forbid package file paths . and ..

[zpackage] / db.sql

diff --git a/db.sql b/db.sql
index 1ad3d17e5da68361a998dc1ea5ab4bf7db44b90d..b1343d00a3b6a7f829452af0868f1de2c04798e1 100644 (file)
--- a/db.sql
+++ b/db.sql
@@ -157,6 +157,7 @@ create table packagefiles (
        check (not (filetype = 'h' and target is null)),
        check (target is null or length(target) between 1 and 4095),
        check (hash is null or length(hash) between 1 and 1024),
+       check (path not in ('.', '..')),
        check (not (filetype = 'r' and hash is null)),
        check (not (filetype = 'c' and device is null)),
        check (not (filetype = 'b' and device is null)),
@@ -171,6 +172,7 @@ without rowid
 create index packagefile_package_index on packagefiles (package);
 create index packagefile_path_index on packagefiles (path);
 create index packagefile_hash_index on packagefiles (hash);
+create index pkgfile_configuration on packagefiles (configuration) where configuration = 1;
 
 create view packagefiles_pkgid as
 select printf('%s-%s-%s', package, version, release) as pkgid, *,
@@ -427,8 +429,7 @@ md_conflict as (
        on PA.package = PFA.package and PA.version = PFA.version and PA.release = PFA.release
        where PA.status in ('installing', 'installed')
        group by path
-       having (count(distinct
-       printf('%s:%s:%s:%s', PFA.filetype, PFA.mode, PFA.username, PFA.groupname)
+       having (count(distinct printf('%s:%s:%s:%s', PFA.filetype, PFA.mode, PFA.username, PFA.groupname)
        ) > 1 or count(distinct PFA.hash) > 1)
 )
 select PFH.*,