From 233b78083f6f79730fcb5a6faeb74e2a78b6038a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 22:57:08 +0100 Subject: * apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files --- debian/changelog | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 27fae657c..7c02b2689 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,19 +8,18 @@ apt (0.9.7.9) UNRELEASED; urgency=low and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd - if ExecGPGV deals with a clear-signed file it will split this file - into data and signatures, pass it to gpgv for verification and - recombines it after that in a known-good way without unsigned blocks - and whitespaces resulting usually in more or less the same file as - before, but later code can be sure about the format + into data and signatures, pass it to gpgv for verification - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default - * ftparchive/writer.cc: + * ftparchive/writer.cc, + apt-pkg/deb/debindexfile.cc, + apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and - skipping clearsigning metadata in dsc files + skipping clearsigning metadata in dsc and Release files [ Michael Vogt ] * add regression test for CVE-2013-1051 -- cgit v1.2.3