summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-23Fail on non-signature lines in Release.gpgDavid Kalnischkies
The exploit for CVE-2019-3462 uses the fact that a Release.gpg file can contain additional content beside the expected detached signature(s). We were passing the file unchecked to gpgv which ignores these extras without complains, so we reuse the same line-reading implementation we use for InRelease splitting to detect if a Release.gpg file contains unexpected data and fail in this case given that we in the previous commit we established that we fail in the similar InRelease case now.
2019-01-23Fail instead of warn for unsigned lines in InReleaseDavid Kalnischkies
The warnings were introduced 2 years ago without any reports from the wild about them actually appearing for anyone, so now seems to be an as good time as any to switch them to errors. This allows rewritting the code by failing earlier instead of trying to keep going which makes the diff a bit hard to follow but should help simplifying reasoning about it. References: 6376dfb8dfb99b9d182c2fb13aa34b2ac89805e3
2019-01-23Release 1.8.0~beta11.8.0_beta1Julian Andres Klode
2019-01-22Merge tag '1.8.0_alpha3.1'Julian Andres Klode
apt Debian release 1.8.0~alpha3.1
2019-01-22Release 1.8.0~alpha3.11.8.0_alpha3.1Julian Andres Klode
2019-01-22SECURITY UPDATE: content injection in http method (CVE-2019-3462)Julian Andres Klode
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353 (cherry picked from commit 5eb01ec13f3ede4bae5e60eb16bd8cffb7c03e1b)
2019-01-22Merge branch 'pu/release-preparations'Julian Andres Klode
2019-01-22debian/control: Drop libcurl4-gnutls-dev build dependencyJulian Andres Klode
Not needed since quite some time.
2019-01-22Merge branch 'pu/gpgvsignedby' into 'master'Julian Andres Klode
Report keys used to sign file from gpgv method to acquire system See merge request apt-team/apt!44
2019-01-22SECURITY UPDATE: content injection in http method (CVE-2019-3462)Julian Andres Klode
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353
2019-01-22doc/apt-verbatim.ent: Debian buster is stableJulian Andres Klode
Move everything up one "old", and change testing to be bullseye.
2019-01-22CI: Use debian:buster as test base imageJulian Andres Klode
This prepares us for the upcoming buster release, as buster is the main release series for this series (the other being Ubuntu disco).
2019-01-22doc/apt-verbatim.ent: Point ubuntu-codename to discoJulian Andres Klode
LP: #1812696
2019-01-22Communicate back which key(s) were used for signingDavid Kalnischkies
Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits.
2019-01-22Refactor internal Signers information storage in gpgvDavid Kalnischkies
Having a method take a bunch of string vectors is bad style, so we change this to a wrapping struct and adapt the rest of the code brushing it up slightly in the process, which results even in a slightly "better" debug output, no practical change otherwise. Gbp-Dch: Ignore
2019-01-22bash completion: add keysVasya Novikov
2019-01-22Merge branch 'patch-1' of github.com:techtonik/aptJulian Andres Klode
2019-01-22Merge branch 'patch-2' of github.com:techtonik/aptJulian Andres Klode
2019-01-22Remove `register` keywordKhem Raj
In C++17 `register` keyword was removed. Current gcc 8.1.0 produces following warning if `-std=c++17` flag is used: warning: ISO C++17 does not allow 'register' storage class specifier [-Wregister] GCC almost completely ignores `register` keyword, with rare exception of `-O0` when additional copy from/to stack may be generated. For simplicity of the codebase it is better to just remove this problematic keyword where it is not strictly required. See: http://en.cppreference.com/w/cpp/language/storage_duration Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-22Merge branch 'pu/minimize-manual' into 'master'Julian Andres Klode
apt-mark minimize-manual See merge request apt-team/apt!39
2019-01-22Merge branch 'master' into 'master'Julian Andres Klode
zh_CN.po: Update Simplified Chinese programs translation. See merge request apt-team/apt!43
2019-01-12zh_CN.po: Update Simplified Chinese programs translation.Mo Zhou
2019-01-10apt-mark: Introduce minimize-manualJulian Andres Klode
This visits dependencies of all manually installed metapackages, as determined by APT::Never-MarkAuto-Sections, and marks them as automatically installed. It can be used to clean up autoflags after a d-i install, for example.
2019-01-10Generalize %s does not take any argumentsJulian Andres Klode
This used to be "apt-cache stats does not take any arguments", but replace "apt-cache stats" with "%s" so we can reuse it for other commands. Gbp-Dch: ignore
2019-01-07apt-private: Export some functions for apt-markJulian Andres Klode
We need to show a yes/no prompt in minimize-manual, and pretty package names, so export them here. Gbp-Dch: ignore
2019-01-05hash32: Tighten to multiversion to x86-64 ELF and use uint32_tJulian Andres Klode
2019-01-04Merge branch 'pu/speedups' into 'master'Julian Andres Klode
Pu/speedups See merge request apt-team/apt!42
2018-12-26debListParser: Avoid native arch lookup in ParseDependsJulian Andres Klode
We called low-level ParseDepends without an architecture each time, which means each call looked up the native architecture. Store the native architecture in the class and use that when calling low-level ParseDepends from the high-level ParseDepends(). This improves performance for a cache build from 2.7 to 2.5 seconds for me. Also avoid a call when stripping multiarch, as the native architecture is passed in.
