| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
It makes sense to not prioritize requirers anymore. It was
originally intended to select early packages with multiple
constraints seen. However, more important are the constraints
that actually limit the choise.
fixes #10843
|
|
Correctly trigger install_ifs for provided names also. And fix the
construction of error messages concerning such install_if packages.
ref #10843
|
|
|
|
- implement and document --no-interactive
- improve --interactive documentation
- treat EOF as Y
fixes #10860
|
|
The package list cannot be used to determine name state,
as packages are not selected through all of their names,
and that effects the status of unversioned provides.
Thus the name state must be calculated in separate step
via the dependency graphs.
ref #10847
|
|
|
|
fixes #10838
|
|
fixes #10835
|
|
fixes #10834
|
|
fixes #10825
|
|
The gzip library can drain all of the input to internal buffers
and still keep providing data even if avail_in is zero. Previously
it was assumed that avail_in != 0 if there is still data expected out,
but this logic breaks near end-of-file for multiple short reads.
Adjust logic to not process end-of-file event too early.
fixes #10809
|
|
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.
fixes #6591
|
|
This reverts most of 0dcbd933 which allowed automatic selection
of package with a "virtual provides" having only one provider.
While convenient, it creates problems if multiple versions of the
same package exist, or if in future other providers would be added
to one of the repositories. This restore the original behaviour,
and improve the error message to tell the user to mention one of
the providers explicitly.
fixes #10810
|
|
|
|
Allow controlling 'cache download' more closely to 'upgrade' so
it can be used to pre-download packages for ugprade.
|
|
|
|
Handle meta data error to produce hard failure.
fixes #10806
|
|
Fixes compilation on MacOS X
|
|
To reduce the file size, strip the static binary.
|
|
For 32-bits arches, we use 64-bit arches in 32-bit mode. Docker by
default wants to pull the image for the native arch, so unless we take
care, the binaries will be built for the wrong arch.
Use the arch tagged images we build to make sure we get the correct image.
|
|
|
|
Currently, special characters in the username or password are not
handled correctly (when set in $http_proxy and $https_proxy). They
should be percent encoded in the environment variables then decoded
by libfetch and reencoded using base64. This implementation is mainly
taken from the current FreeBSD source and adapted to the apk-tools
version of libfetch.
fixes #10775
|
|
clang does not ignore inline functions when checking for unused functions
ref #10794
|
|
this allows the applet registration to work in a portable way, without having to
weird things with the linker.
ref #10794
[TT: rebased for 2.12]
|
|
|
|
|
|
on mac, openssl is usually provided by Homebrew or some other third-party
package management system, which means pkg-config is needed to find it.
we already use pkg-config to find openssl when building apk itself.
ref #10794
|
|
musl implements support for malloc.h, but it is only a stub. we do not use
any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead.
ref #10794
|
|
features.h is a GNU-specific header, and is not required for POSIX-compatible code
macOS does not provide features.h
ref #10794
|
|
ref #10788
|
|
Remove the APK_REPOSITORY_CACHED bit from dependencies only
packages (that is, installed_size == 0). For fetch, the problem
is that apk_db_select_repo() would return the cache repository,
but the package would not be there. Update also the locations
needed to handle these packages correctly without the cached
repository bit being set.
|
|
|
|
|
|
When extraction failed, the user has had no opportunity to edit
any files. Just clean up.
|
|
Report also version numbers as invalid if there's more than 18
digits.
fixes #10774
|
|
- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
(e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator
|
|
fixes #10762
|
|
fixes #10759
|
|
|
|
Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.
Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
|
|
|
|
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.
CVE-2021-36159
fixes #10749
Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
|
|
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes #10751
[TT: minor edit to commit and abbreviating the commit message]
|
|
|
|
[TT: minor stylistic changes]
|
|
fixes #10748
|
|
removes some code duplication
|
|
|
