summaryrefslogtreecommitdiff
path: root/apt-pkg
AgeCommit message (Collapse)Author
2019-01-18SECURITY UPDATE: content injection in http method (CVE-2019-3462)Julian Andres Klode
This fixes a security issue that can be exploited to inject arbritrary debs or other files into a signed repository as followed: (1) Server sends a redirect to somewhere%0a<headers for the apt method> (where %0a is \n encoded) (2) apt method decodes the redirect (because the method encodes the URLs before sending them out), writting something like somewhere\n <headers> into its output (3) apt then uses the headers injected for validation purposes. Our test webserver does not support the necessary bits in this version that we used in newer versions, so no testing script is provided. Regression-Of: c34ea12ad509cb34c954ed574a301c3cbede55ec LP: #1812353
2019-01-18Import Debian version 1.0.1ubuntu2.18Julian Andres Klode
apt (1.0.1ubuntu2.18) trusty; urgency=medium * ExecFork: Use /proc/self/fd to determine which files to close (Closes: #764204) (LP: #1332440). apt (1.0.1ubuntu2.17) trusty-security; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) apt (1.0.1ubuntu2.15) trusty; urgency=medium * Fixes failure to download the Package index file when using mirror:// URL in sources.list and the archive fails to profile a file. APT would try the next archive in the list for .deb packages but did not retry when the index file failed to download. (LP: #1625667) apt (1.0.1ubuntu2.14) trusty; urgency=medium * When using the https transport mechanism, $no_proxy is ignored if apt is getting it's proxy information from $https_proxy (as opposed to Acquire::https::Proxy somewhere in apt config). If the source of proxy information is Acquire::https::Proxy set in apt.conf (or apt.conf.d), then $no_proxy is honored. This patch makes the behavior similar for both methods of setting the proxy. (LP: #1575877) apt (1.0.1ubuntu2.13) trusty; urgency=medium * Recheck Pre-Depends satisfaction in SmartConfigure, to avoid unconfigured Pre-Depends (which dpkg later fails on). Fixes upgrade failures of systemd, util-linux, and other packages with Pre-Depends. Many thanks to David Kalnischkies for figuring out the patch and Winfried PLappert for testing! Patch taken from Debian git. (LP: #1560797) apt (1.0.1ubuntu2.12) trusty; urgency=medium [ Colin Watson ] * Fix lzma write support to handle "try again" case (closes: #751688, LP: #1553770). [ David Kalnischkies ] * Handle moved mmap after UniqFindTagWrite call (closes: #753941, LP: #1445436). apt (1.0.1ubuntu2.11) trusty; urgency=medium * apt-pkg/packagemanager.cc: - fix incorrect configure ordering in the SmartConfigure step by skipping packages that do not need immediate action. (LP: #1347721, #1497688) apt (1.0.1ubuntu2.10) trusty; urgency=medium * Fix regression from the previous upload by ensuring we're actually testing for the right member before iterating on it (LP: #1480592) apt (1.0.1ubuntu2.9) trusty; urgency=medium * Fix regression in the Never-MarkAuto-Sections feature caused by the previous auto-removal fix, with inspiration drawn from the patches and conversation from http://bugs.debian.org/793360 (LP: #1479207) apt (1.0.1ubuntu2.8) trusty-proposed; urgency=low * fix crash for packages that have no section in their instVersion (LP: #1449394) apt (1.0.1ubuntu2.7) trusty-proposed; urgency=low * fix auto-removal behavior (thanks to Adam Conrad) LP: #1429041 apt (1.0.1ubuntu2.6) trusty-proposed; urgency=medium * apt-pkg/deb/dpkgpm.cc: - update string matching for dpkg I/O errors. (LP: #1363257) - properly parse the dpkg status line so that package name is properly set and an apport report is created. Thanks to Anders Kaseorg for the patch. (LP: #1353171) apt (1.0.1ubuntu2.5) trusty-security; urgency=low * SECURITY UPDATE: - cmdline/apt-get.cc: fix insecure tempfile handling in apt-get changelog (CVE-2014-7206). Thanks to Guillem Jover apt (1.0.1ubuntu2.4.1) trusty-security; urgency=low * SECURITY UPDATE: - fix potential buffer overflow, thanks to the Google Security Team (CVE-2014-6273) * Fix regression from the previous upload when file:/// sources are used and those are on a different partition than the apt state directory * Fix regression when Dir::state::lists is set to a relative path * Fix regression when cdrom: sources got rewriten by apt-cdrom add apt (1.0.1ubuntu2.3) trusty-security; urgency=low * SECURITY UPDATE: - incorrect invalidating of unauthenticated data (CVE-2014-0488) - incorect verification of 304 reply (CVE-2014-0487) - incorrect verification of Acquire::Gzip indexes (CVE-2014-0489)
2014-06-12Merge remote-tracking branch 'mvo/feature/apt-ftparchive-srccache2' into ↵Michael Vogt
ubuntu/trusty
2014-06-12Only do openpty() if both stdin/stdout are terminalsMichael Vogt
Closes: 746434
2014-04-10Merge branch 'debian/sid' into ubuntu/masterMichael Vogt
2014-04-10improve umask/fchmod code readabilityMichael Vogt
2014-04-10Rename FileFd::Open() Perms to AccessModeMichael Vogt
Bug lp:#1304657 was caused by confusion around the name Perms. The new name AccessMode should make it clear that its not the literal file permissions but instead the AccessMode passed to open() (i.e. the umask needs to be applied)
2014-04-10Fix insecure file permissions when using FileFd with OpenMode::AtomicMichael Vogt
Commit 7335eebea6dd43581d4650a8818b06383ab89901 introduced a bug that caused FileFd to create insecure permissions when FileFd::Atomic is used. This commit fixes the permissions and adds a test. The bug is most likely caused by the confusing "Perm" parameter that is passed to Open() - its not the file permissions but intead the "mode" part of open/creat.
2014-04-04Implement CacheDB for source packages in apt-ftparchiveMichael Vogt
2014-04-01Merge branch 'debian/sid' into ubuntu/masterMichael Vogt
Conflicts: apt-pkg/deb/dpkgpm.cc debian/apt.auto-removal.sh debian/changelog vendor/debian/sources.list.in
2014-04-01Merge remote-tracking branch 'mvo/feature/more-fancy-progress' into debian/sidMichael Vogt
2014-04-01do not crash on SIGPIPE in pkgDPkgPM::RunScriptsWithPkgs()Michael Vogt
If a external command closes the PIPE unexpectedly, do not crash in pkgDPkgPM::RunScriptsWithPkgs but ignore the SIGPIPE.
2014-04-01Add new Debug::RunScripts optionMichael Vogt
This debug option will display all scripts that are run by apts RunScripts and RunScriptsWithPkgs helpers.
2014-03-27Merge branch 'debian/sid' into feature/more-fancy-progressMichael Vogt
2014-03-27Add progressbar to "Dpkg::Progress-Fancy"Michael Vogt
A text progressbar is now displayed in the Dpkg::Progress-Fancy mode. It can be turned off via the apt option Dpkg::Progress-Fancy::Progress-Bar=false
2014-03-27make fancy-progress fg/bg color configurableMichael Vogt
Add two new options: Dpkg::Progress-Fancy::Progress-{fg,bg} that allows customizing the colors in the dpkg fancy progress output.
2014-03-23discard candidates via IsInstallOk to allow overrideDavid Kalnischkies
In commit 446551c8 I changed MarkInstall to discard the candidate if the candidate can't satisfy the dependency. This breaks interactive solvers like aptitude which can change the candidate on-the-fly later. In commit df77d8a5 I introduced this 'early' loop-breaking to begin with which can't be that helpful for interactive solvers as well, but makes perfect sense for non-interactives to stop them from exploring trees which can't be satisfied, but it isn't perfect as ideally we would check this before auto-installing the first dependency. This commit therefore moves the loop into its own IsInstallOk hook so that frontends can override this check if they want to and in exchange removes the loop-breaking from MarkInstall itself and does it before any dependency is installed. Closes: 740750
2014-03-23do IsInstallOk call in MarkInstall unconditionallyDavid Kalnischkies
Hooked checks could be influenced by AutoInst as a lot can happen between a call without and one with this bit set. The real cache-hit check is above this call already. Individual hooked checks can then inspect the state if they want to cache. Calling them multiple times shouldn't be a problem either way.
2014-03-22ensure proper teardown in dpkg error casesDavid Kalnischkies
We have to properly close our pseudo terminals even in error cases before we call post-invoke scripts. This is done now by breaking from the dpkg calling loop instead of copying the handling, which did it in the wrong order before. This also ensures that our state file is written in error cases to record autobit and co as this was forgotten before. Closes: 738969
2014-03-21mark optional (private) symbols as hiddenDavid Kalnischkies
This methods should not be used by anyone expect the library itself as they are helpers for the specific class and therefore perfect candidates for hidding. Git-Dch: Ignore
2014-03-21enable fvisibility=hidden for our private libraryDavid Kalnischkies
While it is a huge undertaking to enable it for our public libraries as basically everything we exported so far could be seen as public interface our private library is new and under our full control, so we can do whatever we like with it. The benefits are not that big in return of course, but it reduces the size a bit, so thats great nontheless. Git-Dch: ignore
2014-03-21continue reading in xz even if it outputs nothingDavid Kalnischkies
It can happen that content in our buffer is not enough to produce a meaningful output in which case no output is created by liblzma, but still reports that everything is okay and we should go on. The code assumes it has reached the end through if it encounters a null read, so this commit makes it so that it looks like this read was interrupted just like the lowlevel read() on uncompressed files could. It subsequently fixes the issue with that as well as until now our loop would still break even if we wanted it to continue on. (This bug triggers our usual "Hash sum mismatch" error) Reported-By: Stefan Lippers-Hollmann <s.L-H@gmx.de>
2014-03-15Fix handling of autoclosing for compressed files (Closes: #741685)Julian Andres Klode
AutoClose is both an argument in OpenDescriptor() and an enum. In commit 84baaae93badc2da7c1f4f356456762895cef278 code using the AutoClose parameter was moved to OpenDescriptorInternal(). In that function, AutoClose meant the enum value, so the check was always false.
2014-03-14fix test/integration/test-apt-helperMichael Vogt
2014-03-13use the pretty fullname of a pkg as download desciptionDavid Kalnischkies
Otherwise the "WARNING: The following packages cannot be authenticated!" messages does not include the architecture of the package, so it would be slightly misinformative.
2014-03-13refactor FileFd to hide some #ifdefsDavid Kalnischkies
They tend to be ugly to look at, so hide them. Git-Dch: Ignore
2014-03-13use liblzma-dev to provide xz/lzma supportDavid Kalnischkies
We have xz/lzma support for a while, but only via an external binary provided by xz-utils. Now that the Debian archive provides xz by default and dpkg pre-depends on the library provided by liblzma-dev we can switch now to use this library as well to avoid requiring an external binary. For now the binary is in a prio:required package, but this might change in the future. API wise it is quiet similar to bz2 code expect that it doesn't provide file I/O methods, so we piece this together on our own.
2014-03-13refactor setup of file opening via zlib/bz2 libDavid Kalnischkies
Git-Dch: Ignore
2014-03-13move fd duplication closer to the gz/bz2 open callsDavid Kalnischkies
Git-Dch: Ignore
2014-03-13abstract version hash comparison a bitDavid Kalnischkies
In #737085 we see that apt can be confused if informations about versions only differ slightly. This commit adds a way of at least adding a few more data points with the next abi break to help a bit with it. Git-Dch: Ignore
2014-03-13factor out parsing of MultiArch flagDavid Kalnischkies
Git-Dch: Ignore
2014-03-13msgstr with elipses need three dotsDavid Kalnischkies
fixes some messages and their translation so that all of them have three dots for messages with an elipse. Many translations already had this.
