summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire-item.h
Commit message (Collapse)AuthorAgeFilesLines
* Add new Acquire::MaxReleaseFileSize=10*1000*1000 optionMichael Vogt2014-10-071-1/+3
| | | | | | | | This option controls the maximum size of Release/Release.gpg/InRelease files. The rational is that we do not know the size of these files in advance and we want to protect against a denial of service attack where someone sends us endless amounts of data until the disk is full (we do know the size all other files (Packages/Sources/debs)).
* Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2014-10-071-13/+13
|\ | | | | | | | | | | | | feature/acq-trans Conflicts: apt-pkg/acquire-item.cc
| * support parsing of all hashes for pdiffDavid Kalnischkies2014-09-301-11/+11
| | | | | | | | | | | | | | | | | | | | | | The fileformat of a pdiff index stores currently only SHA1 hashes. With this change, we look for all other hashes we support as well and take what we get, so that we can work after the release of jessie to get right of SHA1 if we want to. Note that the completely patched file is and was checked against the hashes collected from the Release file, so this transition isn't mission critical.
| * mark private methods as hiddenDavid Kalnischkies2014-09-301-2/+2
| | | | | | | | | | | | | | | | | | | | We are the only possible users of private methods, so we are also the only users who can potentially export them via using them in inline methods. The point is: We don't need these symbols exported if we don't do this, so marking them as hidden removes some methods from the API without breaking anything as nobody could have used them. Git-Dch: Ignore
* | use _apt:root only for partial directoriesDavid Kalnischkies2014-10-071-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
* | rename StopAuthentication -> CheckStopAuthentication and make it protectedMichael Vogt2014-10-061-5/+4
| |
* | rename AuthDone() -> CheckAuthDone()Michael Vogt2014-10-061-1/+1
| |
* | cleanup pkgAcq*::Failed()Michael Vogt2014-10-061-10/+3
| |
* | Rework pkgAcqMeta{Index,Sig,ClearSig}::Done() for readabilityMichael Vogt2014-10-061-29/+35
| | | | | | | | | | | | Move common code out but do not use subclassing for ::Done to make it easier to understand what each class is doing when its done
* | add new "SetActiveSubprocess()Michael Vogt2014-10-061-0/+6
| |
* | cleanup around pkgAcqMetaSig and improved testsMichael Vogt2014-10-021-0/+3
| |
* | add a bunch of docstrings etcMichael Vogt2014-10-021-2/+4
| |
* | fix crashMichael Vogt2014-10-021-3/+2
| |
* | donkults fixesMichael Vogt2014-10-021-3/+9
| |
* | Cleanup pkgAcqIndexMichael Vogt2014-10-021-25/+33
| |
* | refactor and add pkgAcqIndex::ValidateFile()Michael Vogt2014-10-011-4/+5
| |
* | cleanupMichael Vogt2014-09-291-14/+22
| |
* | refactorMichael Vogt2014-09-291-27/+22
| |
* | Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2014-09-291-13/+17
|\| | | | | | | | | | | | | | | | | feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/gpgv.cc
| * replace c-string Mode with c++-string ActiveSubprocessDavid Kalnischkies2014-09-281-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A long-lasting FIXME in the acquire code points out the problem that we e.g. for decompressors assign c-string representations of c++-strings to the Mode variable, which e.g. cppcheck points out as very bad. In practice, nothing major happens as the c++-strings do not run out of scope until Mode would do, but that is bad style and fragile, so the obvious proper fix is to use a c++ string for storage to begin with. The slight complications stems from the fact that progress reporting code in frontends potentially uses Mode and compares it with NULL, which can't be done with std::string, so instead of just changing the type we introduce a new variable and deprecate the old one. Git-Dch: Ignore
| * Revert making pkgAcquire::Item::DescURI() "const"Michael Vogt2014-09-251-12/+12
| | | | | | | | | | | | Revert because its a API change and the gain does not justify the extra work to make the required changes in the consumers of this interface at this point.
* | Do not allow going from authenticated to unauthenticated repoMichael Vogt2014-09-261-71/+77
| | | | | | | | | | | | | | | | Also rework the way we load the Release file, so it only after Release.gpg verified the Release file. The rational is that we never want to load untrusted data into our parsers. Only stuff verified with gpg or by its hashes get loaded. To load untrusted data you now need to use apt-get update --allow-unauthenticated.
