apt/apt-pkg/deb, branch 1.7.0_alpha1

Fix lock counting in debSystem

2018-06-13T21:36:08Z

debSystem uses a reference counted lock, so you can acquire it multiple times in your applications, possibly nested. Nesting locks causes a fd leak, though, as we only increment the lock count when we already have locked twice, rather than once, and hence when we call lock the second time, instead of increasing the lock count, we open another lock fd. This fixes the code to check if we have locked at all (> 0). There is no practical problem here aside from the fd leak, as closing the new fd releases the lock on the old one due to the weird semantics of fcntl locks.

Start pkg records for deb files with dpkg output

2018-05-11T15:58:46Z

It is easier to prepend our fields, but that results in confusion for things working on the so generated records as they don't start with the usual "Package" – that shouldn't be a problem in theory, but in practice e.g. "apt-cache show" shows these records directly to the user who will probably be more confused by it than tools.

Remove obsolete RCS keywords

2018-05-07T11:41:31Z

Prompted-by: Jakub Wilk

Fix various typos reported by spellcheckers

2018-05-04T22:34:27Z

Reported-By: codespell & spellintian Gbp-Dch: Ignore

Check that Date of Release file is not in the future

2018-02-19T15:05:01Z

By restricting the Date field to be in the past, an attacker cannot just create a repository from the future that would be accepted as a valid update for a repository. This check can be disabled by Acquire::Check-Date set to false. This will also disable Check-Valid-Until and any future date related checking, if any - the option means: "my computers date cannot be trusted." Modify the tests to allow repositories to be up to 10 hours in the future, so we can keep using hours there to simulate time changes.

Introduce inrelease-path option for sources.list

2018-01-17T10:52:38Z

Allow specifying an alternative path to the InRelease file, so you can have multiple versions of a repository, for example. Enabling this option disables fallback to Release and Release.gpg, so setting it to InRelease can be used to ensure that only that will be tried. We add two test cases: One for checking that it works, and another for checking that the fallback does not happen. Closes: #886745

dpkg status parsing: check if name is valid before use

2018-01-05T00:18:40Z

The summary line sounds a bit much: what we end up doing is just adding two more guards before using results which should always be valid™. That these values aren't valid is likely a bug in itself somewhere, but that is no reason for crashing.

give the methods more metadata about the files to acquire

2017-12-13T22:56:29Z

We have quite a bit of metadata available for the files we acquire, but the methods weren't told about it and got just the URI. That is indeed fine for most, but to avoid methods trying to parse the metadata out of the provided URIs (and fail horribly in edgecases) we can just as well be nice and tell them stuff directly.

convert various c-style casts to C++-style

2017-12-13T22:53:34Z

gcc was warning about ignored type qualifiers for all of them due to the last 'const', so dropping that and converting to static_cast in the process removes the here harmless warning to avoid hidden real issues in them later on. Reported-By: gcc Gbp-Dch: Ignore

deprecate the single-line deprecation ignoring macro

2017-12-13T22:53:26Z

gcc has problems understanding this construct and additionally thinks it would produce multiple lines and stuff, so to keep using it isn't really worth it for the few instances we have: We can just write the long form there which works better. Reported-By: gcc Gbp-Dch: Ignore