diff options
Diffstat (limited to 'main')
1221 files changed, 38280 insertions, 90726 deletions
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD index 07cfdad867..7f029cc096 100644 --- a/main/abuild/APKBUILD +++ b/main/abuild/APKBUILD @@ -2,7 +2,7 @@ pkgname=abuild pkgver=3.9.0 _ver=${pkgver%_git*} -pkgrel=0 +pkgrel=2 pkgdesc="Script to build Alpine Packages" url="https://git.alpinelinux.org/cgit/abuild/" arch="all" @@ -26,7 +26,10 @@ subpackages=" " options="suid" pkggroups="abuild" -source="https://git.alpinelinux.org/abuild/snapshot/abuild-$pkgver.tar.xz +source="https://gitlab.alpinelinux.org/alpine/abuild/-/archive/$pkgver/abuild-$pkgver.tar.gz + mr60-newapkbuild-use-abuild-meson.patch + mr128-newapkbuild-fetch-rust-deps-in-prepare.patch + mr131-newapkbuild-change-cmake-build-type.patch " builddir="$srcdir"/abuild-$pkgver @@ -79,10 +82,13 @@ pypi() { _rootbld() { pkgdesc="Build packages in chroot" - depends="abuild bubblewrap gettext git" + depends="abuild bubblewrap cmd:envsubst git" mkdir -p "$subpkgdir" } sha512sums=" -b9f24d9d6f8f4eef320a5dbcc3ff94af64332d6034da306b237541e447839f4debc19eb2b937150166f53c63f9c9e518420cb54092c1f946f1c294c0464c521f abuild-3.9.0.tar.xz +a3075b18d4a085ca796d1c2df703c3e7c80e682623175eb0822479f3a6d96ffba571f283bdec8ae3db832e296f9e58bdd0f58097b86b503a91fbb40148084a68 abuild-3.9.0.tar.gz +a52fa7978d61f1636dbe3d120fee4e3fab6fae018a91f662c082f4eab37e6fd63d74c55124fd50fa3a676a8af71ba858cebf93f3ca21f95b03d3478fa1e55e6b mr60-newapkbuild-use-abuild-meson.patch +f8d5c131cefb1c10d34962994ee3158fd8155acf68616fe471a7d07ce15e04d184bdfa3c181ec19bd1ca95e0f5acf1664f14a52b29451b2760aa580222e75f73 mr128-newapkbuild-fetch-rust-deps-in-prepare.patch +56b71c3feff5a17d9550e1947fe316b7c7aa397f9e365532410e492ea992b8bfcfbb97041ddc2128c7bb9772e9e03584a9f5d5f5bcced00a1082e7374f02801a mr131-newapkbuild-change-cmake-build-type.patch " diff --git a/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch b/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch new file mode 100644 index 0000000000..298f717e3b --- /dev/null +++ b/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch @@ -0,0 +1,110 @@ +Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/128 +-- +From 29611f3a6929b4edecd89506e666f963fa25ae52 Mon Sep 17 00:00:00 2001 +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Thu, 16 Dec 2021 00:19:07 +0100 +Subject: [PATCH 1/2] newapkbuild: fetch rust dependencies in prepare phase + +Fetch all dependencies in the prepare phase and do not access network +in the following phases. +--- + newapkbuild.in | 27 ++++++++++++++++++++++++--- + 1 file changed, 24 insertions(+), 3 deletions(-) + +diff --git a/newapkbuild.in b/newapkbuild.in +index c58d519..0182ad2 100644 +--- a/newapkbuild.in ++++ b/newapkbuild.in +@@ -30,6 +30,12 @@ is_github_url() { + return 1 + } + ++prepare_rust() { ++ cat >>APKBUILD<<__EOF__ ++ cargo fetch --locked ++__EOF__ ++} ++ + # Build sections + build_make() { + cat >>APKBUILD<<__EOF__ +@@ -104,7 +110,7 @@ __EOF__ + + build_rust() { + cat >>APKBUILD<<__EOF__ +- cargo build --release --locked ++ cargo build --frozen --release + __EOF__ + } + +@@ -150,7 +156,7 @@ __EOF__ + + check_rust() { + cat >>APKBUILD<<__EOF__ +- cargo test --release --locked ++ cargo test --frozen --release + __EOF__ + } + +@@ -199,7 +205,7 @@ __EOF__ + + package_rust() { + cat >>APKBUILD<<__EOF__ +- cargo install --locked --path . --root="\$pkgdir/usr" ++ cargo install --frozen --offline --path . --root="\$pkgdir/usr" + rm "\$pkgdir"/usr/.crates* + __EOF__ + } +@@ -333,6 +339,21 @@ __EOF__ + fi + fi + ++ case "$buildtype" in ++ rust) ++ cat >>APKBUILD<<__EOF__ ++prepare() { ++ default_prepare ++ ++__EOF__ ++ prepare_rust ++ cat >>APKBUILD<<__EOF__ ++} ++ ++__EOF__ ++ ;; ++ esac ++ + # Create build() function + cat >>APKBUILD<<__EOF__ + build() { +-- +GitLab + + +From 0a9374e4ffa8202ba011497ea39fb5443d7ef9a5 Mon Sep 17 00:00:00 2001 +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Thu, 16 Dec 2021 00:23:48 +0100 +Subject: [PATCH 2/2] newapkbuild: do not run cargo test with --release + +It takes a longer time to compile and, most importantly, it may cause +unnecessary rebuild of everything in the package phase (installation). +--- + newapkbuild.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/newapkbuild.in b/newapkbuild.in +index 0182ad2..9e8643d 100644 +--- a/newapkbuild.in ++++ b/newapkbuild.in +@@ -156,7 +156,7 @@ __EOF__ + + check_rust() { + cat >>APKBUILD<<__EOF__ +- cargo test --frozen --release ++ cargo test --frozen + __EOF__ + } + +-- +GitLab + diff --git a/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch b/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch new file mode 100644 index 0000000000..5b98b499a4 --- /dev/null +++ b/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch @@ -0,0 +1,33 @@ +Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/131 +-- +From 6c43d67a053be0476384fcf8252c07fa2a235a87 Mon Sep 17 00:00:00 2001 +From: psykose <alice@ayaya.dev> +Date: Thu, 30 Dec 2021 21:48:50 +0000 +Subject: [PATCH] newapkbuild: refine default cmake format + +MinSizeRel is a better recommended default- of course it can still be +overriden. +the dot is redundant- we already specify -B and so the dot is implicitly +cwd. +--- + newapkbuild.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/newapkbuild.in b/newapkbuild.in +index c58d519..63b387d 100644 +--- a/newapkbuild.in ++++ b/newapkbuild.in +@@ -65,8 +65,8 @@ build_cmake() { + -DCMAKE_INSTALL_PREFIX=/usr \\ + -DCMAKE_INSTALL_LIBDIR=lib \\ + -DBUILD_SHARED_LIBS=True \\ +- -DCMAKE_BUILD_TYPE=None \\ +- \$CMAKE_CROSSOPTS . ++ -DCMAKE_BUILD_TYPE=MinSizeRel \\ ++ \$CMAKE_CROSSOPTS + cmake --build build + __EOF__ + } +-- +GitLab + diff --git a/main/abuild/mr60-newapkbuild-use-abuild-meson.patch b/main/abuild/mr60-newapkbuild-use-abuild-meson.patch new file mode 100644 index 0000000000..44aefd46bf --- /dev/null +++ b/main/abuild/mr60-newapkbuild-use-abuild-meson.patch @@ -0,0 +1,34 @@ +Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/60 +-- +From 55b66b3ad702ba673384126d98026043cdf949ef Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Tue, 7 Jul 2020 13:37:31 -0300 +Subject: [PATCH] newapkbuild: use meson-abuild helper instead of meson + +abuild-meson is a shellscript that wraps around meson and passes options +meant for packaging software that uses meson, for Alpine Linux. +--- + newapkbuild.in | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/newapkbuild.in b/newapkbuild.in +index c58d519..d7a2eb5 100644 +--- a/newapkbuild.in ++++ b/newapkbuild.in +@@ -78,12 +78,7 @@ build_meson() { + # TODO For cross compilation a cross_file needs to be created. + + cat >>APKBUILD<<__EOF__ +- meson \\ +- --prefix=/usr \\ +- --sysconfdir=/etc \\ +- --mandir=/usr/share/man \\ +- --localstatedir=/var \\ +- --buildtype=plain \\ ++ abuild-meson \\ + . output + meson compile \${JOBS:+-j \${JOBS}} -C output + __EOF__ +-- +GitLab + diff --git a/main/acct/APKBUILD b/main/acct/APKBUILD index 2b7d1bf03b..3b665ea853 100644 --- a/main/acct/APKBUILD +++ b/main/acct/APKBUILD @@ -1,28 +1,39 @@ # Contributor: Carlo Landmeter <clandmeter@alpinelinux.org> +# Contributor: Dermot Bradley <dermot_bradley@yahoo.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=acct pkgver=6.6.4 -pkgrel=0 +pkgrel=1 pkgdesc="The GNU Accounting Utilities" url="https://www.gnu.org/software/acct/" arch="all" license="GPL-3.0-or-later" -depends="" -makedepends="linux-headers" -install="" -subpackages="$pkgname-doc" -source="https://ftp.gnu.org/gnu/acct/$pkgname-$pkgver.tar.gz" -builddir="$srcdir"/$pkgname-$pkgver +makedepends=" + linux-headers + " +options="!check" # compares build utils with host utils so may fail +subpackages=" + $pkgname-doc + $pkgname-openrc + " +source=" + https://ftp.gnu.org/gnu/acct/acct-$pkgver.tar.gz + initd + logrotate + " prepare() { default_prepare update_config_sub sed -i -e '/gets is a/d' \ "$builddir"/lib/stdio.in.h + + # correct the path to the wtmp file + sed -i -e 's|, WTMP_FILE|, "/var/log/wtmp"|' \ + configure } build() { - cd "$builddir" # seems like this makefile does not respect DESTDIR ./configure \ --build=$CBUILD \ @@ -35,8 +46,24 @@ build() { } package() { - cd "$builddir" make prefix="$pkgdir/usr" install + + # last is provided by util-linux-login + rm "$pkgdir"/usr/bin/last "$pkgdir"/usr/share/man/man1/last.1 + + install -m755 \ + -D \ + "$srcdir"/initd \ + "$pkgdir"/etc/init.d/acct + + install -m644 \ + -D \ + "$srcdir"/logrotate \ + "$pkgdir"/etc/logrotate.d/acct } -sha512sums="413aa446caece8fd773c92e2995bbaa034f63dd0ced521815a676c49f118e02982862b9c0ab7e60be5212c87d1e82ba6325bda212cf4857392a068d359a1e2c2 acct-6.6.4.tar.gz" +sha512sums=" +413aa446caece8fd773c92e2995bbaa034f63dd0ced521815a676c49f118e02982862b9c0ab7e60be5212c87d1e82ba6325bda212cf4857392a068d359a1e2c2 acct-6.6.4.tar.gz +ccde27aeb9e21199c151fdd528dc195aefe4919d61996cdaf5321d488210e727f09a8d65a01b07e5d4cbd69bdc2ed4e8b75538dbcf4e6464474ed3fb5b62f9a4 initd +4be87c186fc9898cc1d1096cfb37616954fd992cdb40f1dde8b5ddaf94794235015ea2bbd0fccd32f1f33798ea557186bb93d1da1c9105e8d328a6e2965d58fe logrotate +" diff --git a/main/acct/initd b/main/acct/initd new file mode 100644 index 0000000000..52cf08dff1 --- /dev/null +++ b/main/acct/initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run + +description="Enables process accounting." + +depend() { + keyword -prefix -lxc -docker +} + +: ${acct_dir:=${ACCTDIR:-/var/log/account}} +: ${acct_file:=${ACCTFILE:-pacct}} + + +start() { + if [ ! -d "$acct_dir" ]; then + mkdir -p $acct_dir + chmod 770 $acct_dir + fi + if [ ! -f "$acct_dir/$acct_file" ]; then + touch $acct_dir/$acct_file + chmod 770 $acct_dir/$acct_file + fi + + ebegin "Enabling process accounting" + accton on >/dev/null + eend $? +} + +stop() { + ebegin "Disabling process accounting" + accton off + eend $? +} diff --git a/main/acct/logrotate b/main/acct/logrotate new file mode 100644 index 0000000000..30fbf064a0 --- /dev/null +++ b/main/acct/logrotate @@ -0,0 +1,12 @@ +/var/log/account/pacct { + compress + create 0770 root root + daily + delaycompress + missingok + notifempty + postrotate + accton /var/log/account/pacct + endscript + rotate 14 +} diff --git a/main/acl/APKBUILD b/main/acl/APKBUILD index 50d750d514..367c811b86 100644 --- a/main/acl/APKBUILD +++ b/main/acl/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=acl -pkgver=2.2.53 +pkgver=2.3.1 pkgrel=0 pkgdesc="Access control list utilities" url="https://savannah.nongnu.org/projects/acl" @@ -37,4 +37,6 @@ libacl() { mv "$pkgdir"/lib/libacl.so.