apt-cacher (0.9.4sarge1) stable-security; urgency=high

  * Non-maintainer upload by The Security Team.
  * Fixes arbitary command execution as httpd user. (CAN-2005-1854)

 -- Steve Kemp <skx@debian.org>  Sun, 30 Jul 2005 14:01:23 +0200

apt-cacher (0.9.4) unstable; urgency=high

  * removed /var/{log,cache}/apt-cacher from debian/dirs to manage them
    without interferences via postinst/prerm, calling
    install.pl/remove.pl/upgrade.pl (closes: #310990). This bug was hidden
    before and came to daylight after the rewrite of the old (ownership
    overriding) code in 0.9.
  * fixed the size calculation in the access.log (closes: #311001)
  * found another stupid bug in install.pl, it removed the files README and
    README.txt in the directory where dpkg has been started
  * added more visible advisories to run apt-cacher-format-transition.pl in
    NEWS.Debian and README.Debian
  * commented out the allowed_locations example in apt-cacher.conf, it should
    not restrict by default

 -- Eduard Bloch <blade@debian.org>  Fri, 27 May 2005 18:20:49 +0200

apt-cacher (0.9.3) unstable; urgency=high

  * removed some forgotten debug statements and also a "testing" die; command
    in the checksumming lib (closes: #310393)
  * fixed the adding of CGI var separator ? in the sample sources.list URLs
    and used &nbsp; to not break the lines on extreme low-res monitors
    (closes: #310387)

 -- Eduard Bloch <blade@debian.org>  Tue, 24 May 2005 18:42:42 +0200

apt-cacher (0.9.2) unstable; urgency=low

  * added a possible solution for server redundancy with faked cache 
    serves to README.Debian (closes: #230796)
  * not blocking access if allowed_hosts was omited (restoring the default
    config behaviour used before the IPv6 patch)
  * "nice mode" in cleanup, refreshing the index files first and then
    continuing with low priority
  * transition of apt-cacher symlink to apt-cacher.conf in apache2
    configuration which most likely also fixes the last
    issue in another bug report (closes: #307579, #264147)
  * more verbose error messages with allowed_locations option, patch by
    Andreas J Koenig (closes: #309597)
  * removed obsolete references to www.apt-cacher.org from the report generator

 -- Eduard Bloch <blade@debian.org>  Sun, 22 May 2005 11:37:58 +0200

apt-cacher (0.9.1) unstable; urgency=medium

  * upload to unstable with few changes
  * fixed NEWS.Debian (header differed from changelog) and updated notes
  * added precache-by-Priority feature to apt-precache.pl

 -- Eduard Bloch <blade@debian.org>  Mon, 16 May 2005 12:29:12 +0200

apt-cacher (0.9) experimental; urgency=medium

  * New main maintainer (Jonathan & me -> Uploaders:)
  * new format, separates package contents and HTTP headers 
    (closes: #274975). The new script apt-cacher-format-transition.pl converts
    the old cached files to the new version and moves the parts to the new
    locations
  * used syswrite/sysread where appropriate to minimise effects of Perl
    buffering in combination with Apache2 (avoids apt-get's long 
    "waiting for headers" phase in most cases, still appears from time to
    time, but not soo often.
  * uses modification times of index files if configured, this should avoid
    desynchronisation of some files (closes: #180544). Used curl to get the
    HTTP head for that (wget was just too stupid with its timestamping
    abilities). By the way rewrote the fetcher code to use curl only, removing
    the wget depedency (closes: #277279)
  * rewrote large parts of unsafe code, worked around race conditions
    (closes:#251468), fixed some crap like inserting of status code into
    half-downloaded files (closes: #251660), really detached the fetcher
    thread from the reader when the file is initialy beeing downloaded, and
    made error code passing more reliable
  * removed another useless fork (thread-over-thread-over-thread, jeez...)
  * removed the CHLD handler that fscked up the return codes that I needed
    from close (became cruft anways since I dropped the unneccessary forking)
    It now also fails sanely on mirror failure conditions (closes:#203123)
  * allowing alternative URL scheme (with apt-cacher?/server/...) which does
    work with alternative http daemons and added alternative dependency on boa
    and httpd-cgi (closes: #282599, #273776)
  * applied patch from Peter Denison <bug-reports@marshadder.uklinux.net> for
    more flexible names of index files (closes: #267680)
  * IPv6 & filtering patch by Darren Salt (closes: #294617, #278070)
  * added my patch to do basic URL filtering (closes: #307151)
  * README.Debian update to the new stuff, removed cruft in debian/debian-old
  * rewrote the import script, made it work more efficient and work around the
    epoch numbers in the file names from apt's cache (closes: #278799)
  * rewrote and simplified the cleanup script (closes: #299404), also added
    support for source files and bzip2 compression (closes: #261273, #305956).
    Also made it refresh the index files rather then relying on possibly
    outdated data (or missing data because of tiffani/apt-dupdate usage) and
    really lock them while reading to not kill the cached data because the
    file is beeing downloaded just while the cleanup process runs
  * changed install.pl to copy the ownership of new files/directories and only
    doing so when they are new, rather than resetting them to www-data, and on
    every package upgrade
  * added my apt-precache.pl script for people that may need this toy 
    (closes: #305175). It still needs some refinement to control the
    expiration of the "subscriptions".
  * added hooks for checksumming of forwarded packages
  * new feature: checksumming of data (downloaded and uploaded). Optionaly,
    see README.Debian for instructions to enable it (closes: #274059)

