[FEATURE] ext:install Verify checksum of downloaded core 92/24492/5
authorChristian Kuhn <lolli@schwarzbu.ch>
Tue, 8 Oct 2013 21:21:44 +0000 (23:21 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Thu, 10 Oct 2013 13:32:31 +0000 (15:32 +0200)
commitbb6b77b588d90a10bb88b9f140e3d4352b4911ac
tree038c232f65c2f83abec2b794eae2d2f714faac62
parent1316fe39bff5138cbc83106571391b2d97b448eb
[FEATURE] ext:install Verify checksum of downloaded core

https://get.typo3.org/json provides checksums of the file content
of each TYPO3 CMS release. The expected sha1 is now compared with
the actual sha1 of the downloaded files to protect upgrades from
broken downloads and some attack vectors.

Change-Id: I1ec604ed2ef5f53abc930ff360ca2d7267e3c64d
Resolves: #52618
Releases: 6.2
Reviewed-on: https://review.typo3.org/24492
Reviewed-by: Sascha Egerer
Tested-by: Sascha Egerer
Reviewed-by: Markus Klein
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
typo3/sysext/install/Classes/Controller/Action/Ajax/CoreUpdateVerifyChecksum.php [new file with mode: 0644]
typo3/sysext/install/Classes/Controller/AjaxController.php
typo3/sysext/install/Classes/Service/CoreUpdateService.php
typo3/sysext/install/Classes/Service/CoreVersionService.php
typo3/sysext/install/Resources/Public/Javascript/Install.js
typo3/sysext/install/Tests/Unit/Service/CoreVersionServiceTest.php