
improve the testcode so that we do not depend on the order of unpacking
of specific packages as long as the order is okay in general

12 years agonow that the package name 'apt' is a magic word enabling essential status
David Kalnischkies [Mon, 12 Mar 2012 18:02:57 +0000 (19:02 +0100)] 
now that the package name 'apt' is a magic word enabling essential status
for said package i can't use it anymore in the testcase, so use another name

12 years agoshow which dependency couldn't be satisfied in the debug output
David Kalnischkies [Wed, 7 Mar 2012 10:16:58 +0000 (11:16 +0100)] 
show which dependency couldn't be satisfied in the debug output

12 years ago* apt-pkg/packagemanager.cc:
Michael Vogt [Wed, 7 Mar 2012 08:20:31 +0000 (09:20 +0100)] 
* apt-pkg/packagemanager.cc:
  - fix inconsistent clog/cout usage in the debug output

12 years agoreleasing version 0.8.16~exp13
Michael Vogt [Tue, 6 Mar 2012 17:21:02 +0000 (18:21 +0100)] 
releasing version 0.8.16~exp13

12 years agomerged from lp:~donkult/apt/experimental
Michael Vogt [Tue, 6 Mar 2012 17:10:02 +0000 (18:10 +0100)] 
merged from lp:~donkult/apt/experimental

12 years agoadd Debug::pkgAcqArchive::NoQueue to disable package downloading
David Kalnischkies [Tue, 6 Mar 2012 16:58:16 +0000 (17:58 +0100)] 
add Debug::pkgAcqArchive::NoQueue to disable package downloading

12 years agomerge with apt/experimental
David Kalnischkies [Tue, 6 Mar 2012 16:36:59 +0000 (17:36 +0100)] 
merge with apt/experimental

* apt-pkg/packagemanager.cc:
  - fix bug in predepends handling - ensure that packages that needs
    unpackaging are unpacked before they are configured (LP: #927993)
[ Julian Andres Klode ]
* apt-pkg/deb/deblistparser.cc:
  - Set the Essential flag on APT instead of only Important
* apt-pkg/packagemanager.cc:
  - Do not use immediate configuration for packages with the Important flag
* Treat the Important flag like the Essential flag with those differences:
  - No Immediate configuration (see above)
  - Not automatically installed during dist-upgrade
  - No higher score for installation ordering

12 years ago* apt-pkg/acquire-item.cc:
Michael Vogt [Tue, 6 Mar 2012 16:22:44 +0000 (17:22 +0100)] 
* apt-pkg/acquire-item.cc:
  - remove 'old' InRelease file if we can't get a new one before
    proceeding with Release.gpg to avoid the false impression of a still
    trusted repository by a (still present) old InRelease file.
    Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)

12 years ago* apt-pkg/packagemanager.cc:
Michael Vogt [Tue, 6 Mar 2012 13:06:38 +0000 (14:06 +0100)] 
* apt-pkg/packagemanager.cc:
  - fix bug in predepends handling - ensure that packages that needs
    unpackaging are unpacked before they are configured (LP: #927993)

12 years ago* apt-pkg/contrib/fileutl.cc:
David Kalnischkies [Tue, 6 Mar 2012 09:53:35 +0000 (10:53 +0100)] 
* apt-pkg/contrib/fileutl.cc:
  - do not warn about the ignoring of directories (Closes: #662762)

12 years agochangelog: Document scoring difference for Important flag
Julian Andres Klode [Mon, 5 Mar 2012 14:19:50 +0000 (15:19 +0100)] 
changelog: Document scoring difference for Important flag

* Treat the Important flag like the Essential flag with those differences:
  - No higher score for installation ordering

12 years ago* Treat the Important flag like the Essential flag with two differences:
Julian Andres Klode [Mon, 5 Mar 2012 14:12:31 +0000 (15:12 +0100)] 
* Treat the Important flag like the Essential flag with two differences:
  - No Immediate configuration (see above)
  - Not automatically installed during dist-upgrade

