summaryrefslogtreecommitdiffstats
path: root/lib
AgeCommit message (Collapse)AuthorFilesLines
2020-04-29Constify some input pointersRikard Falkeborn3-3/+3
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Use GOTO_ERR throughoutAllan McRae6-41/+22
The GOTO_ERR define was added in commit 80ae8014 for use in future commits. There are plenty of places in the code base it can be used, so convert them. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Use STRDUP for error checking in more placesAllan McRae3-5/+10
Use STRDUP() over strdup() to catch memory allocation errors. There are still some instances of strdup left, but these are in functions that currently have no error path and would require a larger rework. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-04-13Add REALLOC macro to simplify realloc error handlingRikard Falkeborn5-19/+7
realloc can fail just like the other memory allocation functions. Add a macro to simplify handling of realloc failures, similar to the already existing MALLOC, CALLOC, etc. Replace the existing realloc uses with the new macro, allowing us to move tedious error handling to the macro. Also, in be_package and be_sync, this fixes hypothetical memory leaks (and thereafter null pointer dereferences) in case realloc fails to shrink the allocated memory. Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-03-13Add file and line number to RET_ERR{,_VOID}Allan McRae1-2/+2
Following the example of the recently added GOTO_ERR, adding the file and line number in addition to the function name in our debug messages is potentially useful. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-03-09Add GOTO_ERR() macro to set error and then goto a labelAnatol Pomozov1-0/+5
This is a macro similar to RET_ERR but useful in the case when we need to record an error and then jump to some cleanup section. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-03-09Remove unneeded goto cleanupAllan McRae1-11/+5
Since commit 2ee7a8d8, there is no cleanup needed in this function. Just return instead of jumping to the cleanup label. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-03-05Do not download files if find_dl_candidates() failsAnatol Pomozov1-1/+1
One reason why the function returns an error is some repo does not have any servers. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-02-24Simplify construction of payloads in download_filesAnatol Pomozov1-21/+13
Currently, download_files() creates payloads for all packages then iterates over them, calling download_single_file. This can be simplified by looping over packages and constructing the payload as needed. Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-02-10build-aux/update-copyright 2019 2020Allan McRae50-50/+50
Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-30Eliminate extra loop over dbs_syncAnatol Pomozov1-9/+5
Current flow looks like loop dbs_sync { loop pkgs { if pkg.db == db then process(pkg, db) } } Package sync transaction always has a counterpart in the dbs_sync list (I cannot come up with a use-case when it is not true). So the loop can be simplified to: loop pkgs { process(pkg, pkg.db) } Tested: 'ninja test' & manually by using pacman with this patch for a week Signed-off-by: Anatol Pomozov <anatol.pomozov@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-28Docs docs docsmorganamilo17-298/+241
libalpm: move docs from .c files into alpm.h And fix/expand some along the way. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-28libalpm: fix alpm_option_set_assumeinstalledmorganamilo1-0/+1
It looks like this function has never actually worked. The current list is never set to NULL after being freed. So the new deps were just appended to the already freed list, leading to a segfault. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-27Fix "pacman -U <url>" operationsAllan McRae1-1/+1
Commit e6a6d307 detected complete part files by comparing a payload's max_size to initial_size. However, these values are also equal when we use pacman -U on a URL as max_size is set to 0 in that case. Add a further condition to avoid that. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-27Increase maximum database sizeAllan McRae1-2/+2
We previously has the maximum database size as 25MB. This was set in the days before repos had as many packages as they do now, and before we started distributing files databases. Increase this limit to 128MB. Signed-off-by: Allan McRae <allan@archlinux.org>
2020-01-07Use c99 struct initialization to avoid memset callsDave Reisner6-38/+19
This is guaranteed less error prone than calling memset and hoping the human gets the argument order correct.
