aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/ffmpeg/APKBUILD10
-rw-r--r--community/opam/APKBUILD15
-rw-r--r--community/openjdk7/APKBUILD94
-rw-r--r--community/openjdk7/icedtea-jdk-fix-build.patch2
-rw-r--r--community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch1450
-rw-r--r--community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch1377
-rw-r--r--community/openjdk7/icedtea-pr64174.patch24
-rw-r--r--community/openjdk8/APKBUILD39
-rw-r--r--community/openjdk8/icedtea-jdk-getmntent-buffer.patch88
-rw-r--r--community/openjdk8/icedtea-jdk-includes.patch23
-rw-r--r--community/openjdk8/icedtea-jdk-musl.patch28
-rw-r--r--community/php7/APKBUILD10
-rw-r--r--community/zabbix/APKBUILD6
-rw-r--r--main/apache2/APKBUILD8
-rw-r--r--main/axel/APKBUILD23
-rw-r--r--main/axel/CVE-2020-13614.patch223
-rw-r--r--main/busybox/APKBUILD2
-rw-r--r--main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch38
-rw-r--r--main/ca-certificates/APKBUILD13
-rw-r--r--main/dbus/APKBUILD8
-rw-r--r--main/dbus/CVE-2020-12049.patch103
-rw-r--r--main/dropbear/APKBUILD8
-rw-r--r--main/dropbear/CVE-2018-20685.patch23
-rw-r--r--main/gnutls/APKBUILD14
-rw-r--r--main/gnutls/GNUTLS-SA-2020-03-31.patch33
-rw-r--r--main/gnutls/tests-date-compat.patch12
-rw-r--r--main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch150
-rw-r--r--main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch59
-rw-r--r--main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch47
-rw-r--r--main/hostapd/APKBUILD27
-rw-r--r--main/hylafaxplus/APKBUILD12
-rw-r--r--main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch68
-rw-r--r--main/json-c/APKBUILD11
-rw-r--r--main/libuv/APKBUILD4
-rw-r--r--main/libx11/APKBUILD6
-rw-r--r--main/nghttp2/APKBUILD8
-rw-r--r--main/nghttp2/CVE-2020-11080.patch332
-rw-r--r--main/ngircd/APKBUILD13
-rw-r--r--main/ngircd/CVE-2020-14148.patch37
-rw-r--r--main/nodejs/APKBUILD35
-rw-r--r--main/patch/APKBUILD1
-rw-r--r--main/perl/APKBUILD14
-rw-r--r--main/perl/CVE-2020-10543.patch32
-rw-r--r--main/perl/CVE-2020-10878.patch148
-rw-r--r--main/perl/CVE-2020-12723.patch277
-rw-r--r--main/python3/APKBUILD8
-rw-r--r--main/python3/CVE-2020-14422.patch74
-rw-r--r--main/smokeping/APKBUILD3
-rw-r--r--main/sprunge/APKBUILD6
-rw-r--r--main/xen/APKBUILD68
-rw-r--r--main/xen/xsa307.patch99
-rw-r--r--main/xen/xsa308.patch74
-rw-r--r--main/xen/xsa309.patch58
-rw-r--r--main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch167
-rw-r--r--main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch104
-rw-r--r--main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch75
-rw-r--r--main/xen/xsa311-4.11.patch187
-rw-r--r--main/xen/xsa313-1.patch26
-rw-r--r--main/xen/xsa313-2.patch132
-rw-r--r--main/xen/xsa314-4.13.patch121
-rw-r--r--main/xen/xsa316-xen.patch30
-rw-r--r--main/xen/xsa317.patch50
-rw-r--r--main/xen/xsa318.patch39
-rw-r--r--main/xen/xsa319.patch27
-rw-r--r--main/xen/xsa320-4.11-1.patch133
-rw-r--r--main/xen/xsa320-4.11-2.patch179
-rw-r--r--main/xen/xsa320-4.11-3.patch57
-rw-r--r--main/xen/xsa321-4.11-1.patch31
-rw-r--r--main/xen/xsa321-4.11-2.patch175
-rw-r--r--main/xen/xsa321-4.11-3.patch82
-rw-r--r--main/xen/xsa321-4.11-4.patch36
-rw-r--r--main/xen/xsa321-4.11-5.patch24
-rw-r--r--main/xen/xsa321-4.11-6.patch91
-rw-r--r--main/xen/xsa321-4.11-7.patch164
-rw-r--r--main/xen/xsa327.patch63
-rw-r--r--main/xen/xsa328-4.11-1.patch118
-rw-r--r--main/xen/xsa328-4.11-2.patch48
-rw-r--r--main/xorgproto/APKBUILD3
78 files changed, 6050 insertions, 1457 deletions
diff --git a/community/ffmpeg/APKBUILD b/community/ffmpeg/APKBUILD
index 132ec41c6e..564265cf85 100644
--- a/community/ffmpeg/APKBUILD
+++ b/community/ffmpeg/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ffmpeg
-pkgver=4.0.4
+pkgver=4.0.6
pkgrel=0
pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
url="https://ffmpeg.org/"
@@ -22,6 +22,12 @@ source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 4.0.6-r0:
+# - CVE-2019-12730
+# - CVE-2019-13390
+# - CVE-2019-17539
+# - CVE-2019-17542
+# - CVE-2020-13904
# 4.0.4-r0:
# - CVE-2018-15822
# - CVE-2019-9718
@@ -117,5 +123,5 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
-sha512sums="b7f66f5b38df4114f96fd85e42c6a42cb9673d4ca042d6775d1b64b7966cc9833e01bfa83e429e2cff8f2ecdd7dea44ede135aca75c31a7ed706e7384657196c ffmpeg-4.0.4.tar.xz
+sha512sums="46e631393b3c1ed6332f738b650085c6639ddc82519d78900ab97e28bebe8d7a0d356b0721b1773488fb88fcfa9eb438ff2a92789883a6ad59c4b739250815b8 ffmpeg-4.0.6.tar.xz
32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch"
diff --git a/community/opam/APKBUILD b/community/opam/APKBUILD
index ba96c31029..cd135c39f1 100644
--- a/community/opam/APKBUILD
+++ b/community/opam/APKBUILD
@@ -1,21 +1,20 @@
# Contributor: Michael Zuo <muh.muhten@gmail.com>
+# Contributor: Sora Morimoto <sora@morimoto.io>
# Maintainer: Anil Madhavapeddy <anil@recoil.org>
pkgname=opam
-pkgver=2.0.1
+pkgver=2.0.7
pkgrel=0
pkgdesc="OCaml Package Manager"
url="https://opam.ocaml.org"
-arch="all !x86 !armhf !armv7 !s390x" # ocaml not avail on excluded platforms
+arch="all !x86 !armhf !armv7 !s390x !mips !mips64" # ocaml not avail on excluded platforms
license="LGPL-2.1"
-depends="ocaml curl xz tar unzip rsync patch bubblewrap bash"
+depends="ocaml curl tar unzip rsync patch bubblewrap bash"
makedepends="ocaml-compiler-libs"
-source="https://github.com/ocaml/$pkgname/releases/download/$pkgver/$pkgname-full-$pkgver.tar.gz"
+source="https://github.com/ocaml/opam/releases/download/$pkgver/opam-full-$pkgver.tar.gz"
builddir="$srcdir/$pkgname-full-$pkgver"
subpackages="$pkgname-doc"
build() {
- cd "$builddir"
-
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -30,13 +29,11 @@ build() {
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
check() {
- cd "$builddir"
make tests
}
-sha512sums="add6cd77067cddadd4be5d79699713211f5f2796c1e1931048eb5fc4f0127eca56e1f81d43335327ae04e2144186d9ce759e844d2a125ef27f22c26cd8153e3c opam-full-2.0.1.tar.gz"
+sha512sums="670af4935bba0679c65f6592b7a52b1d429b604eb261e40b13cf72312aeb0bab0c5a76829a555fc5379a0371c352692cbabc46b460fcd9bf32b3cfebdaeceb81 opam-full-2.0.7.tar.gz"
diff --git a/community/openjdk7/APKBUILD b/community/openjdk7/APKBUILD
index d955112f88..0d011c7ba4 100644
--- a/community/openjdk7/APKBUILD
+++ b/community/openjdk7/APKBUILD
@@ -2,11 +2,11 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk7
-_icedteaver=2.6.18
+_icedteaver=2.6.22
_icedteaversrc=$_icedteaver
# pkgver is <JDK version>.<JDK update>
# check icedtea JDK when updating
-pkgver=7.221.$_icedteaver
+pkgver=7.261.$_icedteaver
pkgrel=0
pkgdesc="OpenJDK 7 via IcedTea"
url="https://icedtea.classpath.org/"
@@ -73,7 +73,6 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta
https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VER-bin.tar.gz
https://github.com/mozilla/rhino/releases/download/Rhino${RHINO_VER//./_}_Release/rhino-$RHINO_VER.zip
- icedtea-pr64174.patch
icedtea-hotspot-musl.patch
icedtea-hotspot-musl-ppc.patch
icedtea-hotspot-noagent-musl.patch
@@ -83,26 +82,68 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta
icedtea-jdk-fix-ipv6-init.patch
icedtea-jdk-musl.patch
icedtea-jdk-no-soname.patch
+ icedtea-jdk-revert-7fdd0d6ef2d3.patch
+ icedtea-jdk-revert-a32dc7400435.patch
icedtea-cpio.patch
"
# secfixes:
+# 7.261.2.6.22-r0:
+# - CVE-2020-2756
+# - CVE-2020-2757
+# - CVE-2020-2773
+# - CVE-2020-2781
+# - CVE-2020-2800
+# - CVE-2020-2803
+# - CVE-2020-2805
+# - CVE-2020-2830
+# 7.251.2.6.21-r0:
+# - CVE-2020-2583
+# - CVE-2020-2590
+# - CVE-2020-2593
+# - CVE-2020-2601
+# - CVE-2020-2604
+# - CVE-2020-2654
+# - CVE-2020-2659
+# 7.241.2.6.20-r0:
+# - CVE-2019-2894
+# - CVE-2019-2933
+# - CVE-2019-2945
+# - CVE-2019-2949
+# - CVE-2019-2958
+# - CVE-2019-2962
+# - CVE-2019-2964
+# - CVE-2019-2973
+# - CVE-2019-2978
+# - CVE-2019-2981
+# - CVE-2019-2983
+# - CVE-2019-2987
+# - CVE-2019-2988
+# - CVE-2019-2989
+# - CVE-2019-2992
+# - CVE-2019-2999
+# 7.231.2.6.19-r0:
+# - CVE-2019-2766
+# - CVE-2019-2769
+# - CVE-2019-2786
+# - CVE-2019-2816
+# - CVE-2019-2842
# 7.221.2.6.18-r0:
-# - CVE-2019-2602
-# - CVE-2019-2684
-# - CVE-2019-2698
+# - CVE-2019-2602
+# - CVE-2019-2684
+# - CVE-2019-2698
# 7.211.2.6.17-r0:
-# - CVE-2018-11212
-# - CVE-2019-2422
-# - CVE_2019-2426
+# - CVE-2018-11212
+# - CVE-2019-2422
+# - CVE_2019-2426
# 7.201.2.6.16-r0:
-# - CVE-2018-3136
-# - CVE-2018-3139
-# - CVE-2018-3149
-# - CVE-2018-3169
-# - CVE-2018-3180
-# - CVE-2018-3214
-# - CVE-2018-13785
+# - CVE-2018-3136
+# - CVE-2018-3139
+# - CVE-2018-3149
+# - CVE-2018-3169
+# - CVE-2018-3180
+# - CVE-2018-3214
+# - CVE-2018-13785
builddir="$srcdir/icedtea-$_icedteaver"
@@ -271,24 +312,25 @@ doc() {
mv "$pkgdir"/$INSTALL_BASE/man "$subpkgdir"/$INSTALL_BASE/
}
-sha512sums="202038af902c7619e787c3f55ccc4ab5b758a72e4c841d17065809d2331ed4f8ed7a2bce753917d9e6215525ba56840793c9a9850142e865edde1a92a7e5806d icedtea-2.6.18.tar.xz
-af8bbdad44448fb73d4f8ac87c00fa2198b7d6a401b9af9c8330768aa5ca395b50ff85f053b02a3e6d4b166b0a8f7badf6bd3c983cc9b2e35f157d0389983982 openjdk-2.6.18.tar.bz2
-0c688037efebbea1175ae26fc77be205cb43f8de886b00a6d89d35666c523bad8dbde3be636a428bff1331e89c4a6acf2aefc5611e65e4a3a7b617e240c536bf corba-2.6.18.tar.bz2
-0a23f37bf35537333d93c88e6f3e018af32f9019ec081e679a4f204848851f4fbcf47f2c0e58e27b8a0c5fdfc9897d427070e62022afcfc42ad70bb413f12c1e jaxp-2.6.18.tar.bz2
-1b2b8fd93e9f94af202c3816b4ecaa8c0809d5eed5962ff57f2edd15232abcaa11d4ac74bfb5b9f9121e5cdec3ea33559ebcc5605d8aa1fd013152abafe14aa9 jaxws-2.6.18.tar.bz2
-82d8b69f6ba3eeb3825275506704b793b5c3ea416da04319fd62948c7fa9db9a4bcb96b0b43d13fc58fbaf2f8d4b5eea098d98d5da68977cb41f9614e8c30933 jdk-2.6.18.tar.bz2
-b64c832474295b3c8d3a22a906b156555171128002c1870d071c98902f7b611d8d0f0dab4c98bf21a102011a7bf2a542d0207cdbe23433a77073670a17eb6322 langtools-2.6.18.tar.bz2
-bff77060aa4ccceec62fc14a1c47ba6d31d510353050b9b213ef87a58b82132e5cad72c59ff38f50a2c290fd2cfd84e0db9768e205d72865b6fc4b6d15fb5f0c hotspot-2.6.18.tar.bz2
+sha512sums="28c96cd2971ce381f0bd1c2a7fe6443602ad89dc0dd5a48d533e3c1a473421bdb98abf5e38117409f305bab7c6c8fecf95e854e8da8acf022966014539916b5c icedtea-2.6.22.tar.xz
+7e2027e0b32b34f63eb771aad0273313d963d455f11f635e6b268b49a7f390d9ef2ff2913f2b9f09b6959abbdc060788a1ad8da9ae221b0889054ec4120f9867 openjdk-2.6.22.tar.bz2
+105b9a40d2a65d106e2d59524b0ed24edc72f46f2383d5645d7dd1f09ea9359e76b07ce1712433c7ce1062c5c49f45937acbfe293cfb27379d9a412f03589324 corba-2.6.22.tar.bz2
+696f17f0ef263668fa775bfb65630dcbe5c673fd7b153eff598fc7a7ba60c99b3f6b5f8e82949f3ebf16f506a9158797227c7263292a04b63a8653189dd9bfbb jaxp-2.6.22.tar.bz2
+406d9066e66d38a6cfd697f594e6955a625b685fd7dd83eb774243a9c3bbeeef13a9f6fc5c9fa9b3e2de561264831779edc7af312f1df08c29315d97f5b71e9e jaxws-2.6.22.tar.bz2
+f2d6370b1bc5ee011670229b0d001f08e49aa688dfdaa196b5eb5db1484ce06046c6cf8415bb09ecca6810472f3211988a5a1cd42cdca805b3b56be8b6cd5bcd jdk-2.6.22.tar.bz2
+df11b0d172c1493870ce3aabca076c16f73c2e2f50ac6beac921c72c6bf925a8b879cf8754b19d2d6dd0407f9baadeb597719c6f5972c97f5a5f7567bf98fcb1 langtools-2.6.22.tar.bz2
+f7652d0e6c1fe33ed7fe0d6f0c36daffc6509bb92818d5eaaf183fd9e8afc1a2fca9d547a2c087aa41134d5da0da4c647b5cdad11b9a520cf9a94cc1a548e219 hotspot-2.6.22.tar.bz2
0da12cb0f761b8cb76e042449e7d93f43236e7bc948e337215470a70031f0a2dda6d1b508f9397b283808d84c4ebddb31558fe1cd8e6e6469c1dd390d69ec6e7 apache-ant-1.9.11-bin.tar.gz
1b9e8721749e81c5420a00af1e00ee0e4f48624ccb4e9aa969032114116ad50f59b254d4d16d74feff74de64157cc8b0a2ead9b555907c84b7055b796fba9a75 rhino-1.7.7.2.zip
-dbebef0b6246ffaba8d10e1b672821b55e69950961dcfd265f8b37a8123a71bd80b33a1e4f1ea27343e08803744138687c6ee367e4158bc3540f5d886c0e9cb4 icedtea-pr64174.patch
f62b942f0bacda8e37d0f1876d8ba14ddb4fc55a7d5fd1019463744927f40f422a85e9ee051948d566242f5a785aa28f275eb58768611283cba89af91235f43c icedtea-hotspot-musl.patch
e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch
e7a2c1771bb582d427041f8d22e48c0daf8f20d7c0926cbce3549d49c4e949359ee25a35682b486e82f3e390535c950c5beee3bd8d06fb5a717b50f2d9b2a6bc icedtea-hotspot-noagent-musl.patch
822eee0dc4d3ba677a289dfeb3668b536d2d626708390a9d9702fb4144a481fd443a215a0d2041c6026113837aafa4ba0b5e9ead8589d2da6717a238bbc95a5a icedtea-hotspot-uclibc-fixes.patch
-213a537de5f011cb39d608515c3413513ac75fb93593f9a9ef4205f71d72bdd8b097c80db185f7b26021d5bb85045b866f34f3478482dc4189972d8614a13458 icedtea-jdk-fix-build.patch
+8fadeee6ea9886c7ee3118a1abaee2fbd04931a3ba880062bc97397ad30aab114a83542c888461a5a8a1d131c4e73920872317c96620e2a8c4689620adf9e9c3 icedtea-jdk-fix-build.patch
0391970e6a32946aa3cccf38fdef9c0fe2af26cd0df824b98aa2fcfa1bf661d4a68e339bffcfd16f386c565fc68bb28a29208a67d4bad8a0e847ad02bd8becbb icedtea-jdk-execinfo.patch
48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch
44a35941c80f408d0607e32763b3b6ccee21e1d39886309327d3d74d2900117e4346ef59e77c663fd022fec10ee8f365eeb46c1260014d5765d226ce175ce3c5 icedtea-jdk-musl.patch
bf4b184e170f7b0ff64ab30d2162784fe2bd5460d1fa31973259f7065fd4c511c46f97724fe2bd72bb94e9006cb568d0e0c87d1a9c90819e65880f8f44830bb1 icedtea-jdk-no-soname.patch
+9a14c023662c25fc3338c60ba9e6ece625bf2db774776e0c633e5cc866d5c6daf160e90b164832b12eb304fcf65bf30b5d38f20cb7f97f01f6736bfa572ef4fc icedtea-jdk-revert-7fdd0d6ef2d3.patch
+f4ee0ede2b62e81971e79bd7d382c09847488656bfa27a7346cd5a92f478bcf67cd10aa632989836a49e87ee435c3de831ad4c71f824113f55c61361895a7af8 icedtea-jdk-revert-a32dc7400435.patch
a54c79c82afa1bc95265397b274260584c8b8c6be1651ddfb907d9523a809ea4581409e0d3fb0bbb63ef5a204e8ce29b7940e78cd640af1f490ae938c59129b6 icedtea-cpio.patch"
diff --git a/community/openjdk7/icedtea-jdk-fix-build.patch b/community/openjdk7/icedtea-jdk-fix-build.patch
index 9fae895b66..c8daa6fb2a 100644
--- a/community/openjdk7/icedtea-jdk-fix-build.patch
+++ b/community/openjdk7/icedtea-jdk-fix-build.patch
@@ -22,7 +22,7 @@ Fixes three issues:
+LDFLAGS_DEFS_OPTION =
LDFLAGS_COMMON += $(LDFLAGS_DEFS_OPTION)
- #
+ LDFLAGS_RELRO_OPTION = -Xlinker -z -Xlinker relro
@@ -407,7 +407,7 @@
# the library itself should not.
#
diff --git a/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch b/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch
new file mode 100644
index 0000000000..071a13c2ef
--- /dev/null
+++ b/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch
@@ -0,0 +1,1450 @@
+Revert 7fdd0d6ef2d3 due build error
+This laos reverts a fix for CVE-2019-2745
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,206 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-package sun.security.ec;
+-
+-import sun.security.ec.point.*;
+-import sun.security.util.ArrayUtil;
+-import sun.security.util.Function;
+-import sun.security.util.Optional;
+-import sun.security.util.math.*;
+-import static sun.security.ec.ECOperations.IntermediateValueException;
+-
+-import java.security.ProviderException;
+-import java.security.spec.*;
+-
+-public class ECDSAOperations {
+-
+- public static class Seed {
+- private final byte[] seedValue;
+-
+- public Seed(byte[] seedValue) {
+- this.seedValue = seedValue;
+- }
+-
+- public byte[] getSeedValue() {
+- return seedValue;
+- }
+- }
+-
+- public static class Nonce {
+- private final byte[] nonceValue;
+-
+- public Nonce(byte[] nonceValue) {
+- this.nonceValue = nonceValue;
+- }
+-
+- public byte[] getNonceValue() {
+- return nonceValue;
+- }
+- }
+-
+- private final ECOperations ecOps;
+- private final AffinePoint basePoint;
+-
+- public ECDSAOperations(ECOperations ecOps, ECPoint basePoint) {
+- this.ecOps = ecOps;
+- this.basePoint = toAffinePoint(basePoint, ecOps.getField());
+- }
+-
+- public ECOperations getEcOperations() {
+- return ecOps;
+- }
+-
+- public AffinePoint basePointMultiply(byte[] scalar) {
+- return ecOps.multiply(basePoint, scalar).asAffine();
+- }
+-
+- public static AffinePoint toAffinePoint(ECPoint point,
+- IntegerFieldModuloP field) {
+-
+- ImmutableIntegerModuloP affineX = field.getElement(point.getAffineX());
+- ImmutableIntegerModuloP affineY = field.getElement(point.getAffineY());
+- return new AffinePoint(affineX, affineY);
+- }
+-
+- public static
+- Optional<ECDSAOperations> forParameters(final ECParameterSpec ecParams) {
+- Optional<ECOperations> curveOps =
+- ECOperations.forParameters(ecParams);
+- return curveOps.map(new Function<ECOperations, ECDSAOperations>() {
+- @Override
+- public ECDSAOperations apply(ECOperations ops) {
+- return new ECDSAOperations(ops, ecParams.getGenerator());
+- }
+- });
+- }
+-
+- /**
+- *
+- * Sign a digest using the provided private key and seed.
+- * IMPORTANT: The private key is a scalar represented using a
+- * little-endian byte array. This is backwards from the conventional
+- * representation in ECDSA. The routines that produce and consume this
+- * value uses little-endian, so this deviation from convention removes
+- * the requirement to swap the byte order. The returned signature is in
+- * the conventional byte order.
+- *
+- * @param privateKey the private key scalar as a little-endian byte array
+- * @param digest the digest to be signed
+- * @param seed the seed that will be used to produce the nonce. This object
+- * should contain an array that is at least 64 bits longer than
+- * the number of bits required to represent the group order.
+- * @return the ECDSA signature value
+- * @throws IntermediateValueException if the signature cannot be produced
+- * due to an unacceptable intermediate or final value. If this
+- * exception is thrown, then the caller should discard the nonnce and
+- * try again with an entirely new nonce value.
+- */
+- public byte[] signDigest(byte[] privateKey, byte[] digest, Seed seed)
+- throws IntermediateValueException {
+-
+- byte[] nonceArr = ecOps.seedToScalar(seed.getSeedValue());
+-
+- Nonce nonce = new Nonce(nonceArr);
+- return signDigest(privateKey, digest, nonce);
+- }
+-
+- /**
+- *
+- * Sign a digest using the provided private key and nonce.
+- * IMPORTANT: The private key and nonce are scalars represented by a
+- * little-endian byte array. This is backwards from the conventional
+- * representation in ECDSA. The routines that produce and consume these
+- * values use little-endian, so this deviation from convention removes
+- * the requirement to swap the byte order. The returned signature is in
+- * the conventional byte order.
+- *
+- * @param privateKey the private key scalar as a little-endian byte array
+- * @param digest the digest to be signed
+- * @param nonce the nonce object containing a little-endian scalar value.
+- * @return the ECDSA signature value
+- * @throws IntermediateValueException if the signature cannot be produced
+- * due to an unacceptable intermediate or final value. If this
+- * exception is thrown, then the caller should discard the nonnce and
+- * try again with an entirely new nonce value.
+- */
+- public byte[] signDigest(byte[] privateKey, byte[] digest, Nonce nonce)
+- throws IntermediateValueException {
+-
+- IntegerFieldModuloP orderField = ecOps.getOrderField();
+- int orderBits = orderField.getSize().bitLength();
+- if (orderBits % 8 != 0 && orderBits < digest.length * 8) {
+- // This implementation does not support truncating digests to
+- // a length that is not a multiple of 8.
+- throw new ProviderException("Invalid digest length");
+- }
+-
+- byte[] k = nonce.getNonceValue();
+- // check nonce length
+- int length = (orderField.getSize().bitLength() + 7) / 8;
+- if (k.length != length) {
+- throw new ProviderException("Incorrect nonce length");
+- }
+-
+- MutablePoint R = ecOps.multiply(basePoint, k);
+- IntegerModuloP r = R.asAffine().getX();
+- // put r into the correct field by fully reducing to an array
+- byte[] temp = new byte[length];
+- r.asByteArray(temp);
+- r = orderField.getElement(temp);
+- // store r in result
+- r.asByteArray(temp);
+- byte[] result = new byte[2 * length];
+- ArrayUtil.reverse(temp);
+- System.arraycopy(temp, 0, result, 0, length);
+- // compare r to 0
+- if (ECOperations.allZero(temp)) {
+- throw new IntermediateValueException();
+- }
+-
+- IntegerModuloP dU = orderField.getElement(privateKey);
+- int lengthE = Math.min(length, digest.length);
+- byte[] E = new byte[lengthE];
+- System.arraycopy(digest, 0, E, 0, lengthE);
+- ArrayUtil.reverse(E);
+- IntegerModuloP e = orderField.getElement(E);
+- IntegerModuloP kElem = orderField.getElement(k);
+- IntegerModuloP kInv = kElem.multiplicativeInverse();
+- MutableIntegerModuloP s = r.mutable();
+- s.setProduct(dU).setSum(e).setProduct(kInv);
+- // store s in result
+- s.asByteArray(temp);
+- ArrayUtil.reverse(temp);
+- System.arraycopy(temp, 0, result, length, length);
+- // compare s to 0
+- if (ECOperations.allZero(temp)) {
+- throw new IntermediateValueException();
+- }
+-
+- return result;
+-
+- }
+-
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECOperations.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/ECOperations.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,499 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-package sun.security.ec;
+-
+-import sun.security.ec.point.*;
+-import sun.security.util.Optional;
+-import sun.security.util.math.*;
+-import sun.security.util.math.intpoly.*;
+-
+-import java.math.BigInteger;
+-import java.security.ProviderException;
+-import java.security.spec.ECFieldFp;
+-import java.security.spec.ECParameterSpec;
+-import java.security.spec.EllipticCurve;
+-import java.util.Collections;
+-import java.util.HashMap;
+-import java.util.Map;
+-
+-/*
+- * Elliptic curve point arithmetic for prime-order curves where a=-3.
+- * Formulas are derived from "Complete addition formulas for prime order
+- * elliptic curves" by Renes, Costello, and Batina.
+- */
+-
+-public class ECOperations {
+-
+- /*
+- * An exception indicating a problem with an intermediate value produced
+- * by some part of the computation. For example, the signing operation
+- * will throw this exception to indicate that the r or s value is 0, and
+- * that the signing operation should be tried again with a different nonce.
+- */
+- static class IntermediateValueException extends Exception {
+- private static final long serialVersionUID = 1;
+- }
+-
+- static final Map<BigInteger, IntegerFieldModuloP> fields;
+-
+- static final Map<BigInteger, IntegerFieldModuloP> orderFields;
+-
+- static {
+- Map<BigInteger, IntegerFieldModuloP> map = new HashMap<>();
+- map.put(IntegerPolynomialP256.MODULUS, new IntegerPolynomialP256());
+- map.put(IntegerPolynomialP384.MODULUS, new IntegerPolynomialP384());
+- map.put(IntegerPolynomialP521.MODULUS, new IntegerPolynomialP521());
+- fields = Collections.unmodifiableMap(map);
+- map = new HashMap<>();
+- map.put(P256OrderField.MODULUS, new P256OrderField());
+- map.put(P384OrderField.MODULUS, new P384OrderField());
+- map.put(P521OrderField.MODULUS, new P521OrderField());
+- orderFields = Collections.unmodifiableMap(map);
+- }
+-
+- public static Optional<ECOperations> forParameters(ECParameterSpec params) {
+-
+- EllipticCurve curve = params.getCurve();
+- if (!(curve.getField() instanceof ECFieldFp)) {
+- return Optional.empty();
+- }
+- ECFieldFp primeField = (ECFieldFp) curve.getField();
+-
+- BigInteger three = BigInteger.valueOf(3);
+- if (!primeField.getP().subtract(curve.getA()).equals(three)) {
+- return Optional.empty();
+- }
+- IntegerFieldModuloP field = fields.get(primeField.getP());
+- if (field == null) {
+- return Optional.empty();
+- }
+-
+- IntegerFieldModuloP orderField = orderFields.get(params.getOrder());
+- if (orderField == null) {
+- return Optional.empty();
+- }
+-
+- ImmutableIntegerModuloP b = field.getElement(curve.getB());
+- ECOperations ecOps = new ECOperations(b, orderField);
+- return Optional.of(ecOps);
+- }
+-
+- final ImmutableIntegerModuloP b;
+- final SmallValue one;
+- final SmallValue two;
+- final SmallValue three;
+- final SmallValue four;
+- final ProjectivePoint.Immutable neutral;
+- private final IntegerFieldModuloP orderField;
+-
+- public ECOperations(IntegerModuloP b, IntegerFieldModuloP orderField) {
+- this.b = b.fixed();
+- this.orderField = orderField;
+-
+- this.one = b.getField().getSmallValue(1);
+- this.two = b.getField().getSmallValue(2);
+- this.three = b.getField().getSmallValue(3);
+- this.four = b.getField().getSmallValue(4);
+-
+- IntegerFieldModuloP field = b.getField();
+- this.neutral = new ProjectivePoint.Immutable(field.get0(),
+- field.get1(), field.get0());
+- }
+-
+- public IntegerFieldModuloP getField() {
+- return b.getField();
+- }
+- public IntegerFieldModuloP getOrderField() {
+- return orderField;
+- }
+-
+- protected ProjectivePoint.Immutable getNeutral() {
+- return neutral;
+- }
+-
+- public boolean isNeutral(Point p) {
+- ProjectivePoint<?> pp = (ProjectivePoint<?>) p;
+-
+- IntegerModuloP z = pp.getZ();
+-
+- IntegerFieldModuloP field = z.getField();
+- int byteLength = (field.getSize().bitLength() + 7) / 8;
+- byte[] zBytes = z.asByteArray(byteLength);
+- return allZero(zBytes);
+- }
+-
+- byte[] seedToScalar(byte[] seedBytes)
+- throws IntermediateValueException {
+-
+- // Produce a nonce from the seed using FIPS 186-4,section B.5.1:
+- // Per-Message Secret Number Generation Using Extra Random Bits
+- // or
+- // Produce a scalar from the seed using FIPS 186-4, section B.4.1:
+- // Key Pair Generation Using Extra Random Bits
+-
+- // To keep the implementation simple, sample in the range [0,n)
+- // and throw IntermediateValueException in the (unlikely) event
+- // that the result is 0.
+-
+- // Get 64 extra bits and reduce in to the nonce
+- int seedBits = orderField.getSize().bitLength() + 64;
+- if (seedBytes.length * 8 < seedBits) {
+- throw new ProviderException("Incorrect seed length: " +
+- seedBytes.length * 8 + " < " + seedBits);
+- }
+-
+- // input conversion only works on byte boundaries
+- // clear high-order bits of last byte so they don't influence nonce
+- int lastByteBits = seedBits % 8;
+- if (lastByteBits != 0) {
+- int lastByteIndex = seedBits / 8;
+- byte mask = (byte) (0xFF >>> (8 - lastByteBits));
+- seedBytes[lastByteIndex] &= mask;
+- }
+-
+- int seedLength = (seedBits + 7) / 8;
+- IntegerModuloP scalarElem =
+- orderField.getElement(seedBytes, 0, seedLength, (byte) 0);
+- int scalarLength = (orderField.getSize().bitLength() + 7) / 8;
+- byte[] scalarArr = new byte[scalarLength];
+- scalarElem.asByteArray(scalarArr);
+- if (ECOperations.allZero(scalarArr)) {
+- throw new IntermediateValueException();
+- }
+- return scalarArr;
+- }
+-
+- /*
+- * Compare all values in the array to 0 without branching on any value
+- *
+- */
+- public static boolean allZero(byte[] arr) {
+- byte acc = 0;
+- for (int i = 0; i < arr.length; i++) {
+- acc |= arr[i];
+- }
+- return acc == 0;
+- }
+-
+- /*
+- * 4-bit branchless array lookup for projective points.
+- */
+- private void lookup4(ProjectivePoint.Immutable[] arr, int index,
+- ProjectivePoint.Mutable result, IntegerModuloP zero) {
+-
+- for (int i = 0; i < 16; i++) {
+- int xor = index ^ i;
+- int bit3 = (xor & 0x8) >>> 3;
+- int bit2 = (xor & 0x4) >>> 2;
+- int bit1 = (xor & 0x2) >>> 1;
+- int bit0 = (xor & 0x1);
+- int inverse = bit0 | bit1 | bit2 | bit3;
+- int set = 1 - inverse;
+-
+- ProjectivePoint.Immutable pi = arr[i];
+- result.conditionalSet(pi, set);
+- }
+- }
+-
+- private void double4(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
+- MutableIntegerModuloP t1, MutableIntegerModuloP t2,
+- MutableIntegerModuloP t3, MutableIntegerModuloP t4) {
+-
+- for (int i = 0; i < 4; i++) {
+- setDouble(p, t0, t1, t2, t3, t4);
+- }
+- }
+-
+- /**
+- * Multiply an affine point by a scalar and return the result as a mutable
+- * point.
+- *
+- * @param affineP the point
+- * @param s the scalar as a little-endian array
+- * @return the product
+- */
+- public MutablePoint multiply(AffinePoint affineP, byte[] s) {
+-
+- // 4-bit windowed multiply with branchless lookup.
+- // The mixed addition is faster, so it is used to construct the array
+- // at the beginning of the operation.
+-
+- IntegerFieldModuloP field = affineP.getX().getField();
+- ImmutableIntegerModuloP zero = field.get0();
+- // temporaries
+- MutableIntegerModuloP t0 = zero.mutable();
+- MutableIntegerModuloP t1 = zero.mutable();
+- MutableIntegerModuloP t2 = zero.mutable();
+- MutableIntegerModuloP t3 = zero.mutable();
+- MutableIntegerModuloP t4 = zero.mutable();
+-
+- ProjectivePoint.Mutable result = new ProjectivePoint.Mutable(field);
+- result.getY().setValue(field.get1().mutable());
+-
+- ProjectivePoint.Immutable[] pointMultiples =
+- new ProjectivePoint.Immutable[16];
+- // 0P is neutral---same as initial result value
+- pointMultiples[0] = result.fixed();
+-
+- ProjectivePoint.Mutable ps = new ProjectivePoint.Mutable(field);
+- ps.setValue(affineP);
+- // 1P = P
+- pointMultiples[1] = ps.fixed();
+-
+- // the rest are calculated using mixed point addition
+- for (int i = 2; i < 16; i++) {
+- setSum(ps, affineP, t0, t1, t2, t3, t4);
+- pointMultiples[i] = ps.fixed();
+- }
+-
+- ProjectivePoint.Mutable lookupResult = ps.mutable();
+-
+- for (int i = s.length - 1; i >= 0; i--) {
+-
+- double4(result, t0, t1, t2, t3, t4);
+-
+- int high = (0xFF & s[i]) >>> 4;
+- lookup4(pointMultiples, high, lookupResult, zero);
+- setSum(result, lookupResult, t0, t1, t2, t3, t4);
+-
+- double4(result, t0, t1, t2, t3, t4);
+-
+- int low = 0xF & s[i];
+- lookup4(pointMultiples, low, lookupResult, zero);
+- setSum(result, lookupResult, t0, t1, t2, t3, t4);
+- }
+-
+- return result;
+-
+- }
+-
+- /*
+- * Point double
+- */
+- private void setDouble(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
+- MutableIntegerModuloP t1, MutableIntegerModuloP t2,
+- MutableIntegerModuloP t3, MutableIntegerModuloP t4) {
+-
+- t0.setValue(p.getX()).setSquare();
+- t1.setValue(p.getY()).setSquare();
+- t2.setValue(p.getZ()).setSquare();
+- t3.setValue(p.getX()).setProduct(p.getY());
+- t4.setValue(p.getY()).setProduct(p.getZ());
+-
+- t3.setSum(t3);
+- p.getZ().setProduct(p.getX());
+-
+- p.getZ().setProduct(two);
+-
+- p.getY().setValue(t2).setProduct(b);
+- p.getY().setDifference(p.getZ());
+-
+- p.getX().setValue(p.getY()).setProduct(two);
+- p.getY().setSum(p.getX());
+- p.getY().setReduced();
+- p.getX().setValue(t1).setDifference(p.getY());
+-
+- p.getY().setSum(t1);
+- p.getY().setProduct(p.getX());
+- p.getX().setProduct(t3);
+-
+- t3.setValue(t2).setProduct(two);
+- t2.setSum(t3);
+- p.getZ().setProduct(b);
+-
+- t2.setReduced();
+- p.getZ().setDifference(t2);
+- p.getZ().setDifference(t0);
+- t3.setValue(p.getZ()).setProduct(two);
+- p.getZ().setReduced();
+- p.getZ().setSum(t3);
+- t0.setProduct(three);
+-
+- t0.setDifference(t2);
+- t0.setProduct(p.getZ());
+- p.getY().setSum(t0);
+-
+- t4.setSum(t4);
+- p.getZ().setProduct(t4);
+-
+- p.getX().setDifference(p.getZ());
+- p.getZ().setValue(t4).setProduct(t1);
+-
+- p.getZ().setProduct(four);
+-
+- }
+-
+- /*
+- * Mixed point addition. This method constructs new temporaries each time
+- * it is called. For better efficiency, the method that reuses temporaries
+- * should be used if more than one sum will be computed.