12 years ago* apt-pkg/packagemanager.cc:
Julian Andres Klode [Mon, 5 Mar 2012 14:10:54 +0000 (15:10 +0100)] 
* apt-pkg/packagemanager.cc:
  - Do not use immediate configuration for packages with the Important flag

12 years ago* apt-pkg/deb/deblistparser.cc:
Julian Andres Klode [Mon, 5 Mar 2012 13:57:11 +0000 (14:57 +0100)] 
* apt-pkg/deb/deblistparser.cc:
  - Set the Essential flag on APT instead of only Important

12 years agoas we parse datestrings from external sources a lot specify the length
David Kalnischkies [Sun, 4 Mar 2012 23:37:54 +0000 (00:37 +0100)] 
as we parse datestrings from external sources a lot specify the length
of the integer fields as well to avoid crashes in scanf as cppchecks warns:
"(warning) scanf without field width limits can crash with huge input data"

12 years agofix "(style) The scope of the variable 'count' can be reduced"
David Kalnischkies [Sun, 4 Mar 2012 23:31:52 +0000 (00:31 +0100)] 
fix "(style) The scope of the variable 'count' can be reduced"

12 years agomicro-optimize "(performance) Prefer prefix ++/-- operators for non-primitive types."
David Kalnischkies [Sun, 4 Mar 2012 23:28:39 +0000 (00:28 +0100)] 
micro-optimize "(performance) Prefer prefix ++/-- operators for non-primitive types."

12 years agoset char-limits for the scanf parsing previous crash-reports
David Kalnischkies [Sun, 4 Mar 2012 23:25:32 +0000 (00:25 +0100)] 
set char-limits for the scanf parsing previous crash-reports

12 years agofix "(performance) Possible inefficient checking for 'R' emptiness."
David Kalnischkies [Sun, 4 Mar 2012 23:21:25 +0000 (00:21 +0100)] 
fix "(performance) Possible inefficient checking for 'R' emptiness."

12 years agofix "(style) Checking if unsigned variable 'Minor' is less than zero."
David Kalnischkies [Sun, 4 Mar 2012 23:20:28 +0000 (00:20 +0100)] 
fix "(style) Checking if unsigned variable 'Minor' is less than zero."

12 years agoensure that (s)scanf doesn't parse a too long Code now that a previous
David Kalnischkies [Sun, 4 Mar 2012 23:19:50 +0000 (00:19 +0100)] 
ensure that (s)scanf doesn't parse a too long Code now that a previous
commit lifted the Line-length limit

12 years agofix two "(style) Variable 'Res' is assigned a value that is never used"
David Kalnischkies [Sun, 4 Mar 2012 22:58:23 +0000 (23:58 +0100)] 
fix two "(style) Variable 'Res' is assigned a value that is never used"

12 years agofix "(error) Possible null pointer dereference: BindAddr" by ensuring
David Kalnischkies [Sun, 4 Mar 2012 22:56:06 +0000 (23:56 +0100)] 
fix "(error) Possible null pointer dereference: BindAddr" by ensuring
that BindAddr isn't NULL after getaddrinfo()

12 years agofix "(style) Statements following return, break, continue, goto or throw
David Kalnischkies [Sun, 4 Mar 2012 22:50:30 +0000 (23:50 +0100)] 
fix "(style) Statements following return, break, continue, goto or throw
will never be executed." from cppcheck. The fd was closed only after a
return, so invert the order of lines and be happy

12 years agofix a bunch of cppcheck "(warning) Member variable '<#>' is not
David Kalnischkies [Sun, 4 Mar 2012 22:47:05 +0000 (23:47 +0100)] 
fix a bunch of cppcheck "(warning) Member variable '<#>' is not
initialized in the constructor." messages (no functional change)

12 years agohandle a SIGINT in all modes as a break after the currently running
David Kalnischkies [Sun, 4 Mar 2012 22:01:59 +0000 (23:01 +0100)] 
handle a SIGINT in all modes as a break after the currently running
dpkg transaction instead of ignoring it completely

