1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-13 12:55:08 -05:00
Commit Graph

1919 Commits

Author SHA1 Message Date
Diogo Sousa
12387ca4e5 lib/libalpm/signing.c: Fix memory leak in decode_signature() in case of error.
Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:50:22 -05:00
Lukas Fleischer
0dad2f6e62 lib/libalpm/util.c: Fix two memory leaks
Free "md5sum" if md5_file() fails in alpm_compute_md5sum(). Free
"sha256sum" if sha2_file() fails in alpm_compute_sha256sum().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:49:02 -05:00
Dan McGee
a12a4ea396 Check local database status flag in db_write sanity check block
Do all the checks at once; this also avoids the 'return' call after we
have allocated memory for "pkgpath" as well as tweaked the umask.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:46:09 -05:00
Lukas Fleischer
455ca55f4e be_sync.c: Fix memory leak in alpm_db_update()
Free "syncpath" and restore umask if we fail to grab a lock.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:40:22 -05:00
Dan McGee
84d6de806b Fix possible mismatched type with several curl arguments
After commit 2e7d002315, we use off_t rather than long variables.
Use the _LARGE variants of the methods to indicate we are passing off_t
sized variables, and cast using (curl_off_t) accordingly.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-28 19:36:50 -05:00
Dan McGee
5a07b75b22 Always process validity value returned by gpgme
Don't force 'never'; you should be checking both the status and validity
anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 17:41:47 -05:00
Dan McGee
be72e10015 Fix small memory leak in sig check code
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 17:41:27 -05:00
Dan McGee
c5982a3eb5 strtrim: don't move empty string
There were many cases where the string coming in was a blank line, e.g.
"\n\0", length 1. The trim routine starts by trimming leading spaces,
thus trimming everything. We would then proceed to do a memmove of the
NULL byte, which is completely worthless as we can just assign it
instead.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 17:14:19 -05:00
Dan McGee
e1dce078b2 Remove argument from check_pgp_helper
This one wasn't all that necessary as we only used it in one place in
the function, which can be checked easily enough at the call site.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:12:49 -05:00
Dan McGee
6aa9fdce5a Remove trans is NULL check in QUESTION/EVENT/PROGRESS macros
trans cannot (and better not) be NULL at any point when these are being
called.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:12:33 -05:00
Dan McGee
f7a3c4c8df Finish large file download attack prevention
This handles the no Content-Length header problem as stated in the
comments of FS#23413. We add a quick check to the callback that will
force an abort if the downloaded data exceeds the payload size, and then
check for this error in the post-download cleanup code.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:09:52 -05:00
Dan McGee
2e7d002315 Use off_t rather than double where possible
Beautiful of libcurl to use floating point types for what are never
fractional values. We can do better, and we usually want these values in
their integer form anyway.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:09:52 -05:00
Dan McGee
f0357e415c Add new 'lt' and 'zh_TW' translations from transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:04:41 -05:00
Dan McGee
5c48ca3239 Update existing translations from Transifex
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-25 16:04:41 -05:00
Diogo Sousa
268d0bbcbe Improved alpm_list_mmerge() performance (fixed coding style)
Improved alpm_list_mmerge() performance by removing an extra
pass to obtain the tail node.

This was actually suggested by a TODO comment.

Signed-off-by: Diogo Sousa <diogogsousa@gmail.com>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-24 11:27:11 -05:00
Dan McGee
30d978a966 vercmp: ensure 2.0a and 2.0.a do not compare equal
We had this interesting set of facts conundrum, according to vercmp
return values:
    2.0a <  2.0
    2.0  <  2.0.a
    2.0a == 2.0.a

This introduces a code change that ensures '2.0a < 2.0.a' as would be
expected by the first two comparisons. Unfortunately this stays us a bit
further from upstream RPM code, but those are the breaks (in RPM, the
versions involving 'a' do in fact compare the same, but they are both
greater than the bare '2.0').