+- */
+- public void setSum(MutablePoint p, AffinePoint p2) {
+-
+- IntegerModuloP zero = p.getField().get0();
+- MutableIntegerModuloP t0 = zero.mutable();
+- MutableIntegerModuloP t1 = zero.mutable();
+- MutableIntegerModuloP t2 = zero.mutable();
+- MutableIntegerModuloP t3 = zero.mutable();
+- MutableIntegerModuloP t4 = zero.mutable();
+- setSum((ProjectivePoint.Mutable) p, p2, t0, t1, t2, t3, t4);
+-
+- }
+-
+- /*
+- * Mixed point addition
+- */
+- private void setSum(ProjectivePoint.Mutable p, AffinePoint p2,
+- MutableIntegerModuloP t0, MutableIntegerModuloP t1,
+- MutableIntegerModuloP t2, MutableIntegerModuloP t3,
+- MutableIntegerModuloP t4) {
+-
+- t0.setValue(p.getX()).setProduct(p2.getX());
+- t1.setValue(p.getY()).setProduct(p2.getY());
+- t3.setValue(p2.getX()).setSum(p2.getY());
+- t4.setValue(p.getX()).setSum(p.getY());
+- p.getX().setReduced();
+- t3.setProduct(t4);
+- t4.setValue(t0).setSum(t1);
+-
+- t3.setDifference(t4);
+- t4.setValue(p2.getY()).setProduct(p.getZ());
+- t4.setSum(p.getY());
+-
+- p.getY().setValue(p2.getX()).setProduct(p.getZ());
+- p.getY().setSum(p.getX());
+- t2.setValue(p.getZ());
+- p.getZ().setProduct(b);
+-
+- p.getX().setValue(p.getY()).setDifference(p.getZ());
+- p.getX().setReduced();
+- p.getZ().setValue(p.getX()).setProduct(two);
+- p.getX().setSum(p.getZ());
+-
+- p.getZ().setValue(t1).setDifference(p.getX());
+- p.getX().setSum(t1);
+- p.getY().setProduct(b);
+-
+- t1.setValue(t2).setProduct(two);
+- t2.setSum(t1);
+- t2.setReduced();
+- p.getY().setDifference(t2);
+-
+- p.getY().setDifference(t0);
+- p.getY().setReduced();
+- t1.setValue(p.getY()).setProduct(two);
+- p.getY().setSum(t1);
+-
+- t1.setValue(t0).setProduct(two);
+- t0.setSum(t1);
+- t0.setDifference(t2);
+-
+- t1.setValue(t4).setProduct(p.getY());
+- t2.setValue(t0).setProduct(p.getY());
+- p.getY().setValue(p.getX()).setProduct(p.getZ());
+-
+- p.getY().setSum(t2);
+- p.getX().setProduct(t3);
+- p.getX().setDifference(t1);
+-
+- p.getZ().setProduct(t4);
+- t1.setValue(t3).setProduct(t0);
+- p.getZ().setSum(t1);
+-
+- }
+-
+- /*
+- * Projective point addition
+- */
+- private void setSum(ProjectivePoint.Mutable p, ProjectivePoint.Mutable p2,
+- MutableIntegerModuloP t0, MutableIntegerModuloP t1,
+- MutableIntegerModuloP t2, MutableIntegerModuloP t3,
+- MutableIntegerModuloP t4) {
+-
+- t0.setValue(p.getX()).setProduct(p2.getX());
+- t1.setValue(p.getY()).setProduct(p2.getY());
+- t2.setValue(p.getZ()).setProduct(p2.getZ());
+-
+- t3.setValue(p.getX()).setSum(p.getY());
+- t4.setValue(p2.getX()).setSum(p2.getY());
+- t3.setProduct(t4);
+-
+- t4.setValue(t0).setSum(t1);
+- t3.setDifference(t4);
+- t4.setValue(p.getY()).setSum(p.getZ());
+-
+- p.getY().setValue(p2.getY()).setSum(p2.getZ());
+- t4.setProduct(p.getY());
+- p.getY().setValue(t1).setSum(t2);
+-
+- t4.setDifference(p.getY());
+- p.getX().setSum(p.getZ());
+- p.getY().setValue(p2.getX()).setSum(p2.getZ());
+-
+- p.getX().setProduct(p.getY());
+- p.getY().setValue(t0).setSum(t2);
+- p.getY().setAdditiveInverse().setSum(p.getX());
+- p.getY().setReduced();
+-
+- p.getZ().setValue(t2).setProduct(b);
+- p.getX().setValue(p.getY()).setDifference(p.getZ());
+- p.getZ().setValue(p.getX()).setProduct(two);
+-
+- p.getX().setSum(p.getZ());
+- p.getX().setReduced();
+- p.getZ().setValue(t1).setDifference(p.getX());
+- p.getX().setSum(t1);
+-
+- p.getY().setProduct(b);
+- t1.setValue(t2).setSum(t2);
+- t2.setSum(t1);
+- t2.setReduced();
+-
+- p.getY().setDifference(t2);
+- p.getY().setDifference(t0);
+- p.getY().setReduced();
+- t1.setValue(p.getY()).setSum(p.getY());
+-
+- p.getY().setSum(t1);
+- t1.setValue(t0).setProduct(two);
+- t0.setSum(t1);
+-
+- t0.setDifference(t2);
+- t1.setValue(t4).setProduct(p.getY());
+- t2.setValue(t0).setProduct(p.getY());
+-
+- p.getY().setValue(p.getX()).setProduct(p.getZ());
+- p.getY().setSum(t2);
+- p.getX().setProduct(t3);
+-
+- p.getX().setDifference(t1);
+- p.getZ().setProduct(t4);
+- t1.setValue(t3).setProduct(t0);
+-
+- p.getZ().setSum(t1);
+-
+- }
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,76 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.ec.point;
+-
+-import sun.security.util.math.ImmutableIntegerModuloP;
+-
+-import java.util.Objects;
+-
+-/**
+- * Elliptic curve point represented using affine coordinates (x, y). This class
+- * is not part of the sun.security.ec.point.Point hierarchy because it is not
+- * used to hold intermediate values during point arithmetic, and so it does not
+- * have a mutable form.
+- */
+-public class AffinePoint {
+-
+- private final ImmutableIntegerModuloP x;
+- private final ImmutableIntegerModuloP y;
+-
+- public AffinePoint(ImmutableIntegerModuloP x, ImmutableIntegerModuloP y) {
+- this.x = x;
+- this.y = y;
+- }
+-
+- public ImmutableIntegerModuloP getX() {
+- return x;
+- }
+-
+- public ImmutableIntegerModuloP getY() {
+- return y;
+- }
+-
+- @Override
+- public boolean equals(Object obj) {
+- if (!(obj instanceof AffinePoint)) {
+- return false;
+- }
+- AffinePoint p = (AffinePoint) obj;
+- boolean xEquals = x.asBigInteger().equals(p.x.asBigInteger());
+- boolean yEquals = y.asBigInteger().equals(p.y.asBigInteger());
+- return xEquals && yEquals;
+- }
+-
+- @Override
+- public int hashCode() {
+- return Objects.hash(x, y);
+- }
+-
+- @Override
+- public String toString() {
+- return "(" + x.asBigInteger().toString() + "," +
+- y.asBigInteger().toString() + ")";
+- }
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,32 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-package sun.security.ec.point;
+-
+-/**
+- * An interface for immutable points on an elliptic curve over a finite field.
+- */
+-public interface ImmutablePoint extends Point {
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,37 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-package sun.security.ec.point;
+-
+-/**
+- * An interface for mutable points on an elliptic curve over a finite field.
+- */
+-public interface MutablePoint extends Point {
+-
+- MutablePoint setValue(AffinePoint p);
+- MutablePoint setValue(Point p);
+- MutablePoint conditionalSet(Point p, int set);
+-
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/Point.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/point/Point.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,45 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-package sun.security.ec.point;
+-
+-import sun.security.util.math.IntegerFieldModuloP;
+-
+-/**
+- * A base interface for points on an elliptic curve over a finite field.
+- * Implementations may use different representations for points, and this
+- * interface creates a common API for manipulating points. This API has no
+- * methods for point arithmetic, which depends on group structure and curve
+- * parameters in addition to point representation.
+- */
+-public interface Point {
+-
+- IntegerFieldModuloP getField();
+- AffinePoint asAffine();
+-
+- ImmutablePoint fixed();
+- MutablePoint mutable();
+-
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,160 +0,0 @@
+-/*
+- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.ec.point;
+-
+-import sun.security.util.math.*;
+-
+-/**
+- * Elliptic curve point in projective coordinates (X, Y, Z) where
+- * an affine point (x, y) is represented using any (X, Y, Z) s.t.
+- * x = X/Z and y = Y/Z.
+- */
+-public abstract class ProjectivePoint
+- <T extends IntegerModuloP> implements Point {
+-
+- protected final T x;
+- protected final T y;
+- protected final T z;
+-
+- protected ProjectivePoint(T x, T y, T z) {
+-
+- this.x = x;
+- this.y = y;
+- this.z = z;
+- }
+-
+- @Override
+- public IntegerFieldModuloP getField() {
+- return this.x.getField();
+- }
+-
+- @Override
+- public Immutable fixed() {
+- return new Immutable(x.fixed(), y.fixed(), z.fixed());
+- }
+-
+- @Override
+- public Mutable mutable() {
+- return new Mutable(x.mutable(), y.mutable(), z.mutable());
+- }
+-
+- public T getX() {
+- return x;
+- }
+-
+- public T getY() {
+- return y;
+- }
+-
+- public T getZ() {
+- return z;
+- }
+-
+- public AffinePoint asAffine() {
+- IntegerModuloP zInv = z.multiplicativeInverse();
+- return new AffinePoint(x.multiply(zInv), y.multiply(zInv));
+- }
+-
+- public static class Immutable
+- extends ProjectivePoint<ImmutableIntegerModuloP>
+- implements ImmutablePoint {
+-
+- public Immutable(ImmutableIntegerModuloP x,
+- ImmutableIntegerModuloP y,
+- ImmutableIntegerModuloP z) {
+- super(x, y, z);
+- }
+- }
+-
+- public static class Mutable
+- extends ProjectivePoint<MutableIntegerModuloP>
+- implements MutablePoint {
+-
+- public Mutable(MutableIntegerModuloP x,
+- MutableIntegerModuloP y,
+- MutableIntegerModuloP z) {
+- super(x, y, z);
+- }
+-
+- public Mutable(IntegerFieldModuloP field) {
+- super(field.get0().mutable(),
+- field.get0().mutable(),
+- field.get0().mutable());
+- }
+-
+- @Override
+- public Mutable conditionalSet(Point p, int set) {
+- if (!(p instanceof ProjectivePoint)) {
+- throw new RuntimeException("Incompatible point");
+- }
+- @SuppressWarnings("unchecked")
+- ProjectivePoint<IntegerModuloP> pp =
+- (ProjectivePoint<IntegerModuloP>) p;
+- return conditionalSet(pp, set);
+- }
+-
+- private <T extends IntegerModuloP>
+- Mutable conditionalSet(ProjectivePoint<T> pp, int set) {
+-
+- x.conditionalSet(pp.x, set);
+- y.conditionalSet(pp.y, set);
+- z.conditionalSet(pp.z, set);
+-
+- return this;
+- }
+-
+- @Override
+- public Mutable setValue(AffinePoint p) {
+- x.setValue(p.getX());
+- y.setValue(p.getY());
+- z.setValue(p.getX().getField().get1());
+-
+- return this;
+- }
+-
+- @Override
+- public Mutable setValue(Point p) {
+- if (!(p instanceof ProjectivePoint)) {
+- throw new RuntimeException("Incompatible point");
+- }
+- @SuppressWarnings("unchecked")
+- ProjectivePoint<IntegerModuloP> pp =
+- (ProjectivePoint<IntegerModuloP>) p;
+- return setValue(pp);
+- }
+-
+- private <T extends IntegerModuloP>
+- Mutable setValue(ProjectivePoint<T> pp) {
+-
+- x.setValue(pp.x);
+- y.setValue(pp.y);
+- z.setValue(pp.z);
+-
+- return this;
+- }
+-
+- }
+-
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/Function.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/Function.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,44 +0,0 @@
+-/*
+- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-/**
+- * Represents a function that accepts one argument and produces a result.
+- *
+- * @param <T> the type of the input to the function
+- * @param <R> the type of the result of the function
+- *
+- * @since 1.8
+- */
+-public interface Function<T, R> {
+-
+- /**
+- * Applies this function to the given argument.
+- *
+- * @param t the function argument
+- * @return the function result
+- */
+- R apply(T t);
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/Optional.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/Optional.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,271 +0,0 @@
+-/*
+- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-import java.util.Objects;
+-import java.util.NoSuchElementException;
+-
+-/**
+- * A container object which may or may not contain a non-null value.
+- * If a value is present, {@code isPresent()} will return {@code true} and
+- * {@code get()} will return the value.
+- *
+- * <p>Additional methods that depend on the presence or absence of a contained
+- * value are provided, such as {@link #orElse(java.lang.Object) orElse()}
+- * (return a default value if value not present) and
+- * {@link #ifPresent(java.util.function.Consumer) ifPresent()} (execute a block
+- * of code if the value is present).
+- *
+- * <p>This is a <a href="../lang/doc-files/ValueBased.html">value-based</a>
+- * class; use of identity-sensitive operations (including reference equality
+- * ({@code ==}), identity hash code, or synchronization) on instances of
+- * {@code Optional} may have unpredictable results and should be avoided.
+- *
+- * @since 1.8
+- */
+-public final class Optional<T> {
+- /**
+- * Common instance for {@code empty()}.
+- */
+- private static final Optional<?> EMPTY = new Optional<>();
+-
+- /**
+- * If non-null, the value; if null, indicates no value is present
+- */
+- private final T value;
+-
+- /**
+- * Constructs an empty instance.
+- *
+- * @implNote Generally only one empty instance, {@link Optional#EMPTY},
+- * should exist per VM.
+- */
+- private Optional() {
+- this.value = null;
+- }
+-
+- /**
+- * Returns an empty {@code Optional} instance. No value is present for this
+- * {@code Optional}.
+- *
+- * @apiNote
+- * Though it may be tempting to do so, avoid testing if an object is empty
+- * by comparing with {@code ==} against instances returned by
+- * {@code Optional.empty()}. There is no guarantee that it is a singleton.
+- * Instead, use {@link #isPresent()}.
+- *
+- * @param <T> The type of the non-existent value
+- * @return an empty {@code Optional}
+- */
+- public static<T> Optional<T> empty() {
+- @SuppressWarnings("unchecked")
+- Optional<T> t = (Optional<T>) EMPTY;
+- return t;
+- }
+-
+-
+- /**
+- * Constructs an instance with the described value.
+- *
+- * @param value the non-{@code null} value to describe
+- * @throws NullPointerException if value is {@code null}
+- */
+- private Optional(T value) {
+- this.value = Objects.requireNonNull(value);
+- }
+-
+- /**
+- * Returns an {@code Optional} describing the given non-{@code null}
+- * value.
+- *
+- * @param value the value to describe, which must be non-{@code null}
+- * @param <T> the type of the value
+- * @return an {@code Optional} with the value present
+- * @throws NullPointerException if value is {@code null}
+- */
+- public static <T> Optional<T> of(T value) {
+- return new Optional<>(value);
+- }
+-
+- /**
+- * Returns an {@code Optional} describing the specified value, if non-null,
+- * otherwise returns an empty {@code Optional}.
+- *
+- * @param <T> the class of the value
+- * @param value the possibly-null value to describe
+- * @return an {@code Optional} with a present value if the specified value
+- * is non-null, otherwise an empty {@code Optional}
+- */
+- public static <T> Optional<T> ofNullable(T value) {
+- return value == null ? new Optional<T>() : of(value);
+- }
+-
+- /**
+- * If a value is present, returns the value, otherwise throws
+- * {@code NoSuchElementException}.
+- *
+- * @apiNote
+- * The preferred alternative to this method is {@link #orElseThrow()}.
+- *
+- * @return the non-{@code null} value described by this {@code Optional}
+- * @throws NoSuchElementException if no value is present
+- */
+- public T get() {
+- if (value == null) {
+- throw new NoSuchElementException("No value present");
+- }
+- return value;
+- }
+-
+- /**
+- * If a value is present, returns {@code true}, otherwise {@code false}.
+- *
+- * @return {@code true} if a value is present, otherwise {@code false}
+- */
+- public boolean isPresent() {
+- return value != null;
+- }
+-
+- /**
+- * If a value is not present, returns {@code true}, otherwise
+- * {@code false}.
+- *
+- * @return {@code true} if a value is not present, otherwise {@code false}
+- * @since 11
+- */
+- public boolean isEmpty() {
+- return value == null;
+- }
+-
+- /**
+- * If a value is present, apply the provided mapping function to it,
+- * and if the result is non-null, return an {@code Optional} describing the
+- * result. Otherwise return an empty {@code Optional}.
+- *
+- * @apiNote This method supports post-processing on optional values, without
+- * the need to explicitly check for a return status. For example, the
+- * following code traverses a stream of file names, selects one that has
+- * not yet been processed, and then opens that file, returning an
+- * {@code Optional<FileInputStream>}:
+- *
+- * <pre>{@code
+- * Optional<FileInputStream> fis =
+- * names.stream().filter(name -> !isProcessedYet(name))
+- * .findFirst()
+- * .map(name -> new FileInputStream(name));
+- * }</pre>
+- *
+- * Here, {@code findFirst} returns an {@code Optional<String>}, and then
+- * {@code map} returns an {@code Optional<FileInputStream>} for the desired
+- * file if one exists.
+- *
+- * @param <U> The type of the result of the mapping function
+- * @param mapper a mapping function to apply to the value, if present
+- * @return an {@code Optional} describing the result of applying a mapping
+- * function to the value of this {@code Optional}, if a value is present,
+- * otherwise an empty {@code Optional}
+- * @throws NullPointerException if the mapping function is null
+- */
+- public<U> Optional<U> map(Function<? super T, ? extends U> mapper) {
+- Objects.requireNonNull(mapper);
+- if (!isPresent())
+- return empty();
+- else {
+- return Optional.ofNullable(mapper.apply(value));
+- }
+- }
+-
+- /**
+- * Return the value if present, otherwise invoke {@code other} and return
+- * the result of that invocation.
+- *
+- * @param other a {@code Supplier} whose result is returned if no value
+- * is present
+- * @return the value if present otherwise the result of {@code other.get()}
+- * @throws NullPointerException if value is not present and {@code other} is
+- * null
+- */
+- public T orElseGet(Supplier<? extends T> other) {
+- return value != null ? value : other.get();
+- }
+-
+- /**
+- * Indicates whether some other object is "equal to" this {@code Optional}.
+- * The other object is considered equal if:
+- * <ul>
+- * <li>it is also an {@code Optional} and;
+- * <li>both instances have no value present or;
+- * <li>the present values are "equal to" each other via {@code equals()}.
+- * </ul>
+- *
+- * @param obj an object to be tested for equality
+- * @return {@code true} if the other object is "equal to" this object
+- * otherwise {@code false}
+- */
+- @Override
+- public boolean equals(Object obj) {
+- if (this == obj) {
+- return true;
+- }
+-
+- if (!(obj instanceof Optional)) {
+- return false;
+- }
+-
+- Optional<?> other = (Optional<?>) obj;
+- return Objects.equals(value, other.value);
+- }
+-
+- /**
+- * Returns the hash code of the value, if present, otherwise {@code 0}
+- * (zero) if no value is present.
+- *
+- * @return hash code value of the present value or {@code 0} if no value is
+- * present
+- */
+- @Override
+- public int hashCode() {
+- return Objects.hashCode(value);
+- }
+-
+- /**
+- * Returns a non-empty string representation of this {@code Optional}
+- * suitable for debugging. The exact presentation format is unspecified and
+- * may vary between implementations and versions.
+- *
+- * @implSpec
+- * If a value is present the result must include its string representation
+- * in the result. Empty and present {@code Optional}s must be unambiguously
+- * differentiable.
+- *
+- * @return the string representation of this instance
+- */
+- @Override
+- public String toString() {
+- return value != null
+- ? String.format("Optional[%s]", value)
+- : "Optional.empty";
+- }
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/Supplier.java 2019-07-14 02:30:40.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/Supplier.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,48 +0,0 @@
+-/*
+- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-/**
+- * Represents a supplier of results.
+- *
+- * <p>There is no requirement that a new or distinct result be returned each
+- * time the supplier is invoked.
+- *
+- * <p>This is a <a href="package-summary.html">functional interface</a>
+- * whose functional method is {@link #get()}.
+- *
+- * @param <T> the type of results supplied by this supplier
+- *
+- * @since 1.8
+- */
+-public interface Supplier<T> {
+-
+- /**
+- * Gets a result.
+- *
+- * @return a result
+- */
+- T get();
+-}
diff --git a/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch b/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch
new file mode 100644
index 0000000000..dc2eac6225
--- /dev/null
+++ b/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch
@@ -0,0 +1,1377 @@
+Revert a32dc7400435 due build error
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -38,6 +38,7 @@
+
+ import java.security.InvalidKeyException;
+ import java.security.MessageDigest;
++import java.util.Objects;
+
+ /**
+ * Rijndael --pronounced Reindaal-- is a symmetric cipher with a 128-bit
+@@ -347,8 +348,8 @@
+ */
+ void encryptBlock(byte[] in, int inOffset,
+ byte[] out, int outOffset) {
+- // Array bound checks are done in caller code, i.e.
+- // FeedbackCipher.encrypt/decrypt(...) to improve performance.
++ cryptBlockCheck(in, inOffset);
++ cryptBlockCheck(out, outOffset);
+ implEncryptBlock(in, inOffset, out, outOffset);
+ }
+
+@@ -425,8 +426,8 @@
+ */
+ void decryptBlock(byte[] in, int inOffset,
+ byte[] out, int outOffset) {
+- // Array bound checks are done in caller code, i.e.
+- // FeedbackCipher.encrypt/decrypt(...) to improve performance.
++ cryptBlockCheck(in, inOffset);
++ cryptBlockCheck(out, outOffset);
+ implDecryptBlock(in, inOffset, out, outOffset);
+ }
+
+@@ -587,6 +588,26 @@
+ out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 ));
+ }
+
++ // Used to perform all checks required by the Java semantics
++ // (i.e., null checks and bounds checks) on the input parameters
++ // to encryptBlock and to decryptBlock.
++ // Normally, the Java Runtime performs these checks, however, as
++ // encryptBlock and decryptBlock are possibly replaced with
++ // compiler intrinsics, the JDK performs the required checks instead.
++ // Does not check accesses to class-internal (private) arrays.
++ private static void cryptBlockCheck(byte[] array, int offset) {
++ Objects.requireNonNull(array);
++
++ if (offset < 0 || offset >= array.length) {
++ throw new ArrayIndexOutOfBoundsException(offset);
++ }
++
++ int largestIndex = offset + AES_BLOCK_SIZE - 1;
++ if (largestIndex < 0 || largestIndex >= array.length) {
++ throw new ArrayIndexOutOfBoundsException(largestIndex);
++ }
++ }
++
+ /**
+ * Expand a user-supplied key material into a session key.
+ *
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -29,7 +29,6 @@
+ import java.security.ProviderException;
+ import java.util.Objects;
+
+-import sun.security.util.ArrayUtil;
+
+ /**
+ * This class represents ciphers in cipher block chaining (CBC) mode.
+@@ -144,9 +143,9 @@
+ if (plainLen <= 0) {
+ return plainLen;
+ }
+- ArrayUtil.blockSizeCheck(plainLen, blockSize);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
++ cryptBlockSizeCheck(plainLen);
++ cryptNullAndBoundsCheck(plain, plainOffset, plainLen);
++ cryptNullAndBoundsCheck(cipher, cipherOffset, plainLen);
+ return implEncrypt(plain, plainOffset, plainLen,
+ cipher, cipherOffset);
+ }
+@@ -194,9 +193,9 @@
+ if (cipherLen <= 0) {
+ return cipherLen;
+ }
+- ArrayUtil.blockSizeCheck(cipherLen, blockSize);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
++ cryptBlockSizeCheck(cipherLen);
++ cryptNullAndBoundsCheck(cipher, cipherOffset, cipherLen);
++ cryptNullAndBoundsCheck(plain, plainOffset, cipherLen);
+ return implDecrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
+ }
+
+@@ -215,4 +214,23 @@
+ }
+ return cipherLen;
+ }
++
++ private void cryptBlockSizeCheck(int len) {
++ if ((len % blockSize) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
++ }
++
++ private static void cryptNullAndBoundsCheck(byte[] array, int offset, int len) {
++ Objects.requireNonNull(array);
++
++ if (offset < 0 || offset >= array.length) {
++ throw new ArrayIndexOutOfBoundsException(offset);
++ }
++
++ int endIndex = offset + len - 1;
++ if (endIndex < 0 || endIndex >= array.length) {
++ throw new ArrayIndexOutOfBoundsException(endIndex);
++ }
++ }
+ }
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -27,7 +27,6 @@
+
+ import java.security.InvalidKeyException;
+ import java.security.ProviderException;
+-import sun.security.util.ArrayUtil;
+
+ /**
+ * This class represents ciphers in cipher-feedback (CFB) mode.
+@@ -150,9 +149,9 @@
+ */
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset) {
+- ArrayUtil.blockSizeCheck(plainLen, numBytes);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
++ if ((plainLen % numBytes) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+
+ int nShift = blockSize - numBytes;
+ int loopCount = plainLen / numBytes;
+@@ -226,10 +225,9 @@
+ */
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset) {
+-
+- ArrayUtil.blockSizeCheck(cipherLen, numBytes);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
++ if ((cipherLen % numBytes) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+
+ int nShift = blockSize - numBytes;
+ int loopCount = cipherLen / numBytes;
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -27,7 +27,6 @@
+
+ import java.security.InvalidKeyException;
+
+-import sun.security.util.ArrayUtil;
+
+ /**
+ * This class represents ciphers in counter (CTR) mode.
+@@ -174,10 +173,6 @@
+ if (len == 0) {
+ return 0;
+ }
+-
+- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
+- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
+-
+ int result = len;
+ while (len-- > 0) {
+ if (used >= blockSize) {
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -27,7 +27,6 @@
+
+ import java.security.InvalidKeyException;
+ import java.security.ProviderException;
+-import sun.security.util.ArrayUtil;
+
+ /**
+ * This class represents ciphers in electronic codebook (ECB) mode.
+@@ -113,10 +112,9 @@
+ * @return the length of the encrypted data
+ */
+ int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+- ArrayUtil.blockSizeCheck(len, blockSize);
+- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
+- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
+-
++ if ((len % blockSize) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+ for (int i = len; i >= blockSize; i -= blockSize) {
+ embeddedCipher.encryptBlock(in, inOff, out, outOff);
+ inOff += blockSize;
+@@ -143,10 +141,9 @@
+ * @return the length of the decrypted data
+ */
+ int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+- ArrayUtil.blockSizeCheck(len, blockSize);
+- ArrayUtil.nullAndBoundsCheck(in, inOff, len);
+- ArrayUtil.nullAndBoundsCheck(out, outOff, len);
+-
++ if ((len % blockSize) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+ for (int i = len; i >= blockSize; i -= blockSize) {
+ embeddedCipher.decryptBlock(in, inOff, out, outOff);
+ inOff += blockSize;
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -27,7 +27,6 @@
+
+ import java.security.InvalidKeyException;
+ import java.security.ProviderException;
+-import sun.security.util.ArrayUtil;
+
+ /**
+ * This class represents ciphers in output-feedback (OFB) mode.
+@@ -149,10 +148,10 @@
+ */
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset) {
+- ArrayUtil.blockSizeCheck(plainLen, numBytes);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
+
++ if ((plainLen % numBytes) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+ int nShift = blockSize - numBytes;
+ int loopCount = plainLen / numBytes;
+
+@@ -190,9 +189,6 @@
+ */
+ int encryptFinal(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset) {
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
+-
+ int oddBytes = plainLen % numBytes;
+ int len = encrypt(plain, plainOffset, (plainLen - oddBytes),
+ cipher, cipherOffset);
+--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-04 19:20:08.000000000 +0200
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+@@ -27,7 +27,6 @@
+
+ import java.security.InvalidKeyException;
+ import java.security.ProviderException;
+-import sun.security.util.ArrayUtil;
+
+
+ /**
+@@ -137,10 +136,9 @@
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset)
+ {
+- ArrayUtil.blockSizeCheck(plainLen, blockSize);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen);
+-
++ if ((plainLen % blockSize) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+ int i;
+ int endIndex = plainOffset + plainLen;
+
+@@ -178,10 +176,9 @@
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset)
+ {
+- ArrayUtil.blockSizeCheck(cipherLen, blockSize);
+- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen);
+- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen);
+-
++ if ((cipherLen % blockSize) != 0) {
++ throw new ProviderException("Internal error in input buffering");
++ }
+ int i;
+ int endIndex = cipherOffset + cipherLen;
+
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-04 19:20:08.000000000 +0200
+@@ -25,38 +25,12 @@
+
+ package sun.security.util;
+
+-import java.util.List;
+-import java.security.*;
+-
+ /**
+ * This class holds the various utility methods for array range checks.
+ */
+
+ public final class ArrayUtil {
+
+- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator =
+- new Function<String, ArrayIndexOutOfBoundsException>() {
+- @Override
+- public ArrayIndexOutOfBoundsException apply(String x) {
+- return new ArrayIndexOutOfBoundsException(x);
+- }
+- };
+-
+- private static final BiFunction<String, List<Integer>,
+- ArrayIndexOutOfBoundsException> AIOOBE_SUPPLIER =
+- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator);
+-
+- public static void blockSizeCheck(int len, int blockSize) {
+- if ((len % blockSize) != 0) {
+- throw new ProviderException("Internal error in input buffering");
+- }
+- }
+-
+- public static void nullAndBoundsCheck(byte[] array, int offset, int len) {
+- // NPE is thrown when array is null
+- Preconditions.checkFromIndexSize(offset, len, array.length, AIOOBE_SUPPLIER);
+- }
+-
+ private static void swap(byte[] arr, int i, int j) {
+ byte tmp = arr[i];
+ arr[i] = arr[j];
+@@ -74,3 +48,4 @@
+ }
+ }
+ }
++
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/BiConsumer.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/BiConsumer.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,48 +0,0 @@
+-/*
+- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-/**
+- * Represents an operation that accepts two input arguments and returns no
+- * result. This is the two-arity specialization of {@link Consumer}.
+- * Unlike most other functional interfaces, {@code BiConsumer} is expected
+- * to operate via side-effects.
+- *
+- * @param <T> the type of the first argument to the operation
+- * @param <U> the type of the second argument to the operation
+- *
+- * @see Consumer
+- * @since 1.8
+- */
+-public interface BiConsumer<T, U> {
+-
+- /**
+- * Performs this operation on the given arguments.
+- *
+- * @param t the first input argument
+- * @param u the second input argument
+- */
+- void accept(T t, U u);
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/BiFunction.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/BiFunction.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,48 +0,0 @@
+-/*
+- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-/**
+- * Represents a function that accepts two arguments and produces a result.
+- * This is the two-arity specialization of {@link Function}.
+- *
+- * @param <T> the type of the first argument to the function
+- * @param <U> the type of the second argument to the function
+- * @param <R> the type of the result of the function
+- *
+- * @see Function
+- * @since 1.8
+- */
+-public interface BiFunction<T, U, R> {
+-
+- /**
+- * Applies this function to the given arguments.
+- *
+- * @param t the first function argument
+- * @param u the second function argument
+- * @return the function result
+- */
+- R apply(T t, U u);
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/IntSupplier.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/IntSupplier.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,45 +0,0 @@
+-/*
+- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-/**
+- * Represents a supplier of {@code int}-valued results. This is the
+- * {@code int}-producing primitive specialization of {@link Supplier}.
+- *
+- * <p>There is no requirement that a distinct result be returned each
+- * time the supplier is invoked.
+- *
+- * @see Supplier
+- * @since 1.8
+- */
+-public interface IntSupplier {
+-
+- /**
+- * Gets a result.
+- *
+- * @return a result
+- */
+- int getAsInt();
+-}
+--- openjdk.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/src/share/classes/sun/security/util/Preconditions.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,343 +0,0 @@
+-/*
+- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation. Oracle designates this
+- * particular file as subject to the "Classpath" exception as provided
+- * by Oracle in the LICENSE file that accompanied this code.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-package sun.security.util;
+-
+-import java.util.Arrays;
+-import java.util.Collections;
+-import java.util.List;
+-
+-/**
+- * Utility methods to check if state or arguments are correct.
+- *
+- */
+-public class Preconditions {
+-
+- /**
+- * Maps out-of-bounds values to a runtime exception.
+- *
+- * @param checkKind the kind of bounds check, whose name may correspond
+- * to the name of one of the range check methods, checkIndex,
+- * checkFromToIndex, checkFromIndexSize
+- * @param args the out-of-bounds arguments that failed the range check.
+- * If the checkKind corresponds a the name of a range check method
+- * then the bounds arguments are those that can be passed in order
+- * to the method.
+- * @param oobef the exception formatter that when applied with a checkKind
+- * and a list out-of-bounds arguments returns a runtime exception.
+- * If {@code null} then, it is as if an exception formatter was
+- * supplied that returns {@link IndexOutOfBoundsException} for any
+- * given arguments.
+- * @return the runtime exception
+- */
+- private static RuntimeException outOfBounds(
+- BiFunction<String, List<Integer>, ? extends RuntimeException> oobef,
+- String checkKind,
+- Integer... args) {
+- List<Integer> largs = Collections.unmodifiableList(Arrays.asList(args));
+- RuntimeException e = oobef == null
+- ? null : oobef.apply(checkKind, largs);
+- return e == null
+- ? new IndexOutOfBoundsException(outOfBoundsMessage(checkKind, largs)) : e;
+- }
+-
+- private static RuntimeException outOfBoundsCheckIndex(
+- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
+- int index, int length) {
+- return outOfBounds(oobe, "checkIndex", index, length);
+- }
+-
+- private static RuntimeException outOfBoundsCheckFromToIndex(
+- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
+- int fromIndex, int toIndex, int length) {
+- return outOfBounds(oobe, "checkFromToIndex", fromIndex, toIndex, length);
+- }
+-
+- private static RuntimeException outOfBoundsCheckFromIndexSize(
+- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe,
+- int fromIndex, int size, int length) {
+- return outOfBounds(oobe, "checkFromIndexSize", fromIndex, size, length);
+- }
+-
+- /**
+- * Returns an out-of-bounds exception formatter from an given exception
+- * factory. The exception formatter is a function that formats an
+- * out-of-bounds message from its arguments and applies that message to the
+- * given exception factory to produce and relay an exception.
+- *
+- * <p>The exception formatter accepts two arguments: a {@code String}
+- * describing the out-of-bounds range check that failed, referred to as the
+- * <em>check kind</em>; and a {@code List<Integer>} containing the
+- * out-of-bound integer values that failed the check. The list of
+- * out-of-bound values is not modified.
+- *
+- * <p>Three check kinds are supported {@code checkIndex},
+- * {@code checkFromToIndex} and {@code checkFromIndexSize} corresponding
+- * respectively to the specified application of an exception formatter as an
+- * argument to the out-of-bounds range check methods
+- * {@link #checkIndex(int, int, BiFunction) checkIndex},
+- * {@link #checkFromToIndex(int, int, int, BiFunction) checkFromToIndex}, and
+- * {@link #checkFromIndexSize(int, int, int, BiFunction) checkFromIndexSize}.
+- * Thus a supported check kind corresponds to a method name and the
+- * out-of-bound integer values correspond to method argument values, in
+- * order, preceding the exception formatter argument (similar in many
+- * respects to the form of arguments required for a reflective invocation of
+- * such a range check method).
+- *
+- * <p>Formatter arguments conforming to such supported check kinds will
+- * produce specific exception messages describing failed out-of-bounds
+- * checks. Otherwise, more generic exception messages will be produced in
+- * any of the following cases: the check kind is supported but fewer
+- * or more out-of-bounds values are supplied, the check kind is not
+- * supported, the check kind is {@code null}, or the list of out-of-bound
+- * values is {@code null}.
+- *
+- * @apiNote
+- * This method produces an out-of-bounds exception formatter that can be
+- * passed as an argument to any of the supported out-of-bounds range check
+- * methods declared by {@code Objects}. For example, a formatter producing
+- * an {@code ArrayIndexOutOfBoundsException} may be produced and stored on a
+- * {@code static final} field as follows:
+- * <pre>{@code
+- * static final
+- * BiFunction<String, List<Integer>, ArrayIndexOutOfBoundsException> AIOOBEF =
+- * outOfBoundsExceptionFormatter(ArrayIndexOutOfBoundsException::new);
+- * }</pre>
+- * The formatter instance {@code AIOOBEF} may be passed as an argument to an
+- * out-of-bounds range check method, such as checking if an {@code index}
+- * is within the bounds of a {@code limit}:
+- * <pre>{@code
+- * checkIndex(index, limit, AIOOBEF);
+- * }</pre>
+- * If the bounds check fails then the range check method will throw an
+- * {@code ArrayIndexOutOfBoundsException} with an appropriate exception
+- * message that is a produced from {@code AIOOBEF} as follows:
+- * <pre>{@code
+- * AIOOBEF.apply("checkIndex", List.of(index, limit));
+- * }</pre>
+- *
+- * @param f the exception factory, that produces an exception from a message
+- * where the message is produced and formatted by the returned
+- * exception formatter. If this factory is stateless and side-effect
+- * free then so is the returned formatter.
+- * Exceptions thrown by the factory are relayed to the caller
+- * of the returned formatter.
+- * @param <X> the type of runtime exception to be returned by the given
+- * exception factory and relayed by the exception formatter
+- * @return the out-of-bounds exception formatter
+- */
+- public static <X extends RuntimeException>
+- BiFunction<String, List<Integer>, X> outOfBoundsExceptionFormatter(final Function<String, X> f) {
+- // Use anonymous class to avoid bootstrap issues if this method is
+- // used early in startup
+- return new BiFunction<String, List<Integer>, X>() {
+- @Override
+- public X apply(String checkKind, List<Integer> args) {
+- return f.apply(outOfBoundsMessage(checkKind, args));
+- }
+- };
+- }
+-
+- private static String outOfBoundsMessage(String checkKind, List<Integer> args) {
+- if (checkKind == null && args == null) {
+- return String.format("Range check failed");
+- } else if (checkKind == null) {
+- return String.format("Range check failed: %s", args);
+- } else if (args == null) {
+- return String.format("Range check failed: %s", checkKind);
+- }
+-
+- int argSize = 0;
+- switch (checkKind) {
+- case "checkIndex":
+- argSize = 2;
+- break;
+- case "checkFromToIndex":
+- case "checkFromIndexSize":
+- argSize = 3;
+- break;
+- default:
+- }
+-
+- // Switch to default if fewer or more arguments than required are supplied
+- switch ((args.size() != argSize) ? "" : checkKind) {
+- case "checkIndex":
+- return String.format("Index %d out-of-bounds for length %d",
+- args.get(0), args.get(1));
+- case "checkFromToIndex":
+- return String.format("Range [%d, %d) out-of-bounds for length %d",
+- args.get(0), args.get(1), args.get(2));
+- case "checkFromIndexSize":
+- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
+- args.get(0), args.get(1), args.get(2));
+- default:
+- return String.format("Range check failed: %s %s", checkKind, args);
+- }
+- }
+-
+- /**
+- * Checks if the {@code index} is within the bounds of the range from
+- * {@code 0} (inclusive) to {@code length} (exclusive).
