Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apk-tools for openSUSE:Factory checked in at 2026-03-14 22:22:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apk-tools (Old) and /work/SRC/openSUSE:Factory/.apk-tools.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apk-tools" Sat Mar 14 22:22:59 2026 rev:6 rq:1338868 version:3.0.5 Changes: -------- --- /work/SRC/openSUSE:Factory/apk-tools/apk-tools.changes 2026-02-06 19:18:06.823733783 +0100 +++ /work/SRC/openSUSE:Factory/.apk-tools.new.8177/apk-tools.changes 2026-03-14 22:24:26.302208945 +0100 @@ -1,0 +2,23 @@ +Thu Mar 12 17:03:43 UTC 2026 - Martin Hauke <[email protected]> + +- Update to version 3.0.5: + * mkndx: fix filtering with multiple versions of matching + packages. + * mkndx: fix not matching pkgname-spec warning. + * mkndx: fix rewrite-arch error message. + * mkndx: fix a crash with missing arguments. + * additional memfd exec checks. + * io: synchronize istream buffer alignment with file offset. + * db: move initialization db->cache_fd to apk_db_init. + * db: fix 0 fd handling in more places. + * defines: generic apk_unaligned_le* implementation. + * remove 0 length array from apk_db_acl. + * convert sig to flex array. + * fix GCC14 flex array not at end warning. + * extract_v3: fix unaligned access of file mode. + * defines: rework apk_unaligned_* helpers. + * defines: align apk_array. + * Fixed an incorrect flag in the manpage for `apk-fetch`. + * io: fix invalid fetch timestamps with wget backend. + +------------------------------------------------------------------- Old: ---- apk-tools-3.0.4.tar.xz New: ---- apk-tools-3.0.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apk-tools.spec ++++++ --- /var/tmp/diff_new_pack.DQIbCf/_old 2026-03-14 22:24:26.790229162 +0100 +++ /var/tmp/diff_new_pack.DQIbCf/_new 2026-03-14 22:24:26.790229162 +0100 @@ -2,7 +2,7 @@ # spec file for package apk-tools # # Copyright (c) 2026 SUSE LLC and contributors -# Copyright (c) 2024-2025, Martin Hauke <[email protected]> +# Copyright (c) 2024-2026, Martin Hauke <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define soname 3_0_0 %define libname libapk%{soname} Name: apk-tools -Version: 3.0.4 +Version: 3.0.5 Release: 0 Summary: Alpine package manager License: GPL-2.0-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.DQIbCf/_old 2026-03-14 22:24:26.838231150 +0100 +++ /var/tmp/diff_new_pack.DQIbCf/_new 2026-03-14 22:24:26.842231315 +0100 @@ -2,7 +2,7 @@ <service name="tar_scm" mode="manual"> <param name="url">https://git.alpinelinux.org/apk-tools</param> <param name="scm">git</param> - <param name="revision">v3.0.4</param> + <param name="revision">v3.0.5</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionformat">@PARENT_TAG@</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.DQIbCf/_old 2026-03-14 22:24:26.866232310 +0100 +++ /var/tmp/diff_new_pack.DQIbCf/_new 2026-03-14 22:24:26.870232476 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://git.alpinelinux.org/apk-tools</param> - <param name="changesrevision">f40188443f6faeebe3b262f936231bfe85af9dc5</param></service></servicedata> + <param name="changesrevision">b5a31c0d865342ad80be10d68f1bb3d3ad9b0866</param></service></servicedata> (No newline at EOF) ++++++ apk-tools-3.0.4.tar.xz -> apk-tools-3.0.