Commit Graph

1437 Commits

Author SHA1 Message Date
Juan RP
3a00a9eb9b
xbps_rpool_foreach: process all entries in order.
if xbps_repo_open() fails then the repo is removed from array
xbps_repo_remove() but as we've removed the entry from it,
the index won't be valid any more, resulting in skipped entries.

If a entry is removed restart again at the correct index.

Close #127
2019-06-18 23:44:36 +02:00
Juan RP
6627ffb84f
xbps_package_remove: use xbps_set_pkg_state_dictionary().
fixes a use-after-free found by @duncaen via gcc -fsanitize=address.
2019-06-18 20:55:47 +02:00
Juan RP
829c5835f1
alternatives: respect (and love) current provider.
Added a new test case to verify.

Close #126
2019-06-18 20:47:55 +02:00
Duncaen
8837e8c607 lib/transaction_files.c: better handle preserve files 2019-06-18 19:54:22 +02:00
Duncaen
f2b119ef31 lib/transaction_files.c: better error and debug messages and minor cleanup 2019-06-18 19:54:22 +02:00
Duncaen
6877d28139 lib/package_find_obsoletes.c: remove in favor of transaction file checks 2019-06-18 19:54:22 +02:00
Duncaen
0efb59a979 lib/transaction_files.c: fix undefined behaviour 2019-06-18 19:54:22 +02:00
Duncaen
f45c6798c9 lib/transaction_files.c: update package archive compressions 2019-06-18 19:54:22 +02:00
Duncaen
8a81f6ce86 lib/package_unpack.c: use transaction obsolete detection 2019-06-18 19:54:22 +02:00
Duncaen
658f87b9c5 lib/transaction_files.c: rework to remove obsoletes before unpacking 2019-06-18 19:54:22 +02:00
Duncaen
29f1433afd lib/transaction_files.c: collect file installs/removals to correctly find obsoletes 2019-06-18 19:54:22 +02:00
Juan RP
00d552424d lib/repo.c: fix dead assignment.
Found by clang-analyzer.

Bug Summary
File: lib/repo.c
Warning: line 162, column 3
Value stored to 'rv' is never read
2019-06-18 18:49:29 +02:00
Juan RP
ab44f4ef80 lib/portableproplib/rb.c: fix dead initialization.
Found by clang analyzer.

Bug Summary
File: lib/portableproplib/rb.c
Warning: line 363, column 19
Value stored to 'grandpa' during its initialization is never read
2019-06-18 18:49:29 +02:00
Juan RP
6b84d75dc1 lib/transaction_dictionary.c: fix dead assignment.
Found by clang-analyzer.

Bug Summary
File: lib/transaction_dictionary.c
Warning: line 68, column 2
Value stored to 'rootdir_free_size' is never read
2019-06-18 18:49:29 +02:00
Juan RP
6fe5bbc596 lib/transaction_ops.c: fix a dead assignment.
Found by clang-analyzer.

Bug Summary
File: lib/transaction_ops.c
Warning: line 274, column 4
Value stored to 'rv' is never read
2019-06-18 18:49:29 +02:00
Juan RP
363f5a93de lib/Makefile: disable pkgdb_conversion.c.
It was made many years ago to update the pkgdb format, but
it's innecessary to build it by default because is dead code.

Anyway keep it just in case pkgdb format changes.
2019-06-18 18:49:29 +02:00
Juan RP
fd88298755 lib/fetch/common.c: fix memleak in happy_eyeballs_connect.
Found by clang-analyzer.

Bug Summary

File: lib/fetch/common.c
Warning: line 587, column 4
Potential leak of memory pointed to by 'pfd'
2019-06-18 18:49:29 +02:00
Juan RP
d16a2fc987 xbps_init: fix a logic error.
Initialize rv to avoid a logic error.

Found by clang-analyzer.

Bug Summary
File: lib/initend.c
Warning: line 101, column 10
The left operand of '<' is a garbage value
2019-06-18 18:49:29 +02:00
Juan RP
87f7766c5f xbps_symlink_target: fix two memleaks found by clang-analyzer. 2019-06-18 18:49:29 +02:00
Juan RP
d36d37fc6a lib/external/fexec.c: fix potential insecure usage in vfork().
Reported by clang-analyzer.

