This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The official pacman repository". The branch, master has been updated via b678e002714b732d7ea6a48029ac1a5b285d04e5 (commit) via 57eac093c40b0a54ab5d9f14519b9e44140e0c3d (commit) via 3eec745910bb908717a8b4ed7f5b630a92a5c9eb (commit) via 6dc71926f9b16ebcf11b924941092d6eab204224 (commit) via 6c9b82e72ac067207b1d66a3112485ad8d690f32 (commit) via eda741ae93519bea80af45e01ba7417cc50a4e1b (commit) via 043931ca452f6b231eb5b9b0863329843677bd2a (commit) via e2f00abe26c530a380ef687e50d91e07c6ba57c4 (commit) via 62880d7568649a54b4af1ffd8a61b488cbacdfd3 (commit) via 36474af463d0d8ce758f827d31a378624062b955 (commit) via ae7139adcfa65991c71616e8de7910ff722d4166 (commit) via 44889da5b704483b7ee013ec828ff64b64980de8 (commit) via 6cce517f1a78df885a1574252b3db9886185159d (commit) from dfc532668d4a4182ce196a895fdd5b017b505c6f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b678e002714b732d7ea6a48029ac1a5b285d04e5 Merge: eda741a 57eac09 Author: Dan McGee <dan@archlinux.org> Date: Tue Jul 5 22:01:29 2011 -0500 Merge remote-tracking branch 'dave/download' commit 57eac093c40b0a54ab5d9f14519b9e44140e0c3d Author: Dave Reisner <dreisner@archlinux.org> Date: Thu Jun 30 22:00:07 2011 -0400 absorb fileinfo struct into dload_payload This transitional struct becomes delicious noms for dload_payload. Signed-off-by: Dave Reisner <dreisner@archlinux.org> commit 3eec745910bb908717a8b4ed7f5b630a92a5c9eb Author: Dave Reisner <dreisner@archlinux.org> Date: Thu Jun 30 21:19:25 2011 -0400 absorb some _alpm_download params into payload struct Restore some sanity to the number of arguments passed to _alpm_download and curl_download_internal. Signed-off-by: Dave Reisner <dreisner@archlinux.org> commit 6dc71926f9b16ebcf11b924941092d6eab204224 Author: Dave Reisner <d@falconindy.com> Date: Fri Jun 24 00:18:01 2011 -0400 lib/dload: prevent large file attacks This means creating a new struct which can pass more descriptive data from the back end sync functions to the downloader. In particular, we're interested in the download size read from the sync DB. When the remote server reports a size larger than this (via a content-length header), abort the transfer. In cases where the size is unknown, we set a hard upper limit of: * 25MiB for a sync DB * 16KiB for a signature For reference, 25MiB is more than twice the size of all of the current binary repos (with files) combined, and 16KiB is a truly gargantuan signature. Signed-off-by: Dave Reisner <dreisner@archlinux.org> commit 6c9b82e72ac067207b1d66a3112485ad8d690f32 Author: Dave Reisner <d@falconindy.com> Date: Sat Jun 11 12:50:15 2011 -0400 dload: handle irregular URLs URLs might end with a slash and follow redirects, or could be a generated by a script such as /getpkg.php?id=12345. In both cases, we may have a better filename that we can write to, taken from either content-disposition header, or the effective URL. Specific to the first case, we write to a temporary file of the format 'alpmtmp.XXXXXX', where XXXXXX is randomized by mkstemp(3). Since this is a randomly generated file, we cannot support resuming and the file is unlinked in the event of an interrupt. We also run into the possibility of changing out the filename from under alpm on a -U operation, so callers of _alpm_download can optionally pass a pointer to a *char to be filled in by curl_download_internal with the actual filename we wrote to. Any sync operation will pass a NULL pointer here, as we rely on specific names for packages from a mirror. Fixes FS#22645. Signed-off-by: Dave Reisner <d@falconindy.com> commit eda741ae93519bea80af45e01ba7417cc50a4e1b Author: Allan McRae <allan@archlinux.org> Date: Tue Jul 5 01:28:27 2011 +1000 repo-add: backup old database signature too If you are keeping a copy of the old database, you probably want to keep a copy of its signature too. Also, delete the previously backed-up database signature if no new one is being copied. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org> commit 043931ca452f6b231eb5b9b0863329843677bd2a Author: Dan McGee <dan@archlinux.org> Date: Tue Jul 5 14:18:16 2011 -0500 Rework -Si display logic We did some funny stuff here before to allow specifying fully-qualified package names, such as 'testing/gcc' or 'core/gcc'. However, it was done by duplicating code, not to mention an early escape if a repository could not be found for an early target. Something like `pacman -Si foo/bar core/gcc' would not give expected results, although `pacman -Si bar gcc' would. Clean up the code, remove strncpy() usage, and clarify the error messages a bit. Signed-off-by: Dan McGee <dan@archlinux.org> commit e2f00abe26c530a380ef687e50d91e07c6ba57c4 Author: Allan McRae <allan@archlinux.org> Date: Wed Jul 6 04:01:14 2011 +1000 pacman-key: fix syntax highlighting The lone quotation mark in "pacman's" causes issues for some syntax highlighting. Change the printing of the nessage from echo to printf so we can invisibly escape it. Signed-off-by: Allan McRae <allan@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org> commit 62880d7568649a54b4af1ffd8a61b488cbacdfd3 Author: Dave Reisner <dreisner@archlinux.org> Date: Wed Jun 29 12:59:07 2011 -0400 contrib/paclist: rewrite in bash The original concept for this script was a bash implementation, but turned out to be unreasonable at the time due to the efficiencies of the database format. Since those have been resolved, we can rewrite this in bash as a much simpler script. All the action happens in a single line, but we add extend this a little, binding to gettext to keep our pacman translations intact. Signed-off-by: Dave Reisner <dreisner@archlinux.org> Signed-off-by: Dan McGee <dan@archlinux.org> commit 36474af463d0d8ce758f827d31a378624062b955 Author: Florian Pritz <bluewind@xinu.at> Date: Tue Jul 5 23:30:54 2011 +0200 fix segfault if pacman.conf can't be read Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Dan McGee <dan@archlinux.org> commit ae7139adcfa65991c71616e8de7910ff722d4166 Author: Dan McGee <dan@archlinux.org> Date: Tue Jul 5 14:16:17 2011 -0500 Remove most usages of strncmp() The supposed safety blanket of this function is better handled by explicit length checking and usages of strlen() on known NULL-terminated strings rather than hoping things fit in a buffer. We also have no need to fully fill a PATH_MAX length variable with NULLs every time as long as a single terminating byte is there. Remove usages of it by using strcpy() or memcpy() as appropriate, after doing length checks via strlen(). Signed-off-by: Dan McGee <dan@archlinux.org> commit 44889da5b704483b7ee013ec828ff64b64980de8 Author: Dave Reisner <dreisner@archlinux.org> Date: Sun Jul 3 19:58:19 2011 -0400 dload: rearrange code to avoid extra cpp block Signed-off-by: Dave Reisner <dreisner@archlinux.org> commit 6cce517f1a78df885a1574252b3db9886185159d Author: Dave Reisner <dreisner@archlinux.org> Date: Sun Jul 3 18:55:04 2011 -0400 lib/rawstr: borrow raw string functions from curl We'll need these functions to do locale agnostic and case insensitive string comparisons. Signed-off-by: Dave Reisner <dreisner@archlinux.org> ----------------------------------------------------------------------- Summary of changes: contrib/paclist.in | 85 ++++------------- lib/libalpm/Makefile.am | 1 + lib/libalpm/be_sync.c | 30 ++++-- lib/libalpm/dload.c | 232 +++++++++++++++++++++++++++++++++------------ lib/libalpm/dload.h | 15 ++- lib/libalpm/handle.c | 2 +- lib/libalpm/rawstr.c | 135 +++++++++++++++++++++++++++ lib/libalpm/sync.c | 39 +++++--- lib/libalpm/util.h | 2 + scripts/pacman-key.sh.in | 2 +- scripts/repo-add.sh.in | 6 +- src/pacman/conf.c | 4 +- src/pacman/query.c | 17 ++-- src/pacman/sync.c | 78 ++++++---------- src/pacman/util.c | 11 +-- src/util/vercmp.c | 2 +- 16 files changed, 439 insertions(+), 222 deletions(-) create mode 100644 lib/libalpm/rawstr.c hooks/post-receive -- The official pacman repository