[Git][pacman/pacman][master] 7 commits: Ensure WKD key lookup returns the correct key

Allan McRae (@allan) allan at archlinux.org
Mon Mar 7 23:58:19 UTC 2022



Allan McRae pushed to branch master at Pacman / Pacman


Commits:
e1246bad by Allan McRae at 2022-03-06T19:57:09+10:00
Ensure WKD key lookup returns the correct key

Looking up a key using WKD just ensures you have a key with the
same email address, it does not ensure that a key with the correct
fingerprint has been downloaded.

Check a key with the relevant fingerprint is available after a
WKD import.

- - - - -
6b37d994 by Allan McRae at 2022-03-06T20:36:59+10:00
Fix segfault when failing to import keys

Avoid a segfault when a search of the keyserver returns that the
key is found but returns no primary IDs.  We are then likely going
to fail the import, but attempt anyway because no-one know what
a keyserver will do!

Fixes FS#73534.

Signed-off-by: Allan McRae <allan at archlinux.org>

- - - - -
632eb973 by Allan McRae at 2022-03-06T21:25:30+10:00
Do not use WKD to import keys for package installs from a file

In order to use WKD in pacman -U/--upgrade operations, we need to
get the packager information from the .PKGINFO within the package.
That has obvious security implications. e.g. something like this
could convince a user to download a different key to what they
expect:

packager = foo bar <>^[[2K^[[0G:: Import PGP key DEADBEEF, "foo <bar>

While downloading an untrusted key has little impact due to the
web-of-trust model used by pacman, this could be bad in combination
with an exploit that allowed trust of keys in the keyring to be
altered.

To be safe, do not use WKD when installing using -U.

Fixes FS#73703.

Signed-off-by: Allan McRae <allan at archlinux.org>

- - - - -
40583ebe by Allan McRae at 2022-03-06T21:49:56+10:00
Avoid information leakage with badly formed download header

Parsing of Content-Disposition relies on well formed headers.
A malformed header such as:

Content-Disposition="";

will result in a strnduppayload->content_disp_name, -1, ptr),
which will copy memory until it hits a \0.

Prevent this by only copying the value if it exists.

Fixes FS#73704.

Signed-off-by: Allan McRae <allan at archlinux.org>

- - - - -
293762ea by Andrew Gregory at 2022-03-07T20:37:01+10:00
query: only strip leading local/ for db packages

Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>

- - - - -
221905b5 by Andrew Gregory at 2022-03-07T20:37:45+10:00
query: allow querying extra info for package files

Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
Signed-off-by: Allan McRae <allan at archlinux.org>

- - - - -
bddfcc3f by morganamilo at 2022-03-08T09:56:53+10:00
libalpm: add getter for handle on db and pkg

db and pkg store a pointer to the handle for internal use but don't
actually provide a way for a user to get it.

Making this accessible is more convenient for front ends and FFI
wrappers.

For example, in other languages it's common to return the error value
directly. To achieve this the python and rust wrappers also store their
own pointer to the handle inside their own pkg/db wrappers.

Exposing this would allow the wrappers to forgo the extra pointer and
just return `pkg.get_handle().last_error()`.

- - - - -


7 changed files:

- lib/libalpm/alpm.h
- lib/libalpm/be_package.c
- lib/libalpm/db.c
- lib/libalpm/dload.c
- lib/libalpm/package.c
- lib/libalpm/signing.c
- src/pacman/query.c


View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/7340fb9b2e070ac90f07466212f4cc9248b0db4a...bddfcc3f40ce1a19d4c9552cddbf2cab07c94d4b

-- 
View it on GitLab: https://gitlab.archlinux.org/pacman/pacman/-/compare/7340fb9b2e070ac90f07466212f4cc9248b0db4a...bddfcc3f40ce1a19d4c9552cddbf2cab07c94d4b
You're receiving this email because of your account on gitlab.archlinux.org.




More information about the pacman-dev mailing list