aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/php7-pecl-timezonedb/APKBUILD29
-rw-r--r--community/zabbix/APKBUILD6
-rw-r--r--community/zabbix/zabbix-agentd.initd31
-rw-r--r--main/bind/CVE-2020-8619.patch545
-rw-r--r--main/bluez/APKBUILD8
-rw-r--r--main/bluez/CVE-2020-27153.patch95
-rw-r--r--main/cups/APKBUILD11
-rw-r--r--main/cups/CVE-2019-8842.patch13
-rw-r--r--main/cups/CVE-2020-3898.patch14
-rw-r--r--main/curl/APKBUILD8
-rw-r--r--main/curl/CVE-2020-8231.patch123
-rw-r--r--main/dovecot/APKBUILD9
-rw-r--r--main/dovecot/CVE-2020-12673.patch31
-rw-r--r--main/dovecot/CVE-2020-12674.patch22
-rw-r--r--main/jbig2dec/APKBUILD13
-rw-r--r--main/jbig2dec/CVE-2020-12268.patch44
-rw-r--r--main/krb5/APKBUILD6
-rw-r--r--main/krb5/CVE-2018-20217.patch72
-rw-r--r--main/krb5/CVE-2020-28196.patch100
-rw-r--r--main/mariadb-connector-c/APKBUILD13
-rw-r--r--main/mariadb-connector-c/CVE-2020-13249.patch154
-rw-r--r--main/musl/APKBUILD10
-rw-r--r--main/musl/wcsnrtombs-cve-2020-28928.diff65
-rw-r--r--main/nrpe/APKBUILD2
-rw-r--r--main/openldap/APKBUILD18
-rw-r--r--main/openldap/CVE-2020-12243.patch125
-rw-r--r--main/openldap/CVE-2020-25692.patch27
-rw-r--r--main/openldap/CVE-2020-25709.patch26
-rw-r--r--main/openldap/CVE-2020-25710.patch27
-rw-r--r--main/pcre/APKBUILD11
-rw-r--r--main/pcre/CVE-2020-14155.patch31
-rw-r--r--main/perl-datetime-timezone/APKBUILD43
-rw-r--r--main/postgresql/APKBUILD8
-rw-r--r--main/py-django/APKBUILD14
-rw-r--r--main/py-django/CVE-2020-24583.patch29
-rw-r--r--main/py-django/CVE-2020-24584.patch30
-rw-r--r--main/squid/APKBUILD13
-rw-r--r--main/tcpdump/APKBUILD11
-rw-r--r--main/tcpdump/CVE-2020-8037.patch63
-rw-r--r--main/tzdata/APKBUILD10
-rw-r--r--main/xen/APKBUILD1
-rw-r--r--main/xorg-server/APKBUILD18
-rw-r--r--main/xorg-server/CVE-2020-14345.patch178
-rw-r--r--main/xorg-server/CVE-2020-14346.patch31
-rw-r--r--main/xorg-server/CVE-2020-14361.patch31
-rw-r--r--main/xorg-server/CVE-2020-14362.patch65
46 files changed, 2053 insertions, 181 deletions
diff --git a/community/php7-pecl-timezonedb/APKBUILD b/community/php7-pecl-timezonedb/APKBUILD
index 55bfa4326e..5026e0a52f 100644
--- a/community/php7-pecl-timezonedb/APKBUILD
+++ b/community/php7-pecl-timezonedb/APKBUILD
@@ -1,33 +1,36 @@
# Contributor: Fabio Ribeiro <fabiorphp@gmail.com>
# Maintainer: Fabio Ribeiro <fabiorphp@gmail.com>
pkgname=php7-pecl-timezonedb
-_pkgreal=timezonedb
-pkgver=2018.9
+_extname=timezonedb
+pkgver=2020.4
pkgrel=0
pkgdesc="Timezone Database to be used with PHP's date and time functions."
url="https://pecl.php.net/package/timezonedb"
arch="all"
-license="PHP"
+license="PHP-3.01"
depends="php7-common"
-makedepends="php7-dev autoconf re2c"
-source="https://pecl.php.net/get/$_pkgreal-$pkgver.tgz"
-builddir="$srcdir/$_pkgreal-$pkgver"
-options="!check" # upstream does not provide tests yet
+makedepends="php7-dev"
+source="https://pecl.php.net/get/$_extname-$pkgver.tgz"
+builddir="$srcdir/$_extname-$pkgver"
provides="php7-timezonedb=$pkgver-r$pkgrel" # for backward compatibility
replaces="php7-timezonedb" # for backward compatibility
build() {
- cd "$builddir"
phpize7
./configure --prefix=/usr --with-php-config=php-config7
make
}
+check() {
+ # Test suite is not a part of pecl release.
+ php7 -d extension=modules/$_extname.so --ri $_extname
+}
+
package() {
- cd "$builddir"
- make INSTALL_ROOT="$pkgdir"/ install
- install -d "$pkgdir"/etc/php7/conf.d
- echo "extension=$_pkgreal.so" > "$pkgdir"/etc/php7/conf.d/40_$_pkgreal.ini
+ make INSTALL_ROOT="$pkgdir" install
+ local _confdir="$pkgdir"/etc/php7/conf.d
+ install -d $_confdir
+ echo "extension=$_extname.so" > $_confdir/40_$_extname.ini
}
-sha512sums="77fabe3aa0283900ea2d3d20caaf7c4b9bac1859249c9df4f0225c203fc92310dfe9b4144640af034a4ba86ba78a748a39980ff796affc67edc99ec874867e06 timezonedb-2018.9.tgz"
+sha512sums="d5c41c76b4b0b033464a4f086072d061504fc439c910c47a7077a0586b308cc37a4202ff9f418a39cee63534d55136d15a173bb94923160c0fa16bb33ac89a09 timezonedb-2020.4.tgz"
diff --git a/community/zabbix/APKBUILD b/community/zabbix/APKBUILD
index 9d9290ca24..9daf7982e3 100644
--- a/community/zabbix/APKBUILD
+++ b/community/zabbix/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=zabbix
-pkgver=4.0.21
+pkgver=4.0.27
pkgrel=0
pkgdesc="Enterprise-class open source distributed monitoring"
url="http://www.zabbix.com"
@@ -200,10 +200,10 @@ agent_openrc() {
"$subpkgdir"/etc/init.d/zabbix-agentd
}
-sha512sums="f93137602a6f89feed66d35d6604f92bb4f8b6831cd9348108408a5bddeb98ac22ed72077e59b6e9dd12b894d115c0e410912e0c1d83bb36a9398188dbe80e30 zabbix-4.0.21.tar.gz
+sha512sums="c5187c4421db0d179a49a7ef3af0a0bca950090644bbf8b474a5be807a8e54d08688946e5c9a63e5f367487314d806873718b081f2dc62ac310a2c19f1472eaf zabbix-4.0.27.tar.gz
9998ee172a28002d98bacc3f76038ff52b8cf2b206e101418d76b4ca3de94afaf92cb4f7a6235ecf177f74beb9dd3ea1f3983c4f164b4f60bb601acba65aa175 zabbix-server.initd
9c06527bf653c40585fa7eeb3f7a0b2fc454031d24cd0d1633aed87b78a681c5227a193c5b9fcfcea0839135874e27ba7dd9b198573f905f680a2856f79e9512 zabbix-server.confd
-523013cab3ba79cbc00db92f09d4c5d514fd6aa9cbebf8f29227dc91fbc19d2f8375af74c21d2037e4f3380a818f808194dbc94e69709ef2cf90f66e715895c4 zabbix-agentd.initd
+c6513c5cdc4709886ad2f2351ddd9fb3a5aeb35d07a3ca34ca7a531cc48be3b3c1dab74aecabe67aac78146bb5ee984c102b882707d1fbfa4120cf780eca9a92 zabbix-agentd.initd
a26e7ac422ff60a4b8eed3603022c3a1bde640870bb9286ab061c3cb5c2fd7e91ddb317cb3d1cf61034adda0a080fc212ad416c9e2853a1deb03c5279753f4e2 zabbix-proxy.initd
9fc413b11a01c8202c7ee1c7950d6ca3de2d2d6cd01bea994cd4bc412533b53c4e4b1f58fc3c8df16ea70902053e278e2c5dcc936ce3e0a686a6eac62310ef53 zabbix-getloadavg.patch
7f70dfd602aa164ec8cc65ebb7e8274c685975f6aea9051933928051b8d9b6e368e5a673a07e7084a2105468c5085d72fa7b9f934460f10648d594f28f031a91 automake.patch
diff --git a/community/zabbix/zabbix-agentd.initd b/community/zabbix/zabbix-agentd.initd
index 56d67db8ae..c24b0f8226 100644
--- a/community/zabbix/zabbix-agentd.initd
+++ b/community/zabbix/zabbix-agentd.initd
@@ -1,34 +1,19 @@
#!/sbin/openrc-run
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/zabbix/files/1.6.6/init.d/zabbix-agentd,v 1.1 2009/10/05 15:55:23 patrick Exp $
-# ensure the same file is specified as PidFile in /etc/zabbix/zabbix_agentd.conf
-pidfile=/var/run/zabbix/zabbix_agentd.pid
-user=zabbix
-group=zabbix
+name="Zabbix Agent"
+command="/usr/sbin/zabbix_agentd"
+command_args="--foreground"
+command_background=yes
+pidfile="/run/zabbix/zabbix_agentd.pid"
+: ${command_user:=zabbix}
+: ${command_group:=zabbix}
start_pre() {
- checkpath --owner ${user}:${group} --directory ${pidfile%/*}
+ checkpath --owner ${command_user}:${command_group} --directory ${pidfile%/*} /var/log/zabbix
}
-
depend() {
need net
provide zabbix-agent
use zabbix-server
}
-
-start() {
- ebegin "Starting Zabbix agent"
- start-stop-daemon --pidfile ${pidfile} --start --user ${user}:${group} --exec /usr/sbin/zabbix_agentd
- eend $?
-}
-
-stop() {
- ebegin "Stopping Zabbix agent"
- start-stop-daemon --stop --user ${user} --pidfile ${pidfile}
- eend $?
-}
-
-
diff --git a/main/bind/CVE-2020-8619.patch b/main/bind/CVE-2020-8619.patch
new file mode 100644
index 0000000000..e6d305bdb8
--- /dev/null
+++ b/main/bind/CVE-2020-8619.patch
@@ -0,0 +1,545 @@
+From 569cc155b8680d8ed12db1fabbe20947db24a0f9 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 2 Jun 2020 12:38:40 +1000
+Subject: [PATCH] Remove INSIST from from new_reference
+
+RBTDB node can now appear on the deadnodes lists following the changes
+to decrement_reference in 176b23b6cd98e5b58f832902fdbe964ee5f762d0 to
+defer checking of node->down when the tree write lock is not held. The
+node should be unlinked instead.
+---
+ lib/dns/rbtdb.c | 173 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 100 insertions(+), 73 deletions(-)
+
+diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
+index bfe3538a59..87fbdb317b 100644
+--- a/lib/dns/rbtdb.c
++++ b/lib/dns/rbtdb.c
+@@ -1858,8 +1858,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+ * Caller must be holding the node lock.
+ */
+ static inline void
+-new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
++ isc_rwlocktype_t locktype) {
++ if (locktype == isc_rwlocktype_write && ISC_LINK_LINKED(node, deadlink))
++ {
++ ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], node,
++ deadlink);
++ }
+ if (isc_refcount_increment0(&node->references) == 0) {
+ /* this is the first reference to the node */
+ isc_refcount_increment0(
+@@ -1877,13 +1882,14 @@ is_leaf(dns_rbtnode_t *node) {
+ }
+
+ static inline void
+-send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
++send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
++ isc_rwlocktype_t locktype) {
+ isc_event_t *ev;
+ dns_db_t *db;
+
+ ev = isc_event_allocate(rbtdb->common.mctx, NULL, DNS_EVENT_RBTPRUNE,
+ prune_tree, node, sizeof(isc_event_t));
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+ db = NULL;
+ attach((dns_db_t *)rbtdb, &db);
+ ev->ev_sender = db;
+@@ -1919,7 +1925,7 @@ cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) {
+ node->data == NULL);
+
+ if (is_leaf(node) && rbtdb->task != NULL) {
+- send_to_prune_tree(rbtdb, node);
++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
+ } else if (node->down == NULL && node->data == NULL) {
+ /*
+ * Not a interior node and not needing to be
+@@ -1987,7 +1993,7 @@ reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+ }
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+
+ NODE_UNLOCK(nodelock, locktype);
+ }
+@@ -2122,15 +2128,17 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+ * periodic walk-through).