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/VERSION new/apk-tools-3.0.5/VERSION --- old/apk-tools-3.0.4/VERSION 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/VERSION 2026-02-25 13:15:59.000000000 +0100 @@ -1 +1 @@ -3.0.4 +3.0.5 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/doc/apk-fetch.8.scd new/apk-tools-3.0.5/doc/apk-fetch.8.scd --- old/apk-tools-3.0.4/doc/apk-fetch.8.scd 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/doc/apk-fetch.8.scd 2026-02-25 13:15:59.000000000 +0100 @@ -35,7 +35,7 @@ *--output*, *-o* _DIR_ Write the downloaded file(s) to _DIR_. -*--simulate*[=_BOOL_], *-s* +*--simulate*[=_BOOL_] Simulate the requested operation without making any changes. *Note*: this option is unreliable if needed indexes are not up-to-date diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/portability/fcntl.h new/apk-tools-3.0.5/portability/fcntl.h --- old/apk-tools-3.0.4/portability/fcntl.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/portability/fcntl.h 2026-02-25 13:15:59.000000000 +0100 @@ -12,3 +12,9 @@ #ifndef F_SEAL_WRITE #define F_SEAL_WRITE 0x0008 #endif +#ifndef F_SEAL_FUTURE_WRITE +#define F_SEAL_FUTURE_WRITE 0x0010 +#endif +#ifndef F_SEAL_EXEC +#define F_SEAL_EXEC 0x0020 +#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/adb.c new/apk-tools-3.0.5/src/adb.c --- old/apk-tools-3.0.4/src/adb.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/adb.c 2026-02-25 13:15:59.000000000 +0100 @@ -434,7 +434,7 @@ case ADB_TYPE_INT_64: ptr = adb_r_deref(db, v, 0, sizeof(uint64_t)); if (!ptr) return 0; - return le64toh(apk_unaligned_u64a32(ptr)); + return apk_aligned32_le64(ptr); default: return 0; } @@ -606,12 +606,12 @@ unsigned m, l = ADBI_FIRST, r = adb_ra_num(arr) + 1; while (l < r) { m = (l + r) / 2; - if (adb_ro_cmpobj(tmpl, adb_ro_obj(arr, m, &obj), ADB_OBJCMP_INDEX) < 0) + if (adb_ro_cmpobj(tmpl, adb_ro_obj(arr, m, &obj), ADB_OBJCMP_INDEX) <= 0) r = m; else l = m + 1; } - cur = r - 1; + cur = r; } else { cur++; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/adb.h new/apk-tools-3.0.5/src/adb.h --- old/apk-tools-3.0.4/src/adb.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/adb.h 2026-02-25 13:15:59.000000000 +0100 @@ -114,7 +114,7 @@ struct adb_sign_v0 { struct adb_sign_hdr hdr; uint8_t id[16]; - uint8_t sig[0]; + uint8_t sig[]; }; /* Schema */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/apk_database.h new/apk-tools-3.0.5/src/apk_database.h --- old/apk-tools-3.0.4/src/apk_database.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/apk_database.h 2026-02-25 13:15:59.000000000 +0100 @@ -30,7 +30,7 @@ uid_t uid; gid_t gid; uint8_t xattr_hash_len; - uint8_t xattr_hash[]; + uint8_t xattr_hash[] __attribute__((counted_by(xattr_hash_len))); } __attribute__((packed)); static inline apk_blob_t apk_acl_digest_blob(struct apk_db_acl *acl) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/apk_defines.h new/apk-tools-3.0.5/src/apk_defines.h --- old/apk-tools-3.0.4/src/apk_defines.