Conversation
dgagn
changed the title
|
Thanks for the contribution. What problem does this fix? What's sipwise and why that mirror explicitly? |
The problem is that some version of libc, such as |
pwnlib/libcdb.py
Outdated
| yield 'https://launchpad.net/ubuntu/+archive/primary/+files/libc6_{}_{}.deb'.format(libc_version, libc.arch) | ||
|
|
||
| # check debian.sipwise.com if it's a debian libc | ||
| maybe_deb_version = maybe_deb_version.split('/')[-1] |
There was a problem hiding this comment.
This throws AttributeError if maybe_deb_version is None, please move under the if below.
| maybe_deb_version = None | ||
| if libc_match is not None: | ||
| for match in libc_match: | ||
| # Allow to override url with a caching proxy in CI |
There was a problem hiding this comment.
We still need this in our testing pipeline to get a speedup.
pwnlib/libcdb.py
Outdated
| # check debian.sipwise.com if it's a debian libc | ||
| maybe_deb_version = maybe_deb_version.split('/')[-1] | ||
| if maybe_deb_version is not None: | ||
| yield 'https://debian.sipwise.com/debian-security/pool/main/g/glibc/{}'.format(maybe_deb_version) |
There was a problem hiding this comment.
We should maybe (?) verify debian signatures if this is a third-party db. I just realized the same goes for our http urls by the way (MITM and so on).
There was a problem hiding this comment.
Perfect, i'll figure this out, thank you.
|
@dgagn Poke! Do you still plan on working on this PR? |
|
I think instead of hardcoding a thirdparty apt mirror we should look into some way to allow to add additional mirrors via e.g. an environment variable and/or argument to |
3 participants
This PR extends
_find_libc_package_lib_urlto support Debian-based libc packages from the SIPWISE security mirror. It's useful forGLIBC 2.36-9+deb12u6.