| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Here Debian refers to the distribution and in English this needs to be
capitalized. No translation will be unfuzzed, as the capitalization
rules change among locales.
Warned-by: spellintian
|
|
Add support for negating the option via --no-uniform-compression.
|
|
This sets the control member entries always to root:root, and makes it
possible to do the same for the data member entries via the new
--root-onwer-group option.
Closes: #291320
Based-on-patch-by: Niels Thykier <niels@thykier.net>
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
|
|
This is a well-known executable maintainer script, that ideally should
be handled by dpkg itself. But for now we will at least sanity check its
file type and permissions.
|
|
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
The ar format is not standardized and some systems might provide a
different format than the one used by dpkg. For example on AIX.
|
|
Warned-by: clang
|
|
Closes: #787980
|
|
|
|
|
|
|
|
Make all of them consistently follow the pattern --with-lib<name>.
Rename the m4 macros, preprocessor defines, and automake _LIBS flags.
|
|
The ar and tar file entries contain a timestamp which is usually filled
with the current build time and the file mtime respectively. This causes
the generated deb(5) packages to not be reproducible for the same source
package and same build environment.
We now check if the environment variable SOURCE_DATE_EPOCH is defined,
parse that and use it as the timestamp for ar and to clamp the mtime in
the tar file entries.
This variable is specified to contain the timestamp of the source
release date in seconds since the epoch.
Closes: #759999
Base-on-patch-by: Jérémy Bobbio <lunar@debian.org>
|
|
We use the same timestamp for all ar members, and the tarball mtime
clamping for each tar file entry.
|
|
This will guarantee that no file in binary packages has an mtime later
than the specified time. Which will be required to make binary packages
reproducible.
The option was officially added in GNU tar 1.29, but in Debian it was
introduced as a vendor patch in 1.28, so on Debian we depend on the
latter instead of the former version.
Closes: #759886
|
|
Switch current code to use dpkg_ar instead of taking a filename and a
file descriptor arguments.
|
|
|
|
|
|
We still accept source and binary packages with missing or empty
Architecture fields, but when building either of these, we require
the field to be present.
|
|
We reduce external dependencies on commands, and get sorted file lists.
Closes: #719845
|
|
We reduce external dependencies on commands, avoid a read syscall per
byte on the pipe, reduce code substantially, and get sorted file lists.
|
|
This affects old format .deb packages.
Fixes: CVE-2015-0860
Warned-by: afl
Signed-off-by: Guillem Jover <guillem@debian.org>
Stable-Candidate: 1.16.x 1.17.x
|
|
It should make the code more clear, and in many cases it avoids having
to use a temporary variable.
|
|
|
|
|
|
|
|
Closes: #798324
Warned-by: afl
Reported-by: Jacek Wielemborek <d33tah@gmail.com>
Stable-Candidate: 1.16.x 1.17.x
|
|
With tar > 1.28 the --no-recursion option is now positional, and needs
to be passed before the -T option, otherwise the tarball will end up
with duplicated entries.
Stable-Candidate: 1.16.x 1.17.x
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Guillem Jover <guillem@debian.org>
|
|
Regression introduced in commit f1f9887b8f96965d6046857d12fda24c053c6d4b.
The compressor independent way to denote the default value has been to
use -1, but that needs to be fixed up to the actual default value per
compressor, before the compressor specific setup.
When using the gzip command-line tool this is a fatal error as it does
not recognize the argument «-c-1». When using the zlib shared library
this makes the code always default to the compression level 1, as ‘-’
is ignored by gzdopen().
The current minimal fix is to call compressor_check_params() when
setting up the default control.tar compressor paramaters, although
that makes the API hard to use correctly. This will be improved in
the future.
Closes: #786654
|
|
This avoids confusing the project-wide macro with the DPKG_VERSION_
namespaced ones.
|
|
None of the deb toolchain supports embedded newlines in filenames, we
could try to escape them but then we'd need to add support in other
tools to unescape these too, and this does not sem worth the trouble.
Closes: #720761
|
|
Signed-off-by: Niels Thykier <niels@thykier.net>
|
|
|
|
|
|
That is "" or '', and not the unbalanced `' pair.
|
|
|
|
All commands reading archives support this, except for --raw-extract
that does not.
Closes: #616614
Based-on-patch-by: Johannes Schauer <j.schauer@email.de>
|
|
This has not been a gzip-only compressor for a long time, update the
code to reflect this.
|
|
|
|
The parser always converts the value from DPKG_ARCH_NONE to
DPKG_ARCH_EMPTY, so we will handle both here to avoid any such problem
in the future.
Regression introduced in commit 0238c795df88925c6579f740c7681ade22e88625.
|
|
|
|
|
|
Closes: #769515
|
|
|
|
Always allocate the pathname, and return NULL in case we cannot generate
one, delegating it to the code that parses the control file.
|
|
|
|
|
|
The limit was lifted when the code switched from a constant sized string
to a dynamic one via varbuf.
|
|
|
