From 91cdf3199cb8487eb38a14e2d1d5195ebe51e802 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sat, 25 Jul 2015 10:52:42 +0200 Subject: bump next-abi check above gcc5-abi bump Some of the 'simpler' abi changes are included in /sid already guarded behind #if's and now that we dumped the ABI fpr gcc5 they trigger. It would probably not hurt to have them trigger and it is an abi break anyway, but there isn't much point to it and it would be really annoying if one of them turns out to be a problem as these changes aren't as well tested as the 'old' abi. It is slightly incorrect to check for abi >= 17 as /experimental with this (and other changes) is abi = 15 currently, but writing the correct check would be just too insane for this dead ends branch. Final /experimental is probably better of increasing APT_PKG_MAJOR anyhow. --- apt-pkg/deb/deblistparser.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apt-pkg/deb/deblistparser.h') diff --git a/apt-pkg/deb/deblistparser.h b/apt-pkg/deb/deblistparser.h index 3b6963211..db7afa73c 100644 --- a/apt-pkg/deb/deblistparser.h +++ b/apt-pkg/deb/deblistparser.h @@ -71,7 +71,7 @@ class debListParser : public pkgCacheGenerator::ListParser virtual std::string DescriptionLanguage(); virtual MD5SumValue Description_md5(); virtual unsigned short VersionHash(); -#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR >= 13) +#if (APT_PKG_MAJOR >= 4 && APT_PKG_MINOR >= 17) virtual bool SameVersion(unsigned short const Hash, pkgCache::VerIterator const &Ver); #endif virtual bool UsePackage(pkgCache::PkgIterator &Pkg, -- cgit v1.2.3 From 130f34b7bc48bb05cc192ca6c66606fd99509b3e Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 21 Aug 2015 18:00:37 +0200 Subject: Do not parse Status fields from remote sources This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version. --- apt-pkg/deb/deblistparser.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'apt-pkg/deb/deblistparser.h') diff --git a/apt-pkg/deb/deblistparser.h b/apt-pkg/deb/deblistparser.h index db7afa73c..d479997a3 100644 --- a/apt-pkg/deb/deblistparser.h +++ b/apt-pkg/deb/deblistparser.h @@ -117,4 +117,11 @@ class debTranslationsParser : public debListParser : debListParser(File, Arch) {}; }; +class APT_HIDDEN debStatusListParser : public debListParser +{ + public: + virtual bool ParseStatus(pkgCache::PkgIterator &Pkg,pkgCache::VerIterator &Ver); + debStatusListParser(FileFd *File) + : debListParser(File) {}; +}; #endif -- cgit v1.2.3