 -- Eduard Bloch <blade@debian.org>  Thu, 12 May 2005 09:01:03 +0200

apt-cacher (0.8.6) unstable; urgency=low

  * Added 'Packages.bz2' to list of allowed files.
    Closes: #298458
  * Check for $1 before evaluating it in cleanup script.
    Closes: #278778

 -- Jonathan Oxer <jon@debian.org>  Tue,  8 Mar 2005 09:34:33 +1100

apt-cacher (0.8.5) unstable; urgency=low

  * Changed package version to native numbering scheme.
    Closes: #282593
  * Default config now does not specify a range of allowed_hosts,
    so new installations will allow access to all clients by default.
    This reduces the default security but should help reduce the
    large number of "I've upgraded and now I can't use my cache" and
    "I've installed but nothing is allowed to connect" questions.
    Later this will be radically overhauled with Darren Salt's IPv6
    patch, but I don't want to make *too* many changes in one release.
    Closes: #264149
  * Applied patch by Eduard Bloch to alter the rate limit config
    handling, which improves handling of timeouts in corner cases.
    Closes: #258242
  * Cleaned syntax of scalar references in allowed_hosts processing.
    Closes: #272937, #272813
  * Added cleaning of udebs to cache cleaning script
    Closes: #271391
  * Removed build-deps on wget, apache and bzip2, plus dep on bzip2.
    Closes: #294613
  * 's/licence/license' typo fix in info output.
    Closes: #295616
  * Removed references to apt-cacher.org in the man page.
    Closes: #285725
  * Added support for caching Release.gpg files
    Closes: #283219
  * Altered install.pl to restart apache/apache-ssl/apache2 on configure.
    Closes: #285262
  * General cleanup of the working tree to remove build stamps, etc.

 -- Jonathan Oxer <jon@debian.org>  Thu, 17 Feb 2005 11:27:26 +1100

apt-cacher (0.8-4) unstable; urgency=low

  * Altered filename restriction regex to allow .tar.gz files.
    Closes: #259629

 -- Jonathan Oxer <jon@debian.org>  Tue, 20 Jul 2004 12:09:08 +1000

apt-cacher (0.8-3) unstable; urgency=low

  * Another file extension I missed: .udeb (used in the Debian
    installer).
    Closes: #259769

 -- Jonathan Oxer <jon@debian.org>  Sun, 18 Jul 2004 20:51:02 +1000

apt-cacher (0.8-2) unstable; urgency=low

  * Added file extensions used by source packages to the filename
    regex. Should now allow 'apt-get source ...' again.
    Closes: #259629

 -- Jonathan Oxer <jon@debian.org>  Fri, 16 Jul 2004 10:37:45 +1000

apt-cacher (0.8-1) unstable; urgency=low

  * New release with a whole new security mechanism: checks IP
    address of client and matches it against a range of addresses
    specified in the conf file using the 'allowed_hosts' directive.
    Closes: #251575

