use 'best' hash for source authentication

[apt.git] / apt-pkg / acquire-item.cc

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 1443380a171dcff38fd664f61a8b31aa0078bc91..913764f64ce04fdc91238a0f3066a4b29209bf50 100644 (file)
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -936,6 +936,8 @@ pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner,
    }
    CompressionExtension = comprExt;
 
+   Verify = true;
+
    Init(URI, URIDesc, ShortDesc);
 }
 pkgAcqIndex::pkgAcqIndex(pkgAcquire *Owner, IndexTarget const *Target,
@@ -1468,9 +1470,20 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash,   /
       }
       else
       {
+         // FIXME: move this into pkgAcqMetaClearSig::Done on the next
+         //        ABI break
+
+         // if we expect a ClearTextSignature (InRelase), ensure that
+         // this is what we get and if not fail to queue a 
+         // Release/Release.gpg, see #346386
+         if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile))
+         {
+            Failed(Message, Cfg);
+            return;
+         }
+
          // There was a signature file, so pass it to gpgv for
          // verification
-
          if (_config->FindB("Debug::pkgAcquire::Auth", false))
             std::cerr << "Metaindex acquired, queueing gpg verification ("
                       << SigFile << "," << DestFile << ")\n";
@@ -2134,7 +2147,8 @@ void pkgAcqArchive::Done(string Message,unsigned long long Size,string CalcHash,
    }
    
    // Check the hash
-   if(ExpectedHash.toStr() != CalcHash)
+   // FIXME: could this empty() check impose *any* sort of security issue?
+   if(ExpectedHash.empty() == false && ExpectedHash.toStr() != CalcHash)
    {
       RenameOnError(HashSumMismatch);
       return;