Hallo,
* Antonio Russo [Thu, Dec 22 2022, 07:15:12AM]:
> Package: apt-cacher-ng
> X-Debbugs-Cc: aeru...@aerusso.net
> Severity: important
> Tags: patch upstream
>
> Dear maintainer,
>
> In bug 1026395, I identified behavior where apt-cacher-ng was tagging many
> valid, referenced files for deletion. One cause is mentioned there. However,
> I failed to notice another source of erroneous tagging: SHA256 sums in
> the Packages/Sources/etc. files are not being detected.
>
> For examples, debrep/dists/bullseye-backports/main/binary-amd64/Packages,
> contains "^SHA256: " lines that are not being used.
>
> The first of the two patches fixes that behavior for Packages.
>
> During this process, a third source showed up: the lists of files in Sources
> was getting clobbered because of the behavior of
> cacheman.cc:ParseGenericRfc822File
> ("we don't merge").
>
> The second patch implements streaming handling of Sources a la Packages. That
> patch parses possibly untrusted data, so please give it a close read (also I
> haven't done a lot of C++ coding recently, so I apologize in advance).
Thanks. Regarding the second patch, I am not sure. Looks like my C++
also has become rusty in the last months. It would be good to have an
explicit description of the problem cases, since I don't know exactly
what you mean with "streaming". I.e. it seems like you want the generic
parser implementation to be changed to a specialized local one but how
am I supposed to write a unit test for this?
To be checked in the next days, stay tuned.
Best regards,
Eduard.
