aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-10-14 00:21:03 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-10-14 00:23:40 -0600
commitbd6326e312f3bb56ba504c0571db142990af036c (patch)
tree6f4bea4fb7fb8f7a0c1e9cf7afa4c4c63ba10c8a
parenta88ceb641cb616ccc75b095a9925f371457a7e74 (diff)
downloadaports-bd6326e312f3bb56ba504c0571db142990af036c.tar.gz
aports-bd6326e312f3bb56ba504c0571db142990af036c.tar.bz2
aports-bd6326e312f3bb56ba504c0571db142990af036c.tar.xz
main/openrc: refresh patchset
- Backport checkpath(1) buffer size fix from pending 0.44.7 release. Addresses CVE-2021-42341. - Switch wipe_tmp default setting from YES to NO. Fixes alpine/aports#13070.
-rw-r--r--main/openrc/0001-checkpath-fix-allocation-size-of-path-buffer.patch33
-rw-r--r--main/openrc/0002-move-rc_bindir-and-rc_sbindir-definitions-to-the-top.patch40
-rw-r--r--main/openrc/0003-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch (renamed from main/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch)4
-rw-r--r--main/openrc/0004-fsck-don-t-add-C0-to-busybox-fsck.patch (renamed from main/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch)4
-rw-r--r--main/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch (renamed from main/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch)5
-rw-r--r--main/openrc/0006-make-consolefont-service-compatible-with-busyboxs-se.patch (renamed from main/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch)4
-rw-r--r--main/openrc/0007-Support-early-loading-of-keymap-if-kbd-is-installed.patch (renamed from main/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch)4
-rw-r--r--main/openrc/0008-Add-support-for-starting-services-in-a-specified-VRF.patch (renamed from main/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch)4
-rw-r--r--main/openrc/0009-Clean-up-staticroute-config-remove-irrelevant-parts-.patch (renamed from main/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch)6
-rw-r--r--main/openrc/0010-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch44
-rw-r--r--main/openrc/0011-bootmisc-warn-about-potential-data-loss-when-wipe_tm.patch30
-rw-r--r--main/openrc/APKBUILD24
12 files changed, 178 insertions, 24 deletions
diff --git a/main/openrc/0001-checkpath-fix-allocation-size-of-path-buffer.patch b/main/openrc/0001-checkpath-fix-allocation-size-of-path-buffer.patch
new file mode 100644
index 0000000000..b18772ab08
--- /dev/null
+++ b/main/openrc/0001-checkpath-fix-allocation-size-of-path-buffer.patch
@@ -0,0 +1,33 @@
+From cc45b55f895d0c21b5ac3e5a65b0bf00f76adeb7 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Fri, 8 Oct 2021 04:52:55 +0100
+Subject: [PATCH] checkpath: fix allocation size of path buffer
+
+strlen's return value isn't enough to be used
+directly for (x)malloc; it doesn't include
+the null byte at the end of the string.
