Age | Commit message (Collapse) | Author |
|
Closes: #881402
|
|
qemu-user passes prctl()-based seccomp through to the kernel,
umodified. That's bad, as it blocks the wrong syscalls.
We ignored EFAULT which fixed the problem for targets with different
pointer sizes from the host, but was a bad hack. In order to identify
qemu we can rely on the fact that qemu-user prints its version and
exits with 0 if QEMU_VERSION is set to an unsupported value. If we
run a command that should fail in such an environment, and it exits
with 0, then we are running in qemu-user.
apt-helper is an obvious command to run. The tests ensure it exits
with 1, and it only prints usage information. We also could not use
/bin/false because apt might just as well be from a foreign arch
while /bin/false is not.
Closes: #881519
|
|
We need to use a versioned breaks again, otherwise the
transitional package would not be installable.
Gbp-Dch: ignore
|
|
|
|
Makes lintian happy, but is basically useless
Gbp-Dch: ignore
|
|
This fixes issues with debootstrap. The package will disappear
after the release of buster.
|
|
No further changes required.
|
|
We don't need fakeroot for building!
|
|
|
|
Regression-Of: cc1f94c95373670fdfdb8e2d6cf9125181f7df0c
|
|
It used FindI() > 0, but if it is too big, FindI() would
cause an error "Cannot convert %s to integer: out of range",
so let's also use FindULL() here.
Gbp-Dch: ignore
|
|
Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends
are larger than 4 GB, but read as a signed integer - that's
fine so far, as the value is in KB, but it's multiplied with
1024 which overflows. So let's read it as unsigned long long
instead.
While we're at it, also use unsigned long long for Size, in
case that is bigger than 2 GB.
|
|
We sleep in http.cc, so we should allow the sleeping syscalls.
|
|
The store method replaced them all, the symlinks where mostly
for partial upgrades or whatever, they should not be needed
any longer.
|
|
Sorting apparently calls sysconf() which calls sysinfo() to get
free pages or whatever.
Closes: #879814, #879826
|
|
We do want to get our autopkgtests triggered by dpkg uploads
in Ubuntu, but this does not happen because we don't have
an explicit dependency on it. Add one.
|
|
|
|
This fixes a regression introduced in
commit 43b9eb5bac15666fdc0346aca7031fab0fa5e064
CMake: methods: Cleanup link libraries, use OBJECT libraries
Gbp-Dch: ignore
|
|
This should help debugging crashes. The signal handler is a C++11
lambda, yay! Special care has been taken to only use signal handler
-safe functions inside there.
|
|
If seccomp is disabled, we fallback to running without it. Qemu fails
in the seccomp() call, returning ENOSYS and libseccomp falls back to
prctl() without adjusting the pointer, causing the EFAULT. I hope
qemu gets fixed at some point to return EINVAL for seccomp via
prctl.
Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
|
|
We would like to issue a warning about seccomp support in
Configuration(), but since the queue is empty, there is no
current item to show the URL for and we get a segfault. Show
the protocol instead.
|
|
If FAKED_MODE is set, enable SYSV IPC so we don't crash when
running in fakeroot.
Closes: #879662
|
|
Use OBJECT libraries for http and connect stuff, and move the
seccomp link expression into a global link_libraries() call.
This also fixes a bug where only the http target pulled in
the gnutls header arguments despite gnutls being used in
connect.cc, and thus by mirror and ftp as well.
Adjust translation support to ignore TARGET_OBJECTS sources
and add the OBJECT libraries to the translated files.
|
|
statx was introduced in 4.11, so it fails to build in stretch if
we just unconditionally use it.
|
|
|
|
These are a few overlooked syscalls. Also add readv(), writev(),
renameat2(), and statx() in case libc uses them.
Gbp-Dch: ignore
|
|
This reduces the number of syscalls to about 140 from about
350 or so, significantly reducing security risks.
