From 179b27be1e4cf4e68ccb9df64c64156dbb7b3820 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 7 Aug 2024 15:28:44 +0200 Subject: Adding upstream version 2.9.7. Signed-off-by: Daniel Baumann --- apt-pkg/acquire-worker.cc | 5 +++++ apt-pkg/contrib/gpgv.cc | 32 ++++++++++++++++++++++++++++++++ apt-pkg/contrib/gpgv.h | 1 + apt-pkg/init.cc | 4 +++- apt-pkg/solver3.cc | 12 ++++++------ apt-pkg/solver3.h | 10 ++++++++++ 6 files changed, 57 insertions(+), 7 deletions(-) (limited to 'apt-pkg') diff --git a/apt-pkg/acquire-worker.cc b/apt-pkg/acquire-worker.cc index 4f247cf..696a3e0 100644 --- a/apt-pkg/acquire-worker.cc +++ b/apt-pkg/acquire-worker.cc @@ -200,6 +200,7 @@ enum class APT_HIDDEN MessageType STATUS = 102, REDIRECT = 103, WARNING = 104, + AUDIT = 105, URI_START = 200, URI_DONE = 201, AUX_REQUEST = 351, @@ -388,6 +389,10 @@ bool pkgAcquire::Worker::RunMessages() _error->Warning("%s: %s", Itm ? Itm->Owner ? Itm->Owner->DescURI().c_str() : Access.c_str() : Access.c_str(), LookupTag(Message, "Message").c_str()); break; + case MessageType::AUDIT: + _error->Audit("%s: %s", Itm ? Itm->Owner ? Itm->Owner->DescURI().c_str() : Access.c_str() : Access.c_str(), LookupTag(Message, "Message").c_str()); + break; + case MessageType::URI_START: { if (Itm == nullptr) diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index 2fa5b0c..225acae 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -566,3 +566,35 @@ bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &Me return not MessageFile.Failed(); } /*}}}*/ +bool IsAssertedPubKeyAlgo(std::string const &pkstr, std::string const &option) /*{{{*/ +{ + auto fullAss = APT::String::Startswith(option, "APT::Key") ? _config->Find(option) : option; + for (auto &ass : VectorizeString(fullAss, ',')) + { + if (ass == pkstr) + return true; + // We only implement >= for rsa + if (APT::String::Startswith(ass, ">=rsa")) + { + if (not APT::String::Startswith(pkstr, "rsa")) + continue; + if (not std::all_of(ass.begin() + 5, ass.end(), isdigit)) + return _error->Error("Unrecognized public key specification '%s' in option %s: expect only digits after >=rsa", ass.c_str(), option.c_str()); + + int assBits = std::stoi(ass.substr(5)); + int pkBits = std::stoi(pkstr.substr(3)); + + if (pkBits >= assBits) + return true; + + continue; + } + if (ass.empty()) + return _error->Error("Empty item in public key assertion string option %s", option.c_str()); + if (not std::all_of(ass.begin(), ass.end(), [](char c) + { return isalpha(c) || isdigit(c); })) + return _error->Error("Unrecognized public key specification '%s' in option %s", ass.c_str(), option.c_str()); + } + return false; +} + /*}}}*/ diff --git a/apt-pkg/contrib/gpgv.h b/apt-pkg/contrib/gpgv.h index 1cabed4..1f3ef26 100644 --- a/apt-pkg/contrib/gpgv.h +++ b/apt-pkg/contrib/gpgv.h @@ -86,4 +86,5 @@ APT_PUBLIC bool SplitClearSignedFile(std::string const &InFile, FileFd * const C */ APT_PUBLIC bool OpenMaybeClearSignedFile(std::string const &ClearSignedFileName, FileFd &MessageFile); +APT_PUBLIC bool IsAssertedPubKeyAlgo(std::string const &pkstr, std::string const &option); #endif diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 487f94f..d71d954 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -131,7 +131,9 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.Set("APT::Build-Essential::", "build-essential"); Cnf.CndSet("APT::Install-Recommends", true); Cnf.CndSet("APT::Install-Suggests", false); - Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448"); + Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1"); + Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Next", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512"); + Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Future", ">=rsa3072,ed25519,ed448"); Cnf.CndSet("Dir","/"); // State diff --git a/apt-pkg/solver3.cc b/apt-pkg/solver3.cc index 67aa68d..0aec1ec 100644 --- a/apt-pkg/solver3.cc +++ b/apt-pkg/solver3.cc @@ -202,10 +202,10 @@ void APT::Solver::Work::Dump(pkgCache &cache) if (optional) std::cerr << "Optional "; std::cerr << "Item (" << ssize_t(size <= solutions.size() ? size : -1) << "@" << depth << (upgrade ? "u" : "") << ") "; - if (auto Pkg = reason.Pkg(); Pkg != 0) - std::cerr << pkgCache::PkgIterator(cache, cache.PkgP + Pkg).FullName(); - if (auto Ver = reason.Ver(); Ver != 0) - std::cerr << pkgCache::VerIterator(cache, cache.VerP + Ver).ParentPkg().FullName() << "=" << pkgCache::VerIterator(cache, cache.VerP + Ver).VerStr(); + if (auto Pkg = reason.Pkg(cache); not Pkg.end()) + std::cerr << Pkg.FullName(); + if (auto Ver = reason.Ver(cache); not Ver.end()) + std::cerr << Ver.ParentPkg().FullName() << "=" << Ver.VerStr(); std::cerr << " -> "; for (auto sol : solutions) { @@ -221,7 +221,7 @@ std::string APT::Solver::WhyStr(Reason reason) while (not reason.empty()) { - if (auto Pkg = pkgCache::PkgIterator(cache, cache.PkgP + reason.Pkg()); not Pkg.end()) + if (auto Pkg = reason.Pkg(cache); not Pkg.end()) { if ((*this)[Pkg].decision == Decision::MUSTNOT) out.push_back(std::string("not ") + Pkg.FullName()); @@ -229,7 +229,7 @@ std::string APT::Solver::WhyStr(Reason reason) out.push_back(Pkg.FullName()); reason = (*this)[Pkg].reason; } - if (auto Ver = pkgCache::VerIterator(cache, cache.VerP + reason.Ver()); not Ver.end()) + if (auto Ver = reason.Ver(cache); not Ver.end()) { if ((*this)[Ver].decision == Decision::MUSTNOT) out.push_back(std::string("not ") + Ver.ParentPkg().FullName() + "=" + Ver.VerStr()); diff --git a/apt-pkg/solver3.h b/apt-pkg/solver3.h index d460c95..96faaa6 100644 --- a/apt-pkg/solver3.h +++ b/apt-pkg/solver3.h @@ -219,6 +219,16 @@ struct APT::Solver::Reason { return IsVersion ? map_pointer{(uint32_t)MapPtr} : 0; } + // \brief Return the package iterator if storing a package, or an empty one + pkgCache::PkgIterator Pkg(pkgCache &cache) const + { + return IsVersion ? pkgCache::PkgIterator() : pkgCache::PkgIterator(cache, cache.PkgP + Pkg()); + } + // \brief Return the version iterator if storing a package, or an empty end. + pkgCache::VerIterator Ver(pkgCache &cache) const + { + return IsVersion ? pkgCache::VerIterator(cache, cache.VerP + Ver()) : pkgCache::VerIterator(); + } // \brief Check if there is no reason. bool empty() const { -- cgit v1.2.3