Desc.Owner = this;
Desc.ShortDesc = ShortDesc;
- if(available_patches.size() == 0)
+ if(available_patches.empty() == true)
{
// we are done (yeah!)
Finish(true);
if (AuthPass == true)
{
// gpgv method failed, if we have a good signature
- string LastGoodSigFile = _config->FindDir("Dir::State::lists");
- if (DestFile == SigFile)
- LastGoodSigFile.append(URItoFileName(RealURI));
- else
- LastGoodSigFile.append("partial/").append(URItoFileName(RealURI)).append(".gpg.reverify");
+ string LastGoodSigFile = _config->FindDir("Dir::State::lists").append("partial/").append(URItoFileName(RealURI));
+ if (DestFile != SigFile)
+ LastGoodSigFile.append(".gpg");
+ LastGoodSigFile.append(".reverify");
if(FileExists(LastGoodSigFile))
{
+ string VerifiedSigFile = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
if (DestFile != SigFile)
- {
- string VerifiedSigFile = _config->FindDir("Dir::State::lists") +
- URItoFileName(RealURI) + ".gpg";
- Rename(LastGoodSigFile,VerifiedSigFile);
- }
+ VerifiedSigFile.append(".gpg");
+ Rename(LastGoodSigFile, VerifiedSigFile);
Status = StatTransientNetworkError;
_error->Warning(_("A error occurred during the signature "
"verification. The repository is not updated "
MetaSigURI(MetaSigURI), MetaSigURIDesc(MetaSigURIDesc), MetaSigShortDesc(MetaSigShortDesc)
{
SigFile = DestFile;
+
+ // keep the old InRelease around in case of transistent network errors
+ string const Final = _config->FindDir("Dir::State::lists") + URItoFileName(RealURI);
+ struct stat Buf;
+ if (stat(Final.c_str(),&Buf) == 0)
+ {
+ string const LastGoodSig = DestFile + ".reverify";
+ Rename(Final,LastGoodSig);
+ }
}
/*}}}*/
// pkgAcqMetaClearSig::Custom600Headers - Insert custom request headers /*{{{*/
assumption here that all the available sources for this version share
the same extension.. */
// Skip not source sources, they do not have file fields.
- for (; Vf.end() == false; Vf++)
+ for (; Vf.end() == false; ++Vf)
{
if ((Vf.File()->Flags & pkgCache::Flag::NotSource) != 0)
continue;
if (*String == 0)
return String;
-
+ return _strrstrip(String);
+}
+ /*}}}*/
+// strrstrip - Remove white space from the back of a string /*{{{*/
+// ---------------------------------------------------------------------
+char *_strrstrip(char *String)
+{
char *End = String + strlen(String) - 1;
for (;End != String - 1 && (*End == ' ' || *End == '\t' || *End == '\n' ||
*End == '\r'); End--);
return VerStr;
return VerStr.substr(i+1);
}
-
+ /*}}}*/
// tolower_ascii - tolower() function that ignores the locale /*{{{*/
// ---------------------------------------------------------------------
/* This little function is the most called method we have and tries
return false;
}
/*}}}*/
- // DeEscapeString - unescape (\0XX and \xXX) from a string /*{{{*/
+ // DeEscapeString - unescape (\0XX and \xXX) from a string /*{{{*/
// ---------------------------------------------------------------------
/* */
string DeEscapeString(const string &input)
{
char tmp[3];
- string::const_iterator it, escape_start;
- string output, octal, hex;
+ string::const_iterator it;
+ string output;
for (it = input.begin(); it != input.end(); ++it)
{
// just copy non-escape chars
"Replaces",0};
unsigned long Result = INIT_FCS;
char S[1024];
- for (const char **I = Sections; *I != 0; I++)
+ for (const char * const *I = Sections; *I != 0; ++I)
{
const char *Start;
const char *End;
of certain fields. dpkg also has the rather interesting notion of
reformatting depends operators < -> <= */
char *J = S;
- for (; Start != End; Start++)
+ for (; Start != End; ++Start)
{
- if (isspace(*Start) == 0)
- *J++ = tolower_ascii(*Start);
- if (*Start == '<' && Start[1] != '<' && Start[1] != '=')