 -- Jonathan Oxer <jon@debian.org>  Tue, 13 Jul 2004 13:08:45 +1000

apt-cacher (0.7-3) unstable; urgency=low

  The "how many bugs can we fix at once?" release.
  * apt-cacher.pl: Check for undefined value which was showing an
    error in the log.
    Closes: #231187
  * apt-cacher.pl: Fix version number displayed
    Closes: #257409
  * remove.pl: Now removes logrotate file on removal of package
    (shouldn't this be taken care of by DPKG? The logrotate file
    is installed by it, so it should remove it. Anyway...)
    Closes: #253828
  * apt-cacher.pl: Expires 'Sources.gz' file now in addition to
    Packages.gz and Release (Thanks to Andreas Beckmann)
    Closes: #237889
  * apt-cacher.pl and apt-cacher.conf: Rate limiting by passing a
    '--rate-limit' argument to Wget. Thanks to Torbjorn Svensson
    for the patch!
    Closes: #255361
  * install.pl and remove.pl: No longer patches httpd.conf with an
    alias. Now just symlinks to the apache config snippet from
    conf.d, so we never touch httpd.conf. No more runaway entries!
    Closes: #242365
  * install.pl: Activates cgi module in Apache2.
    Closes: #250599
  * apt-cacher.pl: Check for name of file being requested. As a
    partial answer to bug #251575 (still to be fixed properly) the
    name of the file is now checked. If it isn't a .deb, .rpm,
    Packages.gz, Sources.gz or Release file it's rejected with 403
    Forbidden. That may trip up people if they don't compress the
    Packages file, so if this causes grief please let me know ASAP.

 -- Jonathan Oxer <jon@debian.org>  Tue,  6 Jul 2004 15:11:19 +1000

apt-cacher (0.7-2) unstable; urgency=low

  * apt-cacher-report.pl: Not much visibly different, but most of
    the internals have been re-written after I started with just
    fixing #230934 and then couldn't stop myself:
     o Added support for reading rolled/compressed logfiles.
     o Fixed previously undetected bug introduced in 0.6-11 by the
       date handling patch: that change caused the latest logfile
       to nuke the logfile array, causing old logfiles to be
       ignored even though they were being opened. Doh!
     o Check for zero value of traffic and assign hit and miss
       values manually to fix divide by zero error.
       Closes: #230934
     o Set strings for start and end date if no records found.
     o Check size of traffic values (total, hit, miss) and set
       human-readable report strings in MB, or if >2000MB as GB
       rounded to 3 decimal places.

 -- Jonathan Oxer <jon@debian.org>  Wed,  4 Feb 2004 10:20:35 +1100

apt-cacher (0.7-1) unstable; urgency=low

  * apt-cacher-import.pl: At long last. I've answered the
    question "why can't I just copy .debs into the cache dir?"
    sooooo many times that I've finally done something about it.
    This supporting script traverses $cache_dir/import and imports
    any .debs it finds into $cache_dir. More info in 'man apt-cacher'.
    Of course, I did it in a half-assed way with a helper script
    rather than making it work transparently within apt-cacher.pl
    itself. Fixes welcome! Also fixes for the cludgy shell in it.
    Closes: #229466, #221576

 -- Jonathan Oxer <jon@debian.org>  Fri, 30 Jan 2004 11:59:55 +1100

apt-cacher (0.6-11) unstable; urgency=low

  * apt-cacher-cleanup.pl: Fix for neater handling of empty 
    Packages files. Patch by Lupe Christoph <lupe@lupe-christoph.de>.
    Closes: #225505
  * apt-cacher-report.pl: Fix for incorrect date handling when
    generating reports. Patch by Paul Schulz <pschulz@foursticks.com>.
    Closes: #218426
  * install.pl and remove.pl: Added support for auto-configuring 
    Apache2 on installation and removal. Note that I don't run it
    with Apache2 myself, so feedback on this is welcome.
    Closes: #197930
 -- Jonathan Oxer <jon@debian.org>  Tue, 30 Dec 2003 22:00:26 +1100

