| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This will also fix "search" to display one match from each principal
pkgname group. "search -e vim" will now show both vim and gvim.
fixes #10864
fixes #10777
|
|
|
|
fixes commit 395e92b6 "io: formalize apk_ostream_write() always writing full data"
|
|
|
|
|
|
fixes #10825
|
|
Related: https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10825
|
|
Ensure not to mask away previously set APK_VERSION_CONFLICT when
serializing.
When deserializing, make sure to actually write out the conflict
flag when no version part is set.
When creating apk_dependency, ensure to set the conflict bit
correctly and mask it off result_mask.
Fixes https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10824
|
|
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.
fixes #6591
|
|
|
|
|
|
Handle meta data error to produce hard failure.
fixes #10806
|
|
|
|
musl implements support for malloc.h, but it is only a stub. we do not use
any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead.
ref #10794
|
|
fixes #10796
|
|
fixes #10778
|
|
The adb object for apk_pkg_from_adb() was changed in commit 7d6de220
"database: support loading v3 indexes" which also addressed the broken
site in question but omitted updating the argument.
fixes #10783
|
|
|
|
by adding an abstraction layer to the file system
|
|
|
|
This splits the callbacks by type, and further prepares the API
to be usable for v3 files too.
|
|
This moves and isolates the tar code to tar.c. And the actual
file extraction to disk is moved to extract.c.
A new API is introduced and used for v2 file extraction. This
essentially moves and isolates the apk_sign_ctx_* beast into
extract_v2.c and offers a saner interface to handling packages.
A place holder is added for v3 extraction.
|
|
|
|
|
|
|
|
The interface was slightly cumbersome, so replace these functions
to return explicit error, and make the return blob a pointer arg.
|
|
|
|
- basic digesting and signing apis (subject still to fine tuning)
- update digest code, and adb signing for the thin wrapping layer
- old v1 package and database handling not updated
- default mkpkg file hash to sha256
ref #10744
|
|
|
|
The new v3 applets don't use it, and eventually all applets will
use the new formats only.
This prepares the code for this, and moves trust, id_cache, and
root_fd to apk_ctx which is enough for v3 applets at this time.
The generic code is made to not initialize apk_database if it's
not needed.
|
|
makes apk_verbosity non-global
fixes #10682
|
|
ref #10682
|
|
This is a flat buffers inspired format that allows fast
mmaped access to the data with low overhead, signature support
and relatively good forward support.
|
|
|
|
This greatly helps with memory management on applications that
may want to daemonize and open/close database several times.
Also the lifetime and "owner" of memory for all data is now
explicitly bound to owning struct apk_database, which might
be helpful when writing language bindings. As side effect, the
interned "atoms" are unique only within what apk_database, so
comparing packages from different apk_database may not work
as expected.
Fixes #10697
|
|
|
|
This mostly boils down to making sure control_started and
data_started are consistently used to gate actions, instead of
relying whether on file names start with a '.'.
None of the weaknesses this fixes are exploitable, but they
might have become so after changes to seemingly-unrelated code,
so it's good to clean them up.
|
|
|
|
simplifies other code quite a bit
|
|
|
|
|
|
|
|
|
|
|
|
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
|
|
It's common for a pre-install script to do something like
addgroup -S group 2>/dev/null
When apk installs files after this, it sets the owner/group based on id cache
but currently the id cache is stale and doesn't contain the new group at that
point: instead the file will be installed with gid that the build host
happened to have for that group -- on target this might mean a non-existing
group or a completely different group.
We can't know if the script really did modify id cache contents so make sure
to reset the id cache on every script execution.
|
|
By introducing a new package metadata field, `provider_priority`
(index letter `k`), we can specify default packages to satisfy a
virtual.
If a user wishes to select an alternative provider for the virtual,
a changeset swapping the default provider for the selected provider
will be generated by the dependency resolver.
|
|
this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")
|
|
This reduces function pointers in heap, and unifies how the
io functions are called.
|
