Commit Graph

1360 Commits (50ab589e9a5a84592ee4c0ac5a49506bb6c552fc)

Author SHA1 Message Date
Timo Teräs 50ab589e9a version: increase number of digits supported in version component
Report also version numbers as invalid if there's more than 18
digits.

fixes #10774
2021-10-25 13:30:40 +03:00
Timo Teräs d38e2dd65a enable uvol support by default 2021-10-04 15:05:38 +03:00
Timo Teräs 9f07a3447e adb: fix --allow-untrusted to work again
and fix the error code if untrusted adb is seen
2021-09-13 13:18:17 +03:00
Alex Xu (Hello71) a278d11287 test: improve posix sh compatibility 2021-09-03 15:02:12 +03:00
Timo Teräs 984cd3e0b6 extract: remove redundant file unlink on failure path
apk_extract_file() already calls unlink if the error is fatal.
2021-09-03 13:47:04 +03:00
Timo Teräs fd42c073bf extract: pass root object instead of database 2021-09-03 13:44:48 +03:00
Alex Xu (Hello71) bd15683670 add: warn when creating empty virtual packages
see https://gitlab.alpinelinux.org/alpine/aports/-/issues/11736

[TT: minor stylistic change]
2021-09-03 13:24:39 +03:00
Paul Spooren 9b3e68d4ba tar: include missing limits.h
Without this header the build fails when used as a OpenWrt build
dependency.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-08-24 11:54:24 -10:00
Timo Teräs 7436193885 mkpkg: add support for scripts and triggers 2021-08-23 17:02:50 +03:00
Timo Teräs 99fa1fb797 trust: always use have valid struct apk_trust *
Make sure we always have valid struct apk_trust * for code using it.

Load the signing keys directly when being specified to produce
sane error message if loading them fails.
2021-08-23 17:02:50 +03:00
Timo Teräs 72d8cb8937 remove IS_ERR_OR_NULL
In most places where pointer can be an 'error' it cannot be null
pointer. Further, in those cases just calling PTR_ERR() is not enough
to handle the null case. Simplify code by removing this case.

If NULL case needs to be handled, it's better to add separate check
and return fixed error code in that case.
2021-08-23 17:02:50 +03:00
Timo Teräs 91085a4874 extract: support v3 index verification 2021-08-23 17:02:50 +03:00
Timo Teräs da7264733d tar: improve compatibility
- check magic field for 'ustar' on read
- harden get_octal to report errors on non-octal characters
  (e.g. GNU base256 encoding), fixes #10757
- fix mtime and size octal fields to not have zero terminator
2021-08-23 17:02:46 +03:00
Timo Teräs 33c1de8ea1 db: honor SOURCE_DATE_EPOCH for scriptdb
fixes #10762
2021-08-23 11:11:29 +03:00
Timo Teräs ba0e2b579d list: recognize both --upgradable and --upgradeable
fixes #10759
2021-08-23 11:07:50 +03:00
Timo Teräs a46043bcc4 extract: fix directory handling
'is' is null for directories
2021-08-17 13:58:20 +03:00
Timo Teräs f446f2253d extract: fix --force-overwrite
Directories are handled specially in package installation code, but
extract applet uses also apk_extract_file() to create directories.
These should not be unlinked as that fails with unexpected error code
terminating the extraction.
2021-08-03 21:47:19 +03:00
Timo Teräs b30e94c0ac libfetch: fix http chunked mode handling
Unbreak handling of base 16 in fetch_parseuint(). It is used
only in http chunked mode handling.

Fixes: "libfetch: fix range checking for http/ftp protocol parsing"
2021-08-03 21:33:49 +03:00
Timo Teräs aa44cfac05 extract: fix extracting untrusted package 2021-08-03 21:21:43 +03:00
Timo Teräs a0e59e0897 manifest: support v3 packages 2021-07-30 18:30:44 +03:00
Timo Teräs 727ecc440c verify: support v3 packages 2021-07-30 18:06:34 +03:00
Timo Teräs d3e71bb406 mkndx: support v3 packages 2021-07-30 17:54:30 +03:00
Timo Teräs f61eba0627 extract: use extraction api, and implement it for v3 packages
The extract applet now works with both v2 and v3 packages.
2021-07-30 17:54:25 +03:00
Timo Teräs 5843daf7a1 Further refactor extract API to have separate ops vtable
This splits the callbacks by type, and further prepares the API
to be usable for v3 files too.
2021-07-27 16:28:22 +03:00
Timo Teräs 9c843e4ecd Refactor .apk extraction code
This moves and isolates the tar code to tar.c. And the actual
file extraction to disk is moved to extract.c.

A new API is introduced and used for v2 file extraction. This
essentially moves and isolates the apk_sign_ctx_* beast into
extract_v2.c and offers a saner interface to handling packages.

