| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021
+0100) did attempt to address this issue, the buffer really is still to
small when dealing with big-big dependency lists.
Lets make it sufficiently large for now, until the new APKINDEX format
can support multi-line dependencies, making this not needed any more.
[TT: Originally the buffer size was conservative to run on resource
constrained embedded platforms. But since the available memory on those
has also increased much, the adjustment to 128kB makes sense also to
increase performance a little bit. Backported to 2.10-stable.]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
|
|
|
|
Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.
Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
|
|
|
|
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.
CVE-2021-36159
fixes #10749
Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
|
|
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes #10751
[TT: minor edit to commit and abbreviating the commit message]
|
|
|
|
removes some code duplication
|
|
|
|
The progress bar requires the terminal emulator to support ANSI escape
sequences. Normally, TERM is set to dumb to indicate that the terminal
emulator doesn't support any ANSI escape sequences. Attempting to use
ANSI escape sequences on dumb terminals will lead to weird output. In
order to make apk work by default, even on dumb terminals, this commit
introduces an additional check which consults $TERM and disables the
progress bar if it is set to "dumb".
[TT: backported to 2.12]
|
|
The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.
Fixes #10742
|
|
|
|
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.
Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
|
|
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.
(cherry picked from commit 3c339a74d1b9dba23d60d6c769d99227d75cc6dc)
|
|
If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps
with using apk with bwrap and OSTree.
Closes #10736.
[TT: backported to 2.12-stable]
(cherry picked from commit 73504fb7ab2bb659660dae7e1cafab0cfedeb13d)
|
|
The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.
fixes #10718
(cherry picked from commit ff0ea8265f0621995b94b69416e2a1709f1cbec6)
|
|
fixes #10738
(cherry picked from commit 358c3172ef57b7e7616cbaaad582cab908097694)
|
|
If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:
139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
Using the new scheme fixes this. This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
$ openssl s_client -connect alpinelinux.org:80
This bug was introduced in commit:
7158474 libfetch: keep http auth only if redirect is for the same host
(cherry picked from commit 63d05ee450c1a810cc33f7dfad9d660f993a9d1c)
|
|
fixes #10737
(cherry picked from commit ab7b8e3c995eb5a05ddbaa4546cd16a10da2d836)
|
|
Especially a newline can produce havoc in the database file as
the filename is written there as-is. This hardenes the extraction
to consider any control character as malicious. Additional
hardening is added to database loading to better detect corrupt
state and return proper error code about it.
Reported-by: Luca Weiss <luca@z3ntu.xyz>
(backported from commit c1594f60770483625891541375a074fe07338401)
|
|
Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.
(cherry picked from commit 5edd60a4e5a996590fed591e7d3a9b8167156daa)
|
|
The connection pooling was broken in two ways:
1. The original URL was always used as the connection pool URL,
resulting in duplicate connections to the proxy for http URLs
(each http URL would get separate proxy connection)
2. The cache_url stored was always the socket level connect URL.
In case of HTTPS, the lookup was done done with the real URL,
but the proxy URL was stored as the "cache URL". Thus HTTPS
CONNECT connections were never re-used.
This fixes the code with following logic:
1. The cache key url is the real URL when no-proxy, or when HTTPS
with proxy (the socket is connected to proxy, but logically it
is connected to the real URL due to HTTP CONNECT request).
And for HTTP with proxy, it's the proxy URL so same proxy
connection can be reused for all requests going through it.
2. fetch_connect() now gets cache key URL separately, and it always
gets the same value as the fetch_cache_get() calls.
(cherry picked from commit aa1f935c05129288f1550782e34d529fc77dda0a)
|
|
fixes #10734
(cherry picked from commit c37b385beefd0e8324bf70f011e52a8c65f7fddf)
|
|
Instead of skipping just one line, properly parse the response headers.
[TT: reworded commit message]
(cherry picked from commit b1935a1e79854b332b04916a2829b0c09d1b26c9)
|
|
Signed-off-by: Mike Detwiler <det@shift5.io>
(cherry picked from commit d438cdfbeb13b0f38c0bef321fc767926df0e4e1)
|
|
(cherry picked from commit 3890035c21e40aca7d5360bfc40e4b7ab9f10c50)
|
|
fixes #10688
(cherry picked from commit 7158474f1ba2bd24c6a9b2b1bbd53984414c0343)
|
|
On some systems the `/var/` dir is mounted in a tmpfs which is reseted
after each reboot. For that reason no post-install script can handle the
creation of the cache dir at `/var/cache/apk`.
