apt/apt-pkg/acquire-method.cc, branch 2.7.12

Modernize standard library includes

2024-02-20T12:49:04Z

This was automated with sed and git-clang-format, and then I had to fix up the top of policy.cc by hand as git-clang-format accidentally indented it by two spaces.

Replace PrintStatus with SendMessage usage

2021-02-04T10:00:00Z

varg API is a nightmare as the symbols seems different on ever other arch, but more importantly SendMessage does a few checks on the content of the message and it is all outputted via C++ iostreams and not mixed in FILE* which is handy for overriding the streams.

Keep URIs encoded in the acquire system

2020-12-18T18:31:19Z

We do not deal a lot with URIs which need encoding, but then we do it is a pain that we store it decoded in the acquire system as it means we have to decode and reencode URIs eventually which is potentially giving us slightly different URIs. We see that in our own testing framework while setting up redirects as the config options are effectively double-encoded and decoded to pass them around successfully as otherwise %2f and / in an URI are treated the same. This commit adds the infrastructure for methods to opt into getting URIs send in encoded form (and returning them to us in encoded form, too) so that we eventually do not have to touch the URIs which is how it should be. This means though that we have to deal with methods who do not support this yet (aka: all at the moment) for which we decode and encode while communicating with them.

acquire: Do not hide _errror messages in Fail()

2020-08-11T06:57:47Z

If we have errors pending, always log them with our failure message to provide more context.

Remove includes of (md5|sha1|sha2).h headers

2020-01-14T12:10:36Z

Remove it everywhere, except where it is still needed.

RFC1123StrToTime: Accept const std::string& as first argument

2019-06-17T16:28:52Z

We are converting to std::string anyway by passing to istringstream, and this removes the need for .c_str() in callers.

Verify data being sent by methods in SendMessage()

2019-01-30T12:33:24Z

As a follow-up for CVE-2019-3462, add checks similar to those for redirect to the central SendMessage() function. The checks are a bit more relaxed for values - they may include newlines and unicode characters (newlines get rewritten, so are safe). For keys and the message header, the checks are far more strict: They may only contain alphanumerical characters, the hyphen-minus, and the horizontal space. In case the method tries to send anything else, we construct a legal 400 URI Failed response, and send that. We specifically do not include the item URI, in case it has been compromised (that would cause infinite recursion).

SECURITY UPDATE: content injection in http method (CVE-2019-3462)

2019-01-22T11:50:59Z

This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353

Remove obsolete RCS keywords

2018-05-07T11:41:31Z

Prompted-by: Jakub Wilk

require methods to request AuxRequest capability at startup

2018-01-03T18:42:45Z

Allowing a method to request work from other methods is a powerful capability which could be misused or exploited, so to slightly limited the surface let method opt-in into this capability on startup.