summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2021-11-12fetch: add --url option to print the download URLsTimo Teräs1-6/+14
2021-11-12db: purge temporary files without explicit modification checkTimo Teräs1-1/+2
When extraction failed, the user has had no opportunity to edit any files. Just clean up.
2021-10-25version: increase number of digits supported in version componentTimo Teräs1-3/+6
Report also version numbers as invalid if there's more than 18 digits. fixes #10774
2021-08-23tar: improve compatibilityTimo Teräs1-20/+30
- check magic field for 'ustar' on read - harden get_octal to report errors on non-octal characters (e.g. GNU base256 encoding), fixes #10757 - fix mtime and size octal fields to not have zero terminator
2021-08-23db: honor SOURCE_DATE_EPOCH for scriptdbTimo Teräs1-2/+0
fixes #10762
2021-08-23list: recognize both --upgradable and --upgradeableTimo Teräs1-1/+3
fixes #10759
2021-07-26db: fix installed db writing with long namesSamanta Navarro1-6/+11
Packages containing files with path names longer than 1024 characters cannot fit into the buffer which is used to write "installed" database. This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because apk_blob_push_blob notices the condition and correctly handles it. The problem occurs when arguments to apk_ostream_write are manually calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a case, bbuf.ptr - buf leads to a huge size value while buf still points into the stack. fixes #10751 [TT: minor edit to commit and abbreviating the commit message]
2021-07-26Use __attribute__ ((format)) where possible and fix issues found by itTimo Teräs3-7/+10
2021-07-25io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current timekpcyrd3-1/+18
[TT: minor stylistic changes]
2021-07-23db: allow read-only operations without cacheTimo Teräs4-11/+29
fixes #10748
2021-07-23db: check syscall errors in update_permissions()Timo Teräs1-5/+17
2021-07-23Disable progress bar on dumb terminals by defaultSören Tempel1-1/+6
The progress bar requires the terminal emulator to support ANSI escape sequences. Normally, TERM is set to dumb to indicate that the terminal emulator doesn't support any ANSI escape sequences. Attempting to use ANSI escape sequences on dumb terminals will lead to weird output. In order to make apk work by default, even on dumb terminals, this commit introduces an additional check which consults $TERM and disables the progress bar if it is set to "dumb". [TT: backported to 2.12]
2021-05-20solver: don't consider requirer count for preferenceTimo Teräs1-18/+0
The original intent was to choose packages to which there is most dependencies. However, since the code has evolved this is has been mostly obsolete. And in fact now interferes with the provides and provides priority mechanism. Remove this as obsolete. Fixes #10742
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs3-10/+11
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.
2021-03-19database: do not chroot(".") unless actually necessaryAriadne Conill2-2/+14
If we use default root (/), then we do not have to chroot to run scripts. Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps with using apk with bwrap and OSTree. Closes #10736. [TT: backported to 2.12-stable]
2021-03-19del: report correctly package's provides namesTimo Teräs1-9/+21
The code assumed that when package is in world, it would be there by it's primary name. The code is now updated to properly print the package names that are actually present in world. fixes #10718
2021-02-07db: fix control character check to use uint8_tTimo Teräs1-2/+2
fixes #10737
2021-02-07db: consider control characters in filename as maliciousTimo Teräs3-11/+25
Especially a newline can produce havoc in the database file as the filename is written there as-is. This hardenes the extraction to consider any control character as malicious. Additional hardening is added to database loading to better detect corrupt state and return proper error code about it. Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-02-07io: Handle really long linesOlliver Schinagl1-1/+1
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021 +0100) did attempt to address this issue, the buffer really is still to small when dealing with big-big dependency lists. Lets make it sufficiently large for now, until the new APKINDEX format can support multi-line dependencies, making this not needed any more. [TT: Originally the buffer size was conservative to run on resource constrained embedded platforms. But since the available memory on those has also increased much, the adjustment to 128kB makes sense also to increase performance a little bit. Removing also the iolimit test.] Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-02-07gunzip: fix false end-of-file condition in rare circumstancesTimo Teräs1-1/+1
It turns out inflate() can output zero bytes, even if it consumed data. This had the unfortunate side effect of returning zero bytes (end-of-file) condition before calling the boundary callbacks. This fixes the logic to not return zero reads on gzip boundary. In practice this fixes the seldom seen issues of apk reporting bad signature (when it was correct).
2021-01-14database.c: Fixed package DESCRIPTION parsingthibault.ferrante1-0/+1
Regression introduced by 0fb0d30 which makes parsing a description a critical failure. [TT: Minor stylistic change. Fix also missing final line change from the earlier commit]
2021-01-11io: Handle long linesthibault.ferrante1-1/+1
As an APKINDEX can become arbitrarely long due to dependencies and other parameters, increasing the buffer size make this less likely to happens. Closes #10731.
2021-01-11database: Propagate errors when loading an APKINDEXthibault.ferrante8-19/+36
In case of failure when loading an APKINDEX, no errors are propagated to the user which may uncorrectly interpret the current problem.