A place holder is added for v3 extraction.
2021-07-27 14:09:38 +03:00
Timo Teräs 2d4e88aeb1 extract: fix handling of error of regular file extraction
fix the error checking, allow --force-overwrite to work and
do not delete existing file in case of error
2021-07-26 21:08:09 +03:00
Timo Teräs ca1d975e5e libfetch: fix range checking for http/ftp protocol parsing
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
2021-07-26 14:43:14 +03:00
Timo Teräs 003e713502 adb: fix some error handling paths 2021-07-26 14:23:49 +03:00
Timo Teräs 083ea5a13b db: add some error checking to database state write
Make errors more observable. Unfortunately full rollback is
non-trivial to implement. This is something to be fixed with
the v3 database format.
2021-07-26 14:10:07 +03:00
Samanta Navarro d212aca070 db: fix installed db writing with long names
Packages containing files with path names longer than 1024 characters
cannot fit into the buffer which is used to write "installed" database.
This leads to bbuf being APK_BLOB_NULL in apk_db_write_fdb because
apk_blob_push_blob notices the condition and correctly handles it.

The problem occurs when arguments to apk_ostream_write are manually
calculated by pointer arithmetics. Since bbuf.ptr is NULL in such a
case, bbuf.ptr - buf leads to a huge size value while buf still points
into the stack.

fixes #10751

[TT: minor edit to commit and abbreviating the commit message]
2021-07-26 13:36:28 +03:00
Timo Teräs aca77e8410 Use __attribute__ ((format)) where possible and fix issues found by it 2021-07-26 10:25:23 +03:00
Timo Teräs 62e1cba691 adb: adb_walk_adb fix out of boundary write
If a signature is longer than max allowed adb signature length
then adb_walk_block writes out of boundary of stack variable tmp.

The len += snprintf is not safe per standard snprintf implementation
(kernel does it differently). Introduce and use apk_blob_push_fmt
which does the checking better.

Fixes #10752

Reported-by: Samanta Navarro <ferivoz@riseup.net>
2021-07-26 10:19:20 +03:00
kpcyrd 90228c4d26 io_archive: Use SOURCE_DATE_EPOCH for meta files instead of current time
[TT: minor stylistic changes]
2021-07-25 09:01:52 +03:00
Timo Teräs c1405f9311 adb: fix error handling of non-adb files 2021-07-25 08:52:43 +03:00
Timo Teräs 3d203e8f5f db: allow read-only operations without cache
fixes #10748
2021-07-23 14:39:38 +03:00
Timo Teräs a0e9c909f7 extract: rework uvol name logic
Add uvol_name to struct apk_file_info so it can be passed down
the extract callbacks in future work. Modify uvol name to not
include the path, but just the filename portion.
2021-07-23 13:51:12 +03:00
Daniel Golle 6c41c6f32e extract: fix uvol parameter order 2021-07-23 13:37:17 +03:00
Timo Teräs 33e85fb1f1 extract: remove unneeded argument from uvol_extract 2021-07-22 16:14:49 +03:00
Timo Teräs e6b7fa49ce adb: add a small adb blob header with versions and root object 2021-07-22 16:14:49 +03:00
Timo Teräs e2ebd761a5 adb: refactor struct adb_header to adb_file_header
In struct adb, do not keep the whole header, just the schema
in host byte order.
2021-07-22 16:14:49 +03:00
Timo Teräs 2f1186aa40 adb: make adb mmap/stream parser more united, add ADB_BLOCK_DATAX
Harden the error checking of expected block types and their order.
Add ADB_BLOCK_DATAX as reserved for >1GB blocks.
2021-07-22 16:14:49 +03:00
Timo Teräs 05364528bb adb, convndx: check istream_close result 2021-07-22 15:30:08 +03:00
Timo Teräs 7e585512f4 io: make apk_istream_get/read() fail on incomplete read 2021-07-22 15:30:08 +03:00
Timo Teräs 395e92b66e io: formalize apk_ostream_write() always writing full data 2021-07-22 15:30:08 +03:00
Timo Teräs 796d298313 rework apk_istream_splice and apk_istream_tee
- apk_istream_splice usage is converted to apk_stream_copy which
  is the newer variant. With caching enabled by default, this
  makes more sense mmapping or using separate buffers.

- apk_istream_tee is reworked to write to apk_ostream, which simplifies
  quite a bit of various things
2021-07-22 15:30:08 +03:00
Timo Teräs b559a81694 io: rework apk_istream_get_* to not return erros in blob value
The interface was slightly cumbersome, so replace these functions
to return explicit error, and make the return blob a pointer arg.
2021-07-22 15:30:08 +03:00
Timo Teräs 94c5e01038 adb: remove the now unused get_default_int() hook
It is no longer needed, and can be later reintroduced if needed.
2021-07-22 15:30:08 +03:00
Timo Teräs 3b00c0dc80 adb: unify various interfaces to adb_m_process
Removes code duplication, and puts important checks in one place.
Support seamless decompression in adbdump.
2021-07-22 15:30:08 +03:00
Timo Teräs 69bcdd23b9 adbsign: support compressed adb files 2021-07-22 15:30:08 +03:00
Timo Teräs 7af34db6cf adb: support seamless de/compression of adb files
Add compression header of adb files. Support uncompressed and
deflate compression at this time.
2021-07-22 15:30:08 +03:00