Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.0.9.5 2014-12-22T13:23:39Z 2014-12-22T13:23:39Z David Kalnischkies david@kalnischkies.de 2014-11-29T16:59:52Z urn:sha1:92e8c1ff287ab829de825e00cdf94744e699ff97 Real webservers (like apache) actually send an error page with a 416 response, but our client didn't expect it leaving the page on the socket to be parsed as response for the next request (http) or as file content (https), which isn't what we want at all… Symptom is a "Bad header line" as html usually doesn't parse that well to an http-header. This manifests itself e.g. if we have a complete file (or larger) in partial/ which isn't discarded by If-Range as the server doesn't support it (or it is just newer, think: mirror rotation). It is a sort-of regression of 78c72d0ce22e00b194251445aae306df357d5c1a, which removed the filesize - 1 trick, but this had its own problems… To properly test this our webserver gains the ability to reply with transfer-encoding: chunked as most real webservers will use it to send the dynamically generated error pages. (The tests and their binary helpers had to be slightly modified to apply, but the patch to fix the issue itself is unchanged.) Closes: 768797 2014-10-08T09:35:48Z Michael Vogt mvo@ubuntu.com 2014-10-08T09:35:48Z urn:sha1:180b693262d71381d650d10c3f95a5a70553f40f Instead of using strcat use a C++ std::string to avoid overflowing this buffer. Thanks to David Garfield Closes: #76442 2014-09-21T08:18:03Z Michael Vogt mvo@debian.org 2014-09-21T08:18:03Z urn:sha1:b0f4b486e6850c5f98520ccf19da71d0ed748ae4 2014-09-19T14:41:55Z Michael Vogt mvo@ubuntu.com 2014-09-19T14:41:55Z urn:sha1:9da539c5aff025aab99537be1c75e8c6a853fd83 When we do a ReverifyAfterIMS() we use the copy: method to verify the hashes again. If the user uses -o Dir=./something/relative this fails because we use the URI class in copy.cc that strips away the leading relative part. By not using URI this is fixed. Closes: #762160 2014-09-16T18:39:13Z Michael Vogt mvo@ubuntu.com 2014-09-16T18:23:43Z urn:sha1:ca7fd76c2f30c100dcf1c12e717ce397cccd690b incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489) 2014-09-05T14:24:32Z Michael Vogt mvo@ubuntu.com 2014-09-05T14:24:32Z urn:sha1:9622b2111095c3fc705ec0615d27fe403e18c3b8 Prefix all answers with the URL that the answer is for. This helps when debugging and pipeline is enabled. 2014-09-02T14:02:37Z Michael Vogt mvo@ubuntu.com 2014-09-02T13:50:19Z urn:sha1:c6ee61eab54edf6cc3fbe118d304d72a860e1451 When doing Acquire::http{,s}::Proxy-Auto-Detect, run the auto-detect command for each host instead of only once. This should make using "proxy" from libproxy-tools feasible which can then be used for PAC style or other proxy configurations. Closes: #759264 2014-06-24T13:45:09Z Michael Vogt mvo@debian.org 2014-06-24T13:45:09Z urn:sha1:7b734b09f6bd9356e4622aee64bd2e5e43554570 2014-04-26T07:51:05Z David Kalnischkies david@kalnischkies.de 2014-04-24T08:49:41Z urn:sha1:062074cb519aa05110d24936d95747c59cc0ffc1 2014-04-26T07:51:05Z David Kalnischkies david@kalnischkies.de 2014-04-24T08:20:45Z urn:sha1:b123b0ba77936a82d7964bebf01693acf94cae1f beside reducing code a bit, it avoids oddball problems while building the string and doesn't trigger static analyse warnings.