aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/doas/APKBUILD32
-rw-r--r--community/doas/reset-path.patch42
-rw-r--r--community/graphicsmagick/APKBUILD2
-rw-r--r--community/openjdk7/APKBUILD72
-rw-r--r--community/openjdk7/icedtea-hotspot-musl.patch13
-rw-r--r--community/openjdk7/icedtea-jdk-fix-compile-optional.patch21
-rw-r--r--community/openjdk7/icedtea-jdk-fix-gcc10.patch154
-rw-r--r--community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch1450
-rw-r--r--community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch1377
-rw-r--r--community/openjdk8/APKBUILD107
-rw-r--r--community/openjdk8/icedtea-hotspot-musl-ppc.patch194
-rw-r--r--community/tor/APKBUILD9
-rw-r--r--community/virtualbox-guest-modules-vanilla/APKBUILD2
-rw-r--r--community/wireguard-vanilla/APKBUILD11
-rw-r--r--community/zabbix/APKBUILD2
-rw-r--r--main/alpine-base/APKBUILD2
-rw-r--r--main/apk-tools/0001-add-fix-virtual-package-id-generation.patch109
-rw-r--r--main/apk-tools/APKBUILD25
-rw-r--r--main/apk-tools/lua-apk_time.patch20
-rw-r--r--main/apk-tools/tar-parser-overflow.patch65
-rw-r--r--main/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch54
-rw-r--r--main/busybox/APKBUILD7
-rw-r--r--main/cairo/85.patch172
-rw-r--r--main/cairo/APKBUILD8
-rw-r--r--main/collectd/APKBUILD2
-rw-r--r--main/dahdi-linux-vanilla/APKBUILD2
-rw-r--r--main/devicemaster-linux-vanilla/APKBUILD2
-rw-r--r--main/dnsmasq/APKBUILD20
-rw-r--r--main/dnsmasq/CVE-2019-14834.patch46
-rw-r--r--main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch49
-rw-r--r--main/dovecot/APKBUILD31
-rw-r--r--main/dovecot/CVE-2020-12673.patch31
-rw-r--r--main/dovecot/CVE-2020-12674.patch22
-rw-r--r--main/dovecot/fix-oauth2-jwt.c.patch55
-rw-r--r--main/dovecot/fix-out-of-memory-test.patch22
-rw-r--r--main/drbd-vanilla/APKBUILD12
-rw-r--r--main/drbd-vanilla/build-fix-32bit.patch15
-rw-r--r--main/git/APKBUILD6
-rw-r--r--main/gnutls/APKBUILD11
-rw-r--r--main/gnutls/CVE-2021-20231.patch62
-rw-r--r--main/gnutls/CVE-2021-20232.patch60
-rw-r--r--main/haproxy/APKBUILD4
-rw-r--r--main/haserl/APKBUILD12
-rw-r--r--main/libbsd/APKBUILD11
-rw-r--r--main/libbsd/CVE-2019-20367.patch42
-rw-r--r--main/libssh2/APKBUILD2
-rw-r--r--main/linux-vanilla/0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch355
-rw-r--r--main/linux-vanilla/0002-arm64-Use-correct-ll-sc-atomic-constraints.patch252
-rw-r--r--main/linux-vanilla/APKBUILD13
-rw-r--r--main/linux-vanilla/config-vanilla.aarch649
-rw-r--r--main/linux-vanilla/config-virt.aarch644
-rw-r--r--main/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch36
-rw-r--r--main/mariadb/APKBUILD16
-rw-r--r--main/mariadb/disable-failing-test.patch19
-rw-r--r--main/mariadb/fix-c11-atomics-check.patch67
-rw-r--r--main/nodejs/APKBUILD16
-rw-r--r--main/nodejs/dont-run-gyp-files-for-bundled-deps.patch2
-rw-r--r--main/openjpeg/APKBUILD24
-rw-r--r--main/openjpeg/CVE-2019-12973.patch152
-rw-r--r--main/openjpeg/CVE-2020-15389.patch39
-rw-r--r--main/openjpeg/CVE-2020-27814.patch30
-rw-r--r--main/openjpeg/CVE-2020-27823.patch28
-rw-r--r--main/openjpeg/CVE-2020-27824.patch25
-rw-r--r--main/openjpeg/CVE-2020-6851.patch29
-rw-r--r--main/openjpeg/CVE-2020-8112.patch43
-rw-r--r--main/openssl/APKBUILD11
-rw-r--r--main/postgresql/APKBUILD6
-rw-r--r--main/python3/APKBUILD13
-rw-r--r--main/python3/CVE-2020-14422.patch74
-rw-r--r--main/razor/APKBUILD25
-rw-r--r--main/razor/fix-cosmetic-pv.patch24
-rw-r--r--main/razor/fix-manpage-quoting.patch17
-rw-r--r--main/redis/APKBUILD16
-rw-r--r--main/redis/CVE-2015-8080.patch50
-rw-r--r--main/redis/makefile-dont-duplicate-binary.patch2
-rw-r--r--main/redis/musl-zmalloc.patch23
-rw-r--r--main/screen/APKBUILD5
-rw-r--r--main/screen/CVE-2021-26937.patch59
-rw-r--r--main/spamassassin/APKBUILD10
-rw-r--r--main/squid/APKBUILD6
-rw-r--r--main/subversion/APKBUILD9
-rw-r--r--main/subversion/CVE-2020-17525.patch15
-rw-r--r--main/tar/APKBUILD11
-rw-r--r--main/tar/CVE-2021-20193.patch127
-rw-r--r--main/tzdata/APKBUILD8
-rw-r--r--main/wpa_supplicant/APKBUILD10
-rw-r--r--main/wpa_supplicant/CVE-2021-0326.patch37
-rw-r--r--main/wpa_supplicant/CVE-2021-27803.patch50
-rw-r--r--main/xtables-addons-vanilla/APKBUILD11
-rw-r--r--main/xtables-addons-vanilla/ip_route_me_harder.patch48
-rw-r--r--main/zfs-vanilla/APKBUILD2
-rw-r--r--testing/ipt-netflow-vanilla/APKBUILD4
92 files changed, 2378 insertions, 3923 deletions
diff --git a/community/doas/APKBUILD b/community/doas/APKBUILD
index 41344d16f4..714271ae09 100644
--- a/community/doas/APKBUILD
+++ b/community/doas/APKBUILD
@@ -1,40 +1,48 @@
# Maintainer: Drew DeVault <sir@cmpwn.com>
pkgname=doas
-pkgver=6.0
+pkgver=6.6.1
pkgrel=0
-pkgdesc="OpenBSD's temporary privledge escalation tool"
+pkgdesc="OpenBSD's temporary privilege escalation tool"
url="https://github.com/Duncaen/OpenDoas"
arch="all"
license="BSD"
makedepends="bison"
subpackages="$pkgname-doc"
source="
- $pkgname-$pkgver.tar.gz::https://github.com/Duncaen/OpenDoas/archive/v$pkgver.tar.gz
- doas.conf
+ $pkgname-$pkgver.tar.gz::https://github.com/Duncaen/OpenDoas/archive/v$pkgver.tar.gz
+ reset-path.patch
"
builddir="$srcdir/OpenDoas-$pkgver"
options="$options suid"
+# secfixes:
+# 6.6.1-r0:
+# - CVE-2019-25016
+
build() {
- cd "$builddir"
./configure \
--prefix=/usr \
- --enable-static \
- --without-pam
+ --without-pam \
+ --with-timestamp
make
}
check() {
- cd "$builddir"
# doas -v returns 1
./doas -v || test $? = 1
}
package() {
- cd "$builddir"
make install DESTDIR="$pkgdir"
- install -Dm440 "$srcdir"/doas.conf "$pkgdir"/etc/doas.conf
+ install -d "$pkgdir"/etc
+ cat > "$pkgdir"/etc/doas.conf <<-EOF
+ # see doas.conf(5) for configuration details
+
+ # Uncomment to allow group "wheel" to become root
+ # permit persist :wheel
+ EOF
+ chmod 440 "$pkgdir"/etc/doas.conf
}
-sha512sums="2bf5e00895a45d87785e7a494a1506844afd843ef5375e0b0e3795ebc24712bb941c6feeb87e426e41a240d40aca9b4c099f77220745bb7142a7a4b303441f60 doas-6.0.tar.gz
-5035ae91293953b292c430334e949e11e5b482c5c91c7f018ac8286a791568a3006499649f487547a262291c0968618522fbc14acb5e2faa2af52accf15bbc49 doas.conf"
+sha512sums="390e0e139a2641be22c4493c3ed755d9cb4091f4ab8d590123b7c8c4f2f116cea3b3500926ff191fb98d92192ca9e92118cbcbeb463a7833763e00c65603e678 doas-6.6.1.tar.gz
+cb3a0e3767ec22fbab6e0535ee8f31ec525a3debf6c9dfdecd78668a6a3ea3d4a3e6a8d4717fe0f5e07f0a3c9d099a6be8e880c0b8f00588482409465cda86f8 reset-path.patch"
diff --git a/community/doas/reset-path.patch b/community/doas/reset-path.patch
new file mode 100644
index 0000000000..17596f30c2
--- /dev/null
+++ b/community/doas/reset-path.patch
@@ -0,0 +1,42 @@
+From 3b1d856055ae1e9e4a15884b539bd4fee6aff1d5 Mon Sep 17 00:00:00 2001
+From: Duncan Overbruck <mail@duncano.de>
+Date: Thu, 28 Jan 2021 17:58:34 +0100
+Subject: [PATCH] correctly reset path for rules without specific command
+
+This is a fixup for commit 01c658f8c45cb92a343be5f32aa6da70b2032168
+where the behaviour was changed to not inherit the PATH variable
+by default.
+---
+ doas.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/doas.c b/doas.c
+index e253905..98e354c 100644
+--- a/doas.c
++++ b/doas.c
+@@ -379,12 +379,22 @@ main(int argc, char **argv)
+ rule->options & PERSIST);
+ #endif
+
++#ifdef HAVE_LOGIN_CAP_H
++ if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
++ LOGIN_SETPATH |
++ LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
++ LOGIN_SETUSER) != 0)
++ errx(1, "failed to set user context for target");
++#else
+ if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0)
+ err(1, "setresgid");
+ if (initgroups(targpw->pw_name, targpw->pw_gid) != 0)
+ err(1, "initgroups");
+ if (setresuid(target, target, target) != 0)
+ err(1, "setresuid");
++ if (setenv("PATH", safepath, 1) == -1)
++ err(1, "failed to set PATH '%s'", safepath);
++#endif
+
+ if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)
+ cwd = "(failed)";
+--
+2.30.0
+
diff --git a/community/graphicsmagick/APKBUILD b/community/graphicsmagick/APKBUILD
index 10f4487ff4..14fd4f9409 100644
--- a/community/graphicsmagick/APKBUILD
+++ b/community/graphicsmagick/APKBUILD
@@ -14,7 +14,7 @@ source="https://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagi
options="libtool !check"
builddir="$srcdir"/GraphicsMagick-$pkgver
-# security fixes:
+# secfixes:
# 1.3.32-r0:
# - CVE-2018-18544
# - CVE-2018-20189
diff --git a/community/openjdk7/APKBUILD b/community/openjdk7/APKBUILD
index 0dfcd96657..9711a84183 100644
--- a/community/openjdk7/APKBUILD
+++ b/community/openjdk7/APKBUILD
@@ -2,11 +2,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk7
-_icedteaver=2.6.22
+_icedteaver=2.6.24
_icedteaversrc=$_icedteaver
# pkgver is <JDK version>.<JDK update>
# check icedtea JDK when updating
-pkgver=7.261.$_icedteaver
+pkgver=7.281.$_icedteaver
pkgrel=0
pkgdesc="OpenJDK 7 via IcedTea"
url="https://icedtea.classpath.org/"
@@ -18,15 +18,15 @@ makedepends="bash findutils tar zip file paxmark gawk util-linux libxslt
autoconf automake linux-headers coreutils
ca-certificates
nss-dev cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev
- lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev
+ lcms2-dev libexecinfo-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev
libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev
gtk+2.0-dev krb5-dev pcsc-lite-dev lksctp-tools-dev
libxcomposite-dev nss-static xz"
install=""
# upstream binary versions
-RHINO_VER=1.7.7.2
-ANT_VER=1.9.11
+_rhino_ver=1.7.7.2 # rhino 1.7.8 is java 8+ only
+_ant_ver=1.9.14
case $CARCH in
x86) _jarch=i386;;
@@ -70,20 +70,19 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta
jdk-$_dropsver.tar.bz2::$_dropsurl/jdk.tar.bz2
langtools-$_dropsver.tar.bz2::$_dropsurl/langtools.tar.bz2
hotspot-$_dropsver.tar.bz2::$_dropsurl/hotspot.tar.bz2
- https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VER-bin.tar.gz
- https://github.com/mozilla/rhino/releases/download/Rhino${RHINO_VER//./_}_Release/rhino-$RHINO_VER.zip
+ https://archive.apache.org/dist/ant/binaries/apache-ant-$_ant_ver-bin.tar.gz
+ https://github.com/mozilla/rhino/releases/download/Rhino${_rhino_ver//./_}_Release/rhino-$_rhino_ver.zip
icedtea-hotspot-musl.patch
icedtea-hotspot-musl-ppc.patch
icedtea-hotspot-noagent-musl.patch
icedtea-hotspot-uclibc-fixes.patch
icedtea-jdk-fix-build.patch
- icedtea-jdk-execinfo.patch
+ icedtea-jdk-fix-compile-optional.patch
+ icedtea-jdk-fix-gcc10.patch
icedtea-jdk-fix-ipv6-init.patch
icedtea-jdk-musl.patch
icedtea-jdk-no-soname.patch
- icedtea-jdk-revert-7fdd0d6ef2d3.patch
- icedtea-jdk-revert-a32dc7400435.patch
icedtea-jdk-xattr.patch
icedtea-cpio.patch
@@ -91,6 +90,23 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta
"
# secfixes:
+# 7.281.2.6.24-r0:
+# - CVE-2019-2745
+# - CVE-2020-14577
+# - CVE-2020-14578
+# - CVE-2020-14579
+# - CVE-2020-14581
+# - CVE-2020-14583
+# - CVE-2020-14593
+# - CVE-2020-14621
+# - CVE-2020-14779
+# - CVE-2020-14781
+# - CVE-2020-14782
+# - CVE-2020-14792
+# - CVE-2020-14796
+# - CVE-2020-14797
+# - CVE-2020-14798
+# - CVE-2020-14803
# 7.261.2.6.22-r0:
# - CVE-2020-2756
# - CVE-2020-2757
@@ -157,9 +173,9 @@ unpack() {
fi
mkdir -p "$srcdir"
msg "Unpacking sources..."
- tar -C "$srcdir" -xf icedtea-$_icedteaversrc.tar.xz
- tar -C "$srcdir" -xf apache-ant-$ANT_VER-bin.tar.gz
- unzip -o -q "rhino-$RHINO_VER.zip" -d "$srcdir"
+ unxz -c icedtea-$_icedteaversrc.tar.xz | tar -C "$srcdir" -x
+ tar -C "$srcdir" -xf apache-ant-$_ant_ver-bin.tar.gz
+ unzip -o -q "rhino-$_rhino_ver.zip" -d "$srcdir"
}
prepare() {
@@ -189,7 +205,7 @@ build() {
export HOTSPOT_BUILD_JOBS="${JOBS:-2}"
export JAVA_HOME=$BOOTSTRAP_JAVA_HOME
- export PATH=$JAVA_HOME/bin:$srcdir/apache-ant-$ANT_VER/bin:$PATH
+ export PATH=$JAVA_HOME/bin:$srcdir/apache-ant-$_ant_ver/bin:$PATH
export DISTRIBUTION_PATCHES=""
# Explicitly set the C++ standard as the default has changed on GCC 6+
@@ -224,7 +240,8 @@ build() {
--disable-dependency-tracking \
--disable-downloading \
--disable-arm32-jit \
- --with-rhino=$srcdir/rhino$RHINO_VER/lib/rhino-$RHINO_VER.jar \
+ --disable-docs \
+ --with-rhino=$srcdir/rhino$_rhino_ver/lib/rhino-$_rhino_ver.jar \
--with-openjdk-src-zip=$srcdir/openjdk-$_dropsver.tar.bz2 \
--with-hotspot-src-zip=$srcdir/hotspot-$_dropsver.tar.bz2 \
--with-corba-src-zip=$srcdir/corba-$_dropsver.tar.bz2 \
@@ -315,27 +332,26 @@ doc() {
mv "$pkgdir"/$INSTALL_BASE/man "$subpkgdir"/$INSTALL_BASE/
}
-sha512sums="28c96cd2971ce381f0bd1c2a7fe6443602ad89dc0dd5a48d533e3c1a473421bdb98abf5e38117409f305bab7c6c8fecf95e854e8da8acf022966014539916b5c icedtea-2.6.22.tar.xz
-7e2027e0b32b34f63eb771aad0273313d963d455f11f635e6b268b49a7f390d9ef2ff2913f2b9f09b6959abbdc060788a1ad8da9ae221b0889054ec4120f9867 openjdk-2.6.22.tar.bz2
-105b9a40d2a65d106e2d59524b0ed24edc72f46f2383d5645d7dd1f09ea9359e76b07ce1712433c7ce1062c5c49f45937acbfe293cfb27379d9a412f03589324 corba-2.6.22.tar.bz2
-696f17f0ef263668fa775bfb65630dcbe5c673fd7b153eff598fc7a7ba60c99b3f6b5f8e82949f3ebf16f506a9158797227c7263292a04b63a8653189dd9bfbb jaxp-2.6.22.tar.bz2
-406d9066e66d38a6cfd697f594e6955a625b685fd7dd83eb774243a9c3bbeeef13a9f6fc5c9fa9b3e2de561264831779edc7af312f1df08c29315d97f5b71e9e jaxws-2.6.22.tar.bz2
-f2d6370b1bc5ee011670229b0d001f08e49aa688dfdaa196b5eb5db1484ce06046c6cf8415bb09ecca6810472f3211988a5a1cd42cdca805b3b56be8b6cd5bcd jdk-2.6.22.tar.bz2
-df11b0d172c1493870ce3aabca076c16f73c2e2f50ac6beac921c72c6bf925a8b879cf8754b19d2d6dd0407f9baadeb597719c6f5972c97f5a5f7567bf98fcb1 langtools-2.6.22.tar.bz2
-f7652d0e6c1fe33ed7fe0d6f0c36daffc6509bb92818d5eaaf183fd9e8afc1a2fca9d547a2c087aa41134d5da0da4c647b5cdad11b9a520cf9a94cc1a548e219 hotspot-2.6.22.tar.bz2
-0da12cb0f761b8cb76e042449e7d93f43236e7bc948e337215470a70031f0a2dda6d1b508f9397b283808d84c4ebddb31558fe1cd8e6e6469c1dd390d69ec6e7 apache-ant-1.9.11-bin.tar.gz
+sha512sums="db97bd4106f732cab64528b5d087ea56333d9b0916f238a58b84d44bc8602ca64419f827afca483c0ba9538986bbf0bf5b92683b6f96d8df047b334328d76d11 icedtea-2.6.24.tar.xz
+fb5bd58480194b556ecfdb3225e4d70ac710cf0cc75ada483ed81786ff2b5eb961508291261742eab2ba91bdab9ea38188b02caaa1eb5abbdee43db4daad0416 openjdk-2.6.24.tar.bz2
+ed6244abf6a7ddfced08c8dd1d6f0ccee2344e0e85a9499c76a97f64708cbc9676bfb475c0ae907820ea1e8b5c1c4e73f57662bdcee6e41edf25a99d46d972fc corba-2.6.24.tar.bz2
+7a867293ef178f0af8bd37bdf94dcbf56a646974742aaec1f009d328eb18f4083c0120eb16d50e4510dff344074558151736e22f767ba9aa311b9f4a0c53013d jaxp-2.6.24.tar.bz2
+3257d4058e056f5664d185ea3357972e412033bc8f69f7e0778c31f47b354741a2c2e2c2a389939a06cc4c9eb6c024bf47f5b936a09b3606d2cdcc7d7236517a jaxws-2.6.24.tar.bz2
+24ff2ca12aa2f2c1b84803586f90e77527fc2c3df726650e828ab7f8430ac5a2805eee46ee830a6e1141d6f8c5a476a3ed7edece5b0534e2d33037155779f0d4 jdk-2.6.24.tar.bz2
+1d5def1076785a2a3097a18bdec0070fd69adff79e54fa24988da09b4457e9d363f05396016854301a1123b446d38e2c23c86cada43ae09e4fa8edf3b5d669b2 langtools-2.6.24.tar.bz2
+21fe6c47b7d116662bd772ecb526b993b11033e13286bdf0257aab60ec374cce6194dfea87b78ea5a1a62d5fbe83b01e9539ce8b81c73333a9dfb6dc0bf8fec5 hotspot-2.6.24.tar.bz2
+487dbd1d7f678a92924ba884a57e910ccb4fe565c554278795a8fdfc80c4e88d81ebc2ccecb5a8f353f0b2076572bb921499a2cadb064e0f44fc406a3c31da20 apache-ant-1.9.14-bin.tar.gz
1b9e8721749e81c5420a00af1e00ee0e4f48624ccb4e9aa969032114116ad50f59b254d4d16d74feff74de64157cc8b0a2ead9b555907c84b7055b796fba9a75 rhino-1.7.7.2.zip
-f62b942f0bacda8e37d0f1876d8ba14ddb4fc55a7d5fd1019463744927f40f422a85e9ee051948d566242f5a785aa28f275eb58768611283cba89af91235f43c icedtea-hotspot-musl.patch
+74e38e41db0dcca6ec91d3a83330f06904342ba8e950d896c4544db72b76a3ae6665793b83d7bbeb5a0cd3896b48707c8beda92ef0eb0e7f821c15e591e2fd49 icedtea-hotspot-musl.patch
e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch
e7a2c1771bb582d427041f8d22e48c0daf8f20d7c0926cbce3549d49c4e949359ee25a35682b486e82f3e390535c950c5beee3bd8d06fb5a717b50f2d9b2a6bc icedtea-hotspot-noagent-musl.patch
822eee0dc4d3ba677a289dfeb3668b536d2d626708390a9d9702fb4144a481fd443a215a0d2041c6026113837aafa4ba0b5e9ead8589d2da6717a238bbc95a5a icedtea-hotspot-uclibc-fixes.patch
8fadeee6ea9886c7ee3118a1abaee2fbd04931a3ba880062bc97397ad30aab114a83542c888461a5a8a1d131c4e73920872317c96620e2a8c4689620adf9e9c3 icedtea-jdk-fix-build.patch
-0391970e6a32946aa3cccf38fdef9c0fe2af26cd0df824b98aa2fcfa1bf661d4a68e339bffcfd16f386c565fc68bb28a29208a67d4bad8a0e847ad02bd8becbb icedtea-jdk-execinfo.patch
+38114b1de864539dd5ba35add8bfe0de8b85d6ebcb4d05e82cebc318ca27883737739315471855cfe0fd0cbc0a26d916aeb2304a23a75abb6a351aa51957e8a9 icedtea-jdk-fix-compile-optional.patch
+9b4ad4a593672edd617c514d3d9158324762d7d91049eca0b3c7f307c668cf20c1db94ecd935ab35d149488524d23db5dd77d7d45572f2fa1a7643c26ae4a32c icedtea-jdk-fix-gcc10.patch
48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch
44a35941c80f408d0607e32763b3b6ccee21e1d39886309327d3d74d2900117e4346ef59e77c663fd022fec10ee8f365eeb46c1260014d5765d226ce175ce3c5 icedtea-jdk-musl.patch
bf4b184e170f7b0ff64ab30d2162784fe2bd5460d1fa31973259f7065fd4c511c46f97724fe2bd72bb94e9006cb568d0e0c87d1a9c90819e65880f8f44830bb1 icedtea-jdk-no-soname.patch
-9a14c023662c25fc3338c60ba9e6ece625bf2db774776e0c633e5cc866d5c6daf160e90b164832b12eb304fcf65bf30b5d38f20cb7f97f01f6736bfa572ef4fc icedtea-jdk-revert-7fdd0d6ef2d3.patch
-f4ee0ede2b62e81971e79bd7d382c09847488656bfa27a7346cd5a92f478bcf67cd10aa632989836a49e87ee435c3de831ad4c71f824113f55c61361895a7af8 icedtea-jdk-revert-a32dc7400435.patch
e703e5f68e63f130e758b3fa813872363090c08eee6a6366f4784cf6a191a90a3642ec71e016bd05e48a66ad0ae56db8b0e318b101aca5d0885af8705423b770 icedtea-jdk-xattr.patch
a54c79c82afa1bc95265397b274260584c8b8c6be1651ddfb907d9523a809ea4581409e0d3fb0bbb63ef5a204e8ce29b7940e78cd640af1f490ae938c59129b6 icedtea-cpio.patch
4c874f0e9f3f54f688a1faf64fa3734e31f139f465ce77d12aac87558764ef66055de6cfac5b60efef2833c64256136c70f3cf5dc2712de62fc5dbebe3a8fbcd fix-xattr-include.patch"
diff --git a/community/openjdk7/icedtea-hotspot-musl.patch b/community/openjdk7/icedtea-hotspot-musl.patch
index 1da9031486..eb08c05468 100644
--- a/community/openjdk7/icedtea-hotspot-musl.patch
+++ b/community/openjdk7/icedtea-hotspot-musl.patch
@@ -64,16 +64,3 @@
#ifdef BUILTIN_SIM
#define REG_SP REG_RSP
---- openjdk/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp.orig
-+++ openjdk/hotspot/src/cpu/aarch64/vm/sharedRuntime_aarch64.cpp
-@@ -194,10 +194,6 @@
- return (r->reg2stack() + SharedRuntime::out_preserve_stack_slots()) * VMRegImpl::stack_slot_size;
- }
-
--template <class T> static const T& min (const T& a, const T& b) {
-- return (a > b) ? b : a;
--}
--
- // ---------------------------------------------------------------------------
- // Read the array of BasicTypes from a signature, and compute where the
- // arguments should go. Values in the VMRegPair regs array refer to 4-byte
diff --git a/community/openjdk7/icedtea-jdk-fix-compile-optional.patch b/community/openjdk7/icedtea-jdk-fix-compile-optional.patch
new file mode 100644
index 0000000000..3eb7565d91
--- /dev/null
+++ b/community/openjdk7/icedtea-jdk-fix-compile-optional.patch
@@ -0,0 +1,21 @@
+Subject: The gnu java compiler cannot compile this class
+Author: Simon Frankenberger <simon-alpine@fraho.eu>
+Upstream: No
+
+1. ERROR in /builds/bratkartoffel/aports/community/openjdk7/src/icedtea-2.6.23/openjdk-boot/jdk/src/share/classes/sun/security/util/Optional.java (at line 196)
+ return Optional.ofNullable(mapper.apply(value));
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Type mismatch: cannot convert from Optional<capture#5-of ? extends U> to Optional<U>
+
+
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/Optional.java
++++ openjdk/jdk/src/share/classes/sun/security/util/Optional.java
+@@ -193,7 +193,7 @@
+ if (!isPresent())
+ return empty();
+ else {
+- return Optional.ofNullable(mapper.apply(value));
++ return (Optional) Optional.ofNullable(mapper.apply(value));
+ }
+ }
+
diff --git a/community/openjdk7/icedtea-jdk-fix-gcc10.patch b/community/openjdk7/icedtea-jdk-fix-gcc10.patch
new file mode 100644
index 0000000000..71af3f9ce2
--- /dev/null
+++ b/community/openjdk7/icedtea-jdk-fix-gcc10.patch
@@ -0,0 +1,154 @@
+Subject: Fix build error with gcc >= 10.0
+Upstream: Yes
+Upstream-Url: https://bugs.openjdk.java.net/browse/JDK-8235903
+Author: Simon Frankenberger <simon-alpine@fraho.eu>
+
+This is a backport of the fixes to make it compile with gcc10 again.
+
+--- openjdk.orig/jdk/src/solaris/native/java/lang/childproc.c
++++ openjdk/jdk/src/solaris/native/java/lang/childproc.c
+@@ -33,6 +33,7 @@
+
+ #include "childproc.h"
+
++const char * const *parentPathv;
+
+ ssize_t
+ restartableWrite(int fd, const void *buf, size_t count)
+--- openjdk.orig/jdk/src/solaris/native/java/lang/childproc.h
++++ openjdk/jdk/src/solaris/native/java/lang/childproc.h
+@@ -118,7 +118,7 @@
+ * The cached and split version of the JDK's effective PATH.
+ * (We don't support putenv("PATH=...") in native code)
+ */
+-const char * const *parentPathv;
++extern const char * const *parentPathv;
+
+ ssize_t restartableWrite(int fd, const void *buf, size_t count);
+ int restartableDup2(int fd_from, int fd_to);
+--- openjdk.orig/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.c
++++ openjdk/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.c
+@@ -28,6 +28,9 @@
+ #include <dlfcn.h>
+ #include "NativeFunc.h"
+
++/* global GSS function table */
++GSS_FUNCTION_TABLE_PTR ftab;
++
+ /* standard GSS method names (ordering is from mapfile) */
+ static const char RELEASE_NAME[] = "gss_release_name";
+ static const char IMPORT_NAME[] = "gss_import_name";
+--- openjdk.orig/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.h
++++ openjdk/jdk/src/solaris/native/sun/security/jgss/wrapper/NativeFunc.h
+@@ -265,6 +265,6 @@
+ typedef GSS_FUNCTION_TABLE *GSS_FUNCTION_TABLE_PTR;
+
+ /* global GSS function table */
+-GSS_FUNCTION_TABLE_PTR ftab;
++extern GSS_FUNCTION_TABLE_PTR ftab;
+
+ #endif
+--- /dev/null
++++ openjdk/jdk/src/solaris/native/sun/nio/ch/Sctp.c
+@@ -0,0 +1,34 @@
++/*
++ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#include "Sctp.h"
++
++sctp_getladdrs_func* nio_sctp_getladdrs;
++sctp_freeladdrs_func* nio_sctp_freeladdrs;
++sctp_getpaddrs_func* nio_sctp_getpaddrs;
++sctp_freepaddrs_func* nio_sctp_freepaddrs;
++sctp_bindx_func* nio_sctp_bindx;
++sctp_peeloff_func* nio_sctp_peeloff;
++
+--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/Sctp.h
++++ openjdk/jdk/src/solaris/native/sun/nio/ch/Sctp.h
+@@ -332,12 +332,12 @@
+ #define nio_sctp_bindx sctp_bindx
+ #define nio_sctp_peeloff sctp_peeloff
+ #else
+-sctp_getladdrs_func* nio_sctp_getladdrs;
+-sctp_freeladdrs_func* nio_sctp_freeladdrs;
+-sctp_getpaddrs_func* nio_sctp_getpaddrs;
+-sctp_freepaddrs_func* nio_sctp_freepaddrs;
+-sctp_bindx_func* nio_sctp_bindx;
+-sctp_peeloff_func* nio_sctp_peeloff;
++extern sctp_getladdrs_func* nio_sctp_getladdrs;
++extern sctp_freeladdrs_func* nio_sctp_freeladdrs;
++extern sctp_getpaddrs_func* nio_sctp_getpaddrs;
++extern sctp_freepaddrs_func* nio_sctp_freepaddrs;
++extern sctp_bindx_func* nio_sctp_bindx;
++extern sctp_peeloff_func* nio_sctp_peeloff;
+ #endif
+
+ jboolean loadSocketExtensionFuncs(JNIEnv* env);
+--- openjdk.orig/jdk/src/solaris/native/common/deps/cups_fp.c
++++ openjdk/jdk/src/solaris/native/common/deps/cups_fp.c
+@@ -32,6 +32,16 @@
+
+ #include <cups_fp.h>
+
++fn_cupsServer j2d_cupsServer;
++fn_ippPort j2d_ippPort;
++fn_httpConnect j2d_httpConnect;
++fn_httpClose j2d_httpClose;
++fn_cupsGetPPD j2d_cupsGetPPD;
++fn_ppdOpenFile j2d_ppdOpenFile;
++fn_ppdClose j2d_ppdClose;
++fn_ppdFindOption j2d_ppdFindOption;
++fn_ppdPageSize j2d_ppdPageSize;
++
+ jboolean cups_init()
+ {
+ void *handle = dlopen(VERSIONED_JNI_LIB_NAME("cups", "2"),
+--- openjdk.orig/jdk/src/solaris/native/common/deps/cups_fp.h
++++ openjdk/jdk/src/solaris/native/common/deps/cups_fp.h
+@@ -36,15 +36,15 @@
+ typedef ppd_option_t* (*fn_ppdFindOption)(ppd_file_t *, const char *);
+ typedef ppd_size_t* (*fn_ppdPageSize)(ppd_file_t *, char *);
+
+-fn_cupsServer j2d_cupsServer;
+-fn_ippPort j2d_ippPort;
+-fn_httpConnect j2d_httpConnect;
+-fn_httpClose j2d_httpClose;
+-fn_cupsGetPPD j2d_cupsGetPPD;
+-fn_ppdOpenFile j2d_ppdOpenFile;
+-fn_ppdClose j2d_ppdClose;
+-fn_ppdFindOption j2d_ppdFindOption;
+-fn_ppdPageSize j2d_ppdPageSize;
++extern fn_cupsServer j2d_cupsServer;
++extern fn_ippPort j2d_ippPort;
++extern fn_httpConnect j2d_httpConnect;
++extern fn_httpClose j2d_httpClose;
++extern fn_cupsGetPPD j2d_cupsGetPPD;
++extern fn_ppdOpenFile j2d_ppdOpenFile;
++extern fn_ppdClose j2d_ppdClose;
++extern fn_ppdFindOption j2d_ppdFindOption;
++extern fn_ppdPageSize j2d_ppdPageSize;
+
+ #define cupsServer (*j2d_cupsServer)
+ #define ippPort (*j2d_ippPort)
diff --git a/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch b/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch
deleted file mode 100644
index 071a13c2ef..0000000000
--- a/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch
+++ /dev/null
@@ -1,1450 +0,0 @@
-Revert 7fdd0d6ef2d3 due build error
-This laos reverts a fix for CVE-2019-2745
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,206 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--package sun.security.ec;
--
--import sun.security.ec.point.*;
--import sun.security.util.ArrayUtil;
--import sun.security.util.Function;
--import sun.security.util.Optional;
--import sun.security.util.math.*;
--import static sun.security.ec.ECOperations.IntermediateValueException;
--
--import java.security.ProviderException;
--import java.security.spec.*;
--
--public class ECDSAOperations {
--
-- public static class Seed {
-- private final byte[] seedValue;
--
-- public Seed(byte[] seedValue) {
-- this.seedValue = seedValue;
-- }
--
-- public byte[] getSeedValue() {
-- return seedValue;
-- }
-- }
--
-- public static class Nonce {
-- private final byte[] nonceValue;
--
-- public Nonce(byte[] nonceValue) {
-- this.nonceValue = nonceValue;
-- }
--
-- public byte[] getNonceValue() {
-- return nonceValue;
-- }
-- }
--
-- private final ECOperations ecOps;
-- private final AffinePoint basePoint;
--
-- public ECDSAOperations(ECOperations ecOps, ECPoint basePoint) {
-- this.ecOps = ecOps;
-- this.basePoint = toAffinePoint(basePoint, ecOps.getField());
-- }
--
-- public ECOperations getEcOperations() {
-- return ecOps;
-- }
--
-- public AffinePoint basePointMultiply(byte[] scalar) {
-- return ecOps.multiply(basePoint, scalar).asAffine();
-- }
--
-- public static AffinePoint toAffinePoint(ECPoint point,
-- IntegerFieldModuloP field) {
--
-- ImmutableIntegerModuloP affineX = field.getElement(point.getAffineX());
-- ImmutableIntegerModuloP affineY = field.getElement(point.getAffineY());
-- return new AffinePoint(affineX, affineY);
-- }
--
-- public static
-- Optional<ECDSAOperations> forParameters(final ECParameterSpec ecParams) {
-- Optional<ECOperations> curveOps =
-- ECOperations.forParameters(ecParams);
-- return curveOps.map(new Function<ECOperations, ECDSAOperations>() {
-- @Override
-- public ECDSAOperations apply(ECOperations ops) {
-- return new ECDSAOperations(ops, ecParams.getGenerator());
-- }
-- });
-- }
--
-- /**
-- *
-- * Sign a digest using the provided private key and seed.
-- * IMPORTANT: The private key is a scalar represented using a
-- * little-endian byte array. This is backwards from the conventional
-- * representation in ECDSA. The routines that produce and consume this
-- * value uses little-endian, so this deviation from convention removes
-- * the requirement to swap the byte order. The returned signature is in
-- * the conventional byte order.
-- *
-- * @param privateKey the private key scalar as a little-endian byte array
-- * @param digest the digest to be signed
-- * @param seed the seed that will be used to produce the nonce. This object
-- * should contain an array that is at least 64 bits longer than
-- * the number of bits required to represent the group order.
-- * @return the ECDSA signature value
-- * @throws IntermediateValueException if the signature cannot be produced
-- * due to an unacceptable intermediate or final value. If this
-- * exception is thrown, then the caller should discard the nonnce and
-- * try again with an entirely new nonce value.
-- */
-- public byte[] signDigest(byte[] privateKey, byte[] digest, Seed seed)
-- throws IntermediateValueException {
--
-- byte[] nonceArr = ecOps.seedToScalar(seed.getSeedValue());
--
-- Nonce nonce = new Nonce(nonceArr);
-- return signDigest(privateKey, digest, nonce);
-- }
--
-- /**
-- *
-- * Sign a digest using the provided private key and nonce.
-- * IMPORTANT: The private key and nonce are scalars represented by a
-- * little-endian byte array. This is backwards from the conventional
-- * representation in ECDSA. The routines that produce and consume these
-- * values use little-endian, so this deviation from convention removes
-- * the requirement to swap the byte order. The returned signature is in
-- * the conventional byte order.
-- *
-- * @param privateKey the private key scalar as a little-endian byte array
-- * @param digest the digest to be signed
-- * @param nonce the nonce object containing a little-endian scalar value.
-- * @return the ECDSA signature value
-- * @throws IntermediateValueException if the signature cannot be produced
-- * due to an unacceptable intermediate or final value. If this
-- * exception is thrown, then the caller should discard the nonnce and
-- * try again with an entirely new nonce value.
-- */
-- public byte[] signDigest(byte[] privateKey, byte[] digest, Nonce nonce)
-- throws IntermediateValueException {
--
-- IntegerFieldModuloP orderField = ecOps.getOrderField();
-- int orderBits = orderField.getSize().bitLength();
-- if (orderBits % 8 != 0 && orderBits < digest.length * 8) {
-- // This implementation does not support truncating digests to
-- // a length that is not a multiple of 8.
