From 3e3638dc9389591cfd30baa6c41d85c31127402a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Sun, 3 Mar 2019 19:41:42 +0100 Subject: Add explicit message for unsupported binary signature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Verifying the content of Release.gpg made us fail on binary signatures which were never officially supported (apt-secure manpage only documents only the generation of ASCII armored), but silently accepted by gpgv as we passed it on unchecked before. The binary format is complex and is itself split into old and new formats so adding support for this would not only add lots of code but also a good opportunity for bugs and dubious benefit. Reporting this issue explicitly should help repository creators figure out the problem faster than the default NODATA message hinting at captive portals. Given that the binary format has no file magic or any other clear and simple indication that this is a detached signature we guess based on the first two bits only – and by that only supporting the "old" binary format which seems to be the only one generated by gnupg in this case. References: e2965b0b6bdd68ffcad0e06d11755412a7e16e50 Closes: #921685 --- apt-pkg/contrib/gpgv.cc | 18 ++++++++++++++++-- .../test-bug-921685-binary-detached-signature | 22 ++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100755 test/integration/test-bug-921685-binary-detached-signature diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 35d859849..d956eaf00 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -297,10 +297,24 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, } if (found_signatures == 0 && statusfd != -1) { - // This is not an attack attempt but a file even gpgv would complain about - // likely the result of a paywall which is covered by the gpgv method auto const errtag = "[GNUPG:] NODATA\n"; FileFd::Write(fd[1], errtag, strlen(errtag)); + // guess if this is a binary signature, we never officially supported them, + // but silently accepted them via passing them unchecked to gpgv + if (found_badcontent) + { + rewind(detached.get()); + auto ptag = fgetc(detached.get()); + // §4.2 says that the first bit is always set and gpg seems to generate + // only old format which is indicated by the second bit not set + if (ptag != EOF && (ptag & 0x80) != 0 && (ptag & 0x40) == 0) + { + apt_error(std::cerr, statusfd, fd, "Detached signature file '%s' is in unsupported binary format", FileGPG.c_str()); + local_exit(112); + } + } + // This is not an attack attempt but a file even gpgv would complain about + // likely the result of a paywall which is covered by the gpgv method local_exit(113); } else if (found_badcontent) diff --git a/test/integration/test-bug-921685-binary-detached-signature b/test/integration/test-bug-921685-binary-detached-signature new file mode 100755 index 000000000..df863197a --- /dev/null +++ b/test/integration/test-bug-921685-binary-detached-signature @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +insertpackage 'unstable' 'foo' 'all' '1' + +buildaptarchive +setupdistsaptarchive + +for RELEASE in $(find aptarchive -name 'Release'); do + # note the missing --armor + dosigning "keys/joesixpack" --detach-sign --sign --output "${RELEASE}.gpg" "${RELEASE}" +done + +testfailure apt show foo +testfailure aptget update +testsuccess grep 'W: .* Detached signature file .* is in unsupported binary format' rootdir/tmp/testfailure.output +testfailure apt show foo -- cgit v1.2.3 From e48f7e39e859f0dd1e2c1258762f6f0ccf210920 Mon Sep 17 00:00:00 2001 From: Milo Casagrande Date: Mon, 4 Mar 2019 11:12:03 +0100 Subject: [l10n] Update Italian translation Signed-off-by: Milo Casagrande --- po/it.po | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/po/it.po b/po/it.po index 738cc78bd..e0167f6cb 100644 --- a/po/it.po +++ b/po/it.po @@ -1,15 +1,15 @@ # Italian translation of apt -# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018 The Free Software Foundation, Inc. +# Copyright (C) 2002-2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019 The Free Software Foundation, Inc. # This file is distributed under the same license as the apt package. # Samuele Giovanni Tonon , 2002. -# Milo Casagrande , 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018. +# Milo Casagrande , 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2017, 2018, 2019. # msgid "" msgstr "" "Project-Id-Version: apt\n" "Report-Msgid-Bugs-To: APT Development Team \n" -"POT-Creation-Date: 2019-02-04 15:34+0100\n" -"PO-Revision-Date: 2018-12-04 09:33+0100\n" +"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"PO-Revision-Date: 2019-03-04 11:05+0100\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language: it\n" @@ -17,7 +17,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n!=1);\n" -"X-Generator: Poedit 2.1.1\n" +"X-Generator: Poedit 2.2.1\n" #: apt-inst/contrib/arfile.cc msgid "Invalid archive signature" @@ -433,6 +433,8 @@ msgid "" "The method '%s' is unsupported and disabled by default. Consider switching " "to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again." msgstr "" +"Il metodo \"%s\" non è supportato ed è disabilitato: passare a http(s). Per " +"abilitarlo nuovamente, impostare Dir::Bin::Methods::%s a \"%s\"." #: apt-pkg/acquire-worker.cc #, c-format @@ -1632,6 +1634,8 @@ msgstr "Impossibile comprendere il tipo di gancio %s" msgid "" "%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records" msgstr "" +"%s: il valore speciale \"Pin-Priority: %s\" può essere usato solamente con " +"voci \"Package: *\"" #: apt-pkg/policy.cc #, c-format @@ -2944,10 +2948,8 @@ msgid "Install new packages (pkg is libc6 not libc6.deb)" msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)" #: cmdline/apt-get.cc -#, fuzzy -#| msgid "Install new packages (pkg is libc6 not libc6.deb)" msgid "Reinstall packages (pkg is libc6 not libc6.deb)" -msgstr "Installa nuovi pacchetti (PKG è libc6 non libc6.deb)" +msgstr "Installa nuovamente pacchetti (PKG è libc6 non libc6.deb)" #: cmdline/apt-get.cc msgid "Remove packages" @@ -3102,13 +3104,11 @@ msgstr "%s è già stato impostato come installato automaticamente.\n" #: cmdline/apt-mark.cc msgid "No changes necessary" -msgstr "" +msgstr "Nessuna modifica necessaria" #: cmdline/apt-mark.cc -#, fuzzy -#| msgid "The following NEW packages will be installed:" msgid "The following packages will be marked as automatically installed:" -msgstr "I seguenti pacchetti NUOVI saranno installati:" +msgstr "I seguenti pacchetti verranno segnati come installati automaticamente:" #: cmdline/apt-mark.cc #, c-format @@ -3177,10 +3177,9 @@ msgid "Mark the given packages as manually installed" msgstr "Segna i pacchetti forniti come installati manualmente" #: cmdline/apt-mark.cc -#, fuzzy -#| msgid "Mark the given packages as automatically installed" msgid "Mark all dependencies of meta packages as automatically installed." -msgstr "Segna i pacchetti forniti come installati automaticamente" +msgstr "" +"Segna tutte le dipendenze dei meta pacchetti come installate automaticamente" #: cmdline/apt-mark.cc msgid "Mark a package as held back" @@ -3260,10 +3259,8 @@ msgid "install packages" msgstr "Installa pacchetti" #: cmdline/apt.cc -#, fuzzy -#| msgid "install packages" msgid "reinstall packages" -msgstr "Installa pacchetti" +msgstr "Installa nuovamente pacchetti" #: cmdline/apt.cc msgid "remove packages" -- cgit v1.2.3 From 38f66a72c89651540dd202709bbc3c01c548f6da Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 6 Mar 2019 15:10:56 +0100 Subject: Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...) Bad accident. Accidents happen. --- apt-private/private-update.