Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_alpha2 2017-10-25T22:02:33Z 2017-10-25T22:02:33Z Julian Andres Klode jak@debian.org 2017-10-25T21:16:09Z urn:sha1:39656a6f79e48f86d31c53a939481c07aceca352 This should help debugging crashes. The signal handler is a C++11 lambda, yay! Special care has been taken to only use signal handler -safe functions inside there. 2017-10-25T20:16:24Z Julian Andres Klode jak@debian.org 2017-10-25T19:49:34Z urn:sha1:230b0570532bf2f419608b2043a9d6e02b9467e3 If seccomp is disabled, we fallback to running without it. Qemu fails in the seccomp() call, returning ENOSYS and libseccomp falls back to prctl() without adjusting the pointer, causing the EFAULT. I hope qemu gets fixed at some point to return EINVAL for seccomp via prctl. Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394 2017-10-25T19:40:35Z Julian Andres Klode jak@debian.org 2017-10-25T19:38:31Z urn:sha1:cf1a98baa58360a56f38cc3d5ce01905f6ebc8f4 If FAKED_MODE is set, enable SYSV IPC so we don't crash when running in fakeroot. Closes: #879662 2017-10-23T00:17:31Z Julian Andres Klode jak@debian.org 2017-10-23T00:17:31Z urn:sha1:669b310a6676f2247165e492b673d2e5bcb06f89 statx was introduced in 4.11, so it fails to build in stretch if we just unconditionally use it. 2017-10-22T23:51:19Z Julian Andres Klode jak@debian.org 2017-10-22T22:35:15Z urn:sha1:f5572ef1daf21d20f4a7d261884291c0acddd947 These are a few overlooked syscalls. Also add readv(), writev(), renameat2(), and statx() in case libc uses them. Gbp-Dch: ignore 2017-10-22T21:38:31Z Julian Andres Klode jak@debian.org 2017-10-22T21:34:03Z urn:sha1:32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T20:21:44Z urn:sha1:881ec045b6660e2fe0c6953720260e380ceeeb99 Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T14:24:21Z urn:sha1:ea408c560ed85bb4ef7cf8f72f8463653501332c We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181 2017-07-12T11:57:51Z Julian Andres Klode jak@debian.org 2017-07-12T11:40:41Z urn:sha1:87274d0f22e1dfd99b2e5200e2fe75c1b804eac3 This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh. 2017-07-12T11:56:05Z Julian Andres Klode jak@debian.org 2017-07-12T11:50:31Z urn:sha1:78fcdd9629022c0c37742614351f5b02fed97607