Michael Vogt [Fri, 5 Aug 2011 10:29:40 +0000 (12:29 +0200)]
* test/integration/test-hashsum-verification:
- add regression test for hashsum verification
* apt-pkg/acquire-item.cc:
- if no Release.gpg file is found, still load the hashes for
verification (closes: #636314) and add test
Michael Vogt [Fri, 29 Jul 2011 11:37:33 +0000 (13:37 +0200)]
* apt-pkg/pkgcachegen.{cc,h}:
- use ref-to-ptr semantic in NewDepends() to ensure that the
libapt does not segfault if the cache is remapped in between
(LP: #812862)
Michael Vogt [Thu, 28 Jul 2011 13:16:18 +0000 (15:16 +0200)]
* apt-pkg/contrib/fileutl.{cc,h}:
- add GetModificationTime() helper
* apt-pkg/pkgcachegen.cc:
- regenerate the cache if the sources.list changes to ensure
that changes in the ordering there will be honored by apt
* apt-pkg/sourcelist.{cc,h}:
- add pkgSourceList::GetLastModifiedTime() helper
Michael Vogt [Tue, 26 Jul 2011 08:49:28 +0000 (10:49 +0200)]
* apt-pkg/contrib/strutl.{h,cc}, test/libapt/strutil_test.cc:
- add new DeEscapeString() similar to DeQuoteQuotedWord but
unescape charackter escapes like \0XXX and \xXX (plus add test)
David Miller [Tue, 26 Jul 2011 07:00:10 +0000 (09:00 +0200)]
* apt-pkg/contrib/sha1.cc:
- fix illegally casts of on-stack buffer to a type requiring more
alignment than it has resulting in segfaults on sparc (Closes: #634696)
The problem is how sha1.cc codes the SHA1 transform, it illegally
casts the on-stack workspace buffer to a type requiring more
alignment than 'workspace' is actually declared to have.
This only shows up recently because gcc-4.6 now does a really
aggressive optimization where it gets rid of the workspace
buffer entirely and just accesses 'buffer' directly, and assumes
it has the necessary alignment for 32-bit loads (which it
doesn't).
* apt-pkg/deb/deblistparser.cc:
- Strip only :any and :native if MultiArch should be stripped as it is
save to ignore them in non-MultiArch contexts but if the dependency
is a specific architecture (and not the native) do not strip
alternatively check in a versioned depends if the candidate is good
The old code used to do move on to versions behind the candidate in
cases the candidate wasn't a match, but as the Install request later
always installs the candidate (witch wasn't switched) this could have
never worked - and shouldn't in most cases anyway as:
a) it could only work for <, <=, != depends which are unusal
b) doesn't respect pinning, so it could install -1 versions
* cmdline/apt-key:
- use a tmpfile instead of /etc/apt/secring.gpg (Closes: #632596)
* debian/apt.postinst:
- remove /etc/apt/secring.gpg if it is an empty file
* apt-pkg/pkgcachegen.cc:
- fallback to memory if file is not writeable even if access()
told us the opposite before (e.g. in fakeroot 1.16) (Closes: #630591)
Michael Vogt [Thu, 30 Jun 2011 07:33:19 +0000 (08:33 +0100)]
* doc/makefile:
- create doxygen directory to avoid depending on magic (Closes: #628799)
* cmdline/apt-key:
- explicitly state that net-update is not supported if no url is set
- require to be root for add, rm, update and net-update
- clarify update vs. net-update in different distros (Closes: #632043)
* debian/apt.symbols:
- forgot 'mips' in the list for all architecture dependent symbols
- comment out gcc-4.5 specific symbols as gcc-4.6 is now default
- the symbol for PrintStatus() is architecture dependent
* apt-pkg/policy.cc:
- do not segfault in pinning if a package with this name doesn't exist.
Thanks to Ferdinand Thommes for the report!
- Defaults is a vector of Pin not of PkgPin
- ensure that only the first specific stanza for a package is used
- save all stanzas which had no effect in Unmatched
- allow package:architecure in Package:
Michael Vogt [Thu, 9 Jun 2011 11:24:36 +0000 (13:24 +0200)]
apt-pkg/deb/debindexfile.cc: remove tests for TranslationsAvailable() as this will break adding translations to the cache if the current environment does not include the language (e.g. LANG=C but german translations). testing for existance of the file is the better approach
* apt-pkg/indexcopy.cc:
- Verify that the first line of an InRelease file is a PGP header
for a signed message. Otherwise a man-in-the-middle can prefix
a valid InRelease file with his own data! (CVE-2011-1829)
apt-pkg/acquire-item.cc: Reject files known to be invalid (LP: #346386) (Closes: #195301)
This commit deals with the following cases:
- First section of index file (Packages,Sources,Translation) without Package field
- Signed release files without GPG data (NODATA)
- i18n/Index files without hash sums
Handling unsigned Release files is more complicated, and the example code
using indexRecords is disabled as it can reject correct Release files
without hashes. How we can reliably check unsigned Release files is
another question, and not urgent anyway, as it should have no
dramatic effect (we could check that it is a valid RFC-822 section,
but that's a bit too long to write)