By introducing a new package metadata field, `provider_priority`
(index letter `k`), we can specify default packages to satisfy a
virtual.

If a user wishes to select an alternative provider for the virtual,
a changeset swapping the default provider for the selected provider
will be generated by the dependency resolver.

this fixes package selection when a 'real' package exists, but would
need to be provided by another package with 'virtual provides'.

In current package database this can happen with postgresql which is
also provided by postgresql-bdr. Normally postgresql would be satisfied
by postgresql, but if any package depends on postgresql-bdr and there's
no versioned dependency on postgresql this will help apk figure out
that postgresql-bdr should be used.

dbopts->root may be null; use db->root instead

fixes #7162

OpenSSL allows passing zero-length to indicate "use strlen".
LibreSSL requires using the real length always, so pass the length.

X509_check_host() is introduced in libressl-2.5.0 and openssl-1.0.2
which are not yet universally available. Add support for building
against the older versions.

loosely based on the freebsd implementation, implement https
connection settings to override CA, and use client certificate.

new files supported in /etc/apk/:
  ca.pem   - if exists, it contains CAs acceptable for https
	     (otherwise system wide CAs are used)
  crl.pem  - if ca.pem is used, this is the (optional) CRL for it
  cert.pem - used as client authentication certificate (+ key)
  cert.key - used as client key (can be also inside cert.pem)

from freebsd

ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files

libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.

We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.

FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.

So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.

Incidentally, this also fixes #7857 and likes for good.

this is a regression introduced in commit 349c61c9
("add support for pre and post commit hooks")

based on github pull request #5

Dmitry Golovin authored Aug 22, 2017 and Timo Teräs committed Aug 23, 2017

found by clang

APKs have been created with GNU tar so far, which uses the
GNU extensions for long names. In order to increase portability
support the standard header's 'prefix' portion in case
the GNU extensions are not present.

Depending how the directory entries are ordered, the cached dir
instance might not have been updated correctly. This has not been
a problem as the entries have been ordered, but is now triggered
on ppc.

The main usage is for alpine-chroot-install and similar scripts, so it
can depend on specific *persistent* version.

This reduces function pointers in heap, and unifies how the
io functions are called.

Detect properly if the file stream gets an error during these
read operations.

Reported-by: Ariel Zelivansky from Twistlock

The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.

Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock

This reverts commit ee5ce728.

This behaviour has been changed in: 7d5cd2c8.

Variable QEMU_EMULATOR is set by enter-chroot script from
alpine-chroot-install.