summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-02merged lp:~mvo/apt/fix-inrelease5Michael Vogt
2013-04-02po/{ca,cs,ru}.po: fix merge artifacts harderMichael Vogt
2013-03-26merge stuff from donkultMichael Vogt
2013-03-25* doc/apt.conf.5.xml:Michael Vogt
- document Acquire::ForceIPv{4,6}
2013-03-25* methods/connect.cc:Michael Vogt
- use Errno() instead of strerror(), thanks to David Kalnischk
2013-03-25merge patches from daniel to fix merge artifact and test failureMichael Vogt
2013-03-25merge patch from Daniel HartwigMichael Vogt
2013-03-24* Update all PO files and apt-all.potbubulle@debian.org
* French translation completed (Christian Perrier)
2013-03-24Update POT and PO filesbubulle@debian.org
2013-03-22releasing version 0.9.7.9~exp1Michael Vogt
2013-03-22prepare uploadMichael Vogt
2013-03-22merged lp:~mvo/apt/fix-tagfile-hashMichael Vogt
2013-03-22merged the debian-wheezy branchMichael Vogt
2013-03-22add new config options "Acquire::ForceIPv4" and Michael Vogt
"Acquire::ForceIPv6" to allow focing one or the other (closes: #611891)
2013-03-22Turkish (Mert Dirik). Closes: #703526bubulle@debian.org
2013-03-21merge patch from Colin to fix error message from getaddrinfo() (#703603)Michael Vogt
2013-03-20apt-pkg/edsp.cc: do not use stderr in WriteSolution at allMichael Vogt
2013-03-20apt-pkg/edsp.cc: do not spam stderr in WriteSolutionMichael Vogt
2013-03-19support dash-escaped text in clearsigned files as implementations areDavid Kalnischkies
free to escape all lines (we have no lines in our files which need to be escaped as these would be invalid fieldnames) and while ExecGPGV would detect dash-escaped text as invalid (as its not expected in messages with detached signatures) it would be possible to "comment" lines in (signed) dsc files which are only parsed but not verified
2013-03-19use FileFd instead of int fds to tidy up the interface a bitDavid Kalnischkies
2013-03-18* apt-pkg/deb/debindexfile.cc,David Kalnischkies
apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files
2013-03-18 - add method to open (maybe) clearsigned files transparentlyDavid Kalnischkies
* ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files
2013-03-18rename testcase to mention CVE number, make the code more consistent withDavid Kalnischkies
the rest and add some more tests (by fixing commented ones)
2013-03-18test/libapt/tagfile_test.cc: add missing "unistd.h" (thanks to Niels Thykier)Michael Vogt
2013-03-18fix pkgTagSection::Exists() and add testMichael Vogt
2013-03-18test/integration/framework: use EXIT_CODE to be consistent with the ↵Michael Vogt
run-tests code
2013-03-18report failures via exit and ensure we don't overflowMichael Vogt
2013-03-18* test/integration/framework:Michael Vogt
- continue after test failure but preserve exit status
2013-03-17* test/libapt/assert.h, test/libapt/run-tests:Michael Vogt
- exit with status 1 on test failure
2013-03-16ensure that we fclose/unlink/free in the new gpg-code as soon as possibleDavid Kalnischkies
2013-03-16add testcase and update changelogMichael Vogt
2013-03-16merged from davids bundleMichael Vogt
2013-03-15 - if ExecGPGV deals with a clear-signed file it will split this fileDavid Kalnischkies
into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default
2013-03-15split out a method to strip whitespaces only on the right sideMichael Vogt
2013-03-15* apt-pkg/acquire-item.cc:David Kalnischkies
- keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us
2013-03-15don't close stdout/stderr if it is also the statusfdDavid Kalnischkies
2013-03-15* apt-pkg/contrib/gpgv.cc:David Kalnischkies
- ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases
2013-03-15* apt-pkg/indexcopy.cc:David Kalnischkies
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
2013-03-14* SECURITY UPDATE: InRelease verification bypass0.9.7.8Michael Vogt
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw
2013-03-01releasing version 0.9.7.8~exp2Michael Vogt
2013-03-01merged lp:~mvo/apt/hash-orderMichael Vogt
2013-03-01include two missing patches to really fix bug #696225, thanks toMichael Vogt
Guillem Jover
2013-03-01releasing version 0.9.7.8~exp1Michael Vogt
2013-03-01merged lp:~donkult/apt/sidMichael Vogt
2013-03-01add changelogMichael Vogt
2013-02-24* apt-pkg/depcache.cc:David Kalnischkies
- prefer to install packages which have an already installed M-A:same sibling while choosing providers (LP: #1130419)
2013-02-05Japanese (Kenshi Muto). Closes: #699783bubulle@debian.org
2013-01-24* apt-pkg/indexrecords.cc:Michael Vogt
- support '\r' in the Release file
2013-01-24quote plus in filenames to work around a bug in the S3 serverMichael Vogt
(LP: #1003633)
2013-01-14ensure sha512 is really used when available (thanks to Tyler Hicks )Michael Vogt