diff options
author | Chong Lu <Chong.Lu@windriver.com> | 2014-09-26 09:49:19 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-09-30 14:10:34 +0100 |
commit | 6a300317086e1422953abdd5825680b216c2c211 (patch) | |
tree | 8a614a9e0ad4d9f5cd28e1be9039e6b1e35185b1 /meta/recipes-devtools/apt | |
parent | 202ae5af74f546a9788290a96b0f3c370ee047b2 (diff) | |
download | poky-6a300317086e1422953abdd5825680b216c2c211.tar.gz |
apt: fix for CVE-2014-0478
APT before 1.0.4 does not properly validate source packages, which allows
man-in-the-middle attackers to download and install Trojan horse packages
by removing the Release signature.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0478
(From OE-Core rev: 3dd692fcf2b0c11731b3f30abdf2b1878458a898)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/apt')
-rw-r--r-- | meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch | 193 | ||||
-rw-r--r-- | meta/recipes-devtools/apt/apt.inc | 1 |
2 files changed, 194 insertions, 0 deletions
diff --git a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch b/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch new file mode 100644 index 0000000000..79a6897572 --- /dev/null +++ b/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch | |||
@@ -0,0 +1,193 @@ | |||
1 | This patch comes from: | ||
2 | https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795 | ||
3 | |||
4 | Upstream-Status: Backport | ||
5 | |||
6 | Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> | ||
7 | Signed-off-by: Chong Lu <Chong.Lu@windriver.com> | ||
8 | |||
9 | diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc | ||
10 | --- apt-0.9.9.4-org/cmdline/apt-get.cc 2014-08-29 15:37:42.587156134 +0800 | ||
11 | +++ apt-0.9.9.4/cmdline/apt-get.cc 2014-08-29 15:51:16.672334086 +0800 | ||
12 | @@ -1046,25 +1046,8 @@ | ||
13 | return true; | ||
14 | } | ||
15 | /*}}}*/ | ||
16 | -// CheckAuth - check if each download comes form a trusted source /*{{{*/ | ||
17 | -// --------------------------------------------------------------------- | ||
18 | -/* */ | ||
19 | -static bool CheckAuth(pkgAcquire& Fetcher) | ||
20 | +static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) | ||
21 | { | ||
22 | - string UntrustedList; | ||
23 | - for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) | ||
24 | - { | ||
25 | - if (!(*I)->IsTrusted()) | ||
26 | - { | ||
27 | - UntrustedList += string((*I)->ShortDesc()) + " "; | ||
28 | - } | ||
29 | - } | ||
30 | - | ||
31 | - if (UntrustedList == "") | ||
32 | - { | ||
33 | - return true; | ||
34 | - } | ||
35 | - | ||
36 | ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,""); | ||
37 | |||
38 | if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) | ||
39 | @@ -1073,6 +1056,9 @@ | ||
40 | return true; | ||
41 | } | ||
42 | |||
43 | + if (PromptUser == false) | ||
44 | + return _error->Error(_("Some packages could not be authenticated")); | ||
45 | + | ||
46 | if (_config->FindI("quiet",0) < 2 | ||
47 | && _config->FindB("APT::Get::Assume-Yes",false) == false) | ||
48 | { | ||
49 | @@ -1090,6 +1076,28 @@ | ||
50 | return _error->Error(_("There are problems and -y was used without --force-yes")); | ||
51 | } | ||
52 | /*}}}*/ | ||
53 | +// CheckAuth - check if each download comes form a trusted source /*{{{*/ | ||
54 | +// --------------------------------------------------------------------- | ||
55 | +/* */ | ||
56 | +static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true) | ||
57 | +{ | ||
58 | + string UntrustedList; | ||
59 | + for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) | ||
60 | + { | ||
61 | + if (!(*I)->IsTrusted()) | ||
62 | + { | ||
63 | + UntrustedList += string((*I)->ShortDesc()) + " "; | ||
64 | + } | ||
65 | + } | ||
66 | + | ||
67 | + if (UntrustedList == "") | ||
68 | + { | ||
69 | + return true; | ||
70 | + } | ||
71 | + | ||
72 | + return AuthPrompt(UntrustedList, PromptUser); | ||
73 | +} | ||
74 | + | ||
75 | // InstallPackages - Actually download and install the packages /*{{{*/ | ||
76 | // --------------------------------------------------------------------- | ||
77 | /* This displays the informative messages describing what is going to | ||
78 | @@ -2482,6 +2490,7 @@ | ||
79 | |||
80 | // Load the requestd sources into the fetcher | ||
81 | unsigned J = 0; | ||
82 | + std::string UntrustedList; | ||
83 | for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) | ||
84 | { | ||
85 | string Src; | ||
86 | @@ -2491,7 +2500,10 @@ | ||
87 | delete[] Dsc; | ||
88 | return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); | ||
