summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* apk-tools-2.6.10v2.6.102.6-stableTimo Teräs2018-09-101-1/+1
|
* rework unpacking of packages and harden package file format requirementsTimo Teräs2018-09-105-103/+140
| | | | | | | | | | | | | | | | | | | | A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz> (cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)
* apk: sanitize return valueTimo Teräs2018-09-061-0/+3
| | | | | | | | | | | Most applets return whatever apk_solver_commit() returns. It is the number of errors found (or negative for hard error). Sanitize the error value to not give false success exit code in the unlikely case of errors % 256 == 0. Reported-by: Max Justicz <max@justi.cz> (cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9) (cherry picked from commit 7c90fd0529c0358dd04cab0fce506e8a8b191506)
* archive: enable FIFO extractionJesse Young2018-09-061-2/+4
| | | | (cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)
* io: fix skip and splice to detect unexpected end-of-fileTimo Teräs2018-09-062-31/+22
| | | | (cherry picked from commit 2f3c8420493a731556909eb3ebd6d50478fb7b24)
* tar: return correct error for short read of tar archiveTimo Teräs2018-09-061-3/+8
| | | | (cherry picked from commit ca368916e0333bf24cdcbdbe42130ec6a92c3f6e)
* apk-tools-2.6.9v2.6.9Timo Teräs2017-06-231-1/+1
|
* archive: validate reading of pax and gnu long filename extensionsTimo Teräs2017-06-231-14/+14
| | | | | | | | Detect properly if the file stream gets an error during these read operations. Reported-by: Ariel Zelivansky from Twistlock (cherry picked from commit cd531aef3033475c26f29a1f650a3bf392cc2daa)
* archive: fix incorrect bounds checking for memory allocationTimo Teräs2017-06-231-2/+4
| | | | | | | | | | | | | The value from tar header is unsigned int; keep it casted to unsigned int and size_t instead of (signed) int, otherwise the comparisons fail to do their job properly. Additionally check entry.size against SSIZE_MAX so the rounding up later on is guaranteed to not overflow. Fixes CVE-2017-9669 and CVE-2017-9671. Reported-by: Ariel Zelivansky from Twistlock (cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)
* apk-tools-2.6.8v2.6.8Timo Teräs2016-10-251-1/+1
|
* pkg: reset umask for package scriptsTimo Teräs2016-08-231-0/+1
| | | | | | | It is unreasonable to assume that all package writers would except to reset umask themselves. It's done currently in most packages, but we had first issue of this kind recently, so better just reset umask.
* upgrade: improve self upgrade functionality a bitTimo Teräs2016-07-2213-15/+166
| | | | trigger it only if apk-tools can be upgrade, add test cases
* lua: remove unused reg_apk_db_meta_methodsTimo Teräs2016-07-221-5/+0
|
* detect aarch64 architecture and assign default name for itTimo Teräs2016-07-081-2/+3
|
* fix cross-compiling to pick right libfetch.aTimo Teräs2016-07-061-1/+1
|
* info: add support for --licenseNatanael Copa2016-06-131-0/+16
| | | | print license with the --license option.
* build: allow override compiler/linker flags for external libsNatanael Copa2016-06-131-9/+11
| | | | | | Make it possible to individually override openssl, zlib and libfetch cflags and linker flags. This makes it possible to build apk-tools without having pkg-config installed.
