Import Debian version 1.0.1ubuntu2.18

apt (1.0.1ubuntu2.18) trusty; urgency=medium

  * ExecFork: Use /proc/self/fd to determine which files to close
    (Closes: #764204) (LP: #1332440).

apt (1.0.1ubuntu2.17) trusty-security; urgency=high

  * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
    Thanks to Jann Horn, Google Project Zero for reporting the issue
    (LP: #1647467)

apt (1.0.1ubuntu2.15) trusty; urgency=medium

  * Fixes failure to download the Package index file when using
    mirror:// URL in sources.list and the archive fails to profile
    a file. APT would try the next archive in the list for .deb
    packages but did not retry when the index file failed to download.
    (LP: #1625667)

apt (1.0.1ubuntu2.14) trusty; urgency=medium

  * When using the https transport mechanism, $no_proxy is ignored if apt is
    getting it's proxy information from $https_proxy (as opposed to
    Acquire::https::Proxy somewhere in apt config). If the source of proxy
    information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
    then $no_proxy is honored. This patch makes the behavior similar for
    both methods of setting the proxy. (LP: #1575877)

apt (1.0.1ubuntu2.13) trusty; urgency=medium

  * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
    Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
    systemd, util-linux, and other packages with Pre-Depends. Many thanks to
    David Kalnischkies for figuring out the patch and Winfried PLappert for
    testing! Patch taken from Debian git. (LP: #1560797)

apt (1.0.1ubuntu2.12) trusty; urgency=medium

  [ Colin Watson ]
  * Fix lzma write support to handle "try again" case (closes: #751688,
    LP: #1553770).

  [ David Kalnischkies ]
  * Handle moved mmap after UniqFindTagWrite call (closes: #753941,
    LP: #1445436).

apt (1.0.1ubuntu2.11) trusty; urgency=medium

  * apt-pkg/packagemanager.cc:
    - fix incorrect configure ordering in the SmartConfigure step by skipping
      packages that do not need immediate action. (LP: #1347721, #1497688)

apt (1.0.1ubuntu2.10) trusty; urgency=medium

  * Fix regression from the previous upload by ensuring we're actually
    testing for the right member before iterating on it (LP: #1480592)

apt (1.0.1ubuntu2.9) trusty; urgency=medium

  * Fix regression in the Never-MarkAuto-Sections feature caused by the
    previous auto-removal fix, with inspiration drawn from the patches
    and conversation from http://bugs.debian.org/793360 (LP: #1479207)

apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low

  * fix crash for packages that have no section in their instVersion
    (LP: #1449394)

apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low

  * fix auto-removal behavior (thanks to Adam Conrad)
    LP: #1429041

apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium

  * apt-pkg/deb/dpkgpm.cc:
    - update string matching for dpkg I/O errors. (LP: #1363257)
    - properly parse the dpkg status line so that package name is properly set
      and an apport report is created. Thanks to Anders Kaseorg for the patch.
      (LP: #1353171)

apt (1.0.1ubuntu2.5) trusty-security; urgency=low

  * SECURITY UPDATE:
      - cmdline/apt-get.cc: fix insecure tempfile handling in
        apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover

apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low

  * SECURITY UPDATE:
    - fix potential buffer overflow, thanks to the
      Google Security Team (CVE-2014-6273)
  * Fix regression from the previous upload when file:/// sources
    are used and those are on a different partition than
    the apt state directory
  * Fix regression when Dir::state::lists is set to a relative path
  * Fix regression when cdrom: sources got rewriten by apt-cdrom add

apt (1.0.1ubuntu2.3) trusty-security; urgency=low

  * SECURITY UPDATE:
    - incorrect invalidating of unauthenticated data (CVE-2014-0488)
    - incorect verification of 304 reply (CVE-2014-0487)
    - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)

