apt/debian/NEWS, branch 1.6

apt/debian/NEWS, branch 1.6_rc1 Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_rc1 2018-04-15T20:13:04Z Release 1.6~rc1 2018-04-15T20:13:04Z Julian Andres Klode julian.klode@canonical.com 2018-04-15T20:05:35Z urn:sha1:73c5027cf8ceabf7bb72fe08d4d86d07d3d72461 Turn off seccomp sandboxing by default 2018-04-06T12:17:26Z Julian Andres Klode julian.klode@canonical.com 2018-04-06T11:53:20Z urn:sha1:e688a4f4890c04021468932e57e17891853c8443 LP: #1732030 Closes: #890489 Fixes meefik/linuxdeploy#869 Fix debian/NEWS entry for 1.6~beta1 2018-03-13T08:26:48Z Julian Andres Klode julian.klode@canonical.com 2018-03-13T08:26:48Z urn:sha1:9986fba23501b643980541757d56fcf90d7e15d7 Check that Date of Release file is not in the future 2018-02-19T15:05:01Z Julian Andres Klode julian.klode@canonical.com 2018-01-29T15:15:41Z urn:sha1:9e5899cac1a6367e3769af52a724821880e538f6 By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes. Release 1.6~alpha1 2017-10-22T23:59:11Z Julian Andres Klode jak@debian.org 2017-10-22T23:58:07Z urn:sha1:abe429029c2d2b407a67e2a48d4594184cb88a5e Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh 2017-10-22T21:38:31Z Julian Andres Klode jak@debian.org 2017-10-22T21:34:03Z urn:sha1:32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. Release 1.5~beta1 2017-07-03T14:58:38Z Julian Andres Klode jak@debian.org 2017-07-03T14:58:38Z urn:sha1:28380ed1b24daab7c460412225bd5a7ede9a48ed Upload 1.5~alpha4 to experimental 2017-06-30T16:21:33Z Julian Andres Klode jak@debian.org 2017-06-30T16:18:47Z urn:sha1:3be04d30cbb801777dce9d3e46c19722ab480b14 Switch to 'http' as the default https method 2017-06-30T14:33:09Z Julian Andres Klode jak@debian.org 2017-06-30T14:33:09Z urn:sha1:c6a428e4d17b408c2701def5daa46ca950948980 The old curl based method is still available as 'curl', 'curl+http', and 'curl+https'. Upload 1.5~alpha1 to experimental 2017-06-28T17:53:45Z Julian Andres Klode jak@debian.org 2017-06-28T17:53:45Z urn:sha1:c9390165718d4cf0ec43a0af01f06d6628717905