ubuntu/+source/apt:ubuntu/oneiric-security

Last commit made on 2013-03-14
Get this branch:
git clone -b ubuntu/oneiric-security https://git.launchpad.net/ubuntu/+source/apt
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/oneiric-security
Repository:
lp:ubuntu/+source/apt

Recent commits

f429718... by Marc Deslauriers on 2013-03-13

Import patches-unapplied version 0.8.16~exp5ubuntu13.7 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 5fafd3fcf6c98f142fc9ae216d0b1574adf41a11

New changelog entries:
  * SECURITY UPDATE: InRelease verification bypass
    - CVE-2013-1051
  [ David Kalnischk ]
  [ Michael Vogt ]
  * apt-pkg/deb/debmetaindex.cc,
    test/integration/test-bug-595691-empty-and-broken-archive-files,
    test/integration/test-releasefile-verification:
    - disable InRelease downloading until the verification issue is
      fixed, thanks to Ansgar Burchardt for finding the flaw

5fafd3f... by Michael Vogt on 2012-12-04

Import patches-unapplied version 0.8.16~exp5ubuntu13.6 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 073a370e99b9687aef5e77ee1e3f558ef627e7cd

New changelog entries:
  * SECURITY UPDATE: change permissions of
    /var/log/apt/term.log to 0640 (LP: #975199)
    - CVE-2012-0961

073a370... by Jamie Strandboge on 2012-06-15

Import patches-unapplied version 0.8.16~exp5ubuntu13.5 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 1ef50359cfa7a6e1e0f870b27a0f8f1f13588ac9

New changelog entries:
  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is still insecure
    - cmdline/apt-key: exit 1 immediately in net_update()
    - CVE-2012-0954
    - LP: #1013639

1ef5035... by Jamie Strandboge on 2012-06-14

Import patches-unapplied version 0.8.16~exp5ubuntu13.4 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 9c77c5d09b0260b71141cd24ce89412b99aec3b8

New changelog entries:
  * adjust apt-key to ensure no collisions on subkeys too. Patch thanks to
    Marc Deslauriers. (LP: #1013128)

9c77c5d... by Jean-Louis Dupond on 2012-04-17

Import patches-unapplied version 0.8.16~exp5ubuntu13.3 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: dd7c3ed5d077e8b5a4da2a6765eaff36bf460188

New changelog entries:
  [ Jean-Louis Dupond ]
  * Backport fixes from precise verison of apt, to fix multiarch upgrades
    from oneiric.
  * apt-pkg/depcache.cc:
    - prefer native providers over foreigns even if the chain is foreign.
      (LP: #850264)
  * cmdline/apt-get.cc:
    - ignore foreign architectures if we check if a provides has only one
      resolver as it's basically the same for the user, so no need to choose.
  * apt-pkg/deb/deblistparser.cc:
    - M-A: foreign packages provide for other archs, too
  [ Colin Watson ]
  * Include 0.8.16~exp5ubuntu13.1 patches.
  * apt-pkg/algorithms.cc: Iterate Breaks the same way as Conflicts, so that
    we resolve virtual package Breaks more effectively (LP: #922485).
  * apt-pkg/algorithms.{cc,h}: Use an int to represent resolver scores, not
    a signed short, because large upgrades can result in an overflow for
    core packages (LP: #917173).

dd7c3ed... by Marc Deslauriers on 2012-03-05

Import patches-unapplied version 0.8.16~exp5ubuntu13.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: d5013a2a31f0f082d681479daa152eebe549456b

New changelog entries:
  * SECURITY UPDATE: trust bypass via stale InRelease file (LP: #947108)
    - CVE-2012-0214
  * This packages does _not_ contain the changes from 0.8.16~exp5ubuntu13.1
    in oneiric-proposed.
  [ David Kalnischkies ]
  * apt-pkg/acquire-item.cc:
    - remove 'old' InRelease file if we can't get a new one before
      proceeding with Release.gpg to avoid the false impression of a still
      trusted repository by a (still present) old InRelease file.
      Thanks to Simon Ruderich for reporting this issue! (CVE-2012-0214)

d5013a2... by Michael Vogt on 2011-10-06

Import patches-unapplied version 0.8.16~exp5ubuntu13 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 738c230bdf949592f209b160e28e74c9d963acf7

New changelog entries:
  [ Adam Conrad ]
  * On armel, call update-apt-xapian-index with '-u' to keep the CPU
    and I/O usage low. We would do this on all arches, but there's a
    regression risk here, but that's better than killing slow systems.

  [ Michael Vogt ]
  * cmdline/apt-key:
    - fix apt-key net-update, thanks to Marc Deslauriers and
      Adam Conrad for the code review (LP: #857472)

738c230... by Michael Vogt on 2011-09-26

Import patches-unapplied version 0.8.16~exp5ubuntu12 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: a7b08c849434dd82a736fac2046f76f49e9b3626

New changelog entries:
  [ David Kalnischkies ]
  * apt-pkg/deb/deblistparser.cc:
    - fix crash when the dynamic mmap needs to be remapped during
      LoadReleaseInfo (LP: #854090)

a7b08c8... by Michael Vogt on 2011-09-22

Import patches-unapplied version 0.8.16~exp5ubuntu11 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: c9a3fe7a6aeed2224a6af9f2013a8ec7df765506

New changelog entries:
  [ Colin Watson ]
  * ftparchive/cachedb.cc:
    - fix buffersize in bytes2hex

  [ Marc Deslauriers ]
  * SECURITY UPDATE: Disable apt-key net-update for now, as validation
    code is insecure.
    - cmdline/apt-key: exit immediately out of net_update().
    - CVE number pending

c9a3fe7... by Michael Vogt on 2011-09-20

Import patches-unapplied version 0.8.16~exp5ubuntu10 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: dd752d2a4de8915449b69a9eb150dd673e8b594c

New changelog entries:
  * methods/https.cc:
    - cleanup broken downloads properly (just like http)