apt: update patches
***
This commit contains further changes to user agent string in addition
to introduced in fd66e2fe29.
Now it will send installation prefix obtained by /proc/self/exe. It
should resist patching `apt` with sed or in other way. Reminding that
installation prefix provided in user agent http header is intended for
distinguishing Termux from derivatives.
Here are sample lines from my mirror logs showing usage of Termux repo
by third-party projects:
```
162.158.103.43 - - [21/Jan/2021:09:46:43 +0200] "GET /dists/stable/Release HTTP/1.1" 304 0 "-" "Termux-PKG/1.0 mirror-checker (termux-tools 0.104) Termux (pl.sviete.dom; install-prefix:/data/data/pl.sviete.dom/files/usr)"
162.158.210.8 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/InRelease HTTP/1.1" 404 146 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
162.158.210.142 - - [20/Jan/2021:06:24:54 +0200] "GET /dists/stable/Release.gpg HTTP/1.1" 304 0 "-" "Debian APT-HTTP/1.3 (2.1.15) Termux (vn.vhn.vsc; install-prefix:/data/data/vn.vhn.vsc/files/usr)"
```
***
CloudFlare firewall for termux.org and termux-mirror.ml hosts would be
adjusted to block all requests which do not have install-prefix set or
if the latter doesn't match one of the Termux.
This commit is contained in:
Leonid Pliushch
parent
df64cf9d76
commit
c061024982
|
|
@ -1,6 +1,6 @@
|
|||
diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.cc apt-2.1.11.mod/apt-pkg/contrib/srvrec.cc
|
||||
--- apt-2.1.11/apt-pkg/contrib/srvrec.cc 2020-10-21 12:53:18.000000000 +0300
|
||||
+++ apt-2.1.11.mod/apt-pkg/contrib/srvrec.cc 2020-11-05 16:37:46.301044740 +0200
|
||||
diff -uNr apt-2.1.18/apt-pkg/contrib/srvrec.cc apt-2.1.18.mod/apt-pkg/contrib/srvrec.cc
|
||||
--- apt-2.1.18/apt-pkg/contrib/srvrec.cc 2021-01-13 18:37:30.000000000 +0200
|
||||
+++ apt-2.1.18.mod/apt-pkg/contrib/srvrec.cc 2021-02-03 21:38:17.382553856 +0200
|
||||
@@ -6,6 +6,7 @@
|
||||
|
||||
##################################################################### */
|
||||
|
|
@ -14,9 +14,9 @@ diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.cc apt-2.1.11.mod/apt-pkg/contrib/sr
|
|||
return selected;
|
||||
}
|
||||
+#endif
|
||||
diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.h apt-2.1.11.mod/apt-pkg/contrib/srvrec.h
|
||||
--- apt-2.1.11/apt-pkg/contrib/srvrec.h 2020-10-21 12:53:18.000000000 +0300
|
||||
+++ apt-2.1.11.mod/apt-pkg/contrib/srvrec.h 2020-11-05 16:37:46.301044740 +0200
|
||||
diff -uNr apt-2.1.18/apt-pkg/contrib/srvrec.h apt-2.1.18.mod/apt-pkg/contrib/srvrec.h
|
||||
--- apt-2.1.18/apt-pkg/contrib/srvrec.h 2021-01-13 18:37:30.000000000 +0200
|
||||
+++ apt-2.1.18.mod/apt-pkg/contrib/srvrec.h 2021-02-03 21:38:17.386553898 +0200
|
||||
@@ -8,6 +8,7 @@
|
||||
/*}}}*/
|
||||
#ifndef SRVREC_H
|
||||
|
|
@ -30,9 +30,9 @@ diff -uNr apt-2.1.11/apt-pkg/contrib/srvrec.h apt-2.1.11.mod/apt-pkg/contrib/srv
|
|||
|
||||
#endif
|
||||
+#endif
|
||||
diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
|
||||
--- apt-2.1.11/cmdline/apt-helper.cc 2020-10-21 12:53:18.000000000 +0300
|
||||
