1. 06 Sep, 2018 1 commit
  2. 23 Jun, 2017 3 commits
    • Timo Teräs's avatar
      apk-tools-2.6.9 · 483f64ea
      Timo Teräs authored
      483f64ea
    • Timo Teräs's avatar
      archive: validate reading of pax and gnu long filename extensions · cb5972fb
      Timo Teräs authored
      Detect properly if the file stream gets an error during these
      read operations.
      
      Reported-by: Ariel Zelivansky from Twistlock
      (cherry picked from commit cd531aef3033475c26f29a1f650a3bf392cc2daa)
      cb5972fb
    • Timo Teräs's avatar
      archive: fix incorrect bounds checking for memory allocation · 28537112
      Timo Teräs authored
      The value from tar header is unsigned int; keep it casted to
      unsigned int and size_t instead of (signed) int, otherwise
      the comparisons fail to do their job properly. Additionally check
      entry.size against SSIZE_MAX so the rounding up later on is
      guaranteed to not overflow.
      
      Fixes CVE-2017-9669 and CVE-2017-9671.
      Reported-by: Ariel Zelivansky from Twistlock
      
      (cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)
      28537112
  3. 25 Oct, 2016 1 commit
  4. 23 Aug, 2016 1 commit
    • Timo Teräs's avatar
      pkg: reset umask for package scripts · 0545fa0d
      Timo Teräs authored
      It is unreasonable to assume that all package writers would except
      to reset umask themselves. It's done currently in most packages,
      but we had first issue of this kind recently, so better just reset
      umask.
      0545fa0d
  5. 22 Jul, 2016 2 commits
  6. 08 Jul, 2016 1 commit
  7. 06 Jul, 2016 1 commit
  8. 13 Jun, 2016 2 commits
  9. 31 May, 2016 1 commit
  10. 27 May, 2016 2 commits
  11. 19 Apr, 2016 1 commit
  12. 03 Apr, 2016 1 commit
  13. 16 Feb, 2016 2 commits
  14. 09 Feb, 2016 2 commits
  15. 10 Dec, 2015 2 commits
  16. 07 Dec, 2015 1 commit
  17. 12 Nov, 2015 3 commits
  18. 09 Nov, 2015 2 commits
    • Timo Teräs's avatar
      io, database: preserve [am]time for cached and fetched files · cce4cff5
      Timo Teräs authored
      preserve [am]time for all packages and indexes. this fixes the caching
      error that 'apk update' is after new index is generated, but before
      the used mirror is synchronized. this caused local apkindex timestamp
      to be newer than file in mirror, when in fact it was outdated index.
      
      this also fixes fetched files to have build timestamp so that files
      going to .iso or custom images have proper timestamps (rsync with
      appropriate --modify-window now works)
      cce4cff5
    • Timo Teräs's avatar
      search: match packages only once · 7501f601
      Timo Teräs authored
      fixes #4770
      
      apk_name_foreach_matching() can matches each package via it's
      main name and all it's provides. Print matched packages only once.
      7501f601
  19. 08 Oct, 2015 2 commits
  20. 11 Sep, 2015 1 commit
  21. 03 Sep, 2015 2 commits
  22. 03 Jul, 2015 1 commit
  23. 02 Jul, 2015 1 commit
    • Timo Teräs's avatar
      relocate lock file to /lib/apk/db · 57de8d0c
      Timo Teräs authored
      the problem is that var/lock is on root installs symlink to /run/lock
      (on tmpfs) and does not exist if doing chroot() to that root. fixes
      apk to work when chrooted to existing rootfs install.
      57de8d0c
  24. 26 Jun, 2015 1 commit
  25. 12 Jun, 2015 3 commits