Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.2.0 2021-02-12T16:13:57Z 2021-02-12T16:13:57Z Julian Andres Klode julian.klode@canonical.com 2021-02-12T16:13:57Z urn:sha1:5bfc150688ea748595b6535eb1dc5d777baf16e4 std::regex pulls in about 50 weak symbols which is complete and utter madness, especially because we version all our symbols, so no other library could ever reuse them. Avoid using the regular expression here all together, loop using string::find_first_of() and insert backslashes with strng::insert(). 2021-02-12T11:53:57Z Julian Andres Klode julian.klode@canonical.com 2021-02-12T11:53:57Z urn:sha1:3b198616423daaef69c938fbcc5dd11a1e8f866c 2021-02-09T09:38:48Z Julian Andres Klode jak@debian.org 2021-02-09T09:38:48Z urn:sha1:cb60beb83610783f664da0bbe1cdb7211aaba90f Various patches uplifted from unfinished fuzzer branches See merge request apt-team/apt!158 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2021-02-03T21:41:56Z urn:sha1:a158e78152316f56b1a324a42a2f00f0a8662ac3 Depending on your configured source 25 MB is hardly enough, so the mmap housing the cache while it is build has to grow. Repeatedly. We can cut down on the repeats of this by keeping a record of the size of the old cache assuming the sizes will remain roughly in the same ballpark. 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2021-02-03T20:47:00Z urn:sha1:c31ba27ecf7e35e03af34c3d74d3c6c93976f89c APT tries to detect if applying patches is more costly than just downloading the complete index by combining the size of the patches. That is correct for client-side merging, but for server-side merging we actually don't know if we will jump directly from old to current or have still intermediate steps in between. With this commit we assume it will be a jump from old to current through as that is what dak implements and it seems reasonable if you go to the trouble of server side merging that the server does the entire merging in one file instead of leaving additional work for the client to do. Note that this just changes the heuristic to prevent apt from discarding patches as uneconomic in the now more common one merged-patch style, it still supports multiple merged patches as before. To resolve this cleanly we would need another field in the index file declaring which hash we will arrive at if a patch is applied (or a field differentiating between these merged-patch styles at least), but that seems like overkill for now. 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2020-06-28T18:52:09Z urn:sha1:96dc40b19623621a9cc2c5541fb3adbbceb553b1 varg API is a nightmare as the symbols seems different on ever other arch, but more importantly SendMessage does a few checks on the content of the message and it is all outputted via C++ iostreams and not mixed in FILE* which is handy for overriding the streams. 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2020-06-08T15:07:43Z urn:sha1:f7e6eaf84bebac565f462e2ce48f30808cc771eb The undefined behaviour sanitizer complains with: runtime error: addition of unsigned offset to 0x… overflowed to 0x… Compilers and runtime do the right thing in any case and it is a codepath that can (and ideally should) be avoided for speed reasons alone, but fixing it can't hurt (too much). 2021-02-03T23:48:22Z David Kalnischkies david@kalnischkies.de 2021-02-03T23:48:22Z urn:sha1:f701eb209fcc94e5b4f80656270d2fa21663b364 For years I subconsciously thought this is wrong but ignored it: $ LANG=C apt install -s Reading package lists... Done Building dependency tree Reading state information... Done Then I noticed: $ LANG=C apt install -s -o dir::state::extended_states=/dev/null Reading package lists... Done Building dependency tree... Done That can't be! Then it really should be: $ LANG=C apt install -s Reading package lists... Done Building dependency tree... Done Reading state information... Done This oddity seems to be in since the introduction of the auto bit in 2005 which makes this rather hard to solve in theory, but in practice no front end seems to call the readStateFile method directly, so we might actually be lucky. The alternative would be to call Done in the calling method and again at the end of readStateFile while dropping it from the current place, but as that is more shuffling around it could be more upsetting for other front ends. Not sure, but now that I have seen it, I want to have it fixed one way or another… aptitude at least seems not to explode. References: afb1e2e3bb580077c6c917e6ea98baad8f3c39b3 2021-02-03T16:43:13Z David Kalnischkies david@kalnischkies.de 2021-02-03T16:40:05Z urn:sha1:c4da2ff42da55ffc38c77a9170dc151216d75962 Our configuration files are not security relevant, but having a parser which avoids crashing on them even if they are seriously messed up is not a bad idea anyway. It is also a good opportunity to brush up the code a bit avoiding a few small string copies with our string_view. 2021-02-03T16:36:46Z David Kalnischkies david@kalnischkies.de 2020-05-13T07:07:19Z urn:sha1:e0743a85c5f5f2f83d91c305450e8ba192194cd8 strtoul(l) surprises us with parsing negative values which should not exist in the places we use to parse them, so we can just downright refuse them rather than trying to work with them by having them promoted to huge positive values.