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/apk_defines.h 2026-02-25 13:15:59.000000000 +0100 @@ -150,27 +150,29 @@ return ROUND_UP(size, 4096ULL); } -#if defined(__x86_64__) || defined(__i386__) -static inline uint32_t apk_unaligned_u32(const void *ptr) +static inline uint16_t apk_unaligned_le16(const void *ptr) { - return *(const uint32_t *)ptr; + struct unaligned16 { uint16_t value; } __attribute__((packed)); + return le16toh(((struct unaligned16 *) ptr)->value); } -static inline uint64_t apk_unaligned_u64a32(const void *ptr) + +static inline uint32_t apk_unaligned_le32(const void *ptr) { - return *(const uint64_t *)ptr; + struct unaligned32 { uint32_t value; } __attribute__((packed)); + return le32toh(((struct unaligned32 *) ptr)->value); } -#else -static inline uint32_t apk_unaligned_u32(const void *ptr) + +static inline uint64_t apk_unaligned_le64(const void *ptr) { - const uint8_t *p = ptr; - return p[0] | (uint32_t)p[1] << 8 | (uint32_t)p[2] << 16 | (uint32_t)p[3] << 24; + struct unaligned64 { uint64_t value; } __attribute__((packed)); + return le64toh(((struct unaligned64 *) ptr)->value); } -static inline uint64_t apk_unaligned_u64a32(const void *ptr) + +static inline uint64_t apk_aligned32_le64(const void *ptr) { - const uint32_t *p = ptr; - return p[0] | (uint64_t)p[1] << 32; + struct unaligned64 { uint64_t value; } __attribute__((aligned(4))); + return le64toh(((struct unaligned64 *) ptr)->value); } -#endif time_t apk_get_build_time(time_t); @@ -178,7 +180,7 @@ uint32_t num; uint32_t capacity : 31; uint32_t allocated : 1; -}; +} __attribute__((aligned(sizeof(void *)))); extern const struct apk_array _apk_array_empty; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/apk_io.h new/apk-tools-3.0.5/src/apk_io.h --- old/apk-tools-3.0.4/src/apk_io.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/apk_io.h 2026-02-25 13:15:59.000000000 +0100 @@ -82,7 +82,7 @@ unsigned int flags; struct apk_progress *prog; const struct apk_istream_ops *ops; -}; +} __attribute__((aligned(8))); typedef int (*apk_archive_entry_parser)(void *ctx, const struct apk_file_info *ae, @@ -144,6 +144,7 @@ struct apk_istream *pis; uint64_t bytes_left; time_t mtime; + uint8_t align; }; struct apk_istream *apk_istream_segment(struct apk_segment_istream *sis, struct apk_istream *is, uint64_t len, time_t mtime); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/apk_package.h new/apk-tools-3.0.5/src/apk_package.h --- old/apk-tools-3.0.4/src/apk_package.h 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/apk_package.h 2026-02-25 13:15:59.000000000 +0100 @@ -98,7 +98,7 @@ unsigned char cached : 1; unsigned char layer : 3; uint8_t digest_alg; - uint8_t digest[]; + uint8_t digest[0]; }; static inline apk_blob_t apk_pkg_hash_blob(const struct apk_package *pkg) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/app_mkndx.c new/apk-tools-3.0.5/src/app_mkndx.c --- old/apk-tools-3.0.4/src/app_mkndx.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/app_mkndx.c 2026-02-25 13:15:59.000000000 +0100 @@ -87,7 +87,7 @@ ictx->pkgname_spec_set = 1; break; case OPT_MKNDX_rewrite_arch: - apk_err(out, "--rewrite-arch is removed, use instead: --pkgspec-name '%s/${name}-${package}.apk'", optarg); + apk_err(out, "--rewrite-arch is removed, use instead: --pkgname-spec '%s/${name}-${version}.apk'", optarg); return -ENOTSUP; default: return -ENOTSUP; @@ -259,11 +259,18 @@ struct apk_digest digest; struct apk_file_info fi; apk_blob_t lookup_spec = ctx->pkgname_spec; - int r, errors = 0, newpkgs = 0, numpkgs; + int r = -1, errors = 0, newpkgs = 0, numpkgs; char buf[NAME_MAX]; time_t index_mtime = 0; - r = -1; + apk_extract_init(&ctx->ectx, ac, &extract_ndxinfo_ops); + + adb_init(&odb); + adb_w_init_alloca(&ctx->db, ADB_SCHEMA_INDEX, 