Import Debian version 1.0.1ubuntu2.18

apt (1.0.1ubuntu2.18) trusty; urgency=medium

  * ExecFork: Use /proc/self/fd to determine which files to close
    (Closes: #764204) (LP: #1332440).

apt (1.0.1ubuntu2.17) trusty-security; urgency=high

  * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
    Thanks to Jann Horn, Google Project Zero for reporting the issue
    (LP: #1647467)

apt (1.0.1ubuntu2.15) trusty; urgency=medium

  * Fixes failure to download the Package index file when using
    mirror:// URL in sources.list and the archive fails to profile
    a file. APT would try the next archive in the list for .deb
    packages but did not retry when the index file failed to download.
    (LP: #1625667)

apt (1.0.1ubuntu2.14) trusty; urgency=medium

  * When using the https transport mechanism, $no_proxy is ignored if apt is
    getting it's proxy information from $https_proxy (as opposed to
    Acquire::https::Proxy somewhere in apt config). If the source of proxy
    information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
    then $no_proxy is honored. This patch makes the behavior similar for
    both methods of setting the proxy. (LP: #1575877)

apt (1.0.1ubuntu2.13) trusty; urgency=medium

  * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
    Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
    systemd, util-linux, and other packages with Pre-Depends. Many thanks to
    David Kalnischkies for figuring out the patch and Winfried PLappert for
    testing! Patch taken from Debian git. (LP: #1560797)

apt (1.0.1ubuntu2.12) trusty; urgency=medium

  [ Colin Watson ]
  * Fix lzma write support to handle "try again" case (closes: #751688,
    LP: #1553770).

  [ David Kalnischkies ]
  * Handle moved mmap after UniqFindTagWrite call (closes: #753941,
    LP: #1445436).

apt (1.0.1ubuntu2.11) trusty; urgency=medium

  * apt-pkg/packagemanager.cc:
    - fix incorrect configure ordering in the SmartConfigure step by skipping
      packages that do not need immediate action. (LP: #1347721, #1497688)

apt (1.0.1ubuntu2.10) trusty; urgency=medium

  * Fix regression from the previous upload by ensuring we're actually
    testing for the right member before iterating on it (LP: #1480592)

apt (1.0.1ubuntu2.9) trusty; urgency=medium

  * Fix regression in the Never-MarkAuto-Sections feature caused by the
    previous auto-removal fix, with inspiration drawn from the patches
    and conversation from http://bugs.debian.org/793360 (LP: #1479207)

apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low

  * fix crash for packages that have no section in their instVersion
    (LP: #1449394)

apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low

  * fix auto-removal behavior (thanks to Adam Conrad)
    LP: #1429041

apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium

  * apt-pkg/deb/dpkgpm.cc:
    - update string matching for dpkg I/O errors. (LP: #1363257)
    - properly parse the dpkg status line so that package name is properly set
      and an apport report is created. Thanks to Anders Kaseorg for the patch.
      (LP: #1353171)

apt (1.0.1ubuntu2.5) trusty-security; urgency=low

  * SECURITY UPDATE:
      - cmdline/apt-get.cc: fix insecure tempfile handling in
        apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover

apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low

  * SECURITY UPDATE:
    - fix potential buffer overflow, thanks to the
      Google Security Team (CVE-2014-6273)
  * Fix regression from the previous upload when file:/// sources
    are used and those are on a different partition than
    the apt state directory
  * Fix regression when Dir::state::lists is set to a relative path
  * Fix regression when cdrom: sources got rewriten by apt-cdrom add

apt (1.0.1ubuntu2.3) trusty-security; urgency=low

  * SECURITY UPDATE:
    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
    - incorect verification of 304 reply (CVE-2014-0487)
    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)

1 files changed, 30 insertions, 8 deletions

diff --git a/methods/copy.cc b/methods/copy.cc
index d59f032ff..cc0ee6554 100644
--- a/methods/copy.cc
+++ b/methods/copy.cc
@@ -16,6 +16,7 @@
 #include <apt-pkg/acquire-method.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/hashes.h>
+#include <apt-pkg/configuration.h>
 
 #include <string>
 #include <sys/stat.h>
@@ -27,19 +28,35 @@
 class CopyMethod : public pkgAcqMethod
 {
    virtual bool Fetch(FetchItem *Itm);
-   
+   void CalculateHashes(FetchResult &Res);
+
    public:
    
-   CopyMethod() : pkgAcqMethod("1.0",SingleInstance) {};
+   CopyMethod() : pkgAcqMethod("1.0",SingleInstance|SendConfig) {};
 };
 
+void CopyMethod::CalculateHashes(FetchResult &Res)
+{
+   // For gzip indexes we need to look inside the gzip for the hash
+   // We can not use the extension here as its not used in partial 
+   // on a IMS hit
+   FileFd::OpenMode OpenMode = FileFd::ReadOnly;
+   if (_config->FindB("Acquire::GzipIndexes", false) == true)
+      OpenMode = FileFd::ReadOnlyGzip;
+
+   Hashes Hash;
+   FileFd Fd(Res.Filename, OpenMode);
+   Hash.AddFD(Fd);
+   Res.TakeHashes(Hash);
+}
+
 // CopyMethod::Fetch - Fetch a file					/*{{{*/
 // ---------------------------------------------------------------------
 /* */
 bool CopyMethod::Fetch(FetchItem *Itm)
 {
    URI Get = Itm->Uri;
-   std::string File = Get.Path;
+   std::string File = Get.Host + Get.Path; // To account for relative paths
 
    // Stat the file and send a start message
    struct stat Buf;
@@ -53,7 +70,15 @@ bool CopyMethod::Fetch(FetchItem *Itm)
    Res.LastModified = Buf.st_mtime;
    Res.IMSHit = false;      
    URIStart(Res);
-   
+
+   // when the files are identical, just compute the hashes
+   if(File == Itm->DestFile)
+   {
+      CalculateHashes(Res);
+      URIDone(Res);
+      return true;
+   }
+
    // See if the file exists
    FileFd From(File,FileFd::ReadOnly);
    FileFd To(Itm->DestFile,FileFd::WriteAtomic);
@@ -82,10 +107,7 @@ bool CopyMethod::Fetch(FetchItem *Itm)
    if (utimes(Res.Filename.c_str(), times) != 0)
       return _error->Errno("utimes",_("Failed to set modification time"));
 
-   Hashes Hash;
-   FileFd Fd(Res.Filename, FileFd::ReadOnly);
-   Hash.AddFD(Fd);
-   Res.TakeHashes(Hash);
+   CalculateHashes(Res);
 
    URIDone(Res);
    return true;