diff options
224 files changed, 15198 insertions, 6359 deletions
diff --git a/community/exim/APKBUILD b/community/exim/APKBUILD index d15a819b70a..e7b54529c89 100644 --- a/community/exim/APKBUILD +++ b/community/exim/APKBUILD @@ -38,8 +38,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2019-13917 # 4.92-r0: # - CVE-2019-10149 -# 4.91-r0: -# - CVE-2018-6789 # 4.89-r5: # - CVE-2017-1000369 # 4.89-r7: diff --git a/community/ffmpeg/APKBUILD b/community/ffmpeg/APKBUILD index 132ec41c6e7..564265cf85a 100644 --- a/community/ffmpeg/APKBUILD +++ b/community/ffmpeg/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ffmpeg -pkgver=4.0.4 +pkgver=4.0.6 pkgrel=0 pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix" url="https://ffmpeg.org/" @@ -22,6 +22,12 @@ source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.0.6-r0: +# - CVE-2019-12730 +# - CVE-2019-13390 +# - CVE-2019-17539 +# - CVE-2019-17542 +# - CVE-2020-13904 # 4.0.4-r0: # - CVE-2018-15822 # - CVE-2019-9718 @@ -117,5 +123,5 @@ libs() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="b7f66f5b38df4114f96fd85e42c6a42cb9673d4ca042d6775d1b64b7966cc9833e01bfa83e429e2cff8f2ecdd7dea44ede135aca75c31a7ed706e7384657196c ffmpeg-4.0.4.tar.xz +sha512sums="46e631393b3c1ed6332f738b650085c6639ddc82519d78900ab97e28bebe8d7a0d356b0721b1773488fb88fcfa9eb438ff2a92789883a6ad59c4b739250815b8 ffmpeg-4.0.6.tar.xz 32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch" diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD index 9deb7dea4ae..12da1198b68 100644 --- a/community/firefox-esr/APKBUILD +++ b/community/firefox-esr/APKBUILD @@ -154,7 +154,6 @@ ldpath="$_mozappdir" # - CVE-2018-5117 # 52.5.2-r0: # - CVE-2017-7843 -# - CVE-2017-7843 prepare() { default_prepare diff --git a/community/graphicsmagick/APKBUILD b/community/graphicsmagick/APKBUILD index 6729d759b95..3c3e5bfcdcb 100644 --- a/community/graphicsmagick/APKBUILD +++ b/community/graphicsmagick/APKBUILD @@ -13,7 +13,7 @@ source="https://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagi options="libtool !check" builddir="$srcdir"/GraphicsMagick-$pkgver -# security fixes: +# secfixes: # 1.3.27-r0: # - CVE-2017-11102 # - CVE-2017-14314 diff --git a/community/opam/APKBUILD b/community/opam/APKBUILD index ba96c310292..cd135c39f1b 100644 --- a/community/opam/APKBUILD +++ b/community/opam/APKBUILD @@ -1,21 +1,20 @@ # Contributor: Michael Zuo <muh.muhten@gmail.com> +# Contributor: Sora Morimoto <sora@morimoto.io> # Maintainer: Anil Madhavapeddy <anil@recoil.org> pkgname=opam -pkgver=2.0.1 +pkgver=2.0.7 pkgrel=0 pkgdesc="OCaml Package Manager" url="https://opam.ocaml.org" -arch="all !x86 !armhf !armv7 !s390x" # ocaml not avail on excluded platforms +arch="all !x86 !armhf !armv7 !s390x !mips !mips64" # ocaml not avail on excluded platforms license="LGPL-2.1" -depends="ocaml curl xz tar unzip rsync patch bubblewrap bash" +depends="ocaml curl tar unzip rsync patch bubblewrap bash" makedepends="ocaml-compiler-libs" -source="https://github.com/ocaml/$pkgname/releases/download/$pkgver/$pkgname-full-$pkgver.tar.gz" +source="https://github.com/ocaml/opam/releases/download/$pkgver/opam-full-$pkgver.tar.gz" builddir="$srcdir/$pkgname-full-$pkgver" subpackages="$pkgname-doc" build() { - cd "$builddir" - ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -30,13 +29,11 @@ build() { } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } check() { - cd "$builddir" make tests } -sha512sums="add6cd77067cddadd4be5d79699713211f5f2796c1e1931048eb5fc4f0127eca56e1f81d43335327ae04e2144186d9ce759e844d2a125ef27f22c26cd8153e3c opam-full-2.0.1.tar.gz" +sha512sums="670af4935bba0679c65f6592b7a52b1d429b604eb261e40b13cf72312aeb0bab0c5a76829a555fc5379a0371c352692cbabc46b460fcd9bf32b3cfebdaeceb81 opam-full-2.0.7.tar.gz" diff --git a/community/openjdk7/APKBUILD b/community/openjdk7/APKBUILD index d955112f889..0d011c7ba45 100644 --- a/community/openjdk7/APKBUILD +++ b/community/openjdk7/APKBUILD @@ -2,11 +2,11 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openjdk7 -_icedteaver=2.6.18 +_icedteaver=2.6.22 _icedteaversrc=$_icedteaver # pkgver is <JDK version>.<JDK update> # check icedtea JDK when updating -pkgver=7.221.$_icedteaver +pkgver=7.261.$_icedteaver pkgrel=0 pkgdesc="OpenJDK 7 via IcedTea" url="https://icedtea.classpath.org/" @@ -73,7 +73,6 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta https://archive.apache.org/dist/ant/binaries/apache-ant-$ANT_VER-bin.tar.gz https://github.com/mozilla/rhino/releases/download/Rhino${RHINO_VER//./_}_Release/rhino-$RHINO_VER.zip - icedtea-pr64174.patch icedtea-hotspot-musl.patch icedtea-hotspot-musl-ppc.patch icedtea-hotspot-noagent-musl.patch @@ -83,26 +82,68 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaversrc.ta icedtea-jdk-fix-ipv6-init.patch icedtea-jdk-musl.patch icedtea-jdk-no-soname.patch + icedtea-jdk-revert-7fdd0d6ef2d3.patch + icedtea-jdk-revert-a32dc7400435.patch icedtea-cpio.patch " # secfixes: +# 7.261.2.6.22-r0: +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2773 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2830 +# 7.251.2.6.21-r0: +# - CVE-2020-2583 +# - CVE-2020-2590 +# - CVE-2020-2593 +# - CVE-2020-2601 +# - CVE-2020-2604 +# - CVE-2020-2654 +# - CVE-2020-2659 +# 7.241.2.6.20-r0: +# - CVE-2019-2894 +# - CVE-2019-2933 +# - CVE-2019-2945 +# - CVE-2019-2949 +# - CVE-2019-2958 +# - CVE-2019-2962 +# - CVE-2019-2964 +# - CVE-2019-2973 +# - CVE-2019-2978 +# - CVE-2019-2981 +# - CVE-2019-2983 +# - CVE-2019-2987 +# - CVE-2019-2988 +# - CVE-2019-2989 +# - CVE-2019-2992 +# - CVE-2019-2999 +# 7.231.2.6.19-r0: +# - CVE-2019-2766 +# - CVE-2019-2769 +# - CVE-2019-2786 +# - CVE-2019-2816 +# - CVE-2019-2842 # 7.221.2.6.18-r0: -# - CVE-2019-2602 -# - CVE-2019-2684 -# - CVE-2019-2698 +# - CVE-2019-2602 +# - CVE-2019-2684 +# - CVE-2019-2698 # 7.211.2.6.17-r0: -# - CVE-2018-11212 -# - CVE-2019-2422 -# - CVE_2019-2426 +# - CVE-2018-11212 +# - CVE-2019-2422 +# - CVE_2019-2426 # 7.201.2.6.16-r0: -# - CVE-2018-3136 -# - CVE-2018-3139 -# - CVE-2018-3149 -# - CVE-2018-3169 -# - CVE-2018-3180 -# - CVE-2018-3214 -# - CVE-2018-13785 +# - CVE-2018-3136 +# - CVE-2018-3139 +# - CVE-2018-3149 +# - CVE-2018-3169 +# - CVE-2018-3180 +# - CVE-2018-3214 +# - CVE-2018-13785 builddir="$srcdir/icedtea-$_icedteaver" @@ -271,24 +312,25 @@ doc() { mv "$pkgdir"/$INSTALL_BASE/man "$subpkgdir"/$INSTALL_BASE/ } -sha512sums="202038af902c7619e787c3f55ccc4ab5b758a72e4c841d17065809d2331ed4f8ed7a2bce753917d9e6215525ba56840793c9a9850142e865edde1a92a7e5806d icedtea-2.6.18.tar.xz -af8bbdad44448fb73d4f8ac87c00fa2198b7d6a401b9af9c8330768aa5ca395b50ff85f053b02a3e6d4b166b0a8f7badf6bd3c983cc9b2e35f157d0389983982 openjdk-2.6.18.tar.bz2 -0c688037efebbea1175ae26fc77be205cb43f8de886b00a6d89d35666c523bad8dbde3be636a428bff1331e89c4a6acf2aefc5611e65e4a3a7b617e240c536bf corba-2.6.18.tar.bz2 -0a23f37bf35537333d93c88e6f3e018af32f9019ec081e679a4f204848851f4fbcf47f2c0e58e27b8a0c5fdfc9897d427070e62022afcfc42ad70bb413f12c1e jaxp-2.6.18.tar.bz2 -1b2b8fd93e9f94af202c3816b4ecaa8c0809d5eed5962ff57f2edd15232abcaa11d4ac74bfb5b9f9121e5cdec3ea33559ebcc5605d8aa1fd013152abafe14aa9 jaxws-2.6.18.tar.bz2 -82d8b69f6ba3eeb3825275506704b793b5c3ea416da04319fd62948c7fa9db9a4bcb96b0b43d13fc58fbaf2f8d4b5eea098d98d5da68977cb41f9614e8c30933 jdk-2.6.18.tar.bz2 -b64c832474295b3c8d3a22a906b156555171128002c1870d071c98902f7b611d8d0f0dab4c98bf21a102011a7bf2a542d0207cdbe23433a77073670a17eb6322 langtools-2.6.18.tar.bz2 -bff77060aa4ccceec62fc14a1c47ba6d31d510353050b9b213ef87a58b82132e5cad72c59ff38f50a2c290fd2cfd84e0db9768e205d72865b6fc4b6d15fb5f0c hotspot-2.6.18.tar.bz2 +sha512sums="28c96cd2971ce381f0bd1c2a7fe6443602ad89dc0dd5a48d533e3c1a473421bdb98abf5e38117409f305bab7c6c8fecf95e854e8da8acf022966014539916b5c icedtea-2.6.22.tar.xz +7e2027e0b32b34f63eb771aad0273313d963d455f11f635e6b268b49a7f390d9ef2ff2913f2b9f09b6959abbdc060788a1ad8da9ae221b0889054ec4120f9867 openjdk-2.6.22.tar.bz2 +105b9a40d2a65d106e2d59524b0ed24edc72f46f2383d5645d7dd1f09ea9359e76b07ce1712433c7ce1062c5c49f45937acbfe293cfb27379d9a412f03589324 corba-2.6.22.tar.bz2 +696f17f0ef263668fa775bfb65630dcbe5c673fd7b153eff598fc7a7ba60c99b3f6b5f8e82949f3ebf16f506a9158797227c7263292a04b63a8653189dd9bfbb jaxp-2.6.22.tar.bz2 +406d9066e66d38a6cfd697f594e6955a625b685fd7dd83eb774243a9c3bbeeef13a9f6fc5c9fa9b3e2de561264831779edc7af312f1df08c29315d97f5b71e9e jaxws-2.6.22.tar.bz2 +f2d6370b1bc5ee011670229b0d001f08e49aa688dfdaa196b5eb5db1484ce06046c6cf8415bb09ecca6810472f3211988a5a1cd42cdca805b3b56be8b6cd5bcd jdk-2.6.22.tar.bz2 +df11b0d172c1493870ce3aabca076c16f73c2e2f50ac6beac921c72c6bf925a8b879cf8754b19d2d6dd0407f9baadeb597719c6f5972c97f5a5f7567bf98fcb1 langtools-2.6.22.tar.bz2 +f7652d0e6c1fe33ed7fe0d6f0c36daffc6509bb92818d5eaaf183fd9e8afc1a2fca9d547a2c087aa41134d5da0da4c647b5cdad11b9a520cf9a94cc1a548e219 hotspot-2.6.22.tar.bz2 0da12cb0f761b8cb76e042449e7d93f43236e7bc948e337215470a70031f0a2dda6d1b508f9397b283808d84c4ebddb31558fe1cd8e6e6469c1dd390d69ec6e7 apache-ant-1.9.11-bin.tar.gz 1b9e8721749e81c5420a00af1e00ee0e4f48624ccb4e9aa969032114116ad50f59b254d4d16d74feff74de64157cc8b0a2ead9b555907c84b7055b796fba9a75 rhino-1.7.7.2.zip -dbebef0b6246ffaba8d10e1b672821b55e69950961dcfd265f8b37a8123a71bd80b33a1e4f1ea27343e08803744138687c6ee367e4158bc3540f5d886c0e9cb4 icedtea-pr64174.patch f62b942f0bacda8e37d0f1876d8ba14ddb4fc55a7d5fd1019463744927f40f422a85e9ee051948d566242f5a785aa28f275eb58768611283cba89af91235f43c icedtea-hotspot-musl.patch e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch e7a2c1771bb582d427041f8d22e48c0daf8f20d7c0926cbce3549d49c4e949359ee25a35682b486e82f3e390535c950c5beee3bd8d06fb5a717b50f2d9b2a6bc icedtea-hotspot-noagent-musl.patch 822eee0dc4d3ba677a289dfeb3668b536d2d626708390a9d9702fb4144a481fd443a215a0d2041c6026113837aafa4ba0b5e9ead8589d2da6717a238bbc95a5a icedtea-hotspot-uclibc-fixes.patch -213a537de5f011cb39d608515c3413513ac75fb93593f9a9ef4205f71d72bdd8b097c80db185f7b26021d5bb85045b866f34f3478482dc4189972d8614a13458 icedtea-jdk-fix-build.patch +8fadeee6ea9886c7ee3118a1abaee2fbd04931a3ba880062bc97397ad30aab114a83542c888461a5a8a1d131c4e73920872317c96620e2a8c4689620adf9e9c3 icedtea-jdk-fix-build.patch 0391970e6a32946aa3cccf38fdef9c0fe2af26cd0df824b98aa2fcfa1bf661d4a68e339bffcfd16f386c565fc68bb28a29208a67d4bad8a0e847ad02bd8becbb icedtea-jdk-execinfo.patch 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch 44a35941c80f408d0607e32763b3b6ccee21e1d39886309327d3d74d2900117e4346ef59e77c663fd022fec10ee8f365eeb46c1260014d5765d226ce175ce3c5 icedtea-jdk-musl.patch bf4b184e170f7b0ff64ab30d2162784fe2bd5460d1fa31973259f7065fd4c511c46f97724fe2bd72bb94e9006cb568d0e0c87d1a9c90819e65880f8f44830bb1 icedtea-jdk-no-soname.patch +9a14c023662c25fc3338c60ba9e6ece625bf2db774776e0c633e5cc866d5c6daf160e90b164832b12eb304fcf65bf30b5d38f20cb7f97f01f6736bfa572ef4fc icedtea-jdk-revert-7fdd0d6ef2d3.patch +f4ee0ede2b62e81971e79bd7d382c09847488656bfa27a7346cd5a92f478bcf67cd10aa632989836a49e87ee435c3de831ad4c71f824113f55c61361895a7af8 icedtea-jdk-revert-a32dc7400435.patch a54c79c82afa1bc95265397b274260584c8b8c6be1651ddfb907d9523a809ea4581409e0d3fb0bbb63ef5a204e8ce29b7940e78cd640af1f490ae938c59129b6 icedtea-cpio.patch" diff --git a/community/openjdk7/icedtea-jdk-fix-build.patch b/community/openjdk7/icedtea-jdk-fix-build.patch index 9fae895b662..c8daa6fb2a5 100644 --- a/community/openjdk7/icedtea-jdk-fix-build.patch +++ b/community/openjdk7/icedtea-jdk-fix-build.patch @@ -22,7 +22,7 @@ Fixes three issues: +LDFLAGS_DEFS_OPTION = LDFLAGS_COMMON += $(LDFLAGS_DEFS_OPTION) - # + LDFLAGS_RELRO_OPTION = -Xlinker -z -Xlinker relro @@ -407,7 +407,7 @@ # the library itself should not. # diff --git a/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch b/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch new file mode 100644 index 00000000000..071a13c2eff --- /dev/null +++ b/community/openjdk7/icedtea-jdk-revert-7fdd0d6ef2d3.patch @@ -0,0 +1,1450 @@ +Revert 7fdd0d6ef2d3 due build error +This laos reverts a fix for CVE-2019-2745 +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/ECDSAOperations.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,206 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-package sun.security.ec; +- +-import sun.security.ec.point.*; +-import sun.security.util.ArrayUtil; +-import sun.security.util.Function; +-import sun.security.util.Optional; +-import sun.security.util.math.*; +-import static sun.security.ec.ECOperations.IntermediateValueException; +- +-import java.security.ProviderException; +-import java.security.spec.*; +- +-public class ECDSAOperations { +- +- public static class Seed { +- private final byte[] seedValue; +- +- public Seed(byte[] seedValue) { +- this.seedValue = seedValue; +- } +- +- public byte[] getSeedValue() { +- return seedValue; +- } +- } +- +- public static class Nonce { +- private final byte[] nonceValue; +- +- public Nonce(byte[] nonceValue) { +- this.nonceValue = nonceValue; +- } +- +- public byte[] getNonceValue() { +- return nonceValue; +- } +- } +- +- private final ECOperations ecOps; +- private final AffinePoint basePoint; +- +- public ECDSAOperations(ECOperations ecOps, ECPoint basePoint) { +- this.ecOps = ecOps; +- this.basePoint = toAffinePoint(basePoint, ecOps.getField()); +- } +- +- public ECOperations getEcOperations() { +- return ecOps; +- } +- +- public AffinePoint basePointMultiply(byte[] scalar) { +- return ecOps.multiply(basePoint, scalar).asAffine(); +- } +- +- public static AffinePoint toAffinePoint(ECPoint point, +- IntegerFieldModuloP field) { +- +- ImmutableIntegerModuloP affineX = field.getElement(point.getAffineX()); +- ImmutableIntegerModuloP affineY = field.getElement(point.getAffineY()); +- return new AffinePoint(affineX, affineY); +- } +- +- public static +- Optional<ECDSAOperations> forParameters(final ECParameterSpec ecParams) { +- Optional<ECOperations> curveOps = +- ECOperations.forParameters(ecParams); +- return curveOps.map(new Function<ECOperations, ECDSAOperations>() { +- @Override +- public ECDSAOperations apply(ECOperations ops) { +- return new ECDSAOperations(ops, ecParams.getGenerator()); +- } +- }); +- } +- +- /** +- * +- * Sign a digest using the provided private key and seed. +- * IMPORTANT: The private key is a scalar represented using a +- * little-endian byte array. This is backwards from the conventional +- * representation in ECDSA. The routines that produce and consume this +- * value uses little-endian, so this deviation from convention removes +- * the requirement to swap the byte order. The returned signature is in +- * the conventional byte order. +- * +- * @param privateKey the private key scalar as a little-endian byte array +- * @param digest the digest to be signed +- * @param seed the seed that will be used to produce the nonce. This object +- * should contain an array that is at least 64 bits longer than +- * the number of bits required to represent the group order. +- * @return the ECDSA signature value +- * @throws IntermediateValueException if the signature cannot be produced +- * due to an unacceptable intermediate or final value. If this +- * exception is thrown, then the caller should discard the nonnce and +- * try again with an entirely new nonce value. +- */ +- public byte[] signDigest(byte[] privateKey, byte[] digest, Seed seed) +- throws IntermediateValueException { +- +- byte[] nonceArr = ecOps.seedToScalar(seed.getSeedValue()); +- +- Nonce nonce = new Nonce(nonceArr); +- return signDigest(privateKey, digest, nonce); +- } +- +- /** +- * +- * Sign a digest using the provided private key and nonce. +- * IMPORTANT: The private key and nonce are scalars represented by a +- * little-endian byte array. This is backwards from the conventional +- * representation in ECDSA. The routines that produce and consume these +- * values use little-endian, so this deviation from convention removes +- * the requirement to swap the byte order. The returned signature is in +- * the conventional byte order. +- * +- * @param privateKey the private key scalar as a little-endian byte array +- * @param digest the digest to be signed +- * @param nonce the nonce object containing a little-endian scalar value. +- * @return the ECDSA signature value +- * @throws IntermediateValueException if the signature cannot be produced +- * due to an unacceptable intermediate or final value. If this +- * exception is thrown, then the caller should discard the nonnce and +- * try again with an entirely new nonce value. +- */ +- public byte[] signDigest(byte[] privateKey, byte[] digest, Nonce nonce) +- throws IntermediateValueException { +- +- IntegerFieldModuloP orderField = ecOps.getOrderField(); +- int orderBits = orderField.getSize().bitLength(); +- if (orderBits % 8 != 0 && orderBits < digest.length * 8) { +- // This implementation does not support truncating digests to +- // a length that is not a multiple of 8. +- throw new ProviderException("Invalid digest length"); +- } +- +- byte[] k = nonce.getNonceValue(); +- // check nonce length +- int length = (orderField.getSize().bitLength() + 7) / 8; +- if (k.length != length) { +- throw new ProviderException("Incorrect nonce length"); +- } +- +- MutablePoint R = ecOps.multiply(basePoint, k); +- IntegerModuloP r = R.asAffine().getX(); +- // put r into the correct field by fully reducing to an array +- byte[] temp = new byte[length]; +- r.asByteArray(temp); +- r = orderField.getElement(temp); +- // store r in result +- r.asByteArray(temp); +- byte[] result = new byte[2 * length]; +- ArrayUtil.reverse(temp); +- System.arraycopy(temp, 0, result, 0, length); +- // compare r to 0 +- if (ECOperations.allZero(temp)) { +- throw new IntermediateValueException(); +- } +- +- IntegerModuloP dU = orderField.getElement(privateKey); +- int lengthE = Math.min(length, digest.length); +- byte[] E = new byte[lengthE]; +- System.arraycopy(digest, 0, E, 0, lengthE); +- ArrayUtil.reverse(E); +- IntegerModuloP e = orderField.getElement(E); +- IntegerModuloP kElem = orderField.getElement(k); +- IntegerModuloP kInv = kElem.multiplicativeInverse(); +- MutableIntegerModuloP s = r.mutable(); +- s.setProduct(dU).setSum(e).setProduct(kInv); +- // store s in result +- s.asByteArray(temp); +- ArrayUtil.reverse(temp); +- System.arraycopy(temp, 0, result, length, length); +- // compare s to 0 +- if (ECOperations.allZero(temp)) { +- throw new IntermediateValueException(); +- } +- +- return result; +- +- } +- +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECOperations.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/ECOperations.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,499 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-package sun.security.ec; +- +-import sun.security.ec.point.*; +-import sun.security.util.Optional; +-import sun.security.util.math.*; +-import sun.security.util.math.intpoly.*; +- +-import java.math.BigInteger; +-import java.security.ProviderException; +-import java.security.spec.ECFieldFp; +-import java.security.spec.ECParameterSpec; +-import java.security.spec.EllipticCurve; +-import java.util.Collections; +-import java.util.HashMap; +-import java.util.Map; +- +-/* +- * Elliptic curve point arithmetic for prime-order curves where a=-3. +- * Formulas are derived from "Complete addition formulas for prime order +- * elliptic curves" by Renes, Costello, and Batina. +- */ +- +-public class ECOperations { +- +- /* +- * An exception indicating a problem with an intermediate value produced +- * by some part of the computation. For example, the signing operation +- * will throw this exception to indicate that the r or s value is 0, and +- * that the signing operation should be tried again with a different nonce. +- */ +- static class IntermediateValueException extends Exception { +- private static final long serialVersionUID = 1; +- } +- +- static final Map<BigInteger, IntegerFieldModuloP> fields; +- +- static final Map<BigInteger, IntegerFieldModuloP> orderFields; +- +- static { +- Map<BigInteger, IntegerFieldModuloP> map = new HashMap<>(); +- map.put(IntegerPolynomialP256.MODULUS, new IntegerPolynomialP256()); +- map.put(IntegerPolynomialP384.MODULUS, new IntegerPolynomialP384()); +- map.put(IntegerPolynomialP521.MODULUS, new IntegerPolynomialP521()); +- fields = Collections.unmodifiableMap(map); +- map = new HashMap<>(); +- map.put(P256OrderField.MODULUS, new P256OrderField()); +- map.put(P384OrderField.MODULUS, new P384OrderField()); +- map.put(P521OrderField.MODULUS, new P521OrderField()); +- orderFields = Collections.unmodifiableMap(map); +- } +- +- public static Optional<ECOperations> forParameters(ECParameterSpec params) { +- +- EllipticCurve curve = params.getCurve(); +- if (!(curve.getField() instanceof ECFieldFp)) { +- return Optional.empty(); +- } +- ECFieldFp primeField = (ECFieldFp) curve.getField(); +- +- BigInteger three = BigInteger.valueOf(3); +- if (!primeField.getP().subtract(curve.getA()).equals(three)) { +- return Optional.empty(); +- } +- IntegerFieldModuloP field = fields.get(primeField.getP()); +- if (field == null) { +- return Optional.empty(); +- } +- +- IntegerFieldModuloP orderField = orderFields.get(params.getOrder()); +- if (orderField == null) { +- return Optional.empty(); +- } +- +- ImmutableIntegerModuloP b = field.getElement(curve.getB()); +- ECOperations ecOps = new ECOperations(b, orderField); +- return Optional.of(ecOps); +- } +- +- final ImmutableIntegerModuloP b; +- final SmallValue one; +- final SmallValue two; +- final SmallValue three; +- final SmallValue four; +- final ProjectivePoint.Immutable neutral; +- private final IntegerFieldModuloP orderField; +- +- public ECOperations(IntegerModuloP b, IntegerFieldModuloP orderField) { +- this.b = b.fixed(); +- this.orderField = orderField; +- +- this.one = b.getField().getSmallValue(1); +- this.two = b.getField().getSmallValue(2); +- this.three = b.getField().getSmallValue(3); +- this.four = b.getField().getSmallValue(4); +- +- IntegerFieldModuloP field = b.getField(); +- this.neutral = new ProjectivePoint.Immutable(field.get0(), +- field.get1(), field.get0()); +- } +- +- public IntegerFieldModuloP getField() { +- return b.getField(); +- } +- public IntegerFieldModuloP getOrderField() { +- return orderField; +- } +- +- protected ProjectivePoint.Immutable getNeutral() { +- return neutral; +- } +- +- public boolean isNeutral(Point p) { +- ProjectivePoint<?> pp = (ProjectivePoint<?>) p; +- +- IntegerModuloP z = pp.getZ(); +- +- IntegerFieldModuloP field = z.getField(); +- int byteLength = (field.getSize().bitLength() + 7) / 8; +- byte[] zBytes = z.asByteArray(byteLength); +- return allZero(zBytes); +- } +- +- byte[] seedToScalar(byte[] seedBytes) +- throws IntermediateValueException { +- +- // Produce a nonce from the seed using FIPS 186-4,section B.5.1: +- // Per-Message Secret Number Generation Using Extra Random Bits +- // or +- // Produce a scalar from the seed using FIPS 186-4, section B.4.1: +- // Key Pair Generation Using Extra Random Bits +- +- // To keep the implementation simple, sample in the range [0,n) +- // and throw IntermediateValueException in the (unlikely) event +- // that the result is 0. +- +- // Get 64 extra bits and reduce in to the nonce +- int seedBits = orderField.getSize().bitLength() + 64; +- if (seedBytes.length * 8 < seedBits) { +- throw new ProviderException("Incorrect seed length: " + +- seedBytes.length * 8 + " < " + seedBits); +- } +- +- // input conversion only works on byte boundaries +- // clear high-order bits of last byte so they don't influence nonce +- int lastByteBits = seedBits % 8; +- if (lastByteBits != 0) { +- int lastByteIndex = seedBits / 8; +- byte mask = (byte) (0xFF >>> (8 - lastByteBits)); +- seedBytes[lastByteIndex] &= mask; +- } +- +- int seedLength = (seedBits + 7) / 8; +- IntegerModuloP scalarElem = +- orderField.getElement(seedBytes, 0, seedLength, (byte) 0); +- int scalarLength = (orderField.getSize().bitLength() + 7) / 8; +- byte[] scalarArr = new byte[scalarLength]; +- scalarElem.asByteArray(scalarArr); +- if (ECOperations.allZero(scalarArr)) { +- throw new IntermediateValueException(); +- } +- return scalarArr; +- } +- +- /* +- * Compare all values in the array to 0 without branching on any value +- * +- */ +- public static boolean allZero(byte[] arr) { +- byte acc = 0; +- for (int i = 0; i < arr.length; i++) { +- acc |= arr[i]; +- } +- return acc == 0; +- } +- +- /* +- * 4-bit branchless array lookup for projective points. +- */ +- private void lookup4(ProjectivePoint.Immutable[] arr, int index, +- ProjectivePoint.Mutable result, IntegerModuloP zero) { +- +- for (int i = 0; i < 16; i++) { +- int xor = index ^ i; +- int bit3 = (xor & 0x8) >>> 3; +- int bit2 = (xor & 0x4) >>> 2; +- int bit1 = (xor & 0x2) >>> 1; +- int bit0 = (xor & 0x1); +- int inverse = bit0 | bit1 | bit2 | bit3; +- int set = 1 - inverse; +- +- ProjectivePoint.Immutable pi = arr[i]; +- result.conditionalSet(pi, set); +- } +- } +- +- private void double4(ProjectivePoint.Mutable p, MutableIntegerModuloP t0, +- MutableIntegerModuloP t1, MutableIntegerModuloP t2, +- MutableIntegerModuloP t3, MutableIntegerModuloP t4) { +- +- for (int i = 0; i < 4; i++) { +- setDouble(p, t0, t1, t2, t3, t4); +- } +- } +- +- /** +- * Multiply an affine point by a scalar and return the result as a mutable +- * point. +- * +- * @param affineP the point +- * @param s the scalar as a little-endian array +- * @return the product +- */ +- public MutablePoint multiply(AffinePoint affineP, byte[] s) { +- +- // 4-bit windowed multiply with branchless lookup. +- // The mixed addition is faster, so it is used to construct the array +- // at the beginning of the operation. +- +- IntegerFieldModuloP field = affineP.getX().getField(); +- ImmutableIntegerModuloP zero = field.get0(); +- // temporaries +- MutableIntegerModuloP t0 = zero.mutable(); +- MutableIntegerModuloP t1 = zero.mutable(); +- MutableIntegerModuloP t2 = zero.mutable(); +- MutableIntegerModuloP t3 = zero.mutable(); +- MutableIntegerModuloP t4 = zero.mutable(); +- +- ProjectivePoint.Mutable result = new ProjectivePoint.Mutable(field); +- result.getY().setValue(field.get1().mutable()); +- +- ProjectivePoint.Immutable[] pointMultiples = +- new ProjectivePoint.Immutable[16]; +- // 0P is neutral---same as initial result value +- pointMultiples[0] = result.fixed(); +- +- ProjectivePoint.Mutable ps = new ProjectivePoint.Mutable(field); +- ps.setValue(affineP); +- // 1P = P +- pointMultiples[1] = ps.fixed(); +- +- // the rest are calculated using mixed point addition +- for (int i = 2; i < 16; i++) { +- setSum(ps, affineP, t0, t1, t2, t3, t4); +- pointMultiples[i] = ps.fixed(); +- } +- +- ProjectivePoint.Mutable lookupResult = ps.mutable(); +- +- for (int i = s.length - 1; i >= 0; i--) { +- +- double4(result, t0, t1, t2, t3, t4); +- +- int high = (0xFF & s[i]) >>> 4; +- lookup4(pointMultiples, high, lookupResult, zero); +- setSum(result, lookupResult, t0, t1, t2, t3, t4); +- +- double4(result, t0, t1, t2, t3, t4); +- +- int low = 0xF & s[i]; +- lookup4(pointMultiples, low, lookupResult, zero); +- setSum(result, lookupResult, t0, t1, t2, t3, t4); +- } +- +- return result; +- +- } +- +- /* +- * Point double +- */ +- private void setDouble(ProjectivePoint.Mutable p, MutableIntegerModuloP t0, +- MutableIntegerModuloP t1, MutableIntegerModuloP t2, +- MutableIntegerModuloP t3, MutableIntegerModuloP t4) { +- +- t0.setValue(p.getX()).setSquare(); +- t1.setValue(p.getY()).setSquare(); +- t2.setValue(p.getZ()).setSquare(); +- t3.setValue(p.getX()).setProduct(p.getY()); +- t4.setValue(p.getY()).setProduct(p.getZ()); +- +- t3.setSum(t3); +- p.getZ().setProduct(p.getX()); +- +- p.getZ().setProduct(two); +- +- p.getY().setValue(t2).setProduct(b); +- p.getY().setDifference(p.getZ()); +- +- p.getX().setValue(p.getY()).setProduct(two); +- p.getY().setSum(p.getX()); +- p.getY().setReduced(); +- p.getX().setValue(t1).setDifference(p.getY()); +- +- p.getY().setSum(t1); +- p.getY().setProduct(p.getX()); +- p.getX().setProduct(t3); +- +- t3.setValue(t2).setProduct(two); +- t2.setSum(t3); +- p.getZ().setProduct(b); +- +- t2.setReduced(); +- p.getZ().setDifference(t2); +- p.getZ().setDifference(t0); +- t3.setValue(p.getZ()).setProduct(two); +- p.getZ().setReduced(); +- p.getZ().setSum(t3); +- t0.setProduct(three); +- +- t0.setDifference(t2); +- t0.setProduct(p.getZ()); +- p.getY().setSum(t0); +- +- t4.setSum(t4); +- p.getZ().setProduct(t4); +- +- p.getX().setDifference(p.getZ()); +- p.getZ().setValue(t4).setProduct(t1); +- +- p.getZ().setProduct(four); +- +- } +- +- /* +- * Mixed point addition. This method constructs new temporaries each time +- * it is called. For better efficiency, the method that reuses temporaries +- * should be used if more than one sum will be computed. +- */ +- public void setSum(MutablePoint p, AffinePoint p2) { +- +- IntegerModuloP zero = p.getField().get0(); +- MutableIntegerModuloP t0 = zero.mutable(); +- MutableIntegerModuloP t1 = zero.mutable(); +- MutableIntegerModuloP t2 = zero.mutable(); +- MutableIntegerModuloP t3 = zero.mutable(); +- MutableIntegerModuloP t4 = zero.mutable(); +- setSum((ProjectivePoint.Mutable) p, p2, t0, t1, t2, t3, t4); +- +- } +- +- /* +- * Mixed point addition +- */ +- private void setSum(ProjectivePoint.Mutable p, AffinePoint p2, +- MutableIntegerModuloP t0, MutableIntegerModuloP t1, +- MutableIntegerModuloP t2, MutableIntegerModuloP t3, +- MutableIntegerModuloP t4) { +- +- t0.setValue(p.getX()).setProduct(p2.getX()); +- t1.setValue(p.getY()).setProduct(p2.getY()); +- t3.setValue(p2.getX()).setSum(p2.getY()); +- t4.setValue(p.getX()).setSum(p.getY()); +- p.getX().setReduced(); +- t3.setProduct(t4); +- t4.setValue(t0).setSum(t1); +- +- t3.setDifference(t4); +- t4.setValue(p2.getY()).setProduct(p.getZ()); +- t4.setSum(p.getY()); +- +- p.getY().setValue(p2.getX()).setProduct(p.getZ()); +- p.getY().setSum(p.getX()); +- t2.setValue(p.getZ()); +- p.getZ().setProduct(b); +- +- p.getX().setValue(p.getY()).setDifference(p.getZ()); +- p.getX().setReduced(); +- p.getZ().setValue(p.getX()).setProduct(two); +- p.getX().setSum(p.getZ()); +- +- p.getZ().setValue(t1).setDifference(p.getX()); +- p.getX().setSum(t1); +- p.getY().setProduct(b); +- +- t1.setValue(t2).setProduct(two); +- t2.setSum(t1); +- t2.setReduced(); +- p.getY().setDifference(t2); +- +- p.getY().setDifference(t0); +- p.getY().setReduced(); +- t1.setValue(p.getY()).setProduct(two); +- p.getY().setSum(t1); +- +- t1.setValue(t0).setProduct(two); +- t0.setSum(t1); +- t0.setDifference(t2); +- +- t1.setValue(t4).setProduct(p.getY()); +- t2.setValue(t0).setProduct(p.getY()); +- p.getY().setValue(p.getX()).setProduct(p.getZ()); +- +- p.getY().setSum(t2); +- p.getX().setProduct(t3); +- p.getX().setDifference(t1); +- +- p.getZ().setProduct(t4); +- t1.setValue(t3).setProduct(t0); +- p.getZ().setSum(t1); +- +- } +- +- /* +- * Projective point addition +- */ +- private void setSum(ProjectivePoint.Mutable p, ProjectivePoint.Mutable p2, +- MutableIntegerModuloP t0, MutableIntegerModuloP t1, +- MutableIntegerModuloP t2, MutableIntegerModuloP t3, +- MutableIntegerModuloP t4) { +- +- t0.setValue(p.getX()).setProduct(p2.getX()); +- t1.setValue(p.getY()).setProduct(p2.getY()); +- t2.setValue(p.getZ()).setProduct(p2.getZ()); +- +- t3.setValue(p.getX()).setSum(p.getY()); +- t4.setValue(p2.getX()).setSum(p2.getY()); +- t3.setProduct(t4); +- +- t4.setValue(t0).setSum(t1); +- t3.setDifference(t4); +- t4.setValue(p.getY()).setSum(p.getZ()); +- +- p.getY().setValue(p2.getY()).setSum(p2.getZ()); +- t4.setProduct(p.getY()); +- p.getY().setValue(t1).setSum(t2); +- +- t4.setDifference(p.getY()); +- p.getX().setSum(p.getZ()); +- p.getY().setValue(p2.getX()).setSum(p2.getZ()); +- +- p.getX().setProduct(p.getY()); +- p.getY().setValue(t0).setSum(t2); +- p.getY().setAdditiveInverse().setSum(p.getX()); +- p.getY().setReduced(); +- +- p.getZ().setValue(t2).setProduct(b); +- p.getX().setValue(p.getY()).setDifference(p.getZ()); +- p.getZ().setValue(p.getX()).setProduct(two); +- +- p.getX().setSum(p.getZ()); +- p.getX().setReduced(); +- p.getZ().setValue(t1).setDifference(p.getX()); +- p.getX().setSum(t1); +- +- p.getY().setProduct(b); +- t1.setValue(t2).setSum(t2); +- t2.setSum(t1); +- t2.setReduced(); +- +- p.getY().setDifference(t2); +- p.getY().setDifference(t0); +- p.getY().setReduced(); +- t1.setValue(p.getY()).setSum(p.getY()); +- +- p.getY().setSum(t1); +- t1.setValue(t0).setProduct(two); +- t0.setSum(t1); +- +- t0.setDifference(t2); +- t1.setValue(t4).setProduct(p.getY()); +- t2.setValue(t0).setProduct(p.getY()); +- +- p.getY().setValue(p.getX()).setProduct(p.getZ()); +- p.getY().setSum(t2); +- p.getX().setProduct(t3); +- +- p.getX().setDifference(t1); +- p.getZ().setProduct(t4); +- t1.setValue(t3).setProduct(t0); +- +- p.getZ().setSum(t1); +- +- } +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/point/AffinePoint.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,76 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.ec.point; +- +-import sun.security.util.math.ImmutableIntegerModuloP; +- +-import java.util.Objects; +- +-/** +- * Elliptic curve point represented using affine coordinates (x, y). This class +- * is not part of the sun.security.ec.point.Point hierarchy because it is not +- * used to hold intermediate values during point arithmetic, and so it does not +- * have a mutable form. +- */ +-public class AffinePoint { +- +- private final ImmutableIntegerModuloP x; +- private final ImmutableIntegerModuloP y; +- +- public AffinePoint(ImmutableIntegerModuloP x, ImmutableIntegerModuloP y) { +- this.x = x; +- this.y = y; +- } +- +- public ImmutableIntegerModuloP getX() { +- return x; +- } +- +- public ImmutableIntegerModuloP getY() { +- return y; +- } +- +- @Override +- public boolean equals(Object obj) { +- if (!(obj instanceof AffinePoint)) { +- return false; +- } +- AffinePoint p = (AffinePoint) obj; +- boolean xEquals = x.asBigInteger().equals(p.x.asBigInteger()); +- boolean yEquals = y.asBigInteger().equals(p.y.asBigInteger()); +- return xEquals && yEquals; +- } +- +- @Override +- public int hashCode() { +- return Objects.hash(x, y); +- } +- +- @Override +- public String toString() { +- return "(" + x.asBigInteger().toString() + "," + +- y.asBigInteger().toString() + ")"; +- } +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/point/ImmutablePoint.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,32 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-package sun.security.ec.point; +- +-/** +- * An interface for immutable points on an elliptic curve over a finite field. +- */ +-public interface ImmutablePoint extends Point { +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/point/MutablePoint.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,37 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-package sun.security.ec.point; +- +-/** +- * An interface for mutable points on an elliptic curve over a finite field. +- */ +-public interface MutablePoint extends Point { +- +- MutablePoint setValue(AffinePoint p); +- MutablePoint setValue(Point p); +- MutablePoint conditionalSet(Point p, int set); +- +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/Point.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/point/Point.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,45 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-package sun.security.ec.point; +- +-import sun.security.util.math.IntegerFieldModuloP; +- +-/** +- * A base interface for points on an elliptic curve over a finite field. +- * Implementations may use different representations for points, and this +- * interface creates a common API for manipulating points. This API has no +- * methods for point arithmetic, which depends on group structure and curve +- * parameters in addition to point representation. +- */ +-public interface Point { +- +- IntegerFieldModuloP getField(); +- AffinePoint asAffine(); +- +- ImmutablePoint fixed(); +- MutablePoint mutable(); +- +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/ec/point/ProjectivePoint.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,160 +0,0 @@ +-/* +- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.ec.point; +- +-import sun.security.util.math.*; +- +-/** +- * Elliptic curve point in projective coordinates (X, Y, Z) where +- * an affine point (x, y) is represented using any (X, Y, Z) s.t. +- * x = X/Z and y = Y/Z. +- */ +-public abstract class ProjectivePoint +- <T extends IntegerModuloP> implements Point { +- +- protected final T x; +- protected final T y; +- protected final T z; +- +- protected ProjectivePoint(T x, T y, T z) { +- +- this.x = x; +- this.y = y; +- this.z = z; +- } +- +- @Override +- public IntegerFieldModuloP getField() { +- return this.x.getField(); +- } +- +- @Override +- public Immutable fixed() { +- return new Immutable(x.fixed(), y.fixed(), z.fixed()); +- } +- +- @Override +- public Mutable mutable() { +- return new Mutable(x.mutable(), y.mutable(), z.mutable()); +- } +- +- public T getX() { +- return x; +- } +- +- public T getY() { +- return y; +- } +- +- public T getZ() { +- return z; +- } +- +- public AffinePoint asAffine() { +- IntegerModuloP zInv = z.multiplicativeInverse(); +- return new AffinePoint(x.multiply(zInv), y.multiply(zInv)); +- } +- +- public static class Immutable +- extends ProjectivePoint<ImmutableIntegerModuloP> +- implements ImmutablePoint { +- +- public Immutable(ImmutableIntegerModuloP x, +- ImmutableIntegerModuloP y, +- ImmutableIntegerModuloP z) { +- super(x, y, z); +- } +- } +- +- public static class Mutable +- extends ProjectivePoint<MutableIntegerModuloP> +- implements MutablePoint { +- +- public Mutable(MutableIntegerModuloP x, +- MutableIntegerModuloP y, +- MutableIntegerModuloP z) { +- super(x, y, z); +- } +- +- public Mutable(IntegerFieldModuloP field) { +- super(field.get0().mutable(), +- field.get0().mutable(), +- field.get0().mutable()); +- } +- +- @Override +- public Mutable conditionalSet(Point p, int set) { +- if (!(p instanceof ProjectivePoint)) { +- throw new RuntimeException("Incompatible point"); +- } +- @SuppressWarnings("unchecked") +- ProjectivePoint<IntegerModuloP> pp = +- (ProjectivePoint<IntegerModuloP>) p; +- return conditionalSet(pp, set); +- } +- +- private <T extends IntegerModuloP> +- Mutable conditionalSet(ProjectivePoint<T> pp, int set) { +- +- x.conditionalSet(pp.x, set); +- y.conditionalSet(pp.y, set); +- z.conditionalSet(pp.z, set); +- +- return this; +- } +- +- @Override +- public Mutable setValue(AffinePoint p) { +- x.setValue(p.getX()); +- y.setValue(p.getY()); +- z.setValue(p.getX().getField().get1()); +- +- return this; +- } +- +- @Override +- public Mutable setValue(Point p) { +- if (!(p instanceof ProjectivePoint)) { +- throw new RuntimeException("Incompatible point"); +- } +- @SuppressWarnings("unchecked") +- ProjectivePoint<IntegerModuloP> pp = +- (ProjectivePoint<IntegerModuloP>) p; +- return setValue(pp); +- } +- +- private <T extends IntegerModuloP> +- Mutable setValue(ProjectivePoint<T> pp) { +- +- x.setValue(pp.x); +- y.setValue(pp.y); +- z.setValue(pp.z); +- +- return this; +- } +- +- } +- +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Function.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/Function.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,44 +0,0 @@ +-/* +- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-/** +- * Represents a function that accepts one argument and produces a result. +- * +- * @param <T> the type of the input to the function +- * @param <R> the type of the result of the function +- * +- * @since 1.8 +- */ +-public interface Function<T, R> { +- +- /** +- * Applies this function to the given argument. +- * +- * @param t the function argument +- * @return the function result +- */ +- R apply(T t); +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Optional.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/Optional.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,271 +0,0 @@ +-/* +- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-import java.util.Objects; +-import java.util.NoSuchElementException; +- +-/** +- * A container object which may or may not contain a non-null value. +- * If a value is present, {@code isPresent()} will return {@code true} and +- * {@code get()} will return the value. +- * +- * <p>Additional methods that depend on the presence or absence of a contained +- * value are provided, such as {@link #orElse(java.lang.Object) orElse()} +- * (return a default value if value not present) and +- * {@link #ifPresent(java.util.function.Consumer) ifPresent()} (execute a block +- * of code if the value is present). +- * +- * <p>This is a <a href="../lang/doc-files/ValueBased.html">value-based</a> +- * class; use of identity-sensitive operations (including reference equality +- * ({@code ==}), identity hash code, or synchronization) on instances of +- * {@code Optional} may have unpredictable results and should be avoided. +- * +- * @since 1.8 +- */ +-public final class Optional<T> { +- /** +- * Common instance for {@code empty()}. +- */ +- private static final Optional<?> EMPTY = new Optional<>(); +- +- /** +- * If non-null, the value; if null, indicates no value is present +- */ +- private final T value; +- +- /** +- * Constructs an empty instance. +- * +- * @implNote Generally only one empty instance, {@link Optional#EMPTY}, +- * should exist per VM. +- */ +- private Optional() { +- this.value = null; +- } +- +- /** +- * Returns an empty {@code Optional} instance. No value is present for this +- * {@code Optional}. +- * +- * @apiNote +- * Though it may be tempting to do so, avoid testing if an object is empty +- * by comparing with {@code ==} against instances returned by +- * {@code Optional.empty()}. There is no guarantee that it is a singleton. +- * Instead, use {@link #isPresent()}. +- * +- * @param <T> The type of the non-existent value +- * @return an empty {@code Optional} +- */ +- public static<T> Optional<T> empty() { +- @SuppressWarnings("unchecked") +- Optional<T> t = (Optional<T>) EMPTY; +- return t; +- } +- +- +- /** +- * Constructs an instance with the described value. +- * +- * @param value the non-{@code null} value to describe +- * @throws NullPointerException if value is {@code null} +- */ +- private Optional(T value) { +- this.value = Objects.requireNonNull(value); +- } +- +- /** +- * Returns an {@code Optional} describing the given non-{@code null} +- * value. +- * +- * @param value the value to describe, which must be non-{@code null} +- * @param <T> the type of the value +- * @return an {@code Optional} with the value present +- * @throws NullPointerException if value is {@code null} +- */ +- public static <T> Optional<T> of(T value) { +- return new Optional<>(value); +- } +- +- /** +- * Returns an {@code Optional} describing the specified value, if non-null, +- * otherwise returns an empty {@code Optional}. +- * +- * @param <T> the class of the value +- * @param value the possibly-null value to describe +- * @return an {@code Optional} with a present value if the specified value +- * is non-null, otherwise an empty {@code Optional} +- */ +- public static <T> Optional<T> ofNullable(T value) { +- return value == null ? new Optional<T>() : of(value); +- } +- +- /** +- * If a value is present, returns the value, otherwise throws +- * {@code NoSuchElementException}. +- * +- * @apiNote +- * The preferred alternative to this method is {@link #orElseThrow()}. +- * +- * @return the non-{@code null} value described by this {@code Optional} +- * @throws NoSuchElementException if no value is present +- */ +- public T get() { +- if (value == null) { +- throw new NoSuchElementException("No value present"); +- } +- return value; +- } +- +- /** +- * If a value is present, returns {@code true}, otherwise {@code false}. +- * +- * @return {@code true} if a value is present, otherwise {@code false} +- */ +- public boolean isPresent() { +- return value != null; +- } +- +- /** +- * If a value is not present, returns {@code true}, otherwise +- * {@code false}. +- * +- * @return {@code true} if a value is not present, otherwise {@code false} +- * @since 11 +- */ +- public boolean isEmpty() { +- return value == null; +- } +- +- /** +- * If a value is present, apply the provided mapping function to it, +- * and if the result is non-null, return an {@code Optional} describing the +- * result. Otherwise return an empty {@code Optional}. +- * +- * @apiNote This method supports post-processing on optional values, without +- * the need to explicitly check for a return status. For example, the +- * following code traverses a stream of file names, selects one that has +- * not yet been processed, and then opens that file, returning an +- * {@code Optional<FileInputStream>}: +- * +- * <pre>{@code +- * Optional<FileInputStream> fis = +- * names.stream().filter(name -> !isProcessedYet(name)) +- * .findFirst() +- * .map(name -> new FileInputStream(name)); +- * }</pre> +- * +- * Here, {@code findFirst} returns an {@code Optional<String>}, and then +- * {@code map} returns an {@code Optional<FileInputStream>} for the desired +- * file if one exists. +- * +- * @param <U> The type of the result of the mapping function +- * @param mapper a mapping function to apply to the value, if present +- * @return an {@code Optional} describing the result of applying a mapping +- * function to the value of this {@code Optional}, if a value is present, +- * otherwise an empty {@code Optional} +- * @throws NullPointerException if the mapping function is null +- */ +- public<U> Optional<U> map(Function<? super T, ? extends U> mapper) { +- Objects.requireNonNull(mapper); +- if (!isPresent()) +- return empty(); +- else { +- return Optional.ofNullable(mapper.apply(value)); +- } +- } +- +- /** +- * Return the value if present, otherwise invoke {@code other} and return +- * the result of that invocation. +- * +- * @param other a {@code Supplier} whose result is returned if no value +- * is present +- * @return the value if present otherwise the result of {@code other.get()} +- * @throws NullPointerException if value is not present and {@code other} is +- * null +- */ +- public T orElseGet(Supplier<? extends T> other) { +- return value != null ? value : other.get(); +- } +- +- /** +- * Indicates whether some other object is "equal to" this {@code Optional}. +- * The other object is considered equal if: +- * <ul> +- * <li>it is also an {@code Optional} and; +- * <li>both instances have no value present or; +- * <li>the present values are "equal to" each other via {@code equals()}. +- * </ul> +- * +- * @param obj an object to be tested for equality +- * @return {@code true} if the other object is "equal to" this object +- * otherwise {@code false} +- */ +- @Override +- public boolean equals(Object obj) { +- if (this == obj) { +- return true; +- } +- +- if (!(obj instanceof Optional)) { +- return false; +- } +- +- Optional<?> other = (Optional<?>) obj; +- return Objects.equals(value, other.value); +- } +- +- /** +- * Returns the hash code of the value, if present, otherwise {@code 0} +- * (zero) if no value is present. +- * +- * @return hash code value of the present value or {@code 0} if no value is +- * present +- */ +- @Override +- public int hashCode() { +- return Objects.hashCode(value); +- } +- +- /** +- * Returns a non-empty string representation of this {@code Optional} +- * suitable for debugging. The exact presentation format is unspecified and +- * may vary between implementations and versions. +- * +- * @implSpec +- * If a value is present the result must include its string representation +- * in the result. Empty and present {@code Optional}s must be unambiguously +- * differentiable. +- * +- * @return the string representation of this instance +- */ +- @Override +- public String toString() { +- return value != null +- ? String.format("Optional[%s]", value) +- : "Optional.empty"; +- } +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Supplier.java 2019-07-14 02:30:40.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/Supplier.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,48 +0,0 @@ +-/* +- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-/** +- * Represents a supplier of results. +- * +- * <p>There is no requirement that a new or distinct result be returned each +- * time the supplier is invoked. +- * +- * <p>This is a <a href="package-summary.html">functional interface</a> +- * whose functional method is {@link #get()}. +- * +- * @param <T> the type of results supplied by this supplier +- * +- * @since 1.8 +- */ +-public interface Supplier<T> { +- +- /** +- * Gets a result. +- * +- * @return a result +- */ +- T get(); +-} diff --git a/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch b/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch new file mode 100644 index 00000000000..dc2eac62251 --- /dev/null +++ b/community/openjdk7/icedtea-jdk-revert-a32dc7400435.patch @@ -0,0 +1,1377 @@ +Revert a32dc7400435 due build error +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -38,6 +38,7 @@ + + import java.security.InvalidKeyException; + import java.security.MessageDigest; ++import java.util.Objects; + + /** + * Rijndael --pronounced Reindaal-- is a symmetric cipher with a 128-bit +@@ -347,8 +348,8 @@ + */ + void encryptBlock(byte[] in, int inOffset, + byte[] out, int outOffset) { +- // Array bound checks are done in caller code, i.e. +- // FeedbackCipher.encrypt/decrypt(...) to improve performance. ++ cryptBlockCheck(in, inOffset); ++ cryptBlockCheck(out, outOffset); + implEncryptBlock(in, inOffset, out, outOffset); + } + +@@ -425,8 +426,8 @@ + */ + void decryptBlock(byte[] in, int inOffset, + byte[] out, int outOffset) { +- // Array bound checks are done in caller code, i.e. +- // FeedbackCipher.encrypt/decrypt(...) to improve performance. ++ cryptBlockCheck(in, inOffset); ++ cryptBlockCheck(out, outOffset); + implDecryptBlock(in, inOffset, out, outOffset); + } + +@@ -587,6 +588,26 @@ + out[outOffset ] = (byte)(Si[(a0 ) & 0xFF] ^ (t1 )); + } + ++ // Used to perform all checks required by the Java semantics ++ // (i.e., null checks and bounds checks) on the input parameters ++ // to encryptBlock and to decryptBlock. ++ // Normally, the Java Runtime performs these checks, however, as ++ // encryptBlock and decryptBlock are possibly replaced with ++ // compiler intrinsics, the JDK performs the required checks instead. ++ // Does not check accesses to class-internal (private) arrays. ++ private static void cryptBlockCheck(byte[] array, int offset) { ++ Objects.requireNonNull(array); ++ ++ if (offset < 0 || offset >= array.length) { ++ throw new ArrayIndexOutOfBoundsException(offset); ++ } ++ ++ int largestIndex = offset + AES_BLOCK_SIZE - 1; ++ if (largestIndex < 0 || largestIndex >= array.length) { ++ throw new ArrayIndexOutOfBoundsException(largestIndex); ++ } ++ } ++ + /** + * Expand a user-supplied key material into a session key. + * +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -29,7 +29,6 @@ + import java.security.ProviderException; + import java.util.Objects; + +-import sun.security.util.ArrayUtil; + + /** + * This class represents ciphers in cipher block chaining (CBC) mode. +@@ -144,9 +143,9 @@ + if (plainLen <= 0) { + return plainLen; + } +- ArrayUtil.blockSizeCheck(plainLen, blockSize); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen); ++ cryptBlockSizeCheck(plainLen); ++ cryptNullAndBoundsCheck(plain, plainOffset, plainLen); ++ cryptNullAndBoundsCheck(cipher, cipherOffset, plainLen); + return implEncrypt(plain, plainOffset, plainLen, + cipher, cipherOffset); + } +@@ -194,9 +193,9 @@ + if (cipherLen <= 0) { + return cipherLen; + } +- ArrayUtil.blockSizeCheck(cipherLen, blockSize); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen); ++ cryptBlockSizeCheck(cipherLen); ++ cryptNullAndBoundsCheck(cipher, cipherOffset, cipherLen); ++ cryptNullAndBoundsCheck(plain, plainOffset, cipherLen); + return implDecrypt(cipher, cipherOffset, cipherLen, plain, plainOffset); + } + +@@ -215,4 +214,23 @@ + } + return cipherLen; + } ++ ++ private void cryptBlockSizeCheck(int len) { ++ if ((len % blockSize) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } ++ } ++ ++ private static void cryptNullAndBoundsCheck(byte[] array, int offset, int len) { ++ Objects.requireNonNull(array); ++ ++ if (offset < 0 || offset >= array.length) { ++ throw new ArrayIndexOutOfBoundsException(offset); ++ } ++ ++ int endIndex = offset + len - 1; ++ if (endIndex < 0 || endIndex >= array.length) { ++ throw new ArrayIndexOutOfBoundsException(endIndex); ++ } ++ } + } +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,6 @@ + + import java.security.InvalidKeyException; + import java.security.ProviderException; +-import sun.security.util.ArrayUtil; + + /** + * This class represents ciphers in cipher-feedback (CFB) mode. +@@ -150,9 +149,9 @@ + */ + int encrypt(byte[] plain, int plainOffset, int plainLen, + byte[] cipher, int cipherOffset) { +- ArrayUtil.blockSizeCheck(plainLen, numBytes); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen); ++ if ((plainLen % numBytes) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + + int nShift = blockSize - numBytes; + int loopCount = plainLen / numBytes; +@@ -226,10 +225,9 @@ + */ + int decrypt(byte[] cipher, int cipherOffset, int cipherLen, + byte[] plain, int plainOffset) { +- +- ArrayUtil.blockSizeCheck(cipherLen, numBytes); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen); ++ if ((cipherLen % numBytes) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + + int nShift = blockSize - numBytes; + int loopCount = cipherLen / numBytes; +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,6 @@ + + import java.security.InvalidKeyException; + +-import sun.security.util.ArrayUtil; + + /** + * This class represents ciphers in counter (CTR) mode. +@@ -174,10 +173,6 @@ + if (len == 0) { + return 0; + } +- +- ArrayUtil.nullAndBoundsCheck(in, inOff, len); +- ArrayUtil.nullAndBoundsCheck(out, outOff, len); +- + int result = len; + while (len-- > 0) { + if (used >= blockSize) { +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,6 @@ + + import java.security.InvalidKeyException; + import java.security.ProviderException; +-import sun.security.util.ArrayUtil; + + /** + * This class represents ciphers in electronic codebook (ECB) mode. +@@ -113,10 +112,9 @@ + * @return the length of the encrypted data + */ + int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) { +- ArrayUtil.blockSizeCheck(len, blockSize); +- ArrayUtil.nullAndBoundsCheck(in, inOff, len); +- ArrayUtil.nullAndBoundsCheck(out, outOff, len); +- ++ if ((len % blockSize) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + for (int i = len; i >= blockSize; i -= blockSize) { + embeddedCipher.encryptBlock(in, inOff, out, outOff); + inOff += blockSize; +@@ -143,10 +141,9 @@ + * @return the length of the decrypted data + */ + int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) { +- ArrayUtil.blockSizeCheck(len, blockSize); +- ArrayUtil.nullAndBoundsCheck(in, inOff, len); +- ArrayUtil.nullAndBoundsCheck(out, outOff, len); +- ++ if ((len % blockSize) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + for (int i = len; i >= blockSize; i -= blockSize) { + embeddedCipher.decryptBlock(in, inOff, out, outOff); + inOff += blockSize; +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,6 @@ + + import java.security.InvalidKeyException; + import java.security.ProviderException; +-import sun.security.util.ArrayUtil; + + /** + * This class represents ciphers in output-feedback (OFB) mode. +@@ -149,10 +148,10 @@ + */ + int encrypt(byte[] plain, int plainOffset, int plainLen, + byte[] cipher, int cipherOffset) { +- ArrayUtil.blockSizeCheck(plainLen, numBytes); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen); + ++ if ((plainLen % numBytes) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + int nShift = blockSize - numBytes; + int loopCount = plainLen / numBytes; + +@@ -190,9 +189,6 @@ + */ + int encryptFinal(byte[] plain, int plainOffset, int plainLen, + byte[] cipher, int cipherOffset) { +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen); +- + int oddBytes = plainLen % numBytes; + int len = encrypt(plain, plainOffset, (plainLen - oddBytes), + cipher, cipherOffset); +--- openjdk.orig/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java 2019-07-04 19:20:08.000000000 +0200 +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,6 @@ + + import java.security.InvalidKeyException; + import java.security.ProviderException; +-import sun.security.util.ArrayUtil; + + + /** +@@ -137,10 +136,9 @@ + int encrypt(byte[] plain, int plainOffset, int plainLen, + byte[] cipher, int cipherOffset) + { +- ArrayUtil.blockSizeCheck(plainLen, blockSize); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, plainLen); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, plainLen); +- ++ if ((plainLen % blockSize) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + int i; + int endIndex = plainOffset + plainLen; + +@@ -178,10 +176,9 @@ + int decrypt(byte[] cipher, int cipherOffset, int cipherLen, + byte[] plain, int plainOffset) + { +- ArrayUtil.blockSizeCheck(cipherLen, blockSize); +- ArrayUtil.nullAndBoundsCheck(cipher, cipherOffset, cipherLen); +- ArrayUtil.nullAndBoundsCheck(plain, plainOffset, cipherLen); +- ++ if ((cipherLen % blockSize) != 0) { ++ throw new ProviderException("Internal error in input buffering"); ++ } + int i; + int endIndex = cipherOffset + cipherLen; + +--- openjdk.orig/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/ArrayUtil.java 2019-07-04 19:20:08.000000000 +0200 +@@ -25,38 +25,12 @@ + + package sun.security.util; + +-import java.util.List; +-import java.security.*; +- + /** + * This class holds the various utility methods for array range checks. + */ + + public final class ArrayUtil { + +- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator = +- new Function<String, ArrayIndexOutOfBoundsException>() { +- @Override +- public ArrayIndexOutOfBoundsException apply(String x) { +- return new ArrayIndexOutOfBoundsException(x); +- } +- }; +- +- private static final BiFunction<String, List<Integer>, +- ArrayIndexOutOfBoundsException> AIOOBE_SUPPLIER = +- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator); +- +- public static void blockSizeCheck(int len, int blockSize) { +- if ((len % blockSize) != 0) { +- throw new ProviderException("Internal error in input buffering"); +- } +- } +- +- public static void nullAndBoundsCheck(byte[] array, int offset, int len) { +- // NPE is thrown when array is null +- Preconditions.checkFromIndexSize(offset, len, array.length, AIOOBE_SUPPLIER); +- } +- + private static void swap(byte[] arr, int i, int j) { + byte tmp = arr[i]; + arr[i] = arr[j]; +@@ -74,3 +48,4 @@ + } + } + } ++ +--- openjdk.orig/jdk/src/share/classes/sun/security/util/BiConsumer.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/BiConsumer.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,48 +0,0 @@ +-/* +- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-/** +- * Represents an operation that accepts two input arguments and returns no +- * result. This is the two-arity specialization of {@link Consumer}. +- * Unlike most other functional interfaces, {@code BiConsumer} is expected +- * to operate via side-effects. +- * +- * @param <T> the type of the first argument to the operation +- * @param <U> the type of the second argument to the operation +- * +- * @see Consumer +- * @since 1.8 +- */ +-public interface BiConsumer<T, U> { +- +- /** +- * Performs this operation on the given arguments. +- * +- * @param t the first input argument +- * @param u the second input argument +- */ +- void accept(T t, U u); +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/BiFunction.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/BiFunction.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,48 +0,0 @@ +-/* +- * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-/** +- * Represents a function that accepts two arguments and produces a result. +- * This is the two-arity specialization of {@link Function}. +- * +- * @param <T> the type of the first argument to the function +- * @param <U> the type of the second argument to the function +- * @param <R> the type of the result of the function +- * +- * @see Function +- * @since 1.8 +- */ +-public interface BiFunction<T, U, R> { +- +- /** +- * Applies this function to the given arguments. +- * +- * @param t the first function argument +- * @param u the second function argument +- * @return the function result +- */ +- R apply(T t, U u); +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/IntSupplier.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/IntSupplier.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,45 +0,0 @@ +-/* +- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-/** +- * Represents a supplier of {@code int}-valued results. This is the +- * {@code int}-producing primitive specialization of {@link Supplier}. +- * +- * <p>There is no requirement that a distinct result be returned each +- * time the supplier is invoked. +- * +- * @see Supplier +- * @since 1.8 +- */ +-public interface IntSupplier { +- +- /** +- * Gets a result. +- * +- * @return a result +- */ +- int getAsInt(); +-} +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/src/share/classes/sun/security/util/Preconditions.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,343 +0,0 @@ +-/* +- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. Oracle designates this +- * particular file as subject to the "Classpath" exception as provided +- * by Oracle in the LICENSE file that accompanied this code. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +-package sun.security.util; +- +-import java.util.Arrays; +-import java.util.Collections; +-import java.util.List; +- +-/** +- * Utility methods to check if state or arguments are correct. +- * +- */ +-public class Preconditions { +- +- /** +- * Maps out-of-bounds values to a runtime exception. +- * +- * @param checkKind the kind of bounds check, whose name may correspond +- * to the name of one of the range check methods, checkIndex, +- * checkFromToIndex, checkFromIndexSize +- * @param args the out-of-bounds arguments that failed the range check. +- * If the checkKind corresponds a the name of a range check method +- * then the bounds arguments are those that can be passed in order +- * to the method. +- * @param oobef the exception formatter that when applied with a checkKind +- * and a list out-of-bounds arguments returns a runtime exception. +- * If {@code null} then, it is as if an exception formatter was +- * supplied that returns {@link IndexOutOfBoundsException} for any +- * given arguments. +- * @return the runtime exception +- */ +- private static RuntimeException outOfBounds( +- BiFunction<String, List<Integer>, ? extends RuntimeException> oobef, +- String checkKind, +- Integer... args) { +- List<Integer> largs = Collections.unmodifiableList(Arrays.asList(args)); +- RuntimeException e = oobef == null +- ? null : oobef.apply(checkKind, largs); +- return e == null +- ? new IndexOutOfBoundsException(outOfBoundsMessage(checkKind, largs)) : e; +- } +- +- private static RuntimeException outOfBoundsCheckIndex( +- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe, +- int index, int length) { +- return outOfBounds(oobe, "checkIndex", index, length); +- } +- +- private static RuntimeException outOfBoundsCheckFromToIndex( +- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe, +- int fromIndex, int toIndex, int length) { +- return outOfBounds(oobe, "checkFromToIndex", fromIndex, toIndex, length); +- } +- +- private static RuntimeException outOfBoundsCheckFromIndexSize( +- BiFunction<String, List<Integer>, ? extends RuntimeException> oobe, +- int fromIndex, int size, int length) { +- return outOfBounds(oobe, "checkFromIndexSize", fromIndex, size, length); +- } +- +- /** +- * Returns an out-of-bounds exception formatter from an given exception +- * factory. The exception formatter is a function that formats an +- * out-of-bounds message from its arguments and applies that message to the +- * given exception factory to produce and relay an exception. +- * +- * <p>The exception formatter accepts two arguments: a {@code String} +- * describing the out-of-bounds range check that failed, referred to as the +- * <em>check kind</em>; and a {@code List<Integer>} containing the +- * out-of-bound integer values that failed the check. The list of +- * out-of-bound values is not modified. +- * +- * <p>Three check kinds are supported {@code checkIndex}, +- * {@code checkFromToIndex} and {@code checkFromIndexSize} corresponding +- * respectively to the specified application of an exception formatter as an +- * argument to the out-of-bounds range check methods +- * {@link #checkIndex(int, int, BiFunction) checkIndex}, +- * {@link #checkFromToIndex(int, int, int, BiFunction) checkFromToIndex}, and +- * {@link #checkFromIndexSize(int, int, int, BiFunction) checkFromIndexSize}. +- * Thus a supported check kind corresponds to a method name and the +- * out-of-bound integer values correspond to method argument values, in +- * order, preceding the exception formatter argument (similar in many +- * respects to the form of arguments required for a reflective invocation of +- * such a range check method). +- * +- * <p>Formatter arguments conforming to such supported check kinds will +- * produce specific exception messages describing failed out-of-bounds +- * checks. Otherwise, more generic exception messages will be produced in +- * any of the following cases: the check kind is supported but fewer +- * or more out-of-bounds values are supplied, the check kind is not +- * supported, the check kind is {@code null}, or the list of out-of-bound +- * values is {@code null}. +- * +- * @apiNote +- * This method produces an out-of-bounds exception formatter that can be +- * passed as an argument to any of the supported out-of-bounds range check +- * methods declared by {@code Objects}. For example, a formatter producing +- * an {@code ArrayIndexOutOfBoundsException} may be produced and stored on a +- * {@code static final} field as follows: +- * <pre>{@code +- * static final +- * BiFunction<String, List<Integer>, ArrayIndexOutOfBoundsException> AIOOBEF = +- * outOfBoundsExceptionFormatter(ArrayIndexOutOfBoundsException::new); +- * }</pre> +- * The formatter instance {@code AIOOBEF} may be passed as an argument to an +- * out-of-bounds range check method, such as checking if an {@code index} +- * is within the bounds of a {@code limit}: +- * <pre>{@code +- * checkIndex(index, limit, AIOOBEF); +- * }</pre> +- * If the bounds check fails then the range check method will throw an +- * {@code ArrayIndexOutOfBoundsException} with an appropriate exception +- * message that is a produced from {@code AIOOBEF} as follows: +- * <pre>{@code +- * AIOOBEF.apply("checkIndex", List.of(index, limit)); +- * }</pre> +- * +- * @param f the exception factory, that produces an exception from a message +- * where the message is produced and formatted by the returned +- * exception formatter. If this factory is stateless and side-effect +- * free then so is the returned formatter. +- * Exceptions thrown by the factory are relayed to the caller +- * of the returned formatter. +- * @param <X> the type of runtime exception to be returned by the given +- * exception factory and relayed by the exception formatter +- * @return the out-of-bounds exception formatter +- */ +- public static <X extends RuntimeException> +- BiFunction<String, List<Integer>, X> outOfBoundsExceptionFormatter(final Function<String, X> f) { +- // Use anonymous class to avoid bootstrap issues if this method is +- // used early in startup +- return new BiFunction<String, List<Integer>, X>() { +- @Override +- public X apply(String checkKind, List<Integer> args) { +- return f.apply(outOfBoundsMessage(checkKind, args)); +- } +- }; +- } +- +- private static String outOfBoundsMessage(String checkKind, List<Integer> args) { +- if (checkKind == null && args == null) { +- return String.format("Range check failed"); +- } else if (checkKind == null) { +- return String.format("Range check failed: %s", args); +- } else if (args == null) { +- return String.format("Range check failed: %s", checkKind); +- } +- +- int argSize = 0; +- switch (checkKind) { +- case "checkIndex": +- argSize = 2; +- break; +- case "checkFromToIndex": +- case "checkFromIndexSize": +- argSize = 3; +- break; +- default: +- } +- +- // Switch to default if fewer or more arguments than required are supplied +- switch ((args.size() != argSize) ? "" : checkKind) { +- case "checkIndex": +- return String.format("Index %d out-of-bounds for length %d", +- args.get(0), args.get(1)); +- case "checkFromToIndex": +- return String.format("Range [%d, %d) out-of-bounds for length %d", +- args.get(0), args.get(1), args.get(2)); +- case "checkFromIndexSize": +- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d", +- args.get(0), args.get(1), args.get(2)); +- default: +- return String.format("Range check failed: %s %s", checkKind, args); +- } +- } +- +- /** +- * Checks if the {@code index} is within the bounds of the range from +- * {@code 0} (inclusive) to {@code length} (exclusive). +- * +- * <p>The {@code index} is defined to be out-of-bounds if any of the +- * following inequalities is true: +- * <ul> +- * <li>{@code index < 0}</li> +- * <li>{@code index >= length}</li> +- * <li>{@code length < 0}, which is implied from the former inequalities</li> +- * </ul> +- * +- * <p>If the {@code index} is out-of-bounds, then a runtime exception is +- * thrown that is the result of applying the following arguments to the +- * exception formatter: the name of this method, {@code checkIndex}; +- * and an unmodifiable list integers whose values are, in order, the +- * out-of-bounds arguments {@code index} and {@code length}. +- * +- * @param <X> the type of runtime exception to throw if the arguments are +- * out-of-bounds +- * @param index the index +- * @param length the upper-bound (exclusive) of the range +- * @param oobef the exception formatter that when applied with this +- * method name and out-of-bounds arguments returns a runtime +- * exception. If {@code null} or returns {@code null} then, it is as +- * if an exception formatter produced from an invocation of +- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used +- * instead (though it may be more efficient). +- * Exceptions thrown by the formatter are relayed to the caller. +- * @return {@code index} if it is within bounds of the range +- * @throws X if the {@code index} is out-of-bounds and the exception +- * formatter is non-{@code null} +- * @throws IndexOutOfBoundsException if the {@code index} is out-of-bounds +- * and the exception formatter is {@code null} +- * @since 9 +- * +- * @implNote +- * This method is made intrinsic in optimizing compilers to guide them to +- * perform unsigned comparisons of the index and length when it is known the +- * length is a non-negative value (such as that of an array length or from +- * the upper bound of a loop) +- */ +- public static <X extends RuntimeException> +- int checkIndex(int index, int length, +- BiFunction<String, List<Integer>, X> oobef) { +- if (index < 0 || index >= length) +- throw outOfBoundsCheckIndex(oobef, index, length); +- return index; +- } +- +- /** +- * Checks if the sub-range from {@code fromIndex} (inclusive) to +- * {@code toIndex} (exclusive) is within the bounds of range from {@code 0} +- * (inclusive) to {@code length} (exclusive). +- * +- * <p>The sub-range is defined to be out-of-bounds if any of the following +- * inequalities is true: +- * <ul> +- * <li>{@code fromIndex < 0}</li> +- * <li>{@code fromIndex > toIndex}</li> +- * <li>{@code toIndex > length}</li> +- * <li>{@code length < 0}, which is implied from the former inequalities</li> +- * </ul> +- * +- * <p>If the sub-range is out-of-bounds, then a runtime exception is +- * thrown that is the result of applying the following arguments to the +- * exception formatter: the name of this method, {@code checkFromToIndex}; +- * and an unmodifiable list integers whose values are, in order, the +- * out-of-bounds arguments {@code fromIndex}, {@code toIndex}, and {@code length}. +- * +- * @param <X> the type of runtime exception to throw if the arguments are +- * out-of-bounds +- * @param fromIndex the lower-bound (inclusive) of the sub-range +- * @param toIndex the upper-bound (exclusive) of the sub-range +- * @param length the upper-bound (exclusive) the range +- * @param oobef the exception formatter that when applied with this +- * method name and out-of-bounds arguments returns a runtime +- * exception. If {@code null} or returns {@code null} then, it is as +- * if an exception formatter produced from an invocation of +- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used +- * instead (though it may be more efficient). +- * Exceptions thrown by the formatter are relayed to the caller. +- * @return {@code fromIndex} if the sub-range within bounds of the range +- * @throws X if the sub-range is out-of-bounds and the exception factory +- * function is non-{@code null} +- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and +- * the exception factory function is {@code null} +- * @since 9 +- */ +- public static <X extends RuntimeException> +- int checkFromToIndex(int fromIndex, int toIndex, int length, +- BiFunction<String, List<Integer>, X> oobef) { +- if (fromIndex < 0 || fromIndex > toIndex || toIndex > length) +- throw outOfBoundsCheckFromToIndex(oobef, fromIndex, toIndex, length); +- return fromIndex; +- } +- +- /** +- * Checks if the sub-range from {@code fromIndex} (inclusive) to +- * {@code fromIndex + size} (exclusive) is within the bounds of range from +- * {@code 0} (inclusive) to {@code length} (exclusive). +- * +- * <p>The sub-range is defined to be out-of-bounds if any of the following +- * inequalities is true: +- * <ul> +- * <li>{@code fromIndex < 0}</li> +- * <li>{@code size < 0}</li> +- * <li>{@code fromIndex + size > length}, taking into account integer overflow</li> +- * <li>{@code length < 0}, which is implied from the former inequalities</li> +- * </ul> +- * +- * <p>If the sub-range is out-of-bounds, then a runtime exception is +- * thrown that is the result of applying the following arguments to the +- * exception formatter: the name of this method, {@code checkFromIndexSize}; +- * and an unmodifiable list integers whose values are, in order, the +- * out-of-bounds arguments {@code fromIndex}, {@code size}, and +- * {@code length}. +- * +- * @param <X> the type of runtime exception to throw if the arguments are +- * out-of-bounds +- * @param fromIndex the lower-bound (inclusive) of the sub-interval +- * @param size the size of the sub-range +- * @param length the upper-bound (exclusive) of the range +- * @param oobef the exception formatter that when applied with this +- * method name and out-of-bounds arguments returns a runtime +- * exception. If {@code null} or returns {@code null} then, it is as +- * if an exception formatter produced from an invocation of +- * {@code outOfBoundsExceptionFormatter(IndexOutOfBounds::new)} is used +- * instead (though it may be more efficient). +- * Exceptions thrown by the formatter are relayed to the caller. +- * @return {@code fromIndex} if the sub-range within bounds of the range +- * @throws X if the sub-range is out-of-bounds and the exception factory +- * function is non-{@code null} +- * @throws IndexOutOfBoundsException if the sub-range is out-of-bounds and +- * the exception factory function is {@code null} +- * @since 9 +- */ +- public static <X extends RuntimeException> +- int checkFromIndexSize(int fromIndex, int size, int length, +- BiFunction<String, List<Integer>, X> oobef) { +- if ((length | fromIndex | size) < 0 || size > length - fromIndex) +- throw outOfBoundsCheckFromIndexSize(oobef, fromIndex, size, length); +- return fromIndex; +- } +-} +--- openjdk.orig/test/src/java/util/Objects/CheckIndex.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/test/java/util/Objects/CheckIndex.java 1970-01-01 01:00:00.000000000 +0100 +@@ -1,408 +0,0 @@ +-/* +- * Copyright (c) 2015, 2016 Oracle and/or its affiliates. All rights reserved. +- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +- * +- * This code is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. +- * +- * This code is distributed in the hope that it will be useful, but WITHOUT +- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +- * version 2 for more details (a copy is included in the LICENSE file that +- * accompanied this code). +- * +- * You should have received a copy of the GNU General Public License version +- * 2 along with this work; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-/** +- * @test +- * @summary Objects.checkIndex/jdk.internal.util.Preconditions.checkIndex tests +- * @run testng CheckIndex +- * @bug 8135248 8142493 8155794 +- */ +- +-import org.testng.annotations.DataProvider; +-import org.testng.annotations.Test; +- +-import java.util.ArrayList; +-import java.util.Arrays; +-import java.util.Collections; +-import java.util.HashSet; +-import java.util.List; +-import java.util.Objects; +-import java.util.Set; +- +-import sun.security.util.BiConsumer; +-import sun.security.util.BiFunction; +-import sun.security.util.Function; +-import sun.security.util.IntSupplier; +-import sun.security.util.Preconditions; +- +-import static org.testng.Assert.*; +- +-public class CheckIndex { +- +- private static final Function<String, IndexOutOfBoundsException> ioobeGenerator = +- new Function<String, IndexOutOfBoundsException>() { +- @Override +- public IndexOutOfBoundsException apply(String x) { +- return new IndexOutOfBoundsException(x); +- } +- }; +- +- private static final Function<String, StringIndexOutOfBoundsException> sioobeGenerator = +- new Function<String, StringIndexOutOfBoundsException>() { +- @Override +- public StringIndexOutOfBoundsException apply(String x) { +- return new StringIndexOutOfBoundsException(x); +- } +- }; +- +- private static final Function<String, ArrayIndexOutOfBoundsException> aioobeGenerator = +- new Function<String, ArrayIndexOutOfBoundsException>() { +- @Override +- public ArrayIndexOutOfBoundsException apply(String x) { +- return new ArrayIndexOutOfBoundsException(x); +- } +- }; +- +- static class AssertingOutOfBoundsException extends RuntimeException { +- public AssertingOutOfBoundsException(String message) { +- super(message); +- } +- } +- +- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBounds( +- final String message, final String expCheckKind, final Integer... expArgs) { +- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() { +- @Override +- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) { +- assertEquals(checkKind, expCheckKind); +- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs))); +- try { +- args.clear(); +- fail("Out of bounds List<Integer> argument should be unmodifiable"); +- } catch (Exception e) { +- } +- return new AssertingOutOfBoundsException(message); +- } +- }; +- } +- +- static BiFunction<String, List<Integer>, AssertingOutOfBoundsException> assertingOutOfBoundsReturnNull( +- final String expCheckKind, final Integer... expArgs) { +- return new BiFunction<String, List<Integer>, AssertingOutOfBoundsException>() { +- @Override +- public AssertingOutOfBoundsException apply(String checkKind, List<Integer> args) { +- assertEquals(checkKind, expCheckKind); +- assertEquals(args, Collections.unmodifiableList(Arrays.asList(expArgs))); +- return null; +- } +- }; +- } +- +- static final int[] VALUES = {0, 1, Integer.MAX_VALUE - 1, Integer.MAX_VALUE, -1, Integer.MIN_VALUE + 1, Integer.MIN_VALUE}; +- +- @DataProvider +- static Object[][] checkIndexProvider() { +- List<Object[]> l = new ArrayList<>(); +- for (int index : VALUES) { +- for (int length : VALUES) { +- boolean withinBounds = index >= 0 && +- length >= 0 && +- index < length; +- l.add(new Object[]{index, length, withinBounds}); +- } +- } +- return l.toArray(new Object[0][0]); +- } +- +- interface X { +- int apply(int a, int b, int c); +- } +- +- @Test(dataProvider = "checkIndexProvider") +- public void testCheckIndex(final int index, final int length, final boolean withinBounds) { +- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { index, length })); +- final String expectedMessage = withinBounds +- ? null +- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator). +- apply("checkIndex", list).getMessage(); +- +- BiConsumer<Class<? extends RuntimeException>, IntSupplier> checker = +- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() { +- @Override +- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) { +- try { +- int rIndex = s.getAsInt(); +- if (!withinBounds) +- fail(String.format( +- "Index %d is out of bounds of [0, %d), but was reported to be within bounds", index, length)); +- assertEquals(rIndex, index); +- } +- catch (RuntimeException e) { +- assertTrue(ec.isInstance(e)); +- if (withinBounds) +- fail(String.format( +- "Index %d is within bounds of [0, %d), but was reported to be out of bounds", index, length)); +- else +- assertEquals(e.getMessage(), expectedMessage); +- } +- } +- }; +- +- checker.accept(AssertingOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkIndex(index, length, +- assertingOutOfBounds(expectedMessage, "checkIndex", index, length)); +- } +- }); +- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkIndex(index, length, +- assertingOutOfBoundsReturnNull("checkIndex", index, length)); +- } +- }); +- checker.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkIndex(index, length, null); +- } +- }); +- checker.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkIndex(index, length, +- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator)); +- } +- }); +- checker.accept(StringIndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkIndex(index, length, +- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator)); +- } +- }); +- } +- +- +- @DataProvider +- static Object[][] checkFromToIndexProvider() { +- List<Object[]> l = new ArrayList<>(); +- for (int fromIndex : VALUES) { +- for (int toIndex : VALUES) { +- for (int length : VALUES) { +- boolean withinBounds = fromIndex >= 0 && +- toIndex >= 0 && +- length >= 0 && +- fromIndex <= toIndex && +- toIndex <= length; +- l.add(new Object[]{fromIndex, toIndex, length, withinBounds}); +- } +- } +- } +- return l.toArray(new Object[0][0]); +- } +- +- @Test(dataProvider = "checkFromToIndexProvider") +- public void testCheckFromToIndex(final int fromIndex, final int toIndex, +- final int length, final boolean withinBounds) { +- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, toIndex, length })); +- final String expectedMessage = withinBounds +- ? null +- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator). +- apply("checkFromToIndex", list).getMessage(); +- +- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check = +- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() { +- @Override +- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) { +- try { +- int rIndex = s.getAsInt(); +- if (!withinBounds) +- fail(String.format( +- "Range [%d, %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, toIndex, length)); +- assertEquals(rIndex, fromIndex); +- } +- catch (RuntimeException e) { +- assertTrue(ec.isInstance(e)); +- if (withinBounds) +- fail(String.format( +- "Range [%d, %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, toIndex, length)); +- else +- assertEquals(e.getMessage(), expectedMessage); +- } +- } +- }; +- +- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, +- assertingOutOfBounds(expectedMessage, "checkFromToIndex", fromIndex, toIndex, length)); +- } +- }); +- check.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, +- assertingOutOfBoundsReturnNull("checkFromToIndex", fromIndex, toIndex, length)); +- } +- }); +- check.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, null); +- } +- }); +- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, +- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator)); +- } +- }); +- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromToIndex(fromIndex, toIndex, length, +- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator)); +- } +- }); +- } +- +- +- @DataProvider +- static Object[][] checkFromIndexSizeProvider() { +- List<Object[]> l = new ArrayList<>(); +- for (int fromIndex : VALUES) { +- for (int size : VALUES) { +- for (int length : VALUES) { +- // Explicitly convert to long +- long lFromIndex = fromIndex; +- long lSize = size; +- long lLength = length; +- // Avoid overflow +- long lToIndex = lFromIndex + lSize; +- +- boolean withinBounds = lFromIndex >= 0L && +- lSize >= 0L && +- lLength >= 0L && +- lFromIndex <= lToIndex && +- lToIndex <= lLength; +- l.add(new Object[]{fromIndex, size, length, withinBounds}); +- } +- } +- } +- return l.toArray(new Object[0][0]); +- } +- +- @Test(dataProvider = "checkFromIndexSizeProvider") +- public void testCheckFromIndexSize(final int fromIndex, final int size, +- final int length, final boolean withinBounds) { +- List<Integer> list = Collections.unmodifiableList(Arrays.asList(new Integer[] { fromIndex, size, length })); +- final String expectedMessage = withinBounds +- ? null +- : Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator). +- apply("checkFromIndexSize", list).getMessage(); +- +- BiConsumer<Class<? extends RuntimeException>, IntSupplier> check = +- new BiConsumer<Class<? extends RuntimeException>, IntSupplier>() { +- @Override +- public void accept(Class<? extends RuntimeException> ec, IntSupplier s) { +- try { +- int rIndex = s.getAsInt(); +- if (!withinBounds) +- fail(String.format( +- "Range [%d, %d + %d) is out of bounds of [0, %d), but was reported to be withing bounds", fromIndex, fromIndex, size, length)); +- assertEquals(rIndex, fromIndex); +- } +- catch (RuntimeException e) { +- assertTrue(ec.isInstance(e)); +- if (withinBounds) +- fail(String.format( +- "Range [%d, %d + %d) is within bounds of [0, %d), but was reported to be out of bounds", fromIndex, fromIndex, size, length)); +- else +- assertEquals(e.getMessage(), expectedMessage); +- } +- } +- }; +- +- check.accept(AssertingOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromIndexSize(fromIndex, size, length, +- assertingOutOfBounds(expectedMessage, "checkFromIndexSize", fromIndex, size, length)); +- } +- }); +- check.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromIndexSize(fromIndex, size, length, +- assertingOutOfBoundsReturnNull("checkFromIndexSize", fromIndex, size, length)); +- } +- }); +- check.accept(IndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromIndexSize(fromIndex, size, length, null); +- } +- }); +- check.accept(ArrayIndexOutOfBoundsException.class, new IntSupplier() { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromIndexSize(fromIndex, size, length, +- Preconditions.outOfBoundsExceptionFormatter(aioobeGenerator)); +- } +- }); +- check.accept(StringIndexOutOfBoundsException.class, new IntSupplier () { +- @Override +- public int getAsInt() { +- return Preconditions.checkFromIndexSize(fromIndex, size, length, +- Preconditions.outOfBoundsExceptionFormatter(sioobeGenerator)); +- } +- }); +- } +- +- @Test +- public void uniqueMessagesForCheckKinds() { +- BiFunction<String, List<Integer>, IndexOutOfBoundsException> f = +- Preconditions.outOfBoundsExceptionFormatter(ioobeGenerator); +- +- List<String> messages = new ArrayList<>(); +- List<Integer> arg1 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1 })); +- List<Integer> arg2 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0 })); +- List<Integer> arg3 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0 })); +- List<Integer> arg4 = Collections.unmodifiableList(Arrays.asList(new Integer[] { -1, 0, 0, 0 })); +- // Exact arguments +- messages.add(f.apply("checkIndex", arg2).getMessage()); +- messages.add(f.apply("checkFromToIndex", arg3).getMessage()); +- messages.add(f.apply("checkFromIndexSize", arg3).getMessage()); +- // Unknown check kind +- messages.add(f.apply("checkUnknown", arg3).getMessage()); +- // Known check kind with more arguments +- messages.add(f.apply("checkIndex", arg3).getMessage()); +- messages.add(f.apply("checkFromToIndex", arg4).getMessage()); +- messages.add(f.apply("checkFromIndexSize", arg4).getMessage()); +- // Known check kind with fewer arguments +- messages.add(f.apply("checkIndex", arg1).getMessage()); +- messages.add(f.apply("checkFromToIndex", arg2).getMessage()); +- messages.add(f.apply("checkFromIndexSize", arg2).getMessage()); +- // Null arguments +- messages.add(f.apply(null, null).getMessage()); +- messages.add(f.apply("checkNullArguments", null).getMessage()); +- messages.add(f.apply(null, arg1).getMessage()); +- +- Set<String> distinct = new HashSet<>(messages); +- assertEquals(messages.size(), distinct.size()); +- } +-} +--- openjdk.orig/test/src/sun/security/util/math/TestIntegerModuloP.java 2019-07-15 08:52:23.000000000 +0200 ++++ openjdk/jdk/test/sun/security/util/math/TestIntegerModuloP.java 2019-07-04 19:20:08.000000000 +0200 +@@ -37,7 +37,6 @@ + * @run main TestIntegerModuloP sun.security.util.math.intpoly.P521OrderField 66 10 + */ + +-import sun.security.util.BiFunction; + import sun.security.util.math.*; + import sun.security.util.math.intpoly.*; + +@@ -52,6 +51,9 @@ + // The test has a list of functions, and it selects randomly from that list + + // The function types ++ interface BiFunction <T, U, V> { ++ V apply(T t, U u); ++ } + interface ElemFunction extends BiFunction + <MutableIntegerModuloP, IntegerModuloP, IntegerModuloP> { } + interface ElemArrayFunction extends BiFunction +--- patches.orig/boot/ecj-stringswitch.patch ++++ patches/boot/ecj-stringswitch.patch +@@ -1800,64 +1800,6 @@ + "No MAC implementation for " + algo); + } + return kdf; +-diff -Nru openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java +---- openjdk-boot.orig/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:20:04.496029417 +0100 +-+++ openjdk-boot/jdk/src/share/classes/sun/security/util/Preconditions.java 2019-07-17 04:54:34.212283390 +0100 +-@@ -169,31 +169,30 @@ +- } +- +- int argSize = 0; +-- switch (checkKind) { +-- case "checkIndex": +-- argSize = 2; +-- break; +-- case "checkFromToIndex": +-- case "checkFromIndexSize": +-- argSize = 3; +-- break; +-- default: +-- } +-- +-+ if ("checkIndex".equals(checkKind)) { +-+ argSize = 2; +-+ } else if ("checkFromToIndex".equals(checkKind) || +-+ "checkFromIndexSize".equals(checkKind)) { +-+ argSize = 3; +-+ } +-+ +- // Switch to default if fewer or more arguments than required are supplied +-- switch ((args.size() != argSize) ? "" : checkKind) { +-- case "checkIndex": +-- return String.format("Index %d out-of-bounds for length %d", +-- args.get(0), args.get(1)); +-- case "checkFromToIndex": +-- return String.format("Range [%d, %d) out-of-bounds for length %d", +-- args.get(0), args.get(1), args.get(2)); +-- case "checkFromIndexSize": +-- return String.format("Range [%d, %<d + %d) out-of-bounds for length %d", +-- args.get(0), args.get(1), args.get(2)); +-- default: +-- return String.format("Range check failed: %s %s", checkKind, args); +-- } +-+ if (args.size() != argSize) { +-+ return String.format("Range check failed: %s %s", checkKind, args); +-+ } +-+ +-+ if ("checkIndex".equals(checkKind)) { +-+ return String.format("Index %d out-of-bounds for length %d", +-+ args.get(0), args.get(1)); +-+ } else if ("checkFromToIndex".equals(checkKind)) { +-+ return String.format("Range [%d, %d) out-of-bounds for length %d", +-+ args.get(0), args.get(1), args.get(2)); +-+ } else if ("checkFromIndexSize".equals(checkKind)) { +-+ return String.format("Range [%d, %<d + %d) out-of-bounds for length %d", +-+ args.get(0), args.get(1), args.get(2)); +-+ } else { +-+ return String.format("Range check failed: %s %s", checkKind, args); +-+ } +- } +- +- /** + diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java + --- openjdk-boot.orig/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:46:22.926858210 +0000 + +++ openjdk-boot/jdk/src/share/classes/java/util/ResourceBundle.java 2019-11-13 21:48:58.096470164 +0000 diff --git a/community/openjdk7/icedtea-pr64174.patch b/community/openjdk7/icedtea-pr64174.patch deleted file mode 100644 index ec8f0d5d3a3..00000000000 --- a/community/openjdk7/icedtea-pr64174.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- patches.orig/boot/pr64174.patch -+++ patches/boot/pr64174.patch -@@ -1,8 +1,7 @@ --diff -Nru openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties ----- openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:09:06.030312835 +0000 --+++ openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties 2014-12-04 15:10:07.527160626 +0000 --@@ -320,7 +320,7 @@ -- # LAO PEOPLE'S DEMOCRATIC REPUBLIC -+--- openjdk-boot.orig/jdk/src/share/classes/java/util/CurrencyData.properties -++++ openjdk-boot/jdk/src/share/classes/java/util/CurrencyData.properties -+@@ -323,7 +323,7 @@ -+ # LAO PEOPLE'S DEMOCRATIC REPUBLIC (THE) - LA=LAK - # LATVIA - -LV=LVL;2013-12-31-22-00-00;EUR -@@ -10,7 +9,7 @@ - # LEBANON - LB=LBP - # LESOTHO --@@ -332,7 +332,7 @@ -+@@ -335,7 +335,7 @@ - # LIECHTENSTEIN - LI=CHF - # LITHUANIA diff --git a/community/openjdk8/APKBUILD b/community/openjdk8/APKBUILD index 556746b1442..f076450da25 100644 --- a/community/openjdk8/APKBUILD +++ b/community/openjdk8/APKBUILD @@ -2,10 +2,10 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openjdk8 -_icedteaver=3.15.0 +_icedteaver=3.17.1 # pkgver is <JDK version>.<JDK update>.