From 1ddb859611d2e0f3d9ea12085001810f689e8c99 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 19:27:49 +0200 Subject: * apt-pkg/indexrecords.cc: - backport forgotten Valid-Until patch from the obsolete experimental branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897) --- apt-pkg/acquire-item.cc | 12 ++++++- apt-pkg/indexrecords.cc | 38 ++++++++++++++++++++-- apt-pkg/indexrecords.h | 4 +++ debian/changelog | 4 +++ test/pre-upload-check.py | 14 ++++++++ .../sources.list.all-validuntil-broken | 1 + 6 files changed, 70 insertions(+), 3 deletions(-) create mode 100644 test/testsources.list/sources.list.all-validuntil-broken diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index c035b9163..4a846804e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -33,6 +33,7 @@ #include #include #include +#include /*}}}*/ using namespace std; @@ -1177,6 +1178,15 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ Transformed = ""; } + if (_config->FindB("Acquire::Check-Valid-Until", true)) { + if (MetaIndexParser->GetValidUntil() > 0 && + time(NULL) > MetaIndexParser->GetValidUntil()) { + return _error->Error(_("Release file expired, ignoring %s (valid until %s)"), + RealURI.c_str(), + TimeRFC1123(MetaIndexParser->GetValidUntil()).c_str()); + } + } + if (_config->FindB("Debug::pkgAcquire::Auth", false)) { std::cerr << "Got Codename: " << MetaIndexParser->GetDist() << std::endl; @@ -1194,7 +1204,7 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ // return false; if (!Transformed.empty()) { - _error->Warning("Conflicting distribution: %s (expected %s but got %s)", + _error->Warning(_("Conflicting distribution: %s (expected %s but got %s)"), Desc.Description.c_str(), Transformed.c_str(), MetaIndexParser->GetDist().c_str()); diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 1fc27b1a1..24ed02ba5 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -7,8 +7,11 @@ #include #include #include +#include #include #include +#include + /*}}}*/ string indexRecords::GetDist() const { @@ -26,6 +29,11 @@ string indexRecords::GetExpectedDist() const return this->ExpectedDist; } +time_t indexRecords::GetValidUntil() const +{ + return this->ValidUntil; +} + const indexRecords::checkSum *indexRecords::Lookup(const string MetaKey) { return Entries[MetaKey]; @@ -82,7 +90,33 @@ bool indexRecords::Load(const string Filename) /*{{{*/ return false; } - string Strdate = Section.FindS("Date"); // FIXME: verify this somehow? + string Label = Section.FindS("Label"); + string StrDate = Section.FindS("Date"); + string StrValidUntil = Section.FindS("Valid-Until"); + + // if we have a Valid-Until header, use it + if (!StrValidUntil.empty()) + { + // set ValidUntil based on the information in the Release file + if(!StrToTime(StrValidUntil, ValidUntil)) + { + ErrorText = _(("Invalid 'Valid-Until' entry in Release file " + Filename).c_str()); + return false; + } + } else { + // if we don't have a valid-until string, check if we have a default + if (!Label.empty()) + { + int MaxAge = _config->FindI(string("apt::acquire::max-default-age::"+Label).c_str(),0); + if(MaxAge > 0 && !StrToTime(StrDate, ValidUntil)) + { + ErrorText = _(("Invalid 'Date' entry in Release file " + Filename).c_str()); + return false; + } + ValidUntil += 24*60*60*MaxAge; + } + } + return true; } /*}}}*/ @@ -160,6 +194,6 @@ indexRecords::indexRecords() } indexRecords::indexRecords(const string ExpectedDist) : - ExpectedDist(ExpectedDist) + ExpectedDist(ExpectedDist), ValidUntil(0) { } diff --git a/apt-pkg/indexrecords.h b/apt-pkg/indexrecords.h index 468d2bd0f..500cf23c4 100644 --- a/apt-pkg/indexrecords.h +++ b/apt-pkg/indexrecords.h @@ -12,6 +12,7 @@ #include #include +#include class indexRecords { @@ -25,6 +26,8 @@ class indexRecords string Dist; string Suite; string ExpectedDist; + time_t ValidUntil; + std::map Entries; public: @@ -38,6 +41,7 @@ class indexRecords virtual bool Load(string Filename); string