After reading the linux man-pages vfork(2) manpage I came to the
conclusion that it's better to change the behaviour of the
original source (NetBSD) and change this to use fork(2).
2019-06-18 18:49:29 +02:00
Juan RP
b672e1a7f2
Improved "xbps auto-updating itself" behaviour.
Always check if there's a new xbps package version available
while *installing* or *updating* in any form.

This fixes the following scenario:

- xbps-0.53_10 is currently installed
- xbps-0.54_1 is available in repo
- xbps-install --update netbsd-wtf || xbps-install new-pkg || xbps-install --update

As expected any of the following scenarios in last cmd will use *this*
transaction to autoupdate xbps and its reverse dependencies.

Another transaction will be necessary to install or update the other unrelated
packages.

Added a new test case to verify this case and improve the other test
cases with more extensive checks.
2019-06-17 12:02:02 +02:00
Juan RP
7f75910054
libxbps: added support for multiple compression formats in repodata.
Also don't use obsolete libarchive interfaces.
2019-06-17 07:14:24 +02:00
Juan RP
59dffd76cc
lib/package_fulldeptree.c: simplify. 2019-06-17 05:38:36 +02:00
Duncaen
b2f5afd02e lib/repo: add xbps_repo_remove and use it in xbps_rpool_foreach
https://github.com/void-linux/xbps/issues/3
2019-06-15 21:11:07 +02:00
Duncaen
104e8393f3 lib/fetch: fix happy eyeballs without any usable addresses and catch more errors 2019-06-15 19:19:40 +02:00
Duncaen
8018833010 lib/fetch: add FORCE_IPV{4,6} environment variables 2019-06-15 19:19:40 +02:00
Juan RP
271601dd0e
fulldeptree: replace another assert() with proper return code.
Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-15 18:15:13 +02:00
Juan RP
a9a889c54d fulldeptree: return a proper error if deps can't be resolved.
xbps_get_pkg_fulldeptree() now returns NULL and sets errno to ENODEV
when there are missing dependencies, rather than assert()ing.

Added another test case to check returned error codes.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-15 18:04:20 +02:00
Juan RP
82e7d11db8
Merge pull request #116 from Duncaen/umask
umask "fixes"
2019-06-15 13:08:32 +02:00
Duncaen
45fc07260c xbps_binpkg_exists: fix access() on remote packages and avoid malloc 2019-06-14 23:21:06 +02:00
Duncaen
008e1ed901 lib/external/fexec.c: run child with 022 umask 2019-06-14 21:09:15 +02:00
Duncaen
c3f6f485a3 lib/repo_sync.c: set umask before creating repo cache directories 2019-06-14 21:08:55 +02:00
Juan RP
04291329aa
Bump XBPS_API_VERSION and libxbps major soname.
- struct xbps_handle was modified.
- xbps_pkg_is_ignored() was added to the API.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-14 09:54:51 +02:00
Juan RP
f6116fc2ac xbps_pkgdb_lock(): check if rootfs is writable.
As shown in https://github.com/void-linux/xbps/issues/110
/var might be rw, while / might be ro.

Check this via xbps_pkgdb_lock() for both things.

Close #110

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-13 17:41:01 +02:00
Juan RP
c3b2d7ca53 libxbps: fix xbps autoupdate when its revdeps are up-to-date.
The current code was failing because while checking for updates
on its reverse dependencies, up-to-date versions were treated
as an error.

Added a new test case to verify that it works as expected.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-13 14:18:31 +02:00
Juan RP
cf4f0f4aa0 xbps_alternatives_register: fix a memleak.
Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
bcd80f2936 xbps_alternatives_register: update pkgdb alternatives dictionary.
... otherwise the entry might not be added to our array and won't
hit pkgdb.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
1c85083a94 lib/package_alternatives.c: update copyright.
Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
f06edd8850 xbps_alternatives_register: no need to check for 'alloc'.
Found by @huglovefan. Thanks.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
639ff2d642 xbps_alternatives_register: get rid of an unnecessary change.
Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
d189921818 xbps_alternatives_register: fix test case "more_entries_update".
Even if the alternatives group is already registered, we need
to create the symlinks from current pkg dictionary (repo).

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
f4f9bef6e5 xbps_alternatives_register: find and remove obsolete symlinks.
This fixes the new test case "less_entries_update" contributed
by @duncaen.