2019-11-26Fix documentation of alpm_mtree_next and remove libarchive exposureAllan McRae2-3/+17
The documentation of the return types of alpm_mtree_next was incorrect. This extended into the relevant function in be_local.c. Also, return explicit integer values, rather than the ARCHIVE_xxx values, to avoid unnecessarily exposing frontends to libarchive internals (even though it makes no functional difference). Original-work-by: morganamilo <morganamilo@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-22Improved documentation for alpm_db_search() parametersAllan McRae1-1/+2
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-21Fix leak in _alpm_db_search on error conditionAllan McRae1-1/+4
2019-11-16Dereference double pointer before assigning NULLDaniel T. Borelli1-2/+2
Daniel T. Borelli <danieltborelli@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-15Handle .part files that are the size of the correct packageAllan McRae2-2/+18
In rare cases, likely due to a well timed Ctrl+C, but possibly due to a broken mirror, a ".part" file may have size at least that of the correct package size. When encountering this issue, currently pacman fails in different ways depending on where the package falls in the list to download. If last, "wrong or NULL argument passed" error is reported, or a "invalid or corrupt package" issue if not. Capture these .part files, and remove the extension. This lets pacman either use the package if valid, or offer to remove it if it fails checksum or signature verification. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-11libalpm/sync.c: Do not download missing keys multiple timesAllan McRae1-2/+10
We now store key structs of our missing key info, so can not search the list for string matches. This caused missing keys to be downloaded once for every package they signed. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-11-08pacman+libalpm: handle search errorsmorganamilo3-14/+19
Previously, pacman treated no matches and an error during search the same. To fix this, alpm_db_search now returns its status as an int and instead takes the to be returned list as a param. Allowing front ends to easily differentiate between errors and no matches. Signed-off-by: morganamilo <morganamilo@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-27Fix segfault importing PGP key for pacman -U operationsAllan McRae1-2/+2
Use after free. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-23Update copyright yearsAllan McRae50-50/+50
make update-copyright OLD=2018 NEW=2019 Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-21Final translation updates for pacman-5.2.0Allan McRae43-563/+565
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-15libalpm: set errno in signing dummy functionsmorganamilo1-3/+6
This allows pacman to print the correct error message when checking keys and libalpm has been compiled without gpgme support. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-15libalpm: fix segfault when -Qip'ing a packagemorganamilo1-1/+2
The dummy checksigs function never sets count to 0, leaving it unitialized. This caused the siglist cleanup to try and free the empty list. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-14Translation updatesAllan McRae43-2015/+1887
Pull all translations with >75% completion. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-12move wordsplit into common for sharingAndrew Gregory1-116/+3
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
2019-10-09signing: handle unknown uid in key importChristian Hesse1-0/+5
With unknown uid pacman crashed. Return with error from email_from_uid() if uid is NULL. Signed-off-by: Christian Hesse <mail@eworm.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07Pull and push translation changes in preparation for 5.2Allan McRae43-2694/+3002
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: short circuit alpm_find_dbs_satisfiermorganamilo1-8/+7
when a satisfying package is already installed, we always pick it instead of prompting the user. So we can return that package as soon as we find it, instead of waiting until we've iterated through all the databases. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: fix incorrect documentationmorganamilo1-5/+7
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07libalpm: resolvedep(): don't compare names twicemorganamilo1-1/+2
If we failed to get the pkg from pkgcache then we know no satisfying package exists by name. So only compare provides. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: add ability to import keys using a WKDJonas Witschel1-13/+84
Currently pacman relies on the SKS keyserver network to fetch unknown PGP keys. These keyservers are vulnerable to signature spamming attacks, potentionally making it impossible to import the required keys. An alternative to keyservers is a so-called Web Key Directory (WKD), a well-known, trusted location on a server from where the keys can be fetched. This commit adds the ability to retrieve keys from a WKD. Due to the mentioned vulnerabilities, the WKD is tried first, falling back to the keyservers only if no appropriate key is found there. In contrast to keyservers, keys in a WKD are not looked up using their fingerprint, but by email address. Since the email address of the signing key is usually not included in the signature, we will use the packager email address to perform the lookup. Also see FS#63171. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07signing: move key import confirmation before key_searchJonas Witschel4-28/+58
Ask the user whether they want to import a missing key before even doing a search on the keyserver. This will be useful for getting Web Key Directory support in place: for a WKD, looking up and importing a key are a single action, so the current key_search -> QUESTION -> key_import workflow does not apply. Since only the ID of the package signing key is available before key_search, we display the packager variable in addition to the key ID for user convenience. Signed-off-by: Jonas Witschel <diabonas@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-07dload: never return NULL from get_filenameDave Reisner1-2/+4
