From 42e9340ee71ac781522e0ebf99b8d9c6bca2111f Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 25 Jul 2008 19:57:08 +0200 Subject: * merge patch that enforces stricter https server certificate checking (thanks to Arnaud Ebalard, closes: #485960) * allow per-mirror specific https settings (thanks to Arnaud Ebalard, closes: #485965) * add doc/examples/apt-https-method-example.cof (thanks to Arnaud Ebalard, closes: #485964) --- methods/https.cc | 59 ++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 12 deletions(-) (limited to 'methods') diff --git a/methods/https.cc b/methods/https.cc index b0b05a47e..e53ba1a11 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -108,6 +108,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) struct curl_slist *headers=NULL; char curl_errorstr[CURL_ERROR_SIZE]; long curl_responsecode; + URI Uri = Itm->Uri; + string remotehost = Uri.Host; // TODO: // - http::Pipeline-Depth @@ -127,23 +129,56 @@ bool HttpsMethod::Fetch(FetchItem *Itm) curl_easy_setopt(curl, CURLOPT_FAILONERROR, true); curl_easy_setopt(curl, CURLOPT_FILETIME, true); - // FIXME: https: offer various options of verification - bool peer_verify = _config->FindB("Acquire::https::Verify-Peer", false); + // SSL parameters are set by default to the common (non mirror-specific) value + // if available (or a default one) and gets overload by mirror-specific ones. + + // File containing the list of trusted CA. + string cainfo = _config->Find("Acquire::https::CaInfo",""); + string knob = "Acquire::https::"+remotehost+"::CaInfo"; + cainfo = _config->Find(knob.c_str(),cainfo.c_str()); + if(cainfo != "") + curl_easy_setopt(curl, CURLOPT_CAINFO,cainfo.c_str()); + + // Check server certificate against previous CA list ... + bool peer_verify = _config->FindB("Acquire::https::Verify-Peer",true); + knob = "Acquire::https::" + remotehost + "::Verify-Peer"; + peer_verify = _config->FindB(knob.c_str(), peer_verify); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, peer_verify); - // sslcert file + // ... and hostname against cert CN or subjectAltName + int default_verify = 2; + bool verify = _config->FindB("Acquire::https::Verify-Host",true); + knob = "Acquire::https::"+remotehost+"::Verify-Host"; + verify = _config->FindB(knob.c_str(),verify); + if (!verify) + default_verify = 0; + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); + + // For client authentication, certificate file ... string pem = _config->Find("Acquire::https::SslCert",""); + knob = "Acquire::https::"+remotehost+"::SslCert"; + pem = _config->Find(knob.c_str(),pem.c_str()); if(pem != "") curl_easy_setopt(curl, CURLOPT_SSLCERT, pem.c_str()); - - // CA-Dir - string certdir = _config->Find("Acquire::https::CaPath",""); - if(certdir != "") - curl_easy_setopt(curl, CURLOPT_CAPATH, certdir.c_str()); - - // Server-verify - int verify = _config->FindI("Acquire::https::Verify-Host",2); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, verify); + + // ... and associated key. + string key = _config->Find("Acquire::https::SslKey",""); + knob = "Acquire::https::"+remotehost+"::SslKey"; + key = _config->Find(knob.c_str(),key.c_str()); + if(key != "") + curl_easy_setopt(curl, CURLOPT_SSLKEY, key.c_str()); + + // Allow forcing SSL version to SSLv3 or TLSv1 (SSLv2 is not + // supported by GnuTLS). + long final_version = CURL_SSLVERSION_DEFAULT; + string sslversion = _config->Find("Acquire::https::SslForceVersion",""); + knob = "Acquire::https::"+remotehost+"::SslForceVersion"; + sslversion = _config->Find(knob.c_str(),sslversion.c_str()); + if(sslversion == "TLSv1") + final_version = CURL_SSLVERSION_TLSv1; + else if(sslversion == "SSLv3") + final_version = CURL_SSLVERSION_SSLv3; + curl_easy_setopt(curl, CURLOPT_SSLVERSION, final_version); // cache-control if(_config->FindB("Acquire::http::No-Cache",false) == false) -- cgit v1.2.3-70-g09d2 From 8cd53bd4fe839c3135696ecbdca45909130a2dd9 Mon Sep 17 00:00:00 2001 From: Luca Bruno Date: Sat, 11 Oct 2008 10:00:50 +0200 Subject: * Compilation fixes and portability improvement for compiling APT against non-GNU libc --- buildlib/apti18n.h.in | 2 ++ buildlib/inttypes.h.in | 7 +++++++ cmdline/makefile | 12 ++++++------ debian/changelog | 9 +++++++++ ftparchive/makefile | 2 +- methods/makefile | 20 ++++++++++---------- 6 files changed, 35 insertions(+), 17 deletions(-) (limited to 'methods') diff --git a/buildlib/apti18n.h.in b/buildlib/apti18n.h.in index a5b91b1ee..e7beceb09 100644 --- a/buildlib/apti18n.h.in +++ b/buildlib/apti18n.h.in @@ -18,6 +18,8 @@ #else // apt will not use any gettext # define setlocale(a, b) +# define textdomain(a) +# define bindtextdomain(a, b) # define _(x) x # define N_(x) x #endif diff --git a/buildlib/inttypes.h.in b/buildlib/inttypes.h.in index 3be720794..3b43b7672 100644 --- a/buildlib/inttypes.h.in +++ b/buildlib/inttypes.h.in @@ -4,6 +4,13 @@ #include +#undef int32_t +#undef uint32_t +#undef int16_t +#undef uint16_t +#undef int8_t +#undef uint8_t + /* Generate the fixed bit size types */ #if SIZEOF_INT == 4 typedef int int32_t; diff --git a/cmdline/makefile b/cmdline/makefile index 5820c2e0f..3260e375b 100644 --- a/cmdline/makefile +++ b/cmdline/makefile @@ -7,42 +7,42 @@ include ../buildlib/defaults.mak # The apt-cache program PROGRAM=apt-cache -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-cache.cc include $(PROGRAM_H) # The apt-get program PROGRAM=apt-get -SLIBS = -lapt-pkg -lutil +SLIBS = -lapt-pkg -lutil $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-get.cc acqprogress.cc include $(PROGRAM_H) # The apt-config program PROGRAM=apt-config -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-config.cc include $(PROGRAM_H) # The apt-cdrom program PROGRAM=apt-cdrom -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-cdrom.cc include $(PROGRAM_H) # The apt-sortpkgs program PROGRAM=apt-sortpkgs -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-sortpkgs.cc include $(PROGRAM_H) # The apt-extracttemplates program PROGRAM=apt-extracttemplates -SLIBS = -lapt-pkg -lapt-inst +SLIBS = -lapt-pkg -lapt-inst $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = apt-extracttemplates.cc include $(PROGRAM_H) diff --git a/debian/changelog b/debian/changelog index b88df66a9..72b743a48 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,15 @@ apt (0.7.17~exp1) UNRELEASED; urgency=low * Fix compilation warnings: - apt-pkg/acquire.cc - apt-pkg/versionmatch.cc + * Compilation fixes and portability improvement for compiling APT against non-GNU libc + (thanks to Martin Koeppe, closes: #392063): + - buildlib/apti18n.h.in: + + textdomain() and bindtextdomain() must not be visible when --disable-nls + - buildlib/inttypes.h.in: undefine standard int*_t types + - Append INTLLIBS to SLIBS: + + cmdline/makefile + + ftparchive/makefile + + methods/makefile -- Luca Bruno Sat, 11 Oct 2008 09:17:46 +0200 diff --git a/ftparchive/makefile b/ftparchive/makefile index