| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
- basic digesting and signing apis (subject still to fine tuning)
- update digest code, and adb signing for the thin wrapping layer
- old v1 package and database handling not updated
- default mkpkg file hash to sha256
ref #10744
|
|
|
|
|
|
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.
Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
|
|
In case of failure when loading an APKINDEX, no errors are
propagated to the user which may uncorrectly interpret the
current problem.
|
|
makes apk_verbosity non-global
fixes #10682
|
|
ref #10682
|
|
|
|
This is a flat buffers inspired format that allows fast
mmaped access to the data with low overhead, signature support
and relatively good forward support.
|
|
This greatly helps with memory management on applications that
may want to daemonize and open/close database several times.
Also the lifetime and "owner" of memory for all data is now
explicitly bound to owning struct apk_database, which might
be helpful when writing language bindings. As side effect, the
interned "atoms" are unique only within what apk_database, so
comparing packages from different apk_database may not work
as expected.
Fixes #10697
|
|
|
|
|
|
|
|
|
|
|
|
Convert all implementations to do buffering. This is in preparation
to remove bstream interface as redundant.
istream_read() will return full reads unless end-of-file. The backends
can return short reads to optimize buffering or due to other reasons
like boundary change for gz.
|
|
|
|
|
|
|
|
|
|
This modifies apk cache for indexes to be automatically refreshed
periodically without explicit 'update' or '--update-cache' usage.
The default is to do if-modified-since request if the local copy
is older than 4 hours. This age can be changed with --cache-max-age.
Using --update-cache will change this age to 60 seconds to make
sure the cached copy is relatively new. The small age is in order
to try to avoid downloading indexes second time when apk-tools is
upgraded and apk re-execs after self-upgrade.
Accordingly using explicitly 'apk update' will now enforce
--force-refresh and request the very latest index by requesting
any potential http proxy to do refresh too.
|
|
|
|
This reduces function pointers in heap, and unifies how the
io functions are called.
|
|
preserve [am]time for all packages and indexes. this fixes the caching
error that 'apk update' is after new index is generated, but before
the used mirror is synchronized. this caused local apkindex timestamp
to be newer than file in mirror, when in fact it was outdated index.
this also fixes fetched files to have build timestamp so that files
going to .iso or custom images have proper timestamps (rsync with
appropriate --modify-window now works)
|
|
ref #3027
|
|
ref #3027
|
|
|
|
ref #3027
|
|
the location changed in apk-tools 2.1.0 (March 2011) which was
used in Alpine Linux 2.2.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This we use proper arch in case modifying chroot installation.
|
|
Load additional repositories from $ROOT/etc/apk/repositories.d/*.list
unless --repositories-file is given as parameter.
|
|
It is faster to just scan the cache directory for existing packages
at startup than trying to faccessat() them on demand. It also makes
quite a few parts of the code more readable and simpler.
|
|
|
|
move all files therein to other places. this allows /var to be
mounted from harddisk, but rest of system be run from ramdisk.
this also removes support for historical version of the scripts
database which was obsoleted in 2.0_pre16 (in July 2009).
|
|
* prunes the child pid to avoid zombies
* handles the errors so e.g. file-not-found is reported properly
|
|
Otherwise we end up using wrong uid/gid mappings when doing install
to alternate system root. Fixes #434.
|
|
Take the uid/gid from passwd and group.
|
|
also have the output stream support writing to temporary file
and do renameat/unlinkat on close depending on if all writes
succeeded or not.
|
|
usually we are interested on the actual file's length. but
audit is interested about the link. so add a flag for this and
use it in audit.
|
|
this way we never change cwd, and relative filenames are always
parsed consistently. this also helps filename construction in many
places. this patch also changes '--root' to override location of
all configuration to be in the new root. previously it depended
on the file which one was used.
|
|
smaller callback and less cases to check. also reintroduce the
oneshot digest flag, hopefully correct this time.
|
|
|
