pkg_install-20170419: - Convert to libarchive 3.x interfaces, avoiding the legacy glue. - Rename local copy of netpgpverify to match installed headers. - Shuffle bootstrap code to reduce special cases in pkg_add. - Always read/write file names in tar archives as binary. While they are supposed to be UTF-8, locale conversion creates more problems than it solves here. - Fix const correctness in gpg_verify. - Add format string annotation for xasprintf for GCC-like compilers. - Restrict supported archive formats for binary packages to ar (signed packages) and tar (actual content) with uncompressed/gzip/bzip2/xz as compression choices. This reduces the exposed libarchive surface. - The pkg-vulnerability file correspondingly supports only the same compression choices.diff -r1.219 -r1.220 pkgsrc/pkgtools/pkg_install/Makefile
(joerg)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile,v 1.219 2017/01/03 17:53:14 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.220 2017/04/19 21:42:50 joerg Exp $ | |
2 | 2 | |||
3 | # Notes to package maintainers: | 3 | # Notes to package maintainers: | |
4 | # | 4 | # | |
5 | # Updating this package does not automatically necessitate bumping | 5 | # Updating this package does not automatically necessitate bumping | |
6 | # PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical | 6 | # PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical | |
7 | # change in the pkg_* tools that pkgsrc relies on for proper operation. | 7 | # change in the pkg_* tools that pkgsrc relies on for proper operation. | |
8 | 8 | |||
9 | PKGNAME= pkg_install-${VERSION} | 9 | PKGNAME= pkg_install-${VERSION} | |
10 | PKGREVISION= 1 | 10 | PKGREVISION= 1 | |
11 | CATEGORIES= pkgtools | 11 | CATEGORIES= pkgtools | |
12 | 12 | |||
13 | MAINTAINER= agc@NetBSD.org | 13 | MAINTAINER= agc@NetBSD.org | |
14 | HOMEPAGE= http://www.pkgsrc.org/ | 14 | HOMEPAGE= http://www.pkgsrc.org/ | |
@@ -94,28 +94,28 @@ FILES_SUBST+= PKG_DBDIR=${PKG_DBDIR} | @@ -94,28 +94,28 @@ FILES_SUBST+= PKG_DBDIR=${PKG_DBDIR} | |||
94 | MKDIR=${MKDIR:Q} | 94 | MKDIR=${MKDIR:Q} | |
95 | MESSAGE_SUBST+= PKGVULNDIR=${PKG_DBDIR} \ | 95 | MESSAGE_SUBST+= PKGVULNDIR=${PKG_DBDIR} \ | |
96 | EGDIR=${EGDIR} | 96 | EGDIR=${EGDIR} | |
97 | 97 | |||
98 | .include "../../mk/compiler.mk" | 98 | .include "../../mk/compiler.mk" | |
99 | 99 | |||
100 | .if !empty(CC_VERSION:Mclang*) | 100 | .if !empty(CC_VERSION:Mclang*) | |
101 | MAKE_FLAGS+= ACTIVE_CC=clang | 101 | MAKE_FLAGS+= ACTIVE_CC=clang | |
102 | .endif | 102 | .endif | |
103 | 103 | |||
104 | VERSION!= ${AWK} '/PKGTOOLS_VERSION/ {print $$3}' \ | 104 | VERSION!= ${AWK} '/PKGTOOLS_VERSION/ {print $$3}' \ | |
105 | ${FILESDIR}/lib/version.h | 105 | ${FILESDIR}/lib/version.h | |
106 | 106 | |||
107 | # raw format appeared in libarchive 2.8. | 107 | # Requires 3.x filter API and bugfixes. | |
108 | BUILDLINK_API_DEPENDS.libarchive+= libarchive>=2.8.0 | 108 | BUILDLINK_API_DEPENDS.libarchive+= libarchive>=3.3.1 | |
109 | 109 | |||
110 | .include "../../archivers/bzip2/builtin.mk" | 110 | .include "../../archivers/bzip2/builtin.mk" | |
111 | .include "../../archivers/xz/builtin.mk" | 111 | .include "../../archivers/xz/builtin.mk" | |
112 | .include "../../archivers/libarchive/builtin.mk" | 112 | .include "../../archivers/libarchive/builtin.mk" | |
113 | .include "../../devel/zlib/builtin.mk" | 113 | .include "../../devel/zlib/builtin.mk" | |
114 | .include "../../security/openssl/builtin.mk" | 114 | .include "../../security/openssl/builtin.mk" | |
115 | 115 | |||
116 | .include "options.mk" | 116 | .include "options.mk" | |
117 | 117 | |||
118 | .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | 118 | .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | |
119 | CONFIGURE_ARGS+= --with-ssl | 119 | CONFIGURE_ARGS+= --with-ssl | |
120 | 120 | |||
121 | .include "../../security/openssl/buildlink3.mk" | 121 | .include "../../security/openssl/buildlink3.mk" | |
@@ -171,69 +171,69 @@ CPPFLAGS.Cygwin+= -DLIBARCHIVE_STATIC | @@ -171,69 +171,69 @@ CPPFLAGS.Cygwin+= -DLIBARCHIVE_STATIC | |||
171 | # Make sure that the linker used our static library instead of the | 171 | # Make sure that the linker used our static library instead of the | |
172 | # (outdated) dynamic library "/usr/lib/libarchive.dylib". | 172 | # (outdated) dynamic library "/usr/lib/libarchive.dylib". | |
173 | LDFLAGS.Darwin+= -Wl,-search_paths_first | 173 | LDFLAGS.Darwin+= -Wl,-search_paths_first | |
174 | 174 | |||
175 | # workaround for pkg/45491 | 175 | # workaround for pkg/45491 | |
176 | CONFIGURE_ENV.SunOS+= ac_cv_header_ext2fs_ext2_fs_h=no | 176 | CONFIGURE_ENV.SunOS+= ac_cv_header_ext2fs_ext2_fs_h=no | |
177 | 177 | |||
178 | # Hack to make sure that the libarchive version is replaced | 178 | # Hack to make sure that the libarchive version is replaced | |
179 | pre-configure: config-guess-override config-sub-override | 179 | pre-configure: config-guess-override config-sub-override | |
180 | .endif | 180 | .endif | |
181 | CPPFLAGS+= -I${WRKDIR}/libfetch | 181 | CPPFLAGS+= -I${WRKDIR}/libfetch | |
182 | LDFLAGS+= -L${WRKDIR}/libfetch | 182 | LDFLAGS+= -L${WRKDIR}/libfetch | |
183 | # Avoid duplicate and conflicting headers, pull in any we need | 183 | # Avoid duplicate and conflicting headers, pull in any we need | |
184 | # directly with <netpgpgverify/*.h> | 184 | # directly with <netpgpg/*.h> | |
185 | CPPFLAGS+= -I${WRKDIR} | 185 | CPPFLAGS+= -I${WRKDIR} | |
186 | LDFLAGS+= -L${WRKDIR}/netpgpverify | 186 | LDFLAGS+= -L${WRKDIR}/netpgp | |
187 | 187 | |||
188 | CONFIGURE_ENV+= LIBS=${LIBS:Q} | 188 | CONFIGURE_ENV+= LIBS=${LIBS:Q} | |
189 | 189 | |||
190 | do-extract: | 190 | do-extract: | |
191 | @${CP} -R ${FILESDIR} ${WRKSRC} | 191 | @${CP} -R ${FILESDIR} ${WRKSRC} | |
192 | .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) | 192 | .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) | |
193 | @${CP} -R ${FILESDIR.bzip2} ${WRKDIR}/bzip2 | 193 | @${CP} -R ${FILESDIR.bzip2} ${WRKDIR}/bzip2 | |
194 | .endif | 194 | .endif | |
195 | .if empty(USE_BUILTIN.zlib:M[yY][eE][sS]) | 195 | .if empty(USE_BUILTIN.zlib:M[yY][eE][sS]) | |
196 | @${CP} -R ${FILESDIR.zlib} ${WRKDIR}/zlib | 196 | @${CP} -R ${FILESDIR.zlib} ${WRKDIR}/zlib | |
197 | .endif | 197 | .endif | |
198 | .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS]) | 198 | .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS]) | |
199 | @${CP} -R ${FILESDIR.libarchive} ${WRKDIR}/libarchive | 199 | @${CP} -R ${FILESDIR.libarchive} ${WRKDIR}/libarchive | |
200 | .endif | 200 | .endif | |
201 | @${CP} -R ${FILESDIR.libfetch} ${WRKDIR}/libfetch | 201 | @${CP} -R ${FILESDIR.libfetch} ${WRKDIR}/libfetch | |
202 | @${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgpverify | 202 | @${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgp | |
203 | 203 | |||
204 | pre-configure: | 204 | pre-configure: | |
205 | .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) | 205 | .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) | |
206 | cd ${WRKDIR}/bzip2 && ${BUILD_MAKE_CMD} libbz2.a | 206 | cd ${WRKDIR}/bzip2 && ${BUILD_MAKE_CMD} libbz2.a | |
207 | .endif | 207 | .endif | |
208 | .if empty(USE_BUILTIN.zlib:M[yY][eE][sS]) | 208 | .if empty(USE_BUILTIN.zlib:M[yY][eE][sS]) | |
209 | cd ${WRKDIR}/zlib && ${BUILD_MAKE_CMD} libz.a | 209 | cd ${WRKDIR}/zlib && ${BUILD_MAKE_CMD} libz.a | |
210 | .endif | 210 | .endif | |
211 | .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS]) | 211 | .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS]) | |
212 | cd ${WRKDIR}/libarchive && ${SETENV} ${_CONFIGURE_SCRIPT_ENV} \ | 212 | cd ${WRKDIR}/libarchive && ${SETENV} ${_CONFIGURE_SCRIPT_ENV} \ | |
213 | ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure \ | 213 | ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure \ | |
214 | --disable-bsdcpio --disable-bsdtar --disable-shared \ | 214 | --disable-bsdcpio --disable-bsdtar --disable-shared \ | |
215 | --disable-dependency-tracking --without-expat \ | 215 | --disable-dependency-tracking --without-expat \ | |
216 | --disable-maintainer-mode \ | 216 | --disable-maintainer-mode \ | |
217 | --without-iconv --without-lzo2 --without-nettle \ | 217 | --without-iconv --without-lzo2 --without-nettle \ | |
218 | --without-xml2 --without-lz4 \ | 218 | --without-xml2 --without-lz4 \ | |
219 | ${LIBARCHIVE_CONFIGURE_ARGS} | 219 | ${LIBARCHIVE_CONFIGURE_ARGS} | |
220 | cd ${WRKDIR}/libarchive && ${BUILD_MAKE_CMD} | 220 | cd ${WRKDIR}/libarchive && ${BUILD_MAKE_CMD} | |
221 | .endif | 221 | .endif | |
222 | cd ${WRKDIR}/libfetch && ${TOUCH} fetch.cat3 && \ | 222 | cd ${WRKDIR}/libfetch && ${TOUCH} fetch.cat3 && \ | |
223 | ${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} \ | 223 | ${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} \ | |
224 | ${MAKE_PROGRAM} ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} \ | 224 | ${MAKE_PROGRAM} ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} \ | |
225 | -f ${MAKE_FILE} depend all | 225 | -f ${MAKE_FILE} depend all | |
226 | cd ${WRKDIR}/netpgpverify && \ | 226 | cd ${WRKDIR}/netpgp && \ | |
227 | ${SED} -e '/zlib/d' Makefile.lib.in >Makefile.in && \ | 227 | ${SED} -e '/zlib/d' Makefile.lib.in >Makefile.in && \ | |
228 | ${RM} -f bzlib.h zlib.h && \ | 228 | ${RM} -f bzlib.h zlib.h && \ | |
229 | ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure && \ | 229 | ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure && \ | |
230 | ${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} ${MAKE_PROGRAM} \ | 230 | ${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} ${MAKE_PROGRAM} \ | |
231 | ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} -f ${MAKE_FILE} all | 231 | ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} -f ${MAKE_FILE} all | |
232 | 232 | |||
233 | # XXX Reverse the order that update does things since | 233 | # XXX Reverse the order that update does things since | |
234 | # XXX we need pkg_delete built before we can deinstall. | 234 | # XXX we need pkg_delete built before we can deinstall. | |
235 | # XXX This should probably be the default order for all packages. | 235 | # XXX This should probably be the default order for all packages. | |
236 | update: | 236 | update: | |
237 | ${MAKE} | 237 | ${MAKE} | |
238 | ${MAKE} deinstall _UPDATE_RUNNING=YES | 238 | ${MAKE} deinstall _UPDATE_RUNNING=YES | |
239 | ${MAKE} ${UPDATE_TARGET} | 239 | ${MAKE} ${UPDATE_TARGET} |
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | /* $NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | __RCSID("$NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $"); | 9 | __RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $"); | |
10 | 10 | |||
11 | /*- | 11 | /*- | |
12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | 12 | * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org> | |
13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | 13 | * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org> | |
14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | 14 | * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org> | |
15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | 15 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org> | |
16 | * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org> | 16 | * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org> | |
17 | * All rights reserved. | 17 | * All rights reserved. | |
18 | * | 18 | * | |
19 | * Redistribution and use in source and binary forms, with or without | 19 | * Redistribution and use in source and binary forms, with or without | |
20 | * modification, are permitted provided that the following conditions | 20 | * modification, are permitted provided that the following conditions | |
21 | * are met: | 21 | * are met: | |
22 | * | 22 | * | |
@@ -40,26 +40,27 @@ __RCSID("$NetBSD: perform.c,v 1.108 2015 | @@ -40,26 +40,27 @@ __RCSID("$NetBSD: perform.c,v 1.108 2015 | |||
40 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 40 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
