| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(CVE-2020-3810)
When normalizing ar member names by removing trailing whitespace
and slashes, an out-out-bound read can be caused if the ar member
name consists only of such characters, because the code did not
stop at 0, but would wrap around and continue reading from the
stack, without any limit.
Add a check to abort if we reached the first character in the
name, effectively rejecting the use of names consisting just
of slashes and spaces.
Furthermore, certain error cases in arfile.cc and extracttar.cc have
included member names in the output that were not checked at all and
might hence not be nul terminated, leading to further out of bound reads.
Fixes Debian/apt#111
LP: #1878177
|
| |
|
|
|
|
| |
This matches the definitions used by dpkg.
Closes: #953527
|
| |
|
|
|
| |
Extract the code, and reformat it with clang-format so we can
modify it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Showing a percentage for a timeout is pretty non-standard. Rework the
progress class so it can show an absolute progress (currently hardcoded
to use seconds as a unit). If there is a timeout (aka if it's not the
maximum long long unsigned -1llu), then show the timeout, otherwise
just count up seconds, e.g.
Waiting for cache lock: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 33842 (apt)... 1/120s
or
Waiting for cache lock: Could not get lock /var/lib/dpkg/lock-frontend. It is held by process 33842 (apt)... 1s
Also improve the error message to use "Waiting for cache lock: %s" instead of "... (%s)", as having
multiple sentences inside parenthesis is super weird, as is having two closing parens.
We pass the information via _config, as that's reasonably easy and avoids
ABI hackage. It also provides an interesting debugging tool for other
kinds of progress.
|
| |
|
|
|
|
|
|
| |
This improves the locking message, getting rid of useless details. If
we have a process holding the lock, we got that because the lock is
being hold by it, so there's no point telling the people the reason
for not getting the lock is the EAGAIN error and displaying its
strerrror().
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is not supposed to be done this way, but frankly, since we
abstract away the backend, there's not much else we can do here.
Closes: #949074
|
| | |
|
| |
|
|
|
|
| |
Remove all code scheduled to be removed after 5.90, and fix
files to include files they previously got from hashes.h
including more headers.
|
| | |
|
| |
|
|
|
|
|
|
| |
This experiment did not turn out sensibly, as some servers do not
accept credentials when none are expected and fail, so you cannot
mirror such a repository.
This reverts commit c2b9b0489538fed4770515bd8853a960b13a2618.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While moving to a more stable clock in 79b61ae I typoed the microsecond
calculation part and copied it all over the place… Julian fixed the
first two instances in 089e6271 and Trent reported the apt-ftparchive
instances leaving one instance in progress (invisible for user though).
A bit ironic that in an attempt to stop "confusing (and amusing) users"
I managed to hide a typo for close to two years doing just that…
Sadly we can't really test this as while "apt-ftparchive generate /dev/null"
is a great interactive test, it is hard to teach our test framework that
the output is "reasonably below an hour" (usually 0s, but on busy test
systems it is perhaps longer…).
Thanks: Trent W. Buck for initial patch
Closes: #950776
References: 79b61ae7673eb6213493e2cb202f0d70c390932d,
089e627153781ae7c320a5a0724c6c70d684b689
|
| |
|
|
| |
This allows us to define constexpr string view literals.
|
| |
|
|
|
|
|
|
|
|
| |
Given that we have a maximum of 12 pools, and much more
items to insert, it does not make sense to have two branches
in the hot path.
Move the search for an empty pool into the unlikely case
that no matching pool has been created yet - a condition
that is guaranteed to only happens up to 12 times.
|
| |
|
|
|
|
|
|
| |
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.
|
| |
|
|
| |
Remove it everywhere, except where it is still needed.
|
| | |
|
| |
|
|
|
|
|
| |
This makes use of the a function GetHashString() that returns
the specific hash string. We also need to implement another overload
of Add() for signed chars with sizes, so the existing users do not
require reinterpret_cast everywhere.
|
| |
|
|
|
|
| |
Move APT_BUFFER_SIZE to macros.h and re-use it in hashes,
this also might speed up stuff, the motivation for using
64 KiB buffers in fileutl.cc was precisely that after all.
|
| |
|
|
|
| |
Switch the code of the Hashes class to use libgcrypt, which allows
us to use hardware-accelerated implementations of SHA1 and friends.
|
| |
|
|
| |
This ensures that we do not leak simple words like that.
|
| |
|
|
|
| |
We don't use them, APT_CONST is APT_PURE now, and MAX/MIN/etc
are available as proper templates in the C++ standard library.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace the macro with an anonymous struct that provides an
inline operator->() returning the _error pointer.
This change is ABI compatible, and the inline macro is not
exported. We should consider if we want to avoid the function
call and directly export the thread_local variable instead,
when we do break ABI.
Closes: #948338
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This avoids downgrade attacks where an attacker could inject
Location: http://private.example/
and then (having access to raw data to private.example, for example,
by opening a port there, or sniffing network traffic) read the credentials
for the private repository.
Closes: #945911
|
| |
|
|
|
|
|
|
| |
Unused variable, std::algorithms instead of raw for-loops.
There should be no observeable difference in behaviour.
Reported-By: cppcheck
Gbp-Dch: Ignore
|
| |
|
|
|
|
| |
Returns string length, but unlike std::string::size() it honors
multibyte characters. This allows to properly calculate visible
sizes of console messages.
|
| |
|
|
|
| |
This should probably make those functions thread-safe, which
might be useful for some external users.
|
| |\
| |
| |
| |
| | |
Improve locking messaging - pid and name, "do not remove lock file"
See merge request apt-team/apt!68
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We want to tell users which process is holding the lock so they
can easily understand what's going on, and we want to advise
users not to remove the lock file, because ugh, that's bad.
Re-initalize the flock structure, in case it got mangled by
previous fcntl call.
|
| |/
|
|
| |
Reported-By: cppcheck
|
| |
|
|
|
|
| |
We are converting to std::string anyway by passing to
istringstream, and this removes the need for .c_str()
in callers.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This is a bit experimental, and we'll go through a few stages
before reaching libapt-pkg.so.6.0.
|
| | |
|
| |
|
|
|
|
|
| |
As long as we are running dpkg, keep an inhibitor that
blocks us from shutting down.
LP: #1820886
|
| |
|
|
|
| |
This needs a fair amount of changes elsewhere in the code,
hence this is separate from the previous commits.
|
| |
|
|
|
| |
This avoids funny code where strings get implicitly converted to
HashString or HashStringList.
|
| |
|
|
|
|
|
|
|
|
|
| |
This prevents implicit conversions that we do not want, such
as having a FileFd* being converted to a debListParser.
Two cases are not yet handled because they require changes
in code using them:
1. The classes in hashes.h
2. The URI class - this one is used quite a lot
|
| |\
| |
| |
| | |
apt Debian release 1.8.0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Verifying the content of Release.gpg made us fail on binary signatures
which were never officially supported (apt-secure manpage only documents
only the generation of ASCII armored), but silently accepted by gpgv as
we passed it on unchecked before.
The binary format is complex and is itself split into old and new
formats so adding support for this would not only add lots of code but
also a good opportunity for bugs and dubious benefit.
Reporting this issue explicitly should help repository creators figure
out the problem faster than the default NODATA message hinting at
captive portals.
Given that the binary format has no file magic or any other clear and
simple indication that this is a detached signature we guess based on
the first two bits only – and by that only supporting the "old" binary
format which seems to be the only one generated by gnupg in this case.
References: e2965b0b6bdd68ffcad0e06d11755412a7e16e50
Closes: #921685
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Please use the standard C++ variants instead.
|
