diff options
author | David Kalnischkies <david@kalnischkies.de> | 2021-06-04 14:15:46 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2021-06-04 16:45:02 +0200 |
commit | ba18c4323ecbc66e6a1e3fedae60721f9c5701b1 (patch) | |
tree | a7015a5228e4cc07b79317c10043f8ef9112ea6a | |
parent | 149b23c2b9697bc262c0af1934c7a3f6114d903f (diff) |
Do not use filename of local sources in 'apt download'
If a source is not copying files to the destination the download code
forces the copy – which in practice are local repositories accessed
via file:/ – but in that process takes the filename the local repo used
rather than the filename it e.g. advertised via --print-uris.
A local repository could hence override a file in the current directory
if you use 'apt download', which is a rather weak ability, but still.
-rw-r--r-- | apt-private/private-download.cc | 16 | ||||
-rw-r--r-- | test/integration/framework | 3 | ||||
-rwxr-xr-x | test/integration/test-uri-encode-filename-field | 7 |
3 files changed, 14 insertions, 12 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc index 16d11255b..eddb901d0 100644 --- a/apt-private/private-download.cc +++ b/apt-private/private-download.cc @@ -211,6 +211,7 @@ bool DoDownload(CommandLine &CmdL) I->Owner->FileSize << ' ' << I->Owner->HashSum() << std::endl; return true; } + auto const storecopy = storefile; if (_error->PendingError() == true || CheckAuth(Fetcher, false) == false) return false; @@ -220,19 +221,22 @@ bool DoDownload(CommandLine &CmdL) return false; // copy files in local sources to the current directory + i = 0; for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I != Fetcher.ItemsEnd(); ++I) { - std::string const filename = cwd + flNotDir((*I)->DestFile); + if (dynamic_cast<pkgAcqArchive*>(*I) == nullptr) + continue; + if ((*I)->Local == true && - filename != (*I)->DestFile && - (*I)->Status == pkgAcquire::Item::StatDone && - dynamic_cast<pkgAcqArchive*>(*I) != nullptr) + (*I)->Status == pkgAcquire::Item::StatDone && + (*I)->DestFile != storecopy[i]) { std::ifstream src((*I)->DestFile.c_str(), std::ios::binary); - std::ofstream dst(filename.c_str(), std::ios::binary); + std::ofstream dst(storecopy[i].c_str(), std::ios::binary); dst << src.rdbuf(); - chmod(filename.c_str(), 0644); + chmod(storecopy[i].c_str(), 0644); } + ++i; } return Failed == false; } diff --git a/test/integration/framework b/test/integration/framework index 412a96577..f14b4da64 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -1776,6 +1776,9 @@ msgfailoutput() { shift done echo '#### cmp output ####' + elif [ "$1" = 'rm' ]; then + echo "#### Directory listing of: $(pwd) ####" + ls -l fi catfile "$OUTPUT" msgfail "$MSG" diff --git a/test/integration/test-uri-encode-filename-field b/test/integration/test-uri-encode-filename-field index 136cce8d2..dffee21aa 100755 --- a/test/integration/test-uri-encode-filename-field +++ b/test/integration/test-uri-encode-filename-field @@ -25,12 +25,7 @@ runtest() { sed -i -e 's#_0+0~0_#_0%3a0+0~0_#' ../rootdir/var/lib/apt/lists/*Packages testsuccess apt download foo - # FIXME: we shouldn't take filename from file:/ in 'apt download' - if [ "$1" = 'file' ]; then - testsuccess rm 'foo_0%3a0+0~0_all.deb' - else - testsuccess rm 'foo_0+0~0_all.deb' - fi + testsuccess rm 'foo_0+0~0_all.deb' testsuccess apt install foo cd "$TMPWORKINGDIRECTORY" >/dev/null |