summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CMakeLists.txt3
-rw-r--r--apt-pkg/contrib/gpgv.cc18
-rw-r--r--apt-private/private-update.cc2
-rw-r--r--debian/changelog18
-rw-r--r--doc/apt-verbatim.ent2
-rw-r--r--doc/po/apt-doc.pot4
-rw-r--r--doc/po/nl.po14
-rw-r--r--po/apt-all.pot4
-rw-r--r--po/it.po33
-rw-r--r--po/nl.po19
-rwxr-xr-xtest/integration/test-bug-921685-binary-detached-signature22
11 files changed, 94 insertions, 45 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7ef657c64..c65f99ccd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -188,7 +188,7 @@ check_cxx_target(HAVE_FMV_SSE42_AND_CRC32DI "sse4.2" "__builtin_ia32_crc32di(0,
# Configure some variables like package, version and architecture.
set(PACKAGE ${PROJECT_NAME})
set(PACKAGE_MAIL "APT Development Team <deity@lists.debian.org>")
-set(PACKAGE_VERSION "1.8.0~rc4")
+set(PACKAGE_VERSION "1.8.0")
if (NOT DEFINED DPKG_DATADIR)
execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;"
@@ -243,6 +243,7 @@ endif()
# Create our directories.
install_empty_directories(
${CONF_DIR}/apt.conf.d
+ ${CONF_DIR}/auth.conf.d
${CONF_DIR}/preferences.d
${CONF_DIR}/sources.list.d
${CONF_DIR}/trusted.gpg.d
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index 35d859849..d956eaf00 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -297,10 +297,24 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
}
if (found_signatures == 0 && statusfd != -1)
{
- // This is not an attack attempt but a file even gpgv would complain about
- // likely the result of a paywall which is covered by the gpgv method
auto const errtag = "[GNUPG:] NODATA\n";
FileFd::Write(fd[1], errtag, strlen(errtag));
+ // guess if this is a binary signature, we never officially supported them,
+ // but silently accepted them via passing them unchecked to gpgv
+ if (found_badcontent)
+ {
+ rewind(detached.get());
+ auto ptag = fgetc(detached.get());
+ // §4.2 says that the first bit is always set and gpg seems to generate
+ // only old format which is indicated by the second bit not set
+ if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0)
+ {
+ apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str());
+ local_exit(112);
+ }
+ }
+ // This is not an attack attempt but a file even gpgv would complain about
+ // likely the result of a paywall which is covered by the gpgv method
local_exit(113);
}
else if (found_badcontent)
diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc
index 4d9d0775d..59d1d6d3f 100644
--- a/apt-private/private-update.cc
+++ b/apt-private/private-update.cc
@@ -139,7 +139,7 @@ bool DoUpdate(CommandLine &CmdL)
else
ioprintf(c1out, msg, upgradable);
- RunScripts("APT::Update-Post-Invoke-Stats");
+ RunScripts("APT::Update::Post-Invoke-Stats");
}
return true;
diff --git a/debian/changelog b/debian/changelog
index 2fe29954b..ea66922bf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+apt (1.8.0) unstable; urgency=medium
+
+ [ David Kalnischkies ]
+ * Add explicit message for unsupported binary signature (Closes: #921685)
+
+ [ Milo Casagrande ]
+ * [l10n] Update Italian translation
+
+ [ Julian Andres Klode ]
+ * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
+ * CMake: Install auth.conf.d directory (LP: #1818996)
+
+ [ Frans Spiesschaert ]
+ * Dutch program translation update (Closes: #923728)
+ * Dutch manpages translation update (Closes: #923834)
+
+ -- Julian Andres Klode <jak@debian.org> Fri, 08 Mar 2019 09:41:20 +0100
+
apt (1.8.0~rc4) unstable; urgency=medium
* update: Provide APT::Update-Post-Invoke-Stats script hook point
diff --git a/doc/apt-verbatim.ent b/doc/apt-verbatim.ent
index 563a1b7f3..c2227ad04 100644
--- a/doc/apt-verbatim.ent
+++ b/doc/apt-verbatim.ent
@@ -268,7 +268,7 @@
">
<!-- this will be updated by 'prepare-release' -->
-<!ENTITY apt-product-version "1.8.0~rc4">
+<!ENTITY apt-product-version "1.8.0">
<!-- (Code)names for various things used all over the place -->
<!ENTITY debian-oldstable-codename "stretch">
diff --git a/doc/po/apt-doc.pot b/doc/po/apt-doc.pot
index f34f3ffac..37287d045 100644
--- a/doc/po/apt-doc.pot
+++ b/doc/po/apt-doc.pot
@@ -5,9 +5,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: apt-doc 1.8.0~rc4\n"
+"Project-Id-Version: apt-doc 1.8.0\n"
"Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2019-02-26 08:33+0100\n"
+"POT-Creation-Date: 2019-03-08 09:41+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
diff --git a/doc/po/nl.po b/doc/po/nl.po
index affac023b..5a7bf81b8 100644
--- a/doc/po/nl.po
+++ b/doc/po/nl.po
@@ -4,10 +4,10 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: apt-doc 1.8.0~beta1\n"
+"Project-Id-Version: apt-doc 1.8.0~rc3\n"
"Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2019-02-10 14:34+0100\n"
-"PO-Revision-Date: 2019-01-30 12:49+0100\n"
+"POT-Creation-Date: 2019-03-08 09:41+0100\n"
+"PO-Revision-Date: 2019-02-16 20:46+0100\n"
"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
"Language: nl\n"
@@ -1241,16 +1241,12 @@ msgstr ""
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-get.8.xml
-#, fuzzy
-#| msgid ""
-#| "A new <literal>list</literal> command is available similar to "
-#| "<literal>dpkg --list</literal>."