+ */
+ if (!pruning && is_leaf(node) && rbtdb->task != NULL) {
+- send_to_prune_tree(rbtdb, node);
++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
+ no_reference = false;
+ } else {
+ delete_node(rbtdb, node);
+ }
+ } else {
+ INSIST(node->data == NULL);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
+- ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, deadlink);
++ if (!ISC_LINK_LINKED(node, deadlink)) {
++ ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node,
++ deadlink);
++ }
+ }
+
+ restore_locks:
+@@ -2200,16 +2208,13 @@ prune_tree(isc_task_t *task, isc_event_t *event) {
+
+ /*
+ * We need to gain a reference to the node before
+- * decrementing it in the next iteration. In addition,
+- * if the node is in the dead-nodes list, extract it
+- * from the list beforehand as we do in
+- * reactivate_node().
++ * decrementing it in the next iteration.
+ */
+ if (ISC_LINK_LINKED(parent, deadlink)) {
+ ISC_LIST_UNLINK(rbtdb->deadnodes[locknum],
+ parent, deadlink);
+ }
+- new_reference(rbtdb, parent);
++ new_reference(rbtdb, parent, isc_rwlocktype_write);
+ } else {
+ parent = NULL;
+ }
+@@ -2976,7 +2981,7 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+ * We increment the reference count on node to ensure that
+ * search->zonecut_rdataset will still be valid later.
+ */
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, isc_rwlocktype_read);
+ search->zonecut = node;
+ search->zonecut_rdataset = found;
+ search->need_cleanup = true;
+@@ -3028,7 +3033,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+
+ static inline void
+ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
+- isc_stdtime_t now, dns_rdataset_t *rdataset) {
++ isc_stdtime_t now, isc_rwlocktype_t locktype,
++ dns_rdataset_t *rdataset) {
+ unsigned char *raw; /* RDATASLAB */
+
+ /*
+@@ -3043,7 +3049,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
+ return;
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, locktype);
+
+ INSIST(rdataset->methods == NULL); /* We must be disassociated. */
+
+@@ -3148,12 +3154,12 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep,
+ NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+ isc_rwlocktype_read);
+ bind_rdataset(search->rbtdb, node, search->zonecut_rdataset,
+- search->now, rdataset);
++ search->now, isc_rwlocktype_read, rdataset);
+ if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL)
+ {
+ bind_rdataset(search->rbtdb, node,
+ search->zonecut_sigrdataset, search->now,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
+ isc_rwlocktype_read);
+@@ -3818,18 +3824,21 @@ again:
+ foundname, NULL);
+ if (result == ISC_R_SUCCESS) {
+ if (nodep != NULL) {
+- new_reference(search->rbtdb,
+- node);
++ new_reference(
++ search->rbtdb, node,
++ isc_rwlocktype_read);
+ *nodep = node;
+ }
+ bind_rdataset(search->rbtdb, node,
+ found, search->now,
++ isc_rwlocktype_read,
+ rdataset);
+ if (foundsig != NULL) {
+- bind_rdataset(search->rbtdb,
+- node, foundsig,
+- search->now,
+- sigrdataset);
++ bind_rdataset(
++ search->rbtdb, node,
++ foundsig, search->now,
++ isc_rwlocktype_read,
++ sigrdataset);
+ }
+ }
+ } else if (found == NULL && foundsig == NULL) {
+@@ -4114,7 +4123,8 @@ found:
+ * ensure that search->zonecut_rdataset will
+ * still be valid later.
+ */
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node,
++ isc_rwlocktype_read);
+ search.zonecut = node;
+ search.zonecut_rdataset = header;
+ search.zonecut_sigrdataset = NULL;
+@@ -4292,7 +4302,7 @@ found:
+ goto node_exit;
+ }
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node, isc_rwlocktype_read);
+ *nodep = node;
+ }
+ if ((search.rbtversion->secure == dns_db_secure &&
+@@ -4300,10 +4310,10 @@ found:
+ (search.options & DNS_DBFIND_FORCENSEC) != 0)
+ {
+ bind_rdataset(search.rbtdb, node, nsecheader, 0,
+- rdataset);
++ isc_rwlocktype_read, rdataset);
+ if (nsecsig != NULL) {
+ bind_rdataset(search.rbtdb, node, nsecsig, 0,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+ if (wild) {
+@@ -4376,7 +4386,7 @@ found:
+
+ if (nodep != NULL) {
+ if (!at_zonecut) {
+- new_reference(search.rbtdb, node);
++ new_reference(search.rbtdb, node, isc_rwlocktype_read);
+ } else {
+ search.need_cleanup = false;
+ }
+@@ -4384,10 +4394,11 @@ found:
+ }
+
+ if (type != dns_rdatatype_any) {
+- bind_rdataset(search.rbtdb, node, found, 0, rdataset);
++ bind_rdataset(search.rbtdb, node, found, 0, isc_rwlocktype_read,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, 0,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+
+@@ -4570,8 +4581,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
+ * We increment the reference count on node to ensure that
+ * search->zonecut_rdataset will still be valid later.
+ */
+- new_reference(search->rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search->rbtdb, node, locktype);
+ search->zonecut = node;
+ search->zonecut_rdataset = dname_header;
+ search->zonecut_sigrdataset = sigdname_header;
+@@ -4679,14 +4689,15 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
+ }
+ result = DNS_R_DELEGATION;
+ if (nodep != NULL) {
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search->rbtdb, node, found, search->now,
+- rdataset);
++ locktype, rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search->rbtdb, node, foundsig,
+- search->now, sigrdataset);
++ search->now, locktype,
++ sigrdataset);
+ }
+ if (need_headerupdate(found, search->now) ||
+ (foundsig != NULL &&
+@@ -4795,13 +4806,13 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
+ if (result != ISC_R_SUCCESS) {
+ goto unlock_node;
+ }
+- bind_rdataset(search->rbtdb, node, found, now,
++ bind_rdataset(search->rbtdb, node, found, now, locktype,
+ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search->rbtdb, node, foundsig,
+- now, sigrdataset);
++ now, locktype, sigrdataset);
+ }
+- new_reference(search->rbtdb, node);
++ new_reference(search->rbtdb, node, locktype);
+ *nodep = node;
+ result = DNS_R_COVERINGNSEC;
+ } else if (!empty_node) {
+@@ -5026,18 +5037,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0 &&
+ nsecheader != NULL) {
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search.rbtdb, node, nsecheader,
+- search.now, rdataset);
++ search.now, locktype, rdataset);
+ if (need_headerupdate(nsecheader, search.now)) {
+ update = nsecheader;
+ }
+ if (nsecsig != NULL) {
+ bind_rdataset(search.rbtdb, node, nsecsig,
+- search.now, sigrdataset);
++ search.now, locktype,
++ sigrdataset);
+ if (need_headerupdate(nsecsig, search.now)) {
+ updatesig = nsecsig;
+ }
+@@ -5052,18 +5063,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ */
+ if (nsheader != NULL) {
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+ bind_rdataset(search.rbtdb, node, nsheader, search.now,
+- rdataset);
++ locktype, rdataset);
+ if (need_headerupdate(nsheader, search.now)) {
+ update = nsheader;
+ }
+ if (nssig != NULL) {
+ bind_rdataset(search.rbtdb, node, nssig,
+- search.now, sigrdataset);
++ search.now, locktype,
++ sigrdataset);
+ if (need_headerupdate(nssig, search.now)) {
+ updatesig = nssig;
+ }
+@@ -5084,8 +5095,7 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ */
+
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+
+@@ -5117,13 +5127,14 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
+ if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN ||
+ result == DNS_R_NCACHENXRRSET)
+ {
+- bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
++ bind_rdataset(search.rbtdb, node, found, search.now, locktype,
++ rdataset);
+ if (need_headerupdate(found, search.now)) {
+ update = found;
+ }
+ if (!NEGATIVE(found) && foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, search.now,
+- sigrdataset);
++ locktype, sigrdataset);
+ if (need_headerupdate(foundsig, search.now)) {
+ updatesig = foundsig;
+ }
+@@ -5282,15 +5293,15 @@ cache_findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options,
+ }
+
+ if (nodep != NULL) {
+- new_reference(search.rbtdb, node);
+- INSIST(!ISC_LINK_LINKED(node, deadlink));
++ new_reference(search.rbtdb, node, locktype);
+ *nodep = node;
+ }
+
+- bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
++ bind_rdataset(search.rbtdb, node, found, search.now, locktype,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(search.rbtdb, node, foundsig, search.now,
+- sigrdataset);
++ locktype, sigrdataset);
+ }
+
+ if (need_headerupdate(found, search.now) ||
+@@ -5653,10 +5664,11 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+ }
+ if (found != NULL) {
+- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
++ bind_rdataset(rbtdb, rbtnode, found, now, isc_rwlocktype_read,
++ rdataset);
+ if (foundsig != NULL) {
+ bind_rdataset(rbtdb, rbtnode, foundsig, now,
+- sigrdataset);
++ isc_rwlocktype_read, sigrdataset);
+ }
+ }
+
+@@ -5747,9 +5759,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+ }
+ if (found != NULL) {
+- bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
++ bind_rdataset(rbtdb, rbtnode, found, now, locktype, rdataset);
+ if (!NEGATIVE(found) && foundsig != NULL) {
+- bind_rdataset(rbtdb, rbtnode, foundsig, now,
++ bind_rdataset(rbtdb, rbtnode, foundsig, now, locktype,
+ sigrdataset);
+ }
+ }
+@@ -5917,6 +5929,9 @@ resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader) {
+ return (result);
+ }
+
++/*
++ * node write lock must be held.
++ */
+ static void
+ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ rdatasetheader_t *header) {
+@@ -5928,7 +5943,8 @@ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
+ header->heap_index);
+ header->heap_index = 0;
+ if (version != NULL) {
+- new_reference(rbtdb, header->node);
++ new_reference(rbtdb, header->node,
++ isc_rwlocktype_write);
+ ISC_LIST_APPEND(version->resigned_list, header, link);
+ }
+ }
+@@ -5959,6 +5975,9 @@ update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion,
+ RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
+ }
+
++/*
++ * write lock on rbtnode must be held.
++ */
+ static isc_result_t
+ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
+ rbtdb_version_t *rbtversion, rdatasetheader_t *newheader,
+@@ -6085,9 +6104,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
+ free_rdataset(rbtdb, rbtdb->common.mctx,
+ newheader);
+ if (addedrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode,
+- topheader, now,
+- addedrdataset);
++ bind_rdataset(
++ rbtdb, rbtnode,
++ topheader, now,
++ isc_rwlocktype_write,
++ addedrdataset);
+ }
+ return (DNS_R_UNCHANGED);
+ }
+@@ -6147,6 +6168,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (DNS_R_UNCHANGED);
+@@ -6258,6 +6280,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (ISC_R_SUCCESS);
+@@ -6307,6 +6330,7 @@ find_header:
+ free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
+ if (addedrdataset != NULL) {
+ bind_rdataset(rbtdb, rbtnode, header, now,
++ isc_rwlocktype_write,
+ addedrdataset);
+ }
+ return (ISC_R_SUCCESS);
+@@ -6504,7 +6528,8 @@ find_header:
+ }
+
+ if (addedrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode, newheader, now, addedrdataset);
++ bind_rdataset(rbtdb, rbtnode, newheader, now,
++ isc_rwlocktype_write, addedrdataset);
+ }
+
+ return (ISC_R_SUCCESS);
+@@ -7045,13 +7070,15 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
+ }
+
+ if (result == ISC_R_SUCCESS && newrdataset != NULL) {
+- bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset);
++ bind_rdataset(rbtdb, rbtnode, newheader, 0,
++ isc_rwlocktype_write, newrdataset);
+ }
+
+ if (result == DNS_R_NXRRSET && newrdataset != NULL &&
+ (options & DNS_DBSUB_WANTOLD) != 0)
+ {
+- bind_rdataset(rbtdb, rbtnode, header, 0, newrdataset);
++ bind_rdataset(rbtdb, rbtnode, header, 0, isc_rwlocktype_write,
++ newrdataset);
+ }
+
+ unlock:
+@@ -7929,8 +7956,7 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) {
+ /* Note that the access to origin_node doesn't require a DB lock */
+ onode = (dns_rbtnode_t *)rbtdb->origin_node;
+ if (onode != NULL) {
+- new_reference(rbtdb, onode);
+-
++ new_reference(rbtdb, onode, isc_rwlocktype_none);
+ *nodep = rbtdb->origin_node;
+ } else {
+ INSIST(IS_CACHE(rbtdb));
+@@ -8123,7 +8149,8 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, dns_name_t *foundname) {
+ * Found something; pass back the answer and unlock
+ * the bucket.
