summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <juliank@ubuntu.com>2018-04-09 15:32:09 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2019-01-18 16:32:45 +0100
commit03af77d4ca60a21f3dca1ab10ef2ba17ec2f96c9 (patch)
tree7867cfa7a2ead40aeb5f9020d0e0f1b8c56719b1 /methods
parente4ad2101c39020f18ccd8bb522eeb6b5dead0e5d (diff)
Import Debian version 1.0.1ubuntu2.18
apt (1.0.1ubuntu2.18) trusty; urgency=medium * ExecFork: Use /proc/self/fd to determine which files to close (Closes: #764204) (LP: #1332440). apt (1.0.1ubuntu2.17) trusty-security; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download. (LP: #1625667) apt (1.0.1ubuntu2.14) trusty; urgency=medium * When using the https transport mechanism, $no_proxy is ignored if apt is getting it's proxy information from $https_proxy (as opposed to Acquire::https::Proxy somewhere in apt config). If the source of proxy information is Acquire::https::Proxy set in apt.conf (or apt.conf.d), then $no_proxy is honored. This patch makes the behavior similar for both methods of setting the proxy. (LP: #1575877) apt (1.0.1ubuntu2.13) trusty; urgency=medium * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured Pre-Depends (which dpkg later fails on). Fixes upgrade failures of systemd, util-linux, and other packages with Pre-Depends. Many thanks to David Kalnischkies for figuring out the patch and Winfried PLappert for testing! Patch taken from Debian git. (LP: #1560797) apt (1.0.1ubuntu2.12) trusty; urgency=medium [ Colin Watson ] * Fix lzma write support to handle "try again" case (closes: #751688, LP: #1553770). [ David Kalnischkies ] * Handle moved mmap after UniqFindTagWrite call (closes: #753941, LP: #1445436). apt (1.0.1ubuntu2.11) trusty; urgency=medium * apt-pkg/packagemanager.cc: - fix incorrect configure ordering in the SmartConfigure step by skipping packages that do not need immediate action. (LP: #1347721, #1497688) apt (1.0.1ubuntu2.10) trusty; urgency=medium * Fix regression from the previous upload by ensuring we're actually testing for the right member before iterating on it (LP: #1480592) apt (1.0.1ubuntu2.9) trusty; urgency=medium * Fix regression in the Never-MarkAuto-Sections feature caused by the previous auto-removal fix, with inspiration drawn from the patches and conversation from http://bugs.debian.org/793360 (LP: #1479207) apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low * fix crash for packages that have no section in their instVersion (LP: #1449394) apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low * fix auto-removal behavior (thanks to Adam Conrad) LP: #1429041 apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium * apt-pkg/deb/dpkgpm.cc: - update string matching for dpkg I/O errors. (LP: #1363257) - properly parse the dpkg status line so that package name is properly set and an apport report is created. Thanks to Anders Kaseorg for the patch. (LP: #1353171) apt (1.0.1ubuntu2.5) trusty-security; urgency=low * SECURITY UPDATE: - cmdline/apt-get.cc: fix insecure tempfile handling in apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * Fix regression from the previous upload when file:/// sources are used and those are on a different partition than the apt state directory * Fix regression when Dir::state::lists is set to a relative path * Fix regression when cdrom: sources got rewriten by apt-cdrom add apt (1.0.1ubuntu2.3) trusty-security; urgency=low * SECURITY UPDATE: - incorrect invalidating of unauthenticated data (CVE-2014-0488) - incorect verification of 304 reply (CVE-2014-0487) - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
Diffstat (limited to 'methods')
-rw-r--r--methods/copy.cc38
-rw-r--r--methods/http.cc24
-rw-r--r--methods/https.cc12
3 files changed, 47 insertions, 27 deletions
diff --git a/methods/copy.cc b/methods/copy.cc
index d59f032ff..cc0ee6554 100644
--- a/methods/copy.cc
+++ b/methods/copy.cc
@@ -16,6 +16,7 @@
#include <apt-pkg/acquire-method.h>
#include <apt-pkg/error.h>
#include <apt-pkg/hashes.h>
+#include <apt-pkg/configuration.h>
#include <string>
#include <sys/stat.h>
@@ -27,19 +28,35 @@
class CopyMethod : public pkgAcqMethod
{
virtual bool Fetch(FetchItem *Itm);
-
+ void CalculateHashes(FetchResult &Res);
+
public:
- CopyMethod() : pkgAcqMethod("1.0",SingleInstance) {};
+ CopyMethod() : pkgAcqMethod("1.0",SingleInstance|SendConfig) {};
};
+void CopyMethod::CalculateHashes(FetchResult &Res)
+{
+ // For gzip indexes we need to look inside the gzip for the hash
+ // We can not use the extension here as its not used in partial
+ // on a IMS hit
+ FileFd::OpenMode OpenMode = FileFd::ReadOnly;
+ if (_config->FindB("Acquire::GzipIndexes", false) == true)
+ OpenMode = FileFd::ReadOnlyGzip;
