From 3fa61cd604da1a4d744cebf3fbb747bf7c80bf91 Mon Sep 17 00:00:00 2001
From: Michael Vogt <mvo@ubuntu.com>
Date: Wed, 17 Sep 2014 14:57:05 +0200
Subject: Fix regression for file:/// uris from CVE-2014-0487

Do not run ReverifyAfterIMS() for local file URIs as this will
causes apt to mess around in the file:/// uri space. This is
wrong in itself, but it will also cause a incorrect verification
failure when the archive and the lists directory are on different
partitions as rename().
---
 apt-pkg/acquire-item.cc | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

(limited to 'apt-pkg')

diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc
index 1ffab9612..a48be70c2 100644
--- a/apt-pkg/acquire-item.cc
+++ b/apt-pkg/acquire-item.cc
@@ -949,12 +949,6 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash,
    string FileName = LookupTag(Message,"Alt-Filename");
    if (FileName.empty() == false)
    {
-      // The files timestamp matches
-      if (StringToBool(LookupTag(Message,"Alt-IMS-Hit"),false) == true)
-      {
-         ReverifyAfterIMS(FileName);
-         return;
-      }
       Decompression = true;
       Local = true;
       DestFile += ".decomp";
@@ -971,18 +965,18 @@ void pkgAcqIndex::Done(string Message,unsigned long long Size,string Hash,
       ErrorText = "Method gave a blank filename";
    }
 
+   if (FileName == DestFile)
+      Erase = true;
+   else
+      Local = true;
+
    // The files timestamp matches
-   if (StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
+   if (!Local && StringToBool(LookupTag(Message,"IMS-Hit"),false) == true)
    {
       ReverifyAfterIMS(FileName);
       return;
    }
 
-   if (FileName == DestFile)
-      Erase = true;
-   else
-      Local = true;
-   
    string decompProg;
 
    // If we enable compressed indexes, queue for hash verification
-- 
cgit v1.2.3