From patchwork Sat Mar 2 10:19:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Allan McRae X-Patchwork-Id: 1015 Return-Path: Delivered-To: patchwork@archlinux.org Received: from apollo.archlinux.org (localhost [127.0.0.1]) by apollo.archlinux.org (Postfix) with ESMTP id 6ADF5C0937BA for ; Sat, 2 Mar 2019 10:19:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on apollo X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00=-1, DKIMWL_WL_HIGH=-0.001,DKIM_SIGNED=0.1,DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_MED=-2.3, T_DMARC_POLICY_NONE=0.01 autolearn=ham autolearn_force=no version=3.4.2 X-Spam-BL-Results: [127.0.9.2] Received: from orion.archlinux.org (orion.archlinux.org [IPv6:2a01:4f8:160:6087::1]) by apollo.archlinux.org (Postfix) with ESMTPS for ; Sat, 2 Mar 2019 10:19:41 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id AEC0E10FB9E1A6; Sat, 2 Mar 2019 10:19:39 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [IPv6:2a01:4f8:160:3033::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by orion.archlinux.org (Postfix) with ESMTPS; Sat, 2 Mar 2019 10:19:39 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 7C89F2D4F6; Sat, 2 Mar 2019 10:19:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=luna2; t=1551521979; bh=3LwSoSeMxAn0/lw9nlkiBxUCt8lOBgSgmqrRrx10bw4=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=gknxxca6Qf1C3A5NqqhjdorUkg80eRsksCaIaWpnxe2Ot08yelYTy1idliL+UQgiN lQzezfItk+wnjg7ZvwQQx6KlCadCq7HoMclswEUQ5M42XgzC+S1rk+ps7pLOgZ73nG 9OjARE9ISVkQzQCO5dAlYfNAQK8qhtNsCwb3HH6soPncp5SU+vPL1ufLPSe/wQza4l XIOU2PgFGGcziTVMDMqgqC0gSfrRinmLtsgCqLkzYbAfH/LdlKjtDhTZB6j9vtoWz2 9eMMg54GucDKl5BE+KwNqwuPBTdYsNlv3Cm67L5bUVG8jIE7hfg0NoOVEjiEB8tW1T U1UHu+7p3jgLDfQZcjEoxZxJQrr88C8CFOc8W1nuZVkV9ZjXK3IkrlEUzu7GA+QOHg KCV4PG/AMcfT1Zti0zCpuSpkYomO92xTD6XUDjGZ7YRSYe52DcjeY0+u5LFmBipTJ9 7/WvS9t91bdLU38p3ILOAdGveJDsiVSDb0hl1H8hTJdj0DwazE4vB3/lcSAElPlugG 6WehIOE3XKwwbCD4zp8qSdHCIq8ghpH6Ya96VB8LQ7zu1jSuUW4uQw/YjQyrfO26iN 3uw0fNjnktXhfEzYdbfYg7IJkTrL5joA4mHAf4wFxj51VWstFRWT63XBmevbdurbVQ iYvH3Ar+1+y9Zse5YerymLsc= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id ADEAF2D4EB for ; Sat, 2 Mar 2019 10:19:35 +0000 (UTC) Received: from orion.archlinux.org (orion.archlinux.org [88.198.91.70]) by luna.archlinux.org (Postfix) with ESMTPS for ; Sat, 2 Mar 2019 10:19:35 +0000 (UTC) Received: from orion.archlinux.org (localhost [127.0.0.1]) by orion.archlinux.org (Postfix) with ESMTP id C351710FB9E199 for ; Sat, 2 Mar 2019 10:19:31 +0000 (UTC) Received: from kamala.localdomain (183.55.148.122.sta.dodo.net.au [122.148.55.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: allan) by orion.archlinux.org (Postfix) with ESMTPSA id 17E2510FB9E198 for ; Sat, 2 Mar 2019 10:19:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org; s=orion; t=1551521971; bh=3LwSoSeMxAn0/lw9nlkiBxUCt8lOBgSgmqrRrx10bw4=; h=From:To:Subject:Date; b=REshm5acimLKI/z2aSwPas2WnfDQwpizC9oWKwpmFNPQTYtvux6Tcc6+1+XJswQrE rMzTEFUzHvmcPqXRFdOFFTvkenztNKYAYrr2uRvRIRz0sYpbRfz6tMw4RaMfQngjUX WAWVJFD2+67a/BoKe1M0QXZscqqUDgsWrHGq5o/MR52fPrLOfRDKTc+4W+dDdfl9Kd au9DeuYeGpKH/Bbrzj5rgZdEhr74nYQdieW3zbSAywnm3WP34MyBjD40ouSbSLxWZX