- *J++ = '=';
- if (*Start == '>' && Start[1] != '>' && Start[1] != '=')
+ if (isspace(*Start) != 0)
+ continue;
+ *J++ = tolower_ascii(*Start);
+
+ if ((*Start == '<' || *Start == '>') && Start[1] != *Start && Start[1] != '=')
*J++ = '=';
}
map_ptrloc const storage = WriteUniqString(component);
FileI->Component = storage;
- // FIXME: Code depends on the fact that Release files aren't compressed
+ // FIXME: should use FileFd and TagSection
FILE* release = fdopen(dup(File.Fd()), "r");
if (release == NULL)
return false;
char buffer[101];
- bool gpgClose = false;
while (fgets(buffer, sizeof(buffer), release) != NULL)
{
size_t len = 0;
if (buffer[len] == '\0')
continue;
- // only evalute the first GPG section
- if (strncmp("-----", buffer, 5) == 0)
- {
- if (gpgClose == true)
- break;
- gpgClose = true;
- continue;
- }
-
// seperate the tag from the data
const char* dataStart = strchr(buffer + len, ':');
if (dataStart == NULL)
File = OrigPath + ChopDirs(File,Chop);
// See if the file exists
- bool Mangled = false;
if (NoStat == false || Hits < 10)
{
// Attempt to fix broken structure
if (stat(string(CDROM + Prefix + File).c_str(),&Buf) != 0 ||
Buf.st_size == 0)
{
+ bool Mangled = false;
// Attempt to fix busted symlink support for one instance
string OrigFile = File;
string::size_type Start = File.find("binary-");
if(pid == 0)
{
if (useInRelease == true)
- RunGPGV(inrelease, inrelease);
+ ExecGPGV(inrelease, inrelease);
else
- RunGPGV(release, releasegpg);
+ ExecGPGV(release, releasegpg);
}
if(!ExecWait(pid, "gpgv")) {
}
}
- return true;
-}
- /*}}}*/
-// SigVerify::RunGPGV - returns the command needed for verify /*{{{*/
-// ---------------------------------------------------------------------
-/* Generating the commandline for calling gpgv is somehow complicated as
- we need to add multiple keyrings and user supplied options. Also, as
- the cdrom code currently can not use the gpgv method we have two places
- these need to be done - so the place for this method is wrong but better
- than code duplication… */
-bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
- int const &statusfd, int fd[2])
-{
- if (File == FileGPG)
- {
- #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
- char buffer[sizeof(SIGMSG)];
- FILE* gpg = fopen(File.c_str(), "r");
- if (gpg == NULL)
- return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
- char const * const test = fgets(buffer, sizeof(buffer), gpg);
- fclose(gpg);
- if (test == NULL || strcmp(buffer, SIGMSG) != 0)
- return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
- #undef SIGMSG
- }
-
-
- string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
- // FIXME: remove support for deprecated APT::GPGV setting
- string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
- string const trustedPath = _config->FindDir("Dir::Etc::TrustedParts");
-
- bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
-
- if (Debug == true)
- {
- std::clog << "gpgv path: " << gpgvpath << std::endl;
- std::clog << "Keyring file: " << trustedFile << std::endl;
- std::clog << "Keyring path: " << trustedPath << std::endl;
- }
-
- std::vector<string> keyrings;
- if (DirectoryExists(trustedPath))
- keyrings = GetListOfFilesInDir(trustedPath, "gpg", false, true);
- if (RealFileExists(trustedFile) == true)
- keyrings.push_back(trustedFile);
-
- std::vector<const char *> Args;
- Args.reserve(30);
-
- if (keyrings.empty() == true)
- {
- // TRANSLATOR: %s is the trusted keyring parts directory
- return _error->Error(_("No keyring installed in %s."),
- _config->FindDir("Dir::Etc::TrustedParts").c_str());
- }
-
- Args.push_back(gpgvpath.c_str());