-- throw new ProviderException("Invalid digest length");
-- }
--
-- byte[] k = nonce.getNonceValue();
-- // check nonce length
-- int length = (orderField.getSize().bitLength() + 7) / 8;
-- if (k.length != length) {
-- throw new ProviderException("Incorrect nonce length");
-- }
--
-- MutablePoint R = ecOps.multiply(basePoint, k);
-- IntegerModuloP r = R.asAffine().getX();
-- // put r into the correct field by fully reducing to an array
-- byte[] temp = new byte[length];
-- r.asByteArray(temp);
-- r = orderField.getElement(temp);
-- // store r in result
-- r.asByteArray(temp);
-- byte[] result = new byte[2 * length];
-- ArrayUtil.reverse(temp);
-- System.arraycopy(temp, 0, result, 0, length);
-- // compare r to 0
-- if (ECOperations.allZero(temp)) {
-- throw new IntermediateValueException();
-- }
--
-- IntegerModuloP dU = orderField.getElement(privateKey);
-- int lengthE = Math.min(length, digest.length);
-- byte[] E = new byte[lengthE];
-- System.arraycopy(digest, 0, E, 0, lengthE);
-- ArrayUtil.reverse(E);
-- IntegerModuloP e = orderField.getElement(E);
-- IntegerModuloP kElem = orderField.getElement(k);
-- IntegerModuloP kInv = kElem.multiplicativeInverse();
-- MutableIntegerModuloP s = r.mutable();
-- s.setProduct(dU).setSum(e).setProduct(kInv);
-- // store s in result
-- s.asByteArray(temp);
-- ArrayUtil.reverse(temp);
-- System.arraycopy(temp, 0, result, length, length);
-- // compare s to 0
-- if (ECOperations.allZero(temp)) {
-- throw new IntermediateValueException();
-- }
--
-- return result;
--
-- }
--
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECOperations.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/ECOperations.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,499 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--package sun.security.ec;
--
--import sun.security.ec.point.*;
--import sun.security.util.Optional;
--import sun.security.util.math.*;
--import sun.security.util.math.intpoly.*;
--
--import java.math.BigInteger;
--import java.security.ProviderException;
--import java.security.spec.ECFieldFp;
--import java.security.spec.ECParameterSpec;
--import java.security.spec.EllipticCurve;
--import java.util.Collections;
--import java.util.HashMap;
--import java.util.Map;
--
--/*
-- * Elliptic curve point arithmetic for prime-order curves where a=-3.
-- * Formulas are derived from "Complete addition formulas for prime order
-- * elliptic curves" by Renes, Costello, and Batina.
-- */
--
--public class ECOperations {
--
-- /*
-- * An exception indicating a problem with an intermediate value produced
-- * by some part of the computation. For example, the signing operation
-- * will throw this exception to indicate that the r or s value is 0, and
-- * that the signing operation should be tried again with a different nonce.
-- */
-- static class IntermediateValueException extends Exception {
-- private static final long serialVersionUID = 1;
-- }
--
-- static final Map<BigInteger, IntegerFieldModuloP> fields;
--
-- static final Map<BigInteger, IntegerFieldModuloP> orderFields;
--
-- static {
-- Map<BigInteger, IntegerFieldModuloP> map = new HashMap<>();
-- map.put(IntegerPolynomialP256.MODULUS, new IntegerPolynomialP256());
-- map.put(IntegerPolynomialP384.MODULUS, new IntegerPolynomialP384());
-- map.put(IntegerPolynomialP521.MODULUS, new IntegerPolynomialP521());
-- fields = Collections.unmodifiableMap(map);
-- map = new HashMap<>();
-- map.put(P256OrderField.MODULUS, new P256OrderField());
-- map.put(P384OrderField.MODULUS, new P384OrderField());
-- map.put(P521OrderField.MODULUS, new P521OrderField());
-- orderFields = Collections.unmodifiableMap(map);
-- }
--
-- public static Optional<ECOperations> forParameters(ECParameterSpec params) {
--
-- EllipticCurve curve = params.getCurve();
-- if (!(curve.getField() instanceof ECFieldFp)) {
-- return Optional.empty();
-- }
-- ECFieldFp primeField = (ECFieldFp) curve.getField();
--
-- BigInteger three = BigInteger.valueOf(3);
-- if (!primeField.getP().subtract(curve.getA()).equals(three)) {
-- return Optional.empty();
-- }
-- IntegerFieldModuloP field = fields.get(primeField.getP());
-- if (field == null) {
-- return Optional.empty();
-- }
--
-- IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
-- if (orderField == null) {
-- return Optional.empty();
-- }
--
-- ImmutableIntegerModuloP b = field.getElement(curve.getB());
-- ECOperations ecOps = new ECOperations(b, orderField);
-- return Optional.of(ecOps);
-- }
--
-- final ImmutableIntegerModuloP b;
-- final SmallValue one;
-- final SmallValue two;
-- final SmallValue three;
-- final SmallValue four;
-- final ProjectivePoint.Immutable neutral;
-- private final IntegerFieldModuloP orderField;
--
-- public ECOperations(IntegerModuloP b, IntegerFieldModuloP orderField) {
-- this.b = b.fixed();
-- this.orderField = orderField;
--
-- this.one = b.getField().getSmallValue(1);
-- this.two = b.getField().getSmallValue(2);
-- this.three = b.getField().getSmallValue(3);
-- this.four = b.getField().getSmallValue(4);
--
-- IntegerFieldModuloP field = b.getField();
-- this.neutral = new ProjectivePoint.Immutable(field.get0(),
-- field.get1(), field.get0());
-- }
--
-- public IntegerFieldModuloP getField() {
-- return b.getField();
-- }
-- public IntegerFieldModuloP getOrderField() {
-- return orderField;
-- }
--
-- protected ProjectivePoint.Immutable getNeutral() {
-- return neutral;
-- }
--
-- public boolean isNeutral(Point p) {
-- ProjectivePoint<?> pp = (ProjectivePoint<?>) p;
--
-- IntegerModuloP z = pp.getZ();
--
-- IntegerFieldModuloP field = z.getField();
-- int byteLength = (field.getSize().bitLength() + 7) / 8;
-- byte[] zBytes = z.asByteArray(byteLength);
-- return allZero(zBytes);
-- }
--
-- byte[] seedToScalar(byte[] seedBytes)
-- throws IntermediateValueException {
--
-- // Produce a nonce from the seed using FIPS 186-4,section B.5.1:
-- // Per-Message Secret Number Generation Using Extra Random Bits
-- // or
-- // Produce a scalar from the seed using FIPS 186-4, section B.4.1:
-- // Key Pair Generation Using Extra Random Bits
--
-- // To keep the implementation simple, sample in the range [0,n)
-- // and throw IntermediateValueException in the (unlikely) event
-- // that the result is 0.
--
-- // Get 64 extra bits and reduce in to the nonce
-- int seedBits = orderField.getSize().bitLength() + 64;
-- if (seedBytes.length * 8 < seedBits) {
-- throw new ProviderException("Incorrect seed length: " +
-- seedBytes.length * 8 + " < " + seedBits);
-- }
--
-- // input conversion only works on byte boundaries
-- // clear high-order bits of last byte so they don't influence nonce
-- int lastByteBits = seedBits % 8;
-- if (lastByteBits != 0) {
-- int lastByteIndex = seedBits / 8;
-- byte mask = (byte) (0xFF >>> (8 - lastByteBits));
-- seedBytes[lastByteIndex] &= mask;
-- }
--
-- int seedLength = (seedBits + 7) / 8;
-- IntegerModuloP scalarElem =
-- orderField.getElement(seedBytes, 0, seedLength, (byte) 0);
-- int scalarLength = (orderField.getSize().bitLength() + 7) / 8;
-- byte[] scalarArr = new byte[scalarLength];
-- scalarElem.asByteArray(scalarArr);
-- if (ECOperations.allZero(scalarArr)) {
-- throw new IntermediateValueException();
-- }
-- return scalarArr;
-- }
--
-- /*
-- * Compare all values in the array to 0 without branching on any value
-- *
-- */
-- public static boolean allZero(byte[] arr) {
-- byte acc = 0;
-- for (int i = 0; i < arr.length; i++) {
-- acc |= arr[i];
-- }
-- return acc == 0;
-- }
--
-- /*
-- * 4-bit branchless array lookup for projective points.
-- */
-- private void lookup4(ProjectivePoint.Immutable[] arr, int index,
-- ProjectivePoint.Mutable result, IntegerModuloP zero) {
--
-- for (int i = 0; i < 16; i++) {
-- int xor = index ^ i;
-- int bit3 = (xor & 0x8) >>> 3;
-- int bit2 = (xor & 0x4) >>> 2;
-- int bit1 = (xor & 0x2) >>> 1;
-- int bit0 = (xor & 0x1);
-- int inverse = bit0 | bit1 | bit2 | bit3;
-- int set = 1 - inverse;
--
-- ProjectivePoint.Immutable pi = arr[i];
-- result.conditionalSet(pi, set);
-- }
-- }
--
-- private void double4(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
-- MutableIntegerModuloP t1, MutableIntegerModuloP t2,
-- MutableIntegerModuloP t3, MutableIntegerModuloP t4) {
--
-- for (int i = 0; i < 4; i++) {
-- setDouble(p, t0, t1, t2, t3, t4);
-- }
-- }
--
-- /**
-- * Multiply an affine point by a scalar and return the result as a mutable
-- * point.
-- *
-- * @param affineP the point
-- * @param s the scalar as a little-endian array
-- * @return the product
-- */
-- public MutablePoint multiply(AffinePoint affineP, byte[] s) {
--
-- // 4-bit windowed multiply with branchless lookup.
-- // The mixed addition is faster, so it is used to construct the array
-- // at the beginning of the operation.
--
-- IntegerFieldModuloP field = affineP.getX().getField();
-- ImmutableIntegerModuloP zero = field.get0();
-- // temporaries
-- MutableIntegerModuloP t0 = zero.mutable();
-- MutableIntegerModuloP t1 = zero.mutable();
-- MutableIntegerModuloP t2 = zero.mutable();
-- MutableIntegerModuloP t3 = zero.mutable();
-- MutableIntegerModuloP t4 = zero.mutable();
--
-- ProjectivePoint.Mutable result = new ProjectivePoint.Mutable(field);
-- result.getY().setValue(field.get1().mutable());
--
-- ProjectivePoint.Immutable[] pointMultiples =
-- new ProjectivePoint.Immutable[16];
-- // 0P is neutral---same as initial result value
-- pointMultiples[0] = result.fixed();
--
-- ProjectivePoint.Mutable ps = new ProjectivePoint.Mutable(field);
-- ps.setValue(affineP);
-- // 1P = P
-- pointMultiples[1] = ps.fixed();
--
-- // the rest are calculated using mixed point addition
-- for (int i = 2; i < 16; i++) {
-- setSum(ps, affineP, t0, t1, t2, t3, t4);
-- pointMultiples[i] = ps.fixed();
-- }
--
-- ProjectivePoint.Mutable lookupResult = ps.mutable();
--
-- for (int i = s.length - 1; i >= 0; i--) {
--
-- double4(result, t0, t1, t2, t3, t4);
--
-- int high = (0xFF & s[i]) >>> 4;
-- lookup4(pointMultiples, high, lookupResult, zero);
-- setSum(result, lookupResult, t0, t1, t2, t3, t4);
--
-- double4(result, t0, t1, t2, t3, t4);
--
-- int low = 0xF & s[i];
-- lookup4(pointMultiples, low, lookupResult, zero);
-- setSum(result, lookupResult, t0, t1, t2, t3, t4);
-- }
--
-- return result;
--
-- }
--
-- /*
-- * Point double
-- */
-- private void setDouble(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
-- MutableIntegerModuloP t1, MutableIntegerModuloP t2,
-- MutableIntegerModuloP t3, MutableIntegerModuloP t4) {
--
-- t0.setValue(p.getX()).setSquare();
-- t1.setValue(p.getY()).setSquare();
-- t2.setValue(p.getZ()).setSquare();
-- t3.setValue(p.getX()).setProduct(p.getY());
-- t4.setValue(p.getY()).setProduct(p.getZ());
--
-- t3.setSum(t3);
-- p.getZ().setProduct(p.getX());
--
-- p.getZ().setProduct(two);
--
-- p.getY().setValue(t2).setProduct(b);
-- p.getY().setDifference(p.getZ());
--
-- p.getX().setValue(p.getY()).setProduct(two);
-- p.getY().setSum(p.getX());
-- p.getY().setReduced();
-- p.getX().setValue(t1).setDifference(p.getY());
--
-- p.getY().setSum(t1);
-- p.getY().setProduct(p.getX());
-- p.getX().setProduct(t3);
--
-- t3.setValue(t2).setProduct(two);
-- t2.setSum(t3);
-- p.getZ().setProduct(b);
--
-- t2.setReduced();
-- p.getZ().setDifference(t2);
-- p.getZ().setDifference(t0);
-- t3.setValue(p.getZ()).setProduct(two);
-- p.getZ().setReduced();
-- p.getZ().setSum(t3);
-- t0.setProduct(three);
--
-- t0.setDifference(t2);
-- t0.setProduct(p.getZ());
-- p.getY().setSum(t0);
--
-- t4.setSum(t4);
-- p.getZ().setProduct(t4);
--
-- p.getX().setDifference(p.getZ());
-- p.getZ().setValue(t4).setProduct(t1);
--
-- p.getZ().setProduct(four);
--
-- }
--
-- /*
-- * Mixed point addition. This method constructs new temporaries each time
-- * it is called. For better efficiency, the method that reuses temporaries
-- * should be used if more than one sum will be computed.
-- */
-- public void setSum(MutablePoint p, AffinePoint p2) {
--
-- IntegerModuloP zero = p.getField().get0();
-- MutableIntegerModuloP t0 = zero.mutable();
-- MutableIntegerModuloP t1 = zero.mutable();
-- MutableIntegerModuloP t2 = zero.mutable();
-- MutableIntegerModuloP t3 = zero.mutable();
-- MutableIntegerModuloP t4 = zero.mutable();
-- setSum((ProjectivePoint.Mutable) p, p2, t0, t1, t2, t3, t4);
--
-- }
--
-- /*
-- * Mixed point addition
-- */
-- private void setSum(ProjectivePoint.Mutable p, AffinePoint p2,
-- MutableIntegerModuloP t0, MutableIntegerModuloP t1,
-- MutableIntegerModuloP t2, MutableIntegerModuloP t3,
-- MutableIntegerModuloP t4) {
--
-- t0.setValue(p.getX()).setProduct(p2.getX());
-- t1.setValue(p.getY()).setProduct(p2.getY());
-- t3.setValue(p2.getX()).setSum(p2.getY());
-- t4.setValue(p.getX()).setSum(p.getY());
-- p.getX().setReduced();
-- t3.setProduct(t4);
-- t4.setValue(t0).setSum(t1);
--
-- t3.setDifference(t4);
-- t4.setValue(p2.getY()).setProduct(p.getZ());
-- t4.setSum(p.getY());
--
-- p.getY().setValue(p2.getX()).setProduct(p.getZ());
-- p.getY().setSum(p.getX());
-- t2.setValue(p.getZ());
-- p.getZ().setProduct(b);
--
-- p.getX().setValue(p.getY()).setDifference(p.getZ());
-- p.getX().setReduced();
-- p.getZ().setValue(p.getX()).setProduct(two);
-- p.getX().setSum(p.getZ());
--
-- p.getZ().setValue(t1).setDifference(p.getX());
-- p.getX().setSum(t1);
-- p.getY().setProduct(b);
--
-- t1.setValue(t2).setProduct(two);
-- t2.setSum(t1);
-- t2.setReduced();
-- p.getY().setDifference(t2);
--
-- p.getY().setDifference(t0);
-- p.getY().setReduced();
-- t1.setValue(p.getY()).setProduct(two);
-- p.getY().setSum(t1);
--
-- t1.setValue(t0).setProduct(two);
-- t0.setSum(t1);
-- t0.setDifference(t2);
--
-- t1.setValue(t4).setProduct(p.getY());
-- t2.setValue(t0).setProduct(p.getY());
-- p.getY().setValue(p.getX()).setProduct(p.getZ());
--
-- p.getY().setSum(t2);
-- p.getX().setProduct(t3);
-- p.getX().setDifference(t1);
--
-- p.getZ().setProduct(t4);
-- t1.setValue(t3).setProduct(t0);
-- p.getZ().setSum(t1);
--
-- }
--
-- /*
-- * Projective point addition
-- */
-- private void setSum(ProjectivePoint.Mutable p, ProjectivePoint.Mutable p2,
-- MutableIntegerModuloP t0, MutableIntegerModuloP t1,
-- MutableIntegerModuloP t2, MutableIntegerModuloP t3,
-- MutableIntegerModuloP t4) {
--
-- t0.setValue(p.getX()).setProduct(p2.getX());
-- t1.setValue(p.getY()).setProduct(p2.getY());
-- t2.setValue(p.getZ()).setProduct(p2.getZ());
--
-- t3.setValue(p.getX()).setSum(p.getY());
-- t4.setValue(p2.getX()).setSum(p2.getY());
-- t3.setProduct(t4);
--
-- t4.setValue(t0).setSum(t1);
-- t3.setDifference(t4);
-- t4.setValue(p.getY()).setSum(p.getZ());
--
-- p.getY().setValue(p2.getY()).setSum(p2.getZ());
-- t4.setProduct(p.getY());
-- p.getY().setValue(t1).setSum(t2);
--
-- t4.setDifference(p.getY());
-- p.getX().setSum(p.getZ());
-- p.getY().setValue(p2.getX()).setSum(p2.getZ());
--
-- p.getX().setProduct(p.getY());
-- p.getY().setValue(t0).setSum(t2);
-- p.getY().setAdditiveInverse().setSum(p.getX());
-- p.getY().setReduced();
--
-- p.getZ().setValue(t2).setProduct(b);
-- p.getX().setValue(p.getY()).setDifference(p.getZ());
-- p.getZ().setValue(p.getX()).setProduct(two);
--
-- p.getX().setSum(p.getZ());
-- p.getX().setReduced();
-- p.getZ().setValue(t1).setDifference(p.getX());
-- p.getX().setSum(t1);
--
-- p.getY().setProduct(b);
-- t1.setValue(t2).setSum(t2);
-- t2.setSum(t1);
-- t2.setReduced();
--
-- p.getY().setDifference(t2);
-- p.getY().setDifference(t0);
-- p.getY().setReduced();
-- t1.setValue(p.getY()).setSum(p.getY());
--
-- p.getY().setSum(t1);
-- t1.setValue(t0).setProduct(two);
-- t0.setSum(t1);
--
-- t0.setDifference(t2);
-- t1.setValue(t4).setProduct(p.getY());
-- t2.setValue(t0).setProduct(p.getY());
--
-- p.getY().setValue(p.getX()).setProduct(p.getZ());
-- p.getY().setSum(t2);
-- p.getX().setProduct(t3);
--
-- p.getX().setDifference(t1);
-- p.getZ().setProduct(t4);
-- t1.setValue(t3).setProduct(t0);
--
-- p.getZ().setSum(t1);
--
-- }
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,76 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.ec.point;
--
--import sun.security.util.math.ImmutableIntegerModuloP;
--
--import java.util.Objects;
--
--/**
-- * Elliptic curve point represented using affine coordinates (x, y). This class
-- * is not part of the sun.security.ec.point.Point hierarchy because it is not
-- * used to hold intermediate values during point arithmetic, and so it does not
-- * have a mutable form.
-- */
--public class AffinePoint {
--
-- private final ImmutableIntegerModuloP x;
-- private final ImmutableIntegerModuloP y;
--
-- public AffinePoint(ImmutableIntegerModuloP x, ImmutableIntegerModuloP y) {
-- this.x = x;
-- this.y = y;
-- }
--
-- public ImmutableIntegerModuloP getX() {
-- return x;
-- }
--
-- public ImmutableIntegerModuloP getY() {
-- return y;
-- }
--
-- @Override
-- public boolean equals(Object obj) {
-- if (!(obj instanceof AffinePoint)) {
-- return false;
-- }
-- AffinePoint p = (AffinePoint) obj;
-- boolean xEquals = x.asBigInteger().equals(p.x.asBigInteger());
-- boolean yEquals = y.asBigInteger().equals(p.y.asBigInteger());
-- return xEquals && yEquals;
-- }
--
-- @Override
-- public int hashCode() {
-- return Objects.hash(x, y);
-- }
--
-- @Override
-- public String toString() {
-- return "(" + x.asBigInteger().toString() + "," +
-- y.asBigInteger().toString() + ")";
-- }
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,32 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--package sun.security.ec.point;
--
--/**
-- * An interface for immutable points on an elliptic curve over a finite field.
-- */
--public interface ImmutablePoint extends Point {
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,37 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--package sun.security.ec.point;
--
--/**
-- * An interface for mutable points on an elliptic curve over a finite field.
-- */
--public interface MutablePoint extends Point {
--
-- MutablePoint setValue(AffinePoint p);
-- MutablePoint setValue(Point p);
-- MutablePoint conditionalSet(Point p, int set);
--
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/Point.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/point/Point.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,45 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--package sun.security.ec.point;
--
--import sun.security.util.math.IntegerFieldModuloP;
--
--/**
-- * A base interface for points on an elliptic curve over a finite field.
-- * Implementations may use different representations for points, and this
-- * interface creates a common API for manipulating points. This API has no
-- * methods for point arithmetic, which depends on group structure and curve
-- * parameters in addition to point representation.
-- */
--public interface Point {
--
-- IntegerFieldModuloP getField();
-- AffinePoint asAffine();
--
-- ImmutablePoint fixed();
-- MutablePoint mutable();
--
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,160 +0,0 @@
--/*
-- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.ec.point;
--
--import sun.security.util.math.*;
--
--/**
-- * Elliptic curve point in projective coordinates (X, Y, Z) where
-- * an affine point (x, y) is represented using any (X, Y, Z) s.t.
-- * x = X/Z and y = Y/Z.
-- */
--public abstract class ProjectivePoint
-- <T extends IntegerModuloP> implements Point {
--
-- protected final T x;
-- protected final T y;
-- protected final T z;
--
-- protected ProjectivePoint(T x, T y, T z) {
--
-- this.x = x;
-- this.y = y;
-- this.z = z;
-- }
--
-- @Override
-- public IntegerFieldModuloP getField() {
-- return this.x.getField();
-- }
--
-- @Override
-- public Immutable fixed() {
-- return new Immutable(x.fixed(), y.fixed(), z.fixed());
-- }
--
-- @Override
-- public Mutable mutable() {
-- return new Mutable(x.mutable(), y.mutable(), z.mutable());
-- }
--
-- public T getX() {
-- return x;
-- }
--
-- public T getY() {
-- return y;
-- }
--
-- public T getZ() {
-- return z;
-- }
--
-- public AffinePoint asAffine() {
-- IntegerModuloP zInv = z.multiplicativeInverse();
-- return new AffinePoint(x.multiply(zInv), y.multiply(zInv));
-- }
--
-- public static class Immutable
-- extends ProjectivePoint<ImmutableIntegerModuloP>
-- implements ImmutablePoint {
--
-- public Immutable(ImmutableIntegerModuloP x,
-- ImmutableIntegerModuloP y,
-- ImmutableIntegerModuloP z) {
-- super(x, y, z);
-- }
-- }
--
-- public static class Mutable
-- extends ProjectivePoint<MutableIntegerModuloP>
-- implements MutablePoint {
--
-- public Mutable(MutableIntegerModuloP x,
-- MutableIntegerModuloP y,
-- MutableIntegerModuloP z) {
-- super(x, y, z);
-- }
--
-- public Mutable(IntegerFieldModuloP field) {
-- super(field.get0().mutable(),
-- field.get0().mutable(),
-- field.get0().mutable());
-- }
--
-- @Override
-- public Mutable conditionalSet(Point p, int set) {
-- if (!(p instanceof ProjectivePoint)) {
-- throw new RuntimeException("Incompatible point");
-- }
-- @SuppressWarnings("unchecked")
-- ProjectivePoint<IntegerModuloP> pp =
-- (ProjectivePoint<IntegerModuloP>) p;
-- return conditionalSet(pp, set);
-- }
--
-- private <T extends IntegerModuloP>
-- Mutable conditionalSet(ProjectivePoint<T> pp, int set) {
--
-- x.conditionalSet(pp.x, set);
-- y.conditionalSet(pp.y, set);
-- z.conditionalSet(pp.z, set);
--
-- return this;
-- }
--
-- @Override
-- public Mutable setValue(AffinePoint p) {
-- x.setValue(p.getX());
-- y.setValue(p.getY());
-- z.setValue(p.getX().getField().get1());
--
-- return this;
-- }
--
-- @Override
-- public Mutable setValue(Point p) {
-- if (!(p instanceof ProjectivePoint)) {
-- throw new RuntimeException("Incompatible point");
-- }
-- @SuppressWarnings("unchecked")
-- ProjectivePoint<IntegerModuloP> pp =
-- (ProjectivePoint<IntegerModuloP>) p;
-- return setValue(pp);
-- }
--
-- private <T extends IntegerModuloP>
-- Mutable setValue(ProjectivePoint<T> pp) {
--
-- x.setValue(pp.x);
-- y.setValue(pp.y);
-- z.setValue(pp.z);
--
-- return this;
-- }
--
-- }
--
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/Function.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/Function.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,44 +0,0 @@
--/*
-- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--/**
-- * Represents a function that accepts one argument and produces a result.
-- *
-- * @param <T> the type of the input to the function
-- * @param <R> the type of the result of the function
-- *
-- * @since 1.8
-- */
--public interface Function<T, R> {
--
-- /**
-- * Applies this function to the given argument.
-- *
-- * @param t the function argument
-- * @return the function result
-- */
-- R apply(T t);
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/Optional.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/Optional.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,271 +0,0 @@
--/*
-- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--import java.util.Objects;
--import java.util.NoSuchElementException;
--
--/**
-- * A container object which may or may not contain a non-null value.
-- * If a value is present, {@code isPresent()} will return {@code true} and
-- * {@code get()} will return the value.
-- *
-- * <p>Additional methods that depend on the presence or absence of a contained
-- * value are provided, such as {@link #orElse(java.lang.Object) orElse()}
-- * (return a default value if value not present) and
-- * {@link #ifPresent(java.util.function.Consumer) ifPresent()} (execute a block
-- * of code if the value is present).
-- *
-- * <p>This is a <a href="../lang/doc-files/ValueBased.html">value-based</a>
-- * class; use of identity-sensitive operations (including reference equality
-- * ({@code ==}), identity hash code, or synchronization) on instances of
-- * {@code Optional} may have unpredictable results and should be avoided.
-- *
-- * @since 1.8
-- */
--public final class Optional<T> {
-- /**
-- * Common instance for {@code empty()}.
-- */
-- private static final Optional<?> EMPTY = new Optional<>();
--
-- /**
-- * If non-null, the value; if null, indicates no value is present
-- */
-- private final T value;
--
-- /**
-- * Constructs an empty instance.
-- *
-- * @implNote Generally only one empty instance, {@link Optional#EMPTY},
-- * should exist per VM.
-- */
-- private Optional() {
-- this.value = null;
-- }
--
-- /**
-- * Returns an empty {@code Optional} instance. No value is present for this
-- * {@code Optional}.
-- *
-- * @apiNote
-- * Though it may be tempting to do so, avoid testing if an object is empty
-- * by comparing with {@code ==} against instances returned by
-- * {@code Optional.empty()}. There is no guarantee that it is a singleton.
-- * Instead, use {@link #isPresent()}.
-- *
-- * @param <T> The type of the non-existent value
-- * @return an empty {@code Optional}
-- */
-- public static<T> Optional<T> empty() {
-- @SuppressWarnings("unchecked")
-- Optional<T> t = (Optional<T>) EMPTY;
-- return t;
-- }
--
--
-- /**
-- * Constructs an instance with the described value.
-- *
-- * @param value the non-{@code null} value to describe
-- * @throws NullPointerException if value is {@code null}
-- */
-- private Optional(T value) {
-- this.value = Objects.requireNonNull(value);
-- }
--
-- /**
-- * Returns an {@code Optional} describing the given non-{@code null}
-- * value.
-- *
-- * @param value the value to describe, which must be non-{@code null}
-- * @param <T> the type of the value
-- * @return an {@code Optional} with the value present
-- * @throws NullPointerException if value is {@code null}
-- */
-- public static <T> Optional<T> of(T value) {
-- return new Optional<>(value);
-- }
--
-- /**
-- * Returns an {@code Optional} describing the specified value, if non-null,
-- * otherwise returns an empty {@code Optional}.
-- *
-- * @param <T> the class of the value
-- * @param value the possibly-null value to describe
-- * @return an {@code Optional} with a present value if the specified value
-- * is non-null, otherwise an empty {@code Optional}
-- */
-- public static <T> Optional<T> ofNullable(T value) {
-- return value == null ? new Optional<T>() : of(value);
-- }
--
-- /**
-- * If a value is present, returns the value, otherwise throws
-- * {@code NoSuchElementException}.
-- *
-- * @apiNote
-- * The preferred alternative to this method is {@link #orElseThrow()}.
-- *
-- * @return the non-{@code null} value described by this {@code Optional}
-- * @throws NoSuchElementException if no value is present
-- */
-- public T get() {
-- if (value == null) {
-- throw new NoSuchElementException("No value present");
-- }
-- return value;
-- }
--
-- /**
-- * If a value is present, returns {@code true}, otherwise {@code false}.
-- *
-- * @return {@code true} if a value is present, otherwise {@code false}
-- */
-- public boolean isPresent() {
-- return value != null;
-- }
--
-- /**
-- * If a value is not present, returns {@code true}, otherwise
-- * {@code false}.
-- *
-- * @return {@code true} if a value is not present, otherwise {@code false}
-- * @since 11
-- */
-- public boolean isEmpty() {
-- return value == null;
-- }
--
-- /**
-- * If a value is present, apply the provided mapping function to it,
-- * and if the result is non-null, return an {@code Optional} describing the
-- * result. Otherwise return an empty {@code Optional}.
-- *
-- * @apiNote This method supports post-processing on optional values, without
-- * the need to explicitly check for a return status. For example, the
-- * following code traverses a stream of file names, selects one that has
-- * not yet been processed, and then opens that file, returning an
-- * {@code Optional<FileInputStream>}:
-- *
-- * <pre>{@code
-- * Optional<FileInputStream> fis =
-- * names.stream().filter(name -> !isProcessedYet(name))
-- * .findFirst()
-- * .map(name -> new FileInputStream(name));
-- * }</pre>
-- *
-- * Here, {@code findFirst} returns an {@code Optional<String>}, and then
-- * {@code map} returns an {@code Optional<FileInputStream>} for the desired
-- * file if one exists.
-- *
-- * @param <U> The type of the result of the mapping function
-- * @param mapper a mapping function to apply to the value, if present
-- * @return an {@code Optional} describing the result of applying a mapping
-- * function to the value of this {@code Optional}, if a value is present,
-- * otherwise an empty {@code Optional}
-- * @throws NullPointerException if the mapping function is null
-- */
-- public<U> Optional<U> map(Function<? super T, ? extends U> mapper) {
-- Objects.requireNonNull(mapper);
-- if (!isPresent())
-- return empty();
-- else {
-- return Optional.ofNullable(mapper.apply(value));
-- }
-- }
--
-- /**
-- * Return the value if present, otherwise invoke {@code other} and return
-- * the result of that invocation.
-- *
-- * @param other a {@code Supplier} whose result is returned if no value
-- * is present
-- * @return the value if present otherwise the result of {@code other.get()}
-- * @throws NullPointerException if value is not present and {@code other} is
-- * null
-- */
-- public T orElseGet(Supplier<? extends T> other) {
-- return value != null ? value : other.get();
-- }
--
-- /**
-- * Indicates whether some other object is "equal to" this {@code Optional}.
-- * The other object is considered equal if:
-- * <ul>
-- * <li>it is also an {@code Optional} and;
-- * <li>both instances have no value present or;
-- * <li>the present values are "equal to" each other via {@code equals()}.
-- * </ul>
-- *
-- * @param obj an object to be tested for equality
-- * @return {@code true} if the other object is "equal to" this object
-- * otherwise {@code false}
-- */
-- @Override
-- public boolean equals(Object obj) {
-- if (this == obj) {
-- return true;
-- }
--
-- if (!(obj instanceof Optional)) {
-- return false;
-- }
--
-- Optional<?> other = (Optional<?>) obj;
-- return Objects.equals(value, other.value);
-- }
--
-- /**
-- * Returns the hash code of the value, if present, otherwise {@code 0}
-- * (zero) if no value is present.
-- *
-- * @return hash code value of the present value or {@code 0} if no value is
-- * present
-- */
-- @Override
-- public int hashCode() {
-- return Objects.hashCode(value);
-- }
--
-- /**
-- * Returns a non-empty string representation of this {@code Optional}
-- * suitable for debugging. The exact presentation format is unspecified and
-- * may vary between implementations and versions.
-- *
-- * @implSpec
-- * If a value is present the result must include its string representation
-- * in the result. Empty and present {@code Optional}s must be unambiguously
-- * differentiable.
-- *
-- * @return the string representation of this instance
-- */
-- @Override
-- public String toString() {
-- return value != null
-- ? String.format("Optional[%s]", value)
-- : "Optional.empty";
-- }
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/Supplier.java 2019-07-14 02:30:40.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/Supplier.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,48 +0,0 @@
--/*
-- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--/**
-- * Represents a supplier of results.
-- *
-- * <p>There is no requirement that a new or distinct result be returned each
-- * time the supplier is invoked.
-- *
-- * <p>This is a <a href="package-summary.html">functional interface</a>
-- * whose functional method is {@link #get()}.
-- *
-- * @param <T> the type of results supplied by this supplier
-- *
-- * @since 1.8
-- */
--public interface Supplier<T> {
--
-- /**
-- * Gets a result.
-- *
-- * @return a result
-- */
-- T get();
--}
diff --git a/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch b/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch
deleted file mode 100644
index dc2eac6225..0000000000
--- a/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch
+++ /dev/null
@@ -1,1377 +0,0 @@
-Revert a32dc7400435 due build error
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -38,6 +38,7 @@
-
- import java.security.InvalidKeyException;
- import java.security.MessageDigest;
-+import java.util.Objects;
-
- /**
- * Rijndael --pronounced Reindaal-- is a symmetric cipher with a 128-bit
-@@ -347,8 +348,8 @@
- */
- void encryptBlock(byte[] in, int inOffset,
- byte[] out, int outOffset) {
-- // Array bound checks are done in caller code, i.e.
-- // FeedbackCipher.encrypt/decrypt(...) to improve performance.
-+ cryptBlockCheck(in, inOffset);
-+ cryptBlockCheck(out, outOffset);
- implEncryptBlock(in, inOffset, out, outOffset);
- }
-
-@@ -425,8 +426,8 @@
- */
- void decryptBlock(byte[] in, int inOffset,
- byte[] out, int outOffset) {
-- // Array bound checks are done in caller code, i.e.
-- // FeedbackCipher.encrypt/decrypt(...) to improve performance.
-+ cryptBlockCheck(in, inOffset);
-+ cryptBlockCheck(out, outOffset);
- implDecryptBlock(in, inOffset, out, outOffset);
- }
-
-@@ -587,6 +588,26 @@
- out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 ));
- }
-
-+ // Used to perform all checks required by the Java semantics
-+ // (i.e., null checks and bounds checks) on the input parameters
-+ // to encryptBlock and to decryptBlock.
-+ // Normally, the Java Runtime performs these checks, however, as
-+ // encryptBlock and decryptBlock are possibly replaced with
-+ // compiler intrinsics, the JDK performs the required checks instead.
-+ // Does not check accesses to class-internal (private) arrays.
-+ private static void cryptBlockCheck(byte[] array, int offset) {
-+ Objects.requireNonNull(array);
-+
-+ if (offset < 0 || offset >= array.length) {
-+ throw new ArrayIndexOutOfBoundsException(offset);
-+ }
-+
-+ int largestIndex = offset + AES_BLOCK_SIZE - 1;
-+ if (largestIndex < 0 || largestIndex >= array.length) {
-+ throw new ArrayIndexOutOfBoundsException(largestIndex);
-+ }
-+ }
-+
- /**
- * Expand a user-supplied key material into a session key.
- *
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -29,7 +29,6 @@
- import java.security.ProviderException;
- import java.util.Objects;
-
--import sun.security.util.ArrayUtil;
-
- /**
- * This class represents ciphers in cipher block chaining (CBC) mode.
-@@ -144,9 +143,9 @@
- if (plainLen <= 0) {
- return plainLen;
- }
-- ArrayUtil.blockSizeCheck(plainLen, blockSize);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
-+ cryptBlockSizeCheck(plainLen);
-+ cryptNullAndBoundsCheck(plain, plainOffset, plainLen);
-+ cryptNullAndBoundsCheck(cipher, cipherOffset, plainLen);
- return implEncrypt(plain, plainOffset, plainLen,
- cipher, cipherOffset);
- }
-@@ -194,9 +193,9 @@
- if (cipherLen <= 0) {
- return cipherLen;
- }
-- ArrayUtil.blockSizeCheck(cipherLen, blockSize);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
-+ cryptBlockSizeCheck(cipherLen);
-+ cryptNullAndBoundsCheck(cipher, cipherOffset, cipherLen);
-+ cryptNullAndBoundsCheck(plain, plainOffset, cipherLen);
- return implDecrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
- }
-
-@@ -215,4 +214,23 @@
- }
- return cipherLen;
- }
-+
-+ private void cryptBlockSizeCheck(int len) {
-+ if ((len % blockSize) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
-+ }
-+
-+ private static void cryptNullAndBoundsCheck(byte[] array, int offset, int len) {
-+ Objects.requireNonNull(array);
-+
-+ if (offset < 0 || offset >= array.length) {
-+ throw new ArrayIndexOutOfBoundsException(offset);
-+ }
-+
-+ int endIndex = offset + len - 1;
-+ if (endIndex < 0 || endIndex >= array.length) {
-+ throw new ArrayIndexOutOfBoundsException(endIndex);
-+ }
-+ }
- }
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -27,7 +27,6 @@
-
- import java.security.InvalidKeyException;
- import java.security.ProviderException;
--import sun.security.util.ArrayUtil;
-
- /**
- * This class represents ciphers in cipher-feedback (CFB) mode.
-@@ -150,9 +149,9 @@
- */
- int encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset) {
-- ArrayUtil.blockSizeCheck(plainLen, numBytes);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
-+ if ((plainLen % numBytes) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
-
- int nShift = blockSize - numBytes;
- int loopCount = plainLen / numBytes;
-@@ -226,10 +225,9 @@
- */
- int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset) {
--
-- ArrayUtil.blockSizeCheck(cipherLen, numBytes);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
-+ if ((cipherLen % numBytes) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
-
- int nShift = blockSize - numBytes;
- int loopCount = cipherLen / numBytes;
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -27,7 +27,6 @@
-
- import java.security.InvalidKeyException;
-
--import sun.security.util.ArrayUtil;
-
- /**
- * This class represents ciphers in counter (CTR) mode.
-@@ -174,10 +173,6 @@
- if (len == 0) {
- return 0;
- }
--
-- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
-- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
--
- int result = len;
- while (len-- > 0) {
- if (used >= blockSize) {
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -27,7 +27,6 @@
-
- import java.security.InvalidKeyException;
- import java.security.ProviderException;
--import sun.security.util.ArrayUtil;
-
- /**
- * This class represents ciphers in electronic codebook (ECB) mode.
