From 1ddb859611d2e0f3d9ea12085001810f689e8c99 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 19:27:49 +0200 Subject: * apt-pkg/indexrecords.cc: - backport forgotten Valid-Until patch from the obsolete experimental branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897) --- apt-pkg/acquire-item.cc | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index c035b9163..4a846804e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -33,6 +33,7 @@ #include #include #include +#include /*}}}*/ using namespace std; @@ -1177,6 +1178,15 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ Transformed = ""; } + if (_config->FindB("Acquire::Check-Valid-Until", true)) { + if (MetaIndexParser->GetValidUntil() > 0 && + time(NULL) > MetaIndexParser->GetValidUntil()) { + return _error->Error(_("Release file expired, ignoring %s (valid until %s)"), + RealURI.c_str(), + TimeRFC1123(MetaIndexParser->GetValidUntil()).c_str()); + } + } + if (_config->FindB("Debug::pkgAcquire::Auth", false)) { std::cerr << "Got Codename: " << MetaIndexParser->GetDist() << std::endl; @@ -1194,7 +1204,7 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ // return false; if (!Transformed.empty()) { - _error->Warning("Conflicting distribution: %s (expected %s but got %s)", + _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), Desc.Description.c_str(), Transformed.c_str(), MetaIndexParser->GetDist().c_str()); -- cgit v1.2.3 From 0323317c08c0b08bf0ba1ac37a37a8de333cdb40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 22:55:42 +0200 Subject: enhance the Valid-Until code a bit by using the correct RFC1123StrToTime method and allow for better translations of the error messages --- apt-pkg/acquire-item.cc | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'apt-pkg/acquire-item.cc') diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 4a846804e..ac84c2e5e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1178,13 +1178,15 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ Transformed = ""; } - if (_config->FindB("Acquire::Check-Valid-Until", true)) { - if (MetaIndexParser->GetValidUntil() > 0 && - time(NULL) > MetaIndexParser->GetValidUntil()) { - return _error->Error(_("Release file expired, ignoring %s (valid until %s)"), - RealURI.c_str(), - TimeRFC1123(MetaIndexParser->GetValidUntil()).c_str()); - } + if (_config->FindB("Acquire::Check-Valid-Until", true) == true && + MetaIndexParser->GetValidUntil() > 0) { + time_t const invalid_since = time(NULL) - MetaIndexParser->GetValidUntil(); + if (invalid_since > 0) + // TRANSLATOR: The first %s is the URL of the bad Release file, the second is + // the time since then the file is invalid - formated in the same way as in + // the download progress display (e.g. 7d 3h 42min 1s) + return _error->Error(_("Release file expired, ignoring %s (invalid since %s)"), + RealURI.c_str(), TimeToStr(invalid_since).c_str()); } if (_config->FindB("Debug::pkgAcquire::Auth", false)) -- cgit v1.2.3