summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/hashes.cc
AgeCommit message (Collapse)Author
2016-10-05try not to call memcpy with length 0 in hash calculationsDavid Kalnischkies
memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined (cherry picked from commit 644478e8db56f305601c3628a74e53de048b28c8)
2016-03-28Allow lowering trust level of a hash via configJulian Andres Klode
Introduces APT::Hashes::<NAME> with entries Untrusted and Weak which can be set to true to cause the hash to be treated as untrusted and/or weak.
2016-03-13Do not consider SHA1 usableJulian Andres Klode
SHA1 is not reasonably secure anymore, so we should not consider it usable anymore. The test suite is adjusted to account for this.
2015-09-01use unusable-for-security hashes for integrity checksDavid Kalnischkies
We want to declare some hashes as not enough for security, so that a user will need --allow-unauthenticated or similar to get data secured only by those hashes, but we can still us these hashes for integrity checks if we got them.
2015-09-01Consider md5sum no longer a usable hashMichael Vogt
The md5sum hash is broken since some time and we should no longer consider it a usable hash. Also update the tests to reflect this.
2015-08-10make all d-pointer * const pointersDavid Kalnischkies
Doing this disables the implicit copy assignment operator (among others) which would cause hovac if used on the classes as it would just copy the pointer, not the data the d-pointer points to. For most of the classes we don't need a copy assignment operator anyway and in many classes it was broken before as many contain a pointer of some sort. Only for our Cacheset Container interfaces we define an explicit copy assignment operator which could later be implemented to copy the data from one d-pointer to the other if we need it. Git-Dch: Ignore
2015-08-10apply various style suggestions by cppcheckDavid Kalnischkies
Some of them modify the ABI, but given that we prepare a big one already, these few hardly count for much. Git-Dch: Ignore
2015-06-09support hashes for compressed pdiff filesDavid Kalnischkies
At the moment we only have hashes for the uncompressed pdiff files, but via the new '$HASH-Download' field in the .diff/Index hashes can be provided for the .gz compressed pdiff file, which apt will pick up now and use to verify the download. Now, we "just" need a buy in from the creators of repositories…
2015-06-09rework hashsum verification in the acquire systemDavid Kalnischkies
Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
2015-05-12implement VerifyFile as all-hashes checkDavid Kalnischkies
It isn't used much compared to what the methodname suggests, but in the remaining uses it can't hurt to check more than strictly necessary by calculating and verifying with all hashes we can compare with rather than "just" the best known hash.
2015-04-19calculate only expected hashes in methodsDavid Kalnischkies
Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it.
2014-11-08replace ignore-deprecated #pragma dance with _PragmaDavid Kalnischkies
For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore
2014-10-24promote filesize to a hashstringDavid Kalnischkies
It is a very simple hashstring, which is why it isn't contributing to the usability of a list of them, but it is also trivial to check and calculate, so it doesn't hurt checking it either as it can combined even with the simplest other hashes greatly complicate attacks on them as you suddenly need a same-size hash collision, which is usually a lot harder to achieve.
2014-09-30support parsing of all hashes for pdiffDavid Kalnischkies
The fileformat of a pdiff index stores currently only SHA1 hashes. With this change, we look for all other hashes we support as well and take what we get, so that we can work after the release of jessie to get right of SHA1 if we want to. Note that the completely patched file is and was checked against the hashes collected from the Release file, so this transition isn't mission critical.
