| Age | Commit message (Collapse) | Author |
|---|
|
This new field allows a repository to declare that access to
packages requires authorization. The current implementation will
set the pin to -32768 if no authorization has been provided in
the auth.conf(.d) files.
This implementation is suboptimal in two aspects:
(1) A repository should behave more like NotSource repositories
(2) We only have the host name for the repository, we cannot use
paths yet.
- We can fix those after an ABI break.
The code also adds a check to acquire-item.cc to not use the
specified repository as a download source, mimicking NotSource.
(cherry picked from commit c2b9b0489538fed4770515bd8853a960b13a2618)
LP: #1814727
(cherry picked from commit d75162bc67d5a1a690eb2a8747d31ad68353823e)
(cherry picked from commit 19075f52174199fe7665334ad1815c747c26c10b)
Conflicts:
apt-pkg/deb/debmetaindex.cc
apt-pkg/pkgcache.h
|
|
Original commit message:
Out of memory and similar circumstanzas could cause MMap::Map to fail
and especially the mmap/malloc calls in it. With some additional
checking we can avoid segfaults and similar in such situations – at
least in theory as if this is a real out of memory everything we do to
handle the error could just as well run into a memory problem as well…
But at least in theory (if MMap::Map is made to fail always) we can deal
with it so good that a user actually never sees a failure (as the cache
it tries to load with it fails and is discarded, so that DynamicMMap
takes over and a new one is build) instead of segfaulting.
Closes: 803417
LP: #1815129
|
|
apt (1.0.1ubuntu2.18) trusty; urgency=medium
* ExecFork: Use /proc/self/fd to determine which files to close
(Closes: #764204) (LP: #1332440).
apt (1.0.1ubuntu2.17) trusty-security; urgency=high
* SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252)
Thanks to Jann Horn, Google Project Zero for reporting the issue
(LP: #1647467)
apt (1.0.1ubuntu2.15) trusty; urgency=medium
* Fixes failure to download the Package index file when using
mirror:// URL in sources.list and the archive fails to profile
a file. APT would try the next archive in the list for .deb
packages but did not retry when the index file failed to download.
(LP: #1625667)
apt (1.0.1ubuntu2.14) trusty; urgency=medium
* When using the https transport mechanism, $no_proxy is ignored if apt is
getting it's proxy information from $https_proxy (as opposed to
Acquire::https::Proxy somewhere in apt config). If the source of proxy
information is Acquire::https::Proxy set in apt.conf (or apt.conf.d),
then $no_proxy is honored. This patch makes the behavior similar for
both methods of setting the proxy. (LP: #1575877)
apt (1.0.1ubuntu2.13) trusty; urgency=medium
* Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured
Pre-Depends (which dpkg later fails on). Fixes upgrade failures of
systemd, util-linux, and other packages with Pre-Depends. Many thanks to
David Kalnischkies for figuring out the patch and Winfried PLappert for
testing! Patch taken from Debian git. (LP: #1560797)
apt (1.0.1ubuntu2.12) trusty; urgency=medium
[ Colin Watson ]
* Fix lzma write support to handle "try again" case (closes: #751688,
LP: #1553770).
[ David Kalnischkies ]
* Handle moved mmap after UniqFindTagWrite call (closes: #753941,
LP: #1445436).
apt (1.0.1ubuntu2.11) trusty; urgency=medium
* apt-pkg/packagemanager.cc:
- fix incorrect configure ordering in the SmartConfigure step by skipping
packages that do not need immediate action. (LP: #1347721, #1497688)
apt (1.0.1ubuntu2.10) trusty; urgency=medium
* Fix regression from the previous upload by ensuring we're actually
testing for the right member before iterating on it (LP: #1480592)
apt (1.0.1ubuntu2.9) trusty; urgency=medium
* Fix regression in the Never-MarkAuto-Sections feature caused by the
previous auto-removal fix, with inspiration drawn from the patches
and conversation from http://bugs.debian.org/793360 (LP: #1479207)
apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low
* fix crash for packages that have no section in their instVersion
(LP: #1449394)
apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low
* fix auto-removal behavior (thanks to Adam Conrad)
LP: #1429041
apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium
* apt-pkg/deb/dpkgpm.cc:
- update string matching for dpkg I/O errors. (LP: #1363257)
- properly parse the dpkg status line so that package name is properly set
and an apport report is created. Thanks to Anders Kaseorg for the patch.
(LP: #1353171)
apt (1.0.1ubuntu2.5) trusty-security; urgency=low
* SECURITY UPDATE:
- cmdline/apt-get.cc: fix insecure tempfile handling in
apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover
apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low
* SECURITY UPDATE:
- fix potential buffer overflow, thanks to the
Google Security Team (CVE-2014-6273)
* Fix regression from the previous upload when file:/// sources
are used and those are on a different partition than
the apt state directory
* Fix regression when Dir::state::lists is set to a relative path
* Fix regression when cdrom: sources got rewriten by apt-cdrom add
apt (1.0.1ubuntu2.3) trusty-security; urgency=low
* SECURITY UPDATE:
- incorrect invalidating of unauthenticated data (CVE-2014-0488)
- incorect verification of 304 reply (CVE-2014-0487)
- incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
|
|
ubuntu/trusty
|
|
|
|
Bug lp:#1304657 was caused by confusion around the name Perms.
The new name AccessMode should make it clear that its not the
literal file permissions but instead the AccessMode passed to
open() (i.e. the umask needs to be applied)
|
|
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug
that caused FileFd to create insecure permissions when FileFd::Atomic
is used. This commit fixes the permissions and adds a test.