8000); + adb_wo_alloca(&ndx, &schema_index, &ctx->db); + adb_wo_alloca(&ctx->pkgs, &schema_pkginfo_array, &ctx->db); + adb_wo_alloca(&ctx->pkginfo, &schema_pkginfo, &ctx->db); + if (!ctx->output) { apk_err(out, "Please specify --output FILE"); goto done; @@ -275,15 +282,6 @@ } lookup_spec = ctx->filter_spec; } - - apk_extract_init(&ctx->ectx, ac, &extract_ndxinfo_ops); - - adb_init(&odb); - adb_w_init_alloca(&ctx->db, ADB_SCHEMA_INDEX, 8000); - adb_wo_alloca(&ndx, &schema_index, &ctx->db); - adb_wo_alloca(&ctx->pkgs, &schema_pkginfo_array, &ctx->db); - adb_wo_alloca(&ctx->pkginfo, &schema_pkginfo, &ctx->db); - if (ctx->index) { apk_fileinfo_get(AT_FDCWD, ctx->index, 0, &fi, 0); index_mtime = fi.mtime; @@ -330,7 +328,8 @@ if (ctx->pkgname_spec_set && (apk_blob_subst(buf, sizeof buf, ctx->pkgname_spec, adb_s_field_subst, &ctx->pkginfo) < 0 || strcmp(apk_last_path_segment(buf), apk_last_path_segment(arg)) != 0)) - apk_warn(out, "%s: not matching package name specification '%s'", arg, buf); + apk_warn(out, "%s: not matching package name specification '" BLOB_FMT "'", + arg, BLOB_PRINTF(ctx->pkgname_spec)); apk_dbg(out, "%s: indexed new package", arg); val = adb_wa_append_obj(&ctx->pkgs, &ctx->pkginfo); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/blob.c new/apk-tools-3.0.5/src/blob.c --- old/apk-tools-3.0.4/src/blob.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/blob.c 2026-02-25 13:15:59.000000000 +0100 @@ -98,7 +98,7 @@ int i; for (i = 0; i < nblocks; i++, key += 4) { - k = apk_unaligned_u32(key); + k = apk_unaligned_le32(key); k *= c1; k = rotl32(k, 15); k *= c2; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/database.c new/apk-tools-3.0.5/src/database.c --- old/apk-tools-3.0.4/src/database.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/database.c 2026-02-25 13:15:59.000000000 +0100 @@ -91,7 +91,7 @@ /* Checksum's highest bits have the most "randomness", use that * directly as hash */ if (csum.len >= sizeof(uint32_t)) - return apk_unaligned_u32(csum.ptr); + return apk_unaligned_le32(csum.ptr); return 0; } @@ -205,16 +205,18 @@ static struct apk_db_acl *__apk_db_acl_atomize(struct apk_database *db, mode_t mode, uid_t uid, gid_t gid, uint8_t hash_len, const uint8_t *hash) { - struct { - struct apk_db_acl acl; - uint8_t digest[APK_DIGEST_LENGTH_MAX]; - } data; + struct apk_db_acl *acl; apk_blob_t *b; - data.acl = (struct apk_db_acl) { .mode = mode & 07777, .uid = uid, .gid = gid, .xattr_hash_len = hash_len }; - if (hash_len) memcpy(data.digest, hash, hash_len); + acl = alloca(sizeof(*acl) + hash_len); + acl->mode = mode & 07777; + acl->uid = uid; + acl->gid = gid; + acl->xattr_hash_len = hash_len; + + if (hash_len) memcpy(acl->xattr_hash, hash, hash_len); - b = apk_atomize_dup(&db->atoms, APK_BLOB_PTR_LEN((char*) &data, sizeof(data.acl) + hash_len)); + b = apk_atomize_dup(&db->atoms, APK_BLOB_PTR_LEN((char*) acl, sizeof(*acl) + hash_len)); return (struct apk_db_acl *) b->ptr; } @@ -1759,6 +1761,18 @@ return ret; } +static bool memfd_exec_check(void) +{ + char val[8]; + bool ret = false; + int fd = open("/proc/sys/vm/memfd_noexec", O_RDONLY); + if (fd >= 0) { + if (read(fd, val, sizeof val) >= 1 && val[0] < '2') ret = true; + close(fd); + } + return ret; +} + static bool unshare_check(void) { int status; @@ -1885,30 +1899,12 @@ db->cache_remount_dir = NULL; } #else -static bool unshare_check(void) -{ - return false; -} - -static int unshare_mount_namespace(struct