Add riscv64 to apk_defines.h
fix orphan package handling for certain provides cases
prefer selecting packages by their primary name
fix package preference based on it's conflicts in --latest mode
remove also redundant pkg_selectable check in repair mode.
fix short option string to be nil terminated
fix error reporting for virtual package addition
Move addition of virtual package after the dependencies have been parsed
as then the reverse dependency structers can be populated correctly.
don't report virtual packages as masked
inhibit printing same 'required by' dependency multiple times
this would happen if same package matched multiple times due to
multiple provided names.
print: don't print spurious newlines
fix xattr hash to be sha1
The hash type was accidentally changed in previous commit. Currently
csum->data cannot hold longer hash, so fix the hash.
add support for openssl 1.1
apk: fix all_options array size off-by-one
merge_options() will write one more entry to the options table
which is the end-of-table indicator. Allocate memory for it too.
valgrind did not pick it up due to being in stack; changing alloca
to malloc would make valgrind notice the issue too.
Reported-by: Mobile Stream <firstname.lastname@example.org>
cache: support --latest and --upgrade to affect download policy
move --simulate to global options
there are several applets that support simulation but are not
committing changes to database
add: add --latest flag to help analyze why upgrade fails
rework unpacking of packages and harden package file format requirements
A crafted .apk file could to trick apk writing unverified data to
an unexpected file during temporary file creation due to bugs in handling
long link target name and the way a regular file is extracted.
Several hardening steps are implemented to avoid this:
- the temporary file is now always first unlinked (apk thus reserved
all filenames .apk.* to be it's working files)
- the temporary file is after that created with O_EXCL to avoid races
- the temporary file is no longer directly the archive entry name
and thus directly controlled by potentially untrusted data
- long file names and link target names are now rejected
- hard link targets are now more rigorously checked
- various additional checks added for the extraction process to
error out early in case of malformed (or old legacy) file
Reported-by: Max Justicz <email@example.com>