diff --git a/data/templates/Debian.mirrors b/data/templates/Debian.mirrors index 3c6b4c6f..d45a33e9 100644 --- a/data/templates/Debian.mirrors +++ b/data/templates/Debian.mirrors @@ -18,13 +18,11 @@ http://debian.mirror.serversaustralia.com.au/debian/ http://ftp.au.debian.org/debian/ http://mirror.aarnet.edu.au/debian/ http://mirror.amaze.com.au/debian/ -http://mirror.datamossa.io/debian/ http://mirror.intergrid.com.au/debian/ http://mirror.launtel.net.au/debian/ http://mirror.linux.org.au/debian/ http://mirror.overthewire.com.au/debian/ http://mirror.realcompute.io/debian/ -http://mirror.waia.asn.au/debian/ #LOC:BE http://ftp.be.debian.org/debian/ http://ftp.belnet.be/debian/ @@ -69,7 +67,6 @@ http://pkg.adfinis-sygroup.ch/debian/ #LOC:CL http://debian.netlinux.cl/debian/ http://debian.redlibre.cl/debian/ -http://debian.utalca.cl/debian/ http://ftp.cl.debian.org/debian/ http://mirror.insacom.cl/debian/ http://mirror.ufro.cl/debian/ @@ -96,6 +93,7 @@ http://ftp.sh.cvut.cz/debian/ http://ftp.zcu.cz/debian/ http://merlin.fit.vutbr.cz/debian/ http://mirror.dkm.cz/debian/ +http://mirror.it4i.cz/debian/ #LOC:DE http://artfiles.org/debian/ http://debian.charite.de/debian/ @@ -103,7 +101,6 @@ http://debian.inf.tu-dresden.de/debian/ http://debian.intergenia.de/debian/ http://debian.mirror.iphh.net/debian/ http://debian.mirror.lrz.de/debian/ -http://debian.mirror.net-d-sign.de/debian/ http://debian.tu-bs.de/debian/ http://debian.uni-duisburg-essen.de/debian/ http://ftp-stud.hs-esslingen.de/debian/ @@ -125,8 +122,10 @@ http://ftp.uni-stuttgart.de/debian/ http://ftp2.de.debian.org/debian/ http://mirror.23media.de/debian/ http://mirror.de.leaseweb.net/debian/ +http://mirror.dogado.de/debian/ http://mirror.eu.oneandone.net/debian/ http://mirror.ipb.de/debian/ +http://mirror.k-cix.de/debian/ http://mirror.netcologne.de/debian/ http://mirror.netzwerge.de/debian/ http://mirror.united-gameserver.de/debian/ @@ -152,6 +151,7 @@ http://ftp.cica.es/debian/ http://ftp.es.debian.org/debian/ http://ftp.udc.es/debian/ http://mirror.librelabucm.org/debian/ +http://repo.ifca.es/debian/ http://softlibre.unizar.es/debian/ http://ulises.hostalia.com/debian/ #LOC:FI @@ -160,7 +160,6 @@ http://www.nic.funet.fi/debian/ http://deb-mir1.naitways.net/debian/ http://debian.apt-mirror.de/debian/ http://debian.mirror.ate.info/ -http://debian.mirrors.ovh.net/debian/ http://debian.polytech-lille.fr/debian/ http://debian.proxad.net/debian/ http://debian.univ-lorraine.fr/debian/ @@ -179,12 +178,12 @@ http://mirrors.ircam.fr/pub/debian/ #LOC:GB http://debian.mirror.uk.sargasso.net/debian/ http://debian.mirrors.uk2.net/debian/ -http://debian.serverspace.co.uk/debian/ http://free.hands.com/debian/ http://ftp.is.debian.org/debian/ http://ftp.ticklers.org/debian/ http://ftp.uk.debian.org/debian/ http://mirror.bytemark.co.uk/debian/ +http://mirror.cov.ukservers.com/debian/ http://mirror.lchost.net/debian/ http://mirror.mythic-beasts.com/debian/ http://mirror.ox.ac.uk/debian/ @@ -194,7 +193,6 @@ http://mirror.sucs.swan.ac.uk/pub/linux/debian/ http://mirror.vorboss.net/debian/ http://mirrors.coreix.net/debian/ http://mirrors.m247.com/debian/ -http://mirrors.melbourne.co.uk/debian/ http://mirrorservice.org/sites/ftp.debian.org/debian/ http://ukdebian.mirror.anlx.net/debian/ #LOC:GE @@ -225,12 +223,12 @@ http://mirror.poliwangi.ac.id/debian/ http://debian.co.il/debian/ http://mirror.isoc.org.il/pub/debian/ #LOC:IN +http://debian.sbnw.in/debian/ http://debianmirror.nkn.in/debian/ http://debmirror.hbcse.tifr.res.in/debian/ http://mirror.cse.iitk.ac.in/debian/ #LOC:IR http://debian.asis.ai/debian/ -http://debian.parspack.com/debian/ http://mirror.aminidc.com/debian/ #LOC:IT http://debian.connesi.it/debian/ @@ -256,11 +254,14 @@ http://debian.mirror.ac.ke/debian/ http://debian.mirror.liquidtelecom.com/debian/ #LOC:KG http://mir.linux.kg/debian/ +#LOC:KH +http://mirror.cambo.host/debian/ #LOC:KR http://ftp.harukasan.org/debian/ http://ftp.kaist.ac.kr/debian/ http://ftp.kr.debian.org/debian/ http://ftp.lanet.kr/debian/ +http://mirror.anigil.com/debian/ #LOC:KZ http://mirror.hoster.kz/debian/ http://mirror.ps.kz/debian/ @@ -281,17 +282,13 @@ http://mirror.as43289.net/debian/ http://mirrors.mivocloud.com/debian/ #LOC:MK http://mirror.onevip.mk/debian/ -#LOC:MX -http://ftp.mx.debian.org/debian/ -http://mmc.geofisica.unam.mx/debian/ #LOC:NC http://debian.nautile.nc/debian/ http://ftp.nc.debian.org/debian/ +http://mirror.lagoon.nc/debian/ #LOC:NL http://debian.mirror.cambrium.nl/debian/ http://debian.snt.utwente.nl/debian/ -http://debian.voipgrow.com/debian/ -http://debmirror.tuxis.nl/debian/ http://ftp.debian.org/debian/ http://ftp.debian.xs4all.net/debian/ http://ftp.nl.debian.org/debian/ @@ -304,7 +301,6 @@ http://mirror.nforce.com/debian/ http://mirror.nl.datapacket.com/debian/ http://mirror.nl.leaseweb.net/debian/ http://mirror.novg.net/debian/ -http://mirror.proserve.nl/debian/ http://mirror.schoemaker.systems/debian/ http://mirror.seedvps.com/debian/ http://mirror.serverius.net/debian/ @@ -314,7 +310,6 @@ http://mirrors.xtom.nl/debian/ http://ftp.no.debian.org/debian/ http://ftp.uio.no/debian/ #LOC:NZ -http://ftp.citylink.co.nz/debian/ http://ftp.nz.debian.org/debian/ http://mirror.fsmg.org.nz/debian/ #LOC:PH @@ -336,8 +331,6 @@ http://mirrors.up.pt/debian/ #LOC:RE http://depot-debian.univ-reunion.fr/debian/ #LOC:RO -http://ftp.ro.debian.org/debian/ -http://ftp.upcnet.ro/debian/ http://mirrors.nav.ro/debian/ http://mirrors.nxthost.com/debian/ http://mirrors.pidginhost.com/debian/ @@ -391,7 +384,6 @@ http://ftp.tku.edu.tw/debian/ http://ftp.tw.debian.org/debian/ http://opensource.nchc.org.tw/debian/ #LOC:UA -http://debian.org.ua/debian/ http://debian.volia.net/debian/ http://mirror.mirohost.net/debian/ #LOC:US @@ -402,17 +394,14 @@ http://debian.csail.mit.edu/debian/ http://debian.ec.as6453.net/debian/ http://debian.gtisc.gatech.edu/debian/ http://debian.mirror.constant.com/debian/ -http://debian.mirrors.pair.com/debian/ http://debian.osuosl.org/debian/ http://debian.uchicago.edu/debian/ http://ftp.us.debian.org/debian/ -http://ftp.utexas.edu/debian/ http://mirror.cc.columbia.edu/debian/ http://mirror.cogentco.com/debian/ http://mirror.keystealth.org/debian/ http://mirror.pit.teraswitch.com/debian/ http://mirror.siena.edu/debian/ -http://mirror.sjc02.svwh.net/debian/ http://mirror.steadfast.net/debian/ http://mirror.us.leaseweb.net/debian/ http://mirror.us.oneandone.net/debian/ @@ -434,7 +423,7 @@ http://us.mirror.nsec.pt/debian/ http://debian.repo.cure.edu.uy/debian/ #LOC:VN http://debian.xtdv.net/debian/ +http://mirror.bizflycloud.vn/debian/ #LOC:ZA -http://debian.mirror.ac.za/debian/ http://debian.saix.net/ http://ftp.is.co.za/debian/ diff --git a/data/templates/Ubuntu.mirrors b/data/templates/Ubuntu.mirrors index 08859988..768c885d 100644 --- a/data/templates/Ubuntu.mirrors +++ b/data/templates/Ubuntu.mirrors @@ -1,4 +1,6 @@ mirror://mirrors.ubuntu.com/mirrors.txt +#LOC:AL +https://al.mirror.kumi.systems/ubuntu/ #LOC:AM http://mirrors.asnet.am/ubuntu/ #LOC:AR @@ -6,26 +8,25 @@ http://mirrors.eze.sysarmy.com/ubuntu/ http://ubuntu.unc.edu.ar/ubuntu/ #LOC:AT http://mirror.easyname.at/ubuntu-archive/ -http://mirror.kumi.systems/ubuntu/ http://ubuntu.anexia.at/ubuntu/ http://ubuntu.inode.at/ubuntu/ http://ubuntu.lagis.at/ubuntu/ http://ubuntu.uni-klu.ac.at/ubuntu/ +https://mirror.kumi.systems/ubuntu-ports/ +https://mirror.kumi.systems/ubuntu/ #LOC:AU http://ftp.iinet.net.au/pub/ubuntu/ http://mirror.aarnet.edu.au/pub/ubuntu/archive/ -http://mirror.as24220.net/pub/ubuntu-archive/ http://mirror.as24220.net/pub/ubuntu/ http://mirror.intergrid.com.au/ubuntu/ http://mirror.internode.on.net/pub/ubuntu/ubuntu/ http://mirror.netspace.net.au/pub/ubuntu/ http://mirror.overthewire.com.au/ubuntu/ +http://mirror.realcompute.io/ubuntu/ http://mirror.solnode.io/ubuntu/releases/ -http://mirror.tcc.wa.edu.au/ubuntu/ -http://mirror.waia.asn.au/ubuntu/ -http://ubuntu.melbourneitmirror.net/archive/ http://ubuntu.mirror.datamossa.io/ubuntu/ http://ubuntu.mirror.serversaustralia.com.au/ubuntu/ +https://mirror.internet.asn.au/pub/ubuntu/archive/ https://mirror.launtel.net.au/ubuntu/ https://ubuntu.mirror.digitalpacific.com.au/archive/ #LOC:AZ @@ -37,7 +38,6 @@ http://archive.ubuntu.mirror.ba/ubuntu/ #LOC:BD http://mirror.dhakacom.com/ubuntu-archive/ http://mirror.dhakacom.com/ubuntu/ -http://mirror.exid.us/ubuntu-archive/ http://mirror.xeonbd.com/ubuntu-archive/ #LOC:BE http://ftp.belnet.be/ubuntu/ @@ -51,7 +51,6 @@ http://ubuntu.uni-sofia.bg/ubuntu/ #LOC:BR http://mirror.globo.com/ubuntu/archive/ http://mirror.ufam.edu.br/ubuntu/ -http://mirror.ufca.edu.br/mirror/ubuntu-archive/ http://mirror.ufscar.br/ubuntu/ http://repositorio.nti.ufal.br/ubuntu/ http://sft.if.usp.br/ubuntu/ @@ -68,11 +67,12 @@ ftp://ftp.cs.mun.ca/pub/mirror/ubuntu/ http://archive.ubuntu.mirror.rafal.ca/ubuntu/ http://gpl.savoirfairelinux.net/pub/mirrors/ubuntu/ http://mirror.ca-tr.kamatera.com/ubuntu/ +http://mirror.cedille.club/ubuntu/ http://mirror.clibre.uqam.ca/ubuntu/ http://mirror.csclub.uwaterloo.ca/ubuntu/ http://mirror.it.ubc.ca/ubuntu/ http://mirror.its.dal.ca/ubuntu/ -http://mirror.its.sfu.ca/mirror/ubuntu/ +http://mirror.rcg.sfu.ca/mirror/ubuntu/ http://mirrors.layeronline.com/ubuntu/ http://muug.ca/mirror/ubuntu/ http://ubuntu.bhs.mirrors.ovh.net/ubuntu/ @@ -80,15 +80,19 @@ http://ubuntu.ca-west.mirror.fullhost.io/ubuntu/ http://ubuntu.mirror.globo.tech/ http://ubuntu.mirror.iweb.ca/ http://ubuntu.mirror.rafal.ca/ubuntu/ +https://mirror.esecuredata.com/ubuntu-archive/ +https://mirror.reenigne.net/ubuntu/ +https://mirrors.switch.ca/ubuntu/ #LOC:CH http://archive.ubuntu.csg.uzh.ch/ubuntu/ http://mirror.init7.net/ubuntu/ http://pkg.adfinis-sygroup.ch/ubuntu/ http://ubuntu.ethz.ch/ubuntu/ #LOC:CL -http://ftp.tecnoera.com/ubuntu/ http://mirror.uchile.cl/ubuntu/ +http://mirror1.cl.netactuate.com/ubuntu/ http://mirrors.cloud.linets.cl/ubuntu/ +https://mirror.ufro.cl/ubuntu/ #LOC:CN http://ftp.sjtu.edu.cn/ubuntu/ http://linux.xjtuns.cn/ubuntu/ @@ -104,7 +108,9 @@ http://mirrors.sohu.com/ubuntu/ http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ http://mirrors.ustc.edu.cn/ubuntu/ http://mirrors.yun-idc.com/ubuntu/ +https://mirror.bjtu.edu.cn/ubuntu/ https://mirrors.bfsu.edu.cn/ubuntu/ +https://mirrors.hit.edu.cn/ubuntu/ #LOC:CO http://mirror.unimagdalena.edu.co/ubuntu/ #LOC:CR @@ -118,6 +124,7 @@ http://ftp.linux.cz/pub/linux/ubuntu/ http://ftp.sh.cvut.cz/ubuntu/ http://mirror.dkm.cz/ubuntu/ http://ucho.ignum.cz/ubuntu/ +https://mirror.it4i.cz/ubuntu/ #LOC:DE ftp://ftp.fu-berlin.de/linux/ubuntu/ ftp://ftp.rrzn.uni-hannover.de/pub/mirror/linux/ubuntu @@ -136,11 +143,10 @@ http://ftp.tu-ilmenau.de/mirror/ubuntu/ http://ftp.uni-bayreuth.de/linux/ubuntu/ubuntu/ http://ftp.uni-kl.de/pub/linux/ubuntu/ http://ftp.uni-mainz.de/ubuntu/ -http://ftp.uni-stuttgart.de/ubuntu/ http://ftp5.gwdg.de/pub/linux/debian/ubuntu/ http://linux.darkpenguin.net/distros/ubuntu-archive/ http://mirror.23media.com/ubuntu/ -http://mirror.de.leaseweb.net/ubuntu/ +http://mirror.daniel-jost.net/ubuntu/ http://mirror.eu-fr.kamatera.com/ubuntu/ http://mirror.funkfreundelandshut.de/ubuntu/ http://mirror.ipb.de/ubuntu/ @@ -150,7 +156,6 @@ http://mirror.plustech.de/ubuntu/ http://mirror.ratiokontakt.de/mirror/ubuntu/ http://mirror.serverloft.eu/ubuntu/ubuntu/ http://mirror.stw-aachen.de/ubuntu/ -http://mirror.wff-gaming.de/ubuntu/ http://mirror.wtnet.de/ubuntu/ http://mirror2.tuxinator.org/ubuntu/ http://packages.oth-regensburg.de/ubuntu/ @@ -159,15 +164,18 @@ http://ubuntu.cybertips.info/ubuntu/ http://ubuntu.mirror.lrz.de/ubuntu/ http://ubuntu.mirror.tudos.de/ubuntu/ http://ubuntu.unitedcolo.de/ubuntu/ +https://de.mirrors.clouvider.net/ubuntu/ https://files.tux-users.net/ubuntu/ +https://ftp.uni-stuttgart.de/ubuntu/ +https://mirror.de.leaseweb.net/ubuntu/ +https://mirror.dogado.de/ubuntu/ https://mirror.scaleuptech.com/ubuntu/ #LOC:DK http://ftp.klid.dk/ftp/ubuntu/ -http://klid.dk/ftp/ubuntu/ -http://mirror.easyspeedy.com/ubuntu/ http://mirror.netsite.dk/ubuntu/archive/ http://mirror.one.com/ubuntu/ http://mirrors.dotsrc.org/ubuntu/ +https://mirror.asergo.com/ubuntu/ #LOC:EC http://mirror.cedia.org.ec/ubuntu/ http://mirror.espol.edu.ec/ubuntu/ @@ -190,24 +198,24 @@ http://mirror.hosthink.net/ubuntu/ http://mirrors.nic.funet.fi/ubuntu/ #LOC:FR http://distrib-coffee.ipsl.jussieu.fr/pub/linux/ubuntu/ -http://fr.archive.ubuntu.com/ubuntu/ http://ftp.oleane.net/ubuntu/ http://ftp.rezopole.net/ubuntu/ -http://ftp.u-picardie.fr/mirror/ubuntu/ubuntu/ http://miroir.univ-lorraine.fr/ubuntu/ http://mirror.plusserver.com/ubuntu/ubuntu/ -http://mirror.ubuntu.ikoula.com/ -http://mirror.ubuntu.ikoula.com/ubuntu/ http://mirrors.ircam.fr/pub/ubuntu/archive/ http://ubuntu.mirror.serverloft.de/ubuntu/ http://ubuntu.mirrors.ovh.net/ubuntu/ http://ubuntu.univ-nantes.fr/ubuntu/ http://ubuntu.univ-reims.fr/ubuntu/ http://www-ftp.lip6.fr/pub/linux/distributions/Ubuntu/archive/ +https://fr.archive.ubuntu.com/ubuntu/ +https://ftp.u-picardie.fr/mirror/ubuntu/ubuntu/ +https://mirror.ubuntu.ikoula.com/ #LOC:GB http://archive.ubuntu.com/ubuntu/ http://mirror.as29550.net/archive.ubuntu.com/ http://mirror.bytemark.co.uk/ubuntu/ +http://mirror.cov.ukservers.com/ubuntu/ http://mirror.eu-lo.kamatera.com/ubuntu/ http://mirror.freethought-internet.co.uk/ubuntu/ http://mirror.mythic-beasts.com/ubuntu/ @@ -217,12 +225,13 @@ http://mirror.vorboss.net/ubuntu-archive/ http://mirrors.coreix.net/ubuntu/ http://mirrors.melbourne.co.uk/ubuntu/ http://mirrors.ukfast.co.uk/sites/archive.ubuntu.com/ -http://mozart.ee.ic.ac.uk/ubuntu-archive/ http://ubuntu.mirrors.uk2.net/ubuntu/ http://ubuntu.positive-internet.com/ubuntu/ http://uk-mirrors.evowise.com/ubuntu/ http://uk.mirror.worldbus.ge/ubuntu/ http://www.mirrorservice.org/sites/archive.ubuntu.com/ubuntu/ +https://mirrors.gethosted.online/ubuntu/ +https://uk.mirrors.clouvider.net/ubuntu/ #LOC:GE http://ubuntu.grena.ge/ubuntu/ #LOC:GL @@ -239,13 +248,14 @@ http://mirror.as.kamatera.com/ubuntu/ http://mirror.xtom.com.hk/ubuntu/ http://www.ubuntu.org.tw/ #LOC:HR -http://hr.archive.ubuntu.com/ubuntu/ +http://ubuntu.grad.hr/ubuntu/ +https://hr.mirror.kumi.systems/ubuntu/ #LOC:HU http://ftp.fsn.hu/ubuntu/ http://mirrors.sth.sze.hu/ubuntu/ -http://quantum-mirror.hu/mirrors/pub/ubuntu/ http://repo.jztkft.hu/ubuntu/ https://mirror.niif.hu/ubuntu/ +https://quantum-mirror.hu/mirrors/pub/ubuntu/ #LOC:ID http://buaya.klas.or.id/ubuntu/ http://kambing.ui.ac.id/ubuntu/ @@ -258,9 +268,11 @@ http://mirror.labkom.id/ubuntu/ http://mirror.poliwangi.ac.id/ubuntu/ http://mirror.telkomuniversity.ac.id/ubuntu/ http://mirror.unej.ac.id/ubuntu/ -http://repo.unpatti.ac.id/ubuntu/ http://suro.ubaya.ac.id/ubuntu/ -http://ubuntu.acehprov.go.id/ubuntu/ +https://mirror.gi.co.id/ubuntu/ +https://mirror.papua.go.id/ubuntu/ +https://pinguin.dinus.ac.id/iso/ubuntu/repo/ +https://repo.dinamika.ac.id/ubuntu/ #LOC:IE http://ftp.heanet.ie/pub/ubuntu/ #LOC:IL @@ -272,7 +284,6 @@ http://mirror.il.kamatera.com/ubuntu/ http://mirror.isoc.org.il/pub/ubuntu/ http://rep-ubuntu-il.upress.io/ubuntu/ #LOC:IN -http://ftp.iitm.ac.in/ubuntu/ http://mirror.cse.iitk.ac.in/ubuntu/ http://mirrors.piconets.webwerks.in/ubuntu-mirror/ubuntu/ http://repos.del.extreme-ix.org/ubuntu/ @@ -282,20 +293,17 @@ http://ubuntu.mirror.snu.edu.in/ubuntu/ #LOC:IR http://archive.ubuntu.petiak.ir/ubuntu/ http://ir.ubuntu.sindad.cloud/ubuntu/ -http://mirror.0-1.cloud/ubuntu/ http://mirror.aminidc.com/ubuntu/ http://mirror.armaghan.net/ubuntu/ -http://mirror.iranserver.com/ubuntu/ -http://mirror.network32.net/ubuntu/ http://mirror.rasanegar.com/ubuntu/archive/ -http://mirror.xaas.ir/ubuntu/ http://repo.iut.ac.ir/repo/Ubuntu/ -http://ubuntu-mirror.parsdev.net/ubuntu-archive/ -http://ubuntu.hostiran.ir/ubuntuarchive/ +https://mirror.iranserver.com/ubuntu/ +https://ubuntu.shatel.ir/ubuntu/ #LOC:IS http://speglar.simnet.is/ubuntu/ http://ubuntu.hysing.is/ubuntu/ #LOC:IT +http://giano.com.dist.unige.it/ubuntu/ http://it-mirrors.evowise.com/ubuntu/ http://ubuntu.connesi.it/ubuntu/ http://ubuntu.mirror.garr.it/ubuntu/ @@ -303,6 +311,7 @@ http://ubuntu.mirror.garr.it/ubuntu/ http://ftp.jaist.ac.jp/pub/Linux/ubuntu/ http://ftp.riken.jp/Linux/ubuntu/ http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu/ +http://mirror.fairway.ne.jp/ubuntu/ http://ubuntu-ashisuto.ubuntulinux.jp/ubuntu/ http://ubuntutym.u-toyama.ac.jp/ubuntu/ http://www.ftp.ne.jp/Linux/packages/ubuntu/archive/ @@ -313,12 +322,16 @@ http://ubuntu.mirror.ac.ke/ubuntu/ http://mirror.telcotech.com.kh/Linux/ubuntu-releases/ #LOC:KR http://ftp.daum.net/ubuntu/ -http://ftp.harukasan.org/ubuntu/ http://ftp.lanet.kr/ubuntu/ +http://mirror.anigil.com/ubuntu/ http://mirror.kakao.com/ubuntu/ -http://mirror.yongbok.net/ubuntu/ -#LOC:KW -http://ubuntu.archive.kw.zain.com/ +https://ftp.harukasan.org/ubuntu-ports/ +https://ftp.harukasan.org/ubuntu/ +https://mirror.misakamikoto.network/ubuntu-ports/ +https://mirror.misakamikoto.network/ubuntu/ +https://mirror.yongbok.net/ubuntu/ +https://twitchdarkbot.com/ubuntu-ports/ +https://twitchdarkbot.com/ubuntu/ #LOC:KZ http://mirror.hoster.kz/ubuntu/ http://mirror.neolabs.kz/ubuntu/ @@ -331,12 +344,12 @@ http://ubuntu.mirror.vu.lt/ubuntu/ #LOC:LU http://ubuntu.mirror.root.lu/ubuntu/ #LOC:LV -http://ubuntu-arch.linux.edu.lv/ubuntu/ http://ubuntu.koyanet.lv/ubuntu/ #LOC:MA http://mirror.marwan.ma/ubuntu/ #LOC:MD http://mirror.as43289.net/ubuntu/ +http://mirror.ihost.md/ubuntu/ http://mirrors.mivocloud.com/ubuntu/ #LOC:MG http://ubuntu.dts.mg/ubuntu/ @@ -347,13 +360,16 @@ http://mirror.t-home.mk/ubuntu/ http://mirror.datacenter.mn/ubuntu/ #LOC:MY http://my.mirrors.thegigabit.com/ubuntu/ -http://ubuntu.ipserverone.com/ubuntu/ http://ubuntu.mirror.myduniahost.com/ubuntu/ http://ubuntu.tuxuri.com/ubuntu/ +https://ubuntu.ipserverone.com/ubuntu/ #LOC:NA http://download.nust.na/pub/ubuntu/ubuntu/ #LOC:NC http://archive.ubuntu.nautile.nc/ubuntu/ +http://ubuntu.lagoon.nc/ubuntu/ +#LOC:NG +http://mirror.ng/ubuntu-archive/ #LOC:NL ftp://ftpserv.tudelft.nl/pub/Linux/archive.ubuntu.com/ http://ftp.nluug.nl/os/Linux/distr/ubuntu/ @@ -366,7 +382,6 @@ http://mirror.eu.kamatera.com/ubuntu/ http://mirror.hostnet.nl/ubuntu/archive/ http://mirror.nforce.com/pub/linux/ubuntu/ http://mirror.nl.datapacket.com/ubuntu/ -http://mirror.nl.leaseweb.net/ubuntu/ http://mirror.previder.nl/ubuntu/ http://mirror.serverion.com/ubuntu/ http://mirror.serverius.net/ubuntu/ @@ -378,6 +393,8 @@ http://nl3.archive.ubuntu.com/ubuntu/ http://osmirror.rug.nl/ubuntu/ http://ubuntu.mirror.cambrium.nl/ubuntu/ http://ubuntu.mirror.true.nl/ubuntu/ +https://mirror.nl.leaseweb.net/ubuntu/ +https://nl.mirrors.clouvider.net/ubuntu/ #LOC:NO http://ftp.uninett.no/ubuntu/ http://no.archive.ubuntu.com/ubuntu/ @@ -406,6 +423,7 @@ http://mirror.chmuri.net/ubuntu/ http://piotrkosoft.net/pub/mirrors/ubuntu/ http://ubuntu.man.lodz.pl/ubuntu/ http://ubuntu.task.gda.pl/ubuntu/ +https://ftp.ps.pl/pub/Linux/ubuntu/archive/ #LOC:PR http://mirrors.upr.edu/ubuntu/ #LOC:PT @@ -416,7 +434,6 @@ http://glua.ua.pt/pub/ubuntu/ http://mirrors.up.pt/ubuntu/ https://mirrors.ptisp.pt/ubuntu/ #LOC:RO -http://ftp.upcnet.ro/mirrors/ubuntu.com/ubuntu/ http://mirror.efect.ro/ubuntu/archive/ http://mirrors.nav.ro/ubuntu/ http://mirrors.nxthost.com/ubuntu/ @@ -427,15 +444,16 @@ http://ubuntu.mirrors.linux.ro/archive/ https://mirrors.chroot.ro/ubuntu/ #LOC:RS http://ubuntu.mirror.ftn.uns.ac.rs/archive/ +https://rs.mirror.kumi.systems/ubuntu/ #LOC:RU http://mirror.corbina.net/ubuntu/ http://mirror.docker.ru/ubuntu/ +http://mirror.logol.ru/ubuntu/ http://mirror.timeweb.ru/ubuntu/ -http://mirror.truenetwork.ru/ubuntu/ http://mirror.yandex.ru/ubuntu/ http://mirrors.powernet.com.ru/ubuntu/ -#LOC:RW -ftp://mirror.ricta.org.rw/ubuntu/ +https://mirror.linux-ia64.org/ubuntu/ +https://mirror.truenetwork.ru/ubuntu/ #LOC:SA http://mirrors.isu.net.sa/pub/ubuntu-releases/ #LOC:SE @@ -446,40 +464,42 @@ http://mirror.operationtulip.com/ubuntu/ http://mirror.zetup.net/ubuntu/ http://mirrors.c0urier.net/linux/ubuntu/ http://ubuntu.mirror.su.se/ubuntu/ +https://ftpmirror1.infania.net/ubuntu/ +https://mirror.duvaliden.com/ubuntu/ #LOC:SG http://download.nus.edu.sg/mirror/ubuntu/ http://mirror.0x.sg/ubuntu/ http://mirror.aktkn.sg/ubuntu/ #LOC:SI http://ftp.arnes.si/pub/mirrors/ubuntu/ +https://si.mirror.kumi.systems/ubuntu/ #LOC:SK http://ftp.energotel.sk/pub/linux/ubuntu/ http://mirror.vnet.sk/ubuntu/ http://tux.rainside.sk/ubuntu/ #LOC:TH -http://mirror.kku.ac.th/ubuntu/ http://mirror1.ku.ac.th/ubuntu/ http://mirror1.totbb.net/ubuntu/ http://mirrors.bangmod.cloud/ubuntu/ http://mirrors.nipa.cloud/ubuntu/ http://mirrors.psu.ac.th/ubuntu/ -#LOC:TN -http://ubuntu.mirror.tn/ubuntu/ +https://mirror.kku.ac.th/ubuntu/ #LOC:TR http://ftp.linux.org.tr/ubuntu/ -http://kozyatagi.mirror.guzel.net.tr/ubuntu/ http://mirror.muvhost.com/ubuntu/ http://mirror.ni.net.tr/ubuntu/ http://ubuntu.saglayici.com/ubuntu/ http://ubuntu.turhost.com/ubuntu/ http://ubuntu.vargonen.com/ubuntu/ https://mirror.provider.com.tr/ubuntu/ +https://mirror.sh.com.tr/ubuntu/ #LOC:TW http://free.nchc.org.tw/ubuntu/ +http://ftp.mirror.tw/pub/ubuntu/ubuntu/ http://ftp.ntou.edu.tw/ubuntu/ http://ftp.tku.edu.tw/ubuntu/ +http://ftp.twaren.net/Linux/Ubuntu/ubuntu/ http://ftp.ubuntu-tw.net/ubuntu/ -http://ftp.yzu.edu.tw/ubuntu/ http://mirror.nwlab.tk/ubuntu/ http://mirror01.idc.hinet.net/ubuntu/ http://ubuntu.cs.nctu.edu.tw/ubuntu/ @@ -490,17 +510,16 @@ http://mirror.aptus.co.tz/pub/ubuntuarchive/ #LOC:UA http://mirror.mirohost.net/ubuntu/ http://ubuntu.colocall.net/ubuntu/ -http://ubuntu.ip-connect.vn.ua/ http://ubuntu.mirrors.omnilance.com/ubuntu/ http://ubuntu.netforce.hosting/ubuntu/ http://ubuntu.volia.net/ubuntu-archive/ +https://ubuntu.ip-connect.vn.ua/ #LOC:UG http://mirror.renu.ac.ug/ubuntu/ #LOC:US http://archive.linux.duke.edu/ubuntu/ http://ftp.usf.edu/pub/ubuntu/ http://ftp.ussg.iu.edu/linux/ubuntu/ -http://ftp.utexas.edu/ubuntu/ http://la-mirrors.evowise.com/ubuntu/ http://lug.mtu.edu/ubuntu/ http://mirror.ancl.hawaii.edu/linux/ubuntu/ @@ -515,13 +534,13 @@ http://mirror.cs.pitt.edu/ubuntu/archive/ http://mirror.cs.unm.edu/archive/ http://mirror.enzu.com/ubuntu/ http://mirror.genesisadaptive.com/ubuntu/ +http://mirror.lcsee.wvu.edu/ubuntu/ http://mirror.lstn.net/ubuntu/ http://mirror.math.princeton.edu/pub/ubuntu/ http://mirror.math.ucdavis.edu/ubuntu/ http://mirror.metrocast.net/ubuntu/ http://mirror.mrjester.net/ubuntu/archive/ http://mirror.nodesdirect.com/ubuntu/ -http://mirror.os6.org/ubuntu/ http://mirror.pit.teraswitch.com/ubuntu/ http://mirror.pnl.gov/ubuntu/ http://mirror.siena.edu/ubuntu/ @@ -529,7 +548,6 @@ http://mirror.sjc02.svwh.net/ubuntu/ http://mirror.steadfastnet.com/ubuntu/ http://mirror.team-cymru.com/ubuntu/ http://mirror.team-cymru.org/ubuntu/ -http://mirror.tocici.com/ubuntu/ http://mirror.ubuntu.serverforge.org/ http://mirror.umd.edu/ubuntu/ http://mirror.uoregon.edu/ubuntu/ @@ -537,14 +555,11 @@ http://mirror.us-midwest-1.nexcess.net/ubuntu/ http://mirror.us-ny2.kamatera.com/ubuntu/ http://mirror.us-sc.kamatera.com/ubuntu/ http://mirror.us-tx.kamatera.com/ubuntu/ -http://mirror.us.leaseweb.net/ubuntu/ http://mirror.vcu.edu/pub/gnu+linux/ubuntu/ http://mirrors.accretive-networks.net/ubuntu/ http://mirrors.advancedhosters.com/ubuntu/ http://mirrors.arpnetworks.com/Ubuntu/ -http://mirrors.bloomu.edu/ubuntu/ http://mirrors.cat.pdx.edu/ubuntu/ -http://mirrors.codec-cluster.org/ubuntu/ http://mirrors.easynews.com/linux/ubuntu/ http://mirrors.gigenet.com/ubuntuarchive/ http://mirrors.liquidweb.com/ubuntu/ @@ -581,20 +596,29 @@ http://ubuntu.securedservers.com/ http://us.mirror.nsec.pt/ubuntu/ http://www.club.cc.cmu.edu/pub/ubuntu/ http://www.gtlib.gatech.edu/pub/ubuntu/ +https://archive.ubuntu.thomas-ward-consulting.llc/ubuntu/ +https://atl.mirrors.clouvider.net/ubuntu/ +https://la.mirrors.clouvider.net/ubuntu/ +https://mirror.os6.org/ubuntu/ +https://mirror.us.leaseweb.net/ubuntu/ +https://mirrors.bloomu.edu/ubuntu/ +https://nyc.mirrors.clouvider.net/ubuntu/ #LOC:UY http://repos.interior.edu.uy/ubuntu/ http://ubuntu.repo.cure.edu.uy/mirror/ #LOC:UZ http://ubuntu.snet.uz/ubuntu/ #LOC:VN +http://mirror.bizflycloud.vn/ubuntu/ http://mirror.clearsky.vn/ubuntu/ http://mirror.ehost.vn/ubuntu/ http://mirrors.nhanhoa.com/ubuntu/ http://mirrors.vhost.vn/ubuntu/ http://opensource.xtdv.net/ubuntu/ +https://mirrors.bkns.vn/ubuntu/ #LOC:ZA http://ftp.leg.uct.ac.za/ubuntu/ http://mirror.lnx-solutions.com/ubuntu/ http://mirror.wiru.co.za/ubuntu/ -http://ubuntu.mirror.ac.za/ubuntu-archive/ http://ubuntu.mirror.rain.co.za/ubuntu/ +https://ubuntu.mirror.ac.za/ diff --git a/debian/changelog b/debian/changelog index c3a8990f..48aebb55 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +python-apt (1.6.5ubuntu0.4) bionic-security; urgency=high + + * SECURITY UPDATE: various memory and file descriptor leaks (LP: #1899193) + - python/arfile.cc, python/generic.h, python/tag.cc, python/tarfile.cc: + fix file descriptor and memory leaks + - python/apt_instmodule.cc, python/apt_instmodule.h, python/arfile.h: + Avoid reference cycle with control,data members in apt_inst.DebFile + objects + - tests/test_cve_2020_27351.py: Test cases for DebFile (others not easily + testable) + - CVE-2020-27351 + * data/templates: Update mirror lists + + -- Julian Andres Klode Tue, 01 Dec 2020 20:16:11 +0100 + python-apt (1.6.5ubuntu0.3) bionic; urgency=medium * Don't duplicate disabled sources during add() (LP: #1311056) diff --git a/python/apt_instmodule.cc b/python/apt_instmodule.cc index 825fa1e3..1b30d606 100644 --- a/python/apt_instmodule.cc +++ b/python/apt_instmodule.cc @@ -77,5 +77,6 @@ extern "C" void initapt_inst() ADDTYPE(module,"DebFile",&PyDebFile_Type); ADDTYPE(module,"TarFile",&PyTarFile_Type); ADDTYPE(module,"TarMember",&PyTarMember_Type); + ADDTYPE(module,"__FileFd",&PyFileFd_Type); RETURN(module); } diff --git a/python/apt_instmodule.h b/python/apt_instmodule.h index ad4e9f72..92c98009 100644 --- a/python/apt_instmodule.h +++ b/python/apt_instmodule.h @@ -20,7 +20,7 @@ extern PyTypeObject PyArArchive_Type; extern PyTypeObject PyDebFile_Type; extern PyTypeObject PyTarFile_Type; extern PyTypeObject PyTarMember_Type; - +extern PyTypeObject PyFileFd_Type; struct PyTarFileObject : public CppPyObject { int min; FileFd Fd; diff --git a/python/arfile.cc b/python/arfile.cc index 77b49f36..3659db93 100644 --- a/python/arfile.cc +++ b/python/arfile.cc @@ -128,6 +128,35 @@ PyTypeObject PyArMember_Type = { armember_getset, // tp_getset }; + +static const char *filefd_doc= + "Internal helper type, representing a FileFd."; +PyTypeObject PyFileFd_Type = { + PyVarObject_HEAD_INIT(&PyType_Type, 0) + "apt_inst.__FileFd" , // tp_name + sizeof(CppPyObject), // tp_basicsize + 0, // tp_itemsize + // Methods + CppDealloc, // tp_dealloc + 0, // tp_print + 0, // tp_getattr + 0, // tp_setattr + 0, // tp_compare + 0, // tp_repr + 0, // tp_as_number + 0, // tp_as_sequence + 0, // tp_as_mapping + 0, // tp_hash + 0, // tp_call + 0, // tp_str + 0, // tp_getattro + 0, // tp_setattro + 0, // tp_as_buffer + Py_TPFLAGS_DEFAULT, // tp_flags + filefd_doc, // tp_doc +}; + + // We just add an inline method and should thus be ABI compatible in a way that // we can simply cast ARArchive instances to PyARArchiveHack. class PyARArchiveHack : public ARArchive @@ -139,7 +168,7 @@ public: }; struct PyArArchiveObject : public CppPyObject { - FileFd Fd; + CppPyObject *Fd; }; static const char *ararchive_getmember_doc = @@ -185,7 +214,7 @@ static PyObject *ararchive_extractdata(PyArArchiveObject *self, PyObject *args) "Member '%s' is too large to read into memory",name.path); return 0; } - if (!self->Fd.Seek(member->Start)) + if (!self->Fd->Object.Seek(member->Start)) return HandleErrors(); char* value; @@ -196,7 +225,7 @@ static PyObject *ararchive_extractdata(PyArArchiveObject *self, PyObject *args) "Member '%s' is too large to read into memory",name.path); return 0; } - self->Fd.Read(value, member->Size, true); + self->Fd->Object.Read(value, member->Size, true); PyObject *result = PyBytes_FromStringAndSize(value, member->Size); delete[] value; return result; @@ -274,7 +303,7 @@ static PyObject *ararchive_extract(PyArArchiveObject *self, PyObject *args) PyErr_Format(PyExc_LookupError,"No member named '%s'",name.path); return 0; } - return _extract(self->Fd, member, target); + return _extract(self->Fd->Object, member, target); } static const char *ararchive_extractall_doc = @@ -293,7 +322,7 @@ static PyObject *ararchive_extractall(PyArArchiveObject *self, PyObject *args) const ARArchive::Member *member = self->Object->Members(); do { - if (_extract(self->Fd, member, target) == 0) + if (_extract(self->Fd->Object, member, target) == 0) return 0; } while ((member = member->Next)); Py_RETURN_TRUE; @@ -320,10 +349,10 @@ static PyObject *ararchive_gettar(PyArArchiveObject *self, PyObject *args) return 0; } - PyTarFileObject *tarfile = (PyTarFileObject*)CppPyObject_NEW(self,&PyTarFile_Type); - new (&tarfile->Fd) FileFd(self->Fd); + PyTarFileObject *tarfile = (PyTarFileObject*)CppPyObject_NEW(self->Fd,&PyTarFile_Type); + new (&tarfile->Fd) FileFd(self->Fd->Object.Fd()); tarfile->min = member->Start; - tarfile->Object = new ExtractTar(self->Fd, member->Size, comp); + tarfile->Object = new ExtractTar(self->Fd->Object, member->Size, comp); return HandleErrors(tarfile); } @@ -390,36 +419,38 @@ static PyObject *ararchive_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { PyObject *file; - PyArArchiveObject *self; PyApt_Filename filename; int fileno; if (PyArg_ParseTuple(args,"O:__new__",&file) == 0) return 0; + PyApt_UniqueObject self(NULL); // We receive a filename. if (filename.init(file)) { - self = (PyArArchiveObject *)CppPyObject_NEW(0,type); - new (&self->Fd) FileFd(filename,FileFd::ReadOnly); + self.reset((PyArArchiveObject*) CppPyObject_NEW(0,type)); + self->Fd = CppPyObject_NEW(NULL, &PyFileFd_Type); + new (&self->Fd->Object) FileFd(filename,FileFd::ReadOnly); } // We receive a file object. else if ((fileno = PyObject_AsFileDescriptor(file)) != -1) { // Clear the error set by PyObject_AsString(). PyErr_Clear(); - self = (PyArArchiveObject *)CppPyObject_NEW(file,type); - new (&self->Fd) FileFd(fileno,false); + self->Fd = CppPyObject_NEW(NULL, &PyFileFd_Type); + self.reset((PyArArchiveObject*) CppPyObject_NEW(file,type)); + new (&self->Fd->Object) FileFd(fileno,false); } else { return 0; } - self->Object = (PyARArchiveHack*)new ARArchive(self->Fd); + self->Object = (PyARArchiveHack*)new ARArchive(self->Fd->Object); if (_error->PendingError() == true) return HandleErrors(); - return self; + return self.release(); } static void ararchive_dealloc(PyObject *self) { - ((PyArArchiveObject *)(self))->Fd.~FileFd(); + Py_CLEAR(((PyArArchiveObject *)(self))->Fd); CppDeallocPtr(self); } @@ -529,10 +560,10 @@ static PyObject *_gettar(PyDebFileObject *self, const ARArchive::Member *m, { if (!m) return 0; - PyTarFileObject *tarfile = (PyTarFileObject*)CppPyObject_NEW(self,&PyTarFile_Type); - new (&tarfile->Fd) FileFd(self->Fd); + PyTarFileObject *tarfile = (PyTarFileObject*)CppPyObject_NEW(self->Fd,&PyTarFile_Type); + new (&tarfile->Fd) FileFd(self->Fd->Object.Fd()); tarfile->min = m->Start; - tarfile->Object = new ExtractTar(self->Fd, m->Size, comp); + tarfile->Object = new ExtractTar(self->Fd->Object, m->Size, comp); return tarfile; } @@ -579,16 +610,16 @@ static PyObject *debfile_get_tar(PyDebFileObject *self, const char *Name) static PyObject *debfile_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { - PyDebFileObject *self = (PyDebFileObject*)ararchive_new(type, args, kwds); + PyApt_UniqueObject self((PyDebFileObject*)ararchive_new(type, args, kwds)); if (self == NULL) return NULL; // DebFile - self->control = debfile_get_tar(self, "control.tar"); + self->control = debfile_get_tar(self.get(), "control.tar"); if (self->control == NULL) return NULL; - self->data = debfile_get_tar(self, "data.tar"); + self->data = debfile_get_tar(self.get(), "data.tar"); if (self->data == NULL) return NULL; @@ -597,14 +628,14 @@ static PyObject *debfile_new(PyTypeObject *type, PyObject *args, PyObject *kwds) return PyErr_Format(PyAptError, "No debian archive, missing %s", "debian-binary"); - if (!self->Fd.Seek(member->Start)) + if (!self->Fd->Object.Seek(member->Start)) return HandleErrors(); char* value = new char[member->Size]; - self->Fd.Read(value, member->Size, true); + self->Fd->Object.Read(value, member->Size, true); self->debian_binary = PyBytes_FromStringAndSize(value, member->Size); delete[] value; - return self; + return self.release(); } static int debfile_traverse(PyObject *_self, visitproc visit, void* arg) diff --git a/python/generic.h b/python/generic.h index c98fdcd4..a55b0188 100644 --- a/python/generic.h +++ b/python/generic.h @@ -302,4 +302,23 @@ public: } }; + +/** + * Basic smart pointer to hold initial objects. + * + * This is like a std::unique_ptr to some extend, + * but it is for initialization only, and hence will also clear out any members + * in case it deletes the instance (the error case). + */ +template struct PyApt_UniqueObject { + T *self; + explicit PyApt_UniqueObject(T *self) : self(self) { } + ~PyApt_UniqueObject() { reset(NULL); } + void reset(T *newself) { if (clear && self && Py_TYPE(self)->tp_clear) Py_TYPE(self)->tp_clear(self); Py_XDECREF(self); self = newself; } + PyApt_UniqueObject operator =(PyApt_UniqueObject) = delete; + bool operator ==(void *other) { return self == other; } + T *operator ->() { return self; } + T *get() { return self; } + T *release() { T *ret = self; self = NULL; return ret; } +}; #endif diff --git a/python/tag.cc b/python/tag.cc index b23484fb..b46a6316 100644 --- a/python/tag.cc +++ b/python/tag.cc @@ -494,7 +494,6 @@ static PyObject *TagSecNew(PyTypeObject *type,PyObject *Args,PyObject *kwds) { static PyObject *TagFileNew(PyTypeObject *type,PyObject *Args,PyObject *kwds) { - TagFileData *New; PyObject *File = 0; char Bytes = 0; @@ -518,7 +517,7 @@ static PyObject *TagFileNew(PyTypeObject *type,PyObject *Args,PyObject *kwds) return 0; } - New = (TagFileData*)type->tp_alloc(type, 0); + PyApt_UniqueObject New((TagFileData*)type->tp_alloc(type, 