[pacman-dev] [PATCH 0/5][RFC] Die delta, die!

Allan McRae allan at archlinux.org
Sat Mar 2 10:19:11 UTC 2019 

Deltas are broken. So much so that I would strongly recommend never
using a delta from a repo that you did not generate yourself. In short,
we call "system(command)", with a command that includes the name of
a delta file, and the name of the package file before and after applying
the delta. The name of the delta and the package files is controlled by
the information in the repo, and could contain a malicious command to be
run as root.

We could possibly work around this, but it is a very risky piece of code
and I believe it would be very hard to fully secure. Instead, I propose
to remove delta support completely.

Allan McRae (5):
  Remove delta support from repo-add
  Remove pkgdelta
  Remove cleanupdelta
  Make pacman forget deltas exist
  Remove support for deltas from libalpm

 doc/Makefile.am            |   2 -
 doc/index.asciidoc         |   1 -
 doc/meson.build            |   1 -
 doc/pacman.conf.5.asciidoc |   8 -
 doc/pkgdelta.8.asciidoc    |  53 ------
 doc/repo-add.8.asciidoc    |  22 +--
 lib/libalpm/Makefile.am    |   1 -
 lib/libalpm/alpm.h         |  53 ------
 lib/libalpm/be_sync.c      |  21 +--
 lib/libalpm/delta.c        | 361 -------------------------------------
 lib/libalpm/delta.h        |  33 ----
 lib/libalpm/error.c        |   5 -
 lib/libalpm/handle.c       |  20 --
 lib/libalpm/handle.h       |   5 -
 lib/libalpm/meson.build    |   1 -
 lib/libalpm/package.c      |  14 --
 lib/libalpm/package.h      |   2 -
 lib/libalpm/po/POTFILES.in |   1 -
 lib/libalpm/sync.c         | 207 +--------------------
 meson.build                |   8 -
 scripts/.gitignore         |   1 -
 scripts/Makefile.am        |   3 -
 scripts/meson.build        |   1 -
 scripts/pkgdelta.sh.in     | 234 ------------------------
 scripts/po/POTFILES.in     |   1 -
 scripts/repo-add.sh.in     | 168 +----------------
 src/pacman/callback.c      |  19 --
 src/pacman/conf.c          |  25 ---
 src/pacman/conf.h          |   1 -
 src/pacman/pacman-conf.c   |  13 --
 src/pacman/po/POTFILES.in  |   1 -
 src/pacman/sync.c          |   5 +-
 src/util/.gitignore        |   2 -
 src/util/Makefile.am       |   5 +-
 src/util/cleanupdelta.c    | 135 --------------
 src/util/meson.build       |   1 -
 36 files changed, 27 insertions(+), 1407 deletions(-)
 delete mode 100644 doc/pkgdelta.8.asciidoc
 delete mode 100644 lib/libalpm/delta.c
 delete mode 100644 lib/libalpm/delta.h
 delete mode 100644 scripts/pkgdelta.sh.in
 delete mode 100644 src/util/cleanupdelta.c

-- 
2.20.1

More information about the pacman-dev mailing list