<JDK build> # Check https://icedtea.classpath.org/wiki/Main_Page when updating! -pkgver=8.242.08 +pkgver=8.275.01 pkgrel=0 pkgdesc="OpenJDK 8 provided by IcedTea" url="https://icedtea.classpath.org/" @@ -13,14 +13,47 @@ arch="all" license="custom" depends="$pkgname-jre java-cacerts nss" options="sover-namecheck" -makedepends="bash findutils tar zip file paxmark gawk util-linux libxslt - autoconf automake linux-headers sed xz coreutils - openjdk7 ca-certificates - nss-dev nss-static cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev - lcms2-dev libxp-dev libxtst-dev libxinerama-dev zlib-dev - libxrender-dev alsa-lib-dev freetype-dev fontconfig-dev - gtk+2.0-dev krb5-dev attr-dev pcsc-lite-dev lksctp-tools-dev - libxcomposite-dev" +makedepends=" + alsa-lib-dev + attr-dev + autoconf + automake + bash + ca-certificates + coreutils + cups-dev + file + findutils + fontconfig-dev + freetype-dev + gawk + giflib-dev + gtk+2.0-dev + jpeg-dev + krb5-dev + lcms2-dev + libpng-dev + libxcomposite-dev + libxinerama-dev + libxp-dev + libxrender-dev + libxslt + libxt-dev + libxtst-dev + linux-headers + lksctp-tools-dev + nss-dev + nss-static + openjdk7 + paxmark + pcsc-lite-dev + sed + tar + util-linux + xz + zip + zlib-dev + " case $CARCH in x86) _jarch=i386;; @@ -29,6 +62,12 @@ arm*) _jarch=aarch32;; *) _jarch="$CARCH";; esac +case $CARCH in +x86|x86_64|aarch64) + _configure_jfr="--enable-jfr";; +*) _configure_jfr="--disable-jfr";; +esac + _bootstrap_java_home="/usr/lib/jvm/java-1.7-openjdk" _java_home="/usr/lib/jvm/java-1.8-openjdk" _jrelib="$_java_home/jre/lib/$_jarch" @@ -63,12 +102,39 @@ source="https://icedtea.classpath.org/download/source/icedtea-$_icedteaver.tar.x icedtea-jdk-fix-libjvm-load.patch icedtea-jdk-musl.patch icedtea-jdk-includes.patch - icedtea-jdk-getmntent-buffer.patch icedtea-autoconf-config.patch " builddir="$srcdir/icedtea-$_icedteaver" # secfixes: +# 8.272.10-r0: +# - CVE-2020-14556 +# - CVE-2020-14577 +# - CVE-2020-14578 +# - CVE-2020-14579 +# - CVE-2020-14581 +# - CVE-2020-14583 +# - CVE-2020-14593 +# - CVE-2020-14621 +# - CVE-2020-14779 +# - CVE-2020-14781 +# - CVE-2020-14782 +# - CVE-2020-14792 +# - CVE-2020-14796 +# - CVE-2020-14797 +# - CVE-2020-14798 +# - CVE-2020-14803 +# 8.252.09-r0: +# - CVE-2020-2754 +# - CVE-2020-2755 +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2773 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2830 # 8.242.08-r0: # - CVE-2020-2583 # - CVE-2020-2590 @@ -136,7 +202,7 @@ unpack() { fi mkdir -p "$srcdir" msg "Unpacking sources..." - tar -C "$srcdir" -Jxf icedtea-$_icedteaver.tar.xz + unxz -c icedtea-$_icedteaver.tar.xz | tar -C "$srcdir" -x } prepare() { @@ -196,6 +262,7 @@ build() { --disable-dependency-tracking \ --disable-downloading \ --disable-precompiled-headers \ + --disable-docs \ --with-parallel-jobs=${JOBS:-2} \ --with-hotspot-build=default \ --with-openjdk-src-zip="$srcdir/openjdk-$_dropsver.tar.xz" \ @@ -208,10 +275,10 @@ build() { --with-nashorn-src-zip="$srcdir/nashorn-$_dropsver.tar.xz" \ --with-pax=paxmark \ --with-jdk-home="$_bootstrap_java_home" \ - --with-pkgversion="Alpine ${pkgver}-r${pkgrel}" \ + --with-pkgversion="Alpine $pkgver-r$pkgrel" \ + --with-curves="nist+" \ --enable-nss \ - --enable-sunec \ - --enable-non-nss-curves + $_configure_jfr make } @@ -266,6 +333,7 @@ jrelib() { jre() { pkgdesc="OpenJDK 8 Java Runtime" + depends="ttf-dejavu" local file dir mkdir -p "$subpkgdir" @@ -293,6 +361,7 @@ jrebase() { mkdir -p "$subpkgdir"/$_java_home/bin \ "$subpkgdir"/$_java_home/lib/$_jarch + ln -s java-1.8-openjdk "$subpkgdir"/usr/lib/jvm/java-8-openjdk mv "$pkgdir"/$_java_home/lib/$_jarch/jli \ "$subpkgdir"/$_java_home/lib/$_jarch/ @@ -325,23 +394,22 @@ demos() { "$subpkgdir"/$_java_home/ } -sha512sums="7c5917acc03b19a41b5001beb71a72b3f63e65b3c97c5f9173067fbd795088f9578f628b386bfa0e934caa8f4faab4cfcae80329ee7180c0cbe49563309c84ca icedtea-3.15.0.tar.xz -d7dca834fc65b67b1888c4cfbd50e263e58604b70560b4dd4e8e7ca518fcd54a70eaf9e5cff89fa1954beaa3071f5b55ef36fffb36589f5008e4be39e5a1aa38 openjdk-3.15.0.tar.xz -b27aaef4839be9a6993d8511e492cf33884738e2fe19cd7d00f244a0f94cd0f3a3ff84c63811cd66ea18cdf7327bb270b7ab21c5b66c220a3bb0a31226bb21b5 corba-3.15.0.tar.xz -25e166d208d99360c9ec5deba5075a5268f2fbc3f31ad9dee0dbd33ee37bc78829d12c9ea11faa5d59ec53385f7dc5f0be29512199db2856068cf81b9ec1ca79 jaxp-3.15.0.tar.xz -cb7a9f80bd33a33f4eb03b091e6c6d3fb6a450695d0231c378d04878fc03e1574f82045c628993e6136188fd2e4144e31c82320b178b21a0aae867e989bfdeeb jaxws-3.15.0.tar.xz -306e2c188987de8d1aa233db1c42522249198b4f3eb71919da911289ab2308b4ab9406c6215c5c157868618341cafbc086bb0e5c423bb6650edfedcc05b17475 jdk-3.15.0.tar.xz -3fcb7d264ff23de8b049b264213b05ee9e9120089eaea989e881c0cddc73a2ef9d01f89f66e7ff23c88d9bc4864824c77894d0291caaf9a2a134d5fae650cc32 langtools-3.15.0.tar.xz -181e9f8d0c083b26a24e6bafe0187e39313a6685f3288d62794c5ec07cb8901b53eba25badc74b367de08b53cd2176df45e184f7a6ccbfab57370e7d3cf388f9 hotspot-3.15.0.tar.xz -6d27137dd80d6363e64ef2c6b3abc60603480e9e7f5b99e06ee546a2cc707b801087ce8cc8d021776f5d2b15b73728f08b2e649c65265ba264655d816921ffe7 nashorn-3.15.0.tar.xz +sha512sums="eaf66df177f08cf335fe795f816e4f6b70a25a402ff8db4c1a2c545dd129350e1135c45e131eab8820620de2a75fda1d56141583ec1a651218d0a02680eb1df7 icedtea-3.17.1.tar.xz +82f2688b018b893cbf583ccc1cd328f6909ebeb4d30655ddb554691f1f0ee38debe57dc91bc8200d6676ad531047ffbf149ce7c1e49b65e67db3254c7d6205ed openjdk-3.17.1.tar.xz +c33886bfa517087e3cf37064fd9dcf1c0b8a9c9ccc4147beac3eb9c07e66c2f8aa3053feb8ab6cbdd42054b073854ed5aaf4a2cfb2888e0a09b7efe3809447c8 corba-3.17.1.tar.xz +e690a6c498e2418feaa22713517aefd051524aedd349fbab5c70fbdee3ca0f17a297089e02f1de2a27e318413e5ca6fe7dfd825b49c37e749ff48e9c8981307a jaxp-3.17.1.tar.xz +99c32483c6f5469c256026be9ee5c2a5654768ceff9d10fa9aa10888640af60d618668ae47880062d1253668e546949fd6ffe94c27d6436088e0a8367e2602fd jaxws-3.17.1.tar.xz +7f5321944cc6c7510db5d6ea6ef189bd15fdf7c904c8ec009576c33ce1e0288e18e51a5dc906e5c7c3beb4daebb161be0c08d1fe8f2ebde81b72a992da919142 jdk-3.17.1.tar.xz +68ff7857d180b90a77858505523416bee6102e30af7a394d08ab1581ba65d28b78c30f48c1b5555c30bf8b43adc5497d5530372101dc2e4adbc99e5d9c988def langtools-3.17.1.tar.xz +e377a2ad481727a1d5218f1bf629690ea5f1b7976307f593505efc07252cc5cd408f7eb0873032ec74ed44a31e5f2cd90747be3e6f709eba5ac9fd90857887ab hotspot-3.17.1.tar.xz +088948d01fc6ea627610bbdcf6691a7bcdd34c5715be103297292db54d0e9080f82f395c3b4bb432058615bc04e05c2d4292fc8f31735e3005d4cf16ff1f9af1 nashorn-3.17.1.tar.xz 1f470432275d5beaa8b4e4352a2f24a4a00593546dc4f3bd857794c89e521e8e6d6abc540762bbd769be3e1e3da058e134dc5dc066d12b9b8a1f0656040a795c fix-paxmark.patch 28709285390a997adbd56ebda42ef718fbc08daf572b8568f484436d255514f9d25f033e3333dff8aa352fc9846057ac5bb42fa955d3e5e44eddc96dc273c07c icedtea-hotspot-musl.patch -e5cf4d70f96fc1e72ae8b97a887adb96092ff36584711cbb8de9d9fa9e859cb8731d638838de0d9591239fc44ffe5c74422d1842bd9f10a0c00dff1627bdeeef icedtea-hotspot-musl-ppc.patch +54ef36ea5a749b733cadaf4fb47a2766db204fe7c9d4dbc1c2d49dd1cec14a552d18da5c49da9ebe8718329c59bdee2c34f94f7882a23837cee2f18af6ffe95f icedtea-hotspot-musl-ppc.patch 19459dbb922f5a71cd15b53199481498626a783c24f91d2544d55b7dddd2cdb34a64bbf0226b99548612dd1743af01b3f9ff32c30abbbc90ce727ca2dbbbd1f9 icedtea-hotspot-noagent-musl.patch f6365cfafafa008bd6c1bf0ccec01a63f8a39bd1a8bc87baa492a27234d47793ba02d455e5667a873ef50148df3baaf6a8421e2da0b15faac675867da714dd5f icedtea-jdk-execinfo.patch 48533f87fc2cf29d26b259be0df51087d2fe5b252e72d00c6ea2f4add7b0fb113141718c116279c5905e03f64a1118082e719393786811367cf4d472b5d36774 icedtea-jdk-fix-ipv6-init.patch b135991c76b0db8fa7c363e0903624668e11eda7b54a943035c214aa4d7fc8c3e8110ed200edcec82792f3c9393150a9bd628625ddf7f3e55720ff163fbbb471 icedtea-jdk-fix-libjvm-load.patch -1fbc32ddc528c7c0099dbc1e48f88d29dccf55e7b8997793aa1d3d8408003a1223d898cca4248e1a12d343d3feec5144f875e6cdac8460d763c73ab3ad7e49f9 icedtea-jdk-musl.patch -e8d9f1b867bf4fc84aa00d1237b264bcf503b1ed5f34735e14b0b747a728953fe0051a5af69ed058d377fbf65d8be1ed9e38fe5fc6edb2d50b31f34bf3ba91dc icedtea-jdk-includes.patch -7e6fa46b10c630517bfa46943858aea1d032c12d32ba3fcb7a2143ae1e896c34fa4cb8f925af80cb19f8e29149b835aa054adfd30ebb00539f6c78588d6f5211 icedtea-jdk-getmntent-buffer.patch +3b01de971f64f082d3e289cf337e635ef001381e8ca427a77baa9c52c7ba423889f57665779ca5b3c8bcefb8feacbea31dfaac580c969a4f061439069ee34aae icedtea-jdk-musl.patch +974fb54532b7e7d738f4278187fc6bd9f9b2d99866b94f68a617ee4911c89a3b8cc41ecfdcaefecf9157492d006b1844b6b0b41ac4209d84f9e8d13c9e485dd3 icedtea-jdk-includes.patch 662d662d0a7a84be2978e921317589f212f3ba3b7629527ba0f1140b5ac4c1024893e0ed176211688ed1a4505968c4befc841ed57ffcdbb9d355c2cb0571b167 icedtea-autoconf-config.patch" diff --git a/community/openjdk8/icedtea-hotspot-musl-ppc.patch b/community/openjdk8/icedtea-hotspot-musl-ppc.patch index eca684884c8..dfb3150f6b6 100644 --- a/community/openjdk8/icedtea-hotspot-musl-ppc.patch +++ b/community/openjdk8/icedtea-hotspot-musl-ppc.patch @@ -1,13 +1,94 @@ +Subject: Fix compilation with different ucontext_t on musl +Upstream: No +Author: Simon Frankenberger <simon-alpine@fraho.eu> + +The machine state registers have to be accessed differently when +running on musl libc. This patch fix this by replacing +"uc_mcontext.regs->grp" with "uc_mcontext.gp_regs" +and accessing the named fields (like "->nip") by the array index constants. + +--- openjdk.orig/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp ++++ openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp +@@ -1243,7 +1243,11 @@ + // the safepoing polling page. + ucontext_t* uc = (ucontext_t*) ucontext; + // Set polling address. ++#if defined(__GLIBC__) || defined(__UCLIBC__) + address addr = (address)uc->uc_mcontext.regs->gpr[ra] + (ssize_t)ds; ++#else // Musl ++ address addr = (address)uc->uc_mcontext.gp_regs[ra] + (ssize_t)ds; ++#endif + if (polling_address_ptr != NULL) { + *polling_address_ptr = addr; + } +@@ -1264,15 +1268,24 @@ + int rb = inv_rb_field(instruction); + + // look up content of ra and rb in ucontext ++#if defined(__GLIBC__) || defined(__UCLIBC__) + address ra_val=(address)uc->uc_mcontext.regs->gpr[ra]; + long rb_val=(long)uc->uc_mcontext.regs->gpr[rb]; ++#else // Musl ++ address ra_val=(address)uc->uc_mcontext.gp_regs[ra]; ++ long rb_val=(long)uc->uc_mcontext.gp_regs[rb]; ++#endif + return os::is_memory_serialize_page(thread, ra_val+rb_val); + } else if (is_stw(instruction) || is_stwu(instruction)) { + int ra = inv_ra_field(instruction); + int d1 = inv_d1_field(instruction); + + // look up content of ra in ucontext ++#if defined(__GLIBC__) || defined(__UCLIBC__) + address ra_val=(address)uc->uc_mcontext.regs->gpr[ra]; ++#else // Musl ++ address ra_val=(address)uc->uc_mcontext.gp_regs[ra]; ++#endif + return os::is_memory_serialize_page(thread, ra_val+d1); + } else { + return false; +@@ -1335,11 +1348,20 @@ + || (is_stdu(instruction) && rs == 1)) { + int ds = inv_ds_field(instruction); + // return banged address ++#if defined(__GLIBC__) || defined(__UCLIBC__) + return ds+(address)uc->uc_mcontext.regs->gpr[ra]; ++#else // Musl ++ return ds+(address)uc->uc_mcontext.gp_regs[ra]; ++#endif + } else if (is_stdux(instruction) && rs == 1) { + int rb = inv_rb_field(instruction); ++#if defined(__GLIBC__) || defined(__UCLIBC__) + address sp = (address)uc->uc_mcontext.regs->gpr[1]; + long rb_val = (long)uc->uc_mcontext.regs->gpr[rb]; ++#else // Musl ++ address sp = (address)uc->uc_mcontext.gp_regs[1]; ++ long rb_val = (long)uc->uc_mcontext.gp_regs[rb]; ++#endif + return ra != 1 || rb_val >= 0 ? NULL // not a stack bang + : sp + rb_val; // banged address + } --- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp +++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp -@@ -110,11 +110,19 @@ +@@ -75,7 +75,11 @@ + # include <poll.h> + # include <ucontext.h> + ++#if ! (defined(__GLIBC__) || defined(__UCLIBC__)) ++# include <asm/ptrace.h> ++#endif + ++ + address os::current_stack_pointer() { + intptr_t* csp; + +@@ -110,11 +114,19 @@ // it because the volatile registers are not needed to make setcontext() work. // Hopefully it was zero'd out beforehand. guarantee(uc->uc_mcontext.regs != NULL, "only use ucontext_get_pc in sigaction context"); +#if defined(__GLIBC__) || defined(__UCLIBC__) return (address)uc->uc_mcontext.regs->nip; +#else // Musl -+ return (address)uc->uc_mcontext.gp_regs[32]; ++ return (address)uc->uc_mcontext.gp_regs[PT_NIP]; +#endif } @@ -20,55 +101,55 @@ } intptr_t* os::Linux::ucontext_get_fp(ucontext_t * uc) { -@@ -213,7 +221,11 @@ +@@ -213,7 +225,11 @@ if (uc) { address const pc = os::Linux::ucontext_get_pc(uc); if (pc && StubRoutines::is_safefetch_fault(pc)) { +#if defined(__GLIBC__) || defined(__UCLIBC__) uc->uc_mcontext.regs->nip = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc); +#else // Musl -+ uc->uc_mcontext.gp_regs[32] = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc); ++ uc->uc_mcontext.gp_regs[PT_NIP] = (unsigned long)StubRoutines::continuation_for_safefetch_fault(pc); +#endif return true; } } -@@ -364,7 +376,11 @@ +@@ -364,7 +380,11 @@ // continue at the next instruction after the faulting read. Returning // garbage from this read is ok. thread->set_pending_unsafe_access_error(); +#if defined(__GLIBC__) || defined(__UCLIBC__) uc->uc_mcontext.regs->nip = ((unsigned long)pc) + 4; +#else // Musl -+ uc->uc_mcontext.gp_regs[32] = ((unsigned long)pc) + 4; ++ uc->uc_mcontext.gp_regs[PT_NIP] = ((unsigned long)pc) + 4; +#endif return true; } } -@@ -383,7 +399,11 @@ +@@ -383,7 +403,11 @@ // continue at the next instruction after the faulting read. Returning // garbage from this read is ok. thread->set_pending_unsafe_access_error(); +#if defined(__GLIBC__) || defined(__UCLIBC__) uc->uc_mcontext.regs->nip = ((unsigned long)pc) + 4; +#else // Musl -+ uc->uc_mcontext.gp_regs[32] = ((unsigned long)pc) + 4; ++ uc->uc_mcontext.gp_regs[PT_NIP] = ((unsigned long)pc) + 4; +#endif return true; } } -@@ -406,7 +426,11 @@ +@@ -406,7 +430,11 @@ if (stub != NULL) { // Save all thread context in case we need to restore it. if (thread != NULL) thread->set_saved_exception_pc(pc); +#if defined(__GLIBC__) || defined(__UCLIBC__) uc->uc_mcontext.regs->nip = (unsigned long)stub; +#else -+ uc->uc_mcontext.gp_regs[32] = (unsigned long)stub; ++ uc->uc_mcontext.gp_regs[PT_NIP] = (unsigned long)stub; +#endif return true; } -@@ -564,6 +588,7 @@ +@@ -564,6 +592,7 @@ ucontext_t* uc = (ucontext_t*)context; st->print_cr("Registers:"); @@ -76,14 +157,14 @@ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->nip); st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.regs->link); st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.regs->ctr); -@@ -572,8 +597,18 @@ +@@ -572,8 +601,18 @@ st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.regs->gpr[i]); if (i % 3 == 2) st->cr(); } +#else // Musl -+ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[32]); -+ st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[36]); -+ st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[35]); ++ st->print("pc =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_NIP]); ++ st->print("lr =" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_LNK]); ++ st->print("ctr=" INTPTR_FORMAT " ", uc->uc_mcontext.gp_regs[PT_CTR]); st->cr(); + for (int i = 0; i < 32; i++) { + st->print("r%-2d=" INTPTR_FORMAT " ", i, uc->uc_mcontext.gp_regs[i]); @@ -95,7 +176,7 @@ intptr_t *sp = (intptr_t *)os::Linux::ucontext_get_sp(uc); st->print_cr("Top of Stack: (sp=" PTR_FORMAT ")", p2i(sp)); -@@ -600,7 +635,11 @@ +@@ -600,7 +639,11 @@ // this is only for the "general purpose" registers for (int i = 0; i < 32; i++) { st->print("r%-2d=", i); @@ -107,63 +188,42 @@ } st->cr(); } ---- openjdk.orig/hotspot.orig/src/cpu/ppc/vm/macroAssembler_ppc.cpp -+++ openjdk/hotspot/src/cpu/ppc/vm/macroAssembler_ppc.cpp -@@ -1242,7 +1242,11 @@ - // the safepoing polling page. - ucontext_t* uc = (ucontext_t*) ucontext; - // Set polling address. -+#if defined(__GLIBC__) || defined(__UCLIBC__) - address addr = (address)uc->uc_mcontext.regs->gpr[ra] + (ssize_t)ds; -+#else // Musl -+ address addr = (address)uc->uc_mcontext.gp_regs[ra] + (ssize_t)ds; -+#endif - if (polling_address_ptr != NULL) { - *polling_address_ptr = addr; - } -@@ -1263,15 +1267,24 @@ - int rb = inv_rb_field(instruction); +--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp ++++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/thread_linux_ppc.cpp +@@ -27,6 +27,10 @@ + #include "runtime/frame.inline.hpp" + #include "runtime/thread.hpp" - // look up content of ra and rb in ucontext -+#if defined(__GLIBC__) || defined(__UCLIBC__) - address ra_val=(address)uc->uc_mcontext.regs->gpr[ra]; - long rb_val=(long)uc->uc_mcontext.regs->gpr[rb]; -+#else // Musl -+ address ra_val=(address)uc->uc_mcontext.gp_regs[ra]; -+ long rb_val=(long)uc->uc_mcontext.gp_regs[rb]; ++#if ! (defined(__GLIBC__) || defined(__UCLIBC__)) ++#include <asm/ptrace.h> +#endif - return os::is_memory_serialize_page(thread, ra_val+rb_val); - } else if (is_stw(instruction) || is_stwu(instruction)) { - int ra = inv_ra_field(instruction); - int d1 = inv_d1_field(instruction); ++ + bool JavaThread::pd_get_top_frame_for_profiling(frame* fr_addr, void* ucontext, bool isInJava) { + assert(this->is_Java_thread(), "must be JavaThread"); - // look up content of ra in ucontext +@@ -42,8 +46,13 @@ + // if we were running Java code when SIGPROF came in. + if (isInJava) { + ucontext_t* uc = (ucontext_t*) ucontext; +#if defined(__GLIBC__) || defined(__UCLIBC__) - address ra_val=(address)uc->uc_mcontext.regs->gpr[ra]; + frame ret_frame((intptr_t*)uc->uc_mcontext.regs->gpr[1/*REG_SP*/], + (address)uc->uc_mcontext.regs->nip); +#else // Musl -+ address ra_val=(address)uc->uc_mcontext.gp_regs[ra]; ++ frame ret_frame((intptr_t*)uc->uc_mcontext.gp_regs[1/*REG_SP*/], ++ (address)uc->uc_mcontext.gp_regs[PT_NIP]); +#endif - return os::is_memory_serialize_page(thread, ra_val+d1); - } else { - return false; -@@ -1334,11 +1347,20 @@ - || (is_stdu(instruction) && rs == 1)) { - int ds = inv_ds_field(instruction); - // return banged address -+#if defined(__GLIBC__) || defined(__UCLIBC__) - return ds+(address)uc->uc_mcontext.regs->gpr[ra]; -+#else // Musl -+ return ds+(address)uc->uc_mcontext.gp_regs[ra]; -+#endif - } else if (is_stdux(instruction) && rs == 1) { - int rb = inv_rb_field(instruction); + + if (ret_frame.pc() == NULL) { + // ucontext wasn't useful +@@ -55,7 +64,11 @@ + if (!((Method*)(istate->method))->is_metaspace_object()) { + return false; + } +#if defined(__GLIBC__) || defined(__UCLIBC__) - address sp = (address)uc->uc_mcontext.regs->gpr[1]; - long rb_val = (long)uc->uc_mcontext.regs->gpr[rb]; + uint64_t reg_bcp = uc->uc_mcontext.regs->gpr[14/*R14_bcp*/]; +#else // Musl -+ address sp = (address)uc->uc_mcontext.gp_regs[1]; -+ long rb_val = (long)uc->uc_mcontext.gp_regs[rb]; ++ uint64_t reg_bcp = uc->uc_mcontext.gp_regs[14/*R14_bcp*/]; +#endif - return ra != 1 || rb_val >= 0 ? NULL // not a stack bang - : sp + rb_val; // banged address - } + uint64_t istate_bcp = istate->bcp; + uint64_t code_start = (uint64_t)(((Method*)(istate->method))->code_base()); + uint64_t code_end = (uint64_t)(((Method*)istate->method)->code_base() + ((Method*)istate->method)->code_size()); diff --git a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch b/community/openjdk8/icedtea-jdk-getmntent-buffer.patch deleted file mode 100644 index 075a9d42385..00000000000 --- a/community/openjdk8/icedtea-jdk-getmntent-buffer.patch +++ /dev/null @@ -1,88 +0,0 @@ -Give a much bigger buffer to getmntent_r. - -https://bugs.alpinelinux.org/issues/7093 - -diff --git a/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c b/openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -index c8500db..d0b85d6 100644 ---- openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -+++ openjdk/jdk/src/solaris/native/sun/nio/fs/LinuxNativeDispatcher.c -@@ -33,6 +33,7 @@ - #include <dlfcn.h> - #include <errno.h> - #include <mntent.h> -+#include <limits.h> - - #include "sun_nio_fs_LinuxNativeDispatcher.h" - -@@ -173,8 +174,8 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - jlong value, jobject entry) - { - struct mntent ent; -- char buf[1024]; -- int buflen = sizeof(buf); -+ char *buf = NULL; -+ const size_t buflen = PATH_MAX * 4; - struct mntent* m; - FILE* fp = jlong_to_ptr(value); - jsize len; -@@ -183,10 +184,17 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - char* dir; - char* fstype; - char* options; -+ jint res = -1; - -- m = getmntent_r(fp, &ent, (char*)&buf, buflen); -- if (m == NULL) -+ buf = malloc(buflen); -+ if (buf == NULL) { -+ JNU_ThrowOutOfMemoryError(env, "native heap"); - return -1; -+ } -+ m = getmntent_r(fp, &ent, buf, buflen); -+ if (m == NULL) -+ goto out; -+ - name = m->mnt_fsname; - dir = m->mnt_dir; - fstype = m->mnt_type; -@@ -195,32 +203,35 @@ Java_sun_nio_fs_LinuxNativeDispatcher_getmntent(JNIEnv* env, jclass this, - len = strlen(name); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)name); - (*env)->SetObjectField(env, entry, entry_name, bytes); - - len = strlen(dir); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)dir); - (*env)->SetObjectField(env, entry, entry_dir, bytes); - - len = strlen(fstype); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)fstype); - (*env)->SetObjectField(env, entry, entry_fstype, bytes); - - len = strlen(options); - bytes = (*env)->NewByteArray(env, len); - if (bytes == NULL) -- return -1; -+ goto out; - (*env)->SetByteArrayRegion(env, bytes, 0, len, (jbyte*)options); - (*env)->SetObjectField(env, entry, entry_options, bytes); - -- return 0; -+ res = 0; -+out: -+ free(buf); -+ return res; - } - - JNIEXPORT void JNICALL diff --git a/community/openjdk8/icedtea-jdk-includes.patch b/community/openjdk8/icedtea-jdk-includes.patch index 6443a1973d5..5acbb9efb86 100644 --- a/community/openjdk8/icedtea-jdk-includes.patch +++ b/community/openjdk8/icedtea-jdk-includes.patch @@ -53,17 +53,6 @@ /* O Flags */ ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c -@@ -28,7 +28,7 @@ - #include <sys/types.h> - #include <sys/socket.h> - #if defined(__linux__) && !defined(USE_SELECT) --#include <sys/poll.h> -+#include <poll.h> - #endif - #include <netinet/tcp.h> /* Defines TCP_NODELAY, needed for 2.6 */ - #include <netinet/in.h> --- openjdk.orig/jdk/src/solaris/native/java/net/bsd_close.c +++ openjdk/jdk/src/solaris/native/java/net/bsd_close.c @@ -36,7 +36,7 @@ @@ -88,14 +77,14 @@ * Stack allocated by thread when doing blocking operation --- openjdk.orig/jdk/src/solaris/native/java/net/net_util_md.h +++ openjdk/jdk/src/solaris/native/java/net/net_util_md.h -@@ -33,7 +33,7 @@ - #include <unistd.h> - - #ifndef USE_SELECT +@@ -27,7 +27,7 @@ + #define NET_UTILS_MD_H + + #include <netdb.h> -#include <sys/poll.h> +#include <poll.h> - #endif - + #include <sys/socket.h> + int NET_Timeout(int s, long timeout); --- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c +++ openjdk/jdk/src/solaris/native/sun/nio/ch/DevPollArrayWrapper.c diff --git a/community/openjdk8/icedtea-jdk-musl.patch b/community/openjdk8/icedtea-jdk-musl.patch index 97946ba424f..09f5c082e58 100644 --- a/community/openjdk8/icedtea-jdk-musl.patch +++ b/community/openjdk8/icedtea-jdk-musl.patch @@ -47,28 +47,6 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/Inet4AddressImpl.c openjdk #define HAS_GLIBC_GETHOSTBY_R 1 #endif -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainDatagramSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -41,7 +41,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #include <sys/utsname.h> - #include <netinet/ip.h> - -diff -ru openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c ---- openjdk.orig/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/java/net/PlainSocketImpl.c 2017-02-06 11:23:47.047832009 +0000 -@@ -43,7 +43,6 @@ - #endif - #ifdef __linux__ - #include <unistd.h> --#include <sys/sysctl.h> - #endif - - #include "jvm.h" diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/src/solaris/native/java/net/linux_close.c --- openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c 2017-01-25 04:22:03.000000000 +0000 +++ openjdk/jdk/src/solaris/native/java/net/linux_close.c 2017-02-06 11:23:47.047832009 +0000 @@ -80,7 +58,7 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/ +static int sigWakeup; /* - * The fd table and the number of file descriptors + * fdTable holds one entry per file descriptor, up to a certain @@ -95,6 +95,9 @@ /* * Setup the signal handler @@ -92,8 +70,8 @@ diff -ru openjdk.orig/jdk/src/solaris/native/java/net/linux_close.c openjdk/jdk/ sa.sa_flags = 0; sigemptyset(&sa.sa_mask); diff -ru openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c ---- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000 -+++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000 +--- openjdk.orig/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-01-25 04:22:03.000000000 +0000 ++++ openjdk/jdk/src/solaris/native/sun/nio/ch/NativeThread.c 2017-02-06 11:23:47.051165409 +0000 @@ -36,7 +36,7 @@ #include <pthread.h> #include <sys/signal.h> diff --git a/community/pdns-recursor/APKBUILD b/community/pdns-recursor/APKBUILD index d2137dad8ea..60204c880fb 100644 --- a/community/pdns-recursor/APKBUILD +++ b/community/pdns-recursor/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Olivier Mauras <olivier@mauras.ch> pkgname=pdns-recursor -pkgver=4.1.9 -pkgrel=1 +pkgver=4.1.16 +pkgrel=0 pkgdesc="PowerDNS Recursive Server" url="https://www.powerdns.com/" # s390x: missing boost-context @@ -22,6 +22,10 @@ source="https://downloads.powerdns.com/releases/$pkgname-$pkgver.tar.bz2 builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.1.16-r0: +# - CVE-2020-10030 +# - CVE-2020-10995 +# - CVE-2020-12244 # 4.1.9-r0: # - CVE-2019-3806 # - CVE-2019-3807 @@ -69,6 +73,6 @@ package() { "$pkgdir"/etc/pdns/recursor.conf } -sha512sums="2deaf1cdc8c32087f744efe0d142421cfd2d89dc9b31edcdea55c1efc2637987e8557891716498e3703c4b1af4b0d301e2a53316c5a97c7a18ec85016ccfa8f1 pdns-recursor-4.1.9.tar.bz2 +sha512sums="dc5d6113d88ce0da9e4735b2af98705c635651215e11f10b94e93b11fcbe20e91479aa0a9730e8d0f027aa6d1905c2b1131f3fd0efeeb5ca11af97bd3d7d7ff4 pdns-recursor-4.1.16.tar.bz2 6eea64828a363a8f36a694da4ab08f48482a096572e5597e3182bbf5f4e7c0114d9b643c7ea5060ae46b50b05c6ebbace2fedd44dc6309b641fd638d44db879e pdns-recursor.initd 954df537693a202fc195e751011bbfaa605b3f3df42ac386fa82eb809b73c2b987f5e418b5c96bb3b0669497426ce0daa39a719844701e06990b82843a4cf0d4 recursor.conf" diff --git a/community/pdns/4.1.10_to_4.1.11.schema.pgsql.sql.patch b/community/pdns/4.1.10_to_4.1.11.schema.pgsql.sql.patch deleted file mode 100644 index 525f954d146..00000000000 --- a/community/pdns/4.1.10_to_4.1.11.schema.pgsql.sql.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql b/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql -new file mode 100644 -index 0000000..b0c2ee1 ---- /dev/null -+++ b/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql -@@ -0,0 +1 @@ -+ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END; -diff --git a/modules/gpgsqlbackend/Makefile.am b/modules/gpgsqlbackend/Makefile.am -index 8a820d5..9e2f271 100644 ---- a/modules/gpgsqlbackend/Makefile.am -+++ b/modules/gpgsqlbackend/Makefile.am -@@ -12,6 +12,7 @@ dist_doc_DATA = \ - schema.pgsql.sql \ - nodnssec-3.x_to_3.4.0_schema.pgsql.sql \ - dnssec-3.x_to_3.4.0_schema.pgsql.sql \ -+ 4.1.10_to_4.1.11.schema.pgsql.sql \ - 3.4.0_to_4.1.0_schema.pgsql.sql - - libgpgsqlbackend_la_SOURCES = \ -diff --git a/modules/gpgsqlbackend/Makefile.in b/modules/gpgsqlbackend/Makefile.in -index 4c1f978..9793c9d 100644 ---- a/modules/gpgsqlbackend/Makefile.in -+++ b/modules/gpgsqlbackend/Makefile.in -@@ -479,6 +479,7 @@ dist_doc_DATA = \ - schema.pgsql.sql \ - nodnssec-3.x_to_3.4.0_schema.pgsql.sql \ - dnssec-3.x_to_3.4.0_schema.pgsql.sql \ -+ 4.1.10_to_4.1.11.schema.pgsql.sql \ - 3.4.0_to_4.1.0_schema.pgsql.sql - - libgpgsqlbackend_la_SOURCES = \ diff --git a/community/pdns/APKBUILD b/community/pdns/APKBUILD index ce40f88cc69..999e58ded8f 100644 --- a/community/pdns/APKBUILD +++ b/community/pdns/APKBUILD @@ -5,7 +5,7 @@ # Contributor: Fabian Zoske <fabian@zoske.it> # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=pdns -pkgver=4.1.11 +pkgver=4.1.14 pkgrel=0 pkgdesc="PowerDNS Authoritative Server" url="https://www.powerdns.com/" @@ -38,12 +38,13 @@ pkggroups="pdns" source="https://downloads.powerdns.com/releases/$pkgname-$pkgver.tar.bz2 $pkgname.initd $pkgname.conf - 4.1.10_to_4.1.11.schema.pgsql.sql.patch README.alpine " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.1.14-r0: +# - CVE-2020-17482 # 4.1.11-r0: # - CVE-2019-10203 # 4.1.10-r0: @@ -145,8 +146,7 @@ backend_remote() { _mv_backend remote; } backend_sqlite3() { _mv_backend gsqlite3 sqlite; } #backend_tinydns() { _mv_backend tinydns; } -sha512sums="18215f523a39d48c8756bc13ecae1bd78967c2d66619d93ddaafb13062690002a9bdfe1d337796820706692c449286c7b9e9b8d45933684d32acbc20e490c0c4 pdns-4.1.11.tar.bz2 +sha512sums="d78e5548fd6d497c827b3e3ad3c10f0d14d1c5da8c302aacb853e6c54f853288b86c6efd5d7e0cd84d4508accc7b0641c70f9278117540c6e22ba1fdf64d37d1 pdns-4.1.14.tar.bz2 3a55547e1b6407e7d2faa6e02982ed903c2364381af1b7eeb626ae3a8b0e32558dd79bf31c982b134414e5636d4868c1f3660ac523f25d2440ed6f7b436843bf pdns.initd 3f809f3257680c3e496fa6a4c86c8a636db5d9d5b92aef96fe54c29b8266ee590deb792d13205cc171e27307fa73295dd3b101b09102fd66a2393a7cdbf9dd27 pdns.conf -a3caac012fae6d53afa9d08eaf4d2e70b406197e586b6716e0a9177d3833165493a55bf119669fd29c4397a8230a33982e38ef0b5a6883d71ee8869c06f0fe22 4.1.10_to_4.1.11.schema.pgsql.sql.patch f2781a23e14bea9b4bbb84f3b596663c76359c449ef6fd39c87b5ea1163c47e01c5ba490c804709033598f0542ac558bde477729ad1ab9f17d49606fa61b2049 README.alpine" diff --git a/community/php7-pecl-timezonedb/APKBUILD b/community/php7-pecl-timezonedb/APKBUILD index 55bfa4326e7..5026e0a52f4 100644 --- a/community/php7-pecl-timezonedb/APKBUILD +++ b/community/php7-pecl-timezonedb/APKBUILD @@ -1,33 +1,36 @@ # Contributor: Fabio Ribeiro <fabiorphp@gmail.com> # Maintainer: Fabio Ribeiro <fabiorphp@gmail.com> pkgname=php7-pecl-timezonedb -_pkgreal=timezonedb -pkgver=2018.9 +_extname=timezonedb +pkgver=2020.4 pkgrel=0 pkgdesc="Timezone Database to be used with PHP's date and time functions." url="https://pecl.php.net/package/timezonedb" arch="all" -license="PHP" +license="PHP-3.01" depends="php7-common" -makedepends="php7-dev autoconf re2c" -source="https://pecl.php.net/get/$_pkgreal-$pkgver.tgz" -builddir="$srcdir/$_pkgreal-$pkgver" -options="!check" # upstream does not provide tests yet +makedepends="php7-dev" +source="https://pecl.php.net/get/$_extname-$pkgver.tgz" +builddir="$srcdir/$_extname-$pkgver" provides="php7-timezonedb=$pkgver-r$pkgrel" # for backward compatibility replaces="php7-timezonedb" # for backward compatibility build() { - cd "$builddir" phpize7 ./configure --prefix=/usr --with-php-config=php-config7 make } +check() { + # Test suite is not a part of pecl release. + php7 -d extension=modules/$_extname.so --ri $_extname +} + package() { - cd "$builddir" - make INSTALL_ROOT="$pkgdir"/ install - install -d "$pkgdir"/etc/php7/conf.d - echo "extension=$_pkgreal.so" > "$pkgdir"/etc/php7/conf.d/40_$_pkgreal.ini + make INSTALL_ROOT="$pkgdir" install + local _confdir="$pkgdir"/etc/php7/conf.d + install -d $_confdir + echo "extension=$_extname.so" > $_confdir/40_$_extname.ini } -sha512sums="77fabe3aa0283900ea2d3d20caaf7c4b9bac1859249c9df4f0225c203fc92310dfe9b4144640af034a4ba86ba78a748a39980ff796affc67edc99ec874867e06 timezonedb-2018.9.tgz" +sha512sums="d5c41c76b4b0b033464a4f086072d061504fc439c910c47a7077a0586b308cc37a4202ff9f418a39cee63534d55136d15a173bb94923160c0fa16bb33ac89a09 timezonedb-2020.4.tgz" diff --git a/community/php7/APKBUILD b/community/php7/APKBUILD index 146c83add2c..e1098e63361 100644 --- a/community/php7/APKBUILD +++ b/community/php7/APKBUILD @@ -25,7 +25,7 @@ pkgname=php7 _pkgreal=php -pkgver=7.2.27 +pkgver=7.2.33 pkgrel=0 _apiver=20170718 _suffix=${pkgname#php} @@ -181,6 +181,14 @@ case "$CARCH" in esac # secfixes: +# 7.2.33-r0: +# - CVE-2020-7068 +# 7.2.31-r0: +# - CVE-2019-11048 +# - CVE-2020-7062 +# - CVE-2020-7063 +# - CVE-2020-7064 +# - CVE-2020-7066 # 7.2.27-r0: # - CVE-2020-7059 # - CVE-2020-7060 @@ -679,7 +687,7 @@ _mv() { mv $@ } -sha512sums="0d2cdfce73405772f359b231c66e6f64e0584a2b77e8e6e24f0c6bf38d3f3cb77dccc829fd7d0974f20030e875c3de399facce659e2b0293fb1c6336d9a37bed php-7.2.27.tar.bz2 +sha512sums="44664414c537fc9dc0bd77c6def5f23ce31a24e4cbc7a817cc581292f2ddb3ed163b72edda3284e065ee9533462837eb87391230742c326f80d5d295ab5f5550 php-7.2.33.tar.bz2 1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate 274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf diff --git a/community/tor/APKBUILD b/community/tor/APKBUILD index 14caac4d98a..97d3d3919eb 100644 --- a/community/tor/APKBUILD +++ b/community/tor/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Christine Dodrill <me@christine.website> pkgname=tor pkgver=0.3.4.11 -pkgrel=0 +pkgrel=1 pkgdesc="Anonymous network connectivity" url="https://www.torproject.org" arch="all" @@ -12,7 +12,7 @@ makedepends="linux-headers bash libevent-dev openssl-dev ca-certificates zlib-dev" install="$pkgname.post-upgrade $pkgname.pre-install" subpackages="$pkgname-doc $pkgname-openrc" -source="https://www.torproject.org/dist/$pkgname-$pkgver.tar.gz +source="https://archive.torproject.org/tor-package-archive/$pkgname-$pkgver.tar.gz tor.initd tor.confd torrc.sample.patch" diff --git a/community/virtualbox-guest-modules-vanilla/APKBUILD b/community/virtualbox-guest-modules-vanilla/APKBUILD index e18cb364851..81304aa6227 100644 --- a/community/virtualbox-guest-modules-vanilla/APKBUILD +++ b/community/virtualbox-guest-modules-vanilla/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/community/wireshark/APKBUILD b/community/wireshark/APKBUILD index 6cbaf39f837..45f3e3ddcbd 100644 --- a/community/wireshark/APKBUILD +++ b/community/wireshark/APKBUILD @@ -3,23 +3,36 @@ # Contributor: Jeremy Thomerson <jeremy@thomersonfamily.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=wireshark -pkgver=2.6.9 +pkgver=2.6.20 pkgrel=0 -pkgdesc="A network protocol analyzer - GTK version" +pkgdesc="network protocol analyzer - GTK version" url="https://www.wireshark.org" arch="all" license="GPL-2.0-or-later" -depends="" makedepends="bison flex perl-dev glib glib-dev libpcap-dev libcap-dev gtk+3.0-dev c-ares-dev pcre-dev gnutls-dev libgcrypt-dev libnl3-dev qt5-qtbase-dev qt5-qttools-dev lua5.2-dev bash portaudio-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk $pkgname-common tshark" source="https://www.wireshark.org/download/src/$pkgname-$pkgver.tar.xz fix-udpdump.patch - " + " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 2.6.20-r0: +# - CVE-2020-25862 +# 2.6.16-r0: +# - CVE-2020-11647 +# 2.6.15-r0: +# - CVE-2020-9431 +# - CVE-2020-9430 +# - CVE-2020-9428 +# 2.6.13-r0: +# - CVE-2019-19553 +# 2.6.11-r0: +# - CVE-2019-16319 +# 2.6.10-r0: +# - CVE-2019-13619 # 2.6.9-r0: # - CVE-2019-12295 # 2.6.8-r0: @@ -123,14 +136,6 @@ builddir="$srcdir"/$pkgname-$pkgver # - CVE-2017-13765 # - CVE-2017-13766 # - CVE-2017-13767 -# 2.2.10-r0: -# - CVE-2017-15191 -# - CVE-2017-15192 -# - CVE-2017-15193 -# 2.2.9-r0: -# - CVE-2017-13765 -# - CVE-2017-13766 -# - CVE-2017-13767 # 2.2.8-r0: # - CVE-2017-11406 # - CVE-2017-11407 @@ -234,5 +239,5 @@ gtk() { mv "$pkgdir"/usr/bin/wireshark-gtk "$subpkgdir"/usr/bin/ } -sha512sums="ddd2efe25623f44d7f3d47808a000b2979d426a0cdf37dfa81af4d4159e0f67b172c7dbeedeb31034d48499089bfc7a99a8e7c6d1e7890be0523b693269c41ca wireshark-2.6.9.tar.xz +sha512sums="0e49e807b578368478e912970e7b4434cffcf499b803f62dbff64281c1400db5be8e96b69872270f2f52276c5fd8aee75ad3f175e8c1979dbe721a2d77f8cb13 wireshark-2.6.20.tar.xz 951677dd125b1e36b351cc87a98e8b8d0391d184c7695594dd4270334d86ada1dff5f14cd960da9c5d5d26fc801c42f0219b2db6269f3c526c841c7940d2f369 fix-udpdump.patch" diff --git a/community/zabbix/APKBUILD b/community/zabbix/APKBUILD index 6a341f58447..e2bc94e0e09 100644 --- a/community/zabbix/APKBUILD +++ b/community/zabbix/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=zabbix -pkgver=4.0.16 +pkgver=4.0.27 pkgrel=0 pkgdesc="Enterprise-class open source distributed monitoring" url="http://www.zabbix.com" @@ -25,7 +25,7 @@ options="!check" # no tests available subpackages="$pkgname-doc $pkgname-agent $pkgname-pgsql $pkgname-mysql $pkgname-sqlite $pkgname-webif::noarch $pkgname-utils $pkgname-setup::noarch $pkgname-openrc $pkgname-agent-openrc:agent_openrc" -source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz +source="$pkgname-$pkgver.tar.gz::https://github.com/zabbix/zabbix/archive/$pkgver.tar.gz zabbix-server.initd zabbix-server.confd zabbix-agentd.initd @@ -39,7 +39,7 @@ source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz builddir="$srcdir"/$pkgname-$pkgver -# security fixes: +# secfixes: # 3.0.4-r0: # - CVE N/A ZBX-11023 @@ -200,10 +200,10 @@ agent_openrc() { "$subpkgdir"/etc/init.d/zabbix-agentd } -sha512sums="e5a0b13790ef082d63c879ebf989739ffde448161d45eb16ccf4100473556ef39d00466687ecce69e3430e54ec32015c2d00461b81f51510d08d8e38284e2ee6 zabbix-4.0.16.tar.gz +sha512sums="c5187c4421db0d179a49a7ef3af0a0bca950090644bbf8b474a5be807a8e54d08688946e5c9a63e5f367487314d806873718b081f2dc62ac310a2c19f1472eaf zabbix-4.0.27.tar.gz 9998ee172a28002d98bacc3f76038ff52b8cf2b206e101418d76b4ca3de94afaf92cb4f7a6235ecf177f74beb9dd3ea1f3983c4f164b4f60bb601acba65aa175 zabbix-server.initd 9c06527bf653c40585fa7eeb3f7a0b2fc454031d24cd0d1633aed87b78a681c5227a193c5b9fcfcea0839135874e27ba7dd9b198573f905f680a2856f79e9512 zabbix-server.confd -523013cab3ba79cbc00db92f09d4c5d514fd6aa9cbebf8f29227dc91fbc19d2f8375af74c21d2037e4f3380a818f808194dbc94e69709ef2cf90f66e715895c4 zabbix-agentd.initd +c6513c5cdc4709886ad2f2351ddd9fb3a5aeb35d07a3ca34ca7a531cc48be3b3c1dab74aecabe67aac78146bb5ee984c102b882707d1fbfa4120cf780eca9a92 zabbix-agentd.initd a26e7ac422ff60a4b8eed3603022c3a1bde640870bb9286ab061c3cb5c2fd7e91ddb317cb3d1cf61034adda0a080fc212ad416c9e2853a1deb03c5279753f4e2 zabbix-proxy.initd 9fc413b11a01c8202c7ee1c7950d6ca3de2d2d6cd01bea994cd4bc412533b53c4e4b1f58fc3c8df16ea70902053e278e2c5dcc936ce3e0a686a6eac62310ef53 zabbix-getloadavg.patch 7f70dfd602aa164ec8cc65ebb7e8274c685975f6aea9051933928051b8d9b6e368e5a673a07e7084a2105468c5085d72fa7b9f934460f10648d594f28f031a91 automake.patch diff --git a/community/zabbix/zabbix-agentd.initd b/community/zabbix/zabbix-agentd.initd index 56d67db8ae1..c24b0f82267 100644 --- a/community/zabbix/zabbix-agentd.initd +++ b/community/zabbix/zabbix-agentd.initd @@ -1,34 +1,19 @@ #!/sbin/openrc-run -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/zabbix/files/1.6.6/init.d/zabbix-agentd,v 1.1 2009/10/05 15:55:23 patrick Exp $ -# ensure the same file is specified as PidFile in /etc/zabbix/zabbix_agentd.conf -pidfile=/var/run/zabbix/zabbix_agentd.pid -user=zabbix -group=zabbix +name="Zabbix Agent" +command="/usr/sbin/zabbix_agentd" +command_args="--foreground" +command_background=yes +pidfile="/run/zabbix/zabbix_agentd.pid" +: ${command_user:=zabbix} +: ${command_group:=zabbix} start_pre() { - checkpath --owner ${user}:${group} --directory ${pidfile%/*} + checkpath --owner ${command_user}:${command_group} --directory ${pidfile%/*} /var/log/zabbix } - depend() { need net provide zabbix-agent use zabbix-server } - -start() { - ebegin "Starting Zabbix agent" - start-stop-daemon --pidfile ${pidfile} --start --user ${user}:${group} --exec /usr/sbin/zabbix_agentd - eend $? -} - -stop() { - ebegin "Stopping Zabbix agent" - start-stop-daemon --stop --user ${user} --pidfile ${pidfile} - eend $? -} - - diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD index 7fdc06926b4..76e68d03a84 100644 --- a/main/alpine-base/APKBUILD +++ b/main/alpine-base/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alpine-base -pkgver=3.9.5 +pkgver=3.9.6 pkgrel=0 pkgdesc="Meta package for minimal alpine base" url="https://alpinelinux.org" diff --git a/main/ansible/APKBUILD b/main/ansible/APKBUILD index 2c9f9407d03..385db4691fc 100644 --- a/main/ansible/APKBUILD +++ b/main/ansible/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Takuya Noguchi <takninnovationresearch@gmail.com> # Maintainer: Fabian Affolter <fabian@affolter-engineering.ch> pkgname=ansible -pkgver=2.7.16 +pkgver=2.7.17 pkgrel=0 pkgdesc="A configuration-management, deployment, task-execution, and multinode orchestration framework" url="https://ansible.com/" @@ -14,13 +14,20 @@ depends="python3 $_py-yaml $_py-paramiko $_py-jinja2 $_py-markupsafe $_py-crypto makedepends="python3-dev py3-setuptools" options="!check" # not included in release tarball subpackages="$pkgname-doc" -source="$pkgname-$pkgver.tar.gz::https://releases.ansible.com/ansible/$pkgname-$pkgver.tar.gz +source="https://releases.ansible.com/ansible/ansible-$pkgver.tar.gz add-lxc-container_shell-option.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 2.7.17-r0: +# - CVE-2019-3828 +# - CVE-2020-1733 +# - CVE-2020-1737 +# - CVE-2020-1739 +# - CVE-2020-1740 +# - CVE-2020-1746 # 2.7.16-r0: # - CVE-2019-14864 # - CVE-2019-14904 @@ -38,7 +45,7 @@ builddir="$srcdir/$pkgname-$pkgver" # 2.7.5-r0: # - CVE-2018-16876 # 2.7.3-r0: -# - CVE 2018-16859 +# - CVE-2018-16859 # 2.7.1-r0: # - CVE-2018-16837 # 2.6.3-r0: @@ -68,5 +75,5 @@ package() { install -m644 README.rst "$pkgdir"/usr/share/doc/$pkgname } -sha512sums="daae5c495f60a6b1b7fbce7c1b964e946ffa85e57791f9e07765aacfea8a490e39e3fad7f319684fc98dcc2e59ed8e9daf058e03a5dfcdf2cd6de5166ecb5767 ansible-2.7.16.tar.gz +sha512sums="387ee26381d120e8b1a77a5251686831fefb47213dce4a1f0aee714e6c6e2a94f1bf283ef2bcf3d79940552407fff7d86453968f1aa5a866f013d396948ccc0f ansible-2.7.17.tar.gz e1bd1affec585abf4556d1f2598df2689c2341fc0ddaec3eadc0a9c6df5725b8ab97092771f2c57da6ecaa72ae1bb5e5ccce55db8c4d74bfc785f611dd5b8c32 add-lxc-container_shell-option.patch" diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index b067ad7fb90..259166b50e1 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=apache2 _pkgreal=httpd -pkgver=2.4.41 +pkgver=2.4.46 pkgrel=0 pkgdesc="A high performance Unix-based HTTP server" url="https://httpd.apache.org/" @@ -51,6 +51,13 @@ options="suid" builddir="$srcdir"/$_pkgreal-$pkgver # secfixes: +# 2.4.46-r0: +# - CVE-2020-9490 +# - CVE-2020-11984 +# - CVE-2020-11993 +# 2.4.43-r0: +# - CVE-2020-1927 +# - CVE-2020-1934 # 2.4.41-r0: # - CVE-2019-9517 # - CVE-2019-10081 @@ -344,7 +351,7 @@ _lua() { "$subpkgdir"/usr/lib/apache2/ _load_mods } -sha512sums="350cc7dcd2c439e0590338fa6da3f44df44f9bb885c381e91f91b14c2f48597f6f0bbac0ea118a8a67eaa70ae7edbb769beace368643ed73f6daee44c307b335 httpd-2.4.41.tar.bz2 +sha512sums="5936784bb662e9d8a4f7fe38b70c043b468114d931cd10ea831bfe74461ea5856b64f88f42c567ab791fc8907640a99884ba4b6a600f86d661781812735b6f13 httpd-2.4.46.tar.bz2 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd diff --git a/main/apk-tools/0001-fetch-fix-error-message-for-recursive.patch b/main/apk-tools/0001-fetch-fix-error-message-for-recursive.patch deleted file mode 100644 index 97a6abe6d5f..00000000000 --- a/main/apk-tools/0001-fetch-fix-error-message-for-recursive.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 947baeea1860a4eb44bb8636e1db295a7bc1d259 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 10 Jan 2019 09:29:35 +0100 -Subject: [PATCH] fetch: fix error message for --recursive - -Give error message for `apk fetch --recursive missing` ---- - src/fetch.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/fetch.c b/src/fetch.c -index e745d84..9a7c46a 100644 ---- a/src/fetch.c -+++ b/src/fetch.c -@@ -229,8 +229,10 @@ static void mark_name_flags(struct apk_database *db, const char *match, struct a - if (!IS_ERR_OR_NULL(name)) { - name->auto_select_virtual = 1; - apk_deps_add(&ctx->world, &dep); -- } else -+ } else { - ctx->errors++; -+ mark_error(ctx, match, name); -+ } - } - - static void mark_names_recursive(struct apk_database *db, struct apk_string_array *args, void *pctx) --- -2.20.1 - diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD index 31191903e2a..1d072c2054f 100644 --- a/main/apk-tools/APKBUILD +++ b/main/apk-tools/APKBUILD @@ -1,8 +1,11 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apk-tools -pkgver=2.10.3 -pkgrel=1 +pkgver=2.10.6 +pkgrel=0 pkgdesc="Alpine Package Keeper - package manager for alpine" +arch="all" +url="https://gitlab.alpinelinux.org/alpine/apk-tools" +license=GPL2 subpackages="$pkgname-static" depends= makedepends_build="openssl" @@ -12,15 +15,9 @@ if [ "$CBUILD" = "$CHOST" ]; then subpackages="$subpackages lua5.2-apk:luaapk" makedepends="$makedepends lua5.2-dev" fi -source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz - 0001-fetch-fix-error-message-for-recursive.patch - " - -url="https://git.alpinelinux.org/cgit/apk-tools/" -arch="all" -license=GPL2 +source="https://gitlab.alpinelinux.org/alpine/$pkgname/-/archive/v$pkgver/$pkgname-v$pkgver.tar.gz" +builddir="$srcdir/$pkgname-v$pkgver" -builddir="$srcdir/$pkgname-$pkgver" prepare() { default_prepare || return 1 cd "$builddir" @@ -32,6 +29,7 @@ prepare() { echo "LUAAPK=" >> config.mk fi echo "export LUAAPK" >> config.mk + echo "export LUA_VERSION=5.2" >> config.mk } build() { @@ -59,7 +57,7 @@ package() { static() { pkgdesc="Alpine Package Keeper - static binary" - install -Dm755 "$srcdir"/$pkgname-$pkgver/src/apk.static \ + install -Dm755 "$builddir"/src/apk.static \ "$subpkgdir"/sbin/apk.static # lets sign the static binary so it can be vefified from distros @@ -83,5 +81,4 @@ luaapk() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/ } -sha512sums="1b190cfd04c69369bd4f2b708d4df0f8cf2937e1580c95138fd2c2257e7604d015deaca10a9fe0da6742981caadb6b067c15e417a1951866f781b8a5c71c98ee apk-tools-2.10.3.tar.xz -0fe8d05d6d1c3f6ed5c86d5a5a9aca4fd5246579ed346adb990b8fba6dcac0033056a655181659b4e12a8c934d27df512d29e4e134889a4eafcfbf80e60da2a5 0001-fetch-fix-error-message-for-recursive.patch" +sha512sums="81e51fdaf7976d589c847850dc3494a6bb91847f14a756e1dd9afe7f526b672e6aab743965506ef89e3229084bc92c9041a49796b400f454a2c912efebd44b4f apk-tools-v2.10.6.tar.gz" diff --git a/main/axel/APKBUILD b/main/axel/APKBUILD index 0e963192828..373726aa57a 100644 --- a/main/axel/APKBUILD +++ b/main/axel/APKBUILD @@ -2,18 +2,32 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=axel pkgver=2.16.1 -pkgrel=2 +pkgrel=3 pkgdesc="A multiple-connection concurrent downloader" url="https://github.com/axel-download-accelerator/axel" arch="all" options="!check" # has no checks license="GPL-2.0-or-later" -makedepends="openssl-dev" +makedepends="openssl-dev automake autoconf libtool gettext-dev" subpackages="$pkgname-doc" -source="$url/releases/download/v$pkgver/axel-$pkgver.tar.xz" +source="$url/releases/download/v$pkgver/axel-$pkgver.tar.xz + CVE-2020-13614.patch + " + +# secfixes: +# 2.16.1-r3: +# - CVE-2020-13614 builddir="$srcdir/$pkgname-$pkgver" +prepare() { + default_prepare + + # We need to regenerate the configure script because the CVE-2020-13614 + # modifies src/Makefile.am + autoreconf -fi +} + build() { cd "$builddir" ./configure \ @@ -32,4 +46,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="a263b6926acb6acf16353d0d02464d48ad89c18dd3328b84273c26cdb23cb7323084a8204a5c6ad163ad5352136cb1709c6734d4fec9bc1c514174dbbb3c5dab axel-2.16.1.tar.xz" +sha512sums="a263b6926acb6acf16353d0d02464d48ad89c18dd3328b84273c26cdb23cb7323084a8204a5c6ad163ad5352136cb1709c6734d4fec9bc1c514174dbbb3c5dab axel-2.16.1.tar.xz +b5365d6ccb3453d4e1d70e8cf734e9d6723e412904427d8bbee5e409511864c7a9970343c9a9c9cbfb86032a54ab78579ca180094e18f4b53028116b669b4cb5 CVE-2020-13614.patch" diff --git a/main/axel/CVE-2020-13614.patch b/main/axel/CVE-2020-13614.patch new file mode 100644 index 00000000000..f23b705e16a --- /dev/null +++ b/main/axel/CVE-2020-13614.patch @@ -0,0 +1,223 @@ +diff --git a/src/Makefile.am b/src/Makefile.am +index 6269979..a56b4dd 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -14,6 +14,7 @@ axel_SOURCES = \ + search.c \ + search.h \ + ssl.c \ ++ ssl_verify.c \ + ssl.h \ + tcp.c \ + tcp.h \ +diff --git a/src/ssl.c b/src/ssl.c +index c05f238..0859b76 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -70,7 +70,7 @@ ssl_startup(void) + SSL * + ssl_connect(int fd, char *hostname, char *message) + { +- ++ X509 *server_cert; + SSL_CTX *ssl_ctx; + SSL *ssl; + +@@ -91,9 +91,33 @@ ssl_connect(int fd, char *hostname, char *message) + if (err <= 0) { + sprintf(message, _("SSL error: %s\n"), + ERR_reason_error_string(ERR_get_error())); ++ SSL_CTX_free(ssl_ctx); ++ return NULL; ++ } ++ ++ err = SSL_get_verify_result(ssl); ++ if (err != X509_V_OK) { ++ fprintf(stderr, _("SSL error: Certificate error")); ++ SSL_CTX_free(ssl_ctx); + return NULL; + } + ++ server_cert = SSL_get_peer_certificate(ssl); ++ if (server_cert == NULL) { ++ fprintf(stderr, _("SSL error: Certificate not found")); ++ SSL_CTX_free(ssl_ctx); ++ return NULL; ++ } ++ ++ if (!ssl_validate_hostname(hostname, server_cert)) { ++ fprintf(stderr, _("SSL error: Hostname verification failed")); ++ X509_free(server_cert); ++ SSL_CTX_free(ssl_ctx); ++ return NULL; ++ } ++ ++ X509_free(server_cert); ++ + return ssl; + } + +diff --git a/src/ssl.h b/src/ssl.h +index cc00eaf..64fb933 100644 +--- a/src/ssl.h ++++ b/src/ssl.h +@@ -44,5 +44,6 @@ + void ssl_init(conf_t *conf); + SSL *ssl_connect(int fd, char *hostname, char *message); + void ssl_disconnect(SSL *ssl); ++bool ssl_validate_hostname(const char *hostname, const X509 *server_cert); + + #endif /* AXEL_SSL_H */ +diff --git a/src/ssl_verify.c b/src/ssl_verify.c +new file mode 100644 +index 0000000..8a67a3c +--- /dev/null ++++ b/src/ssl_verify.c +@@ -0,0 +1,147 @@ ++/* ++ Helper functions to perform basic hostname validation using OpenSSL. ++ ++ Author: Alban Diquet ++ Copyright (C) 2012, iSEC Partners. ++ ++ Permission is hereby granted, free of charge, to any person obtaining a copy of ++ this software and associated documentation files (the "Software"), to deal in ++ the Software without restriction, including without limitation the rights to ++ use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies ++ of the Software, and to permit persons to whom the Software is furnished to do ++ so, subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be included in all ++ copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE. ++ */ ++ ++#include "axel.h" ++ ++#ifdef HAVE_SSL ++ ++#include <openssl/ssl.h> ++#include <openssl/x509v3.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10101000L ++#define ASN1_STRING_data_compat ASN1_STRING_data ++#else ++#define ASN1_STRING_data_compat ASN1_STRING_get0_data ++#endif ++ ++typedef enum { ++ MatchFound, ++ MatchNotFound, ++ NoSANPresent, ++ MalformedCertificate, ++ Error ++} validate_result; ++ ++static validate_result ++ssl_matches_common_name(const char *hostname, const X509 *server_cert) ++{ ++ int common_name_loc = -1; ++ X509_NAME_ENTRY *common_name_entry = NULL; ++ ASN1_STRING *common_name_asn1 = NULL; ++ char *common_name_str = NULL; ++ ++ // Find the position of the CN field in the Subject field of the certificate ++ common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1); ++ if (common_name_loc < 0) { ++ return Error; ++ } ++ ++ // Extract the CN field ++ common_name_entry = X509_NAME_get_entry(X509_get_subject_name((X509 *) server_cert), common_name_loc); ++ if (common_name_entry == NULL) { ++ return Error; ++ } ++ ++ // Convert the CN field to a C string ++ common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry); ++ if (common_name_asn1 == NULL) { ++ return Error; ++ } ++ common_name_str = (char *) ASN1_STRING_data_compat(common_name_asn1); ++ ++ // Make sure there isn't an embedded NUL character in the CN ++ if ((size_t) ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) { ++ return MalformedCertificate; ++ } ++ ++ // Compare expected hostname with the CN ++ if (strcasecmp(hostname, common_name_str) == 0) { ++ return MatchFound; ++ } else { ++ return MatchNotFound; ++ } ++} ++ ++static validate_result ++ssl_matches_subject_alternative_name(const char *hostname, const X509 *server_cert) ++{ ++ validate_result result = MatchNotFound; ++ int i; ++ int san_names_nb = -1; ++ STACK_OF(GENERAL_NAME) *san_names = NULL; ++ ++ // Try to extract the names within the SAN extension from the certificate ++ san_names = X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL); ++ if (san_names == NULL) { ++ return NoSANPresent; ++ } ++ san_names_nb = sk_GENERAL_NAME_num(san_names); ++ ++ // Check each name within the extension ++ for (i = 0; i < san_names_nb; i++) { ++ const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i); ++ ++ if (current_name->type == GEN_DNS) { ++ // Current name is a DNS name, let's check it ++ char *dns_name = (char *) ASN1_STRING_data_compat(current_name->d.dNSName); ++ ++ // Make sure there isn't an embedded NUL character in the DNS name ++ if ((size_t) ASN1_STRING_length(current_name->d.dNSName) != strlen(dns_name)) { ++ result = MalformedCertificate; ++ break; ++ } else { ++ // Compare expected hostname with the DNS name ++ if (strcasecmp(hostname, dns_name) == 0) { ++ result = MatchFound; ++ break; ++ } ++ } ++ } ++ } ++ sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); ++ ++ return result; ++} ++ ++bool ++ssl_validate_hostname(const char *hostname, const X509 *server_cert) ++{ ++ validate_result result; ++ ++ if ((hostname == NULL) || (server_cert == NULL)) { ++ return false; ++ } ++ ++ // First try the Subject Alternative Names extension ++ result = ssl_matches_subject_alternative_name(hostname, server_cert); ++ if (result == NoSANPresent) { ++ // Extension was not found: try the Common Name ++ result = ssl_matches_common_name(hostname, server_cert); ++ } ++ ++ return result == MatchFound; ++} ++ ++#endif /* HAVE_SSL */ diff --git a/main/bind/CVE-2020-8619.patch b/main/bind/CVE-2020-8619.patch new file mode 100644 index 00000000000..e6d305bdb84 --- /dev/null +++ b/main/bind/CVE-2020-8619.patch @@ -0,0 +1,545 @@ +From 569cc155b8680d8ed12db1fabbe20947db24a0f9 Mon Sep 17 00:00:00 2001 +From: Mark Andrews <marka@isc.org> +Date: Tue, 2 Jun 2020 12:38:40 +1000 +Subject: [PATCH] Remove INSIST from from new_reference + +RBTDB node can now appear on the deadnodes lists following the changes +to decrement_reference in 176b23b6cd98e5b58f832902fdbe964ee5f762d0 to +defer checking of node->down when the tree write lock is not held. The +node should be unlinked instead. +--- + lib/dns/rbtdb.c | 173 ++++++++++++++++++++++++++++-------------------- + 1 file changed, 100 insertions(+), 73 deletions(-) + +diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c +index bfe3538a59..87fbdb317b 100644 +--- a/lib/dns/rbtdb.c ++++ b/lib/dns/rbtdb.c +@@ -1858,8 +1858,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { + * Caller must be holding the node lock. + */ + static inline void +-new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, ++ isc_rwlocktype_t locktype) { ++ if (locktype == isc_rwlocktype_write && ISC_LINK_LINKED(node, deadlink)) ++ { ++ ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], node, ++ deadlink); ++ } + if (isc_refcount_increment0(&node->references) == 0) { + /* this is the first reference to the node */ + isc_refcount_increment0( +@@ -1877,13 +1882,14 @@ is_leaf(dns_rbtnode_t *node) { + } + + static inline void +-send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) { ++send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, ++ isc_rwlocktype_t locktype) { + isc_event_t *ev; + dns_db_t *db; + + ev = isc_event_allocate(rbtdb->common.mctx, NULL, DNS_EVENT_RBTPRUNE, + prune_tree, node, sizeof(isc_event_t)); +- new_reference(rbtdb, node); ++ new_reference(rbtdb, node, locktype); + db = NULL; + attach((dns_db_t *)rbtdb, &db); + ev->ev_sender = db; +@@ -1919,7 +1925,7 @@ cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) { + node->data == NULL); + + if (is_leaf(node) && rbtdb->task != NULL) { +- send_to_prune_tree(rbtdb, node); ++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write); + } else if (node->down == NULL && node->data == NULL) { + /* + * Not a interior node and not needing to be +@@ -1987,7 +1993,7 @@ reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + } + } + +- new_reference(rbtdb, node); ++ new_reference(rbtdb, node, locktype); + + NODE_UNLOCK(nodelock, locktype); + } +@@ -2122,15 +2128,17 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, + * periodic walk-through). + */ + if (!pruning && is_leaf(node) && rbtdb->task != NULL) { +- send_to_prune_tree(rbtdb, node); ++ send_to_prune_tree(rbtdb, node, isc_rwlocktype_write); + no_reference = false; + } else { + delete_node(rbtdb, node); + } + } else { + INSIST(node->data == NULL); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); +- ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, deadlink); ++ if (!ISC_LINK_LINKED(node, deadlink)) { ++ ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, ++ deadlink); ++ } + } + + restore_locks: +@@ -2200,16 +2208,13 @@ prune_tree(isc_task_t *task, isc_event_t *event) { + + /* + * We need to gain a reference to the node before +- * decrementing it in the next iteration. In addition, +- * if the node is in the dead-nodes list, extract it +- * from the list beforehand as we do in +- * reactivate_node(). ++ * decrementing it in the next iteration. + */ + if (ISC_LINK_LINKED(parent, deadlink)) { + ISC_LIST_UNLINK(rbtdb->deadnodes[locknum], + parent, deadlink); + } +- new_reference(rbtdb, parent); ++ new_reference(rbtdb, parent, isc_rwlocktype_write); + } else { + parent = NULL; + } +@@ -2976,7 +2981,7 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { + * We increment the reference count on node to ensure that + * search->zonecut_rdataset will still be valid later. + */ +- new_reference(search->rbtdb, node); ++ new_reference(search->rbtdb, node, isc_rwlocktype_read); + search->zonecut = node; + search->zonecut_rdataset = found; + search->need_cleanup = true; +@@ -3028,7 +3033,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { + + static inline void + bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header, +- isc_stdtime_t now, dns_rdataset_t *rdataset) { ++ isc_stdtime_t now, isc_rwlocktype_t locktype, ++ dns_rdataset_t *rdataset) { + unsigned char *raw; /* RDATASLAB */ + + /* +@@ -3043,7 +3049,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header, + return; + } + +- new_reference(rbtdb, node); ++ new_reference(rbtdb, node, locktype); + + INSIST(rdataset->methods == NULL); /* We must be disassociated. */ + +@@ -3148,12 +3154,12 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep, + NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); + bind_rdataset(search->rbtdb, node, search->zonecut_rdataset, +- search->now, rdataset); ++ search->now, isc_rwlocktype_read, rdataset); + if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL) + { + bind_rdataset(search->rbtdb, node, + search->zonecut_sigrdataset, search->now, +- sigrdataset); ++ isc_rwlocktype_read, sigrdataset); + } + NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock), + isc_rwlocktype_read); +@@ -3818,18 +3824,21 @@ again: + foundname, NULL); + if (result == ISC_R_SUCCESS) { + if (nodep != NULL) { +- new_reference(search->rbtdb, +- node); ++ new_reference( ++ search->rbtdb, node, ++ isc_rwlocktype_read); + *nodep = node; + } + bind_rdataset(search->rbtdb, node, + found, search->now, ++ isc_rwlocktype_read, + rdataset); + if (foundsig != NULL) { +- bind_rdataset(search->rbtdb, +- node, foundsig, +- search->now, +- sigrdataset); ++ bind_rdataset( ++ search->rbtdb, node, ++ foundsig, search->now, ++ isc_rwlocktype_read, ++ sigrdataset); + } + } + } else if (found == NULL && foundsig == NULL) { +@@ -4114,7 +4123,8 @@ found: + * ensure that search->zonecut_rdataset will + * still be valid later. + */ +- new_reference(search.rbtdb, node); ++ new_reference(search.rbtdb, node, ++ isc_rwlocktype_read); + search.zonecut = node; + search.zonecut_rdataset = header; + search.zonecut_sigrdataset = NULL; +@@ -4292,7 +4302,7 @@ found: + goto node_exit; + } + if (nodep != NULL) { +- new_reference(search.rbtdb, node); ++ new_reference(search.rbtdb, node, isc_rwlocktype_read); + *nodep = node; + } + if ((search.rbtversion->secure == dns_db_secure && +@@ -4300,10 +4310,10 @@ found: + (search.options & DNS_DBFIND_FORCENSEC) != 0) + { + bind_rdataset(search.rbtdb, node, nsecheader, 0, +- rdataset); ++ isc_rwlocktype_read, rdataset); + if (nsecsig != NULL) { + bind_rdataset(search.rbtdb, node, nsecsig, 0, +- sigrdataset); ++ isc_rwlocktype_read, sigrdataset); + } + } + if (wild) { +@@ -4376,7 +4386,7 @@ found: + + if (nodep != NULL) { + if (!at_zonecut) { +- new_reference(search.rbtdb, node); ++ new_reference(search.rbtdb, node, isc_rwlocktype_read); + } else { + search.need_cleanup = false; + } +@@ -4384,10 +4394,11 @@ found: + } + + if (type != dns_rdatatype_any) { +- bind_rdataset(search.rbtdb, node, found, 0, rdataset); ++ bind_rdataset(search.rbtdb, node, found, 0, isc_rwlocktype_read, ++ rdataset); + if (foundsig != NULL) { + bind_rdataset(search.rbtdb, node, foundsig, 0, +- sigrdataset); ++ isc_rwlocktype_read, sigrdataset); + } + } + +@@ -4570,8 +4581,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) { + * We increment the reference count on node to ensure that + * search->zonecut_rdataset will still be valid later. + */ +- new_reference(search->rbtdb, node); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++ new_reference(search->rbtdb, node, locktype); + search->zonecut = node; + search->zonecut_rdataset = dname_header; + search->zonecut_sigrdataset = sigdname_header; +@@ -4679,14 +4689,15 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node, + } + result = DNS_R_DELEGATION; + if (nodep != NULL) { +- new_reference(search->rbtdb, node); ++ new_reference(search->rbtdb, node, locktype); + *nodep = node; + } + bind_rdataset(search->rbtdb, node, found, search->now, +- rdataset); ++ locktype, rdataset); + if (foundsig != NULL) { + bind_rdataset(search->rbtdb, node, foundsig, +- search->now, sigrdataset); ++ search->now, locktype, ++ sigrdataset); + } + if (need_headerupdate(found, search->now) || + (foundsig != NULL && +@@ -4795,13 +4806,13 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep, + if (result != ISC_R_SUCCESS) { + goto unlock_node; + } +- bind_rdataset(search->rbtdb, node, found, now, ++ bind_rdataset(search->rbtdb, node, found, now, locktype, + rdataset); + if (foundsig != NULL) { + bind_rdataset(search->rbtdb, node, foundsig, +- now, sigrdataset); ++ now, locktype, sigrdataset); + } +- new_reference(search->rbtdb, node); ++ new_reference(search->rbtdb, node, locktype); + *nodep = node; + result = DNS_R_COVERINGNSEC; + } else if (!empty_node) { +@@ -5026,18 +5037,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, + if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0 && + nsecheader != NULL) { + if (nodep != NULL) { +- new_reference(search.rbtdb, node); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++ new_reference(search.rbtdb, node, locktype); + *nodep = node; + } + bind_rdataset(search.rbtdb, node, nsecheader, +- search.now, rdataset); ++ search.now, locktype, rdataset); + if (need_headerupdate(nsecheader, search.now)) { + update = nsecheader; + } + if (nsecsig != NULL) { + bind_rdataset(search.rbtdb, node, nsecsig, +- search.now, sigrdataset); ++ search.now, locktype, ++ sigrdataset); + if (need_headerupdate(nsecsig, search.now)) { + updatesig = nsecsig; + } +@@ -5052,18 +5063,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, + */ + if (nsheader != NULL) { + if (nodep != NULL) { +- new_reference(search.rbtdb, node); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++ new_reference(search.rbtdb, node, locktype); + *nodep = node; + } + bind_rdataset(search.rbtdb, node, nsheader, search.now, +- rdataset); ++ locktype, rdataset); + if (need_headerupdate(nsheader, search.now)) { + update = nsheader; + } + if (nssig != NULL) { + bind_rdataset(search.rbtdb, node, nssig, +- search.now, sigrdataset); ++ search.now, locktype, ++ sigrdataset); + if (need_headerupdate(nssig, search.now)) { + updatesig = nssig; + } +@@ -5084,8 +5095,7 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, + */ + + if (nodep != NULL) { +- new_reference(search.rbtdb, node); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++ new_reference(search.rbtdb, node, locktype); + *nodep = node; + } + +@@ -5117,13 +5127,14 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version, + if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN || + result == DNS_R_NCACHENXRRSET) + { +- bind_rdataset(search.rbtdb, node, found, search.now, rdataset); ++ bind_rdataset(search.rbtdb, node, found, search.now, locktype, ++ rdataset); + if (need_headerupdate(found, search.now)) { + update = found; + } + if (!NEGATIVE(found) && foundsig != NULL) { + bind_rdataset(search.rbtdb, node, foundsig, search.now, +- sigrdataset); ++ locktype, sigrdataset); + if (need_headerupdate(foundsig, search.now)) { + updatesig = foundsig; + } +@@ -5282,15 +5293,15 @@ cache_findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options, + } + + if (nodep != NULL) { +- new_reference(search.rbtdb, node); +- INSIST(!ISC_LINK_LINKED(node, deadlink)); ++ new_reference(search.rbtdb, node, locktype); + *nodep = node; + } + +- bind_rdataset(search.rbtdb, node, found, search.now, rdataset); ++ bind_rdataset(search.rbtdb, node, found, search.now, locktype, ++ rdataset); + if (foundsig != NULL) { + bind_rdataset(search.rbtdb, node, foundsig, search.now, +- sigrdataset); ++ locktype, sigrdataset); + } + + if (need_headerupdate(found, search.now) || +@@ -5653,10 +5664,11 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + } + } + if (found != NULL) { +- bind_rdataset(rbtdb, rbtnode, found, now, rdataset); ++ bind_rdataset(rbtdb, rbtnode, found, now, isc_rwlocktype_read, ++ rdataset); + if (foundsig != NULL) { + bind_rdataset(rbtdb, rbtnode, foundsig, now, +- sigrdataset); ++ isc_rwlocktype_read, sigrdataset); + } + } + +@@ -5747,9 +5759,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + } + } + if (found != NULL) { +- bind_rdataset(rbtdb, rbtnode, found, now, rdataset); ++ bind_rdataset(rbtdb, rbtnode, found, now, locktype, rdataset); + if (!NEGATIVE(found) && foundsig != NULL) { +- bind_rdataset(rbtdb, rbtnode, foundsig, now, ++ bind_rdataset(rbtdb, rbtnode, foundsig, now, locktype, + sigrdataset); + } + } +@@ -5917,6 +5929,9 @@ resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader) { + return (result); + } + ++/* ++ * node write lock must be held. ++ */ + static void + resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version, + rdatasetheader_t *header) { +@@ -5928,7 +5943,8 @@ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version, + header->heap_index); + header->heap_index = 0; + if (version != NULL) { +- new_reference(rbtdb, header->node); ++ new_reference(rbtdb, header->node, ++ isc_rwlocktype_write); + ISC_LIST_APPEND(version->resigned_list, header, link); + } + } +@@ -5959,6 +5975,9 @@ update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion, + RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write); + } + ++/* ++ * write lock on rbtnode must be held. ++ */ + static isc_result_t + add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename, + rbtdb_version_t *rbtversion, rdatasetheader_t *newheader, +@@ -6085,9 +6104,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename, + free_rdataset(rbtdb, rbtdb->common.mctx, + newheader); + if (addedrdataset != NULL) { +- bind_rdataset(rbtdb, rbtnode, +- topheader, now, +- addedrdataset); ++ bind_rdataset( ++ rbtdb, rbtnode, ++ topheader, now, ++ isc_rwlocktype_write, ++ addedrdataset); + } + return (DNS_R_UNCHANGED); + } +@@ -6147,6 +6168,7 @@ find_header: + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + if (addedrdataset != NULL) { + bind_rdataset(rbtdb, rbtnode, header, now, ++ isc_rwlocktype_write, + addedrdataset); + } + return (DNS_R_UNCHANGED); +@@ -6258,6 +6280,7 @@ find_header: + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + if (addedrdataset != NULL) { + bind_rdataset(rbtdb, rbtnode, header, now, ++ isc_rwlocktype_write, + addedrdataset); + } + return (ISC_R_SUCCESS); +@@ -6307,6 +6330,7 @@ find_header: + free_rdataset(rbtdb, rbtdb->common.mctx, newheader); + if (addedrdataset != NULL) { + bind_rdataset(rbtdb, rbtnode, header, now, ++ isc_rwlocktype_write, + addedrdataset); + } + return (ISC_R_SUCCESS); +@@ -6504,7 +6528,8 @@ find_header: + } + + if (addedrdataset != NULL) { +- bind_rdataset(rbtdb, rbtnode, newheader, now, addedrdataset); ++ bind_rdataset(rbtdb, rbtnode, newheader, now, ++ isc_rwlocktype_write, addedrdataset); + } + + return (ISC_R_SUCCESS); +@@ -7045,13 +7070,15 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, + } + + if (result == ISC_R_SUCCESS && newrdataset != NULL) { +- bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset); ++ bind_rdataset(rbtdb, rbtnode, newheader, 0, ++ isc_rwlocktype_write, newrdataset); + } + + if (result == DNS_R_NXRRSET && newrdataset != NULL && + (options & DNS_DBSUB_WANTOLD) != 0) + { +- bind_rdataset(rbtdb, rbtnode, header, 0, newrdataset); ++ bind_rdataset(rbtdb, rbtnode, header, 0, isc_rwlocktype_write, ++ newrdataset); + } + + unlock: +@@ -7929,8 +7956,7 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) { + /* Note that the access to origin_node doesn't require a DB lock */ + onode = (dns_rbtnode_t *)rbtdb->origin_node; + if (onode != NULL) { +- new_reference(rbtdb, onode); +- ++ new_reference(rbtdb, onode, isc_rwlocktype_none); + *nodep = rbtdb->origin_node; + } else { + INSIST(IS_CACHE(rbtdb)); +@@ -8123,7 +8149,8 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, dns_name_t *foundname) { + * Found something; pass back the answer and unlock + * the bucket. + */ +- bind_rdataset(rbtdb, header->node, header, 0, rdataset); ++ bind_rdataset(rbtdb, header->node, header, 0, ++ isc_rwlocktype_read, rdataset); + + if (foundname != NULL) { + dns_rbt_fullnamefromnode(header->node, foundname); +@@ -9130,7 +9157,7 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) { + isc_rwlocktype_read); + + bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now, +- rdataset); ++ isc_rwlocktype_read, rdataset); + + NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock, + isc_rwlocktype_read); +@@ -9585,7 +9612,7 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep, + result = ISC_R_SUCCESS; + } + +- new_reference(rbtdb, node); ++ new_reference(rbtdb, node, isc_rwlocktype_none); + + *nodep = rbtdbiter->node; + +@@ -10498,7 +10525,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked, + * We first need to gain a new reference to the node to meet a + * requirement of decrement_reference(). + */ +- new_reference(rbtdb, header->node); ++ new_reference(rbtdb, header->node, isc_rwlocktype_write); + decrement_reference(rbtdb, header->node, 0, + isc_rwlocktype_write, + tree_locked ? isc_rwlocktype_write +-- +GitLab diff --git a/main/bluez/APKBUILD b/main/bluez/APKBUILD index 7a6788eacb2..e431f069e5c 100644 --- a/main/bluez/APKBUILD +++ b/main/bluez/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=bluez pkgver=5.50 -pkgrel=1 +pkgrel=2 pkgdesc="Tools for the Bluetooth protocol stack" url="http://www.bluez.org/" arch="all" @@ -25,10 +25,13 @@ source="https://www.kernel.org/pub/linux/bluetooth/bluez-$pkgver.tar.xz disable-lock-test.patch fix-endianness.patch CVE-2020-0556.patch + CVE-2020-27153.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 5.50-r2: +# - CVE-2020-27153 # 5.50-r1: # - CVE-2020-0556 @@ -126,4 +129,5 @@ d5fd1c962bd846eaa6fff879bab85f753eb367d514f82d133b5d3242e1da989af5eddd942c60a87d 41ce7ccf78cca97563f0ef31e01dac6eb4484c24fe57be360b5e8de8c5bff5845e9d395766f891bd3f123788344456c88c9fc00cd1bb7c6a1dca89d09f19172b bluez-5.40-obexd_without_systemd-1.patch 04c4889372c8e790bb338dde7ffa76dc32fcf7370025c71b9184fcf17fd01ade4a6613d84d648303af3bbc54043ad489f29fc0cd4679ec8c9029dcb846d7e026 disable-lock-test.patch 118d55183860f395fc4bdc93efffb13902ebf7388cad722b9061cd2860d404333e500af521741c3d92c0f8a161f6810348fbeb6682e49c372383f417aed8c76a fix-endianness.patch -1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch" +1f7c41399e746942e091db22c1b42a0bd87dafd83c5074a34c24f51efd88ed4d2957308f9b4da0fdcd6cd99ea5b9e1885d628ae01ddde56cf31140ccc895be61 CVE-2020-0556.patch +c8e65bdfb5edc8edd0d1f9a153a7d5b953f0c5700aa61645af251cd857117990090a27c0ee133056fc045d0f6b6a3c1aad60ff0dfd3707c2c5ba29c518fccca8 CVE-2020-27153.patch" diff --git a/main/bluez/CVE-2020-27153.patch b/main/bluez/CVE-2020-27153.patch new file mode 100644 index 00000000000..48a346fe2c0 --- /dev/null +++ b/main/bluez/CVE-2020-27153.patch @@ -0,0 +1,95 @@ +Adapted from https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a + +diff --git a/src/shared/att.c b/src/shared/att.c +index 0ea6d55..b0fdb8e 100644 +--- a/src/shared/att.c ++++ b/src/shared/att.c +@@ -62,6 +62,7 @@ struct bt_att { + struct queue *ind_queue; /* Queued ATT protocol indications */ + struct att_send_op *pending_ind; + struct queue *write_queue; /* Queue of PDUs ready to send */ ++ bool in_disc; /* Cleanup queues on disconnect_cb */ + bool writer_active; + + struct queue *notify_list; /* List of registered callbacks */ +@@ -211,8 +212,10 @@ static void destroy_att_send_op(void *data) + free(op); + } + +-static void cancel_att_send_op(struct att_send_op *op) ++static void cancel_att_send_op(void *data) + { ++ struct att_send_op *op = data; ++ + if (op->destroy) + op->destroy(op->user_data); + +@@ -572,11 +575,6 @@ static bool disconnect_cb(struct io *io, void *user_data) + att->io = NULL; + att->fd = -1; + +- /* Notify request callbacks */ +- queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op); +- queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op); +- queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op); +- + if (att->pending_req) { + disc_att_send_op(att->pending_req); + att->pending_req = NULL; +@@ -589,6 +587,15 @@ static bool disconnect_cb(struct io *io, void *user_data) + + bt_att_ref(att); + ++ att->in_disc = true; ++ ++ /* Notify request callbacks */ ++ queue_remove_all(att->req_queue, NULL, NULL, disc_att_send_op); ++ queue_remove_all(att->ind_queue, NULL, NULL, disc_att_send_op); ++ queue_remove_all(att->write_queue, NULL, NULL, disc_att_send_op); ++ ++ att->in_disc = false; ++ + queue_foreach(att->disconn_list, disconn_handler, INT_TO_PTR(err)); + + bt_att_unregister_all(att); +@@ -1306,6 +1313,30 @@ static bool match_op_id(const void *a, const void *b) + return op->id == id; + } + ++static bool bt_att_disc_cancel(struct bt_att *att, unsigned int id) ++{ ++ struct att_send_op *op; ++ ++ op = queue_find(att->req_queue, match_op_id, UINT_TO_PTR(id)); ++ if (op) ++ goto done; ++ ++ op = queue_find(att->ind_queue, match_op_id, UINT_TO_PTR(id)); ++ if (op) ++ goto done; ++ ++ op = queue_find(att->write_queue, match_op_id, UINT_TO_PTR(id)); ++ ++done: ++ if (!op) ++ return false; ++ ++ /* Just cancel since disconnect_cb will be cleaning up */ ++ cancel_att_send_op(op); ++ ++ return true; ++} ++ + bool bt_att_cancel(struct bt_att *att, unsigned int id) + { + struct att_send_op *op; +@@ -1325,6 +1356,9 @@ bool bt_att_cancel(struct bt_att *att, unsigned int id) + return true; + } + ++ if (att->in_disc) ++ return bt_att_disc_cancel(att, id); ++ + op = queue_remove_if(att->req_queue, match_op_id, UINT_TO_PTR(id)); + if (op) + goto done; diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 46fca6c6030..a4a135b086c 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -53,6 +53,8 @@ source="https://busybox.net/downloads/$pkgname-$pkgver.tar.bz2 # 1.29.3-r10: # - CVE-2018-20679 # - CVE-2019-5747 +# 1.28.3-r2: +# - CVE-2018-1000500 # 1.27.2-r4: # - CVE-2017-16544 # - CVE-2017-15873 diff --git a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch new file mode 100644 index 00000000000..4a945a076ba --- /dev/null +++ b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch @@ -0,0 +1,38 @@ +From fd399b2416191bd7f3b0f267bdb530ed829de271 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 5 Feb 2020 17:40:57 +0100 +Subject: [PATCH 3/3] update-ca: insert newline between certs + +There may be certificates that lack a trailing newline, which is allowed +in the certificate format. We work around that by inject a newline after +each cert. + +see https://gitlab.alpinelinux.org/alpine/aports/issues/8379 +--- + update-ca.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/update-ca.c b/update-ca.c +index 2b3195b..0260f83 100644 +--- a/update-ca.c ++++ b/update-ca.c +@@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil + fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath); + if (!copyfile(fullpath, tmpfile_fd)) + fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath); ++ write(tmpfile_fd, "\n", 1); + free(actual_file); + } + +@@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path, + DIR *dp = opendir(path); + if (!dp) + return false; +- ++ + struct dirent *dirp; + while ((dirp = readdir(dp)) != NULL) { + if (str_begins(dirp->d_name, ".")) +-- +2.25.0 + diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD index a8a1b5456ee..b3d7084abcd 100644 --- a/main/ca-certificates/APKBUILD +++ b/main/ca-certificates/APKBUILD @@ -2,9 +2,9 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ca-certificates -pkgver=20190108 -pkgrel=0 -pkgdesc="Common CA certificates PEM files" +pkgver=20191127 +pkgrel=2 +pkgdesc="Common CA certificates PEM files from Mozilla" url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/" arch="all" license="MPL-2.0 GPL-2.0-or-later" @@ -16,12 +16,16 @@ replaces="libcrypto1.0 openssl openssl1.0" options="!fhs !check" triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d" install="$pkgname.post-deinstall" -source="https://git.alpinelinux.org/ca-certificates/snapshot/ca-certificates-$pkgver.tar.xz" +source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2 + 0003-update-ca-insert-newline-between-certs.patch + " builddir="$srcdir/ca-certificates-$pkgver" build() { cd "$builddir" make + # remove expired cert (https://gitlab.alpinelinux.org/alpine/aports/issues/11607) + rm AddTrust_External_Root.crt } package() { @@ -58,4 +62,5 @@ cacert() { "$subpkgdir"/etc/ssl/cert.pem } -sha512sums="7b022c3b3319ac4ebbf13f551626f3d60a5552014d564166165030ee799c2fd470c593fb7171732100089b17ad3d309abc73f2429967222676915cad46f95a8e ca-certificates-20190108.tar.xz" +sha512sums="05e3a11efd80ea88eb81774e084febe4b8d1fa48f01f49e5ed3d469e10a2769260a264faed42ea3a0b725659cda1cc4a67ce5575fe04cdff9dc1c08207911c9b ca-certificates-20191127.tar.bz2 +051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595 0003-update-ca-insert-newline-between-certs.patch" diff --git a/main/chrony/APKBUILD b/main/chrony/APKBUILD index 8327c29f690..d4e0add1481 100644 --- a/main/chrony/APKBUILD +++ b/main/chrony/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=chrony pkgver=3.4 -pkgrel=1 +pkgrel=2 _ver=${pkgver/_/-} pkgdesc="NTP client and server programs" url="https://chrony.tuxfamily.org" @@ -26,8 +26,16 @@ source="https://download.tuxfamily.org/$pkgname/$pkgname-$_ver.tar.gz chrony.logrotate chrony.conf timepps.h + + CVE-2020-14367.patch " builddir="$srcdir/$pkgname-$_ver" +options="!check" # line 82 of test/unit/util.c fails on all arches + +# secfixes: +# 3.4-r2: +# - CVE-2020-14367 + prepare() { default_prepare @@ -91,4 +99,5 @@ b26581ed32680585edea5b8163a0062a87f648394c0f363c77a7d01a36608fcf4d005d9e6ab179ed 60d6aab60132b11e82888b755a47aa6ae2949db07016b475e7bce53ed5083c888ab88f3b53e87bfa7396f0559f6870c28816b395361645dda157ab7649b28236 chronyd.initd ab38f06bf45888846778ad935e24abb30d13b6805e9a750bc694ff953695fa8c5b33aac560f5f7f96dc46031c1a38660e5c418b6fce6fb34a87908a9a3c99357 chrony.logrotate 0ae453fca3461b6e56a32a9eb6be0d448c39bf0279583222ab2fecef307e1113f082d4e86f957e4baac4f223c5c57804cdea97322678009f3413ab99d54694b6 chrony.conf -eb11fc19243d1789016d88eb7645bfe67c46304547781489bf36eb1dd4c252d523681ff835a6488fa0ef62b6b9e2f781c672279f4439f5d5640a3f214a113048 timepps.h" +eb11fc19243d1789016d88eb7645bfe67c46304547781489bf36eb1dd4c252d523681ff835a6488fa0ef62b6b9e2f781c672279f4439f5d5640a3f214a113048 timepps.h +777c5b83fac51424eaaf5e348e138389c449fcb03e382deebab727c6d265332ef3e1b7a168740b18ca669add05ba02c21a7c52edfdd442ed2b3893706098c343 CVE-2020-14367.patch" diff --git a/main/chrony/CVE-2020-14367.patch b/main/chrony/CVE-2020-14367.patch new file mode 100644 index 00000000000..f0e331bd97e --- /dev/null +++ b/main/chrony/CVE-2020-14367.patch @@ -0,0 +1,204 @@ +From f00fed20092b6a42283f29c6ee1f58244d74b545 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar <mlichvar@redhat.com> +Date: Thu, 6 Aug 2020 09:31:11 +0200 +Subject: [PATCH] main: create new file when writing pidfile + +When writing the pidfile, open the file with the O_CREAT|O_EXCL flags +to avoid following a symlink and writing the PID to an unexpected file, +when chronyd still has the root privileges. + +The Linux open(2) man page warns about O_EXCL not working as expected on +NFS versions before 3 and Linux versions before 2.6. Saving pidfiles on +a distributed filesystem like NFS is not generally expected, but if +there is a reason to do that, these old kernel and NFS versions are not +considered to be supported for saving files by chronyd. + +This is a minimal backport specific to this issue of the following +commits: +- commit 2fc8edacb810 ("use PATH_MAX") +- commit f4c6a00b2a11 ("logging: call exit() in LOG_Message()") +- commit 7a4c396bba8f ("util: add functions for common file operations") +- commit e18903a6b563 ("switch to new util file functions") + +Reported-by: Matthias Gerstner <mgerstner@suse.de> +--- + logging.c | 1 + + main.c | 10 ++---- + sysincl.h | 1 + + util.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + util.h | 11 +++++++ + 5 files changed, 111 insertions(+), 7 deletions(-) + +diff --git a/logging.c b/logging.c +index d2296e0..fd7f900 100644 +--- a/logging.c ++++ b/logging.c +@@ -171,6 +171,7 @@ void LOG_Message(LOG_Severity severity, + system_log = 0; + log_message(1, severity, buf); + } ++ exit(1); + break; + default: + assert(0); +diff --git a/main.c b/main.c +index 6ccf32e..8edb2e1 100644 +--- a/main.c ++++ b/main.c +@@ -281,13 +281,9 @@ write_pidfile(void) + if (!pidfile[0]) + return; + +- out = fopen(pidfile, "w"); +- if (!out) { +- LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno)); +- } else { +- fprintf(out, "%d\n", (int)getpid()); +- fclose(out); +- } ++ out = UTI_OpenFile(NULL, pidfile, NULL, 'W', 0644); ++ fprintf(out, "%d\n", (int)getpid()); ++ fclose(out); + } + + /* ================================================== */ +diff --git a/sysincl.h b/sysincl.h +index 296c5e6..873a3bd 100644 +--- a/sysincl.h ++++ b/sysincl.h +@@ -37,6 +37,7 @@ + #include <glob.h> + #include <grp.h> + #include <inttypes.h> ++#include <limits.h> + #include <math.h> + #include <netinet/in.h> + #include <pwd.h> +diff --git a/util.c b/util.c +index e7e3442..83b3b20 100644 +--- a/util.c ++++ b/util.c +@@ -1179,6 +1179,101 @@ UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid) + + /* ================================================== */ + ++static int ++join_path(const char *basedir, const char *name, const char *suffix, ++ char *buffer, size_t length, LOG_Severity severity) ++{ ++ const char *sep; ++ ++ if (!basedir) { ++ basedir = ""; ++ sep = ""; ++ } else { ++ sep = "/"; ++ } ++ ++ if (!suffix) ++ suffix = ""; ++ ++ if (snprintf(buffer, length, "%s%s%s%s", basedir, sep, name, suffix) >= length) { ++ LOG(severity, "File path %s%s%s%s too long", basedir, sep, name, suffix); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++/* ================================================== */ ++ ++FILE * ++UTI_OpenFile(const char *basedir, const char *name, const char *suffix, ++ char mode, mode_t perm) ++{ ++ const char *file_mode; ++ char path[PATH_MAX]; ++ LOG_Severity severity; ++ int fd, flags; ++ FILE *file; ++ ++ severity = mode >= 'A' && mode <= 'Z' ? LOGS_FATAL : LOGS_ERR; ++ ++ if (!join_path(basedir, name, suffix, path, sizeof (path), severity)) ++ return NULL; ++ ++ switch (mode) { ++ case 'r': ++ case 'R': ++ flags = O_RDONLY; ++ file_mode = "r"; ++ if (severity != LOGS_FATAL) ++ severity = LOGS_DEBUG; ++ break; ++ case 'w': ++ case 'W': ++ flags = O_WRONLY | O_CREAT | O_EXCL; ++ file_mode = "w"; ++ break; ++ case 'a': ++ case 'A': ++ flags = O_WRONLY | O_CREAT | O_APPEND; ++ file_mode = "a"; ++ break; ++ default: ++ assert(0); ++ return NULL; ++ } ++ ++try_again: ++ fd = open(path, flags, perm); ++ if (fd < 0) { ++ if (errno == EEXIST) { ++ if (unlink(path) < 0) { ++ LOG(severity, "Could not remove %s : %s", path, strerror(errno)); ++ return NULL; ++ } ++ DEBUG_LOG("Removed %s", path); ++ goto try_again; ++ } ++ LOG(severity, "Could not open %s : %s", path, strerror(errno)); ++ return NULL; ++ } ++ ++ UTI_FdSetCloexec(fd); ++ ++ file = fdopen(fd, file_mode); ++ if (!file) { ++ LOG(severity, "Could not open %s : %s", path, strerror(errno)); ++ close(fd); ++ return NULL; ++ } ++ ++ DEBUG_LOG("Opened %s fd=%d mode=%c", path, fd, mode); ++ ++ return file; ++} ++ ++/* ================================================== */ ++ + void + UTI_DropRoot(uid_t uid, gid_t gid) + { +diff --git a/util.h b/util.h +index e3d6767..a2481cc 100644 +--- a/util.h ++++ b/util.h +@@ -176,6 +176,17 @@ extern int UTI_CreateDirAndParents(const char *path, mode_t mode, uid_t uid, gid + permissions and its uid/gid must match the specified values. */ + extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid_t gid); + ++/* Open a file. The full path of the file is constructed from the basedir ++ (may be NULL), '/' (if basedir is not NULL), name, and suffix (may be NULL). ++ Created files have specified permissions (umasked). Returns NULL on error. ++ The following modes are supported (if the mode is an uppercase character, ++ errors are fatal): ++ r/R - open an existing file for reading ++ w/W - open a new file for writing (remove existing file) ++ a/A - open an existing file for appending (create if does not exist) */ ++extern FILE *UTI_OpenFile(const char *basedir, const char *name, const char *suffix, ++ char mode, mode_t perm); ++ + /* Set process user/group IDs and drop supplementary groups */ + extern void UTI_DropRoot(uid_t uid, gid_t gid); + diff --git a/main/collectd/APKBUILD b/main/collectd/APKBUILD index 4a996e4c7db..39de6acdaff 100644 --- a/main/collectd/APKBUILD +++ b/main/collectd/APKBUILD @@ -32,7 +32,7 @@ source="https://collectd.org/files/collectd-$pkgver.tar.bz2 builddir="$srcdir"/$pkgname-$pkgver -# security fixes: +# secfixes: # 5.5.2-r0: # - CVE-2016-6254 diff --git a/main/cups/APKBUILD b/main/cups/APKBUILD index 3c7166e23d1..127c7292d8a 100644 --- a/main/cups/APKBUILD +++ b/main/cups/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cups pkgver=2.2.12 -pkgrel=0 +pkgrel=1 pkgdesc="The CUPS Printing System" url="https://www.cups.org/" arch="all" @@ -20,10 +20,15 @@ source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-so cupsd.initd cups-no-export-ssllibs.patch default-config-no-gssapi.patch + CVE-2019-8842.patch + CVE-2020-3898.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 2.2.12-r1: +# - CVE-2019-8842 +# - CVE-2020-3898 # 2.2.12-r0: # - CVE-2019-8696 # - CVE-2019-8675 @@ -134,4 +139,6 @@ sha512sums="b8e7be512938ad388d469d093ad0c882ab42ea1408c27a91340f8424aa0e79e588df cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate 2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd 7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch -98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch" +98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch +1a6dc3560c78eef28cad977abde076c02791e34fc05e53ce3137ac4ff1feb2f6bae5f64ba8733f44280ac4273d825372b29b15da6bb179776496f62a7d06462d CVE-2019-8842.patch +560466d3721cd105ef1e6aa03d0cb6c55964e94f06fe80e2f8570d481941cfd03ac6940d0108e111ea7f4bee55460b93423975410890e105902c5a4ce3b79d77 CVE-2020-3898.patch" diff --git a/main/cups/CVE-2019-8842.patch b/main/cups/CVE-2019-8842.patch new file mode 100644 index 00000000000..2e1a212239a --- /dev/null +++ b/main/cups/CVE-2019-8842.patch @@ -0,0 +1,13 @@ +diff --git a/cups/ipp.c b/cups/ipp.c +index b0762fd..dba4f31 100644 +--- a/cups/ipp.c ++++ b/cups/ipp.c +@@ -2960,7 +2960,7 @@ ippReadIO(void *src, /* I - Data source */ + * Read 32-bit "extension" tag... + */ + +- if ((*cb)(src, buffer, 4) < 1) ++ if ((*cb)(src, buffer, 4) < 4) + { + DEBUG_puts("1ippReadIO: Callback returned EOF/error"); + _cupsBufferRelease((char *)buffer); diff --git a/main/cups/CVE-2020-3898.patch b/main/cups/CVE-2020-3898.patch new file mode 100644 index 00000000000..d797a0be1a2 --- /dev/null +++ b/main/cups/CVE-2020-3898.patch @@ -0,0 +1,14 @@ +diff --git a/cups/ppd.c b/cups/ppd.c +index 58d92c1..5bc7939 100644 +--- a/cups/ppd.c ++++ b/cups/ppd.c +@@ -1730,8 +1730,7 @@ _ppdOpen( + constraint->choice1, constraint->option2, + constraint->choice2)) + { +- case 0 : /* Error */ +- case 1 : /* Error */ ++ default : /* Error */ + pg->ppd_status = PPD_BAD_UI_CONSTRAINTS; + goto error; + diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD index 2ecf03e30ac..5abc6272a29 100644 --- a/main/curl/APKBUILD +++ b/main/curl/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=curl pkgver=7.64.0 -pkgrel=3 +pkgrel=5 pkgdesc="URL retrival utility and library" url="https://curl.haxx.se" arch="all" @@ -20,11 +20,19 @@ source="https://curl.haxx.se/download/$pkgname-$pkgver.tar.xz CVE-2019-5436.patch CVE-2019-5481.patch CVE-2019-5482.patch + CVE-2020-8169.patch + CVE-2020-8177.patch + CVE-2020-8231.patch " options="!check" # sftp tests failing builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 7.66.0-r5: +# - CVE-2020-8231 +# 7.64.0-r4: +# - CVE-2020-8169 +# - CVE-2020-8177 # 7.64.0-r3: # - CVE-2019-5481 # - CVE-2019-5482 @@ -64,11 +72,11 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2017-7468 # 7.53.1-r2: # - CVE-2017-7407 -# 7.53.0: +# 7.53.0-r0: # - CVE-2017-2629 -# 7.52.1: +# 7.52.1-r0: # - CVE-2016-9594 -# 7.51.0: +# 7.51.0-r0: # - CVE-2016-8615 # - CVE-2016-8616 # - CVE-2016-8617 @@ -80,15 +88,15 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2016-8623 # - CVE-2016-8624 # - CVE-2016-8625 -# 7.50.3: +# 7.50.3-r1: # - CVE-2016-7167 -# 7.50.2: +# 7.50.2-r1: # - CVE-2016-7141 -# 7.50.1: +# 7.50.1-r0: # - CVE-2016-5419 # - CVE-2016-5420 # - CVE-2016-5421 -# 7.36.0: +# 7.36.0-r0: # - CVE-2014-0138 # - CVE-2014-0139 @@ -132,4 +140,7 @@ sha512sums="953f1f5336ce5dfd1b9f933624432d401552d91ee02d39ecde6f023c956f99ec6aae c629a1b36920a3f8eab3321b0222e203f53f29e5947d39a0c32e0a7de2d8ab2182c3d6bbb0828847f2f353d1d3a15d85203e17ef74018a5c865a854d7a413fc3 CVE-2019-5435.patch 9ccb8d898530f14cf497b4d0ede3b28d6baac5fa0b867636219795cf748f0149a110a386d4212ff48781c2c37e03290f2afe47cc186bd606f569acfd48457a15 CVE-2019-5436.patch 37161e4d94cdb1add2216b031f70d7ae84451229dffe48ca9856bb311e88678f0e11baab6bb4da0386ed31e8467aa51fabaf6122f876ef9bc0003638d07f22cf CVE-2019-5481.patch -6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb CVE-2019-5482.patch" +6703658d9212bb87de22fabd996e8f8eb8c98aa4c015b1daa4c1a15f503c4a5530dafbcc1817032d973ef94ac29fe7b8ee16426e443b20d0bcdbe5d7f0209ffb CVE-2019-5482.patch +4950975d59bdf8398dd5f4b8338e5f76ae3752247be9054a28753351bcddb46f71a8bd601dba31da1b6b3fbbfbe6192f33a6500144d89f2cfdfb47161e3addba CVE-2020-8169.patch +250359963230de2970ab4a56d731312f0772d6f89672b4189e7d6aa8553cb9efd8808221f418a1b7778f7b9e52a45738451aec2d4a0e73e084a748cff1b3d6da CVE-2020-8177.patch +d5f4421e5ac6f89220d00fb156c803edbb64679e9064ca8328269eea3582ee7780f77522b5069a1288cc09e968567175c94139249cc337906243c95d0bc3e684 CVE-2020-8231.patch" diff --git a/main/curl/CVE-2020-8169.patch b/main/curl/CVE-2020-8169.patch new file mode 100644 index 00000000000..d89e21f4d79 --- /dev/null +++ b/main/curl/CVE-2020-8169.patch @@ -0,0 +1,21 @@ +diff --git a/lib/url.c b/lib/url.c +index 47fc66a..a826f8a 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Curl_easy *data, + + /* for updated strings, we update them in the URL */ + if(user_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } + if(passwd_changed) { +- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0); ++ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, ++ CURLU_URLENCODE); + if(uc) + return Curl_uc_to_curlcode(uc); + } diff --git a/main/curl/CVE-2020-8177.patch b/main/curl/CVE-2020-8177.patch new file mode 100644 index 00000000000..556dcc10ee6 --- /dev/null +++ b/main/curl/CVE-2020-8177.patch @@ -0,0 +1,50 @@ +diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c +index 3844904..1813cb3 100644 +--- a/src/tool_cb_hdr.c ++++ b/src/tool_cb_hdr.c +@@ -132,25 +132,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) + filename = parse_filename(p, len); + if(filename) { + if(outs->stream) { +- int rc; +- /* already opened and possibly written to */ +- if(outs->fopened) +- fclose(outs->stream); +- outs->stream = NULL; +- +- /* rename the initial file name to the new file name */ +- rc = rename(outs->filename, filename); +- if(rc != 0) { +- warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", +- outs->filename, filename, strerror(errno)); +- } +- if(outs->alloc_filename) +- Curl_safefree(outs->filename); +- if(rc != 0) { +- free(filename); +- return failure; +- } ++ /* indication of problem, get out! */ ++ free(filename); ++ return failure; + } ++ + outs->is_cd_filename = TRUE; + outs->s_isreg = TRUE; + outs->fopened = FALSE; +diff --git a/src/tool_getparam.c b/src/tool_getparam.c +index c7ba5f2..505b991 100644 +--- a/src/tool_getparam.c ++++ b/src/tool_getparam.c +@@ -1760,6 +1760,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ + } + break; + case 'i': ++ if(config->content_disposition) { ++ warnf(global, ++ "--include and --remote-header-name cannot be combined.\n"); ++ return PARAM_BAD_USE; ++ } + config->show_headers = toggle; /* show the headers as well in the + general output stream */ + break; diff --git a/main/curl/CVE-2020-8231.patch b/main/curl/CVE-2020-8231.patch new file mode 100644 index 00000000000..0d6a76d94d1 --- /dev/null +++ b/main/curl/CVE-2020-8231.patch @@ -0,0 +1,123 @@ +Based on https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8 + +Didn't apply cleanly, fixed up lib/urldata.h and lib/url.c, ignored 2 changes in lib/multi.c +that refer to things that do not yet exist in this version of curl + +diff --git a/lib/connect.c b/lib/connect.c +index 0a7475c..b3d4057 100644 +--- a/lib/connect.c ++++ b/lib/connect.c +@@ -1356,15 +1356,15 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */ + } + + struct connfind { +- struct connectdata *tofind; +- bool found; ++ long id_tofind; ++ struct connectdata *found; + }; + + static int conn_is_conn(struct connectdata *conn, void *param) + { + struct connfind *f = (struct connfind *)param; +- if(conn == f->tofind) { +- f->found = TRUE; ++ if(conn->connection_id == f->id_tofind) { ++ f->found = conn; + return 1; + } + return 0; +@@ -1386,21 +1386,22 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data, + * - that is associated with a multi handle, and whose connection + * was detached with CURLOPT_CONNECT_ONLY + */ +- if(data->state.lastconnect && (data->multi_easy || data->multi)) { +- struct connectdata *c = data->state.lastconnect; ++ if((data->state.lastconnect_id != -1) && (data->multi_easy || data->multi)) { ++ struct connectdata *c; + struct connfind find; +- find.tofind = data->state.lastconnect; +- find.found = FALSE; ++ find.id_tofind = data->state.lastconnect_id; ++ find.found = NULL; + + Curl_conncache_foreach(data, data->multi_easy? + &data->multi_easy->conn_cache: + &data->multi->conn_cache, &find, conn_is_conn); + + if(!find.found) { +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + return CURL_SOCKET_BAD; + } + ++ c = find.found; + if(connp) { + /* only store this if the caller cares for it */ + *connp = c; +diff --git a/lib/easy.c b/lib/easy.c +index b648e80..7b0ea9a 100644 +--- a/lib/easy.c ++++ b/lib/easy.c +@@ -831,8 +831,7 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) + + /* the connection cache is setup on demand */ + outcurl->state.conn_cache = NULL; +- +- outcurl->state.lastconnect = NULL; ++ outcurl->state.lastconnect_id = -1; + + outcurl->progress.flags = data->progress.flags; + outcurl->progress.callback = data->progress.callback; +diff --git a/lib/multi.c b/lib/multi.c +index e10e752..02687dd 100644 +--- a/lib/multi.c ++++ b/lib/multi.c +@@ -454,6 +454,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, + data->state.conn_cache = &data->share->conn_cache; + else + data->state.conn_cache = &multi->conn_cache; ++ data->state.lastconnect_id = -1; + + #ifdef USE_LIBPSL + /* Do the same for PSL. */ +@@ -669,11 +670,11 @@ static CURLcode multi_done(struct Curl_easy *data, + CONN_UNLOCK(data); + if(Curl_conncache_return_conn(data, conn)) { + /* remember the most recently used connection */ +- data->state.lastconnect = conn; ++ data->state.lastconnect_id = conn->connection_id; + infof(data, "%s\n", buffer); + } + else +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + } + + Curl_free_request_state(data); +diff --git a/lib/url.c b/lib/url.c +index 47fc66a..f0a880f 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -617,7 +617,7 @@ CURLcode Curl_open(struct Curl_easy **curl) + Curl_initinfo(data); + + /* most recent connection is not yet defined */ +- data->state.lastconnect = NULL; ++ data->state.lastconnect_id = -1; + + data->progress.flags |= PGRS_HIDE; + data->state.current_speed = -1; /* init to negative == impossible */ +diff --git a/lib/urldata.h b/lib/urldata.h +index fbb8b64..6586986 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1332,7 +1332,7 @@ struct UrlState { + /* buffers to store authentication data in, as parsed from input options */ + struct curltime keeps_speed; /* for the progress meter really */ + +- struct connectdata *lastconnect; /* The last connection, NULL if undefined */ ++ long lastconnect_id; /* The last connection, -1 if undefined */ + + char *headerbuff; /* allocated buffer to store headers in */ + size_t headersize; /* size of the allocation */ diff --git a/main/dahdi-linux-vanilla/APKBUILD b/main/dahdi-linux-vanilla/APKBUILD index 1f21065eb33..b2f9c627893 100644 --- a/main/dahdi-linux-vanilla/APKBUILD +++ b/main/dahdi-linux-vanilla/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/dbus/APKBUILD b/main/dbus/APKBUILD index ee9fdc492a0..fae169cfdab 100644 --- a/main/dbus/APKBUILD +++ b/main/dbus/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dbus pkgver=1.10.28 -pkgrel=0 +pkgrel=1 pkgdesc="Freedesktop.org message bus system" url="http://www.freedesktop.org/Software/dbus" pkggroups="messagebus" @@ -17,12 +17,15 @@ makedepends="$depends_dev expat-dev libx11-dev autoconf automake libtool xmlto install="$pkgname.pre-install $pkgname.post-install" source="https://dbus.freedesktop.org/releases/dbus/dbus-$pkgver.tar.gz fix-int64-print.patch + CVE-2020-12049.patch $pkgname.initd " # secfixes: +# 1.12.28-r1: +# - CVE-2020-12049 # 1.10.28-r0: -# - CVE-2019-12749 +# - CVE-2019-12749 prepare() { default_prepare @@ -75,4 +78,5 @@ x11() { sha512sums="d699e5c115dd33c7667c32bf66db0a211e98678ba4b6a155541a705af2819cd45868ca9d33d57a2df7fb1a1ac072e09c8607157a7cd3f8664292c118ae164f61 dbus-1.10.28.tar.gz 5f07d8cb377ab80c927a77236c3f3437f08351161e594c62a1ad43f0324c2dba3cc98d50257ae27b9a4f5148571c5f26f35db8b40f13c72e92f267d5356c87f0 fix-int64-print.patch +f05e2d14f072da81186e8a70d0895b37ee8f17c566b71865a72419218562e0f08544b7ea04daf6682dec5ff9ebab440c015f57a05abfb93610ec77caf9c2da97 CVE-2020-12049.patch df74e7d6a4f76f777d356e94bd23422b17656aa51a5b2d3c655fcabb32c84f2f06b9f5cd8827920d51842f89e8c0d968a6e723315e4bf216e55711fcda9b0ee9 dbus.initd" diff --git a/main/dbus/CVE-2020-12049.patch b/main/dbus/CVE-2020-12049.patch new file mode 100644 index 00000000000..f1b04b4a650 --- /dev/null +++ b/main/dbus/CVE-2020-12049.patch @@ -0,0 +1,103 @@ +This is a combination of + +https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748.patch +https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5.patch + +Applied against the 1.10 tree (the commits are for 1.12) + +diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c +index b730971..4b0e390 100644 +--- a/dbus/dbus-sysdeps-unix.c ++++ b/dbus/dbus-sysdeps-unix.c +@@ -432,18 +432,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, + struct cmsghdr *cm; + dbus_bool_t found = FALSE; + +- if (m.msg_flags & MSG_CTRUNC) +- { +- /* Hmm, apparently the control data was truncated. The bad +- thing is that we might have completely lost a couple of fds +- without chance to recover them. Hence let's treat this as a +- serious error. */ +- +- errno = ENOSPC; +- _dbus_string_set_length (buffer, start); +- return -1; +- } +- + for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) + if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) + { +@@ -498,6 +486,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd, + if (!found) + *n_fds = 0; + ++ if (m.msg_flags & MSG_CTRUNC) ++ { ++ unsigned int i; ++ ++ /* Hmm, apparently the control data was truncated. The bad ++ thing is that we might have completely lost a couple of fds ++ without chance to recover them. Hence let's treat this as a ++ serious error. */ ++ ++ /* We still need to close whatever fds we *did* receive, ++ * otherwise they'll never get closed. (CVE-2020-12049) */ ++ for (i = 0; i < *n_fds; i++) ++ close (fds[i]); ++ ++ *n_fds = 0; ++ errno = ENOSPC; ++ _dbus_string_set_length (buffer, start); ++ return -1; ++ } ++ + /* put length back (doesn't actually realloc) */ + _dbus_string_set_length (buffer, start + bytes_read); + +diff --git a/test/fdpass.c b/test/fdpass.c +index 665b4a1..d8d9c67 100644 +--- a/test/fdpass.c ++++ b/test/fdpass.c +@@ -50,6 +50,14 @@ + + #include "test-utils-glib.h" + ++#ifdef DBUS_ENABLE_EMBEDDED_TESTS ++#include <dbus/dbus-message-internal.h> ++#else ++typedef struct _DBusInitialFDs DBusInitialFDs; ++#define _dbus_check_fdleaks_enter() NULL ++#define _dbus_check_fdleaks_leave(fds) do {} while (0) ++#endif ++ + /* Arbitrary; included here to avoid relying on the default */ + #define MAX_MESSAGE_UNIX_FDS 20 + /* This test won't work on Linux unless this is true. */ +@@ -91,6 +99,7 @@ typedef struct { + GQueue messages; + + int fd_before; ++ DBusInitialFDs *initial_fds; + } Fixture; + + static void oom (const gchar *doing) G_GNUC_NORETURN; +@@ -172,6 +181,8 @@ test_connect (Fixture *f, + { + char *address; + ++ f->initial_fds = _dbus_check_fdleaks_enter (); ++ + g_assert (f->left_server_conn == NULL); + g_assert (f->right_server_conn == NULL); + +@@ -835,6 +846,9 @@ teardown (Fixture *f, + if (f->fd_before >= 0 && close (f->fd_before) < 0) + g_error ("%s", g_strerror (errno)); + #endif ++ ++ if (f->initial_fds != NULL) ++ _dbus_check_fdleaks_leave (f->initial_fds); + } + + int diff --git a/main/devicemaster-linux-vanilla/APKBUILD b/main/devicemaster-linux-vanilla/APKBUILD index 87a4264943b..5bbcf9f019e 100644 --- a/main/devicemaster-linux-vanilla/APKBUILD +++ b/main/devicemaster-linux-vanilla/APKBUILD @@ -7,7 +7,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD index 8203823d11f..3ca3451bfca 100644 --- a/main/dovecot/APKBUILD +++ b/main/dovecot/APKBUILD @@ -4,10 +4,10 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dovecot -pkgver=2.3.7.2 +pkgver=2.3.10.1 _pkgvermajor=2.3 pkgrel=1 -_pigeonholever=0.5.7.2 +_pigeonholever=0.5.10 _pigeonholevermajor=${_pigeonholever%.*} pkgdesc="IMAP and POP3 server" url="https://www.dovecot.org/" @@ -61,6 +61,8 @@ source="https://www.dovecot.org/releases/$_pkgvermajor/$pkgname-$pkgver.tar.gz skip-iconv-check.patch split-protocols.patch default-config.patch + CVE-2020-12673.patch + CVE-2020-12674.patch dovecot.logrotate dovecot.initd " @@ -68,6 +70,15 @@ builddir="$srcdir/$pkgname-$pkgver" _builddir_pigeonhole="$srcdir/$pkgname-$_pkgvermajor-pigeonhole-$_pigeonholever" # secfixes: +# 2.3.10.1-r1: +# - CVE-2020-12673 +# - CVE-2020-12674 +# 2.3.10.1-r0: +# - CVE-2020-10957 +# - CVE-2020-10958 +# - CVE-2020-10967 +# - CVE-2020-7046 +# - CVE-2020-7957 # 2.3.7.2-r0: # - CVE-2019-11500 # 2.3.6-r0: @@ -303,10 +314,12 @@ _submv() { done } -sha512sums="172f7f0edb884259e4c050607510aee67a35c3a20b7dd147e7c8a25a04921c18f7d6b5c85af2c69ae8c4d53791550970e471b033dbfae94253e331053b6a317d dovecot-2.3.7.2.tar.gz -7fc8d89ee31c8e8c16a9aeaeffb591f4188de36fc80e3a30a9ae10bc5acd7ea5d5d91e077fda566e61d588d9221ec53044ce17a9cc0c9c219dbe6824558a1d60 dovecot-2.3-pigeonhole-0.5.7.2.tar.gz +sha512sums="5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 dovecot-2.3.10.1.tar.gz +f3d380edba4d25d20ee52db21d2965e3a6b229924e9a04fbf45cfe32e1d25448977ee41b12ba41ad8cf8b795f19bb1dbef1d7d09e775598d782123268f61dc8b dovecot-2.3-pigeonhole-0.5.10.tar.gz fe4fbeaedb377d809f105d9dbaf7c1b961aa99f246b77189a73b491dc1ae0aa9c68678dde90420ec53ec877c08f735b42d23edb13117d7268420e001aa30967a skip-iconv-check.patch 794875dbf0ded1e82c5c3823660cf6996a7920079149cd8eed54231a53580d931b966dfb17185ab65e565e108545ecf6591bae82f935ab1b6ff65bb8ee93d7d5 split-protocols.patch 0d8f89c7ba6f884719b5f9fc89e8b2efbdc3e181de308abf9b1c1b0e42282f4df72c7bf62f574686967c10a8677356560c965713b9d146e2770aab17e95bcc07 default-config.patch +54d5b1bfbc9fcdc00a5c943420bcbbfc8f0107ab2ff160ef0b2f73093a23766e0fcdb4cfc7944def40526414f97aff818cac6bdec155a6f3962f477b210a8ed5 CVE-2020-12673.patch +3599ca53dff1234dcea483006a82ec7276c1feee8df4f1df50f0b080202e351dd34e011af1bbdbdce1d9db54761beb0890b0be6e4ce7ed86e62513896c072e0c CVE-2020-12674.patch 9f19698ab45969f1f94dc4bddf6de59317daee93c9421c81f2dbf8a7efe6acf89689f1d30f60f536737bb9526c315215d2bce694db27e7b8d7896036a59c31f0 dovecot.logrotate d91951b81150d7a3ef6a674c0dc7b012f538164dac4b9d27a6801d31da6813b764995a438f69b6a680463e1b60a3b4f2959654f68e565fe116ea60312d5e5e70 dovecot.initd" diff --git a/main/dovecot/CVE-2020-12673.patch b/main/dovecot/CVE-2020-12673.patch new file mode 100644 index 00000000000..9dd26e0350f --- /dev/null +++ b/main/dovecot/CVE-2020-12673.patch @@ -0,0 +1,31 @@ +From fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi <aki.tuomi@open-xchange.com> +Date: Mon, 18 May 2020 12:33:39 +0300 +Subject: [PATCH] lib-ntlm: Check buffer length on responses + +Add missing check for buffer length. + +If this is not checked, it is possible to send message which +causes read past buffer bug. + +Broken in c7480644202e5451fbed448508ea29a25cffc99c +--- + src/lib-ntlm/ntlm-message.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/lib-ntlm/ntlm-message.c b/src/lib-ntlm/ntlm-message.c +index 160b9f918c..a29413b47e 100644 +--- a/src/lib-ntlm/ntlm-message.c ++++ b/src/lib-ntlm/ntlm-message.c +@@ -184,6 +184,11 @@ static bool ntlmssp_check_buffer(const struct ntlmssp_buffer *buffer, + if (length == 0 && space == 0) + return TRUE; + ++ if (length > data_size) { ++ *error = "buffer length out of bounds"; ++ return FALSE; ++ } ++ + if (offset >= data_size) { + *error = "buffer offset out of bounds"; + return FALSE; diff --git a/main/dovecot/CVE-2020-12674.patch b/main/dovecot/CVE-2020-12674.patch new file mode 100644 index 00000000000..a9dca2a82dd --- /dev/null +++ b/main/dovecot/CVE-2020-12674.patch @@ -0,0 +1,22 @@ +From 69ad3c902ea4bbf9f21ab1857d8923f975dc6145 Mon Sep 17 00:00:00 2001 +From: Aki Tuomi <aki.tuomi@open-xchange.com> +Date: Wed, 6 May 2020 13:40:36 +0300 +Subject: [PATCH] auth: mech-rpa - Fail on zero len buffer + +--- + src/auth/mech-rpa.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auth/mech-rpa.c b/src/auth/mech-rpa.c +index 08298ebdd6..2de8705b4f 100644 +--- a/src/auth/mech-rpa.c ++++ b/src/auth/mech-rpa.c +@@ -224,7 +224,7 @@ rpa_read_buffer(pool_t pool, const unsigned char **data, + return 0; + + len = *p++; +- if (p + len > end) ++ if (p + len > end || len == 0) + return 0; + + *buffer = p_malloc(pool, len); diff --git a/main/drbd9-vanilla/APKBUILD b/main/drbd9-vanilla/APKBUILD index 02df33e9720..ae51e4c86fd 100644 --- a/main/drbd9-vanilla/APKBUILD +++ b/main/drbd9-vanilla/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kabi="$_kver-$_krel-$_flavor" _kpkgver="$_kver-r$_krel" diff --git a/main/dropbear/APKBUILD b/main/dropbear/APKBUILD index 570be697301..8d0fb472be7 100644 --- a/main/dropbear/APKBUILD +++ b/main/dropbear/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dropbear pkgver=2018.76 -pkgrel=2 +pkgrel=3 pkgdesc="small SSH 2 client/server designed for small memory environments" url="http://matt.ucc.asn.au/dropbear/dropbear.html" arch="all" @@ -23,9 +23,12 @@ source="https://matt.ucc.asn.au/dropbear/releases/${pkgname}-${pkgver}.tar.bz2 dropbear-0.53.1-static_build_fix.patch dropbear-options_sftp-server_path.patch CVE-2018-15599.patch + CVE-2018-20685.patch " # secfixes: +# 2018.76-r3: +# - CVE-2018-20685 # 2018.76-r2: # - CVE-2018-15599 @@ -89,4 +92,5 @@ sha512sums="82323279f7e78c366ba1ea07ff242259132b2576122429f54326518dd6092aba8ae5 83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f dropbear.confd c9b0f28eb9653de21da4e8646fc27870a156112bce3d8a13baa6154ebf4baada3dee4f75bd5fdf5b6cd24a43fb80fb009e917d139d9e65d35118b082de0ebfbf dropbear-0.53.1-static_build_fix.patch e11456ec3bc7e1265727c8921a6eb6151712a9a498c7768e2d4b7f9043256099457cebf29b2d47dd61eb260746d97f4b19e9429443bda1c3e441ea50ced79b48 dropbear-options_sftp-server_path.patch -f204c2ee5aea8c0962573c4c49479ac17e9f6a9ab9ce21060a252b449323be841c1e64460f0e191fc72c6e213ffe829544418715d120a8f6c40de7b6374428e0 CVE-2018-15599.patch" +f204c2ee5aea8c0962573c4c49479ac17e9f6a9ab9ce21060a252b449323be841c1e64460f0e191fc72c6e213ffe829544418715d120a8f6c40de7b6374428e0 CVE-2018-15599.patch +6f17cf2b344b97457d2e0c1588fd285fac9757aa5e46aa2c103783978cc5fd9f7085aba36e7409270380d1250a277b43b0f5ff860d157148c6c28a0bbcbdce4c CVE-2018-20685.patch" diff --git a/main/dropbear/CVE-2018-20685.patch b/main/dropbear/CVE-2018-20685.patch new file mode 100644 index 00000000000..a8ea2af85b4 --- /dev/null +++ b/main/dropbear/CVE-2018-20685.patch @@ -0,0 +1,23 @@ +From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier <contact+github.com@hacktivis.me> +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 742ae00f..7b8e7d22 100644 +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + }
\ No newline at end of file diff --git a/main/freetype/APKBUILD b/main/freetype/APKBUILD index c4363e5414c..bcee7aed1d8 100644 --- a/main/freetype/APKBUILD +++ b/main/freetype/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=freetype pkgver=2.9.1 -pkgrel=2 +pkgrel=3 pkgdesc="TrueType font rendering library" url="https://www.freetype.org/" arch="all" @@ -15,9 +15,12 @@ subpackages="$pkgname-static $pkgname-dev $pkgname-doc" source="https://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.bz2 0001-Enable-table-validation-modules.patch subpixel.patch + CVE-2020-15999.patch " # secfixes: +# 2.9.1-r3: +# - CVE-2020-15999 # 2.9-r1: # - CVE-2018-6942 # 2.7.1-r1: @@ -56,4 +59,5 @@ package() { sha512sums="856766e1f3f4c7dc8afb2b5ee991138c8b642c6a6e5e007cd2bc04ae58bde827f082557cf41bf541d97e8485f7fd064d10390d1ee597f19d1daed6c152e27708 freetype-2.9.1.tar.bz2 41a84be2631b53072a76b78c582575aa48b650ee7b00017d018381002bc25df10cf33da4954c95ef50db39f1fa566678e3b4ae9bfee1dfd705423fb53e53e494 0001-Enable-table-validation-modules.patch -6206ecbf733e47beeacd8dcec747be46ee74beffe9955ba11d61ccd81a7da6fe4bef81e15f2da8a57ded6245dc41b865f1297f120c2e332f643a43e18db99394 subpixel.patch" +6206ecbf733e47beeacd8dcec747be46ee74beffe9955ba11d61ccd81a7da6fe4bef81e15f2da8a57ded6245dc41b865f1297f120c2e332f643a43e18db99394 subpixel.patch +fe697a15777b44bb36c705aa4e13f352329c418de89e3d457381d0852ca2931dfa6d6b6ebc6c59322ba2af94e956f06a31e25f0d57db139f5ba2ce79fa5a8fd9 CVE-2020-15999.patch" diff --git a/main/freetype/CVE-2020-15999.patch b/main/freetype/CVE-2020-15999.patch new file mode 100644 index 00000000000..067aa7e4605 --- /dev/null +++ b/main/freetype/CVE-2020-15999.patch @@ -0,0 +1,48 @@ +From a3bab162b2ae616074c8877a04556932998aeacd Mon Sep 17 00:00:00 2001 +From: Werner Lemberg <wl@gnu.org> +Date: Mon, 19 Oct 2020 23:45:28 +0200 +Subject: [sfnt] Fix heap buffer overflow (#59308). + +This is CVE-2020-15999. + +* src/sfnt/pngshim.c (Load_SBit_Png): Test bitmap size earlier. +--- + src/sfnt/pngshim.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/sfnt/pngshim.c b/src/sfnt/pngshim.c +index 2e64e5846..f55016122 100644 +--- a/src/sfnt/pngshim.c ++++ b/src/sfnt/pngshim.c +@@ -332,6 +332,13 @@ + + if ( populate_map_and_metrics ) + { ++ /* reject too large bitmaps similarly to the rasterizer */ ++ if ( imgHeight > 0x7FFF || imgWidth > 0x7FFF ) ++ { ++ error = FT_THROW( Array_Too_Large ); ++ goto DestroyExit; ++ } ++ + metrics->width = (FT_UShort)imgWidth; + metrics->height = (FT_UShort)imgHeight; + +@@ -340,13 +347,6 @@ + map->pixel_mode = FT_PIXEL_MODE_BGRA; + map->pitch = (int)( map->width * 4 ); + map->num_grays = 256; +- +- /* reject too large bitmaps similarly to the rasterizer */ +- if ( map->rows > 0x7FFF || map->width > 0x7FFF ) +- { +- error = FT_THROW( Array_Too_Large ); +- goto DestroyExit; +- } + } + + /* convert palette/gray image to rgb */ +-- +cgit v1.2.1 + + diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD index 9a5ffe91c04..a8abc50656a 100644 --- a/main/gd/APKBUILD +++ b/main/gd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=gd pkgver=2.2.5 -pkgrel=3 +pkgrel=4 _pkgreal=lib$pkgname pkgdesc="Library for the dynamic creation of images by programmers" url="https://libgd.github.io/" @@ -13,7 +13,9 @@ makedepends="bash libpng-dev libjpeg-turbo-dev libwebp-dev freetype-dev zlib-dev subpackages="$pkgname-dev $_pkgreal:libs" source="https://github.com/$_pkgreal/$_pkgreal/releases/download/$pkgname-$pkgver/$_pkgreal-$pkgver.tar.xz CVE-2018-1000222.patch + CVE-2018-14553.patch CVE-2018-5711.patch + CVE-2019-11038.patch CVE-2019-6977.patch CVE-2019-6978.patch " @@ -23,12 +25,15 @@ case "$CARCH" in esac # secfixes: +# 2.2.5-r3: +# - CVE-2018-14553 +# - CVE-2019-11038 # 2.2.5-r2: -# - CVE-2018-5711 -# - CVE-2019-6977 -# - CVE-2019-6978 +# - CVE-2018-5711 +# - CVE-2019-6977 +# - CVE-2019-6978 # 2.2.5-r1: -# - CVE-2018-1000222 +# - CVE-2018-1000222 build() { cd "$builddir" @@ -62,6 +67,8 @@ dev() { sha512sums="e4598e17a277a75e02255402182cab139cb3f2cffcd68ec05cc10bbeaf6bc7aa39162c3445cd4a7efc1a26b72b9152bbedb187351e3ed099ea51767319997a6b libgd-2.2.5.tar.xz d12462f1b159d50b9032435e9767a5d76e1797a88be950ed33dda7aa17005b7cb60560d04b9520e46d8111e1669d42ce28cb2c508f9c8825d545ac0335d2a10b CVE-2018-1000222.patch +9bf1677d69d04f41eba48b48e853ad706f3097edb1a96c3b681b516708be0ba199c463e7b3e44f52921e14028a7c4d74977d66e7f456b9f96d935ce9db342c0e CVE-2018-14553.patch b23929f10ad75fa97d2ff797ef44d185cfe6de4f26b649e8e507b6fc41ebdb527ab4633d10df955c92d677428d9ed1707d9997954a1bcfb0070995191211d886 CVE-2018-5711.patch +a56397fb310c94d4dc9c565dcec17ffd7411e1957ba45f1093e9fffad74192c244b1ef4f9d954c052f589fd5b4d1cc37ca5d53d8db569cee09a7bdc38bfc4eaf CVE-2019-11038.patch 5214ac4148c618f3fef3bb3b6675e41a76e31465cd8dac326ee99dc1ae4cfe760749997d2941743efa48e79b8dbdb536d6b6d79d9bc4e5363f2c50da52ab5cac CVE-2019-6977.patch 2f70f041b531a23d0bac5c5370a3fb135ca8facaa7baf1554baf35135cc9c6e21de9c09400d939e133ad090b9aa23fa901ea7b5cd9ea20d11edc38257601eb97 CVE-2019-6978.patch" diff --git a/main/gd/CVE-2018-14553.patch b/main/gd/CVE-2018-14553.patch new file mode 100644 index 00000000000..816bd9ccc96 --- /dev/null +++ b/main/gd/CVE-2018-14553.patch @@ -0,0 +1,32 @@ +From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com> +Date: Fri, 20 Dec 2019 12:03:33 -0300 +Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone() + +diff --git a/src/gd.c b/src/gd.c +index 592a0286..d564d1f9 100644 +--- a/src/gd.c ++++ b/src/gd.c +@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + } + } + +- if (src->styleLength > 0) { +- dst->styleLength = src->styleLength; +- dst->stylePos = src->stylePos; +- for (i = 0; i < src->styleLength; i++) { +- dst->style[i] = src->style[i]; +- } +- } +- + dst->interlace = src->interlace; + + dst->alphaBlendingFlag = src->alphaBlendingFlag; +@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) { + + if (src->style) { + gdImageSetStyle(dst, src->style, src->styleLength); ++ dst->stylePos = src->stylePos; + } + + for (i = 0; i < gdMaxColors; i++) { diff --git a/main/gd/CVE-2019-11038.patch b/main/gd/CVE-2019-11038.patch new file mode 100644 index 00000000000..1ccb9c1c153 --- /dev/null +++ b/main/gd/CVE-2019-11038.patch @@ -0,0 +1,36 @@ +From e13a342c079aeb73e31dfa19eaca119761bac3f3 Mon Sep 17 00:00:00 2001 +From: Jonas Meurer <jonas@freesources.org> +Date: Tue, 11 Jun 2019 12:16:46 +0200 +Subject: [PATCH] Fix #501: Uninitialized read in gdImageCreateFromXbm + (CVE-2019-11038) + +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11038 +Bug-Debian: https://bugs.debian.org/929821 +Bug: https://github.com/libgd/libgd/issues/501 + +We have to ensure that `sscanf()` does indeed read a hex value here, +and bail out otherwise. + +Original patch by Christoph M. Becker <cmbecker69@gmx.de> for PHP libgd ext. +https://git.php.net/?p=php-src.git;a=commit;h=ed6dee9a198c904ad5e03113e58a2d2c200f5184 +--- + src/gd_xbm.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/gd_xbm.c b/src/gd_xbm.c +index 4ca41acf..cf0545ef 100644 +--- a/src/gd_xbm.c ++++ b/src/gd_xbm.c +@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) + } + h[3] = ch; + } +- sscanf(h, "%x", &b); ++ if (sscanf(h, "%x", &b) != 1) { ++ gd_error("invalid XBM"); ++ gdImageDestroy(im); ++ return 0; ++ } + for (bit = 1; bit <= max_bit; bit = bit << 1) { + gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); + if (x == im->sx) { diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD index 0af06a69769..978938f8b9c 100644 --- a/main/ghostscript/APKBUILD +++ b/main/ghostscript/APKBUILD @@ -12,7 +12,6 @@ makedepends="autoconf automake libjpeg-turbo-dev libpng-dev jasper-dev expat-dev cups-dev libtool jbig2dec-dev openjpeg-dev" subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-gtk" source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${pkgver/./}/ghostscript-$pkgver.tar.gz - https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/0001-Bug700317-Address-.force-operators-exposure.tgz CVE-2019-6116.patch CVE-2019-3835.patch CVE-2019-3838.patch @@ -41,8 +40,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2019-3835 # - CVE-2019-3838 # - CVE-2019-6116 -# 9.26-r1: -# - CVE-2019-6116 # 9.26-r0: # - CVE-2018-19409 # - CVE-2018-19475 @@ -149,7 +146,6 @@ gtk() { } sha512sums="670159c23618ffafa85c671642bf182a107a82c053a1fd8c3f45f73f203524077be1b212d2ddbabae7892c7713922877e03b020f78bd2aab1ae582c4fc7d820a ghostscript-9.26.tar.gz -289d916a0b0da410e6f721e42bc44659c91c66ca0f7b96b1a6b010ae1c25e47788e282edc3578b4e4b120a2c684c7b1fd4cc574084bdc9cbbf6e431a01fbae0e 0001-Bug700317-Address-.force-operators-exposure.tgz 78564c1dd878cb6a924663cb5d61901a413a867dedc8753e537e08a4da9cc0aaeb817bab266fd66e5d0e871d9ed6078af6e6f455b5426e0917875682d76638f5 CVE-2019-6116.patch 31769852e75be4e1cd0e7c3f43cc7b3457bf9ba505fc2a5acda53779cc5626854bf15fef3e225f3d922f4038dd18c598dbac30abb863159202e4d0fe02c02d3b CVE-2019-3835.patch dc3bd1de86e4a968ed35a35a125f682cffeed51fe4dbf9b3939dd78b07ef0748fe6b34816e689bcfffb4f819e51bcb5022f3151a5610aa24fd2468cdcbc665ea CVE-2019-3838.patch diff --git a/main/git/APKBUILD b/main/git/APKBUILD index 1afbb4ff75b..1d002fc2784 100644 --- a/main/git/APKBUILD +++ b/main/git/APKBUILD @@ -2,27 +2,31 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> # # secfixes: -# 2.20.2: -# - CVE-2019-1348 -# - CVE-2019-1349 -# - CVE-2019-1350 -# - CVE-2019-1351 -# - CVE-2019-1352 -# - CVE-2019-1353 -# - CVE-2019-1354 -# - CVE-2019-1387 -# 2.19.1: -# - CVE-2018-17456 -# 2.17.1: -# - CVE-2018-11233 -# - CVE-2018-11235 -# 2.14.1: -# - CVE-2017-1000117 +# 2.20.4-r0: +# - CVE-2020-11008 +# 2.20.3-r0: +# - CVE-2020-5260 +# 2.20.2-r0: +# - CVE-2019-1348 +# - CVE-2019-1349 +# - CVE-2019-1350 +# - CVE-2019-1351 +# - CVE-2019-1352 +# - CVE-2019-1353 +# - CVE-2019-1354 +# - CVE-2019-1387 +# 2.19.1-r0: +# - CVE-2018-17456 +# 2.17.1-r0: +# - CVE-2018-11233 +# - CVE-2018-11235 +# 2.14.1-r0: +# - CVE-2017-1000117 pkgname=git -pkgver=2.20.2 +pkgver=2.20.4 pkgrel=0 pkgdesc="Distributed version control system" -url="https://www.git-scm.com" +url="https://www.git-scm.com/" arch="all" license="GPL-2.0-or-later" depends="" @@ -275,7 +279,7 @@ _perl_config() { perl -e "use Config; print \$Config{$1};" } -sha512sums="9c267d17fa73a81339d6d20ccc42cea70607aab759eee21aa58a4690cbb0987f7bf50a617a0831273b5de8ca8604d6d86c2fb780510702e710aae72e20bb2ff7 git-2.20.2.tar.xz +sha512sums="271d0c238cb892ecef542e56ccbfc50cbc2bade12f4771f7aa1bacecfbcd15d116bd20986861101545be985aca3a45bc49fb63742ac48cac463e3564b243da08 git-2.20.4.tar.xz 85767b5e03137008d6a96199e769e3979f75d83603ac8cb13a3481a915005637409a4fd94e0720da2ec6cd1124f35eba7cf20109a94816c4b4898a81fbc46bd2 bb-tar.patch 89528cdd14c51fd568aa61cf6c5eae08ea0844e59f9af9292da5fc6c268261f4166017d002d494400945e248df6b844e2f9f9cd2d9345d516983f5a110e4c42a git-daemon.initd fbf1f425206a76e2a8f82342537ed939ff7e623d644c086ca2ced5f69b36734695f9f80ebda1728f75a94d6cd2fcb71bf845b64239368caab418e4d368c141ec git-daemon.confd" diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD index 7e83be5b918..c3557566936 100644 --- a/main/gnutls/APKBUILD +++ b/main/gnutls/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gnutls -pkgver=3.6.7 +pkgver=3.6.15 pkgrel=0 pkgdesc="A TLS protocol implementation" url="https://www.gnutls.org/" @@ -16,11 +16,16 @@ _v=${pkgver%.*} case $pkgver in *.*.*.*) _v=${_v%.*};; esac -source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/gnutls-$pkgver.tar.xz - tests-date-compat.patch" -builddir="$srcdir/$pkgname-$pkgver" +source="https://www.gnupg.org/ftp/gcrypt/gnutls/v$_v/gnutls-$pkgver.tar.xz + " # secfixes: +# 3.6.15-r0: +# - CVE-2020-24659 GNUTLS-SA-2020-09-04 +# 3.6.14-r0: +# - CVE-2020-13777 GNUTLS-SA-2020-06-03 +# 3.6.7-r1: +# - CVE-2020-11501 GNUTLS-SA-2020-03-31 # 3.6.7-r0: # - CVE-2019-3836 # - CVE-2019-3829 @@ -28,7 +33,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2017-7507 build() { - cd "$builddir" LIBS="-lgmp" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -45,8 +49,6 @@ build() { } check() { - cd "$builddir" - make check } @@ -67,5 +69,4 @@ xx() { mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ } -sha512sums="ae9b8996eb9b7269d28213f0aca3a4a17890ba8d47e3dc3b8e754ab8e2b4251e9412aaaa161a8bf56167f04cc169b4cada46f55a7bde92b955eb36cd717a99f3 gnutls-3.6.7.tar.xz -b9aefaca8a894b223b8bcc738524602e36edf6a49f458606235598470033c81b02e876bec18a41ac57760cb9644d44b4c35969be74d4a8120245fff716429531 tests-date-compat.patch" +sha512sums="f757d1532198f44bcad7b73856ce6a05bab43f6fb77fcc81c59607f146202f73023d0796d3e1e7471709cf792c8ee7d436e19407e0601bc0bda2f21512b3b01c gnutls-3.6.15.tar.xz" diff --git a/main/gnutls/tests-date-compat.patch b/main/gnutls/tests-date-compat.patch deleted file mode 100644 index 82e3314d298..00000000000 --- a/main/gnutls/tests-date-compat.patch +++ /dev/null @@ -1,12 +0,0 @@ -Busybox date does not support %N, this is GNU extension. ---- a/tests/scripts/common.sh -+++ b/tests/scripts/common.sh -@@ -61,7 +61,7 @@ - # Find a port number not currently in use. - GETPORT='rc=0; unset myrandom - if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi -- if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi -+ if test -z "$myrandom"; then myrandom=$(date +%s | sed s/^0*//); fi - if test -z "$myrandom"; then myrandom=0; fi - while test $rc = 0;do - PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD index b390167f6a9..01998b6f237 100644 --- a/main/haproxy/APKBUILD +++ b/main/haproxy/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Jeff Bilyk <jbilyk@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=haproxy -pkgver=1.8.23 +pkgver=1.8.25 _pkgmajorver=${pkgver%.*} pkgrel=0 pkgdesc="A TCP/HTTP reverse proxy for high availability environments" @@ -21,7 +21,9 @@ source="http://haproxy.1wt.eu/download/${_pkgmajorver}/src/$pkgname-$pkgver.tar. builddir="$srcdir/$pkgname-$pkgver" # secfixes: -# 1.8.23: +# 1.8.25-r0: +# - CVE-2020-11100 +# 1.8.23-r0: # - CVE-2019-19330 build() { @@ -54,6 +56,6 @@ package() { "$pkgdir"/etc/haproxy/haproxy.cfg } -sha512sums="bfd65179345285f6f4581a7dce42e638b89e12717d4cb9218afa085759161e04b6c78307d04265a6c97cd484b67949781639da5236edb89137585c625130be4f haproxy-1.8.23.tar.gz +sha512sums="655eb4056989a3fee321ea9278a2085b0a999e522293f1f6229ebb8d17f3d33cb78abb4fd55a06d0218082e632b2d42de105575d0acd0c1b49996d4b45aa78e8 haproxy-1.8.25.tar.gz 3ab277bf77fe864ec6c927118dcd70bdec0eb3c54535812d1c3c0995fa66a3ea91a73c342edeb8944caeb097d2dd1a7761099182df44af5e3ef42de6e2176d26 haproxy.initd 26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg" diff --git a/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch new file mode 100644 index 00000000000..0aa8a5ea1de --- /dev/null +++ b/main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch @@ -0,0 +1,150 @@ +From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Wed, 3 Jun 2020 23:17:35 +0300 +Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to + other networks + +The UPnP Device Architecture 2.0 specification errata ("UDA errata +16-04-2020.docx") addresses a problem with notifications being allowed +to go out to other domains by disallowing such cases. Do such filtering +for the notification callback URLs to avoid undesired connections to +external networks based on subscriptions that any device in the local +network could request when WPS support for external registrars is +enabled (the upnp_iface parameter in hostapd configuration). + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +--- + src/wps/wps_er.c | 2 +- + src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++-- + src/wps/wps_upnp_i.h | 3 ++- + 3 files changed, 39 insertions(+), 4 deletions(-) + +diff --git a/src/wps/wps_er.c b/src/wps/wps_er.c +index 6bded14327f8..31d2e50e4cff 100644 +--- a/src/wps/wps_er.c ++++ b/src/wps/wps_er.c +@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, const char *ifname, const char *filter) + "with %s", filter); + } + if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text, +- er->mac_addr)) { ++ NULL, er->mac_addr)) { + wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " + "for %s. Does it have IP address?", er->ifname); + wps_er_deinit(er, NULL, NULL); +diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c +index 6e10e4bc0c3f..7d4b7439940e 100644 +--- a/src/wps/wps_upnp.c ++++ b/src/wps/wps_upnp.c +@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct subscription *s) + } + + ++static int local_network_addr(struct upnp_wps_device_sm *sm, ++ struct sockaddr_in *addr) ++{ ++ return (addr->sin_addr.s_addr & sm->netmask.s_addr) == ++ (sm->ip_addr & sm->netmask.s_addr); ++} ++ ++ + /* subscr_addr_add_url -- add address(es) for one url to subscription */ + static void subscr_addr_add_url(struct subscription *s, const char *url, + size_t url_len) +@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, + + for (rp = result; rp; rp = rp->ai_next) { + struct subscr_addr *a; ++ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr; + + /* Limit no. of address to avoid denial of service attack */ + if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) { +@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, + break; + } + ++ if (!local_network_addr(s->sm, addr)) { ++ wpa_printf(MSG_INFO, ++ "WPS UPnP: Ignore a delivery URL that points to another network %s", ++ inet_ntoa(addr->sin_addr)); ++ continue; ++ } ++ + a = os_zalloc(sizeof(*a) + alloc_len); + if (a == NULL) + break; +@@ -890,11 +906,12 @@ static int eth_get(const char *device, u8 ea[ETH_ALEN]) + * @net_if: Selected network interface name + * @ip_addr: Buffer for returning IP address in network byte order + * @ip_addr_text: Buffer for returning a pointer to allocated IP address text ++ * @netmask: Buffer for returning netmask or %NULL if not needed + * @mac: Buffer for returning MAC address + * Returns: 0 on success, -1 on failure + */ + int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, +- u8 mac[ETH_ALEN]) ++ struct in_addr *netmask, u8 mac[ETH_ALEN]) + { + struct ifreq req; + int sock = -1; +@@ -920,6 +937,19 @@ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, + in_addr.s_addr = *ip_addr; + os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr)); + ++ if (netmask) { ++ os_memset(&req, 0, sizeof(req)); ++ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); ++ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) { ++ wpa_printf(MSG_ERROR, ++ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)", ++ errno, strerror(errno)); ++ goto fail; ++ } ++ addr = (struct sockaddr_in *) &req.ifr_netmask; ++ netmask->s_addr = addr->sin_addr.s_addr; ++ } ++ + #ifdef __linux__ + os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name)); + if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) { +@@ -1026,11 +1056,15 @@ static int upnp_wps_device_start(struct upnp_wps_device_sm *sm, char *net_if) + + /* Determine which IP and mac address we're using */ + if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text, +- sm->mac_addr)) { ++ &sm->netmask, sm->mac_addr)) { + wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address " + "for %s. Does it have IP address?", net_if); + goto fail; + } ++ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr " ++ MACSTR, ++ sm->ip_addr_text, inet_ntoa(sm->netmask), ++ MAC2STR(sm->mac_addr)); + + /* Listen for incoming TCP connections so that others + * can fetch our "xml files" from us. +diff --git a/src/wps/wps_upnp_i.h b/src/wps/wps_upnp_i.h +index e87a93232df1..6ead7b4e9a30 100644 +--- a/src/wps/wps_upnp_i.h ++++ b/src/wps/wps_upnp_i.h +@@ -128,6 +128,7 @@ struct upnp_wps_device_sm { + u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */ + char *ip_addr_text; /* IP address of network i.f. we use */ + unsigned ip_addr; /* IP address of network i.f. we use (host order) */ ++ struct in_addr netmask; + int multicast_sd; /* send multicast messages over this socket */ + int ssdp_sd; /* receive discovery UPD packets on socket */ + int ssdp_sd_registered; /* nonzero if we must unregister */ +@@ -158,7 +159,7 @@ struct subscription * subscription_find(struct upnp_wps_device_sm *sm, + const u8 uuid[UUID_LEN]); + void subscr_addr_delete(struct subscr_addr *a); + int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text, +- u8 mac[ETH_ALEN]); ++ struct in_addr *netmask, u8 mac[ETH_ALEN]); + + /* wps_upnp_ssdp.c */ + void msearchreply_state_machine_stop(struct advertisement_state_machine *a); +-- +2.20.1 + diff --git a/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch new file mode 100644 index 00000000000..c7a449e0b5c --- /dev/null +++ b/main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch @@ -0,0 +1,59 @@ +From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Wed, 3 Jun 2020 22:41:02 +0300 +Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL + path + +More than about 700 character URL ended up overflowing the wpabuf used +for building the event notification and this resulted in the wpabuf +buffer overflow checks terminating the hostapd process. Fix this by +allocating the buffer to be large enough to contain the full URL path. +However, since that around 700 character limit has been the practical +limit for more than ten years, start explicitly enforcing that as the +limit or the callback URLs since any longer ones had not worked before +and there is no need to enable them now either. + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +--- + src/wps/wps_upnp.c | 9 +++++++-- + src/wps/wps_upnp_event.c | 3 ++- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c +index 7d4b7439940e..ab685d52ecab 100644 +--- a/src/wps/wps_upnp.c ++++ b/src/wps/wps_upnp.c +@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url, + int rerr; + size_t host_len, path_len; + +- /* url MUST begin with http: */ +- if (url_len < 7 || os_strncasecmp(url, "http://", 7)) ++ /* URL MUST begin with HTTP scheme. In addition, limit the length of ++ * the URL to 700 characters which is around the limit that was ++ * implicitly enforced for more than 10 years due to a bug in ++ * generating the event messages. */ ++ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) { ++ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL"); + goto fail; ++ } + url += 7; + url_len -= 7; + +diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c +index d7e6edcc6503..08a23612f338 100644 +--- a/src/wps/wps_upnp_event.c ++++ b/src/wps/wps_upnp_event.c +@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e) + struct wpabuf *buf; + char *b; + +- buf = wpabuf_alloc(1000 + wpabuf_len(e->data)); ++ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) + ++ wpabuf_len(e->data)); + if (buf == NULL) + return NULL; + wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path); +-- +2.20.1 + diff --git a/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch new file mode 100644 index 00000000000..9d0376043d0 --- /dev/null +++ b/main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch @@ -0,0 +1,47 @@ +From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@codeaurora.org> +Date: Thu, 4 Jun 2020 21:24:04 +0300 +Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more + properly + +While it is appropriate to try to retransmit the event to another +callback URL on a failure to initiate the HTTP client connection, there +is no point in trying the exact same operation multiple times in a row. +Replve the event_retry() calls with event_addr_failure() for these cases +to avoid busy loops trying to repeat the same failing operation. + +These potential busy loops would go through eloop callbacks, so the +process is not completely stuck on handling them, but unnecessary CPU +would be used to process the continues retries that will keep failing +for the same reason. + +Signed-off-by: Jouni Malinen <jouni@codeaurora.org> +--- + src/wps/wps_upnp_event.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c +index 08a23612f338..c0d9e41d9a38 100644 +--- a/src/wps/wps_upnp_event.c ++++ b/src/wps/wps_upnp_event.c +@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s) + + buf = event_build_message(e); + if (buf == NULL) { +- event_retry(e, 0); ++ event_addr_failure(e); + return -1; + } + +@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s) + event_http_cb, e); + if (e->http_event == NULL) { + wpabuf_free(buf); +- event_retry(e, 0); ++ event_addr_failure(e); + return -1; + } + +-- +2.20.1 + diff --git a/main/hostapd/APKBUILD b/main/hostapd/APKBUILD index 2ac593fbecc..28bc83d0e63 100644 --- a/main/hostapd/APKBUILD +++ b/main/hostapd/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=hostapd pkgver=2.7 -pkgrel=5 +pkgrel=6 pkgdesc="daemon for wireless software access points" url="http://hostap.epitest.fi/hostapd/" arch="all" @@ -36,15 +36,21 @@ patches="CVE-2012-4445.patch 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch CVE-2019-16275.patch - " -source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz + 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch + 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch + 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch +" +source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz $patches $pkgname.initd - $pkgname.confd" + $pkgname.confd + " options="!check" #no testsuite builddir="$srcdir"/$pkgname-$pkgver/hostapd # secfixes: +# 2.7-r6: +# - CVE-2020-12695 # 2.7-r5: # - CVE-2019-16275 # 2.7-r4: @@ -53,8 +59,6 @@ builddir="$srcdir"/$pkgname-$pkgver/hostapd # - CVE-2019-9496 # 2.7-r1: # - CVE-2019-11555 -# 2.7-r0: -# - CVE-2017-13082 # 2.6-r2: # - CVE-2017-13077 # - CVE-2017-13078 @@ -69,10 +73,14 @@ builddir="$srcdir"/$pkgname-$pkgver/hostapd prepare() { local conf="$builddir/.config" + # This is required because our builddir is the hostapd/ directory + # inside the extracted archive, while patches mostly apply against + # the src/ directory that is in the same directory as the hostapd/ + # one is cd "$builddir"/.. - for i in $patches; do - msg $i - patch -p1 -i "$srcdir"/$i + for i in "$srcdir"/*.patch; do + msg "Applying $i..." + patch -p1 -i $i done cd "$builddir" @@ -153,5 +161,8 @@ bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c7 da5f4248a0173cd7d07972b760631a8dc26f258e7b5be059c0d7de26e17f668945a62d2afce01ed1a1e9df6c55f9fd6ee344d4f006f5564b90a25e90e1e7c704 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch 4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch 63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch +b76bbca282a74ef16c0303e5dbd2ccd33a62461595964d52c1481b0bfa4f41deacde56830b85409b288803b87ceb6f33cf0ccc69c5b17ec632c2d4784b872f3c 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch +00cc739e78c42353a555c0de2f29defecff372927040e14407a231d1ead7ff32a37c9fd46bea7cdf1c24e3ac891bc3d483800d44fc6d2c8a12d2ae886523b12c 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch +69243af20cdcfa837c51917a3723779f4825e11436fb83311355b4ffe8f7a4b7a5747a976f7bf923038c410c9e9055b13b866d9a396913ad08bdec3a70e9f6e0 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3 hostapd.initd 0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe hostapd.confd" diff --git a/main/hylafaxplus/APKBUILD b/main/hylafaxplus/APKBUILD index be0f300dfee..fee0c0957e0 100644 --- a/main/hylafaxplus/APKBUILD +++ b/main/hylafaxplus/APKBUILD @@ -3,7 +3,7 @@ pkgname=hylafaxplus _pkgname=hylafax pkgver=7.0.0 -pkgrel=0 +pkgrel=1 pkgdesc="Making the Premier Open-Source Fax Management System Even Better" url="http://hylafax.sourceforge.net" arch="all" @@ -19,9 +19,15 @@ source="https://downloads.sourceforge.net/hylafax/${_pkgname}-${pkgver}.tar.gz $pkgname.confd no-locale.patch utf8-dictionary.patch + CVE-2020-15396-CVE-2020-15397.patch " builddir="$srcdir"/$_pkgname-$pkgver +# secfixes: +# 7.0.0-r1: +# - CVE-2020-15396 +# - CVE-2020-15397 + build() { cd "$builddir" # the configure script does not handle ccache or distcc @@ -89,9 +95,9 @@ package(){ install -D -m644 "$srcdir"/$pkgname.confd \ "$pkgdir"/etc/conf.d/$pkgname } - sha512sums="c63fdbff79c2ced29e03907c2e401c95a739e343414840a25b9582e3f4db880eaf4622295035e4728a9d1f224f97985007944397f28c9b29595aeec157bc2031 hylafax-7.0.0.tar.gz 3862cefcd26092000e4489c097537e5e0e2ae1f7c2a7a16b1e933b3bb78d136b6d8a65fb712ae245dd8ca881900408d0d9788bd2e0b859a9569fc6f4ede8cc7c hylafaxplus.initd a2117eddc8f0ff70a23a90f2001dcb88c5bddee46ffa021d6d1701cc5cfc3bcb0362ead2b1b1ce2b288992728053c5947466d08916649f45e7dfb1876576e50f hylafaxplus.confd 4a1243daff9904e6395c3e28aa4a78a74de99f5aa9dbf5055a3781acfcd9b1b3db42b1569409b27e3ef9b0e55272dc99122436a79a08c9a1c140c2547c5a2c15 no-locale.patch -f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch" +f5f1e33897a91b8297311c033d50e7ea2f9088568264a5b9224285066a504da8cc4296f973dd0a70e09abca538cef26964c6181f4f67f76400783d0697f05e61 utf8-dictionary.patch +ed6a717eb54d9ead7e2122cb2ecb9871343adcbbb615c0b63dfde5c23883c0f10bb2f0d3ae0ea73906522026f73bf743e2abcb54f08f2c75d61a5b87b933bbb8 CVE-2020-15396-CVE-2020-15397.patch" diff --git a/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch new file mode 100644 index 00000000000..b3af03d18a1 --- /dev/null +++ b/main/hylafaxplus/CVE-2020-15396-CVE-2020-15397.patch @@ -0,0 +1,68 @@ +Upstream: Adapted from upstream, SourceForge has no raw diffs +diff --git a/etc/faxaddmodem.sh.in b/etc/faxaddmodem.sh.in +index dc39917..c4d3ff1 100644 +--- a/etc/faxaddmodem.sh.in ++++ b/etc/faxaddmodem.sh.in +@@ -113,12 +113,14 @@ if [ "$euid" != "root" ]; then + fi + + # security ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.faxaddmodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.faxaddmodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -rf $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + CPATH=$SPOOL/etc/config # prefix of configuration file +diff --git a/etc/faxsetup.sh.in b/etc/faxsetup.sh.in +index 556eef5..794d3d9 100644 +--- a/etc/faxsetup.sh.in ++++ b/etc/faxsetup.sh.in +@@ -922,12 +922,14 @@ if onServer; then + # + + # Setup TMPDIR before anything can trap and rm it ++ o="`umask`" ++ umask 077 + TMPDIR=`(mktemp -d /tmp/.faxsetup.XXXXXX) 2>/dev/null` ++ umask "$o" + if test x$TMPDIR = x; then +- TMPDIR=/tmp/.faxsetup$$ +- fi +- $RM -rf $TMPDIR +- (umask 077 ; mkdir $TMPDIR) || exit 1 ++ echo "Failed to create temporary directory. Cannot continue." +++ exit 1 +++ fi + + JUNK="etc/setup.tmp" + trap "$RM \$JUNK; $RM -r \$TMPDIR; exit 1" 1 2 15 +diff --git a/etc/probemodem.sh.in b/etc/probemodem.sh.in +index 55b5d9b..269c886 100644 +--- a/etc/probemodem.sh.in ++++ b/etc/probemodem.sh.in +@@ -85,12 +85,14 @@ test -f $SPOOL/etc/setup.cache || { + . $SPOOL/etc/setup.cache # common configuration stuff + . $SPOOL/etc/setup.modem # modem-specific stuff + ++o="`umask`" ++umask 077 + TMPDIR=`(mktemp -d /tmp/.probemodem.XXXXXX) 2>/dev/null` ++umask "$o" + if test X$TMPDIR = X; then +- TMPDIR=/tmp/.probemodem$$ ++ echo "Failed to create temporary directory. Cannot continue." ++ exit 1 + fi +-@RM@ -fr $TMPDIR +-(umask 077 ; mkdir $TMPDIR) || exit 1 + + SH=$SCRIPT_SH # shell for use below + OUT=$TMPDIR/probemodem$$ # temp file in which modem output is recorded diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD index a2c79c9a19b..740763a72df 100644 --- a/main/iproute2/APKBUILD +++ b/main/iproute2/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=iproute2 pkgver=4.19.0 -pkgrel=0 +pkgrel=1 pkgdesc="IP Routing Utilities" url="https://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2" arch="all" @@ -11,9 +11,15 @@ install="$pkgname.post-install" makedepends="bison flex bash iptables-dev libelf-dev" subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch" source="https://kernel.org/pub/linux/utils/net/iproute2/iproute2-$pkgver.tar.xz - fix-install-errors.patch" + fix-install-errors.patch + CVE-2019-20795.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 4.19.0-r1: +# - CVE-2019-20795 + prepare() { default_prepare cd "$builddir" @@ -54,4 +60,5 @@ bashcomp() { } sha512sums="47c750da2247705b1b1d1621f58987333e54370d0fff2f24106194022de793ff35dfd67fd1be127ce019008705702092d31dac49abf930a7c0dc5c7e7c0665b8 iproute2-4.19.0.tar.xz -24fc2a901650e11f80bcaa82c839e70c21aafdf3c5b8a357d932d066a0b98ae2ec8379fc17a0a16a1b5b4fa5edc131179c10fc02e55d6101701df5a09966912c fix-install-errors.patch" +24fc2a901650e11f80bcaa82c839e70c21aafdf3c5b8a357d932d066a0b98ae2ec8379fc17a0a16a1b5b4fa5edc131179c10fc02e55d6101701df5a09966912c fix-install-errors.patch +a9f7685dc50495e338fcfce31fc097c220227e78158e16845ed9341d96ba82f34d2778e6268ed7ad795d0bde7293b63d19b3066d37f37dde9112277e61a4e9ac CVE-2019-20795.patch" diff --git a/main/iproute2/CVE-2019-20795.patch b/main/iproute2/CVE-2019-20795.patch new file mode 100644 index 00000000000..bc50bee0910 --- /dev/null +++ b/main/iproute2/CVE-2019-20795.patch @@ -0,0 +1,42 @@ +diff --git a/ip/ipnetns.c b/ip/ipnetns.c +index 03879b4..18d6e26 100644 +--- a/ip/ipnetns.c ++++ b/ip/ipnetns.c +@@ -106,7 +106,7 @@ int get_netnsid_from_name(const char *name) + struct nlmsghdr *answer; + struct rtattr *tb[NETNSA_MAX + 1]; + struct rtgenmsg *rthdr; +- int len, fd; ++ int len, fd, ret = -1; + + netns_nsid_socket_init(); + +@@ -123,23 +123,22 @@ int get_netnsid_from_name(const char *name) + + /* Validate message and parse attributes */ + if (answer->nlmsg_type == NLMSG_ERROR) +- goto err_out; ++ goto out; + + rthdr = NLMSG_DATA(answer); + len = answer->nlmsg_len - NLMSG_SPACE(sizeof(*rthdr)); + if (len < 0) +- goto err_out; ++ goto out; + + parse_rtattr(tb, NETNSA_MAX, NETNS_RTA(rthdr), len); + + if (tb[NETNSA_NSID]) { +- free(answer); +- return rta_getattr_u32(tb[NETNSA_NSID]); ++ ret = rta_getattr_u32(tb[NETNSA_NSID]); + } + +-err_out: ++out: + free(answer); +- return -1; ++ return ret; + } + + struct nsid_cache { diff --git a/main/jbig2dec/APKBUILD b/main/jbig2dec/APKBUILD index b4396b78694..670eff8d952 100644 --- a/main/jbig2dec/APKBUILD +++ b/main/jbig2dec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=jbig2dec pkgver=0.15 -pkgrel=0 +pkgrel=1 pkgdesc="JBIG2 image compression format decoder" url="https://www.ghostscript.com/jbig2dec.html" arch="all" @@ -10,7 +10,13 @@ license="GPL-2.0-or-later" makedepends="autoconf automake libtool" checkdepends="python2" subpackages="$pkgname-dev $pkgname-doc" -source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz" +source="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/jbig2dec-0.15.tar.gz + CVE-2020-12268.patch + " + +# secfixes: +# 0.15-r1: +# - CVE-2020-12268 builddir="$srcdir/$pkgname-$pkgver" @@ -44,4 +50,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz" +sha512sums="142acf0c47be094232ff21074414be5cf633a7008b2095d60b8878c4e125966f36632d8db191959ae1ac4b12b8fdc78139f67cd531717d203864b459d2570369 jbig2dec-0.15.tar.gz +e33c6a942af79dfb98c8160bccb0d7e6965d90b77f4e8e370787a9c0af0273001f02d5591b92d4285b901182ea335eb09854ce2fa995266837156b568747aa24 CVE-2020-12268.patch" diff --git a/main/jbig2dec/CVE-2020-12268.patch b/main/jbig2dec/CVE-2020-12268.patch new file mode 100644 index 00000000000..773515ae2dc --- /dev/null +++ b/main/jbig2dec/CVE-2020-12268.patch @@ -0,0 +1,44 @@ +From 0726320a4b55078e9d8deb590e477d598b3da66e Mon Sep 17 00:00:00 2001 +From: Robin Watts <Robin.Watts@artifex.com> +Date: Mon, 27 Jan 2020 10:12:24 -0800 +Subject: [PATCH] Fix OSS-Fuzz issue 20332: buffer overflow in + jbig2_image_compose. + +With extreme values of x/y/w/h we can get overflow. Test for this +and exit safely. + +Thanks for OSS-Fuzz for reporting. +--- + jbig2_image.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/jbig2_image.c b/jbig2_image.c +index 22e21ef..100263d 100644 +--- a/jbig2_image.c ++++ b/jbig2_image.c +@@ -33,6 +33,9 @@ + #if !defined (INT32_MAX) + #define INT32_MAX 0x7fffffff + #endif ++#if !defined (UINT32_MAX) ++#define UINT32_MAX 0xffffffffu ++#endif + + /* allocate a Jbig2Image structure and its associated bitmap */ + Jbig2Image * +@@ -258,6 +261,15 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2Image *dst, Jbig2Image *src, int x, int + if (src == NULL) + return 0; + ++ if ((UINT32_MAX - src->width < (x > 0 ? x : -x)) || ++ (UINT32_MAX - src->height < (y > 0 ? y : -y))) ++ { ++#ifdef JBIG2_DEBUG ++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, -1, "overflow in compose_image"); ++#endif ++ return 0; ++ } ++ + /* The optimized code for the OR operator below doesn't + handle the source image partially placed outside the + destination (above and/or to the left). The affected diff --git a/main/json-c/APKBUILD b/main/json-c/APKBUILD index de361f308c4..365b0ad323d 100644 --- a/main/json-c/APKBUILD +++ b/main/json-c/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=json-c pkgver=0.13.1 -pkgrel=0 +pkgrel=1 pkgdesc="A JSON implementation in C" url="https://github.com/json-c/json-c/wiki" arch="all" @@ -12,9 +12,15 @@ makedepends="$depends_dev autoconf automake libtool" install="" subpackages="$pkgname-static $pkgname-dev" source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz + CVE-2020-12762.patch::https://github.com/json-c/json-c/pull/607.patch " builddir="$srcdir"/json-c-$pkgver + +# secfixes: +# 0.13.1-r1: +# - CVE-2020-12762 + prepare() { cd "$builddir" default_prepare @@ -53,4 +59,5 @@ static() { mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ } -sha512sums="e984db2a42b9c95b52c798b2e8dd1b79951a8dcba27370af30c43b9549fbb00008dbcf052a535c528209aaee38e6d1f760168b706905ae72f3e704ed20f8a1a1 json-c-0.13.1.tar.gz" +sha512sums="e984db2a42b9c95b52c798b2e8dd1b79951a8dcba27370af30c43b9549fbb00008dbcf052a535c528209aaee38e6d1f760168b706905ae72f3e704ed20f8a1a1 json-c-0.13.1.tar.gz +f6c47ba18cdbf5cf150fdac97e931e511e12cbb5c30e6798b1ebf6173556eda1e84384bf0019a95bcfbb9dcd561a13d05639c68e07838b28cdbcf5b86bd3d497 CVE-2020-12762.patch" diff --git a/main/krb5/APKBUILD b/main/krb5/APKBUILD index a07d7c41060..595c44a0b79 100644 --- a/main/krb5/APKBUILD +++ b/main/krb5/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=krb5 pkgver=1.15.5 -pkgrel=0 +pkgrel=1 case $pkgver in *.*.*) _ver=${pkgver%.*};; @@ -21,6 +21,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-server $pkgname-server-ldap:ldap $pkgname-pkinit $pkgname-libs" source="https://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz mit-krb5_krb5-config_LDFLAGS.patch + CVE-2020-28196.patch krb5kadmind.initd krb5kdc.initd @@ -29,6 +30,8 @@ source="https://web.mit.edu/kerberos/dist/krb5/${_ver}/krb5-$pkgver.tar.gz builddir="$srcdir"/krb5-$pkgver # secfixes: +# 1.15.5-r1: +# - CVE-2020-28196 # 1.15.4-r0: # - CVE-2018-20217 # 1.15.3-r0: @@ -114,6 +117,7 @@ libs() { } sha512sums="cf2c5764a081acc44c416108da40f76dafa5c764d1fb842cba1736942999548962a57c64e67924a409c068b1b8ed824f17857ea9a34594724f70903e555505b5 krb5-1.15.5.tar.gz 5a3782ff17b383f8cd0415fd13538ab56afd788130d6ad640e9f2682b7deaae7f25713ce358058ed771091040dccf62a3bc87e6fd473d505ec189a95debcc801 mit-krb5_krb5-config_LDFLAGS.patch +d7b4b55f01f8e70c0b1c9390ba1753d590253ac9ab39aaf22da15b6169506d019923837bb18d856b0c4508afc9c387180068dfe0c6847d6bd7d0970b34769a97 CVE-2020-28196.patch 43b9885b7eb8d0d60920def688de482f2b1701288f9acb1bb21dc76b2395428ff304961959eb04ba5eafd0412bae35668d6d2c8223424b9337bc051eadf51682 krb5kadmind.initd ede15f15bbbc9d0227235067abe15245bb9713aea260d397379c63275ce74aea0db6c91c15d599e40c6e89612d76f3a0f8fdd21cbafa3f30d426d4310d3e2cec krb5kdc.initd 45be0d421efd41e9dd056125a750c90856586e990317456b68170d733b03cba9ecd18ab87603b20e49575e7839fb4a6d628255533f2631f9e8ddb7f3cc493a90 krb5kpropd.initd" diff --git a/main/krb5/CVE-2018-20217.patch b/main/krb5/CVE-2018-20217.patch deleted file mode 100644 index 80f2d550583..00000000000 --- a/main/krb5/CVE-2018-20217.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 5e6d1796106df8ba6bc1973ee0917c170d929086 Mon Sep 17 00:00:00 2001 -From: Isaac Boukris <iboukris@gmail.com> -Date: Mon, 3 Dec 2018 02:33:07 +0200 -Subject: [PATCH] Ignore password attributes for S4U2Self requests - -For consistency with Windows KDCs, allow protocol transition to work -even if the password has expired or needs changing. - -Also, when looking up an enterprise principal with an AS request, -treat ERR_KEY_EXP as confirmation that the client is present in the -realm. - -[ghudson@mit.edu: added comment in kdc_process_s4u2self_req(); edited -commit message] - -ticket: 8763 (new) -tags: pullup -target_version: 1.17 ---- - src/kdc/kdc_util.c | 5 +++++ - src/lib/krb5/krb/s4u_creds.c | 2 +- - src/tests/gssapi/t_s4u.py | 8 ++++++++ - 3 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c -index 6d53173fb0..6517a213cd 100644 ---- a/src/kdc/kdc_util.c -+++ b/src/kdc/kdc_util.c -@@ -1607,6 +1607,11 @@ kdc_process_s4u2self_req(kdc_realm_t *kdc_active_realm, - - memset(&no_server, 0, sizeof(no_server)); - -+ /* Ignore password expiration and needchange attributes (as Windows -+ * does), since S4U2Self is not password authentication. */ -+ princ->pw_expiration = 0; -+ clear(princ->attributes, KRB5_KDB_REQUIRES_PWCHANGE); -+ - code = validate_as_request(kdc_active_realm, request, *princ, - no_server, kdc_time, status, &e_data); - if (code) { -diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c -index d2fdcb3f16..614ed41908 100644 ---- a/src/lib/krb5/krb/s4u_creds.c -+++ b/src/lib/krb5/krb/s4u_creds.c -@@ -116,7 +116,7 @@ s4u_identify_user(krb5_context context, - code = k5_get_init_creds(context, &creds, &client, NULL, NULL, 0, NULL, - opts, krb5_get_as_key_noop, &userid, &use_master, - NULL); -- if (code == 0 || code == KRB5_PREAUTH_FAILED) { -+ if (!code || code == KRB5_PREAUTH_FAILED || code == KRB5KDC_ERR_KEY_EXP) { - *canon_user = userid.user; - userid.user = NULL; - code = 0; -diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py -index fd29e1a270..84f3fbd752 100755 ---- a/src/tests/gssapi/t_s4u.py -+++ b/src/tests/gssapi/t_s4u.py -@@ -19,6 +19,14 @@ - # Get forwardable creds for service1 in the default cache. - realm.kinit(service1, None, ['-f', '-k']) - -+# Try S4U2Self for user with a restricted password. -+realm.run([kadminl, 'modprinc', '+needchange', realm.user_princ]) -+realm.run(['./t_s4u', 'e:user', '-']) -+realm.run([kadminl, 'modprinc', '-needchange', -+ '-pwexpire', '1/1/2000', realm.user_princ]) -+realm.run(['./t_s4u', 'e:user', '-']) -+realm.run([kadminl, 'modprinc', '-pwexpire', 'never', realm.user_princ]) -+ - # Try krb5 -> S4U2Proxy with forwardable user creds. This should fail - # at the S4U2Proxy step since the DB2 back end currently has no - # support for allowing it. diff --git a/main/krb5/CVE-2020-28196.patch b/main/krb5/CVE-2020-28196.patch new file mode 100644 index 00000000000..4d6b4238388 --- /dev/null +++ b/main/krb5/CVE-2020-28196.patch @@ -0,0 +1,100 @@ +From 2289312180a5162114037df8eaa4f4f990d67447 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Sat, 31 Oct 2020 17:07:05 -0400 +Subject: [PATCH] Add recursion limit for ASN.1 indefinite lengths + +The libkrb5 ASN.1 decoder supports BER indefinite lengths. It +computes the tag length using recursion; the lack of a recursion limit +allows an attacker to overrun the stack and cause the process to +crash. Reported by Demi Obenour. + +CVE-2020-28196: + +In MIT krb5 releases 1.11 and later, an unauthenticated attacker can +cause a denial of service for any client or server to which it can +send an ASN.1-encoded Kerberos message of sufficient length. + +ticket: 8959 (new) +tags: pullup +target_version: 1.18-next +target_version: 1.17-next + +(cherry picked from commit 57415dda6cf04e73ffc3723be518eddfae599bfd) +--- + src/lib/krb5/asn.1/asn1_encode.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c +index a7423b642..8c0cda852 100644 +--- a/src/lib/krb5/asn.1/asn1_encode.c ++++ b/src/lib/krb5/asn.1/asn1_encode.c +@@ -393,7 +393,7 @@ make_tag(asn1buf *buf, const taginfo *t, size_t len, size_t *retlen) + static asn1_error_code + get_tag(const unsigned char *asn1, size_t len, taginfo *tag_out, + const unsigned char **contents_out, size_t *clen_out, +- const unsigned char **remainder_out, size_t *rlen_out) ++ const unsigned char **remainder_out, size_t *rlen_out, int recursion) + { + asn1_error_code ret; + unsigned char o; +@@ -431,9 +431,11 @@ get_tag(const unsigned char *asn1, size_t len, taginfo *tag_out, + /* Indefinite form (should not be present in DER, but we accept it). */ + if (tag_out->construction != CONSTRUCTED) + return ASN1_MISMATCH_INDEF; ++ if (recursion >= 32) ++ return ASN1_OVERFLOW; + p = asn1; + while (!(len >= 2 && p[0] == 0 && p[1] == 0)) { +- ret = get_tag(p, len, &t, &c, &clen, &p, &len); ++ ret = get_tag(p, len, &t, &c, &clen, &p, &len, recursion + 1); + if (ret) + return ret; + } +@@ -652,7 +654,7 @@ split_der(asn1buf *buf, unsigned char *const *der, size_t len, + const unsigned char *contents, *remainder; + size_t clen, rlen; + +- ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen); ++ ret = get_tag(*der, len, tag_out, &contents, &clen, &remainder, &rlen, 0); + if (ret) + return ret; + if (rlen != 0) +@@ -1259,7 +1261,7 @@ decode_atype(const taginfo *t, const unsigned char *asn1, + const unsigned char *rem; + size_t rlen; + if (!tag->implicit) { +- ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen); ++ ret = get_tag(asn1, len, &inner_tag, &asn1, &len, &rem, &rlen, 0); + if (ret) + return ret; + /* Note: we don't check rlen (it should be 0). */ +@@ -1481,7 +1483,7 @@ decode_sequence(const unsigned char *asn1, size_t len, + for (i = 0; i < seq->n_fields; i++) { + if (len == 0) + break; +- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len); ++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0); + if (ret) + goto error; + /* +@@ -1539,7 +1541,7 @@ decode_sequence_of(const unsigned char *asn1, size_t len, + *seq_out = NULL; + *count_out = 0; + while (len > 0) { +- ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len); ++ ret = get_tag(asn1, len, &t, &contents, &clen, &asn1, &len, 0); + if (ret) + goto error; + if (!check_atype_tag(elemtype, &t)) { +@@ -1625,7 +1627,7 @@ k5_asn1_full_decode(const krb5_data *code, const struct atype_info *a, + + *retrep = NULL; + ret = get_tag((unsigned char *)code->data, code->length, &t, &contents, +- &clen, &remainder, &rlen); ++ &clen, &remainder, &rlen, 0); + if (ret) + return ret; + /* rlen should be 0, but we don't check it (and due to padding in +-- +2.20.4 + diff --git a/main/lame/APKBUILD b/main/lame/APKBUILD index 80caadcd112..75a21d54843 100644 --- a/main/lame/APKBUILD +++ b/main/lame/APKBUILD @@ -12,11 +12,6 @@ source="https://downloads.sourceforge.net/project/lame/lame/$pkgver/$pkgname-$pk builddir="$srcdir"/$pkgname-$pkgver # secfixes: -# 3.100-r0: -# - CVE-2017-9410 -# - CVE-2017-9411 -# - CVE-2017-9412 -# - CVE-2015-9099 # 3.99.5-r6: # - CVE-2015-9099 # - CVE-2015-9100 diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD index 467acb3b995..22a32de8c3b 100644 --- a/main/libexif/APKBUILD +++ b/main/libexif/APKBUILD @@ -1,30 +1,47 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libexif -pkgver=0.6.21 -pkgrel=3 +pkgver=0.6.22 +pkgrel=0 pkgdesc="A library to parse an EXIF file and read the data from those tags" url="https://sourceforge.net/projects/libexif" arch="all" -license="LGPL-2.0+" +license="LGPL-2.0-or-later" subpackages="$pkgname-dev $pkgname-doc" -depends= -makedepends= -source="https://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2 - CVE-2017-7544.patch - " +source="https://github.com/libexif/libexif/releases/download/libexif-${pkgver//./_}-release/libexif-$pkgver.tar.xz" # secfixes: +# 0.6.22-r0: +# - CVE-2018-20030 +# - CVE-2020-13114 +# - CVE-2020-13113 +# - CVE-2020-13112 +# - CVE-2020-0093 +# - CVE-2019-9278 +# - CVE-2020-12767 +# - CVE-2016-6328 # 0.6.21-r3: # - CVE-2017-7544 +# 0.6.21-r0: +# - CVE-2012-2812 +# - CVE-2012-2813 +# - CVE-2012-2814 +# - CVE-2012-2836 +# - CVE-2012-2837 +# - CVE-2012-2840 +# - CVE-2012-2841 +# - CVE-2012-2845 +# 0.6.19-r0: +# - CVE-2009-3895 prepare() { - cd "$builddir" - update_config_sub default_prepare + + # The tarballs upstream provides uses /usr/bin/sh instead of /bin/sh + # most likely as a result of a poor usrmerge + grep -l '^#!/usr/bin/sh' -r . | xargs sed -i 's|^#!/usr/bin/sh|#!/bin/sh|g' } build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,13 +50,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2 -5475c9e0f4a05448a571077d24d545cfaa0a7b15978345e92440107770077158b994fc0c785a81bb95ad6b409929c4c516c6e002cd65c9d35eb0e91161750e48 CVE-2017-7544.patch" +sha512sums="0a9e7bf0258ed98a794b667d45e8fc65299101a2a2d2e39c358715b20b003beff258782f0736cd5b53978428a2f878a989f303bee249a978850a065f33c534af libexif-0.6.22.tar.xz" diff --git a/main/libexif/CVE-2017-7544.patch b/main/libexif/CVE-2017-7544.patch deleted file mode 100644 index b8825e1385c..00000000000 --- a/main/libexif/CVE-2017-7544.patch +++ /dev/null @@ -1,20 +0,0 @@ -Index: libexif/exif-data.c -=================================================================== -RCS file: /cvsroot/libexif/libexif/libexif/exif-data.c,v -retrieving revision 1.131 -diff -u -r1.131 exif-data.c ---- a/libexif/exif-data.c 12 Jul 2012 17:28:26 -0000 1.131 -+++ b/libexif/exif-data.c 25 Jul 2017 21:34:06 -0000 -@@ -255,6 +255,12 @@ - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } - diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD index 481d8a140c1..baa1b6f2c50 100644 --- a/main/libsndfile/APKBUILD +++ b/main/libsndfile/APKBUILD @@ -27,8 +27,6 @@ case $CARCH in arm*) options="!check";; esac # 1.0.28-r8: # - CVE-2018-19758 # - CVE-2019-3832 -# 1.0.28-r7: -# - CVE-2018-19758 # 1.0.28-r6: # - CVE-2017-17456 # - CVE-2017-17457 diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index de04c031f78..c574cf3420b 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh pkgver=0.7.6 -pkgrel=2 +pkgrel=3 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" arch="all" @@ -13,10 +13,14 @@ options="!check" source="https://www.libssh.org/files/0.7/libssh-$pkgver.tar.xz fix-includes.patch CVE-2019-14889.patch + CVE-2020-16135.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 0.7.6-r3: +# - CVE-2020-1730 +# - CVE-2020-16135 # 0.7.6-r2: # - CVE-2019-14889 # 0.7.6-r0: @@ -35,7 +39,7 @@ package() { cd "$srcdir"/build make DESTDIR="$pkgdir" install } - sha512sums="2a01402b5a9fab9ecc29200544ed45d3f2c40871ed1c8241ca793f8dc7fdb3ad2150f6a522c4321affa9b8778e280dc7ed10f76adfc4a73f0751ae735a42f56c libssh-0.7.6.tar.xz 055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch -ed832fd00cb1ccae94e4b9e6771d92822dd1ef0e3fcc4649fab04dcde9f959909b7564fe1533e48eb4d016d3fef2dd711e1b9be5bda286545bd18bb81ae9cb6a CVE-2019-14889.patch" +ed832fd00cb1ccae94e4b9e6771d92822dd1ef0e3fcc4649fab04dcde9f959909b7564fe1533e48eb4d016d3fef2dd711e1b9be5bda286545bd18bb81ae9cb6a CVE-2019-14889.patch +e70708cb7973c2e8c13905cef45ef9b669273869dd2ea7f399b7ce57b363fd6a3775e7fd8a3be7b7c343a2c536ee15a859cc3609e69a0a615112b125b6ebfe4b CVE-2020-16135.patch" diff --git a/main/libssh/CVE-2020-16135.patch b/main/libssh/CVE-2020-16135.patch new file mode 100644 index 00000000000..a86f19e3f7a --- /dev/null +++ b/main/libssh/CVE-2020-16135.patch @@ -0,0 +1,40 @@ +From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() + +Add a missing NULL check for the pointer returned by ssh_buffer_new() in +sftpserver.c. + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +Reviewed-by: Jakub Jelen <jjelen@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 1717aa41..1af8a0e7 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +cgit v1.2.1 + diff --git a/main/libssh2/APKBUILD b/main/libssh2/APKBUILD index 064393dc799..7a08c0f4442 100644 --- a/main/libssh2/APKBUILD +++ b/main/libssh2/APKBUILD @@ -14,7 +14,7 @@ source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz CVE-2019-17498.patch" builddir="$srcdir"/libssh2-$pkgver -# security fixes: +# secfixes: # 1.9.0-r1: # - CVE-2019-17498 # 1.9.0-r0: diff --git a/main/libuv/APKBUILD b/main/libuv/APKBUILD index eb97e6616aa..e1d687a3038 100644 --- a/main/libuv/APKBUILD +++ b/main/libuv/APKBUILD @@ -2,7 +2,7 @@ # Conttributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libuv -pkgver=1.23.2 +pkgver=1.25.0 pkgrel=0 pkgdesc="Cross-platform asychronous I/O" url="https://libuv.org" @@ -45,5 +45,5 @@ package() { "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } -sha512sums="8dd9053adad115ae6dd012bf1059aab87cea2adcd8d2f8061607929bf5b0c83b1898f5945325b0f3ace7cdd70b7cdc03f60d4b2f85495c34ca94b9dcf76b42fe libuv-v1.23.2.tar.gz +sha512sums="ee120b3baf3f399319b6f21258c25f980a4961f80059b82537f1760faea70bbaf96a8ebdb66ba9552d7b4a3e2287eed8f0169829472d690b6338a0d8aaf9f521 libuv-v1.25.0.tar.gz 081b98efa33264d326d998f32600635efd5723de1d9836b99039c60168580c7f56a7ea9fdd138f41bb1aede11da70079cce4aa69ea5b954b7f9e4dcad53ba16a disable-setuid-test.patch" diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD index 80674edae69..f6061835cf5 100644 --- a/main/libvirt/APKBUILD +++ b/main/libvirt/APKBUILD @@ -2,7 +2,7 @@ pkgname=libvirt pkgver=5.5.0 _ver="${pkgver/_rc/-rc}" -pkgrel=0 +pkgrel=2 pkgdesc="A virtualization API for several hypervisor and container systems" url="http://libvirt.org/" arch="all" @@ -31,6 +31,8 @@ source="https://libvirt.org/sources/$pkgname-$pkgver.tar.xz virtlockd.initd musl-fix-includes.patch musl-stderr.patch + CVE-2020-12430.patch + CVE-2019-20485.patch " if [ "$CARCH" = "x86_64" ]; then @@ -42,8 +44,10 @@ subpackages="$subpackages $pkgname-common-drivers:_common_drivers" builddir="$srcdir"/$pkgname-$pkgver # secfixes: -# 4.10.0-r2: -# - CVE-2019-3840 +# 5.5.0-r2: +# - CVE-2019-20485 +# 5.5.0-r1: +# - CVE-2020-12430 # 5.5.0-r0: # - CVE-2019-10161 # - CVE-2019-10166 @@ -188,4 +192,6 @@ sha512sums="47923aaca605fb43a53238ac535abc1f88f73435336b8f3e88cb01df277ed205d99c 36b85f473d292be8df415256d01a562131d8ae61450ba3893658090a12d589ca32215382f56f286a830b4e59ffd98fbe1d92004f2ce14ca0834451b943cd8f2f virtlogd.initd a4c4d26e4111931acbe7594451bf963a36c8db33c64b1bc447ab4758bb92803510bebee0511d6bc16ba80c289ab6f87e74377d47bf560412f9adb9c161a206d9 virtlockd.initd dfe042c596028125bf8548115de2922683829c4716f6b0efb8efc38518670e3e848481661b9714bb0664c1022b87e8f3c0773611fe10187b0bc588e2336ada0c musl-fix-includes.patch -a583c5981cda7fe2c17b5c7d4262399debea3e273124c43590cff029ce8d93868836ec1fe45d5776cd7ff26e31df577828e8541af56801a2b75eaa8f179cfc13 musl-stderr.patch" +a583c5981cda7fe2c17b5c7d4262399debea3e273124c43590cff029ce8d93868836ec1fe45d5776cd7ff26e31df577828e8541af56801a2b75eaa8f179cfc13 musl-stderr.patch +9f395a8be5c401b3e63f2a95154b2459ba4f9e5dffd0c9e0d96822f9e5b6b36c4b0b6e8e5de11fc280505d001ede0a196b477e60af95c6035daa7b29ca054d69 CVE-2020-12430.patch +f38df9102e6ae0c05428990043aefee379f0e40b4f1d253a90f5897a41e6fdde7b60d013c776afc7be2f006c1d930228b369f54fe71b137e981da1af464f3ea0 CVE-2019-20485.patch" diff --git a/main/libvirt/CVE-2019-20485.patch b/main/libvirt/CVE-2019-20485.patch new file mode 100644 index 00000000000..69e1a285737 --- /dev/null +++ b/main/libvirt/CVE-2019-20485.patch @@ -0,0 +1,171 @@ +From a663a860819287e041c3de672aad1d8543098ecc Mon Sep 17 00:00:00 2001 +From: Jonathon Jongsma <jjongsma@redhat.com> +Date: Thu, 5 Dec 2019 10:08:52 -0600 +Subject: [PATCH] qemu: don't hold both jobs for suspend + +We have to assume that the guest agent may be malicious so we don't want +to allow any agent queries to block any other libvirt API. By holding a +monitor job while we're querying the agent, we open ourselves up to a +DoS. + +So split the function up a bit to only hold the monitor job while +querying qemu for whether the domain supports suspend. Then acquire only +an agent job while issuing the agent suspend command. + +Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> +Signed-off-by: Michal Privoznik <mprivozn@redhat.com> +Reviewed-by: Michal Privoznik <mprivozn@redhat.com> +--- + src/qemu/qemu_driver.c | 94 ++++++++++++++++++++++++++++++------------------ + 1 files changed, 59 insertions(+), 35 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 2891faf..52cf27f 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -19759,6 +19759,59 @@ qemuDomainProbeQMPCurrentMachine(virQEMUDriverPtr driver, + } + + ++/* returns -1 on error, or if query is not supported, 0 if query was successful */ ++static int ++qemuDomainQueryWakeupSuspendSupport(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ bool *wakeupSupported) ++{ ++ qemuDomainObjPrivatePtr priv = vm->privateData; ++ int ret = -1; ++ ++ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE)) ++ return -1; ++ ++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) ++ return -1; ++ ++ if ((ret = virDomainObjCheckActive(vm)) < 0) ++ goto endjob; ++ ++ ret = qemuDomainProbeQMPCurrentMachine(driver, vm, wakeupSupported); ++ ++ endjob: ++ qemuDomainObjEndJob(driver, vm); ++ return ret; ++} ++ ++ ++static int ++qemuDomainPMSuspendAgent(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ unsigned int target) ++{ ++ qemuAgentPtr agent; ++ int ret = -1; ++ ++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0) ++ return -1; ++ ++ if ((ret = virDomainObjCheckActive(vm)) < 0) ++ goto endjob; ++ ++ if (!qemuDomainAgentAvailable(vm, true)) ++ goto endjob; ++ ++ agent = qemuDomainObjEnterAgent(vm); ++ ret = qemuAgentSuspend(agent, target); ++ qemuDomainObjExitAgent(vm, agent); ++ ++ endjob: ++ qemuDomainObjEndAgentJob(vm); ++ return ret; ++} ++ ++ + static int + qemuDomainPMSuspendForDuration(virDomainPtr dom, + unsigned int target, +@@ -19766,11 +19819,9 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom, + unsigned int flags) + { + virQEMUDriverPtr driver = dom->conn->privateData; +- qemuDomainObjPrivatePtr priv; + virDomainObjPtr vm; +- qemuAgentPtr agent; +- qemuDomainJob job = QEMU_JOB_NONE; + int ret = -1; ++ bool wakeupSupported; + + virCheckFlags(0, -1); + +@@ -19795,17 +19846,6 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom, + if (virDomainPMSuspendForDurationEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + +- priv = vm->privateData; +- +- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE)) +- job = QEMU_JOB_MODIFY; +- +- if (qemuDomainObjBeginJobWithAgent(driver, vm, job, QEMU_AGENT_JOB_MODIFY) < 0) +- goto cleanup; +- +- if (virDomainObjCheckActive(vm) < 0) +- goto endjob; +- + /* + * The case we want to handle here is when QEMU has the API (i.e. + * QEMU_CAPS_QUERY_CURRENT_MACHINE is set). Otherwise, do not interfere +@@ -19813,16 +19853,11 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom, + * that don't know about this cap, will keep their old behavior of + * suspending 'in the dark'. + */ +- if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_QUERY_CURRENT_MACHINE)) { +- bool wakeupSupported; +- +- if (qemuDomainProbeQMPCurrentMachine(driver, vm, &wakeupSupported) < 0) +- goto endjob; +- ++ if (qemuDomainQueryWakeupSuspendSupport(driver, vm, &wakeupSupported) == 0) { + if (!wakeupSupported) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("Domain does not have suspend support")); +- goto endjob; ++ goto cleanup; + } + } + +@@ -19832,29 +19867,18 @@ qemuDomainPMSuspendForDuration(virDomainPtr dom, + target == VIR_NODE_SUSPEND_TARGET_HYBRID)) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("S3 state is disabled for this domain")); +- goto endjob; ++ goto cleanup; + } + + if (vm->def->pm.s4 == VIR_TRISTATE_BOOL_NO && + target == VIR_NODE_SUSPEND_TARGET_DISK) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("S4 state is disabled for this domain")); +- goto endjob; ++ goto cleanup; + } + } + +- if (!qemuDomainAgentAvailable(vm, true)) +- goto endjob; +- +- agent = qemuDomainObjEnterAgent(vm); +- ret = qemuAgentSuspend(agent, target); +- qemuDomainObjExitAgent(vm, agent); +- +- endjob: +- if (job) +- qemuDomainObjEndJobWithAgent(driver, vm); +- else +- qemuDomainObjEndAgentJob(vm); ++ ret = qemuDomainPMSuspendAgent(driver, vm, target); + + cleanup: + virDomainObjEndAPI(&vm); +-- +1.7.1 + diff --git a/main/libvirt/CVE-2020-12430.patch b/main/libvirt/CVE-2020-12430.patch new file mode 100644 index 00000000000..0d2b9e0f754 --- /dev/null +++ b/main/libvirt/CVE-2020-12430.patch @@ -0,0 +1,44 @@ +From 9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 Mon Sep 17 00:00:00 2001 +From: Peter Krempa <pkrempa@redhat.com> +Date: Wed, 19 Feb 2020 08:40:59 +0100 +Subject: [PATCH] qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +qemuMonitorGetIOThreads returns a NULL-terminated list even when 0 +iothreads are present. The caller didn't perform cleanup if there were 0 +iothreads leaking the array. + +https://bugzilla.redhat.com/show_bug.cgi?id=1804548 + +Fixes: d1eac92784573559b6fd56836e33b215c89308e3 +Reported-by: Jing Yan <jiyan@redhat.com> +Signed-off-by: Peter Krempa <pkrempa@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +--- + src/qemu/qemu_driver.c | 8 ++++++-- + 1 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index f686b85..39e1f04 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -21759,8 +21759,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver, + if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0) + return -1; + +- if (niothreads == 0) +- return 0; ++ /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free ++ * it even if it returns 0 */ ++ if (niothreads == 0) { ++ ret = 0; ++ goto cleanup; ++ } + + if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0) + goto cleanup; +-- +1.7.1 + diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD index 390b4d840e2..09fa4810063 100644 --- a/main/libvorbis/APKBUILD +++ b/main/libvorbis/APKBUILD @@ -27,7 +27,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2017-14633 # 1.3.5-r3: # - CVE-2017-14160 -# - CVE-2018-10393 prepare() { default_prepare diff --git a/main/libx11/APKBUILD b/main/libx11/APKBUILD index 827f32e2442..f00f435e69c 100644 --- a/main/libx11/APKBUILD +++ b/main/libx11/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libx11 -pkgver=1.6.7 +pkgver=1.6.12 pkgrel=0 pkgdesc="X11 client-side library" url="http://xorg.freedesktop.org/" @@ -15,6 +15,10 @@ source="https://www.x.org/releases/individual/lib/libX11-$pkgver.tar.bz2" builddir="$srcdir"/libX11-$pkgver # secfixes: +# 1.6.12-r0: +# - CVE-2020-14363 +# 1.6.10-r0: +# - CVE-2020-14344 # 1.6.6-r0: # - CVE-2018-14598 # - CVE-2018-14599 @@ -44,4 +48,4 @@ package() { install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING } -sha512sums="edd2273b9dadbbf90ad8d7b5715db29eb120a5a22ad2595f697e56532cc24b84e358580c00548fa6be8e9d26601a2b2cdab32272c59266709534317abbd05cd5 libX11-1.6.7.tar.bz2" +sha512sums="79df7d61d9009b0dd3b65f67a62189aa0a43799c01026b3d2d534092596a0b67f246af5e398a89eb1ccc61a27335f81be8262b8a39768a76f62d862cd7415a47 libX11-1.6.12.tar.bz2" diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD index 2f2d4f25c48..0636a38dc4f 100644 --- a/main/libxml2/APKBUILD +++ b/main/libxml2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libxml2 pkgver=2.9.9 -pkgrel=2 +pkgrel=3 pkgdesc="XML parsing library, version 2" url="http://www.xmlsoft.org/" arch="all" @@ -16,10 +16,13 @@ options="!strip" source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz fix-null-pointer-dereference.patch CVE-2019-19956.patch + CVE-2020-24977.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 2.9.9-r3: +# - CVE-2020-24977 # 2.9.9-r2: # - CVE-2019-19956 # 2.9.8-r1: @@ -114,4 +117,5 @@ utils() { sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810 libxml2-2.9.9.tar.gz 83074e582cdba8bedff40fc653731ad18ca357bde8f1420e2e8a2a38998b951aebcb73ca5d51859be3b4d9bc1a0308836ca2bb612269edbc61b9dd6ebc7fdb2a fix-null-pointer-dereference.patch -0e03d0dcfae1e99e06c7a4c9a4d863a1518589e403d79665727883b27d7c0d7026b18e29b7c68df41138fbdffb88d977c5ef10ce2ffb96d1a6255304d89c2bb6 CVE-2019-19956.patch" +0e03d0dcfae1e99e06c7a4c9a4d863a1518589e403d79665727883b27d7c0d7026b18e29b7c68df41138fbdffb88d977c5ef10ce2ffb96d1a6255304d89c2bb6 CVE-2019-19956.patch +dfc6fa0232bd94635c66535734175c04e8b7461c216e1337da68d7c5dce36fc750f787f2ee08ef6d91521df55c45f4ae235f8f44bea697a7c734a3b62c9fab60 CVE-2020-24977.patch" diff --git a/main/libxml2/CVE-2020-24977.patch b/main/libxml2/CVE-2020-24977.patch new file mode 100644 index 00000000000..cd348c2aa52 --- /dev/null +++ b/main/libxml2/CVE-2020-24977.patch @@ -0,0 +1,30 @@ +Found by OSS-Fuzz + +diff --git a/xmlschemastypes.c b/xmlschemastypes.c +index ca381d3..dd9eac1 100644 +--- a/xmlschemastypes.c ++++ b/xmlschemastypes.c +@@ -3628,6 +3628,8 @@ xmlSchemaCompareDurations(xmlSchemaValPtr x, xmlSchemaValPtr y) + minday = 0; + maxday = 0; + } else { ++ if (myear > LONG_MAX / 366) ++ return -2; + maxday = 366 * ((myear + 3) / 4) + + 365 * ((myear - 1) % 4); + minday = maxday - 1; +@@ -4014,6 +4016,14 @@ xmlSchemaCompareDates (xmlSchemaValPtr x, xmlSchemaValPtr y) + if ((x == NULL) || (y == NULL)) + return -2; + ++ if ((x->value.date.year > LONG_MAX / 366) || ++ (x->value.date.year < LONG_MIN / 366) || ++ (y->value.date.year > LONG_MAX / 366) || ++ (y->value.date.year < LONG_MIN / 366)) { ++ /* Possible overflow when converting to days. */ ++ return -2; ++ } ++ + if (x->value.date.tz_flag) { + + if (!y->value.date.tz_flag) { diff --git a/main/linux-vanilla/APKBUILD b/main/linux-vanilla/APKBUILD index bf43db74ba6..5836d27727b 100644 --- a/main/linux-vanilla/APKBUILD +++ b/main/linux-vanilla/APKBUILD @@ -2,7 +2,7 @@ _flavor=vanilla pkgname=linux-${_flavor} -pkgver=4.19.98 +pkgver=4.19.118 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -22,7 +22,6 @@ source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver config-vanilla.armv7 config-vanilla.x86 config-vanilla.x86_64 - config-vanilla.ppc config-vanilla.ppc64le config-vanilla.s390x @@ -222,15 +221,14 @@ _dev() { } sha512sums="ab67cc746b375a8b135e8b23e35e1d6787930d19b3c26b2679787d62951cbdbc3bb66f8ededeb9b890e5008b2459397f9018f1a6772fdef67780b06a4cb9f6f4 linux-4.19.tar.xz -f70b11a82936b044f4d82f241554c974ab0bf17e8c205617a2c4739064556c1e70fa50b57885da21ae0d54c97f0f3abaa65f362b550e8e2cbd69ed0d8e39a36b config-vanilla.aarch64 -081322c29496bd741a8d185185898f3138c17ead22ccd57f46641c15eaaba2ad4c9ce25506cde1f1cc99e767f505424e46e2202d1e5f2776be7187b7d2b3190c config-vanilla.armhf -081322c29496bd741a8d185185898f3138c17ead22ccd57f46641c15eaaba2ad4c9ce25506cde1f1cc99e767f505424e46e2202d1e5f2776be7187b7d2b3190c config-vanilla.armv7 -8fc0073543319c9f160dbade80a91f45b8035b8611f8d369f0816be6d06f9149e4cef6a80398832055bcec55843ae3c6208bee50b9572350aa92fc922456b12b config-vanilla.x86 -3cea3db9e1ec315332903f0efface63d09ceaa9563841c10210dba2e2149fd9dc8e1021581ab80e7fc2c3ee7f169165a16be97c11f85675d28334175fe3e621c config-vanilla.x86_64 -96651aca476c905c04d616565a2dd08066167c1d4887e2ddc86c4b7cdda44257ef633a9bcf745a91f00f88023dde8f1804c56b258e7e99232bb8bfa25d0ba4db config-vanilla.ppc -9f1214efe9ed22b640b7f769c8869bef806e9164205b4228c999f85cc53c3153358b8eaa15892f2ab95c589fa06b00288695349d9a298fb7cf7a32b05931fb45 config-vanilla.ppc64le -0e33770ed93acc74e30f8d33445a6bc1412ba9bb8c16e1ecb4da046b78e46b14d6b47f1d4ba9786dd8d77bc138e5ea08d4f852d9845055caaa292090ca3361e7 config-vanilla.s390x -986d63ab6d104320f362be4e9534cd7916c4e8a460e2ff459e8aebe39aa77c4ebcffd6f1e0e585c7cf1736b4163b948aa30b87a8eea9b3e7db8cf42ddb7d5dd3 config-virt.aarch64 -0d566b91f54e25ddfcb085909a819485f835ca0022cba4fb5d37e41a64d1832d9540fa5da58f925c0b703907c4a22e378bff1e674c2f69827a20e2701d85e7ec config-virt.x86 -8e6db66a1df52ec336b965fd989bd0ffcfbd09c91946522a8b22eb314956167b743615684c748c71fbe26893b55252810d22165a0a601285ec6c0888fe234422 config-virt.x86_64 -5e87edc8475864f99018ccac64102f3000fdc7fcb6669d497ee1d9116334c53b82d7c1bea2411ef76d59961cb3a3882d75ff82c61c190a999b7a6be08ad41d06 patch-4.19.98.xz" +0e7f4cd857519d307b87dc3ef7860b8420e5c3da70e2814b648f3c5a298f56e9e5cede50f1223f441ebb7231e5f36eb2654c3be579335329daf1e74f7a4c941d config-vanilla.aarch64 +2b0b7cfff2ee6e0622e0113efcf379f9ecfe4dfd49e22a634cb2a8a094680b13974994c1b844deebd67d8bde3fd84414cb6f2cd3ad6a8808c11af4c898d1c6b2 config-vanilla.armhf +2b0b7cfff2ee6e0622e0113efcf379f9ecfe4dfd49e22a634cb2a8a094680b13974994c1b844deebd67d8bde3fd84414cb6f2cd3ad6a8808c11af4c898d1c6b2 config-vanilla.armv7 +e04de3450d02245bd7f8eca6502e7c3d62bbab4f154a80c79d30dfbd996fccedfb050f6305bddc4ad7bf868eea5456bdbd578a4bd1ef73e96b4cd09347acf1b6 config-vanilla.x86 +0887328ce1d886e21774d895aa5e0abffd3ab070480fab1433d569954e74271052cdbff7db4e59722fbc3911f17db4acddf8757546235f8c1d941dc46f266cbd config-vanilla.x86_64 +107b4419c439aec04fffa466a9e33f58720ee4372ea75bc05b46653a6cdc815a2238c7e38c5f5382e36fb4080147e9ba8eb64bf918ab843ef51107fbf4d02056 config-vanilla.ppc64le +c1c31f6d4b2d5cf710659a18fe6580e8546865ccc7b3d908a7a200a29e3024d4c05111ddfdc430d55bb8b153e7e3bd1a4fa7da1344dc390d3347db28e48273d7 config-vanilla.s390x +bb73130a966f4d8bbb0e81c735b76ce6cca5fece05c95411bae95e044b82922528ff515328fff010f8e0b433c6f315bc36e968f93d3eb718f97a85d0debf4354 config-virt.aarch64 +7f6a4c3cb89b9582b90513860ada012e37d377dd4d5760ccaf57586af5c359c910c00dd7e7d9185bdcdf136e8e2c2c705218273f977e942bd2cc2792fdda55db config-virt.x86 +bb3ee3538228c80f6afc25610e565c3e580ad6640816a26b55527d9d694d59b120b9c3b1c28d6578b5d448a0f8bb44f34c8d5c21e61197c25e822b053e842a34 config-virt.x86_64 +55d9cf9dc2fe87ea0cb788a7c9abc71307be1b2420cd446e4281634c1fbb077510da2f067c12094f6c38c87bad26a39dd1d553e4afc9b73baa6a0ffa18eaafd2 patch-4.19.118.xz" diff --git a/main/linux-vanilla/config-vanilla.aarch64 b/main/linux-vanilla/config-vanilla.aarch64 index 9aee6eba504..d2d6910d601 100644 --- a/main/linux-vanilla/config-vanilla.aarch64 +++ b/main/linux-vanilla/config-vanilla.aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.19.50 Kernel Configuration +# Linux/arm64 4.19.118 Kernel Configuration # # @@ -563,6 +563,7 @@ CONFIG_ARM_SDE_INTERFACE=y CONFIG_FIRMWARE_MEMMAP=y CONFIG_DMIID=y # CONFIG_DMI_SYSFS is not set +# CONFIG_ISCSI_IBFT is not set CONFIG_RASPBERRYPI_FIRMWARE=m CONFIG_FW_CFG_SYSFS=m # CONFIG_FW_CFG_SYSFS_CMDLINE is not set @@ -1804,6 +1805,7 @@ CONFIG_DEBUG_DEVRES=y # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set CONFIG_SYS_HYPERVISOR=y CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_SOC_BUS=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m @@ -2552,6 +2554,7 @@ CONFIG_ACENIC=m # CONFIG_ACENIC_OMIT_TIGON_I is not set CONFIG_ALTERA_TSE=m CONFIG_NET_VENDOR_AMAZON=y +CONFIG_ENA_ETHERNET=m CONFIG_NET_VENDOR_AMD=y CONFIG_AMD8111_ETH=m CONFIG_PCNET32=m @@ -2837,7 +2840,7 @@ CONFIG_SWPHY=y CONFIG_SFP=m CONFIG_AMD_PHY=m CONFIG_AQUANTIA_PHY=m -# CONFIG_ASIX_PHY is not set +# CONFIG_AX88796B_PHY is not set CONFIG_AT803X_PHY=m CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m @@ -5191,10 +5194,10 @@ CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # # Frame buffer Devices # -CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_DDC=m CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -5978,7 +5981,6 @@ CONFIG_USB_EMI62=m CONFIG_USB_EMI26=m CONFIG_USB_ADUTUX=m CONFIG_USB_SEVSEG=m -CONFIG_USB_RIO500=m # CONFIG_USB_LEGOTOWER is not set CONFIG_USB_LCD=m CONFIG_USB_CYPRESS_CY7C63=m diff --git a/main/linux-vanilla/config-vanilla.armhf b/main/linux-vanilla/config-vanilla.armhf index 4d5da5e2ecc..62d7cc480a8 100644 --- a/main/linux-vanilla/config-vanilla.armhf +++ b/main/linux-vanilla/config-vanilla.armhf @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.19.50 Kernel Configuration +# Linux/arm 4.19.118 Kernel Configuration # # @@ -2225,7 +2225,6 @@ CONFIG_MDIO_DEVICE=y CONFIG_MDIO_BUS=y CONFIG_MDIO_BCM_UNIMAC=m CONFIG_MDIO_BITBANG=m -CONFIG_MDIO_BUS_MUX=m # CONFIG_MDIO_BUS_MUX_GPIO is not set # CONFIG_MDIO_BUS_MUX_MMIOREG is not set CONFIG_MDIO_GPIO=m @@ -2241,7 +2240,7 @@ CONFIG_SWPHY=y # CONFIG_AMD_PHY=m CONFIG_AQUANTIA_PHY=m -# CONFIG_ASIX_PHY is not set +# CONFIG_AX88796B_PHY is not set # CONFIG_AT803X_PHY is not set CONFIG_BCM7XXX_PHY=m CONFIG_BCM87XX_PHY=m @@ -4104,10 +4103,10 @@ CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # # Frame buffer Devices # -CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_CMDLINE=y CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y CONFIG_FB_CFB_IMAGEBLIT=y @@ -4742,7 +4741,6 @@ CONFIG_USB_EMI62=m CONFIG_USB_EMI26=m CONFIG_USB_ADUTUX=m CONFIG_USB_SEVSEG=m -CONFIG_USB_RIO500=m # CONFIG_USB_LEGOTOWER is not set CONFIG_USB_LCD=m CONFIG_USB_CYPRESS_CY7C63=m @@ -5277,11 +5275,6 @@ CONFIG_REMOTEPROC=m CONFIG_RPMSG=m # CONFIG_RPMSG_CHAR is not set CONFIG_RPMSG_VIRTIO=m -CONFIG_SOUNDWIRE=y - -# -# SoundWire Devices -# # # SOC (System On Chip) specific Drivers @@ -6252,7 +6245,6 @@ CONFIG_ARM_UNWIND=y CONFIG_OLD_MCOUNT=y # CONFIG_DEBUG_USER is not set # CONFIG_DEBUG_LL is not set -CONFIG_DEBUG_IMX_UART_PORT=1 CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S" CONFIG_UNCOMPRESS_INCLUDE="debug/uncompress.h" # CONFIG_ARM_KPROBES_TEST is not set diff --git a/main/linux-vanilla/config-vanilla.ppc b/main/linux-vanilla/config-vanilla.ppc deleted file mode 100644 index 23720e922a4..00000000000 --- a/main/linux-vanilla/config-vanilla.ppc +++ /dev/null @@ -1,3731 +0,0 @@ -# -# Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.14.13 Kernel Configuration -# -# CONFIG_PPC64 is not set - -# -# Processor support -# -CONFIG_PPC_BOOK3S_32=y -# CONFIG_PPC_85xx is not set -# CONFIG_PPC_8xx is not set -# CONFIG_40x is not set -# CONFIG_44x is not set -# CONFIG_E200 is not set -CONFIG_PPC_BOOK3S=y -CONFIG_6xx=y -CONFIG_PPC_FPU=y -CONFIG_ALTIVEC=y -CONFIG_PPC_STD_MMU=y -CONFIG_PPC_STD_MMU_32=y -# CONFIG_PPC_MM_SLICES is not set -CONFIG_PPC_HAVE_PMU_SUPPORT=y -CONFIG_PPC_PERF_CTRS=y -# CONFIG_FORCE_SMP is not set -# CONFIG_SMP is not set -# CONFIG_PPC_DOORBELL is not set -CONFIG_VDSO32=y -CONFIG_CPU_BIG_ENDIAN=y -CONFIG_PPC32=y -CONFIG_32BIT=y -# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set -# CONFIG_ARCH_DMA_ADDR_T_64BIT is not set -CONFIG_MMU=y -CONFIG_ARCH_MMAP_RND_BITS_MAX=17 -CONFIG_ARCH_MMAP_RND_BITS_MIN=11 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=17 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=11 -# CONFIG_HAVE_SETUP_PER_CPU_AREA is not set -# CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK is not set -CONFIG_NR_IRQS=512 -CONFIG_STACKTRACE_SUPPORT=y -CONFIG_TRACE_IRQFLAGS_SUPPORT=y -CONFIG_LOCKDEP_SUPPORT=y -CONFIG_RWSEM_XCHGADD_ALGORITHM=y -CONFIG_GENERIC_HWEIGHT=y -CONFIG_ARCH_HAS_DMA_SET_COHERENT_MASK=y -CONFIG_PPC=y -# CONFIG_GENERIC_CSUM is not set -CONFIG_EARLY_PRINTK=y -CONFIG_PANIC_TIMEOUT=180 -CONFIG_GENERIC_NVRAM=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -CONFIG_ARCH_MAY_HAVE_PC_FDC=y -# CONFIG_PPC_UDBG_16550 is not set -# CONFIG_GENERIC_TBSYNC is not set -CONFIG_AUDIT_ARCH=y -CONFIG_GENERIC_BUG=y -CONFIG_SYS_SUPPORTS_APM_EMULATION=y -# CONFIG_EPAPR_BOOT is not set -# CONFIG_DEFAULT_UIMAGE is not set -CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_SUSPEND_POSSIBLE=y -# CONFIG_PPC_DCR_NATIVE is not set -# CONFIG_PPC_DCR_MMIO is not set -CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y -CONFIG_ARCH_SUPPORTS_UPROBES=y -CONFIG_PGTABLE_LEVELS=2 -CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" -CONFIG_IRQ_WORK=y -CONFIG_BUILDTIME_EXTABLE_SORT=y - -# -# General setup -# -CONFIG_BROKEN_ON_SMP=y -CONFIG_INIT_ENV_ARG_LIMIT=32 -CONFIG_CROSS_COMPILE="" -# CONFIG_COMPILE_TEST is not set -CONFIG_LOCALVERSION="" -# CONFIG_LOCALVERSION_AUTO is not set -CONFIG_HAVE_KERNEL_GZIP=y -CONFIG_KERNEL_GZIP=y -CONFIG_DEFAULT_HOSTNAME="(none)" -CONFIG_SWAP=y -CONFIG_SYSVIPC=y -CONFIG_SYSVIPC_SYSCTL=y -CONFIG_POSIX_MQUEUE=y -CONFIG_POSIX_MQUEUE_SYSCTL=y -CONFIG_CROSS_MEMORY_ATTACH=y -CONFIG_FHANDLE=y -CONFIG_USELIB=y -CONFIG_AUDIT=y -CONFIG_HAVE_ARCH_AUDITSYSCALL=y - -# -# IRQ subsystem -# -CONFIG_GENERIC_IRQ_SHOW=y -CONFIG_GENERIC_IRQ_SHOW_LEVEL=y -CONFIG_IRQ_DOMAIN=y -# CONFIG_IRQ_DOMAIN_DEBUG is not set -CONFIG_IRQ_FORCED_THREADING=y -CONFIG_SPARSE_IRQ=y -# CONFIG_GENERIC_IRQ_DEBUGFS is not set -CONFIG_GENERIC_TIME_VSYSCALL=y -CONFIG_GENERIC_CLOCKEVENTS=y -CONFIG_GENERIC_CMOS_UPDATE=y - -# -# Timers subsystem -# -CONFIG_TICK_ONESHOT=y -CONFIG_NO_HZ_COMMON=y -# CONFIG_HZ_PERIODIC is not set -CONFIG_NO_HZ_IDLE=y -CONFIG_NO_HZ=y -CONFIG_HIGH_RES_TIMERS=y - -# -# CPU/Task time and stats accounting -# -CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set -# CONFIG_IRQ_TIME_ACCOUNTING is not set -# CONFIG_BSD_PROCESS_ACCT is not set -# CONFIG_TASKSTATS is not set - -# -# RCU Subsystem -# -CONFIG_TINY_RCU=y -# CONFIG_RCU_EXPERT is not set -CONFIG_SRCU=y -CONFIG_TINY_SRCU=y -# CONFIG_TASKS_RCU is not set -# CONFIG_RCU_STALL_COMMON is not set -# CONFIG_RCU_NEED_SEGCBLIST is not set -CONFIG_BUILD_BIN2C=y -CONFIG_IKCONFIG=y -CONFIG_IKCONFIG_PROC=y -CONFIG_LOG_BUF_SHIFT=14 -CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 -# CONFIG_CGROUPS is not set -# CONFIG_CHECKPOINT_RESTORE is not set -CONFIG_NAMESPACES=y -CONFIG_UTS_NS=y -CONFIG_IPC_NS=y -# CONFIG_USER_NS is not set -CONFIG_PID_NS=y -CONFIG_NET_NS=y -# CONFIG_SCHED_AUTOGROUP is not set -# CONFIG_SYSFS_DEPRECATED is not set -# CONFIG_RELAY is not set -CONFIG_BLK_DEV_INITRD=y -CONFIG_INITRAMFS_SOURCE="" -CONFIG_RD_GZIP=y -CONFIG_RD_BZIP2=y -CONFIG_RD_LZMA=y -CONFIG_RD_XZ=y -CONFIG_RD_LZO=y -CONFIG_RD_LZ4=y -CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y -# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set -CONFIG_SYSCTL=y -CONFIG_ANON_INODES=y -CONFIG_SYSCTL_EXCEPTION_TRACE=y -CONFIG_BPF=y -# CONFIG_EXPERT is not set -CONFIG_MULTIUSER=y -CONFIG_SGETMASK_SYSCALL=y -CONFIG_SYSFS_SYSCALL=y -# CONFIG_SYSCTL_SYSCALL is not set -CONFIG_POSIX_TIMERS=y -CONFIG_KALLSYMS=y -CONFIG_KALLSYMS_ALL=y -# CONFIG_KALLSYMS_ABSOLUTE_PERCPU is not set -CONFIG_KALLSYMS_BASE_RELATIVE=y -CONFIG_PRINTK=y -CONFIG_PRINTK_NMI=y -CONFIG_BUG=y -CONFIG_ELF_CORE=y -CONFIG_BASE_FULL=y -CONFIG_FUTEX=y -CONFIG_FUTEX_PI=y -CONFIG_EPOLL=y -CONFIG_SIGNALFD=y -CONFIG_TIMERFD=y -CONFIG_EVENTFD=y -# CONFIG_BPF_SYSCALL is not set -CONFIG_SHMEM=y -CONFIG_AIO=y -CONFIG_ADVISE_SYSCALLS=y -# CONFIG_USERFAULTFD is not set -CONFIG_PCI_QUIRKS=y -CONFIG_MEMBARRIER=y -# CONFIG_EMBEDDED is not set -CONFIG_HAVE_PERF_EVENTS=y -# CONFIG_PC104 is not set - -# -# Kernel Performance Events And Counters -# -CONFIG_PERF_EVENTS=y -CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y -# CONFIG_COMPAT_BRK is not set -# CONFIG_SLAB is not set -CONFIG_SLUB=y -CONFIG_SLAB_MERGE_DEFAULT=y -# CONFIG_SLAB_FREELIST_RANDOM is not set -# CONFIG_SLAB_FREELIST_HARDENED is not set -# CONFIG_SYSTEM_DATA_VERIFICATION is not set -CONFIG_PROFILING=y -CONFIG_TRACEPOINTS=y -CONFIG_OPROFILE=y -CONFIG_HAVE_OPROFILE=y -# CONFIG_KPROBES is not set -# CONFIG_JUMP_LABEL is not set -CONFIG_UPROBES=y -# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y -CONFIG_ARCH_USE_BUILTIN_BSWAP=y -CONFIG_HAVE_IOREMAP_PROT=y -CONFIG_HAVE_KPROBES=y -CONFIG_HAVE_KRETPROBES=y -CONFIG_HAVE_KPROBES_ON_FTRACE=y -CONFIG_HAVE_NMI=y -CONFIG_HAVE_ARCH_TRACEHOOK=y -CONFIG_GENERIC_SMP_IDLE_THREAD=y -CONFIG_ARCH_HAS_FORTIFY_SOURCE=y -CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y -CONFIG_HAVE_DMA_API_DEBUG=y -CONFIG_HAVE_HW_BREAKPOINT=y -CONFIG_HAVE_PERF_REGS=y -CONFIG_HAVE_PERF_USER_STACK_DUMP=y -CONFIG_HAVE_ARCH_JUMP_LABEL=y -CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y -CONFIG_ARCH_WEAK_RELEASE_ACQUIRE=y -CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y -CONFIG_HAVE_ARCH_SECCOMP_FILTER=y -CONFIG_SECCOMP_FILTER=y -CONFIG_HAVE_GCC_PLUGINS=y -# CONFIG_GCC_PLUGINS is not set -# CONFIG_CC_STACKPROTECTOR is not set -CONFIG_THIN_ARCHIVES=y -CONFIG_HAVE_VIRT_CPU_ACCOUNTING=y -CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y -CONFIG_HAVE_MOD_ARCH_SPECIFIC=y -CONFIG_MODULES_USE_ELF_RELA=y -CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y -CONFIG_ARCH_HAS_ELF_RANDOMIZE=y -CONFIG_HAVE_ARCH_MMAP_RND_BITS=y -CONFIG_ARCH_MMAP_RND_BITS=11 -# CONFIG_HAVE_ARCH_HASH is not set -# CONFIG_ISA_BUS_API is not set -CONFIG_CLONE_BACKWARDS=y -CONFIG_OLD_SIGSUSPEND=y -CONFIG_OLD_SIGACTION=y -# CONFIG_CPU_NO_EFFICIENT_FFS is not set -# CONFIG_HAVE_ARCH_VMAP_STACK is not set -# CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set -# CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set -# CONFIG_ARCH_HAS_STRICT_KERNEL_RWX is not set -# CONFIG_ARCH_HAS_STRICT_MODULE_RWX is not set -# CONFIG_REFCOUNT_FULL is not set - -# -# GCOV-based kernel profiling -# -# CONFIG_GCOV_KERNEL is not set -CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y -# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set -CONFIG_SLABINFO=y -CONFIG_RT_MUTEXES=y -CONFIG_BASE_SMALL=0 -CONFIG_MODULES=y -# CONFIG_MODULE_FORCE_LOAD is not set -CONFIG_MODULE_UNLOAD=y -CONFIG_MODULE_FORCE_UNLOAD=y -# CONFIG_MODVERSIONS is not set -# CONFIG_MODULE_SRCVERSION_ALL is not set -# CONFIG_MODULE_SIG is not set -# CONFIG_MODULE_COMPRESS is not set -# CONFIG_TRIM_UNUSED_KSYMS is not set -CONFIG_MODULES_TREE_LOOKUP=y -CONFIG_BLOCK=y -CONFIG_LBDAF=y -CONFIG_BLK_SCSI_REQUEST=y -CONFIG_BLK_DEV_BSG=y -CONFIG_BLK_DEV_BSGLIB=y -# CONFIG_BLK_DEV_INTEGRITY is not set -# CONFIG_BLK_DEV_ZONED is not set -# CONFIG_BLK_CMDLINE_PARSER is not set -# CONFIG_BLK_WBT is not set -CONFIG_BLK_DEBUG_FS=y -# CONFIG_BLK_SED_OPAL is not set - -# -# Partition Types -# -CONFIG_PARTITION_ADVANCED=y -# CONFIG_ACORN_PARTITION is not set -# CONFIG_AIX_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -CONFIG_MAC_PARTITION=y -CONFIG_MSDOS_PARTITION=y -# CONFIG_BSD_DISKLABEL is not set -# CONFIG_MINIX_SUBPARTITION is not set -# CONFIG_SOLARIS_X86_PARTITION is not set -# CONFIG_UNIXWARE_DISKLABEL is not set -# CONFIG_LDM_PARTITION is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_KARMA_PARTITION is not set -CONFIG_EFI_PARTITION=y -# CONFIG_SYSV68_PARTITION is not set -# CONFIG_CMDLINE_PARTITION is not set -CONFIG_BLK_MQ_PCI=y - -# -# IO Schedulers -# -CONFIG_IOSCHED_NOOP=y -CONFIG_IOSCHED_DEADLINE=y -CONFIG_IOSCHED_CFQ=y -# CONFIG_DEFAULT_DEADLINE is not set -CONFIG_DEFAULT_CFQ=y -# CONFIG_DEFAULT_NOOP is not set -CONFIG_DEFAULT_IOSCHED="cfq" -CONFIG_MQ_IOSCHED_DEADLINE=y -CONFIG_MQ_IOSCHED_KYBER=y -# CONFIG_IOSCHED_BFQ is not set -CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -CONFIG_INLINE_READ_UNLOCK=y -CONFIG_INLINE_READ_UNLOCK_IRQ=y -CONFIG_INLINE_WRITE_UNLOCK=y -CONFIG_INLINE_WRITE_UNLOCK_IRQ=y -CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y -CONFIG_FREEZER=y -# CONFIG_PPC_XICS is not set -# CONFIG_PPC_ICP_NATIVE is not set -# CONFIG_PPC_ICP_HV is not set -# CONFIG_PPC_ICS_RTAS is not set -# CONFIG_PPC_XIVE is not set -# CONFIG_PPC_XIVE_SPAPR is not set -# CONFIG_GE_FPGA is not set - -# -# Platform support -# -# CONFIG_PPC_CHRP is not set -# CONFIG_PPC_MPC512x is not set -# CONFIG_PPC_MPC52xx is not set -CONFIG_PPC_PMAC=y -# CONFIG_PPC_CELL is not set -# CONFIG_PPC_CELL_NATIVE is not set -# CONFIG_PPC_82xx is not set -# CONFIG_PQ2ADS is not set -# CONFIG_PPC_83xx is not set -# CONFIG_PPC_86xx is not set -# CONFIG_EMBEDDED6xx is not set -# CONFIG_AMIGAONE is not set -# CONFIG_KVM_GUEST is not set -# CONFIG_EPAPR_PARAVIRT is not set -CONFIG_PPC_NATIVE=y -CONFIG_PPC_OF_BOOT_TRAMPOLINE=y -# CONFIG_IPIC is not set -CONFIG_MPIC=y -# CONFIG_PPC_EPAPR_HV_PIC is not set -# CONFIG_MPIC_WEIRD is not set -# CONFIG_MPIC_MSGR is not set -# CONFIG_PPC_I8259 is not set -# CONFIG_PPC_RTAS is not set -# CONFIG_MMIO_NVRAM is not set -# CONFIG_MPIC_U3_HT_IRQS is not set -CONFIG_PPC_MPC106=y -# CONFIG_PPC_970_NAP is not set -# CONFIG_PPC_P7_NAP is not set - -# -# CPU Frequency scaling -# -CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_STAT=y -CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set -CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=y -CONFIG_CPU_FREQ_GOV_USERSPACE=y -# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set -# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set - -# -# CPU frequency scaling drivers -# -CONFIG_CPU_FREQ_PMAC=y - -# -# CPUIdle driver -# - -# -# CPU Idle -# -# CONFIG_CPU_IDLE is not set -# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set -CONFIG_PPC601_SYNC_FIX=y -# CONFIG_TAU is not set -# CONFIG_FSL_ULI1575 is not set -CONFIG_GEN_RTC=y -# CONFIG_SIMPLE_GPIO is not set - -# -# Kernel options -# -CONFIG_HIGHMEM=y -# CONFIG_HZ_100 is not set -CONFIG_HZ_250=y -# CONFIG_HZ_300 is not set -# CONFIG_HZ_1000 is not set -CONFIG_HZ=250 -CONFIG_SCHED_HRTICK=y -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set -# CONFIG_PREEMPT is not set -CONFIG_BINFMT_ELF=y -CONFIG_ELFCORE=y -CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y -CONFIG_BINFMT_SCRIPT=y -# CONFIG_HAVE_AOUT is not set -CONFIG_BINFMT_MISC=m -CONFIG_COREDUMP=y -# CONFIG_IOMMU_HELPER is not set -# CONFIG_SWIOTLB is not set -CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y -CONFIG_ARCH_HAS_WALK_MEMORY=y -CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y -# CONFIG_KEXEC is not set -# CONFIG_CRASH_DUMP is not set -CONFIG_ARCH_FLATMEM_ENABLE=y -CONFIG_ILLEGAL_POINTER_VALUE=0 -CONFIG_FLATMEM=y -CONFIG_FLAT_NODE_MEM_MAP=y -CONFIG_HAVE_MEMBLOCK=y -CONFIG_HAVE_MEMBLOCK_NODE_MAP=y -CONFIG_HAVE_GENERIC_GUP=y -CONFIG_NO_BOOTMEM=y -# CONFIG_HAVE_BOOTMEM_INFO_NODE is not set -CONFIG_SPLIT_PTLOCK_CPUS=4 -CONFIG_COMPACTION=y -CONFIG_MIGRATION=y -# CONFIG_PHYS_ADDR_T_64BIT is not set -CONFIG_BOUNCE=y -CONFIG_VIRT_TO_BUS=y -# CONFIG_KSM is not set -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 -# CONFIG_ARCH_WANTS_THP_SWAP is not set -CONFIG_NEED_PER_CPU_KM=y -# CONFIG_CLEANCACHE is not set -# CONFIG_FRONTSWAP is not set -# CONFIG_CMA is not set -# CONFIG_ZPOOL is not set -# CONFIG_ZBUD is not set -# CONFIG_ZSMALLOC is not set -CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y -# CONFIG_IDLE_PAGE_TRACKING is not set -# CONFIG_PERCPU_STATS is not set -CONFIG_PPC_4K_PAGES=y -CONFIG_THREAD_SHIFT=13 -CONFIG_FORCE_MAX_ZONEORDER=11 -# CONFIG_PPC_COPRO_BASE is not set -# CONFIG_CMDLINE_BOOL is not set -CONFIG_EXTRA_TARGETS="" -CONFIG_ARCH_WANTS_FREEZER_CONTROL=y -CONFIG_SUSPEND=y -CONFIG_SUSPEND_FREEZER=y -CONFIG_HIBERNATE_CALLBACKS=y -CONFIG_HIBERNATION=y -CONFIG_PM_STD_PARTITION="" -CONFIG_PM_SLEEP=y -# CONFIG_PM_AUTOSLEEP is not set -# CONFIG_PM_WAKELOCKS is not set -CONFIG_PM=y -CONFIG_PM_DEBUG=y -# CONFIG_PM_ADVANCED_DEBUG is not set -# CONFIG_PM_TEST_SUSPEND is not set -CONFIG_PM_SLEEP_DEBUG=y -CONFIG_APM_EMULATION=y -# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set -CONFIG_SECCOMP=y -CONFIG_ISA_DMA_API=y - -# -# Bus options -# -CONFIG_ZONE_DMA=y -# CONFIG_NEED_DMA_MAP_STATE is not set -CONFIG_NEED_SG_DMA_LENGTH=y -CONFIG_GENERIC_ISA_DMA=y -CONFIG_PPC_INDIRECT_PCI=y -# CONFIG_FSL_LBC is not set -CONFIG_PCI=y -CONFIG_PCI_DOMAINS=y -CONFIG_PCI_SYSCALL=y -# CONFIG_PCIEPORTBUS is not set -# CONFIG_PCI_MSI is not set -# CONFIG_PCI_DEBUG is not set -# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set -# CONFIG_PCI_STUB is not set -# CONFIG_PCI_IOV is not set -# CONFIG_PCI_PRI is not set -# CONFIG_PCI_PASID is not set -# CONFIG_HOTPLUG_PCI is not set - -# -# DesignWare PCI Core Support -# - -# -# PCI host controller drivers -# - -# -# PCI Endpoint -# -# CONFIG_PCI_ENDPOINT is not set - -# -# PCI switch controller drivers -# -# CONFIG_PCI_SW_SWITCHTEC is not set -CONFIG_PCCARD=m -CONFIG_PCMCIA=m -CONFIG_PCMCIA_LOAD_CIS=y -CONFIG_CARDBUS=y - -# -# PC-card bridges -# -CONFIG_YENTA=m -CONFIG_YENTA_O2=y -CONFIG_YENTA_RICOH=y -CONFIG_YENTA_TI=y -CONFIG_YENTA_ENE_TUNE=y -CONFIG_YENTA_TOSHIBA=y -# CONFIG_PD6729 is not set -# CONFIG_I82092 is not set -CONFIG_PCCARD_NONSTATIC=y -# CONFIG_HAS_RAPIDIO is not set -# CONFIG_RAPIDIO is not set -# CONFIG_NONSTATIC_KERNEL is not set - -# -# Advanced setup -# -# CONFIG_ADVANCED_OPTIONS is not set - -# -# Default settings for advanced configuration options are used -# -CONFIG_LOWMEM_SIZE=0x30000000 -CONFIG_PAGE_OFFSET=0xc0000000 -CONFIG_KERNEL_START=0xc0000000 -CONFIG_PHYSICAL_START=0x00000000 -CONFIG_TASK_SIZE=0xc0000000 -# CONFIG_ARCH_RANDOM is not set -CONFIG_NET=y -CONFIG_NET_INGRESS=y - -# -# Networking options -# -CONFIG_PACKET=y -# CONFIG_PACKET_DIAG is not set -CONFIG_UNIX=y -# CONFIG_UNIX_DIAG is not set -# CONFIG_TLS is not set -CONFIG_XFRM=y -CONFIG_XFRM_ALGO=y -CONFIG_XFRM_USER=y -# CONFIG_XFRM_SUB_POLICY is not set -# CONFIG_XFRM_MIGRATE is not set -# CONFIG_XFRM_STATISTICS