If "alternatives" dict from pkgdb differs from the one from repos,
find obsoletes and remove them.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
04f899c80f xbps_alternatives_unregister: fix removal of current provider.
Fix logic as found by @duncaen in #101.

Also set "first" when the entry is removed from the array.

Fixes #102

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
c29efcd13b xbps_alternatives_unregister: fix xbps_set_cb_state().
In the !current branch, "first" wasn't initialized so it displayed garbage:

Removing `pinentry-tty-1.1.0_5' ...
Removing 'pinentry' alternatives group symlink: pinentry
pinentry-tty-1.1.0_5: unregistered 'pinentry' alternatives group
Switched 'pinentry' alternatives group to 'p
o@�'
Creating 'pinentry' alternatives group symlink: pinentry -> /usr/bin/pinentry-tty
Removed file `/usr/bin/pinentry-tty'
Removed `pinentry-tty-1.1.0_5' successfully.

With my fix:

Removing `pinentry-tty-1.1.0_5' ...
Removing 'pinentry' alternatives group symlink: pinentry
pinentry-tty-1.1.0_5: unregistered 'pinentry' alternatives group
Switched 'pinentry' alternatives group to 'pinentry'
Creating 'pinentry' alternatives group symlink: pinentry -> /usr/bin/pinentry-tty
Removed file `/usr/bin/pinentry-tty'
Removed `pinentry-tty-1.1.0_5' successfully.

Signed-off-by: Juan RP <xtraeme@gmail.com>
2019-06-11 19:53:19 +02:00
Juan RP
dd3dc2ddec xbps_symlink_target: always canonicalize rootdir.
... otherwise we might end up with a relative rootdir that will
give unexpected results.

dtrt when rootdir != /
2019-06-07 20:13:24 +02:00
Juan RP
9e2c00ee8b libxbps: remove dangling symlinks properly.
This fixes removal of packages that contain multiple levels
of dangling symlinks, i.e faenza-icon-theme and probably others.

Close #23
2019-06-07 20:13:24 +02:00
Juan RP
371be9703e Sync with portableproplib-0.6.8. 2019-06-04 21:43:52 +02:00
Duncaen
33fbe8a5ef fulldeptree: ignore missing local runtime dependencies
They most likely come from `ignorepkg` and without this patch
operations xbps-remove -R aborts if a dependency was ignored
at install time.
2019-05-27 12:41:39 +02:00
Duncaen
67badf983b lib/conf.c: ignore glob errors 2019-05-22 15:05:45 +02:00
Duncaen
79317563e9 lib/conf.c: fix including absolute paths 2019-05-22 15:05:45 +02:00
Duncaen
85bf13f138 lib: move conf parsing to lib/conf.c and refactor to not rely on getcwd/chdir
This fixes https://github.com/voidlinux/xbps/issues/158
2019-05-22 13:22:10 +02:00
Johannes Brechtmann
949d2d90e7 package_remove: fix length comparison 2019-05-16 11:04:48 +02:00
Juan RP
108a165534 libxbps: try to update revdeps when installing or updating pkgs.
This fixes the cases where a pkg installation or update
could break its revdeps due to not satisfying dependencies.

When performing an install or update, xbps now always checks if
there are updates for its revdeps and get added to the transaction.

See the two new test cases for more information.
2019-05-14 23:34:53 +02:00
Juan RP
2a9794968c proplib/prop_object: needs compat.h. 2019-04-22 15:32:06 +02:00
Juan RP
cf78b7272f lib/util: musl needs _{GNU,BSD}_SOURCE for strlc{at,py}(). 2019-04-22 15:31:07 +02:00
Juan RP
0db5ace61d configure: fix vasprintf test; cosmetics.
The vasprintf test was always failing because it needed stdarg.h.
Misc cosmetics: rename compat objs to COMPAT_OBJS.
2019-04-22 15:30:02 +02:00
Duncaen
456f775e4d alternatives: don't switch unchanged alternative groups on removal
Closes: #82 [via git-merge-pr]
2019-04-22 14:51:32 +02:00
Juan RP
1d8b95a993 package_config_files.c: fix a shadowed variable declaration.
Found by pcc.
2019-04-22 14:51:13 +02:00
Juan RP
c658e41747 fulldeptree: make sure there are no dups.
Added a test case to verify that dup deps are discarded
completely.
2019-04-22 14:51:13 +02:00
Juan RP
71775950e8 lib/fetch/http.c: fix https->http redirection via proxy.
See https://github.com/void-linux/xbps/issues/52

Thanks @jschultz

Closes: #79 [via git-merge-pr]
2019-04-22 14:49:54 +02:00
Andreas Kempe
0c657582f2 lib/fetch/common.c: send socks5 request as a single transaction
Splitting the socks5 request is causing issues when running against Tor.
It causes Tor to fail with an address unknown error. Assembling the
request and sending it in its entirety solves the issue.

