| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Especially a newline can produce havoc in the database file as
the filename is written there as-is. This hardenes the extraction
to consider any control character as malicious. Additional
hardening is added to database loading to better detect corrupt
state and return proper error code about it.
Reported-by: Luca Weiss <luca@z3ntu.xyz>
|
|
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021
+0100) did attempt to address this issue, the buffer really is still to
small when dealing with big-big dependency lists.
Lets make it sufficiently large for now, until the new APKINDEX format
can support multi-line dependencies, making this not needed any more.
[TT: Originally the buffer size was conservative to run on resource
constrained embedded platforms. But since the available memory on those
has also increased much, the adjustment to 128kB makes sense also to
increase performance a little bit. Removing also the iolimit test.]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
|
|
It turns out inflate() can output zero bytes, even if it consumed
data. This had the unfortunate side effect of returning zero bytes
(end-of-file) condition before calling the boundary callbacks. This
fixes the logic to not return zero reads on gzip boundary.
In practice this fixes the seldom seen issues of apk reporting
bad signature (when it was correct).
|
|
|
|
Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.
|
|
The connection pooling was broken in two ways:
1. The original URL was always used as the connection pool URL,
resulting in duplicate connections to the proxy for http URLs
(each http URL would get separate proxy connection)
2. The cache_url stored was always the socket level connect URL.
In case of HTTPS, the lookup was done done with the real URL,
but the proxy URL was stored as the "cache URL". Thus HTTPS
CONNECT connections were never re-used.
This fixes the code with following logic:
1. The cache key url is the real URL when no-proxy, or when HTTPS
with proxy (the socket is connected to proxy, but logically it
is connected to the real URL due to HTTP CONNECT request).
And for HTTP with proxy, it's the proxy URL so same proxy
connection can be reused for all requests going through it.
2. fetch_connect() now gets cache key URL separately, and it always
gets the same value as the fetch_cache_get() calls.
|
|
fixes #10734
|
|
Instead of skipping just one line, properly parse the response headers.
[TT: reworded commit message]
|
|
This enables matching numeric hosts against CIDR style subnet
matches in no_proxy environment variable.
Based on work by Thermi.
Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>
|
|
Commit e4aae45f removed the short options. Update the documentation.
Fixes #10733
|
|
Regression introduced by 0fb0d30 which makes parsing a description
a critical failure.
[TT: Minor stylistic change. Fix also missing final line change
from the earlier commit]
|
|
As an APKINDEX can become arbitrarely long due to dependencies and
other parameters, increasing the buffer size make this less likely
to happens.
Closes #10731.
|
|
In case of failure when loading an APKINDEX, no errors are
propagated to the user which may uncorrectly interpret the
current problem.
|
|
Signed-off-by: Mike Detwiler <det@shift5.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Document the version when changed. And print error with similar note
if the given repositories-file cannot be read.
|
|
fixes #10688
|
|
On some systems the `/var/` dir is mounted in a tmpfs which is reseted
after each reboot. For that reason no post-install script can handle the
creation of the cache dir at `/var/cache/apk`.
Check on database opnening if the folder is available, if not create it.
Fixes #10715
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
It used to be relative to the --root specified root, but that
causes issues with relative command line filenames and is unintuitive.
Update documentation accordingly. Fixes #10702.
|
|
fixes #10710
|
|
fixes #10703
|
|
|
|
|
|
Closes #10708.
|
|
|
|
unintentional regression from commit edb45ae464
fixes #10707
|
|
|
|
|
|
|
|
|
|
This uses some macro trickery to make sure that there's one-to-one
mapping with the option index enum and the descriptor. The down
side is that enum's are generated via #define's and editors might
not pick them up for auto completion, but the benefits are more:
it's no longer possible have mismatching enum value and descriptor
index, and the amount of source code lines is less.
|
|
|
|
Fixes #10667 and #10700
|
|
If getservbyname() fails, libfetch will attempt to connect to port 0.
|
|
|
|
Some triggers and maintainer scripts depend on /dev/random, /dev/urandom,
/dev/zero and /dev/console.
|
|
fixes 12fdf6fc "allow building without help..."
|
|
This greatly helps with memory management on applications that
may want to daemonize and open/close database several times.
Also the lifetime and "owner" of memory for all data is now
explicitly bound to owning struct apk_database, which might
be helpful when writing language bindings. As side effect, the
interned "atoms" are unique only within what apk_database, so
comparing packages from different apk_database may not work
as expected.
Fixes #10697
|
|
fixes #10696
|
|
define APK_DEFAULT_ARCH for riscv32 and riscv64 targets
See merge request alpine/apk-tools!26
|
|
|
|
Fixes #10686 to not use uninitialized value in the error paths.
|
|
|
|
|