-@@ -113,10 +112,9 @@
- * @return the length of the encrypted data
- */
- int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
-- ArrayUtil.blockSizeCheck(len, blockSize);
-- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
-- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
--
-+ if ((len % blockSize) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
- for (int i = len; i >= blockSize; i -= blockSize) {
- embeddedCipher.encryptBlock(in, inOff, out, outOff);
- inOff += blockSize;
-@@ -143,10 +141,9 @@
- * @return the length of the decrypted data
- */
- int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
-- ArrayUtil.blockSizeCheck(len, blockSize);
-- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
-- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
--
-+ if ((len % blockSize) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
- for (int i = len; i >= blockSize; i -= blockSize) {
- embeddedCipher.decryptBlock(in, inOff, out, outOff);
- inOff += blockSize;
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -27,7 +27,6 @@
-
- import java.security.InvalidKeyException;
- import java.security.ProviderException;
--import sun.security.util.ArrayUtil;
-
- /**
- * This class represents ciphers in output-feedback (OFB) mode.
-@@ -149,10 +148,10 @@
- */
- int encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset) {
-- ArrayUtil.blockSizeCheck(plainLen, numBytes);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
-
-+ if ((plainLen % numBytes) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
- int nShift = blockSize - numBytes;
- int loopCount = plainLen / numBytes;
-
-@@ -190,9 +189,6 @@
- */
- int encryptFinal(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset) {
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
--
- int oddBytes = plainLen % numBytes;
- int len = encrypt(plain, plainOffset, (plainLen - oddBytes),
- cipher, cipherOffset);
---- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-04 19:20:08.000000000 +0200
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -27,7 +27,6 @@
-
- import java.security.InvalidKeyException;
- import java.security.ProviderException;
--import sun.security.util.ArrayUtil;
-
-
- /**
-@@ -137,10 +136,9 @@
- int encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset)
- {
-- ArrayUtil.blockSizeCheck(plainLen, blockSize);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
--
-+ if ((plainLen % blockSize) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
- int i;
- int endIndex = plainOffset + plainLen;
-
-@@ -178,10 +176,9 @@
- int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset)
- {
-- ArrayUtil.blockSizeCheck(cipherLen, blockSize);
-- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
-- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
--
-+ if ((cipherLen % blockSize) != 0) {
-+ throw new ProviderException("Internal error in input buffering");
-+ }
- int i;
- int endIndex = cipherOffset + cipherLen;
-
---- openjdk.orig/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-04 19:20:08.000000000 +0200
-@@ -25,38 +25,12 @@
-
- package sun.security.util;
-
--import java.util.List;
--import java.security.*;
--
- /**
- * This class holds the various utility methods for array range checks.
- */
-
- public final class ArrayUtil {
-
-- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator =
-- new Function<String, ArrayIndexOutOfBoundsException>() {
-- @Override
-- public ArrayIndexOutOfBoundsException apply(String x) {
-- return new ArrayIndexOutOfBoundsException(x);
-- }
-- };
--
-- private static final BiFunction<String, List<Integer>,
-- ArrayIndexOutOfBoundsException> AIOOBE_SUPPLIER =
-- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator);
--
-- public static void blockSizeCheck(int len, int blockSize) {
-- if ((len % blockSize) != 0) {
-- throw new ProviderException("Internal error in input buffering");
-- }
-- }
--
-- public static void nullAndBoundsCheck(byte[] array, int offset, int len) {
-- // NPE is thrown when array is null
-- Preconditions.checkFromIndexSize(offset, len, array.length, AIOOBE_SUPPLIER);
-- }
--
- private static void swap(byte[] arr, int i, int j) {
- byte tmp = arr[i];
- arr[i] = arr[j];
-@@ -74,3 +48,4 @@
- }
- }
- }
-+
---- openjdk.orig/jdk/src/share/classes/sun/security/util/BiConsumer.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/BiConsumer.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,48 +0,0 @@
--/*
-- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--/**
-- * Represents an operation that accepts two input arguments and returns no
-- * result. This is the two-arity specialization of {@link Consumer}.
-- * Unlike most other functional interfaces, {@code BiConsumer} is expected
-- * to operate via side-effects.
-- *
-- * @param <T> the type of the first argument to the operation
-- * @param <U> the type of the second argument to the operation
-- *
-- * @see Consumer
-- * @since 1.8
-- */
--public interface BiConsumer<T, U> {
--
-- /**
-- * Performs this operation on the given arguments.
-- *
-- * @param t the first input argument
-- * @param u the second input argument
-- */
-- void accept(T t, U u);
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/BiFunction.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/BiFunction.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,48 +0,0 @@
--/*
-- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--/**
-- * Represents a function that accepts two arguments and produces a result.
-- * This is the two-arity specialization of {@link Function}.
-- *
-- * @param <T> the type of the first argument to the function
-- * @param <U> the type of the second argument to the function
-- * @param <R> the type of the result of the function
-- *
-- * @see Function
-- * @since 1.8
-- */
--public interface BiFunction<T, U, R> {
--
-- /**
-- * Applies this function to the given arguments.
-- *
-- * @param t the first function argument
-- * @param u the second function argument
-- * @return the function result
-- */
-- R apply(T t, U u);
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/IntSupplier.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/IntSupplier.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,45 +0,0 @@
--/*
-- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--/**
-- * Represents a supplier of {@code int}-valued results. This is the
-- * {@code int}-producing primitive specialization of {@link Supplier}.
-- *
-- * <p>There is no requirement that a distinct result be returned each
-- * time the supplier is invoked.
-- *
-- * @see Supplier
-- * @since 1.8
-- */
--public interface IntSupplier {
--
-- /**
-- * Gets a result.
-- *
-- * @return a result
-- */
-- int getAsInt();
--}
---- openjdk.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/src/share/classes/sun/security/util/Preconditions.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,343 +0,0 @@
--/*
-- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation. Oracle designates this
-- * particular file as subject to the "Classpath" exception as provided
-- * by Oracle in the LICENSE file that accompanied this code.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--package sun.security.util;
--
--import java.util.Arrays;
--import java.util.Collections;
--import java.util.List;
--
--/**
-- * Utility methods to check if state or arguments are correct.
-- *
-- */
--public class Preconditions {
--
-- /**
-- * Maps out-of-bounds values to a runtime exception.
-- *
-- * @param checkKind the kind of bounds check, whose name may correspond
-- * to the name of one of the range check methods, checkIndex,
-- * checkFromToIndex, checkFromIndexSize
-- * @param args the out-of-bounds arguments that failed the range check.
-- * If the checkKind corresponds a the name of a range check method
-- * then the bounds arguments are those that can be passed in order
-- * to the method.
-- * @param oobef the exception formatter that when applied with a checkKind
-- * and a list out-of-bounds arguments returns a runtime exception.
-- * If {@code null} then, it is as if an exception formatter was
-- * supplied that returns {@link IndexOutOfBoundsException} for any
-- * given arguments.
-- * @return the runtime exception
-- */
-- private static RuntimeException outOfBounds(
-- BiFunction<String, List<Integer>, ? extends RuntimeException> oobef,
-- String checkKind,
-- Integer... args) {
-- List<Integer> largs = Collections.unmodifiableList(Arrays.asList(args));
-- RuntimeException e = oobef == null
-- ? null : oobef.apply(checkKind, largs);
-- return e == null
-- ? new IndexOutOfBoundsException(outOfBoundsMessage(checkKind, largs)) : e;
-- }
--
-- private static RuntimeException outOfBoundsCheckIndex(
-- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
-- int index, int length) {
-- return outOfBounds(oobe, "checkIndex", index, length);
-- }
--
-- private static RuntimeException outOfBoundsCheckFromToIndex(
-- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
-- int fromIndex, int toIndex, int length) {
-- return outOfBounds(oobe, "checkFromToIndex", fromIndex, toIndex, length);
-- }
--
-- private static RuntimeException outOfBoundsCheckFromIndexSize(
-- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
-- int fromIndex, int size, int length) {
-- return outOfBounds(oobe, "checkFromIndexSize", fromIndex, size, length);
-- }
--
-- /**
-- * Returns an out-of-bounds exception formatter from an given exception
-- * factory. The exception formatter is a function that formats an
-- * out-of-bounds message from its arguments and applies that message to the
-- * given exception factory to produce and relay an exception.
-- *
-- * <p>The exception formatter accepts two arguments: a {@code String}
-- * describing the out-of-bounds range check that failed, referred to as the
-- * <em>check kind</em>; and a {@code List<Integer>} containing the
-- * out-of-bound integer values that failed the check. The list of
-- * out-of-bound values is not modified.
-- *
-- * <p>Three check kinds are supported {@code checkIndex},
-- * {@code checkFromToIndex} and {@code checkFromIndexSize} corresponding
-- * respectively to the specified application of an exception formatter as an
-- * argument to the out-of-bounds range check methods
-- * {@link #checkIndex(int, int, BiFunction) checkIndex},
-- * {@link #checkFromToIndex(int, int, int, BiFunction) checkFromToIndex}, and
-- * {@link #checkFromIndexSize(int, int, int, BiFunction) checkFromIndexSize}.
-- * Thus a supported check kind corresponds to a method name and the
-- * out-of-bound integer values correspond to method argument values, in
-- * order, preceding the exception formatter argument (similar in many
-- * respects to the form of arguments required for a reflective invocation of
-- * such a range check method).
-- *
-- * <p>Formatter arguments conforming to such supported check kinds will
-- * produce specific exception messages describing failed out-of-bounds
-- * checks. Otherwise, more generic exception messages will be produced in
-- * any of the following cases: the check kind is supported but fewer
-- * or more out-of-bounds values are supplied, the check kind is not
-- * supported, the check kind is {@code null}, or the list of out-of-bound
-- * values is {@code null}.
-- *
-- * @apiNote
-- * This method produces an out-of-bounds exception formatter that can be
-- * passed as an argument to any of the supported out-of-bounds range check
-- * methods declared by {@code Objects}. For example, a formatter producing
-- * an {@code ArrayIndexOutOfBoundsException} may be produced and stored on a
-- * {@code static final} field as follows:
-- * <pre>{@code
-- * static final
-- * BiFunction<String, List<Integer>, ArrayIndexOutOfBoundsException> AIOOBEF =
-- * outOfBoundsExceptionFormatter(ArrayIndexOutOfBoundsException::new);
-- * }</pre>
-- * The formatter instance {@code AIOOBEF} may be passed as an argument to an
-- * out-of-bounds range check method, such as checking if an {@code index}
-- * is within the bounds of a {@code limit}:
-- * <pre>{@code
-- * checkIndex(index, limit, AIOOBEF);
-- * }</pre>
-- * If the bounds check fails then the range check method will throw an
-- * {@code ArrayIndexOutOfBoundsException} with an appropriate exception
-- * message that is a produced from {@code AIOOBEF} as follows:
-- * <pre>{@code
-- * AIOOBEF.apply("checkIndex", List.of(index, limit));
-- * }</pre>
-- *
-- * @param f the exception factory, that produces an exception from a message
-- * where the message is produced and formatted by the returned
-- * exception formatter. If this factory is stateless and side-effect
-- * free then so is the returned formatter.
-- * Exceptions thrown by the factory are relayed to the caller
-- * of the returned formatter.
-- * @param <X> the type of runtime exception to be returned by the given
-- * exception factory and relayed by the exception formatter
-- * @return the out-of-bounds exception formatter
-- */
-- public static <X extends RuntimeException>
-- BiFunction<String, List<Integer>, X> outOfBoundsExceptionFormatter(final Function<String, X> f) {
-- // Use anonymous class to avoid bootstrap issues if this method is
-- // used early in startup
-- return new BiFunction<String, List<Integer>, X>() {
-- @Override
-- public X apply(String checkKind, List<Integer> args) {
-- return f.apply(outOfBoundsMessage(checkKind, args));
-- }
-- };
-- }
--
-- private static String outOfBoundsMessage(String checkKind, List<Integer> args) {
-- if (checkKind == null && args == null) {
-- return String.format("Range check failed");
-- } else if (checkKind == null) {
-- return String.format("Range check failed: %s", args);
-- } else if (args == null) {
-- return String.format("Range check failed: %s", checkKind);
-- }
--
-- int argSize = 0;
-- switch (checkKind) {
-- case "checkIndex":
-- argSize = 2;
-- break;
-- case "checkFromToIndex":
-- case "checkFromIndexSize":
-- argSize = 3;
-- break;
-- default:
-- }
--
-- // Switch to default if fewer or more arguments than required are supplied
-- switch ((args.size() != argSize) ? "" : checkKind) {
-- case "checkIndex":
-- return String.format("Index %d out-of-bounds for length %d",
-- args.get(0), args.get(1));
-- case "checkFromToIndex":
-- return String.format("Range [%d, %d) out-of-bounds for length %d",
-- args.get(0), args.get(1), args.get(2));
-- case "checkFromIndexSize":
-- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
-- args.get(0), args.get(1), args.get(2));
-- default:
-- return String.format("Range check failed: %s %s", checkKind, args);
-- }
-- }
--
-- /**
-- * Checks if the {@code index} is within the bounds of the range from
-- * {@code 0} (inclusive) to {@code length} (exclusive).
-- *
-- * <p>The {@code index} is defined to be out-of-bounds if any of the
-- * following inequalities is true:
-- * <ul>
-- * <li>{@code index < 0}</li>
-- * <li>{@code index >= length}</li>
-- * <li>{@code length < 0}, which is implied from the former inequalities</li>
-- * </ul>
-- *
-- * <p>If the {@code index} is out-of-bounds, then a runtime exception is
-- * thrown that is the result of applying the following arguments to the
-- * exception formatter: the name of this method, {@code checkIndex};
-- * and an unmodifiable list integers whose values are, in order, the
-- * out-of-bounds arguments {@code index} and {@code length}.
-- *
-- * @param <X> the type of runtime exception to throw if the arguments are
-- * out-of-bounds
-- * @param index the index
-- * @param length the upper-bound (exclusive) of the range
-- * @param oobef the exception formatter that when applied with this
-- * method name and out-of-bounds arguments returns a runtime
-- * exception. If {@code null} or returns {@code null} then, it is as
-- * if an exception formatter produced from an invocation of
-- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
-- * instead (though it may be more efficient).
-- * Exceptions thrown by the formatter are relayed to the caller.
-- * @return {@code index} if it is within bounds of the range
-- * @throws X if the {@code index} is out-of-bounds and the exception
-- * formatter is non-{@code null}
-- * @throws IndexOutOfBoundsException if the {@code index} is out-of-bounds
-- * and the exception formatter is {@code null}
-- * @since 9
-- *
-- * @implNote
-- * This method is made intrinsic in optimizing compilers to guide them to
-- * perform unsigned comparisons of the index and length when it is known the
-- * length is a non-negative value (such as that of an array length or from
-- * the upper bound of a loop)
-- */
-- public static <X extends RuntimeException>
-- int checkIndex(int index, int length,
-- BiFunction<String, List<Integer>, X> oobef) {
-- if (index < 0 || index >= length)
-- throw outOfBoundsCheckIndex(oobef, index, length);
-- return index;
-- }
--
-- /**
-- * Checks if the sub-range from {@code fromIndex} (inclusive) to
-- * {@code toIndex} (exclusive) is within the bounds of range from {@code 0}
-- * (inclusive) to {@code length} (exclusive).
-- *
-- * <p>The sub-range is defined to be out-of-bounds if any of the following
-- * inequalities is true:
-- * <ul>
-- * <li>{@code fromIndex < 0}</li>
-- * <li>{@code fromIndex > toIndex}</li>
-- * <li>{@code toIndex > length}</li>
-- * <li>{@code length < 0}, which is implied from the former inequalities</li>
-- * </ul>
-- *
-- * <p>If the sub-range is out-of-bounds, then a runtime exception is
-- * thrown that is the result of applying the following arguments to the
-- * exception formatter: the name of this method, {@code checkFromToIndex};
-- * and an unmodifiable list integers whose values are, in order, the
-- * out-of-bounds arguments {@code fromIndex}, {@code toIndex}, and {@code length}.
-- *
-- * @param <X> the type of runtime exception to throw if the arguments are
-- * out-of-bounds
-- * @param fromIndex the lower-bound (inclusive) of the sub-range
-- * @param toIndex the upper-bound (exclusive) of the sub-range
-- * @param length the upper-bound (exclusive) the range
-- * @param oobef the exception formatter that when applied with this
-- * method name and out-of-bounds arguments returns a runtime
-- * exception. If {@code null} or returns {@code null} then, it is as
-- * if an exception formatter produced from an invocation of
-- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
-- * instead (though it may be more efficient).
-- * Exceptions thrown by the formatter are relayed to the caller.
-- * @return {@code fromIndex} if the sub-range within bounds of the range
-- * @throws X if the sub-range is out-of-bounds and the exception factory
-- * function is non-{@code null}
-- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and
-- * the exception factory function is {@code null}
-- * @since 9
-- */
-- public static <X extends RuntimeException>
-- int checkFromToIndex(int fromIndex, int toIndex, int length,
-- BiFunction<String, List<Integer>, X> oobef) {
-- if (fromIndex < 0 || fromIndex > toIndex || toIndex > length)
-- throw outOfBoundsCheckFromToIndex(oobef, fromIndex, toIndex, length);
-- return fromIndex;
-- }
--
-- /**
-- * Checks if the sub-range from {@code fromIndex} (inclusive) to
-- * {@code fromIndex + size} (exclusive) is within the bounds of range from
-- * {@code 0} (inclusive) to {@code length} (exclusive).
-- *
-- * <p>The sub-range is defined to be out-of-bounds if any of the following
-- * inequalities is true:
-- * <ul>
-- * <li>{@code fromIndex < 0}</li>
-- * <li>{@code size < 0}</li>
-- * <li>{@code fromIndex + size > length}, taking into account integer overflow</li>
-- * <li>{@code length < 0}, which is implied from the former inequalities</li>
-- * </ul>
-- *
-- * <p>If the sub-range is out-of-bounds, then a runtime exception is
-- * thrown that is the result of applying the following arguments to the
-- * exception formatter: the name of this method, {@code checkFromIndexSize};
-- * and an unmodifiable list integers whose values are, in order, the
-- * out-of-bounds arguments {@code fromIndex}, {@code size}, and
-- * {@code length}.
-- *
-- * @param <X> the type of runtime exception to throw if the arguments are
-- * out-of-bounds
-- * @param fromIndex the lower-bound (inclusive) of the sub-interval
-- * @param size the size of the sub-range
-- * @param length the upper-bound (exclusive) of the range
-- * @param oobef the exception formatter that when applied with this
-- * method name and out-of-bounds arguments returns a runtime
-- * exception. If {@code null} or returns {@code null} then, it is as
-- * if an exception formatter produced from an invocation of
-- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
-- * instead (though it may be more efficient).
-- * Exceptions thrown by the formatter are relayed to the caller.
-- * @return {@code fromIndex} if the sub-range within bounds of the range
-- * @throws X if the sub-range is out-of-bounds and the exception factory
-- * function is non-{@code null}
-- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and
-- * the exception factory function is {@code null}
-- * @since 9
-- */
-- public static <X extends RuntimeException>
-- int checkFromIndexSize(int fromIndex, int size, int length,
-- BiFunction<String, List<Integer>, X> oobef) {
-- if ((length | fromIndex | size) < 0 || size > length - fromIndex)
-- throw outOfBoundsCheckFromIndexSize(oobef, fromIndex, size, length);
-- return fromIndex;
-- }
--}
---- openjdk.orig/test/src/java/util/Objects/CheckIndex.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/test/java/util/Objects/CheckIndex.java 1970-01-01 01:00:00.000000000 +0100
-@@ -1,408 +0,0 @@
--/*
-- * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
-- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-- *
-- * This code is free software; you can redistribute it and/or modify it
-- * under the terms of the GNU General Public License version 2 only, as
-- * published by the Free Software Foundation.
-- *
-- * This code is distributed in the hope that it will be useful, but WITHOUT
-- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-- * version 2 for more details (a copy is included in the LICENSE file that
-- * accompanied this code).
-- *
-- * You should have received a copy of the GNU General Public License version
-- * 2 along with this work; if not, write to the Free Software Foundation,
-- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-- *
-- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-- * or visit www.oracle.com if you need additional information or have any
-- * questions.
-- */
--
--/**
-- * @test
-- * @summary Objects.checkIndex/jdk.internal.util.Preconditions.checkIndex tests
-- * @run testng CheckIndex
-- * @bug 8135248 8142493 8155794
-- */
--
--import org.testng.annotations.DataProvider;
--import org.testng.annotations.Test;
--
--import java.util.ArrayList;
--import java.util.Arrays;
--import java.util.Collections;
--import java.util.HashSet;
--import java.util.List;
--import java.util.Objects;
--import java.util.Set;
--
--import sun.security.util.BiConsumer;
--import sun.security.util.BiFunction;
--import sun.security.util.Function;
--import sun.security.util.IntSupplier;
--import sun.security.util.Preconditions;
--
--import static org.testng.Assert.*;
--
--public class CheckIndex {
--
-- private static final Function<String, IndexOutOfBoundsException> ioobeGenerator =
-- new Function<String, IndexOutOfBoundsException>() {
-- @Override
-- public IndexOutOfBoundsException apply(String x) {
-- return new IndexOutOfBoundsException(x);
-- }
-- };
--
-- private static final Function<String, StringIndexOutOfBoundsException> sioobeGenerator =
-- new Function<String, StringIndexOutOfBoundsException>() {
-- @Override
-- public StringIndexOutOfBoundsException apply(String x) {
-- return new StringIndexOutOfBoundsException(x);
-- }
-- };
--
-- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator =
-- new Function<String, ArrayIndexOutOfBoundsException>() {
-- @Override
-- public ArrayIndexOutOfBoundsException apply(String x) {
-- return new ArrayIndexOutOfBoundsException(x);
-- }
-- };
--
-- static class AssertingOutOfBoundsException extends RuntimeException {
-- public AssertingOutOfBoundsException(String message) {
-- super(message);
-- }
-- }
--
-- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBounds(
-- final String message, final String expCheckKind, final Integer... expArgs) {
-- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() {
-- @Override
-- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) {
-- assertEquals(checkKind, expCheckKind);
-- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs)));
-- try {
-- args.clear();
-- fail("Out of bounds List<Integer> argument should be unmodifiable");
-- } catch (Exception e) {
-- }
-- return new AssertingOutOfBoundsException(message);
-- }
-- };
-- }
--
-- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBoundsReturnNull(
-- final String expCheckKind, final Integer... expArgs) {
-- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() {
-- @Override
-- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) {
-- assertEquals(checkKind, expCheckKind);
-- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs)));
-- return null;
-- }
-- };
-- }
--
-- static final int[] VALUES = {0, 1, Integer.MAX_VALUE - 1, Integer.MAX_VALUE, -1, Integer.MIN_VALUE + 1, Integer.MIN_VALUE};
--
-- @DataProvider
-- static Object[][] checkIndexProvider() {
-- List<Object[]> l = new ArrayList<>();
-- for (int index : VALUES) {
-- for (int length : VALUES) {
-- boolean withinBounds = index >= 0 &&
-- length >= 0 &&
-- index < length;
-- l.add(new Object[]{index, length, withinBounds});
-- }
-- }
-- return l.toArray(new Object[0][0]);
-- }
--
-- interface X {
-- int apply(int a, int b, int c);
-- }
--
-- @Test(dataProvider = "checkIndexProvider")
-- public void testCheckIndex(final int index, final int length, final boolean withinBounds) {
-- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { index, length }));
-- final String expectedMessage = withinBounds
-- ? null
-- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
-- apply("checkIndex", list).getMessage();
--
-- BiConsumer<Class<? extends RuntimeException>, IntSupplier> checker =
-- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
-- @Override
-- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
-- try {
-- int rIndex = s.getAsInt();
-- if (!withinBounds)
-- fail(String.format(
-- "Index %d is out of bounds of [0, %d), but was reported to be within bounds", index, length));
-- assertEquals(rIndex, index);
-- }
-- catch (RuntimeException e) {
-- assertTrue(ec.isInstance(e));
-- if (withinBounds)
-- fail(String.format(
-- "Index %d is within bounds of [0, %d), but was reported to be out of bounds", index, length));
-- else
-- assertEquals(e.getMessage(), expectedMessage);
-- }
-- }
-- };
--
-- checker.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkIndex(index, length,
-- assertingOutOfBounds(expectedMessage, "checkIndex", index, length));
-- }
-- });
-- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkIndex(index, length,
-- assertingOutOfBoundsReturnNull("checkIndex", index, length));
-- }
-- });
-- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkIndex(index, length, null);
-- }
-- });
-- checker.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkIndex(index, length,
-- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
-- }
-- });
-- checker.accept(StringIndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkIndex(index, length,
-- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
-- }
-- });
-- }
--
--
-- @DataProvider
-- static Object[][] checkFromToIndexProvider() {
-- List<Object[]> l = new ArrayList<>();
-- for (int fromIndex : VALUES) {
-- for (int toIndex : VALUES) {
-- for (int length : VALUES) {
-- boolean withinBounds = fromIndex >= 0 &&
-- toIndex >= 0 &&
-- length >= 0 &&
-- fromIndex <= toIndex &&
-- toIndex <= length;
-- l.add(new Object[]{fromIndex, toIndex, length, withinBounds});
-- }
-- }
-- }
-- return l.toArray(new Object[0][0]);
-- }
--
-- @Test(dataProvider = "checkFromToIndexProvider")
-- public void testCheckFromToIndex(final int fromIndex, final int toIndex,
-- final int length, final boolean withinBounds) {
-- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, toIndex, length }));
-- final String expectedMessage = withinBounds
-- ? null
-- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
-- apply("checkFromToIndex", list).getMessage();
--
-- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check =
-- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
-- @Override
-- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
-- try {
-- int rIndex = s.getAsInt();
-- if (!withinBounds)
-- fail(String.format(
-- "Range [%d, %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, toIndex, length));
-- assertEquals(rIndex, fromIndex);
-- }
-- catch (RuntimeException e) {
-- assertTrue(ec.isInstance(e));
-- if (withinBounds)
-- fail(String.format(
-- "Range [%d, %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, toIndex, length));
-- else
-- assertEquals(e.getMessage(), expectedMessage);
-- }
-- }
-- };
--
-- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
-- assertingOutOfBounds(expectedMessage, "checkFromToIndex", fromIndex, toIndex, length));
-- }
-- });
-- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
-- assertingOutOfBoundsReturnNull("checkFromToIndex", fromIndex, toIndex, length));
-- }
-- });
-- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, null);
-- }
-- });
-- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
-- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
-- }
-- });
-- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
-- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
-- }
-- });
-- }
--
--
-- @DataProvider
-- static Object[][] checkFromIndexSizeProvider() {
-- List<Object[]> l = new ArrayList<>();
-- for (int fromIndex : VALUES) {
-- for (int size : VALUES) {
-- for (int length : VALUES) {
-- // Explicitly convert to long
-- long lFromIndex = fromIndex;
-- long lSize = size;
-- long lLength = length;
-- // Avoid overflow
-- long lToIndex = lFromIndex + lSize;
--
-- boolean withinBounds = lFromIndex >= 0L &&
-- lSize >= 0L &&
-- lLength >= 0L &&
-- lFromIndex <= lToIndex &&
-- lToIndex <= lLength;
-- l.add(new Object[]{fromIndex, size, length, withinBounds});
-- }
-- }
-- }
-- return l.toArray(new Object[0][0]);
-- }
--
-- @Test(dataProvider = "checkFromIndexSizeProvider")
-- public void testCheckFromIndexSize(final int fromIndex, final int size,
-- final int length, final boolean withinBounds) {
-- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, size, length }));
-- final String expectedMessage = withinBounds
-- ? null
-- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
-- apply("checkFromIndexSize", list).getMessage();
--
-- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check =
-- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
-- @Override
-- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
-- try {
-- int rIndex = s.getAsInt();
-- if (!withinBounds)
-- fail(String.format(
-- "Range [%d, %d + %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, fromIndex, size, length));
-- assertEquals(rIndex, fromIndex);
-- }
-- catch (RuntimeException e) {
-- assertTrue(ec.isInstance(e));
-- if (withinBounds)
-- fail(String.format(
-- "Range [%d, %d + %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, fromIndex, size, length));
-- else
-- assertEquals(e.getMessage(), expectedMessage);
-- }
-- }
-- };
--
-- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromIndexSize(fromIndex, size, length,
-- assertingOutOfBounds(expectedMessage, "checkFromIndexSize", fromIndex, size, length));
-- }
-- });
-- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromIndexSize(fromIndex, size, length,
-- assertingOutOfBoundsReturnNull("checkFromIndexSize", fromIndex, size, length));
-- }
-- });
-- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromIndexSize(fromIndex, size, length, null);
-- }
-- });
-- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromIndexSize(fromIndex, size, length,
-- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
-- }
-- });
-- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier () {
-- @Override
-- public int getAsInt() {
-- return Preconditions.checkFromIndexSize(fromIndex, size, length,
-- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
-- }
-- });
-- }
--
-- @Test
-- public void uniqueMessagesForCheckKinds() {
-- BiFunction<String, List<Integer>, IndexOutOfBoundsException> f =
-- Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator);
--
-- List<String> messages = new ArrayList<>();
-- List<Integer> arg1 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1 }));
-- List<Integer> arg2 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0 }));
-- List<Integer> arg3 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0 }));
-- List<Integer> arg4 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0, 0 }));
-- // Exact arguments
-- messages.add(f.apply("checkIndex", arg2).getMessage());
-- messages.add(f.apply("checkFromToIndex", arg3).getMessage());
-- messages.add(f.apply("checkFromIndexSize", arg3).getMessage());
-- // Unknown check kind
-- messages.add(f.apply("checkUnknown", arg3).getMessage());
-- // Known check kind with more arguments
-- messages.add(f.apply("checkIndex", arg3).getMessage());
-- messages.add(f.apply("checkFromToIndex", arg4).getMessage());
-- messages.add(f.apply("checkFromIndexSize", arg4).getMessage());
-- // Known check kind with fewer arguments
-- messages.add(f.apply("checkIndex", arg1).getMessage());
-- messages.add(f.apply("checkFromToIndex", arg2).getMessage());
-- messages.add(f.apply("checkFromIndexSize", arg2).getMessage());
-- // Null arguments
-- messages.add(f.apply(null, null).getMessage());
-- messages.add(f.apply("checkNullArguments", null).getMessage());
-- messages.add(f.apply(null, arg1).getMessage());
--
-- Set<String> distinct = new HashSet<>(messages);
-- assertEquals(messages.size(), distinct.size());
-- }
--}
---- openjdk.orig/test/src/sun/security/util/math/TestIntegerModuloP.java 2019-07-15 08:52:23.000000000 +0200
-+++ openjdk/jdk/test/sun/security/util/math/TestIntegerModuloP.java 2019-07-04 19:20:08.000000000 +0200
-@@ -37,7 +37,6 @@
- * @run main TestIntegerModuloP sun.security.util.math.intpoly.P521OrderField 66 10
- */
-
--import sun.security.util.BiFunction;
- import sun.security.util.math.*;
- import sun.security.util.math.intpoly.*;
-
-@@ -52,6 +51,9 @@
- // The test has a list of functions, and it selects randomly from that list
-
- // The function types
-+ interface BiFunction <T, U, V> {
-+ V apply(T t, U u);
-+ }
- interface ElemFunction extends BiFunction
- <MutableIntegerModuloP, IntegerModuloP, IntegerModuloP> { }
- interface ElemArrayFunction extends BiFunction
---- patches.orig/boot/ecj-stringswitch.patch
-+++ patches/boot/ecj-stringswitch.patch
-@@ -1800,64 +1800,6 @@
- "No MAC implementation for " + algo);
- }
- return kdf;
--diff -Nru openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java
----- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:20:04.496029417 +0100
--+++ openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:54:34.212283390 +0100
--@@ -169,31 +169,30 @@
-- }
--
-- int argSize = 0;
--- switch (checkKind) {
--- case "checkIndex":
--- argSize = 2;
--- break;
--- case "checkFromToIndex":
--- case "checkFromIndexSize":
--- argSize = 3;
--- break;
--- default:
--- }
---
--+ if ("checkIndex".equals(checkKind)) {
--+ argSize = 2;
--+ } else if ("checkFromToIndex".equals(checkKind) ||
--+ "checkFromIndexSize".equals(checkKind)) {
--+ argSize = 3;
--+ }
--+
-- // Switch to default if fewer or more arguments than required are supplied
--- switch ((args.size() != argSize) ? "" : checkKind) {
--- case "checkIndex":
--- return String.format("Index %d out-of-bounds for length %d",
--- args.get(0), args.get(1));
--- case "checkFromToIndex":
--- return String.format("Range [%d, %d) out-of-bounds for length %d",
--- args.get(0), args.get(1), args.get(2));
--- case "checkFromIndexSize":
--- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
--- args.get(0), args.get(1), args.get(2));
--- default:
--- return String.format("Range check failed: %s %s", checkKind, args);
--- }
--+ if (args.size() != argSize) {
--+ return String.format("Range check failed: %s %s", checkKind, args);
--+ }
--+
--+ if ("checkIndex".equals(checkKind)) {
--+ return String.format("Index %d out-of-bounds for length %d",
--+ args.get(0), args.get(1));
--+ } else if ("checkFromToIndex".equals(checkKind)) {
--+ return String.format("Range [%d, %d) out-of-bounds for length %d",
--+ args.get(0), args.get(1), args.get(2));
--+ } else if ("checkFromIndexSize".equals(checkKind)) {
--+ return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
--+ args.get(0), args.get(1), args.get(2));
--+ } else {
--+ return String.format("Range check failed: %s %s", checkKind, args);
--+ }
-- }
--
-- /**
- diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java
- --- openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:46:22.926858210 +0000
- +++ openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:48:58.096470164 +0000
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD
index 2cf1d3e0f8..f076450da2 100644
--- a/community/openjdk8/APKBUILD
+++ b/community/openjdk8/APKBUILD
@@ -2,10 +2,10 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk8
-_icedteaver=3.16.0
+_icedteaver=3.17.1
# pkgver is <JDK version>.<JDK update>.<JDK build>
# Check https://icedtea.classpath.org/wiki/Main_Page when updating!
-pkgver=8.252.09
+pkgver=8.275.01
pkgrel=0
pkgdesc="OpenJDK 8 provided by IcedTea"
url="https://icedtea.classpath.org/"
@@ -13,14 +13,47 @@ arch="all"
license="custom"
depends="$pkgname-jre java-cacerts nss"
options="sover-namecheck"
-makedepends="bash findutils tar zip file paxmark gawk util-linux libxslt
- autoconf automake linux-headers sed xz coreutils
- openjdk7 ca-certificates
- nss-dev nss-static cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev
- lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev
- libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev
- gtk+2.0-dev krb5-dev attr-dev pcsc-lite-dev lksctp-tools-dev
- libxcomposite-dev"
+makedepends="
+ alsa-lib-dev
+ attr-dev
+ autoconf
+ automake
+ bash
+ ca-certificates
+ coreutils
+ cups-dev
+ file
+ findutils
+ fontconfig-dev
+ freetype-dev
+ gawk
+ giflib-dev
+ gtk+2.0-dev
+ jpeg-dev
+ krb5-dev
+ lcms2-dev
+ libpng-dev
+ libxcomposite-dev
+ libxinerama-dev
+ libxp-dev
+ libxrender-dev
+ libxslt
+ libxt-dev
+ libxtst-dev
+ linux-headers
+ lksctp-tools-dev
+ nss-dev
+ nss-static
+ openjdk7
+ paxmark
+ pcsc-lite-dev
+ sed
+ tar
+ util-linux
+ xz
+ zip
+ zlib-dev
+ "
case $CARCH in
x86) _jarch=i386;;
@@ -29,6 +62,12 @@ arm*) _jarch=aarch32;;
*) _jarch="$CARCH";;
esac
+case $CARCH in
+x86|x86_64|aarch64)
+ _configure_jfr="--enable-jfr";;
+*) _configure_jfr="--disable-jfr";;
+esac
+
_bootstrap_java_home="/usr/lib/jvm/java-1.7-openjdk"
_java_home="/usr/lib/jvm/java-1.8-openjdk"
_jrelib="$_java_home/jre/lib/$_jarch"
@@ -68,6 +107,23 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x
builddir="$srcdir/icedtea-$_icedteaver"
# secfixes:
+# 8.272.10-r0:
+# - CVE-2020-14556
+# - CVE-2020-14577
+# - CVE-2020-14578
+# - CVE-2020-14579
+# - CVE-2020-14581
+# - CVE-2020-14583
+# - CVE-2020-14593
+# - CVE-2020-14621
+# - CVE-2020-14779
+# - CVE-2020-14781
+# - CVE-2020-14782
+# - CVE-2020-14792
+# - CVE-2020-14796
+# - CVE-2020-14797
+# - CVE-2020-14798
+# - CVE-2020-14803
# 8.252.09-r0:
# - CVE-2020-2754
# - CVE-2020-2755
@@ -146,7 +202,7 @@ unpack() {
fi
mkdir -p "$srcdir"
msg "Unpacking sources..."
