apt (1.2.19) xenial; urgency=medium * https: Quote path in URL before passing it to curl (LP: #1651923) -- Julian Andres Klode Tue, 17 Jan 2017 15:48:51 +0100 apt (1.2.18) xenial; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) * gpgv: Flush the files before checking for errors -- Julian Andres Klode Thu, 08 Dec 2016 15:28:08 +0100 apt (1.2.17) xenial; urgency=medium [ David Kalnischkies ] * apt-key: warn instead of fail on unreadable keyrings (LP: #1642386) * show apt-key warnings in apt update (Closes: 834973) [ Julian Andres Klode ] * test-releasefile-verification: installaptold: Clean up before run -- Julian Andres Klode Wed, 23 Nov 2016 20:09:27 +0100 apt (1.2.16) xenial; urgency=medium [ David Kalnischkies ] * avoid changing the global LC_TIME for Release writing * use de-localed std::put_time instead rolling our own * accept only the expected UTC timezones in date parsing (Closes: 819697) * avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583) * imbue datetime parsing with C.UTF-8 locale (Closes: 828011) * prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044) * prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010) (LP: #1592817) * imbue .diff/Index parsing with C.UTF-8 as well [ Julian Andres Klode ] * Use C locale instead of C.UTF-8 for protocol strings * Add shippable.yml for CI on Shippable * Revert "if the FileFd failed already following calls should fail, too" (LP: #1641905) -- Julian Andres Klode Tue, 15 Nov 2016 11:29:04 +0100 apt (1.2.15) xenial; urgency=medium New micro release with bug fixes up to (and including) 1.3.1 (LP: #1638021) [ Julian Andres Klode ] * methods/ftp: Cope with weird PASV responses. Thanks to Lukasz Stelmach for the initial patch (Closes: #420940) * Fix buffer overflow in debListParser::VersionHash() (Closes: #828812) * cache: Bump minor version to 6 * indextargets: Check that cache could be built before using it (Closes: #829651) * gpgv: Unlink the correct temp file in error case * fileutl: empty file support: Avoid fstat() on -1 fd and check result * Ignore SIGINT and SIGQUIT for Pre-Install hooks * install-progress: Call the real ::fork() in our fork() method * Accept --autoremove as alias for --auto-remove * apt-inst: debfile: Pass comp. Name to ExtractTar, not Binary * changelog: Respect Dir setting for local changelog getting * Fix segfault and out-of-bounds read in Binary fields * Merge translations from 1.3~rc3 * TagFile: Fix off-by-one errors in comment stripping * Base256ToNum: Fix uninitialized value * VersionHash: Do not skip too long dependency lines * Do not read stderr from proxy autodetection scripts [ Nicolas Le Cam ] * Use the ConditionACPower feature of systemd in the apt-daily service (Closes: #827930) [ David Kalnischkies ] * close server if parsing of header field failed * don't do atomic overrides with failed files (Closes: 828908) * if reading of autobit state failed, let write fail * write auto-bits before calling dpkg & again after if needed * factor out Pkg/DepIterator prettyprinters into own header * protect only the latest same-source providers from autoremove * reinstalling local deb file is no downgrade * do not treat same-version local debs as downgrade * avoid 416 response teardown binding to null pointer * don't change owner/perms/times through file:// symlinks * report all instead of first error up the acquire chain * keep trying with next if connection to a SRV host failed * call flush on the wrapped writebuffered FileFd * verify hash of input file in rred * use proper warning for automatic pipeline disable * rred: truncate result file before writing to it (Closes: #831762) * if the FileFd failed already following calls should fail, too * pass --force-remove-essential to dpkg only if needed * allow user@host (aka: no password) in URI parsing * drop incorrect const attribute from DirectoryExists (LP: 1473674) * http(s): allow empty values for header fields (Closes: 834048) * don't try pipelining if server closes connections (Closes: #832113) * don't loop on pinning pkgs from absolute debs by regex (Closes: 835818) * try not to call memcpy with length 0 in hash calculations * abort connection on '.' target replies in SRV [ Andrew Patterson ] * Add kernels with "+" in the package name to APT::NeverAutoRemove (Closes: #830159) [ Mert Dirik ] * Turkish program translation update (Closes: 832039) [ Zhou Mo ] * zh_CN.po: update simplified chinese translation -- Julian Andres Klode Mon, 31 Oct 2016 15:29:08 +0100 apt (1.2.14) unstable; urgency=medium [ Julian Andres Klode ] * New micro release (LP: #1595177) [ Petter Reinholdtsen ] * Norwegian Bokmål program translation update (Closes: 827067) [ David Kalnischkies ] * do not error if auto-detect-proxy cmd has no output (Closes: 827713) * source: if download is skipped, don't try to unpack * ensure filesize of deb is included in the hashes list [ Dominic Benson ] * Reinstate caching of file hashes in apt-ftparchive (Closes: #806924) -- Julian Andres Klode Wed, 22 Jun 2016 14:54:48 +0200 apt (1.2.13) unstable; urgency=medium [ David Kalnischkies ] * fail instead of segfault on unreadable config files (Closes: 824503) * prevent C++ locale number formatting in text APIs (Closes: #825396) * apt-key: change to / before find to satisfy its CWD needs. Thanks to Samuel Thibault for 'finding' the culprit! (Closes: 826043) * do not hang on piped input in PipedFileFdPrivate * don't leak an FD in lz4 (de)compression * don't leak FD in AutoProxyDetect command return parsing [ Julian Andres Klode ] * Provide complete apt bash completion. Thanks to Elias Fröhner and Svyatoslav Gryaznov for the initial work (LP: #1573547) [ Zhou Mo ] * zh_TW.po: remove several fuzzy tags after review [ Yuri Kozlov ] * Russian program translation update (Closes: 824702) [ Takuma Yamada ] * Japanese program translation update (Closes: 826291) -- Julian Andres Klode Sat, 11 Jun 2016 17:28:25 +0200 apt (1.2.12) unstable; urgency=medium [ Patrick Cable ] * refactored no_proxy code to work regardless of where https proxy is set [ James McCoy ] * deb822: Restore support for -{Add,Remove} [ David Kalnischkies ] * don't show NO_PUBKEY warning if repo is signed by another key (Closes: 618445) * allow redirection for items without a space in the desc again * don't sent uninstallable rc-only versions via EDSP * respect user pinning in M-A:same version (un)screwing [ Julian Andres Klode ] * update: Run Post-Invoke-Success if not all sources failed * debian/gbp.conf: Set debian-branch to 1.2.y [ Frans Spiesschaert ] * Dutch program translation update (Closes: 823976) -- Julian Andres Klode Wed, 11 May 2016 10:56:53 +0200 apt (1.2.11) unstable; urgency=medium [ David Kalnischkies ] * ensure transaction states are changed only once * stop handling items in doomed transactions. Thanks to Barr Detwix & Vincent Lefevre for log files (Closes: 817240) * do not require non-broken systems in 'upgrade' * detect compressed status files on extension again * recheck Pre-Depends satisfaction in SmartConfigure (LP: #1569099) * fix Alt-Filename handling of file method * allow uncompressed files to be empty in store again * silently skip acquire of empty index files * ensure outdated files are dropped without lists-cleanup [ Kelemen Gábor ] * Hungarian program translation update (Closes: 820638) -- Julian Andres Klode Mon, 25 Apr 2016 15:23:49 +0200 apt (1.2.10) unstable; urgency=medium [ Zhou Mo ] * zh_CN.po: update simplified Chinese translation. (100%) [ Julian Andres Klode ] * test-apt-download-progress: Use a larger file for testing * Allow lowering trust level of a hash via config [ Michael Vogt ] * Use systemd.timer instead of a cron job (Closes: #600262, #709675, #663290) (LP: #246381, #727685) [ David Kalnischkies ] * use buffered writing for InRelease splitting [ Takuma Yamada ] * Japanese program translation update (Closes: 819938) -- Michael Vogt Tue, 05 Apr 2016 20:23:47 +0200 # For older changelog entries, run 'apt-get changelog libapt-pkg5.0'