summaryrefslogtreecommitdiff
path: root/methods/https.cc
AgeCommit message (Collapse)Author
2019-01-18Import Debian version 1.0.1ubuntu2.18Julian Andres Klode
apt (1.0.1ubuntu2.18) trusty; urgency=medium * ExecFork: Use /proc/self/fd to determine which files to close (Closes: #764204) (LP: #1332440). apt (1.0.1ubuntu2.17) trusty-security; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download. (LP: #1625667) apt (1.0.1ubuntu2.14) trusty; urgency=medium * When using the https transport mechanism, $no_proxy is ignored if apt is getting it's proxy information from $https_proxy (as opposed to Acquire::https::Proxy somewhere in apt config). If the source of proxy information is Acquire::https::Proxy set in apt.conf (or apt.conf.d), then $no_proxy is honored. This patch makes the behavior similar for both methods of setting the proxy. (LP: #1575877) apt (1.0.1ubuntu2.13) trusty; urgency=medium * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured Pre-Depends (which dpkg later fails on). Fixes upgrade failures of systemd, util-linux, and other packages with Pre-Depends. Many thanks to David Kalnischkies for figuring out the patch and Winfried PLappert for testing! Patch taken from Debian git. (LP: #1560797) apt (1.0.1ubuntu2.12) trusty; urgency=medium [ Colin Watson ] * Fix lzma write support to handle "try again" case (closes: #751688, LP: #1553770). [ David Kalnischkies ] * Handle moved mmap after UniqFindTagWrite call (closes: #753941, LP: #1445436). apt (1.0.1ubuntu2.11) trusty; urgency=medium * apt-pkg/packagemanager.cc: - fix incorrect configure ordering in the SmartConfigure step by skipping packages that do not need immediate action. (LP: #1347721, #1497688) apt (1.0.1ubuntu2.10) trusty; urgency=medium * Fix regression from the previous upload by ensuring we're actually testing for the right member before iterating on it (LP: #1480592) apt (1.0.1ubuntu2.9) trusty; urgency=medium * Fix regression in the Never-MarkAuto-Sections feature caused by the previous auto-removal fix, with inspiration drawn from the patches and conversation from http://bugs.debian.org/793360 (LP: #1479207) apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low * fix crash for packages that have no section in their instVersion (LP: #1449394) apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low * fix auto-removal behavior (thanks to Adam Conrad) LP: #1429041 apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium * apt-pkg/deb/dpkgpm.cc: - update string matching for dpkg I/O errors. (LP: #1363257) - properly parse the dpkg status line so that package name is properly set and an apport report is created. Thanks to Anders Kaseorg for the patch. (LP: #1353171) apt (1.0.1ubuntu2.5) trusty-security; urgency=low * SECURITY UPDATE: - cmdline/apt-get.cc: fix insecure tempfile handling in apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * Fix regression from the previous upload when file:/// sources are used and those are on a different partition than the apt state directory * Fix regression when Dir::state::lists is set to a relative path * Fix regression when cdrom: sources got rewriten by apt-cdrom add apt (1.0.1ubuntu2.3) trusty-security; urgency=low * SECURITY UPDATE: - incorrect invalidating of unauthenticated data (CVE-2014-0488) - incorect verification of 304 reply (CVE-2014-0487) - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies
Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
2014-03-13warning: extra ‘;’ [-Wpedantic]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wpedantic
2014-02-22Fix typos in documentation (codespell)Michael Vogt
2014-02-14add a testcase to check for forbidden https→http downgradesDavid Kalnischkies
Git-Dch: Ignore
2014-02-14disable https->http redirects in libcurlMichael Vogt
This change prevents changing the protocol from https to http.
2014-02-14report https download start only if we really get itDavid Kalnischkies
Reporting it via progress means that e.g. a redirect will trigger it, too, so you get a Get & Hit while http only reports a Hit as it should be.
