summaryrefslogtreecommitdiff
path: root/test/integration/skip-bug-711456-apt-cdrom-multiple-cds-multiarch
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2018-01-02 15:14:58 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2018-01-02 23:39:30 +0100
commitdcc0759fea4bf65d5477678e287880927d2cc9be (patch)
tree5fcdb34ffb0c7c7681bdb83afa9922afa75e89ed /test/integration/skip-bug-711456-apt-cdrom-multiple-cds-multiarch
parentb20fd95ef94e302208018a148e98693b0f69c0e6 (diff)
Support cleartext signed InRelease files with CRLF line endings
Commit 89c4c588b275 ("fix from David Kalnischkies for the InRelease gpg verification code (LP: #784473)") amended verification of cleartext signatures by a check whether the file to be verified actually starts with "-----BEGIN PGP SIGNATURE-----\n". However cleartext signed InRelease files have been found in the wild which use \r\n as line ending for this armor header line, presumably generated by a Windows PGP client. Such files are incorrectly deemed unsigned and result in the following (misleading) error: Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?) RFC 4880 specifies in 6.2 Forming ASCII Armor: That is to say, there is always a line ending preceding the starting five dashes, and following the ending five dashes. The header lines, therefore, MUST start at the beginning of a line, and MUST NOT have text other than whitespace following them on the same line. RFC 4880 does not seem to specify whether LF or CRLF is used as line ending for armor headers, but CR is generally considered whitespace (e.g. "man perlrecharclass"), hence using CRLF is legal even under the assumption that LF must be used. SplitClearSignedFile() is stripping whitespace (including CR) on lineend already before matching the string, so StartsWithGPGClearTextSignature() is adapted to use the same ignoring. As the earlier method is responsible for what apt will end up actually parsing nowadays as signed/unsigned this change has no implications for security. Thanks: Lukas Wunner for detailed report & initial patch! References: 89c4c588b275d098af33f36eeddea6fd75068342 Closes: 884922
Diffstat (limited to 'test/integration/skip-bug-711456-apt-cdrom-multiple-cds-multiarch')
0 files changed, 0 insertions, 0 deletions