msgid ""
"<literal>reinstall</literal> is an alias for <literal>install --reinstall</"
"literal>."
msgstr ""
-"Een nieuw commando <literal>list</literal> staat ter beschikking, "
-"vergelijkbaar met <literal>dpkg --list</literal>."
+"<literal>reinstall</literal> is een alias voor <literal>install --reinstall</"
+"literal>."
#. type: Content of: <refentry><refsect1><variablelist><varlistentry><listitem><para>
#: apt-get.8.xml
diff --git a/po/apt-all.pot b/po/apt-all.pot
index 49f025550..e424d23b9 100644
--- a/po/apt-all.pot
+++ b/po/apt-all.pot
@@ -5,9 +5,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: apt 1.8.0~rc4\n"
+"Project-Id-Version: apt 1.8.0\n"
"Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2019-02-26 08:33+0100\n"
+"POT-Creation-Date: 2019-03-08 09:41+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
diff --git a/po/it.po b/po/it.po
index 738cc78bd..e0167f6cb 100644
--- a/po/it.po
+++ b/po/it.po
@@ -1,15 +1,15 @@
# Italian translation of apt
-# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018 The Free Software Foundation, Inc.
+# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019 The Free Software Foundation, Inc.
# This file is distributed under the same license as the apt package.
# Samuele Giovanni Tonon <samu@debian.org>, 2002.
-# Milo Casagrande <milo@milo.name>, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018.
+# Milo Casagrande <milo@milo.name>, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019.
#
msgid ""
msgstr ""
"Project-Id-Version: apt\n"
"Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2019-02-04 15:34+0100\n"
-"PO-Revision-Date: 2018-12-04 09:33+0100\n"
+"POT-Creation-Date: 2019-02-26 08:33+0100\n"
+"PO-Revision-Date: 2019-03-04 11:05+0100\n"
"Last-Translator: Milo Casagrande <milo@milo.name>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
"Language: it\n"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n!=1);\n"
-"X-Generator: Poedit 2.1.1\n"
+"X-Generator: Poedit 2.2.1\n"
#: apt-inst/contrib/arfile.cc
msgid "Invalid archive signature"
@@ -433,6 +433,8 @@ msgid ""
"The method '%s' is unsupported and disabled by default. Consider switching "
"to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again."
msgstr ""
+"Il metodo \"%s\" non è supportato ed è disabilitato: passare a http(s). Per "
+"abilitarlo nuovamente, impostare Dir::Bin::Methods::%s a \"%s\"."
#: apt-pkg/acquire-worker.cc
#, c-format
@@ -1632,6 +1634,8 @@ msgstr "Impossibile comprendere il tipo di gancio %s"
msgid ""
"%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records"
msgstr ""
+"%s: il valore speciale \"Pin-Priority: %s\" può essere usato solamente con "
+"voci \"Package: *\""
#: apt-pkg/policy.cc
#, c-format
@@ -2944,10 +2948,8 @@ msgid "Install new packages (pkg is libc6 not libc6.deb)"
msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)"
#: cmdline/apt-get.cc
-#, fuzzy
-#| msgid "Install new packages (pkg is libc6 not libc6.deb)"
msgid "Reinstall packages (pkg is libc6 not libc6.deb)"
-msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)"
+msgstr "Installa nuovamente pacchetti (PKG è libc6 non libc6.deb)"
#: cmdline/apt-get.cc
msgid "Remove packages"
@@ -3102,13 +3104,11 @@ msgstr "%s è già stato impostato come installato automaticamente.\n"
#: cmdline/apt-mark.cc
msgid "No changes necessary"
-msgstr ""
+msgstr "Nessuna modifica necessaria"
#: cmdline/apt-mark.cc
-#, fuzzy
-#| msgid "The following NEW packages will be installed:"
msgid "The following packages will be marked as automatically installed:"
-msgstr "I seguenti pacchetti NUOVI saranno installati:"
+msgstr "I seguenti pacchetti verranno segnati come installati automaticamente:"
#: cmdline/apt-mark.cc
#, c-format
@@ -3177,10 +3177,9 @@ msgid "Mark the given packages as manually installed"
msgstr "Segna i pacchetti forniti come installati manualmente"
#: cmdline/apt-mark.cc
-#, fuzzy
-#| msgid "Mark the given packages as automatically installed"
msgid "Mark all dependencies of meta packages as automatically installed."
