1
0
mirror of https://github.com/moparisthebest/pacman synced 2024-11-17 14:55:07 -05:00
pacman/lib/libalpm
Levente Polyak deac973188 ensure matching database and package version
While loading each package ensure that the internal version matches the
expected database version to avoid the possibility to circumvent the
version check.
This issue can be used by an attacker to trick the software into
installing an older version. The behavior can be  exploited by a
man-in-the-middle attack through specially crafted  database tarball
containing a higher version, yet actually delivering an  older and
vulnerable version, which was previously shipped.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>
Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
2015-07-20 12:50:39 +10:00
..
po Update translations from Transifex 2015-02-20 10:21:15 +10:00
.gitignore libalpm: add pkg-config file 2012-04-25 20:02:36 -04:00
add.c Do not warn about downgrades when only downloading package 2015-07-12 16:23:25 +10:00
add.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
alpm_list.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
alpm_list.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
alpm.c Allow frontends to specify the sync database extension 2015-07-15 10:57:29 +10:00
alpm.h Allow frontends to specify the sync database extension 2015-07-15 10:57:29 +10:00
backup.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
backup.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
base64.c base64.c: comment out unused variable 2014-01-15 15:54:56 +10:00
base64.h base64: don't compile base64_encode() function 2011-10-17 12:03:02 -05:00
be_local.c Abort of failure to add version file to empty local database 2015-03-03 16:54:17 +10:00
be_package.c be_package: fallback to standard filelist loading 2015-03-26 14:44:13 +10:00
be_sync.c Read file lists from databases 2015-07-15 10:57:30 +10:00
conflict.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
conflict.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
db.c Allow frontends to specify the sync database extension 2015-07-15 10:57:29 +10:00
db.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
delta.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
delta.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
deps.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
deps.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
diskspace.c calculate_removed_size: ensure llstat succeeds 2015-03-03 16:54:17 +10:00
diskspace.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
dload.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
dload.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
error.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
filelist.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
filelist.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
graph.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
graph.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
group.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
group.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
handle.c Allow frontends to specify the sync database extension 2015-07-15 10:57:29 +10:00
handle.h Allow frontends to specify the sync database extension 2015-07-15 10:57:29 +10:00
libalpm.pc.in Use libalpm version in pkg-config file 2013-04-26 12:43:53 +10:00
libarchive-compat.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
log.c alpm_logaction: implement documented return value 2015-05-12 14:00:55 +10:00
log.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
Makefile.am Remove ts and sw from vim modeline when noet is set 2014-01-28 20:19:25 +10:00
md5.c Use 32-bit wide integer type in PolarSSL code 2012-01-07 11:27:41 -06:00
md5.h Update MD5 routines with changes from PolarSSL 2011-08-11 20:17:21 -05:00
package.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
package.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
pkghash.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
pkghash.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
rawstr.c Remove ts and sw from vim modeline when noet is set 2014-01-28 20:19:25 +10:00
remove.c Do not warn about packages that optionally require a removal when ignoring deps 2015-07-14 17:15:33 +10:00
remove.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
sha2.c Use 32-bit wide integer type in PolarSSL code 2012-01-07 11:27:41 -06:00
sha2.h Add sha2 (sha256) routines from PolarSSL 2011-08-15 07:07:13 -05:00
signing.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
signing.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
sync.c ensure matching database and package version 2015-07-20 12:50:39 +10:00
sync.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
trans.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
trans.h Update copyright notices for 2015 2015-02-01 21:19:04 +10:00
util-common.c Split common utility functions for libalpm and pacman 2013-01-04 21:49:37 +10:00
util-common.h Split common utility functions for libalpm and pacman 2013-01-04 21:49:37 +10:00
util.c merge _alpm_logaction into alpm_logaction 2015-05-12 14:00:54 +10:00
util.h merge _alpm_logaction into alpm_logaction 2015-05-12 14:00:54 +10:00
version.c Update copyright notices for 2015 2015-02-01 21:19:04 +10:00