1 files changed, 53 insertions, 54 deletions

diff --git a/ftparchive/writer.cc b/ftparchive/writer.cc
index 7c1c9cc03..153c4fb42 100644
--- a/ftparchive/writer.cc
+++ b/ftparchive/writer.cc
@@ -385,14 +385,10 @@ bool FTWScanner::SetExts(string const &Vals)
 bool PackagesWriter::DoPackage(string FileName)
 {      
    // Pull all the data we need form the DB
-   if (Db.GetFileInfo(FileName, 
-                      true,   /* DoControl */
-                      DoContents, 
-                      true,   /* GenContentsOnly */
-                      false,  /* DoSource */
-                      DoMD5, DoSHA1, DoSHA256, DoSHA512, DoAlwaysStat) == false)
+   if (Db.GetFileInfo(FileName, true, DoContents, true, DoMD5, DoSHA1, DoSHA256, DoSHA512, DoAlwaysStat)
+		  == false)
    {
-     return false;
+      return false;
    }
 
    unsigned long long FileSize = Db.GetFileSize();
@@ -618,36 +614,59 @@ SourcesWriter::SourcesWriter(string const &DB, string const &BOverrides,string c
 /* */
 bool SourcesWriter::DoPackage(string FileName)
 {
-   // Pull all the data we need form the DB
-   if (Db.GetFileInfo(FileName,
-                      false,  /* DoControl */
-                      false,  /* DoContents */
-                      false,  /* GenContentsOnly */
-                      true,   /* DoSource */
-                      DoMD5, DoSHA1, DoSHA256, DoSHA512, DoAlwaysStat) == false)
-   {
+   // Open the archive
+   FileFd F;
+   if (OpenMaybeClearSignedFile(FileName, F) == false)
       return false;
+
+   unsigned long long const FSize = F.FileSize();
+   //FIXME: do we really need to enforce a maximum size of the dsc file?
+   if (FSize > 128*1024)
+      return _error->Error("DSC file '%s' is too large!",FileName.c_str());
+
+   if (BufSize < FSize + 2)
+   {
+      BufSize = FSize + 2;
+      Buffer = (char *)realloc(Buffer , BufSize);
    }
 
-   // we need to perform a "write" here (this is what finish is doing)
-   // because the call to Db.GetFileInfo() in the loop will change
-   // the "db cursor"
-   Db.Finish();
+   if (F.Read(Buffer, FSize) == false)
+      return false;
 
-   // read stuff
-   char *Start = Db.Dsc.Data;
-   char *BlkEnd = Db.Dsc.Data + Db.Dsc.Length;
+   // Stat the file for later (F might be clearsigned, so not F.FileSize())
+   struct stat St;
+   if (stat(FileName.c_str(), &St) != 0)
+      return _error->Errno("fstat","Failed to stat %s",FileName.c_str());
+
+   // Hash the file
+   char *Start = Buffer;
+   char *BlkEnd = Buffer + FSize;
+
+   Hashes DscHashes;
+   if (FSize == (unsigned long long) St.st_size)
+   {
+      if (DoMD5 == true)
+	 DscHashes.MD5.Add((unsigned char *)Start,BlkEnd - Start);
+      if (DoSHA1 == true)
+	 DscHashes.SHA1.Add((unsigned char *)Start,BlkEnd - Start);
+      if (DoSHA256 == true)
+	 DscHashes.SHA256.Add((unsigned char *)Start,BlkEnd - Start);
+      if (DoSHA512 == true)
+	 DscHashes.SHA512.Add((unsigned char *)Start,BlkEnd - Start);
+   }
+   else
+   {
+      FileFd DscFile(FileName, FileFd::ReadOnly);
+      DscHashes.AddFD(DscFile, St.st_size, DoMD5, DoSHA1, DoSHA256, DoSHA512);
+   }
 
    // Add extra \n to the end, just in case (as in clearsigned they are missing)
    *BlkEnd++ = '\n';
    *BlkEnd++ = '\n';
 
    pkgTagSection Tags;
-   if (Tags.Scan(Start,BlkEnd - Start) == false)
+   if (Tags.Scan(Start,BlkEnd - Start) == false || Tags.Exists("Source") == false)
       return _error->Error("Could not find a record in the DSC '%s'",FileName.c_str());
-   
-   if (Tags.Exists("Source") == false)
-      return _error->Error("Could not find a Source entry in the DSC '%s'",FileName.c_str());
    Tags.Trim();
 
    // Lookup the overide information, finding first the best priority.
@@ -695,10 +714,6 @@ bool SourcesWriter::DoPackage(string FileName)
       OverItem = auto_ptr<Override::Item>(new Override::Item);
    }
    
