diff options
Diffstat (limited to 'apt-pkg')
| -rw-r--r-- | apt-pkg/acquire-item.cc | 18 | ||||
| -rw-r--r-- | apt-pkg/acquire-item.h | 3 | ||||
| -rw-r--r-- | apt-pkg/contrib/configuration.cc | 2 | ||||
| -rw-r--r-- | apt-pkg/contrib/md5.cc | 2 | ||||
| -rw-r--r-- | apt-pkg/deb/deblistparser.cc | 6 | ||||
| -rw-r--r-- | apt-pkg/deb/deblistparser.h | 1 | ||||
| -rw-r--r-- | apt-pkg/pkgcache.cc | 58 |
7 files changed, 74 insertions, 16 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 83c793093..755e1fb59 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1464,8 +1464,20 @@ bool pkgAcqMetaBase::CheckDownloadDone(pkgAcqTransactionItem * const I, const st return true; } /*}}}*/ -bool pkgAcqMetaBase::CheckAuthDone(string const &Message) /*{{{*/ +bool pkgAcqMetaBase::CheckAuthDone(string const &Message, pkgAcquire::MethodConfig const *const Cnf) /*{{{*/ { + /* If we work with a recent version of our gpgv method, we expect that it tells us + which key(s) have signed the file so stuff like CVE-2018-0501 is harder in the future */ + if (Cnf->Version != "1.0" && LookupTag(Message, "Signed-By").empty()) + { + std::string errmsg; + strprintf(errmsg, "Internal Error: Signature on %s seems good, but expected details are missing! (%s)", Target.URI.c_str(), "Signed-By"); + if (ErrorText.empty()) + ErrorText = errmsg; + Status = StatAuthError; + return _error->Error("%s", errmsg.c_str()); + } + // At this point, the gpgv method has succeeded, so there is a // valid signature from a key in the trusted keyring. We // perform additional verification of its contents, and use them @@ -1946,7 +1958,7 @@ void pkgAcqMetaClearSig::Done(std::string const &Message, QueueForSignatureVerify(this, DestFile, DestFile); return; } - else if(CheckAuthDone(Message) == true) + else if (CheckAuthDone(Message, Cnf) == true) { if (TransactionManager->IMSHit == false) TransactionManager->TransactionStageCopy(this, DestFile, GetFinalFilename()); @@ -2190,7 +2202,7 @@ void pkgAcqMetaSig::Done(string const &Message, HashStringList const &Hashes, } return; } - else if(MetaIndex->CheckAuthDone(Message) == true) + else if (MetaIndex->CheckAuthDone(Message, Cfg) == true) { auto const Releasegpg = GetFinalFilename(); auto const Release = MetaIndex->GetFinalFilename(); diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 4a1378922..70651d9e3 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -451,8 +451,9 @@ class APT_HIDDEN pkgAcqMetaBase : public pkgAcqTransactionItem /*{{{*/ * * \param Message The message block received from the fetch * subprocess. + * \param Cnf The method and its configuration which handled the request */ - bool CheckAuthDone(std::string const &Message); + bool CheckAuthDone(std::string const &Message, pkgAcquire::MethodConfig const *const Cnf); /** Check if the current item should fail at this point */ bool CheckStopAuthentication(pkgAcquire::Item * const I, const std::string &Message); diff --git a/apt-pkg/contrib/configuration.cc b/apt-pkg/contrib/configuration.cc index 1c000e586..997ef7423 100644 --- a/apt-pkg/contrib/configuration.cc +++ b/apt-pkg/contrib/configuration.cc @@ -252,7 +252,7 @@ Configuration::Item *Configuration::Lookup(Item *Head,const char *S, if (Len != 0) { for (; I != 0; Last = &I->Next, I = I->Next) - if ((Res = stringcasecmp(I->Tag,S,S + Len)) == 0) + if (Len == I->Tag.length() && (Res = stringcasecmp(I->Tag,S,S + Len)) == 0) break; } else diff --git a/apt-pkg/contrib/md5.cc b/apt-pkg/contrib/md5.cc index 21e3f0afd..c3b529922 100644 --- a/apt-pkg/contrib/md5.cc +++ b/apt-pkg/contrib/md5.cc @@ -80,7 +80,7 @@ static void byteSwap(uint32_t *buf, unsigned words) static void MD5Transform(uint32_t buf[4], uint32_t const in[16]) { - register uint32_t a, b, c, d; + uint32_t a, b, c, d; a = buf[0]; b = buf[1]; diff --git