+++ apt-2.1.11.mod/cmdline/apt-helper.cc 2020-11-05 16:37:46.301044740 +0200
|
||||
diff -uNr apt-2.1.18/cmdline/apt-helper.cc apt-2.1.18.mod/cmdline/apt-helper.cc
|
||||
--- apt-2.1.18/cmdline/apt-helper.cc 2021-01-13 18:37:30.000000000 +0200
|
||||
+++ apt-2.1.18.mod/cmdline/apt-helper.cc 2021-02-03 21:38:17.386553898 +0200
|
||||
@@ -106,6 +106,7 @@
|
||||
|
||||
return true;
|
||||
|
|
@ -49,7 +49,7 @@ diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
|
|||
static const APT::Configuration::Compressor *FindCompressor(std::vector<APT::Configuration::Compressor> const &compressors, std::string const &name) /*{{{*/
|
||||
{
|
||||
APT::Configuration::Compressor const * compressor = NULL;
|
||||
@@ -303,7 +305,9 @@
|
||||
@@ -311,7 +313,9 @@
|
||||
{
|
||||
return {
|
||||
{"download-file", &DoDownloadFile, _("download the given uri to the target-path")},
|
||||
|
|
@ -59,9 +59,9 @@ diff -uNr apt-2.1.11/cmdline/apt-helper.cc apt-2.1.11.mod/cmdline/apt-helper.cc
|
|||
{"cat-file", &DoCatFile, _("concatenate files, with automatic decompression")},
|
||||
{"auto-detect-proxy", &DoAutoDetectProxy, _("detect proxy using apt.conf")},
|
||||
{"wait-online", &DoWaitOnline, _("wait for system to be online")},
|
||||
diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
|
||||
--- apt-2.1.11/methods/connect.cc 2020-10-21 12:53:18.000000000 +0300
|
||||
+++ apt-2.1.11.mod/methods/connect.cc 2020-11-05 16:42:47.459060807 +0200
|
||||
diff -uNr apt-2.1.18/methods/connect.cc apt-2.1.18.mod/methods/connect.cc
|
||||
--- apt-2.1.18/methods/connect.cc 2021-01-13 18:37:30.000000000 +0200
|
||||
+++ apt-2.1.18.mod/methods/connect.cc 2021-02-03 21:41:48.220687372 +0200
|
||||
@@ -49,7 +49,9 @@
|
||||
static struct addrinfo *LastHostAddr = 0;
|
||||
static struct addrinfo *LastUsed = 0;
|
||||
|
|
@ -72,17 +72,18 @@ diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
|
|||
|
||||
// Set of IP/hostnames that we timed out before or couldn't resolve
|
||||
static std::set<std::string> bad_addr;
|
||||
@@ -486,6 +488,9 @@
|
||||
if (ConnectionAllowed(Service, Host) == false)
|
||||
return ResultState::FATAL_ERROR;
|
||||
@@ -486,6 +488,10 @@
|
||||
// Used by getaddrinfo(); prefer port if given, else fallback to service
|
||||
std::string ServiceNameOrPort = Port != 0 ? std::to_string(Port) : Service;
|
||||
|
||||
+size_t stackSize = 0;
|
||||
+ size_t stackSize = 0;
|
||||
+
|
||||
+#ifndef __ANDROID__
|
||||
if(LastHost != Host || LastPort != Port)
|
||||
+
|
||||
if(LastHost != Host || LastService != ServiceNameOrPort)
|
||||
{
|
||||
SrvRecords.clear();
|
||||
@@ -503,7 +508,6 @@
|
||||
@@ -503,7 +509,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -90,7 +91,7 @@ diff -uNr apt-2.1.11/methods/connect.cc apt-2.1.11.mod/methods/connect.cc
|
|||
// try to connect in the priority order of the srv records
|
||||
std::string initialHost{std::move(Host)};
|
||||
auto const initialPort = Port;
|
||||
@@ -525,6 +529,7 @@
|
||||
@@ -525,6 +530,7 @@
|
||||
}
|
||||
Host = std::move(initialHost);
|
||||
Port = initialPort;
|
||||
|
|
|
|||
|
|
@ -1,22 +1,57 @@
