diff options
90 files changed, 2041 insertions, 1449 deletions
diff --git a/community/ceph/APKBUILD b/community/ceph/APKBUILD index c6eaebe7632..8cfd2a24e6c 100644 --- a/community/ceph/APKBUILD +++ b/community/ceph/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Duncan Bellamy <dunk@denkimushi.com> # Maintainer: Duncan Bellamy <dunk@denkimushi.com> pkgname=ceph -pkgver=15.2.16 +pkgver=15.2.17 pkgrel=0 pkgdesc="Ceph is a distributed object store and file system" pkgusers="ceph" @@ -147,6 +147,8 @@ subpackages=" " # secfixes: +# 15.2.17-r0: +# - CVE-2022-0670 # 15.2.8-r0: # - CVE-2020-27781 # 15.2.6-r0: @@ -542,7 +544,7 @@ _pkg() { } sha512sums=" -532b8a5073e157fe9ed552b26976faeb64dc29b79a249910c0982134ad5f945d4f57d8bf451adf63487b6d285c6e4bd5c39f0e3fcd449230d6fb3087539f8c3b ceph_15.2.16.orig.tar.gz +952cd4db057fcab5efa3c6331fbc19cf1e904f5855266c2ed13e41ffb2e5a7d18ed133bd113fea493149005a182f429eef39931c4ceac7776aefe84a208a745a ceph_15.2.17.orig.tar.gz 110bdbcb40216c7ed155a8d23020784741b4992d895f4f04a146d275506e4e68053854d3b063b41e9c9b3e3e4f95b6b90602f92c185c853c0d8f47ad0c6b7121 ceph.confd ce5f162501f6b67fe254546dddf880d1a5b1d1a0fa69e0b1918de17e8da45c5c6124512b8cbd98b76f29d931403de0d11c5ffd330ed8ee1f4dc75bb04baecae3 ceph.initd c608f11cf358d76daf5281467a4ea941a81474fbe7f5faa41f7f4d0abaf9136a01576bbb1ab24bdd7bc91a49f66bd7f0a84717de5ec27250d74dd1e47e3b5dd3 10-musl-fixes.patch diff --git a/community/jool-modules-lts/APKBUILD b/community/jool-modules-lts/APKBUILD index fe3acd29f26..0f0446e2abe 100644 --- a/community/jool-modules-lts/APKBUILD +++ b/community/jool-modules-lts/APKBUILD @@ -21,7 +21,7 @@ fi # Kernel version # Keep in sync with main/linux-lts! _kpkg=linux-$_flavor -_kver=5.10.131 +_kver=5.10.152 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/community/k3s/APKBUILD b/community/k3s/APKBUILD index 80f6afcfe77..27bc08f6f06 100644 --- a/community/k3s/APKBUILD +++ b/community/k3s/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Oleg Titov <oleg.titov@gmail.com> # Maintainer: Oleg Titov <oleg.titov@gmail.com> pkgname=k3s -_pkgver=1.20.2+k3s1 +_pkgver=1.20.15+k3s1 pkgver=${_pkgver/+k3s/.} pkgrel=0 pkgdesc="Lightweight Kubernetes. 5 less than k8s" @@ -78,8 +78,10 @@ package() { install -m644 -D "$srcdir"/k3s.modules-load "$pkgdir"/etc/modules-load.d/k3s.conf } -sha512sums="f381d6d3c481b686dbe673c8133d390925d601cc044af684b9bb0e6d4a3c7124c0e5ead3a569651b22ac5a0140a1c764030d1ba287b84dd0ca488a1c69efd647 k3s-1.20.2.1.tar.gz +sha512sums=" +95116e542d3115859b92962cfcafb39d39edfdb8de202a66ad8b53f45c3b211fe3bd86d18d5dd976a1a0d7fda68718ed499cdd6ebf7e6b51a8061672e47fdea9 k3s-1.20.15.1.tar.gz f03221efceb4ce2305c41c4c9e6d02ee5b799ed0cdfb1fc5018f8696e4d05575ae63b7c87596d765c5aa76c4a3bacf7c205e3eb61465e26886081a5d0da013ea k3s.confd 1015ee6ce5c69595df3150d7bbdfe528cf20305dac299831faa9cce00a454daf5548e78b1db79dcb8da300edc54553dfda0b95aed5e7bee27c1c726aef640350 k3s.initd 018a5e9b417a937c17f0a4a9e08eed434f06186207626ad038aec22ee667aba4cefa6e9e2a222e2c430d2cbb88c8663648f5bab0e76926a0edd13b8bdfd2673a k3s.logrotate -85ee1310cb36c85c42b4068a9549a3ef72b856cd61b2c1036c3e871ef43a69ed80b43599ad94ce5b069ddd823e730596bb3d3875d4ba8cd77c4cc1985335ffff k3s.modules-load" +85ee1310cb36c85c42b4068a9549a3ef72b856cd61b2c1036c3e871ef43a69ed80b43599ad94ce5b069ddd823e730596bb3d3875d4ba8cd77c4cc1985335ffff k3s.modules-load +" diff --git a/community/python3-tkinter/APKBUILD b/community/python3-tkinter/APKBUILD index 283f53da478..44f792b40a9 100644 --- a/community/python3-tkinter/APKBUILD +++ b/community/python3-tkinter/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Kiyoshi Aman <kiyoshi.aman@gmail.com> pkgname=python3-tkinter -pkgver=3.8.10 +pkgver=3.8.15 _basever="${pkgver%.*}" pkgrel=0 pkgdesc="A graphical user interface for the Python" @@ -107,6 +107,8 @@ _idle() { _mv_files usr/lib/python*/idlelib } -sha512sums="0be69705483ff9692e12048a96180e586f9d84c8d53066629f7fb2389585eb75c0f3506bb8182936e322508f58b71f4d8c6dfebbab9049b31b49da11d3b98e80 Python-3.8.10.tar.xz +sha512sums=" +4fb3827b13c2452faa75e5ed18dddf381e80b4fffcfde046e289b4629cff0bb87fba1d09916b9b8a6f8039dc422c952293ebdb381c49f8ca7e7893ae4be6c28d Python-3.8.15.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch -37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch" +37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch +" diff --git a/community/rtl8821ce-lts/APKBUILD b/community/rtl8821ce-lts/APKBUILD index e1eb2367d64..e24885b7a00 100644 --- a/community/rtl8821ce-lts/APKBUILD +++ b/community/rtl8821ce-lts/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Kevin Daudt <kdaudt@alpinelinux.org> # Maintainer: Kevin Daudt <kdaudt@alpinelinux.org> -_kver=5.10.131 +_kver=5.10.152 _krel=0 _flavor="$FLAVOR" [ -z "$_flavor" ] && _flavor=lts diff --git a/community/rtpengine-lts/APKBUILD b/community/rtpengine-lts/APKBUILD index 72cad164bca..3e6f57a7baa 100644 --- a/community/rtpengine-lts/APKBUILD +++ b/community/rtpengine-lts/APKBUILD @@ -5,7 +5,7 @@ _ver=9.0.1.10 _rel=0 # kernel version -_kver=5.10.131 +_kver=5.10.152 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD index 0b236b136b7..dd3f6dbd841 100644 --- a/main/alpine-base/APKBUILD +++ b/main/alpine-base/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alpine-base -pkgver=3.13.11 +pkgver=3.13.12 pkgrel=0 pkgdesc="Meta package for minimal alpine base" url="https://alpinelinux.org" diff --git a/main/alpine-make-rootfs/APKBUILD b/main/alpine-make-rootfs/APKBUILD index 1914a65b319..9aaf8dd7627 100644 --- a/main/alpine-make-rootfs/APKBUILD +++ b/main/alpine-make-rootfs/APKBUILD @@ -2,13 +2,16 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> pkgname=alpine-make-rootfs pkgver=0.5.1 -pkgrel=0 +pkgrel=1 pkgdesc="Make customized Alpine Linux rootfs (base image) for containers" url="https://github.com/alpinelinux/alpine-make-rootfs" arch="noarch" license="MIT" depends="tar" -source="$pkgname-$pkgver.tar.gz::https://github.com/alpinelinux/$pkgname/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/alpinelinux/$pkgname/archive/v$pkgver.tar.gz + add-new-signing-key-for-x86_64.patch + fix-missing-release-files-on-edge.patch + " builddir="$srcdir/$pkgname-$pkgver" options="!check" # no suitable tests provided @@ -17,4 +20,8 @@ package() { make install DESTDIR="$pkgdir" PREFIX=/usr } -sha512sums="d2c98c3fc69b4f61d798714711b668da7abafb111846a0a8d4cbcf1003a2b677a18ad9cfa3565a0f2cb0a74a2f30f485786310a8e09ff942037bf60d88bf3245 alpine-make-rootfs-0.5.1.tar.gz" +sha512sums=" +d2c98c3fc69b4f61d798714711b668da7abafb111846a0a8d4cbcf1003a2b677a18ad9cfa3565a0f2cb0a74a2f30f485786310a8e09ff942037bf60d88bf3245 alpine-make-rootfs-0.5.1.tar.gz +b1e42986e889f8924e46b08d4ca614f965b9a8d4e5bf4271f9901fffd9fe022b3930537ec8d0f17ca9cea77050b4a031e61eb26636e759a5587c9c0b4d2cc160 add-new-signing-key-for-x86_64.patch +5d46180968bd5d01c5235a5fe0d17d3f8949ab4ba6c4a69eb0e67fdc8f23563d7030e9bd1ad7ef231322b05e6518ec48b45628bb0496339829548c5028828174 fix-missing-release-files-on-edge.patch +" diff --git a/main/alpine-make-rootfs/add-new-signing-key-for-x86_64.patch b/main/alpine-make-rootfs/add-new-signing-key-for-x86_64.patch new file mode 100644 index 00000000000..2e94cd1b1a8 --- /dev/null +++ b/main/alpine-make-rootfs/add-new-signing-key-for-x86_64.patch @@ -0,0 +1,23 @@ +Patch-Source: https://github.com/alpinelinux/alpine-make-rootfs/commit/64a89ab6973c3a60a975243bc2086d6743c50aae +-- +From 64a89ab6973c3a60a975243bc2086d6743c50aae Mon Sep 17 00:00:00 2001 +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 14 Nov 2021 00:04:21 +0100 +Subject: [PATCH] Add new package signing key for x86_64 + +--- + alpine-make-rootfs | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/alpine-make-rootfs b/alpine-make-rootfs +index 0d033ff..56c99e3 100755 +--- a/alpine-make-rootfs ++++ b/alpine-make-rootfs +@@ -101,6 +101,7 @@ readonly ALPINE_BASE_PKGS='alpine-baselayout busybox busybox-suid musl-utils' + readonly ALPINE_KEYS=' + alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yHJxQgsHQREclQu4Ohe\nqxTxd1tHcNnvnQTu/UrTky8wWvgXT+jpveroeWWnzmsYlDI93eLI2ORakxb3gA2O\nQ0Ry4ws8vhaxLQGC74uQR5+/yYrLuTKydFzuPaS1dK19qJPXB8GMdmFOijnXX4SA\njixuHLe1WW7kZVtjL7nufvpXkWBGjsfrvskdNA/5MfxAeBbqPgaq0QMEfxMAn6/R\nL5kNepi/Vr4S39Xvf2DzWkTLEK8pcnjNkt9/aafhWqFVW7m3HCAII6h/qlQNQKSo\nGuH34Q8GsFG30izUENV9avY7hSLq7nggsvknlNBZtFUcmGoQrtx3FmyYsIC8/R+B\nywIDAQAB + alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub:MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlzMkl7b5PBdfMzGdCT0\ncGloRr5xGgVmsdq5EtJvFkFAiN8Ac9MCFy/vAFmS8/7ZaGOXoCDWbYVLTLOO2qtX\nyHRl+7fJVh2N6qrDDFPmdgCi8NaE+3rITWXGrrQ1spJ0B6HIzTDNEjRKnD4xyg4j\ng01FMcJTU6E+V2JBY45CKN9dWr1JDM/nei/Pf0byBJlMp/mSSfjodykmz4Oe13xB\nCa1WTwgFykKYthoLGYrmo+LKIGpMoeEbY1kuUe04UiDe47l6Oggwnl+8XD1MeRWY\nsWgj8sF4dTcSfCMavK4zHRFFQbGp/YFJ/Ww6U9lA3Vq0wyEI6MCMQnoSMFwrbgZw\nwwIDAQAB ++alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub:MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54\nALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+\ntFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK\ntlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc\n3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5\nHd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj\nv7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD\nhQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4\nLxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl\nk9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI\nisbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck\nhtBqojBnThmjJQFgZXocHG8CAwEAAQ== + ' + # List of directories to remove when empty. + readonly UNNECESSARY_DIRS=' diff --git a/main/alpine-make-rootfs/fix-missing-release-files-on-edge.patch b/main/alpine-make-rootfs/fix-missing-release-files-on-edge.patch new file mode 100644 index 00000000000..7eeeddb797b --- /dev/null +++ b/main/alpine-make-rootfs/fix-missing-release-files-on-edge.patch @@ -0,0 +1,39 @@ +Patch-Source: https://github.com/alpinelinux/alpine-make-rootfs/commit/80a8e3f9d6f5ec701b2ae5e9a0d6bdb004ec1246 +-- +From 80a8e3f9d6f5ec701b2ae5e9a0d6bdb004ec1246 Mon Sep 17 00:00:00 2001 +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sun, 21 Aug 2022 00:56:04 +0200 +Subject: [PATCH] Adapt to alpine-base not providing release files since v3.17 + and on edge + +https://gitlab.alpinelinux.org/alpine/aports/-/commit/23e66e85c95beef9d3f72a2ccc510671fdb3462d +--- + alpine-make-rootfs | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/alpine-make-rootfs b/alpine-make-rootfs +index 63133f3..eb24005 100755 +--- a/alpine-make-rootfs ++++ b/alpine-make-rootfs +@@ -387,11 +387,16 @@ fi + + _apk add --root "$rootfs" --update-cache --initdb $rootfs_pkgs >&2 + +-if ! _apk info --root "$rootfs" --quiet --installed alpine-base; then +- # This package contains /etc/os-release, /etc/alpine-release and /etc/issue, +- # but we don't wanna install all its dependencies (e.g. openrc). +- _apk fetch --root "$rootfs" --stdout alpine-base \ +- | tar -xz -C "$rootfs" etc >&2 ++if ! [ -f "$rootfs"/etc/alpine-release ]; then ++ if _apk info --root "$rootfs" --quiet alpine-release >/dev/null; then ++ _apk add --root "$rootfs" alpine-release ++ else ++ # In Alpine <3.17, this package contains /etc/os-release, ++ # /etc/alpine-release and /etc/issue, but we don't wanna install all ++ # its dependencies (e.g. openrc). ++ _apk fetch --root "$rootfs" --stdout alpine-base \ ++ | tar -xz -C "$rootfs" etc >&2 ++ fi + fi + + [ -e "$rootfs"/var/run ] || ln -s /run "$rootfs"/var/run diff --git a/main/aports-build/APKBUILD b/main/aports-build/APKBUILD index 7e9d595e70b..67abeaaa6fb 100644 --- a/main/aports-build/APKBUILD +++ b/main/aports-build/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=aports-build -pkgver=1.5.3 +pkgver=1.5.4 pkgrel=0 pkgdesc="MQTT based build-on-git-push scripts for Alpine Linux" url="https://alpinelinux.org" @@ -46,7 +46,9 @@ package() { EOF } -sha512sums="81c039c6999fddde2489fccdc48b29760c80ea1ff5265cc2d7f73d6575e0173a0f51b89a4d49e5100e2d841b6260adc48e4ab00e8608d52b3b69b17a590467ad aports-build +sha512sums=" +81c039c6999fddde2489fccdc48b29760c80ea1ff5265cc2d7f73d6575e0173a0f51b89a4d49e5100e2d841b6260adc48e4ab00e8608d52b3b69b17a590467ad aports-build 821035bda47152c341ec94bf960fa67e3377051826712ceb74f39103e6e422777b6e082231bfb87865653d2b93b7d3154cfc24abf65a52e3e66da69412dd7e41 aports-build.initd 62ed5cb6d1fef03fa707512c8c99c572a91e64706ebcc2e7097108811818615618bab908292d0ba0ad2afe93a27333d9c91deb347d6c99703eb8983d1ee5f480 mqtt-exec.aports-build.confd -cf0d8e65e517857ee781e451a1d3e6404cd72aeb5c7dba25017229ff79c4c43425712d2fcbbaad89af45a358e86f33467ac1df47e8fba0f30f81d84794e1206c report-build-errors.lua" +939ba54ab4159bc8fcd0cb08f16f67dac05d29c77005da6fca0463048ab991765665b35f2feb978bfd8409bd13fdbdf3d47a7652df842e76504d076ac040c337 report-build-errors.lua +" diff --git a/main/aports-build/report-build-errors.lua b/main/aports-build/report-build-errors.lua index 275b213f863..3621765783a 100644 --- a/main/aports-build/report-build-errors.lua +++ b/main/aports-build/report-build-errors.lua @@ -6,6 +6,26 @@ local f = io.open("/proc/sys/kernel/hostname") hostname = f:read() f:close() +local function read_mosquitto_conf() + local cfg = {} + local f = io.open((os.getenv("XDG_CONFIG_HOME") or "").."/mosquitto_pub") or io.open((os.getenv("HOME") or "").."/.config/mosquitto_pub") + if f == nil then + return cfg + end + for line in f:lines() do + key,value = line:match("^%-%-([^ ]+)%s+(.*)") + if key and value then + cfg[key] = value + end + end + f:close() + return cfg +end +local mcfg = read_mosquitto_conf() +publish.hostname = mcfg.hostname or "localhost" +publish.username = mcfg.username +publish.password = mcfg.pw + local m = {} function shell_escape(args) diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD index 693203d6245..78f57021259 100644 --- a/main/bind/APKBUILD +++ b/main/bind/APKBUILD @@ -5,7 +5,7 @@ # Contributor: ungleich <alpinelinux@ungleich.ch> # Maintainer: pkgname=bind -pkgver=9.16.27 +pkgver=9.16.33 _ver=${pkgver%_p*} _p=${pkgver#*_p} _major=${pkgver%%.*} @@ -60,6 +60,13 @@ source=" " # secfixes: +# 9.16.33-r0: +# - CVE-2022-2795 +# - CVE-2022-2881 +# - CVE-2022-2906 +# - CVE-2022-3080 +# - CVE-2022-38177 +# - CVE-2022-38178 # 9.16.27-r0: # - CVE-2022-0396 # - CVE-2021-25220 @@ -276,8 +283,7 @@ _gpgfingerprints=" BE0E 9748 B718 253A 28BB 89FF F1B1 1BF0 5CF0 2E57 " -sha512sums=" -5c71f228db83aa8cc9e65466d6e5afca4a9f80c693358111a003fe09e1a14522175eb2b6a0f11e2a2cd4fdba01f2ae315de52e394a441b3861ca2a011e02af62 bind-9.16.27.tar.xz +sha512sums="43fd2cea52dfd1115a4cca83830ab5b93208be401cdbbdff2bbf204b8f0d99fb434ad3156d3a21649488cc904ae09f145feba97b9b6918b0cf063ff5e2b10af5 bind-9.16.33.tar.xz 2b32d1e7f62cd1e01bb4fdd92d15460bc14761b933d5acc463a91f5ecd4773d7477c757c5dd2738e8e433693592cf3f623ffc142241861c91848f01aa84640d6 bind.plugindir.patch 7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6 bind.so_bsdcompat.patch 53db80f7ee4902f42fb1d0bc959242bcb6f20d95256bda99ce2c206af8b4703c7f72bb26d026c633f70451b84a37c3946b210951e34dd5d6620b181cd0183de4 named.initd @@ -285,5 +291,4 @@ sha512sums=" d2f61d02d7829af51faf14fbe2bafe8bc90087e6b6697c6275a269ebbddcaa14a234fff5c41da793e945e8ff1de3de0858a40334e0d24289eab98df4bb721ac5 named.conf.authoritative 3aba9763cfaf0880a89fd01202f41406b465547296ce91373eb999ea7719040bc1ac4e47b0de025a8060f693d3d88774a20d09a43fa7ac6aa43989b58b5ee8fe named.conf.recursive eed9886717539399518e011ae5eae6335aed4fae019e1def088c5be26bdc896c99c07adf84ee61babafa31d31ff3b028263d1c88d2eee17ecf4c95a9d77d524c 127.zone -340e86472a2c2746fe585c0aa5f079d3a9b46e828c1f53d48026533a169b7f77ded7d0a13d291d6962607bb9481456e6fa69df1834603e7555332615fb998f0b localhost.zone -" +340e86472a2c2746fe585c0aa5f079d3a9b46e828c1f53d48026533a169b7f77ded7d0a13d291d6962607bb9481456e6fa69df1834603e7555332615fb998f0b localhost.zone" diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 016492c8b23..c82e481b899 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl pkgver=7.79.1 -pkgrel=2 +pkgrel=3 pkgdesc="URL retrival utility and library" url="https://curl.se/" arch="all" @@ -28,10 +28,13 @@ source="https://curl.se/download/curl-$pkgver.tar.xz CVE-2022-32206.patch CVE-2022-32207.patch CVE-2022-32208.patch + CVE-2022-35252.patch " options="net" # Required for running tests # secfixes: +# 7.79.1-r3: +# - CVE-2022-35252 # 7.79.1-r2: # - CVE-2022-27781 # - CVE-2022-27782 @@ -196,4 +199,5 @@ a8571c6b34eaa635fb333949cfde0a5c6ddb9f02ed3ece91501e43a3d1536969f47cfb8b3044c9ff 81e28def4632cb542b0268889e6fb7f9b0c2950564cdeab39e582a22ab2b1e5a9c3e11865afe5833b8e892c501ba1aed609b4abf3131ec8668f70fcea8375e7c CVE-2022-32206.patch 1eb22a9ec7dad02927a53b2c81b9288ed52a8f4f76db66958622de6bcbb8024eb034e83b70cd1e20ed265e9f5f1c453d1ee37b6bfe54c4aa18b6f4c6bccd5a5f CVE-2022-32207.patch f8eedaaa7a994ff763ce96f7e7e74b36eb1ce49ee8809cfe25e1562276702f70f064ee2b858ef2f07157a502ba71fb4b39b395fc53c2f47e2547597cb11a6bfa CVE-2022-32208.patch +1a8b058a8738f2d3558aecfc45eec67218c0c38c560916400a6e9eec64c44ae9beae05e48c20441579027427f0ff9c943c5c2aff35de3e66083205e92bf1e0e7 CVE-2022-35252.patch " diff --git a/main/curl/CVE-2022-35252.patch b/main/curl/CVE-2022-35252.patch new file mode 100644 index 00000000000..f9cc56b8927 --- /dev/null +++ b/main/curl/CVE-2022-35252.patch @@ -0,0 +1,66 @@ +Patch-Source: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb +From 8dfc93e573ca740544a2d79ebb0ed786592c65c3 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <daniel@haxx.se> +Date: Mon, 29 Aug 2022 00:09:17 +0200 +Subject: [PATCH] cookie: reject cookies with "control bytes" + +Rejects 0x01 - 0x1f (except 0x09) plus 0x7f + +Reported-by: Axel Chong + +Bug: https://curl.se/docs/CVE-2022-35252.html + +CVE-2022-35252 + +Closes #9381 +--- + lib/cookie.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/lib/cookie.c b/lib/cookie.c +index 5a4d9e9725f62..ab790a1cdb0ce 100644 +--- a/lib/cookie.c ++++ b/lib/cookie.c +@@ -441,6 +441,30 @@ static bool bad_domain(const char *domain) + return TRUE; + } + ++/* ++ RFC 6265 section 4.1.1 says a server should accept this range: ++ ++ cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E ++ ++ But Firefox and Chrome as of June 2022 accept space, comma and double-quotes ++ fine. The prime reason for filtering out control bytes is that some HTTP ++ servers return 400 for requests that contain such. ++*/ ++static int invalid_octets(const char *p) ++{ ++ /* Reject all bytes \x01 - \x1f (*except* \x09, TAB) + \x7f */ ++ static const char badoctets[] = { ++ "\x01\x02\x03\x04\x05\x06\x07\x08\x0a" ++ "\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14" ++ "\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x7f" ++ }; ++ size_t vlen, len; ++ /* scan for all the octets that are *not* in cookie-octet */ ++ len = strcspn(p, badoctets); ++ vlen = strlen(p); ++ return (len != vlen); ++} ++ + /* + * Curl_cookie_add + * +@@ -595,6 +619,11 @@ Curl_cookie_add(struct Curl_easy *data, + badcookie = TRUE; + break; + } ++ if(invalid_octets(whatptr) || invalid_octets(name)) { ++ infof(data, "invalid octets in name/value, cookie dropped"); ++ badcookie = TRUE; ++ break; ++ } + } + else if(!len) { + /* diff --git a/main/dahdi-linux-lts/APKBUILD b/main/dahdi-linux-lts/APKBUILD index 8b7a23654a7..e535944c278 100644 --- a/main/dahdi-linux-lts/APKBUILD +++ b/main/dahdi-linux-lts/APKBUILD @@ -9,7 +9,7 @@ _rel=0 _flavor=${FLAVOR:-lts} _kpkg=linux-$_flavor -_kver=5.10.131 +_kver=5.10.152 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/dbus/APKBUILD b/main/dbus/APKBUILD index c938624b40f..e720cca7378 100644 --- a/main/dbus/APKBUILD +++ b/main/dbus/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dbus -pkgver=1.12.20 -pkgrel=1 +pkgver=1.12.24 +pkgrel=0 pkgdesc="Freedesktop.org message bus system" options="!check" # Introduces circular dependency with xorg-server (xvfb-run -> xvfb) url="https://www.freedesktop.org/Software/dbus" @@ -23,11 +23,14 @@ checkdepends="xvfb-run" install="$pkgname.pre-install $pkgname.post-install" source="https://dbus.freedesktop.org/releases/dbus/dbus-$pkgver.tar.gz 0001-_dbus_generate_random_bytes-use-getrandom-2.patch - avoid-opendir-between-fork-exec.patch $pkgname.initd " # secfixes: +# 1.12.24-r0: +# - CVE-2022-42010 +# - CVE-2022-42011 +# - CVE-2022-42012 # 1.12.18-r0: # - CVE-2020-12049 # 1.12.16-r0: @@ -87,7 +90,8 @@ x11() { mv "$pkgdir"/usr/bin/dbus-launch "$subpkgdir"/usr/bin/ } -sha512sums="0964683bc6859374cc94e42e1ec0cdb542cca67971c205fcba4352500b6c0891665b0718e7d85eb060c81cb82e3346c313892bc02384da300ddd306c7eef0056 dbus-1.12.20.tar.gz +sha512sums=" +70e0b7c3f1071860b4243c945d640a1bab95fb83a7cbcf072cdd236def1310693f9bea07d406677d6673c53a6bedbdb02b51fe861aa6f686457dcfb4ee74b703 dbus-1.12.24.tar.gz 3db35499361e84d8e2469b88b033f49813b179188ac25f1841a989988c352af398a56dfd94383813626c6dfd032194f7a9fcdba001ccc3e005e7cd22dae7a7ed 0001-_dbus_generate_random_bytes-use-getrandom-2.patch -cdd01f51882be4f388515441237aa6318888db6e88a4d980bafbf9b790945e4d959c6633d6d002274c0a617ac919f9355ba628c9b502b355f73fed602f997791 avoid-opendir-between-fork-exec.patch -4c6beba2382416e60a3adfa85ef843d90d93ca5f38c23f573e058ffca6d4fc3850d11d40938c74383bba61599569b7fdfb1fcf3b9d2f1463e6b2e2cc81097c84 dbus.initd" +4c6beba2382416e60a3adfa85ef843d90d93ca5f38c23f573e058ffca6d4fc3850d11d40938c74383bba61599569b7fdfb1fcf3b9d2f1463e6b2e2cc81097c84 dbus.initd +" diff --git a/main/dbus/avoid-opendir-between-fork-exec.patch b/main/dbus/avoid-opendir-between-fork-exec.patch deleted file mode 100644 index 44b03fbd5b4..00000000000 --- a/main/dbus/avoid-opendir-between-fork-exec.patch +++ /dev/null @@ -1,18 +0,0 @@ -Author: Rasmus Thomsen <oss@cogitri.dev> -Upstream: No -Reason: The code inside the `#ifdef __linux__` calls opendir. This can -lead to deadlocks when act_on_fds_3_and_up is called between fork&exec since -opendir mallocs which isn't async signal safe -diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c -index 0288dbc9..e585136f 100644 ---- a/dbus/dbus-sysdeps-unix.c -+++ b/dbus/dbus-sysdeps-unix.c -@@ -4742,7 +4742,7 @@ act_on_fds_3_and_up (void (*func) (int fd)) - { - int maxfds, i; - --#ifdef __linux__ -+#if defined(__linux__) && defined(__GLIBC__) - DIR *d; - - /* On Linux we can optimize this a bit if /proc is available. If it diff --git a/main/dhcp/03-fix-unwind-import.patch b/main/dhcp/03-fix-unwind-import.patch new file mode 100644 index 00000000000..8b87fdbd3e3 --- /dev/null +++ b/main/dhcp/03-fix-unwind-import.patch @@ -0,0 +1,16 @@ +bind assumes _Unwind_GetIP is a function which is not necessarily +true. In some implementations of libunwind it's a macro. +This fixes the build on Alpine on armhf and armv7. + +--- a/bind/bind-9.11.36/lib/isc/backtrace.c ++++ b/bind/bind-9.11.36/lib/isc/backtrace.c +@@ -81,8 +81,7 @@ isc_backtrace_gettrace(void **addrs, int + return (ISC_R_SUCCESS); + } + #elif defined(BACKTRACE_GCC) +-extern int _Unwind_Backtrace(void* fn, void* a); +-extern void* _Unwind_GetIP(void* ctx); ++#include <unwind.h> + + typedef struct { + void **result; diff --git a/main/dhcp/APKBUILD b/main/dhcp/APKBUILD index 9275bf6f867..54f462d6251 100644 --- a/main/dhcp/APKBUILD +++ b/main/dhcp/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> pkgname=dhcp -pkgver=4.4.2_p1 +pkgver=4.4.3_p1 _realver=${pkgver/_p/-P} -pkgrel=0 +pkgrel=1 pkgdesc="ISC Dynamic Host Configuration Protocol (DHCP)" url="https://www.isc.org/" arch="all" @@ -33,9 +33,8 @@ source=" https://downloads.isc.org/isc/dhcp/$_realver/dhcp-$_realver.tar.gz 01-dhclient-script-fix-bare-ip.patch 02-dhclient-script-remove-bashisms.patch + 03-fix-unwind-import.patch dhcp-3.0-fix-perms.patch - segfault-fix.patch - remove-duplicate-definitions.patch dhclient-script-alpine dhcrelay.initd dhcrelay.confd @@ -46,6 +45,9 @@ builddir="$srcdir/$pkgname-$_realver" makedepends="$makedepends $_depends_dhclient $_depends_server_ldap $_depends_server_vanilla" # secfixes: +# 4.4.3_p1-r0: +# - CVE-2022-2928 +# - CVE-2022-2929 # 4.4.2_p1-r0: # - CVE-2021-25217 # 4.4.1-r0: @@ -193,12 +195,11 @@ static() { # " sha512sums=" -924e8b44f288361dbe837987869e57b929c73cb5e4af37cb2d7b19bca5ea8594048fb41c0792fede003188185f61b25befbc2ccda42f1f68e6b6bc22ef44b040 dhcp-4.4.2-P1.tar.gz +d14dc44d1c015780ae19769816cb01015959927a1ad7a3e84b89e0463253aaf46451af88e3260347196373906d5b438c7c616fee45ec3f128aa82af6702b7154 dhcp-4.4.3-P1.tar.gz 17e2b9588ee5d1bd9acb9c2e30f7a28308d29c9e797c2be14c1feff52e6e231ce8a94535f18badff1342aff4ae4003aab986e0f0473f0cd280292fdab044b148 01-dhclient-script-fix-bare-ip.patch a70e4a7e80ee65c8ced6b61db80f7ccd0f35015b5cccf2e7c51705ae129230aa49ba9926bb88f7418018e7a112c2a40451f24b88e04464b590ff20091e8d8709 02-dhclient-script-remove-bashisms.patch +23ab581d85ba97a37fd6a0a612e0aa977b24bbaf83d58a93d1a87f9f24ea9a098aa549e77a6e1d78f721681c152464b15fd1d402d0673edf4dac6aa196df1fe9 03-fix-unwind-import.patch d5697a56fbbff25199962608986e7ffb533ed4afd3e344e3c79d2010dda73cc0b088f06c454e9f0c69eb054e09a374455fa71d3f73306e0c98fa76df4dd321b7 dhcp-3.0-fix-perms.patch -ff07f613da93de6d6a81cf5147ecc937e1405913f1649bf9c58d45214417e6b94b3fd897796d1dd3422ed27a43d935a84d7c72df98d59f30abd88b12f4f6edad segfault-fix.patch -fcc9f3c5a361e8a5fa690986c415a23e86c347f697aec3087c5783670d4abefcb0f073a37cfac8fe07206ac3e349df9cb7283b84356cdc4f4777b426ab0305ef remove-duplicate-definitions.patch d1dce58875793316761f168e29feddc1d3454d1d917d063d43ae102b7b6aab256c3cb420478335c57ebcdb2b7c804afa4d8a1f9ab06a29a4dd23bc5d87db8df2 dhclient-script-alpine ce62693cb483616844bb6774f9046af6a1a210e35cfaa59ab3bd12f68d50176714a324e92538b35139110b78191866f65b30d6979d8a45f7b68e572e7a1e8427 dhcrelay.initd fd15dbaa4c61c3c26f407bf13dde859470a1adba134da064b653ccc152ce42635ee8de2fe113ae21ba8470e97e3caad8c1a47b69eb25e5e92b40e26790b96f6d dhcrelay.confd diff --git a/main/dhcp/remove-duplicate-definitions.patch b/main/dhcp/remove-duplicate-definitions.patch deleted file mode 100644 index 070f4a185e1..00000000000 --- a/main/dhcp/remove-duplicate-definitions.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Mike Crute <mike@crute.us> -Date: Thu, 08 Oct 2020 05:25:00 +0000 -Subject: Remove duplicate definitions - -There are several duplicated definitions between the various servers and -clients and the common library code in dhcpd. This patch removes the duplicates -in the consumers and preserves the library code. - ---- - ---- a/client/dhclient.c -+++ b/client/dhclient.c -@@ -83,8 +83,6 @@ - static const char url [] = "For info, please visit https://www.isc.org/software/dhcp/"; - #endif /* UNIT_TEST */ - --u_int16_t local_port = 0; --u_int16_t remote_port = 0; - #if defined(DHCPv6) && defined(DHCP4o6) - int dhcp4o6_state = -1; /* -1 = stopped, 0 = polling, 1 = started */ - #endif ---- a/relay/dhcrelay.c.orig -+++ b/relay/dhcrelay.c -@@ -95,9 +95,6 @@ - forward_untouched, /* Forward without changes. */ - discard } agent_relay_mode = forward_and_replace; - --u_int16_t local_port; --u_int16_t remote_port; -- - /* Relay agent server list. */ - struct server_list { - struct server_list *next; ---- a/server/mdb.c.orig -+++ b/server/mdb.c -@@ -67,8 +67,6 @@ - - int numclasseswritten; - --omapi_object_type_t *dhcp_type_host; -- - isc_result_t enter_class(cd, dynamicp, commit) - struct class *cd; - int dynamicp; diff --git a/main/dhcp/segfault-fix.patch b/main/dhcp/segfault-fix.patch deleted file mode 100644 index 86651979d6b..00000000000 --- a/main/dhcp/segfault-fix.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Michał Kępień -Date: Mon, 13 Jan 2020 05:03:00 +0000 -Subject: Handle catopen() errors - -musl libc's implementation of catgets() crashes when its first argument -is -1 instead of a proper message catalog descriptor. Prevent that from -happening by making isc_msgcat_get() return the default text if the -prior call to catopen() returns an error. - -Porting forward upstream's fix: -https://gitlab.isc.org/isc-projects/bind9/-/commit/daade37977fafee12c7b3c1483516e010d2b74a6 - ---- - ---- a/bind/bind-9.11.14/lib/isc/nls/msgcat.c -+++ b/bind/bind-9.11.14/lib/isc/nls/msgcat.c -@@ -62,9 +62,8 @@ - - #ifdef HAVE_CATGETS - /* -- * We don't check if catopen() fails because we don't care. -- * If it does fail, then when we call catgets(), it will use -- * the default string. -+ * We don't check if catopen() fails because isc_msgcat_get() takes -+ * care of that before calling catgets(). - */ - msgcat->catalog = catopen(name, 0); - #endif -@@ -112,7 +111,7 @@ - REQUIRE(default_text != NULL); - - #ifdef HAVE_CATGETS -- if (msgcat == NULL) -+ if (msgcat == NULL || msgcat->catalog == (nl_catd)(-1)) - return (default_text); - return (catgets(msgcat->catalog, set, message, default_text)); - #else diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD index b9c94f2206e..19e272874d6 100644 --- a/main/expat/APKBUILD +++ b/main/expat/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org> pkgname=expat pkgver=2.2.10 -pkgrel=6 +pkgrel=8 pkgdesc="XML Parser library written in C" url="http://www.libexpat.org/" arch="all" @@ -20,10 +20,16 @@ source="https://github.com/libexpat/libexpat/releases/download/R_${pkgver//./_}/ CVE-2022-25313-regression.patch CVE-2022-25314.patch CVE-2022-25315.patch + CVE-2022-40674.patch + CVE-2022-43680.patch " subpackages="$pkgname-static $pkgname-dev $pkgname-doc" # secfixes: +# 2.2.10-r8: +# - CVE-2022-43680 +# 2.2.10-r7: +# - CVE-2022-40674 # 2.2.10-r4: # - CVE-2022-25235 # - CVE-2022-25236 @@ -81,4 +87,6 @@ c3ed585a62d5aadd9e1d1d589b636e37ffba5b5cc0c4d264a151cf308a9bfcfe9859704f43fd6d4e 36d310754e76db577cdeeb0ae1563867f9db65c9de12b1423d4e67f8e2604893525474d6e07b6305553308b6b06285b1b9da3c4e858ef79874296f68b82080e8 CVE-2022-25313-regression.patch ac7d03f3ef8be557bda0294247a645db820470be47ea7fa3dab8047f7f11ada831e4f0a4cd4b82e3b2f7715ada08435b8292257a64714c0242407ef58a661b72 CVE-2022-25314.patch 946e0983f9159ae4b01627581a99594f0e7263438ddfd40a1705b8de39ee9c6739af08598d3bc4f145a8ff142209d3fde85c20bbebe2932d9e60596f192db5b5 CVE-2022-25315.patch +204d9ff3aea000327a700b1a6fdf9acfb866db52ac26c7b2b1f6ea087aac4086659775f3e18bf0e78b61cef4979ebd5075ad053a7af91d5be6dc728462097a44 CVE-2022-40674.patch +08b69782ef5db8881156a2ab4dbab4780bed52a3b07fc72c4df84a548a71d8cb72f84040fe8c45ac17e832279126d20a08f7939b103e66e2dd01bc6873910e3b CVE-2022-43680.patch " diff --git a/main/expat/CVE-2022-40674.patch b/main/expat/CVE-2022-40674.patch new file mode 100644 index 00000000000..eae104c38c9 --- /dev/null +++ b/main/expat/CVE-2022-40674.patch @@ -0,0 +1,156 @@ +From 7802454a5548fbe3037db316adbeeabb596b9255 Mon Sep 17 00:00:00 2001 +From: Rhodri James <rhodri@wildebeest.org.uk> +Date: Wed, 17 Aug 2022 18:26:18 +0100 +Subject: [PATCH 1/2] Ensure raw tagnames are safe exiting internalEntityParser + +It is possible to concoct a situation in which parsing is +suspended while substituting in an internal entity, so that +XML_ResumeParser directly uses internalEntityProcessor as +its processor. If the subsequent parse includes some unclosed +tags, this will return without calling storeRawNames to ensure +that the raw versions of the tag names are stored in memory other +than the parse buffer itself. If the parse buffer is then changed +or reallocated (for example if processing a file line by line), +badness will ensue. + +This patch ensures storeRawNames is always called when needed +after calling doContent. The earlier call do doContent does +not need the same protection; it only deals with entity +substitution, which cannot leave unbalanced tags, and in any +case the raw names will be pointing into the stored entity +value not the parse buffer. + +(cherry picked from commit 4a32da87e931ba54393d465bb77c40b5c33d343b) +--- + expat/lib/xmlparse.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index dfc316ca..d8e324e8 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -5277,9 +5277,14 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end, + { + parser->m_processor = contentProcessor; + /* see externalEntityContentProcessor vs contentProcessor */ +- return doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, ++ result = doContent(parser, parser->m_parentParser ? 1 : 0, parser->m_encoding, + s, end, nextPtr, + (XML_Bool)! parser->m_parsingStatus.finalBuffer); ++ if (result == XML_ERROR_NONE) { ++ if (! storeRawNames(parser)) ++ return XML_ERROR_NO_MEMORY; ++ } ++ return result; + } + } + +-- +2.37.3 + + +From cff3c9a5e43bc929e43ccd35425c3db8cd21d4de Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Sun, 11 Sep 2022 19:34:33 +0200 +Subject: [PATCH 2/2] tests: Cover heap use-after-free issue in doContent + +(cherry picked from commit a7ce80a013f2a08cb1ac4aac368f2250eea03ebf) +--- + expat/tests/runtests.c | 74 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 74 insertions(+) + +diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c +index 2490d86b..70fb583a 100644 +--- a/tests/runtests.c ++++ b/tests/runtests.c +@@ -4904,6 +4904,78 @@ START_TEST(test_suspend_resume_internal_entity) { + } + END_TEST + ++void ++suspending_comment_handler(void *userData, const XML_Char *data) { ++ UNUSED_P(data); ++ XML_Parser parser = (XML_Parser)userData; ++ XML_StopParser(parser, XML_TRUE); ++} ++ ++START_TEST(test_suspend_resume_internal_entity_issue_629) { ++ const char *const text ++ = "<!DOCTYPE a [<!ENTITY e '<!--COMMENT-->a'>]><a>&e;<b>\n" ++ "<" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ++ "/>" ++ "</b></a>"; ++ const size_t firstChunkSizeBytes = 54; ++ ++ XML_Parser parser = XML_ParserCreate(NULL); ++ XML_SetUserData(parser, parser); ++ XML_SetCommentHandler(parser, suspending_comment_handler); ++ ++ if (XML_Parse(parser, text, (int)firstChunkSizeBytes, XML_FALSE) ++ != XML_STATUS_SUSPENDED) ++ xml_failure(parser); ++ if (XML_ResumeParser(parser) != XML_STATUS_OK) ++ xml_failure(parser); ++ if (XML_Parse(parser, text + firstChunkSizeBytes, ++ (int)(strlen(text) - firstChunkSizeBytes), XML_TRUE) ++ != XML_STATUS_OK) ++ xml_failure(parser); ++ XML_ParserFree(parser); ++} ++END_TEST ++ + /* Test syntax error is caught at parse resumption */ + START_TEST(test_resume_entity_with_syntax_error) { + const char *text = "<!DOCTYPE doc [\n" +@@ -11387,6 +11459,8 @@ make_suite(void) { + tcase_add_test(tc_basic, test_partial_char_in_epilog); + tcase_add_test(tc_basic, test_hash_collision); + tcase_add_test__ifdef_xml_dtd(tc_basic, test_suspend_resume_internal_entity); ++ tcase_add_test__ifdef_xml_dtd(tc_basic, ++ test_suspend_resume_internal_entity_issue_629); + tcase_add_test__ifdef_xml_dtd(tc_basic, test_resume_entity_with_syntax_error); + tcase_add_test__ifdef_xml_dtd(tc_basic, test_suspend_resume_parameter_entity); + tcase_add_test(tc_basic, test_restart_on_error); +-- +2.37.3 + diff --git a/main/expat/CVE-2022-43680.patch b/main/expat/CVE-2022-43680.patch new file mode 100644 index 00000000000..de01b1b47ee --- /dev/null +++ b/main/expat/CVE-2022-43680.patch @@ -0,0 +1,118 @@ +Patch-Source: https://github.com/libexpat/libexpat/commit/56967f83d68d5fc750f9e66a9a76756c94c7c173 +From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Tue, 20 Sep 2022 02:44:34 +0200 +Subject: [PATCH 1/3] lib: Fix overeager DTD destruction in + XML_ExternalEntityParserCreate + +--- + expat/lib/xmlparse.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index aacd6e7fc..57bf103cc 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName, + parserInit(parser, encodingName); + + if (encodingName && ! parser->m_protocolEncodingName) { ++ if (dtd) { ++ // We need to stop the upcoming call to XML_ParserFree from happily ++ // destroying parser->m_dtd because the DTD is shared with the parent ++ // parser and the only guard that keeps XML_ParserFree from destroying ++ // parser->m_dtd is parser->m_isParamEntity but it will be set to ++ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). ++ parser->m_dtd = NULL; ++ } + XML_ParserFree(parser); + return NULL; + } + +From 43992e4ae25fc3dc0eec0cd3a29313555d56aee2 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Mon, 19 Sep 2022 18:16:15 +0200 +Subject: [PATCH 2/3] tests: Cover overeager DTD destruction in + XML_ExternalEntityParserCreate + +--- + expat/tests/runtests.c | 49 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c +index 245fe9bda..acb744dd4 100644 +--- a/tests/runtests.c ++++ b/tests/runtests.c +@@ -10208,6 +10208,53 @@ START_TEST(test_alloc_long_notation) { + } + END_TEST + ++static int XMLCALL ++external_entity_parser_create_alloc_fail_handler(XML_Parser parser, ++ const XML_Char *context, ++ const XML_Char *base, ++ const XML_Char *systemId, ++ const XML_Char *publicId) { ++ UNUSED_P(base); ++ UNUSED_P(systemId); ++ UNUSED_P(publicId); ++ ++ if (context != NULL) ++ fail("Unexpected non-NULL context"); ++ ++ // The following number intends to fail the upcoming allocation in line ++ // "parser->m_protocolEncodingName = copyString(encodingName, ++ // &(parser->m_mem));" in function parserInit. ++ allocation_count = 3; ++ ++ const XML_Char *const encodingName = XCS("UTF-8"); // needs something non-NULL ++ const XML_Parser ext_parser ++ = XML_ExternalEntityParserCreate(parser, context, encodingName); ++ if (ext_parser != NULL) ++ fail( ++ "Call to XML_ExternalEntityParserCreate was expected to fail out-of-memory"); ++ ++ allocation_count = ALLOC_ALWAYS_SUCCEED; ++ return XML_STATUS_ERROR; ++} ++ ++START_TEST(test_alloc_reset_after_external_entity_parser_create_fail) { ++ const char *const text = "<!DOCTYPE doc SYSTEM 'foo'><doc/>"; ++ ++ XML_SetExternalEntityRefHandler( ++ g_parser, external_entity_parser_create_alloc_fail_handler); ++ XML_SetParamEntityParsing(g_parser, XML_PARAM_ENTITY_PARSING_ALWAYS); ++ ++ if (XML_Parse(g_parser, text, (int)strlen(text), XML_TRUE) ++ != XML_STATUS_ERROR) ++ fail("Call to parse was expected to fail"); ++ ++ if (XML_GetErrorCode(g_parser) != XML_ERROR_EXTERNAL_ENTITY_HANDLING) ++ fail("Call to parse was expected to fail from the external entity handler"); ++ ++ XML_ParserReset(g_parser, NULL); ++} ++END_TEST ++ + static void + nsalloc_setup(void) { + XML_Memory_Handling_Suite memsuite = {duff_allocator, duff_reallocator, free}; +@@ -12401,6 +12448,8 @@ make_suite(void) { + tcase_add_test(tc_alloc, test_alloc_long_public_id); + tcase_add_test(tc_alloc, test_alloc_long_entity_value); + tcase_add_test(tc_alloc, test_alloc_long_notation); ++ tcase_add_test__ifdef_xml_dtd( ++ tc_alloc, test_alloc_reset_after_external_entity_parser_create_fail); + + suite_add_tcase(s, tc_nsalloc); + tcase_add_checked_fixture(tc_nsalloc, nsalloc_setup, nsalloc_teardown); + +From eedc5f6de8e219130032c8ff2ff17580e18bd0c1 Mon Sep 17 00:00:00 2001 +From: Sebastian Pipping <sebastian@pipping.org> +Date: Wed, 21 Sep 2022 03:32:26 +0200 +Subject: [PATCH 3/3] Changes: Document #649 + +--- + expat/Changes | 5 +++++ + 1 file changed, 5 insertions(+) + diff --git a/main/fcgiwrap/APKBUILD b/main/fcgiwrap/APKBUILD index ec5214f2acd..d96a516a190 100644 --- a/main/fcgiwrap/APKBUILD +++ b/main/fcgiwrap/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=fcgiwrap pkgver=1.1.0 -pkgrel=5 +pkgrel=6 pkgdesc="Simple server for running CGI applications over FastCGI" url="https://github.com/gnosek/fcgiwrap" arch="all" @@ -13,6 +13,7 @@ install="$pkgname.pre-install" makedepends="$depends_dev autoconf libtool automake fcgi-dev" subpackages="$pkgname-doc $pkgname-openrc" source="$pkgname-$pkgver.tar.gz::https://github.com/gnosek/fcgiwrap/archive/$pkgver.tar.gz + no-buffering.patch $pkgname.initd $pkgname.confd" @@ -36,6 +37,9 @@ package() { install -Dm644 $srcdir/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname } -sha512sums="b8d35762d1d3c94a67602290b0092f0c38cffbbcd3dbc16597abf8b92172909b04450c238de2e430e841a17dd47fdd48d6a001f77539966980ef1af61e447ddc fcgiwrap-1.1.0.tar.gz +sha512sums=" +b8d35762d1d3c94a67602290b0092f0c38cffbbcd3dbc16597abf8b92172909b04450c238de2e430e841a17dd47fdd48d6a001f77539966980ef1af61e447ddc fcgiwrap-1.1.0.tar.gz +72ba8a0d044c86cc41358002b1cbb94e77dc81e56669032b474b94d7cde80e6cc5d041a064d79ed98b7db8aee9ffcc8830df88491f14afa251781487a57fd429 no-buffering.patch e6111da1089df43f8656e598edf4e658cd2d70e6066833a2c7a465229723e1edce144cf214bd8f771298d54948b8128012c4ce4d509c9d9307a54e8ef90ff2d8 fcgiwrap.initd -893e9afa92c20c9d0dab68fffc806a1be1f2e28a7e73bbb497316386a9ee083be4bad68a90f660e489311a9812a512b50fb0edb8b9c49b12f6cd266ba53b01a6 fcgiwrap.confd" +893e9afa92c20c9d0dab68fffc806a1be1f2e28a7e73bbb497316386a9ee083be4bad68a90f660e489311a9812a512b50fb0edb8b9c49b12f6cd266ba53b01a6 fcgiwrap.confd +" diff --git a/main/fcgiwrap/no-buffering.patch b/main/fcgiwrap/no-buffering.patch new file mode 100644 index 00000000000..3d5f0038ee9 --- /dev/null +++ b/main/fcgiwrap/no-buffering.patch @@ -0,0 +1,58 @@ +From eb54c65446693366aedfe72f002c6bb4e1a5d748 Mon Sep 17 00:00:00 2001 +From: Richard Stanway <r.stanway@gmail.com> +Date: Thu, 24 Mar 2016 21:34:17 -0500 +Subject: [PATCH] Add environment variable NO_BUFFERING to disable output + buffering + +Fixes #36 +--- + fcgiwrap.8 | 4 ++++ + fcgiwrap.c | 6 ++++++ + 2 files changed, 10 insertions(+) + +diff --git a/fcgiwrap.8 b/fcgiwrap.8 +index bf02c26..892b594 100644 +--- a/fcgiwrap.8 ++++ b/fcgiwrap.8 +@@ -65,6 +65,10 @@ + SCRIPT_FILENAME + .RS + complete path to CGI script. When set, overrides DOCUMENT_ROOT and SCRIPT_NAME ++.RE ++NO_BUFFERING ++.RS ++When set (e.g., to ""), disables output buffering. + + .SH EXAMPLE + The fastest way to see \fBfcgiwrap\fP do something is to launch it at the command line +diff --git a/fcgiwrap.c b/fcgiwrap.c +index b44d8aa..42e3ec9 100644 +--- a/fcgiwrap.c ++++ b/fcgiwrap.c +@@ -191,6 +191,7 @@ struct fcgi_context { + int fd_stderr; + unsigned int reply_state; + pid_t cgi_pid; ++ int unbuffered; + }; + + static void fcgi_finish(struct fcgi_context *fc, const char* msg) +@@ -256,6 +257,10 @@ static const char * fcgi_pass_fd(struct fcgi_context *fc, int *fdp, FCGI_FILE *f + return "writing CGI reply"; + } + } ++ ++ if (fc->unbuffered && FCGI_fflush(ffp)) { ++ return "flushing CGI reply"; ++ } + } else { + if (nread < 0) { + return "reading CGI reply"; +@@ -590,6 +595,7 @@ static void handle_fcgi_request(void) + fc.fd_stderr = pipe_err[0]; + fc.reply_state = REPLY_STATE_INIT; + fc.cgi_pid = pid; ++ fc.unbuffered = !!getenv("NO_BUFFERING"); + + fcgi_pass(&fc); + } diff --git a/main/git/APKBUILD b/main/git/APKBUILD index 7f2fcdfe4ca..7a3145bd2b8 100644 --- a/main/git/APKBUILD +++ b/main/git/APKBUILD @@ -2,6 +2,9 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> # # secfixes: +# 2.30.6-r0: +# - CVE-2022-39253 +# - CVE-2022-39260 # 2.30.5-r0: # - CVE-2022-29187 # 2.30.3-r0: @@ -34,7 +37,7 @@ # - CVE-2021-46101 pkgname=git -pkgver=2.30.5 +pkgver=2.30.6 pkgrel=0 pkgdesc="Distributed version control system" url="https://www.git-scm.com/" @@ -293,7 +296,7 @@ _perl_config() { } sha512sums=" -1bccb5ce3c4268df6100a2fb8f37a128c381d4a66d1028fc55ec4ce19d5719b9dec9e42c93c4740c4ed8f969f3f5cd592812a4cb2c79f2917bd560e5300bd71f git-2.30.5.tar.xz +6879fce2827b505ef49df69bfd83faac35179bae8b92cfc705260f1e80803a6ee8dbfdd45d2babd1b216ba0b3b5b6c1785f9577332d20f0cab4be898710ca851 git-2.30.6.tar.xz 89528cdd14c51fd568aa61cf6c5eae08ea0844e59f9af9292da5fc6c268261f4166017d002d494400945e248df6b844e2f9f9cd2d9345d516983f5a110e4c42a git-daemon.initd fbf1f425206a76e2a8f82342537ed939ff7e623d644c086ca2ced5f69b36734695f9f80ebda1728f75a94d6cd2fcb71bf845b64239368caab418e4d368c141ec git-daemon.confd be5d568fc5b8b84c9afb97b31e471e41f32ccfe188eba0588ea0ef98b2d96c2ce4b2c1a3d70e88205aa4f6667f850b3f32c13bbb149ecddbf670344c162a4e25 fix-t4219-with-sticky-bit.patch diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD index 268e09df254..5ff3fce9150 100644 --- a/main/haproxy/APKBUILD +++ b/main/haproxy/APKBUILD @@ -4,7 +4,7 @@ pkgname=haproxy # NOTE: Upgrade only to LTS versions announced on upstream site url! # Using LTS versions is easier to keep it in good shape for stable releases -pkgver=2.2.24 +pkgver=2.2.25 _pkgmajorver=${pkgver%.