* "$subpkgdir"/lib/ } -sha512sums="176b7957fe0e7618e0b7bf2ac5071f7fa29417df718cce977661a576fa184e4af9d303b591c9d556b6ba8923e799457343afa401f5a9f7ecd9022185a4e06716 acl-2.2.53.tar.gz" +sha512sums=" +f101e27058c959f4c412f475c3fc77a90d1ead8728701e4ce04ff08b34139d35e0e72278c9ac7622ba6054e81c0aeca066e09491b5f5666462e3866705a0e892 acl-2.3.1.tar.gz +" diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD index 65c3702e8e..08c293d04b 100644 --- a/main/alpine-base/APKBUILD +++ b/main/alpine-base/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alpine-base -pkgver=3.15.0 +pkgver=3.16.0 pkgrel=0 pkgdesc="Meta package for minimal alpine base" url="https://alpinelinux.org" @@ -46,6 +46,13 @@ ID=alpine VERSION_ID=$pkgver PRETTY_NAME="Alpine Linux $_rel" HOME_URL="https://alpinelinux.org/" -BUG_REPORT_URL="https://bugs.alpinelinux.org/" +BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues" +EOF + + # create secfixes.d repository list + mkdir -p "$pkgdir"/etc/secfixes.d + cat >"$pkgdir"/etc/secfixes.d/alpine<<EOF +https://secdb.alpinelinux.org/$_rel/main.json +https://secdb.alpinelinux.org/$_rel/community.json EOF } diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD index 4825ea730c..a31f17c380 100644 --- a/main/alpine-baselayout/APKBUILD +++ b/main/alpine-baselayout/APKBUILD @@ -2,13 +2,15 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alpine-baselayout pkgver=3.2.0 -pkgrel=18 +pkgrel=23 pkgdesc="Alpine base dir structure and init scripts" url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" arch="all" license="GPL-2.0-only" pkggroups="shadow" options="!fhs !check" +depends="$pkgname-data=${pkgver}-r${pkgrel}" +subpackages="$pkgname-data" install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade $pkgname.post-install" _nbver=6.2 @@ -50,6 +52,26 @@ build() { }' "$srcdir"/passwd > shadow } +data() { + replaces="alpine-baselayout" + depends= + + amove etc/fstab + amove etc/group + amove etc/hostname + amove etc/hosts + amove etc/inittab + amove etc/modules + amove etc/mtab + amove etc/passwd + amove etc/profile + amove etc/protocols + amove etc/services + amove etc/shadow + amove etc/shells + amove etc/sysctl.conf +} + package() { mkdir -p "$pkgdir" cd "$pkgdir" @@ -149,7 +171,7 @@ package() { The Alpine Wiki contains a large amount of how-to guides and general information about administrating Alpine systems. - See <http://wiki.alpinelinux.org/>. + See <https://wiki.alpinelinux.org/>. You can setup the system with the command: setup-alpine @@ -235,7 +257,7 @@ package() { sha512sums=" 199a34716b1f029407b08679fed4fda58384a1ccefbbec9abe1c64f4a3f7ad2a89bc7c02fc19a7f791f7c6bb87f9f0c708cb3f18c027cb7f54f25976eba4b839 mkmntdirs.c 6e169c0975a1ad1ad871a863e8ee83f053de9ad0b58d94952efa4c28a8c221445d9e9732ad8b52832a50919c2f39aa965a929b3d5b3f9e62f169e2b2e0813d82 crontab -7fcb5df98b0f19e609cb9444b2e6ca5ee97f5f308eb407436acdd0115781623fd89768a9285e9816e36778e565b6f27055f2a586a58f19d6d880de5446d263c4 color_prompt.sh.disabled +558071efdce2fe92afe4277006235b1a6368b070337c7567e5632a1a3fe531f87ca692eb36f3dda498d4d29d1f834fc8f7139f2985669ae3400b6d103d6f4c5e color_prompt.sh.disabled b2fc9b72846a43a45ba9a8749e581cef34d1915836833b51b7919dfbf4e275b7d55fec4dea7b23df3796380910971a41331e53e8cf0d304834e3da02cc135e5a locale.sh bfe947bdd69e7d93b32c8cb4e2cabe5717cb6c1e1f49a74015ac2cfb13e96d1f12c4be23ae93a1d61aaa3760d33a032fa9bd99f227fb21223a76b5f5908acc65 aliases.conf 0a1e1afa580751e80bf26057b65fadffe269c0552e7a1903de498f94973ba3da8453b51f25e649968ca5f4841266f5ccf951700fa28465a8614b83d07344de60 blacklist.conf @@ -244,7 +266,7 @@ bfe947bdd69e7d93b32c8cb4e2cabe5717cb6c1e1f49a74015ac2cfb13e96d1f12c4be23ae93a1d6 806b8f23f823a9471846d12fa6b55690b95eedb4c613b82aefaba7ffef23f83e17552befd891a487864f72ef24e395d8611738933f684a85eb4c336cb20994f8 group fdab6f8fec2a556ab817d90a73635a927ea04dbc4e0470ed59ee6a62c87393f9534c9b746b09a776d938c25b8af9c9fb1686578e24f8307d1d074921ade1bdc7 inittab 06d12a7b9ca14fe17e412d0f24814620b67d035ae859be7906cbf4782dd69e359a6a555dafb98060b7fb7e4714aaa676c88d9017cded36e6d8398e23369bb290 passwd -b14920eae431d1f15b066e264a94f804540c5dcbf91caef034019d95456c975c0c054672e53369082682dd9454a034f26bd45b312adfc0ab68a0311d97b037ac profile +dfc810763c5d94ef6bd149bdb0b152712c0c0aadc7ad3c5c916e2c6e8ed57246e3cdac50d2743b9d009267bdbd47e91b6ad58fe6d068baf132043c38e8fd820d profile eadc83e47fcc354ab83fd109bee452bda170886fb684e67faf615930c11480919505f4af60c685b124efc54af0ded9522663132f911eac6622144f8b4c8be695 protocols-6.2 adfae0d2f569c2a2f413b7e27683a007fc8ca689b8c3349672fe0dcb6208c192ede4402eff09c604b7e7b4fd9d8df93b875efa5bdaa6c14ff1d8022a7caad5cd services-6.2 " diff --git a/main/alpine-baselayout/alpine-baselayout.pre-upgrade b/main/alpine-baselayout/alpine-baselayout.pre-upgrade index 2fcbe17943..6f7b23d5aa 100644 --- a/main/alpine-baselayout/alpine-baselayout.pre-upgrade +++ b/main/alpine-baselayout/alpine-baselayout.pre-upgrade @@ -15,14 +15,14 @@ for i in /etc/modprobe.d/*; do done # migrate /var/run directory to /run -if [ -d /var/run ]; then +if [ -d /var/run ] && [ ! -L /var/run ]; then cp -a /var/run/* /run 2>/dev/null rm -rf /var/run ln -s ../run /var/run fi # migrate /var/spool/mail directory to /var/mail -if [ -d /var/spool/mail ]; then +if [ -d /var/spool/mail ] && [ ! -L /var/spool/mail ]; then mkdir -p /var/mail cp -a /var/spool/mail/* /var/mail/ 2>/dev/null rm -rf /var/spool/mail diff --git a/main/alpine-baselayout/color_prompt.sh.disabled b/main/alpine-baselayout/color_prompt.sh.disabled index eea81eca5c..96e47891b3 100644 --- a/main/alpine-baselayout/color_prompt.sh.disabled +++ b/main/alpine-baselayout/color_prompt.sh.disabled @@ -1,10 +1,17 @@ # Setup a red prompt for root and a green one for users. -# rename this file to color_prompt.sh to actually enable it -NORMAL="\[\e[0m\]" -RED="\[\e[1;31m\]" -GREEN="\[\e[1;32m\]" +# Symlink this file to color_prompt.sh to actually enable it. + +_normal=$'\e[0m' if [ "$USER" = root ]; then - PS1="$RED\h [$NORMAL\w$RED]# $NORMAL" + _color=$'\e[1;31m' + _symbol='#' else - PS1="$GREEN\h [$NORMAL\w$GREEN]\$ $NORMAL" + _color=$'\e[1;32m' + _symbol='$' fi +if [ -n "$ZSH_VERSION" ]; then + PS1="%{$_color%}%m [%{$_normal%}%~%{$_color%}]$_symbol %{$_normal%}" +else + PS1="\[$_color\]\h [\[$_normal\]\w\[$_color\]]$_symbol \[$_normal\]" +fi +unset _normal _color _symbol diff --git a/main/alpine-baselayout/profile b/main/alpine-baselayout/profile index fd7506b96f..7544958197 100644 --- a/main/alpine-baselayout/profile +++ b/main/alpine-baselayout/profile @@ -22,19 +22,18 @@ export PATH export PAGER=less umask 022 -# set up fallback default PS1 -: "${HOSTNAME:=$(hostname)}" -PS1='${HOSTNAME%%.*}:$PWD' -[ "$(id -u)" = "0" ] && PS1="${PS1}# " -[ "$(id -u)" = "0" ] || PS1="${PS1}\$ " - # use nicer PS1 for bash and busybox ash -[ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ] && PS1='\h:\w\$ ' - +if [ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ]; then + PS1='\h:\w\$ ' # use nicer PS1 for zsh -[ -n "$ZSH_VERSION" ] && PS1='%m:%~%# ' - -# export PS1 as before +elif [ -n "$ZSH_VERSION" ]; then + PS1='%m:%~%# ' +# set up fallback default PS1 +else + : "${HOSTNAME:=$(hostname)}" + PS1='${HOSTNAME%%.*}:$PWD' + [ "$(id -u)" -eq 0 ] && PS1="${PS1}# " || PS1="${PS1}\$ " +fi export PS1 for script in /etc/profile.d/*.sh ; do diff --git a/main/alpine-conf/APKBUILD b/main/alpine-conf/APKBUILD index d53b9cdfff..9c22ea0a01 100644 --- a/main/alpine-conf/APKBUILD +++ b/main/alpine-conf/APKBUILD @@ -1,12 +1,13 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alpine-conf -pkgver=3.13.0 +pkgver=3.14.2 pkgrel=0 pkgdesc="Alpine configuration management scripts" url="https://git.alpinelinux.org/alpine-conf/about" arch="all" license="MIT" depends="openrc>=0.24.1-r6 busybox>=1.26.1-r3" +checkdepends="kyua" source="https://gitlab.alpinelinux.org/alpine/alpine-conf/-/archive/$pkgver/alpine-conf-$pkgver.tar.gz " @@ -24,6 +25,10 @@ package() { done } +check() { + make check +} + sha512sums=" -ad5c26bc4b1cd0e5f3083340469d7748dc2a5e97cb6d5e9cd87cdff36633d64732d59b577ea23202aa5b75da4ca65f07682d2b3387e7529717f169d8718824cc alpine-conf-3.13.0.tar.gz +beb1e283db82cda8ce892c1a209d15011ad0ac5f061a5040d8ef0dddf7668c31a6dd7568451078e4b44f519744ea5488f973e9d00735e925568f8d6e710d6f6b alpine-conf-3.14.2.tar.gz " diff --git a/main/alpine-ipxe/APKBUILD b/main/alpine-ipxe/APKBUILD index 46bc0ada95..a54db2b92b 100644 --- a/main/alpine-ipxe/APKBUILD +++ b/main/alpine-ipxe/APKBUILD @@ -7,13 +7,11 @@ pkgdesc="iPXE build for Alpine Linux netboot" url="https://boot.alpinelinux.org" arch="x86 x86_64 aarch64" license="GPL-2.0-or-later" -depends="" makedepends="xz-dev perl coreutils bash syslinux xorriso" options="!strip !check !archcheck !tracedeps" # no tests -install="" -subpackages="" source="ipxe-$pkgver.tar.gz::https://github.com/ipxe/ipxe/archive/v$pkgver.tar.gz gcc-10.patch + gcc-11.patch DST_Root_CA_X3.pem alpine-netboot-ca.crt boot.ipxe @@ -42,7 +40,6 @@ done prepare() { default_prepare - cd "$builddir" local general="DIGEST_CMD NET_PROTO_IPV6 DOWNLOAD_PROTO_HTTPS IMAGE_TRUST_CMD NSLOOKUP_CMD PING_CMD REBOOT_CMD NTP_CMD PCI_CMD TIME_CMD VLAN_CMD" mkdir -p config/local @@ -54,7 +51,6 @@ prepare() { } build() { - cd "$builddir" # DST_Root_CA_X3.pem is need for https (letsencrypt) make EMBED="$srcdir/boot.ipxe" \ CERT="$srcdir"/alpine-netboot-ca.crt,"$srcdir"/DST_Root_CA_X3.pem \ @@ -80,8 +76,11 @@ _split() { "$subpkgdir"/usr/share/$pkgname } -sha512sums="39142187c7b84e81ed95865b2c6ca6624fd10ee49350741bcf4beff47cd4ebdce91eca9d7b4d3d91e45b96bd50fa554fa6b71e8e3ea6bcc474b0a71f5d35e5cd ipxe-1.20.1.tar.gz +sha512sums=" +39142187c7b84e81ed95865b2c6ca6624fd10ee49350741bcf4beff47cd4ebdce91eca9d7b4d3d91e45b96bd50fa554fa6b71e8e3ea6bcc474b0a71f5d35e5cd ipxe-1.20.1.tar.gz 99d6dfbfe3a1a5c3792246c18976d7aab708301a4a1163978a22ae2c3052ca59c10fa5a418d131b783f2c230d78c05aad8f295e87cf82e48479dfb345d8793be gcc-10.patch +83469bf56d9bd344eb686dbd1cae85c731794c506ac7bbaecdd00d15f7a2497f512ef1364ecccf0f58099d6c4b9ed86eb8614fa0373c262f7a8b5a5bd3460d5a gcc-11.patch 1f52b62aa9e3ec0656ea3cb5c8e52eda924d58728e64bb03ca6c112858b91b13cf0a9328b105bb232973e240406b240ed14e72b5bd325e82e6fddf3126dbcc58 DST_Root_CA_X3.pem 68030e3f30983ee45c7f740445a246ea0df225becdd0644e06ffdbd84682ac576934dab79fecceb31b70929d81ce85b40301a977862bf7beb042270be21e6d34 alpine-netboot-ca.crt -5a4f1edd0178e696e919e93b90689091f669bffe77ebb9da10d4872d208205fe42b285551f541a07b2067054a2344639052e2b297a582a1f71d907797a77d719 boot.ipxe" +5a4f1edd0178e696e919e93b90689091f669bffe77ebb9da10d4872d208205fe42b285551f541a07b2067054a2344639052e2b297a582a1f71d907797a77d719 boot.ipxe +" diff --git a/main/alpine-ipxe/gcc-11.patch b/main/alpine-ipxe/gcc-11.patch new file mode 100644 index 0000000000..a793cdb18e --- /dev/null +++ b/main/alpine-ipxe/gcc-11.patch @@ -0,0 +1,23 @@ +fixes maybe-used-uninitialised errors +--- a/tests/bigint_test.c ++++ b/tests/bigint_test.c +@@ -210,7 +210,7 @@ + static const uint8_t addend_raw[] = addend; \ + static const uint8_t value_raw[] = value; \ + static const uint8_t expected_raw[] = expected; \ +- uint8_t result_raw[ sizeof ( expected_raw ) ]; \ ++ uint8_t result_raw[ sizeof ( expected_raw ) ] = {0}; \ + unsigned int size = \ + bigint_required_size ( sizeof ( value_raw ) ); \ + bigint_t ( size ) addend_temp; \ +--- a/drivers/net/ath/ath5k/ath5k_eeprom.c ++++ b/drivers/net/ath/ath5k/ath5k_eeprom.c +@@ -410,7 +410,7 @@ + { + struct ath5k_eeprom_info *ee = &ah->ah_capabilities.cap_eeprom; + u32 o = *offset; +- u16 val; ++ u16 val = 0; + int ret; + + if (ee->ee_version < AR5K_EEPROM_VERSION_5_0) diff --git a/main/alsa-lib/APKBUILD b/main/alsa-lib/APKBUILD index 496426969d..20a3b8c828 100644 --- a/main/alsa-lib/APKBUILD +++ b/main/alsa-lib/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alsa-lib -pkgver=1.2.6.1 +pkgver=1.2.7.1 pkgrel=0 pkgdesc="Advanced Linux Sound Architecture (ALSA) library" url="https://alsa-project.org/" @@ -35,10 +35,11 @@ check() { package() { make -j1 DESTDIR="$pkgdir" install + install -d -m755 "$pkgdir"/etc/alsa/conf.d } sha512sums=" -70e539cf092b5d43e00e4134d8a3e184f0dc34312823e4b58a574320cbf06cb7369bc3251ecb1858033756a7a8c35d36faa8da48d49f6efe0cec905784adbd45 alsa-lib-1.2.6.1.tar.bz2 +2a0b4205e8bf602b56a6f5007ba219799e5443827393058e439adf5b391bb6c4815a48bb994b5d108b9f31a90db0eb43a96a0d7741216e2d710dc63d372de27e alsa-lib-1.2.7.1.tar.bz2 e15318431fe2d5bd1e42ef793f223e3e5995890d7befe6daa3d7456ccf5cb2f51eb79171539cecae13032a9b8a798ea35e04c89b27c7ef9567e2c03fb8db4512 remove-test.patch f980d153c2f179e2f8fd90180d19250e5a5e12388f31d86a233d89be72ae7e96b944a8f435f0a11c6140378ac38eaa937175e1c100395ec4f635a9a6a4b1ae25 fix-PATH_MAX-on-ppc64le.patch " diff --git a/main/alsa-utils/APKBUILD b/main/alsa-utils/APKBUILD index e83ac12060..8c72835a6b 100644 --- a/main/alsa-utils/APKBUILD +++ b/main/alsa-utils/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=alsa-utils -pkgver=1.2.6 +pkgver=1.2.7 pkgrel=0 pkgdesc="Advanced Linux Sound Architecture (ALSA) utilities" url="https://alsa-project.org/" @@ -41,7 +41,7 @@ alsaconf() { } sha512sums=" -6842f0f4c2f7cc5ac3ba94736ee259d9988b5d3e0d2b522f858d712e16938d2845fa9ef64f4aa60222b8ef6738e053f9113a5ea24a197f2c0d6c4dbd70030f5e alsa-utils-1.2.6.tar.bz2 +1be8f617315193e6033653ac96a14bd1c3272cd9d8f3776cdb1357f35f5353652acd5975cfc5bd16278cd496f5bf409bb60432818a526282edad9a4c718a97c9 alsa-utils-1.2.7.tar.bz2 f04155e1e391c7f36d44422c8e769bf9370117f6bbea6c0664e9858f7a676cc958e4260e4b4d226e71d0716f6be4e6fdd60f1d07cb7e9922fff378ceec01c47d alsaconf.patch c66959a4a1a24a727c9c91a455caa5fa093c523d17a563b56ec2449a02ff30c83683db555006954b1fe571446cf4a117cc41de8c8b869a6e875d386595b3cc1f alsa.initd d7e212e9f624b09168117b46c66289204a23915adf0d1b0c9ae258049430397b8f2d86d3b5f7e3087151948a031c4eab863e8195a6c7b1276704e9cba9c2d2a7 alsa.confd diff --git a/main/amavis/APKBUILD b/main/amavis/APKBUILD index 02abe30078..943d4bb7fd 100644 --- a/main/amavis/APKBUILD +++ b/main/amavis/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=amavis pkgver=2.12.2 -pkgrel=0 +pkgrel=1 pkgdesc="High-performance interface between mailer (MTA) and content checkers" url="https://gitlab.com/amavis/amavis" arch="noarch !x86" # perl-db @@ -12,7 +12,7 @@ depends="sed file perl perl-archive-zip perl-carp perl-convert-tnef perl-exporter perl-io-stringy perl-mime-tools perl-mailtools perl-socket perl-net-libidn perl-net-server perl-time-hires perl-unix-syslog perl-mail-dkim - perl-io-socket-inet6 + perl-io-socket-inet6 perl-io-socket-ssl perl-mail-spamassassin " makedepends="" @@ -44,7 +44,7 @@ package() { install -Dm755 -o root -g amavis "$file" "$pkgdir/usr/sbin/$file" done - install -Dm640 -o root amavisd.conf "$pkgdir"/etc/amavisd.conf + install -Dm640 -o root -g amavis amavisd.conf "$pkgdir"/etc/amavisd.conf install -Dm755 "$srcdir"/amavisd.initd "$pkgdir"/etc/init.d/amavisd install -Dm644 "$srcdir"/amavisd.confd "$pkgdir"/etc/conf.d/amavisd } diff --git a/main/apache-mod-fcgid/APKBUILD b/main/apache-mod-fcgid/APKBUILD index a5b87e5eae..f816a1c3f2 100644 --- a/main/apache-mod-fcgid/APKBUILD +++ b/main/apache-mod-fcgid/APKBUILD @@ -3,9 +3,9 @@ pkgname=apache-mod-fcgid _pkgreal=mod_fcgid pkgver=2.3.9 -pkgrel=3 +pkgrel=4 pkgdesc="FastCGI module for Apache 2.x" -url="http://httpd.apache.org/$_pkgreal/" +url="https://httpd.apache.org/mod_fcgid/" arch="all" license="Apache-2.0" depends="apache2" @@ -28,5 +28,7 @@ package() { rm -fr "$pkgdir"/etc/apache2/original } -sha512sums="cae8bf8ad324512a51e6f34cb32468ea49a17deaabd481f8b581444891656f2516f10d198630f92ebc18db3d575f61dd7254153938a8206fb6c1441c7850be63 mod_fcgid-2.3.9.tar.gz -e5d7d81905f7cd73b5dbd3baa39c1d84e3c96e3fc3fda41fc52ada1a4353ca5186e53f56d782273d86a858cc9215c72321f34d92643ac176d4232df638a05812 mod_fcgid.conf" +sha512sums=" +cae8bf8ad324512a51e6f34cb32468ea49a17deaabd481f8b581444891656f2516f10d198630f92ebc18db3d575f61dd7254153938a8206fb6c1441c7850be63 mod_fcgid-2.3.9.tar.gz +e5d7d81905f7cd73b5dbd3baa39c1d84e3c96e3fc3fda41fc52ada1a4353ca5186e53f56d782273d86a858cc9215c72321f34d92643ac176d4232df638a05812 mod_fcgid.conf +" diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index 1e47daae52..1202ca36a6 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=apache2 _pkgreal=httpd -pkgver=2.4.52 +pkgver=2.4.54 pkgrel=0 pkgdesc="A high performance Unix-based HTTP server" url="https://httpd.apache.org/" @@ -48,9 +48,24 @@ source="https://dlcdn.apache.org/$_pkgreal/$_pkgreal-$pkgver.tar.bz2 conf/0014-httpd-.conf-LoadModule.patch " options="suid" +[ "$CARCH" = "riscv64" ] && options="$options textrels" builddir="$srcdir"/$_pkgreal-$pkgver # secfixes: +# 2.4.54-r0: +# - CVE-2022-26377 +# - CVE-2022-28330 +# - CVE-2022-28614 +# - CVE-2022-28615 +# - CVE-2022-29404 +# - CVE-2022-30522 +# - CVE-2022-30556 +# - CVE-2022-31813 +# 2.4.53-r0: +# - CVE-2022-22719 +# - CVE-2022-22720 +# - CVE-2022-22721 +# - CVE-2022-23943 # 2.4.52-r0: # - CVE-2021-44224 # - CVE-2021-44790 @@ -381,7 +396,7 @@ _lua() { _load_mods } sha512sums=" -97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6 httpd-2.4.52.tar.bz2 +228493b2ff32c4142c6e484d304f2ea12e467498605fe12adce2b61388d8efe7b2e96ae2fd0abd1dc88a5f12d625e007d8da0ae5628cff2a5272806754f41e18 httpd-2.4.54.tar.bz2 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd diff --git a/main/apg/APKBUILD b/main/apg/APKBUILD index 209509a2b7..fce949153f 100644 --- a/main/apg/APKBUILD +++ b/main/apg/APKBUILD @@ -1,13 +1,14 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apg pkgver=2.2.3 -pkgrel=5 +pkgrel=6 pkgdesc="Automated Password Generator." url="https://linux.die.net/man/1/apg" # Original homepage is dead arch="all" license="BSD-3-Clause" # no check provided by upstream options="!check" +subpackages="$pkgname-doc" source="https://launchpad.net/ubuntu/+archive/primary/+files/${pkgname}_${pkgver}.orig.tar.gz" build() { @@ -20,7 +21,7 @@ package() { cd "$builddir" for i in apg apgbfm; do install -D -m755 $i "$pkgdir"/usr/bin/$i - install -D -m644 doc/man/$i.1 "$pkgdir"/usr/man/man1/$i.1 + install -D -m644 doc/man/$i.1 "$pkgdir"/usr/share/man/man1/$i.1 done } diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD index 26744eea6b..59f5710424 100644 --- a/main/apk-tools/APKBUILD +++ b/main/apk-tools/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apk-tools pkgver=2.12.9 -pkgrel=1 +pkgrel=5 pkgdesc="Alpine Package Keeper - package manager for alpine" arch="all" url="https://gitlab.alpinelinux.org/alpine/apk-tools" @@ -87,5 +87,5 @@ luaapk() { sha512sums=" 2e299e50c5ca8733f04fad971247146ff4bebb697c3589e4692c9a940ede89432dd9fea48004dc947cb493db1206a336ac0ad1e876b02683183d69b4a127d1c6 apk-tools-v2.12.9.tar.gz -48d5437bb8e76b56f972430ac95f1f408687dd2734ff3e69192140abe8f301154329d9cbef0c17da86ac8d825f32bc818376bdfb672bf44adbfa5e21c957d5ec _apk +7870676720f5007eee9482786e02246f8e3474afb90e76c9c83aebe914747a8e007b5d2eed6441933f4922024b3f0664db270f21981ad6c2db877a110b0cd79e _apk " diff --git a/main/apk-tools/_apk b/main/apk-tools/_apk index 0ce54d74de..4b4a238fc6 100644 --- a/main/apk-tools/_apk +++ b/main/apk-tools/_apk @@ -62,7 +62,7 @@ function _apk { zstyle ":completion:${curcontext}:" cache-policy _ccache_apk_avail local IFS=$'\n' if _cache_invalid apk_index_packages_available || ! _retrieve_cache apk_index_packages_available; then - _apk_available_packs=(${${$(/sbin/apk list -a 2>/dev/null)%% *}%%-[[:digit:].]##([[:alpha:]]#)#(_[[:alpha:]]#[[:digit:]])#(-r[[:digit:]]##)#}) + _apk_available_packs=(${${$(/sbin/apk list -a 2>/dev/null)%% *}%-*-r[[:digit:]]*}) _store_cache apk_index_packages_available _apk_available_packs fi _describe 'available packages' _apk_available_packs @@ -73,7 +73,7 @@ function _apk { zstyle ":completion:${curcontext}:" cache-policy _ccache_apk_world local IFS=$'\n' if _cache_invalid apk_index_packages_installed || ! _retrieve_cache apk_index_packages_installed; then - _apk_installed_packs=(${${$(/sbin/apk list -I 2>/dev/null)%% *}%%-[[:digit:].]