+ */
+- bind_rdataset(rbtdb, header->node, header, 0, rdataset);
++ bind_rdataset(rbtdb, header->node, header, 0,
++ isc_rwlocktype_read, rdataset);
+
+ if (foundname != NULL) {
+ dns_rbt_fullnamefromnode(header->node, foundname);
+@@ -9130,7 +9157,7 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) {
+ isc_rwlocktype_read);
+
+ bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now,
+- rdataset);
++ isc_rwlocktype_read, rdataset);
+
+ NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
+ isc_rwlocktype_read);
+@@ -9585,7 +9612,7 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep,
+ result = ISC_R_SUCCESS;
+ }
+
+- new_reference(rbtdb, node);
++ new_reference(rbtdb, node, isc_rwlocktype_none);
+
+ *nodep = rbtdbiter->node;
+
+@@ -10498,7 +10525,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
+ * We first need to gain a new reference to the node to meet a
+ * requirement of decrement_reference().
+ */
+- new_reference(rbtdb, header->node);
++ new_reference(rbtdb, header->node, isc_rwlocktype_write);
+ decrement_reference(rbtdb, header->node, 0,
+ isc_rwlocktype_write,
+ tree_locked ? isc_rwlocktype_write
+--
+GitLab
diff --git a/main/bluez/APKBUILD b/main/bluez/APKBUILD
index 7a6788eacb..e431f069e5 100644
--- a/main/bluez/APKBUILD
+++ b/main/bluez/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=bluez
pkgver=5.50
-pkgrel=1
+pkgrel=2
pkgdesc="Tools for the Bluetooth protocol stack"
url="http://www.bluez.org/"
arch="all"
@@ -25,10 +25,13 @@ source="https://www.kernel.org/pub/linux/bluetooth/bluez-$pkgver.tar.xz
disable-lock-test.patch
fix-endianness.patch
CVE-2020-0556.patch
+ CVE-2020-27153.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 5.50-r2:
+# - CVE-2020-27153
# 5.50-r1:
# - CVE-2020-0556
@@ -126,4 +129,5 @@ d5fd1c962bd846eaa6fff879bab85f753eb367d514f82d133b5d3242e1da989af5eddd942c60a87d
41ce7ccf78cca97563f0ef31e01dac6eb4484c24fe57be360b5e8de8c5bff5845e9d395766f891bd3f123788344456c88c9fc00cd1bb7c6a1dca89d09f19172b bluez-5.40-obexd_without_systemd-1.patch
04c4889372c8e790bb338dde7ffa76dc32fcf7370025c71b9184fcf17fd01ade4a6613d84d648303af3bbc54043ad489f29fc0cd4679ec8c9029dcb846d7e026 disable-lock-test.patch
118d55183860f395fc4bdc93efffb13902ebf7388cad722b9061cd2860d404333e500af521741c3d92c0f8a161f6810348fbeb6682e49c372383f417aed8c76a fix-endianness.patch
-1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch"
+1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch
+c8e65bdfb5edc8edd0d1f9a153a7d5b953f0c5700aa61645af251cd857117990090a27c0ee133056fc045d0f6b6a3c1aad60ff0dfd3707c2c5ba29c518fccca8 CVE-2020-27153.patch"
diff --git a/main/bluez/CVE-2020-27153.patch b/main/bluez/CVE-2020-27153.patch
new file mode 100644
index 0000000000..48a346fe2c
--- /dev/null
+++ b/main/bluez/CVE-2020-27153.patch
@@ -0,0 +1,95 @@
+Adapted from https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
+
+diff --git a/src/shared/att.c b/src/shared/att.c
+index 0ea6d55..b0fdb8e 100644
+--- a/src/shared/att.c
++++ b/src/shared/att.c
+@@ -62,6 +62,7 @@ struct bt_att {
+ struct queue *ind_queue; /* Queued ATT protocol indications */
+ struct att_send_op *pending_ind;
+ struct queue *write_queue; /* Queue of PDUs ready to send */
++ bool in_disc; /* Cleanup queues on disconnect_cb */
+ bool writer_active;
+
+ struct queue *notify_list; /* List of registered callbacks */
+@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data)
+ free(op);
+ }
+
+-static void cancel_att_send_op(struct att_send_op *op)
++static void cancel_att_send_op(void *data)
+ {
++ struct att_send_op *op = data;
++
+ if (op->destroy)
+ op->destroy(op->user_data);
+
+@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data)
+ att->io = NULL;
+ att->fd = -1;
+
+- /* Notify request callbacks */
+- queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
+- queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
+- queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
+-
+ if (att->pending_req) {
+ disc_att_send_op(att->pending_req);
+ att->pending_req = NULL;
+@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data)
+
+ bt_att_ref(att);
+
++ att->in_disc = true;
++
++ /* Notify request callbacks */
++ queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op);
++ queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op);
++ queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op);
++
++ att->in_disc = false;
++
+ queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err));
+
+ bt_att_unregister_all(att);
+@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b)
+ return op->id == id;
+ }
+
++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id)
++{
++ struct att_send_op *op;
++
++ op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id));
++ if (op)
++ goto done;
++
++ op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id));
++ if (op)
++ goto done;
++
++ op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id));
++
++done:
++ if (!op)
++ return false;
++
++ /* Just cancel since disconnect_cb will be cleaning up */
++ cancel_att_send_op(op);
++
++ return true;
++}
++
+ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ {
+ struct att_send_op *op;
+@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id)
+ return true;
+ }
+
++ if (att->in_disc)
++ return bt_att_disc_cancel(att, id);
++
+ op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id));
+ if (op)
+ goto done;
diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD
index 3c7166e23d..127c7292d8 100644
--- a/main/cups/APKBUILD
+++ b/main/cups/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cups
pkgver=2.2.12
-pkgrel=0
+pkgrel=1
pkgdesc="The CUPS Printing System"
url="https://www.cups.org/"
arch="all"
@@ -20,10 +20,15 @@ source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-so
cupsd.initd
cups-no-export-ssllibs.patch
default-config-no-gssapi.patch
+ CVE-2019-8842.patch
+ CVE-2020-3898.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 2.2.12-r1:
+# - CVE-2019-8842
+# - CVE-2020-3898
# 2.2.12-r0:
# - CVE-2019-8696
# - CVE-2019-8675
@@ -134,4 +139,6 @@ sha512sums="b8e7be512938ad388d469d093ad0c882ab42ea1408c27a91340f8424aa0e79e588df
cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate
2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd
7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch
-98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch"
+98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch
+1a6dc3560c78eef28cad977abde076c02791e34fc05e53ce3137ac4ff1feb2f6bae5f64ba8733f44280ac4273d825372b29b15da6bb179776496f62a7d06462d CVE-2019-8842.patch
+560466d3721cd105ef1e6aa03d0cb6c55964e94f06fe80e2f8570d481941cfd03ac6940d0108e111ea7f4bee55460b93423975410890e105902c5a4ce3b79d77 CVE-2020-3898.patch"
diff --git a/main/cups/CVE-2019-8842.patch b/main/cups/CVE-2019-8842.patch
new file mode 100644
index 0000000000..2e1a212239
--- /dev/null
+++ b/main/cups/CVE-2019-8842.patch
@@ -0,0 +1,13 @@
+diff --git a/cups/ipp.c b/cups/ipp.c
+index b0762fd..dba4f31 100644
+--- a/cups/ipp.c
++++ b/cups/ipp.c
+@@ -2960,7 +2960,7 @@ ippReadIO(void *src, /* I - Data source */
+ * Read 32-bit "extension" tag...
+ */
+
+- if ((*cb)(src, buffer, 4) < 1)
++ if ((*cb)(src, buffer, 4) < 4)
+ {
+ DEBUG_puts("1ippReadIO: Callback returned EOF/error");
+ _cupsBufferRelease((char *)buffer);
diff --git a/main/cups/CVE-2020-3898.patch b/main/cups/CVE-2020-3898.patch
new file mode 100644
index 0000000000..d797a0be1a
--- /dev/null
+++ b/main/cups/CVE-2020-3898.patch
@@ -0,0 +1,14 @@
+diff --git a/cups/ppd.c b/cups/ppd.c
+index 58d92c1..5bc7939 100644
+--- a/cups/ppd.c
++++ b/cups/ppd.c
+@@ -1730,8 +1730,7 @@ _ppdOpen(
+ constraint->choice1, constraint->option2,
+ constraint->choice2))
+ {
+- case 0 : /* Error */
+- case 1 : /* Error */
++ default : /* Error */
+ pg->ppd_status = PPD_BAD_UI_CONSTRAINTS;
+ goto error;
+
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
index 8af79f2f03..3431a71ebf 100644
--- a/main/curl/APKBUILD
+++ b/main/curl/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=curl
pkgver=7.64.0
-pkgrel=4
+pkgrel=5
pkgdesc="URL retrival utility and library"
url="https://curl.haxx.se"
arch="all"
@@ -22,11 +22,14 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz
CVE-2019-5482.patch
CVE-2020-8169.patch
CVE-2020-8177.patch
+ CVE-2020-8231.patch
"
options="!check" # sftp tests failing
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 7.66.0-r5:
+# - CVE-2020-8231
# 7.64.0-r4:
# - CVE-2020-8169
# - CVE-2020-8177
@@ -139,4 +142,5 @@ c629a1b36920a3f8eab3321b0222e203f53f29e5947d39a0c32e0a7de2d8ab2182c3d6bbb0828847
37161e4d94cdb1add2216b031f70d7ae84451229dffe48ca9856bb311e88678f0e11baab6bb4da0386ed31e8467aa51fabaf6122f876ef9bc0003638d07f22cf CVE-2019-5481.patch
6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb CVE-2019-5482.patch
4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch
-250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da CVE-2020-8177.patch"
+250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da CVE-2020-8177.patch
+d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch"
diff --git a/main/curl/CVE-2020-8231.patch b/main/curl/CVE-2020-8231.patch
new file mode 100644
index 0000000000..0d6a76d94d
--- /dev/null
+++ b/main/curl/CVE-2020-8231.patch
@@ -0,0 +1,123 @@
+Based on https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
+
+Didn't apply cleanly, fixed up lib/urldata.h and lib/url.c, ignored 2 changes in lib/multi.c
+that refer to things that do not yet exist in this version of curl
+
+diff --git a/lib/connect.c b/lib/connect.c
+index 0a7475c..b3d4057 100644
+--- a/lib/connect.c
++++ b/lib/connect.c
+@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */
+ }
+
+ struct connfind {
+- struct connectdata *tofind;
+- bool found;
++ long id_tofind;
++ struct connectdata *found;
+ };
+
+ static int conn_is_conn(struct connectdata *conn, void *param)
+ {
+ struct connfind *f = (struct connfind *)param;
+- if(conn == f->tofind) {
+- f->found = TRUE;
++ if(conn->connection_id == f->id_tofind) {
++ f->found = conn;
+ return 1;
+ }
+ return 0;
+@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
+ * - that is associated with a multi handle, and whose connection
+ * was detached with CURLOPT_CONNECT_ONLY
+ */
+- if(data->state.lastconnect && (data->multi_easy || data->multi)) {
+- struct connectdata *c = data->state.lastconnect;
++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) {
++ struct connectdata *c;
+ struct connfind find;
+- find.tofind = data->state.lastconnect;
+- find.found = FALSE;
++ find.id_tofind = data->state.lastconnect_id;
++ find.found = NULL;
+
+ Curl_conncache_foreach(data, data->multi_easy?
