mirror of
https://github.com/certbot/certbot.git
synced 2026-06-13 18:50:20 -04:00
78cf8ec4de
With current code, the certbot-auto self-upgrade process can make it actually to downgrade itself, because the comparison done is an equality test between local certbot-auto version and the remote one. This is a flaw for attackers, that could make certbot-auto break itself by falsely advertising it about an old version as the latest one available. A function is added to make a more advanced comparison between version. Certbot-auto will upgrade itself only if the local version is strictly inferior to the latest one available. For instance, a version 0.28.0 will not upgrade itself if the latest one available on internet is 0.27.1. Similarly, non-official versions like 0.28.0.dev0 will never trigger a self-upgrade, to help development workflows. This implementation relies only on the Python distribution installed by certbot-auto (supporting 2.7+) and basic shell operations, to be compatible with any UNIX-based system. * Check version with protection again downgrade * Create a stable version of letsencrypt-auto to use correctly self-upgrade functionality * Update letsencrypt-auto-source/letsencrypt-auto.template |
||
|---|---|---|
| .. | ||
| pieces | ||
| tests | ||
| build.py | ||
| certbot-auto.asc | ||
| Dockerfile.centos6 | ||
| Dockerfile.precise | ||
| Dockerfile.trusty | ||
| Dockerfile.wheezy | ||
| letsencrypt-auto | ||
| letsencrypt-auto.sig | ||
| letsencrypt-auto.template | ||
| version.py | ||