aboutsummaryrefslogtreecommitdiffstats
path: root/community
diff options
context:
space:
mode:
Diffstat (limited to 'community')
-rw-r--r--community/ceph/42-no-virtualenvs.patch2
-rw-r--r--community/ceph/APKBUILD6
-rw-r--r--community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch50
-rw-r--r--community/ffmpeg/APKBUILD23
-rw-r--r--community/ffmpeg/CVE-2020-35965.patch28
-rw-r--r--community/firefox-esr/APKBUILD27
-rw-r--r--community/imagemagick/APKBUILD11
-rw-r--r--community/jenkins/APKBUILD12
-rw-r--r--community/jool-modules-lts/APKBUILD2
-rw-r--r--community/lua-resty-openidc/APKBUILD8
-rw-r--r--community/nextcloud/APKBUILD15
-rw-r--r--community/nnn/APKBUILD4
-rw-r--r--community/nss/APKBUILD4
-rw-r--r--community/nss/CVE-2021-43527.patch352
-rw-r--r--community/php7-pecl-imagick/APKBUILD2
-rw-r--r--community/php7/APKBUILD8
-rw-r--r--community/php8-pecl-imagick/APKBUILD2
-rw-r--r--community/php8/APKBUILD8
-rw-r--r--community/py3-wgnlpy/APKBUILD4
-rw-r--r--community/rtl8821ce-lts/APKBUILD2
-rw-r--r--community/rtpengine-lts/APKBUILD2
-rw-r--r--community/zbar/APKBUILD2
22 files changed, 438 insertions, 136 deletions
diff --git a/community/ceph/42-no-virtualenvs.patch b/community/ceph/42-no-virtualenvs.patch
index 828e4a6338..2ccf795661 100644
--- a/community/ceph/42-no-virtualenvs.patch
+++ b/community/ceph/42-no-virtualenvs.patch
@@ -26,7 +26,7 @@
-
-add_custom_command(
- OUTPUT ${CEPH_VOLUME_VIRTUALENV}/bin/python
-- COMMAND ${CMAKE_SOURCE_DIR}/src/tools/setup-virtualenv.sh --python=${Python_EXECUTABLE} ${CEPH_VOLUME_VIRTUALENV}
+- COMMAND ${CMAKE_SOURCE_DIR}/src/tools/setup-virtualenv.sh --python=${Python3_EXECUTABLE} ${CEPH_VOLUME_VIRTUALENV}
- WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/src/ceph-volume
- COMMENT "ceph-volume venv is being created")
-
diff --git a/community/ceph/APKBUILD b/community/ceph/APKBUILD
index a7905e140e..02e01e8852 100644
--- a/community/ceph/APKBUILD
+++ b/community/ceph/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Duncan Bellamy <dunk@denkimushi.com>
# Maintainer: Duncan Bellamy <dunk@denkimushi.com>
pkgname=ceph
-pkgver=15.2.14
+pkgver=15.2.15
pkgrel=0
pkgdesc="Ceph is a distributed object store and file system"
pkgusers="ceph"
@@ -545,7 +545,7 @@ _pkg() {
}
sha512sums="
-eacc4dea0d8dfe2753aff78d89324d81c5634a784313c3da8ded778e2734958c216f8c705b25f070d7ba66b559424ad3c47cb68852f66f8c9c83a83ca78ad5a5 ceph_15.2.14.orig.tar.gz
+e4d929ffda5c3e31767d93340fb97b5d49ca1d5641f6c30134ce5542486fc4f72684aef2ef47cb940a332e8b9144d8cec63ce8a9f86c773dbc0ccebdd8e7fb19 ceph_15.2.15.orig.tar.gz
110bdbcb40216c7ed155a8d23020784741b4992d895f4f04a146d275506e4e68053854d3b063b41e9c9b3e3e4f95b6b90602f92c185c853c0d8f47ad0c6b7121 ceph.confd
ce5f162501f6b67fe254546dddf880d1a5b1d1a0fa69e0b1918de17e8da45c5c6124512b8cbd98b76f29d931403de0d11c5ffd330ed8ee1f4dc75bb04baecae3 ceph.initd
c608f11cf358d76daf5281467a4ea941a81474fbe7f5faa41f7f4d0abaf9136a01576bbb1ab24bdd7bc91a49f66bd7f0a84717de5ec27250d74dd1e47e3b5dd3 10-musl-fixes.patch
@@ -558,6 +558,6 @@ ec8aec40fa04fd475834801232d644ff3baf0777b59dcede36a6caa0d63b2c379292253babc3678b
60ea21b17640edf5bd644c23fa27abcf166a709795ad29bb917a38e59f069dceb4666479819626421340f7c70dd76545a4f1fbee8b2db781cadb9c061cdb7728 37-fix_tests.patch
92b5776925587c9c1491e975d49fe1a980cf65a1d556c22dd8547ff012e1a8a01c8cd04eedacdfa208e56aa9c260a8d8c0896c607bfc8079cfa38e8f1ece1a8a 40-uint.patch
445f3ca5c582e0fe02c18061c98cd13358684091c8a45262552c8af75d1c52320de538f6b71765e8267d326402a14c21dc27fd0781c997ab491bd3cdecc2e49f 41-test-uint.patch
-c9af66d374682d5671abfca27c426f5958889dc6734e90572f3998333ba2bd69a70b2ab13961f4d5222db6b17b3104d170c950aa2e87aac957352797b66e0117 42-no-virtualenvs.patch