|
|||
diff -uNr apt-2.1.14/methods/http.cc apt-2.1.14.mod/methods/http.cc
|
||||
--- apt-2.1.14/methods/http.cc 2020-12-15 15:07:36.000000000 +0200
|
||||
+++ apt-2.1.14.mod/methods/http.cc 2020-12-24 16:23:15.722168489 +0200
|
||||
@@ -341,7 +341,7 @@
|
||||
diff -uNr apt-2.1.18/methods/http.cc apt-2.1.18.mod/methods/http.cc
|
||||
--- apt-2.1.18/methods/http.cc 2021-01-13 18:37:30.000000000 +0200
|
||||
+++ apt-2.1.18.mod/methods/http.cc 2021-02-03 22:06:04.242782879 +0200
|
||||
@@ -341,7 +341,26 @@
|
||||
Req << "Proxy-Authorization: Basic "
|
||||
<< Base64Encode(Proxy.User + ":" + Proxy.Password) << "\r\n";
|
||||
|
||||
- Req << "User-Agent: " << Owner->ConfigFind("User-Agent", "Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")") << "\r\n";
|
||||
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:@TERMUX_PREFIX@)" << "\r\n";
|
||||
+ // Determine the actual installation prefix to send as part of user-agent string.
|
||||
+ // Mirrors can use this information to distinguish legit Termux installations from
|
||||
+ // third parties using Termux repositories.
|
||||
+ char binPath[PATH_MAX] = {0};
|
||||
+ ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
|
||||
+ if (binPathLen != -1) {
|
||||
+ binPath[binPathLen] = '\0';
|
||||
+
|
||||
+ char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
|
||||
+ if (aptMethodsSub) {
|
||||
+ // Cut /lib/apt/methods.. from prefix, if possible.
|
||||
+ aptMethodsSub[0] = '\0';
|
||||
+ }
|
||||
+ } else {
|
||||
+ // Use hardcoded as fallback.
|
||||
+ // Mostly useless as will help to detect only binary-patched apt.
|
||||
+ strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
|
||||
+ }
|
||||
+
|
||||
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath <<")" << "\r\n";
|
||||
|
||||
Req << "\r\n";
|
||||
|
||||
@@ -955,8 +955,7 @@
|
||||
@@ -954,8 +973,23 @@
|
||||
Req << "Authorization: Basic "
|
||||
<< Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";
|
||||
|
||||
- Req << "User-Agent: " << ConfigFind("User-Agent",
|
||||
- "Debian APT-HTTP/1.3 (" PACKAGE_VERSION ")");
|
||||
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:@TERMUX_PREFIX@)";
|
||||
+ char binPath[PATH_MAX] = {0};
|
||||
+ ssize_t binPathLen = readlink("/proc/self/exe", binPath, sizeof(binPath)-1);
|
||||
+ if (binPathLen != -1) {
|
||||
+ binPath[binPathLen] = '\0';
|
||||
+
|
||||
+ char *aptMethodsSub = strstr(binPath, "/lib/apt/methods");
|
||||
+ if (aptMethodsSub) {
|
||||
+ // Cut /lib/apt/methods.. from prefix, if possible.
|
||||
+ aptMethodsSub[0] = '\0';
|
||||
+ }
|
||||
+ } else {
|
||||
+ // Use hardcoded as fallback.
|
||||
+ // Mostly useless as will help to detect only binary-patched apt.
|
||||
+ strncpy(binPath, "@TERMUX_PREFIX@", PATH_MAX - 1);
|
||||
+ }
|
||||
+
|
||||
+ Req << "User-Agent: Debian APT-HTTP/1.3 (" PACKAGE_VERSION ") Termux (@TERMUX_APP_PACKAGE@; install-prefix:" << binPath << ")";
|
||||
|
||||
#ifdef HAVE_SYSTEMD
|
||||
if (ConfigFindB("User-Agent-Non-Interactive", false))
|
||||
|
|
|
|||
Loading…
Reference in New Issue