+- *
+- * <p>The {@code index} is defined to be out-of-bounds if any of the
+- * following inequalities is true:
+- * <ul>
+- * <li>{@code index < 0}</li>
+- * <li>{@code index >= length}</li>
+- * <li>{@code length < 0}, which is implied from the former inequalities</li>
+- * </ul>
+- *
+- * <p>If the {@code index} is out-of-bounds, then a runtime exception is
+- * thrown that is the result of applying the following arguments to the
+- * exception formatter: the name of this method, {@code checkIndex};
+- * and an unmodifiable list integers whose values are, in order, the
+- * out-of-bounds arguments {@code index} and {@code length}.
+- *
+- * @param <X> the type of runtime exception to throw if the arguments are
+- * out-of-bounds
+- * @param index the index
+- * @param length the upper-bound (exclusive) of the range
+- * @param oobef the exception formatter that when applied with this
+- * method name and out-of-bounds arguments returns a runtime
+- * exception. If {@code null} or returns {@code null} then, it is as
+- * if an exception formatter produced from an invocation of
+- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
+- * instead (though it may be more efficient).
+- * Exceptions thrown by the formatter are relayed to the caller.
+- * @return {@code index} if it is within bounds of the range
+- * @throws X if the {@code index} is out-of-bounds and the exception
+- * formatter is non-{@code null}
+- * @throws IndexOutOfBoundsException if the {@code index} is out-of-bounds
+- * and the exception formatter is {@code null}
+- * @since 9
+- *
+- * @implNote
+- * This method is made intrinsic in optimizing compilers to guide them to
+- * perform unsigned comparisons of the index and length when it is known the
+- * length is a non-negative value (such as that of an array length or from
+- * the upper bound of a loop)
+- */
+- public static <X extends RuntimeException>
+- int checkIndex(int index, int length,
+- BiFunction<String, List<Integer>, X> oobef) {
+- if (index < 0 || index >= length)
+- throw outOfBoundsCheckIndex(oobef, index, length);
+- return index;
+- }
+-
+- /**
+- * Checks if the sub-range from {@code fromIndex} (inclusive) to
+- * {@code toIndex} (exclusive) is within the bounds of range from {@code 0}
+- * (inclusive) to {@code length} (exclusive).
+- *
+- * <p>The sub-range is defined to be out-of-bounds if any of the following
+- * inequalities is true:
+- * <ul>
+- * <li>{@code fromIndex < 0}</li>
+- * <li>{@code fromIndex > toIndex}</li>
+- * <li>{@code toIndex > length}</li>
+- * <li>{@code length < 0}, which is implied from the former inequalities</li>
+- * </ul>
+- *
+- * <p>If the sub-range is out-of-bounds, then a runtime exception is
+- * thrown that is the result of applying the following arguments to the
+- * exception formatter: the name of this method, {@code checkFromToIndex};
+- * and an unmodifiable list integers whose values are, in order, the
+- * out-of-bounds arguments {@code fromIndex}, {@code toIndex}, and {@code length}.
+- *
+- * @param <X> the type of runtime exception to throw if the arguments are
+- * out-of-bounds
+- * @param fromIndex the lower-bound (inclusive) of the sub-range
+- * @param toIndex the upper-bound (exclusive) of the sub-range
+- * @param length the upper-bound (exclusive) the range
+- * @param oobef the exception formatter that when applied with this
+- * method name and out-of-bounds arguments returns a runtime
+- * exception. If {@code null} or returns {@code null} then, it is as
+- * if an exception formatter produced from an invocation of
+- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
+- * instead (though it may be more efficient).
+- * Exceptions thrown by the formatter are relayed to the caller.
+- * @return {@code fromIndex} if the sub-range within bounds of the range
+- * @throws X if the sub-range is out-of-bounds and the exception factory
+- * function is non-{@code null}
+- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and
+- * the exception factory function is {@code null}
+- * @since 9
+- */
+- public static <X extends RuntimeException>
+- int checkFromToIndex(int fromIndex, int toIndex, int length,
+- BiFunction<String, List<Integer>, X> oobef) {
+- if (fromIndex < 0 || fromIndex > toIndex || toIndex > length)
+- throw outOfBoundsCheckFromToIndex(oobef, fromIndex, toIndex, length);
+- return fromIndex;
+- }
+-
+- /**
+- * Checks if the sub-range from {@code fromIndex} (inclusive) to
+- * {@code fromIndex + size} (exclusive) is within the bounds of range from
+- * {@code 0} (inclusive) to {@code length} (exclusive).
+- *
+- * <p>The sub-range is defined to be out-of-bounds if any of the following
+- * inequalities is true:
+- * <ul>
+- * <li>{@code fromIndex < 0}</li>
+- * <li>{@code size < 0}</li>
+- * <li>{@code fromIndex + size > length}, taking into account integer overflow</li>
+- * <li>{@code length < 0}, which is implied from the former inequalities</li>
+- * </ul>
+- *
+- * <p>If the sub-range is out-of-bounds, then a runtime exception is
+- * thrown that is the result of applying the following arguments to the
+- * exception formatter: the name of this method, {@code checkFromIndexSize};
+- * and an unmodifiable list integers whose values are, in order, the
+- * out-of-bounds arguments {@code fromIndex}, {@code size}, and
+- * {@code length}.
+- *
+- * @param <X> the type of runtime exception to throw if the arguments are
+- * out-of-bounds
+- * @param fromIndex the lower-bound (inclusive) of the sub-interval
+- * @param size the size of the sub-range
+- * @param length the upper-bound (exclusive) of the range
+- * @param oobef the exception formatter that when applied with this
+- * method name and out-of-bounds arguments returns a runtime
+- * exception. If {@code null} or returns {@code null} then, it is as
+- * if an exception formatter produced from an invocation of
+- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used
+- * instead (though it may be more efficient).
+- * Exceptions thrown by the formatter are relayed to the caller.
+- * @return {@code fromIndex} if the sub-range within bounds of the range
+- * @throws X if the sub-range is out-of-bounds and the exception factory
+- * function is non-{@code null}
+- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and
+- * the exception factory function is {@code null}
+- * @since 9
+- */
+- public static <X extends RuntimeException>
+- int checkFromIndexSize(int fromIndex, int size, int length,
+- BiFunction<String, List<Integer>, X> oobef) {
+- if ((length | fromIndex | size) < 0 || size > length - fromIndex)
+- throw outOfBoundsCheckFromIndexSize(oobef, fromIndex, size, length);
+- return fromIndex;
+- }
+-}
+--- openjdk.orig/test/src/java/util/Objects/CheckIndex.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/test/java/util/Objects/CheckIndex.java 1970-01-01 01:00:00.000000000 +0100
+@@ -1,408 +0,0 @@
+-/*
+- * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved.
+- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+- *
+- * This code is free software; you can redistribute it and/or modify it
+- * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation.
+- *
+- * This code is distributed in the hope that it will be useful, but WITHOUT
+- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+- * version 2 for more details (a copy is included in the LICENSE file that
+- * accompanied this code).
+- *
+- * You should have received a copy of the GNU General Public License version
+- * 2 along with this work; if not, write to the Free Software Foundation,
+- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+- *
+- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+- * or visit www.oracle.com if you need additional information or have any
+- * questions.
+- */
+-
+-/**
+- * @test
+- * @summary Objects.checkIndex/jdk.internal.util.Preconditions.checkIndex tests
+- * @run testng CheckIndex
+- * @bug 8135248 8142493 8155794
+- */
+-
+-import org.testng.annotations.DataProvider;
+-import org.testng.annotations.Test;
+-
+-import java.util.ArrayList;
+-import java.util.Arrays;
+-import java.util.Collections;
+-import java.util.HashSet;
+-import java.util.List;
+-import java.util.Objects;
+-import java.util.Set;
+-
+-import sun.security.util.BiConsumer;
+-import sun.security.util.BiFunction;
+-import sun.security.util.Function;
+-import sun.security.util.IntSupplier;
+-import sun.security.util.Preconditions;
+-
+-import static org.testng.Assert.*;
+-
+-public class CheckIndex {
+-
+- private static final Function<String, IndexOutOfBoundsException> ioobeGenerator =
+- new Function<String, IndexOutOfBoundsException>() {
+- @Override
+- public IndexOutOfBoundsException apply(String x) {
+- return new IndexOutOfBoundsException(x);
+- }
+- };
+-
+- private static final Function<String, StringIndexOutOfBoundsException> sioobeGenerator =
+- new Function<String, StringIndexOutOfBoundsException>() {
+- @Override
+- public StringIndexOutOfBoundsException apply(String x) {
+- return new StringIndexOutOfBoundsException(x);
+- }
+- };
+-
+- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator =
+- new Function<String, ArrayIndexOutOfBoundsException>() {
+- @Override
+- public ArrayIndexOutOfBoundsException apply(String x) {
+- return new ArrayIndexOutOfBoundsException(x);
+- }
+- };
+-
+- static class AssertingOutOfBoundsException extends RuntimeException {
+- public AssertingOutOfBoundsException(String message) {
+- super(message);
+- }
+- }
+-
+- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBounds(
+- final String message, final String expCheckKind, final Integer... expArgs) {
+- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() {
+- @Override
+- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) {
+- assertEquals(checkKind, expCheckKind);
+- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs)));
+- try {
+- args.clear();
+- fail("Out of bounds List<Integer> argument should be unmodifiable");
+- } catch (Exception e) {
+- }
+- return new AssertingOutOfBoundsException(message);
+- }
+- };
+- }
+-
+- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBoundsReturnNull(
+- final String expCheckKind, final Integer... expArgs) {
+- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() {
+- @Override
+- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) {
+- assertEquals(checkKind, expCheckKind);
+- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs)));
+- return null;
+- }
+- };
+- }
+-
+- static final int[] VALUES = {0, 1, Integer.MAX_VALUE - 1, Integer.MAX_VALUE, -1, Integer.MIN_VALUE + 1, Integer.MIN_VALUE};
+-
+- @DataProvider
+- static Object[][] checkIndexProvider() {
+- List<Object[]> l = new ArrayList<>();
+- for (int index : VALUES) {
+- for (int length : VALUES) {
+- boolean withinBounds = index >= 0 &&
+- length >= 0 &&
+- index < length;
+- l.add(new Object[]{index, length, withinBounds});
+- }
+- }
+- return l.toArray(new Object[0][0]);
+- }
+-
+- interface X {
+- int apply(int a, int b, int c);
+- }
+-
+- @Test(dataProvider = "checkIndexProvider")
+- public void testCheckIndex(final int index, final int length, final boolean withinBounds) {
+- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { index, length }));
+- final String expectedMessage = withinBounds
+- ? null
+- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
+- apply("checkIndex", list).getMessage();
+-
+- BiConsumer<Class<? extends RuntimeException>, IntSupplier> checker =
+- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
+- @Override
+- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
+- try {
+- int rIndex = s.getAsInt();
+- if (!withinBounds)
+- fail(String.format(
+- "Index %d is out of bounds of [0, %d), but was reported to be within bounds", index, length));
+- assertEquals(rIndex, index);
+- }
+- catch (RuntimeException e) {
+- assertTrue(ec.isInstance(e));
+- if (withinBounds)
+- fail(String.format(
+- "Index %d is within bounds of [0, %d), but was reported to be out of bounds", index, length));
+- else
+- assertEquals(e.getMessage(), expectedMessage);
+- }
+- }
+- };
+-
+- checker.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkIndex(index, length,
+- assertingOutOfBounds(expectedMessage, "checkIndex", index, length));
+- }
+- });
+- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkIndex(index, length,
+- assertingOutOfBoundsReturnNull("checkIndex", index, length));
+- }
+- });
+- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkIndex(index, length, null);
+- }
+- });
+- checker.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkIndex(index, length,
+- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
+- }
+- });
+- checker.accept(StringIndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkIndex(index, length,
+- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
+- }
+- });
+- }
+-
+-
+- @DataProvider
+- static Object[][] checkFromToIndexProvider() {
+- List<Object[]> l = new ArrayList<>();
+- for (int fromIndex : VALUES) {
+- for (int toIndex : VALUES) {
+- for (int length : VALUES) {
+- boolean withinBounds = fromIndex >= 0 &&
+- toIndex >= 0 &&
+- length >= 0 &&
+- fromIndex <= toIndex &&
+- toIndex <= length;
+- l.add(new Object[]{fromIndex, toIndex, length, withinBounds});
+- }
+- }
+- }
+- return l.toArray(new Object[0][0]);
+- }
+-
+- @Test(dataProvider = "checkFromToIndexProvider")
+- public void testCheckFromToIndex(final int fromIndex, final int toIndex,
+- final int length, final boolean withinBounds) {
+- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, toIndex, length }));
+- final String expectedMessage = withinBounds
+- ? null
+- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
+- apply("checkFromToIndex", list).getMessage();
+-
+- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check =
+- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
+- @Override
+- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
+- try {
+- int rIndex = s.getAsInt();
+- if (!withinBounds)
+- fail(String.format(
+- "Range [%d, %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, toIndex, length));
+- assertEquals(rIndex, fromIndex);
+- }
+- catch (RuntimeException e) {
+- assertTrue(ec.isInstance(e));
+- if (withinBounds)
+- fail(String.format(
+- "Range [%d, %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, toIndex, length));
+- else
+- assertEquals(e.getMessage(), expectedMessage);
+- }
+- }
+- };
+-
+- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
+- assertingOutOfBounds(expectedMessage, "checkFromToIndex", fromIndex, toIndex, length));
+- }
+- });
+- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
+- assertingOutOfBoundsReturnNull("checkFromToIndex", fromIndex, toIndex, length));
+- }
+- });
+- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, null);
+- }
+- });
+- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
+- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
+- }
+- });
+- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromToIndex(fromIndex, toIndex, length,
+- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
+- }
+- });
+- }
+-
+-
+- @DataProvider
+- static Object[][] checkFromIndexSizeProvider() {
+- List<Object[]> l = new ArrayList<>();
+- for (int fromIndex : VALUES) {
+- for (int size : VALUES) {
+- for (int length : VALUES) {
+- // Explicitly convert to long
+- long lFromIndex = fromIndex;
+- long lSize = size;
+- long lLength = length;
+- // Avoid overflow
+- long lToIndex = lFromIndex + lSize;
+-
+- boolean withinBounds = lFromIndex >= 0L &&
+- lSize >= 0L &&
+- lLength >= 0L &&
+- lFromIndex <= lToIndex &&
+- lToIndex <= lLength;
+- l.add(new Object[]{fromIndex, size, length, withinBounds});
+- }
+- }
+- }
+- return l.toArray(new Object[0][0]);
+- }
+-
+- @Test(dataProvider = "checkFromIndexSizeProvider")
+- public void testCheckFromIndexSize(final int fromIndex, final int size,
+- final int length, final boolean withinBounds) {
+- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, size, length }));
+- final String expectedMessage = withinBounds
+- ? null
+- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator).
+- apply("checkFromIndexSize", list).getMessage();
+-
+- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check =
+- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() {
+- @Override
+- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) {
+- try {
+- int rIndex = s.getAsInt();
+- if (!withinBounds)
+- fail(String.format(
+- "Range [%d, %d + %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, fromIndex, size, length));
+- assertEquals(rIndex, fromIndex);
+- }
+- catch (RuntimeException e) {
+- assertTrue(ec.isInstance(e));
+- if (withinBounds)
+- fail(String.format(
+- "Range [%d, %d + %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, fromIndex, size, length));
+- else
+- assertEquals(e.getMessage(), expectedMessage);
+- }
+- }
+- };
+-
+- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromIndexSize(fromIndex, size, length,
+- assertingOutOfBounds(expectedMessage, "checkFromIndexSize", fromIndex, size, length));
+- }
+- });
+- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromIndexSize(fromIndex, size, length,
+- assertingOutOfBoundsReturnNull("checkFromIndexSize", fromIndex, size, length));
+- }
+- });
+- check.accept(IndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromIndexSize(fromIndex, size, length, null);
+- }
+- });
+- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromIndexSize(fromIndex, size, length,
+- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator));
+- }
+- });
+- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier () {
+- @Override
+- public int getAsInt() {
+- return Preconditions.checkFromIndexSize(fromIndex, size, length,
+- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator));
+- }
+- });
+- }
+-
+- @Test
+- public void uniqueMessagesForCheckKinds() {
+- BiFunction<String, List<Integer>, IndexOutOfBoundsException> f =
+- Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator);
+-
+- List<String> messages = new ArrayList<>();
+- List<Integer> arg1 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1 }));
+- List<Integer> arg2 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0 }));
+- List<Integer> arg3 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0 }));
+- List<Integer> arg4 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0, 0 }));
+- // Exact arguments
+- messages.add(f.apply("checkIndex", arg2).getMessage());
+- messages.add(f.apply("checkFromToIndex", arg3).getMessage());
+- messages.add(f.apply("checkFromIndexSize", arg3).getMessage());
+- // Unknown check kind
+- messages.add(f.apply("checkUnknown", arg3).getMessage());
+- // Known check kind with more arguments
+- messages.add(f.apply("checkIndex", arg3).getMessage());
+- messages.add(f.apply("checkFromToIndex", arg4).getMessage());
+- messages.add(f.apply("checkFromIndexSize", arg4).getMessage());
+- // Known check kind with fewer arguments
+- messages.add(f.apply("checkIndex", arg1).getMessage());
+- messages.add(f.apply("checkFromToIndex", arg2).getMessage());
+- messages.add(f.apply("checkFromIndexSize", arg2).getMessage());
+- // Null arguments
+- messages.add(f.apply(null, null).getMessage());
+- messages.add(f.apply("checkNullArguments", null).getMessage());
+- messages.add(f.apply(null, arg1).getMessage());
+-
+- Set<String> distinct = new HashSet<>(messages);
+- assertEquals(messages.size(), distinct.size());
+- }
+-}
+--- openjdk.orig/test/src/sun/security/util/math/TestIntegerModuloP.java 2019-07-15 08:52:23.000000000 +0200
++++ openjdk/jdk/test/sun/security/util/math/TestIntegerModuloP.java 2019-07-04 19:20:08.000000000 +0200
+@@ -37,7 +37,6 @@
+ * @run main TestIntegerModuloP sun.security.util.math.intpoly.P521OrderField 66 10
+ */
+
+-import sun.security.util.BiFunction;
+ import sun.security.util.math.*;
+ import sun.security.util.math.intpoly.*;
+
+@@ -52,6 +51,9 @@
+ // The test has a list of functions, and it selects randomly from that list
+
+ // The function types
++ interface BiFunction <T, U, V> {
++ V apply(T t, U u);
++ }
+ interface ElemFunction extends BiFunction
+ <MutableIntegerModuloP, IntegerModuloP, IntegerModuloP> { }
+ interface ElemArrayFunction extends BiFunction
+--- patches.orig/boot/ecj-stringswitch.patch
++++ patches/boot/ecj-stringswitch.patch
+@@ -1800,64 +1800,6 @@
+ "No MAC implementation for " + algo);
+ }
+ return kdf;
+-diff -Nru openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java
+---- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:20:04.496029417 +0100
+-+++ openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:54:34.212283390 +0100
+-@@ -169,31 +169,30 @@
+- }
+-
+- int argSize = 0;
+-- switch (checkKind) {
+-- case "checkIndex":
+-- argSize = 2;
+-- break;
+-- case "checkFromToIndex":
+-- case "checkFromIndexSize":
+-- argSize = 3;
+-- break;
+-- default:
+-- }
+--
+-+ if ("checkIndex".equals(checkKind)) {
+-+ argSize = 2;
+-+ } else if ("checkFromToIndex".equals(checkKind) ||
+-+ "checkFromIndexSize".equals(checkKind)) {
+-+ argSize = 3;
+-+ }
+-+
+- // Switch to default if fewer or more arguments than required are supplied
+-- switch ((args.size() != argSize) ? "" : checkKind) {
+-- case "checkIndex":
+-- return String.format("Index %d out-of-bounds for length %d",
+-- args.get(0), args.get(1));
+-- case "checkFromToIndex":
+-- return String.format("Range [%d, %d) out-of-bounds for length %d",
+-- args.get(0), args.get(1), args.get(2));
+-- case "checkFromIndexSize":
+-- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
+-- args.get(0), args.get(1), args.get(2));
+-- default:
+-- return String.format("Range check failed: %s %s", checkKind, args);
+-- }
+-+ if (args.size() != argSize) {
+-+ return String.format("Range check failed: %s %s", checkKind, args);
+-+ }
+-+
+-+ if ("checkIndex".equals(checkKind)) {
+-+ return String.format("Index %d out-of-bounds for length %d",
+-+ args.get(0), args.get(1));
+-+ } else if ("checkFromToIndex".equals(checkKind)) {
+-+ return String.format("Range [%d, %d) out-of-bounds for length %d",
+-+ args.get(0), args.get(1), args.get(2));
+-+ } else if ("checkFromIndexSize".equals(checkKind)) {
+-+ return String.format("Range [%d, %<d + %d) out-of-bounds for length %d",
+-+ args.get(0), args.get(1), args.get(2));
+-+ } else {
+-+ return String.format("Range check failed: %s %s", checkKind, args);
+-+ }
+- }
+-
+- /**
+ diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java
+ --- openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:46:22.926858210 +0000
+ +++ openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:48:58.096470164 +0000
diff --git a/community/openjdk7/icedtea-pr64174.patch b/community/openjdk7/icedtea-pr64174.patch
deleted file mode 100644
index ec8f0d5d3a..0000000000
--- a/community/openjdk7/icedtea-pr64174.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- patches.orig/boot/pr64174.patch
-+++ patches/boot/pr64174.patch
-@@ -1,8 +1,7 @@
--diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties
----- openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:09:06.030312835 +0000
--+++ openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:10:07.527160626 +0000
--@@ -320,7 +320,7 @@
-- # LAO PEOPLE'S DEMOCRATIC REPUBLIC
-+--- openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties
-++++ openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties
-+@@ -323,7 +323,7 @@
-+ # LAO PEOPLE'S DEMOCRATIC REPUBLIC (THE)
- LA=LAK
- # LATVIA
- -LV=LVL;2013-12-31-22-00-00;EUR
-@@ -10,7 +9,7 @@
- # LEBANON
- LB=LBP
- # LESOTHO
--@@ -332,7 +332,7 @@
-+@@ -335,7 +335,7 @@
- # LIECHTENSTEIN
- LI=CHF
- # LITHUANIA
diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD
index 556746b144..2cf1d3e0f8 100644
--- a/community/openjdk8/APKBUILD
+++ b/community/openjdk8/APKBUILD
@@ -2,10 +2,10 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openjdk8
-_icedteaver=3.15.0
+_icedteaver=3.16.0
# pkgver is <JDK version>.<JDK update>.<JDK build>
# Check https://icedtea.classpath.org/wiki/Main_Page when updating!
-pkgver=8.242.08
+pkgver=8.252.09
pkgrel=0
pkgdesc="OpenJDK 8 provided by IcedTea"
url="https://icedtea.classpath.org/"
@@ -63,12 +63,22 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x
icedtea-jdk-fix-libjvm-load.patch
icedtea-jdk-musl.patch
icedtea-jdk-includes.patch
- icedtea-jdk-getmntent-buffer.patch
icedtea-autoconf-config.patch
"
builddir="$srcdir/icedtea-$_icedteaver"
# secfixes:
+# 8.252.09-r0:
+# - CVE-2020-2754
+# - CVE-2020-2755
+# - CVE-2020-2756
+# - CVE-2020-2757
+# - CVE-2020-2773
+# - CVE-2020-2781
+# - CVE-2020-2800
+# - CVE-2020-2803
+# - CVE-2020-2805
+# - CVE-2020-2830
# 8.242.08-r0:
# - CVE-2020-2583
# - CVE-2020-2590
@@ -325,15 +335,15 @@ demos() {
"$subpkgdir"/$_java_home/
}
-sha512sums="7c5917acc03b19a41b5001beb71a72b3f63e65b3c97c5f9173067fbd795088f9578f628b386bfa0e934caa8f4faab4cfcae80329ee7180c0cbe49563309c84ca icedtea-3.15.0.tar.xz
-d7dca834fc65b67b1888c4cfbd50e263e58604b70560b4dd4e8e7ca518fcd54a70eaf9e5cff89fa1954beaa3071f5b55ef36fffb36589f5008e4be39e5a1aa38 openjdk-3.15.0.tar.xz
-b27aaef4839be9a6993d8511e492cf33884738e2fe19cd7d00f244a0f94cd0f3a3ff84c63811cd66ea18cdf7327bb270b7ab21c5b66c220a3bb0a31226bb21b5 corba-3.15.0.tar.xz
-25e166d208d99360c9ec5deba5075a5268f2fbc3f31ad9dee0dbd33ee37bc78829d12c9ea11faa5d59ec53385f7dc5f0be29512199db2856068cf81b9ec1ca79 jaxp-3.15.0.tar.xz
-cb7a9f80bd33a33f4eb03b091e6c6d3fb6a450695d0231c378d04878fc03e1574f82045c628993e6136188fd2e4144e31c82320b178b21a0aae867e989bfdeeb jaxws-3.15.0.tar.xz
-306e2c188987de8d1aa233db1c42522249198b4f3eb71919da911289ab2308b4ab9406c6215c5c157868618341cafbc086bb0e5c423bb6650edfedcc05b17475 jdk-3.15.0.tar.xz
-3fcb7d264ff23de8b049b264213b05ee9e9120089eaea989e881c0cddc73a2ef9d01f89f66e7ff23c88d9bc4864824c77894d0291caaf9a2a134d5fae650cc32 langtools-3.15.0.tar.xz
-181e9f8d0c083b26a24e6bafe0187e39313a6685f3288d62794c5ec07cb8901b53eba25badc74b367de08b53cd2176df45e184f7a6ccbfab57370e7d3cf388f9 hotspot-3.15.0.tar.xz
-6d27137dd80d6363e64ef2c6b3abc60603480e9e7f5b99e06ee546a2cc707b801087ce8cc8d021776f5d2b15b73728f08b2e649c65265ba264655d816921ffe7 nashorn-3.15.0.tar.xz
+sha512sums="67964f283b5a220ded7c86141ac359fc51f41077686d3e68568a9f303d2e5e6d62472bef2d6f5f9d53897a55589c84d3212983194607b9a6704192752f8ad2ac icedtea-3.16.0.tar.xz
+76b32457958c2cdbb0006629bb41652286a1a9bfbda862665eddf822d4653d4858f9f2565e849b0e49f031b7667be73be8fe8c71abc65e1795eb570a96d1fd1e openjdk-3.16.0.tar.xz
+bf90c95f401d4628e32b9a7ea78b7d43944f82882818a81d2ff368f09e49148091bf823d78ed56c343c175fe6d25492d9b78e25b725f218592ea94c4ae285e56 corba-3.16.0.tar.xz
+86e8c18741c1f4baca27d784b068765e404a5c2ee6ecb172c826fc1d6192b5776133f103b749839c39154fcaec87a0df95e8fd5bcb56b1e9b811711b296a4836 jaxp-3.16.0.tar.xz
+824ef15aa70ec629406fd9b98a69e5699fe8f6a8ab06be00ac546bcda1daf485b20de6ea0310064e000efbaf35b1cebee25bf69033634fdce8434efb3bb16f1d jaxws-3.16.0.tar.xz
+9202f88b360637ad474920d8a6f85740e6a425679617ef713efd67778b4c7ca0b3eba7e4fc9d33de0bbd5dacda4862c8a9b63a13880204388b01af29d5fb6a55 jdk-3.16.0.tar.xz
+1858bb3b7dd37edd817a52c67a878b48bc9b790623e77d9a6107f54b141638cb101ae3b8df560e3352c9ca2925aa5d493b4924e36a238be5a9628c714cc23642 langtools-3.16.0.tar.xz
+19490ccc377fde5dc3d4396425e945f32e121ad0cc4be394b07f8698a7e3805b16fc41e427bab5fa290cb84efc7edb62acf8ca98072176343f5584d692592d2d hotspot-3.16.0.tar.xz
+4bf87e7441ac747f133612e1fba5c06946c6731bae76132ffc614b41fcb689fda9d9ceb1e1fee3765765c6109894c85cf0f6e6fa9eb301f9a2d640ea6cd1c16c nashorn-3.16.0.tar.xz
1f470432275d5beaa8b4e4352a2f24a4a00593546dc4f3bd857794c89e521e8e6d6abc540762bbd769be3e1e3da058e134dc5dc066d12b9b8a1f0656040a795c fix-paxmark.patch
28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c icedtea-hotspot-musl.patch
e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch
@@ -341,7 +351,6 @@ e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d95
f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch
48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch
b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471 icedtea-jdk-fix-libjvm-load.patch
-1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9 icedtea-jdk-musl.patch
-e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch
-7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch
+3b01de971f64f082d3e289cf337e635ef001381e8ca427a77baa9c52c7ba423889f57665779ca5b3c8bcefb8feacbea31dfaac580c969a4f061439069ee34aae icedtea-jdk-musl.patch
+974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3 icedtea-jdk-includes.patch
662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch"
diff --git a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch b/community/openjdk8/icedtea-jdk-getmntent-buffer.patch
deleted file mode 100644
index 075a9d4238..0000000000
--- a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-Give a much bigger buffer to getmntent_r.
-
-https://bugs.alpinelinux.org/issues/7093
-
-diff --git a/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c b/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-index c8500db..d0b85d6 100644
---- openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-+++ openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c
-@@ -33,6 +33,7 @@
- #include <dlfcn.h>
- #include <errno.h>
- #include <mntent.h>
-+#include <limits.h>
-
- #include "sun_nio_fs_LinuxNativeDispatcher.h"
-
-@@ -173,8 +174,8 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
- jlong value, jobject entry)
- {
- struct mntent ent;
-- char buf[1024];
-- int buflen = sizeof(buf);
-+ char *buf = NULL;
-+ const size_t buflen = PATH_MAX * 4;
- struct mntent* m;
- FILE* fp = jlong_to_ptr(value);
- jsize len;
-@@ -183,10 +184,17 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
- char* dir;
- char* fstype;
- char* options;
-+ jint res = -1;
-
-- m = getmntent_r(fp, &ent, (char*)&buf, buflen);
-- if (m == NULL)
-+ buf = malloc(buflen);
-+ if (buf == NULL) {
-+ JNU_ThrowOutOfMemoryError(env, "native heap");
- return -1;
-+ }
-+ m = getmntent_r(fp, &ent, buf, buflen);
-+ if (m == NULL)
-+ goto out;
-+
- name = m->mnt_fsname;
- dir = m->mnt_dir;
- fstype = m->mnt_type;
-@@ -195,32 +203,35 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this,
- len = strlen(name);
- bytes = (*env)->NewByteArray(env, len);
- if (bytes == NULL)
-- return -1;
-+ goto out;
- (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)name);
- (*env)->SetObjectField(env, entry, entry_name, bytes);
-
- len = strlen(dir);
- bytes = (*env)->NewByteArray(env, len);
- if (bytes == NULL)
-- return -1;
-+ goto out;
- (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)dir);
- (*env)->SetObjectField(env, entry, entry_dir, bytes);
-
- len = strlen(fstype);
- bytes = (*env)->NewByteArray(env, len);
- if (bytes == NULL)
-- return -1;
-+ goto out;
- (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)fstype);
- (*env)->SetObjectField(env, entry, entry_fstype, bytes);
-
- len = strlen(options);
- bytes = (*env)->NewByteArray(env, len);
- if (bytes == NULL)
-- return -1;
-+ goto out;
- (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)options);
- (*env)->SetObjectField(env, entry, entry_options, bytes);
-
-- return 0;
-+ res = 0;
-+out:
-+ free(buf);
-+ return res;
- }
-
- JNIEXPORT void JNICALL
diff --git a/community/openjdk8/icedtea-jdk-includes.patch b/community/openjdk8/icedtea-jdk-includes.patch
index 6443a1973d..5acbb9efb8 100644
--- a/community/openjdk8/icedtea-jdk-includes.patch
+++ b/community/openjdk8/icedtea-jdk-includes.patch
@@ -53,17 +53,6 @@
/* O Flags */
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c
-+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c
-@@ -28,7 +28,7 @@
- #include <sys/types.h>
- #include <sys/socket.h>
- #if defined(__linux__) && !defined(USE_SELECT)
--#include <sys/poll.h>
-+#include <poll.h>
- #endif
- #include <netinet/tcp.h> /* Defines TCP_NODELAY, needed for 2.6 */
- #include <netinet/in.h>
--- openjdk.orig/jdk/src/solaris/native/java/net/bsd_close.c
+++ openjdk/jdk/src/solaris/native/java/net/bsd_close.c
@@ -36,7 +36,7 @@
@@ -88,14 +77,14 @@
* Stack allocated by thread when doing blocking operation
--- openjdk.orig/jdk/src/solaris/native/java/net/net_util_md.h
+++ openjdk/jdk/src/solaris/native/java/net/net_util_md.h
-@@ -33,7 +33,7 @@
- #include <unistd.h>
-
- #ifndef USE_SELECT
+@@ -27,7 +27,7 @@
+ #define NET_UTILS_MD_H
+
+ #include <netdb.h>
-#include <sys/poll.h>
+#include <poll.h>
- #endif
-
+ #include <sys/socket.h>
+
int NET_Timeout(int s, long timeout);
--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c
+++ openjdk/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c
diff --git a/community/openjdk8/icedtea-jdk-musl.patch b/community/openjdk8/icedtea-jdk-musl.patch
index 97946ba424..09f5c082e5 100644
--- a/community/openjdk8/icedtea-jdk-musl.patch
+++ b/community/openjdk8/icedtea-jdk-musl.patch
@@ -47,28 +47,6 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/Inet4AddressImpl.c openjdk
#define HAS_GLIBC_GETHOSTBY_R 1
#endif
-diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-02-06 11:23:47.047832009 +0000
-@@ -41,7 +41,6 @@
- #endif
- #ifdef __linux__
- #include <unistd.h>
--#include <sys/sysctl.h>
- #include <sys/utsname.h>
- #include <netinet/ip.h>
-
-diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c
---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-02-06 11:23:47.047832009 +0000
-@@ -43,7 +43,6 @@
- #endif
- #ifdef __linux__
- #include <unistd.h>
--#include <sys/sysctl.h>
- #endif
-
- #include "jvm.h"
diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/src/solaris/native/java/net/linux_close.c
--- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c 2017-01-25 04:22:03.000000000 +0000
+++ openjdk/jdk/src/solaris/native/java/net/linux_close.c 2017-02-06 11:23:47.047832009 +0000
@@ -80,7 +58,7 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/
+static int sigWakeup;
/*
- * The fd table and the number of file descriptors
+ * fdTable holds one entry per file descriptor, up to a certain
@@ -95,6 +95,9 @@
/*
* Setup the signal handler
@@ -92,8 +70,8 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/
sa.sa_flags = 0;
sigemptyset(&sa.sa_mask);
diff -ru openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c
---- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000
-+++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000
+--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000
++++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000
@@ -36,7 +36,7 @@
#include <pthread.h>
#include <sys/signal.h>
diff --git a/community/php7/APKBUILD b/community/php7/APKBUILD
index 146c83add2..523cbc5d31 100644
--- a/community/php7/APKBUILD
+++ b/community/php7/APKBUILD
@@ -25,7 +25,7 @@
pkgname=php7
_pkgreal=php
-pkgver=7.2.27
+pkgver=7.2.31
pkgrel=0
_apiver=20170718
_suffix=${pkgname#php}
@@ -181,6 +181,12 @@ case "$CARCH" in
esac
# secfixes:
+# 7.2.31-r0:
+# - CVE-2019-11048
+# - CVE-2020-7062
+# - CVE-2020-7063
+# - CVE-2020-7064
+# - CVE-2020-7066
# 7.2.27-r0:
# - CVE-2020-7059
# - CVE-2020-7060
@@ -679,7 +685,7 @@ _mv() {
mv $@
}
-sha512sums="0d2cdfce73405772f359b231c66e6f64e0584a2b77e8e6e24f0c6bf38d3f3cb77dccc829fd7d0974f20030e875c3de399facce659e2b0293fb1c6336d9a37bed php-7.2.27.tar.bz2
+sha512sums="48d65eae98e6f6e8131c7b383591529f0da3efbb6bdb3d90b2b965cabcdcecf69575064c89f542b6e4346677774ebfb73828b649760e09601d76f48c6c917bc6 php-7.2.31.tar.bz2
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
diff --git a/community/zabbix/APKBUILD b/community/zabbix/APKBUILD
index 6a341f5844..9d9290ca24 100644
--- a/community/zabbix/APKBUILD
+++ b/community/zabbix/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=zabbix
-pkgver=4.0.16
+pkgver=4.0.21
pkgrel=0
pkgdesc="Enterprise-class open source distributed monitoring"
url="http://www.zabbix.com"
@@ -25,7 +25,7 @@ options="!check" # no tests available
subpackages="$pkgname-doc $pkgname-agent $pkgname-pgsql $pkgname-mysql $pkgname-sqlite
$pkgname-webif::noarch $pkgname-utils $pkgname-setup::noarch
$pkgname-openrc $pkgname-agent-openrc:agent_openrc"
-source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+source="$pkgname-$pkgver.tar.gz::https://github.com/zabbix/zabbix/archive/$pkgver.tar.gz
zabbix-server.initd
zabbix-server.confd
zabbix-agentd.initd
@@ -200,7 +200,7 @@ agent_openrc() {
"$subpkgdir"/etc/init.d/zabbix-agentd
}
-sha512sums="e5a0b13790ef082d63c879ebf989739ffde448161d45eb16ccf4100473556ef39d00466687ecce69e3430e54ec32015c2d00461b81f51510d08d8e38284e2ee6 zabbix-4.0.16.tar.gz
+sha512sums="f93137602a6f89feed66d35d6604f92bb4f8b6831cd9348108408a5bddeb98ac22ed72077e59b6e9dd12b894d115c0e410912e0c1d83bb36a9398188dbe80e30 zabbix-4.0.21.tar.gz
9998ee172a28002d98bacc3f76038ff52b8cf2b206e101418d76b4ca3de94afaf92cb4f7a6235ecf177f74beb9dd3ea1f3983c4f164b4f60bb601acba65aa175 zabbix-server.initd
9c06527bf653c40585fa7eeb3f7a0b2fc454031d24cd0d1633aed87b78a681c5227a193c5b9fcfcea0839135874e27ba7dd9b198573f905f680a2856f79e9512 zabbix-server.confd
523013cab3ba79cbc00db92f09d4c5d514fd6aa9cbebf8f29227dc91fbc19d2f8375af74c21d2037e4f3380a818f808194dbc94e69709ef2cf90f66e715895c4 zabbix-agentd.initd
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 535a4753bd..259166b50e 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
-pkgver=2.4.43
+pkgver=2.4.46
pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="https://httpd.apache.org/"
@@ -51,6 +51,10 @@ options="suid"
builddir="$srcdir"/$_pkgreal-$pkgver
# secfixes:
+# 2.4.46-r0:
+# - CVE-2020-9490
+# - CVE-2020-11984
+# - CVE-2020-11993
# 2.4.43-r0:
# - CVE-2020-1927
# - CVE-2020-1934
@@ -347,7 +351,7 @@ _lua() {
"$subpkgdir"/usr/lib/apache2/
_load_mods
}
-sha512sums="16cfeecc8f6fab6eca478065a384bdf1872f7ac42206b0bc2bcac6c0d9c576f392c07107201f39e0601dec1bbafcb33d66153544de4d87d79b9a52094d334b64 httpd-2.4.43.tar.bz2
+sha512sums="5936784bb662e9d8a4f7fe38b70c043b468114d931cd10ea831bfe74461ea5856b64f88f42c567ab791fc8907640a99884ba4b6a600f86d661781812735b6f13 httpd-2.4.46.tar.bz2
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/axel/APKBUILD b/main/axel/APKBUILD
index 0e96319282..373726aa57 100644
--- a/main/axel/APKBUILD
+++ b/main/axel/APKBUILD
@@ -2,18 +2,32 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=axel
pkgver=2.16.1
-pkgrel=2
+pkgrel=3
pkgdesc="A multiple-connection concurrent downloader"
url="https://github.com/axel-download-accelerator/axel"
arch="all"
options="!check" # has no checks
license="GPL-2.0-or-later"
-makedepends="openssl-dev"
+makedepends="openssl-dev automake autoconf libtool gettext-dev"
subpackages="$pkgname-doc"
-source="$url/releases/download/v$pkgver/axel-$pkgver.tar.xz"
+source="$url/releases/download/v$pkgver/axel-$pkgver.tar.xz
+ CVE-2020-13614.patch
+ "
+
+# secfixes:
+# 2.16.1-r3:
+# - CVE-2020-13614
builddir="$srcdir/$pkgname-$pkgver"
+prepare() {
+ default_prepare
+
+ # We need to regenerate the configure script because the CVE-2020-13614
+ # modifies src/Makefile.am
+ autoreconf -fi
+}
+
build() {
cd "$builddir"
./configure \
@@ -32,4 +46,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="a263b6926acb6acf16353d0d02464d48ad89c18dd3328b84273c26cdb23cb7323084a8204a5c6ad163ad5352136cb1709c6734d4fec9bc1c514174dbbb3c5dab axel-2.16.1.tar.xz"
+sha512sums="a263b6926acb6acf16353d0d02464d48ad89c18dd3328b84273c26cdb23cb7323084a8204a5c6ad163ad5352136cb1709c6734d4fec9bc1c514174dbbb3c5dab axel-2.16.1.tar.xz
+b5365d6ccb3453d4e1d70e8cf734e9d6723e412904427d8bbee5e409511864c7a9970343c9a9c9cbfb86032a54ab78579ca180094e18f4b53028116b669b4cb5 CVE-2020-13614.patch"
diff --git a/main/axel/CVE-2020-13614.patch b/main/axel/CVE-2020-13614.patch
new file mode 100644
index 0000000000..f23b705e16
--- /dev/null
+++ b/main/axel/CVE-2020-13614.patch
@@ -0,0 +1,223 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 6269979..a56b4dd 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -14,6 +14,7 @@ axel_SOURCES = \
+ search.c \
+ search.h \
+ ssl.c \
++ ssl_verify.c \
+ ssl.h \
+ tcp.c \
+ tcp.h \
+diff --git a/src/ssl.c b/src/ssl.c
+index c05f238..0859b76 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -70,7 +70,7 @@ ssl_startup(void)
+ SSL *
+ ssl_connect(int fd, char *hostname, char *message)
+ {
+-
++ X509 *server_cert;
+ SSL_CTX *ssl_ctx;
+ SSL *ssl;
+
+@@ -91,9 +91,33 @@ ssl_connect(int fd, char *hostname, char *message)
+ if (err <= 0) {
+ sprintf(message, _("SSL error: %s\n"),
+ ERR_reason_error_string(ERR_get_error()));
++ SSL_CTX_free(ssl_ctx);
++ return NULL;
++ }
++
++ err = SSL_get_verify_result(ssl);
++ if (err != X509_V_OK) {
++ fprintf(stderr, _("SSL error: Certificate error"));
++ SSL_CTX_free(ssl_ctx);
+ return NULL;
+ }
+
++ server_cert = SSL_get_peer_certificate(ssl);
++ if (server_cert == NULL) {
++ fprintf(stderr, _("SSL error: Certificate not found"));
++ SSL_CTX_free(ssl_ctx);
++ return NULL;
++ }
++
++ if (!ssl_validate_hostname(hostname, server_cert)) {
++ fprintf(stderr, _("SSL error: Hostname verification failed"));
++ X509_free(server_cert);
++ SSL_CTX_free(ssl_ctx);
++ return NULL;
++ }
++
++ X509_free(server_cert);
++
+ return ssl;
+ }
+
+diff --git a/src/ssl.h b/src/ssl.h
+index cc00eaf..64fb933 100644
+--- a/src/ssl.h
++++ b/src/ssl.h
+@@ -44,5 +44,6 @@
+ void ssl_init(conf_t *conf);
+ SSL *ssl_connect(int fd, char *hostname, char *message);
+ void ssl_disconnect(SSL *ssl);
++bool ssl_validate_hostname(const char *hostname, const X509 *server_cert);
+
+ #endif /* AXEL_SSL_H */
+diff --git a/src/ssl_verify.c b/src/ssl_verify.c
+new file mode 100644
+index 0000000..8a67a3c
+--- /dev/null
++++ b/src/ssl_verify.c
+@@ -0,0 +1,147 @@
++/*
++ Helper functions to perform basic hostname validation using OpenSSL.