a/apt-pkg/deb/deblistparser.cc b/apt-pkg/deb/deblistparser.cc index e8dff833d..80ca10e37 100644 --- a/apt-pkg/deb/deblistparser.cc +++ b/apt-pkg/deb/deblistparser.cc @@ -61,6 +61,7 @@ debListParser::debListParser(FileFd *File) : else forceEssential.emplace_back("apt"); forceImportant = _config->FindVector("pkgCacheGen::ForceImportant"); + myArch = _config->Find("APT::Architecture"); } /*}}}*/ // ListParser::Package - Return the package name /*{{{*/ @@ -621,12 +622,11 @@ const char *debListParser::ParseDepends(const char *Start,const char *Stop, // We don't want to confuse library users which can't handle MultiArch if (StripMultiArch == true) { - string const arch = _config->Find("APT::Architecture"); size_t const found = Package.rfind(':'); if (found != StringView::npos && (Package.substr(found) == ":any" || Package.substr(found) == ":native" || - Package.substr(found +1) == arch)) + Package.substr(found +1) == Arch)) Package = Package.substr(0,found); } @@ -848,7 +848,7 @@ bool debListParser::ParseDepends(pkgCache::VerIterator &Ver, StringView Version; unsigned int Op; - Start = ParseDepends(Start, Stop, Package, Version, Op, false, false, false); + Start = ParseDepends(Start, Stop, Package, Version, Op, false, false, false, myArch); if (Start == 0) return _error->Error("Problem parsing dependency %zu",static_cast<size_t>(Key)); // TODO size_t const found = Package.rfind(':'); diff --git a/apt-pkg/deb/deblistparser.h b/apt-pkg/deb/deblistparser.h index 09b56665f..f02252d58 100644 --- a/apt-pkg/deb/deblistparser.h +++ b/apt-pkg/deb/deblistparser.h @@ -45,6 +45,7 @@ class APT_HIDDEN debListParser : public pkgCacheListParser std::vector<std::string> forceEssential; std::vector<std::string> forceImportant; std::string MD5Buffer; + std::string myArch; protected: pkgTagFile Tags; diff --git a/apt-pkg/pkgcache.cc b/apt-pkg/pkgcache.cc index 058e389a5..041f0b957 100644 --- a/apt-pkg/pkgcache.cc +++ b/apt-pkg/pkgcache.cc @@ -231,10 +231,54 @@ map_id_t pkgCache::sHash(const char *Str) const return Hash % HeaderP->GetHashTableSize(); } +#if defined(__GNUC__) && defined(__x86_64__) && defined(__ELF__) + +#if defined(__x86_64__) +__attribute__((target("sse4.2"))) static uint32_t hash32(uint32_t crc32, const unsigned char *input, size_t size) +{ + if (input == nullptr) + return 0; + + crc32 ^= 0xffffffffU; + while (size >= 8) { + crc32 = __builtin_ia32_crc32di(crc32, *(uint64_t *)input); + input += 8; + size -= 8; + } + + if (size >= 4) { + crc32 = __builtin_ia32_crc32si(crc32, *(uint32_t *)input); + input += 4; + size -= 4; + } + + if (size >= 2) { + crc32 = __builtin_ia32_crc32hi(crc32, *(uint16_t *)input); + input += 2; + size -= 2; + } + + if (size >= 1) { + crc32 = __builtin_ia32_crc32qi(crc32, *(uint8_t *)input); + input += 1; + size -= 1; + } + crc32 ^= 0xffffffffU; + return crc32; +} +#endif + +__attribute__((target("default"))) +#endif +static uint32_t hash32(uint32_t crc32, const unsigned char *input, size_t size) +{ + return adler32(crc32, input, size); +} + uint32_t pkgCache::CacheHash() { pkgCache::Header header = {}; - uLong adler = adler32(0L, Z_NULL, 0); + uLong adler = hash32(0L, Z_NULL, 0); if (Map.Size() < sizeof(header)) return adler; @@ -243,14 +287,14 @@ uint32_t pkgCache::CacheHash() header.Dirty = false; header.CacheFileSize = 0; - adler = adler32(adler, - reinterpret_cast<const unsigned char *>(&header), - sizeof(header)); + adler = hash32(adler, + reinterpret_cast<const unsigned char *>(&header), + sizeof(header)); if (Map.Size() > sizeof(header)) { - adler = adler32(adler, - static_cast<const unsigned char *>(GetMap().Data()) + sizeof(header), - GetMap().Size() - sizeof(header)); + adler = hash32(adler, + static_cast<const unsigned char *>(GetMap().Data()) + sizeof(header), + GetMap().Size() - sizeof(header)); } return adler; |