summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/hashes.cc
Commit message (Collapse)AuthorAgeFilesLines
* avoid explicit types for pkg counts by autoDavid Kalnischkies2017-06-261-3/+3
| | | | | | | | | Changes nothing on the program front and as the datatypes are sufficently comparable fixes no bug either, but problems later on if we ever change the types of those and prevent us using types which are too large for the values we want to store waste (a tiny bit of) resources. Gbp-Dch: Ignore
* try not to call memcpy with length 0 in hash calculationsDavid Kalnischkies2016-09-011-0/+2
| | | | | | | | | | memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined
* Allow lowering trust level of a hash via configJulian Andres Klode2016-03-281-1/+10
| | | | | | Introduces APT::Hashes::<NAME> with entries Untrusted and Weak which can be set to true to cause the hash to be treated as untrusted and/or weak.
* Do not consider SHA1 usableJulian Andres Klode2016-03-131-1/+2
| | | | | SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this.
* use unusable-for-security hashes for integrity checksDavid Kalnischkies2015-09-011-0/+1
| | | | | | | We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
* Consider md5sum no longer a usable hashMichael Vogt2015-09-011-4/+11
| | | | | The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this.
* make all d-pointer * const pointersDavid Kalnischkies2015-08-101-14/+15
| | | | | | | | | | | | | | Doing this disables the implicit copy assignment operator (among others) which would cause hovac if used on the classes as it would just copy the pointer, not the data the d-pointer points to. For most of the classes we don't need a copy assignment operator anyway and in many classes it was broken before as many contain a pointer of some sort. Only for our Cacheset Container interfaces we define an explicit copy assignment operator which could later be implemented to copy the data from one d-pointer to the other if we need it. Git-Dch: Ignore
* apply various style suggestions by cppcheckDavid Kalnischkies2015-08-101-1/+1
| | | | | | | Some of them modify the ABI, but given that we prepare a big one already, these few hardly count for much. Git-Dch: Ignore
* support hashes for compressed pdiff filesDavid Kalnischkies2015-06-091-3/+8
| | | | | | | | At the moment we only have hashes for the uncompressed pdiff files, but via the new '$HASH-Download' field in the .diff/Index hashes can be provided for the .gz compressed pdiff file, which apt will pick up now and use to verify the download. Now, we "just" need a buy in from the creators of repositories…
* rework hashsum verification in the acquire systemDavid Kalnischkies2015-06-091-0/+10
| | | | | | | | | | | | | | | | | | | | | Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
* implement VerifyFile as all-hashes checkDavid Kalnischkies2015-05-121-7/+14
| | | | | | | It isn't used much compared to what the methodname suggests, but in the remaining uses it can't hurt to check more than strictly necessary by calculating and verifying with all hashes we can compare with rather than "just" the best known hash.
* calculate only expected hashes in methodsDavid Kalnischkies2015-04-191-15/+48
| | | | | | | | | | | | | | Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it.
* replace ignore-deprecated #pragma dance with _PragmaDavid Kalnischkies2014-11-081-21/+6
| | | | | | | | | For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore
* promote filesize to a hashstringDavid Kalnischkies2014-10-241-5/+27
| | | | | | | | | It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
* support parsing of all hashes for pdiffDavid Kalnischkies2014-09-301-2/+2
| | | | | | | | | | | The fileformat of a pdiff index stores currently only SHA1 hashes. With this change, we look for all other hashes we support as well and take what we get, so that we can work after the release of jessie to get right of SHA1 if we want to. Note that the completely patched file is and was checked against the hashes collected from the Release file, so this transition isn't mission critical.
