summaryrefslogtreecommitdiff
path: root/lib/libalpm
AgeCommit message (Collapse)Author
2017-01-04alpm_fetch_pkgurl: fix memory leakAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Fix memory leak in alpm_pkg_checkmd5sumAllan McRae
Also remove redundant additional return path. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Add alpm_pkg_get_makedepends and alpm_pkg_get_checkdependsMark Weiman
makepkg adds makedepends and checkdepends to a package's .PKGINFO file. Add functions that allow use of these from libalpm. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04filelist_sort: check if filelist is presortedAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04add _alpm_filelist_sortAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04find_fileconflicts: rename tmpfiles -> newfilesAndrew Gregory
The files belong to the new version of a package being installed, they are not temporary in any way. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04conflict: skip dir children when replacing a fileAndrew Gregory
When replacing a file with a directory, any files under that directory do not need to be checked for conflicts. This prevents possible false-positive conflicts where the file being replaced is a symlink. We were already skipping the directory children when the file was owned by the previous version of a package being upgraded. This extends that to other packages being removed. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04dload: s/CURLOPT_WRITEHEADER/CURLOPT_HEADERDATA/Dave Reisner
The former is really old, and should be avoided. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04extract db files with dbonlyAndrew Gregory
Some database files (install, mtree, and changelog) are extracted directly from the package, but DBONLY was skipping extraction altogether, causing those files to be missing after the transaction. Fixes #52052 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05be_local: remove unused error returnAndrew Gregory
LAZY_LOAD has completely ignored the errret value since commit 307a6de17a3bca9f8666b33aa3fb9a8dd88c300b in 2011. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Parametrise the different ways in which the payload is resetMartin Kühne
In FS#43434, Downloads which fail and are restarted on a different server will resume and may display a negative download speed. The payload's progress in libalpm was not properly reset which ultimately caused terminal noise because the line width calculation assumes positive download speeds. This patch fixes the incomplete reset of the payload by mimicing what be_sync.c:alpm_db_update() does over in sync.c:download_single_file(). The new dload.c:_alpm_dload_payload_reset_for_retry() extends beyond the current behavior by updating initial_size and prevprogress for this case. This makes pacman reset the progress properly in the next invocation of the callback and display positive download speeds. Fixes FS#43434. Signed-off-by: Martin Kühne <mysatyre@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05libalpm/signing: support EDDSA from gpgme 1.7.0Christian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05dload: use curl's keepalive mechanismDave Reisner
This does exactly the same thing as it code it replaces, but punt to curl to do it for brevity. Requires curl 7.25.0, which we already cover. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Represent bitfields as ints, not enumsIvy Foster
Many bitfield variables are declared to be enums, because they are generated using bitwise operations on enums such. However, their actual values aren't necessary members of their parent enum, so declaring them 'int' is more accurate. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Add ALPM_ERR_OK to _alpm_errno_tIvy Foster
This allows functions which return an _alpm_errno_t to always return a genuine _alpm_errno_t for consistency, even in cases where there are no errors. Since ALPM_ERR_OK = 0, their callers can still simply check 'err = some_fn(); if (!err) { ... }'. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Allow replacing libcrypto with libnettle in pacmanFlorian Weigelt
Add a --with-nettle configure option that directs pacman to use the libnettle hashing functions. Only one of the --with-libssl and --with-nettle configure options can be specified. [Allan: rewrote configure check] Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-12Use f_bavail for diskspace calculationsMartin Kühne
This should make pacman's behavior consistent with GNU coreutils df, as well as follow advice from affected filesystems' devs as well as `man statvfs`. This fixes FS#37402 Signed-off-by: Martin Kühne <mysatyre@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Remove SHA224 supportAllan McRae
This was included due to use of PolarSSL's implementation for our internal SHA2 support. As our internal checksum calculations are now removed, we can also remove this unused code path. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Remove internal md5 and sha2 implementationsAllan McRae
The internal implementations for md5 and sha256 checksums have not been merged from upstream sources for a long time. Instead of us carrying copies of code from other projects, we should just support building against multiple libraries that provide such functionality. This patch removes the md5 and sha2 code (originally obtained from PolarSSL) from our repository. The configure script will now error unless at least one library supporting checksum generation is present, with the only library currently supported being openssl. It will be relatively simple for other such libraries (e.g. nettle) to be supported if anyone wishes to add them. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Do not #define _RESERVED_IDENTIFIERSIvy Foster
Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Change type of count in be_syncRikard Falkeborn
Making it size_t matches the return value of alpm_list_count() and avoids the implicit cast to int. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Return boolean from db_populateRikard Falkeborn
Since the number of packages is not used anywhere, just return a boolean to avoid the implicit cast from size_t to int in be_local.c. Use 0 as success to be consistent with db_validate. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-20Fix gcc strict-overflow errorRikard Falkeborn
Recent gcc (tested with 6.2.1) produces the following error when compiling with both --enable-warningflags and --enable-debug. In particular, it seems it is the combination of GCC_STACK_PROTECT_LIB and -Wstrict-overflow=5 produces the error. be_local.c:609:4: error: assuming signed overflow does not occur when simplifying conditional [-Werror=strict-overflow] if(count > 0) { Fix this by changing the type of count from int to size_t, which is fine since count is never negative. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-09lib/libalpm/be_sync.c: Close memory leaks when mallocing while out of memoryIvy Foster
Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-03Fix memory leak in remove_notify_needed_optdependsAllan McRae
Also add pactest which captures this leak when run under valgrind. Reported-by: Sergey Petrenko Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-31Replace CURLOPT_PROGRESSFUNCTION with CURLOPT_XFERINFOFUNCTIONIvy Foster
Curl 7.32.0 added CURLOPT_XFERINFOFUNCTION, which deprecates CURLOPT_PROGRESSFUNCTION and means less casting doubles to size_ts for alpm. This change has no user-facing nor frontend-facing effects. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Normalize alpm download callback's frontend cb argumentsIvy Foster
When curl calls alpm's dlcb, alpm calls the frontend's cb with the following (dlsize, totalsize) arguments: 0, -1: initialize 0, 0: no change since last call x {x>0, x<y}, y {y>0}: data downloaded, total size known x {x>0}, x: download finished If total size is not known, do not call frontend cb (no change to original behavior); alpm's callback shouldn't be called if there is a download error. See agregory's original spec here: https://wiki.archlinux.org/index.php/User:Apg#download_callback Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Add newline to the end of error messages for signature format issuesAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30hook.c: replace fstatat with statAndrew Gregory
macOS < 10.10 do not provide fstatat. We were constructing the full path to the hook file for all other operations anyway, so there was no real benefit to using fstatat. Fixes FS#49771 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30hook.c: replace readdir_r with readdirAndrew Gregory
glibc 2.24 deprecates readdir_r. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Reject files larger than 16384 bytes in read_sigfile.Tobias Stoeckmann
If signature files are larger than SIZE_MAX, not enough memory could be allocated for this file. The script repo-add rejects files which are larger than 16384 bytes, therefore handle these as errors here, too. While at it, I also rearranged the code to avoid a quite harmless TOCTOU race condition between stat() and fopen(). Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Release resources on error paths.Tobias Stoeckmann
Some resources (memory or file descriptors) are not released on all error paths. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30Always use proper error code in alpm_initialize.Tobias Stoeckmann
In out of memory conditions, an undefined error value is written into *err, because myerr is never explicitly set in these cases. I have also converted a calloc into a MALLOC call, because the memory will be properly filled by the snprintf call right after it. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-08-30recursedeps: include cyclic dependenciesAndrew Gregory
Cyclic dependencies (A depends on B, B depends on A) were not selected because neither package could be removed individually, so can_remove_package would always return false for both. By preselecting all dependencies then filtering back out any dependencies still required by any packages that will not be uninstalled, groups of unneeded cyclic dependencies can be found. Fixes FS#41031 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Avoid logical OR duplication warning from gcc-6Allan McRae
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that the logical OR is being performed on two expressions of the same type. We can not get rid of this test in case any system defines these as unique values. Suggested-by: Dave Reisner Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05Prevent wrapping of enum itemsAllan McRae
GCC-6 points out that the value we use for the sentinal in enums is actually too large for the integer type. Reduce the bitshift by one to fix this. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-05-05fix spelling mistakesEric Engestrom
Signed-off-by: Eric Engestrom <eric@engestrom.ch> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26Use versions specified in optdependsAllan McRae
Checking install status and if a package is optionally required on removal now considers the version of the optdepend. Fixes FS#44957. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-26Consider provides when warning about optdepnd removalAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-23Regenerate translations for 5.0.1Allan McRae
2016-02-23Pull translation updates from TransifexAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-23make alpm_unlock and trans_interrupt async safeAndrew Gregory
RET_ERR calls _alpm_log which includes calls that are not safe for use in asynchronous signal handlers (see signal(7)). Replace it in functions called from our signal handlers with a new macro RET_ERR_ASYNC_SAFE which is identical except that it lacks the call to _alpm_log. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2016-02-23alpm_run_chroot: always connect parent2child pipeAndrew Gregory
Commit e374e6829cea3512f0b4a4069c5a6168f0f8d8a0 closed stdin before running scripts/hooks. This left the exec'd process with no file descriptor 0. If the process subsequently opened a file it would be assigned fd 0, and could potentially be confused for stdin. Connecting and immediately closing the parent2child pipe ensures that the child has an fd 0 and that it is empty. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-23ensure gpgdir has a trailing slashAndrew Gregory
init_gpgme checks for various paths under gpgdir by concatenating them directly, giving warning messages incorrectly if gpgdir does not end with '/'. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-23do not rely on localdb for hook matchingAndrew Gregory
Relying on localdb to determine which trigger operations should match is completely broken for PostTransaction hooks because the localdb has already been updated. Store a copy of the old version of any packages being updated to use instead. Fixes FS#47996 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-21only remove pacnew file if it is newAndrew Gregory
Check if we overwrote an exiting pacnew file before unlinking it. Otherwise, updating to a version with an unchanged file would delete existing pacnew files. FS#47993 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-20Log to file when running hooksOlivier Brunel
Useful if there's some output (to know where it comes from), or in case of failure. Signed-off-by: Olivier Brunel <jjk@jjacky.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-02-20Add the missing limits.h include to hook.cAlastair Hughes
PATH_MAX is only defined in limits.h in musl libc, so ensure that it is included. Presumably this is also required on other platforms. Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-01-30Update translationsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>