Age | Commit message (Collapse) | Author |
|
|
|
apt-pkg/deb/deblistparser.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc and Release files
We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files
|
|
* ftparchive/writer.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc files
|
|
- continue after test failure but preserve exit status
|
|
- exit with status 1 on test failure
|
|
|
|
into data and signatures, pass it to gpgv for verification and
recombines it after that in a known-good way without unsigned blocks
and whitespaces resulting usually in more or less the same file as
before, but later code can be sure about the format
* apt-pkg/deb/debmetaindex.cc:
- reenable InRelease by default
|
|
- keep the last good InRelease file around just as we do it with
Release.gpg in case the new one we download isn't good for us
|
|
|
|
- ExecGPGV is a method which should never return, so mark it as such
and fix the inconsistency of returning in error cases
|
|
- rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
|
|
- CVE-2013-1051
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
|
|
version strings e.g. for implicit multi-arch dependencies
|
|
|
|
- do not store the MD5Sum for every description language variant as
it will be the same for all so it can be shared to save cache space
|
|
|
|
|
|
|
|
Guillem Jover
|
|
|
|
|
|
|
|
- prefer to install packages which have an already installed M-A:same
sibling while choosing providers (LP: #1130419)
|
|
|
|
- support '\r' in the Release file
|
|
(LP: #1003633)
|
|
- quote spaces in filenames to ensure as the http method is also
(potentially) used for non deb,dsc content that may contain
spaces, thanks to Daniel Hartwig and Thomas Bushnell
(LP: #1086997)
|
|
|
|
- reuse connection in https, thanks to Thomas Bushnell, BSG for the
patch. LP: #1087543, Closes: #695359
|
|
|
|
for the report. Closes: #696923
|
|
- when reading from /dev/urandom, use less entropy and fix a rare
bug when the random number chksum is less than 1000.
Closes: #695285
|
|
- Make "..." translatable to fix inconsistencies in the output
of e.g. apt-get update. While this adds new translatable strings,
not having translations for them will not break anything.
Thanks to Guillem Jover. Closes: #696225
|
|
Closes: #696923
|
|
Closes: #697577
|
|
|
|
|
|
|
|
|
|
translations. Thanks to Jakub Wilk for reporting these errors.
|
|
|
|
- fix package-pointer array memory leak in ResolveByKeepInternal()
|
|
- ensure pkgProblemResolver calls MarkDelete without FromUser set
so that it can't overrule holds and the protection flag
|
|
- do not call Mark{Install,Delete} from the autoremove code with
the FromUser bit set to avoid modifying the auto-installed bit
|
|
|
|
- don't call MarkInstall with the FromUser flag set for packages
which are dependencies of APT::Never-MarkAuto-Sections matchers
|
|
|
|
|
|
- do not do lock-step configuration for a M-A:same package if it isn't
unpacked yet in SmartConfigure and do not unpack a M-A:same package
again in SmartUnPack if we have already configured it (LP: #1062503)
|
|
|