diff options
Diffstat (limited to 'apt-pkg')
| -rw-r--r-- | apt-pkg/acquire-item.cc | 10 | ||||
| -rw-r--r-- | apt-pkg/deb/debmetaindex.cc | 19 |
2 files changed, 25 insertions, 4 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 54a50ff34..7f31d1449 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1075,6 +1075,16 @@ void pkgAcqMetaBase::QueueIndexes(bool const verify) /*{{{*/ strprintf(ErrorText, _("Unable to find expected entry '%s' in Release file (Wrong sources.list entry or malformed file)"), Target->MetaKey.c_str()); return; } + else + { + auto const hashes = GetExpectedHashesFor(Target->MetaKey); + if (hashes.usable() == false && hashes.empty() == false) + { + _error->Warning(_("Skipping acquire of configured file '%s' as repository '%s' provides only weak security information for it"), + Target->MetaKey.c_str(), TransactionManager->Target.Description.c_str()); + continue; + } + } // autoselect the compression method std::vector<std::string> types = VectorizeString(Target->Option(IndexTarget::COMPRESSIONTYPES), ' '); diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc index 930286a41..c8026aedf 100644 --- a/apt-pkg/deb/debmetaindex.cc +++ b/apt-pkg/deb/debmetaindex.cc @@ -348,9 +348,11 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro } bool FoundHashSum = false; - for (int i=0;HashString::SupportedHashes()[i] != NULL; i++) + bool FoundStrongHashSum = false; + auto const SupportedHashes = HashString::SupportedHashes(); + for (int i=0; SupportedHashes[i] != NULL; i++) { - if (!Section.Find(HashString::SupportedHashes()[i], Start, End)) + if (!Section.Find(SupportedHashes[i], Start, End)) continue; std::string Name; @@ -361,17 +363,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro if (!parseSumData(Start, End, Name, Hash, Size)) return false; + HashString const hs(SupportedHashes[i], Hash); if (Entries.find(Name) == Entries.end()) { metaIndex::checkSum *Sum = new metaIndex::checkSum; Sum->MetaKeyFilename = Name; Sum->Size = Size; Sum->Hashes.FileSize(Size); - APT_IGNORE_DEPRECATED(Sum->Hash = HashString(HashString::SupportedHashes()[i],Hash);) + APT_IGNORE_DEPRECATED(Sum->Hash = hs;) Entries[Name] = Sum; } - Entries[Name]->Hashes.push_back(HashString(HashString::SupportedHashes()[i],Hash)); + Entries[Name]->Hashes.push_back(hs); FoundHashSum = true; + if (FoundStrongHashSum == false && hs.usable() == true) + FoundStrongHashSum = true; } } @@ -381,6 +386,12 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro strprintf(*ErrorText, _("No Hash entry in Release file %s"), Filename.c_str()); return false; } + if(FoundStrongHashSum == false) + { + if (ErrorText != NULL) + strprintf(*ErrorText, _("No Hash entry in Release file %s, which is considered strong enough for security purposes"), Filename.c_str()); + return false; + } std::string const StrDate = Section.FindS("Date"); if (RFC1123StrToTime(StrDate.c_str(), Date) == false) |