+ &data->multi_easy->conn_cache:
+ &data->multi->conn_cache, &find, conn_is_conn);
+
+ if(!find.found) {
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+ return CURL_SOCKET_BAD;
+ }
+
++ c = find.found;
+ if(connp) {
+ /* only store this if the caller cares for it */
+ *connp = c;
+diff --git a/lib/easy.c b/lib/easy.c
+index b648e80..7b0ea9a 100644
+--- a/lib/easy.c
++++ b/lib/easy.c
+@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+
+ /* the connection cache is setup on demand */
+ outcurl->state.conn_cache = NULL;
+-
+- outcurl->state.lastconnect = NULL;
++ outcurl->state.lastconnect_id = -1;
+
+ outcurl->progress.flags = data->progress.flags;
+ outcurl->progress.callback = data->progress.callback;
+diff --git a/lib/multi.c b/lib/multi.c
+index e10e752..02687dd 100644
+--- a/lib/multi.c
++++ b/lib/multi.c
+@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
+ data->state.conn_cache = &data->share->conn_cache;
+ else
+ data->state.conn_cache = &multi->conn_cache;
++ data->state.lastconnect_id = -1;
+
+ #ifdef USE_LIBPSL
+ /* Do the same for PSL. */
+@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_easy *data,
+ CONN_UNLOCK(data);
+ if(Curl_conncache_return_conn(data, conn)) {
+ /* remember the most recently used connection */
+- data->state.lastconnect = conn;
++ data->state.lastconnect_id = conn->connection_id;
+ infof(data, "%s\n", buffer);
+ }
+ else
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+ }
+
+ Curl_free_request_state(data);
+diff --git a/lib/url.c b/lib/url.c
+index 47fc66a..f0a880f 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl)
+ Curl_initinfo(data);
+
+ /* most recent connection is not yet defined */
+- data->state.lastconnect = NULL;
++ data->state.lastconnect_id = -1;
+
+ data->progress.flags |= PGRS_HIDE;
+ data->state.current_speed = -1; /* init to negative == impossible */
+diff --git a/lib/urldata.h b/lib/urldata.h
+index fbb8b64..6586986 100644
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1332,7 +1332,7 @@ struct UrlState {
+ /* buffers to store authentication data in, as parsed from input options */
+ struct curltime keeps_speed; /* for the progress meter really */
+
+- struct connectdata *lastconnect; /* The last connection, NULL if undefined */
++ long lastconnect_id; /* The last connection, -1 if undefined */
+
+ char *headerbuff; /* allocated buffer to store headers in */
+ size_t headersize; /* size of the allocation */
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
index 3d7caebb5a..3ca3451bfc 100644
--- a/main/dovecot/APKBUILD
+++ b/main/dovecot/APKBUILD
@@ -6,7 +6,7 @@
pkgname=dovecot
pkgver=2.3.10.1
_pkgvermajor=2.3
-pkgrel=0
+pkgrel=1
_pigeonholever=0.5.10
_pigeonholevermajor=${_pigeonholever%.*}
pkgdesc="IMAP and POP3 server"
@@ -61,6 +61,8 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz
skip-iconv-check.patch
split-protocols.patch
default-config.patch
+ CVE-2020-12673.patch
+ CVE-2020-12674.patch
dovecot.logrotate
dovecot.initd
"
@@ -68,6 +70,9 @@ builddir="$srcdir/$pkgname-$pkgver"
_builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever"
# secfixes:
+# 2.3.10.1-r1:
+# - CVE-2020-12673
+# - CVE-2020-12674
# 2.3.10.1-r0:
# - CVE-2020-10957
# - CVE-2020-10958
@@ -314,5 +319,7 @@ f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad
fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch
794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch
0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch
+54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch
+3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch
9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate
d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd"
diff --git a/main/dovecot/CVE-2020-12673.patch b/main/dovecot/CVE-2020-12673.patch
new file mode 100644
index 0000000000..9dd26e0350
--- /dev/null
+++ b/main/dovecot/CVE-2020-12673.patch
@@ -0,0 +1,31 @@
+From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Mon, 18 May 2020 12:33:39 +0300
+Subject: [PATCH] lib-ntlm: Check buffer length on responses
+
+Add missing check for buffer length.
+
+If this is not checked, it is possible to send message which
+causes read past buffer bug.
+
+Broken in c7480644202e5451fbed448508ea29a25cffc99c
+---
+ src/lib-ntlm/ntlm-message.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c
+index 160b9f918c..a29413b47e 100644
+--- a/src/lib-ntlm/ntlm-message.c
++++ b/src/lib-ntlm/ntlm-message.c
+@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer,
+ if (length == 0 && space == 0)
+ return TRUE;
+
++ if (length > data_size) {
++ *error = "buffer length out of bounds";
++ return FALSE;
++ }
++
+ if (offset >= data_size) {
+ *error = "buffer offset out of bounds";
+ return FALSE;
diff --git a/main/dovecot/CVE-2020-12674.patch b/main/dovecot/CVE-2020-12674.patch
new file mode 100644
index 0000000000..a9dca2a82d
--- /dev/null
+++ b/main/dovecot/CVE-2020-12674.patch
@@ -0,0 +1,22 @@
+From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <aki.tuomi@open-xchange.com>
+Date: Wed, 6 May 2020 13:40:36 +0300
+Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer
+
+---
+ src/auth/mech-rpa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c
+index 08298ebdd6..2de8705b4f 100644
+--- a/src/auth/mech-rpa.c
++++ b/src/auth/mech-rpa.c
+@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data,
+ return 0;
+
+ len = *p++;
+- if (p + len > end)
++ if (p + len > end || len == 0)
+ return 0;
+
+ *buffer = p_malloc(pool, len);
diff --git a/main/jbig2dec/APKBUILD b/main/jbig2dec/APKBUILD
index b4396b7869..670eff8d95 100644
--- a/main/jbig2dec/APKBUILD
+++ b/main/jbig2dec/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=jbig2dec
pkgver=0.15
-pkgrel=0
+pkgrel=1
pkgdesc="JBIG2 image compression format decoder"
url="https://www.ghostscript.com/jbig2dec.html"
arch="all"
@@ -10,7 +10,13 @@ license="GPL-2.0-or-later"
makedepends="autoconf automake libtool"
checkdepends="python2"
subpackages="$pkgname-dev $pkgname-doc"
-source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz"
+source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz
+ CVE-2020-12268.patch
+ "
+
+# secfixes:
+# 0.15-r1:
+# - CVE-2020-12268
builddir="$srcdir/$pkgname-$pkgver"
@@ -44,4 +50,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz"
+sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz
+e33c6a942af79dfb98c8160bccb0d7e6965d90b77f4e8e370787a9c0af0273001f02d5591b92d4285b901182ea335eb09854ce2fa995266837156b568747aa24 CVE-2020-12268.patch"
diff --git a/main/jbig2dec/CVE-2020-12268.patch b/main/jbig2dec/CVE-2020-12268.patch
new file mode 100644
index 0000000000..773515ae2d
--- /dev/null
+++ b/main/jbig2dec/CVE-2020-12268.patch
@@ -0,0 +1,44 @@
+From 0726320a4b55078e9d8deb590e477d598b3da66e Mon Sep 17 00:00:00 2001
+From: Robin Watts <Robin.Watts@artifex.com>
+Date: Mon, 27 Jan 2020 10:12:24 -0800
+Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in
+ jbig2_image_compose.
+
+With extreme values of x/y/w/h we can get overflow. Test for this
+and exit safely.
+
+Thanks for OSS-Fuzz for reporting.
+---
+ jbig2_image.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/jbig2_image.c b/jbig2_image.c
+index 22e21ef..100263d 100644
+--- a/jbig2_image.c
++++ b/jbig2_image.c
+@@ -33,6 +33,9 @@
+ #if !defined (INT32_MAX)
+ #define INT32_MAX 0x7fffffff
+ #endif
++#if !defined (UINT32_MAX)
++#define UINT32_MAX 0xffffffffu
++#endif
+
+ /* allocate a Jbig2Image structure and its associated bitmap */
+ Jbig2Image *
+@@ -258,6 +261,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int
+ if (src == NULL)
+ return 0;
+
++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) ||
++ (UINT32_MAX - src->height < (y > 0 ? y : -y)))
++ {
++#ifdef JBIG2_DEBUG
++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image");
++#endif
++ return 0;
++ }
++
+ /* The optimized code for the OR operator below doesn't
+ handle the source image partially placed outside the
+ destination (above and/or to the left). The affected
diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD
index a07d7c4106..595c44a0b7 100644
--- a/main/krb5/APKBUILD
+++ b/main/krb5/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=krb5
pkgver=1.15.5
-pkgrel=0
+pkgrel=1
case $pkgver in
*.*.*) _ver=${pkgver%.*};;
@@ -21,6 +21,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-server
$pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs"
source="https://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz
mit-krb5_krb5-config_LDFLAGS.patch
+ CVE-2020-28196.patch
krb5kadmind.initd
krb5kdc.initd
@@ -29,6 +30,8 @@ source="https://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz
builddir="$srcdir"/krb5-$pkgver
# secfixes:
+# 1.15.5-r1:
+# - CVE-2020-28196
# 1.15.4-r0:
# - CVE-2018-20217
# 1.15.3-r0:
@@ -114,6 +117,7 @@ libs() {
}
sha512sums="cf2c5764a081acc44c416108da40f76dafa5c764d1fb842cba1736942999548962a57c64e67924a409c068b1b8ed824f17857ea9a34594724f70903e555505b5 krb5-1.15.5.tar.gz
5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch
+d7b4b55f01f8e70c0b1c9390ba1753d590253ac9ab39aaf22da15b6169506d019923837bb18d856b0c4508afc9c387180068dfe0c6847d6bd7d0970b34769a97 CVE-2020-28196.patch
43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd
ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd
45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd"
diff --git a/main/krb5/CVE-2018-20217.patch b/main/krb5/CVE-2018-20217.patch
deleted file mode 100644
index 80f2d55058..0000000000
--- a/main/krb5/CVE-2018-20217.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 5e6d1796106df8ba6bc1973ee0917c170d929086 Mon Sep 17 00:00:00 2001
-From: Isaac Boukris <iboukris@gmail.com>
-Date: Mon, 3 Dec 2018 02:33:07 +0200
-Subject: [PATCH] Ignore password attributes for S4U2Self requests
-
-For consistency with Windows KDCs, allow protocol transition to work
-even if the password has expired or needs changing.
-
-Also, when looking up an enterprise principal with an AS request,
-treat ERR_KEY_EXP as confirmation that the client is present in the
-realm.
-
-[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited
-commit message]
-
-ticket: 8763 (new)
-tags: pullup
-target_version: 1.17
----
- src/kdc/kdc_util.c | 5 +++++
- src/lib/krb5/krb/s4u_creds.c | 2 +-
- src/tests/gssapi/t_s4u.py | 8 ++++++++
- 3 files changed, 14 insertions(+), 1 deletion(-)
-
-diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
-index 6d53173fb0..6517a213cd 100644
---- a/src/kdc/kdc_util.c
-+++ b/src/kdc/kdc_util.c
-@@ -1607,6 +1607,11 @@ kdc_process_s4u2self_req(kdc_realm_t *kdc_active_realm,
-
- memset(&no_server, 0, sizeof(no_server));
-
-+ /* Ignore password expiration and needchange attributes (as Windows
-+ * does), since S4U2Self is not password authentication. */
-+ princ->pw_expiration = 0;
-+ clear(princ->attributes, KRB5_KDB_REQUIRES_PWCHANGE);
-+
- code = validate_as_request(kdc_active_realm, request, *princ,
- no_server, kdc_time, status, &e_data);
- if (code) {
-diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
-index d2fdcb3f16..614ed41908 100644
---- a/src/lib/krb5/krb/s4u_creds.c
-+++ b/src/lib/krb5/krb/s4u_creds.c
-@@ -116,7 +116,7 @@ s4u_identify_user(krb5_context context,
- code = k5_get_init_creds(context, &creds, &client, NULL, NULL, 0, NULL,
- opts, krb5_get_as_key_noop, &userid, &use_master,
- NULL);
-- if (code == 0 || code == KRB5_PREAUTH_FAILED) {
-+ if (!code || code == KRB5_PREAUTH_FAILED || code == KRB5KDC_ERR_KEY_EXP) {
- *canon_user = userid.user;
- userid.user = NULL;
- code = 0;
-diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py
-index fd29e1a270..84f3fbd752 100755
---- a/src/tests/gssapi/t_s4u.py
-+++ b/src/tests/gssapi/t_s4u.py
-@@ -19,6 +19,14 @@
- # Get forwardable creds for service1 in the default cache.
- realm.kinit(service1, None, ['-f', '-k'])
-
-+# Try S4U2Self for user with a restricted password.
-+realm.run([kadminl, 'modprinc', '+needchange', realm.user_princ])
-+realm.run(['./t_s4u', 'e:user', '-'])
-+realm.run([kadminl, 'modprinc', '-needchange',
-+ '-pwexpire', '1/1/2000', realm.user_princ])
-+realm.run(['./t_s4u', 'e:user', '-'])
-+realm.run([kadminl, 'modprinc', '-pwexpire', 'never', realm.user_princ])
-+
- # Try krb5 -> S4U2Proxy with forwardable user creds. This should fail
- # at the S4U2Proxy step since the DB2 back end currently has no
- # support for allowing it.
diff --git a/main/krb5/CVE-2020-28196.patch b/main/krb5/CVE-2020-28196.patch
new file mode 100644
index 0000000000..4d6b423838
--- /dev/null
+++ b/main/krb5/CVE-2020-28196.patch
@@ -0,0 +1,100 @@
+From 2289312180a5162114037df8eaa4f4f990d67447 Mon Sep 17 00:00:00 2001
+From: Greg Hudson <ghudson@mit.edu>
+Date: Sat, 31 Oct 2020 17:07:05 -0400
+Subject: [PATCH] Add recursion limit for ASN.1 indefinite lengths
+
+The libkrb5 ASN.1 decoder supports BER indefinite lengths. It
+computes the tag length using recursion; the lack of a recursion limit
+allows an attacker to overrun the stack and cause the process to
+crash. Reported by Demi Obenour.
+
+CVE-2020-28196:
+
+In MIT krb5 releases 1.11 and later, an unauthenticated attacker can
+cause a denial of service for any client or server to which it can
+send an ASN.1-encoded Kerberos message of sufficient length.
