Age | Commit message (Collapse) | Author |
|
If the user replaces a directory with a symlink, libalpm would get
confused because the trailing slash causes system calls to resolve the
symlink. This leads to errors and a misleading message during upgrades.
Even though libalpm does not support this, it should not be giving
misleading errors.
Also adds an overflow check.
Fixes FS#51377
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
(cherry picked from commit 16b91f798faf6413f9b043543c5c0c3467b6fdbf)
|
|
archive_read_extract() forces resolution of uid/gid to names
when extracting the tarball. This can lead to wrong file
ownership when using pacman with -r option and when uid/gid
differ in the host and in the chroot.
archive_read_extract2() uses uid's and gid's only. See also:
https://lists.archlinux.org/pipermail/pacman-dev/2017-March/021912.html
Signed-off-by: Armin K <krejzi@email.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 86f5c74694cb0403eaf11fa4734f307a0df345cb)
|
|
This should make pacman's behavior consistent with GNU coreutils df,
as well as follow advice from affected filesystems' devs as well as
`man statvfs`.
This fixes FS#37402
Signed-off-by: Martin Kühne <mysatyre@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 8c55c0096c355e973ce6111cb25a1c4fa05953cf)
|
|
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 0d2ba870c96d1b4b3d5fabfabe303bc6b1c989fd)
|
|
Making it size_t matches the return value of alpm_list_count() and
avoids the implicit cast to int.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 6a5156eedc378057eb2ced2c6e6191c50286b1e1)
|
|
Since the number of packages is not used anywhere, just return a
boolean to avoid the implicit cast from size_t to int in be_local.c.
Use 0 as success to be consistent with db_validate.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 85171807c15fb5907d8337af2a50ab79392e1b8c)
|
|
Recent gcc (tested with 6.2.1) produces the following error when
compiling with both --enable-warningflags and --enable-debug.
In particular, it seems it is the combination of GCC_STACK_PROTECT_LIB
and -Wstrict-overflow=5 produces the error.
be_local.c:609:4: error: assuming signed overflow does not occur
when simplifying conditional
[-Werror=strict-overflow]
if(count > 0) {
Fix this by changing the type of count from int to size_t, which is
fine since count is never negative.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 34f3f1e7a640488c4c32a3a825813afc1ad2ed68)
|
|
Signed-off-by: Ivy Foster <ivy.foster@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 900a22b90c8f8c76b6d5acde9c1d55d7ba65afdb)
|
|
Also add pactest which captures this leak when run under valgrind.
Reported-by: Sergey Petrenko
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit fac4831a091eda447780d5d1e1e572b14ebb0338)
|
|
macOS < 10.10 do not provide fstatat. We were constructing the full
path to the hook file for all other operations anyway, so there was no
real benefit to using fstatat.
Fixes FS#49771
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit be1ffedaf6fc44aeb9da235d64889dac71e9bf24)
|
|
glibc 2.24 deprecates readdir_r.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit c981f5ad76cb77363dcb4ebcc199670c3378995f)
|
|
If signature files are larger than SIZE_MAX, not enough memory could
be allocated for this file. The script repo-add rejects files which
are larger than 16384 bytes, therefore handle these as errors here,
too.
While at it, I also rearranged the code to avoid a quite harmless
TOCTOU race condition between stat() and fopen().
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 5fcd60e2641c9293c2783aad509baf217e77aa6f)
|
|
Some resources (memory or file descriptors) are not released on all
error paths.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 681509fd445ed6012e6ecf89b49e9c00d83b70cd)
|
|
In out of memory conditions, an undefined error value is written
into *err, because myerr is never explicitly set in these cases.
I have also converted a calloc into a MALLOC call, because the memory
will be properly filled by the snprintf call right after it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 80d97fcf7526f16d9eb097b8061956662207ed78)
|
|
Cyclic dependencies (A depends on B, B depends on A) were not selected
because neither package could be removed individually, so
can_remove_package would always return false for both. By preselecting
all dependencies then filtering back out any dependencies still required
by any packages that will not be uninstalled, groups of unneeded cyclic
dependencies can be found.
Fixes FS#41031
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 6ac2ee21b30f3c5f331d19349f96bb8e5b020b47)
|
|
The value EAGAIN is allowed by POSIX to be the same as EWOULDBLOCK, but this is
not guaranteed. Thus on some systems (e.g. glibc Linux), we get a warning that
the logical OR is being performed on two expressions of the same type. We can
not get rid of this test in case any system defines these as unique values.
Suggested-by: Dave Reisner
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 3729ef7a9acf75080fb6f60d13ea80cfd36d855d)
|
|
GCC-6 points out that the value we use for the sentinal in enums is actually
too large for the integer type. Reduce the bitshift by one to fix this.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 5b9bc6024c246f232c64f6409088fedf558917af)
|
|
Signed-off-by: Eric Engestrom <eric@engestrom.ch>
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 2694d17ad99bab1cea5aad0ea4781ea4d51e596b)
|
|
Checking install status and if a package is optionally required on removal
now considers the version of the optdepend.
Fixes FS#44957.
