From b9bf574a1b77c308cfb7fb24974f89335ad9c9a6 Mon Sep 17 00:00:00 2001 From: joerg Date: Wed, 19 Apr 2017 21:42:50 +0000 Subject: pkg_install-20170419: - Convert to libarchive 3.x interfaces, avoiding the legacy glue. - Rename local copy of netpgpverify to match installed headers. - Shuffle bootstrap code to reduce special cases in pkg_add. - Always read/write file names in tar archives as binary. While they are supposed to be UTF-8, locale conversion creates more problems than it solves here. - Fix const correctness in gpg_verify. - Add format string annotation for xasprintf for GCC-like compilers. - Restrict supported archive formats for binary packages to ar (signed packages) and tar (actual content) with uncompressed/gzip/bzip2/xz as compression choices. This reduces the exposed libarchive surface. - The pkg-vulnerability file correspondingly supports only the same compression choices. --- pkgtools/pkg_install/Makefile | 14 +++---- pkgtools/pkg_install/files/add/perform.c | 27 +++++-------- pkgtools/pkg_install/files/admin/main.c | 8 ++-- pkgtools/pkg_install/files/create/build.c | 20 +++++---- pkgtools/pkg_install/files/create/util.c | 13 +----- pkgtools/pkg_install/files/info/perform.c | 35 ++++++---------- pkgtools/pkg_install/files/lib/Makefile.in | 6 +-- pkgtools/pkg_install/files/lib/defs.h | 5 ++- pkgtools/pkg_install/files/lib/gpgsig.c | 16 ++++---- pkgtools/pkg_install/files/lib/lib.h | 10 ++++- pkgtools/pkg_install/files/lib/pkg_io.c | 47 +++++++++++++++++----- pkgtools/pkg_install/files/lib/pkg_signature.c | 41 +++++++++---------- pkgtools/pkg_install/files/lib/version.h | 4 +- .../pkg_install/files/lib/vulnerabilities-file.c | 34 +++++++++------- 14 files changed, 144 insertions(+), 136 deletions(-) diff --git a/pkgtools/pkg_install/Makefile b/pkgtools/pkg_install/Makefile index 02aab8921f8..5e557da239b 100644 --- a/pkgtools/pkg_install/Makefile +++ b/pkgtools/pkg_install/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.219 2017/01/03 17:53:14 jperkin Exp $ +# $NetBSD: Makefile,v 1.220 2017/04/19 21:42:50 joerg Exp $ # Notes to package maintainers: # @@ -104,8 +104,8 @@ MAKE_FLAGS+= ACTIVE_CC=clang VERSION!= ${AWK} '/PKGTOOLS_VERSION/ {print $$3}' \ ${FILESDIR}/lib/version.h -# raw format appeared in libarchive 2.8. -BUILDLINK_API_DEPENDS.libarchive+= libarchive>=2.8.0 +# Requires 3.x filter API and bugfixes. +BUILDLINK_API_DEPENDS.libarchive+= libarchive>=3.3.1 .include "../../archivers/bzip2/builtin.mk" .include "../../archivers/xz/builtin.mk" @@ -181,9 +181,9 @@ pre-configure: config-guess-override config-sub-override CPPFLAGS+= -I${WRKDIR}/libfetch LDFLAGS+= -L${WRKDIR}/libfetch # Avoid duplicate and conflicting headers, pull in any we need -# directly with +# directly with CPPFLAGS+= -I${WRKDIR} -LDFLAGS+= -L${WRKDIR}/netpgpverify +LDFLAGS+= -L${WRKDIR}/netpgp CONFIGURE_ENV+= LIBS=${LIBS:Q} @@ -199,7 +199,7 @@ do-extract: @${CP} -R ${FILESDIR.libarchive} ${WRKDIR}/libarchive .endif @${CP} -R ${FILESDIR.libfetch} ${WRKDIR}/libfetch - @${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgpverify + @${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgp pre-configure: .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS]) @@ -223,7 +223,7 @@ pre-configure: ${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} \ ${MAKE_PROGRAM} ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} \ -f ${MAKE_FILE} depend all - cd ${WRKDIR}/netpgpverify && \ + cd ${WRKDIR}/netpgp && \ ${SED} -e '/zlib/d' Makefile.lib.in >Makefile.in && \ ${RM} -f bzlib.h zlib.h && \ ${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure && \ diff --git a/pkgtools/pkg_install/files/add/perform.c b/pkgtools/pkg_install/files/add/perform.c index feddef6bc47..e954cbed2e8 100644 --- a/pkgtools/pkg_install/files/add/perform.c +++ b/pkgtools/pkg_install/files/add/perform.c @@ -1,4 +1,4 @@ -/* $NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $ */ +/* $NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" #endif @@ -6,7 +6,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $"); +__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 2003 Grant Beattie @@ -50,6 +50,7 @@ __RCSID("$NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $"); #if HAVE_FCNTL_H #include #endif +#include #include #include #include @@ -827,8 +828,7 @@ extract_files(struct pkg_task *pkg) out: if (!NoRecord) pkgdb_close(); - archive_write_close(writer); - archive_write_finish(writer); + archive_write_free(writer); return r; } @@ -1373,9 +1373,7 @@ check_license(struct pkg_task *pkg) static int pkg_do(const char *pkgpath, int mark_automatic, int top_level) { -#ifndef BOOTSTRAP char *archive_name; -#endif int status, invalid_sig; struct pkg_task *pkg; @@ -1383,26 +1381,19 @@ pkg_do(const char *pkgpath, int mark_automatic, int top_level) status = -1; -#ifdef BOOTSTRAP - pkg->archive = archive_read_new(); - archive_read_support_compression_all(pkg->archive); - archive_read_support_format_all(pkg->archive); - if (archive_read_open_filename(pkg->archive, pkgpath, 1024)) { - warnx("no pkg found for '%s', sorry.", pkgpath); - archive_read_free(pkg->archive); - goto clean_find_archive; - } -#else pkg->archive = find_archive(pkgpath, top_level, &archive_name); if (pkg->archive == NULL) { warnx("no pkg found for '%s', sorry.", pkgpath); goto clean_find_archive; } +#ifndef BOOTSTRAP invalid_sig = pkg_verify_signature(archive_name, &pkg->archive, &pkg->entry, &pkg->pkgname); - free(archive_name); +#else + invalid_sig = 0; #endif + free(archive_name); if (pkg->archive == NULL) goto clean_memory; @@ -1572,7 +1563,7 @@ clean_memory: free_plist(&pkg->plist); free_meta_data(pkg); if (pkg->archive) - archive_read_finish(pkg->archive); + archive_read_free(pkg->archive); free(pkg->other_version); free(pkg->pkgname); clean_find_archive: diff --git a/pkgtools/pkg_install/files/admin/main.c b/pkgtools/pkg_install/files/admin/main.c index 82017938368..482f8b0aa92 100644 --- a/pkgtools/pkg_install/files/admin/main.c +++ b/pkgtools/pkg_install/files/admin/main.c @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $ */ +/* $NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $"); +__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 1999-2009 The NetBSD Foundation, Inc. @@ -608,8 +608,8 @@ main(int argc, char *argv[]) if (pkg_full_signature_check(archive_name, &pkg)) rc = 1; free(archive_name); - if (!pkg) - archive_read_finish(pkg); + if (pkg != NULL) + archive_read_free(pkg); } return rc; } else if (strcasecmp(argv[0], "x509-sign-package") == 0) { diff --git a/pkgtools/pkg_install/files/create/build.c b/pkgtools/pkg_install/files/create/build.c index 4479a19871e..1c13cb587bc 100644 --- a/pkgtools/pkg_install/files/create/build.c +++ b/pkgtools/pkg_install/files/create/build.c @@ -1,4 +1,4 @@ -/* $NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $ */ +/* $NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $"); +__RCSID("$NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 2007 Joerg Sonnenberger . @@ -233,6 +233,7 @@ make_dist(const char *pkg, const char *suffix, const package_t *plist) archive = archive_write_new(); archive_write_set_format_pax_restricted(archive); + archive_write_set_options(archive, "hdrcharset=BINARY"); if ((resolver = archive_entry_linkresolver_new()) == NULL) errx(2, "cannot create link resolver"); archive_entry_linkresolver_set_strategy(resolver, @@ -250,20 +251,18 @@ make_dist(const char *pkg, const char *suffix, const package_t *plist) } if (strcmp(CompressionType, "bzip2") == 0) - archive_write_set_compression_bzip2(archive); + archive_write_add_filter_bzip2(archive); else if (strcmp(CompressionType, "gzip") == 0) - archive_write_set_compression_gzip(archive); + archive_write_add_filter_gzip(archive); else if (strcmp(CompressionType, "xz") == 0) - archive_write_set_compression_xz(archive); - else if (strcmp(CompressionType, "none") == 0) - archive_write_set_compression_none(archive); - else + archive_write_add_filter_xz(archive); + else if (strcmp(CompressionType, "none") != 0) errx(1, "Unspported compression type for -F: %s", CompressionType); archive_name = xasprintf("%s.%s", pkg, suffix); - if (archive_write_open_file(archive, archive_name)) + if (archive_write_open_filename(archive, archive_name)) errx(2, "cannot create archive: %s", archive_error_string(archive)); free(archive_name); @@ -324,9 +323,8 @@ make_dist(const char *pkg, const char *suffix, const package_t *plist) archive_entry_linkresolver_free(resolver); - if (archive_write_close(archive)) + if (archive_write_free(archive)) errx(2, "cannot finish archive: %s", archive_error_string(archive)); - archive_write_finish(archive); free(initial_cwd); } diff --git a/pkgtools/pkg_install/files/create/util.c b/pkgtools/pkg_install/files/create/util.c index d17b1fed763..88d470cffb1 100644 --- a/pkgtools/pkg_install/files/create/util.c +++ b/pkgtools/pkg_install/files/create/util.c @@ -39,27 +39,18 @@ #if HAVE_ERR_H #include #endif +#include #if HAVE_PWD_H #include #endif +#include #if HAVE_PWD_H #include #endif -#if HAVE_STDLIB_H #include -#endif -#if HAVE_STRING_H #include -#endif -#if HAVE_TIME_H #include -#endif -#if HAVE_UNISTD_H #include -#endif -#if HAVE_FCNTL_H -#include -#endif #include "lib.h" #include "create.h" diff --git a/pkgtools/pkg_install/files/info/perform.c b/pkgtools/pkg_install/files/info/perform.c index f227b85c395..e3bbbcb7fe0 100644 --- a/pkgtools/pkg_install/files/info/perform.c +++ b/pkgtools/pkg_install/files/info/perform.c @@ -1,4 +1,4 @@ -/* $NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $ */ +/* $NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,13 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -#if HAVE_SYS_QUEUE_H -#include -#endif -#if HAVE_SYS_WAIT_H -#include -#endif -__RCSID("$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $"); +__RCSID("$NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 2008 Joerg Sonnenberger . @@ -73,6 +67,12 @@ __RCSID("$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $"); #if HAVE_SYS_STAT_H #include #endif +#if HAVE_SYS_QUEUE_H +#include +#endif +#if HAVE_SYS_WAIT_H +#include +#endif #ifndef BOOTSTRAP #include @@ -81,22 +81,13 @@ __RCSID("$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $"); #if HAVE_ERR_H #include #endif -#if HAVE_ERRNO_H +#include +#include #include -#endif -#if HAVE_FCNTL_H #include -#endif -#if HAVE_SIGNAL_H -#include -#endif -#if HAVE_DIRENT_H -#include -#endif -#if HAVE_CTYPE_H -#include -#endif +#include #include +#include #define LOAD_CONTENTS (1 << 0) #define LOAD_COMMENT (1 << 1) @@ -358,7 +349,7 @@ pkg_do(const char *pkg) free(pkgname); meta = read_meta_data_from_archive(archive, entry); - archive_read_finish(archive); + archive_read_free(archive); if (!IS_URL(pkg)) binpkgfile = pkg; #endif diff --git a/pkgtools/pkg_install/files/lib/Makefile.in b/pkgtools/pkg_install/files/lib/Makefile.in index 5a5d77bb9d6..bb1e7e7cec1 100644 --- a/pkgtools/pkg_install/files/lib/Makefile.in +++ b/pkgtools/pkg_install/files/lib/Makefile.in @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.in,v 1.35 2015/09/01 12:14:06 jperkin Exp $ +# $NetBSD: Makefile.in,v 1.36 2017/04/19 21:42:50 joerg Exp $ srcdir= @srcdir@ @@ -28,7 +28,7 @@ LIB= libinstall.a OBJS= automatic.o conflicts.o dewey.o fexec.o file.o \ global.o iterate.o license.o lpkg.o opattern.o \ - parse-config.o pkgdb.o plist.o remove.o \ + parse-config.o pkgdb.o pkg_io.o plist.o remove.o \ str.o var.o version.o vulnerabilities-file.o xwrapper.o CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" @@ -36,7 +36,7 @@ CPPFLAGS+= -DSYSCONFDIR=\"$(sysconfdir)\" .if !empty(BOOTSTRAP) CPPFLAGS+= -DBOOTSTRAP .else -OBJS+= gpgsig.o pkg_io.o pkg_signature.o +OBJS+= gpgsig.o pkg_signature.o .endif .if !empty(SSL_SUPPORT) diff --git a/pkgtools/pkg_install/files/lib/defs.h b/pkgtools/pkg_install/files/lib/defs.h index 6916c122ef8..a592358c224 100644 --- a/pkgtools/pkg_install/files/lib/defs.h +++ b/pkgtools/pkg_install/files/lib/defs.h @@ -1,4 +1,4 @@ -/* $NetBSD: defs.h,v 1.10 2012/02/21 18:32:14 wiz Exp $ */ +/* $NetBSD: defs.h,v 1.11 2017/04/19 21:42:50 joerg Exp $ */ /*- * Copyright (c) 1999,2000,2009 The NetBSD Foundation, Inc. @@ -38,6 +38,9 @@ #if HAVE_ERR_H #include #endif +#if HAVE_INTTYPES_H +#include +#endif #if HAVE_STDLIB_H #include #endif diff --git a/pkgtools/pkg_install/files/lib/gpgsig.c b/pkgtools/pkg_install/files/lib/gpgsig.c index c0cd9e08eb1..499fdea8d32 100644 --- a/pkgtools/pkg_install/files/lib/gpgsig.c +++ b/pkgtools/pkg_install/files/lib/gpgsig.c @@ -1,4 +1,4 @@ -/* $NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $ */ +/* $NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" #endif @@ -7,7 +7,7 @@ #include #endif -__RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $"); +__RCSID("$NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 2008 Joerg Sonnenberger . @@ -50,8 +50,9 @@ __RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $"); #include #endif +#include + #include "lib.h" -#include "netpgpverify/verify.h" int gpg_verify(const char *content, size_t len, const char *keyring, @@ -62,17 +63,19 @@ gpg_verify(const char *content, size_t len, const char *keyring, static const char hdr1[] = "-----BEGIN PGP SIGNED MESSAGE-----\n"; static const char hdr2[] = "Hash: SHA512\n\n"; ssize_t buflen; - char *buf; + char *allocated_buf; + const char *buf; /* * If there is a detached signature we need to construct a format that * netpgp can parse, otherwise use as-is. */ if (sig_len) { - buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig); + buf = allocated_buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig); buflen = strlen(buf); } else { buf = content; + allocated_buf = NULL; buflen = len; } @@ -88,8 +91,7 @@ gpg_verify(const char *content, size_t len, const char *keyring, pgpv_close(pgp); - if (sig_len) - free(buf); + free(allocated_buf); return 0; } diff --git a/pkgtools/pkg_install/files/lib/lib.h b/pkgtools/pkg_install/files/lib/lib.h index 7032575922f..d4e72ce2f79 100644 --- a/pkgtools/pkg_install/files/lib/lib.h +++ b/pkgtools/pkg_install/files/lib/lib.h @@ -1,4 +1,4 @@ -/* $NetBSD: lib.h,v 1.67 2015/10/15 13:31:27 sevan Exp $ */ +/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */ /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */ @@ -316,6 +316,7 @@ int has_pkgdir(const char *); struct archive; struct archive_entry; +struct archive *prepare_archive(void); struct archive *open_archive(const char *, char **); struct archive *find_archive(const char *, int, char **); void process_pkg_path(void); @@ -412,7 +413,12 @@ char *xstrdup(const char *); void *xrealloc(void *, size_t); void *xcalloc(size_t, size_t); void *xmalloc(size_t); -char *xasprintf(const char *, ...); +#if defined(__GNUC__) && __GNUC__ >= 2 +char *xasprintf(const char *, ...) + __attribute__((__format__(__printf__, 1, 2))); +#else +char *xasprintf(const char *, ...); +#endif /* Externs */ extern Boolean Verbose; diff --git a/pkgtools/pkg_install/files/lib/pkg_io.c b/pkgtools/pkg_install/files/lib/pkg_io.c index 59f934f9ceb..82076d2f7ec 100644 --- a/pkgtools/pkg_install/files/lib/pkg_io.c +++ b/pkgtools/pkg_install/files/lib/pkg_io.c @@ -1,4 +1,4 @@ -/* $NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $ */ +/* $NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $ */ /*- * Copyright (c) 2008, 2009 Joerg Sonnenberger . * All rights reserved. @@ -36,7 +36,7 @@ #include #endif -__RCSID("$NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $"); +__RCSID("$NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $"); #include #include @@ -46,9 +46,14 @@ __RCSID("$NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $"); #if HAVE_ERRNO_H #include #endif -#include #include +#ifdef BOOTSTRAP +#define IS_URL(x) 0 +#else +#include +#endif + #include "lib.h" struct pkg_path { @@ -59,6 +64,7 @@ struct pkg_path { static char *orig_cwd, *last_toplevel; static TAILQ_HEAD(, pkg_path) pkg_path = TAILQ_HEAD_INITIALIZER(pkg_path); +#ifndef BOOTSTRAP struct fetch_archive { struct url *url; fetchIO *fetch; @@ -145,19 +151,33 @@ open_archive_by_url(struct url *url, char **archive_name) *archive_name = fetchStringifyURL(url); - a = archive_read_new(); - archive_read_support_compression_all(a); - archive_read_support_format_all(a); + a = prepare_archive(); if (archive_read_open(a, f, fetch_archive_open, fetch_archive_read, fetch_archive_close)) { free(*archive_name); *archive_name = NULL; - archive_read_finish(a); + archive_read_free(a); return NULL; } return a; } +#endif /* !BOOTSTRAP */ + +struct archive * +prepare_archive(void) +{ + struct archive *a = archive_read_new(); + if (a == NULL) + errx(EXIT_FAILURE, "memory allocation failed"); + archive_read_support_filter_gzip(a); + archive_read_support_filter_bzip2(a); + archive_read_support_filter_xz(a); + archive_read_support_format_ar(a); + archive_read_support_format_tar(a); + archive_read_set_options(a, "hdrcharset=BINARY"); + return a; +} struct archive * open_archive(const char *url, char **archive_name) @@ -168,9 +188,7 @@ open_archive(const char *url, char **archive_name) *archive_name = NULL; if (!IS_URL(url)) { - a = archive_read_new(); - archive_read_support_compression_all(a); - archive_read_support_format_all(a); + a = prepare_archive(); if (archive_read_open_filename(a, url, 1024)) { archive_read_close(a); return NULL; @@ -179,6 +197,9 @@ open_archive(const char *url, char **archive_name) return a; } +#ifdef BOOTSTRAP + return NULL; +#else if ((u = fetchParseURL(url)) == NULL) return NULL; @@ -186,8 +207,10 @@ open_archive(const char *url, char **archive_name) fetchFreeURL(u); return a; +#endif } +#ifndef BOOTSTRAP static int strip_suffix(char *filename) { @@ -333,6 +356,7 @@ find_best_package(const char *toplevel, const char *pattern, int do_path) return best_match; } +#endif /* !BOOTSTRAP */ struct archive * find_archive(const char *fname, int top_level, char **archive_name) @@ -364,7 +388,7 @@ find_archive(const char *fname, int top_level, char **archive_name) free(full_fname); return a; } - +#ifndef BOOTSTRAP fname = last_slash + 1; *last_slash = '\0'; @@ -379,5 +403,6 @@ find_archive(const char *fname, int top_level, char **archive_name) return NULL; a = open_archive_by_url(best_match, archive_name); fetchFreeURL(best_match); +#endif /* !BOOTSTRAP */ return a; } diff --git a/pkgtools/pkg_install/files/lib/pkg_signature.c b/pkgtools/pkg_install/files/lib/pkg_signature.c index 78b5d0dcab7..b62a8274a22 100644 --- a/pkgtools/pkg_install/files/lib/pkg_signature.c +++ b/pkgtools/pkg_install/files/lib/pkg_signature.c @@ -1,4 +1,4 @@ -/* $NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $ */ +/* $NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $ */ #if HAVE_CONFIG_H #include "config.h" @@ -7,7 +7,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $"); +__RCSID("$NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $"); /*- * Copyright (c) 2008 Joerg Sonnenberger . @@ -47,6 +47,7 @@ __RCSID("$NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $"); #endif #include #include +#include #include #ifndef NETBSD #include @@ -159,7 +160,7 @@ verify_signature_close_cb(struct archive *archive, void *cookie) { struct signature_archive *state = cookie; - archive_read_finish(state->archive); + archive_read_free(state->archive); free_signature_int(state); return 0; } @@ -330,7 +331,7 @@ pkg_verify_signature(const char *archive_name, struct archive **archive, r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME, &hash_file, &hash_len); if (r == -1) { - archive_read_finish(*archive); + archive_read_free(*archive); *archive = NULL; free(state); goto no_valid_signature; @@ -345,7 +346,7 @@ pkg_verify_signature(const char *archive_name, struct archive **archive, r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME, &signature_file, &signature_len); if (r == -1) { - archive_read_finish(*archive); + archive_read_free(*archive); *archive = NULL; free(state); free(hash_file); @@ -356,7 +357,7 @@ pkg_verify_signature(const char *archive_name, struct archive **archive, entry, GPG_SIGNATURE_FNAME, &signature_file, &signature_len); if (r == -1) { - archive_read_finish(*archive); + archive_read_free(*archive); *archive = NULL; free(state); free(hash_file); @@ -399,13 +400,11 @@ pkg_verify_signature(const char *archive_name, struct archive **archive, state->archive = *archive; - a = archive_read_new(); - archive_read_support_compression_all(a); - archive_read_support_format_all(a); + a = prepare_archive(); if (archive_read_open(a, state, NULL, verify_signature_read_cb, verify_signature_close_cb)) { warnx("Can't open signed package file"); - archive_read_finish(a); + archive_read_free(a); goto no_valid_signature; } *archive = a; @@ -448,13 +447,11 @@ extract_pkgname(int fd) ssize_t len; int r; - a = archive_read_new(); - archive_read_support_compression_all(a); - archive_read_support_format_all(a); + a = prepare_archive(); if (archive_read_open_fd(a, fd, 1024)) { warnx("Cannot open binary package: %s", archive_error_string(a)); - archive_read_finish(a); + archive_read_free(a); return NULL; } @@ -462,17 +459,17 @@ extract_pkgname(int fd) if (r != ARCHIVE_OK) { warnx("Cannot extract package name: %s", r == ARCHIVE_EOF ? "EOF" : archive_error_string(a)); - archive_read_finish(a); + archive_read_free(a); return NULL; } if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) { warnx("Invalid binary package, doesn't start with +CONTENTS"); - archive_read_finish(a); + archive_read_free(a); return NULL; } if (archive_entry_size(entry) > SSIZE_MAX - 1) { warnx("+CONTENTS too large to process"); - archive_read_finish(a); + archive_read_free(a); return NULL; } @@ -482,12 +479,12 @@ extract_pkgname(int fd) if (archive_read_data(a, buf, len) != len) { warnx("Short read when extracing +CONTENTS"); free(buf); - archive_read_finish(a); + archive_read_free(a); return NULL; } buf[len] = '\0'; - archive_read_finish(a); + archive_read_free(a); parse_plist(&plist, buf); free(buf); @@ -579,7 +576,6 @@ pkg_sign_x509(const char *name, const char *output, const char *key_file, const archive_entry_set_size(sign_entry, signature_len); pkg = archive_write_new(); - archive_write_set_compression_none(pkg); archive_write_set_format_ar_bsd(pkg); archive_write_open_filename(pkg, output); @@ -608,7 +604,7 @@ pkg_sign_x509(const char *name, const char *output, const char *key_file, const archive_write_finish_entry(pkg); archive_entry_free(entry); - archive_write_finish(pkg); + archive_write_free(pkg); close(fd); @@ -673,7 +669,6 @@ pkg_sign_gpg(const char *name, const char *output) archive_entry_set_size(sign_entry, signature_len); pkg = archive_write_new(); - archive_write_set_compression_none(pkg); archive_write_set_format_ar_bsd(pkg); archive_write_open_filename(pkg, output); @@ -702,7 +697,7 @@ pkg_sign_gpg(const char *name, const char *output) archive_write_finish_entry(pkg); archive_entry_free(entry); - archive_write_finish(pkg); + archive_write_free(pkg); close(fd); diff --git a/pkgtools/pkg_install/files/lib/version.h b/pkgtools/pkg_install/files/lib/version.h index adf3b42061c..aef3e34e46e 100644 --- a/pkgtools/pkg_install/files/lib/version.h +++ b/pkgtools/pkg_install/files/lib/version.h @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.170 2016/04/10 19:01:19 joerg Exp $ */ +/* $NetBSD: version.h,v 1.171 2017/04/19 21:42:50 joerg Exp $ */ /* * Copyright (c) 2001 Thomas Klausner. All rights reserved. @@ -27,6 +27,6 @@ #ifndef _INST_LIB_VERSION_H_ #define _INST_LIB_VERSION_H_ -#define PKGTOOLS_VERSION 20160410 +#define PKGTOOLS_VERSION 20170419 #endif /* _INST_LIB_VERSION_H_ */ diff --git a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c index e620986fead..614522220bb 100644 --- a/pkgtools/pkg_install/files/lib/vulnerabilities-file.c +++ b/pkgtools/pkg_install/files/lib/vulnerabilities-file.c @@ -1,4 +1,4 @@ -/* $NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $ */ +/* $NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $ */ /*- * Copyright (c) 2008, 2010 Joerg Sonnenberger . @@ -38,7 +38,7 @@ #if HAVE_SYS_CDEFS_H #include #endif -__RCSID("$NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $"); +__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $"); #if HAVE_SYS_STAT_H #include @@ -77,6 +77,20 @@ static const char pgp_msg_end[] = "-----BEGIN PGP SIGNATURE-----\n"; static const char pkcs7_begin[] = "-----BEGIN PKCS7-----\n"; static const char pkcs7_end[] = "-----END PKCS7-----\n"; +static struct archive * +prepare_raw_file(void) +{ + struct archive *a = archive_read_new(); + if (a == NULL) + errx(EXIT_FAILURE, "memory allocation failed"); + + archive_read_support_filter_gzip(a); + archive_read_support_filter_bzip2(a); + archive_read_support_filter_xz(a); + archive_read_support_format_raw(a); + return a; +} + static void verify_signature_pkcs7(const char *input) { @@ -345,12 +359,8 @@ read_pkg_vulnerabilities_memory(void *buf, size_t len, int check_sum) struct archive *a; struct pkg_vulnerabilities *pv; - if ((a = archive_read_new()) == NULL) - errx(EXIT_FAILURE, "memory allocation failed"); - - if (archive_read_support_compression_all(a) != ARCHIVE_OK || - archive_read_support_format_raw(a) != ARCHIVE_OK || - archive_read_open_memory(a, buf, len) != ARCHIVE_OK) + a = prepare_raw_file(); + if (archive_read_open_memory(a, buf, len) != ARCHIVE_OK) errx(EXIT_FAILURE, "Cannot open pkg_vulnerabilies buffer: %s", archive_error_string(a)); @@ -376,12 +386,8 @@ read_pkg_vulnerabilities_file(const char *path, int ignore_missing, int check_su err(EXIT_FAILURE, "Cannot open %s", path); } - if ((a = archive_read_new()) == NULL) - errx(EXIT_FAILURE, "memory allocation failed"); - - if (archive_read_support_compression_all(a) != ARCHIVE_OK || - archive_read_support_format_raw(a) != ARCHIVE_OK || - archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK) + a = prepare_raw_file(); + if (archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK) errx(EXIT_FAILURE, "Cannot open ``%s'': %s", path, archive_error_string(a)); -- cgit v1.2.3