1 files changed, 0 insertions, 193 deletions
diff --git a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch b/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch
deleted file mode 100644
index 79a6897572..0000000000
--- a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-This patch comes from:
-https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795
-Upstream-Status: Backport
-Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
-diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc
--- apt-0.9.9.4-org/cmdline/apt-get.cc  2014-08-29 15:37:42.587156134 +0800
-+++ apt-0.9.9.4/cmdline/apt-get.cc      2014-08-29 15:51:16.672334086 +0800
-@@ -1046,25 +1046,8 @@
-    return true;
- }
-                                                                        /*}}}*/
-// CheckAuth - check if each download comes form a trusted source      /*{{{*/
-// ---------------------------------------------------------------------
-/* */
-static bool CheckAuth(pkgAcquire& Fetcher)
-+static bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
- {
-   string UntrustedList;
-   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
-   {
-      if (!(*I)->IsTrusted())
-      {
-         UntrustedList += string((*I)->ShortDesc()) + " ";
-      }
-   }
-
-   if (UntrustedList == "")
-   {
-      return true;
-   }
-        
-    ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
- 
-    if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
-@@ -1073,6 +1056,9 @@
-       return true;
-    }
- 
-+   if (PromptUser == false)
-+      return _error->Error(_("Some packages could not be authenticated"));
-+
-    if (_config->FindI("quiet",0) < 2
-        && _config->FindB("APT::Get::Assume-Yes",false) == false)
-    {
-@@ -1090,6 +1076,28 @@
-    return _error->Error(_("There are problems and -y was used without --force-yes"));
- }
-                                                                        /*}}}*/
-+// CheckAuth - check if each download comes form a trusted source      /*{{{*/
-+// ---------------------------------------------------------------------
-+/* */
-+static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true)
-+{
-+   string UntrustedList;
-+   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
-+   {
-+      if (!(*I)->IsTrusted())
-+      {
-+         UntrustedList += string((*I)->ShortDesc()) + " ";
-+      }
-+   }
-+
-+   if (UntrustedList == "")
-+   {
-+      return true;
-+   }
-+
-+   return AuthPrompt(UntrustedList, PromptUser);
-+}
-+
- // InstallPackages - Actually download and install the packages                /*{{{*/
- // ---------------------------------------------------------------------
- /* This displays the informative messages describing what is going to 
-@@ -2482,6 +2490,7 @@
- 
-    // Load the requestd sources into the fetcher
-    unsigned J = 0;
-+   std::string UntrustedList;
-    for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++)
-    {
-       string Src;
-@@ -2491,7 +2500,10 @@
-         delete[] Dsc;
-         return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
-       }
-      
-+     
-+      if (Last->Index().IsTrusted() == false)
-+         UntrustedList += Src + " ";
-+ 
-       string srec = Last->AsStr();
-       string::size_type pos = srec.find("\nVcs-");
-       while (pos != string::npos)
-@@ -2575,7 +2587,11 @@
-                        Last->Index().SourceInfo(*Last,*I),Src);
-       }
-    }
-   
-+
-+   // check authentication status of the source as well
-+   if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
-+      return false;  
-+ 
-    // Display statistics
-    unsigned long long FetchBytes = Fetcher.FetchNeeded();
-    unsigned long long FetchPBytes = Fetcher.PartialPresent();
-diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework
--- apt-0.9.9.4-org/test/integration/framework  2014-08-29 15:37:42.623156154 +0800
-+++ apt-0.9.9.4/test/integration/framework      2014-08-29 15:55:23.592197940 +0800
-@@ -151,7 +151,7 @@
-        mkdir rootdir aptarchive keys
-        cd rootdir
-        mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
