| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| | |
Pu/http fixes 2
See merge request apt-team/apt!125
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We only add the file to the select() call if we have data to
write to it prior to the select() call. This is problematic:
Assuming we enter Go() with no data to write to the file,
but we read some from the server as well as an EOF, we end
up not writing it to the file because we did not add the file
to the select.
We can't always add the file to the select(), because it's
basically always ready and we don't want to wake up if we
don't have anything to read or write.
So for a solution, let's just always write data to the file
if there's data to write to it. If some gets leftover, or if
some was already present when we started Go(), it will still
be added to the select() call and unblock it.
Closes: #959518
|
| |\ \
| |/
|/|
| |
| | |
Remove master/slave terminology
See merge request apt-team/apt!124
|
| | | |
|
| | |
| |
| |
| | |
Sorry!
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of reading the data early, disable the timeout for the
select() call and read the data later. Also, change Read() to
call only once to drain the buffer in such instances.
We could optimize this to call read() multiple times if there
is also pending stuff on the socket, but that it slightly more
complex and should not provide any benefits.
|
| | |
| |
| |
| |
| | |
The error handling in Die() that's supposed to add useful error
messages is not super useful here.
|
| | |
| |
| |
| |
| |
| | |
This avoids a case where we read data, then write to the server
and only then realize the connection was closed. It is somewhat
slower, though.
|
| | |
| |
| |
| |
| |
| |
| | |
By changing the buffer implementation to return true if it
read or wrote something, even on EOF, we should not have a
need to flush the buffer in Die() anymore - we should only
be calling Die() if the buffer is empty now.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This should avoid the need to Flush the buffer in Die(), because
if we read anything, we are returning true, and not entering Die()
at that point.
Also Write() does not have a concept of EOF, so get rid of code
handling that there. Was that copied from Read()?
|
| | |
| |
| |
| |
| |
| |
| | |
Die() needs its own Copy() of Flush() because it needs to return
success or failure based on some states, but those are not precisely
the same as Flush(), as Flush() will always return false at the end,
for example, but we want to fall through to our error handling.
|
| |/
|
|
|
| |
If we reached Die() there was an issue with the server connection,
so we should always explicitly close it.
|
| |
|
|
|
|
| |
If this option is disabled (which it is by default in Debian), we don't
have to make the call and the checks around it. Not that it really
matters that much as if it would we would be better checking only once.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include that apt is being run from a service in the user
agent, so traffic can be analysed for interactive vs
non-interactive use, and prioritised accordingly.
It looks like this now:
User-Agent: Debian APT-HTTP/1.3 (2.0.1) non-interactive
A previous version included the full service names, but this
raised some privacy concerns.
LP: #1825000
|
| | |
|
| |
|
|
|
|
| |
Remove all code scheduled to be removed after 5.90, and fix
files to include files they previously got from hashes.h
including more headers.
|
| |
|
|
|
| |
Saw those in libseccomp commit, figured should add them
too.
|
| |
|
|
|
|
|
|
| |
Went through the list of syscalls starting at 403 (and looked
one back) up to the next unknown syscalls, and added all those that
were present in their non-time64 variant.
Closes: #951012
|
| |
|
|
|
|
|
|
| |
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.
|
| | |
|
| |
|
|
|
|
|
|
| |
Unused variable, std::algorithms instead of raw for-loops.
There should be no observeable difference in behaviour.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
| |
|
|
|
|
|
|
| |
Also in old changelogs, but nothing really user visible
like error messages or alike so barely noteworthy.
Reported-By: codespell
Gbp-Dch: Ignore
|
| |
|
|
| |
Reported-By: cppcheck
|
| |
|
|
|
|
| |
We are converting to std::string anyway by passing to
istringstream, and this removes the need for .c_str()
in callers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently CONNECT requests use the name of the proxy as Host value, instead of
the origin server's name.
According to RFC 2616 "The Host field value MUST represent the naming authority
of the origin server or gateway given by the original URL."
The current implementation causes problems with some proxy vendors. This
commit fixes this.
[jak: Adding a test case]
See merge request apt-team/apt!66
|
| |\
| |
| |
| | |
apt Debian release 1.8.2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When accessing repository protected by TLS mutual auth, apt may receive
a "re-handshake" request from the server, which must be handled
in order for download to proceed.
This situation arises when the server requests a client certificate
based on the resource path provided in the GET request, after the inital
handshake in UnwrapTLS() has already occurred, and a secure connection
has been established.
This issue has been observed with Artifactory-backed Debian repository.
To address the issue, split TLS handshake code out into its own method
in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received.
Signed-off-by: Michael Zhivich <mzhivich@akamai.com>
(merged from Debian/apt#93)
LP: #1829861
|
| | |
| |
| |
| |
| | |
This needs a fair amount of changes elsewhere in the code,
hence this is separate from the previous commits.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents implicit conversions that we do not want, such
as having a FileFd* being converted to a debListParser.
