From 91cdf3199cb8487eb38a14e2d1d5195ebe51e802 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 25 Jul 2015 10:52:42 +0200 Subject: bump next-abi check above gcc5-abi bump Some of the 'simpler' abi changes are included in /sid already guarded behind #if's and now that we dumped the ABI fpr gcc5 they trigger. It would probably not hurt to have them trigger and it is an abi break anyway, but there isn't much point to it and it would be really annoying if one of them turns out to be a problem as these changes aren't as well tested as the 'old' abi. It is slightly incorrect to check for abi >= 17 as /experimental with this (and other changes) is abi = 15 currently, but writing the correct check would be just too insane for this dead ends branch. Final /experimental is probably better of increasing APT_PKG_MAJOR anyhow. --- apt-pkg/deb/deblistparser.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/deb/deblistparser.cc') diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index e87e7b5e4..6d4fd9ac1 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -964,7 +964,7 @@ unsigned char debListParser::GetPrio(string Str) return Out; } /*}}}*/ -#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR >= 13) +#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR >= 17) bool debListParser::SameVersion(unsigned short const Hash, /*{{{*/ pkgCache::VerIterator const &Ver) { -- cgit v1.2.3 From 130f34b7bc48bb05cc192ca6c66606fd99509b3e Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 21 Aug 2015 18:00:37 +0200 Subject: Do not parse Status fields from remote sources This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version. --- apt-pkg/deb/deblistparser.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'apt-pkg/deb/deblistparser.cc') diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index 6d4fd9ac1..336414775 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -333,7 +333,7 @@ unsigned short debListParser::VersionHash() return Result; } /*}}}*/ -// ListParser::ParseStatus - Parse the status field /*{{{*/ +// StatusListParser::ParseStatus - Parse the status field /*{{{*/ // --------------------------------------------------------------------- /* Status lines are of the form, Status: want flag status @@ -344,6 +344,11 @@ unsigned short debListParser::VersionHash() */ bool debListParser::ParseStatus(pkgCache::PkgIterator &Pkg, pkgCache::VerIterator &Ver) +{ + return true; +} +bool debStatusListParser::ParseStatus(pkgCache::PkgIterator &Pkg, + pkgCache::VerIterator &Ver) { const char *Start; const char *Stop; -- cgit v1.2.3