Commit Graph

1433 Commits (10d00430636266d7bb70caacbd3e0642b3f70ceb)

Author SHA1 Message Date
Timo Teräs 1456296b43 add adbgen applet to generate databases from it's text dump 2021-06-02 22:35:58 +03:00
Timo Teräs 209201bc5d add abstraction to adb "walking" - a sax like API to enumerate whole db
This converts 'adbdump' applet to generate adb_walk api callbacks,
and implement gentext backend to generate the yaml-like text output.
2021-05-26 12:47:48 +03:00
Timo Teräs 7167bc9e7b solver: don't consider requirer count for preference
The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.

Fixes #10742
2021-05-19 16:29:55 +03:00
Timo Teräs f7143c1766 io_archive: add bounds limit for uname and gname tar header fields
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.

==31584== Conditional jump or move depends on uninitialised value(s)
==31584==    at 0x5C8CA5: strlen (strlen.c:17)
==31584==    by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584==    by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584==    by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584==    by 0x4271BC: apk_pkg_read (package.c:929)
==31584==    by 0x402D75: add_main (app_add.c:163)
==31584==    by 0x40D5FF: main (apk-static.c:516)

Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.

Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-12 15:30:14 +03:00
Timo Teräs 4bcd792194 io: fix fd leak in error handling paths
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.
2021-04-11 15:06:49 +03:00
Sören Tempel 1b954e4120 Fix segfault in log_internal if prefix is APK_OUT_LOG_ONLY
This commit fixes a regression which was introduced in changeset
646c834492. If apk_out_fmt() is called
while out->log is set and prefix is set to APK_OUT_LOG_ONLY, then
apk_out_fmt() would pass this prefix to log_internal() which would, in
turn, attempt to write it to standard out using fprintf().
Unfortunately, doing so wont work as intended if prefix is ((char*)-1)
(i.e. APK_OUT_LOG_ONLY) and will cause a segmentation fault instead.

This commit fixes this segmentation fault by not printing the prefix in
log_internal() if it is either NULL or APK_OUT_LOG_ONLY.
2021-04-02 12:22:25 +02:00
Drew DeVault 646c834492 Log to /var/log/apk.log
This adds a log file at /var/log/apk.log. On each run, apk's version
information and the current date & time are written to this file,
followed by any normal apk output.
2021-03-19 12:26:15 +00:00
Ariadne Conill 4fe5ac8328 database: do not chroot(".") unless actually necessary
If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot.  This helps
with using apk with bwrap and OSTree.

Closes #10736.
2021-03-19 10:28:55 +00:00
Timo Teräs 511621438d del: report correctly package's provides names
The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.

fixes #10718
2021-03-19 12:08:46 +02:00
Timo Teräs bc0ed3774a libfetch: send Proxy-Authorization also for https connect
fixes #10738
2021-03-16 16:22:11 +02:00
Martin Vahlensieck 8e993fe969 Use correct port when redirected
If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit:
7158474 libfetch: keep http auth only if redirect is for the same host
2021-03-13 12:53:20 +02:00
Timo Teräs 361eb063c6 db: fix control character check to use uint8_t
fixes #10737
2021-02-07 23:43:48 +02:00
Timo Teräs 1a4f2e94dd db: consider control characters in filename as malicious
Especially a newline can produce havoc in the database file as
the filename is written there as-is. This hardenes the extraction
to consider any control character as malicious. Additional
hardening is added to database loading to better detect corrupt
state and return proper error code about it.

Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-02-04 22:30:26 +02:00
Olliver Schinagl f6656f9d8e io: Handle really long lines
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021
+0100) did attempt to address this issue, the buffer really is still to
small when dealing with big-big dependency lists.

Lets make it sufficiently large for now, until the new APKINDEX format
can support multi-line dependencies, making this not needed any more.

[TT: Originally the buffer size was conservative to run on resource
constrained embedded platforms. But since the available memory on those
has also increased much, the adjustment to 128kB makes sense also to
increase performance a little bit. Removing also the iolimit test.]

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-02-04 21:45:58 +02:00
Timo Teräs b43da45bc3 gunzip: fix false end-of-file condition in rare circumstances
It turns out inflate() can output zero bytes, even if it consumed
data. This had the unfortunate side effect of returning zero bytes
(end-of-file) condition before calling the boundary callbacks. This
fixes the logic to not return zero reads on gzip boundary.

In practice this fixes the seldom seen issues of apk reporting
bad signature (when it was correct).
2021-02-04 21:38:30 +02:00
Rosen Penev c4c8aa5ba0 fix compilation without deprecated OpenSSL APIs
(De)initialization is deprecated under OpenSSL 1.0 and above.

[TT: Some simplifications, and additional edits.]

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-27 09:13:07 +02:00
Timo Teräs bcbcbfc1fc libfetch: harden URL parsing
Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.
2021-01-19 17:51:13 +02:00
Timo Teräs acca5cbff0 libfetch: fix connection pooling for proxied http/https requests
The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.
2021-01-19 16:42:38 +02:00
Timo Teräs d430a98976 libfetch: fix use-after-free in connection cache management
fixes #10734
2021-01-19 16:10:08 +02:00
Conny Seifert 4087ab92c4 libfetch: fix parsing of proxy response to CONNECT requests
Instead of skipping just one line, properly parse the response headers.

[TT: reworded commit message]
2021-01-19 12:08:52 +02:00
Timo Teräs 167fd86794 libfetch: support for CIDR subnets in no_proxy/NO_PROXY
This enables matching numeric hosts against CIDR style subnet
matches in no_proxy environment variable.

Based on work by Thermi.

Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>
2021-01-17 15:04:17 +02:00
Timo Teräs ae7c4451d5 man info: --install-if and --rinstall-if do not have short options
Commit e4aae45f removed the short options. Update the documentation.

Fixes #10733
2021-01-17 15:02:25 +02:00
thibault.ferrante 7a3e8f4214 database.c: Fixed package DESCRIPTION parsing
Regression introduced by 0fb0d30 which makes parsing a description
a critical failure.

[TT: Minor stylistic change. Fix also missing final line change
from the earlier commit]
2021-01-14 16:19:26 +02:00
thibault.ferrante 18b0b45b5b io: Handle long lines
As an APKINDEX can become arbitrarely long due to dependencies and
other parameters, increasing the buffer size make this less likely
to happens.

Closes #10731.
2021-01-11 11:26:49 +02:00
thibault.ferrante 0fb0d30477 database: Propagate errors when loading an APKINDEX
In case of failure when loading an APKINDEX, no errors are
propagated to the user which may uncorrectly interpret the
current problem.
2021-01-11 11:26:49 +02:00
Mike Detwiler b58d79e78f libfetch: Increase URL password length
Signed-off-by: Mike Detwiler <det@shift5.io>
2021-01-08 10:55:37 +02:00
Alex Denes 9e9a9a2e71 apk_update: use URL_PRINTF 2020-12-29 13:52:29 +02:00
Alex Denes 223e999016 manual: Add missing r 2020-11-11 09:05:22 +02:00
Alex Denes ecdd24e4b2 manual: Fix wrong argument name 2020-11-10 10:51:34 +02:00
Timo Teräs da8d83338b add missing apk_trust.h 2020-10-09 16:18:23 +03:00
Timo Teräs 705e002bb0 rename adb_trust to apk_trust, and use it as package signature keystore too 2020-10-09 16:09:19 +03:00
Timo Teräs a627ab8eb8 make apk_database optional for applets that don't need it
The new v3 applets don't use it, and eventually all applets will
use the new formats only.

This prepares the code for this, and moves trust, id_cache, and
root_fd to apk_ctx which is enough for v3 applets at this time.

The generic code is made to not initialize apk_database if it's
not needed.
2020-10-09 16:09:19 +03:00
Timo Teräs 354713d2f7 rename apk_db_options to apk_ctx, rework logging
makes apk_verbosity non-global

fixes #10682
2020-10-09 16:09:19 +03:00
Timo Teräs 7a7eca8670 make apk_flags non-global, make progress printing state non-global
ref #10682
2020-10-09 16:09:19 +03:00
Timo Teräs 9afb4e8fd1 make apk_force non-global, remove left-over apk_arch
ref #10682
2020-10-09 16:09:19 +03:00
Timo Teräs b2af872fff db: convert repository list to a string array 2020-10-09 16:09:19 +03:00
Timo Teräs 010497cb5a add separate vertest applet for version string testing
start adding meson based tests
2020-10-09 16:09:19 +03:00
Timo Teräs 6d71f49c11 io: make ostream_file always use tmpname 2020-10-09 16:09:19 +03:00
Timo Teräs 2156107afc minor performance improvements on build and code 2020-10-09 16:09:19 +03:00
Timo Teräs f9f8594069 adb: improve sorting features, sort installed-db package listing 2020-10-09 16:09:19 +03:00
Timo Teräs e9caeff22b build: adopt meson build for v3 branch 2020-10-09 16:09:19 +03:00
Rasmus Thomsen f86829dc92 ci: also install static deps 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 0cfa6cfb83 build: make sure to use helper scripts from git tree and not system 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 1b168696aa build: use tabs for meson files 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 1bbdc8eb37 build: add option to build apk.static binary 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 7375327fbd ci: add test for meson 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 8a11ac3952 build: add atom.c to meson 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 7f4591333d scripts: add script to generate APK cross file 2020-10-09 16:09:19 +03:00
Rasmus Thomsen f6795011ca build: allow building without help in meson 2020-10-09 16:09:19 +03:00
Rasmus Thomsen 718e07f78a build: build help.h with meson 2020-10-09 16:09:19 +03:00