Also change prepare-release to ignore the architecture lists
in the build dependencies when generating the build-depends
package for travis.
We might want to clean up things a bit more and/or move it
somewhere else.
|
|
This was a left over from the autodetect move.
Gbp-Dch: ignore
|
|
Sandboxing was turned off because we called pkgAcqMethod's
Configuration() instead of aptMethod's.
|
|
The previous change moved running the proxy detection program from the
method to the main process, so it runs as root and not as _apt. This
brings it back into the sandbox.
Gbp-Dch: ignore
|
|
This avoids running the Proxy-Auto-Detect script inside the
untrusted (well, less trusted for now) sandbox. This will allow
us to restrict the http method from fork()ing or exec()ing via
seccomp.
|
|
tagfile-order.c: Add missing fields from dpkg 1.19
For binary packages, this is Build-Essential; for source packages,
it is Description.
test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19
test-apt-extracttemplates: Fix for dpkg 1.19
|
|
Closes: #879137
|
|
|
|
cppcheck reports:
(portability) Passing NULL after the last typed argument to a variadic
function leads to undefined behaviour.
We don't ship on any platform which has this as undefined behaviour
through – or it would be pretty well defined "bad" behaviour which
always works, so even through UB is a trigger word, its hardly
noteworthy as a change (and as a bonus the scanners of gcc/clang
don't consider it UB).
The commonly accepted method of fixing that seems to be (const
char*)NULL, but it is in fact much simpler to just switch to the varadic
functions C++ provides resolving the warning and reducing code.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
A va_copy call needs to be closed in all branches with va_end, so these
functions would need to be reworked slightly, but we don't actually need
to copy the va_list as we don't work on it, we just push it forward, so
dropping the copy and everyone is happy.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
|
gpg2 generates keyboxes by default and users end up putting either those
or armored files into the trusted.gpg.d directory which apt tools
neither expect nor can really work with without fortifying backward
compatibility (at least under the ".gpg" extension).
A (short) discussion about how to deal with keyboxes happened in
https://lists.debian.org/deity/2017/07/msg00083.html
As the last message in that thread is this changeset lets go ahead
with it and see how it turns out.
The idea is here simply that we check the first octal of a gpg file to
have one of three accepted values. Testing on my machines has always
produced just one of these, but running into those values on invalid
files is reasonabily unlikely to not worry too much.
Closes: #876508
|
|
This isn't really used by the acquire system at all at the moment and
the only method potentially sending this information is file://, but
that used to be working correctly before broken in 2013, so better fix
it now and worry about maybe using the data some day later.
Regression-Of: b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9
|
|
Using hardcoded array-indexes in the build-dependency parsing is
efficient, but less discoverable and easier to break. We can avoid
this by making it even more efficient (not that it would be noticeable)
allowing us to do explicitly named comparisons instead.
Gbp-Dch: Ignore
|
|
APT used to parse only wellformed files produced by repository creation
tools which removed empty files as pointless before apt would see them.
Now that apt can be told to parse e.g. debian/control files directly, it
needs to be a little more accepting through: We had this with comments
already, now let it deal with the far more trivial empty fields.
Closes: #875363
|
|
APT connects just fine to any .onion address given, only if the connect
fails somehow it will perform checks on the sanity of which in this case
is checking the length as they are well defined and as the strings are
arbitrary a user typing them easily mistypes which apt should can be
slightly more helpful in figuring out by saying the onion hasn't the
required length.
|
|
This automatically removes any old apt-transport-https, as
apt now Breaks it unversioned.
|
|
|
|
|
|
|
|
|
|
In commit Do not warn about duplicate "legacy" targets, we
we added an if, that changed the .po files...
|
|
|
|
We now wait for being online ourselves, so all we need to wait
on is for services we are using to be online first. This avoids
severe boot slowdowns by other services having specified an
After=network-online.target without a Wants=.
Gbp-Dch: Full
|
|
|