41 | * SUCH DAMAGE. | 41 | * SUCH DAMAGE. | |
42 | */ | 42 | */ | |
43 | 43 | |||
44 | #include <sys/utsname.h> | 44 | #include <sys/utsname.h> | |
45 | #include <sys/stat.h> | 45 | #include <sys/stat.h> | |
46 | #if HAVE_ERR_H | 46 | #if HAVE_ERR_H | |
47 | #include <err.h> | 47 | #include <err.h> | |
48 | #endif | 48 | #endif | |
49 | #include <errno.h> | 49 | #include <errno.h> | |
50 | #if HAVE_FCNTL_H | 50 | #if HAVE_FCNTL_H | |
51 | #include <fcntl.h> | 51 | #include <fcntl.h> | |
52 | #endif | 52 | #endif | |
53 | #include <limits.h> | |||
53 | #include <stdlib.h> | 54 | #include <stdlib.h> | |
54 | #include <string.h> | 55 | #include <string.h> | |
55 | #include <unistd.h> | 56 | #include <unistd.h> | |
56 | 57 | |||
57 | #include <archive.h> | 58 | #include <archive.h> | |
58 | #include <archive_entry.h> | 59 | #include <archive_entry.h> | |
59 | 60 | |||
60 | #include "lib.h" | 61 | #include "lib.h" | |
61 | #include "add.h" | 62 | #include "add.h" | |
62 | #include "version.h" | 63 | #include "version.h" | |
63 | 64 | |||
64 | struct pkg_meta { | 65 | struct pkg_meta { | |
65 | char *meta_contents; | 66 | char *meta_contents; | |
@@ -817,28 +818,27 @@ extract_files(struct pkg_task *pkg) | @@ -817,28 +818,27 @@ extract_files(struct pkg_task *pkg) | |||
817 | } | 818 | } | |
818 | 819 | |||
819 | if (pkg->entry != NULL) { | 820 | if (pkg->entry != NULL) { | |
820 | warnx("Package contains entries not in PLIST: %s", | 821 | warnx("Package contains entries not in PLIST: %s", | |
821 | archive_entry_pathname(pkg->entry)); | 822 | archive_entry_pathname(pkg->entry)); | |
822 | goto out; | 823 | goto out; | |
823 | } | 824 | } | |
824 | 825 | |||
825 | r = 0; | 826 | r = 0; | |
826 | 827 | |||
827 | out: | 828 | out: | |
828 | if (!NoRecord) | 829 | if (!NoRecord) | |
829 | pkgdb_close(); | 830 | pkgdb_close(); | |
830 | archive_write_close(writer); | 831 | archive_write_free(writer); | |
831 | archive_write_finish(writer); | |||
832 | 832 | |||
833 | return r; | 833 | return r; | |
834 | } | 834 | } | |
835 | 835 | |||
836 | /* | 836 | /* | |
837 | * Register dependencies after sucessfully installing the package. | 837 | * Register dependencies after sucessfully installing the package. | |
838 | */ | 838 | */ | |
839 | static void | 839 | static void | |
840 | pkg_register_depends(struct pkg_task *pkg) | 840 | pkg_register_depends(struct pkg_task *pkg) | |
841 | { | 841 | { | |
842 | int fd; | 842 | int fd; | |
843 | size_t text_len, i; | 843 | size_t text_len, i; | |
844 | char *required_by, *text; | 844 | char *required_by, *text; | |
@@ -1363,56 +1363,47 @@ check_license(struct pkg_task *pkg) | @@ -1363,56 +1363,47 @@ check_license(struct pkg_task *pkg) | |||
1363 | default: | 1363 | default: | |
1364 | warnx("Invalid LICENSE for package `%s'", pkg->pkgname); | 1364 | warnx("Invalid LICENSE for package `%s'", pkg->pkgname); | |
1365 | return 1; | 1365 | return 1; | |
1366 | } | 1366 | } | |
1367 | #endif | 1367 | #endif | |
1368 | } | 1368 | } | |
1369 | 1369 | |||
1370 | /* | 1370 | /* | |
1371 | * Install a single package. | 1371 | * Install a single package. | |
1372 | */ | 1372 | */ | |
1373 | static int | 1373 | static int | |
1374 | pkg_do(const char *pkgpath, int mark_automatic, int top_level) | 1374 | pkg_do(const char *pkgpath, int mark_automatic, int top_level) | |
1375 | { | 1375 | { | |
1376 | #ifndef BOOTSTRAP | |||
1377 | char *archive_name; | 1376 | char *archive_name; | |
1378 | #endif | |||
1379 | int status, invalid_sig; | 1377 | int status, invalid_sig; | |
1380 | struct pkg_task *pkg; | 1378 | struct pkg_task *pkg; | |
1381 | 1379 | |||
1382 | pkg = xcalloc(1, sizeof(*pkg)); | 1380 | pkg = xcalloc(1, sizeof(*pkg)); | |
1383 | 1381 | |||
1384 | status = -1; | 1382 | status = -1; | |
1385 | 1383 | |||
1386 | #ifdef BOOTSTRAP | |||
1387 | pkg->archive = archive_read_new(); | |||
1388 | archive_read_support_compression_all(pkg->archive); | |||
1389 | archive_read_support_format_all(pkg->archive); | |||
1390 | if (archive_read_open_filename(pkg->archive, pkgpath, 1024)) { | |||
1391 | warnx("no pkg found for '%s', sorry.", pkgpath); | |||
1392 | archive_read_free(pkg->archive); | |||
1393 | goto clean_find_archive; | |||
1394 | } | |||
1395 | #else | |||
1396 | pkg->archive = find_archive(pkgpath, top_level, &archive_name); | 1384 | pkg->archive = find_archive(pkgpath, top_level, &archive_name); | |
1397 | if (pkg->archive == NULL) { | 1385 | if (pkg->archive == NULL) { | |
1398 | warnx("no pkg found for '%s', sorry.", pkgpath); | 1386 | warnx("no pkg found for '%s', sorry.", pkgpath); | |
1399 | goto clean_find_archive; | 1387 | goto clean_find_archive; | |
1400 | } | 1388 | } | |
1401 | 1389 | |||
1390 | #ifndef BOOTSTRAP | |||
1402 | invalid_sig = pkg_verify_signature(archive_name, &pkg->archive, &pkg->entry, | 1391 | invalid_sig = pkg_verify_signature(archive_name, &pkg->archive, &pkg->entry, | |
1403 | &pkg->pkgname); | 1392 | &pkg->pkgname); | |
1404 | free(archive_name); | 1393 | #else | |
1394 | invalid_sig = 0; | |||
1405 | #endif | 1395 | #endif | |
1396 | free(archive_name); | |||
1406 | 1397 | |||
1407 | if (pkg->archive == NULL) | 1398 | if (pkg->archive == NULL) | |
1408 | goto clean_memory; | 1399 | goto clean_memory; | |
1409 | 1400 | |||
1410 | if (read_meta_data(pkg)) | 1401 | if (read_meta_data(pkg)) | |
1411 | goto clean_memory; | 1402 | goto clean_memory; | |
1412 | 1403 | |||
1413 | /* Parse PLIST early, so that messages can use real package name. */ | 1404 | /* Parse PLIST early, so that messages can use real package name. */ | |
1414 | if (pkg_parse_plist(pkg)) | 1405 | if (pkg_parse_plist(pkg)) | |
1415 | goto clean_memory; | 1406 | goto clean_memory; | |
1416 | 1407 | |||
1417 | if (check_signature(pkg, invalid_sig)) | 1408 | if (check_signature(pkg, invalid_sig)) | |
1418 | goto clean_memory; | 1409 | goto clean_memory; | |
@@ -1562,27 +1553,27 @@ nuke_pkgdb: | @@ -1562,27 +1553,27 @@ nuke_pkgdb: | |||
1562 | clean_memory: | 1553 | clean_memory: | |
1563 | if (pkg->logdir != NULL && NoRecord && !Fake) { | 1554 | if (pkg->logdir != NULL && NoRecord && !Fake) { | |
1564 | if (recursive_remove(pkg->install_logdir, 1)) | 1555 | if (recursive_remove(pkg->install_logdir, 1)) | |
1565 | warn("Couldn't remove %s", pkg->install_logdir); | 1556 | warn("Couldn't remove %s", pkg->install_logdir); | |
1566 | } | 1557 | } | |
1567 | free(pkg->install_prefix); | 1558 | free(pkg->install_prefix); | |
1568 | free(pkg->install_logdir_real); | 1559 | free(pkg->install_logdir_real); | |
1569 | free(pkg->install_logdir); | 1560 | free(pkg->install_logdir); | |
1570 | free(pkg->logdir); | 1561 | free(pkg->logdir); | |
1571 | free_buildinfo(pkg); | 1562 | free_buildinfo(pkg); | |
1572 | free_plist(&pkg->plist); | 1563 | free_plist(&pkg->plist); | |
1573 | free_meta_data(pkg); | 1564 | free_meta_data(pkg); | |
1574 | if (pkg->archive) | 1565 | if (pkg->archive) | |
1575 | archive_read_finish(pkg->archive); | 1566 | archive_read_free(pkg->archive); | |
1576 | free(pkg->other_version); | 1567 | free(pkg->other_version); | |
1577 | free(pkg->pkgname); | 1568 | free(pkg->pkgname); | |
1578 | clean_find_archive: | 1569 | clean_find_archive: | |
1579 | free(pkg); | 1570 | free(pkg); | |
1580 | return status; | 1571 | return status; | |
1581 | } | 1572 | } | |
1582 | 1573 | |||
1583 | int | 1574 | int | |
1584 | pkg_perform(lpkg_head_t *pkgs) | 1575 | pkg_perform(lpkg_head_t *pkgs) | |
1585 | { | 1576 | { | |
1586 | int errors = 0; | 1577 | int errors = 0; | |
1587 | lpkg_t *lpp; | 1578 | lpkg_t *lpp; | |
1588 | 1579 |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $ */ | 1 | /* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $"); | 10 | __RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. | 13 | * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * This code is derived from software contributed to The NetBSD Foundation | 16 | * This code is derived from software contributed to The NetBSD Foundation | |
17 | * by Hubert Feyrer <hubert@feyrer.de> and | 17 | * by Hubert Feyrer <hubert@feyrer.de> and | |
18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | 18 | * by Joerg Sonnenberger <joerg@NetBSD.org>. | |
19 | * | 19 | * | |
20 | * Redistribution and use in source and binary forms, with or without | 20 | * Redistribution and use in source and binary forms, with or without | |
21 | * modification, are permitted provided that the following conditions | 21 | * modification, are permitted provided that the following conditions | |
22 | * are met: | 22 | * are met: | |
23 | * 1. Redistributions of source code must retain the above copyright | 23 | * 1. Redistributions of source code must retain the above copyright | |
@@ -598,28 +598,28 @@ main(int argc, char *argv[]) | @@ -598,28 +598,28 @@ main(int argc, char *argv[]) | |||
598 | 598 | |||
599 | rc = 0; | 599 | rc = 0; | |
600 | for (--argc, ++argv; argc > 0; --argc, ++argv) { | 600 | for (--argc, ++argv; argc > 0; --argc, ++argv) { | |
601 | char *archive_name; | 601 | char *archive_name; | |
602 | 602 | |||
603 | pkg = open_archive(*argv, &archive_name); | 603 | pkg = open_archive(*argv, &archive_name); | |
604 | if (pkg == NULL) { | 604 | if (pkg == NULL) { | |
605 | warnx("%s could not be opened", *argv); | 605 | warnx("%s could not be opened", *argv); | |
606 | continue; | 606 | continue; | |
607 | } | 607 | } | |
608 | if (pkg_full_signature_check(archive_name, &pkg)) | 608 | if (pkg_full_signature_check(archive_name, &pkg)) | |
609 | rc = 1; | 609 | rc = 1; | |
610 | free(archive_name); | 610 | free(archive_name); | |
611 | if (!pkg) | 611 | if (pkg != NULL) | |
612 | archive_read_finish(pkg); | 612 | archive_read_free(pkg); | |
613 | } | 613 | } | |
614 | return rc; | 614 | return rc; | |
615 | } else if (strcasecmp(argv[0], "x509-sign-package") == 0) { | 615 | } else if (strcasecmp(argv[0], "x509-sign-package") == 0) { | |
616 | #ifdef HAVE_SSL | 616 | #ifdef HAVE_SSL | |
617 | --argc; | 617 | --argc; | |
618 | ++argv; | 618 | ++argv; | |
619 | if (argc != 4) | 619 | if (argc != 4) | |
620 | errx(EXIT_FAILURE, "x509-sign-package takes exactly four arguments"); | 620 | errx(EXIT_FAILURE, "x509-sign-package takes exactly four arguments"); | |
621 | pkg_sign_x509(argv[0], argv[1], argv[2], argv[3]); | 621 | pkg_sign_x509(argv[0], argv[1], argv[2], argv[3]); | |
622 | #else | 622 | #else | |
623 | errx(EXIT_FAILURE, "OpenSSL support is not included"); | 623 | errx(EXIT_FAILURE, "OpenSSL support is not included"); | |
624 | #endif | 624 | #endif | |
625 | } else if (strcasecmp(argv[0], "gpg-sign-package") == 0) { | 625 | } else if (strcasecmp(argv[0], "gpg-sign-package") == 0) { |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $ */ | 1 | /* $NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $"); | 10 | __RCSID("$NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2007 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2007 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * This code was developed as part of Google's Summer of Code 2007 program. | 16 | * This code was developed as part of Google's Summer of Code 2007 program. | |
17 | * | 17 | * | |
18 | * Redistribution and use in source and binary forms, with or without | 18 | * Redistribution and use in source and binary forms, with or without | |
19 | * modification, are permitted provided that the following conditions | 19 | * modification, are permitted provided that the following conditions | |
20 | * are met: | 20 | * are met: | |
21 | * | 21 | * | |
22 | * 1. Redistributions of source code must retain the above copyright | 22 | * 1. Redistributions of source code must retain the above copyright | |
23 | * notice, this list of conditions and the following disclaimer. | 23 | * notice, this list of conditions and the following disclaimer. | |
@@ -223,57 +223,56 @@ write_normal_file(const char *name, stru | @@ -223,57 +223,56 @@ write_normal_file(const char *name, stru | |||
223 | static void | 223 | static void | |