+
+ticket: 8959 (new)
+tags: pullup
+target_version: 1.18-next
+target_version: 1.17-next
+
+(cherry picked from commit 57415dda6cf04e73ffc3723be518eddfae599bfd)
+---
+ src/lib/krb5/asn.1/asn1_encode.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
+index a7423b642..8c0cda852 100644
+--- a/src/lib/krb5/asn.1/asn1_encode.c
++++ b/src/lib/krb5/asn.1/asn1_encode.c
+@@ -393,7 +393,7 @@ make_tag(asn1buf *buf, const taginfo *t, size_t len, size_t *retlen)
+ static asn1_error_code
+ get_tag(const unsigned char *asn1, size_t len, taginfo *tag_out,
+ const unsigned char **contents_out, size_t *clen_out,
+- const unsigned char **remainder_out, size_t *rlen_out)
++ const unsigned char **remainder_out, size_t *rlen_out, int recursion)
+ {
+ asn1_error_code ret;
+ unsigned char o;
+@@ -431,9 +431,11 @@ get_tag(const unsigned char *asn1, size_t len, taginfo *tag_out,
+ /* Indefinite form (should not be present in DER, but we accept it). */
+ if (tag_out->construction != CONSTRUCTED)
+ return ASN1_MISMATCH_INDEF;
++ if (recursion >= 32)
++ return ASN1_OVERFLOW;
+ p = asn1;
+ while (!(len >= 2 && p[0] == 0 && p[1] == 0)) {
+- ret = get_tag(p, len, &t, &c, &clen, &p, &len);
++ ret = get_tag(p, len, &t, &c, &clen, &p, &len, recursion + 1);
+ if (ret)
+ return ret;
+ }
+@@ -652,7 +654,7 @@ split_der(asn1buf *buf, unsigned char *const *der, size_t len,
+ const unsigned char *contents, *remainder;
+ size_t clen, rlen;
+
+- ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen);
++ ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen, 0);
+ if (ret)
+ return ret;
+ if (rlen != 0)
+@@ -1259,7 +1261,7 @@ decode_atype(const taginfo *t, const unsigned char *asn1,
+ const unsigned char *rem;
+ size_t rlen;
+ if (!tag->implicit) {
+- ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen);
++ ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen, 0);
+ if (ret)
+ return ret;
+ /* Note: we don't check rlen (it should be 0). */
+@@ -1481,7 +1483,7 @@ decode_sequence(const unsigned char *asn1, size_t len,
+ for (i = 0; i < seq->n_fields; i++) {
+ if (len == 0)
+ break;
+- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+ if (ret)
+ goto error;
+ /*
+@@ -1539,7 +1541,7 @@ decode_sequence_of(const unsigned char *asn1, size_t len,
+ *seq_out = NULL;
+ *count_out = 0;
+ while (len > 0) {
+- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len);
++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0);
+ if (ret)
+ goto error;
+ if (!check_atype_tag(elemtype, &t)) {
+@@ -1625,7 +1627,7 @@ k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a,
+
+ *retrep = NULL;
+ ret = get_tag((unsigned char *)code->data, code->length, &t, &contents,
+- &clen, &remainder, &rlen);
++ &clen, &remainder, &rlen, 0);
+ if (ret)
+ return ret;
+ /* rlen should be 0, but we don't check it (and due to padding in
+--
+2.20.4
+
diff --git a/main/mariadb-connector-c/APKBUILD b/main/mariadb-connector-c/APKBUILD
index 0d01de5763..90e853563b 100644
--- a/main/mariadb-connector-c/APKBUILD
+++ b/main/mariadb-connector-c/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb-connector-c
pkgver=3.0.8
-pkgrel=0
+pkgrel=1
pkgdesc="The MariaDB Native Client library (C driver)"
url="https://mariadb.org/"
arch="all"
@@ -10,12 +10,17 @@ depends_dev="openssl-dev zlib-dev"
makedepends="$depends_dev cmake"
replaces="mariadb-client-libs"
subpackages="$pkgname-dev"
-source="https://downloads.mariadb.org/interstitial/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz
+source="https://downloads.mariadb.com/Connectors/c/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz
cmake.patch
fix-ucontext-header.patch
+ CVE-2020-13249.patch
"
builddir="$srcdir/mariadb-connector-c-$pkgver-src"
+# secfixes:
+# 3.0.8-r1:
+# - CVE-2020-13249
+
build() {
cd "$builddir"
if [ "$CBUILD" != "$CHOST" ]; then
@@ -57,7 +62,7 @@ dev() {
replaces="mariadb-dev"
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-
sha512sums="d9f970c7ac164ef7d8dd748bf2f749cc1f877a9c8f68a1d57e9ff62d95046bb9505619feca1f1d0d1cdefc1ac49489742aadf4ad9e47c8e6a9b8b40c56eed788 mariadb-connector-c-3.0.8-src.tar.gz
027a9d383ce27a527b77ac06b9505709cad8fe0173455863590f502996966300fedea87687630113d74e5b9be5349217b18206c2dbb89f7064129cb5417e44cf cmake.patch
-ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch"
+ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch
+4370a517bc082e5aca8ebc0abf1ace7742af6cffc7f0c12b70705b31885a573192bbac473a9d0322582e64a75698db86bd36db23558dd1c1e1eaf693632a559f CVE-2020-13249.patch"
diff --git a/main/mariadb-connector-c/CVE-2020-13249.patch b/main/mariadb-connector-c/CVE-2020-13249.patch
new file mode 100644
index 0000000000..8f58063c4e
--- /dev/null
+++ b/main/mariadb-connector-c/CVE-2020-13249.patch
@@ -0,0 +1,154 @@
+diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
+index 4c1108b..1f04c35 100644
+--- a/libmariadb/mariadb_lib.c
++++ b/libmariadb/mariadb_lib.c
+@@ -76,6 +76,8 @@
+ #define ASYNC_CONTEXT_DEFAULT_STACK_SIZE (4096*15)
+ #define MA_RPL_VERSION_HACK "5.5.5-"
+
++#define CHARSET_NAME_LEN 64
++
+ #undef max_allowed_packet
+ #undef net_buffer_length
+ extern ulong max_allowed_packet; /* net.c */
+@@ -2029,6 +2031,7 @@ mysql_send_query(MYSQL* mysql, const char* query, unsigned long length)
+
+ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ {
++ uchar *end= mysql->net.read_pos+length;
+ size_t item_len;
+ mysql->affected_rows= net_field_length_ll(&pos);
+ mysql->insert_id= net_field_length_ll(&pos);
+@@ -2036,10 +2039,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ pos+=2;
+ mysql->warning_count=uint2korr(pos);
+ pos+=2;
+- if (pos < mysql->net.read_pos+length)
++ if (pos > end)
++ goto corrupted;
++ if (pos < end)
+ {
+ if ((item_len= net_field_length(&pos)))
+ mysql->info=(char*) pos;
++ if (pos + item_len > end)
++ goto corrupted;
+
+ /* check if server supports session tracking */
+ if (mysql->server_capabilities & CLIENT_SESSION_TRACKING)
+@@ -2050,23 +2057,26 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (mysql->server_status & SERVER_SESSION_STATE_CHANGED)
+ {
+ int i;
+- if (pos < mysql->net.read_pos + length)
++ if (pos < end)
+ {
+ LIST *session_item;
+ MYSQL_LEX_STRING *str= NULL;
+ enum enum_session_state_type si_type;
+ uchar *old_pos= pos;
+- size_t item_len= net_field_length(&pos); /* length for all items */
++
++ item_len= net_field_length(&pos); /* length for all items */
++ if (pos + item_len > end)
++ goto corrupted;
++ end= pos + item_len;
+
+ /* length was already set, so make sure that info will be zero terminated */
+ if (mysql->info)
+ *old_pos= 0;
+
+- while (item_len > 0)
++ while (pos < end)
+ {
+ size_t plen;
+ char *data;
+- old_pos= pos;
+ si_type= (enum enum_session_state_type)net_field_length(&pos);
+ switch(si_type) {
+ case SESSION_TRACK_SCHEMA:
+@@ -2076,15 +2086,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (si_type != SESSION_TRACK_STATE_CHANGE)
+ net_field_length(&pos); /* ignore total length, item length will follow next */
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ if (!ma_multi_malloc(0,
+ &session_item, sizeof(LIST),
+ &str, sizeof(MYSQL_LEX_STRING),
+ &data, plen,
+ NULL))
+- {
+- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
+- return -1;
+- }
++ goto oom;
+ str->length= plen;
+ str->str= data;
+ memcpy(str->str, (char *)pos, plen);
+@@ -2107,29 +2116,28 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ if (!strncmp(str->str, "character_set_client", str->length))
+ set_charset= 1;
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ if (!ma_multi_malloc(0,
+ &session_item, sizeof(LIST),
+ &str, sizeof(MYSQL_LEX_STRING),
+ &data, plen,
+ NULL))
+- {
+- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
+- return -1;
+- }
++ goto oom;
+ str->length= plen;
+ str->str= data;
+ memcpy(str->str, (char *)pos, plen);
+ pos+= plen;
+ session_item->data= str;
+ mysql->extension->session_state[si_type].list= list_add(mysql->extension->session_state[si_type].list, session_item);
+- if (set_charset &&
++ if (set_charset && str->length < CHARSET_NAME_LEN &&
+ strncmp(mysql->charset->csname, str->str, str->length) != 0)
+ {
+- char cs_name[64];
+- MARIADB_CHARSET_INFO *cs_info;
++ char cs_name[CHARSET_NAME_LEN];
++ const MARIADB_CHARSET_INFO *cs_info;
+ memcpy(cs_name, str->str, str->length);
+ cs_name[str->length]= 0;
+- if ((cs_info = (MARIADB_CHARSET_INFO *)mysql_find_charset_name(cs_name)))
++ if ((cs_info = mysql_find_charset_name(cs_name)))
+ mysql->charset= cs_info;
+ }
+ }
+@@ -2137,10 +2145,11 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ default:
+ /* not supported yet */
+ plen= net_field_length(&pos);
++ if (pos + plen > end)
++ goto corrupted;
+ pos+= plen;
+ break;
+ }
+- item_len-= (pos - old_pos);
+ }
+ }
+ for (i= SESSION_TRACK_BEGIN; i <= SESSION_TRACK_END; i++)
+@@ -2155,6 +2164,16 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length)
+ else if (mysql->server_capabilities & CLIENT_SESSION_TRACKING)
+ ma_clear_session_state(mysql);
+ return(0);
++
++oom:
++ ma_clear_session_state(mysql);
++ SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0);
++ return -1;
++
++corrupted:
++ ma_clear_session_state(mysql);
++ SET_CLIENT_ERROR(mysql, CR_MALFORMED_PACKET, SQLSTATE_UNKNOWN, 0);
++ return -1;
+ }
+
+ int mthd_my_read_query_result(MYSQL *mysql)
diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD
index 390644b80f..321287eea6 100644
--- a/main/musl/APKBUILD
+++ b/main/musl/APKBUILD
@@ -1,13 +1,14 @@
-# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Contributor: Ariadne Conill <ariadne@dereferenced.org>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=musl
pkgver=1.1.20
-pkgrel=5
+pkgrel=6
pkgdesc="the musl c library (libc) implementation"
url="http://www.musl-libc.org/"
arch="all"
license="MIT"
subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch"
+options="lib64"
case "$BOOTSTRAP" in
nocc) pkgname="musl-dev"; subpackages="";;
nolibc) ;;
@@ -21,6 +22,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch
s390x-fadv.patch
+ wcsnrtombs-cve-2020-28928.diff
+
ldconfig
__stack_chk_fail_local.c
getconf.c
@@ -29,6 +32,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz
"
# secfixes:
+# 1.1.20-r6:
+# - CVE-2020-28928
# 1.1.20-r5:
# - CVE-2019-14697
# 1.1.15-r4:
@@ -157,6 +162,7 @@ sha512sums="d3a7a30aa375ca50d7dcfbd618581d59e1aa5378417f50a0ca5510099336fd74cc9d
ab34509cec7419c11352094ed6acf14e5766b314bd2b96506a0d0203e61e90e85ea9a121f1fefc0d00bcba381778d579ea2c02325605344530420305fcf1a0d0 0001-fix-race-condition-in-file-locking.patch
20f9db1f96d4867fb0e4d4e1b4b323e1871ce5660896c8608f7a5147d247f6c6840f84eff25ae8f8b7cf04af0f586afed00acb6abcbedd4240a4678359fa6dc9 0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch
e9c9135f6dc3260e62ae6e9c45f3c43574af6ff2c2bfe411eb83f7e80d13bb8c86425cb41fc961e27f7bc15f679db1fbfb267e401bbe81d6cd5b872eb9b1f471 s390x-fadv.patch
+35dc5df28d90d1c84f9100116b63ba9e7fd44a20f512d12760da5e01f1aec4e799f726cbafb586bae568ff4f6d5a70948f1bf9fb901f1ca7dfcdf35c5d7510a6 wcsnrtombs-cve-2020-28928.diff
8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig
062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c
0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c
diff --git a/main/musl/wcsnrtombs-cve-2020-28928.diff b/main/musl/wcsnrtombs-cve-2020-28928.diff
new file mode 100644
index 0000000000..8465f9422a
--- /dev/null
+++ b/main/musl/wcsnrtombs-cve-2020-28928.diff
@@ -0,0 +1,65 @@
+diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c
+index 676932b5..95e25e70 100644
+--- a/src/multibyte/wcsnrtombs.c
++++ b/src/multibyte/wcsnrtombs.c
+@@ -1,41 +1,33 @@
+ #include <wchar.h>
++#include <limits.h>
++#include <string.h>
+
+ size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
+ {
+- size_t l, cnt=0, n2;
+- char *s, buf[256];
+ const wchar_t *ws = *wcs;
+- const wchar_t *tmp_ws;
+-
+- if (!dst) s = buf, n = sizeof buf;
+- else s = dst;
+-
+- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
+- if (n2>=n) n2=n;
+- tmp_ws = ws;
+- l = wcsrtombs(s, &ws, n2, 0);
+- if (!(l+1)) {
+- cnt = l;
+- n = 0;
++ size_t cnt = 0;
++ if (!dst) n=0;
++ while (ws && wn) {
++ char tmp[MB_LEN_MAX];
++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
++ if (l==-1) {
++ cnt = -1;
+ break;
+ }
+- if (s != buf) {
+- s += l;
++ if (dst) {
++ if (n<MB_LEN_MAX) {
++ if (l>n) break;
++ memcpy(dst, tmp, l);
++ }
++ dst += l;
+ n -= l;
+ }
+- wn = ws ? wn - (ws - tmp_ws) : 0;
+- cnt += l;
+- }
+- if (ws) while (n && wn) {
+- l = wcrtomb(s, *ws, 0);
+- if ((l+1)<=1) {
+- if (!l) ws = 0;
+- else cnt = l;
++ if (!*ws) {
++ ws = 0;
+ break;
+ }
+- ws++; wn--;
+- /* safe - this loop runs fewer than sizeof(buf) times */
+- s+=l; n-=l;
++ ws++;
++ wn--;
+ cnt += l;
+ }
+ if (dst) *wcs = ws;
diff --git a/main/nrpe/APKBUILD b/main/nrpe/APKBUILD
index 44d2b163ab..c09b953a02 100644
--- a/main/nrpe/APKBUILD
+++ b/main/nrpe/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Jeff Bilyk <jbilyk@gmail.com>
pkgname=nrpe
pkgver=3.2.1
-pkgrel=0
+pkgrel=2
pkgusers="nagios"
pkggroups="nagios"
pkgdesc="NRPE allows you to remotely execute Nagios plugins on other Linux/Unix machines."
