1. 13 Oct, 2018 1 commit
  2. 07 Oct, 2018 2 commits
  3. 05 Oct, 2018 1 commit
  4. 02 Oct, 2018 1 commit
  5. 27 Sep, 2018 1 commit
    • David Kalnischkies's avatar
      Show APT::Compressor example in apt.conf(5) · 599c89f6
      David Kalnischkies authored
      Including a block-element like informalexample in a para is legal, but
      the documentation of the para tag hints that some processing systems may
      have difficulties handling this – so lets just move it out of the block
      and be happy as it is (again?) displayed.
      Closes: #909712
  6. 24 Sep, 2018 2 commits
    • Julian Andres Klode's avatar
      pkgCacheFile: Only unlock in destructor if locked before · e02297b8
      Julian Andres Klode authored
      pkgCacheFile's destructor unlocks the system, which is confusing
      if you did not open the cachefile with WithLock set. Create a private
      data instance that holds the value of WithLock.
      This regression was introduced in commit b2e465d6:
          Join with aliencode
          Author: jgg
          Date: 2001-02-20 07:03:16 GMT
          Join with aliencode
      by replacing a "Lock" member that was only initialized when the lock
      was taken by calls to Lock, UnLock; with the latter also taking place
      if the former did not occur.
      Regression-Of: b2e465d6
      LP: #1794053
    • Julian Andres Klode's avatar
      Fix calculation of elapsed usec in downloads · 089e6271
      Julian Andres Klode authored
      A recent change to use chronos inadvertently replaced the
      difference of new usec - old usec with new sec - old usec,
      which is obviously wrong.
  7. 20 Sep, 2018 2 commits
    • Julian Andres Klode's avatar
      Release 1.7.0~rc2 · e78844ba
      Julian Andres Klode authored
    • David Kalnischkies's avatar
      Deal with descriptions embedded in displayed record correctly · 6f1d622c
      David Kalnischkies authored
      The implementation of "apt-cache show" (not "apt show") incorrectly
      resets the currently used parser if the record itself and the
      description to show come from the same file (as it is the case if no
      Translation-* files are available e.g. after debootstrap).
      The code is more complex than you would hope to support some rather
      unusual setups involving Descriptions and their translations as tested
      for by ./test-bug-712435-missing-descriptions as otherwise this could
      be a one-line change.
      Regression-Of: bf53f39c
      Closes: #909155
  8. 18 Sep, 2018 4 commits
  9. 15 Sep, 2018 1 commit
    • David Kalnischkies's avatar
      Show all architectures in 'apt list' output · 32e0587d
      David Kalnischkies authored
      The uniqueness in std::set containers is ensured by the ordering
      operator we provide, but it was not considering that different versions
      can have the same description like the different architectures for a
      version of a package.
      Closes: #908218
  10. 11 Sep, 2018 4 commits
    • David Kalnischkies's avatar
      Reorder progress report messages · 329c8d5e
      David Kalnischkies authored
      We are seeing 'processing' messages from dpkg first, so it makes sense
      to translate them to "Preparing" messages instead of using "Installing"
      and co to override these shortly after with the "Preparing" messages.
      The difference isn't all to visible as later messages tend to linger far
      longer in the display than the ealier ones, but at least in a listing it
      seems more logical.
    • David Kalnischkies's avatar
      Don't expect duplicated dpkg status-fd messages · f484906e
      David Kalnischkies authored
      The progress reporting relies on parsing the status reports of
      dpkg which used to repeat being in the same state multiple times
      in the same run, but by fixing #365921 it will stop doing so.
      The problem is in theory just with 'config-files' in case we do purge as
      this (can) do remove + purge in one step, but we remove this also for
      the unpack + configure combination althrough we handle these currently
      in two independent dpkg calls.
    • David Kalnischkies's avatar
      Process status-fd completely before finishing dpkg call · 2295de2c
      David Kalnischkies authored
      Exiting the processing loop as soon as the dpkg process finishes might
      leave status-fd lines unprocessed which wasn't much of a problem in the
      past as the progress would just be slightly off, but now that we us the
      information also for skipping already done tasks and generate warnings
      if we didn't see all expected messages we should make sure we seem them
      all. We still need to exit "early" if dpkg exited unsuccessfully/crashed
      through as the (remaining) status lines we get could be incomplete.