224 | make_dist(const char *pkg, const char *suffix, const package_t *plist) | 224 | make_dist(const char *pkg, const char *suffix, const package_t *plist) | |
225 | { | 225 | { | |
226 | char *archive_name; | 226 | char *archive_name; | |
227 | const char *owner, *group; | 227 | const char *owner, *group; | |
228 | const plist_t *p; | 228 | const plist_t *p; | |
229 | struct archive *archive; | 229 | struct archive *archive; | |
230 | struct archive_entry *entry, *sparse_entry; | 230 | struct archive_entry *entry, *sparse_entry; | |
231 | struct archive_entry_linkresolver *resolver; | 231 | struct archive_entry_linkresolver *resolver; | |
232 | char *initial_cwd; | 232 | char *initial_cwd; | |
233 | 233 | |||
234 | archive = archive_write_new(); | 234 | archive = archive_write_new(); | |
235 | archive_write_set_format_pax_restricted(archive); | 235 | archive_write_set_format_pax_restricted(archive); | |
236 | archive_write_set_options(archive, "hdrcharset=BINARY"); | |||
236 | if ((resolver = archive_entry_linkresolver_new()) == NULL) | 237 | if ((resolver = archive_entry_linkresolver_new()) == NULL) | |
237 | errx(2, "cannot create link resolver"); | 238 | errx(2, "cannot create link resolver"); | |
238 | archive_entry_linkresolver_set_strategy(resolver, | 239 | archive_entry_linkresolver_set_strategy(resolver, | |
239 | archive_format(archive)); | 240 | archive_format(archive)); | |
240 | 241 | |||
241 | if (CompressionType == NULL) { | 242 | if (CompressionType == NULL) { | |
242 | if (strcmp(suffix, "tbz") == 0 || | 243 | if (strcmp(suffix, "tbz") == 0 || | |
243 | strcmp(suffix, "tar.bz2") == 0) | 244 | strcmp(suffix, "tar.bz2") == 0) | |
244 | CompressionType = "bzip2"; | 245 | CompressionType = "bzip2"; | |
245 | else if (strcmp(suffix, "tgz") == 0 || | 246 | else if (strcmp(suffix, "tgz") == 0 || | |
246 | strcmp(suffix, "tar.gz") == 0) | 247 | strcmp(suffix, "tar.gz") == 0) | |
247 | CompressionType = "gzip"; | 248 | CompressionType = "gzip"; | |
248 | else | 249 | else | |
249 | CompressionType = "none"; | 250 | CompressionType = "none"; | |
250 | } | 251 | } | |
251 | 252 | |||
252 | if (strcmp(CompressionType, "bzip2") == 0) | 253 | if (strcmp(CompressionType, "bzip2") == 0) | |
253 | archive_write_set_compression_bzip2(archive); | 254 | archive_write_add_filter_bzip2(archive); | |
254 | else if (strcmp(CompressionType, "gzip") == 0) | 255 | else if (strcmp(CompressionType, "gzip") == 0) | |
255 | archive_write_set_compression_gzip(archive); | 256 | archive_write_add_filter_gzip(archive); | |
256 | else if (strcmp(CompressionType, "xz") == 0) | 257 | else if (strcmp(CompressionType, "xz") == 0) | |
257 | archive_write_set_compression_xz(archive); | 258 | archive_write_add_filter_xz(archive); | |
258 | else if (strcmp(CompressionType, "none") == 0) | 259 | else if (strcmp(CompressionType, "none") != 0) | |
259 | archive_write_set_compression_none(archive); | |||
260 | else | |||
261 | errx(1, "Unspported compression type for -F: %s", | 260 | errx(1, "Unspported compression type for -F: %s", | |
262 | CompressionType); | 261 | CompressionType); | |
263 | 262 | |||
264 | archive_name = xasprintf("%s.%s", pkg, suffix); | 263 | archive_name = xasprintf("%s.%s", pkg, suffix); | |
265 | 264 | |||
266 | if (archive_write_open_file(archive, archive_name)) | 265 | if (archive_write_open_filename(archive, archive_name)) | |
267 | errx(2, "cannot create archive: %s", archive_error_string(archive)); | 266 | errx(2, "cannot create archive: %s", archive_error_string(archive)); | |
268 | 267 | |||
269 | free(archive_name); | 268 | free(archive_name); | |
270 | 269 | |||
271 | owner = DefaultOwner; | 270 | owner = DefaultOwner; | |
272 | group = DefaultGroup; | 271 | group = DefaultGroup; | |
273 | 272 | |||
274 | write_meta_file(contents_file, archive); | 273 | write_meta_file(contents_file, archive); | |
275 | write_meta_file(comment_file, archive); | 274 | write_meta_file(comment_file, archive); | |
276 | write_meta_file(desc_file, archive); | 275 | write_meta_file(desc_file, archive); | |
277 | 276 | |||
278 | if (Install) | 277 | if (Install) | |
279 | write_meta_file(install_file, archive); | 278 | write_meta_file(install_file, archive); | |
@@ -314,29 +313,28 @@ make_dist(const char *pkg, const char *s | @@ -314,29 +313,28 @@ make_dist(const char *pkg, const char *s | |||
314 | } | 313 | } | |
315 | } | 314 | } | |
316 | 315 | |||
317 | entry = NULL; | 316 | entry = NULL; | |
318 | archive_entry_linkify(resolver, &entry, &sparse_entry); | 317 | archive_entry_linkify(resolver, &entry, &sparse_entry); | |
319 | while (entry != NULL) { | 318 | while (entry != NULL) { | |
320 | write_entry(archive, entry); | 319 | write_entry(archive, entry); | |
321 | entry = NULL; | 320 | entry = NULL; | |
322 | archive_entry_linkify(resolver, &entry, &sparse_entry); | 321 | archive_entry_linkify(resolver, &entry, &sparse_entry); | |
323 | } | 322 | } | |
324 | 323 | |||
325 | archive_entry_linkresolver_free(resolver); | 324 | archive_entry_linkresolver_free(resolver); | |
326 | 325 | |||
327 | if (archive_write_close(archive)) | 326 | if (archive_write_free(archive)) | |
328 | errx(2, "cannot finish archive: %s", archive_error_string(archive)); | 327 | errx(2, "cannot finish archive: %s", archive_error_string(archive)); | |
329 | archive_write_finish(archive); | |||
330 | 328 | |||
331 | free(initial_cwd); | 329 | free(initial_cwd); | |
332 | } | 330 | } | |
333 | 331 | |||
334 | static struct memory_file * | 332 | static struct memory_file * | |
335 | load_and_add(package_t *plist, const char *input_name, | 333 | load_and_add(package_t *plist, const char *input_name, | |
336 | const char *target_name, mode_t perm) | 334 | const char *target_name, mode_t perm) | |
337 | { | 335 | { | |
338 | struct memory_file *file; | 336 | struct memory_file *file; | |
339 | 337 | |||
340 | file = load_memory_file(input_name, target_name, DefaultOwner, | 338 | file = load_memory_file(input_name, target_name, DefaultOwner, | |
341 | DefaultGroup, perm); | 339 | DefaultGroup, perm); | |
342 | add_plist(plist, PLIST_IGNORE, NULL); | 340 | add_plist(plist, PLIST_IGNORE, NULL); |
@@ -29,47 +29,38 @@ | @@ -29,47 +29,38 @@ | |||
29 | 29 | |||
30 | #if HAVE_CONFIG_H | 30 | #if HAVE_CONFIG_H | |
31 | #include "config.h" | 31 | #include "config.h" | |
32 | #endif | 32 | #endif | |
33 | 33 | |||
34 | #include <nbcompat.h> | 34 | #include <nbcompat.h> | |
35 | 35 | |||
36 | #if HAVE_SYS_STAT_H | 36 | #if HAVE_SYS_STAT_H | |
37 | #include <sys/stat.h> | 37 | #include <sys/stat.h> | |
38 | #endif | 38 | #endif | |
39 | #if HAVE_ERR_H | 39 | #if HAVE_ERR_H | |
40 | #include <err.h> | 40 | #include <err.h> | |
41 | #endif | 41 | #endif | |
42 | #include <fcntl.h> | |||
42 | #if HAVE_PWD_H | 43 | #if HAVE_PWD_H | |
43 | #include <grp.h> | 44 | #include <grp.h> | |
44 | #endif | 45 | #endif | |
46 | #include <limits.h> | |||
45 | #if HAVE_PWD_H | 47 | #if HAVE_PWD_H | |
46 | #include <pwd.h> | 48 | #include <pwd.h> | |
47 | #endif | 49 | #endif | |
48 | #if HAVE_STDLIB_H | |||
49 | #include <stdlib.h> | 50 | #include <stdlib.h> | |
50 | #endif | |||
51 | #if HAVE_STRING_H | |||
52 | #include <string.h> | 51 | #include <string.h> | |
53 | #endif | |||
54 | #if HAVE_TIME_H | |||
55 | #include <time.h> | 52 | #include <time.h> | |
56 | #endif | |||
57 | #if HAVE_UNISTD_H | |||
58 | #include <unistd.h> | 53 | #include <unistd.h> | |
59 | #endif | |||
60 | #if HAVE_FCNTL_H | |||
61 | #include <fcntl.h> | |||
62 | #endif | |||
63 | 54 | |||
64 | #include "lib.h" | 55 | #include "lib.h" | |
65 | #include "create.h" | 56 | #include "create.h" | |
66 | 57 | |||
67 | static void | 58 | static void | |
68 | update_ids(struct memory_file *file) | 59 | update_ids(struct memory_file *file) | |
69 | { | 60 | { | |
70 | if (file->owner != NULL) { | 61 | if (file->owner != NULL) { | |
71 | uid_t uid; | 62 | uid_t uid; | |
72 | 63 | |||
73 | if (uid_from_user(file->owner, &uid) == -1) | 64 | if (uid_from_user(file->owner, &uid) == -1) | |
74 | errx(2, "user %s unknown", file->owner); | 65 | errx(2, "user %s unknown", file->owner); | |
75 | file->st.st_uid = uid; | 66 | file->st.st_uid = uid; |
@@ -1,29 +1,23 @@ | @@ -1,29 +1,23 @@ | |||
1 | /* $NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $ */ | 1 | /* $NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | #if HAVE_SYS_QUEUE_H | 10 | __RCSID("$NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $"); | |
11 | #include <sys/queue.h> | |||
12 | #endif | |||
13 | #if HAVE_SYS_WAIT_H | |||
14 | #include <sys/wait.h> | |||
15 | #endif | |||
16 | __RCSID("$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $"); | |||
17 | 11 | |||
18 | /*- | 12 | /*- | |
19 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
20 | * All rights reserved. | 14 | * All rights reserved. | |
21 | * | 15 | * | |
22 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
23 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
24 | * are met: | 18 | * are met: | |
25 | * | 19 | * | |
26 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
27 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -63,50 +57,47 @@ __RCSID("$NetBSD: perform.c,v 1.62 2014/ | @@ -63,50 +57,47 @@ __RCSID("$NetBSD: perform.c,v 1.62 2014/ | |||
63 | * This is the main body of the info module. | 57 | * This is the main body of the info module. | |
64 | * | 58 | * | |
65 | */ | 59 | */ | |
66 | 60 | |||
67 | #include "lib.h" | 61 | #include "lib.h" | |
68 | #include "info.h" | 62 | #include "info.h" | |
69 | 63 | |||
70 | #if HAVE_SYS_TYPES_H | 64 | #if HAVE_SYS_TYPES_H | |
71 | #include <sys/types.h> | 65 | #include <sys/types.h> | |
72 | #endif | 66 | #endif | |
73 | #if HAVE_SYS_STAT_H | 67 | #if HAVE_SYS_STAT_H | |
74 | #include <sys/stat.h> | 68 | #include <sys/stat.h> | |
75 | #endif | 69 | #endif | |
70 | #if HAVE_SYS_QUEUE_H | |||
71 | #include <sys/queue.h> | |||
72 | #endif | |||
73 | #if HAVE_SYS_WAIT_H | |||
74 | #include <sys/wait.h> | |||
75 | #endif | |||
76 | 76 | |||
77 | #ifndef BOOTSTRAP | 77 | #ifndef BOOTSTRAP | |
78 | #include <archive.h> | 78 | #include <archive.h> | |
79 | #include <archive_entry.h> | 79 | #include <archive_entry.h> | |
80 | #endif | 80 | #endif | |
81 | #if HAVE_ERR_H | 81 | #if HAVE_ERR_H | |
82 | #include <err.h> | 82 | #include <err.h> | |
83 | #endif | 83 | #endif | |
84 | #if HAVE_ERRNO_H | 84 | #include <ctype.h> | |
85 | #include <dirent.h> | |||
85 | #include <errno.h> | 86 | #include <errno.h> | |
86 | #endif | |||
87 | #if HAVE_FCNTL_H | |||
88 | #include <fcntl.h> | 87 | #include <fcntl.h> | |
89 | #endif | 88 | #include <limits.h> | |
90 | #if HAVE_SIGNAL_H | |||
91 | #include <signal.h> | |||
92 | #endif | |||
93 | #if HAVE_DIRENT_H | |||
94 | #include <dirent.h> | |||
95 | #endif | |||
96 | #if HAVE_CTYPE_H | |||
97 | #include <ctype.h> | |||
98 | #endif | |||
99 | #include <stddef.h> | 89 | #include <stddef.h> | |
90 | #include <signal.h> | |||
100 | 91 | |||
101 | #define LOAD_CONTENTS (1 << 0) | 92 | #define LOAD_CONTENTS (1 << 0) | |
102 | #define LOAD_COMMENT (1 << 1) | 93 | #define LOAD_COMMENT (1 << 1) | |
103 | #define LOAD_DESC (1 << 2) | 94 | #define LOAD_DESC (1 << 2) | |
104 | #define LOAD_INSTALL (1 << 3) | 95 | #define LOAD_INSTALL (1 << 3) | |
105 | #define LOAD_DEINSTALL (1 << 4) | 96 | #define LOAD_DEINSTALL (1 << 4) | |
106 | #define LOAD_DISPLAY (1 << 5) | 97 | #define LOAD_DISPLAY (1 << 5) | |
107 | #define LOAD_MTREE (1 << 6) | 98 | #define LOAD_MTREE (1 << 6) | |
108 | #define LOAD_BUILD_VERSION (1 << 7) | 99 | #define LOAD_BUILD_VERSION (1 << 7) | |
109 | #define LOAD_BUILD_INFO (1 << 8) | 100 | #define LOAD_BUILD_INFO (1 << 8) | |
110 | #define LOAD_SIZE_PKG (1 << 9) | 101 | #define LOAD_SIZE_PKG (1 << 9) | |
111 | #define LOAD_SIZE_ALL (1 << 10) | 102 | #define LOAD_SIZE_ALL (1 << 10) | |
112 | #define LOAD_PRESERVE (1 << 11) | 103 | #define LOAD_PRESERVE (1 << 11) | |
@@ -348,27 +339,27 @@ pkg_do(const char *pkg) | @@ -348,27 +339,27 @@ pkg_do(const char *pkg) | |||
348 | archive = open_archive(pkg, &archive_name); | 339 | archive = open_archive(pkg, &archive_name); | |
349 | if (archive == NULL) { | 340 | if (archive == NULL) { | |
350 | warnx("can't find package `%s', skipped", pkg); | 341 | warnx("can't find package `%s', skipped", pkg); | |
351 | return -1; | 342 | return -1; | |
352 | } | 343 | } | |
353 | pkgname = NULL; | 344 | pkgname = NULL; | |
354 | entry = NULL; | 345 | entry = NULL; | |
355 | pkg_verify_signature(archive_name, &archive, &entry, &pkgname); | 346 | pkg_verify_signature(archive_name, &archive, &entry, &pkgname); | |
356 | if (archive == NULL) | 347 | if (archive == NULL) | |
357 | return -1; | 348 | return -1; | |
358 | free(pkgname); | 349 | free(pkgname); | |
359 | 350 | |||
360 | meta = read_meta_data_from_archive(archive, entry); | 351 | meta = read_meta_data_from_archive(archive, entry); | |
361 | archive_read_finish(archive); | 352 | archive_read_free(archive); | |
362 | if (!IS_URL(pkg)) | 353 | if (!IS_URL(pkg)) | |
363 | binpkgfile = pkg; | 354 | binpkgfile = pkg; | |
364 | #endif | 355 | #endif | |
365 | } else { | 356 | } else { | |
366 | /* | 357 | /* | |
367 | * It's not an uninstalled package, try and find it among the | 358 | * It's not an uninstalled package, try and find it among the | |
368 | * installed | 359 | * installed | |
369 | */ | 360 | */ | |
370 | pkgdir = pkgdb_pkg_dir(pkg); | 361 | pkgdir = pkgdb_pkg_dir(pkg); | |
371 | if (!fexists(pkgdir) || !(isdir(pkgdir) || islinktodir(pkgdir))) { | 362 | if (!fexists(pkgdir) || !(isdir(pkgdir) || islinktodir(pkgdir))) { | |
372 | switch (add_installed_pkgs_by_basename(pkg, &pkgs)) { | 363 | switch (add_installed_pkgs_by_basename(pkg, &pkgs)) { | |
373 | case 1: | 364 | case 1: | |
374 | return 0; | 365 | return 0; |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile.in,v 1.35 2015/09/01 12:14:06 jperkin Exp $ | 1 | # $NetBSD: Makefile.in,v 1.36 2017/04/19 21:42:50 joerg Exp $ | |
2 | 2 | |||
3 | srcdir= @srcdir@ | 3 | srcdir= @srcdir@ | |
4 | 4 | |||
5 | pkgdbdir= @pkgdbdir@ | 5 | pkgdbdir= @pkgdbdir@ | |
6 | mandir= @mandir@ | 6 | mandir= @mandir@ | |
7 | datarootdir= @datarootdir@ | 7 | datarootdir= @datarootdir@ | |
8 | sysconfdir= @sysconfdir@ | 8 | sysconfdir= @sysconfdir@ | |
9 | 9 | |||
10 | cat5dir= $(mandir)/cat5 | 10 | cat5dir= $(mandir)/cat5 | |
11 | cat7dir= $(mandir)/cat7 | 11 | cat7dir= $(mandir)/cat7 | |
12 | man5dir= $(mandir)/man5 | 12 | man5dir= $(mandir)/man5 | |
13 | man7dir= $(mandir)/man7 | 13 | man7dir= $(mandir)/man7 | |
14 | 14 | |||
@@ -18,35 +18,35 @@ SSL_SUPPORT= @ssl_support@ | @@ -18,35 +18,35 @@ SSL_SUPPORT= @ssl_support@ | |||
18 | RANLIB= @RANLIB@ | 18 | RANLIB= @RANLIB@ | |
19 | AR= @AR@ | 19 | AR= @AR@ | |
20 | CC= @CC@ | 20 | CC= @CC@ | |
21 | CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) | 21 | CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) | |
22 | DEFS= @DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\" | 22 | DEFS= @DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\" | |
23 | CFLAGS= @CFLAGS@ | 23 | CFLAGS= @CFLAGS@ | |
24 | 24 | |||
25 | INSTALL= @INSTALL@ | 25 | INSTALL= @INSTALL@ | |
26 | 26 | |||
27 | LIB= libinstall.a | 27 | LIB= libinstall.a | |
28 | 28 | |||
29 | OBJS= automatic.o conflicts.o dewey.o fexec.o file.o \ | 29 | OBJS= automatic.o conflicts.o dewey.o fexec.o file.o \ | |
30 | global.o iterate.o license.o lpkg.o opattern.o \ | 30 | global.o iterate.o license.o lpkg.o opattern.o \ | |
31 | parse-config.o pkgdb.o plist.o remove.o \ | 31 | parse-config.o pkgdb.o pkg_io.o plist.o remove.o \ | |
32 | str.o var.o version.o vulnerabilities-file.o xwrapper.o | 32 | str.o var.o version.o vulnerabilities-file.o xwrapper.o | |
33 | 33 | |||
34 | CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" | 34 | CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" | |
35 | 35 | |||
36 | .if !empty(BOOTSTRAP) | 36 | .if !empty(BOOTSTRAP) | |
37 | CPPFLAGS+= -DBOOTSTRAP | 37 | CPPFLAGS+= -DBOOTSTRAP | |
38 | .else | 38 | .else | |
39 | OBJS+= gpgsig.o pkg_io.o pkg_signature.o | 39 | OBJS+= gpgsig.o pkg_signature.o | |
40 | .endif | 40 | .endif | |
41 | 41 | |||
42 | .if !empty(SSL_SUPPORT) | 42 | .if !empty(SSL_SUPPORT) | |
43 | CPPFLAGS+= -DHAVE_SSL | 43 | CPPFLAGS+= -DHAVE_SSL | |
44 | OBJS+= pkcs7.o | 44 | OBJS+= pkcs7.o | |
45 | .endif | 45 | .endif | |
46 | 46 | |||
47 | all: $(LIB) | 47 | all: $(LIB) | |
48 | 48 | |||
49 | .c.o: | 49 | .c.o: | |
50 | $(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS) -c $< | 50 | $(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS) -c $< | |
51 | 51 | |||
52 | $(LIB): $(OBJS) | 52 | $(LIB): $(OBJS) |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: defs.h,v 1.10 2012/02/21 18:32:14 wiz Exp $ */ | 1 | /* $NetBSD: defs.h,v 1.11 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 1999,2000,2009 The NetBSD Foundation, Inc. | 4 | * Copyright (c) 1999,2000,2009 The NetBSD Foundation, Inc. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * This code is derived from software contributed to The NetBSD Foundation | 7 | * This code is derived from software contributed to The NetBSD Foundation | |
8 | * by Alistair Crooks (agc@NetBSD.org) | 8 | * by Alistair Crooks (agc@NetBSD.org) | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -28,26 +28,29 @@ | @@ -28,26 +28,29 @@ | |||
28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 28 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
29 | * POSSIBILITY OF SUCH DAMAGE. | 29 | * POSSIBILITY OF SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | #ifndef DEFS_H_ | 31 | #ifndef DEFS_H_ | |
32 | #define DEFS_H_ | 32 | #define DEFS_H_ | |
33 | 33 | |||
34 | #if HAVE_CONFIG_H | 34 | #if HAVE_CONFIG_H | |
35 | #include "config.h" | 35 | #include "config.h" | |
36 | #endif | 36 | #endif | |
37 | #include <nbcompat.h> | 37 | #include <nbcompat.h> | |
38 | #if HAVE_ERR_H | 38 | #if HAVE_ERR_H | |
39 | #include <err.h> | 39 | #include <err.h> | |
40 | #endif | 40 | #endif | |
41 | #if HAVE_INTTYPES_H | |||
42 | #include <inttypes.h> | |||
43 | #endif | |||
41 | #if HAVE_STDLIB_H | 44 | #if HAVE_STDLIB_H | |
42 | #include <stdlib.h> | 45 | #include <stdlib.h> | |
43 | #endif | 46 | #endif | |
44 | #if HAVE_STRING_H | 47 | #if HAVE_STRING_H | |
45 | #include <string.h> | 48 | #include <string.h> | |
46 | #endif | 49 | #endif | |
47 | 50 | |||
48 | #ifndef MIN | 51 | #ifndef MIN | |
49 | #define MIN(a,b) (((a) < (b)) ? (a) : (b)) | 52 | #define MIN(a,b) (((a) < (b)) ? (a) : (b)) | |
50 | #endif | 53 | #endif | |
51 | 54 | |||
52 | #ifndef MAX | 55 | #ifndef MAX | |
53 | #define MAX(a,b) (((a) > (b)) ? (a) : (b)) | 56 | #define MAX(a,b) (((a) > (b)) ? (a) : (b)) |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $ */ | 1 | /* $NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | #if HAVE_CONFIG_H | 2 | #if HAVE_CONFIG_H | |
3 | #include "config.h" | 3 | #include "config.h" | |
4 | #endif | 4 | #endif | |
5 | #include <nbcompat.h> | 5 | #include <nbcompat.h> | |
6 | #if HAVE_SYS_CDEFS_H | 6 | #if HAVE_SYS_CDEFS_H | |
7 | #include <sys/cdefs.h> | 7 | #include <sys/cdefs.h> | |
8 | #endif | 8 | #endif | |
9 | 9 | |||
10 | __RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $"); | 10 | __RCSID("$NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -40,66 +40,68 @@ __RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07 | @@ -40,66 +40,68 @@ __RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07 | |||
40 | 40 | |||
41 | #include <sys/wait.h> | 41 | #include <sys/wait.h> | |
42 | #ifndef NETBSD | 42 | #ifndef NETBSD | |
43 | #include <nbcompat/err.h> | 43 | #include <nbcompat/err.h> | |
44 | #else | 44 | #else | |
45 | #include <err.h> | 45 | #include <err.h> | |
46 | #endif | 46 | #endif | |
47 | #ifndef NETBSD | 47 | #ifndef NETBSD | |
48 | #include <nbcompat/stdlib.h> | 48 | #include <nbcompat/stdlib.h> | |
49 | #else | 49 | #else | |
50 | #include <stdlib.h> | 50 | #include <stdlib.h> | |
51 | #endif | 51 | #endif | |
52 | 52 | |||
53 | #include <netpgp/verify.h> | |||
54 | ||||
53 | #include "lib.h" | 55 | #include "lib.h" | |
54 | #include "netpgpverify/verify.h" | |||
55 | 56 | |||
56 | int | 57 | int | |
57 | gpg_verify(const char *content, size_t len, const char *keyring, | 58 | gpg_verify(const char *content, size_t len, const char *keyring, | |
58 | const char *sig, size_t sig_len) | 59 | const char *sig, size_t sig_len) | |
59 | { | 60 | { | |
60 | pgpv_t *pgp; | 61 | pgpv_t *pgp; | |
61 | pgpv_cursor_t *cursor; | 62 | pgpv_cursor_t *cursor; | |
62 | static const char hdr1[] = "-----BEGIN PGP SIGNED MESSAGE-----\n"; | 63 | static const char hdr1[] = "-----BEGIN PGP SIGNED MESSAGE-----\n"; | |
63 | static const char hdr2[] = "Hash: SHA512\n\n"; | 64 | static const char hdr2[] = "Hash: SHA512\n\n"; | |
64 | ssize_t buflen; | 65 | ssize_t buflen; | |
65 | char *buf; | 66 | char *allocated_buf; | |
67 | const char *buf; | |||
66 | 68 | |||
67 | /* | 69 | /* | |
68 | * If there is a detached signature we need to construct a format that | 70 | * If there is a detached signature we need to construct a format that | |
69 | * netpgp can parse, otherwise use as-is. | 71 | * netpgp can parse, otherwise use as-is. | |
70 | */ | 72 | */ | |
71 | if (sig_len) { | 73 | if (sig_len) { | |
72 | buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig); | 74 | buf = allocated_buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig); | |
73 | buflen = strlen(buf); | 75 | buflen = strlen(buf); | |
74 | } else { | 76 | } else { | |
75 | buf = content; | 77 | buf = content; | |
78 | allocated_buf = NULL; | |||
76 | buflen = len; | 79 | buflen = len; | |
77 | } | 80 | } | |
78 | 81 | |||
79 | pgp = pgpv_new(); | 82 | pgp = pgpv_new(); | |
80 | cursor = pgpv_new_cursor(); | 83 | cursor = pgpv_new_cursor(); | |
81 | 84 | |||
82 | if (!pgpv_read_pubring(pgp, keyring, -1)) | 85 | if (!pgpv_read_pubring(pgp, keyring, -1)) | |
83 | err(EXIT_FAILURE, "cannot read keyring"); | 86 | err(EXIT_FAILURE, "cannot read keyring"); | |
84 | 87 | |||
85 | if (!pgpv_verify(cursor, pgp, buf, buflen)) | 88 | if (!pgpv_verify(cursor, pgp, buf, buflen)) | |
86 | errx(EXIT_FAILURE, "unable to verify signature: %s", | 89 | errx(EXIT_FAILURE, "unable to verify signature: %s", | |
87 | pgpv_get_cursor_str(cursor, "why")); | 90 | pgpv_get_cursor_str(cursor, "why")); | |
88 | 91 | |||
89 | pgpv_close(pgp); | 92 | pgpv_close(pgp); | |
90 | 93 | |||
91 | if (sig_len) | 94 | free(allocated_buf); | |
92 | free(buf); | |||
93 | 95 | |||
94 | return 0; | 96 | return 0; | |
95 | } | 97 | } | |
96 | 98 | |||
97 | int | 99 | int | |
98 | detached_gpg_sign(const char *content, size_t len, char **sig, size_t *sig_len, | 100 | detached_gpg_sign(const char *content, size_t len, char **sig, size_t *sig_len, | |
99 | const char *keyring, const char *user) | 101 | const char *keyring, const char *user) | |
100 | { | 102 | { | |
101 | const char *argv[12], **argvp; | 103 | const char *argv[12], **argvp; | |
102 | pid_t child; | 104 | pid_t child; | |
103 | int fd_in[2], fd_out[2], status; | 105 | int fd_in[2], fd_out[2], status; | |
104 | size_t allocated; | 106 | size_t allocated; | |
105 | ssize_t ret; | 107 | ssize_t ret; |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: lib.h,v 1.67 2015/10/15 13:31:27 sevan Exp $ */ | 1 | /* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | 3 | /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * FreeBSD install - a package for the installation and maintainance | 6 | * FreeBSD install - a package for the installation and maintainance | |
7 | * of non-core utilities. | 7 | * of non-core utilities. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -306,26 +306,27 @@ Boolean make_preserve_name(char *, size_ | @@ -306,26 +306,27 @@ Boolean make_preserve_name(char *, size_ | |||
306 | void remove_files(const char *, const char *); | 306 | void remove_files(const char *, const char *); | |
307 | int format_cmd(char *, size_t, const char *, const char *, const char *); | 307 | int format_cmd(char *, size_t, const char *, const char *, const char *); | |
308 | 308 | |||
309 | int recursive_remove(const char *, int); | 309 | int recursive_remove(const char *, int); | |
