summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-12-14applet: rework APK_DEFINE_APPLET to use constructor attributeAriadne Conill4-40/+29
this allows the applet registration to work in a portable way, without having to weird things with the linker. ref #10794 [TT: rebased for 2.12]
2021-12-14ci: create release from tagsKevin Daudt1-0/+47
2021-12-14ci: add job to build static binaryKevin Daudt1-0/+26
2021-12-14libfetch: use pkg-config to find openssl cflagsAriadne Conill1-0/+7
on mac, openssl is usually provided by Homebrew or some other third-party package management system, which means pkg-config is needed to find it. we already use pkg-config to find openssl when building apk itself. ref #10794
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill7-7/+1
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-12-14lua: remove features.hAriadne Conill1-1/+0
features.h is a GNU-specific header, and is not required for POSIX-compatible code macOS does not provide features.h ref #10794
2021-12-14commit: print download size of packages in interactive modeTimo Teräs1-3/+12
ref #10788
2021-12-14fix fetching of depdencies only packagesTimo Teräs4-16/+12
Remove the APK_REPOSITORY_CACHED bit from dependencies only packages (that is, installed_size == 0). For fetch, the problem is that apk_db_select_repo() would return the cache repository, but the package would not be there. Update also the locations needed to handle these packages correctly without the cached repository bit being set.
2021-11-12apk-tools-2.12.8v2.12.8Timo Teräs1-1/+1
2021-11-12fetch: add --url option to print the download URLsTimo Teräs2-6/+17
2021-11-12db: purge temporary files without explicit modification checkTimo Teräs1-1/+2
When extraction failed, the user has had no opportunity to edit any files. Just clean up.
2021-10-25version: increase number of digits supported in version componentTimo Teräs2-3/+7
Report also version numbers as invalid if there's more than 18 digits. fixes #10774
2021-08-23tar: improve compatibilityTimo Teräs1-20/+30
- check magic field for 'ustar' on read - harden get_octal to report errors on non-octal characters (e.g. GNU base256 encoding), fixes #10757 - fix mtime and size octal fields to not have zero terminator
2021-08-23db: honor SOURCE_DATE_EPOCH for scriptdbTimo Teräs1-2/+0
fixes #10762
2021-08-23list: recognize both --upgradable and --upgradeableTimo Teräs2-2/+4
fixes #10759
2021-08-03apk-tools-2.12.7v2.12.7Timo Teräs1-1/+1
2021-08-03libfetch: fix http chunked mode handlingTimo Teräs1-1/+1
Unbreak handling of base 16 in fetch_parseuint(). It is used only in http chunked mode handling. Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
2021-07-26apk-tools-2.12.6v2.12.6Timo Teräs1-1/+1
2021-07-26libfetch: fix range checking for http/ftp protocol parsingTimo Teräs5-61/+70
Various parsing of numeric strings were not having adequate range checking causing information leak or potential crash. CVE-2021-36159 fixes #10749 Co-authored-by: Ariadne Conill <ariadne@dereferenced.org> Reported-by: Samanta Navarro <ferivoz@riseup.net>
2021-07-26db: fix installed db writing with long namesSamanta Navarro1-6/+11
Packages containing files with path names longer than 1024 characters cannot fit into the buffer which is used to write "installed" database. This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because apk_blob_push_blob notices the condition and correctly handles it. The problem occurs when arguments to apk_ostream_write are manually calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a case, bbuf.ptr - buf leads to a huge size value while buf still points into the stack. fixes #10751 [TT: minor edit to commit and abbreviating the commit message]
2021-07-26Use __attribute__ ((format)) where possible and fix issues found by itTimo Teräs3-7/+10
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd3-1/+18
[TT: minor stylistic changes]
2021-07-23db: allow read-only operations without cacheTimo Teräs4-11/+29
fixes #10748
2021-07-23libfetch: simplify code by merging protocol error handling branchesTimo Teräs2-36/+22
removes some code duplication
2021-07-23db: check syscall errors in update_permissions()Timo Teräs1-5/+17
2021-07-23doc: add missing options to index, info, and versionRodrigo Lourenço3-12/+23
2021-07-23Document apk-searchRodrigo Lourenço3-0/+45
Fixes #10746.
2021-07-23Remove AUTHORS section from man pagesTimo Teräs22-110/+0
Use of an AUTHORS section is strongly discouraged. Generally, it is better not to clutter every page with a list of (over time potentially numerous) authors. Add your name to comments in sources, or the root level AUTHORS file instead.
