summaryrefslogtreecommitdiff
path: root/test/integration/test-bug-595691-empty-and-broken-archive-files
AgeCommit message (Collapse)Author
2015-06-09rework hashsum verification in the acquire systemDavid Kalnischkies
Having every item having its own code to verify the file(s) it handles is an errorprune process and easy to break, especially if items move through various stages (download, uncompress, patching, …). With a giant rework we centralize (most of) the verification to have a better enforcement rate and (hopefully) less chance for bugs, but it breaks the ABI bigtime in exchange – and as we break it anyway, it is broken even harder. It shouldn't effect most frontends as they don't deal with the acquire system at all or implement their own items, but some do and will need to be patched (might be an opportunity to use apt on-board material). The theory is simple: Items implement methods to decide if hashes need to be checked (in this stage) and to return the expected hashes for this item (in this stage). The verification itself is done in worker message passing which has the benefit that a hashsum error is now a proper error for the acquire system rather than a Done() which is later revised to a Failed().
2014-10-29Only support Translation-* that are listed in the {In,}Release fileMichael Vogt
Handle Translation-* files exactly like Packages files (with the expection that it is ok if a download of them fails). Remove all "guessing" on apts side. This will elimimnate a bunch of errors releated to captive portals and similar. Its also more correct and removes another potential attack vector.
2014-10-07display errortext for all Err as well as Ign logsDavid Kalnischkies
consistently using Item::Failed in all specializec classes helps setting up some information bits otherwise unset, so some errors had an empty reason as an error. Ign is upgraded to display the error message we ignored to further help in understanding what happens.
2014-09-29Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc
2014-09-25rewrite compressed indexes test to check with all compressorsDavid Kalnischkies
Git-Dch: Ignore
2014-09-21generalize Acquire::GzipIndexMichael Vogt
2014-05-09tests: be able to disable "Fetched …" statistics messageDavid Kalnischkies
The line contains everchanging execution statistics which is harmful for testcases as they need to filter out such lines, but this is hard so we can just add an option to disable them instead and be done. Git-Dch: Ignore
2013-05-08merged patch from Daniel Hartwig to fix URI and proxy releated issuesMichael Vogt
2013-03-14* SECURITY UPDATE: InRelease verification bypass0.9.7.8Michael Vogt
- CVE-2013-1051 * apt-pkg/deb/debmetaindex.cc, test/integration/test-bug-595691-empty-and-broken-archive-files, test/integration/test-releasefile-verification: - disable InRelease downloading until the verification issue is fixed, thanks to Ansgar Burchardt for finding the flaw
2012-04-11use xz-utils in the testcases instead of lzma and ensure that we reallyDavid Kalnischkies
ignore the presents (or absence) of lzma if we decided to use xz
2011-10-11run integration tests on my new amd64 box without failuresDavid Kalnischkies
2011-08-22remove the caches in 'apt-get update', too, as they will beDavid Kalnischkies
invalid in most cases anyway
2011-02-22test the xz compressor, tooDavid Kalnischkies
2011-02-10* merged lp:~evfool/apt/fix641673:Michael Vogt
* merged lp:~evfool/apt/fix418552: - Grammar fix for bug LP: #418552, thanks to Robert Roth
2011-01-28 - download and use i18n/Index to choose which Translations to downloadDavid Kalnischkies
* apt-pkg/aptconfiguration.cc: - remove the inbuilt Translation files whitelist
2011-01-26 - change the internal handling of Extensions in pkgAcqIndexDavid Kalnischkies
- add a special uncompressed compression type to prefer those files * methods/{gzip,bzip}.cc: - print a good error message if FileSize() is zero
2011-01-20 - try downloading clearsigned InRelease before trying Release.gpgDavid Kalnischkies
* apt-pkg/deb/deblistparser.cc: - rewrite LoadReleaseInfo to cope with clearsigned Releasefiles
2010-11-30do not touch Packages and Sources in the framework if the files doDavid Kalnischkies
not exist to not generate sources.list entries later for them
2010-10-21* apt-pkg/contrib/fileutl.cc:David Kalnischkies
- Add a FileFd::FileSize() method to get the size of the underlying file and not the size of the content in the file as FileFd::Size() does - the sizes can differ since the direct gzip integration * methods/{gzip,bzip2}.cc: - use FileSize() to determine if the file is invalid (Closes: #600852)
2010-10-13tests/integration/test-*: remove a bunch of "local" that are used outside ↵Michael Vogt
funtions (bash complains)
2010-09-29fix the testcases which were broken by the new space between number and unitDavid Kalnischkies
2010-09-09add a simple testcase for the previously fixed bug 595691 to checkDavid Kalnischkies
in future that APT plays considerable well with empty archives