a965166a0..504ebf893 100644 --- a/ftparchive/makefile +++ b/ftparchive/makefile @@ -8,7 +8,7 @@ include ../buildlib/defaults.mak # The apt-ftparchive program ifdef BDBLIB PROGRAM=apt-ftparchive -SLIBS = -lapt-pkg -lapt-inst $(BDBLIB) +SLIBS = -lapt-pkg -lapt-inst $(BDBLIB) $(INTLLIBS) LIB_MAKES = apt-pkg/makefile apt-inst/makefile SOURCE = apt-ftparchive.cc cachedb.cc writer.cc contents.cc override.cc \ multicompress.cc diff --git a/methods/makefile b/methods/makefile index 5794c84e7..d9481dbcc 100644 --- a/methods/makefile +++ b/methods/makefile @@ -12,70 +12,70 @@ APT_DOMAIN := libapt-pkg$(LIB_APT_PKG_MAJOR) # The file method PROGRAM=file -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = file.cc include $(PROGRAM_H) # The copy method PROGRAM=copy -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = copy.cc include $(PROGRAM_H) # The gzip method PROGRAM=gzip -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = gzip.cc include $(PROGRAM_H) # The gpgv method PROGRAM=gpgv -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = gpgv.cc include $(PROGRAM_H) # The cdrom method PROGRAM=cdrom -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = cdrom.cc include $(PROGRAM_H) # The http method PROGRAM=http -SLIBS = -lapt-pkg $(SOCKETLIBS) +SLIBS = -lapt-pkg $(SOCKETLIBS) $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = http.cc rfc2553emu.cc connect.cc include $(PROGRAM_H) # The https method PROGRAM=https -SLIBS = -lapt-pkg -lcurl +SLIBS = -lapt-pkg -lcurl $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = https.cc include $(PROGRAM_H) # The ftp method PROGRAM=ftp -SLIBS = -lapt-pkg $(SOCKETLIBS) +SLIBS = -lapt-pkg $(SOCKETLIBS) $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = ftp.cc rfc2553emu.cc connect.cc include $(PROGRAM_H) # The rred method PROGRAM=rred -SLIBS = -lapt-pkg $(SOCKETLIBS) +SLIBS = -lapt-pkg $(SOCKETLIBS) $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = rred.cc include $(PROGRAM_H) # The rsh method PROGRAM=rsh -SLIBS = -lapt-pkg +SLIBS = -lapt-pkg $(INTLLIBS) LIB_MAKES = apt-pkg/makefile SOURCE = rsh.cc include $(PROGRAM_H) -- cgit v1.2.3-70-g09d2 From 3c8cda8b05d6eeaef76c7ccc673fe378b0c74f37 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Tue, 28 Oct 2008 18:14:29 +0100 Subject: fix various -Wall warnings --- apt-inst/contrib/extracttar.cc | 4 ++-- apt-pkg/acquire.cc | 3 ++- apt-pkg/contrib/cdromutl.cc | 3 ++- apt-pkg/contrib/mmap.cc | 5 +++-- apt-pkg/deb/dpkgpm.cc | 4 ++-- apt-pkg/depcache.cc | 2 +- apt-pkg/indexcopy.cc | 2 +- cmdline/apt-cache.cc | 2 +- debian/changelog | 5 ++++- methods/http.cc | 3 ++- methods/https.cc | 2 +- po/apt-all.pot | 27 ++++++++++++++++++--------- 12 files changed, 39 insertions(+), 23 deletions(-) (limited to 'methods') diff --git a/apt-inst/contrib/extracttar.cc b/apt-inst/contrib/extracttar.cc index 68c871a5d..8338fd89d 100644 --- a/apt-inst/contrib/extracttar.cc +++ b/apt-inst/contrib/extracttar.cc @@ -208,14 +208,14 @@ bool ExtractTar::Go(pkgDirStream &Stream) Itm.Name = (char *)LastLongName.c_str(); else { - Tar->Name[sizeof(Tar->Name)] = 0; + Tar->Name[sizeof(Tar->Name)-1] = 0; Itm.Name = Tar->Name; } if (Itm.Name[0] == '.' && Itm.Name[1] == '/' && Itm.Name[2] != 0) Itm.Name += 2; // Grab the link target - Tar->Name[sizeof(Tar->LinkName)] = 0; + Tar->Name[sizeof(Tar->LinkName)-1] = 0; Itm.LinkTarget = Tar->LinkName; if (LastLongLink.empty() == false) diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index 