linux/poky.git/meta/recipes-devtools/apt/apt-0.9.9.4, branch halstead/hashclient

apt: upgrade to 1.0.9.9

2015-05-29T09:17:15+00:00

1. Upgrade to fix the several CVEs: CVE-2014-0488, CVE-2014-0490 2. Remove apt-0.9.9.4-CVE-2014-0478.patch, which was backport. 3. Romve no-ko-translation.patch, apt-1.0.9.9 has ko translation 4. Update use-host.patch no-curl.patch db_linking_hack.patch and noconfigure.patch 5. Not build the test cases since it requires gtest 6. install libapt-private.so.* to libdir, otherwise this file is not installed into sysroot for native, and apt-get will use host's, and lead to fail 7. Revert apt commit[a2a75ff45]"always run 'dpkg --configure -a' at the end of our dpkg callings" for native package, otherwise the postscript for these installed packages will be run, and fail since the rootfs dir is not considered 8. Add lzma dependency by PACKAGECONFIG for target, and add xz dependency for native 9. Support to compile apt-native on centos6 (From OE-Core rev: 7dd4a53a99277b46696dea5558fa321a2267af0a) Signed-off-by: Roy Li Acked-by: Aníbal Limón Signed-off-by: Richard Purdie

apt: fix for CVE-2014-0478

2014-09-30T13:10:34+00:00

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478 (From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898) Signed-off-by: Wenlin Kang Signed-off-by: Chong Lu Signed-off-by: Richard Purdie

apt: Upgrade from 0.9.8.2 to 0.9.9.4

2013-08-03T09:33:08+00:00

makerace.patch: adapted to the new version (From OE-Core rev: ad69f62e42c131dcccd33b0e39c61a431f581bea) Signed-off-by: Ionut Radu Signed-off-by: Saul Wold Signed-off-by: Richard Purdie