Commit Graph

1449 Commits (3a194ea5d792a1c34ce561c04bf0fa7e575aa949)

Author SHA1 Message Date
Timo Teräs d89c219173 reduce misuse of error codes from errno.h 2021-06-19 16:10:13 +03:00
Timo Teräs 17684141fe crypto: improve compatibility
EVP_MD_CTX_set_pkey_ctx() is fairly new openssl function, and not
existing in many alternative. Use EVP_MD_CTX_reset() which is slightly
more heavy but more portable. Add also signature buffer lengths to
work with RSA.
2021-06-19 14:43:22 +03:00
Timo Teräs 8d92f9f2ae mkpkg: ignore special files with warning instead of erroring 2021-06-19 14:27:10 +03:00
Timo Teräs 2eba7f2af7 fixup some includes
- remove unneeded assert.h
- add needed limits.h
2021-06-19 14:25:54 +03:00
Rodrigo Lourenço b980ed8522 Document apk-search
Fixes #10746.
2021-06-19 11:06:32 +00:00
Timo Teräs ee21625839 Remove AUTHORS section from man pages
Use of an AUTHORS section is strongly discouraged. Generally, it
is better not to clutter every page with a list of (over time
potentially numerous) authors.

Add your name to comments in sources, or the root level AUTHORS
file instead.
2021-06-19 14:02:16 +03:00
Timo Teräs d02b1030e9 update Makefile to include new v3 code and applets 2021-06-14 14:17:29 +03:00
Timo Teräs aeeb119fd8 crypto: make EVP_MD_CTX_FLAG_FINALISE optional
Improves compatibility with libressl, wolfssl and older openssl
libraries not having the flag. Usage of this is optional as it's
purely performance optimization related flag.
2021-06-12 08:40:53 +03:00
Timo Teräs 4403e7ec32 fix glibc build of crypto abstraction header 2021-06-11 13:51:13 +03:00
Timo Teräs 2f58322c70 fix makefile build after crypto abstraction work 2021-06-11 13:49:33 +03:00
Timo Teräs fb3d3c5e4a extract: add experimental support for uvol volumes 2021-06-11 13:35:32 +03:00
Timo Teräs 91cb2514e4 extract: new applet to extract v2 packages 2021-06-11 13:35:32 +03:00
Timo Teräs 7ce4cc4b73 add basic abstraction for cryptographic operations
- basic digesting and signing apis (subject still to fine tuning)
- update digest code, and adb signing for the thin wrapping layer
- old v1 package and database handling not updated
- default mkpkg file hash to sha256

ref #10744
2021-06-11 13:35:32 +03:00
Timo Teräs 7c9f001cda mkpkg: new applet to create v2 packages with basic functionality 2021-06-11 13:35:32 +03:00
Timo Teräs cd9aef8f7c genadb: fix maximum inner adb limit checking 2021-06-11 13:35:32 +03:00
Sören Tempel 429e5984c5 Disable progress bar on dumb terminals by default
The progress bar requires the terminal emulator to support ANSI escape
sequences. Normally, TERM is set to dumb to indicate that the terminal
emulator doesn't support any ANSI escape sequences. Attempting to use
ANSI escape sequences on dumb terminals will lead to weird output. In
order to make apk work by default, even on dumb terminals, this commit
introduces an additional check which consults $TERM and disables the
progress bar if it is set to "dumb".
2021-05-31 02:35:52 +02:00
Timo Teräs 1456296b43 add adbgen applet to generate databases from it's text dump 2021-06-02 22:35:58 +03:00
Timo Teräs 209201bc5d add abstraction to adb "walking" - a sax like API to enumerate whole db
This converts 'adbdump' applet to generate adb_walk api callbacks,
and implement gentext backend to generate the yaml-like text output.
2021-05-26 12:47:48 +03:00
Timo Teräs 7167bc9e7b solver: don't consider requirer count for preference
The original intent was to choose packages to which there is most
dependencies. However, since the code has evolved this is has been
mostly obsolete. And in fact now interferes with the provides and
provides priority mechanism. Remove this as obsolete.

Fixes #10742
2021-05-19 16:29:55 +03:00
Timo Teräs f7143c1766 io_archive: add bounds limit for uname and gname tar header fields
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so
proper length checking is done and honored.