310 | 310 | |||
311 | void add_pkgdir(const char *, const char *, const char *); | 311 | void add_pkgdir(const char *, const char *, const char *); | |
312 | void delete_pkgdir(const char *, const char *, const char *); | 312 | void delete_pkgdir(const char *, const char *, const char *); | |
313 | int has_pkgdir(const char *); | 313 | int has_pkgdir(const char *); | |
314 | 314 | |||
315 | /* pkg_io.c: Local and remote archive handling */ | 315 | /* pkg_io.c: Local and remote archive handling */ | |
316 | struct archive; | 316 | struct archive; | |
317 | struct archive_entry; | 317 | struct archive_entry; | |
318 | 318 | |||
319 | struct archive *prepare_archive(void); | |||
319 | struct archive *open_archive(const char *, char **); | 320 | struct archive *open_archive(const char *, char **); | |
320 | struct archive *find_archive(const char *, int, char **); | 321 | struct archive *find_archive(const char *, int, char **); | |
321 | void process_pkg_path(void); | 322 | void process_pkg_path(void); | |
322 | struct url *find_best_package(const char *, const char *, int); | 323 | struct url *find_best_package(const char *, const char *, int); | |
323 | 324 | |||
324 | /* Packing list */ | 325 | /* Packing list */ | |
325 | plist_t *new_plist_entry(void); | 326 | plist_t *new_plist_entry(void); | |
326 | plist_t *last_plist(package_t *); | 327 | plist_t *last_plist(package_t *); | |
327 | plist_t *find_plist(package_t *, pl_ent_t); | 328 | plist_t *find_plist(package_t *, pl_ent_t); | |
328 | char *find_plist_option(package_t *, const char *); | 329 | char *find_plist_option(package_t *, const char *); | |
329 | void plist_delete(package_t *, Boolean, pl_ent_t, char *); | 330 | void plist_delete(package_t *, Boolean, pl_ent_t, char *); | |
330 | void free_plist(package_t *); | 331 | void free_plist(package_t *); | |
331 | void mark_plist(package_t *); | 332 | void mark_plist(package_t *); | |
@@ -402,27 +403,32 @@ int detached_gpg_sign(const char *, size | @@ -402,27 +403,32 @@ int detached_gpg_sign(const char *, size | |||
402 | const char *); | 403 | const char *); | |
403 | 404 | |||
404 | /* License handling */ | 405 | /* License handling */ | |
405 | int add_licenses(const char *); | 406 | int add_licenses(const char *); | |
406 | int acceptable_license(const char *); | 407 | int acceptable_license(const char *); | |
407 | int acceptable_pkg_license(const char *); | 408 | int acceptable_pkg_license(const char *); | |
408 | void load_license_lists(void); | 409 | void load_license_lists(void); | |
409 | 410 | |||
410 | /* Helper functions for memory allocation */ | 411 | /* Helper functions for memory allocation */ | |
411 | char *xstrdup(const char *); | 412 | char *xstrdup(const char *); | |
412 | void *xrealloc(void *, size_t); | 413 | void *xrealloc(void *, size_t); | |
413 | void *xcalloc(size_t, size_t); | 414 | void *xcalloc(size_t, size_t); | |
414 | void *xmalloc(size_t); | 415 | void *xmalloc(size_t); | |
415 | char *xasprintf(const char *, ...); | 416 | #if defined(__GNUC__) && __GNUC__ >= 2 | |
417 | char *xasprintf(const char *, ...) | |||
418 | __attribute__((__format__(__printf__, 1, 2))); | |||
419 | #else | |||
420 | char *xasprintf(const char *, ...); | |||
421 | #endif | |||
416 | 422 | |||
417 | /* Externs */ | 423 | /* Externs */ | |
418 | extern Boolean Verbose; | 424 | extern Boolean Verbose; | |
419 | extern Boolean Fake; | 425 | extern Boolean Fake; | |
420 | extern Boolean Force; | 426 | extern Boolean Force; | |
421 | extern const char *cert_chain_file; | 427 | extern const char *cert_chain_file; | |
422 | extern const char *certs_packages; | 428 | extern const char *certs_packages; | |
423 | extern const char *certs_pkg_vulnerabilities; | 429 | extern const char *certs_pkg_vulnerabilities; | |
424 | extern const char *check_eol; | 430 | extern const char *check_eol; | |
425 | extern const char *check_vulnerabilities; | 431 | extern const char *check_vulnerabilities; | |
426 | extern const char *config_file; | 432 | extern const char *config_file; | |
427 | extern const char *config_pkg_dbdir; | 433 | extern const char *config_pkg_dbdir; | |
428 | extern const char *config_pkg_path; | 434 | extern const char *config_pkg_path; |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $ */ | 1 | /* $NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | /*- | 2 | /*- | |
3 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>. | 3 | * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>. | |
4 | * All rights reserved. | 4 | * All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * | 9 | * | |
10 | * 1. Redistributions of source code must retain the above copyright | 10 | * 1. Redistributions of source code must retain the above copyright | |
11 | * notice, this list of conditions and the following disclaimer. | 11 | * notice, this list of conditions and the following disclaimer. | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in | 13 | * notice, this list of conditions and the following disclaimer in | |
14 | * the documentation and/or other materials provided with the | 14 | * the documentation and/or other materials provided with the | |
@@ -26,49 +26,55 @@ | @@ -26,49 +26,55 @@ | |||
26 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | 26 | * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT | |
27 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 27 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
28 | * SUCH DAMAGE. | 28 | * SUCH DAMAGE. | |
29 | */ | 29 | */ | |
30 | 30 | |||
31 | #if HAVE_CONFIG_H | 31 | #if HAVE_CONFIG_H | |
32 | #include "config.h" | 32 | #include "config.h" | |
33 | #endif | 33 | #endif | |
34 | #include <nbcompat.h> | 34 | #include <nbcompat.h> | |
35 | #if HAVE_SYS_CDEFS_H | 35 | #if HAVE_SYS_CDEFS_H | |
36 | #include <sys/cdefs.h> | 36 | #include <sys/cdefs.h> | |
37 | #endif | 37 | #endif | |
38 | 38 | |||
39 | __RCSID("$NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $"); | 39 | __RCSID("$NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $"); | |
40 | 40 | |||
41 | #include <archive.h> | 41 | #include <archive.h> | |
42 | #include <archive_entry.h> | 42 | #include <archive_entry.h> | |
43 | #if HAVE_ERR_H | 43 | #if HAVE_ERR_H | |
44 | #include <err.h> | 44 | #include <err.h> | |
45 | #endif | 45 | #endif | |
46 | #if HAVE_ERRNO_H | 46 | #if HAVE_ERRNO_H | |
47 | #include <errno.h> | 47 | #include <errno.h> | |
48 | #endif | 48 | #endif | |
49 | #include <fetch.h> | |||
50 | #include <stdlib.h> | 49 | #include <stdlib.h> | |
51 | 50 | |||
51 | #ifdef BOOTSTRAP | |||
52 | #define IS_URL(x) 0 | |||
53 | #else | |||
54 | #include <fetch.h> | |||
55 | #endif | |||
56 | ||||
52 | #include "lib.h" | 57 | #include "lib.h" | |
53 | 58 | |||
54 | struct pkg_path { | 59 | struct pkg_path { | |
55 | TAILQ_ENTRY(pkg_path) pl_link; | 60 | TAILQ_ENTRY(pkg_path) pl_link; | |
56 | char *pl_path; | 61 | char *pl_path; | |
57 | }; | 62 | }; | |
58 | 63 | |||
59 | static char *orig_cwd, *last_toplevel; | 64 | static char *orig_cwd, *last_toplevel; | |
60 | static TAILQ_HEAD(, pkg_path) pkg_path = TAILQ_HEAD_INITIALIZER(pkg_path); | 65 | static TAILQ_HEAD(, pkg_path) pkg_path = TAILQ_HEAD_INITIALIZER(pkg_path); | |
61 | 66 | |||
67 | #ifndef BOOTSTRAP | |||
62 | struct fetch_archive { | 68 | struct fetch_archive { | |
63 | struct url *url; | 69 | struct url *url; | |
64 | fetchIO *fetch; | 70 | fetchIO *fetch; | |
65 | char buffer[32768]; | 71 | char buffer[32768]; | |
66 | off_t size; | 72 | off_t size; | |
67 | int restart; | 73 | int restart; | |
68 | }; | 74 | }; | |
69 | 75 | |||
70 | static int | 76 | static int | |
71 | fetch_archive_open(struct archive *a, void *client_data) | 77 | fetch_archive_open(struct archive *a, void *client_data) | |
72 | { | 78 | { | |
73 | struct fetch_archive *f = client_data; | 79 | struct fetch_archive *f = client_data; | |
74 | struct url_stat us; | 80 | struct url_stat us; | |
@@ -135,69 +141,86 @@ fetch_archive_close(struct archive *a, v | @@ -135,69 +141,86 @@ fetch_archive_close(struct archive *a, v | |||
135 | } | 141 | } | |
136 | 142 | |||
137 | static struct archive * | 143 | static struct archive * | |
138 | open_archive_by_url(struct url *url, char **archive_name) | 144 | open_archive_by_url(struct url *url, char **archive_name) | |
139 | { | 145 | { | |
140 | struct fetch_archive *f; | 146 | struct fetch_archive *f; | |
141 | struct archive *a; | 147 | struct archive *a; | |
142 | 148 | |||
143 | f = xmalloc(sizeof(*f)); | 149 | f = xmalloc(sizeof(*f)); | |
144 | f->url = fetchCopyURL(url); | 150 | f->url = fetchCopyURL(url); | |
145 | 151 | |||
146 | *archive_name = fetchStringifyURL(url); | 152 | *archive_name = fetchStringifyURL(url); | |
147 | 153 | |||
148 | a = archive_read_new(); | 154 | a = prepare_archive(); | |
149 | archive_read_support_compression_all(a); | |||
150 | archive_read_support_format_all(a); | |||
151 | if (archive_read_open(a, f, fetch_archive_open, fetch_archive_read, | 155 | if (archive_read_open(a, f, fetch_archive_open, fetch_archive_read, | |
152 | fetch_archive_close)) { | 156 | fetch_archive_close)) { | |
153 | free(*archive_name); | 157 | free(*archive_name); | |
154 | *archive_name = NULL; | 158 | *archive_name = NULL; | |
155 | archive_read_finish(a); | 159 | archive_read_free(a); | |
156 | return NULL; | 160 | return NULL; | |
157 | } | 161 | } | |
158 | 162 | |||
159 | return a; | 163 | return a; | |
160 | } | 164 | } | |
165 | #endif /* !BOOTSTRAP */ | |||
166 | ||||
167 | struct archive * | |||
168 | prepare_archive(void) | |||
169 | { | |||
170 | struct archive *a = archive_read_new(); | |||
171 | if (a == NULL) | |||
172 | errx(EXIT_FAILURE, "memory allocation failed"); | |||
173 | archive_read_support_filter_gzip(a); | |||
174 | archive_read_support_filter_bzip2(a); | |||
175 | archive_read_support_filter_xz(a); | |||
176 | archive_read_support_format_ar(a); | |||
177 | archive_read_support_format_tar(a); | |||
178 | archive_read_set_options(a, "hdrcharset=BINARY"); | |||
179 | return a; | |||
180 | } | |||
161 | 181 | |||
162 | struct archive * | 182 | struct archive * | |
163 | open_archive(const char *url, char **archive_name) | 183 | open_archive(const char *url, char **archive_name) | |
164 | { | 184 | { | |
165 | struct url *u; | 185 | struct url *u; | |
166 | struct archive *a; | 186 | struct archive *a; | |
167 | 187 | |||
168 | *archive_name = NULL; | 188 | *archive_name = NULL; | |
169 | 189 | |||
170 | if (!IS_URL(url)) { | 190 | if (!IS_URL(url)) { | |
171 | a = archive_read_new(); | 191 | a = prepare_archive(); | |
172 | archive_read_support_compression_all(a); | |||
173 | archive_read_support_format_all(a); | |||
174 | if (archive_read_open_filename(a, url, 1024)) { | 192 | if (archive_read_open_filename(a, url, 1024)) { | |
175 | archive_read_close(a); | 193 | archive_read_close(a); | |
176 | return NULL; | 194 | return NULL; | |
177 | } | 195 | } | |
178 | *archive_name = xstrdup(url); | 196 | *archive_name = xstrdup(url); | |
179 | return a; | 197 | return a; | |
180 | } | 198 | } | |
181 | 199 | |||
200 | #ifdef BOOTSTRAP | |||
201 | return NULL; | |||
202 | #else | |||
182 | if ((u = fetchParseURL(url)) == NULL) | 203 | if ((u = fetchParseURL(url)) == NULL) | |
183 | return NULL; | 204 | return NULL; | |
184 | 205 | |||
185 | a = open_archive_by_url(u, archive_name); | 206 | a = open_archive_by_url(u, archive_name); | |
186 | 207 | |||
187 | fetchFreeURL(u); | 208 | fetchFreeURL(u); | |
188 | return a; | 209 | return a; | |
210 | #endif | |||
189 | } | 211 | } | |
190 | 212 | |||
213 | #ifndef BOOTSTRAP | |||
191 | static int | 214 | static int | |
192 | strip_suffix(char *filename) | 215 | strip_suffix(char *filename) | |
193 | { | 216 | { | |
194 | size_t len; | 217 | size_t len; | |
195 | 218 | |||
196 | len = strlen(filename); | 219 | len = strlen(filename); | |
197 | if (len <= 4) | 220 | if (len <= 4) | |
198 | return 0; | 221 | return 0; | |
199 | if (strcmp(filename + len - 4, ".tgz") == 0 || | 222 | if (strcmp(filename + len - 4, ".tgz") == 0 || | |
