| Age | Commit message (Collapse) | Author |
|---|
|
Its a bit unpredictable which permissons and owners we will encounter on
a CD-ROM (or a USB stick, as apt-cdrom is responsible for those too),
so we have to ensure in this codepath as well that everything is nicely
setup without waiting for a 'apt-get update' to fix up the (potential)
mess.
|
|
Private temporary directories as created by e.g. libpam-tmpdir are nice,
but they are also very effective in preventing our priviledge dropping
to work as TMPDIR will be set to a directory only root has access to, so
working with it as _apt will fail. We circumvent this by extending our
check for a usable TMPDIR setting by checking access rights.
Closes: 765951
|
|
Similar to 8f45798d532223adc378a4ad9ecfc64b3be26e4f, there is no harm to
set this, even if we don't drop privileges.
Git-Dch: Ignore
|
|
Do not drop privileges in the methods when using a older version of
libapt that does not support the chown magic in partial/ yet. To
do this DropPrivileges() now will ignore a empty Apt::Sandbox::User.
Cleanup all hardcoded _apt along the way.
|
|
|
|
Changing user and co works only as root, but can do some things for
methods run as normal user as well to protect them from being able to
call setuid binaries like sudo to elevate their privileges.
Also uses a cheap trick now to build with old unsupporting kernels.
|
|
Git-Dch: Ignore
|
|
Ignore a EINVAL error here as it means that the kernel is too old
to understand this option. We should not fail hard in this case
but just ignore the error.
closes: 764066
|
|
Git-Dch: ignore
|
|
|
|
unnecessary.
Git-Dch: Ignore
Reported-By: cppcheck
|
|
Reported-By: cppcheck
Git-Dch: Ignore
|
|
Git-Dch: ignore
|
|
Git-Dch: ignore
|
|
Git-Dch: ignore
|
|
Git-Dch: ignore
|
|
Git-Dch: ignore
|
|
|
|
setgroups() returns 0 on success
Git-Dch: ignore
|
|
Some people want to standardize on it, and BSDs do it too, so let's
do the same.
Reported-by: Paul Wise <pabs@debian.org>
|
|
The only thing we are missing is non-portable saved ids support.
|
|
Add a new "Debian-apt" user that owns the /var/lib/apt/lists
and /var/cache/apt/archive directories. The methods
http, https, ftp, gpgv, gzip switch to this user when they
start.
Thanks to Julian and "ioerror" and tors "switch_id()" code.
|
|
Conflicts:
apt-pkg/contrib/fileutl.cc
apt-pkg/contrib/fileutl.h
|
|
Conflicts:
debian/changelog
|
|
|
|
EDSP code uses pipes opened via an FD as sources and later for those
files modification times and filesize are read - but never really used
again. The result we get from FileFd is probably wrong, but as we don't
use it anyway, we just don't fallback if we have nothing to fallback to
Git-Dch: Ignore
|
|
ContentsExtract::~ContentsExtract() needs to use free() because
Data got allocated via realloc()
Reported-By: clang -fsanitize=address -fno-omit-frame-pointer
|
|
debian/experimental
|
|
Conflicts:
apt-pkg/cachefilter.h
apt-pkg/contrib/fileutl.cc
apt-pkg/contrib/netrc.h
apt-pkg/deb/debsrcrecords.cc
apt-pkg/init.h
apt-pkg/pkgcache.cc
debian/apt.install.in
debian/changelog
|
|
Conflicts:
test/libapt/fileutl_test.cc
|
|
|
|
|
|
|
|
|
|
gzip only gives us 32bit of size, storing it in a 64bit container and
doing a 32bit flip on it has therefore unintended results.
So we just go with a exact size container and let the flipping be handled
by eglibc provided le32toh removing our #ifdef machinery.
Closes: 745866
|
|
fseek and co do this to their eof-flags and it is more logic this way as
we will usually seek away from the end (e.g. to re-read the file).
The commit also improves the testcase further and adds a test for the
binary compressor codepath (as gz, bzip2 and xz are handled by
libraries) via the use of 'rev' as a 'compressor'.
|
|
As the comment actually says: open() does the umask dance by itself, so
we don't need to do it for it. We have to do it after mkstemp in Atomic
though, so move it into the if.
Also removes the "micro-optimisation" "FilePermissions == 600" as it
doesn't trigger at the moment anyway as 600 != 0600.
|
|
FileFd::Read already deals with the increase of the skipposition so that
we as the caller in FileFd::Skip really shouldn't increase it, too.
|
|
|
|
Bug lp:#1304657 was caused by confusion around the name Perms.
The new name AccessMode should make it clear that its not the
literal file permissions but instead the AccessMode passed to
open() (i.e. the umask needs to be applied)
|
|
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug
that caused FileFd to create insecure permissions when FileFd::Atomic
is used. This commit fixes the permissions and adds a test.
The bug is most likely caused by the confusing "Perm" parameter
that is passed to Open() - its not the file permissions but intead
the "mode" part of open/creat.
|
|
This debug option will display all scripts that are run
by apts RunScripts and RunScriptsWithPkgs helpers.
|
|
It can happen that content in our buffer is not enough to produce a
meaningful output in which case no output is created by liblzma, but
still reports that everything is okay and we should go on.
The code assumes it has reached the end through if it encounters a null
read, so this commit makes it so that it looks like this read was
interrupted just like the lowlevel read() on uncompressed files could.
It subsequently fixes the issue with that as well as until now our loop
would still break even if we wanted it to continue on.
(This bug triggers our usual "Hash sum mismatch" error)
Reported-By: Stefan Lippers-Hollmann <s.L-H@gmx.de>
|
|
AutoClose is both an argument in OpenDescriptor() and an enum. In
commit 84baaae93badc2da7c1f4f356456762895cef278 code using the AutoClose
parameter was moved to OpenDescriptorInternal(). In that function,
AutoClose meant the enum value, so the check was always false.
|
|
|
|
They tend to be ugly to look at, so hide them.
Git-Dch: Ignore
|
|
We have xz/lzma support for a while, but only via an external binary
provided by xz-utils. Now that the Debian archive provides xz by default
and dpkg pre-depends on the library provided by liblzma-dev we can switch
now to use this library as well to avoid requiring an external binary.
For now the binary is in a prio:required package, but this might change
in the future.
API wise it is quiet similar to bz2 code expect that it doesn't provide
file I/O methods, so we piece this together on our own.
|
|
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
