Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.9.1 2019-06-17T16:28:52Z 2019-06-17T16:28:52Z Julian Andres Klode julian.klode@canonical.com 2019-06-17T16:28:52Z urn:sha1:97553e635d2265ec4aad96b00b1fd72d98437f15 We are converting to std::string anyway by passing to istringstream, and this removes the need for .c_str() in callers. 2019-06-11T15:27:34Z Simon Körner git@lubiland.de 2019-05-17T22:32:15Z urn:sha1:86d4d98060f36c7e71c34af20a1193a75496ef72 Currently CONNECT requests use the name of the proxy as Host value, instead of the origin server's name. According to RFC 2616 "The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL." The current implementation causes problems with some proxy vendors. This commit fixes this. [jak: Adding a test case] See merge request apt-team/apt!66 2019-06-11T12:16:18Z Julian Andres Klode julian.klode@canonical.com 2019-06-11T12:16:18Z urn:sha1:93e0ba2bfde58e6c1fbad53614083be8754d7ee8 apt Debian release 1.8.2 2019-05-21T12:53:01Z Michael Zhivich mzhivich@akamai.com 2019-05-20T19:07:04Z urn:sha1:f3e109d40937dbf90994bcf74b76837ec670205c When accessing repository protected by TLS mutual auth, apt may receive a "re-handshake" request from the server, which must be handled in order for download to proceed. This situation arises when the server requests a client certificate based on the resource path provided in the GET request, after the inital handshake in UnwrapTLS() has already occurred, and a secure connection has been established. This issue has been observed with Artifactory-backed Debian repository. To address the issue, split TLS handshake code out into its own method in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received. Signed-off-by: Michael Zhivich <mzhivich@akamai.com> (merged from Debian/apt#93) LP: #1829861 2019-04-30T15:43:56Z Julian Andres Klode julian.klode@canonical.com 2019-04-30T10:32:54Z urn:sha1:af74a9e2d55d6a9532eb3fbb9b96c65b7ddc1e4d This needs a fair amount of changes elsewhere in the code, hence this is separate from the previous commits. 2019-04-30T15:43:31Z Julian Andres Klode julian.klode@canonical.com 2019-04-30T10:07:07Z urn:sha1:b52c6552c44fcb997b0db9f5e9f17b4674dd5359 This prevents implicit conversions that we do not want, such as having a FileFd* being converted to a debListParser. Two cases are not yet handled because they require changes in code using them: 1. The classes in hashes.h 2. The URI class - this one is used quite a lot 2019-04-16T10:59:54Z David Kalnischkies david@kalnischkies.de 2019-04-14T23:54:26Z urn:sha1:a967ba05416db27127f9a0ba85bb92377e6bb73e warning: moving a local object in a return statement prevents copy elision [-Wpessimizing-move] Reported-By: gcc-9 Gbp-Dch: Ignore 2019-02-05T11:50:05Z Julian Andres Klode julian.klode@canonical.com 2019-02-05T11:48:46Z urn:sha1:e435312f0692996232fc12786be59513a2536489 This is a special case here, a best effort write, so there's no point in having warnings about it for every method. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T23:44:18Z urn:sha1:7bf533967fb385b9625a1ee4dd7c6542a84b489c Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. 2019-01-22T11:24:22Z David Kalnischkies david@kalnischkies.de 2018-09-11T14:45:06Z urn:sha1:6b01cd087e6f92c5511fe6eea73699e075aa699a Having a method take a bunch of string vectors is bad style, so we change this to a wrapping struct and adapt the rest of the code brushing it up slightly in the process, which results even in a slightly "better" debug output, no practical change otherwise. Gbp-Dch: Ignore