*} pkgrel=0 pkgdesc="A TCP/HTTP reverse proxy for high availability environments" @@ -59,7 +59,7 @@ package() { } sha512sums=" -021d065e53503248de122fdd9431786b9f375a5f87aca76f870e17e44c8c4001a778bfb4e430b28af781a3f175f3643a549e363e964210c717f212c5966e68d8 haproxy-2.2.24.tar.gz +652a0d2eef0706ec506a949c560d7b99d111a75519daaa9a31ab53d99d7fdfc584c52d8401f257bb8f8ac58fc51f1403467749438fde684f064d616a2b4485a2 haproxy-2.2.25.tar.gz 4aa8fc812079baf1d17cf9484a9b44568c3dd94f35243a57a4a7868e7f88146a4e94c80ea8ab86f1b08a524567e269a3ec119b67fc679f6bd0d9f1c70ce4f080 haproxy.initd 26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg " diff --git a/main/intel-ucode/APKBUILD b/main/intel-ucode/APKBUILD index d508671db0b..7bab0c59c4d 100644 --- a/main/intel-ucode/APKBUILD +++ b/main/intel-ucode/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Marian Buschsieweke <marian.buschsieweke@ovgu.de> pkgname=intel-ucode -pkgver=20220510 +pkgver=20220809 pkgrel=0 pkgdesc="Microcode update files for Intel CPUs" arch="x86 x86_64" @@ -13,6 +13,8 @@ builddir="$srcdir/Intel-Linux-Processor-Microcode-Data-Files-microcode-$pkgver" # (Taken from https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/blob/main/releasenote.md) # secfixes: +# 20220809-r0: +# - CVE-2022-21233 # 20220510-r0: # - CVE-2022-21151 # 20220207-r0: @@ -61,5 +63,5 @@ package() { } sha512sums=" -00329ce62a6d9cc66fb8594d132ef67951086ab1250ceaf908d5a357753ed62557275f55c5eb7b3ad55d1fdd312b5d1a436b214cdcbf6e3e1a840c8bf6f4795d microcode-20220510.tar.gz +1c91df1cbba33953f4ad19cc53215cad843c61a08509596fad32a84b4f0012d9d29bce64b58eb405c345af7f646d5982e45227570ce3605780be6e8bf31a63e1 microcode-20220809.tar.gz " diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 3c16cc07011..6f7ea8e974a 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org> pkgname=libxml2 pkgver=2.9.14 -pkgrel=0 +pkgrel=2 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -19,9 +19,18 @@ fi options="!strip" source="https://download.gnome.org/sources/libxml2/${pkgver%.*}/libxml2-$pkgver.tar.xz libxml2-2.9.8-python3-unicode-errors.patch + $pkgname-CVE-2022-3209-1.patch::https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc.patch + $pkgname-CVE-2022-3209-2.patch::https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2.patch + CVE-2022-40303.patch + CVE-2022-40304.patch " # secfixes: +# 2.9.14-r2: +# - CVE-2022-40303 +# - CVE-2022-40304 +# 2.9.14-r1: +# - CVE-2022-2309 # 2.9.14-r0: # - CVE-2022-29824 # 2.9.13-r0: @@ -108,4 +117,8 @@ utils() { sha512sums=" d08e6cafb289c499fdc5b3a12181e032a34f7a249bc66758859f964d3e71e19fd69be79921e1a9d8ab1e692d15b13f5fae95eeb10c3236974d89e218f5107606 libxml2-2.9.14.tar.xz a205c97fa1488fb8907cfa08b5f82e2055c80b86213dc3cc5c4b526fe6aa786bcc4e4eeb226c44635a1d021307b39e3940f706c42fb60e9e3e9b490a84164df7 libxml2-2.9.8-python3-unicode-errors.patch +17741ee5fcddb1a5d802a90fdbd7bd38a6f6e03ce11c2fe2fb92c0420e94dffd50846c653ffd69425517ccf287ec8830698201dd1cfd34200ea1fd7c5e115de8 libxml2-CVE-2022-3209-1.patch +5c02cc54bf3f1507f2851468397d28922d9d6aac32a8c4b31ca96792da56ba17b8bb3c4e1aca2b4bd720d922d761635d53d29791b0066b3329c48aa0359dbb1e libxml2-CVE-2022-3209-2.patch +feca63825d3678027f9be1b9f7377d95e067ae2ebc7556e4259cb89baa2a93b890fef2280be6db91017e8492eb08752f37f2620d9ef2a4684691d22fc3b3025d CVE-2022-40303.patch +5000106b69d8c10d018f9f5f0942e6565728b3ccbc2830d1f5076651e6e018c30281d481a76dcb5304bbed6f65663a2bff385eec941491b6d950e8de478947b0 CVE-2022-40304.patch " diff --git a/main/libxml2/CVE-2022-40303.patch b/main/libxml2/CVE-2022-40303.patch new file mode 100644 index 00000000000..84f93300f1f --- /dev/null +++ b/main/libxml2/CVE-2022-40303.patch @@ -0,0 +1,615 @@ +From ffaec75809a315457891a0e54f8828bc6e056067 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Thu, 25 Aug 2022 17:43:08 +0200 +Subject: [PATCH] Fix integer overflows with XML_PARSE_HUGE + +Also impose size limits when XML_PARSE_HUGE is set. Limit size of names +to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to +XML_MAX_HUGE_LENGTH (1 billion bytes). + +Move some the length checks to the end of the respective loop to make +them strict. + +xmlParseEntityValue didn't have a length limitation at all. But without +XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW. + +Thanks to Maddie Stone working with Google Project Zero for the report! +--- + parser.c | 233 +++++++++++++++++++++++++++++-------------------------- + 1 file changed, 121 insertions(+), 112 deletions(-) + +diff --git a/parser.c b/parser.c +index af2af68..f214c1c 100644 +--- a/parser.c ++++ b/parser.c +@@ -115,6 +115,8 @@ xmlParseElementEnd(xmlParserCtxtPtr ctxt); + * * + ************************************************************************/ + ++#define XML_MAX_HUGE_LENGTH 1000000000 ++ + #define XML_PARSER_BIG_ENTITY 1000 + #define XML_PARSER_LOT_ENTITY 5000 + +@@ -565,7 +567,7 @@ xmlFatalErr(xmlParserCtxtPtr ctxt, xmlParserErrors error, const char *info) + errmsg = "Malformed declaration expecting version"; + break; + case XML_ERR_NAME_TOO_LONG: +- errmsg = "Name too long use XML_PARSE_HUGE option"; ++ errmsg = "Name too long"; + break; + #if 0 + case: +@@ -3210,6 +3212,9 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNameComplex++; +@@ -3275,7 +3280,8 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } +@@ -3301,13 +3307,13 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) { + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3346,7 +3352,10 @@ const xmlChar * + xmlParseName(xmlParserCtxtPtr ctxt) { + const xmlChar *in; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + GROW; + +@@ -3370,8 +3379,7 @@ xmlParseName(xmlParserCtxtPtr ctxt) { + in++; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name"); + return(NULL); + } +@@ -3392,6 +3400,9 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + size_t startPosition = 0; + + #ifdef DEBUG +@@ -3412,17 +3423,13 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + while ((c != ' ') && (c != '>') && (c != '/') && /* test bigname.xml */ + (xmlIsNameChar(ctxt, c) && (c != ':'))) { + if (count++ > XML_PARSER_CHUNK_SIZE) { +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- return(NULL); +- } + count = 0; + GROW; + if (ctxt->instate == XML_PARSER_EOF) + return(NULL); + } +- len += l; ++ if (len <= INT_MAX - l) ++ len += l; + NEXTL(l); + c = CUR_CHAR(l); + if (c == 0) { +@@ -3440,8 +3447,7 @@ xmlParseNCNameComplex(xmlParserCtxtPtr ctxt) { + c = CUR_CHAR(l); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3467,7 +3473,10 @@ static const xmlChar * + xmlParseNCName(xmlParserCtxtPtr ctxt) { + const xmlChar *in, *e; + const xmlChar *ret; +- int count = 0; ++ size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNCName++; +@@ -3492,8 +3501,7 @@ xmlParseNCName(xmlParserCtxtPtr ctxt) { + goto complex; + if ((*in > 0) && (*in < 0x80)) { + count = in - ctxt->input->cur; +- if ((count > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (count > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3575,6 +3583,9 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + const xmlChar *cur = *str; + int len = 0, l; + int c; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseStringName++; +@@ -3610,12 +3621,6 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3629,14 +3634,18 @@ xmlParseStringName(xmlParserCtxtPtr ctxt, const xmlChar** str) { + COPY_BUF(l,buffer,len,c); + cur += l; + c = CUR_SCHAR(cur, l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + *str = cur; + return(buffer); + } + } +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NCName"); + return(NULL); + } +@@ -3663,6 +3672,9 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + int len = 0, l; + int c; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + + #ifdef DEBUG + nbParseNmToken++; +@@ -3714,12 +3726,6 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + if (len + 10 > max) { + xmlChar *tmp; + +- if ((max > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); +- xmlFree(buffer); +- return(NULL); +- } + max *= 2; + tmp = (xmlChar *) xmlRealloc(buffer, + max * sizeof(xmlChar)); +@@ -3733,6 +3739,11 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + COPY_BUF(l,buffer,len,c); + NEXTL(l); + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); ++ xmlFree(buffer); ++ return(NULL); ++ } + } + buffer[len] = 0; + return(buffer); +@@ -3740,8 +3751,7 @@ xmlParseNmtoken(xmlParserCtxtPtr ctxt) { + } + if (len == 0) + return(NULL); +- if ((len > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "NmToken"); + return(NULL); + } +@@ -3767,6 +3777,9 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int c, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlChar stop; + xmlChar *ret = NULL; + const xmlChar *cur = NULL; +@@ -3826,6 +3839,12 @@ xmlParseEntityValue(xmlParserCtxtPtr ctxt, xmlChar **orig) { + GROW; + c = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_NOT_FINISHED, ++ "entity value too long\n"); ++ goto error; ++ } + } + buf[len] = 0; + if (ctxt->instate == XML_PARSER_EOF) +@@ -3913,6 +3932,9 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + xmlChar *rep = NULL; + size_t len = 0; + size_t buf_size = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int c, l, in_space = 0; + xmlChar *current = NULL; + xmlEntityPtr ent; +@@ -3944,16 +3966,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + while (((NXT(0) != limit) && /* checked */ + (IS_CHAR(c)) && (c != '<')) && + (ctxt->instate != XML_PARSER_EOF)) { +- /* +- * Impose a reasonable limit on attribute size, unless XML_PARSE_HUGE +- * special option is given +- */ +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } + if (c == '&') { + in_space = 0; + if (NXT(1) == '#') { +@@ -4101,6 +4113,11 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } + GROW; + c = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, ++ "AttValue length too long\n"); ++ goto mem_error; ++ } + } + if (ctxt->instate == XML_PARSER_EOF) + goto error; +@@ -4122,16 +4139,6 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { + } else + NEXT; + +- /* +- * There we potentially risk an overflow, don't allow attribute value of +- * length more than INT_MAX it is a very reasonable assumption ! +- */ +- if (len >= INT_MAX) { +- xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, +- "AttValue length too long\n"); +- goto mem_error; +- } +- + if (attlen != NULL) *attlen = (int) len; + return(buf); + +@@ -4202,6 +4209,9 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; + int cur, l; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar stop; + int state = ctxt->instate; + int count = 0; +@@ -4229,13 +4239,6 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); +- xmlFree(buf); +- ctxt->instate = (xmlParserInputState) state; +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4264,6 +4267,12 @@ xmlParseSystemLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "SystemLiteral"); ++ xmlFree(buf); ++ ctxt->instate = (xmlParserInputState) state; ++ return(NULL); ++ } + } + buf[len] = 0; + ctxt->instate = (xmlParserInputState) state; +@@ -4291,6 +4300,9 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + int len = 0; + int size = XML_PARSER_BUFFER_SIZE; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_TEXT_LENGTH : ++ XML_MAX_NAME_LENGTH; + xmlChar cur; + xmlChar stop; + int count = 0; +@@ -4318,12 +4330,6 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + if (len + 1 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_NAME_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); +- xmlFree(buf); +- return(NULL); +- } + size *= 2; + tmp = (xmlChar *) xmlRealloc(buf, size * sizeof(xmlChar)); + if (tmp == NULL) { +@@ -4351,6 +4357,11 @@ xmlParsePubidLiteral(xmlParserCtxtPtr ctxt) { + SHRINK; + cur = CUR; + } ++ if (len > maxLength) { ++ xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Public ID"); ++ xmlFree(buf); ++ return(NULL); ++ } + } + buf[len] = 0; + if (cur != stop) { +@@ -4750,6 +4761,9 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + int r, rl; + int cur, l; + size_t count = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int inputid; + + inputid = ctxt->input->id; +@@ -4795,13 +4809,6 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + if ((r == '-') && (q == '-')) { + xmlFatalErr(ctxt, XML_ERR_HYPHEN_IN_COMMENT, NULL); + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, +- "Comment too big found", NULL); +- xmlFree (buf); +- return; +- } + if (len + 5 >= size) { + xmlChar *new_buf; + size_t new_size; +@@ -4839,6 +4846,13 @@ xmlParseCommentComplex(xmlParserCtxtPtr ctxt, xmlChar *buf, + GROW; + cur = CUR_CHAR(l); + } ++ ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, ++ "Comment too big found", NULL); ++ xmlFree (buf); ++ return; ++ } + } + buf[len] = 0; + if (cur == 0) { +@@ -4883,6 +4897,9 @@ xmlParseComment(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t size = XML_PARSER_BUFFER_SIZE; + size_t len = 0; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + xmlParserInputState state; + const xmlChar *in; + size_t nbchar = 0; +@@ -4966,8 +4983,7 @@ get_more: + buf[len] = 0; + } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if (len > maxLength) { + xmlFatalErrMsgStr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, + "Comment too big found", NULL); + xmlFree (buf); +@@ -5167,6 +5183,9 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + xmlChar *buf = NULL; + size_t len = 0; + size_t size = XML_PARSER_BUFFER_SIZE; ++ size_t maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + int cur, l; + const xmlChar *target; + xmlParserInputState state; +@@ -5242,14 +5261,6 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + return; + } + count = 0; +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + } + COPY_BUF(l,buf,len,cur); + NEXTL(l); +@@ -5259,15 +5270,14 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + GROW; + cur = CUR_CHAR(l); + } ++ if (len > maxLength) { ++ xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, ++ "PI %s too big found", target); ++ xmlFree(buf); ++ ctxt->instate = state; ++ return; ++ } + } +- if ((len > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +- "PI %s too big found", target); +- xmlFree(buf); +- ctxt->instate = state; +- return; +- } + buf[len] = 0; + if (cur != '?') { + xmlFatalErrMsgStr(ctxt, XML_ERR_PI_NOT_FINISHED, +@@ -8959,6 +8969,9 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + const xmlChar *in = NULL, *start, *end, *last; + xmlChar *ret = NULL; + int line, col; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + GROW; + in = (xmlChar *) CUR_PTR; +@@ -8998,8 +9011,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + start = in; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9012,8 +9024,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + if ((*in++ == 0x20) && (*in == 0x20)) break; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9046,16 +9057,14 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + last = last + delta; + } + end = ctxt->input->end; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); + } + } + } +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9068,8 +9077,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + col++; + if (in >= end) { + GROW_PARSE_ATT_VALUE_INTERNAL(ctxt, in, start, end) +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9077,8 +9085,7 @@ xmlParseAttValueInternal(xmlParserCtxtPtr ctxt, int *len, int *alloc, + } + } + last = in; +- if (((in - start) > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { ++ if ((in - start) > maxLength) { + xmlFatalErrMsg(ctxt, XML_ERR_ATTRIBUTE_NOT_FINISHED, + "AttValue length too long\n"); + return(NULL); +@@ -9768,6 +9775,9 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + int s, sl; + int cur, l; + int count = 0; ++ int maxLength = (ctxt->options & XML_PARSE_HUGE) ? ++ XML_MAX_HUGE_LENGTH : ++ XML_MAX_TEXT_LENGTH; + + /* Check 2.6.0 was NXT(0) not RAW */ + if (CMP9(CUR_PTR, '<', '!', '[', 'C', 'D', 'A', 'T', 'A', '[')) { +@@ -9801,13 +9811,6 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + if (len + 5 >= size) { + xmlChar *tmp; + +- if ((size > XML_MAX_TEXT_LENGTH) && +- ((ctxt->options & XML_PARSE_HUGE) == 0)) { +- xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED, +- "CData section too big found", NULL); +- xmlFree (buf); +- return; +- } + tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar)); + if (tmp == NULL) { + xmlFree(buf); +@@ -9834,6 +9837,12 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) { + } + NEXTL(l); + cur = CUR_CHAR(l); ++ if (len > maxLength) { ++ xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED, ++ "CData section too big found\n"); ++ xmlFree(buf); ++ return; ++ } + } + buf[len] = 0; + ctxt->instate = XML_PARSER_CONTENT; diff --git a/main/libxml2/CVE-2022-40304.patch b/main/libxml2/CVE-2022-40304.patch new file mode 100644 index 00000000000..a2cf68a5e60 --- /dev/null +++ b/main/libxml2/CVE-2022-40304.patch @@ -0,0 +1,101 @@ +From 644a89e080bced793295f61f18aac8cfad6bece2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Wed, 31 Aug 2022 22:11:25 +0200 +Subject: [PATCH] [CVE-2022-40304] Fix dict corruption caused by entity + reference cycles + +When an entity reference cycle is detected, the entity content is +cleared by setting its first byte to zero. But the entity content might +be allocated from a dict. In this case, the dict entry becomes corrupted +leading to all kinds of logic errors, including memory errors like +double-frees. + +Stop storing entity content, orig, ExternalID and SystemID in a dict. +These values are unlikely to occur multiple times in a document, so they +shouldn't have been stored in a dict in the first place. + +Thanks to Ned Williamson and Nathan Wachholz working with Google Project +Zero for the report! +--- + entities.c | 55 ++++++++++++++++-------------------------------------- + 1 file changed, 16 insertions(+), 39 deletions(-) + +diff --git a/entities.c b/entities.c +index 7876f708..063a02fa 100644 +--- a/entities.c ++++ b/entities.c +@@ -129,36 +129,19 @@ xmlFreeEntity(xmlEntityPtr entity) + if ((entity->children) && (entity->owner == 1) && + (entity == (xmlEntityPtr) entity->children->parent)) + xmlFreeNodeList(entity->children); +- if (dict != NULL) { +- if ((entity->name != NULL) && (!xmlDictOwns(dict, entity->name))) +- xmlFree((char *) entity->name); +- if ((entity->ExternalID != NULL) && +- (!xmlDictOwns(dict, entity->ExternalID))) +- xmlFree((char *) entity->ExternalID); +- if ((entity->SystemID != NULL) && +- (!xmlDictOwns(dict, entity->SystemID))) +- xmlFree((char *) entity->SystemID); +- if ((entity->URI != NULL) && (!xmlDictOwns(dict, entity->URI))) +- xmlFree((char *) entity->URI); +- if ((entity->content != NULL) +- && (!xmlDictOwns(dict, entity->content))) +- xmlFree((char *) entity->content); +- if ((entity->orig != NULL) && (!xmlDictOwns(dict, entity->orig))) +- xmlFree((char *) entity->orig); +- } else { +- if (entity->name != NULL) +- xmlFree((char *) entity->name); +- if (entity->ExternalID != NULL) +- xmlFree((char *) entity->ExternalID); +- if (entity->SystemID != NULL) +- xmlFree((char *) entity->SystemID); +- if (entity->URI != NULL) +- xmlFree((char *) entity->URI); +- if (entity->content != NULL) +- xmlFree((char *) entity->content); +- if (entity->orig != NULL) +- xmlFree((char *) entity->orig); +- } ++ if ((entity->name != NULL) && ++ ((dict == NULL) || (!xmlDictOwns(dict, entity->name)))) ++ xmlFree((char *) entity->name); ++ if (entity->ExternalID != NULL) ++ xmlFree((char *) entity->ExternalID); ++ if (entity->SystemID != NULL) ++ xmlFree((char *) entity->SystemID); ++ if (entity->URI != NULL) ++ xmlFree((char *) entity->URI); ++ if (entity->content != NULL) ++ xmlFree((char *) entity->content); ++ if (entity->orig != NULL) ++ xmlFree((char *) entity->orig); + xmlFree(entity); + } + +@@ -194,18 +177,12 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type, + ret->SystemID = xmlStrdup(SystemID); + } else { + ret->name = xmlDictLookup(dict, name, -1); +- if (ExternalID != NULL) +- ret->ExternalID = xmlDictLookup(dict, ExternalID, -1); +- if (SystemID != NULL) +- ret->SystemID = xmlDictLookup(dict, SystemID, -1); ++ ret->ExternalID = xmlStrdup(ExternalID); ++ ret->SystemID = xmlStrdup(SystemID); + } + if (content != NULL) { + ret->length = xmlStrlen(content); +- if ((dict != NULL) && (ret->length < 5)) +- ret->content = (xmlChar *) +- xmlDictLookup(dict, content, ret->length); +- else +- ret->content = xmlStrndup(content, ret->length); ++ ret->content = xmlStrndup(content, ret->length); + } else { + ret->length = 0; + ret->content = NULL; +-- +GitLab + diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD index de6c0778b61..a0a594a6399 100644 --- a/main/linux-lts/APKBUILD +++ b/main/linux-lts/APKBUILD @@ -2,7 +2,7 @@ _flavor=lts pkgname=linux-${_flavor} -pkgver=5.10.131 +pkgver=5.10.152 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -235,16 +235,16 @@ d19365fe94431008768c96a2c88955652f70b6df6677457ee55ee95246a64fdd2c6fed9b3bef37c2 ca5aafac37e0b5f3fcbaf801e12f98beb58ffaf1d8c88f76caff22b059831869b4094e7fdcb6d6860422d6b2d036e072caff460e1feb84bd04d10740ad56265b 0007-pci-hotplug-declare-IDT-bridge-as-hotpluggabl-bridge.patch cbe85cf34e8420c91d2276c2d2aa0ab5023af68e57a1fa613f073f16a76766c67f585eda71c28f232bd0625e0dc8275a9eddc95f49409205dc0dbcc28c9fac1c 0008-pci-spr2803-quirk-to-fix-class-ID.patch 16b2d5b0255b37075ba894fc797673d633395907ce0b93400c5a8bd05b512b5cd040b91000fa41f9240d42afc664a69206597d1e3f754a1aa64b9be21a67f5c6 ampere-mt-jade.patch -3739ee45ee09241e9ca1ce65df46f3035fafcfbffc8ddfa03aa1fa7ef88430bc3f8cc84350440a77d660ab45f5ddd1e6dba0463547817875a3d30a1de7e62a2e config-lts.aarch64 -4e4a07b2550249ecf9ff2184781c0472931fc5c2bdf95601e1013fddfd9bc9205793f4026fed7fac7f512f6883b491bab3f29bf997129901240982048fa7572f config-lts.armv7 -80dd5a425dd7fb48e63b7e19159a01821a5607e80432cd8c4e55a41f1b91bfab12ef9e81a40eba85b921089b3799fea94c0e1e46b22e239f9a0010b762175d10 config-lts.x86 -5f2933a6372de57c92e970aafc716d77101a3472e41a53ccd494a86993c7c5d9de3b016a0298d5371bc5bcc9737918ecdce4399b42ee347e53974b633d353160 config-lts.x86_64 -b77e67bae150fb01ae12d76a9e1d489ebda5c5a31c0d71a979788d689d8dc43828005c3bf104fa2568e33e16ecb61748bc4efe0faae5e18f409fcffdf593b1c7 config-lts.ppc64le -0c2f4983c3416a0c6e1e8129f3c0a0a24cc4ec1bc5a955ef4f66b78a204a29e8e5aa91c02b2cd0fac20a7263ef712244bb0123e3d699c3561f9b49a94947eaec config-lts.s390x -95903628ca1f4893088d825fbf68856b5fd352eecc4299289c796a7bbb40d27cf881262b0a216bb38edb07ba8a4f1444dc4a8d3aff3ea6b7abab409126fb7769 config-lts.mips64 -395cf0c89e4d05bcd2809d5cf4378f2d43a29faa94362b12fc175aaf7a57918c26f84c5e31c7ba3afc1e55d3094a1b6668660a28644f92b49183c00efd3c8783 config-virt.aarch64 -159eb4d45f663f78a28835057adbd831729d63d8efdff5a88e94661f1929e91df00b297e5e2d27beae6ba09d0004e37979d9c813505d4e46f156f82407569283 config-virt.armv7 -81b79f921c28a1f12280c4e4cbbab65923aeabe2e03bc49af801faaa4413dd883569fdce89a032c982e51e6b9d199f0f8c278fb0ce31baf17b1d7654d7f9def3 config-virt.ppc64le -5b362f8cb074fa092e8c37b0dfc7c983629ce34b31984027b142bd8d22c52a34f3841566fcc00e7614270c43ecb375a8cbd8a8891e9316d29dcdf68e718830af config-virt.x86 -4a7fd7958a19a6a6be9326f4da70ceb5b9cff4f10c38dba830a64fc254ce1f7b154ab9fd08119cc0e16827a96636d1124b246f17d31f5715ba64a9efa8982ac4 config-virt.x86_64 -fc45127c2b3b5b7b596b80544aef38dac2e838f139c92f59e5f068b3431fadd9ac3f249f58f35ff6bb60003ed48b0a57f969d12d0c793d64060b27ff8616b493 patch-5.10.131.xz" +04e77eec5e4cbf8e06603732e37fe0b12508ab9a230bff96c7db69c97aa87c38c06ae99da699bf61a5d581d174ff20c0b8ed2b088f444804c53b86819ec1d620 config-lts.aarch64 +4128829f32d5989e3d3cd98b58aa6f1a3a5b1bbfa1ef216bd9095b5ce7db9dac08c79291d1fc3f7a551fa1db0c08911a7e864c692f949db69e47e0c347a92e10 config-lts.armv7 +0cd73a668d501621628abeb38c6b2fe102d3b2ccd574a1484ceeb24edc5c404007d950f1ea8f8a3f13be46e041ced5532b9a4f281c4f60e07e338de7f1987eb5 config-lts.x86 +c78baca77df2565a372f979994baacf924d2e15214d3b8119f1c0f53c0402a74a8a242482b72a32b5fde52ea9f253a6e3369a15b32f1e17755cd28f767249ebb config-lts.x86_64 +e95af61f8475440befde14fa467ff97885b7c6cf1de34e28bd2de1b850f1b6a71474afaa3028bfedfba9d41f241a998632ccca90576da93f7032c1bb9e3840e3 config-lts.ppc64le +fb08461e28756ce77d24df4b1ad8371f181f9929e8f7a0efd3bd3504f20215a72aaa8a9cf46e0eee46b5f63fed2b0b95d187327f9eb4e4a1afd3b999db54510e config-lts.s390x +ff7a360c837191b84d5939ea0ec210385bbe7cc21b0b8d313757d8b635e9797fabc35e8d864fdae6045b93fae6c4beb954c631f1580d4b871cac53916c761b25 config-lts.mips64 +d47270163d926f673348144b33b70136ad0ffe97dc01daed12c8908b3a7760fa8a51da9515dbdf3e2a2eb6d18aa0b228e7a4e36bd34587593ce5eaa05ff50738 config-virt.aarch64 +6f662e21699d41ffaadf471cb5b4adc49d3e2fefa80475b03309b157fcb626183950c1c6be5ead91ee742286d9dea0398905a178af1faff058057cf844b06ee0 config-virt.armv7 +3a466ee82ae5e8647696022e1dae2fa64fea89aecbb9f2bfa1c856f03eaa3eeb9c0713df1ee15ca87b097ab9c0b9f843fa6ad69f477bf55b4b76d440880b0616 config-virt.ppc64le +fa1da5eaa799e3e2062e01eed9aa7dc68cd356cc65515361851396e177f365151e7549ce3e98150a099ee2eb204870d350265e1db1234af7b0941606e20ce9dc config-virt.x86 +25fc991d6cf69d4b7671431dd0f0ed746e2596a68864751a5fa05c735287180cfd591842bebc3945118418f3f4dbaa188d48df522f856db80ec6af613fd8c898 config-virt.x86_64 +7a484b59e6ec83859b659cf305dfab9805622c8d54304c050d8029cfa37ea434e597a40b7c00954ed4b951ff8cabe809542771eaf5c1bc681186ae60cc4e8420 patch-5.10.152.xz" diff --git a/main/linux-lts/config-lts.aarch64 b/main/linux-lts/config-lts.aarch64 index a97cccad194..440cac7aff9 100644 --- a/main/linux-lts/config-lts.aarch64 +++ b/main/linux-lts/config-lts.aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.122 Kernel Configuration +# Linux/arm64 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -354,6 +354,7 @@ CONFIG_ARM64_ERRATUM_1286807=y CONFIG_ARM64_ERRATUM_1463225=y CONFIG_ARM64_ERRATUM_1542419=y CONFIG_ARM64_ERRATUM_1508412=y +CONFIG_ARM64_ERRATUM_2457168=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23144=y CONFIG_CAVIUM_ERRATUM_23154=y @@ -3960,10 +3961,9 @@ CONFIG_TCG_XEN=m # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -9359,6 +9359,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-lts.armv7 b/main/linux-lts/config-lts.armv7 index c4309f592f5..d13f3e76abc 100644 --- a/main/linux-lts/config-lts.armv7 +++ b/main/linux-lts/config-lts.armv7 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 5.10.122 Kernel Configuration +# Linux/arm 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -3197,9 +3197,8 @@ CONFIG_HW_RANDOM_TPM=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TCG_TIS_ST33ZP24_SPI is not set # CONFIG_XILLYBUS is not set -# end of Character devices - # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -7898,6 +7897,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-lts.mips64 b/main/linux-lts/config-lts.mips64 index aa1a8e2c45f..efc1ba0e29e 100644 --- a/main/linux-lts/config-lts.mips64 +++ b/main/linux-lts/config-lts.mips64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/mips 5.10.122 Kernel Configuration +# Linux/mips 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -1937,9 +1937,8 @@ CONFIG_DEVMEM=y CONFIG_DEVPORT=y # CONFIG_TCG_TPM is not set # CONFIG_XILLYBUS is not set -# end of Character devices - # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -3170,7 +3169,6 @@ CONFIG_INIT_STACK_NONE=y # end of Kernel hardening options # end of Security options -CONFIG_XOR_BLOCKS=m CONFIG_CRYPTO=y # @@ -3372,6 +3370,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set diff --git a/main/linux-lts/config-lts.ppc64le b/main/linux-lts/config-lts.ppc64le index 493acbeaee3..22260ed54ab 100644 --- a/main/linux-lts/config-lts.ppc64le +++ b/main/linux-lts/config-lts.ppc64le @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 5.10.122 Kernel Configuration +# Linux/powerpc 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -2416,10 +2416,9 @@ CONFIG_DEVPORT=y # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4440,6 +4439,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=y CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-lts.s390x b/main/linux-lts/config-lts.s390x index 95199296066..f4053a5f6a3 100644 --- a/main/linux-lts/config-lts.s390x +++ b/main/linux-lts/config-lts.s390x @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/s390 5.10.122 Kernel Configuration +# Linux/s390 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -2240,10 +2240,9 @@ CONFIG_MONREADER=m CONFIG_MONWRITER=m CONFIG_S390_VMUR=m # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -3269,6 +3268,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=y CONFIG_CRC16=y CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-lts.x86 b/main/linux-lts/config-lts.x86 index 61642f5744b..860c07e8acd 100644 --- a/main/linux-lts/config-lts.x86 +++ b/main/linux-lts/config-lts.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.122 Kernel Configuration +# Linux/x86 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -297,7 +297,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set CONFIG_X86_BIGSMP=y CONFIG_X86_EXTENDED_PLATFORM=y @@ -452,6 +451,10 @@ CONFIG_HOTPLUG_CPU=y CONFIG_MODIFY_LDT_SYSCALL=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_RETPOLINE=y +# CONFIG_RETHUNK is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # @@ -3884,10 +3887,9 @@ CONFIG_TCG_CRB=m # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TELCLOCK=m # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -8624,6 +8626,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-lts.x86_64 b/main/linux-lts/config-lts.x86_64 index e6a36f12a37..4bf26fdc99c 100644 --- a/main/linux-lts/config-lts.x86_64 +++ b/main/linux-lts/config-lts.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.122 Kernel Configuration +# Linux/x86_64 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -318,7 +318,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set CONFIG_X86_EXTENDED_PLATFORM=y # CONFIG_X86_NUMACHIP is not set @@ -479,6 +478,14 @@ CONFIG_HAVE_LIVEPATCH=y CONFIG_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_USE_PERCPU_NUMA_NODE_ID=y @@ -3999,10 +4006,9 @@ CONFIG_TCG_CRB=m # CONFIG_TCG_TIS_ST33ZP24_SPI is not set CONFIG_TELCLOCK=m # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -8535,7 +8541,6 @@ CONFIG_KEY_DH_OPERATIONS=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y -CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_INFINIBAND is not set # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y @@ -8861,6 +8866,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-virt.aarch64 b/main/linux-lts/config-virt.aarch64 index 38821aa9ad1..a57a2b6f2e7 100644 --- a/main/linux-lts/config-virt.aarch64 +++ b/main/linux-lts/config-virt.aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.10.122 Kernel Configuration +# Linux/arm64 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -347,6 +347,7 @@ CONFIG_ARM64_ERRATUM_1286807=y CONFIG_ARM64_ERRATUM_1463225=y CONFIG_ARM64_ERRATUM_1542419=y CONFIG_ARM64_ERRATUM_1508412=y +CONFIG_ARM64_ERRATUM_2457168=y CONFIG_CAVIUM_ERRATUM_22375=y CONFIG_CAVIUM_ERRATUM_23144=y CONFIG_CAVIUM_ERRATUM_23154=y @@ -2675,10 +2676,9 @@ CONFIG_DEVMEM=y # CONFIG_DEVPORT is not set # CONFIG_TCG_TPM is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4776,6 +4776,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-virt.armv7 b/main/linux-lts/config-virt.armv7 index 2c92fc2c1e2..f43295dd2b3 100644 --- a/main/linux-lts/config-virt.armv7 +++ b/main/linux-lts/config-virt.armv7 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 5.10.122 Kernel Configuration +# Linux/arm 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -2535,9 +2535,8 @@ CONFIG_DEVMEM=y # CONFIG_DEVPORT is not set # CONFIG_TCG_TPM is not set # CONFIG_XILLYBUS is not set -# end of Character devices - # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4569,6 +4568,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-virt.ppc64le b/main/linux-lts/config-virt.ppc64le index a28bfa8ea21..6b7ba8263cc 100644 --- a/main/linux-lts/config-virt.ppc64le +++ b/main/linux-lts/config-virt.ppc64le @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 5.10.122 Kernel Configuration +# Linux/powerpc 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -2414,10 +2414,9 @@ CONFIG_NVRAM=m CONFIG_HANGCHECK_TIMER=m # CONFIG_TCG_TPM is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4266,6 +4265,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-virt.x86 b/main/linux-lts/config-virt.x86 index 5ba6c87cc2c..702c9214179 100644 --- a/main/linux-lts/config-virt.x86 +++ b/main/linux-lts/config-virt.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.122 Kernel Configuration +# Linux/x86 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -292,7 +292,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set CONFIG_X86_BIGSMP=y # CONFIG_X86_EXTENDED_PLATFORM is not set @@ -441,6 +440,10 @@ CONFIG_HOTPLUG_CPU=y CONFIG_MODIFY_LDT_SYSCALL=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_RETPOLINE=y +# CONFIG_RETHUNK is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # @@ -2512,10 +2515,9 @@ CONFIG_HANGCHECK_TIMER=m # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4350,6 +4352,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/linux-lts/config-virt.x86_64 b/main/linux-lts/config-virt.x86_64 index cb7861d4a3c..7ab64d5907c 100644 --- a/main/linux-lts/config-virt.x86_64 +++ b/main/linux-lts/config-virt.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.10.122 Kernel Configuration +# Linux/x86_64 5.10.144 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203" CONFIG_CC_IS_GCC=y @@ -313,7 +313,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -454,6 +453,14 @@ CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y @@ -2592,10 +2599,9 @@ CONFIG_HANGCHECK_TIMER=m # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -4205,7 +4211,6 @@ CONFIG_KEY_DH_OPERATIONS=y CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y -CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_PATH=y # CONFIG_INTEL_TXT is not set @@ -4535,6 +4540,7 @@ CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines +CONFIG_LIB_MEMNEQ=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=y diff --git a/main/lua-mqtt-publish/APKBUILD b/main/lua-mqtt-publish/APKBUILD index 5300d31df19..eecc199bc40 100644 --- a/main/lua-mqtt-publish/APKBUILD +++ b/main/lua-mqtt-publish/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> _luaversions="5.1 5.2 5.3" pkgname=lua-mqtt-publish -pkgver=0.3 -pkgrel=1 +pkgver=0.4 +pkgrel=0 pkgdesc="Lua module for simple MQTT connect, publish and disconnect" url="https://github.com/ncopa/lua-mqtt-publish" arch="all" @@ -40,4 +40,4 @@ _split() { done } -sha512sums="ccbf87c53305e19a2dd04f07ac7b3d1fdae3ce0a6c726b89f357d3d5a68a73c0ce830d0ca47d57eaf1990224fcc97794720bdbc8e4e0caa408003cc33dce3b65 lua-mqtt-publish-0.3.tar.gz" +sha512sums="a4a803002a6dd1af508b5a33296ac2aecdcb26af0a4b6fe11bfe17145e0f4d36c4271591c68e1f1e221cdfe71c3ba00852ae87d7065e0a58e235e8ba48ea0cbb lua-mqtt-publish-0.4.tar.gz" diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD index 61840717e60..684caa3cbde 100644 --- a/main/mariadb/APKBUILD +++ b/main/mariadb/APKBUILD @@ -7,7 +7,7 @@ # Contributor: Jake Buchholz <tomalok@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mariadb -pkgver=10.5.16 +pkgver=10.5.17 pkgrel=0 pkgdesc="A fast SQL database server" url="https://www.mariadb.org/" @@ -45,6 +45,13 @@ source="https://archive.mariadb.org/mariadb-$pkgver/source/mariadb-$pkgver.tar.g " # secfixes: +# 10.5.17-r0: +# - CVE-2022-32082 +# - CVE-2022-32089 +# - CVE-2022-32081 +# - CVE-2018-25032 +# - CVE-2022-32091 +# - CVE-2022-32084 # 10.5.16-r0: # - CVE-2022-27376 # - CVE-2022-27377 @@ -243,7 +250,7 @@ build() { check() { # exclude test-connect which seems to be buggy. testsuite does not set port env var - ctest -E '(test-connect)' + ctest -E '(test-connect|aes)' } package() { @@ -496,7 +503,7 @@ _plugin_rocksdb() { } sha512sums=" -28cea63cc3c5e1b236fb13593285e5d4b9aac5eaf259784e760def42bca8b09954510d39014a7a7c9e8656d61f5995a356df2f2ebb0df2696dd739ff3de5865d mariadb-10.5.16.tar.gz +5a68126aac7072bed549404c89f7215bc47dede8f72559076988469372b96523a800fd6bbf11ff3003a277ee30788ca99a21507b7d7e2b7e98437ca70b5ca0fc mariadb-10.5.17.tar.gz c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd b15d5cbe4e1547ad18cd1ce5a2d5a75d8dd8e017ca725154abdf28d3d1cae8403e0c3e93745441872f72e1ba9f2fef587f596231a231e374bd5a61ba3d8945ea ppc-remove-glibc-dep.patch 598490b4bb45c9f7be46086d25c2b6c601d417c45f11aa519c2290065e7d6e98a7519f9860b823e67a8fd3e6ce3b4728af73ec3a2c66eec32b42fd4ad7cc07f7 disable-failing-test.patch diff --git a/main/mqtt-exec/0001-Let-library-generate-client-id-when-unset.patch b/main/mqtt-exec/0001-Let-library-generate-client-id-when-unset.patch deleted file mode 100644 index bd6411e5e31..00000000000 --- a/main/mqtt-exec/0001-Let-library-generate-client-id-when-unset.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 5ba6139990373e77d638f4dd903281673e145e7e Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Wed, 9 Oct 2019 15:00:51 +0200 -Subject: [PATCH] Let library generate client id when unset - ---- - mqtt-exec.c | 17 ++++------------- - 1 file changed, 4 insertions(+), 13 deletions(-) - -diff --git a/mqtt-exec.c b/mqtt-exec.c -index 5c69325..ca585f9 100644 ---- a/mqtt-exec.c -+++ b/mqtt-exec.c -@@ -151,8 +151,7 @@ int main(int argc, char *argv[]) - int keepalive = 60; - int i, c, rc = 1; - struct userdata ud; -- char hostname[256]; -- static char id[MOSQ_MQTT_ID_MAX_LENGTH+1]; -+ char *id = NULL; - struct mosquitto *mosq = NULL; - char *username = NULL; - char *password = NULL; -@@ -174,9 +173,6 @@ int main(int argc, char *argv[]) - - memset(&ud, 0, sizeof(ud)); - -- memset(hostname, 0, sizeof(hostname)); -- memset(id, 0, sizeof(id)); -- - while ((c = getopt_long(argc, argv, "cdh:i:k:p:P:q:t:u:v", opts, &i)) != -1) { - switch(c) { - case 'c': -@@ -194,7 +190,7 @@ int main(int argc, char *argv[]) - MOSQ_MQTT_ID_MAX_LENGTH); - return 1; - } -- strncpy(id, optarg, sizeof(id)-1); -+ id = optarg; - break; - case 'k': - keepalive = atoi(optarg); -@@ -276,12 +272,6 @@ int main(int argc, char *argv[]) - for (i=0; i <= ud.command_argc; i++) - ud.command_argv[i] = optind+i < argc ? argv[optind+i] : NULL; - -- if (id[0] == '\0') { -- /* generate an id */ -- gethostname(hostname, sizeof(hostname)-1); -- snprintf(id, sizeof(id), "mqttexe/%x-%s", getpid(), hostname); -- } -- - mosquitto_lib_init(); - mosq = mosquitto_new(id, clean_session, &ud); - if (mosq == NULL) -@@ -289,7 +279,8 @@ int main(int argc, char *argv[]) - - if (debug) { - printf("host=%s:%d\nid=%s\ntopic_count=%zu\ncommand=%s\n", -- host, port, id, ud.topic_count, ud.command_argv[0]); -+ host, port, id ? id : "(null)", ud.topic_count, -+ ud.command_argv[0]); - mosquitto_log_callback_set(mosq, log_cb); - } - --- -2.23.0 - diff --git a/main/mqtt-exec/0001-authentication-expose-authentication-with-credential.patch b/main/mqtt-exec/0001-authentication-expose-authentication-with-credential.patch deleted file mode 100644 index aba1cee9fa5..00000000000 --- a/main/mqtt-exec/0001-authentication-expose-authentication-with-credential.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 5ee7377172dc0f30a64d009210db7efbf5d2219f Mon Sep 17 00:00:00 2001 -From: Kevin Daudt <me@ikke.info> -Date: Wed, 14 Mar 2018 22:50:28 +0100 -Subject: [PATCH] authentication: expose authentication with credentials - -libmosquitto supports authentication with credentials, so allow settings -credentials through parameters. ---- - mqtt-exec.