]> git.saurik.com Git - apt.git/blobdiff - apt-pkg/deb/dpkgpm.cc
pkg from only trusted sources keeps being trusted
[apt.git] / apt-pkg / deb / dpkgpm.cc
index 0dc00e8ad1e5226583fe1dc73d9cba9b40324384..3c101376192f6c5ed2a0cd59562ddf08bebe3e04 100644 (file)
@@ -51,8 +51,10 @@ using namespace std;
 class pkgDPkgPMPrivate 
 {
 public:
-   pkgDPkgPMPrivate() : dpkgbuf_pos(0), term_out(NULL), history_out(NULL)
+   pkgDPkgPMPrivate() : stdin_is_dev_null(false), dpkgbuf_pos(0),
+                       term_out(NULL), history_out(NULL)
    {
+      dpkgbuf[0] = '\0';
    }
    bool stdin_is_dev_null;
    // the buffer we use for the dpkg status-fd reading
@@ -123,6 +125,47 @@ ionice(int PID)
    return ExecWait(Process, "ionice");
 }
 
+// dpkgChrootDirectory - chrooting for dpkg if needed                  /*{{{*/
+static void dpkgChrootDirectory()
+{
+   std::string const chrootDir = _config->FindDir("DPkg::Chroot-Directory");
+   if (chrootDir == "/")
+      return;
+   std::cerr << "Chrooting into " << chrootDir << std::endl;
+   if (chroot(chrootDir.c_str()) != 0)
+      _exit(100);
+   if (chdir("/") != 0)
+      _exit(100);
+}
+                                                                       /*}}}*/
+
+
+// FindNowVersion - Helper to find a Version in "now" state    /*{{{*/
+// ---------------------------------------------------------------------
+/* This is helpful when a package is no longer installed but has residual 
+ * config files
+ */
+static 
+pkgCache::VerIterator FindNowVersion(const pkgCache::PkgIterator &Pkg)
+{
+   pkgCache::VerIterator Ver;
+   for (Ver = Pkg.VersionList(); Ver.end() == false; ++Ver)
+   {
+      pkgCache::VerFileIterator Vf = Ver.FileList();
+      pkgCache::PkgFileIterator F = Vf.File();
+      for (F = Vf.File(); F.end() == false; ++F)
+      {
+         if (F && F.Archive())
+         {
+            if (strcmp(F.Archive(), "now")) 
+               return Ver;
+         }
+      }
+   }
+   return Ver;
+}
+                                                                       /*}}}*/
+
 // DPkgPM::pkgDPkgPM - Constructor                                     /*{{{*/
 // ---------------------------------------------------------------------
 /* */
@@ -146,7 +189,7 @@ pkgDPkgPM::~pkgDPkgPM()
 bool pkgDPkgPM::Install(PkgIterator Pkg,string File)
 {
    if (File.empty() == true || Pkg.end() == true)
-      return _error->Error("Internal Error, No file name for %s",Pkg.Name());
+      return _error->Error("Internal Error, No file name for %s",Pkg.FullName().c_str());
 
    // If the filename string begins with DPkg::Chroot-Directory, return the
    // substr that is within the chroot so dpkg can access it.
@@ -197,15 +240,23 @@ bool pkgDPkgPM::Remove(PkgIterator Pkg,bool Purge)
    return true;
 }
                                                                        /*}}}*/
-// DPkgPM::SendV2Pkgs - Send version 2 package info                    /*{{{*/
+// DPkgPM::SendPkgInfo - Send info for install-pkgs hook               /*{{{*/
 // ---------------------------------------------------------------------
 /* This is part of the helper script communication interface, it sends
    very complete information down to the other end of the pipe.*/
 bool pkgDPkgPM::SendV2Pkgs(FILE *F)
 {
-   fprintf(F,"VERSION 2\n");
-   
-   /* Write out all of the configuration directives by walking the 
+   return SendPkgsInfo(F, 2);
+}
+bool pkgDPkgPM::SendPkgsInfo(FILE * const F, unsigned int const &Version)
+{
+   // This version of APT supports only v3, so don't sent higher versions
+   if (Version <= 3)
+      fprintf(F,"VERSION %u\n", Version);
+   else
+      fprintf(F,"VERSION 3\n");
+
+   /* Write out all of the configuration directives by walking the
       configuration tree */
    const Configuration::Item *Top = _config->Tree(0);
    for (; Top != 0;)
@@ -239,30 +290,51 @@ bool pkgDPkgPM::SendV2Pkgs(FILE *F)
       pkgDepCache::StateCache &S = Cache[I->Pkg];
       