apt-cacher (0.6-10) unstable; urgency=low

  * apt-cacher.pl: Altered the mix of direct and system calls
    to where possible use system calls (ie: read->sysread, seek->
    sysseek, open->sysopen) at the suggestion of my favorite bug
    detective Peter Hawkins, to fix a potential infinite loop
    situation on file reads - but hey, this is Linux, isn't it 
    meant to do infinite loops in 5 seconds? :-P
    Closes: #196684
  * install.pl: Added prompts for SSL cert password on Apache
    restart at the suggestion of Brian Hunt.
  * remove.pl: Updated to use the config file parser in 
    apt-cacher-lib.pl rather than the old-style internal parser.
    Added prompts for SSL cert password on Apache restart.
  * upgrade.pl: Updated to use the config file parser in 
    apt-cacher-lib.pl rather than the old-style internal parser.
 -- Jonathan Oxer <jon@debian.org>  Tue, 10 Jun 2003 11:35:19 +1000

apt-cacher (0.6-9) unstable; urgency=low

  * apt-cacher.pl: Daniel Stone contributed a lot to this one, 
    providing me with an earlier version with changes in it to
    help fix the hated 500 Internal Server Error bug by catching a
    state where Wget makes a new file rather than truncating, and 
    thus changes the file descriptor out from under us. Those 
    changes were then merged forward to the most recent devel 
    version.
    Also added 'seek' command to handle reading files of varying 
    length, such as packages that are currently in the process of 
    being downloaded and are not the full length at the time 
    apt-cacher tries to stream them to the client: that patch and a 
    Perl lesson supplied by Adam Moore.
    Also changed the 'read' call to use sysread, at the suggestion 
    of Andreas Boeckler.
    All those changes together help prevent the 500 Internal Server 
    Error bug occuring in different situations. Thanks Daniel, Adam 
    and Andreas! Hopefully that stupid bug is gone for good now. 
    Yippee!
    Closes: #171059
  * apt-cacher.pl: More changes provided by Daniel Stone to fix a 
    potential race condition discovered by some very nice detective
    work by Peter Hawkins. Peter patched his local server, Daniel
    incorporated the changes into the version he sent me  :-)
    Closes: #180571
  * apt-cacher-cleanup.pl: Fixed references to configuration
    settings using a patch supplied by Stephan Niemz. Thanks Stephan!
    Closes: #184425

 -- Jonathan Oxer <jon@debian.org>  Thu, 26 May 2003 14:36:12 +1100

apt-cacher (0.6-8) unstable; urgency=low

  * apt-cacher-cleanup.pl, apt-cacher-report.pl, apt-cacher.pl, 
    apt-cacher-lib.pl: fixes by Jeff Williams to make the config
    parser use hashrefs. Thanks again Jeff!

 -- Jonathan Oxer <jon@debian.org>  Tue, 18 Feb 2003 11:00:56 +1100

apt-cacher (0.6-7) unstable; urgency=low

  * debian/apt-cacher.logrotate: added a logrotate config to roll
    access and error logs monthly. Thanks to Jacob Luna Lundberg
    for the suggestion!
  * apt-cacher-cleanup.pl: converted logfile reader to use proper
    Perl rather than kludgy shell, and to read the most recently
    rotated log if one exists.
  * apt-cacher-lib.pl: a new library for apt-cacher that so far
    only contains the config file parser, so that a lot of
    duplicate code can be ripped out of the main scripts. Based on
    a patch sent in by Jeff Williams. Thanks Jeff!
    
 -- Jonathan Oxer <jon@debian.org>  Mon, 10 Feb 2003 15:16:41 +1100

apt-cacher (0.6-6) unstable; urgency=low

  * apt-cacher-cleanup.pl: major rewrite by Jacob Luna Lundberg,
    including changes to handle varying header length of compressed
    packages, use of Compress::Zlib if available, and nicer handling
    of an empty cache (no longer generates output if the cache is
    empty). Thanks Jacob!
    Closes: #172732

 -- Jonathan Oxer <jon@debian.org>  Fri, 13 Dec 2002 16:12:31 +1100

apt-cacher (0.6-5) unstable; urgency=low

  * remove.pl: added check for existence of apache and apache-ssl
    config files prior to attempted un-configuration (thanks to
    Blars Blarson for the patch!)
    Closes: #168825

 -- Jonathan Oxer <jon@debian.org>  Fri, 22 Nov 2002 16:12:10 +1100

apt-cacher (0.6-4) unstable; urgency=low

  * debian/control: Added apache-ssl as an alternative Depends to
    apache
  * install.pl: Checks for existence of startup scripts for both
    apache and apache-ssl, and restarts either / both
  * install.pl: Checks for and patches config files for both
    apache and apache-ssl
  * remove.pl: Checks for existence of startup scripts for both
    apache and apache-ssl, and restarts either / both
  * remove.pl: Removes patches applied to both apache and
    apache-ssl
    Closes: #167521