The bug is most likely caused by the confusing "Perm" parameter
that is passed to Open() - its not the file permissions but intead
the "mode" part of open/creat.
|
|
|
|
This debug option will display all scripts that are run
by apts RunScripts and RunScriptsWithPkgs helpers.
|
|
This methods should not be used by anyone expect the library itself as
they are helpers for the specific class and therefore perfect candidates
for hidding.
Git-Dch: Ignore
|
|
While it is a huge undertaking to enable it for our public libraries as
basically everything we exported so far could be seen as public
interface our private library is new and under our full control, so we
can do whatever we like with it. The benefits are not that big in return
of course, but it reduces the size a bit, so thats great nontheless.
Git-Dch: ignore
|
|
It can happen that content in our buffer is not enough to produce a
meaningful output in which case no output is created by liblzma, but
still reports that everything is okay and we should go on.
The code assumes it has reached the end through if it encounters a null
read, so this commit makes it so that it looks like this read was
interrupted just like the lowlevel read() on uncompressed files could.
It subsequently fixes the issue with that as well as until now our loop
would still break even if we wanted it to continue on.
(This bug triggers our usual "Hash sum mismatch" error)
Reported-By: Stefan Lippers-Hollmann <s.L-H@gmx.de>
|
|
AutoClose is both an argument in OpenDescriptor() and an enum. In
commit 84baaae93badc2da7c1f4f356456762895cef278 code using the AutoClose
parameter was moved to OpenDescriptorInternal(). In that function,
AutoClose meant the enum value, so the check was always false.
|
|
|
|
They tend to be ugly to look at, so hide them.
Git-Dch: Ignore
|
|
We have xz/lzma support for a while, but only via an external binary
provided by xz-utils. Now that the Debian archive provides xz by default
and dpkg pre-depends on the library provided by liblzma-dev we can switch
now to use this library as well to avoid requiring an external binary.
For now the binary is in a prio:required package, but this might change
in the future.
API wise it is quiet similar to bz2 code expect that it doesn't provide
file I/O methods, so we piece this together on our own.
|
|
Git-Dch: Ignore
|
|
Git-Dch: Ignore
|
|
Old code limited lines to 250 characters which is probably enough for
everybody, but who knows… It also takes care of device nodes which start
with the same prefix.
|
|
The mountpoint might be auto-generated by the mount command so pushing
an error on the stack will confuse the following code and let it believe
an unrecoverable error occured while potentially everything is okay.
Same goes for umount as a non-existing mountpoint is by definition not
mounted.
|
|
Checking that parent-directory of mountpoint and mountpoint are on
different devices is fine most of the time, but is too restrictive
for our testcases and there shouldn't be anything wrong with 'normal'
users copying disk-contents around either if they want to.
We check for the existance of the ".disk/" directory now as this will
not be present if the disk isn't 'mounted'. Disks doesn't need to have
such a directory through, so for those we fall back to the old way of
detecting mounted or not mounted.
|
|
Git-Dch: Ignore
Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
|
|
Beside being a bit cleaner it hopefully also resolves oddball problems
I have with high levels of parallel jobs.
Git-Dch: Ignore
Reported-By: iwyu (include-what-you-use)
|
|
also adds namespaced attributes for good usage
Git-Dch: Ignore
|
|
[-Wunsafe-loop-optimizations]
Git-Dch: Ignore
Reported-By: gcc -Wunsafe-loop-optimizations
|
|
Git-Dch: Ignore
Reported-By: gcc -Wuseless-cast
|
|
Git-Dch: Ignore
Reported-By: gcc -Wcast-qual
|
|
Git-Dch: Ignore
Reported-By: gcc -Wpedantic
|
|
Git-Dch: Ignore
|
|
Automatically handle the override of list options via its parent value
which can even be a comma-separated list of values. It also adds an easy
way of providing a default for the list.
|
|
|
|
|
|
Commit 6008b79adf1d7ea5607fab87a355d664c8725026 should have been guarded
by "Git-Dch: Ignore", but it wasn't and I only noticed it with the Close
message via deity thinking "hehe, I wonder if someone is gonna notice".
Looks like someone did: hats off to reddit user itisOmegakai!
Good to know that what I do isn't only monitored by goverments. :)
As there is another instance of basically the same code we just factor
out the code a bit and reuse, so its even cleaner and not only simpler.
Reported-By: scan-build
|
|
Does the same as before, but is a bit simpler on the logic for humans as
well as compilers. scan-build complained about it at least with:
"Result of operation is garbage or undefined"
Reported-By: scan-build
|
|
Conflicts:
apt-private/private-list.cc
doc/po/de.po
test/integration/framework
|
|
The most "visible" change is from utime to utimensat/futimens
as the first one isn't part of POSIX anymore.
Reported-By: cppcheck
Git-Dch: Ignore
|
|
No visible functional changes, just code moved around and additional
checks to eliminate impossible branches
Reported-By: scan-build
Git-Dch: Ignore
|
|
debian/experimental-no-abi-break
|
|
|
|
|
|
if the directory given by $TMPDIR is not available, use /tmp as fallback.
|
|
run-parts doesn't allow this char in valid filenames, but we tend to
have files with this character in e.g. /var/lib/apt/lists/
Git-Dch: Ignore
|
|
Calling truncate on /dev/null can happen by the download methods if they
are instructed to download a file to /dev/null (as testcases are only
interested in the status code, but do not support HEAD requests yet)
So just ignore truncate calls on the /dev/null file as it is always
empty anyway, so truncating to zero isn't a problem.
Git-Dch: Ignore
|
|
Conflicts:
apt-private/private-cmndline.cc
|
|
|
|
|
|
|
|
|
|
APT::Keep-Fds hack and also add a new PackageManagerProgressFd::StartDpkg() progress state
|
|
|