       fprintf(F,"%s ",I->Pkg.Name());
-      // Current version
-      if (I->Pkg->CurrentVer == 0)
-        fprintf(F,"- ");
+
+      // Current version which we are going to replace
+      pkgCache::VerIterator CurVer = I->Pkg.CurrentVer();
+      if (CurVer.end() == true && (I->Op == Item::Remove || I->Op == Item::Purge))
+        CurVer = FindNowVersion(I->Pkg);
+
+      if (CurVer.end() == true)
+      {
+        if (Version <= 2)
+           fprintf(F, "- ");
+        else
+           fprintf(F, "- - none ");
+      }
       else
-        fprintf(F,"%s ",I->Pkg.CurrentVer().VerStr());
-      
-      // Show the compare operator
-      // Target version
+      {
+        fprintf(F, "%s ", CurVer.VerStr());
+        if (Version >= 3)
+           fprintf(F, "%s %s ", CurVer.Arch(), CurVer.MultiArchType());
+      }
+
+      // Show the compare operator between current and install version
       if (S.InstallVer != 0)
       {
+        pkgCache::VerIterator const InstVer = S.InstVerIter(Cache);
         int Comp = 2;
-        if (I->Pkg->CurrentVer != 0)
-           Comp = S.InstVerIter(Cache).CompareVer(I->Pkg.CurrentVer());
+        if (CurVer.end() == false)
+           Comp = InstVer.CompareVer(CurVer);
         if (Comp < 0)
            fprintf(F,"> ");
-        if (Comp == 0)
+        else if (Comp == 0)
            fprintf(F,"= ");
-        if (Comp > 0)
+        else if (Comp > 0)
            fprintf(F,"< ");
-        fprintf(F,"%s ",S.InstVerIter(Cache).VerStr());
+        fprintf(F, "%s ", InstVer.VerStr());
+        if (Version >= 3)
+           fprintf(F, "%s %s ", InstVer.Arch(), InstVer.MultiArchType());
       }
       else
-        fprintf(F,"> - ");
-      
+      {
+        if (Version <= 2)
+           fprintf(F, "> - ");
+        else
+           fprintf(F, "> - - none ");
+      }
+
       // Show the filename/operation
       if (I->Op == Item::Install)
       {
@@ -272,9 +344,9 @@ bool pkgDPkgPM::SendV2Pkgs(FILE *F)
         else
            fprintf(F,"%s\n",I->File.c_str());
       }      
-      if (I->Op == Item::Configure)
+      else if (I->Op == Item::Configure)
         fprintf(F,"**CONFIGURE**\n");
-      if (I->Op == Item::Remove ||
+      else if (I->Op == Item::Remove ||
          I->Op == Item::Purge)
         fprintf(F,"**REMOVE**\n");
       
@@ -310,33 +382,33 @@ bool pkgDPkgPM::RunScriptsWithPkgs(const char *Cnf)
       OptSec = "DPkg::Tools::Options::" + string(Opts->Value.c_str(),Pos);
       
       unsigned int Version = _config->FindI(OptSec+"::Version",1);
+      unsigned int InfoFD = _config->FindI(OptSec + "::InfoFD", STDIN_FILENO);
       
       // Create the pipes
       int Pipes[2];
       if (pipe(Pipes) != 0)
         return _error->Errno("pipe","Failed to create IPC pipe to subprocess");
-      SetCloseExec(Pipes[0],true);
+      if (InfoFD != (unsigned)Pipes[0])
+        SetCloseExec(Pipes[0],true);
+      else
+        _config->Set("APT::Keep-Fds::", Pipes[0]);
       SetCloseExec(Pipes[1],true);
-      
+
       // Purified Fork for running the script
-      pid_t Process = ExecFork();      
+      pid_t Process = ExecFork();
       if (Process == 0)
       {
         // Setup the FDs
-        dup2(Pipes[0],STDIN_FILENO);
+        dup2(Pipes[0], InfoFD);
         SetCloseExec(STDOUT_FILENO,false);
-        SetCloseExec(STDIN_FILENO,false);      
+        SetCloseExec(STDIN_FILENO,false);
         SetCloseExec(STDERR_FILENO,false);
 
