Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.2.4 2015-08-10T15:25:26Z 2015-08-10T15:25:26Z David Kalnischkies david@kalnischkies.de 2015-06-24T17:31:22Z urn:sha1:b0d408547734100bf86781615f546487ecf390d9 Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later). 2015-08-10T15:25:25Z David Kalnischkies david@kalnischkies.de 2015-06-18T15:33:15Z urn:sha1:3d8232bf97ce11818fb07813a71136484ea1a44a Various small leaks here and there. Nothing particularily big, but still good to fix. Found by the sanitizers while running our testcases. Reported-By: gcc -fsanitize Git-Dch: Ignore 2014-09-26T22:12:14Z David Kalnischkies david@kalnischkies.de 2014-04-14T16:24:17Z urn:sha1:c46a36adaf51fc28464ea1a0e826c754ee60672b gnupg/gnupg2 can do verify just fine of course, so we don't need to use gpgv here, but it is what we always used in the past, so there might be scripts expecting a certain output and more importantly the output of apt-cdrom contains messages from gpg and even with all the settings we activate to prevent it, it still shows (in some versions) a quiet scary: "gpg: WARNING: Using untrusted key!" message. Keeping the use of gpgv is the simplest way to prevent it. We are increasing also the "Breaks: apt" version from libapt as it requires a newer apt-key than might be installed in partial upgrades. 2014-09-26T22:12:14Z David Kalnischkies david@kalnischkies.de 2014-02-06T16:56:28Z urn:sha1:33a2267214eed2a11281c9f93b8cf10b4c436d94 Some advanced commands can be executed without the keyring being modified like --verify, so this adds an option to disable the mergeback and uses it for our gpg calling code. Git-Dch: Ignore 2014-09-26T22:12:14Z David Kalnischkies david@kalnischkies.de 2014-01-24T22:48:11Z urn:sha1:12841e8320aa499554ac50b102b222900bb1b879 apt-key does the keyring merge as we need it, so we just call it instead of reimplementing it to do the merging before gpgv. This means we don't use gpgv anymore (we never depended on it explicitly - bad style), but it also means that the message in apt-cdrom add is a bit less friendly as it says loudly "untrusted key", but for a one-time command its okay. 2014-03-13T12:58:45Z David Kalnischkies david@kalnischkies.de 2014-03-05T21:11:25Z urn:sha1:453b82a388013e522b3a1b9fcd6ed0810dab1f4f Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use) 2014-01-16T21:19:49Z David Kalnischkies david@kalnischkies.de 2014-01-16T21:19:49Z urn:sha1:9ce3cfc9309c55cc01018c88c1ca82779fd74431 The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore 2014-01-16T18:51:23Z David Kalnischkies david@kalnischkies.de 2014-01-16T18:51:23Z urn:sha1:62d8a765b9b37354efab6ca838cbdb7f347f7cac No visible functional changes, just code moved around and additional checks to eliminate impossible branches Reported-By: scan-build Git-Dch: Ignore 2013-12-22T21:15:52Z Michael Vogt mvo@debian.org 2013-12-22T21:15:52Z urn:sha1:68e0172140872d8044b3c768a6bea3ac58d426c4 2013-12-22T13:50:37Z Thomas Bechtold thomasbechtold@jpberlin.de 2013-12-22T10:40:49Z urn:sha1:38beb8b5936e9d85a5bb99bf3860f082bbe34439 if the directory given by $TMPDIR is not available, use /tmp as fallback.