aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/zabbix/APKBUILD6
-rw-r--r--community/zabbix/zabbix-agentd.initd31
-rw-r--r--main/bind/CVE-2020-8619.patch545
-rw-r--r--main/bluez/APKBUILD8
-rw-r--r--main/bluez/CVE-2020-27153.patch95
-rw-r--r--main/cups/APKBUILD11
-rw-r--r--main/cups/CVE-2019-8842.patch13
-rw-r--r--main/cups/CVE-2020-3898.patch14
-rw-r--r--main/curl/APKBUILD8
-rw-r--r--main/curl/CVE-2020-8231.patch123
-rw-r--r--main/dovecot/APKBUILD9
-rw-r--r--main/dovecot/CVE-2020-12673.patch31
-rw-r--r--main/dovecot/CVE-2020-12674.patch22
-rw-r--r--main/jbig2dec/APKBUILD13
-rw-r--r--main/jbig2dec/CVE-2020-12268.patch44
-rw-r--r--main/mariadb-connector-c/APKBUILD13
-rw-r--r--main/mariadb-connector-c/CVE-2020-13249.patch154
-rw-r--r--main/nrpe/APKBUILD2
-rw-r--r--main/openldap/APKBUILD18
-rw-r--r--main/openldap/CVE-2020-12243.patch125
-rw-r--r--main/openldap/CVE-2020-25692.patch27
-rw-r--r--main/openldap/CVE-2020-25709.patch26
-rw-r--r--main/openldap/CVE-2020-25710.patch27
-rw-r--r--main/pcre/APKBUILD11
-rw-r--r--main/pcre/CVE-2020-14155.patch31
-rw-r--r--main/postgresql/APKBUILD8
-rw-r--r--main/py-django/APKBUILD14
-rw-r--r--main/py-django/CVE-2020-24583.patch29
-rw-r--r--main/py-django/CVE-2020-24584.patch30
-rw-r--r--main/squid/APKBUILD4
30 files changed, 1439 insertions, 53 deletions
diff --git a/community/zabbix/APKBUILD b/community/zabbix/APKBUILD
index 9d9290ca24..9daf7982e3 100644
--- a/community/zabbix/APKBUILD
+++ b/community/zabbix/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=zabbix
-pkgver=4.0.21
+pkgver=4.0.27
pkgrel=0
pkgdesc="Enterprise-class open source distributed monitoring"
url="http://www.zabbix.com"
@@ -200,10 +200,10 @@ agent_openrc() {
"$subpkgdir"/etc/init.d/zabbix-agentd
}
-sha512sums="f93137602a6f89feed66d35d6604f92bb4f8b6831cd9348108408a5bddeb98ac22ed72077e59b6e9dd12b894d115c0e410912e0c1d83bb36a9398188dbe80e30 zabbix-4.0.21.tar.gz
+sha512sums="c5187c4421db0d179a49a7ef3af0a0bca950090644bbf8b474a5be807a8e54d08688946e5c9a63e5f367487314d806873718b081f2dc62ac310a2c19f1472eaf zabbix-4.0.27.tar.gz
9998ee172a28002d98bacc3f76038ff52b8cf2b206e101418d76b4ca3de94afaf92cb4f7a6235ecf177f74beb9dd3ea1f3983c4f164b4f60bb601acba65aa175 zabbix-server.initd
9c06527bf653c40585fa7eeb3f7a0b2fc454031d24cd0d1633aed87b78a681c5227a193c5b9fcfcea0839135874e27ba7dd9b198573f905f680a2856f79e9512 zabbix-server.confd
-523013cab3ba79cbc00db92f09d4c5d514fd6aa9cbebf8f29227dc91fbc19d2f8375af74c21d2037e4f3380a818f808194dbc94e69709ef2cf90f66e715895c4 zabbix-agentd.initd
+c6513c5cdc4709886ad2f2351ddd9fb3a5aeb35d07a3ca34ca7a531cc48be3b3c1dab74aecabe67aac78146bb5ee984c102b882707d1fbfa4120cf780eca9a92 zabbix-agentd.initd
a26e7ac422ff60a4b8eed3603022c3a1bde640870bb9286ab061c3cb5c2fd7e91ddb317cb3d1cf61034adda0a080fc212ad416c9e2853a1deb03c5279753f4e2 zabbix-proxy.initd
9fc413b11a01c8202c7ee1c7950d6ca3de2d2d6cd01bea994cd4bc412533b53c4e4b1f58fc3c8df16ea70902053e278e2c5dcc936ce3e0a686a6eac62310ef53 zabbix-getloadavg.patch
7f70dfd602aa164ec8cc65ebb7e8274c685975f6aea9051933928051b8d9b6e368e5a673a07e7084a2105468c5085d72fa7b9f934460f10648d594f28f031a91 automake.patch
diff --git a/community/zabbix/zabbix-agentd.initd b/community/zabbix/zabbix-agentd.initd
index 56d67db8ae..c24b0f8226 100644
--- a/community/zabbix/zabbix-agentd.initd
+++ b/community/zabbix/zabbix-agentd.initd
@@ -1,34 +1,19 @@
#!/sbin/openrc-run
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/zabbix/files/1.6.6/init.d/zabbix-agentd,v 1.1 2009/10/05 15:55:23 patrick Exp $
-# ensure the same file is specified as PidFile in /etc/zabbix/zabbix_agentd.conf
-pidfile=/var/run/zabbix/zabbix_agentd.pid
-user=zabbix
-group=zabbix
+name="Zabbix Agent"
+command="/usr/sbin/zabbix_agentd"
+command_args="--foreground"
+command_background=yes
+pidfile="/run/zabbix/zabbix_agentd.pid"
+: ${command_user:=zabbix}
+: ${command_group:=zabbix}
start_pre() {
- checkpath --owner ${user}:${group} --directory ${pidfile%/*}
+ checkpath --owner ${command_user}:${command_group} --directory ${pidfile%/*} /var/log/zabbix
}
-
depend() {
need net
provide zabbix-agent
use zabbix-server
}
-
-start() {
- ebegin "Starting Zabbix agent"
- start-stop-daemon --pidfile ${pidfile} --start --user ${user}:${group} --exec /usr/sbin/zabbix_agentd
- eend $?
-}
-
-stop() {
- ebegin "Stopping Zabbix agent"
- start-stop-daemon --stop --user ${user} --pidfile ${pidfile}
- eend $?
-}
-
-
diff --git a/main/bind/CVE-2020-8619.patch b/main/bind/CVE-2020-8619.patch
new file mode 100644
index 0000000000..e6d305bdb8
--- /dev/null
+++ b/main/bind/CVE-2020-8619.patch
@@ -0,0 +1,545 @@
+From 569cc155b8680d8ed12db1fabbe20947db24a0f9 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 2 Jun 2020 12:38:40 +1000
+Subject: [PATCH] Remove INSIST from from new_reference
+
+RBTDB node can now appear on the deadnodes lists following the changes
+to decrement_reference in 176b23b6cd98e5b58f832902fdbe964ee5f762d0 to
+defer checking of node->down when the tree write lock is not held. The
+node should be unlinked instead.
+---
+ lib/dns/rbtdb.c | 173 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 100 insertions(+), 73 deletions(-)
+
+diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
+index bfe3538a59..87fbdb317b 100644
+--- a/lib/dns/rbtdb.c
++++ b/lib/dns/rbtdb.c
+@@ -1858,8 +1858,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+ * Caller must be holding the node lock.