-        if (_config->FindDir("DPkg::Chroot-Directory","/") != "/") 
-        {
-           std::cerr << "Chrooting into " 
-                     << _config->FindDir("DPkg::Chroot-Directory") 
-                     << std::endl;
-           if (chroot(_config->FindDir("DPkg::Chroot-Directory","/").c_str()) != 0)
-              _exit(100);
-        }
+        string hookfd;
+        strprintf(hookfd, "%d", InfoFD);
+        setenv("APT_HOOK_INFO_FD", hookfd.c_str(), 1);
 
+        dpkgChrootDirectory();
         const char *Args[4];
         Args[0] = "/bin/sh";
         Args[1] = "-c";
@@ -345,6 +417,8 @@ bool pkgDPkgPM::RunScriptsWithPkgs(const char *Cnf)
         execv(Args[0],(char **)Args);
         _exit(100);
       }
+      if (InfoFD == (unsigned)Pipes[0])
+        _config->Clear("APT::Keep-Fds", Pipes[0]);
       close(Pipes[0]);
       FILE *F = fdopen(Pipes[1],"w");
       if (F == 0)
@@ -371,7 +445,7 @@ bool pkgDPkgPM::RunScriptsWithPkgs(const char *Cnf)
         }
       }
       else
-        SendV2Pkgs(F);
+        SendPkgsInfo(F, Version);
 
       fclose(F);
       
@@ -392,7 +466,7 @@ void pkgDPkgPM::DoStdin(int master)
    unsigned char input_buf[256] = {0,}; 
    ssize_t len = read(0, input_buf, sizeof(input_buf));
    if (len)
-      write(master, input_buf, len);
+      FileFd::Write(master, input_buf, len);
    else
       d->stdin_is_dev_null = true;
 }
@@ -418,7 +492,7 @@ void pkgDPkgPM::DoTerminalPty(int master)
    }  
    if(len <= 0) 
       return;
-   write(1, term_buf, len);
+   FileFd::Write(1, term_buf, len);
    if(d->term_out)
       fwrite(term_buf, len, sizeof(char), d->term_out);
 }
@@ -493,7 +567,7 @@ void pkgDPkgPM::ProcessDpkgStatusLine(int OutStatusFd, char *line)
             << ":" << s
             << endl;
       if(OutStatusFd > 0)
-        write(OutStatusFd, status.str().c_str(), status.str().size());
+        FileFd::Write(OutStatusFd, status.str().c_str(), status.str().size());
       if (Debug == true)
         std::clog << "send: '" << status.str() << "'" << endl;
 
@@ -517,7 +591,7 @@ void pkgDPkgPM::ProcessDpkgStatusLine(int OutStatusFd, char *line)
             << ":" << list[3]
             << endl;
       if(OutStatusFd > 0)
-        write(OutStatusFd, status.str().c_str(), status.str().size());
+        FileFd::Write(OutStatusFd, status.str().c_str(), status.str().size());
       if (Debug == true)
         std::clog << "send: '" << status.str() << "'" << endl;
       pkgFailures++;
@@ -531,7 +605,7 @@ void pkgDPkgPM::ProcessDpkgStatusLine(int OutStatusFd, char *line)
             << ":" << list[3]
             << endl;
       if(OutStatusFd > 0)
-        write(OutStatusFd, status.str().c_str(), status.str().size());
+        FileFd::Write(OutStatusFd, status.str().c_str(), status.str().size());
       if (Debug == true)
         std::clog << "send: '" << status.str() << "'" << endl;
       return;
@@ -558,8 +632,11 @@ void pkgDPkgPM::ProcessDpkgStatusLine(int OutStatusFd, char *line)
             << ":"  << (PackagesDone/float(PackagesTotal)*100.0) 
             << ":" << s
             << endl;
+      if(_config->FindB("DPkgPM::Progress", false) == true)
+         SendTerminalProgress(PackagesDone/float(PackagesTotal)*100.0);
+
       if(OutStatusFd > 0)
-        write(OutStatusFd, status.str().c_str(), status.str().size());
+        FileFd::Write(OutStatusFd, status.str().c_str(), status.str().size());
       if (Debug == true)
         std::clog << "send: '" << status.str() << "'" << endl;
    }
@@ -687,13 +764,15 @@ bool pkgDPkgPM::OpenLog()
         return _error->WarningE("OpenLog", _("Could not open file '%s'"), logfile_name.c_str());
       setvbuf(d->term_out, NULL, _IONBF, 0);
       SetCloseExec(fileno(d->term_out), true);
-      struct passwd *pw;
-      struct group *gr;
-      pw = getpwnam("root");
-      gr = getgrnam("adm");
-      if (pw != NULL && gr != NULL)
-         chown(logfile_name.c_str(), pw->pw_uid, gr->gr_gid);
-      chmod(logfile_name.c_str(), 0644);
+      if (getuid() == 0) // if we aren't root, we can't chown a file, so don't try it
+      {
+        struct passwd *pw = getpwnam("root");
+        struct group *gr = getgrnam("adm");
+        if (pw != NULL && gr != NULL && chown(logfile_name.c_str(), pw->pw_uid, gr->gr_gid) != 0)
+           _error->WarningE("OpenLog", "chown to root:adm of file %s failed", logfile_name.c_str());
+      }
+      if (chmod(logfile_name.c_str(), 0640) != 0)
+        _error->WarningE("OpenLog", "chmod 0640 of file %s failed", logfile_name.c_str());
       fprintf(d->term_out, "\nLog started: %s\n", timestr);
    }
 
