From 081fbea14d12f79c8d91ce4fe1f1004c7bc08656 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Wed, 12 Apr 2017 17:39:06 +0200
Subject: error in update on Release information changes

The value of Origin, Label, Codename and co can be used in user
configuration from apts own pinning to unattended upgrades.
A repository changing this values can therefore have serious effects on
the behaviour of apt and other tools using these values.

In a first step we will generate error messages for these changes now
explaining the need for explicit confirmation and provide config options
and commandline flags to accept them.
---
 apt-pkg/deb/debmetaindex.cc | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'apt-pkg/deb')

diff --git a/apt-pkg/deb/debmetaindex.cc b/apt-pkg/deb/debmetaindex.cc
index 8c82414cb..424ef08f6 100644
--- a/apt-pkg/deb/debmetaindex.cc
+++ b/apt-pkg/deb/debmetaindex.cc
@@ -393,6 +393,9 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
    // FIXME: find better tag name
    SupportsAcquireByHash = Section.FindB("Acquire-By-Hash", false);
 
+   SetOrigin(Section.FindS("Origin"));
+   SetLabel(Section.FindS("Label"));
+   SetVersion(Section.FindS("Version"));
    Suite = Section.FindS("Suite");
    Codename = Section.FindS("Codename");
    {
@@ -415,6 +418,20 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
       else // e.g. security.debian.org uses this style
 	 d->SupportedComponents.push_back(comp.substr(pos + 1));
    }
+   {
+      decltype(pkgCache::ReleaseFile::Flags) flags = 0;
+      Section.FindFlag("NotAutomatic", flags, pkgCache::Flag::NotAutomatic);
+      signed short defaultpin = 500;
+      if ((flags & pkgCache::Flag::NotAutomatic) == pkgCache::Flag::NotAutomatic)
+      {
+	 Section.FindFlag("ButAutomaticUpgrades", flags, pkgCache::Flag::ButAutomaticUpgrades);
+	 if ((flags & pkgCache::Flag::ButAutomaticUpgrades) == pkgCache::Flag::ButAutomaticUpgrades)
+	    defaultpin = 100;
+	 else
+	    defaultpin = 1;
+      }
+      SetDefaultPin(defaultpin);
+   }
 
    bool FoundHashSum = false;
    bool FoundStrongHashSum = false;
@@ -472,7 +489,6 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 
    if (CheckValidUntil == true)
    {
-      std::string const Label = Section.FindS("Label");
       std::string const StrValidUntil = Section.FindS("Valid-Until");
 
       // if we have a Valid-Until header in the Release file, use it as default
@@ -485,6 +501,7 @@ bool debReleaseIndex::Load(std::string const &Filename, std::string * const Erro
 	    return false;
 	 }
       }
+      auto const Label = GetLabel();
       // get the user settings for this archive and use what expires earlier
       time_t MaxAge = d->ValidUntilMax;
       if (MaxAge == 0)
-- 
cgit v1.2.3