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-23 01:49:29 -05:00
Dan McGee
cc03d6366a Style-match rpmvercmp code with upstream
Not sure how or why some of this differed, but it is easy enough to set
it back to how it was so it is easier to diff.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-23 01:47:45 -05:00
Dave Reisner
6731d0a940 sync: halt file discovery if repo has no servers
This avoids error spam when no servers are configured for a repo and a
sync operation is performed:

Proceed with installation? [Y/n] y
:: Retrieving packages from testing...
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing
warning: failed to retrieve some files from testing

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-23 00:49:14 -05:00
Dan McGee
762cbf574b dload: prevent need to copy struct in mask_signal()
Since we store this directly in the download function, just rework
mask_signal() to take a pointer to a location to store the original.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:27:13 -05:00
Dave Reisner
f3e2858621 dload: extract tempfile creation to its own function
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:23:18 -05:00
Dave Reisner
c65cea0dcb dload: move (un)masking of signals to separate functions
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:23:14 -05:00
Dave Reisner
10cbfc956c dload: move curl option setting to static function
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:19:38 -05:00
Dave Reisner
d64c409913 dload: add open_mode to payload struct
This is a precursor to a following patch which will move the setting of
options to a separate function. With the open mode as part of the
struct, we can avoid modifying stack allocated variables.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:18:00 -05:00
Dave Reisner
592ed13bce dload: rename cd_filename to content_disp_name
This is more in line with the menagerie of file name members that we now
have on the payload struct.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:15:11 -05:00
Dave Reisner
329a7b7e24 dload: move tempfile and destfile to payload struct
These are private to the download operation already, so glob them onto
the struct. This is an ugly rename patch, with the only logical change
being that destfile and tempfile are now freed by the payload_free
function.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-22 09:14:45 -05:00
Dan McGee
d9e5dab6ac Remove alpm_option_get_* usage from backend
These are all available directly on the handle without indirection.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:12:21 -05:00
Dave Reisner
d307ed5eb9 dload: remove unused macro
This was a vestige leftover from the libfetch days of yore.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:01:57 -05:00
Dave Reisner
82fc816d79 dload: delete zero length downloads on curl error
In the case of a non-operation (e.g. DNS resolver error), delete the
leftover 0 byte .part file.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:00:58 -05:00
Dave Reisner
43940f591e dload: rename payload->filename to payload->remote_name
This is a far more accurate description of what this is, since it's more
than likely not really a filename at all, but the name after a final
slash on a URL.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:00:40 -05:00
Dave Reisner
eae363c96f dload: remove code duplication
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 19:00:13 -05:00
Dan McGee
e07547ee4e Rework finding a writable cache directory
This is a refactor and refresh of the code used to find where we should
download packages.

* Incorporate suggestions from FS#25435 to use TMPDIR from the
  environment if set, otherwise fall back to /tmp as before.
* Make the writability tests a bit more in depth. We now do a three part
  check consisting of:
  - S_ISDIR(): is this even a directory
  - access(W_OK): is this directory writable by the current user.
    Unfortunately for root, this almost always returns that it is, but
    in the case of a RO mount or NFS share inaccessible to root, this
    check will exclude the directory.
  - mode & (any write bit): is there a writable bit set on this
    directory. This makes it possible to enforce a read-only cache
    directory by setting permissions to 0555, for example.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 13:10:17 -05:00
Dan McGee
6d544984f2 Be more robust when copying package data
This changes the signature of _alpm_pkg_dup() to return an integer error
code and provide the new package in a passed pointer argument. All
callers are now more robust with checking the return value of this
function to ensure a fatal error did not occur.

We allow load failures to proceed as otherwise we have a chicken and egg
problem- if a 'desc' local database entry is missing, the best way of
restoring said file is `pacman -Sf --dbonly packagename`. This patch
fixes a segfault that was occurring in this case.