++
++ Author: Alban Diquet
++ Copyright (C) 2012, iSEC Partners.
++
++ Permission is hereby granted, free of charge, to any person obtaining a copy of
++ this software and associated documentation files (the "Software"), to deal in
++ the Software without restriction, including without limitation the rights to
++ use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
++ of the Software, and to permit persons to whom the Software is furnished to do
++ so, subject to the following conditions:
++
++ The above copyright notice and this permission notice shall be included in all
++ copies or substantial portions of the Software.
++
++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++ SOFTWARE.
++ */
++
++#include "axel.h"
++
++#ifdef HAVE_SSL
++
++#include <openssl/ssl.h>
++#include <openssl/x509v3.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10101000L
++#define ASN1_STRING_data_compat ASN1_STRING_data
++#else
++#define ASN1_STRING_data_compat ASN1_STRING_get0_data
++#endif
++
++typedef enum {
++ MatchFound,
++ MatchNotFound,
++ NoSANPresent,
++ MalformedCertificate,
++ Error
++} validate_result;
++
++static validate_result
++ssl_matches_common_name(const char *hostname, const X509 *server_cert)
++{
++ int common_name_loc = -1;
++ X509_NAME_ENTRY *common_name_entry = NULL;
++ ASN1_STRING *common_name_asn1 = NULL;
++ char *common_name_str = NULL;
++
++ // Find the position of the CN field in the Subject field of the certificate
++ common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1);
++ if (common_name_loc < 0) {
++ return Error;
++ }
++
++ // Extract the CN field
++ common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc);
++ if (common_name_entry == NULL) {
++ return Error;
++ }
++
++ // Convert the CN field to a C string
++ common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
++ if (common_name_asn1 == NULL) {
++ return Error;
++ }
++ common_name_str = (char *) ASN1_STRING_data_compat(common_name_asn1);
++
++ // Make sure there isn't an embedded NUL character in the CN
++ if ((size_t) ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
++ return MalformedCertificate;
++ }
++
++ // Compare expected hostname with the CN
++ if (strcasecmp(hostname, common_name_str) == 0) {
++ return MatchFound;
++ } else {
++ return MatchNotFound;
++ }
++}
++
++static validate_result
++ssl_matches_subject_alternative_name(const char *hostname, const X509 *server_cert)
++{
++ validate_result result = MatchNotFound;
++ int i;
++ int san_names_nb = -1;
++ STACK_OF(GENERAL_NAME) *san_names = NULL;
++
++ // Try to extract the names within the SAN extension from the certificate
++ san_names = X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
++ if (san_names == NULL) {
++ return NoSANPresent;
++ }
++ san_names_nb = sk_GENERAL_NAME_num(san_names);
++
++ // Check each name within the extension
++ for (i = 0; i < san_names_nb; i++) {
++ const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
++
++ if (current_name->type == GEN_DNS) {
++ // Current name is a DNS name, let's check it
++ char *dns_name = (char *) ASN1_STRING_data_compat(current_name->d.dNSName);
++
++ // Make sure there isn't an embedded NUL character in the DNS name
++ if ((size_t) ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) {
++ result = MalformedCertificate;
++ break;
++ } else {
++ // Compare expected hostname with the DNS name
++ if (strcasecmp(hostname, dns_name) == 0) {
++ result = MatchFound;
++ break;
++ }
++ }
++ }
++ }
++ sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
++
++ return result;
++}
++
++bool
++ssl_validate_hostname(const char *hostname, const X509 *server_cert)
++{
++ validate_result result;
++
++ if ((hostname == NULL) || (server_cert == NULL)) {
++ return false;
++ }
++
++ // First try the Subject Alternative Names extension
++ result = ssl_matches_subject_alternative_name(hostname, server_cert);
++ if (result == NoSANPresent) {
++ // Extension was not found: try the Common Name
++ result = ssl_matches_common_name(hostname, server_cert);
++ }
++
++ return result == MatchFound;
++}
++
++#endif /* HAVE_SSL */
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 46fca6c603..a4a135b086 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -53,6 +53,8 @@ source="https://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
# 1.29.3-r10:
# - CVE-2018-20679
# - CVE-2019-5747
+# 1.28.3-r2:
+# - CVE-2018-1000500
# 1.27.2-r4:
# - CVE-2017-16544
# - CVE-2017-15873
diff --git a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
new file mode 100644
index 0000000000..4a945a076b
--- /dev/null
+++ b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
@@ -0,0 +1,38 @@
+From fd399b2416191bd7f3b0f267bdb530ed829de271 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 5 Feb 2020 17:40:57 +0100
+Subject: [PATCH 3/3] update-ca: insert newline between certs
+
+There may be certificates that lack a trailing newline, which is allowed
+in the certificate format. We work around that by inject a newline after
+each cert.
+
+see https://gitlab.alpinelinux.org/alpine/aports/issues/8379
+---
+ update-ca.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/update-ca.c b/update-ca.c
+index 2b3195b..0260f83 100644
+--- a/update-ca.c
++++ b/update-ca.c
+@@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil
+ fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath);
+ if (!copyfile(fullpath, tmpfile_fd))
+ fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath);
++ write(tmpfile_fd, "\n", 1);
+ free(actual_file);
+ }
+
+@@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path,
+ DIR *dp = opendir(path);
+ if (!dp)
+ return false;
+-
++
+ struct dirent *dirp;
+ while ((dirp = readdir(dp)) != NULL) {
+ if (str_begins(dirp->d_name, "."))
+--
+2.25.0
+
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 389042e945..b3d7084abc 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -3,8 +3,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20191127
-pkgrel=0
-pkgdesc="Common CA certificates PEM files"
+pkgrel=2
+pkgdesc="Common CA certificates PEM files from Mozilla"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
license="MPL-2.0 GPL-2.0-or-later"
@@ -16,12 +16,16 @@ replaces="libcrypto1.0 openssl openssl1.0"
options="!fhs !check"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
-source="https://git.alpinelinux.org/ca-certificates/snapshot/ca-certificates-$pkgver.tar.xz"
+source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2
+ 0003-update-ca-insert-newline-between-certs.patch
+ "
builddir="$srcdir/ca-certificates-$pkgver"
build() {
cd "$builddir"
make
+ # remove expired cert (https://gitlab.alpinelinux.org/alpine/aports/issues/11607)
+ rm AddTrust_External_Root.crt
}
package() {
@@ -58,4 +62,5 @@ cacert() {
"$subpkgdir"/etc/ssl/cert.pem
}
-sha512sums="68a879680a5e20764b8a4ee3019e9a008193c578a687b0d29694355a679c04cbfa94d4049beb3c52a899d593f46254c94d67db833f39e91325a4476963b9ef18 ca-certificates-20191127.tar.xz"
+sha512sums="05e3a11efd80ea88eb81774e084febe4b8d1fa48f01f49e5ed3d469e10a2769260a264faed42ea3a0b725659cda1cc4a67ce5575fe04cdff9dc1c08207911c9b ca-certificates-20191127.tar.bz2
+051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595 0003-update-ca-insert-newline-between-certs.patch"
diff --git a/main/dbus/APKBUILD b/main/dbus/APKBUILD
index ee9fdc492a..fae169cfda 100644
--- a/main/dbus/APKBUILD
+++ b/main/dbus/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dbus
pkgver=1.10.28
-pkgrel=0
+pkgrel=1
pkgdesc="Freedesktop.org message bus system"
url="http://www.freedesktop.org/Software/dbus"
pkggroups="messagebus"
@@ -17,12 +17,15 @@ makedepends="$depends_dev expat-dev libx11-dev autoconf automake libtool xmlto
install="$pkgname.pre-install $pkgname.post-install"
source="https://dbus.freedesktop.org/releases/dbus/dbus-$pkgver.tar.gz
fix-int64-print.patch
+ CVE-2020-12049.patch
$pkgname.initd
"
# secfixes:
+# 1.12.28-r1:
+# - CVE-2020-12049
# 1.10.28-r0:
-# - CVE-2019-12749
+# - CVE-2019-12749
prepare() {
default_prepare
@@ -75,4 +78,5 @@ x11() {
sha512sums="d699e5c115dd33c7667c32bf66db0a211e98678ba4b6a155541a705af2819cd45868ca9d33d57a2df7fb1a1ac072e09c8607157a7cd3f8664292c118ae164f61 dbus-1.10.28.tar.gz
5f07d8cb377ab80c927a77236c3f3437f08351161e594c62a1ad43f0324c2dba3cc98d50257ae27b9a4f5148571c5f26f35db8b40f13c72e92f267d5356c87f0 fix-int64-print.patch
+f05e2d14f072da81186e8a70d0895b37ee8f17c566b71865a72419218562e0f08544b7ea04daf6682dec5ff9ebab440c015f57a05abfb93610ec77caf9c2da97 CVE-2020-12049.patch
df74e7d6a4f76f777d356e94bd23422b17656aa51a5b2d3c655fcabb32c84f2f06b9f5cd8827920d51842f89e8c0d968a6e723315e4bf216e55711fcda9b0ee9 dbus.initd"
diff --git a/main/dbus/CVE-2020-12049.patch b/main/dbus/CVE-2020-12049.patch
new file mode 100644
index 0000000000..f1b04b4a65
--- /dev/null
+++ b/main/dbus/CVE-2020-12049.patch
@@ -0,0 +1,103 @@
+This is a combination of
+
+https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748.patch
+https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5.patch
+
+Applied against the 1.10 tree (the commits are for 1.12)
+
+diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
+index b730971..4b0e390 100644
+--- a/dbus/dbus-sysdeps-unix.c
++++ b/dbus/dbus-sysdeps-unix.c
+@@ -432,18 +432,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
+ struct cmsghdr *cm;
+ dbus_bool_t found = FALSE;
+
+- if (m.msg_flags & MSG_CTRUNC)
+- {
+- /* Hmm, apparently the control data was truncated. The bad
+- thing is that we might have completely lost a couple of fds
+- without chance to recover them. Hence let's treat this as a
+- serious error. */
+-
+- errno = ENOSPC;
+- _dbus_string_set_length (buffer, start);
+- return -1;
+- }
+-
+ for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
+ if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
+ {
+@@ -498,6 +486,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
+ if (!found)
+ *n_fds = 0;
+
++ if (m.msg_flags & MSG_CTRUNC)
++ {
++ unsigned int i;
++
++ /* Hmm, apparently the control data was truncated. The bad
++ thing is that we might have completely lost a couple of fds
++ without chance to recover them. Hence let's treat this as a
++ serious error. */
++
++ /* We still need to close whatever fds we *did* receive,
++ * otherwise they'll never get closed. (CVE-2020-12049) */
++ for (i = 0; i < *n_fds; i++)
++ close (fds[i]);
++
++ *n_fds = 0;
++ errno = ENOSPC;
++ _dbus_string_set_length (buffer, start);
++ return -1;
++ }
++
+ /* put length back (doesn't actually realloc) */
+ _dbus_string_set_length (buffer, start + bytes_read);
+
+diff --git a/test/fdpass.c b/test/fdpass.c
+index 665b4a1..d8d9c67 100644
+--- a/test/fdpass.c
++++ b/test/fdpass.c
+@@ -50,6 +50,14 @@
+
+ #include "test-utils-glib.h"
+
++#ifdef DBUS_ENABLE_EMBEDDED_TESTS
++#include <dbus/dbus-message-internal.h>
++#else
++typedef struct _DBusInitialFDs DBusInitialFDs;
++#define _dbus_check_fdleaks_enter() NULL
++#define _dbus_check_fdleaks_leave(fds) do {} while (0)
++#endif
++
+ /* Arbitrary; included here to avoid relying on the default */
+ #define MAX_MESSAGE_UNIX_FDS 20
+ /* This test won't work on Linux unless this is true. */
+@@ -91,6 +99,7 @@ typedef struct {
+ GQueue messages;
+
+ int fd_before;
++ DBusInitialFDs *initial_fds;
+ } Fixture;
+
+ static void oom (const gchar *doing) G_GNUC_NORETURN;
+@@ -172,6 +181,8 @@ test_connect (Fixture *f,
+ {
+ char *address;
+
++ f->initial_fds = _dbus_check_fdleaks_enter ();
++
+ g_assert (f->left_server_conn == NULL);
+ g_assert (f->right_server_conn == NULL);
+
+@@ -835,6 +846,9 @@ teardown (Fixture *f,
+ if (f->fd_before >= 0 && close (f->fd_before) < 0)
+ g_error ("%s", g_strerror (errno));
+ #endif
++
++ if (f->initial_fds != NULL)
++ _dbus_check_fdleaks_leave (f->initial_fds);
+ }
+
+ int
diff --git a/main/dropbear/APKBUILD b/main/dropbear/APKBUILD
index 570be69730..8d0fb472be 100644
--- a/main/dropbear/APKBUILD
+++ b/main/dropbear/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dropbear
pkgver=2018.76
-pkgrel=2
+pkgrel=3
pkgdesc="small SSH 2 client/server designed for small memory environments"
url="http://matt.ucc.asn.au/dropbear/dropbear.html"
arch="all"
@@ -23,9 +23,12 @@ source="https://matt.ucc.asn.au/dropbear/releases/${pkgname}-${pkgver}.tar.bz2
dropbear-0.53.1-static_build_fix.patch
dropbear-options_sftp-server_path.patch
CVE-2018-15599.patch
+ CVE-2018-20685.patch
"
# secfixes:
+# 2018.76-r3:
+# - CVE-2018-20685
# 2018.76-r2:
# - CVE-2018-15599
@@ -89,4 +92,5 @@ sha512sums="82323279f7e78c366ba1ea07ff242259132b2576122429f54326518dd6092aba8ae5
83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f dropbear.confd
c9b0f28eb9653de21da4e8646fc27870a156112bce3d8a13baa6154ebf4baada3dee4f75bd5fdf5b6cd24a43fb80fb009e917d139d9e65d35118b082de0ebfbf dropbear-0.53.1-static_build_fix.patch
e11456ec3bc7e1265727c8921a6eb6151712a9a498c7768e2d4b7f9043256099457cebf29b2d47dd61eb260746d97f4b19e9429443bda1c3e441ea50ced79b48 dropbear-options_sftp-server_path.patch
-f204c2ee5aea8c0962573c4c49479ac17e9f6a9ab9ce21060a252b449323be841c1e64460f0e191fc72c6e213ffe829544418715d120a8f6c40de7b6374428e0 CVE-2018-15599.patch"
+f204c2ee5aea8c0962573c4c49479ac17e9f6a9ab9ce21060a252b449323be841c1e64460f0e191fc72c6e213ffe829544418715d120a8f6c40de7b6374428e0 CVE-2018-15599.patch
+6f17cf2b344b97457d2e0c1588fd285fac9757aa5e46aa2c103783978cc5fd9f7085aba36e7409270380d1250a277b43b0f5ff860d157148c6c28a0bbcbdce4c CVE-2018-20685.patch"
diff --git a/main/dropbear/CVE-2018-20685.patch b/main/dropbear/CVE-2018-20685.patch
new file mode 100644
index 0000000000..a8ea2af85b
--- /dev/null
+++ b/main/dropbear/CVE-2018-20685.patch
@@ -0,0 +1,23 @@
+From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
+From: Haelwenn Monnier <contact+github.com@hacktivis.me>
+Date: Mon, 25 May 2020 14:54:29 +0200
+Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
+
+---
+ scp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/scp.c b/scp.c
+index 742ae00f..7b8e7d22 100644
+--- a/scp.c
++++ b/scp.c
+@@ -935,7 +935,8 @@ sink(int argc, char **argv)
+ size = size * 10 + (*cp++ - '0');
+ if (*cp++ != ' ')
+ SCREWUP("size not delimited");
+- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ } \ No newline at end of file
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
index b8d7c2bd23..e4dc31b208 100644
--- a/main/gnutls/APKBUILD
+++ b/main/gnutls/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnutls
-pkgver=3.6.7
-pkgrel=1
+pkgver=3.6.14
+pkgrel=0
pkgdesc="A TLS protocol implementation"
url="https://www.gnutls.org/"
arch="all"
@@ -17,13 +17,13 @@ case $pkgver in
*.*.*.*) _v=${_v%.*};;
esac
source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz
- GNUTLS-SA-2020-03-31.patch
- tests-date-compat.patch
"
# secfixes:
+# 3.6.14-r0:
+# - CVE-2020-13777 GNUTLS-SA-2020-06-03
# 3.6.7-r1:
-# - GNUTLS-SA-2020-03-31 CVE-2020-11501
+# - CVE-2020-11501 GNUTLS-SA-2020-03-31
# 3.6.7-r0:
# - CVE-2019-3836
# - CVE-2019-3829
@@ -67,6 +67,4 @@ xx() {
mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
}
-sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz
-b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch
-abda4eb55aaca6aa841be7fcee9827b7f018d7311177dcaab76b5e3fed8b90baa18a4d7a3876de15a174472716f9c1ebcba3379ec8f4bef5a71f19516b577622 GNUTLS-SA-2020-03-31.patch"
+sha512sums="b2d427b5542a4679117c011dffa8efb0e0bffa3ce9cebc319f8998d03f80f4168d08f9fda35df18dbeaaada59e479d325a6c1c77d5ca7f8ce221b44e42bfe604 gnutls-3.6.14.tar.xz"
diff --git a/main/gnutls/GNUTLS-SA-2020-03-31.patch b/main/gnutls/GNUTLS-SA-2020-03-31.patch
deleted file mode 100644
index e9554e2ea8..0000000000
--- a/main/gnutls/GNUTLS-SA-2020-03-31.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From c01011c2d8533dbbbe754e49e256c109cb848d0d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbuehler@web.de>
-Date: Fri, 27 Mar 2020 17:17:57 +0100
-Subject: [PATCH] dtls client hello: fix zeroed random (fixes #960)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This broke with bcf4de03 "handshake: treat reply to HRR as a reply to
-hello verify request", which failed to "De Morgan" properly.
-
-Signed-off-by: Stefan Bühler <stbuehler@web.de>
----
- lib/handshake.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/handshake.c b/lib/handshake.c
-index 5739df213e..84a0e52101 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -2167,7 +2167,7 @@ static int send_client_hello(gnutls_session_t session, int again)
- /* Generate random data
- */
- if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
-- !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
-+ !(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests != 0)) {
- ret = _gnutls_gen_client_random(session);
- if (ret < 0) {
- gnutls_assert();
---
-2.24.1
-
-
diff --git a/main/gnutls/tests-date-compat.patch b/main/gnutls/tests-date-compat.patch
deleted file mode 100644
index 82e3314d29..0000000000
--- a/main/gnutls/tests-date-compat.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Busybox date does not support %N, this is GNU extension.
---- a/tests/scripts/common.sh
-+++ b/tests/scripts/common.sh
-@@ -61,7 +61,7 @@
- # Find a port number not currently in use.
- GETPORT='rc=0; unset myrandom
- if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi
-- if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi
-+ if test -z "$myrandom"; then myrandom=$(date +%s | sed s/^0*//); fi
- if test -z "$myrandom"; then myrandom=0; fi
- while test $rc = 0;do
- PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"
diff --git a/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 0000000000..0aa8a5ea1d
--- /dev/null
+++ b/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,150 @@
+From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 23:17:35 +0300
+Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
+ other networks
+
+The UPnP Device Architecture 2.0 specification errata ("UDA errata
+16-04-2020.docx") addresses a problem with notifications being allowed
+to go out to other domains by disallowing such cases. Do such filtering
+for the notification callback URLs to avoid undesired connections to
+external networks based on subscriptions that any device in the local
+network could request when WPS support for external registrars is
+enabled (the upnp_iface parameter in hostapd configuration).
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/wps/wps_er.c | 2 +-
+ src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
+ src/wps/wps_upnp_i.h | 3 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c
+index 6bded14327f8..31d2e50e4cff 100644
+--- a/src/wps/wps_er.c
++++ b/src/wps/wps_er.c
+@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, const char *ifname, const char *filter)
+ "with %s", filter);
+ }
+ if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
+- er->mac_addr)) {
++ NULL, er->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", er->ifname);
+ wps_er_deinit(er, NULL, NULL);
+diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
+index 6e10e4bc0c3f..7d4b7439940e 100644
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct subscription *s)
+ }
+
+
++static int local_network_addr(struct upnp_wps_device_sm *sm,
++ struct sockaddr_in *addr)
++{
++ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
++ (sm->ip_addr & sm->netmask.s_addr);
++}
++
++
+ /* subscr_addr_add_url -- add address(es) for one url to subscription */
+ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ size_t url_len)
+@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+
+ for (rp = result; rp; rp = rp->ai_next) {
+ struct subscr_addr *a;
++ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
+
+ /* Limit no. of address to avoid denial of service attack */
+ if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
+@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ break;
+ }
+
++ if (!local_network_addr(s->sm, addr)) {
++ wpa_printf(MSG_INFO,
++ "WPS UPnP: Ignore a delivery URL that points to another network %s",
++ inet_ntoa(addr->sin_addr));
++ continue;
++ }
++
+ a = os_zalloc(sizeof(*a) + alloc_len);
+ if (a == NULL)
+ break;
+@@ -890,11 +906,12 @@ static int eth_get(const char *device, u8 ea[ETH_ALEN])
+ * @net_if: Selected network interface name
+ * @ip_addr: Buffer for returning IP address in network byte order
+ * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
++ * @netmask: Buffer for returning netmask or %NULL if not needed
+ * @mac: Buffer for returning MAC address
+ * Returns: 0 on success, -1 on failure
+ */
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN])
++ struct in_addr *netmask, u8 mac[ETH_ALEN])
+ {
+ struct ifreq req;
+ int sock = -1;
+@@ -920,6 +937,19 @@ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+ in_addr.s_addr = *ip_addr;
+ os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+
++ if (netmask) {
++ os_memset(&req, 0, sizeof(req));
++ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
++ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
++ wpa_printf(MSG_ERROR,
++ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
++ errno, strerror(errno));
++ goto fail;
++ }
++ addr = (struct sockaddr_in *) &req.ifr_netmask;
++ netmask->s_addr = addr->sin_addr.s_addr;
++ }
++
+ #ifdef __linux__
+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+ if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
+@@ -1026,11 +1056,15 @@ static int upnp_wps_device_start(struct upnp_wps_device_sm *sm, char *net_if)
+
+ /* Determine which IP and mac address we're using */
+ if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
+- sm->mac_addr)) {
++ &sm->netmask, sm->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", net_if);
+ goto fail;
+ }
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
++ MACSTR,
++ sm->ip_addr_text, inet_ntoa(sm->netmask),
++ MAC2STR(sm->mac_addr));
+
+ /* Listen for incoming TCP connections so that others
+ * can fetch our "xml files" from us.
+diff --git a/src/wps/wps_upnp_i.h b/src/wps/wps_upnp_i.h
+index e87a93232df1..6ead7b4e9a30 100644
+--- a/src/wps/wps_upnp_i.h
++++ b/src/wps/wps_upnp_i.h
+@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
+ u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
+ char *ip_addr_text; /* IP address of network i.f. we use */
+ unsigned ip_addr; /* IP address of network i.f. we use (host order) */
++ struct in_addr netmask;
+ int multicast_sd; /* send multicast messages over this socket */
+ int ssdp_sd; /* receive discovery UPD packets on socket */
+ int ssdp_sd_registered; /* nonzero if we must unregister */
+@@ -158,7 +159,7 @@ struct subscription * subscription_find(struct upnp_wps_device_sm *sm,
+ const u8 uuid[UUID_LEN]);
+ void subscr_addr_delete(struct subscr_addr *a);
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN]);
++ struct in_addr *netmask, u8 mac[ETH_ALEN]);
+
+ /* wps_upnp_ssdp.c */
+ void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
+--
+2.20.1
+
diff --git a/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
new file mode 100644
index 0000000000..c7a449e0b5
--- /dev/null
+++ b/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -0,0 +1,59 @@
+From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 22:41:02 +0300
+Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
+ path
+
+More than about 700 character URL ended up overflowing the wpabuf used
+for building the event notification and this resulted in the wpabuf
+buffer overflow checks terminating the hostapd process. Fix this by
+allocating the buffer to be large enough to contain the full URL path.
+However, since that around 700 character limit has been the practical
+limit for more than ten years, start explicitly enforcing that as the
+limit or the callback URLs since any longer ones had not worked before
+and there is no need to enable them now either.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/wps/wps_upnp.c | 9 +++++++--
+ src/wps/wps_upnp_event.c | 3 ++-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
+index 7d4b7439940e..ab685d52ecab 100644
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ int rerr;
+ size_t host_len, path_len;
+
+- /* url MUST begin with http: */
+- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
++ /* URL MUST begin with HTTP scheme. In addition, limit the length of
++ * the URL to 700 characters which is around the limit that was
++ * implicitly enforced for more than 10 years due to a bug in
++ * generating the event messages. */
++ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
+ goto fail;
++ }
+ url += 7;
+ url_len -= 7;
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index d7e6edcc6503..08a23612f338 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
+ struct wpabuf *buf;
+ char *b;
+
+- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
++ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
++ wpabuf_len(e->data));
+ if (buf == NULL)
+ return NULL;
+ wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
+--
+2.20.1
+
diff --git a/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
new file mode 100644
index 0000000000..9d0376043d
--- /dev/null
+++ b/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@@ -0,0 +1,47 @@
+From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 4 Jun 2020 21:24:04 +0300
+Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
+ properly
+
+While it is appropriate to try to retransmit the event to another
+callback URL on a failure to initiate the HTTP client connection, there
+is no point in trying the exact same operation multiple times in a row.
+Replve the event_retry() calls with event_addr_failure() for these cases
+to avoid busy loops trying to repeat the same failing operation.
+
+These potential busy loops would go through eloop callbacks, so the
+process is not completely stuck on handling them, but unnecessary CPU
+would be used to process the continues retries that will keep failing
+for the same reason.
+
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/wps/wps_upnp_event.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index 08a23612f338..c0d9e41d9a38 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
+
+ buf = event_build_message(e);
+ if (buf == NULL) {
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
+ event_http_cb, e);
+ if (e->http_event == NULL) {
+ wpabuf_free(buf);
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+--
+2.20.1
+
diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD
index 2ac593fbec..48bbef8892 100644
--- a/main/hostapd/APKBUILD
+++ b/main/hostapd/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=hostapd
pkgver=2.7
-pkgrel=5
+pkgrel=6
pkgdesc="daemon for wireless software access points"
url="http://hostap.epitest.fi/hostapd/"
arch="all"
@@ -36,15 +36,21 @@ patches="CVE-2012-4445.patch
0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch
0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
CVE-2019-16275.patch
- "
-source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
+ 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
+ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
+ 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
+"
+source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz
$patches
$pkgname.initd
- $pkgname.confd"
+ $pkgname.confd
+ "
options="!check" #no testsuite
builddir="$srcdir"/$pkgname-$pkgver/hostapd
# secfixes:
+# 2.7-r6:
+# - CVE-2020-12695
# 2.7-r5:
# - CVE-2019-16275
# 2.7-r4:
@@ -69,10 +75,14 @@ builddir="$srcdir"/$pkgname-$pkgver/hostapd
prepare() {
local conf="$builddir/.config"
+ # This is required because our builddir is the hostapd/ directory
+ # inside the extracted archive, while patches mostly apply against
+ # the src/ directory that is in the same directory as the hostapd/
+ # one is
cd "$builddir"/..
- for i in $patches; do
- msg $i
- patch -p1 -i "$srcdir"/$i
+ for i in "$srcdir"/*.patch; do
+ msg "Applying $i..."
+ patch -p1 -i $i
done
cd "$builddir"
@@ -153,5 +163,8 @@ bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c7
da5f4248a0173cd7d07972b760631a8dc26f258e7b5be059c0d7de26e17f668945a62d2afce01ed1a1e9df6c55f9fd6ee344d4f006f5564b90a25e90e1e7c704 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch
4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch
+b76bbca282a74ef16c0303e5dbd2ccd33a62461595964d52c1481b0bfa4f41deacde56830b85409b288803b87ceb6f33cf0ccc69c5b17ec632c2d4784b872f3c 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
+00cc739e78c42353a555c0de2f29defecff372927040e14407a231d1ead7ff32a37c9fd46bea7cdf1c24e3ac891bc3d483800d44fc6d2c8a12d2ae886523b12c 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
+69243af20cdcfa837c51917a3723779f4825e11436fb83311355b4ffe8f7a4b7a5747a976f7bf923038c410c9e9055b13b866d9a396913ad08bdec3a70e9f6e0 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3 hostapd.initd
0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe hostapd.confd"
diff --git a/main/hylafaxplus/APKBUILD b/main/hylafaxplus/APKBUILD
index be0f300dfe..fee0c0957e 100644
--- a/main/hylafaxplus/APKBUILD
+++ b/main/hylafaxplus/APKBUILD
@@ -3,7 +3,7 @@
pkgname=hylafaxplus
_pkgname=hylafax
pkgver=7.0.0
-pkgrel=0
+pkgrel=1
pkgdesc="Making the Premier Open-Source Fax Management System Even Better"
url="http://hylafax.sourceforge.net"
arch="all"
@@ -19,9 +19,15 @@ source="https://downloads.sourceforge.net/hylafax/${_pkgname}-${pkgver}.tar.gz
$pkgname.confd
no-locale.patch
utf8-dictionary.patch
+ CVE-2020-15396-CVE-2020-15397.patch
"
builddir="$srcdir"/$_pkgname-$pkgver
+# secfixes:
+# 7.0.0-r1:
+# - CVE-2020-15396
+# - CVE-2020-15397
+
build() {
cd "$builddir"
# the configure script does not handle ccache or distcc
@@ -89,9 +95,9 @@ package(){
install -D -m644 "$srcdir"/$pkgname.confd \
"$pkgdir"/etc/conf.d/$pkgname
}
-
sha512sums="c63fdbff79c2ced29e03907c2e401c95a739e343414840a25b9582e3f4db880eaf4622295035e4728a9d1f224f97985007944397f28c9b29595aeec157bc2031 hylafax-7.0.0.tar.gz
3862cefcd26092000e4489c097537e5e0e2ae1f7c2a7a16b1e933b3bb78d136b6d8a65fb712ae245dd8ca881900408d0d9788bd2e0b859a9569fc6f4ede8cc7c hylafaxplus.initd
a2117eddc8f0ff70a23a90f2001dcb88c5bddee46ffa021d6d1701cc5cfc3bcb0362ead2b1b1ce2b288992728053c5947466d08916649f45e7dfb1876576e50f hylafaxplus.confd
4a1243daff9904e6395c3e28aa4a78a74de99f5aa9dbf5055a3781acfcd9b1b3db42b1569409b27e3ef9b0e55272dc99122436a79a08c9a1c140c2547c5a2c15 no-locale.patch
-f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch"
+f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch
+ed6a717eb54d9ead7e2122cb2ecb9871343adcbbb615c0b63dfde5c23883c0f10bb2f0d3ae0ea73906522026f73bf743e2abcb54f08f2c75d61a5b87b933bbb8 CVE-2020-15396-CVE-2020-15397.patch"
diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
new file mode 100644
index 0000000000..b3af03d18a
--- /dev/null
+++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch
@@ -0,0 +1,68 @@
+Upstream: Adapted from upstream, SourceForge has no raw diffs
+diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in
+index dc39917..c4d3ff1 100644
+--- a/etc/faxaddmodem.sh.in
++++ b/etc/faxaddmodem.sh.in
+@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then
+ fi
+
+ # security
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.faxaddmodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -rf $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ CPATH=$SPOOL/etc/config # prefix of configuration file
+diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in
+index 556eef5..794d3d9 100644
+--- a/etc/faxsetup.sh.in
++++ b/etc/faxsetup.sh.in
+@@ -922,12 +922,14 @@ if onServer; then
+ #
+
+ # Setup TMPDIR before anything can trap and rm it
++ o="`umask`"
++ umask 077
+ TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null`
++ umask "$o"
+ if test x$TMPDIR = x; then
+- TMPDIR=/tmp/.faxsetup$$
+- fi
+- $RM -rf $TMPDIR
+- (umask 077 ; mkdir $TMPDIR) || exit 1
++ echo "Failed to create temporary directory. Cannot continue."
+++ exit 1
+++ fi
+
+ JUNK="etc/setup.tmp"
+ trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15
+diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in
+index 55b5d9b..269c886 100644
+--- a/etc/probemodem.sh.in
++++ b/etc/probemodem.sh.in
+@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || {
+ . $SPOOL/etc/setup.cache # common configuration stuff
+ . $SPOOL/etc/setup.modem # modem-specific stuff
+
++o="`umask`"
++umask 077
+ TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null`
++umask "$o"
+ if test X$TMPDIR = X; then
+- TMPDIR=/tmp/.probemodem$$
++ echo "Failed to create temporary directory. Cannot continue."
