summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Release 1.6~alpha51.6_alpha5Julian Andres Klode2017-11-125-6/+17
|
* Dutch manpage translation updateFrans Spiesschaert2017-11-121-72/+50
| | | | Closes: #881402
* Do not attempt seccomp under qemu-user and drop EFAULT workaroundJulian Andres Klode2017-11-121-1/+37
| | | | | | | | | | | | | | | | | | | qemu-user passes prctl()-based seccomp through to the kernel, umodified. That's bad, as it blocks the wrong syscalls. We ignored EFAULT which fixed the problem for targets with different pointer sizes from the host, but was a bad hack. In order to identify qemu we can rely on the fact that qemu-user prints its version and exits with 0 if QEMU_VERSION is set to an unsupported value. If we run a command that should fail in such an environment, and it exits with 0, then we are running in qemu-user. apt-helper is an obvious command to run. The tests ensure it exits with 1, and it only prints usage information. We also could not use /bin/false because apt might just as well be from a foreign arch while /bin/false is not. Closes: #881519
* [amend] Use a versioned breaks for a-t-https in apt1.6_alpha4Julian Andres Klode2017-11-051-1/+1
| | | | | | | We need to use a versioned breaks again, otherwise the transitional package would not be installable. Gbp-Dch: ignore
* Release 1.6~alpha4Julian Andres Klode2017-11-055-6/+14
|
* Add ${misc:Depends} to apt-transport-https dependsJulian Andres Klode2017-11-051-1/+1
| | | | | | Makes lintian happy, but is basically useless Gbp-Dch: ignore
* Re-introduce a transitional apt-transport-httpsJulian Andres Klode2017-11-051-0/+9
| | | | | This fixes issues with debootstrap. The package will disappear after the release of buster.
* debian: Bump Standards-Version to 4.1.1Julian Andres Klode2017-10-291-1/+1
| | | | No further changes required.
* debian: Set Rules-Requires-Root: noJulian Andres Klode2017-10-291-0/+1
| | | | We don't need fakeroot for building!
* Release 1.6~alpha31.6_alpha3Julian Andres Klode2017-10-285-6/+21
|
* use store: instead of gzip: to open local changelogsDavid Kalnischkies2017-10-281-2/+2
| | | | Regression-Of: cc1f94c95373670fdfdb8e2d6cf9125181f7df0c
* Also use FindULL for checking if the size tags is validJulian Andres Klode2017-10-281-2/+2
| | | | | | | | It used FindI() > 0, but if it is too big, FindI() would cause an error "Cannot convert %s to integer: out of range", so let's also use FindULL() here. Gbp-Dch: ignore
* Prevent overflow in Installed-Size (and Size) in apt showJulian Andres Klode2017-10-282-2/+14
| | | | | | | | | | | Installed-Size for linux-image-4.13.0-1-amd64-dbg and friends are larger than 4 GB, but read as a signed integer - that's fine so far, as the value is in KB, but it's multiplied with 1024 which overflows. So let's read it as unsigned long long instead. While we're at it, also use unsigned long long for Size, in case that is bigger than 2 GB.
* seccomp: Allow clock_nanosleep() and nanosleep() syscallsJulian Andres Klode2017-10-271-0/+2
| | | | We sleep in http.cc, so we should allow the sleeping syscalls.
* Drop unused gzip, lzma, bzip2, and xz symlinks of storeJulian Andres Klode2017-10-261-1/+1
| | | | | | The store method replaced them all, the symlinks where mostly for partial upgrades or whatever, they should not be needed any longer.
* seccomp: Allow ipc() for fakeroot, and allow sysinfo() for sortJulian Andres Klode2017-10-261-0/+2
| | | | | | | Sorting apparently calls sysconf() which calls sysinfo() to get free pages or whatever. Closes: #879814, #879826
* debian/tests/control: Add dpkg so we get triggered by itJulian Andres Klode2017-10-261-1/+1
| | | | | | We do want to get our autopkgtests triggered by dpkg uploads in Ubuntu, but this does not happen because we don't have an explicit dependency on it. Add one.
