| Age | Commit message (Collapse) | Author |
|---|
|
Methods get told which hashes are expected by the acquire system, which
means we can use this list to restrict what we calculate in the methods
as any extra we are calculating is wasted effort as we can't compare it
with anything anyway.
Adding support for a new hash algorithm is therefore 'free' now and if a
algorithm is no longer provided in a repository for a file, we
automatically stop calculating it.
In practice this results in a speed-up in Debian as we don't have SHA512
here (so far), so we practically stop calculating it.
|
|
Git-Dch: Ignore
|
|
feature/acq-trans
Conflicts:
apt-pkg/acquire-item.cc
apt-pkg/acquire-item.h
methods/gpgv.cc
|
|
Conflicts:
apt-pkg/acquire-item.cc
|
|
Dch-Ignore: true
|
|
feature/acq-trans
|
|
|
|
Add a new "Debian-apt" user that owns the /var/lib/apt/lists
and /var/cache/apt/archive directories. The methods
http, https, ftp, gpgv, gzip switch to this user when they
start.
Thanks to Julian and "ioerror" and tors "switch_id()" code.
|
|
feature/acq-trans
Conflicts:
apt-pkg/acquire-item.cc
apt-pkg/acquire-item.h
methods/copy.cc
test/integration/test-hashsum-verification
|
|
|
|
When we do a ReverifyAfterIMS() we use the copy: method to
verify the hashes again. If the user uses -o Dir=./something/relative
this fails because we use the URI class in copy.cc that strips
away the leading relative part. By not using URI this is fixed.
Closes: #762160
|
|
incorrect invalidating of unauthenticated data (CVE-2014-0488)
incorect verification of 304 reply (CVE-2014-0487)
incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
|
|
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
|
cppcheck complains about the obsolete utime as it was removed in
POSIX1.2008 and recommends usage of utimensat/futimens instead
as those are in POSIX and so commit 9ce3cfc9 switched to them.
It is just that they aren't as portable as the standard suggests:
At least our kFreeBSD and Hurd ports stumble over it at runtime.
So to make both, the ports and cppcheck happy, we use utimes instead.
Closes: 738567
|
|
The most "visible" change is from utime to utimensat/futimens
as the first one isn't part of POSIX anymore.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
on the FileFd instead
|
|
|
|
|
|
|
|
|
|
|
|
- only pass a hash if we actually got one from the method
* methods/copy.cc:
- take hashes here too (*sigh*)
|
|
(closes: #436055)
|
|
Patches applied:
* apt@arch.ubuntu.com/apt--experimental--0.6--base-0
tag of apt@arch.ubuntu.com/apt--MAIN--0--patch-1190
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-1
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-2
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-3
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-4
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-5
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-6
Creation of branch v0_6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-7
Merge working copy of v0.6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-8
0.6.0 is headed for experimental, not unstable
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-9
Date
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-10
Update LIB_APT_PKG_MAJOR
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-11
- Fix a heap corruption bug in pkgSrcRecords::pkgSrcRec...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-12
Resynch
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-13
* Merge apt 0.5.17
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-14
* Rearrange Release file authentication code to be more...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-15
* Convert distribution "../project/experimental" to "ex...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-16
Merge 1.11
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-17
Merge 1.7
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-18
Merge 1.10
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-19
* Make a number of Release file errors into warnings; f...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-20
* Add space between package names when multiple unauthe...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-21
* Provide apt-key with a secret keyring and a trustdb, ...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-22
* Fix typo in apt-key(8) (standard input is '-', not '/')
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-23
0.6.2
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-24
Resynch
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-25
* Fix MetaIndexURI for flat ("foo/") sources
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-26
0.6.3
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-27
* Use the top-level Release file in LoadReleaseInfo, ra...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-28
0.6.4
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-29
Clarify
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-30
* Move the authentication check into a separate functio...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-31
* Fix display of unauthenticated packages when they are...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-32
* Move the authentication check into a separate functio...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-33
* Restore the ugly hack I removed from indexRecords::Lo...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-34
0.6.6
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-35
* Forgot to revert part of the changes to tagfile in 0....
