summaryrefslogtreecommitdiff
path: root/apt-pkg
AgeCommit message (Collapse)Author
2020-07-17It is NOT OK to just munmap memory from malloc :/.Jay Freeman (saurik)
2020-07-17Symlinking final file failed is a common issue :/.Jay Freeman (saurik)
2020-07-17This is realloc, not reallocf: be more careful :/.Jay Freeman (saurik)
2020-07-17Bill is consistent. Bill is correct. Be like Bill.Jay Freeman (saurik)
2020-07-17You can't just assume the start is always zero :/.Jay Freeman (saurik)
2020-07-17The length given to msync was calculated wrong :/.Jay Freeman (saurik)
2020-07-17Not /not/ immediately mapping a file is INSANE :/.Jay Freeman (saurik)
2020-07-17The entire concept of PendingError() is flawed :/.Jay Freeman (saurik)
2020-07-17Bug #807012 also involves package dependencies :/.Jay Freeman (saurik)
2020-07-17On IMS-Hit, you can't assume local compression :/.Jay Freeman (saurik)
2020-07-17It is *never* a good idea to throw away stderr :/.Jay Freeman (saurik)
2020-07-17It is just so absolutely critical that this works.Jay Freeman (saurik)
2020-07-17My "tolerance" patch was a tad bit overzealous :(.Jay Freeman (saurik)
2020-07-17You have to do the bounds check before the access.Jay Freeman (saurik)
2020-07-17Fix field-without-values appearing at end of file.Jay Freeman (saurik)
2020-07-17Of *course* I managed to get this check backwards.Jay Freeman (saurik)
2020-07-17In the C locale, let's avoid any crazy transforms.Jay Freeman (saurik)
2020-07-17It's just *mean* to complain if they already know.Jay Freeman (saurik)
2020-07-17Wreck validation until we can assess ecosystem :/.Jay Freeman (saurik)
2020-07-17This is 2016 and APT already requires use of mmap.Jay Freeman (saurik)
2020-07-17Only check for valid Date if checking Valid-Until.Jay Freeman (saurik)
2020-07-17I know this is "bad", but a "full wedge" is worse.Jay Freeman (saurik)
2020-07-17For speed, you *need* multiple downloads per host.Jay Freeman (saurik)
2020-07-17The fastest way to get field values is as a range.Jay Freeman (saurik)
2020-07-17Avoid wedging the entire system if recoverable :/.Jay Freeman (saurik)
2020-07-17Most interfaces (Maemo) need a high-level name :/.Jay Freeman (saurik)
2020-07-17Store tags in the cache (they are very useful :/).Jay Freeman (saurik)
2020-07-17unlinkat is way way too modern to not autoconf :/.Jay Freeman (saurik)
2020-07-17__deprecated is already defined by sys/cdefs.h :/.Jay Freeman (saurik)
2020-07-17arpa/nameser.h, unlike nameser.h, uses NS_ prefix.Jay Freeman (saurik)
2020-07-17std::map from std::initializer_list is "explicit".Jay Freeman (saurik)
2019-05-21Unlock dpkg locks in reverse locking orderJulian Andres Klode
We need to unlock in the reverse order of locking in order to get useful behavior. LP: #1829860
2019-05-03Prevent shutdown while running dpkgJulian Andres Klode
As long as we are running dpkg, keep an inhibitor that blocks us from shutting down. LP: #1820886
2019-03-03Add explicit message for unsupported binary signatureDavid Kalnischkies
Verifying the content of Release.gpg made us fail on binary signatures which were never officially supported (apt-secure manpage only documents only the generation of ASCII armored), but silently accepted by gpgv as we passed it on unchecked before. The binary format is complex and is itself split into old and new formats so adding support for this would not only add lots of code but also a good opportunity for bugs and dubious benefit. Reporting this issue explicitly should help repository creators figure out the problem faster than the default NODATA message hinting at captive portals. Given that the binary format has no file magic or any other clear and simple indication that this is a detached signature we guess based on the first two bits only – and by that only supporting the "old" binary format which seems to be the only one generated by gnupg in this case. References: e2965b0b6bdd68ffcad0e06d11755412a7e16e50 Closes: #921685
2019-02-10Fix various typos in the documentationJakub Wilk
2019-02-04Use std::to_string() for HashStringList::FileSize() getterJulian Andres Klode
This slightly improves performance, as std::to_string() (as in gcc's libstdc++) avoids a heap allocation. This is surprisingly performance critical code, so we might want to improve things further in 1.9 by manually calculating the string - that would also get rid of issues with locales changing string formatting, if any.