 -- Jonathan Oxer <jon@debian.org>  Mon,  4 Nov 2002 15:14:56 +1100

apt-cacher (0.6-3) unstable; urgency=low

  * Added cache cleanup script to flush out old .debs from the
    cache. Woohoo, at last!
    Closes: #159320
  * debian/control: Added Depends: Bzip2 because the cache cleaning
    script needs to use zgrep

 -- Jonathan Oxer <jon@debian.org>  Thu, 31 Oct 2002 17:47:36 +1100

apt-cacher (0.6-2) unstable; urgency=low

  * debian/control: Added Depends: Apache, Wget, Perl (oops!)
    Closes: #159832
  * debian/postinst: Removed doc symlink

 -- Jonathan Oxer <jon@debian.org>  Fri, 18 Oct 2002 16:08:27 +1000

apt-cacher (0.6-1) unstable; urgency=low

  * apt-cacher.pl: Improved handling of 404 (file not found) 
    errors: fetcher now returns a 404 to the client when it detects 
    a 404 from the nominated source, rather than letting the client 
    time out. Patch submitted by Jacob Luna Lundberg.
  * debian/install.pl: Fixes to the install script so that it 
    complies with the new logdir directive.
    Closes: #159605
  * debian/man.1: Updates to the man page to reflect the config 
    file changes.
  * debian/upgrade.pl: Split off portions of the remove script to 
    create a new upgrade script to prevent the cache contents being 
    nuked when upgrading.
  * apt-cacher.pl: Major cosmetic update to the info page that is 
    displayed when apt-cacher is called with no arguments, and 
    addition of config values to info page for debug purposes.
  * apt-cacher-report.pl: Addition of script to parse the access 
    log and generate a traffic report.
  * apt-cacher.conf: Addition of 'generate_reports' directive.
  * apt-cacher.conf: Addition of 'admin_email' directive for 
    display in info page.
  * debian/apt-cacher: Daily cron job to run the report script
    if the generate_reports directive is set.
  
 -- Jonathan Oxer <jon@debian.org>  Fri,  6 Sep 2002 09:21:34 +1000

apt-cacher (0.5-6) unstable; urgency=low

  * Improved package description at Martin Schulze's suggestion.
    Closes: #159342
  * Fetcher now sets mod time on downloaded files to the current
    time to prevent them being prematurely expired (patch submitted 
    by Raphael Goulais <raphael@nicedays.net>).
    Closes: #159314
  * Modified config file format to remove 'accesslog' and 'errorlog'
    directives, and replace them with a 'logdir' directive.
  * Modified command parser to provide framework for the traffic
    reporting facilities intended for a future release.
  * Updated postinst and prerm scripts to set/remove the doc symlink
    for the transition to FHS.

 -- Jonathan Oxer <jon@debian.org>  Tue,  3 Sep 2002 17:19:27 +1000

apt-cacher (0.5-5) unstable; urgency=low

  * Closes: #151109 (original ITP)

 -- Jonathan Oxer <jon@debian.org>  Mon, 19 Aug 2002 09:35:05 +1000

apt-cacher (0.5-4) unstable; urgency=low

  * Minor bugfixes for the configuration file parser.

 -- Jonathan Oxer <jon@ivt.com.au>  Tue, 23 Apr 2002 21:37:02 +1000

apt-cacher (0.5-3) unstable; urgency=low

  * Added support for working through an external http proxy such as
    Squid (useful when your ISP blocks port 80).

 -- Jonathan Oxer <jon@ivt.com.au>  Tue, 23 Apr 2002 18:09:38 +1000

apt-cacher (0.5-2) unstable; urgency=low

  * Updated config file parser to handle comments, blank lines and
    spaces.

 -- Jonathan Oxer <jon@ivt.com.au>  Tue, 23 Apr 2002 17:49:03 +1000

apt-cacher (0.5-1) unstable; urgency=low

  * Initial release as a Debian package.

 -- Jonathan Oxer <jon@ivt.com.au>  Fri,  5 Apr 2002 23:30:07 +1000
