1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-12-22 15:58:50 -05:00
Commit Graph

2301 Commits

Author SHA1 Message Date
Simon Gomizelj
dd62fde53e validate %FILEPATH% when parsing repo dbs
Currently we make no effort to validate the %FILENAME% field in the
repo db. This allows for relative paths to be considered valid.

A carefully crafted db entry with a malicious relative path,
(e.g. `../../../../etc/passwd`) will cause pacman to to
overwrite _any_ file on the target's machine.

Add the following validation:

- doesn't start with '.'
- doesn't contain a '/'
- won't overflow PATH_MAX

Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-06-04 13:45:12 +10:00
Allan McRae
1ed881fed3 Fix comment typo
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-18 22:43:12 +10:00
Allan McRae
35289bc17e More translation updates
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-05-07 12:53:23 +10:00
Allan McRae
0aa9628560 Pull translation updates from transifex
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-30 21:18:42 +10:00
Allan McRae
c1dfdd2010 Use libalpm version in pkg-config file
We currently use the pacman version number in the libalpm.pc file. It makes
more sense to use the libalpm version.

Fixes FS#34967.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-26 12:43:53 +10:00
Anatol Pomozov
769facca22 Fix spelling errors using 'codespell' tool
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-18 13:20:13 +10:00
Allan McRae
e9639ad172 Update translations from transifex
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-04-01 15:53:12 +10:00
Richard Pougnet
c85d155f3a Improve documentation of libalpm interface functions
Add details to the doxygen for the initialization and relase functions
of the library.

Signed-off-by: Richard Pougnet <richard@pougnet.ca>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-31 11:08:54 +10:00
Allan McRae
3eee3d67af More translation updating
Pull updates from transifex.  Add new "id" translation.  Regerate po
files with updated filelists...

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-17 13:53:38 +10:00
Allan McRae
47a7ea8c86 Update POTFILES.in for libalpm and pacman
Be complete with files listed. Comment out files where code is used
or heavily based on other projects so will never have translatable
strings.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-17 13:53:38 +10:00
Allan McRae
aa550a85f1 Merge updates from Transifex
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-15 13:21:32 +10:00
Allan McRae
a97f792d3c Remove Indonesian translation
I imported this translation from transifex without realising that there
was no strings translated despite being "acitve" on transifex for quite
some time.  Remove it until translation begins...

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-15 13:21:32 +10:00
Dan McGee
163c36bdcd Save and restore old locale when manipulating via setlocale
We shouldn't assume a frontend program didn't explicitly set the LC_TIME
setting to a value not in the environment, which is what we previously
assumed. Save the old locale before forcing the 'C' locale and restore
it when we are done.

Signed-off-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-14 11:47:11 +10:00
Andrew Gregory
d35a7fb6f3 alpm/remove.c: add newlines to debug output
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-14 11:47:11 +10:00
Allan McRae
1e21aa589d Update all translations files to push to Transifex
Run update-po and fix the few errors reported.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-10 13:32:11 +10:00
Allan McRae
c5652361fb Pull updated translations from transifex
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-10 13:32:10 +10:00
Allan McRae
1366da57fa Add new languages from Transifex
Languages: eo, nl, hr, ko, ja, fa, ar, sl, gl, id

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-10 13:32:10 +10:00
Simon Gomizelj
ce9fd69eba make status/log messages reflect version change
Currently pacman either prints 'adding' or 'upgrading' when installing
a package. This make pacman print and log the other possible actions:
'downgrade' and 'reinstall'

Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-10 09:01:56 +10:00
Dave Reisner
08a1244f4e libalpm/sync: remove useless intermediate variable
This also rearranges some code to ensure that declarations and code
aren't mixed.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-10 09:01:56 +10:00
Olivier Brunel
017184fab5 libalpm: Search for replacers before literals
Since 882bff36 literals would be searched before replacers, resulting in a
package being replaced by another not actually being replaced under certain
conditions (e.g. they're both in the same repo).

This change effectively reversed the expectations in test sync132. This patch
switches the order back to replacers first, thus making sure if a package is
replacing another one, the change will always happen, even if both are in the
same repo.

Note that a package replacing another one in a repo with higher priority will
not be done, see FS#11737 and test sync1105

Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-07 15:38:47 +10:00
Olivier Brunel
1b39653e96 libalpm: Fix installing update of a replaced package
During a sysupgrade, if a package is replaced by another, and an update for the
former package is found (on another repo) the replaced package would be
re-installed.

Signed-off-by: Olivier Brunel <i.am.jack.mail@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-07 15:38:47 +10:00
Allan McRae
e6b8d5189f Do not resolve every local package filelist on remove
Although technically correct, this results in my system taking ~30 seconds
to resolve all filelists when removing a package that has a directory not
owned by any package.  The check for if any package own the empty directory
is a rare enough occurance, and it will be even rarer when that directory
has a directory symlink in its path, so just revert this at this stage.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-03-07 15:38:47 +10:00
Andrew Gregory
8e2648bf02 add SYMEXPORT to alpm_filelist_contains
alpm_filelist_contains is listed in alpm.h and should be public but was
not exported.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Dave Reisner
3d142fe8ef dload: don't download sig if package is found in cache
Avoids the segfault seen in FS#33911.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Richard Pougnet
63baba13ec Provide full path names in warning messages
Fix FS#31556 by printing filename instead of entryname. Thus,
removing a lot of confusion from the output.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Allan McRae
34749e177d Perform limited conflict checking with --force
Pacman currently bails when trying to extract a file over a directory
when using --force.  Instead of ignoring all conflict, perform the
check and skip any file-file conflicts. Conflicts between directories
and files are still flagged and cause the transation to abort.

