Age | Commit message (Collapse) | Author |
|
Beside adding the relatively new Item::Proxy method we are also slightly
preparing for gcc-8.
|
|
Hardcoding a specific version is sad as default versions change over
time, so instead of tying us to a specific clang version we let the
script figure out a good version by looking at what is available in
PATH.
Gbp-Dch: Ignore
|
|
If we perform candidate switching in requests like "apt install foo/bar"
we should first check if the dependencies of foo from release bar are
already satisfied by what is already installed before checking if the
candidate (or switched candidate) would.
|
|
If a InRelease file fails to download with a non-404 error
we assumed there is some general problem with repository like
a webportal or your are blocked from access (wrong auth, Tor, …).
Turns out some server like S3 return 403 if a file doesn't exist.
Allowing this in general seems like a step backwards as 403 is a
reasonable response if auth failed, so failing here seems better
than letting those users run into problems.
What we can do is show our insecure warnings through and allow the
failures for insecure repos: If the repo is signed it is easy to add
an InRelease file and if not you are setup for trouble anyhow.
References: cbbf185c3c55effe47f218a07e7b1f324973a8a6
|
|
We did not strip away profiling messages when we were diffing
from stdin (-). Just always write temporary files and strip from
them.
We also had a problem when stripping ...profiling: from a line
and the next line starts with profiling. Split the sed into two
calls so we first remove complete profiling: lines before fixing
the ...profiling: cases.
|
|
We accidentally did not translate the entity file, but should
have. This makes apt.ent translatable again. This generates the
target multiple times, but surprisingly, that works just fine, so
let's just keep it that way, as it's clean code otherwise.
|
|
Adding manpages is really hard it seems.
References: ea408c560ed85bb4ef7cf8f72f8463653501332c,
ea7581c9aaaaebf844d00935a1cdf8c8fee7f7f3,
90bfc5b057d3f9136ffe34089b6e56d59593797c
|
|
apt usually gets the width of the window from the terminal or failing
that has a default value, but especially for testing it can be handy
to control the size as you can't be sure that variable sized content
will always be linebreaked as expected in the testcases.
|
|
The documentation said "spaces", but there is no real reason to be so
strict and only allow spaces to separate values as that only leads to
very long lines if e.g. multiple URIs are specified which are again hard
to deal with from a user PoV which the deb822 format is supposed to
avoid. It also deals with multiple consecutive spaces and strange things
like tabs users will surely end up using in the real world.
The old behviour on encountering folded lines is the generation of URIs
which end up containing all these whitespace characters which tends to
mess really bad with output and further processing.
Closes: 881875
|
|
Clean up the control file a bit.
|
|
We accidentally regressed here in 1.5 when replacing the https
method.
|
|
aptitude used to use gzip:// for changelog URLs, but is now
fixed to use store.
|
|
|
|
Closes: #881402
|
|
qemu-user passes prctl()-based seccomp through to the kernel,
umodified. That's bad, as it blocks the wrong syscalls.
We ignored EFAULT which fixed the problem for targets with different
pointer sizes from the host, but was a bad hack. In order to identify
qemu we can rely on the fact that qemu-user prints its version and
exits with 0 if QEMU_VERSION is set to an unsupported value. If we
run a command that should fail in such an environment, and it exits
with 0, then we are running in qemu-user.
apt-helper is an obvious command to run. The tests ensure it exits
with 1, and it only prints usage information. We also could not use
/bin/false because apt might just as well be from a foreign arch
while /bin/false is not.
Closes: #881519
|
|
We need to use a versioned breaks again, otherwise the
transitional package would not be installable.
Gbp-Dch: ignore
|
|
|
|
Makes lintian happy, but is basically useless
Gbp-Dch: ignore
|
|
This fixes issues with debootstrap. The package will disappear
after the release of buster.
|
|
No further changes required.
|
|
We don't need fakeroot for building!
|
|
|
|
Regression-Of: cc1f94c95373670fdfdb8e2d6cf9125181f7df0c
|
|
It used FindI() > 0, but if it is too big, FindI() would
cause an error "Cannot convert %s to integer: out of range",
so let's also use FindULL() here.