+ */
+ static inline void
+-new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
++ isc_rwlocktype_t locktype) {
++ if (locktype == isc_rwlocktype_write && ISC_LINK_LINKED(node, deadlink))
++ {
++ ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], node,
++ deadlink);
++ }
+ if (isc_refcount_increment0(&node->references) == 0) {
+ /* this is the first reference to the node */
+ isc_refcount_increment0(
+@@ -1877,13 +1882,14 @@ is_leaf(dns_rbtnode_t *node) {
+ }
+
+ static inline void
+-send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
++send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
++ isc_rwlocktype_t locktype) {
+ isc_event_t *ev;
+ dns_db_t *db;
+
+ ev = isc_event_allocate(rbtdb->common.mctx, NULL, DNS_EVENT_RBTPRUNE,
+ prune_tree, node, sizeof(isc_event_t));
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+ db = NULL;
+ attach((dns_db_t *)rbtdb, &db);
+ ev->ev_sender = db;
+@@ -1919,7 +1925,7 @@ cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) {
+ node->data == NULL);
+
+ if (is_leaf(node) && rbtdb->task != NULL) {
+- send_to_prune_tree(rbtdb, node);
++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
+ } else if (node->down == NULL && node->data == NULL) {
+ /*
+ * Not a interior node and not needing to be
+@@ -1987,7 +1993,7 @@ reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+ }
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+
+ NODE_UNLOCK(nodelock, locktype);
+ }
+@@ -2122,15 +2128,17 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+ * periodic walk-through).
+ */
+ if (!pruning && is_leaf(node) && rbtdb->task != NULL) {
+- send_to_prune_tree(rbtdb, node);
++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
+ no_reference = false;
+ } else {
+ delete_node(rbtdb, node);
+ }
+ } else {
+ INSIST(node->data == NULL);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
+- ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, deadlink);
++ if (!ISC_LINK_LINKED(node, deadlink)) {
++ ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node,
++ deadlink);
++ }
+ }
+
+ restore_locks:
+@@ -2200,16 +2208,13 @@ prune_tree(isc_task_t *task, isc_event_t *event) {
+
+ /*
+ * We need to gain a reference to the node before
+- * decrementing it in the next iteration. In addition,
+- * if the node is in the dead-nodes list, extract it
+- * from the list beforehand as we do in
+- * reactivate_node().
++ * decrementing it in the next iteration.
+ */
+ if (ISC_LINK_LINKED(parent, deadlink)) {
+ ISC_LIST_UNLINK(rbtdb->deadnodes[locknum],
+ parent, deadlink);
+ }
+- new_reference(rbtdb, parent);
++ new_reference(rbtdb, parent, isc_rwlocktype_write);
+ } else {
+ parent = NULL;
+ }
+@@ -2976,7 +2981,7 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+ * We increment the reference count on node to ensure that
+ * search->zonecut_rdataset will still be valid later.
+ */
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, isc_rwlocktype_read);
+ search->zonecut = node;
+ search->zonecut_rdataset = found;
+ search->need_cleanup = true;
+@@ -3028,7 +3033,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+
+ static inline void
+ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
+- isc_stdtime_t now, dns_rdataset_t *rdataset) {
++ isc_stdtime_t now, isc_rwlocktype_t locktype,
++ dns_rdataset_t *rdataset) {
+ unsigned char *raw; /* RDATASLAB */
+
+ /*
+@@ -3043,7 +3049,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
+ return;
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+
+ INSIST(rdataset->methods == NULL); /* We must be disassociated. */
+
+@@ -3148,12 +3154,12 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep,
+ NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+ isc_rwlocktype_read);
+ bind_rdataset(search->rbtdb, node, search->zonecut_rdataset,
+- search->now, rdataset);
++ search->now, isc_rwlocktype_read, rdataset);
+ if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL)
+ {
+ bind_rdataset(search->rbtdb, node,
+ search->zonecut_sigrdataset, search->now,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+ isc_rwlocktype_read);
+@@ -3818,18 +3824,21 @@ again:
+ foundname, NULL);
+ if (result == ISC_R_SUCCESS) {
+ if (nodep != NULL) {
+- new_reference(search->rbtdb,
+- node);
++ new_reference(
++ search->rbtdb, node,
++ isc_rwlocktype_read);
+ *nodep = node;
+ }
+ bind_rdataset(search->rbtdb, node,
+ found, search->now,
++ isc_rwlocktype_read,
+ rdataset);
+ if (foundsig != NULL) {
+- bind_rdataset(search->rbtdb,
+- node, foundsig,
+- search->now,
+- sigrdataset);
++ bind_rdataset(
++ search->rbtdb, node,
++ foundsig, search->now,
++ isc_rwlocktype_read,
++ sigrdataset);
+ }
+ }
+ } else if (found == NULL && foundsig == NULL) {
+@@ -4114,7 +4123,8 @@ found:
+ * ensure that search->zonecut_rdataset will
+ * still be valid later.
+ */
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node,
++ isc_rwlocktype_read);
+ search.zonecut = node;
+ search.zonecut_rdataset = header;
+ search.zonecut_sigrdataset = NULL;
+@@ -4292,7 +4302,7 @@ found:
+ goto node_exit;
+ }
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node, isc_rwlocktype_read);
+ *nodep = node;
+ }
+ if ((search.rbtversion->secure == dns_db_secure &&
+@@ -4300,10 +4310,10 @@ found:
+ (search.options & DNS_DBFIND_FORCENSEC) != 0)
+ {
+ bind_rdataset(search.rbtdb, node, nsecheader, 0,
+- rdataset);
++ isc_rwlocktype_read, rdataset);
+ if (nsecsig != NULL) {
+ bind_rdataset(search.rbtdb, node, nsecsig, 0,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+ if (wild) {
+@@ -4376,7 +4386,7 @@ found:
+
+ if (nodep != NULL) {
+ if (!at_zonecut) {
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node, isc_rwlocktype_read);
+ } else {
+ search.need_cleanup = false;
+ }
+@@ -4384,10 +4394,11 @@ found:
+ }
+
+ if (type != dns_rdatatype_any) {
+- bind_rdataset(search.rbtdb, node, found, 0, rdataset);
++ bind_rdataset(search.rbtdb, node, found, 0, isc_rwlocktype_read,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, 0,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+
+@@ -4570,8 +4581,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+ * We increment the reference count on node to ensure that
+ * search->zonecut_rdataset will still be valid later.
