diff options
-rw-r--r-- | apt-private/private-download.cc | 5 | ||||
-rw-r--r-- | apt-private/private-download.h | 6 | ||||
-rw-r--r-- | cmdline/apt-get.cc | 9 | ||||
-rw-r--r-- | debian/changelog | 14 | ||||
-rw-r--r-- | test/integration/test-apt-get-source-authenticated | 31 |
5 files changed, 62 insertions, 3 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc index a095f0c67..be7d23c31 100644 --- a/apt-private/private-download.cc +++ b/apt-private/private-download.cc @@ -28,6 +28,11 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser) if (UntrustedList == "") return true; + return AuthPrompt(UntrustedList, PromptUser); +} + +bool AuthPrompt(std::string UntrustedList, bool const PromptUser) +{ ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,""); if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) diff --git a/apt-private/private-download.h b/apt-private/private-download.h index a108aa531..a90ac7eaa 100644 --- a/apt-private/private-download.h +++ b/apt-private/private-download.h @@ -5,7 +5,13 @@ class pkgAcquire; +// Check if all files in the fetcher are authenticated APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser); + +// show a authentication warning prompt and return true if the system +// should continue +APT_PUBLIC bool AuthPrompt(std::string UntrustedList, bool const PromptUser); + APT_PUBLIC bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure); #endif diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index e7fd4bfb8..7a77ace74 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -76,7 +76,6 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> -#include <sys/ioctl.h> #include <sys/stat.h> #include <sys/statfs.h> #include <sys/statvfs.h> @@ -756,6 +755,7 @@ static bool DoSource(CommandLine &CmdL) // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -764,6 +764,9 @@ static bool DoSource(CommandLine &CmdL) if (Last == 0) { return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); } + + if (Last->Index().IsTrusted() == false) + UntrustedList += Src + " "; string srec = Last->AsStr(); string::size_type pos = srec.find("\nVcs-"); @@ -847,6 +850,10 @@ static bool DoSource(CommandLine &CmdL) Last->Index().SourceInfo(*Last,*I),Src); } } + + // check authentication status of the source as well + if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) + return false; // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); diff --git a/debian/changelog b/debian/changelog index 5bf131080..419e4ba77 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -apt (1.0.1ubuntu2.1) UNRELEASED; urgency=medium +apt (1.0.1ubuntu2.2) UNRELEASED; urgency=medium * Implement CacheDB for source packages in apt-ftparchive LP: #1329212 @@ -7,7 +7,17 @@ apt (1.0.1ubuntu2.1) UNRELEASED; urgency=medium * Add compat mode for old (32bit FileSize) CacheDB (LP: #1274466) * fix tests and add db-util to the test dependencies - -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Jun 2014 09:54:47 +0200 + -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 18 Jun 2014 10:56:19 +0200 + +apt (1.0.1ubuntu2.1) trusty-security; urgency=low + + * SECURITY UPDATE: incorrect apt-get source validation (LP: #1329274) + - warn if not authenticated in apt-private/private-download.*, + cmdline/apt-get.cc, added regression test to + test/integration/test-apt-get-source-authenticated. + - CVE-2014-0478 + + -- Michael Vogt <michael.vogt@ubuntu.com> Thu, 12 Jun 2014 13:57:38 +0200 apt (1.0.1ubuntu2) trusty; urgency=low diff --git a/test/integration/test-apt-get-source-authenticated b/test/integration/test-apt-get-source-authenticated new file mode 100644 index 000000000..2cee13923 --- /dev/null +++ b/test/integration/test-apt-get-source-authenticated @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Regression test for debian bug #749795. Ensure that we fail with +# a error if apt-get source foo will download a source that comes +# from a unauthenticated repository +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# a "normal" package with source and binary +buildsimplenativepackage 'foo' 'all' '2.0' + +setupaptarchive --no-update + +APTARCHIVE=$(readlink -f ./aptarchive) +rm -f $APTARCHIVE/dists/unstable/*Release* + +# update without authenticated InRelease file +testsuccess aptget update + +# this all should fail +testfailure aptget install -y foo +testfailure aptget source foo + +# allow overriding the warning +testsuccess aptget source --allow-unauthenticated foo |