1. 28 May, 2019 1 commit
  2. 01 May, 2019 1 commit
    • A. Wilcox's avatar
      list: Detect orphaned packages correctly · 84941a59
      A. Wilcox authored
      BIT(1) corresponds with decimal 2, which is the first available repository.
      
      Before this fix, `apk list -O` would list every package installed from the
      first available repository, which is the 'system' repository on most Adélie
      Linux computers.
      
      After this fix, `apk list -O` correctly lists only the packages which are
      no longer available.
      84941a59
  3. 13 Feb, 2019 2 commits
  4. 10 Jan, 2019 1 commit
  5. 15 Nov, 2018 2 commits
  6. 12 Nov, 2018 3 commits
  7. 09 Nov, 2018 1 commit
  8. 02 Nov, 2018 5 commits
  9. 30 Oct, 2018 1 commit
    • Timo Teräs's avatar
      fix xattr hash to be sha1 · f38d1f74
      Timo Teräs authored
      The hash type was accidentally changed in previous commit. Currently
      csum->data cannot hold longer hash, so fix the hash.
      f38d1f74
  10. 26 Oct, 2018 1 commit
  11. 05 Oct, 2018 1 commit
  12. 25 Sep, 2018 2 commits
  13. 11 Sep, 2018 1 commit
  14. 10 Sep, 2018 3 commits
    • Timo Teräs's avatar
      apk-tools-2.10.1 · 11bd821c
      Timo Teräs authored
      11bd821c
    • Timo Teräs's avatar
      rework unpacking of packages and harden package file format requirements · 6484ed98
      Timo Teräs authored
      A crafted .apk file could to trick apk writing unverified data to
      an unexpected file during temporary file creation due to bugs in handling
      long link target name and the way a regular file is extracted.
      
      Several hardening steps are implemented to avoid this:
       - the temporary file is now always first unlinked (apk thus reserved
         all filenames .apk.* to be it's working files)
       - the temporary file is after that created with O_EXCL to avoid races
       - the temporary file is no longer directly the archive entry name
         and thus directly controlled by potentially untrusted data
       - long file names and link target names are now rejected
       - hard link targets are now more rigorously checked
       - various additional checks added for the extraction process to
         error out early in case of malformed (or old legacy) file
      Reported-by: 's avatarMax Justicz <max@justi.cz>
      6484ed98
    • Robert Hencke's avatar
      add .mailmap to consolidate git shortlog · b11f9aa9
      Robert Hencke authored
      Consolidate author information, so that tools like 'git shortlog' show
      a single entry for each author.
      b11f9aa9
  15. 05 Sep, 2018 2 commits
  16. 21 Aug, 2018 1 commit
  17. 14 Aug, 2018 1 commit
  18. 18 Jul, 2018 1 commit
  19. 02 Jul, 2018 2 commits
    • Jussi Kukkonen's avatar
      Invalidate id cache after script execution · d609ef3c
      Jussi Kukkonen authored
      It's common for a pre-install script to do something like
          addgroup -S group 2>/dev/null
      When apk installs files after this, it sets the owner/group based on id cache
      but currently the id cache is stale and doesn't contain the new group at that
      point: instead the file will be installed with gid that the build host
      happened to have for that group -- on target this might mean a non-existing
      group or a completely different group.
      
      We can't know if the script really did modify id cache contents so make sure
      to reset the id cache on every script execution.
      d609ef3c
    • Sören Tempel's avatar
      list: fix segmentation fault with virtual packages · 5c4b90df
      Sören Tempel authored
      Virtual packages have the origin pointer set to NULL. Trying to print it
      using the BLOB_PRINTF macros causes a segmentation fault.
      
      Inspired by the `print_origin_name` function from `src/search.c` this
      commit attempts to fix it by checking whether `pkg->origin` is NULL
      before attempting to print it. If it is NULL the pkg name is printed
      instead.
      
      Since printing the pkg name requires a different format string this
      commit splits the printf call for printing the package line into
      multiple ones. The output format shouldn't have changed at all though.
      5c4b90df
  20. 24 Jun, 2018 1 commit
  21. 14 Jun, 2018 3 commits
  22. 08 May, 2018 1 commit
  23. 05 Apr, 2018 1 commit
    • Timo Teräs's avatar
      db: fix refreshing index if time is zero · 258519b1
      Timo Teräs authored
      During netboot on systems without RTC, time() will be near zero,
      and the index fill not exist. Thus the plain test of st.st_mtime
      against system time failed. Verify that fstatat() succeeds.
      258519b1
  24. 21 Feb, 2018 1 commit
  25. 20 Feb, 2018 1 commit