1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

use pycurl instead of urllib2 when talking to launchpad to actually get SSL cert verification, see https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210 or CVE-2011-4407 for a previous similar issue in software-properties

This commit is contained in:
Michael Vogt 2013-08-13 17:37:25 +02:00 committed by James Cammarata
parent c4852f6954
commit 5e56d42ed1

View file

@ -67,7 +67,7 @@ import json
import os
import re
import tempfile
import urllib2
import pycurl
try:
import apt_pkg
@ -80,6 +80,12 @@ except ImportError:
VALID_SOURCE_TYPES = ('deb', 'deb-src')
class CurlCallback:
def __init__(self):
self.contents = ''
def body_callback(self, buf):
self.contents = self.contents + buf
class InvalidSource(Exception):
pass
@ -250,8 +256,17 @@ class UbuntuSourcesList(SourcesList):
def _get_ppa_info(self, owner_name, ppa_name):
lp_api = 'https://launchpad.net/api/1.0/~%s/+archive/%s' % (owner_name, ppa_name)
connection = urllib2.urlopen(lp_api, timeout=30)
return json.loads(connection.read())
callback = CurlCallback()
curl = pycurl.Curl()
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
curl.setopt(pycurl.WRITEFUNCTION, callback.body_callback)
curl.setopt(pycurl.URL, str(lp_api))
curl.setopt(pycurl.HTTPHEADER, ["Accept: application/json"])
curl.perform()
curl.close()
lp_page = callback.contents
return json.loads(lp_page)
def _expand_ppa(self, path):
ppa = path.split(':')[1]