+
+ Hashes Hash;
+ FileFd Fd(Res.Filename, OpenMode);
+ Hash.AddFD(Fd);
+ Res.TakeHashes(Hash);
+}
+
// CopyMethod::Fetch - Fetch a file /*{{{*/
// ---------------------------------------------------------------------
/* */
bool CopyMethod::Fetch(FetchItem *Itm)
{
URI Get = Itm->Uri;
- std::string File = Get.Path;
+ std::string File = Get.Host + Get.Path; // To account for relative paths
// Stat the file and send a start message
struct stat Buf;
@@ -53,7 +70,15 @@ bool CopyMethod::Fetch(FetchItem *Itm)
Res.LastModified = Buf.st_mtime;
Res.IMSHit = false;
URIStart(Res);
-
+
+ // when the files are identical, just compute the hashes
+ if(File == Itm->DestFile)
+ {
+ CalculateHashes(Res);
+ URIDone(Res);
+ return true;
+ }
+
// See if the file exists
FileFd From(File,FileFd::ReadOnly);
FileFd To(Itm->DestFile,FileFd::WriteAtomic);
@@ -82,10 +107,7 @@ bool CopyMethod::Fetch(FetchItem *Itm)
if (utimes(Res.Filename.c_str(), times) != 0)
return _error->Errno("utimes",_("Failed to set modification time"));
- Hashes Hash;
- FileFd Fd(Res.Filename, FileFd::ReadOnly);
- Hash.AddFD(Fd);
- Res.TakeHashes(Hash);
+ CalculateHashes(Res);
URIDone(Res);
return true;
diff --git a/methods/http.cc b/methods/http.cc
index ed6e3517d..d3a5d718f 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -667,7 +667,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
URI Uri = Itm->Uri;
// The HTTP server expects a hostname with a trailing :port
- char Buf[1000];
+ string Buf;
string ProperHost;
if (Uri.Host.find(':') != string::npos)
@@ -676,14 +676,10 @@ void HttpMethod::SendReq(FetchItem *Itm)
ProperHost = Uri.Host;
if (Uri.Port != 0)
{
- sprintf(Buf,":%u",Uri.Port);
+ strprintf(Buf,":%u",Uri.Port);
ProperHost += Buf;
}
- // Just in case.
- if (Itm->Uri.length() >= sizeof(Buf))
- abort();
-
/* RFC 2616 ยง5.1.2 requires absolute URIs for requests to proxies,
but while its a must for all servers to accept absolute URIs,
it is assumed clients will sent an absolute path for non-proxies */
@@ -701,25 +697,27 @@ void HttpMethod::SendReq(FetchItem *Itm)
in 1.1, can cause problems with proxies, and we are an HTTP/1.1
client anyway.
C.f. https://tools.ietf.org/wg/httpbis/trac/ticket/158 */
- sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
+ strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n",
requesturi.c_str(),ProperHost.c_str());
// generate a cache control header (if needed)
if (_config->FindB("Acquire::http::No-Cache",false) == true)
{
- strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n");
+ Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n";
}
else
{
if (Itm->IndexFile == true)
{
- sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n",
+ string Tmp;
+ strprintf(Tmp,"Cache-Control: max-age=%u\r\n",
_config->FindI("Acquire::http::Max-Age",0));
+ Buf += Tmp;
}
else
{
if (_config->FindB("Acquire::http::No-Store",false) == true)
- strcat(Buf,"Cache-Control: no-store\r\n");
+ Buf += "Cache-Control: no-store\r\n";
}
}
@@ -733,7 +731,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
size_t const filepos = Itm->Uri.find_last_of('/');
string const file = Itm->Uri.substr(filepos + 1);
if (flExtension(file) == file)
- strcat(Buf,"Accept: text/*\r\n");
+ Buf += "Accept: text/*\r\n";
}
string Req = Buf;
@@ -743,7 +741,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0)
{
// In this case we send an if-range query with a range header
- sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size,
+ strprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size,
TimeRFC1123(SBuf.st_mtime).c_str());
Req += Buf;
}
@@ -751,7 +749,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
{
if (Itm->LastModified != 0)
{
- sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
+ strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str());
Req += Buf;
}
}
diff --git a/methods/https.cc b/methods/https.cc
index c4aff8f38..087604b6d 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -124,13 +124,13 @@ void HttpsMethod::SetupProxy() /*{{{*/
if (UseProxy == "DIRECT")
return;
- if (UseProxy.empty() == false)
+ // Parse no_proxy, a comma (,) separated list of domains we don't want to use
+ // a proxy for so we stop right here if it is in the list
+ if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
+ return;
+
+ if (UseProxy.empty() == true)
{
- // Parse no_proxy, a comma (,) separated list of domains we don't want to use
- // a proxy for so we stop right here if it is in the list
- if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
- return;
- } else {
const char* result = getenv("https_proxy");
// FIXME: Fall back to http_proxy is to remain compatible with
// existing setups and behaviour of apt.conf. This should be