200 | strcmp(filename + len - 4, ".tbz") == 0) { | 223 | strcmp(filename + len - 4, ".tbz") == 0) { | |
201 | filename[len - 4] = '\0'; | 224 | filename[len - 4] = '\0'; | |
202 | return 1; | 225 | return 1; | |
203 | } else | 226 | } else | |
@@ -323,26 +346,27 @@ find_best_package(const char *toplevel, | @@ -323,26 +346,27 @@ find_best_package(const char *toplevel, | |||
323 | return best_match; | 346 | return best_match; | |
324 | 347 | |||
325 | TAILQ_FOREACH(pl, &pkg_path, pl_link) { | 348 | TAILQ_FOREACH(pl, &pkg_path, pl_link) { | |
326 | url = fetchParseURL(pl->pl_path); | 349 | url = fetchParseURL(pl->pl_path); | |
327 | if (url != NULL) { | 350 | if (url != NULL) { | |
328 | find_best_package_int(url, pattern, &best_match); | 351 | find_best_package_int(url, pattern, &best_match); | |
329 | /* XXX Check return value and complain */ | 352 | /* XXX Check return value and complain */ | |
330 | fetchFreeURL(url); | 353 | fetchFreeURL(url); | |
331 | } | 354 | } | |
332 | } | 355 | } | |
333 | 356 | |||
334 | return best_match; | 357 | return best_match; | |
335 | } | 358 | } | |
359 | #endif /* !BOOTSTRAP */ | |||
336 | 360 | |||
337 | struct archive * | 361 | struct archive * | |
338 | find_archive(const char *fname, int top_level, char **archive_name) | 362 | find_archive(const char *fname, int top_level, char **archive_name) | |
339 | { | 363 | { | |
340 | struct archive *a; | 364 | struct archive *a; | |
341 | struct url *best_match; | 365 | struct url *best_match; | |
342 | char *full_fname, *last_slash; | 366 | char *full_fname, *last_slash; | |
343 | int search_path; | 367 | int search_path; | |
344 | 368 | |||
345 | search_path = 0; | 369 | search_path = 0; | |
346 | if (IS_FULLPATH(fname) || IS_URL(fname)) { | 370 | if (IS_FULLPATH(fname) || IS_URL(fname)) { | |
347 | full_fname = xstrdup(fname); | 371 | full_fname = xstrdup(fname); | |
348 | } else { | 372 | } else { | |
@@ -354,30 +378,31 @@ find_archive(const char *fname, int top_ | @@ -354,30 +378,31 @@ find_archive(const char *fname, int top_ | |||
354 | last_slash = strrchr(full_fname, '/'); | 378 | last_slash = strrchr(full_fname, '/'); | |
355 | if (top_level) { | 379 | if (top_level) { | |
356 | free(last_toplevel); | 380 | free(last_toplevel); | |
357 | *last_slash = '\0'; | 381 | *last_slash = '\0'; | |
358 | last_toplevel = xstrdup(full_fname); | 382 | last_toplevel = xstrdup(full_fname); | |
359 | *last_slash = '/'; | 383 | *last_slash = '/'; | |
360 | } | 384 | } | |
361 | 385 | |||
362 | a = open_archive(full_fname, archive_name); | 386 | a = open_archive(full_fname, archive_name); | |
363 | if (a != NULL) { | 387 | if (a != NULL) { | |
364 | free(full_fname); | 388 | free(full_fname); | |
365 | return a; | 389 | return a; | |
366 | } | 390 | } | |
367 | 391 | #ifndef BOOTSTRAP | ||
368 | fname = last_slash + 1; | 392 | fname = last_slash + 1; | |
369 | *last_slash = '\0'; | 393 | *last_slash = '\0'; | |
370 | 394 | |||
371 | best_match = find_best_package(full_fname, fname, 0); | 395 | best_match = find_best_package(full_fname, fname, 0); | |
372 | 396 | |||
373 | if (search_path && best_match == NULL) | 397 | if (search_path && best_match == NULL) | |
374 | best_match = find_best_package(last_toplevel, fname, 1); | 398 | best_match = find_best_package(last_toplevel, fname, 1); | |
375 | 399 | |||
376 | free(full_fname); | 400 | free(full_fname); | |
377 | 401 | |||
378 | if (best_match == NULL) | 402 | if (best_match == NULL) | |
379 | return NULL; | 403 | return NULL; | |
380 | a = open_archive_by_url(best_match, archive_name); | 404 | a = open_archive_by_url(best_match, archive_name); | |
381 | fetchFreeURL(best_match); | 405 | fetchFreeURL(best_match); | |
406 | #endif /* !BOOTSTRAP */ | |||
382 | return a; | 407 | return a; | |
383 | } | 408 | } |
@@ -1,23 +1,23 @@ | @@ -1,23 +1,23 @@ | |||
1 | /* $NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $ */ | 1 | /* $NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | #if HAVE_CONFIG_H | 3 | #if HAVE_CONFIG_H | |
4 | #include "config.h" | 4 | #include "config.h" | |
5 | #endif | 5 | #endif | |
6 | #include <nbcompat.h> | 6 | #include <nbcompat.h> | |
7 | #if HAVE_SYS_CDEFS_H | 7 | #if HAVE_SYS_CDEFS_H | |
8 | #include <sys/cdefs.h> | 8 | #include <sys/cdefs.h> | |
9 | #endif | 9 | #endif | |
10 | __RCSID("$NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $"); | 10 | __RCSID("$NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $"); | |
11 | 11 | |||
12 | /*- | 12 | /*- | |
13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | 13 | * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>. | |
14 | * All rights reserved. | 14 | * All rights reserved. | |
15 | * | 15 | * | |
16 | * Redistribution and use in source and binary forms, with or without | 16 | * Redistribution and use in source and binary forms, with or without | |
17 | * modification, are permitted provided that the following conditions | 17 | * modification, are permitted provided that the following conditions | |
18 | * are met: | 18 | * are met: | |
19 | * | 19 | * | |
20 | * 1. Redistributions of source code must retain the above copyright | 20 | * 1. Redistributions of source code must retain the above copyright | |
21 | * notice, this list of conditions and the following disclaimer. | 21 | * notice, this list of conditions and the following disclaimer. | |
22 | * 2. Redistributions in binary form must reproduce the above copyright | 22 | * 2. Redistributions in binary form must reproduce the above copyright | |
23 | * notice, this list of conditions and the following disclaimer in | 23 | * notice, this list of conditions and the following disclaimer in | |
@@ -37,26 +37,27 @@ __RCSID("$NetBSD: pkg_signature.c,v 1.12 | @@ -37,26 +37,27 @@ __RCSID("$NetBSD: pkg_signature.c,v 1.12 | |||
37 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 37 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
38 | * SUCH DAMAGE. | 38 | * SUCH DAMAGE. | |
39 | */ | 39 | */ | |
40 | 40 | |||
41 | #if HAVE_SYS_WAIT_H | 41 | #if HAVE_SYS_WAIT_H | |
42 | #include <sys/wait.h> | 42 | #include <sys/wait.h> | |
43 | #endif | 43 | #endif | |
44 | #include <ctype.h> | 44 | #include <ctype.h> | |
45 | #if HAVE_ERR_H | 45 | #if HAVE_ERR_H | |
46 | #include <err.h> | 46 | #include <err.h> | |
47 | #endif | 47 | #endif | |
48 | #include <errno.h> | 48 | #include <errno.h> | |
49 | #include <fcntl.h> | 49 | #include <fcntl.h> | |
50 | #include <limits.h> | |||
50 | #include <stdlib.h> | 51 | #include <stdlib.h> | |
51 | #ifndef NETBSD | 52 | #ifndef NETBSD | |
52 | #include <nbcompat/sha2.h> | 53 | #include <nbcompat/sha2.h> | |
53 | #else | 54 | #else | |
54 | #include <sha2.h> | 55 | #include <sha2.h> | |
55 | #endif | 56 | #endif | |
56 | #include <signal.h> | 57 | #include <signal.h> | |
57 | #ifdef NETBSD | 58 | #ifdef NETBSD | |
58 | #include <unistd.h> | 59 | #include <unistd.h> | |
59 | #else | 60 | #else | |
60 | #include <nbcompat/unistd.h> | 61 | #include <nbcompat/unistd.h> | |
61 | #endif | 62 | #endif | |
62 | 63 | |||
@@ -149,27 +150,27 @@ free_signature_int(struct signature_arch | @@ -149,27 +150,27 @@ free_signature_int(struct signature_arch | |||
149 | for (i = 0; i < state->sign_block_number; ++i) | 150 | for (i = 0; i < state->sign_block_number; ++i) | |
150 | free(state->sign_blocks[i]); | 151 | free(state->sign_blocks[i]); | |
151 | } | 152 | } | |
152 | free(state->sign_blocks); | 153 | free(state->sign_blocks); | |
153 | free(state->sign_buf); | 154 | free(state->sign_buf); | |
154 | free(state); | 155 | free(state); | |
155 | } | 156 | } | |
156 | 157 | |||
157 | static int | 158 | static int | |
158 | verify_signature_close_cb(struct archive *archive, void *cookie) | 159 | verify_signature_close_cb(struct archive *archive, void *cookie) | |
159 | { | 160 | { | |
160 | struct signature_archive *state = cookie; | 161 | struct signature_archive *state = cookie; | |
161 | 162 | |||
162 | archive_read_finish(state->archive); | 163 | archive_read_free(state->archive); | |
163 | free_signature_int(state); | 164 | free_signature_int(state); | |
164 | return 0; | 165 | return 0; | |
165 | } | 166 | } | |
166 | 167 | |||
167 | static int | 168 | static int | |
168 | read_file_from_archive(const char *archive_name, struct archive *archive, | 169 | read_file_from_archive(const char *archive_name, struct archive *archive, | |
169 | struct archive_entry **entry, | 170 | struct archive_entry **entry, | |
170 | const char *fname, char **content, size_t *len) | 171 | const char *fname, char **content, size_t *len) | |
171 | { | 172 | { | |
172 | int r; | 173 | int r; | |
173 | 174 | |||
174 | *content = NULL; | 175 | *content = NULL; | |
175 | *len = 0; | 176 | *len = 0; | |
@@ -320,53 +321,53 @@ pkg_verify_signature(const char *archive | @@ -320,53 +321,53 @@ pkg_verify_signature(const char *archive | |||
320 | struct archive_entry *my_entry; | 321 | struct archive_entry *my_entry; | |
321 | struct archive *a; | 322 | struct archive *a; | |
322 | char *hash_file, *signature_file; | 323 | char *hash_file, *signature_file; | |
323 | size_t hash_len, signature_len; | 324 | size_t hash_len, signature_len; | |
324 | int r, has_sig; | 325 | int r, has_sig; | |
325 | 326 | |||
326 | *pkgname = NULL; | 327 | *pkgname = NULL; | |
327 | 328 | |||
328 | state = xcalloc(sizeof(*state), 1); | 329 | state = xcalloc(sizeof(*state), 1); | |
329 | 330 | |||
330 | r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, | 331 | r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, | |
331 | &hash_file, &hash_len); | 332 | &hash_file, &hash_len); | |
332 | if (r == -1) { | 333 | if (r == -1) { | |
333 | archive_read_finish(*archive); | 334 | archive_read_free(*archive); | |
334 | *archive = NULL; | 335 | *archive = NULL; | |
335 | free(state); | 336 | free(state); | |
336 | goto no_valid_signature; | 337 | goto no_valid_signature; | |
337 | } else if (r == 1) { | 338 | } else if (r == 1) { | |
338 | free(state); | 339 | free(state); | |
339 | goto no_valid_signature; | 340 | goto no_valid_signature; | |
340 | } | 341 | } | |
341 | 342 | |||
342 | if (parse_hash_file(hash_file, pkgname, state)) | 343 | if (parse_hash_file(hash_file, pkgname, state)) | |
343 | goto no_valid_signature; | 344 | goto no_valid_signature; | |
344 | 345 | |||
345 | r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, | 346 | r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, | |
346 | &signature_file, &signature_len); | 347 | &signature_file, &signature_len); | |
347 | if (r == -1) { | 348 | if (r == -1) { | |
348 | archive_read_finish(*archive); | 349 | archive_read_free(*archive); | |
349 | *archive = NULL; | 350 | *archive = NULL; | |
350 | free(state); | 351 | free(state); | |
351 | free(hash_file); | 352 | free(hash_file); | |
352 | goto no_valid_signature; | 353 | goto no_valid_signature; | |
353 | } else if (r != 0) { | 354 | } else if (r != 0) { | |
354 | if (*entry != NULL) | 355 | if (*entry != NULL) | |
355 | r = read_file_from_archive(archive_name, *archive, | 356 | r = read_file_from_archive(archive_name, *archive, | |
356 | entry, GPG_SIGNATURE_FNAME, | 357 | entry, GPG_SIGNATURE_FNAME, | |
357 | &signature_file, &signature_len); | 358 | &signature_file, &signature_len); | |
358 | if (r == -1) { | 359 | if (r == -1) { | |
359 | archive_read_finish(*archive); | 360 | archive_read_free(*archive); | |
360 | *archive = NULL; | 361 | *archive = NULL; | |
361 | free(state); | 362 | free(state); | |
362 | free(hash_file); | 363 | free(hash_file); | |
363 | goto no_valid_signature; | 364 | goto no_valid_signature; | |
364 | } else if (r != 0) { | 365 | } else if (r != 0) { | |
365 | free(hash_file); | 366 | free(hash_file); | |
366 | free(state); | 367 | free(state); | |
367 | goto no_valid_signature; | 368 | goto no_valid_signature; | |
368 | } | 369 | } | |
369 | has_sig = !gpg_verify(hash_file, hash_len, gpg_keyring_verify, | 370 | has_sig = !gpg_verify(hash_file, hash_len, gpg_keyring_verify, | |
370 | signature_file, signature_len); | 371 | signature_file, signature_len); | |