Two cases are not yet handled because they require changes
in code using them:
1. The classes in hashes.h
2. The URI class - this one is used quite a lot
|
| |/
|
|
|
|
|
|
| |
warning: moving a local object in a return statement prevents copy
elision [-Wpessimizing-move]
Reported-By: gcc-9
Gbp-Dch: Ignore
|
| |
|
|
|
| |
This is a special case here, a best effort write, so there's no
point in having warnings about it for every method.
|
| |
|
|
|
|
|
| |
Telling the acquire system which keys caused the gpgv method to
succeed allows us for now just a casual check if the gpgv method
really executed catching bugs like CVE-2018-0501, but we will make use
of the information for better features in the following commits.
|
| |
|
|
|
|
|
|
|
| |
Having a method take a bunch of string vectors is bad style, so we
change this to a wrapping struct and adapt the rest of the code brushing
it up slightly in the process, which results even in a slightly "better"
debug output, no practical change otherwise.
Gbp-Dch: Ignore
|
| |
|
|
|
|
|
|
|
| |
This allows us to install matching auth files for sources.list.d
files, for example; very useful.
This converts aptmethod's authfd from one FileFd to a vector of
pointers to FileFd, as FileFd cannot be copied, and move operators
are hard.
|
| |
|
|
|
|
|
|
| |
No user visible change expect for some years old changelog entries,
so we don't really need to add a new one for this…
Reported-By: codespell
Gbp-Dch: Ignore
|
| |
|
|
|
|
| |
Not needed for common interactions, but for some download-file
interactions it could be useful to set a specific referer as some
servers do not serve requested files otherwise.
|
| |
|
|
|
|
|
|
| |
This reverts commit fb3f36593563d09a8d1727cc7c6deb0b49823ca2. It
caused downloads to hang on long-lived connections on certain
servers.
Gbp-Dch: full
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the server closed the connection while we're reading data, and
we end up not having any data left to write; that is, for example,
we received 0 bytes, then we did not exit before, as we only returned
success if there was data to write.
This is wrong: Obviously, if we have reached our limit, we are done
anyway. It's a bit unclear if we actually ever reached this part, but
it does make some sense wrt the bug below.
LP: #1801338
|
| |\
| |
| |
| |
| | |
Support subkeys and multiple keyrings in Signed-By options
See merge request apt-team/apt!27
|
| | |
| |
| |
| |
| |
| |
| | |
A user can specify multiple fingerprints for a while now, so its seems
counter-intuitive to support only one keyring, especially if this isn't
really checked or enforced and while unlikely mixtures of both should
work properly, too, instead of a kinda random behaviour.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If we limit a file to be signed by a certain key it should usually
accept also being signed by any of this keys subkeys instead of
requiring each subkey to be listed explicitly. If the later is really
wanted we support now also the same syntax as gpg does with appending an
exclamation mark at the end of the fingerprint to force no mapping.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is perfectly valid behavior for a server to respond with
Connection: close eventually, even when pipelining. Turning
off pipelining due to that is wrong. For example, some Ubuntu
mirrors close the connection after 101 requests. If I have
more packages to install, only the first 101 would benefit
from pipelining.
This commit introduces a new check to only turn of pipelining
for future connections if the pipeline for this connection did
not have 3 successful fetches before, that should work quite well to
detect broken server/proxy combinations like in bug 832113.
|
| |
|
|
|
|
|
|
|
|
| |
gpgs DETAILS documentation file declares that GOODSIG could report keyid
or fingerprint since gpg2, but for the time being it is still keyid
only. Who knows if that will ever change as that feels like an interface
break with dangerous security implications, but lets be better safe than
sorry especially as the code dealing with signed-by keyids is prepared
for this already. This code is rewritten still to have them all use the
same code for this type of problem.
|
| |
|
|
|
| |
Using the time of day for this is slightly wrong just like it is for
progress, just less visible.
|
| |
|
|
|
|
|
| |
The Stats method isn't called anywhere, was partly commented out before,
but we keep updating the time for it – lets avoid this pointless busywork.
Gbp-Dch: Ignore
|
| |
|
|
|
| |
120s is an insanely high default time out, lower it to 30s
to make things a bit nicer.
|
| |
|
|
|
|
|
| |
Correctly register timed out IP addresses from a timed out
select() call as a bad address so we do not try it again.
LP: #1766542
|
| |
|
|
| |
Closes: #898886
|
| |
|
|
|
|
| |
This shouldn't make a practical difference for most people, but for edge
cases it avoids DNS lookups and additionally prevents us from perfoming
unneeded SRV requests, too.
|