-msgstr "Segna i pacchetti forniti come installati automaticamente"
+msgstr ""
+"Segna tutte le dipendenze dei meta pacchetti come installate automaticamente"
#: cmdline/apt-mark.cc
msgid "Mark a package as held back"
@@ -3260,10 +3259,8 @@ msgid "install packages"
msgstr "Installa pacchetti"
#: cmdline/apt.cc
-#, fuzzy
-#| msgid "install packages"
msgid "reinstall packages"
-msgstr "Installa pacchetti"
+msgstr "Installa nuovamente pacchetti"
#: cmdline/apt.cc
msgid "remove packages"
diff --git a/po/nl.po b/po/nl.po
index b758d70ee..3b53dc953 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -10,10 +10,10 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: apt 1.8.0~beta1\n"
+"Project-Id-Version: apt 1.8.0~rc3\n"
"Report-Msgid-Bugs-To: APT Development Team <deity@lists.debian.org>\n"
-"POT-Creation-Date: 2019-02-10 13:19+0100\n"
-"PO-Revision-Date: 2019-01-29 17:31+0100\n"
+"POT-Creation-Date: 2019-03-08 09:41+0100\n"
+"PO-Revision-Date: 2019-02-16 20:35+0100\n"
"Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
"Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
"Language: nl\n"
@@ -439,6 +439,9 @@ msgid ""
"The method '%s' is unsupported and disabled by default. Consider switching "
"to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again."
msgstr ""
+"Methode '%s' wordt niet ondersteund en is standaard uitgeschakeld. U "
+"schakelt best over op http(s). Stel Dir::Bin::Methods::%s in op \"%s\" om "
+"deze opnieuw in te schakelen."
#: apt-pkg/acquire-worker.cc
#, c-format
@@ -1632,6 +1635,8 @@ msgstr "Pintype %s wordt niet begrepen"
msgid ""
"%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records"
msgstr ""
+"%s: Het bijzondere 'Pin-Priority: %s' kan enkel gebruikt worden voor "
+"structuren van het type 'Package: *'"
#: apt-pkg/policy.cc
#, c-format
@@ -2937,10 +2942,8 @@ msgid "Install new packages (pkg is libc6 not libc6.deb)"
msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)"
#: cmdline/apt-get.cc
-#, fuzzy
-#| msgid "Install new packages (pkg is libc6 not libc6.deb)"
msgid "Reinstall packages (pkg is libc6 not libc6.deb)"
-msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)"
+msgstr "Pakketten opnieuw installeren (pakket is libc6, niet libc6.deb)"
#: cmdline/apt-get.cc
msgid "Remove packages"
@@ -3247,10 +3250,8 @@ msgid "install packages"
msgstr "pakketten installeren"
#: cmdline/apt.cc
-#, fuzzy
-#| msgid "install packages"
msgid "reinstall packages"
-msgstr "pakketten installeren"
+msgstr "pakketten opnieuw installeren"
#: cmdline/apt.cc
msgid "remove packages"
diff --git a/test/integration/test-bug-921685-binary-detached-signature b/test/integration/test-bug-921685-binary-detached-signature
new file mode 100755
index 000000000..df863197a
--- /dev/null
+++ b/test/integration/test-bug-921685-binary-detached-signature
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+setupenvironment
+configarchitecture 'amd64'
+
+insertpackage 'unstable' 'foo' 'all' '1'
+
+buildaptarchive
+setupdistsaptarchive
+
+for RELEASE in $(find aptarchive -name 'Release'); do
+ # note the missing --armor
+ dosigning "keys/joesixpack" --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}"
+done
+
+testfailure apt show foo
+testfailure aptget update
+testsuccess grep 'W: .* Detached signature file .* is in unsupported binary format' rootdir/tmp/testfailure.output
+testfailure apt show foo