summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-01-11Support new OpenPGP format packets lengthsAllan McRae
RFC 4880 defines two packet formats for OpenPGP. Pacman aborted its key in keyring check with an error message if it encountered the new format. This was fine until some annoying Arch Trusted User generated a key using the new format! Implement the new format. This also required parsing the hashed sub packets. requiring the parsing code to moved to its own function. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10add missing newline to debug messageAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10detect pkghash allocation failureAndrew Gregory
If rehash ever failed with a full hash it would return the old hash that is already full. get_hash_position would then loop forever because it would never find an empty bucket. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-10Do not continuously try to open an invalid databaseAllan McRae
If you manage to download a bad database (e.g. an html file when behind a proxy or with a badly configured webserver), pacman makes sure you know about it. Here is some example output: error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format error: could not open file /var/lib/pacman/sync/extra.db: Unrecognized archive format I don't know how many times that gets printed because it goes beyond my scrollback buffer. Flag a database that we can "open" and "fstat" but not read from as invalid to avoid this. Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06do not rely on name hashes for matchingAndrew Gregory
6cfc4757b98e813428d261dbc185e20618ca83a6 was overzealous in attempting to optimize away a call to strcmp based on a comparison of hashes. The call can be skipped if the hashes are different, but different strings could have the same hash. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06dload: ensure callback is always initialized onceAndrew Gregory
Frontends rely on an initialization call for setup between downloads. Checking for intialization after checking for a completed download can skip initialization in cases where files are small enough to be downloaded all at once (FS#56408). Relying on previous download size can result in multiple initializations if there are multiple non-transfer events prior to the download starting (fS#56468). Introduce a new cb_initialized variable to the payload struct and use it to ensure that the callback is initialized exactly once prior to any actual events. Fixes FS#56408, FS#56468 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2018-01-06avoid printing NULL stringAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-12-07Fix CVE-2016-5434 (DoS/loop and out of boundary read)Nils Freydank
This is a rewrite of Tobias Stoeckmann’s patch from June 2016[1] using functions instead of macros. (Thanks to Tobias for explanations of his patch.) A short question on Freenode IRC showed that macros are generally discouraged and functions should be used. The patch introduces a static size_t length_check() in libalpm/signing.c. [1] Original patch: https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html CVE request (and assignment): http://seclists.org/oss-sec/2016/q2/526 Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-28Fix brace coding style issuesMichael Straube
- Add missing braces to one-line if blocks - Move opening brace to line end Signed-off-by: Michael Straube <straubem@gmx.de>
2017-07-06alpm_list: abort on memory allocation failureAndrew Gregory
This makes it possible to detect a failure in several alpm_list functions. Previously these functions would continue after a failure, returning partial results and potentially leaking memory. Unfortunately, NULL is a valid return value for the affected functions if the input list is empty, so they still do not have a dedicated error value. Callers can at least detect an error by checking if the input list was empty. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-07-06fix typo in libalpm commentChristian Hesse
contatenate -> concatenate Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-16alpm_unlock: check handle before dereferencingAndrew Gregory
Prevents SIGSEGV if we catch SIGINT or SIGHUP before initializing alpm. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08free memory for --overwrite listsAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-05-08be_sync: error out if a db cannot be parsedAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-16run_chroot: label pipe endpoints for readabilityAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16use sockets for scriptlet/hook communicationAndrew Gregory
If a scriptlet/hook dies at the wrong moment it can trigger SIGPIPE, terminating the process. For pipes, there is no way to prevent SIGPIPE other than ignoring it process-wide. This can have unintended consequences in a multi-threaded process. Using send(2) with sockets, however, allows ignoring SIGPIPE on a per-call basis, leaving other threads able to make use of SIGPIPE. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16conflict: include owner for filesystem conflictsAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16unlink_file: strip trailing slashesAndrew Gregory
If the user replaces a directory with a symlink, libalpm would get confused because the trailing slash causes system calls to resolve the symlink. This leads to errors and a misleading message during upgrades. Even though libalpm does not support this, it should not be giving misleading errors. Also adds an overflow check. Fixes FS#51377 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: rename vptr -> iAndrew Gregory
vptr is a simple list iterator, which are typically named i. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: rename found -> switched_to_childAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16sortbydeps: factor out dep cycle warningAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16graph.h: rename childptr -> iteratorAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-16graph.h: replace hardcoded values with an enumAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2017-04-12add --overwrite option to ignore file conflictsAndrew Gregory
Allows for safer, more fine-grained control for overwriting files than --force's all-or-nothing approach. Implements FS#31549. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-12libalpm: Use archive_read_extract2Armin K
archive_read_extract() forces resolution of uid/gid to names when extracting the tarball. This can lead to wrong file ownership when using pacman with -r option and when uid/gid differ in the host and in the chroot. archive_read_extract2() uses uid's and gid's only. See also: https://lists.archlinux.org/pipermail/pacman-dev/2017-March/021912.html Signed-off-by: Armin K <krejzi@email.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04add alpm_list_append_strdupAndrew Gregory
