netrc: Restrict auth.conf entries to https by default

This avoids downgrade attacks where an attacker could inject Location: http://private.example/ and then (having access to raw data to private.example, for example, by opening a port there, or sniffing network traffic) read the credentials for the private repository. Closes: #945911
author: Julian Andres Klode <julian.klode@canonical.com> 2019-12-02 11:46:49 +0100
committer: Julian Andres Klode <julian.klode@canonical.com> 2019-12-02 14:27:38 +0100
commit: 93f33052de84e9aeaf19c92291d043dad2665bbd (patch)
tree: 667c4240b6f6fb9c91ae20b655478508b09d6214 /debian
parent: 1690c3f87ae45a41e8d3e09bf0b1021c008460b9 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
index e8cb4e279..555791602 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+apt (1.9.5) UNRELEASED; urgency=medium
+
+  Credentials in apt_auth.conf(5) now only apply to https and tor+https
+  sources to avoid them being leaked over plaintext (Closes: #945911). To
+  opt-in to http, add http:// before the hostname. Note that this will transmit
+  credentials in plain text, which you do not want on devices that could be
+  operating in an untrusted network.
+
+ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 02 Dec 2019 11:45:52 +0100
+
 apt (1.8.0~alpha3) unstable; urgency=medium
 
   The PATH for running dpkg is now configured by the option DPkg::Path,
author	Julian Andres Klode <julian.klode@canonical.com>	2019-12-02 11:46:49 +0100
committer	Julian Andres Klode <julian.klode@canonical.com>	2019-12-02 14:27:38 +0100
commit	93f33052de84e9aeaf19c92291d043dad2665bbd (patch)
tree	667c4240b6f6fb9c91ae20b655478508b09d6214 /debian
parent	1690c3f87ae45a41e8d3e09bf0b1021c008460b9 (diff)