- tar -C "$srcdir" -Jxf icedtea-$_icedteaver.tar.xz
+ unxz -c icedtea-$_icedteaver.tar.xz | tar -C "$srcdir" -x
}
prepare() {
@@ -206,6 +262,7 @@ build() {
--disable-dependency-tracking \
--disable-downloading \
--disable-precompiled-headers \
+ --disable-docs \
--with-parallel-jobs=${JOBS:-2} \
--with-hotspot-build=default \
--with-openjdk-src-zip="$srcdir/openjdk-$_dropsver.tar.xz" \
@@ -218,10 +275,10 @@ build() {
--with-nashorn-src-zip="$srcdir/nashorn-$_dropsver.tar.xz" \
--with-pax=paxmark \
--with-jdk-home="$_bootstrap_java_home" \
- --with-pkgversion="Alpine ${pkgver}-r${pkgrel}" \
+ --with-pkgversion="Alpine $pkgver-r$pkgrel" \
+ --with-curves="nist+" \
--enable-nss \
- --enable-sunec \
- --enable-non-nss-curves
+ $_configure_jfr
make
}
@@ -276,6 +333,7 @@ jrelib() {
jre() {
pkgdesc="OpenJDK 8 Java Runtime"
+ depends="ttf-dejavu"
local file dir
mkdir -p "$subpkgdir"
@@ -303,6 +361,7 @@ jrebase() {
mkdir -p "$subpkgdir"/$_java_home/bin \
"$subpkgdir"/$_java_home/lib/$_jarch
+ ln -s java-1.8-openjdk "$subpkgdir"/usr/lib/jvm/java-8-openjdk
mv "$pkgdir"/$_java_home/lib/$_jarch/jli \
"$subpkgdir"/$_java_home/lib/$_jarch/
@@ -335,18 +394,18 @@ demos() {
"$subpkgdir"/$_java_home/
}
-sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac icedtea-3.16.0.tar.xz
-76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e openjdk-3.16.0.tar.xz
-bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56 corba-3.16.0.tar.xz
-86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836 jaxp-3.16.0.tar.xz
-824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d jaxws-3.16.0.tar.xz
-9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55 jdk-3.16.0.tar.xz
-1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642 langtools-3.16.0.tar.xz
-19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d hotspot-3.16.0.tar.xz
-4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c nashorn-3.16.0.tar.xz
+sha512sums="eaf66df177f08cf335fe795f816e4f6b70a25a402ff8db4c1a2c545dd129350e1135c45e131eab8820620de2a75fda1d56141583ec1a651218d0a02680eb1df7 icedtea-3.17.1.tar.xz
+82f2688b018b893cbf583ccc1cd328f6909ebeb4d30655ddb554691f1f0ee38debe57dc91bc8200d6676ad531047ffbf149ce7c1e49b65e67db3254c7d6205ed openjdk-3.17.1.tar.xz
+c33886bfa517087e3cf37064fd9dcf1c0b8a9c9ccc4147beac3eb9c07e66c2f8aa3053feb8ab6cbdd42054b073854ed5aaf4a2cfb2888e0a09b7efe3809447c8 corba-3.17.1.tar.xz
+e690a6c498e2418feaa22713517aefd051524aedd349fbab5c70fbdee3ca0f17a297089e02f1de2a27e318413e5ca6fe7dfd825b49c37e749ff48e9c8981307a jaxp-3.17.1.tar.xz
+99c32483c6f5469c256026be9ee5c2a5654768ceff9d10fa9aa10888640af60d618668ae47880062d1253668e546949fd6ffe94c27d6436088e0a8367e2602fd jaxws-3.17.1.tar.xz
+7f5321944cc6c7510db5d6ea6ef189bd15fdf7c904c8ec009576c33ce1e0288e18e51a5dc906e5c7c3beb4daebb161be0c08d1fe8f2ebde81b72a992da919142 jdk-3.17.1.tar.xz
+68ff7857d180b90a77858505523416bee6102e30af7a394d08ab1581ba65d28b78c30f48c1b5555c30bf8b43adc5497d5530372101dc2e4adbc99e5d9c988def langtools-3.17.1.tar.xz
+e377a2ad481727a1d5218f1bf629690ea5f1b7976307f593505efc07252cc5cd408f7eb0873032ec74ed44a31e5f2cd90747be3e6f709eba5ac9fd90857887ab hotspot-3.17.1.tar.xz
+088948d01fc6ea627610bbdcf6691a7bcdd34c5715be103297292db54d0e9080f82f395c3b4bb432058615bc04e05c2d4292fc8f31735e3005d4cf16ff1f9af1 nashorn-3.17.1.tar.xz
1f470432275d5beaa8b4e4352a2f24a4a00593546dc4f3bd857794c89e521e8e6d6abc540762bbd769be3e1e3da058e134dc5dc066d12b9b8a1f0656040a795c fix-paxmark.patch
28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c icedtea-hotspot-musl.patch
-e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch
+54ef36ea5a749b733cadaf4fb47a2766db204fe7c9d4dbc1c2d49dd1cec14a552d18da5c49da9ebe8718329c59bdee2c34f94f7882a23837cee2f18af6ffe95f icedtea-hotspot-musl-ppc.patch
19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9 icedtea-hotspot-noagent-musl.patch
f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch
48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch
diff --git a/community/openjdk8/icedtea-hotspot-musl-ppc.patch b/community/openjdk8/icedtea-hotspot-musl-ppc.patch
index eca684884c..dfb3150f6b 100644
--- a/community/openjdk8/icedtea-hotspot-musl-ppc.patch
+++ b/community/openjdk8/icedtea-hotspot-musl-ppc.patch
@@ -1,13 +1,94 @@
+Subject: Fix compilation with different ucontext_t on musl
+Upstream: No
+Author: Simon Frankenberger <simon-alpine@fraho.eu>
+
+The machine state registers have to be accessed differently when
+running on musl libc. This patch fix this by replacing
+"uc_mcontext.regs->grp" with "uc_mcontext.gp_regs"
+and accessing the named fields (like "->nip") by the array index constants.
+
+--- openjdk.orig/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
++++ openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
+@@ -1243,7 +1243,11 @@
+ // the safepoing polling page.
+ ucontext_t* uc = (ucontext_t*) ucontext;
+ // Set polling address.
++#if defined(__GLIBC__) || defined(__UCLIBC__)
+ address addr = (address)uc->uc_mcontext.regs->gpr[ra] + (ssize_t)ds;
++#else // Musl
++ address addr = (address)uc->uc_mcontext.gp_regs[ra] + (ssize_t)ds;
++#endif
+ if (polling_address_ptr != NULL) {
+ *polling_address_ptr = addr;
+ }
+@@ -1264,15 +1268,24 @@
+ int rb = inv_rb_field(instruction);
+
+ // look up content of ra and rb in ucontext
++#if defined(__GLIBC__) || defined(__UCLIBC__)
+ address ra_val=(address)uc->uc_mcontext.regs->gpr[ra];
+ long rb_val=(long)uc->uc_mcontext.regs->gpr[rb];
++#else // Musl
++ address ra_val=(address)uc->uc_mcontext.gp_regs[ra];
++ long rb_val=(long)uc->uc_mcontext.gp_regs[rb];
++#endif
+ return os::is_memory_serialize_page(thread, ra_val+rb_val);
+ } else if (is_stw(instruction) || is_stwu(instruction)) {
+ int ra = inv_ra_field(instruction);
+ int d1 = inv_d1_field(instruction);
+
+ // look up content of ra in ucontext
++#if defined(__GLIBC__) || defined(__UCLIBC__)
+ address ra_val=(address)uc->uc_mcontext.regs->gpr[ra];
++#else // Musl
++ address ra_val=(address)uc->uc_mcontext.gp_regs[ra];
++#endif
+ return os::is_memory_serialize_page(thread, ra_val+d1);
+ } else {
+ return false;
+@@ -1335,11 +1348,20 @@
+ || (is_stdu(instruction) && rs == 1)) {
+ int ds = inv_ds_field(instruction);
+ // return banged address
++#if defined(__GLIBC__) || defined(__UCLIBC__)
+ return ds+(address)uc->uc_mcontext.regs->gpr[ra];
++#else // Musl
++ return ds+(address)uc->uc_mcontext.gp_regs[ra];
++#endif
+ } else if (is_stdux(instruction) && rs == 1) {
+ int rb = inv_rb_field(instruction);
++#if defined(__GLIBC__) || defined(__UCLIBC__)
+ address sp = (address)uc->uc_mcontext.regs->gpr[1];
+ long rb_val = (long)uc->uc_mcontext.regs->gpr[rb];
++#else // Musl
++ address sp = (address)uc->uc_mcontext.gp_regs[1];
++ long rb_val = (long)uc->uc_mcontext.gp_regs[rb];
++#endif
+ return ra != 1 || rb_val >= 0 ? NULL // not a stack bang
+ : sp + rb_val; // banged address
+ }
--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
-@@ -110,11 +110,19 @@
+@@ -75,7 +75,11 @@
+ # include <poll.h>
+ # include <ucontext.h>
+
++#if ! (defined(__GLIBC__) || defined(__UCLIBC__))
++# include <asm/ptrace.h>
++#endif
+
++
+ address os::current_stack_pointer() {
+ intptr_t* csp;
+
+@@ -110,11 +114,19 @@
// it because the volatile registers are not needed to make setcontext() work.
// Hopefully it was zero'd out beforehand.
guarantee(uc->uc_mcontext.regs != NULL, "only use ucontext_get_pc in sigaction context");
+#if defined(__GLIBC__) || defined(__UCLIBC__)
return (address)uc->uc_mcontext.regs->nip;
+#else // Musl
-+ return (address)uc->uc_mcontext.gp_regs[32];
++ return (address)uc->uc_mcontext.gp_regs[PT_NIP];
+#endif
}
@@ -20,55 +101,55 @@
}
intptr_t* os::Linux::ucontext_get_fp(ucontext_t * uc) {
-@@ -213,7 +221,11 @@
+@@ -213,7 +225,11 @@
if (uc) {
address const pc = os::Linux::ucontext_get_pc(uc);
if (pc && StubRoutines::is_safefetch_fault(pc)) {
+#if defined(__GLIBC__) || defined(__UCLIBC__)
uc->uc_mcontext.regs->nip = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc);
+#else // Musl
-+ uc->uc_mcontext.gp_regs[32] = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc);
++ uc->uc_mcontext.gp_regs[PT_NIP] = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc);
+#endif
return true;
}
}
-@@ -364,7 +376,11 @@
+@@ -364,7 +380,11 @@
// continue at the next instruction after the faulting read. Returning
// garbage from this read is ok.
thread->set_pending_unsafe_access_error();
+#if defined(__GLIBC__) || defined(__UCLIBC__)
uc->uc_mcontext.regs->nip = ((unsigned long)pc) + 4;
+#else // Musl
-+ uc->uc_mcontext.gp_regs[32] = ((unsigned long)pc) + 4;
++ uc->uc_mcontext.gp_regs[PT_NIP] = ((unsigned long)pc) + 4;
+#endif
return true;
}
}
-@@ -383,7 +399,11 @@
+@@ -383,7 +403,11 @@
// continue at the next instruction after the faulting read. Returning
// garbage from this read is ok.
thread->set_pending_unsafe_access_error();
+#if defined(__GLIBC__) || defined(__UCLIBC__)
uc->uc_mcontext.regs->nip = ((unsigned long)pc) + 4;
+#else // Musl
-+ uc->uc_mcontext.gp_regs[32] = ((unsigned long)pc) + 4;
++ uc->uc_mcontext.gp_regs[PT_NIP] = ((unsigned long)pc) + 4;
+#endif
return true;
}
}
-@@ -406,7 +426,11 @@
+@@ -406,7 +430,11 @@
if (stub != NULL) {
// Save all thread context in case we need to restore it.
if (thread != NULL) thread->set_saved_exception_pc(pc);
+#if defined(__GLIBC__) || defined(__UCLIBC__)
uc->uc_mcontext.regs->nip = (unsigned long)stub;
+#else
-+ uc->uc_mcontext.gp_regs[32] = (unsigned long)stub;
++ uc->uc_mcontext.gp_regs[PT_NIP] = (unsigned long)stub;
+#endif
return true;
}
-@@ -564,6 +588,7 @@
+@@ -564,6 +592,7 @@
ucontext_t* uc = (ucontext_t*)context;
st->print_cr("Registers:");
@@ -76,14 +157,14 @@
st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->nip);
st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->link);
st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.regs->ctr);
-@@ -572,8 +597,18 @@
+@@ -572,8 +601,18 @@
st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.regs->gpr[i]);
if (i % 3 == 2) st->cr();
}
+#else // Musl
-+ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[32]);
-+ st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[36]);
-+ st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[35]);
++ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_NIP]);
++ st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_LNK]);
++ st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_CTR]);
st->cr();
+ for (int i = 0; i < 32; i++) {
+ st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.gp_regs[i]);
@@ -95,7 +176,7 @@
intptr_t *sp = (intptr_t *)os::Linux::ucontext_get_sp(uc);
st->print_cr("Top of Stack: (sp=" PTR_FORMAT ")", p2i(sp));
-@@ -600,7 +635,11 @@
+@@ -600,7 +639,11 @@
// this is only for the "general purpose" registers
for (int i = 0; i < 32; i++) {
st->print("r%-2d=", i);
@@ -107,63 +188,42 @@
}
st->cr();
}
---- openjdk.orig/hotspot.orig/src/cpu/ppc/vm/macroAssembler_ppc.cpp
-+++ openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp
-@@ -1242,7 +1242,11 @@
- // the safepoing polling page.
- ucontext_t* uc = (ucontext_t*) ucontext;
- // Set polling address.
-+#if defined(__GLIBC__) || defined(__UCLIBC__)
- address addr = (address)uc->uc_mcontext.regs->gpr[ra] + (ssize_t)ds;
-+#else // Musl
-+ address addr = (address)uc->uc_mcontext.gp_regs[ra] + (ssize_t)ds;
-+#endif
- if (polling_address_ptr != NULL) {
- *polling_address_ptr = addr;
- }
-@@ -1263,15 +1267,24 @@
- int rb = inv_rb_field(instruction);
+--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp
++++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp
+@@ -27,6 +27,10 @@
+ #include "runtime/frame.inline.hpp"
+ #include "runtime/thread.hpp"
- // look up content of ra and rb in ucontext
-+#if defined(__GLIBC__) || defined(__UCLIBC__)
- address ra_val=(address)uc->uc_mcontext.regs->gpr[ra];
- long rb_val=(long)uc->uc_mcontext.regs->gpr[rb];
-+#else // Musl
-+ address ra_val=(address)uc->uc_mcontext.gp_regs[ra];
-+ long rb_val=(long)uc->uc_mcontext.gp_regs[rb];
++#if ! (defined(__GLIBC__) || defined(__UCLIBC__))
++#include <asm/ptrace.h>
+#endif
- return os::is_memory_serialize_page(thread, ra_val+rb_val);
- } else if (is_stw(instruction) || is_stwu(instruction)) {
- int ra = inv_ra_field(instruction);
- int d1 = inv_d1_field(instruction);
++
+ bool JavaThread::pd_get_top_frame_for_profiling(frame* fr_addr, void* ucontext, bool isInJava) {
+ assert(this->is_Java_thread(), "must be JavaThread");
- // look up content of ra in ucontext
+@@ -42,8 +46,13 @@
+ // if we were running Java code when SIGPROF came in.
+ if (isInJava) {
+ ucontext_t* uc = (ucontext_t*) ucontext;
+#if defined(__GLIBC__) || defined(__UCLIBC__)
- address ra_val=(address)uc->uc_mcontext.regs->gpr[ra];
+ frame ret_frame((intptr_t*)uc->uc_mcontext.regs->gpr[1/*REG_SP*/],
+ (address)uc->uc_mcontext.regs->nip);
+#else // Musl
-+ address ra_val=(address)uc->uc_mcontext.gp_regs[ra];
++ frame ret_frame((intptr_t*)uc->uc_mcontext.gp_regs[1/*REG_SP*/],
++ (address)uc->uc_mcontext.gp_regs[PT_NIP]);
+#endif
- return os::is_memory_serialize_page(thread, ra_val+d1);
- } else {
- return false;
-@@ -1334,11 +1347,20 @@
- || (is_stdu(instruction) && rs == 1)) {
- int ds = inv_ds_field(instruction);
- // return banged address
-+#if defined(__GLIBC__) || defined(__UCLIBC__)
- return ds+(address)uc->uc_mcontext.regs->gpr[ra];
-+#else // Musl
-+ return ds+(address)uc->uc_mcontext.gp_regs[ra];
-+#endif
- } else if (is_stdux(instruction) && rs == 1) {
- int rb = inv_rb_field(instruction);
+
+ if (ret_frame.pc() == NULL) {
+ // ucontext wasn't useful
+@@ -55,7 +64,11 @@
+ if (!((Method*)(istate->method))->is_metaspace_object()) {
+ return false;
+ }
+#if defined(__GLIBC__) || defined(__UCLIBC__)
- address sp = (address)uc->uc_mcontext.regs->gpr[1];
- long rb_val = (long)uc->uc_mcontext.regs->gpr[rb];
+ uint64_t reg_bcp = uc->uc_mcontext.regs->gpr[14/*R14_bcp*/];
+#else // Musl
-+ address sp = (address)uc->uc_mcontext.gp_regs[1];
-+ long rb_val = (long)uc->uc_mcontext.gp_regs[rb];
++ uint64_t reg_bcp = uc->uc_mcontext.gp_regs[14/*R14_bcp*/];
+#endif
- return ra != 1 || rb_val >= 0 ? NULL // not a stack bang
- : sp + rb_val; // banged address
- }
+ uint64_t istate_bcp = istate->bcp;
+ uint64_t code_start = (uint64_t)(((Method*)(istate->method))->code_base());
+ uint64_t code_end = (uint64_t)(((Method*)istate->method)->code_base() + ((Method*)istate->method)->code_size());
diff --git a/community/tor/APKBUILD b/community/tor/APKBUILD
index 75afb36286..f71f9e1c8f 100644
--- a/community/tor/APKBUILD
+++ b/community/tor/APKBUILD
@@ -1,10 +1,10 @@
# Contributor: Christine Dodrill <me@christine.website>
# Maintainer: Christine Dodrill <me@christine.website>
pkgname=tor
-pkgver=0.3.5.12
+pkgver=0.3.5.14
pkgrel=0
pkgdesc="Anonymous network connectivity"
-url="https://www.torproject.org"
+url="https://www.torproject.org/"
arch="all"
license="BSD-3-Clause"
pkgusers="tor"
@@ -19,6 +19,9 @@ source="https://www.torproject.org/dist/$pkgname-$pkgver.tar.gz
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 0.3.5.14-r0:
+# - CVE-2021-28089
+# - CVE-2021-28090
# 0.3.5.10-r0:
# - CVE-2020-10592
# - CVE-2020-10593
@@ -66,7 +69,7 @@ package() {
"$pkgdir"/etc/conf.d/$pkgname
}
-sha512sums="9cdd398e810ce6fe6cd4a8f9e2affbd0b7a922410b59ab97be60fe33c93f00a1f0dbc20dc85a6870e60b17579f228df3c84faa6d2bc9165b435d491a665e0475 tor-0.3.5.12.tar.gz
+sha512sums="ccd9227cd5946e68d982fa9bcbd501aafc0cd96fda84ba8c08149f676f7a966c2827df9499bba05e8f6f0d0190e01c469e409eb63e9fc7635d855ce36a637fe3 tor-0.3.5.14.tar.gz
6de4ada16ba58264a247da70343eabd763e992d6b6683977fc1c67b7b4a9731748a7ec9751e869ad4b4ae9c72cf71b2e12dc289bb6e2aee499917f7663f4a735 tor.initd
2b0de119bfdf9eb57e13317b7392190b1b8272c8f96023c71d3fc29215d887e9a3d0ffcef37cdb50b18d34e4b2251f75a739e258e0bb72aabd3339418b22fd67 tor.confd
da386ff7e387312e647f04d360517a1f4cb1efbee36f4a3a6feb89a979bb12fa350fe6dfed49af0cb076ae30bb0c527b5d54127683eaa5aa45d6940dddd89dfb torrc.sample.patch"
diff --git a/community/virtualbox-guest-modules-vanilla/APKBUILD b/community/virtualbox-guest-modules-vanilla/APKBUILD
index 5a047e610c..3a550d4627 100644
--- a/community/virtualbox-guest-modules-vanilla/APKBUILD
+++ b/community/virtualbox-guest-modules-vanilla/APKBUILD
@@ -8,7 +8,7 @@ _rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/wireguard-vanilla/APKBUILD b/community/wireguard-vanilla/APKBUILD
index 1f7e48aa44..89a4b1fed3 100644
--- a/community/wireguard-vanilla/APKBUILD
+++ b/community/wireguard-vanilla/APKBUILD
@@ -2,11 +2,11 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# wireguard version
-_ver=0.0.20190601
+_ver=1.0.20210124
_rel=0
# kernel version
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
@@ -39,8 +39,9 @@ makedepends="
"
install_if="wireguard-tools-wg=$_ver-r$_rel linux-$_flavor=$_kpkgver"
options="!check"
-source="https://git.zx2c4.com/WireGuard/snapshot/WireGuard-$_ver.tar.xz"
-builddir="$srcdir"/WireGuard-$_ver
+source="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$_ver.tar.xz
+ "
+builddir="$srcdir"/wireguard-linux-compat-$_ver
for f in $_extra_flavors; do
makedepends="$makedepends linux-$f-dev=$_kpkgver"
@@ -88,4 +89,4 @@ _extra() {
"$subpkgdir/lib/modules/$kabi/extra/wireguard.ko"
}
-sha512sums="d667e42b90fbda85b005ae2966689dadc9975c1a53ca5ddfff44214ed55ad7d55d451008c225a4619c834bd7af598af1f127d76a8a3a86cf2e6d886ea0638cf3 WireGuard-0.0.20190601.tar.xz"
+sha512sums="4438391eb6a6a1526cbb9b7eb7b8f8b2999bf425d5fca028f1a412d93bffaa6107be133d673e68add6eeeb86201aa080228706de2af00e69c0ac88ccb127e56e wireguard-linux-compat-1.0.20210124.tar.xz"
diff --git a/community/zabbix/APKBUILD b/community/zabbix/APKBUILD
index 2779e59bd2..d2ae9d47d0 100644
--- a/community/zabbix/APKBUILD
+++ b/community/zabbix/APKBUILD
@@ -39,7 +39,7 @@ source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
builddir="$srcdir"/$pkgname-$pkgver
-# security fixes:
+# secfixes:
# 3.0.4-r0:
# - CVE N/A ZBX-11023
diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD
index f020e70f71..ed31e7d6d6 100644
--- a/main/alpine-base/APKBUILD
+++ b/main/alpine-base/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-base
-pkgver=3.10.5
+pkgver=3.10.8
pkgrel=0
pkgdesc="Meta package for minimal alpine base"
url="https://alpinelinux.org"
diff --git a/main/apk-tools/0001-add-fix-virtual-package-id-generation.patch b/main/apk-tools/0001-add-fix-virtual-package-id-generation.patch
deleted file mode 100644
index fdc780dcd2..0000000000
--- a/main/apk-tools/0001-add-fix-virtual-package-id-generation.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From b45415b1096e76f40b32326d2798123f81fe5976 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Tue, 2 Jul 2019 15:27:57 +0300
-Subject: [PATCH] add: fix virtual package id generation
-
-Fixes 37fbafcd by adding more input to the hash than just second
-grained time stamp - collisions would happen when running apk
-scripted.
-
-For virtual package the hash works only as unique identifier, so
-try to add elements that should make it unique in most cases.
-
-Fixes #10648
----
- src/add.c | 51 +++++++++++++++++++++++++++++++++++----------------
- 1 file changed, 35 insertions(+), 16 deletions(-)
-
-diff --git a/src/add.c b/src/add.c
-index 2d342ab..e028736 100644
---- a/src/add.c
-+++ b/src/add.c
-@@ -11,6 +11,7 @@
-
- #include <errno.h>
- #include <stdio.h>
-+#include <unistd.h>
- #include "apk_applet.h"
- #include "apk_database.h"
- #include "apk_print.h"
-@@ -80,6 +81,38 @@ static int non_repository_check(struct apk_database *db)
- return 1;
- }
-
-+static struct apk_package *create_virtual_package(struct apk_database *db, struct apk_name *name)
-+{
-+ char ver[32];
-+ struct apk_package *virtpkg;
-+ struct tm tm;
-+ EVP_MD_CTX *mdctx;
-+ time_t now = apk_time();
-+ pid_t pid = getpid();
-+
-+ localtime_r(&now, &tm);
-+ strftime(ver, sizeof ver, "%Y%m%d.%H%M%S", &tm);
-+
-+ virtpkg = apk_pkg_new();
-+ if (virtpkg == NULL) return 0;
-+
-+ virtpkg->name = name;
-+ virtpkg->version = apk_blob_atomize(APK_BLOB_STR(ver));
-+ virtpkg->description = strdup("virtual meta package");
-+ virtpkg->arch = apk_blob_atomize(APK_BLOB_STR("noarch"));
-+
-+ mdctx = EVP_MD_CTX_new();
-+ EVP_DigestInit_ex(mdctx, apk_checksum_default(), NULL);
-+ EVP_DigestUpdate(mdctx, &tm, sizeof tm);
-+ EVP_DigestUpdate(mdctx, &pid, sizeof pid);
-+ EVP_DigestUpdate(mdctx, virtpkg->name->name, strlen(virtpkg->name->name) + 1);
-+ virtpkg->csum.type = EVP_MD_CTX_size(mdctx);
-+ EVP_DigestFinal_ex(mdctx, virtpkg->csum.data, NULL);
-+ EVP_MD_CTX_free(mdctx);
-+
-+ return virtpkg;
-+}
-+
- static int add_main(void *ctx, struct apk_database *db, struct apk_string_array *args)
- {
- struct add_ctx *actx = (struct add_ctx *) ctx;
-@@ -93,10 +126,6 @@ static int add_main(void *ctx, struct apk_database *db, struct apk_string_array
-
- if (actx->virtpkg) {
- apk_blob_t b = APK_BLOB_STR(actx->virtpkg);
-- struct tm tm;
-- time_t now;
-- char ver[32];
--
- apk_blob_pull_dep(&b, db, &virtdep);
- if (APK_BLOB_IS_NULL(b) || virtdep.conflict ||
- virtdep.result_mask != APK_DEPMASK_ANY ||
-@@ -104,24 +133,14 @@ static int add_main(void *ctx, struct apk_database *db, struct apk_string_array
- apk_error("%s: bad package specifier");
- return -1;
- }
--
- if (virtdep.name->name[0] != '.' && non_repository_check(db))
- return -1;
-
-- now = apk_time();
-- localtime_r(&now, &tm);
-- strftime(ver, sizeof ver, "%Y%m%d.%H%M%S", &tm);
--
-- virtpkg = apk_pkg_new();
-- if (virtpkg == NULL) {
-+ virtpkg = create_virtual_package(db, virtdep.name);
-+ if (!virtpkg) {
- apk_error("Failed to allocate virtual meta package");
- return -1;
- }
-- virtpkg->name = virtdep.name;
-- apk_blob_checksum(APK_BLOB_STR(ver), apk_checksum_default(), &virtpkg->csum);
-- virtpkg->version = apk_blob_atomize(APK_BLOB_STR(ver));
-- virtpkg->description = strdup("virtual meta package");
-- virtpkg->arch = apk_blob_atomize(APK_BLOB_STR("noarch"));
-
- virtdep.result_mask = APK_VERSION_EQUAL;
- virtdep.version = virtpkg->version;
---
-2.22.0
-
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD
index 3e7d5556d6..1d072c2054 100644
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
@@ -1,8 +1,11 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
-pkgver=2.10.4
-pkgrel=2
+pkgver=2.10.6
+pkgrel=0
pkgdesc="Alpine Package Keeper - package manager for alpine"
+arch="all"
+url="https://gitlab.alpinelinux.org/alpine/apk-tools"
+license=GPL2
subpackages="$pkgname-static"
depends=
makedepends_build="openssl"
@@ -12,16 +15,9 @@ if [ "$CBUILD" = "$CHOST" ]; then
subpackages="$subpackages lua5.2-apk:luaapk"
makedepends="$makedepends lua5.2-dev"
fi
-source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz
- 0001-add-fix-virtual-package-id-generation.patch
- lua-apk_time.patch
- "
-
-url="https://git.alpinelinux.org/cgit/apk-tools/"
-arch="all"
-license=GPL2
+source="https://gitlab.alpinelinux.org/alpine/$pkgname/-/archive/v$pkgver/$pkgname-v$pkgver.tar.gz"
+builddir="$srcdir/$pkgname-v$pkgver"
-builddir="$srcdir/$pkgname-$pkgver"
prepare() {
default_prepare || return 1
cd "$builddir"
@@ -33,6 +29,7 @@ prepare() {
echo "LUAAPK=" >> config.mk
fi
echo "export LUAAPK" >> config.mk
+ echo "export LUA_VERSION=5.2" >> config.mk
}
build() {
@@ -60,7 +57,7 @@ package() {
static() {
pkgdesc="Alpine Package Keeper - static binary"
- install -Dm755 "$srcdir"/$pkgname-$pkgver/src/apk.static \
+ install -Dm755 "$builddir"/src/apk.static \
"$subpkgdir"/sbin/apk.static
# lets sign the static binary so it can be vefified from distros
@@ -84,6 +81,4 @@ luaapk() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/
}
-sha512sums="d2d9fde0aae9059236f68a3fc2f2186104bb9a099b15d296a6202a20ab2912638f10bb3b9edb70f359d060c5839573c3d50ef37d13095fa01c66dc3219ab6e39 apk-tools-2.10.4.tar.xz
-3cf1ae421e136ebe8c037a468fbeb3bca11668eb04dd4b8b9346c4089306002c891d6c2544d22522550f37a4fad0dfcecabceb4c8872165ea6827dcce46d9f2b 0001-add-fix-virtual-package-id-generation.patch
-7751f4ddbf3f1b14f5d70ea0f8c2f78168d6138272f883fe1c0137ed135c3f3639f4bf2860dbf6b6de0d4321c93ec9c150edaf5f496c4dc0fedd0a201f399599 lua-apk_time.patch"
+sha512sums="81e51fdaf7976d589c847850dc3494a6bb91847f14a756e1dd9afe7f526b672e6aab743965506ef89e3229084bc92c9041a49796b400f454a2c912efebd44b4f apk-tools-v2.10.6.tar.gz"
diff --git a/main/apk-tools/lua-apk_time.patch b/main/apk-tools/lua-apk_time.patch
deleted file mode 100644
index 01b68f369e..0000000000
--- a/main/apk-tools/lua-apk_time.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/src/lua-apk.c b/src/lua-apk.c
-index 532577a..26129fb 100644
---- a/src/lua-apk.c
-+++ b/src/lua-apk.c
-@@ -37,6 +37,15 @@ struct flagmap opendb_flagmap[] = {
- {NULL, 0}
- };
-
-+time_t apk_time(void)
-+{
-+#ifdef TEST_MODE
-+ return 1559567666;
-+#else
-+ return time(NULL);
-+#endif
-+}
-+
- /* implemented as luaL_typerror until lua 5.1, dropped in 5.2
- * (C) 1994-2012 Lua.org, PUC-Rio. MIT license
- */
diff --git a/main/apk-tools/tar-parser-overflow.patch b/main/apk-tools/tar-parser-overflow.patch
new file mode 100644
index 0000000000..19dffdbfd4
--- /dev/null
+++ b/main/apk-tools/tar-parser-overflow.patch
@@ -0,0 +1,65 @@
+From 1423c95eb62afcad29c6a1946de63e5b6a1e804a Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Fri, 2 Apr 2021 13:22:14 -0600
+Subject: [PATCH] archive: more strictly validate tarball headers
+
+---
+ src/archive.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/src/archive.c b/src/archive.c
+index 81821dc..80677d0 100644
+--- a/src/archive.c
++++ b/src/archive.c
+@@ -60,6 +60,7 @@ struct apk_tar_digest_info {
+
+ #define GET_OCTAL(s) get_octal(s, sizeof(s))
+ #define PUT_OCTAL(s,v) put_octal(s, sizeof(s), v)
++#define HAS_NULLTERM(a) memchr(a, '\0', sizeof(a))
+
+ static unsigned int get_octal(char *s, size_t l)
+ {
+@@ -193,6 +194,27 @@ static void handle_extended_header(struct apk_file_info *fi, apk_blob_t hdr)
+ }
+ }
+
++static int validate_tar_header(struct tar_header *buf)
++{
++ /* Ensure that fields which should be null-terminated
++ * are null-terminated to use string functions on them. */
++ if (!HAS_NULLTERM(buf->uname) || !HAS_NULLTERM(buf->gname) ||
++ !HAS_NULLTERM(buf->linkname) || !HAS_NULLTERM(buf->magic) ||
++ !HAS_NULLTERM(buf->name) || !HAS_NULLTERM(buf->prefix)) {
++ return FALSE;
++ }
++
++ /* Validate the typeflag field. */
++ if (!strchr("KLgx01234567", buf->typeflag))
++ return FALSE;
++
++ /* Validate the size field. */
++ if (GET_OCTAL(buf->size) >= SSIZE_MAX - 512)
++ return FALSE;
++
++ return TRUE;
++}
++
+ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
+ void *ctx, int soft_checksums, struct apk_id_cache *idc)
+ {
+@@ -216,7 +238,12 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
+ memset(&entry, 0, sizeof(entry));
+ entry.name = buf.name;
+ while ((r = apk_istream_read(is, &buf, 512)) == 512) {
++ if (!validate_tar_header(&buf)) {
++ goto err;
++ }
++
+ offset += 512;
++
+ if (buf.name[0] == '\0') {
+ if (end) break;
+ end++;
+--
+2.31.0
+
diff --git a/main/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch b/main/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
new file mode 100644
index 0000000000..0838f08951
--- /dev/null
+++ b/main/busybox/0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
@@ -0,0 +1,54 @@
+From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001
+From: Samuel Sapalski <samuel.sapalski@nokia.com>
+Date: Wed, 3 Mar 2021 16:31:22 +0100
+Subject: [PATCH] decompress_gunzip: Fix DoS if gzip is corrupt
+
+On certain corrupt gzip files, huft_build will set the error bit on
+the result pointer. If afterwards abort_unzip is called huft_free
+might run into a segmentation fault or an invalid pointer to
+free(p).
+
+In order to mitigate this, we check in huft_free if the error bit
+is set and clear it before the linked list is freed.
+
+Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
+Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/decompress_gunzip.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index eb3b64930..e93cd5005 100644
+--- a/archival/libarchive/decompress_gunzip.c
++++ b/archival/libarchive/decompress_gunzip.c
+@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
+ * each table.
+ * t: table to free
+ */
++#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
++#define ERR_RET ((huft_t*)(uintptr_t)1)
+ static void huft_free(huft_t *p)
+ {
+ huft_t *q;
+
++ /*
++ * If 'p' has the error bit set we have to clear it, otherwise we might run
++ * into a segmentation fault or an invalid pointer to free(p)
++ */
++ if (BAD_HUFT(p)) {
++ p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
++ }
++
+ /* Go through linked list, freeing from the malloced (t[-1]) address. */
+ while (p) {
+ q = (--p)->v.t;
+@@ -289,8 +299,6 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
+ * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
+ * is given: "fixed inflate" decoder feeds us such data.
+ */
+-#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
+-#define ERR_RET ((huft_t*)(uintptr_t)1)
+ static huft_t* huft_build(const unsigned *b, const unsigned n,
+ const unsigned s, const struct cp_ext *cp_ext,
+ unsigned *m)
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index c0f6c55bb4..b08bc34e19 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.30.1
-pkgrel=4
+pkgrel=5
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url="https://busybox.net/"
arch="all"
@@ -40,6 +40,8 @@ source="https://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
0016-ip-fix-oneline-link.patch
CVE-2019-5747.patch
+ traceroute-opt-x.patch::https://git.busybox.net/busybox/patch/?id=89358a7131d3e75c74af834bb117b4fad7914983
+
acpid.logrotate
busyboxconfig
busyboxconfig-extras
@@ -49,6 +51,8 @@ source="https://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
"
# secfixes:
+# 1.30.1-r5:
+# - CVE-2021-28831
# 1.30.1-r2:
# - CVE-2019-5747
# 1.29.3-r10:
@@ -226,6 +230,7 @@ d8926f0e4ed7d2fe5af89ff2a944d781b45b109c9edf1ef2591e7bce2a8bbadd7c8ca814cb3c928a
2fdf01e4bb26a3b6fd7ff73649f15eff599d38db1bc61a699576ec9caae2fb37c49d689baca8b1a3a7b2999fbe04751da897518c2fb42d6f21756b468aa7599d 0015-ip-print-dadfailed-flag.patch
bd2c278176e6ca826bbc056f20341220fd39f5ce3ca457c4120b0e49768d2325fb65261c00f476bacbfe6daecaea86212136469f11e3148ebec91baad1ca0225 0016-ip-fix-oneline-link.patch
6952770be92a980174691ac65fda778eaafd23bf8da63ad62149f2cb0f289bef216bb512ae5e013328b3bd5289a351124d22dd819b1e3116cc2244b435eb7287 CVE-2019-5747.patch
+c6dc917e67ab4c9aa0294f22707fd3cfc8cb37d703d8a0bce7f257ac9fb931dc4b815ab1d5e4f3ed3520b6ba046bdc1fbd0d1f8ed73b8d2d51f9238f03e03688 traceroute-opt-x.patch
aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate
fc1f4e44e3f7874a8036d48e039c45e08761007a0f4f9b6f242b63f57b641b7609f47cffc620e08ab6384885a0bec822f840e79567c304dc1944124f27a9f4ad busyboxconfig
c6f0fc8e6f5a166309d8548bd1a7e11a2bc71b67c1222567485329602b55fbd4e12b627fa092fff3c269ebc01f20eb55ae7fca12f7c655afe0e563af4fd2c873 busyboxconfig-extras
diff --git a/main/cairo/85.patch b/main/cairo/85.patch
new file mode 100644
index 0000000000..8d5717ffa2
--- /dev/null
+++ b/main/cairo/85.patch
@@ -0,0 +1,172 @@
+From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH 1/3] Fix mask usage in image-compositor
+
+---
+ src/cairo-image-compositor.c | 8 ++--
+ test/Makefile.sources | 1 +
+ test/bug-image-compositor.c | 39 ++++++++++++++++++++
+ test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes
+ 4 files changed, 44 insertions(+), 4 deletions(-)
+ create mode 100644 test/bug-image-compositor.c
+ create mode 100644 test/reference/bug-image-compositor.ref.png
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index 79ad69f68..4f8aaed99 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ unsigned num_spans)
+ {
+ cairo_image_span_renderer_t *r = abstract_renderer;
+- uint8_t *m;
++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+ int x0;
+
+ if (num_spans == 0)
+ return CAIRO_STATUS_SUCCESS;
+
+ x0 = spans[0].x;
+- m = r->_buf;
++ m = base;
+ do {
+ int len = spans[1].x - spans[0].x;
+ if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ spans[0].x, y,
+ spans[1].x - spans[0].x, h);
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else if (spans[0].coverage == 0x0) {
+ if (spans[0].x != x0) {
+@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ #endif
+ }
+
+- m = r->_buf;
++ m = base;
+ x0 = spans[1].x;
+ } else {
+ *m++ = spans[0].coverage;
+diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
+new file mode 100644
+index 000000000..fc4fd370b
+--- /dev/null
++++ b/test/bug-image-compositor.c
+@@ -0,0 +1,39 @@
++#include "cairo-test.h"
++
++static cairo_test_status_t
++draw (cairo_t *cr, int width, int height)
++{
++ cairo_set_source_rgb (cr, 0., 0., 0.);
++ cairo_paint (cr);
++
++ cairo_set_source_rgb (cr, 1., 1., 1.);
++ cairo_set_line_width (cr, 1.);
++
++ cairo_pattern_t *p = cairo_pattern_create_linear (0, 0, width, height);
++ cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
++ cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
++ cairo_set_source (cr, p);
++
++ cairo_move_to (cr, 0.5, -1);
++ for (int i = 0; i < width; i+=3) {
++ cairo_rel_line_to (cr, 2, 2);
++ cairo_rel_line_to (cr, 1, -2);
++ }
++
++ cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
++ cairo_stroke (cr);
++
++ cairo_pattern_destroy(p);
++
++ return CAIRO_TEST_SUCCESS;
++}
++
++
++CAIRO_TEST (bug_image_compositor,
++ "Crash in image-compositor",
++ "stroke, stress", /* keywords */
++ NULL, /* requirements */
++ 10000, 1,
++ NULL, draw)
++
++
+
+From 8bc14a6bba3bc8a64ff0749c74d9b96305bf6429 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 17:14:18 +0100
+Subject: [PATCH 2/3] Minor cleanups
+
+---
+ test/bug-image-compositor.c | 33 ++++++++++++++++++++++++++++++---
+ 1 file changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
+index fc4fd370b..304ea089c 100644
+--- a/test/bug-image-compositor.c
++++ b/test/bug-image-compositor.c
+@@ -1,5 +1,34 @@
++/*
++ * Copyright © 2020 Uli Schlachter, Heiko Lewin
++ *
++ * Permission is hereby granted, free of charge, to any person
++ * obtaining a copy of this software and associated documentation
++ * files (the "Software"), to deal in the Software without
++ * restriction, including without limitation the rights to use, copy,
++ * modify, merge, publish, distribute, sublicense, and/or sell copies
++ * of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be
++ * included in all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++ * SOFTWARE.
++ *
++ * Author: Uli Schlachter <psychon@znc.in>
++ * Author: Heiko Lewin <hlewin@gmx.de>
++ */
+ #include "cairo-test.h"
+
++
++/* This test reproduces an overflow of a mask-buffer in cairo-image-compositor.c */
++
+ static cairo_test_status_t
+ draw (cairo_t *cr, int width, int height)
+ {
+@@ -13,6 +42,7 @@ draw (cairo_t *cr, int width, int height)
+ cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
+ cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
+ cairo_set_source (cr, p);
++ cairo_pattern_destroy(p);
+
+ cairo_move_to (cr, 0.5, -1);
+ for (int i = 0; i < width; i+=3) {
+@@ -23,8 +53,6 @@ draw (cairo_t *cr, int width, int height)
+ cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
+ cairo_stroke (cr);
+
+- cairo_pattern_destroy(p);
+-
+ return CAIRO_TEST_SUCCESS;
+ }
+
+@@ -36,4 +64,3 @@ CAIRO_TEST (bug_image_compositor,
+ 10000, 1,
+ NULL, draw)
+
+-
+--
+GitLab
+
diff --git a/main/cairo/APKBUILD b/main/cairo/APKBUILD
index d15bd16726..b4a63a44a5 100644
--- a/main/cairo/APKBUILD
+++ b/main/cairo/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cairo
pkgver=1.16.0
-pkgrel=2
+pkgrel=3
pkgdesc="A vector graphics library"
url="https://cairographics.org/"
arch="all"
@@ -16,10 +16,13 @@ source="https://cairographics.org/releases/cairo-$pkgver.tar.xz
musl-stacksize.patch
CVE-2018-19876.patch
pdf-flush.patch
+ 85.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 1.16.0-r3:
+# - CVE-2020-35492
# 1.16.0-r1:
# - CVE-2018-19876
@@ -70,4 +73,5 @@ tools() {
sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz
86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch
8f13cdcae0f134e04778cf5915f858fb8d5357a7e0a454791c93d1566935b985ec66dfe1683cd0b74a1cb44a130923d7a27cf006f3fc70b9bee93abd58a55aa3 CVE-2018-19876.patch
-533ea878dc7f917af92e2694bd3f535a09cde77f0ecd0cc00881fbc9ec1ea86f60026eacc76129705f525f6672929ad8d15d8cfe1bfa61e9962e805a7fbded81 pdf-flush.patch"
+533ea878dc7f917af92e2694bd3f535a09cde77f0ecd0cc00881fbc9ec1ea86f60026eacc76129705f525f6672929ad8d15d8cfe1bfa61e9962e805a7fbded81 pdf-flush.patch
+20699d2dd10531f99587cdcd187a23e23bca5a9f031255c95aade4dadb79bbb62118c7ddff677c2fd20e4ba7694eee4debcd79a4d0736d62951a4fcee56ccae0 85.patch"
diff --git a/main/collectd/APKBUILD b/main/collectd/APKBUILD
index 36ce14e605..14d07c176d 100644
--- a/main/collectd/APKBUILD
+++ b/main/collectd/APKBUILD
@@ -31,7 +31,7 @@ source="https://collectd.org/files/collectd-$pkgver.tar.bz2
builddir="$srcdir"/$pkgname-$pkgver
-# security fixes:
+# secfixes:
# 5.5.2-r0:
# - CVE-2016-6254
diff --git a/main/dahdi-linux-vanilla/APKBUILD b/main/dahdi-linux-vanilla/APKBUILD
index b2f9c62789..b40d50d703 100644
--- a/main/dahdi-linux-vanilla/APKBUILD
+++ b/main/dahdi-linux-vanilla/APKBUILD
@@ -8,7 +8,7 @@ _rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/devicemaster-linux-vanilla/APKBUILD b/main/devicemaster-linux-vanilla/APKBUILD
index 5bbcf9f019..a3cd720be2 100644
--- a/main/devicemaster-linux-vanilla/APKBUILD
+++ b/main/devicemaster-linux-vanilla/APKBUILD
@@ -7,7 +7,7 @@ _rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD
index 395843cff3..9b57f62408 100644
--- a/main/dnsmasq/APKBUILD
+++ b/main/dnsmasq/APKBUILD
@@ -2,6 +2,14 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.83-r0:
+# - CVE-2020-25681
+# - CVE-2020-25682
+# - CVE-2020-25683
+# - CVE-2020-25684
+# - CVE-2020-25685
+# - CVE-2020-25686
+# - CVE-2020-25687
# 2.80-r4:
# - CVE-2019-14834
# 2.79-r0:
@@ -16,12 +24,12 @@
# - CVE-2017-14496
#
pkgname=dnsmasq
-pkgver=2.80
-pkgrel=4
+pkgver=2.83
+pkgrel=0
pkgdesc="A lightweight DNS, DHCP, RA, TFTP and PXE server"
url="http://www.thekelleys.org.uk/dnsmasq/"
arch="all"
-license="GPL-2.0"
+license="GPL-2.0-only OR GPL-3.0-only"
depends="!$pkgname-dnssec"
makedepends="linux-headers nettle-dev"
install="$pkgname.pre-install $pkgname.pre-upgrade
@@ -31,7 +39,6 @@ source="http://www.thekelleys.org.uk/dnsmasq/$pkgname-$pkgver.tar.gz
$pkgname.initd
$pkgname.confd
uncomment-conf-dir.patch
- CVE-2019-14834.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -76,8 +83,7 @@ dnssec() {
cp -r "$pkgdir"/etc "$subpkgdir"/etc
}
-sha512sums="da50030ac96617fbb7d54d5ef02d2ed1e14ec1ebe0df49bc23a1509381bc1644cf6fb95ff72ed15e0ad1e9bd6aa11ec6e4dcabec8ebb152da0d84f9a4408565b dnsmasq-2.80.tar.gz
+sha512sums="bdd6e701317b7a0191625c7d1983b64d4f4e49f3e2d192ca799397d9a8ab5a788542000888d9e0c32d5394622c311b4c191baa392be06ebbf953ebc887b96745 dnsmasq-2.83.tar.gz
a7d64a838d10f4f69e0f2178cf66f0b3725901696e30df9e8e3e09f2afd7c86e9d95af64d2b63ef66f18b8a637397b7015573938df9ad961e2b36c391c3ac579 dnsmasq.initd
9a401bfc408bf1638645c61b8ca734bea0a09ef79fb36648ec7ef21666257234254bbe6c73c82cc23aa1779ddcdda0e6baa2c041866f16dfb9c4e0ba9133eab8 dnsmasq.confd
-01e9e235e667abda07675009fb1947547863e0bb0256393c5a415978e2a49c1007585c7f0b51e8decce79c05e6f2ced3f400b11343feaa4de9b2e524f74a1ee3 uncomment-conf-dir.patch
-d4d11945578430da629d7a38b00eb552cd95b1c438a0b85b63ba637ed19b4283623e39692f48146132b7cb5d453eaa3c07680f1514017d8d458e347153215a9b CVE-2019-14834.patch"
+01e9e235e667abda07675009fb1947547863e0bb0256393c5a415978e2a49c1007585c7f0b51e8decce79c05e6f2ced3f400b11343feaa4de9b2e524f74a1ee3 uncomment-conf-dir.patch"
diff --git a/main/dnsmasq/CVE-2019-14834.patch b/main/dnsmasq/CVE-2019-14834.patch
deleted file mode 100644
index 5f60f5f1d9..0000000000
--- a/main/dnsmasq/CVE-2019-14834.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 69bc94779c2f035a9fffdb5327a54c3aeca73ed5 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Wed, 14 Aug 2019 20:44:50 +0100
-Subject: [PATCH] Fix memory leak in helper.c
-
-Thanks to Xu Mingjie <xumingjie1995@outlook.com> for spotting this.
----
- src/helper.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/src/helper.c b/src/helper.c
-index 33ba120..c392eec 100644
---- a/src/helper.c
-+++ b/src/helper.c
-@@ -80,7 +80,8 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
- pid_t pid;
- int i, pipefd[2];
- struct sigaction sigact;
--
-+ unsigned char *alloc_buff = NULL;
-+
- /* create the pipe through which the main program sends us commands,
- then fork our process. */
- if (pipe(pipefd) == -1 || !fix_fd(pipefd[1]) || (pid = fork()) == -1)
-@@ -186,11 +187,16 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
- struct script_data data;
- char *p, *action_str, *hostname = NULL, *domain = NULL;
- unsigned char *buf = (unsigned char *)daemon->namebuff;
-- unsigned char *end, *extradata, *alloc_buff = NULL;
-+ unsigned char *end, *extradata;
- int is6, err = 0;
- int pipeout[2];
-
-- free(alloc_buff);
-+ /* Free rarely-allocated memory from previous iteration. */
-+ if (alloc_buff)
-+ {
-+ free(alloc_buff);
-+ alloc_buff = NULL;
-+ }
-
- /* we read zero bytes when pipe closed: this is our signal to exit */
- if (!read_write(pipefd[0], (unsigned char *)&data, sizeof(data), 1))
---
-1.7.10.4
-
diff --git a/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch b/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
new file mode 100644
index 0000000000..3c494b40c5
--- /dev/null
+++ b/main/dovecot/0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
@@ -0,0 +1,49 @@
+From b715149395814fc1f77da2d52f74a635854efd49 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 18 Jan 2021 17:38:15 +0200
+Subject: [PATCH] lib: time-util - Fix calculations to work on 32-bit systems
+
+Broken by 16ab55427a727d3c93046367f7ae582c9f744458
+---
+ src/lib/time-util.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/time-util.c b/src/lib/time-util.c
+index 294bb02310..c9ff4a5b62 100644
+--- a/src/lib/time-util.c
++++ b/src/lib/time-util.c
+@@ -38,22 +38,24 @@ int timeval_cmp(const struct timeval *tv1, const struct timeval *tv2)
+ int timeval_cmp_margin(const struct timeval *tv1, const struct timeval *tv2,
+ unsigned int usec_margin)
+ {
+- long long usecs_diff;
++ long long usecs_diff, secs_diff;
+ int sec_margin, ret;
+
+ if (tv1->tv_sec < tv2->tv_sec) {
++ secs_diff = (long long)tv2->tv_sec - (long long)tv1->tv_sec;
++ usecs_diff = tv2->tv_usec - tv1->tv_usec;
+ sec_margin = ((int)usec_margin / 1000000) + 1;
+- if ((tv2->tv_sec - tv1->tv_sec) > sec_margin)
++ if (secs_diff > sec_margin)
+ return -1;
+- usecs_diff = (tv2->tv_sec - tv1->tv_sec) * 1000000LL +
+- (tv2->tv_usec - tv1->tv_usec);
++ usecs_diff = secs_diff * 1000000LL + usecs_diff;
+ ret = -1;
+ } else if (tv1->tv_sec > tv2->tv_sec) {
++ secs_diff = (long long)tv1->tv_sec - (long long)tv2->tv_sec;
++ usecs_diff = tv1->tv_usec - tv2->tv_usec;
+ sec_margin = ((int)usec_margin / 1000000) + 1;
+- if ((tv1->tv_sec - tv2->tv_sec) > sec_margin)
++ if (secs_diff > sec_margin)
+ return 1;
+- usecs_diff = (tv1->tv_sec - tv2->tv_sec) * 1000000LL +
+- (tv1->tv_usec - tv2->tv_usec);
++ usecs_diff = secs_diff * 1000000LL + usecs_diff;
+ ret = 1;
+ } else if (tv1->tv_usec < tv2->tv_usec) {
+ usecs_diff = tv2->tv_usec - tv1->tv_usec;
+--
+2.20.1
+
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 545416837e..75dbf1ea02 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -4,10 +4,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
-pkgver=2.3.10.1
-_pkgvermajor=2.3
+pkgver=2.3.13
+_pkgverminor=${pkgver%.*}
+_pkgvermajor=${_pkgverminor%.*}
pkgrel=1
-_pigeonholever=0.5.10
+_pigeonholever=0.5.13
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
url="https://www.dovecot.org/"
@@ -57,20 +58,23 @@ subpackages="
$pkgname-fts-solr:_fts_solr
$pkgname-fts-lucene:_fts_lucene
"
-source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
- https://pigeonhole.dovecot.org/releases/$_pkgvermajor/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever.tar.gz
+source="https://www.dovecot.org/releases/$_pkgverminor/dovecot-$pkgver.tar.gz
+ https://pigeonhole.dovecot.org/releases/$_pkgverminor/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
- CVE-2020-12673.patch
- CVE-2020-12674.patch
+ fix-oauth2-jwt.c.patch
+ fix-out-of-memory-test.patch
+ 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
dovecot.logrotate
dovecot.initd
"
-builddir="$srcdir/$pkgname-$pkgver"
-_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
+_builddir_pigeonhole="$srcdir/$pkgname-$_pkgverminor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.13-r0:
+# - CVE-2020-24386
+# - CVE-2020-25275
# 2.3.10.1-r1:
# - CVE-2020-12673
# - CVE-2020-12674
@@ -315,12 +319,13 @@ _submv() {
done
}
-sha512sums="5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 dovecot-2.3.10.1.tar.gz
-f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b dovecot-2.3-pigeonhole-0.5.10.tar.gz
+sha512sums="758a169fba8925637ed18fa7522a6f06c9fe01a1707b1ca0d0a4d8757c578a8e117c91733e8314403839f9a484bbcac71ce3532c82379eb583b480756d556a95 dovecot-2.3.13.tar.gz
+fcbc13d71af4e6dd4e34192484e203d755e5015da76a4774b11a79182b2baad36cab5a471346093111ace36a7775dfe8294555f8b777786dde386820b3ec5cd3 dovecot-2.3-pigeonhole-0.5.13.tar.gz
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
-54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch
-3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch
+7f428b0f14323a5dda00aef93f4835c2c38a7b780a939a47f759d31df4636e86055f95d17e2358cb37a2704ea022dfad602c7ed4568cba644347f20fd1e15e3b fix-oauth2-jwt.c.patch
+733cdbfb7f6b2608470bd30a0f9190ec86099d4c8e48b7fb92d7b595be665bf749976889033e1ad438edd3f99f2e0d496dd0d667291915c80df82f7e62483f59 fix-out-of-memory-test.patch
+ad2cd2c51b0fe977d22b62fda7258de68d62513c6fe11bd0e38d8326f478f2d5a469800fd5a110070f35072facccfdb6c044e41b3a5c4b03ea1ea0b2a3e00395 0001-lib-time-util-Fix-calculations-to-work-on-32-bit-sys.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
diff --git a/main/dovecot/CVE-2020-12673.patch b/main/dovecot/CVE-2020-12673.patch
deleted file mode 100644
index 9dd26e0350..0000000000
--- a/main/dovecot/CVE-2020-12673.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@open-xchange.com>
-Date: Mon, 18 May 2020 12:33:39 +0300
-Subject: [PATCH] lib-ntlm: Check buffer length on responses
-
-Add missing check for buffer length.
-
-If this is not checked, it is possible to send message which
-causes read past buffer bug.
-
-Broken in c7480644202e5451fbed448508ea29a25cffc99c
----
- src/lib-ntlm/ntlm-message.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
-index 160b9f918c..a29413b47e 100644
---- a/src/lib-ntlm/ntlm-message.c
-+++ b/src/lib-ntlm/ntlm-message.c
-@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
- if (length == 0 && space == 0)
- return TRUE;
-
-+ if (length > data_size) {
-+ *error = "buffer length out of bounds";
-+ return FALSE;
-+ }
-+
- if (offset >= data_size) {
- *error = "buffer offset out of bounds";
- return FALSE;
diff --git a/main/dovecot/CVE-2020-12674.patch b/main/dovecot/CVE-2020-12674.patch
deleted file mode 100644
index a9dca2a82d..0000000000
--- a/main/dovecot/CVE-2020-12674.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001
-From: Aki Tuomi <aki.tuomi@open-xchange.com>
-Date: Wed, 6 May 2020 13:40:36 +0300
-Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer
-
----
- src/auth/mech-rpa.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
-index 08298ebdd6..2de8705b4f 100644
---- a/src/auth/mech-rpa.c
-+++ b/src/auth/mech-rpa.c
-@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
- return 0;
-
- len = *p++;
-- if (p + len > end)
-+ if (p + len > end || len == 0)
- return 0;
-
- *buffer = p_malloc(pool, len);
diff --git a/main/dovecot/fix-oauth2-jwt.c.patch b/main/dovecot/fix-oauth2-jwt.c.patch
new file mode 100644
index 0000000000..b3755f6993
--- /dev/null
+++ b/main/dovecot/fix-oauth2-jwt.c.patch
@@ -0,0 +1,55 @@
+From 42c37d2473116bf4a7fcafcaf94de83947fe80bc Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Thu, 13 Aug 2020 20:01:41 +0300
+Subject: [PATCH] oauth2-jwt: Use int64_t instead time_t for portability
+
+
+diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
+index a68875e57..0adf612d9 100644
+--- a/src/lib-oauth2/oauth2-jwt.c
++++ b/src/lib-oauth2/oauth2-jwt.c
+@@ -31,18 +31,25 @@ static const char *get_field(const struct json_tree *tree, const char *key)
+ }
+
+ static int get_time_field(const struct json_tree *tree, const char *key,
+- long *value_r)
++ int64_t *value_r)
+ {
++ time_t tvalue;
+ const char *value = get_field(tree, key);
+ int tz_offset ATTR_UNUSED;
+ if (value == NULL)
+ return 0;
+- if ((str_to_long(value, value_r) < 0 &&
+- !iso8601_date_parse((const unsigned char*)value, strlen(value),
+- value_r, &tz_offset)) ||
+- *value_r < 0)
+- return -1;
+- return 1;
++ if (str_to_int64(value, value_r) == 0) {
++ if (*value_r < 0)
++ return -1;
++ return 1;
++ } else if (iso8601_date_parse((const unsigned char*)value, strlen(value),
++ &tvalue, &tz_offset)) {
++ if (tvalue < 0)
++ return -1;
++ *value_r = tvalue;
++ return 1;
++ }
++ return -1;
+ }
+
+ static int oauth2_lookup_hmac_key(const struct oauth2_settings *set,
+@@ -283,9 +290,9 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg, cons
+ const char *sub = get_field(tree, "sub");
+
+ int ret;
+- long t0 = time(NULL);
++ int64_t t0 = time(NULL);
+ /* default IAT and NBF to now */
+- long iat, nbf, exp;
++ int64_t iat, nbf, exp;
+ int tz_offset ATTR_UNUSED;
+
+ if (sub == NULL) {
diff --git a/main/dovecot/fix-out-of-memory-test.patch b/main/dovecot/fix-out-of-memory-test.patch
new file mode 100644
index 0000000000..09df953d5c
--- /dev/null
+++ b/main/dovecot/fix-out-of-memory-test.patch
@@ -0,0 +1,22 @@
+fixes test in src/lib/test-file-cache.c for musl
+
+--- a/src/lib/test-file-cache.c 2021-01-04 17:55:39.550032767 +0000
++++ b/src/lib/test-file-cache.c 2021-01-04 17:54:31.439645416 +0000
+@@ -263,7 +263,7 @@
+ };
+ const char *errstr =
+ t_strdup_printf("mmap_anon(.test_file_cache, %zu) failed: "
+- "Cannot allocate memory", page_size);
++ "Out of memory", page_size);
+ test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0);
+ test_expect_error_string(errstr);
+ test_assert(file_cache_set_size(cache, 1024) == -1);
+@@ -271,7 +271,7 @@
+
+ /* same for mremap */
+ errstr = t_strdup_printf("mremap_anon(.test_file_cache, %zu) failed: "
+- "Cannot allocate memory", page_size*2);
++ "Out of memory", page_size*2);
+ test_assert(file_cache_set_size(cache, 1) == 0);
+ test_assert(setrlimit(RLIMIT_AS, &rl_new) == 0);
+ test_expect_error_string(errstr);
diff --git a/main/drbd-vanilla/APKBUILD b/main/drbd-vanilla/APKBUILD
index 6ff48af94d..7cdd8fd12b 100644
--- a/main/drbd-vanilla/APKBUILD
+++ b/main/drbd-vanilla/APKBUILD
@@ -3,12 +3,12 @@
# when changing _ver we *must* bump _rel
_name=drbd
-_ver=9.0.16-1
+_ver=9.0.27-1
_rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kabi="$_kver-$_krel-$_flavor"
_kpkgver="$_kver-r$_krel"
@@ -22,8 +22,9 @@ url="https://www.linbit.com/en/drbd-community/drbd-download/"
arch="all"
license="GPL-2.0-or-later"
depends="$_kpkg=$_kpkgver"
-makedepends="$_kpkg-dev=$_kpkgver bash"
-source="http://www.linbit.com/downloads/drbd/${_ver%.*}/drbd-$_ver.tar.gz"
+makedepends="$_kpkg-dev=$_kpkgver bash coreutils"
+source="http://www.linbit.com/downloads/drbd/${_ver%.*}/drbd-$_ver.tar.gz
+ build-fix-32bit.patch"
builddir=$srcdir/$_name-$_ver
@@ -52,4 +53,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="8e2ecb9fdfd3ed2b4d7c82839f55f348e8d2277c775c0a9fa655002e98a7b565c638a11436a1f22dd31fdc223d4575fea41eedf8a922b2d1dc5b579ebd1a2b09 drbd-9.0.16-1.tar.gz"
+sha512sums="e8a2ec57241b9933dd5655e2d6e65d04c0e88017ed76773b5d351f0ed30c167a8b1f4e7145221fb0aec8bdb5ca3d95c428b46c9dceb2576b6c3598962abc699f drbd-9.0.27-1.tar.gz
+32e30116c51442a8c67ff250537bd63f199c7fb9749d8c502894c6da2de4b0e707cd8922e8331b6284721c4679061533f7cc6e681a7e85482060a212adb97d17 build-fix-32bit.patch"
diff --git a/main/drbd-vanilla/build-fix-32bit.patch b/main/drbd-vanilla/build-fix-32bit.patch
new file mode 100644
index 0000000000..fbe2605e48
--- /dev/null
+++ b/main/drbd-vanilla/build-fix-32bit.patch
@@ -0,0 +1,15 @@
+upstream: https://lists.linbit.com/pipermail/drbd-user/2021-February/025841.html
+
+diff --git a/drbd/drbd_sender.c b/drbd/drbd_sender.c
+index 3f52dfe..5b3c9c7 100644
+--- a/drbd/drbd_sender.c
++++ b/drbd/drbd_sender.c
+@@ -664,7 +664,7 @@ static int drbd_single_request_delay(struct drbd_peer_device *peer_device)
+ struct peer_device_conf *pdc = rcu_dereference(peer_device->conf);
+ /* The delay should be at least enough so that we can request
+ * some data next time, so round up. */
+- delay = DIV_ROUND_UP(HZ * BM_SECT_PER_BIT, pdc->c_max_rate * 2);
++ delay = DIV_ROUND_UP((unsigned long)(HZ * BM_SECT_PER_BIT / 2), pdc->c_max_rate);
+ } else {
+ delay = RS_MAKE_REQS_INTV;
+ }
diff --git a/main/git/APKBUILD b/main/git/APKBUILD
index 957e3b0f19..7ca1c189e3 100644
--- a/main/git/APKBUILD
+++ b/main/git/APKBUILD
@@ -2,6 +2,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.22.5-r0:
+# - CVE-2021-21300
# 2.22.4-r0:
# - CVE-2020-11008
# 2.22.3-r0:
@@ -24,7 +26,7 @@
# 2.14.1-r0:
# - CVE-2017-1000117
pkgname=git
-pkgver=2.22.4
+pkgver=2.22.5
pkgrel=0
pkgdesc="Distributed version control system"
url="https://www.git-scm.com/"
@@ -273,6 +275,6 @@ _perl_config() {
perl -e "use Config; print \$Config{$1};"
}
-sha512sums="fbc84ecbfe05e4e8fd24d3a3e46802186c2c878ce4b09713491dd778f99320214b6d6187a7d3597163edfa4b9bc8fe3c11f1585f2ea41d1d7e34830d8625a311 git-2.22.4.tar.xz
+sha512sums="b254d426f5ede9c15e934ad7aec98e3dcc49e82ae0e18518ff70df2a48b5bec6c666c9b3999bbd4caed112fbbc6ba0ad00d347a0e5655bcb3c08c72b1e05f521 git-2.22.5.tar.xz
89528cdd14c51fd568aa61cf6c5eae08ea0844e59f9af9292da5fc6c268261f4166017d002d494400945e248df6b844e2f9f9cd2d9345d516983f5a110e4c42a git-daemon.initd
fbf1f425206a76e2a8f82342537ed939ff7e623d644c086ca2ced5f69b36734695f9f80ebda1728f75a94d6cd2fcb71bf845b64239368caab418e4d368c141ec git-daemon.confd"
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index 9ee64e49cf..1cfa356915 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
pkgver=3.6.15
-pkgrel=0
+pkgrel=1
pkgdesc="A TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
@@ -17,9 +17,14 @@ case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
+ CVE-2021-20231.patch
+ CVE-2021-20232.patch
"
# secfixes:
+# 3.6.15-r1:
+# - CVE-2021-20231
+# - CVE-2021-20232
# 3.6.15-r0:
# - CVE-2020-24659 GNUTLS-SA-2020-09-04
# 3.6.14-r0:
@@ -69,4 +74,6 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
-sha512sums="f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c gnutls-3.6.15.tar.xz"
+sha512sums="f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c gnutls-3.6.15.tar.xz
+37261adbb9da45b3f2b11e65a148e19c825970d3342b2946ccbc4abbea9b61c8a90d79b220ddc16cdcad95ee26a77a53fac6400d68c76e2cf8aea5e22900e374 CVE-2021-20231.patch
+9c6bffcccc2ac887f92f252be94a822465a79a5080d6e912c3f8ef44a53511f1eefb2fa876a3af6d21ddc2baf5717b8c454d6a79bd328fe52b02f4d27c12a505 CVE-2021-20232.patch"
diff --git a/main/gnutls/CVE-2021-20231.patch b/main/gnutls/CVE-2021-20231.patch
new file mode 100644
index 0000000000..3601446794
--- /dev/null
+++ b/main/gnutls/CVE-2021-20231.patch
@@ -0,0 +1,62 @@
+From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:32 +0100
+Subject: [PATCH] key_share: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/key_share.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
+index ab8abf8fe6..a8c4bb5cff 100644
+--- a/lib/ext/key_share.c
++++ b/lib/ext/key_share.c
+@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session,
+ {
+ unsigned i;
+ int ret;
+- unsigned char *lengthp;
+- unsigned int cur_length;
+ unsigned int generated = 0;
+ const gnutls_group_entry_st *group;
+ const version_entry_st *ver;
+
+ /* this extension is only being sent on client side */
+ if (session->security_parameters.entity == GNUTLS_CLIENT) {
++ unsigned int length_pos;
++
+ ver = _gnutls_version_max(session);
+ if (unlikely(ver == NULL || ver->key_shares == 0))
+ return 0;
+@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session,
+ if (!have_creds_for_tls13(session))
+ return 0;
+
+- /* write the total length later */
+- lengthp = &extdata->data[extdata->length];
++ length_pos = extdata->length;
+
+ ret =
+ _gnutls_buffer_append_prefix(extdata, 16, 0);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+- cur_length = extdata->length;
+-
+ if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
+ group = get_group(session);
+ if (unlikely(group == NULL))
+@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session,
+ }
+
+ /* copy actual length */
+- _gnutls_write_uint16(extdata->length - cur_length, lengthp);
++ _gnutls_write_uint16(extdata->length - length_pos - 2,
++ &extdata->data[length_pos]);
+
+ } else { /* server */
+ ver = get_version(session);
+--
+GitLab
+
diff --git a/main/gnutls/CVE-2021-20232.patch b/main/gnutls/CVE-2021-20232.patch
new file mode 100644
index 0000000000..fd1575e4fa
--- /dev/null
+++ b/main/gnutls/CVE-2021-20232.patch
@@ -0,0 +1,60 @@
+From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Fri, 29 Jan 2021 14:06:50 +0100
+Subject: [PATCH] pre_shared_key: avoid use-after-free around realloc
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ lib/ext/pre_shared_key.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
+index a042c6488e..380bf39ed5 100644
+--- a/lib/ext/pre_shared_key.c
++++ b/lib/ext/pre_shared_key.c
+@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
+ size_t spos;
+ gnutls_datum_t username = {NULL, 0};
+ gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
+- gnutls_datum_t client_hello;
++ unsigned client_hello_len;
+ unsigned next_idx;
+ const mac_entry_st *prf_res = NULL;
+ const mac_entry_st *prf_psk = NULL;
+@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session,
+ assert(extdata->length >= sizeof(mbuffer_st));
+ assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
+ ext_offset -= sizeof(mbuffer_st);
+- client_hello.data = extdata->data+sizeof(mbuffer_st);
+- client_hello.size = extdata->length-sizeof(mbuffer_st);
++ client_hello_len = extdata->length-sizeof(mbuffer_st);
+
+ next_idx = 0;
+
+@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_res && rkey.size > 0) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_res,
+ binders_len, binders_pos,
+ ext_offset, &rkey, &client_hello, 1,
+@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session,
+ }
+
+ if (prf_psk && user_key.size > 0 && info) {
++ gnutls_datum_t client_hello;
++
++ client_hello.data = extdata->data+sizeof(mbuffer_st);
++ client_hello.size = client_hello_len;
++
+ ret = compute_psk_binder(session, prf_psk,
+ binders_len, binders_pos,
+ ext_offset, &user_key, &client_hello, 0,
+--
+GitLab
+
diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD
index 670f122460..1679916c58 100644
--- a/main/haproxy/APKBUILD
+++ b/main/haproxy/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=haproxy
-pkgver=2.0.14
+pkgver=2.0.21
_pkgmajorver=${pkgver%.*}
pkgrel=0
pkgdesc="A TCP/HTTP reverse proxy for high availability environments"
@@ -53,6 +53,6 @@ package() {
"$pkgdir"/etc/haproxy/haproxy.cfg
}
-sha512sums="6b63b713a1009eff59a2622fa93462deb8794c910685840f142711a61be88ea228c7cb2ec7ca50bba0803288625e1a65b2d2f87ffbcedfd23debfbbbb5d96993 haproxy-2.0.14.tar.gz
+sha512sums="a2273928568ca27d164a9bfae579a4635afa57f8d52f576073758d26a60973bb713a49fbafa6173e3130ca5712efdbf4e214bf85b7530b23eb523b667848f588 haproxy-2.0.21.tar.gz
3ab277bf77fe864ec6c927118dcd70bdec0eb3c54535812d1c3c0995fa66a3ea91a73c342edeb8944caeb097d2dd1a7761099182df44af5e3ef42de6e2176d26 haproxy.initd
26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg"
diff --git a/main/haserl/APKBUILD b/main/haserl/APKBUILD
index ab604859e8..3dfe5133a2 100644
--- a/main/haserl/APKBUILD
+++ b/main/haserl/APKBUILD
@@ -2,8 +2,8 @@
_luaversions="5.3 5.2 5.1"
_defaultlua="5.3"
pkgname=haserl
-pkgver=0.9.35
-pkgrel=1
+pkgver=0.9.36
+pkgrel=0
pkgdesc="Html And Shell Embedded Report Language"
url="http://haserl.sourceforge.net/"
arch="all"
@@ -19,6 +19,10 @@ done
options="suid"
source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+# secfixes:
+# 0.9.36-r0:
+# - CVE-2021-29133
+
_sdir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_sdir"
@@ -75,6 +79,4 @@ for _i in $_luaversions; do
eval "split_${_i/./_}() { _split $_i; }"
done
-md5sums="918f0b4f6cec0b438c8b5c78f2989010 haserl-0.9.35.tar.gz"
-sha256sums="a1b633e80f3e2638e7f8f850786e95072cfd9877f88780092996fd6aaf7ae2da haserl-0.9.35.tar.gz"
-sha512sums="f0f2fc46540223b4b5369fe13b3020bed5e0578b7ca1ed1688f01678ba5302c876540c0d58dde427f9180915fa38cfffd01f1a4cbbc0fce851789056b3665ab0 haserl-0.9.35.tar.gz"
+sha512sums="727c6b4cf26bb7fd9d55c328dcca47dc0093b2836cd4874ad28a9c07d9ad4c82c22b899f64df33bad37325f66ce1af8aec1fe0a90e42b9f6cc06b01afe3062d9 haserl-0.9.36.tar.gz"
diff --git a/main/libbsd/APKBUILD b/main/libbsd/APKBUILD
index 4fa127bf28..73e8005cd6 100644
--- a/main/libbsd/APKBUILD
+++ b/main/libbsd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Drew DeVault <sir@cmpwn.com>
pkgname=libbsd
pkgver=0.9.1
-pkgrel=0
+pkgrel=1
pkgdesc="commonly-used BSD functions not implemented by all libcs"
url="https://libbsd.freedesktop.org/"
arch="all"
@@ -15,9 +15,15 @@ subpackages="$pkgname-dev $pkgname-doc"
source="https://libbsd.freedesktop.org/releases/$pkgname-$pkgver.tar.xz
disable-fpurge-test.patch
headers.patch
+ CVE-2019-20367.patch
"
builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 0.9.1-r1:
+# - CVE-2019-20367
+
prepare() {
default_prepare
@@ -50,4 +56,5 @@ package() {
sha512sums="435822b8f2495a5e2705e5ab5c834a4f0f3a177b3e5c46a7c6162924507ca984e957e94a512b5ebd0067ecb413bac458fade357709ef199e9b75edf0315de91c libbsd-0.9.1.tar.xz
34ab57a9b67c0d6035312dff78e6dd0d1c48442c6a1b6e769b6ebb6dccb0dac80ccc2c309724e39c097cdac944bdbd9522582f93f2567da8c6615990e2d0238b disable-fpurge-test.patch
-594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch"
+594d598bc7f6d34bff080a26f8d726bf779d3827423f242ee7caa9a58fc89c89d80e0677c03e9c640e0074afbdc34636fa8ffa47a99fd9c576845e3039a7ccbd headers.patch
+6e77f28b4e8f5214528e6b5e4fdf482e6e3b09780bae028d2d5c381410060fc5e006bcccb4013bea4fb4caa8e125961824230f292ced5c80763887c9566089fc CVE-2019-20367.patch"
diff --git a/main/libbsd/CVE-2019-20367.patch b/main/libbsd/CVE-2019-20367.patch
new file mode 100644
index 0000000000..eb1fffba90
--- /dev/null
+++ b/main/libbsd/CVE-2019-20367.patch
@@ -0,0 +1,42 @@
+From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Wed, 7 Aug 2019 22:58:30 +0200
+Subject: [PATCH] nlist: Fix out-of-bounds read on strtab
+
+When doing a string comparison for a symbol name from the string table,
+we should make sure we do a bounded comparison, otherwise a non-NUL
+terminated string might make the code read out-of-bounds.
+
+Warned-by: coverity
+---
+ src/nlist.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/nlist.c b/src/nlist.c
+index 8aa46a2..228c220 100644
+--- a/src/nlist.c
++++ b/src/nlist.c
+@@ -236,16 +236,18 @@ __fdnlist(int fd, struct nlist *list)
+ symsize -= cc;
+ for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
+ char *name;
++ Elf_Word size;
+ struct nlist *p;
+
+ name = strtab + s->st_name;
+ if (name[0] == '\0')
+ continue;
++ size = symstrsize - s->st_name;
+
+ for (p = list; !ISLAST(p); p++) {
+ if ((p->n_un.n_name[0] == '_' &&
+- strcmp(name, p->n_un.n_name+1) == 0)
+- || strcmp(name, p->n_un.n_name) == 0) {
++ strncmp(name, p->n_un.n_name+1, size) == 0) ||
++ strncmp(name, p->n_un.n_name, size) == 0) {
+ elf_sym_to_nlist(p, s, shdr,
+ ehdr.e_shnum);
+ if (--nent <= 0)
+--
+GitLab
+
diff --git a/main/libssh2/APKBUILD b/main/libssh2/APKBUILD
index 92fca5cbb7..5c4feef289 100644
--- a/main/libssh2/APKBUILD
+++ b/main/libssh2/APKBUILD
@@ -12,7 +12,7 @@ source="https://www.libssh2.org/download/libssh2-$pkgver.tar.gz
CVE-2019-17498.patch"
builddir="$srcdir"/libssh2-$pkgver
-# security fixes:
+# secfixes:
# 1.9.0-r1:
# - CVE-2019-17498
# 1.9.0-r0:
diff --git a/main/linux-vanilla/0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch b/main/linux-vanilla/0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch
new file mode 100644
index 0000000000..2441864dfb
--- /dev/null
+++ b/main/linux-vanilla/0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch
@@ -0,0 +1,355 @@
+From 7b7b95eca1c3c2d6e5302b813b2b8470d004dedb Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Thu, 13 Sep 2018 13:30:45 +0100
+Subject: [PATCH 1/2] arm64: Avoid redundant type conversions in xchg() and
+ cmpxchg()
+
+Our atomic instructions (either LSE atomics of LDXR/STXR sequences)
+natively support byte, half-word, word and double-word memory accesses
+so there is no need to mask the data register prior to being stored.