apk_database *db) -{ - return 0; -} - -static int detect_tmpfs(int fd) -{ - return 0; -} - -static int remount_cache_rw(struct apk_database *db) -{ - return 0; -} - -static void remount_cache_ro(struct apk_database *db) -{ - (void) db; -} +static bool memfd_exec_check(void) { return false; } +static bool unshare_check(void) { return false; } +static int unshare_mount_namespace(struct apk_database *db) { return 0; } +static int detect_tmpfs(int fd) { return 0; } +static int remount_cache_rw(struct apk_database *db) { return 0; } +static void remount_cache_ro(struct apk_database *db) { } #endif static int setup_cache(struct apk_database *db) @@ -1993,6 +1989,8 @@ apk_package_array_init(&db->installed.sorted_packages); apk_repoparser_init(&db->repoparser, &ac->out, &db_repoparser_ops); db->root_fd = -1; + db->lock_fd = -1; + db->cache_fd = -APKE_CACHE_NOT_AVAILABLE; db->noarch = apk_atomize_dup(&db->atoms, APK_BLOB_STRLIT("noarch")); } @@ -2017,7 +2015,6 @@ setup_cache_repository(db, APK_BLOB_STR(ac->cache_dir)); db->root_fd = apk_ctx_fd_root(ac); db->root_tmpfs = (ac->root_tmpfs == APK_AUTO) ? detect_tmpfs(db->root_fd) : ac->root_tmpfs; - db->cache_fd = -APKE_CACHE_NOT_AVAILABLE; db->usermode = !!(ac->open_flags & APK_OPENF_USERMODE); if (!(ac->open_flags & APK_OPENF_CREATE)) { @@ -2062,6 +2059,7 @@ db->root_dev_ok = 1; db->memfd_failed = !db->root_proc_ok; } + if (!db->memfd_failed) db->memfd_failed = !memfd_exec_check(); db->id_cache = apk_ctx_get_id_cache(ac); @@ -2219,7 +2217,10 @@ for (i = 0; i < APK_DB_LAYER_NUM; i++) { struct layer_data *ld = &layers[i]; - if (!(db->active_layers & BIT(i))) continue; + if (!(db->active_layers & BIT(i))) { + ld->fd = -1; + continue; + } ld->fd = openat(db->root_fd, apk_db_layer_name(i), O_DIRECTORY | O_RDONLY | O_CLOEXEC); if (ld->fd < 0) { @@ -2248,7 +2249,7 @@ pkgs = apk_db_sorted_installed_packages(db); apk_array_foreach_item(pkg, pkgs) { struct layer_data *ld = &layers[pkg->layer]; - if (!ld->fd) continue; + if (ld->fd < 0) continue; apk_db_fdb_write(db, pkg->ipkg, ld->installed); apk_db_scriptdb_write(db, pkg->ipkg, ld->scripts); apk_db_triggers_write(db, pkg->ipkg, ld->triggers); @@ -2304,7 +2305,7 @@ if (db->ctx->open_flags & APK_OPENF_CREATE) { apk_make_dirs(db->root_fd, "lib/apk/db", 0755, 0755); apk_make_dirs(db->root_fd, "etc/apk", 0755, 0755); - } else if (db->lock_fd == 0) { + } else if (db->lock_fd < 0) { apk_err(out, "Refusing to write db without write lock!"); return -1; } @@ -2357,8 +2358,8 @@ remount_cache_ro(db); - if (db->cache_fd > 0) close(db->cache_fd); - if (db->lock_fd > 0) close(db->lock_fd); + if (db->cache_fd >= 0) close(db->cache_fd); + if (db->lock_fd >= 0) close(db->lock_fd); } int apk_db_get_tag_id(struct apk_database *db, apk_blob_t tag) @@ -2501,7 +2502,7 @@ int apk_db_cache_active(struct apk_database *db) { - return db->cache_fd > 0 && db->ctx->cache_packages; + return db->cache_fd >= 0 && db->ctx->cache_packages; } struct foreach_cache_item_ctx { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/extract_v3.c new/apk-tools-3.0.5/src/extract_v3.c --- old/apk-tools-3.0.4/src/extract_v3.