* Release 1.6~alpha21.6_alpha2Julian Andres Klode2017-10-265-6/+17
|
* CMake: Get rid of some debugging messagesJulian Andres Klode2017-10-261-2/+0
| | | | | | | | | | This fixes a regression introduced in commit 43b9eb5bac15666fdc0346aca7031fab0fa5e064 CMake: methods: Cleanup link libraries, use OBJECT libraries Gbp-Dch: ignore
* Print syscall number and arch to stderr when trapped by seccompJulian Andres Klode2017-10-262-0/+34
| | | | | | This should help debugging crashes. The signal handler is a C++11 lambda, yay! Special care has been taken to only use signal handler -safe functions inside there.
* Only warn about seccomp() EINVAL (normal) and EFAULT (qemu) errorsJulian Andres Klode2017-10-251-3/+5
| | | | | | | | | | If seccomp is disabled, we fallback to running without it. Qemu fails in the seccomp() call, returning ENOSYS and libseccomp falls back to prctl() without adjusting the pointer, causing the EFAULT. I hope qemu gets fixed at some point to return EINVAL for seccomp via prctl. Bug-Qemu: https://bugs.launchpad.net/qemu/+bug/1726394
* Don't segfault if receiving a method warning on empty queueJulian Andres Klode2017-10-251-1/+1
| | | | | | | We would like to issue a warning about seccomp support in Configuration(), but since the queue is empty, there is no current item to show the URL for and we get a segfault. Show the protocol instead.
* methods: Enable additional syscalls (SYSV IPC) in fakerootJulian Andres Klode2017-10-251-0/+10
| | | | | | | If FAKED_MODE is set, enable SYSV IPC so we don't crash when running in fakeroot. Closes: #879662
* CMake: methods: Cleanup link libraries, use OBJECT librariesJulian Andres Klode2017-10-233-18/+20
| | | | | | | | | | | | Use OBJECT libraries for http and connect stuff, and move the seccomp link expression into a global link_libraries() call. This also fixes a bug where only the http target pulled in the gnutls header arguments despite gnutls being used in connect.cc, and thus by mirror and ftp as well. Adjust translation support to ignore TARGET_OBJECTS sources and add the OBJECT libraries to the translated files.
* seccomp: Conditionalize statx() whitelistingJulian Andres Klode2017-10-231-0/+2
| | | | | statx was introduced in 4.11, so it fails to build in stretch if we just unconditionally use it.
* Release 1.6~alpha11.6_alpha1Julian Andres Klode2017-10-2348-93/+121
|
* seccomp: Add missing syscalls for ppc64el, i386, and othersJulian Andres Klode2017-10-231-0/+11
| | | | | | | These are a few overlooked syscalls. Also add readv(), writev(), renameat2(), and statx() in case libc uses them. Gbp-Dch: ignore
* Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode2017-10-2215-19/+291
| | | | | | | | | | | | This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
* methods/basehttp.cc: Remove proxy autodetect debugging codeJulian Andres Klode2017-10-221-2/+0
| | | | | | This was a left over from the autodetect move. Gbp-Dch: ignore
* methods/mirror: Enable sandboxing and other aptMethod featuresJulian Andres Klode2017-10-221-1/+1
| | | | | Sandboxing was turned off because we called pkgAcqMethod's Configuration() instead of aptMethod's.
* Run the ProxyAutoDetect script in the sandbox againJulian Andres Klode2017-10-223-1/+13
| | | | | | | | The previous change moved running the proxy detection program from the method to the main process, so it runs as root and not as _apt. This brings it back into the sandbox. Gbp-Dch: ignore
* Run Proxy-Auto-Detect script from main processJulian Andres Klode2017-10-225-7/+48
| | | | | | | This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp.
