diff -Nru apt-0.9.9.1~ubuntu3.1/cmdline/apt-get.cc apt-0.9.9.1~ubuntu3.2/cmdline/apt-get.cc --- apt-0.9.9.1~ubuntu3.1/cmdline/apt-get.cc 2013-07-10 17:04:41.000000000 +0200 +++ apt-0.9.9.1~ubuntu3.2/cmdline/apt-get.cc 2014-06-12 14:01:48.000000000 +0200 @@ -1046,25 +1046,8 @@ return true; } /*}}}*/ -// CheckAuth - check if each download comes form a trusted source /*{{{*/ -// --------------------------------------------------------------------- -/* */ -static bool CheckAuth(pkgAcquire& Fetcher) +static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) { - string UntrustedList; - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) - { - if (!(*I)->IsTrusted()) - { - UntrustedList += string((*I)->ShortDesc()) + " "; - } - } - - if (UntrustedList == "") - { - return true; - } - ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,""); if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) @@ -1073,6 +1056,9 @@ return true; } + if (PromptUser == false) + return _error->Error(_("Some packages could not be authenticated")); + if (_config->FindI("quiet",0) < 2 && _config->FindB("APT::Get::Assume-Yes",false) == false) { @@ -1090,6 +1076,27 @@ return _error->Error(_("There are problems and -y was used without --force-yes")); } /*}}}*/ +// CheckAuth - check if each download comes form a trusted source /*{{{*/ +// --------------------------------------------------------------------- +/* */ +static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true) +{ + string UntrustedList; + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) + { + if (!(*I)->IsTrusted()) + { + UntrustedList += string((*I)->ShortDesc()) + " "; + } + } + + if (UntrustedList == "") + { + return true; + } + + return AuthPrompt(UntrustedList, PromptUser); +} // InstallPackages - Actually download and install the packages /*{{{*/ // --------------------------------------------------------------------- /* This displays the informative messages describing what is going to @@ -2482,6 +2489,7 @@ // Load the requestd sources into the fetcher unsigned J = 0; + std::string UntrustedList; for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) { string Src; @@ -2491,6 +2499,9 @@ delete[] Dsc; return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); } + + if (Last->Index().IsTrusted() == false) + UntrustedList += Src + " "; string srec = Last->AsStr(); string::size_type pos = srec.find("\nVcs-"); @@ -2575,6 +2586,10 @@ Last->Index().SourceInfo(*Last,*I),Src); } } + + // check authentication status of the source as well + if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) + return false; // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); diff -Nru apt-0.9.9.1~ubuntu3.1/debian/changelog apt-0.9.9.1~ubuntu3.2/debian/changelog --- apt-0.9.9.1~ubuntu3.1/debian/changelog 2014-04-03 12:50:15.000000000 +0200 +++ apt-0.9.9.1~ubuntu3.2/debian/changelog 2014-06-12 14:02:34.000000000 +0200 @@ -1,3 +1,10 @@ +apt (0.9.9.1~ubuntu3.2) saucy-security; urgency=low + + * SECURITY UPDATE: apt-get source validation + - CVE-2014-0478 + + -- Michael Vogt Thu, 12 Jun 2014 14:02:26 +0200 + apt (0.9.9.1~ubuntu3.1) saucy-proposed; urgency=low * cherry pick upstream commit 0caa5a4c to fix multiarch upgrade diff -Nru apt-0.9.9.1~ubuntu3.1/test/integration/framework apt-0.9.9.1~ubuntu3.2/test/integration/framework --- apt-0.9.9.1~ubuntu3.1/test/integration/framework 2013-07-10 17:04:41.000000000 +0200 +++ apt-0.9.9.1~ubuntu3.2/test/integration/framework 2014-06-12 14:01:48.000000000 +0200 @@ -151,7 +151,7 @@ mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p var/cache var/lib var/log + mkdir -p var/cache var/lib var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt @@ -910,3 +910,35 @@ local IGNORE read IGNORE } + +testsuccess() { + if [ "$1" = '--nomsg' ]; then + shift + else + msgtest 'Test for successful execution of' "$*" + fi + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output" + if $@ >${OUTPUT} 2>&1; then + msgpass + else + echo >&2 + cat >&2 $OUTPUT + msgfail + fi +} + +testfailure() { + if [ "$1" = '--nomsg' ]; then + shift + else + msgtest 'Test for failure in execution of' "$*" + fi + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" + if $@ >${OUTPUT} 2>&1; then + echo >&2 + cat >&2 $OUTPUT + msgfail + else + msgpass + fi +} diff -Nru apt-0.9.9.1~ubuntu3.1/test/integration/test-apt-get-source-authenticated apt-0.9.9.1~ubuntu3.2/test/integration/test-apt-get-source-authenticated --- apt-0.9.9.1~ubuntu3.1/test/integration/test-apt-get-source-authenticated 1970-01-01 01:00:00.000000000 +0100 +++ apt-0.9.9.1~ubuntu3.2/test/integration/test-apt-get-source-authenticated 2014-06-12 14:01:48.000000000 +0200 @@ -0,0 +1,31 @@ +#!/bin/sh +# +# Regression test for debian bug #749795. Ensure that we fail with +# a error if apt-get source foo will download a source that comes +# from a unauthenticated repository +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework + +setupenvironment +configarchitecture "i386" + +# a "normal" package with source and binary +buildsimplenativepackage 'foo' 'all' '2.0' + +setupaptarchive --no-update + +APTARCHIVE=$(readlink -f ./aptarchive) +rm -f $APTARCHIVE/dists/unstable/*Release* + +# update without authenticated InRelease file +testsuccess aptget update + +# this all should fail +testfailure aptget install -y foo +testfailure aptget source foo + +# allow overriding the warning +testsuccess aptget source --allow-unauthenticated foo