+ae4e9a543bffda0e3ca382cb913eace5d214939d2b129fc89d29fa760a8acea65fd49293c724943d50b372da0272eaf71572b034d466e200ce889f33dd1b4d97 42-no-virtualenvs.patch
aea43c2a99f16f7fccf33aeca3565077bb2274816ca68db64b672addc85bde5c479bc9ad0fb33dbde79c9390f9acf1d98545e20e311e40dd428dad5ed02f0651 43-aarch64-erasure.patch
"
diff --git a/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch b/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
deleted file mode 100644
index 449551114e..0000000000
--- a/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315 Mon Sep 17 00:00:00 2001
-From: Jun Zhao <barryjzhao@tencent.com>
-Date: Sun, 12 Jul 2020 13:48:48 +0800
-Subject: [PATCH] lavf/srt: fix build fail when used the libsrt 1.4.1
-
-libsrt changed the:
-SRTO_SMOOTHER -> SRTO_CONGESTION
-SRTO_STRICTENC -> SRTO_ENFORCEDENCRYPTION
-and removed the front of deprecated options (SRTO_SMOOTHER/SRTO_STRICTENC)
-in the header, it's lead to build fail
-
-fix #8760
-
-Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
----
- libavformat/libsrt.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
-index 4de575b37c..4719ce0d4b 100644
---- a/libavformat/libsrt.c
-+++ b/libavformat/libsrt.c
-@@ -313,8 +313,12 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
- (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
- (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
- #if SRT_VERSION_VALUE >= 0x010302
-+#if SRT_VERSION_VALUE >= 0x010401
-+ (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#else
- /* SRTO_STRICTENC == SRTO_ENFORCEDENCRYPTION (53), but for compatibility, we used SRTO_STRICTENC */
- (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_STRICTENC, "SRTO_STRICTENC", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#endif
- (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
- (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
- #endif
-@@ -333,7 +337,11 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
- (s->lossmaxttl >= 0 && libsrt_setsockopt(h, fd, SRTO_LOSSMAXTTL, "SRTO_LOSSMAXTTL", &s->lossmaxttl, sizeof(s->lossmaxttl)) < 0) ||
- (s->minversion >= 0 && libsrt_setsockopt(h, fd, SRTO_MINVERSION, "SRTO_MINVERSION", &s->minversion, sizeof(s->minversion)) < 0) ||
- (s->streamid && libsrt_setsockopt(h, fd, SRTO_STREAMID, "SRTO_STREAMID", s->streamid, strlen(s->streamid)) < 0) ||
-+#if SRT_VERSION_VALUE >= 0x010401
-+ (s->smoother && libsrt_setsockopt(h, fd, SRTO_CONGESTION, "SRTO_CONGESTION", s->smoother, strlen(s->smoother)) < 0) ||
-+#else
- (s->smoother && libsrt_setsockopt(h, fd, SRTO_SMOOTHER, "SRTO_SMOOTHER", s->smoother, strlen(s->smoother)) < 0) ||
-+#endif
- (s->messageapi >= 0 && libsrt_setsockopt(h, fd, SRTO_MESSAGEAPI, "SRTO_MESSAGEAPI", &s->messageapi, sizeof(s->messageapi)) < 0) ||
- (s->payload_size >= 0 && libsrt_setsockopt(h, fd, SRTO_PAYLOADSIZE, "SRTO_PAYLOADSIZE", &s->payload_size, sizeof(s->payload_size)) < 0) ||
- ((h->flags & AVIO_FLAG_WRITE) && libsrt_setsockopt(h, fd, SRTO_SENDER, "SRTO_SENDER", &yes, sizeof(yes)) < 0)) {
---
-2.20.1
-
diff --git a/community/ffmpeg/APKBUILD b/community/ffmpeg/APKBUILD
index 365aa99738..52e7ca2022 100644
--- a/community/ffmpeg/APKBUILD
+++ b/community/ffmpeg/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ffmpeg
-pkgver=4.3.1
-pkgrel=4
+pkgver=4.3.3
+pkgrel=0
pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
url="https://ffmpeg.org/"
arch="all"
@@ -45,11 +45,22 @@ checkdepends="rsync"
source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
3e098cca6e51db0f19928c12d0348deaa17137b3.patch
- 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
- CVE-2020-35965.patch
"
# secfixes:
+# 4.3.3-r0:
+# - CVE-2020-20446
+# - CVE-2020-20450
+# - CVE-2020-20453
+# - CVE-2020-22015
+# - CVE-2020-22019
+# - CVE-2020-22021
+# - CVE-2020-22037
+# - CVE-2020-22042
+# - CVE-2020-35964