+ */
+- new_reference(search->rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search->rbtdb, node, locktype);
+ search->zonecut = node;
+ search->zonecut_rdataset = dname_header;
+ search->zonecut_sigrdataset = sigdname_header;
+@@ -4679,14 +4689,15 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
+ }
+ result = DNS_R_DELEGATION;
+ if (nodep != NULL) {
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search->rbtdb, node, found, search->now,
+- rdataset);
++ locktype, rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search->rbtdb, node, foundsig,
+- search->now, sigrdataset);
++ search->now, locktype,
++ sigrdataset);
+ }
+ if (need_headerupdate(found, search->now) ||
+ (foundsig != NULL &&
+@@ -4795,13 +4806,13 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
+ if (result != ISC_R_SUCCESS) {
+ goto unlock_node;
+ }
+- bind_rdataset(search->rbtdb, node, found, now,
++ bind_rdataset(search->rbtdb, node, found, now, locktype,
+ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search->rbtdb, node, foundsig,
+- now, sigrdataset);
++ now, locktype, sigrdataset);
+ }
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, locktype);
+ *nodep = node;
+ result = DNS_R_COVERINGNSEC;
+ } else if (!empty_node) {
+@@ -5026,18 +5037,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0 &&
+ nsecheader != NULL) {
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search.rbtdb, node, nsecheader,
+- search.now, rdataset);
++ search.now, locktype, rdataset);
+ if (need_headerupdate(nsecheader, search.now)) {
+ update = nsecheader;
+ }
+ if (nsecsig != NULL) {
+ bind_rdataset(search.rbtdb, node, nsecsig,
+- search.now, sigrdataset);
++ search.now, locktype,
++ sigrdataset);
+ if (need_headerupdate(nsecsig, search.now)) {
+ updatesig = nsecsig;
+ }
+@@ -5052,18 +5063,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ */
+ if (nsheader != NULL) {
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search.rbtdb, node, nsheader, search.now,
+- rdataset);
++ locktype, rdataset);
+ if (need_headerupdate(nsheader, search.now)) {
+ update = nsheader;
+ }
+ if (nssig != NULL) {
+ bind_rdataset(search.rbtdb, node, nssig,
+- search.now, sigrdataset);
++ search.now, locktype,
++ sigrdataset);
+ if (need_headerupdate(nssig, search.now)) {
+ updatesig = nssig;
+ }
+@@ -5084,8 +5095,7 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ */
+
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+
+@@ -5117,13 +5127,14 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN ||
+ result == DNS_R_NCACHENXRRSET)
+ {
+- bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
++ bind_rdataset(search.rbtdb, node, found, search.now, locktype,
++ rdataset);
+ if (need_headerupdate(found, search.now)) {
+ update = found;
+ }
+ if (!NEGATIVE(found) && foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, search.now,
+- sigrdataset);
++ locktype, sigrdataset);
+ if (need_headerupdate(foundsig, search.now)) {
+ updatesig = foundsig;
+ }
+@@ -5282,15 +5293,15 @@ cache_findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options,
+ }
+
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+
+- bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
++ bind_rdataset(search.rbtdb, node, found, search.now, locktype,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, search.now,
+- sigrdataset);
++ locktype, sigrdataset);
+ }
+
+ if (need_headerupdate(found, search.now) ||
+@@ -5653,10 +5664,11 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+ }
+ if (found != NULL) {
+- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
++ bind_rdataset(rbtdb, rbtnode, found, now, isc_rwlocktype_read,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(rbtdb, rbtnode, foundsig, now,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+
+@@ -5747,9 +5759,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+ }
+ if (found != NULL) {
+- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
++ bind_rdataset(rbtdb, rbtnode, found, now, locktype, rdataset);
+ if (!NEGATIVE(found) && foundsig != NULL) {
+- bind_rdataset(rbtdb, rbtnode, foundsig, now,
++ bind_rdataset(rbtdb, rbtnode, foundsig, now, locktype,
+ sigrdataset);
+ }
+ }
+@@ -5917,6 +5929,9 @@ resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader) {
+ return (result);
+ }
+
++/*
++ * node write lock must be held.
++ */
+ static void
+ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ rdatasetheader_t *header) {
+@@ -5928,7 +5943,8 @@ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ header->heap_index);
+ header->heap_index = 0;
+ if (version != NULL) {
+- new_reference(rbtdb, header->node);
++ new_reference(rbtdb, header->node,
++ isc_rwlocktype_write);
+ ISC_LIST_APPEND(version->resigned_list, header, link);
+ }
+ }
+@@ -5959,6 +5975,9 @@ update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion,
+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
+ }
+
++/*
++ * write lock on rbtnode must be held.
++ */
+ static isc_result_t
+ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
+ rbtdb_version_t *rbtversion, rdatasetheader_t *newheader,
+@@ -6085,9 +6104,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
+ free_rdataset(rbtdb, rbtdb->common.mctx,
+ newheader);
+ if (addedrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode,
+- topheader, now,
+- addedrdataset);
++ bind_rdataset(
++ rbtdb, rbtnode,
++ topheader, now,
++ isc_rwlocktype_write,
++ addedrdataset);
+ }
+ return (DNS_R_UNCHANGED);
+ }
+@@ -6147,6 +6168,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (DNS_R_UNCHANGED);
+@@ -6258,6 +6280,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (ISC_R_SUCCESS);
+@@ -6307,6 +6330,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (ISC_R_SUCCESS);
+@@ -6504,7 +6528,8 @@ find_header:
+ }
+
+ if (addedrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode, newheader, now, addedrdataset);
++ bind_rdataset(rbtdb, rbtnode, newheader, now,
++ isc_rwlocktype_write, addedrdataset);
+ }
+
+ return (ISC_R_SUCCESS);
+@@ -7045,13 +7070,15 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+
+ if (result == ISC_R_SUCCESS && newrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset);
++ bind_rdataset(rbtdb, rbtnode, newheader, 0,
++ isc_rwlocktype_write, newrdataset);
+ }
+
+ if (result == DNS_R_NXRRSET && newrdataset != NULL &&
+ (options & DNS_DBSUB_WANTOLD) != 0)
+ {
+- bind_rdataset(rbtdb, rbtnode, header, 0, newrdataset);
++ bind_rdataset(rbtdb, rbtnode, header, 0, isc_rwlocktype_write,
++ newrdataset);
+ }
+
+ unlock:
+@@ -7929,8 +7956,7 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) {
+ /* Note that the access to origin_node doesn't require a DB lock */
+ onode = (dns_rbtnode_t *)rbtdb->origin_node;
+ if (onode != NULL) {
+- new_reference(rbtdb, onode);
+-
++ new_reference(rbtdb, onode, isc_rwlocktype_none);
+ *nodep = rbtdb->origin_node;
+ } else {
+ INSIST(IS_CACHE(rbtdb));
+@@ -8123,7 +8149,8 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, dns_name_t *foundname) {
+ * Found something; pass back the answer and unlock
+ * the bucket.
+ */
+- bind_rdataset(rbtdb, header->node, header, 0, rdataset);
++ bind_rdataset(rbtdb, header->node, header, 0,
++ isc_rwlocktype_read, rdataset);
+
+ if (foundname != NULL) {
+ dns_rbt_fullnamefromnode(header->node, foundname);
+@@ -9130,7 +9157,7 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) {
+ isc_rwlocktype_read);
+
+ bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now,
+- rdataset);
++ isc_rwlocktype_read, rdataset);
+
+ NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+ isc_rwlocktype_read);
+@@ -9585,7 +9612,7 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep,
+ result = ISC_R_SUCCESS;
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, isc_rwlocktype_none);
+
+ *nodep = rbtdbiter->node;
+
+@@ -10498,7 +10525,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
+ * We first need to gain a new reference to the node to meet a
+ * requirement of decrement_reference().