Fixes the segfault reported in FS#25667.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 11:09:57 -05:00
Dave Reisner
9934b3bd34 lib/dload: unlink on response code >=400
ftp and http both define >=400 as being "something bad happened"

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 09:54:58 -05:00
Dave Reisner
24824b54ce dload: add 'unlink_on_fail' to payload struct
Let callers of _alpm_download state whether we should delete on fail,
rather than inferring it from context. We still override this decision
and always unlink when a temp file is used.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 09:43:19 -05:00
Dave Reisner
1723e6dc4f lib/dload: prevent possible NULL dereference
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 09:41:55 -05:00
Dave Reisner
16334f778b sync: fix garbled output in conflict prompt
$ pacman -S cronie
resolving dependencies...
looking for inter-conflicts...
:: cronie and fcron are in conflict (@.). Remove fcron? [y/N] n

$ sudo pacman -S pacman
resolving dependencies...
looking for inter-conflicts...
:: pacman and pacman-git are in conflict (pKÈ). Remove pacman-git? [y/N]

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-19 09:40:07 -05:00
Dan McGee
6cfc4757b9 Convert resolvedep() to use _alpm_depcmp_literal()
The whole first loop is trying to check literals only, so teach it to do
so. Also, reorder operations to make more sense by putting the strcmp()
first in the literal loop, and using a very cheap name_hash check first
in the second loop.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
3752edbff4 Fix replacement of provider issue
When we switched to using alpm_depcmp() in resolving replacments, we had
some interesting behavior with regard to providers and packages not
found in repositories. Teach the replacement resolving code to not look
at provisions at all to be slightly more sane.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
d008a816f1 Add an _alpm_depcmp_literal() function
This omits the finding of matching provisions and only checks the
package itself against the provided dep.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
78b63ce7c3 Replacements refactor: extract check_replacers()
This moves code that was inline in alpm_sync_sysupgrade() to its own
method.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
231d6cc1e4 Replacements refactor: extract check_literal()
This moves code that was inline in alpm_sync_sysupgrade() to its own
method.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
5d291d050e Remove usages of alpm_list_next() in backend
Another function call that can be replaced by a single pointer
dereference.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
c4bd476ad1 Remove use of no-op accessor functions in library
The functions alpm_db_get_name(), alpm_pkg_get_name(), and
alpm_pkg_get_version() are not necessary at all, so remove the calling
and indirection when used in the backend, which makes things slightly
more efficient and reduces code size.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Dan McGee
c885a953eb Enhance and utilize database status flags
* Move is_local standalone field to status enum
* Create VALID/INVALID flag pair
* Create EXISTS/MISSING flag pair

With these additional fields, we can be more intelligent with database
loading and messages to the user. We now only warn once if a sync
database does not exist and do not continue to try to load it once we
have marked it as missing.

The reason for the flags existing in pairs is so the unknown case can be
represented. There should never be a time when both flags in the same
group are true, but if they are both false, it represents the unknown
case. Care is taken to always manipulate both flags at the same time.

Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Lukas Fleischer
d18e600952 lib/libalpm/dload.c: Use STRDUP() instead of strdup()
Use the STRDUP macro instead of strdup() for the sake of better error
handling on memory allocation failures.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 10:47:41 -05:00
Lukas Fleischer
0745288c14 lib/libalpm/dload.c: Add ASSERT() to alpm_fetch_pkgurl()
Return with ALPM_ERR_WRONG_ARGS instead of causing a potential segfault
if alpm_fetch_pkgurl() is invoked with a NULL URL.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-18 07:38:31 -05:00
Dave Reisner
9f139550f8 lib/dload: refactor deletion on failure
This moves all the delete-on-fail logic to under cleanup label. This
also implies should_unlink when a payload is received that doesn't allow
resuming.

Fixes .db.sig.part files leftover in the sync dir.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 21:03:43 -05:00
Dave Reisner
2dbdfe0788 lib/dload: avoid renaming download to 0 length destfile
This leverages earlier work that avoids a rename when destfile is unset.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 17:31:04 -05:00
Lukas Fleischer
b9833838c6 Avoid stat() on NULL path in curl_download_internal()
stat()'s behaviour is undefined if the first argument is NULL and might
be prone to segfault. Add an additional check to skip the stat()
invocation if no destfile is used.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 17:30:52 -05:00
Lukas Fleischer
9cddc4ad80 Skip rename() on NULL destfile in curl_download_internal()
Avoid a potential segfault that may occur if we use a temporary file and
fail to build the destination file name from the effective URL.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Signed-off-by: Dan McGee <dan@archlinux.org>
2011-08-17 17:30:41 -05:00