1. 26 Jan, 2020 10 commits
  2. 25 Jan, 2020 3 commits
  3. 24 Jan, 2020 4 commits
    • Timo Teräs's avatar
      db: additional clean up and hardening for apk extraction · 9a76f0d6
      Timo Teräs authored
      This enforces all scripts to be in the control block, and
      all data files to be in data block. Ignoring of dot files in
      root is added back: packages without any real files will
      ship one ".dummy" item in the data block to trigger processing
      and validation to work.
      9a76f0d6
    • Reid Rankin's avatar
      Harden signature verification process · d25e5e38
      Reid Rankin authored
      This mostly boils down to making sure control_started and
      data_started are consistently used to gate actions, instead of
      relying whether on file names start with a '.'.
      
      None of the weaknesses this fixes are exploitable, but they
      might have become so after changes to seemingly-unrelated code,
      so it's good to clean them up.
      d25e5e38
    • Reid Rankin's avatar
      093c4b80
    • Reid Rankin's avatar
      manifest: fix package file processing · 1f9e56d8
      Reid Rankin authored
      This change ensures that apk_sign_ctx_process_file() and
      apk_sign_ctx_parse_pkginfo_line() are called during archive
      processing, allowing discovery of signatures and the data section
      checksum.
      
      Fixes a bug uncovered by commit f123d77e.
      1f9e56d8
  4. 11 Jan, 2020 7 commits
  5. 10 Jan, 2020 1 commit
  6. 09 Jan, 2020 1 commit
  7. 05 Jan, 2020 5 commits
  8. 30 Dec, 2019 1 commit
  9. 29 Dec, 2019 1 commit
  10. 27 Dec, 2019 2 commits
  11. 18 Dec, 2019 1 commit
  12. 12 Dec, 2019 1 commit
  13. 22 Nov, 2019 1 commit
  14. 21 Nov, 2019 1 commit
  15. 20 Nov, 2019 1 commit