GetDist() const; + time_t GetValidUntil() const; virtual bool CheckDist(const string MaybeDist) const; string GetExpectedDist() const; virtual ~indexRecords(){}; diff --git a/debian/changelog b/debian/changelog index 3771ca415..d8fb57757 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,10 @@ apt (0.7.26~exp5) experimental; urgency=low [ David Kalnischkies ] + * apt-pkg/indexrecords.cc: + - backport forgotten Valid-Until patch from the obsolete experimental + branch to prevent replay attacks better, thanks to Thomas Viehmann + for the initial patch! (Closes: #499897) * cmdline/apt-get.cc: - rerun dpkg-source in source if --fix-broken is given (Closes: #576752) - don't suggest held packages as they are installed (Closes: #578135) diff --git a/test/pre-upload-check.py b/test/pre-upload-check.py index 268b3d672..e2dfecbd3 100755 --- a/test/pre-upload-check.py +++ b/test/pre-upload-check.py @@ -95,6 +95,20 @@ class testAuthentication(unittest.TestCase): self.assert_(len(glob.glob("/var/lib/apt/lists/partial/*")) == 0, "partial/ dir has leftover files: %s" % glob.glob("/var/lib/apt/lists/partial/*")) + def testValid(self): + for f in glob.glob("testsources.list/sources.list*validuntil*"): + self._cleanup() + (prefix, testtype, result) = f.split("-") + expected_res = self._expectedRes(result) + cmd = ["update"] + res = call([self.apt,"-o","Dir::Etc::sourcelist=./%s" % f]+cmd+apt_args, + stdout=stdout, stderr=stderr) + self.assert_(res == expected_res, + "test '%s' failed (got %s expected %s" % (f,res,expected_res)) + if expected_res == 0: + self.assert_(len(glob.glob("/var/lib/apt/lists/partial/*")) == 0, + "partial/ dir has leftover files: %s" % glob.glob("/var/lib/apt/lists/partial/*")) + class testLocalRepositories(unittest.TestCase): " test local repository regressions " diff --git a/test/testsources.list/sources.list.all-validuntil-broken b/test/testsources.list/sources.list.all-validuntil-broken new file mode 100644 index 000000000..bab59bb81 --- /dev/null +++ b/test/testsources.list/sources.list.all-validuntil-broken @@ -0,0 +1 @@ +deb http://people.ubuntu.com/~mvo/apt/auth-test-suit/all-validuntil-broken/ / -- cgit v1.2.3 From cd8cf88f0e64e222e9fdcbf86e6cbbe09306040e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 22:46:42 +0200 Subject: * apt-pkg/contrib/strutl.cc: - split StrToTime() into HTTP1.1 and FTP date parser methods and use strptime() instead of some selfmade scanf mangling --- apt-pkg/contrib/strutl.cc | 36 ++++++++++++++++++++++++++++++++++++ apt-pkg/contrib/strutl.h | 4 +++- debian/changelog | 3 +++ 3 files changed, 42 insertions(+), 1 deletion(-) diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index c7d63ce8a..96e8143ec 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -855,6 +855,42 @@ static time_t timegm(struct tm *t) } #endif /*}}}*/ +// FullDateToTime - Converts a HTTP1.1 full date strings into a time_t /*{{{*/ +// --------------------------------------------------------------------- +/* tries to parses a full date as specified in RFC2616 Section 3.3.1 + with one exception: All timezones (%Z) are accepted but the protocol + says that it MUST be GMT, but this one is equal to UTC which we will + encounter from time to time (e.g. in Release files) so we accept all + here and just assume it is GMT (or UTC) later on */ +bool RFC1123StrToTime(const char* const str,time_t &time) +{ + struct tm Tm; + // Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 + if (strptime(str, "%a, %d %b %Y %H:%M:%S %Z", &Tm) == NULL && + // Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 + strptime(str, "%A, %d-%b-%y %H:%M:%S %Z", &Tm) == NULL && + // Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format + strptime(str, "%a %b %d %H:%M:%S %Y", &Tm) == NULL) + return false; + + time = timegm(&Tm); + return true; +} + /*}}}*/ +// FTPMDTMStrToTime - Converts a ftp modification date into a time_t /*{{{*/ +// --------------------------------------------------------------------- +/* */ +bool FTPMDTMStrToTime(const char* const str,time_t &time) +{ + struct tm Tm; + // MDTM includes no whitespaces but recommend and ignored by strptime + if (strptime(str, "%Y %m %d %H %M %S", &Tm) == NULL) + return false; + + time = timegm(&Tm); + return true; +} + /*}}}*/ // StrToTime - Converts a string into a time_t /*{{{*/ // --------------------------------------------------------------------- /* This handles all 3 populare time formats including RFC 1123, RFC 1036 diff --git a/apt-pkg/contrib/strutl.h b/apt-pkg/contrib/strutl.h index e509145f9..b5de0802e 100644 --- a/apt-pkg/contrib/strutl.h +++ b/apt-pkg/contrib/strutl.h @@ -45,7 +45,9 @@ string Base64Encode(const string &Str); string OutputInDepth(const unsigned long Depth, const char* Separator=" "); string URItoFileName(const string &URI); string TimeRFC1123(time_t Date); -bool StrToTime(const string &Val,time_t &Result); +bool RFC1123StrToTime(const char* const str,time_t &time) __attrib_const; +bool FTPMDTMStrToTime(const char* const str,time_t &time) __attrib_const; +__deprecated bool StrToTime(const string &Val,time_t &Result); string LookupTag(const string &Message,const char *Tag,const char *Default = 0); int StringToBool(const string &Text,int Default = -1); bool ReadMessages(int Fd, vector &List); diff --git a/debian/changelog b/debian/changelog index d8fb57757..2a40d084e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -44,6 +44,9 @@ apt (0.7.26~exp5) experimental; urgency=low - add 'disappear' to the known processing states, thanks Jonathan Nieder * apt-pkg/packagemanager.h: - export info about disappeared packages with GetDisappearedPackages() + * apt-pkg/contrib/strutl.cc: + - split StrToTime() into HTTP1.1 and FTP date parser methods and + use strptime() instead of some selfmade scanf mangling [ Michael Vogt ] * methods/http.{cc,h}: -- cgit v1.2.3 From 0323317c08c0b08bf0ba1ac37a37a8de333cdb40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 22:55:42 +0200 Subject: enhance the Valid-Until code a bit by using the correct RFC1123StrToTime method and allow for better translations of the error messages --- apt-pkg/acquire-item.cc | 16 +++++++++------- apt-pkg/indexrecords.cc | 24 ++++++++++++------------ 2 files changed, 21 insertions(+), 19 deletions(-) diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 4a846804e..ac84c2e5e 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -1178,13 +1178,15 @@ bool pkgAcqMetaIndex::VerifyVendor(string Message) /*{{{*/ Transformed = ""; } - if (_config->FindB("Acquire::Check-Valid-Until", true)) { - if (MetaIndexParser->GetValidUntil() > 0 && - time(NULL) > MetaIndexParser->GetValidUntil()) { - return _error->Error(_("Release file expired, ignoring %s (valid until %s)"), - RealURI.c_str(), - TimeRFC1123(MetaIndexParser->GetValidUntil()).c_str()); - } + if (_config->FindB("Acquire::Check-Valid-Until", true) == true && + MetaIndexParser->GetValidUntil() > 0) { + time_t const invalid_since = time(NULL) - MetaIndexParser->GetValidUntil(); + if (invalid_since > 0) + // TRANSLATOR: The first %s is the URL of the bad Release file, the second is + // the time since then the file is invalid - formated in the same way as in + // the download progress display (e.g. 7d 3h 42min 1s) + return _error->Error(_("Release file expired, ignoring %s (invalid since %s)"), + RealURI.c_str(), TimeToStr(invalid_since).c_str()); } if (_config->FindB("Debug::pkgAcquire::Auth", false)) diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 24ed02ba5..1312e6818 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -91,30 +91,30 @@ bool indexRecords::Load(const string Filename) /*{{{*/ } string Label = Section.FindS("Label"); - string StrDate = Section.FindS("Date"); + string StrDate = Section.FindS("Date"); string StrValidUntil = Section.FindS("Valid-Until"); // if we have a Valid-Until header, use it - if (!StrValidUntil.empty()) + if (StrValidUntil.empty() == false) { // set ValidUntil based on the information in the Release file - if(!StrToTime(StrValidUntil, ValidUntil)) + if(RFC1123StrToTime(StrValidUntil.c_str(), ValidUntil) == false) { - ErrorText = _(("Invalid 'Valid-Until' entry in Release file " + Filename).c_str()); + strprintf(ErrorText, _("Invalid 'Valid-Until' entry in Release file %s"), Filename.c_str()); return false; } } else { // if we don't have a valid-until string, check if we have a default - if (!Label.empty()) + int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0); + if (Label.empty() == true) + MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::"+Label).c_str(), MaxAge); + + if(MaxAge > 0 && RFC1123StrToTime(StrDate.c_str(), ValidUntil) == false) { - int MaxAge = _config->FindI(string("apt::acquire::max-default-age::"+Label).c_str(),0); - if(MaxAge > 0 && !StrToTime(StrDate, ValidUntil)) - { - ErrorText = _(("Invalid 'Date' entry in Release file " + Filename).c_str()); - return false; - } - ValidUntil += 24*60*60*MaxAge; + strprintf(ErrorText, _("Invalid 'Date' entry in Release file %s"), Filename.c_str()); + return false; } + ValidUntil += 24*60*60*MaxAge; } return true; -- cgit v1.2.3 From bbde96a611f39f5040b332dae1515207db341743 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 8 Jun 2010 23:38:34 +0200 Subject: use the Valid-Until header from the Release file but if the user provides a setting in the configuration prefer the date which is earlier. --- apt-pkg/indexrecords.cc | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index 1312e6818..cdc2897bf 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -88,34 +88,39 @@ bool indexRecords::Load(const string Filename) /*{{{*/ { strprintf(ErrorText, _("No Hash entry in Release file %s"), Filename.c_str()); return false; - } + } string Label = Section.FindS("Label"); string StrDate = Section.FindS("Date"); string StrValidUntil = Section.FindS("Valid-Until"); - // if we have a Valid-Until header, use it + // if we have a Valid-Until header in the Release file, use it as default if (StrValidUntil.empty() == false) { - // set ValidUntil based on the information in the Release file if(RFC1123StrToTime(StrValidUntil.c_str(), ValidUntil) == false) { strprintf(ErrorText, _("Invalid 'Valid-Until' entry in Release file %s"), Filename.c_str()); return false; } - } else { - // if we don't have a valid-until string, check if we have a default - int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0); - if (Label.empty() == true) - MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::"+Label).c_str(), MaxAge); + } + // get the user settings for this archive and use what expires earlier + int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0); + if (Label.empty() == true) + MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge); - if(MaxAge > 0 && RFC1123StrToTime(StrDate.c_str(), ValidUntil) == false) - { - strprintf(ErrorText, _("Invalid 'Date' entry in Release file %s"), Filename.c_str()); - return false; - } - ValidUntil += 24*60*60*MaxAge; + if(MaxAge == 0) // No user settings, use the one from the Release file + return true; + + time_t date; + if (RFC1123StrToTime(StrDate.c_str(), date) == false) + { + strprintf(ErrorText, _("Invalid 'Date' entry in Release file %s"), Filename.c_str()); + return false; } + date += 24*60*60*MaxAge; + + if (ValidUntil == 0 || ValidUntil > date) + ValidUntil = date; return true; } -- cgit v1.2.3 From c99e48ec26e693d9aa4a2a9f868284f7aa49784d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 9 Jun 2010 00:12:14 +0200 Subject: * ftparchive/writer.cc: - add ValidTime option to generate a Valid-Until header in Release file --- debian/changelog | 2 ++ doc/apt-ftparchive.1.xml | 3 ++- ftparchive/writer.cc | 10 ++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2a40d084e..fa0e667e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -47,6 +47,8 @@ apt (0.7.26~exp5) experimental; urgency=low * apt-pkg/contrib/strutl.cc: - split StrToTime() into HTTP1.1 and FTP date parser methods and use strptime() instead of some selfmade scanf mangling + * ftparchive/writer.cc: + - add ValidTime option to generate a Valid-Until header in Release file [ Michael Vogt ] * methods/http.