apt 0.9.9.1~ubuntu1 source package in Ubuntu

Changelog

apt (0.9.9.1~ubuntu1) saucy; urgency=low

  * merged from the debian/sid branch:
    - debian/gbp.conf: change build branch to ubuntu/master
    - use ubuntu keyring and ubuntu archive keyring in apt-key
    - run update-apt-xapian-index in apt.cron
    - run apt-key net-update in cron.daily
    - different example sources.list
    - APT::pkgPackageManager::MaxLoopCount set to 5000
    - apport pkgfailure handling
    - ubuntu changelog download handling
    - patch for apt cross-building, see http://bugs.debian.org/666772
    - debian/apt.auto-removal.sh
      + make kernels auto-removable

apt (0.9.9.1) UNRELEASED; urgency=low

  * debian/rules:
    - call dh_clean in clean (closes: #714980)

apt (0.9.9) unstable; urgency=low

  [ Michael Vogt ]
  * improve debug output for the Debug::pkgProblemResolver and
    Debug::pkgDepCache::AutoInstall
  * improve apt-cdrom output when no CD-ROM can be auto-detected
  * document --no-auto-detect in apt-cdrom

  [ David Kalnischkies ]
  * build the en manpages in subdirectory doc/en
  * remove -ldl from cdrom and -lutil from apt-get linkage
  * rewrite pkgOrderList::DepRemove to stop incorrect immediate setting
    (Closes: 645713)
  * prefer Essentials over Removals in ordering score
  * fix priority sorting by prefering higher in MarkInstall
  * try all providers in order if uninstallable in MarkInstall
  * do unpacks before configures in SmartConfigure (Closes: #707578)
  * fix support for multiple patterns in apt-cache search (Closes: #691453)
  * set Fail flag in FileFd on all errors consistently
  * don't explicitly init ExtractTar InFd with invalid fd
  * OpenDescriptor should autoclose fd always on error (Closes: #704608)
  * fail in CopyFile if the FileFds have error flag set
  * ensure state-dir exists before coyping cdrom files
  * fix file location for configure-index.gz in apt.conf(5) (Closes: #711921)
  * handle missing "Description" in apt-cache show (Closes: #712435)
  * try defaults if auto-detection failed in apt-cdrom (Closes: #712433)
  * support \n and \r\n line endings in ReadMessages
  * do not redownload unchanged InRelease files
  * trigger NODATA error for invalid InRelease files (Closes: #712486)

apt (0.9.8.2) unstable; urgency=low

  [ Programs translations ]
  * French translation : typo fix. Closes: #677272

  [ Guillem Jover ]
  * Update Vcs fields (Closes: #708562)

  [ Michael Vogt ]
  * buildlib/apti18n.h.in:
    - fix build failure when building without NLS (closes: #671587)

  [ Gregoire Menuel ]
  * Fix double free (closes: #711045)

  [ Raphael Geissert ]
  * Fix crash when the "mirror" method does not find any entry
    (closes: #699303)

  [ Johan Kiviniemi ]
  * cmdline/apt-key:
    - Create new keyrings with mode 0644 instead of 0600.
    - Accept a nonexistent --keyring file with the adv subcommand as well.

apt (0.9.8.1) unstable; urgency=low

  [ David Kalnischkies ]
  * apt-pkg/indexcopy.cc:
    - non-inline RunGPGV methods to restore ABI compatibility with previous
      versions to fix partial upgrades (Closes: #707771)

  [ Michael Vogt ]
  * moved source to http://git.debian.org/apt/apt.git
  * updated gbp.conf to match what bzr-buildpackage is doing
  * remove .bzr-buildpackage/default.conf (superseeded by gbp.conf)

apt (0.9.8) unstable; urgency=low

  [ Ludovico Cavedon ]
  * properly handle if-modfied-since with libcurl/https
    (closes: #705648)

  [ Andreas Beckman ]
  * apt-pkg/algorithms.cc:
    - Do not propagate negative scores from rdepends. Propagating the absolute
      value of a negative score may boost obsolete packages and keep them
      installed instead of installing their successors.  (Closes: #699759)

  [ Michael Vogt ]
  * apt-pkg/sourcelist.cc:
    - fix segfault when a hostname contains a [, thanks to
      Tzafrir Cohen (closes: #704653)
  * debian/control:
    - replace manpages-it (closes: #704723)

