Commit Graph

1511 Commits

Author SHA1 Message Date
Duncan Overbruck
fbba38b006 lib/util_hash.c: add conditions to avoid misuse without asserts 2020-02-10 15:03:54 +01:00
Duncan Overbruck
d99aae586a lib/download.c: fix digestlen assert and add if condition to avoid misuse 2020-02-10 15:03:54 +01:00
Duncan Overbruck
2ef79bcc09
lib/util_hash.c: change asserts to allow at least X buffer length 2020-02-10 13:32:17 +01:00
Duncan Overbruck
9efa72f5c8
lib/package_config_files.c: use _get_cstring_nocopy for sha256_orig 2020-02-10 13:32:17 +01:00
Duncan Overbruck
0d90534236
libxbps: ABI/API break due to hash function changes 2020-02-10 13:32:17 +01:00
Duncan Overbruck
aa4d726dca
lib/package_register.c: make sure to error out if copy fails 2020-02-10 13:32:17 +01:00
Duncan Overbruck
dca2223cb7
lib/transaction_store.c: store a copy in transaction packages array
This fixes multiple use after frees, found with AddressSanitizers.

* xbps_package_register: the pkgdb dictionary is replaced with
  the new one.
* xbps_pkgdb_update: here the pkgdb is externalized, freed and
  internalized.
2020-02-10 13:32:14 +01:00
Juan RP
3eed9bca59
xbps_array_foreach_cb_multi: use PTHREAD_MUTEX_INITIALIZER.
We use defaults, no need to use pthread_mutex_init().
2020-02-10 09:14:50 +01:00
Juan RP
c460df6011
xbps_array_foreach_cb_multi: switch to a mutex.
There's no reason to use a spin lock.
2020-02-10 09:08:33 +01:00
Juan RP
835834ff73
xbps_repo_open: fix memleak in error paths. 2020-02-10 09:07:00 +01:00
Andreas Kempe
02c9cb11c4 configuration: add keepconf option
Add configuration option keepconf that stops xbps from overwriting
unchanged configuration files. If keepconf=true, xbps will store the new
configuration as <name>.new-<version> instead of overwriting unchanged
configuration files.
2020-02-08 21:06:04 +01:00
Juan RP
c4019aa923
xbps_transaction_files: fixed another memleak.
Thanks valgrind
2020-02-08 20:22:42 +01:00
Juan RP
2d7e3d7b1a
xbps_transaction_remove_pkg: fix a memleak.
Thanks valgrind
2020-02-08 20:12:11 +01:00
Juan RP
58217d412d
xbps_transaction_files: fix a memleak.
Thanks valgrind!
2020-02-08 20:08:03 +01:00
Juan RP
460515bf41
lib/util.c: add assertions everywhere. 2020-02-08 20:00:56 +01:00
Juan RP
6010a24de6 libxbps: ABI/API break due to xbps_pkg{,pattern}_name changes.
The funcs xbps_pkg_name() and xbps_pkgpattern_name() were
using malloc(3) to return the result, until now.

They now have been changed to not allocate the result
via malloc, the caller is responsible to provide a buffer
at least of XBPS_NAME_SIZE (64).

If for whatever reason the pkgname can't be guessed,
returns false. This should avoid lots of small allocs
around libxbps.

New functions have the following prototype:

bool xbps_pkg_name(char *dst, size_t len, const char *pkg)
bool xbps_pkgpattern_name(char *dst, size_t len, const char *pkg)

as suggested by @duncaen.
2020-02-08 19:49:57 +01:00
Juan RP
66bea965dc
xbps_register_pkg: switch to localtime_r(3).
lgtm suggested that localtime() is not reentrant,
so that we now use localtime_r() instead.

lgtm reports 0 alerts after this change, yay.
2020-02-08 13:34:57 +01:00
Juan RP
732a0e6bdf
alternatives: fixed replace_alternative_with_symlink test case.
Only 1 expected failure now!
2020-02-07 09:43:47 +01:00
Juan RP
94b56d7539
alternatives: do not remove symlinks if provider != target pkg.
This fixes the keep_provider_on_update test case, submitted
by @st3r4g via #219.

While checking for obsoletes make sure current provider
also matches the current target pkg.

Fixes #219
2020-02-07 09:16:57 +01:00
Juan RP
5b43614e80
libxbps: fixed regression introduced in 0.58.
While looking for dependencies, we need to check
if xbps_rpool_get_pkg() returned a suitable match;
and then validate its result.

