…npacks -[SUHost installationPath] can return different values before and after the installation is performed, because it may attempt to normalize the installation path--but only if the normalized version of the path isn't already present. Which it would be after the installation had completed. Now we only compute the installation path once for the whole installation process.
Bug #389869: "Sparkle runs thread-unsafe code on secondary threads" Bug #312995: "Canceling authentication request causes crash on next update" Bug #388793: "Need to notify SUUpdateDriverFinishedNotification on main thread" The unfortunate side-effect of this fix is that all the file-handling code is now CoreServices-based, since NSFileManager is not thread-safe. This is disgusting and will be stricken from all records when installation is performed by relaunch in Next Major, as it should have been in the first place.
… #if'd for 10.4 support; I look forward to removing them. :) Thanks for the patch, August.
This patch prevents malicious downgrades, which are still possible with DSA validation: suppose there's some (signed) version with a security hole. A malicious attacker could serve an appcast with that version's URL and DSA signature, but a higher version number, forcing the user to "upgrade" to the version with the security hole. While I was at it, I fixed a bug that should have completely stopped .pkg installation from working since 1.5b1. Why didn't I hear anything about that? Does anyone actually use .pkgs? It still needs testing to be sure it works.
Removed all Cocoa categories from Sparkle by integrating things into other classes or making categories on existing Sparkle classes. Whoo!
…Sparkle. More super-unstable refactorings to come...