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/extract_v3.c 2026-02-25 13:15:59.000000000 +0100 @@ -73,7 +73,7 @@ uint16_t mode; if (target.len < 2) goto err_schema; - mode = le16toh(*(uint16_t*)target.ptr); + mode = apk_unaligned_le16(target.ptr); target.ptr += 2; target.len -= 2; switch (mode) { @@ -81,10 +81,7 @@ case S_IFCHR: case S_IFIFO: if (target.len != sizeof(uint64_t)) goto err_schema; - struct unaligned64 { - uint64_t value; - } __attribute__((packed)); - fi.device = le64toh(((struct unaligned64 *)target.ptr)->value); + fi.device = apk_unaligned_le64(target.ptr); break; case S_IFLNK: case S_IFREG: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/io.c new/apk-tools-3.0.5/src/io.c --- old/apk-tools-3.0.4/src/io.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/io.c 2026-02-25 13:15:59.000000000 +0100 @@ -33,6 +33,9 @@ #define HAVE_O_TMPFILE #endif +// The granularity for the file offset and istream buffer alignment synchronization. +#define APK_ISTREAM_ALIGN_SYNC 8 + size_t apk_io_bufsize = 128*1024; @@ -111,16 +114,18 @@ if (left > is->buf_size/4) { r = is->ops->read(is, ptr, left); if (r <= 0) break; + is->ptr = is->end = &is->buf[(is->ptr - is->buf + r) % APK_ISTREAM_ALIGN_SYNC]; left -= r; ptr += r; continue; } - r = is->ops->read(is, is->buf, is->buf_size); + is->ptr = is->end = &is->buf[(is->ptr - is->buf) % APK_ISTREAM_ALIGN_SYNC]; + + r = is->ops->read(is, is->ptr, is->buf + is->buf_size - is->ptr); if (r <= 0) break; - is->ptr = is->buf; - is->end = is->buf + r; + is->end = is->ptr + r; } if (r < 0) return apk_istream_error(is, r); @@ -136,19 +141,20 @@ static int __apk_istream_fill(struct apk_istream *is) { - ssize_t sz; - if (is->err) return is->err; - if (is->ptr != is->buf) { - sz = is->end - is->ptr; - memmove(is->buf, is->ptr, sz); - is->ptr = is->buf; - is->end = is->buf + sz; - } else if (is->end-is->ptr == is->buf_size) - return -ENOBUFS; + size_t offs = is->ptr - is->buf; + if (offs >= APK_ISTREAM_ALIGN_SYNC) { + size_t buf_used = is->end - is->ptr; + uint8_t *ptr = &is->buf[offs % APK_ISTREAM_ALIGN_SYNC]; + memmove(ptr, is->ptr, buf_used); + is->ptr = ptr; + is->end = ptr + buf_used; + } else { + if (is->end == is->buf+is->buf_size) return -ENOBUFS; + } - sz = is->ops->read(is, is->end, is->buf + is->buf_size - is->end); + ssize_t sz = is->ops->read(is, is->end, is->buf + is->buf_size - is->end); if (sz <= 0) return apk_istream_error(is, sz ?: 1); is->end += sz; return 0; @@ -282,6 +288,7 @@ if (r == 0) r = -ECONNABORTED; } else { sis->bytes_left -= r; + sis->align += r; } return r; } @@ -290,6 +297,7 @@ { struct apk_segment_istream *sis = container_of(is, struct apk_segment_istream, is); + if (!sis->pis->ptr) sis->pis->ptr = sis->pis->end = &is->buf[sis->align % APK_ISTREAM_ALIGN_SYNC]; if (sis->bytes_left) apk_istream_skip(sis->pis, sis->bytes_left); return is->err < 0 ? is->err : 0; } @@ -316,6 +324,9 @@ sis->is.end = sis->is.ptr + len; is->ptr += len; } else { + // Calculated at segment_closet again, set to null to catch if + // the inner istream is used before segment close. + sis->align = is->end - is->buf; is->ptr = is->end = 0; } sis->bytes_left -= sis->is.end - sis->is.ptr; @@ -600,6 +611,8 @@ .is.ops = &fd_istream_ops, .is.buf = (uint8_t *)(fis + 1), .is.buf_size = apk_io_bufsize, + .is.ptr = (uint8_t *)(fis + 1), + .is.end = (uint8_t *)(fis + 1), .fd = fd, }; @@ -1258,7 +1271,7 @@ void apk_ostream_copy_meta(struct apk_ostream *os, struct apk_istream *is) { - struct apk_file_meta meta; + struct apk_file_meta meta = { 0 }; apk_istream_get_meta(is, &meta); os->ops->set_meta(os, &meta); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/io_gunzip.c new/apk-tools-3.0.5/src/io_gunzip.c --- old/apk-tools-3.0.4/src/io_gunzip.