summaryrefslogtreecommitdiff
path: root/apt-inst
AgeCommit message (Collapse)Author
2020-05-12SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation ↵Julian Andres Klode
(CVE-2020-3810) When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177
2018-05-07Remove obsolete RCS keywordsGuillem Jover
Prompted-by: Jakub Wilk <jwilk@debian.org>
2018-03-12apt-inst: Add support for zstd compressed debsJulian Andres Klode
Whitelist support for zst members.
2017-08-24Replace APT_CONST with APT_PURE everywhereJulian Andres Klode
As a follow up to the last commit, let's replace APT_CONST with APT_PURE everywhere to clean stuff up.
2017-07-12Reformat and sort all includes with clang-formatJulian Andres Klode
This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh.
2017-07-12Drop cacheiterators.h includeJulian Andres Klode
Including cacheiterators.h before pkgcache.h fails because pkgcache.h depends on cacheiterators.h.
2017-01-19fix various typos reported by spellintianDavid Kalnischkies
Most of them in (old) code comments. The two instances of user visible string changes the po files of the manpages are fixed up as well. Gbp-Dch: Ignore Reported-By: spellintian
2017-01-17CMake: Document that the globs are expanded during CMakeJulian Andres Klode
This will avoid people from thinking that they have to do nothing when they change the set of files. Gbp-Dch: ignore
2016-08-26apt-inst: debfile: Pass comp. Name to ExtractTar, not BinaryJulian Andres Klode
In the old days, apt-inst used to use binaries, but now it uses the built-in support and matches using Name, and not a Binary.
2016-08-10Get rid of the old buildsystemJulian Andres Klode
Bye, bye, old friend.
2016-08-06CMake: Add basic CMake build systemJulian Andres Klode
Introduce an initial CMake buildsystem. This build system can build a fully working apt system without translation or documentation. The FindBerkelyDB module is from kdelibs, with some small adjustements to also look in db5 directories. Initial work on this CMake build system started in 2009, and was resumed in August 2016.
2016-03-07Fix several typosVeres Lajos
This effectively merges branch 'typofixes-vlajos-20150807' of github.com:vlajos/apt with the following commit: commit 13cacb3e2e2352ba701e769fc889e3344fabbf7e Author: Veres Lajos <vlajos@gmail.com> Date: Sun Aug 9 00:12:53 2015 +0100 typofix - https://github.com/vlajos/misspell_fixer It has been rebased for a better commit message.
2016-01-11Sort the list of sources to be built and linkedMattia Rizzolo
Fix reproducibility issue due to readdir() order by sorting the list of sources to be built and linked. [jak@debian.org: Added summary and fixed typo] Closes: #810509
2015-11-27add messages to our deprecation warnings in libaptDavid Kalnischkies
Git-Dch: Ignore
2015-11-05apply various suggestions made by cppcheckDavid Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2015-08-31fix some unused parameter/variable warningsDavid Kalnischkies
Reported-By: gcc Git-Dch: Ignore
2015-08-27Merge branch 'feature/extractar-filefd' into debian/experimentalJulian Andres Klode
2015-08-27Use compressor support from FileFd for ExtractTar instead of programsJulian Andres Klode
This way we do not depend on the decompressor programs anymore.
2015-08-27fix various typos reported by codespellDavid Kalnischkies
Reported-By: codespell
2015-08-11Bump apt-inst SONAME to 2.0 to adjust for the ABI break in apt-pkgJulian Andres Klode
2015-08-10remove the compatibility markers for 4.13 abiDavid Kalnischkies
We aren't and we will not be really compatible again with the previous stable abi, so lets drop these markers (which never made it into a released version) for good as they have outlived their intend already. Git-Dch: Ignore
2015-08-10add c++11 override marker to overridden methodsDavid Kalnischkies
C++11 adds the 'override' specifier to mark that a method is overriding a base class method and error out if not. We hide it in the APT_OVERRIDE macro to ensure that we keep compiling in pre-c++11 standards. Reported-By: clang-modernize -add-override -override-macros Git-Dch: Ignore
2014-11-08guard ABI changes for LFS in apt-instDavid Kalnischkies
Git-Dch: Ignore
2014-09-27fix: Prefer prefix ++/-- operators for non-primitive typesDavid Kalnischkies
Git-Dch: Ignore Reported-By: cppcheck
2014-09-27fix: Consecutive return, break, continue, goto or throw statements are ↵David Kalnischkies
unnecessary. Git-Dch: Ignore Reported-By: cppcheck
2014-07-08increase libapt-inst to version 1.6Michael Vogt
2014-07-08Fix ar and tar code to be LFS-safeGuillem Jover
This is an ABI break. Closes: #742882
2014-04-11use wildcard to get files in our library makefilesDavid Kalnischkies
The explicit listing is a pain every time you want to add a file to the list and serves no propose as we list all files there anyway, so this is not only easier but also documents this fact. Git-Dch: Ignore
2014-03-17apt-inst: Do not try to create a substring of an empty string in error reportingJulian Andres Klode
One of our compressors (the empty one) has an empty extension. Calling substr on it fails.