  [ David Kalnischkies ]
  * various simple changes to fix cppcheck warnings
  * apt-pkg/pkgcachegen.cc:
    - do not store the MD5Sum for every description language variant as
      it will be the same for all so it can be shared to save cache space
    - handle language tags for descriptions are unique strings to be shared
    - factor version string creation out of NewDepends, so we can easily reuse
      version strings e.g. for implicit multi-arch dependencies
    - equal comparisions are used mostly in same-source relations,
      so use this to try to reuse some version strings
    - sort group and package names in the hashtable on insert
    - share version strings between same versions (of different architectures)
      to save some space and allow quick comparisions later on
  * apt-pkg/pkgcache.cc:
    - assume sorted hashtable entries for groups/packages
  * apt-pkg/cacheiterators.h:
    - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
  * apt-pkg/deb/debversion.cc:
    - add a string-equal shortcut for equal version comparisions

  [ Marc Deslauriers ]
  * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)

  [ Yaroslav Halchenko ]
  * Fix English spelling error in a message ('A error'). Unfuzzy
    translations. Closes: #705087

  [ Programs translations ]
  * French translation completed (Christian Perrier)

  [ Manpages translations ]
  * French translation completed (Christian Perrier)

  [ Daniel Hartwig ]
  * apt-pkg/contrib/strutl.cc:
    - include port in shortened URIs (e.g. with apt-cache policy, progress
      display) thanks to James McCoy (Closes: #154868, #322074)
    - percent-encode username and password when writing URIs
  * methods/http.cc:
    - properly escape IP-literals (e.g. IPv6 address) when building
      Host headers and URIs (Closes: #620344)
  * methods/https.cc:
    - use https_proxy environment variable if present, falling back to
      http_proxy otherwise
    - use authentication credentials from proxy URI
      (Closes: #651640, LP: #1087512)
    - environment variables do not override an explicit no proxy
      directive ("DIRECT") in apt.conf
    - disregard all_proxy environment variable, like other methods

apt (0.9.7.9~exp3) experimental; urgency=low

  [ Michael Vogt ]
  * apt-pkg/sourcelist.cc:
    - fix segfault when a hostname contains a [, thanks to
      Tzafrir Cohen (closes: #704653)
  * debian/control:
    - replace manpages-it (closes: #704723)

  [ David Kalnischkies ]
  * various simple changes to fix cppcheck warnings
  * apt-pkg/pkgcachegen.cc:
    - do not store the MD5Sum for every description language variant as
      it will be the same for all so it can be shared to save cache space
    - handle language tags for descriptions are unique strings to be shared
    - factor version string creation out of NewDepends, so we can easily reuse
      version strings e.g. for implicit multi-arch dependencies
    - equal comparisions are used mostly in same-source relations,
      so use this to try to reuse some version strings
    - sort group and package names in the hashtable on insert
    - share version strings between same versions (of different architectures)
      to save some space and allow quick comparisions later on
  * apt-pkg/pkgcache.cc:
    - assume sorted hashtable entries for groups/packages
  * apt-pkg/cacheiterators.h:
    - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
  * apt-pkg/deb/debversion.cc:
    - add a string-equal shortcut for equal version comparisions

  [ Marc Deslauriers ]
  * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)

  [ Yaroslav Halchenko ]
  * Fix English spelling error in a message ('A error'). Unfuzzy
    translations. Closes: #705087

  [ Programs translations ]
  * French translation completed (Christian Perrier)

  [ Manpages translations ]
  * French translation completed (Christian Perrier)

  [ Daniel Hartwig ]
  * apt-pkg/contrib/strutl.cc:
    - include port in shortened URIs (e.g. with apt-cache policy, progress
      display) thanks to James McCoy (Closes: #154868, #322074)
    - percent-encode username and password when writing URIs
  * methods/http.cc:
    - properly escape IP-literals (e.g. IPv6 address) when building
      Host headers and URIs (Closes: #620344)
  * methods/https.cc:
    - use https_proxy environment variable if present, falling back to
      http_proxy otherwise
    - use authentication credentials from proxy URI
      (Closes: #651640, LP: #1087512)
    - environment variables do not override an explicit no proxy
      directive ("DIRECT") in apt.conf
    - disregard all_proxy environment variable, like other methods

apt (0.9.7.9~exp2) experimental; urgency=low

  [ Programs translations ]
  * Update all PO files and apt-all.pot
  * French translation completed (Christian Perrier)

  [ Daniel Hartwig ]
  * cmdline/apt-get.cc:
    - do not have space between "-a" and option when cross building
      (closes: #703792)
  * test/integration/test-apt-get-download:
    - fix test now that #1098752 is fixed
  * po/{ca,cs,ru}.po:
    - fix merge artifact