As a bonus, we now know about files changing packages when using
--force, so we can skip removing them fixing upgrade046.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Andrew Gregory
19754b34a3 use resolved_path for filelist_contains
alpm_filelist_contains was being used to search for resolved paths, but
searching in the unresolved paths, causing it to miss matches.  We
always search unresolved paths and search the resolved paths if
available because _alpm_filelist_resolve is not public and requires
a context handle, so it can't be called from alpm_filelist_contains.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Andrew Gregory
083ac51816 return resolved paths from filelist_difference
We were comparing files based on resolved paths but returning the
original file_t structures, which were not necessarily in the same
order.  The extra file_t information was only being used to determine if
the file was a directory which can be accomplished by testing for
a trailing slash, so just return the resolved path.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Andrew Gregory
9995510dc8 return resolved paths from filelist_intersection
We were comparing files based on resolved paths but returning the
original file_t structures, which were not necessarily in the same
order.  The additional file_t information was never used, so just return
the resolved path.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Andrew Gregory
0bbc406ee8 use alpm_list_free on filelist intersection
alpm_filelist_intersection returns a list of pointers to internal file_t
struct's, so only the list itself should be freed.

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-24 13:11:54 +10:00
Andrew Gregory
bc747fbfbf fix off-by-one error in _alpm_filelist_resolve
'/' should not be appended to the resolved root when root is "/".

Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Andrew Gregory
d5a5a6b512 fix style violations
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Andrew Gregory
578dfcd977 fix alpm_validation_t comment
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Andrew Gregory
c1a84c03b2 find_fileconflicts: reduce path resolution calls
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Dave Reisner
26a79cb29d libalpm: never attempt to remove a mountpoint
Arch Linux typically runs into this with /sys when upgrading the
filesystem package in build chroots, but LXC users might also run into
this, since their /sys is shared from the host and must, for security
reasons, be mounted RO.

I've neglected to add any tests for this because they would require root
in order to run. Current tests all pass with this patch and I've
confirmed the desired behavior in a VM. Incidentally, the first hunk of
this patch (skipping can_remove_file checks for directories) resolves the
case of API mountpoints being removed since they eventually fall into
unlink_file and fail with "contains files". However, this patch should
still be the Right Thing To Do™, as we can't possibly remove a directory
that is also a mountpoint.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>

[Allan] Do not skip checking if directories can be removed. Instead test
if directories are mountpoints in can_remove_file.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-16 11:06:43 +10:00
Allan McRae
8fe8233dfa Fix registering database with non-gpgme builds
We record whether the default SigLevel is set in order to add upon
it for the *FileSigLevel entries.  When using the only valid value
of "SigLevel = Never" with non-gpgme builds, we need to ignore
the ALPM_SIG_PACKAGE_SET flag when determining if we have a valid
value for the database SigLevel.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:33 +10:00
Allan McRae
87ffc648b7 Fix --without-gpgme build
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:33 +10:00
Allan McRae
3fa2830829 Add format attributes to all required functions
Fixes all clang warnings with -Wformat-literal.

Also, fix genuine formating issue discovered once adding these attributes
and add a cast to prevent a gcc warning.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:33 +10:00
Allan McRae
bafee395a6 Fix compilation error on clang
This also lead me to notice that in _alpm_gpgme_checksig many things
were not being cleaned up.  Fix this by having CHECK_ERR goto gpg_error
and make the required adjustments.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-13 11:50:32 +10:00
Allan McRae
17d4ec5ed8 Skip reading sync db deltas files if UseDelta is unset
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
5f5469c774 Import key if needed when installing package from file
When installing a package with "pacman -U" that has a detached
signature, check if the needed key is in the keyring and download
if necessary.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
0d89c10f4b Prompt to delete packages with signature fails
Offer to remove the bad package when a signature fails to validate
as is done for checksum failures.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
4ccf16dff5 Remove retry path from signature validation
Now that the keyring is checked for all needed keys before the
validation, we can not reach a point of a missing key when doing
validity checks for sync operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
31b9b264c1 Check keys are in keyring before package validation
Keys used to create signatures are checked for presence in the keyring
before package validation is performed.

Signed-off-by: Allan McRae <allan@archlinux.org>

Conflicts:
	lib/libalpm/alpm.h

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
198154962b Make decode_signature available to the library
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
05745089ac Add function to extract key id from signatures
This does not support all possibilities of RFC4880, but it does
cover every key currently used in Arch Linux.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:37 +10:00
Allan McRae
4ec6848f91 Move key importing into separate function
This will be useful for checking the availablity of all keys before
perfoming validation in sync operations and for downloading a needed
key in upgrade operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Allan McRae
45b6d36cf7 Make key_in_keychain available in library
In preparation for checking key presence and downloading needed keys
before conflict checking.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-09 12:43:36 +10:00
Dave Reisner
7edd262a06 inline libarchive compat wrappers
Suggested-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-07 10:48:11 +10:00
Allan McRae
33b3b6d9b8 Add configuration option for Upgrade operation SigLevel
Add LocalFileSigLevel and RemoteFileSigLevel to control the signature
checking for "pacman -U <file>" and "pacman -U <url>" operations
respectively. The starting value for both these options is SigLevel,
if it is specified in the [options] section, or the built-in system
default. The specified values override and/or supplement this initial
value. Note there is no distinction between setting "Required" and
"PackageRequired" as there are no database options for Upgrade
operations.

Signed-off-by: Allan McRae <allan@archlinux.org>
2013-02-07 10:48:11 +10:00