From 2f5b615169aef2d9c74bb337af229dee2dce595e Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:17:01 +0100 Subject: * apt-pkg/indexcopy.cc: - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 9ed9b4d61..ac630ad7e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +apt (0.9.7.9) UNRELEASED; urgency=low + + [ David Kalnischkies ] + * apt-pkg/indexcopy.cc: + - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc + + -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 + apt (0.9.7.8) unstable; urgency=criticial * SECURITY UPDATE: InRelease verification bypass -- cgit v1.2.3 From 99ed26d32226f0dffe5a37fb78c5588f9d9ecfd5 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:29:46 +0100 Subject: * apt-pkg/contrib/gpgv.cc: - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases --- debian/changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index ac630ad7e..bd4116406 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,9 @@ apt (0.9.7.9) UNRELEASED; urgency=low [ David Kalnischkies ] * apt-pkg/indexcopy.cc: - rename RunGPGV to ExecGPGV and move it to apt-pkg/contrib/gpgv.cc + * apt-pkg/contrib/gpgv.cc: + - ExecGPGV is a method which should never return, so mark it as such + and fix the inconsistency of returning in error cases -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 -- cgit v1.2.3 From b38bb727530a7e836689ef100b07926522066986 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:49:05 +0100 Subject: don't close stdout/stderr if it is also the statusfd --- debian/changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index bd4116406..0423cefa6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ apt (0.9.7.9) UNRELEASED; urgency=low * apt-pkg/contrib/gpgv.cc: - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases + - don't close stdout/stderr if it is also the statusfd -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 -- cgit v1.2.3 From 39f38a81b85edf2e1bdc4e92267a63cc6c928734 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 14:55:43 +0100 Subject: * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us --- debian/changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 0423cefa6..77e8674a0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,9 @@ apt (0.9.7.9) UNRELEASED; urgency=low - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd + * apt-pkg/acquire-item.cc: + - keep the last good InRelease file around just as we do it with + Release.gpg in case the new one we download isn't good for us -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 -- cgit v1.2.3 From 2d3fe9cfadb33556b7563a98bb5a4698888e6c40 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 15 Mar 2013 18:53:53 +0100 Subject: - if ExecGPGV deals with a clear-signed file it will split this file into data and signatures, pass it to gpgv for verification and recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 77e8674a0..7ebbb1cb4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,9 +7,16 @@ apt (0.9.7.9) UNRELEASED; urgency=low - ExecGPGV is a method which should never return, so mark it as such and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd + - if ExecGPGV deals with a clear-signed file it will split this file + into data and signatures, pass it to gpgv for verification and + recombines it after that in a known-good way without unsigned blocks + and whitespaces resulting usually in more or less the same file as + before, but later code can be sure about the format * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us + * apt-pkg/deb/debmetaindex.cc: + - reenable InRelease by default -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 -- cgit v1.2.3 From ad000f6b68f9216412a6a70bcfe6cb11fb0c2fe6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 16 Mar 2013 10:08:28 +0100 Subject: add testcase and update changelog --- debian/changelog | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 7ebbb1cb4..3ef652c56 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,11 @@ apt (0.9.7.9) UNRELEASED; urgency=low Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default + + [ Michael Vogt ] + * add regression test for CVE-2013-1051 + * implement GPGSplit() based on the idea from Ansgar Burchardt + (many thanks!) -- David Kalnischkies Fri, 15 Mar 2013 14:15:43 +0100 -- cgit v1.2.3 From f1828b6977972b4ef6da6401602b7938f6570c32 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 19:36:55 +0100 Subject: - add method to open (maybe) clearsigned files transparently * ftparchive/writer.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc files --- debian/changelog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 3ef652c56..27fae657c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,12 +12,16 @@ apt (0.9.7.9) UNRELEASED; urgency=low recombines it after that in a known-good way without unsigned blocks and whitespaces resulting usually in more or less the same file as before, but later code can be sure about the format + - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default - + * ftparchive/writer.cc: + - use OpenMaybeClearSignedFile to be free from detecting and + skipping clearsigning metadata in dsc files + [ Michael Vogt ] * add regression test for CVE-2013-1051 * implement GPGSplit() based on the idea from Ansgar Burchardt -- cgit v1.2.3 From 233b78083f6f79730fcb5a6faeb74e2a78b6038a Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 18 Mar 2013 22:57:08 +0100 Subject: * apt-pkg/deb/debindexfile.cc, apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and skipping clearsigning metadata in dsc and Release files We can't write a "clean" file to disk as not all acquire methods copy Release files before checking them (e.g. cdrom), so this reverts recombining, but uses the method we use for dsc files also in the two places we deal with Release files --- debian/changelog | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 27fae657c..7c02b2689 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,19 +8,18 @@ apt (0.9.7.9) UNRELEASED; urgency=low and fix the inconsistency of returning in error cases - don't close stdout/stderr if it is also the statusfd - if ExecGPGV deals with a clear-signed file it will split this file - into data and signatures, pass it to gpgv for verification and - recombines it after that in a known-good way without unsigned blocks - and whitespaces resulting usually in more or less the same file as - before, but later code can be sure about the format + into data and signatures, pass it to gpgv for verification - add method to open (maybe) clearsigned files transparently * apt-pkg/acquire-item.cc: - keep the last good InRelease file around just as we do it with Release.gpg in case the new one we download isn't good for us * apt-pkg/deb/debmetaindex.cc: - reenable InRelease by default - * ftparchive/writer.cc: + * ftparchive/writer.cc, + apt-pkg/deb/debindexfile.cc, + apt-pkg/deb/deblistparser.cc: - use OpenMaybeClearSignedFile to be free from detecting and - skipping clearsigning metadata in dsc files + skipping clearsigning metadata in dsc and Release files [ Michael Vogt ] * add regression test for CVE-2013-1051 -- cgit v1.2.3