+
+X-Gentoo-Bug: 816900
+X-Gentoo-Bug-URL: https://bugs.gentoo.org/816900
+Fixes: #459
+Fixes: #462
+---
+ src/rc/checkpath.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/rc/checkpath.c b/src/rc/checkpath.c
+index bab22692..c4dd7d9d 100644
+--- a/src/rc/checkpath.c
++++ b/src/rc/checkpath.c
+@@ -151,7 +151,7 @@ static char *clean_path(char *path)
+ char *ch;
+ char *ch2;
+ char *str;
+- str = xmalloc(strlen(path));
++ str = xmalloc(strlen(path) + 1);
+ ch = path;
+ ch2 = str;
+ while (true) {
+--
+2.33.0
+
diff --git a/main/openrc/0002-move-rc_bindir-and-rc_sbindir-definitions-to-the-top.patch b/main/openrc/0002-move-rc_bindir-and-rc_sbindir-definitions-to-the-top.patch
new file mode 100644
index 0000000000..c22f4119d7
--- /dev/null
+++ b/main/openrc/0002-move-rc_bindir-and-rc_sbindir-definitions-to-the-top.patch
@@ -0,0 +1,40 @@
+From f46cc83ef7100ce713c4e616524e63371825e153 Mon Sep 17 00:00:00 2001
+From: William Hubbs <w.d.hubbs@gmail.com>
+Date: Tue, 21 Sep 2021 12:34:22 -0500
+Subject: [PATCH] move rc_bindir and rc_sbindir definitions to the top level
+
+---
+ meson.build | 2 ++
+ src/rc/meson.build | 3 ---
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index d6836652..088cb85d 100644
+--- a/meson.build
++++ b/meson.build
+@@ -86,6 +86,8 @@ if os == 'Linux' and libexecdir == 'libexec'
+ endif
+ libexecdir = rootprefix / libexecdir
+ rc_libexecdir = libexecdir / 'rc'
++rc_bindir = rc_libexecdir / 'bin'
++rc_sbindir = rc_libexecdir / 'sbin'
+ sbindir = rootprefix / get_option('sbindir')
+
+ selinux_dep = dependency('libselinux', required : get_option('selinux'))
+diff --git a/src/rc/meson.build b/src/rc/meson.build
+index 716963fa..ab3b0808 100644
+--- a/src/rc/meson.build
++++ b/src/rc/meson.build
+@@ -26,9 +26,6 @@ rc_wtmp_c = files([
+ 'rc-wtmp.c',
+ ])
+
+-rc_bindir = rc_libexecdir / 'bin'
+-rc_sbindir = rc_libexecdir / 'sbin'
+-
+ executable('rc-status',
+ ['rc-status.c', rc_misc_c, usage_c, version_h],
+ c_args : cc_branding_flags,
+--
+2.33.0
+
diff --git a/main/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/main/openrc/0003-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
index 2cbce3b216..0e44b24746 100644
--- a/main/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+++ b/main/openrc/0003-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
@@ -1,7 +1,7 @@
-From 44659e474ca7fa789214ef7b1452c86e884cbd93 Mon Sep 17 00:00:00 2001
+From 4646e98e759887baea6e87a04b2c03e1547c28dd Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 1 Feb 2017 04:04:52 +0000
-Subject: [PATCH 1/7] call /sbin/mkmntdirs in localmount OpenRC service
+Subject: [PATCH] call /sbin/mkmntdirs in localmount OpenRC service
---
init.d/localmount.in | 2 ++
diff --git a/main/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch b/main/openrc/0004-fsck-don-t-add-C0-to-busybox-fsck.patch
index 6d1a6cc841..e8300efd09 100644
--- a/main/openrc/0002-fsck-don-t-add-C0-to-busybox-fsck.patch
+++ b/main/openrc/0004-fsck-don-t-add-C0-to-busybox-fsck.patch
@@ -1,7 +1,7 @@
-From 1eccd655237e7657d1f7ac21108138a20cb17d0a Mon Sep 17 00:00:00 2001
+From 95a0e2fa4857a93aaaef6ab50742c63077d685e3 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 28 Nov 2017 13:35:10 +0100
-Subject: [PATCH 2/7] fsck: don't add -C0 to busybox fsck
+Subject: [PATCH] fsck: don't add -C0 to busybox fsck
---
init.d/fsck.in | 5 ++++-
diff --git a/main/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/main/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
index 352c3eb7df..34694c352c 100644
--- a/main/openrc/0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+++ b/main/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
@@ -1,8 +1,7 @@
-From ec680a6d258dd9b1447f968f350a2bea367df143 Mon Sep 17 00:00:00 2001
+From f840faeb5f0fcbb2d7821d677f96e1e6a78bc6e2 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 1 Feb 2017 04:17:14 +0000
-Subject: [PATCH 3/7] rc: pull in sysinit and boot as stacked levels when
- needed
+Subject: [PATCH] rc: pull in sysinit and boot as stacked levels when needed
We need start services from sysinit and boot runlevel, even if the new
runlevel is empty.