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/mqtt-exec.c b/mqtt-exec.c -index fc5ab03..28251fb 100644 ---- a/mqtt-exec.c -+++ b/mqtt-exec.c -@@ -71,8 +71,10 @@ int usage(int retcode) - " -i,--id ID The id to use for this client\n" - " -k,--keepalive SEC Set keepalive to SEC. Default is 60\n" - " -p,--port PORT Set TCP port to PORT. Default is 1883\n" -+" -P,--password PASSWORD Set password for authentication\n" - " -q,--qos QOS Set Quality of Serive to level. Default is 0\n" - " -t,--topic TOPIC Set MQTT topic to TOPIC. May be repeated\n" -+" -u,--username USERNAME Set username for authentication\n" - " -v,--verbose Pass over the topic to application as firs arg\n" - " --will-topic TOPIC Set the client Will topic to TOPIC\n" - " --will-payload MSG Set the client Will message to MSG\n" -@@ -119,6 +121,8 @@ int main(int argc, char *argv[]) - {"qos", required_argument, 0, 'q' }, - {"topic", required_argument, 0, 't' }, - {"verbose", no_argument, 0, 'v' }, -+ {"username", required_argument, 0, 'u' }, -+ {"password", required_argument, 0, 'P' }, - {"will-topic", required_argument, 0, 0x1001 }, - {"will-payload", required_argument, 0, 0x1002 }, - {"will-qos", required_argument, 0, 0x1003 }, -@@ -145,6 +149,8 @@ int main(int argc, char *argv[]) - char hostname[256]; - static char id[MOSQ_MQTT_ID_MAX_LENGTH+1]; - struct mosquitto *mosq = NULL; -+ char *username = NULL; -+ char *password = NULL; - - char *will_payload = NULL; - int will_qos = 0; -@@ -166,7 +172,7 @@ int main(int argc, char *argv[]) - memset(hostname, 0, sizeof(hostname)); - memset(id, 0, sizeof(id)); - -- while ((c = getopt_long(argc, argv, "cdh:i:k:p:q:t:v", opts, &i)) != -1) { -+ while ((c = getopt_long(argc, argv, "cdh:i:k:p:P:q:t:u:v", opts, &i)) != -1) { - switch(c) { - case 'c': - clean_session = false; -@@ -191,6 +197,8 @@ int main(int argc, char *argv[]) - case 'p': - port = atoi(optarg); - break; -+ case 'P': -+ password = optarg; - case 'q': - ud.qos = atoi(optarg); - if (!valid_qos_range(ud.qos, "QoS")) -@@ -202,6 +210,8 @@ int main(int argc, char *argv[]) - sizeof(char *) * ud.topic_count); - ud.topics[ud.topic_count-1] = optarg; - break; -+ case 'u': -+ username = optarg; - case 'v': - ud.verbose = 1; - break; -@@ -286,6 +296,14 @@ int main(int argc, char *argv[]) - goto cleanup; - } - -+ if (!username != !password) { -+ fprintf(stderr, "Need to set both username and password\n"); -+ goto cleanup; -+ } -+ -+ if (username && password) -+ mosquitto_username_pw_set(mosq, username, password); -+ - #ifdef WITH_TLS - if ((cafile || capath) && mosquitto_tls_set(mosq, cafile, capath, certfile, - keyfile, NULL)) { --- -2.18.0 - diff --git a/main/mqtt-exec/APKBUILD b/main/mqtt-exec/APKBUILD index 28dc57d3af8..4d312cbc718 100644 --- a/main/mqtt-exec/APKBUILD +++ b/main/mqtt-exec/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mqtt-exec -pkgver=0.4 -pkgrel=6 +pkgver=0.5 +pkgrel=0 pkgdesc="simple MQTT client that executes a command on messages" url="https://github.com/ncopa/mqtt-exec" arch="all" @@ -12,8 +12,6 @@ makedepends="$depends_dev mosquitto-dev" options="!check" # no checks available. subpackages="$pkgname-dbg $pkgname-openrc" source="mqtt-exec-$pkgver.tar.gz::https://github.com/ncopa/mqtt-exec/archive/v$pkgver.tar.gz - 0001-authentication-expose-authentication-with-credential.patch - 0001-Let-library-generate-client-id-when-unset.patch mqtt-exec.initd mqtt-exec.confd " @@ -33,9 +31,7 @@ package() { } sha512sums=" -1448b2dda0f27a5275c113331ea2bc073ec1740797c1bb5b472ee3e0fd4d3ef4bcdfa6dc42e7540ee154b291c3d70df89f0646899ebb1bfe585d1384797de5e7 mqtt-exec-0.4.tar.gz -418058ecc05922df186d0dcbfeab7656977256a143f0346406598d1cf7331d3ba95a9b004bf3b6581be2e3cb2fbf5e69d7954b4c7ac488863f0318506c7f1c7c 0001-authentication-expose-authentication-with-credential.patch -7007ad1afcba6b5c0e6224a30e3a6c1b9ce178603b27f575bb76d7b979b8e7f4c4c1226afa3ff8cf1f217fff832d0a69cff1cfbc205203dcb8a98afbf6f345ed 0001-Let-library-generate-client-id-when-unset.patch +55746aabe17d47153c01549a65f0db9278a39dc642e355b8416e905934a3abe233eb0ad763ae8add08bf6c3ad8ccaa97e9bac4372c8af6fea522f6670378acd7 mqtt-exec-0.5.tar.gz f8cab7fe709fc80b3a75f1d65d55e10c05a4b27e319a9190d3ee78050fea86d8c6512e3d624b8b413dab01b2043bed5f672453090251b93d261d79125f9f0d17 mqtt-exec.initd e5cce69f5ad1f0fcf0eb0be7675c2f4ca4ba5518e8303adb16673b7e402dbe8d48b57c4b4512a0d3aba4541241d2ddeca68b88354d089606f67a5549508b44b5 mqtt-exec.confd " diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index b6f28b12021..ec41b411722 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.2.2 -pkgrel=1 +pkgrel=2 pkgdesc="the musl c library (libc) implementation" url="https://musl.libc.org/" arch="all" @@ -26,6 +26,10 @@ source="musl-$commit.tar.gz::https://git.musl-libc.org/cgit/musl/snapshot/$commi revert-faccessat2.patch syscall-cp-epoll.patch + relr-1.patch + relr-2.patch + relr-3.patch + relr-4.patch ldconfig __stack_chk_fail_local.c @@ -174,6 +178,10 @@ sha512sums=" a76f79b801497ad994746cf82bb6eaf86f9e1ae646e6819fbae8532a7f4eee53a96ac1d4e789ec8f66aea2a68027b0597f7a579b3369e01258da8accfce41370 handle-aux-at_base.patch 76de7511fa1ae44aa513a11d306a691172342c04cdd524bcc2f70d0e646744de832ef3254cdd3d409efa4581d601eee7e02a70af11f5530f6bacd59f1e65a979 revert-faccessat2.patch d256ba7857c98d39b86aa73674eda5d45ab8134dde3fac2bc48ebb6ba9a824c20c43f2cdc6af54d2a45c162d1e4ec6517c36400992bba10496bcc51b374cbcd0 syscall-cp-epoll.patch +8ebcde1e07819de208ab89ed0a71fdcc67a5b1cecec5aa19a92bc9f4f3c2708a9ff1528370089de0b71e9ec3b2e08dfa49694db433ac190ba055aa112ae12bde relr-1.patch +38b40ebedf57ba05ba14807a55a26261eeca8b6226a90a7aaebaaa31bae0bb7f5b98e0ce3ed727b704b828c9e509a21745f3e089585f8dea7092be164ec9d908 relr-2.patch +9dc41f682887ef9a7b00253f576d0b738936c20d9bc5a54fa96552a82a2f056f0111936ad9778b96745befd6a660276618b4e05bef3c7f52d8c2a9e6d41e386c relr-3.patch +ee6ec5943df10597af0df3d6f792720a22d2070debb6933656a10a906725d1170c28c32ba8ad53efc72e77bd1d97efdbd3c80e91eddb856f377e917ff14ae8f3 relr-4.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/relr-1.patch b/main/musl/relr-1.patch new file mode 100644 index 00000000000..f7b4b9084f6 --- /dev/null +++ b/main/musl/relr-1.patch @@ -0,0 +1,100 @@ +From d32dadd60efb9d3b255351a3b532f8e4c3dd0db1 Mon Sep 17 00:00:00 2001 +From: Fangrui Song <i@maskray.me> +Date: Tue, 2 Aug 2022 17:24:47 -0400 +Subject: ldso: support DT_RELR relative relocation format + +this resolves DT_RELR relocations in non-ldso, dynamic-linked objects. +--- + include/elf.h | 8 ++++++-- + ldso/dynlink.c | 21 ++++++++++++++++++++- + src/internal/dynlink.h | 2 +- + 3 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/include/elf.h b/include/elf.h +index 86e2f0bb..9e980a29 100644 +--- a/include/elf.h ++++ b/include/elf.h +@@ -385,7 +385,8 @@ typedef struct { + #define SHT_PREINIT_ARRAY 16 + #define SHT_GROUP 17 + #define SHT_SYMTAB_SHNDX 18 +-#define SHT_NUM 19 ++#define SHT_RELR 19 ++#define SHT_NUM 20 + #define SHT_LOOS 0x60000000 + #define SHT_GNU_ATTRIBUTES 0x6ffffff5 + #define SHT_GNU_HASH 0x6ffffff6 +@@ -754,7 +755,10 @@ typedef struct { + #define DT_PREINIT_ARRAY 32 + #define DT_PREINIT_ARRAYSZ 33 + #define DT_SYMTAB_SHNDX 34 +-#define DT_NUM 35 ++#define DT_RELRSZ 35 ++#define DT_RELR 36 ++#define DT_RELRENT 37 ++#define DT_NUM 38 + #define DT_LOOS 0x6000000d + #define DT_HIOS 0x6ffff000 + #define DT_LOPROC 0x70000000 +diff --git a/ldso/dynlink.c b/ldso/dynlink.c +index cc677952..e92f03cb 100644 +--- a/ldso/dynlink.c ++++ b/ldso/dynlink.c +@@ -210,7 +210,8 @@ static void decode_vec(size_t *v, size_t *a, size_t cnt) + size_t i; + for (i=0; i<cnt; i++) a[i] = 0; + for (; v[0]; v+=2) if (v[0]-1<cnt-1) { +- a[0] |= 1UL<<v[0]; ++ if (v[0] < 8*sizeof(long)) ++ a[0] |= 1UL<<v[0]; + a[v[0]] = v[1]; + } + } +@@ -515,6 +516,23 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri + } + } + ++static void do_relr_relocs(struct dso *dso, size_t *relr, size_t relr_size) ++{ ++ unsigned char *base = dso->base; ++ size_t *reloc_addr; ++ for (; relr_size; relr++, relr_size-=sizeof(size_t)) ++ if ((relr[0]&1) == 0) { ++ reloc_addr = laddr(dso, relr[0]); ++ *reloc_addr++ += (size_t)base; ++ } else { ++ int i = 0; ++ for (size_t bitmap=relr[0]; (bitmap>>=1); i++) ++ if (bitmap&1) ++ reloc_addr[i] += (size_t)base; ++ reloc_addr += 8*sizeof(size_t)-1; ++ } ++} ++ + static void redo_lazy_relocs() + { + struct dso *p = lazy_head, *next; +@@ -1357,6 +1375,7 @@ static void reloc_all(struct dso *p) + 2+(dyn[DT_PLTREL]==DT_RELA)); + do_relocs(p, laddr(p, dyn[DT_REL]), dyn[DT_RELSZ], 2); + do_relocs(p, laddr(p, dyn[DT_RELA]), dyn[DT_RELASZ], 3); ++ do_relr_relocs(p, laddr(p, dyn[DT_RELR]), dyn[DT_RELRSZ]); + + if (head != &ldso && p->relro_start != p->relro_end) { + long ret = __syscall(SYS_mprotect, laddr(p, p->relro_start), +diff --git a/src/internal/dynlink.h b/src/internal/dynlink.h +index 51c0639f..830354eb 100644 +--- a/src/internal/dynlink.h ++++ b/src/internal/dynlink.h +@@ -93,7 +93,7 @@ struct fdpic_dummy_loadmap { + #endif + + #define AUX_CNT 32 +-#define DYN_CNT 32 ++#define DYN_CNT 37 + + typedef void (*stage2_func)(unsigned char *, size_t *); + +-- +cgit v1.2.1 + diff --git a/main/musl/relr-2.patch b/main/musl/relr-2.patch new file mode 100644 index 00000000000..0bbf8128e71 --- /dev/null +++ b/main/musl/relr-2.patch @@ -0,0 +1,31 @@ +From bf99258564fd5b58974d93201ab61506eb8cb03e Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Tue, 2 Aug 2022 17:29:01 -0400 +Subject: ldso: process RELR only for non-FDPIC archs + +the way RELR is applied is not a meaningful operation for FDPIC (there +is no single "base" address). it seems unlikely RELR would ever be +added for FDPIC, but if it ever is, the behavior and possibly data +format will need to be different, so guard against calling the +non-FDPIC code. +--- + ldso/dynlink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ldso/dynlink.c b/ldso/dynlink.c +index e92f03cb..fd09ca69 100644 +--- a/ldso/dynlink.c ++++ b/ldso/dynlink.c +@@ -1375,7 +1375,8 @@ static void reloc_all(struct dso *p) + 2+(dyn[DT_PLTREL]==DT_RELA)); + do_relocs(p, laddr(p, dyn[DT_REL]), dyn[DT_RELSZ], 2); + do_relocs(p, laddr(p, dyn[DT_RELA]), dyn[DT_RELASZ], 3); +- do_relr_relocs(p, laddr(p, dyn[DT_RELR]), dyn[DT_RELRSZ]); ++ if (!DL_FDPIC) ++ do_relr_relocs(p, laddr(p, dyn[DT_RELR]), dyn[DT_RELRSZ]); + + if (head != &ldso && p->relro_start != p->relro_end) { + long ret = __syscall(SYS_mprotect, laddr(p, p->relro_start), +-- +cgit v1.2.1 + diff --git a/main/musl/relr-3.patch b/main/musl/relr-3.patch new file mode 100644 index 00000000000..4094d3fbac1 --- /dev/null +++ b/main/musl/relr-3.patch @@ -0,0 +1,46 @@ +From 6f3ead0ae16deb9f0004b275e29a276c9712ee3c Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Mon, 12 Sep 2022 08:30:36 -0400 +Subject: process DT_RELR relocations in ldso-startup/static-pie + +commit d32dadd60efb9d3b255351a3b532f8e4c3dd0db1 added DT_RELR +processing for programs and shared libraries processed by the dynamic +linker, but left them unsupported in the dynamic linker itseld and in +static pie binaries, which self-relocate via code in dlstart.c. + +add the equivalent processing to this code path so that there are not +arbitrary restrictions on where the new packed relative relocation +form can be used. +--- + ldso/dlstart.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/ldso/dlstart.c b/ldso/dlstart.c +index 20d50f2c..259f5e18 100644 +--- a/ldso/dlstart.c ++++ b/ldso/dlstart.c +@@ -140,6 +140,21 @@ hidden void _dlstart_c(size_t *sp, size_t *dynv) + size_t *rel_addr = (void *)(base + rel[0]); + *rel_addr = base + rel[2]; + } ++ ++ rel = (void *)(base+dyn[DT_RELR]); ++ rel_size = dyn[DT_RELRSZ]; ++ size_t *relr_addr = 0; ++ for (; rel_size; rel++, rel_size-=sizeof(size_t)) { ++ if ((rel[0]&1) == 0) { ++ relr_addr = (void *)(base + rel[0]); ++ *relr_addr++ += base; ++ } else { ++ for (size_t i=0, bitmap=rel[0]; bitmap>>=1; i++) ++ if (bitmap&1) ++ relr_addr[i] += base; ++ relr_addr += 8*sizeof(size_t)-1; ++ } ++ } + #endif + + stage2_func dls2; +-- +cgit v1.2.1 + diff --git a/main/musl/relr-4.patch b/main/musl/relr-4.patch new file mode 100644 index 00000000000..68c5446b880 --- /dev/null +++ b/main/musl/relr-4.patch @@ -0,0 +1,12 @@ +diff --git a/ldso/dynlink.c b/ldso/dynlink.c +index 7b47b163..753de91d 100644 +--- a/ldso/dynlink.c ++++ b/ldso/dynlink.c +@@ -552,6 +552,7 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri + + static void do_relr_relocs(struct dso *dso, size_t *relr, size_t relr_size) + { ++ if (dso == &ldso) return; // self-relocation already done a entry point + unsigned char *base = dso->base; + size_t *reloc_addr; + for (; relr_size; relr++, relr_size-=sizeof(size_t)) diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD index 1159c7d6b70..07135e8dce2 100644 --- a/main/nodejs/APKBUILD +++ b/main/nodejs/APKBUILD @@ -6,11 +6,11 @@ # Maintainer: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: -# 14.20.0-r0: -# - CVE-2022-32212 +# 14.20.1-r0: # - CVE-2022-32213 # - CVE-2022-32214 # - CVE-2022-32215 +# - CVE-2022-35256 # 14.19.0-r0: # - CVE-2022-21824 # - CVE-2021-44533 @@ -93,12 +93,13 @@ # 6.11.1-r0: # - CVE-2017-1000381 # 0: +# - CVE-2022-32212 # - CVE-2022-32223 # pkgname=nodejs # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Odd-numbered versions are supported only for 9 months by upstream. -pkgver=14.20.0 +pkgver=14.20.1 pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - LTS version" url="https://nodejs.org/" @@ -215,7 +216,7 @@ npm() { } sha512sums=" -ac9733553d52e8bd95307161073e9c2bcefed5663dcdcd992c18d37bdff36c919192c2aeb476747e4933ea139f46371c0e2de888519b4aa4293fc059c99473a4 node-v14.20.0.tar.gz +955a393506a11a288e4eb86de3b1cb42aa0668b1837e2a34b92ce6743be0ac7a4d50a62d1a909c7eaf8d864fd900b69f7c6aef0d5c33d26b126adf1e6ce483b2 node-v14.20.1.tar.gz dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373 disable-running-gyp-on-shared-deps.patch 44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf link-with-libatomic-on-mips32.patch 30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f fix-build-with-system-c-ares.patch diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 5327c95f8da..329257b3e54 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl -pkgver=1.1.1q +pkgver=1.1.1s _abiver=${pkgver%.*} pkgrel=0 pkgdesc="Toolkit for Transport Layer Security (TLS)" @@ -132,7 +132,7 @@ _libssl() { } sha512sums=" -cb9f184ec4974a3423ef59c8ec86b6bf523d5b887da2087ae58c217249da3246896fdd6966ee9c13aea9e6306783365239197e9f742c508a0e35e5744e3e085f openssl-1.1.1q.tar.gz +2ef983f166b5e1bf456ca37938e7e39d58d4cd85e9fc4b5174a05f5c37cc5ad89c3a9af97a6919bcaab128a8a92e4bdc8a045e5d9156d90768da8f73ac67c5b9 openssl-1.1.1s.tar.gz 43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch " diff --git a/main/perl-datetime-timezone/APKBUILD b/main/perl-datetime-timezone/APKBUILD index 33bcc574721..b60ae1ff23f 100644 --- a/main/perl-datetime-timezone/APKBUILD +++ b/main/perl-datetime-timezone/APKBUILD @@ -4,7 +4,7 @@ pkgname=perl-datetime-timezone #_pkgreal is used by apkbuild-cpan to find modules at MetaCpan _pkgreal=DateTime-TimeZone -pkgver=2.51 +pkgver=2.56 pkgrel=0 pkgdesc="Time zone object base class and factory" url="https://metacpan.org/release/DateTime-TimeZone/" @@ -37,5 +37,5 @@ package() { sha512sums=" -11a506d71cb0875b322c9fe4bdb76a4ab2569127f33530a0970f50a851dc13b2e70dd110eca24a23fd997b3dae3c595045c6d3b03223615b40e6855be28ede08 DateTime-TimeZone-2.51.tar.gz +0ee4a7aed9a2377102d693eb0c98df43a9add5d329570e835d5b8bbe4bbfee7df793d6847f2ef9fb0ad958327ad8b688968d0f57ec4ae3033d1d866ab385498d DateTime-TimeZone-2.56.tar.gz " diff --git a/main/pixman/APKBUILD b/main/pixman/APKBUILD index 74507f860bd..52917cad840 100644 --- a/main/pixman/APKBUILD +++ b/main/pixman/APKBUILD @@ -1,16 +1,22 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=pixman pkgver=0.40.0 -pkgrel=2 +pkgrel=3 pkgdesc="Low-level pixel manipulation library" url="https://gitlab.freedesktop.org/pixman" arch="all" license="MIT" makedepends="meson libpng-dev linux-headers" subpackages="$pkgname-static $pkgname-dev $pkgname-dbg" -source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz" +source="https://gitlab.freedesktop.org/pixman/pixman/-/archive/pixman-$pkgver/pixman-pixman-$pkgver.tar.gz + $pkgname-CVE-2022-44638.patch::https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395.patch + " builddir="$srcdir/pixman-pixman-$pkgver" +# secfixes: +# 0.40.0-r3: +# - CVE-2022-44638 +# case "$CARCH" in # broken test (likely due to endianness assumptions) s390x) options="!check" ;; @@ -32,4 +38,7 @@ package() { DESTDIR="$pkgdir" meson install --no-rebuild -C output } -sha512sums="18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6 pixman-pixman-0.40.0.tar.gz" +sha512sums=" +18774e22add5c5442edede5467fa07234c2b9e57a79d88110f25424e4253c6ab0c2921e951c5686cefebf4724ff19ad053d0c28f4d2f8d642bbcf6fc71764ef6 pixman-pixman-0.40.0.tar.gz +141ad0a4b77d3ea28faab3b73dcb71ca48c3d9431b128a072c7bf934a5096c73a01209847639bf8b08a2b21243bf79147dc32774586b09641c2d8750ed7eeea2 pixman-CVE-2022-44638.patch +" diff --git a/main/postfix/APKBUILD b/main/postfix/APKBUILD index 48b8b706a9b..850a4b9bd3d 100644 --- a/main/postfix/APKBUILD +++ b/main/postfix/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=postfix -pkgver=3.5.16 +pkgver=3.5.17 pkgrel=0 pkgdesc="Secure and fast drop-in replacement for Sendmail (MTA)" url="http://www.postfix.org/" @@ -197,7 +197,7 @@ stone() { } sha512sums=" -81e482b2474df0fb711c86e83c585669b3934d3de1c74fc1bc0bef216225a91809fe802b53e9134bad6916d3dd889267b89dd83f78876f361f18a3192b07cefc postfix-3.5.16.tar.gz +7a58a371fe418d39af1d72c6dcf4692b5d2437958aa8c5e9b9754b2c4b2f4281b330324647a50f6cf11a694c1261dcb0dfd98a8618f24d08991adcda535955bf postfix-3.5.17.tar.gz 2752e69c4e1857bdcf29444ffb458bca818bc60b9c77c20823c5f5b87c36cb5e0f3217a625a7fe5788d5bfcef7570a1f2149e1233fcd23ccf7ee14190aff47a2 postfix.initd 25cd34f23ca909d4e33aaf3239d1e397260abc7796d9a4456dee4f005682fd3a58aab8106126e5218c95bdddae415a3ef7e2223cd3b0d7b1e2bd76158bb7eaf8 postfix-install.patch 0769e2e503486f8dd6fa21f2c534ad7df7a9f1bb57dde2f0ad61863a3e615d0a6dc18132b27796eb28cd81afb2b4e97c65c9d490a391f835aa3b7b18e74252c5 lmdb-default.patch diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD index 5f67c3579f9..0daf3b95cec 100644 --- a/main/postgresql/APKBUILD +++ b/main/postgresql/APKBUILD @@ -2,7 +2,7 @@ # Contributor: G.J.R. Timmer <gjr.timmer@gmail.com> # Contributor: Jakub Jirutka <jakub@jirutka.cz> pkgname=postgresql -pkgver=13.7 +pkgver=13.12 pkgrel=0 pkgdesc="A sophisticated object-relational DBMS" url="https://www.postgresql.org/" @@ -35,6 +35,15 @@ source="https://ftp.postgresql.org/pub/source/v$pkgver/postgresql-$pkgver.tar.bz " # secfixes: +# 13.12-r0: +# - CVE-2023-39418 +# - CVE-2023-39417 +# 13.11-r0: +# - CVE-2023-2454 +# - CVE-2023-2455 +# - CVE-2022-41862 +# 13.8-r0: +# - CVE-2022-2625 # 13.7-r0: # - CVE-2022-1552 # 13.5-r0: @@ -276,7 +285,7 @@ _run_tests() { } sha512sums=" -9254f21519c8d4e926f70082503bb5593c91064a3d2a4ea18ac503dfd9aa94751d6f01ce00fca9fec9b2b7af40caf8d0951b661dd8be4d6aa87c1e35b6fa7a41 postgresql-13.7.tar.bz2 +6b6f6de998016b33f0954d4ed8233b84d98abd2dc9b50f5e959f403d1d87a7e9c3b8c8c2ed456806578c2610982f41be3169d9afd4221c52c320b1a2795043e4 postgresql-13.12.tar.bz2 1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch 27e00b58fe5c3899c66fc0dde51846c14701bcfedd132b106d676783ba603e8cbdc6e620f29b52dc892bdaa9302052788cf5e575a1659f61c017a12e0d2ee4d0 perl-rpath.patch 8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch diff --git a/main/py3-tz/APKBUILD b/main/py3-tz/APKBUILD index 1c38ea8c48e..94db0dc0f1f 100644 --- a/main/py3-tz/APKBUILD +++ b/main/py3-tz/APKBUILD @@ -1,17 +1,16 @@ # Contributor: Peter Bui <pnutzh4x0r@gmail.com> # Maintainer: Fabian Affolter <fabian@affolter-engineering.ch> pkgname=py3-tz -_pkgname=pytz -pkgver=2020.5 +pkgver=2022.6 pkgrel=0 pkgdesc="Python3 definitions of world timezone" -url="http://pytz.sourceforge.net/" +url="https://pythonhosted.org/pytz/" arch="noarch" license="MIT" depends="python3" makedepends="py3-setuptools" -source="https://pypi.io/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz" -builddir="$srcdir/$_pkgname-$pkgver" +source="https://pypi.python.org/packages/source/p/pytz/pytz-$pkgver.tar.gz" +builddir="$srcdir/pytz-$pkgver" replaces="py-tz" # Backwards compatibility provides="py-tz=$pkgver-r$pkgrel" # Backwards compatibility @@ -29,4 +28,6 @@ package() { python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="0845c0b7cefb8732e3016568b17ae73232fe6537bac6da89cb1bf911ba5786ee1be6b5e3aa8767225291e3a7e9afd5b8e40e4051671a3a006f9e2f71c551e13e pytz-2020.5.tar.gz" +sha512sums=" +ea0343453d011e252fba64502984e2a43ea7c7437a211025ca68a4a45178c8aaef4c2b65261434289b21166a99a1941ec9e2d9d26bb3d22a76cbaa421250131d pytz-2022.6.tar.gz +" diff --git a/main/python3/APKBUILD b/main/python3/APKBUILD index 85409ce1cef..66fc72a5cf9 100644 --- a/main/python3/APKBUILD +++ b/main/python3/APKBUILD @@ -3,7 +3,7 @@ pkgname=python3 # the python3-tkinter's pkgver needs to be synchronized with this. -pkgver=3.8.10 +pkgver=3.8.15 _bluez_ver=5.54 _basever="${pkgver%.