diff options
author | Julian Andres Klode <juliank@ubuntu.com> | 2018-04-09 15:32:09 +0200 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2019-01-18 16:32:45 +0100 |
commit | 03af77d4ca60a21f3dca1ab10ef2ba17ec2f96c9 (patch) | |
tree | 7867cfa7a2ead40aeb5f9020d0e0f1b8c56719b1 /methods | |
parent | e4ad2101c39020f18ccd8bb522eeb6b5dead0e5d (diff) |
Import Debian version 1.0.1ubuntu2.18
apt (1.0.1ubuntu2.18) trusty; urgency=medium
* ExecFork: Use /proc/self/fd to determine which files to close
(Closes: #764204) (LP: #1332440).
apt (1.0.1ubuntu2.17) trusty-security; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
Thanks to Jann Horn, Google Project Zero for reporting the issue
(LP: #1647467)
apt (1.0.1ubuntu2.15) trusty; urgency=medium
* Fixes failure to download the Package index file when using
mirror:// URL in sources.list and the archive fails to profile
a file. APT would try the next archive in the list for .deb
packages but did not retry when the index file failed to download.
(LP: #1625667)
apt (1.0.1ubuntu2.14) trusty; urgency=medium
* When using the https transport mechanism, $no_proxy is ignored if apt is
getting it's proxy information from $https_proxy (as opposed to
Acquire::https::Proxy somewhere in apt config). If the source of proxy
information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
then $no_proxy is honored. This patch makes the behavior similar for
both methods of setting the proxy. (LP: #1575877)
apt (1.0.1ubuntu2.13) trusty; urgency=medium
* Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
systemd, util-linux, and other packages with Pre-Depends. Many thanks to
David Kalnischkies for figuring out the patch and Winfried PLappert for
testing! Patch taken from Debian git. (LP: #1560797)
apt (1.0.1ubuntu2.12) trusty; urgency=medium
[ Colin Watson ]
* Fix lzma write support to handle "try again" case (closes: #751688,
LP: #1553770).
[ David Kalnischkies ]
* Handle moved mmap after UniqFindTagWrite call (closes: #753941,
LP: #1445436).
apt (1.0.1ubuntu2.11) trusty; urgency=medium
* apt-pkg/packagemanager.cc:
- fix incorrect configure ordering in the SmartConfigure step by skipping
packages that do not need immediate action. (LP: #1347721, #1497688)
apt (1.0.1ubuntu2.10) trusty; urgency=medium
* Fix regression from the previous upload by ensuring we're actually
testing for the right member before iterating on it (LP: #1480592)
apt (1.0.1ubuntu2.9) trusty; urgency=medium
* Fix regression in the Never-MarkAuto-Sections feature caused by the
previous auto-removal fix, with inspiration drawn from the patches
and conversation from http://bugs.debian.org/793360 (LP: #1479207)
apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low
* fix crash for packages that have no section in their instVersion
(LP: #1449394)
apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low
* fix auto-removal behavior (thanks to Adam Conrad)
LP: #1429041
apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium
* apt-pkg/deb/dpkgpm.cc:
- update string matching for dpkg I/O errors. (LP: #1363257)
- properly parse the dpkg status line so that package name is properly set
and an apport report is created. Thanks to Anders Kaseorg for the patch.
(LP: #1353171)
apt (1.0.1ubuntu2.5) trusty-security; urgency=low
* SECURITY UPDATE:
- cmdline/apt-get.cc: fix insecure tempfile handling in
apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover
apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low
* SECURITY UPDATE:
- fix potential buffer overflow, thanks to the
Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
are used and those are on a different partition than
the apt state directory
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add
apt (1.0.1ubuntu2.3) trusty-security; urgency=low
* SECURITY UPDATE:
- incorrect invalidating of unauthenticated data (CVE-2014-0488)
- incorect verification of 304 reply (CVE-2014-0487)
- incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
Diffstat (limited to 'methods')
-rw-r--r-- | methods/copy.cc | 38 | ||||
-rw-r--r-- | methods/http.cc | 24 | ||||
-rw-r--r-- | methods/https.cc | 12 |
3 files changed, 47 insertions, 27 deletions
diff --git a/methods/copy.cc b/methods/copy.cc index d59f032ff..cc0ee6554 100644 --- a/methods/copy.cc +++ b/methods/copy.cc @@ -16,6 +16,7 @@ #include <apt-pkg/acquire-method.h> #include <apt-pkg/error.h> #include <apt-pkg/hashes.h> +#include <apt-pkg/configuration.h> #include <string> #include <sys/stat.h> @@ -27,19 +28,35 @@ class CopyMethod : public pkgAcqMethod { virtual bool Fetch(FetchItem *Itm); - + void CalculateHashes(FetchResult &Res); + public: - CopyMethod() : pkgAcqMethod("1.0",SingleInstance) {}; + CopyMethod() : pkgAcqMethod("1.0",SingleInstance|SendConfig) {}; }; +void CopyMethod::CalculateHashes(FetchResult &Res) +{ + // For gzip indexes we need to look inside the gzip for the hash + // We can not use the extension here as its not used