bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
int const &statusfd, int fd[2])
{
+ if (File == FileGPG)
+ {
+ #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
+ char buffer[sizeof(SIGMSG)];
+ FILE* gpg = fopen(File.c_str(), "r");
+ if (gpg == NULL)
+ return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
+ char const * const test = fgets(buffer, sizeof(buffer), gpg);
+ fclose(gpg);
+ if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+ return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
+ #undef SIGMSG
+ }
+
+
string const gpgvpath = _config->Find("Dir::Bin::gpg", "/usr/bin/gpgv");
// FIXME: remove support for deprecated APT::GPGV setting
string const trustedFile = _config->Find("APT::GPGV::TrustedKeyring", _config->FindFile("Dir::Etc::Trusted"));
Args.reserve(30);
if (keyrings.empty() == true)
- return false;
+ {
+ // TRANSLATOR: %s is the trusted keyring parts directory
+ return _error->Error(_("No keyring installed in %s."),
+ _config->FindDir("Dir::Etc::TrustedParts").c_str());
+ }
Args.push_back(gpgvpath.c_str());
Args.push_back("--ignore-time-conflict");
* Galician translation update (Miguel Anxo Bouzada). Closes: #626505
[ David Kalnischkies ]
+ * apt-pkg/indexcopy.cc:
+ - Verify that the first line of an InRelease file is a PGP header
+ for a signed message. Otherwise a man-in-the-middle can prefix
+ a valid InRelease file with his own data! (CVE-2011-1829)
* fix a bunch of cppcheck warnings/errors based on a patch by
Niels Thykier, thanks! (Closes: #622805)
* apt-pkg/depcache.cc:
- show Acquire::Languages and APT::Architectures settings
in 'dump' (Closes: 626739)
- -- David Kalnischkies <kalnischkies@gmail.com> Sat, 28 May 2011 10:54:23 +0200
+ -- David Kalnischkies <kalnischkies@gmail.com> Mon, 06 Jun 2011 21:24:28 +0200
apt (0.8.14.1) unstable; urgency=low
return string("Couldn't spawn new process") + strerror(errno);
else if (pid == 0)
{
- if (SigVerify::RunGPGV(outfile, file, 3, fd) == false)
+ _error->PushToStack();
+ bool const success = SigVerify::RunGPGV(outfile, file, 3, fd);
+ if (success == false)
{
- // TRANSLATOR: %s is the trusted keyring parts directory
- ioprintf(ret, _("No keyring installed in %s."),
- _config->FindDir("Dir::Etc::TrustedParts").c_str());
- return ret.str();
+ string errmsg;
+ _error->PopMessage(errmsg);
+ _error->RevertToStack();
+ return errmsg;
}
+ _error->RevertToStack();
exit(111);
}
close(fd[1]);
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'i386'
+
+insertpackage 'unstable' 'apt' 'i386' '0.8.11'
+
+setupaptarchive
+
+rm -rf rootdir/var/lib/apt/lists
+
+find aptarchive/ -name 'Release.gpg' -delete
+find aptarchive/ -name 'InRelease' -exec cp {} {}.old \;
+
+for RELEASE in $(find aptarchive/ -name 'InRelease'); do
+ (echo 'Origin: Marvin
+Label: Marvin
+Suite: experimental
+Codename: experimental
+MD5Sum:
+ 65fd410587b6978de2277f2912523f09 9360 Packages
+ d27b294ed172a1fa9dd5a53949914c5d 4076 Packages.bz2
+ 2182897e0a2a0c09e760beaae117a015 2023 Packages.diff/Index
+ 1b895931853981ad8204d2439821b999 4144 Packages.gz'; echo; cat ${RELEASE}.old;) > ${RELEASE}
+done
+aptget update -qq > /dev/null 2> starts-with-unsigned.msg
+sed -i 's#File .*InRelease#File InRelease#' starts-with-unsigned.msg
+testfileequal starts-with-unsigned.msg "W: GPG error: file: unstable InRelease: File InRelease doesn't start with a clearsigned message"
HCoop / ntk / apt.git / commitdiff