diff options
| -rw-r--r-- | apt-pkg/indexrecords.cc | 4 | ||||
| -rw-r--r-- | debian/changelog | 24 | ||||
| -rw-r--r-- | doc/apt.conf.5.xml | 24 | ||||
| -rw-r--r-- | doc/examples/configure-index | 4 |
4 files changed, 46 insertions, 10 deletions
diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index cdc2897bf..3bde7437d 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -104,9 +104,9 @@ bool indexRecords::Load(const string Filename) /*{{{*/ } } // get the user settings for this archive and use what expires earlier - int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0); + int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0); if (Label.empty() == true) - MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge); + MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge); if(MaxAge == 0) // No user settings, use the one from the Release file return true; diff --git a/debian/changelog b/debian/changelog index 049999230..c3f7a3e25 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,25 @@ -apt (0.7.26~exp5) experimental; urgency=low +apt (0.7.26~exp6) UNRELEASED; urgency=low [ David Kalnischkies ] + * doc/apt.conf.5.xml: + - document the new Valid-Until related options * apt-pkg/indexrecords.cc: - backport forgotten Valid-Until patch from the obsolete experimental branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897) + * apt-pkg/contrib/strutl.cc: + - split StrToTime() into HTTP1.1 and FTP date parser methods and + use strptime() instead of some self-made scanf mangling + - use the portable timegm shown in his manpage instead of a strange + looking code copycat from wget + * ftparchive/writer.cc: + - add ValidTime option to generate a Valid-Until header in Release file + + -- David Kalnischkies <kalnischkies@gmail.com> Wed, 09 Jun 2010 10:43:58 +0200 + +apt (0.7.26~exp5) experimental; urgency=low + + [ David Kalnischkies ] * cmdline/apt-get.cc: - rerun dpkg-source in source if --fix-broken is given (Closes: #576752) - don't suggest held packages as they are installed (Closes: #578135) @@ -44,13 +59,6 @@ apt (0.7.26~exp5) experimental; urgency=low - add 'disappear' to the known processing states, thanks Jonathan Nieder * apt-pkg/packagemanager.h: - export info about disappeared packages with GetDisappearedPackages() - * apt-pkg/contrib/strutl.cc: - - split StrToTime() into HTTP1.1 and FTP date parser methods and - use strptime() instead of some selfmade scanf mangling - - use the portable timegm shown in his manpage instead of a strange - looking code copycat from wget - * ftparchive/writer.cc: - - add ValidTime option to generate a Valid-Until header in Release file [ Michael Vogt ] * methods/http.{cc,h}: diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index fe005e0f1..0cf4bb663 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; and the URI handlers. <variablelist> + <varlistentry><term>Check-Valid-Until</term> + <listitem><para>Security related option defaulting to true as an + expiring validation for a Release file prevents longtime replay attacks + and can e.g. also help users to identify no longer updated mirrors - + but the feature depends on the correctness of the time on the user system. + Archive maintainers are encouraged to create Release files with the + <literal>Valid-Until</literal> header, but if they don't or a stricter value + is volitional the following <literal>Max-ValidTime</literal> option can be used. + </para></listitem> + </varlistentry> + + <varlistentry><term>Max-ValidTime</term> + <listitem><para>Seconds the Release file should be considered valid after + it was created. The default is "for ever" (0) if the Release file of the + archive doesn't include a <literal>Valid-Until</literal> header. + If it does then this date is the default. The date from the Release file or + the date specified by the creation time of the Release file + (<literal>Date</literal> header) plus the seconds specified with this + options are used to check if the validation of a file has expired by using + the earlier date of the two. Archive specific settings can be made by + appending the label of the archive to the option name. + </para></listitem> + </varlistentry> + <varlistentry><term>PDiffs</term> <listitem><para>Try to download deltas called <literal>PDiffs</literal> for Packages or Sources files instead of downloading whole ones. True diff --git a/doc/examples/configure-index b/doc/examples/configure-index index d168417d8..127feb9e9 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -176,6 +176,10 @@ Acquire PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess // 50% of the size of the original file + Check-Valid-Until "true"; + Max-ValidTime "864000"; // 10 days + Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration + // HTTP method configuration http { |