is not set -CONFIG_NET_KEY=y -# CONFIG_NET_KEY_MIGRATE is not set -CONFIG_INET=y -CONFIG_IP_MULTICAST=y -# CONFIG_IP_ADVANCED_ROUTER is not set -CONFIG_IP_ROUTE_CLASSID=y -# CONFIG_IP_PNP is not set -# CONFIG_NET_IPIP is not set -# CONFIG_NET_IPGRE_DEMUX is not set -# CONFIG_NET_IP_TUNNEL is not set -# CONFIG_IP_MROUTE is not set -CONFIG_SYN_COOKIES=y -# CONFIG_NET_UDP_TUNNEL is not set -# CONFIG_NET_FOU is not set -CONFIG_INET_AH=y -CONFIG_INET_ESP=y -# CONFIG_INET_ESP_OFFLOAD is not set -# CONFIG_INET_IPCOMP is not set -# CONFIG_INET_XFRM_TUNNEL is not set -# CONFIG_INET_TUNNEL is not set -# CONFIG_INET_XFRM_MODE_TRANSPORT is not set -# CONFIG_INET_XFRM_MODE_TUNNEL is not set -CONFIG_INET_XFRM_MODE_BEET=y -CONFIG_INET_DIAG=y -CONFIG_INET_TCP_DIAG=y -# CONFIG_INET_UDP_DIAG is not set -# CONFIG_INET_RAW_DIAG is not set -# CONFIG_INET_DIAG_DESTROY is not set -# CONFIG_TCP_CONG_ADVANCED is not set -CONFIG_TCP_CONG_CUBIC=y -CONFIG_DEFAULT_TCP_CONG="cubic" -# CONFIG_TCP_MD5SIG is not set -# CONFIG_IPV6 is not set -# CONFIG_NETLABEL is not set -# CONFIG_NETWORK_SECMARK is not set -# CONFIG_NET_PTP_CLASSIFY is not set -# CONFIG_NETWORK_PHY_TIMESTAMPING is not set -CONFIG_NETFILTER=y -CONFIG_NETFILTER_ADVANCED=y - -# -# Core Netfilter Configuration -# -CONFIG_NETFILTER_INGRESS=y -CONFIG_NETFILTER_NETLINK=m -# CONFIG_NETFILTER_NETLINK_ACCT is not set -CONFIG_NETFILTER_NETLINK_QUEUE=m -CONFIG_NETFILTER_NETLINK_LOG=m -CONFIG_NF_CONNTRACK=m -# CONFIG_NF_LOG_NETDEV is not set -# CONFIG_NF_CONNTRACK_MARK is not set -CONFIG_NF_CONNTRACK_PROCFS=y -# CONFIG_NF_CONNTRACK_EVENTS is not set -# CONFIG_NF_CONNTRACK_TIMEOUT is not set -# CONFIG_NF_CONNTRACK_TIMESTAMP is not set -CONFIG_NF_CT_PROTO_DCCP=y -# CONFIG_NF_CT_PROTO_SCTP is not set -# CONFIG_NF_CT_PROTO_UDPLITE is not set -# CONFIG_NF_CONNTRACK_AMANDA is not set -CONFIG_NF_CONNTRACK_FTP=m -# CONFIG_NF_CONNTRACK_H323 is not set -CONFIG_NF_CONNTRACK_IRC=m -# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set -# CONFIG_NF_CONNTRACK_SNMP is not set -# CONFIG_NF_CONNTRACK_PPTP is not set -# CONFIG_NF_CONNTRACK_SANE is not set -# CONFIG_NF_CONNTRACK_SIP is not set -CONFIG_NF_CONNTRACK_TFTP=m -CONFIG_NF_CT_NETLINK=m -# CONFIG_NF_CT_NETLINK_TIMEOUT is not set -# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set -# CONFIG_NF_TABLES is not set -CONFIG_NETFILTER_XTABLES=m - -# -# Xtables combined modules -# -CONFIG_NETFILTER_XT_MARK=m -# CONFIG_NETFILTER_XT_CONNMARK is not set - -# -# Xtables targets -# -# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set -CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m -# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set -# CONFIG_NETFILTER_XT_TARGET_CT is not set -# CONFIG_NETFILTER_XT_TARGET_DSCP is not set -CONFIG_NETFILTER_XT_TARGET_HL=m -# CONFIG_NETFILTER_XT_TARGET_HMARK is not set -# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set -# CONFIG_NETFILTER_XT_TARGET_LED is not set -# CONFIG_NETFILTER_XT_TARGET_LOG is not set -CONFIG_NETFILTER_XT_TARGET_MARK=m -CONFIG_NETFILTER_XT_TARGET_NFLOG=m -CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m -# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set -CONFIG_NETFILTER_XT_TARGET_RATEEST=m -# CONFIG_NETFILTER_XT_TARGET_TEE is not set -# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set -CONFIG_NETFILTER_XT_TARGET_TRACE=m -CONFIG_NETFILTER_XT_TARGET_TCPMSS=m -CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m - -# -# Xtables matches -# -# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set -# CONFIG_NETFILTER_XT_MATCH_BPF is not set -# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set -CONFIG_NETFILTER_XT_MATCH_COMMENT=m -# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set -# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set -CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m -# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set -CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m -# CONFIG_NETFILTER_XT_MATCH_CPU is not set -CONFIG_NETFILTER_XT_MATCH_DCCP=m -# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set -CONFIG_NETFILTER_XT_MATCH_DSCP=m -CONFIG_NETFILTER_XT_MATCH_ECN=m -CONFIG_NETFILTER_XT_MATCH_ESP=m -# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set -CONFIG_NETFILTER_XT_MATCH_HELPER=m -CONFIG_NETFILTER_XT_MATCH_HL=m -# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set -CONFIG_NETFILTER_XT_MATCH_IPRANGE=m -# CONFIG_NETFILTER_XT_MATCH_L2TP is not set -CONFIG_NETFILTER_XT_MATCH_LENGTH=m -CONFIG_NETFILTER_XT_MATCH_LIMIT=m -CONFIG_NETFILTER_XT_MATCH_MAC=m -CONFIG_NETFILTER_XT_MATCH_MARK=m -CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m -# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set -# CONFIG_NETFILTER_XT_MATCH_OSF is not set -CONFIG_NETFILTER_XT_MATCH_OWNER=m -CONFIG_NETFILTER_XT_MATCH_POLICY=m -CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m -# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set -CONFIG_NETFILTER_XT_MATCH_RATEEST=m -CONFIG_NETFILTER_XT_MATCH_REALM=m -CONFIG_NETFILTER_XT_MATCH_RECENT=m -CONFIG_NETFILTER_XT_MATCH_SCTP=m -# CONFIG_NETFILTER_XT_MATCH_STATE is not set -# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set -CONFIG_NETFILTER_XT_MATCH_STRING=m -CONFIG_NETFILTER_XT_MATCH_TCPMSS=m -CONFIG_NETFILTER_XT_MATCH_TIME=m -CONFIG_NETFILTER_XT_MATCH_U32=m -# CONFIG_IP_SET is not set -# CONFIG_IP_VS is not set - -# -# IP: Netfilter Configuration -# -CONFIG_NF_DEFRAG_IPV4=m -CONFIG_NF_CONNTRACK_IPV4=m -# CONFIG_NF_SOCKET_IPV4 is not set -# CONFIG_NF_DUP_IPV4 is not set -# CONFIG_NF_LOG_ARP is not set -# CONFIG_NF_LOG_IPV4 is not set -CONFIG_NF_REJECT_IPV4=m -# CONFIG_NF_NAT_IPV4 is not set -CONFIG_IP_NF_IPTABLES=m -CONFIG_IP_NF_MATCH_AH=m -CONFIG_IP_NF_MATCH_ECN=m -# CONFIG_IP_NF_MATCH_RPFILTER is not set -CONFIG_IP_NF_MATCH_TTL=m -CONFIG_IP_NF_FILTER=m -CONFIG_IP_NF_TARGET_REJECT=m -# CONFIG_IP_NF_TARGET_SYNPROXY is not set -# CONFIG_IP_NF_NAT is not set -CONFIG_IP_NF_MANGLE=m -# CONFIG_IP_NF_TARGET_CLUSTERIP is not set -CONFIG_IP_NF_TARGET_ECN=m -CONFIG_IP_NF_TARGET_TTL=m -CONFIG_IP_NF_RAW=m -# CONFIG_IP_NF_SECURITY is not set -CONFIG_IP_NF_ARPTABLES=m -CONFIG_IP_NF_ARPFILTER=m -CONFIG_IP_NF_ARP_MANGLE=m -CONFIG_IP_DCCP=m -CONFIG_INET_DCCP_DIAG=m - -# -# DCCP CCIDs Configuration -# -# CONFIG_IP_DCCP_CCID2_DEBUG is not set -CONFIG_IP_DCCP_CCID3=y -# CONFIG_IP_DCCP_CCID3_DEBUG is not set -CONFIG_IP_DCCP_TFRC_LIB=y - -# -# DCCP Kernel Hacking -# -# CONFIG_IP_DCCP_DEBUG is not set -# CONFIG_IP_SCTP is not set -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set -# CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set -CONFIG_HAVE_NET_DSA=y -# CONFIG_NET_DSA is not set -# CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set -# CONFIG_LLC2 is not set -# CONFIG_IPX is not set -# CONFIG_ATALK is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_IEEE802154 is not set -# CONFIG_NET_SCHED is not set -# CONFIG_DCB is not set -CONFIG_DNS_RESOLVER=y -# CONFIG_BATMAN_ADV is not set -# CONFIG_OPENVSWITCH is not set -# CONFIG_VSOCKETS is not set -# CONFIG_NETLINK_DIAG is not set -# CONFIG_MPLS is not set -# CONFIG_NET_NSH is not set -# CONFIG_HSR is not set -# CONFIG_NET_SWITCHDEV is not set -# CONFIG_NET_L3_MASTER_DEV is not set -# CONFIG_NET_NCSI is not set -CONFIG_NET_RX_BUSY_POLL=y -CONFIG_BQL=y -# CONFIG_BPF_JIT is not set - -# -# Network testing -# -# CONFIG_NET_PKTGEN is not set -# CONFIG_NET_DROP_MONITOR is not set -# CONFIG_HAMRADIO is not set -# CONFIG_CAN is not set -CONFIG_BT=m -CONFIG_BT_BREDR=y -CONFIG_BT_RFCOMM=m -CONFIG_BT_RFCOMM_TTY=y -CONFIG_BT_BNEP=m -CONFIG_BT_BNEP_MC_FILTER=y -CONFIG_BT_BNEP_PROTO_FILTER=y -CONFIG_BT_HIDP=m -CONFIG_BT_HS=y -CONFIG_BT_LE=y -# CONFIG_BT_LEDS is not set -# CONFIG_BT_SELFTEST is not set -CONFIG_BT_DEBUGFS=y - -# -# Bluetooth device drivers -# -# CONFIG_BT_HCIBTUSB is not set -# CONFIG_BT_HCIUART is not set -CONFIG_BT_HCIBCM203X=m -CONFIG_BT_HCIBFUSB=m -# CONFIG_BT_HCIDTL1 is not set -# CONFIG_BT_HCIBT3C is not set -# CONFIG_BT_HCIBLUECARD is not set -# CONFIG_BT_HCIBTUART is not set -# CONFIG_BT_HCIVHCI is not set -# CONFIG_BT_MRVL is not set -# CONFIG_AF_RXRPC is not set -# CONFIG_AF_KCM is not set -# CONFIG_STREAM_PARSER is not set -CONFIG_WIRELESS=y -CONFIG_WIRELESS_EXT=y -CONFIG_WEXT_CORE=y -CONFIG_WEXT_PROC=y -CONFIG_WEXT_SPY=y -CONFIG_WEXT_PRIV=y -CONFIG_CFG80211=m -# CONFIG_NL80211_TESTMODE is not set -# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set -CONFIG_CFG80211_DEFAULT_PS=y -# CONFIG_CFG80211_DEBUGFS is not set -# CONFIG_CFG80211_INTERNAL_REGDB is not set -CONFIG_CFG80211_CRDA_SUPPORT=y -# CONFIG_CFG80211_WEXT is not set -# CONFIG_LIB80211 is not set -CONFIG_MAC80211=m -CONFIG_MAC80211_HAS_RC=y -CONFIG_MAC80211_RC_MINSTREL=y -CONFIG_MAC80211_RC_MINSTREL_HT=y -# CONFIG_MAC80211_RC_MINSTREL_VHT is not set -CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y -CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" -# CONFIG_MAC80211_MESH is not set -CONFIG_MAC80211_LEDS=y -# CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set -# CONFIG_MAC80211_DEBUG_MENU is not set -CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 -# CONFIG_WIMAX is not set -# CONFIG_RFKILL is not set -# CONFIG_NET_9P is not set -# CONFIG_CAIF is not set -# CONFIG_CEPH_LIB is not set -# CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set -# CONFIG_LWTUNNEL is not set -# CONFIG_DST_CACHE is not set -CONFIG_GRO_CELLS=y -# CONFIG_NET_DEVLINK is not set -CONFIG_MAY_USE_DEVLINK=y -CONFIG_HAVE_CBPF_JIT=y - -# -# Device Drivers -# - -# -# Generic Driver Options -# -CONFIG_UEVENT_HELPER=y -CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug" -# CONFIG_DEVTMPFS is not set -# CONFIG_STANDALONE is not set -CONFIG_PREVENT_FIRMWARE_BUILD=y -CONFIG_FW_LOADER=y -CONFIG_FIRMWARE_IN_KERNEL=y -CONFIG_EXTRA_FIRMWARE="" -# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set -CONFIG_ALLOW_DEV_COREDUMP=y -# CONFIG_DEBUG_DRIVER is not set -# CONFIG_DEBUG_DEVRES is not set -# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set -# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set -# CONFIG_SYS_HYPERVISOR is not set -# CONFIG_GENERIC_CPU_DEVICES is not set -CONFIG_GENERIC_CPU_AUTOPROBE=y -CONFIG_REGMAP=y -CONFIG_REGMAP_I2C=y -CONFIG_DMA_SHARED_BUFFER=y -# CONFIG_DMA_FENCE_TRACE is not set - -# -# Bus devices -# -# CONFIG_SIMPLE_PM_BUS is not set -CONFIG_CONNECTOR=y -CONFIG_PROC_EVENTS=y -# CONFIG_MTD is not set -CONFIG_DTC=y -CONFIG_OF=y -# CONFIG_OF_UNITTEST is not set -CONFIG_OF_FLATTREE=y -CONFIG_OF_EARLY_FLATTREE=y -CONFIG_OF_ADDRESS=y -CONFIG_OF_ADDRESS_PCI=y -CONFIG_OF_IRQ=y -CONFIG_OF_NET=y -CONFIG_OF_MDIO=m -CONFIG_OF_PCI=y -CONFIG_OF_PCI_IRQ=y -CONFIG_OF_RESERVED_MEM=y -# CONFIG_OF_OVERLAY is not set -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y -# CONFIG_PARPORT is not set -CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set -# CONFIG_BLK_DEV_FD is not set -CONFIG_MAC_FLOPPY=m -# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set -# CONFIG_BLK_DEV_DAC960 is not set -# CONFIG_BLK_DEV_UMEM is not set -# CONFIG_BLK_DEV_COW_COMMON is not set -CONFIG_BLK_DEV_LOOP=y -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_CRYPTOLOOP is not set -# CONFIG_BLK_DEV_DRBD is not set -# CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SX8 is not set -CONFIG_BLK_DEV_RAM=y -CONFIG_BLK_DEV_RAM_COUNT=16 -CONFIG_BLK_DEV_RAM_SIZE=4096 -# CONFIG_CDROM_PKTCDVD is not set -# CONFIG_ATA_OVER_ETH is not set -# CONFIG_BLK_DEV_RBD is not set -# CONFIG_BLK_DEV_RSXX is not set -# CONFIG_BLK_DEV_NVME is not set -# CONFIG_NVME_FC is not set - -# -# Misc devices -# -# CONFIG_SENSORS_LIS3LV02D is not set -# CONFIG_AD525X_DPOT is not set -# CONFIG_DUMMY_IRQ is not set -# CONFIG_PHANTOM is not set -# CONFIG_SGI_IOC4 is not set -# CONFIG_TIFM_CORE is not set -# CONFIG_ICS932S401 is not set -# CONFIG_ENCLOSURE_SERVICES is not set -# CONFIG_HP_ILO is not set -# CONFIG_APDS9802ALS is not set -# CONFIG_ISL29003 is not set -# CONFIG_ISL29020 is not set -# CONFIG_SENSORS_TSL2550 is not set -# CONFIG_SENSORS_BH1770 is not set -# CONFIG_SENSORS_APDS990X is not set -# CONFIG_HMC6352 is not set -# CONFIG_DS1682 is not set -# CONFIG_USB_SWITCH_FSA9480 is not set -# CONFIG_SRAM is not set -# CONFIG_PCI_ENDPOINT_TEST is not set -# CONFIG_C2PORT is not set - -# -# EEPROM support -# -# CONFIG_EEPROM_AT24 is not set -# CONFIG_EEPROM_LEGACY is not set -# CONFIG_EEPROM_MAX6875 is not set -# CONFIG_EEPROM_93CX6 is not set -# CONFIG_EEPROM_IDT_89HPESX is not set -# CONFIG_CB710_CORE is not set - -# -# Texas Instruments shared transport line discipline -# -# CONFIG_SENSORS_LIS3_I2C is not set - -# -# Altera FPGA firmware download module -# -# CONFIG_ALTERA_STAPL is not set - -# -# Intel MIC Bus Driver -# - -# -# SCIF Bus Driver -# - -# -# VOP Bus Driver -# - -# -# Intel MIC Host Driver -# - -# -# Intel MIC Card Driver -# - -# -# SCIF Driver -# - -# -# Intel MIC Coprocessor State Management (COSM) Drivers -# - -# -# VOP Driver -# -# CONFIG_ECHO is not set -# CONFIG_CXL_BASE is not set -# CONFIG_CXL_AFU_DRIVER_OPS is not set -# CONFIG_CXL_LIB is not set -CONFIG_HAVE_IDE=y -CONFIG_IDE=y - -# -# Please see Documentation/ide/ide.txt for help/info on IDE drives -# -CONFIG_IDE_XFER_MODE=y -CONFIG_IDE_TIMINGS=y -CONFIG_IDE_ATAPI=y -# CONFIG_BLK_DEV_IDE_SATA is not set -CONFIG_IDE_GD=y -CONFIG_IDE_GD_ATA=y -# CONFIG_IDE_GD_ATAPI is not set -CONFIG_BLK_DEV_IDECS=m -# CONFIG_BLK_DEV_DELKIN is not set -CONFIG_BLK_DEV_IDECD=y -CONFIG_BLK_DEV_IDECD_VERBOSE_ERRORS=y -# CONFIG_BLK_DEV_IDETAPE is not set -# CONFIG_IDE_TASK_IOCTL is not set -CONFIG_IDE_PROC_FS=y - -# -# IDE chipset support/bugfixes -# -# CONFIG_BLK_DEV_PLATFORM is not set -CONFIG_BLK_DEV_IDEDMA_SFF=y - -# -# PCI IDE chipsets support -# -CONFIG_BLK_DEV_IDEPCI=y -CONFIG_IDEPCI_PCIBUS_ORDER=y -# CONFIG_BLK_DEV_OFFBOARD is not set -CONFIG_BLK_DEV_GENERIC=y -# CONFIG_BLK_DEV_OPTI621 is not set -CONFIG_BLK_DEV_IDEDMA_PCI=y -# CONFIG_BLK_DEV_AEC62XX is not set -# CONFIG_BLK_DEV_ALI15X3 is not set -# CONFIG_BLK_DEV_AMD74XX is not set -# CONFIG_BLK_DEV_CMD64X is not set -# CONFIG_BLK_DEV_TRIFLEX is not set -# CONFIG_BLK_DEV_HPT366 is not set -# CONFIG_BLK_DEV_JMICRON is not set -# CONFIG_BLK_DEV_PIIX is not set -# CONFIG_BLK_DEV_IT8172 is not set -# CONFIG_BLK_DEV_IT8213 is not set -# CONFIG_BLK_DEV_IT821X is not set -# CONFIG_BLK_DEV_NS87415 is not set -# CONFIG_BLK_DEV_PDC202XX_OLD is not set -CONFIG_BLK_DEV_PDC202XX_NEW=y -# CONFIG_BLK_DEV_SVWKS is not set -# CONFIG_BLK_DEV_SIIMAGE is not set -CONFIG_BLK_DEV_SL82C105=y -# CONFIG_BLK_DEV_SLC90E66 is not set -# CONFIG_BLK_DEV_TRM290 is not set -# CONFIG_BLK_DEV_VIA82CXXX is not set -# CONFIG_BLK_DEV_TC86C001 is not set -CONFIG_BLK_DEV_IDE_PMAC=y -CONFIG_BLK_DEV_IDE_PMAC_ATA100FIRST=y -CONFIG_BLK_DEV_IDEDMA=y - -# -# SCSI device support -# -CONFIG_SCSI_MOD=y -# CONFIG_RAID_ATTRS is not set -CONFIG_SCSI=y -CONFIG_SCSI_DMA=y -CONFIG_SCSI_NETLINK=y -# CONFIG_SCSI_MQ_DEFAULT is not set -CONFIG_SCSI_PROC_FS=y - -# -# SCSI support type (disk, tape, CD-ROM) -# -CONFIG_BLK_DEV_SD=y -CONFIG_CHR_DEV_ST=y -# CONFIG_CHR_DEV_OSST is not set -CONFIG_BLK_DEV_SR=y -CONFIG_BLK_DEV_SR_VENDOR=y -CONFIG_CHR_DEV_SG=y -# CONFIG_CHR_DEV_SCH is not set -CONFIG_SCSI_CONSTANTS=y -# CONFIG_SCSI_LOGGING is not set -# CONFIG_SCSI_SCAN_ASYNC is not set - -# -# SCSI Transports -# -CONFIG_SCSI_SPI_ATTRS=y -CONFIG_SCSI_FC_ATTRS=y -# CONFIG_SCSI_ISCSI_ATTRS is not set -# CONFIG_SCSI_SAS_ATTRS is not set -# CONFIG_SCSI_SAS_LIBSAS is not set -# CONFIG_SCSI_SRP_ATTRS is not set -CONFIG_SCSI_LOWLEVEL=y -# CONFIG_ISCSI_TCP is not set -# CONFIG_ISCSI_BOOT_SYSFS is not set -# CONFIG_SCSI_CXGB3_ISCSI is not set -# CONFIG_SCSI_CXGB4_ISCSI is not set -# CONFIG_SCSI_BNX2_ISCSI is not set -# CONFIG_BE2ISCSI is not set -# CONFIG_BLK_DEV_3W_XXXX_RAID is not set -# CONFIG_SCSI_HPSA is not set -# CONFIG_SCSI_3W_9XXX is not set -# CONFIG_SCSI_3W_SAS is not set -# CONFIG_SCSI_ACARD is not set -# CONFIG_SCSI_AACRAID is not set -CONFIG_SCSI_AIC7XXX=m -CONFIG_AIC7XXX_CMDS_PER_DEVICE=253 -CONFIG_AIC7XXX_RESET_DELAY_MS=15000 -CONFIG_AIC7XXX_DEBUG_ENABLE=y -CONFIG_AIC7XXX_DEBUG_MASK=0 -CONFIG_AIC7XXX_REG_PRETTY_PRINT=y -# CONFIG_SCSI_AIC79XX is not set -# CONFIG_SCSI_AIC94XX is not set -# CONFIG_SCSI_MVSAS is not set -# CONFIG_SCSI_MVUMI is not set -# CONFIG_SCSI_DPT_I2O is not set -# CONFIG_SCSI_ADVANSYS is not set -# CONFIG_SCSI_ARCMSR is not set -# CONFIG_SCSI_ESAS2R is not set -# CONFIG_MEGARAID_NEWGEN is not set -# CONFIG_MEGARAID_LEGACY is not set -# CONFIG_MEGARAID_SAS is not set -# CONFIG_SCSI_MPT3SAS is not set -# CONFIG_SCSI_MPT2SAS is not set -# CONFIG_SCSI_SMARTPQI is not set -# CONFIG_SCSI_UFSHCD is not set -# CONFIG_SCSI_HPTIOP is not set -# CONFIG_SCSI_BUSLOGIC is not set -# CONFIG_LIBFC is not set -# CONFIG_SCSI_SNIC is not set -# CONFIG_SCSI_DMX3191D is not set -# CONFIG_SCSI_EATA is not set -# CONFIG_SCSI_FUTURE_DOMAIN is not set -# CONFIG_SCSI_GDTH is not set -# CONFIG_SCSI_IPS is not set -# CONFIG_SCSI_INITIO is not set -# CONFIG_SCSI_INIA100 is not set -# CONFIG_SCSI_STEX is not set -CONFIG_SCSI_SYM53C8XX_2=y -CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=0 -CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 -CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 -CONFIG_SCSI_SYM53C8XX_MMIO=y -# CONFIG_SCSI_QLOGIC_1280 is not set -# CONFIG_SCSI_QLA_FC is not set -# CONFIG_SCSI_QLA_ISCSI is not set -# CONFIG_SCSI_LPFC is not set -# CONFIG_SCSI_DC395x is not set -# CONFIG_SCSI_AM53C974 is not set -# CONFIG_SCSI_NSP32 is not set -# CONFIG_SCSI_WD719X is not set -# CONFIG_SCSI_DEBUG is not set -CONFIG_SCSI_MESH=y -CONFIG_SCSI_MESH_SYNC_RATE=5 -CONFIG_SCSI_MESH_RESET_DELAY_MS=4000 -CONFIG_SCSI_MAC53C94=y -# CONFIG_SCSI_PMCRAID is not set -# CONFIG_SCSI_PM8001 is not set -# CONFIG_SCSI_BFA_FC is not set -# CONFIG_SCSI_CHELSIO_FCOE is not set -# CONFIG_SCSI_LOWLEVEL_PCMCIA is not set -# CONFIG_SCSI_DH is not set -# CONFIG_SCSI_OSD_INITIATOR is not set -# CONFIG_ATA is not set -CONFIG_MD=y -CONFIG_BLK_DEV_MD=m -CONFIG_MD_LINEAR=m -CONFIG_MD_RAID0=m -CONFIG_MD_RAID1=m -CONFIG_MD_RAID10=m -# CONFIG_MD_RAID456 is not set -CONFIG_MD_MULTIPATH=m -CONFIG_MD_FAULTY=m -# CONFIG_BCACHE is not set -CONFIG_BLK_DEV_DM_BUILTIN=y -CONFIG_BLK_DEV_DM=m -# CONFIG_DM_MQ_DEFAULT is not set -# CONFIG_DM_DEBUG is not set -CONFIG_DM_BUFIO=m -# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set -CONFIG_DM_CRYPT=m -CONFIG_DM_SNAPSHOT=m -# CONFIG_DM_THIN_PROVISIONING is not set -# CONFIG_DM_CACHE is not set -# CONFIG_DM_ERA is not set -CONFIG_DM_MIRROR=m -# CONFIG_DM_LOG_USERSPACE is not set -# CONFIG_DM_RAID is not set -CONFIG_DM_ZERO=m -# CONFIG_DM_MULTIPATH is not set -# CONFIG_DM_DELAY is not set -# CONFIG_DM_UEVENT is not set -# CONFIG_DM_FLAKEY is not set -# CONFIG_DM_VERITY is not set -# CONFIG_DM_SWITCH is not set -# CONFIG_DM_LOG_WRITES is not set -# CONFIG_DM_INTEGRITY is not set -# CONFIG_TARGET_CORE is not set -# CONFIG_FUSION is not set - -# -# IEEE 1394 (FireWire) support -# -# CONFIG_FIREWIRE is not set -# CONFIG_FIREWIRE_NOSY is not set -CONFIG_MACINTOSH_DRIVERS=y -CONFIG_ADB=y -CONFIG_ADB_CUDA=y -CONFIG_ADB_PMU=y -CONFIG_ADB_PMU_LED=y -# CONFIG_ADB_PMU_LED_DISK is not set -CONFIG_PMAC_APM_EMU=m -CONFIG_PMAC_MEDIABAY=y -CONFIG_PMAC_BACKLIGHT=y -CONFIG_PMAC_BACKLIGHT_LEGACY=y -CONFIG_INPUT_ADBHID=y -CONFIG_MAC_EMUMOUSEBTN=y -CONFIG_THERM_WINDTUNNEL=m -CONFIG_THERM_ADT746X=m -# CONFIG_WINDFARM is not set -# CONFIG_ANSLCD is not set -CONFIG_PMAC_RACKMETER=m -# CONFIG_SENSORS_AMS is not set -CONFIG_NETDEVICES=y -CONFIG_MII=y -CONFIG_NET_CORE=y -# CONFIG_BONDING is not set -CONFIG_DUMMY=m -# CONFIG_EQUALIZER is not set -# CONFIG_NET_FC is not set -# CONFIG_NET_TEAM is not set -# CONFIG_MACVLAN is not set -# CONFIG_VXLAN is not set -# CONFIG_MACSEC is not set -# CONFIG_NETCONSOLE is not set -# CONFIG_NETPOLL is not set -# CONFIG_NET_POLL_CONTROLLER is not set -CONFIG_TUN=m -# CONFIG_TUN_VNET_CROSS_LE is not set -# CONFIG_VETH is not set -# CONFIG_NLMON is not set -CONFIG_SUNGEM_PHY=y -# CONFIG_ARCNET is not set - -# -# CAIF transport drivers -# - -# -# Distributed Switch Architecture drivers -# -CONFIG_ETHERNET=y -CONFIG_NET_VENDOR_3COM=y -# CONFIG_PCMCIA_3C574 is not set -# CONFIG_PCMCIA_3C589 is not set -# CONFIG_VORTEX is not set -# CONFIG_TYPHOON is not set -CONFIG_NET_VENDOR_ADAPTEC=y -# CONFIG_ADAPTEC_STARFIRE is not set -CONFIG_NET_VENDOR_AGERE=y -# CONFIG_ET131X is not set -CONFIG_NET_VENDOR_ALACRITECH=y -# CONFIG_SLICOSS is not set -CONFIG_NET_VENDOR_ALTEON=y -# CONFIG_ACENIC is not set -# CONFIG_ALTERA_TSE is not set -CONFIG_NET_VENDOR_AMAZON=y -CONFIG_NET_VENDOR_AMD=y -# CONFIG_AMD8111_ETH is not set -CONFIG_PCNET32=y -# CONFIG_PCMCIA_NMCLAN is not set -# CONFIG_AMD_XGBE_HAVE_ECC is not set -CONFIG_NET_VENDOR_APPLE=y -CONFIG_MACE=y -# CONFIG_MACE_AAUI_PORT is not set -CONFIG_BMAC=y -CONFIG_NET_VENDOR_AQUANTIA=y -CONFIG_NET_VENDOR_ARC=y -CONFIG_NET_VENDOR_ATHEROS=y -# CONFIG_ATL2 is not set -# CONFIG_ATL1 is not set -# CONFIG_ATL1E is not set -# CONFIG_ATL1C is not set -# CONFIG_ALX is not set -# CONFIG_NET_VENDOR_AURORA is not set -CONFIG_NET_CADENCE=y -# CONFIG_MACB is not set -CONFIG_NET_VENDOR_BROADCOM=y -# CONFIG_B44 is not set -# CONFIG_BCMGENET is not set -# CONFIG_BNX2 is not set -# CONFIG_CNIC is not set -# CONFIG_TIGON3 is not set -# CONFIG_BNX2X is not set -# CONFIG_SYSTEMPORT is not set -# CONFIG_BNXT is not set -CONFIG_NET_VENDOR_BROCADE=y -# CONFIG_BNA is not set -CONFIG_NET_VENDOR_CAVIUM=y -CONFIG_NET_VENDOR_CHELSIO=y -# CONFIG_CHELSIO_T1 is not set -# CONFIG_CHELSIO_T3 is not set -# CONFIG_CHELSIO_T4 is not set -# CONFIG_CHELSIO_T4VF is not set -CONFIG_NET_VENDOR_CISCO=y -# CONFIG_ENIC is not set -# CONFIG_DNET is not set -CONFIG_NET_VENDOR_DEC=y -# CONFIG_NET_TULIP is not set -CONFIG_NET_VENDOR_DLINK=y -# CONFIG_DL2K is not set -# CONFIG_SUNDANCE is not set -CONFIG_NET_VENDOR_EMULEX=y -# CONFIG_BE2NET is not set -CONFIG_NET_VENDOR_EZCHIP=y -# CONFIG_EZCHIP_NPS_MANAGEMENT_ENET is not set -CONFIG_NET_VENDOR_EXAR=y -# CONFIG_S2IO is not set -# CONFIG_VXGE is not set -CONFIG_NET_VENDOR_FUJITSU=y -# CONFIG_PCMCIA_FMVJ18X is not set -CONFIG_NET_VENDOR_HP=y -# CONFIG_HP100 is not set -CONFIG_NET_VENDOR_HUAWEI=y -CONFIG_NET_VENDOR_INTEL=y -# CONFIG_E100 is not set -# CONFIG_E1000 is not set -# CONFIG_E1000E is not set -# CONFIG_IGB is not set -# CONFIG_IGBVF is not set -# CONFIG_IXGB is not set -# CONFIG_IXGBE is not set -# CONFIG_I40E is not set -CONFIG_NET_VENDOR_I825XX=y -# CONFIG_JME is not set -CONFIG_NET_VENDOR_MARVELL=y -# CONFIG_MV643XX_ETH is not set -# CONFIG_MVMDIO is not set -# CONFIG_MVNETA_BM is not set -# CONFIG_SKGE is not set -# CONFIG_SKY2 is not set -CONFIG_NET_VENDOR_MELLANOX=y -# CONFIG_MLX4_EN is not set -# CONFIG_MLX4_CORE is not set -# CONFIG_MLX5_CORE is not set -# CONFIG_MLXSW_CORE is not set -# CONFIG_MLXFW is not set -CONFIG_NET_VENDOR_MICREL=y -# CONFIG_KS8851_MLL is not set -# CONFIG_KSZ884X_PCI is not set -CONFIG_NET_VENDOR_MYRI=y -# CONFIG_MYRI10GE is not set -# CONFIG_FEALNX is not set -CONFIG_NET_VENDOR_NATSEMI=y -# CONFIG_NATSEMI is not set -# CONFIG_NS83820 is not set -CONFIG_NET_VENDOR_NETRONOME=y -CONFIG_NET_VENDOR_8390=y -# CONFIG_PCMCIA_AXNET is not set -# CONFIG_NE2K_PCI is not set -# CONFIG_PCMCIA_PCNET is not set -CONFIG_NET_VENDOR_NVIDIA=y -# CONFIG_FORCEDETH is not set -CONFIG_NET_VENDOR_OKI=y -# CONFIG_ETHOC is not set -CONFIG_NET_PACKET_ENGINE=y -# CONFIG_HAMACHI is not set -# CONFIG_YELLOWFIN is not set -CONFIG_NET_VENDOR_QLOGIC=y -# CONFIG_QLA3XXX is not set -# CONFIG_QLCNIC is not set -# CONFIG_QLGE is not set -# CONFIG_NETXEN_NIC is not set -# CONFIG_QED is not set -CONFIG_NET_VENDOR_QUALCOMM=y -# CONFIG_QCOM_EMAC is not set -# CONFIG_RMNET is not set -CONFIG_NET_VENDOR_REALTEK=y -# CONFIG_8139CP is not set -# CONFIG_8139TOO is not set -# CONFIG_R8169 is not set -CONFIG_NET_VENDOR_RENESAS=y -CONFIG_NET_VENDOR_RDC=y -# CONFIG_R6040 is not set -CONFIG_NET_VENDOR_ROCKER=y -CONFIG_NET_VENDOR_SAMSUNG=y -# CONFIG_SXGBE_ETH is not set -CONFIG_NET_VENDOR_SEEQ=y -CONFIG_NET_VENDOR_SILAN=y -# CONFIG_SC92031 is not set -CONFIG_NET_VENDOR_SIS=y -# CONFIG_SIS900 is not set -# CONFIG_SIS190 is not set -CONFIG_NET_VENDOR_SOLARFLARE=y -# CONFIG_SFC is not set -# CONFIG_SFC_FALCON is not set -CONFIG_NET_VENDOR_SMSC=y -# CONFIG_PCMCIA_SMC91C92 is not set -# CONFIG_EPIC100 is not set -# CONFIG_SMSC911X is not set -# CONFIG_SMSC9420 is not set -CONFIG_NET_VENDOR_STMICRO=y -# CONFIG_STMMAC_ETH is not set -CONFIG_NET_VENDOR_SUN=y -# CONFIG_HAPPYMEAL is not set -CONFIG_SUNGEM=y -# CONFIG_CASSINI is not set -# CONFIG_NIU is not set -CONFIG_NET_VENDOR_TEHUTI=y -# CONFIG_TEHUTI is not set -CONFIG_NET_VENDOR_TI=y -# CONFIG_TI_CPSW_ALE is not set -# CONFIG_TLAN is not set -CONFIG_NET_VENDOR_VIA=y -# CONFIG_VIA_RHINE is not set -# CONFIG_VIA_VELOCITY is not set -CONFIG_NET_VENDOR_WIZNET=y -# CONFIG_WIZNET_W5100 is not set -# CONFIG_WIZNET_W5300 is not set -CONFIG_NET_VENDOR_XILINX=y -# CONFIG_XILINX_EMACLITE is not set -# CONFIG_XILINX_LL_TEMAC is not set -CONFIG_NET_VENDOR_XIRCOM=y -# CONFIG_PCMCIA_XIRC2PS is not set -CONFIG_NET_VENDOR_SYNOPSYS=y -# CONFIG_DWC_XLGMAC is not set -# CONFIG_FDDI is not set -# CONFIG_HIPPI is not set -CONFIG_MDIO_DEVICE=m -CONFIG_MDIO_BUS=m -# CONFIG_MDIO_BCM_UNIMAC is not set -# CONFIG_MDIO_BITBANG is not set -# CONFIG_MDIO_BUS_MUX_MMIOREG is not set -# CONFIG_MDIO_HISI_FEMAC is not set -CONFIG_PHYLIB=m -CONFIG_SWPHY=y -# CONFIG_LED_TRIGGER_PHY is not set - -# -# MII PHY device drivers -# -# CONFIG_AMD_PHY is not set -# CONFIG_AQUANTIA_PHY is not set -# CONFIG_AT803X_PHY is not set -# CONFIG_BCM7XXX_PHY is not set -# CONFIG_BCM87XX_PHY is not set -# CONFIG_BROADCOM_PHY is not set -# CONFIG_CICADA_PHY is not set -# CONFIG_CORTINA_PHY is not set -# CONFIG_DAVICOM_PHY is not set -# CONFIG_DP83848_PHY is not set -# CONFIG_DP83867_PHY is not set -CONFIG_FIXED_PHY=m -# CONFIG_ICPLUS_PHY is not set -# CONFIG_INTEL_XWAY_PHY is not set -# CONFIG_LSI_ET1011C_PHY is not set -# CONFIG_LXT_PHY is not set -# CONFIG_MARVELL_PHY is not set -# CONFIG_MARVELL_10G_PHY is not set -# CONFIG_MICREL_PHY is not set -# CONFIG_MICROCHIP_PHY is not set -# CONFIG_MICROSEMI_PHY is not set -# CONFIG_NATIONAL_PHY is not set -# CONFIG_QSEMI_PHY is not set -# CONFIG_REALTEK_PHY is not set -# CONFIG_ROCKCHIP_PHY is not set -# CONFIG_SMSC_PHY is not set -# CONFIG_STE10XP is not set -# CONFIG_TERANETICS_PHY is not set -# CONFIG_VITESSE_PHY is not set -# CONFIG_XILINX_GMII2RGMII is not set -CONFIG_PPP=y -CONFIG_PPP_BSDCOMP=m -CONFIG_PPP_DEFLATE=y -# CONFIG_PPP_FILTER is not set -# CONFIG_PPP_MPPE is not set -CONFIG_PPP_MULTILINK=y -# CONFIG_PPPOE is not set -CONFIG_PPP_ASYNC=y -CONFIG_PPP_SYNC_TTY=m -# CONFIG_SLIP is not set -CONFIG_SLHC=y -CONFIG_USB_NET_DRIVERS=y -# CONFIG_USB_CATC is not set -# CONFIG_USB_KAWETH is not set -# CONFIG_USB_PEGASUS is not set -# CONFIG_USB_RTL8150 is not set -# CONFIG_USB_RTL8152 is not set -# CONFIG_USB_LAN78XX is not set -CONFIG_USB_USBNET=m -CONFIG_USB_NET_AX8817X=m -CONFIG_USB_NET_AX88179_178A=m -CONFIG_USB_NET_CDCETHER=m -# CONFIG_USB_NET_CDC_EEM is not set -CONFIG_USB_NET_CDC_NCM=m -# CONFIG_USB_NET_HUAWEI_CDC_NCM is not set -# CONFIG_USB_NET_CDC_MBIM is not set -# CONFIG_USB_NET_DM9601 is not set -# CONFIG_USB_NET_SR9700 is not set -# CONFIG_USB_NET_SR9800 is not set -# CONFIG_USB_NET_SMSC75XX is not set -# CONFIG_USB_NET_SMSC95XX is not set -# CONFIG_USB_NET_GL620A is not set -CONFIG_USB_NET_NET1080=m -# CONFIG_USB_NET_PLUSB is not set -# CONFIG_USB_NET_MCS7830 is not set -# CONFIG_USB_NET_RNDIS_HOST is not set -# CONFIG_USB_NET_CDC_SUBSET is not set -CONFIG_USB_NET_ZAURUS=m -# CONFIG_USB_NET_CX82310_ETH is not set -# CONFIG_USB_NET_KALMIA is not set -# CONFIG_USB_NET_QMI_WWAN is not set -# CONFIG_USB_NET_INT51X1 is not set -# CONFIG_USB_IPHETH is not set -# CONFIG_USB_SIERRA_NET is not set -# CONFIG_USB_VL600 is not set -# CONFIG_USB_NET_CH9200 is not set -CONFIG_WLAN=y -CONFIG_WLAN_VENDOR_ADMTEK=y -# CONFIG_ADM8211 is not set -CONFIG_WLAN_VENDOR_ATH=y -# CONFIG_ATH_DEBUG is not set -# CONFIG_ATH5K is not set -# CONFIG_ATH5K_PCI is not set -# CONFIG_ATH9K is not set -# CONFIG_ATH9K_HTC is not set -# CONFIG_CARL9170 is not set -# CONFIG_ATH6KL is not set -# CONFIG_AR5523 is not set -# CONFIG_WIL6210 is not set -# CONFIG_ATH10K is not set -# CONFIG_WCN36XX is not set -CONFIG_WLAN_VENDOR_ATMEL=y -# CONFIG_ATMEL is not set -# CONFIG_AT76C50X_USB is not set -CONFIG_WLAN_VENDOR_BROADCOM=y -CONFIG_B43=m -CONFIG_B43_BCMA=y -CONFIG_B43_SSB=y -CONFIG_B43_BUSES_BCMA_AND_SSB=y -# CONFIG_B43_BUSES_BCMA is not set -# CONFIG_B43_BUSES_SSB is not set -CONFIG_B43_PCI_AUTOSELECT=y -CONFIG_B43_PCICORE_AUTOSELECT=y -CONFIG_B43_BCMA_PIO=y -CONFIG_B43_PIO=y -CONFIG_B43_PHY_G=y -CONFIG_B43_PHY_N=y -CONFIG_B43_PHY_LP=y -CONFIG_B43_PHY_HT=y -CONFIG_B43_LEDS=y -CONFIG_B43_HWRNG=y -# CONFIG_B43_DEBUG is not set -CONFIG_B43LEGACY=m -CONFIG_B43LEGACY_PCI_AUTOSELECT=y -CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y -CONFIG_B43LEGACY_LEDS=y -CONFIG_B43LEGACY_HWRNG=y -CONFIG_B43LEGACY_DEBUG=y -CONFIG_B43LEGACY_DMA=y -CONFIG_B43LEGACY_PIO=y -CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y -# CONFIG_B43LEGACY_DMA_MODE is not set -# CONFIG_B43LEGACY_PIO_MODE is not set -# CONFIG_BRCMSMAC is not set -# CONFIG_BRCMFMAC is not set -CONFIG_WLAN_VENDOR_CISCO=y -# CONFIG_AIRO is not set -# CONFIG_AIRO_CS is not set -CONFIG_WLAN_VENDOR_INTEL=y -# CONFIG_IPW2100 is not set -# CONFIG_IPW2200 is not set -# CONFIG_IWL4965 is not set -# CONFIG_IWL3945 is not set -# CONFIG_IWLWIFI is not set -CONFIG_WLAN_VENDOR_INTERSIL=y -# CONFIG_HOSTAP is not set -# CONFIG_HERMES is not set -CONFIG_P54_COMMON=m -# CONFIG_P54_USB is not set -# CONFIG_P54_PCI is not set -CONFIG_P54_LEDS=y -CONFIG_PRISM54=m -CONFIG_WLAN_VENDOR_MARVELL=y -# CONFIG_LIBERTAS is not set -# CONFIG_LIBERTAS_THINFIRM is not set -# CONFIG_MWIFIEX is not set -# CONFIG_MWL8K is not set -CONFIG_WLAN_VENDOR_MEDIATEK=y -# CONFIG_MT7601U is not set -CONFIG_WLAN_VENDOR_RALINK=y -# CONFIG_RT2X00 is not set -CONFIG_WLAN_VENDOR_REALTEK=y -# CONFIG_RTL8180 is not set -# CONFIG_RTL8187 is not set -CONFIG_RTL_CARDS=m -# CONFIG_RTL8192CE is not set -# CONFIG_RTL8192SE is not set -# CONFIG_RTL8192DE is not set -# CONFIG_RTL8723AE is not set -# CONFIG_RTL8723BE is not set -# CONFIG_RTL8188EE is not set -# CONFIG_RTL8192EE is not set -# CONFIG_RTL8821AE is not set -# CONFIG_RTL8192CU is not set -# CONFIG_RTL8XXXU is not set -CONFIG_WLAN_VENDOR_RSI=y -# CONFIG_RSI_91X is not set -CONFIG_WLAN_VENDOR_ST=y -# CONFIG_CW1200 is not set -CONFIG_WLAN_VENDOR_TI=y -# CONFIG_WL1251 is not set -# CONFIG_WL12XX is not set -# CONFIG_WL18XX is not set -# CONFIG_WLCORE is not set -CONFIG_WLAN_VENDOR_ZYDAS=y -# CONFIG_USB_ZD1201 is not set -# CONFIG_ZD1211RW is not set -CONFIG_WLAN_VENDOR_QUANTENNA=y -# CONFIG_QTNFMAC_PEARL_PCIE is not set -# CONFIG_PCMCIA_RAYCS is not set -# CONFIG_PCMCIA_WL3501 is not set -# CONFIG_MAC80211_HWSIM is not set -# CONFIG_USB_NET_RNDIS_WLAN is not set - -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -# CONFIG_WAN is not set -# CONFIG_VMXNET3 is not set -# CONFIG_ISDN is not set -# CONFIG_NVM is not set - -# -# Input device support -# -CONFIG_INPUT=y -CONFIG_INPUT_LEDS=y -# CONFIG_INPUT_FF_MEMLESS is not set -# CONFIG_INPUT_POLLDEV is not set -# CONFIG_INPUT_SPARSEKMAP is not set -# CONFIG_INPUT_MATRIXKMAP is not set - -# -# Userland interfaces -# -CONFIG_INPUT_MOUSEDEV=y -CONFIG_INPUT_MOUSEDEV_PSAUX=y -CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 -CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 -# CONFIG_INPUT_JOYDEV is not set -CONFIG_INPUT_EVDEV=y -# CONFIG_INPUT_EVBUG is not set - -# -# Input Device Drivers -# -CONFIG_INPUT_KEYBOARD=y -# CONFIG_KEYBOARD_ADP5588 is not set -# CONFIG_KEYBOARD_ADP5589 is not set -# CONFIG_KEYBOARD_ATKBD is not set -# CONFIG_KEYBOARD_QT1070 is not set -# CONFIG_KEYBOARD_QT2160 is not set -# CONFIG_KEYBOARD_DLINK_DIR685 is not set -# CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_TCA6416 is not set -# CONFIG_KEYBOARD_TCA8418 is not set -# CONFIG_KEYBOARD_LM8323 is not set -# CONFIG_KEYBOARD_LM8333 is not set -# CONFIG_KEYBOARD_MAX7359 is not set -# CONFIG_KEYBOARD_MCS is not set -# CONFIG_KEYBOARD_MPR121 is not set -# CONFIG_KEYBOARD_NEWTON is not set -# CONFIG_KEYBOARD_OPENCORES is not set -# CONFIG_KEYBOARD_STOWAWAY is not set -# CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_OMAP4 is not set -# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set -# CONFIG_KEYBOARD_XTKBD is not set -# CONFIG_KEYBOARD_CAP11XX is not set -CONFIG_INPUT_MOUSE=y -# CONFIG_MOUSE_PS2 is not set -# CONFIG_MOUSE_SERIAL is not set -CONFIG_MOUSE_APPLETOUCH=y -# CONFIG_MOUSE_BCM5974 is not set -# CONFIG_MOUSE_CYAPA is not set -# CONFIG_MOUSE_ELAN_I2C is not set -# CONFIG_MOUSE_VSXXXAA is not set -# CONFIG_MOUSE_SYNAPTICS_I2C is not set -# CONFIG_MOUSE_SYNAPTICS_USB is not set -# CONFIG_INPUT_JOYSTICK is not set -# CONFIG_INPUT_TABLET is not set -# CONFIG_INPUT_TOUCHSCREEN is not set -# CONFIG_INPUT_MISC is not set -# CONFIG_RMI4_CORE is not set - -# -# Hardware I/O ports -# -CONFIG_SERIO=y -CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y -# CONFIG_SERIO_I8042 is not set -# CONFIG_SERIO_SERPORT is not set -# CONFIG_SERIO_PCIPS2 is not set -# CONFIG_SERIO_LIBPS2 is not set -# CONFIG_SERIO_RAW is not set -# CONFIG_SERIO_XILINX_XPS_PS2 is not set -# CONFIG_SERIO_ALTERA_PS2 is not set -# CONFIG_SERIO_PS2MULT is not set -# CONFIG_SERIO_ARC_PS2 is not set -# CONFIG_SERIO_APBPS2 is not set -# CONFIG_USERIO is not set -# CONFIG_GAMEPORT is not set - -# -# Character devices -# -CONFIG_TTY=y -CONFIG_VT=y -CONFIG_CONSOLE_TRANSLATIONS=y -CONFIG_VT_CONSOLE=y -CONFIG_VT_CONSOLE_SLEEP=y -CONFIG_HW_CONSOLE=y -CONFIG_VT_HW_CONSOLE_BINDING=y -CONFIG_UNIX98_PTYS=y -CONFIG_LEGACY_PTYS=y -CONFIG_LEGACY_PTY_COUNT=256 -# CONFIG_SERIAL_NONSTANDARD is not set -# CONFIG_NOZOMI is not set -# CONFIG_N_GSM is not set -# CONFIG_TRACE_SINK is not set -# CONFIG_PPC_EPAPR_HV_BYTECHAN is not set -CONFIG_DEVMEM=y -CONFIG_DEVKMEM=y - -# -# Serial drivers -# -CONFIG_SERIAL_8250=m -CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y -# CONFIG_SERIAL_8250_FINTEK is not set -CONFIG_SERIAL_8250_PCI=m -CONFIG_SERIAL_8250_EXAR=m -# CONFIG_SERIAL_8250_CS is not set -CONFIG_SERIAL_8250_NR_UARTS=4 -CONFIG_SERIAL_8250_RUNTIME_UARTS=4 -# CONFIG_SERIAL_8250_EXTENDED is not set -# CONFIG_SERIAL_8250_ASPEED_VUART is not set -# CONFIG_SERIAL_8250_DW is not set -# CONFIG_SERIAL_8250_RT288X is not set -# CONFIG_SERIAL_8250_MOXA is not set -# CONFIG_SERIAL_OF_PLATFORM is not set - -# -# Non-8250 serial port support -# -# CONFIG_SERIAL_UARTLITE is not set -CONFIG_SERIAL_CORE=m -CONFIG_SERIAL_PMACZILOG=m -CONFIG_SERIAL_PMACZILOG_TTYS=y -# CONFIG_SERIAL_JSM is not set -# CONFIG_SERIAL_SCCNXP is not set -# CONFIG_SERIAL_SC16IS7XX is not set -# CONFIG_SERIAL_ALTERA_JTAGUART is not set -# CONFIG_SERIAL_ALTERA_UART is not set -# CONFIG_SERIAL_XILINX_PS_UART is not set -# CONFIG_SERIAL_ARC is not set -# CONFIG_SERIAL_RP2 is not set -# CONFIG_SERIAL_FSL_LPUART is not set -# CONFIG_SERIAL_CONEXANT_DIGICOLOR is not set -# CONFIG_SERIAL_DEV_BUS is not set -# CONFIG_HVC_UDBG is not set -# CONFIG_IPMI_HANDLER is not set -CONFIG_HW_RANDOM=m -# CONFIG_HW_RANDOM_TIMERIOMEM is not set -CONFIG_NVRAM=y -# CONFIG_R3964 is not set -# CONFIG_APPLICOM is not set - -# -# PCMCIA character devices -# -# CONFIG_SYNCLINK_CS is not set -# CONFIG_CARDMAN_4000 is not set -# CONFIG_CARDMAN_4040 is not set -# CONFIG_SCR24X is not set -# CONFIG_IPWIRELESS is not set -# CONFIG_RAW_DRIVER is not set -# CONFIG_TCG_TPM is not set -CONFIG_DEVPORT=y -# CONFIG_XILLYBUS is not set - -# -# I2C support -# -CONFIG_I2C=y -CONFIG_I2C_BOARDINFO=y -CONFIG_I2C_COMPAT=y -CONFIG_I2C_CHARDEV=m -# CONFIG_I2C_MUX is not set -CONFIG_I2C_HELPER_AUTO=y -CONFIG_I2C_ALGOBIT=y - -# -# I2C Hardware Bus support -# - -# -# PC SMBus host controller drivers -# -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set -# CONFIG_I2C_AMD756 is not set -# CONFIG_I2C_AMD8111 is not set -# CONFIG_I2C_I801 is not set -# CONFIG_I2C_ISCH is not set -# CONFIG_I2C_PIIX4 is not set -# CONFIG_I2C_NFORCE2 is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set -# CONFIG_I2C_SIS96X is not set -# CONFIG_I2C_VIA is not set -# CONFIG_I2C_VIAPRO is not set - -# -# Mac SMBus host controller drivers -# -CONFIG_I2C_POWERMAC=y - -# -# I2C system bus drivers (mostly embedded / system-on-chip) -# -# CONFIG_I2C_DESIGNWARE_PLATFORM is not set -# CONFIG_I2C_DESIGNWARE_PCI is not set -# CONFIG_I2C_MPC is not set -# CONFIG_I2C_OCORES is not set -# CONFIG_I2C_PCA_PLATFORM is not set -# CONFIG_I2C_PXA_PCI is not set -# CONFIG_I2C_SIMTEC is not set -# CONFIG_I2C_XILINX is not set - -# -# External I2C/SMBus adapter drivers -# -# CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_PARPORT_LIGHT is not set -# CONFIG_I2C_ROBOTFUZZ_OSIF is not set -# CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set - -# -# Other I2C/SMBus bus drivers -# -# CONFIG_I2C_STUB is not set -# CONFIG_I2C_SLAVE is not set -# CONFIG_I2C_DEBUG_CORE is not set -# CONFIG_I2C_DEBUG_ALGO is not set -# CONFIG_I2C_DEBUG_BUS is not set -# CONFIG_SPI is not set -# CONFIG_SPMI is not set -# CONFIG_HSI is not set -# CONFIG_PPS is not set - -# -# PTP clock support -# -# CONFIG_PTP_1588_CLOCK is not set - -# -# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. -# -# CONFIG_GPIOLIB is not set -# CONFIG_W1 is not set -# CONFIG_POWER_AVS is not set -# CONFIG_POWER_RESET is not set -CONFIG_POWER_SUPPLY=y -# CONFIG_POWER_SUPPLY_DEBUG is not set -# CONFIG_PDA_POWER is not set -CONFIG_APM_POWER=y -# CONFIG_TEST_POWER is not set -# CONFIG_BATTERY_DS2780 is not set -# CONFIG_BATTERY_DS2781 is not set -# CONFIG_BATTERY_DS2782 is not set -CONFIG_BATTERY_PMU=y -# CONFIG_BATTERY_SBS is not set -# CONFIG_CHARGER_SBS is not set -# CONFIG_BATTERY_BQ27XXX is not set -# CONFIG_BATTERY_MAX17040 is not set -# CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_MAX8903 is not set -# CONFIG_CHARGER_LP8727 is not set -# CONFIG_CHARGER_DETECTOR_MAX14656 is not set -# CONFIG_CHARGER_BQ2415X is not set -# CONFIG_CHARGER_SMB347 is not set -# CONFIG_BATTERY_GAUGE_LTC2941 is not set -CONFIG_HWMON=m -# CONFIG_HWMON_VID is not set -# CONFIG_HWMON_DEBUG_CHIP is not set - -# -# Native drivers -# -# CONFIG_SENSORS_AD7414 is not set -# CONFIG_SENSORS_AD7418 is not set -# CONFIG_SENSORS_ADM1021 is not set -# CONFIG_SENSORS_ADM1025 is not set -# CONFIG_SENSORS_ADM1026 is not set -# CONFIG_SENSORS_ADM1029 is not set -# CONFIG_SENSORS_ADM1031 is not set -# CONFIG_SENSORS_ADM9240 is not set -# CONFIG_SENSORS_ADT7410 is not set -# CONFIG_SENSORS_ADT7411 is not set -# CONFIG_SENSORS_ADT7462 is not set -# CONFIG_SENSORS_ADT7470 is not set -# CONFIG_SENSORS_ADT7475 is not set -# CONFIG_SENSORS_ASC7621 is not set -# CONFIG_SENSORS_ASPEED is not set -# CONFIG_SENSORS_ATXP1 is not set -# CONFIG_SENSORS_DS620 is not set -# CONFIG_SENSORS_DS1621 is not set -# CONFIG_SENSORS_I5K_AMB is not set -# CONFIG_SENSORS_F75375S is not set -# CONFIG_SENSORS_GL518SM is not set -# CONFIG_SENSORS_GL520SM is not set -# CONFIG_SENSORS_G760A is not set -# CONFIG_SENSORS_G762 is not set -# CONFIG_SENSORS_HIH6130 is not set -# CONFIG_SENSORS_JC42 is not set -# CONFIG_SENSORS_POWR1220 is not set -# CONFIG_SENSORS_LINEAGE is not set -# CONFIG_SENSORS_LTC2945 is not set -# CONFIG_SENSORS_LTC2990 is not set -# CONFIG_SENSORS_LTC4151 is not set -# CONFIG_SENSORS_LTC4215 is not set -# CONFIG_SENSORS_LTC4222 is not set -# CONFIG_SENSORS_LTC4245 is not set -# CONFIG_SENSORS_LTC4260 is not set -# CONFIG_SENSORS_LTC4261 is not set -# CONFIG_SENSORS_MAX16065 is not set -# CONFIG_SENSORS_MAX1619 is not set -# CONFIG_SENSORS_MAX1668 is not set -# CONFIG_SENSORS_MAX197 is not set -# CONFIG_SENSORS_MAX6639 is not set -# CONFIG_SENSORS_MAX6642 is not set -# CONFIG_SENSORS_MAX6650 is not set -# CONFIG_SENSORS_MAX6697 is not set -# CONFIG_SENSORS_MAX31790 is not set -# CONFIG_SENSORS_MCP3021 is not set -# CONFIG_SENSORS_TC654 is not set -# CONFIG_SENSORS_LM63 is not set -# CONFIG_SENSORS_LM73 is not set -# CONFIG_SENSORS_LM75 is not set -# CONFIG_SENSORS_LM77 is not set -# CONFIG_SENSORS_LM78 is not set -# CONFIG_SENSORS_LM80 is not set -# CONFIG_SENSORS_LM83 is not set -# CONFIG_SENSORS_LM85 is not set -# CONFIG_SENSORS_LM87 is not set -# CONFIG_SENSORS_LM90 is not set -# CONFIG_SENSORS_LM92 is not set -# CONFIG_SENSORS_LM93 is not set -# CONFIG_SENSORS_LM95234 is not set -# CONFIG_SENSORS_LM95241 is not set -# CONFIG_SENSORS_LM95245 is not set -# CONFIG_SENSORS_NTC_THERMISTOR is not set -# CONFIG_SENSORS_NCT7802 is not set -# CONFIG_SENSORS_NCT7904 is not set -# CONFIG_SENSORS_PCF8591 is not set -# CONFIG_PMBUS is not set -# CONFIG_SENSORS_SHT21 is not set -# CONFIG_SENSORS_SHT3x is not set -# CONFIG_SENSORS_SHTC1 is not set -# CONFIG_SENSORS_SIS5595 is not set -# CONFIG_SENSORS_EMC1403 is not set -# CONFIG_SENSORS_EMC2103 is not set -# CONFIG_SENSORS_EMC6W201 is not set -# CONFIG_SENSORS_SMSC47M192 is not set -# CONFIG_SENSORS_SCH56XX_COMMON is not set -# CONFIG_SENSORS_STTS751 is not set -# CONFIG_SENSORS_SMM665 is not set -# CONFIG_SENSORS_ADC128D818 is not set -# CONFIG_SENSORS_ADS1015 is not set -# CONFIG_SENSORS_ADS7828 is not set -# CONFIG_SENSORS_AMC6821 is not set -# CONFIG_SENSORS_INA209 is not set -# CONFIG_SENSORS_INA2XX is not set -# CONFIG_SENSORS_INA3221 is not set -# CONFIG_SENSORS_TC74 is not set -# CONFIG_SENSORS_THMC50 is not set -# CONFIG_SENSORS_TMP102 is not set -# CONFIG_SENSORS_TMP103 is not set -# CONFIG_SENSORS_TMP108 is not set -# CONFIG_SENSORS_TMP401 is not set -# CONFIG_SENSORS_TMP421 is not set -# CONFIG_SENSORS_VIA686A is not set -# CONFIG_SENSORS_VT8231 is not set -# CONFIG_SENSORS_W83781D is not set -# CONFIG_SENSORS_W83791D is not set -# CONFIG_SENSORS_W83792D is not set -# CONFIG_SENSORS_W83793 is not set -# CONFIG_SENSORS_W83795 is not set -# CONFIG_SENSORS_W83L785TS is not set -# CONFIG_SENSORS_W83L786NG is not set -# CONFIG_THERMAL is not set -# CONFIG_WATCHDOG is not set -CONFIG_SSB_POSSIBLE=y - -# -# Sonics Silicon Backplane -# -CONFIG_SSB=m -CONFIG_SSB_SPROM=y -CONFIG_SSB_BLOCKIO=y -CONFIG_SSB_PCIHOST_POSSIBLE=y -CONFIG_SSB_PCIHOST=y -CONFIG_SSB_B43_PCI_BRIDGE=y -CONFIG_SSB_PCMCIAHOST_POSSIBLE=y -# CONFIG_SSB_PCMCIAHOST is not set -# CONFIG_SSB_DEBUG is not set -CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y -CONFIG_SSB_DRIVER_PCICORE=y -CONFIG_BCMA_POSSIBLE=y -CONFIG_BCMA=m -CONFIG_BCMA_BLOCKIO=y -CONFIG_BCMA_HOST_PCI_POSSIBLE=y -CONFIG_BCMA_HOST_PCI=y -# CONFIG_BCMA_HOST_SOC is not set -CONFIG_BCMA_DRIVER_PCI=y -# CONFIG_BCMA_DRIVER_GMAC_CMN is not set -# CONFIG_BCMA_DEBUG is not set - -# -# Multifunction device drivers -# -# CONFIG_MFD_CORE is not set -# CONFIG_MFD_ACT8945A is not set -# CONFIG_MFD_AS3711 is not set -# CONFIG_MFD_AS3722 is not set -# CONFIG_PMIC_ADP5520 is not set -# CONFIG_MFD_ATMEL_FLEXCOM is not set -# CONFIG_MFD_ATMEL_HLCDC is not set -# CONFIG_MFD_BCM590XX is not set -# CONFIG_MFD_BD9571MWV is not set -# CONFIG_MFD_AXP20X_I2C is not set -# CONFIG_PMIC_DA903X is not set -# CONFIG_MFD_DA9052_I2C is not set -# CONFIG_MFD_DA9055 is not set -# CONFIG_MFD_DA9062 is not set -# CONFIG_MFD_DA9063 is not set -# CONFIG_MFD_DA9150 is not set -# CONFIG_MFD_DLN2 is not set -# CONFIG_MFD_MC13XXX_I2C is not set -# CONFIG_MFD_HI6421_PMIC is not set -# CONFIG_HTC_PASIC3 is not set -# CONFIG_LPC_ICH is not set -# CONFIG_LPC_SCH is not set -# CONFIG_MFD_JANZ_CMODIO is not set -# CONFIG_MFD_KEMPLD is not set -# CONFIG_MFD_88PM800 is not set -# CONFIG_MFD_88PM805 is not set -# CONFIG_MFD_88PM860X is not set -# CONFIG_MFD_MAX14577 is not set -# CONFIG_MFD_MAX77620 is not set -# CONFIG_MFD_MAX77686 is not set -# CONFIG_MFD_MAX77693 is not set -# CONFIG_MFD_MAX77843 is not set -# CONFIG_MFD_MAX8907 is not set -# CONFIG_MFD_MAX8925 is not set -# CONFIG_MFD_MAX8997 is not set -# CONFIG_MFD_MAX8998 is not set -# CONFIG_MFD_MT6397 is not set -# CONFIG_MFD_MENF21BMC is not set -# CONFIG_MFD_VIPERBOARD is not set -# CONFIG_MFD_RETU is not set -# CONFIG_MFD_PCF50633 is not set -# CONFIG_MFD_RDC321X is not set -# CONFIG_MFD_RTSX_PCI is not set -# CONFIG_MFD_RT5033 is not set -# CONFIG_MFD_RTSX_USB is not set -# CONFIG_MFD_RC5T583 is not set -# CONFIG_MFD_RK808 is not set -# CONFIG_MFD_RN5T618 is not set -# CONFIG_MFD_SEC_CORE is not set -# CONFIG_MFD_SI476X_CORE is not set -# CONFIG_MFD_SM501 is not set -# CONFIG_MFD_SKY81452 is not set -# CONFIG_MFD_SMSC is not set -# CONFIG_ABX500_CORE is not set -# CONFIG_MFD_STMPE is not set -# CONFIG_MFD_SYSCON is not set -# CONFIG_MFD_TI_AM335X_TSCADC is not set -# CONFIG_MFD_LP3943 is not set -# CONFIG_MFD_LP8788 is not set -# CONFIG_MFD_TI_LMU is not set -# CONFIG_MFD_PALMAS is not set -# CONFIG_TPS6105X is not set -# CONFIG_TPS6507X is not set -# CONFIG_MFD_TPS65086 is not set -# CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TPS65217 is not set -# CONFIG_MFD_TI_LP873X is not set -# CONFIG_MFD_TI_LP87565 is not set -# CONFIG_MFD_TPS65218 is not set -# CONFIG_MFD_TPS6586X is not set -# CONFIG_MFD_TPS65912_I2C is not set -# CONFIG_MFD_TPS80031 is not set -# CONFIG_TWL4030_CORE is not set -# CONFIG_TWL6040_CORE is not set -# CONFIG_MFD_WL1273_CORE is not set -# CONFIG_MFD_LM3533 is not set -# CONFIG_MFD_TC3589X is not set -# CONFIG_MFD_TMIO is not set -# CONFIG_MFD_VX855 is not set -# CONFIG_MFD_ARIZONA_I2C is not set -# CONFIG_MFD_WM8400 is not set -# CONFIG_MFD_WM831X_I2C is not set -# CONFIG_MFD_WM8350_I2C is not set -# CONFIG_MFD_WM8994 is not set -# CONFIG_REGULATOR is not set -CONFIG_RC_CORE=y -CONFIG_RC_MAP=y -CONFIG_RC_DECODERS=y -# CONFIG_LIRC is not set -CONFIG_IR_NEC_DECODER=y -CONFIG_IR_RC5_DECODER=y -CONFIG_IR_RC6_DECODER=y -CONFIG_IR_JVC_DECODER=y -CONFIG_IR_SONY_DECODER=y -CONFIG_IR_SANYO_DECODER=y -CONFIG_IR_SHARP_DECODER=y -CONFIG_IR_MCE_KBD_DECODER=y -CONFIG_IR_XMP_DECODER=y -# CONFIG_RC_DEVICES is not set -# CONFIG_MEDIA_SUPPORT is not set - -# -# Graphics support -# -CONFIG_AGP=m -CONFIG_AGP_UNINORTH=m -CONFIG_VGA_ARB=y -CONFIG_VGA_ARB_MAX_GPUS=16 -CONFIG_DRM=m -# CONFIG_DRM_DP_AUX_CHARDEV is not set -# CONFIG_DRM_DEBUG_MM_SELFTEST is not set -CONFIG_DRM_KMS_HELPER=m -CONFIG_DRM_KMS_FB_HELPER=y -CONFIG_DRM_FBDEV_EMULATION=y -CONFIG_DRM_FBDEV_OVERALLOC=100 -# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set -CONFIG_DRM_TTM=m - -# -# I2C encoder or helper chips -# -# CONFIG_DRM_I2C_CH7006 is not set -# CONFIG_DRM_I2C_SIL164 is not set -# CONFIG_DRM_I2C_NXP_TDA998X is not set -CONFIG_DRM_RADEON=m -# CONFIG_DRM_RADEON_USERPTR is not set -# CONFIG_DRM_AMDGPU is not set - -# -# ACP (Audio CoProcessor) Configuration -# -# CONFIG_DRM_NOUVEAU is not set -# CONFIG_DRM_VGEM is not set -# CONFIG_DRM_UDL is not set -# CONFIG_DRM_AST is not set -# CONFIG_DRM_MGAG200 is not set -# CONFIG_DRM_CIRRUS_QEMU is not set -# CONFIG_DRM_RCAR_DW_HDMI is not set -# CONFIG_DRM_QXL is not set -# CONFIG_DRM_BOCHS is not set -CONFIG_DRM_PANEL=y - -# -# Display Panels -# -# CONFIG_DRM_PANEL_LVDS is not set -# CONFIG_DRM_PANEL_SIMPLE is not set -# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set -CONFIG_DRM_BRIDGE=y -CONFIG_DRM_PANEL_BRIDGE=y - -# -# Display Interface Bridges -# -# CONFIG_DRM_ANALOGIX_ANX78XX is not set -# CONFIG_DRM_DUMB_VGA_DAC is not set -# CONFIG_DRM_LVDS_ENCODER is not set -# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set -# CONFIG_DRM_NXP_PTN3460 is not set -# CONFIG_DRM_PARADE_PS8622 is not set -# CONFIG_DRM_SIL_SII8620 is not set -# CONFIG_DRM_SII902X is not set -# CONFIG_DRM_TOSHIBA_TC358767 is not set -# CONFIG_DRM_TI_TFP410 is not set -# CONFIG_DRM_I2C_ADV7511 is not set -# CONFIG_DRM_ARCPGU is not set -# CONFIG_DRM_HISI_HIBMC is not set -# CONFIG_DRM_TINYDRM is not set -# CONFIG_DRM_LEGACY is not set -# CONFIG_DRM_LIB_RANDOM is not set - -# -# Frame buffer Devices -# -CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set -CONFIG_FB_CMDLINE=y -CONFIG_FB_NOTIFY=y -CONFIG_FB_DDC=y -# CONFIG_FB_BOOT_VESA_SUPPORT is not set -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y -# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set -CONFIG_FB_SYS_FILLRECT=m -CONFIG_FB_SYS_COPYAREA=m -CONFIG_FB_SYS_IMAGEBLIT=m -# CONFIG_FB_PROVIDE_GET_FB_UNMAPPED_AREA is not set -# CONFIG_FB_FOREIGN_ENDIAN is not set -CONFIG_FB_SYS_FOPS=m -CONFIG_FB_DEFERRED_IO=y -# CONFIG_FB_SVGALIB is not set -CONFIG_FB_MACMODES=y -CONFIG_FB_BACKLIGHT=y -CONFIG_FB_MODE_HELPERS=y -CONFIG_FB_TILEBLITTING=y - -# -# Frame buffer hardware drivers -# -# CONFIG_FB_CIRRUS is not set -# CONFIG_FB_PM2 is not set -# CONFIG_FB_CYBER2000 is not set -CONFIG_FB_OF=y -CONFIG_FB_CONTROL=y -CONFIG_FB_PLATINUM=y -CONFIG_FB_VALKYRIE=y -CONFIG_FB_CT65550=y -# CONFIG_FB_ASILIANT is not set -CONFIG_FB_IMSTT=y -# CONFIG_FB_VGA16 is not set -# CONFIG_FB_UVESA is not set -# CONFIG_FB_OPENCORES is not set -# CONFIG_FB_S1D13XXX is not set -CONFIG_FB_NVIDIA=y -CONFIG_FB_NVIDIA_I2C=y -# CONFIG_FB_NVIDIA_DEBUG is not set -CONFIG_FB_NVIDIA_BACKLIGHT=y -# CONFIG_FB_RIVA is not set -# CONFIG_FB_I740 is not set -CONFIG_FB_MATROX=y -CONFIG_FB_MATROX_MILLENIUM=y -CONFIG_FB_MATROX_MYSTIQUE=y -# CONFIG_FB_MATROX_G is not set -# CONFIG_FB_MATROX_I2C is not set -CONFIG_FB_RADEON=y -CONFIG_FB_RADEON_I2C=y -CONFIG_FB_RADEON_BACKLIGHT=y -# CONFIG_FB_RADEON_DEBUG is not set -CONFIG_FB_ATY128=y -CONFIG_FB_ATY128_BACKLIGHT=y -CONFIG_FB_ATY=y -CONFIG_FB_ATY_CT=y -# CONFIG_FB_ATY_GENERIC_LCD is not set -CONFIG_FB_ATY_GX=y -CONFIG_FB_ATY_BACKLIGHT=y -# CONFIG_FB_S3 is not set -# CONFIG_FB_SAVAGE is not set -# CONFIG_FB_SIS is not set -# CONFIG_FB_NEOMAGIC is not set -# CONFIG_FB_KYRO is not set -CONFIG_FB_3DFX=y -# CONFIG_FB_3DFX_ACCEL is not set -CONFIG_FB_3DFX_I2C=y -# CONFIG_FB_VOODOO1 is not set -# CONFIG_FB_VT8623 is not set -# CONFIG_FB_TRIDENT is not set -# CONFIG_FB_ARK is not set -# CONFIG_FB_PM3 is not set -# CONFIG_FB_CARMINE is not set -# CONFIG_FB_SMSCUFX is not set -# CONFIG_FB_UDL is not set -# CONFIG_FB_IBM_GXT4500 is not set -# CONFIG_FB_VIRTUAL is not set -# CONFIG_FB_METRONOME is not set -# CONFIG_FB_MB862XX is not set -# CONFIG_FB_BROADSHEET is not set -# CONFIG_FB_AUO_K190X is not set -# CONFIG_FB_SIMPLE is not set -# CONFIG_FB_SM712 is not set -CONFIG_BACKLIGHT_LCD_SUPPORT=y -CONFIG_LCD_CLASS_DEVICE=m -# CONFIG_LCD_PLATFORM is not set -CONFIG_BACKLIGHT_CLASS_DEVICE=y -CONFIG_BACKLIGHT_GENERIC=y -# CONFIG_BACKLIGHT_PM8941_WLED is not set -# CONFIG_BACKLIGHT_ADP8860 is not set -# CONFIG_BACKLIGHT_ADP8870 is not set -# CONFIG_BACKLIGHT_LM3639 is not set -# CONFIG_BACKLIGHT_LV5207LP is not set -# CONFIG_BACKLIGHT_BD6107 is not set -# CONFIG_BACKLIGHT_ARCXCNN is not set -CONFIG_VGASTATE=y -CONFIG_HDMI=y - -# -# Console display driver support -# -# CONFIG_VGA_CONSOLE is not set -CONFIG_DUMMY_CONSOLE=y -CONFIG_DUMMY_CONSOLE_COLUMNS=80 -CONFIG_DUMMY_CONSOLE_ROWS=25 -CONFIG_FRAMEBUFFER_CONSOLE=y -CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set -CONFIG_LOGO=y -CONFIG_LOGO_LINUX_MONO=y -CONFIG_LOGO_LINUX_VGA16=y -CONFIG_LOGO_LINUX_CLUT224=y -CONFIG_SOUND=m -CONFIG_SOUND_OSS_CORE=y -CONFIG_SOUND_OSS_CORE_PRECLAIM=y -CONFIG_SND=m -CONFIG_SND_TIMER=m -CONFIG_SND_PCM=m -CONFIG_SND_HWDEP=m -CONFIG_SND_SEQ_DEVICE=m -CONFIG_SND_RAWMIDI=m -CONFIG_SND_OSSEMUL=y -CONFIG_SND_MIXER_OSS=m -CONFIG_SND_PCM_OSS=m -CONFIG_SND_PCM_OSS_PLUGINS=y -CONFIG_SND_PCM_TIMER=y -# CONFIG_SND_HRTIMER is not set -# CONFIG_SND_DYNAMIC_MINORS is not set -CONFIG_SND_SUPPORT_OLD_API=y -CONFIG_SND_PROC_FS=y -CONFIG_SND_VERBOSE_PROCFS=y -# CONFIG_SND_VERBOSE_PRINTK is not set -# CONFIG_SND_DEBUG is not set -CONFIG_SND_VMASTER=y -CONFIG_SND_SEQUENCER=m -CONFIG_SND_SEQ_DUMMY=m -CONFIG_SND_SEQUENCER_OSS=m -CONFIG_SND_SEQ_MIDI_EVENT=m -CONFIG_SND_SEQ_MIDI=m -# CONFIG_SND_OPL3_LIB_SEQ is not set -# CONFIG_SND_OPL4_LIB_SEQ is not set -CONFIG_SND_DRIVERS=y -CONFIG_SND_DUMMY=m -# CONFIG_SND_ALOOP is not set -# CONFIG_SND_VIRMIDI is not set -# CONFIG_SND_MTPAV is not set -# CONFIG_SND_SERIAL_U16550 is not set -# CONFIG_SND_MPU401 is not set -CONFIG_SND_PCI=y -# CONFIG_SND_AD1889 is not set -# CONFIG_SND_ALS300 is not set -# CONFIG_SND_ALS4000 is not set -# CONFIG_SND_ALI5451 is not set -# CONFIG_SND_ATIIXP is not set -# CONFIG_SND_ATIIXP_MODEM is not set -# CONFIG_SND_AU8810 is not set -# CONFIG_SND_AU8820 is not set -# CONFIG_SND_AU8830 is not set -# CONFIG_SND_AW2 is not set -# CONFIG_SND_AZT3328 is not set -# CONFIG_SND_BT87X is not set -# CONFIG_SND_CA0106 is not set -# CONFIG_SND_CMIPCI is not set -# CONFIG_SND_OXYGEN is not set -# CONFIG_SND_CS4281 is not set -# CONFIG_SND_CS46XX is not set -# CONFIG_SND_CTXFI is not set -# CONFIG_SND_DARLA20 is not set -# CONFIG_SND_GINA20 is not set -# CONFIG_SND_LAYLA20 is not set -# CONFIG_SND_DARLA24 is not set -# CONFIG_SND_GINA24 is not set -# CONFIG_SND_LAYLA24 is not set -# CONFIG_SND_MONA is not set -# CONFIG_SND_MIA is not set -# CONFIG_SND_ECHO3G is not set -# CONFIG_SND_INDIGO is not set -# CONFIG_SND_INDIGOIO is not set -# CONFIG_SND_INDIGODJ is not set -# CONFIG_SND_INDIGOIOX is not set -# CONFIG_SND_INDIGODJX is not set -# CONFIG_SND_EMU10K1 is not set -# CONFIG_SND_EMU10K1_SEQ is not set -# CONFIG_SND_EMU10K1X is not set -# CONFIG_SND_ENS1370 is not set -# CONFIG_SND_ENS1371 is not set -# CONFIG_SND_ES1938 is not set -# CONFIG_SND_ES1968 is not set -# CONFIG_SND_FM801 is not set -# CONFIG_SND_HDSP is not set -# CONFIG_SND_HDSPM is not set -# CONFIG_SND_ICE1712 is not set -# CONFIG_SND_ICE1724 is not set -# CONFIG_SND_INTEL8X0 is not set -# CONFIG_SND_INTEL8X0M is not set -# CONFIG_SND_KORG1212 is not set -# CONFIG_SND_LOLA is not set -# CONFIG_SND_LX6464ES is not set -# CONFIG_SND_MAESTRO3 is not set -# CONFIG_SND_MIXART is not set -# CONFIG_SND_NM256 is not set -# CONFIG_SND_PCXHR is not set -# CONFIG_SND_RIPTIDE is not set -# CONFIG_SND_RME32 is not set -# CONFIG_SND_RME96 is not set -# CONFIG_SND_RME9652 is not set -# CONFIG_SND_SE6X is not set -# CONFIG_SND_SONICVIBES is not set -# CONFIG_SND_TRIDENT is not set -# CONFIG_SND_VIA82XX is not set -# CONFIG_SND_VIA82XX_MODEM is not set -# CONFIG_SND_VIRTUOSO is not set -# CONFIG_SND_VX222 is not set -# CONFIG_SND_YMFPCI is not set - -# -# HD-Audio -# -# CONFIG_SND_HDA_INTEL is not set -CONFIG_SND_HDA_PREALLOC_SIZE=64 -CONFIG_SND_PPC=y -CONFIG_SND_POWERMAC=m -CONFIG_SND_POWERMAC_AUTO_DRC=y -CONFIG_SND_AOA=m -CONFIG_SND_AOA_FABRIC_LAYOUT=m -CONFIG_SND_AOA_ONYX=m -CONFIG_SND_AOA_TAS=m -CONFIG_SND_AOA_TOONIE=m -CONFIG_SND_AOA_SOUNDBUS=m -CONFIG_SND_AOA_SOUNDBUS_I2S=m -CONFIG_SND_USB=y -CONFIG_SND_USB_AUDIO=m -# CONFIG_SND_USB_UA101 is not set -# CONFIG_SND_USB_USX2Y is not set -# CONFIG_SND_USB_CAIAQ is not set -# CONFIG_SND_USB_6FIRE is not set -# CONFIG_SND_USB_HIFACE is not set -# CONFIG_SND_BCD2000 is not set -# CONFIG_SND_USB_POD is not set -# CONFIG_SND_USB_PODHD is not set -# CONFIG_SND_USB_TONEPORT is not set -# CONFIG_SND_USB_VARIAX is not set -CONFIG_SND_PCMCIA=y -# CONFIG_SND_VXPOCKET is not set -# CONFIG_SND_PDAUDIOCF is not set -# CONFIG_SND_SOC is not set - -# -# HID support -# -CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -# CONFIG_HIDRAW is not set -# CONFIG_UHID is not set -CONFIG_HID_GENERIC=y - -# -# Special HID drivers -# -CONFIG_HID_A4TECH=y -# CONFIG_HID_ACCUTOUCH is not set -# CONFIG_HID_ACRUX is not set -CONFIG_HID_APPLE=y -# CONFIG_HID_APPLEIR is not set -# CONFIG_HID_ASUS is not set -# CONFIG_HID_AUREAL is not set -CONFIG_HID_BELKIN=y -# CONFIG_HID_BETOP_FF is not set -CONFIG_HID_CHERRY=y -CONFIG_HID_CHICONY=y -# CONFIG_HID_CORSAIR is not set -# CONFIG_HID_PRODIKEYS is not set -# CONFIG_HID_CMEDIA is not set -CONFIG_HID_CYPRESS=y -# CONFIG_HID_DRAGONRISE is not set -# CONFIG_HID_EMS_FF is not set -# CONFIG_HID_ELECOM is not set -# CONFIG_HID_ELO is not set -CONFIG_HID_EZKEY=y -# CONFIG_HID_GEMBIRD is not set -# CONFIG_HID_GFRM is not set -# CONFIG_HID_HOLTEK is not set -# CONFIG_HID_GT683R is not set -# CONFIG_HID_KEYTOUCH is not set -# CONFIG_HID_KYE is not set -# CONFIG_HID_UCLOGIC is not set -# CONFIG_HID_WALTOP is not set -CONFIG_HID_GYRATION=y -# CONFIG_HID_ICADE is not set -CONFIG_HID_ITE=y -# CONFIG_HID_TWINHAN is not set -CONFIG_HID_KENSINGTON=y -# CONFIG_HID_LCPOWER is not set -# CONFIG_HID_LED is not set -# CONFIG_HID_LENOVO is not set -CONFIG_HID_LOGITECH=y -# CONFIG_HID_LOGITECH_HIDPP is not set -# CONFIG_LOGITECH_FF is not set -# CONFIG_LOGIRUMBLEPAD2_FF is not set -# CONFIG_LOGIG940_FF is not set -# CONFIG_LOGIWHEELS_FF is not set -# CONFIG_HID_MAGICMOUSE is not set -# CONFIG_HID_MAYFLASH is not set -CONFIG_HID_MICROSOFT=y -CONFIG_HID_MONTEREY=y -# CONFIG_HID_MULTITOUCH is not set -# CONFIG_HID_NTI is not set -CONFIG_HID_NTRIG=y -# CONFIG_HID_ORTEK is not set -CONFIG_HID_PANTHERLORD=y -# CONFIG_PANTHERLORD_FF is not set -# CONFIG_HID_PENMOUNT is not set -CONFIG_HID_PETALYNX=y -# CONFIG_HID_PICOLCD is not set -# CONFIG_HID_PLANTRONICS is not set -# CONFIG_HID_PRIMAX is not set -# CONFIG_HID_RETRODE is not set -# CONFIG_HID_ROCCAT is not set -# CONFIG_HID_SAITEK is not set -CONFIG_HID_SAMSUNG=y -CONFIG_HID_SONY=y -# CONFIG_SONY_FF is not set -# CONFIG_HID_SPEEDLINK is not set -# CONFIG_HID_STEELSERIES is not set -CONFIG_HID_SUNPLUS=y -# CONFIG_HID_RMI is not set -# CONFIG_HID_GREENASIA is not set -# CONFIG_HID_SMARTJOYPLUS is not set -# CONFIG_HID_TIVO is not set -CONFIG_HID_TOPSEED=y -# CONFIG_HID_THINGM is not set -# CONFIG_HID_THRUSTMASTER is not set -# CONFIG_HID_UDRAW_PS3 is not set -# CONFIG_HID_WACOM is not set -# CONFIG_HID_WIIMOTE is not set -# CONFIG_HID_XINMO is not set -# CONFIG_HID_ZEROPLUS is not set -# CONFIG_HID_ZYDACRON is not set -# CONFIG_HID_SENSOR_HUB is not set -# CONFIG_HID_ALPS is not set - -# -# USB HID support -# -CONFIG_USB_HID=y -# CONFIG_HID_PID is not set -# CONFIG_USB_HIDDEV is not set - -# -# I2C HID support -# -# CONFIG_I2C_HID is not set -CONFIG_USB_OHCI_LITTLE_ENDIAN=y -CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=y -CONFIG_USB_ARCH_HAS_HCD=y -CONFIG_USB=y -CONFIG_USB_PCI=y -# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set - -# -# Miscellaneous USB options -# -CONFIG_USB_DEFAULT_PERSIST=y -CONFIG_USB_DYNAMIC_MINORS=y -# CONFIG_USB_OTG is not set -# CONFIG_USB_OTG_WHITELIST is not set -# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set -CONFIG_USB_MON=y -# CONFIG_USB_WUSB_CBAF is not set - -# -# USB Host Controller Drivers -# -# CONFIG_USB_C67X00_HCD is not set -# CONFIG_USB_XHCI_HCD is not set -CONFIG_USB_EHCI_HCD=m -CONFIG_USB_EHCI_ROOT_HUB_TT=y -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=m -# CONFIG_XPS_USB_HCD_XILINX is not set -# CONFIG_USB_EHCI_HCD_PPC_OF is not set -# CONFIG_USB_EHCI_HCD_PLATFORM is not set -# CONFIG_USB_OXU210HP_HCD is not set -# CONFIG_USB_ISP116X_HCD is not set -# CONFIG_USB_ISP1362_HCD is not set -# CONFIG_USB_FOTG210_HCD is not set -CONFIG_USB_OHCI_HCD=y -# CONFIG_USB_OHCI_HCD_PPC_OF_BE is not set -# CONFIG_USB_OHCI_HCD_PPC_OF_LE is not set -# CONFIG_USB_OHCI_HCD_PPC_OF is not set -CONFIG_USB_OHCI_HCD_PCI=y -# CONFIG_USB_OHCI_HCD_PLATFORM is not set -# CONFIG_USB_UHCI_HCD is not set -# CONFIG_USB_SL811_HCD is not set -# CONFIG_USB_R8A66597_HCD is not set -# CONFIG_USB_HCD_BCMA is not set -# CONFIG_USB_HCD_SSB is not set -# CONFIG_USB_HCD_TEST_MODE is not set - -# -# USB Device Class drivers -# -CONFIG_USB_ACM=m -CONFIG_USB_PRINTER=m -# CONFIG_USB_WDM is not set -# CONFIG_USB_TMC is not set - -# -# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may -# - -# -# also be needed; see USB_STORAGE Help for more info -# -CONFIG_USB_STORAGE=m -# CONFIG_USB_STORAGE_DEBUG is not set -# CONFIG_USB_STORAGE_REALTEK is not set -# CONFIG_USB_STORAGE_DATAFAB is not set -# CONFIG_USB_STORAGE_FREECOM is not set -# CONFIG_USB_STORAGE_ISD200 is not set -# CONFIG_USB_STORAGE_USBAT is not set -# CONFIG_USB_STORAGE_SDDR09 is not set -# CONFIG_USB_STORAGE_SDDR55 is not set -# CONFIG_USB_STORAGE_JUMPSHOT is not set -# CONFIG_USB_STORAGE_ALAUDA is not set -CONFIG_USB_STORAGE_ONETOUCH=m -# CONFIG_USB_STORAGE_KARMA is not set -# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set -# CONFIG_USB_STORAGE_ENE_UB6250 is not set -# CONFIG_USB_UAS is not set - -# -# USB Imaging devices -# -# CONFIG_USB_MDC800 is not set -# CONFIG_USB_MICROTEK is not set -# CONFIG_USBIP_CORE is not set -# CONFIG_USB_MUSB_HDRC is not set -# CONFIG_USB_DWC3 is not set -# CONFIG_USB_DWC2 is not set -# CONFIG_USB_CHIPIDEA is not set -# CONFIG_USB_ISP1760 is not set - -# -# USB port drivers -# -CONFIG_USB_SERIAL=m -# CONFIG_USB_SERIAL_GENERIC is not set -# CONFIG_USB_SERIAL_SIMPLE is not set -# CONFIG_USB_SERIAL_AIRCABLE is not set -# CONFIG_USB_SERIAL_ARK3116 is not set -# CONFIG_USB_SERIAL_BELKIN is not set -# CONFIG_USB_SERIAL_CH341 is not set -# CONFIG_USB_SERIAL_WHITEHEAT is not set -# CONFIG_USB_SERIAL_DIGI_ACCELEPORT is not set -# CONFIG_USB_SERIAL_CP210X is not set -# CONFIG_USB_SERIAL_CYPRESS_M8 is not set -# CONFIG_USB_SERIAL_EMPEG is not set -# CONFIG_USB_SERIAL_FTDI_SIO is not set -CONFIG_USB_SERIAL_VISOR=m -CONFIG_USB_SERIAL_IPAQ=m -# CONFIG_USB_SERIAL_IR is not set -# CONFIG_USB_SERIAL_EDGEPORT is not set -# CONFIG_USB_SERIAL_EDGEPORT_TI is not set -# CONFIG_USB_SERIAL_F81232 is not set -# CONFIG_USB_SERIAL_F8153X is not set -# CONFIG_USB_SERIAL_GARMIN is not set -# CONFIG_USB_SERIAL_IPW is not set -# CONFIG_USB_SERIAL_IUU is not set -CONFIG_USB_SERIAL_KEYSPAN_PDA=m -CONFIG_USB_SERIAL_KEYSPAN=m -CONFIG_USB_SERIAL_KEYSPAN_MPR=y -CONFIG_USB_SERIAL_KEYSPAN_USA28=y -CONFIG_USB_SERIAL_KEYSPAN_USA28X=y -CONFIG_USB_SERIAL_KEYSPAN_USA28XA=y -CONFIG_USB_SERIAL_KEYSPAN_USA28XB=y -CONFIG_USB_SERIAL_KEYSPAN_USA19=y -CONFIG_USB_SERIAL_KEYSPAN_USA18X=y -CONFIG_USB_SERIAL_KEYSPAN_USA19W=y -CONFIG_USB_SERIAL_KEYSPAN_USA19QW=y -CONFIG_USB_SERIAL_KEYSPAN_USA19QI=y -CONFIG_USB_SERIAL_KEYSPAN_USA49W=y -CONFIG_USB_SERIAL_KEYSPAN_USA49WLC=y -# CONFIG_USB_SERIAL_KLSI is not set -# CONFIG_USB_SERIAL_KOBIL_SCT is not set -# CONFIG_USB_SERIAL_MCT_U232 is not set -# CONFIG_USB_SERIAL_METRO is not set -# CONFIG_USB_SERIAL_MOS7720 is not set -# CONFIG_USB_SERIAL_MOS7840 is not set -# CONFIG_USB_SERIAL_MXUPORT is not set -# CONFIG_USB_SERIAL_NAVMAN is not set -# CONFIG_USB_SERIAL_PL2303 is not set -# CONFIG_USB_SERIAL_OTI6858 is not set -# CONFIG_USB_SERIAL_QCAUX is not set -# CONFIG_USB_SERIAL_QUALCOMM is not set -# CONFIG_USB_SERIAL_SPCP8X5 is not set -# CONFIG_USB_SERIAL_SAFE is not set -# CONFIG_USB_SERIAL_SIERRAWIRELESS is not set -# CONFIG_USB_SERIAL_SYMBOL is not set -# CONFIG_USB_SERIAL_TI is not set -# CONFIG_USB_SERIAL_CYBERJACK is not set -# CONFIG_USB_SERIAL_XIRCOM is not set -# CONFIG_USB_SERIAL_OPTION is not set -# CONFIG_USB_SERIAL_OMNINET is not set -# CONFIG_USB_SERIAL_OPTICON is not set -# CONFIG_USB_SERIAL_XSENS_MT is not set -# CONFIG_USB_SERIAL_WISHBONE is not set -# CONFIG_USB_SERIAL_SSU100 is not set -# CONFIG_USB_SERIAL_QT2 is not set -# CONFIG_USB_SERIAL_UPD78F0730 is not set -# CONFIG_USB_SERIAL_DEBUG is not set - -# -# USB Miscellaneous drivers -# -# CONFIG_USB_EMI62 is not set -# CONFIG_USB_EMI26 is not set -# CONFIG_USB_ADUTUX is not set -# CONFIG_USB_SEVSEG is not set -# CONFIG_USB_RIO500 is not set -# CONFIG_USB_LEGOTOWER is not set -# CONFIG_USB_LCD is not set -# CONFIG_USB_CYPRESS_CY7C63 is not set -# CONFIG_USB_CYTHERM is not set -# CONFIG_USB_IDMOUSE is not set -# CONFIG_USB_FTDI_ELAN is not set -CONFIG_USB_APPLEDISPLAY=m -# CONFIG_USB_SISUSBVGA is not set -# CONFIG_USB_LD is not set -# CONFIG_USB_TRANCEVIBRATOR is not set -# CONFIG_USB_IOWARRIOR is not set -# CONFIG_USB_TEST is not set -# CONFIG_USB_EHSET_TEST_FIXTURE is not set -# CONFIG_USB_ISIGHTFW is not set -# CONFIG_USB_YUREX is not set -CONFIG_USB_EZUSB_FX2=m -# CONFIG_USB_HUB_USB251XB is not set -# CONFIG_USB_HSIC_USB3503 is not set -# CONFIG_USB_HSIC_USB4604 is not set -# CONFIG_USB_LINK_LAYER_TEST is not set -# CONFIG_USB_CHAOSKEY is not set - -# -# USB Physical Layer drivers -# -# CONFIG_USB_PHY is not set -# CONFIG_NOP_USB_XCEIV is not set -# CONFIG_USB_ISP1301 is not set -# CONFIG_USB_GADGET is not set - -# -# USB Power Delivery and Type-C drivers -# -# CONFIG_USB_LED_TRIG is not set -# CONFIG_USB_ULPI_BUS is not set -# CONFIG_UWB is not set -# CONFIG_MMC is not set -# CONFIG_MEMSTICK is not set -CONFIG_NEW_LEDS=y -CONFIG_LEDS_CLASS=y -# CONFIG_LEDS_CLASS_FLASH is not set -# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set - -# -# LED drivers -# -# CONFIG_LEDS_BCM6328 is not set -# CONFIG_LEDS_BCM6358 is not set -# CONFIG_LEDS_LM3530 is not set -# CONFIG_LEDS_LM3642 is not set -# CONFIG_LEDS_PCA9532 is not set -# CONFIG_LEDS_LP3944 is not set -# CONFIG_LEDS_LP5521 is not set -# CONFIG_LEDS_LP5523 is not set -# CONFIG_LEDS_LP5562 is not set -# CONFIG_LEDS_LP8501 is not set -# CONFIG_LEDS_LP8860 is not set -# CONFIG_LEDS_PCA955X is not set -# CONFIG_LEDS_PCA963X is not set -# CONFIG_LEDS_BD2802 is not set -# CONFIG_LEDS_TCA6507 is not set -# CONFIG_LEDS_TLC591XX is not set -# CONFIG_LEDS_LM355x is not set -# CONFIG_LEDS_IS31FL319X is not set -# CONFIG_LEDS_IS31FL32XX is not set - -# -# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) -# -# CONFIG_LEDS_BLINKM is not set -# CONFIG_LEDS_USER is not set - -# -# LED Triggers -# -CONFIG_LEDS_TRIGGERS=y -# CONFIG_LEDS_TRIGGER_TIMER is not set -# CONFIG_LEDS_TRIGGER_ONESHOT is not set -# CONFIG_LEDS_TRIGGER_DISK is not set -# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set -# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set -# CONFIG_LEDS_TRIGGER_CPU is not set -CONFIG_LEDS_TRIGGER_DEFAULT_ON=y - -# -# iptables trigger is under Netfilter config (LED target) -# -# CONFIG_LEDS_TRIGGER_TRANSIENT is not set -# CONFIG_LEDS_TRIGGER_CAMERA is not set -# CONFIG_LEDS_TRIGGER_PANIC is not set -# CONFIG_ACCESSIBILITY is not set -# CONFIG_INFINIBAND is not set -CONFIG_EDAC_ATOMIC_SCRUB=y -CONFIG_EDAC_SUPPORT=y -CONFIG_RTC_LIB=y -CONFIG_RTC_CLASS=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_HCTOSYS_DEVICE="rtc0" -CONFIG_RTC_SYSTOHC=y -CONFIG_RTC_SYSTOHC_DEVICE="rtc0" -# CONFIG_RTC_DEBUG is not set -CONFIG_RTC_NVMEM=y - -# -# RTC interfaces -# -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_DEV=y -# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -# CONFIG_RTC_DRV_TEST is not set - -# -# I2C RTC drivers -# -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABX80X is not set -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_HYM8563 is not set -# CONFIG_RTC_DRV_MAX6900 is not set -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV8803 is not set - -# -# SPI RTC drivers -# -CONFIG_RTC_I2C_AND_SPI=y - -# -# SPI and I2C RTC drivers -# -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set - -# -# Platform RTC drivers -# -# CONFIG_RTC_DRV_CMOS is not set -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set -# CONFIG_RTC_DRV_ZYNQMP is not set - -# -# on-CPU RTC drivers -# -CONFIG_RTC_DRV_GENERIC=y -# CONFIG_RTC_DRV_FTRTC010 is not set -# CONFIG_RTC_DRV_SNVS is not set -# CONFIG_RTC_DRV_R7301 is not set - -# -# HID Sensor RTC drivers -# -# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set -# CONFIG_DMADEVICES is not set - -# -# DMABUF options -# -CONFIG_SYNC_FILE=y -# CONFIG_SW_SYNC is not set -# CONFIG_AUXDISPLAY is not set -# CONFIG_UIO is not set -# CONFIG_VIRT_DRIVERS is not set - -# -# Virtio drivers -# -# CONFIG_VIRTIO_PCI is not set -# CONFIG_VIRTIO_MMIO is not set - -# -# Microsoft Hyper-V guest support -# -# CONFIG_HYPERV_TSCPAGE is not set -# CONFIG_STAGING is not set -# CONFIG_HWSPINLOCK is not set - -# -# Clock Source drivers -# -# CONFIG_ATMEL_PIT is not set -# CONFIG_SH_TIMER_CMT is not set -# CONFIG_SH_TIMER_MTU2 is not set -# CONFIG_SH_TIMER_TMU is not set -# CONFIG_EM_TIMER_STI is not set -# CONFIG_MAILBOX is not set -CONFIG_IOMMU_SUPPORT=y - -# -# Generic IOMMU Pagetable Support -# - -# -# Remoteproc drivers -# -# CONFIG_REMOTEPROC is not set - -# -# Rpmsg drivers -# - -# -# SOC (System On Chip) specific Drivers -# - -# -# Amlogic SoC drivers -# - -# -# Broadcom SoC drivers -# - -# -# i.MX SoC drivers -# - -# -# Qualcomm SoC drivers -# -# CONFIG_SUNXI_SRAM is not set -# CONFIG_SOC_TI is not set -# CONFIG_PM_DEVFREQ is not set -# CONFIG_EXTCON is not set -# CONFIG_MEMORY is not set -# CONFIG_IIO is not set -# CONFIG_NTB is not set -# CONFIG_VME_BUS is not set -# CONFIG_PWM is not set -CONFIG_IRQCHIP=y -CONFIG_ARM_GIC_MAX_NR=1 -# CONFIG_IPACK_BUS is not set -# CONFIG_RESET_CONTROLLER is not set -# CONFIG_FMC is not set - -# -# PHY Subsystem -# -# CONFIG_GENERIC_PHY is not set -# CONFIG_BCM_KONA_USB2_PHY is not set -# CONFIG_PHY_PXA_28NM_HSIC is not set -# CONFIG_PHY_PXA_28NM_USB2 is not set -# CONFIG_POWERCAP is not set -# CONFIG_MCB is not set - -# -# Performance monitor support -# -# CONFIG_RAS is not set - -# -# Android -# -# CONFIG_ANDROID is not set -CONFIG_DAX=m -CONFIG_NVMEM=y -# CONFIG_STM is not set -# CONFIG_INTEL_TH is not set -# CONFIG_FPGA is not set - -# -# FSI support -# -# CONFIG_FSI is not set - -# -# File systems -# -CONFIG_EXT2_FS=y -# CONFIG_EXT2_FS_XATTR is not set -CONFIG_EXT3_FS=y -CONFIG_EXT3_FS_POSIX_ACL=y -# CONFIG_EXT3_FS_SECURITY is not set -CONFIG_EXT4_FS=y -CONFIG_EXT4_FS_POSIX_ACL=y -# CONFIG_EXT4_FS_SECURITY is not set -# CONFIG_EXT4_ENCRYPTION is not set -# CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=y -# CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=y -# CONFIG_REISERFS_FS is not set -# CONFIG_JFS_FS is not set -# CONFIG_XFS_FS is not set -# CONFIG_GFS2_FS is not set -# CONFIG_BTRFS_FS is not set -# CONFIG_NILFS2_FS is not set -# CONFIG_F2FS_FS is not set -# CONFIG_FS_DAX is not set -CONFIG_FS_POSIX_ACL=y -CONFIG_EXPORTFS=y -# CONFIG_EXPORTFS_BLOCK_OPS is not set -CONFIG_FILE_LOCKING=y -CONFIG_MANDATORY_FILE_LOCKING=y -# CONFIG_FS_ENCRYPTION is not set -CONFIG_FSNOTIFY=y -CONFIG_DNOTIFY=y -CONFIG_INOTIFY_USER=y -# CONFIG_FANOTIFY is not set -# CONFIG_QUOTA is not set -# CONFIG_QUOTACTL is not set -CONFIG_AUTOFS4_FS=m -CONFIG_FUSE_FS=m -# CONFIG_CUSE is not set -# CONFIG_OVERLAY_FS is not set - -# -# Caches -# -# CONFIG_FSCACHE is not set - -# -# CD-ROM/DVD Filesystems -# -CONFIG_ISO9660_FS=y -CONFIG_JOLIET=y -CONFIG_ZISOFS=y -CONFIG_UDF_FS=m -CONFIG_UDF_NLS=y - -# -# DOS/FAT/NT Filesystems -# -CONFIG_FAT_FS=m -CONFIG_MSDOS_FS=m -CONFIG_VFAT_FS=m -CONFIG_FAT_DEFAULT_CODEPAGE=437 -CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_FAT_DEFAULT_UTF8 is not set -# CONFIG_NTFS_FS is not set - -# -# Pseudo filesystems -# -CONFIG_PROC_FS=y -CONFIG_PROC_KCORE=y -CONFIG_PROC_SYSCTL=y -CONFIG_PROC_PAGE_MONITOR=y -# CONFIG_PROC_CHILDREN is not set -CONFIG_KERNFS=y -CONFIG_SYSFS=y -CONFIG_TMPFS=y -# CONFIG_TMPFS_POSIX_ACL is not set -# CONFIG_TMPFS_XATTR is not set -# CONFIG_HUGETLB_PAGE is not set -# CONFIG_CONFIGFS_FS is not set -CONFIG_MISC_FILESYSTEMS=y -# CONFIG_ORANGEFS_FS is not set -# CONFIG_ADFS_FS is not set -# CONFIG_AFFS_FS is not set -# CONFIG_ECRYPT_FS is not set -CONFIG_HFS_FS=m -CONFIG_HFSPLUS_FS=m -# CONFIG_HFSPLUS_FS_POSIX_ACL is not set -# CONFIG_BEFS_FS is not set -# CONFIG_BFS_FS is not set -# CONFIG_EFS_FS is not set -# CONFIG_CRAMFS is not set -# CONFIG_SQUASHFS is not set -# CONFIG_VXFS_FS is not set -# CONFIG_MINIX_FS is not set -# CONFIG_OMFS_FS is not set -# CONFIG_HPFS_FS is not set -# CONFIG_QNX4FS_FS is not set -# CONFIG_QNX6FS_FS is not set -# CONFIG_ROMFS_FS is not set -# CONFIG_PSTORE is not set -# CONFIG_SYSV_FS is not set -# CONFIG_UFS_FS is not set -CONFIG_NETWORK_FILESYSTEMS=y -CONFIG_NFS_FS=y -CONFIG_NFS_V2=y -CONFIG_NFS_V3=y -CONFIG_NFS_V3_ACL=y -CONFIG_NFS_V4=y -# CONFIG_NFS_SWAP is not set -CONFIG_NFS_V4_1=y -CONFIG_NFS_V4_2=y -CONFIG_PNFS_FILE_LAYOUT=m -CONFIG_PNFS_BLOCK=m -CONFIG_PNFS_FLEXFILE_LAYOUT=m -CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" -# CONFIG_NFS_V4_1_MIGRATION is not set -CONFIG_NFS_V4_SECURITY_LABEL=y -# CONFIG_NFS_USE_LEGACY_DNS is not set -CONFIG_NFS_USE_KERNEL_DNS=y -CONFIG_NFSD=m -CONFIG_NFSD_V2_ACL=y -CONFIG_NFSD_V3=y -CONFIG_NFSD_V3_ACL=y -CONFIG_NFSD_V4=y -# CONFIG_NFSD_BLOCKLAYOUT is not set -# CONFIG_NFSD_SCSILAYOUT is not set -# CONFIG_NFSD_FLEXFILELAYOUT is not set -# CONFIG_NFSD_V4_SECURITY_LABEL is not set -# CONFIG_NFSD_FAULT_INJECTION is not set -CONFIG_GRACE_PERIOD=y -CONFIG_LOCKD=y -CONFIG_LOCKD_V4=y -CONFIG_NFS_ACL_SUPPORT=y -CONFIG_NFS_COMMON=y -CONFIG_SUNRPC=y -CONFIG_SUNRPC_GSS=y -# CONFIG_SUNRPC_DEBUG is not set -# CONFIG_CEPH_FS is not set -# CONFIG_CIFS is not set -# CONFIG_NCP_FS is not set -# CONFIG_CODA_FS is not set -# CONFIG_AFS_FS is not set -CONFIG_NLS=y -CONFIG_NLS_DEFAULT="iso8859-1" -CONFIG_NLS_CODEPAGE_437=m -# CONFIG_NLS_CODEPAGE_737 is not set -# CONFIG_NLS_CODEPAGE_775 is not set -# CONFIG_NLS_CODEPAGE_850 is not set -# CONFIG_NLS_CODEPAGE_852 is not set -# CONFIG_NLS_CODEPAGE_855 is not set -# CONFIG_NLS_CODEPAGE_857 is not set -# CONFIG_NLS_CODEPAGE_860 is not set -# CONFIG_NLS_CODEPAGE_861 is not set -# CONFIG_NLS_CODEPAGE_862 is not set -# CONFIG_NLS_CODEPAGE_863 is not set -# CONFIG_NLS_CODEPAGE_864 is not set -# CONFIG_NLS_CODEPAGE_865 is not set -# CONFIG_NLS_CODEPAGE_866 is not set -# CONFIG_NLS_CODEPAGE_869 is not set -# CONFIG_NLS_CODEPAGE_936 is not set -# CONFIG_NLS_CODEPAGE_950 is not set -# CONFIG_NLS_CODEPAGE_932 is not set -# CONFIG_NLS_CODEPAGE_949 is not set -# CONFIG_NLS_CODEPAGE_874 is not set -# CONFIG_NLS_ISO8859_8 is not set -# CONFIG_NLS_CODEPAGE_1250 is not set -# CONFIG_NLS_CODEPAGE_1251 is not set -# CONFIG_NLS_ASCII is not set -CONFIG_NLS_ISO8859_1=m -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set -# CONFIG_NLS_ISO8859_15 is not set -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -# CONFIG_NLS_MAC_ROMAN is not set -# CONFIG_NLS_MAC_CELTIC is not set -# CONFIG_NLS_MAC_CENTEURO is not set -# CONFIG_NLS_MAC_CROATIAN is not set -# CONFIG_NLS_MAC_CYRILLIC is not set -# CONFIG_NLS_MAC_GAELIC is not set -# CONFIG_NLS_MAC_GREEK is not set -# CONFIG_NLS_MAC_ICELAND is not set -# CONFIG_NLS_MAC_INUIT is not set -# CONFIG_NLS_MAC_ROMANIAN is not set -# CONFIG_NLS_MAC_TURKISH is not set -CONFIG_NLS_UTF8=m -CONFIG_BINARY_PRINTF=y - -# -# Library routines -# -CONFIG_BITREVERSE=y -# CONFIG_HAVE_ARCH_BITREVERSE is not set -CONFIG_GENERIC_STRNCPY_FROM_USER=y -CONFIG_GENERIC_STRNLEN_USER=y -CONFIG_GENERIC_NET_UTILS=y -CONFIG_GENERIC_PCI_IOMAP=y -CONFIG_GENERIC_IO=y -CONFIG_CRC_CCITT=y -CONFIG_CRC16=y -CONFIG_CRC_T10DIF=y -CONFIG_CRC_ITU_T=m -CONFIG_CRC32=y -# CONFIG_CRC32_SELFTEST is not set -CONFIG_CRC32_SLICEBY8=y -# CONFIG_CRC32_SLICEBY4 is not set -# CONFIG_CRC32_SARWATE is not set -# CONFIG_CRC32_BIT is not set -# CONFIG_CRC4 is not set -# CONFIG_CRC7 is not set -CONFIG_LIBCRC32C=m -# CONFIG_CRC8 is not set -# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set -# CONFIG_RANDOM32_SELFTEST is not set -CONFIG_ZLIB_INFLATE=y -CONFIG_ZLIB_DEFLATE=y -CONFIG_LZO_COMPRESS=y -CONFIG_LZO_DECOMPRESS=y -CONFIG_LZ4_DECOMPRESS=y -CONFIG_XZ_DEC=y -CONFIG_XZ_DEC_X86=y -CONFIG_XZ_DEC_POWERPC=y -CONFIG_XZ_DEC_IA64=y -CONFIG_XZ_DEC_ARM=y -CONFIG_XZ_DEC_ARMTHUMB=y -CONFIG_XZ_DEC_SPARC=y -CONFIG_XZ_DEC_BCJ=y -# CONFIG_XZ_DEC_TEST is not set -CONFIG_DECOMPRESS_GZIP=y -CONFIG_DECOMPRESS_BZIP2=y -CONFIG_DECOMPRESS_LZMA=y -CONFIG_DECOMPRESS_XZ=y -CONFIG_DECOMPRESS_LZO=y -CONFIG_DECOMPRESS_LZ4=y -CONFIG_TEXTSEARCH=y -CONFIG_TEXTSEARCH_KMP=m -CONFIG_TEXTSEARCH_BM=m -CONFIG_TEXTSEARCH_FSM=m -CONFIG_INTERVAL_TREE=y -CONFIG_ASSOCIATIVE_ARRAY=y -CONFIG_HAS_IOMEM=y -CONFIG_HAS_IOPORT_MAP=y -CONFIG_HAS_DMA=y -# CONFIG_DMA_NOOP_OPS is not set -# CONFIG_DMA_VIRT_OPS is not set -CONFIG_DQL=y -CONFIG_GLOB=y -# CONFIG_GLOB_SELFTEST is not set -CONFIG_NLATTR=y -CONFIG_GENERIC_ATOMIC64=y -# CONFIG_CORDIC is not set -# CONFIG_DDR is not set -# CONFIG_IRQ_POLL is not set -CONFIG_LIBFDT=y -CONFIG_OID_REGISTRY=y -CONFIG_FONT_SUPPORT=y -# CONFIG_FONTS is not set -CONFIG_FONT_8x8=y -CONFIG_FONT_8x16=y -# CONFIG_SG_SPLIT is not set -CONFIG_SG_POOL=y -CONFIG_ARCH_HAS_SG_CHAIN=y -CONFIG_SBITMAP=y -# CONFIG_STRING_SELFTEST is not set - -# -# Kernel hacking -# - -# -# printk and dmesg options -# -# CONFIG_PRINTK_TIME is not set -CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 -CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 -# CONFIG_DYNAMIC_DEBUG is not set - -# -# Compile-time checks and compiler options -# -# CONFIG_DEBUG_INFO is not set -CONFIG_ENABLE_WARN_DEPRECATED=y -CONFIG_ENABLE_MUST_CHECK=y -CONFIG_FRAME_WARN=1024 -# CONFIG_STRIP_ASM_SYMS is not set -# CONFIG_READABLE_ASM is not set -# CONFIG_UNUSED_SYMBOLS is not set -# CONFIG_PAGE_OWNER is not set -CONFIG_DEBUG_FS=y -# CONFIG_HEADERS_CHECK is not set -# CONFIG_DEBUG_SECTION_MISMATCH is not set -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_DEBUG_KERNEL=y - -# -# Memory Debugging -# -# CONFIG_PAGE_EXTENSION is not set -# CONFIG_PAGE_POISONING is not set -# CONFIG_DEBUG_PAGE_REF is not set -# CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_DEBUG_ON is not set -# CONFIG_SLUB_STATS is not set -CONFIG_HAVE_DEBUG_KMEMLEAK=y -# CONFIG_DEBUG_KMEMLEAK is not set -# CONFIG_DEBUG_STACK_USAGE is not set -# CONFIG_DEBUG_VM is not set -CONFIG_DEBUG_MEMORY_INIT=y -# CONFIG_DEBUG_HIGHMEM is not set -CONFIG_HAVE_DEBUG_STACKOVERFLOW=y -# CONFIG_DEBUG_STACKOVERFLOW is not set -# CONFIG_DEBUG_SHIRQ is not set - -# -# Debug Lockups and Hangs -# -# CONFIG_SOFTLOCKUP_DETECTOR is not set -CONFIG_DETECT_HUNG_TASK=y -CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 -# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 -# CONFIG_WQ_WATCHDOG is not set -# CONFIG_PANIC_ON_OOPS is not set -CONFIG_PANIC_ON_OOPS_VALUE=0 -CONFIG_SCHED_DEBUG=y -CONFIG_SCHED_INFO=y -CONFIG_SCHEDSTATS=y -# CONFIG_SCHED_STACK_END_CHECK is not set -# CONFIG_DEBUG_TIMEKEEPING is not set - -# -# Lock Debugging (spinlocks, mutexes, etc...) -# -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set -# CONFIG_DEBUG_ATOMIC_SLEEP is not set -# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set -# CONFIG_LOCK_TORTURE_TEST is not set -# CONFIG_WW_MUTEX_SELFTEST is not set -CONFIG_STACKTRACE=y -# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set -# CONFIG_DEBUG_KOBJECT is not set -CONFIG_DEBUG_BUGVERBOSE=y -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PI_LIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_DEBUG_CREDENTIALS is not set - -# -# RCU Debugging -# -# CONFIG_PROVE_RCU is not set -# CONFIG_TORTURE_TEST is not set -# CONFIG_RCU_PERF_TEST is not set -# CONFIG_RCU_TORTURE_TEST is not set -# CONFIG_RCU_TRACE is not set -# CONFIG_RCU_EQS_DEBUG is not set -# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set -# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set -# CONFIG_NOTIFIER_ERROR_INJECTION is not set -# CONFIG_FAULT_INJECTION is not set -CONFIG_LATENCYTOP=y -CONFIG_NOP_TRACER=y -CONFIG_HAVE_FUNCTION_TRACER=y -CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y -CONFIG_HAVE_DYNAMIC_FTRACE=y -CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y -CONFIG_HAVE_SYSCALL_TRACEPOINTS=y -CONFIG_TRACE_CLOCK=y -CONFIG_RING_BUFFER=y -CONFIG_EVENT_TRACING=y -CONFIG_CONTEXT_SWITCH_TRACER=y -CONFIG_RING_BUFFER_ALLOW_SWAP=y -CONFIG_TRACING=y -CONFIG_TRACING_SUPPORT=y -CONFIG_FTRACE=y -# CONFIG_FUNCTION_TRACER is not set -# CONFIG_IRQSOFF_TRACER is not set -# CONFIG_SCHED_TRACER is not set -# CONFIG_HWLAT_TRACER is not set -# CONFIG_ENABLE_DEFAULT_TRACERS is not set -# CONFIG_FTRACE_SYSCALLS is not set -# CONFIG_TRACER_SNAPSHOT is not set -CONFIG_BRANCH_PROFILE_NONE=y -# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set -# CONFIG_PROFILE_ALL_BRANCHES is not set -# CONFIG_STACK_TRACER is not set -# CONFIG_BLK_DEV_IO_TRACE is not set -CONFIG_UPROBE_EVENTS=y -CONFIG_PROBE_EVENTS=y -# CONFIG_HIST_TRIGGERS is not set -# CONFIG_TRACEPOINT_BENCHMARK is not set -# CONFIG_RING_BUFFER_BENCHMARK is not set -# CONFIG_RING_BUFFER_STARTUP_TEST is not set -# CONFIG_TRACE_EVAL_MAP_FILE is not set -# CONFIG_DMA_API_DEBUG is not set - -# -# Runtime Testing -# -# CONFIG_LKDTM is not set -# CONFIG_TEST_LIST_SORT is not set -# CONFIG_TEST_SORT is not set -# CONFIG_BACKTRACE_SELF_TEST is not set -# CONFIG_RBTREE_TEST is not set -# CONFIG_INTERVAL_TREE_TEST is not set -# CONFIG_PERCPU_TEST is not set -# CONFIG_ATOMIC64_SELFTEST is not set -# CONFIG_TEST_HEXDUMP is not set -# CONFIG_TEST_STRING_HELPERS is not set -# CONFIG_TEST_KSTRTOX is not set -# CONFIG_TEST_PRINTF is not set -# CONFIG_TEST_BITMAP is not set -# CONFIG_TEST_UUID is not set -# CONFIG_TEST_RHASHTABLE is not set -# CONFIG_TEST_HASH is not set -# CONFIG_TEST_LKM is not set -# CONFIG_TEST_USER_COPY is not set -# CONFIG_TEST_BPF is not set -# CONFIG_TEST_FIRMWARE is not set -# CONFIG_TEST_SYSCTL is not set -# CONFIG_TEST_UDELAY is not set -# CONFIG_TEST_STATIC_KEYS is not set -# CONFIG_TEST_KMOD is not set -# CONFIG_MEMTEST is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set -# CONFIG_SAMPLES is not set -CONFIG_HAVE_ARCH_KGDB=y -# CONFIG_KGDB is not set -CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y -# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set -# CONFIG_UBSAN is not set -CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y -CONFIG_STRICT_DEVMEM=y -# CONFIG_IO_STRICT_DEVMEM is not set -# CONFIG_PPC_DISABLE_WERROR is not set -CONFIG_PPC_WERROR=y -CONFIG_PRINT_STACK_DEPTH=64 -# CONFIG_PPC_EMULATED_STATS is not set -# CONFIG_CODE_PATCHING_SELFTEST is not set -# CONFIG_FTR_FIXUP_SELFTEST is not set -# CONFIG_MSI_BITMAP_SELFTEST is not set -CONFIG_XMON=y -CONFIG_XMON_DEFAULT=y -CONFIG_XMON_DISASSEMBLY=y -CONFIG_DEBUGGER=y -# CONFIG_BDI_SWITCH is not set -CONFIG_BOOTX_TEXT=y -CONFIG_PPC_EARLY_DEBUG=y -CONFIG_PPC_EARLY_DEBUG_BOOTX=y -# CONFIG_PPC_EARLY_DEBUG_MEMCONS is not set -# CONFIG_PPC_PTDUMP is not set - -# -# Security options -# -CONFIG_KEYS=y -# CONFIG_PERSISTENT_KEYRINGS is not set -# CONFIG_BIG_KEYS is not set -# CONFIG_ENCRYPTED_KEYS is not set -# CONFIG_KEY_DH_OPERATIONS is not set -# CONFIG_SECURITY_DMESG_RESTRICT is not set -CONFIG_SECURITY=y -# CONFIG_SECURITY_WRITABLE_HOOKS is not set -CONFIG_SECURITYFS=y -# CONFIG_SECURITY_NETWORK is not set -# CONFIG_SECURITY_PATH is not set -CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y -# CONFIG_HARDENED_USERCOPY is not set -# CONFIG_FORTIFY_SOURCE is not set -# CONFIG_STATIC_USERMODEHELPER is not set -# CONFIG_SECURITY_SMACK is not set -# CONFIG_SECURITY_TOMOYO is not set -# CONFIG_SECURITY_APPARMOR is not set -# CONFIG_SECURITY_LOADPIN is not set -CONFIG_SECURITY_YAMA=y -# CONFIG_INTEGRITY is not set -CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_DEFAULT_SECURITY="" -CONFIG_CRYPTO=y - -# -# Crypto core or helper -# -CONFIG_CRYPTO_ALGAPI=y -CONFIG_CRYPTO_ALGAPI2=y -CONFIG_CRYPTO_AEAD=y -CONFIG_CRYPTO_AEAD2=y -CONFIG_CRYPTO_BLKCIPHER=y -CONFIG_CRYPTO_BLKCIPHER2=y -CONFIG_CRYPTO_HASH=y -CONFIG_CRYPTO_HASH2=y -CONFIG_CRYPTO_RNG=y -CONFIG_CRYPTO_RNG2=y -CONFIG_CRYPTO_RNG_DEFAULT=y -CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_KPP2=y -CONFIG_CRYPTO_ACOMP2=y -# CONFIG_CRYPTO_RSA is not set -# CONFIG_CRYPTO_DH is not set -CONFIG_CRYPTO_ECDH=m -CONFIG_CRYPTO_MANAGER=y -CONFIG_CRYPTO_MANAGER2=y -# CONFIG_CRYPTO_USER is not set -CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_GF128MUL=m -CONFIG_CRYPTO_NULL=y -CONFIG_CRYPTO_NULL2=y -CONFIG_CRYPTO_WORKQUEUE=y -# CONFIG_CRYPTO_CRYPTD is not set -# CONFIG_CRYPTO_MCRYPTD is not set -CONFIG_CRYPTO_AUTHENC=y -# CONFIG_CRYPTO_TEST is not set - -# -# Authenticated Encryption with Associated Data -# -CONFIG_CRYPTO_CCM=m -CONFIG_CRYPTO_GCM=m -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_SEQIV=m -CONFIG_CRYPTO_ECHAINIV=y - -# -# Block modes -# -CONFIG_CRYPTO_CBC=y -CONFIG_CRYPTO_CTR=m -# CONFIG_CRYPTO_CTS is not set -CONFIG_CRYPTO_ECB=m -# CONFIG_CRYPTO_LRW is not set -CONFIG_CRYPTO_PCBC=m -# CONFIG_CRYPTO_XTS is not set -# CONFIG_CRYPTO_KEYWRAP is not set - -# -# Hash modes -# -CONFIG_CRYPTO_CMAC=m -CONFIG_CRYPTO_HMAC=y -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_VMAC is not set - -# -# Digest -# -CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32 is not set -CONFIG_CRYPTO_CRCT10DIF=y -CONFIG_CRYPTO_GHASH=m -# CONFIG_CRYPTO_POLY1305 is not set -CONFIG_CRYPTO_MD4=m -CONFIG_CRYPTO_MD5=y -# CONFIG_CRYPTO_MD5_PPC is not set -# CONFIG_CRYPTO_MICHAEL_MIC is not set -# CONFIG_CRYPTO_RMD128 is not set -# CONFIG_CRYPTO_RMD160 is not set -# CONFIG_CRYPTO_RMD256 is not set -# CONFIG_CRYPTO_RMD320 is not set -CONFIG_CRYPTO_SHA1=y -# CONFIG_CRYPTO_SHA1_PPC is not set -CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m -# CONFIG_CRYPTO_SHA3 is not set -CONFIG_CRYPTO_TGR192=m -CONFIG_CRYPTO_WP512=m - -# -# Ciphers -# -CONFIG_CRYPTO_AES=y -# CONFIG_CRYPTO_AES_TI is not set -CONFIG_CRYPTO_ANUBIS=m -CONFIG_CRYPTO_ARC4=m -CONFIG_CRYPTO_BLOWFISH=m -CONFIG_CRYPTO_BLOWFISH_COMMON=m -# CONFIG_CRYPTO_CAMELLIA is not set -CONFIG_CRYPTO_CAST_COMMON=m -CONFIG_CRYPTO_CAST5=m -CONFIG_CRYPTO_CAST6=m -CONFIG_CRYPTO_DES=y -# CONFIG_CRYPTO_FCRYPT is not set -CONFIG_CRYPTO_KHAZAD=m -# CONFIG_CRYPTO_SALSA20 is not set -# CONFIG_CRYPTO_CHACHA20 is not set -# CONFIG_CRYPTO_SEED is not set -CONFIG_CRYPTO_SERPENT=m -CONFIG_CRYPTO_TEA=m -CONFIG_CRYPTO_TWOFISH=m -CONFIG_CRYPTO_TWOFISH_COMMON=m - -# -# Compression -# -CONFIG_CRYPTO_DEFLATE=m -# CONFIG_CRYPTO_LZO is not set -# CONFIG_CRYPTO_842 is not set -# CONFIG_CRYPTO_LZ4 is not set -# CONFIG_CRYPTO_LZ4HC is not set - -# -# Random Number Generation -# -# CONFIG_CRYPTO_ANSI_CPRNG is not set -CONFIG_CRYPTO_DRBG_MENU=y -CONFIG_CRYPTO_DRBG_HMAC=y -# CONFIG_CRYPTO_DRBG_HASH is not set -# CONFIG_CRYPTO_DRBG_CTR is not set -CONFIG_CRYPTO_DRBG=y -CONFIG_CRYPTO_JITTERENTROPY=y -# CONFIG_CRYPTO_USER_API_HASH is not set -# CONFIG_CRYPTO_USER_API_SKCIPHER is not set -# CONFIG_CRYPTO_USER_API_RNG is not set -# CONFIG_CRYPTO_USER_API_AEAD is not set -CONFIG_CRYPTO_HW=y -# CONFIG_CRYPTO_DEV_HIFN_795X is not set -# CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set -# CONFIG_ASYMMETRIC_KEY_TYPE is not set - -# -# Certificates for signature checking -# -# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set -# CONFIG_VIRTUALIZATION is not set diff --git a/main/linux-vanilla/config-vanilla.ppc64le b/main/linux-vanilla/config-vanilla.ppc64le index 59118df500c..98760c960e9 100644 --- a/main/linux-vanilla/config-vanilla.ppc64le +++ b/main/linux-vanilla/config-vanilla.ppc64le @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.19.97 Kernel Configuration +# Linux/powerpc 4.19.118 Kernel Configuration # # @@ -1346,6 +1346,7 @@ CONFIG_OF_NET=y CONFIG_OF_MDIO=y CONFIG_OF_RESERVED_MEM=y # CONFIG_OF_OVERLAY is not set +CONFIG_OF_DMA_DEFAULT_COHERENT=y CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y CONFIG_PARPORT=m CONFIG_PARPORT_PC=m diff --git a/main/linux-vanilla/config-vanilla.s390x b/main/linux-vanilla/config-vanilla.s390x index 7a068e3e613..a6a27618340 100644 --- a/main/linux-vanilla/config-vanilla.s390x +++ b/main/linux-vanilla/config-vanilla.s390x @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/s390 4.19.97 Kernel Configuration +# Linux/s390 4.19.118 Kernel Configuration # # diff --git a/main/linux-vanilla/config-vanilla.x86 b/main/linux-vanilla/config-vanilla.x86 index 32b5f58b2b6..d0de674ee49 100644 --- a/main/linux-vanilla/config-vanilla.x86 +++ b/main/linux-vanilla/config-vanilla.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.97 Kernel Configuration +# Linux/x86 4.19.118 Kernel Configuration # # diff --git a/main/linux-vanilla/config-vanilla.x86_64 b/main/linux-vanilla/config-vanilla.x86_64 index 145731a90b8..aad290f9fa0 100644 --- a/main/linux-vanilla/config-vanilla.x86_64 +++ b/main/linux-vanilla/config-vanilla.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 4.19.97 Kernel Configuration +# Linux/x86_64 4.19.118 Kernel Configuration # # diff --git a/main/linux-vanilla/config-virt.aarch64 b/main/linux-vanilla/config-virt.aarch64 index 27498035caa..c50622561e5 100644 --- a/main/linux-vanilla/config-virt.aarch64 +++ b/main/linux-vanilla/config-virt.aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.19.97 Kernel Configuration +# Linux/arm64 4.19.118 Kernel Configuration # # diff --git a/main/linux-vanilla/config-virt.x86 b/main/linux-vanilla/config-virt.x86 index 0eadba85b44..acfcb0fc55c 100644 --- a/main/linux-vanilla/config-virt.x86 +++ b/main/linux-vanilla/config-virt.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.19.97 Kernel Configuration +# Linux/x86 4.19.118 Kernel Configuration # # diff --git a/main/linux-vanilla/config-virt.x86_64 b/main/linux-vanilla/config-virt.x86_64 index 30ee060686f..6448072900a 100644 --- a/main/linux-vanilla/config-virt.x86_64 +++ b/main/linux-vanilla/config-virt.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 4.19.97 Kernel Configuration +# Linux/x86_64 4.19.118 Kernel Configuration # # diff --git a/main/mariadb-connector-c/APKBUILD b/main/mariadb-connector-c/APKBUILD index 0d01de5763f..90e853563bf 100644 --- a/main/mariadb-connector-c/APKBUILD +++ b/main/mariadb-connector-c/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mariadb-connector-c pkgver=3.0.8 -pkgrel=0 +pkgrel=1 pkgdesc="The MariaDB Native Client library (C driver)" url="https://mariadb.org/" arch="all" @@ -10,12 +10,17 @@ depends_dev="openssl-dev zlib-dev" makedepends="$depends_dev cmake" replaces="mariadb-client-libs" subpackages="$pkgname-dev" -source="https://downloads.mariadb.org/interstitial/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz +source="https://downloads.mariadb.com/Connectors/c/connector-c-$pkgver/mariadb-connector-c-$pkgver-src.tar.gz cmake.patch fix-ucontext-header.patch + CVE-2020-13249.patch " builddir="$srcdir/mariadb-connector-c-$pkgver-src" +# secfixes: +# 3.0.8-r1: +# - CVE-2020-13249 + build() { cd "$builddir" if [ "$CBUILD" != "$CHOST" ]; then @@ -57,7 +62,7 @@ dev() { replaces="mariadb-dev" mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } - sha512sums="d9f970c7ac164ef7d8dd748bf2f749cc1f877a9c8f68a1d57e9ff62d95046bb9505619feca1f1d0d1cdefc1ac49489742aadf4ad9e47c8e6a9b8b40c56eed788 mariadb-connector-c-3.0.8-src.tar.gz 027a9d383ce27a527b77ac06b9505709cad8fe0173455863590f502996966300fedea87687630113d74e5b9be5349217b18206c2dbb89f7064129cb5417e44cf cmake.patch -ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch" +ad52cccb5517d11838bf16aee5aff63d87075e9ef5787e726d8bfea2854d3e2b5fa7aa94c0e93b1f7e7e21f48d21b1b6fcdd161fadb9999dcc7a3a5b8e12d883 fix-ucontext-header.patch +4370a517bc082e5aca8ebc0abf1ace7742af6cffc7f0c12b70705b31885a573192bbac473a9d0322582e64a75698db86bd36db23558dd1c1e1eaf693632a559f CVE-2020-13249.patch" diff --git a/main/mariadb-connector-c/CVE-2020-13249.patch b/main/mariadb-connector-c/CVE-2020-13249.patch new file mode 100644 index 00000000000..8f58063c4ee --- /dev/null +++ b/main/mariadb-connector-c/CVE-2020-13249.patch @@ -0,0 +1,154 @@ +diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c +index 4c1108b..1f04c35 100644 +--- a/libmariadb/mariadb_lib.c ++++ b/libmariadb/mariadb_lib.c +@@ -76,6 +76,8 @@ + #define ASYNC_CONTEXT_DEFAULT_STACK_SIZE (4096*15) + #define MA_RPL_VERSION_HACK "5.5.5-" + ++#define CHARSET_NAME_LEN 64 ++ + #undef max_allowed_packet + #undef net_buffer_length + extern ulong max_allowed_packet; /* net.c */ +@@ -2029,6 +2031,7 @@ mysql_send_query(MYSQL* mysql, const char* query, unsigned long length) + + int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + { ++ uchar *end= mysql->net.read_pos+length; + size_t item_len; + mysql->affected_rows= net_field_length_ll(&pos); + mysql->insert_id= net_field_length_ll(&pos); +@@ -2036,10 +2039,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + pos+=2; + mysql->warning_count=uint2korr(pos); + pos+=2; +- if (pos < mysql->net.read_pos+length) ++ if (pos > end) ++ goto corrupted; ++ if (pos < end) + { + if ((item_len= net_field_length(&pos))) + mysql->info=(char*) pos; ++ if (pos + item_len > end) ++ goto corrupted; + + /* check if server supports session tracking */ + if (mysql->server_capabilities & CLIENT_SESSION_TRACKING) +@@ -2050,23 +2057,26 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + if (mysql->server_status & SERVER_SESSION_STATE_CHANGED) + { + int i; +- if (pos < mysql->net.read_pos + length) ++ if (pos < end) + { + LIST *session_item; + MYSQL_LEX_STRING *str= NULL; + enum enum_session_state_type si_type; + uchar *old_pos= pos; +- size_t item_len= net_field_length(&pos); /* length for all items */ ++ ++ item_len= net_field_length(&pos); /* length for all items */ ++ if (pos + item_len > end) ++ goto corrupted; ++ end= pos + item_len; + + /* length was already set, so make sure that info will be zero terminated */ + if (mysql->info) + *old_pos= 0; + +- while (item_len > 0) ++ while (pos < end) + { + size_t plen; + char *data; +- old_pos= pos; + si_type= (enum enum_session_state_type)net_field_length(&pos); + switch(si_type) { + case SESSION_TRACK_SCHEMA: +@@ -2076,15 +2086,14 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + if (si_type != SESSION_TRACK_STATE_CHANGE) + net_field_length(&pos); /* ignore total length, item length will follow next */ + plen= net_field_length(&pos); ++ if (pos + plen > end) ++ goto corrupted; + if (!ma_multi_malloc(0, + &session_item, sizeof(LIST), + &str, sizeof(MYSQL_LEX_STRING), + &data, plen, + NULL)) +- { +- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0); +- return -1; +- } ++ goto oom; + str->length= plen; + str->str= data; + memcpy(str->str, (char *)pos, plen); +@@ -2107,29 +2116,28 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + if (!strncmp(str->str, "character_set_client", str->length)) + set_charset= 1; + plen= net_field_length(&pos); ++ if (pos + plen > end) ++ goto corrupted; + if (!ma_multi_malloc(0, + &session_item, sizeof(LIST), + &str, sizeof(MYSQL_LEX_STRING), + &data, plen, + NULL)) +- { +- SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0); +- return -1; +- } ++ goto oom; + str->length= plen; + str->str= data; + memcpy(str->str, (char *)pos, plen); + pos+= plen; + session_item->data= str; + mysql->extension->session_state[si_type].list= list_add(mysql->extension->session_state[si_type].list, session_item); +- if (set_charset && ++ if (set_charset && str->length < CHARSET_NAME_LEN && + strncmp(mysql->charset->csname, str->str, str->length) != 0) + { +- char cs_name[64]; +- MARIADB_CHARSET_INFO *cs_info; ++ char cs_name[CHARSET_NAME_LEN]; ++ const MARIADB_CHARSET_INFO *cs_info; + memcpy(cs_name, str->str, str->length); + cs_name[str->length]= 0; +- if ((cs_info = (MARIADB_CHARSET_INFO *)mysql_find_charset_name(cs_name))) ++ if ((cs_info = mysql_find_charset_name(cs_name))) + mysql->charset= cs_info; + } + } +@@ -2137,10 +2145,11 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + default: + /* not supported yet */ + plen= net_field_length(&pos); ++ if (pos + plen > end) ++ goto corrupted; + pos+= plen; + break; + } +- item_len-= (pos - old_pos); + } + } + for (i= SESSION_TRACK_BEGIN; i <= SESSION_TRACK_END; i++) +@@ -2155,6 +2164,16 @@ int ma_read_ok_packet(MYSQL *mysql, uchar *pos, ulong length) + else if (mysql->server_capabilities & CLIENT_SESSION_TRACKING) + ma_clear_session_state(mysql); + return(0); ++ ++oom: ++ ma_clear_session_state(mysql); ++ SET_CLIENT_ERROR(mysql, CR_OUT_OF_MEMORY, SQLSTATE_UNKNOWN, 0); ++ return -1; ++ ++corrupted: ++ ma_clear_session_state(mysql); ++ SET_CLIENT_ERROR(mysql, CR_MALFORMED_PACKET, SQLSTATE_UNKNOWN, 0); ++ return -1; + } + + int mthd_my_read_query_result(MYSQL *mysql) diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD index 5a085c31fe9..74757d0bd18 100644 --- a/main/mariadb/APKBUILD +++ b/main/mariadb/APKBUILD @@ -6,7 +6,7 @@ # Contributor: Marcel Haazen <marcel@haazen.xyz> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=mariadb -pkgver=10.3.20 +pkgver=10.3.25 pkgrel=0 pkgdesc="A fast SQL database server" url="https://www.mariadb.org/" @@ -49,6 +49,15 @@ source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariad builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 10.3.25-r0: +# - CVE-2020-15180 +# 10.3.23-r0: +# - CVE-2020-2752 +# - CVE-2020-2760 +# - CVE-2020-2812 +# - CVE-2020-2814 +# 10.3.22-r0: +# - CVE-2020-2574 # 10.3.20-r0: # - CVE-2019-2938 # - CVE-2019-2974 @@ -433,7 +442,7 @@ _plugin_rocksdb() { "$subpkgdir"/usr/lib/mariadb/plugin/ha_rocksdb.so } -sha512sums="8080cb6db85c587f39f128e98b00c3e6428bf3e828271a227bb2c61c97683c965802baa6e5f825317f7e2963683c0f81699642853deeca6977faa2b6932044a3 mariadb-10.3.20.tar.gz +sha512sums="9504e401db3b65b2b2bd4d3c91a468d357e82fdafbf90d54539a291e46570c2bed66ae047b17b9da95e925f8970fa048d329ba06c2dd6de7d46d5a0f2aad1f4d mariadb-10.3.25.tar.gz c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd ecfea6503edd301bb628e2a44f36315079efa70e7615ff06b27714397332034f02e68ef40d4d5c761942e024ed1993621127c9df80b7e2327c68b1d839a7a322 fix-c11-atomics-check.patch e9ae4613f1d8c5f0a59b39a3548c46e50674ae78e7457d0e64c49f7e1573125c13634bbce7e29179bb8865a423171f852f43b96f7ef95619a95f02edcfc71efd ppc-remove-glibc-dep.patch diff --git a/main/mcpp/APKBUILD b/main/mcpp/APKBUILD index 85aaff93b30..f102d1dc8ec 100644 --- a/main/mcpp/APKBUILD +++ b/main/mcpp/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> pkgname=mcpp pkgver=2.7.2 -pkgrel=1 +pkgrel=2 pkgdesc="A portable C preprocessor" url="http://mcpp.sourceforge.net" arch="all" @@ -13,7 +13,12 @@ makedepends="" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" source="https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz 01-zeroc-fixes.patch - 02-gniibe-fixes.patch" + 02-gniibe-fixes.patch + CVE-2019-14274.patch" + +# secfixes: +# 2.7.2-r2: +# - CVE-2019-14274 prepare() { cd "$builddir" @@ -45,12 +50,7 @@ package() { "$pkgdir"/usr/share/licenses/$pkgname/LICENSE || return 1 } -md5sums="512de48c87ab023a69250edc7a0c7b05 mcpp-2.7.2.tar.gz -e231a2c976ccf14b548deaee840faeb7 01-zeroc-fixes.patch -1801827678e80d0ef73655a88064a35b 02-gniibe-fixes.patch" -sha256sums="3b9b4421888519876c4fc68ade324a3bbd81ceeb7092ecdbbc2055099fcb8864 mcpp-2.7.2.tar.gz -6ed331f58edc7a24e769ac065ab43ed9f09f06487fda37095cacd413b81f522c 01-zeroc-fixes.patch -30a790e63e387a95e45c2b73b3942948e1e852155250dd769a5598c33d374504 02-gniibe-fixes.patch" sha512sums="1ca885cb13fdb684de9d0595a9215b52f48a93a69077d82cdcacafe40d9a61fb77b00a3ff2b8890e7bc0a0fcc0c8d70d4093c00c280351cd4459aba67c573235 mcpp-2.7.2.tar.gz 86b2e851490e180dfe3028a5a37019ea423924c921ab053a642fb78d4533a87f913ede2928daf9da4daf60e67795a24521186b40c76961ae99ebeb75f8aa95ad 01-zeroc-fixes.patch -a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch" +a31a0f2e7430381e5e62ea4257a35891ce9d2f3beed60c6caad3b6d298a58557e9c850223840ef8c6f6c2e8139cf4a4edf29ac93b2532680feafba503fcfaf6d 02-gniibe-fixes.patch +12a72a2c527358effc4ed8e0c5f80f1a06a005ba3b050c7d99a4aa67ad5fe7e4c4c2a75d0808382b67e359076c5bac6065ec284d32f55e7e31466331a47db882 CVE-2019-14274.patch" diff --git a/main/mcpp/CVE-2019-14274.patch b/main/mcpp/CVE-2019-14274.patch new file mode 100644 index 00000000000..717b16fe9dd --- /dev/null +++ b/main/mcpp/CVE-2019-14274.patch @@ -0,0 +1,52 @@ +Description: Fix for a bug reported to sourceforge.net #13 + by fixing error messages. + Also, fix erroneous messages. +Author: NIIBE Yutaka + +Index: mcpp/src/support.c +=================================================================== +--- mcpp.orig/src/support.c ++++ mcpp/src/support.c +@@ -822,7 +822,7 @@ escape: + if (diag && iscntrl( c) && ((char_type[ c] & SPA) == 0) + && (warn_level & 1)) + cwarn( +- "Illegal control character %.0s0lx%02x in quotation" /* _W1_ */ ++ "Illegal control character %.0s0x%02x in quotation" /* _W1_ */ + , NULL, (long) c, NULL); + *out_p++ = c; + chk_limit: +@@ -861,10 +861,10 @@ chk_limit: + if (mcpp_mode != POST_STD && option_flags.lang_asm) { + /* STD, KR */ + if (warn_level & 1) +- cwarn( unterm_char, out, 0L, NULL); /* _W1_ */ ++ cwarn( unterm_char, NULL, (long)delim, NULL); /* _W1_ */ + goto done; + } else { +- cerror( unterm_char, out, 0L, skip); /* _E_ */ ++ cerror( unterm_char, NULL, (long)delim, skip); /* _E_ */ + } + } else { + cerror( "Unterminated header name %s%.0ld%s" /* _E_ */ +@@ -875,9 +875,9 @@ chk_limit: + if (mcpp_mode != POST_STD && option_flags.lang_asm) { + /* STD, KR */ + if (warn_level & 1) +- cwarn( empty_const, out, 0L, skip); /* _W1_ */ ++ cwarn( empty_const, NULL, (long)delim, skip); /* _W1_ */ + } else { +- cerror( empty_const, out, 0L, skip); /* _E_ */ ++ cerror( empty_const, NULL, (long)delim, skip); /* _E_ */ + out_p = NULL; + goto done; + } +@@ -1774,7 +1774,7 @@ not_comment: + default: + if (iscntrl( c)) { + cerror( /* Skip the control character */ +- "Illegal control character %.0s0x%lx, skipped the character" /* _E_ */ ++ "Illegal control character %.0s0x%02x, skipped the character" /* _E_ */ + , NULL, (long) c, NULL); + } else { /* Any valid character */ + *tp++ = c; diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index 390644b80f1..321287eea67 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -1,13 +1,14 @@ -# Contributor: William Pitcock <nenolod@dereferenced.org> +# Contributor: Ariadne Conill <ariadne@dereferenced.org> # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.20 -pkgrel=5 +pkgrel=6 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" license="MIT" subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch" +options="lib64" case "$BOOTSTRAP" in nocc) pkgname="musl-dev"; subpackages="";; nolibc) ;; @@ -21,6 +22,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz 0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch s390x-fadv.patch + wcsnrtombs-cve-2020-28928.diff + ldconfig __stack_chk_fail_local.c getconf.c @@ -29,6 +32,8 @@ source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz " # secfixes: +# 1.1.20-r6: +# - CVE-2020-28928 # 1.1.20-r5: # - CVE-2019-14697 # 1.1.15-r4: @@ -157,6 +162,7 @@ sha512sums="d3a7a30aa375ca50d7dcfbd618581d59e1aa5378417f50a0ca5510099336fd74cc9d ab34509cec7419c11352094ed6acf14e5766b314bd2b96506a0d0203e61e90e85ea9a121f1fefc0d00bcba381778d579ea2c02325605344530420305fcf1a0d0 0001-fix-race-condition-in-file-locking.patch 20f9db1f96d4867fb0e4d4e1b4b323e1871ce5660896c8608f7a5147d247f6c6840f84eff25ae8f8b7cf04af0f586afed00acb6abcbedd4240a4678359fa6dc9 0001-fix-getaddrinfo-regression-with-AI_ADDRCONFIG-on-som.patch e9c9135f6dc3260e62ae6e9c45f3c43574af6ff2c2bfe411eb83f7e80d13bb8c86425cb41fc961e27f7bc15f679db1fbfb267e401bbe81d6cd5b872eb9b1f471 s390x-fadv.patch +35dc5df28d90d1c84f9100116b63ba9e7fd44a20f512d12760da5e01f1aec4e799f726cbafb586bae568ff4f6d5a70948f1bf9fb901f1ca7dfcdf35c5d7510a6 wcsnrtombs-cve-2020-28928.diff 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c diff --git a/main/musl/wcsnrtombs-cve-2020-28928.diff b/main/musl/wcsnrtombs-cve-2020-28928.diff new file mode 100644 index 00000000000..8465f9422a8 --- /dev/null +++ b/main/musl/wcsnrtombs-cve-2020-28928.diff @@ -0,0 +1,65 @@ +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include <wchar.h> ++#include <limits.h> ++#include <string.h> + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0); ++ if (l==-1) { ++ cnt = -1; + break; + } +- if (s != buf) { +- s += l; ++ if (dst) { ++ if (n<MB_LEN_MAX) { ++ if (l>n) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; diff --git a/main/nghttp2/APKBUILD b/main/nghttp2/APKBUILD index e56ee298b3d..99b98129119 100644 --- a/main/nghttp2/APKBUILD +++ b/main/nghttp2/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=nghttp2 pkgver=1.35.1 -pkgrel=1 +pkgrel=2 pkgdesc="Experimental HTTP/2 client, server and proxy" url="https://nghttp2.org" arch="all" @@ -14,10 +14,13 @@ source="https://github.com/tatsuhiro-t/$pkgname/releases/download/v$pkgver/nghtt 0001-nghttpx-Fix-request-stall.patch 0002-Add-nghttp2_option_set_max_outbound_ack.patch 0003-Don-t-read-too-greedily.patch + CVE-2020-11080.