From 0901c5d08eadea5b5d91b09d4f532a029cb42574 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 30 May 2011 14:04:01 +0200 Subject: apt-pkg/acquire-item.cc: Reject files known to be invalid (LP: #346386) (Closes: #195301) This commit deals with the following cases: - First section of index file (Packages,Sources,Translation) without Package field - Signed release files without GPG data (NODATA) - i18n/Index files without hash sums Handling unsigned Release files is more complicated, and the example code using indexRecords is disabled as it can reject correct Release files without hashes. How we can reliably check unsigned Release files is another question, and not urgent anyway, as it should have no dramatic effect (we could check that it is a valid RFC-822 section, but that's a bit too long to write) --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 5f5e23eb1..b1d276d5d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ apt (0.8.15) UNRELEASED; urgency=low * apt-pkg/depcache.cc: - Really release action groups only once (Closes: #622744) - Make purge work again for config-files (LP: #244598) (Closes: #150831) + * apt-pkg/acquire-item.cc: + - Reject files known to be invalid (LP: #346386) (Closes: #195301) * debian/apt.cron.daily: - Check power after wait, patch by manuel-soto (LP: #705269) * debian/control: -- cgit v1.2.3