* use HashStringList in the acquire systemDavid Kalnischkies2014-05-091-24/+73
| | | | | | | | | | | | | It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
* add a simple container for HashStringsDavid Kalnischkies2014-05-091-14/+104
| | | | | | | | APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. Git-Dch: Ignore
* Implement CacheDB for source packages in apt-ftparchiveMichael Vogt2014-04-041-1/+1
|
* follow method attribute suggestions by gccDavid Kalnischkies2014-03-131-1/+1
| | | | | Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
* cleanup headers and especially #includes everywhereDavid Kalnischkies2014-03-131-1/+5
| | | | | | | | Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
* correct some style/performance/warnings from cppcheckDavid Kalnischkies2014-01-161-3/+2
| | | | | | | | The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
* add check when sources.list changedMichael Vogt2013-11-261-4/+21
|
* try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies2011-12-171-5/+35
| | | | on the FileFd instead
* do not pollute namespace in the headers with using (Closes: #500198)David Kalnischkies2011-09-191-13/+13
|
* Support large files in the complete toolset. Indexes of thisDavid Kalnischkies2011-09-131-5/+5
| | | | size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
* reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies2011-09-131-1/+3
|
* fix sha512 calculation in Hashes::VerifyFiles()David Kalnischkies2011-07-141-10/+9
|
* enable Hashes::AddFD() to skip creation of certain hashesDavid Kalnischkies2011-07-131-7/+12
|
* add sha512 support in the client now as wellMichael Vogt2011-02-251-1/+8
|
* merge r1966..1967 from lp:~donkult/apt/sidMichael Vogt2010-01-311-2/+2
|
* The 'not dead yet' releaseMichael Vogt2009-07-211-7/+4
|\ | | | | | | | | | | | | | | | | | | | | * add hook for MarkInstall and MarkDelete (closes: #470035) * add the various foldmarkers in apt-pkg & cmdline (no code change) * versions with a pin of -1 shouldn't be a candidate (Closes: #355237) * prefer mmap as memory allocator in MMap instead of a static char array which can (at least in theory) grow dynamic * eliminate (hopefully all) segfaults in pkgcachegen.cc and mmap.cc which can arise if cache doesn't fit into the mmap (Closes: #535218) * display warnings instead of errors if the parts dirs doesn't exist * honor the dpkg hold state in new Marker hooks (closes: #64141)
| * add the various foldmarkers in apt-pkg & cmdline (no code change)David Kalnischkies2009-06-301-7/+4
| |
* | * apt-pkg/contrib/hashes.cc, apt-pkg/contrib/md5.cc:Julian Andres Klode2009-07-161-4/+9
|/ | | | - Support reading until EOF if Size=0 to match behaviour of SHA1Summation and SHA256Summation
* * apt-pkg/acquire-item.{cc,h}:Michael Vogt2007-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | - rename "hash" into ExpectedHash in pkgAcqFile, pkgAcqIndex - add missing HashSum() call to class pkgAcqIndex - use the data provided by acquire-method (and send via the {SHA256,SHA1,MD5Sum}-Hash tag when comparing the hash, this avoids calculating the hash twice (just like old libapt) * apt-pkg/acquire-method.cc: - send MD5Sum-Hash tag to libapt to be consistant with HashString::SupportedHashes() * apt-pkg/acquire-worker.cc: - check with "Owner->HashSum().HashType()" what hash the frontend is expecting and pass it to pkgAcquireItem::Done() in the new HashString format - add some debugging output * apt-pkg/contrib/hashes.cc: - fix off-by-one error when constructing a HashString from a single input string * apt-pkg/contrib/hashes.h: - add "HashType()" method * apt-pkg/init.h, apt-pkg/makefile, methods/makefile: - break ABI
* * implement sha256/sha1/md5 checking with proper backward compatibilityMichael Vogt2007-07-261-0/+84
| | | | and fallback
* * remove all the remaining #pragma implementationMichael Vogt2007-06-081-4/+0
|
* * added ajs patchMichael Vogt2006-03-081-0/+1
|
* * merged with my apt--fixes--0 branchMichael Vogt2005-05-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Patches applied: * apt@packages.debian.org/apt--misc-abi-changes--0--patch-4 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-5 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-6 Collapse both pkgAcquire::Run() methods into one, with a default value * michael.vogt@ubuntu.com--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-79 * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-1 * merged obvious fixes into the tree to make it easy for matt to merge * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-2 * more merges from otavio that looks good/uncritical * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-3 * merged Matts misc-abi-changes tree * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-4 * finalized the changelog for a ubuntu build * otavio@debian.org--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-71 * otavio@debian.org--2005/apt--fixes--0--patch-1 Fix comments about the need of xmlto * otavio@debian.org--2005/apt--fixes--0--patch-2 Fix a compile warning * otavio@debian.org--2005/apt--fixes--0--patch-3 Sync with apt--main--0--patch-76 * otavio@debian.org--2005/apt--fixes--0--patch-4 Sync with apt--main--0--patch-78 * otavio@debian.org--2005/apt--fixes--0--patch-5 Add fixes that was wrongly included on DDTP changes. * otavio@debian.org--2005/apt--fixes--0--patch-8 Add information about the other fixes include on this branch now. * otavio@debian.org--2005/apt--fixes--0--patch-9 Merge last changes from apt--main--0. * otavio@debian.org--2005/apt--fixes--0--patch-10 Fix warnings about min/max change in gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-11 Fix remaning warnings while compiling gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-12 Add changelog entry about the fixes for warnings while compiling using GCC 4.0 compiler.
* More SHA-1 prepArch Librarian2004-09-201-0/+43
Author: jgg Date: 2001-03-06 07:15:29 GMT More SHA-1 prep