[Bug 1098752] Re: apt-get download checks sha256 hashes when sha512 hashes are available
Brian Murray
brian at ubuntu.com
Tue Jan 15 20:25:46 UTC 2013
** Changed in: apt (Ubuntu)
Status: New => Triaged
** Changed in: apt (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1098752
Title:
apt-get download checks sha256 hashes when sha512 hashes are available
Status in “apt” package in Ubuntu:
Triaged
Bug description:
While auditing some apt code, I noticed that apt-get download uses
SHA-256 hashes even when SHA-512 hashes are available. From
DoDownload() in cmdline/apt-get.cc:
// get the most appropriate hash
HashString hash;
if (rec.SHA512Hash() != "")
hash = HashString("sha512", rec.SHA512Hash());
if (rec.SHA256Hash() != "")
hash = HashString("sha256", rec.SHA256Hash());
else if (rec.SHA1Hash() != "")
hash = HashString("sha1", rec.SHA1Hash());
else if (rec.MD5Hash() != "")
hash = HashString("md5", rec.MD5Hash());
// get the file
new pkgAcqFile(&Fetcher, uri, hash.toStr(), (*Ver)->Size, descr, Pkg.Name(), ".");
The conditional for rec.SHA256Hash() should use an else if statement.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098752/+subscriptions
More information about the foundations-bugs
mailing list