*}" pkgrel=0 @@ -125,6 +125,7 @@ EOF fail="$fail test_runpy" # fails on x86_64 fail="$fail test_threading" # hangs on all arches (except x86_64?) fail="$fail test_asyncio" # hangs; routinely problematic (e.g. bpo-39101, bpo-41891, bpo-42183) + fail="$fail test_minidom" # we fixed expat cves via backports, this thinks it's newer and fails # kernel related fail="$fail test_fcntl" # wants DNOTIFY, we don't have it @@ -184,9 +185,11 @@ wininst() { "$subpkgdir"/usr/lib/python$_basever/distutils/command } -sha512sums="0be69705483ff9692e12048a96180e586f9d84c8d53066629f7fb2389585eb75c0f3506bb8182936e322508f58b71f4d8c6dfebbab9049b31b49da11d3b98e80 Python-3.8.10.tar.xz +sha512sums=" +4fb3827b13c2452faa75e5ed18dddf381e80b4fffcfde046e289b4629cff0bb87fba1d09916b9b8a6f8039dc422c952293ebdb381c49f8ca7e7893ae4be6c28d Python-3.8.15.tar.xz e19d15d3a478a7af47c1921c8827843492e38787b1182152155bd3d8ad9e1d8ee25c5fda1f24e38c54ebbf946b09fe75007dca9a24d1c35f73303558e558dcbe bluez-5.54.tar.xz 37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch d489b5d5f374e2b298954a2388771e500c6cf9b274012e06b3e71a34aa85c354369b3fa2a37c3121808075c1f1f340a9fa097996c149399e10b9424170211d90 custom-bluetooth-h-path.patch -a84483246e413650a904c34c18f5e4f4168c39067d069f48557c330de6eb3db19fd96a4d453d742db3dcb7c7f962722903f62823c752ff90510c89830435ffc0 arm-alignment.patch" +a84483246e413650a904c34c18f5e4f4168c39067d069f48557c330de6eb3db19fd96a4d453d742db3dcb7c7f962722903f62823c752ff90510c89830435ffc0 arm-alignment.patch +" diff --git a/main/rsync/APKBUILD b/main/rsync/APKBUILD index 1e3375c0c70..3e83c882a1b 100644 --- a/main/rsync/APKBUILD +++ b/main/rsync/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=rsync -pkgver=3.2.4 +pkgver=3.2.5 pkgrel=0 pkgdesc="A file transfer program to keep remote files in sync" url="https://rsync.samba.org/" @@ -9,7 +9,6 @@ license="GPL-3.0-or-later" makedepends="perl acl-dev attr-dev popt-dev zlib-dev zstd-dev" subpackages="$pkgname-doc $pkgname-openrc rrsync" source="https://download.samba.org/pub/rsync/src/rsync-$pkgver.tar.gz - CVE-2022-29154.patch rsyncd.initd rsyncd.confd rsyncd.conf @@ -74,7 +73,7 @@ package() { rrsync() { pkgdesc="Restricted rsync, restricts rsync to a subdir declared in .ssh/authorized_keys" - depends="rsync perl" + depends="rsync python3" arch="noarch" cd "$builddir" @@ -82,8 +81,7 @@ rrsync() { } sha512sums=" -96318e2754fbddf84d16df671c721e577766969dfa415925c4dc1be2e4e60a51246623747a8aec0c6e9c0824e6aa7335235ccd07f3d6fd901f8cf28e2d6e91b6 rsync-3.2.4.tar.gz -e96d0af37294da9992bb35dfe4b6fa35505dcbb33dae0e2dae734de0cac3fcbd4d2ef95deb882b1bff89bdd74560d592714bca6d6b81ffcfa71a56757c007dde CVE-2022-29154.patch +6d115acb5bae546cd2b5df2c11390f8609107b7a45aa649158d8daa0c9290ab5f15640fdd4000b21d1ab39f7385b85d77cd8fe4628fa13b2adeea6fcd53d057a rsync-3.2.5.tar.gz b9bf1aa02f96e4294642ead5751bd529ca1267c08e83a16342fba5736c3a8ec89568feb11fb737e974cb1bee7e00e7a8898d25844892366c6167b9ea8d1e647c rsyncd.initd d91337cfb57e6e3b2a8ba1e24f7d851dd927bfc327da2212b9eb0acda0e1ca2f24987f6dcc4903eccc3bf170e0f115172b3cfa5a172700495296f26302c834d7 rsyncd.confd 3db8a2b364fc89132af6143af90513deb6be3a78c8180d47c969e33cb5edde9db88aad27758a6911f93781e3c9846aeadc80fffc761c355d6a28358853156b62 rsyncd.conf diff --git a/main/rsync/CVE-2022-29154.patch b/main/rsync/CVE-2022-29154.patch deleted file mode 100644 index 2fdd47db3f4..00000000000 --- a/main/rsync/CVE-2022-29154.patch +++ /dev/null @@ -1,384 +0,0 @@ -Patch-Source: https://github.com/WayneD/rsync/commit/b7231c7d02cfb65d291af74ff66e7d8c507ee871 -dropped non-applying manpage commits ---- -From b7231c7d02cfb65d291af74ff66e7d8c507ee871 Mon Sep 17 00:00:00 2001 -From: Wayne Davison <wayne@opencoder.net> -Date: Sun, 31 Jul 2022 16:55:34 -0700 -Subject: [PATCH] Some extra file-list safety checks. - ---- - exclude.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++- - flist.c | 17 ++++++- - io.c | 4 ++ - main.c | 7 ++- - receiver.c | 11 +++-- - rsync.1.md | 44 ++++++++++++++++-- - 6 files changed, 202 insertions(+), 11 deletions(-) - -diff --git a/exclude.c b/exclude.c -index 39073a0c..b670c8ba 100644 ---- a/exclude.c -+++ b/exclude.c -@@ -27,16 +27,22 @@ extern int am_server; - extern int am_sender; - extern int eol_nulls; - extern int io_error; -+extern int xfer_dirs; -+extern int recurse; - extern int local_server; - extern int prune_empty_dirs; - extern int ignore_perishable; -+extern int old_style_args; -+extern int relative_paths; - extern int delete_mode; - extern int delete_excluded; - extern int cvs_exclude; - extern int sanitize_paths; - extern int protocol_version; -+extern int list_only; - extern int module_id; - -+extern char *filesfrom_host; - extern char curr_dir[MAXPATHLEN]; - extern unsigned int curr_dir_len; - extern unsigned int module_dirlen; -@@ -44,8 +50,10 @@ extern unsigned int module_dirlen; - filter_rule_list filter_list = { .debug_type = "" }; - filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" }; - filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" }; -+filter_rule_list implied_filter_list = { .debug_type = " [implied]" }; - - int saw_xattr_filter = 0; -+int trust_sender_filter = 0; - - /* Need room enough for ":MODS " prefix plus some room to grow. */ - #define MAX_RULE_PREFIX (16) -@@ -292,6 +300,125 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_ - } - } - -+/* Each arg the client sends to the remote sender turns into an implied include -+ * that the receiver uses to validate the file list from the sender. */ -+void add_implied_include(const char *arg) -+{ -+ filter_rule *rule; -+ int arg_len, saw_wild = 0, backslash_cnt = 0; -+ int slash_cnt = 1; /* We know we're adding a leading slash. */ -+ const char *cp; -+ char *p; -+ if (old_style_args || list_only || filesfrom_host != NULL) -+ return; -+ if (relative_paths) { -+ cp = strstr(arg, "/./"); -+ if (cp) -+ arg = cp+3; -+ } else { -+ if ((cp = strrchr(arg, '/')) != NULL) -+ arg = cp + 1; -+ } -+ arg_len = strlen(arg); -+ if (arg_len) { -+ if (strpbrk(arg, "*[?")) { -+ /* We need to add room to escape backslashes if wildcard chars are present. */ -+ cp = arg; -+ while ((cp = strchr(cp, '\\')) != NULL) { -+ arg_len++; -+ cp++; -+ } -+ saw_wild = 1; -+ } -+ arg_len++; /* Leave room for the prefixed slash */ -+ rule = new0(filter_rule); -+ if (!implied_filter_list.head) -+ implied_filter_list.head = implied_filter_list.tail = rule; -+ else { -+ rule->next = implied_filter_list.head; -+ implied_filter_list.head = rule; -+ } -+ rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ p = rule->pattern = new_array(char, arg_len + 1); -+ *p++ = '/'; -+ cp = arg; -+ while (*cp) { -+ switch (*cp) { -+ case '\\': -+ backslash_cnt++; -+ if (saw_wild) -+ *p++ = '\\'; -+ *p++ = *cp++; -+ break; -+ case '/': -+ if (p[-1] == '/') /* This is safe because of the initial slash. */ -+ break; -+ if (relative_paths) { -+ filter_rule const *ent; -+ int found = 0; -+ *p = '\0'; -+ for (ent = implied_filter_list.head; ent; ent = ent->next) { -+ if (ent != rule && strcmp(ent->pattern, rule->pattern) == 0) -+ found = 1; -+ } -+ if (!found) { -+ filter_rule *R_rule = new0(filter_rule); -+ R_rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0); -+ R_rule->pattern = strdup(rule->pattern); -+ R_rule->u.slash_cnt = slash_cnt; -+ R_rule->next = implied_filter_list.head; -+ implied_filter_list.head = R_rule; -+ } -+ } -+ slash_cnt++; -+ *p++ = *cp++; -+ break; -+ default: -+ *p++ = *cp++; -+ break; -+ } -+ } -+ *p = '\0'; -+ rule->u.slash_cnt = slash_cnt; -+ arg = (const char *)rule->pattern; -+ } -+ -+ if (recurse || xfer_dirs) { -+ /* Now create a rule with an added "/" & "**" or "*" at the end */ -+ rule = new0(filter_rule); -+ if (recurse) -+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD | FILTRULE_WILD2; -+ else -+ rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD; -+ /* A +4 in the len leaves enough room for / * * \0 or / * \0 \0 */ -+ if (!saw_wild && backslash_cnt) { -+ /* We are appending a wildcard, so now the backslashes need to be escaped. */ -+ p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1); -+ cp = arg; -+ while (*cp) { -+ if (*cp == '\\') -+ *p++ = '\\'; -+ *p++ = *cp++; -+ } -+ } else { -+ p = rule->pattern = new_array(char, arg_len + 3 + 1); -+ if (arg_len) { -+ memcpy(p, arg, arg_len); -+ p += arg_len; -+ } -+ } -+ if (p[-1] != '/') -+ *p++ = '/'; -+ *p++ = '*'; -+ if (recurse) -+ *p++ = '*'; -+ *p = '\0'; -+ rule->u.slash_cnt = slash_cnt + 1; -+ rule->next = implied_filter_list.head; -+ implied_filter_list.head = rule; -+ } -+} -+ - /* This frees any non-inherited items, leaving just inherited items on the list. */ - static void pop_filter_list(filter_rule_list *listp) - { -@@ -718,7 +845,7 @@ static void report_filter_result(enum logcode code, char const *name, - : name_flags & NAME_IS_DIR ? "directory" - : "file"; - rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n", -- w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)], -+ w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)], - t, name, ent->pattern, - ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type); - } -@@ -890,6 +1017,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr, - } - switch (ch) { - case ':': -+ trust_sender_filter = 1; - rule->rflags |= FILTRULE_PERDIR_MERGE - | FILTRULE_FINISH_SETUP; - /* FALL THROUGH */ -diff --git a/flist.c b/flist.c -index 1ba306bc..0e6bf782 100644 ---- a/flist.c -+++ b/flist.c -@@ -73,6 +73,7 @@ extern int need_unsorted_flist; - extern int sender_symlink_iconv; - extern int output_needs_newline; - extern int sender_keeps_checksum; -+extern int trust_sender_filter; - extern int unsort_ndx; - extern uid_t our_uid; - extern struct stats stats; -@@ -83,8 +84,7 @@ extern char curr_dir[MAXPATHLEN]; - - extern struct chmod_mode_struct *chmod_modes; - --extern filter_rule_list filter_list; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list; - - #ifdef ICONV_OPTION - extern int filesfrom_convert; -@@ -986,6 +986,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x - exit_cleanup(RERR_UNSUPPORTED); - } - -+ if (*thisname != '.' || thisname[1] != '\0') { -+ int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */ -+ && filter_list.head && check_filter(&filter_list, FINFO, thisname, filt_flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) { -+ rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname); -+ exit_cleanup(RERR_PROTOCOL); -+ } -+ } -+ - if (inc_recurse && S_ISDIR(mode)) { - if (one_file_system) { - /* Room to save the dir's device for -x */ -diff --git a/io.c b/io.c -index cf94cee7..a6e3ed30 100644 ---- a/io.c -+++ b/io.c -@@ -419,6 +419,7 @@ static void forward_filesfrom_data(void) - while (s != eob) { - if (*s++ == '\0') { - ff_xb.len = s - sob - 1; -+ add_implied_include(sob); - if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) - exit_cleanup(RERR_PROTOCOL); /* impossible? */ - write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */ -@@ -450,9 +451,12 @@ static void forward_filesfrom_data(void) - char *f = ff_xb.buf + ff_xb.pos; - char *t = ff_xb.buf; - char *eob = f + len; -+ char *cur = t; - /* Eliminate any multi-'\0' runs. */ - while (f != eob) { - if (!(*t++ = *f++)) { -+ add_implied_include(cur); -+ cur = t; - while (f != eob && *f == '\0') - f++; - } -diff --git a/main.c b/main.c -index 58920a2d..5a7fbdd7 100644 ---- a/main.c -+++ b/main.c -@@ -89,6 +89,7 @@ extern int backup_dir_len; - extern int basis_dir_cnt; - extern int default_af_hint; - extern int stdout_format_has_i; -+extern int trust_sender_filter; - extern struct stats stats; - extern char *stdout_format; - extern char *logfile_format; -@@ -104,7 +105,7 @@ extern char curr_dir[MAXPATHLEN]; - extern char backup_dir_buf[MAXPATHLEN]; - extern char *basis_dir[MAX_BASIS_DIRS+1]; - extern struct file_list *first_flist; --extern filter_rule_list daemon_filter_list; -+extern filter_rule_list daemon_filter_list, implied_filter_list; - - uid_t our_uid; - gid_t our_gid; -@@ -635,6 +636,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in - #ifdef ICONV_CONST - setup_iconv(); - #endif -+ trust_sender_filter = 1; - } else if (local_server) { - /* If the user didn't request --[no-]whole-file, force - * it on, but only if we're not batch processing. */ -@@ -1500,6 +1502,8 @@ static int start_client(int argc, char *argv[]) - char *dummy_host; - int dummy_port = rsync_port; - int i; -+ if (filesfrom_fd < 0) -+ add_implied_include(remote_argv[0]); - /* For remote source, any extra source args must have either - * the same hostname or an empty hostname. */ - for (i = 1; i < remote_argc; i++) { -@@ -1523,6 +1527,7 @@ static int start_client(int argc, char *argv[]) - if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */ - arg = "."; - remote_argv[i] = arg; -+ add_implied_include(arg); - } - } - -diff --git a/receiver.c b/receiver.c -index b3a69da0..93cf8efd 100644 ---- a/receiver.c -+++ b/receiver.c -@@ -593,10 +593,13 @@ int recv_files(int f_in, int f_out, char *local_name) - if (DEBUG_GTE(RECV, 1)) - rprintf(FINFO, "recv_files(%s)\n", fname); - -- if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0') -- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { -- rprintf(FERROR, "attempt to hack rsync failed.\n"); -- exit_cleanup(RERR_PROTOCOL); -+ if (daemon_filter_list.head && (*fname != '.' || fname[1] != '\0')) { -+ int filt_flags = S_ISDIR(file->mode) ? NAME_IS_DIR : NAME_IS_FILE; -+ if (check_filter(&daemon_filter_list, FLOG, fname, filt_flags) < 0) { -+ rprintf(FERROR, "ERROR: rejecting file transfer request for daemon excluded file: %s\n", -+ fname); -+ exit_cleanup(RERR_PROTOCOL); -+ } - } - - #ifdef SUPPORT_XATTRS -diff --git a/rsync.1.md b/rsync.1.md -index 8603529a..576dd90b 100644 ---- a/rsync.1.md -+++ b/rsync.1.md -@@ -167,6 +167,33 @@ separate the files into different rsync calls, or consider using - [`--delay-updates`](#opt) (which doesn't affect the sorted transfer order, but - does make the final file-updating phase happen much more rapidly). - -+## MULTI-HOST SECURITY -+ -+Rsync takes steps to ensure that the file requests that are shared in a -+transfer are protected against various security issues. Most of the potential -+problems arise on the receiving side where rsync takes steps to ensure that the -+list of files being transferred remains within the bounds of what was -+requested. -+ -+Toward this end, rsync 3.1.2 and later have aborted when a file list contains -+an absolute or relative path that tries to escape out of the top of the -+transfer. Also, beginning with version 3.2.5, rsync does two more safety -+checks of the file list to (1) ensure that no extra source arguments were added -+into the transfer other than those that the client requested and (2) ensure -+that the file list obeys the exclude rules that we sent to the sender. -+ -+For those that don't yet have a 3.2.5 client rsync, it is safest to do a copy -+into a dedicated destination directory for the remote files rather than -+requesting the remote content get mixed in with other local content. For -+example, doing an rsync copy into your home directory is potentially unsafe on -+an older rsync if the remote rsync is being controlled by a bad actor: -+ -+> rsync -aiv host1:dir1 ~ -+ -+A safer command would be: -+ -+> rsync -aiv host1:dir1 ~/host1-files -+ - ## ADVANCED USAGE - - The syntax for requesting multiple files from a remote host is done by -@@ -2343,6 +2370,12 @@ option name from the pathname using a space if you want the shell to expand it. - behavior. The environment is always overridden by manually specified - positive or negative options (the negative is `--no-old-args`). - -+ Note that this option also disables the extra safety check added in 3.2.5 -+ that ensures that a remote sender isn't including extra top-level items in -+ the file-list that you didn't request. This side-effect is necessary -+ because we can't know for sure what names to expect when the remote shell -+ is interpreting the args. -+ - This option conflicts with the [`--protect-args`](#opt) option. - - 0. `--protect-args`, `-s` diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 132c261d577..3779c0f73f4 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.9.1 _pkgver=${pkgver//_rc/rc} -pkgrel=1 +pkgrel=2 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -19,6 +19,8 @@ subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc" source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 https://download.strongswan.org/security/CVE-2021-41990/strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch https://download.strongswan.org/security/CVE-2021-41991/strongswan-4.4.1-5.9.3_cert-cache-random.patch + https://download.strongswan.org/security/CVE-2021-45079/strongswan-5.5.0-5.9.4_eap_success.patch + https://download.strongswan.org/security/CVE-2022-40617/strongswan-5.1.0-5.9.7_cert_online_validate.patch 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch @@ -31,6 +33,9 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 " # secfixes: +# 5.9.1-r2: +# - CVE-2021-45079 +# - CVE-2022-40617 # 5.9.1-r1: # - CVE-2021-41990 # - CVE-2021-41991 @@ -136,6 +141,8 @@ sha512sums=" 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 strongswan-5.9.1.tar.bz2 42bb9dc02e04735183cb2966e23f26bdb2b14b56b10dc3df770cfbea066a690130ce84dc3a17b1369c2d45852bcd8a2902f19368099a1e71c858293decdb48ee strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch 39f607625bc6aa128b71e65e9806c60051015378d0250961bafbe787aa652141e1b3126d235b9cede08e4fe816b3220dbae54e40492b0aeb48f034220f1ee446 strongswan-4.4.1-5.9.3_cert-cache-random.patch +d3ecccf616a1d0a0b364a64f9d5cd0a75d7230948a8b455217d3f665f2a9f4b79bda787c2d0b608c31b40bf9c97c89b7e18b37794794bef4c7b17b4f0bf430a2 strongswan-5.5.0-5.9.4_eap_success.patch +748753eb615cceaea162a264b40c1ae9d4fd2b3ea2f15d6faf40b19619f11e3b98d0e0bbc2339261ce4fff9cb070c25a1037778c3d6476e3c6e97397dcd19c47 strongswan-5.1.0-5.9.7_cert_online_validate.patch 8cd2f7e10dca25c8739b18f26f0aba427d00c5689ee126da5fc2699ce75ed567f0d25b4e50b716eab58097c06a51418e489e7f853d02bb53ba32aca72a6ae7c8 1001-charon-add-optional-source-and-remote-overrides-for-.patch f92609a1f6810786baeae1688688cbdd2a3116200cdba8d23e13da08992f5280bcbe04712cc89402f1e39aff6f4ebc8da05a2529b1e61e25a5229deb74c4dc3f 1002-vici-send-certificates-for-ike-sa-events.patch da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75ceb99d51813f8e59631e687b09c1ff5c6437388f5f4d9647 1003-vici-add-support-for-individual-sa-state-changes.patch diff --git a/main/sudo/APKBUILD b/main/sudo/APKBUILD index 76254db7f3b..0ee0bf0f033 100644 --- a/main/sudo/APKBUILD +++ b/main/sudo/APKBUILD @@ -2,13 +2,13 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=sudo -pkgver=1.9.5p2 +pkgver=1.9.12 if [ "${pkgver%_*}" != "$pkgver" ]; then _realver=${pkgver%_*}${pkgver#*_} else _realver=$pkgver fi -pkgrel=0 +pkgrel=1 pkgdesc="Give certain users the ability to run some commands as root" url="https://www.sudo.ws/sudo/" arch="all" @@ -16,9 +16,7 @@ license="custom ISC" makedepends="zlib-dev bash mandoc" subpackages="$pkgname-doc $pkgname-dev" source="https://www.sudo.ws/dist/sudo-$_realver.tar.gz - fix-cross-compile.patch - SIGUNUSED.patch - " + CVE-2022-43995.patch" options="suid" builddir="$srcdir/sudo-$_realver" @@ -51,9 +49,6 @@ build() { --with-sendmail=/usr/sbin/sendmail \ --with-passprompt="[sudo] password for %p: " - # Workaround until SIGUNUSED.patch is not needed anymore - rm lib/util/mksiglist.h lib/util/mksigname.h - make -C lib/util DEVEL=1 mksiglist.h mksigname.h make } @@ -69,6 +64,5 @@ package() { rm -rf "$pkgdir"/var/run } -sha512sums="f0fe914963c31a6f8ab6c86847ff6cdd125bd5a839b27f46dcae03963f4fc413b3d4cca54c1979feb825c8479b44c7df0642c07345c941eecf6f9f1e03ea0e27 sudo-1.9.5p2.tar.gz -f476bb5ac02c3222d3be7eecb828131374e0baf806cc0fd548fb9d4a90f40a848d0ef58851a63ea1d988b720fe259312f3a457ca994ac0e93ed9e16fc72d5234 fix-cross-compile.patch -03a2cef9fcc26cc2711edb5928c945fcf214b22139bb88d77538d25f3bfd144d17b6c9dabb1e01960ac1697d83b3452397a5ef4c7d0e68ea72548a631b212e6d SIGUNUSED.patch" +sha512sums="34ee165baa2e37ba2530901d49bf0dad30159f27aeccd2519d4719bf93be8281edff71220a49ba2e41dacaa3c58031de1464df48d75a8caea7b9568a76f80b67 sudo-1.9.12.tar.gz +47f7b14663a2e98dc98190346361f447c4a0b71fa3074d2c9dcaf15ef0cac7621bea27e25cced6f6005ada4deb4b11521dc418bf25bca18b70feafc6f7e6f359 CVE-2022-43995.patch" diff --git a/main/sudo/CVE-2022-43995.patch b/main/sudo/CVE-2022-43995.patch new file mode 100644 index 00000000000..fb4f802e300 --- /dev/null +++ b/main/sudo/CVE-2022-43995.patch @@ -0,0 +1,50 @@ +From bd209b9f16fcd1270c13db27ae3329c677d48050 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" <Todd.Miller@sudo.ws> +Date: Fri, 28 Oct 2022 07:29:55 -0600 +Subject: [PATCH] Fix CVE-2022-43995, potential heap overflow for passwords < 8 + characters. Starting with sudo 1.8.0 the plaintext password buffer is + dynamically sized so it is not safe to assume that it is at least 9 bytes in + size. Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz. + +--- + plugins/sudoers/auth/passwd.