diff options
| author | David Kalnischkies <kalnischkies@gmail.com> | 2010-06-09 10:52:45 +0200 |
|---|---|---|
| committer | David Kalnischkies <kalnischkies@gmail.com> | 2010-06-09 10:52:45 +0200 |
| commit | 308b793694774eece8765d172b8e989d8ed29925 (patch) | |
| tree | bad798009c7f2b857c060e299294f63eabc3b20f /doc/apt.conf.5.xml | |
| parent | 1aa9b2974d33015102224ffb738b2e8e0a4bcb42 (diff) | |
| parent | b02fffa64833e1f8e2617669d89de0a6d0882747 (diff) | |
- backport forgotten Valid-Until patch from the obsolete experimental
branch to prevent replay attacks better, thanks to Thomas Viehmann
for the initial patch! (Closes: #499897)
* doc/apt.conf.5.xml:
- document the new Valid-Until related options
* apt-pkg/contrib/strutl.cc:
- split StrToTime() into HTTP1.1 and FTP date parser methods and
use strptime() instead of some self-made scanf mangling
- use the portable timegm shown in his manpage instead of a strange
looking code copycat from wget
* ftparchive/writer.cc:
- add ValidTime option to generate a Valid-Until header in Release file
Diffstat (limited to 'doc/apt.conf.5.xml')
| -rw-r--r-- | doc/apt.conf.5.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index fe005e0f1..0cf4bb663 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; and the URI handlers. <variablelist> + <varlistentry><term>Check-Valid-Until</term> + <listitem><para>Security related option defaulting to true as an + expiring validation for a Release file prevents longtime replay attacks + and can e.g. also help users to identify no longer updated mirrors - + but the feature depends on the correctness of the time on the user system. + Archive maintainers are encouraged to create Release files with the + <literal>Valid-Until</literal> header, but if they don't or a stricter value + is volitional the following <literal>Max-ValidTime</literal> option can be used. + </para></listitem> + </varlistentry> + + <varlistentry><term>Max-ValidTime</term> + <listitem><para>Seconds the Release file should be considered valid after + it was created. The default is "for ever" (0) if the Release file of the + archive doesn't include a <literal>Valid-Until</literal> header. + If it does then this date is the default. The date from the Release file or + the date specified by the creation time of the Release file + (<literal>Date</literal> header) plus the seconds specified with this + options are used to check if the validation of a file has expired by using + the earlier date of the two. Archive specific settings can be made by + appending the label of the archive to the option name. + </para></listitem> + </varlistentry> + <varlistentry><term>PDiffs</term> <listitem><para>Try to download deltas called <literal>PDiffs</literal> for Packages or Sources files instead of downloading whole ones. True |