2018-12-26configuration: Compare size first during lookupJulian Andres Klode
2018-12-26cache hash: Use sse4.2 CRC32c on x86-64 where availableJulian Andres Klode
This is more than twice as fast as adler32, but could be made another 50% faster by calculating crcs for 8 byte blocks in "parallel" (without data dependency) and then combining them. But that's complicated code. Reference measurements for hashing the cache 100 times: adler32=2.46s xxhash64=0.64 xxhash32=1.12 crc32c(this)=1.10 crc32c(opt)=0.44s
2018-12-22Dutch manpages translation updateFrans Spiesschaert
Closes: #916358
2018-12-22French manpages translation updateJean-Pierre Giraud
Closes: #915952
2018-12-18Release 1.8.0~alpha31.8.0_alpha3Julian Andres Klode
2018-12-10Merge branch 'pu/dpkg-path' into 'master'Julian Andres Klode
Set PATH=/usr/sbin:/usr/bin:/sbin:/bin when running dpkg See merge request apt-team/apt!38
2018-12-10Set PATH=/usr/sbin:/usr/bin:/sbin:/bin when running dpkgJulian Andres Klode
This avoids a lot of problems from local installations of scripting languages and other stuff in /usr/local for which maintainer scripts are not prepared. [v3: Inherit PATH during tests, check overrides work] [v2: Add testing]
2018-12-04Merge branch 'pu/netrcparts' into 'master'Julian Andres Klode
Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) See merge request apt-team/apt!37
2018-12-04Add support for /etc/apt/auth.conf.d/*.conf (netrcparts)Julian Andres Klode
This allows us to install matching auth files for sources.list.d files, for example; very useful. This converts aptmethod's authfd from one FileFd to a vector of pointers to FileFd, as FileFd cannot be copied, and move operators are hard.
2018-12-04Override FileFd copy constructor to prevent copyingJulian Andres Klode
FileFd could be copied using the default copy constructor, which does not work, and then causes code to crash.
2018-12-04Merge branch 'bugfix/spaceinconfig' into 'master'Julian Andres Klode
Use quoted tagnames in config dumps See merge request apt-team/apt!32
2018-12-04Merge branch 'remove_old_derivatives' into 'master'Julian Andres Klode
Remove old derivatives See merge request apt-team/apt!31
2018-12-04Merge branch 'l10n-master' into 'master'Julian Andres Klode
[l10n] Update Italian translation See merge request apt-team/apt!35
2018-12-04Merge branch 'u-u-env-utf8' into 'master'Julian Andres Klode
Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --help See merge request apt-team/apt!34
2018-12-04[l10n] Update Italian translationMilo Casagrande
Signed-off-by: Milo Casagrande <milo@milo.name>
2018-12-03Provide a "autopurge" shortcutJulian Andres Klode
This adds a new "autopurge" command that will is a shortcut for "autoremove --purge" Thanks: Michael Vogt for the initial work
2018-12-03test-pdiff-usage: make transaction failure test case more robustJulian Andres Klode
Try 10 times in a row
2018-11-30Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --helpBalint Reczey
.UTF-8 sets stdio encoding to UTF-8 which may be ASCII on the system making unattended-upgrades crash. LP: #1806076
2018-11-29Use quoted tagnames in config dumpsDavid Kalnischkies
Tagnames in configuration can include spaces (and other nasties) e.g. in repository-specific configuration options due to Origin/Label potentially containing a space. The configuration file format supports parsing quoted as well as encoded spaces, but the output generated by apt-config and other places which might be feedback into apt via parsing (e.g. before calling apt-key in our gpgv method) do not quote and hence produce invalid configuration files. Changing the default to be an encoded tagname ensures that the output of dump can be used as a config file, but other users might not expect this so that is technically a backward-breaking change.
2018-11-25Fix typo reported by codespell in code commentsDavid Kalnischkies
No user visible change expect for some years old changelog entries, so we don't really need to add a new one for this… Reported-By: codespell Gbp-Dch: Ignore
2018-11-25Russian program translation updateАлексей Шилин
Reviewed-By: Debian L10n Russian <debian-l10n-russian@lists.debian.org> Closes: #914096
2018-11-25Allow to override the directory of a request in aptwebserverDavid Kalnischkies
The filename can be overridden, but sometimes it is useful to do it only for the directory-part of the filename – e.g. if you want to let a flat archive directory (like /var/cache/apt/archives) serve a pool-based request like /pool/a/apt_version.deb. Gbp-Dch: Ignore