diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-04-12 11:20:55 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-04-19 01:13:09 +0200 |
commit | de1c9b8ad208ae677fc6e916a907e319f246b1e8 (patch) | |
tree | 274e676efe68bc63792ffef3ac5d3f8dcc5f74ca | |
parent | d84da4995df24329e96d57a22136683a9e370f4e (diff) |
unsigned Release files can expire, too
Checking Valid-Until on an unsigned Release file doesn't give us any
security brownie points as an attacker could just change the date and in
practice repositories with unsigned Release files will very likely not
have a Valid-Until date, but for symetry and the fact that being
unsigned is currently just a warning, while expired is a fatal error.
-rw-r--r-- | apt-pkg/acquire-item.cc | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index dd85fda79..bdbdcc456 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1739,7 +1739,10 @@ void pkgAcqMetaSig::Failed(string Message,pkgAcquire::MethodConfig *Cnf)/*{{{*/ // we parse the indexes here because at this point the user wanted // a repository that may potentially harm him MetaIndexParser->Load(MetaIndexFile); - QueueIndexes(true); + if (!VerifyVendor(Message, RealURI)) + /* expired Release files are still a problem you need extra force for */; + else + QueueIndexes(true); } // FIXME: this is used often (e.g. in pkgAcqIndexTrans) so refactor @@ -1843,6 +1846,7 @@ bool pkgAcqMetaBase::CheckAuthDone(string Message, const string &RealURI) /*{{{* if (!VerifyVendor(Message, RealURI)) { + Status = StatAuthError; return false; } @@ -2030,13 +2034,19 @@ bool pkgAcqMetaBase::VerifyVendor(string Message, const string &RealURI)/*{{{*/ MetaIndexParser->GetValidUntil() > 0) { time_t const invalid_since = time(NULL) - MetaIndexParser->GetValidUntil(); if (invalid_since > 0) - // TRANSLATOR: The first %s is the URL of the bad Release file, the second is - // the time since then the file is invalid - formated in the same way as in - // the download progress display (e.g. 7d 3h 42min 1s) - return _error->Error( - _("Release file for %s is expired (invalid since %s). " - "Updates for this repository will not be applied."), - RealURI.c_str(), TimeToStr(invalid_since).c_str()); + { + std::string errmsg; + strprintf(errmsg, + // TRANSLATOR: The first %s is the URL of the bad Release file, the second is + // the time since then the file is invalid - formated in the same way as in + // the download progress display (e.g. 7d 3h 42min 1s) + _("Release file for %s is expired (invalid since %s). " + "Updates for this repository will not be applied."), + RealURI.c_str(), TimeToStr(invalid_since).c_str()); + if (ErrorText.empty()) + ErrorText = errmsg; + return _error->Error("%s", errmsg.c_str()); + } } if (_config->FindB("Debug::pkgAcquire::Auth", false)) |