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
index c6e075176b..eaa032f275 100644
--- a/main/openldap/APKBUILD
+++ b/main/openldap/APKBUILD
@@ -2,6 +2,10 @@
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
+# 2.4.48-r2:
+# - CVE-2020-25709
+# - CVE-2020-25710
+# - CVE-2020-25692
# 2.4.48-r1:
# - CVE-2020-12243
# 2.4.48-r0:
@@ -15,7 +19,7 @@
#
pkgname=openldap
pkgver=2.4.48
-pkgrel=1
+pkgrel=2
pkgdesc="LDAP Server"
url="http://www.openldap.org/"
arch="all"
@@ -38,11 +42,14 @@ source="https://www.openldap.org/software/download/OpenLDAP/$pkgname-release/$pk
fix-manpages.patch
configs.patch
cacheflush.patch
+ CVE-2020-25709.patch
+ CVE-2020-25710.patch
+ CVE-2020-25692.patch
+ CVE-2020-12243.patch
slapd.initd
slapd.confd
- CVE-2020-12243.patch::https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -229,6 +236,9 @@ sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be79
8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch
+61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7 CVE-2020-25709.patch
+abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2 CVE-2020-25710.patch
+023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4 CVE-2020-25692.patch
+fddf5cf57c5b4b1d0e148ce850aafe5791dd7772727c824e858fe97e375871d2d3f622894d978444f7c5d8d64160c6fd766ae91de5eac3eb7f5292ceaaf599ea CVE-2020-12243.patch
0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
-64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd
-d4d8bec1c23c73e7126462bfe2e51cb603d1e83be4c64698ac167f221d515554b3b0e311f9789450b5c4c206c09cbdad1842b0b5b2364919967195da4ea6d833 CVE-2020-12243.patch"
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/main/openldap/CVE-2020-12243.patch b/main/openldap/CVE-2020-12243.patch
new file mode 100644
index 0000000000..d8e10f5bc6
--- /dev/null
+++ b/main/openldap/CVE-2020-12243.patch
@@ -0,0 +1,125 @@
+From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Thu, 16 Apr 2020 01:08:19 +0100
+Subject: [PATCH] ITS#9202 limit depth of nested filters
+
+Using a hardcoded limit for now; no reasonable apps
+should ever run into it.
+---
+ servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++---------
+ 1 file changed, 32 insertions(+), 9 deletions(-)
+
+diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c
+index 3252cf2a7..ed57bbd7b 100644
+--- a/servers/slapd/filter.c
++++ b/servers/slapd/filter.c
+@@ -37,11 +37,16 @@
+ const Filter *slap_filter_objectClass_pres;
+ const struct berval *slap_filterstr_objectClass_pres;
+
++#ifndef SLAPD_MAX_FILTER_DEPTH
++#define SLAPD_MAX_FILTER_DEPTH 5000
++#endif
++
+ static int get_filter_list(
+ Operation *op,
+ BerElement *ber,
+ Filter **f,
+- const char **text );
++ const char **text,
++ int depth );
+
+ static int get_ssa(
+ Operation *op,
+@@ -80,12 +85,13 @@ filter_destroy( void )
+ return;
+ }
+
+-int
+-get_filter(
++static int
++get_filter0(
+ Operation *op,
+ BerElement *ber,
+ Filter **filt,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ ber_tag_t tag;
+ ber_len_t len;
+@@ -126,6 +132,11 @@ get_filter(
+ *
+ */
+
++ if( depth > SLAPD_MAX_FILTER_DEPTH ) {
++ *text = "filter nested too deeply";
++ return SLAPD_DISCONNECT;
++ }
++
+ tag = ber_peek_tag( ber, &len );
+
+ if( tag == LBER_ERROR ) {
+@@ -221,7 +232,7 @@ get_filter(
+
+ case LDAP_FILTER_AND:
+ Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_and, text );
++ err = get_filter_list( op, ber, &f.f_and, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -234,7 +245,7 @@ get_filter(
+
+ case LDAP_FILTER_OR:
+ Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 );
+- err = get_filter_list( op, ber, &f.f_or, text );
++ err = get_filter_list( op, ber, &f.f_or, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -248,7 +259,7 @@ get_filter(
+ case LDAP_FILTER_NOT:
+ Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 );
+ (void) ber_skip_tag( ber, &len );
+- err = get_filter( op, ber, &f.f_not, text );
++ err = get_filter0( op, ber, &f.f_not, text, depth+1 );
+ if ( err != LDAP_SUCCESS ) {
+ break;
+ }
+@@ -311,10 +322,22 @@ get_filter(
+ return( err );
+ }
+
++int
++get_filter(
++ Operation *op,
++ BerElement *ber,
++ Filter **filt,
++ const char **text )
++{
++ return get_filter0( op, ber, filt, text, 0 );
++}
++
++
+ static int
+ get_filter_list( Operation *op, BerElement *ber,
+ Filter **f,
+- const char **text )
++ const char **text,
++ int depth )
+ {
+ Filter **new;
+ int err;
+@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber,
+ tag != LBER_DEFAULT;
+ tag = ber_next_element( ber, &len, last ) )
+ {
+- err = get_filter( op, ber, new, text );
++ err = get_filter0( op, ber, new, text, depth );
+ if ( err != LDAP_SUCCESS )
+ return( err );
+ new = &(*new)->f_next;
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch
new file mode 100644
index 0000000000..941a4f56be
--- /dev/null
+++ b/main/openldap/CVE-2020-25692.patch
@@ -0,0 +1,27 @@
+From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Oct 2020 14:03:41 +0100
+Subject: [PATCH] ITS#9370 check for equality rule on old_rdn
+
+Just skip normalization if there's no equality rule. We accept
+DNs without equality rules already.
+---
+ servers/slapd/modrdn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c
+index c73dd8dba..a22975540 100644
+--- a/servers/slapd/modrdn.c
++++ b/servers/slapd/modrdn.c
+@@ -505,7 +505,7 @@ slap_modrdn2mods(
+ mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value );
+ mod_tmp->sml_values[1].bv_val = NULL;
+- if( desc->ad_type->sat_equality->smr_normalize) {
++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) {
+ mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) );
+ (void) (*desc->ad_type->sat_equality->smr_normalize)(
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch
new file mode 100644
index 0000000000..d38c9d241d
--- /dev/null
+++ b/main/openldap/CVE-2020-25709.patch
@@ -0,0 +1,26 @@
+From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 13:12:10 +0000
+Subject: [PATCH] ITS#9383 remove assert in certificateListValidate
+
+---
+ servers/slapd/schema_init.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index ea0d67aa6..28f9e71a1 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in )
+ /* Optional version */
+ if ( tag == LBER_INTEGER ) {
+ tag = ber_get_int( ber, &version );
+- assert( tag == LBER_INTEGER );
+- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX;
+ }
+ tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */
+ if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+--
+GitLab
+
diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch
new file mode 100644
index 0000000000..9b9bae8b31
--- /dev/null
+++ b/main/openldap/CVE-2020-25710.patch
@@ -0,0 +1,27 @@
+From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 2 Nov 2020 16:01:14 +0000
+Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23()
+
+---
+ servers/slapd/schema_init.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
+index 5812bc4b6..ea0d67aa6 100644
+--- a/servers/slapd/schema_init.c
++++ b/servers/slapd/schema_init.c
+@@ -5327,8 +5327,8 @@ csnNormalize23(
+ }
+ *ptr = '\0';
+
+- assert( ptr == &bv.bv_val[bv.bv_len] );
+- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
++ if ( ptr != &bv.bv_val[bv.bv_len] ||
++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) {
+ return LDAP_INVALID_SYNTAX;
+ }
+
+--
+GitLab
+
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
index da65eef6bb..d7f05247b8 100644
--- a/main/pcre/APKBUILD
+++ b/main/pcre/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=pcre
pkgver=8.42
-pkgrel=1
+pkgrel=2
pkgdesc="Perl-compatible regular expression library"
url="http://pcre.sourceforge.net"
arch="all"
@@ -12,9 +12,13 @@ makedepends=""
checkdepends="paxmark"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools
libpcrecpp libpcre16 libpcre32"
-source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2
+source="https://ftp.pcre.org/pub/pcre/pcre-$pkgver.tar.bz2
+ CVE-2020-14155.patch
"
+
# secfixes:
+# 8.42-r2:
+# - CVE-2020-14155
# 8.40-r2:
# - CVE-2017-7186
# 7.8-r0:
@@ -94,4 +98,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2"
+sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2
+23baa5fbaff7b52e861a539a83ad4406937d7a8a85d2a4e2419d0bea99204659e350caab68091d6354842297df2bb3097204bc63c4e1d3d9d1b94427efc46748 CVE-2020-14155.patch"
diff --git a/main/pcre/CVE-2020-14155.patch b/main/pcre/CVE-2020-14155.patch
new file mode 100644
index 0000000000..3bfa119f3b
--- /dev/null
+++ b/main/pcre/CVE-2020-14155.patch
@@ -0,0 +1,31 @@
+pcre: Fix int overflow when parsing "?C<arg>" callout args.
+
+Numerical args must be 0-255, so this shouldn't break correct usage.
+
+--- a/pcre_compile.c 2020/02/10 17:01:27 1760
++++ b/pcre_compile.c 2020/02/10 17:17:34 1761
+@@ -7130,17 +7130,19 @@
+ int n = 0;
+ ptr++;
+ while(IS_DIGIT(*ptr))
++ {
+ n = n * 10 + *ptr++ - CHAR_0;
++ if (n > 255)
++ {
++ *errorcodeptr = ERR38;
++ goto FAILED;
++ }
++ }
+ if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+- if (n > 255)
+- {
+- *errorcodeptr = ERR38;
+- goto FAILED;
+- }
+ *code++ = n;
+ PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+ PUT(code, LINK_SIZE, 0); /* Default length */
diff --git a/main/perl-datetime-timezone/APKBUILD b/main/perl-datetime-timezone/APKBUILD
index 74a39f43ae..87cef23fdb 100644
--- a/main/perl-datetime-timezone/APKBUILD
+++ b/main/perl-datetime-timezone/APKBUILD
@@ -1,50 +1,39 @@
-# Automatically generated by apkbuild-cpan, template 2
+# Automatically generated by apkbuild-cpan, template 3
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=perl-datetime-timezone
+#_pkgreal is used by apkbuild-cpan to find modules at MetaCpan
_pkgreal=DateTime-TimeZone
-pkgver=2.19
+pkgver=2.43
pkgrel=0
pkgdesc="Time zone object base class and factory"
-url="http://search.cpan.org/dist/DateTime-TimeZone/"
+url="https://metacpan.org/release/DateTime-TimeZone/"
arch="noarch"
-license="GPL PerlArtistic"
-cpandepends="perl-class-singleton perl-params-validationcompiler perl-namespace-autoclean perl-try-tiny perl-module-runtime perl-specio"
-cpanmakedepends=""
-cpancheckdepends="perl-test-requires perl-test-fatal"
-depends="$cpandepends"
-makedepends="perl-dev $cpanmakedepends"
-options="!check" # disable due to circular dependency with perl-datetime
-#checkdepends="perl-datetime $cpancheckdepends"
-checkdepends="$cpancheckdepends"
+license="GPL-1.0-or-later OR Artistic-1.0-Perl"
+depends="perl perl-specio perl-params-validationcompiler perl-module-runtime
+ perl-try-tiny perl-namespace-autoclean perl-class-singleton"
+makedepends="perl-dev"
+checkdepends="perl-test-fatal perl-test-requires"
subpackages="$pkgname-doc"
-source="http://search.cpan.org/CPAN/authors/id/D/DR/DROLSKY/$_pkgreal-$pkgver.tar.gz"
+source="https://cpan.metacpan.org/authors/id/D/DR/DROLSKY/DateTime-TimeZone-$pkgver.tar.gz"
builddir="$srcdir/$_pkgreal-$pkgver"
-prepare() {
- default_prepare
-
- cd "$builddir"
+build() {
export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}')
PERL_MM_USE_DEFAULT=1 perl -I. Makefile.PL INSTALLDIRS=vendor
+ make
}
-build() {
- cd "$builddir"
+check() {
export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}')
- make
+ make test
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete
}
-check() {
- cd "$builddir"
- export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}')
- make test
-}
-sha512sums="77c40e390da5747d10135dbe3652051e727a42e57eee7d7659d48bb284e64b94b006b6b7c0deea2354e46e2f50aeacff9299f4ca2a0c221de59d58e869f929eb DateTime-TimeZone-2.19.tar.gz"
+
+sha512sums="4e9bf442775ba58c6539a88e3e15ef8fc93aa4dbc6916034eeb0505930ee3cd83ce3d6de6f0e6c437a60fbdde3ecef0842740430f6af8579d0bbda2332bd7bc0 DateTime-TimeZone-2.43.tar.gz"
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
index 435c0428f4..6179607fc1 100644
--- a/main/postgresql/APKBUILD
+++ b/main/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: G.J.R. Timmer <gjr.timmer@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=postgresql
-pkgver=11.9
+pkgver=11.10
pkgrel=0
pkgdesc="A sophisticated object-relational DBMS"
url="https://www.postgresql.org/"
@@ -36,6 +36,10 @@ builddir="$srcdir/$pkgname-$pkgver"
options="!checkroot"
# secfixes:
+# 11.10-r0:
+# - CVE-2020-25694
+# - CVE-2020-25695
+# - CVE-2020-25696
# 11.9-r0:
# - CVE-2020-14349
# - CVE-2020-14350
@@ -312,7 +316,7 @@ _submv() {
done
}
-sha512sums="2c5c2f51aa01f02af4aa0849441767383e30fef69dd52efa442892f39d2456bfa8bf01f633a265e00eca0745e792609d2c1d33f77d8f29a02f5f374c84f2bf6e postgresql-11.9.tar.bz2
+sha512sums="0cc0e9b0f76e00727dc699ea59a45d760d37d91ec736a62cbc9bda3e38eb1ef1565e4e399dd3ae96bad87f866e56e364f916de7740d8be6e1cfc2bf654dfbb68 postgresql-11.10.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/main/py-django/APKBUILD b/main/py-django/APKBUILD
index b5168c142b..479ba87cf7 100644
--- a/main/py-django/APKBUILD
+++ b/main/py-django/APKBUILD
@@ -3,7 +3,7 @@
pkgname=py-django
_pkgname=Django
pkgver=1.11.29
-pkgrel=0
+pkgrel=1
pkgdesc="A high-level Python Web framework"
url="http://djangoproject.com/"
arch="noarch"
@@ -12,10 +12,16 @@ depends="py-tz"
makedepends="python2-dev python3-dev py-setuptools"
options="!check" # some depends missing, others in community/testing
subpackages="py2-${pkgname#py-}:_py2 py3-${pkgname#py-}:_py3"
-source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
+source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz
+ CVE-2020-24583.patch
+ CVE-2020-24584.patch
+ "
builddir="$srcdir"/$_pkgname-$pkgver
# secfixes:
+# 1.11.29-r1:
+# - CVE-2020-24583
+# - CVE-2020-24584
# 1.11.29-r0:
# - CVE-2020-9402
# 1.11.28-r0:
@@ -99,4 +105,6 @@ _py() {
done
}
-sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz"
+sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz
+e4eda8069558471268f2e8a705877b3f682adac80221ade5ba742476f897eb3a13d82af7367083b707186e4a49de4f7a6beaadc05274d10b9c88cb2f169ff1a9 CVE-2020-24583.patch
+4fde0868b63a739c28e066665e098bb7a667fe81311a839ff7d1dfff13cb67751271be6e88b4f245aa3ebcbd2bb856730418f3006f7820405cd54bf951e98faf CVE-2020-24584.patch"
diff --git a/main/py-django/CVE-2020-24583.patch b/main/py-django/CVE-2020-24583.patch
new file mode 100644
index 0000000000..b21c6b8ead
--- /dev/null
+++ b/main/py-django/CVE-2020-24583.patch
@@ -0,0 +1,29 @@
+From bbf6bd8a50a02d5015a2b0043abfbf2b4e6acce6 Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Fri, 11 Dec 2020 02:07:01 -0300
+Subject: [PATCH 1/2] CVE-2020-24583
+
+---
+ django/core/files/storage.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/django/core/files/storage.py b/django/core/files/storage.py
+index 98c89dd..9643198 100644
+--- a/django/core/files/storage.py
++++ b/django/core/files/storage.py
+@@ -310,9 +310,9 @@ class FileSystemStorage(Storage):
+ if not os.path.exists(directory):
+ try:
+ if self.directory_permissions_mode is not None:
+- # os.makedirs applies the global umask, so we reset it,
+- # for consistency with file_permissions_mode behavior.
+- old_umask = os.umask(0)
++ # Set the umask because os.makedirs() doesn't apply the "mode"
++ # argument to intermediate-level directories.
++ old_umask = os.umask(0o777 & ~self.directory_permissions_mode)
+ try:
+ os.makedirs(directory, self.directory_permissions_mode)
+ finally:
+--
+2.29.2
+
diff --git a/main/py-django/CVE-2020-24584.patch b/main/py-django/CVE-2020-24584.patch
new file mode 100644
index 0000000000..fa4dc132a5
--- /dev/null
+++ b/main/py-django/CVE-2020-24584.patch
@@ -0,0 +1,30 @@
+From 13e83e6f60d9ed91316c975425bc4b89c130ec9c Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Fri, 11 Dec 2020 02:08:48 -0300
+Subject: [PATCH 2/2] CVE-2020-24584
+
+---
+ django/core/cache/backends/filebased.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/django/core/cache/backends/filebased.py b/django/core/cache/backends/filebased.py
+index 7c2c5c7..88cebef 100644
+--- a/django/core/cache/backends/filebased.py
++++ b/django/core/cache/backends/filebased.py
+@@ -102,8 +102,13 @@ class FileBasedCache(BaseCache):
+
+ def _createdir(self):
+ if not os.path.exists(self._dir):
++ # Set the umask because os.makedirs() doesn't apply the "mode" argument
++ # to intermediate-level directories.
++ old_umask = os.umask(0o077)
+ try:
+ os.makedirs(self._dir, 0o700)
++ finally:
++ os.umask(old_umask)
+ except OSError as e:
+ if e.errno != errno.EEXIST:
+ raise EnvironmentError(
+--
+2.29.2
+
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index bea34bb801..c6e0ec7acc 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squid
-pkgver=4.10
+pkgver=4.13
pkgrel=0
pkgdesc="A full-featured Web proxy cache server."
url="http://www.squid-cache.org"
@@ -29,6 +29,14 @@ builddir="$srcdir"/$pkgname-$pkgver
options="!check" # does not work. Error message is about "applet not found", some issue with the installed busybox
# secfixes:
+# 4.13-r0:
+# - CVE-2020-15810
+# - CVE-2020-15811
+# - CVE-2020-24606
+# 4.11-r0:
+# - CVE-2019-12519
+# - CVE-2019-12521
+# - CVE-2020-11945
# 4.10-r0:
# - CVE-2019-12528
# - CVE-2020-8449
@@ -112,7 +120,8 @@ squid_kerb_auth() {
install -d "$subpkgdir"/usr/lib/squid
mv "$pkgdir"/usr/lib/squid/squid_kerb_auth "$subpkgdir"/usr/lib/squid/
}
-sha512sums="033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0 squid-4.10.tar.xz
+
+sha512sums="06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc squid-4.13.tar.xz
15d95f7d787be8c2e6619ef1661fd8aae8d2c1ede706748764644c7dc3d7c34515ef6e8b7543295fddc4e767bbd74a7cf8c42e77cf60b3d574ff11b3f6e336c9 squid.initd
7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd
89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate"
diff --git a/main/tcpdump/APKBUILD b/main/tcpdump/APKBUILD
index b06d0b297a..97112e5802 100644
--- a/main/tcpdump/APKBUILD
+++ b/main/tcpdump/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tcpdump
pkgver=4.9.3
-pkgrel=0
+pkgrel=1
pkgdesc="A tool for network monitoring and data acquisition"
url="http://www.tcpdump.org"
arch="all"
@@ -9,9 +9,13 @@ license="BSD-3-Clause"
options="!check" # fail on ppc64le
makedepends="libpcap-dev openssl-dev perl"
subpackages="$pkgname-doc"
-source="http://www.$pkgname.org/release/$pkgname-$pkgver.tar.gz"
+source="http://www.$pkgname.org/release/$pkgname-$pkgver.tar.gz
+ CVE-2020-8037.patch
+ "
# secfixes:
+# 4.9.3-r1:
+# - CVE-2020-8037
# 4.9.3-r0:
# - CVE-2017-16808 (AoE)
# - CVE-2018-14468 (FrameRelay)
@@ -111,4 +115,5 @@ package() {
rm -f "$pkgdir"/usr/sbin/tcpdump.4*
}
-sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz"
+sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz
+f53b5557ad2c68c28bbd6121b637ade43937ce4956fa9c2c8b187e8c62726c018509eb728f7f7479d078c9018f091f64114944b2d6106e6214662899f880445a CVE-2020-8037.patch"
diff --git a/main/tcpdump/CVE-2020-8037.patch b/main/tcpdump/CVE-2020-8037.patch
new file mode 100644
index 0000000000..2852845eb7
--- /dev/null
+++ b/main/tcpdump/CVE-2020-8037.patch
@@ -0,0 +1,63 @@
+From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001
+From: Guy Harris <guy@alum.mit.edu>
+Date: Sat, 18 Apr 2020 14:04:59 -0700
+Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer.
+
+The buffer should be big enough to hold the captured data, but it
+doesn't need to be big enough to hold the entire on-the-network packet,
+if we haven't captured all of it.
+
+(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334)
+---
+ print-ppp.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/print-ppp.c b/print-ppp.c
+index 891761728..33fb03412 100644
+--- a/print-ppp.c
++++ b/print-ppp.c
+@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo,
+ return 0;
+ }
+
++/*
++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
++ * The length argument is the on-the-wire length, not the captured
++ * length; we can only un-escape the captured part.
++ */
+ static void
+ ppp_hdlc(netdissect_options *ndo,
+ const u_char *p, int length)
+ {
++ u_int caplen = ndo->ndo_snapend - p;
+ u_char *b, *t, c;
+ const u_char *s;
+- int i, proto;
++ u_int i;
++ int proto;
+ const void *se;
+
++ if (caplen == 0)
++ return;
++
+ if (length <= 0)
+ return;
+
+- b = (u_char *)malloc(length);
++ b = (u_char *)malloc(caplen);
+ if (b == NULL)
+ return;
+
+@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo,
+ * Do this so that we dont overwrite the original packet
+ * contents.