+# - CVE-2021-38114
+# - CVE-2021-38171
+# - CVE-2021-38291
# 4.3.1-r4:
# - CVE-2020-35965
# 4.3.1-r0:
@@ -195,9 +206,7 @@ libs() {
}
sha512sums="
-64e1052c45145e27726e43d4fe49c9a92058e55562d34fd3b3adf54d3506e6bd680f016b748828215e1bfc8ce19aa85b6f7e4eb05fafe21479118a4ad528a81f ffmpeg-4.3.1.tar.xz
+5324ee6711006372a7b6ac2d853df2ad5d78411531e79b72dcdb57709ea66b516bc0e6b0d1321c110d3a0acbac716b2b47e90dc673d5807b23d15699f83951e3 ffmpeg-4.3.3.tar.xz
1047a23eda51b576ac200d5106a1cd318d1d5291643b3a69e025c0a7b6f3dbc9f6eb0e1e6faa231b7e38c8dd4e49a54f7431f87a93664da35825cc2e9e8aedf4 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
7151e98829c215619b82e27fdff98b9a0d6a778f499170f3688e111a8bf7b2cc8895f09aa49bcb812ba5b5f06dd0243ebc79c31af246420f7d0869859b4a0241 3e098cca6e51db0f19928c12d0348deaa17137b3.patch
-acf4b34feaa1c57f621d5a8f56967e6d77ebe1d6288d94b853b513d6b2339debbaa38063ec11900258f31753cf24fef81bd60225149af45c03bfddf0b231f881 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
-ab5006a99af6e0402e1a2bc13a76f55b13144fcd7b71124fe3f82989d03bf1e1c306b66da7ce63662b6dfbdbb3edebef2cf280c08ac793fc3b983bd65c0f0ad5 CVE-2020-35965.patch
"
diff --git a/community/ffmpeg/CVE-2020-35965.patch b/community/ffmpeg/CVE-2020-35965.patch
deleted file mode 100644
index b3ecc45b63..0000000000
--- a/community/ffmpeg/CVE-2020-35965.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 24 Oct 2020 22:21:48 +0200
-Subject: [PATCH] avcodec/exr: Check ymin vs. h
-
-Fixes: out of array access
-Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
-Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
-
-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
----
- libavcodec/exr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libavcodec/exr.c b/libavcodec/exr.c
-index e907c5c46401..8b701d1cd298 100644
---- a/libavcodec/exr.c
-+++ b/libavcodec/exr.c
-@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
- // Zero out the start if ymin is not 0
- for (i = 0; i < planes; i++) {
- ptr = picture->data[i];
-- for (y = 0; y < s->ymin; y++) {
-+ for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
- memset(ptr, 0, out_line_size);
- ptr += picture->linesize[i];
- }
diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD
index b35c21034e..961aa2c554 100644
--- a/community/firefox-esr/APKBUILD
+++ b/community/firefox-esr/APKBUILD
@@ -2,9 +2,9 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
-pkgver=78.14.0
+pkgver=78.15.0
# Date of release, YY-MM-DD for metainfo file (see package())
-_releasedate=2021-09-07
+_releasedate=2021-10-05
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
@@ -86,6 +86,9 @@ _mozappdir=/usr/lib/firefox
ldpath="$_mozappdir"
# secfixes:
+# 78.15.0-r0:
+# - CVE-2021-38496
+# - CVE-2021-38500
# 78.14.0-r0:
# - CVE-2021-38492
# - CVE-2021-38493
@@ -467,25 +470,7 @@ npapi() {
}
sha512sums="
-5d5e4b1197f87b458a8ab14a62701fa0f3071e9facbb4fba71a64ef69abf31edbb4c5efa6c20198de573216543b5289270b5929c6e917f01bb165ce8c139c1ac firefox-78.14.0esr.source.tar.xz
-0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
-2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
-4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
-a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch
-454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch
-089c97e6011e86a9b9d9e7b0c8ba3af0519d1ce4e2b1e9ab7719762d6968388bfa47dad3bf23a6d41c3d66fdcc6c15e2c926e3ff9500bfd4fbf1b53e6d19dc57 fix-rust-target.patch
-d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79 fix-webrtc-glibcisms.patch
-60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch
-4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch
-f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
-5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop
-bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117 remove-faulty-libvpx-check.patch
-f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch
-4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch
-db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch
-"
-sha512sums="
-5d5e4b1197f87b458a8ab14a62701fa0f3071e9facbb4fba71a64ef69abf31edbb4c5efa6c20198de573216543b5289270b5929c6e917f01bb165ce8c139c1ac firefox-78.14.0esr.source.tar.xz
+ac3de735b246ce4f0e1619cd2664321ffa374240ce6843e785d79a350dc30c967996bbcc5e3b301cb3d822ca981cbea116758fc4122f1738d75ddfd1165b6378 firefox-78.15.0esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
diff --git a/community/imagemagick/APKBUILD b/community/imagemagick/APKBUILD
index 594335f2a7..19456e2096 100644
--- a/community/imagemagick/APKBUILD
+++ b/community/imagemagick/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=imagemagick
_pkgname=ImageMagick
-pkgver=7.0.11.13
+pkgver=7.0.11.14
pkgrel=0
_pkgver=${pkgver%.*}-${pkgver##*.}
_abiver=7
@@ -33,11 +33,14 @@ subpackages="
$pkgname-perlmagick:_perlmagick
$pkgname-perlmagick-doc:_perlmagick_doc
"
-source="$_pkgname-$_pkgver.tar.gz::https://github.com/ImageMagick/ImageMagick/archive/$_pkgver.tar.gz
- disable-avaraging-tests.patch"
+source="https://download.imagemagick.org/ImageMagick/download/releases/ImageMagick-$_pkgver.tar.xz
+ disable-avaraging-tests.patch
+ "
builddir="$srcdir/$_pkgname-$_pkgver"
# secfixes:
+# 7.0.11.14-r0:
+# - CVE-2021-34183
# 7.0.11.13-r0:
# - CVE-2021-20241
# - CVE-2021-20243
@@ -195,6 +198,6 @@ _perlmagick_doc() {
}
sha512sums="
-de66df70b7a7dc72ffef1e1dd5ed3c92b5a4bbbe2454a8e1436c3f16254a11e3c37946af79d49214945f24d9350ebe5b3423800fb5983b6ef43d550e397372d1 ImageMagick-7.0.11-13.tar.gz
+56e3e3823e2f78da45d190e734f32c245a41727321a0a7d500700ac4e9377e85baa0e48e54246a3d59922c3b9a8bc95dbb53eb5017606184e135185daf82ffdf ImageMagick-7.0.11-14.tar.xz
58afb2da075a6208b6a990ff297b3a827d260687c3355198a8b4d987e1596c0b0cd78aff6f0be0e1896e537fbe44a3d467473183f5f149664ea6e6fb3d3291a9 disable-avaraging-tests.patch
"
diff --git a/community/jenkins/APKBUILD b/community/jenkins/APKBUILD
index 1acdc75c4e..3f0708f722 100644
--- a/community/jenkins/APKBUILD
+++ b/community/jenkins/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=jenkins
-pkgver=2.287
+pkgver=2.319.2
pkgrel=0
pkgdesc="Extendable continuous integration server (stable version)"
url="https://jenkins.io"
@@ -14,13 +14,15 @@ options="!check"
pkgusers="$pkgname"
pkggroups="$pkgname"
subpackages="$pkgname-openrc"
-source="$pkgname-$pkgver.war::http://mirrors.jenkins.io/war/$pkgver/jenkins.war
+source="$pkgname-$pkgver.war::https://get.jenkins.io/war-stable/$pkgver/jenkins.war
$pkgname.logrotate
$pkgname.initd
$pkgname.confd"
builddir="$srcdir/"
# secfixes:
+# 2.319.2-r0:
+# - CVE-2022-20612
# 2.287-r0:
# - CVE-2021-21639
# - CVE-2021-21640
@@ -61,7 +63,9 @@ package() {
chown -R $pkgusers:$pkggroups "$pkgdir"/var/log/jenkins
}
-sha512sums="03c64fa595bd2b9b8463fcd47cdb2ccbe46cd820bcfdc2b2f0a9ae406d2dd32e6a5c8f51ddb8bdbc20498ae27672fb0b6e6f3e3f894f00bbc3f8e80dd627faf1 jenkins-2.287.war
+sha512sums="
+f6f0846d9e032b48e85fc20a030baa2d5c500a65c6c909d00852be3324d1b79c31ea8b7ff45ac05299ff9797b17aeb61d094ad425ce5198f6e13aa050007e650 jenkins-2.319.2.war
74423d3c66e2312eb3a1590e0582ccd82fc01b410d3bfc0627bef56fe6f4e7f4ea01a7a2d92a7a0c4870a1a1c48e911fe7eab3073e14db4910b52158182e5856 jenkins.logrotate
43686a537248c7a0a8fe53c3ca9577c8ffb50a141248de028d398d0fd3b3be8562b6cb2c63b44b3b0ac58d6431e8907790553791b2e125d1bfc2e3263ffaa83e jenkins.initd
-7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd"
+7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd
+"
diff --git a/community/jool-modules-lts/APKBUILD b/community/jool-modules-lts/APKBUILD
