1. 02 Nov, 2018 4 commits
  2. 30 Oct, 2018 1 commit
    • Timo Teräs's avatar
      fix xattr hash to be sha1 · f38d1f74
      Timo Teräs authored
      The hash type was accidentally changed in previous commit. Currently
      csum->data cannot hold longer hash, so fix the hash.
      f38d1f74
  3. 26 Oct, 2018 1 commit
  4. 05 Oct, 2018 1 commit
  5. 25 Sep, 2018 2 commits
  6. 11 Sep, 2018 1 commit
  7. 10 Sep, 2018 3 commits
    • Timo Teräs's avatar
      apk-tools-2.10.1 · 11bd821c
      Timo Teräs authored
      11bd821c
    • Timo Teräs's avatar
      rework unpacking of packages and harden package file format requirements · 6484ed98
      Timo Teräs authored
      A crafted .apk file could to trick apk writing unverified data to
      an unexpected file during temporary file creation due to bugs in handling
      long link target name and the way a regular file is extracted.
      
      Several hardening steps are implemented to avoid this:
       - the temporary file is now always first unlinked (apk thus reserved
         all filenames .apk.* to be it's working files)
       - the temporary file is after that created with O_EXCL to avoid races
       - the temporary file is no longer directly the archive entry name
         and thus directly controlled by potentially untrusted data
       - long file names and link target names are now rejected
       - hard link targets are now more rigorously checked
       - various additional checks added for the extraction process to
         error out early in case of malformed (or old legacy) file
      Reported-by: 's avatarMax Justicz <max@justi.cz>
      6484ed98
    • Robert Hencke's avatar
      add .mailmap to consolidate git shortlog · b11f9aa9
      Robert Hencke authored
      Consolidate author information, so that tools like 'git shortlog' show
      a single entry for each author.
      b11f9aa9
  8. 05 Sep, 2018 2 commits
  9. 21 Aug, 2018 1 commit
  10. 14 Aug, 2018 1 commit
  11. 18 Jul, 2018 1 commit
  12. 02 Jul, 2018 2 commits
    • Jussi Kukkonen's avatar
      Invalidate id cache after script execution · d609ef3c
      Jussi Kukkonen authored
      It's common for a pre-install script to do something like
          addgroup -S group 2>/dev/null
      When apk installs files after this, it sets the owner/group based on id cache
      but currently the id cache is stale and doesn't contain the new group at that
      point: instead the file will be installed with gid that the build host
      happened to have for that group -- on target this might mean a non-existing
      group or a completely different group.
      
      We can't know if the script really did modify id cache contents so make sure
      to reset the id cache on every script execution.
      d609ef3c
    • Sören Tempel's avatar
      list: fix segmentation fault with virtual packages · 5c4b90df
      Sören Tempel authored
      Virtual packages have the origin pointer set to NULL. Trying to print it
      using the BLOB_PRINTF macros causes a segmentation fault.
      
      Inspired by the `print_origin_name` function from `src/search.c` this
      commit attempts to fix it by checking whether `pkg->origin` is NULL
      before attempting to print it. If it is NULL the pkg name is printed
      instead.
      
      Since printing the pkg name requires a different format string this
      commit splits the printf call for printing the package line into
      multiple ones. The output format shouldn't have changed at all though.
      5c4b90df
  13. 24 Jun, 2018 1 commit
  14. 14 Jun, 2018 3 commits
  15. 08 May, 2018 1 commit
  16. 05 Apr, 2018 1 commit
    • Timo Teräs's avatar
      db: fix refreshing index if time is zero · 258519b1
      Timo Teräs authored
      During netboot on systems without RTC, time() will be near zero,
      and the index fill not exist. Thus the plain test of st.st_mtime
      against system time failed. Verify that fstatat() succeeds.
      258519b1
  17. 21 Feb, 2018 1 commit
  18. 20 Feb, 2018 3 commits
  19. 09 Feb, 2018 1 commit
  20. 31 Jan, 2018 1 commit
    • A. Wilcox's avatar
      libfetch: support OpenSSL · 36f5cf8e
      A. Wilcox authored
      TLS_client_method is a LibreSSL extension.
      SSLv23_client_method is generic, and doesn't mean SSL v2/v3 only.
      36f5cf8e
  21. 29 Jan, 2018 6 commits
  22. 28 Jan, 2018 1 commit
    • William Pitcock's avatar
      list: new applet · fff8bfa5
      William Pitcock authored
      The list applet provides a convenient way of inspecting both the available
      and installed package databases by listing their contents.  In some ways,
      it is similar to `apk search` but is considered to be a superset of
      `apk search` functionality.
      
      A few `apk list` criterion are not yet ready though, such as `apk list --depends`
      which searches by runtime dependency (replacing `apk info --rdepends`).
      fff8bfa5
  23. 09 Jan, 2018 1 commit