ubuntu/+source/apt:ubuntu/natty-security

Last commit made on 2012-06-15
Get this branch:
git clone -b ubuntu/natty-security https://git.launchpad.net/ubuntu/+source/apt
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/natty-security
Repository:
lp:ubuntu/+source/apt

Recent commits

8f9f53d... by Jamie Strandboge on 2012-06-15

Import patches-unapplied version 0.8.13.2ubuntu4.6 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 85b7a02b2ff59e4fb27d818f76b55ee7c7896ca6

New changelog entries:
  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639

85b7a02... by Jamie Strandboge on 2012-06-14

Import patches-unapplied version 0.8.13.2ubuntu4.5 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 29602ad7065f0a30db640164c31686c50aeb1e06

New changelog entries:
  * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
    Marc Deslauriers. (LP: #1013128)

29602ad... by Marc Deslauriers on 2012-03-05

Import patches-unapplied version 0.8.13.2ubuntu4.4 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: 60307f8bde79d2b12c6520f5ce2b5e8063970f1b

New changelog entries:
  * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
    - CVE-2012-0214
  [ David Kalnischkies ]
  * apt-pkg/acquire-item.cc:
    - remove 'old' InRelease file if we can't get a new one before
      proceeding with Release.gpg to avoid the false impression of a still
      trusted repository by a (still present) old InRelease file.
      Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)

60307f8... by Marc Deslauriers on 2011-11-22

Import patches-unapplied version 0.8.13.2ubuntu4.3 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: d07d03dcab766e189ebb66f2fec248cfb73aa4e5

New changelog entries:
  * SECURITY UPDATE: Restore apt-ket net-update functionality (LP: #857472)
    - cmdline/apt-key: improve key validation.

d07d03d... by Marc Deslauriers on 2011-09-22

Import patches-unapplied version 0.8.13.2ubuntu4.2 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: b35435461da6751394c4674827d5e04bbdf03aa4

New changelog entries:
  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is insecure. (LP: #856489)
    - cmdline/apt-key: exit immediately out of net_update().
    - CVE number pending

b354354... by Marc Deslauriers on 2011-07-07

Import patches-unapplied version 0.8.13.2ubuntu4.1 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: f8e50c8a0b2ff7510ca29d071160ae4746727b83

New changelog entries:
  * SECURITY UPDATE: incorrect InRelease file signature validation
    (LP: #784473)
    - apt-pkg/indexcopy.cc, methods/gpgv.cc: Ensure file starts with
      clearsigned message header.
    - patch thanks to David Kalnischkies.
    - CVE-2011-1829

f8e50c8... by Brian Murray on 2011-06-10

Import patches-unapplied version 0.8.13.2ubuntu4 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: b49ede096841b06a327db8c7ba626a0d01d1ddf0

New changelog entries:
  [ Julian Andres Klode ]
  * apt-pkg/acquire-item.cc:
    - Reject files known to be invalid (LP: #346386) (Closes: #627642)
  [ Michael Vogt ]
  * apt-pkg/acquire-item.cc:
    - do not reject empty Packages files when checking them for
      correctness

b49ede0... by Brian Murray on 2011-04-20

Import patches-unapplied version 0.8.13.2ubuntu3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: f34bfa97aa4aab8e19905457b0bdeb5db0bc8a92

New changelog entries:
  * apt-pkg/deb/dpkgpm.cc:
    - stop reporting of apport-package bug reports regarding
      dpkg I/O errors (LP: #767776)

f34bfa9... by Michael Vogt on 2011-04-07

Import patches-unapplied version 0.8.13.2ubuntu2 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 7d538a92dacbe7b9e6409acd3f16f8a5a85e0856

New changelog entries:
  [ Michael Vogt ]
  * debian/apt.cron.daily:
    - run unattended-upgrades even if there was a error during
      the apt-get update (LP: #676295)

  [ Julian Andres Klode ]
  * apt-pkg/indexcopy.cc:
    - Use RealFileExists() instead of FileExists(), allows amongst other
      things a directory named Sources to exist on a CD-ROM (LP: #750694).

  [ David Kalnischkies ]
  * apt-pkg/pkgcache.cc:
    - use the native Architecture stored in the cache header instead of
      loading it from configuration as suggested by Julian Andres Klode

7d538a9... by Michael Vogt on 2011-04-05

Import patches-unapplied version 0.8.13.2ubuntu1 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 27c3ff778eb23fc840afd950b972b44f63cca946

New changelog entries:
  * merge fixes from debian-sid, most notable the handling of
    arch=all architectures in python-apt (LP: #733741)
  * apt-pkg/aptconfiguration.cc:
    - fix comparing for a empty string