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-36
* Add a config option and corresponding command line option
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-37
0.6.8
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-38
hopefully avoid more segfaults
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-39
XXX
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-40
* Another tagfile workaround
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-41
* Use "Codename" (woody, sarge, etc.) to supply the val...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-42
* Support IMS requests of Release.gpg and Release
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-43
* Have pkgAcquireIndex calculate an MD5 sum if one is n...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-44
* Merge 0.5.18
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-45
apt (0.6.13) experimental; urgency=low
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-46
0.6.13
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-47
Merge 0.5.20
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-48
The source list works a bit differently in 0.6; fix the...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-49
* s/Debug::Acquire::gpg/&v/
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-50
* Honor the [vendor] syntax in sources.list again (thou...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-51
* Don't ship vendors.list(5) since it isn't used yet
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-52
* Revert change from 0.6.10; it was right in the first ...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-53
* Fix some cases where the .gpg file could be left in p...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-54
Print a warning if gnupg is not installed
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-55
* Handle more IMS stuff correctly
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-56
0.6.17
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-57
* Merge 0.5.21
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-58
* Add new Debian Archive Automatic Signing Key to the d...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-59
0.6.18
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-60
* Merge 0.5.22
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-61
* Convert apt-key(8) to docbook XML
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-62
Merge 0.5.23
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-63
Remove bogus partial 0.5.22 changelog entry
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-64
Make the auth warning a bit less redundant
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-65
* Merge 0.5.24
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-66
* Make the unauthenticated packages prompt more intuiti...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-67
Merge 0.5.25
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-68
* Remove obsolete pkgIterator::TargetVer() (Closes: #230159)
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-69
* Reverse test in CheckAuth to match new prompt (Closes...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-70
Update version
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-71
Fix backwards sense of CheckAuth prompt
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-72
0.6.24
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-73
Close bug
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-74
* Fix handling of two-part sources for sources.list deb...
* apt@arch.ubuntu.com/apt--experimental--0.6--patch-75
0.6.25
* apt@packages.debian.org/apt--authentication--0--base-0
tag of apt@arch.ubuntu.com/apt--experimental--0.6--patch-75
* apt@packages.debian.org/apt--authentication--0--patch-1
Michael Vogt's merge of apt--experimental--0 onto apt--main--0
* apt@packages.debian.org/apt--authentication--0--patch-2
Merge from apt--main--0
* apt@packages.debian.org/apt--authentication--0--patch-3
Merge from main
* apt@packages.debian.org/apt--authentication--0--patch-4
Merge from main
* apt@packages.debian.org/apt--authentication--0--patch-5
Update version number in configure.in
* apt@packages.debian.org/apt--authentication--0--patch-6
Merge from main
* apt@packages.debian.org/apt--authentication--0--patch-7
Merge from main
* apt@packages.debian.org/apt--authentication--0--patch-8
Merge from mvo's branch
* apt@packages.debian.org/apt--authentication--0--patch-9
Merge from mvo's tree
* apt@packages.debian.org/apt--authentication--0--patch-10
Merge from mvo
* apt@packages.debian.org/apt--authentication--0--patch-11
Fix permissions AGAIN
* apt@packages.debian.org/apt--bzip2-debs--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-30
* apt@packages.debian.org/apt--bzip2-debs--0--patch-1
Create baz branch
* apt@packages.debian.org/apt--bzip2-debs--0--patch-2
Implement data.tar.bz2 support
* apt@packages.debian.org/apt--main--0--patch-30
Fix changelog
* apt@packages.debian.org/apt--main--0--patch-31
Fix permissions again
* apt@packages.debian.org/apt--main--0--patch-32