{cc,h}: diff --git a/doc/apt-ftparchive.1.xml b/doc/apt-ftparchive.1.xml index a3ac45bd3..549aa6a34 100644 --- a/doc/apt-ftparchive.1.xml +++ b/doc/apt-ftparchive.1.xml @@ -122,7 +122,8 @@ e.g. APT::FTPArchive::Release::Origin. The supported fields are: Origin, Label, Suite, Version, Codename, Date, - Architectures, Components, Description. + Valid-Until, Architectures, + Components, Description. diff --git a/ftparchive/writer.cc b/ftparchive/writer.cc index 6cda29b21..650eec57c 100644 --- a/ftparchive/writer.cc +++ b/ftparchive/writer.cc @@ -924,6 +924,15 @@ ReleaseWriter::ReleaseWriter(string const &DB) datestr[0] = '\0'; } + time_t const validuntil = now + _config->FindI("APT::FTPArchive::Release::ValidTime", 0); + char validstr[128]; + if (now == validuntil || + strftime(validstr, sizeof(validstr), "%a, %d %b %Y %H:%M:%S UTC", + gmtime(&validuntil)) == 0) + { + datestr[0] = '\0'; + } + map Fields; Fields["Origin"] = ""; Fields["Label"] = ""; @@ -931,6 +940,7 @@ ReleaseWriter::ReleaseWriter(string const &DB) Fields["Version"] = ""; Fields["Codename"] = ""; Fields["Date"] = datestr; + Fields["Valid-Until"] = validstr; Fields["Architectures"] = ""; Fields["Components"] = ""; Fields["Description"] = ""; -- cgit v1.2.3 From 550891457ff63db01b57d9057a5fe447a165e10c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 9 Jun 2010 00:27:22 +0200 Subject: use the portable timegm shown in his manpage instead of a strange looking code copycat from wget --- apt-pkg/contrib/strutl.cc | 36 ++++++++++++++++-------------------- debian/changelog | 2 ++ 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc index 96e8143ec..160450366 100644 --- a/apt-pkg/contrib/strutl.cc +++ b/apt-pkg/contrib/strutl.cc @@ -827,31 +827,27 @@ static int MonthConv(char *Month) } } /*}}}*/ -// timegm - Internal timegm function if gnu is not available /*{{{*/ +// timegm - Internal timegm if the gnu version is not available /*{{{*/ // --------------------------------------------------------------------- -/* Ripped this evil little function from wget - I prefer the use of - GNU timegm if possible as this technique will have interesting problems - with leap seconds, timezones and other. - - Converts struct tm to time_t, assuming the data in tm is UTC rather +/* Converts struct tm to time_t, assuming the data in tm is UTC rather than local timezone (mktime assumes the latter). - - Contributed by Roger Beeman , with the help of - Mark Baushke and the rest of the Gurus at CISCO. */ - -/* Turned it into an autoconf check, because GNU is not the only thing which - can provide timegm. -- 2002-09-22, Joel Baker */ -#ifndef HAVE_TIMEGM // Now with autoconf! + This function is a nonstandard GNU extension that is also present on + the BSDs and maybe other systems. For others we follow the advice of + the manpage of timegm and use his portable replacement. */ +#ifndef HAVE_TIMEGM static time_t timegm(struct tm *t) { - time_t tl, tb; - - tl = mktime (t); - if (tl == -1) - return -1; - tb = mktime (gmtime (&tl)); - return (tl <= tb ? (tl + (tl - tb)) : (tl - (tb - tl))); + char *tz = getenv("TZ"); + setenv("TZ", "", 1); + tzset(); + time_t ret = mktime(t); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); + return ret; } #endif /*}}}*/ diff --git a/debian/changelog b/debian/changelog index fa0e667e7..049999230 100644 --- a/debian/changelog +++ b/debian/changelog @@ -47,6 +47,8 @@ apt (0.7.26~exp5) experimental; urgency=low * apt-pkg/contrib/strutl.cc: - split StrToTime() into HTTP1.1 and FTP date parser methods and use strptime() instead of some selfmade scanf mangling + - use the portable timegm shown in his manpage instead of a strange + looking code copycat from wget * ftparchive/writer.cc: - add ValidTime option to generate a Valid-Until header in Release file -- cgit v1.2.3 From 96cc64a521957d63704de72ed95f1c839698c53c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 9 Jun 2010 00:53:44 +0200 Subject: move the users away from the deprecated StrToTime() method --- apt-pkg/acquire-method.cc | 2 +- apt-pkg/contrib/strutl.h | 4 ++-- methods/ftp.cc | 3 +-- methods/http.cc | 2 +- methods/rsh.cc | 3 +-- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/apt-pkg/acquire-method.cc b/apt-pkg/acquire-method.cc index fe066741c..b82dceecb 100644 --- a/apt-pkg/acquire-method.cc +++ b/apt-pkg/acquire-method.cc @@ -373,7 +373,7 @@ int pkgAcqMethod::Run(bool Single) Tmp->Uri = LookupTag(Message,"URI"); Tmp->DestFile = LookupTag(Message,"FileName"); - if (StrToTime(LookupTag(Message,"Last-Modified"),Tmp->LastModified) == false) + if (RFC1123StrToTime(LookupTag(Message,"Last-Modified").c_str(),Tmp->LastModified) == false) Tmp->LastModified = 0; Tmp->IndexFile = StringToBool(LookupTag(Message,"Index-File"),false); Tmp->Next = 0; diff --git a/apt-pkg/contrib/strutl.h b/apt-pkg/contrib/strutl.h index b5de0802e..a457ff047 100644 --- a/apt-pkg/contrib/strutl.h +++ b/apt-pkg/contrib/strutl.h @@ -45,8 +45,8 @@ string Base64Encode(const string &Str); string OutputInDepth(const unsigned long Depth, const char* Separator=" "); string URItoFileName(const string &URI); string TimeRFC1123(time_t Date); -bool RFC1123StrToTime(const char* const str,time_t &time) __attrib_const; -bool FTPMDTMStrToTime(const char* const str,time_t &time) __attrib_const; +bool RFC1123StrToTime(const char* const str,time_t &time) __must_check; +bool FTPMDTMStrToTime(const char* const str,time_t &time) __must_check; __deprecated bool StrToTime(const string &Val,time_t &Result); string LookupTag(const string &Message,const char *Tag,const char *Default = 0); int StringToBool(const string &Text,int Default = -1); diff --git a/methods/ftp.cc b/methods/ftp.cc index 3e1725823..97248f900 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -661,8 +661,7 @@ bool FTPConn::ModTime(const char *Path, time_t &Time) return true; // Parse it - StrToTime(Msg,Time); - return true; + return FTPMDTMStrToTime(Msg.c_str(), Time); } /*}}}*/ // FTPConn::CreateDataFd - Get a data connection /*{{{*/ diff --git a/methods/http.cc b/methods/http.cc index d43dd14c8..5fdc62696 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -631,7 +631,7 @@ bool ServerState::HeaderLine(string Line) if (stringcasecmp(Tag,"Last-Modified:") == 0) { - if (StrToTime(Val,Date) == false) + if (RFC1123StrToTime(Val.c_str(), Date) == false) return _error->Error(_("Unknown date format")); return true; } diff --git a/methods/rsh.cc b/methods/rsh.cc index f0ccfc42d..97b4ef151 100644 --- a/methods/rsh.cc +++ b/methods/rsh.cc @@ -278,8 +278,7 @@ bool RSHConn::ModTime(const char *Path, time_t &Time) return false; // Parse it - StrToTime(Msg,Time); - return true; + return FTPMDTMStrToTime(Msg.c_str(), Time); } /*}}}*/ // RSHConn::Get - Get a file /*{{{*/ -- cgit v1.2.3 From b02fffa64833e1f8e2617669d89de0a6d0882747 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 9 Jun 2010 10:46:35 +0200 Subject: rename the options, document them and reorder the changelog a bit --- apt-pkg/indexrecords.cc | 4 ++-- debian/changelog | 24 ++++++++++++++++-------- doc/apt.conf.5.xml | 24 ++++++++++++++++++++++++ doc/examples/configure-index | 4 ++++ 4 files changed, 46 insertions(+), 10 deletions(-) diff --git a/apt-pkg/indexrecords.cc b/apt-pkg/indexrecords.cc index cdc2897bf..3bde7437d 100644 --- a/apt-pkg/indexrecords.cc +++ b/apt-pkg/indexrecords.cc @@ -104,9 +104,9 @@ bool indexRecords::Load(const string Filename) /*{{{*/ } } // get the user settings for this archive and use what expires earlier - int MaxAge = _config->FindI("APT::Acquire::Max-Default-Age", 0); + int MaxAge = _config->FindI("Acquire::Max-ValidTime", 