Makes error detection and handling easier for a common operation. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-04-04Ignore comments in INSTALL files (FS#51916)Michael Straube
If a comment in an INSTALL file contains the name of a valid INSTALL file function but the function itself is not present, pacman tries to execute that function. That leads to an error. Ignore comments in the grep function in libalpm/trans.c to avoid such errors. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-13Introduce a 'disable-download-timeout' optionChristian Hesse
Add command line option ('--disable-download-timeout') and config file option ('DisableDownloadTimeout') to disable defaults for low speed limit and timeout on downloads. Use this if you have issues downloading files with proxy and/or security gateway. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04alpm_fetch_pkgurl: fix memory leakAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Fix memory leak in alpm_pkg_checkmd5sumAllan McRae
Also remove redundant additional return path. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Add alpm_pkg_get_makedepends and alpm_pkg_get_checkdependsMark Weiman
makepkg adds makedepends and checkdepends to a package's .PKGINFO file. Add functions that allow use of these from libalpm. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04filelist_sort: check if filelist is presortedAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04add _alpm_filelist_sortAndrew Gregory
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04find_fileconflicts: rename tmpfiles -> newfilesAndrew Gregory
The files belong to the new version of a package being installed, they are not temporary in any way. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04conflict: skip dir children when replacing a fileAndrew Gregory
When replacing a file with a directory, any files under that directory do not need to be checked for conflicts. This prevents possible false-positive conflicts where the file being replaced is a symlink. We were already skipping the directory children when the file was owned by the previous version of a package being upgraded. This extends that to other packages being removed. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04dload: s/CURLOPT_WRITEHEADER/CURLOPT_HEADERDATA/Dave Reisner
The former is really old, and should be avoided. Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04extract db files with dbonlyAndrew Gregory
Some database files (install, mtree, and changelog) are extracted directly from the package, but DBONLY was skipping extraction altogether, causing those files to be missing after the transaction. Fixes #52052 Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2017-01-04Update copyright yearsAllan McRae
Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05be_local: remove unused error returnAndrew Gregory
LAZY_LOAD has completely ignored the errret value since commit 307a6de17a3bca9f8666b33aa3fb9a8dd88c300b in 2011. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05Parametrise the different ways in which the payload is resetMartin Kühne
In FS#43434, Downloads which fail and are restarted on a different server will resume and may display a negative download speed. The payload's progress in libalpm was not properly reset which ultimately caused terminal noise because the line width calculation assumes positive download speeds. This patch fixes the incomplete reset of the payload by mimicing what be_sync.c:alpm_db_update() does over in sync.c:download_single_file(). The new dload.c:_alpm_dload_payload_reset_for_retry() extends beyond the current behavior by updating initial_size and prevprogress for this case. This makes pacman reset the progress properly in the next invocation of the callback and display positive download speeds. Fixes FS#43434. Signed-off-by: Martin Kühne <mysatyre@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05libalpm/signing: support EDDSA from gpgme 1.7.0Christian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-12-05dload: use curl's keepalive mechanismDave Reisner
This does exactly the same thing as it code it replaces, but punt to curl to do it for brevity. Requires curl 7.25.0, which we already cover. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Represent bitfields as ints, not enumsIvy Foster
Many bitfield variables are declared to be enums, because they are generated using bitwise operations on enums such. However, their actual values aren't necessary members of their parent enum, so declaring them 'int' is more accurate. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Add ALPM_ERR_OK to _alpm_errno_tIvy Foster
This allows functions which return an _alpm_errno_t to always return a genuine _alpm_errno_t for consistency, even in cases where there are no errors. Since ALPM_ERR_OK = 0, their callers can still simply check 'err = some_fn(); if (!err) { ... }'. Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-22Allow replacing libcrypto with libnettle in pacmanFlorian Weigelt
Add a --with-nettle configure option that directs pacman to use the libnettle hashing functions. Only one of the --with-libssl and --with-nettle configure options can be specified. [Allan: rewrote configure check] Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-12Use f_bavail for diskspace calculationsMartin Kühne
This should make pacman's behavior consistent with GNU coreutils df, as well as follow advice from affected filesystems' devs as well as `man statvfs`. This fixes FS#37402 Signed-off-by: Martin Kühne <mysatyre@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Remove SHA224 supportAllan McRae
This was included due to use of PolarSSL's implementation for our internal SHA2 support. As our internal checksum calculations are now removed, we can also remove this unused code path. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-10-10Remove internal md5 and sha2 implementationsAllan McRae
The internal implementations for md5 and sha256 checksums have not been merged from upstream sources for a long time. Instead of us carrying copies of code from other projects, we should just support building against multiple libraries that provide such functionality. This patch removes the md5 and sha2 code (originally obtained from PolarSSL) from our repository. The configure script will now error unless at least one library supporting checksum generation is present, with the only library currently supported being openssl. It will be relatively simple for other such libraries (e.g. nettle) to be supported if anyone wishes to add them. Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Do not #define _RESERVED_IDENTIFIERSIvy Foster
Signed-off-by: Ivy Foster <ivy.foster@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2016-09-25Change type of count in be_syncRikard Falkeborn
Making it size_t matches the return value of alpm_list_count() and avoids the implicit cast to int. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>