Software Properties

Merge lp:~cyphermox/software-properties/lp1036839 into lp:software-properties

  1. lp1036839
  2. Merge into main
Proposed by Mathieu Trudel-Lapierre
Status: Merged
Merge reported by: Marc Deslauriers
Merged at revision: not available
Proposed branch: lp:~cyphermox/software-properties/lp1036839
Merge into: lp:software-properties
Diff against target: 141 lines (+57/-16)
3 files modified
add-apt-repository (+4/-3)
debian/changelog (+8/-1)
softwareproperties/ppa.py (+45/-12)
To merge this branch: bzr merge lp:~cyphermox/software-properties/lp1036839
Reviewer Review Type Date Requested Status
Marc Deslauriers Approve
Review via email: mp+119753@code.launchpad.net
To post a comment you must log in.
lp:~cyphermox/software-properties/lp1036839 updated
788. By Mathieu Trudel-Lapierre

ppa: Update comment for LAUNCHPAD_PPA_CERT; we don't want people to ever set it
to None; which would mean "don't check certs".

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Looks good, thanks! ACK

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'add-apt-repository'
2--- add-apt-repository 2012-07-10 08:55:00 +0000
3+++ add-apt-repository 2012-08-16 18:51:31 +0000
4@@ -17,7 +17,8 @@
5 try:
6 from urllib.error import HTTPError, URLError
7 except ImportError:
8- from urllib2 import HTTPError, URLError
9+ import pycurl
10+ HTTPError = pycurl.error
11
12 def _maybe_suggest_ppa_name_based_on_user(user):
13 try:
14@@ -109,7 +110,7 @@
15
16 # display PPA info (if needed)
17 if line.startswith("ppa:") and not options.assume_yes:
18- from softwareproperties.ppa import get_ppa_info_from_lp, LAUNCHPAD_PPA_API
19+ from softwareproperties.ppa import PPAException, get_ppa_info_from_lp, LAUNCHPAD_PPA_API
20 user, sep, ppa_name = line.split(":")[1].partition("/")
21 ppa_name = ppa_name or "ppa"
22 try:
23@@ -123,7 +124,7 @@
24 # exists. If it exists, list down the PPAs
25 _maybe_suggest_ppa_name_based_on_user(user)
26 sys.exit(1)
27- except (ValueError, URLError):
28+ except (ValueError, PPAException):
29 print(_("Cannot access PPA (%s) to get PPA information, "
30 "please check your internet connection.") % \
31 (LAUNCHPAD_PPA_API % (user, ppa_name)))
32
33=== modified file 'debian/changelog'
34--- debian/changelog 2012-08-15 07:11:41 +0000
35+++ debian/changelog 2012-08-16 18:51:31 +0000
36@@ -5,7 +5,14 @@
37 - Fixed the source code checkbox and the submit statistics
38 checkbox labels to be left-aligned instead of centered.
39
40- -- Michael Vogt <michael.vogt@ubuntu.com> Wed, 15 Aug 2012 09:10:56 +0200
41+ [ Mathieu Trudel-Lapierre ]
42+ * Reinstate pycurl to use for getting PPA information from Launchpad, since
43+ it can actually verify SSL certificates with python2. Also set
44+ LAUNCHPAD_PPA_CERT so that it's a valid path to the system CA certificates
45+ bundle to use for urllib and pycurl. (LP: #1036839)
46+ - CVE-2012-0955
47+
48+ -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Wed, 15 Aug 2012 13:18:05 -0400
49
50 software-properties (0.91) quantal; urgency=low
51
52
53=== modified file 'softwareproperties/ppa.py'
54--- softwareproperties/ppa.py 2012-07-05 13:32:44 +0000
55+++ softwareproperties/ppa.py 2012-08-16 18:51:31 +0000
56@@ -28,18 +28,31 @@
57 from threading import Thread
58
59 try:
60- import urllib.request as urllib2
61+ import urllib.request
62 from urllib.error import URLError
63 import urllib.parse
64 except ImportError:
65- import urllib2
66+ import pycurl
67
68 DEFAULT_KEYSERVER = "hkp://keyserver.ubuntu.com:80/"
69 # maintained until 2015
70 LAUNCHPAD_PPA_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s'
71-# None means use the system default SSL store.
72-# Otherwise a path to a file is expected (as a bundle of certs)
73-LAUNCHPAD_PPA_CERT = None
74+# Specify to use the system default SSL store; change to a different path
75+# to test with custom certificates.
76+LAUNCHPAD_PPA_CERT = "/etc/ssl/certs/ca-certificates.crt"
77+
78+class CurlCallback:
79+ def __init__(self):
80+ self.contents = ''
81+
82+ def body_callback(self, buf):
83+ self.contents = self.contents + buf
84+
85+class PPAException(Exception):
86+ def __init__(self, value):
87+ self.value = value
88+ def __str__(self):
89+ return repr(self.value)
90
91 def encode(s):
92 return re.sub("[^a-zA-Z0-9_-]","_", s)
93@@ -70,12 +83,32 @@
94 # we ask for a JSON structure from lp_page, we could use
95 # simplejson, but the format is simple enough for the regexp
96 # only useful for testing
97- request = urllib2.Request(str(lp_url), headers={"Accept":" application/json"})
98 try:
99- lp_page = urllib2.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
100- except TypeError:
101- lp_page = urllib2.urlopen(request)
102- return json.loads(lp_page.read().decode("utf-8", "strict"))
103+ try:
104+ request = urllib.request.Request(str(lp_url), headers={"Accept":" application/json"})
105+ lp_page = urllib.request.urlopen(request, cafile=LAUNCHPAD_PPA_CERT)
106+ json_data = lp_page.read().decode("utf-8", "strict")
107+ except URLError as e:
108+ raise PPAException("Error reading %s: %s" % (lp_url, e.reason))
109+ except PPAException:
110+ raise
111+ except:
112+ try:
113+ callback = CurlCallback()
114+ curl = pycurl.Curl()
115+ curl.setopt(pycurl.SSL_VERIFYPEER, 1)
116+ curl.setopt(pycurl.SSL_VERIFYHOST, 2)
117+ curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
118+ if LAUNCHPAD_PPA_CERT:
119+ curl.setopt(pycurl.CAINFO, LAUNCHPAD_PPA_CERT)
120+ curl.setopt(pycurl.URL, str(lp_url))
121+ curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
122+ curl.perform()
123+ curl.close()
124+ json_data = callback.contents
125+ except pycurl.error as e:
126+ raise PPAException("Error reading %s: %s" % (lp_url, e[1]))
127+ return json.loads(json_data)
128
129 class AddPPASigningKeyThread(Thread):
130 " thread class for adding the signing key in the background "
131@@ -98,8 +131,8 @@
132 owner_name, ppa_name, distro = ppa_path[1:].split('/')
133 try:
134 ppa_info = get_ppa_info_from_lp(owner_name, ppa_name)
135- except URLError as e:
136- print("Error reading %s: %s" % (lp_url, e.strerror))
137+ except PPAException as e:
138+ print(e.value)
139 return False
140 try:
141 signing_key_fingerprint = ppa_info["signing_key_fingerprint"]

Subscribers

People subscribed via source and target branches

to status/vote changes: