* test/integration/test-hashsum-verification:

  - add regression test for hashsum verification
* apt-pkg/acquire-item.cc:
  - if no Release.gpg file is found, still load the hashes for
    verification (closes: #636314) and add test

diff --cc apt-pkg/acquire-item.cc
index 215615b,ebd8d5a..7eb5920
--- 1/apt-pkg/acquire-item.cc
--- 2/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@@ -1258,8 -1258,9 +1258,9 @@@ void pkgAcqMetaIndex::Done(string Messa
        if (SigFile == "")
        {
           // There was no signature file, so we are finished.  Download
-          // the indexes without verification.
-          QueueIndexes(false);
 -         // the indexes and do hashsum verification
++         // the indexes and do only hashsum verification
+          MetaIndexParser->Load(DestFile);
+          QueueIndexes(true);
        }
        else
        {

diff --cc debian/changelog
index 75ac083,f162e20..4899609
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -11,7 -11,11 +11,12 @@@ apt (0.8.15.5.6) UNRELEASED; urgency=lo
      - use ref-to-ptr semantic in NewDepends() to ensure that the   
        libapt does not segfault if the cache is remapped in between
        (LP: #812862)
 +    - fix crash when P.Arch() was used but the cache got remapped
+   * test/integration/test-hashsum-verification:
+     - add regression test for hashsum verification
+   * apt-pkg/acquire-item.cc:
+     - if no Release.gpg file is found, still load the hashes for
+       verification (closes: #636314) and add test
  
   -- Michael Vogt <mvo@debian.org>  Tue, 12 Jul 2011 11:54:47 +0200