| Age | Commit message (Collapse) | Author |
|---|
|
Having every item having its own code to verify the file(s) it handles
is an errorprune process and easy to break, especially if items move
through various stages (download, uncompress, patching, …). With a giant
rework we centralize (most of) the verification to have a better
enforcement rate and (hopefully) less chance for bugs, but it breaks the
ABI bigtime in exchange – and as we break it anyway, it is broken even
harder.
It shouldn't effect most frontends as they don't deal with the acquire
system at all or implement their own items, but some do and will need to
be patched (might be an opportunity to use apt on-board material).
The theory is simple: Items implement methods to decide if hashes need to
be checked (in this stage) and to return the expected hashes for this
item (in this stage). The verification itself is done in worker message
passing which has the benefit that a hashsum error is now a proper error
for the acquire system rather than a Done() which is later revised to a
Failed().
|
|
Handle Translation-* files exactly like Packages files (with the
expection that it is ok if a download of them fails). Remove all
"guessing" on apts side. This will elimimnate a bunch of errors
releated to captive portals and similar. Its also more correct
and removes another potential attack vector.
|
|
consistently using Item::Failed in all specializec classes helps setting
up some information bits otherwise unset, so some errors had an empty
reason as an error. Ign is upgraded to display the error message we
ignored to further help in understanding what happens.
|
|
Conflicts:
apt-pkg/acquire-item.cc
|
|
Git-Dch: Ignore
|
|
|
|
The line contains everchanging execution statistics which is harmful for
testcases as they need to filter out such lines, but this is hard so we
can just add an option to disable them instead and be done.
Git-Dch: Ignore
|
|
|
|
- CVE-2013-1051
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
|
|
ignore the presents (or absence) of lzma if we decided to use xz
|
|
|
|
invalid in most cases anyway
|
|
|
|
* merged lp:~evfool/apt/fix418552:
- Grammar fix for bug LP: #418552, thanks to Robert Roth
|
|
* apt-pkg/aptconfiguration.cc:
- remove the inbuilt Translation files whitelist
|
|
- add a special uncompressed compression type to prefer those files
* methods/{gzip,bzip}.cc:
- print a good error message if FileSize() is zero
|
|
* apt-pkg/deb/deblistparser.cc:
- rewrite LoadReleaseInfo to cope with clearsigned Releasefiles
|
|
not exist to not generate sources.list entries later for them
|
|
- Add a FileFd::FileSize() method to get the size of the underlying
file and not the size of the content in the file as FileFd::Size()
does - the sizes can differ since the direct gzip integration
* methods/{gzip,bzip2}.cc:
- use FileSize() to determine if the file is invalid (Closes: #600852)
|
|
funtions (bash complains)
|
|
|
|
in future that APT plays considerable well with empty archives
|