##([[:alpha:]]#)#(_[[:alpha:]]#[[:digit:]])#(-r[[:digit:]]##)#}) + _apk_installed_packs=(${${$(/sbin/apk list -I 2>/dev/null)%% *}%-*-r[[:digit:]]*}) _store_cache apk_index_packages_installed _apk_installed_packs fi _describe 'installed packages' _apk_installed_packs diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD index 265e51151a..f3fe4bec27 100644 --- a/main/apr-util/APKBUILD +++ b/main/apr-util/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apr-util pkgver=1.6.1 -pkgrel=11 +pkgrel=12 pkgdesc="The Apache Portable Runtime Utility Library" -url="http://apr.apache.org/" +url="https://apr.apache.org/" arch="all" license="Apache-2.0" subpackages="$pkgname-dev $pkgname-dbd_pgsql $pkgname-dbd_mysql @@ -55,5 +55,7 @@ dbd_mysql() { _mv_mod dbd_mysql "MySQL"; } dbd_sqlite3() { _mv_mod dbd_sqlite "SQLite3"; } ldap() { _mv_mod ldap "LDAP"; } -sha512sums="40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2 -4672c55bbe78a401483dd21f29dd1f92d70887191f3d4945a616223c18e39e051609a3b52a5547a9dbcc54e315cf5866e5dfb5ef9507c3914e9d74a67e75a00e musl-fix-testsuite.patch" +sha512sums=" +40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2 +4672c55bbe78a401483dd21f29dd1f92d70887191f3d4945a616223c18e39e051609a3b52a5547a9dbcc54e315cf5866e5dfb5ef9507c3914e9d74a67e75a00e musl-fix-testsuite.patch +" diff --git a/main/apr/APKBUILD b/main/apr/APKBUILD index c2a40dad1e..431eb17f36 100644 --- a/main/apr/APKBUILD +++ b/main/apr/APKBUILD @@ -1,21 +1,25 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=apr pkgver=1.7.0 -pkgrel=0 +pkgrel=2 pkgdesc="The Apache Portable Runtime" -url="http://apr.apache.org/" +url="https://apr.apache.org/" arch="all" license="Apache-2.0" -depends_dev="util-linux-dev bash" +depends_dev="util-linux-dev" makedepends="$depends_dev" subpackages="$pkgname-dev" source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2 apr-1.6.2-dont-test-dlclose.patch semtimedop-s390x.patch + CVE-2021-35940.patch " +# secfixes: +# 1.7.0-r2: +# - CVE-2021-35940.patch + build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -27,27 +31,26 @@ build() { } check() { - cd "$builddir" - make -j1 check + make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } # basicly everything thats not a *.so* file belongs to the -dev package # we override the pre-defined func. dev() { - local i depends="$pkgname $depends_dev" mkdir -p "$subpkgdir" mv "$pkgdir"/* "$subpkgdir"/ mkdir -p "$pkgdir"/usr/lib mv "$subpkgdir"/usr/lib/*.so* "$pkgdir"/usr/lib/ - return 0 } -sha512sums="3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148 apr-1.7.0.tar.bz2 +sha512sums=" +3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148 apr-1.7.0.tar.bz2 9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef apr-1.6.2-dont-test-dlclose.patch -5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch" +5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch +33c072ad4e27afee4b93df5b1076a8d858c6f4ef57df4e2dd1bf750f8b0390cb130744aa3bf67c4de359b35a558da07e479b10e0028ec935aa9a1ea4820c995e CVE-2021-35940.patch +" diff --git a/main/apr/CVE-2021-35940.patch b/main/apr/CVE-2021-35940.patch new file mode 100644 index 0000000000..0b72ab964c --- /dev/null +++ b/main/apr/CVE-2021-35940.patch @@ -0,0 +1,53 @@ +Patch-Source: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch +SECURITY: CVE-2021-35940 (cve.mitre.org) + +Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though +was addressed in 1.6.x in 1.6.3 and later via r1807976. + +The fix was merged back to 1.7.x in r1891198. + +Since this was a regression in 1.7.0, a new CVE name has been assigned +to track this, CVE-2021-35940. + +Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue. + +https://svn.apache.org/viewvc?view=revision&revision=1891198 + +Index: time/unix/time.c +=================================================================== +--- a/time/unix/time.c (revision 1891197) ++++ b/time/unix/time.c (revision 1891198) +@@ -142,6 +142,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) +Index: time/win32/time.c +=================================================================== +--- a/time/win32/time.c (revision 1891197) ++++ b/time/win32/time.c (revision 1891198) +@@ -54,6 +54,9 @@ + static const int dayoffset[12] = + {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; + ++ if (tm->wMonth < 1 || tm->wMonth > 12) ++ return APR_EBADDATE; ++ + /* Note; the caller is responsible for filling in detailed tm_usec, + * tm_gmtoff and tm_isdst data when applicable. + */ +@@ -228,6 +231,9 @@ + static const int dayoffset[12] = + {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275}; + ++ if (xt->tm_mon < 0 || xt->tm_mon >= 12) ++ return APR_EBADDATE; ++ + /* shift new year to 1st March in order to make leap year calc easy */ + + if (xt->tm_mon < 2) diff --git a/main/arm-trusted-firmware/APKBUILD b/main/arm-trusted-firmware/APKBUILD index 1b8c4a2fd3..aff371ab3e 100644 --- a/main/arm-trusted-firmware/APKBUILD +++ b/main/arm-trusted-firmware/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Bart Ribbers <bribbers@disroot.org> pkgname=arm-trusted-firmware pkgver=2.6 -pkgrel=0 +pkgrel=1 pkgdesc="ARM Trusted Firmware-A (TF-A)" url="https://github.com/ARM-software/arm-trusted-firmware" arch="aarch64" @@ -12,11 +12,16 @@ makedepends="dtc" source="https://github.com/ARM-software/arm-trusted-firmware/archive/v$pkgver/arm-trusted-firmware-v$pkgver.tar.gz" options="!check" # No tests -_plats="sun50i_a64 sun50i_h6" +_plats=" + imx8mq + sun50i_a64 + sun50i_h6 + " build() { unset LDFLAGS for plat in $_plats; do + msg "Building ATF for $plat" make PLAT=$plat bl31 done } diff --git a/main/arpon/APKBUILD b/main/arpon/APKBUILD index 772636a463..f331e358bb 100644 --- a/main/arpon/APKBUILD +++ b/main/arpon/APKBUILD @@ -3,12 +3,12 @@ pkgname=arpon pkgver=3.0 _realver=3.0-ng -pkgrel=5 +pkgrel=6 pkgdesc="Arp handler inspectiON is a handler daemon with tools to handle all ARP aspects" -url="http://arpon.sourceforge.net/" +url="https://arpon.sourceforge.io/" arch="all" license="BSD-2-Clause" -makedepends="libdnet-dev libpcap-dev libnet-dev cmake" +makedepends="libdnet-dev libpcap-dev libnet-dev cmake samurai" subpackages="$pkgname-doc $pkgname-openrc" source="https://downloads.sourceforge.net/project/arpon/arpon/ArpON-$_realver.tar.gz fix-ppc64le-werror.patch @@ -20,14 +20,20 @@ source="https://downloads.sourceforge.net/project/arpon/arpon/ArpON-$_realver.ta builddir="$srcdir"/ArpON-$_realver build() { - cmake -B build . \ + cmake -B build -G Ninja \ -DCMAKE_C_FLAGS="$CFLAGS" \ - -DCMAKE_BUILD_TYPE=MinSizeRel - make -C build + -DCMAKE_BUILD_TYPE=MinSizeRel \ + . + cmake --build build +} + +check() { + cd build + CTEST_OUTPUT_ON_FAILURE=TRUE ctest } package() { - make -C build install DESTDIR="$pkgdir" + DESTDIR="$pkgdir" cmake --install build install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname } diff --git a/main/arpwatch/APKBUILD b/main/arpwatch/APKBUILD index deff86dc18..22860803d7 100644 --- a/main/arpwatch/APKBUILD +++ b/main/arpwatch/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=arpwatch -pkgver=3.2 +pkgver=3.3 pkgrel=0 pkgdesc="Ethernet monitoring program" url="https://www-nrg.ee.lbl.gov/" @@ -55,7 +55,7 @@ package() { } sha512sums=" -0a028e770e73f8ff2e926da5ab58e067c05908924a60cfc52c5fb7d57a0f36d3087f6cedb4a8b39b66ce85a4f6a12a594e7e74fd044331e5f346bcc9add99585 arpwatch-3.2.tar.gz +4e3d542917dc9060ae7b35b40f41cb696eb36e68846194a76f025c5ecb1df1e67d5c1c66ba3c7e581e1f915b988d05cb7805f28d410784bd27dc3a448dccdece arpwatch-3.3.tar.gz 854f6361bf02586516db4f50afdee729c047cd788985f72f475e592e0e744c24d7d765f0391d733dbf417048c26b6d43c00eb63c58e6798bdb2366b93cbfe03a arpwatch.confd 83fc559aecd82cefd430104df23fc7680ac14d2c27f74d4543585382166e16a65563e00122281e886278993a9ca574daa5b2b2100884369c3a3146a66b68a0f7 arpwatch.initd b537220b7a19f7f28d1b60cfea6ef2e4d0c852ac83907fdd2515e467c3d16529b0c5a25ee653536e674c63d47a00709fc89fd6085efc5ba4a12f392df5ae5788 22_alpine_bihourly_script.patch diff --git a/main/asciidoctor/APKBUILD b/main/asciidoctor/APKBUILD index ab62dc6898..31e0e5f4ba 100644 --- a/main/asciidoctor/APKBUILD +++ b/main/asciidoctor/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=asciidoctor pkgver=2.0.17 -pkgrel=0 +pkgrel=1 pkgdesc="Converter for AsciiDoc to HTML5, DocBook 5 (or 4.5) and other formats" url="https://rubygems.org/gems/$pkgname" arch="noarch" diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD index 80dc4cecdd..f19a684766 100644 --- a/main/asterisk/APKBUILD +++ b/main/asterisk/APKBUILD @@ -3,8 +3,8 @@ # Contributor: Timo Teras <timo.teras@iki.fi> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=asterisk -pkgver=18.2.2 -pkgrel=5 +pkgver=18.11.2 +pkgrel=0 pkgdesc="Modular Open Source PBX System" pkgusers="asterisk" pkggroups="asterisk" @@ -69,13 +69,16 @@ source="$_download/asterisk-$pkgver.tar.gz 20-musl-astmm-fix.patch 30-asterisk-mariadb.patch 40-asterisk-cdefs.patch - CVE-2021-32558.patch asterisk.initd asterisk.confd asterisk.logrotate " # secfixes: +# 18.11.2-r0: +# - CVE-2022-26498 +# - CVE-2022-26499 +# - CVE-2022-26651 # 18.2.2-r2: # - CVE-2021-32558 # 18.2.1-r0: @@ -162,7 +165,6 @@ build() { --enable app_meetme \ --enable cdr_mysql \ --disable BUILD_NATIVE \ - --enable IMAP_STORAGE \ --enable codec_opus_open_source \ menuselect.makeopts @@ -238,14 +240,13 @@ sound_en() { } sha512sums=" -e15fe3c7f46d49991bcb6f6f565f15e4af0d658b4cd6b091079209dd95a8027858effdc2f2314d72ed46a73cdebc089d3c27d5cf8db50d2d21f3c317a8a4a546 asterisk-18.2.2.tar.gz +6b33949edb26b8dec5c4c79fe07f4fe3c82a83014944b142ffe5cdf9e626a7240e65c31f9215136ab964b14e077829c4ae99e1b0c2067e8b8ac016f628281e06 asterisk-18.11.2.tar.gz aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz 69d82b878728f99b7bf7e862025cbc01aa5b6b9332a5372059ea89a788c66fd351f1103989b3573a7a4ba9ff533f3ee2ff5d88de938440e05d6246e41a882306 asterisk-13.7-90e8780faccc79e68c07775c6ab2fe1ffaccfa08.tar.gz 771237ba6d42ab62d914f2702234b23fd0bc8c22f2aa33b0e745c9170163c8046f6d48ecb299faab3d6fb397f1aa046421083c3cc88510c9779861c522f357dd 10-musl-mutex-init.patch 0fae11b42894ab3d405bc50e9275b9084712b482fbf9b4259ea938667fc5cbe413655f3ff83da0f607151bb2b6e49c2f741b5ada6944dbb478f076ef8d86380a 20-musl-astmm-fix.patch 616de74bdd3c4a6e899128c73e31f5ff219095d2afe321f85a51f518ec2e9dac9b63396eed8e2568c295f1beb90f9a506c72d28211a973b35185bfffd24af37e 30-asterisk-mariadb.patch ba33f11169284f190b7dabab1da7d2751cb65d7976408db635a892fa17d7552e1660350017e7aada3464ecc7d9d6e99d6ad76d66c0036de062a386cffbc948e6 40-asterisk-cdefs.patch -87df7c97c0963f41a6d61ed80c7b9996d7f38fa39bbca50c3157f4bb68146e1c977459dfdff734395aca4fd9d801c15d6c996bfabdd81be16b96f3bbe92ff480 CVE-2021-32558.patch 0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd 449b5808d90c813c23432274fba47e53227e3a924a55719d2f9e5a90fd2dfb33660a5c85c7e8f11fbb1cd93387e5c68329ed5583f7a64c2451fadad62a9f87dd asterisk.logrotate diff --git a/main/asterisk/CVE-2021-32558.patch b/main/asterisk/CVE-2021-32558.patch deleted file mode 100644 index 522d8d6f4f..0000000000 --- a/main/asterisk/CVE-2021-32558.