index 16ab91e8e2..57997ed3b1 100644
--- a/community/jool-modules-lts/APKBUILD
+++ b/community/jool-modules-lts/APKBUILD
@@ -21,7 +21,7 @@ fi
# Kernel version
# Keep in sync with main/linux-lts!
_kpkg=linux-$_flavor
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/lua-resty-openidc/APKBUILD b/community/lua-resty-openidc/APKBUILD
index f33d0636d1..69d1e20a3f 100644
--- a/community/lua-resty-openidc/APKBUILD
+++ b/community/lua-resty-openidc/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=lua-resty-openidc
-pkgver=1.7.1
-pkgrel=1
+pkgver=1.7.5
+pkgrel=0
pkgdesc="OpenID Connect library for the nginx lua module"
url="https://github.com/zmartzone/$pkgname"
arch="noarch"
@@ -18,4 +18,6 @@ package() {
cp -r ./lib/resty "$pkgdir/usr/share/lua/common"
}
-sha512sums="ce52684ebb3a492382e93a71a11c62d1cd17d1a3fd266e7d95453729abeb036ed99fded1a9cee55aec444d7a3e36d7cebd7a537006dff71fafd5dc8aa4c32378 lua-resty-openidc-1.7.1.tar.gz"
+sha512sums="
+d483efff27a0566ffadeb8f0da0df0147e9510bcfd5f4d295c7ce11925af882c9604e8d72f676bd9d6b6ded83c2c9f65ff958605856a8d218d4992136f0f4577 lua-resty-openidc-1.7.5.tar.gz
+"
diff --git a/community/nextcloud/APKBUILD b/community/nextcloud/APKBUILD
index 52b54cd967..5f748580c3 100644
--- a/community/nextcloud/APKBUILD
+++ b/community/nextcloud/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nextcloud
-pkgver=20.0.13
+pkgver=20.0.14
pkgrel=0
pkgdesc="A safe home for all your data"
url="http://nextcloud.com"
@@ -260,3 +260,16 @@ edb699ea6127b231793254115b334006c2d50a0d2ecc846188c3521ddffc3c0e19c5e2944f03cae8
ee9073a6df4286cba2d1d855cf40863968f20677729b2c7848ab50a70d4915b8e84c957a850a03a707231256c11312e5792e7817dd50afbf73efe767fef2112d fpm-pool.conf
959852e34f010e635470829d66713f3e22c47717ec2c6487759eed2b6aeff9fd1421fe0271d494a02781bd1c98beb2823583623ee2cf03057cd5db794627d6c2 occ
"
+sha512sums="ff5acc9ada4dca3af155c154b43602141ee341c1e4707482068c916a399063b5b85c758826e7f055508c0ba0802ea16fd8d86930b0f25a25c49f1fcc7de99239 nextcloud-20.0.14.zip
+aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9 nextcloud19-dont-chmod.patch
+2d03b90c1e2f3d96001f31f1bbf902e4c411c8de7dc5a4f956fa8297533324cb12092d3ad2198f2e02ff4835dc22febee2d49e449b003caef5b990d9dcff1e70 nextcloud-app-encryption-info-add-mcrypt.patch
+aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731 dont-update-htaccess.patch
+d2100a837fef1eeae5f706650ab4c985d9e00f61efa5526ef76c7c1f5811c3906eb6c3c13c151eff9677a0c303faab64411a5a84d6792728bc520d2c618d7d5b disable-integrity-check-as-default.patch
+3fc3e06580a619d81b12f448976ffac34f0bb80fc73e9443fa213a73f160ba4b9bd14a26c134258ee12c04d8e103b46f4de10d7b11e4544a328878e57d436055 iconv-ascii-translit-not-supported.patch
+df1a16414a278c205876ec86c210a02a9009954e2d4f9033ff3c9b76c371e2764ef3587db5a4b8f76302655c6c8688c8729d1685279a77d279d3839cc359fbcd use-external-docs-if-local-not-avail.patch
+5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1 nextcloud-config.php
+7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate
+dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd
+edb699ea6127b231793254115b334006c2d50a0d2ecc846188c3521ddffc3c0e19c5e2944f03cae81e6c645c859258380691081b1c522a22d40939b31db36e8a nextcloud.cron
+ee9073a6df4286cba2d1d855cf40863968f20677729b2c7848ab50a70d4915b8e84c957a850a03a707231256c11312e5792e7817dd50afbf73efe767fef2112d fpm-pool.conf
+959852e34f010e635470829d66713f3e22c47717ec2c6487759eed2b6aeff9fd1421fe0271d494a02781bd1c98beb2823583623ee2cf03057cd5db794627d6c2 occ"
diff --git a/community/nnn/APKBUILD b/community/nnn/APKBUILD
index 0d2d17b36d..ac794966e6 100644
--- a/community/nnn/APKBUILD
+++ b/community/nnn/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nnn
pkgver=3.5
-pkgrel=2
+pkgrel=3
pkgdesc="The unorthodox terminal file manager"
url="https://github.com/jarun/nnn"
arch="all"
@@ -41,7 +41,7 @@ plugins() {
install -D -m 0755 "$srcdir"/nnn-getplugs "$destdir"/getplugs
mkdir -p "$subpkgdir"/usr/bin
- ln -s "$destdir"/getplugs "$subpkgdir"/usr/bin/nnn-getplugs
+ ln -s ../share/$pkgname/plugins/getplugs "$subpkgdir"/usr/bin/nnn-getplugs
}
bashcomp() {
diff --git a/community/nss/APKBUILD b/community/nss/APKBUILD
index 194fb63406..f21f25b5ff 100644
--- a/community/nss/APKBUILD
+++ b/community/nss/APKBUILD