+ */
+- new_reference(rbtdb, header->node);
++ new_reference(rbtdb, header->node, isc_rwlocktype_write);
+ decrement_reference(rbtdb, header->node, 0,
+ isc_rwlocktype_write,
+ tree_locked ? isc_rwlocktype_write
+--
+GitLab
diff --git a/main/bluez/APKBUILD b/main/bluez/APKBUILD
index 7a6788eacb..e431f069e5 100644
--- a/main/bluez/APKBUILD
+++ b/main/bluez/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=bluez
pkgver=5.50
-pkgrel=1
+pkgrel=2
pkgdesc="Tools for the Bluetooth protocol stack"
url="http://www.bluez.org/"
arch="all"
@@ -25,10 +25,13 @@ source="https://www.kernel.org/pub/linux/bluetooth/bluez-$pkgver.tar.xz
disable-lock-test.patch
fix-endianness.patch
CVE-2020-0556.patch
+ CVE-2020-27153.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 5.50-r2:
+# - CVE-2020-27153
# 5.50-r1:
# - CVE-2020-0556
@@ -126,4 +129,5 @@ d5fd1c962bd846eaa6fff879bab85f753eb367d514f82d133b5d3242e1da989af5eddd942c60a87d
41ce7ccf78cca97563f0ef31e01dac6eb4484c24fe57be360b5e8de8c5bff5845e9d395766f891bd3f123788344456c88c9fc00cd1bb7c6a1dca89d09f19172b bluez-5.40-obexd_without_systemd-1.patch
04c4889372c8e790bb338dde7ffa76dc32fcf7370025c71b9184fcf17fd01ade4a6613d84d648303af3bbc54043ad489f29fc0cd4679ec8c9029dcb846d7e026 disable-lock-test.patch
118d55183860f395fc4bdc93efffb13902ebf7388cad722b9061cd2860d404333e500af521741c3d92c0f8a161f6810348fbeb6682e49c372383f417aed8c76a fix-endianness.patch
-1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch"
+1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch
+c8e65bdfb5edc8edd0d1f9a153a7d5b953f0c5700aa61645af251cd857117990090a27c0ee133056fc045d0f6b6a3c1aad60ff0dfd3707c2c5ba29c518fccca8 CVE-2020-27153.patch"
diff --git a/main/bluez/CVE-2020-27153.patch b/main/bluez/CVE-2020-27153.patch
new file mode 100644
index 0000000000..48a346fe2c
--- /dev/null
+++ b/main/bluez/CVE-2020-27153.patch
@@ -0,0 +1,95 @@
+Adapted from https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
+
+diff --git a/src/shared/att.c b/src/shared/att.c
+index 0ea6d55..b0fdb8e 100644
+--- a/src/shared/att.c
++++ b/src/shared/att.c
+@@ -62,6 +62,7 @@ struct bt_att {
+ struct queue *ind_queue; /* Queued ATT protocol indications */
+ struct att_send_op *pending_ind;
+ struct queue *write_queue; /* Queue of PDUs ready to send */
++ bool in_disc; /* Cleanup queues on disconnect_cb */
+ bool writer_active;
+
+ struct queue *notify_list; /* List of registered callbacks */
+@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data)
+ free(op);
+ }
+
+-static void cancel_att_send_op(struct att_send_op *op)
++static void cancel_att_send_op(void *data)
+ {
++ struct att_send_op *op = data;
++
+ if (op->destroy)
+ op->destroy(op->user_data);
+
+@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
+ att->io = NULL;
+ att->fd = -1;
+
+- /* Notify request callbacks */
+- queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
+- queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
+- queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
+-
+ if (att->pending_req) {
+ disc_att_send_op(att->pending_req);
+ att->pending_req = NULL;
+@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
+
+ bt_att_ref(att);
+
++ att->in_disc = true;
++
++ /* Notify request callbacks */
++ queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
++ queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
++ queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
++
++ att->in_disc = false;
++
+ queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
+
+ bt_att_unregister_all(att);
+@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b)
+ return op->id == id;
+ }
+
++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
++{
++ struct att_send_op *op;
++
++ op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
++ if (op)
++ goto done;
++
++ op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
++ if (op)
++ goto done;
++
++ op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
++
++done:
++ if (!op)
++ return false;
++
++ /* Just cancel since disconnect_cb will be cleaning up */
++ cancel_att_send_op(op);
++
++ return true;
++}
++
+ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ {
+ struct att_send_op *op;
+@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ return true;
+ }
+
++ if (att->in_disc)
++ return bt_att_disc_cancel(att, id);
++
+ op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
+ if (op)
+ goto done;
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD
index 3c7166e23d..127c7292d8 100644
--- a/main/cups/APKBUILD
+++ b/main/cups/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cups
pkgver=2.2.12
-pkgrel=0
+pkgrel=1
pkgdesc="The CUPS Printing System"
url="https://www.cups.org/"
arch="all"
@@ -20,10 +20,15 @@ source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-so
cupsd.initd
cups-no-export-ssllibs.patch
default-config-no-gssapi.patch
+ CVE-2019-8842.patch
+ CVE-2020-3898.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 2.2.12-r1:
+# - CVE-2019-8842
+# - CVE-2020-3898
# 2.2.12-r0:
# - CVE-2019-8696
# - CVE-2019-8675
@@ -134,4 +139,6 @@ sha512sums="b8e7be512938ad388d469d093ad0c882ab42ea1408c27a91340f8424aa0e79e588df
cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate
2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd
7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch
-98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch"
+98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch
+1a6dc3560c78eef28cad977abde076c02791e34fc05e53ce3137ac4ff1feb2f6bae5f64ba8733f44280ac4273d825372b29b15da6bb179776496f62a7d06462d CVE-2019-8842.patch
+560466d3721cd105ef1e6aa03d0cb6c55964e94f06fe80e2f8570d481941cfd03ac6940d0108e111ea7f4bee55460b93423975410890e105902c5a4ce3b79d77 CVE-2020-3898.patch"
diff --git a/main/cups/CVE-2019-8842.patch b/main/cups/CVE-2019-8842.patch
new file mode 100644
index 0000000000..2e1a212239
--- /dev/null
+++ b/main/cups/CVE-2019-8842.patch
@@ -0,0 +1,13 @@
+diff --git a/cups/ipp.c b/cups/ipp.c
+index b0762fd..dba4f31 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2960,7 +2960,7 @@ ippReadIO(void *src, /* I - Data source */
+ * Read 32-bit "extension" tag...
+ */
+
+- if ((*cb)(src, buffer, 4) < 1)
++ if ((*cb)(src, buffer, 4) < 4)
+ {
+ DEBUG_puts("1ippReadIO: Callback returned EOF/error");
+ _cupsBufferRelease((char *)buffer);
diff --git a/main/cups/CVE-2020-3898.patch b/main/cups/CVE-2020-3898.patch
new file mode 100644
index 0000000000..d797a0be1a
--- /dev/null
+++ b/main/cups/CVE-2020-3898.patch
@@ -0,0 +1,14 @@
+diff --git a/cups/ppd.c b/cups/ppd.c
+index 58d92c1..5bc7939 100644
+--- a/cups/ppd.c
++++ b/cups/ppd.c
+@@ -1730,8 +1730,7 @@ _ppdOpen(
+ constraint->choice1, constraint->option2,
+ constraint->choice2))
+ {
+- case 0 : /* Error */
+- case 1 : /* Error */
++ default : /* Error */
+ pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
+ goto error;
+
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 8af79f2f03..3431a71ebf 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.64.0
-pkgrel=4
+pkgrel=5
pkgdesc="URL retrival utility and library"
url="https://curl.haxx.se"
arch="all"
@@ -22,11 +22,14 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
CVE-2019-5482.patch
CVE-2020-8169.patch
CVE-2020-8177.patch
+ CVE-2020-8231.patch
"
options="!check" # sftp tests failing
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 7.66.0-r5:
+# - CVE-2020-8231
# 7.64.0-r4:
# - CVE-2020-8169
# - CVE-2020-8177
@@ -139,4 +142,5 @@ c629a1b36920a3f8eab3321b0222e203f53f29e5947d39a0c32e0a7de2d8ab2182c3d6bbb0828847
37161e4d94cdb1add2216b031f70d7ae84451229dffe48ca9856bb311e88678f0e11baab6bb4da0386ed31e8467aa51fabaf6122f876ef9bc0003638d07f22cf CVE-2019-5481.patch
6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb CVE-2019-5482.patch
4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch
-250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da CVE-2020-8177.patch"
+250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da CVE-2020-8177.patch
+d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch"
diff --git a/main/curl/CVE-2020-8231.patch b/main/curl/CVE-2020-8231.patch
new file mode 100644
index 0000000000..0d6a76d94d
--- /dev/null
+++ b/main/curl/CVE-2020-8231.patch
@@ -0,0 +1,123 @@
+Based on https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
+
+Didn't apply cleanly, fixed up lib/urldata.h and lib/url.c, ignored 2 changes in lib/multi.c
+that refer to things that do not yet exist in this version of curl
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 0a7475c..b3d4057 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */
+ }
+
+ struct connfind {
+- struct connectdata *tofind;
+- bool found;
++ long id_tofind;
++ struct connectdata *found;
+ };
+
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+ struct connfind *f = (struct connfind *)param;
+- if(conn == f->tofind) {
+- f->found = TRUE;
++ if(conn->connection_id == f->id_tofind) {
++ f->found = conn;
+ return 1;
+ }
+ return 0;
+@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+ * - that is associated with a multi handle, and whose connection
+ * was detached with CURLOPT_CONNECT_ONLY
+ */
+- if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+- struct connectdata *c = data->state.lastconnect;
++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
++ struct connectdata *c;
+ struct connfind find;
+- find.tofind = data->state.lastconnect;
+- find.found = FALSE;
++ find.id_tofind = data->state.lastconnect_id;
++ find.found = NULL;
+
+ Curl_conncache_foreach(data, data->multi_easy?
