Skip to content
Snippets Groups Projects
  1. Nov 09, 2018
  2. Nov 02, 2018
  3. Oct 30, 2018
    • Timo Teräs's avatar
      fix xattr hash to be sha1 · f38d1f74
      Timo Teräs authored
      The hash type was accidentally changed in previous commit. Currently
      csum->data cannot hold longer hash, so fix the hash.
      f38d1f74
  4. Oct 26, 2018
  5. Oct 05, 2018
  6. Sep 25, 2018
  7. Sep 11, 2018
  8. Sep 10, 2018
    • Timo Teräs's avatar
      apk-tools-2.10.1 · 11bd821c
      Timo Teräs authored
      v2.10.1
      11bd821c
    • Timo Teräs's avatar
      rework unpacking of packages and harden package file format requirements · 6484ed98
      Timo Teräs authored
      
      A crafted .apk file could to trick apk writing unverified data to
      an unexpected file during temporary file creation due to bugs in handling
      long link target name and the way a regular file is extracted.
      
      Several hardening steps are implemented to avoid this:
       - the temporary file is now always first unlinked (apk thus reserved
         all filenames .apk.* to be it's working files)
       - the temporary file is after that created with O_EXCL to avoid races
       - the temporary file is no longer directly the archive entry name
         and thus directly controlled by potentially untrusted data
       - long file names and link target names are now rejected
       - hard link targets are now more rigorously checked
       - various additional checks added for the extraction process to
         error out early in case of malformed (or old legacy) file
      
      Reported-by: default avatarMax Justicz <max@justi.cz>
      6484ed98
    • Robert Hencke's avatar
      add .mailmap to consolidate git shortlog · b11f9aa9
      Robert Hencke authored and Timo Teräs's avatar Timo Teräs committed
      Consolidate author information, so that tools like 'git shortlog' show
      a single entry for each author.
      b11f9aa9
  9. Sep 05, 2018
  10. Aug 21, 2018
  11. Aug 14, 2018
  12. Jul 18, 2018
  13. Jul 02, 2018
    • Jussi Kukkonen's avatar
      Invalidate id cache after script execution · d609ef3c
      Jussi Kukkonen authored and Ariadne Conill's avatar Ariadne Conill committed
      It's common for a pre-install script to do something like
          addgroup -S group 2>/dev/null
      When apk installs files after this, it sets the owner/group based on id cache
      but currently the id cache is stale and doesn't contain the new group at that
      point: instead the file will be installed with gid that the build host
      happened to have for that group -- on target this might mean a non-existing
      group or a completely different group.
      
      We can't know if the script really did modify id cache contents so make sure
      to reset the id cache on every script execution.
      d609ef3c
    • Sören Tempel's avatar
      list: fix segmentation fault with virtual packages · 5c4b90df
      Sören Tempel authored and Ariadne Conill's avatar Ariadne Conill committed
      Virtual packages have the origin pointer set to NULL. Trying to print it
      using the BLOB_PRINTF macros causes a segmentation fault.
      
      Inspired by the `print_origin_name` function from `src/search.c` this
      commit attempts to fix it by checking whether `pkg->origin` is NULL
      before attempting to print it. If it is NULL the pkg name is printed
      instead.
      
      Since printing the pkg name requires a different format string this
      commit splits the printf call for printing the package line into
      multiple ones. The output format shouldn't have changed at all though.
      5c4b90df
  14. Jun 24, 2018
  15. Jun 14, 2018
  16. May 08, 2018
  17. Apr 05, 2018
    • Timo Teräs's avatar
      db: fix refreshing index if time is zero · 258519b1
      Timo Teräs authored
      During netboot on systems without RTC, time() will be near zero,
      and the index fill not exist. Thus the plain test of st.st_mtime
      against system time failed. Verify that fstatat() succeeds.
      258519b1
  18. Feb 21, 2018
  19. Feb 20, 2018
  20. Feb 09, 2018
  21. Jan 31, 2018
  22. Jan 29, 2018
Loading