* apt-pkg/indexcopy.cc:

- Verify that the first line of an InRelease file is a PGP header for a signed message. Otherwise a man-in-the-middle can prefix a valid InRelease file with his own data! (CVE-2011-1829)
author: David Kalnischkies <kalnischkies@gmail.com> 2011-06-06 21:29:16 +0200
committer: David Kalnischkies <kalnischkies@gmail.com> 2011-06-06 21:29:16 +0200
commit: 2e3c9d6452e69dcb5c83732fbda27b747bc997f4 (patch)
tree: bc5e845c507f605f956964e45519ed4e73d7d341 /methods
parent: 89a1aa5dd55a3469c92720c7fcb90779f90b61f0 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index efe1f73f7..960c06180 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -65,13 +65,16 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
       return string("Couldn't spawn new process") + strerror(errno);
    else if (pid == 0)
    {
-      if (SigVerify::RunGPGV(outfile, file, 3, fd) == false)
+      _error->PushToStack();
+      bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+      if (success == false)
       {
-	 // TRANSLATOR: %s is the trusted keyring parts directory
-	 ioprintf(ret, _("No keyring installed in %s."),
-		  _config->FindDir("Dir::Etc::TrustedParts").c_str());
-	 return ret.str();
+	 string errmsg;
+	 _error->PopMessage(errmsg);
+	 _error->RevertToStack();
+	 return errmsg;
       }
+      _error->RevertToStack();
       exit(111);
    }
    close(fd[1]);
author	David Kalnischkies <kalnischkies@gmail.com>	2011-06-06 21:29:16 +0200
committer	David Kalnischkies <kalnischkies@gmail.com>	2011-06-06 21:29:16 +0200
commit	2e3c9d6452e69dcb5c83732fbda27b747bc997f4 (patch)
tree	bc5e845c507f605f956964e45519ed4e73d7d341 /methods
parent	89a1aa5dd55a3469c92720c7fcb90779f90b61f0 (diff)