An strace of torsocks, that functions correctly when used with xbps, shows
that the request is being sent all at once:

        recvfrom(3, "\5\0", 2, 0, NULL, NULL)
        sendto(3, "\5\1\0\3>lysator7eknrfl47rlyxvgeamrv7ucefgrrlhk7rouv3sna25asetwid.onion\0P", 69, 0, NULL, 0)
        recvfrom(3, "\5\0\0\1\0\0\0\0\0\0", 10, 0, NULL, NULL)

Closes: #54 [via git-merge-pr]
2019-04-20 11:11:40 +02:00
human
b502dc708a fix setting alternatives for packages with more than one group 2019-04-20 11:10:34 +02:00
Duncaen
ea2cb1d369 unpack: keep conf_files replaced with symlinks, unpack as .new-pkgver 2019-04-20 10:56:08 +02:00
Duncaen
cd4c07a467 libxbps: sane umask for pkgdb and files plists 2019-04-20 10:46:59 +02:00
Duncaen
d1667fd931 Add the ability to ignore packages
The previous idea was to use virtual packages in the users configuration
to satisfy dependencies by mapping them to existing installed packages.
Using virtual packages for it doesn't work as expected and trying to make
it work would break other functionalities of virtual packages, like the
version satisfaction checks for `provides` and the ability to replace
virtual packages with real packages. The virtual package functionality
should be used exclusively for virtual packages.

This allows users to specify packages packages that should be ignored.
Ignored packages in dependencies are always satisfied without installing
the package, while updating or installing a package that depends on an
ignored package.

This does NOT ignore the shlib checks, ignoring a package that provides
required shared libraries will abort the transaction as if there was no
package that provides the required shared library.
2019-04-19 23:07:59 +02:00
Duncaen
9f52a7837f lib/fetch: add happy eyeballs connect algorithm (RFC6555/RFC8305)
Connect to the addresses from `getaddrinfo(3)`,
alternating between address family,
starting with ipv6 and wait `fetchConnDelay`
between each connection attempt.

If a connection is established within the attempts,
use this connection and close all others.

If `connect(3)` returns `ENETUNREACH`, don't attempt more
connections with the failing address family.

If there are no more addresses to attempt,
wait for `fetchConnTimeout` and return the first established
connection.

If no connection was established within the timeouts,
close all sockets and return -1 and set errno to
`ETIMEDOUT`.
2019-04-19 22:58:50 +02:00
Juan RP
291faddf8c xbps now also updates revdeps of itself if there's an update.
Close https://github.com/void-linux/xbps/issues/77

Closes: #78 [via git-merge-pr]
2019-04-19 22:57:42 +02:00
Juan RP
08aa44602f xbps_array_foreach_cb_multi: fix incorrect array counter.
This fixes some races that could be seen when there's a
determined number of pkgs and CPU threads.
2019-04-19 22:57:42 +02:00
Juan RP
580a5ba29b xbps_get_pkg_fulldeptree(): fix all known bugs and make it 50x faster.
faster: use a hash table with pkg names on the transaction dict,
 the process of collecting and sorting is now 50x faster or
 even more (kde5).

bugs: this now detects cyclic deps and returns with an appropropiate
 return value: ELOOP and ENOENT in xbps-query(1) --fulldeptree.
 Ping me if you need more details :-)

Close https://github.com/void-linux/xbps/issues/16
Close https://github.com/void-linux/xbps/issues/5
2019-04-19 22:57:42 +02:00
human
8d594727cc lib/util.c: improve error handling in xbps_binpkg_{arch,pkgver}
they no longer assert or segfault on malformed strings