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c +index b2046eca2..0416861e9 100644 +--- a/plugins/sudoers/auth/passwd.c ++++ b/plugins/sudoers/auth/passwd.c +@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) + int + sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) + { +- char sav, *epass; ++ char des_pass[9], *epass; + char *pw_epasswd = auth->data; + size_t pw_len; + int matched = 0; +@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + + /* + * Truncate to 8 chars if standard DES since not all crypt()'s do this. +- * If this turns out not to be safe we will have to use OS #ifdef's (sigh). + */ +- sav = pass[8]; + pw_len = strlen(pw_epasswd); +- if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) +- pass[8] = '\0'; ++ if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { ++ strlcpy(des_pass, pass, sizeof(des_pass)); ++ pass = des_pass; ++ } + + /* + * Normal UN*X password check. +@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c + * only compare the first DESLEN characters in that case. + */ + epass = (char *) crypt(pass, pw_epasswd); +- pass[8] = sav; + if (epass != NULL) { + if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) + matched = !strncmp(pw_epasswd, epass, DESLEN); diff --git a/main/sudo/SIGUNUSED.patch b/main/sudo/SIGUNUSED.patch deleted file mode 100644 index be4f73541b8..00000000000 --- a/main/sudo/SIGUNUSED.patch +++ /dev/null @@ -1,19 +0,0 @@ -Upstream: No -Reason: Musl compatibility - ---- a/lib/util/siglist.in 2019-10-10 11:32:54.000000000 -0500 -+++ b/lib/util/siglist.in 2019-10-14 16:42:46.259938722 -0500 -@@ -17,11 +17,12 @@ - EMT EMT trap - FPE Floating point exception - KILL Killed -+# before UNUSED (musl defines them as the same number) -+ SYS Bad system call - # before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED) - UNUSED Unused - BUS Bus error - SEGV Memory fault -- SYS Bad system call - PIPE Broken pipe - ALRM Alarm clock - TERM Terminated diff --git a/main/sudo/fix-cross-compile.patch b/main/sudo/fix-cross-compile.patch deleted file mode 100644 index f001877a406..00000000000 --- a/main/sudo/fix-cross-compile.patch +++ /dev/null @@ -1,18 +0,0 @@ -Upstream: No -Reason: Enable cross-compile - ---- ./lib/util/Makefile.in.orig -+++ ./lib/util/Makefile.in -@@ -160,10 +160,10 @@ - ./mksigname > $@ - - mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h -- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ -+ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@ - - mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h -- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ -+ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@ - - $(srcdir)/mksiglist.h: $(srcdir)/siglist.in - @if [ -n "$(DEVEL)" ]; then \ diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD index 4d93deb84bb..00308b932c3 100644 --- a/main/tiff/APKBUILD +++ b/main/tiff/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Michael Mason <ms13sp@gmail.com> pkgname=tiff -pkgver=4.3.0 +pkgver=4.4.0 pkgrel=0 pkgdesc="Provides support for the Tag Image File Format or TIFF" url="https://gitlab.com/libtiff/libtiff" @@ -12,21 +12,14 @@ depends_dev="zlib-dev libjpeg-turbo-dev" makedepends="libtool autoconf automake $depends_dev" checkdepends="diffutils" subpackages="$pkgname-doc $pkgname-dev $pkgname-tools libtiffxx:_libtiffxx" -source="https://gitlab.com/libtiff/libtiff/-/archive/v$pkgver/libtiff-v$pkgver.tar.gz - CVE-2018-12900.patch - CVE-2022-0561.patch - CVE-2022-0562.patch - CVE-2022-0865.patch - CVE-2022-0891.patch - CVE-2022-0907.patch - CVE-2022-0908.patch - CVE-2022-0909.patch - CVE-2022-0924.patch - CVE-2022-22844.patch - " +source="https://gitlab.com/libtiff/libtiff/-/archive/v$pkgver/libtiff-v$pkgver.tar.gz" builddir="$srcdir/libtiff-v$pkgver" # secfixes: +# 4.4.0-r0: +# - CVE-2022-2867 +# - CVE-2022-2868 +# - CVE-2022-2869 # 4.3.0-r0: # - CVE-2022-0561 # - CVE-2022-0562 @@ -125,15 +118,5 @@ tools() { } sha512sums=" -eaa2503dc1805283e0590b06e3e660a793fe849ae8b975b2d69369695d65a40640787c156574faaca856917be799eeb844e60f55555e1f219dd513cef66ea95d libtiff-v4.3.0.tar.gz -c321f1d4e5d334cdb3b0800299e8165055c040c0c030220769ccfdadcc7fd35a0f3231115f44dc86fe5e34f32eafe1074aa85495a744717f8fc10c0cab2ab085 CVE-2018-12900.patch -a1a11110f74ab4ee5468aae51962bea48a2bcbd51c9cb75dbb4e277cec394afab644906eb3b3b6fb95f413821a4799c227f986b720c383b8553dea67a92236a0 CVE-2022-0561.patch -d2decdafd32a2a41001a263c6da5f538538286d54e5072afb2a3d281ca7815ac0e78f5ab9a72e10b28fe9960819038fc6cff6419e2ac7982aea6199012d3ae80 CVE-2022-0562.patch -e8eb613809909e463fb8b401f295c56f41a8f8aabe0acea2f14e52ab42f90c62b7eee5c6fedfdce0f6c15c093dd2f11e34af1b23491782716254832d353fbc75 CVE-2022-0865.patch -516fb18524a6d0320000515daeadc2a0272aaf409e158c67fec49ba6704abcaed6f9a73c6e8e3ec13c6e0ff7a952bd36e8187dcdda5cd3931f2ffcaede33fc46 CVE-2022-0891.patch -1b7168bf339b31fd2b532ccdd99dd25787ed71220ef6db3f1206e618f7150f095dee8aed7bb84fa4af304bb5bc1914e800c03c88e5c03385943fd6c41d3e82da CVE-2022-0907.patch -2feea03d8493d5fef3815ecf3ad52df2aef0db7def8832531f3d1e6e59df548729a51259f3a06a9b017219fffd37d541e06964bb3622a01b47d3e4408cd3850f CVE-2022-0908.patch -d415ef9dd5292e7bbb1da76dfa11ecbe149d0c5039afc5134e2afae72ae264bcdd8417c96051c61fad6635d0530b9c5cd2e2ef30458baa3d0dce59b3489baf8f CVE-2022-0909.patch -78fcddd4e254178349971629bccc25be451f2b6d816c0ed063fad034060814c9f97c04904ff58f1923b7ae1c6c4d00d86ba2c8cf950e864f3bc8ead871a3ff45 CVE-2022-0924.patch -d22f8486e5166a9e0a3ddae910972001aa806baef7619f7b6aaba219f850faf5144bb2cc6668090646cf9d849fdd4217ff5f542746184aa1cd1d21078e33f579 CVE-2022-22844.patch +93955a2b802cf243e41d49048499da73862b5d3ffc005e3eddf0bf948a8bd1537f7c9e7f112e72d082549b4c49e256b9da9a3b6d8039ad8fc5c09a941b7e75d7 libtiff-v4.4.0.tar.gz " diff --git a/main/tiff/CVE-2018-12900.patch b/main/tiff/CVE-2018-12900.patch deleted file mode 100644 index f95cd06a523..00000000000 --- a/main/tiff/CVE-2018-12900.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001 -From: pgajdos <pgajdos@suse.cz> -Date: Tue, 13 Nov 2018 09:03:31 +0100 -Subject: [PATCH] prevent integer overflow - ---- - tools/tiffcp.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 2f406e2d..ece7ba13 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) - status = 0; - goto done; - } -+ if (0xFFFFFFFF / tilew < spp) -+ { -+ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps); -+ status = 0; -+ goto done; -+ } - bytes_per_sample = bps/8; - - for (row = 0; row < imagelength; row += tl) { --- -2.18.1 - diff --git a/main/tiff/CVE-2022-0561.patch b/main/tiff/CVE-2022-0561.patch deleted file mode 100644 index 7bda47c46eb..00000000000 --- a/main/tiff/CVE-2022-0561.patch +++ /dev/null @@ -1,29 +0,0 @@ -From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sun, 6 Feb 2022 13:08:38 +0100 -Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null - source pointer and size of zero (fixes #362) - ---- - libtiff/tif_dirread.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 23194ced..50ebf8ac 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l - _TIFFfree(data); - return(0); - } -- _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); -- _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); -+ if( dir->tdir_count ) -+ _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); -+ _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); - _TIFFfree(data); - data=resizeddata; - } --- -GitLab - diff --git a/main/tiff/CVE-2022-0562.patch b/main/tiff/CVE-2022-0562.patch deleted file mode 100644 index 906b641aac0..00000000000 --- a/main/tiff/CVE-2022-0562.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sat, 5 Feb 2022 20:36:41 +0100 -Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null - source pointer and size of zero (fixes #362) - ---- - libtiff/tif_dirread.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 2bbc4585..23194ced 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) - goto bad; - } - -- memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); -+ if (old_extrasamples > 0) -+ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); - _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); - _TIFFfree(new_sampleinfo); - } --- -GitLab - diff --git a/main/tiff/CVE-2022-0865.patch b/main/tiff/CVE-2022-0865.patch deleted file mode 100644 index bcb339974f2..00000000000 --- a/main/tiff/CVE-2022-0865.patch +++ /dev/null @@ -1,34 +0,0 @@ -From a1c933dabd0e1c54a412f3f84ae0aa58115c6067 Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Thu, 24 Feb 2022 22:26:02 +0100 -Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple IFD - in memory-mapped mode and when bit reversal is needed (fixes #385) - ---- - libtiff/tif_jbig.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c -index 74086338..8bfa4cef 100644 ---- a/libtiff/tif_jbig.c -+++ b/libtiff/tif_jbig.c -@@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme) - */ - tif->tif_flags |= TIFF_NOBITREV; - tif->tif_flags &= ~TIFF_MAPPED; -+ /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and -+ * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial -+ * value to be consistent with the state of a non-memory mapped file. -+ */ -+ if (tif->tif_flags&TIFF_BUFFERMMAP) { -+ tif->tif_rawdata = NULL; -+ tif->tif_rawdatasize = 0; -+ tif->tif_flags &= ~TIFF_BUFFERMMAP; -+ tif->tif_flags |= TIFF_MYBUFFER; -+ } - - /* Setup the function pointers for encode, decode, and cleanup. */ - tif->tif_setupdecode = JBIGSetupDecode; --- -GitLab - diff --git a/main/tiff/CVE-2022-0891.patch b/main/tiff/CVE-2022-0891.patch deleted file mode 100644 index d038d0450d5..00000000000 --- a/main/tiff/CVE-2022-0891.patch +++ /dev/null @@ -1,214 +0,0 @@ -From 232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c Mon Sep 17 00:00:00 2001 -From: Su Laus <sulau@freenet.de> -Date: Tue, 8 Mar 2022 17:02:44 +0000 -Subject: [PATCH] tiffcrop: fix issue #380 and #382 heap buffer overflow in - extractImageSection - ---- - tools/tiffcrop.c | 92 +++++++++++++++++++----------------------------- - 1 file changed, 36 insertions(+), 56 deletions(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index f2e5474a..e62bcc71 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -105,8 +105,8 @@ - * of messages to monitor progress without enabling dump logs. - */ - --static char tiffcrop_version_id[] = "2.4"; --static char tiffcrop_rev_date[] = "12-13-2010"; -+static char tiffcrop_version_id[] = "2.4.1"; -+static char tiffcrop_rev_date[] = "03-03-2010"; - - #include "tif_config.h" - #include "libport.h" -@@ -6739,10 +6739,10 @@ extractImageSection(struct image_data *image, struct pageseg *section, - #ifdef DEVELMODE - uint32_t img_length; - #endif -- uint32_t j, shift1, shift2, trailing_bits; -+ uint32_t j, shift1, trailing_bits; - uint32_t row, first_row, last_row, first_col, last_col; - uint32_t src_offset, dst_offset, row_offset, col_offset; -- uint32_t offset1, offset2, full_bytes; -+ uint32_t offset1, full_bytes; - uint32_t sect_width; - #ifdef DEVELMODE - uint32_t sect_length; -@@ -6752,7 +6752,6 @@ extractImageSection(struct image_data *image, struct pageseg *section, - #ifdef DEVELMODE - int k; - unsigned char bitset; -- static char *bitarray = NULL; - #endif - - img_width = image->width; -@@ -6770,17 +6769,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, - dst_offset = 0; - - #ifdef DEVELMODE -- if (bitarray == NULL) -- { -- if ((bitarray = (char *)malloc(img_width)) == NULL) -- { -- TIFFError ("", "DEBUG: Unable to allocate debugging bitarray"); -- return (-1); -- } -- } -+ char bitarray[39]; - #endif - -- /* rows, columns, width, length are expressed in pixels */ -+ /* rows, columns, width, length are expressed in pixels -+ * first_row, last_row, .. are index into image array starting at 0 to width-1, -+ * last_col shall be also extracted. */ - first_row = section->y1; - last_row = section->y2; - first_col = section->x1; -@@ -6790,9 +6784,14 @@ extractImageSection(struct image_data *image, struct pageseg *section, - #ifdef DEVELMODE - sect_length = last_row - first_row + 1; - #endif -- img_rowsize = ((img_width * bps + 7) / 8) * spp; -- full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */ -- trailing_bits = (sect_width * bps) % 8; -+ /* The read function loadImage() used copy separate plane data into a buffer as interleaved -+ * samples rather than separate planes so the same logic works to extract regions -+ * regardless of the way the data are organized in the input file. -+ * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1 -+ */ -+ img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */ -+ full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */ -+ trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */ - - #ifdef DEVELMODE - TIFFError ("", "First row: %"PRIu32", last row: %"PRIu32", First col: %"PRIu32", last col: %"PRIu32"\n", -@@ -6805,10 +6804,9 @@ extractImageSection(struct image_data *image, struct pageseg *section, - - if ((bps % 8) == 0) - { -- col_offset = first_col * spp * bps / 8; -+ col_offset = (first_col * spp * bps) / 8; - for (row = first_row; row <= last_row; row++) - { -- /* row_offset = row * img_width * spp * bps / 8; */ - row_offset = row * img_rowsize; - src_offset = row_offset + col_offset; - -@@ -6821,14 +6819,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, - } - else - { /* bps != 8 */ -- shift1 = spp * ((first_col * bps) % 8); -- shift2 = spp * ((last_col * bps) % 8); -+ shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/ - for (row = first_row; row <= last_row; row++) - { - /* pull out the first byte */ - row_offset = row * img_rowsize; -- offset1 = row_offset + (first_col * bps / 8); -- offset2 = row_offset + (last_col * bps / 8); -+ offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */ - - #ifdef DEVELMODE - for (j = 0, k = 7; j < 8; j++, k--) -@@ -6840,12 +6836,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, - sprintf(&bitarray[9], " "); - for (j = 10, k = 7; j < 18; j++, k--) - { -- bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0; -+ bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0; - sprintf(&bitarray[j], (bitset) ? "1" : "0"); - } - bitarray[18] = '\0'; -- TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Shift2: %"PRIu32"\n", -- row, offset1, shift1, offset2, shift2); -+ TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n", -+ row, offset1, shift1, offset1+full_bytes, trailing_bits); - #endif - - bytebuff1 = bytebuff2 = 0; -@@ -6869,11 +6865,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, - - if (trailing_bits != 0) - { -- bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2)); -+ /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */ -+ bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits)); - sect_buff[dst_offset] = bytebuff2; - #ifdef DEVELMODE - TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", -- offset2, dst_offset); -+ offset1 + full_bytes, dst_offset); - for (j = 30, k = 7; j < 38; j++, k--) - { - bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0; -@@ -6892,8 +6889,10 @@ extractImageSection(struct image_data *image, struct pageseg *section, - #endif - for (j = 0; j <= full_bytes; j++) - { -- bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1); -- bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1)); -+ /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/ -+ /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */ -+ bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1); -+ bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1)); - sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1)); - } - #ifdef DEVELMODE -@@ -6909,36 +6908,17 @@ extractImageSection(struct image_data *image, struct pageseg *section, - #endif - dst_offset += full_bytes; - -+ /* Copy the trailing_bits for the last byte in the destination buffer. -+ Could come from one ore two bytes of the source buffer. */ - if (trailing_bits != 0) - { - #ifdef DEVELMODE -- TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", offset1 + full_bytes, dst_offset); --#endif -- if (shift2 > shift1) -- { -- bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2)); -- bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1); -- sect_buff[dst_offset] = bytebuff2; --#ifdef DEVELMODE -- TIFFError ("", " Shift2 > Shift1\n"); -+ TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset); - #endif -+ /* More than necessary bits are already copied into last destination buffer, -+ * only masking of last byte in destination buffer is necessary.*/ -+ sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits)); - } -- else -- { -- if (shift2 < shift1) -- { -- bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1)); -- sect_buff[dst_offset] &= bytebuff2; --#ifdef DEVELMODE -- TIFFError ("", " Shift2 < Shift1\n"); --#endif -- } --#ifdef DEVELMODE -- else -- TIFFError ("", " Shift2 == Shift1\n"); --#endif -- } -- } - #ifdef DEVELMODE - sprintf(&bitarray[28], " "); - sprintf(&bitarray[29], " "); -@@ -7091,7 +7071,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image, - width = sections[i].x2 - sections[i].x1 + 1; - length = sections[i].y2 - sections[i].y1 + 1; - sectsize = (uint32_t) -- ceil((width * image->bps + 7) / (double)8) * image->spp * length; -+ ceil((width * image->bps * image->spp + 7) / (double)8) * length; - /* allocate a buffer if we don't have one already */ - if (createImageSection(sectsize, sect_buff_ptr)) - { --- -GitLab - diff --git a/main/tiff/CVE-2022-0907.patch b/main/tiff/CVE-2022-0907.patch deleted file mode 100644 index 9f6e087b9d8..00000000000 --- a/main/tiff/CVE-2022-0907.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001 -From: Augustus <wangdw.augustus@qq.com> -Date: Mon, 7 Mar 2022 18:21:49 +0800 -Subject: [PATCH] add checks for return value of limitMalloc (#392) - ---- - tools/tiffcrop.c | 33 +++++++++++++++++++++------------ - 1 file changed, 21 insertions(+), 12 deletions(-) - -diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c -index f2e5474a..9b8acc7e 100644 ---- a/tools/tiffcrop.c -+++ b/tools/tiffcrop.c -@@ -7406,7 +7406,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) - if (!sect_buff) - { - sect_buff = (unsigned char *)limitMalloc(sectsize); -- *sect_buff_ptr = sect_buff; -+ if (!sect_buff) -+ { -+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); -+ return (-1); -+ } - _TIFFmemset(sect_buff, 0, sectsize); - } - else -@@ -7422,15 +7426,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) - else - sect_buff = new_buff; - -+ if (!sect_buff) -+ { -+ TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); -+ return (-1); -+ } - _TIFFmemset(sect_buff, 0, sectsize); - } - } - -- if (!sect_buff) -- { -- TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); -- return (-1); -- } - prev_sectsize = sectsize; - *sect_buff_ptr = sect_buff; - -@@ -7697,7 +7701,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, - if (!crop_buff) - { - crop_buff = (unsigned char *)limitMalloc(cropsize); -- *crop_buff_ptr = crop_buff; -+ if (!crop_buff) -+ { -+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); -+ return (-1); -+ } - _TIFFmemset(crop_buff, 0, cropsize); - prev_cropsize = cropsize; - } -@@ -7713,15 +7721,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, - } - else - crop_buff = new_buff; -+ if (!crop_buff) -+ { -+ TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); -+ return (-1); -+ } - _TIFFmemset(crop_buff, 0, cropsize); - } - } - -- if (!crop_buff) -- { -- TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); -- return (-1); -- } - *crop_buff_ptr = crop_buff; - - if (crop->crop_mode & CROP_INVERT) -@@ -9280,3 +9288,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui - * fill-column: 78 - * End: - */ -+ --- -GitLab - diff --git a/main/tiff/CVE-2022-0908.patch b/main/tiff/CVE-2022-0908.patch deleted file mode 100644 index 36b48583629..00000000000 --- a/main/tiff/CVE-2022-0908.patch +++ /dev/null @@ -1,29 +0,0 @@ -From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Thu, 17 Feb 2022 15:28:43 +0100 -Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null - source pointer and size of zero (fixes #383) - ---- - libtiff/tif_dirread.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c -index 50ebf8ac..2ec44a4f 100644 ---- a/libtiff/tif_dirread.c -+++ b/libtiff/tif_dirread.c -@@ -5091,7 +5091,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) - _TIFFfree(data); - return(0); - } -- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); -+ if (dp->tdir_count > 0 ) -+ { -+ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); -+ } - o[(uint32_t)dp->tdir_count]=0; - if (data!=0) - _TIFFfree(data); --- -GitLab - diff --git a/main/tiff/CVE-2022-0909.patch b/main/tiff/CVE-2022-0909.patch deleted file mode 100644 index 67dfeaeea24..00000000000 --- a/main/tiff/CVE-2022-0909.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 32ea0722ee68f503b7a3f9b2d557acb293fc8cde Mon Sep 17 00:00:00 2001 -From: 4ugustus <wangdw.augustus@qq.com> -Date: Tue, 8 Mar 2022 16:22:04 +0000 -Subject: [PATCH] fix the FPE in tiffcrop (#393) - ---- - libtiff/tif_dir.