From 586d8704716a10e0f8b9c400cab500f5353eebe6 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 26 Oct 2014 23:17:03 +0100 Subject: replace ignore-deprecated #pragma dance with _Pragma For compatibility we use/provide and fill quiet some deprecated methods and fields, which subsequently earns us a warning for using them. These warnings therefore have to be disabled for these codeparts and that is what this change does now in a slightly more elegant way. Git-Dch: Ignore --- apt-pkg/indexrecords.h | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 88a06779c..06b9dafa6 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -76,11 +76,7 @@ class indexRecords virtual ~indexRecords(); }; -#if __GNUC__ >= 4 - // ensure that con- & de-structor don't trigger this warning - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif +APT_IGNORE_DEPRECATED_PUSH struct indexRecords::checkSum { std::string MetaKeyFilename; @@ -89,8 +85,6 @@ struct indexRecords::checkSum APT_DEPRECATED HashString Hash; }; -#if __GNUC__ >= 4 - #pragma GCC diagnostic pop -#endif +APT_IGNORE_DEPRECATED_POP #endif -- cgit v1.2.3 From fa5404ab01bdf06eaf147d9f133139e6c89b906a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 7 Nov 2014 18:18:14 +0100 Subject: explicit overload methods instead of adding parameters Adding a new parameter (with a default) is an ABI break, but you can overload a method, which is "just" an API break for everyone doing references to this method (aka: nobody). Git-Dch: Ignore --- apt-pkg/indexrecords.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 06b9dafa6..35e534c12 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -42,8 +42,12 @@ class indexRecords std::map Entries; public: - +#if APT_PKG_ABI >= 413 indexRecords(const std::string &ExpectedDist = ""); +#else + indexRecords(); + indexRecords(const std::string ExpectedDist); +#endif // Lookup function virtual checkSum *Lookup(const std::string MetaKey); -- cgit v1.2.3 From 6bf93605fdb8e858d3f0a79a124c1d39f760094d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 May 2015 22:15:06 +0200 Subject: treat older Release files than we already have as an IMSHit Valid-Until protects us from long-living downgrade attacks, but not all repositories have it and an attacker could still use older but still valid files to downgrade us. While this makes it sounds like a security improvement now, its a bit theoretical at best as an attacker with capabilities to pull this off could just as well always keep us days (but in the valid period) behind and always knows which state we have, as we tell him with the If-Modified-Since header. This is also why this is 'silently' ignored and treated as an IMSHit rather than screamed at the user as this can at best be an annoyance for attackers. An error here would 'regularily' be encountered by users by out-of-sync mirrors serving a single run (e.g. load balancer) or in two consecutive runs on the other hand, so it would just help teaching people ignore it. That said, most of the code churn is caused by enforcing this additional requirement. Crisscross from InRelease to Release.gpg is e.g. very unlikely in practice, but if we would ignore it an attacker could sidestep it this way. --- apt-pkg/indexrecords.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 35e534c12..6ed5f0c2b 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -36,6 +36,7 @@ class indexRecords std::string Dist; std::string Suite; std::string ExpectedDist; + time_t Date; time_t ValidUntil; bool SupportsAcquireByHash; @@ -62,6 +63,7 @@ class indexRecords std::string GetSuite() const; bool GetSupportsAcquireByHash() const; time_t GetValidUntil() const; + time_t GetDate() const; std::string GetExpectedDist() const; /** \brief check if source is marked as always trusted */ -- cgit v1.2.3 From c8a4ce6cbed57ae108dc955d4a850f9b129a0693 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 16 Jun 2015 16:22:46 +0200 Subject: add d-pointer, virtual destructors and de-inline de/constructors To have a chance to keep the ABI for a while we need all three to team up. One of them missing and we might loose, so ensuring that they are available is a very tedious but needed task once in a while. Git-Dch: Ignore --- apt-pkg/indexrecords.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'apt-pkg/indexrecords.h') diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 6ed5f0c2b..f7dfa3235 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -1,7 +1,4 @@ // -*- mode: cpp; mode: fold -*- -// Description /*{{{*/ -// $Id: indexrecords.h,v 1.1.2.1 2003/12/24 23:09:17 mdz Exp $ - /*}}}*/ #ifndef PKGLIB_INDEXRECORDS_H #define PKGLIB_INDEXRECORDS_H -- cgit v1.2.3