#include <string>
#include <sstream>
#include <stdio.h>
+#include <ctime>
/*}}}*/
using namespace std;
Transformed = "";
}
+ if (_config->FindB("Acquire::Check-Valid-Until", true)) {
+ if (MetaIndexParser->GetValidUntil() > 0 &&
+ time(NULL) > MetaIndexParser->GetValidUntil()) {
+ return _error->Error(_("Release file expired, ignoring %s (valid until %s)"),
+ RealURI.c_str(),
+ TimeRFC1123(MetaIndexParser->GetValidUntil()).c_str());
+ }
+ }
+
if (_config->FindB("Debug::pkgAcquire::Auth", false))
{
std::cerr << "Got Codename: " << MetaIndexParser->GetDist() << std::endl;
// return false;
if (!Transformed.empty())
{
- _error->Warning("Conflicting distribution: %s (expected %s but got %s)",
+ _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"),
Desc.Description.c_str(),
Transformed.c_str(),
MetaIndexParser->GetDist().c_str());
#include <apt-pkg/tagfile.h>
#include <apt-pkg/error.h>
#include <apt-pkg/strutl.h>
+#include <apt-pkg/configuration.h>
#include <apti18n.h>
#include <sys/stat.h>
+#include <clocale>
+
/*}}}*/
string indexRecords::GetDist() const
{
return this->ExpectedDist;
}
+time_t indexRecords::GetValidUntil() const
+{
+ return this->ValidUntil;
+}
+
const indexRecords::checkSum *indexRecords::Lookup(const string MetaKey)
{
return Entries[MetaKey];
return false;
}
- string Strdate = Section.FindS("Date"); // FIXME: verify this somehow?
+ string Label = Section.FindS("Label");
+ string StrDate = Section.FindS("Date");
+ string StrValidUntil = Section.FindS("Valid-Until");
+
+ // if we have a Valid-Until header, use it
+ if (!StrValidUntil.empty())
+ {
+ // set ValidUntil based on the information in the Release file
+ if(!StrToTime(StrValidUntil, ValidUntil))
+ {
+ ErrorText = _(("Invalid 'Valid-Until' entry in Release file " + Filename).c_str());
+ return false;
+ }
+ } else {
+ // if we don't have a valid-until string, check if we have a default
+ if (!Label.empty())
+ {
+ int MaxAge = _config->FindI(string("apt::acquire::max-default-age::"+Label).c_str(),0);
+ if(MaxAge > 0 && !StrToTime(StrDate, ValidUntil))
+ {
+ ErrorText = _(("Invalid 'Date' entry in Release file " + Filename).c_str());
+ return false;
+ }
+ ValidUntil += 24*60*60*MaxAge;
+ }
+ }
+
return true;
}
/*}}}*/
}
indexRecords::indexRecords(const string ExpectedDist) :
- ExpectedDist(ExpectedDist)
+ ExpectedDist(ExpectedDist), ValidUntil(0)
{
}
#include <map>
#include <vector>
+#include <ctime>
class indexRecords
{
string Dist;
string Suite;
string ExpectedDist;
+ time_t ValidUntil;
+
std::map<string,checkSum *> Entries;
public:
virtual bool Load(string Filename);
string GetDist() const;
+ time_t GetValidUntil() const;
virtual bool CheckDist(const string MaybeDist) const;
string GetExpectedDist() const;
virtual ~indexRecords(){};
apt (0.7.26~exp5) experimental; urgency=low
[ David Kalnischkies ]
+ * apt-pkg/indexrecords.cc:
+ - backport forgotten Valid-Until patch from the obsolete experimental
+ branch to prevent replay attacks better, thanks to Thomas Viehmann
+ for the initial patch! (Closes: #499897)
* cmdline/apt-get.cc:
- rerun dpkg-source in source if --fix-broken is given (Closes: #576752)
- don't suggest held packages as they are installed (Closes: #578135)
self.assert_(len(glob.glob("/var/lib/apt/lists/partial/*")) == 0,
"partial/ dir has leftover files: %s" % glob.glob("/var/lib/apt/lists/partial/*"))
+ def testValid(self):
+ for f in glob.glob("testsources.list/sources.list*validuntil*"):
+ self._cleanup()
+ (prefix, testtype, result) = f.split("-")
+ expected_res = self._expectedRes(result)
+ cmd = ["update"]
+ res = call([self.apt,"-o","Dir::Etc::sourcelist=./%s" % f]+cmd+apt_args,
+ stdout=stdout, stderr=stderr)
+ self.assert_(res == expected_res,
+ "test '%s' failed (got %s expected %s" % (f,res,expected_res))
+ if expected_res == 0:
+ self.assert_(len(glob.glob("/var/lib/apt/lists/partial/*")) == 0,
+ "partial/ dir has leftover files: %s" % glob.glob("/var/lib/apt/lists/partial/*"))
+
class testLocalRepositories(unittest.TestCase):
" test local repository regressions "
--- /dev/null
+deb http://people.ubuntu.com/~mvo/apt/auth-test-suit/all-validuntil-broken/ /
HCoop / ntk / apt.git / commitdiff