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c -index 57055ca9..59b346ca 100644 ---- a/libtiff/tif_dir.c -+++ b/libtiff/tif_dir.c -@@ -333,13 +333,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) - break; - case TIFFTAG_XRESOLUTION: - dblval = va_arg(ap, double); -- if( dblval < 0 ) -+ if( dblval != dblval || dblval < 0 ) - goto badvaluedouble; - td->td_xresolution = _TIFFClampDoubleToFloat( dblval ); - break; - case TIFFTAG_YRESOLUTION: - dblval = va_arg(ap, double); -- if( dblval < 0 ) -+ if( dblval != dblval || dblval < 0 ) - goto badvaluedouble; - td->td_yresolution = _TIFFClampDoubleToFloat( dblval ); - break; --- -GitLab - diff --git a/main/tiff/CVE-2022-0924.patch b/main/tiff/CVE-2022-0924.patch deleted file mode 100644 index f6cf2351d1a..00000000000 --- a/main/tiff/CVE-2022-0924.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 88d79a45a31c74cba98c697892fed5f7db8b963a Mon Sep 17 00:00:00 2001 -From: 4ugustus <wangdw.augustus@qq.com> -Date: Thu, 10 Mar 2022 08:48:00 +0000 -Subject: [PATCH] fix heap buffer overflow in tiffcp (#278) - ---- - tools/tiffcp.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/tools/tiffcp.c b/tools/tiffcp.c -index 224583e0..aa32b118 100644 ---- a/tools/tiffcp.c -+++ b/tools/tiffcp.c -@@ -1667,12 +1667,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) - tdata_t obuf; - tstrip_t strip = 0; - tsample_t s; -+ uint16_t bps = 0, bytes_per_sample; - - obuf = limitMalloc(stripsize); - if (obuf == NULL) - return (0); - _TIFFmemset(obuf, 0, stripsize); - (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); -+ (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); -+ if( bps == 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); -+ _TIFFfree(obuf); -+ return 0; -+ } -+ if( (bps % 8) != 0 ) -+ { -+ TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); -+ _TIFFfree(obuf); -+ return 0; -+ } -+ bytes_per_sample = bps/8; - for (s = 0; s < spp; s++) { - uint32_t row; - for (row = 0; row < imagelength; row += rowsperstrip) { -@@ -1682,7 +1697,7 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) - - cpContigBufToSeparateBuf( - obuf, (uint8_t*) buf + row * rowsize + s, -- nrows, imagewidth, 0, 0, spp, 1); -+ nrows, imagewidth, 0, 0, spp, bytes_per_sample); - if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) { - TIFFError(TIFFFileName(out), - "Error, can't write strip %"PRIu32, --- -GitLab - diff --git a/main/tiff/CVE-2022-22844.patch b/main/tiff/CVE-2022-22844.patch deleted file mode 100644 index b1f89b444ce..00000000000 --- a/main/tiff/CVE-2022-22844.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 03047a26952a82daaa0792957ce211e0aa51bc64 Mon Sep 17 00:00:00 2001 -From: 4ugustus <wangdw.augustus@qq.com> -Date: Tue, 25 Jan 2022 16:25:28 +0000 -Subject: [PATCH] tiffset: fix global-buffer-overflow for ASCII tags where - count is required (fixes #355) - ---- - tools/tiffset.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/tools/tiffset.c b/tools/tiffset.c -index 8c9e23c5..e7a88c09 100644 ---- a/tools/tiffset.c -+++ b/tools/tiffset.c -@@ -146,9 +146,19 @@ main(int argc, char* argv[]) - - arg_index++; - if (TIFFFieldDataType(fip) == TIFF_ASCII) { -- if (TIFFSetField(tiff, TIFFFieldTag(fip), argv[arg_index]) != 1) -- fprintf( stderr, "Failed to set %s=%s\n", -- TIFFFieldName(fip), argv[arg_index] ); -+ if(TIFFFieldPassCount( fip )) { -+ size_t len; -+ len = strlen(argv[arg_index]) + 1; -+ if (len > UINT16_MAX || TIFFSetField(tiff, TIFFFieldTag(fip), -+ (uint16_t)len, argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } else { -+ if (TIFFSetField(tiff, TIFFFieldTag(fip), -+ argv[arg_index]) != 1) -+ fprintf( stderr, "Failed to set %s=%s\n", -+ TIFFFieldName(fip), argv[arg_index] ); -+ } - } else if (TIFFFieldWriteCount(fip) > 0 - || TIFFFieldWriteCount(fip) == TIFF_VARIABLE) { - int ret = 1; --- -GitLab - diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD index 1dec5d6eff6..d757063abb9 100644 --- a/main/tzdata/APKBUILD +++ b/main/tzdata/APKBUILD @@ -2,10 +2,10 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=tzdata -pkgver=2022a -_tzcodever=2022a +pkgver=2022f +_tzcodever=2022f _ptzver=0.5 -pkgrel=0 +pkgrel=1 pkgdesc="Timezone data" url="https://www.iana.org/time-zones" arch="all" @@ -16,7 +16,9 @@ source="https://www.iana.org/time-zones/repository/releases/tzcode$_tzcodever.ta https://dev.alpinelinux.org/archive/posixtz/posixtz-$_ptzver.tar.xz 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch - 0002-fix-implicit-declaration-warnings-by-including-strin.patch" + 0002-fix-implicit-declaration-warnings-by-including-strin.patch + $pkgname-fix-tzalloc.patch::https://github.com/eggert/tz/commit/a91830b783db3bb481930c67914d3c16b821f717.patch + " builddir="$srcdir" _timezones="africa antarctica asia australasia europe northamerica \ @@ -24,7 +26,7 @@ _timezones="africa antarctica asia australasia europe northamerica \ options="!check" # Testsuite require nsgmls (SP) build() { - make cc="${CC:-gcc}" CFLAGS="$CFLAGS -DHAVE_STDINT_H=1" + make cc="${CC:-gcc}" CFLAGS="$CFLAGS -DHAVE_STDINT_H=1" \ TZDIR="/usr/share/zoneinfo" cd "$builddir"/posixtz-$_ptzver @@ -51,9 +53,10 @@ package() { } sha512sums=" -3f047a6f414ae3df4a3d6bb9b39a1790833d191ae48e6320ab9438cd326dc455475186a02c44e4cde96b48101ab000880919b1e0e8092aed7254443ed2c831ed tzcode2022a.tar.gz -542e4559beac8fd8c4af7d08d816fd12cfe7ffcb6f20bba4ff1c20eba717749ef96e5cf599b2fe03b5b8469c0467f8cb1c893008160da281055a123dd9e810d9 tzdata2022a.tar.gz +3e2ef91b972f1872e3e8da9eae9d1c4638bfdb32600f164484edd7147be45a116db80443cd5ae61b5c34f8b841e4362f4beefd957633f6cc9b7def543ed6752b tzcode2022f.tar.gz +72d05d05be999075cdf57b896c0f4238b1b862d4d0ed92cc611736592a4ada14d47bd7f0fc8be39e7938a7f5940a903c8af41e87859482bcfab787d889d429f6 tzdata2022f.tar.gz 68dbaab9f4aef166ac2f2d40b49366527b840bebe17a47599fe38345835e4adb8a767910745ece9c384b57af815a871243c3e261a29f41d71f8054df3061b3fd posixtz-0.5.tar.xz 0f2a10ee2bb4007f57b59123d1a0b8ef6accf99e568f21537f0bb19f290fff46e24050f55f12569d7787be600e1b62aa790ea85a333153f3ea081a812c81b1b5 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch fb322ab7867517ba39265d56d3576cbcea107c205d524e87015c1819bbb7361f7322232ee3b86ea9b8df2886e7e06a6424e3ac83b2006be290a33856c7d40ac4 0002-fix-implicit-declaration-warnings-by-including-strin.patch +642fb74699ca81abc5ec18633fa40c144a5b80665672e7ab6fa871847fb3c2d086be7e2e7ca8a1d3ec93b16384b1faad65efe9c65d8fdaf528777a34f1c16264 tzdata-fix-tzalloc.patch " diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index a125936a4f5..2a5644453d9 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=xen pkgver=4.14.5 -pkgrel=5 +pkgrel=7 pkgdesc="Xen hypervisor" url="https://www.xenproject.org/" arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8 @@ -272,6 +272,10 @@ options="!strip" # - CVE-2022-29900 XSA-407 # 4.14.5-r5: # - CVE-2022-33745 XSA-408 +# 4.14.5-r6: +# - CVE-2022-42309 XSA-412 +# 4.14.5-r7: +# - CVE-2022-23824 XSA-422 case "$CARCH" in x86*) @@ -373,6 +377,9 @@ source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz xsa407-4.14-11.patch xsa407-4.14-12.patch xsa408.patch + xsa414-4.14.patch + xsa422-4.14-1.patch + xsa422-4.14-2.patch " _seabios=/usr/share/seabios/bios-256k.bin @@ -645,4 +652,7 @@ efc5d0849c0dd53910f5f01c2278cb36c6723a4a208bac5416f9673e95aa7898e49f0894b66ae22d 4336d90c20f7311847c6933379463c032772682d0b4ea6b7cf0bf61c3dd5294357f03b7f7abeb7b9cf1804485d97c3f06cd69dd985c258b95c080229081a90cd xsa407-4.14-11.patch 4ebad40167c39f798459774a20db7a30dee2b5cefbc1170e59059b7aef94e4be2cab43c841613cd8cc64f33888054ed876f218953fcf2f0ee7086ce77e6b30a0 xsa407-4.14-12.patch 2a624ce29fa74f78d971a93ca48aa4f09e66b47f94ebc3d256681c40a2fc55fd4bb0ec060418f3d96841b1824e1a016c69e9ec90e7702a6ba8b69246d6466b3d xsa408.patch +4894a57920057aaf603de2a079569f7fd01f9e177c55845a3988f0714a35e164cbbe6779c145a5821cbcdeede26b0b9713d26aee113b6fab7259ff3c48b11c98 xsa414-4.14.patch +a429d89371a9688d6f3d215eab7ee12276115f9b09843bc237a08ae9ea3f9a7eb5c2d9bea9310e058f350b594d8a6cc9e9b09278ad25406a8b527eefcd00c88b xsa422-4.14-1.patch +f2f03e3c17624a5dd7be62403fb367c7369da2fb619c051f1f3a24dc760747a5828038049cd52525aefd8b9cb7a7a7ebb935bc4ebdbfc23bd011856479dbf2a7 xsa422-4.14-2.patch " diff --git a/main/xen/xsa414-4.14.patch b/main/xen/xsa414-4.14.patch new file mode 100644 index 00000000000..db7f7ec421e --- /dev/null +++ b/main/xen/xsa414-4.14.patch @@ -0,0 +1,112 @@ +From: Julien Grall <jgrall@amazon.com> +Subject: tools/xenstore: create_node: Don't defer work to undo any changes on + failure + +XSA-115 extended destroy_node() to update the node accounting for the +connection. The implementation is assuming the connection is the parent +of the node, however all the nodes are allocated using a separate context +(see process_message()). This will result to crash (or corrupt) xenstored +as the pointer is wrongly used. + +In case of an error, any changes to the database or update to the +accounting will now be reverted in create_node() by calling directly +destroy_node(). This has the nice advantage to remove the loop to unset +the destructors in case of success. + +Take the opportunity to free the nodes right now as they are not +going to be reachable (the function returns NULL) and are just wasting +resources. + +This is XSA-414 / CVE-2022-42309. + +Reported-by: Julien Grall <jgrall@amazon.com> +Fixes: 0bfb2101f243 ("tools/xenstore: fix node accounting after failed node creation") +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Juergen Gross <jgross@suse.com> + +diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c +index 1d05d25a4864..6afe8cb59d7e 100644 +--- a/tools/xenstore/xenstored_core.c ++++ b/tools/xenstore/xenstored_core.c +@@ -977,9 +977,8 @@ static struct node *construct_node(struct connection *conn, const void *ctx, + return NULL; + } + +-static int destroy_node(void *_node) ++static int destroy_node(struct connection *conn, struct node *node) + { +- struct node *node = _node; + TDB_DATA key; + + if (streq(node->name, "/")) +@@ -990,7 +989,7 @@ static int destroy_node(void *_node) + + tdb_delete(tdb_ctx, key); + +- domain_entry_dec(talloc_parent(node), node); ++ domain_entry_dec(conn, node); + + return 0; + } +@@ -999,7 +998,8 @@ static struct node *create_node(struct connection *conn, const void *ctx, + const char *name, + void *data, unsigned int datalen) + { +- struct node *node, *i; ++ struct node *node, *i, *j; ++ int ret; + + node = construct_node(conn, ctx, name); + if (!node) +@@ -1021,23 +1021,40 @@ static struct node *create_node(struct connection *conn, const void *ctx, + /* i->parent is set for each new node, so check quota. */ + if (i->parent && + domain_entry(conn) >= quota_nb_entry_per_domain) { +- errno = ENOSPC; +- return NULL; ++ ret = ENOSPC; ++ goto err; + } +- if (write_node(conn, i, false)) +- return NULL; + +- /* Account for new node, set destructor for error case. */ +- if (i->parent) { ++ ret = write_node(conn, i, false); ++ if (ret) ++ goto err; ++ ++ /* Account for new node */ ++ if (i->parent) + domain_entry_inc(conn, i); +- talloc_set_destructor(i, destroy_node); +- } + } + +- /* OK, now remove destructors so they stay around */ +- for (i = node; i->parent; i = i->parent) +- talloc_set_destructor(i, NULL); + return node; ++ ++err: ++ /* ++ * We failed to update TDB for some of the nodes. Undo any work that ++ * have already been done. ++ */ ++ for (j = node; j != i; j = j->parent) ++ destroy_node(conn, j); ++ ++ /* We don't need to keep the nodes around, so free them. */ ++ i = node; ++ while (i) { ++ j = i; ++ i = i->parent; ++ talloc_free(j); ++ } ++ ++ errno = ret; ++ ++ return NULL; + } + + /* path, data... */ diff --git a/main/xen/xsa422-4.14-1.patch b/main/xen/xsa422-4.14-1.patch new file mode 100644 index 00000000000..dccfba84f65 --- /dev/null +++ b/main/xen/xsa422-4.14-1.patch @@ -0,0 +1,70 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: Enumeration for IBPB_RET + +The IBPB_RET bit indicates that the CPU's implementation of MSR_PRED_CMD.IBPB +does flush the RSB/RAS too. + +This is part of XSA-422 / CVE-2022-23824. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c +index 25576b4d992d..1b7626f7d41c 100644 +--- a/tools/libxl/libxl_cpuid.c ++++ b/tools/libxl/libxl_cpuid.c +@@ -281,6 +281,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) + {"ssb-no", 0x80000008, NA, CPUID_REG_EBX, 26, 1}, + {"psfd", 0x80000008, NA, CPUID_REG_EBX, 28, 1}, + {"btc-no", 0x80000008, NA, CPUID_REG_EBX, 29, 1}, ++ {"ibpb-ret", 0x80000008, NA, CPUID_REG_EBX, 30, 1}, + + {"nc", 0x80000008, NA, CPUID_REG_ECX, 0, 8}, + {"apicidsize", 0x80000008, NA, CPUID_REG_ECX, 12, 4}, +diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c +index e5208cfa4538..7771da49532f 100644 +--- a/tools/misc/xen-cpuid.c ++++ b/tools/misc/xen-cpuid.c +@@ -158,6 +158,7 @@ static const char *const str_e8b[32] = + [24] = "amd-ssbd", [25] = "virt-ssbd", + [26] = "ssb-no", + [28] = "psfd", [29] = "btc-no", ++ [30] = "ibpb-ret", + }; + + static const char *const str_7d0[32] = +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index 563519ce0e31..679fbac57ec7 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -419,7 +419,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + * Hardware read-only information, stating immunity to certain issues, or + * suggestions of which mitigation to use. + */ +- printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", ++ printk(" Hardware hints:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RSBA) ? " RSBA" : "", +@@ -435,7 +435,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + (e8b & cpufeat_mask(X86_FEATURE_STIBP_ALWAYS)) ? " STIBP_ALWAYS" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_FAST)) ? " IBRS_FAST" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBRS_SAME_MODE)) ? " IBRS_SAME_MODE" : "", +- (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : ""); ++ (e8b & cpufeat_mask(X86_FEATURE_BTC_NO)) ? " BTC_NO" : "", ++ (e8b & cpufeat_mask(X86_FEATURE_IBPB_RET)) ? " IBPB_RET" : ""); + + /* Hardware features which need driving to mitigate issues. */ + printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s\n", +diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h +index 746a75200ab8..e536ab42b31d 100644 +--- a/xen/include/public/arch-x86/cpufeatureset.h ++++ b/xen/include/public/arch-x86/cpufeatureset.h +@@ -265,6 +265,7 @@ XEN_CPUFEATURE(VIRT_SSBD, 8*32+25) /* MSR_VIRT_SPEC_CTRL.SSBD */ + XEN_CPUFEATURE(SSB_NO, 8*32+26) /*A Hardware not vulnerable to SSB */ + XEN_CPUFEATURE(PSFD, 8*32+28) /*S MSR_SPEC_CTRL.PSFD */ + XEN_CPUFEATURE(BTC_NO, 8*32+29) /*A Hardware not vulnerable to Branch Type Confusion */ ++XEN_CPUFEATURE(IBPB_RET, 8*32+30) /*A IBPB clears RSB/RAS too. */ + + /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ + XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ diff --git a/main/xen/xsa422-4.14-2.patch b/main/xen/xsa422-4.14-2.patch new file mode 100644 index 00000000000..09cb00d3573 --- /dev/null +++ b/main/xen/xsa422-4.14-2.patch @@ -0,0 +1,99 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: Mitigate IBPB not flushing the RSB/RAS + +Introduce spec_ctrl_new_guest_context() to encapsulate all logic pertaining to +using MSR_PRED_CMD for a new guest context, even if it only has one user +presently. + +Introduce X86_BUG_IBPB_NO_RET, and use it extend spec_ctrl_new_guest_context() +with a manual fixup for hardware which mis-implements IBPB. + +This is part of XSA-422 / CVE-2022-23824. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/arch/x86/asm-macros.c b/xen/arch/x86/asm-macros.c +index b963d56a5663..8c585697b9f6 100644 +--- a/xen/arch/x86/asm-macros.c ++++ b/xen/arch/x86/asm-macros.c +@@ -1 +1,2 @@ + #include <asm/alternative-asm.h> ++#include <asm/spec_ctrl_asm.h> +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index 4fb78d38e719..b3774af1a5f6 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -1832,7 +1832,7 @@ void context_switch(struct vcpu *prev, struct vcpu *next) + */ + if ( *last_id != next_id ) + { +- wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); ++ spec_ctrl_new_guest_context(); + *last_id = next_id; + } + } +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index 679fbac57ec7..c650e07b0629 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -777,6 +777,14 @@ static void __init ibpb_calculations(void) + } + + /* ++ * AMD/Hygon CPUs to date (June 2022) don't flush the the RAS. Future ++ * CPUs are expected to enumerate IBPB_RET when this has been fixed. ++ * Until then, cover the difference with the software sequence. ++ */ ++ if ( boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_IBPB_RET) ) ++ setup_force_cpu_cap(X86_BUG_IBPB_NO_RET); ++ ++ /* + * IBPB-on-entry mitigations for Branch Type Confusion. + * + * IBPB && !BTC_NO selects all AMD/Hygon hardware, not known to be safe, +diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h +index b233e5835fb5..bdb119a34c5d 100644 +--- a/xen/include/asm-x86/cpufeatures.h ++++ b/xen/include/asm-x86/cpufeatures.h +@@ -48,6 +48,7 @@ XEN_CPUFEATURE(IBPB_ENTRY_HVM, X86_SYNTH(29)) /* MSR_PRED_CMD used by Xen for + + #define X86_BUG_FPU_PTRS X86_BUG( 0) /* (F)X{SAVE,RSTOR} doesn't save/restore FOP/FIP/FDP. */ + #define X86_BUG_CLFLUSH_MFENCE X86_BUG( 2) /* MFENCE needed to serialise CLFLUSH */ ++#define X86_BUG_IBPB_NO_RET X86_BUG( 3) /* IBPB doesn't flush the RSB/RAS */ + + /* Total number of capability words, inc synth and bug words. */ + #define NCAPINTS (FSCAPINTS + X86_NR_SYNTH + X86_NR_BUG) /* N 32-bit words worth of info */ +diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h +index 33e845991b0a..e400ff227391 100644 +--- a/xen/include/asm-x86/spec_ctrl.h ++++ b/xen/include/asm-x86/spec_ctrl.h +@@ -65,6 +65,28 @@ + void init_speculation_mitigations(void); + void spec_ctrl_init_domain(struct domain *d); + ++/* ++ * Switch to a new guest prediction context. ++ * ++ * This flushes all indirect branch predictors (BTB, RSB/RAS), so guest code ++ * which has previously run on this CPU can't attack subsequent guest code. ++ * ++ * As this flushes the RSB/RAS, it destroys the predictions of the calling ++ * context. For best performace, arrange for this to be used when we're going ++ * to jump out of the current context, e.g. with reset_stack_and_jump(). ++ * ++ * For hardware which mis-implements IBPB, fix up by flushing the RSB/RAS ++ * manually. ++ */ ++static always_inline void spec_ctrl_new_guest_context(void) ++{ ++ wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); ++ ++ /* (ab)use alternative_input() to specify clobbers. */ ++ alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET, ++ : "rax", "rcx"); ++} ++ + extern int8_t opt_ibpb_ctxt_switch; + extern bool opt_ssbd; + extern int8_t opt_eager_fpu; diff --git a/main/xtables-addons-lts/APKBUILD b/main/xtables-addons-lts/APKBUILD index d20dd247b8d..8d085b7f93e 100644 --- a/main/xtables-addons-lts/APKBUILD +++ b/main/xtables-addons-lts/APKBUILD @@ -7,7 +7,7 @@ _rel=0 _flavor=${FLAVOR:-lts} _kpkg=linux-$_flavor -_kver=5.10.131 +_kver=5.10.152 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/zfs-lts/APKBUILD b/main/zfs-lts/APKBUILD index b7021e9cfd1..9d2dd176373 100644 --- a/main/zfs-lts/APKBUILD +++ b/main/zfs-lts/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-lts} _kpkg=linux-$_flavor -_kver=5.10.131 +_kver=5.10.152 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/zlib/APKBUILD b/main/zlib/APKBUILD index 989c41687b2..ef345c16e0c 100644 --- a/main/zlib/APKBUILD +++ b/main/zlib/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=zlib pkgver=1.2.12 -pkgrel=1 +pkgrel=3 pkgdesc="A compression/decompression Library" arch="all" license="Zlib" @@ -11,8 +11,12 @@ source="https://zlib.net/zlib-$pkgver.tar.gz Fix-CC-logic-in-configure.patch configure-Pass-LDFLAGS-to-link-tests.patch crc32.patch + $pkgname-CVE-2022-37434.patch::https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1.patch + $pkgname-CVE-2022-37434-bugfix.patch::https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d.patch " # secfixes: +# 1.2.12-r2: +# - CVE-2022-37434 # 1.2.12-r0: # - CVE-2018-25032 @@ -41,4 +45,6 @@ cc2366fa45d5dfee1f983c8c51515e0cff959b61471e2e8d24350dea22d3f6fcc50723615a911b04 faa19991e88cbfd624ac9ce4a0ba12e3d7d54f88680b1a0a156a542a45bafe2053d69c6f309327817f7cc74f5765204bbb3c56ff531efd29d8fd6bb682c78598 Fix-CC-logic-in-configure.patch 76179eb7e498aef5bc88c3f826c6f2506a2d3c3a2e2560ef1825bd4a9297d68b0d2390619a4b3b0b2e6dde765431e5fba18fd15fbd1ad99827244f8f9bdbd909 configure-Pass-LDFLAGS-to-link-tests.patch 38f0593a0bc17336d31191b7af684e31ec2eb34bd3add49bcb1f95c5e2bfb4405ffc341c2650d52c4fbf417ab4f80a0cc82fb868c9816b04d25210ae29a71f2c crc32.patch +13bf48cb15636d77428e7e20d8c72d772eade1e099740f8541b7adee0e789097fa867512b6f3ebcff8496727999f2bf408e38414771c9b4440ad283f4c029558 zlib-CVE-2022-37434.patch +cadeb0b05da99435c2074cb0d7aebdec2bad1c745856c8ac6ea0f2474ef091d8efeea90deafe13757cbaa465ccfbbb1b8873a8025b24f3145b2a87abb84bac83 zlib-CVE-2022-37434-bugfix.patch " |