diff --git a/main/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch b/main/openrc/0006-make-consolefont-service-compatible-with-busyboxs-se.patch
index edd0aab13d..696c1a5ca1 100644
--- a/main/openrc/0004-make-consolefont-service-compatible-with-busyboxs-se.patch
+++ b/main/openrc/0006-make-consolefont-service-compatible-with-busyboxs-se.patch
@@ -1,7 +1,7 @@
-From 8f2e4dedbcd6991b55e295646a89d595413b600c Mon Sep 17 00:00:00 2001
+From baece521bb58db0ef44aa7578ba2684c8aac18f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
Date: Wed, 17 Aug 2016 17:52:58 +0200
-Subject: [PATCH 4/7] make consolefont service compatible with busyboxs setfont
+Subject: [PATCH] make consolefont service compatible with busyboxs setfont
applet
Compared to kdbs setfont program it doesn't support -O and -m.
diff --git a/main/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch b/main/openrc/0007-Support-early-loading-of-keymap-if-kbd-is-installed.patch
index c1cc07a1dc..be753a932e 100644
--- a/main/openrc/0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
+++ b/main/openrc/0007-Support-early-loading-of-keymap-if-kbd-is-installed.patch
@@ -1,7 +1,7 @@
-From daf9a97c97d045ff7b14e68fc89c1f479dbb669d Mon Sep 17 00:00:00 2001
+From 117c2d1fae120a98fa8f5e3fa75b08044016dbef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
Date: Thu, 7 Mar 2019 16:55:53 +0100
-Subject: [PATCH 5/7] Support early loading of keymap if kbd is installed
+Subject: [PATCH] Support early loading of keymap if kbd is installed
Early loading of the keymap with busybox was never supported and would
require modifying the save-keymaps services as well. Since no one
diff --git a/main/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch b/main/openrc/0008-Add-support-for-starting-services-in-a-specified-VRF.patch
index 8b3f94a4c0..08df91a701 100644
--- a/main/openrc/0006-Add-support-for-starting-services-in-a-specified-VRF.patch
+++ b/main/openrc/0008-Add-support-for-starting-services-in-a-specified-VRF.patch
@@ -1,7 +1,7 @@
-From df85b1bffa0864a4a95001a094f91bdd3bea1ecd Mon Sep 17 00:00:00 2001
+From 31b0a32737339ad1efc5b2a7efd3eca7e421d14f Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Fri, 14 Feb 2020 16:02:43 +0000
-Subject: [PATCH 6/7] Add support for starting services in a specified VRF.
+Subject: [PATCH] Add support for starting services in a specified VRF.
The venerable iproute2 utility has recently introduced support
for executing programs in specific VRFs which are virtualized
diff --git a/main/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch b/main/openrc/0009-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
index be5366f517..5e493aa7eb 100644
--- a/main/openrc/0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
+++ b/main/openrc/0009-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
@@ -1,8 +1,8 @@
-From cd1ae58ba74e636dd0f94d2ff9a5db5bd8385e3f Mon Sep 17 00:00:00 2001
+From 312ef343719e2ad33e36d9465e1fcc3cb33aa93f Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Wed, 8 Sep 2021 23:51:11 -0600
-Subject: [PATCH 7/7] Clean up staticroute config - remove irrelevant parts
- (for BSD, Hurd) and suggest that route(8) is legacy.
+Subject: [PATCH] Clean up staticroute config - remove irrelevant parts (for
+ BSD, Hurd) and suggest that route(8) is legacy.
---
conf.d/staticroute | 23 +++--------------------
diff --git a/main/openrc/0010-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch b/main/openrc/0010-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
new file mode 100644
index 0000000000..f0467e83a6
--- /dev/null
+++ b/main/openrc/0010-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
@@ -0,0 +1,44 @@
+From b7a4caf79774f2a4986521dda27ddcb4d34a36c6 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Wed, 13 Oct 2021 21:12:10 -0600
+Subject: [PATCH] bootmisc: switch wipe_tmp setting to no by default
+
+When wipe_tmp=yes, an insufficiently bounded rm -rf occurs that,
+under specific unknown circumstances, can escape into other filesystems
+resulting in data loss.
+
+See alpine/aports#13070.
