summaryrefslogtreecommitdiff
path: root/methods/http.cc
AgeCommit message (Collapse)Author
2019-01-18Import Debian version 1.0.1ubuntu2.18Julian Andres Klode
apt (1.0.1ubuntu2.18) trusty; urgency=medium * ExecFork: Use /proc/self/fd to determine which files to close (Closes: #764204) (LP: #1332440). apt (1.0.1ubuntu2.17) trusty-security; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download. (LP: #1625667) apt (1.0.1ubuntu2.14) trusty; urgency=medium * When using the https transport mechanism, $no_proxy is ignored if apt is getting it's proxy information from $https_proxy (as opposed to Acquire::https::Proxy somewhere in apt config). If the source of proxy information is Acquire::https::Proxy set in apt.conf (or apt.conf.d), then $no_proxy is honored. This patch makes the behavior similar for both methods of setting the proxy. (LP: #1575877) apt (1.0.1ubuntu2.13) trusty; urgency=medium * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured Pre-Depends (which dpkg later fails on). Fixes upgrade failures of systemd, util-linux, and other packages with Pre-Depends. Many thanks to David Kalnischkies for figuring out the patch and Winfried PLappert for testing! Patch taken from Debian git. (LP: #1560797) apt (1.0.1ubuntu2.12) trusty; urgency=medium [ Colin Watson ] * Fix lzma write support to handle "try again" case (closes: #751688, LP: #1553770). [ David Kalnischkies ] * Handle moved mmap after UniqFindTagWrite call (closes: #753941, LP: #1445436). apt (1.0.1ubuntu2.11) trusty; urgency=medium * apt-pkg/packagemanager.cc: - fix incorrect configure ordering in the SmartConfigure step by skipping packages that do not need immediate action. (LP: #1347721, #1497688) apt (1.0.1ubuntu2.10) trusty; urgency=medium * Fix regression from the previous upload by ensuring we're actually testing for the right member before iterating on it (LP: #1480592) apt (1.0.1ubuntu2.9) trusty; urgency=medium * Fix regression in the Never-MarkAuto-Sections feature caused by the previous auto-removal fix, with inspiration drawn from the patches and conversation from http://bugs.debian.org/793360 (LP: #1479207) apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low * fix crash for packages that have no section in their instVersion (LP: #1449394) apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low * fix auto-removal behavior (thanks to Adam Conrad) LP: #1429041 apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium * apt-pkg/deb/dpkgpm.cc: - update string matching for dpkg I/O errors. (LP: #1363257) - properly parse the dpkg status line so that package name is properly set and an apport report is created. Thanks to Anders Kaseorg for the patch. (LP: #1353171) apt (1.0.1ubuntu2.5) trusty-security; urgency=low * SECURITY UPDATE: - cmdline/apt-get.cc: fix insecure tempfile handling in apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * Fix regression from the previous upload when file:/// sources are used and those are on a different partition than the apt state directory * Fix regression when Dir::state::lists is set to a relative path * Fix regression when cdrom: sources got rewriten by apt-cdrom add apt (1.0.1ubuntu2.3) trusty-security; urgency=low * SECURITY UPDATE: - incorrect invalidating of unauthenticated data (CVE-2014-0488) - incorect verification of 304 reply (CVE-2014-0487) - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-03-13follow method attribute suggestions by gccDavid Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13StartPos is always positive for http/httpsDavid Kalnischkies
server.cc: In member function ‘bool ServerState::HeaderLine(std::string)’: server.cc:198:72: warning: format ‘%llu’ expects argument of type ‘long long unsigned int*’, but argument 3 has type ‘long long int*’ [-Wformat=] else if (sscanf(Val.c_str(),"bytes %llu-%*u/%llu",&StartPos,&Size) != 2) Git-Dch: Ignore Reported-By: gcc -Wpedantic
2014-03-13warning: extra ‘;’ [-Wpedantic]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wpedantic
2014-02-22Fix typos in documentation (codespell)Michael Vogt
2014-01-30fix various style/performance warnings in rredDavid Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2014-01-16correct some style/performance/warnings from cppcheckDavid Kalnischkies
The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
2013-10-22add Acquire::http::Proxy-Auto-Detect to the apt.conf.5 manpage (closes: 726597)Michael Vogt
2013-10-01handle complete responses to https range requestsDavid Kalnischkies
Servers might respond with a complete file either because they don't support Ranges at all or the If-Range condition isn't statisfied, so we have to parse the headers curl gets ourself to seek or truncate the file we have so far. This also finially adds the testcase testing a bunch of partial situations for both, http and https - which is now all green. Closes: 617643, 667699 LP: 1157943
2013-10-01refactor http client implementationDavid Kalnischkies
No effective behavior change, just shuffling big junks of code between methods and classes to split them into those strongly related to our client implementation and those implementing HTTP. The idea is to get HTTPS to a point in which most of the implementation can be shared even though the client implementations itself is completely different. This isn't anywhere near yet though, but it should beenough to reuse at least a few lines from http in https now. Git-Dch: Ignore
2013-10-01replace "filesize - 1" trick in http with proper 416 handlingDavid Kalnischkies
Our http client requests the "filesize - 1" for the small edgecase of handling a file which was completely downloaded, but not yet moved to the correct place as we get 416 errors in that case, but as we can handle 416 returns now we just special-case the situation of requesting the exact filesize and handle it as a 200 without content instead.
2013-10-01retry without partial data after a 416 responseDavid Kalnischkies
If we get a 416 from the server it means the Range we asked for is above the real filesize of the file on the server. Mostly this happens if the server isn't supporting If-Range, but regardless of how we end up with the partial data, the data is invalid so we discard it and retry with a fresh plate and hope for the best. Old behavior was to consider 416 an error and retry with a different compression until we ran out of compression and requested the uncompressed file (which doesn't exist on most mirrors) with an accept line which server answered with "406 Not Acceptable". Closes: 710924
2013-07-28Merge remote-tracking branch 'mvo/bugfix/coverity' into debian/sidMichael Vogt
2013-07-26request absolute URIs from proxies again (0.9.9.3 regession)David Kalnischkies
Commit 2b9c9b7f28b18f6ae3e422020e8934872b06c9f3 not only removes keep-alive, but also changes the request URI send to proxies which are required to be absolute URIs rather than the usual absolute paths. Closes: 717891
2013-07-25fix off-by-one error in HttpMethod::​AutoDetectProxy()Michael Vogt
2013-07-14Do not send a connection: keep-alive, at allRaphael Geissert
2013-05-08merged patch from Daniel Hartwig to fix URI and proxy releated issuesMichael Vogt
2013-01-24quote plus in filenames to work around a bug in the S3 serverMichael Vogt
(LP: #1003633)
2013-01-11* methods/http.cc:Michael Vogt
- quote spaces in filenames to ensure as the http method is also (potentially) used for non deb,dsc content that may contain spaces, thanks to Daniel Hartwig and Thomas Bushnell (LP: #1086997)
2012-05-17add spaces around PACKAGE_VERSION to fix FTBFS with -std=c++11David Kalnischkies
2012-05-15* methods/http.cc:David Kalnischkies
- after many years of pointless discussions disable http/1.1 pipelining by default as many webservers and proxies seem to be unable to conform to specification must's (rfc2616 section 8.1.2.2) (LP: #996151)
2012-05-14* apt-pkg/acquire*.cc:Raphael Geissert
- handle redirections in the worker with the right method instead of in the method the redirection occured in (Closes: #668111) * methods/http.cc: - forbid redirects to change protocol
2012-04-17newer gcc versions seems to have no problem with that, but while workingDavid Kalnischkies
with g++-4.1 it complains about this so lets be extra clear
2012-03-22the previously used VERSION didn't work everywhere so we are switchingDavid Kalnischkies
to the more standard PACKAGE_VERSION and make it work in every file
2012-03-05fix "(performance) Possible inefficient checking for 'R' emptiness."David Kalnischkies
2012-03-05fix "(style) Checking if unsigned variable 'Minor' is less than zero."David Kalnischkies
2012-03-05ensure that (s)scanf doesn't parse a too long Code now that a previousDavid Kalnischkies
commit lifted the Line-length limit
2012-02-11remove the arbitrary MAXLEN limit for response lines (Closes: #658346)David Kalnischkies
2012-01-30* methods/http{s,}.cc:David Kalnischkies
- if a file without an extension is requested send an 'Accept: text/*' header to avoid that the server chooses unsupported compressed files in a content-negotation attempt (Closes: #657560)
2011-12-17try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies
on the FileFd instead
2011-09-19use forward declaration in headers if possible instead of includesDavid Kalnischkies
2011-09-13merge with debian/experimentalDavid Kalnischkies
2011-09-13Support large files in the complete toolset. Indexes of thisDavid Kalnischkies
size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
2011-09-13reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies
2011-08-11cppcheck complains about some possible speed improvements which could beDavid Kalnischkies
done on the mirco-optimazation level, so lets fix them: (performance) Possible inefficient checking for emptiness. (performance) Prefer prefix ++/-- operators for non-primitive types.
2011-05-10dequote URL taken from Location in redirects as we will otherwiseDavid Kalnischkies
quote an already quoted string in the request later (Closes: #602412)
2011-04-29Location header in redirects should be absolute URI, but someDavid Kalnischkies
servers just send an absolute path so still deal with it properly
2011-04-27* methods/http.cc:David Kalnischkies
- add config option to ignore a closed stdin to be able to easily use the method as a simple standalone downloader
2010-11-22* methods/http.cc:Michael Vogt
- do not hang if Acquire::http::ProxyAutoDetect can not be executed or returns no data (LP: #654393)
2010-08-21* methods/http.cc:David Kalnischkies
- some http servers violate HTTP1.1 by not issuing a Reason-Phrase (or at least a space after the code) especially for 200, but lets be nice and ignore it as we don't need the reason in general
2010-06-09merged from lp:~donkult/apt/sidMichael Vogt
2010-06-09* merge the remaining Ubuntu change:Michael Vogt
- on gpg verification failure warn and restore the last known good state - on failure display the IP of the server (useful for servers that use round robin DNS) - support Original-Maintainer in RewritePackageOrder - enable cdrom autodetection via libudev by default - show messsage about Vcs in use when apt-get source is run for packages maintained in a Vcs - better support transitional packages with mark auto-installed. when the transitional package is in "oldlibs" the new package is not marked auto installed (same is true for section metapackages) - provide new "deb mirror://archive.foo/mirrors.list sid main" method expects a list of mirrors (generated on the server e.g. via geoip) and will use that, including cycle on failure - write apport crash file on package failure (disabled by default on debian until apport is available) - support mirror failure reporting (disabled by default on debian)
2010-06-09move the users away from the deprecated StrToTime() methodDavid Kalnischkies
2010-05-25methods/http.cc: shorten comment on return values of DealWithHeaders ↵Michael Vogt
(because we use a enum now)
2010-05-07* methods/http.cc: Michael Vogt
- code cleanup, add (some) doxygen strings
2010-02-17merged from the mvo branchMichael Vogt
2010-02-05add Acquire::http::ProxyAutoDetect configuration that Michael Vogt
can be used to call a external helper to figure out the proxy configuration and return it to apt via stdout
2010-02-03merged from lp:~mvo/apt/mvoMichael Vogt
2010-02-03* methods/http.cc:Michael Vogt
- add cache-control headers even if no cache is given to allow adding options for intercepting proxies