* | make pdiff transactional (but at the cost of a CopyFile()Michael Vogt2014-09-231-2/+6
| |
* | cleanup, fix test-apt-update-unauth as the behavior of apt changedMichael Vogt2014-09-231-4/+0
| |
* | cleanupMichael Vogt2014-09-231-3/+2
| |
* | Merge remote-tracking branch 'upstream/debian/experimental' into ↵Michael Vogt2014-09-231-0/+1
|\| | | | | | | | | | | | | | | | | | | feature/acq-trans Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h methods/copy.cc test/integration/test-hashsum-verification
| * Merge branch 'debian/sid' into debian/experimentalMichael Vogt2014-09-231-0/+9
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
| | * SECURITY UPDATE for CVE-2014-{0488,0487,0489}Michael Vogt2014-09-161-0/+8
| | | | | | | | | | | | | | | | | | incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
* | | fix gcc warningsMichael Vogt2014-09-171-4/+3
| | |
* | | use pkgAcqMetaBase as the transactionManagerMichael Vogt2014-09-171-20/+32
| | |
* | | add a bunch of dpointersMichael Vogt2014-09-161-0/+30
| | |
* | | remove pkgAcqSubIndexMichael Vogt2014-09-161-57/+0
| | |
* | | add shared code into pkgAcqMetaSigBase::GenerateAuthWarning()Michael Vogt2014-08-251-2/+14
| | |
* | | really move clearsign check into pkgAcqMetaClearSig::Done()Michael Vogt2014-08-021-1/+3
| | |
* | | add ims check verifyMichael Vogt2014-08-021-0/+8
| | |
* | | fix transactionid passingMichael Vogt2014-08-011-1/+1
| | |
* | | mve MetaKey into pkgAcqBaseIndexMichael Vogt2014-08-011-0/+3
| | |
* | | Rework TransactionID stuffMichael Vogt2014-07-311-24/+23
| | |
* | | WIP cleanup pkgAcqMetaSigMichael Vogt2014-07-221-1/+4
| | |
* | | Download Release first, then Release.gpgMichael Vogt2014-07-211-16/+19
| | | | | | | | | | | | | | | | | | | | | The old way of handling this was that pkgAcqMetaIndex was responsible to check/move both Release and Release.gpg in place. This breaks the assumption of the transaction that each pkgAcquire::Item has a single File that its responsible for.
* | | WIP transaction based updateMichael Vogt2014-07-181-136/+166
|/ /
* | Merge branch 'debian/sid' into debian/experimentalMichael Vogt2014-07-081-9/+2
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: apt-pkg/deb/deblistparser.cc doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pl.po doc/po/pt.po doc/po/pt_BR.po po/da.po po/mr.po po/vi.po
| * Try not to parse invalid translation files (LP: #756317)Michael Vogt2014-07-031-9/+2
| |
* | apt-pkg/acquire-item.h: add default argument to ExpectedHashes to avoid API ↵Michael Vogt2014-06-181-1/+2
| | | | | | | | break
* | Merge remote-tracking branch 'mvo/feature/update-by-hash' into ↵Michael Vogt2014-06-181-0/+3
|\ \ | | | | | | | | | debian/experimental
| * | move ByHash into its own functionMichael Vogt2014-05-221-0/+3
| | |
* | | Fix more warnings from clangMichael Vogt2014-05-291-1/+1
|/ / | | | | | | | | | | | | | | | | Reported-By: clang++ -Werror Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/deb/debmetaindex.h
* | Merge remote-tracking branch 'donkult/debian/experimental' into ↵Michael Vogt2014-05-141-121/+77
|\ \ | | | | | | | | | | | | | | | | | | | | | debian/experimental Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h
| * | promote ExpectedHashes to a pkgAcquire::Item memberDavid Kalnischkies2014-05-091-76/+17
| | | | | | | | | | | | | | | | | | Beside being another big API break with hopefully zero fallout in reality it avoids having the same member and helper code in each and every subclass.
| * | use HashStringList in the acquire systemDavid Kalnischkies2014-05-091-73/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-02 14:35:33 +0000