From: Michael Vogt Date: Wed, 7 May 2014 16:10:52 +0000 (+0200) Subject: Merge remote-tracking branch 'mvo/feature/apt-install-deb' into debian/experimental X-Git-Tag: 1.1.exp1~35 X-Git-Url: https://git.saurik.com/apt.git/commitdiff_plain/00026265672f2663e0aa0ab1a3fa7333f718a643?hp=-c Merge remote-tracking branch 'mvo/feature/apt-install-deb' into debian/experimental --- 00026265672f2663e0aa0ab1a3fa7333f718a643 diff --combined apt-pkg/acquire-item.cc index f8a652534,22b77cbda..e851432e9 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@@ -1426,20 -1426,9 +1426,20 @@@ void pkgAcqMetaIndex::Done(string Messa } else { + // FIXME: move this into pkgAcqMetaClearSig::Done on the next + // ABI break + + // if we expect a ClearTextSignature (InRelase), ensure that + // this is what we get and if not fail to queue a + // Release/Release.gpg, see #346386 + if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile)) + { + Failed(Message, Cfg); + return; + } + // There was a signature file, so pass it to gpgv for // verification - if (_config->FindB("Debug::pkgAcquire::Auth", false)) std::cerr << "Metaindex acquired, queueing gpg verification (" << SigFile << "," << DestFile << ")\n"; @@@ -2095,7 -2084,8 +2095,8 @@@ void pkgAcqArchive::Done(string Message } // Check the hash - if(ExpectedHash.toStr() != CalcHash) + // FIXME: could this empty() check impose *any* sort of security issue? + if(ExpectedHash.empty() == false && ExpectedHash.toStr() != CalcHash) { RenameOnError(HashSumMismatch); return; diff --combined apt-pkg/contrib/fileutl.cc index 5466feb4d,c7c60e00e..02b30dc1f --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@@ -58,10 -58,13 +58,10 @@@ #include #endif #ifdef HAVE_LZMA - #include #include #endif - -#ifdef WORDS_BIGENDIAN -#include -#endif +#include +#include #include /*}}}*/ @@@ -656,6 -659,22 +656,22 @@@ string flCombine(string Dir,string File return Dir + '/' + File; } /*}}}*/ + // flAbsPath - Return the absolute path of the filename /*{{{*/ + // --------------------------------------------------------------------- + /* */ + string flAbsPath(string File) + { + char *p = realpath(File.c_str(), NULL); + if (p == NULL) + { + _error->Errno("realpath", "flAbsPath failed"); + return ""; + } + std::string AbsPath(p); + free(p); + return AbsPath; + } + /*}}}*/ // SetCloseExec - Set the close on exec flag /*{{{*/ // --------------------------------------------------------------------- /* */ @@@ -836,27 -855,6 +852,27 @@@ bool ExecWait(pid_t Pid,const char *Nam } /*}}}*/ + +// StartsWithGPGClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ +// --------------------------------------------------------------------- +/* */ +bool StartsWithGPGClearTextSignature(string const &FileName) +{ + static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n"; + char buffer[strlen(SIGMSG)+1]; + FILE* gpg = fopen(FileName.c_str(), "r"); + if (gpg == NULL) + return false; + + char const * const test = fgets(buffer, sizeof(buffer), gpg); + fclose(gpg); + if (test == NULL || strcmp(buffer, SIGMSG) != 0) + return false; + + return true; +} + + class FileFdPrivate { /*{{{*/ public: #ifdef HAVE_ZLIB @@@ -1898,13 -1896,19 +1914,13 @@@ unsigned long long FileFd::Size( FileFdErrno("lseek","Unable to seek to end of gzipped file"); return 0; } - size = 0; + uint32_t size = 0; if (read(iFd, &size, 4) != 4) { FileFdErrno("read","Unable to read original size of gzipped file"); return 0; } - -#ifdef WORDS_BIGENDIAN - uint32_t tmp_size = size; - uint8_t const * const p = (uint8_t const * const) &tmp_size; - tmp_size = (p[3] << 24) | (p[2] << 16) | (p[1] << 8) | p[0]; - size = tmp_size; -#endif + size = le32toh(size); if (lseek(iFd, oldPos, SEEK_SET) < 0) { @@@ -1932,7 -1936,6 +1948,6 @@@ bool FileFd::Close( { if ((Flags & Compressed) != Compressed && iFd > 0 && close(iFd) != 0) Res &= _error->Errno("close",_("Problem closing the file %s"), FileName.c_str()); - if (d != NULL) { Res &= d->CloseDown(FileName); @@@ -2059,6 -2062,31 +2074,31 @@@ std::string GetTempDir( return string(tmpdir); } + FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink) + { + char fn[512]; + FileFd *Fd = new FileFd(); + + std::string tempdir = GetTempDir(); + snprintf(fn, sizeof(fn), "%s/%s.XXXXXX", + tempdir.c_str(), Prefix.c_str()); + int fd = mkstemp(fn); + if(ImmediateUnlink) + unlink(fn); + if (fd < 0) + { + _error->Errno("GetTempFile",_("Unable to mkstemp %s"), fn); + return NULL; + } + if (!Fd->OpenDescriptor(fd, FileFd::WriteOnly, FileFd::None, true)) + { + _error->Errno("GetTempFile",_("Unable to write to %s"),fn); + return NULL; + } + + return Fd; + } + bool Rename(std::string From, std::string To) { if (rename(From.c_str(),To.c_str()) != 0) @@@ -2069,3 -2097,58 +2109,58 @@@ } return true; } + + bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode) + { + int fd; + if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly) + return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only"); + + int Pipe[2] = {-1, -1}; + if(pipe(Pipe) != 0) + { + return _error->Errno("pipe", _("Failed to create subprocess IPC")); + return NULL; + } + std::set keep_fds; + keep_fds.insert(Pipe[0]); + keep_fds.insert(Pipe[1]); + Child = ExecFork(keep_fds); + if(Child < 0) + return _error->Errno("fork", "Failed to fork"); + if(Child == 0) + { + if(Mode == FileFd::ReadOnly) + { + close(Pipe[0]); + fd = Pipe[1]; + } + else if(Mode == FileFd::WriteOnly) + { + close(Pipe[1]); + fd = Pipe[0]; + } + + if(Mode == FileFd::ReadOnly) + { + dup2(fd, 1); + dup2(fd, 2); + } else if(Mode == FileFd::WriteOnly) + dup2(fd, 0); + + execv(Args[0], (char**)Args); + _exit(100); + } + if(Mode == FileFd::ReadOnly) + { + close(Pipe[1]); + fd = Pipe[0]; + } else if(Mode == FileFd::WriteOnly) + { + close(Pipe[0]); + fd = Pipe[1]; + } + Fd.OpenDescriptor(fd, Mode, FileFd::None, true); + + return true; + } diff --combined apt-pkg/contrib/fileutl.h index c9c80af39,452e5fcc2..0b4d94885 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@@ -168,6 -168,8 +168,8 @@@ time_t GetModificationTime(std::string bool Rename(std::string From, std::string To); std::string GetTempDir(); + FileFd* GetTempFile(std::string const &Prefix = "", + bool ImmediateUnlink = true); /** \brief Ensure the existence of the given Path * @@@ -191,9 -193,6 +193,9 @@@ pid_t ExecFork(std::set keep_fds) void MergeKeepFdsFromConfiguration(std::set &keep_fds); bool ExecWait(pid_t Pid,const char *Name,bool Reap = false); +// check if the given file starts with a PGP cleartext signature +bool StartsWithGPGClearTextSignature(std::string const &FileName); + // File string manipulators std::string flNotDir(std::string File); std::string flNotFile(std::string File); @@@ -201,7 -200,23 +203,23 @@@ std::string flNoLink(std::string File) std::string flExtension(std::string File); std::string flCombine(std::string Dir,std::string File); + /** \brief Takes a file path and returns the absolute path + */ + std::string flAbsPath(std::string File); + // simple c++ glob std::vector Glob(std::string const &pattern, int flags=0); + /** \brief Popen() implementation that execv() instead of using a shell + * + * \param Args the execv style command to run + * \param FileFd is a referenz to the FileFd to use for input or output + * \param Child a reference to the integer that stores the child pid + * Note that you must call ExecWait() or similar to cleanup + * \param Mode is either FileFd::ReadOnly or FileFd::WriteOnly + * \return true on success, false on failure with _error set + */ + bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode); + + #endif