Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.4_beta2 2016-12-08T14:19:30Z 2016-12-08T14:19:30Z Julian Andres Klode jak@debian.org 2016-12-06T08:35:11Z urn:sha1:6212ee84a517ed68217429022bd45c108ecf9f85 This is a follow up to the previous issue where we did not check if getline() returned -1 due to an end of file or due to an error like memory allocation, treating both as end of file. Here we ensure that we also handle buffered writes correctly by flushing the files before checking for any errors in our error stack. Buffered writes themselves were introduced in 1.1.9, but the function was never called with a buffered file from inside apt until commit 46c4043d741cb2c1d54e7f5bfaa234f1b7580f6c which was first released with apt 1.2.10. The function is public, though, so fixing this is a good idea anyway. Affected: >= 1.1.9 2016-12-08T14:19:21Z Julian Andres Klode jak@debian.org 2016-12-05T22:01:25Z urn:sha1:51be550c5c38a2e1ddfc2af50a9fab73ccf78026 This fixes a security issue where signatures of the InRelease files could be circumvented in a man-in-the-middle attack, giving attackers the ability to serve any packages they want to a system, in turn giving them root access. It turns out that getline() may not only return EINVAL as stated in the documentation - it might also return in case of an error when allocating memory. This fix not only adds a check that reading worked correctly, it also implicitly checks that all writes worked by reporting any other error that occurred inside the loop and was logged by apt. Affected: >= 0.9.8 Reported-By: Jann Horn <jannh@google.com> Thanks: Jann Horn, Google Project Zero for reporting the issue LP: #1647467 2016-11-23T23:21:35Z David Kalnischkies david@kalnischkies.de 2016-11-12T22:22:33Z urn:sha1:8e438ede2f179f2f66268308c24d62952ac06fa4 We report warnings from apt-key this way already since 29c590951f812d9e9c4f17706e34f2c3315fb1f6, so reporting errors seems like a good addition. Most of those errors aren't really from apt-key through, but from the code setting up and actually calling it which used to just print to stderr which might or might not intermix them with (other) progress lines in update calls. Having them as proper error messages in the system means that the errors are actually collected later on for the list instead of ending up with our relatively generic but in those cases bogus hint regarding "is gpgv installed?". The effective difference is minimal as the errors apply mostly to systems which have far worse problems than a not as nice looking error message, which makes this pretty hard to test – but at least now the hint that your system is broken can be read in proper order (= there aren't many valid cases in which the permissions of /tmp are messed up…). LP: #1522988 2016-11-22T21:58:19Z Julian Andres Klode jak@debian.org 2016-09-27T16:59:11Z urn:sha1:f378b41f9ab2493bcbc5892d482b18826b0b84c0 This has the effect of significantly reducing actual string comparisons, and should improve the performance of FindGrp a bit, although it's hardly measureable (callgrind says it uses 10% instructions less now). 2016-11-22T21:58:18Z Julian Andres Klode jak@debian.org 2016-09-27T16:28:55Z urn:sha1:f903069c139df58d1ba855f7cf02c4a2d4e51dc3 Stop copying stuff, and just parse the bytes one by-one to the newly created AddCRC16Byte. This improves the instruction count for an update run from 720,850,121 to 455,801,749 according to callgrind. 2016-11-22T21:58:18Z Julian Andres Klode jak@debian.org 2016-09-27T16:20:02Z urn:sha1:7a3b00b10b6a5a740e07fc1b68a4f3fb3bcdac23 This one has some obvious collisions for non-alphabetical characters, like some control characters also hashing to numbers, but we don't really have those, and these are hash functions which are not collision free to begin with. 2016-11-11T22:38:47Z David Kalnischkies david@kalnischkies.de 2016-11-11T08:18:49Z urn:sha1:e2c8c825a5470e33c25d00e07de188d0e03922c8 apt tools do not really support these other variables, but tools apt calls might, so lets play save and clean those up as needed. Reported-By: Paul Wise (pabs) on IRC 2016-11-09T18:33:33Z David Kalnischkies david@kalnischkies.de 2016-11-09T18:15:01Z urn:sha1:34b491e735ad47c4805e63f3b83a659b8d10262b We can't cleanup the environment like e.g. sudo would do as you usually want the environment to "leak" into these helpers, but some variables like HOME should really not have still the value of the root user – it could confuse the helpers (USER) and HOME isn't accessible anyhow. Closes: 842877 2016-11-09T15:18:54Z Johannes Schauer josch@debian.org 2016-11-09T14:28:15Z urn:sha1:c5f22e483cc0f31f2938874370ac776e40792069 These new enum values might cause "interesting" behaviour in tools not expecting them – like an old apt would think a Build-Conflicts-Arch is some sort of Build-Depends – but that can't reasonably be avoided and effects only packages using B-D/C-A so if there is any breakage the tools can easily be adapted. The APT_PKG_RELEASE number is increased so that libapt users can detect the availability of these new enum fields via: #if APT_PKG_ABI > 500 || (APT_PKG_ABI == 500 && APT_PKG_RELEASE >= 1) Closes: #837395 2016-10-04T17:30:30Z Julian Andres Klode jak@debian.org 2016-10-02T15:20:33Z urn:sha1:0ecceb5bb9cc8727c117195945b7116aceb984fe This fixes a regression introduced in commit 8f858d560e3b7b475c623c4e242d1edce246025a don't leak FD in AutoProxyDetect command return parsing which accidentally made the proxy autodetection code also read the scripts output on stderr, not only on stdout when it switched the code from popen() to Popen(). Reported-By: Tim Small <tim@seoss.co.uk>