summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-12-08SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)Julian Andres Klode
This fixes a security issue where signatures of the InRelease files could be circumvented in a man-in-the-middle attack, giving attackers the ability to serve any packages they want to a system, in turn giving them root access. It turns out that getline() may not only return EINVAL as stated in the documentation - it might also return in case of an error when allocating memory. This fix not only adds a check that reading worked correctly, it also implicitly checks that all writes worked by reporting any other error that occurred inside the loop and was logged by apt. Affected: >= 0.9.8 Reported-By: Jann Horn <jannh@google.com> Thanks: Jann Horn, Google Project Zero for reporting the issue LP: #1647467 (cherry picked from commit 51be550c5c38a2e1ddfc2af50a9fab73ccf78026)
2016-12-08Hack around Ubuntu rejecting symlink copyrightJulian Andres Klode
2016-12-08debian/gbp.conf: Update for 1.3.y branchJulian Andres Klode
Gbp-Dch: ignore
2016-10-04Release 1.3.11.3.1Julian Andres Klode
2016-10-04travis: Move codecov from after_success to after_scriptJulian Andres Klode
We always want to run codecov test, even if there are spurious failures. We should really work around those failures more, though, it is starting to annoy me.
2016-10-04Turkish program translation updateMert Dirik
Closes: #838731
2016-10-04Japanese manpages translation updatevictory
2016-10-04Do not read stderr from proxy autodetection scriptsJulian Andres Klode
This fixes a regression introduced in commit 8f858d560e3b7b475c623c4e242d1edce246025a don't leak FD in AutoProxyDetect command return parsing which accidentally made the proxy autodetection code also read the scripts output on stderr, not only on stdout when it switched the code from popen() to Popen(). Reported-By: Tim Small <tim@seoss.co.uk>
2016-09-20Release 1.31.3Julian Andres Klode
2016-09-18VersionHash: Do not skip too long dependency linesJulian Andres Klode
If the dependency line does not contain spaces in the repository but does in the dpkg status file (because dpkg normalized the dependency list), the dpkg line might be longer than the line in the repository. If it now happens to be longer than 1024 characters, it would be skipped, causing the hashes to be out of date. Note that we have to bump the minor cache version again as this changes the format slightly, and we might get mismatches with an older src cache otherwise. Fixes Debian/apt#23
2016-09-11travis: Add coverage testing using codecov.ioJulian Andres Klode
This allows fully automated code coverage testing, which is basically awesome. To allow the methods and solvers and stuff which run as _apt to write to our build directory, we need to adjust the permissions a bit, but otherwise it's OK. Gbp-Dch: ignore
2016-09-11Coverage: Do not print messages from gcovJulian Andres Klode
We need to ignore messages from gcov. All those messages start with profiling: and are printed using vfprintf(), so the only thing we can do is add a library overriding those functions and linking apt-pkg to it.
2016-09-11CMake: Add coverage build typeJulian Andres Klode
This allows us to easily test coverage
2016-09-11travis: use ninja and ccache for buildingJulian Andres Klode
This cleans up the output a bit, it should also improve performance, but unfortunately, this does not really seem to be the case. Gbp-Dch: ignore
2016-09-07test: Always install dpkg into our tests, regardless of MAJulian Andres Klode
Even if we only configure a single architecture, install dpkg, so dpkg can assert multi arch correctly. This also has the nice side effect of making single architecture and multiple architecture test cases more uniform. This fixes a regression from f878d3a862128bc1385616751ae1d78246b1bd01 ("test: Assert multi-arch in the chroot").
2016-09-07test: framework: Ensure copied status files have trailing linesJulian Andres Klode
If we copied one of the existing status files, we might not have a trailing newline, so let's add one. Gbp-Dch: ignore
2016-09-07edsp: try 2 to read responses even if writing failedDavid Kalnischkies
Commit b60c8a89c281f2bb945d426d2215cbf8f5760738 improved the situation, but due to inconsistency mostly for planners, not for solvers. As the idea of hiding errors if we show another error is a bit scary (as the extern error might be a followup of our intern error, rather than the reason for our intern error as it is at the moment) we don't discard the errors, but if we got an extern error we show them directly removing them from the error list at the end of the run – that list will contain the extern error which hopefully gives us the best of both worlds. The problem itself is the same as before: The externals exiting before apt is done talking to them. Reported-By: Johannes 'josch' Schauer on IRC
2016-09-04abort connection on '.' target replies in SRVDavid Kalnischkies
Commit 3af3ac2f5ec007badeded46a94be2bd06b9917a2 (released in 1.3~pre1) implements proper fallback for SRV, but that works actually too good as the RFC defines that such an SRV record should indicate that the server doesn't provide this service and apt should respect this. The solution is hence to fail again as requested even if that isn't what the user (and perhaps even the server admins) wanted. At least we will print a message now explicitly mentioning SRV to point people in the right direction. Reported-In: https://bugs.kali.org/view.php?id=3525 Reported-By: Raphaël Hertzog
2016-09-03update testing hints in README.mdDavid Kalnischkies
Gbp-Dch: Ignore
2016-09-02Release 1.3~rc41.3_rc4Julian Andres Klode
2016-09-02debian: Pass -O to make to get readable build logsJulian Andres Klode
Normally make just lets every job write its output directly, making the log fairly hard to read with high concurrency.
