Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.1.exp11 2015-08-27T12:51:47Z 2015-08-27T12:51:47Z Julian Andres Klode jak@debian.org 2015-08-21T16:00:37Z urn:sha1:1c73b0fc41c23a08994ef1464c529e0aacff16de This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version. 2015-08-27T11:58:14Z Julian Andres Klode jak@debian.org 2015-08-27T11:58:14Z urn:sha1:f19d6a77f60b876e5453614d24886aabdd242ef6 2015-08-27T11:45:57Z Julian Andres Klode jak@debian.org 2014-03-16T13:48:11Z urn:sha1:2da8aae5550440742674758280f2d339ba612a31 We dup() the file descriptor when opening compressed files, so we always need to close the dup()ed one. Furthermore, not unsetting the d-pointer causes issues when running OpenDescriptor() multiple times on the same file descriptor. 2015-08-27T11:13:13Z Julian Andres Klode jak@debian.org 2015-08-27T11:10:02Z urn:sha1:b6192267c23ffda1b9c8328537a5f2c83e176c26 By preferring the policy over the depcache, we ignore any changes we made in the depcache, which makes it impossible for code to change the candidate used here. This basically reverts commit 2fbfb111312257fa5fc29b0c2ed386fb712f960e: prefer the Policy if it is built instead of the DepCache and if DepCache is not available as fallback built the Policy But it also cleans the code up a bit, by removing one level of nesting. 2015-08-27T09:27:45Z David Kalnischkies david@kalnischkies.de 2015-08-27T08:41:19Z urn:sha1:e6a12ff73a2e3246b9e475d9772e88c79a6249f7 While Target{,-Add,-Remove} is available for configuring IndexTargets already, allow Targets to be mentioned explicitely as yes/no options as well, so that the Target 'Contents' can be disabled via 'Contents: no' as well as 'Target-Remove: Contents'. 2015-08-27T09:27:45Z David Kalnischkies david@kalnischkies.de 2015-08-27T06:59:20Z urn:sha1:b47b1222a3d23d74d59465b98d97f8871c7c8ad2 Sometimes too much refactoring can have bad effects. Thanks: Niels Thykier for reporting on IRC Git-Dch: Ignore 2015-08-27T09:27:45Z David Kalnischkies david@kalnischkies.de 2015-08-23T11:46:35Z urn:sha1:d12561703c7776f665b68c91bddb28dea0728894 First of, the temporary directory we download the changelog to needs to be owned by _apt, but that also means that we don't need to check if we could/should drop privs as the download happens to a dedicated tempdir and only after that it is moved to its final location by a privileged user. 2015-08-27T09:27:44Z David Kalnischkies david@kalnischkies.de 2015-08-22T14:22:08Z urn:sha1:3a8776a37af38127fb04565959e8e0e449eb04a4 Reported-By: codespell 2015-08-27T09:27:44Z David Kalnischkies david@kalnischkies.de 2015-08-22T09:56:38Z urn:sha1:c4171975018eca191426dc1466b61a967e08921f The parameter name suggests that it should forbid the building of the entire cache in memory, but this isn't how it was previously and as AllowMem is false by default it actually prevents previous usecases from working like being root and configuring apt to build no caches at all. This should be fixed at some point to actually work, but that is hard to pull off as it means switching the default and some callers (including apt itself) actually did call it explicitly with false in certain cases for no apparent reason (at least now where it is common to have enough memory to throw at every problem and even if not is a slow apt usally better than an apt erroring out). Closes: 796459 2015-08-27T09:27:43Z David Kalnischkies david@kalnischkies.de 2015-08-21T22:10:08Z urn:sha1:b6a0018e1c4bb22132e0316a81b7a455c6333cf1 Fetched() was reported for mostly nothing, while we should be calling it for files worked with from non-local sources (e.g. http, but not file or xz). Previously this was called from an acquire item, but got moved to the acquire worker instead to avoid having it (re)implemented in all items, but the checks were faulty.