- Args.push_back("--ignore-time-conflict");
-
- if (statusfd != -1)
- {
- Args.push_back("--status-fd");
- char fd[10];
- snprintf(fd, sizeof(fd), "%i", statusfd);
- Args.push_back(fd);
- }
-
- for (vector<string>::const_iterator K = keyrings.begin();
- K != keyrings.end(); ++K)
- {
- Args.push_back("--keyring");
- Args.push_back(K->c_str());
- }
-
- Configuration::Item const *Opts;
- Opts = _config->Tree("Acquire::gpgv::Options");
- if (Opts != 0)
- {
- Opts = Opts->Child;
- for (; Opts != 0; Opts = Opts->Next)
- {
- if (Opts->Value.empty() == true)
- continue;
- Args.push_back(Opts->Value.c_str());
- }
- }
-
- Args.push_back(FileGPG.c_str());
- if (FileGPG != File)
- Args.push_back(File.c_str());
- Args.push_back(NULL);
-
- if (Debug == true)
- {
- std::clog << "Preparing to exec: " << gpgvpath;
- for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
- std::clog << " " << *a;
- std::clog << std::endl;
- }
-
- if (statusfd != -1)
- {
- int const nullfd = open("/dev/null", O_RDONLY);
- close(fd[0]);
- // Redirect output to /dev/null; we read from the status fd
- dup2(nullfd, STDOUT_FILENO);
- dup2(nullfd, STDERR_FILENO);
- // Redirect the pipe to the status fd (3)
- dup2(fd[1], statusfd);
-
- putenv((char *)"LANG=");
- putenv((char *)"LC_ALL=");
- putenv((char *)"LC_MESSAGES=");
- }
-
- execvp(gpgvpath.c_str(), (char **) &Args[0]);
return true;
}
/*}}}*/
unsigned int WrongSize = 0;
unsigned int Packages = 0;
for (vector<string>::iterator I = List.begin(); I != List.end(); ++I)
- {
- string OrigPath = string(*I,CDROM.length());
-
+ {
// Open the package file
FileFd Pkg(*I, FileFd::ReadOnly, FileFd::Auto);
off_t const FileSize = Pkg.Size();
return false;
}
- unsigned short const order[] = { MOD_REMOVE, MOD_INSTALL, 0 };
TryToInstall InstallAction(Cache, Fix, BrokenFix);
TryToRemove RemoveAction(Cache, Fix);
// new scope for the ActionGroup
{
pkgDepCache::ActionGroup group(Cache);
+ unsigned short const order[] = { MOD_REMOVE, MOD_INSTALL, 0 };
for (unsigned short i = 0; order[i] != 0; ++i)
{
/* Print out a list of suggested and recommended packages */
{
- string SuggestsList, RecommendsList, List;
+ string SuggestsList, RecommendsList;
string SuggestsVersions, RecommendsVersions;
for (unsigned J = 0; J < Cache->Head().PackageCount; J++)
{
{
string buildopts = _config->Find("APT::Get::Host-Architecture");
if (buildopts.empty() == false)
- buildopts = "-a " + buildopts + " ";
+ buildopts = "-a" + buildopts + " ";
buildopts.append(_config->Find("DPkg::Build-Options","-b -uc"));
// Call dpkg-buildpackage
-apt (0.9.7.8~exp2+nmu1) UNRELEASED; urgency=low
+apt (0.9.7.9~exp3) UNRELEASED; urgency=low
+
+ [ Michael Vogt ]
+ * apt-pkg/sourcelist.cc:
+ - fix segfault when a hostname contains a [, thanks to
+ Tzafrir Cohen (closes: #704653)
+ * debian/control:
+ - replace manpages-it (closes: #704723)
- -- David Kalnischkies <kalnischkies@gmail.com> Sun, 10 Mar 2013 12:23:24 +0100
+ [ David Kalnischkies ]
+ * various simple changes to fix cppcheck warnings
+ * apt-pkg/pkgcachegen.cc:
+ - do not store the MD5Sum for every description language variant as
+ it will be the same for all so it can be shared to save cache space
+ - handle language tags for descriptions are unique strings to be shared
+ - factor version string creation out of NewDepends, so we can easily reuse
+ version strings e.g. for implicit multi-arch dependencies
+ - equal comparisions are used mostly in same-source relations,
+ so use this to try to reuse some version strings
+ - sort group and package names in the hashtable on insert
+ - share version strings between same versions (of different architectures)
