xbps/lib
Michael Gehring 4aae026615 lib/package_unpack.c: verify signed pkgver matches
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
2017-07-09 12:46:01 +00:00
..
compat lib/compat/vasprintf.c: make this build and fix sign-compare warnings. 2013-02-02 01:31:20 +01:00
external libxbps: use xbps_strlc{at,py} everywhere. 2016-04-17 20:17:37 +02:00
fetch lib/fetch: default port, error checks and authentication support 2016-09-02 17:50:05 +02:00
portableproplib lib/portableproplib: fix various oob reads/segfaults 2016-04-07 15:07:11 +02:00
archive.c xbps-create(1): timestamps of metadata files are now set to epoch. 2015-09-03 11:12:49 +02:00
cb_util.c Remove the config.h kludge and override vasprintf detection via HAVE_VASPRINTF. 2014-01-20 18:50:33 +01:00
download.c libxbps: use xbps_strlc{at,py} everywhere. 2016-04-17 20:17:37 +02:00
initend.c libxbps: use xbps_strlc{at,py} everywhere. 2016-04-17 20:17:37 +02:00
Makefile Implemented reverse conflicts for pkgs in pkgdb and transaction. 2015-10-28 05:23:42 +01:00
package_alternatives.c lib/package_alternatives.c: cleanup create_symlinks 2016-09-05 16:03:41 +02:00
package_config_files.c Fix xbps_dbg_printf arguments by using __attribute__((format, printf)). 2016-02-06 09:13:38 +01:00
package_configure.c lib/package_configure.c: fix memleak 2016-09-25 21:27:46 +02:00
package_find_obsoletes.c Keep /usr/sbin if found as obsolete, it's a symlink in void. 2015-06-05 08:29:05 +02:00
package_fulldeptree.c xbps_get_pkg_fulldeptree: detect pkgs depending on itself via virtual pkgs. 2015-03-20 08:03:06 +01:00
package_msg.c lib/package_msg.c: fix a heap overflow (noticed by @Gottox). 2014-09-16 09:13:32 +02:00
package_orphans.c xbps-remove: fix #95 (xbps-remove -R pkg lists/removes orphans) 2015-05-06 17:21:13 +02:00
package_register.c Remove empty self replaced pkg arrays from pkgdb. 2014-09-14 18:16:43 +02:00
package_remove.c package_remove: reset errno when a file does not exist (ENOENT). 2015-12-01 08:31:05 +01:00
package_script.c actually use HAVE_FDATASYNC 2016-02-08 15:09:43 +01:00
package_state.c Get rid of libfetch and proplib external dependencies. 2013-06-20 10:26:12 +02:00
package_unpack.c lib/package_unpack.c: verify signed pkgver matches 2017-07-09 12:46:01 +00:00
pkgdb_conversion.c Introduce xbps_plist_{array,dictionary}_from_file(). 2015-05-28 10:15:05 +02:00
pkgdb.c Fix 29765271e correctly. 2016-03-24 10:23:20 +01:00
plist_fetch.c libfetch: fix races in the cache connection code. 2014-12-23 10:52:54 +01:00
plist_find.c Fix 29765271e correctly. 2016-03-24 10:23:20 +01:00
plist_match.c libxbps: the provides obj now expects exact pkgver strings. 2015-01-10 07:26:23 +01:00
plist_remove.c Add xbps_remove_{pkgname,string}_from_array() to the API. 2014-09-13 18:13:25 +02:00
plist.c xbps_array_foreach_cb_multi: handle the case of sysconf returning 0. 2015-11-26 07:18:14 +01:00
proplib_wrapper.c Introduce xbps_plist_{array,dictionary}_from_file(). 2015-05-28 10:15:05 +02:00
pubkey2fp.c lib: dont call EVP_cleanup in fp2str 2016-04-24 16:40:25 +02:00
repo_pkgdeps.c Fix xbps_dbg_printf arguments by using __attribute__((format, printf)). 2016-02-06 09:13:38 +01:00
repo_sync.c xbps_repo_sync: fix regression introduced in 87ca42f3. 2014-10-24 11:16:24 +02:00
repo.c lib/repo: plug stage repo mem leak 2016-05-04 09:46:14 +02:00
rpool.c rpool: if pkg wasn't found set errno to ENOENT. 2015-10-19 17:05:55 +02:00
transaction_commit.c libxbps: initialize locale correctly to handle UTF-8 filenames with musl. 2015-12-11 09:59:16 +01:00
transaction_conflicts.c conflicts: really fix the issue with on hold pkgs and update test case. 2015-11-12 13:23:00 +01:00
transaction_dictionary.c Implemented reverse conflicts for pkgs in pkgdb and transaction. 2015-10-28 05:23:42 +01:00
transaction_ops.c Alternatives framework for xbps (2/2). 2015-10-30 12:24:46 +01:00
transaction_package_replace.c libxbps: extend the fix for #116 even more for the expected case. 2015-10-19 18:19:24 +02:00
transaction_revdeps.c libxbps: remove unused variable `pkgdepname' 2015-10-25 20:03:02 +02:00
transaction_shlibs.c lib/transaction_shlibs.c: fix memleak 2016-09-25 21:47:40 +02:00
transaction_store.c libxbps: print in verbose mode what pkgs are added to the transaction. 2015-09-02 18:56:20 +02:00
util_hash.c lib/util_hash.c: fix memleak. 2016-06-20 10:03:49 +02:00
util.c xbps_symlink_target: fix bug introduced in b81b9ab. 2016-02-04 09:55:46 +01:00
verifysig.c lib/verifysig.c: use xbps_file_hash_raw() 2016-06-16 06:51:10 +02:00