summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire-item.cc13
-rw-r--r--apt-pkg/contrib/fileutl.cc20
-rw-r--r--apt-pkg/contrib/fileutl.h5
-rw-r--r--apt-pkg/contrib/netrc.cc21
-rw-r--r--apt-pkg/contrib/strutl.cc5
-rw-r--r--apt-pkg/deb/dpkgpm.cc62
-rw-r--r--apt-pkg/indexcopy.cc6
-rw-r--r--apt-pkg/init.cc1
-rw-r--r--apt-pkg/packagemanager.cc4
9 files changed, 115 insertions, 22 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index a30e98858..665dd427e 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -1235,9 +1235,20 @@ void pkgAcqMetaIndex::Done(string Message,unsigned long long Size,string Hash, /
}
else
{
+ // FIXME: move this into pkgAcqMetaClearSig::Done on the next
+ // ABI break
+
+ // if we expect a ClearTextSignature (InRelase), ensure that
+ // this is what we get and if not fail to queue a
+ // Release/Release.gpg, see #346386
+ if (SigFile == DestFile && !StartsWithGPGClearTextSignature(DestFile))
+ {
+ Failed(Message, Cfg);
+ return;
+ }
+
// There was a signature file, so pass it to gpgv for
// verification
-
if (_config->FindB("Debug::pkgAcquire::Auth", false))
std::cerr << "Metaindex acquired, queueing gpg verification ("
<< SigFile << "," << DestFile << ")\n";
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 90e49cbfa..4c224337e 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -852,6 +852,26 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap)
}
/*}}}*/
+// StartsWithGPGClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/
+// ---------------------------------------------------------------------
+/* */
+bool StartsWithGPGClearTextSignature(string const &FileName)
+{
+ static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n";
+ char buffer[strlen(SIGMSG)+1];
+ FILE* gpg = fopen(FileName.c_str(), "r");
+ if (gpg == NULL)
+ return false;
+
+ char const * const test = fgets(buffer, sizeof(buffer), gpg);
+ fclose(gpg);
+ if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+ return false;
+
+ return true;
+}
+
+
// FileFd::Open - Open a file /*{{{*/
// ---------------------------------------------------------------------
/* The most commonly used open mode combinations are given with Mode */
diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h
index 426664d3a..510b1c984 100644
--- a/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@ -180,6 +180,9 @@ bool WaitFd(int Fd,bool write = false,unsigned long timeout = 0);
pid_t ExecFork();
bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
+// check if the given file starts with a PGP cleartext signature
+bool StartsWithGPGClearTextSignature(std::string const &FileName);
+
// File string manipulators
std::string flNotDir(std::string File);
std::string flNotFile(std::string File);
@@ -187,4 +190,6 @@ std::string flNoLink(std::string File);
std::string flExtension(std::string File);
std::string flCombine(std::string Dir,std::string File);
+
+
#endif
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc
index 56e59d84b..2321ef063 100644
--- a/apt-pkg/contrib/netrc.cc
+++ b/apt-pkg/contrib/netrc.cc
@@ -15,6 +15,7 @@
#include <apt-pkg/configuration.h>
#include <apt-pkg/strutl.h>
+#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <iostream>
@@ -39,8 +40,8 @@ enum {
};
/* make sure we have room for at least this size: */
-#define LOGINSIZE 64
-#define PASSWORDSIZE 64
+#define LOGINSIZE 256
+#define PASSWORDSIZE 256
#define NETRC DOT_CHAR "netrc"
/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
@@ -122,11 +123,21 @@ int parsenetrc (char *host, char *login, char *password, char *netrcfile = NULL)
if (specific_login)
state_our_login = !strcasecmp (login, tok);
else
+ {
+ if (strlen(tok) > LOGINSIZE)
+ _error->Error("login token too long %i (max: %i)",
+ strlen(tok), LOGINSIZE);
strncpy (login, tok, LOGINSIZE - 1);
+ }
state_login = 0;
} else if (state_password) {
- if (state_our_login || !specific_login)
+ if (state_our_login || !specific_login)
+ {
+ if (strlen(tok) > PASSWORDSIZE)
+ _error->Error("password token too long %i (max %i)",
+ strlen(tok), PASSWORDSIZE);
strncpy (password, tok, PASSWORDSIZE - 1);
+ }
state_password = 0;
} else if (!strcasecmp ("login", tok))
state_login = 1;
@@ -162,8 +173,8 @@ void maybe_add_auth (URI &Uri, string NetRCFile)
{
if (NetRCFile.empty () == false)
{
- char login[64] = "";
- char password[64] = "";
+ char login[LOGINSIZE] = "";
+ char password[PASSWORDSIZE] = "";
char *netrcfile = strdup(NetRCFile.c_str());
// first check for a generic host based netrc entry
diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc
index ca096d736..df11a80ad 100644
--- a/apt-pkg/contrib/strutl.cc
+++ b/apt-pkg/contrib/strutl.cc
@@ -752,7 +752,8 @@ bool ReadMessages(int Fd, vector<string> &List)
// Look for the end of the message
for (char *I = Buffer; I + 1 < End; I++)
{
- if (I[0] != '\n' || I[1] != '\n')
+ if (I[1] != '\n' ||
+ (strncmp(I, "\n\n", 2) != 0 && strncmp(I, "\r\n\r\n", 4) != 0))
continue;
// Pull the message out
@@ -760,7 +761,7 @@ bool ReadMessages(int Fd, vector<string> &List)
PartialMessage += Message;
// Fix up the buffer
- for (; I < End && *I == '\n'; I++);
+ for (; I < End && (*I == '\r' || *I == '\n'); ++I);
End -= I-Buffer;
memmove(Buffer,I,End-Buffer);
I = Buffer;
diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc
index ae9143e0d..4f0957b8e 100644
--- a/apt-pkg/deb/dpkgpm.cc
+++ b/apt-pkg/deb/dpkgpm.cc
@@ -29,7 +29,6 @@
#include <sys/wait.h>
#include <signal.h>
#include <errno.h>
-#include <string.h>
#include <stdio.h>
#include <string.h>
#include <algorithm>
@@ -1461,7 +1460,7 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
string::size_type pos;
FILE *report;
- if (_config->FindB("Dpkg::ApportFailureReport", false) == false)
+ if (_config->FindB("Dpkg::ApportFailureReport", true) == false)
{
std::clog << "configured to not write apport reports" << std::endl;
return;
@@ -1488,18 +1487,49 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
}
// do not report out-of-memory failures
- if(strstr(errormsg, strerror(ENOMEM)) != NULL) {
+ if(strstr(errormsg, strerror(ENOMEM)) != NULL ||
+ strstr(errormsg, "failed to allocate memory") != NULL) {
std::clog << _("No apport report written because the error message indicates a out of memory error") << std::endl;
return;
}
- // do not report dpkg I/O errors
- // XXX - this message is localized, but this only matches the English version. This is better than nothing.
- if(strstr(errormsg, "short read in buffer_copy (")) {
- std::clog << _("No apport report written because the error message indicates a dpkg I/O error") << std::endl;
+ // do not report bugs regarding inaccessible local files
+ if(strstr(errormsg, strerror(ENOENT)) != NULL ||
+ strstr(errormsg, "cannot access archive") != NULL) {
+ std::clog << _("No apport report written because the error message indicates an issue on the local system") << std::endl;
+ return;
+ }
+
+ // do not report errors encountered when decompressing packages
+ if(strstr(errormsg, "--fsys-tarfile returned error exit status 2") != NULL) {
+ std::clog << _("No apport report written because the error message indicates an issue on the local system") << std::endl;
return;
}
+ // do not report dpkg I/O errors, this is a format string, so we compare
+ // the prefix and the suffix of the error with the dpkg error message
+ vector<string> io_errors;
+ io_errors.push_back(string("failed to read on buffer copy for %s"));
+ io_errors.push_back(string("failed in write on buffer copy for %s"));
+ io_errors.push_back(string("short read on buffer copy for %s"));