++ exit 1
+ fi
+-@RM@ -fr $TMPDIR
+-(umask 077 ; mkdir $TMPDIR) || exit 1
+
+ SH=$SCRIPT_SH # shell for use below
+ OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded
diff --git a/main/json-c/APKBUILD b/main/json-c/APKBUILD
index de361f308c..365b0ad323 100644
--- a/main/json-c/APKBUILD
+++ b/main/json-c/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=json-c
pkgver=0.13.1
-pkgrel=0
+pkgrel=1
pkgdesc="A JSON implementation in C"
url="https://github.com/json-c/json-c/wiki"
arch="all"
@@ -12,9 +12,15 @@ makedepends="$depends_dev autoconf automake libtool"
install=""
subpackages="$pkgname-static $pkgname-dev"
source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz
+ CVE-2020-12762.patch::https://github.com/json-c/json-c/pull/607.patch
"
builddir="$srcdir"/json-c-$pkgver
+
+# secfixes:
+# 0.13.1-r1:
+# - CVE-2020-12762
+
prepare() {
cd "$builddir"
default_prepare
@@ -53,4 +59,5 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
-sha512sums="e984db2a42b9c95b52c798b2e8dd1b79951a8dcba27370af30c43b9549fbb00008dbcf052a535c528209aaee38e6d1f760168b706905ae72f3e704ed20f8a1a1 json-c-0.13.1.tar.gz"
+sha512sums="e984db2a42b9c95b52c798b2e8dd1b79951a8dcba27370af30c43b9549fbb00008dbcf052a535c528209aaee38e6d1f760168b706905ae72f3e704ed20f8a1a1 json-c-0.13.1.tar.gz
+f6c47ba18cdbf5cf150fdac97e931e511e12cbb5c30e6798b1ebf6173556eda1e84384bf0019a95bcfbb9dcd561a13d05639c68e07838b28cdbcf5b86bd3d497 CVE-2020-12762.patch"
diff --git a/main/libuv/APKBUILD b/main/libuv/APKBUILD
index eb97e6616a..e1d687a303 100644
--- a/main/libuv/APKBUILD
+++ b/main/libuv/APKBUILD
@@ -2,7 +2,7 @@
# Conttributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libuv
-pkgver=1.23.2
+pkgver=1.25.0
pkgrel=0
pkgdesc="Cross-platform asychronous I/O"
url="https://libuv.org"
@@ -45,5 +45,5 @@ package() {
"$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
-sha512sums="8dd9053adad115ae6dd012bf1059aab87cea2adcd8d2f8061607929bf5b0c83b1898f5945325b0f3ace7cdd70b7cdc03f60d4b2f85495c34ca94b9dcf76b42fe libuv-v1.23.2.tar.gz
+sha512sums="ee120b3baf3f399319b6f21258c25f980a4961f80059b82537f1760faea70bbaf96a8ebdb66ba9552d7b4a3e2287eed8f0169829472d690b6338a0d8aaf9f521 libuv-v1.25.0.tar.gz
081b98efa33264d326d998f32600635efd5723de1d9836b99039c60168580c7f56a7ea9fdd138f41bb1aede11da70079cce4aa69ea5b954b7f9e4dcad53ba16a disable-setuid-test.patch"
diff --git a/main/libx11/APKBUILD b/main/libx11/APKBUILD
index 827f32e244..9b689f9a4e 100644
--- a/main/libx11/APKBUILD
+++ b/main/libx11/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libx11
-pkgver=1.6.7
+pkgver=1.6.10
pkgrel=0
pkgdesc="X11 client-side library"
url="http://xorg.freedesktop.org/"
@@ -15,6 +15,8 @@ source="https://www.x.org/releases/individual/lib/libX11-$pkgver.tar.bz2"
builddir="$srcdir"/libX11-$pkgver
# secfixes:
+# 1.6.10-r0:
+# - CVE-2020-14344
# 1.6.6-r0:
# - CVE-2018-14598
# - CVE-2018-14599
@@ -44,4 +46,4 @@ package() {
install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
}
-sha512sums="edd2273b9dadbbf90ad8d7b5715db29eb120a5a22ad2595f697e56532cc24b84e358580c00548fa6be8e9d26601a2b2cdab32272c59266709534317abbd05cd5 libX11-1.6.7.tar.bz2"
+sha512sums="ad384d8896fbe587f7fd99b0d3cc56fac6e2facbab52fa99174200d06b19dd163a483c998acf3834b3a4a3aa4de0dbbe13919a1c80e6797afe467c7075b403ff libX11-1.6.10.tar.bz2"
diff --git a/main/nghttp2/APKBUILD b/main/nghttp2/APKBUILD
index e56ee298b3..99b9812911 100644
--- a/main/nghttp2/APKBUILD
+++ b/main/nghttp2/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=nghttp2
pkgver=1.35.1
-pkgrel=1
+pkgrel=2
pkgdesc="Experimental HTTP/2 client, server and proxy"
url="https://nghttp2.org"
arch="all"
@@ -14,10 +14,13 @@ source="https://github.com/tatsuhiro-t/$pkgname/releases/download/v$pkgver/nghtt
0001-nghttpx-Fix-request-stall.patch
0002-Add-nghttp2_option_set_max_outbound_ack.patch
0003-Don-t-read-too-greedily.patch
+ CVE-2020-11080.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
+# 1.35.1-r2:
+# - CVE-2020-11080
# 1.35.1-r1:
# - CVE-2019-9511
# - CVE-2019-9513
@@ -63,4 +66,5 @@ sha512sums="fcd3f79f913afbeee1c75003bb39df918e6122bbf728b3ad4192d5849d8fb96705e0
d3f6a66ad6522babb5ad2b3721d52c1c2af88e57ed2895cf87037da1032ca42dcb95dacc23ea277b9507b4116cec117b5c9a3313759dc56b48199b687b74dd9a remove-mruby-tests.patch
2a44858219275f69b7380358a07cfa6ed73e506519969e074196205c686e19e2f422181cacde8b6051fda1be744550958b3e3f3ad600f9ed2f3bdf4ef9d1d54a 0001-nghttpx-Fix-request-stall.patch
2f98c77b1590f2c85de9f0ddcaaf997a1ac513428127796bc1b598c70e8d557cc2402fecdedb2329267ab7903bc163f099acfca8ca44f3a4c74958b57c27f8b2 0002-Add-nghttp2_option_set_max_outbound_ack.patch
-ca4b196f86d2193052ff427904e6232a2c3fb2c998ffc76e7b6def4c8297031f047dc5fac7036d774bacd878fb21c5afb87fcced3d3e2f477c8275b869a8aa9c 0003-Don-t-read-too-greedily.patch"
+ca4b196f86d2193052ff427904e6232a2c3fb2c998ffc76e7b6def4c8297031f047dc5fac7036d774bacd878fb21c5afb87fcced3d3e2f477c8275b869a8aa9c 0003-Don-t-read-too-greedily.patch
+60219ba3cb97d5164a544813f54e483299989b6fa2b41a3cb6cfa4730e4de0c775a109331a341d1e8a0e22166ad8df35dd214a6d49c0b0ebab9b709e0592c3d6 CVE-2020-11080.patch"
diff --git a/main/nghttp2/CVE-2020-11080.patch b/main/nghttp2/CVE-2020-11080.patch
new file mode 100644
index 0000000000..622ad844da
--- /dev/null
+++ b/main/nghttp2/CVE-2020-11080.patch
@@ -0,0 +1,332 @@
+From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001
+From: James M Snell <jasnell@gmail.com>
+Date: Fri, 17 Apr 2020 16:53:51 -0700
+Subject: [PATCH 1/2] Implement max settings option
+Upstream: yes
+Source: https://github.com/nghttp2/nghttp2/commit/c3b46625633cd9a4519f6fbcd9048127b84a5514.patch
+
+---
+ doc/CMakeLists.txt | 1 +
+ doc/Makefile.am | 1 +
+ lib/includes/nghttp2/nghttp2.h | 23 +++++++++++++
+ lib/nghttp2_helper.c | 2 ++
+ lib/nghttp2_option.c | 5 +++
+ lib/nghttp2_option.h | 5 +++
+ lib/nghttp2_session.c | 21 ++++++++++++
+ lib/nghttp2_session.h | 2 ++
+ tests/main.c | 2 ++
+ tests/nghttp2_session_test.c | 61 ++++++++++++++++++++++++++++++++++
+ tests/nghttp2_session_test.h | 1 +
+ 11 files changed, 124 insertions(+)
+
+diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
+index 34c027929..f3aec84da 100644
+--- a/doc/CMakeLists.txt
++++ b/doc/CMakeLists.txt
+@@ -42,6 +42,7 @@ set(APIDOCS
+ nghttp2_option_set_no_recv_client_magic.rst
+ nghttp2_option_set_peer_max_concurrent_streams.rst
+ nghttp2_option_set_user_recv_extension_type.rst
++ nghttp2_option_set_max_settings.rst
+ nghttp2_pack_settings_payload.rst
+ nghttp2_priority_spec_check_default.rst
+ nghttp2_priority_spec_default_init.rst
+diff --git a/doc/Makefile.am b/doc/Makefile.am
+index 4d73cef50..f073bfa4c 100644
+--- a/doc/Makefile.am
++++ b/doc/Makefile.am
+@@ -69,6 +69,7 @@ APIDOCS= \
+ nghttp2_option_set_peer_max_concurrent_streams.rst \
+ nghttp2_option_set_user_recv_extension_type.rst \
+ nghttp2_option_set_max_outbound_ack.rst \
++ nghttp2_option_set_max_settings.rst \
+ nghttp2_pack_settings_payload.rst \
+ nghttp2_priority_spec_check_default.rst \
+ nghttp2_priority_spec_default_init.rst \
+diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
+index e3aeb9fed..9be6eea5c 100644
+--- a/lib/includes/nghttp2/nghttp2.h
++++ b/lib/includes/nghttp2/nghttp2.h
+@@ -228,6 +228,13 @@ typedef struct {
+ */
+ #define NGHTTP2_CLIENT_MAGIC_LEN 24
+
++/**
++ * @macro
++ *
++ * The default max number of settings per SETTINGS frame
++ */
++#define NGHTTP2_DEFAULT_MAX_SETTINGS 32
++
+ /**
+ * @enum
+ *
+@@ -398,6 +405,11 @@ typedef enum {
+ * receives an other type of frame.
+ */
+ NGHTTP2_ERR_SETTINGS_EXPECTED = -536,
++ /**
++ * When a local endpoint receives too many settings entries
++ * in a single SETTINGS frame.
++ */
++ NGHTTP2_ERR_TOO_MANY_SETTINGS = -537,
+ /**
+ * The errors < :enum:`NGHTTP2_ERR_FATAL` mean that the library is
+ * under unexpected condition and processing was terminated (e.g.,
+@@ -2659,6 +2671,17 @@ NGHTTP2_EXTERN void nghttp2_option_set_no_closed_streams(nghttp2_option *option,
+ NGHTTP2_EXTERN void nghttp2_option_set_max_outbound_ack(nghttp2_option *option,
+ size_t val);
+
++/**
++ * @function
++ *
++ * This function sets the maximum number of SETTINGS entries per
++ * SETTINGS frame that will be accepted. If more than those entries
++ * are received, the peer is considered to be misbehaving and session
++ * will be closed. The default value is 32.
++ */
++NGHTTP2_EXTERN void nghttp2_option_set_max_settings(nghttp2_option *option,
++ size_t val);
++
+ /**
+ * @function
+ *
+diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c
+index 91136a619..0bd541472 100644
+--- a/lib/nghttp2_helper.c
++++ b/lib/nghttp2_helper.c
+@@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_code) {
+ case NGHTTP2_ERR_FLOODED:
+ return "Flooding was detected in this HTTP/2 session, and it must be "
+ "closed";
++ case NGHTTP2_ERR_TOO_MANY_SETTINGS:
++ return "SETTINGS frame contained more than the maximum allowed entries";
+ default:
+ return "Unknown error code";
+ }
+diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c
+index e53f22d36..34348e660 100644
+--- a/lib/nghttp2_option.c
++++ b/lib/nghttp2_option.c
+@@ -121,3 +121,8 @@ void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_OUTBOUND_ACK;
+ option->max_outbound_ack = val;
+ }
++
++void nghttp2_option_set_max_settings(nghttp2_option *option, size_t val) {
++ option->opt_set_mask |= NGHTTP2_OPT_MAX_SETTINGS;
++ option->max_settings = val;
++}
+diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h
+index 1f740aaa6..939729fdc 100644
+--- a/lib/nghttp2_option.h
++++ b/lib/nghttp2_option.h
+@@ -67,6 +67,7 @@ typedef enum {
+ NGHTTP2_OPT_MAX_DEFLATE_DYNAMIC_TABLE_SIZE = 1 << 9,
+ NGHTTP2_OPT_NO_CLOSED_STREAMS = 1 << 10,
+ NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11,
++ NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
+ } nghttp2_option_flag;
+
+ /**
+@@ -85,6 +86,10 @@ struct nghttp2_option {
+ * NGHTTP2_OPT_MAX_OUTBOUND_ACK
+ */
+ size_t max_outbound_ack;
++ /**
++ * NGHTTP2_OPT_MAX_SETTINGS
++ */
++ size_t max_settings;
+ /**
+ * Bitwise OR of nghttp2_option_flag to determine that which fields
+ * are specified.
+diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
+index 563ccd7de..415e34776 100644
+--- a/lib/nghttp2_session.c
++++ b/lib/nghttp2_session.c
+@@ -458,6 +458,7 @@ static int session_new(nghttp2_session **session_ptr,
+
+ (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
+ (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
++ (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+
+ if (option) {
+ if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
+@@ -521,6 +522,11 @@ static int session_new(nghttp2_session **session_ptr,
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_OUTBOUND_ACK) {
+ (*session_ptr)->max_outbound_ack = option->max_outbound_ack;
+ }
++
++ if ((option->opt_set_mask & NGHTTP2_OPT_MAX_SETTINGS) &&
++ option->max_settings) {
++ (*session_ptr)->max_settings = option->max_settings;
++ }
+ }
+
+ rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
+@@ -5657,6 +5663,16 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+ iframe->max_niv =
+ iframe->frame.hd.length / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH + 1;
+
++ if (iframe->max_niv - 1 > session->max_settings) {
++ rv = nghttp2_session_terminate_session_with_reason(
++ session, NGHTTP2_ENHANCE_YOUR_CALM,
++ "SETTINGS: too many setting entries");
++ if (nghttp2_is_fatal(rv)) {
++ return rv;
++ }
++ return (ssize_t)inlen;
++ }
++
+ iframe->iv = nghttp2_mem_malloc(mem, sizeof(nghttp2_settings_entry) *
+ iframe->max_niv);
+
+@@ -7425,6 +7441,11 @@ static int nghttp2_session_upgrade_internal(nghttp2_session *session,
+ if (settings_payloadlen % NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH) {
+ return NGHTTP2_ERR_INVALID_ARGUMENT;
+ }
++ /* SETTINGS frame contains too many settings */
++ if (settings_payloadlen / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH
++ > session->max_settings) {
++ return NGHTTP2_ERR_TOO_MANY_SETTINGS;
++ }
+ rv = nghttp2_frame_unpack_settings_payload2(&iv, &niv, settings_payload,
+ settings_payloadlen, mem);
+ if (rv != 0) {
+diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h
+index d20827315..07bfbb6c9 100644
+--- a/lib/nghttp2_session.h
++++ b/lib/nghttp2_session.h
+@@ -267,6 +267,8 @@ struct nghttp2_session {
+ /* The maximum length of header block to send. Calculated by the
+ same way as nghttp2_hd_deflate_bound() does. */
+ size_t max_send_header_block_length;
++ /* The maximum number of settings accepted per SETTINGS frame. */
++ size_t max_settings;
+ /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
+ uint32_t next_stream_id;
+ /* The last stream ID this session initiated. For client session,
+diff --git a/tests/main.c b/tests/main.c
+index 41e0b03eb..67eb4a1c2 100644
+--- a/tests/main.c
++++ b/tests/main.c
+@@ -317,6 +317,8 @@ int main() {
+ test_nghttp2_session_set_local_window_size) ||
+ !CU_add_test(pSuite, "session_cancel_from_before_frame_send",
+ test_nghttp2_session_cancel_from_before_frame_send) ||
++ !CU_add_test(pSuite, "session_too_many_settings",
++ test_nghttp2_session_too_many_settings) ||
+ !CU_add_test(pSuite, "session_removed_closed_stream",
+ test_nghttp2_session_removed_closed_stream) ||
+ !CU_add_test(pSuite, "session_pause_data",
+diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c
+index 6eb8e244d..33ee3ad84 100644
+--- a/tests/nghttp2_session_test.c
++++ b/tests/nghttp2_session_test.c
+@@ -10614,6 +10614,67 @@ void test_nghttp2_session_cancel_from_before_frame_send(void) {
+ nghttp2_session_del(session);
+ }
+
++void test_nghttp2_session_too_many_settings(void) {
++ nghttp2_session *session;
++ nghttp2_option *option;
++ nghttp2_session_callbacks callbacks;
++ nghttp2_frame frame;
++ nghttp2_bufs bufs;
++ nghttp2_buf *buf;
++ ssize_t rv;
++ my_user_data ud;
++ nghttp2_settings_entry iv[3];
++ nghttp2_mem *mem;
++ nghttp2_outbound_item *item;
++
++ mem = nghttp2_mem_default();
++ frame_pack_bufs_init(&bufs);
++
++ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks));
++ callbacks.on_frame_recv_callback = on_frame_recv_callback;
++ callbacks.send_callback = null_send_callback;
++
++ nghttp2_option_new(&option);
++ nghttp2_option_set_max_settings(option, 1);
++
++ nghttp2_session_client_new2(&session, &callbacks, &ud, option);
++
++ CU_ASSERT(1 == session->max_settings);
++
++ nghttp2_option_del(option);
++
++ iv[0].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
++ iv[0].value = 3000;
++
++ iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
++ iv[1].value = 16384;
++
++ nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, dup_iv(iv, 2),
++ 2);
++
++ rv = nghttp2_frame_pack_settings(&bufs, &frame.settings);
++
++ CU_ASSERT(0 == rv);
++ CU_ASSERT(nghttp2_bufs_len(&bufs) > 0);
++
++ nghttp2_frame_settings_free(&frame.settings, mem);
++
++ buf = &bufs.head->buf;
++ assert(nghttp2_bufs_len(&bufs) == nghttp2_buf_len(buf));
++
++ ud.frame_recv_cb_called = 0;
++
++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf));
++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv);
++
++ item = nghttp2_session_get_next_ob_item(session);
++ CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type);
++
++ nghttp2_bufs_reset(&bufs);
++ nghttp2_bufs_free(&bufs);
++ nghttp2_session_del(session);
++}
++
+ static void
+ prepare_session_removed_closed_stream(nghttp2_session *session,
+ nghttp2_hd_deflater *deflater) {
+diff --git a/tests/nghttp2_session_test.h b/tests/nghttp2_session_test.h
+index e872c5d0b..818c808d0 100644
+--- a/tests/nghttp2_session_test.h
++++ b/tests/nghttp2_session_test.h
+@@ -156,6 +156,7 @@ void test_nghttp2_session_repeated_priority_change(void);
+ void test_nghttp2_session_repeated_priority_submission(void);
+ void test_nghttp2_session_set_local_window_size(void);
+ void test_nghttp2_session_cancel_from_before_frame_send(void);
++void test_nghttp2_session_too_many_settings(void);
+ void test_nghttp2_session_removed_closed_stream(void);
+ void test_nghttp2_session_pause_data(void);
+ void test_nghttp2_session_no_closed_streams(void);
+
+From f8da73bd042f810f34d19f9eae02b46d870af394 Mon Sep 17 00:00:00 2001
+From: James M Snell <jasnell@gmail.com>
+Date: Sun, 19 Apr 2020 09:12:24 -0700
+Subject: [PATCH 2/2] Earlier check for settings flood
+
+---
+ lib/nghttp2_session.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
+index 415e34776..39f81f498 100644
+--- a/lib/nghttp2_session.c
++++ b/lib/nghttp2_session.c
+@@ -5653,6 +5653,12 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+ break;
+ }
+
++ /* Check the settings flood counter early to be safe */
++ if (session->obq_flood_counter_ >= session->max_outbound_ack &&
++ !(iframe->frame.hd.flags & NGHTTP2_FLAG_ACK)) {
++ return NGHTTP2_ERR_FLOODED;
++ }
++
+ iframe->state = NGHTTP2_IB_READ_SETTINGS;
+
+ if (iframe->payloadleft) {
diff --git a/main/ngircd/APKBUILD b/main/ngircd/APKBUILD
index da71f4a6e4..f931173b11 100644
--- a/main/ngircd/APKBUILD
+++ b/main/ngircd/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ngircd
pkgver=24
-pkgrel=4
+pkgrel=5
pkgdesc="Next Generation IRC Daemon"
url="https://ngircd.barton.de/"
arch="all"
@@ -12,6 +12,7 @@ makedepends="openssl-dev zlib-dev linux-pam-dev"
subpackages="$pkgname-doc"
install="$pkgname.pre-install"
source="https://ngircd.barton.de/pub/ngircd/ngircd-$pkgver.tar.xz
+ CVE-2020-14148.patch
$pkgname.initd
"
_builddir="$srcdir"/$pkgname-$pkgver
@@ -24,6 +25,10 @@ prepare() {
done
}
+# secfixes:
+# 24-r5:
+# - CVE-2020-14148
+
build() {
cd "$_builddir"
./configure \
@@ -45,10 +50,6 @@ package() {
make DESTDIR="$pkgdir" install || return 1
install -Dm755 ../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
}
-
-md5sums="81b9c5ae283d07aab35ce16eaf49e458 ngircd-24.tar.xz
-51c3679a7c1f2f5522031fa856e34734 ngircd.initd"
-sha256sums="173fa0ea10788a8ba08ef2f7e64ea8951d7c88862e744128c8b87bae424b1008 ngircd-24.tar.xz
-890d0dc433a8d7f082c35ba806bac53f19d2d4352fcb7127cc28741abcbd6a75 ngircd.initd"
sha512sums="d176ec4eb3e780aa8b5efb722c8c0f6fc1a7ac3c06e2039019e6e602aad64ca5357762f1549e117f6e452fe6314fb6cf5bc31a9fdbec1a08cc6d2a344c0bf49f ngircd-24.tar.xz
+3863bab40dcb0283127497efa117ceaab3f4d1d427399ad262a1a3b24d50ff663578579639c9ea39b9be41698ad13767ee575071e46e8ba80eebbda1f3d58881 CVE-2020-14148.patch
50339507917c956a38451394a8a5996337ff29948944ff6aa40ed39f6dd3d6bfdfb864d60a24199c0a86a01e18a71f213efa6cfb2857a320f31b9fcfb92c6ac1 ngircd.initd"
diff --git a/main/ngircd/CVE-2020-14148.patch b/main/ngircd/CVE-2020-14148.patch
new file mode 100644
index 0000000000..2f2d2b5038
--- /dev/null
+++ b/main/ngircd/CVE-2020-14148.patch
@@ -0,0 +1,37 @@
+From 02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 Mon Sep 17 00:00:00 2001
+From: Alexander Barton <alex@barton.de>
+Date: Mon, 25 May 2020 23:43:29 +0200
+Subject: [PATCH] IRC_SERVER: Make sure that the client sent a prefix
+
+The SERVER command is only valid with a prefix when received from other
+servers, so make sure that there is one and disconnect the peer if not
+(instead of crashing ...).
+
+This obsoletes PR #275.
+
+Thanks Hilko Bengen (hillu) for finding & reporting this as well for the
+patch & pull request! But I think this is the "more correct" fix.
+---
+ src/ngircd/irc-server.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c
+index 317a3e1a..10f1ef69 100644
+--- a/src/ngircd/irc-server.c
++++ b/src/ngircd/irc-server.c
+@@ -186,6 +186,15 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
+ if (!Client_CheckID(Client, Req->argv[0]))
+ return DISCONNECTED;
+
++ if (!Req->prefix) {
++ /* We definitely need a prefix here! */
++ Log(LOG_ALERT, "Got SERVER command without prefix! (on connection %d)",
++ Client_Conn(Client));
++ Conn_Close(Client_Conn(Client), NULL,
++ "SERVER command without prefix", true);
++ return DISCONNECTED;
++ }
++
+ from = Client_Search( Req->prefix );
+ if (! from) {
+ /* Uh, Server, that introduced the new server is unknown?! */
diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD
index 27b0bd811c..4d3c13cdfe 100644
--- a/main/nodejs/APKBUILD
+++ b/main/nodejs/APKBUILD
@@ -3,9 +3,25 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
+# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 10.19.0-r0:
+# - CVE-2019-15606
+# - CVE-2019-15605
+# - CVE-2019-15604
+# 10.16.3-r0:
+# - CVE-2019-9511
+# - CVE-2019-9512
+# - CVE-2019-9513
+# - CVE-2019-9514
+# - CVE-2019-9515
+# - CVE-2019-9516
+# - CVE-2019-9517
+# - CVE-2019-9518
+# 10.15.3-r0:
+# - CVE-2019-5737
# 10.14.0-r0:
# - CVE-2018-12121
# - CVE-2018-12122
@@ -33,7 +49,7 @@
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
-pkgver=10.14.2
+pkgver=10.19.0
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
@@ -43,7 +59,7 @@ depends="ca-certificates"
depends_dev="libuv"
# gold is needed for mksnapshot
makedepends="$depends_dev python2 openssl-dev zlib-dev libuv-dev linux-headers
- paxmark binutils-gold http-parser-dev ca-certificates c-ares-dev"
+ paxmark binutils-gold ca-certificates c-ares-dev"
subpackages="$pkgname-dev $pkgname-doc npm::noarch"
provides="nodejs-lts=$pkgver" # for backward compatibility
replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility
@@ -57,7 +73,7 @@ prepare() {
default_prepare
# Remove bundled dependencies that we're not using.
- rm -rf deps/http_parser deps/openssl deps/uv deps/zlib
+ rm -rf deps/openssl deps/uv deps/zlib
}
build() {
@@ -72,7 +88,6 @@ build() {
--shared-zlib \
--shared-libuv \
--shared-openssl \
- --shared-http-parser \
--shared-cares \
--openssl-use-def-ca-store
@@ -102,9 +117,17 @@ package() {
paxmark -m "$pkgdir"/usr/bin/node
cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share
- local d; for d in doc html man; do
+ local d; for d in docs man; do
rm -r "$pkgdir"/usr/lib/node_modules/npm/$d
done
+
+ # XXX: Workaround for https://github.com/npm/cli/issues/780.
+ (cd "$pkgdir"/usr/share/man/man5 && find * \
+ -type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \
+ -exec mv {} npm-{} \;)
+ (cd "$pkgdir"/usr/share/man/man7 && find * \
+ -type f ! \( -name 'semver.*' -or -name 'npm-*' \) \
+ -exec mv {} npm-{} \;)
}
dev() {
@@ -126,6 +149,6 @@ npm() {
mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
}
-sha512sums="72e78f8839543826025549022df9f23a71be3507261a387f82142d71d24065a23f9b905d7fd95a0940ac68355bfe0d81ee50c320eb46493e10e417cd975d3c8e node-v10.14.2.tar.gz
+sha512sums="59f584e27dfd99453a031722ca3e094d658a90e77316a85a7048868fe6a6164b8aef0f03b60cbe681ace273d902434210bf3cd10a638583b74264d8b42bf2565 node-v10.19.0.tar.gz
9d09a88074bf0093f35c5b610e73ebf4c5381df2a2b29feb69da1af0b18776a683b13f1276375bbcfc60936cc27769539e1f01b4ba94b22cad2d5f4daae14c46 dont-run-gyp-files-for-bundled-deps.patch
4fd3f10bd82d1e851ed000169c2635c001a4a051283edf96f1efb2260e2d395199dd5843f79f1cff8f2c0c65462c44241c508ea67835dfbd9880d9196fae290a link-with-libatomic-on-mips32.patch"
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD
index 0e02115e46..ce6fe78361 100644
--- a/main/patch/APKBUILD
+++ b/main/patch/APKBUILD
@@ -27,6 +27,7 @@ builddir="$srcdir"/$pkgname-$pkgver
# 2.7.6-r6:
# - CVE-2018-1000156
# - CVE-2019-13638
+# - CVE-2018-20969
# 2.7.6-r5:
# - CVE-2019-13636
# 2.7.6-r2:
diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD
index 3206f31977..f81086cee3 100644
--- a/main/perl/APKBUILD
+++ b/main/perl/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=perl
pkgver=5.26.3
-pkgrel=0
+pkgrel=1
pkgdesc="Larry Wall's Practical Extraction and Report Language"
url="http://www.perl.org/"
arch="all"
@@ -15,9 +15,16 @@ makedepends="bzip2-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils::noarch miniperl"
source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz
CVE-2018-12015.patch
+ CVE-2020-10543.patch
+ CVE-2020-10878.patch
+ CVE-2020-12723.patch
"
# secfixes:
+# 5.26.3-r1:
+# - CVE-2020-10543
+# - CVE-2020-10878
+# - CVE-2020-12723
# 5.26.3-r0:
# - CVE-2018-18311
# - CVE-2018-18312
@@ -161,4 +168,7 @@ utils() {
}
sha512sums="03914ed51163c998a6afa45610a13cf50124a2c68d291c344b0d52fa15c27fc5d5d4f5dc117516078a03dfd51250097b87c8d5e2b17c7858a4c8c536aecd05af perl-5.26.3.tar.gz
-feda381bd3230443341b99135bac4d6010e9d28b619d9fb57f2dda2c29b8877f012f76d31631e5227ef79e73e0b2b162548fa24704752e61f10c05d015c68916 CVE-2018-12015.patch"
+feda381bd3230443341b99135bac4d6010e9d28b619d9fb57f2dda2c29b8877f012f76d31631e5227ef79e73e0b2b162548fa24704752e61f10c05d015c68916 CVE-2018-12015.patch
+d084db26a6a86bcea0d8f0ecaf63581aae2fb718d92330036464e5c6530480d9bd6624762d54d4d348fdd17f6858be524286fda868f8da3ae943ceae80fec099 CVE-2020-10543.patch
+d8eda9f6bd4ab81c7008697308c081be459f0b9a22bc64dd7841eb7111a98dbe967ff161c22f87bec90487ae2720e2f33c87a6d42a9b9c8af50d65dc558ce40a CVE-2020-10878.patch
+b20c3b94ed675cca255583f7fe826e7e66b0bc05b90fc67f5b717e9204a37f87845fec78752e8fd135f2694d49dd4ccd0c875ab8d7ea1541f804bf270a10f181 CVE-2020-12723.patch"
diff --git a/main/perl/CVE-2020-10543.patch b/main/perl/CVE-2020-10543.patch
new file mode 100644
index 0000000000..a585eb74a9
--- /dev/null
+++ b/main/perl/CVE-2020-10543.patch
@@ -0,0 +1,32 @@
+From 897d1f7fd515b828e4b198d8b8bef76c6faf03ed Mon Sep 17 00:00:00 2001
+From: John Lightsey <jd@cpanel.net>
+Date: Wed, 20 Nov 2019 20:02:45 -0600
+Subject: [PATCH] regcomp.c: Prevent integer overflow from nested regex
+ quantifiers.
+
+(CVE-2020-10543) On 32bit systems the size calculations for nested regular
+expression quantifiers could overflow causing heap memory corruption.
+
+Fixes: Perl/perl5-security#125
+(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
+---
+ regcomp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 93c8d98fbb0..5f86be8086d 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -5489,6 +5489,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ RExC_precomp)));
+ }
+
++ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext )
++ || min >= SSize_t_MAX - minnext * mincount )
++ {
++ FAIL("Regexp out of space");
++ }
++
+ min += minnext * mincount;
+ is_inf_internal |= deltanext == SSize_t_MAX
+ || (maxcount == REG_INFTY && minnext + deltanext > 0);
diff --git a/main/perl/CVE-2020-10878.patch b/main/perl/CVE-2020-10878.patch
new file mode 100644
index 0000000000..4bd3cd92e7
--- /dev/null
+++ b/main/perl/CVE-2020-10878.patch
@@ -0,0 +1,148 @@
+From 011cd8913d3a230b8d30b156b848585c7c4c1597 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Tue, 18 Feb 2020 13:51:16 +0000
+Subject: [PATCH] study_chunk: extract rck_elide_nothing
+
+(CVE-2020-10878)
+
+(cherry picked from commit a3a7598c8ec6efb0eb9c0b786d80c4d2a3751b70)
+---
+ embed.fnc | 1 +
+ embed.h | 1 +
+ proto.h | 3 +++
+ regcomp.c | 70 ++++++++++++++++++++++++++++++++++---------------------
+ 4 files changed, 48 insertions(+), 27 deletions(-)
+
+diff --git a/embed.fnc b/embed.fnc
+index e762fe1eecc..cf892771631 100644
+--- a/embed.fnc
++++ b/embed.fnc
+@@ -2477,6 +2477,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
+ |I32 stopparen|U32 recursed_depth \
+ |NULLOK regnode_ssc *and_withp \
+ |U32 flags|U32 depth
++Es |void |rck_elide_nothing|NN regnode *node
+ EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
+ |NN const char* const s|const U32 n
+ rs |void |re_croak2 |bool utf8|NN const char* pat1|NN const char* pat2|...
+diff --git a/embed.h b/embed.h
+index a5416a1148d..886551ce5c6 100644
+--- a/embed.h
++++ b/embed.h
+@@ -1202,6 +1202,7 @@
+ #define output_or_return_posix_warnings(a,b,c) S_output_or_return_posix_warnings(aTHX_ a,b,c)
+ #define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a)
+ #define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b)
++#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a)
+ #define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d)
+ #define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d)
+ #define reg_node(a,b) S_reg_node(aTHX_ a,b)
+diff --git a/proto.h b/proto.h
+index 66bb29b1321..d3f8802c1d8 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5485,6 +5485,9 @@ STATIC void S_parse_lparen_question_flags(pTHX_ RExC_state_t *pRExC_state);
+ STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr);
+ #define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \
+ assert(node); assert(invlist_ptr)
++STATIC void S_rck_elide_nothing(pTHX_ regnode *node);
++#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \
++ assert(node)
+ PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...)
+ __attribute__noreturn__;
+ #define PERL_ARGS_ASSERT_RE_CROAK2 \
+diff --git a/regcomp.c b/regcomp.c
+index dd18add1db2..0a9c6a8085a 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -4093,7 +4093,44 @@ S_unwind_scan_frames(pTHX_ const void *p)
+ } while (f);
+ }
+
++/* Follow the next-chain of the current node and optimize away
++ all the NOTHINGs from it.
++ */
++STATIC void
++S_rck_elide_nothing(pTHX_ regnode *node)
++{
++ dVAR;
+
++ PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING;
++
++ if (OP(node) != CURLYX) {
++ const int max = (reg_off_by_arg[OP(node)]
++ ? I32_MAX
++ /* I32 may be smaller than U16 on CRAYs! */
++ : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
++ int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node));
++ int noff;
++ regnode *n = node;
++
++ /* Skip NOTHING and LONGJMP. */
++ while (
++ (n = regnext(n))
++ && (
++ (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
++ || ((OP(n) == LONGJMP) && (noff = ARG(n)))
++ )
++ && off + noff < max
++ ) {
++ off += noff;
++ }
++ if (reg_off_by_arg[OP(node)])
++ ARG(node) = off;
++ else
++ NEXT_OFF(node) = off;
++ }
++ return;
++}
++
+ STATIC SSize_t
+ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ SSize_t *minlenp, SSize_t *deltap,
+@@ -4277,28 +4315,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ */
+ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+
+- /* Follow the next-chain of the current node and optimize
+- away all the NOTHINGs from it. */
+- if (OP(scan) != CURLYX) {
+- const int max = (reg_off_by_arg[OP(scan)]
+- ? I32_MAX
+- /* I32 may be smaller than U16 on CRAYs! */
+- : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
+- int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan));
+- int noff;
+- regnode *n = scan;
+-
+- /* Skip NOTHING and LONGJMP. */
+- while ((n = regnext(n))
+- && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
+- || ((OP(n) == LONGJMP) && (noff = ARG(n))))
+- && off + noff < max)
+- off += noff;
+- if (reg_off_by_arg[OP(scan)])
+- ARG(scan) = off;
+- else
+- NEXT_OFF(scan) = off;
+- }
++ /* Follow the next-chain of the current node and optimize
++ away all the NOTHINGs from it.
++ */
++ rck_elide_nothing(scan);
+
+ /* The principal pseudo-switch. Cannot be a switch, since we
+ look into several different things. */
+@@ -5425,11 +5445,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ if (data && (fl & SF_HAS_EVAL))
+ data->flags |= SF_HAS_EVAL;
+ optimize_curly_tail:
+- if (OP(oscan) != CURLYX) {
+- while (PL_regkind[OP(next = regnext(oscan))] == NOTHING
+- && NEXT_OFF(next))
+- NEXT_OFF(oscan) += NEXT_OFF(next);
+- }
++ rck_elide_nothing(oscan);
+ continue;
+
+ default:
diff --git a/main/perl/CVE-2020-12723.patch b/main/perl/CVE-2020-12723.patch
new file mode 100644
index 0000000000..657f0c7cc2
--- /dev/null
+++ b/main/perl/CVE-2020-12723.patch
@@ -0,0 +1,277 @@
+From 3f4ba871d2d397dcd4386ed75e05353c36135c29 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Sat, 11 Apr 2020 14:10:24 +0100
+Subject: [PATCH] study_chunk: avoid mutating regexp program within GOSUB
+
+gh16947 and gh17743: studying GOSUB may restudy in an inner call
+(via a mix of recursion and enframing) something that an outer call
+is in the middle of looking at. Let the outer frame deal with it.
+
+(CVE-2020-12723)
+
+(cherry picked from commit c031e3ec7c713077659f5f7dc6638d926c69d7b2)
+---
+ embed.fnc | 2 +-
+ embed.h | 2 +-
+ proto.h | 2 +-
+ regcomp.c | 48 ++++++++++++++++++++++++++++++++----------------
+ t/re/pat.t | 26 +++++++++++++++++++++++++-
+ 5 files changed, 60 insertions(+), 20 deletions(-)
+
+diff --git a/embed.fnc b/embed.fnc
+index cf892771631..4b1ba282779 100644
+--- a/embed.fnc
++++ b/embed.fnc
+@@ -2476,7 +2476,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
+ |NULLOK struct scan_data_t *data \
+ |I32 stopparen|U32 recursed_depth \
+ |NULLOK regnode_ssc *and_withp \
+- |U32 flags|U32 depth
++ |U32 flags|U32 depth|bool was_mutate_ok
+ Es |void |rck_elide_nothing|NN regnode *node
+ EsR |SV * |get_ANYOFM_contents|NN const regnode * n
+ EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
+diff --git a/embed.h b/embed.h
+index 886551ce5c6..50fcabc140b 100644
+--- a/embed.h
++++ b/embed.h
+@@ -1232,7 +1232,7 @@
+ #define ssc_is_cp_posixl_init S_ssc_is_cp_posixl_init
+ #define ssc_or(a,b,c) S_ssc_or(aTHX_ a,b,c)
+ #define ssc_union(a,b,c) S_ssc_union(aTHX_ a,b,c)
+-#define study_chunk(a,b,c,d,e,f,g,h,i,j,k) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k)
++#define study_chunk(a,b,c,d,e,f,g,h,i,j,k,l) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k,l)
+ # endif
+ # if defined(PERL_IN_REGCOMP_C) || defined (PERL_IN_DUMP_C)
+ #define _invlist_dump(a,b,c,d) Perl__invlist_dump(aTHX_ a,b,c,d)
+diff --git a/proto.h b/proto.h
+index d3f8802c1d8..e276f69bd1c 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5596,7 +5596,7 @@ PERL_STATIC_INLINE void S_ssc_union(pTHX_ regnode_ssc *ssc, SV* const invlist, c
+ #define PERL_ARGS_ASSERT_SSC_UNION \
+ assert(ssc); assert(invlist)
+ #endif
+-STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth);
++STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth, bool was_mutate_ok);
+ #define PERL_ARGS_ASSERT_STUDY_CHUNK \
+ assert(pRExC_state); assert(scanp); assert(minlenp); assert(deltap); assert(last)
+ #endif
+diff --git a/regcomp.c b/regcomp.c
+index 0a9c6a8085a..e66032a16ad 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -111,6 +111,7 @@ typedef struct scan_frame {
+ U32 prev_recursed_depth;
+ I32 stopparen; /* what stopparen do we use */
+ U32 is_top_frame; /* what flags do we use? */
++ bool in_gosub; /* this or an outer frame is for GOSUB */
+
+ struct scan_frame *this_prev_frame; /* this previous frame */
+ struct scan_frame *prev_frame; /* previous frame */
+@@ -4225,7 +4226,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ I32 stopparen,
+ U32 recursed_depth,
+ regnode_ssc *and_withp,
+- U32 flags, U32 depth)
++ U32 flags, U32 depth, bool was_mutate_ok)
+ /* scanp: Start here (read-write). */
+ /* deltap: Write maxlen-minlen here. */
+ /* last: Stop before this one. */
+@@ -4303,6 +4304,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ node length to get a real minimum (because
+ the folded version may be shorter) */
+ bool unfolded_multi_char = FALSE;
++ /* avoid mutating ops if we are anywhere within the recursed or
++ * enframed handling for a GOSUB: the outermost level will handle it.
