Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-07-17 | You can't just assume the start is always zero :/. | Jay Freeman (saurik) | |
2020-07-17 | The length given to msync was calculated wrong :/. | Jay Freeman (saurik) | |
2020-07-17 | Not /not/ immediately mapping a file is INSANE :/. | Jay Freeman (saurik) | |
2020-07-17 | The entire concept of PendingError() is flawed :/. | Jay Freeman (saurik) | |
2020-07-17 | Bug #807012 also involves package dependencies :/. | Jay Freeman (saurik) | |
2020-07-17 | On IMS-Hit, you can't assume local compression :/. | Jay Freeman (saurik) | |
2020-07-17 | It is *never* a good idea to throw away stderr :/. | Jay Freeman (saurik) | |
2020-07-17 | It is just so absolutely critical that this works. | Jay Freeman (saurik) | |
2020-07-17 | My "tolerance" patch was a tad bit overzealous :(. | Jay Freeman (saurik) | |
2020-07-17 | You have to do the bounds check before the access. | Jay Freeman (saurik) | |
2020-07-17 | Fix field-without-values appearing at end of file. | Jay Freeman (saurik) | |
2020-07-17 | Of *course* I managed to get this check backwards. | Jay Freeman (saurik) | |
2020-07-17 | In the C locale, let's avoid any crazy transforms. | Jay Freeman (saurik) | |
2020-07-17 | It's just *mean* to complain if they already know. | Jay Freeman (saurik) | |
2020-07-17 | Wreck validation until we can assess ecosystem :/. | Jay Freeman (saurik) | |
2020-07-17 | This is 2016 and APT already requires use of mmap. | Jay Freeman (saurik) | |
2020-07-17 | Only check for valid Date if checking Valid-Until. | Jay Freeman (saurik) | |
2020-07-17 | I know this is "bad", but a "full wedge" is worse. | Jay Freeman (saurik) | |
2020-07-17 | For speed, you *need* multiple downloads per host. | Jay Freeman (saurik) | |
2020-07-17 | The fastest way to get field values is as a range. | Jay Freeman (saurik) | |
2020-07-17 | Avoid wedging the entire system if recoverable :/. | Jay Freeman (saurik) | |
2020-07-17 | Most interfaces (Maemo) need a high-level name :/. | Jay Freeman (saurik) | |
2020-07-17 | Store tags in the cache (they are very useful :/). | Jay Freeman (saurik) | |
2020-07-17 | unlinkat is way way too modern to not autoconf :/. | Jay Freeman (saurik) | |
2020-07-17 | __deprecated is already defined by sys/cdefs.h :/. | Jay Freeman (saurik) | |
2020-07-17 | arpa/nameser.h, unlike nameser.h, uses NS_ prefix. | Jay Freeman (saurik) | |
2020-07-17 | std::map from std::initializer_list is "explicit". | Jay Freeman (saurik) | |
2020-05-12 | Release 1.8.2.1 | Julian Andres Klode | |
2020-05-12 | .gitlab.ci.yml: Point to debian:buster | Julian Andres Klode | |
2020-05-12 | SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation ↵ | Julian Andres Klode | |
(CVE-2020-3810) When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177 | |||
2019-05-28 | Release 1.8.21.8.2 | Julian Andres Klode | |
2019-05-21 | Unlock dpkg locks in reverse locking order | Julian Andres Klode | |
We need to unlock in the reverse order of locking in order to get useful behavior. LP: #1829860 | |||
2019-05-21 | methods: https: handle requests for TLS re-handshake | Michael Zhivich | |
When accessing repository protected by TLS mutual auth, apt may receive a "re-handshake" request from the server, which must be handled in order for download to proceed. This situation arises when the server requests a client certificate based on the resource path provided in the GET request, after the inital handshake in UnwrapTLS() has already occurred, and a secure connection has been established. This issue has been observed with Artifactory-backed Debian repository. To address the issue, split TLS handshake code out into its own method in TlsFd, and call it when GNUTLS_E_REHANDSHAKE error is received. Signed-off-by: Michael Zhivich <mzhivich@akamai.com> (merged from Debian/apt#93) LP: #1829861 | |||
2019-05-21 | French manpages translation update | Jean-Pierre Giraud | |
Closes: #929290 | |||
2019-05-21 | Portuguese manpages translation update | Américo Monteiro | |
Closes: #926614 | |||
2019-05-21 | Fix typo in German manpage translation | TilmanK | |
Github-Fixes: #89 (cherry picked from commit 46ef1a3e8c8895c53ff1e4787dc96d4f6c5dba27) | |||
2019-05-21 | Flip /: in documented default value of DPkg::Path | Alwin Henseler | |
The value as shown in the NEWS file (not in the code) has a typo in which just a "/" and ":" are swapped. Closes: #917986 (cherry picked from commit 4c27ca80e2de06ab0fd058349f9813b60824cf04) | |||
2019-05-06 | Release 1.8.11.8.1 | Julian Andres Klode | |
2019-05-06 | Add linux-{buildinfo,image-unsigned,source} versioned kernel pkgs | Julian Andres Klode | |
LP: #1821640 (cherry picked from commit 507124fd81066536c7c01a2039fcc6ee9f02a234) | |||
2019-05-03 | Prevent shutdown while running dpkg | Julian Andres Klode | |
As long as we are running dpkg, keep an inhibitor that blocks us from shutting down. LP: #1820886 | |||
2019-04-02 | Add test case for local-only packages pinned to never | Julian Andres Klode | |
Test from the fix for the regression in trusty for LP #1821308. | |||
2019-03-08 | Release 1.8.01.8.0 | Julian Andres Klode | |
2019-03-07 | CMake: Install auth.conf.d directory | Julian Andres Klode | |
The missing auth.conf.d directory was an oversight, it should be there. LP: #1818996 | |||
2019-03-06 | Dutch manpages translation update | Frans Spiesschaert | |
Closes: #923834 | |||
2019-03-06 | Dutch program translation update | Frans Spiesschaert | |
Closes: #923728 | |||
2019-03-06 | Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...) | Julian Andres Klode | |
Bad accident. Accidents happen. | |||
2019-03-04 | Merge branch 'l10n-1.8.y' into '1.8.y' | Julian Andres Klode | |
[l10n] Update Italian translation See merge request apt-team/apt!53 | |||
2019-03-04 | Merge branch 'bugfix/reportbinarysig' into '1.8.y' | Julian Andres Klode | |
Add explicit message for unsupported binary signature See merge request apt-team/apt!52 | |||
2019-03-04 | [l10n] Update Italian translation | Milo Casagrande | |
Signed-off-by: Milo Casagrande <milo@milo.name> | |||
2019-03-03 | Add explicit message for unsupported binary signature | David Kalnischkies | |
Verifying the content of Release.gpg made us fail on binary signatures which were never officially supported (apt-secure manpage only documents only the generation of ASCII armored), but silently accepted by gpgv as we passed it on unchecked before. The binary format is complex and is itself split into old and new formats so adding support for this would not only add lots of code but also a good opportunity for bugs and dubious benefit. Reporting this issue explicitly should help repository creators figure out the problem faster than the default NODATA message hinting at captive portals. Given that the binary format has no file magic or any other clear and simple indication that this is a detached signature we guess based on the first two bits only – and by that only supporting the "old" binary format which seems to be the only one generated by gnupg in this case. References: e2965b0b6bdd68ffcad0e06d11755412a7e16e50 Closes: #921685 |