diff options
author | Roy Li <rongqing.li@windriver.com> | 2015-05-27 15:58:49 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-05-27 17:45:20 +0100 |
commit | 7dd4a53a99277b46696dea5558fa321a2267af0a (patch) | |
tree | bfeb19ecdc5bb88e73b5550fc85f86564969398d /meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch | |
parent | f58ddacfa153e2bd9fcc79fa1e2c65ae6ef6af02 (diff) | |
download | openembedded-core-contrib-7dd4a53a99277b46696dea5558fa321a2267af0a.tar.gz |
apt: upgrade to 1.0.9.9
1. Upgrade to fix the several CVEs: CVE-2014-0488, CVE-2014-0490
2. Remove apt-0.9.9.4-CVE-2014-0478.patch, which was backport.
3. Romve no-ko-translation.patch, apt-1.0.9.9 has ko translation
4. Update use-host.patch no-curl.patch db_linking_hack.patch and
noconfigure.patch
5. Not build the test cases since it requires gtest
6. install libapt-private.so.* to libdir, otherwise this file is
not installed into sysroot for native, and apt-get will use host's,
and lead to fail
7. Revert apt commit[a2a75ff45]"always run 'dpkg --configure -a'
at the end of our dpkg callings" for native package, otherwise
the postscript for these installed packages will be run, and fail
since the rootfs dir is not considered
8. Add lzma dependency by PACKAGECONFIG for target, and add xz
dependency for native
9. Support to compile apt-native on centos6
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Acked-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch')
-rw-r--r-- | meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch b/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch deleted file mode 100644 index 79a6897572..0000000000 --- a/meta/recipes-devtools/apt/apt-0.9.9.4/apt-0.9.9.4-CVE-2014-0478.patch +++ /dev/null @@ -1,193 +0,0 @@ -This patch comes from: -https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=73;filename=apt_0.9.7.9%2Bdeb7u2.debdiff;att=1;bug=749795 - -Upstream-Status: Backport - -Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> -Signed-off-by: Chong Lu <Chong.Lu@windriver.com> - -diff -uarN apt-0.9.9.4-org/cmdline/apt-get.cc apt-0.9.9.4/cmdline/apt-get.cc ---- apt-0.9.9.4-org/cmdline/apt-get.cc 2014-08-29 15:37:42.587156134 +0800 -+++ apt-0.9.9.4/cmdline/apt-get.cc 2014-08-29 15:51:16.672334086 +0800 -@@ -1046,25 +1046,8 @@ - return true; - } - /*}}}*/ --// CheckAuth - check if each download comes form a trusted source /*{{{*/ --// --------------------------------------------------------------------- --/* */ --static bool CheckAuth(pkgAcquire& Fetcher) -+static bool AuthPrompt(std::string UntrustedList, bool const PromptUser) - { -- string UntrustedList; -- for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) -- { -- if (!(*I)->IsTrusted()) -- { -- UntrustedList += string((*I)->ShortDesc()) + " "; -- } -- } -- -- if (UntrustedList == "") -- { -- return true; -- } -- - ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,""); - - if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) -@@ -1073,6 +1056,9 @@ - return true; - } - -+ if (PromptUser == false) -+ return _error->Error(_("Some packages could not be authenticated")); -+ - if (_config->FindI("quiet",0) < 2 - && _config->FindB("APT::Get::Assume-Yes",false) == false) - { -@@ -1090,6 +1076,28 @@ - return _error->Error(_("There are problems and -y was used without --force-yes")); - } - /*}}}*/ -+// CheckAuth - check if each download comes form a trusted source /*{{{*/ -+// --------------------------------------------------------------------- -+/* */ -+static bool CheckAuth(pkgAcquire& Fetcher, bool PromptUser=true) -+{ -+ string UntrustedList; -+ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) -+ { -+ if (!