diff -Nru apt-cacher-1.7.29/apt-cacher-cleanup.pl apt-cacher-1.7.30/apt-cacher-cleanup.pl --- apt-cacher-1.7.29/apt-cacher-cleanup.pl 2023-01-16 19:52:02.000000000 +0000 +++ apt-cacher-1.7.30/apt-cacher-cleanup.pl 2023-07-02 16:44:20.000000000 +0000 @@ -819,6 +819,7 @@ foreach (glob('*{,/*}')) { next if -d; # Skip directories + (my $vkey = $_) =~ s/%5f/_/g; # Decode embedded underscores if (/([-+.a-z0-9]+_(?:\d:)?[-+.~a-zA-Z0-9]+)_changelog$/ && !$svrhash{$1}) { # Changelogs unlink $_, "../headers/$_" unless $sim_mode; printmsg "Removing expired changelog: $_ and company...\n"; @@ -830,23 +831,23 @@ } elsif (is_file_type('package', $_) or is_file_type('pdiff', get_original_url($_))) { # Package and pdiff files - if (! defined($valid{$_})) { + if (! defined($valid{$vkey})) { unlink $_, "../headers/$_", "../private/$_.complete" unless $sim_mode; printmsg "Removing file: $_ and company...\n"; } else { - # Verify SHA1 checksum - my $target_sum = hashify(\$valid{$_})->{sha1}; + # Verify SHA256 checksum + my $target_sum = hashify(\$valid{$vkey})->{sha256}; next unless $target_sum; - # print "Validating SHA1 $target_sum for $_\n"; + # print "Validating SHA256 $target_sum for $_\n"; open(my $fh, '<', $_) || die "Unable to open file $_ to verify checksum: $!"; flock($fh, LOCK_EX); if (is_file_type('pdiff', get_original_url($_))) { # pdiffs need decompressing $fh = IO::Uncompress::AnyUncompress->new($fh) or die "Decompression failed: $AnyUncompressError\n"; } - if ((my $sha1 = Digest::SHA->new(1)->addfile($fh)->hexdigest) ne $target_sum) { + if ((my $sha256 = Digest::SHA->new(256)->addfile($fh)->hexdigest) ne $target_sum) { unlink $_, "../headers/$_", "../private/$_.complete" unless $sim_mode; - printmsg "Checksum mismatch ($target_sum <=> $sha1): $_, removing\n"; + printmsg "Checksum mismatch ($target_sum <=> $sha256): $_, removing\n"; } # No explicit LOCK_UN: it fails with IO::Uncompress::AnyUncompress, just rely on close close $fh; @@ -861,7 +862,8 @@ foreach (glob('*{,/*}')) { next if -d; # Skip directories - if((is_file_type('package', $_) && !defined($valid{$_})) # Not indexed + (my $vkey = $_) =~ s/%5f/_/g; # Decode embedded underscores + if((is_file_type('package', $_) && !defined($valid{$vkey})) # Not indexed || !-e "../packages/$_") { # No corresponding package unlink $_, "../private/$_.complete" unless $sim_mode; printmsg "Removing expired headers: $_ and company...\n"; @@ -870,7 +872,7 @@ my $resp = read_header($_); next if $resp && $resp->is_success; # Don't cache errors any more printmsg "Removing cached error/invalid response: $_\n"; - delete $valid{$_}; + delete $valid{$vkey}; unlink $_ unless $sim_mode; } diff -Nru apt-cacher-1.7.29/debian/changelog apt-cacher-1.7.30/debian/changelog --- apt-cacher-1.7.29/debian/changelog 2023-01-16 19:52:02.000000000 +0000 +++ apt-cacher-1.7.30/debian/changelog 2023-07-02 16:44:20.000000000 +0000 @@ -1,3 +1,13 @@ +apt-cacher (1.7.30) unstable; urgency=medium + + * d/control: + - remove obsolete lsb-base Depends. + - promote libio-compress-lzma-perl to Depends (Closes: #1039907). + * Decode embedded underscores in filenames when cleaning and validating cache. + * When cleaning and validating cached files, use SHA256. + + -- Mark Hindley Sun, 02 Jul 2023 17:44:20 +0100 + apt-cacher (1.7.29) unstable; urgency=medium * Derive supported_archs default from Dpkg::Arch, based diff -Nru apt-cacher-1.7.29/debian/control apt-cacher-1.7.30/debian/control --- apt-cacher-1.7.29/debian/control 2023-01-16 19:52:02.000000000 +0000 +++ apt-cacher-1.7.30/debian/control 2023-07-02 16:44:20.000000000 +0000 @@ -16,6 +16,7 @@ ed, libdpkg-perl, libfilesys-df-perl, + libio-compress-lzma-perl, libio-interactive-perl, libio-interface-perl, libipc-sharelite-perl, @@ -23,11 +24,10 @@ libsys-syscall-perl, libwww-curl-perl, libwww-perl, - lsb-base (>= 3.2-14), update-inetd, ${misc:Depends}, ${perl:Depends}, -Recommends: libberkeleydb-perl, libio-compress-lzma-perl +Recommends: libberkeleydb-perl Suggests: libfreezethaw-perl, libio-socket-inet6-perl Description: Caching proxy server for Debian/Ubuntu/Devuan software repositories Apt-cacher performs caching of files requested by apt-get (or other APT clients