Comment 21 for bug 1647467

It might introduce a regression on 1.1 and newer releases (everything but trusty), such that if one repository is attacked, all repositories would be blocked. Sorry, I thought you were CCed on that email, but it seems this was in another sub-thread without an Ubuntu CC.

David wrote we need something like this:

diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index b49569ae6..f9fe6b546 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -315,6 +315,7 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,

    char *buf = NULL;
    size_t buf_size = 0;
+ _error->PushToStack();
    while (GetLineErrno(&buf, &buf_size, in, InFile) != -1)
    {
       _strrstrip(buf);
@@ -386,9 +387,10 @@ bool SplitClearSignedFile(std::string const &InFile, FileFd * const ContentFile,
       ContentFile->Flush();

    // An error occured during reading - propagate it up
- if (_error->PendingError()) {
+ bool const hasErrored = _error->PendingError();
+ _error->MergeWithStack();
+ if (hasErrored)
       return false;
- }

    if (found_signature == true)
       return _error->Error("Signature in file %s wasn't closed", InFile.c_str());

I'll add that tomorrow morning, and then we can eye for a release next week, so you can get your proposed date if nobody disagrees :)