2016-09-02debian: Move bugscript to old location for overlayfs xdev issueJulian Andres Klode
dpkg on overlayfs cannot rename apt/script to apt, because overlayfs will not let it move apt to a backup name, responding with XDEV instead.
2016-09-02acquire: Use priority queues and a 3 stage pipeline designJulian Andres Klode
Employ a priority queue instead of a normal queue to hold the items; and only add items to the running pipeline if their priority is the same or higher than the priority of items in the queue. The priorities are designed for a 3 stage pipeline system: In stage 1, all Release files and .diff/Index files are fetched. This allows us to determine what files remain to be fetched, and thus ensures a usable progress reporting. In stage 2, all Pdiff patches are fetched, so we can apply them in parallel with fetching other files in stage 3. In stage 3, all other files are fetched (complete index files such as Contents, Packages). Performance improvements, mainly from fetching the pdiff patches before complete files, so they can be applied in parallel: For the 01 Sep 2016 03:35:23 UTC -> 02 Sep 2016 09:25:37 update of Debian unstable and testing with Contents and appstream for amd64 and i386, update time reduced from 37 seconds to 24-28 seconds. Previously, apt would first download new DEP11 icon tarballs and metadata files, causing the CPU to be idle. By fetching the diffs in stage 2, we can now patch our contents and Packages files while we are downloading the DEP11 stuff.
2016-09-02CMake: apt-pkg: Use correct ICONV_INCLUDE_DIRS variableJulian Andres Klode
This accidentally used ICONV_DIRECTORIES, which does not even exist. Weird.
2016-09-02CMake: test/libapt: Use a prebuilt GTest library if availableJulian Andres Klode
If a non-existing source directory is specified, try finding the system gtest library. Debian derived distributions are a bit strange because they only ship the source code and not the library...
2016-09-02gitignore: Add generated docbook stylesheetsJulian Andres Klode
I switched them over to generated files in commit 9fb81c6e54a2fe05c0ad0b877fd32f30358e3877, but forgot to add them to the ignore file. Gbp-Dch: ignore
2016-09-01support long keyid and fingerprint in gpgv's GOODSIGDavid Kalnischkies
In gpgv1 GOODSIG (and the other messages of status-fd) are documented as sending the long keyid. In gpgv2 it is documented to be either long keyid or the fingerprint. At the moment it is still the long keyid, but the documentation hints at the possibility of changing this. We care about this for Signed-By support as we detect this way if the right fingerprint has signed this file (or not). The check itself is done via VALIDSIG which always is a fingerprint, but there must also be a GOODSIG (as expired sigs are valid, too) found to be accepted which wouldn't be found in the fingerprint-case and the signature hence refused.
2016-09-01re-add apt breaks/replaces apt-utils (<< 1.3~exp2~)David Kalnischkies
The recently added (increased actually) Breaks were accidently dropped while our set of mostly old and outdated breaks was cleaned up. Regression-From: 20d2f4a4f164cd9026dad698e471c95d7c28973b Previously-Add-In: ab07af708e49c9219940ffd3e20a01c763267e03 Closes: #836220
2016-09-01tests: silence -Wmissing-declarationsDavid Kalnischkies
Gbp-Dch: Ignore Reported-By: gcc -Wmissing-declarations
2016-09-01try not to call memcpy with length 0 in hash calculationsDavid Kalnischkies
memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined
2016-09-01test-apt-cdrom: Fix for gnupg 2.1.15Julian Andres Klode
gpg annoyingly changed its output and broke our test suite again by adding two extra lines about key type and issuer. Really annoying. Those lines also have more than one space after the colon, so let's use \s* there - and also change the other lines to support variable length whitespace in case gpg decides to break things there too.
