diff options
-rw-r--r-- | cmdline/apt-get.cc | 51 | ||||
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | test/integration/framework | 34 | ||||
-rw-r--r-- | test/integration/test-apt-get-source-authenticated | 31 |
4 files changed, 104 insertions, 19 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 1bb981b20..112b7ca3f 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -1046,25 +1046,8 @@ bool CacheFile::CheckDeps(bool AllowBroken) return true; } /*}}}*/ -// CheckAuth - check if each download comes form a trusted source /*{{{*/ -// --------------------------------------------------------------------- -/* */ -static bool CheckAuth(pkgAcquire& Fetcher) +static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) { - string UntrustedList; - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) - { - if (!(*I)->IsTrusted()) - { - UntrustedList += string((*I)->ShortDesc()) + " "; - } - } - - if (UntrustedList == "") - { - return true; - } - ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,""); if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) @@ -1073,6 +1056,9 @@ static bool CheckAuth(pkgAcquire& Fetcher) return true; } + if (PromptUser == false) + return _error->Error(_("Some packages could not be authenticated")); + if (_config->FindI("quiet",0) < 2 && _config->FindB("APT::Get::Assume-Yes",false) == false) { @@ -1090,6 +1076,27 @@ static bool CheckAuth(pkgAcquire& Fetcher) return _error->Error(_("There are problems and -y was used without --force-yes")); } /*}}}*/ +// CheckAuth - check if each download comes form a trusted source /*{{{*/ +// --------------------------------------------------------------------- +/* */ +static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true) +{ + string UntrustedList; + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) + { + if (!(*I)->IsTrusted()) + { + UntrustedList += string((*I)->ShortDesc()) + " "; + } + } + + if (UntrustedList == "") + { + return true; + } + + return AuthPrompt(UntrustedList, PromptUser); +} // InstallPackages - Actually download and install the packages /*{{{*/ // --------------------------------------------------------------------- /* This displays the informative messages describing what is going to @@ -2483,6 +2490,7 @@ bool DoSource(CommandLine &CmdL) // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -2492,6 +2500,9 @@ bool DoSource(CommandLine &CmdL) delete[] Dsc; return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); } + + if (Last->Index().IsTrusted() == false) + UntrustedList += Src + " "; string srec = Last->AsStr(); string::size_type pos = srec.find("\nVcs-"); @@ -2576,6 +2587,10 @@ bool DoSource(CommandLine &CmdL) Last->Index().SourceInfo(*Last,*I),Src); } } + + // check authentication status of the source as well + if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) + return false; // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); diff --git a/debian/changelog b/debian/changelog index 6279b74c2..e6599757f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +apt (0.9.7.9+deb7u2) wheezy-security; urgency=high + + * SECURITY UPDATE: apt-get source validation (closes: #749795) + - CVE-2014-0478 + + -- Michael Vogt <mvo@debian.org> Thu, 12 Jun 2014 12:47:25 +0200 + apt (0.9.7.9+deb7u1) wheezy; urgency=low * Non-maintainer upload. diff --git a/test/integration/framework b/test/integration/framework index 1c4872c8e..8a630a22c 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -130,7 +130,7 @@ setupenvironment() { mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p var/cache var/lib var/log + mkdir -p var/cache var/lib var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt @@ -858,3 +858,35 @@ pause() { local IGNORE read IGNORE } + +testsuccess() { + if [ "$1" = '--nomsg' ]; then + shift + else + msgtest 'Test for successful execution of' "$*" + fi + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output" + if $@ >${OUTPUT} 2>&1; then + msgpass + else + echo >&2 + cat >&2 $OUTPUT + msgfail + fi +} + +testfailure() { + if [ "$1" = '--nomsg' ]; then + shift + else + msgtest 'Test for failure in execution of' "$*" + fi + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" + if $@ >${OUTPUT} 2>&1; then + echo >&2 + cat >&2 $OUTPUT + msgfail + else + msgpass + fi +} diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated new file mode 100644 index 000000000..2cee13923 --- /dev/null +++ b/test/integration/test-apt-get-source-authenticated @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Regression test for debian bug #749795. Ensure that we fail with +# a error if apt-get source foo will download a source that comes +# from a unauthenticated repository +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# a "normal" package with source and binary +buildsimplenativepackage 'foo' 'all' '2.0' + +setupaptarchive --no-update + +APTARCHIVE=$(readlink -f ./aptarchive) +rm -f $APTARCHIVE/dists/unstable/*Release* + +# update without authenticated InRelease file +testsuccess aptget update + +# this all should fail +testfailure aptget install -y foo +testfailure aptget source foo + +# allow overriding the warning +testsuccess aptget source --allow-unauthenticated foo |