summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-12-14applet: rework APK_DEFINE_APPLET to use constructor attributeAriadne Conill4-40/+29
this allows the applet registration to work in a portable way, without having to weird things with the linker. ref #10794 [TT: rebased for 2.12]
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill7-7/+1
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-12-14lua: remove features.hAriadne Conill1-1/+0
features.h is a GNU-specific header, and is not required for POSIX-compatible code macOS does not provide features.h ref #10794
2021-12-14commit: print download size of packages in interactive modeTimo Teräs1-3/+12
ref #10788
2021-12-14fix fetching of depdencies only packagesTimo Teräs4-16/+12
Remove the APK_REPOSITORY_CACHED bit from dependencies only packages (that is, installed_size == 0). For fetch, the problem is that apk_db_select_repo() would return the cache repository, but the package would not be there. Update also the locations needed to handle these packages correctly without the cached repository bit being set.
2021-11-12fetch: add --url option to print the download URLsTimo Teräs1-6/+14
2021-11-12db: purge temporary files without explicit modification checkTimo Teräs1-1/+2
When extraction failed, the user has had no opportunity to edit any files. Just clean up.
2021-10-25version: increase number of digits supported in version componentTimo Teräs1-3/+6
Report also version numbers as invalid if there's more than 18 digits. fixes #10774
2021-08-23tar: improve compatibilityTimo Teräs1-20/+30
- check magic field for 'ustar' on read - harden get_octal to report errors on non-octal characters (e.g. GNU base256 encoding), fixes #10757 - fix mtime and size octal fields to not have zero terminator
2021-08-23db: honor SOURCE_DATE_EPOCH for scriptdbTimo Teräs1-2/+0
fixes #10762
2021-08-23list: recognize both --upgradable and --upgradeableTimo Teräs1-1/+3
fixes #10759
2021-07-26db: fix installed db writing with long namesSamanta Navarro1-6/+11
Packages containing files with path names longer than 1024 characters cannot fit into the buffer which is used to write "installed" database. This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because apk_blob_push_blob notices the condition and correctly handles it. The problem occurs when arguments to apk_ostream_write are manually calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a case, bbuf.ptr - buf leads to a huge size value while buf still points into the stack. fixes #10751 [TT: minor edit to commit and abbreviating the commit message]
2021-07-26Use __attribute__ ((format)) where possible and fix issues found by itTimo Teräs3-7/+10
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd3-1/+18
[TT: minor stylistic changes]
2021-07-23db: allow read-only operations without cacheTimo Teräs4-11/+29
fixes #10748
2021-07-23db: check syscall errors in update_permissions()Timo Teräs1-5/+17
2021-07-23Disable progress bar on dumb terminals by defaultSören Tempel1-1/+6
The progress bar requires the terminal emulator to support ANSI escape sequences. Normally, TERM is set to dumb to indicate that the terminal emulator doesn't support any ANSI escape sequences. Attempting to use ANSI escape sequences on dumb terminals will lead to weird output. In order to make apk work by default, even on dumb terminals, this commit introduces an additional check which consults $TERM and disables the progress bar if it is set to "dumb". [TT: backported to 2.12]
2021-05-20solver: don't consider requirer count for preferenceTimo Teräs1-18/+0
The original intent was to choose packages to which there is most dependencies. However, since the code has evolved this is has been mostly obsolete. And in fact now interferes with the provides and provides priority mechanism. Remove this as obsolete. Fixes #10742
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs3-10/+11
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.
2021-03-19database: do not chroot(".") unless actually necessaryAriadne Conill2-2/+14
If we use default root (/), then we do not have to chroot to run scripts. Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps with using apk with bwrap and OSTree. Closes #10736. [TT: backported to 2.12-stable]
2021-03-19del: report correctly package's provides namesTimo Teräs1-9/+21
The code assumed that when package is in world, it would be there by it's primary name. The code is now updated to properly print the package names that are actually present in world. fixes #10718
2021-02-07db: fix control character check to use uint8_tTimo Teräs1-2/+2
fixes #10737
2021-02-07db: consider control characters in filename as maliciousTimo Teräs3-11/+25
Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-02-07io: Handle really long linesOlliver Schinagl1-1/+1
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021 +0100) did attempt to address this issue, the buffer really is still to small when dealing with big-big dependency lists. Lets make it sufficiently large for now, until the new APKINDEX format can support multi-line dependencies, making this not needed any more. [TT: Originally the buffer size was conservative to run on resource constrained embedded platforms. But since the available memory on those has also increased much, the adjustment to 128kB makes sense also to increase performance a little bit. Removing also the iolimit test.] Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-02-07gunzip: fix false end-of-file condition in rare circumstancesTimo Teräs1-1/+1
It turns out inflate() can output zero bytes, even if it consumed data. This had the unfortunate side effect of returning zero bytes (end-of-file) condition before calling the boundary callbacks. This fixes the logic to not return zero reads on gzip boundary. In practice this fixes the seldom seen issues of apk reporting bad signature (when it was correct).
