Commit Graph

1310 Commits

Author SHA1 Message Date
Cameron Nemo
5aa1adca90 lib/initend.c: xbps_init(): safer string handling
Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>
Closes: #58 [via git-merge-pr]
2019-03-22 19:14:08 +01:00
wuhanck
b4eebafa6d upgrade to openssl 1.1.x. 2019-01-24 14:57:50 -05:00
Foxlet
0f33859701 Fix namespace violation 2018-09-25 22:11:30 -04:00
Enno Boland
e4702d9d3b
Merge pull request #6 from foxlet/fix-string-formatting
Fix string formatting of 64-bit unsigned integers
2018-07-30 20:28:09 +02:00
Enno Boland
a5bfc59203 prepare release 2018-07-30 13:47:08 +02:00
Foxlet
4eaf45a767 Fix string formatting of 64-bit unsigned integers 2018-07-17 20:50:48 -04:00
Enno Boland
bfd6b2e88e lib/plist.c: share workload more efficient between threads
Before this patch xbps had a constant slice count for every thread.
This resulted in unbalanced thread usage if the workload was
homogenous over the slices.

This patch replaces the naive slice count approach by spinlock based
reservation.
2018-07-02 13:18:23 +02:00
Juan RP
eaccf4813d Merge pull request #246 from ebfe/signed_pkgver
lib/package_unpack.c: verify signed pkgver matches
2017-10-25 09:17:55 +02:00
Juan RP
eae215e2a0 Merge pull request #234 from Duncaen/umask
Fix pkgdb and files plist permissions with restictive umask.
2017-10-25 09:13:26 +02:00
Agustin Chiappe Berrini
2cd0dc688f Fix compilation of initend for gcc 7
This is a trickier situation.

The original message:

```
initend.c:423:10: error: ‘%s’ directive output may be truncated writing 15 bytes into a region of size between 1 and 512 [-Werror=format-truncation=]
       "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
          ^~
initend.c:422:3: note: ‘snprintf’ output between 16 and 527 bytes into a destination of size 512
   snprintf(xhp->confdir, sizeof(xhp->confdir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_SYSCONF_PATH);
       ~~~~~~~~~~~~~~~~~~
initend.c:429:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:428:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->confdir, sizeof(xhp->confdir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
initend.c:434:9: error: ‘%s’ directive output may be truncated writing 17 bytes into a region of size between 1 and 512 [-Werror=format-truncation=]
      "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
         ^~
initend.c:433:2: note: ‘snprintf’ output between 18 and 529 bytes into a destination of size 512
  snprintf(sysconfdir, sizeof(sysconfdir),
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      XBPS_SYSDEFCONF_PATH);
      ~~~~~~~~~~~~~~~~~~~~~
initend.c:455:11: error: ‘%s’ directive output may be truncated writing 14 bytes into a region of size between 0 and 511 [-Werror=format-truncation=]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
           ^~
initend.c:454:3: note: ‘snprintf’ output between 16 and 527 bytes into a destination of size 512
   snprintf(xhp->cachedir, sizeof(xhp->cachedir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_CACHE_PATH);
       ~~~~~~~~~~~~~~~~
initend.c:461:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:460:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->cachedir, sizeof(xhp->cachedir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
initend.c:467:11: error: ‘%s’ directive output may be truncated writing 12 bytes into a region of size between 0 and 511 [-Werror=format-truncation=]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
           ^~
initend.c:466:3: note: ‘snprintf’ output between 14 and 525 bytes into a destination of size 512
   snprintf(xhp->metadir, sizeof(xhp->metadir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_META_PATH);
       ~~~~~~~~~~~~~~~
initend.c:473:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:472:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->metadir, sizeof(xhp->metadir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```

It's basically warning about dangerous operations on strings. And as
far as I could tell, is a valid warning and not a false alarm!

This fix makes the concept of `XBPS_MAXPATH` lose a little bit of sense
as now it doesn't necessarily represent the max size of the paths used
by xbps, but instead the max allowed size of the path configured.

I think this change is ok, but I wasn't able to find any reference to
why it was chosen to be 512. POSIX mandates at least 256, so I'm not
breaking anything that wasn't broken already, and Linux seems to have
a maximum size of 4096, which is pretty safe.

Therefore, this changes should be harmless. I think.
2017-08-22 18:35:45 -04:00
Agustin Chiappe Berrini
be5277591f Fix compilation in ftp.c
When trying to compile the file ftp.c, I get errors related with
warnings that were marked to be reported as error.

This was the original message:

```
fetch/ftp.c:444:8: error: this statement may fall through [-Werror=implicit-fallthrough=]
   type = 'D';
   ~~~~~^~~~~
fetch/ftp.c:445:2: note: here
  case 'D':
  ^~~~
fetch/ftp.c: In function ‘ftp_request’:
fetch/ftp.c:342:3: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations]
   for (i = 0; i <= len && i <= end - dst; ++i)
   ^~~
fetch/ftp.c:342:24: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations]
   for (i = 0; i <= len && i <= end - dst; ++i)
               ~~~~~~~~~^~~~~~~~~~~~~~~~~
```
2017-08-22 18:03:32 -04:00
Michael Gehring
4aae026615 lib/package_unpack.c: verify signed pkgver matches
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
2017-07-09 12:46:01 +00:00
Duncaen
e797936c40 lib/repo_sync.c: sane umask for repodata files 2017-02-27 18:50:19 +01:00
Duncaen
332fbc195a lib/package_unpack.c: set a sane umask for pkg files plists 2017-02-27 18:24:51 +01:00
Duncaen
44778867df lib/pkgdb.c: set a sane umask for pkgdb plist 2017-02-27 18:24:46 +01:00
Duncaen
cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Duncaen
797796e086 lib/transaction_shlibs.c: fix memleak 2016-09-25 21:47:40 +02:00
Duncaen
4797dee468 lib/package_configure.c: fix memleak 2016-09-25 21:27:46 +02:00
Duncaen
3b04602cc6 lib/package_alternatives.c: cleanup create_symlinks 2016-09-05 16:03:41 +02:00
Duncaen
dd7a0d073b lib/package_alternatives.c: remove previous symlinks 2016-09-05 02:03:30 +02:00
Duncaen
08b9ed878f lib/fetch: default port, error checks and authentication support 2016-09-02 17:50:05 +02:00
Duncaen
30ace44394 lib/fetch: add socks5 support 2016-09-01 00:38:55 +02:00
Enno Boland
934a59ecd9 lib/fetch/http.c: send proxy auth on https as connect header.
fixes #185
2016-07-08 08:24:14 +02:00
Enno Boland
842ac7c97e lib/util_hash.c: fix memleak. 2016-06-20 10:03:49 +02:00
Enno Boland
30d1d0f607 util_hash.c: void return value 2016-06-17 17:03:43 +02:00
Enno Boland
cb94ffe1c0 util_hash.c: fail on negative result code of read. 2016-06-17 17:03:43 +02:00
Enno Boland
b55ffeceae lib/util_hash.c: write directly to malloced string instead if coping it over 2016-06-16 07:00:08 +02:00
Enno Boland
df97be6a54 lib/verifysig.c: use xbps_file_hash_raw()
instead of mmap'ing the source file, xbps_file_hash_raw is used
to generate a digest of the file.
2016-06-16 06:51:10 +02:00
Enno Boland
7ce66edc57 lib/util_hash.c: add xbps_file_hash_raw method
this function does not mmap the target file and therefore
avoids out of memory exceptions on 32bit systems.
2016-06-16 06:51:10 +02:00
Enno Boland
0b96156b5e Merge pull request #174 from ebfe/stage-leak
lib/repo: plug stage repo mem leak
2016-06-04 07:48:39 +02:00
Michael Gehring
46744c412d lib/fetch/common.c: fix build with -Werror=misleading-indentation
Fixes #179
2016-06-03 20:26:52 +02:00
Michael Gehring
2d6e865d00 lib/repo: plug stage repo mem leak 2016-05-04 09:46:14 +02:00
Enno Boland
7c8b1d7aaa lib/fetch/http.c: HTTP CONNECT needs two \r\ns 2016-04-27 11:04:14 +02:00
Enno Boland
3a5c1f3a71 lib/fetch/http.c: fix EOL at HTTP CONNECT
fixes #172.
2016-04-26 13:59:49 +02:00
Juan RP
adcc6d16a4 lib/fetch/common.c: simplify ssl_init(). 2016-04-24 19:20:54 +02:00
Michael Gehring
793de8399c lib: dont call EVP_cleanup in fp2str
Calling EVP_cleanup here undoes initialization already done in
lib/fetch/common.c ssl_init() causing subsequent attempts to call
SSL_CTX_new() to fail. Which ultimately is the root cause for #170.

