The adb object for apk_pkg_from_adb() was changed in commit 7d6de220
"database: support loading v3 indexes" which also addressed the broken
site in question but omitted updating the argument.

fixes #10783

Always return the original length; not the one with trailing '/'
amended.

fixes c60b7424 "optimize apk_pathbuilder_pop to get the old length"
ref #10784

The apk_istream is null for zero length files, and needs
special handling.

fixes #10784

avoids memrchr

give a fake trust root allowing anything. adbdump code will verify
and dump each signature individually.

by adding an abstraction layer to the file system

When extraction failed, the user has had no opportunity to edit
any files. Just clean up.

fix also the progress callback on uvol extraction

Report also version numbers as invalid if there's more than 18
digits.

fixes #10774

and fix the error code if untrusted adb is seen

apk_extract_file() already calls unlink if the error is fatal.

Alex Xu (Hello71) authored 3 years ago and Timo Teräs committed 3 years ago

see aports#11736

[TT: minor stylistic change]

Without this header the build fails when used as a OpenWrt build
dependency.

Signed-off-by: Paul Spooren <mail@aparcar.org>

Make sure we always have valid struct apk_trust * for code using it.

Load the signing keys directly when being specified to produce
sane error message if loading them fails.

In most places where pointer can be an 'error' it cannot be null
pointer. Further, in those cases just calling PTR_ERR() is not enough
to handle the null case. Simplify code by removing this case.

If NULL case needs to be handled, it's better to add separate check
and return fixed error code in that case.

- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
  (e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator

fixes #10762

fixes #10759

'is' is null for directories

Directories are handled specially in package installation code, but
extract applet uses also apk_extract_file() to create directories.
These should not be unlinked as that fails with unexpected error code
terminating the extraction.

Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.

Fixes: "libfetch: fix range checking for http/ftp protocol parsing"

The extract applet now works with both v2 and v3 packages.

This splits the callbacks by type, and further prepares the API
to be usable for v3 files too.

This moves and isolates the tar code to tar.c. And the actual
file extraction to disk is moved to extract.c.

A new API is introduced and used for v2 file extraction. This
essentially moves and isolates the apk_sign_ctx_* beast into
extract_v2.c and offers a saner interface to handling packages.

A place holder is added for v3 extraction.

fix the error checking, allow --force-overwrite to work and
do not delete existing file in case of error

Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>