emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,948 Commits 1 Branch 0 Tags 11 MiB
4aae026615
Commit Graph

1296 Commits

Author SHA1 Message Date
Michael Gehring
4aae026615 lib/package_unpack.c: verify signed pkgver matches 
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
 2017-07-09 12:46:01 +00:00
Duncaen
cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Duncaen
797796e086 lib/transaction_shlibs.c: fix memleak 2016-09-25 21:47:40 +02:00
Duncaen
4797dee468 lib/package_configure.c: fix memleak 2016-09-25 21:27:46 +02:00
Duncaen
3b04602cc6 lib/package_alternatives.c: cleanup create_symlinks 2016-09-05 16:03:41 +02:00
Duncaen
dd7a0d073b lib/package_alternatives.c: remove previous symlinks 2016-09-05 02:03:30 +02:00
Duncaen
08b9ed878f lib/fetch: default port, error checks and authentication support 2016-09-02 17:50:05 +02:00
Duncaen
30ace44394 lib/fetch: add socks5 support 2016-09-01 00:38:55 +02:00
Enno Boland
934a59ecd9 lib/fetch/http.c: send proxy auth on https as connect header. 
fixes #185
 2016-07-08 08:24:14 +02:00
Enno Boland
842ac7c97e lib/util_hash.c: fix memleak. 2016-06-20 10:03:49 +02:00
Enno Boland
30d1d0f607 util_hash.c: void return value 2016-06-17 17:03:43 +02:00
Enno Boland
cb94ffe1c0 util_hash.c: fail on negative result code of read. 2016-06-17 17:03:43 +02:00
Enno Boland
b55ffeceae lib/util_hash.c: write directly to malloced string instead if coping it over 2016-06-16 07:00:08 +02:00
Enno Boland
df97be6a54 lib/verifysig.c: use xbps_file_hash_raw() 
instead of mmap'ing the source file, xbps_file_hash_raw is used
to generate a digest of the file.
 2016-06-16 06:51:10 +02:00
Enno Boland
7ce66edc57 lib/util_hash.c: add xbps_file_hash_raw method 
this function does not mmap the target file and therefore
avoids out of memory exceptions on 32bit systems.
 2016-06-16 06:51:10 +02:00
Enno Boland
0b96156b5e Merge pull request #174 from ebfe/stage-leak 
lib/repo: plug stage repo mem leak
 2016-06-04 07:48:39 +02:00
Michael Gehring
46744c412d lib/fetch/common.c: fix build with -Werror=misleading-indentation 
Fixes #179
 2016-06-03 20:26:52 +02:00
Michael Gehring
2d6e865d00 lib/repo: plug stage repo mem leak 2016-05-04 09:46:14 +02:00
Enno Boland
7c8b1d7aaa lib/fetch/http.c: HTTP CONNECT needs two \r\ns 2016-04-27 11:04:14 +02:00
Enno Boland
3a5c1f3a71 lib/fetch/http.c: fix EOL at HTTP CONNECT 
fixes #172.
 2016-04-26 13:59:49 +02:00
Juan RP
adcc6d16a4 lib/fetch/common.c: simplify ssl_init(). 2016-04-24 19:20:54 +02:00
Michael Gehring
793de8399c lib: dont call EVP_cleanup in fp2str 
Calling EVP_cleanup here undoes initialization already done in
lib/fetch/common.c ssl_init() causing subsequent attempts to call
SSL_CTX_new() to fail. Which ultimately is the root cause for #170.

Fixes #170
 2016-04-24 16:40:25 +02:00
Juan RP
eb3d227d61 lib/fetch: check that SSL_CTX_new() does not fail and print its errors (#170). 
Thanks @ebfe.
 2016-04-24 08:42:32 +02:00
Juan RP
b810c25601 lib/fetch/common.c: dup pthread.h inclusion. 2016-04-23 07:04:25 +02:00
Juan RP
e2e8eea490 lib/fetch: also call SSL_load_error_strings() once (#167). 
Close #168
 2016-04-22 11:38:01 +02:00
Juan RP
228a89d51e Use pthread_once(3) to initialize openssl/libressl just once. 
Fixes openssl initialization concurrently by multiple threads.
Close #167
 2016-04-22 11:32:34 +02:00
Juan RP
2434b90d6e libxbps: use xbps_strlc{at,py} everywhere. 2016-04-17 20:17:37 +02:00
Juan RP
048668b0fe xbps_transaction_shlibs: for providers also print its pkgver obj. 2016-04-17 17:54:49 +02:00
Michael Gehring
530149d90d lib/portableproplib: fix various oob reads/segfaults 
Applies the following patches from NetBSD:

http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object.c?rev=1.30&content-type=text/x-cvsweb-markup
http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object_impl.h?rev=1.31.12.1&content-type=text/x-cvsweb-markup
 2016-04-07 15:07:11 +02:00
Michael Gehring
51511231bf lib/repo.c: fix potential null pointer deref 2016-04-07 02:15:49 +02:00
Juan RP
35ad10ccbd Fix 29765271e correctly. 
xbps_find_virtualpkg_in_conf() needs to look at the vpkgs set up in
configuration files, not from those set by pkgdb.

As a result of this the two test cases that were failing yesterday are now
fixed.
 2016-03-24 10:23:20 +01:00
Enno Boland
fa635399f0 Merge pull request #156 from Gottox/atomic-rindex-a 
xbps-rindex: check for consistent shlibs
 2016-03-24 07:11:53 +01:00
Juan RP
29765271e9 xbps.d(5): 'virtualpkg' can now be used to map any pkg to another. 
See NEWS for more information.
 2016-03-23 12:46:52 +01:00
Enno Boland
4d1ee3b01d xbps-rindex: check for consistent shlibs 
When adding packages to the index, xbps-rindex will check if the
consistency of shlibs is broken by a package. If so, rindex will create
a stage file and commit the packages there. Once the consistency is restored,
rindex -a will commit the stage area back to the public repo and delete the
stage file.
 2016-03-21 08:31:18 +01:00
Enno Boland
897ac238c4 Revert "xbps-rindex: check for consistent shlibs" 
This reverts commit 5f4e1ad43e which was
accidently checked in in the master branch.
 2016-03-20 21:40:22 +01:00
Enno Boland
5f4e1ad43e xbps-rindex: check for consistent shlibs 
When adding packages to the index, xbps-rindex will check if the
consistency of shlibs is broken by a package. If so, rindex will create
a stage repository and commit the packages there. Once the consistency
is restored, rindex -a will commit the stage area back to the public
repo and delete the stage file.
 2016-03-20 21:36:30 +01:00
Michael Gehring
3bfc7b5e6d alternatives: fix dirname() buffer reuse 2016-02-08 15:10:07 +01:00
Michael Gehring
ab0d5c847d libxbps: define _WITH_GETLINE for FreeBSD 2016-02-08 15:09:58 +01:00
Michael Gehring
618e504d30 actually use HAVE_FDATASYNC 2016-02-08 15:09:43 +01:00
Michael Gehring
0f56b68eac add HAVE_STRNSTR 2016-02-08 15:09:33 +01:00
Juan RP
041708f643 Revert "Execute pkg scripts via posix_spawn(3)." 
This reverts commit e33f6354c3.

@Gottox pointed out why this won't work.
 2016-02-06 10:56:32 +01:00
Juan RP
2130d5daa6 proplib/prop_data: avoid 0 sized allocation reported by clang-analyzer. 2016-02-06 09:41:27 +01:00
Juan RP
42994ada07 Fix xbps_dbg_printf arguments by using __attribute__((format, printf)). 
Patch provided by Michael Ghering in #148.

Close #148
 2016-02-06 09:13:38 +01:00
Juan RP
067687ce28 libxbps: ignore updates for pkgs with held deps. Close #143 2016-02-06 09:03:54 +01:00
Juan RP
e33f6354c3 Execute pkg scripts via posix_spawn(3). 2016-02-04 11:39:02 +01:00
Juan RP
91067c0547 xbps_symlink_target: fix bug introduced in b81b9ab. 2016-02-04 09:55:46 +01:00
Juan RP
1e733f4daa lib/util: fix a memleak detected by clang-analyzer. 2016-02-03 11:52:07 +01:00
Juan RP
f5f25a5ff4 xbps_symlink_target: fix a double free. 2016-02-02 11:51:26 +01:00
Juan RP
430a25f422 libxbps: execute pkg scripts with /bin/sh directly. 
The pkg INSTALL/REMOVE scripts do not need to have the executable
bit set anymore, thus /tmp can be mounted with 'noexec' from now on.

GH #149
 2016-02-02 11:28:48 +01:00
Juan RP
b81b9ab379 xbps_symlink_target: fix bb977c7 (v3). 2016-02-02 11:08:05 +01:00