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index 4d9d0775d..59d1d6d3f 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -139,7 +139,7 @@ bool DoUpdate(CommandLine &CmdL) else ioprintf(c1out, msg, upgradable); - RunScripts("APT::Update-Post-Invoke-Stats"); + RunScripts("APT::Update::Post-Invoke-Stats"); } return true; -- cgit v1.2.3 From cf9bfaf7215c10e09c83d9ac1998ebb7dead7b87 Mon Sep 17 00:00:00 2001 From: Frans Spiesschaert Date: Wed, 6 Mar 2019 15:14:33 +0100 Subject: Dutch program translation update Closes: #923728 --- po/nl.po | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/po/nl.po b/po/nl.po index b758d70ee..43fd4dfad 100644 --- a/po/nl.po +++ b/po/nl.po @@ -10,10 +10,10 @@ # msgid "" msgstr "" -"Project-Id-Version: apt 1.8.0~beta1\n" +"Project-Id-Version: apt 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team \n" "POT-Creation-Date: 2019-02-10 13:19+0100\n" -"PO-Revision-Date: 2019-01-29 17:31+0100\n" +"PO-Revision-Date: 2019-02-16 20:35+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" "Language: nl\n" @@ -439,6 +439,9 @@ msgid "" "The method '%s' is unsupported and disabled by default. Consider switching " "to http(s). Set Dir::Bin::Methods::%s to \"%s\" to enable it again." msgstr "" +"Methode '%s' wordt niet ondersteund en is standaard uitgeschakeld. U " +"schakelt best over op http(s). Stel Dir::Bin::Methods::%s in op \"%s\" om " +"deze opnieuw in te schakelen." #: apt-pkg/acquire-worker.cc #, c-format @@ -1632,6 +1635,8 @@ msgstr "Pintype %s wordt niet begrepen" msgid "" "%s: The special 'Pin-Priority: %s' can only be used for 'Package: *' records" msgstr "" +"%s: Het bijzondere 'Pin-Priority: %s' kan enkel gebruikt worden voor " +"structuren van het type 'Package: *'" #: apt-pkg/policy.cc #, c-format @@ -2937,10 +2942,9 @@ msgid "Install new packages (pkg is libc6 not libc6.deb)" msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)" #: cmdline/apt-get.cc -#, fuzzy #| msgid "Install new packages (pkg is libc6 not libc6.deb)" msgid "Reinstall packages (pkg is libc6 not libc6.deb)" -msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)" +msgstr "Pakketten opnieuw installeren (pakket is libc6, niet libc6.deb)" #: cmdline/apt-get.cc msgid "Remove packages" @@ -3247,10 +3251,9 @@ msgid "install packages" msgstr "pakketten installeren" #: cmdline/apt.cc -#, fuzzy #| msgid "install packages" msgid "reinstall packages" -msgstr "pakketten installeren" +msgstr "pakketten opnieuw installeren" #: cmdline/apt.cc msgid "remove packages" -- cgit v1.2.3 From ff2c1f91dd053355ac6107803bd3d7a1ef95d132 Mon Sep 17 00:00:00 2001 From: Frans Spiesschaert Date: Wed, 6 Mar 2019 15:14:33 +0100 Subject: Dutch manpages translation update Closes: #923834 --- doc/po/nl.po | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/doc/po/nl.po b/doc/po/nl.po index affac023b..39dbe4851 100644 --- a/doc/po/nl.po +++ b/doc/po/nl.po @@ -4,10 +4,10 @@ # msgid "" msgstr "" -"Project-Id-Version: apt-doc 1.8.0~beta1\n" +"Project-Id-Version: apt-doc 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team \n" "POT-Creation-Date: 2019-02-10 14:34+0100\n" -"PO-Revision-Date: 2019-01-30 12:49+0100\n" +"PO-Revision-Date: 2019-02-16 20:46+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" "Language: nl\n" @@ -1241,7 +1241,6 @@ msgstr "" #. type: Content of: #: apt-get.8.xml -#, fuzzy #| msgid "" #| "A new list command is available similar to " #| "dpkg --list." @@ -1249,8 +1248,8 @@ msgid "" "reinstall is an alias for install --reinstall." msgstr "" -"Een nieuw commando list staat ter beschikking, " -"vergelijkbaar met dpkg --list." +"reinstall is een alias voor install --reinstall." #. type: Content of: #: apt-get.8.xml -- cgit v1.2.3 From 34d850db4011060e9bffeeb08a533c6724414151 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 7 Mar 2019 13:10:08 +0100 Subject: CMake: Install auth.conf.d directory The missing auth.conf.d directory was an oversight, it should be there. LP: #1818996 --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index ac825d2bc..3aa8e1168 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -243,6 +243,7 @@ endif() # Create our directories. install_empty_directories( ${CONF_DIR}/apt.conf.d + ${CONF_DIR}/auth.conf.d ${CONF_DIR}/preferences.d ${CONF_DIR}/sources.list.d ${CONF_DIR}/trusted.gpg.d -- cgit v1.2.3 From 19c37a01bccca11fe2bfa957087706c27441ef34 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Fri, 8 Mar 2019 09:41:33 +0100 Subject: Release 1.8.0 --- CMakeLists.txt | 2 +- debian/changelog | 18 ++++++++++++++++++ doc/apt-verbatim.ent | 2 +- doc/po/apt-doc.pot | 4 ++-- doc/po/nl.po | 5 +---- po/apt-all.pot | 4 ++-- po/nl.po | 4 +--- 7 files changed, 26 insertions(+), 13 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3aa8e1168..60f329078 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -188,7 +188,7 @@ check_cxx_target(HAVE_FMV_SSE42_AND_CRC32DI "sse4.2" "__builtin_ia32_crc32di(0, # Configure some variables like package, version and architecture. set(PACKAGE ${PROJECT_NAME}) set(PACKAGE_MAIL "APT Development Team ") -set(PACKAGE_VERSION "1.8.0~rc4") +set(PACKAGE_VERSION "1.8.0") if (NOT DEFINED DPKG_DATADIR) execute_process(COMMAND ${PERL_EXECUTABLE} -MDpkg -e "print $Dpkg::DATADIR;" diff --git a/debian/changelog b/debian/changelog index 2fe29954b..ea66922bf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +apt (1.8.0) unstable; urgency=medium + + [ David Kalnischkies ] + * Add explicit message for unsupported binary signature (Closes: #921685) + + [ Milo Casagrande ] + * [l10n] Update Italian translation + + [ Julian Andres Klode ] + * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...) + * CMake: Install auth.conf.d directory (LP: #1818996) + + [ Frans Spiesschaert ] + * Dutch program translation update (Closes: #923728) + * Dutch manpages translation update (Closes: #923834) + + -- Julian Andres Klode Fri, 08 Mar 2019 09:41:20 +0100 + apt (1.8.0~rc4) unstable; urgency=medium * update: Provide APT::Update-Post-Invoke-Stats script hook point diff --git a/doc/apt-verbatim.ent b/doc/apt-verbatim.ent index 563a1b7f3..c2227ad04 100644 --- a/doc/apt-verbatim.ent +++ b/doc/apt-verbatim.ent @@ -268,7 +268,7 @@ "> - + diff --git a/doc/po/apt-doc.pot b/doc/po/apt-doc.pot index f34f3ffac..37287d045 100644 --- a/doc/po/apt-doc.pot +++ b/doc/po/apt-doc.pot @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: apt-doc 1.8.0~rc4\n" +"Project-Id-Version: apt-doc 1.8.0\n" "Report-Msgid-Bugs-To: APT Development Team \n" -"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff --git a/doc/po/nl.po b/doc/po/nl.po index 39dbe4851..5a7bf81b8 100644 --- a/doc/po/nl.po +++ b/doc/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: apt-doc 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team \n" -"POT-Creation-Date: 2019-02-10 14:34+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: 2019-02-16 20:46+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" @@ -1241,9 +1241,6 @@ msgstr "" #. type: Content of: #: apt-get.8.xml -#| msgid "" -#| "A new list command is available similar to " -#| "dpkg --list." msgid "" "reinstall is an alias for install --reinstall." diff --git a/po/apt-all.pot b/po/apt-all.pot index 49f025550..e424d23b9 100644 --- a/po/apt-all.pot +++ b/po/apt-all.pot @@ -5,9 +5,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: apt 1.8.0~rc4\n" +"Project-Id-Version: apt 1.8.0\n" "Report-Msgid-Bugs-To: APT Development Team \n" -"POT-Creation-Date: 2019-02-26 08:33+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff --git a/po/nl.po b/po/nl.po index 43fd4dfad..3b53dc953 100644 --- a/po/nl.po +++ b/po/nl.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: apt 1.8.0~rc3\n" "Report-Msgid-Bugs-To: APT Development Team \n" -"POT-Creation-Date: 2019-02-10 13:19+0100\n" +"POT-Creation-Date: 2019-03-08 09:41+0100\n" "PO-Revision-Date: 2019-02-16 20:35+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" @@ -2942,7 +2942,6 @@ msgid "Install new packages (pkg is libc6 not libc6.deb)" msgstr "Nieuwe pakketten installeren (pakket is bijv. libc6, niet libc6.deb)" #: cmdline/apt-get.cc -#| msgid "Install new packages (pkg is libc6 not libc6.deb)" msgid "Reinstall packages (pkg is libc6 not libc6.deb)" msgstr "Pakketten opnieuw installeren (pakket is libc6, niet libc6.deb)" @@ -3251,7 +3250,6 @@ msgid "install packages" msgstr "pakketten installeren" #: cmdline/apt.cc -#| msgid "install packages" msgid "reinstall packages" msgstr "pakketten opnieuw installeren" -- cgit v1.2.3