Commit Graph

2948 Commits

Author SHA1 Message Date
Michael Gehring 4aae026615 lib/package_unpack.c: verify signed pkgver matches
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(https://github.com/voidlinux/xbps/blob/1670ff000d1cc8b073dd93542e16b9c1c496bb9a/lib/package_unpack.c#L123)
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
2017-07-09 12:46:01 +00:00
Juan RP 66c6331689 NEWS: sync 2017-02-19 02:54:00 +01:00
Juan RP 1670ff000d Merge pull request #206 from Duncaen/memleak
fix some some memory leaks
2017-02-19 02:46:50 +01:00
Juan RP a7f2080367 Merge pull request #198 from roman-neuhauser/package-modes
xbps-pkgdb(1), xbps-install(1), xbps-remove(1): extend discussion of package modes
2017-02-19 02:45:58 +01:00
Juan RP 956ec93f45 Merge pull request #202 from ebfe/list-repolock
bin/xbps-query: add --list-repolock-pkgs
2017-02-19 02:45:51 +01:00
Juan RP a53bcef00b Merge pull request #196 from Duncaen/xbps-uchroot
xbps-uchroot: umount chroot mounts
2017-02-19 02:44:43 +01:00
ojab e8c1ae96ae Fix -l flags order in feature detection 2017-01-02 18:39:23 +01:00
Alain Kalker 69a5ee2c1b xbps-checkvers.1: fix incorrect double negative (#219) 2016-12-25 21:21:28 +01:00
Christian Neukirchen c255ede2ca _xbps: add run_depends to _xbps_properties. 2016-11-22 17:04:24 +01:00
Christian Neukirchen 392d686f07 _xbps: add alternatives and build-date to _xbps_properties. 2016-11-22 16:58:02 +01:00
Josh de Kock 21492ca1bf configure: check for --no-as-needed before using (#217) 2016-11-04 07:49:48 +01:00
Enno Boland c3068808a2 Merge pull request #211 from ebfe/flush-progress
bin/xbps-install/fetch_cb.c: flush stdout when printing progress
2016-10-18 13:05:42 +02:00
Michael Gehring 2984d6a5ec bin/xbps-install/fetch_cb.c: flush stdout when printing progress 2016-10-05 20:18:43 +02:00
Duncaen cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Duncaen 797796e086 lib/transaction_shlibs.c: fix memleak 2016-09-25 21:47:40 +02:00
Duncaen 4797dee468 lib/package_configure.c: fix memleak 2016-09-25 21:27:46 +02:00
Duncaen 81673d69c7 bin/xbps-rindex: fix memleaks in index_add 2016-09-25 21:27:38 +02:00
Roman Neuhauser d0b4089e6e xbps-install(1), xbps-remove(1) point to xbps-pkgdb(1)
... from descriptions of -A and -u (xbps-install) and -o (xbps-remove).
2016-09-21 14:56:17 +02:00
Roman Neuhauser 025b133025 xbps-pkgdb(1): extend discussion of package modes
description of implications of the various modes was scattered across
xbps-pkgdb(1), xbps-install(1), xbps-remove(1).
2016-09-21 14:56:17 +02:00
Michael Gehring 3dce6ab1ed bin/xbps-query: add --list-repolock-pkgs 2016-09-21 14:11:04 +02:00
Duncaen 414256292a bin/xbps-uchroot: mount / as private 2016-09-20 17:45:56 +02:00
Duncaen bc5b38218a bin/xbps-uchroot: call clone only once if its successful 2016-09-20 17:39:13 +02:00
Christian Neukirchen 7d06fb0e71 _xbps, _xbps-src: add aarch64 completion. 2016-09-17 17:37:04 +02:00
Enno Boland 7967efc1e0 xbps-install: do not fail on update if any of the provided packages are up to date.
addresses #194
2016-09-14 18:12:54 +02:00
Enno Boland 1ffac73f54 Merge pull request #192 from jantatje/clean-cache-dry-run
xbps-remove: fix --dry-run for --clean-cache
2016-09-07 22:03:28 +02:00
Jan Tatje 46be602e28 xbps-remove: fix --dry-run for --clean-cache
`xbps-remove --clean-cache --dry-run` did not consider the
--dry-run flag, this has been fixed.
2016-09-07 21:56:01 +02:00
Juan RP e4907adfe7 Merge pull request #187 from weakish/free-space-message
Change free space message to avoid ambiguity.
2016-09-07 07:49:12 +02:00
Juan RP b0c5be169a Merge pull request #193 from Duncaen/alternatives
xbps-alternativs fixes and more
2016-09-07 07:47:12 +02:00
Duncaen 3b04602cc6 lib/package_alternatives.c: cleanup create_symlinks 2016-09-05 16:03:41 +02:00
Duncaen dd7a0d073b lib/package_alternatives.c: remove previous symlinks 2016-09-05 02:03:30 +02:00
Enno Boland 2aa538bf35 Merge pull request #191 from Duncaen/socks5
lib/fetch: add socks5 support
2016-09-03 09:44:46 +02:00
Duncaen 08b9ed878f lib/fetch: default port, error checks and authentication support 2016-09-02 17:50:05 +02:00
Duncaen 30ace44394 lib/fetch: add socks5 support 2016-09-01 00:38:55 +02:00
Michael Gehring 3a1892028a xbps-checkvers: fix build with glibc-2.24 (#188) 2016-08-15 12:44:25 +02:00
Jakukyo Friel 4e2823ffa5 Change free space message to avoid ambiguity.
`xbps-install` will report free space available on disk wording:

> Free space on disk: ...

'free' above is supposed to be  an adjective.
But 'free' can also be a verb,
thus the above message can be interpreted as free some space on disk.

'Free' is now changed to 'Available' to avoid ambiguity.
2016-08-11 21:04:28 +08:00
Andrea Brancaleoni 03d29f64b8 bin/xbps-uchroot: add docker support (#176) 2016-07-17 20:41:12 +02:00
Juan RP 9046727301 xbps-uhelper: fix a warning reported by clang-3.8.1. 2016-07-17 11:34:39 +02:00
Juan RP 0cff982e7b xbps-rindex/sign: simplify. 2016-07-13 08:37:04 +02:00
Enno Boland 8030f47626 Merge pull request #186 from Gottox/fix-185
lib/fetch/http.c: send proxy auth on https as connect header.
2016-07-08 17:24:01 +02:00
Enno Boland 648e48a481 Update NEWS 2016-07-08 10:10:55 +02:00
Enno Boland 934a59ecd9 lib/fetch/http.c: send proxy auth on https as connect header.
fixes #185
2016-07-08 08:24:14 +02:00
Enno Boland f196abb207 Merge pull request #183 from Gottox/avoid_mmap
Avoid mmap
2016-06-20 13:49:18 +02:00
Enno Boland 842ac7c97e lib/util_hash.c: fix memleak. 2016-06-20 10:03:49 +02:00
Enno Boland 35fa3b5808 xbps-create: remove mmap to load files to archive. 2016-06-17 17:10:10 +02:00
Enno Boland 30d1d0f607 util_hash.c: void return value 2016-06-17 17:03:43 +02:00
Enno Boland cb94ffe1c0 util_hash.c: fail on negative result code of read. 2016-06-17 17:03:43 +02:00
Enno Boland f0f15304e1 update NEWS 2016-06-17 13:05:49 +02:00
Enno Boland b55ffeceae lib/util_hash.c: write directly to malloced string instead if coping it over 2016-06-16 07:00:08 +02:00
Enno Boland df97be6a54 lib/verifysig.c: use xbps_file_hash_raw()
instead of mmap'ing the source file, xbps_file_hash_raw is used
to generate a digest of the file.
2016-06-16 06:51:10 +02:00
Enno Boland 7ce66edc57 lib/util_hash.c: add xbps_file_hash_raw method
this function does not mmap the target file and therefore
avoids out of memory exceptions on 32bit systems.
2016-06-16 06:51:10 +02:00