Closes: #48 [via git-merge-pr]
2019-04-14 15:01:18 +02:00
Johannes Brechtmann
2745e25740 lib/package_remove: order directories before removal
The order of entries in files.plist is inconsistent
between different releases of xbps. Hence they must be
ordered before removal to, so sub directories are removed
before their parents.
2019-04-14 14:30:16 +02:00
Duncaen
5aabfe3ad9 fix indention 2019-04-14 12:37:24 +02:00
Duncaen
4d1f9832c1 lib/package_find_obsoletes: fix comment 2019-04-14 11:52:32 +02:00
Yuxuan Shui
2c69345acc Don't process processed packages again in collect_rdeps
Otherwise we will get exponential time complexity
2019-04-14 11:25:41 +02:00
Duncaen
07ec982b07 lib/fetch/http.c: ignore headers after CONNECT response 2019-04-08 13:34:23 +02:00
Duncaen
c1a64ba86e Revert "lib/initend.c: Fix user virtual packages"
This reverts commit bea146c724.
2019-03-22 22:34:11 +01:00
kayvenm
bea146c724 lib/initend.c: Fix user virtual packages
Dictionary was never initialized because of wrong condition check

Closes: #265 [via git-merge-pr]
2019-03-22 21:45:44 +01:00
Cameron Nemo
5aa1adca90 lib/initend.c: xbps_init(): safer string handling
Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>
Closes: #58 [via git-merge-pr]
2019-03-22 19:14:08 +01:00
wuhanck
b4eebafa6d upgrade to openssl 1.1.x. 2019-01-24 14:57:50 -05:00
Foxlet
0f33859701 Fix namespace violation 2018-09-25 22:11:30 -04:00
Enno Boland
e4702d9d3b
Merge pull request #6 from foxlet/fix-string-formatting
Fix string formatting of 64-bit unsigned integers
2018-07-30 20:28:09 +02:00
Enno Boland
a5bfc59203 prepare release 2018-07-30 13:47:08 +02:00
Foxlet
4eaf45a767 Fix string formatting of 64-bit unsigned integers 2018-07-17 20:50:48 -04:00
Enno Boland
bfd6b2e88e lib/plist.c: share workload more efficient between threads
Before this patch xbps had a constant slice count for every thread.
This resulted in unbalanced thread usage if the workload was
homogenous over the slices.

This patch replaces the naive slice count approach by spinlock based
reservation.
2018-07-02 13:18:23 +02:00
Juan RP
eaccf4813d Merge pull request #246 from ebfe/signed_pkgver
lib/package_unpack.c: verify signed pkgver matches
2017-10-25 09:17:55 +02:00
Juan RP
eae215e2a0 Merge pull request #234 from Duncaen/umask
Fix pkgdb and files plist permissions with restictive umask.
2017-10-25 09:13:26 +02:00
Agustin Chiappe Berrini
2cd0dc688f Fix compilation of initend for gcc 7
This is a trickier situation.

The original message:

```
initend.c:423:10: error: ‘%s’ directive output may be truncated writing 15 bytes into a region of size between 1 and 512 [-Werror=format-truncation=]
       "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
          ^~
initend.c:422:3: note: ‘snprintf’ output between 16 and 527 bytes into a destination of size 512
   snprintf(xhp->confdir, sizeof(xhp->confdir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_SYSCONF_PATH);
       ~~~~~~~~~~~~~~~~~~
initend.c:429:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:428:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->confdir, sizeof(xhp->confdir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
initend.c:434:9: error: ‘%s’ directive output may be truncated writing 17 bytes into a region of size between 1 and 512 [-Werror=format-truncation=]
      "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
         ^~
initend.c:433:2: note: ‘snprintf’ output between 18 and 529 bytes into a destination of size 512
  snprintf(sysconfdir, sizeof(sysconfdir),
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      "%s%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      XBPS_SYSDEFCONF_PATH);
      ~~~~~~~~~~~~~~~~~~~~~
initend.c:455:11: error: ‘%s’ directive output may be truncated writing 14 bytes into a region of size between 0 and 511 [-Werror=format-truncation=]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
           ^~
initend.c:454:3: note: ‘snprintf’ output between 16 and 527 bytes into a destination of size 512
   snprintf(xhp->cachedir, sizeof(xhp->cachedir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_CACHE_PATH);
       ~~~~~~~~~~~~~~~~
initend.c:461:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:460:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->cachedir, sizeof(xhp->cachedir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
initend.c:467:11: error: ‘%s’ directive output may be truncated writing 12 bytes into a region of size between 0 and 511 [-Werror=format-truncation=]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
           ^~
initend.c:466:3: note: ‘snprintf’ output between 14 and 525 bytes into a destination of size 512
   snprintf(xhp->metadir, sizeof(xhp->metadir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "",
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       XBPS_META_PATH);
       ~~~~~~~~~~~~~~~
initend.c:473:7: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation ]
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ^~~~~~~
initend.c:472:3: note: ‘snprintf’ output 2 or more bytes (assuming 513) into a destination of size 512
   snprintf(xhp->metadir, sizeof(xhp->metadir),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       "%s/%s", strcmp(xhp->rootdir, "/") ? xhp->rootdir : "", buf);
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```

It's basically warning about dangerous operations on strings. And as
far as I could tell, is a valid warning and not a false alarm!

This fix makes the concept of `XBPS_MAXPATH` lose a little bit of sense
as now it doesn't necessarily represent the max size of the paths used
by xbps, but instead the max allowed size of the path configured.

I think this change is ok, but I wasn't able to find any reference to
why it was chosen to be 512. POSIX mandates at least 256, so I'm not
breaking anything that wasn't broken already, and Linux seems to have
a maximum size of 4096, which is pretty safe.

Therefore, this changes should be harmless. I think.
2017-08-22 18:35:45 -04:00
Agustin Chiappe Berrini
be5277591f Fix compilation in ftp.c
When trying to compile the file ftp.c, I get errors related with
warnings that were marked to be reported as error.

This was the original message:

```
fetch/ftp.c:444:8: error: this statement may fall through [-Werror=implicit-fallthrough=]
   type = 'D';
   ~~~~~^~~~~
fetch/ftp.c:445:2: note: here
  case 'D':
  ^~~~
fetch/ftp.c: In function ‘ftp_request’:
fetch/ftp.c:342:3: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations]
   for (i = 0; i <= len && i <= end - dst; ++i)
   ^~~
fetch/ftp.c:342:24: error: missed loop optimization, the loop counter may overflow [-Werror=unsafe-loop-optimizations]
   for (i = 0; i <= len && i <= end - dst; ++i)
               ~~~~~~~~~^~~~~~~~~~~~~~~~~
```
2017-08-22 18:03:32 -04:00
Michael Gehring
4aae026615 lib/package_unpack.c: verify signed pkgver matches
$ARCH-repodata is currently not protected by a signature. While most of
the package metadata is also embedded into the .xbps files, which are
protected by a signature, xbps-install ignores it
(1670ff000d/lib/package_unpack.c (L123))
and relies entirely on $ARCH-repodata.

This enables anyone who is able to modify the $ARCH-repodata to
substitute packages. This patch adds a check that verifies the signed
pkgver matches the one in the repodata, so at least downgrades posing as
updates are detected.

This is an incomplete fix as the whole transaction is still set up with
the unsigned repodata and other issues surely exist. The real fix is
signing $ARCH-repodata.
2017-07-09 12:46:01 +00:00
Duncaen
e797936c40 lib/repo_sync.c: sane umask for repodata files 2017-02-27 18:50:19 +01:00
Duncaen
332fbc195a lib/package_unpack.c: set a sane umask for pkg files plists 2017-02-27 18:24:51 +01:00
Duncaen
44778867df lib/pkgdb.c: set a sane umask for pkgdb plist 2017-02-27 18:24:46 +01:00
Duncaen
cf43597e74 lib/package_unpack.c: add memleak notice 2016-09-25 21:47:58 +02:00
Duncaen
797796e086 lib/transaction_shlibs.c: fix memleak 2016-09-25 21:47:40 +02:00
Duncaen
4797dee468 lib/package_configure.c: fix memleak 2016-09-25 21:27:46 +02:00
Duncaen
3b04602cc6 lib/package_alternatives.c: cleanup create_symlinks 2016-09-05 16:03:41 +02:00
Duncaen
dd7a0d073b lib/package_alternatives.c: remove previous symlinks 2016-09-05 02:03:30 +02:00
Duncaen
08b9ed878f lib/fetch: default port, error checks and authentication support 2016-09-02 17:50:05 +02:00
Duncaen
30ace44394 lib/fetch: add socks5 support 2016-09-01 00:38:55 +02:00
Enno Boland
934a59ecd9 lib/fetch/http.c: send proxy auth on https as connect header.
fixes #185
2016-07-08 08:24:14 +02:00