At Tue, 06 Mar 2012 02:29:25 +0100, Simon Ruderich wrote: > > Package: pbuilder > Version: 0.206 > Tags: patch > Followup-For: Bug #579028 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Dear Maintainer, > > The attached patch changes the defaults to always enforce signed > repositories and aborts if an untrusted/manipulated package is > installed. It adds the new option --keyring (APTKEYRINGS) to add > additional keyrings, which are then used to verify the (local) > signed repositories. This way no untrusted packages can be > installed. > > To still allow untrusted/unsigned repositories - they are a very > bad idea and allow remote attackers performing a MITM to take > over the system, including all built packages - the new option > - --allow-untrusted (ALLOWUNTRUSTED) was added. > > I tested it with the official Debian repository, signed and > unsigned local repositories and it works fine for me. But I'm > only a "normal" pbuilder user, so I might have missed something. > Please test the patch. > > I haven't tested it with cdebootstrap, but it should work as > well.
I think cowbuilder/qemubuilder won't let you an unknown arbitrary option to pbuilder; you'll need to add a patch there as well. I don't know if pdebuild will need any change; I guess not. > > The old PBUILDERSATISFYDEPENDSOPT --check-key option was > deprecated and is no longer used (it emits a warning now) as > validation is the default now. > > The patch also contains documentation updates for the new > options/variables and updates for the NEWS file describing the > necessary changes to continue using untrusted packages (but > please don't do that - especially as a Debian developer). > > Please have a look and include the patch as soon as possible to > fix this security issue. > > Regards, > Simon > > - -- System Information: > Debian Release: wheezy/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages pbuilder depends on: > ii cdebootstrap 0.5.8+b1 > ii coreutils 8.13-3 > ii debconf [debconf-2.0] 1.5.41 > ii debianutils 4.2.1 > ii debootstrap 1.0.38 > ii dpkg-dev 1.16.1.2 > ii wget 1.13.4-2 > > Versions of packages pbuilder recommends: > pn devscripts 2.11.4 > pn fakeroot 1.18.2-1 > pn sudo <none> > > Versions of packages pbuilder suggests: > pn cowdancer <none> > pn gdebi-core <none> > pn pbuilder-uml <none> > > - -- debconf information excluded > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3 > uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv > IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN > j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD > gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI > PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg > Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ > 7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7 > 0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j > Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l > MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH > oF3CcmlykKX4SYzhUI/e > =6EPj > -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