2014-03-13follow method attribute suggestions by gccDavid Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies
Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
2014-03-13warning: cast from type A to type B casts away qualifiers [-Wcast-qual]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wcast-qual
2014-03-13warning: extra ‘;’ [-Wpedantic]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wpedantic
2014-02-22Add support for data.tar, control.tar and control.tar.xzGuillem Jover
Sync the deb(5) format support with latest dpkg, by allowing uncompressed tar members and xz compressed control.tar. This also refactors the control.tar member extraction by using ExtractTarMember(), which also means future changes only need to be implemented in a single place.
2014-02-22DebFile: Refactor ExtractTarMember() out from ExtractArchive()Guillem Jover
Generalize DebFile::ExtractArchive() to take a member base name, so that we can reuse it for control.tar member extraction too.
2014-02-22ExtractTar: Allow an empty decompressor programGuillem Jover
This allows for uncompressed tar files, as the decompressor process will not get interposed in-between the file descriptors.
2014-02-22Fix typos in documentation (codespell)Michael Vogt
2014-02-11use utimes instead of utimensat/futimensDavid Kalnischkies
cppcheck complains about the obsolete utime as it was removed in POSIX1.2008 and recommends usage of utimensat/futimens instead as those are in POSIX and so commit 9ce3cfc9 switched to them. It is just that they aren't as portable as the standard suggests: At least our kFreeBSD and Hurd ports stumble over it at runtime. So to make both, the ports and cppcheck happy, we use utimes instead. Closes: 738567
2014-01-16correct some style/performance/warnings from cppcheckDavid Kalnischkies
The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
2013-10-07fix libapt-inst for >2G debs (closes: #725483)Michael Vogt
2013-09-26compression-neutral message for missing data.tar memberDavid Kalnischkies
It even reuses the message used for the other check-for members, so one less message to translate (good, as not that many people will ever see it). Closes: 722710
2013-09-12don't truncate 100 char long paths in tar extractionOskari Saarenmaa
When a data.tar.{gz,xz} contains a path name that is exactly 100 characters long, it will get truncated to 99 chars upon extraction in ExtractTar::Go(). Using all of the 100 available characters for the filename seems to be new behaviour in gnu tar. Closes: #689582 Thanks: Mika Eloranta for the testcase!
2013-06-24delete Memb on read-error in arfileNiels Thykier
Git-Dch: Ignore
2013-06-09depend on libapt-pkg in the libapt-inst build processDavid Kalnischkies
fixing parallel build in the handcrafted buildsystem is a pain, so its not enabled by default, but its works for me – sometimes Git-Dch: Ignore
2013-06-09don't explicitly init ExtractTar InFd with invalid fdDavid Kalnischkies
The default constructor of the FileFd will kick in anyway, which will know that the Fd is invalid while with this explicit call it must be assumed that the fd is in fact valid, which might generate errors in the future
2013-03-10various simple changes to fix cppcheck warningsDavid Kalnischkies
2012-05-10* apt-inst/deb/debfile.h:David Kalnischkies
- readd 'md5.h' to the uncleaned header includes to make qapt build against us again unchanged to unblock transition (Closes: #669163)
2012-04-20merge from the lp:~mvo/apt/mvo branchMichael Vogt
2012-04-19* apt-inst/contrib/extracttar.cc:Michael Vogt
- ensure that in StartGzip the InFd is set to "AutoClose" to ensure that the pipe is closed when InFd is closed. This fixes a Fd leak (LP: #985452)