From eb81e2f505684ffa0fcd0a461027af2d3b471a90 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Tue, 22 Sep 2020 13:50:32 +0200
Subject: aptcc: Do not trust local debs (CVE-2020-16122)

Debs do not have signatures on their own, so they are always
untrusted.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1882098
---
 backends/aptcc/apt-intf.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/backends/aptcc/apt-intf.cpp b/backends/aptcc/apt-intf.cpp
index fb594b628..2a49928d4 100644
--- a/backends/aptcc/apt-intf.cpp
+++ b/backends/aptcc/apt-intf.cpp
@@ -124,6 +124,16 @@ bool AptIntf::init(gchar **localDebs)
     // Create the AptCacheFile class to search for packages
     m_cache = new AptCacheFile(m_job);
     if (localDebs) {
+        PkBitfield flags = pk_backend_job_get_transaction_flags(m_job);
+        if (pk_bitfield_contain(flags, PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED)) {
+            // We are NOT simulating and have untrusted packages
+            // fail the transaction.
+            pk_backend_job_error_code(m_job,
+                                  PK_ERROR_ENUM_CANNOT_INSTALL_REPO_UNSIGNED,
+                                  "Local packages cannot be authenticated");
+            return false;
+        }
+
         for (int i = 0; i < g_strv_length(localDebs); ++i) {
             markFileForInstall(localDebs[i]);
         }
-- 
cgit v1.2.3