++ */
++ bool mutate_ok = was_mutate_ok && !(frame && frame->in_gosub);
+ /* Peephole optimizer: */
+ DEBUG_STUDYDATA("Peep", data, depth, is_inf);
+ DEBUG_PEEP("Peep", scan, depth, flags);
+@@ -4313,7 +4318,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ * parsing code, as each (?:..) is handled by a different invocation of
+ * reg() -- Yves
+ */
+- JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
++ if (mutate_ok)
++ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+
+ /* Follow the next-chain of the current node and optimize
+ away all the NOTHINGs from it.
+@@ -4345,7 +4351,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* DEFINEP study_chunk() recursion */
+ (void)study_chunk(pRExC_state, &scan, &minlen,
+ &deltanext, next, &data_fake, stopparen,
+- recursed_depth, NULL, f, depth+1);
++ recursed_depth, NULL, f, depth+1, mutate_ok);
+
+ scan = next;
+ } else
+@@ -4413,7 +4419,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* recurse study_chunk() for each BRANCH in an alternation */
+ minnext = study_chunk(pRExC_state, &scan, minlenp,
+ &deltanext, next, &data_fake, stopparen,
+- recursed_depth, NULL, f,depth+1);
++ recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+
+ if (min1 > minnext)
+ min1 = minnext;
+@@ -4480,9 +4487,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ }
+ }
+
+- if (PERL_ENABLE_TRIE_OPTIMISATION &&
+- OP( startbranch ) == BRANCH )
+- {
++ if (PERL_ENABLE_TRIE_OPTIMISATION
++ && OP(startbranch) == BRANCH
++ && mutate_ok
++ ) {
+ /* demq.
+
+ Assuming this was/is a branch we are dealing with: 'scan'
+@@ -4933,6 +4941,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ newframe->stopparen = stopparen;
+ newframe->prev_recursed_depth = recursed_depth;
+ newframe->this_prev_frame= frame;
++ newframe->in_gosub = (
++ (frame && frame->in_gosub) || OP(scan) == GOSUB
++ );
+
+ DEBUG_STUDYDATA("frame-new", data, depth, is_inf);
+ DEBUG_PEEP("fnew", scan, depth, flags);
+@@ -5153,7 +5164,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ (mincount == 0
+ ? (f & ~SCF_DO_SUBSTR)
+ : f)
+- ,depth+1);
++ , depth+1, mutate_ok);
+
+ if (flags & SCF_DO_STCLASS)
+ data->start_class = oclass;
+@@ -5221,7 +5232,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ if ( OP(oscan) == CURLYX && data
+ && data->flags & SF_IN_PAR
+ && !(data->flags & SF_HAS_EVAL)
+- && !deltanext && minnext == 1 ) {
++ && !deltanext && minnext == 1
++ && mutate_ok
++ ) {
+ /* Try to optimize to CURLYN. */
+ regnode *nxt = NEXTOPER(oscan) + EXTRA_STEP_2ARGS;
+ regnode * const nxt1 = nxt;
+@@ -5267,10 +5280,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ && !(data->flags & SF_HAS_EVAL)
+ && !deltanext /* atom is fixed width */
+ && minnext != 0 /* CURLYM can't handle zero width */
+-
+ /* Nor characters whose fold at run-time may be
+ * multi-character */
+ && ! (RExC_seen & REG_UNFOLDED_MULTI_SEEN)
++ && mutate_ok
+ ) {
+ /* XXXX How to optimize if data == 0? */
+ /* Optimize to a simpler form. */
+@@ -5318,7 +5331,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ /* Optimize again: */
+ /* recurse study_chunk() on optimised CURLYX => CURLYM */
+ study_chunk(pRExC_state, &nxt1, minlenp, &deltanext, nxt,
+- NULL, stopparen, recursed_depth, NULL, 0,depth+1);
++ NULL, stopparen, recursed_depth, NULL, 0,
++ depth+1, mutate_ok);
+ }
+ else
+ oscan->flags = 0;
+@@ -5735,7 +5749,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ /* recurse study_chunk() for lookahead body */
+ minnext = study_chunk(pRExC_state, &nscan, minlenp, &deltanext,
+ last, &data_fake, stopparen,
+- recursed_depth, NULL, f, depth+1);
++ recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+ if (scan->flags) {
+ if (deltanext) {
+ FAIL("Variable length lookbehind not implemented");
+@@ -5827,7 +5842,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ *minnextp = study_chunk(pRExC_state, &nscan, minnextp,
+ &deltanext, last, &data_fake,
+ stopparen, recursed_depth, NULL,
+- f,depth+1);
++ f, depth+1, mutate_ok);
+ if (scan->flags) {
+ if (deltanext) {
+ FAIL("Variable length lookbehind not implemented");
+@@ -5988,7 +6003,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ /* optimise study_chunk() for TRIE */
+ minnext = study_chunk(pRExC_state, &scan, minlenp,
+ &deltanext, (regnode *)nextbranch, &data_fake,
+- stopparen, recursed_depth, NULL, f,depth+1);
++ stopparen, recursed_depth, NULL, f, depth+1,
++ mutate_ok);
+ }
+ if (nextbranch && PL_regkind[OP(nextbranch)]==BRANCH)
+ nextbranch= regnext((regnode*)nextbranch);
+@@ -7673,7 +7689,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+ &data, -1, 0, NULL,
+ SCF_DO_SUBSTR | SCF_WHILEM_VISITED_POS | stclass_flag
+ | (restudied ? SCF_TRIE_DOING_RESTUDY : 0),
+- 0);
++ 0, TRUE);
+
+
+ CHECK_RESTUDY_GOTO_butfirst(LEAVE_with_name("study_chunk"));
+@@ -7802,7 +7818,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+ SCF_DO_STCLASS_AND|SCF_WHILEM_VISITED_POS|(restudied
+ ? SCF_TRIE_DOING_RESTUDY
+ : 0),
+- 0);
++ 0, TRUE);
+
+ CHECK_RESTUDY_GOTO_butfirst(NOOP);
+
+diff --git a/t/re/pat.t b/t/re/pat.t
+index 1d98fe77d7f..1488259b020 100644
+--- a/t/re/pat.t
++++ b/t/re/pat.t
+@@ -23,7 +23,7 @@ BEGIN {
+ skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader;
+ skip_all_without_unicode_tables();
+
+-plan tests => 840; # Update this when adding/deleting tests.
++plan tests => 844; # Update this when adding/deleting tests.
+
+ run_tests() unless caller;
+
+@@ -1948,6 +1948,30 @@ EOP
+ fresh_perl_is('m m0*0+\Rm', "",{},"Undefined behavior in address sanitizer");
+ }
+
++ # gh16947: test regexp corruption (GOSUB)
++ {
++ fresh_perl_is(q{
++ 'xy' =~ /x(?0)|x(?|y|y)/ && print 'ok'
++ }, 'ok', {}, 'gh16947: test regexp corruption (GOSUB)');
++ }
++ # gh16947: test fix doesn't break SUSPEND
++ {
++ fresh_perl_is(q{ 'sx' =~ m{ss++}i; print 'ok' },
++ 'ok', {}, "gh16947: test fix doesn't break SUSPEND");
++ }
++
++ # gh17743: more regexp corruption via GOSUB
++ {
++ fresh_perl_is(q{
++ "0" =~ /((0(?0)|000(?|0000|0000)(?0))|)/; print "ok"
++ }, 'ok', {}, 'gh17743: test regexp corruption (1)');
++
++ fresh_perl_is(q{
++ "000000000000" =~ /(0(())(0((?0)())|000(?|\x{ef}\x{bf}\x{bd}|\x{ef}\x{bf}\x{bd}))|)/;
++ print "ok"
++ }, 'ok', {}, 'gh17743: test regexp corruption (2)');
++ }
++
+ } # End of sub run_tests
+
+ 1;
diff --git a/main/python3/APKBUILD b/main/python3/APKBUILD
index 461feb5f52..aae515bf83 100644
--- a/main/python3/APKBUILD
+++ b/main/python3/APKBUILD
@@ -5,7 +5,7 @@ pkgname=python3
# the python2-tkinter's pkgver needs to be synchronized with this.
pkgver=3.6.9
_basever="${pkgver%.*}"
-pkgrel=2
+pkgrel=3
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
@@ -20,10 +20,13 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
CVE-2019-16056.patch
CVE-2019-16935.patch
+ CVE-2020-14422.patch
"
builddir="$srcdir/Python-$pkgver"
# secfixes:
+# 3.6.9-r3:
+# - CVE-2020-14422
# 3.6.9-r2:
# - CVE-2019-16935
# 3.6.9-r1:
@@ -164,4 +167,5 @@ sha512sums="05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65ee
37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
e8708c4fef1b591dd7251b36a785f9bc6472f2a25fba11bc4116814e93e770230ebd0016285c28d9065c49c5bf2be10f72182e23fb2767e1875ef20c94b5c97c CVE-2019-16056.patch
-7f94d887c81f79d90afd4a9621547c13cbdd0232250f62a686b26a63160a4d286a6db9b342d06b9b63af64f994835b489c37bab499a2093c3c2585dc7a04d8a1 CVE-2019-16935.patch"
+7f94d887c81f79d90afd4a9621547c13cbdd0232250f62a686b26a63160a4d286a6db9b342d06b9b63af64f994835b489c37bab499a2093c3c2585dc7a04d8a1 CVE-2019-16935.patch
+cdf2f0ae115d2a37bae4828c6d13e102a030054e2ee71a1c30b12fd2c0864a25908ef30e73c099fd2b49f5e10cef6f8ed126c06f0c2cf660dfce0fec07f6f74c CVE-2020-14422.patch"
diff --git a/main/python3/CVE-2020-14422.patch b/main/python3/CVE-2020-14422.patch
new file mode 100644
index 0000000000..28fdff66f4
--- /dev/null
+++ b/main/python3/CVE-2020-14422.patch
@@ -0,0 +1,74 @@
+From cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 Mon Sep 17 00:00:00 2001
+From: Tapas Kundu <39723251+tapakund@users.noreply.github.com>
+Date: Wed, 1 Jul 2020 01:00:22 +0530
+Subject: [PATCH] [3.6] bpo-41004: Resolve hash collisions for IPv4Interface
+ and IPv6Interface (GH-21033) (GH-21232)
+
+CVE-2020-14422
+The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
+of generating constant hash values of 32 and 128 respectively causing hash collisions.
+The fix uses the hash() function to generate hash values for the objects
+instead of XOR operation
+(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
+
+Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
+
+Signed-off-by: Tapas Kundu <tkundu@vmware.com>
+---
+ Lib/ipaddress.py | 4 ++--
+ Lib/test/test_ipaddress.py | 11 +++++++++++
+ .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 +
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+
+diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
+index 583f02ad54275..98492136ca5f4 100644
+--- a/Lib/ipaddress.py
++++ b/Lib/ipaddress.py
+@@ -1418,7 +1418,7 @@ def __lt__(self, other):
+ return False
+
+ def __hash__(self):
+- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
++ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
+
+ __reduce__ = _IPAddressBase.__reduce__
+
+@@ -2092,7 +2092,7 @@ def __lt__(self, other):
+ return False
+
+ def __hash__(self):
+- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
++ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
+
+ __reduce__ = _IPAddressBase.__reduce__
+
+diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
+index 1cef4217bc883..7de444af4aa57 100644
+--- a/Lib/test/test_ipaddress.py
++++ b/Lib/test/test_ipaddress.py
+@@ -1990,6 +1990,17 @@ def testsixtofour(self):
+ sixtofouraddr.sixtofour)
+ self.assertFalse(bad_addr.sixtofour)
+
++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
++ def testV4HashIsNotConstant(self):
++ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
++ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
++ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
++
++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
++ def testV6HashIsNotConstant(self):
++ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
++ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
++ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
+
+ if __name__ == '__main__':
+ unittest.main()
+diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+new file mode 100644
+index 0000000000000..f5a9db52fff52
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+@@ -0,0 +1 @@
++CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
diff --git a/main/smokeping/APKBUILD b/main/smokeping/APKBUILD
index c8a9fe1451..3efc760689 100644
--- a/main/smokeping/APKBUILD
+++ b/main/smokeping/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=smokeping
pkgver=2.7.3
-pkgrel=3
+pkgrel=4
pkgdesc="Smokeping network latency monitoring"
pkgusers="smokeping"
pkggroups="smokeping"
@@ -38,6 +38,7 @@ depends="
perl-snmp-session
perl-uri
rrdtool
+ ttf-dejavu
"
makedepends="
openssl-dev
diff --git a/main/sprunge/APKBUILD b/main/sprunge/APKBUILD
index f663d800b9..4d1f651abd 100644
--- a/main/sprunge/APKBUILD
+++ b/main/sprunge/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=sprunge
pkgver=0.6
-pkgrel=0
+pkgrel=1
pkgdesc="Helper script to paste things to http://sprunge.us"
url="http://sprunge.us"
arch="noarch"
@@ -33,10 +33,10 @@ package() {
tpaste() {
cd "$_builddir"
- url="http://tpaste.us"
+ url="https://tpaste.us"
pkgdesc="Helper script to paste things to $url"
mkdir -p "$subpkgdir"/usr/bin
- printf "#!/bin/sh\n\nexec curl -F 'tpaste=<-' http://tpaste.us" > \
+ printf "#!/bin/sh\n\nexec curl -F 'tpaste=<-' https://tpaste.us" > \
"$subpkgdir"/usr/bin/tpaste || return 1
chmod 755 "$subpkgdir"/usr/bin/tpaste || return 1
}
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 37f62af559..eae97c3b94 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Roger Pau Monne <roger.pau@entel.upc.edu>
# Maintainer: William Pitcock <nenolod@dereferenced.org>
pkgname=xen
-pkgver=4.11.3
-pkgrel=2
+pkgver=4.11.4
+pkgrel=0
pkgdesc="Xen hypervisor"
url="https://www.xenproject.org/"
arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8
@@ -178,6 +178,14 @@ options="!strip"
# - CVE-2020-11739 XSA-314
# - CVE-2020-11743 XSA-316
# - CVE-2020-11742 XSA-318
+# 4.11.4-r0:
+# - CVE-2020-????? XSA-312
+# - CVE-2020-0543 XSA-320
+# - CVE-2020-15566 XSA-317
+# - CVE-2020-15563 XSA-319
+# - CVE-2020-15565 XSA-321
+# - CVE-2020-15564 XSA-327
+# - CVE-2020-15567 XSA-328
case "$CARCH" in
x86*)
@@ -245,18 +253,21 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv
hotplug-Linux-iscsi-block-handle-lun-1.patch
- xsa307.patch
- xsa308.patch
- xsa309.patch
- xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch
- xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch
- xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch
- xsa311-4.11.patch
- xsa313-1.patch
- xsa313-2.patch
- xsa314-4.13.patch
- xsa316-xen.patch
- xsa318.patch
+ xsa320-4.11-1.patch
+ xsa320-4.11-2.patch
+ xsa320-4.11-3.patch
+ xsa317.patch
+ xsa319.patch
+ xsa328-4.11-1.patch
+ xsa328-4.11-2.patch
+ xsa321-4.11-1.patch
+ xsa321-4.11-2.patch
+ xsa321-4.11-3.patch
+ xsa321-4.11-4.patch
+ xsa321-4.11-5.patch
+ xsa321-4.11-6.patch
+ xsa321-4.11-7.patch
+ xsa327.patch
xenstored.initd
xenstored.confd
@@ -490,7 +501,7 @@ EOF
EOF
}
-sha512sums="2204e490e9fc357a05983a9bf4e7345e1d364fe00400ce473988dcb9ca7d4e2b921fe10f095cbbc64248130a92d22c6f0d154dcae250a57a7f915df32e3dc436 xen-4.11.3.tar.gz
+sha512sums="8383f0b369fa08c8ecfdd68f902a2aaad140146a183131c50c020fe04c2f1e829c219b9bd9923fa8f1c180e1e7c6e73d0d68b7015fc39fd3b7f59e55c680cedb xen-4.11.4.tar.gz
2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2
c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz
1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz
@@ -513,18 +524,21 @@ e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3a
69dfa60628ca838678862383528654ecbdf4269cbb5c9cfb6b84d976202a8dea85d711aa65a52fa1b477fb0b30604ca70cf1337192d6fb9388a08bbe7fe56077 xenstore_client_transaction_fix.patch
2094ea964fa610b2bf72fd2c7ede7e954899a75c0f5b08030cf1d74460fb759ade84866176e32f8fe29c921dfdc6dafd2b31e23ab9b0a3874d3dceeabdd1913b xenqemu-xattr-size-max.patch
8c9cfc6afca325df1d8026e21ed03fa8cd2c7e1a21a56cc1968301c5ab634bfe849951899e75d328951d7a41273d1e49a2448edbadec0029ed410c43c0549812 hotplug-Linux-iscsi-block-handle-lun-1.patch
-984185e513e0688edca932f434ace78daf99094b563dc3f6cd1c94c7f60842e860dc9490296a4bc716c42f544e0bdf2e3c58cd46b4b490b61dbbe8389c5674c4 xsa307.patch
-3650ab4d75ba65764edacb379b67c6bc08df5cada0c2b039fd8641f212ba462246ef838dee3390fddd0725cec8676197136ef99dfbd7d9ef1a7c4d78a873639b xsa308.patch
-ad6468c55c13a259b8baa15f251a77ae5ff0524434201caeb1780ca58e637a9e4be398f264c010913d940a248ca619a6878cd6109180de653afadb923fc38fee xsa309.patch
-806c3cd3895f6573195d3ae85f314c8b7b7bc9ac4b1663b113e1c7fb8a7d949855fab09ba794b838a1cebdb40017ebfbaed932fd23ee33cc7bef8381a8ed2584 xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch
-6e713158f693c1d38f1044e1e9adea3d9338c47e9c2fec10b95a04a36cbc7c8e2841d593cb6e39b44976b6c29b7eec9919dec738e5fddaedddaaeade220185d8 xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch
-bef47261b61f2f9f10d649c8de1ad076517ac5ecea5f26a3a61ded91ced3f274ddeb8a41592edfe7dfd5439b010b647f6c15afeb7cd2b8c6065cd2281413b614 xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch
-6e786287e21cd8f7371b75b05067428656cc5985ef98902fab577b9dff3a187d130675063db127a9c2210c935b2eb1f6288d784d595c9bdee30f0c904a81afb4 xsa311-4.11.patch
-a5443da59c75a786ecd0c5ad5df4c84de8b0f7ac92bc11d840d1fb4c2c33653f7e883640c2081ba594fb1ca92a61f5c970b821a5f2d37c6e666bc2e7da6c8e8f xsa313-1.patch
-afc34c39e14b3b3d7bcd5b9bb7d2e6eaeb52fdc8733845cafd0b200c764ebd5a79f540cd818143f99bf084d1a33e50ad1614e5e98af6582412975bd73a5c48dd xsa313-2.patch
-6e319c3856ed4a4d96705a258c2654c89a7d645d8b16c03dd257c57d320ee220ffa675eeef615c5bbcf4d5d25b66ceb8b77f57df59da757a3a554a316db074b6 xsa314-4.13.patch
-cd6ac97375742bacd55f51062849ba5dcef6026f673d3fb6ab73723befbf52570ea08765af44d636df65b7c16a9dce2fe6c9b6c47b671872ffb83c8121a181df xsa316-xen.patch
-66e178a859844a3839333b19934ede5db1d83d8b84bfcce70c51a46077287811a92a8ad2ad60663a88162112d65a867815605202a2c9ca44ba32251b42f0ca23 xsa318.patch
+325f66b008a76ff569fdca430e2926633996511f1bd7dcd375259377e4c88758b13c95ee66b8edaa5ffebc3d927442409dc36bd8e35b2c928e43d82a539583cf xsa317.patch
+d57d8cfd749df1816060345bedd9fa7ef2381ea9d85562ddf0c39ffe832ca56834c3e8c1fb67a64fd5631fd219c4d66a3ef655dca0989bf39911c87e0145717f xsa319.patch
+9d61608159802d5ba79e42253b7e391bc14bbf809f0a59ab64585d594e8f414ed7005cbca18e9db16157406f3a0c3ad2a262cbe431ef52507b2329e4fd999198 xsa320-4.11-1.patch
+9f42a03b11095807e2812e0a95df47722f3f41d4928bbde9c7e642f3001f4c97f29c226340e78cbda3fe35667ee88aa702bf374f012a27cb96d6d6e24162bb8c xsa320-4.11-2.patch
+81004539674d7dcb48c259bbcbf9e8e33e55c0af044d3be09f517e8cb850bf1068029802c941760287f9e4e83dbe4113d732d5425c9aa48accfe8d2071ff6caa xsa320-4.11-3.patch
+53c3e7d8e4a0fbfe162571bd296a8d234caccfdd38958c62e54643189bc6cd22379da81fd465597779c3141a4694bb9c38848467cd7a81b1a400881ba8f1c053 xsa321-4.11-1.patch
+21752f53231e20a5ddbc198cf630861d1809e0254d313329f819450a7d966d301a37fb689b126c137338732fd077e73dbb78735b833222116493e6b2e782dc00 xsa321-4.11-2.patch
+ebd933135d3df4d1c431be22d96f5d9e5af2670cbd188d8db1510fe3eaad0f31309ba7f6a817ea59010524e290ff7279d6d120f3241aa34d960eb3872e5bbc9f xsa321-4.11-3.patch
+922f46623c1dca5d067e7897fe2cf0e3045ea7bf26f1aab12935c47a4a764ddb3e9cef2c8efef29f933aab9351a301572c0ea21ef84514cfba06d6159500876a xsa321-4.11-4.patch
+0c4932886cfb7495fbe1007cb0a9562341c1a33243fd64274b4bb02e7094842bfb2766ef2a8f5ac41c586ffece029f332302f4e3e2271d9f3b9ce4af97dafc4d xsa321-4.11-5.patch
+a7dd96126a4869771366cf5316d451531063009b3c1cc556ba7ede43d4b927c97c146a973c74159aae7f1bc226dbd03e8456ca1d8e9c3f75d91759b1c6be0930 xsa321-4.11-6.patch
+11cae33936a0c2cf6f3376bc431cb850b0af41eb43fc0d160a203f728284882cf2c1e048fbafba2a0125dfd35782fb6d9d267373519340b965ac0249cb60e7ec xsa321-4.11-7.patch
+83823056dbd0142585d8b0fb9b3179ac8cc099a21ee489008a4cfb1f310daae72dff1fb6c7cd3a1c8ca5cec43a6b964587d8121a2423226baad0bcd302e73263 xsa327.patch
+60481beb932cb47b0a3025a41a7ec752afda063375f8f2087363ad729dbb7f93190f06b2f15e1cee562c619c16548a3cd729ba292670ef9d500cf4442c4905bb xsa328-4.11-1.patch
+29a9c01db993438d4d789c3d2151e54d04f93c2da4d01791b578a7a3ec95b8bc5144d9717698e7daacde0cef0553b55db47483bebdc1021ff7a315d557031dc0 xsa328-4.11-2.patch
52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd
093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd
3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd
diff --git a/main/xen/xsa307.patch b/main/xen/xsa307.patch
deleted file mode 100644
index 82b4adad78..0000000000
--- a/main/xen/xsa307.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: x86+Arm32: make find_next_{,zero_}bit() have well defined behavior
-
-These functions getting used with the 2nd and 3rd arguments being equal
-wasn't well defined: Arm64 reliably returns the value of the 2nd
-argument in this case, while on x86 for bitmaps up to 64 bits wide the
-return value was undefined (due to the undefined behavior of a shift of
-a value by the number of bits it's wide) when the incoming value was 64.
-On Arm32 an actual out of bounds access would happen when the
-size/offset value is a multiple of 32; if this access doesn't fault, the
-return value would have been sufficiently correct afaict.
-
-Make the functions consistently tolerate the last two arguments being
-equal (and in fact the 3rd argument being greater or equal to the 2nd),
-in favor of finding and fixing all the use sites that violate the
-original more strict assumption.
-
-This is XSA-307.
-
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Julien Grall <julien@xen.org>
----
-The most obvious (albeit still indirect) exposure to guests is
-evtchn_check_pollers(), which imo makes this a security issue at least
-for Arm32.
-
-This was originally already discussed between (at least) Andrew and me,
-and I don't really recall who brought up the issue first.
-
-Note that Arm's Linux origin of the code may call for syncing
-publication with them. Then again I don't want to tell them just to see
-them go public ahead of us.
-
---- a/xen/arch/arm/arm32/lib/findbit.S
-+++ b/xen/arch/arm/arm32/lib/findbit.S
-@@ -42,8 +42,8 @@ ENDPROC(_find_first_zero_bit_le)
- * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)
- */
- ENTRY(_find_next_zero_bit_le)
-- teq r1, #0
-- beq 3b
-+ cmp r1, r2
-+ bls 3b
- ands ip, r2, #7
- beq 1b @ If new byte, goto old routine
- ARM( ldrb r3, [r0, r2, lsr #3] )
-@@ -83,8 +83,8 @@ ENDPROC(_find_first_bit_le)
- * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset)
- */
- ENTRY(_find_next_bit_le)
-- teq r1, #0
-- beq 3b
-+ cmp r1, r2
-+ bls 3b
- ands ip, r2, #7
- beq 1b @ If new byte, goto old routine
- ARM( ldrb r3, [r0, r2, lsr #3] )
-@@ -117,8 +117,8 @@ ENTRY(_find_first_zero_bit_be)
- ENDPROC(_find_first_zero_bit_be)
-
- ENTRY(_find_next_zero_bit_be)
-- teq r1, #0
-- beq 3b
-+ cmp r1, r2
-+ bls 3b
- ands ip, r2, #7
- beq 1b @ If new byte, goto old routine
- eor r3, r2, #0x18 @ big endian byte ordering
-@@ -151,8 +151,8 @@ ENTRY(_find_first_bit_be)
- ENDPROC(_find_first_bit_be)
-
- ENTRY(_find_next_bit_be)
-- teq r1, #0
-- beq 3b
-+ cmp r1, r2
-+ bls 3b
- ands ip, r2, #7
- beq 1b @ If new byte, goto old routine
- eor r3, r2, #0x18 @ big endian byte ordering
---- a/xen/include/asm-x86/bitops.h
-+++ b/xen/include/asm-x86/bitops.h
-@@ -358,7 +358,7 @@ static always_inline unsigned int __scan
- const unsigned long *a__ = (addr); \
- unsigned int s__ = (size); \
- unsigned int o__ = (off); \
-- if ( __builtin_constant_p(size) && !s__ ) \
-+ if ( o__ >= s__ ) \
- r__ = s__; \
- else if ( __builtin_constant_p(size) && s__ <= BITS_PER_LONG ) \
- r__ = o__ + __scanbit(*(const unsigned long *)(a__) >> o__, s__); \
-@@ -390,7 +390,7 @@ static always_inline unsigned int __scan
- const unsigned long *a__ = (addr); \
- unsigned int s__ = (size); \
- unsigned int o__ = (off); \
-- if ( __builtin_constant_p(size) && !s__ ) \
-+ if ( o__ >= s__ ) \
- r__ = s__; \
- else if ( __builtin_constant_p(size) && s__ <= BITS_PER_LONG ) \
- r__ = o__ + __scanbit(~*(const unsigned long *)(a__) >> o__, s__); \
diff --git a/main/xen/xsa308.patch b/main/xen/xsa308.patch
deleted file mode 100644
index 7abe3eff0e..0000000000
--- a/main/xen/xsa308.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Subject: x86/vtx: Work around SingleStep + STI/MovSS VMEntry failures
-
-See patch comment for technical details.
-
-Concerning the timeline, this was first discovered in the aftermath of
-XSA-156 which caused #DB to be intercepted unconditionally, but only in
-its SingleStep + STI form which is restricted to privileged software.
-
-After working with Intel and identifying the problematic vmentry check,
-this workaround was suggested, and the patch was posted in an RFC
-series. Outstanding work for that series (not breaking Introspection)
-is still pending, and this fix from it (which wouldn't have been good
-enough in its original form) wasn't committed.
-
-A vmentry failure was reported to xen-devel, and debugging identified
-this bug in its SingleStep + MovSS form by way of INT1, which does not
-involve the use of any privileged instructions, and proving this to be a
-security issue.
-
-This is XSA-308
-
-Reported-by: Håkon Alstadheim <hakon@alstadheim.priv.no>
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Acked-by: Kevin Tian <kevin.tian@intel.com>
-
-diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
-index 6a5eeb5c13..59b836f43f 100644
---- a/xen/arch/x86/hvm/vmx/vmx.c
-+++ b/xen/arch/x86/hvm/vmx/vmx.c
-@@ -3816,6 +3816,42 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
- HVMTRACE_1D(TRAP_DEBUG, exit_qualification);
- __restore_debug_registers(v);
- write_debugreg(6, exit_qualification | DR_STATUS_RESERVED_ONE);
-+
-+ /*
-+ * Work around SingleStep + STI/MovSS VMEntry failures.
-+ *
-+ * We intercept #DB unconditionally to work around CVE-2015-8104 /
-+ * XSA-156 (guest-kernel induced host DoS).
-+ *
-+ * STI/MovSS shadows block/defer interrupts/exceptions (exact
-+ * details are complicated and poorly documented). Debug
-+ * exceptions delayed for any reason are stored in the
-+ * PENDING_DBG_EXCEPTIONS field.
-+ *
-+ * The falling edge of PENDING_DBG causes #DB to be delivered,
-+ * resulting in a VMExit, as #DB is intercepted. The VMCS still
-+ * reports blocked-by-STI/MovSS.
-+ *
-+ * The VMEntry checks when EFLAGS.TF is set don't like a VMCS in
-+ * this state. Despite a #DB queued in VMENTRY_INTR_INFO, the
-+ * state is rejected as DR6.BS isn't pending. Fix this up.
-+ */
-+ if ( unlikely(regs->eflags & X86_EFLAGS_TF) )
-+ {
-+ unsigned long int_info;
-+
-+ __vmread(GUEST_INTERRUPTIBILITY_INFO, &int_info);
-+
-+ if ( int_info & (VMX_INTR_SHADOW_STI | VMX_INTR_SHADOW_MOV_SS) )
-+ {
-+ unsigned long pending_dbg;
-+
-+ __vmread(GUEST_PENDING_DBG_EXCEPTIONS, &pending_dbg);
-+ __vmwrite(GUEST_PENDING_DBG_EXCEPTIONS,
-+ pending_dbg | DR_STEP);
-+ }
-+ }
-+
- if ( !v->domain->debugger_attached )
- {
- unsigned long insn_len = 0;
diff --git a/main/xen/xsa309.patch b/main/xen/xsa309.patch
deleted file mode 100644
index 8bd9237c6c..0000000000
--- a/main/xen/xsa309.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 523e3974ed2213719a19218f5b246e382ceef18a Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Wed, 30 Oct 2019 17:05:28 +0000
-Subject: [PATCH] x86/mm: Don't reset linear_pt_count on partial validation
-
-"Linear pagetables" is a technique which involves either pointing a
-pagetable at itself, or to another pagetable the same or higher level.
-Xen has limited support for linear pagetables: A page may either point
-to itself, or point to another page of the same level (i.e., L2 to L2,
-L3 to L3, and so on).
-
-XSA-240 introduced an additional restriction that limited the "depth"
-of such chains by allowing pages to either *point to* other pages of
-the same level, or *be pointed to* by other pages of the same level,
-but not both. To implement this, we keep track of the number of
-outstanding times a page points to or is pointed to another page
-table, to prevent both from happening at the same time.
-
-Unfortunately, the original commit introducing this reset this count
-when resuming validation of a partially-validated pagetable, dropping
-some "linear_pt_entry" counts.
-
-On debug builds on systems where guests used this feature, this might
-lead to crashes that look like this:
-
- Assertion 'oc > 0' failed at mm.c:874
-
-Worse, if an attacker could engineer such a situation to occur, they
-might be able to make loops or other abitrary chains of linear
-pagetables, leading to the denial-of-service situation outlined in
-XSA-240.
-
-This is XSA-309.
-
-Reported-by: Manuel Bouyer <bouyer@antioche.eu.org>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
- xen/arch/x86/mm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index 7d4dd80a85..01393fb0da 100644
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3059,8 +3059,8 @@ static int _get_page_type(struct page_info *page, unsigned long type,
- {
- page->nr_validated_ptes = 0;
- page->partial_flags = 0;
-+ page->linear_pt_count = 0;
- }
-- page->linear_pt_count = 0;
- rc = alloc_page_type(page, type, preemptible);
- }
-
---
-2.24.0
-
diff --git a/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch b/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch
deleted file mode 100644
index 3eb3533f6b..0000000000
--- a/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-From 7c537dc8d28a03064a14171ed5c6fc329531816a Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Tue, 19 Nov 2019 11:40:34 +0000
-Subject: [PATCH 1/3] x86/mm: Set old_guest_table when destroying vcpu
- pagetables
-
-Changeset 6c4efc1eba ("x86/mm: Don't drop a type ref unless you held a
-ref to begin with"), part of XSA-299, changed the calling discipline
-of put_page_type() such that if put_page_type() returned -ERESTART
-(indicating a partially de-validated page), subsequent calls to
-put_page_type() must be called with PTF_partial_set. If called on a
-partially de-validated page but without PTF_partial_set, Xen will
-BUG(), because to do otherwise would risk opening up the kind of
-privilege escalation bug described in XSA-299.
-
-One place this was missed was in vcpu_destroy_pagetables().
-put_page_and_type_preemptible() is called, but on -ERESTART, the
-entire operation is simply restarted, causing put_page_type() to be
-called on a partially de-validated page without PTF_partial_set. The
-result was that if such an operation were interrupted, Xen would hit a
-BUG().
-
-Fix this by having vcpu_destroy_pagetables() consistently pass off
-interrupted de-validations to put_old_page_type():
-- Unconditionally clear references to the page, even if
- put_page_and_type failed
-- Set old_guest_table and old_guest_table_partial appropriately
-
-While here, do some refactoring:
-
- - Move clearing of arch.cr3 to the top of the function
-
- - Now that clearing is unconditional, move the unmap to the same
- conditional as the l4tab mapping. This also allows us to reduce
- the scope of the l4tab variable.
-
- - Avoid code duplication by looping to drop references on
- guest_table_user
-
-This is part of XSA-310.
-
-Reported-by: Sarah Newman <srn@prgmr.com>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
-Added in v2.
-
-Changes in v3:
-- Minor comment / whitespace fixes
----
- xen/arch/x86/mm.c | 75 +++++++++++++++++++++++++++++------------------
- 1 file changed, 47 insertions(+), 28 deletions(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index 01393fb0da..a759afc9e3 100644
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -3142,40 +3142,36 @@ int put_old_guest_table(struct vcpu *v)
- int vcpu_destroy_pagetables(struct vcpu *v)
- {
- unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
-- struct page_info *page;
-- l4_pgentry_t *l4tab = NULL;
-+ struct page_info *page = NULL;
- int rc = put_old_guest_table(v);
-+ bool put_guest_table_user = false;
-
- if ( rc )
- return rc;
-
-+ v->arch.cr3 = 0;
-+
-+ /*
-+ * Get the top-level guest page; either the guest_table itself, for
-+ * 64-bit, or the top-level l4 entry for 32-bit. Either way, remove
-+ * the reference to that page.
-+ */
- if ( is_pv_32bit_vcpu(v) )
- {
-- l4tab = map_domain_page(_mfn(mfn));
-- mfn = l4e_get_pfn(*l4tab);
-- }
-+ l4_pgentry_t *l4tab = map_domain_page(_mfn(mfn));
-
-- if ( mfn )
-- {
-- page = mfn_to_page(_mfn(mfn));
-- if ( paging_mode_refcounts(v->domain) )
-- put_page(page);
-- else
-- rc = put_page_and_type_preemptible(page);
-- }
--
-- if ( l4tab )
-- {
-- if ( !rc )
-- l4e_write(l4tab, l4e_empty());
-+ mfn = l4e_get_pfn(*l4tab);
-+ l4e_write(l4tab, l4e_empty());
- unmap_domain_page(l4tab);
- }
-- else if ( !rc )
-+ else
- {
- v->arch.guest_table = pagetable_null();
-+ put_guest_table_user = true;
-+ }
-
-- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
-- mfn = pagetable_get_pfn(v->arch.guest_table_user);
-+ /* Free that page if non-zero */
-+ do {
- if ( mfn )
- {
- page = mfn_to_page(_mfn(mfn));
-@@ -3183,18 +3179,41 @@ int vcpu_destroy_pagetables(struct vcpu *v)
- put_page(page);
- else
- rc = put_page_and_type_preemptible(page);
-+ mfn = 0;
- }
-- if ( !rc )
-- v->arch.guest_table_user = pagetable_null();
-- }
-
-- v->arch.cr3 = 0;
-+ if ( !rc && put_guest_table_user )
-+ {
-+ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */
-+ mfn = pagetable_get_pfn(v->arch.guest_table_user);
-+ v->arch.guest_table_user = pagetable_null();
-+ put_guest_table_user = false;
-+ }
-+ } while ( mfn );
-
- /*
-- * put_page_and_type_preemptible() is liable to return -EINTR. The
-- * callers of us expect -ERESTART so convert it over.
-+ * If a "put" operation was interrupted, finish things off in
-+ * put_old_guest_table() when the operation is restarted.
- */
-- return rc != -EINTR ? rc : -ERESTART;
-+ switch ( rc )
-+ {
-+ case -EINTR:
-+ case -ERESTART:
-+ v->arch.old_guest_ptpg = NULL;
-+ v->arch.old_guest_table = page;
-+ v->arch.old_guest_table_partial = (rc == -ERESTART);
-+ rc = -ERESTART;
-+ break;
-+ default:
-+ /*
-+ * Failure to 'put' a page may cause it to leak, but that's
-+ * less bad than a crash.
-+ */
-+ ASSERT(rc == 0);
-+ break;
-+ }
-+
-+ return rc;
- }
-
- int new_guest_cr3(mfn_t mfn)
---
-2.24.0
-
diff --git a/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch b/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch
deleted file mode 100644
index 12c04e40cd..0000000000
--- a/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 128cb126aee9b4a2855ab898fdfbfe7009fbf1f5 Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Thu, 31 Oct 2019 11:17:38 +0000
-Subject: [PATCH 2/3] x86/mm: alloc/free_lN_table: Retain partial_flags on
- -EINTR
-
-When validating or de-validating pages (in alloc_lN_table and
-free_lN_table respectively), the `partial_flags` local variable is
-used to keep track of whether the "current" PTE started the entire
-operation in a "may be partial" state.
