| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-03-13 | Merge remote-tracking branch 'upstream/1.8.2.z' into 1.8.2.z+ios1.8.2.z+ios | Sam Bingner | |
| 2020-12-07 | Release 1.8.2.2 | Julian Andres Klode | |
| 2020-12-07 | CVE-2020-27350: tarfile: integer overflow: Limit tar items to 128 GiB | Julian Andres Klode | |
| The integer overflow was detected by DonKult who added a check like this: (std::numeric_limits<decltype(Itm.Size)>::max() - (2 * sizeof(Block))) Which deals with the code as is, but also still is a fairly big limit, and could become fragile if we change the code. Let's limit our file sizes to 128 GiB, which should be sufficient for everyone. Original comment by DonKult: The code assumes that it can add sizeof(Block)-1 to the size of the item later on, but if we are close to a 64bit overflow this is not possible. Fixing this seems too complex compared to just ensuring there is enough room left given that we will have a lot more problems the moment we will be acting on files that large as if the item is that large, the (valid) tar including it probably doesn't fit in 64bit either. | |||
| 2020-12-07 | CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiB | Julian Andres Klode | |
| Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes. | |||
| 2020-12-07 | tarfile: OOM hardening: Limit size of long names/links to 1 MiB | Julian Andres Klode | |
| Tarballs have long names and long link targets structured by a special tar header with a GNU extension followed by the actual content (padded to 512 bytes). Essentially, think of a name as a special kind of file. The limit of a file size in a header is 12 bytes, aka 10**12 or 1 TB. While this works OK-ish for file content that we stream to extractors, we need to copy file names into memory, and this opens us up to an OOM DoS attack. Limit the file name size to 1 MiB, as libarchive does, to make things safer. | |||
| 2020-12-07 | CVE-2020-27350: arfile: Integer overflow in parsing | Julian Andres Klode | |
| GHSL-2020-169: This first hunk adds a check that we have more files left to read in the file than the size of the member, ensuring that (a) the number is not negative, which caused the crash here and (b) ensures that we similarly avoid other issues with trying to read too much data. GHSL-2020-168: Long file names are encoded by a special marker in the filename and then the real filename is part of what is normally the data. We did not check that the length of the file name is within the length of the member, which means that we got a overflow later when subtracting the length from the member size to get the remaining member size. The file createdeb-lp1899193.cc was provided by GitHub Security Lab and reformatted using apt coding style for inclusion in the test case, both of these issues have an automated test case in test/integration/test-ubuntu-bug-1899193-security-issues. LP: #1899193 | |||
| 2020-07-17 | Don't tell the server to set a cookie1.8.y+ios | Sam Bingner | |
| 2020-07-17 | Hack around nitotv's broken webserver | Sam Bingner | |
| 2020-07-17 | Update User-Agent string | Sam Bingner | |
| 2020-07-17 | Add nitotv cookies | Sam Bingner | |
| 2020-07-17 | Warn if appropriate on date | Sam Bingner | |
| 2020-07-17 | Cleanup patches for 1.8.2 | Sam Bingner | |
| 2020-07-17 | Use access instead of faccessat for iOS5 compatibility | Sam Bingner | |
| 2020-07-17 | Remove errors that we don't need | Sam Bingner | |
| 2020-07-17 | build changes to work with our new http | Jaywalker | |
| 2020-07-17 | Added kirb's TLS1.2 patch | Jaywalker | |
| 2020-07-17 | Make the compiler complain less | Sam Bingner | |
| 2020-07-17 | Workaround for shell scripts | Sam Bingner | |
| 2020-07-17 | Added required patches | Jaywalker | |
| 2020-07-17 | Added seemingly missing files | Jaywalker | |
| 2020-07-17 | Build system changes | Jaywalker | |
| 2020-07-17 | Don't download "optional" files not in Release :/. | Jay Freeman (saurik) | |
| 2020-07-17 | For ReMap to work, S has to be marked volatile :/. | Jay Freeman (saurik) | |
| 2020-07-17 | Tags should use StoreString, not WriteStringInMap. | Jay Freeman (saurik) | |
| 2020-07-17 | Port TagIterator to correctly support ReMap (doh). | Jay Freeman (saurik) | |
| 2020-07-17 | Repeat after me: IMS-Hit is really "I am shit" :/. | Jay Freeman (saurik) | |
| 2020-07-17 | It is NOT OK to just munmap memory from malloc :/. | Jay Freeman (saurik) | |
| 2020-07-17 | Symlinking final file failed is a common issue :/. | Jay Freeman (saurik) | |
| 2020-07-17 | This is realloc, not reallocf: be more careful :/. | Jay Freeman (saurik) | |
| 2020-07-17 | Bill is consistent. Bill is correct. Be like Bill. | Jay Freeman (saurik) | |
| 2020-07-17 | You can't just assume the start is always zero :/. | Jay Freeman (saurik) | |
| 2020-07-17 | The length given to msync was calculated wrong :/. | Jay Freeman (saurik) | |
| 2020-07-17 | Not /not/ immediately mapping a file is INSANE :/. | Jay Freeman (saurik) | |
| 2020-07-17 | The entire concept of PendingError() is flawed :/. | Jay Freeman (saurik) | |
| 2020-07-17 | Bug #807012 also involves package dependencies :/. | Jay Freeman (saurik) | |
| 2020-07-17 | On IMS-Hit, you can't assume local compression :/. | Jay Freeman (saurik) | |
| 2020-07-17 | It is *never* a good idea to throw away stderr :/. | Jay Freeman (saurik) | |
| 2020-07-17 | It is just so absolutely critical that this works. | Jay Freeman (saurik) | |
| 2020-07-17 | My "tolerance" patch was a tad bit overzealous :(. | Jay Freeman (saurik) | |
| 2020-07-17 | You have to do the bounds check before the access. | Jay Freeman (saurik) | |
| 2020-07-17 | Fix field-without-values appearing at end of file. | Jay Freeman (saurik) | |
| 2020-07-17 | Of *course* I managed to get this check backwards. | Jay Freeman (saurik) | |
| 2020-07-17 | In the C locale, let's avoid any crazy transforms. | Jay Freeman (saurik) | |
| 2020-07-17 | It's just *mean* to complain if they already know. | Jay Freeman (saurik) | |
| 2020-07-17 | Wreck validation until we can assess ecosystem :/. | Jay Freeman (saurik) | |
| 2020-07-17 | This is 2016 and APT already requires use of mmap. | Jay Freeman (saurik) | |
| 2020-07-17 | Only check for valid Date if checking Valid-Until. | Jay Freeman (saurik) | |
| 2020-07-17 | I know this is "bad", but a "full wedge" is worse. | Jay Freeman (saurik) | |
| 2020-07-17 | For speed, you *need* multiple downloads per host. | Jay Freeman (saurik) | |
| 2020-07-17 | The fastest way to get field values is as a range. | Jay Freeman (saurik) | |
 |
index : apt.git | |
| Saurik's version of apt managed for tvOS/ARM64 | Sam Bingner |
| summaryrefslogtreecommitdiff |