apk-tools, branch 2.6-stable Alpine Package Keeper, the 2.x tree apk-tools-2.6.10 2018-09-10T12:15:53+00:00 Timo Teräs timo.teras@iki.fi 2018-09-10T12:15:53+00:00 de531c867947723736d95346be6b2032b2fc379b 






rework unpacking of packages and harden package file format requirements
2018-09-10T08:18:39+00:00

Timo Teräs
timo.teras@iki.fi

2018-09-05T16:49:22+00:00

d2eb263642527d7b6c8c71042a994dcea368b632

A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.

Several hardening steps are implemented to avoid this:
 - the temporary file is now always first unlinked (apk thus reserved
   all filenames .apk.* to be it's working files)
 - the temporary file is after that created with O_EXCL to avoid races
 - the temporary file is no longer directly the archive entry name
   and thus directly controlled by potentially untrusted data
 - long file names and link target names are now rejected
 - hard link targets are now more rigorously checked
 - various additional checks added for the extraction process to
   error out early in case of malformed (or old legacy) file

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)





A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.

Several hardening steps are implemented to avoid this:
 - the temporary file is now always first unlinked (apk thus reserved
   all filenames .apk.* to be it's working files)
 - the temporary file is after that created with O_EXCL to avoid races
 - the temporary file is no longer directly the archive entry name
   and thus directly controlled by potentially untrusted data
 - long file names and link target names are now rejected
 - hard link targets are now more rigorously checked
 - various additional checks added for the extraction process to
   error out early in case of malformed (or old legacy) file

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)







apk: sanitize return value
2018-09-06T11:47:02+00:00

Timo Teräs
timo.teras@iki.fi

2018-09-05T07:21:22+00:00

d214c18ac51adb7317284f8f65173494cc726814

Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9)
(cherry picked from commit 7c90fd0529c0358dd04cab0fce506e8a8b191506)





Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9)
(cherry picked from commit 7c90fd0529c0358dd04cab0fce506e8a8b191506)







archive: enable FIFO extraction
2018-09-06T11:46:28+00:00

Jesse Young
jlyo@jlyo.org

2018-08-14T17:32:09+00:00

abe925f864e38a095ab26b0cbcb4b74d60d667ee

(cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)





(cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)







io: fix skip and splice to detect unexpected end-of-file
2018-09-06T11:45:23+00:00

Timo Teräs
timo.teras@iki.fi

2017-10-12T10:35:46+00:00

70deb0aa595a9a45b0628738eb196666b8ac03f8

(cherry picked from commit 2f3c8420493a731556909eb3ebd6d50478fb7b24)





(cherry picked from commit 2f3c8420493a731556909eb3ebd6d50478fb7b24)







tar: return correct error for short read of tar archive
2018-09-06T11:35:52+00:00

Timo Teräs
timo.teras@iki.fi

2017-01-05T14:14:44+00:00

e48f441ed53744d24b3f745efccb8134e5abedb1

(cherry picked from commit ca368916e0333bf24cdcbdbe42130ec6a92c3f6e)





(cherry picked from commit ca368916e0333bf24cdcbdbe42130ec6a92c3f6e)







apk-tools-2.6.9
2017-06-23T07:05:36+00:00

Timo Teräs
timo.teras@iki.fi

2017-06-23T07:05:36+00:00

483f64ea1f6e5ebf37f7a75581b9d8b5465cf4a3












archive: validate reading of pax and gnu long filename extensions
2017-06-23T07:03:20+00:00

Timo Teräs
timo.teras@iki.fi

2017-06-21T12:25:18+00:00

cb5972fba80f3b3b97c4f816ffb368a03616c6a9

Detect properly if the file stream gets an error during these
read operations.

Reported-by: Ariel Zelivansky from Twistlock
(cherry picked from commit cd531aef3033475c26f29a1f650a3bf392cc2daa)





Detect properly if the file stream gets an error during these
read operations.

Reported-by: Ariel Zelivansky from Twistlock
(cherry picked from commit cd531aef3033475c26f29a1f650a3bf392cc2daa)







archive: fix incorrect bounds checking for memory allocation
2017-06-23T07:03:16+00:00

Timo Teräs
timo.teras@iki.fi

2017-06-21T12:12:02+00:00

285371126a44d50bf81fe7957560bc0c048d1fdb

The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.

Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock

(cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)





The value from tar header is unsigned int; keep it casted to
unsigned int and size_t instead of (signed) int, otherwise
the comparisons fail to do their job properly. Additionally check
entry.size against SSIZE_MAX so the rounding up later on is
guaranteed to not overflow.

Fixes CVE-2017-9669 and CVE-2017-9671.
Reported-by: Ariel Zelivansky from Twistlock

(cherry picked from commit 286aa77ef1811e477895713df162c92b2ffc6df8)







apk-tools-2.6.8
2016-10-25T08:06:30+00:00

Timo Teräs
timo.teras@iki.fi

2016-10-25T08:06:30+00:00

d07f777934d4377b3f189bf3e057653748b1daa3