-
-One of the patches in XSA-299 addressed the fact that it is possible
-for a previously-partially-validated entry to subsequently be found to
-have invalid entries (indicated by returning -EINVAL); in which case
-page->partial_flags needs to be set to indicate that the current PTE
-may have the partial bit set (and thus _put_page_type() should be
-called with PTF_partial_set).
-
-Unfortunately, the patches in XSA-299 assumed that once
-put_page_from_lNe() returned -ERESTART on a page, it was not possible
-for it to return -EINTR. This turns out to be true for
-alloc_lN_table() and free_lN_table, but not for _get_page_type() and
-_put_page_type(): both can return -EINTR when called on pages with
-PGT_partial set. In these cases, the pages PGT_partial will still be
-set; failing to set partial_flags appropriately may allow an attacker
-to do a privilege escalation similar to those described in XSA-299.
-
-Fix this by always copying the local partial_flags variable into
-page->partial_flags when exiting early.
-
-NB that on the "get" side, no adjustment to nr_validated_entries is
-needed: whether pte[i] is partially validated or entirely
-un-validated, we want nr_validated_entries = i. On the "put" side,
-however, we need to adjust nr_validated_entries appropriately: if
-pte[i] is entirely validated, we want nr_validated_entries = i + 1; if
-pte[i] is partially validated, we want nr_validated_entries = i.
-
-This is part of XSA-310.
-
-Reported-by: Sarah Newman <srn@prgmr.com>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
----
- xen/arch/x86/mm.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
-index a759afc9e3..97c8d73b7b 100644
---- a/xen/arch/x86/mm.c
-+++ b/xen/arch/x86/mm.c
-@@ -1557,7 +1557,7 @@ static int alloc_l2_table(struct page_info *page, unsigned long type)
- if ( rc == -EINTR && i )
- {
- page->nr_validated_ptes = i;
-- page->partial_flags = 0;
-+ page->partial_flags = partial_flags;;
- rc = -ERESTART;
- }
- else if ( rc < 0 && rc != -EINTR )
-@@ -1660,7 +1660,7 @@ static int alloc_l3_table(struct page_info *page)
- else if ( rc == -EINTR && i )
- {
- page->nr_validated_ptes = i;
-- page->partial_flags = 0;
-+ page->partial_flags = partial_flags;
- rc = -ERESTART;
- }
- if ( rc < 0 )
-@@ -1982,8 +1982,8 @@ static int free_l2_table(struct page_info *page)
- }
- else if ( rc == -EINTR && i < L2_PAGETABLE_ENTRIES - 1 )
- {
-- page->nr_validated_ptes = i + 1;
-- page->partial_flags = 0;
-+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set);
-+ page->partial_flags = partial_flags;
- rc = -ERESTART;
- }
-
-@@ -2030,8 +2030,8 @@ static int free_l3_table(struct page_info *page)
- }
- else if ( rc == -EINTR && i < L3_PAGETABLE_ENTRIES - 1 )
- {
-- page->nr_validated_ptes = i + 1;
-- page->partial_flags = 0;
-+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set);
-+ page->partial_flags = partial_flags;
- rc = -ERESTART;
- }
- return rc > 0 ? 0 : rc;
-@@ -2061,8 +2061,8 @@ static int free_l4_table(struct page_info *page)
- }
- else if ( rc == -EINTR && i < L4_PAGETABLE_ENTRIES - 1 )
- {
-- page->nr_validated_ptes = i + 1;
-- page->partial_flags = 0;
-+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set);
-+ page->partial_flags = partial_flags;
- rc = -ERESTART;
- }
-
---
-2.24.0
-
diff --git a/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch b/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch
deleted file mode 100644
index 9ee423889f..0000000000
--- a/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From e9f835982a726ae16997c566b5eafab74f8b4cb7 Mon Sep 17 00:00:00 2001
-From: George Dunlap <george.dunlap@citrix.com>
-Date: Mon, 28 Oct 2019 14:33:51 +0000
-Subject: [PATCH 3/3] x86/mm: relinquish_memory: Grab an extra type ref when
- setting PGT_partial
-
-The PGT_partial bit in page->type_info holds both a type count and a
-general ref count. During domain tear-down, when free_page_type()
-returns -ERESTART, relinquish_memory() correctly handles the general
-ref count, but fails to grab an extra type count when setting
-PGT_partial. When this bit is eventually cleared, type_count underflows
-and triggers the following BUG in page_alloc.c:free_domheap_pages():
-
- BUG_ON((pg[i].u.inuse.type_info & PGT_count_mask) != 0);
-
-As far as we can tell, this page underflow cannot be exploited any any
-other way: The page can't be used as a pagetable by the dying domain
-because it's dying; it can't be used as a pagetable by any other
-domain since it belongs to the dying domain; and ownership can't
-transfer to any other domain without hitting the BUG_ON() in
-free_domheap_pages().
-
-(steal_page() won't work on a page in this state, since it requires
-PGC_allocated to be set, and PGC_allocated will already have been
-cleared.)
-
-Fix this by grabbing an extra type ref if setting PGT_partial in
-relinquish_memory.
-
-This is part of XSA-310.
-
-Reported-by: Sarah Newman <srn@prgmr.com>
-Signed-off-by: George Dunlap <george.dunlap@citrix.com>
-Acked-by: Jan Beulich <jbeulich@suse.com>
----
-v2:
-- Move discussion of potential exploits into the commit message
-- Keep PGT_partial and put_page() ordering
----
- xen/arch/x86/domain.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
-index f1dd86e12e..51880fc50d 100644
---- a/xen/arch/x86/domain.c
-+++ b/xen/arch/x86/domain.c
-@@ -2049,6 +2049,25 @@ static int relinquish_memory(
- goto out;
- case -ERESTART:
- page_list_add(page, list);
-+ /*
-+ * PGT_partial holds a type ref and a general ref.
-+ * If we came in with PGT_partial set, then we 1)
-+ * don't need to grab an extra type count, and 2)
-+ * do need to drop the extra page ref we grabbed
-+ * at the top of the loop. If we didn't come in
-+ * with PGT_partial set, we 1) do need to drab an
-+ * extra type count, but 2) can transfer the page
-+ * ref we grabbed above to it.
-+ *
-+ * Note that we must increment type_info before
-+ * setting PGT_partial. Theoretically it should
-+ * be safe to drop the page ref before setting
-+ * PGT_partial, but do it afterwards just to be
-+ * extra safe.
-+ */
-+ if ( !(x & PGT_partial) )
-+ page->u.inuse.type_info++;
-+ smp_wmb();
- page->u.inuse.type_info |= PGT_partial;
- if ( x & PGT_partial )
- put_page(page);
---
-2.24.0
-
diff --git a/main/xen/xsa311-4.11.patch b/main/xen/xsa311-4.11.patch
deleted file mode 100644
index a4cc83729b..0000000000
--- a/main/xen/xsa311-4.11.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-From: Andrew Cooper <andrew.cooper3@citrix.com>
-Subject: AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables
-
-update_paging_mode() has multiple bugs:
-
- 1) Booting with iommu=debug will cause it to inform you that that it called
- without the pdev_list lock held.
- 2) When growing by more than a single level, it leaks the newly allocated
- table(s) in the case of a further error.
-
-Furthermore, the choice of default level for a domain has issues:
-
- 1) All HVM guests grow from 2 to 3 levels during construction because of the
- position of the VRAM just below the 4G boundary, so defaulting to 2 is a
- waste of effort.
- 2) The limit for PV guests doesn't take memory hotplug into account, and
- isn't dynamic at runtime like HVM guests. This means that a PV guest may
- get RAM which it can't map in the IOMMU.
-
-The dynamic height is a property unique to AMD, and adds a substantial
-quantity of complexity for what is a marginal performance improvement. Remove
-the complexity by removing the dynamic height.
-
-PV guests now get 3 or 4 levels based on any hotplug regions in the host.
-This only makes a difference for hardware which previously had all RAM below
-the 512G boundary, and a hotplug region above.
-
-HVM guests now get 4 levels (which will be sufficient until 256TB guests
-become a thing), because we don't currently have the information to know when
-3 would be safe to use.
-
-The overhead of this extra level is not expected to be noticeable. It costs
-one page (4k) per domain, and one extra IO-TLB paging structure cache entry
-which is very hot and less likely to be evicted.
-
-This is XSA-311.
-
-Reported-by: XXX PERSON <XXX EMAIL>3
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Acked-by: Jan Beulich <jbeulich@suse.com>
-
---- a/xen/drivers/passthrough/amd/iommu_map.c
-+++ b/xen/drivers/passthrough/amd/iommu_map.c
-@@ -569,97 +569,6 @@ static int iommu_pde_from_gfn(struct dom
- return 0;
- }
-
--static int update_paging_mode(struct domain *d, unsigned long gfn)
--{
-- u16 bdf;
-- void *device_entry;
-- unsigned int req_id, level, offset;
-- unsigned long flags;
-- struct pci_dev *pdev;
-- struct amd_iommu *iommu = NULL;
-- struct page_info *new_root = NULL;
-- struct page_info *old_root = NULL;
-- void *new_root_vaddr;
-- unsigned long old_root_mfn;
-- struct domain_iommu *hd = dom_iommu(d);
--
-- if ( gfn == gfn_x(INVALID_GFN) )
-- return -EADDRNOTAVAIL;
-- ASSERT(!(gfn >> DEFAULT_DOMAIN_ADDRESS_WIDTH));
--
-- level = hd->arch.paging_mode;
-- old_root = hd->arch.root_table;
-- offset = gfn >> (PTE_PER_TABLE_SHIFT * (level - 1));
--
-- ASSERT(spin_is_locked(&hd->arch.mapping_lock) && is_hvm_domain(d));
--
-- while ( offset >= PTE_PER_TABLE_SIZE )
-- {
-- /* Allocate and install a new root table.
-- * Only upper I/O page table grows, no need to fix next level bits */
-- new_root = alloc_amd_iommu_pgtable();
-- if ( new_root == NULL )
-- {
-- AMD_IOMMU_DEBUG("%s Cannot allocate I/O page table\n",
-- __func__);
-- return -ENOMEM;
-- }
--
-- new_root_vaddr = __map_domain_page(new_root);
-- old_root_mfn = mfn_x(page_to_mfn(old_root));
-- set_iommu_pde_present(new_root_vaddr, old_root_mfn, level,
-- !!IOMMUF_writable, !!IOMMUF_readable);
-- level++;
-- old_root = new_root;
-- offset >>= PTE_PER_TABLE_SHIFT;
-- unmap_domain_page(new_root_vaddr);
-- }
--
-- if ( new_root != NULL )
-- {
-- hd->arch.paging_mode = level;
-- hd->arch.root_table = new_root;
--
-- if ( !pcidevs_locked() )
-- AMD_IOMMU_DEBUG("%s Try to access pdev_list "
-- "without aquiring pcidevs_lock.\n", __func__);
--
-- /* Update device table entries using new root table and paging mode */
-- for_each_pdev( d, pdev )
-- {
-- bdf = PCI_BDF2(pdev->bus, pdev->devfn);
-- iommu = find_iommu_for_device(pdev->seg, bdf);
-- if ( !iommu )
-- {
-- AMD_IOMMU_DEBUG("%s Fail to find iommu.\n", __func__);
-- return -ENODEV;
-- }
--
-- spin_lock_irqsave(&iommu->lock, flags);
-- do {
-- req_id = get_dma_requestor_id(pdev->seg, bdf);
-- device_entry = iommu->dev_table.buffer +
-- (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE);
--
-- /* valid = 0 only works for dom0 passthrough mode */
-- amd_iommu_set_root_page_table((u32 *)device_entry,
-- page_to_maddr(hd->arch.root_table),
-- d->domain_id,
-- hd->arch.paging_mode, 1);
--
-- amd_iommu_flush_device(iommu, req_id);
-- bdf += pdev->phantom_stride;
-- } while ( PCI_DEVFN2(bdf) != pdev->devfn &&
-- PCI_SLOT(bdf) == PCI_SLOT(pdev->devfn) );
-- spin_unlock_irqrestore(&iommu->lock, flags);
-- }
--
-- /* For safety, invalidate all entries */
-- amd_iommu_flush_all_pages(d);
-- }
-- return 0;
--}
--
- int amd_iommu_map_page(struct domain *d, unsigned long gfn, unsigned long mfn,
- unsigned int flags)
- {
-@@ -685,19 +594,6 @@ int amd_iommu_map_page(struct domain *d,
- return rc;
- }
-
-- /* Since HVM domain is initialized with 2 level IO page table,
-- * we might need a deeper page table for lager gfn now */
-- if ( is_hvm_domain(d) )
-- {
-- if ( update_paging_mode(d, gfn) )
-- {
-- spin_unlock(&hd->arch.mapping_lock);
-- AMD_IOMMU_DEBUG("Update page mode failed gfn = %lx\n", gfn);
-- domain_crash(d);
-- return -EFAULT;
-- }
-- }
--
- if ( iommu_pde_from_gfn(d, gfn, pt_mfn, true) || (pt_mfn[1] == 0) )
- {
- spin_unlock(&hd->arch.mapping_lock);
---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c
-+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c
-@@ -242,11 +242,17 @@ static int amd_iommu_domain_init(struct
- {
- struct domain_iommu *hd = dom_iommu(d);
-
-- /* For pv and dom0, stick with get_paging_mode(max_page)
-- * For HVM dom0, use 2 level page table at first */
-- hd->arch.paging_mode = is_hvm_domain(d) ?
-- IOMMU_PAGING_MODE_LEVEL_2 :
-- get_paging_mode(max_page);
-+ /*
-+ * Choose the number of levels for the IOMMU page tables.
-+ * - PV needs 3 or 4, depending on whether there is RAM (including hotplug
-+ * RAM) above the 512G boundary.
-+ * - HVM could in principle use 3 or 4 depending on how much guest
-+ * physical address space we give it, but this isn't known yet so use 4
-+ * unilaterally.
-+ */
-+ hd->arch.paging_mode = is_hvm_domain(d)
-+ ? IOMMU_PAGING_MODE_LEVEL_4 : get_paging_mode(get_upper_mfn_bound());
-+
- return 0;
- }
-
diff --git a/main/xen/xsa313-1.patch b/main/xen/xsa313-1.patch
deleted file mode 100644
index 95fde7ead4..0000000000
--- a/main/xen/xsa313-1.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: xenoprof: clear buffer intended to be shared with guests
-
-alloc_xenheap_pages() making use of MEMF_no_scrub is fine for Xen
-internally used allocations, but buffers allocated to be shared with
-(unpriviliged) guests need to be zapped of their prior content.
-
-This is part of XSA-313.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Wei Liu <wl@xen.org>
-
---- a/xen/common/xenoprof.c
-+++ b/xen/common/xenoprof.c
-@@ -253,6 +253,9 @@ static int alloc_xenoprof_struct(
- return -ENOMEM;
- }
-
-+ for ( i = 0; i < npages; ++i )
-+ clear_page(d->xenoprof->rawbuf + i * PAGE_SIZE);
-+
- d->xenoprof->npages = npages;
- d->xenoprof->nbuf = nvcpu;
- d->xenoprof->bufsize = bufsize;
diff --git a/main/xen/xsa313-2.patch b/main/xen/xsa313-2.patch
deleted file mode 100644
index d81b8232d2..0000000000
--- a/main/xen/xsa313-2.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: xenoprof: limit consumption of shared buffer data
-
-Since a shared buffer can be written to by the guest, we may only read
-the head and tail pointers from there (all other fields should only ever
-be written to). Furthermore, for any particular operation the two values
-must be read exactly once, with both checks and consumption happening
-with the thus read values. (The backtrace related xenoprof_buf_space()
-use in xenoprof_log_event() is an exception: The values used there get
-re-checked by every subsequent xenoprof_add_sample().)
-
-Since that code needed touching, also fix the double increment of the
-lost samples count in case the backtrace related xenoprof_add_sample()
-invocation in xenoprof_log_event() fails.
-
-Where code is being touched anyway, add const as appropriate, but take
-the opportunity to entirely drop the now unused domain parameter of
-xenoprof_buf_space().
-
-This is part of XSA-313.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: George Dunlap <george.dunlap@citrix.com>
-Reviewed-by: Wei Liu <wl@xen.org>
-
---- a/xen/common/xenoprof.c
-+++ b/xen/common/xenoprof.c
-@@ -479,25 +479,22 @@ static int add_passive_list(XEN_GUEST_HA
-
-
- /* Get space in the buffer */
--static int xenoprof_buf_space(struct domain *d, xenoprof_buf_t * buf, int size)
-+static int xenoprof_buf_space(int head, int tail, int size)
- {
-- int head, tail;
--
-- head = xenoprof_buf(d, buf, event_head);
-- tail = xenoprof_buf(d, buf, event_tail);
--
- return ((tail > head) ? 0 : size) + tail - head - 1;
- }
-
- /* Check for space and add a sample. Return 1 if successful, 0 otherwise. */
--static int xenoprof_add_sample(struct domain *d, xenoprof_buf_t *buf,
-+static int xenoprof_add_sample(const struct domain *d,
-+ const struct xenoprof_vcpu *v,
- uint64_t eip, int mode, int event)
- {
-+ xenoprof_buf_t *buf = v->buffer;
- int head, tail, size;
-
- head = xenoprof_buf(d, buf, event_head);
- tail = xenoprof_buf(d, buf, event_tail);
-- size = xenoprof_buf(d, buf, event_size);
-+ size = v->event_size;
-
- /* make sure indexes in shared buffer are sane */
- if ( (head < 0) || (head >= size) || (tail < 0) || (tail >= size) )
-@@ -506,7 +503,7 @@ static int xenoprof_add_sample(struct do
- return 0;
- }
-
-- if ( xenoprof_buf_space(d, buf, size) > 0 )
-+ if ( xenoprof_buf_space(head, tail, size) > 0 )
- {
- xenoprof_buf(d, buf, event_log[head].eip) = eip;
- xenoprof_buf(d, buf, event_log[head].mode) = mode;
-@@ -530,7 +527,6 @@ static int xenoprof_add_sample(struct do
- int xenoprof_add_trace(struct vcpu *vcpu, uint64_t pc, int mode)
- {
- struct domain *d = vcpu->domain;
-- xenoprof_buf_t *buf = d->xenoprof->vcpu[vcpu->vcpu_id].buffer;
-
- /* Do not accidentally write an escape code due to a broken frame. */
- if ( pc == XENOPROF_ESCAPE_CODE )
-@@ -539,7 +535,8 @@ int xenoprof_add_trace(struct vcpu *vcpu
- return 0;
- }
-
-- return xenoprof_add_sample(d, buf, pc, mode, 0);
-+ return xenoprof_add_sample(d, &d->xenoprof->vcpu[vcpu->vcpu_id],
-+ pc, mode, 0);
- }
-
- void xenoprof_log_event(struct vcpu *vcpu, const struct cpu_user_regs *regs,
-@@ -570,17 +567,22 @@ void xenoprof_log_event(struct vcpu *vcp
- /* Provide backtrace if requested. */
- if ( backtrace_depth > 0 )
- {
-- if ( (xenoprof_buf_space(d, buf, v->event_size) < 2) ||
-- !xenoprof_add_sample(d, buf, XENOPROF_ESCAPE_CODE, mode,
-- XENOPROF_TRACE_BEGIN) )
-+ if ( xenoprof_buf_space(xenoprof_buf(d, buf, event_head),
-+ xenoprof_buf(d, buf, event_tail),
-+ v->event_size) < 2 )
- {
- xenoprof_buf(d, buf, lost_samples)++;
- lost_samples++;
- return;
- }
-+
-+ /* xenoprof_add_sample() will increment lost_samples on failure */
-+ if ( !xenoprof_add_sample(d, v, XENOPROF_ESCAPE_CODE, mode,
-+ XENOPROF_TRACE_BEGIN) )
-+ return;
- }
-
-- if ( xenoprof_add_sample(d, buf, pc, mode, event) )
-+ if ( xenoprof_add_sample(d, v, pc, mode, event) )
- {
- if ( is_active(vcpu->domain) )
- active_samples++;
---- a/xen/include/xen/xenoprof.h
-+++ b/xen/include/xen/xenoprof.h
-@@ -61,12 +61,12 @@ struct xenoprof {
-
- #ifndef CONFIG_COMPAT
- #define XENOPROF_COMPAT(x) 0
--#define xenoprof_buf(d, b, field) ((b)->field)
-+#define xenoprof_buf(d, b, field) ACCESS_ONCE((b)->field)
- #else
- #define XENOPROF_COMPAT(x) ((x)->is_compat)
--#define xenoprof_buf(d, b, field) (*(!(d)->xenoprof->is_compat ? \
-- &(b)->native.field : \
-- &(b)->compat.field))
-+#define xenoprof_buf(d, b, field) ACCESS_ONCE(*(!(d)->xenoprof->is_compat \
-+ ? &(b)->native.field \
-+ : &(b)->compat.field))
- #endif
-
- struct domain;
diff --git a/main/xen/xsa314-4.13.patch b/main/xen/xsa314-4.13.patch
deleted file mode 100644
index 67e006681e..0000000000
--- a/main/xen/xsa314-4.13.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From ab49f005f7d01d4004d76f2e295d31aca7d4f93a Mon Sep 17 00:00:00 2001
-From: Julien Grall <jgrall@amazon.com>
-Date: Thu, 20 Feb 2020 20:54:40 +0000
-Subject: [PATCH] xen/rwlock: Add missing memory barrier in the unlock path of
- rwlock
-
-The rwlock unlock paths are using atomic_sub() to release the lock.
-However the implementation of atomic_sub() rightfully doesn't contain a
-memory barrier. On Arm, this means a processor is allowed to re-order
-the memory access with the preceeding access.
-
-In other words, the unlock may be seen by another processor before all
-the memory accesses within the "critical" section.
-
-The rwlock paths already contains barrier indirectly, but they are not
-very useful without the counterpart in the unlock paths.
-
-The memory barriers are not necessary on x86 because loads/stores are
-not re-ordered with lock instructions.
-
-So add arch_lock_release_barrier() in the unlock paths that will only
-add memory barrier on Arm.
-
-Take the opportunity to document each lock paths explaining why a
-barrier is not necessary.
-
-This is XSA-314.
-
-Signed-off-by: Julien Grall <jgrall@amazon.com>
-Reviewed-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
-
----
- xen/include/xen/rwlock.h | 29 ++++++++++++++++++++++++++++-
- 1 file changed, 28 insertions(+), 1 deletion(-)
-
-diff --git a/xen/include/xen/rwlock.h b/xen/include/xen/rwlock.h
-index 3dfea1ac2a..516486306f 100644
---- a/xen/include/xen/rwlock.h
-+++ b/xen/include/xen/rwlock.h
-@@ -48,6 +48,10 @@ static inline int _read_trylock(rwlock_t *lock)
- if ( likely(!(cnts & _QW_WMASK)) )
- {
- cnts = (u32)atomic_add_return(_QR_BIAS, &lock->cnts);
-+ /*
-+ * atomic_add_return() is a full barrier so no need for an
-+ * arch_lock_acquire_barrier().
-+ */
- if ( likely(!(cnts & _QW_WMASK)) )
- return 1;
- atomic_sub(_QR_BIAS, &lock->cnts);
-@@ -64,11 +68,19 @@ static inline void _read_lock(rwlock_t *lock)
- u32 cnts;
-
- cnts = atomic_add_return(_QR_BIAS, &lock->cnts);
-+ /*
-+ * atomic_add_return() is a full barrier so no need for an
-+ * arch_lock_acquire_barrier().
-+ */
- if ( likely(!(cnts & _QW_WMASK)) )
- return;
-
- /* The slowpath will decrement the reader count, if necessary. */
- queue_read_lock_slowpath(lock);
-+ /*
-+ * queue_read_lock_slowpath() is using spinlock and therefore is a
-+ * full barrier. So no need for an arch_lock_acquire_barrier().
-+ */
- }
-
- static inline void _read_lock_irq(rwlock_t *lock)
-@@ -92,6 +104,7 @@ static inline unsigned long _read_lock_irqsave(rwlock_t *lock)
- */
- static inline void _read_unlock(rwlock_t *lock)
- {
-+ arch_lock_release_barrier();
- /*
- * Atomically decrement the reader count
- */
-@@ -121,11 +134,20 @@ static inline int _rw_is_locked(rwlock_t *lock)
- */
- static inline void _write_lock(rwlock_t *lock)
- {
-- /* Optimize for the unfair lock case where the fair flag is 0. */
-+ /*
-+ * Optimize for the unfair lock case where the fair flag is 0.
-+ *
-+ * atomic_cmpxchg() is a full barrier so no need for an
-+ * arch_lock_acquire_barrier().
-+ */
- if ( atomic_cmpxchg(&lock->cnts, 0, _QW_LOCKED) == 0 )
- return;
-
- queue_write_lock_slowpath(lock);
-+ /*
-+ * queue_write_lock_slowpath() is using spinlock and therefore is a
-+ * full barrier. So no need for an arch_lock_acquire_barrier().
-+ */
- }
-
- static inline void _write_lock_irq(rwlock_t *lock)
-@@ -157,11 +179,16 @@ static inline int _write_trylock(rwlock_t *lock)
- if ( unlikely(cnts) )
- return 0;
-
-+ /*
-+ * atomic_cmpxchg() is a full barrier so no need for an
-+ * arch_lock_acquire_barrier().
-+ */
- return likely(atomic_cmpxchg(&lock->cnts, 0, _QW_LOCKED) == 0);
- }
-
- static inline void _write_unlock(rwlock_t *lock)
- {
-+ arch_lock_release_barrier();
- /*
- * If the writer field is atomic, it can be cleared directly.
- * Otherwise, an atomic subtraction will be used to clear it.
---
-2.17.1
-
diff --git a/main/xen/xsa316-xen.patch b/main/xen/xsa316-xen.patch
deleted file mode 100644
index 4962b4e716..0000000000
--- a/main/xen/xsa316-xen.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Ross Lagerwall <ross.lagerwall@citrix.com>
-Subject: xen/gnttab: Fix error path in map_grant_ref()
-
-Part of XSA-295 (c/s 863e74eb2cffb) inadvertently re-positioned the brackets,
-changing the logic. If the _set_status() call fails, the grant_map hypercall
-would fail with a status of 1 (rc != GNTST_okay) instead of the expected
-negative GNTST_* error.
-
-This error path can be taken due to bad guest state, and causes net/blk-back
-in Linux to crash.
-
-This is XSA-316.
-
-Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
-Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-Reviewed-by: Julien Grall <jgrall@amazon.com>
-
-diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
-index 9fd6e60416..4b5344dc21 100644
---- a/xen/common/grant_table.c
-+++ b/xen/common/grant_table.c
-@@ -1031,7 +1031,7 @@ map_grant_ref(
- {
- if ( (rc = _set_status(shah, status, rd, rgt->gt_version, act,
- op->flags & GNTMAP_readonly, 1,
-- ld->domain_id) != GNTST_okay) )
-+ ld->domain_id)) != GNTST_okay )
- goto act_release_out;
-
- if ( !act->pin )
diff --git a/main/xen/xsa317.patch b/main/xen/xsa317.patch
new file mode 100644
index 0000000000..20e2c643d0
--- /dev/null
+++ b/main/xen/xsa317.patch
@@ -0,0 +1,50 @@
+From aeb46e92f915f19a61d5a8a1f4b696793f64e6fb Mon Sep 17 00:00:00 2001
+From: Julien Grall <jgrall@amazon.com>
+Date: Thu, 19 Mar 2020 13:17:31 +0000
+Subject: [PATCH] xen/common: event_channel: Don't ignore error in
+ get_free_port()
+
+Currently, get_free_port() is assuming that the port has been allocated
+when evtchn_allocate_port() is not return -EBUSY.
+
+However, the function may return an error when:
+ - We exhausted all the event channels. This can happen if the limit
+ configured by the administrator for the guest ('max_event_channels'
+ in xl cfg) is higher than the ABI used by the guest. For instance,
+ if the guest is using 2L, the limit should not be higher than 4095.
+ - We cannot allocate memory (e.g Xen has not more memory).
+
+Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly
+assuming the port was valid and will next call evtchn_from_port(). This
+will result to a crash as the memory backing the event channel structure
+is not present.
+
+Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU")
+Signed-off-by: Julien Grall <jgrall@amazon.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+---
+ xen/common/event_channel.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c
+index e86e2bfab0..a8d182b584 100644
+--- a/xen/common/event_channel.c
++++ b/xen/common/event_channel.c
+@@ -195,10 +195,10 @@ static int get_free_port(struct domain *d)
+ {
+ int rc = evtchn_allocate_port(d, port);
+
+- if ( rc == -EBUSY )
+- continue;
+-
+- return port;
++ if ( rc == 0 )
++ return port;
++ else if ( rc != -EBUSY )
++ return rc;
+ }
+
+ return -ENOSPC;
+--
+2.17.1
+
diff --git a/main/xen/xsa318.patch b/main/xen/xsa318.patch
deleted file mode 100644
index f4becdf81e..0000000000
--- a/main/xen/xsa318.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Jan Beulich <jbeulich@suse.com>
-Subject: gnttab: fix GNTTABOP_copy continuation handling
-
-The XSA-226 fix was flawed - the backwards transformation on rc was done
-too early, causing a continuation to not get invoked when the need for
-preemption was determined at the very first iteration of the request.
-This in particular means that all of the status fields of the individual
-operations would be left untouched, i.e. set to whatever the caller may
-or may not have initialized them to.
-
-This is part of XSA-318.
-
-Reported-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
-Tested-by: Pawel Wieczorkiewicz <wipawel@amazon.de>
-Signed-off-by: Jan Beulich <jbeulich@suse.com>
-Reviewed-by: Juergen Gross <jgross@suse.com>
-
---- a/xen/common/grant_table.c
-+++ b/xen/common/grant_table.c
-@@ -3576,8 +3576,7 @@ do_grant_table_op(
- rc = gnttab_copy(copy, count);
- if ( rc > 0 )
- {
-- rc = count - rc;
-- guest_handle_add_offset(copy, rc);
-+ guest_handle_add_offset(copy, count - rc);
- uop = guest_handle_cast(copy, void);
- }
- break;
-@@ -3644,6 +3643,9 @@ do_grant_table_op(
- out:
- if ( rc > 0 || opaque_out != 0 )
- {
-+ /* Adjust rc, see gnttab_copy() for why this is needed. */
-+ if ( cmd == GNTTABOP_copy )
-+ rc = count - rc;
- ASSERT(rc < count);
- ASSERT((opaque_out & GNTTABOP_CMD_MASK) == 0);
- rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, "ihi",
diff --git a/main/xen/xsa319.patch b/main/xen/xsa319.patch
new file mode 100644
index 0000000000..769443c900
--- /dev/null
+++ b/main/xen/xsa319.patch
@@ -0,0 +1,27 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/shadow: correct an inverted conditional in dirty VRAM tracking
+
+This originally was "mfn_x(mfn) == INVALID_MFN". Make it like this
+again, taking the opportunity to also drop the unnecessary nearby
+braces.
+
+This is XSA-319.
+
+Fixes: 246a5a3377c2 ("xen: Use a typesafe to define INVALID_MFN")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+
+--- a/xen/arch/x86/mm/shadow/common.c
++++ b/xen/arch/x86/mm/shadow/common.c
+@@ -3252,10 +3252,8 @@ int shadow_track_dirty_vram(struct domai
+ int dirty = 0;
+ paddr_t sl1ma = dirty_vram->sl1ma[i];
+
+- if ( !mfn_eq(mfn, INVALID_MFN) )
+- {
++ if ( mfn_eq(mfn, INVALID_MFN) )
+ dirty = 1;
+- }
+ else
+ {
+ page = mfn_to_page(mfn);
diff --git a/main/xen/xsa320-4.11-1.patch b/main/xen/xsa320-4.11-1.patch
new file mode 100644
index 0000000000..24daff9944
--- /dev/null
+++ b/main/xen/xsa320-4.11-1.patch
@@ -0,0 +1,133 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling
+
+This is part of XSA-320 / CVE-2020-0543
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Wei Liu <wl@xen.org>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 194615bfc5..9be18ac99f 100644
+--- a/docs/misc/xen-command-line.markdown
++++ b/docs/misc/xen-command-line.markdown
+@@ -489,10 +489,10 @@ accounting for hardware capabilities as enumerated via CPUID.
+
+ Currently accepted:
+
+-The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`,
+-`l1d-flush` and `ssbd` are used by default if available and applicable. They can
+-be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and
+-won't offer them to guests.
++The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
++`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
++applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
++use them itself, and won't offer them to guests.
+
+ ### cpuid\_mask\_cpu (AMD only)
+ > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b`
+diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c
+index 5a1702d703..1235c8b91e 100644
+--- a/tools/libxl/libxl_cpuid.c
++++ b/tools/libxl/libxl_cpuid.c
+@@ -202,6 +202,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str)
+
+ {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1},
+ {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1},
++ {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1},
+ {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1},
+ {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1},
+ {"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1},
+diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c
+index 4c9af6b7f0..8fb54c3001 100644
+--- a/tools/misc/xen-cpuid.c
++++ b/tools/misc/xen-cpuid.c
+@@ -142,6 +142,7 @@ static const char *str_7d0[32] =
+ {
+ [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps",
+
++ /* 8 */ [ 9] = "srbds-ctrl",
+ [10] = "md-clear",
+ /* 12 */ [13] = "tsx-force-abort",
+
+diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
+index 04aefa555d..b8e5b6fe67 100644
+--- a/xen/arch/x86/cpuid.c
++++ b/xen/arch/x86/cpuid.c
+@@ -58,6 +58,11 @@ static int __init parse_xen_cpuid(const char *s)
+ if ( !val )
+ setup_clear_cpu_cap(X86_FEATURE_SSBD);
+ }
++ else if ( (val = parse_boolean("srbds-ctrl", s, ss)) >= 0 )
++ {
++ if ( !val )
++ setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL);
++ }
+ else
+ rc = -EINVAL;
+
+diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
+index ccb316c547..256e58d82b 100644
+--- a/xen/arch/x86/msr.c
++++ b/xen/arch/x86/msr.c
+@@ -154,6 +154,7 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val)
+ /* Write-only */
+ case MSR_TSX_FORCE_ABORT:
+ case MSR_TSX_CTRL:
++ case MSR_MCU_OPT_CTRL:
+ /* Not offered to guests. */
+ goto gp_fault;
+
+@@ -243,6 +244,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
+ /* Read-only */
+ case MSR_TSX_FORCE_ABORT:
+ case MSR_TSX_CTRL:
++ case MSR_MCU_OPT_CTRL:
+ /* Not offered to guests. */
+ goto gp_fault;
+
+diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
+index ab196b156d..94ab8dd786 100644
+--- a/xen/arch/x86/spec_ctrl.c
++++ b/xen/arch/x86/spec_ctrl.c
+@@ -365,12 +365,13 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+ printk("Speculative mitigation facilities:\n");
+
+ /* Hardware features which pertain to speculative mitigations. */
+- printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
++ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
+ (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "",
+ (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "",
+ (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "",
+ (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "",
+ (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "",
++ (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "",
+ (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "",
+ (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "",
+ (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "",
+diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h
+index 1761a01f1f..480d1d8102 100644
+--- a/xen/include/asm-x86/msr-index.h
++++ b/xen/include/asm-x86/msr-index.h
+@@ -177,6 +177,9 @@
+ #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490
+ #define MSR_IA32_VMX_VMFUNC 0x491
+
++#define MSR_MCU_OPT_CTRL 0x00000123
++#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0)
++
+ /* K7/K8 MSRs. Not complete. See the architecture manual for a more
+ complete list. */
+ #define MSR_K7_EVNTSEL0 0xc0010000
+diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h
+index a14d8a7013..9d210e74a0 100644
+--- a/xen/include/public/arch-x86/cpufeatureset.h
++++ b/xen/include/public/arch-x86/cpufeatureset.h
+@@ -242,6 +242,7 @@ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by
+ /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */
+ XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */
+ XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */
++XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */
+ XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */
+ XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */
+ XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */
diff --git a/main/xen/xsa320-4.11-2.patch b/main/xen/xsa320-4.11-2.patch
new file mode 100644
index 0000000000..243ec4c744
--- /dev/null
+++ b/main/xen/xsa320-4.11-2.patch
@@ -0,0 +1,179 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel
+
+See patch documentation and comments.
+
+This is part of XSA-320 / CVE-2020-0543
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 9be18ac99f..3356e59fee 100644
+--- a/docs/misc/xen-command-line.markdown
++++ b/docs/misc/xen-command-line.markdown
+@@ -1858,7 +1858,7 @@ false disable the quirk workaround, which is also the default.
+ ### spec-ctrl (x86)
+ > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>,
+ > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu,
+-> l1d-flush}=<bool> ]`
++> l1d-flush,srb-lock}=<bool> ]`
+
+ Controls for speculative execution sidechannel mitigations. By default, Xen
+ will pick the most appropriate mitigations based on compiled in support,
+@@ -1930,6 +1930,12 @@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to
+ use. By default, Xen will enable this mitigation on hardware believed to be
+ vulnerable to L1TF.
+
++On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force
++or prevent Xen from protect the Special Register Buffer from leaking stale
++data. By default, Xen will enable this mitigation, except on parts where MDS
++is fixed and TAA is fixed/mitigated (in which case, there is believed to be no
++way for an attacker to obtain the stale data).
++
+ ### sync\_console
+ > `= <boolean>`
+
+diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c
+index 4c12794809..30e1bd5cd3 100644
+--- a/xen/arch/x86/acpi/power.c
++++ b/xen/arch/x86/acpi/power.c
+@@ -266,6 +266,9 @@ static int enter_state(u32 state)
+ ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr);
+ spec_ctrl_exit_idle(ci);
+
++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
++
+ done:
+ spin_debug_enable();
+ local_irq_restore(flags);
+diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c
+index 0887806e85..d24d215946 100644
+--- a/xen/arch/x86/smpboot.c
++++ b/xen/arch/x86/smpboot.c
+@@ -369,12 +369,14 @@ void start_secondary(void *unused)
+ microcode_resume_cpu(cpu);
+
+ /*
+- * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard
+- * any firmware settings. Note: MSR_SPEC_CTRL may only become available
+- * after loading microcode.
++ * If any speculative control MSRs are available, apply Xen's default
++ * settings. Note: These MSRs may only become available after loading
++ * microcode.
