QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
51d74f777d
qubes-core-admin-linux/dom0-updates
History
Marek Marczykowski-Górecki 51d74f777d
Fix various issues with qubes-dom0-update 
- fix unescaped dot in package_regex
- if any package fails verification, remove the whole directory, not
only that single package
- abort (and remove the whole directory) on any exception
- don't include file name in the error message, if it failed
verification

This, among other things, fix handling symlinks and directories sent by
potentially malicious UpdateVM. os.remove() can't remove non-empty
directories, so it would fail.
Fortunately metadata is created only after successful verification, so
dnf/yum wouldn't touch packages that failed verification and also
weren't removed. But make the code better handle such situations.

Reported-by: Hans Jerry Illikainen <hji@dyntopia.com>
(cherry picked from commit e5e006d933)
2019-10-09 05:04:12 +02:00
..
Makefile Add -Wextra -Werror to all C compile flags 2014-02-16 10:29:22 +01:00
patch-dnf-yum-config dom-updates: drop 'distroverpkg' from dnf.conf 2018-12-04 21:04:14 +01:00
qfile-dom0-unpacker.c Fix -Wextra warnings 2014-02-16 10:29:06 +01:00
qubes-cached.repo dom0-updates code 2013-03-16 18:54:21 +01:00
qubes-dom0-update qubes-dom0-update: Quote arguments 2019-09-10 03:55:28 +02:00
qubes-dom0-updates.cron dom0-updates: use qvm-service for disabling dom0 updates check 2018-12-04 21:04:09 +01:00
qubes-receive-updates Fix various issues with qubes-dom0-update 2019-10-09 05:04:12 +02:00
qubes.ReceiveUpdates dom0-updates code 2013-03-16 18:54:21 +01:00
qubes.ReceiveUpdates.policy dom0-updates code 2013-03-16 18:54:21 +01:00