Add riscv64 to apk_defines.h
e2b4bde4 — Timo Teräs 3 years ago
bd8967bc — Timo Teräs 3 years ago
Revert "move --simulate to global options"

This reverts commit 358f703b76ece639e5d3634f677e0b345b1b9f89.

The short option -s conflicts info --size and fetch --stdout.
Revert this for now.
0565e9bb — Timo Teräs 3 years ago
fix orphan package handling for certain provides cases
47570f80 — Timo Teräs 3 years ago
prefer selecting packages by their primary name
a86c8ed0 — Timo Teräs 3 years ago
fix package preference based on it's conflicts in --latest mode

remove also redundant pkg_selectable check in repair mode.
8fa193ec — Timo Teräs 3 years ago
c3fe426d — Timo Teräs 3 years ago
fix short option string to be nil terminated
b06e3b99 — Timo Teräs 3 years ago
fix error reporting for virtual package addition

Move addition of virtual package after the dependencies have been parsed
as then the reverse dependency structers can be populated correctly.
31338aff — Timo Teräs 3 years ago
don't report virtual packages as masked
22abda2a — Timo Teräs 3 years ago
inhibit printing same 'required by' dependency multiple times

this would happen if same package matched multiple times due to
multiple provided names.
59271f8c — Timo Teräs 3 years ago
print: don't print spurious newlines
f38d1f74 — Timo Teräs 3 years ago
fix xattr hash to be sha1

The hash type was accidentally changed in previous commit. Currently
csum->data cannot hold longer hash, so fix the hash.
beab8545 — Timo Teräs 3 years ago
add support for openssl 1.1
40ffdfe6 — Timo Teräs 3 years ago
apk: fix all_options array size off-by-one

merge_options() will write one more entry to the options table
which is the end-of-table indicator. Allocate memory for it too.
valgrind did not pick it up due to being in stack; changing alloca
to malloc would make valgrind notice the issue too.

Reported-by: Mobile Stream <info@mobile-stream.com>
0e3be0fd — Timo Teräs 3 years ago
cache: support --latest and --upgrade to affect download policy
358f703b — Timo Teräs 3 years ago
move --simulate to global options

there are several applets that support simulation but are not
committing changes to database
4c6fc814 — Timo Teräs 3 years ago
add: add --latest flag to help analyze why upgrade fails
11bd821c — Timo Teräs 3 years ago
6484ed98 — Timo Teräs 3 years ago
rework unpacking of packages and harden package file format requirements

A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.

Several hardening steps are implemented to avoid this:
 - the temporary file is now always first unlinked (apk thus reserved
   all filenames .apk.* to be it's working files)
 - the temporary file is after that created with O_EXCL to avoid races
 - the temporary file is no longer directly the archive entry name
   and thus directly controlled by potentially untrusted data
 - long file names and link target names are now rejected
 - hard link targets are now more rigorously checked
 - various additional checks added for the extraction process to
   error out early in case of malformed (or old legacy) file

Reported-by: Max Justicz <max@justi.cz>