summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2023-01-17apk_defines: use unsigned operand in BITDaniel Kolesa1-1/+1
This fixes undefined behavior at least in database, where BIT is used with 31 (as APK_MAX_REPOS is 32) which is not representable with a signed integer.
2022-12-28cache, upgrade: do not continue if repositories have issuesTimo Teräs2-1/+13
There are subtle issues where solving fails with --available, and install_if rules if the repository indexes are not available. Also it can be considered upgrade failure if index update failed. Abort cache download, cache sync and upgrade operations early in the above mentioned cases. Also document side effects of --simulate that might affect upgrade. fixes #10726, #10764
2022-12-28db: handle repository index update/opening errors more consistentlyTimo Teräs3-31/+45
Track separately autoupdate failure, and opening errors. And print only one error per index at maximum. This makes update with or without --no-cache consistent. Ignore errors from local paths as builders often refer to a local path that is being built, but might be non-existent when building the first package. ref #10726
2022-12-25solver: prioritize user specified action on mentioned packagesTimo Teräs2-0/+5
Force preference on the user specified action on commandline. This allows upgrading packages which would otherwise be kept back due to partial update preferring to keep top level dependency on the installed version. fixes #7531
2022-12-23defines: fix UB in get_unaligned32Daniel Kolesa1-1/+1
2022-12-22apk: ignore SIGINT after applet is executedTimo Teräs1-0/+1
apk_db_close is not re-entrant, and would be executed by the signal handler. It makes sense to just ignore the signal after applet is complete as the clean up work has been started already. fixes #10840
2022-12-22apk: remove empty argumentsTimo Teräs1-0/+11
fixes #10848
2022-12-22solver: move install if discovery after all dependencies are doneTimo Teräs1-7/+10
2022-12-22commit: consider also provides_priority for error analysisTimo Teräs1-1/+2
2022-12-21solver: fix install_if via provides onlyTimo Teräs1-2/+7
fixes #10721
2022-12-21apk, fetch: implement --no-check-certificateTimo Teräs1-0/+4
fixes #10650
2022-12-21pkg: increase index entry buffer sizeTimo Teräs1-1/+1
2022-12-20solver: fix queue resolving orderTimo Teräs1-3/+3
It makes sense to not prioritize requirers anymore. It was originally intended to select early packages with multiple constraints seen. However, more important are the constraints that actually limit the choise. fixes #10843
2022-12-20solver, commit: handle install_if via provided names correctlyTimo Teräs2-43/+95
Correctly trigger install_ifs for provided names also. And fix the construction of error messages concerning such install_if packages. ref #10843
2022-12-20db: simplify reverse name list creationTimo Teräs1-12/+12
2022-12-20apk: improve interactive mode handlingTimo Teräs2-1/+5
- implement and document --no-interactive - improve --interactive documentation - treat EOF as Y fixes #10860
2022-12-20commit: correctly analyze virtual provides induced errorsTimo Teräs1-15/+51
The package list cannot be used to determine name state, as packages are not selected through all of their names, and that effects the status of unversioned provides. Thus the name state must be calculated in separate step via the dependency graphs. ref #10847
2022-06-03fetch: implement --worldTimo Teräs1-5/+20
fixes #10838
2022-06-03add: allow specifying a version for --virtual packageTimo Teräs1-17/+32
fixes #10835
2022-06-03db: fix atfd for access repository indexTimo Teräs1-2/+3
fixes #10834
2022-06-03pkg: recursive create exec dirTimo Teräs1-2/+16
fixes #10825
2022-02-25io_gunzip: fix handling short reads near end-of-fileTimo Teräs1-8/+13
The gzip library can drain all of the input to internal buffers and still keep providing data even if avail_in is zero. Previously it was assumed that avail_in != 0 if there is still data expected out, but this logic breaks near end-of-file for multiple short reads. Adjust logic to not process end-of-file event too early. fixes #10809
2022-02-24pkg: use lib/apk/exec as the package script execution directoryTimo Teräs1-5/+13
var/cache is also reported to be mounted noexec on hardened systems. Document some of the issues, and use lib/apk/exec for the time being. Keep the scripts still in separate directory from lib/apk so we can just delete directory if needed. fixes #6591
2022-02-24solver: do not auto select virtual-only package with one providerTimo Teräs2-2/+6
This reverts most of 0dcbd933 which allowed automatic selection of package with a "virtual provides" having only one provider. While convenient, it creates problems if multiple versions of the same package exist, or if in future other providers would be added to one of the repositories. This restore the original behaviour, and improve the error message to tell the user to mention one of the providers explicitly. fixes #10810
2022-02-24tar: allow for space as numeric field terminatorptrcnull1-1/+1
2022-01-21cache: allow various flags, and addition of dependenciesTimo Teräs1-11/+45
Allow controlling 'cache download' more closely to 'upgrade' so it can be used to pre-download packages for ugprade.