Fix permissions again
* apt@packages.debian.org/apt--main--0--patch-33
Use baz instead of tla
* apt@packages.debian.org/apt--main--0--patch-34
Merge bzip2-debs branch
* apt@packages.debian.org/apt--main--0--patch-35
Fix changelog
* apt@packages.debian.org/apt--main--0--patch-36
untagged-source precious
* apt@packages.debian.org/apt--main--0--patch-37
Add .arch-inventory files
* apt@packages.debian.org/apt--main--0--patch-38
Fix permissions again
* apt@packages.debian.org/apt--main--0--patch-39
Merge apt--authentication--0
* apt@packages.debian.org/apt--main--0--patch-40
Merge misc-abi-changes
* apt@packages.debian.org/apt--main--0--patch-41
Merge from mvo
* apt@packages.debian.org/apt--misc-abi-changes--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-16
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-1
Fix apt-get -s remove to not display the candidate version
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-2
Merge from main
* apt@packages.debian.org/apt--misc-abi-changes--0--patch-3
Use pid_t throughout to hold process IDs
* michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--base-0
tag of michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12
* michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-1
* star-merged matt's changes (bz2 support for data-members in debs)
* michael.vogt@canonical.com--2004--laptop/apt--authentication-mvo--0--patch-2
* ignore errors when a Packages.bz2/Sources.bz2 can't be found and try with Packages.gz/Sources.gz again
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-34
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-1
* merged matt's tree (with all those apt-authentication changes)
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-2
don't display a error if a bzip2 package can not be downloaded, just ignore (Ign) it
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-3
* "chmod 755 cmdline/apt-key", changed version to 0.6.27ubuntu1
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-4
* fix for a stupid merge error (from 0.5->0.6)
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-5
* unstable should really be hoary
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-6
* stronger dependencies for libapt-pkg-dev (depends on the source version of apt and apt-watch now)
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-7
* distro really should be hoary, not unstable :/
* michael.vogt@canonical.com--2004--laptop/apt--mvo--0--patch-8
* documented the "--allow-unauthenticated" switch
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-1
tag of apt@packages.debian.org/apt--authentication--0--base-0
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-2
merged "tla apply-delta -A foo@ apt@arch.ubuntu.com/apt--MAIN--0--patch-1190 apt@arch.ubuntu.com/apt--MAIN--0--patch-1343" and cleaned up conflicts
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-3
* missing bits from the merge added
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-4
* star-merged with apt@packages.debian.org/apt--main--0
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-5
* tree-synced to the apt--authentication tree
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-6
* use the ubuntu-key in this version
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-7
* imported the patches from mdz
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-8
* apt-get update --print-uris works now as before (fallback to 0.5.x behaviour)
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-9
* fix for the "if any source unauthenticated, all other sources are unauthenticated too" problem
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-10
* reworked the "--print-uris" patch. it no longer uses: "APT::Get::Print-URIs" in the library
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-11
* version of the library set to 3.6
* michael.vogt@canonical.com--2004/apt--authentication-mvo--0--patch-12
* changelog finallized, will upload to people.ubuntulinux.org/~mvo/apt-authentication
* michael.vogt@canonical.com--2004/apt--main-authentication--0--base-0
tag of apt@packages.debian.org/apt--main--0--patch-22
* michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-1
* star-merge from apt--experimental--0.6
* michael.vogt@canonical.com--2004/apt--main-authentication--0--patch-2
* compile failure fix for methods/http.cc, po-file fixes
|
|
|
|
Author: mdz
Date: 2004-01-07 20:39:37 GMT
* Patch from Eric Wong <normalperson@yhbt.net> to include apt18n.h after
other headers to avoid breaking locale.h when setlocale() is defined
as an empty macro (Closes: #226509)
|
|
Author: doogie
Date: 2003-02-10 07:34:41 GMT
Lots and lots of i18n updates.
|
|
Author: jgg
Date: 1999-01-20 04:36:43 GMT
Doc fixes and copy method patch
|
|
Author: jgg
Date: 1998-11-01 05:27:29 GMT
New http method
|
|
Author: jgg
Date: 1998-10-30 07:53:30 GMT
Sync
|
|
Author: jgg
Date: 1998-10-26 07:11:43 GMT
Stable acquire code
|
|
Author: jgg
Date: 1998-10-25 07:07:29 GMT
gzip method
|
|
Author: jgg
Date: 1998-10-25 01:57:07 GMT
Added copy method
|
