Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_alpha1 2017-10-22T23:51:19Z 2017-10-22T23:51:19Z Julian Andres Klode jak@debian.org 2017-10-22T22:35:15Z urn:sha1:f5572ef1daf21d20f4a7d261884291c0acddd947 These are a few overlooked syscalls. Also add readv(), writev(), renameat2(), and statx() in case libc uses them. Gbp-Dch: ignore 2017-10-22T21:38:31Z Julian Andres Klode jak@debian.org 2017-10-22T21:34:03Z urn:sha1:32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. 2017-10-22T18:27:23Z Julian Andres Klode jak@debian.org 2017-10-22T18:26:55Z urn:sha1:9130b5f9304b7f58273a826ff9acf04e10c6f98e This was a left over from the autodetect move. Gbp-Dch: ignore 2017-10-22T18:25:50Z Julian Andres Klode jak@debian.org 2017-10-22T18:25:50Z urn:sha1:8616c21628c8bff9174a912ca5814e469d49e7cb Sandboxing was turned off because we called pkgAcqMethod's Configuration() instead of aptMethod's. 2017-10-22T16:52:16Z Julian Andres Klode jak@debian.org 2017-10-21T13:44:43Z urn:sha1:1a76517470ebc2dd3f96e39ebe6f3706d6dd78da This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp. 2017-09-26T17:32:15Z David Kalnischkies david@kalnischkies.de 2017-09-26T17:27:30Z urn:sha1:f3e34838d95132e5f318e85525326decbfb19e36 APT connects just fine to any .onion address given, only if the connect fails somehow it will perform checks on the sanity of which in this case is checking the length as they are well defined and as the strings are arbitrary a user typing them easily mistypes which apt should can be slightly more helpful in figuring out by saying the onion hasn't the required length. 2017-09-24T18:36:41Z Julian Andres Klode jak@debian.org 2017-09-24T18:33:49Z urn:sha1:5e770a07c8fd649340e83725f6d07b94c361e87c This automatically removes any old apt-transport-https, as apt now Breaks it unversioned. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T20:21:44Z urn:sha1:881ec045b6660e2fe0c6953720260e380ceeeb99 Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup. 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T19:59:01Z urn:sha1:6291fa81da6ed4c32d0dde33fa559cd155faff11 On HTTP Connect we since recently look into the auth.conf file for login information, so we should really look for all proxies into the file as the argument is the same as for sources entries and it is easier to document (especially as the manpage already mentions it as supported). 2017-07-26T17:09:04Z David Kalnischkies david@kalnischkies.de 2017-07-07T14:24:21Z urn:sha1:ea408c560ed85bb4ef7cf8f72f8463653501332c We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181