2020-12-29apk_update: use URL_PRINTFAlex Denes1-2/+4
2020-10-07various changes to make clang not give warningsTimo Teräs5-14/+19
2020-10-06db: make the --repositories-file change more announcedTimo Teräs1-3/+7
Document the version when changed. And print error with similar note if the given repositories-file cannot be read.
2020-10-06database: automatically create missing cache dirPaul Spooren1-0/+6
On some systems the `/var/` dir is mounted in a tmpfs which is reseted after each reboot. For that reason no post-install script can handle the creation of the cache dir at `/var/cache/apk`. Check on database opnening if the folder is available, if not create it. Fixes #10715 Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-10-05db: make --repositories-file relative to host rootTimo Teräs1-1/+1
It used to be relative to the --root specified root, but that causes issues with relative command line filenames and is unintuitive. Update documentation accordingly. Fixes #10702.
2020-10-05db: mask password component of printed URLsTimo Teräs3-12/+55
fixes #10710
2020-10-03commit: rephrase the error messages more understandableTimo Teräs1-2/+2
fixes #10703
2020-10-01db: check cache only if some repositories are enabledTimo Teräs1-1/+1
2020-09-28Implement upgrade --prune to remove stale world dependenciesTimo Teräs1-6/+26
2020-08-29database: clarify the deprecation notice for checksum-less packagesAriadne Conill1-3/+7
Closes #10708.
2020-08-26fix --repository short option to be -X as beforeTimo Teräs1-1/+1
unintentional regression from commit edb45ae464 fixes #10707
2020-08-25build: make soname explicit and simplify and fix soname linkTimo Teräs1-18/+10
2020-08-24fix, simplify and document upgrade --ignoreTimo Teräs4-30/+17
2020-08-24solver: add more dbg_printfsOliver Smith1-19/+62
2020-08-24enforce options definitions to bind the enum and the descriptorTimo Teräs15-288/+175
This uses some macro trickery to make sure that there's one-to-one mapping with the option index enum and the descriptor. The down side is that enum's are generated via #define's and editors might not pick them up for auto completion, but the benefits are more: it's no longer possible have mismatching enum value and descriptor index, and the amount of source code lines is less.
2020-07-30upgrade: allow for specified package upgradesAriadne Conill1-0/+22
Fixes #10667 and #10700
2020-05-27database: create additional device nodes when initializing root fsAriadne Conill1-0/+4
Some triggers and maintainer scripts depend on /dev/random, /dev/urandom, /dev/zero and /dev/console.
2020-05-19fix logic to not compile lua module when it was not askedFredrik Gustafsson1-1/+1
fixes 12fdf6fc "allow building without help..."
2020-05-19make the atom functions not use global stateTimo Teräs24-179/+185
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-19allow building without help when lua interpreter is not availableTimo Teräs2-6/+21
fixes #10696
2020-05-17define APK_DEFAULT_ARCH for riscv32 and riscv64 targetsAriadne Conill1-0/+4
2020-05-07fix apk_blob_pull_csum to always initialize apk_checksumTimo Teräs1-9/+6
Fixes #10686 to not use uninitialized value in the error paths.
2020-05-07use SPDX-License-Identifier in source filesTBK49-141/+65
2020-05-06index: add argument --no-warningsFredrik Gustafsson1-1/+11
When creating an index apk warns if a dependency is missing a provider. However when using a multi-arch repository, it's not an error that a certain architecture is missing a dependency because that dependency could be in an other architecture. Since apk index doesn't know about this, add an argument to disable that warning. Maintainer note: rebased for new option handling, and minor stylistic adjustments. Signed-off-by: Fredrik Gustafsson <fredrigu@axis.com>
2020-05-06rewrite option descriptors to be single stringTimo Teräs16-435/+563
This reduces the number of relocations on PIE binaries, and also reduces the executable size. Parsing of the options is slightly sped up as only the exact matching option group parser is called.
2020-05-06add script to autogenerate help from man pagesTimo Teräs22-106/+379
This creates main help like: -- usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...] Package installation and removal: add Add packages to WORLD and commit changes del Remove packages from WORLD and commit changes System maintenance: fix Check WORLD against the system and ensure consistency update Update repository indexes upgrade Install upgrades available from repositories cache Commands related to the management of an offline package cache Querying package information: info Give detailed information about packages or repositories list List packages matching a pattern or other criteria dot Generate graphviz graphs policy Show repository policy for packages Repository maintenance: index Create repository index file from packages fetch Download packages from global repositories to a local directory manifest Show checksums of package contents verify Verify package integrity and signature Miscellaneous: audit Audit directories for changes stats Show statistics about repositories and installations version Compare package versions or perform tests on version strings This apk has coffee making abilities. -- And applet specific help like: -- usage: apk add [<OPTIONS>...] PACKAGES... Description: apk add adds the requested packages to WORLD and installs (or upgrades) them if not already present, ensuring all dependencies are met. Options: --initdb Initialize a new package database -l, --latest Disables normal heuristics for choosing which repository to install a -u, --upgrade When adding packages which are already installed, upgrade them rather -t, --virtual NAME Instead of adding the specified packages to WORLD, create a new --no-chown Do not change file owner or group --