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 852a8780cb45db0dca7c18b364cb0485a1e09840 Mon Sep 17 00:00:00 2001 -From: Kevin Harwell <kharwell@sangoma.com> -Date: Mon, 10 May 2021 17:59:00 -0500 -Subject: [PATCH] AST-2021-008 - chan_iax2: remote crash on unsupported media format - -If chan_iax2 received a packet with an unsupported media format, for -example vp9, then it would set the frame's format to NULL. This could -then result in a crash later when an attempt was made to access the -format. - -This patch makes it so chan_iax2 now ignores/drops frames received -with unsupported media format types. - -ASTERISK-29392 #close - -Change-Id: Ifa869a90dafe33eed8fd9463574fe6f1c0ad3eb1 ---- - -diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c -index 4122c04..c57434b 100644 ---- a/channels/chan_iax2.c -+++ b/channels/chan_iax2.c -@@ -4132,6 +4132,7 @@ - long ms; - long next; - struct timeval now = ast_tvnow(); -+ struct ast_format *voicefmt; - - /* Make sure we have a valid private structure before going on */ - ast_mutex_lock(&iaxsl[callno]); -@@ -4151,10 +4152,9 @@ - - ms = ast_tvdiff_ms(now, pvt->rxcore); - -- if(ms >= (next = jb_next(pvt->jb))) { -- struct ast_format *voicefmt; -- voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat); -- ret = jb_get(pvt->jb, &frame, ms, voicefmt ? ast_format_get_default_ms(voicefmt) : 20); -+ voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat); -+ if (voicefmt && ms >= (next = jb_next(pvt->jb))) { -+ ret = jb_get(pvt->jb, &frame, ms, ast_format_get_default_ms(voicefmt)); - switch(ret) { - case JB_OK: - fr = frame.data; -@@ -4182,7 +4182,7 @@ - pvt = iaxs[callno]; - } - } -- break; -+ break; - case JB_DROP: - iax2_frame_free(frame.data); - break; -@@ -6451,8 +6451,14 @@ - f->frametype = fh->type; - if (f->frametype == AST_FRAME_VIDEO) { - f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40) | ((fh->csub >> 6) & 0x1)); -+ if (!f->subclass.format) { -+ f->subclass.format = ast_format_none; -+ } - } else if (f->frametype == AST_FRAME_VOICE) { - f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub)); -+ if (!f->subclass.format) { -+ f->subclass.format = ast_format_none; -+ } - } else { - f->subclass.integer = uncompress_subclass(fh->csub); - } -@@ -9929,8 +9935,8 @@ - } else if (iaxs[fr->callno]->voiceformat == 0) { - ast_log(LOG_WARNING, "Received trunked frame before first full voice frame\n"); - iax2_vnak(fr->callno); -- } else { -- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat); -+ } else if ((f.subclass.format = ast_format_compatibility_bitfield2format( -+ iaxs[fr->callno]->voiceformat))) { - f.datalen = len; - if (f.datalen >= 0) { - if (f.datalen) -@@ -10173,11 +10179,17 @@ - f.frametype = fh->type; - if (f.frametype == AST_FRAME_VIDEO) { - f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40)); -+ if (!f.subclass.format) { -+ return 1; -+ } - if ((fh->csub >> 6) & 0x1) { - f.subclass.frame_ending = 1; - } - } else if (f.frametype == AST_FRAME_VOICE) { - f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub)); -+ if (!f.subclass.format) { -+ return 1; -+ } - } else { - f.subclass.integer = uncompress_subclass(fh->csub); - } -@@ -11795,6 +11807,11 @@ - f.subclass.frame_ending = 1; - } - f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->videoformat); -+ if (!f.subclass.format) { -+ ast_variables_destroy(ies.vars); -+ ast_mutex_unlock(&iaxsl[fr->callno]); -+ return 1; -+ } - } else { - ast_log(LOG_WARNING, "Received mini frame before first full video frame\n"); - iax2_vnak(fr->callno); -@@ -11816,9 +11833,14 @@ - } else { - /* A mini frame */ - f.frametype = AST_FRAME_VOICE; -- if (iaxs[fr->callno]->voiceformat > 0) -+ if (iaxs[fr->callno]->voiceformat > 0) { - f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat); -- else { -+ if (!f.subclass.format) { -+ ast_variables_destroy(ies.vars); -+ ast_mutex_unlock(&iaxsl[fr->callno]); -+ return 1; -+ } -+ } else { - ast_debug(1, "Received mini frame before first full voice frame\n"); - iax2_vnak(fr->callno); - ast_variables_destroy(ies.vars); diff --git a/main/at-spi2-core/APKBUILD b/main/at-spi2-core/APKBUILD index 3a811bfadd..6e7e7a26fb 100644 --- a/main/at-spi2-core/APKBUILD +++ b/main/at-spi2-core/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=at-spi2-core -pkgver=2.42.0 +pkgver=2.44.1 pkgrel=0 pkgdesc="Protocol definitions and daemon for D-Bus at-spi" url="https://www.freedesktop.org/wiki/Accessibility/AT-SPI2/" @@ -28,5 +28,5 @@ package() { } sha512sums=" -befcab94b3aa99471723238d9666fc6667041b058a2bac3b012cfa15a91950996431296f33c921764e0ec4ffd0cc41ebe00be461a8460d6f4d2bafff19a38e10 at-spi2-core-2.42.0.tar.xz +8d85df75f886c4a19d829d14e5a9412b607b9cbe2d1b7ecb95b4082602f0624e90747fe955f96d378c3a52bc0e732074b97008bb34e6acc2722c7056b2c0504e at-spi2-core-2.44.1.tar.xz " diff --git a/main/atk/APKBUILD b/main/atk/APKBUILD index abf7d04498..dd8c681811 100644 --- a/main/atk/APKBUILD +++ b/main/atk/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=atk -pkgver=2.36.0 +pkgver=2.38.0 pkgrel=0 pkgdesc="A library providing a set of interfaces for accessibility" url="https://www.gtk.org/" @@ -26,4 +26,6 @@ package() { DESTDIR="$pkgdir" meson install --no-rebuild -C output } -sha512sums="d0f18204eaf96511e8448e3dfbc4b6953a7cf8b816151fb7caf5592cf578572b1cdb16836fe2157b11e3ad018ef171f1ca1bfdf255bb31bb455716d7519fd634 atk-2.36.0.tar.xz" +sha512sums=" +dffd0a0814a9183027c38a985d86cb6544858e9e7d655843e153440467957d6bc1abd9c9479a57078aea018053410438a30a9befb7414dc79020b223cd2c774b atk-2.38.0.tar.xz +" diff --git a/main/atop/APKBUILD b/main/atop/APKBUILD index 7084d21610..0915ff3967 100644 --- a/main/atop/APKBUILD +++ b/main/atop/APKBUILD @@ -1,22 +1,22 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=atop pkgver=2.7.1 -pkgrel=0 +pkgrel=1 pkgdesc="Resource-specific view of processes" url="https://www.atoptool.nl/" arch="all" license="GPL-2.0-or-later" makedepends="zlib-dev ncurses-dev linux-headers" -subpackages="$pkgname-doc" +subpackages="$pkgname-doc $pkgname-openrc" source="https://www.atoptool.nl/download/atop-$pkgver.tar.gz atop-daily-bb.patch atop-include-macros.patch + make-cron-background.patch atop.initd " -options="suid" +options="suid !check" prepare() { - cd "$builddir" default_prepare sed -i -e '/^CFLAGS/s: = -O : += :' \ @@ -28,25 +28,23 @@ prepare() { } build() { - cd "$builddir" + make } package() { - cd "$builddir" - mkdir -p "$pkgdir"/var/log/atop "$pkgdir"/var/run "$pkgdir"/usr/sbin - make -j1 DESTDIR="$pkgdir" \ + make DESTDIR="$pkgdir" \ INIPATH=/etc/init.d \ SCRPATH=/etc/periodic/daily \ sysvinstall rm -fr "$pkgdir"/etc/cron.d mv "$pkgdir"/etc/periodic/daily/atop.daily \ "$pkgdir"/etc/periodic/daily/atop - } sha512sums=" f5013dbc25b86f07c9892555705bb3db2eeb949478f53e6e5545308b0c7c173c4c7a8ed0eae1f173e075210f81fceee09d7a9d90de76c4f011e38ad4a76b780b atop-2.7.1.tar.gz 664225450074962aac0e13484c9b2feaf08620bbe1e0f9c5dc1b02f1ecd315224cd04df53134f2d107210fc9223a64d8885ae70d33d0663c2335fa6d46f6ddfd atop-daily-bb.patch f30c9e6051332af8c8cafcd881f89a0e2d2a8e1d84eee8ac0c8c6b58f3ae3431fcf9c40dea6d03e271f8969802de449d33b4323c13045bdb38a539732c81a8b6 atop-include-macros.patch +e563894eceadf63ff153714829218b8f78dd21a129b90817960bdb4452768f41ed884dc9967f94b979e42f04d6434fcbd423bcf1651976a5ad60c34b206ce7e9 make-cron-background.patch 172c9d367b936427ccbbbd1140c7808ec8ffe3194b3557ba024820dac8fa68c9919f7dc34d332e91283fde64d731db7bdbfee3c2d6caad3cd291e0f1c227cb03 atop.initd " diff --git a/main/atop/make-cron-background.patch b/main/atop/make-cron-background.patch new file mode 100644 index 0000000000..a710572cf7 --- /dev/null +++ b/main/atop/make-cron-background.patch @@ -0,0 +1,28 @@ +From a2cd8d902a833e5bec024e81d6361684c1f84e4b Mon Sep 17 00:00:00 2001 +From: ptrcnull <git@ptrcnull.me> +Date: Tue, 1 Mar 2022 15:33:05 +0100 +Subject: [PATCH] Make daily atop cron job run in the background + +--- + atop.daily | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/atop.daily b/atop.daily +index 55737fd..5e18650 100755 +--- a/atop.daily ++++ b/atop.daily +@@ -57,8 +57,7 @@ fi + # + ( (sleep 3; find "$LOGPATH" -name 'atop_*' -mtime +"$LOGGENERATIONS" -exec rm {} \;)& ) + +-# activate atop with an interval of S seconds (configurable), +-# replacing the current shell ++# activate atop with an interval of S seconds (configurable) + # +-echo $$ > $PIDFILE +-exec $BINPATH/atop $LOGOPTS -w "$LOGPATH"/atop_"$CURDAY" "$LOGINTERVAL" > "$LOGPATH/daily.log" 2>&1 ++$BINPATH/atop $LOGOPTS -w "$LOGPATH"/atop_"$CURDAY" "$LOGINTERVAL" > "$LOGPATH/daily.log" 2>&1 & ++echo $! > $PIDFILE +-- +2.35.1 + diff --git a/main/audit/APKBUILD b/main/audit/APKBUILD index 29e20b52a0..d706e91a99 100644 --- a/main/audit/APKBUILD +++ b/main/audit/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Dermot Bradley <dermot_bradley@yahoo.com> # Maintainer: Tycho Andersen <tycho@docker.com> pkgname=audit -pkgver=3.0.6 +pkgver=3.0.8 pkgrel=0 -pkgdesc="User space tools for 2.6 kernel auditing" +pkgdesc="User space tools for kernel auditing" url="https://people.redhat.com/sgrubb/audit/" arch="all" license="GPL-2.0-or-later" @@ -13,24 +13,12 @@ install="$pkgname.pre-install" subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-openrc" source="https://people.redhat.com/sgrubb/audit/audit-$pkgver.tar.gz 0003-all-get-rid-of-strndupa.patch - 0004-fix-path-in-au-remote-conf.patch + usr-paths.patch + musl.patch auditd.initd auditd.confd" -case "$CARCH" in -mips*) - # mips builder does not have audit support enabled - options="$options !check" - ;; -esac - -builddir="$srcdir/audit-$pkgver" - build() { - if [ "$CARCH" = "ppc64le" ]; then - WITHOUT="--without-python3 --without-python" - fi - ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -41,13 +29,12 @@ build() { --disable-zos-remote \ --enable-shared=audit \ --with-arm \ - --with-aarch64 \ - $WITHOUT + --with-aarch64 make } check() { - make -j1 check + make check } package() { @@ -63,9 +50,10 @@ static() { } sha512sums=" -74734e1b1fddea086db9c5dc8c4b7817917fdf17bc7ca4e5b440aae975484d020a17c3f485f6a37b6b150a307d809e50d559d31a8cbd6f1e554933719551bcd1 audit-3.0.6.tar.gz +8379bf425d68381d182300e628e42de8460d2f3e15b2395e10880f94b9989656852a50a9bece75b632ec8a04c40c9e666ff4c9d6b25ace3a8f50d2011506afab audit-3.0.8.tar.gz f3f2c4ee745e99877c981d889c5cbb0379d073a9b7634c1480ae603a21a13045f9978b51f8cb53c8d0ba414d249bb859af7bca7e302c464b3fc3c6463ecca762 0003-all-get-rid-of-strndupa.patch -6a0e1fb81d7defe6ad84da447a55e1e0b90299fcbd1ca679934a1dfa1a211986ea4642a1c69abe0619120b64b16546a41fa028f55f27c79819d896178aac6df7 0004-fix-path-in-au-remote-conf.patch +90c7d213a0b4ef27bf643e046dd2b3c5909706c62fba24ef34ecb32ff07b73fda13ed04c616a7cf8148115fc977aa1096b61e717abd5bd32f72f7bb4ac07999f usr-paths.patch +a347c45cb1cd3c93ece5352218f1e7bc38938f3cbaf060158e4df40e9f027afbc3c6a3651f25e26e45ab9f2c96af2181d2638b09ed747a4348d0fc88af798798 musl.patch b3d7ceba02b6b4406222c3b142fcfdf2b612dc52eebc490cfd121d696e4ef7c6cc5e27813d67937c464ed4c3cd283de9ccfcb75e63405a447523fa4641e79da3 auditd.initd 69d8777772ded7a8c0db2bcf84961b121bb355fa0d4ba0e14e311f8a8bfe665cbd2b7ac632d73477f9dfa9a6eec357a7ed458fe9b3e7b5ede75b166f3f092ab7 auditd.confd " diff --git a/main/audit/musl.patch b/main/audit/musl.patch new file mode 100644 index 0000000000..c96ce65350 --- /dev/null +++ b/main/audit/musl.patch @@ -0,0 +1,11 @@ +--- a/auparse/auparse.h ++++ b/auparse/auparse.h +@@ -51,7 +51,7 @@ + void auparse_destroy(auparse_state_t *au); + void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what); + auparse_state_t *auparse_init(ausource_t source, const void *b) +- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1); ++ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1); + int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len) + __attr_access ((__read_only__, 2, 3)); + int auparse_feed(auparse_state_t *au, const char *data, size_t data_len) diff --git a/main/audit/0004-fix-path-in-au-remote-conf.patch b/main/audit/usr-paths.patch index c3d1efd846..8e1c2b67d9 100644 --- a/main/audit/0004-fix-path-in-au-remote-conf.patch +++ b/main/audit/usr-paths.patch @@ -1,7 +1,8 @@ From: Dermot Bradley <dermot_bradley@yahoo.com> Date: Fri, 29 May 2020 19:55:23 +0100 +Updated: Mon, 30 May 2022 23:42:39 +0000 -Fix the path to the audisp-remote binary. +correct paths in plugins --- a/audisp/plugins/remote/au-remote.conf +++ b/audisp/plugins/remote/au-remote.conf @@ -14,3 +15,14 @@ Fix the path to the audisp-remote binary. type = always #args = format = string +--- a/audisp/plugins/syslog/syslog.conf ++++ b/audisp/plugins/syslog/syslog.conf +@@ -8,7 +8,7 @@ + + active = no + direction = out +-path = /sbin/audisp-syslog ++path = /usr/sbin/audisp-syslog + type = always + args = LOG_INFO + format = string diff --git a/main/aumix/APKBUILD b/main/aumix/APKBUILD index 2fc8efeceb..5111a26cca 100644 --- a/main/aumix/APKBUILD +++ b/main/aumix/APKBUILD @@ -1,14 +1,14 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=aumix pkgver=2.9.1 -pkgrel=7 +pkgrel=8 pkgdesc="color text mode sound mixer" -url="http://www.jpj.net/~trevor/aumix.html" +url="https://sourceforge.net/projects/aumix/" arch="all" license="GPL-2.0-or-later" makedepends="ncurses-dev linux-headers" subpackages="$pkgname-doc" -source="http://jpj.net/~trevor/aumix/releases/aumix-$pkgver.tar.bz2 +source="https://downloads.sourceforge.net/aumix/$pkgver/aumix-$pkgver.tar.bz2 gcc-10.patch aumix.initd " diff --git a/main/autoconf-archive/APKBUILD b/main/autoconf-archive/APKBUILD index 36c8afb1a1..43f4159b1e 100644 --- a/main/autoconf-archive/APKBUILD +++ b/main/autoconf-archive/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@alpinelinux.org> # Maintainer: Roberto Oliveira <robertoguimaraes8@gmail.com> pkgname=autoconf-archive -pkgver=2021.02.19 -pkgrel=1 +pkgver=2022.02.11 +pkgrel=0 pkgdesc="Collection of re-usable GNU Autoconf macros" url="https://www.gnu.org/software/autoconf-archive" arch="noarch" @@ -28,5 +28,5 @@ package() { } sha512sums=" -a968c355c3cf66d74dc5b452141afbdf763e84a6c43b12c25da9a08482910d6d57ba3952aaf270d8cd5fd8b9d2dadf2d7d943ae2e1b067d68b71d2738d881aa0 autoconf-archive-2021.02.19.tar.xz +243e06a356ea2c0fddc527febd4241da49fe4c11fb64b548873744a54e079860739d7a1da842833b99540acde3f6a2ebfddc41897306cc2e61e2c6037a7d22ff autoconf-archive-2022.02.11.tar.xz " diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD index 8a18632628..2b0508dcea 100644 --- a/main/avahi/APKBUILD +++ b/main/avahi/APKBUILD @@ -1,11 +1,11 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=avahi pkgver=0.8 -pkgrel=5 +pkgrel=6 pkgdesc="multicast/unicast DNS-SD framework" url="https://www.avahi.org/" arch="all" -license="LGPL-2.0-or-later" +license="LGPL-2.1-or-later" pkgusers="avahi" pkggroups="avahi" depends_dev="gdbm-dev" diff --git a/main/awall/APKBUILD b/main/awall/APKBUILD index 80742b20cc..5503262464 100644 --- a/main/awall/APKBUILD +++ b/main/awall/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Kaarle Ritvanen <kunkku@alpinelinux.org> # Maintainer: Kaarle Ritvanen <kunkku@alpinelinux.org> pkgname=awall -pkgver=1.11.1 +pkgver=1.12.0 pkgrel=0 pkgdesc="Alpine Wall" url="https://gitlab.alpinelinux.org/alpine/awall" @@ -10,7 +10,7 @@ arch="noarch" license="GPL-2.0-only" replaces="awall-nat" depends="drill ip6tables ipset iptables lua$_luaver lua$_luaver-alt-getopt - lua$_luaver-cjson lua$_luaver-pc lua$_luaver-posix lua$_luaver-schema + lua$_luaver-cjson lua$_luaver-pc lua$_luaver-posix lua-schema lua$_luaver-stringy lua$_luaver-lyaml xtables-addons" subpackages="$pkgname-masquerade $pkgname-policies" triggers="$pkgname.trigger=/usr/share/awall" @@ -51,7 +51,7 @@ policies() { } sha512sums=" -5f23bbe324e5f0618b92b1658487d925ff92624914295e8bb46a757c554f963643f611c5362c15d8feb05da7745de934def3b00aa68fe396a868541a8943dfce awall-v1.11.1.tar.bz2 +1e5b2bb3a64229c79959bd44dfa02c3b6230135eb0368bdc83ee5f0ce97ff9c02259442a3e8f9ae4eb62aaab97186537de15e5a548c720c7bed1aac8ecf30aa2 awall-v1.12.0.tar.bz2 e83ea3281c298092530e45fa5b62f6f85b9e5109b11e109799465ea832608294c7d9c4c3f5b0f321dfc0e82040daf3a17d066e9dea65cb0dbae2c453ea9e62cd awall-init 1cd4b7fa5fc6c9ac6667dff5cc00d96a3cc42aaccafe3c5562d3dcfd9f22ddec9cfe5a9339fee8001b67ccb8e8b81c9417f39a461e5052af9bf74a2753559bf7 setup-firewall " diff --git a/main/bacula/APKBUILD b/main/bacula/APKBUILD index 91a391c1b8..947154bd0d 100644 --- a/main/bacula/APKBUILD +++ b/main/bacula/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=bacula -pkgver=9.6.7 -pkgrel=2 +pkgver=11.0.6 +pkgrel=1 pkgdesc="Enterprise ready, network based backup program" url="https://www.bacula.org" arch="all" @@ -21,6 +21,7 @@ source="https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/$pkg bacula-sd.initd bacula-fd.initd bacula-7.4.0-path-mounted.patch + bacula-11.0.6-pthread-double-detach-fix.patch " options="!check" #no test suite provided @@ -155,8 +156,11 @@ client() { install -d -o $pkgname -g $pkgname "$subpkgdir"/$_bworkdir } -sha512sums="27551faa2e4b13c6c2b9a2500f1253dfa5ee84929013491a7bf512d965d655c5af78b08201090474bc9b29827ca0a5c1c5a23a55712a1f739f37de75449cfd4d bacula-9.6.7.tar.gz +sha512sums=" +44abc9e3598f3d3beea3e85cca0867e4b9b77c4e7a17cb1902a5e952b049fb2b15f8f6319436fce1dd92ad52d26f04d7225dd052372ecc30aa55fb668a639149 bacula-11.0.6.tar.gz bb954bb94bffa68ba80872046782a73012487291f019fb8d7ff77fc7f4325e25bee88612b3279b4db7d3c2002ac7448ffabcda62da7bab54642a7413904abc91 bacula-dir.initd 0505b9a74520af6982d5df4390525976f8e009e641d0acfe8f24b2ec9f155166a65eecbabee9ff70ffe188d523effa64f958acd8f657410b1c002a6d736e8aee bacula-sd.initd 91a53cb566cfd91b42a319bd6ff9947047cae187c6ec198767853d1a0253667d6c2c58f0e72ed43a7b9f40b76e705cafde7a1d6ac86577fa0f64f44b031dec11 bacula-fd.initd -2d3757236aacca421261a8866ff04b5b0151538e1462559bd1240119b1bece1d456acbba9fee86dbc6aaec7af2a52eb2c0b7490c5f371b7deb478731c74342ff bacula-7.4.0-path-mounted.patch" +2d3757236aacca421261a8866ff04b5b0151538e1462559bd1240119b1bece1d456acbba9fee86dbc6aaec7af2a52eb2c0b7490c5f371b7deb478731c74342ff bacula-7.4.0-path-mounted.patch +775ff4449ac7164cfc0f303c6aeb2be1b2d08f4197ac89db453795185c3251e94ccb6ef27068b7802453845d6bcf8474785a1ac7254227f027743baa2ab754bc bacula-11.0.6-pthread-double-detach-fix.patch +" diff --git a/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch b/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch new file mode 100644 index 0000000000..a8bcffefd0 --- /dev/null +++ b/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch @@ -0,0 +1,30 @@ +diff --git a/src/dird/ua_server.c b/src/dird/ua_server.c +index 75342a3bfa..d8d767e81f 100644 +--- a/src/dird/ua_server.c ++++ b/src/dird/ua_server.c +@@ -126,7 +126,9 @@ static void *handle_UA_client_request(void *arg) + JCR *jcr; + BSOCK *user = (BSOCK *)arg; + +- pthread_detach(pthread_self()); ++ // Alpine: We know the thread is already detached (src/lib/workq.c:74). ++ // Detaching it again would crash on musl, so we disable this call ++ // pthread_detach(pthread_self()); + + jcr = new_control_jcr("-Console-", JT_CONSOLE); + +diff --git a/src/dird/job.c b/src/dird/job.c +index 7df6351..62452bd 100644 +--- a/src/dird/job.c ++++ b/src/dird/job.c +@@ -408,7 +408,9 @@ static void *job_thread(void *arg) + { + JCR *jcr = (JCR *)arg; + +- pthread_detach(pthread_self()); ++ // Alpine: We know the thread is already detatched (src/lib/workq.c:74). ++ // Detatching it again would crash on musl, so we disable this call ++ // pthread_detach(pthread_self()); + Dsm_check(100); + + Dmsg0(200, "=====Start Job=========\n"); diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD index f25bd7e993..e5309b99bc 100644 --- a/main/bash/APKBUILD +++ b/main/bash/APKBUILD @@ -6,7 +6,7 @@ pkgver=5.1.16 _patchlevel=${pkgver##*.} _myver=${pkgver%.