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/io_gunzip.c 2026-02-25 13:15:59.000000000 +0100 @@ -165,6 +165,8 @@ .is.ops = &gunzip_istream_ops, .is.buf = (uint8_t*)(gis + 1), .is.buf_size = apk_io_bufsize, + .is.ptr = (uint8_t*)(gis + 1), + .is.end = (uint8_t*)(gis + 1), .zis = is, .cb = cb, .cbctx = ctx, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/io_url_libfetch.c new/apk-tools-3.0.5/src/io_url_libfetch.c --- old/apk-tools-3.0.4/src/io_url_libfetch.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/io_url_libfetch.c 2026-02-25 13:15:59.000000000 +0100 @@ -161,6 +161,8 @@ .is.ops = &fetch_istream_ops, .is.buf = (uint8_t*)(fis+1), .is.buf_size = apk_io_bufsize, + .is.ptr = (uint8_t*)(fis+1), + .is.end = (uint8_t*)(fis+1), .fetchIO = io, .urlstat = fis->urlstat, }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/package.c new/apk-tools-3.0.5/src/package.c --- old/apk-tools-3.0.4/src/package.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/package.c 2026-02-25 13:15:59.000000000 +0100 @@ -338,7 +338,7 @@ apk_blob_push_dep(&blob, db, dep); blob = apk_blob_pushed(APK_BLOB_BUF(tmp), blob); - if (APK_BLOB_IS_NULL(blob) || + if (APK_BLOB_IS_NULL(blob) || apk_ostream_write(os, blob.ptr, blob.len) < 0) return -1; @@ -759,11 +759,7 @@ if (!db->memfd_failed) { /* Linux kernel >= 6.3 */ fd = memfd_create(fn, MFD_EXEC|MFD_ALLOW_SEALING); - if (fd < 0 && errno == EINVAL) { - /* Linux kernel < 6.3 */ - fd = memfd_create(fn, MFD_ALLOW_SEALING); - if (fd < 0) db->memfd_failed = 1; - } + if (fd < 0) db->memfd_failed = 1; } if (!db->script_dirs_checked) { if (fd < 0 && apk_make_dirs(root_fd, script_exec_dir, 0700, 0755) < 0) { @@ -791,7 +787,8 @@ fd = -1; } else { #ifdef F_ADD_SEALS - fcntl(fd, F_ADD_SEALS, F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE); + fcntl(fd, F_ADD_SEALS, F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW + | F_SEAL_WRITE | F_SEAL_FUTURE_WRITE | F_SEAL_EXEC); #endif } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/src/process.c new/apk-tools-3.0.5/src/process.c --- old/apk-tools-3.0.4/src/process.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/src/process.c 2026-02-25 13:15:59.000000000 +0100 @@ -316,6 +316,8 @@ .is.ops = &process_istream_ops, .is.buf = (uint8_t *)(pis + 1), .is.buf_size = apk_io_bufsize, + .is.ptr = (uint8_t *)(pis + 1), + .is.end = (uint8_t *)(pis + 1), }; r = apk_process_init(&pis->proc, apk_last_path_segment(argv[0]), logpfx, out, NULL); if (r != 0) goto err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/test/unit/io_test.c new/apk-tools-3.0.5/test/unit/io_test.c --- old/apk-tools-3.0.4/test/unit/io_test.c 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/test/unit/io_test.c 2026-02-25 13:15:59.000000000 +0100 @@ -119,3 +119,65 @@ assert_int_equal(0, apk_dir_foreach_config_file(MOCKFD, assert_path_entry, NULL, apk_filename_is_hidden, "a", "b", NULL)); } + +APK_TEST(io_istream_align) { + struct apk_istream *is = apk_istream_from_file(AT_FDCWD, "/dev/zero"); + struct apk_segment_istream seg; + size_t bufsz = 1024*1024; + uint8_t *buf = malloc(bufsz), *ptr; + + assert_int_equal(0, apk_istream_read(is, buf, 1024)); + + ptr = apk_istream_get(is, 1024); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + assert_ptr_ok(apk_istream_get(is, 7)); + assert_ptr_ok(apk_istream_get(is, apk_io_bufsize - 1024)); + assert_ptr_ok(apk_istream_get(is, 1)); + + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + assert_int_equal(0, apk_istream_read(is, buf, bufsz - 1)); + assert_int_equal(0, apk_istream_read(is, buf, 1)); + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + apk_istream_segment(&seg, is, 1024-1, 0); + apk_istream_close(&seg.is); + assert_ptr_ok(apk_istream_get(is, 1)); + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + apk_istream_segment(&seg, is, bufsz-1, 0); + apk_istream_close(&seg.is); + assert_ptr_ok(apk_istream_get(is, 1)); + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + assert_ptr_ok(apk_istream_get(is, 7)); + apk_istream_segment(&seg, is, bufsz-7, 0); + assert_int_equal(0, apk_istream_read(&seg.is, buf, bufsz-10)); + assert_int_equal(0, apk_istream_read(&seg.is, buf, 1)); + apk_istream_close(&seg.is); + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + apk_istream_segment(&seg, is, bufsz*2+1, 0); + assert_int_equal(0, apk_istream_read(&seg.is, buf, bufsz)); + assert_int_equal(0, apk_istream_read(&seg.is, buf, bufsz)); + apk_istream_close(&seg.is); + assert_int_equal(0, apk_istream_read(is, buf, 7)); + ptr = apk_istream_get(is, 64); + assert_ptr_ok(ptr); + assert_int_equal(0, (uintptr_t)ptr & 7); + + apk_istream_close(is); + free(buf); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apk-tools-3.0.4/test/user/mkndx.sh new/apk-tools-3.0.5/test/user/mkndx.sh --- old/apk-tools-3.0.4/test/user/mkndx.sh 2026-01-29 11:37:36.000000000 +0100 +++ new/apk-tools-3.0.5/test/user/mkndx.sh 2026-02-25 13:15:59.000000000 +0100 @@ -8,7 +8,13 @@ setup_apkroot APK="$APK --allow-untrusted --no-interactive --no-cache" +$APK mkpkg && assert "no parameters is an error" +[ $? = 99 ] || assert "wrong error code" + +$APK mkpkg -I name:aaa -I version:1.0 -o aaa-1.0.apk $APK mkpkg -I name:test-a -I version:1.0 -I tags:"tagA tagC=1" -o test-a-1.0.apk +$APK mkpkg -I name:test-a -I version:2.0 -o test-a-2.0.apk +$APK mkpkg -I name:test-a -I version:3.0 -o test-a-3.0.apk $APK mkpkg -I name:test-b -I version:1.0 -I tags:"tagB tagC=2" -o test-b-1.0.apk $APK mkpkg -I name:test-c -I version:1.0 -I "recommends:test-a" -o test-c-1.0.apk @@ -40,9 +46,12 @@ ./tes/test-b-1.0.apk EOF -$APK mkndx -vv --filter-spec '${name}-${version}' --pkgname-spec 'http://test/${name}-${version}.apk' -x index.adb -o index-filtered.adb test-a-1.0 -$APK fetch --url --simulate --from none --repository index-filtered.adb --pkgname-spec '${name}_${version}.pkg' test-a 2>&1 | diff -u /dev/fd/4 4<<EOF - || assert "wrong fetch result" +$APK mkndx -vv -o index-unfiltered.adb aaa-1.0.apk test-a-1.0.apk test-a-2.0.apk test-a-3.0.apk test-b-1.0.apk test-c-1.0.apk +$APK mkndx -vv --filter-spec '${name}-${version}' --pkgname-spec 'http://test/${name}-${version}.apk' -x index-unfiltered.adb -o index-filtered.adb test-a-1.0 aaa-1.0 test-c-1.0 +$APK fetch --url --simulate --from none --repository index-filtered.adb --pkgname-spec '${name}_${version}.pkg' "*" 2>&1 | diff -u /dev/fd/4 4<<EOF - || assert "wrong fetch result" +http://test/aaa-1.0.apk http://test/test-a-1.0.apk +http://test/test-c-1.0.apk EOF $APK query --format=yaml --repository index.adb --fields name,recommends "test-c" 2>&1 | diff -u /dev/fd/4 4<<EOF - || assert "wrong fetch result"
