Panu Matilainen [Mon, 7 Apr 2008 10:02:18 +0000 (13:02 +0300)]
Remove static print buffer from pgpHexStr, return malloc'ed memory instead
- inlined to get xmalloc() from system.h for consistent malloc fail behavior
- convert callers for new behavior, apart from some debug fprintf()'s
Panu Matilainen [Mon, 7 Apr 2008 09:35:37 +0000 (12:35 +0300)]
argvPrint() doesn't modify argv, make it const
Panu Matilainen [Mon, 7 Apr 2008 09:34:07 +0000 (12:34 +0300)]
Add ARGI_const_t, use where appropriate
Panu Matilainen [Mon, 7 Apr 2008 09:11:16 +0000 (12:11 +0300)]
ARGV_t const pendantry
- const on typedef'ed ARGV_t doesn't mean a thing, add a new,
(exec* compatible) ARGV_const_t and use where appropriate consistently in
argv.h, rpmcli.h etc
- popt's argv const is the wrong way around for exec() family, add explicit
ARGV_t casts on popGetArgs() uses where needed
- compiler silence, aaahh...
Panu Matilainen [Mon, 7 Apr 2008 06:31:21 +0000 (09:31 +0300)]
Remove ARGstr_t typedef, it serves no purpose
- argv strings are just regular strings, the structure is what's special
Panu Matilainen [Mon, 7 Apr 2008 06:29:06 +0000 (09:29 +0300)]
Remove bogus const from ARGV_t
Panu Matilainen [Mon, 7 Apr 2008 05:25:17 +0000 (08:25 +0300)]
Missing rpmstring.h include
Panu Matilainen [Sun, 6 Apr 2008 16:34:59 +0000 (19:34 +0300)]
Eliminate the uuuuugly and unsafe static tagname buffer
- generate the "human friendly" strings at build time, store into the tag
table structure
- also avoids copying of strings and lowercasing strings at runtime
Panu Matilainen [Sun, 6 Apr 2008 16:18:44 +0000 (19:18 +0300)]
Move the tagtbl.c generator monster awk out of Makefile.am
- stick it into a separate script, reformat so it's possible to actually
read it...
Panu Matilainen [Fri, 4 Apr 2008 14:00:38 +0000 (17:00 +0300)]
Oops, no newline at end of filename please...
Panu Matilainen [Fri, 4 Apr 2008 13:26:55 +0000 (16:26 +0300)]
%{_builddir} is not an url, ever
Panu Matilainen [Fri, 4 Apr 2008 13:23:56 +0000 (16:23 +0300)]
We only ever deal with local, regular files in doUntar()
Panu Matilainen [Fri, 4 Apr 2008 13:21:58 +0000 (16:21 +0300)]
We only ever deal with local, regular files in doPatch()
Panu Matilainen [Fri, 4 Apr 2008 13:08:37 +0000 (16:08 +0300)]
Rip the url-craziness in rpmMkdirPath()
Panu Matilainen [Fri, 4 Apr 2008 13:03:59 +0000 (16:03 +0300)]
Get rid of the horrid zcmd hackery in build
- rpmExpand() with %uncompress macro etc simplifies things a lot
Panu Matilainen [Fri, 4 Apr 2008 12:52:52 +0000 (15:52 +0300)]
Missing decompression arguments for bzip in uncompress macro
Panu Matilainen [Fri, 4 Apr 2008 12:19:28 +0000 (15:19 +0300)]
getcwd(NULL,0) has undefined behavior, use rpmGetCwd() instead
Panu Matilainen [Fri, 4 Apr 2008 11:59:55 +0000 (14:59 +0300)]
Stop pretending spec can be an URL or stdin, neither works
- simplifies buildForTarget() somewhat
- while at it, eliminate remaining unsafe string operations
Jindrich Novy [Fri, 4 Apr 2008 11:48:02 +0000 (13:48 +0200)]
Escape '%' in format
Panu Matilainen [Fri, 4 Apr 2008 11:33:45 +0000 (14:33 +0300)]
Wait for popen() to finish before passing to isSpecFile()
Panu Matilainen [Fri, 4 Apr 2008 10:52:59 +0000 (13:52 +0300)]
Move spec extraction from tarball out of buildForTarget(), simplify
- use basename() and dirname() instead of manual pointer manipulation games
- static buffer only used for reading tar output, sizes checked
Panu Matilainen [Fri, 4 Apr 2008 09:12:29 +0000 (12:12 +0300)]
Oops, add --wildcards back to spec extraction
- shouldn't really have to hardcode such stuff but...
Jindrich Novy [Fri, 4 Apr 2008 11:17:53 +0000 (13:17 +0200)]
Simplify formatting
Jindrich Novy [Fri, 4 Apr 2008 11:01:50 +0000 (13:01 +0200)]
Simplify package comparison and format creation.
- also avoid static buffer usage
Panu Matilainen [Fri, 4 Apr 2008 09:06:06 +0000 (12:06 +0300)]
Assume failure in buildForTarget() to remove redundancy
Panu Matilainen [Fri, 4 Apr 2008 08:54:21 +0000 (11:54 +0300)]
Refactor spec extraction on tar build to address several issues
- simplify the code
- use %{__tar} instead of tar as the extraction command
- avoid sprintf to "big enough" buffer
- basic spec sanity check while extracting, fixes rhbz#281391
Panu Matilainen [Fri, 4 Apr 2008 08:53:07 +0000 (11:53 +0300)]
Spec of size zero cannot be a valid spec file
Panu Matilainen [Fri, 4 Apr 2008 06:55:30 +0000 (09:55 +0300)]
Remove copy-paste currentDirectory() from sqlite, use rpmGetCwd()
Panu Matilainen [Fri, 4 Apr 2008 06:53:17 +0000 (09:53 +0300)]
Rename currentDirectory() to rpmGetCwd() and move to librpmio
Panu Matilainen [Thu, 3 Apr 2008 17:48:17 +0000 (20:48 +0300)]
We don't support url's in db paths, rip.
- file:// vs / is silly and anything else wont work, so pretending
url support just plain bogus
Panu Matilainen [Thu, 3 Apr 2008 16:44:49 +0000 (19:44 +0300)]
Replace silly static rpmioFileExists() in rpmdb.c with plain old access()
- accepting url's there is not only useless but just plain bogus
Panu Matilainen [Thu, 3 Apr 2008 16:28:37 +0000 (19:28 +0300)]
Remove ancient db1->db3 conversion cruft
Jindrich Novy [Thu, 3 Apr 2008 11:47:05 +0000 (13:47 +0200)]
Don't use static buffers in parseForRegexLang()
- use dynamic allocation instead to avoid overflows
- also update addFile(), which is actually the only function
that calls parseForRegexLang()
Panu Matilainen [Thu, 3 Apr 2008 10:17:57 +0000 (13:17 +0300)]
Lose the remaining static buffer from rpmVerifySignatures()
- Simple and stupid: catenate previous buffer + latest message
with rasprintf() over and over again. Not the most efficient way but hardly
matters here...
Panu Matilainen [Thu, 3 Apr 2008 09:53:11 +0000 (12:53 +0300)]
Typo...
Panu Matilainen [Thu, 3 Apr 2008 09:46:33 +0000 (12:46 +0300)]
Refactor signature check results formatting
- Document what it's supposed to do, should be more obvious from the
code too now.
- Remove one level of stpcpy's to static buffer.
- Simplify the theoretical case where many missing/untrusted keys are
found (this shouldn't happen in practise ever) by only showing last of them
Panu Matilainen [Thu, 3 Apr 2008 06:59:46 +0000 (09:59 +0300)]
Enable stack protector by default if gcc supports it
Panu Matilainen [Thu, 3 Apr 2008 05:37:20 +0000 (08:37 +0300)]
Remove unnecessary check for "keyid:" in result
- nothing in signature.c emits such string
Panu Matilainen [Thu, 3 Apr 2008 05:07:00 +0000 (08:07 +0300)]
Start eliminating static buffers from header/signature checks
- Push msg buffer allocations down to the lowlevel rpmVerifySignature() and
internal verify*Signature functions, nothing above them knows how much
memory they need for messages. Use rasprintf() where obvious,
stupid malloc(bigenuf) for now otherwise.
- Changes public API but can't be helped, printing to an unchecked buffer(s)
of unknown size from one of the more security sensitive pieces is just
.. not ok
- Minimally convert callers to the new allocation scheme
Jindrich Novy [Wed, 2 Apr 2008 16:14:47 +0000 (18:14 +0200)]
Simplify message key creation in i18nTag()
Panu Matilainen [Thu, 3 Apr 2008 05:04:22 +0000 (08:04 +0300)]
Shut up a few silly compiler warnings that have crept in
- missing cast in python header subscript
- (false) warning about uninitialized variable, unused variable in rpmfc
- missing include in rpmio
Panu Matilainen [Wed, 2 Apr 2008 13:52:44 +0000 (16:52 +0300)]
Further streamline / simplify rpmVerifySignatures()
- Use more meaningful variable names than res2 and res3
- In verbose mode we just dump whatever rpmVerifySignature() returns,
error or not. Otherwise the output depends on the result. Make this
obvious in the code.
Panu Matilainen [Wed, 2 Apr 2008 13:30:21 +0000 (16:30 +0300)]
Make signature verification result not depend on rpm verbosity level, ick
Panu Matilainen [Wed, 2 Apr 2008 12:42:21 +0000 (15:42 +0300)]
Further redundancy / copy-paste coding elimination
Panu Matilainen [Wed, 2 Apr 2008 12:36:00 +0000 (15:36 +0300)]
Collapse the huge sigtag switch in rpmVerifySignatures() a bit
- move the tag names from a helper functions
- collapse similar cases to just one
Panu Matilainen [Wed, 2 Apr 2008 12:02:31 +0000 (15:02 +0300)]
Simplify missing/untrusted keys logging
Panu Matilainen [Wed, 2 Apr 2008 11:25:51 +0000 (14:25 +0300)]
Revert "Disable signature and digest checks on query modes (rhbz#438625)"
This reverts commit
5a684f5527bc7f32fca9ba7878802519bb515e93.
All the sigchecking on database queries is mostly waste of time, but
this disables signature checks on queries of non-installed, untrusted
packages too. Separate vsflags for db / non-db operations or such needed
before this can change.
Jindrich Novy [Tue, 1 Apr 2008 14:37:42 +0000 (16:37 +0200)]
Fix off-by one in urlOpen()
- the former implementation didn't take the ending '\0' into account
Panu Matilainen [Tue, 1 Apr 2008 12:40:07 +0000 (15:40 +0300)]
Updated German translation from Fabian Affolter
Panu Matilainen [Tue, 1 Apr 2008 10:35:16 +0000 (13:35 +0300)]
Enhance error message on failed ts lock acquire (rhbz#427064)
- adds strerror() output to the failure log message, this should give
sufficient hint as to what's wrong (eg "permission denied")
Panu Matilainen [Tue, 1 Apr 2008 10:32:57 +0000 (13:32 +0300)]
Convert rpmlock.c to general rpm indentation style
Panu Matilainen [Mon, 31 Mar 2008 14:06:47 +0000 (17:06 +0300)]
Avoid entirely unnecessary static buffer + string copy.
Jindrich Novy [Mon, 31 Mar 2008 12:13:59 +0000 (14:13 +0200)]
Make ExcludeArch/ExclusiveArch/ExcludeOS/ExclusiveOS actually work
Panu Matilainen [Mon, 31 Mar 2008 10:31:03 +0000 (13:31 +0300)]
Avoid static sprintf buffer in rpmReadHeader()
Panu Matilainen [Mon, 31 Mar 2008 10:12:29 +0000 (13:12 +0300)]
Avoid static buffer for error messages in rpmReadSignature()
Panu Matilainen [Mon, 31 Mar 2008 09:07:37 +0000 (12:07 +0300)]
Make rpmLeadCheck() return error msg instead of direct logging
- allows silent checking of lead and differentiating between
non-rpm files and incompatible rpms, avoiding bogus "not an rpm package"
message on manifests
Panu Matilainen [Mon, 31 Mar 2008 07:44:23 +0000 (10:44 +0300)]
Dead code removal (macro stuff)
Panu Matilainen [Mon, 31 Mar 2008 07:41:07 +0000 (10:41 +0300)]
Dead code removal (popt switches)
Panu Matilainen [Mon, 31 Mar 2008 06:56:24 +0000 (09:56 +0300)]
Simplify rpmdsThis() code
- use rasprintf() to construct [e:]v-r string instead of stpcpy games
- use str2hge() for N + EVR
Panu Matilainen [Mon, 31 Mar 2008 06:25:18 +0000 (09:25 +0300)]
Copy N + EVR into ds in rpmdsSingle() instead of just referring
- previously a ds created by rpmdsSingle() would turn invalid as soon as
the N and EVR strings were freed by caller (or went out of scope), ick
- convert the N + EVR strings passed to rpmdsSingle() to similar construct
as is returned by headerGetEntry so headerFreeData will free both the
pointers + contents.
Panu Matilainen [Mon, 31 Mar 2008 05:42:33 +0000 (08:42 +0300)]
Bunch of formatting & indentation fixes to rpmds
Panu Matilainen [Sat, 29 Mar 2008 13:22:45 +0000 (15:22 +0200)]
Fixup for rpmfcSaveArg() no longer freeing key
Jindrich Novy [Sat, 29 Mar 2008 10:18:30 +0000 (11:18 +0100)]
Don't use static buffer ptr as return value in doUntar()
Jindrich Novy [Fri, 28 Mar 2008 16:49:56 +0000 (17:49 +0100)]
Don't use static buffer in rpmfcELF(), make code more comprehensive
Jindrich Novy [Fri, 28 Mar 2008 16:21:47 +0000 (17:21 +0100)]
Remove unneeded buffer operations
Jindrich Novy [Fri, 28 Mar 2008 15:15:48 +0000 (16:15 +0100)]
Add rpmfcAddFileDep() to handle file dependencies securely
Panu Matilainen [Wed, 26 Mar 2008 14:32:30 +0000 (16:32 +0200)]
Simplify changelog entry additions
Jindrich Novy [Wed, 26 Mar 2008 10:52:07 +0000 (11:52 +0100)]
Remove unneeded free()
Jindrich Novy [Wed, 26 Mar 2008 08:21:30 +0000 (09:21 +0100)]
Use rasprintf() in rpmfcHelper() and rpmfcGenerateDepends()
Jindrich Novy [Tue, 25 Mar 2008 14:21:47 +0000 (15:21 +0100)]
Don't use static buffers to communicate between funcs, avoid buffer overflows.
Jindrich Novy [Tue, 25 Mar 2008 13:57:37 +0000 (14:57 +0100)]
Use rasprintf() for NVR construction to remove BUFSIZ limit.
Jindrich Novy [Tue, 25 Mar 2008 12:54:36 +0000 (13:54 +0100)]
Avoid artificial limits on tag name.
Panu Matilainen [Tue, 25 Mar 2008 05:49:47 +0000 (07:49 +0200)]
Disable signature and digest checks on query modes (rhbz#438625)
Panu Matilainen [Mon, 24 Mar 2008 21:58:43 +0000 (23:58 +0200)]
Avoid couple of static buffers in psm script functions
Panu Matilainen [Mon, 24 Mar 2008 21:47:41 +0000 (23:47 +0200)]
Avoid static buffer for sql commands
Panu Matilainen [Mon, 24 Mar 2008 20:42:34 +0000 (22:42 +0200)]
Remove bogus const from rpmRelocation struct
Panu Matilainen [Mon, 24 Mar 2008 20:25:26 +0000 (22:25 +0200)]
Remove bogus consts from rpmte_s
Panu Matilainen [Mon, 24 Mar 2008 20:23:01 +0000 (22:23 +0200)]
Revert rpmhash changes from previous commit
- rpmhash key + data actually sometimes point to const data.. pff
Panu Matilainen [Mon, 24 Mar 2008 20:13:45 +0000 (22:13 +0200)]
Remove bogus consts from rpmdb and dbi structs
Panu Matilainen [Mon, 24 Mar 2008 19:05:05 +0000 (21:05 +0200)]
Remove bogus consts from pgpDigParams_s structure
Panu Matilainen [Mon, 24 Mar 2008 18:44:48 +0000 (20:44 +0200)]
Remove bogus consts from urlinfo_s structure
Panu Matilainen [Mon, 24 Mar 2008 17:03:20 +0000 (19:03 +0200)]
Eliminate bogus const's from spec structure
Panu Matilainen [Mon, 24 Mar 2008 17:03:00 +0000 (19:03 +0200)]
Eliminate bogus const's from OFI_t and spectags structs
Panu Matilainen [Mon, 24 Mar 2008 17:02:44 +0000 (19:02 +0200)]
Eliminate bogus const from expression value
Panu Matilainen [Mon, 24 Mar 2008 17:01:29 +0000 (19:01 +0200)]
Use regular stream functions instead of rpmio in spec sanity check
Panu Matilainen [Mon, 24 Mar 2008 17:01:12 +0000 (19:01 +0200)]
Eliminate wtf pointer games with rpmGetPath result.
Panu Matilainen [Mon, 24 Mar 2008 17:00:48 +0000 (19:00 +0200)]
Avoid entirely silly rpmio use in addFileToTagAux()
Jindrich Novy [Sun, 23 Mar 2008 12:51:53 +0000 (13:51 +0100)]
Fix buffer overflow while creating patch script, avoid fixed sized buffers.
Jindrich Novy [Sun, 23 Mar 2008 12:50:07 +0000 (13:50 +0100)]
Use rasprintf() to prevent overflows and remove BUFSIZ buffer limit.
Jindrich Novy [Sun, 23 Mar 2008 12:48:49 +0000 (13:48 +0100)]
Fix writeRPM, use dynamic allocation, remove bogus const.
Panu Matilainen [Thu, 20 Mar 2008 08:59:17 +0000 (10:59 +0200)]
Adjust maintainer makefile for hg -> git switchover
Panu Matilainen [Wed, 19 Mar 2008 07:30:33 +0000 (09:30 +0200)]
Remove bunch of double consts. What have I've been thinking?
Panu Matilainen [Tue, 18 Mar 2008 11:22:15 +0000 (13:22 +0200)]
Erm, off-by-one in rasprintf()
- should probably change the comment to "simple, stupid and buggy" ;)
Panu Matilainen [Tue, 18 Mar 2008 08:28:57 +0000 (10:28 +0200)]
Bump up sonames, we're not exactly ABI compatible with 4.4 anymore..
Panu Matilainen [Tue, 18 Mar 2008 08:18:08 +0000 (10:18 +0200)]
Use rasprintf() in rpmps to properly fix mdvbz#31680
Panu Matilainen [Tue, 18 Mar 2008 08:17:03 +0000 (10:17 +0200)]
Add custom asprintf() clone to rpmstring
Panu Matilainen [Tue, 18 Mar 2008 07:10:13 +0000 (09:10 +0200)]
Minimal namespacing for locale-insensitive x*() string functions
Panu Matilainen [Tue, 18 Mar 2008 06:55:05 +0000 (08:55 +0200)]
More xstr[n]casecmp to rpmstring along the other string-stuff...
Panu Matilainen [Mon, 17 Mar 2008 14:03:51 +0000 (16:03 +0200)]
Refactor running of pre/post scriptlets out of rpmtsRun()
Panu Matilainen [Mon, 17 Mar 2008 13:48:25 +0000 (15:48 +0200)]
Add missing popt include