2014-02-11use utimes instead of utimensat/futimensDavid Kalnischkies
cppcheck complains about the obsolete utime as it was removed in POSIX1.2008 and recommends usage of utimensat/futimens instead as those are in POSIX and so commit 9ce3cfc9 switched to them. It is just that they aren't as portable as the standard suggests: At least our kFreeBSD and Hurd ports stumble over it at runtime. So to make both, the ports and cppcheck happy, we use utimes instead. Closes: 738567
2014-01-16correct some style/performance/warnings from cppcheckDavid Kalnischkies
The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
2013-10-01handle complete responses to https range requestsDavid Kalnischkies
Servers might respond with a complete file either because they don't support Ranges at all or the If-Range condition isn't statisfied, so we have to parse the headers curl gets ourself to seek or truncate the file we have so far. This also finially adds the testcase testing a bunch of partial situations for both, http and https - which is now all green. Closes: 617643, 667699 LP: 1157943
2013-10-01fix partial (206 and 416) support in httpsDavid Kalnischkies
As lengthy discussed in lp:1157943 partial https support was utterly broken as a 206 response was handled as an (unhandled) error. This is the first part of fixing it by supporting a 206 response and starting to deal with 416.
2013-05-08merged patch from Daniel Hartwig to fix URI and proxy releated issuesMichael Vogt
2013-05-08merged from the debian-wheezy branchMichael Vogt
2013-05-08properly handle if-modfied-since with libcurl/https Michael Vogt
(closes: #705648)
2013-01-09* methods/https.cc:Michael Vogt
- reuse connection in https, thanks to Thomas Bushnell, BSG for the patch. LP: #1087543, Closes: #695359
2012-05-17add spaces around PACKAGE_VERSION to fix FTBFS with -std=c++11David Kalnischkies
2012-03-22the previously used VERSION didn't work everywhere so we are switchingDavid Kalnischkies
to the more standard PACKAGE_VERSION and make it work in every file
2012-01-30* methods/http{s,}.cc:David Kalnischkies
- if a file without an extension is requested send an 'Accept: text/*' header to avoid that the server chooses unsupported compressed files in a content-negotation attempt (Closes: #657560)
2012-01-19* methods/https.cc:David Kalnischkies
- use curls list append instead of appending Range and If-Range by hand which generates malformed requests, thanks Mel Collins for the hint! (Closes: #646381)
2011-12-17try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies
on the FileFd instead
2011-10-05merge with current debian apt/experimentalDavid Kalnischkies
2011-10-05* apt-pkg/contrib/configuration.cc:Michael Vogt
- fix double delete (LP: #848907) - ignore only the invalid regexp instead of all options * apt-pkg/acquire-item.h, apt-pkg/deb/debmetaindex.cc: - fix fetching language information by adding OptionalSubIndexTarget * methods/https.cc: - cleanup broken downloads properly * ftparchive/cachedb.cc: - fix buffersize in bytes2hex * apt-pkg/deb/deblistparser.cc: - fix crash when the dynamic mmap needs to be grown in LoadReleaseInfo (LP: #854090)
2011-09-20* methods/https.cc:Michael Vogt
- cleanup broken downloads properly
2011-09-19use forward declaration in headers if possible instead of includesDavid Kalnischkies
2011-09-13Support large files in the complete toolset. Indexes of thisDavid Kalnischkies
size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
2011-09-13reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies
2011-01-12* methods/https.cc:David Kalnischkies
- fix CURLOPT_SSL_VERIFYHOST by really passing 2 to it if enabled
2010-01-08* French manpage translation updateMichael Vogt
* spot & fix various typos in all manpages * German manpage translation update * cmdline/apt-cache.cc: - remove translatable marker from the "%4i %s\n" string * buildlib/po4a_manpage.mak: - instruct debiandoc to build files with utf-8 encoding * buildlib/tools.m4: - fix some warning from the buildtools * apt-pkg/acquire-item.cc: - add configuration PDiffs::Limit-options to not download too many or too big patches (Closes: #554349) * debian/control: - let all packages depend on ${misc:Depends} * share/*-archive.gpg: - remove the horrible outdated files. We already depend on the keyring so we don't need to ship our own version * cmdline/apt-key: - errors out if wget is not installed (Closes: #545754) - add --keyring option as we have now possibly many * methods/gpgv.cc: - pass all keyrings (TrustedParts) to gpgv instead of using only one trusted.gpg keyring (Closes: #304846) * methods/https.cc: - finally merge the rest of the patchset from Arnaud Ebalard with the CRL and Issuers options, thanks! (Closes: #485963)
2009-12-14merged patches from david (many thanks)Michael Vogt
2009-12-11fix the backport of the https methods as they would require an ABI breakDavid Kalnischkies
otherwise in the Configuration class.