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 1.35.1-r2: +# - CVE-2020-11080 # 1.35.1-r1: # - CVE-2019-9511 # - CVE-2019-9513 @@ -63,4 +66,5 @@ sha512sums="fcd3f79f913afbeee1c75003bb39df918e6122bbf728b3ad4192d5849d8fb96705e0 d3f6a66ad6522babb5ad2b3721d52c1c2af88e57ed2895cf87037da1032ca42dcb95dacc23ea277b9507b4116cec117b5c9a3313759dc56b48199b687b74dd9a remove-mruby-tests.patch 2a44858219275f69b7380358a07cfa6ed73e506519969e074196205c686e19e2f422181cacde8b6051fda1be744550958b3e3f3ad600f9ed2f3bdf4ef9d1d54a 0001-nghttpx-Fix-request-stall.patch 2f98c77b1590f2c85de9f0ddcaaf997a1ac513428127796bc1b598c70e8d557cc2402fecdedb2329267ab7903bc163f099acfca8ca44f3a4c74958b57c27f8b2 0002-Add-nghttp2_option_set_max_outbound_ack.patch -ca4b196f86d2193052ff427904e6232a2c3fb2c998ffc76e7b6def4c8297031f047dc5fac7036d774bacd878fb21c5afb87fcced3d3e2f477c8275b869a8aa9c 0003-Don-t-read-too-greedily.patch" +ca4b196f86d2193052ff427904e6232a2c3fb2c998ffc76e7b6def4c8297031f047dc5fac7036d774bacd878fb21c5afb87fcced3d3e2f477c8275b869a8aa9c 0003-Don-t-read-too-greedily.patch +60219ba3cb97d5164a544813f54e483299989b6fa2b41a3cb6cfa4730e4de0c775a109331a341d1e8a0e22166ad8df35dd214a6d49c0b0ebab9b709e0592c3d6 CVE-2020-11080.patch" diff --git a/main/nghttp2/CVE-2020-11080.patch b/main/nghttp2/CVE-2020-11080.patch new file mode 100644 index 00000000000..622ad844daf --- /dev/null +++ b/main/nghttp2/CVE-2020-11080.patch @@ -0,0 +1,332 @@ +From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001 +From: James M Snell <jasnell@gmail.com> +Date: Fri, 17 Apr 2020 16:53:51 -0700 +Subject: [PATCH 1/2] Implement max settings option +Upstream: yes +Source: https://github.com/nghttp2/nghttp2/commit/c3b46625633cd9a4519f6fbcd9048127b84a5514.patch + +--- + doc/CMakeLists.txt | 1 + + doc/Makefile.am | 1 + + lib/includes/nghttp2/nghttp2.h | 23 +++++++++++++ + lib/nghttp2_helper.c | 2 ++ + lib/nghttp2_option.c | 5 +++ + lib/nghttp2_option.h | 5 +++ + lib/nghttp2_session.c | 21 ++++++++++++ + lib/nghttp2_session.h | 2 ++ + tests/main.c | 2 ++ + tests/nghttp2_session_test.c | 61 ++++++++++++++++++++++++++++++++++ + tests/nghttp2_session_test.h | 1 + + 11 files changed, 124 insertions(+) + +diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt +index 34c027929..f3aec84da 100644 +--- a/doc/CMakeLists.txt ++++ b/doc/CMakeLists.txt +@@ -42,6 +42,7 @@ set(APIDOCS + nghttp2_option_set_no_recv_client_magic.rst + nghttp2_option_set_peer_max_concurrent_streams.rst + nghttp2_option_set_user_recv_extension_type.rst ++ nghttp2_option_set_max_settings.rst + nghttp2_pack_settings_payload.rst + nghttp2_priority_spec_check_default.rst + nghttp2_priority_spec_default_init.rst +diff --git a/doc/Makefile.am b/doc/Makefile.am +index 4d73cef50..f073bfa4c 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -69,6 +69,7 @@ APIDOCS= \ + nghttp2_option_set_peer_max_concurrent_streams.rst \ + nghttp2_option_set_user_recv_extension_type.rst \ + nghttp2_option_set_max_outbound_ack.rst \ ++ nghttp2_option_set_max_settings.rst \ + nghttp2_pack_settings_payload.rst \ + nghttp2_priority_spec_check_default.rst \ + nghttp2_priority_spec_default_init.rst \ +diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h +index e3aeb9fed..9be6eea5c 100644 +--- a/lib/includes/nghttp2/nghttp2.h ++++ b/lib/includes/nghttp2/nghttp2.h +@@ -228,6 +228,13 @@ typedef struct { + */ + #define NGHTTP2_CLIENT_MAGIC_LEN 24 + ++/** ++ * @macro ++ * ++ * The default max number of settings per SETTINGS frame ++ */ ++#define NGHTTP2_DEFAULT_MAX_SETTINGS 32 ++ + /** + * @enum + * +@@ -398,6 +405,11 @@ typedef enum { + * receives an other type of frame. + */ + NGHTTP2_ERR_SETTINGS_EXPECTED = -536, ++ /** ++ * When a local endpoint receives too many settings entries ++ * in a single SETTINGS frame. ++ */ ++ NGHTTP2_ERR_TOO_MANY_SETTINGS = -537, + /** + * The errors < :enum:`NGHTTP2_ERR_FATAL` mean that the library is + * under unexpected condition and processing was terminated (e.g., +@@ -2659,6 +2671,17 @@ NGHTTP2_EXTERN void nghttp2_option_set_no_closed_streams(nghttp2_option *option, + NGHTTP2_EXTERN void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, + size_t val); + ++/** ++ * @function ++ * ++ * This function sets the maximum number of SETTINGS entries per ++ * SETTINGS frame that will be accepted. If more than those entries ++ * are received, the peer is considered to be misbehaving and session ++ * will be closed. The default value is 32. ++ */ ++NGHTTP2_EXTERN void nghttp2_option_set_max_settings(nghttp2_option *option, ++ size_t val); ++ + /** + * @function + * +diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c +index 91136a619..0bd541472 100644 +--- a/lib/nghttp2_helper.c ++++ b/lib/nghttp2_helper.c +@@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_code) { + case NGHTTP2_ERR_FLOODED: + return "Flooding was detected in this HTTP/2 session, and it must be " + "closed"; ++ case NGHTTP2_ERR_TOO_MANY_SETTINGS: ++ return "SETTINGS frame contained more than the maximum allowed entries"; + default: + return "Unknown error code"; + } +diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c +index e53f22d36..34348e660 100644 +--- a/lib/nghttp2_option.c ++++ b/lib/nghttp2_option.c +@@ -121,3 +121,8 @@ void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, size_t val) { + option->opt_set_mask |= NGHTTP2_OPT_MAX_OUTBOUND_ACK; + option->max_outbound_ack = val; + } ++ ++void nghttp2_option_set_max_settings(nghttp2_option *option, size_t val) { ++ option->opt_set_mask |= NGHTTP2_OPT_MAX_SETTINGS; ++ option->max_settings = val; ++} +diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h +index 1f740aaa6..939729fdc 100644 +--- a/lib/nghttp2_option.h ++++ b/lib/nghttp2_option.h +@@ -67,6 +67,7 @@ typedef enum { + NGHTTP2_OPT_MAX_DEFLATE_DYNAMIC_TABLE_SIZE = 1 << 9, + NGHTTP2_OPT_NO_CLOSED_STREAMS = 1 << 10, + NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11, ++ NGHTTP2_OPT_MAX_SETTINGS = 1 << 12, + } nghttp2_option_flag; + + /** +@@ -85,6 +86,10 @@ struct nghttp2_option { + * NGHTTP2_OPT_MAX_OUTBOUND_ACK + */ + size_t max_outbound_ack; ++ /** ++ * NGHTTP2_OPT_MAX_SETTINGS ++ */ ++ size_t max_settings; + /** + * Bitwise OR of nghttp2_option_flag to determine that which fields + * are specified. +diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c +index 563ccd7de..415e34776 100644 +--- a/lib/nghttp2_session.c ++++ b/lib/nghttp2_session.c +@@ -458,6 +458,7 @@ static int session_new(nghttp2_session **session_ptr, + + (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; + (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; ++ (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; + + if (option) { + if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && +@@ -521,6 +522,11 @@ static int session_new(nghttp2_session **session_ptr, + if (option->opt_set_mask & NGHTTP2_OPT_MAX_OUTBOUND_ACK) { + (*session_ptr)->max_outbound_ack = option->max_outbound_ack; + } ++ ++ if ((option->opt_set_mask & NGHTTP2_OPT_MAX_SETTINGS) && ++ option->max_settings) { ++ (*session_ptr)->max_settings = option->max_settings; ++ } + } + + rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, +@@ -5657,6 +5663,16 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + iframe->max_niv = + iframe->frame.hd.length / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH + 1; + ++ if (iframe->max_niv - 1 > session->max_settings) { ++ rv = nghttp2_session_terminate_session_with_reason( ++ session, NGHTTP2_ENHANCE_YOUR_CALM, ++ "SETTINGS: too many setting entries"); ++ if (nghttp2_is_fatal(rv)) { ++ return rv; ++ } ++ return (ssize_t)inlen; ++ } ++ + iframe->iv = nghttp2_mem_malloc(mem, sizeof(nghttp2_settings_entry) * + iframe->max_niv); + +@@ -7425,6 +7441,11 @@ static int nghttp2_session_upgrade_internal(nghttp2_session *session, + if (settings_payloadlen % NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH) { + return NGHTTP2_ERR_INVALID_ARGUMENT; + } ++ /* SETTINGS frame contains too many settings */ ++ if (settings_payloadlen / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH ++ > session->max_settings) { ++ return NGHTTP2_ERR_TOO_MANY_SETTINGS; ++ } + rv = nghttp2_frame_unpack_settings_payload2(&iv, &niv, settings_payload, + settings_payloadlen, mem); + if (rv != 0) { +diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h +index d20827315..07bfbb6c9 100644 +--- a/lib/nghttp2_session.h ++++ b/lib/nghttp2_session.h +@@ -267,6 +267,8 @@ struct nghttp2_session { + /* The maximum length of header block to send. Calculated by the + same way as nghttp2_hd_deflate_bound() does. */ + size_t max_send_header_block_length; ++ /* The maximum number of settings accepted per SETTINGS frame. */ ++ size_t max_settings; + /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */ + uint32_t next_stream_id; + /* The last stream ID this session initiated. For client session, +diff --git a/tests/main.c b/tests/main.c +index 41e0b03eb..67eb4a1c2 100644 +--- a/tests/main.c ++++ b/tests/main.c +@@ -317,6 +317,8 @@ int main() { + test_nghttp2_session_set_local_window_size) || + !CU_add_test(pSuite, "session_cancel_from_before_frame_send", + test_nghttp2_session_cancel_from_before_frame_send) || ++ !CU_add_test(pSuite, "session_too_many_settings", ++ test_nghttp2_session_too_many_settings) || + !CU_add_test(pSuite, "session_removed_closed_stream", + test_nghttp2_session_removed_closed_stream) || + !CU_add_test(pSuite, "session_pause_data", +diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c +index 6eb8e244d..33ee3ad84 100644 +--- a/tests/nghttp2_session_test.c ++++ b/tests/nghttp2_session_test.c +@@ -10614,6 +10614,67 @@ void test_nghttp2_session_cancel_from_before_frame_send(void) { + nghttp2_session_del(session); + } + ++void test_nghttp2_session_too_many_settings(void) { ++ nghttp2_session *session; ++ nghttp2_option *option; ++ nghttp2_session_callbacks callbacks; ++ nghttp2_frame frame; ++ nghttp2_bufs bufs; ++ nghttp2_buf *buf; ++ ssize_t rv; ++ my_user_data ud; ++ nghttp2_settings_entry iv[3]; ++ nghttp2_mem *mem; ++ nghttp2_outbound_item *item; ++ ++ mem = nghttp2_mem_default(); ++ frame_pack_bufs_init(&bufs); ++ ++ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); ++ callbacks.on_frame_recv_callback = on_frame_recv_callback; ++ callbacks.send_callback = null_send_callback; ++ ++ nghttp2_option_new(&option); ++ nghttp2_option_set_max_settings(option, 1); ++ ++ nghttp2_session_client_new2(&session, &callbacks, &ud, option); ++ ++ CU_ASSERT(1 == session->max_settings); ++ ++ nghttp2_option_del(option); ++ ++ iv[0].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE; ++ iv[0].value = 3000; ++ ++ iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; ++ iv[1].value = 16384; ++ ++ nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, dup_iv(iv, 2), ++ 2); ++ ++ rv = nghttp2_frame_pack_settings(&bufs, &frame.settings); ++ ++ CU_ASSERT(0 == rv); ++ CU_ASSERT(nghttp2_bufs_len(&bufs) > 0); ++ ++ nghttp2_frame_settings_free(&frame.settings, mem); ++ ++ buf = &bufs.head->buf; ++ assert(nghttp2_bufs_len(&bufs) == nghttp2_buf_len(buf)); ++ ++ ud.frame_recv_cb_called = 0; ++ ++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); ++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); ++ ++ item = nghttp2_session_get_next_ob_item(session); ++ CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type); ++ ++ nghttp2_bufs_reset(&bufs); ++ nghttp2_bufs_free(&bufs); ++ nghttp2_session_del(session); ++} ++ + static void + prepare_session_removed_closed_stream(nghttp2_session *session, + nghttp2_hd_deflater *deflater) { +diff --git a/tests/nghttp2_session_test.h b/tests/nghttp2_session_test.h +index e872c5d0b..818c808d0 100644 +--- a/tests/nghttp2_session_test.h ++++ b/tests/nghttp2_session_test.h +@@ -156,6 +156,7 @@ void test_nghttp2_session_repeated_priority_change(void); + void test_nghttp2_session_repeated_priority_submission(void); + void test_nghttp2_session_set_local_window_size(void); + void test_nghttp2_session_cancel_from_before_frame_send(void); ++void test_nghttp2_session_too_many_settings(void); + void test_nghttp2_session_removed_closed_stream(void); + void test_nghttp2_session_pause_data(void); + void test_nghttp2_session_no_closed_streams(void); + +From f8da73bd042f810f34d19f9eae02b46d870af394 Mon Sep 17 00:00:00 2001 +From: James M Snell <jasnell@gmail.com> +Date: Sun, 19 Apr 2020 09:12:24 -0700 +Subject: [PATCH 2/2] Earlier check for settings flood + +--- + lib/nghttp2_session.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c +index 415e34776..39f81f498 100644 +--- a/lib/nghttp2_session.c ++++ b/lib/nghttp2_session.c +@@ -5653,6 +5653,12 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, + break; + } + ++ /* Check the settings flood counter early to be safe */ ++ if (session->obq_flood_counter_ >= session->max_outbound_ack && ++ !(iframe->frame.hd.flags & NGHTTP2_FLAG_ACK)) { ++ return NGHTTP2_ERR_FLOODED; ++ } ++ + iframe->state = NGHTTP2_IB_READ_SETTINGS; + + if (iframe->payloadleft) { diff --git a/main/ngircd/APKBUILD b/main/ngircd/APKBUILD index da71f4a6e49..f931173b115 100644 --- a/main/ngircd/APKBUILD +++ b/main/ngircd/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ngircd pkgver=24 -pkgrel=4 +pkgrel=5 pkgdesc="Next Generation IRC Daemon" url="https://ngircd.barton.de/" arch="all" @@ -12,6 +12,7 @@ makedepends="openssl-dev zlib-dev linux-pam-dev" subpackages="$pkgname-doc" install="$pkgname.pre-install" source="https://ngircd.barton.de/pub/ngircd/ngircd-$pkgver.tar.xz + CVE-2020-14148.patch $pkgname.initd " _builddir="$srcdir"/$pkgname-$pkgver @@ -24,6 +25,10 @@ prepare() { done } +# secfixes: +# 24-r5: +# - CVE-2020-14148 + build() { cd "$_builddir" ./configure \ @@ -45,10 +50,6 @@ package() { make DESTDIR="$pkgdir" install || return 1 install -Dm755 ../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname } - -md5sums="81b9c5ae283d07aab35ce16eaf49e458 ngircd-24.tar.xz -51c3679a7c1f2f5522031fa856e34734 ngircd.initd" -sha256sums="173fa0ea10788a8ba08ef2f7e64ea8951d7c88862e744128c8b87bae424b1008 ngircd-24.tar.xz -890d0dc433a8d7f082c35ba806bac53f19d2d4352fcb7127cc28741abcbd6a75 ngircd.initd" sha512sums="d176ec4eb3e780aa8b5efb722c8c0f6fc1a7ac3c06e2039019e6e602aad64ca5357762f1549e117f6e452fe6314fb6cf5bc31a9fdbec1a08cc6d2a344c0bf49f ngircd-24.tar.xz +3863bab40dcb0283127497efa117ceaab3f4d1d427399ad262a1a3b24d50ff663578579639c9ea39b9be41698ad13767ee575071e46e8ba80eebbda1f3d58881 CVE-2020-14148.patch 50339507917c956a38451394a8a5996337ff29948944ff6aa40ed39f6dd3d6bfdfb864d60a24199c0a86a01e18a71f213efa6cfb2857a320f31b9fcfb92c6ac1 ngircd.initd" diff --git a/main/ngircd/CVE-2020-14148.patch b/main/ngircd/CVE-2020-14148.patch new file mode 100644 index 00000000000..2f2d2b5038e --- /dev/null +++ b/main/ngircd/CVE-2020-14148.patch @@ -0,0 +1,37 @@ +From 02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 Mon Sep 17 00:00:00 2001 +From: Alexander Barton <alex@barton.de> +Date: Mon, 25 May 2020 23:43:29 +0200 +Subject: [PATCH] IRC_SERVER: Make sure that the client sent a prefix + +The SERVER command is only valid with a prefix when received from other +servers, so make sure that there is one and disconnect the peer if not +(instead of crashing ...). + +This obsoletes PR #275. + +Thanks Hilko Bengen (hillu) for finding & reporting this as well for the +patch & pull request! But I think this is the "more correct" fix. +--- + src/ngircd/irc-server.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c +index 317a3e1a..10f1ef69 100644 +--- a/src/ngircd/irc-server.c ++++ b/src/ngircd/irc-server.c +@@ -186,6 +186,15 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req ) + if (!Client_CheckID(Client, Req->argv[0])) + return DISCONNECTED; + ++ if (!Req->prefix) { ++ /* We definitely need a prefix here! */ ++ Log(LOG_ALERT, "Got SERVER command without prefix! (on connection %d)", ++ Client_Conn(Client)); ++ Conn_Close(Client_Conn(Client), NULL, ++ "SERVER command without prefix", true); ++ return DISCONNECTED; ++ } ++ + from = Client_Search( Req->prefix ); + if (! from) { + /* Uh, Server, that introduced the new server is unknown?! */ diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD index 27b0bd811c9..4d3c13cdfe0 100644 --- a/main/nodejs/APKBUILD +++ b/main/nodejs/APKBUILD @@ -3,9 +3,25 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # Contributor: Dave Esaias <dave@containership.io> # Contributor: Tadahisa Kamijo <kamijin@live.jp> +# Contributor: Eivind Uggedal <eu@eju.no> # Maintainer: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 10.19.0-r0: +# - CVE-2019-15606 +# - CVE-2019-15605 +# - CVE-2019-15604 +# 10.16.3-r0: +# - CVE-2019-9511 +# - CVE-2019-9512 +# - CVE-2019-9513 +# - CVE-2019-9514 +# - CVE-2019-9515 +# - CVE-2019-9516 +# - CVE-2019-9517 +# - CVE-2019-9518 +# 10.15.3-r0: +# - CVE-2019-5737 # 10.14.0-r0: # - CVE-2018-12121 # - CVE-2018-12122 @@ -33,7 +49,7 @@ pkgname=nodejs # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Odd-numbered versions are supported only for 9 months by upstream. -pkgver=10.14.2 +pkgver=10.19.0 pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - LTS version" url="https://nodejs.org/" @@ -43,7 +59,7 @@ depends="ca-certificates" depends_dev="libuv" # gold is needed for mksnapshot makedepends="$depends_dev python2 openssl-dev zlib-dev libuv-dev linux-headers - paxmark binutils-gold http-parser-dev ca-certificates c-ares-dev" + paxmark binutils-gold ca-certificates c-ares-dev" subpackages="$pkgname-dev $pkgname-doc npm::noarch" provides="nodejs-lts=$pkgver" # for backward compatibility replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility @@ -57,7 +73,7 @@ prepare() { default_prepare # Remove bundled dependencies that we're not using. - rm -rf deps/http_parser deps/openssl deps/uv deps/zlib + rm -rf deps/openssl deps/uv deps/zlib } build() { @@ -72,7 +88,6 @@ build() { --shared-zlib \ --shared-libuv \ --shared-openssl \ - --shared-http-parser \ --shared-cares \ --openssl-use-def-ca-store @@ -102,9 +117,17 @@ package() { paxmark -m "$pkgdir"/usr/bin/node cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share - local d; for d in doc html man; do + local d; for d in docs man; do rm -r "$pkgdir"/usr/lib/node_modules/npm/$d done + + # XXX: Workaround for https://github.com/npm/cli/issues/780. + (cd "$pkgdir"/usr/share/man/man5 && find * \ + -type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \ + -exec mv {} npm-{} \;) + (cd "$pkgdir"/usr/share/man/man7 && find * \ + -type f ! \( -name 'semver.*' -or -name 'npm-*' \) \ + -exec mv {} npm-{} \;) } dev() { @@ -126,6 +149,6 @@ npm() { mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/ } -sha512sums="72e78f8839543826025549022df9f23a71be3507261a387f82142d71d24065a23f9b905d7fd95a0940ac68355bfe0d81ee50c320eb46493e10e417cd975d3c8e node-v10.14.2.tar.gz +sha512sums="59f584e27dfd99453a031722ca3e094d658a90e77316a85a7048868fe6a6164b8aef0f03b60cbe681ace273d902434210bf3cd10a638583b74264d8b42bf2565 node-v10.19.0.tar.gz 9d09a88074bf0093f35c5b610e73ebf4c5381df2a2b29feb69da1af0b18776a683b13f1276375bbcfc60936cc27769539e1f01b4ba94b22cad2d5f4daae14c46 dont-run-gyp-files-for-bundled-deps.patch 4fd3f10bd82d1e851ed000169c2635c001a4a051283edf96f1efb2260e2d395199dd5843f79f1cff8f2c0c65462c44241c508ea67835dfbd9880d9196fae290a link-with-libatomic-on-mips32.patch" diff --git a/main/nrpe/APKBUILD b/main/nrpe/APKBUILD index 44d2b163ab7..c09b953a029 100644 --- a/main/nrpe/APKBUILD +++ b/main/nrpe/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Jeff Bilyk <jbilyk@gmail.com> pkgname=nrpe pkgver=3.2.1 -pkgrel=0 +pkgrel=2 pkgusers="nagios" pkggroups="nagios" pkgdesc="NRPE allows you to remotely execute Nagios plugins on other Linux/Unix machines." diff --git a/main/ntfs-3g/APKBUILD b/main/ntfs-3g/APKBUILD index 9f63527fe11..8c2695bc2dc 100644 --- a/main/ntfs-3g/APKBUILD +++ b/main/ntfs-3g/APKBUILD @@ -4,18 +4,24 @@ pkgname=ntfs-3g _pkgreal=ntfs-3g_ntfsprogs pkgver=2017.3.23 -pkgrel=1 +pkgrel=2 pkgdesc="Stable, full-featured, read-write NTFS" -url="http://www.tuxera.com/community/ntfs-3g-download/" +url="https://www.tuxera.com/community/ntfs-3g-download/" arch="all" -license="GPL" +license="GPL-2.0-or-later AND LGPL-2.0-or-later" +options="!check" # No test suite makedepends="attr-dev util-linux-dev linux-headers" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-progs" -source="http://tuxera.com/opensource/$_pkgreal-$pkgver.tgz" +source="https://tuxera.com/opensource/ntfs-3g_ntfsprogs-$pkgver.tgz + CVE-2019-9755.patch + " builddir="$srcdir/$_pkgreal-$pkgver" +# secfixes: +# 2017.3.23-r2: +# - CVE-2019-9755 + build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -29,7 +35,6 @@ build() { package() { pkgdesc="$pkgdesc (driver)" - cd "$builddir" mkdir -p "$pkgdir"/lib make -j1 DESTDIR="$pkgdir" LDCONFIG=: install ln -s /bin/ntfs-3g "$pkgdir"/sbin/mount.ntfs @@ -44,4 +49,5 @@ progs() { rm -fr "$subpkgdir"/lib "$subpkgdir"/usr/lib } -sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz" +sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz +d071cf6c3ee38963df0286049196cb3bab050460e0b541f3cf5d217c874d247878cb6dcca2d6d68c562447f8956e0511dd93552c5647dda88b69be880b5cd9f8 CVE-2019-9755.patch" diff --git a/main/ntfs-3g/CVE-2019-9755.patch b/main/ntfs-3g/CVE-2019-9755.patch new file mode 100644 index 00000000000..577f1686282 --- /dev/null +++ b/main/ntfs-3g/CVE-2019-9755.patch @@ -0,0 +1,62 @@ +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4323,7 +4323,8 @@ + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4331,6 +4332,9 @@ + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4123,7 +4123,8 @@ + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4131,6 +4132,9 @@ + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.22.0 diff --git a/main/oniguruma/APKBUILD b/main/oniguruma/APKBUILD index 510f2416c20..097507c6534 100644 --- a/main/oniguruma/APKBUILD +++ b/main/oniguruma/APKBUILD @@ -2,16 +2,22 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=oniguruma pkgver=6.9.4 -pkgrel=0 +pkgrel=1 pkgdesc="a regular expressions library" url="http://www.geocities.jp/kosako3/oniguruma/" arch="all" license="BSD" makedepends="automake autoconf libtool" subpackages="$pkgname-dev" -source="$pkgname-$pkgver.tar.gz::https://github.com/kkos/$pkgname/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/kkos/$pkgname/archive/v$pkgver.tar.gz + CVE-2020-26159.patch::https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 6.9.4-r1: +# - CVE-2020-26159 + prepare() { cd "$builddir" autoreconf -vfi @@ -40,4 +46,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="28a618c31db047c19dfb0e519d849ff33dd9d027abb154df341bc9c4a3ee738144007cfa95066e8714b0e1a0133ccfb6e629e9b7483cb3f9fb3a890156d769cb oniguruma-6.9.4.tar.gz" +sha512sums="28a618c31db047c19dfb0e519d849ff33dd9d027abb154df341bc9c4a3ee738144007cfa95066e8714b0e1a0133ccfb6e629e9b7483cb3f9fb3a890156d769cb oniguruma-6.9.4.tar.gz +90c42c91004eb9df89adcedb79bc175a52b596031cb2aacb891282e5ed3183ca991ac7fda1cb7a507f2e6cc9dceba78fa8291a312c23c56d457e75d31729a2df CVE-2020-26159.patch" diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index 475f179145c..f41d037b8ae 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=openjpeg pkgver=2.3.0 -pkgrel=5 +pkgrel=6 pkgdesc="Open-source implementation of JPEG2000 image codec" url="http://www.openjpeg.org/" arch="all" @@ -19,11 +19,11 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v CVE-2018-21010.patch CVE-2020-6851.patch CVE-2020-8112.patch + CVE-2019-12973.patch + CVE-2020-15389.patch " -builddir="${srcdir}/$pkgname-$pkgver" build() { - cd "$builddir" cmake . \ -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \ @@ -33,6 +33,9 @@ build() { } # secfixes: +# 2.3.0-r6: +# - CVE-2019-12973 +# - CVE-2020-15389 # 2.3.0-r5: # - CVE-2020-6851 # - CVE-2020-8112 @@ -61,7 +64,6 @@ build() { # - CVE-2016-9581 package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -79,4 +81,6 @@ sha512sums="0a9d427be4a820b1d759fca4b50e293721b45fe4885aa61ca1ae09e099f75ed93520 ec48472de6c6d34abff949bbae1ae1e92e0b59939c13345a3a69c8219fdf91ea2c07dda59fe212a88212b3116cae1fb8c47aa5d12b84af669a28aa52864f55de CVE-2018-5785.patch 544828e20f50dc7e4a3367de646dc69f70fff48d66a6bbc1b27c317778e7739e276891e84a76435144e697605796c77a47b0a3424e0fa3eeb2e647480c1c034a CVE-2018-21010.patch c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd62824714097bba2d8cc865bed31193d1a072aa954f216011297 CVE-2020-6851.patch -9659e04087e0d80bf53555e9807aae59205adef2d49d7a49e05bf250c484a2e92132d471ec6076e57ca69b5ce98fd81462a6a8c01205ca7096781eec06e401cc CVE-2020-8112.patch" +9659e04087e0d80bf53555e9807aae59205adef2d49d7a49e05bf250c484a2e92132d471ec6076e57ca69b5ce98fd81462a6a8c01205ca7096781eec06e401cc CVE-2020-8112.patch +472deba1d521553f9c7af805ba3d0c4fc31564fd36e37c598646f468b7d05bf5f81d2320fd6fadf8c0e3344ebce7bc0d04cece55a1b3cec2ef693a6e65bd2516 CVE-2019-12973.patch +f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch" diff --git a/main/openjpeg/CVE-2019-12973.patch b/main/openjpeg/CVE-2019-12973.patch new file mode 100644 index 00000000000..0d330ae6d92 --- /dev/null +++ b/main/openjpeg/CVE-2019-12973.patch @@ -0,0 +1,152 @@ +From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 19:57:27 +0800 +Subject: [PATCH 1/2] convertbmp: detect invalid file dimensions early + +width/length dimensions read from bmp headers are not necessarily +valid. For instance they may have been maliciously set to very large +values with the intention to cause DoS (large memory allocation, stack +overflow). In these cases we want to detect the invalid size as early +as possible. + +This commit introduces a counter which verifies that the number of +written bytes corresponds to the advertized width/length. + +See commit 8ee335227bbc for details. + +Signed-off-by: Young Xiao <YangX92@hotmail.com> +--- + src/bin/jp2/convertbmp.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index 0af52f816..ec34f535b 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + } else { /* absolute mode */ + c = getc(IN); +@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + c1 = (OPJ_UINT8)getc(IN); + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ + getc(IN); +@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } + } + } /* while(y < height) */ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } + return OPJ_TRUE; + } + + +From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 20:09:59 +0800 +Subject: [PATCH 2/2] bmp_read_rle4_data(): avoid potential infinite loop + +--- + src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ec34f535b..2fc4e9bc4 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + while (y < height) { + int c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c) { /* encoded mode */ +- int j; +- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN); ++ int j, c1_int; ++ OPJ_UINT8 c1; ++ ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { +@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } else { /* absolute mode */ + c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c == 0x00) { /* EOL */ +@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + break; + } else if (c == 0x02) { /* MOVE by dxdy */ + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + x += (OPJ_UINT32)c; + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + y += (OPJ_UINT32)c; + pix = pData + y * stride + x; + } else { /* 03 .. 255 : absolute mode */ +@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + if ((j & 1) == 0) { +- c1 = (OPJ_UINT8)getc(IN); ++ int c1_int; ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); + written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ +- getc(IN); ++ c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + } + } + } diff --git a/main/openjpeg/CVE-2020-15389.patch b/main/openjpeg/CVE-2020-15389.patch new file mode 100644 index 00000000000..f5737a3b245 --- /dev/null +++ b/main/openjpeg/CVE-2020-15389.patch @@ -0,0 +1,39 @@ +From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 28 Jun 2020 14:19:59 +0200 +Subject: [PATCH] opj_decompress: fix double-free on input directory with mix + of valid and invalid images (CVE-2020-15389) + +Fixes #1261 + +Credits to @Ruia-ruia for reporting and analysis. +--- + src/bin/jp2/opj_decompress.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 7eeb0952f..2634907f0 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original) + int main(int argc, char **argv) + { + opj_decompress_parameters parameters; /* decompression parameters */ +- opj_image_t* image = NULL; +- opj_stream_t *l_stream = NULL; /* Stream */ +- opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ +- opj_codestream_index_t* cstr_index = NULL; + + OPJ_INT32 num_images, imageno; + img_fol_t img_fol; +@@ -1393,6 +1389,10 @@ int main(int argc, char **argv) + + /*Decoding image one by one*/ + for (imageno = 0; imageno < num_images ; imageno++) { ++ opj_image_t* image = NULL; ++ opj_stream_t *l_stream = NULL; /* Stream */ ++ opj_codec_t* l_codec = NULL; /* Handle to a decompressor */ ++ opj_codestream_index_t* cstr_index = NULL; + + if (!parameters.quiet) { + fprintf(stderr, "\n"); diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD index 76ed26f8f88..eaa032f2757 100644 --- a/main/openldap/APKBUILD +++ b/main/openldap/APKBUILD @@ -2,6 +2,12 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 2.4.48-r2: +# - CVE-2020-25709 +# - CVE-2020-25710 +# - CVE-2020-25692 +# 2.4.48-r1: +# - CVE-2020-12243 # 2.4.48-r0: # - CVE-2019-13565 # - CVE-2019-13057 @@ -13,7 +19,7 @@ # pkgname=openldap pkgver=2.4.48 -pkgrel=0 +pkgrel=2 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -36,9 +42,14 @@ source="https://www.openldap.org/software/download/OpenLDAP/$pkgname-release/$pk fix-manpages.patch configs.patch cacheflush.patch + CVE-2020-25709.patch + CVE-2020-25710.patch + CVE-2020-25692.patch + CVE-2020-12243.patch slapd.initd slapd.confd + " builddir="$srcdir/$pkgname-$pkgver" @@ -225,5 +236,9 @@ sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be79 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch 0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch 60c1ec62003a33036de68402544e25a71715ed124a3139056a94ed1ba02fb8148ee510ab8f182a308105a2f744b9787e67112bcd8cd0d800cdb6f5409c4f63ff cacheflush.patch +61d2d02b733011eefaac0681b7f6274e416dac4d420b354e37f51b07cc42dab61c798fbe5fab36f47079962046f309373b41886b4632e86dc08d5bfe59b275f7 CVE-2020-25709.patch +abb7f43b6379fe6c03e583dc3a2c861c573ad6b83710954e35928e0449a1b78e259d8d5c6b7c33747b347ab67388d4894980a954d5ddb24b51a693b9c43798f2 CVE-2020-25710.patch +023b32e1a8e61c96b77723dfe39d33de170af684e29defdb34c14719b77fa0e9a101f8aaafe378afb30bf5ca732cf7209ef291089d7524b2301a97c102f5f6e4 CVE-2020-25692.patch +fddf5cf57c5b4b1d0e148ce850aafe5791dd7772727c824e858fe97e375871d2d3f622894d978444f7c5d8d64160c6fd766ae91de5eac3eb7f5292ceaaf599ea CVE-2020-12243.patch 0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd 64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd" diff --git a/main/openldap/CVE-2020-12243.patch b/main/openldap/CVE-2020-12243.patch new file mode 100644 index 00000000000..d8e10f5bc66 --- /dev/null +++ b/main/openldap/CVE-2020-12243.patch @@ -0,0 +1,125 @@ +From 98464c11df8247d6a11b52e294ba5dd4f0380440 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Thu, 16 Apr 2020 01:08:19 +0100 +Subject: [PATCH] ITS#9202 limit depth of nested filters + +Using a hardcoded limit for now; no reasonable apps +should ever run into it. +--- + servers/slapd/filter.c | 41 ++++++++++++++++++++++++++++++++--------- + 1 file changed, 32 insertions(+), 9 deletions(-) + +diff --git a/servers/slapd/filter.c b/servers/slapd/filter.c +index 3252cf2a7..ed57bbd7b 100644 +--- a/servers/slapd/filter.c ++++ b/servers/slapd/filter.c +@@ -37,11 +37,16 @@ + const Filter *slap_filter_objectClass_pres; + const struct berval *slap_filterstr_objectClass_pres; + ++#ifndef SLAPD_MAX_FILTER_DEPTH ++#define SLAPD_MAX_FILTER_DEPTH 5000 ++#endif ++ + static int get_filter_list( + Operation *op, + BerElement *ber, + Filter **f, +- const char **text ); ++ const char **text, ++ int depth ); + + static int get_ssa( + Operation *op, +@@ -80,12 +85,13 @@ filter_destroy( void ) + return; + } + +-int +-get_filter( ++static int ++get_filter0( + Operation *op, + BerElement *ber, + Filter **filt, +- const char **text ) ++ const char **text, ++ int depth ) + { + ber_tag_t tag; + ber_len_t len; +@@ -126,6 +132,11 @@ get_filter( + * + */ + ++ if( depth > SLAPD_MAX_FILTER_DEPTH ) { ++ *text = "filter nested too deeply"; ++ return SLAPD_DISCONNECT; ++ } ++ + tag = ber_peek_tag( ber, &len ); + + if( tag == LBER_ERROR ) { +@@ -221,7 +232,7 @@ get_filter( + + case LDAP_FILTER_AND: + Debug( LDAP_DEBUG_FILTER, "AND\n", 0, 0, 0 ); +- err = get_filter_list( op, ber, &f.f_and, text ); ++ err = get_filter_list( op, ber, &f.f_and, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -234,7 +245,7 @@ get_filter( + + case LDAP_FILTER_OR: + Debug( LDAP_DEBUG_FILTER, "OR\n", 0, 0, 0 ); +- err = get_filter_list( op, ber, &f.f_or, text ); ++ err = get_filter_list( op, ber, &f.f_or, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -248,7 +259,7 @@ get_filter( + case LDAP_FILTER_NOT: + Debug( LDAP_DEBUG_FILTER, "NOT\n", 0, 0, 0 ); + (void) ber_skip_tag( ber, &len ); +- err = get_filter( op, ber, &f.f_not, text ); ++ err = get_filter0( op, ber, &f.f_not, text, depth+1 ); + if ( err != LDAP_SUCCESS ) { + break; + } +@@ -311,10 +322,22 @@ get_filter( + return( err ); + } + ++int ++get_filter( ++ Operation *op, ++ BerElement *ber, ++ Filter **filt, ++ const char **text ) ++{ ++ return get_filter0( op, ber, filt, text, 0 ); ++} ++ ++ + static int + get_filter_list( Operation *op, BerElement *ber, + Filter **f, +- const char **text ) ++ const char **text, ++ int depth ) + { + Filter **new; + int err; +@@ -328,7 +351,7 @@ get_filter_list( Operation *op, BerElement *ber, + tag != LBER_DEFAULT; + tag = ber_next_element( ber, &len, last ) ) + { +- err = get_filter( op, ber, new, text ); ++ err = get_filter0( op, ber, new, text, depth ); + if ( err != LDAP_SUCCESS ) + return( err ); + new = &(*new)->f_next; +-- +GitLab + diff --git a/main/openldap/CVE-2020-25692.patch b/main/openldap/CVE-2020-25692.patch new file mode 100644 index 00000000000..941a4f56be3 --- /dev/null +++ b/main/openldap/CVE-2020-25692.patch @@ -0,0 +1,27 @@ +From 4c774220a752bf8e3284984890dc0931fe73165d Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 19 Oct 2020 14:03:41 +0100 +Subject: [PATCH] ITS#9370 check for equality rule on old_rdn + +Just skip normalization if there's no equality rule. We accept +DNs without equality rules already. +--- + servers/slapd/modrdn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/servers/slapd/modrdn.c b/servers/slapd/modrdn.c +index c73dd8dba..a22975540 100644 +--- a/servers/slapd/modrdn.c ++++ b/servers/slapd/modrdn.c +@@ -505,7 +505,7 @@ slap_modrdn2mods( + mod_tmp->sml_values = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + ber_dupbv( &mod_tmp->sml_values[0], &old_rdn[d_cnt]->la_value ); + mod_tmp->sml_values[1].bv_val = NULL; +- if( desc->ad_type->sat_equality->smr_normalize) { ++ if( desc->ad_type->sat_equality && desc->ad_type->sat_equality->smr_normalize) { + mod_tmp->sml_nvalues = ( BerVarray )ch_malloc( 2 * sizeof( struct berval ) ); + (void) (*desc->ad_type->sat_equality->smr_normalize)( + SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX, +-- +GitLab + diff --git a/main/openldap/CVE-2020-25709.patch b/main/openldap/CVE-2020-25709.patch new file mode 100644 index 00000000000..d38c9d241da --- /dev/null +++ b/main/openldap/CVE-2020-25709.patch @@ -0,0 +1,26 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa6..28f9e71a1 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab + diff --git a/main/openldap/CVE-2020-25710.patch b/main/openldap/CVE-2020-25710.patch new file mode 100644 index 00000000000..9b9bae8b31f --- /dev/null +++ b/main/openldap/CVE-2020-25710.patch @@ -0,0 +1,27 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu <hyc@openldap.org> +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index 5812bc4b6..ea0d67aa6 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5327,8 +5327,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + +-- +GitLab + diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index bcceb4dda27..22090b345c1 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=openssl -pkgver=1.1.1d +pkgver=1.1.1k _abiver=${pkgver%.*} -pkgrel=2 +pkgrel=0 pkgdesc="Toolkit for Transport Layer Security (TLS)" url="https://www.openssl.org" arch="all" @@ -14,7 +14,6 @@ makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl" source="https://www.openssl.org/source/openssl-$pkgver.tar.gz man-section.patch - CVE-2019-1551.patch " case "$CARCH" in s390x) options="$options !check";; # FIXME: test hangs @@ -23,6 +22,17 @@ esac builddir="$srcdir/openssl-$pkgver" # secfixes: +# 1.1.1k-r0: +# - CVE-2021-3449 +# - CVE-2021-3450 +# 1.1.1j-r0: +# - CVE-2021-23841 +# - CVE-2021-23840 +# - CVE-2021-23839 +# 1.1.1i-r0: +# - CVE-2020-1971 +# 1.1.1g-r0: +# - CVE-2020-1967 # 1.1.1d-r2: # - CVE-2019-1551 # 1.1.1d-r0: @@ -112,6 +122,5 @@ _libssl() { done } -sha512sums="2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7 openssl-1.1.1d.tar.gz -3e5c425d219768721d38bb33db7445eb3ea12d9447a16c5b23b9fddfcbd9d40b98b39506aeac9cbaced4be22ad5a6cb8e4d16fbe4850ac50a6b0c716592b2a2b man-section.patch -11ca61515a89766241fe0fae27f3b39767128915f288ea88840bf93e8b50ac416024cb2153efcdf2658d3e82a8e4250a0c069333dbd7347475f9dafcc45370b5 CVE-2019-1551.patch" +sha512sums="73cd042d4056585e5a9dd7ab68e7c7310a3a4c783eafa07ab0b560e7462b924e4376436a6d38a155c687f6942a881cfc0c1b9394afcde1d8c46bf396e7d51121 openssl-1.1.1k.tar.gz +43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a man-section.patch" diff --git a/main/openssl/CVE-2019-1551.patch b/main/openssl/CVE-2019-1551.patch deleted file mode 100644 index 8daf04ebf9f..00000000000 --- a/main/openssl/CVE-2019-1551.patch +++ /dev/null @@ -1,757 +0,0 @@ -From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <appro@openssl.org> -Date: Wed, 4 Dec 2019 12:48:21 +0100 -Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr - -There is an overflow bug in the x64_64 Montgomery squaring procedure used in -exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis -suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a -result of this defect would be very difficult to perform and are not believed -likely. Attacks against DH512 are considered just feasible. However, for an -attack the target would have to re-use the DH512 private key, which is not -recommended anyway. Also applications directly using the low level API -BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. - -CVE-2019-1551 - -Reviewed-by: Paul Dale <paul.dale@oracle.com> -Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> -(Merged from https://github.com/openssl/openssl/pull/10575) ---- - crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++----------------- - 1 file changed, 197 insertions(+), 184 deletions(-) - -diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl -index b1797b649f..7534d5cd03 100755 ---- a/crypto/bn/asm/rsaz-x86_64.pl -+++ b/crypto/bn/asm/rsaz-x86_64.pl -@@ -116,7 +116,7 @@ rsaz_512_sqr: # 25-29% faster than rsaz_512_mul - subq \$128+24, %rsp - .cfi_adjust_cfa_offset 128+24 - .Lsqr_body: -- movq $mod, %rbp # common argument -+ movq $mod, %xmm1 # common off-load - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -@@ -134,7 +134,8 @@ $code.=<<___; - .Loop_sqr: - movl $times,128+8(%rsp) - #first iteration -- movq %rdx, %rbx -+ movq %rdx, %rbx # 0($inp) -+ mov %rax, %rbp # 8($inp) - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax -@@ -173,31 +174,29 @@ $code.=<<___; - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax -- movq %rdx, %r15 -- adcq \$0, %r15 -+ adcq \$0, %rdx - -- addq %r8, %r8 #shlq \$1, %r8 -- movq %r9, %rcx -- adcq %r9, %r9 #shld \$1, %r8, %r9 -+ xorq %rcx,%rcx # rcx:r8 = r8 << 1 -+ addq %r8, %r8 -+ movq %rdx, %r15 -+ adcq \$0, %rcx - - mulq %rax -- movq %rax, (%rsp) -- addq %rdx, %r8 -- adcq \$0, %r9 -+ addq %r8, %rdx -+ adcq \$0, %rcx - -- movq %r8, 8(%rsp) -- shrq \$63, %rcx -+ movq %rax, (%rsp) -+ movq %rdx, 8(%rsp) - - #second iteration -- movq 8($inp), %r8 - movq 16($inp), %rax -- mulq %r8 -+ mulq %rbp - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx -@@ -205,7 +204,7 @@ $code.=<<___; - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -213,7 +212,7 @@ $code.=<<___; - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -221,7 +220,7 @@ $code.=<<___; - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -229,39 +228,39 @@ $code.=<<___; - movq %rdx, %rbx - adcq \$0, %rbx - -- mulq %r8 -+ mulq %rbp - addq %rax, %r15 -- movq %r8, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rbx, %r15 -- movq %rdx, %r8 -- movq %r10, %rdx -- adcq \$0, %r8 -+ adcq \$0, %rdx - -- add %rdx, %rdx -- lea (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 -- movq %r11, %rbx -- adcq %r11, %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r8 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ movq 16($inp), %rbp -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq 24($inp), %rax - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) -- shrq \$63, %rbx - - #third iteration -- movq 16($inp), %r9 -- movq 24($inp), %rax -- mulq %r9 -+ mulq %rbp - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx -@@ -269,7 +268,7 @@ $code.=<<___; - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -+ mulq %rbp - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx -@@ -277,9 +276,7 @@ $code.=<<___; - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- movq %r12, %r10 -- lea (%rbx,%r12,2), %r12 #shld \$1, %rbx, %r12 -+ mulq %rbp - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -287,36 +284,40 @@ $code.=<<___; - movq %rdx, %rcx - adcq \$0, %rcx - -- mulq %r9 -- shrq \$63, %r10 -+ mulq %rbp - addq %rax, %r8 -- movq %r9, %rax -+ movq %rbp, %rax - adcq \$0, %rdx - addq %rcx, %r8 -- movq %rdx, %r9 -- adcq \$0, %r9 -+ adcq \$0, %rdx - -- movq %r13, %rcx -- leaq (%r10,%r13,2), %r13 #shld \$1, %r12, %r13 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r9 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ movq 24($inp), %r10 -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq 32($inp), %rax - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) -- shrq \$63, %rcx - - #fourth iteration -- movq 24($inp), %r10 -- movq 32($inp), %rax -+ mov %rax, %r11 # 32($inp) - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %r12 # 40($inp) - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax -@@ -325,9 +326,8 @@ $code.=<<___; - movq %rdx, %rbx - adcq \$0, %rbx - -+ mov %rax, %rbp # 48($inp) - mulq %r10 -- movq %r14, %r12 -- leaq (%rcx,%r14,2), %r14 #shld \$1, %rcx, %r14 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx -@@ -336,32 +336,33 @@ $code.=<<___; - adcq \$0, %rbx - - mulq %r10 -- shrq \$63, %r12 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 -- movq %rdx, %r10 -- adcq \$0, %r10 -+ adcq \$0, %rdx - -- movq %r15, %rbx -- leaq (%r12,%r15,2),%r15 #shld \$1, %r14, %r15 -+ xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 -+ addq %r13, %r13 -+ movq %rdx, %r10 -+ adcq %r14, %r14 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r13 -+ movq %r12, %rax # 40($inp) - adcq %rdx, %r14 -- adcq \$0, %r15 -+ adcq \$0, %rbx - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) -- shrq \$63, %rbx - - #fifth iteration -- movq 32($inp), %r11 -- movq 40($inp), %rax - mulq %r11 - addq %rax, %r8 -- movq 48($inp), %rax -+ movq %rbp, %rax # 48($inp) - movq %rdx, %rcx - adcq \$0, %rcx - -@@ -369,97 +370,99 @@ $code.=<<___; - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx -- movq %r8, %r12 -- leaq (%rbx,%r8,2), %r8 #shld \$1, %rbx, %r8 - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - -+ mov %rax, %r14 # 56($inp) - mulq %r11 -- shrq \$63, %r12 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 -- movq %rdx, %r11 -- adcq \$0, %r11 -+ adcq \$0, %rdx - -- movq %r9, %rcx -- leaq (%r12,%r9,2), %r9 #shld \$1, %r8, %r9 -+ xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 -+ addq %r15, %r15 -+ movq %rdx, %r11 -+ adcq %r8, %r8 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r15 -+ movq %rbp, %rax # 48($inp) - adcq %rdx, %r8 -- adcq \$0, %r9 -+ adcq \$0, %rcx - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) -- shrq \$63, %rcx - - #sixth iteration -- movq 40($inp), %r12 -- movq 48($inp), %rax - mulq %r12 - addq %rax, %r10 -- movq 56($inp), %rax -+ movq %r14, %rax # 56($inp) - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax -- movq %r10, %r15 -- leaq (%rcx,%r10,2), %r10 #shld \$1, %rcx, %r10 - adcq \$0, %rdx -- shrq \$63, %r15 - addq %rbx, %r11 -- movq %rdx, %r12 -- adcq \$0, %r12 -+ adcq \$0, %rdx - -- movq %r11, %rbx -- leaq (%r15,%r11,2), %r11 #shld \$1, %r10, %r11 -+ xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 -+ addq %r9, %r9 -+ movq %rdx, %r12 -+ adcq %r10, %r10 -+ adcq \$0, %rbx - - mulq %rax -+ addq %rcx, %rax -+ adcq \$0, %rdx - addq %rax, %r9 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r10 -- adcq \$0, %r11 -+ adcq \$0, %rbx - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - - #seventh iteration -- movq 48($inp), %r13 -- movq 56($inp), %rax -- mulq %r13 -+ mulq %rbp - addq %rax, %r12 -- movq %r13, %rax -- movq %rdx, %r13 -- adcq \$0, %r13 -+ movq %rbp, %rax -+ adcq \$0, %rdx - -- xorq %r14, %r14 -- shlq \$1, %rbx -- adcq %r12, %r12 #shld \$1, %rbx, %r12 -- adcq %r13, %r13 #shld \$1, %r12, %r13 -- adcq %r14, %r14 #shld \$1, %r13, %r14 -+ xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 -+ addq %r11, %r11 -+ movq %rdx, %r13 -+ adcq %r12, %r12 -+ adcq \$0, %rcx - - mulq %rax -+ addq %rbx, %rax -+ adcq \$0, %rdx - addq %rax, %r11 -+ movq %r14, %rax # 56($inp) - adcq %rdx, %r12 -- adcq \$0, %r13 -+ adcq \$0, %rcx - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - - #eighth iteration -- movq 56($inp), %rax -+ xorq %rbx, %rbx # rbx:r13 = r13 << 1 -+ addq %r13, %r13 -+ adcq \$0, %rbx -+ - mulq %rax -- addq %rax, %r13 -+ addq %rcx, %rax - adcq \$0, %rdx -- -- addq %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) -+ addq %r13, %rax -+ adcq %rbx, %rdx - - movq (%rsp), %r8 - movq 8(%rsp), %r9 -@@ -469,6 +472,10 @@ $code.=<<___; - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 -+ movq %xmm1, %rbp -+ -+ movq %rax, 112(%rsp) -+ movq %rdx, 120(%rsp) - - call __rsaz_512_reduce - -@@ -500,9 +507,9 @@ $code.=<<___; - .Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load -- movq %rbp, %xmm1 # off-load - #first iteration - mulx %rax, %r8, %r9 -+ mov %rax, %rbx - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 -@@ -510,40 +517,39 @@ $code.=<<___; - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - -- mulx 32($inp), %rcx, %r12 -+ .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - -- mulx 40($inp), %rax, %r13 -+ .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - -- .byte 0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($inp), %rcx, %r14 -+ mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - -- .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r15 -+ mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shl \$1, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rdx, %r8 -- mov 8($inp), %rdx -- adcx %rbp, %r9 -+ mulx %rdx, %rax, $out -+ mov %rbx, %rdx # 8($inp) -+ xor %rcx, %rcx -+ adox %r8, %r8 -+ adcx $out, %r8 -+ adox %rbp, %rcx -+ adcx %rbp, %rcx - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - - #second iteration -- mulx 16($inp), %rax, %rbx -+ .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - -- .byte 0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r8 -+ mulx 24($inp), $out, %r8 - adox $out, %r11 -+ .byte 0x66 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx -@@ -561,24 +567,25 @@ $code.=<<___; - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 -+ mulx %rdx, %rax, $out - adox %rbp, %r8 -+ .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp,%ebp -- mulx %rdx, %rax, %rcx -- mov 16($inp), %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rcx, %r10 -- adcx %rbp, %r11 -+ adox %rbp, %rbx -+ adcx $out, %r10 -+ adcx %rbp, %rbx - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - - #third iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00 # mulx 24($inp), $out, %r9 -+ mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - -@@ -586,7 +593,7 @@ $code.=<<___; - adox %rax, %r13 - adcx %rcx, %r14 - -- mulx 40($inp), $out, %r9 -+ .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - -@@ -594,27 +601,28 @@ $code.=<<___; - adox %rax, %r15 - adcx %rcx, %r8 - -- .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r9 -+ mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 -+ mulx %rdx, %rax, $out - adox %rbp, %r9 -+ mov 24($inp), %rdx - -- mov %r13, %rcx -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 - adcx %rax, %r11 -- adcx %rdx, %r12 -- mov 24($inp), %rdx -- adcx %rbp, %r13 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - mov %r11, 32(%rsp) -- .byte 0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00 # mov %r12, 40(%rsp) -+ mov %r12, 40(%rsp) - - #fourth iteration -- .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00 # mulx 32($inp), %rax, %rbx -+ mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - -@@ -629,25 +637,25 @@ $code.=<<___; - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 -+ mulx %rdx, %rax, $out - adox %rbp, %r10 -+ mov 32($inp), %rdx - -- .byte 0x66 -- mov %r15, %rbx -- shld \$1, %r14, %r15 -- shld \$1, %rcx, %r14 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, $out -+ adox %r14, %r14 - adcx %rax, %r13 -- adcx %rdx, %r14 -- mov 32($inp), %rdx -- adcx %rbp, %r15 -+ adox %rbp, %rbx -+ adcx $out, %r14 -+ adcx %rbp, %rbx - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - - #fifth iteration -- .byte 0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r11 -+ mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - -@@ -658,18 +666,19 @@ $code.=<<___; - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 -+ mulx %rdx, %rax, $out -+ mov 40($inp), %rdx - adox %rbp, %r11 - -- mov %r9, %rcx -- shld \$1, %r8, %r9 -- shld \$1, %rbx, %r8 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rcx, %rcx -+ adcx %rbx, %rax -+ adox %r15, %r15 -+ adcx %rbp, $out -+ adox %r8, %r8 - adcx %rax, %r15 -- adcx %rdx, %r8 -- mov 40($inp), %rdx -- adcx %rbp, %r9 -+ adox %rbp, %rcx -+ adcx $out, %r8 -+ adcx %rbp, %rcx - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) -@@ -682,18 +691,19 @@ $code.=<<___; - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 -+ mulx %rdx, %rax, $out - adox %rbp, %r12 -+ mov 48($inp), %rdx - -- mov %r11, %rbx -- shld \$1, %r10, %r11 -- shld \$1, %rcx, %r10 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r9, %r9 -+ adcx %rbp, $out -+ adox %r10, %r10 - adcx %rax, %r9 -- adcx %rdx, %r10 -- mov 48($inp), %rdx -- adcx %rbp, %r11 -+ adcx $out, %r10 -+ adox %rbp, %rbx -+ adcx %rbp, %rbx - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) -@@ -703,31 +713,31 @@ $code.=<<___; - adox %rax, %r12 - adox %rbp, %r13 - -- xor %r14, %r14 -- shld \$1, %r13, %r14 -- shld \$1, %r12, %r13 -- shld \$1, %rbx, %r12 -- -- xor %ebp, %ebp -- mulx %rdx, %rax, %rdx -- adcx %rax, %r11 -- adcx %rdx, %r12 -+ mulx %rdx, %rax, $out -+ xor %rcx, %rcx - mov 56($inp), %rdx -- adcx %rbp, %r13 -+ adcx %rbx, %rax -+ adox %r11, %r11 -+ adcx %rbp, $out -+ adox %r12, %r12 -+ adcx %rax, %r11 -+ adox %rbp, %rcx -+ adcx $out, %r12 -+ adcx %rbp, %rcx - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - - #eighth iteration - mulx %rdx, %rax, %rdx -- adox %rax, %r13 -- adox %rbp, %rdx -+ xor %rbx, %rbx -+ adcx %rcx, %rax -+ adox %r13, %r13 -+ adcx %rbp, %rdx -+ adox %rbp, %rbx -+ adcx %r13, %rax -+ adcx %rdx, %rbx - -- .byte 0x66 -- add %rdx, %r14 -- -- movq %r13, 112(%rsp) -- movq %r14, 120(%rsp) - movq %xmm0, $out - movq %xmm1, %rbp - -@@ -741,6 +751,9 @@ $code.=<<___; - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - -+ movq %rax, 112(%rsp) -+ movq %rbx, 120(%rsp) -+ - call __rsaz_512_reducex - - addq 64(%rsp), %r8 --- -2.17.1 - diff --git a/main/openssl/man-section.patch b/main/openssl/man-section.patch index 29201456129..0606897f45e 100644 --- a/main/openssl/man-section.patch +++ b/main/openssl/man-section.patch @@ -25,8 +25,8 @@ index 1292053546f5..c034d21884d8 100644 @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing manpages" $(PERL) $(SRCDIR)/util/process_docs.pl \ -- --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) -+ --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \ +- "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) ++ "--destdir=$(DESTDIR)$(MANDIR)" --type=man --suffix=$(MANSUFFIX) \ + --mansection=$(MANSECTION) uninstall_man_docs: diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD index 0e02115e46a..ce6fe783616 100644 --- a/main/patch/APKBUILD +++ b/main/patch/APKBUILD @@ -27,6 +27,7 @@ builddir="$srcdir"/$pkgname-$pkgver # 2.7.6-r6: # - CVE-2018-1000156 # - CVE-2019-13638 +# - CVE-2018-20969 # 2.7.6-r5: # - CVE-2019-13636 # 2.7.6-r2: diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD index da65eef6bb4..d7f05247b89 100644 --- a/main/pcre/APKBUILD +++ b/main/pcre/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=pcre pkgver=8.42 -pkgrel=1 +pkgrel=2 pkgdesc="Perl-compatible regular expression library" url="http://pcre.sourceforge.net" arch="all" @@ -12,9 +12,13 @@ makedepends="" checkdepends="paxmark" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools libpcrecpp libpcre16 libpcre32" -source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2 +source="https://ftp.pcre.org/pub/pcre/pcre-$pkgver.tar.bz2 + CVE-2020-14155.patch " + # secfixes: +# 8.42-r2: +# - CVE-2020-14155 # 8.40-r2: # - CVE-2017-7186 # 7.8-r0: @@ -94,4 +98,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2" +sha512sums="b47b923108f6ee0c31409b79d0888314271b482a22590e164d02f21d2112fba22dd0342c24f9ba0f5fcc5b8c65550bad08c476e30a2fc79b34ecf4601ed82f3d pcre-8.42.tar.bz2 +23baa5fbaff7b52e861a539a83ad4406937d7a8a85d2a4e2419d0bea99204659e350caab68091d6354842297df2bb3097204bc63c4e1d3d9d1b94427efc46748 CVE-2020-14155.patch" diff --git a/main/pcre/CVE-2020-14155.patch b/main/pcre/CVE-2020-14155.patch new file mode 100644 index 00000000000..3bfa119f3b5 --- /dev/null +++ b/main/pcre/CVE-2020-14155.patch @@ -0,0 +1,31 @@ +pcre: Fix int overflow when parsing "?C<arg>" callout args. + +Numerical args must be 0-255, so this shouldn't break correct usage. + +--- a/pcre_compile.c 2020/02/10 17:01:27 1760 ++++ b/pcre_compile.c 2020/02/10 17:17:34 1761 +@@ -7130,17 +7130,19 @@ + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++ if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++ } + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +- { +- *errorcodeptr = ERR38; +- goto FAILED; +- } + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ diff --git a/main/perl-datetime-timezone/APKBUILD b/main/perl-datetime-timezone/APKBUILD index 74a39f43ae6..87cef23fdb3 100644 --- a/main/perl-datetime-timezone/APKBUILD +++ b/main/perl-datetime-timezone/APKBUILD @@ -1,50 +1,39 @@ -# Automatically generated by apkbuild-cpan, template 2 +# Automatically generated by apkbuild-cpan, template 3 # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=perl-datetime-timezone +#_pkgreal is used by apkbuild-cpan to find modules at MetaCpan _pkgreal=DateTime-TimeZone -pkgver=2.19 +pkgver=2.43 pkgrel=0 pkgdesc="Time zone object base class and factory" -url="http://search.cpan.org/dist/DateTime-TimeZone/" +url="https://metacpan.org/release/DateTime-TimeZone/" arch="noarch" -license="GPL PerlArtistic" -cpandepends="perl-class-singleton perl-params-validationcompiler perl-namespace-autoclean perl-try-tiny perl-module-runtime perl-specio" -cpanmakedepends="" -cpancheckdepends="perl-test-requires perl-test-fatal" -depends="$cpandepends" -makedepends="perl-dev $cpanmakedepends" -options="!check" # disable due to circular dependency with perl-datetime -#checkdepends="perl-datetime $cpancheckdepends" -checkdepends="$cpancheckdepends" +license="GPL-1.0-or-later OR Artistic-1.0-Perl" +depends="perl perl-specio perl-params-validationcompiler perl-module-runtime + perl-try-tiny perl-namespace-autoclean perl-class-singleton" +makedepends="perl-dev" +checkdepends="perl-test-fatal perl-test-requires" subpackages="$pkgname-doc" -source="http://search.cpan.org/CPAN/authors/id/D/DR/DROLSKY/$_pkgreal-$pkgver.tar.gz" +source="https://cpan.metacpan.org/authors/id/D/DR/DROLSKY/DateTime-TimeZone-$pkgver.tar.gz" builddir="$srcdir/$_pkgreal-$pkgver" -prepare() { - default_prepare - - cd "$builddir" +build() { export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}') PERL_MM_USE_DEFAULT=1 perl -I. Makefile.PL INSTALLDIRS=vendor + make } -build() { - cd "$builddir" +check() { export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}') - make + make test } package() { - cd "$builddir" make DESTDIR="$pkgdir" install find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete } -check() { - cd "$builddir" - export CFLAGS=$(perl -MConfig -E 'say $Config{ccflags}') - make test -} -sha512sums="77c40e390da5747d10135dbe3652051e727a42e57eee7d7659d48bb284e64b94b006b6b7c0deea2354e46e2f50aeacff9299f4ca2a0c221de59d58e869f929eb DateTime-TimeZone-2.19.tar.gz" + +sha512sums="4e9bf442775ba58c6539a88e3e15ef8fc93aa4dbc6916034eeb0505930ee3cd83ce3d6de6f0e6c437a60fbdde3ecef0842740430f6af8579d0bbda2332bd7bc0 DateTime-TimeZone-2.43.tar.gz" diff --git a/main/perl-dbi/APKBUILD b/main/perl-dbi/APKBUILD index b594ee5f2ab..6cd331207c2 100644 --- a/main/perl-dbi/APKBUILD +++ b/main/perl-dbi/APKBUILD @@ -2,34 +2,31 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=perl-dbi _realpkgname=DBI -pkgver=1.642 +pkgver=1.643 pkgrel=0 pkgdesc="Database independent interface for Perl" -url="http://search.cpan.org/dist/${_realpkgname}" +url="http://search.cpan.org/dist/$_realpkgname" arch="all" -license="GPL PerlArtistic" -depends= -makedepends="perl perl-dev" +license="GPL-1.0-or-later OR Artistic-1.0-Perl" +depends="perl" +makedepends="perl-dev" subpackages="$pkgname-doc" -source="http://www.cpan.org/authors/id/T/TI/TIMB/${_realpkgname}-$pkgver.tar.gz" -builddir="$srcdir"/${_realpkgname}-$pkgver +source="http://www.cpan.org/authors/id/T/TI/TIMB/$_realpkgname-$pkgver.tar.gz" +builddir="$srcdir"/$_realpkgname-$pkgver build() { - cd "$builddir" PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor make } -check () { - cd "$builddir" +check() { make test } package() { - cd "$builddir" make DESTDIR="$pkgdir" install - # creates file collision among perl modules - find "$pkgdir" -name perllocal.pod -delete + # creates file collision among perl modules + find "$pkgdir" -name perllocal.pod -delete } -sha512sums="088161a004893a495b740c323acdfe096936812f8f1b12c0ae4b5b23a6dced01761be5589be5e2e66661bdeffd043504097213e713c0258fe1db2a60156ea079 DBI-1.642.tar.gz" +sha512sums="03812f3eb1e43c8290dadb8cb14bbced9ec6e237228ea2a2ba91f22e52143906a91a7e82945dab30b1d1b9fc925073721111adafd9a09fac070808ab88f908b8 DBI-1.643.tar.gz" diff --git a/main/perl-mozilla-ca/APKBUILD b/main/perl-mozilla-ca/APKBUILD index b4de335ecd3..81fde271fb5 100644 --- a/main/perl-mozilla-ca/APKBUILD +++ b/main/perl-mozilla-ca/APKBUILD @@ -3,37 +3,34 @@ # Maintainer: Kiyoshi Aman <kiyoshi.aman@gmail.com> pkgname=perl-mozilla-ca _pkgreal=Mozilla-CA -pkgver=20160104 +pkgver=20200520 pkgrel=0 pkgdesc="Mozilla's CA cert bundle in PEM format" -url="http://search.cpan.org/dist/Mozilla-CA/" +url="https://metacpan.org/release/Mozilla-CA" arch="noarch" license="GPL PerlArtistic" -cpandepends="" -cpanmakedepends="" -depends="$cpandepends" -makedepends="perl-dev $cpanmakedepends" +makedepends="perl-dev" subpackages="$pkgname-doc" -source="http://search.cpan.org/CPAN/authors/id/A/AB/ABH/$_pkgreal-$pkgver.tar.gz" - -_builddir="$srcdir/$_pkgreal-$pkgver" +source="https://search.cpan.org/CPAN/authors/id/A/AB/ABH/$_pkgreal-$pkgver.tar.gz" +builddir="$srcdir/$_pkgreal-$pkgver" prepare() { - cd "$_builddir" + default_prepare + PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor } build() { - cd "$_builddir" - make && make test + make +} + +check() { + make test } package() { - cd "$_builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete } -md5sums="1b91edb15953a8188f011ab5ff433300 Mozilla-CA-20160104.tar.gz" -sha256sums="27a7069a243162b65ada4194ff9d21b6ebc304af723eb5d3972fb74c11b03f2a Mozilla-CA-20160104.tar.gz" -sha512sums="3b416d45ce82d2a0be5f8a3f61506deba48c9208e579e418addb2ff8920599aa4b4ab52f7ff4b8aaf274cf4cf2da8d30f7775f9663c6d9d3aae92f7a1cf6292b Mozilla-CA-20160104.tar.gz" +sha512sums="5bc7c43c55baa3f878fd2dbf1c85d6b20dcdc9e54ae073d1be4f6b808fa5a4b1205428b7967b5f752b31a62464a8b5cc67b32b3f70b834a4da9c39efe3d5d59f Mozilla-CA-20200520.tar.gz" diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD index 3206f319773..f81086cee34 100644 --- a/main/perl/APKBUILD +++ b/main/perl/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=perl pkgver=5.26.3 -pkgrel=0 +pkgrel=1 pkgdesc="Larry Wall's Practical Extraction and Report Language" url="http://www.perl.org/" arch="all" @@ -15,9 +15,16 @@ makedepends="bzip2-dev zlib-dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-utils::noarch miniperl" source="http://www.cpan.org/src/5.0/perl-$pkgver.tar.gz CVE-2018-12015.patch + CVE-2020-10543.patch + CVE-2020-10878.patch + CVE-2020-12723.patch " # secfixes: +# 5.26.3-r1: +# - CVE-2020-10543 +# - CVE-2020-10878 +# - CVE-2020-12723 # 5.26.3-r0: # - CVE-2018-18311 # - CVE-2018-18312 @@ -161,4 +168,7 @@ utils() { } sha512sums="03914ed51163c998a6afa45610a13cf50124a2c68d291c344b0d52fa15c27fc5d5d4f5dc117516078a03dfd51250097b87c8d5e2b17c7858a4c8c536aecd05af perl-5.26.3.tar.gz -feda381bd3230443341b99135bac4d6010e9d28b619d9fb57f2dda2c29b8877f012f76d31631e5227ef79e73e0b2b162548fa24704752e61f10c05d015c68916 CVE-2018-12015.patch" +feda381bd3230443341b99135bac4d6010e9d28b619d9fb57f2dda2c29b8877f012f76d31631e5227ef79e73e0b2b162548fa24704752e61f10c05d015c68916 CVE-2018-12015.patch +d084db26a6a86bcea0d8f0ecaf63581aae2fb718d92330036464e5c6530480d9bd6624762d54d4d348fdd17f6858be524286fda868f8da3ae943ceae80fec099 CVE-2020-10543.patch +d8eda9f6bd4ab81c7008697308c081be459f0b9a22bc64dd7841eb7111a98dbe967ff161c22f87bec90487ae2720e2f33c87a6d42a9b9c8af50d65dc558ce40a CVE-2020-10878.patch +b20c3b94ed675cca255583f7fe826e7e66b0bc05b90fc67f5b717e9204a37f87845fec78752e8fd135f2694d49dd4ccd0c875ab8d7ea1541f804bf270a10f181 CVE-2020-12723.patch" diff --git a/main/perl/CVE-2020-10543.patch b/main/perl/CVE-2020-10543.patch new file mode 100644 index 00000000000..a585eb74a92 --- /dev/null +++ b/main/perl/CVE-2020-10543.patch @@ -0,0 +1,32 @@ +From 897d1f7fd515b828e4b198d8b8bef76c6faf03ed Mon Sep 17 00:00:00 2001 +From: John Lightsey <jd@cpanel.net> +Date: Wed, 20 Nov 2019 20:02:45 -0600 +Subject: [PATCH] regcomp.c: Prevent integer overflow from nested regex + quantifiers. + +(CVE-2020-10543) On 32bit systems the size calculations for nested regular +expression quantifiers could overflow causing heap memory corruption. + +Fixes: Perl/perl5-security#125 +(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71) +--- + regcomp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/regcomp.c b/regcomp.c +index 93c8d98fbb0..5f86be8086d 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -5489,6 +5489,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + RExC_precomp))); + } + ++ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext ) ++ || min >= SSize_t_MAX - minnext * mincount ) ++ { ++ FAIL("Regexp out of space"); ++ } ++ + min += minnext * mincount; + is_inf_internal |= deltanext == SSize_t_MAX + || (maxcount == REG_INFTY && minnext + deltanext > 0); diff --git a/main/perl/CVE-2020-10878.patch b/main/perl/CVE-2020-10878.patch new file mode 100644 index 00000000000..4bd3cd92e74 --- /dev/null +++ b/main/perl/CVE-2020-10878.patch @@ -0,0 +1,148 @@ +From 011cd8913d3a230b8d30b156b848585c7c4c1597 Mon Sep 17 00:00:00 2001 +From: Hugo van der Sanden <hv@crypt.org> +Date: Tue, 18 Feb 2020 13:51:16 +0000 +Subject: [PATCH] study_chunk: extract rck_elide_nothing + +(CVE-2020-10878) + +(cherry picked from commit a3a7598c8ec6efb0eb9c0b786d80c4d2a3751b70) +--- + embed.fnc | 1 + + embed.h | 1 + + proto.h | 3 +++ + regcomp.c | 70 ++++++++++++++++++++++++++++++++++--------------------- + 4 files changed, 48 insertions(+), 27 deletions(-) + +diff --git a/embed.fnc b/embed.fnc +index e762fe1eecc..cf892771631 100644 +--- a/embed.fnc ++++ b/embed.fnc +@@ -2477,6 +2477,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \ + |I32 stopparen|U32 recursed_depth \ + |NULLOK regnode_ssc *and_withp \ + |U32 flags|U32 depth ++Es |void |rck_elide_nothing|NN regnode *node + EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \ + |NN const char* const s|const U32 n + rs |void |re_croak2 |bool utf8|NN const char* pat1|NN const char* pat2|... +diff --git a/embed.h b/embed.h +index a5416a1148d..886551ce5c6 100644 +--- a/embed.h ++++ b/embed.h +@@ -1202,6 +1202,7 @@ + #define output_or_return_posix_warnings(a,b,c) S_output_or_return_posix_warnings(aTHX_ a,b,c) + #define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a) + #define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b) ++#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a) + #define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d) + #define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d) + #define reg_node(a,b) S_reg_node(aTHX_ a,b) +diff --git a/proto.h b/proto.h +index 66bb29b1321..d3f8802c1d8 100644 +--- a/proto.h ++++ b/proto.h +@@ -5485,6 +5485,9 @@ STATIC void S_parse_lparen_question_flags(pTHX_ RExC_state_t *pRExC_state); + STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr); + #define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \ + assert(node); assert(invlist_ptr) ++STATIC void S_rck_elide_nothing(pTHX_ regnode *node); ++#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \ ++ assert(node) + PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...) + __attribute__noreturn__; + #define PERL_ARGS_ASSERT_RE_CROAK2 \ +diff --git a/regcomp.c b/regcomp.c +index dd18add1db2..0a9c6a8085a 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -4093,7 +4093,44 @@ S_unwind_scan_frames(pTHX_ const void *p) + } while (f); + } + ++/* Follow the next-chain of the current node and optimize away ++ all the NOTHINGs from it. ++ */ ++STATIC void ++S_rck_elide_nothing(pTHX_ regnode *node) ++{ ++ dVAR; + ++ PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING; ++ ++ if (OP(node) != CURLYX) { ++ const int max = (reg_off_by_arg[OP(node)] ++ ? I32_MAX ++ /* I32 may be smaller than U16 on CRAYs! */ ++ : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX)); ++ int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node)); ++ int noff; ++ regnode *n = node; ++ ++ /* Skip NOTHING and LONGJMP. */ ++ while ( ++ (n = regnext(n)) ++ && ( ++ (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n))) ++ || ((OP(n) == LONGJMP) && (noff = ARG(n))) ++ ) ++ && off + noff < max ++ ) { ++ off += noff; ++ } ++ if (reg_off_by_arg[OP(node)]) ++ ARG(node) = off; ++ else ++ NEXT_OFF(node) = off; ++ } ++ return; ++} ++ + STATIC SSize_t + S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + SSize_t *minlenp, SSize_t *deltap, +@@ -4277,28 +4315,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + */ + JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0); + +- /* Follow the next-chain of the current node and optimize +- away all the NOTHINGs from it. */ +- if (OP(scan) != CURLYX) { +- const int max = (reg_off_by_arg[OP(scan)] +- ? I32_MAX +- /* I32 may be smaller than U16 on CRAYs! */ +- : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX)); +- int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan)); +- int noff; +- regnode *n = scan; +- +- /* Skip NOTHING and LONGJMP. */ +- while ((n = regnext(n)) +- && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n))) +- || ((OP(n) == LONGJMP) && (noff = ARG(n)))) +- && off + noff < max) +- off += noff; +- if (reg_off_by_arg[OP(scan)]) +- ARG(scan) = off; +- else +- NEXT_OFF(scan) = off; +- } ++ /* Follow the next-chain of the current node and optimize ++ away all the NOTHINGs from it. ++ */ ++ rck_elide_nothing(scan); + + /* The principal pseudo-switch. Cannot be a switch, since we + look into several different things. */ +@@ -5425,11 +5445,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n", + if (data && (fl & SF_HAS_EVAL)) + data->flags |= SF_HAS_EVAL; + optimize_curly_tail: +- if (OP(oscan) != CURLYX) { +- while (PL_regkind[OP(next = regnext(oscan))] == NOTHING +- && NEXT_OFF(next)) +- NEXT_OFF(oscan) += NEXT_OFF(next); +- } ++ rck_elide_nothing(oscan); + continue; + + default: diff --git a/main/perl/CVE-2020-12723.patch b/main/perl/CVE-2020-12723.patch new file mode 100644 index 00000000000..657f0c7cc21 --- /dev/null +++ b/main/perl/CVE-2020-12723.patch @@ -0,0 +1,277 @@ +From 3f4ba871d2d397dcd4386ed75e05353c36135c29 Mon Sep 17 00:00:00 2001 +From: Hugo van der Sanden <hv@crypt.org> +Date: Sat, 11 Apr 2020 14:10:24 +0100 +Subject: [PATCH] study_chunk: avoid mutating regexp program within GOSUB + +gh16947 and gh17743: studying GOSUB may restudy in an inner call +(via a mix of recursion and enframing) something that an outer call +is in the middle of looking at. Let the outer frame deal with it. + +(CVE-2020-12723) + +(cherry picked from commit c031e3ec7c713077659f5f7dc6638d926c69d7b2) +--- + embed.fnc | 2 +- + embed.h | 2 +- + proto.h | 2 +- + regcomp.c | 48 ++++++++++++++++++++++++++++++++---------------- + t/re/pat.t | 26 +++++++++++++++++++++++++- + 5 files changed, 60 insertions(+), 20 deletions(-) + +diff --git a/embed.fnc b/embed.fnc +index cf892771631..4b1ba282779 100644 +--- a/embed.fnc ++++ b/embed.fnc +@@ -2476,7 +2476,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \ + |NULLOK struct scan_data_t *data \ + |I32 stopparen|U32 recursed_depth \ + |NULLOK regnode_ssc *and_withp \ +- |U32 flags|U32 depth ++ |U32 flags|U32 depth|bool was_mutate_ok + Es |void |rck_elide_nothing|NN regnode *node + EsR |SV * |get_ANYOFM_contents|NN const regnode * n + EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \ +diff --git a/embed.h b/embed.h +index 886551ce5c6..50fcabc140b 100644 +--- a/embed.h ++++ b/embed.h +@@ -1232,7 +1232,7 @@ + #define ssc_is_cp_posixl_init S_ssc_is_cp_posixl_init + #define ssc_or(a,b,c) S_ssc_or(aTHX_ a,b,c) + #define ssc_union(a,b,c) S_ssc_union(aTHX_ a,b,c) +-#define study_chunk(a,b,c,d,e,f,g,h,i,j,k) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k) ++#define study_chunk(a,b,c,d,e,f,g,h,i,j,k,l) S_study_chunk(aTHX_ a,b,c,d,e,f,g,h,i,j,k,l) + # endif + # if defined(PERL_IN_REGCOMP_C) || defined (PERL_IN_DUMP_C) + #define _invlist_dump(a,b,c,d) Perl__invlist_dump(aTHX_ a,b,c,d) +diff --git a/proto.h b/proto.h +index d3f8802c1d8..e276f69bd1c 100644 +--- a/proto.h ++++ b/proto.h +@@ -5596,7 +5596,7 @@ PERL_STATIC_INLINE void S_ssc_union(pTHX_ regnode_ssc *ssc, SV* const invlist, c + #define PERL_ARGS_ASSERT_SSC_UNION \ + assert(ssc); assert(invlist) + #endif +-STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth); ++STATIC SSize_t S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, SSize_t *minlenp, SSize_t *deltap, regnode *last, struct scan_data_t *data, I32 stopparen, U32 recursed_depth, regnode_ssc *and_withp, U32 flags, U32 depth, bool was_mutate_ok); + #define PERL_ARGS_ASSERT_STUDY_CHUNK \ + assert(pRExC_state); assert(scanp); assert(minlenp); assert(deltap); assert(last) + #endif +diff --git a/regcomp.c b/regcomp.c +index 0a9c6a8085a..e66032a16ad 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -111,6 +111,7 @@ typedef struct scan_frame { + U32 prev_recursed_depth; + I32 stopparen; /* what stopparen do we use */ + U32 is_top_frame; /* what flags do we use? */ ++ bool in_gosub; /* this or an outer frame is for GOSUB */ + + struct scan_frame *this_prev_frame; /* this previous frame */ + struct scan_frame *prev_frame; /* previous frame */ +@@ -4225,7 +4226,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + I32 stopparen, + U32 recursed_depth, + regnode_ssc *and_withp, +- U32 flags, U32 depth) ++ U32 flags, U32 depth, bool was_mutate_ok) + /* scanp: Start here (read-write). */ + /* deltap: Write maxlen-minlen here. */ + /* last: Stop before this one. */ +@@ -4303,6 +4304,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + node length to get a real minimum (because + the folded version may be shorter) */ + bool unfolded_multi_char = FALSE; ++ /* avoid mutating ops if we are anywhere within the recursed or ++ * enframed handling for a GOSUB: the outermost level will handle it. ++ */ ++ bool mutate_ok = was_mutate_ok && !(frame && frame->in_gosub); + /* Peephole optimizer: */ + DEBUG_STUDYDATA("Peep", data, depth, is_inf); + DEBUG_PEEP("Peep", scan, depth, flags); +@@ -4313,7 +4318,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + * parsing code, as each (?:..) is handled by a different invocation of + * reg() -- Yves + */ +- JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0); ++ if (mutate_ok) ++ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0); + + /* Follow the next-chain of the current node and optimize + away all the NOTHINGs from it. +@@ -4345,7 +4351,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + /* DEFINEP study_chunk() recursion */ + (void)study_chunk(pRExC_state, &scan, &minlen, + &deltanext, next, &data_fake, stopparen, +- recursed_depth, NULL, f, depth+1); ++ recursed_depth, NULL, f, depth+1, mutate_ok); + + scan = next; + } else +@@ -4413,7 +4419,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + /* recurse study_chunk() for each BRANCH in an alternation */ + minnext = study_chunk(pRExC_state, &scan, minlenp, + &deltanext, next, &data_fake, stopparen, +- recursed_depth, NULL, f,depth+1); ++ recursed_depth, NULL, f, depth+1, ++ mutate_ok); + + if (min1 > minnext) + min1 = minnext; +@@ -4480,9 +4487,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + } + } + +- if (PERL_ENABLE_TRIE_OPTIMISATION && +- OP( startbranch ) == BRANCH ) +- { ++ if (PERL_ENABLE_TRIE_OPTIMISATION ++ && OP(startbranch) == BRANCH ++ && mutate_ok ++ ) { + /* demq. + + Assuming this was/is a branch we are dealing with: 'scan' +@@ -4933,6 +4941,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + newframe->stopparen = stopparen; + newframe->prev_recursed_depth = recursed_depth; + newframe->this_prev_frame= frame; ++ newframe->in_gosub = ( ++ (frame && frame->in_gosub) || OP(scan) == GOSUB ++ ); + + DEBUG_STUDYDATA("frame-new", data, depth, is_inf); + DEBUG_PEEP("fnew", scan, depth, flags); +@@ -5153,7 +5164,7 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + (mincount == 0 + ? (f & ~SCF_DO_SUBSTR) + : f) +- ,depth+1); ++ , depth+1, mutate_ok); + + if (flags & SCF_DO_STCLASS) + data->start_class = oclass; +@@ -5221,7 +5232,9 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + if ( OP(oscan) == CURLYX && data + && data->flags & SF_IN_PAR + && !(data->flags & SF_HAS_EVAL) +- && !deltanext && minnext == 1 ) { ++ && !deltanext && minnext == 1 ++ && mutate_ok ++ ) { + /* Try to optimize to CURLYN. */ + regnode *nxt = NEXTOPER(oscan) + EXTRA_STEP_2ARGS; + regnode * const nxt1 = nxt; +@@ -5267,10 +5280,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + && !(data->flags & SF_HAS_EVAL) + && !deltanext /* atom is fixed width */ + && minnext != 0 /* CURLYM can't handle zero width */ +- + /* Nor characters whose fold at run-time may be + * multi-character */ + && ! (RExC_seen & REG_UNFOLDED_MULTI_SEEN) ++ && mutate_ok + ) { + /* XXXX How to optimize if data == 0? */ + /* Optimize to a simpler form. */ +@@ -5318,7 +5331,8 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp, + /* Optimize again: */ + /* recurse study_chunk() on optimised CURLYX => CURLYM */ + study_chunk(pRExC_state, &nxt1, minlenp, &deltanext, nxt, +- NULL, stopparen, recursed_depth, NULL, 0,depth+1); ++ NULL, stopparen, recursed_depth, NULL, 0, ++ depth+1, mutate_ok); + } + else + oscan->flags = 0; +@@ -5735,7 +5749,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n", + /* recurse study_chunk() for lookahead body */ + minnext = study_chunk(pRExC_state, &nscan, minlenp, &deltanext, + last, &data_fake, stopparen, +- recursed_depth, NULL, f, depth+1); ++ recursed_depth, NULL, f, depth+1, ++ mutate_ok); + if (scan->flags) { + if (deltanext) { + FAIL("Variable length lookbehind not implemented"); +@@ -5827,7 +5842,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n", + *minnextp = study_chunk(pRExC_state, &nscan, minnextp, + &deltanext, last, &data_fake, + stopparen, recursed_depth, NULL, +- f,depth+1); ++ f, depth+1, mutate_ok); + if (scan->flags) { + if (deltanext) { + FAIL("Variable length lookbehind not implemented"); +@@ -5988,7 +6003,8 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n", + /* optimise study_chunk() for TRIE */ + minnext = study_chunk(pRExC_state, &scan, minlenp, + &deltanext, (regnode *)nextbranch, &data_fake, +- stopparen, recursed_depth, NULL, f,depth+1); ++ stopparen, recursed_depth, NULL, f, depth+1, ++ mutate_ok); + } + if (nextbranch && PL_regkind[OP(nextbranch)]==BRANCH) + nextbranch= regnext((regnode*)nextbranch); +@@ -7673,7 +7689,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count, + &data, -1, 0, NULL, + SCF_DO_SUBSTR | SCF_WHILEM_VISITED_POS | stclass_flag + | (restudied ? SCF_TRIE_DOING_RESTUDY : 0), +- 0); ++ 0, TRUE); + + + CHECK_RESTUDY_GOTO_butfirst(LEAVE_with_name("study_chunk")); +@@ -7802,7 +7818,7 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count, + SCF_DO_STCLASS_AND|SCF_WHILEM_VISITED_POS|(restudied + ? SCF_TRIE_DOING_RESTUDY + : 0), +- 0); ++ 0, TRUE); + + CHECK_RESTUDY_GOTO_butfirst(NOOP); + +diff --git a/t/re/pat.t b/t/re/pat.t +index 1d98fe77d7f..1488259b020 100644 +--- a/t/re/pat.t ++++ b/t/re/pat.t +@@ -23,7 +23,7 @@ BEGIN { + skip_all('no re module') unless defined &DynaLoader::boot_DynaLoader; + skip_all_without_unicode_tables(); + +-plan tests => 840; # Update this when adding/deleting tests. ++plan tests => 844; # Update this when adding/deleting tests. + + run_tests() unless caller; + +@@ -1948,6 +1948,30 @@ EOP + fresh_perl_is('m m0*0+\Rm', "",{},"Undefined behavior in address sanitizer"); + } + ++ # gh16947: test regexp corruption (GOSUB) ++ { ++ fresh_perl_is(q{ ++ 'xy' =~ /x(?0)|x(?|y|y)/ && print 'ok' ++ }, 'ok', {}, 'gh16947: test regexp corruption (GOSUB)'); ++ } ++ # gh16947: test fix doesn't break SUSPEND ++ { ++ fresh_perl_is(q{ 'sx' =~ m{ss++}i; print 'ok' }, ++ 'ok', {}, "gh16947: test fix doesn't break SUSPEND"); ++ } ++ ++ # gh17743: more regexp corruption via GOSUB ++ { ++ fresh_perl_is(q{ ++ "0" =~ /((0(?0)|000(?|0000|0000)(?0))|)/; print "ok" ++ }, 'ok', {}, 'gh17743: test regexp corruption (1)'); ++ ++ fresh_perl_is(q{ ++ "000000000000" =~ /(0(())(0((?0)())|000(?|\x{ef}\x{bf}\x{bd}|\x{ef}\x{bf}\x{bd}))|)/; ++ print "ok" ++ }, 'ok', {}, 'gh17743: test regexp corruption (2)'); ++ } ++ + } # End of sub run_tests + + 1; diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD index d0587a6a6df..f84e75d753d 100644 --- a/main/postgresql/APKBUILD +++ b/main/postgresql/APKBUILD @@ -2,7 +2,7 @@ # Contributor: G.J.R. Timmer <gjr.timmer@gmail.com> # Contributor: Jakub Jirutka <jakub@jirutka.cz> pkgname=postgresql -pkgver=11.7 +pkgver=11.11 pkgrel=0 pkgdesc="A sophisticated object-relational DBMS" url="https://www.postgresql.org/" @@ -36,6 +36,15 @@ builddir="$srcdir/$pkgname-$pkgver" options="!checkroot" # secfixes: +# 11.11-r0: +# - CVE-2021-3393 +# 11.10-r0: +# - CVE-2020-25694 +# - CVE-2020-25695 +# - CVE-2020-25696 +# 11.9-r0: +# - CVE-2020-14349 +# - CVE-2020-14350 # 11.7-r0: # - CVE-2020-1720 # 11.5-r0: @@ -309,7 +318,7 @@ _submv() { done } -sha512sums="32c7ace228f9895241ce0d925fbfc60c0cd39f4cd35368fb10dc7db046151ffd59a9895b4c30a529627f0103051e84b4992ed60312cccd292489f3037076ca1e postgresql-11.7.tar.bz2 +sha512sums="8d38e6b7826e73191159f1ee69efde28adc061e0041eb136f55681503a189355b869b2ff312860325d454c1f95367d921fb61dd2de31f584261f165f229bcdb9 postgresql-11.11.tar.bz2 1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch 5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch 8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch diff --git a/main/putty/APKBUILD b/main/putty/APKBUILD index 87d7b615797..eff722a14a3 100644 --- a/main/putty/APKBUILD +++ b/main/putty/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Jeff Bilyk <jbilyk@alpinelinux.org> pkgname=putty -pkgver=0.73 +pkgver=0.74 pkgrel=0 pkgdesc="SSH and telnet client" url="https://www.chiark.greenend.org.uk/~sgtatham/putty/" @@ -14,6 +14,8 @@ options="!check" # no test suite builddir="$srcdir"/putty-$pkgver # secfixes: +# 0.74-r0: +# - CVE-2020-14002 # 0.73-r0: # - CVE-2019-17068 # - CVE-2019-17069 @@ -37,5 +39,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="4ada4b8c6d68be44afede2676bc661fedfd1ea0b574b8232ad9aaa6f3a48baa9f4f0ded2955b3f2677a14db85a508f53c965cb00fcd7538a1ed9844031f0c5e5 putty-0.73.tar.gz +sha512sums="0da86849ea764cd88643bd2c1984ac7211ae72dd7c41232307b1960a29ca9518044b022d87c60272d6db71a3357026862a112bedb90ee732b41494fca3acde9b putty-0.74.tar.gz b10b2332ca0592db5664311d1bba7549ded79f16f6eef13dab3caca21626d97657f31e8603766e00b1a06f42cf229107eb53929730fe48e97cfc9216093fcc4c fix-ppc64le-disable-werror.patch" diff --git a/main/py-django/APKBUILD b/main/py-django/APKBUILD index b5168c142b7..479ba87cf7d 100644 --- a/main/py-django/APKBUILD +++ b/main/py-django/APKBUILD @@ -3,7 +3,7 @@ pkgname=py-django _pkgname=Django pkgver=1.11.29 -pkgrel=0 +pkgrel=1 pkgdesc="A high-level Python Web framework" url="http://djangoproject.com/" arch="noarch" @@ -12,10 +12,16 @@ depends="py-tz" makedepends="python2-dev python3-dev py-setuptools" options="!check" # some depends missing, others in community/testing subpackages="py2-${pkgname#py-}:_py2 py3-${pkgname#py-}:_py3" -source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz" +source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz + CVE-2020-24583.patch + CVE-2020-24584.patch + " builddir="$srcdir"/$_pkgname-$pkgver # secfixes: +# 1.11.29-r1: +# - CVE-2020-24583 +# - CVE-2020-24584 # 1.11.29-r0: # - CVE-2020-9402 # 1.11.28-r0: @@ -99,4 +105,6 @@ _py() { done } -sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz" +sha512sums="dc8d1c5c09f998bf7015967961247e56a9c1dd55701534c6bce6dac2270a5531e1162d9bcbf5ec5f4d411d2d0dc820c82fd9b69628c5ff944bb9f1a22290a562 Django-1.11.29.tar.gz +e4eda8069558471268f2e8a705877b3f682adac80221ade5ba742476f897eb3a13d82af7367083b707186e4a49de4f7a6beaadc05274d10b9c88cb2f169ff1a9 CVE-2020-24583.patch +4fde0868b63a739c28e066665e098bb7a667fe81311a839ff7d1dfff13cb67751271be6e88b4f245aa3ebcbd2bb856730418f3006f7820405cd54bf951e98faf CVE-2020-24584.patch" diff --git a/main/py-django/CVE-2020-24583.patch b/main/py-django/CVE-2020-24583.patch new file mode 100644 index 00000000000..b21c6b8ead5 --- /dev/null +++ b/main/py-django/CVE-2020-24583.patch @@ -0,0 +1,29 @@ +From bbf6bd8a50a02d5015a2b0043abfbf2b4e6acce6 Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Fri, 11 Dec 2020 02:07:01 -0300 +Subject: [PATCH 1/2] CVE-2020-24583 + +--- + django/core/files/storage.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/django/core/files/storage.py b/django/core/files/storage.py +index 98c89dd..9643198 100644 +--- a/django/core/files/storage.py ++++ b/django/core/files/storage.py +@@ -310,9 +310,9 @@ class FileSystemStorage(Storage): + if not os.path.exists(directory): + try: + if self.directory_permissions_mode is not None: +- # os.makedirs applies the global umask, so we reset it, +- # for consistency with file_permissions_mode behavior. +- old_umask = os.umask(0) ++ # Set the umask because os.makedirs() doesn't apply the "mode" ++ # argument to intermediate-level directories. ++ old_umask = os.umask(0o777 & ~self.directory_permissions_mode) + try: + os.makedirs(directory, self.directory_permissions_mode) + finally: +-- +2.29.2 + diff --git a/main/py-django/CVE-2020-24584.patch b/main/py-django/CVE-2020-24584.patch new file mode 100644 index 00000000000..fa4dc132a5f --- /dev/null +++ b/main/py-django/CVE-2020-24584.patch @@ -0,0 +1,30 @@ +From 13e83e6f60d9ed91316c975425bc4b89c130ec9c Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Fri, 11 Dec 2020 02:08:48 -0300 +Subject: [PATCH 2/2] CVE-2020-24584 + +--- + django/core/cache/backends/filebased.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/django/core/cache/backends/filebased.py b/django/core/cache/backends/filebased.py +index 7c2c5c7..88cebef 100644 +--- a/django/core/cache/backends/filebased.py ++++ b/django/core/cache/backends/filebased.py +@@ -102,8 +102,13 @@ class FileBasedCache(BaseCache): + + def _createdir(self): + if not os.path.exists(self._dir): ++ # Set the umask because os.makedirs() doesn't apply the "mode" argument ++ # to intermediate-level directories. ++ old_umask = os.umask(0o077) + try: + os.makedirs(self._dir, 0o700) ++ finally: ++ os.umask(old_umask) + except OSError as e: + if e.errno != errno.EEXIST: + raise EnvironmentError( +-- +2.29.2 + diff --git a/main/python2/APKBUILD b/main/python2/APKBUILD index d05aeaab3d8..cb184e6193d 100644 --- a/main/python2/APKBUILD +++ b/main/python2/APKBUILD @@ -2,9 +2,9 @@ pkgname=python2 # the python2-tkinter's pkgver needs to be synchronized with this. -pkgver=2.7.16 +pkgver=2.7.18 _verbase=${pkgver%.*} -pkgrel=2 +pkgrel=0 pkgdesc="A high-level scripting language" url="https://www.python.org" arch="all" @@ -19,13 +19,14 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch unchecked-ioctl.patch - CVE-2019-9636.patch - CVE-2019-9948.patch - CVE-2019-16935.patch " builddir="$srcdir/Python-$pkgver" # secfixes: +# 2.7.18-r0: +# - CVE-2019-18348 +# 2.7.17-r0: +# - CVE-2019-15903 # 2.7.16-r1: # - CVE-2019-9636 # - CVE-2019-9948 @@ -143,9 +144,6 @@ wininst() { "$subpkgdir"/usr/lib/python$_verbase/distutils/command } -sha512sums="16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0 Python-2.7.16.tar.xz +sha512sums="a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c Python-2.7.18.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch -5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch -54086e7b4d3597969b945b1460fe578ff3a13289703d58d79b8f00f644eccc4acc11fc6128b7b114f022a6f6cedc91e02eead6373bac0d36e22eb580a1becb53 CVE-2019-9636.patch -2f9523bd3e39c4831110821d93aef1562ca80708f1b553428eb5c228cdf2192feb13d7aef41097a5df4b4243da8b8f7247f691c0ab73967b0bf2bf6a1a0d487f CVE-2019-9948.patch -758a897f01665149a23cbc3898fe060c043647d6fe6d22d8ca9038554b4ef1c7b2ac638d37eaed265167cd50f9329be2518f07464dccb7a7ab34ec9be4710095 CVE-2019-16935.patch" +5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch" diff --git a/main/python3/APKBUILD b/main/python3/APKBUILD index 461feb5f52a..aae515bf833 100644 --- a/main/python3/APKBUILD +++ b/main/python3/APKBUILD @@ -5,7 +5,7 @@ pkgname=python3 # the python2-tkinter's pkgver needs to be synchronized with this. pkgver=3.6.9 _basever="${pkgver%.*}" -pkgrel=2 +pkgrel=3 pkgdesc="A high-level scripting language" url="https://www.python.org" arch="all" @@ -20,10 +20,13 @@ source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz musl-find_library.patch CVE-2019-16056.patch CVE-2019-16935.patch + CVE-2020-14422.patch " builddir="$srcdir/Python-$pkgver" # secfixes: +# 3.6.9-r3: +# - CVE-2020-14422 # 3.6.9-r2: # - CVE-2019-16935 # 3.6.9-r1: @@ -164,4 +167,5 @@ sha512sums="05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65ee 37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch e8708c4fef1b591dd7251b36a785f9bc6472f2a25fba11bc4116814e93e770230ebd0016285c28d9065c49c5bf2be10f72182e23fb2767e1875ef20c94b5c97c CVE-2019-16056.patch -7f94d887c81f79d90afd4a9621547c13cbdd0232250f62a686b26a63160a4d286a6db9b342d06b9b63af64f994835b489c37bab499a2093c3c2585dc7a04d8a1 CVE-2019-16935.patch" +7f94d887c81f79d90afd4a9621547c13cbdd0232250f62a686b26a63160a4d286a6db9b342d06b9b63af64f994835b489c37bab499a2093c3c2585dc7a04d8a1 CVE-2019-16935.patch +cdf2f0ae115d2a37bae4828c6d13e102a030054e2ee71a1c30b12fd2c0864a25908ef30e73c099fd2b49f5e10cef6f8ed126c06f0c2cf660dfce0fec07f6f74c CVE-2020-14422.patch" diff --git a/main/python3/CVE-2020-14422.patch b/main/python3/CVE-2020-14422.patch new file mode 100644 index 00000000000..28fdff66f48 --- /dev/null +++ b/main/python3/CVE-2020-14422.patch @@ -0,0 +1,74 @@ +From cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 Mon Sep 17 00:00:00 2001 +From: Tapas Kundu <39723251+tapakund@users.noreply.github.com> +Date: Wed, 1 Jul 2020 01:00:22 +0530 +Subject: [PATCH] [3.6] bpo-41004: Resolve hash collisions for IPv4Interface + and IPv6Interface (GH-21033) (GH-21232) + +CVE-2020-14422 +The __hash__() methods of classes IPv4Interface and IPv6Interface had issue +of generating constant hash values of 32 and 128 respectively causing hash collisions. +The fix uses the hash() function to generate hash values for the objects +instead of XOR operation +(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28) + +Co-authored-by: Ravi Teja P <rvteja92@gmail.com> + +Signed-off-by: Tapas Kundu <tkundu@vmware.com> +--- + Lib/ipaddress.py | 4 ++-- + Lib/test/test_ipaddress.py | 11 +++++++++++ + .../Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst | 1 + + 3 files changed, 14 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst + +diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py +index 583f02ad54275..98492136ca5f4 100644 +--- a/Lib/ipaddress.py ++++ b/Lib/ipaddress.py +@@ -1418,7 +1418,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +@@ -2092,7 +2092,7 @@ def __lt__(self, other): + return False + + def __hash__(self): +- return self._ip ^ self._prefixlen ^ int(self.network.network_address) ++ return hash((self._ip, self._prefixlen, int(self.network.network_address))) + + __reduce__ = _IPAddressBase.__reduce__ + +diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py +index 1cef4217bc883..7de444af4aa57 100644 +--- a/Lib/test/test_ipaddress.py ++++ b/Lib/test/test_ipaddress.py +@@ -1990,6 +1990,17 @@ def testsixtofour(self): + sixtofouraddr.sixtofour) + self.assertFalse(bad_addr.sixtofour) + ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV4HashIsNotConstant(self): ++ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4") ++ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5") ++ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__()) ++ ++ # issue41004 Hash collisions in IPv4Interface and IPv6Interface ++ def testV6HashIsNotConstant(self): ++ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1") ++ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2") ++ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__()) + + if __name__ == '__main__': + unittest.main() +diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +new file mode 100644 +index 0000000000000..f5a9db52fff52 +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst +@@ -0,0 +1 @@ ++CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD index 026de8a999c..7139b67e280 100644 --- a/main/ruby/APKBUILD +++ b/main/ruby/APKBUILD @@ -3,6 +3,9 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> # # secfixes: +# 2.5.8-r0: +# - CVE-2020-16255 +# - CVE-2020-10933 # 2.5.7-r0: # - CVE-2019-16255 # - CVE-2019-16254 @@ -38,7 +41,7 @@ # - CVE-2017-17405 # pkgname=ruby -pkgver=2.5.7 +pkgver=2.5.8 _abiver="${pkgver%.