2014-05-09use HashStringList in the acquire systemDavid Kalnischkies
It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
2014-05-09add a simple container for HashStringsDavid Kalnischkies
APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. Git-Dch: Ignore
2014-04-04Implement CacheDB for source packages in apt-ftparchiveMichael Vogt
2014-03-13follow method attribute suggestions by gccDavid Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-01-16correct some style/performance/warnings from cppcheckDavid Kalnischkies
The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
2013-11-26add check when sources.list changedMichael Vogt
2011-12-17try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies
on the FileFd instead
2011-09-19do not pollute namespace in the headers with using (Closes: #500198)David Kalnischkies
2011-09-13Support large files in the complete toolset. Indexes of thisDavid Kalnischkies
size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
2011-09-13reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies
2011-07-14fix sha512 calculation in Hashes::VerifyFiles()David Kalnischkies
2011-07-13enable Hashes::AddFD() to skip creation of certain hashesDavid Kalnischkies
2011-02-25add sha512 support in the client now as wellMichael Vogt
2010-01-31merge r1966..1967 from lp:~donkult/apt/sidMichael Vogt
2009-07-21The 'not dead yet' releaseMichael Vogt
* add hook for MarkInstall and MarkDelete (closes: #470035) * add the various foldmarkers in apt-pkg & cmdline (no code change) * versions with a pin of -1 shouldn't be a candidate (Closes: #355237) * prefer mmap as memory allocator in MMap instead of a static char array which can (at least in theory) grow dynamic * eliminate (hopefully all) segfaults in pkgcachegen.cc and mmap.cc which can arise if cache doesn't fit into the mmap (Closes: #535218) * display warnings instead of errors if the parts dirs doesn't exist * honor the dpkg hold state in new Marker hooks (closes: #64141)
2009-07-16* apt-pkg/contrib/hashes.cc, apt-pkg/contrib/md5.cc:Julian Andres Klode
- Support reading until EOF if Size=0 to match behaviour of SHA1Summation and SHA256Summation
2009-06-30add the various foldmarkers in apt-pkg & cmdline (no code change)David Kalnischkies
2007-07-30* apt-pkg/acquire-item.{cc,h}:Michael Vogt
- rename "hash" into ExpectedHash in pkgAcqFile, pkgAcqIndex - add missing HashSum() call to class pkgAcqIndex - use the data provided by acquire-method (and send via the {SHA256,SHA1,MD5Sum}-Hash tag when comparing the hash, this avoids calculating the hash twice (just like old libapt) * apt-pkg/acquire-method.cc: - send MD5Sum-Hash tag to libapt to be consistant with HashString::SupportedHashes() * apt-pkg/acquire-worker.cc: - check with "Owner->HashSum().HashType()" what hash the frontend is expecting and pass it to pkgAcquireItem::Done() in the new HashString format - add some debugging output * apt-pkg/contrib/hashes.cc: - fix off-by-one error when constructing a HashString from a single input string * apt-pkg/contrib/hashes.h: - add "HashType()" method * apt-pkg/init.h, apt-pkg/makefile, methods/makefile: - break ABI
2007-07-26* implement sha256/sha1/md5 checking with proper backward compatibilityMichael Vogt
and fallback
2007-06-08* remove all the remaining #pragma implementationMichael Vogt
2006-03-08* added ajs patchMichael Vogt
2005-05-23* merged with my apt--fixes--0 branchMichael Vogt
Patches applied: * apt@packages.debian.org/apt--misc-abi-changes--0--patch-4 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-5 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-6 Collapse both pkgAcquire::Run() methods into one, with a default value * michael.vogt@ubuntu.com--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-79 * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-1 * merged obvious fixes into the tree to make it easy for matt to merge * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-2 * more merges from otavio that looks good/uncritical * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-3 * merged Matts misc-abi-changes tree * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-4 * finalized the changelog for a ubuntu build * otavio@debian.org--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-71 * otavio@debian.org--2005/apt--fixes--0--patch-1 Fix comments about the need of xmlto * otavio@debian.org--2005/apt--fixes--0--patch-2 Fix a compile warning * otavio@debian.org--2005/apt--fixes--0--patch-3 Sync with apt--main--0--patch-76 * otavio@debian.org--2005/apt--fixes--0--patch-4 Sync with apt--main--0--patch-78 * otavio@debian.org--2005/apt--fixes--0--patch-5 Add fixes that was wrongly included on DDTP changes. * otavio@debian.org--2005/apt--fixes--0--patch-8 Add information about the other fixes include on this branch now. * otavio@debian.org--2005/apt--fixes--0--patch-9 Merge last changes from apt--main--0. * otavio@debian.org--2005/apt--fixes--0--patch-10 Fix warnings about min/max change in gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-11 Fix remaning warnings while compiling gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-12 Add changelog entry about the fixes for warnings while compiling using GCC 4.0 compiler.
2004-09-20More SHA-1 prepArch Librarian
Author: jgg Date: 2001-03-06 07:15:29 GMT More SHA-1 prep