Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.3 2016-09-01T14:13:14Z 2016-09-01T14:13:14Z David Kalnischkies david@kalnischkies.de 2016-08-31T08:11:07Z urn:sha1:644478e8db56f305601c3628a74e53de048b28c8 memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined 2016-08-31T15:40:15Z Julian Andres Klode jak@debian.org 2016-08-31T15:18:07Z urn:sha1:cf7503d8a09ebce695423fdeb2402c456c18f3d8 If the inner Base256ToNum() returned false, it did not set Num to a new value, causing it to be uninitialized, and thus might have caused the function to exit despite a good result. Also document why the Res = Num, if (Res != Num) magic is done. Reported-By: valgrind 2016-08-26T20:17:54Z Julian Andres Klode jak@debian.org 2016-08-23T17:41:58Z urn:sha1:8757a0fdeee00ea6a7cc717188a0e129ad8a553c This allows other vendors to use different paths, or to build your own APT in /opt for testing. Note that this uses + 1 in some places, as the paths we receive are absolute, but we need to strip of the initial /. 2016-08-26T20:17:13Z Julian Andres Klode jak@debian.org 2016-08-23T18:19:11Z urn:sha1:0fb16c3e678044d6d06ba8a6199b1e96487ee0d8 The C.UTF-8 locale is not portable, so we need to use C, otherwise we crash on other systems. We can use std::locale::classic() for that, which might also be a bit cheaper than using locale("C"). 2016-08-26T13:49:10Z Julian Andres Klode jak@debian.org 2016-08-23T11:15:15Z urn:sha1:24a59c62efafbdb8387b2d3c5616b04b9fd21306 Several modules use std::array without including the array header. Bad modules. Some modules use STDOUT_FILENO and friends, or close() without including unistd.h, where they are defined. One module also uses WIFEXITED() without including sys/wait.h. Finally, environ is not specified to be defined in unistd.h. We are required to define it ourselves according to POSIX, so let's do that. 2016-08-12T18:49:54Z David Kalnischkies david@kalnischkies.de 2016-08-12T17:11:01Z urn:sha1:9445fa62386c80c9822e77484d30b2109aa0f2dc Since its existence in 2010 DirectoryExists was always marked with this attribute, but for no real reason. Arguably a check for the existence of the file is not modifying global state, so theoretically this shouldn't be a problem. It is wrong from a logical point of view through as between two calls the directory could be created so the promise we made to the compiler that it could remove the second call would be wrong, so API wise it is wrong. It's a bit mysterious that this is only observeable on ppc64el and can be fixed by reordering code ever so slightly, but in the end its more our fault for adding this attribute than the compilers fault for doing something silly based on the attribute. LP: 1473674 2016-08-12T12:11:14Z Julian Andres Klode jak@debian.org 2016-08-12T11:55:09Z urn:sha1:15fe8e62d37bc87114c59d385bed7ceefb72886b When checking if a file is empty, we forget to check that fstat() actually worked. 2016-08-12T09:12:10Z David Kalnischkies david@kalnischkies.de 2016-08-12T08:02:28Z urn:sha1:379a36f43d3f4db4afa5ad4fb6f79b89824c999c We use clock() as a very cheap way of getting a "random" value, but the manpage warns that this could return -1, so we should be dealing with this. Additionally, e.g. on hurd-i386 the value increases only slowly – to slow for our fast running tests for randomness hence producing the same range in both samples, so we introduce a simple busy-wait loop (as clock is counting processor time used by the program) in the test which delays the second sample just enough making our randomness a bit more predictable. 2016-08-10T23:36:18Z David Kalnischkies david@kalnischkies.de 2016-08-10T23:36:18Z urn:sha1:6b3ddbd059c403efeb40d81c29f2cae6e8f5b1bf 2016-08-10T21:20:15Z David Kalnischkies david@kalnischkies.de 2016-08-01T19:45:29Z urn:sha1:a1f3ac8aba0675321dd46d074af8abcbb10c19fd If the URI had no password the username was ignored