This avoids downgrade attacks where an attacker could inject
Location: http://private.example/
and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.
Closes: #945911
While passing the combi Release and Release.gpg to the gpgv method for
verification the filename of Release is placed where usually Release.gpg
is assumed in the rest of the code. The "usual" cases like passing
verification and failing verification ending in an error are taking care
of this, but the code path dealing with a failed verification, but
ignoring said failure (e.g. due to trusted=yes) was not which results in
the wrong file being removed later on (in case the index happens to be
unmodified since the last update call) leading us into the abyss of
strange failures (fixed in the previous commit) were nothing should have
changed.
This is not a security issue in this form as the repository needs to fail
verification & the user forcing apt to ignore the failure and carry on
anyhow. It does show however how complicated the code and its various
interconnected paths can become.
Reported-By: Val "pinkieval" Lorentz on IRC
If we have no old Release file, but old indices we can't compare
hashsums with the new Release file and hence must request the indices
again and have to react to IMS hits if they didn't change.
We used to symlink the old index file to the partial directory, but that
usually meant that we linked an uncompressed file to a compressed file,
which not all uncompressors can deal with transparently resulting in
strange failures.
We could do without the symlink, but that would require changes in the
codepaths dealing with failure as they would rename the file to FAILED.
Skipped tests do not age very well as changes to the infrastructure go
by unnoticied. In this case we are fetching Translation files now
differently meaning only if mentioned in Release file, which broke this
test. As it makes use of LC_ALL and utf8 locales it can't really be
reenabled, but it might be able to serve as an example for others and
hence at least deserves being fixed.
Gbp-Dch: Ignore
Unused variable, std::algorithms instead of raw for-loops.
There should be no observeable difference in behaviour.
Reported-By: cppcheck
Gbp-Dch: Ignore
When using locale in which symbols occupy more than 1 byte (for example,
ru_RU.UTF-8), the progress bar width was calculated incorrectly because
std::string::size() returns the number of bytes rather than the number of
actual characters. Use the newly introduced APT::String::DisplayLength()
to calculate the width instead.
Returns string length, but unlike std::string::size() it honors
multibyte characters. This allows to properly calculate visible
sizes of console messages.
When multiple translations of package descriptions are available,
perform search in all of them. It allows using search patterns in
any of the configured languages.
Previously, only the first available translation was searched. As
the result, patterns in e.g. English never matched packages which
had their descriptions translated into local language.
Closes: #490000
Using --force-depends causes dpkg to continue removing packages
a package depends upon even if that package fails to be removed,
because dpkg turns off all sanity checks. So we gotta tell dpkg
to stop immediately if there's an error removing stuff.
Closes: #935910
LP: #1844634
Commit 1d9e29c9e2 added support
for suffixes to to intervals, but did not adjust the code to
actually support them by replacing -eq with =.
LP: #1840995
These two are mutually exclusive states of installed-ness. And
?installed package is fully unpacked and configured; a ?config-files
package only has config files left.
These match packages that have no version in a repository, or
where an upgrade is available. Notably,
?and(?obsolete,?upgradable) == ?false
because an upgradable package is by definition not obsolete.
These patterns allow you to identify automatically installed
packages, as well as automatically installed packages that are
no longer reachable from the manually installed ones.
Julian Andres Klode
Julian Andres Klode
Anthony Papillon
David Kalnischkies
Chris Leick
Алексей Шилин
Anatoly Borodin