+ */
+- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
++ for (s = p, t = b, i = caplen; i != 0; i--) {
+ c = *s++;
+ if (c == 0x7d) {
+- if (i <= 1 || !ND_TTEST(*s))
++ if (i <= 1)
+ break;
+ i--;
+ c = *s++ ^ 0x20;
diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD
index f70b03cab1..3d271c761f 100644
--- a/main/tzdata/APKBUILD
+++ b/main/tzdata/APKBUILD
@@ -5,7 +5,7 @@ pkgname=tzdata
pkgver=2020c
_tzcodever=2020c
_ptzver=0.5
-pkgrel=0
+pkgrel=1
pkgdesc="Timezone data"
url="https://www.iana.org/time-zones"
arch="all"
@@ -32,11 +32,11 @@ build() {
}
package() {
- ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo $_timezones
- ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/right -L leapseconds $_timezones
- #./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/posix $_timezones
+ ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo $_timezones
+ ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/right -L leapseconds $_timezones
+ #./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/posix $_timezones
- ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo -p America/New_York
+ ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo -p America/New_York
install -m444 -t "$pkgdir"/usr/share/zoneinfo iso3166.tab zone1970.tab zone.tab
mkdir -p "$pkgdir"/usr/sbin
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index c58c8f4c22..cdd5e4beef 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -167,7 +167,6 @@ options="!strip"
# 4.11.3-r0:
# - CVE-2019-19579 XSA-306
# 4.11.3-r1:
-# - CVE-2019-19579 XSA-306
# - CVE-2019-19582 XSA-307
# - CVE-2019-19583 XSA-308
# - CVE-2019-19578 XSA-309
diff --git a/main/xorg-server/APKBUILD b/main/xorg-server/APKBUILD
index 767e58f190..8577904393 100644
--- a/main/xorg-server/APKBUILD
+++ b/main/xorg-server/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=xorg-server
pkgver=1.20.3
-pkgrel=1
+pkgrel=2
pkgdesc="X.Org X servers"
url="http://xorg.freedesktop.org"
arch="all"
@@ -61,10 +61,19 @@ source="https://www.x.org/releases/individual/xserver/$pkgname-$pkgver.tar.bz2
autoconfig-sis.patch
fix-musl-arm.patch
20-modules.conf
+ CVE-2020-14345.patch
+ CVE-2020-14346.patch
+ CVE-2020-14361.patch
+ CVE-2020-14362.patch
"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
+# 1.20.3-r2:
+# - CVE-2020-14345
+# - CVE-2020-14346
+# - CVE-2020-14361
+# - CVE-2020-14362
# 1.20.3-r0:
# - CVE-2018-14665
# 1.19.5-r0:
@@ -181,8 +190,13 @@ xwayland() {
mv "$pkgdir"/usr/bin/Xwayland "$subpkgdir"/usr/bin/
}
+
sha512sums="ee44554f86df4297f54c5871fe7a18954eeef4338775a25f36d6577b279c4775f61128da71b86cfaeadcc080838d6749dede138d4db178866579da2056543fba xorg-server-1.20.3.tar.bz2
4dcaa60fbfc61636e7220a24a72bba19984a6dc752061cb40b1bd566c0e614d08927b6c223ffaaaa05636765fddacdc3113fde55d25fd09cd0c786ff44f51447 autoconfig-nvidia.patch
30a78f4278edd535c45ee3f80933427cb029a13abaa4b041f816515fdd8f64f00b9c6aef50d4eba2aaf0d4f333e730399864fd97fa18891273601c77a6637200 autoconfig-sis.patch
b799e757a22a61ac283adbd7a8df1ad4eccce0bb6cac38a0c962ba8438bba3cf6637a65bb64859e7b32399fca672283a49960207e186c271ba574580de360d09 fix-musl-arm.patch
-95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf"
+95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf
+3e411cb0af272b3f89ce9b8bb7e35eef703b4a01d8722331aaf3d365cd7867a28deee8d5224ceb8fe0cd63e9cf600f05d7360aa5ffb4c0ae2655e80e6430f7f9 CVE-2020-14345.patch
+6981bb37302e6c6afc6e389698eef1e1021577a6ac54a81ec0470cc198a975274db8a2b6d9ecd0b22a1c8bb6aff07d37030c3cd451467452e6a05203f942e296 CVE-2020-14346.patch
+4acf43c8a08a3ee3012cf9ae1af517bf8f7cc493316e6d9f5b55f39b205f22406b757618024e70ed98f9c56baa238ed166bcf8aa26995d33183e1e323c48f9c8 CVE-2020-14361.patch
+0fa92233e405b74de6dc4ee144d995581f0ab7fbf7ee5f8410e4a842496724ac9425ed6406881d005e4fc70d01d4d05c4aff83491683f3e270e9ba360cb94d52 CVE-2020-14362.patch"
diff --git a/main/xorg-server/CVE-2020-14345.patch b/main/xorg-server/CVE-2020-14345.patch
new file mode 100644
index 0000000000..677bcbce38
--- /dev/null
+++ b/main/xorg-server/CVE-2020-14345.patch
@@ -0,0 +1,178 @@
+From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:46:32 +0200
+Subject: [PATCH] Correct bounds checking in XkbSetNames()
+
+CVE-2020-14345 / ZDI 11428
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 48 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index d93078a6e3..8e016cd746 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT;
+ #define CHK_REQ_KEY_RANGE(err,first,num,r) \
+ CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue)
+
++static Bool
++_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) {
++ char *cstuff = (char *)stuff;
++ char *cfrom = (char *)from;
++ char *cto = (char *)to;
++
++ return cfrom < cto &&
++ cfrom >= cstuff &&
++ cfrom < cstuff + ((size_t)client->req_len << 2) &&
++ cto >= cstuff &&
++ cto <= cstuff + ((size_t)client->req_len << 2);
++}
++
+ /***====================================================================***/
+
+ int
+@@ -4048,6 +4061,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ client->errorValue = _XkbErrCode2(0x04, stuff->firstType);
+ return BadAccess;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes))
++ return BadLength;
+ old = tmp;
+ tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad);
+ if (!tmp) {
+@@ -4077,6 +4092,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ }
+ width = (CARD8 *) tmp;
+ tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels));
++ if (!_XkbCheckRequestBounds(client, stuff, width, tmp))
++ return BadLength;
+ type = &xkb->map->types[stuff->firstKTLevel];
+ for (i = 0; i < stuff->nKTLevels; i++, type++) {
+ if (width[i] == 0)
+@@ -4086,6 +4103,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ type->num_levels, width[i]);
+ return BadMatch;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i]))
++ return BadLength;
+ tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad);
+ if (!tmp) {
+ client->errorValue = bad;
+@@ -4098,6 +4117,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ client->errorValue = 0x08;
+ return BadMatch;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp,
++ tmp + Ones(stuff->indicators)))
++ return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators,
+ client->swapped, &bad);
+ if (!tmp) {
+@@ -4110,6 +4132,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ client->errorValue = 0x09;
+ return BadMatch;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp,
++ tmp + Ones(stuff->virtualMods)))
++ return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods,
+ (CARD32) stuff->virtualMods,
+ client->swapped, &bad);
+@@ -4123,6 +4148,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ client->errorValue = 0x0a;
+ return BadMatch;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp,
++ tmp + Ones(stuff->groupNames)))
++ return BadLength;
+ tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups,
+ (CARD32) stuff->groupNames,
+ client->swapped, &bad);
+@@ -4144,9 +4172,14 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ stuff->nKeys);
+ return BadValue;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys))
++ return BadLength;
+ tmp += stuff->nKeys;
+ }
+ if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) {
++ if (!_XkbCheckRequestBounds(client, stuff, tmp,
++ tmp + (stuff->nKeyAliases * 2)))
++ return BadLength;
+ tmp += stuff->nKeyAliases * 2;
+ }
+ if (stuff->which & XkbRGNamesMask) {
+@@ -4154,6 +4187,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev,
+ client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups);
+ return BadValue;
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp,
++ tmp + stuff->nRadioGroups))
++ return BadLength;
+ tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad);
+ if (!tmp) {
+ client->errorValue = bad;
+@@ -4347,6 +4383,8 @@ ProcXkbSetNames(ClientPtr client)
+ /* check device-independent stuff */
+ tmp = (CARD32 *) &stuff[1];
+
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbKeycodesNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+@@ -4354,6 +4392,8 @@ ProcXkbSetNames(ClientPtr client)
+ return BadAtom;
+ }
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbGeometryNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+@@ -4361,6 +4401,8 @@ ProcXkbSetNames(ClientPtr client)
+ return BadAtom;
+ }
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbSymbolsNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+@@ -4368,6 +4410,8 @@ ProcXkbSetNames(ClientPtr client)
+ return BadAtom;
+ }
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbPhysSymbolsNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+@@ -4375,6 +4419,8 @@ ProcXkbSetNames(ClientPtr client)
+ return BadAtom;
+ }
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbTypesNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+@@ -4382,6 +4428,8 @@ ProcXkbSetNames(ClientPtr client)
+ return BadAtom;
+ }
+ }
++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1))
++ return BadLength;
+ if (stuff->which & XkbCompatNameMask) {
+ tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad);
+ if (!tmp) {
+--
+GitLab
+
diff --git a/main/xorg-server/CVE-2020-14346.patch b/main/xorg-server/CVE-2020-14346.patch
new file mode 100644
index 0000000000..a2b771c2cf
--- /dev/null
+++ b/main/xorg-server/CVE-2020-14346.patch
@@ -0,0 +1,31 @@
+From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:49:04 +0200
+Subject: [PATCH] Fix XIChangeHierarchy() integer underflow
+
+CVE-2020-14346 / ZDI-CAN-11429
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ Xi/xichangehierarchy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
+index cbdd912581..504defe566 100644
+--- a/Xi/xichangehierarchy.c
++++ b/Xi/xichangehierarchy.c
+@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
+ if (!stuff->num_changes)
+ return rc;
+
+- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
++ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
+
+ any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
+ while (stuff->num_changes--) {
+--
+GitLab
+
diff --git a/main/xorg-server/CVE-2020-14361.patch b/main/xorg-server/CVE-2020-14361.patch
new file mode 100644
index 0000000000..f17d8e7fc0
--- /dev/null
+++ b/main/xorg-server/CVE-2020-14361.patch
@@ -0,0 +1,31 @@
+From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:52:29 +0200
+Subject: [PATCH] Fix XkbSelectEvents() integer underflow
+
+CVE-2020-14361 ZDI-CAN 11573
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ xkb/xkbSwap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c
+index 1c1ed5ff46..50cabb90e5 100644
+--- a/xkb/xkbSwap.c
++++ b/xkb/xkbSwap.c
+@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
+ register unsigned bit, ndx, maskLeft, dataLeft, size;
+
+ from.c8 = (CARD8 *) &stuff[1];
+- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
++ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
+ maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
+ for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
+ if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
+--
+GitLab
+
diff --git a/main/xorg-server/CVE-2020-14362.patch b/main/xorg-server/CVE-2020-14362.patch
new file mode 100644
index 0000000000..8f16804473
--- /dev/null
+++ b/main/xorg-server/CVE-2020-14362.patch
@@ -0,0 +1,65 @@
+From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:55:01 +0200
+Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow
+
+CVE-2020-14362 ZDI-CAN-11574
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ record/record.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/record/record.c b/record/record.c
+index f2d38c877e..be154525d2 100644
+--- a/record/record.c
++++ b/record/record.c
+@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client)
+ } /* SProcRecordQueryVersion */
+
+ static int _X_COLD
+-SwapCreateRegister(xRecordRegisterClientsReq * stuff)
++SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
+ {
+ int i;
+ XID *pClientID;
+@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff)
+ swapl(&stuff->nRanges);
+ pClientID = (XID *) &stuff[1];
+ if (stuff->nClients >
+- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq))
++ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq))
+ return BadLength;
+ for (i = 0; i < stuff->nClients; i++, pClientID++) {
+ swapl(pClientID);
+ }
+ if (stuff->nRanges >
+- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)
++ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
+ - stuff->nClients)
+ return BadLength;
+ RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
+@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client)
+
+ swaps(&stuff->length);
+ REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq);
+- if ((status = SwapCreateRegister((void *) stuff)) != Success)
++ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
+ return status;
+ return ProcRecordCreateContext(client);
+ } /* SProcRecordCreateContext */
+@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client)
+
+ swaps(&stuff->length);
+ REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq);
+- if ((status = SwapCreateRegister((void *) stuff)) != Success)
++ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
+ return status;
+ return ProcRecordRegisterClients(client);
+ } /* SProcRecordRegisterClients */
+--
+GitLab
+