Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.2 2020-05-12T16:55:55Z 2020-05-12T16:55:55Z Julian Andres Klode julian.klode@canonical.com 2020-05-12T09:49:09Z urn:sha1:dceb1e49e4b8e4dadaf056be34088b415939cda6 When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177 2020-05-08T13:52:14Z David Kalnischkies david@kalnischkies.de 2020-05-08T10:38:02Z urn:sha1:30fa50e8d593556553147478a2d5ea7a550f9e16 apt marks packages coming from the commandline among others as protected to ensure the various resolver parts do not fiddle with the state of these packages. aptitude (and potentially others) do not so the state is modified (to a Keep which for uninstalled means it is not going to be installed) due to being uninstallable before the call fails – basically reverting at least some state changes the call made before it realized it has to fail, which is usually a good idea, except if users expect you to not do it. They do set the FromUser option though which has beside controlling autobit also gained the notion of "the user is always right" over time and can be used for this one here as well preventing the state revert. References: 0de399391372450d0162b5a09bfca554b2d27c3d Reported-By: Jessica Clarke <jrtc27@debian.org> on IRC 2020-05-04T10:48:56Z Julian Andres Klode julian.klode@canonical.com 2020-05-04T10:23:50Z urn:sha1:75f59b16312523ab3deb995c48e8c8ae07586c23 Reinstate * wildcards as they are safe to use, but do not allow any other special characters such as ? or []. Notably, ? would overlap with patterns, and [] might overlap with future pattern extensions (alternative bracketing style), it's also hard to explain. Closes: #953531 LP: #1872200 2020-04-27T11:51:46Z David Kalnischkies david@kalnischkies.de 2020-04-27T11:51:46Z urn:sha1:ae23e53f99ea0b7920744a7303fdee64796b7cce Strange things happen if while resolving the dependencies of a package said dependencies want to remove the package. The allow-scores test e.g. removed the preferred alternative in favor of the last one now that they were exclusive. In our or-group for Recommends we would "just" not statisfy the Recommends and for Depends we engage the ProblemResolver… 2020-04-27T11:49:43Z David Kalnischkies david@kalnischkies.de 2020-04-26T19:09:14Z urn:sha1:ca14e1e2c3f3c9782f374757ca4605ce7e5670ad In normal upgrade scenarios this is no problem as the orgroup member will be marked for upgrade already, but on a not fully upgraded system (or while you operate on a different target release) we would go with our usual "first come first serve" approach which might lead us to install another provider who comes earlier – bad if the providers conflict. 2020-04-27T11:49:19Z David Kalnischkies david@kalnischkies.de 2020-04-27T11:49:19Z urn:sha1:f76a8d331a81bc7b102bdd4e0f8363e8a59f64f6 If a package is protected and has a dependency satisfied only by a single package (or conflicts with a package) this package must be part of the solution and so we can help later actions not exploring dead ends by propagating the protected flag to these "pseudo-protected" packages. An (obscure) bug this can help prevent (to some extend) is shown in test-apt-never-markauto-sections by not causing irreversible autobit transfers. As a sideeffect it seems also to help our crude ShowBroken to display slightly more helpful messages involving the packages which are actually in conflict. 2020-04-27T11:48:33Z David Kalnischkies david@kalnischkies.de 2020-04-27T11:48:33Z urn:sha1:347ea3f76ab263c729468e07b910ae027b66c9d8 MarkDelete is not recursive as MarkInstall is and we can not conflict with ourselves anyhow, so we can move the unavoidable deletes before changing the state of the package in question avoiding the need for the state update in case of conflicts we can not deal with (e.g. the package conflicts with an explicit user request). 2020-04-27T11:47:08Z David Kalnischkies david@kalnischkies.de 2020-04-26T11:14:43Z urn:sha1:76498d46855c88b90316e4369ac32050db9a9d23 Should be easier to move the code bits around then and it helps in documenting a bit what the blocks do and how they interact (or not). 2020-04-27T11:45:59Z David Kalnischkies david@kalnischkies.de 2020-04-26T11:11:31Z urn:sha1:0de399391372450d0162b5a09bfca554b2d27c3d We do pretty much the same in IsInstallOk, but here we have already set the state, so we have to unroll the state as well to sort-of replicate the state we were in before this MarkInstall failed. 2020-04-27T11:45:41Z David Kalnischkies david@kalnischkies.de 2020-04-27T11:45:41Z urn:sha1:924704ba1dc13f73edb0db6c3c8c07ccf0ec26b6 This fixes no bugs per se, but the idea is to delay more costly changes and check easier things first. It e.g. inhibits the moving of the autobit until we are sure that this MarkInstall call isn't going to fail (e.g. because a dependency isn't satisfiable).