(*I)->IsTrusted()) -+ { -+ UntrustedList += string((*I)->ShortDesc()) + " "; -+ } -+ } -+ -+ if (UntrustedList == "") -+ { -+ return true; -+ } -+ -+ return AuthPrompt(UntrustedList, PromptUser); -+} -+ - // InstallPackages - Actually download and install the packages /*{{{*/ - // --------------------------------------------------------------------- - /* This displays the informative messages describing what is going to -@@ -2482,6 +2490,7 @@ - - // Load the requestd sources into the fetcher - unsigned J = 0; -+ std::string UntrustedList; - for (const char **I = CmdL.FileList + 1; *I != 0; I++, J++) - { - string Src; -@@ -2491,7 +2500,10 @@ - delete[] Dsc; - return _error->Error(_("Unable to find a source package for %s"),Src.c_str()); - } -- -+ -+ if (Last->Index().IsTrusted() == false) -+ UntrustedList += Src + " "; -+ - string srec = Last->AsStr(); - string::size_type pos = srec.find("\nVcs-"); - while (pos != string::npos) -@@ -2575,7 +2587,11 @@ - Last->Index().SourceInfo(*Last,*I),Src); - } - } -- -+ -+ // check authentication status of the source as well -+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) -+ return false; -+ - // Display statistics - unsigned long long FetchBytes = Fetcher.FetchNeeded(); - unsigned long long FetchPBytes = Fetcher.PartialPresent(); -diff -uarN apt-0.9.9.4-org/test/integration/framework apt-0.9.9.4/test/integration/framework ---- apt-0.9.9.4-org/test/integration/framework 2014-08-29 15:37:42.623156154 +0800 -+++ apt-0.9.9.4/test/integration/framework 2014-08-29 15:55:23.592197940 +0800 -@@ -151,7 +151,7 @@ - mkdir rootdir aptarchive keys - cd rootdir - mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d -- mkdir -p var/cache var/lib var/log -+ mkdir -p var/cache var/lib var/log tmp - mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers - touch var/lib/dpkg/available - mkdir -p usr/lib/apt -@@ -910,3 +910,35 @@ - local IGNORE - read IGNORE - } -+ -+testsuccess() { -+ if [ "$1" = '--nomsg' ]; then -+ shift -+ else -+ msgtest 'Test for successful execution of' "$*" -+ fi -+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testsuccess.output" -+ if $@ >${OUTPUT} 2>&1; then -+ msgpass -+ else -+ echo >&2 -+ cat >&2 $OUTPUT -+ msgfail -+ fi -+} -+ -+testfailure() { -+ if [ "$1" = '--nomsg' ]; then -+ shift -+ else -+ msgtest 'Test for failure in execution of' "$*" -+ fi -+ local OUTPUT="${TMPWORKINGDIRECTORY}/rootdir/tmp/testfailure.output" -+ if $@ >${OUTPUT} 2>&1; then -+ echo >&2 -+ cat >&2 $OUTPUT -+ msgfail -+ else -+ msgpass -+ fi -+} -diff -uarN apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated apt-0.9.9.4/test/integration/test-apt-get-source-authenticated ---- apt-0.9.9.4-org/test/integration/test-apt-get-source-authenticated 1970-01-01 08:00:00.000000000 +0800 -+++ apt-0.9.9.4/test/integration/test-apt-get-source-authenticated 2014-08-29 15:58:06.137156796 +0800 -@@ -0,0 +1,31 @@ -+#!/bin/sh -+# -+# Regression test for debian bug #749795. Ensure that we fail with -+# a error if apt-get source foo will download a source that comes -+# from a unauthenticated repository -+# -+set -e -+ -+TESTDIR=$(readlink -f $(dirname $0)) -+. $TESTDIR/framework -+ -+setupenvironment -+configarchitecture "i386" -+ -+# a "normal" package with source and binary -+buildsimplenativepackage 'foo' 'all' '2.0' -+ -+setupaptarchive --no-update -+ -+APTARCHIVE=$(readlink -f ./aptarchive) -+rm -f $APTARCHIVE/dists/unstable/*Release* -+ -+# update without authenticated InRelease file -+testsuccess aptget update -+ -+# this all should fail -+testfailure aptget install -y foo -+testfailure aptget source foo -+ -+# allow overriding the warning -+testsuccess aptget source --allow-unauthenticated foo |