  [ David Kalnischkies ]
  * apt-pkg/indexcopy.cc:
    - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
  * apt-pkg/contrib/gpgv.cc:
    - ExecGPGV is a method which should never return, so mark it as such
      and fix the inconsistency of returning in error cases
    - don't close stdout/stderr if it is also the statusfd
    - if ExecGPGV deals with a clear-signed file it will split this file
      into data and signatures, pass it to gpgv for verification
    - add method to open (maybe) clearsigned files transparently
  * apt-pkg/acquire-item.cc:
    - keep the last good InRelease file around just as we do it with
      Release.gpg in case the new one we download isn't good for us
  * apt-pkg/deb/debmetaindex.cc:
    - reenable InRelease by default
  * ftparchive/writer.cc,
    apt-pkg/deb/debindexfile.cc,
    apt-pkg/deb/deblistparser.cc:
    - use OpenMaybeClearSignedFile to be free from detecting and
      skipping clearsigning metadata in dsc and Release files

  [ Michael Vogt ]
  * add regression test for CVE-2013-1051
  * implement GPGSplit() based on the idea from Ansgar Burchardt
    (many thanks!)
  * methods/connect.cc:
    - use Errno() instead of strerror(), thanks to David Kalnischk
  * doc/apt.conf.5.xml:
    - document Acquire::ForceIPv{4,6}

apt (0.9.7.9~exp1) experimental; urgency=low

  [ Niels Thykier ]
  * test/libapt/assert.h, test/libapt/run-tests:
    - exit with status 1 on test failure

  [ Daniel Hartwig ]
  * test/integration/framework:
    - continue after test failure but preserve exit status

  [ Programs translation updates ]
  * Turkish (Mert Dirik). Closes: #703526

  [ Colin Watson ]
  * methods/connect.cc:
    - provide useful error message in case of EAI_SYSTEM
      (closes: #703603)

  [ Michael Vogt ]
  * add new config options "Acquire::ForceIPv4" and
    "Acquire::ForceIPv6" to allow focing one or the other
    (closes: #611891)
  * lp:~mvo/apt/fix-tagfile-hash:
    - fix false positives in pkgTagSection.Exists(), thanks to
      Niels Thykier for the testcase (closes: #703240)
    - this will require rebuilds of the clients as this used to
      be a inline function

apt (0.9.7.8) unstable; urgency=criticial

  * SECURITY UPDATE: InRelease verification bypass
    - CVE-2013-1051

  [ David Kalnischk ]
  * apt-pkg/deb/debmetaindex.cc,
    test/integration/test-bug-595691-empty-and-broken-archive-files,
    test/integration/test-releasefile-verification:
    - disable InRelease downloading until the verification issue is
      fixed, thanks to Ansgar Burchardt for finding the flaw

apt (0.9.7.8~exp2) experimental; urgency=low

  * include two missing patches to really fix bug #696225, thanks to
    Guillem Jover
  * ensure sha512 is really used when available, thanks to Tyler Hicks
   (LP: #1098752)

apt (0.9.7.8~exp1) experimental; urgency=low

  [ Manpages translation updates ]
  * Italian (Beatrice Torracca). Closes: #696601

  [ Programs translation updates ]
  * Japanese (Kenshi Muto). Closes: #699783

  [ Michael Vogt ]
  * fix pkgProblemResolver::Scores, thanks to Paul Wise.
    Closes: #697577
  * fix missing translated apt.8 manpages, thanks to Helge Kreutzmann
    for the report. Closes: #696923
  * apt-pkg/contrib/progress.cc:
    - Make "..." translatable to fix inconsistencies in the output
      of e.g. apt-get update. While this adds new translatable strings,
      not having translations for them will not break anything.
      Thanks to Guillem Jover. Closes: #696225
  * debian/apt.cron.daily:
    - when reading from /dev/urandom, use less entropy and fix a rare
      bug when the random number chksum is less than 1000.
      Closes: #695285
  * methods/https.cc:
    - reuse connection in https, thanks to Thomas Bushnell, BSG for the
      patch. LP: #1087543, Closes: #695359
    - add missing curl_easy_cleanup()
  * methods/http.cc:
    - quote spaces in filenames to ensure as the http method is also
      (potentially) used for non deb,dsc content that may contain
      spaces, thanks to Daniel Hartwig and Thomas Bushnell
      (LP: #1086997)
    - quote plus in filenames to work around a bug in the S3 server
      (LP: #1003633)
  * apt-pkg/indexrecords.cc:
    - support '\r' in the Release file

  [ David Kalnischkies ]
  * apt-pkg/depcache.cc:
    - prefer to install packages which have an already installed M-A:same
      sibling while choosing providers (LP: #1130419)
 -- Michael Vogt <email address hidden>   Wed, 10 Jul 2013 17:03:52 +0200