Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.11 2020-08-04T10:12:30Z 2020-08-04T10:12:30Z Julian Andres Klode jak@debian.org 2020-08-04T10:12:30Z urn:sha1:11530bab64efd4b4fc46de7833533cea9c69f521 Remove master/slave terminology See merge request apt-team/apt!124 2020-08-04T10:12:11Z Julian Andres Klode julian.klode@canonical.com 2020-07-14T14:34:20Z urn:sha1:7d8bb855487d6821b0cd6bf5d2270ed8fda3d1a3 2020-08-04T10:07:10Z Julian Andres Klode jak@debian.org 2020-08-04T10:07:10Z urn:sha1:1afe7c8b874abb61cde591e0241b967ef1b99991 Fully deprecate apt-key, schedule removal for Q2/2022 See merge request apt-team/apt!119 2020-07-02T16:57:11Z David Kalnischkies david@kalnischkies.de 2020-06-30T08:11:09Z urn:sha1:1bfc0907c987758529bcdc4ebfb34364702a2d8b It isn't needed to iterate over all results if we will be doing nothing anyhow as it isn't that common to have that debug option enabled. 2020-05-18T13:55:36Z David Kalnischkies david@kalnischkies.de 2020-05-15T11:29:36Z urn:sha1:19790db8900bc9baac29cf58600152997a8ecef8 The variable this is read to is named Junk and that it is for usecases like apt-ftparchive which just looks at the items metadata, so instead of performing this hunked read for data nobody will process we just tell our FileFd to skip ahead (Internally it might still loop over the data depending on which compressor is involved). 2020-05-18T13:55:36Z David Kalnischkies david@kalnischkies.de 2020-05-13T21:01:38Z urn:sha1:5534bb3ad346ef4435e6fd0fe326771a4bde16a1 With FileFd::Write we already have a helper for this situation we can just make use of here instead of hoping for the best or rolling our own solution here. 2020-05-18T13:55:36Z David Kalnischkies david@kalnischkies.de 2020-05-18T09:55:54Z urn:sha1:c470d92366d7c3c239a689f0a10d6d0d9daafbff Our testcases had their own implementation of GetTempFile with the feature of a temporary file with a choosen suffix. Merging this into GetTempFile lets us drop this duplicate and hence test more our code rather than testing our helpers for test implementation. And then hashsums_test had another implementation… and extracttar wasn't even trying to use a real tempfile… one GetTempFile to rule them all! That also ensures that these tempfiles are created in a temporary directory rather than the current directory which is a nice touch and tries a little harder to clean up those tempfiles. 2020-05-18T13:55:36Z David Kalnischkies david@kalnischkies.de 2020-05-13T06:42:02Z urn:sha1:37cc8dcda9e97e0b9420d37bb886081fa629847d Not all filesystems implement this feature in all versions of Linux, so this open call can fail & we have to fallback to our old method. 2020-05-12T16:55:55Z Julian Andres Klode julian.klode@canonical.com 2020-05-12T09:49:09Z urn:sha1:dceb1e49e4b8e4dadaf056be34088b415939cda6 When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177 2020-05-06T10:33:39Z Julian Andres Klode julian.klode@canonical.com 2020-05-06T10:33:39Z urn:sha1:ee284d5917d09649b68ff1632d44e892f290c52f People are still using apt-key add and friends, despite that not being guaranteed to work. Let's tell them to stop doing so. We might still want a list command at a future point, but this needs deciding, and a blanket ban atm seems like a sensible step until we figured that out.