@@ -12,6 +12,7 @@ depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
+ CVE-2021-43527.patch
nss.pc.in
nss-util.pc.in
nss-softokn.pc.in
@@ -24,6 +25,8 @@ source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM
options="!strip"
# secfixes:
+# 3.66-r0:
+# - CVE-2021-43527
# 3.58-r0:
# - CVE-2020-25648
# 3.55-r0:
@@ -186,6 +189,7 @@ tools() {
sha512sums="
327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467 nss-3.66.tar.gz
+aff96b509bd649f9d5d5850b19daf1296210868dedd3ca9c1d198a9cf4cb2cfeb9ed6c530a8c9b7e1fbc0284e728ccf61c149fa07d940ef30e8ebc6588af76e6 CVE-2021-43527.patch
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in
diff --git a/community/nss/CVE-2021-43527.patch b/community/nss/CVE-2021-43527.patch
new file mode 100644
index 0000000000..afec728805
--- /dev/null
+++ b/community/nss/CVE-2021-43527.patch
@@ -0,0 +1,352 @@
+
+# HG changeset patch
+# User Dennis Jackson <djackson@mozilla.com>
+# Date 1637577642 0
+# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd
+# Parent da3d22d708c9cc0a32cff339658aeb627575e371
+Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D129514
+
+diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
+--- a/nss/lib/cryptohi/secvfy.c
++++ b/nss/lib/cryptohi/secvfy.c
+@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext *
+ SECItem pkcs1DigestInfo;
+ pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
+ pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
+ return _SGN_VerifyPKCS1DigestInfo(
+ cx->hashAlg, digest, &pkcs1DigestInfo,
+ PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+
++static unsigned int
++checkedSignatureLen(const SECKEYPublicKey *pubk)
++{
++ unsigned int sigLen = SECKEY_SignatureLen(pubk);
++ if (sigLen == 0) {
++ /* Error set by SECKEY_SignatureLen */
++ return sigLen;
++ }
++ unsigned int maxSigLen;
++ switch (pubk->keyType) {
++ case rsaKey:
++ case rsaPssKey:
++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
++ break;
++ case dsaKey:
++ maxSigLen = DSA_MAX_SIGNATURE_LEN;
++ break;
++ case ecKey:
++ maxSigLen = 2 * MAX_ECKEY_LEN;
++ break;
++ default:
++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
++ return 0;
++ }
++ if (sigLen > maxSigLen) {
++ PORT_SetError(SEC_ERROR_INVALID_KEY);
++ return 0;
++ }
++ return sigLen;
++}
++
+ /*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+ * to by dsig and has enough room for len bytes.
+ */
+ static SECStatus
+ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
+ unsigned int len)
+ {
+ SECItem *dsasig = NULL; /* also used for ECDSA */
+- SECStatus rv = SECSuccess;
+
+- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+- if (sig->len != len) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
++ if (len > DSA_MAX_SIGNATURE_LEN) {
++ goto loser;
+ }
+-
+- PORT_Memcpy(dsig, sig->data, sig->len);
+- return SECSuccess;
++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
++ if (len > MAX_ECKEY_LEN * 2) {
++ goto loser;
++ }
++ } else {
++ goto loser;
+ }
+
+- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+- if (len > MAX_ECKEY_LEN * 2) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
+- }
++ /* Decode and pad to length */
++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
++ if (dsasig == NULL) {
++ goto loser;
+ }
+- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+- if ((dsasig == NULL) || (dsasig->len != len)) {
+- rv = SECFailure;
+- } else {
+- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
++ if (dsasig->len != len) {
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++ goto loser;
+ }
+
+- if (dsasig != NULL)
+- SECITEM_FreeItem(dsasig, PR_TRUE);
+- if (rv == SECFailure)
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return rv;
++ PORT_Memcpy(dsig, dsasig->data, len);
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++
++ return SECSuccess;
++
++loser:
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ return SECFailure;
+ }
+
+ const SEC_ASN1Template hashParameterTemplate[] =
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_OBJECT_ID, 0 },
+ { SEC_ASN1_SKIP_REST },
+ { 0 }
+@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg
+ *
+ * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
+ * algorithm was not found or was not a signing algorithm.