+ &data->multi_easy->conn_cache:
+ &data->multi->conn_cache, &find, conn_is_conn);
+
+ if(!find.found) {
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+ return CURL_SOCKET_BAD;
+ }
+
++ c = find.found;
+ if(connp) {
+ /* only store this if the caller cares for it */
+ *connp = c;
+diff --git a/lib/easy.c b/lib/easy.c
+index b648e80..7b0ea9a 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+
+ /* the connection cache is setup on demand */
+ outcurl->state.conn_cache = NULL;
+-
+- outcurl->state.lastconnect = NULL;
++ outcurl->state.lastconnect_id = -1;
+
+ outcurl->progress.flags = data->progress.flags;
+ outcurl->progress.callback = data->progress.callback;
+diff --git a/lib/multi.c b/lib/multi.c
+index e10e752..02687dd 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+ data->state.conn_cache = &data->share->conn_cache;
+ else
+ data->state.conn_cache = &multi->conn_cache;
++ data->state.lastconnect_id = -1;
+
+ #ifdef USE_LIBPSL
+ /* Do the same for PSL. */
+@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_easy *data,
+ CONN_UNLOCK(data);
+ if(Curl_conncache_return_conn(data, conn)) {
+ /* remember the most recently used connection */
+- data->state.lastconnect = conn;
++ data->state.lastconnect_id = conn->connection_id;
+ infof(data, "%s\n", buffer);
+ }
+ else
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+ }
+
+ Curl_free_request_state(data);
+diff --git a/lib/url.c b/lib/url.c
+index 47fc66a..f0a880f 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl)
+ Curl_initinfo(data);
+
+ /* most recent connection is not yet defined */
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+
+ data->progress.flags |= PGRS_HIDE;
+ data->state.current_speed = -1; /* init to negative == impossible */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index fbb8b64..6586986 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1332,7 +1332,7 @@ struct UrlState {
+ /* buffers to store authentication data in, as parsed from input options */
+ struct curltime keeps_speed; /* for the progress meter really */
+
+- struct connectdata *lastconnect; /* The last connection, NULL if undefined */
++ long lastconnect_id; /* The last connection, -1 if undefined */
+
+ char *headerbuff; /* allocated buffer to store headers in */
+ size_t headersize; /* size of the allocation */
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 3d7caebb5a..3ca3451bfc 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -6,7 +6,7 @@
pkgname=dovecot
pkgver=2.3.10.1
_pkgvermajor=2.3
-pkgrel=0
+pkgrel=1
_pigeonholever=0.5.10
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
@@ -61,6 +61,8 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
+ CVE-2020-12673.patch
+ CVE-2020-12674.patch
dovecot.logrotate
dovecot.initd
"
@@ -68,6 +70,9 @@ builddir="$srcdir/$pkgname-$pkgver"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.10.1-r1:
+# - CVE-2020-12673
+# - CVE-2020-12674
# 2.3.10.1-r0:
# - CVE-2020-10957
# - CVE-2020-10958
@@ -314,5 +319,7 @@ f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
+54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch
+3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
diff --git a/main/dovecot/CVE-2020-12673.patch b/main/dovecot/CVE-2020-12673.patch
new file mode 100644
index 0000000000..9dd26e0350
--- /dev/null
+++ b/main/dovecot/CVE-2020-12673.patch
@@ -0,0 +1,31 @@
+From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 18 May 2020 12:33:39 +0300
+Subject: [PATCH] lib-ntlm: Check buffer length on responses
+
+Add missing check for buffer length.
+
+If this is not checked, it is possible to send message which
+causes read past buffer bug.
+
+Broken in c7480644202e5451fbed448508ea29a25cffc99c
+---
+ src/lib-ntlm/ntlm-message.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
+index 160b9f918c..a29413b47e 100644
+--- a/src/lib-ntlm/ntlm-message.c
++++ b/src/lib-ntlm/ntlm-message.c
+@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
+ if (length == 0 && space == 0)
+ return TRUE;
+
++ if (length > data_size) {
++ *error = "buffer length out of bounds";
++ return FALSE;
++ }
++
+ if (offset >= data_size) {
+ *error = "buffer offset out of bounds";
+ return FALSE;
diff --git a/main/dovecot/CVE-2020-12674.patch b/main/dovecot/CVE-2020-12674.patch
new file mode 100644
index 0000000000..a9dca2a82d
--- /dev/null
+++ b/main/dovecot/CVE-2020-12674.patch
@@ -0,0 +1,22 @@
+From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Wed, 6 May 2020 13:40:36 +0300
+Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer
+
+---
+ src/auth/mech-rpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
+index 08298ebdd6..2de8705b4f 100644
+--- a/src/auth/mech-rpa.c
++++ b/src/auth/mech-rpa.c
+@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
+ return 0;
+
+ len = *p++;
+- if (p + len > end)
++ if (p + len > end || len == 0)
+ return 0;
+
+ *buffer = p_malloc(pool, len);
diff --git a/main/jbig2dec/APKBUILD b/main/jbig2dec/APKBUILD
index b4396b7869..670eff8d95 100644
--- a/main/jbig2dec/APKBUILD
+++ b/main/jbig2dec/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=jbig2dec
pkgver=0.15
-pkgrel=0
+pkgrel=1
pkgdesc="JBIG2 image compression format decoder"
url="https://www.ghostscript.com/jbig2dec.html"
arch="all"
@@ -10,7 +10,13 @@ license="GPL-2.0-or-later"
makedepends="autoconf automake libtool"
checkdepends="python2"
subpackages="$pkgname-dev $pkgname-doc"
-source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz"
+source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz
+ CVE-2020-12268.patch
+ "
+
+# secfixes:
+# 0.15-r1:
+# - CVE-2020-12268
builddir="$srcdir/$pkgname-$pkgver"
@@ -44,4 +50,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz"
+sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz
+e33c6a942af79dfb98c8160bccb0d7e6965d90b77f4e8e370787a9c0af0273001f02d5591b92d4285b901182ea335eb09854ce2fa995266837156b568747aa24 CVE-2020-12268.patch"
diff --git a/main/jbig2dec/CVE-2020-12268.patch b/main/jbig2dec/CVE-2020-12268.patch
new file mode 100644
index 0000000000..773515ae2d
--- /dev/null
+++ b/main/jbig2dec/CVE-2020-12268.patch
@@ -0,0 +1,44 @@
+From 0726320a4b55078e9d8deb590e477d598b3da66e Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Mon, 27 Jan 2020 10:12:24 -0800
+Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
+ jbig2_image_compose.
+
+With extreme values of x/y/w/h we can get overflow. Test for this
+and exit safely.
+
+Thanks for OSS-Fuzz for reporting.
+---
+ jbig2_image.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 22e21ef..100263d 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -33,6 +33,9 @@
+ #if !defined (INT32_MAX)
+ #define INT32_MAX 0x7fffffff
+ #endif
++#if !defined (UINT32_MAX)
++#define UINT32_MAX 0xffffffffu
++#endif
+
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+@@ -258,6 +261,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+ if (src == NULL)
+ return 0;
+
++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) ||
++ (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++ {
++#ifdef JBIG2_DEBUG
++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
++#endif
++ return 0;
++ }
++
+ /* The optimized code for the OR operator below doesn't
+ handle the source image partially placed outside the
+ destination (above and/or to the left). The affected
diff --git a/main/mariadb-connector-c/APKBUILD b/main/mariadb-connector-c/APKBUILD
index 0d01de5763..90e853563b 100644
--- a/main/mariadb-connector-c/APKBUILD
+++ b/main/mariadb-connector-c/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb-connector-c
pkgver=3.0.8
-pkgrel=0
+pkgrel=1
pkgdesc="The MariaDB Native Client library (C driver)"
url="https://mariadb.org/"
arch="all"
@@ -10,12 +10,17 @@ depends_dev="openssl-dev zlib-dev"
makedepends="$depends_dev cmake"
replaces="mariadb-client-libs"
subpackages="$pkgname-dev"
-source="https://downloads.mariadb.org/interstitial/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz
+source="https://downloads.mariadb.com/Connectors/c/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz
cmake.patch
fix-ucontext-header.patch
+ CVE-2020-13249.patch
"
builddir="$srcdir/mariadb-connector-c-$pkgver-src"
+# secfixes:
+# 3.0.8-r1:
+# - CVE-2020-13249
+
build() {
cd "$builddir"
if [ "$CBUILD" != "$CHOST" ]; then
@@ -57,7 +62,7 @@ dev() {
replaces="mariadb-dev"
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-
sha512sums="d9f970c7ac164ef7d8dd748bf2f749cc1f877a9c8f68a1d57e9ff62d95046bb9505619feca1f1d0d1cdefc1ac49489742aadf4ad9e47c8e6a9b8b40c56eed788 mariadb-connector-c-3.0.8-src.tar.gz
027a9d383ce27a527b77ac06b9505709cad8fe0173455863590f502996966300fedea87687630113d74e5b9be5349217b18206c2dbb89f7064129cb5417e44cf cmake.patch
-ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch"
+ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch
+4370a517bc082e5aca8ebc0abf1ace7742af6cffc7f0c12b70705b31885a573192bbac473a9d0322582e64a75698db86bd36db23558dd1c1e1eaf693632a559f CVE-2020-13249.patch"
diff --git a/main/mariadb-connector-c/CVE-2020-13249.patch b/main/mariadb-connector-c/CVE-2020-13249.patch
new file mode 100644
index 0000000000..8f58063c4e
--- /dev/null
+++ b/main/mariadb-connector-c/CVE-2020-13249.patch
@@ -0,0 +1,154 @@
+diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
+index 4c1108b..1f04c35 100644
+--- a/libmariadb/mariadb_lib.c
++++ b/libmariadb/mariadb_lib.c
+@@ -76,6 +76,8 @@
+ #define ASYNC_CONTEXT_DEFAULT_STACK_SIZE (4096*15)
+ #define MA_RPL_VERSION_HACK "5.5.5-"
+
++#define CHARSET_NAME_LEN 64
++
+ #undef max_allowed_packet
+ #undef net_buffer_length
+ extern ulong max_allowed_packet; /* net.c */
+@@ -2029,6 +2031,7 @@ mysql_send_query(MYSQL* mysql, const char* query, unsigned long length)
+
+ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ {
++ uchar *end= mysql->net.read_pos+length;
+ size_t item_len;
+ mysql->affected_rows= net_field_length_ll(&pos);
+ mysql->insert_id= net_field_length_ll(&pos);
+@@ -2036,10 +2039,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ pos+=2;
+ mysql->warning_count=uint2korr(pos);
+ pos+=2;
+- if (pos < mysql->net.read_pos+length)
++ if (pos > end)
++ goto corrupted;
++ if (pos < end)
+ {
+ if ((item_len= net_field_length(&pos)))
+ mysql->info=(char*) pos;
++ if (pos + item_len > end)
++ goto corrupted;
+
+ /* check if server supports session tracking */
+ if (mysql->server_capabilities & CLIENT_SESSION_TRACKING)
+@@ -2050,23 +2057,26 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (mysql->server_status & SERVER_SESSION_STATE_CHANGED)
+ {
+ int i;
+- if (pos < mysql->net.read_pos + length)
++ if (pos < end)
+ {
+ LIST *session_item;
+ MYSQL_LEX_STRING *str= NULL;
+ enum enum_session_state_type si_type;
+ uchar *old_pos= pos;
+- size_t item_len= net_field_length(&pos); /* length for all items */
++
++ item_len= net_field_length(&pos); /* length for all items */
++ if (pos + item_len > end)
++ goto corrupted;
++ end= pos + item_len;
+
+ /* length was already set, so make sure that info will be zero terminated */
+ if (mysql->info)
+ *old_pos= 0;
+
+- while (item_len > 0)
++ while (pos < end)
+ {
+ size_t plen;
+ char *data;
+- old_pos= pos;
+ si_type= (enum enum_session_state_type)net_field_length(&pos);
+ switch(si_type) {
+ case SESSION_TRACK_SCHEMA:
+@@ -2076,15 +2086,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (si_type != SESSION_TRACK_STATE_CHANGE)
+ net_field_length(&pos); /* ignore total length, item length will follow next */
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ if (!ma_multi_malloc(0,
+ &session_item, sizeof(LIST),
+ &str, sizeof(MYSQL_LEX_STRING),
+ &data, plen,
+ NULL))
+- {
+- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
+- return -1;
+- }
++ goto oom;
+ str->length= plen;
+ str->str= data;
+ memcpy(str->str, (char *)pos, plen);
+@@ -2107,29 +2116,28 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (!strncmp(str->str, "character_set_client", str->length))
+ set_charset= 1;
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ if (!ma_multi_malloc(0,
+ &session_item, sizeof(LIST),
+ &str, sizeof(MYSQL_LEX_STRING),
+ &data, plen,
+ NULL))
+- {
+- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
+- return -1;
+- }
++ goto oom;
+ str->length= plen;
+ str->str= data;
+ memcpy(str->str, (char *)pos, plen);
+ pos+= plen;
+ session_item->data= str;
+ mysql->extension->session_state[si_type].list= list_add(mysql->extension->session_state[si_type].list, session_item);
+- if (set_charset &&
++ if (set_charset && str->length < CHARSET_NAME_LEN &&
+ strncmp(mysql->charset->csname, str->str, str->length) != 0)
+ {
+- char cs_name[64];
+- MARIADB_CHARSET_INFO *cs_info;
++ char cs_name[CHARSET_NAME_LEN];
++ const MARIADB_CHARSET_INFO *cs_info;
+ memcpy(cs_name, str->str, str->length);
+ cs_name[str->length]= 0;
+- if ((cs_info = (MARIADB_CHARSET_INFO *)mysql_find_charset_name(cs_name)))
++ if ((cs_info = mysql_find_charset_name(cs_name)))
+ mysql->charset= cs_info;
+ }
+ }
+@@ -2137,10 +2145,11 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ default:
+ /* not supported yet */
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ pos+= plen;
+ break;
+ }
+- item_len-= (pos - old_pos);
+ }
+ }
+ for (i= SESSION_TRACK_BEGIN; i <= SESSION_TRACK_END; i++)
+@@ -2155,6 +2164,16 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ else if (mysql->server_capabilities & CLIENT_SESSION_TRACKING)
+ ma_clear_session_state(mysql);
+ return(0);
++
++oom:
++ ma_clear_session_state(mysql);
++ SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
++ return -1;
++
++corrupted:
++ ma_clear_session_state(mysql);
++ SET_CLIENT_ERROR(mysql, CR_MALFORMED_PACKET, SQLSTATE_UNKNOWN, 0);
++ return -1;
+ }
+
+ int mthd_my_read_query_result(MYSQL *mysql)
diff --git a/main/nrpe/APKBUILD b/main/nrpe/APKBUILD
index 44d2b163ab..c09b953a02 100644
--- a/main/nrpe/APKBUILD
+++ b/main/nrpe/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Jeff Bilyk <jbilyk@gmail.com>
pkgname=nrpe
pkgver=3.2.1
-pkgrel=0
+pkgrel=2
pkgusers="nagios"
pkggroups="nagios"
pkgdesc="NRPE allows you to remotely execute Nagios plugins on other Linux/Unix machines."