Downloads with a Content-Disposition header will typically not include slashes. When they do, we should most certainly only take the basename, but when they don't, we should treat the header value as the filename. Crash introduced in d197d8ab82cf when we started using get_filename in order to rightfully avoid an arbitrary file overwrite vulnerability. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-10-04autotools: distribute meson filesEli Schwartz1-0/+2
If we use make dist to create the official, signed release tarballs, those will not have meson build files by default since autotools doesn't know what they are. Also distribute all src/common/ files. We never strictly needed any of them to be distributed with autotools, because the dist tarball dereferences the symlinks (???), but only some of them were being distributed, and meson needs them to be in the right location as we only build libcommon from the primary files. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-08-12Prepare translations for next releaseAllan McRae43-5025/+5289
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-28Correctly report a download failiure for 404smorganamilo1-0/+1
Currently when caling alpm_trans_commit, if fetching a package restults in a 404 (or other non 400 response code), the function returns -1 but errno is never set. This patch sets errno to ALPM_ERR_RETRIEVE. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20use consistent time notation for the logAndrew Gregory1-3/+3
%X is locale-dependent, making it impossible to reliably parse and potentially overflowing the buffer. %T is consistent across locales. Also fixes some adjacent whitespace. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-20free makedepends/checkdepends when freeing packagesDave Reisner1-0/+2
Credit to Andrew for identifying source of the leak. Signed-off-by: Allan McRae <allan@archlinux.org>
2019-06-06hooks: rename type File to PathAndrew Gregory1-2/+6
Make it clearer that the targets are matched against both directories and regular files and free up File to potentially refer specifically to regular files in the future. File is retained as a deprecated alias for Path for the time being to avoid breaking existing hooks and will be removed in a future release. See FS#53136. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-05-08Fix clang 8 string-plus-int warningsRikard Falkeborn1-1/+1
Clang 8 warns that adding a string to an integer does not append to string. Indeed it doesn't, but that was not the intentetion. Use array indexing as suggested by the compiler to silence the warning. There should be no functional change. Example of warning message: alpm.c:71:54: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] sprintf(hookdir, "%s%s", myhandle->root, SYSHOOKDIR + 1); ~~~~~~~~~~~^~~ alpm.c:71:54: note: use array indexing to silence this warning sprintf(hookdir, "%s%s", myhandle->root, SYSHOOKDIR + 1); ^ & [ ] 1 warning generated.
2019-03-19build: check for gpgme with pkg-config before gpgme-configEli Schwartz1-2/+2
gpgme in git master now supports pkg-config and with the next release we can and should prefer its use. However, retain the legacy code that enables building with older versions of gpgme, as a fallback. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-19Reformatting log timestamp to include time-zoneFlorian Wehner1-3/+5
The time logged is currently given as localtime without any timezone information. This is confusing in various scenarios. Examples: * If one is travelling across time-zones and the timestamps in the log appear out of order. * Comparing dates with `datediff` gives an offset by the time-zone This patch would reformat the time-stamp to a full ISO-8601 version. It includes the 'T' separating date and time including seconds. Old: [2019-03-04 16:15] New: [2019-03-04T16:15:45-05:00] Signed-off-by: Florian Wehner <florian@whnr.de> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-07Remove support for deltas from libalpmAllan McRae13-714/+10
Signed-off-by: Allan McRae <allan@archlinux.org>
2019-03-01Sanitize file name received from Content-Disposition headerAndrew Gregory1-1/+2
When installing a remote package with "pacman -U <url>", pacman renames the downloaded package file to match the name given in the Content-Disposition header. However, pacman does not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a content-disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. For example, a malicious package-hosting server (or a network man-in-the-middle, if downloading over HTTP) could serve the following header: Content-Disposition: filename=../../../../../../usr/share/libalpm/hooks/evil.hook and pacman would move the downloaded file to /usr/share/libalpm/hooks/evil.hook. This invocation of "pacman -U" would later fail, unable to find the downloaded package in the cache directory, but the hook file would remain in place. The commands in the malicious hook would then be run (as root) the next time any package is installed. Discovered-by: Adam Suhl <asuhl@mit.edu> Signed-off-by: Allan McRae <allan@archlinux.org>
2019-02-07libalpm: prevent 301 redirect loop from hanging the processMark Ulrich1-0/+1
If a mirror responds with a 301 redirect to itself, it will create an infinite redirect loop. This will cause pacman to hang, unresponsive to even a SIGINT. The result is pacman being unable to sync or download any package from a particular repo if its current mirror is stuck in a redirect loop. Setting libcurl's MAXREDIRS option effectively prevents a redirect loop from hanging the process. Signed-off-by: Mark Ulrich <mark.ulrich.86@gmail.com> Signed-off-by: Allan McRae <allan@archlinux.org>