@@ -705,6 +784,7 @@ bool pkgDPkgPM::OpenLog()
       d->history_out = fopen(history_name.c_str(),"a");
       if (d->history_out == NULL)
         return _error->WarningE("OpenLog", _("Could not open file '%s'"), history_name.c_str());
+      SetCloseExec(fileno(d->history_out), true);
       chmod(history_name.c_str(), 0644);
       fprintf(d->history_out, "\nStart-Date: %s\n", timestr);
       string remove, purge, install, reinstall, upgrade, downgrade;
@@ -797,6 +877,18 @@ bool pkgDPkgPM::CloseLog()
    return true;
 }
                                                                        /*}}}*/
+// DPkgPM::SendTerminalProgress                                        /*{{{*/
+// ---------------------------------------------------------------------
+/* Send progress info to the terminal
+ */
+void pkgDPkgPM::SendTerminalProgress(float percentage)
+{
+   // FIXME: use colors too
+   std::cout << "\r\n"
+             << "Progress: [" << percentage << "%]"
+             << "\r\n";
+}
+                                                                       /*}}}*/
 /*{{{*/
 // This implements a racy version of pselect for those architectures
 // that don't have a working implementation.
@@ -829,10 +921,22 @@ static int racy_pselect(int nfds, fd_set *readfds, fd_set *writefds,
 */
 bool pkgDPkgPM::Go(int OutStatusFd)
 {
+   pkgPackageManager::SigINTStop = false;
+
    // Generate the base argument list for dpkg
    std::vector<const char *> Args;
    unsigned long StartSize = 0;
-   string const Tmp = _config->Find("Dir::Bin::dpkg","dpkg");
+   string Tmp = _config->Find("Dir::Bin::dpkg","dpkg");
+   {
+      string const dpkgChrootDir = _config->FindDir("DPkg::Chroot-Directory", "/");
+      size_t dpkgChrootLen = dpkgChrootDir.length();
+      if (dpkgChrootDir != "/" && Tmp.find(dpkgChrootDir) == 0)
+      {
+        if (dpkgChrootDir[dpkgChrootLen - 1] == '/')
+           --dpkgChrootLen;
+        Tmp = Tmp.substr(dpkgChrootLen);
+      }
+   }
    Args.push_back(Tmp.c_str());
    StartSize += Tmp.length();
 
@@ -858,12 +962,13 @@ bool pkgDPkgPM::Go(int OutStatusFd)
    pid_t dpkgAssertMultiArch = ExecFork();
    if (dpkgAssertMultiArch == 0)
    {
+      dpkgChrootDirectory();
       // redirect everything to the ultimate sink as we only need the exit-status
       int const nullfd = open("/dev/null", O_RDONLY);
       dup2(nullfd, STDIN_FILENO);
       dup2(nullfd, STDOUT_FILENO);
       dup2(nullfd, STDERR_FILENO);
-      execv(Args[0], (char**) &Args[0]);
+      execvp(Args[0], (char**) &Args[0]);
       _error->WarningE("dpkgGo", "Can't detect if dpkg supports multi-arch!");
       _exit(2);
    }
@@ -1009,7 +1114,8 @@ bool pkgDPkgPM::Go(int OutStatusFd)
       }
 
       int fd[2];
-      pipe(fd);
+      if (pipe(fd) != 0)
+        return _error->Errno("pipe","Failed to create IPC pipe to dpkg");
 
 #define ADDARG(X) Args.push_back(X); Size += strlen(X)
 #define ADDARGC(X) Args.push_back(X); Size += sizeof(X) - 1
@@ -1083,14 +1189,32 @@ bool pkgDPkgPM::Go(int OutStatusFd)
            if (I->Op == Item::Configure && disappearedPkgs.find(I->Pkg.Name()) != disappearedPkgs.end())
               continue;
            // We keep this here to allow "smooth" transitions from e.g. multiarch dpkg/ubuntu to dpkg/debian
-           if (dpkgMultiArch == false && (I->Pkg.Arch() == nativeArch || !strcmp(I->Pkg.Arch(), "all")))
+           if (dpkgMultiArch == false && (I->Pkg.Arch() == nativeArch ||
+                                          strcmp(I->Pkg.Arch(), "all") == 0 ||
+                                          strcmp(I->Pkg.Arch(), "none") == 0))
            {
               char const * const name = I->Pkg.Name();
               ADDARG(name);
            }
            else
            {
-              char * const fullname = strdup(I->Pkg.FullName(false).c_str());
+              pkgCache::VerIterator PkgVer;
+              std::string name = I->Pkg.Name();
+              if (Op == Item::Remove || Op == Item::Purge) 
+               {
+                 PkgVer = I->Pkg.CurrentVer();
+                  if(PkgVer.end() == true)
+                     PkgVer = FindNowVersion(I->Pkg);
+               }
+              else
+                 PkgVer = Cache[I->Pkg].InstVerIter(Cache);
+              if (strcmp(I->Pkg.Arch(), "none") == 0)
+                 ; // never arch-qualify a package without an arch
+              else if (PkgVer.end() == false)
+                  name.append(":").append(PkgVer.Arch());
+               else
+                  _error->Warning("Can not find PkgVer for '%s'", name.c_str());
+              char * const fullname = strdup(name.c_str());
               Packages.push_back(fullname);
               ADDARG(fullname);
            }
@@ -1139,16 +1263,13 @@ bool pkgDPkgPM::Go(int OutStatusFd)
 
       // if tcgetattr does not return zero there was a error
       // and we do not do any pty magic
-      if (tcgetattr(0, &tt) == 0)
+      _error->PushToStack();
+      if (tcgetattr(STDOUT_FILENO, &tt) == 0)
       {
         ioctl(0, TIOCGWINSZ, (char *)&win);
-        if (openpty(&master, &slave, NULL, &tt, &win) < 0) 
+        if (openpty(&master, &slave, NULL, &tt, &win) < 0)
         {
-           const char *s = _("Can not write log, openpty() "
-                             "failed (/dev/pts not mounted?)\n");
-           fprintf(stderr, "%s",s);
-            if(d->term_out)
-              fprintf(d->term_out, "%s",s);
+           _error->Errno("openpty", _("Can not write log (%s)"), _("Is /dev/pts mounted?"));
            master = slave = -1;
         }  else {
            struct termios rtt;
@@ -1166,6 +1287,15 @@ bool pkgDPkgPM::Go(int OutStatusFd)
            sigprocmask(SIG_SETMASK, &original_sigmask, 0);
         }
       }
+      // complain only if stdout is either a terminal (but still failed) or is an invalid
+      // descriptor otherwise we would complain about redirection to e.g. /dev/null as well.
+      else if (isatty(STDOUT_FILENO) == 1 || errno == EBADF)
+         _error->Errno("tcgetattr", _("Can not write log (%s)"), _("Is stdout a terminal?"));
+
+      if (_error->PendingError() == true)
+        _error->DumpErrors(std::cerr);
+      _error->RevertToStack();
+
        // Fork dpkg
       pid_t Child;
       _config->Set("APT::Keep-Fds::",fd[1]);
@@ -1176,10 +1306,10 @@ bool pkgDPkgPM::Go(int OutStatusFd)
                << (PackagesDone/float(PackagesTotal)*100.0) 
                << ":" << _("Running dpkg")
                << endl;
-        write(OutStatusFd, status.str().c_str(), status.str().size());
+        FileFd::Write(OutStatusFd, status.str().c_str(), status.str().size());
       }
       Child = ExecFork();
-            
+      
       // This is the child
       if (Child == 0)
       {
@@ -1195,14 +1325,7 @@ bool pkgDPkgPM::Go(int OutStatusFd)
         }
         close(fd[0]); // close the read end of the pipe
 
-        if (_config->FindDir("DPkg::Chroot-Directory","/") != "/") 
-        {
-           std::cerr << "Chrooting into " 
-                     << _config->FindDir("DPkg::Chroot-Directory") 
-                     << std::endl;
-           if (chroot(_config->FindDir("DPkg::Chroot-Directory","/").c_str()) != 0)
-              _exit(100);
-        }
+        dpkgChrootDirectory();
 
         if (chdir(_config->FindDir("DPkg::Run-Directory","/").c_str()) != 0)
            _exit(100);
@@ -1380,9 +1503,8 @@ bool pkgDPkgPM::Go(int OutStatusFd)
 }
 
 void SigINT(int sig) {
-   if (_config->FindB("APT::Immediate-Configure-All",false)) 
-      pkgPackageManager::SigINTStop = true;
-} 
+   pkgPackageManager::SigINTStop = true;
+}
                                                                        /*}}}*/
 // pkgDpkgPM::Reset - Dump the contents of the command list            /*{{{*/
 // ---------------------------------------------------------------------
@@ -1397,6 +1519,12 @@ void pkgDPkgPM::Reset()
 /* */
 void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg) 
 {
+   // If apport doesn't exist or isn't installed do nothing
+   // This e.g. prevents messages in 'universes' without apport
+   pkgCache::PkgIterator apportPkg = Cache.FindPkg("apport");
+   if (apportPkg.end() == true || apportPkg->CurrentVer == 0)
+      return;
+
    string pkgname, reportfile, srcpkgname, pkgver, arch;
    string::size_type pos;
    FILE *report;
@@ -1484,7 +1612,7 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
         if(strstr(strbuf,"Package:") == strbuf)
         {
            char pkgname[255], version[255];
-           if(sscanf(strbuf, "Package: %s %s", pkgname, version) == 2)
+           if(sscanf(strbuf, "Package: %254s %254s", pkgname, version) == 2)
               if(strcmp(pkgver.c_str(), version) == 0)
               {
                  fclose(report);
@@ -1521,12 +1649,12 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
    if (!logfile_name.empty())
    {
       FILE *log = NULL;
-      char buf[1024];
 
       fprintf(report, "DpkgTerminalLog:\n");
       log = fopen(logfile_name.c_str(),"r");
       if(log != NULL)
       {
+        char buf[1024];
         while( fgets(buf, sizeof(buf), log) != NULL)
            fprintf(report, " %s", buf);
         fclose(log);
@@ -1537,18 +1665,19 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
    const char *ops_str[] = {"Install", "Configure","Remove","Purge"};
    fprintf(report, "AptOrdering:\n");
    for (vector<Item>::iterator I = List.begin(); I != List.end(); ++I)
-      fprintf(report, " %s: %s\n", (*I).Pkg.Name(), ops_str[(*I).Op]);
+      if ((*I).Pkg != NULL)
+         fprintf(report, " %s: %s\n", (*I).Pkg.Name(), ops_str[(*I).Op]);
+      else
+         fprintf(report, " %s: %s\n", "NULL", ops_str[(*I).Op]);
 
    // attach dmesg log (to learn about segfaults)
    if (FileExists("/bin/dmesg"))
    {
-      FILE *log = NULL;
-      char buf[1024];
-
       fprintf(report, "Dmesg:\n");
-      log = popen("/bin/dmesg","r");
+      FILE *log = popen("/bin/dmesg","r");
       if(log != NULL)
       {
+        char buf[1024];
         while( fgets(buf, sizeof(buf), log) != NULL)
            fprintf(report, " %s", buf);
         pclose(log);
@@ -1558,13 +1687,12 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
    // attach df -l log (to learn about filesystem status)
    if (FileExists("/bin/df"))
    {
-      FILE *log = NULL;
-      char buf[1024];
 
       fprintf(report, "Df:\n");
-      log = popen("/bin/df -l","r");
+      FILE *log = popen("/bin/df -l","r");
       if(log != NULL)
       {
+        char buf[1024];
         while( fgets(buf, sizeof(buf), log) != NULL)
            fprintf(report, " %s", buf);
         pclose(log);