removes some code duplication

Fix the script to not contain \x00 escape which was the only new
feature used.

Fix the meson build script to use given lua interpreter for running
the genhelp.lua.

Based on patch from Daniel Golle <daniel@makrotopia.org>

Based on patch from Daniel Golle <daniel@makrotopia.org>

Macros used have been taken from Loongson's work-in-progress GCC 12
port.

This caused some -Wall errors on certain gcc versions due
to BIO_reset() being a macro with explicit cast.

EVP_MD_CTX_set_pkey_ctx() is fairly new openssl function, and not
existing in many alternative. Use EVP_MD_CTX_reset() which is slightly
more heavy but more portable. Add also signature buffer lengths to
work with RSA.

- remove unneeded assert.h
- add needed limits.h

Rodrigo Lourenço authored 3 years ago and Timo Teräs committed 3 years ago

Fixes #10746.

Use of an AUTHORS section is strongly discouraged. Generally, it
is better not to clutter every page with a list of (over time
potentially numerous) authors.

Add your name to comments in sources, or the root level AUTHORS
file instead.

Improves compatibility with libressl, wolfssl and older openssl
libraries not having the flag. Usage of this is optional as it's
purely performance optimization related flag.

- basic digesting and signing apis (subject still to fine tuning)
- update digest code, and adb signing for the thin wrapping layer
- old v1 package and database handling not updated
- default mkpkg file hash to sha256

ref #10744

The progress bar requires the terminal emulator to support ANSI escape
sequences. Normally, TERM is set to dumb to indicate that the terminal
emulator doesn't support any ANSI escape sequences. Attempting to use
ANSI escape sequences on dumb terminals will lead to weird output. In
order to make apk work by default, even on dumb terminals, this commit
introduces an additional check which consults $TERM and disables the
progress bar if it is set to "dumb".

This converts 'adbdump' applet to generate adb_walk api callbacks,
and implement gentext backend to generate the yaml-like text output.

The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.

Fixes #10742

Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.

==31584== Conditional jump or move depends on uninitialised value(s)
==31584==    at 0x5C8CA5: strlen (strlen.c:17)
==31584==    by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584==    by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584==    by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584==    by 0x4271BC: apk_pkg_read (package.c:929)
==31584==    by 0x402D75: add_main (app_add.c:163)
==31584==    by 0x40D5FF: main (apk-static.c:516)

Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.

Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>

apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.

This commit fixes a regression which was introduced in changeset
646c8344. If apk_out_fmt() is called
while out->log is set and prefix is set to APK_OUT_LOG_ONLY, then
apk_out_fmt() would pass this prefix to log_internal() which would, in
turn, attempt to write it to standard out using fprintf().
Unfortunately, doing so wont work as intended if prefix is ((char*)-1)
(i.e. APK_OUT_LOG_ONLY) and will cause a segmentation fault instead.

This commit fixes this segmentation fault by not printing the prefix in
log_internal() if it is either NULL or APK_OUT_LOG_ONLY.

Drew DeVault authored 4 years ago and Timo Teräs committed 4 years ago

This adds a log file at /var/log/apk.log. On each run, apk's version
information and the current date & time are written to this file,
followed by any normal apk output.

Ariadne Conill authored 4 years ago and Timo Teräs committed 4 years ago

If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot.  This helps
with using apk with bwrap and OSTree.

Closes #10736.

The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.

fixes #10718

fixes #10738

Martin Vahlensieck authored 4 years ago and Timo Teräs committed 4 years ago

If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit:
7158474f libfetch: keep http auth only if redirect is for the same host

fixes #10737

Especially a newline can produce havoc in the database file as
the filename is written there as-is. This hardenes the extraction
to consider any control character as malicious. Additional
hardening is added to database loading to better detect corrupt
state and return proper error code about it.

Reported-by: Luca Weiss <luca@z3ntu.xyz>

Olliver Schinagl authored 4 years ago and Timo Teräs committed 4 years ago

While commit 18b0b45b (io: Handle long lines, Thu Jan 7 17:25:23 2021
+0100) did attempt to address this issue, the buffer really is still to
small when dealing with big-big dependency lists.

Lets make it sufficiently large for now, until the new APKINDEX format
can support multi-line dependencies, making this not needed any more.

[TT: Originally the buffer size was conservative to run on resource
constrained embedded platforms. But since the available memory on those
has also increased much, the adjustment to 128kB makes sense also to
increase performance a little bit. Removing also the iolimit test.]

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>