summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib
AgeCommit message (Collapse)Author
2014-09-27fix: Consecutive return, break, continue, goto or throw statements are ↵David Kalnischkies
unnecessary. Git-Dch: Ignore Reported-By: cppcheck
2014-09-27add and use 'apt-key verify' which prefers gpgv over gpgDavid Kalnischkies
gnupg/gnupg2 can do verify just fine of course, so we don't need to use gpgv here, but it is what we always used in the past, so there might be scripts expecting a certain output and more importantly the output of apt-cdrom contains messages from gpg and even with all the settings we activate to prevent it, it still shows (in some versions) a quiet scary: "gpg: WARNING: Using untrusted key!" message. Keeping the use of gpgv is the simplest way to prevent it. We are increasing also the "Breaks: apt" version from libapt as it requires a newer apt-key than might be installed in partial upgrades.
2014-09-27add --readonly option for apt-key advDavid Kalnischkies
Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore
2014-09-27use apt-key adv (+ gnupg) instead of gpgv for verifyDavid Kalnischkies
apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay.
2014-09-27fix: Member variable 'X' is not initialized in the constructor.David Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2014-09-24DropPrivs: Document what it doesJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Use APT::Sandbox::User instead of Apt::User::NobodyJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Hard-fail if the user does not existJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Add some comments for the more obscure setuid/setgid functionsJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Move the re-set uid/gid thing to the end of the functionJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Improve commentsJulian Andres Klode
Git-Dch: ignore
2014-09-24DropPrivs: Also check for saved set-user-ID and set-group-IDJulian Andres Klode
2014-09-24DropPrivs: Do not use an invalid return check for setgroups()Julian Andres Klode
setgroups() returns 0 on success Git-Dch: ignore
2014-09-24Use _apt as our unprivileged user nameJulian Andres Klode
Some people want to standardize on it, and BSDs do it too, so let's do the same. Reported-by: Paul Wise <pabs@debian.org>
2014-09-24DropPriv: Really call seteuid and not setuid, and add more checksJulian Andres Klode
The only thing we are missing is non-portable saved ids support.
2014-09-24Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
2014-09-23Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc apt-pkg/acquire-item.h apt-pkg/cachefilter.h configure.ac debian/changelog
2014-09-16SECURITY UPDATE for CVE-2014-{0488,0487,0489}Michael Vogt
incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-09-12Allow override of Proxy-Auto-Detect by the users configurationMichael Vogt
Only run the Proxy-Auto-Detect code if there is not already a host specific configuration. Closes: 759264
2014-09-07strip everything spacey in APT::String::StripDavid Kalnischkies
Git-Dch: Ignore
2014-09-05Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/acquire-item.cc configure.ac debian/changelog doc/apt-verbatim.ent doc/po/apt-doc.pot doc/po/de.po doc/po/es.po doc/po/fr.po doc/po/it.po doc/po/ja.po doc/po/pt.po po/ar.po po/ast.po po/bg.po po/bs.po po/ca.po po/cs.po po/cy.po po/da.po po/de.po po/dz.po po/el.po po/es.po po/eu.po po/fi.po po/fr.po po/gl.po po/hu.po po/it.po po/ja.po po/km.po po/ko.po po/ku.po po/lt.po po/mr.po po/nb.po po/ne.po po/nl.po po/nn.po po/pl.po po/pt.po po/pt_BR.po po/ro.po po/ru.po po/sk.po po/sl.po po/sv.po po/th.po po/tl.po po/tr.po po/uk.po po/vi.po po/zh_CN.po po/zh_TW.po test/integration/test-ubuntu-bug-346386-apt-get-update-paywall
2014-09-02Make Proxy-Auto-Detect check for each hostMichael Vogt
When doing Acquire::http{,s}::Proxy-Auto-Detect, run the auto-detect command for each host instead of only once. This should make using "proxy" from libproxy-tools feasible which can then be used for PAC style or other proxy configurations. Closes: #759264
2014-07-16StringToBool: only act if the entire string is consumed by strtol()Michael Vogt
StringToBool uses strtol() internally to check if the argument is a number. This function stops when it does not find any more numbers. So a string like "0ad" (which is a valid packagename) is interpreted as a "0". The code now checks that the entire string is consumed not just a part of it. Thanks to Johannes Schauer for raising this issue.
2014-07-08Only allow "apt-get build-dep path" when path starts with ./ or /Michael Vogt
This avoid the subtle problem that someone might have a directory with the same package name as the build-depends he/she is trying to fetch. Also print a note that the specific file/dir is used.
2014-07-08Add new Base256ToNum long long overload functionGuillem Jover
2014-06-18Merge remote-tracking branch 'donkult/debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-private/private-install.cc
2014-06-18fix SubstVar to be usable as a replace_all methodDavid Kalnischkies
The name suggests that it is supposed to substitute a variable with a value, but we tend to use it in a more liberal replace_all() fashion, but this breaks if either of the parameters is empty or more importantly if two "variable" occurrences follow each other directly.
2014-06-18Merge remote-tracking branch 'mvo/feature/drop-rights' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/contrib/fileutl.cc apt-pkg/contrib/fileutl.h
2014-06-18Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: debian/changelog
2014-06-11DropPrivs in the solvers (just to be on the safe side)Michael Vogt
2014-05-30without a filename we can't stat pipesDavid Kalnischkies
EDSP code uses pipes opened via an FD as sources and later for those files modification times and filesize are read - but never really used again. The result we get from FileFd is probably wrong, but as we don't use it anyway, we just don't fallback if we have nothing to fallback to Git-Dch: Ignore
2014-05-27use free() instead of delete() when realloc is usedMichael Vogt
ContentsExtract::~ContentsExtract() needs to use free() because Data got allocated via realloc() Reported-By: clang -fsanitize=address -fno-omit-frame-pointer
2014-05-09use HashStringList in the acquire systemDavid Kalnischkies
It is not very extensible to have the supported Hashes hardcoded everywhere and especially if it is part of virtual method names. It is also possible that a method does not support the 'best' hash (yet), so we might end up not being able to verify a file even though we have a common subset of supported hashes. And those are just two of the cases in which it is handy to have a more dynamic selection. The downside is that this is a MAJOR API break, but the HashStringList has a string constructor for compatibility, so with a bit of luck the few frontends playing with the acquire system directly are okay.
2014-05-09add a simple container for HashStringsDavid Kalnischkies
APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. Git-Dch: Ignore
2014-05-08Merge remote-tracking branch 'mvo/bugfix/update-progress-reporting' into ↵Michael Vogt
debian/experimental
2014-05-07fix some compile errors in the now enabled #if (APT_PKG_MAJOR >= 4 && ↵Michael Vogt
APT_PKG_MINOR < 13)
2014-05-07apt-pkg/contrib/macros.h: bump library version to 4.13Michael Vogt
2014-05-07Merge remote-tracking branch 'mvo/feature/apt-install-deb' into ↵Michael Vogt
debian/experimental
2014-05-07Merge remote-tracking branch 'mvo/feature/apt-ftparchive-srccache2' into ↵Michael Vogt
debian/sid
2014-05-07Merge branch 'debian/sid' into debian/experimentalMichael Vogt
Conflicts: apt-pkg/cachefilter.h apt-pkg/contrib/fileutl.cc apt-pkg/contrib/netrc.h apt-pkg/deb/debsrcrecords.cc apt-pkg/init.h apt-pkg/pkgcache.cc debian/apt.install.in debian/changelog
2014-04-28Merge branch 'feature/abspath' into feature/apt-install-debMichael Vogt
Conflicts: test/libapt/fileutl_test.cc
2014-04-28add flAbsPath() as a wrapper to realpath()Michael Vogt
2014-04-28Merge branch 'feature/popen' into feature/apt-install-debMichael Vogt
2014-04-28Implement Popen() execv helper to avoid popen()Michael Vogt
2014-04-28WIP local deb installMichael Vogt
2014-04-26fix FileFd::Size bitswap on big-endian architecturesAdam Conrad
gzip only gives us 32bit of size, storing it in a 64bit container and doing a 32bit flip on it has therefore unintended results. So we just go with a exact size container and let the flipping be handled by eglibc provided le32toh removing our #ifdef machinery. Closes: 745866
2014-04-16clear HitEof flag in FileFd::SeekDavid Kalnischkies
fseek and co do this to their eof-flags and it is more logic this way as we will usually seek away from the end (e.g. to re-read the file). The commit also improves the testcase further and adds a test for the binary compressor codepath (as gz, bzip2 and xz are handled by libraries) via the use of 'rev' as a 'compressor'.
2014-04-11deal with umask only if we really need to for mkstempDavid Kalnischkies
As the comment actually says: open() does the umask dance by itself, so we don't need to do it for it. We have to do it after mkstemp in Atomic though, so move it into the if. Also removes the "micro-optimisation" "FilePermissions == 600" as it doesn't trigger at the moment anyway as 600 != 0600.
2014-04-11don't double-count seeks in FileFd::Skip for bzip/xzDavid Kalnischkies
FileFd::Read already deals with the increase of the skipposition so that we as the caller in FileFd::Skip really shouldn't increase it, too.
2014-04-10improve umask/fchmod code readabilityMichael Vogt