2009-12-11add https options which default to the ones from http for the httpsDavid Kalnischkies
method as this is more sane than using only the http options without a possibility to override these for https.
2009-12-11add config setting for User-Agent in http and https to the Acquire group,David Kalnischkies
thanks Timothy J. Miller! (Closes: #355782)
2009-12-10merged -r1875..1886 from lp:~donkult/apt/sidMichael Vogt
2009-12-10* merge lp:~mvo/apt/netrc branch, this adds support for aMichael Vogt
/etc/apt/auth.conf that can be used to store username/passwords in a "netrc" style file (with the extension that it supports "/" in a machine definition). Based on the maemo git branch. * apt-pkg/deb/dpkgpm.cc: - add "purge" to list of known actions
2009-12-07merge lp:~mvo/apt/netrc branch, this adds support for aMichael Vogt
/etc/apt/auth.conf that can be used to store username/passwords in a "netrc" style file (with the extension that it supports "/" in a machine definition). Based on the maemo git branch.
2009-12-04* apt-pkg/contrib/netrc.cc:Michael Vogt
- check for hostname and then host+path - better debug output * methods/https.cc: - fix bug in netrc integration
2009-12-02* apt-pkg/packagemanager.cc:Michael Vogt
- add output about pre-depends configuring when debug::pkgPackageManager is used * methods/https.cc: - fix incorrect use of CURLOPT_TIMEOUT, closes: #497983, LP: #354972 thanks to Brian Thomason for the patch * apt-pkg/depcache.cc, apt-pkg/indexcopy.cc: - typo fix (LP: #462328) * cmdline/apt-key: - Emit a warning if removed keys keyring is missing and skip associated checks (LP: #218971)
2009-11-17methods/https.cc: cleanup for CURLOPT_LOW_SPEED_TIMEMichael Vogt
2009-11-17* methods/https.cc:Michael Vogt
- fix incorrect use of CURLOPT_TIMEOUT, closes: #497983, LP: #354972 thanks to Brian Thomason for the patch
2009-10-16add maybe_add_auth for ftp as wellMichael Vogt
2009-10-16port netrc support from maemonMichael Vogt
2009-10-12methods/https.cc: Add support for authentication using netrc (Closes: #518473),Julian Andres Klode
patch by Jussi Hakala <jussi.hakala@hut.fi>.
2009-08-19merged from the jackyf-devel branchMichael Vogt
2009-02-03* methods/https.cc:Michael Vogt
- add Acquire::https::AllowRedirect support
2009-02-03methods/https.cc: do not unlink partial files (thanks to robbiew)Michael Vogt
2008-12-15Make apt proxy options have the highest priority, unified proxy determining ↵Eugene V. Lyubimkin
code.
2008-10-28fix various -Wall warningsMichael Vogt
2008-08-05fix various -Wall warningsMichael Vogt
2008-07-25* merge patch that enforces stricter https server certificateMichael Vogt
checking (thanks to Arnaud Ebalard, closes: #485960) * allow per-mirror specific https settings (thanks to Arnaud Ebalard, closes: #485965) * add doc/examples/apt-https-method-example.cof (thanks to Arnaud Ebalard, closes: #485964)