apk-tools, branch 2.7-stable Alpine Package Keeper, the 2.x tree apk-tools-2.7.6 2018-09-10T12:14:19+00:00 Timo Teräs timo.teras@iki.fi 2018-09-10T12:14:19+00:00 7494f69c4a2b77d4a87333b3c7634007def2d3b2 






rework unpacking of packages and harden package file format requirements
2018-09-10T08:17:43+00:00

Timo Teräs
timo.teras@iki.fi

2018-09-05T16:49:22+00:00

7960a80caa1648c09cd9f86086b3817bc8cbec8e

A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.

Several hardening steps are implemented to avoid this:
 - the temporary file is now always first unlinked (apk thus reserved
   all filenames .apk.* to be it's working files)
 - the temporary file is after that created with O_EXCL to avoid races
 - the temporary file is no longer directly the archive entry name
   and thus directly controlled by potentially untrusted data
 - long file names and link target names are now rejected
 - hard link targets are now more rigorously checked
 - various additional checks added for the extraction process to
   error out early in case of malformed (or old legacy) file

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)





A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.

Several hardening steps are implemented to avoid this:
 - the temporary file is now always first unlinked (apk thus reserved
   all filenames .apk.* to be it's working files)
 - the temporary file is after that created with O_EXCL to avoid races
 - the temporary file is no longer directly the archive entry name
   and thus directly controlled by potentially untrusted data
 - long file names and link target names are now rejected
 - hard link targets are now more rigorously checked
 - various additional checks added for the extraction process to
   error out early in case of malformed (or old legacy) file

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 6484ed9849f03971eb48ee1fdc21a2f128247eb1)







apk: sanitize return value
2018-09-06T11:32:43+00:00

Timo Teräs
timo.teras@iki.fi

2018-09-05T07:21:22+00:00

7c90fd0529c0358dd04cab0fce506e8a8b191506

Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9)





Most applets return whatever apk_solver_commit() returns. It is the
number of errors found (or negative for hard error). Sanitize the
error value to not give false success exit code in the unlikely case
of errors % 256 == 0.

Reported-by: Max Justicz <max@justi.cz>
(cherry picked from commit 7b654e125461b00bc26e52b25e6a7be3a32c11b9)







archive: enable FIFO extraction
2018-09-06T11:31:13+00:00

Jesse Young
jlyo@jlyo.org

2018-08-14T17:32:09+00:00

0ff5e936d9aafa87da803a35f8c83ad38d9aa26c

(cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)





(cherry picked from commit 1d55b9488f2d9c6d367fa7f21b058466c24f3ad1)







apk-tools-2.7.5
2018-01-09T08:08:41+00:00

Timo Teräs
timo.teras@iki.fi

2018-01-09T08:08:41+00:00

4264325dbfad4a70f509a6b886c43a4816b75271












add new umbrella flag --initramfs-diskless-boot
2018-01-09T08:06:25+00:00

Henrik Riomar
henrik.riomar@gmail.com

2018-01-03T09:31:34+00:00

285612643e061622275f09a8316c71417ca5c1d1

This flag enables a group of options used during initramfs tmpfs
initial install.

(cherry picked from commit e0eff8742f342c2c23e1d7ee081f3afd08cb5169)
(cherry picked from commit 46d2a419213e5e355e49066ab014ba3274d2fb87)





This flag enables a group of options used during initramfs tmpfs
initial install.

(cherry picked from commit e0eff8742f342c2c23e1d7ee081f3afd08cb5169)
(cherry picked from commit 46d2a419213e5e355e49066ab014ba3274d2fb87)







add new flag --no-commit-hooks
2018-01-09T08:06:18+00:00

Henrik Riomar
henrik.riomar@gmail.com

2017-12-29T20:10:44+00:00

ed0613bc577d8ff119d7a7b4c40782f3642b094c

This flag skips running hook scripts

This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.

(cherry picked from commit 23cb10477537a2bbf40ac06a61046f75f2b160c5)
(cherry picked from commit f62d6ce1287a02e65b19abc47f0dc23041d38941)





This flag skips running hook scripts

This flag *must* be used during initramfs tmpfs initial install.
The reason that this new flag is needed is that the hooks will currently
always fail as musl and /bin/sh is missing at this stage on diskless.

(cherry picked from commit 23cb10477537a2bbf40ac06a61046f75f2b160c5)
(cherry picked from commit f62d6ce1287a02e65b19abc47f0dc23041d38941)







db: fix triggers to report deleted directories
2018-01-09T08:06:11+00:00

Timo Teräs
timo.teras@iki.fi

2018-01-03T07:31:10+00:00

5c39fd38ec34a03f5197a3904c4cac6c3fd1fe97

This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.

(cherry picked from commit b0fcc56f221e749271bb2aa13e151699e62b09ac)
(cherry picked from commit 6ee77576e7c16c23784c69f82d90be98deb07515)





This change just changes to keep deleted directory items in
the hash with ref count zero and modified flag set. Those entries
are reused when needed. The side effect is that fire_triggers()
will now see those removed direcotries and reports them. Other
enumerators of the directories hash are protected to skip removed
directories when appropriate.

(cherry picked from commit b0fcc56f221e749271bb2aa13e151699e62b09ac)
(cherry picked from commit 6ee77576e7c16c23784c69f82d90be98deb07515)







commit: properly analyze packages with provides="$pkgname"
2018-01-09T08:06:07+00:00

Timo Teräs
timo.teras@iki.fi

2018-01-02T13:35:24+00:00

6207cac8bac9cb1929e78e76e3bf8778cc7165ef

(cherry picked from commit 667cb6bca799e58f58f22ad868761c022c6600dc)
(cherry picked from commit 4d22966dacff6bad9f27a950fb6b5a2d2b1c4b21)





(cherry picked from commit 667cb6bca799e58f58f22ad868761c022c6600dc)
(cherry picked from commit 4d22966dacff6bad9f27a950fb6b5a2d2b1c4b21)







solver: fix potential install_if processing failure, fixes #8237
2018-01-09T08:06:01+00:00

Timo Teräs
timo.teras@iki.fi

2017-12-12T13:14:25+00:00

11a523d2eb9bd546064f256126e9351943fb9e57

In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.

(cherry picked from commit 8e7fd3e06f300bd76b659db1164da1ee12f16870)
(cherry picked from commit 685795f24c7d37298c363bb70dc98e3a95ef4c81)





In discovery phase, there was logic to not process packages
multiple times. However, that logic failed to account the package's
depth and install_if state for the name being processed. This
caused install_if processing failure in certain topologies of the
dependency graph. Adds also a test case that should catch this
issue reliably.

(cherry picked from commit 8e7fd3e06f300bd76b659db1164da1ee12f16870)
(cherry picked from commit 685795f24c7d37298c363bb70dc98e3a95ef4c81)