89 | } | ||
90 | - | ||
91 | + | ||
92 | + if (Last->Index().IsTrusted() == false) | ||
93 | + UntrustedList += Src + " "; | ||
94 | + | ||
95 | string srec = Last->AsStr(); | ||
96 | string::size_type pos = srec.find("\nVcs-"); | ||
97 | while (pos != string::npos) | ||
98 | @@ -2575,7 +2587,11 @@ | ||
99 | Last->Index().SourceInfo(*Last,*I),Src); | ||
100 | } | ||
101 | } | ||
102 | - | ||
103 | + | ||
104 | + // check authentication status of the source as well | ||
105 | + if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) | ||
106 | + return false; | ||
107 | + | ||
108 | // Display statistics | ||
109 | unsigned long long FetchBytes = Fetcher.FetchNeeded(); | ||
110 | unsigned long long FetchPBytes = Fetcher.PartialPresent(); | ||
111 | diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework | ||
112 | --- apt-0.9.9.4-org/test/integration/framework 2014-08-29 15:37:42.623156154 +0800 | ||
113 | +++ apt-0.9.9.4/test/integration/framework 2014-08-29 15:55:23.592197940 +0800 | ||
114 | @@ -151,7 +151,7 @@ | ||
115 | mkdir rootdir aptarchive keys | ||
116 | cd rootdir | ||
117 | mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d | ||
118 | - mkdir -p var/cache var/lib var/log | ||
119 | + mkdir -p var/cache var/lib var/log tmp | ||
120 | mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers | ||
121 | touch var/lib/dpkg/available | ||
122 | mkdir -p usr/lib/apt | ||
123 | @@ -910,3 +910,35 @@ | ||
124 | local IGNORE | ||
125 | read IGNORE | ||
126 | } | ||
127 | + | ||
128 | +testsuccess() { | ||
129 | + if [ "$1" = '--nomsg' ]; then | ||
130 | + shift | ||
131 | + else | ||
132 | + msgtest 'Test for successful execution of' "$*" | ||
133 | + fi | ||
134 | + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output" | ||
135 | + if $@ >${OUTPUT} 2>&1; then | ||
136 | + msgpass | ||
137 | + else | ||
138 | + echo >&2 | ||
139 | + cat >&2 $OUTPUT | ||
140 | + msgfail | ||
141 | + fi | ||
142 | +} | ||
143 | + | ||
144 | +testfailure() { | ||
145 | + if [ "$1" = '--nomsg' ]; then | ||
146 | + shift | ||
147 | + else | ||
148 | + msgtest 'Test for failure in execution of' "$*" | ||
149 | + fi | ||
150 | + local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" | ||
151 | + if $@ >${OUTPUT} 2>&1; then | ||
152 | + echo >&2 | ||
153 | + cat >&2 $OUTPUT | ||
154 | + msgfail | ||
155 | + else | ||
156 | + msgpass | ||
157 | + fi | ||
158 | +} | ||
159 | diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated | ||
160 | --- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated 1970-01-01 08:00:00.000000000 +0800 | ||
161 | +++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated 2014-08-29 15:58:06.137156796 +0800 | ||
162 | @@ -0,0 +1,31 @@ | ||
163 | +#!/bin/sh | ||
164 | +# | ||
165 | +# Regression test for debian bug #749795. Ensure that we fail with | ||
166 | +# a error if apt-get source foo will download a source that comes | ||
167 | +# from a unauthenticated repository | ||
168 | +# | ||
169 | +set -e | ||
170 | + | ||
171 | +TESTDIR=$(readlink -f $(dirname $0)) | ||
172 | +. $TESTDIR/framework | ||
173 | + | ||
174 | +setupenvironment | ||
175 | +configarchitecture "i386" | ||
176 | + | ||
177 | +# a "normal" package with source and binary | ||
178 | +buildsimplenativepackage 'foo' 'all' '2.0' | ||
179 | + | ||
180 | +setupaptarchive --no-update | ||
181 | + | ||
182 | +APTARCHIVE=$(readlink -f ./aptarchive) | ||
183 | +rm -f $APTARCHIVE/dists/unstable/*Release* | ||
184 | + | ||
185 | +# update without authenticated InRelease file | ||
186 | +testsuccess aptget update | ||
187 | + | ||
188 | +# this all should fail | ||
189 | +testfailure aptget install -y foo | ||
190 | +testfailure aptget source foo | ||
191 | + | ||
192 | +# allow overriding the warning | ||
193 | +testsuccess aptget source --allow-unauthenticated foo | ||
diff --git a/meta/recipes-devtools/apt/apt.inc b/meta/recipes-devtools/apt/apt.inc index b528c00fd8..378021a327 100644 --- a/meta/recipes-devtools/apt/apt.inc +++ b/meta/recipes-devtools/apt/apt.inc | |||
@@ -11,6 +11,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/a/apt/apt_${PV}.tar.gz \ | |||
11 | file://truncate-filename.patch \ | 11 | file://truncate-filename.patch \ |
12 | file://nodoc.patch \ | 12 | file://nodoc.patch \ |
13 | file://disable-configure-in-makefile.patch \ | 13 | file://disable-configure-in-makefile.patch \ |
14 | file://apt-0.9.9.4-CVE-2014-0478.patch \ | ||
14 | " | 15 | " |
15 | 16 | ||
16 | inherit autotools gettext | 17 | inherit autotools gettext |