+ */
+ SECStatus
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg)
+ {
+- int len;
++ unsigned int len;
+ PLArenaPool *arena;
+ SECStatus rv;
+ SECItem oid;
+ SECOidTag encalg;
+
+ PR_ASSERT(hashalg != NULL);
+ PR_ASSERT(encalgp != NULL);
+
+@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey
+ cx->wincx = wincx;
+ cx->hasSignature = (sig != NULL);
+ cx->encAlg = encAlg;
+ cx->hashAlg = hashAlg;
+ cx->key = SECKEY_CopyPublicKey(key);
+ cx->pkcs1RSADigestInfo = NULL;
+ rv = SECSuccess;
+ if (sig) {
+- switch (type) {
+- case rsaKey:
+- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+- &cx->pkcs1RSADigestInfo,
+- &cx->pkcs1RSADigestInfoLen,
+- cx->key,
+- sig, wincx);
+- break;
+- case rsaPssKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
++ rv = SECFailure;
++ if (type == rsaKey) {
++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
++ &cx->pkcs1RSADigestInfo,
++ &cx->pkcs1RSADigestInfoLen,
++ cx->key,
++ sig, wincx);
++ } else {
++ sigLen = checkedSignatureLen(key);
++ /* Check signature length is within limits */
++ if (sigLen == 0) {
++ /* error set by checkedSignatureLen */
++ rv = SECFailure;
++ goto loser;
++ }
++ if (sigLen > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ switch (type) {
++ case rsaPssKey:
++ if (sig->len != sigLen) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
++ rv = SECSuccess;
+ break;
+- }
+- if (sig->len != sigLen) {
+- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ case ecKey:
++ case dsaKey:
++ /* decodeECorDSASignature will check sigLen == sig->len after padding */
++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
++ break;
++ default:
++ /* Unreachable */
+ rv = SECFailure;
+- break;
+- }
+- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+- break;
+- case dsaKey:
+- case ecKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
+- break;
+- }
+- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+- break;
+- default:
+- rv = SECFailure;
+- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+- break;
++ goto loser;
++ }
++ }
++ if (rv != SECSuccess) {
++ goto loser;
+ }
+ }
+
+- if (rv)
+- goto loser;
+-
+ /* check hash alg again, RSA may have changed it.*/
+ if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+ goto loser;
+ }
+ /* check the policy on the hash algorithm. Do this after
+ * the rsa decode because some uses of this function get hash implicitly
+ * from the RSA signature itself. */
+@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ if (cx->hashcx == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
+ switch (cx->key->keyType) {
+ case ecKey:
+ case dsaKey:
+- dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ return SECFailure;
++ }
++ dsasig.data = cx->u.buffer;
++
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ }
+@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ cx->params,
+ &mech);
+ PORT_DestroyCheapArena(&tmpArena);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+
+ rsasig.data = cx->u.buffer;
+- rsasig.len = SECKEY_SignatureLen(cx->key);
++ rsasig.len = checkedSignatureLen(cx->key);
+ if (rsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ return SECFailure;
++ }
++ if (rsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ if (sig) {
+ if (sig->len != rsasig.len) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ PORT_Memcpy(rsasig.data, sig->data, rsasig.len);
+@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx)
+ static SECStatus
+ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+ void *wincx)
+ {
+ SECStatus rv;
+ VFYContext *cx;
+ SECItem dsasig; /* also used for ECDSA */
+-
+ rv = SECFailure;
+
+ cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+ if (cx != NULL) {
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
++ /* Error (if any) set by verifyPKCS1DigestInfo */
+ break;
+- case dsaKey:
+ case ecKey:
++ case dsaKey:
+ dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ rv = SECFailure;
+ break;
+ }
+- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+- SECSuccess) {
++ if (dsasig.len > sizeof(cx->u)) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- } else {
+- rv = SECSuccess;
++ rv = SECFailure;
++ break;
++ }
++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
++ if (rv != SECSuccess) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ break;
+ default:
+ break;
+ }
+ VFY_DestroyContext(cx, PR_TRUE);
+ }
+ return rv;
+
diff --git a/community/php7-pecl-imagick/APKBUILD b/community/php7-pecl-imagick/APKBUILD
index 6ff2d96f8a..dba11f73a6 100644
--- a/community/php7-pecl-imagick/APKBUILD
+++ b/community/php7-pecl-imagick/APKBUILD
@@ -3,7 +3,7 @@
pkgname=php7-pecl-imagick
_extname=imagick
pkgver=3.4.4
-pkgrel=8
+pkgrel=9