    • David Kalnischkies's avatar
      Unset more environment variables in test framework · a5953d91
      David Kalnischkies authored
      It is an uphill battle to "reset" the environment to a clean state
      without making it needlessly hard to use 'good' environment variables,
      so we just try a little harder here without really trying for
      Gbp-Dch: Ignore
  11. 10 Sep, 2018 1 commit
  12. 29 Aug, 2018 2 commits
    • David Kalnischkies's avatar
      Fix typos reported by codespell & spellintian · c4862d49
      David Kalnischkies authored
      No user-visible change as it effects mostly code comments and
      not a single error message, manpage or similar.
      Reported-By: codespell & spellintian
      Gbp-Dch: Ignore
    • David Kalnischkies's avatar
      Don't use invalid iterator in Fallback-Of handling · 55585d0f
      David Kalnischkies authored
      cppcheck reports: (error) Iterator 't' used after element has been erased.
      The loop is actually fashioned to deal with this (not in the most
      efficient way, but in simplest and speed isn't really a concern here)
      IF this codepath had a "break" at the end… so I added one.
      Note that the tests aren't failing before (and hopefully after) the
      change as the undefined behavior we encounter is too stable.
      Thanks: David Binderman for reporting
  13. 28 Aug, 2018 1 commit
  14. 20 Aug, 2018 3 commits
    • Julian Andres Klode's avatar
      Release 1.7.0~alpha3 · f7b58ce0
      Julian Andres Klode authored
    • David Kalnischkies's avatar
      clear alternative URIs for mirror:// between steps (CVE-2018-0501) · 29658a3a
      David Kalnischkies authored
      APT in 1.6 saw me rewriting the mirror:// transport method, which works
      comparable to the decommissioned httpredir.d.o "just" that apt requests
      a mirror list and performs all the redirections internally with all the
      bells like parallel download and automatic fallback (more details in the
      apt-transport-mirror manpage included in the 1.6 release).
      The automatic fallback is the problem here: The intend is that if a file
      fails to be downloaded (e.g. because the mirror is offline, broken,
      out-of-sync, …) instead of erroring out the next mirror in the list is
      contacted for a retry of the download.
      Internally the acquire process of an InRelease file (works with the
      Release/Release.gpg pair, too) happens in steps: 1) download file and 2)
      verify file, both handled as URL requests passed around. Due to an
      oversight the fallbacks for the first step are still active for the
      second step, so that the successful download from another mirror stands
      in for the failed verification… *facepalm*
      Note that the attacker can not judge by the request arriving for the
      InRelease file if the user is using the mirror method or not. If entire
      traffic is observed Eve might be able to observe the request for
      a mirror list, but that might or might not be telling if following
      requests for InRelease files will be based on that list or for another
      sources.list entry not using mirror (Users have also the option to have
      the mirror list locally (via e.g. mirror+file://) instead of on a remote
      host). If the user isn't using mirror:// for this InRelease file apt
      will fail very visibly as intended.
      (The mirror list needs to include at least two mirrors and to work
      reliably the attacker needs to be able to MITM all mirrors in the list.
      For remotely accessed mirror lists this is no limitation as the attacker
      is in full control of the file in that case)
      Fixed by clearing the alternatives after a step completes (and moving a pimpl
      class further to the top to make that valid compilable code). mirror://
      is at the moment the only method using this code infrastructure (for all
      others this set is already empty) and the only method-independent user
      so far is the download of deb files, but those are downloaded and
      verified in a single step; so there shouldn't be much opportunity for
      regression here even through a central code area is changed.
      Upgrade instructions: Given all apt-based frontends are affected, even
      additional restrictions like signed-by are bypassed and the attack in
      progress is hardly visible in the progress reporting of an update
      operation (the InRelease file is marked "Ign", but no fallback to
      "Release/Release.gpg" is happening) and leaves no trace (expect files
      downloaded from the attackers repository of course) the best course of
      action might be to change the sources.list to not use the mirror family
      of transports ({tor+,…}mirror{,+{http{,s},file,…}}) until a fixed
      version of the src:apt packages are installed.
