| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
fixes #10825
|
|
The gzip library can drain all of the input to internal buffers
and still keep providing data even if avail_in is zero. Previously
it was assumed that avail_in != 0 if there is still data expected out,
but this logic breaks near end-of-file for multiple short reads.
Adjust logic to not process end-of-file event too early.
fixes #10809
|
|
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.
fixes #6591
|
|
This reverts most of 0dcbd933 which allowed automatic selection
of package with a "virtual provides" having only one provider.
While convenient, it creates problems if multiple versions of the
same package exist, or if in future other providers would be added
to one of the repositories. This restore the original behaviour,
and improve the error message to tell the user to mention one of
the providers explicitly.
fixes #10810
|
|
|
|
Allow controlling 'cache download' more closely to 'upgrade' so
it can be used to pre-download packages for ugprade.
|
|
|
|
Handle meta data error to produce hard failure.
fixes #10806
|
|
Fixes compilation on MacOS X
|
|
To reduce the file size, strip the static binary.
|
|
For 32-bits arches, we use 64-bit arches in 32-bit mode. Docker by
default wants to pull the image for the native arch, so unless we take
care, the binaries will be built for the wrong arch.
Use the arch tagged images we build to make sure we get the correct image.
|
|
|
|
Currently, special characters in the username or password are not
handled correctly (when set in $http_proxy and $https_proxy). They
should be percent encoded in the environment variables then decoded
by libfetch and reencoded using base64. This implementation is mainly
taken from the current FreeBSD source and adapted to the apk-tools
version of libfetch.
fixes #10775
|
|
clang does not ignore inline functions when checking for unused functions
ref #10794
|
|
this allows the applet registration to work in a portable way, without having to
weird things with the linker.
ref #10794
[TT: rebased for 2.12]
|
|
|
|
|
|
on mac, openssl is usually provided by Homebrew or some other third-party
package management system, which means pkg-config is needed to find it.
we already use pkg-config to find openssl when building apk itself.
ref #10794
|
|
musl implements support for malloc.h, but it is only a stub. we do not use
any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead.
ref #10794
|
|
features.h is a GNU-specific header, and is not required for POSIX-compatible code
macOS does not provide features.h
ref #10794
|
|
ref #10788
|
|
Remove the APK_REPOSITORY_CACHED bit from dependencies only
packages (that is, installed_size == 0). For fetch, the problem
is that apk_db_select_repo() would return the cache repository,
but the package would not be there. Update also the locations
needed to handle these packages correctly without the cached
repository bit being set.
|
|
|
|
|
|
When extraction failed, the user has had no opportunity to edit
any files. Just clean up.
|
|
Report also version numbers as invalid if there's more than 18
digits.
fixes #10774
|
|
- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
(e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator
|
|
fixes #10762
|
|
fixes #10759
|
|
|
|
Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.
Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
|
|
|
|
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.
CVE-2021-36159
fixes #10749
Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
|
|
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes #10751
[TT: minor edit to commit and abbreviating the commit message]
|
|
|
|
[TT: minor stylistic changes]
|
|
fixes #10748
|
|
removes some code duplication
|
|
|
|
|
|
Fixes #10746.
|
|
Use of an AUTHORS section is strongly discouraged. Generally, it
is better not to clutter every page with a list of (over time
potentially numerous) authors.
Add your name to comments in sources, or the root level AUTHORS
file instead.
|
|
The progress bar requires the terminal emulator to support ANSI escape
sequences. Normally, TERM is set to dumb to indicate that the terminal
emulator doesn't support any ANSI escape sequences. Attempting to use
ANSI escape sequences on dumb terminals will lead to weird output. In
order to make apk work by default, even on dumb terminals, this commit
introduces an additional check which consults $TERM and disables the
progress bar if it is set to "dumb".
[TT: backported to 2.12]
|
|
The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.
Fixes #10742
|
|
|
|
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.
Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
|
|
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.
|
|
|
|
If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps
with using apk with bwrap and OSTree.
Closes #10736.
[TT: backported to 2.12-stable]
|
|
The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.
fixes #10718
|