==31584== Conditional jump or move depends on uninitialised value(s)
==31584==    at 0x5C8CA5: strlen (strlen.c:17)
==31584==    by 0x432575: APK_BLOB_STR (apk_blob.h:79)
==31584==    by 0x4350EB: apk_resolve_uid (io.c:1112)
==31584==    by 0x43696C: apk_tar_parse (io_archive.c:152)
==31584==    by 0x4271BC: apk_pkg_read (package.c:929)
==31584==    by 0x402D75: add_main (app_add.c:163)
==31584==    by 0x40D5FF: main (apk-static.c:516)

Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139.

Reported-by: Sören Tempel <soeren+git@soeren-tempel.net>
Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-12 15:30:14 +03:00
Timo Teräs 4bcd792194 io: fix fd leak in error handling paths
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in
case fdopen/fdopendir fails. Additionally this does not rely on fdopen
to fail if openat() returned -1, making sure that we don't call any
syscalls with invalid file handle.
2021-04-11 15:06:49 +03:00
Sören Tempel 1b954e4120 Fix segfault in log_internal if prefix is APK_OUT_LOG_ONLY
This commit fixes a regression which was introduced in changeset
646c834492. If apk_out_fmt() is called
while out->log is set and prefix is set to APK_OUT_LOG_ONLY, then
apk_out_fmt() would pass this prefix to log_internal() which would, in
turn, attempt to write it to standard out using fprintf().
Unfortunately, doing so wont work as intended if prefix is ((char*)-1)
(i.e. APK_OUT_LOG_ONLY) and will cause a segmentation fault instead.

This commit fixes this segmentation fault by not printing the prefix in
log_internal() if it is either NULL or APK_OUT_LOG_ONLY.
2021-04-02 12:22:25 +02:00
Drew DeVault 646c834492 Log to /var/log/apk.log
This adds a log file at /var/log/apk.log. On each run, apk's version
information and the current date & time are written to this file,
followed by any normal apk output.
2021-03-19 12:26:15 +00:00
Ariadne Conill 4fe5ac8328 database: do not chroot(".") unless actually necessary
If we use default root (/), then we do not have to chroot to run scripts.
Use APK_NO_CHROOT flag for this scenario to avoid the chroot.  This helps
with using apk with bwrap and OSTree.

Closes #10736.
2021-03-19 10:28:55 +00:00
Timo Teräs 511621438d del: report correctly package's provides names
The code assumed that when package is in world, it would be there
by it's primary name. The code is now updated to properly print the
package names that are actually present in world.

fixes #10718
2021-03-19 12:08:46 +02:00
Timo Teräs bc0ed3774a libfetch: send Proxy-Authorization also for https connect
fixes #10738
2021-03-16 16:22:11 +02:00
Martin Vahlensieck 8e993fe969 Use correct port when redirected
If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit:
7158474 libfetch: keep http auth only if redirect is for the same host
2021-03-13 12:53:20 +02:00
Timo Teräs 361eb063c6 db: fix control character check to use uint8_t
fixes #10737
2021-02-07 23:43:48 +02:00
Timo Teräs 1a4f2e94dd db: consider control characters in filename as malicious
Especially a newline can produce havoc in the database file as
the filename is written there as-is. This hardenes the extraction
to consider any control character as malicious. Additional
hardening is added to database loading to better detect corrupt
state and return proper error code about it.

Reported-by: Luca Weiss <luca@z3ntu.xyz>
2021-02-04 22:30:26 +02:00
Olliver Schinagl f6656f9d8e io: Handle really long lines
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021
+0100) did attempt to address this issue, the buffer really is still to
small when dealing with big-big dependency lists.

Lets make it sufficiently large for now, until the new APKINDEX format
can support multi-line dependencies, making this not needed any more.

[TT: Originally the buffer size was conservative to run on resource
constrained embedded platforms. But since the available memory on those
has also increased much, the adjustment to 128kB makes sense also to
increase performance a little bit. Removing also the iolimit test.]

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-02-04 21:45:58 +02:00
Timo Teräs b43da45bc3 gunzip: fix false end-of-file condition in rare circumstances
It turns out inflate() can output zero bytes, even if it consumed
data. This had the unfortunate side effect of returning zero bytes
(end-of-file) condition before calling the boundary callbacks. This
fixes the logic to not return zero reads on gzip boundary.

In practice this fixes the seldom seen issues of apk reporting
bad signature (when it was correct).
2021-02-04 21:38:30 +02:00
Rosen Penev c4c8aa5ba0 fix compilation without deprecated OpenSSL APIs
(De)initialization is deprecated under OpenSSL 1.0 and above.

[TT: Some simplifications, and additional edits.]

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-27 09:13:07 +02:00
Timo Teräs bcbcbfc1fc libfetch: harden URL parsing
Treat URLs with too long individual components as malformed instead
of silently truncating that field. There might be unexpected results
if hostname, username or password field gets truncated.
2021-01-19 17:51:13 +02:00
Timo Teräs acca5cbff0 libfetch: fix connection pooling for proxied http/https requests
The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.
2021-01-19 16:42:38 +02:00
Timo Teräs d430a98976 libfetch: fix use-after-free in connection cache management
fixes #10734
2021-01-19 16:10:08 +02:00
Conny Seifert 4087ab92c4 libfetch: fix parsing of proxy response to CONNECT requests
Instead of skipping just one line, properly parse the response headers.

[TT: reworded commit message]
2021-01-19 12:08:52 +02:00
Timo Teräs 167fd86794 libfetch: support for CIDR subnets in no_proxy/NO_PROXY
This enables matching numeric hosts against CIDR style subnet
matches in no_proxy environment variable.

Based on work by Thermi.

Co-authored-by: Noel Kuntze <noel.kuntze@thermi.consulting>
2021-01-17 15:04:17 +02:00
Timo Teräs ae7c4451d5 man info: --install-if and --rinstall-if do not have short options
Commit e4aae45f removed the short options. Update the documentation.

Fixes #10733
2021-01-17 15:02:25 +02:00
thibault.ferrante 7a3e8f4214 database.c: Fixed package DESCRIPTION parsing
Regression introduced by 0fb0d30 which makes parsing a description
a critical failure.

[TT: Minor stylistic change. Fix also missing final line change
from the earlier commit]
2021-01-14 16:19:26 +02:00
thibault.ferrante 18b0b45b5b io: Handle long lines
As an APKINDEX can become arbitrarely long due to dependencies and
other parameters, increasing the buffer size make this less likely
to happens.

Closes #10731.
2021-01-11 11:26:49 +02:00
thibault.ferrante 0fb0d30477 database: Propagate errors when loading an APKINDEX
In case of failure when loading an APKINDEX, no errors are
propagated to the user which may uncorrectly interpret the
current problem.
2021-01-11 11:26:49 +02:00
Mike Detwiler b58d79e78f libfetch: Increase URL password length
Signed-off-by: Mike Detwiler <det@shift5.io>
2021-01-08 10:55:37 +02:00
Alex Denes 9e9a9a2e71 apk_update: use URL_PRINTF 2020-12-29 13:52:29 +02:00
Alex Denes 223e999016 manual: Add missing r 2020-11-11 09:05:22 +02:00
Alex Denes ecdd24e4b2 manual: Fix wrong argument name 2020-11-10 10:51:34 +02:00
Timo Teräs da8d83338b add missing apk_trust.h 2020-10-09 16:18:23 +03:00
Timo Teräs 705e002bb0 rename adb_trust to apk_trust, and use it as package signature keystore too 2020-10-09 16:09:19 +03:00
Timo Teräs a627ab8eb8 make apk_database optional for applets that don't need it
The new v3 applets don't use it, and eventually all applets will
use the new formats only.

This prepares the code for this, and moves trust, id_cache, and
root_fd to apk_ctx which is enough for v3 applets at this time.

The generic code is made to not initialize apk_database if it's
not needed.
2020-10-09 16:09:19 +03:00
Timo Teräs 354713d2f7 rename apk_db_options to apk_ctx, rework logging
makes apk_verbosity non-global

fixes #10682
2020-10-09 16:09:19 +03:00
Timo Teräs 7a7eca8670 make apk_flags non-global, make progress printing state non-global
ref #10682
2020-10-09 16:09:19 +03:00