lqPeFLRzCMQEVxFHaoQ28DJwrDMjJP0fnxOQeDCyVPWGb0iKHRvH5RnZmrAovdnDw+ zQ6mcgraGu24M+3OiaHtTl+Y1a5/i7Jcfo/fkR5mapAKRu4IF6uanof5gKAiuXpB2u gcAfdlNewaI/RG6/XCnBXG0WMNwHSqeNCvesV0w2uNVC+ULVvsv+5QegKAwBjFPU4r GMP3tTqV72LPZieQH7z9ytIdHp7ImZURgSCPyuG/+0r8fGQpcheVPbhc3Gyc/DcOI1 sjM49v6PvbTP1xdXIIXAAQCMm12jE/N7UzucCNZtvXcqgtZbvnFVNJrbUW6/8JzGk7 /nOjW2BWi/ox92IoHy2vMphgmYTJZHo0EMj1hfWntxUgPtRzyW5rrMRdyVgZKdxwm8 J+0q5TxlwPRRy7QbDuqxJfJY= From: Allan McRae To: pacman-dev@archlinux.org Date: Sat, 2 Mar 2019 20:19:11 +1000 Message-Id: <20190302101916.16011-1-allan@archlinux.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [pacman-dev] [PATCH 0/5][RFC] Die delta, die! X-BeenThere: pacman-dev@archlinux.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion list for pacman development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Discussion list for pacman development Errors-To: pacman-dev-bounces@archlinux.org Sender: "pacman-dev" Deltas are broken. So much so that I would strongly recommend never using a delta from a repo that you did not generate yourself. In short, we call "system(command)", with a command that includes the name of a delta file, and the name of the package file before and after applying the delta. The name of the delta and the package files is controlled by the information in the repo, and could contain a malicious command to be run as root. We could possibly work around this, but it is a very risky piece of code and I believe it would be very hard to fully secure. Instead, I propose to remove delta support completely. Allan McRae (5): Remove delta support from repo-add Remove pkgdelta Remove cleanupdelta Make pacman forget deltas exist Remove support for deltas from libalpm doc/Makefile.am | 2 - doc/index.asciidoc | 1 - doc/meson.build | 1 - doc/pacman.conf.5.asciidoc | 8 - doc/pkgdelta.8.asciidoc | 53 ------ doc/repo-add.8.asciidoc | 22 +-- lib/libalpm/Makefile.am | 1 - lib/libalpm/alpm.h | 53 ------ lib/libalpm/be_sync.c | 21 +-- lib/libalpm/delta.c | 361 ------------------------------------- lib/libalpm/delta.h | 33 ---- lib/libalpm/error.c | 5 - lib/libalpm/handle.c | 20 -- lib/libalpm/handle.h | 5 - lib/libalpm/meson.build | 1 - lib/libalpm/package.c | 14 -- lib/libalpm/package.h | 2 - lib/libalpm/po/POTFILES.in | 1 - lib/libalpm/sync.c | 207 +-------------------- meson.build | 8 - scripts/.gitignore | 1 - scripts/Makefile.am | 3 - scripts/meson.build | 1 - scripts/pkgdelta.sh.in | 234 ------------------------ scripts/po/POTFILES.in | 1 - scripts/repo-add.sh.in | 168 +---------------- src/pacman/callback.c | 19 -- src/pacman/conf.c | 25 --- src/pacman/conf.h | 1 - src/pacman/pacman-conf.c | 13 -- src/pacman/po/POTFILES.in | 1 - src/pacman/sync.c | 5 +- src/util/.gitignore | 2 - src/util/Makefile.am | 5 +- src/util/cleanupdelta.c | 135 -------------- src/util/meson.build | 1 - 36 files changed, 27 insertions(+), 1407 deletions(-) delete mode 100644 doc/pkgdelta.8.asciidoc delete mode 100644 lib/libalpm/delta.c delete mode 100644 lib/libalpm/delta.h delete mode 100644 scripts/pkgdelta.sh.in delete mode 100644 src/util/cleanupdelta.c