Gbp-Dch: ignore
|
|
Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends
are larger than 4 GB, but read as a signed integer - that's
fine so far, as the value is in KB, but it's multiplied with
1024 which overflows. So let's read it as unsigned long long
instead.
While we're at it, also use unsigned long long for Size, in
case that is bigger than 2 GB.
|
|
We sleep in http.cc, so we should allow the sleeping syscalls.
|
|
The store method replaced them all, the symlinks where mostly
for partial upgrades or whatever, they should not be needed
any longer.
|
|
Sorting apparently calls sysconf() which calls sysinfo() to get
free pages or whatever.
Closes: #879814, #879826
|
|
We do want to get our autopkgtests triggered by dpkg uploads
in Ubuntu, but this does not happen because we don't have
an explicit dependency on it. Add one.
|
|
|
|
This fixes a regression introduced in
commit 43b9eb5bac15666fdc0346aca7031fab0fa5e064
CMake: methods: Cleanup link libraries, use OBJECT libraries
Gbp-Dch: ignore
|
|
This should help debugging crashes. The signal handler is a C++11
lambda, yay! Special care has been taken to only use signal handler
-safe functions inside there.
|
|
If seccomp is disabled, we fallback to running without it. Qemu fails
in the seccomp() call, returning ENOSYS and libseccomp falls back to
prctl() without adjusting the pointer, causing the EFAULT. I hope
qemu gets fixed at some point to return EINVAL for seccomp via
prctl.
Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
|
|
We would like to issue a warning about seccomp support in
Configuration(), but since the queue is empty, there is no
current item to show the URL for and we get a segfault. Show
the protocol instead.
|
|
If FAKED_MODE is set, enable SYSV IPC so we don't crash when
running in fakeroot.
Closes: #879662
|
|
Use OBJECT libraries for http and connect stuff, and move the
seccomp link expression into a global link_libraries() call.
This also fixes a bug where only the http target pulled in
the gnutls header arguments despite gnutls being used in
connect.cc, and thus by mirror and ftp as well.
Adjust translation support to ignore TARGET_OBJECTS sources
and add the OBJECT libraries to the translated files.
|
|
statx was introduced in 4.11, so it fails to build in stretch if
we just unconditionally use it.
|
|
|
|
These are a few overlooked syscalls. Also add readv(), writev(),
renameat2(), and statx() in case libc uses them.
Gbp-Dch: ignore
|
|
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
|
|
This was a left over from the autodetect move.
Gbp-Dch: ignore
|
|
Sandboxing was turned off because we called pkgAcqMethod's
Configuration() instead of aptMethod's.
|
|
The previous change moved running the proxy detection program from the
method to the main process, so it runs as root and not as _apt. This
brings it back into the sandbox.
Gbp-Dch: ignore
|
|
This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.
|
|
tagfile-order.c: Add missing fields from dpkg 1.19
For binary packages, this is Build-Essential; for source packages,
it is Description.
test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19
test-apt-extracttemplates: Fix for dpkg 1.19
|
|
Closes: #879137
|
|
|
|
cppcheck reports:
(portability) Passing NULL after the last typed argument to a variadic
function leads to undefined behaviour.
We don't ship on any platform which has this as undefined behaviour
through – or it would be pretty well defined "bad" behaviour which
always works, so even through UB is a trigger word, its hardly
noteworthy as a change (and as a bonus the scanners of gcc/clang
don't consider it UB).
The commonly accepted method of fixing that seems to be (const
char*)NULL, but it is in fact much simpler to just switch to the varadic
functions C++ provides resolving the warning and reducing code.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
A va_copy call needs to be closed in all branches with va_end, so these
functions would need to be reworked slightly, but we don't actually need
to copy the va_list as we don't work on it, we just push it forward, so
dropping the copy and everyone is happy.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).
A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.
The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.
Closes: #876508
|