summaryrefslogtreecommitdiff
path: root/debian/NEWS
AgeCommit message (Collapse)Author
2018-04-06Turn off seccomp sandboxing by defaultJulian Andres Klode
LP: #1732030 Closes: #890489 Fixes meefik/linuxdeploy#869
2018-03-13Fix debian/NEWS entry for 1.6~beta1Julian Andres Klode
2018-02-19Check that Date of Release file is not in the futureJulian Andres Klode
By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes.
2017-10-23Release 1.6~alpha11.6_alpha1Julian Andres Klode
2017-10-22Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
2017-07-03Release 1.5~beta11.5_beta1Julian Andres Klode
2017-06-30Upload 1.5~alpha4 to experimental1.5_alpha4Julian Andres Klode
2017-06-30Switch to 'http' as the default https methodJulian Andres Klode
The old curl based method is still available as 'curl', 'curl+http', and 'curl+https'.
2017-06-28Upload 1.5~alpha1 to experimental1.5_alpha1Julian Andres Klode
2017-06-28fail instead of warn on insecure repositories in apt-getDavid Kalnischkies
The exception was made to give (script) users a one-release grace period to adapt their setup to deal with apt enforcing signing of repositories. As we are now at the start of a new release cycle its as good a time as any to lift it now. Removes-Exception: 952ee63b0af14a534c0aca00c11d1a99be6b22b2
2017-05-11Release 1.4.31.4.3Julian Andres Klode
2017-05-04Release 1.4.21.4.2Julian Andres Klode
2016-11-25Release 1.4~beta11.4_beta1Julian Andres Klode
2016-11-25gpgv: Untrust SHA1, RIPE-MD/160, but allow downgrading to weakJulian Andres Klode
Change the trust level check to allow downgrading an Untrusted option to weak (APT::Hashes::SHA1::Weak "yes";), so it prints a warning instead of an error; and change the default values for SHA1 and RIPE-MD/160 from Weak to Untrusted.
2016-08-11debian/NEWS: Get rid of 1.3~pre3+cmake1 entryJulian Andres Klode
This was only needed temporarily Thanks: Axel Beckert for reporting
2016-08-06releasing package apt version 1.3~pre3+cmake11.3_pre3+cmake1Julian Andres Klode
2016-02-04NEWS: Prefix the keep deb option with Binary::apt::Julian Andres Klode
I find the per-binary overrides a bit confusing in their current form, but let's tell the user the truth. Closes: #812111
2016-01-09NEWS: Refer to apt(8) instead of apt(1)Julian Andres Klode
Reported-By: Mattia Rizzolo (on IRC) Gbp-Dch: ignore
2016-01-08Release 1.2~exp11.2_exp1Julian Andres Klode
2016-01-08NEWS: Document recompression of indicesJulian Andres Klode
2016-01-05Document new APT::Keep-Downloaded-Packages option in NEWSMichael Vogt
Git-Dch: ignore
2015-08-18releasing package apt version 1.1~exp91.1.exp9Michael Vogt
2015-08-17debian/NEWS: Mention new pinning algorithm added in 2.0~exp1Julian Andres Klode
2011-02-08debian/changelog, debian/NEWS: prepare uploadMichael Vogt
2011-02-03merge 'after squeeze release'-stuffDavid Kalnischkies
[ David Kalnischkies ] * apt-pkg/depcache.cc: - add SetCandidateRelease() to set a candidate version and the candidates of dependencies if needed to a specified release (Closes: #572709) * cmdline/apt-get.cc: - if --print-uris is used don't setup downloader as we don't need progress, lock nor the directories it would create otherwise - show dependencies of essential packages which are going to remove only if they cause the remove of this essential (Closes: #601961) - keep not installed garbage packages uninstalled instead of showing in the autoremove section and installing those (Closes: #604222) - change pkg/release behavior to use the new SetCandidateRelease so installing packages from experimental or backports is easier - really do not show packages in the extra section if they were requested on the commandline, e.g. with