*} _patchbase=${_myver/./} -pkgrel=0 +pkgrel=2 pkgdesc="The GNU Bourne Again shell" url="https://www.gnu.org/software/bash/bash.html" arch="all" @@ -16,6 +16,7 @@ makedepends_host="readline-dev>8 ncurses-dev" install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-deinstall" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc" source="https://ftp.gnu.org/gnu/bash/bash-$_myver.tar.gz + bashrc bash-noinfo.patch " # generate url's to patches. note: no forks allowed! @@ -25,7 +26,7 @@ while [ $_i -le $_patchlevel ]; do [ $_i -ge 10 ] && _pad="0" [ $_i -ge 100 ] && _pad= source="$source https://ftp.gnu.org/gnu/bash/bash-$_myver-patches/bash$_patchbase-$_pad$_i" - _i=$(( $_i + 1)) + _i=$(( _i + 1)) done # secfixes: @@ -34,6 +35,8 @@ done builddir="$srcdir/$pkgname-$_myver" +export CFLAGS="$CFLAGS -DSYS_BASHRC='\"/etc/bash/bashrc\"'" + prepare() { # NOTE: This section is for applying the vendor patches, which are required to fix # security holes. `default_prepare` does *not* apply vendor patches in the format @@ -78,8 +81,9 @@ check() { } package() { + mkdir -p "$pkgdir"/etc/bash make DESTDIR="$pkgdir" install - + install -Dm644 "$srcdir"/bashrc "$pkgdir"/etc/bash/bashrc rm -rf "$pkgdir"/usr/share/locale } @@ -92,6 +96,7 @@ dev() { sha512sums=" c44a0ce381469219548a3a27589af3fea4f22eda1ca4e9434b59fc16da81b471c29ce18e31590e0860a6a251a664b68c2b45e3a17d22cfc02799ffd9a208390c bash-5.1.tar.gz +4542e19f2c6c31fff1f412379d5e36c65767cf2d91f1311e8d43f2566e2e50ab8dddff6045aec9b0272ed7387aa9b35daf6b0844478c0bda94d961efcf6f3ae3 bashrc 9d8845491d0fe335bdd8e9a2bd98bda54bfed2ae3c35b2196c6d5a38bdf96c4d97572ba7d6b19ab605ef4e8f001f64cf3312f87dedebb9e37a95ad2c44e33cdb bash-noinfo.patch 1cd86805a2639614372aec29a710bc456e330abcbbaa0867820c94f714a1fa5fb5c1b18aa2c10263ae0bce9dad7579c7af2f732282315c1c34bfd6a90777bfd2 bash51-001 923e7822a9629645347d3aea0058fb5e2d52223507159a62369309f264612df44a84931c19e0ccb3852e98ce672dfbd454477090b4041b5a0de477c94eb61088 bash51-002 diff --git a/main/bash/bashrc b/main/bash/bashrc new file mode 100644 index 0000000000..b851cf50b0 --- /dev/null +++ b/main/bash/bashrc @@ -0,0 +1,14 @@ +# Do not edit this file. +# Place your readable configs in /etc/profile.d/*.sh + +if [[ $- != *i* ]] ; then + # Shell is non-interactive. Be done now! + return +fi + +if [ -d /etc/profile.d/ ]; then + for f in /etc/profile.d/*.sh; do + [ -r "$f" ] && . "$f" + done + unset f +fi diff --git a/main/batctl/APKBUILD b/main/batctl/APKBUILD index 30a76028d6..d09134295d 100644 --- a/main/batctl/APKBUILD +++ b/main/batctl/APKBUILD @@ -1,11 +1,11 @@ # Maintainer: Ariadne Conill <ariadne@dereferenced.org> pkgname=batctl -pkgver=2021.1 -pkgrel=0 +pkgver=2022.0 +pkgrel=1 pkgdesc="B.A.T.M.A.N. advanced control and management tool" url="https://www.open-mesh.org/" arch="all" -license="GPL-2" +license="GPL-2.0-only AND MIT" depends_dev="libnl3-dev linux-headers" makedepends="$depends_dev" subpackages="$pkgname-doc" @@ -21,5 +21,5 @@ package() { } sha512sums=" -542343db3fb7d8f773656d9049285816359b0c94d7b26f26d5993209cae561b4b62442eef919b65bc46e0d8d23b10afd2f3d8c4beb2841641fffc643f65d8de6 batctl-2021.1.tar.gz +4e839119914c471818dcdc6ee0850802f0141dade8303be92fd0fc6f4cf492e37e482401f4e519d815f3928c84b247a5d5e0000128eb958702b8a99ff6f4975e batctl-2022.0.tar.gz " diff --git a/main/bats/APKBUILD b/main/bats/APKBUILD index 39d28860cd..6f8285b511 100644 --- a/main/bats/APKBUILD +++ b/main/bats/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Jose-Luis Rivas <ghostbar@riseup.net> pkgname=bats -pkgver=1.5.0 +pkgver=1.6.0 pkgrel=0 pkgdesc="Bash Automated Testing System" options="!check" # Test passes CI/locally, fails on builders @@ -20,5 +20,5 @@ package() { ./install.sh "$pkgdir"/usr } sha512sums=" -4e0b4adbc6ae7d40cbeb353d856dd919485838f9ee1eca5fb6747bcdd7b88f4eda673005ab735e104c9e8c5740cd2357b955e31b3769cb1c2561564e7369179d bats-1.5.0.zip +c76a219c0d6e8016bac90229b842c0666c1a63ae4c063c644a1cb2c78234e5b2685576889ca2c71cd1a6adfd3281be4c01e907b183873777e58e0d749e07d23c bats-1.6.0.zip " diff --git a/main/bctoolbox/APKBUILD b/main/bctoolbox/APKBUILD index 53a23222fe..7a220d8cf3 100644 --- a/main/bctoolbox/APKBUILD +++ b/main/bctoolbox/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=bctoolbox -pkgver=5.0.66 +pkgver=5.1.45 pkgrel=0 pkgdesc="Utilities library used by Belledonne Communications softwares like belle-sip, mediastreamer2 and linphone" url="https://github.com/BelledonneCommunications/bctoolbox" @@ -46,5 +46,5 @@ dev() { } sha512sums=" -4918b778a18e311e9b477574859db92a3d88b2ffb8c85081918688bf3bc104ed16bd5a5f5609d4137b3f3009ce485121fa999703d25b4867175aa1c34eb29d9f bctoolbox-5.0.66.tar.gz +488d296f3d0328858692d865ce4c315bd9f2baa9fbe9577a1fd214735d8bbe83005f082239c277607d8561682d220e0da0f30b695911780b1a7ec27cfea1c247 bctoolbox-5.1.45.tar.gz " diff --git a/main/beep/0001-disable-gcc-ubsan.patch b/main/beep/0001-disable-gcc-ubsan.patch new file mode 100644 index 0000000000..24cad5942e --- /dev/null +++ b/main/beep/0001-disable-gcc-ubsan.patch @@ -0,0 +1,25 @@ +From 30751070371ee32a3b58f8f416c07ddc1d3b5680 Mon Sep 17 00:00:00 2001 +From: Leonardo Arena <rnalrd@alpinelinux.org> +Date: Tue, 1 Feb 2022 09:26:02 +0000 +Subject: [PATCH] disable gcc ubsan + +--- + GNUmakefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/GNUmakefile b/GNUmakefile +index a27b453..fbc3605 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -169,7 +169,7 @@ $(eval $(call CHECK_CFLAGS,CFLAGS,-fanalyzer)) + $(eval $(call CHECK_CFLAGS,CFLAGS,-fstack-protector-strong)) + $(eval $(call CHECK_CFLAGS,CFLAGS,-fstack-clash-protection)) + $(eval $(call CHECK_CFLAGS,CFLAGS,-fcf-protection)) +-$(eval $(call CHECK_CFLAGS,CFLAGS,-fsanitize=undefined)) ++$(eval $(call CHECK_CFLAGS,CFLAGS)) + + + CFLAGS += -save-temps=obj +-- +2.35.1 + diff --git a/main/beep/0002-remove-option-werror.patch b/main/beep/0002-remove-option-werror.patch new file mode 100644 index 0000000000..7f650bcfd7 --- /dev/null +++ b/main/beep/0002-remove-option-werror.patch @@ -0,0 +1,25 @@ +From b471c291766e0b6a3afaa1324fd1c79be7ab0dab Mon Sep 17 00:00:00 2001 +From: Leonardo Arena <rnalrd@alpinelinux.org> +Date: Tue, 1 Feb 2022 09:30:53 +0000 +Subject: [PATCH 1/2] remove option werror + +--- + GNUmakefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/GNUmakefile b/GNUmakefile +index a27b453..9747798 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -155,7 +155,7 @@ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror=unknown-warning-option)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wall)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wextra)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Weverything)) +-$(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror)) ++$(eval $(call CHECK_CFLAGS,common_CFLAGS)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wno-padded)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror=format-security)) + $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wno-disabled-macro-expansion)) +-- +2.35.1 + diff --git a/main/beep/0003-remove-option-werror.patch b/main/beep/0003-remove-option-werror.patch new file mode 100644 index 0000000000..ec3046742e --- /dev/null +++ b/main/beep/0003-remove-option-werror.patch @@ -0,0 +1,25 @@ +From 648ebb687339269bfd056703f0aa5a62a9ba4f06 Mon Sep 17 00:00:00 2001 +From: Leonardo Arena <rnalrd@alpinelinux.org> +Date: Tue, 1 Feb 2022 09:31:33 +0000 +Subject: [PATCH 2/2] remove O2 optimization + +--- + GNUmakefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/GNUmakefile b/GNUmakefile +index 9747798..d192bab 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -147,7 +147,7 @@ common_LIBS = + + common_CPPFLAGS += -DPACKAGE_TARNAME='"$(PACKAGE_TARNAME)"' + common_CPPFLAGS += -DPACKAGE_VERSION='"$(PACKAGE_VERSION)"' +-common_CFLAGS += -O2 -g ++common_CFLAGS += -g + common_CFLAGS += -std=gnu99 + common_CFLAGS += $(if $(filter %.o,$@),-Wa$(comma)-adhlns=$(@:.o=.lst)) + common_CFLAGS += -pedantic +-- +2.35.1 + diff --git a/main/beep/APKBUILD b/main/beep/APKBUILD index 9c142fd4d0..716a1f1f8a 100644 --- a/main/beep/APKBUILD +++ b/main/beep/APKBUILD @@ -1,22 +1,32 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> pkgname=beep -pkgver=1.4.9 +pkgver=1.4.12 pkgrel=0 pkgdesc="A terminal bell" url="https://github.com/spkr-beep/beep" arch="all" license="GPL-2.0-or-later" makedepends="linux-headers" +options="!check" # no test suite subpackages="$pkgname-doc" -source="$pkgname-$pkgver.tar.gz::https://github.com/spkr-beep/beep/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/spkr-beep/beep/archive/v$pkgver.tar.gz + 0001-disable-gcc-ubsan.patch + 0002-remove-option-werror.patch + 0003-remove-option-werror.patch + " build() { - make + make prefix="/usr" DESTDIR="$pkgdir" } package() { - make DESTDIR="$pkgdir" install + make prefix="/usr" DESTDIR="$pkgdir" install } -sha512sums="46e6066cb4d9ad4a0c55a03bf5a2163426648ce3831fe1f7bafa2f02d0e407b50c52e58cc2b123c346df96e92b73d2458b473c3fb001d9a0d1470b7cf38cc35b beep-1.4.9.tar.gz" +sha512sums=" +18fed77bc4820ecc84ac12e903d516d5228fa2038df1788cc68db76e40b3c47a271911cc45bc48ce94e3f215803c5c05cb6c08ebb47ae6d7fcf1e0bc1ac169cd beep-1.4.12.tar.gz +44d1871a1cd763468873242d77c21c9c9f8682c75a561592d61536ecb98917b108d61d1801d974cc05ffed5d009dfafe21cc9705f8494edcb6a01aa528b9cabd 0001-disable-gcc-ubsan.patch +e04dff41163889b4ec263ceba3a0b5757e900863c8165b3b893af30b16894f1b08414d345b6195f229824811d9b737c3ff100c772fbf02de5f30442c9f3f64cf 0002-remove-option-werror.patch +977b7e001c80af7086d388dc05add931e9aad985f163d511c873b350b7a001bc8faaa198e074b15d3b310d0a09413a7d9989b519be89bf73119d3d14a6cd4dd9 0003-remove-option-werror.patch +" diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD index e96cdc6865..3b45936b28 100644 --- a/main/bind/APKBUILD +++ b/main/bind/APKBUILD @@ -5,16 +5,17 @@ # Contributor: ungleich <alpinelinux@ungleich.ch> # Maintainer: pkgname=bind -pkgver=9.16.24 +pkgver=9.18.3 _ver=${pkgver%_p*} _p=${pkgver#*_p} _major=${pkgver%%.