pkgdesc="PHP 7 extension provides a wrapper to the ImageMagick library - PECL"
url="https://pecl.php.net/package/imagick"
arch="all !x86" # https://gitlab.alpinelinux.org/alpine/aports/-/issues/12537
diff --git a/community/php7/APKBUILD b/community/php7/APKBUILD
index ea81ac853a..a85719ff66 100644
--- a/community/php7/APKBUILD
+++ b/community/php7/APKBUILD
@@ -25,7 +25,7 @@
pkgname=php7
_pkgreal=php
-pkgver=7.4.24
+pkgver=7.4.26
pkgrel=0
_apiver=20190902
_suffix=${pkgname#php}
@@ -174,6 +174,10 @@ done
subpackages="$subpackages $pkgname-common::noarch"
# secfixes:
+# 7.4.26-r0:
+# - CVE-2021-21707
+# 7.4.25-r0:
+# - CVE-2021-21703
# 7.4.24-r0:
# - CVE-2021-21706
# 7.4.21-r0:
@@ -682,7 +686,7 @@ _mv() {
}
sha512sums="
-30dd0a83d6184791f4cff3edcffeb05470de8f98ddadba3c11544449bf500280ff2048a8ca8588b35d0622dcbbf16f55ea297f51d469ae137048cab2d40da9cd php-7.4.24.tar.xz
+36cd493c9c95aabb1ee47e82cb0c20b2be99fe7ebd98743355139064590d0b9a1746d71e31dd47f164df34ebe3f8366a75f3efc149262e1391b43d83d3045c6e php-7.4.26.tar.xz
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
diff --git a/community/php8-pecl-imagick/APKBUILD b/community/php8-pecl-imagick/APKBUILD
index 21d3909148..070cf1da9d 100644
--- a/community/php8-pecl-imagick/APKBUILD
+++ b/community/php8-pecl-imagick/APKBUILD
@@ -3,7 +3,7 @@
pkgname=php8-pecl-imagick
_extname=imagick
pkgver=3.4.4
-pkgrel=1
+pkgrel=2
pkgdesc="PHP 8 extension provides a wrapper to the ImageMagick library - PECL"
url="https://pecl.php.net/package/imagick"
arch="all !x86" # https://gitlab.alpinelinux.org/alpine/aports/-/issues/12537
diff --git a/community/php8/APKBUILD b/community/php8/APKBUILD
index 3ba058d3c3..9407a76659 100644
--- a/community/php8/APKBUILD
+++ b/community/php8/APKBUILD
@@ -25,7 +25,7 @@
pkgname=php8
_pkgreal=php
-pkgver=8.0.11
+pkgver=8.0.13
pkgrel=0
_apiver=20200930
_suffix=${pkgname#php}
@@ -172,6 +172,10 @@ done
subpackages="$subpackages $pkgname-common::noarch"
# secfixes:
+# 8.0.13-r0:
+# - CVE-2021-21707
+# 8.0.12-r0:
+# - CVE-2021-21703
# 8.0.11-r0:
# - CVE-2021-21706
# 8.0.8-r0:
@@ -614,7 +618,7 @@ _mv() {
}
sha512sums="
-2d346959b2691ea0d5334dc9cad225b7a65ec53d6a6493f3b95c4819a0c088bec36aa1bf4ab3c8044a631bcfefb689d85463ff2259d42000e65dac30badcc59d php-8.0.11.tar.xz
+cb00482b74146670c4644f4b5da63b40d9afd111e198cdf1e67bfcf4280501a657b4fbad8fd7580f4e3f537db3c8a9db5f4115d3a466392cefac9866e233fa49 php-8.0.13.tar.xz
8a9a63cddfd9bdde23db85a7be0711e14688bab35b580abd0184d370c54de80b72cbdeb369570cd23927154984f024eaad5d222d53d9e19130fb2e8758dd4540 php8-fpm.initd
cd3a96d3febde3b6657ed80ff58945641443e84e5e0fd3d9df29e640e9549bc452a3412f1999fa02ae1ee2b64c08040998fa75805f67e0252741c376e26e1c3c php8-fpm.logrotate
95f536addfbb28fbca8b14da46d95a3595369d6e98d345f55f0fda1b12bdefd1579a27505424e7d1088a987d330798253cec9bd42b544bb567189cba746217c7 php8-module.conf
diff --git a/community/py3-wgnlpy/APKBUILD b/community/py3-wgnlpy/APKBUILD
index c7e2b8182f..59c4a95ec9 100644
--- a/community/py3-wgnlpy/APKBUILD
+++ b/community/py3-wgnlpy/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Thomas Liske <thomas@fiasko-nw.net>
pkgname=py3-wgnlpy
_pkgname=wgnlpy
-pkgver=0.1.4
+pkgver=0.1.5
pkgrel=0
pkgdesc="Python Netlink connector to WireGuard"
url="https://github.com/ArgosyLabs/wgnlpy"
@@ -22,4 +22,4 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="9969bf6663d1da0dfb30b68df4e6647332df461697b3f4f53e931064af7378e1ec2187f97b83ebc69e246b9555dbc89a27a844fc5acd686a2659f54421c345bb wgnlpy-0.1.4.tar.gz"
+sha512sums="a5a7c49143bd699f230988b928c7e8b1563fd2b86ab74154e641c5e2c152efe1daab5c3b19e436ddd03d2f5336d43d176bd2bd57261260b8baeab3e4d65d4e19 wgnlpy-0.1.5.tar.gz"
diff --git a/community/rtl8821ce-lts/APKBUILD b/community/rtl8821ce-lts/APKBUILD
index c21e408e73..f1cdfa1763 100644
--- a/community/rtl8821ce-lts/APKBUILD
+++ b/community/rtl8821ce-lts/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Kevin Daudt <kdaudt@alpinelinux.org>
# Maintainer: Kevin Daudt <kdaudt@alpinelinux.org>
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_flavor="$FLAVOR"
[ -z "$_flavor" ] && _flavor=lts
diff --git a/community/rtpengine-lts/APKBUILD b/community/rtpengine-lts/APKBUILD
index f20d9a3b46..86e3c7b874 100644
--- a/community/rtpengine-lts/APKBUILD
+++ b/community/rtpengine-lts/APKBUILD
@@ -5,7 +5,7 @@ _ver=9.0.1.10
_rel=0
# kernel version
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/zbar/APKBUILD b/community/zbar/APKBUILD
index d6496b0e83..d02cd8b1bf 100644
--- a/community/zbar/APKBUILD
+++ b/community/zbar/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Diego Queiroz <diego.queiroz@gmail.com>
pkgname=zbar
pkgver=0.23.1
-pkgrel=2
+pkgrel=3
pkgdesc="Port of ZBAR BAR CODE READER"
url="http://zbar.sourceforge.net/"
arch="all"