+
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+(cherry picked from commit 5ef3fe4cecdf82fdd71ce78988403963d01444d4)
+---
+ arch/arm64/include/asm/atomic_ll_sc.h | 53 ++++++------
+ arch/arm64/include/asm/atomic_lse.h | 46 +++++-----
+ arch/arm64/include/asm/cmpxchg.h | 116 +++++++++++++-------------
+ 3 files changed, 108 insertions(+), 107 deletions(-)
+
+diff --git a/arch/arm64/include/asm/atomic_ll_sc.h b/arch/arm64/include/asm/atomic_ll_sc.h
+index f5a2d09afb38..f02d3bf7b9e6 100644
+--- a/arch/arm64/include/asm/atomic_ll_sc.h
++++ b/arch/arm64/include/asm/atomic_ll_sc.h
+@@ -248,48 +248,49 @@ __LL_SC_PREFIX(atomic64_dec_if_positive(atomic64_t *v))
+ }
+ __LL_SC_EXPORT(atomic64_dec_if_positive);
+
+-#define __CMPXCHG_CASE(w, sz, name, mb, acq, rel, cl) \
+-__LL_SC_INLINE unsigned long \
+-__LL_SC_PREFIX(__cmpxchg_case_##name(volatile void *ptr, \
+- unsigned long old, \
+- unsigned long new)) \
++#define __CMPXCHG_CASE(w, sfx, name, sz, mb, acq, rel, cl) \
++__LL_SC_INLINE u##sz \
++__LL_SC_PREFIX(__cmpxchg_case_##name##sz(volatile void *ptr, \
++ unsigned long old, \
++ u##sz new)) \
+ { \
+- unsigned long tmp, oldval; \
++ unsigned long tmp; \
++ u##sz oldval; \
+ \
+ asm volatile( \
+ " prfm pstl1strm, %[v]\n" \
+- "1: ld" #acq "xr" #sz "\t%" #w "[oldval], %[v]\n" \
++ "1: ld" #acq "xr" #sfx "\t%" #w "[oldval], %[v]\n" \
+ " eor %" #w "[tmp], %" #w "[oldval], %" #w "[old]\n" \
+ " cbnz %" #w "[tmp], 2f\n" \
+- " st" #rel "xr" #sz "\t%w[tmp], %" #w "[new], %[v]\n" \
++ " st" #rel "xr" #sfx "\t%w[tmp], %" #w "[new], %[v]\n" \
+ " cbnz %w[tmp], 1b\n" \
+ " " #mb "\n" \
+ "2:" \
+ : [tmp] "=&r" (tmp), [oldval] "=&r" (oldval), \
+- [v] "+Q" (*(unsigned long *)ptr) \
++ [v] "+Q" (*(u##sz *)ptr) \
+ : [old] "Lr" (old), [new] "r" (new) \
+ : cl); \
+ \
+ return oldval; \
+ } \
+-__LL_SC_EXPORT(__cmpxchg_case_##name);
++__LL_SC_EXPORT(__cmpxchg_case_##name##sz);
+
+-__CMPXCHG_CASE(w, b, 1, , , , )
+-__CMPXCHG_CASE(w, h, 2, , , , )
+-__CMPXCHG_CASE(w, , 4, , , , )
+-__CMPXCHG_CASE( , , 8, , , , )
+-__CMPXCHG_CASE(w, b, acq_1, , a, , "memory")
+-__CMPXCHG_CASE(w, h, acq_2, , a, , "memory")
+-__CMPXCHG_CASE(w, , acq_4, , a, , "memory")
+-__CMPXCHG_CASE( , , acq_8, , a, , "memory")
+-__CMPXCHG_CASE(w, b, rel_1, , , l, "memory")
+-__CMPXCHG_CASE(w, h, rel_2, , , l, "memory")
+-__CMPXCHG_CASE(w, , rel_4, , , l, "memory")
+-__CMPXCHG_CASE( , , rel_8, , , l, "memory")
+-__CMPXCHG_CASE(w, b, mb_1, dmb ish, , l, "memory")
+-__CMPXCHG_CASE(w, h, mb_2, dmb ish, , l, "memory")
+-__CMPXCHG_CASE(w, , mb_4, dmb ish, , l, "memory")
+-__CMPXCHG_CASE( , , mb_8, dmb ish, , l, "memory")
++__CMPXCHG_CASE(w, b, , 8, , , , )
++__CMPXCHG_CASE(w, h, , 16, , , , )
++__CMPXCHG_CASE(w, , , 32, , , , )
++__CMPXCHG_CASE( , , , 64, , , , )
++__CMPXCHG_CASE(w, b, acq_, 8, , a, , "memory")
++__CMPXCHG_CASE(w, h, acq_, 16, , a, , "memory")
++__CMPXCHG_CASE(w, , acq_, 32, , a, , "memory")
++__CMPXCHG_CASE( , , acq_, 64, , a, , "memory")
++__CMPXCHG_CASE(w, b, rel_, 8, , , l, "memory")
++__CMPXCHG_CASE(w, h, rel_, 16, , , l, "memory")
++__CMPXCHG_CASE(w, , rel_, 32, , , l, "memory")
++__CMPXCHG_CASE( , , rel_, 64, , , l, "memory")
++__CMPXCHG_CASE(w, b, mb_, 8, dmb ish, , l, "memory")
++__CMPXCHG_CASE(w, h, mb_, 16, dmb ish, , l, "memory")
++__CMPXCHG_CASE(w, , mb_, 32, dmb ish, , l, "memory")
++__CMPXCHG_CASE( , , mb_, 64, dmb ish, , l, "memory")
+
+ #undef __CMPXCHG_CASE
+
+diff --git a/arch/arm64/include/asm/atomic_lse.h b/arch/arm64/include/asm/atomic_lse.h
+index eab3de4f2ad2..80cadc789f1a 100644
+--- a/arch/arm64/include/asm/atomic_lse.h
++++ b/arch/arm64/include/asm/atomic_lse.h
+@@ -480,24 +480,24 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
+
+ #define __LL_SC_CMPXCHG(op) __LL_SC_CALL(__cmpxchg_case_##op)
+
+-#define __CMPXCHG_CASE(w, sz, name, mb, cl...) \
+-static inline unsigned long __cmpxchg_case_##name(volatile void *ptr, \
+- unsigned long old, \
+- unsigned long new) \
++#define __CMPXCHG_CASE(w, sfx, name, sz, mb, cl...) \
++static inline u##sz __cmpxchg_case_##name##sz(volatile void *ptr, \
++ unsigned long old, \
++ u##sz new) \
+ { \
+ register unsigned long x0 asm ("x0") = (unsigned long)ptr; \
+ register unsigned long x1 asm ("x1") = old; \
+- register unsigned long x2 asm ("x2") = new; \
++ register u##sz x2 asm ("x2") = new; \
+ \
+ asm volatile( \
+ __LSE_PREAMBLE \
+ ARM64_LSE_ATOMIC_INSN( \
+ /* LL/SC */ \
+- __LL_SC_CMPXCHG(name) \
++ __LL_SC_CMPXCHG(name##sz) \
+ __nops(2), \
+ /* LSE atomics */ \
+ " mov " #w "30, %" #w "[old]\n" \
+- " cas" #mb #sz "\t" #w "30, %" #w "[new], %[v]\n" \
++ " cas" #mb #sfx "\t" #w "30, %" #w "[new], %[v]\n" \
+ " mov %" #w "[ret], " #w "30") \
+ : [ret] "+r" (x0), [v] "+Q" (*(unsigned long *)ptr) \
+ : [old] "r" (x1), [new] "r" (x2) \
+@@ -506,22 +506,22 @@ static inline unsigned long __cmpxchg_case_##name(volatile void *ptr, \
+ return x0; \
+ }
+
+-__CMPXCHG_CASE(w, b, 1, )
+-__CMPXCHG_CASE(w, h, 2, )
+-__CMPXCHG_CASE(w, , 4, )
+-__CMPXCHG_CASE(x, , 8, )
+-__CMPXCHG_CASE(w, b, acq_1, a, "memory")
+-__CMPXCHG_CASE(w, h, acq_2, a, "memory")
+-__CMPXCHG_CASE(w, , acq_4, a, "memory")
+-__CMPXCHG_CASE(x, , acq_8, a, "memory")
+-__CMPXCHG_CASE(w, b, rel_1, l, "memory")
+-__CMPXCHG_CASE(w, h, rel_2, l, "memory")
+-__CMPXCHG_CASE(w, , rel_4, l, "memory")
+-__CMPXCHG_CASE(x, , rel_8, l, "memory")
+-__CMPXCHG_CASE(w, b, mb_1, al, "memory")
+-__CMPXCHG_CASE(w, h, mb_2, al, "memory")
+-__CMPXCHG_CASE(w, , mb_4, al, "memory")
+-__CMPXCHG_CASE(x, , mb_8, al, "memory")
++__CMPXCHG_CASE(w, b, , 8, )
++__CMPXCHG_CASE(w, h, , 16, )
++__CMPXCHG_CASE(w, , , 32, )
++__CMPXCHG_CASE(x, , , 64, )
++__CMPXCHG_CASE(w, b, acq_, 8, a, "memory")
++__CMPXCHG_CASE(w, h, acq_, 16, a, "memory")
++__CMPXCHG_CASE(w, , acq_, 32, a, "memory")
++__CMPXCHG_CASE(x, , acq_, 64, a, "memory")
++__CMPXCHG_CASE(w, b, rel_, 8, l, "memory")
++__CMPXCHG_CASE(w, h, rel_, 16, l, "memory")
++__CMPXCHG_CASE(w, , rel_, 32, l, "memory")
++__CMPXCHG_CASE(x, , rel_, 64, l, "memory")
++__CMPXCHG_CASE(w, b, mb_, 8, al, "memory")
++__CMPXCHG_CASE(w, h, mb_, 16, al, "memory")
++__CMPXCHG_CASE(w, , mb_, 32, al, "memory")
++__CMPXCHG_CASE(x, , mb_, 64, al, "memory")
+
+ #undef __LL_SC_CMPXCHG
+ #undef __CMPXCHG_CASE
+diff --git a/arch/arm64/include/asm/cmpxchg.h b/arch/arm64/include/asm/cmpxchg.h
+index d8b01c7c9cd3..94ccb3bfbd61 100644
+--- a/arch/arm64/include/asm/cmpxchg.h
++++ b/arch/arm64/include/asm/cmpxchg.h
+@@ -30,46 +30,46 @@
+ * barrier case is generated as release+dmb for the former and
+ * acquire+release for the latter.
+ */
+-#define __XCHG_CASE(w, sz, name, mb, nop_lse, acq, acq_lse, rel, cl) \
+-static inline unsigned long __xchg_case_##name(unsigned long x, \
+- volatile void *ptr) \
+-{ \
+- unsigned long ret, tmp; \
+- \
+- asm volatile(ARM64_LSE_ATOMIC_INSN( \
+- /* LL/SC */ \
+- " prfm pstl1strm, %2\n" \
+- "1: ld" #acq "xr" #sz "\t%" #w "0, %2\n" \
+- " st" #rel "xr" #sz "\t%w1, %" #w "3, %2\n" \
+- " cbnz %w1, 1b\n" \
+- " " #mb, \
+- /* LSE atomics */ \
+- " swp" #acq_lse #rel #sz "\t%" #w "3, %" #w "0, %2\n" \
+- __nops(3) \
+- " " #nop_lse) \
+- : "=&r" (ret), "=&r" (tmp), "+Q" (*(unsigned long *)ptr) \
+- : "r" (x) \
+- : cl); \
+- \
+- return ret; \
++#define __XCHG_CASE(w, sfx, name, sz, mb, nop_lse, acq, acq_lse, rel, cl) \
++static inline u##sz __xchg_case_##name##sz(u##sz x, volatile void *ptr) \
++{ \
++ u##sz ret; \
++ unsigned long tmp; \
++ \
++ asm volatile(ARM64_LSE_ATOMIC_INSN( \
++ /* LL/SC */ \
++ " prfm pstl1strm, %2\n" \
++ "1: ld" #acq "xr" #sfx "\t%" #w "0, %2\n" \
++ " st" #rel "xr" #sfx "\t%w1, %" #w "3, %2\n" \
++ " cbnz %w1, 1b\n" \
++ " " #mb, \
++ /* LSE atomics */ \
++ " swp" #acq_lse #rel #sfx "\t%" #w "3, %" #w "0, %2\n" \
++ __nops(3) \
++ " " #nop_lse) \
++ : "=&r" (ret), "=&r" (tmp), "+Q" (*(u##sz *)ptr) \
++ : "r" (x) \
++ : cl); \
++ \
++ return ret; \
+ }
+
+-__XCHG_CASE(w, b, 1, , , , , , )
+-__XCHG_CASE(w, h, 2, , , , , , )
+-__XCHG_CASE(w, , 4, , , , , , )
+-__XCHG_CASE( , , 8, , , , , , )
+-__XCHG_CASE(w, b, acq_1, , , a, a, , "memory")
+-__XCHG_CASE(w, h, acq_2, , , a, a, , "memory")
+-__XCHG_CASE(w, , acq_4, , , a, a, , "memory")
+-__XCHG_CASE( , , acq_8, , , a, a, , "memory")
+-__XCHG_CASE(w, b, rel_1, , , , , l, "memory")
+-__XCHG_CASE(w, h, rel_2, , , , , l, "memory")
+-__XCHG_CASE(w, , rel_4, , , , , l, "memory")
+-__XCHG_CASE( , , rel_8, , , , , l, "memory")
+-__XCHG_CASE(w, b, mb_1, dmb ish, nop, , a, l, "memory")
+-__XCHG_CASE(w, h, mb_2, dmb ish, nop, , a, l, "memory")
+-__XCHG_CASE(w, , mb_4, dmb ish, nop, , a, l, "memory")
+-__XCHG_CASE( , , mb_8, dmb ish, nop, , a, l, "memory")
++__XCHG_CASE(w, b, , 8, , , , , , )
++__XCHG_CASE(w, h, , 16, , , , , , )
++__XCHG_CASE(w, , , 32, , , , , , )
++__XCHG_CASE( , , , 64, , , , , , )
++__XCHG_CASE(w, b, acq_, 8, , , a, a, , "memory")
++__XCHG_CASE(w, h, acq_, 16, , , a, a, , "memory")
++__XCHG_CASE(w, , acq_, 32, , , a, a, , "memory")
++__XCHG_CASE( , , acq_, 64, , , a, a, , "memory")
++__XCHG_CASE(w, b, rel_, 8, , , , , l, "memory")
++__XCHG_CASE(w, h, rel_, 16, , , , , l, "memory")
++__XCHG_CASE(w, , rel_, 32, , , , , l, "memory")
++__XCHG_CASE( , , rel_, 64, , , , , l, "memory")
++__XCHG_CASE(w, b, mb_, 8, dmb ish, nop, , a, l, "memory")
++__XCHG_CASE(w, h, mb_, 16, dmb ish, nop, , a, l, "memory")
++__XCHG_CASE(w, , mb_, 32, dmb ish, nop, , a, l, "memory")
++__XCHG_CASE( , , mb_, 64, dmb ish, nop, , a, l, "memory")
+
+ #undef __XCHG_CASE
+
+@@ -80,13 +80,13 @@ static __always_inline unsigned long __xchg##sfx(unsigned long x, \
+ { \
+ switch (size) { \
+ case 1: \
+- return __xchg_case##sfx##_1(x, ptr); \
++ return __xchg_case##sfx##_8(x, ptr); \
+ case 2: \
+- return __xchg_case##sfx##_2(x, ptr); \
++ return __xchg_case##sfx##_16(x, ptr); \
+ case 4: \
+- return __xchg_case##sfx##_4(x, ptr); \
++ return __xchg_case##sfx##_32(x, ptr); \
+ case 8: \
+- return __xchg_case##sfx##_8(x, ptr); \
++ return __xchg_case##sfx##_64(x, ptr); \
+ default: \
+ BUILD_BUG(); \
+ } \
+@@ -123,13 +123,13 @@ static __always_inline unsigned long __cmpxchg##sfx(volatile void *ptr, \
+ { \
+ switch (size) { \
+ case 1: \
+- return __cmpxchg_case##sfx##_1(ptr, (u8)old, new); \
++ return __cmpxchg_case##sfx##_8(ptr, (u8)old, new); \
+ case 2: \
+- return __cmpxchg_case##sfx##_2(ptr, (u16)old, new); \
++ return __cmpxchg_case##sfx##_16(ptr, (u16)old, new); \
+ case 4: \
+- return __cmpxchg_case##sfx##_4(ptr, old, new); \
++ return __cmpxchg_case##sfx##_32(ptr, old, new); \
+ case 8: \
+- return __cmpxchg_case##sfx##_8(ptr, old, new); \
++ return __cmpxchg_case##sfx##_64(ptr, old, new); \
+ default: \
+ BUILD_BUG(); \
+ } \
+@@ -197,16 +197,16 @@ __CMPXCHG_GEN(_mb)
+ __ret; \
+ })
+
+-#define __CMPWAIT_CASE(w, sz, name) \
+-static inline void __cmpwait_case_##name(volatile void *ptr, \
+- unsigned long val) \
++#define __CMPWAIT_CASE(w, sfx, sz) \
++static inline void __cmpwait_case_##sz(volatile void *ptr, \
++ unsigned long val) \
+ { \
+ unsigned long tmp; \
+ \
+ asm volatile( \
+ " sevl\n" \
+ " wfe\n" \
+- " ldxr" #sz "\t%" #w "[tmp], %[v]\n" \
++ " ldxr" #sfx "\t%" #w "[tmp], %[v]\n" \
+ " eor %" #w "[tmp], %" #w "[tmp], %" #w "[val]\n" \
+ " cbnz %" #w "[tmp], 1f\n" \
+ " wfe\n" \
+@@ -215,10 +215,10 @@ static inline void __cmpwait_case_##name(volatile void *ptr, \
+ : [val] "r" (val)); \
+ }
+
+-__CMPWAIT_CASE(w, b, 1);
+-__CMPWAIT_CASE(w, h, 2);
+-__CMPWAIT_CASE(w, , 4);
+-__CMPWAIT_CASE( , , 8);
++__CMPWAIT_CASE(w, b, 8);
++__CMPWAIT_CASE(w, h, 16);
++__CMPWAIT_CASE(w, , 32);
++__CMPWAIT_CASE( , , 64);
+
+ #undef __CMPWAIT_CASE
+
+@@ -229,13 +229,13 @@ static __always_inline void __cmpwait##sfx(volatile void *ptr, \
+ { \
+ switch (size) { \
+ case 1: \
+- return __cmpwait_case##sfx##_1(ptr, (u8)val); \
++ return __cmpwait_case##sfx##_8(ptr, (u8)val); \
+ case 2: \
+- return __cmpwait_case##sfx##_2(ptr, (u16)val); \
++ return __cmpwait_case##sfx##_16(ptr, (u16)val); \
+ case 4: \
+- return __cmpwait_case##sfx##_4(ptr, val); \
++ return __cmpwait_case##sfx##_32(ptr, val); \
+ case 8: \
+- return __cmpwait_case##sfx##_8(ptr, val); \
++ return __cmpwait_case##sfx##_64(ptr, val); \
+ default: \
+ BUILD_BUG(); \
+ } \
+--
+2.30.1
+
diff --git a/main/linux-vanilla/0002-arm64-Use-correct-ll-sc-atomic-constraints.patch b/main/linux-vanilla/0002-arm64-Use-correct-ll-sc-atomic-constraints.patch
new file mode 100644
index 0000000000..2390c520d9
--- /dev/null
+++ b/main/linux-vanilla/0002-arm64-Use-correct-ll-sc-atomic-constraints.patch
@@ -0,0 +1,252 @@
+From 44f0d02f40ee3203fd3c6433be3407b826d94e42 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <andrew.murray@arm.com>
+Date: Wed, 28 Aug 2019 18:50:06 +0100
+Subject: [PATCH 2/2] arm64: Use correct ll/sc atomic constraints
+
+The A64 ISA accepts distinct (but overlapping) ranges of immediates for:
+
+ * add arithmetic instructions ('I' machine constraint)
+ * sub arithmetic instructions ('J' machine constraint)
+ * 32-bit logical instructions ('K' machine constraint)
+ * 64-bit logical instructions ('L' machine constraint)
+
+... but we currently use the 'I' constraint for many atomic operations
+using sub or logical instructions, which is not always valid.
+
+When CONFIG_ARM64_LSE_ATOMICS is not set, this allows invalid immediates
+to be passed to instructions, potentially resulting in a build failure.
+When CONFIG_ARM64_LSE_ATOMICS is selected the out-of-line ll/sc atomics
+always use a register as they have no visibility of the value passed by
+the caller.
+
+This patch adds a constraint parameter to the ATOMIC_xx and
+__CMPXCHG_CASE macros so that we can pass appropriate constraints for
+each case, with uses updated accordingly.
+
+Unfortunately prior to GCC 8.1.0 the 'K' constraint erroneously accepted
+'4294967295', so we must instead force the use of a register.
+
+Signed-off-by: Andrew Murray <andrew.murray@arm.com>
+Signed-off-by: Will Deacon <will@kernel.org>
+(cherry picked from commit 580fa1b874711d633f9b145b7777b0e83ebf3787)
+---
+ arch/arm64/include/asm/atomic_ll_sc.h | 89 ++++++++++++++-------------
+ 1 file changed, 47 insertions(+), 42 deletions(-)
+
+diff --git a/arch/arm64/include/asm/atomic_ll_sc.h b/arch/arm64/include/asm/atomic_ll_sc.h
+index f02d3bf7b9e6..1cc42441bc67 100644
+--- a/arch/arm64/include/asm/atomic_ll_sc.h
++++ b/arch/arm64/include/asm/atomic_ll_sc.h
+@@ -37,7 +37,7 @@
+ * (the optimize attribute silently ignores these options).
+ */
+
+-#define ATOMIC_OP(op, asm_op) \
++#define ATOMIC_OP(op, asm_op, constraint) \
+ __LL_SC_INLINE void \
+ __LL_SC_PREFIX(atomic_##op(int i, atomic_t *v)) \
+ { \
+@@ -51,11 +51,11 @@ __LL_SC_PREFIX(atomic_##op(int i, atomic_t *v)) \
+ " stxr %w1, %w0, %2\n" \
+ " cbnz %w1, 1b" \
+ : "=&r" (result), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i)); \
++ : #constraint "r" (i)); \
+ } \
+ __LL_SC_EXPORT(atomic_##op);
+
+-#define ATOMIC_OP_RETURN(name, mb, acq, rel, cl, op, asm_op) \
++#define ATOMIC_OP_RETURN(name, mb, acq, rel, cl, op, asm_op, constraint)\
+ __LL_SC_INLINE int \
+ __LL_SC_PREFIX(atomic_##op##_return##name(int i, atomic_t *v)) \
+ { \
+@@ -70,14 +70,14 @@ __LL_SC_PREFIX(atomic_##op##_return##name(int i, atomic_t *v)) \
+ " cbnz %w1, 1b\n" \
+ " " #mb \
+ : "=&r" (result), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i) \
++ : #constraint "r" (i) \
+ : cl); \
+ \
+ return result; \
+ } \
+ __LL_SC_EXPORT(atomic_##op##_return##name);
+
+-#define ATOMIC_FETCH_OP(name, mb, acq, rel, cl, op, asm_op) \
++#define ATOMIC_FETCH_OP(name, mb, acq, rel, cl, op, asm_op, constraint) \
+ __LL_SC_INLINE int \
+ __LL_SC_PREFIX(atomic_fetch_##op##name(int i, atomic_t *v)) \
+ { \
+@@ -92,7 +92,7 @@ __LL_SC_PREFIX(atomic_fetch_##op##name(int i, atomic_t *v)) \
+ " cbnz %w2, 1b\n" \
+ " " #mb \
+ : "=&r" (result), "=&r" (val), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i) \
++ : #constraint "r" (i) \
+ : cl); \
+ \
+ return result; \
+@@ -110,8 +110,8 @@ __LL_SC_EXPORT(atomic_fetch_##op##name);
+ ATOMIC_FETCH_OP (_acquire, , a, , "memory", __VA_ARGS__)\
+ ATOMIC_FETCH_OP (_release, , , l, "memory", __VA_ARGS__)
+
+-ATOMIC_OPS(add, add)
+-ATOMIC_OPS(sub, sub)
++ATOMIC_OPS(add, add, I)
++ATOMIC_OPS(sub, sub, J)
+
+ #undef ATOMIC_OPS
+ #define ATOMIC_OPS(...) \
+@@ -121,17 +121,17 @@ ATOMIC_OPS(sub, sub)
+ ATOMIC_FETCH_OP (_acquire, , a, , "memory", __VA_ARGS__)\
+ ATOMIC_FETCH_OP (_release, , , l, "memory", __VA_ARGS__)
+
+-ATOMIC_OPS(and, and)
+-ATOMIC_OPS(andnot, bic)
+-ATOMIC_OPS(or, orr)
+-ATOMIC_OPS(xor, eor)
++ATOMIC_OPS(and, and, )
++ATOMIC_OPS(andnot, bic, )
++ATOMIC_OPS(or, orr, )
++ATOMIC_OPS(xor, eor, )
+
+ #undef ATOMIC_OPS
+ #undef ATOMIC_FETCH_OP
+ #undef ATOMIC_OP_RETURN
+ #undef ATOMIC_OP
+
+-#define ATOMIC64_OP(op, asm_op) \
++#define ATOMIC64_OP(op, asm_op, constraint) \
+ __LL_SC_INLINE void \
+ __LL_SC_PREFIX(atomic64_##op(long i, atomic64_t *v)) \
+ { \
+@@ -145,11 +145,11 @@ __LL_SC_PREFIX(atomic64_##op(long i, atomic64_t *v)) \
+ " stxr %w1, %0, %2\n" \
+ " cbnz %w1, 1b" \
+ : "=&r" (result), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i)); \
++ : #constraint "r" (i)); \
+ } \
+ __LL_SC_EXPORT(atomic64_##op);
+
+-#define ATOMIC64_OP_RETURN(name, mb, acq, rel, cl, op, asm_op) \
++#define ATOMIC64_OP_RETURN(name, mb, acq, rel, cl, op, asm_op, constraint)\
+ __LL_SC_INLINE long \
+ __LL_SC_PREFIX(atomic64_##op##_return##name(long i, atomic64_t *v)) \
+ { \
+@@ -164,14 +164,14 @@ __LL_SC_PREFIX(atomic64_##op##_return##name(long i, atomic64_t *v)) \
+ " cbnz %w1, 1b\n" \
+ " " #mb \
+ : "=&r" (result), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i) \
++ : #constraint "r" (i) \
+ : cl); \
+ \
+ return result; \
+ } \
+ __LL_SC_EXPORT(atomic64_##op##_return##name);
+
+-#define ATOMIC64_FETCH_OP(name, mb, acq, rel, cl, op, asm_op) \
++#define ATOMIC64_FETCH_OP(name, mb, acq, rel, cl, op, asm_op, constraint)\
+ __LL_SC_INLINE long \
+ __LL_SC_PREFIX(atomic64_fetch_##op##name(long i, atomic64_t *v)) \
+ { \
+@@ -186,7 +186,7 @@ __LL_SC_PREFIX(atomic64_fetch_##op##name(long i, atomic64_t *v)) \
+ " cbnz %w2, 1b\n" \
+ " " #mb \
+ : "=&r" (result), "=&r" (val), "=&r" (tmp), "+Q" (v->counter) \
+- : "Ir" (i) \
++ : #constraint "r" (i) \
+ : cl); \
+ \
+ return result; \
+@@ -204,8 +204,8 @@ __LL_SC_EXPORT(atomic64_fetch_##op##name);
+ ATOMIC64_FETCH_OP (_acquire,, a, , "memory", __VA_ARGS__) \
+ ATOMIC64_FETCH_OP (_release,, , l, "memory", __VA_ARGS__)
+
+-ATOMIC64_OPS(add, add)
+-ATOMIC64_OPS(sub, sub)
++ATOMIC64_OPS(add, add, I)
++ATOMIC64_OPS(sub, sub, J)
+
+ #undef ATOMIC64_OPS
+ #define ATOMIC64_OPS(...) \
+@@ -215,10 +215,10 @@ ATOMIC64_OPS(sub, sub)
+ ATOMIC64_FETCH_OP (_acquire,, a, , "memory", __VA_ARGS__) \
+ ATOMIC64_FETCH_OP (_release,, , l, "memory", __VA_ARGS__)
+
+-ATOMIC64_OPS(and, and)
+-ATOMIC64_OPS(andnot, bic)
+-ATOMIC64_OPS(or, orr)
+-ATOMIC64_OPS(xor, eor)
++ATOMIC64_OPS(and, and, L)
++ATOMIC64_OPS(andnot, bic, )
++ATOMIC64_OPS(or, orr, L)
++ATOMIC64_OPS(xor, eor, L)
+
+ #undef ATOMIC64_OPS
+ #undef ATOMIC64_FETCH_OP
+@@ -248,7 +248,7 @@ __LL_SC_PREFIX(atomic64_dec_if_positive(atomic64_t *v))
+ }
+ __LL_SC_EXPORT(atomic64_dec_if_positive);
+
+-#define __CMPXCHG_CASE(w, sfx, name, sz, mb, acq, rel, cl) \
++#define __CMPXCHG_CASE(w, sfx, name, sz, mb, acq, rel, cl, constraint) \
+ __LL_SC_INLINE u##sz \
+ __LL_SC_PREFIX(__cmpxchg_case_##name##sz(volatile void *ptr, \
+ unsigned long old, \
+@@ -268,29 +268,34 @@ __LL_SC_PREFIX(__cmpxchg_case_##name##sz(volatile void *ptr, \
+ "2:" \
+ : [tmp] "=&r" (tmp), [oldval] "=&r" (oldval), \
+ [v] "+Q" (*(u##sz *)ptr) \
+- : [old] "Lr" (old), [new] "r" (new) \
++ : [old] #constraint "r" (old), [new] "r" (new) \
+ : cl); \
+ \
+ return oldval; \
+ } \
+ __LL_SC_EXPORT(__cmpxchg_case_##name##sz);
+
+-__CMPXCHG_CASE(w, b, , 8, , , , )
+-__CMPXCHG_CASE(w, h, , 16, , , , )
+-__CMPXCHG_CASE(w, , , 32, , , , )
+-__CMPXCHG_CASE( , , , 64, , , , )
+-__CMPXCHG_CASE(w, b, acq_, 8, , a, , "memory")
+-__CMPXCHG_CASE(w, h, acq_, 16, , a, , "memory")
+-__CMPXCHG_CASE(w, , acq_, 32, , a, , "memory")
+-__CMPXCHG_CASE( , , acq_, 64, , a, , "memory")
+-__CMPXCHG_CASE(w, b, rel_, 8, , , l, "memory")
+-__CMPXCHG_CASE(w, h, rel_, 16, , , l, "memory")
+-__CMPXCHG_CASE(w, , rel_, 32, , , l, "memory")
+-__CMPXCHG_CASE( , , rel_, 64, , , l, "memory")
+-__CMPXCHG_CASE(w, b, mb_, 8, dmb ish, , l, "memory")
+-__CMPXCHG_CASE(w, h, mb_, 16, dmb ish, , l, "memory")
+-__CMPXCHG_CASE(w, , mb_, 32, dmb ish, , l, "memory")
+-__CMPXCHG_CASE( , , mb_, 64, dmb ish, , l, "memory")
++/*
++ * Earlier versions of GCC (no later than 8.1.0) appear to incorrectly
++ * handle the 'K' constraint for the value 4294967295 - thus we use no
++ * constraint for 32 bit operations.