2021-07-23Disable progress bar on dumb terminals by defaultSören Tempel1-1/+6
The progress bar requires the terminal emulator to support ANSI escape sequences. Normally, TERM is set to dumb to indicate that the terminal emulator doesn't support any ANSI escape sequences. Attempting to use ANSI escape sequences on dumb terminals will lead to weird output. In order to make apk work by default, even on dumb terminals, this commit introduces an additional check which consults $TERM and disables the progress bar if it is set to "dumb". [TT: backported to 2.12]
2021-05-20solver: don't consider requirer count for preferenceTimo Teräs3-18/+29
The original intent was to choose packages to which there is most dependencies. However, since the code has evolved this is has been mostly obsolete. And in fact now interferes with the provides and provides priority mechanism. Remove this as obsolete. Fixes #10742
2021-04-12apk-tools-2.12.5v2.12.5Timo Teräs1-1/+1
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs3-10/+11
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.
2021-03-23apk-tools-2.12.4v2.12.4Timo Teräs1-1/+1
2021-03-19database: do not chroot(".") unless actually necessaryAriadne Conill2-2/+14
If we use default root (/), then we do not have to chroot to run scripts. Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps with using apk with bwrap and OSTree. Closes #10736. [TT: backported to 2.12-stable]
2021-03-19del: report correctly package's provides namesTimo Teräs1-9/+21
The code assumed that when package is in world, it would be there by it's primary name. The code is now updated to properly print the package names that are actually present in world. fixes #10718
2021-03-16libfetch: send Proxy-Authorization also for https connectTimo Teräs1-8/+20
fixes #10738
2021-03-13Use correct port when redirectedMartin Vahlensieck1-1/+1
If server redirects from http to https, libfetch detects this, but wrongly uses the old url scheme to determine the port. This subsequently leads to the following OpenSSL error: 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: Using the new scheme fixes this. This error message comes from trying to connect to port 80 with TLS, it can also be observed by issuing $ openssl s_client -connect alpinelinux.org:80 This bug was introduced in commit: 7158474 libfetch: keep http auth only if redirect is for the same host
2021-02-07apk-tools-2.12.3v2.12.3Timo Teräs1-1/+1
2021-02-07db: fix control character check to use uint8_tTimo Teräs1-2/+2
fixes #10737
2021-02-07apk-tools-2.12.2v2.12.2Timo Teräs1-1/+1
2021-02-07db: consider control characters in filename as maliciousTimo Teräs3-11/+25
Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-02-07io: Handle really long linesOlliver Schinagl3-19780/+1
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021 +0100) did attempt to address this issue, the buffer really is still to small when dealing with big-big dependency lists. Lets make it sufficiently large for now, until the new APKINDEX format can support multi-line dependencies, making this not needed any more. [TT: Originally the buffer size was conservative to run on resource constrained embedded platforms. But since the available memory on those has also increased much, the adjustment to 128kB makes sense also to increase performance a little bit. Removing also the iolimit test.] Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-02-07gunzip: fix false end-of-file condition in rare circumstancesTimo Teräs1-1/+1
It turns out inflate() can output zero bytes, even if it consumed data. This had the unfortunate side effect of returning zero bytes (end-of-file) condition before calling the boundary callbacks. This fixes the logic to not return zero reads on gzip boundary. In practice this fixes the seldom seen issues of apk reporting bad signature (when it was correct).
2021-01-19apk-tools-2.12.1v2.12.1Timo Teräs1-1/+1
2021-01-19libfetch: harden URL parsingTimo Teräs1-11/+28
Treat URLs with too long individual components as malformed instead of silently truncating that field. There might be unexpected results if hostname, username or password field gets truncated.
2021-01-19libfetch: fix connection pooling for proxied http/https requestsTimo Teräs4-15/+14
The connection pooling was broken in two ways: 1. The original URL was always used as the connection pool URL, resulting in duplicate connections to the proxy for http URLs (each http URL would get separate proxy connection) 2. The cache_url stored was always the socket level connect URL. In case of HTTPS, the lookup was done done with the real URL, but the proxy URL was stored as the "cache URL". Thus HTTPS CONNECT connections were never re-used. This fixes the code with following logic: 1. The cache key url is the real URL when no-proxy, or when HTTPS with proxy (the socket is connected to proxy, but logically it is connected to the real URL due to HTTP CONNECT request). And for HTTP with proxy, it's the proxy URL so same proxy connection can be reused for all requests going through it. 2. fetch_connect() now gets cache key URL separately, and it always gets the same value as the fetch_cache_get() calls.
2021-01-19libfetch: fix use-after-free in connection cache managementTimo Teräs1-3/+3
fixes #10734
2021-01-19libfetch: fix parsing of proxy response to CONNECT requestsConny Seifert1-6/+1
Instead of skipping just one line, properly parse the response headers. [TT: reworded commit message]
2021-01-17libfetch: support for CIDR subnets in no_proxy/NO_PROXYTimo Teräs1-1/+65
This enables matching numeric hosts against CIDR style subnet matches in no_proxy environment variable. Based on work by Thermi. Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>