Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.7.2 2022-05-07T08:45:44Z 2022-05-07T08:45:44Z David Kalnischkies david@kalnischkies.de 2022-04-20T23:45:45Z urn:sha1:8d8b45a96ceceb015f7836cf25b99279c2f377b9 Building the library just so we can build the helpers against it is not only wasteful but as we are supposed to test the system we can use that as an additional simple smoke test before the real testing starts. 2021-08-29T12:23:26Z David Kalnischkies david@kalnischkies.de 2021-08-29T11:50:31Z urn:sha1:5f6bbfa53c32ec30aff6a2bc8c412616049eab18 If you install dpkg on an empty status file with all recommends and suggests apt wants to install 4000+ packages. The deepest chain seemingly being 236 steps long. And dpkg isn't even the worst (~259). That is a problem as libapt has a hardcoded recursion limit for MarkInstall and friends … set to 100. We are saved by the fact that chains without suggests are much shorter (dpkg has 5, max seems ~43), but I ignored Conflicts in these chains, which typically trigger upgrades, so if two of the worst are chained together we suddenly get dangerously close to the limit still. So, lets just increase the limit into oblivion as it is really just a safety measure we should not be running into to begin with. MarkPackage was running years without it after all. 3000 is picked as a nice number as any other and because it is roughly the half of the stack crashs I saw previously in this branch. 2020-12-09T16:30:43Z Julian Andres Klode julian.klode@canonical.com 2020-10-19T11:22:33Z urn:sha1:d10c68d628fe5342d400a999a6d10c5c7c0cef41 GHSL-2020-169: This first hunk adds a check that we have more files left to read in the file than the size of the member, ensuring that (a) the number is not negative, which caused the crash here and (b) ensures that we similarly avoid other issues with trying to read too much data. GHSL-2020-168: Long file names are encoded by a special marker in the filename and then the real filename is part of what is normally the data. We did not check that the length of the file name is within the length of the member, which means that we got a overflow later when subtracting the length from the member size to get the remaining member size. The file createdeb-lp1899193.cc was provided by GitHub Security Lab and reformatted using apt coding style for inclusion in the test case, both of these issues have an automated test case in test/integration/test-ubuntu-bug-1899193-security-issues. LP: #1899193 2019-05-06T10:14:04Z Julian Andres Klode julian.klode@canonical.com 2019-05-06T09:40:08Z urn:sha1:dfe2511e31f232a8a8880eba40af40d1deb0e49c 2016-11-09T18:33:33Z David Kalnischkies david@kalnischkies.de 2016-11-09T18:15:01Z urn:sha1:34b491e735ad47c4805e63f3b83a659b8d10262b We can't cleanup the environment like e.g. sudo would do as you usually want the environment to "leak" into these helpers, but some variables like HOME should really not have still the value of the root user – it could confuse the helpers (USER) and HOME isn't accessible anyhow. Closes: 842877 2016-09-11T15:44:17Z Julian Andres Klode jak@debian.org 2016-09-11T11:58:40Z urn:sha1:bccb344412a0e97afdf0aaaf41a31124c84f6eaa We need to ignore messages from gcov. All those messages start with profiling: and are printed using vfprintf(), so the only thing we can do is add a library overriding those functions and linking apt-pkg to it. 2016-08-06T20:36:02Z Julian Andres Klode jak@debian.org 2016-08-06T19:32:36Z urn:sha1:dfd863ea50c0fcf9b9ac4dfb5ae0e64c529bd767 This early support seems a bit hacky, but it's a hard switch: The integration tests do not understand the old build system anymore afterwards. I don't really like that.