summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-12-07CVE-2020-27350: arfile: Integer overflow in parsingJulian Andres Klode
GHSL-2020-169: This first hunk adds a check that we have more files left to read in the file than the size of the member, ensuring that (a) the number is not negative, which caused the crash here and (b) ensures that we similarly avoid other issues with trying to read too much data. GHSL-2020-168: Long file names are encoded by a special marker in the filename and then the real filename is part of what is normally the data. We did not check that the length of the file name is within the length of the member, which means that we got a overflow later when subtracting the length from the member size to get the remaining member size. The file createdeb-lp1899193.cc was provided by GitHub Security Lab and reformatted using apt coding style for inclusion in the test case, both of these issues have an automated test case in test/integration/test-ubuntu-bug-1899193-security-issues. LP: #1899193
2020-05-14Fix location of testdeb in added regression testsJulian Andres Klode
2020-05-12Release 1.8.2.1Julian Andres Klode
2020-05-12.gitlab.ci.yml: Point to debian:busterJulian Andres Klode
2020-05-12SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation ↵Julian Andres Klode
(CVE-2020-3810) When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177
2019-05-28Release 1.8.21.8.2Julian Andres Klode
2019-05-21Unlock dpkg locks in reverse locking orderJulian Andres Klode
We need to unlock in the reverse order of locking in order to get useful behavior. LP: #1829860
2019-05-21methods: https: handle requests for TLS re-handshakeMichael Zhivich
When accessing repository protected by TLS mutual auth, apt may receive a "re-handshake" request from the server, which must be handled in order for download to proceed. This situation arises when the server requests a client certificate based on the resource path provided in the GET request, after the inital handshake in UnwrapTLS() has already occurred, and a secure connection has been established. This issue has been observed with Artifactory-backed Debian repository. To address the issue, split TLS handshake code out into its own method in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received. Signed-off-by: Michael Zhivich <mzhivich@akamai.com> (merged from Debian/apt#93) LP: #1829861
2019-05-21French manpages translation updateJean-Pierre Giraud
Closes: #929290
2019-05-21Portuguese manpages translation updateAmérico Monteiro
Closes: #926614
2019-05-21Fix typo in German manpage translationTilmanK
Github-Fixes: #89 (cherry picked from commit 46ef1a3e8c8895c53ff1e4787dc96d4f6c5dba27)
2019-05-21Flip /: in documented default value of DPkg::PathAlwin Henseler
The value as shown in the NEWS file (not in the code) has a typo in which just a "/" and ":" are swapped. Closes: #917986 (cherry picked from commit 4c27ca80e2de06ab0fd058349f9813b60824cf04)
2019-05-06Release 1.8.11.8.1Julian Andres Klode
2019-05-06Add linux-{buildinfo,image-unsigned,source} versioned kernel pkgsJulian Andres Klode
LP: #1821640 (cherry picked from commit 507124fd81066536c7c01a2039fcc6ee9f02a234)
2019-05-03Prevent shutdown while running dpkgJulian Andres Klode
As long as we are running dpkg, keep an inhibitor that blocks us from shutting down. LP: #1820886
2019-04-02Add test case for local-only packages pinned to neverJulian Andres Klode
Test from the fix for the regression in trusty for LP #1821308.
2019-03-08Release 1.8.01.8.0Julian Andres Klode
2019-03-07CMake: Install auth.conf.d directoryJulian Andres Klode
The missing auth.conf.d directory was an oversight, it should be there. LP: #1818996
2019-03-06Dutch manpages translation updateFrans Spiesschaert
Closes: #923834
2019-03-06Dutch program translation updateFrans Spiesschaert
Closes: #923728
2019-03-06Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)Julian Andres Klode
Bad accident. Accidents happen.
2019-03-04Merge branch 'l10n-1.8.y' into '1.8.y'Julian Andres Klode
[l10n] Update Italian translation See merge request apt-team/apt!53
2019-03-04Merge branch 'bugfix/reportbinarysig' into '1.8.y'Julian Andres Klode
Add explicit message for unsupported binary signature See merge request apt-team/apt!52
2019-03-04[l10n] Update Italian translationMilo Casagrande
Signed-off-by: Milo Casagrande <milo@milo.name>
2019-03-03Add explicit message for unsupported binary signatureDavid Kalnischkies
Verifying the content of Release.gpg made us fail on binary signatures which were never officially supported (apt-secure manpage only documents only the generation of ASCII armored), but silently accepted by gpgv as we passed it on unchecked before. The binary format is complex and is itself split into old and new formats so adding support for this would not only add lots of code but also a good opportunity for bugs and dubious benefit. Reporting this issue explicitly should help repository creators figure out the problem faster than the default NODATA message hinting at captive portals. Given that the binary format has no file magic or any other clear and simple indication that this is a detached signature we guess based on the first two bits only – and by that only supporting the "old" binary format which seems to be the only one generated by gnupg in this case. References: e2965b0b6bdd68ffcad0e06d11755412a7e16e50 Closes: #921685
2019-02-26Release 1.8.0~rc41.8.0_rc4Julian Andres Klode
2019-02-13Introduce APT::Install::Pre-Invoke / Post-Invoke-SuccessJulian Andres Klode
These will run in our frontends currently, and can show messages. For the sake of keeping the implementation complexity low, a non-success variant of Post-Invoke is not provided. LP: #1815761
2019-02-13update: Provide APT::Update-Post-Invoke-Stats script hook pointJulian Andres Klode
This is run after an update has been run and only if status on the new cache has been shown, allowing scripts to display their own status messages. LP: #1815760
2019-02-11Release 1.8.0~rc31.8.0_rc3Julian Andres Klode
2019-02-11Install translated apt_auth and apt-transport-* manpagesJulian Andres Klode
Seems we missed those before.
2019-02-11debian/gbp.conf: Set debian-branch to 1.8.yJulian Andres Klode
2019-02-10Dutch manpages translation updateFrans Spiesschaert
Closes: #921941 Reviewed-By: Debian L10n Dutch <debian-l10n-dutch@lists.debian.org>
2019-02-10Dutch program translation updateFrans Spiesschaert
Closes: #921934 Reviewed-By: Debian L10n Dutch <debian-l10n-dutch@lists.debian.org>
2019-02-10Fix various typos in the documentationJakub Wilk
2019-02-10Russian program translation updateАлексей Шилин
Closes: #921830 Thanks: Vladimir Zhbanov <vzhbanov@gmail.com>
2019-02-07json-hooks-protocol: The "pin" field is optionalJulian Andres Klode
2019-02-07Fix issues in previous two debian/changelog entriesJulian Andres Klode
Last entry included an item that was not in the release, and the one before that was signed with the wrong email address.
2019-02-05aptmethod.h: Do not have gcc warning about ignoring write() resultJulian Andres Klode
This is a special case here, a best effort write, so there's no point in having warnings about it for every method.
2019-02-04Release 1.8.0~rc21.8.0_rc2Julian Andres Klode
2019-02-04Correctly handle feature detection for sse4.2 and crc32Julian Andres Klode
Mistakingly used #define instead of #cmakedefine
2019-02-04Release 1.8.0~rc11.8.0_rc1Julian Andres Klode
2019-02-04Use std::to_string() for HashStringList::FileSize() getterJulian Andres Klode
This slightly improves performance, as std::to_string() (as in gcc's libstdc++) avoids a heap allocation. This is surprisingly performance critical code, so we might want to improve things further in 1.9 by manually calculating the string - that would also get rid of issues with locales changing string formatting, if any.
2019-02-04Detect function multiversioning and sse4.2/crc32, enables i386Julian Andres Klode
This fixes the build on kfreebsd-amd64, and due to the detection of sse4.2, should also enable the sse4.2 on i386.
2019-02-04gpgv: Use buffered writes for splitting clearsigned filesJulian Andres Klode
This is safe here, as the code ensures that the file is flushed before it is being used. The next series should probably make GetTempFile() buffer writes by default.
2019-02-04Merge branch 'pu/dead-pin' into 'master'Julian Andres Klode
A pin of -32768 overrides any other, disables repo See merge request apt-team/apt!40
2019-02-01Add a Packages-Require-Authorization Release file fieldJulian Andres Klode
This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource.
2019-02-01Introduce experimental 'never' pinning for sourcesJulian Andres Klode
This allows disabling a repository by pinning it to 'never', which is internally translated to a value of -32768 (or whatever the minimum of short is). This overrides any other pin for that repository. It can be used to make sure certain sources are never used; for example, in unattended-upgrades. To prevent semantic changes to existing files, we substitute min + 1 for every pin-priority: <min>. This is a temporary solution, as we are waiting for an ABI break. To add pins with that value, the special Pin-Priority "never" may be used for now. It's unclear if that will persist, or if the interface will change eventually.
2019-02-01Merge branch 'pu/refuseunsignedlines' into 'master'Julian Andres Klode
Fail if InRelease or Release.gpg contain unsigned lines See merge request apt-team/apt!45
2019-02-01French program translation updateBaptiste Jammet
Closes: #921008 Reviewed-By: Debian L10n French <debian-l10n-french@lists.debian.org>
2019-02-01Russian program translation updateАлексей Шилин
Closes: #921011