0)); if (fileno != -1) { #ifdef APT_HAS_GZIP @@ -556,7 +555,7 @@ static PyObject *TagFileNew(PyTypeObject *type,PyObject *Args,PyObject *kwds) // Create the section New->Section = (TagSecData*)(&PyTagSection_Type)->tp_alloc(&PyTagSection_Type, 0); new (&New->Section->Object) pkgTagSection(); - New->Section->Owner = New; + New->Section->Owner = New.get(); Py_INCREF(New->Section->Owner); New->Section->Data = 0; New->Section->Bytes = Bytes; @@ -565,7 +564,7 @@ static PyObject *TagFileNew(PyTypeObject *type,PyObject *Args,PyObject *kwds) Py_XINCREF(New->Section->Encoding); #endif - return HandleErrors(New); + return HandleErrors(New.release()); } /*}}}*/ // RewriteSection - Rewrite a section.. /*{{{*/ diff --git a/python/tarfile.cc b/python/tarfile.cc index 8cd8fa80..b87fa71a 100644 --- a/python/tarfile.cc +++ b/python/tarfile.cc @@ -341,7 +341,6 @@ PyTypeObject PyTarMember_Type = { static PyObject *tarfile_new(PyTypeObject *type,PyObject *args,PyObject *kwds) { PyObject *file; - PyTarFileObject *self; PyApt_Filename filename; int fileno; int min = 0; @@ -353,7 +352,7 @@ static PyObject *tarfile_new(PyTypeObject *type,PyObject *args,PyObject *kwds) &max,&comp) == 0) return 0; - self = (PyTarFileObject*)CppPyObject_NEW(file,type); + PyApt_UniqueObject self((PyTarFileObject*)CppPyObject_NEW(file,type)); // We receive a filename. if (filename.init(file)) @@ -364,15 +363,14 @@ static PyObject *tarfile_new(PyTypeObject *type,PyObject *args,PyObject *kwds) new (&self->Fd) FileFd(fileno,false); } else { - Py_DECREF(self); return 0; } self->min = min; self->Object = new ExtractTar(self->Fd,max,comp); if (_error->PendingError() == true) - return HandleErrors(self); - return self; + return HandleErrors(self.release()); + return self.release(); } static const char *tarfile_extractall_doc = diff --git a/tests/test_cve_2020_27351.py b/tests/test_cve_2020_27351.py new file mode 100644 index 00000000..4182bf3b --- /dev/null +++ b/tests/test_cve_2020_27351.py @@ -0,0 +1,106 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (C) 2020 Canonical Ltd +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. +"""Unit tests for verifying the correctness of DebFile descriptor handling.""" +import os +import unittest + +from test_all import get_library_dir +import sys + +libdir = get_library_dir() +if libdir: + sys.path.insert(0, libdir) +import apt_inst +import subprocess +import tempfile + + +@unittest.skipIf( + not os.path.exists("/proc/self/fd"), "no /proc/self/fd available" +) +class TestCVE_2020_27351(unittest.TestCase): + """ test the debfile """ + + GOOD_DEB = "data/test_debs/utf8-package_1.0-1_all.deb" + + def test_success(self): + """opening package successfully should not leak fd""" + before = os.listdir("/proc/self/fd") + apt_inst.DebFile(self.GOOD_DEB) + after = os.listdir("/proc/self/fd") + self.assertEqual(before, after) + + def test_success_a_member(self): + """fd should be kept around as long as a tarfile member""" + before = os.listdir("/proc/self/fd") + data = apt_inst.DebFile(self.GOOD_DEB).data + after = os.listdir("/proc/self/fd") + self.assertEqual(len(before), len(after) - 1) + del data + after = os.listdir("/proc/self/fd") + self.assertEqual(before, after) + + def _create_deb_without(self, member): + temp = tempfile.NamedTemporaryFile(mode="wb") + try: + with open(self.GOOD_DEB, "rb") as deb: + temp.write(deb.read()) + temp.flush() + subprocess.check_call(["ar", "d", temp.name, member]) + return temp + except Exception as e: + temp.close() + raise e + + def test_nocontrol(self): + """opening package without control.tar.gz should not leak fd""" + before = os.listdir("/proc/self/fd") + with self._create_deb_without("control.tar.gz") as temp: + try: + apt_inst.DebFile(temp.name) + except SystemError as e: + self.assertIn("control.tar", str(e)) + else: + self.fail("Did not raise an exception") + + after = os.listdir("/proc/self/fd") + self.assertEqual(before, after) + + def test_nodata(self): + """opening package without data.tar.gz should not leak fd""" + before = os.listdir("/proc/self/fd") + with self._create_deb_without("data.tar.gz") as temp: + try: + apt_inst.DebFile(temp.name) + except SystemError as e: + self.assertIn("data.tar", str(e)) + else: + self.fail("Did not raise an exception") + + after = os.listdir("/proc/self/fd") + self.assertEqual(before, after) + + def test_no_debian_binary(self): + """opening package without debian-binary should not leak fd""" + before = os.listdir("/proc/self/fd") + with self._create_deb_without("debian-binary") as temp: + try: + apt_inst.DebFile(temp.name) + except SystemError as e: + self.assertIn("missing debian-binary", str(e)) + else: + self.fail("Did not raise an exception") + + after = os.listdir("/proc/self/fd") + self.assertEqual(before, after) + + +if __name__ == "__main__": + # logging.basicConfig(level=logging.DEBUG) + unittest.main()