apk-tools - Alpine Package Keeper, the 2.x tree

	Commit message (Collapse)	Author	Age	Files	Lines
*	rework unpacking of packages and harden package file format requirements	Timo Teräs	2018-09-10	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	A crafted .apk file could to trick apk writing unverified data to an unexpected file during temporary file creation due to bugs in handling long link target name and the way a regular file is extracted. Several hardening steps are implemented to avoid this: - the temporary file is now always first unlinked (apk thus reserved all filenames .apk.* to be it's working files) - the temporary file is after that created with O_EXCL to avoid races - the temporary file is no longer directly the archive entry name and thus directly controlled by potentially untrusted data - long file names and link target names are now rejected - hard link targets are now more rigorously checked - various additional checks added for the extraction process to error out early in case of malformed (or old legacy) file Reported-by: Max Justicz <max@justi.cz>
*	all: update copyright year statement	Timo Teräs	2011-09-13	1	-1/+1
\|
*	io, db: id cache should be specific to database root, not system root	Timo Teräs	2010-10-08	1	-1/+1
\| \| \| \| \|	Otherwise we end up using wrong uid/gid mappings when doing install to alternate system root. Fixes #434.
*	index, version: support for repository descriptions (fixes #141)	Timo Teras	2009-09-03	1	-1/+1
\| \| \| \| \|	ability embed description information to repository indexes (e.g. repository name and version) and show it via "apk version -I".
*	apk: use *at instead of chdir+normal file syscall	Timo Teras	2009-07-31	1	-3/+2
\| \| \| \| \| \| \| \|	this way we never change cwd, and relative filenames are always parsed consistently. this also helps filename construction in many places. this patch also changes '--root' to override location of all configuration to be in the new root. previously it depended on the file which one was used.
*	tar: make checksumming of inner files conditional	Timo Teras	2009-07-29	1	-2/+5
\| \| \| \| \|	and force checksumming only when unpacking archive. otherwise it's extra computation for nothing.
*	various: new style index generation	Timo Teras	2009-07-16	1	-2/+3
\| \| \| \| \| \|	change the index generation to do old index, or the new style index where package identity is sha1 of control block and it's contained within an .tar.gz to allow signing in future.
*	gzip: always autoclose the inner stream	Timo Teras	2009-07-16	1	-1/+0
\|
*	db: live with sha1 and md5	Timo Teras	2009-07-14	1	-1/+2
\| \| \| \|	this also convers scripts file to a tar archive.
*	fetch: new applet to download .apk files	Timo Teras	2009-04-15	1	-2/+0
\| \| \| \|	Fixes #24.
*	various: make fancy progress bar and update todo	Timo Teras	2009-01-07	1	-1/+2
\|
*	db: compressed index file	Timo Teras	2008-11-27	1	-1/+0
\|
*	db: checksum installed files, protect config files	Timo Teras	2008-11-14	1	-15/+3
\| \| \| \| \| \| \|	Checksum of installed is computed on the fly when extracting them and it'll be saved to fdb. When installing config files those are diverted with suffix .apk-new if earlier version of same file with local changes exist.
*	use zlib internally to decompress	Timo Teras	2008-11-07	1	-9/+12
\|
*	Initial commit of some stuff written so far. Still in state of flux. Expect	Timo Teras	2008-04-17	1	-0/+42
	breakage and major changes.