-       mkdir -p var/cache var/lib var/log
-+       mkdir -p var/cache var/lib var/log tmp
-        mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
-        touch var/lib/dpkg/available
-        mkdir -p usr/lib/apt
-@@ -910,3 +910,35 @@
-        local IGNORE
-        read IGNORE
- }
-+
-+testsuccess() {
-+       if [ "$1" = '--nomsg' ]; then
-+               shift
-+       else
-+               msgtest 'Test for successful execution of' "$*"
-+       fi
-+       local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output"
-+       if $@ >${OUTPUT} 2>&1; then
-+               msgpass
-+       else
-+               echo >&2
-+               cat >&2 $OUTPUT
-+               msgfail
-+       fi
-+}
-+
-+testfailure() {
-+       if [ "$1" = '--nomsg' ]; then
-+               shift
-+       else
-+               msgtest 'Test for failure in execution of' "$*"
-+       fi
-+       local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
-+       if $@ >${OUTPUT} 2>&1; then
-+               echo >&2
-+               cat >&2 $OUTPUT
-+               msgfail
-+       else
-+               msgpass
-+       fi
-+}
-diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated
--- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated  1970-01-01 08:00:00.000000000 +0800
-+++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated      2014-08-29 15:58:06.137156796 +0800
-@@ -0,0 +1,31 @@
-+#!/bin/sh
-+#
-+# Regression test for debian bug #749795. Ensure that we fail with
-+# a error if apt-get source foo will download a source that comes
-+# from a unauthenticated repository
-+#
-+set -e
-+
-+TESTDIR=$(readlink -f $(dirname $0))
-+. $TESTDIR/framework
-+
-+setupenvironment
-+configarchitecture "i386"
-+
-+# a "normal" package with source and binary
-+buildsimplenativepackage 'foo' 'all' '2.0'
-+
-+setupaptarchive --no-update
-+
-+APTARCHIVE=$(readlink -f ./aptarchive)
-+rm -f $APTARCHIVE/dists/unstable/*Release*
-+
-+# update without authenticated InRelease file
-+testsuccess aptget update
-+
-+# this all should fail
-+testfailure aptget install -y foo
-+testfailure aptget source foo
-+
-+# allow overriding the warning
-+testsuccess aptget source --allow-unauthenticated foo

diff --git a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch b/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch deleted file mode 100644 index 79a6897572..0000000000 --- a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch +++ /dev/null
@@ -1,193 +0,0 @@
1	This patch comes from:
2	https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795
3
4	Upstream-Status: Backport
5
6	Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
7	Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
8
9	diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc
10	--- apt-0.9.9.4-org/cmdline/apt-get.cc 2014-08-29 15:37:42.587156134 +0800
11	+++ apt-0.9.9.4/cmdline/apt-get.cc 2014-08-29 15:51:16.672334086 +0800
12	@@ -1046,25 +1046,8 @@
13	return true;
14	}
15	/}}}/
16	-// CheckAuth - check if each download comes form a trusted source /{{{/
17	-// ---------------------------------------------------------------------
18	-/* */
19	-static bool CheckAuth(pkgAcquire& Fetcher)
20	+static bool AuthPrompt(std::string UntrustedList, bool const PromptUser)
21	{
22	- string UntrustedList;
23	- for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
24	- {
25	- if (!(*I)->IsTrusted())
26	- {
27	- UntrustedList += string((*I)->ShortDesc()) + " ";
28	- }
29	- }
30	-
31	- if (UntrustedList == "")
32	- {
33	- return true;
34	- }
35	-
36	ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
37
38	if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
39	@@ -1073,6 +1056,9 @@
40	return true;
41	}
42
43	+ if (PromptUser == false)
44	+ return _error->Error(_("Some packages could not be authenticated"));
45	+
46	if (_config->FindI("quiet",0) < 2
47	&& _config->FindB("APT::Get::Assume-Yes",false) == false)
48	{
49	@@ -1090,6 +1076,28 @@
50	return _error->Error(_("There are problems and -y was used without --force-yes"));
51	}
52	/}}}/
53	+// CheckAuth - check if each download comes form a trusted source /{{{/
