6 files changed, 78 insertions, 11 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index c3817f6ee..215615bdd 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1473,8 +1473,10 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message)			/*{{{*/
 	 // TRANSLATOR: The first %s is the URL of the bad Release file, the second is
 	 // the time since then the file is invalid - formated in the same way as in
 	 // the download progress display (e.g. 7d 3h 42min 1s)
-	 return _error->Error(_("Release file expired, ignoring %s (invalid since %s)"),
-	                      RealURI.c_str(), TimeToStr(invalid_since).c_str());
+	 return _error->Error(
+            _("Release file for %s is expired (invalid since %s). "
+              "Updates for this repository will not be applied."),
+            RealURI.c_str(), TimeToStr(invalid_since).c_str());
    }
 
    if (_config->FindB("Debug::pkgAcquire::Auth", false)) 
diff --git a/apt-pkg/algorithms.cc b/apt-pkg/algorithms.cc
index 2dae4258a..7c911b865 100644
--- a/apt-pkg/algorithms.cc
+++ b/apt-pkg/algorithms.cc
@@ -1176,6 +1176,31 @@ bool pkgProblemResolver::Resolve(bool BrokenFix)
    return true;
 }
 									/*}}}*/
+
+// ProblemResolver::BreaksInstOrPolicy - Check if the given pkg is broken/*{{{*/
+// ---------------------------------------------------------------------
+/* This checks if the given package is broken either by a hard dependency
+   (InstBroken()) or by introducing a new policy breakage e.g. new
+   unsatisfied recommends for a package that was in "policy-good" state
+
+   Note that this is not perfect as it will ignore further breakage
+   for already broken policy (recommends)
+*/
+bool pkgProblemResolver::InstOrNewPolicyBroken(pkgCache::PkgIterator I)
+{
+   
+   // a broken install is always a problem
+   if (Cache[I].InstBroken() == true)
+      return true;
+
+   // a newly broken policy (recommends/suggests) is a problem
+   if (Cache[I].NowPolicyBroken() == false &&
+       Cache[I].InstPolicyBroken() == true)
+      return true;
+       
+   return false;
+}
+
 // ProblemResolver::ResolveByKeep - Resolve problems using keep		/*{{{*/
 // ---------------------------------------------------------------------
 /* This is the work horse of the soft upgrade routine. It is very gental 
@@ -1220,9 +1245,12 @@ bool pkgProblemResolver::ResolveByKeep()
    {
       pkgCache::PkgIterator I(Cache,*K);
 
-      if (Cache[I].InstallVer == 0 || Cache[I].InstBroken() == false)
+      if (Cache[I].InstallVer == 0)
 	 continue;
 
+      if (InstOrNewPolicyBroken(I) == false)
+         continue;
+
       /* Keep the package. If this works then great, otherwise we have
        	 to be significantly more agressive and manipulate its dependencies */
       if ((Flags[I->ID] & Protected) == 0)
@@ -1230,7 +1258,7 @@ bool pkgProblemResolver::ResolveByKeep()
 	 if (Debug == true)
 	    clog << "Keeping package " << I.FullName(false) << endl;
 	 Cache.MarkKeep(I, false, false);
-	 if (Cache[I].InstBroken() == false)
+	 if (InstOrNewPolicyBroken(I) == false)
 	 {
 	    K = PList - 1;
 	    continue;
@@ -1280,11 +1308,11 @@ bool pkgProblemResolver::ResolveByKeep()
 		  Cache.MarkKeep(Pkg, false, false);
 	       }
 	       
-	       if (Cache[I].InstBroken() == false)
+	       if (InstOrNewPolicyBroken(I) == false)
 		  break;
 	    }
 	    
-	    if (Cache[I].InstBroken() == false)
+	    if (InstOrNewPolicyBroken(I) == false)
 	       break;
 
 	    if (Start == End)
@@ -1292,11 +1320,11 @@ bool pkgProblemResolver::ResolveByKeep()
 	    Start++;
 	 }
 	      
-	 if (Cache[I].InstBroken() == false)
+	 if (InstOrNewPolicyBroken(I) == false)
 	    break;
       }
 
-      if (Cache[I].InstBroken() == true)
+      if (InstOrNewPolicyBroken(I) == true)
 	 continue;
       
       // Restart again.
diff --git a/apt-pkg/algorithms.h b/apt-pkg/algorithms.h
index ebe31cc10..99501bed1 100644
--- a/apt-pkg/algorithms.h
+++ b/apt-pkg/algorithms.h
@@ -106,6 +106,9 @@ class pkgProblemResolver						/*{{{*/
    void MakeScores();
    bool DoUpgrade(pkgCache::PkgIterator Pkg);
    
+   protected:
+   bool InstOrNewPolicyBroken(pkgCache::PkgIterator Pkg);
+
    public:
    
    inline void Protect(pkgCache::PkgIterator Pkg) {Flags[Pkg->ID] |= Protected; Cache.MarkProtected(Pkg);};
diff --git a/apt-pkg/aptconfiguration.h b/apt-pkg/aptconfiguration.h
index 815db6cae..1f0399dd2 100644
--- a/apt-pkg/aptconfiguration.h
+++ b/apt-pkg/aptconfiguration.h
@@ -36,7 +36,7 @@ public:									/*{{{*/
 	 *  \param Cached saves the result so we need to calculated it only once
 	 *                this parameter should ony be used for testing purposes.
 	 *
-	 *  \return a vector of (all) Language Codes in the prefered usage order
+	 *  \return a vector of the compression types in the prefered usage order
 	 */
 	std::vector<std::string> static const getCompressionTypes(bool const &Cached = true);
 
diff --git a/debian/changelog b/debian/changelog
index 8bf5af2d1..52972e43b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,11 @@
-apt (0.8.15.2) unstable; urgency=low
+apt (0.8.15.3) UNRELEASED; urgency=low
+
+  [ Michael Vogt ]
+  * apt-pkg/acquire-item.cc:
+    - improve error message for a expired Release file
+  * apt-pkg/algorithms.cc:
+    - Hold back packages that would enter "policy-broken" state on upgrade
+      when doing a "apt-get upgrade"
 
   [ David Kalnischkies ]
   * apt-pkg/pkgcachegen.cc:
@@ -13,7 +20,14 @@ apt (0.8.15.2) unstable; urgency=low
   * apt-pkg/init.cc:
     - use CndSet in pkgInitConfig (Closes: #629617)
 
- -- David Kalnischkies <kalnischkies@gmail.com>  Wed, 06 Jul 2011 13:29:52 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com>  Thu, 14 Jul 2011 21:26:09 +0200
+
+apt (0.8.15.2) unstable; urgency=high
+
+  * fix from David Kalnischkies for the InRelease gpg verification 
+    code (LP: #784473)
+
+ -- Michael Vogt <mvo@debian.org>  Tue, 12 Jul 2011 11:54:47 +0200
 
 apt (0.8.15.1) unstable; urgency=low
 
diff --git a/test/integration/test-resolve-by-keep-new-recommends b/test/integration/test-resolve-by-keep-new-recommends
new file mode 100755
index 000000000..8134b76aa
--- /dev/null
+++ b/test/integration/test-resolve-by-keep-new-recommends
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture "i386"
+
+insertinstalledpackage 'foo' 'i386' '1.0'
+insertpackage 'unstable' 'foo' 'i386' '2.0' 'Recommends: bar'
+
+setupaptarchive
+
+UPGRADE_KEEP="Reading package lists...
+Building dependency tree...
+The following packages have been kept back:
+  foo
+0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded."
+testequal "$UPGRADE_KEEP" aptget upgrade -s
+