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index c6e075176b..eaa032f275 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -2,6 +2,10 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.4.48-r2:
+# - CVE-2020-25709
+# - CVE-2020-25710
+# - CVE-2020-25692
# 2.4.48-r1:
# - CVE-2020-12243
# 2.4.48-r0:
@@ -15,7 +19,7 @@
#
pkgname=openldap
pkgver=2.4.48
-pkgrel=1
+pkgrel=2
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -38,11 +42,14 @@ source="https://www.openldap.org/software/download/OpenLDAP/$pkgname-release/$pk
fix-manpages.patch
configs.patch
cacheflush.patch
+ CVE-2020-25709.patch
+ CVE-2020-25710.patch
+ CVE-2020-25692.patch
+ CVE-2020-12243.patch
slapd.initd
slapd.confd
- CVE-2020-12243.patch::https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -229,6 +236,9 @@ sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be79
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch
+61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7 CVE-2020-25709.patch
+abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2 CVE-2020-25710.patch
+023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4 CVE-2020-25692.patch
+fddf5cf57c5b4b1d0e148ce850aafe5791dd7772727c824e858fe97e375871d2d3f622894d978444f7c5d8d64160c6fd766ae91de5eac3eb7f5292ceaaf599ea CVE-2020-12243.patch
0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
-64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd
-d4d8bec1c23c73e7126462bfe2e51cb603d1e83be4c64698ac167f221d515554b3b0e311f9789450b5c4c206c09cbdad1842b0b5b2364919967195da4ea6d833 CVE-2020-12243.patch"
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/main/openldap/CVE-2020-12243.patch b/main/openldap/CVE-2020-12243.patch
new file mode 100644
index 0000000000..d8e10f5bc6
--- /dev/null
+++ b/main/openldap/CVE-2020-12243.patch
@@ -0,0 +1,125 @@
+From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 16 Apr 2020 01:08:19 +0100
+Subject: [PATCH] ITS#9202 limit depth of nested filters
+
+Using a hardcoded limit for now; no reasonable apps
+should ever run into it.
+---
+ servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
+ 1 file changed, 32 insertions(+), 9 deletions(-)
+
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
+index 3252cf2a7..ed57bbd7b 100644
+--- a/servers/slapd/filter.c
++++ b/servers/slapd/filter.c
+@@ -37,11 +37,16 @@
+ const Filter *slap_filter_objectClass_pres;
+ const struct berval *slap_filterstr_objectClass_pres;
+
++#ifndef SLAPD_MAX_FILTER_DEPTH
++#define SLAPD_MAX_FILTER_DEPTH 5000
++#endif
++
+ static int get_filter_list(
+ Operation *op,
+ BerElement *ber,
+ Filter **f,
+- const char **text );
++ const char **text,
++ int depth );
+
+ static int get_ssa(
+ Operation *op,
+@@ -80,12 +85,13 @@ filter_destroy( void )
+ return;
+ }
+
+-int
+-get_filter(
++static int
++get_filter0(
+ Operation *op,
+ BerElement *ber,
+ Filter **filt,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ ber_tag_t tag;
+ ber_len_t len;
+@@ -126,6 +132,11 @@ get_filter(
+ *
+ */
+
++ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
++ *text = "filter nested too deeply";
++ return SLAPD_DISCONNECT;
++ }
++
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+@@ -221,7 +232,7 @@ get_filter(
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_and, text );
++ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -234,7 +245,7 @@ get_filter(
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_or, text );
++ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -248,7 +259,7 @@ get_filter(
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
+ (void) ber_skip_tag( ber, &len );
+- err = get_filter( op, ber, &f.f_not, text );
++ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -311,10 +322,22 @@ get_filter(
+ return( err );
+ }
+
++int
++get_filter(
++ Operation *op,
++ BerElement *ber,
++ Filter **filt,
++ const char **text )
++{
++ return get_filter0( op, ber, filt, text, 0 );
++}
++
++
+ static int
+ get_filter_list( Operation *op, BerElement *ber,
+ Filter **f,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ Filter **new;
+ int err;
+@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+- err = get_filter( op, ber, new, text );
++ err = get_filter0( op, ber, new, text, depth );
+ if ( err != LDAP_SUCCESS )
+ return( err );
+ new = &(*new)->f_next;
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch
new file mode 100644
index 0000000000..941a4f56be
--- /dev/null
+++ b/main/openldap/CVE-2020-25692.patch
@@ -0,0 +1,27 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8dba..a22975540 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ mod_tmp->sml_values[1].bv_val = NULL;
+- if( desc->ad_type->sat_equality->smr_normalize) {
++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch
new file mode 100644
index 0000000000..d38c9d241d
--- /dev/null
+++ b/main/openldap/CVE-2020-25709.patch
@@ -0,0 +1,26 @@
+From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 13:12:10 +0000
+Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
+
+---
+ servers/slapd/schema_init.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index ea0d67aa6..28f9e71a1 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
+ /* Optional version */
+ if ( tag == LBER_INTEGER ) {
+ tag = ber_get_int( ber, &version );
+- assert( tag == LBER_INTEGER );
+- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ }
+ tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch
new file mode 100644
index 0000000000..9b9bae8b31
--- /dev/null
+++ b/main/openldap/CVE-2020-25710.patch
@@ -0,0 +1,27 @@
+From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 16:01:14 +0000
+Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
+
+---
+ servers/slapd/schema_init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 5812bc4b6..ea0d67aa6 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -5327,8 +5327,8 @@ csnNormalize23(
+ }
+ *ptr = '\0';
+
+- assert( ptr == &bv.bv_val[bv.bv_len] );
+- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
++ if ( ptr != &bv.bv_val[bv.bv_len] ||
++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+--
+GitLab
+
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
index da65eef6bb..d7f05247b8 100644
--- a/main/pcre/APKBUILD
+++ b/main/pcre/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pcre
pkgver=8.42
-pkgrel=1
+pkgrel=2
pkgdesc="Perl-compatible regular expression library"
url="http://pcre.sourceforge.net"
arch="all"
@@ -12,9 +12,13 @@ makedepends=""
checkdepends="paxmark"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
libpcrecpp libpcre16 libpcre32"
-source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2
+source="https://ftp.pcre.org/pub/pcre/pcre-$pkgver.tar.bz2
+ CVE-2020-14155.patch
"
+
# secfixes:
+# 8.42-r2:
+# - CVE-2020-14155
# 8.40-r2:
# - CVE-2017-7186
# 7.8-r0:
@@ -94,4 +98,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2"
+sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2
+23baa5fbaff7b52e861a539a83ad4406937d7a8a85d2a4e2419d0bea99204659e350caab68091d6354842297df2bb3097204bc63c4e1d3d9d1b94427efc46748 CVE-2020-14155.patch"
diff --git a/main/pcre/CVE-2020-14155.patch b/main/pcre/CVE-2020-14155.patch
new file mode 100644
index 0000000000..3bfa119f3b
--- /dev/null
+++ b/main/pcre/CVE-2020-14155.patch
@@ -0,0 +1,31 @@
+pcre: Fix int overflow when parsing "?C<arg>" callout args.
