1. 04 Nov, 2021 2 commits
  2. 31 Oct, 2021 1 commit
  3. 04 Jul, 2021 3 commits
  4. 29 Apr, 2021 3 commits
  5. 12 Apr, 2021 1 commit
  6. 03 Feb, 2021 1 commit
  7. 02 Feb, 2021 3 commits
  8. 21 Jan, 2021 1 commit
  9. 10 Dec, 2020 2 commits
    • Julian Andres Klode's avatar
      Release 2.1.7 · 4f249a63
      Julian Andres Klode authored
      4f249a63
    • Julian Andres Klode's avatar
      arfile: Regression: Collect file<->deb/ar reference cycles · 2bf44f00
      Julian Andres Klode authored
      The internal FileFd object now owned the PyObject* that gave us
      the descriptor but we were never visiting that object during garbage
      collection, so if there was a cycle, Python could not realize that.
      
      Make the objects garbage collectable, by adding VISIT and CLEAR
      calls for self->Fd, and by making the FileFd object support garbage
      collection in the first place.
      2bf44f00
  10. 09 Dec, 2020 2 commits
  11. 01 Dec, 2020 1 commit
  12. 25 Nov, 2020 2 commits
  13. 24 Nov, 2020 2 commits
    • Julian Andres Klode's avatar
      apt_inst.DebFile: Avoid reference cycle with control,data members · a43948f6
      Julian Andres Klode authored
      apt_inst.DebFile provides two members `data` and `control` for
      easy access to those tarballs. Each of those members stores a
      reference to the DebFile as its owner:
      
                 v-----------------\
              control ----\        |
                           -> deb -|
              data    ----/        |
                 ^-----------------/
      
      This means that whenever a DebFile is successfully constructed,
      and no longer needed, it won't be collected until the GC runs,
      which is bad, as the DebFile holds an open FileFd.
      
      Introduce a __FileFd wrapper that holds the FileFd and becomes
      the owner of both control and data, and replaces the direct use
      of the FileFd in ArArchive/DebFile:
      
                v-----------------------------\
              control ----\                    \
                           -> __FileFd <- deb -|
              data    ----/                    /
                ^-----------------------------/
      
      This avoids the reference cycle, ensuring the memory and file
      descriptor are released by the reference counter as soon as
      the reference count drops to 0.
      
      A future version should move `apt_inst.__FileFd` to `apt_pkg.FileFd`
      and expose all the methods, such that people can make use of FileFd's
      extensive compression support.
      
      We have a similar cycle in TagFile that we have yet to address,
      the problem there is arguably more frustrating, as the buffer
      I believe is stored inside the TagFile, and that's really shared
      between the TagSection objects.
      
      This is related to LP: #1899193 and CVE-2020-27351, but an additional
      hardening measure - the fix for those bugs was for more direct leaks.
      a43948f6
    • Julian Andres Klode's avatar
      File descriptor leaks in ArArchive, DebFile, TagFile · 8d53d2bc
      Julian Andres Klode authored
      Fix various file descritor, and memory leaks in ArArchive, DebFile,
      and TagFile by introducing a new PyApt_UniqueObject smart pointer
      that is like a unique_ptr, but backportable to older releases, and
      automatically clears subobjects, so objects with cycles like DebFile
      and TagFile will be released on error paths.
      
      LP: #1899193
      GHSL-2020-170
      CVE-2020-27351
      8d53d2bc
  14. 28 Oct, 2020 1 commit
  15. 27 Oct, 2020 6 commits
  16. 15 Oct, 2020 3 commits
  17. 14 Oct, 2020 1 commit
  18. 30 Sep, 2020 2 commits
  19. 29 Sep, 2020 3 commits
    • Dave Jones's avatar
      Stop mypy whinging · 74ae738d
      Dave Jones authored
      Fix a trivial "unused comment" complaint from mypy
      74ae738d
    • Dave Jones's avatar
      Use the cpp domain instead of c · a44b9f10
      Dave Jones authored
      Squash lots of warnings about improper C syntax by switching the docs
      to use the sphinx cpp domain instead (which also required switching
      c:data definitions to cpp:var as the latter domain lacks the "data"
      definition).
      a44b9f10
    • Dave Jones's avatar
      Fix highlightlang warnings · a4b8e3bf
      Dave Jones authored
      The highlightlang directive was deprecated in favour of highlight.
      Also fix a warning about parsing a code-block (which is actually an
      e-mail snippet).
      a4b8e3bf