2022-01-21genhelp: fix upper case substitionTimo Teräs1-1/+1
2022-01-17package: fail on invalid control dataTimo Teräs2-12/+13
Handle meta data error to produce hard failure. fixes #10806
2021-12-20io.c: add missing limits.hPaul Spooren1-0/+1
Fixes compilation on MacOS X
2021-12-14applet: suppress is_error warning on clangAriadne Conill1-2/+3
clang does not ignore inline functions when checking for unused functions ref #10794
2021-12-14applet: rework APK_DEFINE_APPLET to use constructor attributeAriadne Conill4-40/+29
this allows the applet registration to work in a portable way, without having to weird things with the linker. ref #10794 [TT: rebased for 2.12]
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill7-7/+1
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-12-14lua: remove features.hAriadne Conill1-1/+0
features.h is a GNU-specific header, and is not required for POSIX-compatible code macOS does not provide features.h ref #10794
2021-12-14commit: print download size of packages in interactive modeTimo Teräs1-3/+12
ref #10788
2021-12-14fix fetching of depdencies only packagesTimo Teräs4-16/+12
Remove the APK_REPOSITORY_CACHED bit from dependencies only packages (that is, installed_size == 0). For fetch, the problem is that apk_db_select_repo() would return the cache repository, but the package would not be there. Update also the locations needed to handle these packages correctly without the cached repository bit being set.
2021-11-12fetch: add --url option to print the download URLsTimo Teräs1-6/+14
2021-11-12db: purge temporary files without explicit modification checkTimo Teräs1-1/+2
When extraction failed, the user has had no opportunity to edit any files. Just clean up.
2021-10-25version: increase number of digits supported in version componentTimo Teräs1-3/+6
Report also version numbers as invalid if there's more than 18 digits. fixes #10774
2021-08-23tar: improve compatibilityTimo Teräs1-20/+30
- check magic field for 'ustar' on read - harden get_octal to report errors on non-octal characters (e.g. GNU base256 encoding), fixes #10757 - fix mtime and size octal fields to not have zero terminator
2021-08-23db: honor SOURCE_DATE_EPOCH for scriptdbTimo Teräs1-2/+0
fixes #10762
2021-08-23list: recognize both --upgradable and --upgradeableTimo Teräs1-1/+3
fixes #10759
2021-07-26db: fix installed db writing with long namesSamanta Navarro1-6/+11
Packages containing files with path names longer than 1024 characters cannot fit into the buffer which is used to write "installed" database. This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because apk_blob_push_blob notices the condition and correctly handles it. The problem occurs when arguments to apk_ostream_write are manually calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a case, bbuf.ptr - buf leads to a huge size value while buf still points into the stack. fixes #10751 [TT: minor edit to commit and abbreviating the commit message]
2021-07-26Use __attribute__ ((format)) where possible and fix issues found by itTimo Teräs3-7/+10
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd3-1/+18
[TT: minor stylistic changes]
2021-07-23db: allow read-only operations without cacheTimo Teräs4-11/+29
fixes #10748
2021-07-23db: check syscall errors in update_permissions()Timo Teräs1-5/+17
2021-07-23Disable progress bar on dumb terminals by defaultSören Tempel1-1/+6
The progress bar requires the terminal emulator to support ANSI escape sequences. Normally, TERM is set to dumb to indicate that the terminal emulator doesn't support any ANSI escape sequences. Attempting to use ANSI escape sequences on dumb terminals will lead to weird output. In order to make apk work by default, even on dumb terminals, this commit introduces an additional check which consults $TERM and disables the progress bar if it is set to "dumb". [TT: backported to 2.12]
2021-05-20solver: don't consider requirer count for preferenceTimo Teräs1-18/+0
The original intent was to choose packages to which there is most dependencies. However, since the code has evolved this is has been mostly obsolete. And in fact now interferes with the provides and provides priority mechanism. Remove this as obsolete. Fixes #10742
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs3-10/+11
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.