Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.2.1 2021-02-04T10:00:00Z 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2021-02-03T16:50:05Z urn:sha1:35af71bc026d85aef4af979aa247e837d91dfc1c The rest of our code uses return-code errors and it isn't that nice to crash the rred method on bad patches anyway, so we move to properly reporting errors in our usual way which incidently also helps writing a fuzzer for it. This is not really security relevant though as the patches passed hash verification while they were downloaded, so an attacker has to overtake a trusted repository first which gives plenty better options of attack. 2020-12-18T18:31:19Z David Kalnischkies david@kalnischkies.de 2020-07-09T22:02:25Z urn:sha1:97d6c3b2d05fe0d965657197adf56cc78f9edf81 Every method opts in to getting the encoded URI passed along while keeping compat in case we are operated by an older acquire system. Effectively this is just a change for the http-based methods as the others just decode the URI as they work with files directly. 2020-11-07T21:52:20Z David Kalnischkies david@kalnischkies.de 2020-11-07T21:52:20Z urn:sha1:e5bb443cf58cec23503ad0deeeb06a080053da8a 2020-11-07T20:48:21Z David Kalnischkies david@kalnischkies.de 2020-11-07T20:39:00Z urn:sha1:418f9272606857e312f485778a1ef1b263236463 The acquire system mode does this for a long time already and as it is easy to implement and handy for manual testing as well we can support it in the other modes, too. 2020-11-07T20:48:21Z David Kalnischkies david@kalnischkies.de 2020-11-07T20:23:57Z urn:sha1:9e1398b164f55238990907f63dfdef60588d9b24 Merging patches is a bit of non-trivial code we have for client-side work, but as we support also server-side merging we can export this functionality so that server software can reuse it. Note that this just cleans up and makes rred behave a bit more like all our other binaries by supporting setting configuration at runtime and supporting --help and --version. If you can make due without this, the now advertised functionality is provided already in earlier versions. 2019-04-30T15:43:56Z Julian Andres Klode julian.klode@canonical.com 2019-04-30T10:32:54Z urn:sha1:af74a9e2d55d6a9532eb3fbb9b96c65b7ddc1e4d This needs a fair amount of changes elsewhere in the code, hence this is separate from the previous commits. 2017-10-22T21:38:31Z Julian Andres Klode jak@debian.org 2017-10-22T21:34:03Z urn:sha1:32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. 2017-07-12T11:57:51Z Julian Andres Klode jak@debian.org 2017-07-12T11:40:41Z urn:sha1:87274d0f22e1dfd99b2e5200e2fe75c1b804eac3 This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh. 2017-01-19T03:14:08Z David Kalnischkies david@kalnischkies.de 2017-01-19T03:14:08Z urn:sha1:2984d7aec37e09b473c7b99f43d20622c25dc99d rred can fail for a plentory of reasons, but its failure is usually recoverable (Ign lines) so it shouldn't leak unrequested debug messages to an observing user. Closes: #850759 2016-09-01T14:13:14Z David Kalnischkies david@kalnischkies.de 2016-08-31T08:11:07Z urn:sha1:644478e8db56f305601c3628a74e53de048b28c8 memcpy is marked as nonnull for its input, but ignores the input anyhow if the declared length is zero. Our SHA2 implementations do this as well, it was "just" MD5 and SHA1 missing, so we add the length check here as well as along the callstack as it is really pointless to do all these method calls for "nothing". Reported-By: gcc -fsanitize=undefined