From 7bf533967fb385b9625a1ee4dd7c6542a84b489c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 12 Sep 2018 01:44:18 +0200 Subject: Communicate back which key(s) were used for signing Telling the acquire system which keys caused the gpgv method to succeed allows us for now just a casual check if the gpgv method really executed catching bugs like CVE-2018-0501, but we will make use of the information for better features in the following commits. --- apt-pkg/acquire-item.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'apt-pkg/acquire-item.h') diff --git a/apt-pkg/acquire-item.h b/apt-pkg/acquire-item.h index 4a1378922..70651d9e3 100644 --- a/apt-pkg/acquire-item.h +++ b/apt-pkg/acquire-item.h @@ -451,8 +451,9 @@ class APT_HIDDEN pkgAcqMetaBase : public pkgAcqTransactionItem /*{{{*/ * * \param Message The message block received from the fetch * subprocess. + * \param Cnf The method and its configuration which handled the request */ - bool CheckAuthDone(std::string const &Message); + bool CheckAuthDone(std::string const &Message, pkgAcquire::MethodConfig const *const Cnf); /** Check if the current item should fail at this point */ bool CheckStopAuthentication(pkgAcquire::Item * const I, const std::string &Message); -- cgit v1.2.3