* Fix testsuite for and add new fields from dpkg 1.19Julian Andres Klode2017-10-204-6/+13
| | | | | | | | | | | tagfile-order.c: Add missing fields from dpkg 1.19 For binary packages, this is Build-Essential; for source packages, it is Description. test-bug-718329-...: Ignore control.tar.*, changes in dpkg 1.19 test-apt-extracttemplates: Fix for dpkg 1.19
* Dutch program translation updateFrans Spiesschaert2017-10-201-7/+10
| | | | Closes: #879137
* zh_CN.po: Update Simplified Chinese programs translationMo Zhou2017-10-081-6/+6
|
* avoid using NULL in varadic function for cmdline parsingDavid Kalnischkies2017-10-051-20/+13
| | | | | | | | | | | | | | | | | | | cppcheck reports: (portability) Passing NULL after the last typed argument to a variadic function leads to undefined behaviour. We don't ship on any platform which has this as undefined behaviour through – or it would be pretty well defined "bad" behaviour which always works, so even through UB is a trigger word, its hardly noteworthy as a change (and as a bonus the scanners of gcc/clang don't consider it UB). The commonly accepted method of fixing that seems to be (const char*)NULL, but it is in fact much simpler to just switch to the varadic functions C++ provides resolving the warning and reducing code. Reported-By: cppcheck Gbp-Dch: Ignore
* remove pointless va_copy to avoid cleanup danceDavid Kalnischkies2017-10-051-18/+12
| | | | | | | | | | A va_copy call needs to be closed in all branches with va_end, so these functions would need to be reworked slightly, but we don't actually need to copy the va_list as we don't work on it, we just push it forward, so dropping the copy and everyone is happy. Reported-By: cppcheck Gbp-Dch: Ignore
* ignore unsupported key formats in apt-keyDavid Kalnischkies2017-10-053-43/+96
| | | | | | | | | | | | | | | | | | | gpg2 generates keyboxes by default and users end up putting either those or armored files into the trusted.gpg.d directory which apt tools neither expect nor can really work with without fortifying backward compatibility (at least under the ".gpg" extension). A (short) discussion about how to deal with keyboxes happened in https://lists.debian.org/deity/2017/07/msg00083.html As the last message in that thread is this changeset lets go ahead with it and see how it turns out. The idea is here simply that we check the first octal of a gpg file to have one of three accepted values. Testing on my machines has always produced just one of these, but running into those values on invalid files is reasonabily unlikely to not worry too much. Closes: #876508
* send the hashes for alternative file correctlyDavid Kalnischkies2017-10-051-4/+4
| | | | | | | | | This isn't really used by the acquire system at all at the moment and the only method potentially sending this information is file://, but that used to be working correctly before broken in 2013, so better fix it now and worry about maybe using the data some day later. Regression-Of: b3501edb7091ca3aa6c2d6d96dc667b8161dd2b9
* use pkgTagSection::Key in srcRecords parserDavid Kalnischkies2017-09-261-32/+34
| | | | | | | | | Using hardcoded array-indexes in the build-dependency parsing is efficient, but less discoverable and easier to break. We can avoid this by making it even more efficient (not that it would be noticeable) allowing us to do explicitly named comparisons instead. Gbp-Dch: Ignore
* allow empty build-dependency fields in the parserDavid Kalnischkies2017-09-262-1/+5
| | | | | | | | | | | APT used to parse only wellformed files produced by repository creation tools which removed empty files as pointless before apt would see them. Now that apt can be told to parse e.g. debian/control files directly, it needs to be a little more accepting through: We had this with comments already, now let it deal with the far more trivial empty fields. Closes: #875363
* proper error reporting for v3 onion servicesDavid Kalnischkies2017-09-262-7/+27
| | | | | | | | | APT connects just fine to any .onion address given, only if the connect fails somehow it will perform checks on the sanity of which in this case is checking the length as they are well defined and as the strings are arbitrary a user typing them easily mistypes which apt should can be slightly more helpful in figuring out by saying the onion hasn't the required length.
* Drop curl method and apt-transport-https packageJulian Andres Klode2017-09-2411-710/+3
| | | | | This automatically removes any old apt-transport-https, as apt now Breaks it unversioned.
* Drop obsolute Testsuite: autopkgtest headerJulian Andres Klode2017-09-241-1/+0
|
* Drop obsolete dh-systemd build-depJulian Andres Klode2017-09-241-1/+0
|
* Bump Standards-Version to 4.1.0Julian Andres Klode2017-09-241-1/+1
|
* Release 1.51.5Julian Andres Klode2017-09-2448-49/+187
|
* Fix translator comment location for legacy target warningJulian Andres Klode2017-09-131-3/+5
| | | | | In commit Do not warn about duplicate "legacy" targets, we we added an if, that changed the .po files...
* Release 1.5~rc41.5_rc4Julian Andres Klode2017-09-135-6/+16
|
* apt-daily: Do not Wants=network-online, and add some more After=Julian Andres Klode2017-09-112-2/+2
| | | | | | | | | We now wait for being online ourselves, so all we need to wait on is for services we are using to be online first. This avoids severe boot slowdowns by other services having specified an After=network-online.target without a Wants=. Gbp-Dch: Full