+ to save some space and allow quick comparisions later on
+ * apt-pkg/pkgcache.cc:
+ - assume sorted hashtable entries for groups/packages
+ * apt-pkg/cacheiterators.h:
+ - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck
+ * apt-pkg/deb/debversion.cc:
+ - add a string-equal shortcut for equal version comparisions
+
+ [ Marc Deslauriers ]
+ * make apt-ftparchive generate missing deb-src hashes (LP: #1078697)
+
+ -- Michael Vogt <mvo@debian.org> Mon, 08 Apr 2013 08:43:21 +0200
+
+apt (0.9.7.9~exp2) experimental; urgency=low
+
+ [ Programs translations ]
+ * Update all PO files and apt-all.pot
+ * French translation completed (Christian Perrier)
+
+ [ Daniel Hartwig ]
+ * cmdline/apt-get.cc:
+ - do not have space between "-a" and option when cross building
+ (closes: #703792)
+ * test/integration/test-apt-get-download:
+ - fix test now that #1098752 is fixed
+ * po/{ca,cs,ru}.po:
+ - fix merge artifact
+
+ [ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc
+ * apt-pkg/contrib/gpgv.cc:
+ - ExecGPGV is a method which should never return, so mark it as such
+ and fix the inconsistency of returning in error cases
+ - don't close stdout/stderr if it is also the statusfd
+ - if ExecGPGV deals with a clear-signed file it will split this file
+ into data and signatures, pass it to gpgv for verification
+ - add method to open (maybe) clearsigned files transparently
+ * apt-pkg/acquire-item.cc:
+ - keep the last good InRelease file around just as we do it with
+ Release.gpg in case the new one we download isn't good for us
+ * apt-pkg/deb/debmetaindex.cc:
+ - reenable InRelease by default
+ * ftparchive/writer.cc,
+ apt-pkg/deb/debindexfile.cc,
+ apt-pkg/deb/deblistparser.cc:
+ - use OpenMaybeClearSignedFile to be free from detecting and
+ skipping clearsigning metadata in dsc and Release files
+
+ [ Michael Vogt ]
+ * add regression test for CVE-2013-1051
+ * implement GPGSplit() based on the idea from Ansgar Burchardt
+ (many thanks!)
+ * methods/connect.cc:
+ - use Errno() instead of strerror(), thanks to David Kalnischk
+ * doc/apt.conf.5.xml:
+ - document Acquire::ForceIPv{4,6}
+
+ -- Michael Vogt <mvo@debian.org> Wed, 03 Apr 2013 14:19:58 +0200
+
+apt (0.9.7.9~exp1) experimental; urgency=low
+
+ [ Niels Thykier ]
+ * test/libapt/assert.h, test/libapt/run-tests:
+ - exit with status 1 on test failure
+
+ [ Daniel Hartwig ]
+ * test/integration/framework:
+ - continue after test failure but preserve exit status
+
+ [ Programs translation updates ]
+ * Turkish (Mert Dirik). Closes: #703526
+
+ [ Colin Watson ]
+ * methods/connect.cc:
+ - provide useful error message in case of EAI_SYSTEM
+ (closes: #703603)
+
+ [ Michael Vogt ]
+ * add new config options "Acquire::ForceIPv4" and
+ "Acquire::ForceIPv6" to allow focing one or the other
+ (closes: #611891)
+ * lp:~mvo/apt/fix-tagfile-hash:
+ - fix false positives in pkgTagSection.Exists(), thanks to
+ Niels Thykier for the testcase (closes: #703240)
+ - this will require rebuilds of the clients as this used to
+ be a inline function
+
+ -- Michael Vogt <mvo@debian.org> Fri, 22 Mar 2013 21:57:08 +0100
+
+apt (0.9.7.8) unstable; urgency=criticial
+
+ * SECURITY UPDATE: InRelease verification bypass
+ - CVE-2013-1051
+
+ [ David Kalnischk ]
+ * apt-pkg/deb/debmetaindex.cc,
+ test/integration/test-bug-595691-empty-and-broken-archive-files,
+ test/integration/test-releasefile-verification:
+ - disable InRelease downloading until the verification issue is
+ fixed, thanks to Ansgar Burchardt for finding the flaw
+
+ -- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
apt (0.9.7.8~exp2) experimental; urgency=low
projects / apt.git / commitdiff