2021-01-14database.c: Fixed package DESCRIPTION parsingthibault.ferrante1-0/+1
Regression introduced by 0fb0d30 which makes parsing a description a critical failure. [TT: Minor stylistic change. Fix also missing final line change from the earlier commit]
2021-01-11io: Handle long linesthibault.ferrante1-1/+1
As an APKINDEX can become arbitrarely long due to dependencies and other parameters, increasing the buffer size make this less likely to happens. Closes #10731.
2021-01-11database: Propagate errors when loading an APKINDEXthibault.ferrante8-19/+36
In case of failure when loading an APKINDEX, no errors are propagated to the user which may uncorrectly interpret the current problem.
2020-12-29apk_update: use URL_PRINTFAlex Denes1-2/+4
2020-10-07various changes to make clang not give warningsTimo Teräs5-14/+19
2020-10-06db: make the --repositories-file change more announcedTimo Teräs1-3/+7
Document the version when changed. And print error with similar note if the given repositories-file cannot be read.
2020-10-06database: automatically create missing cache dirPaul Spooren1-0/+6
On some systems the `/var/` dir is mounted in a tmpfs which is reseted after each reboot. For that reason no post-install script can handle the creation of the cache dir at `/var/cache/apk`. Check on database opnening if the folder is available, if not create it. Fixes #10715 Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-10-05db: make --repositories-file relative to host rootTimo Teräs1-1/+1
It used to be relative to the --root specified root, but that causes issues with relative command line filenames and is unintuitive. Update documentation accordingly. Fixes #10702.
2020-10-05db: mask password component of printed URLsTimo Teräs3-12/+55
fixes #10710
2020-10-03commit: rephrase the error messages more understandableTimo Teräs1-2/+2
fixes #10703
2020-10-01db: check cache only if some repositories are enabledTimo Teräs1-1/+1
2020-09-28Implement upgrade --prune to remove stale world dependenciesTimo Teräs1-6/+26
2020-08-29database: clarify the deprecation notice for checksum-less packagesAriadne Conill1-3/+7
Closes #10708.
2020-08-26fix --repository short option to be -X as beforeTimo Teräs1-1/+1
unintentional regression from commit edb45ae464 fixes #10707
2020-08-25build: make soname explicit and simplify and fix soname linkTimo Teräs1-18/+10
2020-08-24fix, simplify and document upgrade --ignoreTimo Teräs4-30/+17
2020-08-24solver: add more dbg_printfsOliver Smith1-19/+62
2020-08-24enforce options definitions to bind the enum and the descriptorTimo Teräs15-288/+175
This uses some macro trickery to make sure that there's one-to-one mapping with the option index enum and the descriptor. The down side is that enum's are generated via #define's and editors might not pick them up for auto completion, but the benefits are more: it's no longer possible have mismatching enum value and descriptor index, and the amount of source code lines is less.
2020-07-30upgrade: allow for specified package upgradesAriadne Conill1-0/+22
Fixes #10667 and #10700
2020-05-27database: create additional device nodes when initializing root fsAriadne Conill1-0/+4
Some triggers and maintainer scripts depend on /dev/random, /dev/urandom, /dev/zero and /dev/console.
2020-05-19fix logic to not compile lua module when it was not askedFredrik Gustafsson1-1/+1
fixes 12fdf6fc "allow building without help..."
2020-05-19make the atom functions not use global stateTimo Teräs24-179/+185
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-19allow building without help when lua interpreter is not availableTimo Teräs2-6/+21
fixes #10696
2020-05-17define APK_DEFAULT_ARCH for riscv32 and riscv64 targetsAriadne Conill1-0/+4