Fixes #170
2016-04-24 16:40:25 +02:00
Juan RP
eb3d227d61 lib/fetch: check that SSL_CTX_new() does not fail and print its errors (#170).
Thanks @ebfe.
2016-04-24 08:42:32 +02:00
Juan RP
b810c25601 lib/fetch/common.c: dup pthread.h inclusion. 2016-04-23 07:04:25 +02:00
Juan RP
e2e8eea490 lib/fetch: also call SSL_load_error_strings() once (#167).
Close #168
2016-04-22 11:38:01 +02:00
Juan RP
228a89d51e Use pthread_once(3) to initialize openssl/libressl just once.
Fixes openssl initialization concurrently by multiple threads.
Close #167
2016-04-22 11:32:34 +02:00
Juan RP
2434b90d6e libxbps: use xbps_strlc{at,py} everywhere. 2016-04-17 20:17:37 +02:00
Juan RP
048668b0fe xbps_transaction_shlibs: for providers also print its pkgver obj. 2016-04-17 17:54:49 +02:00
Michael Gehring
530149d90d lib/portableproplib: fix various oob reads/segfaults
Applies the following patches from NetBSD:

http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object.c?rev=1.30&content-type=text/x-cvsweb-markup
http://cvsweb.netbsd.org/bsdweb.cgi/src/common/lib/libprop/prop_object_impl.h?rev=1.31.12.1&content-type=text/x-cvsweb-markup
2016-04-07 15:07:11 +02:00
Michael Gehring
51511231bf lib/repo.c: fix potential null pointer deref 2016-04-07 02:15:49 +02:00
Juan RP
35ad10ccbd Fix 29765271e correctly.
xbps_find_virtualpkg_in_conf() needs to look at the vpkgs set up in
configuration files, not from those set by pkgdb.

As a result of this the two test cases that were failing yesterday are now
fixed.
2016-03-24 10:23:20 +01:00
Enno Boland
fa635399f0 Merge pull request #156 from Gottox/atomic-rindex-a
xbps-rindex: check for consistent shlibs
2016-03-24 07:11:53 +01:00
Juan RP
29765271e9 xbps.d(5): 'virtualpkg' can now be used to map any pkg to another.
See NEWS for more information.
2016-03-23 12:46:52 +01:00
Enno Boland
4d1ee3b01d xbps-rindex: check for consistent shlibs
When adding packages to the index, xbps-rindex will check if the
consistency of shlibs is broken by a package. If so, rindex will create
a stage file and commit the packages there. Once the consistency is restored,
rindex -a will commit the stage area back to the public repo and delete the
stage file.
2016-03-21 08:31:18 +01:00
Enno Boland
897ac238c4 Revert "xbps-rindex: check for consistent shlibs"
This reverts commit 5f4e1ad43e which was
accidently checked in in the master branch.
2016-03-20 21:40:22 +01:00
Enno Boland
5f4e1ad43e xbps-rindex: check for consistent shlibs
When adding packages to the index, xbps-rindex will check if the
consistency of shlibs is broken by a package. If so, rindex will create
a stage repository and commit the packages there. Once the consistency
is restored, rindex -a will commit the stage area back to the public
repo and delete the stage file.
2016-03-20 21:36:30 +01:00