* apt-pkg/deb/debindexfile.cc,

  apt-pkg/deb/deblistparser.cc:
  - use OpenMaybeClearSignedFile to be free from detecting and
    skipping clearsigning metadata in dsc and Release files

We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files

1 files changed, 5 insertions, 6 deletions

diff --git a/debian/changelog b/debian/changelog
index 27fae657c..7c02b2689 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,19 +8,18 @@ apt (0.9.7.9) UNRELEASED; urgency=low
       and fix the inconsistency of returning in error cases
     - don't close stdout/stderr if it is also the statusfd
     - if ExecGPGV deals with a clear-signed file it will split this file
-      into data and signatures, pass it to gpgv for verification and
-      recombines it after that in a known-good way without unsigned blocks
-      and whitespaces resulting usually in more or less the same file as
-      before, but later code can be sure about the format
+      into data and signatures, pass it to gpgv for verification
     - add method to open (maybe) clearsigned files transparently
   * apt-pkg/acquire-item.cc:
     - keep the last good InRelease file around just as we do it with
       Release.gpg in case the new one we download isn't good for us
   * apt-pkg/deb/debmetaindex.cc:
     - reenable InRelease by default
-  * ftparchive/writer.cc:
+  * ftparchive/writer.cc,
+    apt-pkg/deb/debindexfile.cc,
+    apt-pkg/deb/deblistparser.cc:
     - use OpenMaybeClearSignedFile to be free from detecting and
-      skipping clearsigning metadata in dsc files
+      skipping clearsigning metadata in dsc and Release files
 
   [ Michael Vogt ]
   * add regression test for CVE-2013-1051