+---
+ conf.d/bootmisc | 2 +-
+ init.d/bootmisc.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/conf.d/bootmisc b/conf.d/bootmisc
+index dd5b08e0..5cf18d33 100644
+--- a/conf.d/bootmisc
++++ b/conf.d/bootmisc
+@@ -3,7 +3,7 @@ clean_tmp_dirs="/tmp"
+
+ # Should we wipe the tmp paths completely or just selectively remove known
+ # locks / files / etc... ?
+-wipe_tmp="YES"
++wipe_tmp="NO"
+
+ # Write the initial dmesg log into /var/log/dmesg after boot
+ # This may be useful if you need the kernel boot log afterwards
+diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
+index b1a849a3..8485110a 100644
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -17,7 +17,7 @@ depend()
+ keyword -prefix -timeout
+ }
+
+-: ${wipe_tmp:=${WIPE_TMP:-yes}}
++: ${wipe_tmp:=${WIPE_TMP:-no}}
+ : ${log_dmesg:=${LOG_DMESG:-yes}}
+
+ cleanup_tmp_dir()
+--
+2.33.0
+
diff --git a/main/openrc/0011-bootmisc-warn-about-potential-data-loss-when-wipe_tm.patch b/main/openrc/0011-bootmisc-warn-about-potential-data-loss-when-wipe_tm.patch
new file mode 100644
index 0000000000..e1994166e2
--- /dev/null
+++ b/main/openrc/0011-bootmisc-warn-about-potential-data-loss-when-wipe_tm.patch
@@ -0,0 +1,30 @@
+From 8371334affa0e6c0f40db291280a806d20f98060 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Wed, 13 Oct 2021 21:26:44 -0600
+Subject: [PATCH] bootmisc: warn about potential data loss when wipe_tmp is
+ enabled
+
+See alpine/aports#13070 for more information.
+---
+ init.d/bootmisc.in | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
+index 8485110a..9dd2bdef 100644
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -31,6 +31,11 @@ cleanup_tmp_dir()
+ chmod a+rwt "$dir" 2> /dev/null
+ cd "$dir" || return 1
+ if yesno $wipe_tmp; then
++ ewarn "The wipe_tmp setting has been enabled in /etc/conf.d/bootmisc."
++ ewarn "This setting is no longer recommended by Alpine due to reported"
++ ewarn "data loss incidents relating to it."
++ ewarn "See alpine/aports#13070 for more information."
++
+ ebegin "Wiping $dir directory"
+
+ # Faster than raw find
+--
+2.33.0
+
diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD
index 92fc366f22..2ced4ad3f2 100644
--- a/main/openrc/APKBUILD
+++ b/main/openrc/APKBUILD
@@ -2,7 +2,7 @@
pkgname=openrc
pkgver=0.44.6
_ver=${pkgver/_git*/}
-pkgrel=0
+pkgrel=1
pkgdesc="OpenRC manages the services, startup and shutdown of a host"
url="https://github.com/OpenRC/openrc"
arch="all"
@@ -16,13 +16,17 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev
install="$pkgname.post-install $pkgname.post-upgrade"
source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver.tar.gz
- 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
- 0002-fsck-don-t-add-C0-to-busybox-fsck.patch
- 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
- 0004-make-consolefont-service-compatible-with-busyboxs-se.patch
- 0005-Support-early-loading-of-keymap-if-kbd-is-installed.patch
- 0006-Add-support-for-starting-services-in-a-specified-VRF.patch
- 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
+ 0001-checkpath-fix-allocation-size-of-path-buffer.patch
+ 0002-move-rc_bindir-and-rc_sbindir-definitions-to-the-top.patch
+ 0003-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+ 0004-fsck-don-t-add-C0-to-busybox-fsck.patch
+ 0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+ 0006-make-consolefont-service-compatible-with-busyboxs-se.patch
+ 0007-Support-early-loading-of-keymap-if-kbd-is-installed.patch
+ 0008-Add-support-for-starting-services-in-a-specified-VRF.patch
+ 0009-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
+ 0010-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
+ 0011-bootmisc-warn-about-potential-data-loss-when-wipe_tm.patch
openrc.logrotate
hostname.initd
@@ -38,6 +42,10 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve
test-networking.sh
"
+# secfixes:
+# 0.44.6-r1:
+# - CVE-2021-42341
+
prepare() {
default_prepare
sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile