Debians commandline package manager https://git.kalnischkies.de/apt/atom?h=2.1.19 2021-02-04T10:00:00Z 2021-02-04T10:00:00Z David Kalnischkies david@kalnischkies.de 2021-02-04T08:38:01Z urn:sha1:131d0e3a261076da715102cb79275988cac810d1 The grep for case-insensitive GPG finds also e.g. "/tmp/tmp.Kc5kKgPg0D" which is not the intention, so we simply eliminate the variation of the /tmp directory here from the output to prevent these false positives. Gbp-Dch: Ignore 2021-02-03T16:43:13Z David Kalnischkies david@kalnischkies.de 2021-02-03T16:40:05Z urn:sha1:c4da2ff42da55ffc38c77a9170dc151216d75962 Our configuration files are not security relevant, but having a parser which avoids crashing on them even if they are seriously messed up is not a bad idea anyway. It is also a good opportunity to brush up the code a bit avoiding a few small string copies with our string_view. 2021-02-03T16:36:46Z David Kalnischkies david@kalnischkies.de 2020-05-13T07:07:19Z urn:sha1:e0743a85c5f5f2f83d91c305450e8ba192194cd8 strtoul(l) surprises us with parsing negative values which should not exist in the places we use to parse them, so we can just downright refuse them rather than trying to work with them by having them promoted to huge positive values. 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:44:27Z urn:sha1:ed192f410da36aedf5e54bb3f967e6613ab4bb51 This has no attack surface though as the loop is to end very soon anyhow and the method only used while reading CD-ROM mountpoints which seems like a very unlikely attack vector… 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:41:43Z urn:sha1:10f13938bbf1474451fadcd62e1c31c4b5f5b3d7 For \xff and friends with the highest bit set and hence being a negative value on signed char systems the wrong encoding is produced as we run into undefined behaviour accessing negative array indexes. We can avoid this problem simply by using an unsigned data type. 2021-02-03T16:36:45Z David Kalnischkies david@kalnischkies.de 2020-12-03T09:35:29Z urn:sha1:1b3ad3891465f8b72bcedfb4edd513cb74eec7f3 References: 2497198e9599a6a8d4d0ad08627bcfc7ea49c644 Gbp-Dch: Ignore 2021-02-02T18:56:46Z David Kalnischkies david@kalnischkies.de 2020-12-02T14:51:09Z urn:sha1:f2c087449286812823d06d1b560fa947e438fa0d Explicitly opening a tar member is a bit harder than it needs to be as you have to remove the compressor extension so that it can be guessed here gain potentially choosing the wrong member. Doesn't really matter for deb packages of course as the member count is pretty low and strongly defined, but testing is easier this way. It also finally fixes an incorrectly formatted error message. 2021-01-27T11:48:58Z Julian Andres Klode julian.klode@canonical.com 2021-01-27T11:31:05Z urn:sha1:ccd952cc8793bc6b866f92912ef0bb51c42eb540 We do download all translations we ever downloaded, but we don't add all of those to the cache, meaning that if we run update with LANG=C, it might still download your de_DE translation, but it won't insert it into the cache, causing your de_DE user to not get translated messages. LP: #1907850 2021-01-13T15:55:55Z Julian Andres Klode julian.klode@canonical.com 2021-01-13T15:55:55Z urn:sha1:569c836154e17f09c1c96231b2230c9d23a4324f 2021-01-08T16:58:44Z Julian Andres Klode julian.klode@canonical.com 2021-01-08T16:52:53Z urn:sha1:c7123bea6a8dc2c9e327ce41ddfc25e29f1bb145 People have been asking for a feature to error out on transient network errors for a while, this gives them one while keeping the door open for other modes we need, such as --error-on=no-success which we need to determine when to retry the daily update job. Closes: #594813 (and a whole bunch of duplicates...)