++ */
++__CMPXCHG_CASE(w, b, , 8, , , , , )
++__CMPXCHG_CASE(w, h, , 16, , , , , )
++__CMPXCHG_CASE(w, , , 32, , , , , )
++__CMPXCHG_CASE( , , , 64, , , , , L)
++__CMPXCHG_CASE(w, b, acq_, 8, , a, , "memory", )
++__CMPXCHG_CASE(w, h, acq_, 16, , a, , "memory", )
++__CMPXCHG_CASE(w, , acq_, 32, , a, , "memory", )
++__CMPXCHG_CASE( , , acq_, 64, , a, , "memory", L)
++__CMPXCHG_CASE(w, b, rel_, 8, , , l, "memory", )
++__CMPXCHG_CASE(w, h, rel_, 16, , , l, "memory", )
++__CMPXCHG_CASE(w, , rel_, 32, , , l, "memory", )
++__CMPXCHG_CASE( , , rel_, 64, , , l, "memory", L)
++__CMPXCHG_CASE(w, b, mb_, 8, dmb ish, , l, "memory", )
++__CMPXCHG_CASE(w, h, mb_, 16, dmb ish, , l, "memory", )
++__CMPXCHG_CASE(w, , mb_, 32, dmb ish, , l, "memory", )
++__CMPXCHG_CASE( , , mb_, 64, dmb ish, , l, "memory", L)
+
+ #undef __CMPXCHG_CASE
+
+--
+2.30.1
+
diff --git a/main/linux-vanilla/APKBUILD b/main/linux-vanilla/APKBUILD
index 1639007187..c107d5510e 100644
--- a/main/linux-vanilla/APKBUILD
+++ b/main/linux-vanilla/APKBUILD
@@ -2,7 +2,7 @@
_flavor=vanilla
pkgname=linux-${_flavor}
-pkgver=4.19.118
+pkgver=4.19.176
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
@@ -17,6 +17,9 @@ options="!strip"
_config=${config:-config-vanilla.${CARCH}}
install=
source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
+ 0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch
+ 0002-arm64-Use-correct-ll-sc-atomic-constraints.patch
+
config-vanilla.aarch64
config-vanilla.armhf
config-vanilla.armv7
@@ -228,14 +231,16 @@ _dev() {
}
sha512sums="ab67cc746b375a8b135e8b23e35e1d6787930d19b3c26b2679787d62951cbdbc3bb66f8ededeb9b890e5008b2459397f9018f1a6772fdef67780b06a4cb9f6f4 linux-4.19.tar.xz
-865231541bc54858a1a37b8106701fa7efdf09d2c67a2a62395c19a22d321f9b491b8added3aad391f92b885533ab90415b803c6f21a89cfc3d1da9a95cf31f2 config-vanilla.aarch64
+b6ca08d280358402f39e184ca4670e7f0216a8129ad54128ca92b3a8b0c1ac3ef04fa1a0ddbf0aee5f9a94ec4607e1e1f0e14d7684416fd04b0552b2aa39f986 0001-arm64-Avoid-redundant-type-conversions-in-xchg-and-c.patch
+2387d6abd2947a2aa8da51dce8b0eeb432b30ed6e7e26e43e6851011aa5a3a784d8a78cf09dfad9598cfd9608e1b722708787730f0714fa734acd87e0f0df82d 0002-arm64-Use-correct-ll-sc-atomic-constraints.patch
+0371a31ff6af76824bc443a253ebfad7594121a2081c94029fa60db3ac34057da1bc5ea9c2be647fd71732a4303c8e20981091e9b88e518b50f6f14baef8f141 config-vanilla.aarch64
60d58456547437829df739d0a58e0ae4b716d877e5e0b6512a5e60d0a2fba8c5adf14ef8f89c0dcb371d66e32a90796926be1cf6dd32779084796e071e5c1fd0 config-vanilla.armhf
60d58456547437829df739d0a58e0ae4b716d877e5e0b6512a5e60d0a2fba8c5adf14ef8f89c0dcb371d66e32a90796926be1cf6dd32779084796e071e5c1fd0 config-vanilla.armv7
e835acb24d8b395cfd29a7f1af1510df097d8a2315558ddd6f7eba7490f9763afbc64d2a9a084a367d53bce911413d603e577e957bcbf4e4a1066e57a51e6d70 config-vanilla.x86
ecbc5b5e2cc4b81a881cd543bc57ea691fc8600dc52d465085912c31d271c9a0e39926c1a06843706ad8907c147b7dbcb3b5324aaf4b9139baa61e51f1e6930a config-vanilla.x86_64
a805810bab50a5850248ae15f01cdadcf227cc808af472bc58e0c18305d1659e2e6f3796710beb22388dc5ea293e3cf4293daafa869e807dfe021710d7828e42 config-vanilla.ppc64le
cffd64189ec33ca8a93f81252d718a1f6699ca45e169315f91dba6ff3342d6c5fed20834a879f702f63afa76545a29bc27b1c4f368f1fbcc23d0ca7de0dc1b64 config-vanilla.s390x
-d2951cf4a4557512c5a10c9f3a3b0b7405e18fbe86684024dc2e7a54658f3474d6a188d314bc582dd50310b7a1f7218bfde4771b22033cddb63983836e4788e4 config-virt.aarch64
+9709525ae51b3bade186c64897f93e2fe90d878e5d94605320a9cc747b8a0e3164ecf6143c929d5be161648476bb36bdd7a371f7221ca9bf96f8d3f4e79b872d config-virt.aarch64
ee0dcae6e6f0db5342ce21fa4dd78acc417045a84d9758a7e6650d3bed5b4b304eea57b5d3e0a1109d04f79d02e9e7f4c9a69268d477ea6c4435df092cda8119 config-virt.x86
c2b17dbc82c3f995bb32428f42f63ab3f537289b6fd4d0395dc5112273636a1dbba9547f66a75e9e0773713e09c514148ddd3e1a216475b862295318861cfdf1 config-virt.x86_64
-55d9cf9dc2fe87ea0cb788a7c9abc71307be1b2420cd446e4281634c1fbb077510da2f067c12094f6c38c87bad26a39dd1d553e4afc9b73baa6a0ffa18eaafd2 patch-4.19.118.xz"
+9bb51df1822242aee8340b8d54b5d1eb9bab8c0fff37a5b671f2ab7d10e5b3f1bd9f6a7e13af600434cc406a42b6638a5659cc056917c44a158bf243b5383146 patch-4.19.176.xz"
diff --git a/main/linux-vanilla/config-vanilla.aarch64 b/main/linux-vanilla/config-vanilla.aarch64
index 5ef9347f8d..df9042d3bd 100644
--- a/main/linux-vanilla/config-vanilla.aarch64
+++ b/main/linux-vanilla/config-vanilla.aarch64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.19.118 Kernel Configuration
+# Linux/arm64 4.19.176 Kernel Configuration
#
#
@@ -378,6 +378,7 @@ CONFIG_ARM64_ERRATUM_845719=y
CONFIG_ARM64_ERRATUM_843419=y
CONFIG_ARM64_ERRATUM_1024718=y
CONFIG_ARM64_ERRATUM_1463225=y
+CONFIG_ARM64_ERRATUM_1542419=y
CONFIG_CAVIUM_ERRATUM_22375=y
CONFIG_CAVIUM_ERRATUM_23144=y
CONFIG_CAVIUM_ERRATUM_23154=y
@@ -2153,7 +2154,6 @@ CONFIG_BLK_DEV_SD=m
CONFIG_CHR_DEV_ST=m
CONFIG_CHR_DEV_OSST=m
CONFIG_BLK_DEV_SR=m
-CONFIG_BLK_DEV_SR_VENDOR=y
CONFIG_CHR_DEV_SG=m
CONFIG_CHR_DEV_SCH=m
CONFIG_SCSI_ENCLOSURE=m
@@ -3830,6 +3830,7 @@ CONFIG_SPI_SPIDEV=m
# CONFIG_SPI_LOOPBACK_TEST is not set
CONFIG_SPI_TLE62X0=m
# CONFIG_SPI_SLAVE is not set
+CONFIG_SPI_DYNAMIC=y
# CONFIG_SPMI is not set
# CONFIG_HSI is not set
CONFIG_PPS=y
@@ -5990,7 +5991,6 @@ CONFIG_USB_IDMOUSE=m
CONFIG_USB_FTDI_ELAN=m
# CONFIG_USB_APPLEDISPLAY is not set
CONFIG_USB_SISUSBVGA=m
-CONFIG_USB_SISUSBVGA_CON=y
CONFIG_USB_LD=m
# CONFIG_USB_TRANCEVIBRATOR is not set
CONFIG_USB_IOWARRIOR=m
@@ -6599,6 +6599,8 @@ CONFIG_TIMER_OF=y
CONFIG_TIMER_ACPI=y
CONFIG_TIMER_PROBE=y
CONFIG_CLKSRC_MMIO=y
+CONFIG_DW_APB_TIMER=y
+CONFIG_DW_APB_TIMER_OF=y
CONFIG_ROCKCHIP_TIMER=y
CONFIG_ARM_ARCH_TIMER=y
CONFIG_ARM_ARCH_TIMER_EVTSTREAM=y
@@ -7740,6 +7742,7 @@ CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_STACK_TRACER is not set
# CONFIG_BLK_DEV_IO_TRACE is not set
CONFIG_KPROBE_EVENTS=y
+# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set
CONFIG_UPROBE_EVENTS=y
CONFIG_PROBE_EVENTS=y
CONFIG_DYNAMIC_FTRACE=y
diff --git a/main/linux-vanilla/config-virt.aarch64 b/main/linux-vanilla/config-virt.aarch64
index 8cb928b1f2..36ead24c36 100644
--- a/main/linux-vanilla/config-virt.aarch64
+++ b/main/linux-vanilla/config-virt.aarch64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.19.118 Kernel Configuration
+# Linux/arm64 4.19.176 Kernel Configuration
#
#
@@ -361,6 +361,7 @@ CONFIG_ARM64_ERRATUM_834220=y
CONFIG_ARM64_ERRATUM_843419=y
CONFIG_ARM64_ERRATUM_1024718=y
CONFIG_ARM64_ERRATUM_1463225=y
+CONFIG_ARM64_ERRATUM_1542419=y
CONFIG_CAVIUM_ERRATUM_22375=y
CONFIG_CAVIUM_ERRATUM_23144=y
CONFIG_CAVIUM_ERRATUM_23154=y
@@ -1849,7 +1850,6 @@ CONFIG_BLK_DEV_SD=m
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
CONFIG_BLK_DEV_SR=m
-# CONFIG_BLK_DEV_SR_VENDOR is not set
CONFIG_CHR_DEV_SG=m
# CONFIG_CHR_DEV_SCH is not set
# CONFIG_SCSI_CONSTANTS is not set
diff --git a/main/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch b/main/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch
new file mode 100644
index 0000000000..95c56cc071
--- /dev/null
+++ b/main/mariadb/0001-stacktrace-t.c-make-the-test-conditional.patch
@@ -0,0 +1,36 @@
+From 966cbeb309f867ff4ac8e7f4462be4780e421700 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Mon, 25 Jan 2021 19:01:06 -0800
+Subject: [PATCH] stacktrace-t.c: make the test conditional
+
+Fixes:
+/prj/tmp/work/cortexa57-poky-linux-musl/mariadb/10.5.8-r0/recipe-sysroot-native/usr/bin/aarch64-poky-linux-musl/../../libexec/aarch64-poky-linux-musl/gcc/aarch64-poky-linux-musl/10.2.0/ld.bfd: /usr/src/debug/mariadb/10.5.8-r0/mariadb-10.5.8/unittest/mysys/stacktrace-t.c:36: undefined reference to `my_safe_print_str'
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ unittest/mysys/stacktrace-t.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/unittest/mysys/stacktrace-t.c b/unittest/mysys/stacktrace-t.c
+index 8fa0db15b36..d8408f80d76 100644
+--- a/unittest/mysys/stacktrace-t.c
++++ b/unittest/mysys/stacktrace-t.c
+@@ -29,6 +29,7 @@ void test_my_safe_print_str()
+ memcpy(b_stack, "LEGAL", 6);
+ memcpy(b_bss, "LEGAL", 6);
+
++#ifdef HAVE_STACKTRACE
+ #ifndef __SANITIZE_ADDRESS__
+ fprintf(stderr, "\n===== stack =====\n");
+ my_safe_print_str(b_stack, 65535);
+@@ -48,6 +49,7 @@ void test_my_safe_print_str()
+ fprintf(stderr, "\n===== (const char*) 1 =====\n");
+ my_safe_print_str((const char*)1, 5);
+ #endif /*__SANITIZE_ADDRESS__*/
++#endif /*HAVE_STACKTRACE*/
+
+ free(b_heap);
+
+--
+2.17.1
+
diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD
index cc3cc2ba7b..f47f3f529d 100644
--- a/main/mariadb/APKBUILD
+++ b/main/mariadb/APKBUILD
@@ -6,7 +6,7 @@
# Contributor: Marcel Haazen <marcel@haazen.xyz>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb
-pkgver=10.3.25
+pkgver=10.3.27
pkgrel=0
pkgdesc="A fast SQL database server"
url="https://www.mariadb.org/"
@@ -40,16 +40,21 @@ fi
source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz
$pkgname.initd
- fix-c11-atomics-check.patch
ppc-remove-glibc-dep.patch
pcre.cmake.patch
- disable-failing-test.patch
+ 0001-stacktrace-t.c-make-the-test-conditional.patch
"
# dbug test fails under rootbld
#options="!check"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 10.3.27-r0:
+# - CVE-2020-14765
+# - CVE-2020-14776
+# - CVE-2020-14789
+# - CVE-2020-14812
+# - CVE-2020-28912
# 10.3.25-r0:
# - CVE-2020-15180
# 10.3.23-r0:
@@ -443,9 +448,8 @@ _plugin_rocksdb() {
"$subpkgdir"/usr/lib/mariadb/plugin/ha_rocksdb.so
}
-sha512sums="9504e401db3b65b2b2bd4d3c91a468d357e82fdafbf90d54539a291e46570c2bed66ae047b17b9da95e925f8970fa048d329ba06c2dd6de7d46d5a0f2aad1f4d mariadb-10.3.25.tar.gz
+sha512sums="1ebfdfa3ef6e13e92615ac2fb6995362ca60fe78f57ff3cf9e384517f95eaf4c701e60fe0977b1eee73889cdfe3367720da9a9bae3dd1a09a4558114ba593369 mariadb-10.3.27.tar.gz
c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd
-ecfea6503edd301bb628e2a44f36315079efa70e7615ff06b27714397332034f02e68ef40d4d5c761942e024ed1993621127c9df80b7e2327c68b1d839a7a322 fix-c11-atomics-check.patch
e9ae4613f1d8c5f0a59b39a3548c46e50674ae78e7457d0e64c49f7e1573125c13634bbce7e29179bb8865a423171f852f43b96f7ef95619a95f02edcfc71efd ppc-remove-glibc-dep.patch
70da971aa78815495098205bcbd28428430aa83c3f1050fec0231ca86af9d9def2d2108a48ee08d86812c8dc5ad8ab1ef4e17a49b4936ed5187ae0f6a7ef8f63 pcre.cmake.patch
-0f5f2147e80b21abe65ccdee72b7d820ea1459112802e44f63d00d9247704d6a5562fce146a255e02f7367bc5d81cffe4e7c39758d533bf5ec9a6544a2a25738 disable-failing-test.patch"
+7d92d0ddf95632a04f50f020aaefa0b66a198d2c1e5a43b7c4183dff981b5e190a759677c3a797f4c01b5ec21bbf892a305db47fdb9fb5b351d5b1b4267db74b 0001-stacktrace-t.c-make-the-test-conditional.patch"
diff --git a/main/mariadb/disable-failing-test.patch b/main/mariadb/disable-failing-test.patch
deleted file mode 100644
index 4eeac25107..0000000000
--- a/main/mariadb/disable-failing-test.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/storage/maria/unittest/CMakeLists.txt b/storage/maria/unittest/CMakeLists.txt
-index a2da150..fd04ef4 100644
---- a/storage/maria/unittest/CMakeLists.txt
-+++ b/storage/maria/unittest/CMakeLists.txt
-@@ -60,10 +60,10 @@ ADD_EXECUTABLE(ma_test_loghandler_readonly-t
- ma_test_loghandler_multigroup-t.c ma_maria_log_cleanup.c ma_loghandler_examples.c sequence_storage.c)
- MY_ADD_TEST(ma_test_loghandler_readonly)
-
--SET_TARGET_PROPERTIES(ma_test_loghandler_readonly-t PROPERTIES COMPILE_FLAGS "-DREADONLY_TEST")
--ADD_EXECUTABLE(ma_test_loghandler_nologs-t
-- ma_test_loghandler_nologs-t.c ma_maria_log_cleanup.c ma_loghandler_examples.c)
--MY_ADD_TEST(ma_test_loghandler_nologs)
-+#SET_TARGET_PROPERTIES(ma_test_loghandler_readonly-t PROPERTIES COMPILE_FLAGS "-DREADONLY_TEST")
-+#ADD_EXECUTABLE(ma_test_loghandler_nologs-t
-+# ma_test_loghandler_nologs-t.c ma_maria_log_cleanup.c ma_loghandler_examples.c)
-+#MY_ADD_TEST(ma_test_loghandler_nologs)
-
- SET(ma_pagecache_single_src ma_pagecache_single.c test_file.c test_file.h)
- SET(ma_pagecache_consist_src ma_pagecache_consist.c test_file.c test_file.h)
diff --git a/main/mariadb/fix-c11-atomics-check.patch b/main/mariadb/fix-c11-atomics-check.patch
deleted file mode 100644
index 0566cb8cea..0000000000
--- a/main/mariadb/fix-c11-atomics-check.patch
+++ /dev/null
@@ -1,67 +0,0 @@
---- a/configure.cmake
-+++ b/configure.cmake
-@@ -135,10 +135,11 @@
- IF(NOT LIBRT)
- MY_SEARCH_LIBS(clock_gettime rt LIBRT)
- ENDIF()
-+ MY_SEARCH_LIBS(__atomic_load_8 atomic LIBATOMIC)
- FIND_PACKAGE(Threads)
-
- SET(CMAKE_REQUIRED_LIBRARIES
-- ${LIBM} ${LIBNSL} ${LIBBIND} ${LIBCRYPT} ${LIBSOCKET} ${LIBDL} ${CMAKE_THREAD_LIBS_INIT} ${LIBRT} ${LIBEXECINFO})
-+ ${LIBM} ${LIBNSL} ${LIBBIND} ${LIBCRYPT} ${LIBSOCKET} ${LIBDL} ${LIBATOMIC} ${CMAKE_THREAD_LIBS_INIT} ${LIBRT} ${LIBEXECINFO})
- # Need explicit pthread for gcc -fsanitize=address
- IF(CMAKE_USE_PTHREADS_INIT AND CMAKE_C_FLAGS MATCHES "-fsanitize=")
- SET(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} pthread)
-@@ -919,14 +920,26 @@
- return 0;
- }"
- HAVE_GCC_ATOMIC_BUILTINS)
--CHECK_CXX_SOURCE_COMPILES("
-+
-+SET(MAIN__ATOMIC_LOAD_N "
- int main()
- {
- long long int var= 1;
- long long int *ptr= &var;
- return (int)__atomic_load_n(ptr, __ATOMIC_SEQ_CST);
--}"
--HAVE_GCC_C11_ATOMICS)
-+}")
-+CHECK_CXX_SOURCE_COMPILES("${MAIN__ATOMIC_LOAD_N}" HAVE_GCC_C11_ATOMICS)
-+IF(HAVE_GCC_C11_ATOMICS AND HAVE_LIBATOMIC)
-+ SET(SAVE_CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES})
-+ LIST(REMOVE_ITEM CMAKE_REQUIRED_LIBRARIES "${LIBATOMIC}")
-+ CHECK_CXX_SOURCE_COMPILES("${MAIN__ATOMIC_LOAD_N}" HAVE_GCC_C11_INLINE_ATOMICS)
-+ IF(HAVE_GCC_C11_INLINE_ATOMICS)
-+ UNSET(HAVE_LIBATOMIC)
-+ UNSET(LIBATOMIC)
-+ ELSE()
-+ SET(CMAKE_REQUIRED_LIBRARIES ${SAVE_CMAKE_REQUIRED_LIBRARIES})
-+ ENDIF()
-+ENDIF()
-
- IF(WITH_VALGRIND)
- SET(HAVE_valgrind 1)
---- a/mysys/CMakeLists.txt
-+++ b/mysys/CMakeLists.txt
-@@ -75,7 +75,7 @@
-
- ADD_CONVENIENCE_LIBRARY(mysys ${MYSYS_SOURCES})
- TARGET_LINK_LIBRARIES(mysys dbug strings ${ZLIB_LIBRARY}
-- ${LIBNSL} ${LIBM} ${LIBRT} ${LIBDL} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY})
-+ ${LIBNSL} ${LIBM} ${LIBRT} ${LIBDL} ${LIBATOMIC} ${LIBSOCKET} ${LIBEXECINFO} ${CRC32_LIBRARY})
- DTRACE_INSTRUMENT(mysys)
-
- IF(HAVE_BFD_H)
---- a/storage/rocksdb/build_rocksdb.cmake
-+++ b/storage/rocksdb/build_rocksdb.cmake
-@@ -162,7 +162,7 @@
- if(WIN32)
- set(SYSTEM_LIBS ${SYSTEM_LIBS} Shlwapi.lib Rpcrt4.lib)
- else()
-- set(SYSTEM_LIBS ${CMAKE_THREAD_LIBS_INIT} ${LIBRT} ${LIBDL})
-+ set(SYSTEM_LIBS ${LIBATOMIC} ${CMAKE_THREAD_LIBS_INIT} ${LIBRT} ${LIBDL})
- endif()
-
- set(ROCKSDB_LIBS rocksdblib})
diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD
index 19e80ed7d5..e5c439a31d 100644
--- a/main/nodejs/APKBUILD
+++ b/main/nodejs/APKBUILD
@@ -6,6 +6,8 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 10.24.1-r0:
+# - CVE-2020-7774
# 10.19.0-r0:
# - CVE-2019-15606
# - CVE-2019-15605
@@ -48,14 +50,13 @@
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
-pkgver=10.19.0
+pkgver=10.24.1
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !mips64 !mips64el"
license="MIT"
depends="ca-certificates"
-depends_dev="libuv"
# gold is needed for mksnapshot
makedepends="$depends_dev python2 openssl-dev zlib-dev libuv-dev linux-headers
paxmark binutils-gold http-parser-dev ca-certificates c-ares-dev"
@@ -72,7 +73,7 @@ prepare() {
default_prepare
# Remove bundled dependencies that we're not using.
- rm -rf deps/http_parser deps/openssl deps/uv deps/zlib
+ rm -rf deps/http_parser deps/openssl deps/zlib
}
build() {
@@ -82,10 +83,13 @@ build() {
mips*) _carchflags="--with-mips-arch-variant=r1 --with-mips-float-abi=soft";;
esac
+ # NOTE: We use bundled libuv because they don't care much about backward
+ # compatibility and it has happened several times in past that we
+ # couldn't upgrade nodejs package in stable branches to fix CVEs due to
+ # libuv incompatibility.
./configure --prefix=/usr \
$_carchflags \
--shared-zlib \
- --shared-libuv \
--shared-openssl \
--shared-http-parser \
--shared-cares \
@@ -149,6 +153,6 @@ npm() {
mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
}
-sha512sums="59f584e27dfd99453a031722ca3e094d658a90e77316a85a7048868fe6a6164b8aef0f03b60cbe681ace273d902434210bf3cd10a638583b74264d8b42bf2565 node-v10.19.0.tar.gz
-9d09a88074bf0093f35c5b610e73ebf4c5381df2a2b29feb69da1af0b18776a683b13f1276375bbcfc60936cc27769539e1f01b4ba94b22cad2d5f4daae14c46 dont-run-gyp-files-for-bundled-deps.patch
+sha512sums="1ce82fd404a434e48ebd16dc83792a4b3cff18433c1cce53b09b85dda2fbf1abf372574e3ab113e99c884012caadc13b246698ce071aaa329577bc08cdc2be46 node-v10.24.1.tar.gz
+c27cb338eea8c817042d58b8fbadc234fb586f490020677f28f900ade31d2f4dd7bcdd4e52fddf209d9221b7e1fa57f629bd38787456995413cee79311f9571f dont-run-gyp-files-for-bundled-deps.patch
4fd3f10bd82d1e851ed000169c2635c001a4a051283edf96f1efb2260e2d395199dd5843f79f1cff8f2c0c65462c44241c508ea67835dfbd9880d9196fae290a link-with-libatomic-on-mips32.patch"
diff --git a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
index ace84fbdef..2c2ebe2221 100644
--- a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
+++ b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
@@ -15,7 +15,7 @@ Node.js 7.2.0
-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
-+out/Makefile: common.gypi deps/v8/gypfiles/toolchain.gypi \
++out/Makefile: common.gypi deps/uv/uv.gyp deps/v8/gypfiles/toolchain.gypi \
deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
config.gypi
$(PYTHON) tools/gyp_node.py -f make
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index deaef8e92f..e2e949329c 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
-pkgver=2.3.1
-pkgrel=5
+pkgver=2.4.0
+pkgrel=0
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="https://www.openjpeg.org/"
arch="all"
@@ -11,13 +11,6 @@ makedepends="libpng-dev tiff-dev lcms2-dev doxygen cmake"
subpackages="$pkgname-dev $pkgname-tools"
source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz
fix-cmakelists.patch
- CVE-2020-6851.patch
- CVE-2020-8112.patch
- CVE-2019-12973.patch
- CVE-2020-15389.patch
- CVE-2020-27814.patch
- CVE-2020-27823.patch
- CVE-2020-27824.patch
"
build() {
@@ -29,6 +22,8 @@ build() {
}
# secfixes:
+# 2.4.0-r0:
+# - CVE-2020-27844
# 2.3.1-r5:
# - CVE-2020-27814
# - CVE-2020-27823
@@ -71,12 +66,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03 openjpeg-2.3.1.tar.gz
-b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea3950bc5623b06c314326777c4fb7aff56adfc6b17bc74c933e5 fix-cmakelists.patch
-c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd62824714097bba2d8cc865bed31193d1a072aa954f216011297 CVE-2020-6851.patch
-9659e04087e0d80bf53555e9807aae59205adef2d49d7a49e05bf250c484a2e92132d471ec6076e57ca69b5ce98fd81462a6a8c01205ca7096781eec06e401cc CVE-2020-8112.patch
-472deba1d521553f9c7af805ba3d0c4fc31564fd36e37c598646f468b7d05bf5f81d2320fd6fadf8c0e3344ebce7bc0d04cece55a1b3cec2ef693a6e65bd2516 CVE-2019-12973.patch
-f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch
-fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch
-a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch
-796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch"
+sha512sums="55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8 openjpeg-2.4.0.tar.gz
+b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea3950bc5623b06c314326777c4fb7aff56adfc6b17bc74c933e5 fix-cmakelists.patch"
diff --git a/main/openjpeg/CVE-2019-12973.patch b/main/openjpeg/CVE-2019-12973.patch
deleted file mode 100644
index 0d330ae6d9..0000000000
--- a/main/openjpeg/CVE-2019-12973.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001
-From: Young Xiao <YangX92@hotmail.com>
-Date: Sat, 16 Mar 2019 19:57:27 +0800
-Subject: [PATCH 1/2] convertbmp: detect invalid file dimensions early
-
-width/length dimensions read from bmp headers are not necessarily
-valid. For instance they may have been maliciously set to very large
-values with the intention to cause DoS (large memory allocation, stack
-overflow). In these cases we want to detect the invalid size as early
-as possible.
-
-This commit introduces a counter which verifies that the number of
-written bytes corresponds to the advertized width/length.
-
-See commit 8ee335227bbc for details.
-
-Signed-off-by: Young Xiao <YangX92@hotmail.com>
----
- src/bin/jp2/convertbmp.c | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index 0af52f816..ec34f535b 100644
---- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
- static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
- {
-- OPJ_UINT32 x, y;
-+ OPJ_UINT32 x, y, written;
- OPJ_UINT8 *pix;
- const OPJ_UINT8 *beyond;
-
- beyond = pData + stride * height;
- pix = pData;
-- x = y = 0U;
-+ x = y = written = 0U;
- while (y < height) {
- int c = getc(IN);
- if (c == EOF) {
-@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- for (j = 0; (j < c) && (x < width) &&
- ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
- *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
-+ written++;
- }
- } else { /* absolute mode */
- c = getc(IN);
-@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- c1 = (OPJ_UINT8)getc(IN);
- }
- *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
-+ written++;
- }
- if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
- getc(IN);
-@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- }
- }
- } /* while(y < height) */
-+ if (written != width * height) {
-+ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
-+ return OPJ_FALSE;
-+ }
- return OPJ_TRUE;
- }
-
-
-From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001
-From: Young Xiao <YangX92@hotmail.com>
-Date: Sat, 16 Mar 2019 20:09:59 +0800
-Subject: [PATCH 2/2] bmp_read_rle4_data(): avoid potential infinite loop
-
----
- src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------
- 1 file changed, 26 insertions(+), 6 deletions(-)
-
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index ec34f535b..2fc4e9bc4 100644
---- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- while (y < height) {
- int c = getc(IN);
- if (c == EOF) {
-- break;
-+ return OPJ_FALSE;
- }
-
- if (c) { /* encoded mode */
-- int j;
-- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN);
-+ int j, c1_int;
-+ OPJ_UINT8 c1;
-+
-+ c1_int = getc(IN);
-+ if (c1_int == EOF) {
-+ return OPJ_FALSE;
-+ }
-+ c1 = (OPJ_UINT8)c1_int;
-
- for (j = 0; (j < c) && (x < width) &&
- ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
-@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- } else { /* absolute mode */
- c = getc(IN);
- if (c == EOF) {
-- break;
-+ return OPJ_FALSE;
- }
-
- if (c == 0x00) { /* EOL */
-@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- break;
- } else if (c == 0x02) { /* MOVE by dxdy */
- c = getc(IN);
-+ if (c == EOF) {
-+ return OPJ_FALSE;
-+ }
- x += (OPJ_UINT32)c;
- c = getc(IN);
-+ if (c == EOF) {
-+ return OPJ_FALSE;
-+ }
- y += (OPJ_UINT32)c;
- pix = pData + y * stride + x;
- } else { /* 03 .. 255 : absolute mode */
-@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
- for (j = 0; (j < c) && (x < width) &&
- ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
- if ((j & 1) == 0) {
-- c1 = (OPJ_UINT8)getc(IN);
-+ int c1_int;
-+ c1_int = getc(IN);
-+ if (c1_int == EOF) {
-+ return OPJ_FALSE;
-+ }
-+ c1 = (OPJ_UINT8)c1_int;
- }
- *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
- written++;
- }
- if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
-- getc(IN);
-+ c = getc(IN);
-+ if (c == EOF) {
-+ return OPJ_FALSE;
-+ }
- }
- }
- }
diff --git a/main/openjpeg/CVE-2020-15389.patch b/main/openjpeg/CVE-2020-15389.patch
deleted file mode 100644
index f5737a3b24..0000000000
--- a/main/openjpeg/CVE-2020-15389.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 28 Jun 2020 14:19:59 +0200
-Subject: [PATCH] opj_decompress: fix double-free on input directory with mix
- of valid and invalid images (CVE-2020-15389)
-
-Fixes #1261
-
-Credits to @Ruia-ruia for reporting and analysis.
----
- src/bin/jp2/opj_decompress.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
-index 7eeb0952f..2634907f0 100644
---- a/src/bin/jp2/opj_decompress.c
-+++ b/src/bin/jp2/opj_decompress.c
-@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
- int main(int argc, char **argv)
- {
- opj_decompress_parameters parameters; /* decompression parameters */
-- opj_image_t* image = NULL;
-- opj_stream_t *l_stream = NULL; /* Stream */
-- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
-- opj_codestream_index_t* cstr_index = NULL;
-
- OPJ_INT32 num_images, imageno;
- img_fol_t img_fol;
-@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
-
- /*Decoding image one by one*/
- for (imageno = 0; imageno < num_images ; imageno++) {
-+ opj_image_t* image = NULL;
-+ opj_stream_t *l_stream = NULL; /* Stream */
-+ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */
-+ opj_codestream_index_t* cstr_index = NULL;
-
- if (!parameters.quiet) {
- fprintf(stderr, "\n");
diff --git a/main/openjpeg/CVE-2020-27814.patch b/main/openjpeg/CVE-2020-27814.patch
deleted file mode 100644
index 85e92be8d6..0000000000
--- a/main/openjpeg/CVE-2020-27814.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 6cdba6bbdc78ce668a7e9147ba89fc8421187d72 Mon Sep 17 00:00:00 2001
-From: Leo <thinkabit.ukim@gmail.com>
-Date: Wed, 23 Dec 2020 00:00:17 -0300
-Subject: [PATCH 1/3] CVE-2020-27814
-
----
- src/lib/openjp2/tcd.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
-index be3b843..e6b84f9 100644
---- a/src/lib/openjp2/tcd.c
-+++ b/src/lib/openjp2/tcd.c
-@@ -1219,9 +1219,12 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
-
- /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
- /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
-+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
-+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
-+ /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */
- /* TODO: is there a theoretical upper-bound for the compressed code */
- /* block size ? */
-- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
-+ l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
-
- if (l_data_size > p_code_block->data_size) {
---
-2.29.2
-
diff --git a/main/openjpeg/CVE-2020-27823.patch b/main/openjpeg/CVE-2020-27823.patch
deleted file mode 100644
index 58193afd4c..0000000000
--- a/main/openjpeg/CVE-2020-27823.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 40b4a8ea26a16cf95d9a63cec928eb0fbe65e04e Mon Sep 17 00:00:00 2001
-From: Leo <thinkabit.ukim@gmail.com>
-Date: Wed, 23 Dec 2020 00:01:02 -0300
-Subject: [PATCH 2/3] CVE-2020-27823
-
----
- src/bin/jp2/convertpng.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
-index 44d985f..1559c8f 100644
---- a/src/bin/jp2/convertpng.c
-+++ b/src/bin/jp2/convertpng.c
-@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
- image->x0 = (OPJ_UINT32)params->image_offset_x0;
- image->y0 = (OPJ_UINT32)params->image_offset_y0;
- image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32)
-- params->subsampling_dx + 1 + image->x0);
-+ params->subsampling_dx + 1);
- image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
-- params->subsampling_dy + 1 + image->y0);
-+ params->subsampling_dy + 1);
-
- row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
- if (row32s == NULL) {
---
-2.29.2
-
diff --git a/main/openjpeg/CVE-2020-27824.patch b/main/openjpeg/CVE-2020-27824.patch
deleted file mode 100644
index b176d60b1e..0000000000
--- a/main/openjpeg/CVE-2020-27824.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From dcb3063cd8101c751f3fd97249f41aaabe17ec82 Mon Sep 17 00:00:00 2001
-From: Leo <thinkabit.ukim@gmail.com>
-Date: Wed, 23 Dec 2020 00:01:25 -0300
-Subject: [PATCH 3/3] CVE-2020-27824
-
----
- src/lib/openjp2/dwt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
-index 5930d1c..a1d5d61 100644
---- a/src/lib/openjp2/dwt.c
-+++ b/src/lib/openjp2/dwt.c
-@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec)
- if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
- stepsize = 1.0;
- } else {
-- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
-+ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
- stepsize = (1 << (gain)) / norm;
- }
- opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),
---
-2.29.2
-
diff --git a/main/openjpeg/CVE-2020-6851.patch b/main/openjpeg/CVE-2020-6851.patch
deleted file mode 100644
index 9a70291f50..0000000000
--- a/main/openjpeg/CVE-2020-6851.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 024b8407392cb0b82b04b58ed256094ed5799e04 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 11 Jan 2020 01:51:19 +0100
-Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose
- coordinates are beyond INT_MAX (fixes #1228)
-
----
- src/lib/openjp2/j2k.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 14f6ff41a..922550eb1 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -9221,6 +9221,14 @@ static OPJ_BOOL opj_j2k_update_image_dimensions(opj_image_t* p_image,
- l_img_comp = p_image->comps;
- for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
- OPJ_INT32 l_h, l_w;
-+ if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
-+ p_image->y0 > (OPJ_UINT32)INT_MAX ||
-+ p_image->x1 > (OPJ_UINT32)INT_MAX ||
-+ p_image->y1 > (OPJ_UINT32)INT_MAX) {
-+ opj_event_msg(p_manager, EVT_ERROR,
-+ "Image coordinates above INT_MAX are not supported\n");
-+ return OPJ_FALSE;
-+ }
-
- l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
- (OPJ_INT32)l_img_comp->dx);
diff --git a/main/openjpeg/CVE-2020-8112.patch b/main/openjpeg/CVE-2020-8112.patch
deleted file mode 100644
index 95cb8095f5..0000000000
--- a/main/openjpeg/CVE-2020-8112.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 05f9b91e60debda0e83977e5e63b2e66486f7074 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Thu, 30 Jan 2020 00:59:57 +0100
-Subject: [PATCH] opj_tcd_init_tile(): avoid integer overflow
-
-That could lead to later assertion failures.
-
-Fixes #1231 / CVE-2020-8112
----
- src/lib/openjp2/tcd.c | 20 ++++++++++++++++++--
- 1 file changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
-index deecc4dff..aa419030a 100644
---- a/src/lib/openjp2/tcd.c
-+++ b/src/lib/openjp2/tcd.c
-@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
- /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
- l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
- l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
-- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx;
-- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy;
-+ {
-+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1,
-+ (OPJ_INT32)l_pdx)) << l_pdx;
-+ if (tmp > (OPJ_UINT32)INT_MAX) {
-+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
-+ return OPJ_FALSE;
-+ }
-+ l_br_prc_x_end = (OPJ_INT32)tmp;
-+ }
-+ {
-+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1,
-+ (OPJ_INT32)l_pdy)) << l_pdy;
-+ if (tmp > (OPJ_UINT32)INT_MAX) {
-+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
-+ return OPJ_FALSE;
-+ }
-+ l_br_prc_y_end = (OPJ_INT32)tmp;
-+ }
- /*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/
-
- l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)((
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index b4e051c852..22090b345c 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
-pkgver=1.1.1i
+pkgver=1.1.1k
_abiver=${pkgver%.*}
pkgrel=0
pkgdesc="Toolkit for Transport Layer Security (TLS)"
@@ -22,6 +22,13 @@ esac
builddir="$srcdir/openssl-$pkgver"
# secfixes:
+# 1.1.1k-r0:
+# - CVE-2021-3449
+# - CVE-2021-3450
+# 1.1.1j-r0:
+# - CVE-2021-23841
+# - CVE-2021-23840
+# - CVE-2021-23839
# 1.1.1i-r0:
# - CVE-2020-1971
# 1.1.1g-r0:
@@ -115,5 +122,5 @@ _libssl() {
done
}
-sha512sums="fe12e0ab9e1688f24dd862ac633d0ab703b499c0f34b53c3560aa0d3879d81d647aa0678ed517dda5efb2711f669fcb1a1e0e24f6eac2efc2cf4eae6b62014d8 openssl-1.1.1i.tar.gz
+sha512sums="73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121 openssl-1.1.1k.tar.gz
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch"
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
index 6179607fc1..f84e75d753 100644
--- a/main/postgresql/APKBUILD
+++ b/main/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: G.J.R. Timmer <gjr.timmer@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=postgresql
-pkgver=11.10
+pkgver=11.11
pkgrel=0
pkgdesc="A sophisticated object-relational DBMS"
url="https://www.postgresql.org/"
@@ -36,6 +36,8 @@ builddir="$srcdir/$pkgname-$pkgver"
options="!checkroot"
# secfixes:
+# 11.11-r0:
+# - CVE-2021-3393
# 11.10-r0:
# - CVE-2020-25694
# - CVE-2020-25695
@@ -316,7 +318,7 @@ _submv() {
done
}
-sha512sums="0cc0e9b0f76e00727dc699ea59a45d760d37d91ec736a62cbc9bda3e38eb1ef1565e4e399dd3ae96bad87f866e56e364f916de7740d8be6e1cfc2bf654dfbb68 postgresql-11.10.tar.bz2
+sha512sums="8d38e6b7826e73191159f1ee69efde28adc061e0041eb136f55681503a189355b869b2ff312860325d454c1f95367d921fb61dd2de31f584261f165f229bcdb9 postgresql-11.11.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/main/python3/APKBUILD b/main/python3/APKBUILD
index bd3aff41ee..ed21605bf0 100644
--- a/main/python3/APKBUILD
+++ b/main/python3/APKBUILD
@@ -3,9 +3,9 @@
pkgname=python3
# the python2-tkinter's pkgver needs to be synchronized with this.
-pkgver=3.7.7
+pkgver=3.7.10
_basever="${pkgver%.*}"
-pkgrel=1
+pkgrel=0
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
@@ -20,11 +20,12 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
fix-xattrs-glibc.patch
musl-find_library.patch
bpo-36044-Reduce-number-of-unit-tests-run-for-PGO-build.patch
- CVE-2020-14422.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes:
+# 3.7.7-r2:
+# - CVE-2021-3177
# 3.7.7-r1:
# - CVE-2020-14422
# 3.7.7-r0:
@@ -167,9 +168,7 @@ wininst() {
mv "$pkgdir"/usr/lib/python$_basever/distutils/command/*.exe \
"$subpkgdir"/usr/lib/python$_basever/distutils/command
}
-
-sha512sums="ddc838a7b0c442c2e465616f20231f2b703ed6b69ed2dc17858aac8760814fdf7cff43d350d359300e47b6bb1f0bd38c31126b855e423a3a65ed06a8fa16d136 Python-3.7.7.tar.xz
+sha512sums="5cb61739acbd29f526d25073443398b2ca0eef30d01d134e8236c8bbc7ab0586c44ec00689f5a75e6aedc0170acf4551721ada5e967e4b99a146cfcaad949128 Python-3.7.10.tar.xz
37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
-ad2715f2a4ddfed714f6040b79deed691f457e1e57c5d880c741ef71c5db5bad02a5faab50c32cd98e517ad1117ddf6d2fea0c3daf178d029e6a5fce2f95444a bpo-36044-Reduce-number-of-unit-tests-run-for-PGO-build.patch
-f84922e46e39d681c0d1f95a211b81c6fba1fc3636379fa5c6b47284d693478b6afe08e07703678d9d8ce8e59295df2a705f9a0c8cb54a69a1fee6960d2ebddd CVE-2020-14422.patch"
+ad2715f2a4ddfed714f6040b79deed691f457e1e57c5d880c741ef71c5db5bad02a5faab50c32cd98e517ad1117ddf6d2fea0c3daf178d029e6a5fce2f95444a bpo-36044-Reduce-number-of-unit-tests-run-for-PGO-build.patch"
diff --git a/main/python3/CVE-2020-14422.patch b/main/python3/CVE-2020-14422.patch
deleted file mode 100644
index 9042f832d4..0000000000
--- a/main/python3/CVE-2020-14422.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From b98e7790c77a4378ec4b1c71b84138cb930b69b7 Mon Sep 17 00:00:00 2001
-From: Tapas Kundu <39723251+tapakund@users.noreply.github.com>
-Date: Wed, 1 Jul 2020 00:50:21 +0530
-Subject: [PATCH] [3.7] bpo-41004: Resolve hash collisions for IPv4Interface
- and IPv6Interface (GH-21033) (GH-21231)
-
-CVE-2020-14422
-The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
-of generating constant hash values of 32 and 128 respectively causing hash collisions.
-The fix uses the hash() function to generate hash values for the objects
-instead of XOR operation
-(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
-
-Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
-
-Signed-off-by: Tapas Kundu <tkundu@vmware.com>
----
- Lib/ipaddress.py | 4 ++--
- Lib/test/test_ipaddress.py | 11 +++++++++++
- .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 +
- 3 files changed, 14 insertions(+), 2 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-
-diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
-index 80249288d73ab..54882934c3dc1 100644
---- a/Lib/ipaddress.py
-+++ b/Lib/ipaddress.py
-@@ -1442,7 +1442,7 @@ def __lt__(self, other):
- return False
-
- def __hash__(self):
-- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
-+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
-
- __reduce__ = _IPAddressBase.__reduce__
-
-@@ -2088,7 +2088,7 @@ def __lt__(self, other):
- return False
-
- def __hash__(self):
-- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
-+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
-
- __reduce__ = _IPAddressBase.__reduce__
-
-diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
-index 455b893fb126f..1fb6a929dc2d9 100644
---- a/Lib/test/test_ipaddress.py
-+++ b/Lib/test/test_ipaddress.py
-@@ -2091,6 +2091,17 @@ def testsixtofour(self):
- sixtofouraddr.sixtofour)
- self.assertFalse(bad_addr.sixtofour)
-
-+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
-+ def testV4HashIsNotConstant(self):
-+ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
-+ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
-+ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
-+
-+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
-+ def testV6HashIsNotConstant(self):
-+ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
-+ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
-+ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
-
- if __name__ == '__main__':
- unittest.main()
-diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-new file mode 100644
-index 0000000000000..f5a9db52fff52
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
-@@ -0,0 +1 @@
-+CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
diff --git a/main/razor/APKBUILD b/main/razor/APKBUILD
index b429dc3ced..9d5b2d9171 100644
--- a/main/razor/APKBUILD
+++ b/main/razor/APKBUILD
@@ -3,40 +3,41 @@
pkgname=razor
_realname=razor-agents
pkgver=2.85
-pkgrel=8
+pkgrel=9
pkgdesc="Vipul's Razor is a distributed, collaborative spam detection and filtering network"
url="http://razor.sourceforge.net/"
arch="all"
-license="Artistic"
+license="Artistic-2.0"
depends="perl perl-digest-sha1 perl-getopt-long perl-uri"
makedepends="perl-dev"
subpackages="$pkgname-doc"
-source="https://downloads.sourceforge.net/razor/razor-agents/$_realname-$pkgver.tar.bz2"
+source="https://downloads.sourceforge.net/razor/razor-agents/$_realname-$pkgver.tar.bz2
+ fix-cosmetic-pv.patch
+ fix-manpage-quoting.patch
+ "
builddir="$srcdir/$_realname-$pkgver"
prepare() {
- cd "$builddir"
- export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
+ default_prepare
+
+ export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}')
PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor
}
build() {
- cd "$builddir"
- export CFLAGS=`perl -MConfig -E 'say $Config{ccflags}'`
+ export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}')
make -j1
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
}
check() {
- cd "$builddir"
make test
}
-md5sums="014d08db40187cb1316482191566b012 razor-agents-2.85.tar.bz2"
-sha256sums="7fe0afe73e5b3979444dd86e2ad25ea99bc05b23d5648d357544f78f0b6eb6d7 razor-agents-2.85.tar.bz2"
-sha512sums="31dded1969dde963389a5939514c29638ad07f45dbb2f4c633cf20ebc4abab94e65e9a6d8885233cdde686ef365aab11fa5eba2ca38d79c5b8fab689143ff5db razor-agents-2.85.tar.bz2"
+sha512sums="31dded1969dde963389a5939514c29638ad07f45dbb2f4c633cf20ebc4abab94e65e9a6d8885233cdde686ef365aab11fa5eba2ca38d79c5b8fab689143ff5db razor-agents-2.85.tar.bz2
+75c18cbf22172657976eb3140e736134115c072be46c5165326237f73af592afbe49229058d9c80f8a99f486cae075e16b36822b73f194034b20e83afee382ec fix-cosmetic-pv.patch
+25b5449f4b13d3c8373ed3bb67970c187d7ea3235a6e4f0baf60618004addc124321b36bf0a4c320b5b7370498c857c6477bfecb1658e441e0edacde149d361e fix-manpage-quoting.patch"
diff --git a/main/razor/fix-cosmetic-pv.patch b/main/razor/fix-cosmetic-pv.patch
new file mode 100644
index 0000000000..6082392b31
--- /dev/null
+++ b/main/razor/fix-cosmetic-pv.patch
@@ -0,0 +1,24 @@
+Taken from Arch Linux
+
+--- a/lib/Razor2/Client/Version.pm 2007-05-10 22:32:10.000000000 +0200
++++ b/lib/Razor2/Client/Version.pm 2010-03-25 11:11:36.911409707 +0100
+@@ -14,7 +14,7 @@
+
+ $PROTOCOL = 3;
+
+-$VERSION = '2.84';
++$VERSION = '2.85';
+
+ 1;
+
+--- a/META.yml 2007-05-23 20:29:34.000000000 +0200
++++ b/META.yml 2010-03-25 11:11:43.691408628 +0100
+@@ -1,7 +1,7 @@
+ # http://module-build.sourceforge.net/META-spec.html
+ #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
+ name: razor-agents
+-version: 2.84
++version: 2.85
+ version_from: lib/Razor2/Client/Version.pm
+ installdirs: site
+ requires:
diff --git a/main/razor/fix-manpage-quoting.patch b/main/razor/fix-manpage-quoting.patch
new file mode 100644
index 0000000000..6be965cc54
--- /dev/null
+++ b/main/razor/fix-manpage-quoting.patch
@@ -0,0 +1,17 @@
+Taken from Arch Linux
+
+diff -uprw razor-agents-2.85.orig/Makefile.PL razor-agents-2.85/Makefile.PL
+--- razor-agents-2.85.orig/Makefile.PL 2007-05-09 01:47:53.000000000 +0300
++++ razor-agents-2.85/Makefile.PL 2015-06-14 20:36:23.677213987 +0300
+@@ -140,9 +140,9 @@ sub MY::install {
+ my $inherited = $self->SUPER::install(@_);
+
+ my $man5 = q{ \\
+- $(INST_MAN5DIR) $(INSTALLMAN5DIR)};
++ "$(INST_MAN5DIR)" "$(INSTALLMAN5DIR)"};
+
+- $inherited =~ s/(\$\((?:DEST)?INSTALL\w*MAN1DIR\))/$1$man5/gm;
++ $inherited =~ s/("?\$\((?:DEST)?INSTALL\w*MAN1DIR\)"?)/$1$man5/gm;
+
+ return $inherited;
+ }
diff --git a/main/redis/APKBUILD b/main/redis/APKBUILD
index 8359fa153a..d0065c959f 100644
--- a/main/redis/APKBUILD
+++ b/main/redis/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: TBK <alpine@jjtc.eu>
pkgname=redis
-pkgver=5.0.5
-pkgrel=1
+pkgver=5.0.11
+pkgrel=0
pkgdesc="Advanced key-value store"
url="https://redis.io/"
arch="all"
@@ -18,15 +18,17 @@ source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz
makefile-dont-duplicate-binary.patch
redis.conf.patch
sentinel.conf.patch
- CVE-2015-8080.patch
$pkgname.initd
$pkgname.confd
$pkgname-sentinel.initd
$pkgname.logrotate
+ musl-zmalloc.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 5.0.11-r0:
+# - CVE-2021-21309
# 5.0.5-r1:
# - CVE-2015-8080
# 5.0.4-r0:
@@ -81,12 +83,12 @@ package() {
var/log/redis
}
-sha512sums="78215ec02b7184e05788c7a368146ea53095a877a0e09174b4c9f175aeb9ba9174023c19e33bf62e4513b848e1841538d398e7c0a651c5c947255c1691cb4586 redis-5.0.5.tar.gz
-0bfe894843a0b0b1800c5ff1c570cbc631d0bf94e5911210ae8780f57e661c8a61bb7309181fb8492392747deb340025a5380db168418aaf46b273a8120a4169 makefile-dont-duplicate-binary.patch
+sha512sums="fb585e0040d07b97af941ad4b424dd50403fcb7edb07154e79b9933c6882f9fbe6010f8e6bae4d398cfdb44dfc492fc7dde8568eba34d45dda5e547453b4254a redis-5.0.11.tar.gz
+0d6710543f111a7e9d07ac8398ceee0b38c6a4da35fd34088cb3b5a8efb3aa2eefc49dc2b58d7386c72113834bbe27625333b9283da2ae1e3df252a5712f62cf makefile-dont-duplicate-binary.patch
c8a35e3c30be99fef8678acb2502f424bcca478dcc1ef1750f8c8c8e9e9c462f97586159f32ebba84b6a4eb398a9d568e3200241fb0de1f96293c9fdaafb06c9 redis.conf.patch
e8cd03ab08b354d7d852cc43719ef537586c024f3911e27f0be052de471d3e6c1af947313ba0b045af3f2212afd41eb0cd4e0464cc6568853cfbfd4718b09fa5 sentinel.conf.patch
-80e87cd1f2f13c7d1fd0449c70fc48172874f2fec6ec23dc110d8c414f3304afad5d1aebd41acd60269733b6ee4716a09abd557890d1ecd988cf87c1780ef14b CVE-2015-8080.patch
f6dcdad1edd6b5fb6aa28ba774bfc8aba035f316695da261fb2ad291b76f00f177479f9d74434d06c26bd15f131edc9a2f55c9880758cf0987800d2031069738 redis.initd
6752e99df632b14d62a3266929e80c3d667be5c270e4f34e0dcf2b7f9b1754fe0ce9d4569fa413dbbe207e406ff2848a64e0c47629997536ae1d14ca84ebd56b redis.confd
e7a60a090df53eef05d58d73709f07536135a93efb34e48ad933e3859d3d1c0f476975a3232df18f57476bf7fc3b0548471e1c86445878457ac8507b3da71384 redis-sentinel.initd
-bf2def2077a989047e9bfff8a7f754bcdf96e020fd4a470f8967ee1fca601e11f044cfb3742f00e932cc013e0d0b199045d78c8878a0e529715c9f77786d353f redis.logrotate"
+bf2def2077a989047e9bfff8a7f754bcdf96e020fd4a470f8967ee1fca601e11f044cfb3742f00e932cc013e0d0b199045d78c8878a0e529715c9f77786d353f redis.logrotate
+e29fb36a43dbd991aa46f469d49f76d6c22354abf11abcfe91c2cc8254c0fe9f997e51288ca37e3d184b89b49cd9ffb42483f8ec35b99aee829bf3ee5b4c5163 musl-zmalloc.patch"
diff --git a/main/redis/CVE-2015-8080.patch b/main/redis/CVE-2015-8080.patch
deleted file mode 100644
index 722522458f..0000000000
--- a/main/redis/CVE-2015-8080.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From ef764dde1cca2f25d00686673d1bc89448819571 Mon Sep 17 00:00:00 2001
-From: Seunghoon Woo <toad58@nate.com>
-Date: Mon, 10 Feb 2020 16:32:46 +0900
-Subject: [PATCH] [FIX] revisit CVE-2015-8080 vulnerability
-
----
- deps/lua/src/lua_struct.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/deps/lua/src/lua_struct.c b/deps/lua/src/lua_struct.c
-index 4d5f027b85c..c58c8e72b08 100644
---- a/deps/lua/src/lua_struct.c
-+++ b/deps/lua/src/lua_struct.c
-@@ -89,12 +89,14 @@ typedef struct Header {
- } Header;
-
-
--static int getnum (const char **fmt, int df) {
-+static int getnum (lua_State *L, const char **fmt, int df) {
- if (!isdigit(**fmt)) /* no number? */
- return df; /* return default value */
- else {
- int a = 0;
- do {
-+ if (a > (INT_MAX / 10) || a * 10 > (INT_MAX - (**fmt - '0')))
-+ luaL_error(L, "integral size overflow");
- a = a*10 + *((*fmt)++) - '0';
- } while (isdigit(**fmt));
- return a;
-@@ -115,9 +117,9 @@ static size_t optsize (lua_State *L, char opt, const char **fmt) {
- case 'f': return sizeof(float);
- case 'd': return sizeof(double);
- case 'x': return 1;
-- case 'c': return getnum(fmt, 1);
-+ case 'c': return getnum(L, fmt, 1);
- case 'i': case 'I': {
-- int sz = getnum(fmt, sizeof(int));
-+ int sz = getnum(L, fmt, sizeof(int));
- if (sz > MAXINTSIZE)
- luaL_error(L, "integral size %d is larger than limit of %d",
- sz, MAXINTSIZE);
-@@ -150,7 +152,7 @@ static void controloptions (lua_State *L, int opt, const char **fmt,
- case '>': h->endian = BIG; return;
- case '<': h->endian = LITTLE; return;
- case '!': {
-- int a = getnum(fmt, MAXALIGN);
-+ int a = getnum(L, fmt, MAXALIGN);
- if (!isp2(a))
- luaL_error(L, "alignment %d is not a power of 2", a);
- h->align = a;
diff --git a/main/redis/makefile-dont-duplicate-binary.patch b/main/redis/makefile-dont-duplicate-binary.patch
index 085fcc4cc7..012a6bd6f4 100644
--- a/main/redis/makefile-dont-duplicate-binary.patch
+++ b/main/redis/makefile-dont-duplicate-binary.patch
@@ -4,7 +4,7 @@ See https://github.com/antirez/redis/pull/3494
--- a/src/Makefile
+++ b/src/Makefile
-@@ -307,9 +307,9 @@
+@@ -316,9 +316,9 @@
$(REDIS_INSTALL) $(REDIS_SERVER_NAME) $(INSTALL_BIN)
$(REDIS_INSTALL) $(REDIS_BENCHMARK_NAME) $(INSTALL_BIN)
$(REDIS_INSTALL) $(REDIS_CLI_NAME) $(INSTALL_BIN)
diff --git a/main/redis/musl-zmalloc.patch b/main/redis/musl-zmalloc.patch
new file mode 100644
index 0000000000..90e79d05a2
--- /dev/null
+++ b/main/redis/musl-zmalloc.patch
@@ -0,0 +1,23 @@
+Without this change it fails to compile, giving the following error:
+
+zmalloc.c:55:28: error: missing binary operator before token "("
+ #define PREFIX_SIZE (sizeof(size_t))
+ ^
+zmalloc.c:59:5: note: in expansion of macro 'PREFIX_SIZE'
+ #if PREFIX_SIZE > 0
+
+--- a/src/zmalloc.h
++++ b/src/zmalloc.h
+@@ -63,12 +63,10 @@
+
+ #ifndef ZMALLOC_LIB
+ #define ZMALLOC_LIB "libc"
+-#ifdef __GLIBC__
+ #include <malloc.h>
+ #define HAVE_MALLOC_SIZE 1
+ #define zmalloc_size(p) malloc_usable_size(p)
+ #endif
+-#endif
+
+ /* We can enable the Redis defrag capabilities only if we are using Jemalloc
+ * and the version used is our special version modified for Redis having
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD
index 8d7cc4c828..53bd0746f2 100644
--- a/main/screen/APKBUILD
+++ b/main/screen/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=screen
pkgver=4.6.2
-pkgrel=1
+pkgrel=3
pkgdesc="A window manager that multiplexes a physical terminal"
url="http://ftp.gnu.org/gnu/screen/"
arch="all"
@@ -16,6 +16,8 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 4.6.2-r2:
+# - CVE-2021-26937
# 4.6.2-r1:
# - CVE-2020-9366
@@ -43,6 +45,5 @@ package() {
install -Dm644 etc/etcscreenrc "$pkgdir"/etc/screenrc
install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc
}
-
sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz
a711983119b86527a85464d4f5c8fecd6d481ab5691dd7b1b83c33983594d511ac69a8a67b088906540f8475dba08bda4ba559b2b514ac43535bd668db801fe0 CVE-2020-9366.patch"
diff --git a/main/screen/CVE-2021-26937.patch b/main/screen/CVE-2021-26937.patch
new file mode 100644
index 0000000000..bfd188a95b
--- /dev/null
+++ b/main/screen/CVE-2021-26937.patch
@@ -0,0 +1,59 @@
+Source: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00010.html
+diff --git a/encoding.c b/encoding.c
+index e5db3e7..79f5d14 100644
+--- a/encoding.c
++++ b/encoding.c
+@@ -43,7 +43,7 @@ static int encmatch __P((char *, char *));
+ # ifdef UTF8
+ static int recode_char __P((int, int, int));
+ static int recode_char_to_encoding __P((int, int));
+-static void comb_tofront __P((int, int));
++static void comb_tofront __P((int));
+ # ifdef DW_CHARS
+ static int recode_char_dw __P((int, int *, int, int));
+ static int recode_char_dw_to_encoding __P((int, int *, int));
+@@ -1263,6 +1263,8 @@ int c;
+ {0x30000, 0x3FFFD},
+ };
+
++ if (c >= 0xdf00 && c <= 0xdfff)
++ return 1; /* dw combining sequence */
+ return ((bisearch(c, wide, sizeof(wide) / sizeof(struct interval) - 1)) ||
+ (cjkwidth &&
+ bisearch(c, ambiguous,
+@@ -1330,11 +1332,12 @@ int c;
+ }
+
+ static void
+-comb_tofront(root, i)
+-int root, i;
++comb_tofront(i)
++int i;
+ {
+ for (;;)
+ {
++ int root = i >= 0x700 ? 0x801 : 0x800;
+ debug1("bring to front: %x\n", i);
+ combchars[combchars[i]->prev]->next = combchars[i]->next;
+ combchars[combchars[i]->next]->prev = combchars[i]->prev;
+@@ -1396,9 +1399,9 @@ struct mchar *mc;
+ {
+ /* full, recycle old entry */
+ if (c1 >= 0xd800 && c1 < 0xe000)
+- comb_tofront(root, c1 - 0xd800);
++ comb_tofront(c1 - 0xd800);
+ i = combchars[root]->prev;
+- if (c1 == i + 0xd800)
++ if (i == 0x800 || i == 0x801 || c1 == i + 0xd800)
+ {
+ /* completely full, can't recycle */
+ debug("utf8_handle_comp: completely full!\n");
+@@ -1422,7 +1425,7 @@ struct mchar *mc;
+ mc->font = (i >> 8) + 0xd8;
+ mc->fontx = 0;
+ debug3("combinig char %x %x -> %x\n", c1, c, i + 0xd800);
+- comb_tofront(root, i);
++ comb_tofront(i);
+ }
+
+ #else /* !UTF8 */
diff --git a/main/spamassassin/APKBUILD b/main/spamassassin/APKBUILD
index 8dd7b151a7..6edebf96a8 100644
--- a/main/spamassassin/APKBUILD
+++ b/main/spamassassin/APKBUILD
@@ -2,8 +2,8 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=spamassassin
_pkgreal=Mail-SpamAssassin
-pkgver=3.4.4
-pkgrel=0
+pkgver=3.4.5
+pkgrel=1
pkgdesc="The Powerful #1 Open-Source Spam Filter"
url="https://metacpan.org/pod/Mail::SpamAssassin"
arch="all"
@@ -14,7 +14,7 @@ cpanmakedepends="$cpandepends"
depends="perl-mail-$pkgname curl"
makedepends="perl-dev $cpanmakedepends"
subpackages="$pkgname-doc $pkgname-client $pkgname-compiler perl-mail-$pkgname:cpan"
-source="https://cpan.metacpan.org/authors/id/K/KM/KMCGRAIL/${_pkgreal#*-}/$_pkgreal-$pkgver.tar.gz
+source="https://cpan.metacpan.org/authors/id/S/SI/SIDNEY/Mail-SpamAssassin-$pkgver.tar.gz
spamd.initd
spamd.confd
spamd.crond
@@ -24,6 +24,8 @@ source="https://cpan.metacpan.org/authors/id/K/KM/KMCGRAIL/${_pkgreal#*-}/$_pkgr
builddir="$srcdir/$_pkgreal-$pkgver"
# secfixes:
+# 3.4.5-r0:
+# - CVE-2020-1946
# 3.4.4-r0:
# - CVE-2020-1930
# - CVE-2020-1931
@@ -86,7 +88,7 @@ cpan() {
sed -i '/^#\*/d' "$subpkgdir"/etc/mail/$pkgname/user_prefs
}
-sha512sums="b6efa1c733ddf810b189ec69445faeae6488ee2671f87f56b49ec3bf85690bf7950aa5ce251c1f1371b2bbe4fb88dbce0a162c9a24a48ed5e6584f9019611552 Mail-SpamAssassin-3.4.4.tar.gz
+sha512sums="76323d8a5be1f5451375adc8b7989f183e72d0fa52848a1356c3b7fb3da9a9328fe9f91bcc941228c2cb91180ed49583a9a8bebf1f00caf7ad898251af3b9ba3 Mail-SpamAssassin-3.4.5.tar.gz
0a22933290a3abd147689bf3a9de4b6b277628c22966f353c5da932cd98560babf1d0bb9d92c456ea24decfb5af0bbc960192d29a90d9cab437e7986c75c8278 spamd.initd
274d3aa0d9aab05e83c8d5ad3e93a457649360021a67c8cb19088365bed681ebe26889cfa86f8c46a6044c7ee969231f2a71e3227adf8ad9e38d0286b9caf48d spamd.confd
e0bbdb21020f4b4e5b11fb3ec18ad7e496fa4521d24275d806db96fc91cde3c0b8e8c8215e51b18903bf5916de74e9e2584fe7f62a9ec7da2f185641e533916d spamd.crond
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index 35540a480f..bd24ed9084 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squid
-pkgver=4.13
+pkgver=4.14
pkgrel=0
pkgdesc="A full-featured Web proxy cache server."
url="http://www.squid-cache.org"
@@ -29,6 +29,8 @@ builddir="$srcdir"/$pkgname-$pkgver
options="!check" # does not work. Error message is about "applet not found", some issue with the installed busybox
# secfixes:
+# 4.14-r0:
+# - CVE-2020-25097
# 4.13-r0:
# - CVE-2020-15810
# - CVE-2020-15811
@@ -121,7 +123,7 @@ squid_kerb_auth() {
mv "$pkgdir"/usr/lib/squid/squid_kerb_auth "$subpkgdir"/usr/lib/squid/
}
-sha512sums="06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc squid-4.13.tar.xz
+sha512sums="3509caea9e10ea54547eeb769a21f0ca4d37e39a063953821fc51d588b22facfa183d0a48be9ab15831ee646e031079b515c75162515b8a4e7c708df2d41958b squid-4.14.tar.xz
15d95f7d787be8c2e6619ef1661fd8aae8d2c1ede706748764644c7dc3d7c34515ef6e8b7543295fddc4e767bbd74a7cf8c42e77cf60b3d574ff11b3f6e336c9 squid.initd
7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd
89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate"
diff --git a/main/subversion/APKBUILD b/main/subversion/APKBUILD
index 3ff1a75e73..4b75148751 100644
--- a/main/subversion/APKBUILD
+++ b/main/subversion/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=subversion
pkgver=1.12.2
-pkgrel=0
+pkgrel=1
pkgdesc="Replacement for CVS, another versioning system (svn)"
url="https://subversion.apache.org/"
arch="all"
@@ -17,10 +17,14 @@ subpackages="$pkgname-dev $pkgname-doc mod_dav_svn
source="https://archive.apache.org/dist/subversion/$pkgname-$pkgver.tar.bz2
subversion-1.7.0-deplibs.patch
subversion-perl-deplibs.patch
+ CVE-2020-17525.patch
svnserve.confd
- svnserve.initd"
+ svnserve.initd
+ "
# secfixes:
+# 1.12.2-r1:
+# - CVE-2020-17525
# 1.12.2-r0:
# - CVE-2019-0203
# - CVE-2018-11782
@@ -118,5 +122,6 @@ py() {
sha512sums="b1f859b460afa54598778d8633f648acb4fa46138f7d6f0c1451e3c6a1de71df859233cd9ac7f19f0f20d7237ed3988f0a38da7552ffa58391e19d957bc7c136 subversion-1.12.2.tar.bz2
fb219c45b80602d919176cc191394df09f90d0f5c7d24e6a36b166bd92777ecae67eeac1e49c0ffbb0e724396b3d2094dbb0bef17d01dc87d418b1cd554bd7c4 subversion-1.7.0-deplibs.patch
fd6e5f45cff4d3cf0d885a34c822b32141b13b199d99ad8e1b04d641c9c1ee27e73f5c556a4ad54a900b6d39cc14afad17b6738d8af44c76758f1a27b4d49f9a subversion-perl-deplibs.patch
+85fceca6bf92fb816263a2846e932b47e15920cb87183135e2a1218f2ea44d810810700cb2dd1a892508af4f08c298f688baa191c7e987280843cf01afb6f335 CVE-2020-17525.patch
7fe993443d4d3ef5e1e75f60e85036ee0b2bb2636c2c830210e64f525f95ae4c10ca1dc4504fc36915ec9391815becbe7cbf5f589c28609386d8d079ed02c630 svnserve.confd
f6392193cc65aaceee9b6e5e66f80af4b095ba4007e8536e8b1c4e8b2c75610d7f5596b83e5edd504672f021c074887fc6464cf4fc1dfe9446741105f11cd855 svnserve.initd"
diff --git a/main/subversion/CVE-2020-17525.patch b/main/subversion/CVE-2020-17525.patch
new file mode 100644
index 0000000000..ca59b7914a
--- /dev/null
+++ b/main/subversion/CVE-2020-17525.patch
@@ -0,0 +1,15 @@
+Index: subversion/libsvn_repos/config_file.c
+===================================================================
+--- a/subversion/libsvn_repos/config_file.c (revision 1883994)
++++ b/subversion/libsvn_repos/config_file.c (working copy)
+@@ -237,6 +237,10 @@ get_repos_config(svn_stream_t **stream,
+ {
+ /* Search for a repository in the full path. */
+ repos_root_dirent = svn_repos_find_root_path(dirent, scratch_pool);
++ if (repos_root_dirent == NULL)
++ return svn_error_trace(handle_missing_file(stream, checksum, access,
++ url, must_exist,
++ svn_node_none));
+
+ /* Attempt to open a repository at repos_root_dirent. */
+ SVN_ERR(svn_repos_open3(&access->repos, repos_root_dirent, NULL,
diff --git a/main/tar/APKBUILD b/main/tar/APKBUILD
index 6a297c48aa..d91ede9c9b 100644
--- a/main/tar/APKBUILD
+++ b/main/tar/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=tar
pkgver=1.32
-pkgrel=0
+pkgrel=1
pkgdesc="Utility used to store, backup, and transport files"
url="https://www.gnu.org"
arch="all"
@@ -11,9 +11,13 @@ install=""
makedepends=""
subpackages="$pkgname-doc"
source="https://ftp.gnu.org/gnu/tar/$pkgname-$pkgver.tar.xz
- ignore-apk-tools-checksums.patch"
+ ignore-apk-tools-checksums.patch
+ CVE-2021-20193.patch
+ "
# secfixes:
+# 1.32-r1:
+# - CVE-2021-20193
# 1.29-r1:
# - CVE-2016-6321
# 1.31-r0:
@@ -52,4 +56,5 @@ package() {
}
sha512sums="1bd13854009b6ee08958481738e6bf661e40216a2befe461d06b4b350eb882e431b3a4eeea7ca1d35d37102df76194c9d933df2b18b3c5401350e9fc17017750 tar-1.32.tar.xz
-9cde0f1509328bc5fe2cb46642b53c7681c548cf28a2fb83eda7e9374c9c0ad27a0cd55b9c0cc93951def58dafa55ee71cace5493ddcb7966ee94dc5f1099739 ignore-apk-tools-checksums.patch"
+9cde0f1509328bc5fe2cb46642b53c7681c548cf28a2fb83eda7e9374c9c0ad27a0cd55b9c0cc93951def58dafa55ee71cace5493ddcb7966ee94dc5f1099739 ignore-apk-tools-checksums.patch
+31d2863d47bf01a7425047222460ae4ecd7a66203de40fb0b1071a3a53c539d358cf600b7862bc1cc01cab34da2fb71a6d9da7b248e06d6592b99c7115816862 CVE-2021-20193.patch"
diff --git a/main/tar/CVE-2021-20193.patch b/main/tar/CVE-2021-20193.patch
new file mode 100644
index 0000000000..c721f870bd
--- /dev/null
+++ b/main/tar/CVE-2021-20193.patch
@@ -0,0 +1,127 @@
+From d9d4435692150fa8ff68e1b1a473d187cc3fd777 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sun, 17 Jan 2021 20:41:11 +0200
+Subject: Fix memory leak in read_header
+
+Bug reported in https://savannah.gnu.org/bugs/?59897
+
+* src/list.c (read_header): Don't return directly from the loop.
+Instead set the status and break. Return the status. Free
+next_long_name and next_long_link before returning.
+---
+ src/list.c | 40 ++++++++++++++++++++++++++++------------
+ 1 file changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/src/list.c b/src/list.c
+index e40a5c8..d7ef441 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -408,26 +408,27 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ enum read_header_mode mode)
+ {
+ union block *header;
+- union block *header_copy;
+ char *bp;
+ union block *data_block;
+ size_t size, written;
+- union block *next_long_name = 0;
+- union block *next_long_link = 0;
++ union block *next_long_name = NULL;
++ union block *next_long_link = NULL;
+ size_t next_long_name_blocks = 0;
+ size_t next_long_link_blocks = 0;
+-
++ enum read_header status = HEADER_SUCCESS;
++
+ while (1)
+ {
+- enum read_header status;
+-
+ header = find_next_block ();
+ *return_block = header;
+ if (!header)
+- return HEADER_END_OF_FILE;
++ {
++ status = HEADER_END_OF_FILE;
++ break;
++ }
+
+ if ((status = tar_checksum (header, false)) != HEADER_SUCCESS)
+- return status;
++ break;
+
+ /* Good block. Decode file size and return. */
+
+@@ -437,7 +438,10 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ {
+ info->stat.st_size = OFF_FROM_HEADER (header->header.size);
+ if (info->stat.st_size < 0)
+- return HEADER_FAILURE;
++ {
++ status = HEADER_FAILURE;
++ break;
++ }
+ }
+
+ if (header->header.typeflag == GNUTYPE_LONGNAME
+@@ -447,10 +451,14 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ || header->header.typeflag == SOLARIS_XHDTYPE)
+ {
+ if (mode == read_header_x_raw)
+- return HEADER_SUCCESS_EXTENDED;
++ {
++ status = HEADER_SUCCESS_EXTENDED;
++ break;
++ }
+ else if (header->header.typeflag == GNUTYPE_LONGNAME
+ || header->header.typeflag == GNUTYPE_LONGLINK)
+ {
++ union block *header_copy;
+ size_t name_size = info->stat.st_size;
+ size_t n = name_size % BLOCKSIZE;
+ size = name_size + BLOCKSIZE;
+@@ -517,7 +525,10 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ xheader_decode_global (&xhdr);
+ xheader_destroy (&xhdr);
+ if (mode == read_header_x_global)
+- return HEADER_SUCCESS_EXTENDED;
++ {
++ status = HEADER_SUCCESS_EXTENDED;
++ break;
++ }
+ }
+
+ /* Loop! */
+@@ -536,6 +547,7 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ name = next_long_name->buffer + BLOCKSIZE;
+ recent_long_name = next_long_name;
+ recent_long_name_blocks = next_long_name_blocks;
++ next_long_name = NULL;
+ }
+ else
+ {
+@@ -567,6 +579,7 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ name = next_long_link->buffer + BLOCKSIZE;
+ recent_long_link = next_long_link;
+ recent_long_link_blocks = next_long_link_blocks;
++ next_long_link = NULL;
+ }
+ else
+ {
+@@ -578,9 +591,12 @@ read_header (union block **return_block, struct tar_stat_info *info,
+ }
+ assign_string (&info->link_name, name);
+
+- return HEADER_SUCCESS;
++ break;
+ }
+ }
++ free (next_long_name);
++ free (next_long_link);
++ return status;
+ }
+
+ #define ISOCTAL(c) ((c)>='0'&&(c)<='7')
+--
+cgit v1.2.1
+
diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD
index 0e23483a3d..e2b48d56b7 100644
--- a/main/tzdata/APKBUILD
+++ b/main/tzdata/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tzdata
-pkgver=2020f
-_tzcodever=2020f
+pkgver=2021a
+_tzcodever=2021a
_ptzver=0.5
pkgrel=0
pkgdesc="Timezone data"
@@ -50,8 +50,8 @@ package() {
"$pkgdir"/usr/bin/posixtz
}
-sha512sums="5f6bf1b508434842eb9dacacc744b5f3375c35b88e401ef372b5fde80ad2f523484fe52a6e99460e402230406ebf6a9261a97efde45a610f8e8085893d55c4ed tzcode2020f.tar.gz
-dd312def18c807452fda2e697514e2064c5f51ebdbedd0cfe6f231252c76ee5d4409f653b295ed5657b7d30b868690047fdb70a10942e69eaa40b77473e3f9ca tzdata2020f.tar.gz
+sha512sums="bf1d53bcbfecd3b09d57a9e6d3cb49b5dc5f8e1b6674b67e7f974e1a268c2aaf13ca89a7ef12f49d0665aff782bd72685e00c22a41ca88a028da0429f972fd45 tzcode2021a.tar.gz
+7cdd762ec90ce12a30fa36b1d66d1ea82d9fa21e514e2b9c7fcbe2541514ee0fadf30843ff352c65512fb270857b51d1517b45e1232b89c6f954ba9ff1833bb3 tzdata2021a.tar.gz
68dbaab9f4aef166ac2f2d40b49366527b840bebe17a47599fe38345835e4adb8a767910745ece9c384b57af815a871243c3e261a29f41d71f8054df3061b3fd posixtz-0.5.tar.xz
0f2a10ee2bb4007f57b59123d1a0b8ef6accf99e568f21537f0bb19f290fff46e24050f55f12569d7787be600e1b62aa790ea85a333153f3ea081a812c81b1b5 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch
fb322ab7867517ba39265d56d3576cbcea107c205d524e87015c1819bbb7361f7322232ee3b86ea9b8df2886e7e06a6424e3ac83b2006be290a33856c7d40ac4 0002-fix-implicit-declaration-warnings-by-including-strin.patch"
diff --git a/main/wpa_supplicant/APKBUILD b/main/wpa_supplicant/APKBUILD
index b1e30d0be3..198862cc98 100644
--- a/main/wpa_supplicant/APKBUILD
+++ b/main/wpa_supplicant/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wpa_supplicant
pkgver=2.8
-pkgrel=3
+pkgrel=5
pkgdesc="A utility providing key negotiation for WPA wireless networks"
url="https://w1.fi/wpa_supplicant/"
arch="all"
@@ -24,11 +24,17 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz
0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
CVE-2019-16275.patch
+ CVE-2021-0326.patch
+ CVE-2021-27803.patch
config
wpa_cli.sh"
# secfixes:
+# 2.8-r5:
+# - CVE-2021-27803
+# 2.8-r4:
+# - CVE-2021-0326
# 2.8-r3:
# - CVE-2019-16275
# 2.8-r2:
@@ -121,5 +127,7 @@ a0ac905ef23af18f1899a797e18157a54fa509c7cc3c59583de768a493d750876bbc0a89237373b6
bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c78b4482b7d07962bcf6162706a20e20f7b21a3a10f500eff1 0005-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0006-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch
+e212dd6a2c56c086c14a2c96f479f7a8e6521b6a24c648eb03363db078398e64a38e343ff6faa327d5a0244a7969ecd34c5844d676c697eeb8eb842101fa9cf9 CVE-2021-0326.patch
+af8b4a526a6833de4921fcbbd1b03da7e027276c909d512bd59a95e9767ffe8580135f9aee8947c4317681c4fe130f7ec50cba947f8375313f832a66c66b2cd5 CVE-2021-27803.patch
6707991f9a071f2fcb09d164d31d12b1f52b91fbb5574b70b8d6f9727f72bbe42b03dd66d10fcc2126f5b7e49ac785657dec90e88b4bf54a9aa5638582f6e505 config
212c4265afce2e72b95a32cd785612d6c3e821b47101ead154136d184ac4add01434ada6c87edbb9a98496552e76e1a4d79c6b5840e3a5cfe5e6d602fceae576 wpa_cli.sh"
diff --git a/main/wpa_supplicant/CVE-2021-0326.patch b/main/wpa_supplicant/CVE-2021-0326.patch
new file mode 100644
index 0000000000..2ad5f441be
--- /dev/null
+++ b/main/wpa_supplicant/CVE-2021-0326.patch
@@ -0,0 +1,37 @@
+From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Mon, 9 Nov 2020 11:43:12 +0200
+Subject: P2P: Fix copying of secondary device types for P2P group client
+
+Parsing and copying of WPS secondary device types list was verifying
+that the contents is not too long for the internal maximum in the case
+of WPS messages, but similar validation was missing from the case of P2P
+group information which encodes this information in a different
+attribute. This could result in writing beyond the memory area assigned
+for these entries and corrupting memory within an instance of struct
+p2p_device. This could result in invalid operations and unexpected
+behavior when trying to free pointers from that corrupted memory.
+
+Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
+Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
+index 74b7b52..5cbfc21 100644
+--- a/src/p2p/p2p.c
++++ b/src/p2p/p2p.c
+@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
+ dev->info.config_methods = cli->config_methods;
+ os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
+ dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
++ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
++ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
+ os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
+ dev->info.wps_sec_dev_type_list_len);
+ }
+--
+cgit v0.12
+
diff --git a/main/wpa_supplicant/CVE-2021-27803.patch b/main/wpa_supplicant/CVE-2021-27803.patch
new file mode 100644
index 0000000000..1942bb3d55
--- /dev/null
+++ b/main/wpa_supplicant/CVE-2021-27803.patch
@@ -0,0 +1,50 @@
+From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 8 Dec 2020 23:52:50 +0200
+Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
+
+p2p_add_device() may remove the oldest entry if there is no room in the
+peer table for a new peer. This would result in any pointer to that
+removed entry becoming stale. A corner case with an invalid PD Request
+frame could result in such a case ending up using (read+write) freed
+memory. This could only by triggered when the peer table has reached its
+maximum size and the PD Request frame is received from the P2P Device
+Address of the oldest remaining entry and the frame has incorrect P2P
+Device Address in the payload.
+
+Fix this by fetching the dev pointer again after having called
+p2p_add_device() so that the stale pointer cannot be used.
+
+Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p_pd.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
+index 3994ec03f86b..05fd593494ef 100644
+--- a/src/p2p/p2p_pd.c
++++ b/src/p2p/p2p_pd.c
+@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
+ goto out;
+ }
+
++ dev = p2p_get_device(p2p, sa);
+ if (!dev) {
+- dev = p2p_get_device(p2p, sa);
+- if (!dev) {
+- p2p_dbg(p2p,
+- "Provision Discovery device not found "
+- MACSTR, MAC2STR(sa));
+- goto out;
+- }
++ p2p_dbg(p2p,
++ "Provision Discovery device not found "
++ MACSTR, MAC2STR(sa));
++ goto out;
+ }
+ } else if (msg.wfd_subelems) {
+ wpabuf_free(dev->info.wfd_subelems);
+--
+2.25.1
+
diff --git a/main/xtables-addons-vanilla/APKBUILD b/main/xtables-addons-vanilla/APKBUILD
index ec77c540fb..ff80697f6a 100644
--- a/main/xtables-addons-vanilla/APKBUILD
+++ b/main/xtables-addons-vanilla/APKBUILD
@@ -2,12 +2,12 @@
# when changing _ver we *must* bump _rel
_name=xtables-addons
-_ver=3.2
+_ver=3.6
_rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
@@ -24,7 +24,9 @@ license="GPL-2.0"
depends="$_kpkg=$_kpkgver"
makedepends="$_kpkg-dev=$_kpkgver iptables-dev linux-headers"
install_if="$_kpkg=$_kpkgver $_name"
-source="https://downloads.sourceforge.net/$_name/$_name-$_ver.tar.xz"
+source="https://downloads.sourceforge.net/$_name/$_name-$_ver.tar.xz
+ ip_route_me_harder.patch
+ "
# temporary disable the provides til hardened is fully removed
#provides="${_name}-grsec=${pkgver}-r${pkgrel}"
#replaces="$_name-hardened"
@@ -62,4 +64,5 @@ package() {
make DESTDIR="$pkgdir" modules_install
}
-sha512sums="57b02aec83765ad407a813cc8bb5ba471739da09ee8177094592833d1eaa54300ce06b326e9897cb80f563bdaec24b33d42c2cdb72f8a0ec8f86b085fcc6494d xtables-addons-3.2.tar.xz"
+sha512sums="f2d9e1dc1b23696132fa845f5767cabc6b39494d46587cfee77f7099bfba67f137712163f120496d33a9a38bbb1aeb418faac51125494952e69733006e563c67 xtables-addons-3.6.tar.xz
+a746279a28b7ab9d6d0783ccded9d4dec953dd33127b1e5cf3421cf8e601e81c003869831aaa78fb811ffe10e2b5c0d3dd80c4d0fc31a0ca134459caeb428fe5 ip_route_me_harder.patch"
diff --git a/main/xtables-addons-vanilla/ip_route_me_harder.patch b/main/xtables-addons-vanilla/ip_route_me_harder.patch
new file mode 100644
index 0000000000..075f52dade
--- /dev/null
+++ b/main/xtables-addons-vanilla/ip_route_me_harder.patch
@@ -0,0 +1,48 @@
+diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
+index b384c8e..cb1d055 100644
+--- a/extensions/xt_DELUDE.c
++++ b/extensions/xt_DELUDE.c
+@@ -122,7 +122,7 @@ static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
+ /* ip_route_me_harder expects skb->dst to be set */
+ skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
+
+- if (ip_route_me_harder(net, nskb, addr_type))
++ if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
+ goto free_nskb;
+ else
+ niph = ip_hdr(nskb);
+diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
+index e99312b..2ab413b 100644
+--- a/extensions/xt_ECHO.c
++++ b/extensions/xt_ECHO.c
+@@ -192,7 +192,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par)
+ /* ip_route_me_harder expects the skb's dst to be set */
+ skb_dst_set(newskb, dst_clone(skb_dst(oldskb)));
+
+- if (ip_route_me_harder(par_net(par), newskb, RTN_UNSPEC) != 0)
++ if (ip_route_me_harder(par_net(par), par->state->sk, newskb, RTN_UNSPEC) != 0)
+ goto free_nskb;
+
+ newip->ttl = ip4_dst_hoplimit(skb_dst(newskb));
+diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
+index 4926f2e..6256e60 100644
+--- a/extensions/xt_TARPIT.c
++++ b/extensions/xt_TARPIT.c
+@@ -265,7 +265,7 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
+ #endif
+ addr_type = RTN_LOCAL;
+
+- if (ip_route_me_harder(net, nskb, addr_type))
++ if (ip_route_me_harder(net, nskb->sk, nskb, addr_type))
+ goto free_nskb;
+ else
+ niph = ip_hdr(nskb);
+@@ -399,7 +399,7 @@ static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb,
+ IPPROTO_TCP,
+ csum_partial(tcph, sizeof(struct tcphdr), 0));
+
+- if (ip6_route_me_harder(net, nskb))
++ if (ip6_route_me_harder(net, nskb->sk, nskb))
+ goto free_nskb;
+
+ nskb->ip_summed = CHECKSUM_NONE;
diff --git a/main/zfs-vanilla/APKBUILD b/main/zfs-vanilla/APKBUILD
index 2d1152ac61..5823b6d773 100644
--- a/main/zfs-vanilla/APKBUILD
+++ b/main/zfs-vanilla/APKBUILD
@@ -8,7 +8,7 @@ _rel=1
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/testing/ipt-netflow-vanilla/APKBUILD b/testing/ipt-netflow-vanilla/APKBUILD
index 3bb5cb5c6e..de10f6ee6c 100644
--- a/testing/ipt-netflow-vanilla/APKBUILD
+++ b/testing/ipt-netflow-vanilla/APKBUILD
@@ -7,7 +7,7 @@ _rel=0
_flavor=${FLAVOR:-vanilla}
_kpkg=linux-$_flavor
-_kver=4.19.118
+_kver=4.19.176
_krel=0
_kpkgver="$_kver-r$_krel"
@@ -53,4 +53,4 @@ package() {
make -j1 minstall DEPMOD=: DESTDIR="$pkgdir"
}
-sha512sums="e5ba66da9cae6fb9652e5532383233d433dd30dd16634734860f7e6910e46080e562e2d72c74584a86ead31156cffd4c5c44b438f617a9e5b3e5fdc1470045fc ipt-netflow-vanilla-4.19.118.tar.gz"
+sha512sums="e5ba66da9cae6fb9652e5532383233d433dd30dd16634734860f7e6910e46080e562e2d72c74584a86ead31156cffd4c5c44b438f617a9e5b3e5fdc1470045fc ipt-netflow-vanilla-4.19.176.tar.gz"