While there are no obvious paths to trigger any misbehaviour this
removes usage of snprintf and potential bad patterns. Error handling
in few instances is added as defensive means.

fixes #11030

Sertonix authored 5 months ago and Timo Teräs committed 4 months ago

POSIX specifies that basename(3) may change the string it is passed.
To avoid confusion, replacing basename with apk_last_path_segment
which is sufficient for the use case and never changes the argument.

[TT: move to apk_print.h, use also in package.c, adjust commit log]

Sertonix authored 5 months ago and Timo Teräs committed 5 months ago

The creation of the /tmp directory was included in the initial code (d6c74352)
cause the scripts were extracted were extracted into that directory. Since that
directory isn't used anymore (changed in 5d19789a) it doesn't make sense to
still create the directory for all script.

alice authored 6 months ago and Timo Teräs committed 5 months ago

calling ninja directly is preferable over calling meson compile, as it reinvokes
ninja with the same arguments but adds all the python startup overhead

alice authored 6 months ago and Timo Teräs committed 5 months ago

closes #11012

Sertonix authored 5 months ago and Timo Teräs committed 5 months ago

Fixes 4aa80564 blob: optimize digit and base64 decoding

Sertonix authored 5 months ago and Timo Teräs committed 5 months ago

This avoids potential information loss when converting size_t to lua_Integer by not converting to int in between.

Casting a long pointer to size_t pointer directly is not safe as far as I
know.

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

Since c2b4a43f the digest_alg are compared between the xattrs read from
disk and read from the database. This means that we need to keep xattr_type
set to APK_DIGEST_NONE when there actually is none.

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

The first message line was already hidden with --quiet but the rest was
still printed. Removing the message completely seems more reasonable to
me.

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

This is needed to avoid EACCES when running apk audit as unprivilidged
user.

Sertonix authored 6 months ago and Timo Teräs committed 5 months ago

This is to avoid issues when opening fifos cause without O_NONBLOCK they
wait until the other end is opened.

When the invalid options wasn't the last one the error would be ignored:
apk --invalid --no-cache stats

fixes #11021

Sertonix authored 6 months ago and Timo Teräs committed 6 months ago

meson is able to handle LDFLAGS but -Dc_link_args is the intended way.

fixes #11020

fixes #11019

Since the root directory is generally not owned by any package
or even created by any package, it does not make sense to store
it in the packages unless needed (because it contains a file
in the root path).

Unfortunately, the extraction code assumed the first path is
the root path, so packages without the root node are not fully
compatible backwards.

Fix the extraction and make the code to omit the root node
behind an option. Eventually it will become the default and
the compatibility option will be removed.

Revert the unintended change to apk_fileinfo_get on using
fi->xattrs.

fixes commit 1690e131 io, db: refactor struct apk_checksum away from struct apk_db_acl
fixes #11018

fixes commit fb74ef1c db, adb: always use sha256-160 package identity in installeddb

- rename "signing" options group to "generation"
- add --compression as an option there
- enable compression on applets where needed
- update the documentation

as a side effect this now compresses indexes by default,
and allows recompression with 'adbsign' applet

Allows package to specify:
 provider=foo
 depends=!foo

to provide foo as unversioned name and conflict against all
other packages providing the same name (versioned or unversioned).

fixes #10976

Instead of trying to write sha256 hashes to the installeddb,
keep the length compatible with older apk and use sha256-160.
Allow v3 package verification using sha256-160 if its installeddb.

fixes #11017

- adjust encoding of sha256 in such a manner that older apk will
  accept it (but truncate it to sha256-160 upon read)
- always use sha1/sha256-160 for triggers to keep compatiblity
- internally use sha1/sha256-160 as the hash key allow working
  in the mixed setup

This should allow a rollback to older apk if needed, though doing
so will cause truncation of the package hashes to sha256-160. The
truncated package hashes may cause some issues with "apk fix" not
handling the index based trust correctly.

Once the installeddb conversion to adb is complete, these ugly
things will go away.

ref #11017