| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)
|
|
Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.
Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9)
|
|
(cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)
|
|
This flag enables a group of options used during initramfs tmpfs
initial install.
(cherry picked from commit e0eff8742f342c2c23e1d7ee081f3afd08cb5169)
(cherry picked from commit 46d2a419213e5e355e49066ab014ba3274d2fb87)
|
|
This flag skips running hook scripts
This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.
(cherry picked from commit 23cb10477537a2bbf40ac06a61046f75f2b160c5)
(cherry picked from commit f62d6ce1287a02e65b19abc47f0dc23041d38941)
|
|
This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.
(cherry picked from commit b0fcc56f221e749271bb2aa13e151699e62b09ac)
(cherry picked from commit 6ee77576e7c16c23784c69f82d90be98deb07515)
|
|
(cherry picked from commit 667cb6bca799e58f58f22ad868761c022c6600dc)
(cherry picked from commit 4d22966dacff6bad9f27a950fb6b5a2d2b1c4b21)
|
|
In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.
(cherry picked from commit 8e7fd3e06f300bd76b659db1164da1ee12f16870)
(cherry picked from commit 685795f24c7d37298c363bb70dc98e3a95ef4c81)
|
|
(cherry picked from commit 97d8aab0c2e53ee82589a591637028294a6ab449)
(cherry picked from commit 594bc1fb46c4fbe9b46ec9aa40221ace46f7f4e4)
|
|
this fixes package selection when a 'real' package exists, but would
need to be provided by another package with 'virtual provides'.
In current package database this can happen with postgresql which is
also provided by postgresql-bdr. Normally postgresql would be satisfied
by postgresql, but if any package depends on postgresql-bdr and there's
no versioned dependency on postgresql this will help apk figure out
that postgresql-bdr should be used.
(cherry picked from commit e03716ff3baa73061b45235754bd9eaa53346337)
|
|
(cherry picked from commit 2f3c8420493a731556909eb3ebd6d50478fb7b24)
|
|
dbopts->root may be null; use db->root instead
fixes #7162
|
|
this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")
|
|
|
|
based on github pull request #5
|
|
found by clang
|
|
|
|
|
|
|
|
APKs have been created with GNU tar so far, which uses the
GNU extensions for long names. In order to increase portability
support the standard header's 'prefix' portion in case
the GNU extensions are not present.
|
|
Depending how the directory entries are ordered, the cached dir
instance might not have been updated correctly. This has not been
a problem as the entries have been ordered, but is now triggered
on ppc.
|
|
(cherry picked from commit 17dd532e428e647e9d977e727c87c0f3a4e93ae3)
|
|
(cherry picked from commit 9325eb721d123bbcb51f0cd838fbe7dc54bc77bb)
|
|
Introduced in commit c0f2d88f342f4d185f3991f98b79ab61a03896e4.
fstatfs is needed to inspect the mount flags.
(cherry picked from commit ede5165833b94051ecbc35e9ac4a359f54cc0116)
|
|
This reduces function pointers in heap, and unifies how the
io functions are called.
(cherry picked from commit 09ca58863af02d11e8dbf066b714464fb1638e6f)
|
|
Detect properly if the file stream gets an error during these
read operations.
Reported-by: Ariel Zelivansky from Twistlock
(cherry picked from commit cd531aef3033475c26f29a1f650a3bf392cc2daa)
|
|
The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.
Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock
(cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)
|
|
cleans up procfs mount
|
|
|
|
being replaced by a provider
|
|
Fixes regression from commit 5ba27c90 which caused stdio
buffering issues now that output is split to stderr/stdout.
See also commit 51737872 for some of the history.
Fixes #7107
|
|
|
|
rooted by a virtual
|
|
|
|
|
|
|
|
On some (probably buggy) terminals, printing up to the rightmost column
may end up with the terminal issueing a newline (probably due to putting
the cursor at the next char -> new line).
Some other progress bars avoid it by not reaching the rightmost column.
Shorten the bar width from term-width - 7 to -8 (the 7 are "xxx% []").
|
|
|
|
This fixes regression introduced by commit 72b878e655
|
|
this fixes build on ppc64le
|
|
|
|
The virtual package provider still needs to be explicitly
given on command line.
|
|
|
|
fixes #5616
The original intention was not use unnecessary space on tmpfs
e.g. if the cache directory is a mount point, but accidentally
left unmounted. But there are valid cases when packages are
intentionally wanted to be cached on tmpfs. If caching is not
desired, the user can just remove the cache directory.
|
|
|
|
musl c-library does not work properly without /proc, and potentially
running the scripts need this.
|
|
|
|
This allows for instance integration of etckeeper
[TT: Reorganized code a bit, and modified to use single
directory commit_hooks.d with argument for script of stage.]
|
|
Currently apk only knows about powerpc and ppc64. I am adding support for ppc64le.
ppc64le is the based on the ABI v2, which defines the endianess as little,
while ppc64 is based on the first 64-bits ABI.
|
|
|