-   struct stat St;
-   if (stat(FileName.c_str(), &St) != 0)
-      return _error->Errno("fstat","Failed to stat %s",FileName.c_str());
-
    auto_ptr<Override::Item> SOverItem(SOver.GetItem(Tags.FindS("Source")));
    // const auto_ptr<Override::Item> autoSOverItem(SOverItem);
    if (SOverItem.get() == 0)
@@ -717,23 +732,23 @@ bool SourcesWriter::DoPackage(string FileName)
    string const strippedName = flNotDir(FileName);
    std::ostringstream ostreamFiles;
    if (DoMD5 == true && Tags.Exists("Files"))
-      ostreamFiles << "\n " << Db.MD5Res.c_str() << " " << St.st_size << " "
+      ostreamFiles << "\n " << string(DscHashes.MD5.Result()) << " " << St.st_size << " "
 		   << strippedName << "\n " << Tags.FindS("Files");
    string const Files = ostreamFiles.str();
 
    std::ostringstream ostreamSha1;
    if (DoSHA1 == true && Tags.Exists("Checksums-Sha1"))
-      ostreamSha1 << "\n " << string(Db.SHA1Res.c_str()) << " " << St.st_size << " "
+      ostreamSha1 << "\n " << string(DscHashes.SHA1.Result()) << " " << St.st_size << " "
 		   << strippedName << "\n " << Tags.FindS("Checksums-Sha1");
 
    std::ostringstream ostreamSha256;
    if (DoSHA256 == true && Tags.Exists("Checksums-Sha256"))
-      ostreamSha256 << "\n " << string(Db.SHA256Res.c_str()) << " " << St.st_size << " "
+      ostreamSha256 << "\n " << string(DscHashes.SHA256.Result()) << " " << St.st_size << " "
 		   << strippedName << "\n " << Tags.FindS("Checksums-Sha256");
 
    std::ostringstream ostreamSha512;
    if (DoSHA512 == true && Tags.Exists("Checksums-Sha512"))
-      ostreamSha512 << "\n " << string(Db.SHA512Res.c_str()) << " " << St.st_size << " "
+      ostreamSha512 << "\n " << string(DscHashes.SHA512.Result()) << " " << St.st_size << " "
 		   << strippedName << "\n " << Tags.FindS("Checksums-Sha512");
 
    // Strip the DirStrip prefix from the FileName and add the PathPrefix
@@ -770,13 +785,8 @@ bool SourcesWriter::DoPackage(string FileName)
           (DoSHA256 == true && !Tags.Exists("Checksums-Sha256")) ||
           (DoSHA512 == true && !Tags.Exists("Checksums-Sha512")))
       {
-         if (Db.GetFileInfo(OriginalPath, 
-                            false, /* DoControl */
-                            false, /* DoContents */
-                            false, /* GenContentsOnly */
-                            false, /* DoSource */
-                            DoMD5, DoSHA1, DoSHA256, DoSHA512,
-                            DoAlwaysStat) == false)
+         if (Db.GetFileInfo(OriginalPath, false, false, false, DoMD5, DoSHA1, DoSHA256, DoSHA512, DoAlwaysStat)
+               == false)
          {
             return _error->Error("Error getting file info");
          }
@@ -792,9 +802,6 @@ bool SourcesWriter::DoPackage(string FileName)
          if (DoSHA512 == true && !Tags.Exists("Checksums-Sha512"))
             ostreamSha512 << "\n " << string(Db.SHA512Res) << " "
                << Db.GetFileSize() << " " << ParseJnk;
-
-         // write back the GetFileInfo() stats data 
-         Db.Finish();
       }
 
       // Perform the delinking operation
@@ -865,7 +872,7 @@ bool SourcesWriter::DoPackage(string FileName)
 
    Stats.Packages++;
    
-   return true;
+   return Db.Finish();
 }
 									/*}}}*/
 
@@ -886,15 +893,7 @@ ContentsWriter::ContentsWriter(string const &DB, string const &Arch) :
    determine what the package name is. */
 bool ContentsWriter::DoPackage(string FileName, string Package)
 {
-   if (!Db.GetFileInfo(FileName, 
-                       Package.empty(), /* DoControl */
-                       true,            /* DoContents */
-                       false,           /* GenContentsOnly */
-                       false,           /* DoSource */
-                       false,           /* DoMD5 */
-                       false,           /* DoSHA1 */
-                       false,           /* DoSHA256 */
-                       false))          /* DoSHA512 */
+   if (!Db.GetFileInfo(FileName, Package.empty(), true, false, false, false, false, false))
    {
       return false;
    }