From 179b27be1e4cf4e68ccb9df64c64156dbb7b3820 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 7 Aug 2024 15:28:44 +0200
Subject: Adding upstream version 2.9.7.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 methods/aptmethod.h | 12 ++++++++++--
 methods/gpgv.cc     | 21 +++++++++++++++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)

(limited to 'methods')

diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index 26b8c0b..1c24f3a 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -448,7 +448,7 @@ protected:
       return true;
    }
 
-   void Warning(std::string &&msg)
+   void Message(std::string &&msg, std::string code)
    {
       std::unordered_map<std::string, std::string> fields;
       if (Queue != 0)
@@ -458,7 +458,15 @@ protected:
       if (not UsedMirror.empty())
 	 fields.emplace("UsedMirror", UsedMirror);
       fields.emplace("Message", std::move(msg));
-      SendMessage("104 Warning", std::move(fields));
+      SendMessage(code, std::move(fields));
+   }
+   void Warning(std::string &&msg)
+   {
+      return Message(std::move(msg), "104 Warning");
+   }
+   void Audit(std::string &&msg)
+   {
+      return Message(std::move(msg), "105 Audit");
    }
 
    bool TransferModificationTimes(char const * const From, char const * const To, time_t &LastModified) APT_NONNULL(2, 3)
diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index 20ef286..4a08665 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -112,6 +112,7 @@ struct APT_HIDDEN SignersStorage {
    std::vector<Signer> Worthless;
    // a worthless signature is a expired or revoked one
    std::vector<Signer> SoonWorthless;
+   std::vector<Signer> LaterWorthless;
    std::vector<std::string> NoPubKey;
    std::vector<std::string> Valid;
    std::vector<std::string> SignedBy;
@@ -261,6 +262,17 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
 					      { return IsTheSameKey(fpr, goodsig); }),
 			       Signers.Good.end());
 	 }
+	 else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Next"))
+	 {
+	    std::string reason;
+	    Signers.SoonWorthless.push_back({fpr, pkstr});
+	 }
+	 else if (not IsAssertedPubKeyAlgo(pkstr, "APT::Key::Assert-Pubkey-Algo::Future"))
+	 {
+	    std::string reason;
+	    strprintf(reason, _("%s will be deprecated in a future release"), pkstr.c_str());
+	    Signers.LaterWorthless.push_back({fpr, reason});
+	 }
       }
       else if (strncmp(buffer, GNUPGGOODSIG, sizeof(GNUPGGOODSIG)-1) == 0)
 	 PushEntryWithKeyID(Signers.Good, buffer, Debug);
@@ -420,6 +432,8 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
       std::for_each(Signers.Worthless.begin(), Signers.Worthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
       std::cerr << "\n  SoonWorthless: ";
       std::for_each(Signers.SoonWorthless.begin(), Signers.SoonWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
+      std::cerr << "\n  LaterWorthless: ";
+      std::for_each(Signers.LaterWorthless.begin(), Signers.LaterWorthless.end(), [](Signer const &sig) { std::cerr << sig.key << ", "; });
       std::cerr << "\n  NoPubKey: ";
       implodeVector(Signers.NoPubKey, std::cerr, ", ");
       std::cerr << "\n  Signed-By: ";
@@ -565,6 +579,13 @@ bool GPGVMethod::URIAcquire(std::string const &Message, FetchItem *Itm)
 	 strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str());
          Warning(std::move(msg));
       }
+      for (auto const &Signer : Signers.LaterWorthless)
+      {
+	 std::string msg;
+	 // TRANSLATORS: The second %s is the reason and is untranslated for repository owners.
+	 strprintf(msg, _("Signature by key %s uses weak algorithm (%s)"), Signer.key.c_str(), Signer.note.c_str());
+	 Audit(std::move(msg));
+      }
    }
 
    if (Signers.Good.empty() || !Signers.Bad.empty() || !Signers.NoPubKey.empty())
-- 
cgit v1.2.3