80c2fee0f..38944bbac 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -444,8 +444,9 @@ bool pkgAcquire::Clean(string Dir) unlink(Dir->d_name); }; - chdir(StartDir.c_str()); closedir(D); + if (chdir(StartDir.c_str()) != 0) + return _error->Errno("chdir",_("Unable to change to %s"),StartDir.c_str()); return true; } /*}}}*/ diff --git a/apt-pkg/contrib/cdromutl.cc b/apt-pkg/contrib/cdromutl.cc index 6f00e1451..b6524a178 100644 --- a/apt-pkg/contrib/cdromutl.cc +++ b/apt-pkg/contrib/cdromutl.cc @@ -176,7 +176,8 @@ bool IdentCdrom(string CD,string &Res,unsigned int Version) Hash.Add(Dir->d_name); }; - chdir(StartDir.c_str()); + if (chdir(StartDir.c_str()) != 0) + return _error->Errno("chdir",_("Unable to change to %s"),StartDir.c_str()); closedir(D); // Some stats from the fsys diff --git a/apt-pkg/contrib/mmap.cc b/apt-pkg/contrib/mmap.cc index abcae46fe..eed438250 100644 --- a/apt-pkg/contrib/mmap.cc +++ b/apt-pkg/contrib/mmap.cc @@ -192,7 +192,8 @@ DynamicMMap::~DynamicMMap() unsigned long EndOfFile = iSize; iSize = WorkSpace; Close(false); - ftruncate(Fd->Fd(),EndOfFile); + if(ftruncate(Fd->Fd(),EndOfFile) < 0) + _error->Errno("ftruncate", _("Failed to truncate file")); } /*}}}*/ // DynamicMMap::RawAllocate - Allocate a raw chunk of unaligned space /*{{{*/ @@ -209,7 +210,7 @@ unsigned long DynamicMMap::RawAllocate(unsigned long Size,unsigned long Aln) // Just in case error check if (Result + Size > WorkSpace) { - _error->Error("Dynamic MMap ran out of room"); + _error->Error(_("Dynamic MMap ran out of room")); return 0; } diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 4fad0fd52..85cf4e119 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -531,7 +531,7 @@ bool pkgDPkgPM::OpenLog() struct tm *tmp = localtime(&t); strftime(outstr, sizeof(outstr), "%F %T", tmp); fprintf(term_out, "\nLog started: "); - fprintf(term_out, outstr); + fprintf(term_out, "%s", outstr); fprintf(term_out, "\n"); } return true; @@ -546,7 +546,7 @@ bool pkgDPkgPM::CloseLog() struct tm *tmp = localtime(&t); strftime(outstr, sizeof(outstr), "%F %T", tmp); fprintf(term_out, "Log ended: "); - fprintf(term_out, outstr); + fprintf(term_out, "%s", outstr); fprintf(term_out, "\n"); fclose(term_out); } diff --git a/apt-pkg/depcache.cc b/apt-pkg/depcache.cc index 859e64ea1..2411bfe89 100644 --- a/apt-pkg/depcache.cc +++ b/apt-pkg/depcache.cc @@ -269,7 +269,7 @@ bool pkgDepCache::writeStateFile(OpProgress *prog, bool InstalledOnly) ostr.str(string("")); ostr << "Package: " << pkg.Name() << "\nAuto-Installed: 1\n\n"; - fprintf(OutFile,ostr.str().c_str()); + fprintf(OutFile,"%s",ostr.str().c_str()); fprintf(OutFile,"\n"); } } diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc index b30777d8d..9e5c03e0b 100644 --- a/apt-pkg/indexcopy.cc +++ b/apt-pkg/indexcopy.cc @@ -639,7 +639,7 @@ bool SigVerify::CopyAndVerify(string CDROM,string Name,vector &SigList, // Open the Release file and add it to the MetaIndex if(!MetaIndex->Load(*I+"Release")) { - _error->Error(MetaIndex->ErrorText.c_str()); + _error->Error("%s",MetaIndex->ErrorText.c_str()); return false; } diff --git a/cmdline/apt-cache.cc b/cmdline/apt-cache.cc index f10ea48be..5513fcc90 100644 --- a/cmdline/apt-cache.cc +++ b/cmdline/apt-cache.cc @@ -1272,7 +1272,7 @@ bool DisplayRecord(pkgCache::VerIterator V) /*}}}*/ // Search - Perform a search /*{{{*/ // --------------------------------------------------------------------- -/* This searches the package