diff options
author | David Kalnischkies <kalnischkies@gmail.com> | 2013-03-18 22:57:08 +0100 |
---|---|---|
committer | David Kalnischkies <kalnischkies@gmail.com> | 2013-03-18 22:57:08 +0100 |
commit | 233b78083f6f79730fcb5a6faeb74e2a78b6038a (patch) | |
tree | baba7b950d929c64338fdaed9da00eb84b612b15 | |
parent | f1828b6977972b4ef6da6401602b7938f6570c32 (diff) |
* apt-pkg/deb/debindexfile.cc,
apt-pkg/deb/deblistparser.cc:
- use OpenMaybeClearSignedFile to be free from detecting and
skipping clearsigning metadata in dsc and Release files
We can't write a "clean" file to disk as not all acquire methods copy
Release files before checking them (e.g. cdrom), so this reverts recombining,
but uses the method we use for dsc files also in the two places we
deal with Release files
-rw-r--r-- | apt-pkg/contrib/gpgv.cc | 44 | ||||
-rw-r--r-- | apt-pkg/contrib/gpgv.h | 14 | ||||
-rw-r--r-- | apt-pkg/deb/debindexfile.cc | 8 | ||||
-rw-r--r-- | apt-pkg/deb/deblistparser.cc | 12 | ||||
-rw-r--r-- | apt-pkg/indexrecords.cc | 6 | ||||
-rw-r--r-- | debian/changelog | 11 | ||||
-rw-r--r-- | test/integration/framework | 2 | ||||
-rwxr-xr-x | test/integration/test-apt-cdrom | 2 |
8 files changed, 23 insertions, 76 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index fc16dd32c..7e244c623 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -215,7 +215,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, UNLINK_EXIT(EINTERNAL); } #undef UNLINK_EXIT - // we don't need the files any longer as we have the filedescriptors still open + // we don't need the files any longer unlink(sig); unlink(data); free(sig); @@ -235,52 +235,12 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, exit(WEXITSTATUS(Status)); } - /* looks like its fine. Our caller will check the status fd, - but we construct a good-known clear-signed file without garbage - and other non-sense. In a perfect world, we get the same file, - but empty lines, trailing whitespaces and stuff makes it inperfect … */ - if (RecombineToClearSignedFile(File, dataFd, dataHeader, sigFd) == false) - { - _error->DumpErrors(std::cerr); - exit(EINTERNAL); - } - - // everything fine, we have a clean file now! + // everything fine exit(0); } exit(EINTERNAL); // unreachable safe-guard } /*}}}*/ -// RecombineToClearSignedFile - combine data/signature to message /*{{{*/ -bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, - std::vector<std::string> const &ContentHeader, int const SignatureFile) -{ - FILE *clean_file = fopen(OutFile.c_str(), "w"); - fputs("-----BEGIN PGP SIGNED MESSAGE-----\n", clean_file); - for (std::vector<std::string>::const_iterator h = ContentHeader.begin(); h != ContentHeader.end(); ++h) - fprintf(clean_file, "%s\n", h->c_str()); - fputs("\n", clean_file); - - FILE *data_file = fdopen(ContentFile, "r"); - FILE *sig_file = fdopen(SignatureFile, "r"); - if (data_file == NULL || sig_file == NULL) - { - fclose(clean_file); - return _error->Error("Couldn't open splitfiles to recombine them into %s", OutFile.c_str()); - } - char *buf = NULL; - size_t buf_size = 0; - while (getline(&buf, &buf_size, data_file) != -1) - fputs(buf, clean_file); - fclose(data_file); - fputs("\n", clean_file); - while (getline(&buf, &buf_size, sig_file) != -1) - fputs(buf, clean_file); - fclose(sig_file); - fclose(clean_file); - return true; -} - /*}}}*/ // SplitClearSignedFile - split message into data/signature /*{{{*/ bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, std::vector<std::string> * const ContentHeader, int const SignatureFile) diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index ab7d35ab1..8cbe553bc 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -69,20 +69,6 @@ inline void ExecGPGV(std::string const &File, std::string const &FileSig, bool SplitClearSignedFile(std::string const &InFile, int const ContentFile, std::vector<std::string> * const ContentHeader, int const SignatureFile); -/** \brief recombines message and signature to an inline signature - * - * Reverses the splitting down by #SplitClearSignedFile by writing - * a well-formed clear-signed message without unsigned messages, - * additional signed messages or just trailing whitespaces - * - * @param OutFile will be clear-signed file - * @param ContentFile is the Fd the message will be read from - * @param ContentHeader is a list of all required Amored Headers for the message - * @param SignatureFile is the Fd all signatures will be read from - */ -bool RecombineToClearSignedFile(std::string const &OutFile, int const ContentFile, - std::vector<std::string> const &ContentHeader, int const SignatureFile); - /** \brief open a file which might be clear-signed * * This method tries to extract the (signed) message of a file. diff --git a/apt-pkg/deb/debindexfile.cc b/apt-pkg/deb/debindexfile.cc index de645bb6e..909dfcf47 100644 --- a/apt-pkg/deb/debindexfile.cc +++ b/apt-pkg/deb/debindexfile.cc @@ -22,6 +22,7 @@ #include <apt-pkg/strutl.h> #include <apt-pkg/acquire-item.h> #include <apt-pkg/debmetaindex.h> +#include <apt-pkg/gpgv.h> #include <sys/stat.h> /*}}}*/ @@ -337,7 +338,12 @@ bool debPackagesIndex::Merge(pkgCacheGenerator &Gen,OpProgress *Prog) const if (releaseExists == true || FileExists(ReleaseFile) == true) { - FileFd Rel(ReleaseFile,FileFd::ReadOnly); + FileFd Rel; + // Beware: The 'Release' file might be clearsigned in case the + // signature for an 'InRelease' file couldn't be checked + if (OpenMaybeClearSignedFile(ReleaseFile, Rel) == false) + return false; + if (_error->PendingError() == true) return false; Parser.LoadReleaseInfo(File,Rel,Section); diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index b84bd6fdd..2c014a734 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -800,13 +800,12 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI, map_ptrloc const storage = WriteUniqString(component); FileI->Component = storage; - // FIXME: Code depends on the fact that Release files aren't compressed + // FIXME: should use FileFd and TagSection FILE* release = fdopen(dup(File.Fd()), "r"); if (release == NULL) return false; char buffer[101]; - bool gpgClose = false; while (fgets(buffer, sizeof(buffer), release) != NULL) { size_t len = 0; @@ -818,15 +817,6 @@ bool debListParser::LoadReleaseInfo(pkgCache::PkgFileIterator &FileI, if (buffer[len] == '\0') continue; - // only evalute the first GPG section - if (strncmp("-----", buffer, 5) == 0) - { - if (gpgClose == true) - break; - gpgClose = true; - continue; - } - // seperate the tag from the data const char* dataStart = strchr(buffer + len, ':'); if (dataStart == NULL) diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index af2639beb..1461a24bb 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -12,6 +12,7 @@ #include <apt-pkg/configuration.h> #include <apt-pkg/fileutl.h> #include <apt-pkg/hashes.h> +#include <apt-pkg/gpgv.h> #include <sys/stat.h> #include <clocale> @@ -57,7 +58,10 @@ bool indexRecords::Exists(string const &MetaKey) const bool indexRecords::Load(const string Filename) /*{{{*/ { - FileFd Fd(Filename, FileFd::ReadOnly); + FileFd Fd; + if (OpenMaybeClearSignedFile(Filename, Fd) == false) + return false; + pkgTagFile TagFile(&Fd, Fd.Size() + 256); // XXX if (_error->PendingError() == true) { diff --git a/debian/changelog b/debian/changelog index 27fae657c..7c02b2689 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,19 +8,18 @@ apt (0.9.7.9) UNRELEASED; urgency=low and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd - if ExecGPGV deals with a clear-signed file it will split this file - into data and signatures, pass it to gpgv for verification and - recombines it after that in a known-good way without unsigned blocks - and whitespaces resulting usually in more or less the same file as - before, but later code can be sure about the format + into data and signatures, pass it to gpgv for verification - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default - * ftparchive/writer.cc: + * ftparchive/writer.cc, + apt-pkg/deb/debindexfile.cc, + apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and - skipping clearsigning metadata in dsc files + skipping clearsigning metadata in dsc and Release files [ Michael Vogt ] * add regression test for CVE-2013-1051 diff --git a/test/integration/framework b/test/integration/framework index 2ef61ca84..86e6ed7c3 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -114,7 +114,7 @@ gdb() { } addtrap() { - CURRENTTRAP="$CURRENTTRAP $1" + CURRENTTRAP="$1 $CURRENTTRAP" trap "$CURRENTTRAP exit;" 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM } diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index f24c99b36..f1c4fd9d3 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -24,6 +24,8 @@ cat Translation-de | xz --format=lzma > Translation-de.lzma cat Translation-de | xz > Translation-de.xz rm Translation-en Translation-de cd - > /dev/null +addtrap "chmod -R +w $PWD/rootdir/media/cdrom/dists/;" +chmod -R -w rootdir/media/cdrom/dists aptcdrom add -m -o quiet=1 > apt-cdrom.log 2>&1 sed -i -e '/^Using CD-ROM/ d' -e '/gpgv/ d' -e '/^Identifying/ d' -e '/Reading / d' apt-cdrom.log |