Age | Commit message (Collapse) | Author |
|
|
|
These are a few overlooked syscalls. Also add readv(), writev(),
renameat2(), and statx() in case libc uses them.
Gbp-Dch: ignore
|
|
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
|
|
This was a left over from the autodetect move.
Gbp-Dch: ignore
|
|
Sandboxing was turned off because we called pkgAcqMethod's
Configuration() instead of aptMethod's.
|
|
The previous change moved running the proxy detection program from the
method to the main process, so it runs as root and not as _apt. This
brings it back into the sandbox.
Gbp-Dch: ignore
|
|
This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.
|
|
tagfile-order.c: Add missing fields from dpkg 1.19
For binary packages, this is Build-Essential; for source packages,
it is Description.
test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19
test-apt-extracttemplates: Fix for dpkg 1.19
|
|
Closes: #879137
|
|
|
|
cppcheck reports:
(portability) Passing NULL after the last typed argument to a variadic
function leads to undefined behaviour.
We don't ship on any platform which has this as undefined behaviour
through – or it would be pretty well defined "bad" behaviour which
always works, so even through UB is a trigger word, its hardly
noteworthy as a change (and as a bonus the scanners of gcc/clang
don't consider it UB).
The commonly accepted method of fixing that seems to be (const
char*)NULL, but it is in fact much simpler to just switch to the varadic
functions C++ provides resolving the warning and reducing code.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
A va_copy call needs to be closed in all branches with va_end, so these
functions would need to be reworked slightly, but we don't actually need
to copy the va_list as we don't work on it, we just push it forward, so
dropping the copy and everyone is happy.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).
A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.
The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.
Closes: #876508
|
|
This isn't really used by the acquire system at all at the moment and
the only method potentially sending this information is file://, but
that used to be working correctly before broken in 2013, so better fix
it now and worry about maybe using the data some day later.
Regression-Of: b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9
|
|
Using hardcoded array-indexes in the build-dependency parsing is
efficient, but less discoverable and easier to break. We can avoid
this by making it even more efficient (not that it would be noticeable)
allowing us to do explicitly named comparisons instead.
Gbp-Dch: Ignore
|
|
APT used to parse only wellformed files produced by repository creation
tools which removed empty files as pointless before apt would see them.
Now that apt can be told to parse e.g. debian/control files directly, it
needs to be a little more accepting through: We had this with comments
already, now let it deal with the far more trivial empty fields.
Closes: #875363
|
|
APT connects just fine to any .onion address given, only if the connect
fails somehow it will perform checks on the sanity of which in this case
is checking the length as they are well defined and as the strings are
arbitrary a user typing them easily mistypes which apt should can be
slightly more helpful in figuring out by saying the onion hasn't the
required length.
|
|
This automatically removes any old apt-transport-https, as
apt now Breaks it unversioned.
|
|
|
|
|
|
|
|
|
|
In commit Do not warn about duplicate "legacy" targets, we
we added an if, that changed the .po files...
|
|
|
|
We now wait for being online ourselves, so all we need to wait
on is for services we are using to be online first. This avoids
severe boot slowdowns by other services having specified an
After=network-online.target without a Wants=.
Gbp-Dch: Full
|
|
|
|
This fixes the indentation of struct members, for
example, which were previously indented by 4 spaces.
Gbp-Dch: ignore
|
|
|
|
We do not actually test without these libraries, and it likely
would not build without them due to them being NOTFOUND and CMake
exiting with an error, so let's just mark them as required.
|
|
When udev is not available, the variables for libraries and
include paths are set to NOTFOUND rather than an empty string
and CMake exits with an error. Use a generator expression to
only use these variables when UDEV_FOUND is true.
|
|
|
|
We previously dlopen()ed it, but it seems painful to do that
without any real gain, except for possibly not having libudev
in the address space and not having code #ifdefed for Linux.
The latter means that we are a bit more likely to break stuff
for non-Linux systems now if we play with udev, but at least
we don't end up with it silently breaking because of a libudev
ABI break.
The existing function pointers in the struct were renamed and
kept for compat purposes.
Fixes Debian/apt#48
Also adjust prepare-release to strip [linux-any] from build-depends
for travis.
|
|
When writing a Sources files hashes that were already present
in the .dsc were always copied through (or modified), even if
disabled. Remove them instead when they are disabled, otherwise
we end up with hashes for tarballs and stuff but not for dsc
files (as the dsc obviously does not hash itself).
Also adjust the tests: test-compressed-indexes relied on Files
being present in showsrc, and test-apt-update-weak-hashes expected
the tarball to be downloaded when an archive only has MD5 and we
are requiring SHA256 because that used to work because the tarball
was always included.
Closes: #872963
|
|
This fails if no Files field exists anymore, for example, because
the Sources index only contains SHA256 hashes. Instead check all
hashes.
|
|
If a source has a legacy Contents file, and two lines mention
the same archive but different components, a warning would be
issued that is confusing. So, as the field is named Contents-deb-legacy,
let's just not print warnings for fields containing "legacy".
LP: #1697120
Closes: #839259
|
|
There's no real point in pulling it in in the timer already,
and it it somewhat saver to do so in the service.
|
|
Introduce a new helper, apt-helper wait-online that uses
NetworkManager and/or systemd-networkd to wait for them
reporting online, with a time out of 30 seconds; and run
that helper before running the daily update script.
LP: #1699850
Gbp-Dch: Full
|
|
The relevant calling code as well as the implementation for the deb
system was removed 2 years ago with the refactoring of release
information storage (b07aeb1a6e24825e534167a737043441e871de9f).
This commit removes the the unused remains of this change with no
practical effect on anybody (expect codesize) as the methods were
declared as hidden and hence only libapt could have called it.
Gbp-Dch: Ignore
|
|
A libapt user who hasn't initialized _system likely has a reason, so we
shouldn't greet back with a segfault usually deep down in the callstack
for no reason. If the user had intended to pick up information from the
system, _system wouldn't be uninitialized after all.
LP: #1613184
SRU: 1.4.y
|
|
Commit e250a8d8d8ef2f8f8c5e2041f7645c49fba7aa36 implemented the fix and
should have included already this testcase for it.
Gbp-Dch: Ignore
|
|
APT by default logs terminal (term.log) and actions (history.log), but
if either or Dir::Log directly is set to /dev/null it continues to do
so, which isn't too bad – just wasted effort – but term.log is
chmodded to protect it from the general public (as it may contain
otherwise private data the admin entired in the terminal) which
shouldn't happen for /dev/null.
|
|
gpgv: WARNING: This key is not suitable for signing in --compliance=gnupg mode
|
|
Closes: #874293
|
|
Closes: #874285
|
|
Closes: #873914
|
|
Seems we forgot to update the packaging when adding the manual
page. Once we have translations for it, we need to add them
as well...
Closes: #873934
|
|
|
|
It was broken because apt.conf.d was not readable, but that's
where the architecture is defined...
|
|
As a follow up to the last commit, let's replace APT_CONST
with APT_PURE everywhere to clean stuff up.
|
|
Functions marked with the const attribute may not inspect
any global memory. This includes targets of pointers or
references passed as arguments. A pure function however
is free to inspect memory, but may not have any side
effects.
The function StringSplit() was marked as const, but took
two references to strings. When the second one was passed
as a literal as in StringSplit(name, "::") the compiler
cleverly figured out that we only inspect the address of
"::" (since StringSplit is const) and thus optimized away
the "::" content.
While patching out individual broken uses of APT_CONST
would be possible, this is already the second case, and
there might be more, so let's redefine APT_CONST to use
the pure attribute, so we don't end up with the same
situation again in some time.
|