371 | 372 | |||
372 | free(signature_file); | 373 | free(signature_file); | |
@@ -389,33 +390,31 @@ pkg_verify_signature(const char *archive | @@ -389,33 +390,31 @@ pkg_verify_signature(const char *archive | |||
389 | archive_error_string(*archive)); | 390 | archive_error_string(*archive)); | |
390 | free_signature_int(state); | 391 | free_signature_int(state); | |
391 | goto no_valid_signature; | 392 | goto no_valid_signature; | |
392 | } | 393 | } | |
393 | 394 | |||
394 | if (archive_entry_size(my_entry) != state->pkg_size) { | 395 | if (archive_entry_size(my_entry) != state->pkg_size) { | |
395 | warnx("Package size doesn't match signature"); | 396 | warnx("Package size doesn't match signature"); | |
396 | free_signature_int(state); | 397 | free_signature_int(state); | |
397 | goto no_valid_signature; | 398 | goto no_valid_signature; | |
398 | } | 399 | } | |
399 | 400 | |||
400 | state->archive = *archive; | 401 | state->archive = *archive; | |
401 | 402 | |||
402 | a = archive_read_new(); | 403 | a = prepare_archive(); | |
403 | archive_read_support_compression_all(a); | |||
404 | archive_read_support_format_all(a); | |||
405 | if (archive_read_open(a, state, NULL, verify_signature_read_cb, | 404 | if (archive_read_open(a, state, NULL, verify_signature_read_cb, | |
406 | verify_signature_close_cb)) { | 405 | verify_signature_close_cb)) { | |
407 | warnx("Can't open signed package file"); | 406 | warnx("Can't open signed package file"); | |
408 | archive_read_finish(a); | 407 | archive_read_free(a); | |
409 | goto no_valid_signature; | 408 | goto no_valid_signature; | |
410 | } | 409 | } | |
411 | *archive = a; | 410 | *archive = a; | |
412 | *entry = NULL; | 411 | *entry = NULL; | |
413 | 412 | |||
414 | return has_sig ? 0 : -1; | 413 | return has_sig ? 0 : -1; | |
415 | 414 | |||
416 | no_valid_signature: | 415 | no_valid_signature: | |
417 | return -1; | 416 | return -1; | |
418 | } | 417 | } | |
419 | 418 | |||
420 | int | 419 | int | |
421 | pkg_full_signature_check(const char *archive_name, struct archive **archive) | 420 | pkg_full_signature_check(const char *archive_name, struct archive **archive) | |
@@ -438,66 +437,64 @@ pkg_full_signature_check(const char *arc | @@ -438,66 +437,64 @@ pkg_full_signature_check(const char *arc | |||
438 | } | 437 | } | |
439 | 438 | |||
440 | static char * | 439 | static char * | |
441 | extract_pkgname(int fd) | 440 | extract_pkgname(int fd) | |
442 | { | 441 | { | |
443 | package_t plist; | 442 | package_t plist; | |
444 | plist_t *p; | 443 | plist_t *p; | |
445 | struct archive *a; | 444 | struct archive *a; | |
446 | struct archive_entry *entry; | 445 | struct archive_entry *entry; | |
447 | char *buf; | 446 | char *buf; | |
448 | ssize_t len; | 447 | ssize_t len; | |
449 | int r; | 448 | int r; | |
450 | 449 | |||
451 | a = archive_read_new(); | 450 | a = prepare_archive(); | |
452 | archive_read_support_compression_all(a); | |||
453 | archive_read_support_format_all(a); | |||
454 | if (archive_read_open_fd(a, fd, 1024)) { | 451 | if (archive_read_open_fd(a, fd, 1024)) { | |
455 | warnx("Cannot open binary package: %s", | 452 | warnx("Cannot open binary package: %s", | |
456 | archive_error_string(a)); | 453 | archive_error_string(a)); | |
457 | archive_read_finish(a); | 454 | archive_read_free(a); | |
458 | return NULL; | 455 | return NULL; | |
459 | } | 456 | } | |
460 | 457 | |||
461 | r = archive_read_next_header(a, &entry); | 458 | r = archive_read_next_header(a, &entry); | |
462 | if (r != ARCHIVE_OK) { | 459 | if (r != ARCHIVE_OK) { | |
463 | warnx("Cannot extract package name: %s", | 460 | warnx("Cannot extract package name: %s", | |
464 | r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); | 461 | r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); | |
465 | archive_read_finish(a); | 462 | archive_read_free(a); | |
466 | return NULL; | 463 | return NULL; | |
467 | } | 464 | } | |
468 | if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { | 465 | if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { | |
469 | warnx("Invalid binary package, doesn't start with +CONTENTS"); | 466 | warnx("Invalid binary package, doesn't start with +CONTENTS"); | |
470 | archive_read_finish(a); | 467 | archive_read_free(a); | |
471 | return NULL; | 468 | return NULL; | |
472 | } | 469 | } | |
473 | if (archive_entry_size(entry) > SSIZE_MAX - 1) { | 470 | if (archive_entry_size(entry) > SSIZE_MAX - 1) { | |
474 | warnx("+CONTENTS too large to process"); | 471 | warnx("+CONTENTS too large to process"); | |
475 | archive_read_finish(a); | 472 | archive_read_free(a); | |
476 | return NULL; | 473 | return NULL; | |
477 | } | 474 | } | |
478 | 475 | |||
479 | len = archive_entry_size(entry); | 476 | len = archive_entry_size(entry); | |
480 | buf = xmalloc(len + 1); | 477 | buf = xmalloc(len + 1); | |
481 | 478 | |||
482 | if (archive_read_data(a, buf, len) != len) { | 479 | if (archive_read_data(a, buf, len) != len) { | |
483 | warnx("Short read when extracing +CONTENTS"); | 480 | warnx("Short read when extracing +CONTENTS"); | |
484 | free(buf); | 481 | free(buf); | |
485 | archive_read_finish(a); | 482 | archive_read_free(a); | |
486 | return NULL; | 483 | return NULL; | |
487 | } | 484 | } | |
488 | buf[len] = '\0'; | 485 | buf[len] = '\0'; | |
489 | 486 | |||
490 | archive_read_finish(a); | 487 | archive_read_free(a); | |
491 | 488 | |||
492 | parse_plist(&plist, buf); | 489 | parse_plist(&plist, buf); | |
493 | free(buf); | 490 | free(buf); | |
494 | p = find_plist(&plist, PLIST_NAME); | 491 | p = find_plist(&plist, PLIST_NAME); | |
495 | if (p != NULL) { | 492 | if (p != NULL) { | |
496 | buf = xstrdup(p->name); | 493 | buf = xstrdup(p->name); | |
497 | } else { | 494 | } else { | |
498 | warnx("Invalid PLIST: missing @name"); | 495 | warnx("Invalid PLIST: missing @name"); | |
499 | buf = NULL; | 496 | buf = NULL; | |
500 | } | 497 | } | |
501 | free_plist(&plist); | 498 | free_plist(&plist); | |
502 | 499 | |||
503 | if (lseek(fd, 0, SEEK_SET) != 0) { | 500 | if (lseek(fd, 0, SEEK_SET) != 0) { | |
@@ -569,27 +566,26 @@ pkg_sign_x509(const char *name, const ch | @@ -569,27 +566,26 @@ pkg_sign_x509(const char *name, const ch | |||
569 | 566 | |||
570 | lseek(fd, 0, SEEK_SET); | 567 | lseek(fd, 0, SEEK_SET); | |
571 | 568 | |||
572 | sign_entry = archive_entry_clone(entry); | 569 | sign_entry = archive_entry_clone(entry); | |
573 | hash_entry = archive_entry_clone(entry); | 570 | hash_entry = archive_entry_clone(entry); | |
574 | pkgname = strrchr(name, '/'); | 571 | pkgname = strrchr(name, '/'); | |
575 | archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); | 572 | archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); | |
576 | archive_entry_set_pathname(hash_entry, HASH_FNAME); | 573 | archive_entry_set_pathname(hash_entry, HASH_FNAME); | |
577 | archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); | 574 | archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME); | |
578 | archive_entry_set_size(hash_entry, strlen(hash_file)); | 575 | archive_entry_set_size(hash_entry, strlen(hash_file)); | |
579 | archive_entry_set_size(sign_entry, signature_len); | 576 | archive_entry_set_size(sign_entry, signature_len); | |
580 | 577 | |||
581 | pkg = archive_write_new(); | 578 | pkg = archive_write_new(); | |
582 | archive_write_set_compression_none(pkg); | |||
583 | archive_write_set_format_ar_bsd(pkg); | 579 | archive_write_set_format_ar_bsd(pkg); | |
584 | archive_write_open_filename(pkg, output); | 580 | archive_write_open_filename(pkg, output); | |
585 | 581 | |||
586 | archive_write_header(pkg, hash_entry); | 582 | archive_write_header(pkg, hash_entry); | |
587 | archive_write_data(pkg, hash_file, strlen(hash_file)); | 583 | archive_write_data(pkg, hash_file, strlen(hash_file)); | |
588 | archive_write_finish_entry(pkg); | 584 | archive_write_finish_entry(pkg); | |
589 | archive_entry_free(hash_entry); | 585 | archive_entry_free(hash_entry); | |
590 | 586 | |||
591 | archive_write_header(pkg, sign_entry); | 587 | archive_write_header(pkg, sign_entry); | |
592 | archive_write_data(pkg, signature_file, signature_len); | 588 | archive_write_data(pkg, signature_file, signature_len); | |
593 | archive_write_finish_entry(pkg); | 589 | archive_write_finish_entry(pkg); | |
594 | archive_entry_free(sign_entry); | 590 | archive_entry_free(sign_entry); | |
595 | 591 | |||
@@ -598,27 +594,27 @@ pkg_sign_x509(const char *name, const ch | @@ -598,27 +594,27 @@ pkg_sign_x509(const char *name, const ch | |||
598 | 594 | |||
599 | for (i = 0; i < size; i += block_len) { | 595 | for (i = 0; i < size; i += block_len) { | |
600 | if (i + (off_t)sizeof(block) < size) | 596 | if (i + (off_t)sizeof(block) < size) | |
601 | block_len = sizeof(block); | 597 | block_len = sizeof(block); | |
602 | else | 598 | else | |
603 | block_len = size % sizeof(block); | 599 | block_len = size % sizeof(block); | |
604 | if (read(fd, block, block_len) != (ssize_t)block_len) | 600 | if (read(fd, block, block_len) != (ssize_t)block_len) | |
605 | err(2, "short read"); | 601 | err(2, "short read"); | |
606 | archive_write_data(pkg, block, block_len); | 602 | archive_write_data(pkg, block, block_len); | |
607 | } | 603 | } | |
608 | archive_write_finish_entry(pkg); | 604 | archive_write_finish_entry(pkg); | |
609 | archive_entry_free(entry); | 605 | archive_entry_free(entry); | |
610 | 606 | |||
611 | archive_write_finish(pkg); | 607 | archive_write_free(pkg); | |
612 | 608 | |||
613 | close(fd); | 609 | close(fd); | |
614 | 610 | |||
615 | exit(0); | 611 | exit(0); | |
616 | } | 612 | } | |
617 | #endif | 613 | #endif | |
618 | 614 | |||
619 | void | 615 | void | |
620 | pkg_sign_gpg(const char *name, const char *output) | 616 | pkg_sign_gpg(const char *name, const char *output) | |
621 | { | 617 | { | |
622 | struct archive *pkg; | 618 | struct archive *pkg; | |
623 | struct archive_entry *entry, *hash_entry, *sign_entry; | 619 | struct archive_entry *entry, *hash_entry, *sign_entry; | |
624 | int fd; | 620 | int fd; | |
@@ -663,27 +659,26 @@ pkg_sign_gpg(const char *name, const cha | @@ -663,27 +659,26 @@ pkg_sign_gpg(const char *name, const cha | |||
663 | 659 | |||
664 | lseek(fd, 0, SEEK_SET); | 660 | lseek(fd, 0, SEEK_SET); | |
665 | 661 | |||
666 | sign_entry = archive_entry_clone(entry); | 662 | sign_entry = archive_entry_clone(entry); | |
667 | hash_entry = archive_entry_clone(entry); | 663 | hash_entry = archive_entry_clone(entry); | |
668 | pkgname = strrchr(name, '/'); | 664 | pkgname = strrchr(name, '/'); | |
669 | archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); | 665 | archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name); | |
670 | archive_entry_set_pathname(hash_entry, HASH_FNAME); | 666 | archive_entry_set_pathname(hash_entry, HASH_FNAME); | |
671 | archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); | 667 | archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME); | |
672 | archive_entry_set_size(hash_entry, strlen(hash_file)); | 668 | archive_entry_set_size(hash_entry, strlen(hash_file)); | |
673 | archive_entry_set_size(sign_entry, signature_len); | 669 | archive_entry_set_size(sign_entry, signature_len); | |
674 | 670 | |||
675 | pkg = archive_write_new(); | 671 | pkg = archive_write_new(); | |
676 | archive_write_set_compression_none(pkg); | |||
677 | archive_write_set_format_ar_bsd(pkg); | 672 | archive_write_set_format_ar_bsd(pkg); | |
678 | archive_write_open_filename(pkg, output); | 673 | archive_write_open_filename(pkg, output); | |
679 | 674 | |||
680 | archive_write_header(pkg, hash_entry); | 675 | archive_write_header(pkg, hash_entry); | |
681 | archive_write_data(pkg, hash_file, strlen(hash_file)); | 676 | archive_write_data(pkg, hash_file, strlen(hash_file)); | |
682 | archive_write_finish_entry(pkg); | 677 | archive_write_finish_entry(pkg); | |
683 | archive_entry_free(hash_entry); | 678 | archive_entry_free(hash_entry); | |
684 | 679 | |||
685 | archive_write_header(pkg, sign_entry); | 680 | archive_write_header(pkg, sign_entry); | |
