From b187daefdf89cba708626be16582bf9d0604aba3 Mon Sep 17 00:00:00 2001 From: Allan McRae Date: Sun, 6 Mar 2022 21:19:57 +1000 Subject: [PATCH] Do not use WKD to import keys for package installs from a file In order to use WKD in pacman -U/--upgrade operations, we need to get the packager information from the .PKGINFO within the package. That has obvious security implications. e.g. something like this could convince a user to download a different key to what they expect: packager = foo bar <>^[[2K^[[0G:: Import PGP key DEADBEEF, "foo While downloading an untrusted key has little impact due to the web-of-trust model used by pacman, this could be bad in combination with an exploit that allowed trust of keys in the keyring to be altered. To be safe, do not use WKD when installing using -U. Fixes FS#73703. Signed-off-by: Allan McRae (cherry picked from commit 632eb9739d23181996cc3f4fb069b81eb0e998c7) --- lib/libalpm/be_package.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c index 97e21382..4d0a9cf6 100644 --- a/lib/libalpm/be_package.c +++ b/lib/libalpm/be_package.c @@ -723,7 +723,6 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful int validation = 0; char *sigpath; alpm_pkg_t *pkg_temp; - char *packager; CHECK_HANDLE(handle, return -1); ASSERT(pkg != NULL, RET_ERR(handle, ALPM_ERR_WRONG_ARGS, -1)); @@ -749,13 +748,7 @@ int SYMEXPORT alpm_pkg_load(alpm_handle_t *handle, const char *filename, int ful char *key = k->data; if(_alpm_key_in_keychain(handle, key) == 0) { pkg_temp = _alpm_pkg_load_internal(handle, filename, full); - if(pkg_temp) { - packager = pkg_temp->packager; - - } else { - packager = NULL; - } - if(_alpm_key_import(handle, packager, key) == -1) { + if(_alpm_key_import(handle, NULL, key) == -1) { fail = 1; } _alpm_pkg_free(pkg_temp);