Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.0.9.5 2014-11-10T16:23:29Z 2014-11-10T16:23:29Z David Kalnischkies david@kalnischkies.de 2014-09-27T23:25:21Z urn:sha1:c505fa33a6441b451971ce6c636cf2ca4dacdc1d This used to work before we implemented a stricter commandline parser and e.g. the dd-schroot-cmd command constructs commandlines like this. Reported-By: Helmut Grohne 2014-11-10T16:23:29Z David Kalnischkies kalnischkies@gmail.com 2013-08-18T21:17:05Z urn:sha1:3f439e2b7126fb82952cd7bc12b8d6cb01352219 APT supports more than just one HashString and even allows to enforce the usage of a specific hash. This class is intended to help with storage and passing around of the HashStrings. The cherry-pick here the un-const-ification of HashType() compared to f4c3850ea335545e297504941dc8c7a8f1c83358. The point of this commit is adding infrastructure for the next one. All by itself, it just adds new symbols. Git-Dch: Ignore 2014-09-16T18:39:13Z Michael Vogt mvo@ubuntu.com 2014-09-16T18:23:43Z urn:sha1:ca7fd76c2f30c100dcf1c12e717ce397cccd690b incorrect invalidating of unauthenticated data (CVE-2014-0488) incorect verification of 304 reply (CVE-2014-0487) incorrect verification of Acquire::Gzip indexes (CVE-2014-0489) 2014-09-12T09:44:11Z Michael Vogt mvo@ubuntu.com 2014-09-12T09:44:11Z urn:sha1:d73fe42cf042fbc9d8d2b38eb67bd7efaa4be412 Only run the Proxy-Auto-Detect code if there is not already a host specific configuration. Closes: 759264 2014-09-07T19:27:57Z David Kalnischkies david@kalnischkies.de 2014-09-07T19:27:57Z urn:sha1:b578738870e83db4e61d6f6591bc73884108b7d4 Git-Dch: Ignore 2014-09-02T14:02:37Z Michael Vogt mvo@ubuntu.com 2014-09-02T13:50:19Z urn:sha1:c6ee61eab54edf6cc3fbe118d304d72a860e1451 When doing Acquire::http{,s}::Proxy-Auto-Detect, run the auto-detect command for each host instead of only once. This should make using "proxy" from libproxy-tools feasible which can then be used for PAC style or other proxy configurations. Closes: #759264 2014-07-16T12:14:40Z Michael Vogt mvo@ubuntu.com 2014-07-16T11:57:50Z urn:sha1:08be0ca32ad69e9ebf28fe26aa85990700c81cf6 StringToBool uses strtol() internally to check if the argument is a number. This function stops when it does not find any more numbers. So a string like "0ad" (which is a valid packagename) is interpreted as a "0". The code now checks that the entire string is consumed not just a part of it. Thanks to Johannes Schauer for raising this issue. 2014-06-18T09:17:18Z David Kalnischkies david@kalnischkies.de 2014-06-17T14:55:19Z urn:sha1:224dc038412459a5f64d4e7a16845847b7797a67 The name suggests that it is supposed to substitute a variable with a value, but we tend to use it in a more liberal replace_all() fashion, but this breaks if either of the parameters is empty or more importantly if two "variable" occurrences follow each other directly. 2014-05-30T15:14:13Z David Kalnischkies david@kalnischkies.de 2014-05-30T15:14:13Z urn:sha1:003c40d373b8d3b8c6ddd9cc4e0f92dc493b4a60 EDSP code uses pipes opened via an FD as sources and later for those files modification times and filesize are read - but never really used again. The result we get from FileFd is probably wrong, but as we don't use it anyway, we just don't fallback if we have nothing to fallback to Git-Dch: Ignore 2014-05-27T14:25:43Z Michael Vogt mvo@debian.org 2014-05-27T14:25:43Z urn:sha1:21ea1dbb50176a89e7f456f9b31220ff3097fdf2 ContentsExtract::~ContentsExtract() needs to use free() because Data got allocated via realloc() Reported-By: clang -fsanitize=address -fno-omit-frame-pointer