2 * Copyright (c) 2007, Novell Inc.
4 * This program is licensed under the BSD license, read LICENSE.BSD
5 * for further information
9 #define _XOPEN_SOURCE /* glibc2 needs this */
10 #include <sys/types.h>
18 #include "solv_xmlparser.h"
19 #include "repo_updateinfoxml.h"
21 #include "tools_util.h"
25 * <update from="rel-eng@fedoraproject.org" status="stable" type="security" version="1.4">
26 * <id>FEDORA-2007-4594</id>
27 * <title>imlib-1.9.15-6.fc8</title>
28 * <severity>Important</severity>
29 * <release>Fedora 8</release>
30 * <rights>Copyright 2007 Company Inc</rights>
31 * <issued date="2007-12-28 16:42:30"/>
32 * <updated date="2008-03-14 12:00:00"/>
34 * <reference href="https://bugzilla.redhat.com/show_bug.cgi?id=426091" id="426091" title="CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image" type="bugzilla"/>
36 * <description>This update includes a fix for a denial-of-service issue (CVE-2007-3568) whereby an attacker who could get an imlib-using user to view a specially-crafted BMP image could cause the user's CPU to go into an infinite loop.</description>
38 * <collection short="F8">
39 * <name>Fedora 8</name>
40 * <module name="pki-deps" stream="10.6" version="20181019123559" context="9edba152" arch="x86_64"/>
41 * <package arch="ppc64" name="imlib-debuginfo" release="6.fc8" src="http://download.fedoraproject.org/pub/fedora/linux/updates/8/ppc64/imlib-debuginfo-1.9.15-6.fc8.ppc64.rpm" version="1.9.15">
42 * <filename>imlib-debuginfo-1.9.15-6.fc8.ppc64.rpm</filename>
43 * <reboot_suggested>True</reboot_suggested>
78 static struct solv_xmlparser_element stateswitches[] = {
79 { STATE_START, "updates", STATE_UPDATES, 0 },
80 { STATE_START, "update", STATE_UPDATE, 0 },
81 { STATE_UPDATES, "update", STATE_UPDATE, 0 },
82 { STATE_UPDATE, "id", STATE_ID, 1 },
83 { STATE_UPDATE, "title", STATE_TITLE, 1 },
84 { STATE_UPDATE, "severity", STATE_SEVERITY, 1 },
85 { STATE_UPDATE, "rights", STATE_RIGHTS, 1 },
86 { STATE_UPDATE, "release", STATE_RELEASE, 1 },
87 { STATE_UPDATE, "issued", STATE_ISSUED, 0 },
88 { STATE_UPDATE, "updated", STATE_UPDATED, 0 },
89 { STATE_UPDATE, "description", STATE_DESCRIPTION, 1 },
90 { STATE_UPDATE, "message", STATE_MESSAGE , 1 },
91 { STATE_UPDATE, "references", STATE_REFERENCES, 0 },
92 { STATE_UPDATE, "pkglist", STATE_PKGLIST, 0 },
93 { STATE_REFERENCES, "reference", STATE_REFERENCE, 0 },
94 { STATE_PKGLIST, "collection", STATE_COLLECTION, 0 },
95 { STATE_COLLECTION, "name", STATE_NAME, 1 },
96 { STATE_COLLECTION, "package", STATE_PACKAGE, 0 },
97 { STATE_COLLECTION, "module", STATE_MODULE, 0 },
98 { STATE_PACKAGE, "filename", STATE_FILENAME, 1 },
99 { STATE_PACKAGE, "reboot_suggested",STATE_REBOOT, 1 },
100 { STATE_PACKAGE, "restart_suggested",STATE_RESTART, 1 },
101 { STATE_PACKAGE, "relogin_suggested",STATE_RELOGIN, 1 },
114 struct solv_xmlparser xmlp;
120 * Convert date strings ("1287746075" or "2010-10-22 13:14:35")
124 datestr2timestamp(const char *date)
131 for (p = date; *p >= '0' && *p <= '9'; p++)
135 memset(&tm, 0, sizeof(tm));
136 if (!strptime(date, "%F%T", &tm))
142 * create evr (as Id) from 'epoch', 'version' and 'release' attributes
145 makeevr_atts(Pool *pool, struct parsedata *pd, const char **atts)
147 const char *e, *v, *r, *v2;
152 for (; *atts; atts += 2)
154 if (!strcmp(*atts, "epoch"))
156 else if (!strcmp(*atts, "version"))
158 else if (!strcmp(*atts, "release"))
161 if (e && (!*e || !strcmp(e, "0")))
165 for (v2 = v; *v2 >= '0' && *v2 <= '9'; v2++)
167 if (v2 > v && *v2 == ':')
178 c = space = solv_xmlparser_contentspace(&pd->xmlp, l);
200 fprintf(stderr, "evr: %s\n", space);
202 return pool_str2id(pool, space, 1);
208 startElement(struct solv_xmlparser *xmlp, int state, const char *name, const char **atts)
210 struct parsedata *pd = xmlp->userdata;
211 Pool *pool = pd->pool;
212 Solvable *solvable = pd->solvable;
217 * <update from="rel-eng@fedoraproject.org"
219 * type="bugfix" (enhancement, security)
224 const char *from = 0, *type = 0, *version = 0, *status = 0;
225 for (; *atts; atts += 2)
227 if (!strcmp(*atts, "from"))
229 else if (!strcmp(*atts, "type"))
231 else if (!strcmp(*atts, "version"))
233 else if (!strcmp(*atts, "status"))
236 solvable = pd->solvable = pool_id2solvable(pool, repo_add_solvable(pd->repo));
237 pd->handle = pd->solvable - pool->solvables;
239 solvable->vendor = pool_str2id(pool, from, 1);
240 solvable->evr = pool_str2id(pool, version, 1);
241 solvable->arch = ARCH_NOARCH;
243 repodata_set_str(pd->data, pd->handle, SOLVABLE_PATCHCATEGORY, type);
245 repodata_set_poolstr(pd->data, pd->handle, UPDATE_STATUS, status);
246 pd->buildtime = (time_t)0;
253 const char *date = solv_xmlparser_find_attr("date", atts);
256 time_t t = datestr2timestamp(date);
257 if (t && t > pd->buildtime)
263 case STATE_REFERENCE:
265 const char *href = 0, *id = 0, *title = 0, *type = 0;
267 for (; *atts; atts += 2)
269 if (!strcmp(*atts, "href"))
271 else if (!strcmp(*atts, "id"))
273 else if (!strcmp(*atts, "title"))
275 else if (!strcmp(*atts, "type"))
278 refhandle = repodata_new_handle(pd->data);
280 repodata_set_str(pd->data, refhandle, UPDATE_REFERENCE_HREF, href);
282 repodata_set_str(pd->data, refhandle, UPDATE_REFERENCE_ID, id);
284 repodata_set_str(pd->data, refhandle, UPDATE_REFERENCE_TITLE, title);
286 repodata_set_poolstr(pd->data, refhandle, UPDATE_REFERENCE_TYPE, type);
287 repodata_add_flexarray(pd->data, pd->handle, UPDATE_REFERENCE, refhandle);
291 case STATE_COLLECTION:
292 queue_empty(&pd->collectionq);
295 /* <package arch="ppc64" name="imlib-debuginfo" release="6.fc8"
296 * src="http://download.fedoraproject.org/pub/fedora/linux/updates/8/ppc64/imlib-debuginfo-1.9.15-6.fc8.ppc64.rpm"
300 * -> patch.conflicts: {name} < {version}.{release}
304 const char *arch = 0, *name = 0;
305 Id evr = makeevr_atts(pool, pd, atts); /* parse "epoch", "version", "release" */
308 for (; *atts; atts += 2)
310 if (!strcmp(*atts, "arch"))
312 else if (!strcmp(*atts, "name"))
315 n = name ? pool_str2id(pool, name, 1) : 0;
316 a = arch ? pool_str2id(pool, arch, 1) : 0;
318 /* generated conflicts for the package */
319 if (a && a != ARCH_NOARCH)
321 id = pool_rel2id(pool, n, a, REL_ARCH, 1);
322 id = pool_rel2id(pool, id, evr, REL_LT, 1);
323 solvable->conflicts = repo_addid_dep(pd->repo, solvable->conflicts, id, 0);
324 id = pool_rel2id(pool, n, ARCH_NOARCH, REL_ARCH, 1);
325 id = pool_rel2id(pool, id, evr, REL_LT, 1);
326 solvable->conflicts = repo_addid_dep(pd->repo, solvable->conflicts, id, 0);
330 id = pool_rel2id(pool, n, evr, REL_LT, 1);
331 solvable->conflicts = repo_addid_dep(pd->repo, solvable->conflicts, id, 0);
334 /* UPDATE_COLLECTION is misnamed, it should have been UPDATE_PACKAGE */
335 pd->pkghandle = repodata_new_handle(pd->data);
336 repodata_set_id(pd->data, pd->pkghandle, UPDATE_COLLECTION_NAME, n);
337 repodata_set_id(pd->data, pd->pkghandle, UPDATE_COLLECTION_EVR, evr);
339 repodata_set_id(pd->data, pd->pkghandle, UPDATE_COLLECTION_ARCH, a);
344 const char *name = 0, *stream = 0, *version = 0, *context = 0, *arch = 0;
347 for (; *atts; atts += 2)
349 if (!strcmp(*atts, "arch"))
351 else if (!strcmp(*atts, "name"))
353 else if (!strcmp(*atts, "stream"))
355 else if (!strcmp(*atts, "version"))
357 else if (!strcmp(*atts, "context"))
360 module_handle = repodata_new_handle(pd->data);
362 repodata_set_poolstr(pd->data, module_handle, UPDATE_MODULE_NAME, name);
364 repodata_set_poolstr(pd->data, module_handle, UPDATE_MODULE_STREAM, stream);
366 repodata_set_poolstr(pd->data, module_handle, UPDATE_MODULE_VERSION, version);
368 repodata_set_poolstr(pd->data, module_handle, UPDATE_MODULE_CONTEXT, context);
370 repodata_set_poolstr(pd->data, module_handle, UPDATE_MODULE_ARCH, arch);
371 repodata_add_flexarray(pd->data, pd->handle, UPDATE_MODULE, module_handle);
372 queue_push2(&pd->collectionq, UPDATE_MODULE, module_handle);
384 endElement(struct solv_xmlparser *xmlp, int state, char *content)
386 struct parsedata *pd = xmlp->userdata;
387 Pool *pool = pd->pool;
388 Solvable *s = pd->solvable;
389 Repo *repo = pd->repo;
394 s->provides = repo_addid_dep(repo, s->provides, pool_rel2id(pool, s->name, s->evr, REL_EQ, 1), 0);
397 repodata_set_num(pd->data, pd->handle, SOLVABLE_BUILDTIME, pd->buildtime);
398 pd->buildtime = (time_t)0;
403 s->name = pool_str2id(pool, join2(&pd->jd, "patch", ":", content), 1);
406 /* <title>imlib-1.9.15-6.fc8</title> */
408 /* strip trailing newlines */
409 while (pd->xmlp.lcontent > 0 && content[pd->xmlp.lcontent - 1] == '\n')
410 content[--pd->xmlp.lcontent] = 0;
411 repodata_set_str(pd->data, pd->handle, SOLVABLE_SUMMARY, content);
415 repodata_set_poolstr(pd->data, pd->handle, UPDATE_SEVERITY, content);
419 repodata_set_poolstr(pd->data, pd->handle, UPDATE_RIGHTS, content);
423 * <description>This update ...</description>
425 case STATE_DESCRIPTION:
426 repodata_set_str(pd->data, pd->handle, SOLVABLE_DESCRIPTION, content);
430 * <message>Warning! ...</message>
433 repodata_set_str(pd->data, pd->handle, UPDATE_MESSAGE, content);
436 case STATE_COLLECTION:
438 Id collhandle = repodata_new_handle(pd->data);
440 for (i = 0; i < pd->collectionq.count; i += 2)
441 repodata_add_flexarray(pd->data, collhandle, pd->collectionq.elements[i], pd->collectionq.elements[i + 1]);
442 repodata_add_flexarray(pd->data, pd->handle, UPDATE_COLLECTIONLIST, collhandle);
443 queue_empty(&pd->collectionq);
448 repodata_add_flexarray(pd->data, pd->handle, UPDATE_COLLECTION, pd->pkghandle);
449 queue_push2(&pd->collectionq, UPDATE_COLLECTION, pd->pkghandle);
453 /* <filename>libntlm-0.4.2-1.fc8.x86_64.rpm</filename> */
454 /* <filename>libntlm-0.4.2-1.fc8.x86_64.rpm</filename> */
456 repodata_set_str(pd->data, pd->pkghandle, UPDATE_COLLECTION_FILENAME, content);
459 /* <reboot_suggested>True</reboot_suggested> */
461 if (content[0] == 'T' || content[0] == 't'|| content[0] == '1')
463 /* FIXME: this is per-package, the global flag should be computed at runtime */
464 repodata_set_void(pd->data, pd->handle, UPDATE_REBOOT);
465 repodata_set_void(pd->data, pd->pkghandle, UPDATE_REBOOT);
469 /* <restart_suggested>True</restart_suggested> */
471 if (content[0] == 'T' || content[0] == 't'|| content[0] == '1')
473 /* FIXME: this is per-package, the global flag should be computed at runtime */
474 repodata_set_void(pd->data, pd->handle, UPDATE_RESTART);
475 repodata_set_void(pd->data, pd->pkghandle, UPDATE_RESTART);
479 /* <relogin_suggested>True</relogin_suggested> */
481 if (content[0] == 'T' || content[0] == 't'|| content[0] == '1')
483 /* FIXME: this is per-package, the global flag should be computed at runtime */
484 repodata_set_void(pd->data, pd->handle, UPDATE_RELOGIN);
485 repodata_set_void(pd->data, pd->pkghandle, UPDATE_RELOGIN);
494 repo_add_updateinfoxml(Repo *repo, FILE *fp, int flags)
496 Pool *pool = repo->pool;
500 data = repo_add_repodata(repo, flags);
502 memset(&pd, 0, sizeof(pd));
506 queue_init(&pd.collectionq);
507 solv_xmlparser_init(&pd.xmlp, stateswitches, &pd, startElement, endElement);
508 if (solv_xmlparser_parse(&pd.xmlp, fp) != SOLV_XMLPARSER_OK)
509 pd.ret = pool_error(pool, -1, "repo_updateinfoxml: %s at line %u:%u", pd.xmlp.errstr, pd.xmlp.line, pd.xmlp.column);
510 solv_xmlparser_free(&pd.xmlp);
511 join_freemem(&pd.jd);
512 queue_free(&pd.collectionq);
514 if (!(flags & REPO_NO_INTERNALIZE))
515 repodata_internalize(data);
522 repo_mark_retracted_packages_cmp(const void *ap, const void *bp, void *dp)
537 repo_mark_retracted_packages(Repo *repo, Id retractedmarker)
539 Pool *pool = repo->pool;
543 Id retractedname, retractedevr;
547 FOR_REPO_SOLVABLES(repo, p, s)
550 s = pool->solvables + p;
551 if (strncmp(pool_id2str(pool, s->name), "patch:", 6) != 0)
553 if (s->arch == ARCH_SRC || s->arch == ARCH_NOSRC)
555 queue_push2(&q, p, s->name);
556 queue_push2(&q, s->evr, s->arch);
559 status = solvable_lookup_str(s, UPDATE_STATUS);
560 if (!status || strcmp(status, "retracted") != 0)
564 conp = s->repo->idarraydata + s->conflicts;
565 while ((con = *conp++) != 0)
571 rd = GETRELDEP(pool, con);
572 if (rd->flags != REL_LT)
579 rd = GETRELDEP(pool, name);
581 if (rd->flags == REL_ARCH)
584 queue_push2(&q, 0, name);
585 queue_push2(&q, evr, arch);
589 solv_sort(q.elements, q.count / 4, sizeof(Id) * 4, repo_mark_retracted_packages_cmp, repo->pool);
590 retractedname = retractedevr = 0;
591 for (i = 0; i < q.count; i += 4)
595 retractedname = q.elements[i + 1];
596 retractedevr = q.elements[i + 2];
598 else if (q.elements[i + 1] == retractedname && q.elements[i + 2] == retractedevr)
600 s = pool->solvables + q.elements[i];
601 s->provides = repo_addid_dep(s->repo, s->provides, retractedmarker, 0);
projects / platform / upstream / libsolv.git / blob