| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Track separately autoupdate failure, and opening errors. And print
only one error per index at maximum.
This makes update with or without --no-cache consistent.
Ignore errors from local paths as builders often refer to a local
path that is being built, but might be non-existent when building
the first package.
ref #10726
|
|
Force preference on the user specified action on commandline.
This allows upgrading packages which would otherwise be kept back
due to partial update preferring to keep top level dependency on
the installed version.
fixes #7531
|
|
|
|
apk_db_close is not re-entrant, and would be executed by the signal
handler. It makes sense to just ignore the signal after applet
is complete as the clean up work has been started already.
fixes #10840
|
|
fixes #10848
|
|
|
|
|
|
fixes #10721
|
|
fixes #10650
|
|
|
|
It makes sense to not prioritize requirers anymore. It was
originally intended to select early packages with multiple
constraints seen. However, more important are the constraints
that actually limit the choise.
fixes #10843
|
|
Correctly trigger install_ifs for provided names also. And fix the
construction of error messages concerning such install_if packages.
ref #10843
|
|
|
|
- implement and document --no-interactive
- improve --interactive documentation
- treat EOF as Y
fixes #10860
|
|
The package list cannot be used to determine name state,
as packages are not selected through all of their names,
and that effects the status of unversioned provides.
Thus the name state must be calculated in separate step
via the dependency graphs.
ref #10847
|
|
fixes #10838
|
|
fixes #10835
|
|
fixes #10834
|
|
fixes #10825
|
|
The gzip library can drain all of the input to internal buffers
and still keep providing data even if avail_in is zero. Previously
it was assumed that avail_in != 0 if there is still data expected out,
but this logic breaks near end-of-file for multiple short reads.
Adjust logic to not process end-of-file event too early.
fixes #10809
|
|
var/cache is also reported to be mounted noexec on hardened
systems. Document some of the issues, and use lib/apk/exec
for the time being. Keep the scripts still in separate directory
from lib/apk so we can just delete directory if needed.
fixes #6591
|
|
This reverts most of 0dcbd933 which allowed automatic selection
of package with a "virtual provides" having only one provider.
While convenient, it creates problems if multiple versions of the
same package exist, or if in future other providers would be added
to one of the repositories. This restore the original behaviour,
and improve the error message to tell the user to mention one of
the providers explicitly.
fixes #10810
|
|
|
|
Allow controlling 'cache download' more closely to 'upgrade' so
it can be used to pre-download packages for ugprade.
|
|
|
|
Handle meta data error to produce hard failure.
fixes #10806
|
|
Fixes compilation on MacOS X
|
|
clang does not ignore inline functions when checking for unused functions
ref #10794
|
|
this allows the applet registration to work in a portable way, without having to
weird things with the linker.
ref #10794
[TT: rebased for 2.12]
|
|
musl implements support for malloc.h, but it is only a stub. we do not use
any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead.
ref #10794
|
|
features.h is a GNU-specific header, and is not required for POSIX-compatible code
macOS does not provide features.h
ref #10794
|
|
ref #10788
|
|
Remove the APK_REPOSITORY_CACHED bit from dependencies only
packages (that is, installed_size == 0). For fetch, the problem
is that apk_db_select_repo() would return the cache repository,
but the package would not be there. Update also the locations
needed to handle these packages correctly without the cached
repository bit being set.
|
|
|
|
When extraction failed, the user has had no opportunity to edit
any files. Just clean up.
|
|
Report also version numbers as invalid if there's more than 18
digits.
fixes #10774
|
|
- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
(e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator
|
|
fixes #10762
|
|
fixes #10759
|
|
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.
The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.
fixes #10751
[TT: minor edit to commit and abbreviating the commit message]
|
|
|
|
[TT: minor stylistic changes]
|
|
fixes #10748
|
|
|
|
The progress bar requires the terminal emulator to support ANSI escape
sequences. Normally, TERM is set to dumb to indicate that the terminal
emulator doesn't support any ANSI escape sequences. Attempting to use
ANSI escape sequences on dumb terminals will lead to weird output. In
order to make apk work by default, even on dumb terminals, this commit
introduces an additional check which consults $TERM and disables the
progress bar if it is set to "dumb".
[TT: backported to 2.12]
|
|
The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.
Fixes #10742
|
|
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.
Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
|
|
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.
|
|
If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot. This helps
with using apk with bwrap and OSTree.
Closes #10736.
[TT: backported to 2.12-stable]
|
|
The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.
fixes #10718
|