12 years ago* apt-pkg/acquire-item.cc:
David Kalnischkies [Sun, 4 Mar 2012 21:50:21 +0000 (22:50 +0100)] 
* apt-pkg/acquire-item.cc:
  - remove 'old' InRelease file if we can't get a new one before
    proceeding with Release.gpg to avoid the false impression of a still
    trusted repository by a (still present) old InRelease file.
    Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)

Effected are all versions >= 0.8.11

Possible attack summary:
- Attacker needs to find a user which has run at least one successful
 'apt-get update' against an archive providing InRelease files.
- Create a Packages file with his preferred content.
- Attacker then prevents the download of InRelease, Release and
  Release.gpg (alternatively he creates a valid Release file and sends
  this, the other two files need to be missing either way).
- User updates against this, getting the modified Packages file without
  any indication of being unsigned (beside the "Ign InRelease" and
  "Ign Release.gpg" in the output of 'apt-get update').
=> deb files from this source are considered 'trusted' (and therefore the
   user isn't asked for an additional confirmation before install)

12 years agoFrench: replace "étiquetage" by "épinglage" for "pinning"
bubulle@debian.org [Sat, 3 Mar 2012 15:19:16 +0000 (16:19 +0100)] 
French: replace "étiquetage" by "épinglage" for "pinning"

12 years agotestcase for CVE-2012-0214
Simon Ruderich [Sat, 3 Mar 2012 10:44:06 +0000 (11:44 +0100)] 
testcase for CVE-2012-0214

12 years ago* apt-pkg/packagemanager.cc:
David Kalnischkies [Sat, 3 Mar 2012 10:43:21 +0000 (11:43 +0100)] 
* apt-pkg/packagemanager.cc:
  - do not try to a void a breaks if the broken package pre-depends
    on the breaker, but let dpkg auto-deconfigure it

12 years agoallow msgtest to be used with only one parameter
David Kalnischkies [Sat, 3 Mar 2012 10:40:22 +0000 (11:40 +0100)] 
allow msgtest to be used with only one parameter

12 years agoshow in the debug output if we are looping in the avoid breaks
David Kalnischkies [Sat, 3 Mar 2012 09:08:19 +0000 (10:08 +0100)] 
show in the debug output if we are looping in the avoid breaks

12 years agoeanup the ordering-code avoiding a break (no function change)
David Kalnischkies [Sat, 3 Mar 2012 09:02:06 +0000 (10:02 +0100)] 
eanup the ordering-code avoiding a break (no function change)

12 years ago* apt-pkg/packagemanager.cc:
Michael Vogt [Fri, 2 Mar 2012 21:01:51 +0000 (22:01 +0100)] 
* apt-pkg/packagemanager.cc:
  - when calculating pre-dependencies ensure that both unpack and
    configure are considered (instead of only configure) LP: #927993

12 years agomerged patch from lp:~uusijani/apt/uusi-branch:
Michael Vogt [Thu, 1 Mar 2012 11:51:15 +0000 (12:51 +0100)] 
merged patch from lp:~uusijani/apt/uusi-branch:
Correct fi translation for hash sum mismatches (lp:420403)
Thanks to Jani Uusitalo

12 years agofix the string in the testcases
David Kalnischkies [Mon, 27 Feb 2012 11:51:31 +0000 (12:51 +0100)] 
fix the string in the testcases

12 years ago* cmdline/apt-cache.cc:
David Kalnischkies [Sat, 25 Feb 2012 18:44:55 +0000 (19:44 +0100)] 
* cmdline/apt-cache.cc:
  - correct --pre-depends option by using dash consistently (LP: #940837)

12 years agoimprove 'error' message for packages which are only referenced
David Kalnischkies [Sat, 18 Feb 2012 20:20:57 +0000 (21:20 +0100)] 
improve 'error' message for packages which are only referenced
e.g. in a Depends line and are now requested for removal