54	+// ---------------------------------------------------------------------
55	+/* */
56	+static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true)
57	+{
58	+ string UntrustedList;
59	+ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
60	+ {
61	+ if (!(*I)->IsTrusted())
62	+ {
63	+ UntrustedList += string((*I)->ShortDesc()) + " ";
64	+ }
65	+ }
66	+
67	+ if (UntrustedList == "")
68	+ {
69	+ return true;
70	+ }
71	+
72	+ return AuthPrompt(UntrustedList, PromptUser);
73	+}
74	+
75	// InstallPackages - Actually download and install the packages /{{{/
76	// ---------------------------------------------------------------------
77	/* This displays the informative messages describing what is going to
78	@@ -2482,6 +2490,7 @@
79
80	// Load the requestd sources into the fetcher
81	unsigned J = 0;
82	+ std::string UntrustedList;
83	for (const char *I = CmdL.FileList + 1; I != 0; I++, J++)
84	{
85	string Src;
86	@@ -2491,7 +2500,10 @@
87	delete[] Dsc;
88	return _error->Error(_("Unable to find a source package for %s"),Src.c_str());
89	}
90	-
91	+
92	+ if (Last->Index().IsTrusted() == false)
93	+ UntrustedList += Src + " ";
94	+
95	string srec = Last->AsStr();
96	string::size_type pos = srec.find("\nVcs-");
97	while (pos != string::npos)
98	@@ -2575,7 +2587,11 @@
99	Last->Index().SourceInfo(Last,I),Src);
100	}
101	}
102	-
103	+
104	+ // check authentication status of the source as well
105	+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
106	+ return false;
107	+
108	// Display statistics
109	unsigned long long FetchBytes = Fetcher.FetchNeeded();
110	unsigned long long FetchPBytes = Fetcher.PartialPresent();
111	diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework
112	--- apt-0.9.9.4-org/test/integration/framework 2014-08-29 15:37:42.623156154 +0800
113	+++ apt-0.9.9.4/test/integration/framework 2014-08-29 15:55:23.592197940 +0800
114	@@ -151,7 +151,7 @@
115	mkdir rootdir aptarchive keys
116	cd rootdir
117	mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d
118	- mkdir -p var/cache var/lib var/log
119	+ mkdir -p var/cache var/lib var/log tmp
120	mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers
121	touch var/lib/dpkg/available
122	mkdir -p usr/lib/apt
123	@@ -910,3 +910,35 @@
124	local IGNORE
125	read IGNORE
126	}
127	+
128	+testsuccess() {
129	+ if [ "$1" = '--nomsg' ]; then
130	+ shift
131	+ else
132	+ msgtest 'Test for successful execution of' "$*"
133	+ fi
134	+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output"
135	+ if $@ >${OUTPUT} 2>&1; then
136	+ msgpass
137	+ else
138	+ echo >&2
139	+ cat >&2 $OUTPUT
140	+ msgfail
141	+ fi
142	+}
143	+
144	+testfailure() {
145	+ if [ "$1" = '--nomsg' ]; then
146	+ shift
147	+ else
148	+ msgtest 'Test for failure in execution of' "$*"
149	+ fi
150	+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output"
151	+ if $@ >${OUTPUT} 2>&1; then
152	+ echo >&2
153	+ cat >&2 $OUTPUT
154	+ msgfail
155	+ else
156	+ msgpass
157	+ fi
158	+}
159	diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated
160	--- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated 1970-01-01 08:00:00.000000000 +0800
161	+++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated 2014-08-29 15:58:06.137156796 +0800
162	@@ -0,0 +1,31 @@
163	+#!/bin/sh
164	+#
165	+# Regression test for debian bug #749795. Ensure that we fail with
166	+# a error if apt-get source foo will download a source that comes
167	+# from a unauthenticated repository
168	+#
169	+set -e
170	+
171	+TESTDIR=$(readlink -f $(dirname $0))
172	+. $TESTDIR/framework
173	+
174	+setupenvironment
175	+configarchitecture "i386"
176	+
177	+# a "normal" package with source and binary
178	+buildsimplenativepackage 'foo' 'all' '2.0'
179	+
180	+setupaptarchive --no-update
181	+
182	+APTARCHIVE=$(readlink -f ./aptarchive)
183	+rm -f $APTARCHIVE/dists/unstable/Release
184	+
185	+# update without authenticated InRelease file
186	+testsuccess aptget update
187	+
188	+# this all should fail
189	+testfailure aptget install -y foo
190	+testfailure aptget source foo
191	+
192	+# allow overriding the warning
193	+testsuccess aptget source --allow-unauthenticated foo