Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=1.6_alpha2 2017-10-25T22:02:33Z 2017-10-25T22:02:33Z Julian Andres Klode jak@debian.org 2017-10-25T21:16:09Z urn:sha1:39656a6f79e48f86d31c53a939481c07aceca352 This should help debugging crashes. The signal handler is a C++11 lambda, yay! Special care has been taken to only use signal handler -safe functions inside there. 2017-10-25T20:16:24Z Julian Andres Klode jak@debian.org 2017-10-25T19:49:34Z urn:sha1:230b0570532bf2f419608b2043a9d6e02b9467e3 If seccomp is disabled, we fallback to running without it. Qemu fails in the seccomp() call, returning ENOSYS and libseccomp falls back to prctl() without adjusting the pointer, causing the EFAULT. I hope qemu gets fixed at some point to return EINVAL for seccomp via prctl. Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394 2017-10-25T19:40:35Z Julian Andres Klode jak@debian.org 2017-10-25T19:38:31Z urn:sha1:cf1a98baa58360a56f38cc3d5ce01905f6ebc8f4 If FAKED_MODE is set, enable SYSV IPC so we don't crash when running in fakeroot. Closes: #879662 2017-10-23T02:19:19Z Julian Andres Klode jak@debian.org 2017-10-23T01:29:10Z urn:sha1:43b9eb5bac15666fdc0346aca7031fab0fa5e064 Use OBJECT libraries for http and connect stuff, and move the seccomp link expression into a global link_libraries() call. This also fixes a bug where only the http target pulled in the gnutls header arguments despite gnutls being used in connect.cc, and thus by mirror and ftp as well. Adjust translation support to ignore TARGET_OBJECTS sources and add the OBJECT libraries to the translated files. 2017-10-23T00:17:31Z Julian Andres Klode jak@debian.org 2017-10-23T00:17:31Z urn:sha1:669b310a6676f2247165e492b673d2e5bcb06f89 statx was introduced in 4.11, so it fails to build in stretch if we just unconditionally use it. 2017-10-22T23:51:19Z Julian Andres Klode jak@debian.org 2017-10-22T22:35:15Z urn:sha1:f5572ef1daf21d20f4a7d261884291c0acddd947 These are a few overlooked syscalls. Also add readv(), writev(), renameat2(), and statx() in case libc uses them. Gbp-Dch: ignore 2017-10-22T21:38:31Z Julian Andres Klode jak@debian.org 2017-10-22T21:34:03Z urn:sha1:32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else. 2017-10-22T18:27:23Z Julian Andres Klode jak@debian.org 2017-10-22T18:26:55Z urn:sha1:9130b5f9304b7f58273a826ff9acf04e10c6f98e This was a left over from the autodetect move. Gbp-Dch: ignore 2017-10-22T18:25:50Z Julian Andres Klode jak@debian.org 2017-10-22T18:25:50Z urn:sha1:8616c21628c8bff9174a912ca5814e469d49e7cb Sandboxing was turned off because we called pkgAcqMethod's Configuration() instead of aptMethod's. 2017-10-22T16:52:16Z Julian Andres Klode jak@debian.org 2017-10-21T13:44:43Z urn:sha1:1a76517470ebc2dd3f96e39ebe6f3706d6dd78da This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp.