summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2011-05-30 14:04:01 +0200
committerJulian Andres Klode <jak@debian.org>2011-05-30 14:04:01 +0200
commit0901c5d08eadea5b5d91b09d4f532a029cb42574 (patch)
tree4e5006b2bfe1287d8b1c0a13ca84428e71672f26
parentdb95f57184f0e5a767aa07c1b629b987093f342e (diff)
apt-pkg/acquire-item.cc: Reject files known to be invalid (LP: #346386) (Closes: #195301)
This commit deals with the following cases: - First section of index file (Packages,Sources,Translation) without Package field - Signed release files without GPG data (NODATA) - i18n/Index files without hash sums Handling unsigned Release files is more complicated, and the example code using indexRecords is disabled as it can reject correct Release files without hashes. How we can reliably check unsigned Release files is another question, and not urgent anyway, as it should have no dramatic effect (we could check that it is a valid RFC-822 section, but that's a bit too long to write)
-rw-r--r--apt-pkg/acquire-item.cc45
-rw-r--r--debian/changelog2
2 files changed, 47 insertions, 0 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 6785b4e1b..6df915d8e 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -271,6 +271,14 @@ void pkgAcqSubIndex::Done(string Message,unsigned long Size,string Md5Hash, /*{{
string FinalFile = _config->FindDir("Dir::State::lists")+URItoFileName(Desc.URI);
+ /* Downloaded invalid transindex => Error (LP: #346386) (Closes: #195301) */
+ indexRecords SubIndexParser;
+ if (FileExists(DestFile) == true && !SubIndexParser.Load(DestFile)) {
+ Status = StatError;
+ ErrorText = SubIndexParser.ErrorText;
+ return;
+ }
+
// sucess in downloading the index
// rename the index
if(Debug)
@@ -894,6 +902,27 @@ void pkgAcqIndex::Done(string Message,unsigned long Size,string Hash,
ReportMirrorFailure("HashChecksumFailure");
return;
}
+
+ /* Verify the index file for correctness (all indexes must
+ * have a Package field) (LP: #346386) (Closes: #195301) */
+ {
+ FileFd fd(DestFile, FileFd::ReadOnly);
+ pkgTagSection sec;
+ pkgTagFile tag(&fd);
+
+ if (_error->PendingError() || !tag.Step(sec)) {
+ Status = StatError;
+ _error->DumpErrors();
+ Rename(DestFile,DestFile + ".FAILED");
+ return;
+ } else if (!sec.Exists("Package")) {
+ Status = StatError;
+ ErrorText = ("Encountered a section with no Package: header");
+ Rename(DestFile,DestFile + ".FAILED");
+ return;
+ }
+ }
+
// Done, move it into position
string FinalFile = _config->FindDir("Dir::State::lists");
FinalFile += URItoFileName(RealURI);
@@ -1330,6 +1359,16 @@ void pkgAcqMetaIndex::AuthDone(string Message) /*{{{*/
/*}}}*/
void pkgAcqMetaIndex::QueueIndexes(bool verify) /*{{{*/
{
+#if 0
+ /* Reject invalid, existing Release files (LP: #346386) (Closes: #195301)
+ * FIXME: Disabled; it breaks unsigned repositories without hashes */
+ if (!verify && FileExists(DestFile) && !MetaIndexParser->Load(DestFile))
+ {
+ Status = StatError;
+ ErrorText = MetaIndexParser->ErrorText;
+ return;
+ }
+#endif
for (vector <struct IndexTarget*>::const_iterator Target = IndexTargets->begin();
Target != IndexTargets->end();
Target++)
@@ -1493,6 +1532,12 @@ void pkgAcqMetaIndex::Failed(string Message,pkgAcquire::MethodConfig *Cnf)
LookupTag(Message,"Message").c_str());
RunScripts("APT::Update::Auth-Failure");
return;
+ } else if (LookupTag(Message,"Message").find("NODATA") != string::npos) {
+ /* Invalid signature file, reject (LP: #346386) (Closes: #195301) */
+ _error->Error(_("GPG error: %s: %s"),
+ Desc.Description.c_str(),
+ LookupTag(Message,"Message").c_str());
+ return;
} else {
_error->Warning(_("GPG error: %s: %s"),
Desc.Description.c_str(),
diff --git a/debian/changelog b/debian/changelog
index 5f5e23eb1..b1d276d5d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ apt (0.8.15) UNRELEASED; urgency=low
* apt-pkg/depcache.cc:
- Really release action groups only once (Closes: #622744)
- Make purge work again for config-files (LP: #244598) (Closes: #150831)
+ * apt-pkg/acquire-item.cc:
+ - Reject files known to be invalid (LP: #346386) (Closes: #195301)
* debian/apt.cron.daily:
- Check power after wait, patch by manuel-soto (LP: #705269)
* debian/control: