git.openwrt.org Git - project/opkg-lede.git/log

libopkg: fix md5sum calculation

This regression prevents MD5 checksums from being checked. Packages are
still installed, but this raises several issues:

- if only MD5 checksums are provided in the package list, it is trivial
  for an attacker to modify the content of a package, since checksum
  verification is bypassed. If both MD5 and SHA256 checksums are
  provided, then SHA256 is correctly verified and the attack is not
  possible.

- future efforts to harden checksum verification would prevent package
  installation.

Note that OpenWrt has switched to SHA256 for all its packages several
years ago. As a result, this bug does not affect OpenWrt packages from the
official package feeds.

However, custom package repositories that only use MD5 are affected.

Initially submitted at https://github.com/openwrt/openwrt/pull/3087

Fixes: 33f7b80aa325 ("libopkg: drop custom md5 implementation,
unconditionally enable sha256 support")

Signed-off-by: Alexander Ryzhov <github@ryzhov-al.ru>
[Add commit description]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 66f458decf9fd2839d77bf420e93d9c78025488a)

opkg_verify_integrity: better logging and error conditions

The function now always returns an error if size/checksum don't match: we
let the caller decide what to do with the result.

In addition, most of the logging is also moved to the caller. We just
keep logging for unexpected errors and a bit of debug at loglevel INFO.

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 61b3c62d1c0dbbdcee2d67f56fb112f0af80527a)

download: purge cached packages that have incorrect checksum

Before using a package from the cache, verify its size and checksum
against a package index, and delete the package from the cache if they
don't match.  The install process will then proceed to download the
"fixed" package as usual.

This allows to cope with remote packages that are rebuilt while keeping
the same version number as packages in the local cache.  With this change,
any outdated package in the local cache will be purged and the new version
will be downloaded instead.

This is mostly useful when running opkg on the host (e.g. in the
imagebuilder).  When running on a device, no cache is configured by
default, so this change does nothing in that case.

Fixes: FS#2690
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit f73d42f0e951e71eae12ecac29b75b05ac543f5e)

download: factor out the logic for building cache filenames

If we want to access files in the cache from multiple functions, it is
necessary to have a single source of truth regarding the naming of files
in the cache.

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 1c1480e573fc6b4c5f9c51bf225c32456672e5f8)

libopkg: factor out checksum and size verification

This is a sizeable chunk of code that be can pretty well isolated in its
own function.

This refactoring will be necessary for an upcoming feature in which
opkg_download_pkg() will need to verify the checksum of packages in the
cache. This is the reason why the new function is located in
`opkg_download.c`.

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 293b1cef8b5a6de64d3fec87c01729b64006713a)

download: remove compatibility with old cache naming scheme

A long time ago, the name of cached files was derived from the source URL.
This was changed in 2011 with d46db43e21 ("Don't include the source URI in
the cached filename.")

Some compatibility code was left behind: even today, we are still trying
to read from the old filename. The goal of this compatibility code was to
account for existing caches that still had files with the old naming
scheme.

More than 9 years later, it is safe to remove this compatibility code.
It simplifies the download code and avoids a useless disk access.

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit a786e25f5cbcb9372864a4edf12b7e80774c4514)

libopkg: implement lightweight package listing logic

Instead of building a complete package dependency tree internally, use a
lightweight list data structure to gather and sort package names, version and
descriptions.

This reduced the "opkg list" memory footprint on x86/64 from ~8MB to ~1.5MB.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: support passing callbacks to feed parsing functions

Extend pkg_hash_add_from_file(), pkg_hash_load_feeds() and
pkg_hash_load_status_files() to accept a per-package callback
function andan associated userdata pointer.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg-cl: don't read feeds on opkg update

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: use xsystem() to spawn opkg-key

Instead of the custom fork()/exec() implementation, use the existing
xsystem() helper function which provides a number of benefits:

- It readily provides error reporting in case the execution fails
- It has a simpler api
- It uses vfork() internally which avoids the need to copy pages

This likely fixes https://bugs.openwrt.org/index.php?do=details&task_id=2734.

Fixes: 71f02a3 ("libopkg: add support for signature checking through usign")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

file_util.c: refactor and fix checksum_hex2bin()

- Simplify function body by reducing the amount of intermediate vars
- Derive length checks from the size of the buf
- Replace complex for(;;) by a simple while() advancing the src string
- Handle edge case of a zero length input not returning NULL

Fixes: c09fe20 ("libopkg: fix skipping of leading whitespace when parsing checksums")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

file_util.c: fix possible bad memory access in file_read_line_alloc()

In the case of a zero length string being returned by fgets(), the condition
checking for a trailing new line would perform a bad memory access outside
of `buf`. This might happen when line with a leading null byte is read.

Avoid this case by checking that the string has a length of at least one
byte. Also change the unsigned int types to size_t to store length values
while we're at it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: fix skipping of leading whitespace when parsing checksums

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg: Fix -Wformat-overflow warning

A null pointer is being passed to printf. This can lead to problems.

Fixes warning:

error: '%s' directive argument is null [-Werror=format-overflow=]
   41 |    opkg_message(l, "%s: "fmt, __FUNCTION__, ##args); \
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
note: in expansion of macro 'opkg_msg'
   45 |  opkg_msg(l, fmt": %s.\n", ##args, strerror(errno))
      |  ^~~~~~~~
note: in expansion of macro 'opkg_perror'
  247 |   opkg_perror(ERROR, "Failed to create temporary directory '%s'",

Signed-off-by: Rosen Penev <rosenp@gmail.com>

alternatives: remove duplicate 'const' specifier

To quash warnings from GCC 7.

/home/yunion/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/linux-malta_be/opkg-2019-06-14-21b7bd73/libopkg/pkg_alternatives.c:35:42: warning: duplicate 'const' declaration specifier [-Wduplicate-decl-specifier]
static const struct alternative_provider const providers[] = {
^~~~~

Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>

alternatives: special-case busybox as alternatives provider

Almost all busybox applets are alternatives to some other existing
"full" utilities. To lift the maintenance burden of enumerating CONFIG
symbols, symlink path of each applet, we special case busybox here as a
known alternatives provider.

All file pathes provided by busybox will serve as fallback alternatives
with -inf priority. Packages intending to switch to using alternatives
mechanism will also not need to depend on the same kind of change be
applied on busybox in base system

v3 <- v2 continue to next when fetching provider pkg failed
v2 <- v1 Move busybox-specific part into data section

Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>

libopkg: only perform size check when information is available

Fixes: cb66403 ("libopkg: check for file size mismatches")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: check for file size mismatches

Reject package files whose file size deviates from the size specified
in the package index in order to complicate producing hash collisions.

Ref: https://groups.google.com/d/msg/opkg-devel/o4kiGQMvkiw/hu0TVv59DgAJ
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Revert "libopkg: accept alternative notation for "Replaces" control field"

This reverts commit 1504d35f123980bf322df99fb434f6fda6e3ecd2.

We won't use Replaces: for the repo ABI_VERSION tracking after all, so
drop this hack before it becomes another liability.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Revert "libopkg: check installed reverse dependencies upon install/upgrade"

This reverts commit 89fe77cb119a24f728088320d66d51250a1f02ab.

After spending further thoughts on this I think this makes no sense at all
and such situations should be avoided on the repo level instead by don't
providing incompatible packages having an identical name.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: accept alternative notation for "Replaces" control field

The presence of a "Replaces:" tag in any package feed list will cause
opkg prior to "d217daf libopkg: fix replacelist parsing and writing"
to segfault while parsing such a list.

Add a hack which lets opkg recognize a "Replace2" field and handle
it identically to "Replaces".

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: fix replacelist parsing and writing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: fix segmentation fault when traversing conflicts

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: check installed reverse dependencies upon install/upgrade

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: consider provided packages in pkg_vec_mark_if_matches()

Also consider the list of provided abstract packages when testing the
package vector for name matches. This fixes the "opkg whatdepends"
command with abstract provided package arguments.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_download: print error when fork() fails

Instead of silently failing and claiming that the signature verification
failed, print out the error status when the initial fork() call fails.

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1999
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: don't print unresolved dependencies twice

Sometimes opkg ends up reporting unresolved dependencies multiple
times while also missing a newline between consecutive error lines,
making the error message output looking garbled and confusing.

Add some logic to skip repeated unresolved dependencies and ensure
that message lines are properly terminated by newlines.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_download: decode file:/ URLs

Opkg might receive percent-encoded file:/ URLs from various sources,
e.g. local package lists, user-supplied command line arguments etc.

In order to support such URLs, decode the path component before
trying to invoke file operations on it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

file_util: implement urldecode_path()

Introduce a new urldecode_path() helper to resolve percent-encoded URL
portions back into the original binary form.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

file_util: consolidate hex/unhex routines

Consolidate the various copies of the bin2hex table into one global variant
and replace the broken hex() define with a static helper function to prevent
accidential multiple expression evaluation.

This also fixes bug when converting hexadecimal checksums into binary forms
where the letters a..f/A..F where incorrectly converted into 0..5 instead
of 10..15 .

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

add opkg option http_timeout

http_timeout will append `--timeout xy` to the resulting wget
call. This is useful when using opkg update in a automatic
way and prevent long timeouts

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

opkg: encode archive filenames while constructing download URLs

Various web servers, namely Amazon S3 ones, have problems handling requests
to URLs with a literal "+" in the path component.

According to the RFC 3986 "+" is a reserved char and its purpose is
delimiting. When used in a file name it should be encoded.

Use the new urlencode_path() helper to encode the path component before
constructing the final download URL.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Rafał Miłecki <rafal@milecki.pl>

file_util: implement urlencode_path() helper

Introduce a helper function urlencode_path() which can be used to encode
problematic characters in package file names.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Rafał Miłecki <rafal@milecki.pl>

libopkg: fix SHA256 calculation for big endian system

The SHA256 implementation relied on WORDS_BIGENDIAN being defined for
big endian systems, but this was broken since the switch to cmake,
causing wrong checksums on big endian systems like ar71xx.

Fix this by adding a cmake check for endianess similar to the one done
by the original autotools.

Fixes: e6e6c5a21634 ("build: add cmake build system")
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>

pkg_parse: fix segfault when parsing descriptions with leading newlines

During parsing of multi-line descriptions that begin with a newline
character, the description pointer will be NULL when the first
continuation line is encountered, causing the strlen() invocation
on the description pointer to segfault.

This is caused by the fact that the parse_simple() helper used for
parsing the initial description line returns NULL instead of an
empty string when encountering only whitespace after the field name.

Rework the continuation line parsing code to not assume an initialized
pointer by checking before calling strlen() and avoiding realloc()
on a NULL pointer.

Fixes FS#933.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_alternatives: pass if the desired symlink already exists

This can happen when opkg installs, then configures multiple
alternatives in a batch.  Symlink to the highest prio alternative will
be created in the initial configuring stage causing later symlink call
fail with EEXIST

    Configuring busybox.
    ...
    symlink("/sbin/ip-full", "/home/yousong/j/t/lede-imagebuilder-mvebu.Linux-x86_64/build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/sbin/ip") = 0
    ...
    Configuring ip-full.
    ...
    symlink("/sbin/ip-full", "/home/yousong/j/t/lede-imagebuilder-mvebu.Linux-x86_64/build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/root-mvebu/sbin/ip") = -1 EEXIST (File exists)
    ...

While at it, "mkdir -p" dirname(path_in_dest) before symlink in case the
following symlink call may fail with ENOENT

Ref: https://github.com/openwrt/packages/issues/4567
Reported-by: Aner Andros <aa@anerandros.info>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

opkg: add --no-check-certificate argument

For cases when artifacts are stored on https:// accessible
locations and you don't want to install ca-certificates
(for various reasons).

I'll admit, using SSL like this is not recommended,
but since wget (even uclient-fetch) allows the
--no-check-certificate option, it would be nice
for opkg to support setting it if needed/configured.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

pkg_alternatives: use ERROR level for symlink failure

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

pkg: alternatives support

It's a list of specs of the following form seprated by commas to describe
alternatives provided by the package

    <prio>:<path>:<altpath>

where <path> will be a symbolic link to <altpath> of the highest <prio>

Size comparison on x86_64 after the change

    function                                             old     new   delta
    pkg_alternatives_update                                -     587    +587
    pkg_parse_line                                      2101    2609    +522
    .rodata                                            24594   24738    +144
    pkg_formatted_field                                 2385    2528    +143
    pkg_deinit                                           427     486     +59
    pkg_print_status                                     264     280     +16
    opkg_configure                                        59      69     +10
    xreadlink                                            120     128      +8
    opkg_remove_pkg                                     1079    1087      +8
    ------------------------------------------------------------------------------
    (add/remove: 2/0 grow/shrink: 8/0 up/down: 1483/0)           Total: 1497 bytes

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

libbb: xreadlink: fix memory leak on failure case

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

pkg_run_script: use pkg->dest in half installed case

Fixes running scripts for packages in half-installed state which would
otherwise fail with:

* pkg_run_script: Internal error: ... has a NULL tmp_unpack_dir.
* opkg_remove_pkg: not removing package "...", prerm script failed

Upstream bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=11245

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
[Jo-Philipp Wich: rebased onto opkg-lede, updated commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

check_data_file_clashes_change: remove duplicated offline root in paths

The function check_data_file_clashes_change update the ownership of
files that belong to a package being replaced. It calls
pkg_get_installed_files then adds an offline root if
opkg_conf->offline_root to each path. However, pkg_get_installed_files
already returns paths with the offline root (if present).

This fixes issue 156.

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

buildReplaces: do not add duplicated replacees

If package A both replaces and conflicts package B, it is added
unconditionally to the replaced_by vector of package B. Add check to
only add it if it's not there to avoid inaccurate warnings of the type:

Multiple replacers for X, using first one

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

opkg: compare-versions doesn't need any state

compare-versions doesn't need lock files created and databases opened, so don't.

Signed-off-by: Ross Burton <ross.burton@intel.com>

opkg_cmd: fix segmentation fault in opkg_compare_versions_cmd()

Due to the fact that we're using blob buffers internally now we cannot simpyl
call parse_version() on an uninitialized struct.

Properly create the temporary packages using pkg_new() and deallocated them
using pkg_deinit() and free().

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_cmd: fix return of opkg compare-versions

The implementation of opkg compare-version was simply returning the return value
of pkg_version_satisfied(), which returns a boolean. This results in inverted
logic in that:

$ opkg compare-version 1.0 == 1.0 || echo different
different

That's clearly not right. As nobody had noticed this before presumably nobody
was actually using this (likely either opkg-compare-version or
opkg-compare-versions.sh) just change the return value so it's correct.

Signed-off-by: Ross Burton <ross.burton@intel.com>

pkg_src_list_push: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

pkg_src_list_pop: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

str_list_push: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

str_list_prev: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

str_list_last: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

conffile_list_pop: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

pkg_dest_list_push: remove unused functions

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

nv_pair_list_prev: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

nv_pair_list_last: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

conffile_list_pop: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

conffile_list_push: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

active_list_sort: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
[Jo-Philipp Wich: remove call from opkg_active_list_test]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

active_list_add_depend: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
[Jo-Philipp Wich: remove call from opkg_active_list_test]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_dependence_satisfied: remove unused function

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

Fix typo in pkg_hash_fetch_best_installation_candidate.

A (presumed) typo in pkg_hash_fetch_best_installation_candidate caused the
matching_pkgs vec to be sorted twice, instead of sorting matching_apkgs.
This fixes both the call and the API to match what appears to be intended.

Signed-off-by: Michael Hansen <michael.j.hansen@hp.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>

set_flags_from_control: remove function

During installs, install_data_files calls set_flags_from_control to
capture the case where fields, such as "Essential", are present in the
package control file but are missing on the Packages file. This
operation is expensive (re-parses the control file) and is catering to a
case that should not be supported on the first place.

Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
[Jo-Philipp Wich: remove function prototype as well]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_active_list_test: mark functions static, swap strcmp() with memcmp()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg_test: mark functions static, remove unused opkg_test()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_parse: fix bad message level for opkg_msg() call

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_parse: remove unused variable in pkg_parse_line()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_parse: remove const requirement from pkg_parse_line()

To simplify parsing we'd like to be able to modify the passed line buffer
inplace, so remove the const requirement from the pkg_parse_line() argument.

Convert pkg_parse_line's sole user accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_hash: remove unused variable in pkg_hash_load_feeds()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_depends: add missing parse_replacelist() prototype

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_utils: add missing header

Include "opkg_utils.h" header file to declare function prototypes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove unused progress parameters from opkg_download()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove unused progress callback

The current opkg_download() implementation completely ignores the passed
progress callback function, so drop this unused code.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove unused variable from opkg_install_package()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libbb: remove unused variables

Remove unused variables from deb_extract() to avoid compiler warnings.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libbb: change gzip_read() buffer argument to void *

Make gzip_read() expect a void * buffer argument to avoid signed vs unsigned
char mismatch warnings.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libbb: fix gzip_thread() warnings

- mark function static
- add missing return statement
- avoid uninitialized use of "len"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg/opkg_cmd.c: more robust PATH handling

preserve semantics of PATH when PATH is not set in environment

error and undefined behavior reported in
https://github.com/openwrt/packages/issues/1922
when PATH not set in environment
(lighttpd executes CGI with empty base env, plus standard CGI env vars)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
[Jo-Philipp Wich: avoid free() on NULL, use default from cmake cache string]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: specify "/bin/sh" instead of "sh"

avoid strange behavior with execvp() when PATH is not set in environment
(in which case confstr(_CS_PATH) should return something reasonable)

reproducable running openwrt 15.05 and 15.05.1 and attempting to install
a software package (e.g. libuuid) via LuCI (prior to openwrt/luci#1048).
(https://github.com/openwrt/luci/pull/1048) libuuid.postinst fails with
status 255 on 15.05 and opkg segfaults in 15.05.1. This probably merits
further exploration.

Originally reported in https://github.com/openwrt/packages/issues/1922

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

unarchive: fix possible segmentation fault in deb_extract()

When a not existing or unreachable file path is passed to deb_extract(),
the wfopen() call fails, causing a jump to the cleanup: label which leads
to a call to gzip_close() on the tar_outer structure.

The tar_outer structure however contains uninitialized memory at this point,
causing gzip_close() to operate on garbage data. Depending on the nature of
the unitialized memory, this might lead to all sorts of issues, e.g. freeing
of not allocated memory or invoking fclose() on garbage pointers.

Solve this problem by initializing the tar_outer and tar_inner structures
right at the declaration.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg: forward "provided_by_hand" flag in pkg_merge()

Due to the fact that we now load status files after preparing the abstract
structures describing the cli specified packages, we need to ensure that the
"provided_by_hand" flag is properly conveyed in pkg_merge(), otherwise the
cli provided package archive might get ignored in favor to a newer version
from feeds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg: mark bit fields in pkg_t unsigned

Qualify the bit field type as unsigned int to ensure that set flags are
interpreted as "1" and not "-1".

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_cmd: avoid null pointer dereference in opkg_what_depends_conflicts_cmd()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

opkg_cmd: fix endless loop in whatprovides/whatreplaces

Fix the loop semantics in opkg_what_provides_replaces_cmd() to properly
advance the package vector pointer.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_depends: propagate virtual provided detail flag to providers

When the provided abstract package (e.g. "px5g" provided by "px5g-mbedtls") is
marked as requiring details, then mark the provider abstract package as well.

This ensures that package info for discrete provider packages is acquired and
retained if the virtual package they provide is being depended upon by another
package requiring details.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

pkg_depends: fix unsatisfied dependency installation order

Unsatisfied dependencies are not being installed in the correct order. The
algorithm is not crawling down the dependency chain first when inserting
unsatisfied dependencies, resulting in a correct installation order only for
the first layer of dependencies.

This patch changes the unsatisfied dependency insertion order to first add leaf
dependencies, then move up the chain. The result is a list of unsatisfied
dependencies ordered most-dependent-first.

An example that resulted in the incorrect installation order was:
  A -> B
  A -> C
  B -> D

Without the fix, a most-dependent-first installation order was not guaranteed
more than one layer deep, resulting in an installation order where B is
incorrectly installed before D:
  B, D, C, A

After the fix, the installation order follows most-dependent first irrespective
of the number of layers:
  D, B, C, A

Signed-off-by: Pieter Smith <pieter.smith@philips.com>
[Jo-Philipp Wich: rebased onto opkg-lede.git]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: fix some overly aggressive line wrapping in pkg_depends.c

Then deeply nested blocks in pkg_depends.c tripped up Lindent, causing it
to perform overly aggressive line wrapping.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove stray printf()

This lone printf() statement was accidentally left in the code during some
previous refactoring session.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: switch to GPL2 SHA256 implementation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: initialize conffile list during status parsing

When parsing conffile information from status files, we need to initialize
the conffile list head upon encountering a "Conffiles:" line, otherwise
parse_conffiles() will ignore all subsequent entries due to a missing list
pointer.

Fixes missing conffile information in /usr/lib/opkg/status on a fresh
installation.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

build: enable usign support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

build: allow to pass version via CMake

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove OpenSSL support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove Curl support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove GPG support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: remove x509 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: drop custom md5 implementation, unconditionally enable sha256 support

Drop custom md5 implementation and switch to the one provided by libubox,
also remove support for enabling/disabling checksum support and always build
it unconditionally.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: fix pkg_set_int(), pkg_get_int()

Fix the return values of pkg_get_int() and pkg_set_int() to properly
convert the pointers from/to integer values.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: properly fix parse_version()

A previous attempt to fix the verison/revision split caused unterminated
strings to get stored in the blob buffer, properly fix this case now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

build: fix handling of string options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

libopkg: do not modify original version string in parse_version()

The parse_version() function might be parsing the version string of another
pkg_t instance so we must not modify it inplace to truncate the revision
part, otherwise we will clobber the original version, leading to failing
comparisations later on.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>