This fixes the update_and_install test case that
was reverted via #218.
2020-02-03 09:19:54 +01:00
Duncan Overbruck
8637269b38
lib/transaction_revdeps.c: fix provides/replaces #218
This reverts a change that solved another issue and marks the test case
for the other issue as expected failure.

The other issue is not as important as this, as it blocks updating a lot
of systems.
2020-01-31 16:32:44 +01:00
Duncan Overbruck
57675c7dfc
lib/fetch: fix CVE-2020-7450
https://www.freebsd.org/security/advisories/FreeBSD-SA-20:01.libfetch.asc
2020-01-28 20:29:39 +01:00
Juan RP
40dd4deb4d
unpack: really skip current data on archive with noextract. 2020-01-26 10:35:40 +01:00
Juan RP
8a0c3032b7
xbps_find_pkg_orphans: improvements.
While checking for orphans in automatic mode (xbps-query -O,
xbps-remove -o) there's no need to generate a fulldeptree...
instead we need to iterate against pkgdb until no more orphans
are found.

See https://github.com/void-linux/xbps/issues/156#issuecomment-578473222

Also add some debugging that helped me to catch the issue
easily.

Closes #156
2020-01-26 07:40:25 +01:00
Juan RP
ead62bdc7c
xbps_remove_pkg: make sure pkgver is valid before use.
pkgver might contain garbage due to removal of
its ancestor object (the pkg dictionary).
2020-01-25 13:58:00 +01:00
Juan RP
6e6a9294a7
xbps-install: fix for -D foo (anything else than xbps). 2020-01-25 13:44:46 +01:00
Juan RP
bda4452016
xbps-install: improved -D,--download-only support.
Added support to download all dependencies even
if the euid does not have write perms to rootdir.

In this mode we only care if cachedir is writable,
rootdir access is not necessary.

This is really useful to download all binary packages
required by any number of packages as any regular
user to later perform off-line installations, i.e:

```
$ xbps-install -c $PWD/cachedir -yD xbps
...
$ tree cachedir
cachedir/
├── acl-2.2.53_1.x86_64-musl.xbps
├── acl-2.2.53_1.x86_64-musl.xbps.sig
├── attr-2.4.48_1.x86_64-musl.xbps
├── attr-2.4.48_1.x86_64-musl.xbps.sig
├── bzip2-1.0.8_1.x86_64-musl.xbps
├── bzip2-1.0.8_1.x86_64-musl.xbps.sig
├── ca-certificates-20190110_1.noarch.xbps
├── ca-certificates-20190110_1.noarch.xbps.sig
├── libarchive-3.4.1_1.x86_64-musl.xbps
├── libarchive-3.4.1_1.x86_64-musl.xbps.sig
├── libcrypto45-3.0.2_2.x86_64-musl.xbps
├── libcrypto45-3.0.2_2.x86_64-musl.xbps.sig
├── liblz4-1.9.2_1.x86_64-musl.xbps
├── liblz4-1.9.2_1.x86_64-musl.xbps.sig
├── liblzma-5.2.4_2.x86_64-musl.xbps
├── liblzma-5.2.4_2.x86_64-musl.xbps.sig
├── libressl-3.0.2_2.x86_64-musl.xbps
├── libressl-3.0.2_2.x86_64-musl.xbps.sig
├── libssl47-3.0.2_2.x86_64-musl.xbps
├── libssl47-3.0.2_2.x86_64-musl.xbps.sig
├── libtls19-3.0.2_2.x86_64-musl.xbps
├── libtls19-3.0.2_2.x86_64-musl.xbps.sig
├── libxbps-0.57.1_8.x86_64-musl.xbps
├── libxbps-0.57.1_8.x86_64-musl.xbps.sig
├── libzstd-1.4.4_1.x86_64-musl.xbps
├── libzstd-1.4.4_1.x86_64-musl.xbps.sig
├── musl-1.1.24_1.x86_64-musl.xbps
├── musl-1.1.24_1.x86_64-musl.xbps.sig
├── run-parts-4.9.1_1.x86_64-musl.xbps
├── run-parts-4.9.1_1.x86_64-musl.xbps.sig
├── xbps-0.57.1_8.x86_64-musl.xbps
├── xbps-0.57.1_8.x86_64-musl.xbps.sig
├── xbps-triggers-0.113_3.noarch.xbps
├── xbps-triggers-0.113_3.noarch.xbps.sig
├── zlib-1.2.11_3.x86_64-musl.xbps
└── zlib-1.2.11_3.x86_64-musl.xbps.sig

0 directories, 36 files
$
```