names and pacakge descriptions for a pattern */ +/* This searches the package names and package descriptions for a pattern */ struct ExDescFile { pkgCache::DescFile *Df; diff --git a/debian/changelog b/debian/changelog index 5b5657731..0347e83ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,9 +7,12 @@ apt (0.7.17~exp2) experimental; urgency=low * apt-pkg/algorithm.cc: - Strip username and password from source URL in error message. (Closes: #425150) + + [ Michael Vogt ] + * fix various -Wall warnings - -- Eugene V. Lyubimkin Fri, 24 Oct 2008 23:45:17 +0300 + -- Michael Vogt Tue, 28 Oct 2008 18:06:38 +0100 apt (0.7.17~exp1) experimental; urgency=low diff --git a/methods/http.cc b/methods/http.cc index 26d435dea..b3c791fa0 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -941,7 +941,8 @@ int HttpMethod::DealWithHeaders(FetchResult &Res,ServerState *Srv) if (Srv->StartPos >= 0) { Res.ResumePoint = Srv->StartPos; - ftruncate(File->Fd(),Srv->StartPos); + if (ftruncate(File->Fd(),Srv->StartPos) < 0) + _error->Errno("ftruncate", _("Failed to truncate file")); } // Set the start point diff --git a/methods/https.cc b/methods/https.cc index e53ba1a11..98dfeefa1 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -249,7 +249,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm) if(success != 0) { unlink(File->Name().c_str()); - _error->Error(curl_errorstr); + _error->Error("%s", curl_errorstr); Fail(); return true; } diff --git a/po/apt-all.pot b/po/apt-all.pot index 922b9af1e..19e57536a 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2008-10-28 16:44+0100\n" +"POT-Creation-Date: 2008-10-28 18:12+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -1663,7 +1663,7 @@ msgstr "" msgid "Unable to accept connection" msgstr "" -#: methods/ftp.cc:864 methods/http.cc:959 methods/rsh.cc:303 +#: methods/ftp.cc:864 methods/http.cc:960 methods/rsh.cc:303 msgid "Problem hashing file" msgstr "" @@ -1855,15 +1855,19 @@ msgstr "" msgid "Error reading from server" msgstr "" -#: methods/http.cc:1104 +#: methods/http.cc:945 apt-pkg/contrib/mmap.cc:196 +msgid "Failed to truncate file" +msgstr "" + +#: methods/http.cc:1105 msgid "Bad header data" msgstr "" -#: methods/http.cc:1121 methods/http.cc:1176 +#: methods/http.cc:1122 methods/http.cc:1177 msgid "Connection failed" msgstr "" -#: methods/http.cc:1228 +#: methods/http.cc:1229 msgid "Internal error" msgstr "" @@ -1876,6 +1880,10 @@ msgstr "" msgid "Couldn't make mmap of %lu bytes" msgstr "" +#: apt-pkg/contrib/mmap.cc:213 +msgid "Dynamic MMap ran out of room" +msgstr "" + #: apt-pkg/contrib/strutl.cc:1014 #, c-format msgid "Selection %s not found" @@ -1992,12 +2000,13 @@ msgstr "" msgid "Unable to stat the mount point %s" msgstr "" -#: apt-pkg/contrib/cdromutl.cc:146 apt-pkg/acquire.cc:424 apt-pkg/clean.cc:40 +#: apt-pkg/contrib/cdromutl.cc:146 apt-pkg/contrib/cdromutl.cc:180 +#: apt-pkg/acquire.cc:424 apt-pkg/acquire.cc:449 apt-pkg/clean.cc:40 #, c-format msgid "Unable to change to %s" msgstr "" -#: apt-pkg/contrib/cdromutl.cc:187 +#: apt-pkg/contrib/cdromutl.cc:188 msgid "Failed to stat the cdrom" msgstr "" @@ -2274,12 +2283,12 @@ msgstr "" #. only show the ETA if it makes sense #. two days -#: apt-pkg/acquire.cc:827 +#: apt-pkg/acquire.cc:828 #, c-format msgid "Retrieving file %li of %li (%s remaining)" msgstr "" -#: apt-pkg/acquire.cc:829 +#: apt-pkg/acquire.cc:830 #, c-format msgid "Retrieving file %li of %li" msgstr "" -- cgit v1.2.3-70-g09d2