+
+Numerical args must be 0-255, so this shouldn't break correct usage.
+
+--- a/pcre_compile.c 2020/02/10 17:01:27 1760
++++ b/pcre_compile.c 2020/02/10 17:17:34 1761
+@@ -7130,17 +7130,19 @@
+ int n = 0;
+ ptr++;
+ while(IS_DIGIT(*ptr))
++ {
+ n = n * 10 + *ptr++ - CHAR_0;
++ if (n > 255)
++ {
++ *errorcodeptr = ERR38;
++ goto FAILED;
++ }
++ }
+ if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+- if (n > 255)
+- {
+- *errorcodeptr = ERR38;
+- goto FAILED;
+- }
+ *code++ = n;
+ PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+ PUT(code, LINK_SIZE, 0); /* Default length */
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
index 435c0428f4..6179607fc1 100644
--- a/main/postgresql/APKBUILD
+++ b/main/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: G.J.R. Timmer <gjr.timmer@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=postgresql
-pkgver=11.9
+pkgver=11.10
pkgrel=0
pkgdesc="A sophisticated object-relational DBMS"
url="https://www.postgresql.org/"
@@ -36,6 +36,10 @@ builddir="$srcdir/$pkgname-$pkgver"
options="!checkroot"
# secfixes:
+# 11.10-r0:
+# - CVE-2020-25694
+# - CVE-2020-25695
+# - CVE-2020-25696
# 11.9-r0:
# - CVE-2020-14349
# - CVE-2020-14350
@@ -312,7 +316,7 @@ _submv() {
done
}
-sha512sums="2c5c2f51aa01f02af4aa0849441767383e30fef69dd52efa442892f39d2456bfa8bf01f633a265e00eca0745e792609d2c1d33f77d8f29a02f5f374c84f2bf6e postgresql-11.9.tar.bz2
+sha512sums="0cc0e9b0f76e00727dc699ea59a45d760d37d91ec736a62cbc9bda3e38eb1ef1565e4e399dd3ae96bad87f866e56e364f916de7740d8be6e1cfc2bf654dfbb68 postgresql-11.10.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/main/py-django/APKBUILD b/main/py-django/APKBUILD
index b5168c142b..479ba87cf7 100644
--- a/main/py-django/APKBUILD
+++ b/main/py-django/APKBUILD
@@ -3,7 +3,7 @@
pkgname=py-django
_pkgname=Django
pkgver=1.11.29
-pkgrel=0
+pkgrel=1
pkgdesc="A high-level Python Web framework"
url="http://djangoproject.com/"
arch="noarch"
@@ -12,10 +12,16 @@ depends="py-tz"
makedepends="python2-dev python3-dev py-setuptools"
options="!check" # some depends missing, others in community/testing
subpackages="py2-${pkgname#py-}:_py2 py3-${pkgname#py-}:_py3"
-source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
+source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz
+ CVE-2020-24583.patch
+ CVE-2020-24584.patch
+ "
builddir="$srcdir"/$_pkgname-$pkgver
# secfixes:
+# 1.11.29-r1:
+# - CVE-2020-24583
+# - CVE-2020-24584
# 1.11.29-r0:
# - CVE-2020-9402
# 1.11.28-r0:
@@ -99,4 +105,6 @@ _py() {
done
}
-sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz"
+sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz
+e4eda8069558471268f2e8a705877b3f682adac80221ade5ba742476f897eb3a13d82af7367083b707186e4a49de4f7a6beaadc05274d10b9c88cb2f169ff1a9 CVE-2020-24583.patch
+4fde0868b63a739c28e066665e098bb7a667fe81311a839ff7d1dfff13cb67751271be6e88b4f245aa3ebcbd2bb856730418f3006f7820405cd54bf951e98faf CVE-2020-24584.patch"
diff --git a/main/py-django/CVE-2020-24583.patch b/main/py-django/CVE-2020-24583.patch
new file mode 100644
index 0000000000..b21c6b8ead
--- /dev/null
+++ b/main/py-django/CVE-2020-24583.patch
@@ -0,0 +1,29 @@
+From bbf6bd8a50a02d5015a2b0043abfbf2b4e6acce6 Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Fri, 11 Dec 2020 02:07:01 -0300
+Subject: [PATCH 1/2] CVE-2020-24583
+
+---
+ django/core/files/storage.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/django/core/files/storage.py b/django/core/files/storage.py
+index 98c89dd..9643198 100644
+--- a/django/core/files/storage.py
++++ b/django/core/files/storage.py
+@@ -310,9 +310,9 @@ class FileSystemStorage(Storage):
+ if not os.path.exists(directory):
+ try:
+ if self.directory_permissions_mode is not None:
+- # os.makedirs applies the global umask, so we reset it,
+- # for consistency with file_permissions_mode behavior.
+- old_umask = os.umask(0)
++ # Set the umask because os.makedirs() doesn't apply the "mode"
++ # argument to intermediate-level directories.
++ old_umask = os.umask(0o777 & ~self.directory_permissions_mode)
+ try:
+ os.makedirs(directory, self.directory_permissions_mode)
+ finally:
+--
+2.29.2
+
diff --git a/main/py-django/CVE-2020-24584.patch b/main/py-django/CVE-2020-24584.patch
new file mode 100644
index 0000000000..fa4dc132a5
--- /dev/null
+++ b/main/py-django/CVE-2020-24584.patch
@@ -0,0 +1,30 @@
+From 13e83e6f60d9ed91316c975425bc4b89c130ec9c Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Fri, 11 Dec 2020 02:08:48 -0300
+Subject: [PATCH 2/2] CVE-2020-24584
+
+---
+ django/core/cache/backends/filebased.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/django/core/cache/backends/filebased.py b/django/core/cache/backends/filebased.py
+index 7c2c5c7..88cebef 100644
+--- a/django/core/cache/backends/filebased.py
++++ b/django/core/cache/backends/filebased.py
+@@ -102,8 +102,13 @@ class FileBasedCache(BaseCache):
+
+ def _createdir(self):
+ if not os.path.exists(self._dir):
++ # Set the umask because os.makedirs() doesn't apply the "mode" argument
++ # to intermediate-level directories.
++ old_umask = os.umask(0o077)
+ try:
+ os.makedirs(self._dir, 0o700)
++ finally:
++ os.umask(old_umask)
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise EnvironmentError(
+--
+2.29.2
+
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index da95d86142..c6e0ec7acc 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -33,6 +33,10 @@ options="!check" # does not work. Error message is about "applet not found", so
# - CVE-2020-15810
# - CVE-2020-15811
# - CVE-2020-24606
+# 4.11-r0:
+# - CVE-2019-12519
+# - CVE-2019-12521
+# - CVE-2020-11945
# 4.10-r0:
# - CVE-2019-12528
# - CVE-2020-8449