2019-02-04Detect function multiversioning and sse4.2/crc32, enables i386Julian Andres Klode
This fixes the build on kfreebsd-amd64, and due to the detection of sse4.2, should also enable the sse4.2 on i386.
2019-02-04gpgv: Use buffered writes for splitting clearsigned filesJulian Andres Klode
This is safe here, as the code ensures that the file is flushed before it is being used. The next series should probably make GetTempFile() buffer writes by default.
2019-02-04Merge branch 'pu/dead-pin' into 'master'Julian Andres Klode
A pin of -32768 overrides any other, disables repo See merge request apt-team/apt!40
2019-02-01Add a Packages-Require-Authorization Release file fieldJulian Andres Klode
This new field allows a repository to declare that access to packages requires authorization. The current implementation will set the pin to -32768 if no authorization has been provided in the auth.conf(.d) files. This implementation is suboptimal in two aspects: (1) A repository should behave more like NotSource repositories (2) We only have the host name for the repository, we cannot use paths yet. - We can fix those after an ABI break. The code also adds a check to acquire-item.cc to not use the specified repository as a download source, mimicking NotSource.
2019-02-01Introduce experimental 'never' pinning for sourcesJulian Andres Klode
This allows disabling a repository by pinning it to 'never', which is internally translated to a value of -32768 (or whatever the minimum of short is). This overrides any other pin for that repository. It can be used to make sure certain sources are never used; for example, in unattended-upgrades. To prevent semantic changes to existing files, we substitute min + 1 for every pin-priority: <min>. This is a temporary solution, as we are waiting for an ABI break. To add pins with that value, the special Pin-Priority "never" may be used for now. It's unclear if that will persist, or if the interface will change eventually.
2019-02-01Merge branch 'pu/refuseunsignedlines' into 'master'Julian Andres Klode
Fail if InRelease or Release.gpg contain unsigned lines See merge request apt-team/apt!45
2019-02-01Step over empty sections in TagFiles with commentsDavid Kalnischkies
Implementing a parser with recursion isn't the best idea, but in practice we should get away with it for the time being to avoid needless codechurn. Closes: #920317 #921037
2019-02-01Drop buffered writing from clearsigned message extractionDavid Kalnischkies
It is dropped in the merged code, but the extraction of the clearsigned message code was the only one who had it previously, so the short-desc explains the change from a before-after merge of the branch PoV. It would make sense to enable it, but as we aren't in a time critical paths here we can delay this for after buster to avoid problems. References: 73e3459689c05cd62f15c29d2faddb0fc215ef5e Suggested-By: Julian Andres Klode
2019-02-01Avoid boolean flags by splitting writeTo functionsDavid Kalnischkies
Suggested-By: Julian Andres Klode Gbp-Dch: Ignore
2019-01-31Merge branch 'pu/verify-method-messages-2' into 'master'Julian Andres Klode
Verify data being sent by methods in SendMessage() See merge request apt-team/apt!48
2019-01-31Disable deprecated methods (ftp, rsh, ssh) by defaultJulian Andres Klode
These methods are not supposed to be used anymore, they are not actively maintained and may hence contain odd bugs. Fixes !49
2019-01-30Verify data being sent by methods in SendMessage()Julian Andres Klode
As a follow-up for CVE-2019-3462, add checks similar to those for redirect to the central SendMessage() function. The checks are a bit more relaxed for values - they may include newlines and unicode characters (newlines get rewritten, so are safe). For keys and the message header, the checks are far more strict: They may only contain alphanumerical characters, the hyphen-minus, and the horizontal space. In case the method tries to send anything else, we construct a legal 400 URI Failed response, and send that. We specifically do not include the item URI, in case it has been compromised (that would cause infinite recursion).
2019-01-29Reuse APT::StringView more in LineBufferDavid Kalnischkies
No effective change in behaviour, just simplifying and reusing code. Suggested-By: Julian Andres Klode Gbp-Dch: Ignore
2019-01-29Rework ifs to use not instead of == false/trueDavid Kalnischkies
No change in the logic itself, just dropping "== true", replacing "== false" with not and moving lines around to make branches more obvious. Suggested-By: Julian Andres Klode Gbp-Dch: Ignore