2014-03-13support very long mtab entries in mountpoint discoveryDavid Kalnischkies
Old code limited lines to 250 characters which is probably enough for everybody, but who knows… It also takes care of device nodes which start with the same prefix.
2014-03-13apt-cdrom ident shouldn't be interactiveDavid Kalnischkies
Commit 62dcbf84 changed the code of ident to look more like the code for add on my suggestion. This made ident interactive as it starts with a unmount, press enter, mount cycle. The first two are skipped now. This fixes d-i/apt-setup which is using it to get ID as well as label. Closes: 740673
2014-03-13no error for non-existing mountpoints in MountCdromDavid Kalnischkies
The mountpoint might be auto-generated by the mount command so pushing an error on the stack will confuse the following code and let it believe an unrecoverable error occured while potentially everything is okay. Same goes for umount as a non-existing mountpoint is by definition not mounted.
2014-03-13if mountpoint has a ".disk" directory it is mountedDavid Kalnischkies
Checking that parent-directory of mountpoint and mountpoint are on different devices is fine most of the time, but is too restrictive for our testcases and there shouldn't be anything wrong with 'normal' users copying disk-contents around either if they want to. We check for the existance of the ".disk/" directory now as this will not be present if the disk isn't 'mounted'. Disks doesn't need to have such a directory through, so for those we fall back to the old way of detecting mounted or not mounted.
2014-03-13do not configure already unpacked packages needlesslyDavid Kalnischkies
The unpack of a M-A:same package will force the unpack of all its siblings directly to prevent that they could be separated by later immediate actions. In commit 634985f8 a call to SmartConfigure was introduced to configure these packages at the time the installation order encounters them. Usually, the unpack order is already okay, so that this 'earlier' unpack was not needed and if it wouldn't have been done, the package would now only be unpacked, but by configuring the package now we impose new requirements which must be satisfied. The code is clever enough to handle this most of the time (it worked for 2 years!), but it isn't needed and in very coupled cases this can fail. Removing this call again removes this extra burden and so simplifies the ordering as can be seen in the modified tests. Famous last words, but I don't see a reason for this extra burden to exist hence the remove. Closes: 740843
2014-03-13follow method attribute suggestions by gccDavid Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wsuggest-attribute={pure,const,noreturn}
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13move defines for version to macros.hDavid Kalnischkies
also adds namespaced attributes for good usage Git-Dch: Ignore
2014-03-13warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies
Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
2014-03-13warning: type qualifiers ignored on function return type [-Wignored-qualifiers]David Kalnischkies
Reported-By: gcc -Wignored-qualifiers Git-Dch: Ignore
2014-03-13warning: cannot optimize loop, the loop counter may overflow ↵David Kalnischkies
[-Wunsafe-loop-optimizations] Git-Dch: Ignore Reported-By: gcc -Wunsafe-loop-optimizations
2014-03-13warning: no previous declaration for foobar() [-Wmissing-declarations]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wmissing-declarations
2014-03-13warning: useless cast to type A [-Wuseless-cast]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wuseless-cast
2014-03-13warning: cast from type A to type B casts away qualifiers [-Wcast-qual]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wcast-qual
2014-03-13warning: extra ‘;’ [-Wpedantic]David Kalnischkies
Git-Dch: Ignore Reported-By: gcc -Wpedantic
2014-03-13fix -Wmissing-field-initializers warningsDavid Kalnischkies
Reported-By: gcc Git-Dch: Ignore
2014-03-13make doxygen more quiet, fix issues and disable latexDavid Kalnischkies
Git-Dch: Ignore
2014-03-13support DEB_BUILD_PROFILES and -P for build profilesDavid Kalnischkies
Inspired by the rest of the patch in 661537, but abstract the parsing of various ways of setting the build profiles more so it can potentially be reused and all apt parts have the same behaviour. Especially config options, cmdline options and environment will not be combined as proposed as this isn't APTs usual behaviour and dpkg doesn't do it either, so one overrides the other as it normally does.