2016-08-31Base256ToNum: Fix uninitialized valueJulian Andres Klode
If the inner Base256ToNum() returned false, it did not set Num to a new value, causing it to be uninitialized, and thus might have caused the function to exit despite a good result. Also document why the Res = Num, if (Res != Num) magic is done. Reported-By: valgrind
2016-08-31TagFile: Fix off-by-one errors in comment strippingJulian Andres Klode
Adding 1 to the value of d->End - current makes restLength one byte too long: If we pass memchr(current, ..., restLength) has thus undefined behavior. Also, reading the value of current has undefined behavior if current >= d->End, not only for current > d->End: Consider a string of length 1, that is d->End = d->Current + 1. We can only read at d->Current + 0, but d->Current + 1 is beyond the end of the string. This probably caused several inexplicable build failures on hurd-i386 in the past, and just now caused a build failure on Ubuntu's amd64 builder. Reported-By: valgrind
2016-08-31test/integration/test-srcrecord: Make executableJulian Andres Klode
I actually tried to amend the previous commit, but apparently I forgot to add the file mode change. Gbp-Dch: ignore
2016-08-31Fix segfault and out-of-bounds read in Binary fieldsJulian Andres Klode
If a Binary field contains one or more spaces before a comma, the code produced a segmentation fault, as it accidentally set a pointer to 0 instead of the value of the pointer. If the comma is at the beginning of the field, the code would create a binStartNext that points one element before the start of the string, which is undefined behavior. We also need to check that we do not exit the string during the replacement of spaces before commas: A string of the form " ," would normally exit the boundary of the Buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' isspace_ascii(*binEnd) = true => --binEnd => binEnd = - 1 We get rid of the problem by only allowing spaces to be eliminated if they are not the first character of the buffer: binStartNext = offset 1 ',' binEnd = offset 0 ' ' binEnd > buffer = false, isspace_ascii(*binEnd) = true => exit loop => binEnd remains 0
2016-08-30Release 1.3~rc31.3_rc3Julian Andres Klode
2016-08-30test: Pass -d to dpkg-buildpackageJulian Andres Klode
This works around an issue on Fedora where dpkg complains about missing build-essential: dpkg-checkbuilddeps: Unmet build dependencies: build-essential:native Gbp-Dch: ignore
2016-08-29Add shippable.yml for CI on ShippableJulian Andres Klode
This uses the current Ubuntu 16.04 for testing, but it only runs one run, presumably as root.
2016-08-29test, travis: Quieter testing with a new -qq modeJulian Andres Klode
Introduce a new -qq mode for our integration test framework, and make travis use it. The new -qq mode sets MSGLEVEL to 1. In MSGLEVEL=1, no messages are generated for passed tests, and all testcase filenames are printed in the same line. Also install first in travis, do not ls the installed output and run the install with chronic, so we only get output if it failed. Gbp-Dch: ignore
2016-08-29Switch documentation from httpredir.d.o to deb.d.oJulian Andres Klode
The CDN service deb.d.o is more reliable than the http redirector, so switch to it for our examples.
2016-08-29Add new symbols to symbols fileJulian Andres Klode
There are some optional symbols missing now, but let's keep them in for now, maybe they reappear/still exist on other platforms. The newly added ones actually appeared in older versions already, but there's no huge gain in finding out when precisely we added them.
2016-08-29init: Add Dir::Bin::planners default entryJulian Andres Klode
Apparently we had no default defined for this. Reported-By: David Kalnischkies
2016-08-29init: Fix path to external solversJulian Andres Klode
This accidentally had two apt in it. This fixes a regression from commit 8757a0f. Gbp-Dch: ignore
2016-08-29don't loop on pinning pkgs from absolute debs by regexDavid Kalnischkies
An absolute filename for a *.deb file starts with a /. A package with the name of the file is inserted in the cache which is provided by the "real" package for internal reasons. The pinning code detects a regex based wildcard by having the regex start with /. That is no problem as a / can not be included in a package name… expect that our virtual filename package can and does. We fix this two ways actually: First, a regex is only being considered a regex if it also ends with / (we don't support flags). That stops our problem with the virtual filename packages already, but to be sure we also do not enter the loop if matcher and package name are equal. It has to be noted that the creation of pins for virtual packages like the here effected filename packages is pointless as only versions can be pinned, but checking that a package is really purely virtual is too costly compared to just creating an unused pin. Closes: 835818
2016-08-29randomize acquire order for same type index filesDavid Kalnischkies
Without randomizing the order in which we download the index files we leak needlessly information to the mirrors of which architecture is native or foreign on this system. More importantly, we leak the order in which description translations will be used which in most cases will e.g. have the native tongue first. Note that the leak effect in practice is limited as apt detects if a file it wants to download is already available in the latest version from a previous download and does not query the server in such cases. Combined with the fact that Translation files are usually updated infrequently and not all at the same time, so a mirror can never be sure if it got asked about all files the user wants.
2016-08-27Merge branch 'portability/freebsd'Julian Andres Klode
2016-08-26CMake: Add missing iconv dependencyJulian Andres Klode
FreeBSD has two iconv systems: It ships an iconv.h itself, and symbols for that in the libc. But there's also the port of GNU libiconv, which unfortunately for us, Doxygen depends on. This changes things to prefer a separate libiconv library over the system one; that is, the port on FreeBSD. Gbp-Dch: ignore
2016-08-26Make root group configurable via ROOT_GROUPJulian Andres Klode
This is needed on BSD where root's default group is wheel, not root.
2016-08-26test: Use :$(id -gn) instead of :root (when run as root)Julian Andres Klode
On BSD systems, the root group is wheel, not root, so let's just use the default group here. Gbp-Dch: ignore
2016-08-26test: Assert multi-arch in the chrootJulian Andres Klode
The host system might not have a dpkg installed, which makes dpkg fail with: dpkg not recorded as installed, cannot check for multi-arch support! That's entirely useless of course. We want to know if dpkg could support multi-arch in our chroot, so we pseudo-install dpkg into the chroot and pretend it's version is one version higher than the minimum dpkg version, so dpkg --assert-multi-arch works on recent dpkgs. Gbp-Dch: ignore