a modifier (Closes: #184730) * debian/control: - add Vcs-Browser now that loggerhead works again (Closes: #511168) - depend on debhelper 7 to raise compat level - depend on dpkg-dev (>= 1.15.8) to have c++ symbol mangling * apt-pkg/contrib/fileutl.cc: - add a RealFileExists method and check that your configuration files are real files to avoid endless loops if not (Closes: #604401) - ignore non-regular files in GetListOfFilesInDir (Closes: #594694) * apt-pkg/contrib/weakptr.h: - include stddefs.h to fix compile error (undefined NULL) with gcc-4.6 * methods/https.cc: - fix CURLOPT_SSL_VERIFYHOST by really passing 2 to it if enabled * deb/dpkgpm.cc: - fix popen/fclose mismatch reported by cppcheck. Thanks to Petter Reinholdtsen for report and patch! (Closes: #607803) * doc/apt.conf.5.xml: - fix multipl{y,e} spelling error reported by Jakub Wilk (Closes: #607636) * apt-inst/contrib/extracttar.cc: - let apt-utils work with encoded tar headers if uid/gid are large. Thanks to Nobuhiro Hayashi for the patch! (Closes: #330162) * apt-pkg/cacheiterator.h: - do not segfault if cache is not build (Closes: #254770) * doc/apt-get.8.xml: - remove duplicated mentioning of --install-recommends * doc/sources.list.5.xml: - remove obsolete references to non-us (Closes: #594495) * debian/rules: - use -- instead of deprecated -u for dh_gencontrol - remove shlibs.local creation and usage - show differences in the symbol files, but never fail * pre-build.sh: - remove as it is not needed for a working 'bzr bd' * debian/{apt,apt-utils}.symbols: - ship experimental unmangled c++ symbol files * methods/rred.cc: - operate optional on gzip compressed pdiffs * apt-pkg/acquire-item.cc: - don't uncompress downloaded pdiff files before feeding it to rred - try downloading clearsigned InRelease before trying Release.gpg - change the internal handling of Extensions in pkgAcqIndex - add a special uncompressed compression type to prefer those files - download and use i18n/Index to choose which Translations to download * cmdline/apt-key: - don't set trustdb-name as non-root so 'list' and 'finger' can be used without being root (Closes: #393005, #592107) * apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles * ftparchive/writer.cc: - add config option to search for more patterns in release command - include Index files by default in the Release file * methods/{gzip,bzip}.cc: - print a good error message if FileSize() is zero * apt-pkg/aptconfiguration.cc: - remove the inbuilt Translation files whitelist
2011-01-14fix the invalid wrong locale month name in NEWS fileDavid Kalnischkies
2010-12-03* apt-pkg/depcache.cc:David Kalnischkies
- add SetCandidateRelease() to set a candidate version and the candidates of dependencies if needed to a specified release (Closes: #572709) - change pkg/release behavior to use the new SetCandidateRelease so installing packages from experimental or backports is easier
2010-03-26* ftparchive/apt-ftparchive.cc:Julian Andres Klode
- Read default configuration (Closes: #383257)
2010-01-13correct a spelling error spotted by lintian in the debian/NEWS file:David Kalnischkies
W: spelling-error-in-news-debian: informations -> information
2009-11-24fix a typo in debian/NEWS entry for 0.7.24: Allready -> Already (Closes: ↵David Kalnischkies
#557674)
2009-09-24add a NEWS entry for the upcoming upload summarizing the bigger and/orDavid Kalnischkies
user-visible changes.
2009-08-27releasing version 0.7.230.7.23Michael Vogt
2009-08-19merged from the jackyf-devel branchMichael Vogt
2008-12-18Rename: 'debian/NEWS.Debian' => 'debian/NEWS' to make the file recognizeable ↵Eugene V. Lyubimkin
by debhelper and, so, installed.