* fix info --who-owns to work with relative filenamesTimo Teräs2016-05-311-5/+12
| | | | fixes #5656
* apk-tools-2.6.7v2.6.7Timo Teräs2016-05-271-1/+1
|
* index: don't return error if --index does not existsTimo Teräs2016-05-271-2/+2
| | | | | | it's only used to speed up things, and having it non-existant is not a fatal error - all included things in index will be passed in command line anyway
* apk: don't exit with error code for -V and --print-archTimo Teräs2016-04-191-0/+2
|
* blob: fix sign extension in test_bitTimo Teräs2016-04-031-1/+1
|
* fetch: allow enabling --simulateTimo Teräs2016-02-162-2/+6
|
* implement fetch --purgeTimo Teräs2016-02-161-0/+36
| | | | | | | | which will delete any .apk package on output directory that were not downloaded by fetch this allows apk fetch to incrementally build repositories for binary images
* apk-tools-2.6.6v2.6.6Timo Teräs2016-02-091-1/+1
|
* archive: fix long symlink target namesTimo Teräs2016-02-091-2/+2
| | | | | don't overwrite the link_target if it was found from pax header. ref #5076
* commit: self-conflict error and satisfies printingTimo Teräs2015-12-103-11/+20
| | | | | | - self-conflicts when the exact same version of a name is provided twice is now properly detected and diagnozed - don't print redundant satisfies diagnostic
* solver: more debug output for package errorsTimo Teräs2015-12-101-7/+11
|
* db: add support for --no-cacheNatanael Copa2015-12-073-1/+12
| | | | | | | | | Implement --no-cache. The index is read directly from network and not cached. This is useful for docker, where you install a set of packages and directly after purge the cache. (see https://github.com/gliderlabs/docker-alpine/blob/1fc9e59d1689fc4eaf930ec66389fe58062fccec/builder/scripts/apk-install) fixes #4905
* apk-tools-2.6.5v2.6.5Timo Teräs2015-11-121-1/+1
|
* info: fix --installed test of conflictsTimo Teräs2015-11-121-5/+5
|
* add armv7 targetTimo Teräs2015-11-121-0/+2
|
* io, database: preserve [am]time for cached and fetched filesTimo Teräs2015-11-097-11/+122
| | | | | | | | | | | preserve [am]time for all packages and indexes. this fixes the caching error that 'apk update' is after new index is generated, but before the used mirror is synchronized. this caused local apkindex timestamp to be newer than file in mirror, when in fact it was outdated index. this also fixes fetched files to have build timestamp so that files going to .iso or custom images have proper timestamps (rsync with appropriate --modify-window now works)
* search: match packages only onceTimo Teräs2015-11-091-0/+9
| | | | | | | fixes #4770 apk_name_foreach_matching() can matches each package via it's main name and all it's provides. Print matched packages only once.
* io: fix posix_fallocate failure handlingNatanael Copa2015-10-081-1/+1
| | | | | We need fall back to a splice buffer if posix_fallocate call fails due to file being a device (eg tty) or a pipe. This fixes apk fetch --stdout.
* blob: Add missing headerAndrew Wilcox2015-10-081-0/+1
|
* apk-tools-2.6.4v2.6.4Timo Teräs2015-09-111-1/+1
|
* db: stop extract more files if disk is fullTimo Teräs2015-09-031-2/+4
|
* io: use posix_fallocate to allocate disk spaceTimo Teräs2015-09-031-3/+8
| | | | | | ftruncate does not allocate it, and subsequent access to mmaped file will result in SIGBUS. this fixes to properly report disk full errors.
* apk-tools-2.6.3v2.6.3Timo Teräs2015-07-031-1/+1
|
* relocate lock file to /lib/apk/dbTimo Teräs2015-07-021-3/+2
| | | | | | the problem is that var/lock is on root installs symlink to /run/lock (on tmpfs) and does not exist if doing chroot() to that root. fixes apk to work when chrooted to existing rootfs install.
* remove db dir entry properly, so it can be recreated properly if neededTimo Teräs2015-06-261-7/+7
| | | | fixes #4261
* apk-tools-2.6.2v2.6.2Timo Teräs2015-06-121-1/+1
|
* add simple stats appletTimo Teräs2015-06-123-2/+67
|
* free atoms when VALGRIND is definedTimo Teräs2015-06-121-0/+10
|
* for completeness free all arrays before exitTimo Teräs2015-06-122-0/+2
| | | | so valgrind does not report any leaks
* fix bstream_from_fd to use mmap when availableTimo Teräs2015-06-121-1/+2
|
* fix search --has-origin to not leak memoryTimo Teräs2015-06-121-1/+1
|
* optimize base64 decoding a bitTimo Teräs2015-06-121-20/+16
| | | | it's a hot path for decoding checksums in fdb
* use murmur3_32 hashTimo Teräs2015-06-111-6/+45
| | | | it is more efficient than the previously used djb hash