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 3da06c3519ad8df60ce8c067cdaeddb69a320a53)
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
(cherry picked from commit 59112e186b5c64350db79f39574c6927a10346b6)
|
|
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
RET_ERR calls _alpm_log which includes calls that are not safe for use
in asynchronous signal handlers (see signal(7)). Replace it in
functions called from our signal handlers with a new macro
RET_ERR_ASYNC_SAFE which is identical except that it lacks the call to
_alpm_log.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
|
|
Commit e374e6829cea3512f0b4a4069c5a6168f0f8d8a0 closed stdin before
running scripts/hooks. This left the exec'd process with no file
descriptor 0. If the process subsequently opened a file it would be
assigned fd 0, and could potentially be confused for stdin. Connecting
and immediately closing the parent2child pipe ensures that the child has
an fd 0 and that it is empty.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
init_gpgme checks for various paths under gpgdir by concatenating them
directly, giving warning messages incorrectly if gpgdir does not end
with '/'.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Relying on localdb to determine which trigger operations should match is
completely broken for PostTransaction hooks because the localdb has
already been updated. Store a copy of the old version of any packages
being updated to use instead.
Fixes FS#47996
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Check if we overwrote an exiting pacnew file before unlinking it.
Otherwise, updating to a version with an unchanged file would delete
existing pacnew files.
FS#47993
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Useful if there's some output (to know where it comes from), or in case of
failure.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
PATH_MAX is only defined in limits.h in musl libc, so ensure that it is
included. Presumably this is also required on other platforms.
Signed-off-by: Alastair Hughes <hobbitalastair@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Silence warnings from clang about typecasting alignment.
Reported-by: Rikard Falkeborn
Original-patch-by: Olivier Brunel
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
alpm_list_add always returns the provided list making it impossible for
callers to check whether or not the operation actually succeeded without
manually comparing the list length before and after. alpm_list_append
instead returns a pointer to the newly created list item so that success
can be checked.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The signedness of char is implementation defined. Since the
alpm_graph state is clearly meant to be signed, make the
signedness explicit.
This fixes bugs on systems where char is unsigned, in comparissons
of the following type:
if(v.state == -1)
which, if state is unsigned, will never be true due to integer
promotion rules.
Fixes failing test/pacman/tests/sync012.py when compiling with -funsigned-char.
Fixes two warnings [-Wtype-limits] for comparissons with -1 when compiling
with -funsigned-char.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
make update-copyright OLD=2015 NEW=2016
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The CheckSpace option checks the size of all files in a package being replaced
and gives a warning when it can not read the file. However, files in NoExtract
are expected to be missing and should not be warned about.
Fixes FS#47470.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
There is no need to run any/remaining pre-transaction hooks as soon as a failure
has occured, which will lead to aborting the transaction.
So if an error occured during the first phase (reading directories/parsing
files), or as soon as a hook flagged abort_on_fail does fail, we stop processing
them and return.
(For post-transaction hooks, all hooks are run regardless since there's no
aborting.)
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The "Description" field allows a hook to provide a some text for frontends
to use in describing what the hook is doing. For example:
Description = updating info page directory
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Introduces the ALPM_EVENT_HOOK_RUN_{START,DONE} events that are triggered
at the start and end of running an individual hook.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
This provides a way to detect when the processing of package changes starts,
allowing pacman to delineate hook output and package installation/removal
output.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Add events to let frontends know when hooks are being processed (and when it's
done), as that might be useful to update the UI.
Signed-off-by: Olivier Brunel <jjk@jjacky.com>
|
|
Having a first pass that checks which hooks are triggered followed by a
second pass of the triggered hooks allows us to only provide output when
a hook is actually triggered.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Removes a leftover error message from when fdopen and fgets were used to
read from the pipe.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
The path of the default system hook directory was created
by concatenating `myhandle->root` (usually "/"), and
SYSHOOKDIR (usually "/usr/share/libalpm/hooks/"), resulting
in "//usr/share/libalpm/hooks/". Fix this by skipping the
initial slash from SYSHOOKDIR.
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Signature downloading and DB validation was being based on the most
recent download status for the DB. If a DB successfully downloaded but
a signature did not, db_update would move to the next server. If the
next server tried does not have a more recent copy of the DB, db_update
would not download the DB again and would forget that the DB had
previously been updated. In this case it would skip validation
entirely, leaving an updated DB with the original validation status.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
alpm_unlock is a limited version of alpm_release that does nothing but
the actual unlinking of the lock file and is therefore safe to call from
signal handlers.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
Returning -1 is useless since we don't provide any way
to determine why it failed.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
When replacing a file with a directory, any files inside the new
directory cannot possibly exist on the filesystem and can be skipped.
This allows cross-package symlink-to-directory transitions when there
are files with the same name under both the symlinked directory and the
new directory.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|
|
libarchive will not extract a directory over an existing directory
symlink, making it impossible to replace a symlink with a directory
across packages. Adding the ARCHIVE_EXTRACT_UNLINK and
ARCHIVE_EXTRACT_SECURE_SYMLINKS causes libarchive to unlink the existing
symlink and prevents it from extracting any paths that contain
a symlink, which we should not be doing anyway.
Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com>
Signed-off-by: Allan McRae <allan@archlinux.org>
|