*}.0" pkgrel=0 pkgdesc="An object-oriented language for quick and easy programming" @@ -351,7 +354,7 @@ _mvgem() { done } -sha512sums="6c4219e1ac316fb00cdd5ff2ac6292448e6ddf49f25eda91426f8e0072288e8849d5c623bf9d532b8e93997b23dddc24718921d92b74983aac8fdb50db4ee809 ruby-2.5.7.tar.gz +sha512sums="ec8bf18b5ef8bf14a568dfb50cbddcc4bb13241f07b0de969e7b60cc261fb4e08fefeb5236bcf620bc690af112a9ab7f7c89f5b8a03fd3430e58804227b5041f ruby-2.5.8.tar.gz cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch 814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch 8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch" diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD index 1319269f8da..18a6dfce1dd 100644 --- a/main/samba/APKBUILD +++ b/main/samba/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=samba pkgver=4.8.12 -pkgrel=1 +pkgrel=2 pkgdesc="Tools to access a server's filespace and printers via SMB" url="https://www.samba.org/" arch="all" @@ -79,6 +79,7 @@ source=" bind-9.12.patch missing-headers.patch samba-4.9.14-security-2019-10-29.patch + samba-4.9.17-security-2020-01-21.patch $pkgname.initd $pkgname.confd $pkgname.logrotate @@ -87,6 +88,9 @@ pkggroups="winbind" builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 4.8.12-r2: +# - CVE-2019-14902 +# - CVE-2019-14907 # 4.8.12-r1: # - CVE-2019-10218 # - CVE-2019-14833 @@ -97,7 +101,6 @@ builddir="$srcdir/$pkgname-$pkgver" # - CVE-2018-14629 # - CVE-2019-3880 # 4.8.7-r0: -# - CVE-2018-14629 # - CVE-2018-16841 # - CVE-2018-16851 # - CVE-2018-16853 @@ -576,6 +579,7 @@ a99e771f28d787dc22e832b97aa48a1c5e13ddc0c030c501a3c12819ff6e62800ef084b62930abe8 27f12c8395be25d9806d232cc30334f2f7c7d175971d2d1944dd886d699e0381a6f222c17e3d7bc087cf7a29bfb3e98cf25ba98f414c4afe0297b9d134a28bd8 bind-9.12.patch c0afe8b1dfddc5290c9aa611163d20adc3a546f54bba0081f739cda4255829f1a72bae422b6cb049aca82e58d4daf63ad5553f4c5c51671019bfbbc2781460f0 missing-headers.patch 8386db1209721fabb6acf52e498082ac3e70cd3a4454c54416b02aaa67b2906212383da7ddc06f77ca29cfbb9033407b1e958bcd9c7cdf369fe501f310a0f973 samba-4.9.14-security-2019-10-29.patch +b00163634fb262777cc8992192150beb5dc2dc45ace823557f1a35fe2448ab3559b7503db96b07c6a9382ddb62a3bd6f4e68e1849f64ec472dbea8abc6b54572 samba-4.9.17-security-2020-01-21.patch 96070e2461370437f48571e7de550c13a332fef869480cfe92e7cac73a998f6c2ee85d2580df58211953bebd0e577691aa710c8edddf3ea0f30e9d47d0a2fd44 samba.initd e2b49cb394e758447ca97de155a61b4276499983a0a5c00b44ae621c5559b759a766f8d1c8d3ee98ad5560f4064a847a7a20cfa2e14f85c061bec8b80fd649eb samba.confd 3458a4e1f8a8b44c966afb339b2dca51615be049f594c14911fc4d8203623deee416b6fe881436e246fc7d49c97a2b3bf9c5f33ba774302b24190a1103d6b67d samba.logrotate" diff --git a/main/samba/samba-4.9.17-security-2020-01-21.patch b/main/samba/samba-4.9.17-security-2020-01-21.patch new file mode 100644 index 00000000000..4847a8660ba --- /dev/null +++ b/main/samba/samba-4.9.17-security-2020-01-21.patch @@ -0,0 +1,1662 @@ +From 77d55b64af6acd38a08096b89ee051bc4ce72f43 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Thu, 28 Nov 2019 17:16:16 +1300 +Subject: [PATCH 01/13] CVE-2019-14902 selftest: Add test for replication of + inherited security descriptors + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + selftest/knownfail.d/repl_secdesc | 2 + + source4/selftest/tests.py | 5 + + source4/torture/drs/python/repl_secdesc.py | 258 +++++++++++++++++++++ + 3 files changed, 265 insertions(+) + create mode 100644 selftest/knownfail.d/repl_secdesc + create mode 100644 source4/torture/drs/python/repl_secdesc.py + +diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc +new file mode 100644 +index 00000000000..2aa24c61375 +--- /dev/null ++++ b/selftest/knownfail.d/repl_secdesc +@@ -0,0 +1,2 @@ ++^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_object_in_conflict ++^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inherit_existing_object +diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py +index 2ec0bee923b..7244535791d 100755 +--- a/source4/selftest/tests.py ++++ b/source4/selftest/tests.py +@@ -1004,6 +1004,11 @@ for env in ['vampire_dc', 'promoted_dc']: + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + environ={'DC1': "$DC_SERVER", 'DC2': '$%s_SERVER' % env.upper()}, + extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) ++ planoldpythontestsuite(env, "repl_secdesc", ++ name="samba4.drs.repl_secdesc.python(%s)" % env, ++ extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], ++ environ={'DC1': "$DC_SERVER", 'DC2': '$SERVER'}, ++ extra_args=['-U$DOMAIN/$DC_USERNAME%$DC_PASSWORD']) + planoldpythontestsuite(env, "repl_move", + extra_path=[os.path.join(samba4srcdir, 'torture/drs/python')], + name="samba4.drs.repl_move.python(%s)" % env, +diff --git a/source4/torture/drs/python/repl_secdesc.py b/source4/torture/drs/python/repl_secdesc.py +new file mode 100644 +index 00000000000..4ed449a8a18 +--- /dev/null ++++ b/source4/torture/drs/python/repl_secdesc.py +@@ -0,0 +1,258 @@ ++#!/usr/bin/env python3 ++# -*- coding: utf-8 -*- ++# ++# Unix SMB/CIFS implementation. ++# Copyright (C) Catalyst.Net Ltd. 2017 ++# Copyright (C) Andrew Bartlett <abartlet@samba.org> 2019 ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see <http://www.gnu.org/licenses/>. ++# ++import drs_base ++import ldb ++import samba ++from samba import sd_utils ++from ldb import LdbError ++ ++class ReplAclTestCase(drs_base.DrsBaseTestCase): ++ ++ def setUp(self): ++ super(ReplAclTestCase, self).setUp() ++ self.sd_utils_dc1 = sd_utils.SDUtils(self.ldb_dc1) ++ self.sd_utils_dc2 = sd_utils.SDUtils(self.ldb_dc2) ++ ++ self.ou = samba.tests.create_test_ou(self.ldb_dc1, ++ "test_acl_inherit") ++ ++ # disable replication for the tests so we can control at what point ++ # the DCs try to replicate ++ self._disable_all_repl(self.dnsname_dc1) ++ self._disable_all_repl(self.dnsname_dc2) ++ ++ # make sure DCs are synchronized before the test ++ self._net_drs_replicate(DC=self.dnsname_dc2, fromDC=self.dnsname_dc1, forced=True) ++ self._net_drs_replicate(DC=self.dnsname_dc1, fromDC=self.dnsname_dc2, forced=True) ++ ++ def tearDown(self): ++ self.ldb_dc1.delete(self.ou, ["tree_delete:1"]) ++ ++ # re-enable replication ++ self._enable_all_repl(self.dnsname_dc1) ++ self._enable_all_repl(self.dnsname_dc2) ++ ++ super(ReplAclTestCase, self).tearDown() ++ ++ def test_acl_inheirt_new_object_1_pass(self): ++ # Set the inherited ACL on the parent OU ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Make a new object ++ dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"}) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm inherited ACLs are identical ++ ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), ++ self.sd_utils_dc2.get_sd_as_sddl(dn)) ++ ++ def test_acl_inheirt_new_object(self): ++ # Set the inherited ACL on the parent OU ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Make a new object ++ dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"}) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm inherited ACLs are identical ++ ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), ++ self.sd_utils_dc2.get_sd_as_sddl(dn)) ++ ++ def test_acl_inherit_existing_object(self): ++ # Make a new object ++ dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"}) ++ ++ try: ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=dn, ++ attrs=[]) ++ self.fail() ++ except LdbError as err: ++ enum = err.args[0] ++ self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm it is now replicated ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=dn, ++ attrs=[]) ++ ++ # Set the inherited ACL on the parent OU ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm inherited ACLs are identical ++ ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), ++ self.sd_utils_dc2.get_sd_as_sddl(dn)) ++ ++ def test_acl_inheirt_existing_object_1_pass(self): ++ # Make a new object ++ dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ self.ldb_dc1.add({"dn": dn, "objectclass": "organizationalUnit"}) ++ ++ try: ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=dn, ++ attrs=[]) ++ self.fail() ++ except LdbError as err: ++ enum = err.args[0] ++ self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) ++ ++ # Set the inherited ACL on the parent OU ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm inherited ACLs are identical ++ ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), ++ self.sd_utils_dc2.get_sd_as_sddl(dn)) ++ ++ def test_acl_inheirt_renamed_object(self): ++ # Make a new object ++ new_ou = samba.tests.create_test_ou(self.ldb_dc1, ++ "acl_test_l2") ++ ++ sub_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ ++ try: ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=new_ou, ++ attrs=[]) ++ self.fail() ++ except LdbError as err: ++ enum = err.args[0] ++ self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm it is now replicated ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=new_ou, ++ attrs=[]) ++ ++ # Set the inherited ACL on the parent OU on DC1 ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Rename to under self.ou ++ ++ self.ldb_dc1.rename(new_ou, sub_ou_dn) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm inherited ACLs are identical ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn), ++ self.sd_utils_dc2.get_sd_as_sddl(sub_ou_dn)) ++ ++ ++ def test_acl_inheirt_renamed_object_in_conflict(self): ++ # Make a new object to be renamed under self.ou ++ new_ou = samba.tests.create_test_ou(self.ldb_dc1, ++ "acl_test_l2") ++ ++ # Make a new OU under self.ou (on DC2) ++ sub_ou_dn = ldb.Dn(self.ldb_dc2, "OU=l2,%s" % self.ou) ++ self.ldb_dc2.add({"dn": sub_ou_dn, ++ "objectclass": "organizationalUnit"}) ++ ++ # Set the inherited ACL on the parent OU ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Rename to under self.ou ++ self.ldb_dc1.rename(new_ou, sub_ou_dn) ++ ++ # Replicate to DC2 (will cause a conflict, DC1 to win, version ++ # is higher since named twice) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ children = self.ldb_dc2.search(scope=ldb.SCOPE_ONELEVEL, ++ base=self.ou, ++ attrs=[]) ++ for child in children: ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn), ++ self.sd_utils_dc2.get_sd_as_sddl(child.dn)) ++ ++ # Replicate back ++ self._net_drs_replicate(DC=self.dnsname_dc1, ++ fromDC=self.dnsname_dc2, ++ forced=True) ++ ++ for child in children: ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(child.dn), ++ self.sd_utils_dc2.get_sd_as_sddl(child.dn)) +-- +2.17.1 + + +From c5a005a45389c8d8fc0eae7137eab1904ea92d42 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 10 Dec 2019 15:16:24 +1300 +Subject: [PATCH 02/13] CVE-2019-14902 selftest: Add test for a special case + around replicated renames + +It appears Samba is currently string-name based in the ACL inheritence code. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + selftest/knownfail.d/repl_secdesc | 1 + + source4/torture/drs/python/repl_secdesc.py | 69 ++++++++++++++++++++++ + 2 files changed, 70 insertions(+) + +diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc +index 2aa24c61375..7d554ff237a 100644 +--- a/selftest/knownfail.d/repl_secdesc ++++ b/selftest/knownfail.d/repl_secdesc +@@ -1,2 +1,3 @@ + ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_object_in_conflict + ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inherit_existing_object ++^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_child_object +diff --git a/source4/torture/drs/python/repl_secdesc.py b/source4/torture/drs/python/repl_secdesc.py +index 4ed449a8a18..58861af3bac 100644 +--- a/source4/torture/drs/python/repl_secdesc.py ++++ b/source4/torture/drs/python/repl_secdesc.py +@@ -211,6 +211,75 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + self.sd_utils_dc2.get_sd_as_sddl(sub_ou_dn)) + + ++ def test_acl_inheirt_renamed_child_object(self): ++ # Make a new OU ++ new_ou = samba.tests.create_test_ou(self.ldb_dc1, ++ "acl_test_l2") ++ ++ # Here is where the new OU will end up at the end. ++ sub2_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) ++ ++ sub3_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l3,%s" % new_ou) ++ sub3_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l3,%s" % sub2_ou_dn_final) ++ ++ self.ldb_dc1.add({"dn": sub3_ou_dn, ++ "objectclass": "organizationalUnit"}) ++ ++ sub4_ou_dn = ldb.Dn(self.ldb_dc1, "OU=l4,%s" % sub3_ou_dn) ++ sub4_ou_dn_final = ldb.Dn(self.ldb_dc1, "OU=l4,%s" % sub3_ou_dn_final) ++ ++ self.ldb_dc1.add({"dn": sub4_ou_dn, ++ "objectclass": "organizationalUnit"}) ++ ++ try: ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=new_ou, ++ attrs=[]) ++ self.fail() ++ except LdbError as err: ++ enum = err.args[0] ++ self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm it is now replicated ++ self.ldb_dc2.search(scope=ldb.SCOPE_BASE, ++ base=new_ou, ++ attrs=[]) ++ ++ # ++ # Given a tree new_ou -> l3 -> l4 ++ # ++ ++ # Set the inherited ACL on the grandchild OU (l3) on DC1 ++ mod = "(A;CIOI;GA;;;SY)" ++ self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, mod) ++ ++ # Rename new_ou (l2) to under self.ou (this must happen second). If the ++ # inheritence between l3 and l4 is name-based, this could ++ # break. ++ ++ # The tree is now self.ou -> l2 -> l3 -> l4 ++ ++ self.ldb_dc1.rename(new_ou, sub2_ou_dn_final) ++ ++ # Replicate to DC2 ++ ++ self._net_drs_replicate(DC=self.dnsname_dc2, ++ fromDC=self.dnsname_dc1, ++ forced=True) ++ ++ # Confirm set ACLs (on l3 ) are identical. ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final), ++ self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final)) ++ ++ # Confirm inherited ACLs (from l3 to l4) are identical. ++ self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final), ++ self.sd_utils_dc2.get_sd_as_sddl(sub4_ou_dn_final)) ++ ++ + def test_acl_inheirt_renamed_object_in_conflict(self): + # Make a new object to be renamed under self.ou + new_ou = samba.tests.create_test_ou(self.ldb_dc1, +-- +2.17.1 + + +From 4afff32debe5ea4bf1219f42c3042eb65c3e1d6b Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Mon, 16 Dec 2019 11:29:27 +1300 +Subject: [PATCH 03/13] selftest: Add test to confirm ACL inheritence really + happens + +While we have a seperate test (sec_descriptor.py) that confirms inheritance in +general we want to lock in these specific patterns as this test covers +rename. + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + source4/torture/drs/python/repl_secdesc.py | 115 +++++++++++++++++---- + 1 file changed, 94 insertions(+), 21 deletions(-) + +diff --git a/source4/torture/drs/python/repl_secdesc.py b/source4/torture/drs/python/repl_secdesc.py +index 58861af3bac..58212907e23 100644 +--- a/source4/torture/drs/python/repl_secdesc.py ++++ b/source4/torture/drs/python/repl_secdesc.py +@@ -28,6 +28,10 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + + def setUp(self): + super(ReplAclTestCase, self).setUp() ++ self.mod = "(A;CIOI;GA;;;SY)" ++ self.mod_becomes = "(A;OICIIO;GA;;;SY)" ++ self.mod_inherits_as = "(A;OICIIOID;GA;;;SY)" ++ + self.sd_utils_dc1 = sd_utils.SDUtils(self.ldb_dc1) + self.sd_utils_dc2 = sd_utils.SDUtils(self.ldb_dc2) + +@@ -54,8 +58,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + + def test_acl_inheirt_new_object_1_pass(self): + # Set the inherited ACL on the parent OU +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set stuck as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Make a new object + dn = ldb.Dn(self.ldb_dc1, "OU=l2,%s" % self.ou) +@@ -65,15 +72,24 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm inherited ACLs are identical ++ # Assert ACL replicated as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(self.ou)) + ++ # Confirm inherited ACLs are identical and were inherited ++ ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), + self.sd_utils_dc2.get_sd_as_sddl(dn)) + + def test_acl_inheirt_new_object(self): + # Set the inherited ACL on the parent OU +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set stuck as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Replicate to DC2 + +@@ -89,8 +105,14 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm inherited ACLs are identical ++ # Assert ACL replicated as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(self.ou)) + ++ # Confirm inherited ACLs are identical and were inheritied ++ ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), + self.sd_utils_dc2.get_sd_as_sddl(dn)) + +@@ -118,8 +140,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + attrs=[]) + + # Set the inherited ACL on the parent OU +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set stuck as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Replicate to DC2 + +@@ -127,8 +152,14 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm inherited ACLs are identical ++ # Confirm inherited ACLs are identical and were inherited + ++ # Assert ACL replicated as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(self.ou)) ++ ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), + self.sd_utils_dc2.get_sd_as_sddl(dn)) + +@@ -147,8 +178,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + self.assertEqual(enum, ldb.ERR_NO_SUCH_OBJECT) + + # Set the inherited ACL on the parent OU +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Replicate to DC2 + +@@ -156,8 +190,14 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm inherited ACLs are identical ++ # Assert ACL replicated as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(self.ou)) + ++ # Confirm inherited ACLs are identical and were inherited ++ ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(dn), + self.sd_utils_dc2.get_sd_as_sddl(dn)) + +@@ -187,8 +227,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + attrs=[]) + + # Set the inherited ACL on the parent OU on DC1 +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Replicate to DC2 + +@@ -196,6 +239,10 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + ++ # Assert ACL replicated as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(self.ou)) ++ + # Rename to under self.ou + + self.ldb_dc1.rename(new_ou, sub_ou_dn) +@@ -206,7 +253,9 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm inherited ACLs are identical ++ # Confirm inherited ACLs are identical and were inherited ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn), + self.sd_utils_dc2.get_sd_as_sddl(sub_ou_dn)) + +@@ -254,8 +303,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + # + + # Set the inherited ACL on the grandchild OU (l3) on DC1 +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, mod) ++ self.sd_utils_dc1.dacl_add_ace(sub3_ou_dn, self.mod) ++ ++ # Assert ACL set stuck as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn)) + + # Rename new_ou (l2) to under self.ou (this must happen second). If the + # inheritence between l3 and l4 is name-based, this could +@@ -265,17 +317,26 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + + self.ldb_dc1.rename(new_ou, sub2_ou_dn_final) + ++ # Assert ACL set remained as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final)) ++ + # Replicate to DC2 + + self._net_drs_replicate(DC=self.dnsname_dc2, + fromDC=self.dnsname_dc1, + forced=True) + +- # Confirm set ACLs (on l3 ) are identical. ++ # Confirm set ACLs (on l3 ) are identical and were inherited ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub3_ou_dn_final), + self.sd_utils_dc2.get_sd_as_sddl(sub3_ou_dn_final)) + +- # Confirm inherited ACLs (from l3 to l4) are identical. ++ # Confirm inherited ACLs (from l3 to l4) are identical ++ # and where inherited ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub4_ou_dn_final), + self.sd_utils_dc2.get_sd_as_sddl(sub4_ou_dn_final)) + +@@ -291,8 +352,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + "objectclass": "organizationalUnit"}) + + # Set the inherited ACL on the parent OU +- mod = "(A;CIOI;GA;;;SY)" +- self.sd_utils_dc1.dacl_add_ace(self.ou, mod) ++ self.sd_utils_dc1.dacl_add_ace(self.ou, self.mod) ++ ++ # Assert ACL set stuck as expected ++ self.assertIn(self.mod_becomes, ++ self.sd_utils_dc1.get_sd_as_sddl(self.ou)) + + # Replicate to DC2 + +@@ -302,6 +366,8 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + + # Rename to under self.ou + self.ldb_dc1.rename(new_ou, sub_ou_dn) ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn)) + + # Replicate to DC2 (will cause a conflict, DC1 to win, version + # is higher since named twice) +@@ -314,6 +380,8 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + base=self.ou, + attrs=[]) + for child in children: ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc2.get_sd_as_sddl(child.dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn), + self.sd_utils_dc2.get_sd_as_sddl(child.dn)) + +@@ -322,6 +390,11 @@ class ReplAclTestCase(drs_base.DrsBaseTestCase): + fromDC=self.dnsname_dc2, + forced=True) + ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(sub_ou_dn)) ++ + for child in children: ++ self.assertIn(self.mod_inherits_as, ++ self.sd_utils_dc1.get_sd_as_sddl(child.dn)) + self.assertEquals(self.sd_utils_dc1.get_sd_as_sddl(child.dn), + self.sd_utils_dc2.get_sd_as_sddl(child.dn)) +-- +2.17.1 + + +From 17215b36b22d309a58a3b7bd08123f06e89657c9 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 26 Nov 2019 15:44:32 +1300 +Subject: [PATCH 04/13] CVE-2019-14902 dsdb: Explain that + descriptor_sd_propagation_recursive() is proctected by a transaction + +This means we can trust the DB did not change between the two search +requests. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + source4/dsdb/samdb/ldb_modules/descriptor.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c +index 9018b750ab5..fb2854438e1 100644 +--- a/source4/dsdb/samdb/ldb_modules/descriptor.c ++++ b/source4/dsdb/samdb/ldb_modules/descriptor.c +@@ -1199,6 +1199,9 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module, + * LDB_SCOPE_SUBTREE searches are expensive. + * + * Note: that we do not search for deleted/recycled objects ++ * ++ * We know this is safe against a rename race as we are in the ++ * prepare_commit(), so must be in a transaction. + */ + ret = dsdb_module_search(module, + change, +-- +2.17.1 + + +From 589d1e4846bbac0e5388af3ef0c6d6c41b5ff991 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 26 Nov 2019 16:17:32 +1300 +Subject: [PATCH 05/13] CVE-2019-14902 dsdb: Add comments explaining why SD + propagation needs to be done here + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + source4/dsdb/samdb/ldb_modules/descriptor.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c +index fb2854438e1..7070affa645 100644 +--- a/source4/dsdb/samdb/ldb_modules/descriptor.c ++++ b/source4/dsdb/samdb/ldb_modules/descriptor.c +@@ -876,6 +876,9 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) + return ldb_oom(ldb); + } + ++ /* ++ * Force SD propagation on children of this record ++ */ + ret = dsdb_module_schedule_sd_propagation(module, nc_root, + dn, false); + if (ret != LDB_SUCCESS) { +@@ -966,6 +969,10 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req) + return ldb_oom(ldb); + } + ++ /* ++ * Force SD propagation on this record (get a new ++ * inherited SD from the potentially new parent ++ */ + ret = dsdb_module_schedule_sd_propagation(module, nc_root, + newdn, true); + if (ret != LDB_SUCCESS) { +-- +2.17.1 + + +From 0fa9a362e55abb289cbf0fe24baa09c45af4837e Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Fri, 6 Dec 2019 17:54:23 +1300 +Subject: [PATCH 06/13] CVE-2019-14902 dsdb: Ensure we honour both + change->force_self and change->force_children + +If we are renaming a DN we can be in a situation where we need to + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + source4/dsdb/samdb/ldb_modules/descriptor.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c +index 7070affa645..b9f465fc36f 100644 +--- a/source4/dsdb/samdb/ldb_modules/descriptor.c ++++ b/source4/dsdb/samdb/ldb_modules/descriptor.c +@@ -1291,6 +1291,13 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module, + + if (cur != NULL) { + DLIST_REMOVE(change->children, cur); ++ } else if (i == 0) { ++ /* ++ * in the change->force_self case ++ * res->msgs[0]->elements was not overwritten, ++ * so set cur here ++ */ ++ cur = change; + } + + for (c = stopped_stack; c; c = stopped_stack) { +-- +2.17.1 + + +From 9ac2b09fa5a2de44967a0b190918825e7dca8d53 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Fri, 6 Dec 2019 18:05:54 +1300 +Subject: [PATCH 07/13] CVE-2019-14902 repl_meta_data: schedule SD propagation + to a renamed DN + +We need to check the SD of the parent if we rename, it is not the same as an incoming SD change. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +index 04a51ecab51..52ff3d75ee2 100644 +--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c ++++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +@@ -6290,7 +6290,22 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) + ar->index_current, msg->num_elements); + + if (renamed) { +- sd_updated = true; ++ /* ++ * This is an new name for this object, so we must ++ * inherit from the parent ++ * ++ * This is needed because descriptor is above ++ * repl_meta_data in the module stack, so this will ++ * not be trigered 'naturally' by the flow of ++ * operations. ++ */ ++ ret = dsdb_module_schedule_sd_propagation(ar->module, ++ ar->objs->partition_dn, ++ msg->dn, ++ true); ++ if (ret != LDB_SUCCESS) { ++ return ldb_operr(ldb); ++ } + } + + if (sd_updated && !isDeleted) { +-- +2.17.1 + + +From 9e6b09e0fd52c664de7f0589074fef872c753fa2 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 26 Nov 2019 15:50:35 +1300 +Subject: [PATCH 08/13] CVE-2019-14902 repl_meta_data: Fix issue where + inherited Security Descriptors were not replicated. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + selftest/knownfail.d/repl_secdesc | 1 - + .../dsdb/samdb/ldb_modules/repl_meta_data.c | 22 ++++++++++++++++++- + 2 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc +index 7d554ff237a..13a9ce458dd 100644 +--- a/selftest/knownfail.d/repl_secdesc ++++ b/selftest/knownfail.d/repl_secdesc +@@ -1,3 +1,2 @@ + ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_object_in_conflict +-^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inherit_existing_object + ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_child_object +diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +index 52ff3d75ee2..9812ded99fb 100644 +--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c ++++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +@@ -5527,6 +5527,15 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) + replmd_ldb_message_sort(msg, ar->schema); + + if (!remote_isDeleted) { ++ /* ++ * Ensure any local ACL inheritence is applied from ++ * the parent object. ++ * ++ * This is needed because descriptor is above ++ * repl_meta_data in the module stack, so this will ++ * not be trigered 'naturally' by the flow of ++ * operations. ++ */ + ret = dsdb_module_schedule_sd_propagation(ar->module, + ar->objs->partition_dn, + msg->dn, true); +@@ -6309,9 +6318,20 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) + } + + if (sd_updated && !isDeleted) { ++ /* ++ * This is an existing object, so there is no need to ++ * inherit from the parent, but we must inherit any ++ * incoming changes to our child objects. ++ * ++ * This is needed because descriptor is above ++ * repl_meta_data in the module stack, so this will ++ * not be trigered 'naturally' by the flow of ++ * operations. ++ */ + ret = dsdb_module_schedule_sd_propagation(ar->module, + ar->objs->partition_dn, +- msg->dn, true); ++ msg->dn, ++ false); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); + } +-- +2.17.1 + + +From 7071888d5b556213be79545cac059a8b3f62baee Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Fri, 6 Dec 2019 18:26:42 +1300 +Subject: [PATCH 09/13] CVE-2019-14902 repl_meta_data: Set renamed = true (and + so do SD inheritance) after any rename + +Previously if there was a conflict, but the incoming object would still +win, this was not marked as a rename, and so inheritence was not done. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + selftest/knownfail.d/repl_secdesc | 1 - + source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 13 +++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc +index 13a9ce458dd..9dd632d99ed 100644 +--- a/selftest/knownfail.d/repl_secdesc ++++ b/selftest/knownfail.d/repl_secdesc +@@ -1,2 +1 @@ +-^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_object_in_conflict + ^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_child_object +diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +index 9812ded99fb..e67c3b0281e 100644 +--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c ++++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +@@ -6134,6 +6134,19 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) + * replmd_replicated_apply_search_callback()) + */ + ret = replmd_replicated_handle_rename(ar, msg, ar->req, &renamed); ++ ++ /* ++ * This looks strange, but we must set this after any ++ * rename, otherwise the SD propegation will not ++ * happen (which might matter if we have a new parent) ++ * ++ * The additional case of calling ++ * replmd_op_name_modify_callback (below) is: ++ * - a no-op if there was no name change ++ * and ++ * - called in the default case regardless. ++ */ ++ renamed = true; + } + + if (ret != LDB_SUCCESS) { +-- +2.17.1 + + +From 16b377276ee82c04d069666e53deaa95a7633dd4 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Thu, 12 Dec 2019 14:44:57 +1300 +Subject: [PATCH 10/13] CVE-2019-14902 dsdb: Change basis of descriptor module + deferred processing to be GUIDs + +We can not process on the basis of a DN, as the DN may have changed in a rename, +not only that this module can see, but also from repl_meta_data below. + +Therefore remove all the complex tree-based change processing, leaving only +a tree-based sort of the possible objects to be changed, and a single +stopped_dn variable containing the DN to stop processing below (after +a no-op change). + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=12497 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +--- + selftest/knownfail.d/repl_secdesc | 1 - + source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +- + source4/dsdb/samdb/ldb_modules/descriptor.c | 296 +++++++++--------- + .../dsdb/samdb/ldb_modules/repl_meta_data.c | 7 +- + source4/dsdb/samdb/samdb.h | 2 +- + 5 files changed, 156 insertions(+), 154 deletions(-) + delete mode 100644 selftest/knownfail.d/repl_secdesc + +diff --git a/selftest/knownfail.d/repl_secdesc b/selftest/knownfail.d/repl_secdesc +deleted file mode 100644 +index 9dd632d99ed..00000000000 +--- a/selftest/knownfail.d/repl_secdesc ++++ /dev/null +@@ -1 +0,0 @@ +-^samba4.drs.repl_secdesc.python\(.*\).repl_secdesc.ReplAclTestCase.test_acl_inheirt_renamed_child_object +diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c +index 6d645b10fe2..b9931795e19 100644 +--- a/source4/dsdb/samdb/ldb_modules/acl_util.c ++++ b/source4/dsdb/samdb/ldb_modules/acl_util.c +@@ -286,7 +286,7 @@ uint32_t dsdb_request_sd_flags(struct ldb_request *req, bool *explicit) + + int dsdb_module_schedule_sd_propagation(struct ldb_module *module, + struct ldb_dn *nc_root, +- struct ldb_dn *dn, ++ struct GUID guid, + bool include_self) + { + struct ldb_context *ldb = ldb_module_get_ctx(module); +@@ -299,7 +299,7 @@ int dsdb_module_schedule_sd_propagation(struct ldb_module *module, + } + + op->nc_root = nc_root; +- op->dn = dn; ++ op->guid = guid; + op->include_self = include_self; + + ret = dsdb_module_extended(module, op, NULL, +diff --git a/source4/dsdb/samdb/ldb_modules/descriptor.c b/source4/dsdb/samdb/ldb_modules/descriptor.c +index b9f465fc36f..daa08c2ebc7 100644 +--- a/source4/dsdb/samdb/ldb_modules/descriptor.c ++++ b/source4/dsdb/samdb/ldb_modules/descriptor.c +@@ -46,9 +46,8 @@ + + struct descriptor_changes { + struct descriptor_changes *prev, *next; +- struct descriptor_changes *children; + struct ldb_dn *nc_root; +- struct ldb_dn *dn; ++ struct GUID guid; + bool force_self; + bool force_children; + struct ldb_dn *stopped_dn; +@@ -771,7 +770,8 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) + current_attrs, + DSDB_FLAG_NEXT_MODULE | + DSDB_FLAG_AS_SYSTEM | +- DSDB_SEARCH_SHOW_RECYCLED, ++ DSDB_SEARCH_SHOW_RECYCLED | ++ DSDB_SEARCH_SHOW_EXTENDED_DN, + req); + if (ret != LDB_SUCCESS) { + ldb_debug(ldb, LDB_DEBUG_ERROR,"descriptor_modify: Could not find %s\n", +@@ -832,7 +832,7 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) + user_sd = old_sd; + } + +- sd = get_new_descriptor(module, dn, req, ++ sd = get_new_descriptor(module, current_res->msgs[0]->dn, req, + objectclass, parent_sd, + user_sd, old_sd, sd_flags); + if (sd == NULL) { +@@ -869,18 +869,32 @@ static int descriptor_modify(struct ldb_module *module, struct ldb_request *req) + return ldb_oom(ldb); + } + } else if (cmp_ret != 0) { ++ struct GUID guid; + struct ldb_dn *nc_root; ++ NTSTATUS status; + +- ret = dsdb_find_nc_root(ldb, msg, dn, &nc_root); ++ ret = dsdb_find_nc_root(ldb, ++ msg, ++ current_res->msgs[0]->dn, ++ &nc_root); + if (ret != LDB_SUCCESS) { + return ldb_oom(ldb); + } + ++ status = dsdb_get_extended_dn_guid(current_res->msgs[0]->dn, ++ &guid, ++ "GUID"); ++ if (!NT_STATUS_IS_OK(status)) { ++ return ldb_operr(ldb); ++ } ++ + /* + * Force SD propagation on children of this record + */ +- ret = dsdb_module_schedule_sd_propagation(module, nc_root, +- dn, false); ++ ret = dsdb_module_schedule_sd_propagation(module, ++ nc_root, ++ guid, ++ false); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); + } +@@ -963,20 +977,31 @@ static int descriptor_rename(struct ldb_module *module, struct ldb_request *req) + + if (ldb_dn_compare(olddn, newdn) != 0) { + struct ldb_dn *nc_root; ++ struct GUID guid; + + ret = dsdb_find_nc_root(ldb, req, newdn, &nc_root); + if (ret != LDB_SUCCESS) { + return ldb_oom(ldb); + } + +- /* +- * Force SD propagation on this record (get a new +- * inherited SD from the potentially new parent +- */ +- ret = dsdb_module_schedule_sd_propagation(module, nc_root, +- newdn, true); +- if (ret != LDB_SUCCESS) { +- return ldb_operr(ldb); ++ ret = dsdb_module_guid_by_dn(module, ++ olddn, ++ &guid, ++ req); ++ if (ret == LDB_SUCCESS) { ++ /* ++ * Without disturbing any errors if the olddn ++ * does not exit, force SD propagation on ++ * this record (get a new inherited SD from ++ * the potentially new parent ++ */ ++ ret = dsdb_module_schedule_sd_propagation(module, ++ nc_root, ++ guid, ++ true); ++ if (ret != LDB_SUCCESS) { ++ return ldb_operr(ldb); ++ } + } + } + +@@ -992,9 +1017,7 @@ static int descriptor_extended_sec_desc_propagation(struct ldb_module *module, + struct ldb_context *ldb = ldb_module_get_ctx(module); + struct dsdb_extended_sec_desc_propagation_op *op; + TALLOC_CTX *parent_mem = NULL; +- struct descriptor_changes *parent_change = NULL; + struct descriptor_changes *c; +- int ret; + + op = talloc_get_type(req->op.extended.data, + struct dsdb_extended_sec_desc_propagation_op); +@@ -1011,32 +1034,6 @@ static int descriptor_extended_sec_desc_propagation(struct ldb_module *module, + + parent_mem = descriptor_private->trans_mem; + +- for (c = descriptor_private->changes; c; c = c->next) { +- ret = ldb_dn_compare(c->nc_root, op->nc_root); +- if (ret != 0) { +- continue; +- } +- +- ret = ldb_dn_compare(c->dn, op->dn); +- if (ret == 0) { +- if (op->include_self) { +- c->force_self = true; +- } else { +- c->force_children = true; +- } +- return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); +- } +- +- ret = ldb_dn_compare_base(c->dn, op->dn); +- if (ret != 0) { +- continue; +- } +- +- parent_mem = c; +- parent_change = c; +- break; +- } +- + c = talloc_zero(parent_mem, struct descriptor_changes); + if (c == NULL) { + return ldb_module_oom(module); +@@ -1045,21 +1042,14 @@ static int descriptor_extended_sec_desc_propagation(struct ldb_module *module, + if (c->nc_root == NULL) { + return ldb_module_oom(module); + } +- c->dn = ldb_dn_copy(c, op->dn); +- if (c->dn == NULL) { +- return ldb_module_oom(module); +- } ++ c->guid = op->guid; + if (op->include_self) { + c->force_self = true; + } else { + c->force_children = true; + } + +- if (parent_change != NULL) { +- DLIST_ADD_END(parent_change->children, c); +- } else { +- DLIST_ADD_END(descriptor_private->changes, c); +- } ++ DLIST_ADD_END(descriptor_private->changes, c); + + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); + } +@@ -1179,41 +1169,75 @@ static int descriptor_sd_propagation_msg_sort(struct ldb_message **m1, + return ldb_dn_compare(dn2, dn1); + } + +-static int descriptor_sd_propagation_dn_sort(struct ldb_dn *dn1, +- struct ldb_dn *dn2) +-{ +- /* +- * This sorts in tree order, parents first +- */ +- return ldb_dn_compare(dn2, dn1); +-} +- + static int descriptor_sd_propagation_recursive(struct ldb_module *module, + struct descriptor_changes *change) + { +- struct ldb_context *ldb = ldb_module_get_ctx(module); ++ struct ldb_result *guid_res = NULL; + struct ldb_result *res = NULL; + unsigned int i; + const char * const no_attrs[] = { "@__NONE__", NULL }; +- struct descriptor_changes *c; +- struct descriptor_changes *stopped_stack = NULL; +- enum ldb_scope scope; ++ struct ldb_dn *stopped_dn = NULL; ++ struct GUID_txt_buf guid_buf; + int ret; ++ bool stop = false; + + /* +- * First confirm this object has children, or exists (depending on change->force_self) ++ * First confirm this object has children, or exists ++ * (depending on change->force_self) + * + * LDB_SCOPE_SUBTREE searches are expensive. + * +- * Note: that we do not search for deleted/recycled objects +- * + * We know this is safe against a rename race as we are in the + * prepare_commit(), so must be in a transaction. + */ ++ ++ /* Find the DN by GUID, as this is stable under rename */ ++ ret = dsdb_module_search(module, ++ change, ++ &guid_res, ++ change->nc_root, ++ LDB_SCOPE_SUBTREE, ++ no_attrs, ++ DSDB_FLAG_NEXT_MODULE | ++ DSDB_FLAG_AS_SYSTEM | ++ DSDB_SEARCH_SHOW_DELETED | ++ DSDB_SEARCH_SHOW_RECYCLED, ++ NULL, /* parent_req */ ++ "(objectGUID=%s)", ++ GUID_buf_string(&change->guid, ++ &guid_buf)); ++ ++ if (ret != LDB_SUCCESS) { ++ return ret; ++ } ++ ++ if (guid_res->count != 1) { ++ /* ++ * We were just given this GUID during the same ++ * transaction, if it is missing this is a big ++ * problem. ++ * ++ * Cleanup of tombstones does not trigger this module ++ * as it just does a delete. ++ */ ++ ldb_asprintf_errstring(ldb_module_get_ctx(module), ++ "failed to find GUID %s under %s " ++ "for transaction-end SD inheritance: %d results", ++ GUID_buf_string(&change->guid, ++ &guid_buf), ++ ldb_dn_get_linearized(change->nc_root), ++ guid_res->count); ++ return LDB_ERR_OPERATIONS_ERROR; ++ } ++ ++ /* ++ * OK, so there was a parent, are there children? Note: that ++ * this time we do not search for deleted/recycled objects ++ */ + ret = dsdb_module_search(module, + change, + &res, +- change->dn, ++ guid_res->msgs[0]->dn, + LDB_SCOPE_ONELEVEL, + no_attrs, + DSDB_FLAG_NEXT_MODULE | +@@ -1221,26 +1245,55 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module, + NULL, /* parent_req */ + "(objectClass=*)"); + if (ret != LDB_SUCCESS) { ++ /* ++ * LDB_ERR_NO_SUCH_OBJECT, say if the DN was a deleted ++ * object, is ignored by the caller ++ */ + return ret; + } + + if (res->count == 0 && !change->force_self) { ++ /* All done, no children */ + TALLOC_FREE(res); + return LDB_SUCCESS; +- } else if (res->count == 0 && change->force_self) { +- scope = LDB_SCOPE_BASE; +- } else { +- scope = LDB_SCOPE_SUBTREE; + } + + /* ++ * First, if we are in force_self mode (eg renamed under new ++ * parent) then apply the SD to the top object ++ */ ++ if (change->force_self) { ++ ret = descriptor_sd_propagation_object(module, ++ guid_res->msgs[0], ++ &stop); ++ if (ret != LDB_SUCCESS) { ++ TALLOC_FREE(guid_res); ++ return ret; ++ } ++ ++ if (stop == true && !change->force_children) { ++ /* There was no change, nothing more to do */ ++ TALLOC_FREE(guid_res); ++ return LDB_SUCCESS; ++ } ++ ++ if (res->count == 0) { ++ /* All done! */ ++ TALLOC_FREE(guid_res); ++ return LDB_SUCCESS; ++ } ++ } ++ ++ /* ++ * Look for children ++ * + * Note: that we do not search for deleted/recycled objects + */ + ret = dsdb_module_search(module, + change, + &res, +- change->dn, +- scope, ++ guid_res->msgs[0]->dn, ++ LDB_SCOPE_SUBTREE, + no_attrs, + DSDB_FLAG_NEXT_MODULE | + DSDB_FLAG_AS_SYSTEM, +@@ -1253,90 +1306,39 @@ static int descriptor_sd_propagation_recursive(struct ldb_module *module, + TYPESAFE_QSORT(res->msgs, res->count, + descriptor_sd_propagation_msg_sort); + +- for (c = change->children; c; c = c->next) { +- struct ldb_message *msg = NULL; +- +- BINARY_ARRAY_SEARCH_P(res->msgs, res->count, dn, c->dn, +- descriptor_sd_propagation_dn_sort, +- msg); +- +- if (msg == NULL) { +- ldb_debug(ldb, LDB_DEBUG_WARNING, +- "descriptor_sd_propagation_recursive: " +- "%s not found under %s", +- ldb_dn_get_linearized(c->dn), +- ldb_dn_get_linearized(change->dn)); +- continue; +- } +- +- msg->elements = (struct ldb_message_element *)c; +- } +- +- DLIST_ADD(stopped_stack, change); +- +- if (change->force_self) { +- i = 0; +- } else { +- i = 1; +- } +- +- for (; i < res->count; i++) { +- struct descriptor_changes *cur; +- bool stop = false; +- +- cur = talloc_get_type(res->msgs[i]->elements, +- struct descriptor_changes); +- res->msgs[i]->elements = NULL; +- res->msgs[i]->num_elements = 0; +- +- if (cur != NULL) { +- DLIST_REMOVE(change->children, cur); +- } else if (i == 0) { ++ /* We start from 1, the top object has been done */ ++ for (i = 1; i < res->count; i++) { ++ /* ++ * ldb_dn_compare_base() does not match for NULL but ++ * this is clearer ++ */ ++ if (stopped_dn != NULL) { ++ ret = ldb_dn_compare_base(stopped_dn, ++ res->msgs[i]->dn); + /* +- * in the change->force_self case +- * res->msgs[0]->elements was not overwritten, +- * so set cur here ++ * Skip further processing of this ++ * sub-subtree + */ +- cur = change; +- } +- +- for (c = stopped_stack; c; c = stopped_stack) { +- ret = ldb_dn_compare_base(c->dn, +- res->msgs[i]->dn); +- if (ret == 0) { +- break; +- } +- +- c->stopped_dn = NULL; +- DLIST_REMOVE(stopped_stack, c); +- } +- +- if (cur != NULL) { +- DLIST_ADD(stopped_stack, cur); +- } +- +- if (stopped_stack->stopped_dn != NULL) { +- ret = ldb_dn_compare_base(stopped_stack->stopped_dn, +- res->msgs[i]->dn); + if (ret == 0) { + continue; + } +- stopped_stack->stopped_dn = NULL; + } +- +- ret = descriptor_sd_propagation_object(module, res->msgs[i], ++ ret = descriptor_sd_propagation_object(module, ++ res->msgs[i], + &stop); + if (ret != LDB_SUCCESS) { + return ret; + } + +- if (cur != NULL && cur->force_children) { +- continue; +- } +- + if (stop) { +- stopped_stack->stopped_dn = res->msgs[i]->dn; +- continue; ++ /* ++ * If this child didn't change, then nothing ++ * under it needs to change ++ * ++ * res has been sorted into tree order so the ++ * next few entries can be skipped ++ */ ++ stopped_dn = res->msgs[i]->dn; + } + } + +diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +index e67c3b0281e..a2a6bcc98f3 100644 +--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c ++++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +@@ -5538,7 +5538,8 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) + */ + ret = dsdb_module_schedule_sd_propagation(ar->module, + ar->objs->partition_dn, +- msg->dn, true); ++ ar->objs->objects[ar->index_current].object_guid, ++ true); + if (ret != LDB_SUCCESS) { + return replmd_replicated_request_error(ar, ret); + } +@@ -6323,7 +6324,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) + */ + ret = dsdb_module_schedule_sd_propagation(ar->module, + ar->objs->partition_dn, +- msg->dn, ++ ar->objs->objects[ar->index_current].object_guid, + true); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); +@@ -6343,7 +6344,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) + */ + ret = dsdb_module_schedule_sd_propagation(ar->module, + ar->objs->partition_dn, +- msg->dn, ++ ar->objs->objects[ar->index_current].object_guid, + false); + if (ret != LDB_SUCCESS) { + return ldb_operr(ldb); +diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h +index e1b0e4aa4e3..3f47b863a83 100644 +--- a/source4/dsdb/samdb/samdb.h ++++ b/source4/dsdb/samdb/samdb.h +@@ -338,7 +338,7 @@ struct dsdb_extended_allocate_rid { + #define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID "1.3.6.1.4.1.7165.4.4.7" + struct dsdb_extended_sec_desc_propagation_op { + struct ldb_dn *nc_root; +- struct ldb_dn *dn; ++ struct GUID guid; + bool include_self; + }; + +-- +2.17.1 + + +From 030fa9e5455125e30b71c90be80baadb657d8993 Mon Sep 17 00:00:00 2001 +From: Noel Power <noel.power@suse.com> +Date: Fri, 24 May 2019 13:37:00 +0000 +Subject: [PATCH 11/13] CVE-2019-14907 lib/util/charset: clang: Fix Value + stored to 'reason' is never read warning + +Fixes: + +lib/util/charset/convert_string.c:301:5: warning: Value stored to 'reason' is never read <--[clang] + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 + +Signed-off-by: Noel Power <noel.power@suse.com> +Reviewed-by: Gary Lockyer gary@catalyst.net.nz +(cherry picked from commit add47e288bc80c1bf45765d1588a9fa5998ea677) +--- + lib/util/charset/convert_string.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c +index 196302aacfd..34facab6fe6 100644 +--- a/lib/util/charset/convert_string.c ++++ b/lib/util/charset/convert_string.c +@@ -300,13 +300,13 @@ bool convert_string_handle(struct smb_iconv_handle *ic, + { + reason="No more room"; + if (from == CH_UNIX) { +- DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u - '%s'\n", ++ DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u - '%s' error: %s\n", + charset_name(ic, from), charset_name(ic, to), +- (unsigned int)srclen, (unsigned int)destlen, (const char *)src)); ++ (unsigned int)srclen, (unsigned int)destlen, (const char *)src, reason)); + } else { +- DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u\n", ++ DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", + charset_name(ic, from), charset_name(ic, to), +- (unsigned int)srclen, (unsigned int)destlen)); ++ (unsigned int)srclen, (unsigned int)destlen, reason)); + } + break; + } +-- +2.17.1 + + +From ad0e68d354ad33c577dbf146fc4a1b8254857558 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Fri, 29 Nov 2019 20:58:47 +1300 +Subject: [PATCH 12/13] CVE-2019-14907 lib/util: Do not print the failed to + convert string into the logs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The string may be in another charset, or may be sensitive and +certainly may not be terminated. It is not safe to just print. + +Found by Robert Święcki using a fuzzer he wrote for smbd. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=14208 +Signed-off-by: Andrew Bartlett <abartlet@samba.org> + +(adapted from master commit) +--- + lib/util/charset/convert_string.c | 33 +++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 15 deletions(-) + +diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c +index 34facab6fe6..b546e056953 100644 +--- a/lib/util/charset/convert_string.c ++++ b/lib/util/charset/convert_string.c +@@ -293,31 +293,31 @@ bool convert_string_handle(struct smb_iconv_handle *ic, + switch(errno) { + case EINVAL: + reason="Incomplete multibyte sequence"; +- DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n", +- reason, (const char *)src)); ++ DBG_NOTICE("Conversion error: %s\n", ++ reason); + break; + case E2BIG: + { + reason="No more room"; + if (from == CH_UNIX) { +- DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u - '%s' error: %s\n", +- charset_name(ic, from), charset_name(ic, to), +- (unsigned int)srclen, (unsigned int)destlen, (const char *)src, reason)); ++ DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", ++ charset_name(ic, from), charset_name(ic, to), ++ (unsigned int)srclen, (unsigned int)destlen, reason); + } else { +- DEBUG(3,("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", +- charset_name(ic, from), charset_name(ic, to), +- (unsigned int)srclen, (unsigned int)destlen, reason)); ++ DBG_NOTICE("E2BIG: convert_string(%s,%s): srclen=%u destlen=%u error: %s\n", ++ charset_name(ic, from), charset_name(ic, to), ++ (unsigned int)srclen, (unsigned int)destlen, reason); + } + break; + } + case EILSEQ: + reason="Illegal multibyte sequence"; +- DEBUG(3,("convert_string_internal: Conversion error: %s(%s)\n", +- reason, (const char *)src)); ++ DBG_NOTICE("convert_string_internal: Conversion error: %s\n", ++ reason); + break; + default: +- DEBUG(0,("convert_string_internal: Conversion error: %s(%s)\n", +- reason, (const char *)src)); ++ DBG_ERR("convert_string_internal: Conversion error: %s\n", ++ reason); + break; + } + /* smb_panic(reason); */ +@@ -427,16 +427,19 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic, + switch(errno) { + case EINVAL: + reason="Incomplete multibyte sequence"; +- DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf)); ++ DBG_NOTICE("Conversion error: %s\n", ++ reason); + break; + case E2BIG: + goto convert; + case EILSEQ: + reason="Illegal multibyte sequence"; +- DEBUG(3,("convert_string_talloc: Conversion error: %s(%s)\n",reason,inbuf)); ++ DBG_NOTICE("Conversion error: %s\n", ++ reason); + break; + default: +- DEBUG(0,("Conversion error: %s(%s)\n",reason,inbuf)); ++ DBG_ERR("Conversion error: %s\n", ++ reason); + break; + } + /* smb_panic(reason); */ +-- +2.17.1 + + diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD index 01aa27a8a6c..35fe650db2e 100644 --- a/main/screen/APKBUILD +++ b/main/screen/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=screen pkgver=4.6.2 -pkgrel=0 +pkgrel=1 pkgdesc="A window manager that multiplexes a physical terminal" url="http://ftp.gnu.org/gnu/screen/" arch="all" @@ -10,9 +10,15 @@ license="GPL-3.0-or-later" options="!check" # No test suite. makedepends="ncurses-dev ncurses" subpackages="$pkgname-doc" -source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" +source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz + CVE-2020-9366.patch + " builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 4.6.2-r1: +# - CVE-2020-9366 + build() { cd "$builddir" ./configure \ @@ -38,4 +44,5 @@ package() { install -Dm644 etc/screenrc "$pkgdir"/etc/skel/.screenrc } -sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz" +sha512sums="224bd16ad5ae501d1b8bb7d2ba9cc19e6a0743de5a5b320109c2f6bf3b1ca564cc7094ed9211be13733d9d769cde77d13fe236341d448cad0518038ab1e85c99 screen-4.6.2.tar.gz +7cf69866a2c6e18a72b8df90550d12294c95245a39b1c16a5de9eb1dbaf732d1474af7e0f9d42941286911e136e437f8029cd134858c456eaabee6ef6cfce111 CVE-2020-9366.patch" diff --git a/main/screen/CVE-2020-9366.patch b/main/screen/CVE-2020-9366.patch new file mode 100644 index 00000000000..81b56b4bc56 --- /dev/null +++ b/main/screen/CVE-2020-9366.patch @@ -0,0 +1,42 @@ +From 68386dfb1fa33471372a8cd2e74686758a2f527b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= <amade@asmblr.net> +Date: Thu, 30 Jan 2020 17:56:27 +0100 +Subject: Fix out of bounds access when setting w_xtermosc after OSC 49 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +echo -e "\e]49\e; \n\ec" +crashes screen. + +This happens because 49 is divided by 10 and used as table index +resulting in access to w_xtermosc[4], which is out of bounds with table +itself being size 4. Increase size of table by 1 to 5, which is enough +for all current uses. + +As this overwrites memory based on user input it is potential security +issue. + +Reported-by: pippin@gimp.org +Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> +--- + src/window.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/window.h b/src/window.h +index fbe98dc..11d2a9e 100644 +--- a/window.h ++++ b/window.h +@@ -237,7 +237,7 @@ struct win + char w_vbwait; + char w_norefresh; /* dont redisplay when switching to that win */ + #ifdef RXVT_OSC +- char w_xtermosc[4][MAXSTR]; /* special xterm/rxvt escapes */ ++ char w_xtermosc[5][MAXSTR]; /* special xterm/rxvt escapes */ + #endif + int w_mouse; /* mouse mode 0,9,1000 */ + int w_extmouse; /* extended mouse mode 0,1006 */ +-- +cgit v1.2.1 + + diff --git a/main/sdl/APKBUILD b/main/sdl/APKBUILD index de0a8ec773a..889be742dff 100644 --- a/main/sdl/APKBUILD +++ b/main/sdl/APKBUILD @@ -42,7 +42,6 @@ builddir="$srcdir"/SDL-$pkgver # - CVE-2019-7575 # - CVE-2019-7576 # - CVE-2019-7577 -# - CVE-2019-7577 # - CVE-2019-7578 # - CVE-2019-7635 # - CVE-2019-7636 diff --git a/main/smokeping/APKBUILD b/main/smokeping/APKBUILD index c8a9fe1451d..3efc760689d 100644 --- a/main/smokeping/APKBUILD +++ b/main/smokeping/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=smokeping pkgver=2.7.3 -pkgrel=3 +pkgrel=4 pkgdesc="Smokeping network latency monitoring" pkgusers="smokeping" pkggroups="smokeping" @@ -38,6 +38,7 @@ depends=" perl-snmp-session perl-uri rrdtool + ttf-dejavu " makedepends=" openssl-dev diff --git a/main/spl-vanilla/APKBUILD b/main/spl-vanilla/APKBUILD index c5d4b7ee21a..6949cec9c06 100644 --- a/main/spl-vanilla/APKBUILD +++ b/main/spl-vanilla/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/sprunge/APKBUILD b/main/sprunge/APKBUILD index f663d800b9b..4d1f651abd2 100644 --- a/main/sprunge/APKBUILD +++ b/main/sprunge/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=sprunge pkgver=0.6 -pkgrel=0 +pkgrel=1 pkgdesc="Helper script to paste things to http://sprunge.us" url="http://sprunge.us" arch="noarch" @@ -33,10 +33,10 @@ package() { tpaste() { cd "$_builddir" - url="http://tpaste.us" + url="https://tpaste.us" pkgdesc="Helper script to paste things to $url" mkdir -p "$subpkgdir"/usr/bin - printf "#!/bin/sh\n\nexec curl -F 'tpaste=<-' http://tpaste.us" > \ + printf "#!/bin/sh\n\nexec curl -F 'tpaste=<-' https://tpaste.us" > \ "$subpkgdir"/usr/bin/tpaste || return 1 chmod 755 "$subpkgdir"/usr/bin/tpaste || return 1 } diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD index 44425f92f83..b97b3891eca 100644 --- a/main/sqlite/APKBUILD +++ b/main/sqlite/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> pkgname=sqlite pkgver=3.28.0 -pkgrel=2 +pkgrel=3 pkgdesc="C library that implements an SQL database engine" url="https://www.sqlite.org/" arch="all" @@ -34,12 +34,15 @@ source="https://www.sqlite.org/2019/$pkgname-autoconf-$_ver.tar.gz CVE-2019-16168.patch CVE-2019-19242.patch CVE-2019-19244.patch + CVE-2020-11655.patch " # secfixes: +# 3.28.0-r3: +# - CVE-2020-11655 # 3.28.0-r2: # - CVE-2019-19242 -# - CVE-2019-19242 +# - CVE-2019-19244 # 3.28.0-r1: # - CVE-2019-16168 # 3.28.0-r0: @@ -115,4 +118,5 @@ sha512sums="e800c0d9e6c8c01ccf1d714c6c4da4b98e9610c4c06557dda6393d0792a8ae097887 5bde14bec5bf18cc686b8b90a8b2324c8c6600bca1ae56431a795bb34b8b5ae85527143f3b5f0c845c776bce60eaa537624104cefc3a47b3820d43083f40c6e9 license.txt db937bc87068b486e5163a5493acba2d7b89aa6b45d55cbc1c8b53e6889c53e6be060997f340dfad44c3df328c7891b49277f56299a9531248381a214fb4079d CVE-2019-16168.patch e0cbb73e56cfd37cb5fbc5b003a40d1853fb527a63319ff78dbcd9d15d9469f75451f4abd572d5a2a1e936c8739f8f031428090b48368f28f97ba6fbf0654dbe CVE-2019-19242.patch -e7982014a62b4fa465918fd65384cec406ea09598f3e0511eb2b68f618983b2f29a932267397aff9b88b97367dc8e05c4074fa8e276e3f4294ac019df498a724 CVE-2019-19244.patch" +e7982014a62b4fa465918fd65384cec406ea09598f3e0511eb2b68f618983b2f29a932267397aff9b88b97367dc8e05c4074fa8e276e3f4294ac019df498a724 CVE-2019-19244.patch +c9d9f440543fa59fb4cb75d069b69adcccfdeb1c31bc9bd8d2f27b178013ea72934f6301d3df28e37a67cb6dbc38b2fc7bf87bacd93d756a62f3bf59a52ab3f2 CVE-2020-11655.patch" diff --git a/main/sqlite/CVE-2020-11655.patch b/main/sqlite/CVE-2020-11655.patch new file mode 100644 index 00000000000..ee58cf62e87 --- /dev/null +++ b/main/sqlite/CVE-2020-11655.patch @@ -0,0 +1,24 @@ +From 660733d19a17c9927275dbcde537d12531a8d121 Mon Sep 17 00:00:00 2001 +From: Leonardo Arena <rnalrd@alpinelinux.org> +Date: Thu, 7 May 2020 12:37:05 +0000 +Subject: [PATCH] CVE-2020-11655 + +--- + sqlite3.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sqlite3.c b/sqlite3.c +index 55dc686..f0ccb2d 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -133217,6 +133217,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ + struct AggInfo_func *pFunc; + int nReg = pAggInfo->nFunc + pAggInfo->nColumn; + if( nReg==0 ) return; ++ if( pParse->nErr ) return; + #ifdef SQLITE_DEBUG + /* Verify that all AggInfo registers are within the range specified by + ** AggInfo.mnReg..AggInfo.mxReg */ +-- +2.26.0 + diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index 7c4ae5ffffb..c6e0ec7acc4 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=squid -pkgver=4.8 -pkgrel=1 +pkgver=4.13 +pkgrel=0 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" install="squid.pre-install squid.pre-upgrade" @@ -18,7 +18,6 @@ linguas="af ar az bg ca cs da de el es et fa fi fr he hu hy id it ja ka ko lt lv ms nl oc pl pt ro ru sk sl sr sv th tr uk uz vi zh" langdir="/usr/share/squid/errors" source="http://www.squid-cache.org/Versions/v4/squid-${pkgver}.tar.xz - CVE-2019-18679.patch $pkgname.initd $pkgname.confd @@ -30,6 +29,19 @@ builddir="$srcdir"/$pkgname-$pkgver options="!check" # does not work. Error message is about "applet not found", some issue with the installed busybox # secfixes: +# 4.13-r0: +# - CVE-2020-15810 +# - CVE-2020-15811 +# - CVE-2020-24606 +# 4.11-r0: +# - CVE-2019-12519 +# - CVE-2019-12521 +# - CVE-2020-11945 +# 4.10-r0: +# - CVE-2019-12528 +# - CVE-2020-8449 +# - CVE-2020-8450 +# - CVE-2020-8517 # 4.8-r1: # - CVE-2019-18679 # 4.8-r0: @@ -108,8 +120,8 @@ squid_kerb_auth() { install -d "$subpkgdir"/usr/lib/squid mv "$pkgdir"/usr/lib/squid/squid_kerb_auth "$subpkgdir"/usr/lib/squid/ } -sha512sums="2223f299950ded074faca6e3d09c15bc26e8644c3019b36a612f5d424e25b02a528c4b3c8a9463864f71edc29f17c5662f16ffda18c76317405cb97657e5e823 squid-4.8.tar.xz -e2a38576105eb056640f334499504e10605e5b7e82bcd602fe019dd010beb2c70eddc931ca2b3e452f229a28de0f6c7fb6b770bcf2f3c406044286d8fed18490 CVE-2019-18679.patch + +sha512sums="06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc squid-4.13.tar.xz 15d95f7d787be8c2e6619ef1661fd8aae8d2c1ede706748764644c7dc3d7c34515ef6e8b7543295fddc4e767bbd74a7cf8c42e77cf60b3d574ff11b3f6e336c9 squid.initd 7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd 89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate" diff --git a/main/squid/CVE-2019-18679.patch b/main/squid/CVE-2019-18679.patch deleted file mode 100644 index 9ad820d3190..00000000000 --- a/main/squid/CVE-2019-18679.patch +++ /dev/null @@ -1,120 +0,0 @@ -commit 671ba97abe929156dc4c717ee52ad22fba0f7443 -Author: Amos Jeffries <yadij@users.noreply.github.com> -Date: 2019-09-11 02:52:52 +0000 - - RFC 7230: server MUST reject messages with BWS after field-name (#445) - - Obey the RFC requirement to reject HTTP requests with whitespace - between field-name and the colon delimiter. Rejection is - critical in the presence of broken HTTP agents that mishandle - malformed messages. - - Also obey requirement to always strip such whitespace from HTTP - response messages. The relaxed parser is no longer necessary for - this response change. - - For now non-HTTP protocols retain the old behaviour of removal - only when using the relaxed parser. - -diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc -index dd320d5..a36ad85 100644 ---- a/src/HttpHeader.cc -+++ b/src/HttpHeader.cc -@@ -421,15 +421,12 @@ HttpHeader::parse(const char *header_start, size_t hdrLen) - break; /* terminating blank line */ - } - -- HttpHeaderEntry *e; -- if ((e = HttpHeaderEntry::parse(field_start, field_end)) == NULL) { -+ const auto e = HttpHeaderEntry::parse(field_start, field_end, owner); -+ if (!e) { - debugs(55, warnOnError, "WARNING: unparseable HTTP header field {" << - getStringPrefix(field_start, field_end-field_start) << "}"); - debugs(55, warnOnError, " in {" << getStringPrefix(header_start, hdrLen) << "}"); - -- if (Config.onoff.relaxed_header_parser) -- continue; -- - PROF_stop(HttpHeaderParse); - clean(); - return 0; -@@ -1386,7 +1383,7 @@ HttpHeaderEntry::~HttpHeaderEntry() - - /* parses and inits header entry, returns true/false */ - HttpHeaderEntry * --HttpHeaderEntry::parse(const char *field_start, const char *field_end) -+HttpHeaderEntry::parse(const char *field_start, const char *field_end, const http_hdr_owner_type msgType) - { - /* note: name_start == field_start */ - const char *name_end = (const char *)memchr(field_start, ':', field_end - field_start); -@@ -1403,19 +1400,41 @@ HttpHeaderEntry::parse(const char *field_start, const char *field_end) - - if (name_len > 65534) { - /* String must be LESS THAN 64K and it adds a terminating NULL */ -- debugs(55, DBG_IMPORTANT, "WARNING: ignoring header name of " << name_len << " bytes"); -+ // TODO: update this to show proper name_len in Raw markup, but not print all that -+ debugs(55, 2, "ignoring huge header field (" << Raw("field_start", field_start, 100) << "...)"); - return NULL; - } - -- if (Config.onoff.relaxed_header_parser && xisspace(field_start[name_len - 1])) { -+ /* -+ * RFC 7230 section 3.2.4: -+ * "No whitespace is allowed between the header field-name and colon. -+ * ... -+ * A server MUST reject any received request message that contains -+ * whitespace between a header field-name and colon with a response code -+ * of 400 (Bad Request). A proxy MUST remove any such whitespace from a -+ * response message before forwarding the message downstream." -+ */ -+ if (xisspace(field_start[name_len - 1])) { -+ -+ if (msgType == hoRequest) -+ return nullptr; -+ -+ // for now, also let relaxed parser remove this BWS from any non-HTTP messages -+ const bool stripWhitespace = (msgType == hoReply) || -+ Config.onoff.relaxed_header_parser; -+ if (!stripWhitespace) -+ return nullptr; // reject if we cannot strip -+ - debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2, - "NOTICE: Whitespace after header name in '" << getStringPrefix(field_start, field_end-field_start) << "'"); - - while (name_len > 0 && xisspace(field_start[name_len - 1])) - --name_len; - -- if (!name_len) -+ if (!name_len) { -+ debugs(55, 2, "found header with only whitespace for name"); - return NULL; -+ } - } - - /* now we know we can parse it */ -@@ -1448,11 +1467,7 @@ HttpHeaderEntry::parse(const char *field_start, const char *field_end) - - if (field_end - value_start > 65534) { - /* String must be LESS THAN 64K and it adds a terminating NULL */ -- debugs(55, DBG_IMPORTANT, "WARNING: ignoring '" << name << "' header of " << (field_end - value_start) << " bytes"); -- -- if (id == Http::HdrType::OTHER) -- name.clean(); -- -+ debugs(55, 2, "WARNING: found '" << name << "' header of " << (field_end - value_start) << " bytes"); - return NULL; - } - -diff --git a/src/HttpHeader.h b/src/HttpHeader.h -index 35a9410..be175b7 100644 ---- a/src/HttpHeader.h -+++ b/src/HttpHeader.h -@@ -54,7 +54,7 @@ class HttpHeaderEntry - public: - HttpHeaderEntry(Http::HdrType id, const char *name, const char *value); - ~HttpHeaderEntry(); -- static HttpHeaderEntry *parse(const char *field_start, const char *field_end); -+ static HttpHeaderEntry *parse(const char *field_start, const char *field_end, const http_hdr_owner_type msgType); - HttpHeaderEntry *clone() const; - void packInto(Packable *p) const; - int getInt() const; diff --git a/main/tcpdump/APKBUILD b/main/tcpdump/APKBUILD index aa29f90dc81..a24b2ea322a 100644 --- a/main/tcpdump/APKBUILD +++ b/main/tcpdump/APKBUILD @@ -1,18 +1,49 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=tcpdump -pkgver=4.9.2 -pkgrel=4 +pkgver=4.9.3 +pkgrel=1 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" license="BSD-3-Clause" -depends="" +options="!check" # fail on ppc64le makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" -source="http://www.$pkgname.org/release/$pkgname-$pkgver.tar.gz" -options="!check" +source="http://www.$pkgname.org/release/$pkgname-$pkgver.tar.gz + CVE-2020-8037.patch + " # secfixes: +# 4.9.3-r1: +# - CVE-2020-8037 +# 4.9.3-r0: +# - CVE-2017-16808 # (AoE) +# - CVE-2018-14468 # (FrameRelay) +# - CVE-2018-14469 # (IKEv1) +# - CVE-2018-14470 # (BABEL) +# - CVE-2018-14466 # (AFS/RX) +# - CVE-2018-14461 # (LDP) +# - CVE-2018-14462 # (ICMP) +# - CVE-2018-14465 # (RSVP) +# - CVE-2018-14881 # (BGP) +# - CVE-2018-14464 # (LMP) +# - CVE-2018-14463 # (VRRP) +# - CVE-2018-14467 # (BGP) +# - CVE-2018-10103 # (SMB - partially fixed, but SMB printing disabled) +# - CVE-2018-10105 # (SMB - too unreliably reproduced, SMB printing disabled) +# - CVE-2018-14880 # (OSPF6) +# - CVE-2018-16451 # (SMB) +# - CVE-2018-14882 # (RPL) +# - CVE-2018-16227 # (802.11) +# - CVE-2018-16229 # (DCCP) +# - CVE-2018-16301 # (was fixed in libpcap) +# - CVE-2018-16230 # (BGP) +# - CVE-2018-16452 # (SMB) +# - CVE-2018-16300 # (BGP) +# - CVE-2018-16228 # (HNCP) +# - CVE-2019-15166 # (LMP) +# - CVE-2019-15167 # (VRRP) +# - CVE-2018-14879 # (tcpdump -V) # 4.9.0-r0: # - CVE-2016-7922 # - CVE-2016-7923 @@ -60,10 +91,6 @@ options="!check" builddir="$srcdir"/$pkgname-$pkgver -prepare() { - cd "$builddir" - update_config_sub -} build () { cd "$builddir" @@ -88,4 +115,5 @@ package() { rm -f "$pkgdir"/usr/sbin/tcpdump.4* } -sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz" +sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz +f53b5557ad2c68c28bbd6121b637ade43937ce4956fa9c2c8b187e8c62726c018509eb728f7f7479d078c9018f091f64114944b2d6106e6214662899f880445a CVE-2020-8037.patch" diff --git a/main/tcpdump/CVE-2020-8037.patch b/main/tcpdump/CVE-2020-8037.patch new file mode 100644 index 00000000000..2852845eb74 --- /dev/null +++ b/main/tcpdump/CVE-2020-8037.patch @@ -0,0 +1,63 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris <guy@alum.mit.edu> +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 891761728..33fb03412 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD index f971dc226e1..3d271c761f3 100644 --- a/main/tzdata/APKBUILD +++ b/main/tzdata/APKBUILD @@ -2,18 +2,14 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=tzdata -pkgver=2019c -_tzcodever=2019c +pkgver=2020c +_tzcodever=2020c _ptzver=0.5 -pkgrel=0 +pkgrel=1 pkgdesc="Timezone data" url="https://www.iana.org/time-zones" arch="all" license="Public-Domain" -depends="" -depends_dev="" -makedepends="" -install="" subpackages="$pkgname-doc" source="https://www.iana.org/time-zones/repository/releases/tzcode$_tzcodever.tar.gz https://www.iana.org/time-zones/repository/releases/tzdata$pkgver.tar.gz @@ -24,11 +20,10 @@ source="https://www.iana.org/time-zones/repository/releases/tzcode$_tzcodever.ta builddir="$srcdir" _timezones="africa antarctica asia australasia europe northamerica \ - southamerica pacificnew etcetera backward systemv factory" + southamerica etcetera backward factory" options="!check" # Testsuite require nsgmls (SP) build() { - cd "$builddir" make cc="${CC:-gcc}" CFLAGS="$CFLAGS -DHAVE_STDINT_H=1" TZDIR="/usr/share/zoneinfo" @@ -37,13 +32,11 @@ build() { } package() { - cd "$builddir" + ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo $_timezones + ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/right -L leapseconds $_timezones + #./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/posix $_timezones - ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo ${_timezones} - ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/right -L leapseconds ${_timezones} - #./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo/posix ${_timezones} - - ./zic -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo -p America/New_York + ./zic -b fat -y ./yearistype -d "$pkgdir"/usr/share/zoneinfo -p America/New_York install -m444 -t "$pkgdir"/usr/share/zoneinfo iso3166.tab zone1970.tab zone.tab mkdir -p "$pkgdir"/usr/sbin @@ -57,8 +50,8 @@ package() { "$pkgdir"/usr/bin/posixtz } -sha512sums="61ef36385f501c338c263081486de0d1fccd454b86f8777b0dbad4ea3f21bbde059d0a91c23e207b167ed013127d3db8b7528f0188814a8b44d1f946b19d9b8b tzcode2019c.tar.gz -2921cbb2fd44a6b8f7f2ed42c13fbae28195aa5c2eeefa70396bc97cdbaad679c6cc3c143da82cca5b0279065c02389e9af536904288c12886bf345baa8c6565 tzdata2019c.tar.gz +sha512sums="c77fa69d2a005ba7cff602b2267983fd01613f81385bc13c90b9581d69fb0ac73491641cac81e0e5d7dd00ed120c45103859902c2d10da9d25c98b33354f88f7 tzcode2020c.tar.gz +bbd66fe236ba0949261cb238bfed454c03b4500b239dc38f1b8fef8d229136f5964c1a8386fe54484e4e5e34a3c28a7b66ee7374ff7e0dd07865d78fc53bf96c tzdata2020c.tar.gz 68dbaab9f4aef166ac2f2d40b49366527b840bebe17a47599fe38345835e4adb8a767910745ece9c384b57af815a871243c3e261a29f41d71f8054df3061b3fd posixtz-0.5.tar.xz 0f2a10ee2bb4007f57b59123d1a0b8ef6accf99e568f21537f0bb19f290fff46e24050f55f12569d7787be600e1b62aa790ea85a333153f3ea081a812c81b1b5 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch fb322ab7867517ba39265d56d3576cbcea107c205d524e87015c1819bbb7361f7322232ee3b86ea9b8df2886e7e06a6424e3ac83b2006be290a33856c7d40ac4 0002-fix-implicit-declaration-warnings-by-including-strin.patch" diff --git a/main/unbound/APKBUILD b/main/unbound/APKBUILD index 22a28e2c860..2d3c22a8727 100644 --- a/main/unbound/APKBUILD +++ b/main/unbound/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=unbound pkgver=1.8.3 -pkgrel=3 +pkgrel=4 pkgdesc="Unbound is a validating, recursive, and caching DNS resolver" url="http://unbound.net/" arch="all" @@ -22,6 +22,7 @@ source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz update-unbound-root-hints CVE-2019-16866.patch CVE-2019-18934.patch + CVE-2020-12662_CVE-2020-12663.patch migrate-dnscache-to-unbound root.hints $pkgname.initd @@ -30,8 +31,11 @@ source="https://unbound.net/downloads/$pkgname-$pkgver.tar.gz builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.8.3-r4: +# - CVE-2020-12662 +# - CVE-2020-12663 # 1.8.3-r3: -# - CVE-2019-18934 +# - CVE-2019-18934 # 1.8.3-r2: # - CVE-2019-16866 @@ -111,7 +115,8 @@ bd51769e3e2d6035df1abbf220038a56a69795a092b5f31005e1910c6c88e334d7e71fe16d874885 b16b7b15392c0d560718ee543f1eebc5617085fb30d61cddc20dd948bd8b1634ee5b2de1c9cb172a6c0d1c5bbaf98b6fd39816d39c72a43ff619455449e668ac update-unbound-root-hints da578f620bc1abca4a53bb3448c023c59ccd33c0d560603ab5e6caf7eebd8e4d8a2401f2e4ebbcf1124f168699be02a489ae27d7b723f9b67678592ecea30529 CVE-2019-16866.patch b2ae6363d89c4effa9e926210c4b876eb8fefa79bf459047107e6fb8eb8aca2b9844a4a8bdabe361248be2eeb36519aac7bbc4fe7b805447958088bcc18a83d2 CVE-2019-18934.patch -b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound +9362936e4ce7c3f391590526423c7f13c596bc71db6b643056bcf885797a26ea74e44e920383b6af6ac56294f5dc9529dded96645f519a377269f920e9a8cf68 CVE-2020-12662_CVE-2020-12663.patch 0dca3470ed4ca9b76d6f47f5d20e92924e6648f0870d8594fe6735d8f1cdfeeee7296301066c2a8b2b94f7daed86c15efe00c301ca27e435e5dd2c85508dc9c8 root.hints +b26a13c1c88da9611a65705dc59f7233c5e0f6aced0d7d66c18536a969a2de627ca5d4bb55eedd81f2f040fa11bde48eaaeca2850f376e72e7a531678a259131 migrate-dnscache-to-unbound a2b39cb00d342c3bae70ae714dc2bd7c15d0475b35f7afff11fb0bd4c1786f83dd5425a5900a7b4d6c17915a6c546e37f82404bceb44f79c054629e999f23152 unbound.initd 40c660f275a78f93677761f52bdf7ef151941e8469dd17767a947dbe575880e0d113c320d15c7ea7e12ef636d8ec9453eeae804619678293fa35e3d4c7e75a71 unbound.confd" diff --git a/main/unbound/CVE-2020-12662_CVE-2020-12663.patch b/main/unbound/CVE-2020-12662_CVE-2020-12663.patch new file mode 100644 index 00000000000..961d4d16e05 --- /dev/null +++ b/main/unbound/CVE-2020-12662_CVE-2020-12663.patch @@ -0,0 +1,948 @@ +diff --git a/iterator/iter_delegpt.c b/iterator/iter_delegpt.c +index f88b3e1..9a672b0 100644 +--- a/iterator/iter_delegpt.c ++++ b/iterator/iter_delegpt.c +@@ -84,7 +84,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) + } + for(a = dp->target_list; a; a = a->next_target) { + if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen, +- a->bogus, a->lame, a->tls_auth_name)) ++ a->bogus, a->lame, a->tls_auth_name, NULL)) + return NULL; + } + return copy; +@@ -161,7 +161,7 @@ delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, + int + delegpt_add_target(struct delegpt* dp, struct regional* region, + uint8_t* name, size_t namelen, struct sockaddr_storage* addr, +- socklen_t addrlen, uint8_t bogus, uint8_t lame) ++ socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions) + { + struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); + log_assert(!dp->dp_type_mlc); +@@ -176,13 +176,14 @@ delegpt_add_target(struct delegpt* dp, struct regional* region, + if(ns->got4 && ns->got6) + ns->resolved = 1; + } +- return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, NULL); ++ return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, NULL, ++ additions); + } + + int + delegpt_add_addr(struct delegpt* dp, struct regional* region, + struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, +- uint8_t lame, char* tls_auth_name) ++ uint8_t lame, char* tls_auth_name, int* additions) + { + struct delegpt_addr* a; + log_assert(!dp->dp_type_mlc); +@@ -194,6 +195,8 @@ delegpt_add_addr(struct delegpt* dp, struct regional* region, + a->lame = 0; + return 1; + } ++ if(additions) ++ *additions = 1; + + a = (struct delegpt_addr*)regional_alloc(region, + sizeof(struct delegpt_addr)); +@@ -382,10 +385,10 @@ delegpt_from_message(struct dns_msg* msg, struct regional* region) + continue; + + if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) { +- if(!delegpt_add_rrset_A(dp, region, s, 0)) ++ if(!delegpt_add_rrset_A(dp, region, s, 0, NULL)) + return NULL; + } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) { +- if(!delegpt_add_rrset_AAAA(dp, region, s, 0)) ++ if(!delegpt_add_rrset_AAAA(dp, region, s, 0, NULL)) + return NULL; + } + } +@@ -416,7 +419,7 @@ delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, + + int + delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, +- struct ub_packed_rrset_key* ak, uint8_t lame) ++ struct ub_packed_rrset_key* ak, uint8_t lame, int* additions) + { + struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; + size_t i; +@@ -432,7 +435,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, + memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE); + if(!delegpt_add_target(dp, region, ak->rk.dname, + ak->rk.dname_len, (struct sockaddr_storage*)&sa, +- len, (d->security==sec_status_bogus), lame)) ++ len, (d->security==sec_status_bogus), lame, additions)) + return 0; + } + return 1; +@@ -440,7 +443,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, + + int + delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, +- struct ub_packed_rrset_key* ak, uint8_t lame) ++ struct ub_packed_rrset_key* ak, uint8_t lame, int* additions) + { + struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; + size_t i; +@@ -456,7 +459,7 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, + memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE); + if(!delegpt_add_target(dp, region, ak->rk.dname, + ak->rk.dname_len, (struct sockaddr_storage*)&sa, +- len, (d->security==sec_status_bogus), lame)) ++ len, (d->security==sec_status_bogus), lame, additions)) + return 0; + } + return 1; +@@ -464,20 +467,33 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, + + int + delegpt_add_rrset(struct delegpt* dp, struct regional* region, +- struct ub_packed_rrset_key* rrset, uint8_t lame) ++ struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions) + { + if(!rrset) + return 1; + if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS) + return delegpt_rrset_add_ns(dp, region, rrset, lame); + else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A) +- return delegpt_add_rrset_A(dp, region, rrset, lame); ++ return delegpt_add_rrset_A(dp, region, rrset, lame, additions); + else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA) +- return delegpt_add_rrset_AAAA(dp, region, rrset, lame); ++ return delegpt_add_rrset_AAAA(dp, region, rrset, lame, ++ additions); + log_warn("Unknown rrset type added to delegpt"); + return 1; + } + ++void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype) ++{ ++ if(ns) { ++ if(qtype == LDNS_RR_TYPE_A) ++ ns->got4 = 2; ++ else if(qtype == LDNS_RR_TYPE_AAAA) ++ ns->got6 = 2; ++ if(ns->got4 && ns->got6) ++ ns->resolved = 1; ++ } ++} ++ + void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) + { + struct reply_info* rep = (struct reply_info*)msg->entry.data; +@@ -487,14 +503,7 @@ void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) + if(FLAGS_GET_RCODE(rep->flags) != 0 || rep->an_numrrsets == 0) { + struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname, + msg->key.qname_len); +- if(ns) { +- if(msg->key.qtype == LDNS_RR_TYPE_A) +- ns->got4 = 1; +- else if(msg->key.qtype == LDNS_RR_TYPE_AAAA) +- ns->got6 = 1; +- if(ns->got4 && ns->got6) +- ns->resolved = 1; +- } ++ delegpt_mark_neg(ns, msg->key.qtype); + } + } + +diff --git a/iterator/iter_delegpt.h b/iterator/iter_delegpt.h +index 6c08826..138eb6e 100644 +--- a/iterator/iter_delegpt.h ++++ b/iterator/iter_delegpt.h +@@ -106,9 +106,10 @@ struct delegpt_ns { + * and marked true if got4 and got6 are both true. + */ + int resolved; +- /** if the ipv4 address is in the delegpt */ ++ /** if the ipv4 address is in the delegpt, 0=not, 1=yes 2=negative, ++ * negative means it was done, but no content. */ + uint8_t got4; +- /** if the ipv6 address is in the delegpt */ ++ /** if the ipv6 address is in the delegpt, 0=not, 1=yes 2=negative */ + uint8_t got6; + /** + * If the name is parent-side only and thus dispreferred. +@@ -215,11 +216,12 @@ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, + * @param addrlen: the length of addr. + * @param bogus: security status for the address, pass true if bogus. + * @param lame: address is lame. ++ * @param additions: will be set to 1 if a new address is added + * @return false on error. + */ + int delegpt_add_target(struct delegpt* dp, struct regional* regional, + uint8_t* name, size_t namelen, struct sockaddr_storage* addr, +- socklen_t addrlen, uint8_t bogus, uint8_t lame); ++ socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions); + + /** + * Add A RRset to delegpt. +@@ -227,10 +229,11 @@ int delegpt_add_target(struct delegpt* dp, struct regional* regional, + * @param regional: where to allocate the info. + * @param rrset: RRset A to add. + * @param lame: rrset is lame, disprefer it. ++ * @param additions: will be set to 1 if a new address is added + * @return 0 on alloc error. + */ + int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, +- struct ub_packed_rrset_key* rrset, uint8_t lame); ++ struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); + + /** + * Add AAAA RRset to delegpt. +@@ -238,10 +241,11 @@ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, + * @param regional: where to allocate the info. + * @param rrset: RRset AAAA to add. + * @param lame: rrset is lame, disprefer it. ++ * @param additions: will be set to 1 if a new address is added + * @return 0 on alloc error. + */ + int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, +- struct ub_packed_rrset_key* rrset, uint8_t lame); ++ struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); + + /** + * Add any RRset to delegpt. +@@ -250,10 +254,11 @@ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, + * @param regional: where to allocate the info. + * @param rrset: RRset to add, NS, A, AAAA. + * @param lame: rrset is lame, disprefer it. ++ * @param additions: will be set to 1 if a new address is added + * @return 0 on alloc error. + */ + int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, +- struct ub_packed_rrset_key* rrset, uint8_t lame); ++ struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); + + /** + * Add address to the delegation point. No servername is associated or checked. +@@ -264,11 +269,12 @@ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, + * @param bogus: if address is bogus. + * @param lame: if address is lame. + * @param tls_auth_name: TLS authentication name (or NULL). ++ * @param additions: will be set to 1 if a new address is added + * @return false on error. + */ + int delegpt_add_addr(struct delegpt* dp, struct regional* regional, + struct sockaddr_storage* addr, socklen_t addrlen, +- uint8_t bogus, uint8_t lame, char* tls_auth_name); ++ uint8_t bogus, uint8_t lame, char* tls_auth_name, int* additions); + + /** + * Find NS record in name list of delegation point. +@@ -341,6 +347,14 @@ size_t delegpt_count_targets(struct delegpt* dp); + struct delegpt* delegpt_from_message(struct dns_msg* msg, + struct regional* regional); + ++/** ++ * Mark negative return in delegation point for specific nameserver. ++ * sets the got4 or got6 to negative, updates the ns->resolved. ++ * @param ns: the nameserver in the delegpt. ++ * @param qtype: A or AAAA (host order). ++ */ ++void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype); ++ + /** + * Add negative message to delegation point. + * @param dp: delegation point. +diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c +index cceec3d..aae934d 100644 +--- a/iterator/iter_scrub.c ++++ b/iterator/iter_scrub.c +@@ -185,8 +185,9 @@ mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg, + /** Get target name of a CNAME */ + static int + parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, +- size_t* snamelen) ++ size_t* snamelen, sldns_buffer* pkt) + { ++ size_t oldpos, dlen; + if(rrset->rr_count != 1) { + struct rr_parse* sig; + verbose(VERB_ALGO, "Found CNAME rrset with " +@@ -204,6 +205,19 @@ parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, + *sname = rrset->rr_first->ttl_data + sizeof(uint32_t) + + sizeof(uint16_t); /* skip ttl, rdatalen */ + *snamelen = rrset->rr_first->size - sizeof(uint16_t); ++ ++ if(rrset->rr_first->outside_packet) { ++ if(!dname_valid(*sname, *snamelen)) ++ return 0; ++ return 1; ++ } ++ oldpos = sldns_buffer_position(pkt); ++ sldns_buffer_set_position(pkt, (size_t)(*sname - sldns_buffer_begin(pkt))); ++ dlen = pkt_dname_len(pkt); ++ sldns_buffer_set_position(pkt, oldpos); ++ if(dlen == 0) ++ return 0; /* parse fail on the rdata name */ ++ *snamelen = dlen; + return 1; + } + +@@ -215,7 +229,7 @@ synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, + /* we already know that sname is a strict subdomain of DNAME owner */ + uint8_t* dtarg = NULL; + size_t dtarglen; +- if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen)) ++ if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen, pkt)) + return 0; + if(qnamelen <= dname_rrset->dname_len) + return 0; +@@ -388,7 +402,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, + /* check next cname */ + uint8_t* t = NULL; + size_t tlen = 0; +- if(!parse_get_cname_target(nx, &t, &tlen)) ++ if(!parse_get_cname_target(nx, &t, &tlen, pkt)) + return 0; + if(dname_pkt_compare(pkt, alias, t) == 0) { + /* it's OK and better capitalized */ +@@ -439,7 +453,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, + size_t tlen = 0; + if(synth_cname(sname, snamelen, nx, alias, + &aliaslen, pkt) && +- parse_get_cname_target(rrset, &t, &tlen) && ++ parse_get_cname_target(rrset, &t, &tlen, pkt) && + dname_pkt_compare(pkt, alias, t) == 0) { + /* the synthesized CNAME equals the + * current CNAME. This CNAME is the +@@ -460,7 +474,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, + } + + /* move to next name in CNAME chain */ +- if(!parse_get_cname_target(rrset, &sname, &snamelen)) ++ if(!parse_get_cname_target(rrset, &sname, &snamelen, pkt)) + return 0; + prev = rrset; + rrset = rrset->rrset_all_next; +diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c +index 2ab55ce..3c14de8 100644 +--- a/iterator/iter_utils.c ++++ b/iterator/iter_utils.c +@@ -1142,7 +1142,7 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env, + log_rrset_key(VERB_ALGO, "found parent-side", akey); + ns->done_pside4 = 1; + /* a negative-cache-element has no addresses it adds */ +- if(!delegpt_add_rrset_A(dp, region, akey, 1)) ++ if(!delegpt_add_rrset_A(dp, region, akey, 1, NULL)) + log_err("malloc failure in lookup_parent_glue"); + lock_rw_unlock(&akey->entry.lock); + } +@@ -1154,7 +1154,7 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env, + log_rrset_key(VERB_ALGO, "found parent-side", akey); + ns->done_pside6 = 1; + /* a negative-cache-element has no addresses it adds */ +- if(!delegpt_add_rrset_AAAA(dp, region, akey, 1)) ++ if(!delegpt_add_rrset_AAAA(dp, region, akey, 1, NULL)) + log_err("malloc failure in lookup_parent_glue"); + lock_rw_unlock(&akey->entry.lock); + } +diff --git a/iterator/iterator.c b/iterator/iterator.c +index 1e0113a..9d36660 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c +@@ -72,6 +72,8 @@ + /* in msec */ + int UNKNOWN_SERVER_NICENESS = 376; + ++static void target_count_increase_nx(struct iter_qstate* iq, int num); ++ + int + iter_init(struct module_env* env, int id) + { +@@ -150,6 +152,7 @@ iter_new(struct module_qstate* qstate, int id) + iq->sent_count = 0; + iq->ratelimit_ok = 0; + iq->target_count = NULL; ++ iq->dp_target_count = 0; + iq->wait_priming_stub = 0; + iq->refetch_glue = 0; + iq->dnssec_expected = 0; +@@ -221,6 +224,7 @@ final_state(struct iter_qstate* iq) + static void + error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) + { ++ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; + struct iter_qstate* super_iq = (struct iter_qstate*)super->minfo[id]; + + if(qstate->qinfo.qtype == LDNS_RR_TYPE_A || +@@ -246,7 +250,11 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) + super->region, super_iq->dp)) + log_err("out of memory adding missing"); + } ++ delegpt_mark_neg(dpns, qstate->qinfo.qtype); + dpns->resolved = 1; /* mark as failed */ ++ if((dpns->got4 == 2 || !ie->supports_ipv4) && ++ (dpns->got6 == 2 || !ie->supports_ipv6)) ++ target_count_increase_nx(super_iq, 1); + } + if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS) { + /* prime failed to get delegation */ +@@ -621,7 +629,7 @@ static void + target_count_create(struct iter_qstate* iq) + { + if(!iq->target_count) { +- iq->target_count = (int*)calloc(2, sizeof(int)); ++ iq->target_count = (int*)calloc(3, sizeof(int)); + /* if calloc fails we simply do not track this number */ + if(iq->target_count) + iq->target_count[0] = 1; +@@ -634,6 +642,15 @@ target_count_increase(struct iter_qstate* iq, int num) + target_count_create(iq); + if(iq->target_count) + iq->target_count[1] += num; ++ iq->dp_target_count++; ++} ++ ++static void ++target_count_increase_nx(struct iter_qstate* iq, int num) ++{ ++ target_count_create(iq); ++ if(iq->target_count) ++ iq->target_count[2] += num; + } + + /** +@@ -656,13 +673,15 @@ target_count_increase(struct iter_qstate* iq, int num) + * @param subq_ret: if newly allocated, the subquerystate, or NULL if it does + * not need initialisation. + * @param v: if true, validation is done on the subquery. ++ * @param detached: true if this qstate should not attach to the subquery + * @return false on error (malloc). + */ + static int + generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, + uint16_t qclass, struct module_qstate* qstate, int id, + struct iter_qstate* iq, enum iter_state initial_state, +- enum iter_state finalstate, struct module_qstate** subq_ret, int v) ++ enum iter_state finalstate, struct module_qstate** subq_ret, int v, ++ int detached) + { + struct module_qstate* subq = NULL; + struct iter_qstate* subiq = NULL; +@@ -689,11 +708,23 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, + valrec = 1; + } + +- /* attach subquery, lookup existing or make a new one */ +- fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); +- if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec, +- &subq)) { +- return 0; ++ if(detached) { ++ struct mesh_state* sub = NULL; ++ fptr_ok(fptr_whitelist_modenv_add_sub( ++ qstate->env->add_sub)); ++ if(!(*qstate->env->add_sub)(qstate, &qinf, ++ qflags, prime, valrec, &subq, &sub)){ ++ return 0; ++ } ++ } ++ else { ++ /* attach subquery, lookup existing or make a new one */ ++ fptr_ok(fptr_whitelist_modenv_attach_sub( ++ qstate->env->attach_sub)); ++ if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, ++ valrec, &subq)) { ++ return 0; ++ } + } + *subq_ret = subq; + if(subq) { +@@ -716,6 +747,7 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, + subiq->target_count = iq->target_count; + if(iq->target_count) + iq->target_count[0] ++; /* extra reference */ ++ subiq->dp_target_count = 0; + subiq->num_current_queries = 0; + subiq->depth = iq->depth+1; + outbound_list_init(&subiq->outlist); +@@ -759,7 +791,7 @@ prime_root(struct module_qstate* qstate, struct iter_qstate* iq, int id, + * the normal INIT state logic (which would cause an infloop). */ + if(!generate_sub_request((uint8_t*)"\000", 1, LDNS_RR_TYPE_NS, + qclass, qstate, id, iq, QUERYTARGETS_STATE, PRIME_RESP_STATE, +- &subq, 0)) { ++ &subq, 0, 0)) { + verbose(VERB_ALGO, "could not prime root"); + return 0; + } +@@ -850,7 +882,7 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq, int id, + * redundant INIT state processing. */ + if(!generate_sub_request(stub_dp->name, stub_dp->namelen, + LDNS_RR_TYPE_NS, qclass, qstate, id, iq, +- QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0)) { ++ QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0, 0)) { + verbose(VERB_ALGO, "could not prime stub"); + errinf(qstate, "could not generate lookup for stub prime"); + (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); +@@ -1025,7 +1057,7 @@ generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq, + if(!generate_sub_request(s->rk.dname, s->rk.dname_len, + ntohs(s->rk.type), ntohs(s->rk.rrset_class), + qstate, id, iq, +- INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { + verbose(VERB_ALGO, "could not generate addr check"); + return; + } +@@ -1069,7 +1101,7 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id) + iq->dp->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); + if(!generate_sub_request(iq->dp->name, iq->dp->namelen, + LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, +- INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { + verbose(VERB_ALGO, "could not generate ns check"); + return; + } +@@ -1126,7 +1158,7 @@ generate_dnskey_prefetch(struct module_qstate* qstate, + iq->dp->name, LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass); + if(!generate_sub_request(iq->dp->name, iq->dp->namelen, + LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass, qstate, id, iq, +- INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) { + /* we'll be slower, but it'll work */ + verbose(VERB_ALGO, "could not generate dnskey prefetch"); + return; +@@ -1315,6 +1347,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, + iq->refetch_glue = 0; + iq->query_restart_count++; + iq->sent_count = 0; ++ iq->dp_target_count = 0; + sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); + if(qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; +@@ -1693,7 +1726,7 @@ generate_parentside_target_query(struct module_qstate* qstate, + { + struct module_qstate* subq; + if(!generate_sub_request(name, namelen, qtype, qclass, qstate, +- id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) ++ id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) + return 0; + if(subq) { + struct iter_qstate* subiq = +@@ -1744,7 +1777,7 @@ generate_target_query(struct module_qstate* qstate, struct iter_qstate* iq, + { + struct module_qstate* subq; + if(!generate_sub_request(name, namelen, qtype, qclass, qstate, +- id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) ++ id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) + return 0; + log_nametypeclass(VERB_QUERY, "new target", name, qtype, qclass); + return 1; +@@ -1783,6 +1816,14 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, + "number of glue fetches %d", s, iq->target_count[1]); + return 0; + } ++ if(iq->dp_target_count > MAX_DP_TARGET_COUNT) { ++ char s[LDNS_MAX_DOMAINLEN+1]; ++ dname_str(qstate->qinfo.qname, s); ++ verbose(VERB_QUERY, "request %s has exceeded the maximum " ++ "number of glue fetches %d to a single delegation point", ++ s, iq->dp_target_count); ++ return 0; ++ } + + iter_mark_cycle_targets(qstate, iq->dp); + missing = (int)delegpt_count_missing_targets(iq->dp); +@@ -1896,7 +1937,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, + for(a = p->target_list; a; a=a->next_target) { + (void)delegpt_add_addr(iq->dp, qstate->region, + &a->addr, a->addrlen, a->bogus, +- a->lame, a->tls_auth_name); ++ a->lame, a->tls_auth_name, NULL); + } + } + iq->dp->has_parent_side_NS = 1; +@@ -1913,6 +1954,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, + iq->refetch_glue = 1; + iq->query_restart_count++; + iq->sent_count = 0; ++ iq->dp_target_count = 0; + if(qstate->env->cfg->qname_minimisation) + iq->minimisation_state = INIT_MINIMISE_STATE; + return next_state(iq, INIT_REQUEST_STATE); +@@ -2078,7 +2120,7 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) + iq->dsns_point, LDNS_RR_TYPE_NS, iq->qchase.qclass); + if(!generate_sub_request(iq->dsns_point, iq->dsns_point_len, + LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, +- INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) { + errinf_dname(qstate, "for DS query parent-child nameserver search, could not generate NS lookup for", iq->dsns_point); + return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); + } +@@ -2136,6 +2178,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + errinf(qstate, "exceeded the maximum number of sends"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } ++ if(iq->target_count && iq->target_count[2] > MAX_TARGET_NX) { ++ verbose(VERB_QUERY, "request has exceeded the maximum " ++ " number of nxdomain nameserver lookups with %d", ++ iq->target_count[2]); ++ errinf(qstate, "exceeded the maximum nameserver nxdomains"); ++ return error_response(qstate, id, LDNS_RCODE_SERVFAIL); ++ } + + /* Make sure we have a delegation point, otherwise priming failed + * or another failure occurred */ +@@ -2240,12 +2289,41 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + iq->qinfo_out.qtype, iq->qinfo_out.qclass, + qstate->query_flags, qstate->region, + qstate->env->scratch, 0); +- if(msg && msg->rep->an_numrrsets == 0 +- && FLAGS_GET_RCODE(msg->rep->flags) == ++ if(msg && FLAGS_GET_RCODE(msg->rep->flags) == + LDNS_RCODE_NOERROR) + /* no need to send query if it is already +- * cached as NOERROR/NODATA */ ++ * cached as NOERROR */ + return 1; ++ if(msg && FLAGS_GET_RCODE(msg->rep->flags) == ++ LDNS_RCODE_NXDOMAIN && ++ qstate->env->need_to_validate && ++ qstate->env->cfg->harden_below_nxdomain) { ++ if(msg->rep->security == sec_status_secure) { ++ iq->response = msg; ++ return final_state(iq); ++ } ++ if(msg->rep->security == sec_status_unchecked) { ++ struct module_qstate* subq = NULL; ++ if(!generate_sub_request( ++ iq->qinfo_out.qname, ++ iq->qinfo_out.qname_len, ++ iq->qinfo_out.qtype, ++ iq->qinfo_out.qclass, ++ qstate, id, iq, ++ INIT_REQUEST_STATE, ++ FINISHED_STATE, &subq, 1, 1)) ++ verbose(VERB_ALGO, ++ "could not validate NXDOMAIN " ++ "response"); ++ } ++ } ++ if(msg && FLAGS_GET_RCODE(msg->rep->flags) == ++ LDNS_RCODE_NXDOMAIN) { ++ /* return and add a label in the next ++ * minimisation iteration. ++ */ ++ return 1; ++ } + } + } + if(iq->minimisation_state == SKIP_MINIMISE_STATE) { +@@ -2321,6 +2399,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + * generated query will immediately be discarded due to depth and + * that servfail is cached, which is not good as opportunism goes. */ + if(iq->depth < ie->max_dependency_depth ++ && iq->num_target_queries == 0 ++ && (!iq->target_count || iq->target_count[2]==0) + && iq->sent_count < TARGET_FETCH_STOP) { + tf_policy = ie->target_fetch_policy[iq->depth]; + } +@@ -2366,6 +2446,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + iq->num_current_queries++; /* RespState decrements it*/ + iq->referral_count++; /* make sure we don't loop */ + iq->sent_count = 0; ++ iq->dp_target_count = 0; + iq->state = QUERY_RESP_STATE; + return 1; + } +@@ -2453,6 +2534,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, + iq->num_current_queries++; /* RespState decrements it*/ + iq->referral_count++; /* make sure we don't loop */ + iq->sent_count = 0; ++ iq->dp_target_count = 0; + iq->state = QUERY_RESP_STATE; + return 1; + } +@@ -2747,7 +2829,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + /* Make subrequest to validate intermediate + * NXDOMAIN if harden-below-nxdomain is + * enabled. */ +- if(qstate->env->cfg->harden_below_nxdomain) { ++ if(qstate->env->cfg->harden_below_nxdomain && ++ qstate->env->need_to_validate) { + struct module_qstate* subq = NULL; + log_query_info(VERB_QUERY, + "schedule NXDOMAIN validation:", +@@ -2759,16 +2842,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + iq->response->qinfo.qclass, + qstate, id, iq, + INIT_REQUEST_STATE, +- FINISHED_STATE, &subq, 1)) ++ FINISHED_STATE, &subq, 1, 1)) + verbose(VERB_ALGO, + "could not validate NXDOMAIN " + "response"); +- outbound_list_clear(&iq->outlist); +- iq->num_current_queries = 0; +- fptr_ok(fptr_whitelist_modenv_detach_subs( +- qstate->env->detach_subs)); +- (*qstate->env->detach_subs)(qstate); +- iq->num_target_queries = 0; + } + } + return next_state(iq, QUERYTARGETS_STATE); +@@ -2852,6 +2929,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + /* Count this as a referral. */ + iq->referral_count++; + iq->sent_count = 0; ++ iq->dp_target_count = 0; + /* see if the next dp is a trust anchor, or a DS was sent + * along, indicating dnssec is expected for next zone */ + iq->dnssec_expected = iter_indicates_dnssec(qstate->env, +@@ -2928,6 +3006,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, + iq->dsns_point = NULL; + iq->auth_zone_response = 0; + iq->sent_count = 0; ++ iq->dp_target_count = 0; + if(iq->minimisation_state != MINIMISE_STATE) + /* Only count as query restart when it is not an extra + * query as result of qname minimisation. */ +@@ -3120,7 +3199,7 @@ processPrimeResponse(struct module_qstate* qstate, int id) + if(!generate_sub_request(qstate->qinfo.qname, + qstate->qinfo.qname_len, qstate->qinfo.qtype, + qstate->qinfo.qclass, qstate, id, iq, +- INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { + verbose(VERB_ALGO, "could not generate prime check"); + } + generate_a_aaaa_check(qstate, iq, id); +@@ -3148,6 +3227,7 @@ static void + processTargetResponse(struct module_qstate* qstate, int id, + struct module_qstate* forq) + { ++ struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; + struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; + struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; + struct ub_packed_rrset_key* rrset; +@@ -3185,7 +3265,7 @@ processTargetResponse(struct module_qstate* qstate, int id, + log_rrset_key(VERB_ALGO, "add parentside glue to dp", + iq->pside_glue); + if(!delegpt_add_rrset(foriq->dp, forq->region, +- iq->pside_glue, 1)) ++ iq->pside_glue, 1, NULL)) + log_err("out of memory adding pside glue"); + } + +@@ -3196,6 +3276,7 @@ processTargetResponse(struct module_qstate* qstate, int id, + * response type was ANSWER. */ + rrset = reply_find_answer_rrset(&iq->qchase, qstate->return_msg->rep); + if(rrset) { ++ int additions = 0; + /* if CNAMEs have been followed - add new NS to delegpt. */ + /* BTW. RFC 1918 says NS should not have got CNAMEs. Robust. */ + if(!delegpt_find_ns(foriq->dp, rrset->rk.dname, +@@ -3207,13 +3288,23 @@ processTargetResponse(struct module_qstate* qstate, int id, + } + /* if dpns->lame then set the address(es) lame too */ + if(!delegpt_add_rrset(foriq->dp, forq->region, rrset, +- dpns->lame)) ++ dpns->lame, &additions)) + log_err("out of memory adding targets"); ++ if(!additions) { ++ /* no new addresses, increase the nxns counter, like ++ * this could be a list of wildcards with no new ++ * addresses */ ++ target_count_increase_nx(foriq, 1); ++ } + verbose(VERB_ALGO, "added target response"); + delegpt_log(VERB_ALGO, foriq->dp); + } else { + verbose(VERB_ALGO, "iterator TargetResponse failed"); ++ delegpt_mark_neg(dpns, qstate->qinfo.qtype); + dpns->resolved = 1; /* fail the target */ ++ if((dpns->got4 == 2 || !ie->supports_ipv4) && ++ (dpns->got6 == 2 || !ie->supports_ipv6)) ++ target_count_increase_nx(foriq, 1); + } + } + +@@ -3387,7 +3478,7 @@ processCollectClass(struct module_qstate* qstate, int id) + qstate->qinfo.qname_len, qstate->qinfo.qtype, + c, qstate, id, iq, INIT_REQUEST_STATE, + FINISHED_STATE, &subq, +- (int)!