Last commit made on 2020-01-23
Get this branch:
git clone -b debian/jessie

Branch merges

Branch information


Recent commits

9ec0391... by Julian Andres Klode


9778209... by Marc Deslauriers

SECURITY REGRESSION: crash with ubuntu-release-upgrader

- apt/ make allow_unauthenticated argument to
  fetch_archives() optional.

LP: #1860606
Gbp-Dch: full

a8a3301... by Julian Andres Klode

testcommon: Avoid reading host apt.conf files

Unset APT_CONFIG, and set the config file locations to /dev/null
before calling init_config(), so we don't get influenced by the
host system.

Restore the values afterwards so that you can use apt.conf files
in a rootdir you pass to apt.Cache().

6de4d46... by Julian Andres Klode

Do not require strong hashes, as in apt

APT does not require strong hashes on precise, trusty, and jessie;
hence go back to that behavior as well.

c4ba865... by Julian Andres Klode

apt/ Check for unauthenticated in fetch_archives/commit

This follows the same behavior as for fetch_binary() /
fetch_source(), it is a follow-up to

LP: #1858973

1.8 backport: Remove with InstallProgress()

(cherry picked from commit b6a5b814074e78f9b78f171ee7ab5a55fcb9dda5)
(cherry picked from commit 1567b0aa475740f96dfb721be829db645bcf595e)

Backport changes in test: Enable the crashing tests.

(cherry picked from commit 263d0df7b4c4ffb0a97a43bc46dbfa0894cc33cb)

211d4c5... by Julian Andres Klode Add test case for security bugs

This checks all 4 variants of signed x usable hashes, by builting
a package each. And then checks for all variants of the
allow_unauthenticated parameter.

We need to provide assertRaisesRegex for Pythons < 3.1, so we
can test there as well.

(cherry picked from commit 8b527257c55b88310c315b5c588940626cf206ef)
(cherry picked from commit 315ec78ab98d16de2f8c36e8646bb9e11c26bcc6)

Backport to xenial: Set trusted=yes for signed repo, as signing check
does not work, because apt-key always uses host keys.

(cherry picked from commit de31eee5cf3f816d8675aa36888a2bafe96c9d3d)

70f6a52... by Julian Andres Klode

apt/package: Add allow_unauthenticated parameter

If allow_unauthenticated is not set, reject hashes other than

(cherry picked from commit 59a26938489af8bf4e4c326c4d50ff5ba2ba9f85)
(cherry picked from commit 51eac2e007911b52630881bc228d8bb2505962a3)
(cherry picked from commit 5f4d7114dc578142364c4cec05b0937856f5317b)
(cherry picked from commit 192dc55a5068a6d5e3faee6fada63c1e56dfce92)

fa5ffb3... by Julian Andres Klode

Version.fetch_{binary,source}: Check that the repository is trusted

Only fetch binaries and sources from trusted repositories, as
otherwise the hashes are fairly meaningless.

(cherry picked from commit feaf536a2fc4b76e74073f27e868f60fcb3cb8a8)

LP: #1858973

(cherry picked from commit 01c56933d07ffdf24351396b99ce29c3162abf4d)
(cherry picked from commit fac8c9c31c8d63b51ecd57e366a667291aa2cf1b)
(cherry picked from commit 286d9f90948d453326e98cb37aad0fb9763a9dd7)

f935fd4... by Julian Andres Klode

apt/ Use strongest avaialble hash when fetching

Use the strongest hash available when fetching binaries and
source packages. This requires a bit of trickery compared to
later releases where HashStringList is supported everywhere,
but it's not that bad.

We do not reject files with only untrusted hashes, placing
the burden of making the repository safe on the signer.

Closes: #944696
LP: #1858972

f359705... by Julian Andres Klode

Add .gitlab-ci.yml to run CI testing

(cherry picked from commit d45a6ed1c5d1a12a7694acebf8c23f111ae02af4)