Inpired by #213
Closes #213
2020-01-25 13:05:46 +01:00
Juan RP
ed5e481e77
xbps_transaction_package_replace: fix condition 2020-01-25 11:21:37 +01:00
Juan RP
a29f4709d0
xbps_transaction_package_replace: ignore pkgs on hold. 2020-01-25 11:19:54 +01:00
Juan RP
31a8dd15d0
xbps_transaction_revdeps: simplify 2020-01-25 11:09:03 +01:00
Juan RP
c6e0af44e8 xbps_transaction_shlibs: better interaction with on hold pkgs.
pkgs that are on hold mode should be ignored while collecting
required shlibs (shlib-requires).

Fixes #215
2020-01-25 10:23:06 +01:00
Duncan Overbruck
013177cec3
lib/download.c: fix digest for continued downloads 2020-01-18 16:33:58 +01:00
Duncan Overbruck
6794077efd
Add noextract configuration option
Closes #208
Fixes #165
2020-01-18 15:51:13 +01:00
Juan RP
ef9260a16e
libxbps: fix for vpkg providers in multiple repos.
Added new test case by @st3r4g via #206

Closes #206
2020-01-18 12:50:59 +01:00
Juan RP
5ff3ab5c60
transaction_revdeps: do not skip pkgs that are being updated.
Modified the test case with changes by @duncaen.

Closes #205
2020-01-18 08:58:54 +01:00
Juan RP
feece576b3
xbps_dbg_printf{,_append}: return if xhp is NULL.
assert() here was totally wrong, better to catch
this in all cases (NDEBUG does not change the behaviour).
2020-01-11 09:48:38 +01:00
Piotr Wójcik
6cf1555398 Revert "libxbps: verify repodata signatures even if rootdir is unset."
This reverts commit be05118aa8.
2020-01-06 15:33:25 +01:00
Juan RP
615b6ce7e9
xbps_repo_fetch_remote: use XBPS_REPOIDX_META. 2020-01-06 15:09:16 +01:00
Juan RP
850ba2d416
Revert the repodata signature stuff. 2020-01-06 14:56:01 +01:00
Juan RP
79321f3ff0
Revert "Verify index-meta for in-memory sync"
This reverts commit a1481cb285.
2020-01-06 14:52:06 +01:00
Juan RP
e04cb2fa24
Revert "Read also unsigned index-meta"
This reverts commit 61ef5c3f8a.
2020-01-06 14:50:32 +01:00
Juan RP
8b2c62adfc
Revert "Verify index-meta"
This reverts commit 09125769bd.
2020-01-06 14:48:39 +01:00
Juan RP
2884fc3ab7
Revert "Don't assume repodata is signed when has index-meta.plist"
This reverts commit 4e3d4d2287.
2020-01-06 14:45:57 +01:00
Juan RP
5f1f87eeb8
Revert "Use predefined constant in place of magic string"
This reverts commit ce4873a1f1.
2020-01-06 14:34:22 +01:00
Juan RP
d2208f91e0
Revert "Verify repodata signature"
This reverts commit a7830cf780.
2020-01-06 14:33:49 +01:00
Juan RP
b4fdc39e67
Revert "Sign repodata"
This reverts commit 04194f44c8.
2020-01-06 14:31:40 +01:00
Juan RP
d5e91cb7d8
xbps_transaction_store: fix memleak. 2020-01-06 12:47:13 +01:00
Juan RP
802a6eae09
xbps_dbg_printf{,_append}: add assertion 2020-01-06 12:10:47 +01:00
Juan RP
10075c28e5
libxbps: ignore indirect broken revdeps while updating xbps.
This fixes the long standing issue that has been a plague for
a long time.

See the test case for more information.
2020-01-04 13:01:28 +01:00
Juan RP
d68ff7ebf0
xbps-install: fix --reproducable.
The 'repository' obj also needs to be skipped to be fully
reproducable between different repositories.

Updated the test case accordingly.
2019-12-29 16:31:23 +01:00