+ */
+ if ( boot_cpu_has(X86_FEATURE_IBRSB) )
+ wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl);
++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
+
+ tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */
+
+diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c
+index 94ab8dd786..a306d10c34 100644
+--- a/xen/arch/x86/spec_ctrl.c
++++ b/xen/arch/x86/spec_ctrl.c
+@@ -63,6 +63,9 @@ static unsigned int __initdata l1d_maxphysaddr;
+ static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */
+ static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */
+
++static int8_t __initdata opt_srb_lock = -1;
++uint64_t __read_mostly default_xen_mcu_opt_ctrl;
++
+ static int __init parse_bti(const char *s)
+ {
+ const char *ss;
+@@ -166,6 +169,7 @@ static int __init parse_spec_ctrl(const char *s)
+ opt_ibpb = false;
+ opt_ssbd = false;
+ opt_l1d_flush = 0;
++ opt_srb_lock = 0;
+ }
+ else if ( val > 0 )
+ rc = -EINVAL;
+@@ -231,6 +235,8 @@ static int __init parse_spec_ctrl(const char *s)
+ opt_eager_fpu = val;
+ else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 )
+ opt_l1d_flush = val;
++ else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 )
++ opt_srb_lock = val;
+ else
+ rc = -EINVAL;
+
+@@ -394,7 +400,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+ "\n");
+
+ /* Settings for Xen's protection, irrespective of guests. */
+- printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n",
++ printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n",
+ thunk == THUNK_NONE ? "N/A" :
+ thunk == THUNK_RETPOLINE ? "RETPOLINE" :
+ thunk == THUNK_LFENCE ? "LFENCE" :
+@@ -405,6 +411,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps)
+ (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-",
+ !(caps & ARCH_CAPS_TSX_CTRL) ? "" :
+ (opt_tsx & 1) ? " TSX+" : " TSX-",
++ !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" :
++ opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-",
+ opt_ibpb ? " IBPB" : "",
+ opt_l1d_flush ? " L1D_FLUSH" : "",
+ opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : "");
+@@ -1196,6 +1204,34 @@ void __init init_speculation_mitigations(void)
+ tsx_init();
+ }
+
++ /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */
++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++ {
++ uint64_t val;
++
++ rdmsrl(MSR_MCU_OPT_CTRL, val);
++
++ /*
++ * On some SRBDS-affected hardware, it may be safe to relax srb-lock
++ * by default.
++ *
++ * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way
++ * to access the Fill Buffer. If TSX isn't available (inc. SKU
++ * reasons on some models), or TSX is explicitly disabled, then there
++ * is no need for the extra overhead to protect RDRAND/RDSEED.
++ */
++ if ( opt_srb_lock == -1 &&
++ (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO &&
++ (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) )
++ opt_srb_lock = 0;
++
++ val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS;
++ if ( !opt_srb_lock )
++ val |= MCU_OPT_CTRL_RNGDS_MITG_DIS;
++
++ default_xen_mcu_opt_ctrl = val;
++ }
++
+ print_details(thunk, caps);
+
+ /*
+@@ -1227,6 +1263,9 @@ void __init init_speculation_mitigations(void)
+
+ wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl);
+ }
++
++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) )
++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl);
+ }
+
+ static void __init __maybe_unused build_assertions(void)
+diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h
+index 333d180b7e..bf10d2ce5c 100644
+--- a/xen/include/asm-x86/spec_ctrl.h
++++ b/xen/include/asm-x86/spec_ctrl.h
+@@ -46,6 +46,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu;
+ */
+ extern paddr_t l1tf_addr_mask, l1tf_safe_maddr;
+
++extern uint64_t default_xen_mcu_opt_ctrl;
++
+ static inline void init_shadow_spec_ctrl_state(void)
+ {
+ struct cpu_info *info = get_cpu_info();
diff --git a/main/xen/xsa320-4.11-3.patch b/main/xen/xsa320-4.11-3.patch
new file mode 100644
index 0000000000..ff7990b202
--- /dev/null
+++ b/main/xen/xsa320-4.11-3.patch
@@ -0,0 +1,57 @@
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Subject: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden
+
+RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode
+isn't available.
+
+This is part of XSA-320 / CVE-2020-0543.
+
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Acked-by: Julien Grall <jgrall@amazon.com>
+
+diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
+index 3356e59fee..ac397e7de0 100644
+--- a/docs/misc/xen-command-line.markdown
++++ b/docs/misc/xen-command-line.markdown
+@@ -487,12 +487,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels.
+ This option allows for fine tuning of the facilities Xen will use, after
+ accounting for hardware capabilities as enumerated via CPUID.
+
++Unless otherwise noted, options only have any effect in their negative form,
++to hide the named feature(s). Ignoring a feature using this mechanism will
++cause Xen not to use the feature, nor offer them as usable to guests.
++
+ Currently accepted:
+
+ The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`,
+ `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and
+-applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't
+-use them itself, and won't offer them to guests.
++applicable. They can all be ignored.
++
++`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 /
++CVE-2020-0543.
+
+ ### cpuid\_mask\_cpu (AMD only)
+ > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b`
+diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
+index b8e5b6fe67..78d08dbb32 100644
+--- a/xen/arch/x86/cpuid.c
++++ b/xen/arch/x86/cpuid.c
+@@ -63,6 +63,16 @@ static int __init parse_xen_cpuid(const char *s)
+ if ( !val )
+ setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL);
+ }
++ else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 )
++ {
++ if ( !val )
++ setup_clear_cpu_cap(X86_FEATURE_RDRAND);
++ }
++ else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 )
++ {
++ if ( !val )
++ setup_clear_cpu_cap(X86_FEATURE_RDSEED);
++ }
+ else
+ rc = -EINVAL;
+
diff --git a/main/xen/xsa321-4.11-1.patch b/main/xen/xsa321-4.11-1.patch
new file mode 100644
index 0000000000..da52db67f0
--- /dev/null
+++ b/main/xen/xsa321-4.11-1.patch
@@ -0,0 +1,31 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: vtd: improve IOMMU TLB flush
+
+Do not limit PSI flushes to order 0 pages, in order to avoid doing a
+full TLB flush if the passed in page has an order greater than 0 and
+is aligned. Should increase the performance of IOMMU TLB flushes when
+dealing with page orders greater than 0.
+
+This is part of XSA-321.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -612,13 +612,14 @@ static int __must_check iommu_flush_iotl
+ if ( iommu_domid == -1 )
+ continue;
+
+- if ( page_count != 1 || gfn == gfn_x(INVALID_GFN) )
++ if ( !page_count || (page_count & (page_count - 1)) ||
++ gfn == gfn_x(INVALID_GFN) || !IS_ALIGNED(gfn, page_count) )
+ rc = iommu_flush_iotlb_dsi(iommu, iommu_domid,
+ 0, flush_dev_iotlb);
+ else
+ rc = iommu_flush_iotlb_psi(iommu, iommu_domid,
+ (paddr_t)gfn << PAGE_SHIFT_4K,
+- PAGE_ORDER_4K,
++ get_order_from_pages(page_count),
+ !dma_old_pte_present,
+ flush_dev_iotlb);
+
diff --git a/main/xen/xsa321-4.11-2.patch b/main/xen/xsa321-4.11-2.patch
new file mode 100644
index 0000000000..573bd8e742
--- /dev/null
+++ b/main/xen/xsa321-4.11-2.patch
@@ -0,0 +1,175 @@
+From: <security@xenproject.org>
+Subject: vtd: prune (and rename) cache flush functions
+
+Rename __iommu_flush_cache to iommu_sync_cache and remove
+iommu_flush_cache_page. Also remove the iommu_flush_cache_entry
+wrapper and just use iommu_sync_cache instead. Note the _entry suffix
+was meaningless as the wrapper was already taking a size parameter in
+bytes. While there also constify the addr parameter.
+
+No functional change intended.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/extern.h
++++ b/xen/drivers/passthrough/vtd/extern.h
+@@ -37,8 +37,7 @@ void disable_qinval(struct iommu *iommu)
+ int enable_intremap(struct iommu *iommu, int eim);
+ void disable_intremap(struct iommu *iommu);
+
+-void iommu_flush_cache_entry(void *addr, unsigned int size);
+-void iommu_flush_cache_page(void *addr, unsigned long npages);
++void iommu_sync_cache(const void *addr, unsigned int size);
+ int iommu_alloc(struct acpi_drhd_unit *drhd);
+ void iommu_free(struct acpi_drhd_unit *drhd);
+
+--- a/xen/drivers/passthrough/vtd/intremap.c
++++ b/xen/drivers/passthrough/vtd/intremap.c
+@@ -231,7 +231,7 @@ static void free_remap_entry(struct iomm
+ iremap_entries, iremap_entry);
+
+ update_irte(iommu, iremap_entry, &new_ire, false);
+- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+ iommu_flush_iec_index(iommu, 0, index);
+
+ unmap_vtd_domain_page(iremap_entries);
+@@ -403,7 +403,7 @@ static int ioapic_rte_to_remap_entry(str
+ }
+
+ update_irte(iommu, iremap_entry, &new_ire, !init);
+- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+ iommu_flush_iec_index(iommu, 0, index);
+
+ unmap_vtd_domain_page(iremap_entries);
+@@ -694,7 +694,7 @@ static int msi_msg_to_remap_entry(
+ update_irte(iommu, iremap_entry, &new_ire, msi_desc->irte_initialized);
+ msi_desc->irte_initialized = true;
+
+- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry));
++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry));
+ iommu_flush_iec_index(iommu, 0, index);
+
+ unmap_vtd_domain_page(iremap_entries);
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -158,7 +158,8 @@ static void __init free_intel_iommu(stru
+ }
+
+ static int iommus_incoherent;
+-static void __iommu_flush_cache(void *addr, unsigned int size)
++
++void iommu_sync_cache(const void *addr, unsigned int size)
+ {
+ int i;
+ static unsigned int clflush_size = 0;
+@@ -173,16 +174,6 @@ static void __iommu_flush_cache(void *ad
+ cacheline_flush((char *)addr + i);
+ }
+
+-void iommu_flush_cache_entry(void *addr, unsigned int size)
+-{
+- __iommu_flush_cache(addr, size);
+-}
+-
+-void iommu_flush_cache_page(void *addr, unsigned long npages)
+-{
+- __iommu_flush_cache(addr, PAGE_SIZE * npages);
+-}
+-
+ /* Allocate page table, return its machine address */
+ u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages)
+ {
+@@ -207,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd
+ vaddr = __map_domain_page(cur_pg);
+ memset(vaddr, 0, PAGE_SIZE);
+
+- iommu_flush_cache_page(vaddr, 1);
++ iommu_sync_cache(vaddr, PAGE_SIZE);
+ unmap_domain_page(vaddr);
+ cur_pg++;
+ }
+@@ -242,7 +233,7 @@ static u64 bus_to_context_maddr(struct i
+ }
+ set_root_value(*root, maddr);
+ set_root_present(*root);
+- iommu_flush_cache_entry(root, sizeof(struct root_entry));
++ iommu_sync_cache(root, sizeof(struct root_entry));
+ }
+ maddr = (u64) get_context_addr(*root);
+ unmap_vtd_domain_page(root_entries);
+@@ -300,7 +291,7 @@ static u64 addr_to_dma_page_maddr(struct
+ */
+ dma_set_pte_readable(*pte);
+ dma_set_pte_writable(*pte);
+- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++ iommu_sync_cache(pte, sizeof(struct dma_pte));
+ }
+
+ if ( level == 2 )
+@@ -674,7 +665,7 @@ static int __must_check dma_pte_clear_on
+
+ dma_clear_pte(*pte);
+ spin_unlock(&hd->arch.mapping_lock);
+- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++ iommu_sync_cache(pte, sizeof(struct dma_pte));
+
+ if ( !this_cpu(iommu_dont_flush_iotlb) )
+ rc = iommu_flush_iotlb_pages(domain, addr >> PAGE_SHIFT_4K, 1);
+@@ -716,7 +707,7 @@ static void iommu_free_page_table(struct
+ iommu_free_pagetable(dma_pte_addr(*pte), next_level);
+
+ dma_clear_pte(*pte);
+- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++ iommu_sync_cache(pte, sizeof(struct dma_pte));
+ }
+
+ unmap_vtd_domain_page(pt_vaddr);
+@@ -1449,7 +1440,7 @@ int domain_context_mapping_one(
+ context_set_address_width(*context, agaw);
+ context_set_fault_enable(*context);
+ context_set_present(*context);
+- iommu_flush_cache_entry(context, sizeof(struct context_entry));
++ iommu_sync_cache(context, sizeof(struct context_entry));
+ spin_unlock(&iommu->lock);
+
+ /* Context entry was previously non-present (with domid 0). */
+@@ -1602,7 +1593,7 @@ int domain_context_unmap_one(
+
+ context_clear_present(*context);
+ context_clear_entry(*context);
+- iommu_flush_cache_entry(context, sizeof(struct context_entry));
++ iommu_sync_cache(context, sizeof(struct context_entry));
+
+ iommu_domid= domain_iommu_domid(domain, iommu);
+ if ( iommu_domid == -1 )
+@@ -1828,7 +1819,7 @@ static int __must_check intel_iommu_map_
+
+ *pte = new;
+
+- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++ iommu_sync_cache(pte, sizeof(struct dma_pte));
+ spin_unlock(&hd->arch.mapping_lock);
+ unmap_vtd_domain_page(page);
+
+@@ -1862,7 +1853,7 @@ int iommu_pte_flush(struct domain *d, u6
+ int iommu_domid;
+ int rc = 0;
+
+- iommu_flush_cache_entry(pte, sizeof(struct dma_pte));
++ iommu_sync_cache(pte, sizeof(struct dma_pte));
+
+ for_each_drhd_unit ( drhd )
+ {
+@@ -2725,7 +2716,7 @@ static int __init intel_iommu_quarantine
+ dma_set_pte_addr(*pte, maddr);
+ dma_set_pte_readable(*pte);
+ }
+- iommu_flush_cache_page(parent, 1);
++ iommu_sync_cache(parent, PAGE_SIZE);
+
+ unmap_vtd_domain_page(parent);
+ parent = map_vtd_domain_page(maddr);
diff --git a/main/xen/xsa321-4.11-3.patch b/main/xen/xsa321-4.11-3.patch
new file mode 100644
index 0000000000..3a5455e024
--- /dev/null
+++ b/main/xen/xsa321-4.11-3.patch
@@ -0,0 +1,82 @@
+From: <security@xenproject.org>
+Subject: x86/iommu: introduce a cache sync hook
+
+The hook is only implemented for VT-d and it uses the already existing
+iommu_sync_cache function present in VT-d code. The new hook is
+added so that the cache can be flushed by code outside of VT-d when
+using shared page tables.
+
+Note that alloc_pgtable_maddr must use the now locally defined
+sync_cache function, because IOMMU ops are not yet setup the first
+time the function gets called during IOMMU initialization.
+
+No functional change intended.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/extern.h
++++ b/xen/drivers/passthrough/vtd/extern.h
+@@ -37,7 +37,6 @@ void disable_qinval(struct iommu *iommu)
+ int enable_intremap(struct iommu *iommu, int eim);
+ void disable_intremap(struct iommu *iommu);
+
+-void iommu_sync_cache(const void *addr, unsigned int size);
+ int iommu_alloc(struct acpi_drhd_unit *drhd);
+ void iommu_free(struct acpi_drhd_unit *drhd);
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -159,7 +159,7 @@ static void __init free_intel_iommu(stru
+
+ static int iommus_incoherent;
+
+-void iommu_sync_cache(const void *addr, unsigned int size)
++static void sync_cache(const void *addr, unsigned int size)
+ {
+ int i;
+ static unsigned int clflush_size = 0;
+@@ -198,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd
+ vaddr = __map_domain_page(cur_pg);
+ memset(vaddr, 0, PAGE_SIZE);
+
+- iommu_sync_cache(vaddr, PAGE_SIZE);
++ sync_cache(vaddr, PAGE_SIZE);
+ unmap_domain_page(vaddr);
+ cur_pg++;
+ }
+@@ -2760,6 +2760,7 @@ const struct iommu_ops intel_iommu_ops =
+ .iotlb_flush_all = iommu_flush_iotlb_all,
+ .get_reserved_device_memory = intel_iommu_get_reserved_device_memory,
+ .dump_p2m_table = vtd_dump_p2m_table,
++ .sync_cache = sync_cache,
+ };
+
+ /*
+--- a/xen/include/asm-x86/iommu.h
++++ b/xen/include/asm-x86/iommu.h
+@@ -98,6 +98,13 @@ extern bool untrusted_msi;
+ int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq,
+ const uint8_t gvec);
+
++#define iommu_sync_cache(addr, size) ({ \
++ const struct iommu_ops *ops = iommu_get_ops(); \
++ \
++ if ( ops->sync_cache ) \
++ ops->sync_cache(addr, size); \
++})
++
+ #endif /* !__ARCH_X86_IOMMU_H__ */
+ /*
+ * Local variables:
+--- a/xen/include/xen/iommu.h
++++ b/xen/include/xen/iommu.h
+@@ -161,6 +161,7 @@ struct iommu_ops {
+ void (*update_ire_from_apic)(unsigned int apic, unsigned int reg, unsigned int value);
+ unsigned int (*read_apic_from_ire)(unsigned int apic, unsigned int reg);
+ int (*setup_hpet_msi)(struct msi_desc *);
++ void (*sync_cache)(const void *addr, unsigned int size);
+ #endif /* CONFIG_X86 */
+ int __must_check (*suspend)(void);
+ void (*resume)(void);
diff --git a/main/xen/xsa321-4.11-4.patch b/main/xen/xsa321-4.11-4.patch
new file mode 100644
index 0000000000..24cea6d8af
--- /dev/null
+++ b/main/xen/xsa321-4.11-4.patch
@@ -0,0 +1,36 @@
+From: <security@xenproject.org>
+Subject: vtd: don't assume addresses are aligned in sync_cache
+
+Current code in sync_cache assume that the address passed in is
+aligned to a cache line size. Fix the code to support passing in
+arbitrary addresses not necessarily aligned to a cache line size.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -161,8 +161,8 @@ static int iommus_incoherent;
+
+ static void sync_cache(const void *addr, unsigned int size)
+ {
+- int i;
+- static unsigned int clflush_size = 0;
++ static unsigned long clflush_size = 0;
++ const void *end = addr + size;
+
+ if ( !iommus_incoherent )
+ return;
+@@ -170,8 +170,9 @@ static void sync_cache(const void *addr,
+ if ( clflush_size == 0 )
+ clflush_size = get_cache_line_size();
+
+- for ( i = 0; i < size; i += clflush_size )
+- cacheline_flush((char *)addr + i);
++ addr -= (unsigned long)addr & (clflush_size - 1);
++ for ( ; addr < end; addr += clflush_size )
++ cacheline_flush((char *)addr);
+ }
+
+ /* Allocate page table, return its machine address */
diff --git a/main/xen/xsa321-4.11-5.patch b/main/xen/xsa321-4.11-5.patch
new file mode 100644
index 0000000000..9d47529bde
--- /dev/null
+++ b/main/xen/xsa321-4.11-5.patch
@@ -0,0 +1,24 @@
+From: <security@xenproject.org>
+Subject: x86/alternative: introduce alternative_2
+
+It's based on alternative_io_2 without inputs or outputs but with an
+added memory clobber.
+
+This is part of XSA-321.
+
+Acked-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/include/asm-x86/alternative.h
++++ b/xen/include/asm-x86/alternative.h
+@@ -113,6 +113,11 @@ extern void alternative_instructions(voi
+ #define alternative(oldinstr, newinstr, feature) \
+ asm volatile (ALTERNATIVE(oldinstr, newinstr, feature) : : : "memory")
+
++#define alternative_2(oldinstr, newinstr1, feature1, newinstr2, feature2) \
++ asm volatile (ALTERNATIVE_2(oldinstr, newinstr1, feature1, \
++ newinstr2, feature2) \
++ : : : "memory")
++
+ /*
+ * Alternative inline assembly with input.
+ *
diff --git a/main/xen/xsa321-4.11-6.patch b/main/xen/xsa321-4.11-6.patch
new file mode 100644
index 0000000000..f74a2c4fea
--- /dev/null
+++ b/main/xen/xsa321-4.11-6.patch
@@ -0,0 +1,91 @@
+From: <security@xenproject.org>
+Subject: vtd: optimize CPU cache sync
+
+Some VT-d IOMMUs are non-coherent, which requires a cache write back
+in order for the changes made by the CPU to be visible to the IOMMU.
+This cache write back was unconditionally done using clflush, but there are
+other more efficient instructions to do so, hence implement support
+for them using the alternative framework.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/drivers/passthrough/vtd/extern.h
++++ b/xen/drivers/passthrough/vtd/extern.h
+@@ -63,7 +63,6 @@ int __must_check qinval_device_iotlb_syn
+ u16 did, u16 size, u64 addr);
+
+ unsigned int get_cache_line_size(void);
+-void cacheline_flush(char *);
+ void flush_all_cache(void);
+
+ u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages);
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -31,6 +31,7 @@
+ #include <xen/pci_regs.h>
+ #include <xen/keyhandler.h>
+ #include <asm/msi.h>
++#include <asm/nops.h>
+ #include <asm/irq.h>
+ #include <asm/hvm/vmx/vmx.h>
+ #include <asm/p2m.h>
+@@ -172,7 +173,42 @@ static void sync_cache(const void *addr,
+
+ addr -= (unsigned long)addr & (clflush_size - 1);
+ for ( ; addr < end; addr += clflush_size )
+- cacheline_flush((char *)addr);
++/*
++ * The arguments to a macro must not include preprocessor directives. Doing so
++ * results in undefined behavior, so we have to create some defines here in
++ * order to avoid it.
++ */
++#if defined(HAVE_AS_CLWB)
++# define CLWB_ENCODING "clwb %[p]"
++#elif defined(HAVE_AS_XSAVEOPT)
++# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */
++#else
++# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */
++#endif
++
++#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr))
++#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT)
++# define INPUT BASE_INPUT
++#else
++# define INPUT(addr) "a" (addr), BASE_INPUT(addr)
++#endif
++ /*
++ * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush
++ * + prefix than a clflush + nop, and hence the prefix is added instead
++ * of letting the alternative framework fill the gap by appending nops.
++ */
++ alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]",
++ "data16 clflush %[p]", /* clflushopt */
++ X86_FEATURE_CLFLUSHOPT,
++ CLWB_ENCODING,
++ X86_FEATURE_CLWB, /* no outputs */,
++ INPUT(addr));
++#undef INPUT
++#undef BASE_INPUT
++#undef CLWB_ENCODING
++
++ alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT,
++ "sfence", X86_FEATURE_CLWB);
+ }
+
+ /* Allocate page table, return its machine address */
+--- a/xen/drivers/passthrough/vtd/x86/vtd.c
++++ b/xen/drivers/passthrough/vtd/x86/vtd.c
+@@ -53,11 +53,6 @@ unsigned int get_cache_line_size(void)
+ return ((cpuid_ebx(1) >> 8) & 0xff) * 8;
+ }
+
+-void cacheline_flush(char * addr)
+-{
+- clflush(addr);
+-}
+-
+ void flush_all_cache()
+ {
+ wbinvd();
diff --git a/main/xen/xsa321-4.11-7.patch b/main/xen/xsa321-4.11-7.patch
new file mode 100644
index 0000000000..65c4a4c84d
--- /dev/null
+++ b/main/xen/xsa321-4.11-7.patch
@@ -0,0 +1,164 @@
+From: <security@xenproject.org>
+Subject: x86/ept: flush cache when modifying PTEs and sharing page tables
+
+Modifications made to the page tables by EPT code need to be written
+to memory when the page tables are shared with the IOMMU, as Intel
+IOMMUs can be non-coherent and thus require changes to be written to
+memory in order to be visible to the IOMMU.
+
+In order to achieve this make sure data is written back to memory
+after writing an EPT entry when the recalc bit is not set in
+atomic_write_ept_entry. If such bit is set, the entry will be
+adjusted and atomic_write_ept_entry will be called a second time
+without the recalc bit set. Note that when splitting a super page the
+new tables resulting of the split should also be written back.
+
+Failure to do so can allow devices behind the IOMMU access to the
+stale super page, or cause coherency issues as changes made by the
+processor to the page tables are not visible to the IOMMU.
+
+This allows to remove the VT-d specific iommu_pte_flush helper, since
+the cache write back is now performed by atomic_write_ept_entry, and
+hence iommu_iotlb_flush can be used to flush the IOMMU TLB. The newly
+used method (iommu_iotlb_flush) can result in less flushes, since it
+might sometimes be called rightly with 0 flags, in which case it
+becomes a no-op.
+
+This is part of XSA-321.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/mm/p2m-ept.c
++++ b/xen/arch/x86/mm/p2m-ept.c
+@@ -90,6 +90,19 @@ static int atomic_write_ept_entry(ept_en
+
+ write_atomic(&entryptr->epte, new.epte);
+
++ /*
++ * The recalc field on the EPT is used to signal either that a
++ * recalculation of the EMT field is required (which doesn't effect the
++ * IOMMU), or a type change. Type changes can only be between ram_rw,
++ * logdirty and ioreq_server: changes to/from logdirty won't work well with
++ * an IOMMU anyway, as IOMMU #PFs are not synchronous and will lead to
++ * aborts, and changes to/from ioreq_server are already fully flushed
++ * before returning to guest context (see
++ * XEN_DMOP_map_mem_type_to_ioreq_server).
++ */
++ if ( !new.recalc && iommu_hap_pt_share )
++ iommu_sync_cache(entryptr, sizeof(*entryptr));
++
+ if ( unlikely(oldmfn != mfn_x(INVALID_MFN)) )
+ put_page(mfn_to_page(_mfn(oldmfn)));
+
+@@ -319,6 +332,9 @@ static bool_t ept_split_super_page(struc
+ break;
+ }
+
++ if ( iommu_hap_pt_share )
++ iommu_sync_cache(table, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t));
++
+ unmap_domain_page(table);
+
+ /* Even failed we should install the newly allocated ept page. */
+@@ -378,6 +394,9 @@ static int ept_next_level(struct p2m_dom
+ if ( !next )
+ return GUEST_TABLE_MAP_FAILED;
+
++ if ( iommu_hap_pt_share )
++ iommu_sync_cache(next, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t));
++
+ rc = atomic_write_ept_entry(ept_entry, e, next_level);
+ ASSERT(rc == 0);
+ }
+@@ -875,7 +894,7 @@ out:
+ need_modify_vtd_table )
+ {
+ if ( iommu_hap_pt_share )
+- rc = iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present);
++ rc = iommu_flush_iotlb(d, gfn, vtd_pte_present, 1u << order);
+ else
+ {
+ if ( iommu_flags )
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -612,10 +612,8 @@ static int __must_check iommu_flush_all(
+ return rc;
+ }
+
+-static int __must_check iommu_flush_iotlb(struct domain *d,
+- unsigned long gfn,
+- bool_t dma_old_pte_present,
+- unsigned int page_count)
++int iommu_flush_iotlb(struct domain *d, unsigned long gfn,
++ bool dma_old_pte_present, unsigned int page_count)
+ {
+ struct domain_iommu *hd = dom_iommu(d);
+ struct acpi_drhd_unit *drhd;
+@@ -1880,53 +1878,6 @@ static int __must_check intel_iommu_unma
+ return dma_pte_clear_one(d, (paddr_t)gfn << PAGE_SHIFT_4K);
+ }
+
+-int iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte,
+- int order, int present)
+-{
+- struct acpi_drhd_unit *drhd;
+- struct iommu *iommu = NULL;
+- struct domain_iommu *hd = dom_iommu(d);
+- bool_t flush_dev_iotlb;
+- int iommu_domid;
+- int rc = 0;
+-
+- iommu_sync_cache(pte, sizeof(struct dma_pte));
+-
+- for_each_drhd_unit ( drhd )
+- {
+- iommu = drhd->iommu;
+- if ( !test_bit(iommu->index, &hd->arch.iommu_bitmap) )
+- continue;
+-
+- flush_dev_iotlb = !!find_ats_dev_drhd(iommu);
+- iommu_domid= domain_iommu_domid(d, iommu);
+- if ( iommu_domid == -1 )
+- continue;
+-
+- rc = iommu_flush_iotlb_psi(iommu, iommu_domid,
+- (paddr_t)gfn << PAGE_SHIFT_4K,
+- order, !present, flush_dev_iotlb);
+- if ( rc > 0 )
+- {
+- iommu_flush_write_buffer(iommu);
+- rc = 0;
+- }
+- }
+-
+- if ( unlikely(rc) )
+- {
+- if ( !d->is_shutting_down && printk_ratelimit() )
+- printk(XENLOG_ERR VTDPREFIX
+- " d%d: IOMMU pages flush failed: %d\n",
+- d->domain_id, rc);
+-
+- if ( !is_hardware_domain(d) )
+- domain_crash(d);
+- }
+-
+- return rc;
+-}
+-
+ static int __init vtd_ept_page_compatible(struct iommu *iommu)
+ {
+ u64 ept_cap, vtd_cap = iommu->cap;
+--- a/xen/include/asm-x86/iommu.h
++++ b/xen/include/asm-x86/iommu.h
+@@ -87,8 +87,9 @@ int iommu_setup_hpet_msi(struct msi_desc
+
+ /* While VT-d specific, this must get declared in a generic header. */
+ int adjust_vtd_irq_affinities(void);
+-int __must_check iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte,
+- int order, int present);
++int __must_check iommu_flush_iotlb(struct domain *d, unsigned long gfn,
++ bool dma_old_pte_present,
++ unsigned int page_count);
+ bool_t iommu_supports_eim(void);
+ int iommu_enable_x2apic_IR(void);
+ void iommu_disable_x2apic_IR(void);
diff --git a/main/xen/xsa327.patch b/main/xen/xsa327.patch
new file mode 100644
index 0000000000..0541cfa0df
--- /dev/null
+++ b/main/xen/xsa327.patch
@@ -0,0 +1,63 @@
+From 030300ebbb86c40c12db038714479d746167c767 Mon Sep 17 00:00:00 2001
+From: Julien Grall <jgrall@amazon.com>
+Date: Tue, 26 May 2020 18:31:33 +0100
+Subject: [PATCH] xen: Check the alignment of the offset pased via
+ VCPUOP_register_vcpu_info
+
+Currently a guest is able to register any guest physical address to use
+for the vcpu_info structure as long as the structure can fits in the
+rest of the frame.
+
+This means a guest can provide an address that is not aligned to the
+natural alignment of the structure.
+
+On Arm 32-bit, unaligned access are completely forbidden by the
+hypervisor. This will result to a data abort which is fatal.
+
+On Arm 64-bit, unaligned access are only forbidden when used for atomic
+access. As the structure contains fields (such as evtchn_pending_self)
+that are updated using atomic operations, any unaligned access will be
+fatal as well.
+
+While the misalignment is only fatal on Arm, a generic check is added
+as an x86 guest shouldn't sensibly pass an unaligned address (this
+would result to a split lock).
+
+This is XSA-327.
+
+Reported-by: Julien Grall <jgrall@amazon.com>
+Signed-off-by: Julien Grall <jgrall@amazon.com>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
+---
+ xen/common/domain.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/xen/common/domain.c b/xen/common/domain.c
+index 7cc9526139a6..e9be05f1d05f 100644
+--- a/xen/common/domain.c
++++ b/xen/common/domain.c
+@@ -1227,10 +1227,20 @@ int map_vcpu_info(struct vcpu *v, unsigned long gfn, unsigned offset)
+ void *mapping;
+ vcpu_info_t *new_info;
+ struct page_info *page;
++ unsigned int align;
+
+ if ( offset > (PAGE_SIZE - sizeof(vcpu_info_t)) )
+ return -EINVAL;
+
++#ifdef CONFIG_COMPAT
++ if ( has_32bit_shinfo(d) )
++ align = alignof(new_info->compat);
++ else
++#endif
++ align = alignof(*new_info);
++ if ( offset & (align - 1) )
++ return -EINVAL;
++
+ if ( !mfn_eq(v->vcpu_info_mfn, INVALID_MFN) )
+ return -EINVAL;
+
+--
+2.17.1
+
diff --git a/main/xen/xsa328-4.11-1.patch b/main/xen/xsa328-4.11-1.patch
new file mode 100644
index 0000000000..50df012f3e
--- /dev/null
+++ b/main/xen/xsa328-4.11-1.patch
@@ -0,0 +1,118 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/EPT: ept_set_middle_entry() related adjustments
+
+ept_split_super_page() wants to further modify the newly allocated
+table, so have ept_set_middle_entry() return the mapped pointer rather
+than tearing it down and then getting re-established right again.
+
+Similarly ept_next_level() wants to hand back a mapped pointer of
+the next level page, so re-use the one established by
+ept_set_middle_entry() in case that path was taken.
+
+Pull the setting of suppress_ve ahead of insertion into the higher level
+table, and don't have ept_split_super_page() set the field a 2nd time.
+
+This is part of XSA-328.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/mm/p2m-ept.c
++++ b/xen/arch/x86/mm/p2m-ept.c
+@@ -228,8 +228,9 @@ static void ept_p2m_type_to_flags(struct
+ #define GUEST_TABLE_SUPER_PAGE 2
+ #define GUEST_TABLE_POD_PAGE 3
+
+-/* Fill in middle levels of ept table */
+-static int ept_set_middle_entry(struct p2m_domain *p2m, ept_entry_t *ept_entry)
++/* Fill in middle level of ept table; return pointer to mapped new table. */
++static ept_entry_t *ept_set_middle_entry(struct p2m_domain *p2m,
++ ept_entry_t *ept_entry)
+ {
+ mfn_t mfn;
+ ept_entry_t *table;
+@@ -237,7 +238,12 @@ static int ept_set_middle_entry(struct p
+
+ mfn = p2m_alloc_ptp(p2m, 0);
+ if ( mfn_eq(mfn, INVALID_MFN) )
+- return 0;
++ return NULL;
++
++ table = map_domain_page(mfn);
++
++ for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
++ table[i].suppress_ve = 1;
+
+ ept_entry->epte = 0;
+ ept_entry->mfn = mfn_x(mfn);
+@@ -249,14 +255,7 @@ static int ept_set_middle_entry(struct p
+
+ ept_entry->suppress_ve = 1;
+
+- table = map_domain_page(mfn);
+-
+- for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
+- table[i].suppress_ve = 1;
+-
+- unmap_domain_page(table);
+-
+- return 1;
++ return table;
+ }
+
+ /* free ept sub tree behind an entry */
+@@ -294,10 +293,10 @@ static bool_t ept_split_super_page(struc
+
+ ASSERT(is_epte_superpage(ept_entry));
+
+- if ( !ept_set_middle_entry(p2m, &new_ept) )
++ table = ept_set_middle_entry(p2m, &new_ept);
++ if ( !table )
+ return 0;
+
+- table = map_domain_page(_mfn(new_ept.mfn));
+ trunk = 1UL << ((level - 1) * EPT_TABLE_ORDER);
+
+ for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ )
+@@ -308,7 +307,6 @@ static bool_t ept_split_super_page(struc
+ epte->sp = (level > 1);
+ epte->mfn += i * trunk;
+ epte->snp = (iommu_enabled && iommu_snoop);
+- epte->suppress_ve = 1;
+
+ ept_p2m_type_to_flags(p2m, epte, epte->sa_p2mt, epte->access);
+
+@@ -347,8 +345,7 @@ static int ept_next_level(struct p2m_dom
+ ept_entry_t **table, unsigned long *gfn_remainder,
+ int next_level)
+ {
+- unsigned long mfn;
+- ept_entry_t *ept_entry, e;
++ ept_entry_t *ept_entry, *next = NULL, e;
+ u32 shift, index;
+
+ shift = next_level * EPT_TABLE_ORDER;
+@@ -373,19 +370,17 @@ static int ept_next_level(struct p2m_dom
+ if ( read_only )
+ return GUEST_TABLE_MAP_FAILED;
+
+- if ( !ept_set_middle_entry(p2m, ept_entry) )
++ next = ept_set_middle_entry(p2m, ept_entry);
++ if ( !next )
+ return GUEST_TABLE_MAP_FAILED;
+- else
+- e = atomic_read_ept_entry(ept_entry); /* Refresh */
++ /* e is now stale and hence may not be used anymore below. */
+ }
+-
+ /* The only time sp would be set here is if we had hit a superpage */
+- if ( is_epte_superpage(&e) )
++ else if ( is_epte_superpage(&e) )
+ return GUEST_TABLE_SUPER_PAGE;
+
+- mfn = e.mfn;
+ unmap_domain_page(*table);
+- *table = map_domain_page(_mfn(mfn));
++ *table = next ?: map_domain_page(_mfn(e.mfn));
+ *gfn_remainder &= (1UL << shift) - 1;
+ return GUEST_TABLE_NORMAL_PAGE;
+ }
diff --git a/main/xen/xsa328-4.11-2.patch b/main/xen/xsa328-4.11-2.patch
new file mode 100644
index 0000000000..14c0d36e44
--- /dev/null
+++ b/main/xen/xsa328-4.11-2.patch
@@ -0,0 +1,48 @@
+From: <security@xenproject.org>
+Subject: x86/ept: atomically modify entries in ept_next_level
+
+ept_next_level was passing a live PTE pointer to ept_set_middle_entry,
+which was then modified without taking into account that the PTE could
+be part of a live EPT table. This wasn't a security issue because the
+pages returned by p2m_alloc_ptp are zeroed, so adding such an entry
+before actually initializing it didn't allow a guest to access
+physical memory addresses it wasn't supposed to access.
+
+This is part of XSA-328.
+
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+
+--- a/xen/arch/x86/mm/p2m-ept.c
++++ b/xen/arch/x86/mm/p2m-ept.c
+@@ -348,6 +348,8 @@ static int ept_next_level(struct p2m_dom
+ ept_entry_t *ept_entry, *next = NULL, e;
+ u32 shift, index;
+
++ ASSERT(next_level);
++
+ shift = next_level * EPT_TABLE_ORDER;
+
+ index = *gfn_remainder >> shift;
+@@ -364,16 +366,20 @@ static int ept_next_level(struct p2m_dom
+
+ if ( !is_epte_present(&e) )
+ {
++ int rc;
++
+ if ( e.sa_p2mt == p2m_populate_on_demand )
+ return GUEST_TABLE_POD_PAGE;
+
+ if ( read_only )
+ return GUEST_TABLE_MAP_FAILED;
+
+- next = ept_set_middle_entry(p2m, ept_entry);
++ next = ept_set_middle_entry(p2m, &e);
+ if ( !next )
+ return GUEST_TABLE_MAP_FAILED;
+- /* e is now stale and hence may not be used anymore below. */
++
++ rc = atomic_write_ept_entry(ept_entry, e, next_level);
++ ASSERT(rc == 0);
+ }
+ /* The only time sp would be set here is if we had hit a superpage */
+ else if ( is_epte_superpage(&e) )
diff --git a/main/xorgproto/APKBUILD b/main/xorgproto/APKBUILD
index 16c6da7d1e..3dca195859 100644
--- a/main/xorgproto/APKBUILD
+++ b/main/xorgproto/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: prspkt <prspkt@protonmail.com>
pkgname=xorgproto
pkgver=2018.4
-pkgrel=0
+pkgrel=1
pkgdesc="Combined X.Org X11 protocol headers"
url="https://xorg.freedesktop.org"
arch="noarch"
@@ -68,6 +68,7 @@ package() {
rm -f "$pkgdir"/usr/include/X11/extensions/windows*
rm -f "$pkgdir"/usr/lib/pkgconfig/apple*
rm -f "$pkgdir"/usr/lib/pkgconfig/windows*
+ rm -f "$pkgdir"/usr/include/X11/extensions/XKBgeom.h # libx11-dev >= 1.6.9-r0
}
sha512sums="2db682d10280ca58cdc04d8eb9fef30c111d4cd379de9fec86cff317865b859a576de5426447be9231d24be9762cc1d684c57383a99ad499398e8b7d62b1c03c xorgproto-2018.4.tar.bz2"