      Regression-Of: 355e1ace,
      LP: #1787752
    • Julian Andres Klode's avatar
      Update symbols · e946d828
      Julian Andres Klode authored
  15. 19 Aug, 2018 4 commits
    • David Kalnischkies's avatar
      Report (soon) worthless keys if gpg uses fpr for GOODSIG · b934870c
      David Kalnischkies authored
      gpgs DETAILS documentation file declares that GOODSIG could report keyid
      or fingerprint since gpg2, but for the time being it is still keyid
      only. Who knows if that will ever change as that feels like an interface
      break with dangerous security implications, but lets be better safe than
      sorry especially as the code dealing with signed-by keyids is prepared
      for this already. This code is rewritten still to have them all use the
      same code for this type of problem.
    • David Kalnischkies's avatar
      test: Supports records larger than 32kb in 'apt show' · 6df0d31d
      David Kalnischkies authored
      The 1.7 series rework of show started in
      bf53f39c resolved the issue already,
      but its always a good idea to at least bring the tests along so
      that we hopeful do not regress in the future with another rewrite.
      Tests: #905527
      Gbp-Dch: Ignore
    • Boyuan Yang's avatar
      Simplified Chinese program translation update · b172d6af
      Boyuan Yang authored
      Reviewed-by: Mo Zhou's avatarMo Zhou <cdluminate@gmail.com>
      Closes: #903695
    • David Kalnischkies's avatar
      aptwebserver: Prefetch compressors to avoid thread crashes · d298701b
      David Kalnischkies authored
      If multiple threads act on requests (like if connection comes from a
      webbrowser) a thread might request the supported compressors while
      another thread is still working on creating the list to be stored in the
      static cache variable.
      As the price to pay for atomic and co seems to high for the fringe
      usecase of manual usage of aptwebserver the patch just makes a call to
      generate the list while still single threaded.
      Gbp-Dch: Ignore
  16. 14 Aug, 2018 1 commit
  17. 08 Aug, 2018 1 commit
  18. 07 Aug, 2018 3 commits
    • Julian Andres Klode's avatar
      Merge branch 'bugfix/big-lock' into 'master' · e165588b
      Julian Andres Klode authored
      Add support for dpkg frontend lock
      See merge request apt-team/apt!11
    • Julian Andres Klode's avatar
      Add support for dpkg frontend lock · c2c8b478
      Julian Andres Klode authored
      The dpkg frontend lock is a lock dpkg tries to acquire
      except if the frontend already acquires it.
      This fixes a race condition in the install command where the
      dpkg lock is not held for a short period of time between
      different dpkg invocations.
      For this reason we also define an environment variable
      DPKG_FRONTEND_LOCKED for dpkg invocations so dpkg knows
      not to try to acquire the frontend lock because it's held
      by a parent process.
      We can set DPKG_FRONTEND_LOCKED only if the frontend lock
      really is held; that is, if our lock count is greater than 0
      - otherwise an apt client not using the LockInner family of
      functions would run dpkg without the frontend lock set, but
      with DPKG_FRONTEND_LOCKED set. Such a process has a weaker
      guarantee: Because dpkg would not lock the frontend lock
      either, the process is prone to the existing races, and,
      more importantly, so is a new style process.
      Closes: #869546
      [fixups: fix error messages, add public IsLocked() method, and
       make {Un,}LockInner return an error on !debSystem]
    • Julian Andres Klode's avatar
      Merge branch 'master' into 'master' · 1ff389a5
      Julian Andres Klode authored
      Add trailing newline to output of edit-sources.
      See merge request apt-team/apt!22
  19. 09 Jul, 2018 1 commit
  20. 06 Jul, 2018 1 commit
  21. 01 Jul, 2018 1 commit
  22. 28 Jun, 2018 1 commit
  23. 27 Jun, 2018 1 commit
    • Julian Andres Klode's avatar
      Handle JSON hooks that just close the file/exit and fix some other errors · 1d53cffa
      Julian Andres Klode authored
      JSON hooks might disappear and the common idiom to work around hooks
      disappearing is to check for the hook in the shell snippet that is
      in the apt.conf file and if it does not exist, do nothing. This caused
      APT to fail however, expecting it to acknowledge the handshake.
      Ignoring ECONNRESET on handshakes solves the problem.
      The error case, and the other error cases also did not stop execution
      of the hook, causing more errors to pile up. Fix this by directly going
      to the closing part of the code.
      LP: #1776218