(qstate->query_flags&BIT_CD))) { ++ (int)!(qstate->query_flags&BIT_CD), 0)) { + errinf(qstate, "could not generate class ANY" + " lookup query"); + return error_response(qstate, id, +diff --git a/iterator/iterator.h b/iterator/iterator.h +index a2f1b57..53dcab3 100644 +--- a/iterator/iterator.h ++++ b/iterator/iterator.h +@@ -55,6 +55,11 @@ struct rbtree_type; + + /** max number of targets spawned for a query and its subqueries */ + #define MAX_TARGET_COUNT 64 ++/** max number of target lookups per qstate, per delegation point */ ++#define MAX_DP_TARGET_COUNT 16 ++/** max number of nxdomains allowed for target lookups for a query and ++ * its subqueries */ ++#define MAX_TARGET_NX 5 + /** max number of query restarts. Determines max number of CNAME chain. */ + #define MAX_RESTART_COUNT 8 + /** max number of referrals. Makes sure resolver does not run away */ +@@ -305,9 +310,14 @@ struct iter_qstate { + int sent_count; + + /** number of target queries spawned in [1], for this query and its +- * subqueries, the malloced-array is shared, [0] refcount. */ ++ * subqueries, the malloced-array is shared, [0] refcount. ++ * in [2] the number of nxdomains is counted. */ + int* target_count; + ++ /** number of target lookups per delegation point. Reset to 0 after ++ * receiving referral answer. Not shared with subqueries. */ ++ int dp_target_count; ++ + /** if true, already tested for ratelimiting and passed the test */ + int ratelimit_ok; + +diff --git a/services/cache/dns.c b/services/cache/dns.c +index aa4efec..affe837 100644 +--- a/services/cache/dns.c ++++ b/services/cache/dns.c +@@ -272,7 +272,7 @@ find_add_addrs(struct module_env* env, uint16_t qclass, + akey = rrset_cache_lookup(env->rrset_cache, ns->name, + ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); + if(akey) { +- if(!delegpt_add_rrset_A(dp, region, akey, 0)) { ++ if(!delegpt_add_rrset_A(dp, region, akey, 0, NULL)) { + lock_rw_unlock(&akey->entry.lock); + return 0; + } +@@ -292,7 +292,7 @@ find_add_addrs(struct module_env* env, uint16_t qclass, + akey = rrset_cache_lookup(env->rrset_cache, ns->name, + ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + if(akey) { +- if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) { ++ if(!delegpt_add_rrset_AAAA(dp, region, akey, 0, NULL)) { + lock_rw_unlock(&akey->entry.lock); + return 0; + } +@@ -326,7 +326,8 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, + akey = rrset_cache_lookup(env->rrset_cache, ns->name, + ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); + if(akey) { +- if(!delegpt_add_rrset_A(dp, region, akey, ns->lame)) { ++ if(!delegpt_add_rrset_A(dp, region, akey, ns->lame, ++ NULL)) { + lock_rw_unlock(&akey->entry.lock); + return 0; + } +@@ -346,7 +347,8 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, + akey = rrset_cache_lookup(env->rrset_cache, ns->name, + ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); + if(akey) { +- if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame)) { ++ if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame, ++ NULL)) { + lock_rw_unlock(&akey->entry.lock); + return 0; + } +diff --git a/util/data/dname.c b/util/data/dname.c +index 9f25e1e..27ff07d 100644 +--- a/util/data/dname.c ++++ b/util/data/dname.c +@@ -233,17 +233,28 @@ int + dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2) + { + uint8_t len1, len2; ++ int count1 = 0, count2 = 0; + log_assert(pkt && d1 && d2); + len1 = *d1++; + len2 = *d2++; + while( len1 != 0 || len2 != 0 ) { + /* resolve ptrs */ + if(LABEL_IS_PTR(len1)) { ++ if((size_t)PTR_OFFSET(len1, *d1) ++ >= sldns_buffer_limit(pkt)) ++ return -1; ++ if(count1++ > MAX_COMPRESS_PTRS) ++ return -1; + d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); + len1 = *d1++; + continue; + } + if(LABEL_IS_PTR(len2)) { ++ if((size_t)PTR_OFFSET(len2, *d2) ++ >= sldns_buffer_limit(pkt)) ++ return 1; ++ if(count2++ > MAX_COMPRESS_PTRS) ++ return 1; + d2 = sldns_buffer_at(pkt, PTR_OFFSET(len2, *d2)); + len2 = *d2++; + continue; +@@ -302,12 +313,18 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) + uint8_t labuf[LDNS_MAX_LABELLEN+1]; + uint8_t lablen; + int i; ++ int count = 0; + + /* preserve case of query, make hash label by label */ + lablen = *dname++; + while(lablen) { + if(LABEL_IS_PTR(lablen)) { + /* follow pointer */ ++ if((size_t)PTR_OFFSET(lablen, *dname) ++ >= sldns_buffer_limit(pkt)) ++ return h; ++ if(count++ > MAX_COMPRESS_PTRS) ++ return h; + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; +@@ -341,6 +358,9 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) + return; + } + /* follow pointer */ ++ if((size_t)PTR_OFFSET(lablen, *dname) ++ >= sldns_buffer_limit(pkt)) ++ return; + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; +@@ -369,6 +389,7 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) + void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) + { + uint8_t lablen; ++ int count = 0; + if(!out) out = stdout; + if(!dname) return; + +@@ -382,6 +403,15 @@ void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) + fputs("??compressionptr??", out); + return; + } ++ if((size_t)PTR_OFFSET(lablen, *dname) ++ >= sldns_buffer_limit(pkt)) { ++ fputs("??compressionptr??", out); ++ return; ++ } ++ if(count++ > MAX_COMPRESS_PTRS) { ++ fputs("??compressionptr??", out); ++ return; ++ } + dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); + lablen = *dname++; + continue; +diff --git a/util/data/msgparse.c b/util/data/msgparse.c +index fb31237..7c32618 100644 +--- a/util/data/msgparse.c ++++ b/util/data/msgparse.c +@@ -55,7 +55,11 @@ smart_compare(sldns_buffer* pkt, uint8_t* dnow, + { + if(LABEL_IS_PTR(*dnow)) { + /* ptr points to a previous dname */ +- uint8_t* p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); ++ uint8_t* p; ++ if((size_t)PTR_OFFSET(dnow[0], dnow[1]) ++ >= sldns_buffer_limit(pkt)) ++ return -1; ++ p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); + if( p == dprfirst || p == dprlast ) + return 0; + /* prev dname is also a ptr, both ptrs are the same. */ + diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD index a4be378d782..3dc0ea49f38 100644 --- a/main/unzip/APKBUILD +++ b/main/unzip/APKBUILD @@ -3,7 +3,7 @@ pkgname=unzip pkgver=6.0 _pkgver=${pkgver//./} -pkgrel=5 +pkgrel=6 pkgdesc="Extract PKZIP-compatible .zip files" url="http://www.info-zip.org/UnZip.html" arch="all" @@ -22,12 +22,12 @@ source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz CVE-2016-9844.patch CVE-2018-1000035.patch fix-CVE-2014-8139.patch - CVE-2019-13232.patch::https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch + CVE-2019-13232.patch " builddir="$srcdir/$pkgname$_pkgver" # secfixes: -# 6.0-r5: +# 6.0-r6: # - CVE-2019-13232 # 6.0-r3: # - CVE-2014-8139 @@ -67,4 +67,4 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch 13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch -aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 CVE-2019-13232.patch" +d11758bda3b022f1adb4031bfbc770c6391e3470f3126ec5a4d3d2800d5452245eee26256f539d60adee33f01ba8ba8345299736cd9568da1242f6f739e4a598 CVE-2019-13232.patch" diff --git a/main/unzip/CVE-2019-13232.patch b/main/unzip/CVE-2019-13232.patch new file mode 100644 index 00000000000..01e343a356f --- /dev/null +++ b/main/unzip/CVE-2019-13232.patch @@ -0,0 +1,487 @@ +From 47b3ceae397d21bf822bc2ac73052a4b1daf8e1c Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Tue, 11 Jun 2019 22:01:18 -0700 +Subject: [PATCH] Detect and reject a zip bomb using overlapped entries. + +This detects an invalid zip file that has at least one entry that +overlaps with another entry or with the central directory to the +end of the file. A Fifield zip bomb uses overlapped local entries +to vastly increase the potential inflation ratio. Such an invalid +zip file is rejected. + +See https://www.bamsoftware.com/hacks/zipbomb/ for David Fifield's +analysis, construction, and examples of such zip bombs. + +The detection maintains a list of covered spans of the zip files +so far, where the central directory to the end of the file and any +bytes preceding the first entry at zip file offset zero are +considered covered initially. Then as each entry is decompressed +or tested, it is considered covered. When a new entry is about to +be processed, its initial offset is checked to see if it is +contained by a covered span. If so, the zip file is rejected as +invalid. + +This commit depends on a preceding commit: "Fix bug in +undefer_input() that misplaced the input state." +--- + extract.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++- + globals.c | 1 + + globals.h | 3 + + process.c | 11 ++++ + unzip.h | 1 + + 5 files changed, 205 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 1acd769..0973a33 100644 +--- a/extract.c ++++ b/extract.c +@@ -319,6 +319,125 @@ static ZCONST char Far UnsupportedExtraField[] = + "\nerror: unsupported extra-field compression type (%u)--skipping\n"; + static ZCONST char Far BadExtraFieldCRC[] = + "error [%s]: bad extra-field CRC %08lx (should be %08lx)\n"; ++static ZCONST char Far NotEnoughMemCover[] = ++ "error: not enough memory for bomb detection\n"; ++static ZCONST char Far OverlappedComponents[] = ++ "error: invalid zip file with overlapped components (possible zip bomb)\n"; ++ ++ ++ ++ ++ ++/* A growable list of spans. */ ++typedef zoff_t bound_t; ++typedef struct { ++ bound_t beg; /* start of the span */ ++ bound_t end; /* one past the end of the span */ ++} span_t; ++typedef struct { ++ span_t *span; /* allocated, distinct, and sorted list of spans */ ++ size_t num; /* number of spans in the list */ ++ size_t max; /* allocated number of spans (num <= max) */ ++} cover_t; ++ ++/* ++ * Return the index of the first span in cover whose beg is greater than val. ++ * If there is no such span, then cover->num is returned. ++ */ ++static size_t cover_find(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t lo = 0, hi = cover->num; ++ while (lo < hi) { ++ size_t mid = (lo + hi) >> 1; ++ if (val < cover->span[mid].beg) ++ hi = mid; ++ else ++ lo = mid + 1; ++ } ++ return hi; ++} ++ ++/* Return true if val lies within any one of the spans in cover. */ ++static int cover_within(cover, val) ++ cover_t *cover; ++ bound_t val; ++{ ++ size_t pos = cover_find(cover, val); ++ return pos > 0 && val < cover->span[pos - 1].end; ++} ++ ++/* ++ * Add a new span to the list, but only if the new span does not overlap any ++ * spans already in the list. The new span covers the values beg..end-1. beg ++ * must be less than end. ++ * ++ * Keep the list sorted and merge adjacent spans. Grow the allocated space for ++ * the list as needed. On success, 0 is returned. If the new span overlaps any ++ * existing spans, then 1 is returned and the new span is not added to the ++ * list. If the new span is invalid because beg is greater than or equal to ++ * end, then -1 is returned. If the list needs to be grown but the memory ++ * allocation fails, then -2 is returned. ++ */ ++static int cover_add(cover, beg, end) ++ cover_t *cover; ++ bound_t beg; ++ bound_t end; ++{ ++ size_t pos; ++ int prec, foll; ++ ++ if (beg >= end) ++ /* The new span is invalid. */ ++ return -1; ++ ++ /* Find where the new span should go, and make sure that it does not ++ overlap with any existing spans. */ ++ pos = cover_find(cover, beg); ++ if ((pos > 0 && beg < cover->span[pos - 1].end) || ++ (pos < cover->num && end > cover->span[pos].beg)) ++ return 1; ++ ++ /* Check for adjacencies. */ ++ prec = pos > 0 && beg == cover->span[pos - 1].end; ++ foll = pos < cover->num && end == cover->span[pos].beg; ++ if (prec && foll) { ++ /* The new span connects the preceding and following spans. Merge the ++ following span into the preceding span, and delete the following ++ span. */ ++ cover->span[pos - 1].end = cover->span[pos].end; ++ cover->num--; ++ memmove(cover->span + pos, cover->span + pos + 1, ++ (cover->num - pos) * sizeof(span_t)); ++ } ++ else if (prec) ++ /* The new span is adjacent only to the preceding span. Extend the end ++ of the preceding span. */ ++ cover->span[pos - 1].end = end; ++ else if (foll) ++ /* The new span is adjacent only to the following span. Extend the ++ beginning of the following span. */ ++ cover->span[pos].beg = beg; ++ else { ++ /* The new span has gaps between both the preceding and the following ++ spans. Assure that there is room and insert the span. */ ++ if (cover->num == cover->max) { ++ size_t max = cover->max == 0 ? 16 : cover->max << 1; ++ span_t *span = realloc(cover->span, max * sizeof(span_t)); ++ if (span == NULL) ++ return -2; ++ cover->span = span; ++ cover->max = max; ++ } ++ memmove(cover->span + pos + 1, cover->span + pos, ++ (cover->num - pos) * sizeof(span_t)); ++ cover->num++; ++ cover->span[pos].beg = beg; ++ cover->span[pos].end = end; ++ } ++ return 0; ++} + + + +@@ -374,6 +493,29 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + ++ /* One more: initialize cover structure for bomb detection. Start with a ++ span that covers the central directory though the end of the file. */ ++ if (G.cover == NULL) { ++ G.cover = malloc(sizeof(cover_t)); ++ if (G.cover == NULL) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ ((cover_t *)G.cover)->span = NULL; ++ ((cover_t *)G.cover)->max = 0; ++ } ++ ((cover_t *)G.cover)->num = 0; ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, ++ G.extra_bytes + G.ecrec.offset_start_central_directory, ++ G.ziplen) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- + rectory lies at the end of the zipfile and the member files lie at the +@@ -591,7 +733,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + if (error > error_in_archive) + error_in_archive = error; + /* ...and keep going (unless disk full or user break) */ +- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) { ++ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC || ++ error == PK_BOMB) { + /* clear reached_end to signal premature stop ... */ + reached_end = FALSE; + /* ... and cancel scanning the central directory */ +@@ -1060,6 +1203,11 @@ static int extract_or_test_entrylist(__G__ numchunk, + + /* seek_zipf(__G__ pInfo->offset); */ + request = G.pInfo->offset + G.extra_bytes; ++ if (cover_within((cover_t *)G.cover, request)) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + inbuf_offset = request % INBUFSIZ; + bufstart = request - inbuf_offset; + +@@ -1591,6 +1739,18 @@ static int extract_or_test_entrylist(__G__ numchunk, + return IZ_CTRLC; /* cancel operation by user request */ + } + #endif ++ error = cover_add((cover_t *)G.cover, request, ++ G.cur_zipfile_bufstart + (G.inptr - G.inbuf)); ++ if (error < 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(NotEnoughMemCover))); ++ return PK_MEM; ++ } ++ if (error != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + #ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */ + UserStop(); + #endif +@@ -1992,6 +2152,34 @@ static int extract_or_test_member(__G) /* return PK-type error code */ + } + + undefer_input(__G); ++ ++ if ((G.lrec.general_purpose_bit_flag & 8) != 0) { ++ /* skip over data descriptor (harder than it sounds, due to signature ++ * ambiguity) ++ */ ++# define SIG 0x08074b50 ++# define LOW 0xffffffff ++ uch buf[12]; ++ unsigned shy = 12 - readbuf((char *)buf, 12); ++ ulg crc = shy ? 0 : makelong(buf); ++ ulg clen = shy ? 0 : makelong(buf + 4); ++ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */ ++ if (crc == SIG && /* if not SIG, no signature */ ++ (G.lrec.crc32 != SIG || /* if not SIG, have signature */ ++ (clen == SIG && /* if not SIG, no signature */ ++ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */ ++ (ulen == SIG && /* if not SIG, no signature */ ++ (G.zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG ++ /* if not SIG, have signature */ ++ ))))) ++ /* skip four more bytes to account for signature */ ++ shy += 4 - readbuf((char *)buf, 4); ++ if (G.zip64) ++ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */ ++ if (shy) ++ error = PK_ERR; ++ } ++ + return error; + + } /* end function extract_or_test_member() */ +diff --git a/globals.c b/globals.c +index fa8cca5..1e0f608 100644 +--- a/globals.c ++++ b/globals.c +@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor() + # if (!defined(NO_TIMESTAMPS)) + uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */ + # endif ++ G.cover = NULL; /* not allocated yet */ + #endif + + uO.lflag=(-1); +diff --git a/globals.h b/globals.h +index 11b7215..2bdcdeb 100644 +--- a/globals.h ++++ b/globals.h +@@ -260,12 +260,15 @@ typedef struct Globals { + ecdir_rec ecrec; /* used in unzip.c, extract.c */ + z_stat statbuf; /* used by main, mapname, check_for_newer */ + ++ int zip64; /* true if Zip64 info in extra field */ ++ + int mem_mode; + uch *outbufptr; /* extract.c static */ + ulg outsize; /* extract.c static */ + int reported_backslash; /* extract.c static */ + int disk_full; + int newfile; ++ void **cover; /* used in extract.c for bomb detection */ + + int didCRlast; /* fileio static */ + ulg numlines; /* fileio static: number of lines printed */ +diff --git a/process.c b/process.c +index 1e9a1e1..d2e4dc3 100644 +--- a/process.c ++++ b/process.c +@@ -637,6 +637,13 @@ void free_G_buffers(__G) /* releases all memory allocated in global vars */ + } + #endif + ++ /* Free the cover span list and the cover structure. */ ++ if (G.cover != NULL) { ++ free(*(G.cover)); ++ free(G.cover); ++ G.cover = NULL; ++ } ++ + } /* end function free_G_buffers() */ + + +@@ -1890,6 +1897,8 @@ int getZip64Data(__G__ ef_buf, ef_len) + #define Z64FLGS 0xffff + #define Z64FLGL 0xffffffff + ++ G.zip64 = FALSE; ++ + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; + +@@ -1927,6 +1936,8 @@ int getZip64Data(__G__ ef_buf, ef_len) + #if 0 + break; /* Expect only one EF_PKSZ64 block. */ + #endif /* 0 */ ++ ++ G.zip64 = TRUE; + } + + /* Skip this extra field block. */ +diff --git a/unzip.h b/unzip.h +index 5b2a326..ed24a5b 100644 +--- a/unzip.h ++++ b/unzip.h +@@ -645,6 +645,7 @@ typedef struct _Uzp_cdir_Rec { + #define PK_NOZIP 9 /* zipfile not found */ + #define PK_PARAM 10 /* bad or illegal parameters specified */ + #define PK_FIND 11 /* no files found */ ++#define PK_BOMB 12 /* likely zip bomb */ + #define PK_DISK 50 /* disk full */ + #define PK_EOF 51 /* unexpected EOF */ + +From 6d351831be705cc26d897db44f878a978f4138fc Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Thu, 25 Jul 2019 20:43:17 -0700 +Subject: [PATCH] Do not raise a zip bomb alert for a misplaced central + directory. + +There is a zip-like file in the Firefox distribution, omni.ja, +which is a zip container with the central directory placed at the +start of the file instead of after the local entries as required +by the zip standard. This commit marks the actual location of the +central directory, as well as the end of central directory records, +as disallowed locations. This now permits such containers to not +raise a zip bomb alert, where in fact there are no overlaps. +--- + extract.c | 25 +++++++++++++++++++------ + process.c | 6 ++++++ + unzpriv.h | 10 ++++++++++ + 3 files changed, 35 insertions(+), 6 deletions(-) + +diff --git a/extract.c b/extract.c +index 0973a33..1b73cb0 100644 +--- a/extract.c ++++ b/extract.c +@@ -493,8 +493,11 @@ int extract_or_test_files(__G) /* return PK-type error code */ + } + #endif /* !SFX || SFX_EXDIR */ + +- /* One more: initialize cover structure for bomb detection. Start with a +- span that covers the central directory though the end of the file. */ ++ /* One more: initialize cover structure for bomb detection. Start with ++ spans that cover any extra bytes at the start, the central directory, ++ the end of central directory record (including the Zip64 end of central ++ directory locator, if present), and the Zip64 end of central directory ++ record, if present. */ + if (G.cover == NULL) { + G.cover = malloc(sizeof(cover_t)); + if (G.cover == NULL) { +@@ -506,15 +509,25 @@ int extract_or_test_files(__G) /* return PK-type error code */ + ((cover_t *)G.cover)->max = 0; + } + ((cover_t *)G.cover)->num = 0; +- if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || +- cover_add((cover_t *)G.cover, ++ if (cover_add((cover_t *)G.cover, + G.extra_bytes + G.ecrec.offset_start_central_directory, +- G.ziplen) != 0) { ++ G.extra_bytes + G.ecrec.offset_start_central_directory + ++ G.ecrec.size_central_directory) != 0) { + Info(slide, 0x401, ((char *)slide, + LoadFarString(NotEnoughMemCover))); + return PK_MEM; + } ++ if ((G.extra_bytes != 0 && ++ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ (G.ecrec.have_ecr64 && ++ cover_add((cover_t *)G.cover, G.ecrec.ec64_start, ++ G.ecrec.ec64_end) != 0) || ++ cover_add((cover_t *)G.cover, G.ecrec.ec_start, ++ G.ecrec.ec_end) != 0) { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString(OverlappedComponents))); ++ return PK_BOMB; ++ } + + /*--------------------------------------------------------------------------- + The basic idea of this function is as follows. Since the central di- +diff --git a/process.c b/process.c +index d2e4dc3..d75d405 100644 +--- a/process.c ++++ b/process.c +@@ -1408,6 +1408,10 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */ + + /* Now, we are (almost) sure that we have a Zip64 archive. */ + G.ecrec.have_ecr64 = 1; ++ G.ecrec.ec_start -= ECLOC64_SIZE+4; ++ G.ecrec.ec64_start = ecrec64_start_offset; ++ G.ecrec.ec64_end = ecrec64_start_offset + ++ 12 + makeint64(&byterec[ECREC64_LENGTH]); + + /* Update the "end-of-central-dir offset" for later checks. */ + G.real_ecrec_offset = ecrec64_start_offset; +@@ -1542,6 +1546,8 @@ static int find_ecrec(__G__ searchlen) /* return PK-class error */ + makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]); + G.ecrec.zipfile_comment_length = + makeword(&byterec[ZIPFILE_COMMENT_LENGTH]); ++ G.ecrec.ec_start = G.real_ecrec_offset; ++ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length; + + /* Now, we have to read the archive comment, BEFORE the file pointer + is moved away backwards to seek for a Zip64 ECLOC64 structure. +diff --git a/unzpriv.h b/unzpriv.h +index dc9eff5..297b3c7 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -2185,6 +2185,16 @@ typedef struct VMStimbuf { + int have_ecr64; /* valid Zip64 ecdir-record exists */ + int is_zip64_archive; /* Zip64 ecdir-record is mandatory */ + ush zipfile_comment_length; ++ zusz_t ec_start, ec_end; /* offsets of start and end of the ++ end of central directory record, ++ including if present the Zip64 ++ end of central directory locator, ++ which immediately precedes the ++ end of central directory record */ ++ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these ++ are the offsets of the start and ++ end of the Zip64 end of central ++ directory record */ + } ecdir_rec; + + +From 41beb477c5744bc396fa1162ee0c14218ec12213 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Mon, 27 May 2019 08:20:32 -0700 +Subject: [PATCH] Fix bug in undefer_input() that misplaced the input state. + +--- + fileio.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index c042987..bc00d74 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -530,8 +530,10 @@ void undefer_input(__G) + * This condition was checked when G.incnt_leftover was set > 0 in + * defer_leftover_input(), and it is NOT allowed to touch G.csize + * before calling undefer_input() when (G.incnt_leftover > 0) +- * (single exception: see read_byte()'s "G.csize <= 0" handling) !! ++ * (single exception: see readbyte()'s "G.csize <= 0" handling) !! + */ ++ if (G.csize < 0L) ++ G.csize = 0L; + G.incnt = G.incnt_leftover + (int)G.csize; + G.inptr = G.inptr_leftover - (int)G.csize; + G.incnt_leftover = 0; + diff --git a/main/vim/APKBUILD b/main/vim/APKBUILD index b958663863c..c9be138a5ac 100644 --- a/main/vim/APKBUILD +++ b/main/vim/APKBUILD @@ -18,7 +18,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$ builddir="$srcdir/$pkgname-$pkgver" # secfixes: -# 8.1.1365: +# 8.1.1365-r0: # - CVE-2019-12735 # 8.0.1521-r0: # - CVE-2017-6350 diff --git a/main/wpa_supplicant/APKBUILD b/main/wpa_supplicant/APKBUILD index c177a73001a..f8863a7b335 100644 --- a/main/wpa_supplicant/APKBUILD +++ b/main/wpa_supplicant/APKBUILD @@ -60,16 +60,6 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz # - CVE-2019-9497 # - CVE-2019-9498 # - CVE-2019-9499 -# 2.7-r0: -# - CVE-2017-13077 -# - CVE-2017-13078 -# - CVE-2017-13079 -# - CVE-2017-13080 -# - CVE-2017-13081 -# - CVE-2017-13082 -# - CVE-2017-13086 -# - CVE-2017-13087 -# - CVE-2017-13088 # 2.6-r14: # - CVE-2018-14526 # 2.6-r7: diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index 7810d9eccb7..4dd44ef9a07 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Roger Pau Monne <roger.pau@entel.upc.edu> # Maintainer: William Pitcock <nenolod@dereferenced.org> pkgname=xen -pkgver=4.11.3 -pkgrel=1 +pkgver=4.11.4 +pkgrel=2 pkgdesc="Xen hypervisor" url="https://www.xenproject.org/" arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8 @@ -12,7 +12,7 @@ depends="bash iproute2 logrotate" depends_dev="openssl-dev python2-dev e2fsprogs-dev gettext zlib-dev ncurses-dev dev86 texinfo perl pciutils-dev glib-dev yajl-dev libnl3-dev spice-dev gnutls-dev curl-dev libaio-dev lzo-dev xz-dev util-linux-dev - e2fsprogs-dev linux-headers argp-standalone perl-dev flex bison" + linux-headers argp-standalone perl-dev flex bison" makedepends="$depends_dev autoconf automake libtool dnsmasq" options="!strip" @@ -115,48 +115,47 @@ options="!strip" # 4.10.1-r0: # - CVE-2018-10472 XSA-258 # - CVE-2018-10471 XSA-259 -# 4.10-1-r1: +# 4.10.1-r1: # - CVE-2018-8897 XSA-260 # - CVE-2018-10982 XSA-261 # - CVE-2018-10981 XSA-262 # 4.11.0-r0: -# - CVE-2018-3639 XSA-263 -# - CVE-2018-128911 XSA-264 -# - CVE-2018-12893 XSA-265 -# - CVE-2018-12892 XSA-266 -# - CVE-2018-3665 XSA-267 +# - CVE-2018-3639 XSA-263 +# - CVE-2018-12891 XSA-264 +# - CVE-2018-12893 XSA-265 +# - CVE-2018-12892 XSA-266 +# - CVE-2018-3665 XSA-267 # 4.11.1-r0: -# - CVE-2018-15469 XSA-268 -# - CVE-2018-15468 XSA-269 -# - CVE-2018-15470 XSA-272 -# - CVE-2018-3620 XSA-273 -# - CVE-2018-3646 XSA-273 -# - CVE-2018-19961 XSA-275 -# - CVE-2018-19962 XSA-275 -# - CVE-2018-19963 XSA-276 -# - CVE-2018-19964 XSA-277 -# - CVE-2018-18883 XSA-278 -# - CVE-2018-19965 XSA-279 -# - CVE-2018-19966 XSA-280 -# - CVE-2018-19967 XSA-282 +# - CVE-2018-15469 XSA-268 +# - CVE-2018-15468 XSA-269 +# - CVE-2018-15470 XSA-272 +# - CVE-2018-3620 XSA-273 +# - CVE-2018-3646 XSA-273 +# - CVE-2018-19961 XSA-275 +# - CVE-2018-19962 XSA-275 +# - CVE-2018-19963 XSA-276 +# - CVE-2018-19964 XSA-277 +# - CVE-2018-18883 XSA-278 +# - CVE-2018-19965 XSA-279 +# - CVE-2018-19966 XSA-280 +# - CVE-2018-19967 XSA-282 # 4.11.1-r2: -# - CVE-2018-12126 XSA-297 -# - CVE-2018-12127 XSA-297 -# - CVE-2018-12130 XSA-297 -# - CVE-2019-11091 XSA-297 +# - CVE-2018-12126 XSA-297 +# - CVE-2018-12127 XSA-297 +# - CVE-2018-12130 XSA-297 +# - CVE-2019-11091 XSA-297 # 4.11.2-r0: -# - CVE-????-????? XSA-284 -# - CVE-????-????? XSA-285 -# - CVE-????-????? XSA-286 -# - CVE-????-????? XSA-287 -# - CVE-????-????? XSA-288 -# - CVE-????-????? XSA-290 -# - CVE-????-????? XSA-291 -# - CVE-????-????? XSA-292 -# - CVE-????-????? XSA-293 -# - CVE-????-????? XSA-294 -# - CVE-????-????? XSA-295 -# - CVE-????-????? XSA-296 +# - CVE-2019-17340 XSA-284 +# - CVE-2019-17341 XSA-285 +# - CVE-2017-17342 XSA-287 +# - CVE-2019-17343 XSA-288 +# - CVE-2017-17344 XSA-290 +# - CVE-2019-17345 XSA-291 +# - CVE-2019-17346 XSA-292 +# - CVE-2019-17347 XSA-293 +# - CVE-2019-17348 XSA-294 +# - CVE-2019-17349 CVE-2019-17350 XSA-295 +# - CVE-2019-18420 XSA-296 # 4.11.2-r1: # - CVE-2019-18425 XSA-298 # - CVE-2019-18421 XSA-299 @@ -168,12 +167,37 @@ options="!strip" # 4.11.3-r0: # - CVE-2019-19579 XSA-306 # 4.11.3-r1: -# - CVE-2019-19579 XSA-306 # - CVE-2019-19582 XSA-307 # - CVE-2019-19583 XSA-308 # - CVE-2019-19578 XSA-309 # - CVE-2019-19580 XSA-310 # - CVE-2019-19577 XSA-311 +# 4.11.3-r2: +# - CVE-2020-11740 CVE-2020-11741 XSA-313 +# - CVE-2020-11739 XSA-314 +# - CVE-2020-11743 XSA-316 +# - CVE-2020-11742 XSA-318 +# 4.11.4-r0: +# - XSA-312 +# - CVE-2020-0543 XSA-320 +# - CVE-2020-15566 XSA-317 +# - CVE-2020-15563 XSA-319 +# - CVE-2020-15565 XSA-321 +# - CVE-2020-15564 XSA-327 +# - CVE-2020-15567 XSA-328 +# 4.11.4-r1: +# - CVE-2020-14364 XSA-335 +# 4.11.4-r2: +# - CVE-2020-25602 XSA-333 +# - CVE-2020-25604 XSA-336 +# - CVE-2020-25595 XSA-337 +# - CVE-2020-25597 XSA-338 +# - CVE-2020-25596 XSA-339 +# - CVE-2020-25603 XSA-340 +# - CVE-2020-25600 XSA-342 +# - CVE-2020-25599 XSA-343 +# - CVE-2020-25601 XSA-344 + case "$CARCH" in x86*) @@ -241,13 +265,35 @@ source="https://downloads.xenproject.org/release/$pkgname/$pkgver/$pkgname-$pkgv hotplug-Linux-iscsi-block-handle-lun-1.patch - xsa307.patch - xsa308.patch - xsa309.patch - xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch - xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch - xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch - xsa311-4.11.patch + xsa320-4.11-1.patch + xsa320-4.11-2.patch + xsa320-4.11-3.patch + xsa317.patch + xsa319.patch + xsa328-4.11-1.patch + xsa328-4.11-2.patch + xsa321-4.11-1.patch + xsa321-4.11-2.patch + xsa321-4.11-3.patch + xsa321-4.11-4.patch + xsa321-4.11-5.patch + xsa321-4.11-6.patch + xsa321-4.11-7.patch + xsa327.patch + xsa335-qemu.patch + xsa333.patch + xsa336-4.11.patch + xsa337-4.12-1.patch + xsa337-4.12-2.patch + xsa338.patch + xsa339.patch + xsa340.patch + xsa342-4.13.patch + xsa343-4.11-1.patch + xsa343-4.11-2.patch + xsa343-4.11-3.patch + xsa344-4.11-1.patch + xsa344-4.11-2.patch xenstored.initd xenstored.confd @@ -481,8 +527,7 @@ EOF EOF } - -sha512sums="2204e490e9fc357a05983a9bf4e7345e1d364fe00400ce473988dcb9ca7d4e2b921fe10f095cbbc64248130a92d22c6f0d154dcae250a57a7f915df32e3dc436 xen-4.11.3.tar.gz +sha512sums="8383f0b369fa08c8ecfdd68f902a2aaad140146a183131c50c020fe04c2f1e829c219b9bd9923fa8f1c180e1e7c6e73d0d68b7015fc39fd3b7f59e55c680cedb xen-4.11.4.tar.gz 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2 c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz @@ -505,13 +550,35 @@ e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3a 69dfa60628ca838678862383528654ecbdf4269cbb5c9cfb6b84d976202a8dea85d711aa65a52fa1b477fb0b30604ca70cf1337192d6fb9388a08bbe7fe56077 xenstore_client_transaction_fix.patch 2094ea964fa610b2bf72fd2c7ede7e954899a75c0f5b08030cf1d74460fb759ade84866176e32f8fe29c921dfdc6dafd2b31e23ab9b0a3874d3dceeabdd1913b xenqemu-xattr-size-max.patch 8c9cfc6afca325df1d8026e21ed03fa8cd2c7e1a21a56cc1968301c5ab634bfe849951899e75d328951d7a41273d1e49a2448edbadec0029ed410c43c0549812 hotplug-Linux-iscsi-block-handle-lun-1.patch -984185e513e0688edca932f434ace78daf99094b563dc3f6cd1c94c7f60842e860dc9490296a4bc716c42f544e0bdf2e3c58cd46b4b490b61dbbe8389c5674c4 xsa307.patch -3650ab4d75ba65764edacb379b67c6bc08df5cada0c2b039fd8641f212ba462246ef838dee3390fddd0725cec8676197136ef99dfbd7d9ef1a7c4d78a873639b xsa308.patch -ad6468c55c13a259b8baa15f251a77ae5ff0524434201caeb1780ca58e637a9e4be398f264c010913d940a248ca619a6878cd6109180de653afadb923fc38fee xsa309.patch -806c3cd3895f6573195d3ae85f314c8b7b7bc9ac4b1663b113e1c7fb8a7d949855fab09ba794b838a1cebdb40017ebfbaed932fd23ee33cc7bef8381a8ed2584 xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch -6e713158f693c1d38f1044e1e9adea3d9338c47e9c2fec10b95a04a36cbc7c8e2841d593cb6e39b44976b6c29b7eec9919dec738e5fddaedddaaeade220185d8 xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch -bef47261b61f2f9f10d649c8de1ad076517ac5ecea5f26a3a61ded91ced3f274ddeb8a41592edfe7dfd5439b010b647f6c15afeb7cd2b8c6065cd2281413b614 xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch -6e786287e21cd8f7371b75b05067428656cc5985ef98902fab577b9dff3a187d130675063db127a9c2210c935b2eb1f6288d784d595c9bdee30f0c904a81afb4 xsa311-4.11.patch +325f66b008a76ff569fdca430e2926633996511f1bd7dcd375259377e4c88758b13c95ee66b8edaa5ffebc3d927442409dc36bd8e35b2c928e43d82a539583cf xsa317.patch +d57d8cfd749df1816060345bedd9fa7ef2381ea9d85562ddf0c39ffe832ca56834c3e8c1fb67a64fd5631fd219c4d66a3ef655dca0989bf39911c87e0145717f xsa319.patch +9d61608159802d5ba79e42253b7e391bc14bbf809f0a59ab64585d594e8f414ed7005cbca18e9db16157406f3a0c3ad2a262cbe431ef52507b2329e4fd999198 xsa320-4.11-1.patch +9f42a03b11095807e2812e0a95df47722f3f41d4928bbde9c7e642f3001f4c97f29c226340e78cbda3fe35667ee88aa702bf374f012a27cb96d6d6e24162bb8c xsa320-4.11-2.patch +81004539674d7dcb48c259bbcbf9e8e33e55c0af044d3be09f517e8cb850bf1068029802c941760287f9e4e83dbe4113d732d5425c9aa48accfe8d2071ff6caa xsa320-4.11-3.patch +53c3e7d8e4a0fbfe162571bd296a8d234caccfdd38958c62e54643189bc6cd22379da81fd465597779c3141a4694bb9c38848467cd7a81b1a400881ba8f1c053 xsa321-4.11-1.patch +21752f53231e20a5ddbc198cf630861d1809e0254d313329f819450a7d966d301a37fb689b126c137338732fd077e73dbb78735b833222116493e6b2e782dc00 xsa321-4.11-2.patch +ebd933135d3df4d1c431be22d96f5d9e5af2670cbd188d8db1510fe3eaad0f31309ba7f6a817ea59010524e290ff7279d6d120f3241aa34d960eb3872e5bbc9f xsa321-4.11-3.patch +922f46623c1dca5d067e7897fe2cf0e3045ea7bf26f1aab12935c47a4a764ddb3e9cef2c8efef29f933aab9351a301572c0ea21ef84514cfba06d6159500876a xsa321-4.11-4.patch +0c4932886cfb7495fbe1007cb0a9562341c1a33243fd64274b4bb02e7094842bfb2766ef2a8f5ac41c586ffece029f332302f4e3e2271d9f3b9ce4af97dafc4d xsa321-4.11-5.patch +a7dd96126a4869771366cf5316d451531063009b3c1cc556ba7ede43d4b927c97c146a973c74159aae7f1bc226dbd03e8456ca1d8e9c3f75d91759b1c6be0930 xsa321-4.11-6.patch +11cae33936a0c2cf6f3376bc431cb850b0af41eb43fc0d160a203f728284882cf2c1e048fbafba2a0125dfd35782fb6d9d267373519340b965ac0249cb60e7ec xsa321-4.11-7.patch +83823056dbd0142585d8b0fb9b3179ac8cc099a21ee489008a4cfb1f310daae72dff1fb6c7cd3a1c8ca5cec43a6b964587d8121a2423226baad0bcd302e73263 xsa327.patch +60481beb932cb47b0a3025a41a7ec752afda063375f8f2087363ad729dbb7f93190f06b2f15e1cee562c619c16548a3cd729ba292670ef9d500cf4442c4905bb xsa328-4.11-1.patch +29a9c01db993438d4d789c3d2151e54d04f93c2da4d01791b578a7a3ec95b8bc5144d9717698e7daacde0cef0553b55db47483bebdc1021ff7a315d557031dc0 xsa328-4.11-2.patch +a18f552845ca105ce846ff8281b6c5b10f45301571f3163a33a6c212b87b742bb039f15c2d346bd34a9fdedd8a007fd9e51f319900cb8ee05febf178ed6ef8b0 xsa335-qemu.patch +7457a53eee28044143800124f422d530c49f7ee976ed5a5ff74e25100fc7ea364b8cd4f690b55dc308fe028bbaaf73164f994abab70d6388901199c8415eded1 xsa333.patch +1da6cc1fe8b3a88c36fd1dcb5d2e10437686f417f7a096d7c3945bbd492c7c0e14d9ad4aeecdcdc03958c3b50f777ec797d917b3c7b00cb93ff461c24cef6c85 xsa336-4.11.patch +4cf0a5776162297ecad3c8ff3bb67003a86cbf70fe4150d5a1dfc4cd9fef2d0b02fe6bb83547d11330124665546e3319e7e7155b7f253551785aaacc902bb439 xsa337-4.12-1.patch +9fb56b526cebe73d78c8a921882bbc084bd0772dbfd06890d28ce5407e72394d90c44da6e78f6b86df25af4354fec9cf9327dd019553a6d4e7f54663a7821268 xsa337-4.12-2.patch +11a637e6de41012046115ed66e95e7fec90a3c274030dc1617dbcee4cc3b88dfa812e21323a628e27356aedfbaa094508fbdedc340dc37db29960ff6d4ef9921 xsa338.patch +7eaa70d891cdfd60001308c6b88f635048babdd1ba2952bcc88322b2096bafd1aee6a3f7dc1f4188fa7c44217c4d9bcaadf4bdd274d95762b0646e65f6b9659e xsa339.patch +2d4b2887f1a779267c15b16bd83d78ca84ceaaf9cad08a64162c28440527d3ac8edf80c8c2916e152bdf9e0e3e768c316d95dfa4c362c7a34dfb3348e8a2c568 xsa340.patch +c61fe4121c7a9314a8c3514dcdd62779dd11a90c2edb33cc1df55131477af7a1ec2c8a6dc15ad6d0975b335170d23c2b0057c55bd9923d20c4d4b31934c2f675 xsa342-4.13.patch +17bc6a485905107f7cb119b6eac0d9cc594bfd9b87e69e7e40f8140e14bba82cffd76736ad2fc9fa2b73c16f6e21539a44d12a41fe64a59689d53472bb0a3553 xsa343-4.11-1.patch +f9890c921302f703fc9d0912040e99f789b611a1c9962a04be2c226fbc96e85ae80d85379012a7ec9b81f7ecc743530213819791f1713d3f692a6d76964575f7 xsa343-4.11-2.patch +10bce11fe8fb33234bdebfa37f7f28eeb9e2c687190656a8047e4050f392cb898564e6d118591b94ab7530ea2d80442ee4b9578ce400b764f7095dcf814d2274 xsa343-4.11-3.patch +3ddb65370b20916a43b64a21c49fb7b1da3c807c1bc163676a94c2f593174c436008ba9ef2c36d109a0d80cc410856d152bb0f95d8b53bc13ef047ccf105a947 xsa344-4.11-1.patch +c5a387f0a2e9e9920ece246b49a269fd7e826b26b4b6a08bbfa45b9f351ce7cef47148d6411a6fe3f5eec9e7dd507d820b126ead9f6a562b2ec8d3038e65fe36 xsa344-4.11-2.patch 52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd 093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd 3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd diff --git a/main/xen/xsa307.patch b/main/xen/xsa307.patch deleted file mode 100644 index 82b4adad787..00000000000 --- a/main/xen/xsa307.patch +++ /dev/null @@ -1,99 +0,0 @@ -From: Jan Beulich <jbeulich@suse.com> -Subject: x86+Arm32: make find_next_{,zero_}bit() have well defined behavior - -These functions getting used with the 2nd and 3rd arguments being equal -wasn't well defined: Arm64 reliably returns the value of the 2nd -argument in this case, while on x86 for bitmaps up to 64 bits wide the -return value was undefined (due to the undefined behavior of a shift of -a value by the number of bits it's wide) when the incoming value was 64. -On Arm32 an actual out of bounds access would happen when the -size/offset value is a multiple of 32; if this access doesn't fault, the -return value would have been sufficiently correct afaict. - -Make the functions consistently tolerate the last two arguments being -equal (and in fact the 3rd argument being greater or equal to the 2nd), -in favor of finding and fixing all the use sites that violate the -original more strict assumption. - -This is XSA-307. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Julien Grall <julien@xen.org> ---- -The most obvious (albeit still indirect) exposure to guests is -evtchn_check_pollers(), which imo makes this a security issue at least -for Arm32. - -This was originally already discussed between (at least) Andrew and me, -and I don't really recall who brought up the issue first. - -Note that Arm's Linux origin of the code may call for syncing -publication with them. Then again I don't want to tell them just to see -them go public ahead of us. - ---- a/xen/arch/arm/arm32/lib/findbit.S -+++ b/xen/arch/arm/arm32/lib/findbit.S -@@ -42,8 +42,8 @@ ENDPROC(_find_first_zero_bit_le) - * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset) - */ - ENTRY(_find_next_zero_bit_le) -- teq r1, #0 -- beq 3b -+ cmp r1, r2 -+ bls 3b - ands ip, r2, #7 - beq 1b @ If new byte, goto old routine - ARM( ldrb r3, [r0, r2, lsr #3] ) -@@ -83,8 +83,8 @@ ENDPROC(_find_first_bit_le) - * Prototype: int find_next_zero_bit(void *addr, unsigned int maxbit, int offset) - */ - ENTRY(_find_next_bit_le) -- teq r1, #0 -- beq 3b -+ cmp r1, r2 -+ bls 3b - ands ip, r2, #7 - beq 1b @ If new byte, goto old routine - ARM( ldrb r3, [r0, r2, lsr #3] ) -@@ -117,8 +117,8 @@ ENTRY(_find_first_zero_bit_be) - ENDPROC(_find_first_zero_bit_be) - - ENTRY(_find_next_zero_bit_be) -- teq r1, #0 -- beq 3b -+ cmp r1, r2 -+ bls 3b - ands ip, r2, #7 - beq 1b @ If new byte, goto old routine - eor r3, r2, #0x18 @ big endian byte ordering -@@ -151,8 +151,8 @@ ENTRY(_find_first_bit_be) - ENDPROC(_find_first_bit_be) - - ENTRY(_find_next_bit_be) -- teq r1, #0 -- beq 3b -+ cmp r1, r2 -+ bls 3b - ands ip, r2, #7 - beq 1b @ If new byte, goto old routine - eor r3, r2, #0x18 @ big endian byte ordering ---- a/xen/include/asm-x86/bitops.h -+++ b/xen/include/asm-x86/bitops.h -@@ -358,7 +358,7 @@ static always_inline unsigned int __scan - const unsigned long *a__ = (addr); \ - unsigned int s__ = (size); \ - unsigned int o__ = (off); \ -- if ( __builtin_constant_p(size) && !s__ ) \ -+ if ( o__ >= s__ ) \ - r__ = s__; \ - else if ( __builtin_constant_p(size) && s__ <= BITS_PER_LONG ) \ - r__ = o__ + __scanbit(*(const unsigned long *)(a__) >> o__, s__); \ -@@ -390,7 +390,7 @@ static always_inline unsigned int __scan - const unsigned long *a__ = (addr); \ - unsigned int s__ = (size); \ - unsigned int o__ = (off); \ -- if ( __builtin_constant_p(size) && !s__ ) \ -+ if ( o__ >= s__ ) \ - r__ = s__; \ - else if ( __builtin_constant_p(size) && s__ <= BITS_PER_LONG ) \ - r__ = o__ + __scanbit(~*(const unsigned long *)(a__) >> o__, s__); \ diff --git a/main/xen/xsa308.patch b/main/xen/xsa308.patch deleted file mode 100644 index 7abe3eff0e9..00000000000 --- a/main/xen/xsa308.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Andrew Cooper <andrew.cooper3@citrix.com> -Subject: x86/vtx: Work around SingleStep + STI/MovSS VMEntry failures - -See patch comment for technical details. - -Concerning the timeline, this was first discovered in the aftermath of -XSA-156 which caused #DB to be intercepted unconditionally, but only in -its SingleStep + STI form which is restricted to privileged software. - -After working with Intel and identifying the problematic vmentry check, -this workaround was suggested, and the patch was posted in an RFC -series. Outstanding work for that series (not breaking Introspection) -is still pending, and this fix from it (which wouldn't have been good -enough in its original form) wasn't committed. - -A vmentry failure was reported to xen-devel, and debugging identified -this bug in its SingleStep + MovSS form by way of INT1, which does not -involve the use of any privileged instructions, and proving this to be a -security issue. - -This is XSA-308 - -Reported-by: Håkon Alstadheim <hakon@alstadheim.priv.no> -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Kevin Tian <kevin.tian@intel.com> - -diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c -index 6a5eeb5c13..59b836f43f 100644 ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -3816,6 +3816,42 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) - HVMTRACE_1D(TRAP_DEBUG, exit_qualification); - __restore_debug_registers(v); - write_debugreg(6, exit_qualification | DR_STATUS_RESERVED_ONE); -+ -+ /* -+ * Work around SingleStep + STI/MovSS VMEntry failures. -+ * -+ * We intercept #DB unconditionally to work around CVE-2015-8104 / -+ * XSA-156 (guest-kernel induced host DoS). -+ * -+ * STI/MovSS shadows block/defer interrupts/exceptions (exact -+ * details are complicated and poorly documented). Debug -+ * exceptions delayed for any reason are stored in the -+ * PENDING_DBG_EXCEPTIONS field. -+ * -+ * The falling edge of PENDING_DBG causes #DB to be delivered, -+ * resulting in a VMExit, as #DB is intercepted. The VMCS still -+ * reports blocked-by-STI/MovSS. -+ * -+ * The VMEntry checks when EFLAGS.TF is set don't like a VMCS in -+ * this state. Despite a #DB queued in VMENTRY_INTR_INFO, the -+ * state is rejected as DR6.BS isn't pending. Fix this up. -+ */ -+ if ( unlikely(regs->eflags & X86_EFLAGS_TF) ) -+ { -+ unsigned long int_info; -+ -+ __vmread(GUEST_INTERRUPTIBILITY_INFO, &int_info); -+ -+ if ( int_info & (VMX_INTR_SHADOW_STI | VMX_INTR_SHADOW_MOV_SS) ) -+ { -+ unsigned long pending_dbg; -+ -+ __vmread(GUEST_PENDING_DBG_EXCEPTIONS, &pending_dbg); -+ __vmwrite(GUEST_PENDING_DBG_EXCEPTIONS, -+ pending_dbg | DR_STEP); -+ } -+ } -+ - if ( !v->domain->debugger_attached ) - { - unsigned long insn_len = 0; diff --git a/main/xen/xsa309.patch b/main/xen/xsa309.patch deleted file mode 100644 index 8bd9237c6c4..00000000000 --- a/main/xen/xsa309.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 523e3974ed2213719a19218f5b246e382ceef18a Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Wed, 30 Oct 2019 17:05:28 +0000 -Subject: [PATCH] x86/mm: Don't reset linear_pt_count on partial validation - -"Linear pagetables" is a technique which involves either pointing a -pagetable at itself, or to another pagetable the same or higher level. -Xen has limited support for linear pagetables: A page may either point -to itself, or point to another page of the same level (i.e., L2 to L2, -L3 to L3, and so on). - -XSA-240 introduced an additional restriction that limited the "depth" -of such chains by allowing pages to either *point to* other pages of -the same level, or *be pointed to* by other pages of the same level, -but not both. To implement this, we keep track of the number of -outstanding times a page points to or is pointed to another page -table, to prevent both from happening at the same time. - -Unfortunately, the original commit introducing this reset this count -when resuming validation of a partially-validated pagetable, dropping -some "linear_pt_entry" counts. - -On debug builds on systems where guests used this feature, this might -lead to crashes that look like this: - - Assertion 'oc > 0' failed at mm.c:874 - -Worse, if an attacker could engineer such a situation to occur, they -might be able to make loops or other abitrary chains of linear -pagetables, leading to the denial-of-service situation outlined in -XSA-240. - -This is XSA-309. - -Reported-by: Manuel Bouyer <bouyer@antioche.eu.org> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> ---- - xen/arch/x86/mm.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c -index 7d4dd80a85..01393fb0da 100644 ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3059,8 +3059,8 @@ static int _get_page_type(struct page_info *page, unsigned long type, - { - page->nr_validated_ptes = 0; - page->partial_flags = 0; -+ page->linear_pt_count = 0; - } -- page->linear_pt_count = 0; - rc = alloc_page_type(page, type, preemptible); - } - --- -2.24.0 - diff --git a/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch b/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch deleted file mode 100644 index 3eb3533f6b0..00000000000 --- a/main/xen/xsa310-0001-x86-mm-Set-old_guest_table-when-destroying-vcpu-page.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 7c537dc8d28a03064a14171ed5c6fc329531816a Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Tue, 19 Nov 2019 11:40:34 +0000 -Subject: [PATCH 1/3] x86/mm: Set old_guest_table when destroying vcpu - pagetables - -Changeset 6c4efc1eba ("x86/mm: Don't drop a type ref unless you held a -ref to begin with"), part of XSA-299, changed the calling discipline -of put_page_type() such that if put_page_type() returned -ERESTART -(indicating a partially de-validated page), subsequent calls to -put_page_type() must be called with PTF_partial_set. If called on a -partially de-validated page but without PTF_partial_set, Xen will -BUG(), because to do otherwise would risk opening up the kind of -privilege escalation bug described in XSA-299. - -One place this was missed was in vcpu_destroy_pagetables(). -put_page_and_type_preemptible() is called, but on -ERESTART, the -entire operation is simply restarted, causing put_page_type() to be -called on a partially de-validated page without PTF_partial_set. The -result was that if such an operation were interrupted, Xen would hit a -BUG(). - -Fix this by having vcpu_destroy_pagetables() consistently pass off -interrupted de-validations to put_old_page_type(): -- Unconditionally clear references to the page, even if - put_page_and_type failed -- Set old_guest_table and old_guest_table_partial appropriately - -While here, do some refactoring: - - - Move clearing of arch.cr3 to the top of the function - - - Now that clearing is unconditional, move the unmap to the same - conditional as the l4tab mapping. This also allows us to reduce - the scope of the l4tab variable. - - - Avoid code duplication by looping to drop references on - guest_table_user - -This is part of XSA-310. - -Reported-by: Sarah Newman <srn@prgmr.com> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> ---- -Added in v2. - -Changes in v3: -- Minor comment / whitespace fixes ---- - xen/arch/x86/mm.c | 75 +++++++++++++++++++++++++++++------------------ - 1 file changed, 47 insertions(+), 28 deletions(-) - -diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c -index 01393fb0da..a759afc9e3 100644 ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3142,40 +3142,36 @@ int put_old_guest_table(struct vcpu *v) - int vcpu_destroy_pagetables(struct vcpu *v) - { - unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); -- struct page_info *page; -- l4_pgentry_t *l4tab = NULL; -+ struct page_info *page = NULL; - int rc = put_old_guest_table(v); -+ bool put_guest_table_user = false; - - if ( rc ) - return rc; - -+ v->arch.cr3 = 0; -+ -+ /* -+ * Get the top-level guest page; either the guest_table itself, for -+ * 64-bit, or the top-level l4 entry for 32-bit. Either way, remove -+ * the reference to that page. -+ */ - if ( is_pv_32bit_vcpu(v) ) - { -- l4tab = map_domain_page(_mfn(mfn)); -- mfn = l4e_get_pfn(*l4tab); -- } -+ l4_pgentry_t *l4tab = map_domain_page(_mfn(mfn)); - -- if ( mfn ) -- { -- page = mfn_to_page(_mfn(mfn)); -- if ( paging_mode_refcounts(v->domain) ) -- put_page(page); -- else -- rc = put_page_and_type_preemptible(page); -- } -- -- if ( l4tab ) -- { -- if ( !rc ) -- l4e_write(l4tab, l4e_empty()); -+ mfn = l4e_get_pfn(*l4tab); -+ l4e_write(l4tab, l4e_empty()); - unmap_domain_page(l4tab); - } -- else if ( !rc ) -+ else - { - v->arch.guest_table = pagetable_null(); -+ put_guest_table_user = true; -+ } - -- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ -- mfn = pagetable_get_pfn(v->arch.guest_table_user); -+ /* Free that page if non-zero */ -+ do { - if ( mfn ) - { - page = mfn_to_page(_mfn(mfn)); -@@ -3183,18 +3179,41 @@ int vcpu_destroy_pagetables(struct vcpu *v) - put_page(page); - else - rc = put_page_and_type_preemptible(page); -+ mfn = 0; - } -- if ( !rc ) -- v->arch.guest_table_user = pagetable_null(); -- } - -- v->arch.cr3 = 0; -+ if ( !rc && put_guest_table_user ) -+ { -+ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ -+ mfn = pagetable_get_pfn(v->arch.guest_table_user); -+ v->arch.guest_table_user = pagetable_null(); -+ put_guest_table_user = false; -+ } -+ } while ( mfn ); - - /* -- * put_page_and_type_preemptible() is liable to return -EINTR. The -- * callers of us expect -ERESTART so convert it over. -+ * If a "put" operation was interrupted, finish things off in -+ * put_old_guest_table() when the operation is restarted. - */ -- return rc != -EINTR ? rc : -ERESTART; -+ switch ( rc ) -+ { -+ case -EINTR: -+ case -ERESTART: -+ v->arch.old_guest_ptpg = NULL; -+ v->arch.old_guest_table = page; -+ v->arch.old_guest_table_partial = (rc == -ERESTART); -+ rc = -ERESTART; -+ break; -+ default: -+ /* -+ * Failure to 'put' a page may cause it to leak, but that's -+ * less bad than a crash. -+ */ -+ ASSERT(rc == 0); -+ break; -+ } -+ -+ return rc; - } - - int new_guest_cr3(mfn_t mfn) --- -2.24.0 - diff --git a/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch b/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch deleted file mode 100644 index 12c04e40cd1..00000000000 --- a/main/xen/xsa310-0002-x86-mm-alloc-free_lN_table-Retain-partial_flags-on-E.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 128cb126aee9b4a2855ab898fdfbfe7009fbf1f5 Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Thu, 31 Oct 2019 11:17:38 +0000 -Subject: [PATCH 2/3] x86/mm: alloc/free_lN_table: Retain partial_flags on - -EINTR - -When validating or de-validating pages (in alloc_lN_table and -free_lN_table respectively), the `partial_flags` local variable is -used to keep track of whether the "current" PTE started the entire -operation in a "may be partial" state. - -One of the patches in XSA-299 addressed the fact that it is possible -for a previously-partially-validated entry to subsequently be found to -have invalid entries (indicated by returning -EINVAL); in which case -page->partial_flags needs to be set to indicate that the current PTE -may have the partial bit set (and thus _put_page_type() should be -called with PTF_partial_set). - -Unfortunately, the patches in XSA-299 assumed that once -put_page_from_lNe() returned -ERESTART on a page, it was not possible -for it to return -EINTR. This turns out to be true for -alloc_lN_table() and free_lN_table, but not for _get_page_type() and -_put_page_type(): both can return -EINTR when called on pages with -PGT_partial set. In these cases, the pages PGT_partial will still be -set; failing to set partial_flags appropriately may allow an attacker -to do a privilege escalation similar to those described in XSA-299. - -Fix this by always copying the local partial_flags variable into -page->partial_flags when exiting early. - -NB that on the "get" side, no adjustment to nr_validated_entries is -needed: whether pte[i] is partially validated or entirely -un-validated, we want nr_validated_entries = i. On the "put" side, -however, we need to adjust nr_validated_entries appropriately: if -pte[i] is entirely validated, we want nr_validated_entries = i + 1; if -pte[i] is partially validated, we want nr_validated_entries = i. - -This is part of XSA-310. - -Reported-by: Sarah Newman <srn@prgmr.com> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> ---- - xen/arch/x86/mm.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c -index a759afc9e3..97c8d73b7b 100644 ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -1557,7 +1557,7 @@ static int alloc_l2_table(struct page_info *page, unsigned long type) - if ( rc == -EINTR && i ) - { - page->nr_validated_ptes = i; -- page->partial_flags = 0; -+ page->partial_flags = partial_flags;; - rc = -ERESTART; - } - else if ( rc < 0 && rc != -EINTR ) -@@ -1660,7 +1660,7 @@ static int alloc_l3_table(struct page_info *page) - else if ( rc == -EINTR && i ) - { - page->nr_validated_ptes = i; -- page->partial_flags = 0; -+ page->partial_flags = partial_flags; - rc = -ERESTART; - } - if ( rc < 0 ) -@@ -1982,8 +1982,8 @@ static int free_l2_table(struct page_info *page) - } - else if ( rc == -EINTR && i < L2_PAGETABLE_ENTRIES - 1 ) - { -- page->nr_validated_ptes = i + 1; -- page->partial_flags = 0; -+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set); -+ page->partial_flags = partial_flags; - rc = -ERESTART; - } - -@@ -2030,8 +2030,8 @@ static int free_l3_table(struct page_info *page) - } - else if ( rc == -EINTR && i < L3_PAGETABLE_ENTRIES - 1 ) - { -- page->nr_validated_ptes = i + 1; -- page->partial_flags = 0; -+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set); -+ page->partial_flags = partial_flags; - rc = -ERESTART; - } - return rc > 0 ? 0 : rc; -@@ -2061,8 +2061,8 @@ static int free_l4_table(struct page_info *page) - } - else if ( rc == -EINTR && i < L4_PAGETABLE_ENTRIES - 1 ) - { -- page->nr_validated_ptes = i + 1; -- page->partial_flags = 0; -+ page->nr_validated_ptes = i + !(partial_flags & PTF_partial_set); -+ page->partial_flags = partial_flags; - rc = -ERESTART; - } - --- -2.24.0 - diff --git a/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch b/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch deleted file mode 100644 index 9ee423889fa..00000000000 --- a/main/xen/xsa310-0003-x86-mm-relinquish_memory-Grab-an-extra-type-ref-when.patch +++ /dev/null @@ -1,75 +0,0 @@ -From e9f835982a726ae16997c566b5eafab74f8b4cb7 Mon Sep 17 00:00:00 2001 -From: George Dunlap <george.dunlap@citrix.com> -Date: Mon, 28 Oct 2019 14:33:51 +0000 -Subject: [PATCH 3/3] x86/mm: relinquish_memory: Grab an extra type ref when - setting PGT_partial - -The PGT_partial bit in page->type_info holds both a type count and a -general ref count. During domain tear-down, when free_page_type() -returns -ERESTART, relinquish_memory() correctly handles the general -ref count, but fails to grab an extra type count when setting -PGT_partial. When this bit is eventually cleared, type_count underflows -and triggers the following BUG in page_alloc.c:free_domheap_pages(): - - BUG_ON((pg[i].u.inuse.type_info & PGT_count_mask) != 0); - -As far as we can tell, this page underflow cannot be exploited any any -other way: The page can't be used as a pagetable by the dying domain -because it's dying; it can't be used as a pagetable by any other -domain since it belongs to the dying domain; and ownership can't -transfer to any other domain without hitting the BUG_ON() in -free_domheap_pages(). - -(steal_page() won't work on a page in this state, since it requires -PGC_allocated to be set, and PGC_allocated will already have been -cleared.) - -Fix this by grabbing an extra type ref if setting PGT_partial in -relinquish_memory. - -This is part of XSA-310. - -Reported-by: Sarah Newman <srn@prgmr.com> -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Acked-by: Jan Beulich <jbeulich@suse.com> ---- -v2: -- Move discussion of potential exploits into the commit message -- Keep PGT_partial and put_page() ordering ---- - xen/arch/x86/domain.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c -index f1dd86e12e..51880fc50d 100644 ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -2049,6 +2049,25 @@ static int relinquish_memory( - goto out; - case -ERESTART: - page_list_add(page, list); -+ /* -+ * PGT_partial holds a type ref and a general ref. -+ * If we came in with PGT_partial set, then we 1) -+ * don't need to grab an extra type count, and 2) -+ * do need to drop the extra page ref we grabbed -+ * at the top of the loop. If we didn't come in -+ * with PGT_partial set, we 1) do need to drab an -+ * extra type count, but 2) can transfer the page -+ * ref we grabbed above to it. -+ * -+ * Note that we must increment type_info before -+ * setting PGT_partial. Theoretically it should -+ * be safe to drop the page ref before setting -+ * PGT_partial, but do it afterwards just to be -+ * extra safe. -+ */ -+ if ( !(x & PGT_partial) ) -+ page->u.inuse.type_info++; -+ smp_wmb(); - page->u.inuse.type_info |= PGT_partial; - if ( x & PGT_partial ) - put_page(page); --- -2.24.0 - diff --git a/main/xen/xsa311-4.11.patch b/main/xen/xsa311-4.11.patch deleted file mode 100644 index a4cc83729b0..00000000000 --- a/main/xen/xsa311-4.11.patch +++ /dev/null @@ -1,187 +0,0 @@ -From: Andrew Cooper <andrew.cooper3@citrix.com> -Subject: AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables - -update_paging_mode() has multiple bugs: - - 1) Booting with iommu=debug will cause it to inform you that that it called - without the pdev_list lock held. - 2) When growing by more than a single level, it leaks the newly allocated - table(s) in the case of a further error. - -Furthermore, the choice of default level for a domain has issues: - - 1) All HVM guests grow from 2 to 3 levels during construction because of the - position of the VRAM just below the 4G boundary, so defaulting to 2 is a - waste of effort. - 2) The limit for PV guests doesn't take memory hotplug into account, and - isn't dynamic at runtime like HVM guests. This means that a PV guest may - get RAM which it can't map in the IOMMU. - -The dynamic height is a property unique to AMD, and adds a substantial -quantity of complexity for what is a marginal performance improvement. Remove -the complexity by removing the dynamic height. - -PV guests now get 3 or 4 levels based on any hotplug regions in the host. -This only makes a difference for hardware which previously had all RAM below -the 512G boundary, and a hotplug region above. - -HVM guests now get 4 levels (which will be sufficient until 256TB guests -become a thing), because we don't currently have the information to know when -3 would be safe to use. - -The overhead of this extra level is not expected to be noticeable. It costs -one page (4k) per domain, and one extra IO-TLB paging structure cache entry -which is very hot and less likely to be evicted. - -This is XSA-311. - -Reported-by: XXX PERSON <XXX EMAIL>3 -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Acked-by: Jan Beulich <jbeulich@suse.com> - ---- a/xen/drivers/passthrough/amd/iommu_map.c -+++ b/xen/drivers/passthrough/amd/iommu_map.c -@@ -569,97 +569,6 @@ static int iommu_pde_from_gfn(struct dom - return 0; - } - --static int update_paging_mode(struct domain *d, unsigned long gfn) --{ -- u16 bdf; -- void *device_entry; -- unsigned int req_id, level, offset; -- unsigned long flags; -- struct pci_dev *pdev; -- struct amd_iommu *iommu = NULL; -- struct page_info *new_root = NULL; -- struct page_info *old_root = NULL; -- void *new_root_vaddr; -- unsigned long old_root_mfn; -- struct domain_iommu *hd = dom_iommu(d); -- -- if ( gfn == gfn_x(INVALID_GFN) ) -- return -EADDRNOTAVAIL; -- ASSERT(!(gfn >> DEFAULT_DOMAIN_ADDRESS_WIDTH)); -- -- level = hd->arch.paging_mode; -- old_root = hd->arch.root_table; -- offset = gfn >> (PTE_PER_TABLE_SHIFT * (level - 1)); -- -- ASSERT(spin_is_locked(&hd->arch.mapping_lock) && is_hvm_domain(d)); -- -- while ( offset >= PTE_PER_TABLE_SIZE ) -- { -- /* Allocate and install a new root table. -- * Only upper I/O page table grows, no need to fix next level bits */ -- new_root = alloc_amd_iommu_pgtable(); -- if ( new_root == NULL ) -- { -- AMD_IOMMU_DEBUG("%s Cannot allocate I/O page table\n", -- __func__); -- return -ENOMEM; -- } -- -- new_root_vaddr = __map_domain_page(new_root); -- old_root_mfn = mfn_x(page_to_mfn(old_root)); -- set_iommu_pde_present(new_root_vaddr, old_root_mfn, level, -- !!IOMMUF_writable, !!IOMMUF_readable); -- level++; -- old_root = new_root; -- offset >>= PTE_PER_TABLE_SHIFT; -- unmap_domain_page(new_root_vaddr); -- } -- -- if ( new_root != NULL ) -- { -- hd->arch.paging_mode = level; -- hd->arch.root_table = new_root; -- -- if ( !pcidevs_locked() ) -- AMD_IOMMU_DEBUG("%s Try to access pdev_list " -- "without aquiring pcidevs_lock.\n", __func__); -- -- /* Update device table entries using new root table and paging mode */ -- for_each_pdev( d, pdev ) -- { -- bdf = PCI_BDF2(pdev->bus, pdev->devfn); -- iommu = find_iommu_for_device(pdev->seg, bdf); -- if ( !iommu ) -- { -- AMD_IOMMU_DEBUG("%s Fail to find iommu.\n", __func__); -- return -ENODEV; -- } -- -- spin_lock_irqsave(&iommu->lock, flags); -- do { -- req_id = get_dma_requestor_id(pdev->seg, bdf); -- device_entry = iommu->dev_table.buffer + -- (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); -- -- /* valid = 0 only works for dom0 passthrough mode */ -- amd_iommu_set_root_page_table((u32 *)device_entry, -- page_to_maddr(hd->arch.root_table), -- d->domain_id, -- hd->arch.paging_mode, 1); -- -- amd_iommu_flush_device(iommu, req_id); -- bdf += pdev->phantom_stride; -- } while ( PCI_DEVFN2(bdf) != pdev->devfn && -- PCI_SLOT(bdf) == PCI_SLOT(pdev->devfn) ); -- spin_unlock_irqrestore(&iommu->lock, flags); -- } -- -- /* For safety, invalidate all entries */ -- amd_iommu_flush_all_pages(d); -- } -- return 0; --} -- - int amd_iommu_map_page(struct domain *d, unsigned long gfn, unsigned long mfn, - unsigned int flags) - { -@@ -685,19 +594,6 @@ int amd_iommu_map_page(struct domain *d, - return rc; - } - -- /* Since HVM domain is initialized with 2 level IO page table, -- * we might need a deeper page table for lager gfn now */ -- if ( is_hvm_domain(d) ) -- { -- if ( update_paging_mode(d, gfn) ) -- { -- spin_unlock(&hd->arch.mapping_lock); -- AMD_IOMMU_DEBUG("Update page mode failed gfn = %lx\n", gfn); -- domain_crash(d); -- return -EFAULT; -- } -- } -- - if ( iommu_pde_from_gfn(d, gfn, pt_mfn, true) || (pt_mfn[1] == 0) ) - { - spin_unlock(&hd->arch.mapping_lock); ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -242,11 +242,17 @@ static int amd_iommu_domain_init(struct - { - struct domain_iommu *hd = dom_iommu(d); - -- /* For pv and dom0, stick with get_paging_mode(max_page) -- * For HVM dom0, use 2 level page table at first */ -- hd->arch.paging_mode = is_hvm_domain(d) ? -- IOMMU_PAGING_MODE_LEVEL_2 : -- get_paging_mode(max_page); -+ /* -+ * Choose the number of levels for the IOMMU page tables. -+ * - PV needs 3 or 4, depending on whether there is RAM (including hotplug -+ * RAM) above the 512G boundary. -+ * - HVM could in principle use 3 or 4 depending on how much guest -+ * physical address space we give it, but this isn't known yet so use 4 -+ * unilaterally. -+ */ -+ hd->arch.paging_mode = is_hvm_domain(d) -+ ? IOMMU_PAGING_MODE_LEVEL_4 : get_paging_mode(get_upper_mfn_bound()); -+ - return 0; - } - diff --git a/main/xen/xsa317.patch b/main/xen/xsa317.patch new file mode 100644 index 00000000000..20e2c643d06 --- /dev/null +++ b/main/xen/xsa317.patch @@ -0,0 +1,50 @@ +From aeb46e92f915f19a61d5a8a1f4b696793f64e6fb Mon Sep 17 00:00:00 2001 +From: Julien Grall <jgrall@amazon.com> +Date: Thu, 19 Mar 2020 13:17:31 +0000 +Subject: [PATCH] xen/common: event_channel: Don't ignore error in + get_free_port() + +Currently, get_free_port() is assuming that the port has been allocated +when evtchn_allocate_port() is not return -EBUSY. + +However, the function may return an error when: + - We exhausted all the event channels. This can happen if the limit + configured by the administrator for the guest ('max_event_channels' + in xl cfg) is higher than the ABI used by the guest. For instance, + if the guest is using 2L, the limit should not be higher than 4095. + - We cannot allocate memory (e.g Xen has not more memory). + +Users of get_free_port() (such as EVTCHNOP_alloc_unbound) will validly +assuming the port was valid and will next call evtchn_from_port(). This +will result to a crash as the memory backing the event channel structure +is not present. + +Fixes: 368ae9a05fe ("xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU") +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +--- + xen/common/event_channel.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c +index e86e2bfab0..a8d182b584 100644 +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -195,10 +195,10 @@ static int get_free_port(struct domain *d) + { + int rc = evtchn_allocate_port(d, port); + +- if ( rc == -EBUSY ) +- continue; +- +- return port; ++ if ( rc == 0 ) ++ return port; ++ else if ( rc != -EBUSY ) ++ return rc; + } + + return -ENOSPC; +-- +2.17.1 + diff --git a/main/xen/xsa319.patch b/main/xen/xsa319.patch new file mode 100644 index 00000000000..769443c900e --- /dev/null +++ b/main/xen/xsa319.patch @@ -0,0 +1,27 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: x86/shadow: correct an inverted conditional in dirty VRAM tracking + +This originally was "mfn_x(mfn) == INVALID_MFN". Make it like this +again, taking the opportunity to also drop the unnecessary nearby +braces. + +This is XSA-319. + +Fixes: 246a5a3377c2 ("xen: Use a typesafe to define INVALID_MFN") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> + +--- a/xen/arch/x86/mm/shadow/common.c ++++ b/xen/arch/x86/mm/shadow/common.c +@@ -3252,10 +3252,8 @@ int shadow_track_dirty_vram(struct domai + int dirty = 0; + paddr_t sl1ma = dirty_vram->sl1ma[i]; + +- if ( !mfn_eq(mfn, INVALID_MFN) ) +- { ++ if ( mfn_eq(mfn, INVALID_MFN) ) + dirty = 1; +- } + else + { + page = mfn_to_page(mfn); diff --git a/main/xen/xsa320-4.11-1.patch b/main/xen/xsa320-4.11-1.patch new file mode 100644 index 00000000000..24daff99447 --- /dev/null +++ b/main/xen/xsa320-4.11-1.patch @@ -0,0 +1,133 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling + +This is part of XSA-320 / CVE-2020-0543 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Wei Liu <wl@xen.org> + +diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown +index 194615bfc5..9be18ac99f 100644 +--- a/docs/misc/xen-command-line.markdown ++++ b/docs/misc/xen-command-line.markdown +@@ -489,10 +489,10 @@ accounting for hardware capabilities as enumerated via CPUID. + + Currently accepted: + +-The Speculation Control hardware features `md-clear`, `ibrsb`, `stibp`, `ibpb`, +-`l1d-flush` and `ssbd` are used by default if available and applicable. They can +-be ignored, e.g. `no-ibrsb`, at which point Xen won't use them itself, and +-won't offer them to guests. ++The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, ++`stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and ++applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't ++use them itself, and won't offer them to guests. + + ### cpuid\_mask\_cpu (AMD only) + > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` +diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c +index 5a1702d703..1235c8b91e 100644 +--- a/tools/libxl/libxl_cpuid.c ++++ b/tools/libxl/libxl_cpuid.c +@@ -202,6 +202,7 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) + + {"avx512-4vnniw",0x00000007, 0, CPUID_REG_EDX, 2, 1}, + {"avx512-4fmaps",0x00000007, 0, CPUID_REG_EDX, 3, 1}, ++ {"srbds-ctrl", 0x00000007, 0, CPUID_REG_EDX, 9, 1}, + {"md-clear", 0x00000007, 0, CPUID_REG_EDX, 10, 1}, + {"ibrsb", 0x00000007, 0, CPUID_REG_EDX, 26, 1}, + {"stibp", 0x00000007, 0, CPUID_REG_EDX, 27, 1}, +diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c +index 4c9af6b7f0..8fb54c3001 100644 +--- a/tools/misc/xen-cpuid.c ++++ b/tools/misc/xen-cpuid.c +@@ -142,6 +142,7 @@ static const char *str_7d0[32] = + { + [ 2] = "avx512_4vnniw", [ 3] = "avx512_4fmaps", + ++ /* 8 */ [ 9] = "srbds-ctrl", + [10] = "md-clear", + /* 12 */ [13] = "tsx-force-abort", + +diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c +index 04aefa555d..b8e5b6fe67 100644 +--- a/xen/arch/x86/cpuid.c ++++ b/xen/arch/x86/cpuid.c +@@ -58,6 +58,11 @@ static int __init parse_xen_cpuid(const char *s) + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_SSBD); + } ++ else if ( (val = parse_boolean("srbds-ctrl", s, ss)) >= 0 ) ++ { ++ if ( !val ) ++ setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); ++ } + else + rc = -EINVAL; + +diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c +index ccb316c547..256e58d82b 100644 +--- a/xen/arch/x86/msr.c ++++ b/xen/arch/x86/msr.c +@@ -154,6 +154,7 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) + /* Write-only */ + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: ++ case MSR_MCU_OPT_CTRL: + /* Not offered to guests. */ + goto gp_fault; + +@@ -243,6 +244,7 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) + /* Read-only */ + case MSR_TSX_FORCE_ABORT: + case MSR_TSX_CTRL: ++ case MSR_MCU_OPT_CTRL: + /* Not offered to guests. */ + goto gp_fault; + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index ab196b156d..94ab8dd786 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -365,12 +365,13 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + printk("Speculative mitigation facilities:\n"); + + /* Hardware features which pertain to speculative mitigations. */ +- printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", ++ printk(" Hardware features:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + (_7d0 & cpufeat_mask(X86_FEATURE_IBRSB)) ? " IBRS/IBPB" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_STIBP)) ? " STIBP" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ? " L1D_FLUSH" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_SSBD)) ? " SSBD" : "", + (_7d0 & cpufeat_mask(X86_FEATURE_MD_CLEAR)) ? " MD_CLEAR" : "", ++ (_7d0 & cpufeat_mask(X86_FEATURE_SRBDS_CTRL)) ? " SRBDS_CTRL" : "", + (e8b & cpufeat_mask(X86_FEATURE_IBPB)) ? " IBPB" : "", + (caps & ARCH_CAPS_IBRS_ALL) ? " IBRS_ALL" : "", + (caps & ARCH_CAPS_RDCL_NO) ? " RDCL_NO" : "", +diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h +index 1761a01f1f..480d1d8102 100644 +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -177,6 +177,9 @@ + #define MSR_IA32_VMX_TRUE_ENTRY_CTLS 0x490 + #define MSR_IA32_VMX_VMFUNC 0x491 + ++#define MSR_MCU_OPT_CTRL 0x00000123 ++#define MCU_OPT_CTRL_RNGDS_MITG_DIS (_AC(1, ULL) << 0) ++ + /* K7/K8 MSRs. Not complete. See the architecture manual for a more + complete list. */ + #define MSR_K7_EVNTSEL0 0xc0010000 +diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h +index a14d8a7013..9d210e74a0 100644 +--- a/xen/include/public/arch-x86/cpufeatureset.h ++++ b/xen/include/public/arch-x86/cpufeatureset.h +@@ -242,6 +242,7 @@ XEN_CPUFEATURE(IBPB, 8*32+12) /*A IBPB support only (no IBRS, used by + /* Intel-defined CPU features, CPUID level 0x00000007:0.edx, word 9 */ + XEN_CPUFEATURE(AVX512_4VNNIW, 9*32+ 2) /*A AVX512 Neural Network Instructions */ + XEN_CPUFEATURE(AVX512_4FMAPS, 9*32+ 3) /*A AVX512 Multiply Accumulation Single Precision */ ++XEN_CPUFEATURE(SRBDS_CTRL, 9*32+ 9) /* MSR_MCU_OPT_CTRL and RNGDS_MITG_DIS. */ + XEN_CPUFEATURE(MD_CLEAR, 9*32+10) /*A VERW clears microarchitectural buffers */ + XEN_CPUFEATURE(TSX_FORCE_ABORT, 9*32+13) /* MSR_TSX_FORCE_ABORT.RTM_ABORT */ + XEN_CPUFEATURE(IBRSB, 9*32+26) /*A IBRS and IBPB support (used by Intel) */ diff --git a/main/xen/xsa320-4.11-2.patch b/main/xen/xsa320-4.11-2.patch new file mode 100644 index 00000000000..243ec4c7446 --- /dev/null +++ b/main/xen/xsa320-4.11-2.patch @@ -0,0 +1,179 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel + +See patch documentation and comments. + +This is part of XSA-320 / CVE-2020-0543 + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown +index 9be18ac99f..3356e59fee 100644 +--- a/docs/misc/xen-command-line.markdown ++++ b/docs/misc/xen-command-line.markdown +@@ -1858,7 +1858,7 @@ false disable the quirk workaround, which is also the default. + ### spec-ctrl (x86) + > `= List of [ <bool>, xen=<bool>, {pv,hvm,msr-sc,rsb,md-clear}=<bool>, + > bti-thunk=retpoline|lfence|jmp, {ibrs,ibpb,ssbd,eager-fpu, +-> l1d-flush}=<bool> ]` ++> l1d-flush,srb-lock}=<bool> ]` + + Controls for speculative execution sidechannel mitigations. By default, Xen + will pick the most appropriate mitigations based on compiled in support, +@@ -1930,6 +1930,12 @@ Irrespective of Xen's setting, the feature is virtualised for HVM guests to + use. By default, Xen will enable this mitigation on hardware believed to be + vulnerable to L1TF. + ++On hardware supporting SRBDS_CTRL, the `srb-lock=` option can be used to force ++or prevent Xen from protect the Special Register Buffer from leaking stale ++data. By default, Xen will enable this mitigation, except on parts where MDS ++is fixed and TAA is fixed/mitigated (in which case, there is believed to be no ++way for an attacker to obtain the stale data). ++ + ### sync\_console + > `= <boolean>` + +diff --git a/xen/arch/x86/acpi/power.c b/xen/arch/x86/acpi/power.c +index 4c12794809..30e1bd5cd3 100644 +--- a/xen/arch/x86/acpi/power.c ++++ b/xen/arch/x86/acpi/power.c +@@ -266,6 +266,9 @@ static int enter_state(u32 state) + ci->spec_ctrl_flags |= (default_spec_ctrl_flags & SCF_ist_wrmsr); + spec_ctrl_exit_idle(ci); + ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); ++ + done: + spin_debug_enable(); + local_irq_restore(flags); +diff --git a/xen/arch/x86/smpboot.c b/xen/arch/x86/smpboot.c +index 0887806e85..d24d215946 100644 +--- a/xen/arch/x86/smpboot.c ++++ b/xen/arch/x86/smpboot.c +@@ -369,12 +369,14 @@ void start_secondary(void *unused) + microcode_resume_cpu(cpu); + + /* +- * If MSR_SPEC_CTRL is available, apply Xen's default setting and discard +- * any firmware settings. Note: MSR_SPEC_CTRL may only become available +- * after loading microcode. ++ * If any speculative control MSRs are available, apply Xen's default ++ * settings. Note: These MSRs may only become available after loading ++ * microcode. + */ + if ( boot_cpu_has(X86_FEATURE_IBRSB) ) + wrmsrl(MSR_SPEC_CTRL, default_xen_spec_ctrl); ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + + tsx_init(); /* Needs microcode. May change HLE/RTM feature bits. */ + +diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c +index 94ab8dd786..a306d10c34 100644 +--- a/xen/arch/x86/spec_ctrl.c ++++ b/xen/arch/x86/spec_ctrl.c +@@ -63,6 +63,9 @@ static unsigned int __initdata l1d_maxphysaddr; + static bool __initdata cpu_has_bug_msbds_only; /* => minimal HT impact. */ + static bool __initdata cpu_has_bug_mds; /* Any other M{LP,SB,FB}DS combination. */ + ++static int8_t __initdata opt_srb_lock = -1; ++uint64_t __read_mostly default_xen_mcu_opt_ctrl; ++ + static int __init parse_bti(const char *s) + { + const char *ss; +@@ -166,6 +169,7 @@ static int __init parse_spec_ctrl(const char *s) + opt_ibpb = false; + opt_ssbd = false; + opt_l1d_flush = 0; ++ opt_srb_lock = 0; + } + else if ( val > 0 ) + rc = -EINVAL; +@@ -231,6 +235,8 @@ static int __init parse_spec_ctrl(const char *s) + opt_eager_fpu = val; + else if ( (val = parse_boolean("l1d-flush", s, ss)) >= 0 ) + opt_l1d_flush = val; ++ else if ( (val = parse_boolean("srb-lock", s, ss)) >= 0 ) ++ opt_srb_lock = val; + else + rc = -EINVAL; + +@@ -394,7 +400,7 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + "\n"); + + /* Settings for Xen's protection, irrespective of guests. */ +- printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s\n", ++ printk(" Xen settings: BTI-Thunk %s, SPEC_CTRL: %s%s%s, Other:%s%s%s%s\n", + thunk == THUNK_NONE ? "N/A" : + thunk == THUNK_RETPOLINE ? "RETPOLINE" : + thunk == THUNK_LFENCE ? "LFENCE" : +@@ -405,6 +411,8 @@ static void __init print_details(enum ind_thunk thunk, uint64_t caps) + (default_xen_spec_ctrl & SPEC_CTRL_SSBD) ? " SSBD+" : " SSBD-", + !(caps & ARCH_CAPS_TSX_CTRL) ? "" : + (opt_tsx & 1) ? " TSX+" : " TSX-", ++ !boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ? "" : ++ opt_srb_lock ? " SRB_LOCK+" : " SRB_LOCK-", + opt_ibpb ? " IBPB" : "", + opt_l1d_flush ? " L1D_FLUSH" : "", + opt_md_clear_pv || opt_md_clear_hvm ? " VERW" : ""); +@@ -1196,6 +1204,34 @@ void __init init_speculation_mitigations(void) + tsx_init(); + } + ++ /* Calculate suitable defaults for MSR_MCU_OPT_CTRL */ ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ { ++ uint64_t val; ++ ++ rdmsrl(MSR_MCU_OPT_CTRL, val); ++ ++ /* ++ * On some SRBDS-affected hardware, it may be safe to relax srb-lock ++ * by default. ++ * ++ * On parts which enumerate MDS_NO and not TAA_NO, TSX is the only way ++ * to access the Fill Buffer. If TSX isn't available (inc. SKU ++ * reasons on some models), or TSX is explicitly disabled, then there ++ * is no need for the extra overhead to protect RDRAND/RDSEED. ++ */ ++ if ( opt_srb_lock == -1 && ++ (caps & (ARCH_CAPS_MDS_NO|ARCH_CAPS_TAA_NO)) == ARCH_CAPS_MDS_NO && ++ (!cpu_has_hle || ((caps & ARCH_CAPS_TSX_CTRL) && opt_tsx == 0)) ) ++ opt_srb_lock = 0; ++ ++ val &= ~MCU_OPT_CTRL_RNGDS_MITG_DIS; ++ if ( !opt_srb_lock ) ++ val |= MCU_OPT_CTRL_RNGDS_MITG_DIS; ++ ++ default_xen_mcu_opt_ctrl = val; ++ } ++ + print_details(thunk, caps); + + /* +@@ -1227,6 +1263,9 @@ void __init init_speculation_mitigations(void) + + wrmsrl(MSR_SPEC_CTRL, bsp_delay_spec_ctrl ? 0 : default_xen_spec_ctrl); + } ++ ++ if ( boot_cpu_has(X86_FEATURE_SRBDS_CTRL) ) ++ wrmsrl(MSR_MCU_OPT_CTRL, default_xen_mcu_opt_ctrl); + } + + static void __init __maybe_unused build_assertions(void) +diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h +index 333d180b7e..bf10d2ce5c 100644 +--- a/xen/include/asm-x86/spec_ctrl.h ++++ b/xen/include/asm-x86/spec_ctrl.h +@@ -46,6 +46,8 @@ extern int8_t opt_pv_l1tf_hwdom, opt_pv_l1tf_domu; + */ + extern paddr_t l1tf_addr_mask, l1tf_safe_maddr; + ++extern uint64_t default_xen_mcu_opt_ctrl; ++ + static inline void init_shadow_spec_ctrl_state(void) + { + struct cpu_info *info = get_cpu_info(); diff --git a/main/xen/xsa320-4.11-3.patch b/main/xen/xsa320-4.11-3.patch new file mode 100644 index 00000000000..ff7990b2027 --- /dev/null +++ b/main/xen/xsa320-4.11-3.patch @@ -0,0 +1,57 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden + +RDRAND/RDSEED can be hidden using cpuid= to mitigate SRBDS if microcode +isn't available. + +This is part of XSA-320 / CVE-2020-0543. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown +index 3356e59fee..ac397e7de0 100644 +--- a/docs/misc/xen-command-line.markdown ++++ b/docs/misc/xen-command-line.markdown +@@ -487,12 +487,18 @@ choice of `dom0-kernel` is deprecated and not supported by all Dom0 kernels. + This option allows for fine tuning of the facilities Xen will use, after + accounting for hardware capabilities as enumerated via CPUID. + ++Unless otherwise noted, options only have any effect in their negative form, ++to hide the named feature(s). Ignoring a feature using this mechanism will ++cause Xen not to use the feature, nor offer them as usable to guests. ++ + Currently accepted: + + The Speculation Control hardware features `srbds-ctrl`, `md-clear`, `ibrsb`, + `stibp`, `ibpb`, `l1d-flush` and `ssbd` are used by default if available and +-applicable. They can be ignored, e.g. `no-ibrsb`, at which point Xen won't +-use them itself, and won't offer them to guests. ++applicable. They can all be ignored. ++ ++`rdrand` and `rdseed` can be ignored, as a mitigation to XSA-320 / ++CVE-2020-0543. + + ### cpuid\_mask\_cpu (AMD only) + > `= fam_0f_rev_c | fam_0f_rev_d | fam_0f_rev_e | fam_0f_rev_f | fam_0f_rev_g | fam_10_rev_b | fam_10_rev_c | fam_11_rev_b` +diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c +index b8e5b6fe67..78d08dbb32 100644 +--- a/xen/arch/x86/cpuid.c ++++ b/xen/arch/x86/cpuid.c +@@ -63,6 +63,16 @@ static int __init parse_xen_cpuid(const char *s) + if ( !val ) + setup_clear_cpu_cap(X86_FEATURE_SRBDS_CTRL); + } ++ else if ( (val = parse_boolean("rdrand", s, ss)) >= 0 ) ++ { ++ if ( !val ) ++ setup_clear_cpu_cap(X86_FEATURE_RDRAND); ++ } ++ else if ( (val = parse_boolean("rdseed", s, ss)) >= 0 ) ++ { ++ if ( !val ) ++ setup_clear_cpu_cap(X86_FEATURE_RDSEED); ++ } + else + rc = -EINVAL; + diff --git a/main/xen/xsa321-4.11-1.patch b/main/xen/xsa321-4.11-1.patch new file mode 100644 index 00000000000..da52db67f0f --- /dev/null +++ b/main/xen/xsa321-4.11-1.patch @@ -0,0 +1,31 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: vtd: improve IOMMU TLB flush + +Do not limit PSI flushes to order 0 pages, in order to avoid doing a +full TLB flush if the passed in page has an order greater than 0 and +is aligned. Should increase the performance of IOMMU TLB flushes when +dealing with page orders greater than 0. + +This is part of XSA-321. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -612,13 +612,14 @@ static int __must_check iommu_flush_iotl + if ( iommu_domid == -1 ) + continue; + +- if ( page_count != 1 || gfn == gfn_x(INVALID_GFN) ) ++ if ( !page_count || (page_count & (page_count - 1)) || ++ gfn == gfn_x(INVALID_GFN) || !IS_ALIGNED(gfn, page_count) ) + rc = iommu_flush_iotlb_dsi(iommu, iommu_domid, + 0, flush_dev_iotlb); + else + rc = iommu_flush_iotlb_psi(iommu, iommu_domid, + (paddr_t)gfn << PAGE_SHIFT_4K, +- PAGE_ORDER_4K, ++ get_order_from_pages(page_count), + !dma_old_pte_present, + flush_dev_iotlb); + diff --git a/main/xen/xsa321-4.11-2.patch b/main/xen/xsa321-4.11-2.patch new file mode 100644 index 00000000000..573bd8e7427 --- /dev/null +++ b/main/xen/xsa321-4.11-2.patch @@ -0,0 +1,175 @@ +From: <security@xenproject.org> +Subject: vtd: prune (and rename) cache flush functions + +Rename __iommu_flush_cache to iommu_sync_cache and remove +iommu_flush_cache_page. Also remove the iommu_flush_cache_entry +wrapper and just use iommu_sync_cache instead. Note the _entry suffix +was meaningless as the wrapper was already taking a size parameter in +bytes. While there also constify the addr parameter. + +No functional change intended. + +This is part of XSA-321. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -37,8 +37,7 @@ void disable_qinval(struct iommu *iommu) + int enable_intremap(struct iommu *iommu, int eim); + void disable_intremap(struct iommu *iommu); + +-void iommu_flush_cache_entry(void *addr, unsigned int size); +-void iommu_flush_cache_page(void *addr, unsigned long npages); ++void iommu_sync_cache(const void *addr, unsigned int size); + int iommu_alloc(struct acpi_drhd_unit *drhd); + void iommu_free(struct acpi_drhd_unit *drhd); + +--- a/xen/drivers/passthrough/vtd/intremap.c ++++ b/xen/drivers/passthrough/vtd/intremap.c +@@ -231,7 +231,7 @@ static void free_remap_entry(struct iomm + iremap_entries, iremap_entry); + + update_irte(iommu, iremap_entry, &new_ire, false); +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +@@ -403,7 +403,7 @@ static int ioapic_rte_to_remap_entry(str + } + + update_irte(iommu, iremap_entry, &new_ire, !init); +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +@@ -694,7 +694,7 @@ static int msi_msg_to_remap_entry( + update_irte(iommu, iremap_entry, &new_ire, msi_desc->irte_initialized); + msi_desc->irte_initialized = true; + +- iommu_flush_cache_entry(iremap_entry, sizeof(*iremap_entry)); ++ iommu_sync_cache(iremap_entry, sizeof(*iremap_entry)); + iommu_flush_iec_index(iommu, 0, index); + + unmap_vtd_domain_page(iremap_entries); +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -158,7 +158,8 @@ static void __init free_intel_iommu(stru + } + + static int iommus_incoherent; +-static void __iommu_flush_cache(void *addr, unsigned int size) ++ ++void iommu_sync_cache(const void *addr, unsigned int size) + { + int i; + static unsigned int clflush_size = 0; +@@ -173,16 +174,6 @@ static void __iommu_flush_cache(void *ad + cacheline_flush((char *)addr + i); + } + +-void iommu_flush_cache_entry(void *addr, unsigned int size) +-{ +- __iommu_flush_cache(addr, size); +-} +- +-void iommu_flush_cache_page(void *addr, unsigned long npages) +-{ +- __iommu_flush_cache(addr, PAGE_SIZE * npages); +-} +- + /* Allocate page table, return its machine address */ + u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages) + { +@@ -207,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd + vaddr = __map_domain_page(cur_pg); + memset(vaddr, 0, PAGE_SIZE); + +- iommu_flush_cache_page(vaddr, 1); ++ iommu_sync_cache(vaddr, PAGE_SIZE); + unmap_domain_page(vaddr); + cur_pg++; + } +@@ -242,7 +233,7 @@ static u64 bus_to_context_maddr(struct i + } + set_root_value(*root, maddr); + set_root_present(*root); +- iommu_flush_cache_entry(root, sizeof(struct root_entry)); ++ iommu_sync_cache(root, sizeof(struct root_entry)); + } + maddr = (u64) get_context_addr(*root); + unmap_vtd_domain_page(root_entries); +@@ -300,7 +291,7 @@ static u64 addr_to_dma_page_maddr(struct + */ + dma_set_pte_readable(*pte); + dma_set_pte_writable(*pte); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + } + + if ( level == 2 ) +@@ -674,7 +665,7 @@ static int __must_check dma_pte_clear_on + + dma_clear_pte(*pte); + spin_unlock(&hd->arch.mapping_lock); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + + if ( !this_cpu(iommu_dont_flush_iotlb) ) + rc = iommu_flush_iotlb_pages(domain, addr >> PAGE_SHIFT_4K, 1); +@@ -716,7 +707,7 @@ static void iommu_free_page_table(struct + iommu_free_pagetable(dma_pte_addr(*pte), next_level); + + dma_clear_pte(*pte); +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + } + + unmap_vtd_domain_page(pt_vaddr); +@@ -1449,7 +1440,7 @@ int domain_context_mapping_one( + context_set_address_width(*context, agaw); + context_set_fault_enable(*context); + context_set_present(*context); +- iommu_flush_cache_entry(context, sizeof(struct context_entry)); ++ iommu_sync_cache(context, sizeof(struct context_entry)); + spin_unlock(&iommu->lock); + + /* Context entry was previously non-present (with domid 0). */ +@@ -1602,7 +1593,7 @@ int domain_context_unmap_one( + + context_clear_present(*context); + context_clear_entry(*context); +- iommu_flush_cache_entry(context, sizeof(struct context_entry)); ++ iommu_sync_cache(context, sizeof(struct context_entry)); + + iommu_domid= domain_iommu_domid(domain, iommu); + if ( iommu_domid == -1 ) +@@ -1828,7 +1819,7 @@ static int __must_check intel_iommu_map_ + + *pte = new; + +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + spin_unlock(&hd->arch.mapping_lock); + unmap_vtd_domain_page(page); + +@@ -1862,7 +1853,7 @@ int iommu_pte_flush(struct domain *d, u6 + int iommu_domid; + int rc = 0; + +- iommu_flush_cache_entry(pte, sizeof(struct dma_pte)); ++ iommu_sync_cache(pte, sizeof(struct dma_pte)); + + for_each_drhd_unit ( drhd ) + { +@@ -2725,7 +2716,7 @@ static int __init intel_iommu_quarantine + dma_set_pte_addr(*pte, maddr); + dma_set_pte_readable(*pte); + } +- iommu_flush_cache_page(parent, 1); ++ iommu_sync_cache(parent, PAGE_SIZE); + + unmap_vtd_domain_page(parent); + parent = map_vtd_domain_page(maddr); diff --git a/main/xen/xsa321-4.11-3.patch b/main/xen/xsa321-4.11-3.patch new file mode 100644 index 00000000000..3a5455e0248 --- /dev/null +++ b/main/xen/xsa321-4.11-3.patch @@ -0,0 +1,82 @@ +From: <security@xenproject.org> +Subject: x86/iommu: introduce a cache sync hook + +The hook is only implemented for VT-d and it uses the already existing +iommu_sync_cache function present in VT-d code. The new hook is +added so that the cache can be flushed by code outside of VT-d when +using shared page tables. + +Note that alloc_pgtable_maddr must use the now locally defined +sync_cache function, because IOMMU ops are not yet setup the first +time the function gets called during IOMMU initialization. + +No functional change intended. + +This is part of XSA-321. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -37,7 +37,6 @@ void disable_qinval(struct iommu *iommu) + int enable_intremap(struct iommu *iommu, int eim); + void disable_intremap(struct iommu *iommu); + +-void iommu_sync_cache(const void *addr, unsigned int size); + int iommu_alloc(struct acpi_drhd_unit *drhd); + void iommu_free(struct acpi_drhd_unit *drhd); + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -159,7 +159,7 @@ static void __init free_intel_iommu(stru + + static int iommus_incoherent; + +-void iommu_sync_cache(const void *addr, unsigned int size) ++static void sync_cache(const void *addr, unsigned int size) + { + int i; + static unsigned int clflush_size = 0; +@@ -198,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd + vaddr = __map_domain_page(cur_pg); + memset(vaddr, 0, PAGE_SIZE); + +- iommu_sync_cache(vaddr, PAGE_SIZE); ++ sync_cache(vaddr, PAGE_SIZE); + unmap_domain_page(vaddr); + cur_pg++; + } +@@ -2760,6 +2760,7 @@ const struct iommu_ops intel_iommu_ops = + .iotlb_flush_all = iommu_flush_iotlb_all, + .get_reserved_device_memory = intel_iommu_get_reserved_device_memory, + .dump_p2m_table = vtd_dump_p2m_table, ++ .sync_cache = sync_cache, + }; + + /* +--- a/xen/include/asm-x86/iommu.h ++++ b/xen/include/asm-x86/iommu.h +@@ -98,6 +98,13 @@ extern bool untrusted_msi; + int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq, + const uint8_t gvec); + ++#define iommu_sync_cache(addr, size) ({ \ ++ const struct iommu_ops *ops = iommu_get_ops(); \ ++ \ ++ if ( ops->sync_cache ) \ ++ ops->sync_cache(addr, size); \ ++}) ++ + #endif /* !__ARCH_X86_IOMMU_H__ */ + /* + * Local variables: +--- a/xen/include/xen/iommu.h ++++ b/xen/include/xen/iommu.h +@@ -161,6 +161,7 @@ struct iommu_ops { + void (*update_ire_from_apic)(unsigned int apic, unsigned int reg, unsigned int value); + unsigned int (*read_apic_from_ire)(unsigned int apic, unsigned int reg); + int (*setup_hpet_msi)(struct msi_desc *); ++ void (*sync_cache)(const void *addr, unsigned int size); + #endif /* CONFIG_X86 */ + int __must_check (*suspend)(void); + void (*resume)(void); diff --git a/main/xen/xsa321-4.11-4.patch b/main/xen/xsa321-4.11-4.patch new file mode 100644 index 00000000000..24cea6d8af3 --- /dev/null +++ b/main/xen/xsa321-4.11-4.patch @@ -0,0 +1,36 @@ +From: <security@xenproject.org> +Subject: vtd: don't assume addresses are aligned in sync_cache + +Current code in sync_cache assume that the address passed in is +aligned to a cache line size. Fix the code to support passing in +arbitrary addresses not necessarily aligned to a cache line size. + +This is part of XSA-321. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -161,8 +161,8 @@ static int iommus_incoherent; + + static void sync_cache(const void *addr, unsigned int size) + { +- int i; +- static unsigned int clflush_size = 0; ++ static unsigned long clflush_size = 0; ++ const void *end = addr + size; + + if ( !iommus_incoherent ) + return; +@@ -170,8 +170,9 @@ static void sync_cache(const void *addr, + if ( clflush_size == 0 ) + clflush_size = get_cache_line_size(); + +- for ( i = 0; i < size; i += clflush_size ) +- cacheline_flush((char *)addr + i); ++ addr -= (unsigned long)addr & (clflush_size - 1); ++ for ( ; addr < end; addr += clflush_size ) ++ cacheline_flush((char *)addr); + } + + /* Allocate page table, return its machine address */ diff --git a/main/xen/xsa321-4.11-5.patch b/main/xen/xsa321-4.11-5.patch new file mode 100644 index 00000000000..9d47529bded --- /dev/null +++ b/main/xen/xsa321-4.11-5.patch @@ -0,0 +1,24 @@ +From: <security@xenproject.org> +Subject: x86/alternative: introduce alternative_2 + +It's based on alternative_io_2 without inputs or outputs but with an +added memory clobber. + +This is part of XSA-321. + +Acked-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/include/asm-x86/alternative.h ++++ b/xen/include/asm-x86/alternative.h +@@ -113,6 +113,11 @@ extern void alternative_instructions(voi + #define alternative(oldinstr, newinstr, feature) \ + asm volatile (ALTERNATIVE(oldinstr, newinstr, feature) : : : "memory") + ++#define alternative_2(oldinstr, newinstr1, feature1, newinstr2, feature2) \ ++ asm volatile (ALTERNATIVE_2(oldinstr, newinstr1, feature1, \ ++ newinstr2, feature2) \ ++ : : : "memory") ++ + /* + * Alternative inline assembly with input. + * diff --git a/main/xen/xsa321-4.11-6.patch b/main/xen/xsa321-4.11-6.patch new file mode 100644 index 00000000000..f74a2c4feab --- /dev/null +++ b/main/xen/xsa321-4.11-6.patch @@ -0,0 +1,91 @@ +From: <security@xenproject.org> +Subject: vtd: optimize CPU cache sync + +Some VT-d IOMMUs are non-coherent, which requires a cache write back +in order for the changes made by the CPU to be visible to the IOMMU. +This cache write back was unconditionally done using clflush, but there are +other more efficient instructions to do so, hence implement support +for them using the alternative framework. + +This is part of XSA-321. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/drivers/passthrough/vtd/extern.h ++++ b/xen/drivers/passthrough/vtd/extern.h +@@ -63,7 +63,6 @@ int __must_check qinval_device_iotlb_syn + u16 did, u16 size, u64 addr); + + unsigned int get_cache_line_size(void); +-void cacheline_flush(char *); + void flush_all_cache(void); + + u64 alloc_pgtable_maddr(struct acpi_drhd_unit *drhd, unsigned long npages); +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -31,6 +31,7 @@ + #include <xen/pci_regs.h> + #include <xen/keyhandler.h> + #include <asm/msi.h> ++#include <asm/nops.h> + #include <asm/irq.h> + #include <asm/hvm/vmx/vmx.h> + #include <asm/p2m.h> +@@ -172,7 +173,42 @@ static void sync_cache(const void *addr, + + addr -= (unsigned long)addr & (clflush_size - 1); + for ( ; addr < end; addr += clflush_size ) +- cacheline_flush((char *)addr); ++/* ++ * The arguments to a macro must not include preprocessor directives. Doing so ++ * results in undefined behavior, so we have to create some defines here in ++ * order to avoid it. ++ */ ++#if defined(HAVE_AS_CLWB) ++# define CLWB_ENCODING "clwb %[p]" ++#elif defined(HAVE_AS_XSAVEOPT) ++# define CLWB_ENCODING "data16 xsaveopt %[p]" /* clwb */ ++#else ++# define CLWB_ENCODING ".byte 0x66, 0x0f, 0xae, 0x30" /* clwb (%%rax) */ ++#endif ++ ++#define BASE_INPUT(addr) [p] "m" (*(const char *)(addr)) ++#if defined(HAVE_AS_CLWB) || defined(HAVE_AS_XSAVEOPT) ++# define INPUT BASE_INPUT ++#else ++# define INPUT(addr) "a" (addr), BASE_INPUT(addr) ++#endif ++ /* ++ * Note regarding the use of NOP_DS_PREFIX: it's faster to do a clflush ++ * + prefix than a clflush + nop, and hence the prefix is added instead ++ * of letting the alternative framework fill the gap by appending nops. ++ */ ++ alternative_io_2(".byte " __stringify(NOP_DS_PREFIX) "; clflush %[p]", ++ "data16 clflush %[p]", /* clflushopt */ ++ X86_FEATURE_CLFLUSHOPT, ++ CLWB_ENCODING, ++ X86_FEATURE_CLWB, /* no outputs */, ++ INPUT(addr)); ++#undef INPUT ++#undef BASE_INPUT ++#undef CLWB_ENCODING ++ ++ alternative_2("", "sfence", X86_FEATURE_CLFLUSHOPT, ++ "sfence", X86_FEATURE_CLWB); + } + + /* Allocate page table, return its machine address */ +--- a/xen/drivers/passthrough/vtd/x86/vtd.c ++++ b/xen/drivers/passthrough/vtd/x86/vtd.c +@@ -53,11 +53,6 @@ unsigned int get_cache_line_size(void) + return ((cpuid_ebx(1) >> 8) & 0xff) * 8; + } + +-void cacheline_flush(char * addr) +-{ +- clflush(addr); +-} +- + void flush_all_cache() + { + wbinvd(); diff --git a/main/xen/xsa321-4.11-7.patch b/main/xen/xsa321-4.11-7.patch new file mode 100644 index 00000000000..65c4a4c84db --- /dev/null +++ b/main/xen/xsa321-4.11-7.patch @@ -0,0 +1,164 @@ +From: <security@xenproject.org> +Subject: x86/ept: flush cache when modifying PTEs and sharing page tables + +Modifications made to the page tables by EPT code need to be written +to memory when the page tables are shared with the IOMMU, as Intel +IOMMUs can be non-coherent and thus require changes to be written to +memory in order to be visible to the IOMMU. + +In order to achieve this make sure data is written back to memory +after writing an EPT entry when the recalc bit is not set in +atomic_write_ept_entry. If such bit is set, the entry will be +adjusted and atomic_write_ept_entry will be called a second time +without the recalc bit set. Note that when splitting a super page the +new tables resulting of the split should also be written back. + +Failure to do so can allow devices behind the IOMMU access to the +stale super page, or cause coherency issues as changes made by the +processor to the page tables are not visible to the IOMMU. + +This allows to remove the VT-d specific iommu_pte_flush helper, since +the cache write back is now performed by atomic_write_ept_entry, and +hence iommu_iotlb_flush can be used to flush the IOMMU TLB. The newly +used method (iommu_iotlb_flush) can result in less flushes, since it +might sometimes be called rightly with 0 flags, in which case it +becomes a no-op. + +This is part of XSA-321. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -90,6 +90,19 @@ static int atomic_write_ept_entry(ept_en + + write_atomic(&entryptr->epte, new.epte); + ++ /* ++ * The recalc field on the EPT is used to signal either that a ++ * recalculation of the EMT field is required (which doesn't effect the ++ * IOMMU), or a type change. Type changes can only be between ram_rw, ++ * logdirty and ioreq_server: changes to/from logdirty won't work well with ++ * an IOMMU anyway, as IOMMU #PFs are not synchronous and will lead to ++ * aborts, and changes to/from ioreq_server are already fully flushed ++ * before returning to guest context (see ++ * XEN_DMOP_map_mem_type_to_ioreq_server). ++ */ ++ if ( !new.recalc && iommu_hap_pt_share ) ++ iommu_sync_cache(entryptr, sizeof(*entryptr)); ++ + if ( unlikely(oldmfn != mfn_x(INVALID_MFN)) ) + put_page(mfn_to_page(_mfn(oldmfn))); + +@@ -319,6 +332,9 @@ static bool_t ept_split_super_page(struc + break; + } + ++ if ( iommu_hap_pt_share ) ++ iommu_sync_cache(table, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t)); ++ + unmap_domain_page(table); + + /* Even failed we should install the newly allocated ept page. */ +@@ -378,6 +394,9 @@ static int ept_next_level(struct p2m_dom + if ( !next ) + return GUEST_TABLE_MAP_FAILED; + ++ if ( iommu_hap_pt_share ) ++ iommu_sync_cache(next, EPT_PAGETABLE_ENTRIES * sizeof(ept_entry_t)); ++ + rc = atomic_write_ept_entry(ept_entry, e, next_level); + ASSERT(rc == 0); + } +@@ -875,7 +894,7 @@ out: + need_modify_vtd_table ) + { + if ( iommu_hap_pt_share ) +- rc = iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present); ++ rc = iommu_flush_iotlb(d, gfn, vtd_pte_present, 1u << order); + else + { + if ( iommu_flags ) +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -612,10 +612,8 @@ static int __must_check iommu_flush_all( + return rc; + } + +-static int __must_check iommu_flush_iotlb(struct domain *d, +- unsigned long gfn, +- bool_t dma_old_pte_present, +- unsigned int page_count) ++int iommu_flush_iotlb(struct domain *d, unsigned long gfn, ++ bool dma_old_pte_present, unsigned int page_count) + { + struct domain_iommu *hd = dom_iommu(d); + struct acpi_drhd_unit *drhd; +@@ -1880,53 +1878,6 @@ static int __must_check intel_iommu_unma + return dma_pte_clear_one(d, (paddr_t)gfn << PAGE_SHIFT_4K); + } + +-int iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte, +- int order, int present) +-{ +- struct acpi_drhd_unit *drhd; +- struct iommu *iommu = NULL; +- struct domain_iommu *hd = dom_iommu(d); +- bool_t flush_dev_iotlb; +- int iommu_domid; +- int rc = 0; +- +- iommu_sync_cache(pte, sizeof(struct dma_pte)); +- +- for_each_drhd_unit ( drhd ) +- { +- iommu = drhd->iommu; +- if ( !test_bit(iommu->index, &hd->arch.iommu_bitmap) ) +- continue; +- +- flush_dev_iotlb = !!find_ats_dev_drhd(iommu); +- iommu_domid= domain_iommu_domid(d, iommu); +- if ( iommu_domid == -1 ) +- continue; +- +- rc = iommu_flush_iotlb_psi(iommu, iommu_domid, +- (paddr_t)gfn << PAGE_SHIFT_4K, +- order, !present, flush_dev_iotlb); +- if ( rc > 0 ) +- { +- iommu_flush_write_buffer(iommu); +- rc = 0; +- } +- } +- +- if ( unlikely(rc) ) +- { +- if ( !d->is_shutting_down && printk_ratelimit() ) +- printk(XENLOG_ERR VTDPREFIX +- " d%d: IOMMU pages flush failed: %d\n", +- d->domain_id, rc); +- +- if ( !is_hardware_domain(d) ) +- domain_crash(d); +- } +- +- return rc; +-} +- + static int __init vtd_ept_page_compatible(struct iommu *iommu) + { + u64 ept_cap, vtd_cap = iommu->cap; +--- a/xen/include/asm-x86/iommu.h ++++ b/xen/include/asm-x86/iommu.h +@@ -87,8 +87,9 @@ int iommu_setup_hpet_msi(struct msi_desc + + /* While VT-d specific, this must get declared in a generic header. */ + int adjust_vtd_irq_affinities(void); +-int __must_check iommu_pte_flush(struct domain *d, u64 gfn, u64 *pte, +- int order, int present); ++int __must_check iommu_flush_iotlb(struct domain *d, unsigned long gfn, ++ bool dma_old_pte_present, ++ unsigned int page_count); + bool_t iommu_supports_eim(void); + int iommu_enable_x2apic_IR(void); + void iommu_disable_x2apic_IR(void); diff --git a/main/xen/xsa327.patch b/main/xen/xsa327.patch new file mode 100644 index 00000000000..0541cfa0df8 --- /dev/null +++ b/main/xen/xsa327.patch @@ -0,0 +1,63 @@ +From 030300ebbb86c40c12db038714479d746167c767 Mon Sep 17 00:00:00 2001 +From: Julien Grall <jgrall@amazon.com> +Date: Tue, 26 May 2020 18:31:33 +0100 +Subject: [PATCH] xen: Check the alignment of the offset pased via + VCPUOP_register_vcpu_info + +Currently a guest is able to register any guest physical address to use +for the vcpu_info structure as long as the structure can fits in the +rest of the frame. + +This means a guest can provide an address that is not aligned to the +natural alignment of the structure. + +On Arm 32-bit, unaligned access are completely forbidden by the +hypervisor. This will result to a data abort which is fatal. + +On Arm 64-bit, unaligned access are only forbidden when used for atomic +access. As the structure contains fields (such as evtchn_pending_self) +that are updated using atomic operations, any unaligned access will be +fatal as well. + +While the misalignment is only fatal on Arm, a generic check is added +as an x86 guest shouldn't sensibly pass an unaligned address (this +would result to a split lock). + +This is XSA-327. + +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +--- + xen/common/domain.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/xen/common/domain.c b/xen/common/domain.c +index 7cc9526139a6..e9be05f1d05f 100644 +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -1227,10 +1227,20 @@ int map_vcpu_info(struct vcpu *v, unsigned long gfn, unsigned offset) + void *mapping; + vcpu_info_t *new_info; + struct page_info *page; ++ unsigned int align; + + if ( offset > (PAGE_SIZE - sizeof(vcpu_info_t)) ) + return -EINVAL; + ++#ifdef CONFIG_COMPAT ++ if ( has_32bit_shinfo(d) ) ++ align = alignof(new_info->compat); ++ else ++#endif ++ align = alignof(*new_info); ++ if ( offset & (align - 1) ) ++ return -EINVAL; ++ + if ( !mfn_eq(v->vcpu_info_mfn, INVALID_MFN) ) + return -EINVAL; + +-- +2.17.1 + diff --git a/main/xen/xsa328-4.11-1.patch b/main/xen/xsa328-4.11-1.patch new file mode 100644 index 00000000000..50df012f3ed --- /dev/null +++ b/main/xen/xsa328-4.11-1.patch @@ -0,0 +1,118 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: x86/EPT: ept_set_middle_entry() related adjustments + +ept_split_super_page() wants to further modify the newly allocated +table, so have ept_set_middle_entry() return the mapped pointer rather +than tearing it down and then getting re-established right again. + +Similarly ept_next_level() wants to hand back a mapped pointer of +the next level page, so re-use the one established by +ept_set_middle_entry() in case that path was taken. + +Pull the setting of suppress_ve ahead of insertion into the higher level +table, and don't have ept_split_super_page() set the field a 2nd time. + +This is part of XSA-328. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -228,8 +228,9 @@ static void ept_p2m_type_to_flags(struct + #define GUEST_TABLE_SUPER_PAGE 2 + #define GUEST_TABLE_POD_PAGE 3 + +-/* Fill in middle levels of ept table */ +-static int ept_set_middle_entry(struct p2m_domain *p2m, ept_entry_t *ept_entry) ++/* Fill in middle level of ept table; return pointer to mapped new table. */ ++static ept_entry_t *ept_set_middle_entry(struct p2m_domain *p2m, ++ ept_entry_t *ept_entry) + { + mfn_t mfn; + ept_entry_t *table; +@@ -237,7 +238,12 @@ static int ept_set_middle_entry(struct p + + mfn = p2m_alloc_ptp(p2m, 0); + if ( mfn_eq(mfn, INVALID_MFN) ) +- return 0; ++ return NULL; ++ ++ table = map_domain_page(mfn); ++ ++ for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) ++ table[i].suppress_ve = 1; + + ept_entry->epte = 0; + ept_entry->mfn = mfn_x(mfn); +@@ -249,14 +255,7 @@ static int ept_set_middle_entry(struct p + + ept_entry->suppress_ve = 1; + +- table = map_domain_page(mfn); +- +- for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) +- table[i].suppress_ve = 1; +- +- unmap_domain_page(table); +- +- return 1; ++ return table; + } + + /* free ept sub tree behind an entry */ +@@ -294,10 +293,10 @@ static bool_t ept_split_super_page(struc + + ASSERT(is_epte_superpage(ept_entry)); + +- if ( !ept_set_middle_entry(p2m, &new_ept) ) ++ table = ept_set_middle_entry(p2m, &new_ept); ++ if ( !table ) + return 0; + +- table = map_domain_page(_mfn(new_ept.mfn)); + trunk = 1UL << ((level - 1) * EPT_TABLE_ORDER); + + for ( i = 0; i < EPT_PAGETABLE_ENTRIES; i++ ) +@@ -308,7 +307,6 @@ static bool_t ept_split_super_page(struc + epte->sp = (level > 1); + epte->mfn += i * trunk; + epte->snp = (iommu_enabled && iommu_snoop); +- epte->suppress_ve = 1; + + ept_p2m_type_to_flags(p2m, epte, epte->sa_p2mt, epte->access); + +@@ -347,8 +345,7 @@ static int ept_next_level(struct p2m_dom + ept_entry_t **table, unsigned long *gfn_remainder, + int next_level) + { +- unsigned long mfn; +- ept_entry_t *ept_entry, e; ++ ept_entry_t *ept_entry, *next = NULL, e; + u32 shift, index; + + shift = next_level * EPT_TABLE_ORDER; +@@ -373,19 +370,17 @@ static int ept_next_level(struct p2m_dom + if ( read_only ) + return GUEST_TABLE_MAP_FAILED; + +- if ( !ept_set_middle_entry(p2m, ept_entry) ) ++ next = ept_set_middle_entry(p2m, ept_entry); ++ if ( !next ) + return GUEST_TABLE_MAP_FAILED; +- else +- e = atomic_read_ept_entry(ept_entry); /* Refresh */ ++ /* e is now stale and hence may not be used anymore below. */ + } +- + /* The only time sp would be set here is if we had hit a superpage */ +- if ( is_epte_superpage(&e) ) ++ else if ( is_epte_superpage(&e) ) + return GUEST_TABLE_SUPER_PAGE; + +- mfn = e.mfn; + unmap_domain_page(*table); +- *table = map_domain_page(_mfn(mfn)); ++ *table = next ?: map_domain_page(_mfn(e.mfn)); + *gfn_remainder &= (1UL << shift) - 1; + return GUEST_TABLE_NORMAL_PAGE; + } diff --git a/main/xen/xsa328-4.11-2.patch b/main/xen/xsa328-4.11-2.patch new file mode 100644 index 00000000000..14c0d36e442 --- /dev/null +++ b/main/xen/xsa328-4.11-2.patch @@ -0,0 +1,48 @@ +From: <security@xenproject.org> +Subject: x86/ept: atomically modify entries in ept_next_level + +ept_next_level was passing a live PTE pointer to ept_set_middle_entry, +which was then modified without taking into account that the PTE could +be part of a live EPT table. This wasn't a security issue because the +pages returned by p2m_alloc_ptp are zeroed, so adding such an entry +before actually initializing it didn't allow a guest to access +physical memory addresses it wasn't supposed to access. + +This is part of XSA-328. + +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/mm/p2m-ept.c ++++ b/xen/arch/x86/mm/p2m-ept.c +@@ -348,6 +348,8 @@ static int ept_next_level(struct p2m_dom + ept_entry_t *ept_entry, *next = NULL, e; + u32 shift, index; + ++ ASSERT(next_level); ++ + shift = next_level * EPT_TABLE_ORDER; + + index = *gfn_remainder >> shift; +@@ -364,16 +366,20 @@ static int ept_next_level(struct p2m_dom + + if ( !is_epte_present(&e) ) + { ++ int rc; ++ + if ( e.sa_p2mt == p2m_populate_on_demand ) + return GUEST_TABLE_POD_PAGE; + + if ( read_only ) + return GUEST_TABLE_MAP_FAILED; + +- next = ept_set_middle_entry(p2m, ept_entry); ++ next = ept_set_middle_entry(p2m, &e); + if ( !next ) + return GUEST_TABLE_MAP_FAILED; +- /* e is now stale and hence may not be used anymore below. */ ++ ++ rc = atomic_write_ept_entry(ept_entry, e, next_level); ++ ASSERT(rc == 0); + } + /* The only time sp would be set here is if we had hit a superpage */ + else if ( is_epte_superpage(&e) ) diff --git a/main/xen/xsa333.patch b/main/xen/xsa333.patch new file mode 100644 index 00000000000..6b86c942faa --- /dev/null +++ b/main/xen/xsa333.patch @@ -0,0 +1,39 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly + +This MSR doesn't exist on AMD hardware, and switching away from the safe +functions in the common MSR path was an erroneous change. + +Partially revert the change. + +This is XSA-333. + +Fixes: 4fdc932b3cc ("x86/Intel: drop another 32-bit leftover") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Wei Liu <wl@xen.org> + +diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c +index efeb2a727e..6332c74b80 100644 +--- a/xen/arch/x86/pv/emul-priv-op.c ++++ b/xen/arch/x86/pv/emul-priv-op.c +@@ -924,7 +924,8 @@ static int read_msr(unsigned int reg, uint64_t *val, + return X86EMUL_OKAY; + + case MSR_IA32_MISC_ENABLE: +- rdmsrl(reg, *val); ++ if ( rdmsr_safe(reg, *val) ) ++ break; + *val = guest_misc_enable(*val); + return X86EMUL_OKAY; + +@@ -1059,7 +1060,8 @@ static int write_msr(unsigned int reg, uint64_t val, + break; + + case MSR_IA32_MISC_ENABLE: +- rdmsrl(reg, temp); ++ if ( rdmsr_safe(reg, temp) ) ++ break; + if ( val != guest_misc_enable(temp) ) + goto invalid; + return X86EMUL_OKAY; diff --git a/main/xen/xsa335-qemu.patch b/main/xen/xsa335-qemu.patch new file mode 100644 index 00000000000..320b4197820 --- /dev/null +++ b/main/xen/xsa335-qemu.patch @@ -0,0 +1,84 @@ +From c5bd2924c6d6a5bcbffb8b5e7798a88970131c07 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Mon, 17 Aug 2020 08:34:22 +0200 +Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364) + +Store calculated setup_len in a local variable, verify it, and only +write it to the struct (USBDevice->setup_len) in case it passed the +sanity checks. + +This prevents other code (do_token_{in,out} functions specifically) +from working with invalid USBDevice->setup_len values and overrunning +the USBDevice->setup_buf[] buffer. + +Fixes: CVE-2020-14364 +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +--- + hw/usb/core.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/hw/usb/core.c b/hw/usb/core.c +index 5abd128b6bc5..5234dcc73fea 100644 +--- a/tools/qemu-xen/hw/usb/core.c ++++ b/tools/qemu-xen/hw/usb/core.c +@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream) + static void do_token_setup(USBDevice *s, USBPacket *p) + { + int request, value, index; ++ unsigned int setup_len; + + if (p->iov.size != 8) { + p->status = USB_RET_STALL; +@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p) + usb_packet_copy(p, s->setup_buf, p->iov.size); + s->setup_index = 0; + p->actual_length = 0; +- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; +- if (s->setup_len > sizeof(s->data_buf)) { ++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; ++ if (setup_len > sizeof(s->data_buf)) { + fprintf(stderr, + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", +- s->setup_len, sizeof(s->data_buf)); ++ setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; + return; + } ++ s->setup_len = setup_len; + + request = (s->setup_buf[0] << 8) | s->setup_buf[1]; + value = (s->setup_buf[3] << 8) | s->setup_buf[2]; +@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p) + static void do_parameter(USBDevice *s, USBPacket *p) + { + int i, request, value, index; ++ unsigned int setup_len; + + for (i = 0; i < 8; i++) { + s->setup_buf[i] = p->parameter >> (i*8); + } + + s->setup_state = SETUP_STATE_PARAM; +- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; + s->setup_index = 0; + + request = (s->setup_buf[0] << 8) | s->setup_buf[1]; + value = (s->setup_buf[3] << 8) | s->setup_buf[2]; + index = (s->setup_buf[5] << 8) | s->setup_buf[4]; + +- if (s->setup_len > sizeof(s->data_buf)) { ++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6]; ++ if (setup_len > sizeof(s->data_buf)) { + fprintf(stderr, + "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n", +- s->setup_len, sizeof(s->data_buf)); ++ setup_len, sizeof(s->data_buf)); + p->status = USB_RET_STALL; + return; + } ++ s->setup_len = setup_len; + + if (p->pid == USB_TOKEN_OUT) { + usb_packet_copy(p, s->data_buf, s->setup_len); +-- +2.18.4 diff --git a/main/xen/xsa336-4.11.patch b/main/xen/xsa336-4.11.patch new file mode 100644 index 00000000000..305f6876b9e --- /dev/null +++ b/main/xen/xsa336-4.11.patch @@ -0,0 +1,256 @@ +From: Roger Pau Monné <roger.pau@citrix.com> +Subject: x86/vpt: fix race when migrating timers between vCPUs + +The current vPT code will migrate the emulated timers between vCPUs +(change the pt->vcpu field) while just holding the destination lock, +either from create_periodic_time or pt_adjust_global_vcpu_target if +the global target is adjusted. Changing the periodic_timer vCPU field +in this way creates a race where a third party could grab the lock in +the unlocked region of pt_adjust_global_vcpu_target (or before +create_periodic_time performs the vcpu change) and then release the +lock from a different vCPU, creating a locking imbalance. + +Introduce a per-domain rwlock in order to protect periodic_time +migration between vCPU lists. Taking the lock in read mode prevents +any timer from being migrated to a different vCPU, while taking it in +write mode allows performing migration of timers across vCPUs. The +per-vcpu locks are still used to protect all the other fields from the +periodic_timer struct. + +Note that such migration shouldn't happen frequently, and hence +there's no performance drop as a result of such locking. + +This is XSA-336. + +Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com> +Tested-by: Igor Druzhinin <igor.druzhinin@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -627,6 +627,8 @@ int hvm_domain_initialise(struct domain + /* need link to containing domain */ + d->arch.hvm_domain.pl_time->domain = d; + ++ rwlock_init(&d->arch.hvm_domain.pl_time->pt_migrate); ++ + /* Set the default IO Bitmap. */ + if ( is_hardware_domain(d) ) + { +--- a/xen/arch/x86/hvm/vpt.c ++++ b/xen/arch/x86/hvm/vpt.c +@@ -152,23 +152,32 @@ static int pt_irq_masked(struct periodic + return 1; + } + +-static void pt_lock(struct periodic_time *pt) ++static void pt_vcpu_lock(struct vcpu *v) + { +- struct vcpu *v; ++ read_lock(&v->domain->arch.hvm_domain.pl_time->pt_migrate); ++ spin_lock(&v->arch.hvm_vcpu.tm_lock); ++} + +- for ( ; ; ) +- { +- v = pt->vcpu; +- spin_lock(&v->arch.hvm_vcpu.tm_lock); +- if ( likely(pt->vcpu == v) ) +- break; +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); +- } ++static void pt_vcpu_unlock(struct vcpu *v) ++{ ++ spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ read_unlock(&v->domain->arch.hvm_domain.pl_time->pt_migrate); ++} ++ ++static void pt_lock(struct periodic_time *pt) ++{ ++ /* ++ * We cannot use pt_vcpu_lock here, because we need to acquire the ++ * per-domain lock first and then (re-)fetch the value of pt->vcpu, or ++ * else we might be using a stale value of pt->vcpu. ++ */ ++ read_lock(&pt->vcpu->domain->arch.hvm_domain.pl_time->pt_migrate); ++ spin_lock(&pt->vcpu->arch.hvm_vcpu.tm_lock); + } + + static void pt_unlock(struct periodic_time *pt) + { +- spin_unlock(&pt->vcpu->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(pt->vcpu); + } + + static void pt_process_missed_ticks(struct periodic_time *pt) +@@ -218,7 +227,7 @@ void pt_save_timer(struct vcpu *v) + if ( v->pause_flags & VPF_blocked ) + return; + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + if ( !pt->do_not_freeze ) +@@ -226,7 +235,7 @@ void pt_save_timer(struct vcpu *v) + + pt_freeze_time(v); + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + } + + void pt_restore_timer(struct vcpu *v) +@@ -234,7 +243,7 @@ void pt_restore_timer(struct vcpu *v) + struct list_head *head = &v->arch.hvm_vcpu.tm_list; + struct periodic_time *pt; + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + { +@@ -247,7 +256,7 @@ void pt_restore_timer(struct vcpu *v) + + pt_thaw_time(v); + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + } + + static void pt_timer_fn(void *data) +@@ -272,7 +281,7 @@ int pt_update_irq(struct vcpu *v) + uint64_t max_lag; + int irq, pt_vector = -1; + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_lock(v); + + earliest_pt = NULL; + max_lag = -1ULL; +@@ -300,14 +309,14 @@ int pt_update_irq(struct vcpu *v) + + if ( earliest_pt == NULL ) + { +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + return -1; + } + + earliest_pt->irq_issued = 1; + irq = earliest_pt->irq; + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + + switch ( earliest_pt->source ) + { +@@ -377,12 +386,12 @@ void pt_intr_post(struct vcpu *v, struct + if ( intack.source == hvm_intsrc_vector ) + return; + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_lock(v); + + pt = is_pt_irq(v, intack); + if ( pt == NULL ) + { +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + return; + } + +@@ -421,7 +430,7 @@ void pt_intr_post(struct vcpu *v, struct + cb = pt->cb; + cb_priv = pt->priv; + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + + if ( cb != NULL ) + cb(v, cb_priv); +@@ -432,12 +441,12 @@ void pt_migrate(struct vcpu *v) + struct list_head *head = &v->arch.hvm_vcpu.tm_list; + struct periodic_time *pt; + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_lock(v); + + list_for_each_entry ( pt, head, list ) + migrate_timer(&pt->timer, v->processor); + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ pt_vcpu_unlock(v); + } + + void create_periodic_time( +@@ -455,7 +464,7 @@ void create_periodic_time( + + destroy_periodic_time(pt); + +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ write_lock(&v->domain->arch.hvm_domain.pl_time->pt_migrate); + + pt->pending_intr_nr = 0; + pt->do_not_freeze = 0; +@@ -504,7 +513,7 @@ void create_periodic_time( + init_timer(&pt->timer, pt_timer_fn, pt, v->processor); + set_timer(&pt->timer, pt->scheduled); + +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ write_unlock(&v->domain->arch.hvm_domain.pl_time->pt_migrate); + } + + void destroy_periodic_time(struct periodic_time *pt) +@@ -529,30 +538,20 @@ void destroy_periodic_time(struct period + + static void pt_adjust_vcpu(struct periodic_time *pt, struct vcpu *v) + { +- int on_list; +- + ASSERT(pt->source == PTSRC_isa || pt->source == PTSRC_ioapic); + + if ( pt->vcpu == NULL ) + return; + +- pt_lock(pt); +- on_list = pt->on_list; +- if ( pt->on_list ) +- list_del(&pt->list); +- pt->on_list = 0; +- pt_unlock(pt); +- +- spin_lock(&v->arch.hvm_vcpu.tm_lock); ++ write_lock(&pt->vcpu->domain->arch.hvm_domain.pl_time->pt_migrate); + pt->vcpu = v; +- if ( on_list ) ++ if ( pt->on_list ) + { +- pt->on_list = 1; ++ list_del(&pt->list); + list_add(&pt->list, &v->arch.hvm_vcpu.tm_list); +- + migrate_timer(&pt->timer, v->processor); + } +- spin_unlock(&v->arch.hvm_vcpu.tm_lock); ++ write_unlock(&pt->vcpu->domain->arch.hvm_domain.pl_time->pt_migrate); + } + + void pt_adjust_global_vcpu_target(struct vcpu *v) +--- a/xen/include/asm-x86/hvm/vpt.h ++++ b/xen/include/asm-x86/hvm/vpt.h +@@ -133,6 +133,13 @@ struct pl_time { /* platform time */ + struct RTCState vrtc; + struct HPETState vhpet; + struct PMTState vpmt; ++ /* ++ * rwlock to prevent periodic_time vCPU migration. Take the lock in read ++ * mode in order to prevent the vcpu field of periodic_time from changing. ++ * Lock must be taken in write mode when changes to the vcpu field are ++ * performed, as it allows exclusive access to all the timers of a domain. ++ */ ++ rwlock_t pt_migrate; + /* guest_time = Xen sys time + stime_offset */ + int64_t stime_offset; + /* Ensures monotonicity in appropriate timer modes. */ diff --git a/main/xen/xsa337-4.12-1.patch b/main/xen/xsa337-4.12-1.patch new file mode 100644 index 00000000000..c8d3b1f4e24 --- /dev/null +++ b/main/xen/xsa337-4.12-1.patch @@ -0,0 +1,92 @@ +From: Roger Pau Monné <roger.pau@citrix.com> +Subject: x86/msi: get rid of read_msi_msg + +It's safer and faster to just use the cached last written +(untranslated) MSI message stored in msi_desc for the single user that +calls read_msi_msg. + +This also prevents relying on the data read from the device MSI +registers in order to figure out the index into the IOMMU interrupt +remapping table, which is not safe. + +This is part of XSA-337. + +Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> +Requested-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -192,59 +192,6 @@ void msi_compose_msg(unsigned vector, co + MSI_DATA_VECTOR(vector); + } + +-static bool read_msi_msg(struct msi_desc *entry, struct msi_msg *msg) +-{ +- switch ( entry->msi_attrib.type ) +- { +- case PCI_CAP_ID_MSI: +- { +- struct pci_dev *dev = entry->dev; +- int pos = entry->msi_attrib.pos; +- u16 data, seg = dev->seg; +- u8 bus = dev->bus; +- u8 slot = PCI_SLOT(dev->devfn); +- u8 func = PCI_FUNC(dev->devfn); +- +- msg->address_lo = pci_conf_read32(seg, bus, slot, func, +- msi_lower_address_reg(pos)); +- if ( entry->msi_attrib.is_64 ) +- { +- msg->address_hi = pci_conf_read32(seg, bus, slot, func, +- msi_upper_address_reg(pos)); +- data = pci_conf_read16(seg, bus, slot, func, +- msi_data_reg(pos, 1)); +- } +- else +- { +- msg->address_hi = 0; +- data = pci_conf_read16(seg, bus, slot, func, +- msi_data_reg(pos, 0)); +- } +- msg->data = data; +- break; +- } +- case PCI_CAP_ID_MSIX: +- { +- void __iomem *base = entry->mask_base; +- +- if ( unlikely(!msix_memory_decoded(entry->dev, +- entry->msi_attrib.pos)) ) +- return false; +- msg->address_lo = readl(base + PCI_MSIX_ENTRY_LOWER_ADDR_OFFSET); +- msg->address_hi = readl(base + PCI_MSIX_ENTRY_UPPER_ADDR_OFFSET); +- msg->data = readl(base + PCI_MSIX_ENTRY_DATA_OFFSET); +- break; +- } +- default: +- BUG(); +- } +- +- if ( iommu_intremap ) +- iommu_read_msi_from_ire(entry, msg); +- +- return true; +-} +- + static int write_msi_msg(struct msi_desc *entry, struct msi_msg *msg) + { + entry->msg = *msg; +@@ -322,10 +269,7 @@ void set_msi_affinity(struct irq_desc *d + + ASSERT(spin_is_locked(&desc->lock)); + +- memset(&msg, 0, sizeof(msg)); +- if ( !read_msi_msg(msi_desc, &msg) ) +- return; +- ++ msg = msi_desc->msg; + msg.data &= ~MSI_DATA_VECTOR_MASK; + msg.data |= MSI_DATA_VECTOR(desc->arch.vector); + msg.address_lo &= ~MSI_ADDR_DEST_ID_MASK; diff --git a/main/xen/xsa337-4.12-2.patch b/main/xen/xsa337-4.12-2.patch new file mode 100644 index 00000000000..aa2fb57162c --- /dev/null +++ b/main/xen/xsa337-4.12-2.patch @@ -0,0 +1,182 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: x86/MSI-X: restrict reading of table/PBA bases from BARs + +When assigned to less trusted or un-trusted guests, devices may change +state behind our backs (they may e.g. get reset by means we may not know +about). Therefore we should avoid reading BARs from hardware once a +device is no longer owned by Dom0. Furthermore when we can't read a BAR, +or when we read zero, we shouldn't instead use the caller provided +address unless that caller can be trusted. + +Re-arrange the logic in msix_capability_init() such that only Dom0 (and +only if the device isn't DomU-owned yet) or calls through +PHYSDEVOP_prepare_msix will actually result in the reading of the +respective BAR register(s). Additionally do so only as long as in-use +table entries are known (note that invocation of PHYSDEVOP_prepare_msix +counts as a "pseudo" entry). In all other uses the value already +recorded will get used instead. + +Clear the recorded values in _pci_cleanup_msix() as well as on the one +affected error path. (Adjust this error path to also avoid blindly +disabling MSI-X when it was enabled on entry to the function.) + +While moving around variable declarations (in many cases to reduce their +scopes), also adjust some of their types. + +This is part of XSA-337. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -790,16 +790,14 @@ static int msix_capability_init(struct p + { + struct arch_msix *msix = dev->msix; + struct msi_desc *entry = NULL; +- int vf; + u16 control; + u64 table_paddr; + u32 table_offset; +- u8 bir, pbus, pslot, pfunc; + u16 seg = dev->seg; + u8 bus = dev->bus; + u8 slot = PCI_SLOT(dev->devfn); + u8 func = PCI_FUNC(dev->devfn); +- bool maskall = msix->host_maskall; ++ bool maskall = msix->host_maskall, zap_on_error = false; + + ASSERT(pcidevs_locked()); + +@@ -837,43 +835,45 @@ static int msix_capability_init(struct p + /* Locate MSI-X table region */ + table_offset = pci_conf_read32(seg, bus, slot, func, + msix_table_offset_reg(pos)); +- bir = (u8)(table_offset & PCI_MSIX_BIRMASK); +- table_offset &= ~PCI_MSIX_BIRMASK; ++ if ( !msix->used_entries && ++ (!msi || ++ (is_hardware_domain(current->domain) && ++ (dev->domain == current->domain || dev->domain == dom_io))) ) ++ { ++ unsigned int bir = table_offset & PCI_MSIX_BIRMASK, pbus, pslot, pfunc; ++ int vf; ++ paddr_t pba_paddr; ++ unsigned int pba_offset; + +- if ( !dev->info.is_virtfn ) +- { +- pbus = bus; +- pslot = slot; +- pfunc = func; +- vf = -1; +- } +- else +- { +- pbus = dev->info.physfn.bus; +- pslot = PCI_SLOT(dev->info.physfn.devfn); +- pfunc = PCI_FUNC(dev->info.physfn.devfn); +- vf = PCI_BDF2(dev->bus, dev->devfn); +- } +- +- table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); +- WARN_ON(msi && msi->table_base != table_paddr); +- if ( !table_paddr ) +- { +- if ( !msi || !msi->table_base ) ++ if ( !dev->info.is_virtfn ) + { +- pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), +- control & ~PCI_MSIX_FLAGS_ENABLE); +- xfree(entry); +- return -ENXIO; ++ pbus = bus; ++ pslot = slot; ++ pfunc = func; ++ vf = -1; ++ } ++ else ++ { ++ pbus = dev->info.physfn.bus; ++ pslot = PCI_SLOT(dev->info.physfn.devfn); ++ pfunc = PCI_FUNC(dev->info.physfn.devfn); ++ vf = PCI_BDF2(dev->bus, dev->devfn); + } +- table_paddr = msi->table_base; +- } +- table_paddr += table_offset; + +- if ( !msix->used_entries ) +- { +- u64 pba_paddr; +- u32 pba_offset; ++ table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); ++ WARN_ON(msi && msi->table_base != table_paddr); ++ if ( !table_paddr ) ++ { ++ if ( !msi || !msi->table_base ) ++ { ++ pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), ++ control & ~PCI_MSIX_FLAGS_ENABLE); ++ xfree(entry); ++ return -ENXIO; ++ } ++ table_paddr = msi->table_base; ++ } ++ table_paddr += table_offset & ~PCI_MSIX_BIRMASK; + + msix->nr_entries = nr_entries; + msix->table.first = PFN_DOWN(table_paddr); +@@ -894,7 +894,19 @@ static int msix_capability_init(struct p + BITS_TO_LONGS(nr_entries) - 1); + WARN_ON(rangeset_overlaps_range(mmio_ro_ranges, msix->pba.first, + msix->pba.last)); ++ ++ zap_on_error = true; + } ++ else if ( !msix->table.first ) ++ { ++ pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), ++ control); ++ xfree(entry); ++ return -ENODATA; ++ } ++ else ++ table_paddr = (msix->table.first << PAGE_SHIFT) + ++ (table_offset & ~PCI_MSIX_BIRMASK & ~PAGE_MASK); + + if ( entry ) + { +@@ -905,8 +917,16 @@ static int msix_capability_init(struct p + + if ( idx < 0 ) + { ++ if ( zap_on_error ) ++ { ++ msix->table.first = 0; ++ msix->pba.first = 0; ++ ++ control &= ~PCI_MSIX_FLAGS_ENABLE; ++ } ++ + pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), +- control & ~PCI_MSIX_FLAGS_ENABLE); ++ control); + xfree(entry); + return idx; + } +@@ -1102,9 +1122,14 @@ static void _pci_cleanup_msix(struct arc + if ( rangeset_remove_range(mmio_ro_ranges, msix->table.first, + msix->table.last) ) + WARN(); ++ msix->table.first = 0; ++ msix->table.last = 0; ++ + if ( rangeset_remove_range(mmio_ro_ranges, msix->pba.first, + msix->pba.last) ) + WARN(); ++ msix->pba.first = 0; ++ msix->pba.last = 0; + } + } + diff --git a/main/xen/xsa338.patch b/main/xen/xsa338.patch new file mode 100644 index 00000000000..776521990e7 --- /dev/null +++ b/main/xen/xsa338.patch @@ -0,0 +1,42 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: relax port_is_valid() + +To avoid ports potentially becoming invalid behind the back of certain +other functions (due to ->max_evtchn shrinking) because of +- a guest invoking evtchn_reset() and from a 2nd vCPU opening new + channels in parallel (see also XSA-343), +- alloc_unbound_xen_event_channel() produced channels living above the + 2-level range (see also XSA-342), +drop the max_evtchns check from port_is_valid(). For a port for which +the function once returned "true", the returned value may not turn into +"false" later on. The function's result may only depend on bounds which +can only ever grow (which is the case for d->valid_evtchns). + +This also eliminates a false sense of safety, utilized by some of the +users (see again XSA-343): Without a suitable lock held, d->max_evtchns +may change at any time, and hence deducing that certain other operations +are safe when port_is_valid() returned true is not legitimate. The +opportunities to abuse this may get widened by the change here +(depending on guest and host configuration), but will be taken care of +by the other XSA. + +This is XSA-338. + +Fixes: 48974e6ce52e ("evtchn: use a per-domain variable for the max number of event channels") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> +--- +v5: New, split from larger patch. + +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -107,8 +107,6 @@ void notify_via_xen_event_channel(struct + + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { +- if ( p >= d->max_evtchns ) +- return 0; + return p < read_atomic(&d->valid_evtchns); + } + diff --git a/main/xen/xsa339.patch b/main/xen/xsa339.patch new file mode 100644 index 00000000000..3311ae093fd --- /dev/null +++ b/main/xen/xsa339.patch @@ -0,0 +1,76 @@ +From: Andrew Cooper <andrew.cooper3@citrix.com> +Subject: x86/pv: Avoid double exception injection + +There is at least one path (SYSENTER with NT set, Xen converts to #GP) which +ends up injecting the #GP fault twice, first in compat_sysenter(), and then a +second time in compat_test_all_events(), due to the stale TBF_EXCEPTION left +in TRAPBOUNCE_flags. + +The guest kernel sees the second fault first, which is a kernel level #GP +pointing at the head of the #GP handler, and is therefore a userspace +trigger-able DoS. + +This particular bug has bitten us several times before, so rearrange +{compat_,}create_bounce_frame() to clobber TRAPBOUNCE on success, rather than +leaving this task to one area of code which isn't used uniformly. + +Other scenarios which might result in a double injection (e.g. two calls +directly to compat_create_bounce_frame) will now crash the guest, which is far +more obvious than letting the kernel run with corrupt state. + +This is XSA-339 + +Fixes: fdac9515607b ("x86: clear EFLAGS.NT in SYSENTER entry path") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> + +diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S +index c3e62f8734..73619f57ca 100644 +--- a/xen/arch/x86/x86_64/compat/entry.S ++++ b/xen/arch/x86/x86_64/compat/entry.S +@@ -78,7 +78,6 @@ compat_process_softirqs: + sti + .Lcompat_bounce_exception: + call compat_create_bounce_frame +- movb $0, TRAPBOUNCE_flags(%rdx) + jmp compat_test_all_events + + ALIGN +@@ -352,7 +351,13 @@ __UNLIKELY_END(compat_bounce_null_selector) + movl %eax,UREGS_cs+8(%rsp) + movl TRAPBOUNCE_eip(%rdx),%eax + movl %eax,UREGS_rip+8(%rsp) ++ ++ /* Trapbounce complete. Clobber state to avoid an erroneous second injection. */ ++ xor %eax, %eax ++ mov %ax, TRAPBOUNCE_cs(%rdx) ++ mov %al, TRAPBOUNCE_flags(%rdx) + ret ++ + .section .fixup,"ax" + .Lfx13: + xorl %edi,%edi +diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S +index 1e880eb9f6..71a00e846b 100644 +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -90,7 +90,6 @@ process_softirqs: + sti + .Lbounce_exception: + call create_bounce_frame +- movb $0, TRAPBOUNCE_flags(%rdx) + jmp test_all_events + + ALIGN +@@ -512,6 +511,11 @@ UNLIKELY_START(z, create_bounce_frame_bad_bounce_ip) + jmp asm_domain_crash_synchronous /* Does not return */ + __UNLIKELY_END(create_bounce_frame_bad_bounce_ip) + movq %rax,UREGS_rip+8(%rsp) ++ ++ /* Trapbounce complete. Clobber state to avoid an erroneous second injection. */ ++ xor %eax, %eax ++ mov %rax, TRAPBOUNCE_eip(%rdx) ++ mov %al, TRAPBOUNCE_flags(%rdx) + ret + + .pushsection .fixup, "ax", @progbits diff --git a/main/xen/xsa340.patch b/main/xen/xsa340.patch new file mode 100644 index 00000000000..38d04da4650 --- /dev/null +++ b/main/xen/xsa340.patch @@ -0,0 +1,65 @@ +From: Julien Grall <jgrall@amazon.com> +Subject: xen/evtchn: Add missing barriers when accessing/allocating an event channel + +While the allocation of a bucket is always performed with the per-domain +lock, the bucket may be accessed without the lock taken (for instance, see +evtchn_send()). + +Instead such sites relies on port_is_valid() to return a non-zero value +when the port has a struct evtchn associated to it. The function will +mostly check whether the port is less than d->valid_evtchns as all the +buckets/event channels should be allocated up to that point. + +Unfortunately a compiler is free to re-order the assignment in +evtchn_allocate_port() so it would be possible to have d->valid_evtchns +updated before the new bucket has finish to allocate. + +Additionally on Arm, even if this was compiled "correctly", the +processor can still re-order the memory access. + +Add a write memory barrier in the allocation side and a read memory +barrier when the port is valid to prevent any re-ordering issue. + +This is XSA-340. + +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -178,6 +178,13 @@ int evtchn_allocate_port(struct domain * + return -ENOMEM; + bucket_from_port(d, port) = chn; + ++ /* ++ * d->valid_evtchns is used to check whether the bucket can be ++ * accessed without the per-domain lock. Therefore, ++ * d->valid_evtchns should be seen *after* the new bucket has ++ * been setup. ++ */ ++ smp_wmb(); + write_atomic(&d->valid_evtchns, d->valid_evtchns + EVTCHNS_PER_BUCKET); + } + +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -107,7 +107,17 @@ void notify_via_xen_event_channel(struct + + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { +- return p < read_atomic(&d->valid_evtchns); ++ if ( p >= read_atomic(&d->valid_evtchns) ) ++ return false; ++ ++ /* ++ * The caller will usually access the event channel afterwards and ++ * may be done without taking the per-domain lock. The barrier is ++ * going in pair the smp_wmb() barrier in evtchn_allocate_port(). ++ */ ++ smp_rmb(); ++ ++ return true; + } + + static inline struct evtchn *evtchn_from_port(struct domain *d, unsigned int p) diff --git a/main/xen/xsa342-4.13.patch b/main/xen/xsa342-4.13.patch new file mode 100644 index 00000000000..334baf1b69c --- /dev/null +++ b/main/xen/xsa342-4.13.patch @@ -0,0 +1,145 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn/x86: enforce correct upper limit for 32-bit guests + +The recording of d->max_evtchns in evtchn_2l_init(), in particular with +the limited set of callers of the function, is insufficient. Neither for +PV nor for HVM guests the bitness is known at domain_create() time, yet +the upper bound in 2-level mode depends upon guest bitness. Recording +too high a limit "allows" x86 32-bit domains to open not properly usable +event channels, management of which (inside Xen) would then result in +corruption of the shared info and vCPU info structures. + +Keep the upper limit dynamic for the 2-level case, introducing a helper +function to retrieve the effective limit. This helper is now supposed to +be private to the event channel code. The used in do_poll() and +domain_dump_evtchn_info() weren't consistent with port uses elsewhere +and hence get switched to port_is_valid(). + +Furthermore FIFO mode's setup_ports() gets adjusted to loop only up to +the prior ABI limit, rather than all the way up to the new one. + +Finally a word on the change to do_poll(): Accessing ->max_evtchns +without holding a suitable lock was never safe, as it as well as +->evtchn_port_ops may change behind do_poll()'s back. Using +port_is_valid() instead widens some the window for potential abuse, +until we've dealt with the race altogether (see XSA-343). + +This is XSA-342. + +Reported-by: Julien Grall <jgrall@amazon.com> +Fixes: 48974e6ce52e ("evtchn: use a per-domain variable for the max number of event channels") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_2l.c ++++ b/xen/common/event_2l.c +@@ -103,7 +103,6 @@ static const struct evtchn_port_ops evtc + void evtchn_2l_init(struct domain *d) + { + d->evtchn_port_ops = &evtchn_port_ops_2l; +- d->max_evtchns = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + } + + /* +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -151,7 +151,7 @@ static void free_evtchn_bucket(struct do + + int evtchn_allocate_port(struct domain *d, evtchn_port_t port) + { +- if ( port > d->max_evtchn_port || port >= d->max_evtchns ) ++ if ( port > d->max_evtchn_port || port >= max_evtchns(d) ) + return -ENOSPC; + + if ( port_is_valid(d, port) ) +@@ -1396,13 +1396,11 @@ static void domain_dump_evtchn_info(stru + + spin_lock(&d->event_lock); + +- for ( port = 1; port < d->max_evtchns; ++port ) ++ for ( port = 1; port_is_valid(d, port); ++port ) + { + const struct evtchn *chn; + char *ssid; + +- if ( !port_is_valid(d, port) ) +- continue; + chn = evtchn_from_port(d, port); + if ( chn->state == ECS_FREE ) + continue; +--- a/xen/common/event_fifo.c ++++ b/xen/common/event_fifo.c +@@ -478,7 +478,7 @@ static void cleanup_event_array(struct d + d->evtchn_fifo = NULL; + } + +-static void setup_ports(struct domain *d) ++static void setup_ports(struct domain *d, unsigned int prev_evtchns) + { + unsigned int port; + +@@ -488,7 +488,7 @@ static void setup_ports(struct domain *d + * - save its pending state. + * - set default priority. + */ +- for ( port = 1; port < d->max_evtchns; port++ ) ++ for ( port = 1; port < prev_evtchns; port++ ) + { + struct evtchn *evtchn; + +@@ -546,6 +546,8 @@ int evtchn_fifo_init_control(struct evtc + if ( !d->evtchn_fifo ) + { + struct vcpu *vcb; ++ /* Latch the value before it changes during setup_event_array(). */ ++ unsigned int prev_evtchns = max_evtchns(d); + + for_each_vcpu ( d, vcb ) { + rc = setup_control_block(vcb); +@@ -562,8 +564,7 @@ int evtchn_fifo_init_control(struct evtc + goto error; + + d->evtchn_port_ops = &evtchn_port_ops_fifo; +- d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS; +- setup_ports(d); ++ setup_ports(d, prev_evtchns); + } + else + rc = map_control_block(v, gfn, offset); +--- a/xen/common/schedule.c ++++ b/xen/common/schedule.c +@@ -1434,7 +1434,7 @@ static long do_poll(struct sched_poll *s + goto out; + + rc = -EINVAL; +- if ( port >= d->max_evtchns ) ++ if ( !port_is_valid(d, port) ) + goto out; + + rc = 0; +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -105,6 +105,12 @@ void notify_via_xen_event_channel(struct + #define bucket_from_port(d, p) \ + ((group_from_port(d, p))[((p) % EVTCHNS_PER_GROUP) / EVTCHNS_PER_BUCKET]) + ++static inline unsigned int max_evtchns(const struct domain *d) ++{ ++ return d->evtchn_fifo ? EVTCHN_FIFO_NR_CHANNELS ++ : BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); ++} ++ + static inline bool_t port_is_valid(struct domain *d, unsigned int p) + { + if ( p >= read_atomic(&d->valid_evtchns) ) +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -382,7 +382,6 @@ struct domain + /* Event channel information. */ + struct evtchn *evtchn; /* first bucket only */ + struct evtchn **evtchn_group[NR_EVTCHN_GROUPS]; /* all other buckets */ +- unsigned int max_evtchns; /* number supported by ABI */ + unsigned int max_evtchn_port; /* max permitted port number */ + unsigned int valid_evtchns; /* number of allocated event channels */ + spinlock_t event_lock; diff --git a/main/xen/xsa343-4.11-1.patch b/main/xen/xsa343-4.11-1.patch new file mode 100644 index 00000000000..32ac1ea9094 --- /dev/null +++ b/main/xen/xsa343-4.11-1.patch @@ -0,0 +1,190 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: evtchn_reset() shouldn't succeed with still-open ports + +While the function closes all ports, it does so without holding any +lock, and hence racing requests may be issued causing new ports to get +opened. This would have been problematic in particular if such a newly +opened port had a port number above the new implementation limit (i.e. +when switching from FIFO to 2-level) after the reset, as prior to +"evtchn: relax port_is_valid()" this could have led to e.g. +evtchn_close()'s "BUG_ON(!port_is_valid(d2, port2))" to trigger. + +Introduce a counter of active ports and check that it's (still) no +larger then the number of Xen internally used ones after obtaining the +necessary lock in evtchn_reset(). + +As to the access model of the new {active,xen}_evtchns fields - while +all writes get done using write_atomic(), reads ought to use +read_atomic() only when outside of a suitably locked region. + +Note that as of now evtchn_bind_virq() and evtchn_bind_ipi() don't have +a need to call check_free_port(). + +This is part of XSA-343. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> +Reviewed-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -188,6 +188,8 @@ int evtchn_allocate_port(struct domain * + write_atomic(&d->valid_evtchns, d->valid_evtchns + EVTCHNS_PER_BUCKET); + } + ++ write_atomic(&d->active_evtchns, d->active_evtchns + 1); ++ + return 0; + } + +@@ -211,11 +213,26 @@ static int get_free_port(struct domain * + return -ENOSPC; + } + ++/* ++ * Check whether a port is still marked free, and if so update the domain ++ * counter accordingly. To be used on function exit paths. ++ */ ++static void check_free_port(struct domain *d, evtchn_port_t port) ++{ ++ if ( port_is_valid(d, port) && ++ evtchn_from_port(d, port)->state == ECS_FREE ) ++ write_atomic(&d->active_evtchns, d->active_evtchns - 1); ++} ++ + void evtchn_free(struct domain *d, struct evtchn *chn) + { + /* Clear pending event to avoid unexpected behavior on re-bind. */ + evtchn_port_clear_pending(d, chn); + ++ if ( consumer_is_xen(chn) ) ++ write_atomic(&d->xen_evtchns, d->xen_evtchns - 1); ++ write_atomic(&d->active_evtchns, d->active_evtchns - 1); ++ + /* Reset binding to vcpu0 when the channel is freed. */ + chn->state = ECS_FREE; + chn->notify_vcpu_id = 0; +@@ -258,6 +275,7 @@ static long evtchn_alloc_unbound(evtchn_ + alloc->port = port; + + out: ++ check_free_port(d, port); + spin_unlock(&d->event_lock); + rcu_unlock_domain(d); + +@@ -351,6 +369,7 @@ static long evtchn_bind_interdomain(evtc + bind->local_port = lport; + + out: ++ check_free_port(ld, lport); + spin_unlock(&ld->event_lock); + if ( ld != rd ) + spin_unlock(&rd->event_lock); +@@ -484,7 +503,7 @@ static long evtchn_bind_pirq(evtchn_bind + struct domain *d = current->domain; + struct vcpu *v = d->vcpu[0]; + struct pirq *info; +- int port, pirq = bind->pirq; ++ int port = 0, pirq = bind->pirq; + long rc; + + if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) +@@ -532,6 +551,7 @@ static long evtchn_bind_pirq(evtchn_bind + arch_evtchn_bind_pirq(d, pirq); + + out: ++ check_free_port(d, port); + spin_unlock(&d->event_lock); + + return rc; +@@ -1005,10 +1025,10 @@ int evtchn_unmask(unsigned int port) + return 0; + } + +- + int evtchn_reset(struct domain *d) + { + unsigned int i; ++ int rc = 0; + + if ( d != current->domain && !d->controller_pause_count ) + return -EINVAL; +@@ -1018,7 +1038,9 @@ int evtchn_reset(struct domain *d) + + spin_lock(&d->event_lock); + +- if ( d->evtchn_fifo ) ++ if ( d->active_evtchns > d->xen_evtchns ) ++ rc = -EAGAIN; ++ else if ( d->evtchn_fifo ) + { + /* Switching back to 2-level ABI. */ + evtchn_fifo_destroy(d); +@@ -1027,7 +1049,7 @@ int evtchn_reset(struct domain *d) + + spin_unlock(&d->event_lock); + +- return 0; ++ return rc; + } + + static long evtchn_set_priority(const struct evtchn_set_priority *set_priority) +@@ -1213,10 +1235,9 @@ int alloc_unbound_xen_event_channel( + + spin_lock(&ld->event_lock); + +- rc = get_free_port(ld); ++ port = rc = get_free_port(ld); + if ( rc < 0 ) + goto out; +- port = rc; + chn = evtchn_from_port(ld, port); + + rc = xsm_evtchn_unbound(XSM_TARGET, ld, chn, remote_domid); +@@ -1232,7 +1253,10 @@ int alloc_unbound_xen_event_channel( + + spin_unlock(&chn->lock); + ++ write_atomic(&ld->xen_evtchns, ld->xen_evtchns + 1); ++ + out: ++ check_free_port(ld, port); + spin_unlock(&ld->event_lock); + + return rc < 0 ? rc : port; +@@ -1308,6 +1332,7 @@ int evtchn_init(struct domain *d) + return -EINVAL; + } + evtchn_from_port(d, 0)->state = ECS_RESERVED; ++ write_atomic(&d->active_evtchns, 0); + + #if MAX_VIRT_CPUS > BITS_PER_LONG + d->poll_mask = xzalloc_array(unsigned long, +@@ -1335,6 +1360,8 @@ void evtchn_destroy(struct domain *d) + for ( i = 0; port_is_valid(d, i); i++ ) + evtchn_close(d, i, 0); + ++ ASSERT(!d->active_evtchns); ++ + clear_global_virq_handlers(d); + + evtchn_fifo_destroy(d); +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -345,6 +345,16 @@ struct domain + struct evtchn **evtchn_group[NR_EVTCHN_GROUPS]; /* all other buckets */ + unsigned int max_evtchn_port; /* max permitted port number */ + unsigned int valid_evtchns; /* number of allocated event channels */ ++ /* ++ * Number of in-use event channels. Writers should use write_atomic(). ++ * Readers need to use read_atomic() only when not holding event_lock. ++ */ ++ unsigned int active_evtchns; ++ /* ++ * Number of event channels used internally by Xen (not subject to ++ * EVTCHNOP_reset). Read/write access like for active_evtchns. ++ */ ++ unsigned int xen_evtchns; + spinlock_t event_lock; + const struct evtchn_port_ops *evtchn_port_ops; + struct evtchn_fifo_domain *evtchn_fifo; diff --git a/main/xen/xsa343-4.11-2.patch b/main/xen/xsa343-4.11-2.patch new file mode 100644 index 00000000000..de42de4e357 --- /dev/null +++ b/main/xen/xsa343-4.11-2.patch @@ -0,0 +1,290 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: convert per-channel lock to be IRQ-safe + +... in order for send_guest_{global,vcpu}_virq() to be able to make use +of it. + +This is part of XSA-343. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -248,6 +248,7 @@ static long evtchn_alloc_unbound(evtchn_ + int port; + domid_t dom = alloc->dom; + long rc; ++ unsigned long flags; + + d = rcu_lock_domain_by_any_id(dom); + if ( d == NULL ) +@@ -263,14 +264,14 @@ static long evtchn_alloc_unbound(evtchn_ + if ( rc ) + goto out; + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_UNBOUND; + if ( (chn->u.unbound.remote_domid = alloc->remote_dom) == DOMID_SELF ) + chn->u.unbound.remote_domid = current->domain->domain_id; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + alloc->port = port; + +@@ -283,26 +284,32 @@ static long evtchn_alloc_unbound(evtchn_ + } + + +-static void double_evtchn_lock(struct evtchn *lchn, struct evtchn *rchn) ++static unsigned long double_evtchn_lock(struct evtchn *lchn, ++ struct evtchn *rchn) + { +- if ( lchn < rchn ) ++ unsigned long flags; ++ ++ if ( lchn <= rchn ) + { +- spin_lock(&lchn->lock); +- spin_lock(&rchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); ++ if ( lchn != rchn ) ++ spin_lock(&rchn->lock); + } + else + { +- if ( lchn != rchn ) +- spin_lock(&rchn->lock); ++ spin_lock_irqsave(&rchn->lock, flags); + spin_lock(&lchn->lock); + } ++ ++ return flags; + } + +-static void double_evtchn_unlock(struct evtchn *lchn, struct evtchn *rchn) ++static void double_evtchn_unlock(struct evtchn *lchn, struct evtchn *rchn, ++ unsigned long flags) + { +- spin_unlock(&lchn->lock); + if ( lchn != rchn ) +- spin_unlock(&rchn->lock); ++ spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&rchn->lock, flags); + } + + static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) +@@ -312,6 +319,7 @@ static long evtchn_bind_interdomain(evtc + int lport, rport = bind->remote_port; + domid_t rdom = bind->remote_dom; + long rc; ++ unsigned long flags; + + if ( rdom == DOMID_SELF ) + rdom = current->domain->domain_id; +@@ -347,7 +355,7 @@ static long evtchn_bind_interdomain(evtc + if ( rc ) + goto out; + +- double_evtchn_lock(lchn, rchn); ++ flags = double_evtchn_lock(lchn, rchn); + + lchn->u.interdomain.remote_dom = rd; + lchn->u.interdomain.remote_port = rport; +@@ -364,7 +372,7 @@ static long evtchn_bind_interdomain(evtc + */ + evtchn_port_set_pending(ld, lchn->notify_vcpu_id, lchn); + +- double_evtchn_unlock(lchn, rchn); ++ double_evtchn_unlock(lchn, rchn, flags); + + bind->local_port = lport; + +@@ -387,6 +395,7 @@ int evtchn_bind_virq(evtchn_bind_virq_t + struct domain *d = current->domain; + int virq = bind->virq, vcpu = bind->vcpu; + int rc = 0; ++ unsigned long flags; + + if ( (virq < 0) || (virq >= ARRAY_SIZE(v->virq_to_evtchn)) ) + return -EINVAL; +@@ -419,14 +428,14 @@ int evtchn_bind_virq(evtchn_bind_virq_t + + chn = evtchn_from_port(d, port); + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_VIRQ; + chn->notify_vcpu_id = vcpu; + chn->u.virq = virq; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + v->virq_to_evtchn[virq] = bind->port = port; + +@@ -443,6 +452,7 @@ static long evtchn_bind_ipi(evtchn_bind_ + struct domain *d = current->domain; + int port, vcpu = bind->vcpu; + long rc = 0; ++ unsigned long flags; + + if ( (vcpu < 0) || (vcpu >= d->max_vcpus) || + (d->vcpu[vcpu] == NULL) ) +@@ -455,13 +465,13 @@ static long evtchn_bind_ipi(evtchn_bind_ + + chn = evtchn_from_port(d, port); + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_IPI; + chn->notify_vcpu_id = vcpu; + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + bind->port = port; + +@@ -505,6 +515,7 @@ static long evtchn_bind_pirq(evtchn_bind + struct pirq *info; + int port = 0, pirq = bind->pirq; + long rc; ++ unsigned long flags; + + if ( (pirq < 0) || (pirq >= d->nr_pirqs) ) + return -EINVAL; +@@ -537,14 +548,14 @@ static long evtchn_bind_pirq(evtchn_bind + goto out; + } + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_PIRQ; + chn->u.pirq.irq = pirq; + link_pirq_port(port, chn, v); + evtchn_port_init(d, chn); + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + bind->port = port; + +@@ -565,6 +576,7 @@ int evtchn_close(struct domain *d1, int + struct evtchn *chn1, *chn2; + int port2; + long rc = 0; ++ unsigned long flags; + + again: + spin_lock(&d1->event_lock); +@@ -664,14 +676,14 @@ int evtchn_close(struct domain *d1, int + BUG_ON(chn2->state != ECS_INTERDOMAIN); + BUG_ON(chn2->u.interdomain.remote_dom != d1); + +- double_evtchn_lock(chn1, chn2); ++ flags = double_evtchn_lock(chn1, chn2); + + evtchn_free(d1, chn1); + + chn2->state = ECS_UNBOUND; + chn2->u.unbound.remote_domid = d1->domain_id; + +- double_evtchn_unlock(chn1, chn2); ++ double_evtchn_unlock(chn1, chn2, flags); + + goto out; + +@@ -679,9 +691,9 @@ int evtchn_close(struct domain *d1, int + BUG(); + } + +- spin_lock(&chn1->lock); ++ spin_lock_irqsave(&chn1->lock, flags); + evtchn_free(d1, chn1); +- spin_unlock(&chn1->lock); ++ spin_unlock_irqrestore(&chn1->lock, flags); + + out: + if ( d2 != NULL ) +@@ -701,13 +713,14 @@ int evtchn_send(struct domain *ld, unsig + struct evtchn *lchn, *rchn; + struct domain *rd; + int rport, ret = 0; ++ unsigned long flags; + + if ( !port_is_valid(ld, lport) ) + return -EINVAL; + + lchn = evtchn_from_port(ld, lport); + +- spin_lock(&lchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); + + /* Guest cannot send via a Xen-attached event channel. */ + if ( unlikely(consumer_is_xen(lchn)) ) +@@ -742,7 +755,7 @@ int evtchn_send(struct domain *ld, unsig + } + + out: +- spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&lchn->lock, flags); + + return ret; + } +@@ -1232,6 +1245,7 @@ int alloc_unbound_xen_event_channel( + { + struct evtchn *chn; + int port, rc; ++ unsigned long flags; + + spin_lock(&ld->event_lock); + +@@ -1244,14 +1258,14 @@ int alloc_unbound_xen_event_channel( + if ( rc ) + goto out; + +- spin_lock(&chn->lock); ++ spin_lock_irqsave(&chn->lock, flags); + + chn->state = ECS_UNBOUND; + chn->xen_consumer = get_xen_consumer(notification_fn); + chn->notify_vcpu_id = lvcpu; + chn->u.unbound.remote_domid = remote_domid; + +- spin_unlock(&chn->lock); ++ spin_unlock_irqrestore(&chn->lock, flags); + + write_atomic(&ld->xen_evtchns, ld->xen_evtchns + 1); + +@@ -1274,11 +1288,12 @@ void notify_via_xen_event_channel(struct + { + struct evtchn *lchn, *rchn; + struct domain *rd; ++ unsigned long flags; + + ASSERT(port_is_valid(ld, lport)); + lchn = evtchn_from_port(ld, lport); + +- spin_lock(&lchn->lock); ++ spin_lock_irqsave(&lchn->lock, flags); + + if ( likely(lchn->state == ECS_INTERDOMAIN) ) + { +@@ -1288,7 +1303,7 @@ void notify_via_xen_event_channel(struct + evtchn_port_set_pending(rd, rchn->notify_vcpu_id, rchn); + } + +- spin_unlock(&lchn->lock); ++ spin_unlock_irqrestore(&lchn->lock, flags); + } + + void evtchn_check_pollers(struct domain *d, unsigned int port) diff --git a/main/xen/xsa343-4.11-3.patch b/main/xen/xsa343-4.11-3.patch new file mode 100644 index 00000000000..b2c898989ea --- /dev/null +++ b/main/xen/xsa343-4.11-3.patch @@ -0,0 +1,381 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: address races with evtchn_reset() + +Neither d->evtchn_port_ops nor max_evtchns(d) may be used in an entirely +lock-less manner, as both may change by a racing evtchn_reset(). In the +common case, at least one of the domain's event lock or the per-channel +lock needs to be held. In the specific case of the inter-domain sending +by evtchn_send() and notify_via_xen_event_channel() holding the other +side's per-channel lock is sufficient, as the channel can't change state +without both per-channel locks held. Without such a channel changing +state, evtchn_reset() can't complete successfully. + +Lock-free accesses continue to be permitted for the shim (calling some +otherwise internal event channel functions), as this happens while the +domain is in effectively single-threaded mode. Special care also needs +taking for the shim's marking of in-use ports as ECS_RESERVED (allowing +use of such ports in the shim case is okay because switching into and +hence also out of FIFO mode is impossible there). + +As a side effect, certain operations on Xen bound event channels which +were mistakenly permitted so far (e.g. unmask or poll) will be refused +now. + +This is part of XSA-343. + +Reported-by: Julien Grall <jgrall@amazon.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> + +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -2367,14 +2367,24 @@ static void dump_irqs(unsigned char key) + + for ( i = 0; i < action->nr_guests; i++ ) + { ++ struct evtchn *evtchn; ++ unsigned int pending = 2, masked = 2; ++ + d = action->guest[i]; + pirq = domain_irq_to_pirq(d, irq); + info = pirq_info(d, pirq); ++ evtchn = evtchn_from_port(d, info->evtchn); ++ local_irq_disable(); ++ if ( spin_trylock(&evtchn->lock) ) ++ { ++ pending = evtchn_is_pending(d, evtchn); ++ masked = evtchn_is_masked(d, evtchn); ++ spin_unlock(&evtchn->lock); ++ } ++ local_irq_enable(); + printk("%u:%3d(%c%c%c)", +- d->domain_id, pirq, +- evtchn_port_is_pending(d, info->evtchn) ? 'P' : '-', +- evtchn_port_is_masked(d, info->evtchn) ? 'M' : '-', +- (info->masked ? 'M' : '-')); ++ d->domain_id, pirq, "-P?"[pending], ++ "-M?"[masked], info->masked ? 'M' : '-'); + if ( i != action->nr_guests ) + printk(","); + } +--- a/xen/arch/x86/pv/shim.c ++++ b/xen/arch/x86/pv/shim.c +@@ -616,8 +616,11 @@ void pv_shim_inject_evtchn(unsigned int + if ( port_is_valid(guest, port) ) + { + struct evtchn *chn = evtchn_from_port(guest, port); ++ unsigned long flags; + ++ spin_lock_irqsave(&chn->lock, flags); + evtchn_port_set_pending(guest, chn->notify_vcpu_id, chn); ++ spin_unlock_irqrestore(&chn->lock, flags); + } + } + +--- a/xen/common/event_2l.c ++++ b/xen/common/event_2l.c +@@ -63,8 +63,10 @@ static void evtchn_2l_unmask(struct doma + } + } + +-static bool evtchn_2l_is_pending(const struct domain *d, evtchn_port_t port) ++static bool evtchn_2l_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { ++ evtchn_port_t port = evtchn->port; + unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + + ASSERT(port < max_ports); +@@ -72,8 +74,10 @@ static bool evtchn_2l_is_pending(const s + guest_test_bit(d, port, &shared_info(d, evtchn_pending))); + } + +-static bool evtchn_2l_is_masked(const struct domain *d, evtchn_port_t port) ++static bool evtchn_2l_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) + { ++ evtchn_port_t port = evtchn->port; + unsigned int max_ports = BITS_PER_EVTCHN_WORD(d) * BITS_PER_EVTCHN_WORD(d); + + ASSERT(port < max_ports); +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -156,8 +156,9 @@ int evtchn_allocate_port(struct domain * + + if ( port_is_valid(d, port) ) + { +- if ( evtchn_from_port(d, port)->state != ECS_FREE || +- evtchn_port_is_busy(d, port) ) ++ const struct evtchn *chn = evtchn_from_port(d, port); ++ ++ if ( chn->state != ECS_FREE || evtchn_is_busy(d, chn) ) + return -EBUSY; + } + else +@@ -770,6 +771,7 @@ void send_guest_vcpu_virq(struct vcpu *v + unsigned long flags; + int port; + struct domain *d; ++ struct evtchn *chn; + + ASSERT(!virq_is_global(virq)); + +@@ -780,7 +782,10 @@ void send_guest_vcpu_virq(struct vcpu *v + goto out; + + d = v->domain; +- evtchn_port_set_pending(d, v->vcpu_id, evtchn_from_port(d, port)); ++ chn = evtchn_from_port(d, port); ++ spin_lock(&chn->lock); ++ evtchn_port_set_pending(d, v->vcpu_id, chn); ++ spin_unlock(&chn->lock); + + out: + spin_unlock_irqrestore(&v->virq_lock, flags); +@@ -809,7 +814,9 @@ static void send_guest_global_virq(struc + goto out; + + chn = evtchn_from_port(d, port); ++ spin_lock(&chn->lock); + evtchn_port_set_pending(d, chn->notify_vcpu_id, chn); ++ spin_unlock(&chn->lock); + + out: + spin_unlock_irqrestore(&v->virq_lock, flags); +@@ -819,6 +826,7 @@ void send_guest_pirq(struct domain *d, c + { + int port; + struct evtchn *chn; ++ unsigned long flags; + + /* + * PV guests: It should not be possible to race with __evtchn_close(). The +@@ -833,7 +841,9 @@ void send_guest_pirq(struct domain *d, c + } + + chn = evtchn_from_port(d, port); ++ spin_lock_irqsave(&chn->lock, flags); + evtchn_port_set_pending(d, chn->notify_vcpu_id, chn); ++ spin_unlock_irqrestore(&chn->lock, flags); + } + + static struct domain *global_virq_handlers[NR_VIRQS] __read_mostly; +@@ -1028,12 +1038,15 @@ int evtchn_unmask(unsigned int port) + { + struct domain *d = current->domain; + struct evtchn *evtchn; ++ unsigned long flags; + + if ( unlikely(!port_is_valid(d, port)) ) + return -EINVAL; + + evtchn = evtchn_from_port(d, port); ++ spin_lock_irqsave(&evtchn->lock, flags); + evtchn_port_unmask(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); + + return 0; + } +@@ -1446,8 +1459,8 @@ static void domain_dump_evtchn_info(stru + + printk(" %4u [%d/%d/", + port, +- evtchn_port_is_pending(d, port), +- evtchn_port_is_masked(d, port)); ++ evtchn_is_pending(d, chn), ++ evtchn_is_masked(d, chn)); + evtchn_port_print_state(d, chn); + printk("]: s=%d n=%d x=%d", + chn->state, chn->notify_vcpu_id, chn->xen_consumer); +--- a/xen/common/event_fifo.c ++++ b/xen/common/event_fifo.c +@@ -295,23 +295,26 @@ static void evtchn_fifo_unmask(struct do + evtchn_fifo_set_pending(v, evtchn); + } + +-static bool evtchn_fifo_is_pending(const struct domain *d, evtchn_port_t port) ++static bool evtchn_fifo_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return word && guest_test_bit(d, EVTCHN_FIFO_PENDING, word); + } + +-static bool_t evtchn_fifo_is_masked(const struct domain *d, evtchn_port_t port) ++static bool_t evtchn_fifo_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return !word || guest_test_bit(d, EVTCHN_FIFO_MASKED, word); + } + +-static bool_t evtchn_fifo_is_busy(const struct domain *d, evtchn_port_t port) ++static bool_t evtchn_fifo_is_busy(const struct domain *d, ++ const struct evtchn *evtchn) + { +- const event_word_t *word = evtchn_fifo_word_from_port(d, port); ++ const event_word_t *word = evtchn_fifo_word_from_port(d, evtchn->port); + + return word && guest_test_bit(d, EVTCHN_FIFO_LINKED, word); + } +--- a/xen/include/asm-x86/event.h ++++ b/xen/include/asm-x86/event.h +@@ -47,4 +47,10 @@ static inline bool arch_virq_is_global(u + return true; + } + ++#ifdef CONFIG_PV_SHIM ++# include <asm/pv/shim.h> ++# define arch_evtchn_is_special(chn) \ ++ (pv_shim && (chn)->port && (chn)->state == ECS_RESERVED) ++#endif ++ + #endif +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -125,6 +125,24 @@ static inline struct evtchn *evtchn_from + return bucket_from_port(d, p) + (p % EVTCHNS_PER_BUCKET); + } + ++/* ++ * "usable" as in "by a guest", i.e. Xen consumed channels are assumed to be ++ * taken care of separately where used for Xen's internal purposes. ++ */ ++static bool evtchn_usable(const struct evtchn *evtchn) ++{ ++ if ( evtchn->xen_consumer ) ++ return false; ++ ++#ifdef arch_evtchn_is_special ++ if ( arch_evtchn_is_special(evtchn) ) ++ return true; ++#endif ++ ++ BUILD_BUG_ON(ECS_FREE > ECS_RESERVED); ++ return evtchn->state > ECS_RESERVED; ++} ++ + /* Wait on a Xen-attached event channel. */ + #define wait_on_xen_event_channel(port, condition) \ + do { \ +@@ -157,19 +175,24 @@ int evtchn_reset(struct domain *d); + + /* + * Low-level event channel port ops. ++ * ++ * All hooks have to be called with a lock held which prevents the channel ++ * from changing state. This may be the domain event lock, the per-channel ++ * lock, or in the case of sending interdomain events also the other side's ++ * per-channel lock. Exceptions apply in certain cases for the PV shim. + */ + struct evtchn_port_ops { + void (*init)(struct domain *d, struct evtchn *evtchn); + void (*set_pending)(struct vcpu *v, struct evtchn *evtchn); + void (*clear_pending)(struct domain *d, struct evtchn *evtchn); + void (*unmask)(struct domain *d, struct evtchn *evtchn); +- bool (*is_pending)(const struct domain *d, evtchn_port_t port); +- bool (*is_masked)(const struct domain *d, evtchn_port_t port); ++ bool (*is_pending)(const struct domain *d, const struct evtchn *evtchn); ++ bool (*is_masked)(const struct domain *d, const struct evtchn *evtchn); + /* + * Is the port unavailable because it's still being cleaned up + * after being closed? + */ +- bool (*is_busy)(const struct domain *d, evtchn_port_t port); ++ bool (*is_busy)(const struct domain *d, const struct evtchn *evtchn); + int (*set_priority)(struct domain *d, struct evtchn *evtchn, + unsigned int priority); + void (*print_state)(struct domain *d, const struct evtchn *evtchn); +@@ -185,38 +208,67 @@ static inline void evtchn_port_set_pendi + unsigned int vcpu_id, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->set_pending(d->vcpu[vcpu_id], evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->set_pending(d->vcpu[vcpu_id], evtchn); + } + + static inline void evtchn_port_clear_pending(struct domain *d, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->clear_pending(d, evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->clear_pending(d, evtchn); + } + + static inline void evtchn_port_unmask(struct domain *d, + struct evtchn *evtchn) + { +- d->evtchn_port_ops->unmask(d, evtchn); ++ if ( evtchn_usable(evtchn) ) ++ d->evtchn_port_ops->unmask(d, evtchn); + } + +-static inline bool evtchn_port_is_pending(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_is_pending(const struct domain *d, ++ const struct evtchn *evtchn) + { +- return d->evtchn_port_ops->is_pending(d, port); ++ return evtchn_usable(evtchn) && d->evtchn_port_ops->is_pending(d, evtchn); + } + +-static inline bool evtchn_port_is_masked(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_port_is_pending(struct domain *d, evtchn_port_t port) + { +- return d->evtchn_port_ops->is_masked(d, port); ++ struct evtchn *evtchn = evtchn_from_port(d, port); ++ bool rc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&evtchn->lock, flags); ++ rc = evtchn_is_pending(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); ++ ++ return rc; ++} ++ ++static inline bool evtchn_is_masked(const struct domain *d, ++ const struct evtchn *evtchn) ++{ ++ return !evtchn_usable(evtchn) || d->evtchn_port_ops->is_masked(d, evtchn); ++} ++ ++static inline bool evtchn_port_is_masked(struct domain *d, evtchn_port_t port) ++{ ++ struct evtchn *evtchn = evtchn_from_port(d, port); ++ bool rc; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&evtchn->lock, flags); ++ rc = evtchn_is_masked(d, evtchn); ++ spin_unlock_irqrestore(&evtchn->lock, flags); ++ ++ return rc; + } + +-static inline bool evtchn_port_is_busy(const struct domain *d, +- evtchn_port_t port) ++static inline bool evtchn_is_busy(const struct domain *d, ++ const struct evtchn *evtchn) + { + return d->evtchn_port_ops->is_busy && +- d->evtchn_port_ops->is_busy(d, port); ++ d->evtchn_port_ops->is_busy(d, evtchn); + } + + static inline int evtchn_port_set_priority(struct domain *d, +@@ -225,6 +277,8 @@ static inline int evtchn_port_set_priori + { + if ( !d->evtchn_port_ops->set_priority ) + return -ENOSYS; ++ if ( !evtchn_usable(evtchn) ) ++ return -EACCES; + return d->evtchn_port_ops->set_priority(d, evtchn, priority); + } + diff --git a/main/xen/xsa344-4.11-1.patch b/main/xen/xsa344-4.11-1.patch new file mode 100644 index 00000000000..43ad9e59848 --- /dev/null +++ b/main/xen/xsa344-4.11-1.patch @@ -0,0 +1,132 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: arrange for preemption in evtchn_destroy() + +Especially closing of fully established interdomain channels can take +quite some time, due to the locking involved. Therefore we shouldn't +assume we can clean up still active ports all in one go. Besides adding +the necessary preemption check, also avoid pointlessly starting from +(or now really ending at) 0; 1 is the lowest numbered port which may +need closing. + +Since we're now reducing ->valid_evtchns, free_xen_event_channel(), +and (at least to be on the safe side) notify_via_xen_event_channel() +need to cope with attempts to close / unbind from / send through already +closed (and no longer valid, as per port_is_valid()) ports. + +This is part of XSA-344. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> + +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -646,7 +646,6 @@ int domain_kill(struct domain *d) + if ( d->is_dying != DOMDYING_alive ) + return domain_kill(d); + d->is_dying = DOMDYING_dying; +- evtchn_destroy(d); + gnttab_release_mappings(d); + tmem_destroy(d->tmem_client); + vnuma_destroy(d->vnuma); +@@ -654,6 +653,9 @@ int domain_kill(struct domain *d) + d->tmem_client = NULL; + /* fallthrough */ + case DOMDYING_dying: ++ rc = evtchn_destroy(d); ++ if ( rc ) ++ break; + rc = domain_relinquish_resources(d); + if ( rc != 0 ) + break; +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -1291,7 +1291,16 @@ int alloc_unbound_xen_event_channel( + + void free_xen_event_channel(struct domain *d, int port) + { +- BUG_ON(!port_is_valid(d, port)); ++ if ( !port_is_valid(d, port) ) ++ { ++ /* ++ * Make sure ->is_dying is read /after/ ->valid_evtchns, pairing ++ * with the spin_barrier() and BUG_ON() in evtchn_destroy(). ++ */ ++ smp_rmb(); ++ BUG_ON(!d->is_dying); ++ return; ++ } + + evtchn_close(d, port, 0); + } +@@ -1303,7 +1312,17 @@ void notify_via_xen_event_channel(struct + struct domain *rd; + unsigned long flags; + +- ASSERT(port_is_valid(ld, lport)); ++ if ( !port_is_valid(ld, lport) ) ++ { ++ /* ++ * Make sure ->is_dying is read /after/ ->valid_evtchns, pairing ++ * with the spin_barrier() and BUG_ON() in evtchn_destroy(). ++ */ ++ smp_rmb(); ++ ASSERT(ld->is_dying); ++ return; ++ } ++ + lchn = evtchn_from_port(ld, lport); + + spin_lock_irqsave(&lchn->lock, flags); +@@ -1375,8 +1394,7 @@ int evtchn_init(struct domain *d) + return 0; + } + +- +-void evtchn_destroy(struct domain *d) ++int evtchn_destroy(struct domain *d) + { + unsigned int i; + +@@ -1385,14 +1403,29 @@ void evtchn_destroy(struct domain *d) + spin_barrier(&d->event_lock); + + /* Close all existing event channels. */ +- for ( i = 0; port_is_valid(d, i); i++ ) ++ for ( i = d->valid_evtchns; --i; ) ++ { + evtchn_close(d, i, 0); + ++ /* ++ * Avoid preempting when called from domain_create()'s error path, ++ * and don't check too often (choice of frequency is arbitrary). ++ */ ++ if ( i && !(i & 0x3f) && d->is_dying != DOMDYING_dead && ++ hypercall_preempt_check() ) ++ { ++ write_atomic(&d->valid_evtchns, i); ++ return -ERESTART; ++ } ++ } ++ + ASSERT(!d->active_evtchns); + + clear_global_virq_handlers(d); + + evtchn_fifo_destroy(d); ++ ++ return 0; + } + + +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -135,7 +135,7 @@ struct evtchn + } __attribute__((aligned(64))); + + int evtchn_init(struct domain *d); /* from domain_create */ +-void evtchn_destroy(struct domain *d); /* from domain_kill */ ++int evtchn_destroy(struct domain *d); /* from domain_kill */ + void evtchn_destroy_final(struct domain *d); /* from complete_domain_destroy */ + + struct waitqueue_vcpu; diff --git a/main/xen/xsa344-4.11-2.patch b/main/xen/xsa344-4.11-2.patch new file mode 100644 index 00000000000..0f5c2136564 --- /dev/null +++ b/main/xen/xsa344-4.11-2.patch @@ -0,0 +1,203 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: evtchn: arrange for preemption in evtchn_reset() + +Like for evtchn_destroy() looping over all possible event channels to +close them can take a significant amount of time. Unlike done there, we +can't alter domain properties (i.e. d->valid_evtchns) here. Borrow, in a +lightweight form, the paging domctl continuation concept, redirecting +the continuations to different sub-ops. Just like there this is to be +able to allow for predictable overall results of the involved sub-ops: +Racing requests should either complete or be refused. + +Note that a domain can't interfere with an already started (by a remote +domain) reset, due to being paused. It can prevent a remote reset from +happening by leaving a reset unfinished, but that's only going to affect +itself. + +This is part of XSA-344. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Julien Grall <jgrall@amazon.com> +Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> + +--- a/xen/common/domain.c ++++ b/xen/common/domain.c +@@ -1105,7 +1105,7 @@ void domain_unpause_except_self(struct d + domain_unpause(d); + } + +-int domain_soft_reset(struct domain *d) ++int domain_soft_reset(struct domain *d, bool resuming) + { + struct vcpu *v; + int rc; +@@ -1119,7 +1119,7 @@ int domain_soft_reset(struct domain *d) + } + spin_unlock(&d->shutdown_lock); + +- rc = evtchn_reset(d); ++ rc = evtchn_reset(d, resuming); + if ( rc ) + return rc; + +--- a/xen/common/domctl.c ++++ b/xen/common/domctl.c +@@ -648,12 +648,22 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xe + } + + case XEN_DOMCTL_soft_reset: ++ case XEN_DOMCTL_soft_reset_cont: + if ( d == current->domain ) /* no domain_pause() */ + { + ret = -EINVAL; + break; + } +- ret = domain_soft_reset(d); ++ ret = domain_soft_reset(d, op->cmd == XEN_DOMCTL_soft_reset_cont); ++ if ( ret == -ERESTART ) ++ { ++ op->cmd = XEN_DOMCTL_soft_reset_cont; ++ if ( !__copy_field_to_guest(u_domctl, op, cmd) ) ++ ret = hypercall_create_continuation(__HYPERVISOR_domctl, ++ "h", u_domctl); ++ else ++ ret = -EFAULT; ++ } + break; + + case XEN_DOMCTL_destroydomain: +--- a/xen/common/event_channel.c ++++ b/xen/common/event_channel.c +@@ -1051,7 +1051,7 @@ int evtchn_unmask(unsigned int port) + return 0; + } + +-int evtchn_reset(struct domain *d) ++int evtchn_reset(struct domain *d, bool resuming) + { + unsigned int i; + int rc = 0; +@@ -1059,11 +1059,40 @@ int evtchn_reset(struct domain *d) + if ( d != current->domain && !d->controller_pause_count ) + return -EINVAL; + +- for ( i = 0; port_is_valid(d, i); i++ ) ++ spin_lock(&d->event_lock); ++ ++ /* ++ * If we are resuming, then start where we stopped. Otherwise, check ++ * that a reset operation is not already in progress, and if none is, ++ * record that this is now the case. ++ */ ++ i = resuming ? d->next_evtchn : !d->next_evtchn; ++ if ( i > d->next_evtchn ) ++ d->next_evtchn = i; ++ ++ spin_unlock(&d->event_lock); ++ ++ if ( !i ) ++ return -EBUSY; ++ ++ for ( ; port_is_valid(d, i); i++ ) ++ { + evtchn_close(d, i, 1); + ++ /* NB: Choice of frequency is arbitrary. */ ++ if ( !(i & 0x3f) && hypercall_preempt_check() ) ++ { ++ spin_lock(&d->event_lock); ++ d->next_evtchn = i; ++ spin_unlock(&d->event_lock); ++ return -ERESTART; ++ } ++ } ++ + spin_lock(&d->event_lock); + ++ d->next_evtchn = 0; ++ + if ( d->active_evtchns > d->xen_evtchns ) + rc = -EAGAIN; + else if ( d->evtchn_fifo ) +@@ -1198,7 +1227,8 @@ long do_event_channel_op(int cmd, XEN_GU + break; + } + +- case EVTCHNOP_reset: { ++ case EVTCHNOP_reset: ++ case EVTCHNOP_reset_cont: { + struct evtchn_reset reset; + struct domain *d; + +@@ -1211,9 +1241,13 @@ long do_event_channel_op(int cmd, XEN_GU + + rc = xsm_evtchn_reset(XSM_TARGET, current->domain, d); + if ( !rc ) +- rc = evtchn_reset(d); ++ rc = evtchn_reset(d, cmd == EVTCHNOP_reset_cont); + + rcu_unlock_domain(d); ++ ++ if ( rc == -ERESTART ) ++ rc = hypercall_create_continuation(__HYPERVISOR_event_channel_op, ++ "ih", EVTCHNOP_reset_cont, arg); + break; + } + +--- a/xen/include/public/domctl.h ++++ b/xen/include/public/domctl.h +@@ -1121,7 +1121,10 @@ struct xen_domctl { + #define XEN_DOMCTL_iomem_permission 20 + #define XEN_DOMCTL_ioport_permission 21 + #define XEN_DOMCTL_hypercall_init 22 +-#define XEN_DOMCTL_arch_setup 23 /* Obsolete IA64 only */ ++#ifdef __XEN__ ++/* #define XEN_DOMCTL_arch_setup 23 Obsolete IA64 only */ ++#define XEN_DOMCTL_soft_reset_cont 23 ++#endif + #define XEN_DOMCTL_settimeoffset 24 + #define XEN_DOMCTL_getvcpuaffinity 25 + #define XEN_DOMCTL_real_mode_area 26 /* Obsolete PPC only */ +--- a/xen/include/public/event_channel.h ++++ b/xen/include/public/event_channel.h +@@ -74,6 +74,9 @@ + #define EVTCHNOP_init_control 11 + #define EVTCHNOP_expand_array 12 + #define EVTCHNOP_set_priority 13 ++#ifdef __XEN__ ++#define EVTCHNOP_reset_cont 14 ++#endif + /* ` } */ + + typedef uint32_t evtchn_port_t; +--- a/xen/include/xen/event.h ++++ b/xen/include/xen/event.h +@@ -163,7 +163,7 @@ void evtchn_check_pollers(struct domain + void evtchn_2l_init(struct domain *d); + + /* Close all event channels and reset to 2-level ABI. */ +-int evtchn_reset(struct domain *d); ++int evtchn_reset(struct domain *d, bool resuming); + + /* + * Low-level event channel port ops. +--- a/xen/include/xen/sched.h ++++ b/xen/include/xen/sched.h +@@ -355,6 +355,8 @@ struct domain + * EVTCHNOP_reset). Read/write access like for active_evtchns. + */ + unsigned int xen_evtchns; ++ /* Port to resume from in evtchn_reset(), when in a continuation. */ ++ unsigned int next_evtchn; + spinlock_t event_lock; + const struct evtchn_port_ops *evtchn_port_ops; + struct evtchn_fifo_domain *evtchn_fifo; +@@ -608,7 +610,7 @@ int domain_shutdown(struct domain *d, u8 + void domain_resume(struct domain *d); + void domain_pause_for_debugger(void); + +-int domain_soft_reset(struct domain *d); ++int domain_soft_reset(struct domain *d, bool resuming); + + int vcpu_start_shutdown_deferral(struct vcpu *v); + void vcpu_end_shutdown_deferral(struct vcpu *v); diff --git a/main/xorg-server/APKBUILD b/main/xorg-server/APKBUILD index 767e58f1908..85779043935 100644 --- a/main/xorg-server/APKBUILD +++ b/main/xorg-server/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=xorg-server pkgver=1.20.3 -pkgrel=1 +pkgrel=2 pkgdesc="X.Org X servers" url="http://xorg.freedesktop.org" arch="all" @@ -61,10 +61,19 @@ source="https://www.x.org/releases/individual/xserver/$pkgname-$pkgver.tar.bz2 autoconfig-sis.patch fix-musl-arm.patch 20-modules.conf + CVE-2020-14345.patch + CVE-2020-14346.patch + CVE-2020-14361.patch + CVE-2020-14362.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 1.20.3-r2: +# - CVE-2020-14345 +# - CVE-2020-14346 +# - CVE-2020-14361 +# - CVE-2020-14362 # 1.20.3-r0: # - CVE-2018-14665 # 1.19.5-r0: @@ -181,8 +190,13 @@ xwayland() { mv "$pkgdir"/usr/bin/Xwayland "$subpkgdir"/usr/bin/ } + sha512sums="ee44554f86df4297f54c5871fe7a18954eeef4338775a25f36d6577b279c4775f61128da71b86cfaeadcc080838d6749dede138d4db178866579da2056543fba xorg-server-1.20.3.tar.bz2 4dcaa60fbfc61636e7220a24a72bba19984a6dc752061cb40b1bd566c0e614d08927b6c223ffaaaa05636765fddacdc3113fde55d25fd09cd0c786ff44f51447 autoconfig-nvidia.patch 30a78f4278edd535c45ee3f80933427cb029a13abaa4b041f816515fdd8f64f00b9c6aef50d4eba2aaf0d4f333e730399864fd97fa18891273601c77a6637200 autoconfig-sis.patch b799e757a22a61ac283adbd7a8df1ad4eccce0bb6cac38a0c962ba8438bba3cf6637a65bb64859e7b32399fca672283a49960207e186c271ba574580de360d09 fix-musl-arm.patch -95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf" +95036f2452732cc31f6b646da9f46b7be30f4c9392724386b02f67fece1f506b00e15d14cbd8cf0ce75ca1fd144b4bea7e59288d4aaf4d6c1e06e5168931eb67 20-modules.conf +3e411cb0af272b3f89ce9b8bb7e35eef703b4a01d8722331aaf3d365cd7867a28deee8d5224ceb8fe0cd63e9cf600f05d7360aa5ffb4c0ae2655e80e6430f7f9 CVE-2020-14345.patch +6981bb37302e6c6afc6e389698eef1e1021577a6ac54a81ec0470cc198a975274db8a2b6d9ecd0b22a1c8bb6aff07d37030c3cd451467452e6a05203f942e296 CVE-2020-14346.patch +4acf43c8a08a3ee3012cf9ae1af517bf8f7cc493316e6d9f5b55f39b205f22406b757618024e70ed98f9c56baa238ed166bcf8aa26995d33183e1e323c48f9c8 CVE-2020-14361.patch +0fa92233e405b74de6dc4ee144d995581f0ab7fbf7ee5f8410e4a842496724ac9425ed6406881d005e4fc70d01d4d05c4aff83491683f3e270e9ba360cb94d52 CVE-2020-14362.patch" diff --git a/main/xorg-server/CVE-2020-14345.patch b/main/xorg-server/CVE-2020-14345.patch new file mode 100644 index 00000000000..677bcbce382 --- /dev/null +++ b/main/xorg-server/CVE-2020-14345.patch @@ -0,0 +1,178 @@ +From f7cd1276bbd4fe3a9700096dec33b52b8440788d Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 18 Aug 2020 14:46:32 +0200 +Subject: [PATCH] Correct bounds checking in XkbSetNames() + +CVE-2020-14345 / ZDI 11428 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +--- + xkb/xkb.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index d93078a6e3..8e016cd746 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -152,6 +152,19 @@ static RESTYPE RT_XKBCLIENT; + #define CHK_REQ_KEY_RANGE(err,first,num,r) \ + CHK_REQ_KEY_RANGE2(err,first,num,r,client->errorValue,BadValue) + ++static Bool ++_XkbCheckRequestBounds(ClientPtr client, void *stuff, void *from, void *to) { ++ char *cstuff = (char *)stuff; ++ char *cfrom = (char *)from; ++ char *cto = (char *)to; ++ ++ return cfrom < cto && ++ cfrom >= cstuff && ++ cfrom < cstuff + ((size_t)client->req_len << 2) && ++ cto >= cstuff && ++ cto <= cstuff + ((size_t)client->req_len << 2); ++} ++ + /***====================================================================***/ + + int +@@ -4048,6 +4061,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + client->errorValue = _XkbErrCode2(0x04, stuff->firstType); + return BadAccess; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nTypes)) ++ return BadLength; + old = tmp; + tmp = _XkbCheckAtoms(tmp, stuff->nTypes, client->swapped, &bad); + if (!tmp) { +@@ -4077,6 +4092,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + } + width = (CARD8 *) tmp; + tmp = (CARD32 *) (((char *) tmp) + XkbPaddedSize(stuff->nKTLevels)); ++ if (!_XkbCheckRequestBounds(client, stuff, width, tmp)) ++ return BadLength; + type = &xkb->map->types[stuff->firstKTLevel]; + for (i = 0; i < stuff->nKTLevels; i++, type++) { + if (width[i] == 0) +@@ -4086,6 +4103,8 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + type->num_levels, width[i]); + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + width[i])) ++ return BadLength; + tmp = _XkbCheckAtoms(tmp, width[i], client->swapped, &bad); + if (!tmp) { + client->errorValue = bad; +@@ -4098,6 +4117,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + client->errorValue = 0x08; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->indicators))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumIndicators, stuff->indicators, + client->swapped, &bad); + if (!tmp) { +@@ -4110,6 +4132,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + client->errorValue = 0x09; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->virtualMods))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumVirtualMods, + (CARD32) stuff->virtualMods, + client->swapped, &bad); +@@ -4123,6 +4148,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + client->errorValue = 0x0a; + return BadMatch; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + Ones(stuff->groupNames))) ++ return BadLength; + tmp = _XkbCheckMaskedAtoms(tmp, XkbNumKbdGroups, + (CARD32) stuff->groupNames, + client->swapped, &bad); +@@ -4144,9 +4172,14 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + stuff->nKeys); + return BadValue; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + stuff->nKeys)) ++ return BadLength; + tmp += stuff->nKeys; + } + if ((stuff->which & XkbKeyAliasesMask) && (stuff->nKeyAliases > 0)) { ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + (stuff->nKeyAliases * 2))) ++ return BadLength; + tmp += stuff->nKeyAliases * 2; + } + if (stuff->which & XkbRGNamesMask) { +@@ -4154,6 +4187,9 @@ _XkbSetNamesCheck(ClientPtr client, DeviceIntPtr dev, + client->errorValue = _XkbErrCode2(0x0d, stuff->nRadioGroups); + return BadValue; + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, ++ tmp + stuff->nRadioGroups)) ++ return BadLength; + tmp = _XkbCheckAtoms(tmp, stuff->nRadioGroups, client->swapped, &bad); + if (!tmp) { + client->errorValue = bad; +@@ -4347,6 +4383,8 @@ ProcXkbSetNames(ClientPtr client) + /* check device-independent stuff */ + tmp = (CARD32 *) &stuff[1]; + ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbKeycodesNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4354,6 +4392,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbGeometryNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4361,6 +4401,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbSymbolsNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4368,6 +4410,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbPhysSymbolsNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4375,6 +4419,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbTypesNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +@@ -4382,6 +4428,8 @@ ProcXkbSetNames(ClientPtr client) + return BadAtom; + } + } ++ if (!_XkbCheckRequestBounds(client, stuff, tmp, tmp + 1)) ++ return BadLength; + if (stuff->which & XkbCompatNameMask) { + tmp = _XkbCheckAtoms(tmp, 1, client->swapped, &bad); + if (!tmp) { +-- +GitLab + diff --git a/main/xorg-server/CVE-2020-14346.patch b/main/xorg-server/CVE-2020-14346.patch new file mode 100644 index 00000000000..a2b771c2cfb --- /dev/null +++ b/main/xorg-server/CVE-2020-14346.patch @@ -0,0 +1,31 @@ +From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 18 Aug 2020 14:49:04 +0200 +Subject: [PATCH] Fix XIChangeHierarchy() integer underflow + +CVE-2020-14346 / ZDI-CAN-11429 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +--- + Xi/xichangehierarchy.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c +index cbdd912581..504defe566 100644 +--- a/Xi/xichangehierarchy.c ++++ b/Xi/xichangehierarchy.c +@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) + if (!stuff->num_changes) + return rc; + +- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); ++ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq); + + any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; + while (stuff->num_changes--) { +-- +GitLab + diff --git a/main/xorg-server/CVE-2020-14361.patch b/main/xorg-server/CVE-2020-14361.patch new file mode 100644 index 00000000000..f17d8e7fc0d --- /dev/null +++ b/main/xorg-server/CVE-2020-14361.patch @@ -0,0 +1,31 @@ +From 144849ea27230962227e62a943b399e2ab304787 Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 18 Aug 2020 14:52:29 +0200 +Subject: [PATCH] Fix XkbSelectEvents() integer underflow + +CVE-2020-14361 ZDI-CAN 11573 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +--- + xkb/xkbSwap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xkb/xkbSwap.c b/xkb/xkbSwap.c +index 1c1ed5ff46..50cabb90e5 100644 +--- a/xkb/xkbSwap.c ++++ b/xkb/xkbSwap.c +@@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client) + register unsigned bit, ndx, maskLeft, dataLeft, size; + + from.c8 = (CARD8 *) &stuff[1]; +- dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq); ++ dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq); + maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask)); + for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) { + if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify)) +-- +GitLab + diff --git a/main/xorg-server/CVE-2020-14362.patch b/main/xorg-server/CVE-2020-14362.patch new file mode 100644 index 00000000000..8f168044739 --- /dev/null +++ b/main/xorg-server/CVE-2020-14362.patch @@ -0,0 +1,65 @@ +From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001 +From: Matthieu Herrb <matthieu@herrb.eu> +Date: Tue, 18 Aug 2020 14:55:01 +0200 +Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow + +CVE-2020-14362 ZDI-CAN-11574 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> +--- + record/record.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/record/record.c b/record/record.c +index f2d38c877e..be154525d2 100644 +--- a/record/record.c ++++ b/record/record.c +@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client) + } /* SProcRecordQueryVersion */ + + static int _X_COLD +-SwapCreateRegister(xRecordRegisterClientsReq * stuff) ++SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) + { + int i; + XID *pClientID; +@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff) + swapl(&stuff->nRanges); + pClientID = (XID *) &stuff[1]; + if (stuff->nClients > +- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)) ++ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)) + return BadLength; + for (i = 0; i < stuff->nClients; i++, pClientID++) { + swapl(pClientID); + } + if (stuff->nRanges > +- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq) ++ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) + - stuff->nClients) + return BadLength; + RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); +@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client) + + swaps(&stuff->length); + REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); +- if ((status = SwapCreateRegister((void *) stuff)) != Success) ++ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) + return status; + return ProcRecordCreateContext(client); + } /* SProcRecordCreateContext */ +@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client) + + swaps(&stuff->length); + REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); +- if ((status = SwapCreateRegister((void *) stuff)) != Success) ++ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) + return status; + return ProcRecordRegisterClients(client); + } /* SProcRecordRegisterClients */ +-- +GitLab + diff --git a/main/xorgproto/APKBUILD b/main/xorgproto/APKBUILD index 16c6da7d1e1..3dca1958590 100644 --- a/main/xorgproto/APKBUILD +++ b/main/xorgproto/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: prspkt <prspkt@protonmail.com> pkgname=xorgproto pkgver=2018.4 -pkgrel=0 +pkgrel=1 pkgdesc="Combined X.Org X11 protocol headers" url="https://xorg.freedesktop.org" arch="noarch" @@ -68,6 +68,7 @@ package() { rm -f "$pkgdir"/usr/include/X11/extensions/windows* rm -f "$pkgdir"/usr/lib/pkgconfig/apple* rm -f "$pkgdir"/usr/lib/pkgconfig/windows* + rm -f "$pkgdir"/usr/include/X11/extensions/XKBgeom.h # libx11-dev >= 1.6.9-r0 } sha512sums="2db682d10280ca58cdc04d8eb9fef30c111d4cd379de9fec86cff317865b859a576de5426447be9231d24be9762cc1d684c57383a99ad499398e8b7d62b1c03c xorgproto-2018.4.tar.bz2" diff --git a/main/xtables-addons-vanilla/APKBUILD b/main/xtables-addons-vanilla/APKBUILD index b4e06e32765..ec77c540fb2 100644 --- a/main/xtables-addons-vanilla/APKBUILD +++ b/main/xtables-addons-vanilla/APKBUILD @@ -7,7 +7,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/main/zeromq/APKBUILD b/main/zeromq/APKBUILD index 2c63c2d4cda..27d59249afe 100644 --- a/main/zeromq/APKBUILD +++ b/main/zeromq/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=zeromq -pkgver=4.3.2 +pkgver=4.3.3 pkgrel=0 pkgdesc="The ZeroMQ messaging library and tools" url="http://www.zeromq.org/" @@ -16,10 +16,12 @@ source="https://github.com/zeromq/libzmq/releases/download/v$pkgver/$pkgname-$pk " # secfixes: +# 4.3.3-r0: +# - CVE-2020-15166 # 4.3.2-r0: -# - CVE-2019-13132 +# - CVE-2019-13132 # 4.3.1-r0: -# - CVE-2019-6250 +# - CVE-2019-6250 build() { cd "$builddir" @@ -44,5 +46,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="b6251641e884181db9e6b0b705cced7ea4038d404bdae812ff47bdd0eed12510b6af6846b85cb96898e253ccbac71eca7fe588673300ddb9c3109c973250c8e4 zeromq-4.3.2.tar.gz +sha512sums="4c18d784085179c5b1fcb753a93813095a12c8d34970f2e1bfca6499be6c9d67769c71c68b7ca54ff181b20390043170e89733c22f76ff1ea46494814f7095b1 zeromq-4.3.3.tar.gz 64e4ae2c89469359480743beeb4f1e08976a4c52dbfd2dd33020463df78e927993319e456299682901001e0832ebed85291eea0decc1d27a58de78a6c891e660 test-driver.patch" diff --git a/main/zfs-vanilla/APKBUILD b/main/zfs-vanilla/APKBUILD index c493f1f00c7..0579950dd8f 100644 --- a/main/zfs-vanilla/APKBUILD +++ b/main/zfs-vanilla/APKBUILD @@ -8,7 +8,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/testing/ipt-netflow-vanilla/APKBUILD b/testing/ipt-netflow-vanilla/APKBUILD index 6ee309b0d9e..3bb5cb5c6e4 100644 --- a/testing/ipt-netflow-vanilla/APKBUILD +++ b/testing/ipt-netflow-vanilla/APKBUILD @@ -7,7 +7,7 @@ _rel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" @@ -53,4 +53,4 @@ package() { make -j1 minstall DEPMOD=: DESTDIR="$pkgdir" } -sha512sums="e5ba66da9cae6fb9652e5532383233d433dd30dd16634734860f7e6910e46080e562e2d72c74584a86ead31156cffd4c5c44b438f617a9e5b3e5fdc1470045fc ipt-netflow-vanilla-4.19.98.tar.gz" +sha512sums="e5ba66da9cae6fb9652e5532383233d433dd30dd16634734860f7e6910e46080e562e2d72c74584a86ead31156cffd4c5c44b438f617a9e5b3e5fdc1470045fc ipt-netflow-vanilla-4.19.118.tar.gz" diff --git a/testing/wireguard-vanilla/APKBUILD b/testing/wireguard-vanilla/APKBUILD index 732babdc484..cddb6875628 100644 --- a/testing/wireguard-vanilla/APKBUILD +++ b/testing/wireguard-vanilla/APKBUILD @@ -10,7 +10,7 @@ _toolsrel=0 _flavor=${FLAVOR:-vanilla} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" diff --git a/testing/wireguard-virt/APKBUILD b/testing/wireguard-virt/APKBUILD index d1bf76c0224..d37e5de8c53 100644 --- a/testing/wireguard-virt/APKBUILD +++ b/testing/wireguard-virt/APKBUILD @@ -10,7 +10,7 @@ _toolsrel=0 _flavor=${FLAVOR:-virt} _kpkg=linux-$_flavor -_kver=4.19.98 +_kver=4.19.118 _krel=0 _kpkgver="$_kver-r$_krel" |