Check on database opnening if the folder is available, if not create it.
Fixes #10715
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit dac30d50497214c8722a57ee1ae8d3c369babe38)
|
|
fixes #10710
(cherry picked from commit 6cedfe27ac566e7de7d0c24778c4280e8311bbec)
|
|
fixes #10703
(cherry picked from commit 8a794021c42baf8e1c12ae5e8e8313b66443002e)
|
|
(cherry picked from commit c269e9c24da57ab1b69ad6c80e9a1cb52b2b67d2)
|
|
If getservbyname() fails, libfetch will attempt to connect to port 0.
(cherry picked from commit ffcdd350d02fb51d91e83a153e58ddbb66bfeb31)
|
|
Fixes #10686 to not use uninitialized value in the error paths.
(cherry picked from commit 7b76182f39c4b42f4bb498b7cc75384a36afd855)
|
|
Fix comparing of the hostname portion that matches exactly.
The no_proxy matching is pretty rudimentary though and probably
could go through a bit of additional rework.
Fixes #10681
(cherry picked from commit d6c54f932054c58aee8f7a6d2bd49b115d804da1)
|
|
- split the code to a helper function
- do not set sockets to corked state when putting back to
cache so socket state is always deterministic
- cork/uncork also when sending CONNECT to a proxy, this
can reduce a little bit the latency how fast the packet
gets sent out
- also pair corking with uncorking in http_request to make
it more obvious pairing
(cherry picked from commit eae92bbacf3c005bf12f8f5f5555bff953ebb5d7)
|
|
The recent TCP_CORK change missed this bit of code. This change
should improve performance a bit when making HTTP requests by calling
http_cmd only once instead of three times.
(cherry picked from commit 09dbe46a7608f56f07914137834e7ddda15c4837)
|
|
(cherry picked from commit b879d9ea5969a54b99e0780e699c4e72f3c9a78c)
|
|
(cherry picked from commit 2d86411446b307b772da76f25ff5b5080533f3a5)
|
|
Some screen size are quite small. For example, the default phosh
terminal is less than 50 character wide on Pinephone. This lowers the minimum
loading bar size to 25 characters.
For comparison, 25 character wide is just as wide as "apk add firefox
linux-lts" without the quotes.
Here's a bad picture to illustrate the result
gitlab.alpine.org/uploads/48c20f746fbf685b62b6bd73585ecbf2/pinephone-phosh.png
(cherry picked from commit e8522411c1b410c87049e9b77b391caf2f158be7)
|
|
fixes #10677
src/apk_defines.h:152:15: error: unknown type name 'uint32_t'
static inline uint32_t get_unaligned32(const void *ptr)
^~~~~~~~
(cherry picked from commit a9916c2d4a14a509daf7e3bc73faee3a8134071f)
|
|
(cherry picked from commit 72944554a6fc3b9fa19d42f571e833a318186af2)
|
|
(cherry picked from commit c054fbc11e9beca0d45285c3e1f448c81416c5ce)
|
|
|
|
|
|
|
|
|
|
Unfortunately libfetch operates on raw sockets and is sending
each HTTP request line using separate syscall which causes the
HTTP request to be sent as multiple packets over the wire in most
configurations. This is not good for performance, but can also
cause subtle breakage if there's DPI firewall that does not get
the Host header.
Incidentally, it seems that on BSDs libfetch already sets
TCP_NOPUSH optimize the packetization. This commit adds same
logic for using TCP_CORK if available. When using TCP_CORK
there is no requirement to set TCP_NODELAY as uncorking will
also cause immediate send. Keep TCP_NODELAY in the fallback
codepaths.
Long term, it might make sense to replace or rewrite libfetch
to use application level buffering.
(cherry picked from commit 271047cc930150a2972573625124b0c097ad322a)
|
|
- do not do unaligned accesses on non-x86 hardware
- clean up the code a little bit
(cherry picked from commit 3694dc5fa2660e2b241d706ec1672beb0a9c24b8)
|
|
Related to MR !15
(cherry picked from commit d60477751f374a2d58dc73f64dca4ff95ea39a00)
|
|
Instead, to make sure test mode produces same output, redefine
time() for the test mode binary.
Reverts parts of 0b82bcc53e60.
(cherry picked from commit 45d313c51cbae20bce0789db86ba82ff79c9b202)
|