686 | archive_write_data(pkg, signature_file, signature_len); | 681 | archive_write_data(pkg, signature_file, signature_len); | |
687 | archive_write_finish_entry(pkg); | 682 | archive_write_finish_entry(pkg); | |
688 | archive_entry_free(sign_entry); | 683 | archive_entry_free(sign_entry); | |
689 | 684 | |||
@@ -692,19 +687,19 @@ pkg_sign_gpg(const char *name, const cha | @@ -692,19 +687,19 @@ pkg_sign_gpg(const char *name, const cha | |||
692 | 687 | |||
693 | for (i = 0; i < size; i += block_len) { | 688 | for (i = 0; i < size; i += block_len) { | |
694 | if (i + (off_t)sizeof(block) < size) | 689 | if (i + (off_t)sizeof(block) < size) | |
695 | block_len = sizeof(block); | 690 | block_len = sizeof(block); | |
696 | else | 691 | else | |
697 | block_len = size % sizeof(block); | 692 | block_len = size % sizeof(block); | |
698 | if (read(fd, block, block_len) != (ssize_t)block_len) | 693 | if (read(fd, block, block_len) != (ssize_t)block_len) | |
699 | err(2, "short read"); | 694 | err(2, "short read"); | |
700 | archive_write_data(pkg, block, block_len); | 695 | archive_write_data(pkg, block, block_len); | |
701 | } | 696 | } | |
702 | archive_write_finish_entry(pkg); | 697 | archive_write_finish_entry(pkg); | |
703 | archive_entry_free(entry); | 698 | archive_entry_free(entry); | |
704 | 699 | |||
705 | archive_write_finish(pkg); | 700 | archive_write_free(pkg); | |
706 | 701 | |||
707 | close(fd); | 702 | close(fd); | |
708 | 703 | |||
709 | exit(0); | 704 | exit(0); | |
710 | } | 705 | } |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: version.h,v 1.170 2016/04/10 19:01:19 joerg Exp $ */ | 1 | /* $NetBSD: version.h,v 1.171 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | /* | 3 | /* | |
4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | 4 | * Copyright (c) 2001 Thomas Klausner. All rights reserved. | |
5 | * | 5 | * | |
6 | * Redistribution and use in source and binary forms, with or without | 6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | 7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | 8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | 11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | 12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | 13 | * documentation and/or other materials provided with the distribution. | |
14 | * | 14 | * | |
@@ -17,16 +17,16 @@ | @@ -17,16 +17,16 @@ | |||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | */ | 25 | */ | |
26 | 26 | |||
27 | #ifndef _INST_LIB_VERSION_H_ | 27 | #ifndef _INST_LIB_VERSION_H_ | |
28 | #define _INST_LIB_VERSION_H_ | 28 | #define _INST_LIB_VERSION_H_ | |
29 | 29 | |||
30 | #define PKGTOOLS_VERSION 20160410 | 30 | #define PKGTOOLS_VERSION 20170419 | |
31 | 31 | |||
32 | #endif /* _INST_LIB_VERSION_H_ */ | 32 | #endif /* _INST_LIB_VERSION_H_ */ |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $ */ | 1 | /* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */ | |
2 | 2 | |||
3 | /*- | 3 | /*- | |
4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | 4 | * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>. | |
5 | * All rights reserved. | 5 | * All rights reserved. | |
6 | * | 6 | * | |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | 8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | 9 | * are met: | |
10 | * | 10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | 11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | 12 | * notice, this list of conditions and the following disclaimer. | |
13 | * 2. Redistributions in binary form must reproduce the above copyright | 13 | * 2. Redistributions in binary form must reproduce the above copyright | |
14 | * notice, this list of conditions and the following disclaimer in | 14 | * notice, this list of conditions and the following disclaimer in | |
@@ -28,27 +28,27 @@ | @@ -28,27 +28,27 @@ | |||
28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 28 | * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
29 | * SUCH DAMAGE. | 29 | * SUCH DAMAGE. | |
30 | */ | 30 | */ | |
31 | 31 | |||
32 | #if HAVE_CONFIG_H | 32 | #if HAVE_CONFIG_H | |
33 | #include "config.h" | 33 | #include "config.h" | |
34 | #endif | 34 | #endif | |
35 | 35 | |||
36 | #include <nbcompat.h> | 36 | #include <nbcompat.h> | |
37 | 37 | |||
38 | #if HAVE_SYS_CDEFS_H | 38 | #if HAVE_SYS_CDEFS_H | |
39 | #include <sys/cdefs.h> | 39 | #include <sys/cdefs.h> | |
40 | #endif | 40 | #endif | |
41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $"); | 41 | __RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $"); | |
42 | 42 | |||
43 | #if HAVE_SYS_STAT_H | 43 | #if HAVE_SYS_STAT_H | |
44 | #include <sys/stat.h> | 44 | #include <sys/stat.h> | |
45 | #endif | 45 | #endif | |
46 | #if HAVE_SYS_WAIT_H | 46 | #if HAVE_SYS_WAIT_H | |
47 | #include <sys/wait.h> | 47 | #include <sys/wait.h> | |
48 | #endif | 48 | #endif | |
49 | #ifndef BOOTSTRAP | 49 | #ifndef BOOTSTRAP | |
50 | #include <archive.h> | 50 | #include <archive.h> | |
51 | #endif | 51 | #endif | |
52 | #include <ctype.h> | 52 | #include <ctype.h> | |
53 | #if HAVE_ERR_H | 53 | #if HAVE_ERR_H | |
54 | #include <err.h> | 54 | #include <err.h> | |
@@ -67,26 +67,40 @@ __RCSID("$NetBSD: vulnerabilities-file.c | @@ -67,26 +67,40 @@ __RCSID("$NetBSD: vulnerabilities-file.c | |||
67 | #endif | 67 | #endif | |
68 | #include <unistd.h> | 68 | #include <unistd.h> | |
69 | 69 | |||
70 | #include "lib.h" | 70 | #include "lib.h" | |
71 | 71 | |||
72 | static struct pkg_vulnerabilities *read_pkg_vulnerabilities_archive(struct archive *, int); | 72 | static struct pkg_vulnerabilities *read_pkg_vulnerabilities_archive(struct archive *, int); | |
73 | static struct pkg_vulnerabilities *parse_pkg_vuln(const char *, size_t, int); | 73 | static struct pkg_vulnerabilities *parse_pkg_vuln(const char *, size_t, int); | |
74 | 74 | |||
75 | static const char pgp_msg_start[] = "-----BEGIN PGP SIGNED MESSAGE-----\n"; | 75 | static const char pgp_msg_start[] = "-----BEGIN PGP SIGNED MESSAGE-----\n"; | |
76 | static const char pgp_msg_end[] = "-----BEGIN PGP SIGNATURE-----\n"; | 76 | static const char pgp_msg_end[] = "-----BEGIN PGP SIGNATURE-----\n"; | |
77 | static const char pkcs7_begin[] = "-----BEGIN PKCS7-----\n"; | 77 | static const char pkcs7_begin[] = "-----BEGIN PKCS7-----\n"; | |
78 | static const char pkcs7_end[] = "-----END PKCS7-----\n"; | 78 | static const char pkcs7_end[] = "-----END PKCS7-----\n"; | |
79 | 79 | |||
80 | static struct archive * | |||
81 | prepare_raw_file(void) | |||
82 | { | |||
83 | struct archive *a = archive_read_new(); | |||
84 | if (a == NULL) | |||
85 | errx(EXIT_FAILURE, "memory allocation failed"); | |||
86 | ||||
87 | archive_read_support_filter_gzip(a); | |||
88 | archive_read_support_filter_bzip2(a); | |||
89 | archive_read_support_filter_xz(a); | |||
90 | archive_read_support_format_raw(a); | |||
91 | return a; | |||
92 | } | |||
93 | ||||
80 | static void | 94 | static void | |
81 | verify_signature_pkcs7(const char *input) | 95 | verify_signature_pkcs7(const char *input) | |
82 | { | 96 | { | |
83 | #ifdef HAVE_SSL | 97 | #ifdef HAVE_SSL | |
84 | const char *begin_pkgvul, *end_pkgvul, *begin_sig, *end_sig; | 98 | const char *begin_pkgvul, *end_pkgvul, *begin_sig, *end_sig; | |
85 | 99 | |||
86 | if (strncmp(input, pgp_msg_start, strlen(pgp_msg_start)) == 0) { | 100 | if (strncmp(input, pgp_msg_start, strlen(pgp_msg_start)) == 0) { | |
87 | begin_pkgvul = input + strlen(pgp_msg_start); | 101 | begin_pkgvul = input + strlen(pgp_msg_start); | |
88 | if ((end_pkgvul = strstr(begin_pkgvul, pgp_msg_end)) == NULL) | 102 | if ((end_pkgvul = strstr(begin_pkgvul, pgp_msg_end)) == NULL) | |
89 | errx(EXIT_FAILURE, "Invalid PGP signature"); | 103 | errx(EXIT_FAILURE, "Invalid PGP signature"); | |
90 | if ((begin_sig = strstr(end_pkgvul, pkcs7_begin)) == NULL) | 104 | if ((begin_sig = strstr(end_pkgvul, pkcs7_begin)) == NULL) | |
91 | errx(EXIT_FAILURE, "No PKCS7 signature"); | 105 | errx(EXIT_FAILURE, "No PKCS7 signature"); | |
92 | } else { | 106 | } else { | |
@@ -335,63 +349,55 @@ add_vulnerability(struct pkg_vulnerabili | @@ -335,63 +349,55 @@ add_vulnerability(struct pkg_vulnerabili | |||
335 | 349 | |||
336 | ++pv->entries; | 350 | ++pv->entries; | |
337 | } | 351 | } | |
338 | 352 | |||
339 | struct pkg_vulnerabilities * | 353 | struct pkg_vulnerabilities * | |
340 | read_pkg_vulnerabilities_memory(void *buf, size_t len, int check_sum) | 354 | read_pkg_vulnerabilities_memory(void *buf, size_t len, int check_sum) | |
341 | { | 355 | { | |
342 | #ifdef BOOTSTRAP | 356 | #ifdef BOOTSTRAP | |
343 | errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap"); | 357 | errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap"); | |
344 | #else | 358 | #else | |
345 | struct archive *a; | 359 | struct archive *a; | |
346 | struct pkg_vulnerabilities *pv; | 360 | struct pkg_vulnerabilities *pv; | |
347 | 361 | |||
348 | if ((a = archive_read_new()) == NULL) | 362 | a = prepare_raw_file(); | |
349 | errx(EXIT_FAILURE, "memory allocation failed"); | 363 | if (archive_read_open_memory(a, buf, len) != ARCHIVE_OK) | |
350 | ||||
351 | if (archive_read_support_compression_all(a) != ARCHIVE_OK || | |||
352 | archive_read_support_format_raw(a) != ARCHIVE_OK || | |||
353 | archive_read_open_memory(a, buf, len) != ARCHIVE_OK) | |||
354 | errx(EXIT_FAILURE, "Cannot open pkg_vulnerabilies buffer: %s", | 364 | errx(EXIT_FAILURE, "Cannot open pkg_vulnerabilies buffer: %s", | |
355 | archive_error_string(a)); | 365 | archive_error_string(a)); | |
356 | 366 | |||
357 | pv = read_pkg_vulnerabilities_archive(a, check_sum); | 367 | pv = read_pkg_vulnerabilities_archive(a, check_sum); | |
358 | 368 | |||
359 | return pv; | 369 | return pv; | |
360 | #endif | 370 | #endif | |
361 | } | 371 | } | |
362 | 372 | |||
363 | struct pkg_vulnerabilities * | 373 | struct pkg_vulnerabilities * | |
364 | read_pkg_vulnerabilities_file(const char *path, int ignore_missing, int check_sum) | 374 | read_pkg_vulnerabilities_file(const char *path, int ignore_missing, int check_sum) | |
365 | { | 375 | { | |
366 | #ifdef BOOTSTRAP | 376 | #ifdef BOOTSTRAP | |
367 | errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap"); | 377 | errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap"); | |
368 | #else | 378 | #else | |
369 | struct archive *a; | 379 | struct archive *a; | |
370 | struct pkg_vulnerabilities *pv; | 380 | struct pkg_vulnerabilities *pv; | |
371 | int fd; | 381 | int fd; | |
372 | 382 | |||
373 | if ((fd = open(path, O_RDONLY)) == -1) { | 383 | if ((fd = open(path, O_RDONLY)) == -1) { | |
374 | if (errno == ENOENT && ignore_missing) | 384 | if (errno == ENOENT && ignore_missing) | |
375 | return NULL; | 385 | return NULL; | |
376 | err(EXIT_FAILURE, "Cannot open %s", path); | 386 | err(EXIT_FAILURE, "Cannot open %s", path); | |
377 | } | 387 | } | |
378 | 388 | |||
379 | if ((a = archive_read_new()) == NULL) | 389 | a = prepare_raw_file(); | |
380 | errx(EXIT_FAILURE, "memory allocation failed"); | 390 | if (archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK) | |
381 | ||||
382 | if (archive_read_support_compression_all(a) != ARCHIVE_OK || | |||
383 | archive_read_support_format_raw(a) != ARCHIVE_OK || | |||
384 | archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK) | |||
385 | errx(EXIT_FAILURE, "Cannot open ``%s'': %s", path, | 391 | errx(EXIT_FAILURE, "Cannot open ``%s'': %s", path, | |
386 | archive_error_string(a)); | 392 | archive_error_string(a)); | |
387 | 393 | |||
388 | pv = read_pkg_vulnerabilities_archive(a, check_sum); | 394 | pv = read_pkg_vulnerabilities_archive(a, check_sum); | |
389 | close(fd); | 395 | close(fd); | |
390 | 396 | |||
391 | return pv; | 397 | return pv; | |
392 | #endif | 398 | #endif | |
393 | } | 399 | } | |
394 | 400 | |||
395 | #ifndef BOOTSTRAP | 401 | #ifndef BOOTSTRAP | |
396 | static struct pkg_vulnerabilities * | 402 | static struct pkg_vulnerabilities * | |
397 | read_pkg_vulnerabilities_archive(struct archive *a, int check_sum) | 403 | read_pkg_vulnerabilities_archive(struct archive *a, int check_sum) |