mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 14:30:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
fdroidserver/fdroidserver
History
Hans-Christoph Steiner bde0558d82 update: reject APKs with invalid file sig, probably Janus exploits 
This just checks the first four bytes of the APK file, aka the "file
signature", to make sure it is the ZIP signature and not the DEX signature.
This was checked against the test APK, and I ran it against some known
malware and all of f-droid.org to make sure it works.

All valid ZIP files (therefore APK files) should start with the ZIP
Local File Header of four bytes.

https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
2017-12-14 16:57:22 +01:00
..
asynchronousfilereader Add asynchronous filereader, fix python3 lockups 2015-09-20 20:57:53 +02:00
__init__.py fix egg-link and easy_install support for Python3 2017-10-19 23:28:13 +02:00
btlog.py implement gettext localization 2017-09-15 11:39:00 +02:00
build.py build: apt-get purge sudo after using it for sudo= build field 2017-12-11 22:11:16 +01:00
checkupdates.py checkupdates: don't fail when we can't init submodules 2017-12-04 16:30:37 +01:00
common.py Merge branch 'fixFlavor' into 'master' 2017-12-14 16:56:01 +01:00
dscanner.py English source string corrections 2017-09-16 13:19:38 +02:00
exception.py checkupdates: don't fail when we can't init submodules 2017-12-04 16:30:37 +01:00
gpgsign.py implement gettext localization 2017-09-15 11:39:00 +02:00
import.py import: fix bitbucket import 2017-10-04 18:54:47 +02:00
index.py Add Liberapay support 2017-12-12 11:53:31 +01:00
init.py init: fix test for aapt when no aapt has been found 2017-12-06 20:20:17 +01:00
install.py fix string formats that are ambiguous for translators 2017-09-16 13:19:38 +02:00
lint.py Add Liberapay support 2017-12-12 11:53:31 +01:00
metadata.py Add Liberapay support 2017-12-12 11:53:31 +01:00
mirror.py mirror: fix syntax error on Python 3.4 2017-11-30 14:03:04 +01:00
net.py Support ETag when downloading repository index 2017-05-02 15:37:02 -03:00
nightly.py nightly: replace / from fingerprint in SSH key filename, fixes #423 2017-12-07 22:39:32 +01:00
publish.py add common.sign_apk() for nighly as test for using in publish 2017-12-04 22:52:41 +01:00
readmeta.py all: make newer pycodestyle happy 2016-11-15 20:55:06 +00:00
rewritemeta.py fix string formats that are ambiguous for translators 2017-09-16 13:19:38 +02:00
scanner.py make _ always be the gettext function, nothing else 2017-10-25 23:01:25 +02:00
server.py server: prevent crash when uploading to virustotal 2017-11-29 21:06:02 +01:00
signatures.py HTTP, HTTPS 2017-10-22 06:43:18 +00:00
signindex.py implement gettext localization 2017-09-15 11:39:00 +02:00
stats.py implement gettext localization 2017-09-15 11:39:00 +02:00
tail.py include class like UNIX tail -f for displaying logs 2017-05-23 20:04:08 +02:00
update.py update: reject APKs with invalid file sig, probably Janus exploits 2017-12-14 16:57:22 +01:00
verify.py fix string formats that are ambiguous for translators 2017-09-16 13:19:38 +02:00
vmtools.py Merge branch 'no_sleep' into 'master' 2017-12-02 12:49:05 +00:00