summaryrefslogtreecommitdiff
path: root/test/integration/test-ubuntu-bug-784473-InRelease-one-message-only
AgeCommit message (Collapse)Author
2013-03-15 - if ExecGPGV deals with a clear-signed file it will split this fileDavid Kalnischkies
into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default
2011-06-06* apt-pkg/indexcopy.cc:David Kalnischkies
- Verify that the first line of an InRelease file is a PGP header for a signed message. Otherwise a man-in-the-middle can prefix a valid InRelease file with his own data! (CVE-2011-1829)