From 21cb4a9e513ccb6f376fbcaf67957c4851cbbe32 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 15 Jan 2020 22:01:54 +0100 Subject: apt(8): Disable regular expressions and fnmatch This is the first step. Next step will be to add warnings to apt-get and then remove support there as well. --- apt-pkg/cacheset.cc | 14 ++++++++++++-- apt-private/private-cmndline.cc | 1 + debian/NEWS | 13 +++++++++++++ doc/apt-get.8.xml | 5 ++++- doc/apt-verbatim.ent | 6 ++++++ doc/examples/configure-index | 1 + test/integration/test-apt-patterns | 11 +---------- 7 files changed, 38 insertions(+), 13 deletions(-) diff --git a/apt-pkg/cacheset.cc b/apt-pkg/cacheset.cc index dd55edb4e..f5251eda8 100644 --- a/apt-pkg/cacheset.cc +++ b/apt-pkg/cacheset.cc @@ -125,8 +125,16 @@ bool CacheSetHelper::PackageFromTask(PackageContainerInterface * const pci, pkgC // PackageFromRegEx - Return all packages in the cache matching a pattern /*{{{*/ bool CacheSetHelper::PackageFromRegEx(PackageContainerInterface * const pci, pkgCacheFile &Cache, std::string pattern) { static const char * const isregex = ".?+*|[^$"; - if (pattern.find_first_of(isregex) == std::string::npos) - return false; + + if (_config->FindB("APT::Cmd::Pattern-Only", false)) + { + // Only allow explicit regexp pattern. + if (pattern.size() == 0 || (pattern[0] != '^' && pattern[pattern.size() - 1] != '$')) + return false; + } else { + if (pattern.find_first_of(isregex) == std::string::npos) + return false; + } bool const wasEmpty = pci->empty(); if (wasEmpty == true) @@ -181,6 +189,8 @@ bool CacheSetHelper::PackageFromFnmatch(PackageContainerInterface * const pci, pkgCacheFile &Cache, std::string pattern) { static const char * const isfnmatch = ".?*[]!"; + if (_config->FindB("APT::Cmd::Pattern-Only", false)) + return false; if (pattern.find_first_of(isfnmatch) == std::string::npos) return false; diff --git a/apt-private/private-cmndline.cc b/apt-private/private-cmndline.cc index a78cbaf1a..c5edae5d0 100644 --- a/apt-private/private-cmndline.cc +++ b/apt-private/private-cmndline.cc @@ -474,6 +474,7 @@ static void BinarySpecificConfiguration(char const * const Binary) /*{{{*/ _config->CndSet("Binary::apt::DPkg::Progress-Fancy", true); _config->CndSet("Binary::apt::APT::Keep-Downloaded-Packages", false); _config->CndSet("Binary::apt::APT::Get::Update::InteractiveReleaseInfoChanges", true); + _config->CndSet("Binary::apt::APT::Cmd::Pattern-Only", true); } _config->Set("Binary", binary); diff --git a/debian/NEWS b/debian/NEWS index 46c1fcb16..8615cbf4e 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,16 @@ +apt (1.9.6) UNRELEASED; urgency=medium + + apt(8) no longer treats package names passed as regular expressions or fnmatch + expressions, requiring the use of patterns (apt-patterns(5)) to perform complex + searches. For ease of use, regular expressions starting with ^ or ending with + $ continue to work. + + This fixes the problem where e.g. g++ could mean either "the package g++" + or, if there is no g++ package, "all packages containing g". This change + will propagate to apt-* after the release of Debian bullseye. + + -- Julian Andres Klode Wed, 15 Jan 2020 21:45:18 +0100 + apt (1.9.5) unstable; urgency=medium Credentials in apt_auth.conf(5) now only apply to https and tor+https diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml index ab6074802..2cec32e9a 100644 --- a/doc/apt-get.8.xml +++ b/doc/apt-get.8.xml @@ -140,7 +140,10 @@ to all package names in the database. Any matches are then installed (or removed). Note that matching is done by substring so 'lo.*' matches 'how-lo' and 'lowest'. If this is undesired, anchor the regular expression - with a '^' or '$' character, or create a more specific regular expression. + with a '^' or '$' character, or create a more specific regular expression. + Fallback to regular expressions is deprecated in APT 2.0, has been removed in + &apt;, except for anchored expressions, and will be removed from &apt-get; + in a future version. Use &apt-patterns; instead. diff --git a/doc/apt-verbatim.ent b/doc/apt-verbatim.ent index 6fce0d257..e4391757c 100644 --- a/doc/apt-verbatim.ent +++ b/doc/apt-verbatim.ent @@ -57,6 +57,12 @@ " > + + apt-patterns + 5 + " +> + apt_preferences 5 diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 25378a809..cc70465d6 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -695,6 +695,7 @@ apt::cmd::list-include-summary ""; apt::cmd::use-regexp ""; apt::cmd::all-versions ""; apt::cmd::format ""; +apt::cmd::pattern-only ""; // internal apt::config::dump::emptyvalue ""; apt::config::dump::format ""; diff --git a/test/integration/test-apt-patterns b/test/integration/test-apt-patterns index 06c552479..cdba76146 100755 --- a/test/integration/test-apt-patterns +++ b/test/integration/test-apt-patterns @@ -34,16 +34,10 @@ testfailureequal "E: input:0-14: error: Unrecognized pattern '?not-a-pattern' ?not-a-pattern ^^^^^^^^^^^^^^ N: Unable to locate package ?not-a-pattern -N: Couldn't find any package by glob '?not-a-pattern' -E: Regex compilation error - Invalid preceding regular expression -N: Couldn't find any package by regex '?not-a-pattern' E: input:0-14: error: Unrecognized pattern '?not-a-pattern' ?not-a-pattern ^^^^^^^^^^^^^^ N: Unable to locate package ?not-a-pattern -N: Couldn't find any package by glob '?not-a-pattern' -E: Regex compilation error - Invalid preceding regular expression -N: Couldn't find any package by regex '?not-a-pattern' E: No packages found" apt show '?not-a-pattern' testfailureequal "Listing... @@ -57,10 +51,7 @@ Reading state information... E: input:0-14: error: Unrecognized pattern '?not-a-pattern' ?not-a-pattern ^^^^^^^^^^^^^^ -E: Unable to locate package ?not-a-pattern -E: Couldn't find any package by glob '?not-a-pattern' -E: Regex compilation error - Invalid preceding regular expression -E: Couldn't find any package by regex '?not-a-pattern'" apt install -s '?not-a-pattern' +E: Unable to locate package ?not-a-pattern" apt install -s '?not-a-pattern' msgmsg "Ensure that argument lists are present where needed, and absent elsewhere" -- cgit v1.2.3