summaryrefslogtreecommitdiff
path: root/src/io_archive.c
AgeCommit message (Collapse)AuthorFilesLines
2021-07-27Refactor .apk extraction codeTimo Teräs1-453/+0
This moves and isolates the tar code to tar.c. And the actual file extraction to disk is moved to extract.c. A new API is introduced and used for v2 file extraction. This essentially moves and isolates the apk_sign_ctx_* beast into extract_v2.c and offers a saner interface to handling packages. A place holder is added for v3 extraction.
2021-07-26extract: fix handling of error of regular file extractionTimo Teräs1-2/+14
fix the error checking, allow --force-overwrite to work and do not delete existing file in case of error
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd1-1/+1
[TT: minor stylistic changes]
2021-07-22io: make apk_istream_get/read() fail on incomplete readTimo Teräs1-5/+5
2021-07-22io: formalize apk_ostream_write() always writing full dataTimo Teräs1-4/+4
2021-07-22rework apk_istream_splice and apk_istream_teeTimo Teräs1-11/+5
- apk_istream_splice usage is converted to apk_stream_copy which is the newer variant. With caching enabled by default, this makes more sense mmapping or using separate buffers. - apk_istream_tee is reworked to write to apk_ostream, which simplifies quite a bit of various things
2021-06-19reduce misuse of error codes from errno.hTimo Teräs1-1/+1
2021-06-11extract: new applet to extract v2 packagesTimo Teräs1-7/+8
2021-06-11add basic abstraction for cryptographic operationsTimo Teräs1-8/+8
- basic digesting and signing apis (subject still to fine tuning) - update digest code, and adb signing for the thin wrapping layer - old v1 package and database handling not updated - default mkpkg file hash to sha256 ref #10744
2021-06-11mkpkg: new applet to create v2 packages with basic functionalityTimo Teräs1-2/+2
2021-04-12io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs1-2/+3
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2020-10-09rename apk_db_options to apk_ctx, rework loggingTimo Teräs1-10/+10
makes apk_verbosity non-global fixes #10682
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-04-28apk: do not manage file ownership as non-root or when asked soFredrik Gustafsson1-13/+16
If apk is run as a non-root user, it's not possible to chown files. Maintainers note: minor wording changes on commit log and man page. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
2020-02-14rename all iostream source to io_*.cTimo Teräs1-0/+444
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-08-11 07:46:55 +0000