+
+ for (vector<string>::iterator I = io_errors.begin(); I != io_errors.end(); I++)
+ {
+ vector<string> list = VectorizeString(dgettext("dpkg", (*I).c_str()), '%');
+ if (list.size() > 1) {
+ // we need to split %s, VectorizeString only allows char so we need
+ // to kill the "s" manually
+ if (list[1].size() > 1) {
+ list[1].erase(0, 1);
+ if(strstr(errormsg, list[0].c_str()) &&
+ strstr(errormsg, list[1].c_str())) {
+ std::clog << _("No apport report written because the error message indicates a dpkg I/O error") << std::endl;
+ return;
+ }
+ }
+ }
+ }
+
// get the pkgname and reportfile
pkgname = flNotDir(pkgpath);
pos = pkgname.find('_');
@@ -1589,6 +1619,24 @@ void pkgDPkgPM::WriteApportReport(const char *pkgpath, const char *errormsg)
{
while( fgets(buf, sizeof(buf), log) != NULL)
fprintf(report, " %s", buf);
+ fprintf(report, " \n");
+ fclose(log);
+ }
+ }
+
+ // attach history log it if we have it
+ string histfile_name = _config->FindFile("Dir::Log::History");
+ if (!histfile_name.empty())
+ {
+ FILE *log = NULL;
+ char buf[1024];
+
+ fprintf(report, "DpkgHistoryLog:\n");
+ log = fopen(histfile_name.c_str(),"r");
+ if(log != NULL)
+ {
+ while( fgets(buf, sizeof(buf), log) != NULL)
+ fprintf(report, " %s", buf);
fclose(log);
}
}
diff --git a/apt-pkg/indexcopy.cc b/apt-pkg/indexcopy.cc
index aa1f01a4a..c0a085316 100644
--- a/apt-pkg/indexcopy.cc
+++ b/apt-pkg/indexcopy.cc
@@ -654,16 +654,12 @@ bool SigVerify::RunGPGV(std::string const &File, std::string const &FileGPG,
{
if (File == FileGPG)
{
- #define SIGMSG "-----BEGIN PGP SIGNED MESSAGE-----\n"
- char buffer[sizeof(SIGMSG)];
FILE* gpg = fopen(File.c_str(), "r");
if (gpg == NULL)
return _error->Errno("RunGPGV", _("Could not open file %s"), File.c_str());
- char const * const test = fgets(buffer, sizeof(buffer), gpg);
fclose(gpg);
- if (test == NULL || strcmp(buffer, SIGMSG) != 0)
+ if (!StartsWithGPGClearTextSignature(File))
return _error->Error(_("File %s doesn't start with a clearsigned message"), File.c_str());
- #undef SIGMSG
}
diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc
index 76278921f..4818174ac 100644
--- a/apt-pkg/init.cc
+++ b/apt-pkg/init.cc
@@ -92,6 +92,7 @@ bool pkgInitConfig(Configuration &Cnf)
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.dpkg-[a-z]+$");
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.save$");
Cnf.Set("Dir::Ignore-Files-Silently::", "\\.orig$");
+ Cnf.Set("Dir::Ignore-Files-Silently::", "\\.distUpgrade$");
// Default cdrom mount point
Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/");
diff --git a/apt-pkg/packagemanager.cc b/apt-pkg/packagemanager.cc
index 9ca6098fd..ed817934b 100644
--- a/apt-pkg/packagemanager.cc
+++ b/apt-pkg/packagemanager.cc
@@ -338,7 +338,7 @@ bool pkgPackageManager::SmartConfigure(PkgIterator Pkg, int const Depth)
however if there is a loop (A depends on B, B depends on A) this will not
be the case, so check for dependencies before configuring. */
bool Bad = false, Changed = false;
- const unsigned int max_loops = _config->FindI("APT::pkgPackageManager::MaxLoopCount", 500);
+ const unsigned int max_loops = _config->FindI("APT::pkgPackageManager::MaxLoopCount", 5000);
unsigned int i=0;
do
{
@@ -602,7 +602,7 @@ bool pkgPackageManager::SmartUnPack(PkgIterator Pkg, bool const Immediate, int c
This will be either dealt with if the package is configured as a dependency of Pkg (if and when Pkg is configured),
or by the ConfigureAll call at the end of the for loop in OrderInstall. */
bool Changed = false;
- const unsigned int max_loops = _config->FindI("APT::pkgPackageManager::MaxLoopCount", 500);
+ const unsigned int max_loops = _config->FindI("APT::pkgPackageManager::MaxLoopCount", 5000);
unsigned int i = 0;
do
{