0); if (Label.empty() == true) - MaxAge = _config->FindI(string("APT::Acquire::Max-Default-Age::" + Label).c_str(), MaxAge); + MaxAge = _config->FindI(string("Acquire::Max-ValidTime::" + Label).c_str(), MaxAge); if(MaxAge == 0) // No user settings, use the one from the Release file return true; diff --git a/debian/changelog b/debian/changelog index 049999230..c3f7a3e25 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,25 @@ -apt (0.7.26~exp5) experimental; urgency=low +apt (0.7.26~exp6) UNRELEASED; urgency=low [ David Kalnischkies ] + * doc/apt.conf.5.xml: + - document the new Valid-Until related options * apt-pkg/indexrecords.cc: - backport forgotten Valid-Until patch from the obsolete experimental branch to prevent replay attacks better, thanks to Thomas Viehmann for the initial patch! (Closes: #499897) + * apt-pkg/contrib/strutl.cc: + - split StrToTime() into HTTP1.1 and FTP date parser methods and + use strptime() instead of some self-made scanf mangling + - use the portable timegm shown in his manpage instead of a strange + looking code copycat from wget + * ftparchive/writer.cc: + - add ValidTime option to generate a Valid-Until header in Release file + + -- David Kalnischkies Wed, 09 Jun 2010 10:43:58 +0200 + +apt (0.7.26~exp5) experimental; urgency=low + + [ David Kalnischkies ] * cmdline/apt-get.cc: - rerun dpkg-source in source if --fix-broken is given (Closes: #576752) - don't suggest held packages as they are installed (Closes: #578135) @@ -44,13 +59,6 @@ apt (0.7.26~exp5) experimental; urgency=low - add 'disappear' to the known processing states, thanks Jonathan Nieder * apt-pkg/packagemanager.h: - export info about disappeared packages with GetDisappearedPackages() - * apt-pkg/contrib/strutl.cc: - - split StrToTime() into HTTP1.1 and FTP date parser methods and - use strptime() instead of some selfmade scanf mangling - - use the portable timegm shown in his manpage instead of a strange - looking code copycat from wget - * ftparchive/writer.cc: - - add ValidTime option to generate a Valid-Until header in Release file [ Michael Vogt ] * methods/http.{cc,h}: diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index fe005e0f1..0cf4bb663 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; and the URI handlers. + Check-Valid-Until + Security related option defaulting to true as an + expiring validation for a Release file prevents longtime replay attacks + and can e.g. also help users to identify no longer updated mirrors - + but the feature depends on the correctness of the time on the user system. + Archive maintainers are encouraged to create Release files with the + Valid-Until header, but if they don't or a stricter value + is volitional the following Max-ValidTime option can be used. + + + + Max-ValidTime + Seconds the Release file should be considered valid after + it was created. The default is "for ever" (0) if the Release file of the + archive doesn't include a Valid-Until header. + If it does then this date is the default. The date from the Release file or + the date specified by the creation time of the Release file + (Date header) plus the seconds specified with this + options are used to check if the validation of a file has expired by using + the earlier date of the two. Archive specific settings can be made by + appending the label of the archive to the option name. + + + PDiffs Try to download deltas called PDiffs for Packages or Sources files instead of downloading whole ones. True diff --git a/doc/examples/configure-index b/doc/examples/configure-index index d168417d8..127feb9e9 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -176,6 +176,10 @@ Acquire PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess // 50% of the size of the original file + Check-Valid-Until "true"; + Max-ValidTime "864000"; // 10 days + Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration + // HTTP method configuration http { -- cgit v1.2.3