in partial + // on a IMS hit + FileFd::OpenMode OpenMode = FileFd::ReadOnly; + if (_config->FindB("Acquire::GzipIndexes", false) == true) + OpenMode = FileFd::ReadOnlyGzip; + + Hashes Hash; + FileFd Fd(Res.Filename, OpenMode); + Hash.AddFD(Fd); + Res.TakeHashes(Hash); +} + // CopyMethod::Fetch - Fetch a file /*{{{*/ // --------------------------------------------------------------------- /* */ bool CopyMethod::Fetch(FetchItem *Itm) { URI Get = Itm->Uri; - std::string File = Get.Path; + std::string File = Get.Host + Get.Path; // To account for relative paths // Stat the file and send a start message struct stat Buf; @@ -53,7 +70,15 @@ bool CopyMethod::Fetch(FetchItem *Itm) Res.LastModified = Buf.st_mtime; Res.IMSHit = false; URIStart(Res); - + + // when the files are identical, just compute the hashes + if(File == Itm->DestFile) + { + CalculateHashes(Res); + URIDone(Res); + return true; + } + // See if the file exists FileFd From(File,FileFd::ReadOnly); FileFd To(Itm->DestFile,FileFd::WriteAtomic); @@ -82,10 +107,7 @@ bool CopyMethod::Fetch(FetchItem *Itm) if (utimes(Res.Filename.c_str(), times) != 0) return _error->Errno("utimes",_("Failed to set modification time")); - Hashes Hash; - FileFd Fd(Res.Filename, FileFd::ReadOnly); - Hash.AddFD(Fd); - Res.TakeHashes(Hash); + CalculateHashes(Res); URIDone(Res); return true; diff --git a/methods/http.cc b/methods/http.cc index ed6e3517d..d3a5d718f 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -667,7 +667,7 @@ void HttpMethod::SendReq(FetchItem *Itm) URI Uri = Itm->Uri; // The HTTP server expects a hostname with a trailing :port - char Buf[1000]; + string Buf; string ProperHost; if (Uri.Host.find(':') != string::npos) @@ -676,14 +676,10 @@ void HttpMethod::SendReq(FetchItem *Itm) ProperHost = Uri.Host; if (Uri.Port != 0) { - sprintf(Buf,":%u",Uri.Port); + strprintf(Buf,":%u",Uri.Port); ProperHost += Buf; } - // Just in case. - if (Itm->Uri.length() >= sizeof(Buf)) - abort(); - /* RFC 2616 ยง5.1.2 requires absolute URIs for requests to proxies, but while its a must for all servers to accept absolute URIs, it is assumed clients will sent an absolute path for non-proxies */ @@ -701,25 +697,27 @@ void HttpMethod::SendReq(FetchItem *Itm) in 1.1, can cause problems with proxies, and we are an HTTP/1.1 client anyway. C.f. https://tools.ietf.org/wg/httpbis/trac/ticket/158 */ - sprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", + strprintf(Buf,"GET %s HTTP/1.1\r\nHost: %s\r\n", requesturi.c_str(),ProperHost.c_str()); // generate a cache control header (if needed) if (_config->FindB("Acquire::http::No-Cache",false) == true) { - strcat(Buf,"Cache-Control: no-cache\r\nPragma: no-cache\r\n"); + Buf += "Cache-Control: no-cache\r\nPragma: no-cache\r\n"; } else { if (Itm->IndexFile == true) { - sprintf(Buf+strlen(Buf),"Cache-Control: max-age=%u\r\n", + string Tmp; + strprintf(Tmp,"Cache-Control: max-age=%u\r\n", _config->FindI("Acquire::http::Max-Age",0)); + Buf += Tmp; } else { if (_config->FindB("Acquire::http::No-Store",false) == true) - strcat(Buf,"Cache-Control: no-store\r\n"); + Buf += "Cache-Control: no-store\r\n"; } } @@ -733,7 +731,7 @@ void HttpMethod::SendReq(FetchItem *Itm) size_t const filepos = Itm->Uri.find_last_of('/'); string const file = Itm->Uri.substr(filepos + 1); if (flExtension(file) == file) - strcat(Buf,"Accept: text/*\r\n"); + Buf += "Accept: text/*\r\n"; } string Req = Buf; @@ -743,7 +741,7 @@ void HttpMethod::SendReq(FetchItem *Itm) if (stat(Itm->DestFile.c_str(),&SBuf) >= 0 && SBuf.st_size > 0) { // In this case we send an if-range query with a range header - sprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size, + strprintf(Buf,"Range: bytes=%lli-\r\nIf-Range: %s\r\n",(long long)SBuf.st_size, TimeRFC1123(SBuf.st_mtime).c_str()); Req += Buf; } @@ -751,7 +749,7 @@ void HttpMethod::SendReq(FetchItem *Itm) { if (Itm->LastModified != 0) { - sprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); + strprintf(Buf,"If-Modified-Since: %s\r\n",TimeRFC1123(Itm->LastModified).c_str()); Req += Buf; } } diff --git a/methods/https.cc b/methods/https.cc index c4aff8f38..087604b6d 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -124,13 +124,13 @@ void HttpsMethod::SetupProxy() /*{{{*/ if (UseProxy == "DIRECT") return; - if (UseProxy.empty() == false) + // Parse no_proxy, a comma (,) separated list of domains we don't want to use + // a proxy for so we stop right here if it is in the list + if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) + return; + + if (UseProxy.empty() == true) { - // Parse no_proxy, a comma (,) separated list of domains we don't want to use - // a proxy for so we stop right here if it is in the list - if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) - return; - } else { const char* result = getenv("https_proxy"); // FIXME: Fall back to http_proxy is to remain compatible with // existing setups and behaviour of apt.conf. This should be |