*} [ "$_p" != "$pkgver" ] && _ver="$_ver-P$_p" -pkgrel=0 +pkgrel=2 pkgdesc="The ISC DNS server" url="https://www.isc.org/" arch="all" license="MPL-2.0" +options="!check" # requires bind server pkgusers="named" pkggroups="named" depends="dns-root-hints bind-tools" @@ -22,23 +23,19 @@ depends_dev="$pkgname $pkgname-plugins $pkgname-tools" _depends_plugins="$pkgname" _root_keys_upstream="dnssec-root" _depends_root_keys="$_root_keys_upstream" -_py3deps="py3-ply python3" makedepends=" bash - bsd-compat-headers fstrm-dev - json-c-dev krb5-dev libcap-dev libuv-dev libxml2-dev linux-headers + nghttp2-dev openldap-dev openssl1.1-compat-dev perl protobuf-c-dev - $_py3deps - python3-dev $_depends_root_keys " install="$pkgname.pre-install $pkgname.post-install" @@ -49,15 +46,12 @@ subpackages=" $pkgname-libs $pkgname-openrc $pkgname-${_root_keys_upstream}:root_keys:noarch - py3-$pkgname:_py3 $pkgname-dnssec-tools:_dnssec_tools $pkgname-plugins $pkgname-tools " source=" https://downloads.isc.org/isc/bind$_major/$_ver/bind-$_ver.tar.xz - bind.plugindir.patch - bind.so_bsdcompat.patch named.initd named.confd named.conf.authoritative @@ -67,6 +61,9 @@ source=" " # secfixes: +# 9.16.27-r0: +# - CVE-2022-0396 +# - CVE-2021-25220 # 9.16.22-r0: # - CVE-2021-25219 # 9.16.20-r0: @@ -132,7 +129,6 @@ prepare() { -e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \ "$i" done - update_config_sub } build() { @@ -147,28 +143,19 @@ build() { --localstatedir=/var \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ - --with-dlopen=yes \ - --with-dlz-filesystem=yes \ - --with-dlz-ldap=yes \ - --with-dlz-stub=yes \ - --with-gssapi=/usr \ - --with-libjson \ - --with-libtool \ + --with-gssapi=yes \ --with-libxml2 \ - --with-openssl=/usr \ - --with-python=python3 \ + --with-openssl=yes \ --enable-dnstap \ --enable-largefile \ --enable-linux-caps \ --enable-shared \ - --enable-static \ - --disable-isc-spnego \ - --disable-backtrace + --disable-static make } check() { - ./bin/named/named -V + make test } package() { @@ -200,21 +187,13 @@ package() { ln -s named.ca root.cache } -_py3() { - pkgdesc="A module allowing rndc commands to be sent from Python programs" - depends="$_py3deps" - mkdir -p "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/ -} - _dnssec_tools() { pkgdesc="Utilities for DNSSEC keys and DNS zone files management" - depends="py3-$pkgname=$pkgver-r$pkgrel" - mkdir -p "$subpkgdir"/usr/sbin + mkdir -p "$subpkgdir"/usr/bin mv \ - "$pkgdir"/usr/sbin/nsec3hash \ - "$pkgdir"/usr/sbin/dnssec* \ - "$subpkgdir"/usr/sbin/ + "$pkgdir"/usr/bin/nsec3hash \ + "$pkgdir"/usr/bin/dnssec* \ + "$subpkgdir"/usr/bin/ } @@ -230,14 +209,18 @@ tools() { pkgdesc="The ISC DNS tools" depends="$depends_tools" - mkdir -p "$subpkgdir"/usr - mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ + mkdir -p "$subpkgdir"/usr/bin + for i in "$pkgdir"/usr/bin/*; do + case "${i##*/}" in + named-checkconf) ;; + *) mv "$i" "$subpkgdir"/usr/bin ;; + esac + done mkdir -p "$subpkgdir"/usr/sbin for i in "$pkgdir"/usr/sbin/*; do - file "$i" | grep 'Python script' >/dev/null 2>&1 && continue || : case "${i##*/}" in - named|named-checkconf|rndc) ;; + named|rndc) ;; *) mv "$i" "$subpkgdir"/usr/sbin ;; esac done @@ -282,10 +265,8 @@ _gpgfingerprints=" " sha512sums=" -a982bcad8c517dbcb81e768486e1a8b92e495efcf45c4961170c3bc7fac837903605dcd05cfb9b9e1074599b90be1b9c3dbca4162ede0a32fe4c3405ad92816b bind-9.16.24.tar.xz -2b32d1e7f62cd1e01bb4fdd92d15460bc14761b933d5acc463a91f5ecd4773d7477c757c5dd2738e8e433693592cf3f623ffc142241861c91848f01aa84640d6 bind.plugindir.patch -7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6 bind.so_bsdcompat.patch -53db80f7ee4902f42fb1d0bc959242bcb6f20d95256bda99ce2c206af8b4703c7f72bb26d026c633f70451b84a37c3946b210951e34dd5d6620b181cd0183de4 named.initd +eeb2c376172469cd9d788a48487dec026ef28f6a82c474c546464a6caf510ff8f005c780ad85de9a096f4201f41e7db3b6ddfdb8c31c10d62b727f160d918d94 bind-9.18.3.tar.xz +3d1d3e954aaee5e125f6b6f3cb660b51fc91d803df4cad43c47dbe97f19789cef20b5ca2834624668f0d761a5b81ac72db8959745d6eb293ca1154a1b390a007 named.initd 127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf named.confd d2f61d02d7829af51faf14fbe2bafe8bc90087e6b6697c6275a269ebbddcaa14a234fff5c41da793e945e8ff1de3de0858a40334e0d24289eab98df4bb721ac5 named.conf.authoritative 3aba9763cfaf0880a89fd01202f41406b465547296ce91373eb999ea7719040bc1ac4e47b0de025a8060f693d3d88774a20d09a43fa7ac6aa43989b58b5ee8fe named.conf.recursive diff --git a/main/bind/bind.plugindir.patch b/main/bind/bind.plugindir.patch deleted file mode 100644 index bcef2dbdec..0000000000 --- a/main/bind/bind.plugindir.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/make/rules.in b/make/rules.in -index 8039856..bd29891 100644 ---- a/make/rules.in -+++ b/make/rules.in -@@ -28,7 +28,7 @@ localstatedir = @localstatedir@ - mandir = @mandir@ - datarootdir = @datarootdir@ - --plugindir = ${libdir}/named -+plugindir = ${libdir}/bind - - DESTDIR = - diff --git a/main/bind/bind.so_bsdcompat.patch b/main/bind/bind.so_bsdcompat.patch deleted file mode 100644 index 69751e13b3..0000000000 --- a/main/bind/bind.so_bsdcompat.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/lib/isc/unix/socket.c.orig 2005-11-03 17:08:42.000000000 -0600 -+++ b/lib/isc/unix/socket.c 2006-02-18 13:09:15.000000000 -0600 -@@ -245,6 +245,8 @@ - - #define SOCK_DEAD(s) ((s)->references == 0) - -+#undef SO_BSDCOMPAT -+ - static void - manager_log(isc_socketmgr_t *sockmgr, - isc_logcategory_t *category, isc_logmodule_t *module, int level, diff --git a/main/bind/named.initd b/main/bind/named.initd index cad932c68d..c7a8bb1a87 100644 --- a/main/bind/named.initd +++ b/main/bind/named.initd @@ -13,7 +13,7 @@ depend() { _get_pidfile() { [ -n "${PIDFILE}" ] || PIDFILE=$(\ - /usr/sbin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2) + /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2) [ -z "${PIDFILE}" ] && PIDFILE=/var/run/named/named.pid } @@ -25,7 +25,7 @@ checkconfig() { return 1 fi - /usr/sbin/named-checkconf ${NAMED_CONF} || { + /usr/bin/named-checkconf ${NAMED_CONF} || { eerror "named-checkconf failed! Please fix your config first." return 1 } @@ -35,7 +35,7 @@ checkconfig() { checkzones() { ebegin "Checking named configuration and zones" - /usr/sbin/named-checkconf -z -j ${NAMED_CONF} + /usr/bin/named-checkconf -z -j ${NAMED_CONF} eend $? } diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD index 16efeb3708..17fab6ace8 100644 --- a/main/binutils/APKBUILD +++ b/main/binutils/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Ariadne Conill <ariadne@dereferenced.org> pkgname=binutils -pkgver=2.37 # XXX: remove man page workaround in prepare() on upgrade -pkgrel=4 +pkgver=2.38 +pkgrel=3 pkgdesc="Tools necessary to build programs" url="https://www.gnu.org/software/binutils/" makedepends_build="bison flex texinfo" @@ -17,8 +17,10 @@ source="https://ftp.gnu.org/gnu/binutils/binutils-$pkgver.tar.xz ld-bfd-mips.patch 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch binutils-mips-disable-assert.patch - bfd-close-file-desriptor-if-there-is-no-archive-fd.patch - defang-no-split.patch + binutils-ppc-fix-machine-options.patch + binutils-s390x-1.patch + binutils-s390x-2.patch + binutils-ppc64le-assertion.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -43,14 +45,6 @@ fi # 2.28-r1: # - CVE-2017-7614 -prepare() { - default_prepare - - # Remove existing empty man pages to force them to be regenerated. - # Workaround for https://gitlab.alpinelinux.org/alpine/aports/-/issues/13034 - find "$builddir" -name '[a-z]*\.[0-9]*' -empty -delete -} - build() { local _sysroot=/ local _cross_configure="--enable-install-libiberty --enable-shared" @@ -142,12 +136,14 @@ gold() { } sha512sums=" -5c11aeef6935860a6819ed3a3c93371f052e52b4bdc5033da36037c1544d013b7f12cb8d561ec954fe7469a68f1b66f1a3cd53d5a3af7293635a90d69edd15e7 binutils-2.37.tar.xz +8bf0b0d193c9c010e0518ee2b2e5a830898af206510992483b427477ed178396cd210235e85fd7bd99a96fc6d5eedbeccbd48317a10f752b7336ada8b2bb826d binutils-2.38.tar.xz ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch 314d2ef9071c89940aa6c8118e8a1e2f191a5d0a4bf596da1ad9cc84f884d8bc7dea8bd7b9fc3f8f1bddd3fd41c6eb017e1e804044b3bf084df1ed9e6e095e2d ld-bfd-mips.patch 70ec22bd72ef6dddecfd970613387dd4a8cdc8730dd3cbf03d5a0c3a7c4d839383167bb06dad21bf7c235329fd44b5dc4aefe762f68544f17155cf002bf1be4a 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch 609cd90d8b334eb309f586b17b9d335a08d3dbb6def7c3eb5c010028fcb681674031e5b9d853aa7a39a50304356a86afc184b85562b3f228f8197f4d29395c8f binutils-mips-disable-assert.patch -10a0074583d2cc4598710c7e434ba7088da074b105f4f5e951fc61af7150ad62adf60a7c98f6fd13b1771f169e45a5a1ef618240c6893d3f0f3d93fd768a03c6 bfd-close-file-desriptor-if-there-is-no-archive-fd.patch -4652f092c9376f0cb7fd6c72cb37ff7c15c1c6e3408fac79329b7f41a7925c98eb35989a9a040682130988a36401901d6d95afa44f0ce50caa85ee478db6bf03 defang-no-split.patch +27ea91e0e406e2ed464fd692cf92a07e338781789f2d968c8b95d9d5545985056a6f7f500df3952e5ab42165db28b741aa33d6b717e880b11a2e41fe406b13c4 binutils-ppc-fix-machine-options.patch +a9efe2689624865f0ff33d4776a5bd295bcad6484bdd38d0ca490fea43691c4933ab33d17478851998eef12922dbf83d6c3225bb1f8faf92a1367d086390f7d3 binutils-s390x-1.patch +0e291df80ad279005265634014d0935d2c115a5ed708d25407094b7ad4ddf267d1fb7fcbcb2d9ad73bd305b4e3974628b820bd1f249f56c095e4896872434cc9 binutils-s390x-2.patch +63e58f45df3570279cb1ee5215ba3de77de012cac20da9cdd23f86a93890056e1efa397521559cfd0716d5239604607c440d8f4d089d83c98b8fbc1b5c5305f8 binutils-ppc64le-assertion.patch " diff --git a/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch b/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch deleted file mode 100644 index 357d0f9701..0000000000 --- a/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch +++ /dev/null @@ -1,234 +0,0 @@ -Upstream: yes -URL: https://sourceware.org/bugzilla/show_bug.cgi?id=28138 -From 1c611b40e6bfc8029bff7696814330b5bc0ee5c0 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" <hjl.tools@gmail.com> -Date: Mon, 26 Jul 2021 05:59:55 -0700 -Subject: [PATCH] bfd: Close the file descriptor if there is no archive fd - -Close the file descriptor if there is no archive plugin file descriptor -to avoid running out of file descriptors on thin archives with many -archive members. - -bfd/ - - PR ld/28138 - * plugin.c (bfd_plugin_close_file_descriptor): Close the file - descriptor there is no archive plugin file descriptor. - -ld/ - - PR ld/28138 - * testsuite/ld-plugin/lto.exp: Run tmpdir/pr28138 only for - native build. - - PR ld/28138 - * testsuite/ld-plugin/lto.exp: Run ld/28138 tests. - * testsuite/ld-plugin/pr28138.c: New file. - * testsuite/ld-plugin/pr28138-1.c: Likewise. - * testsuite/ld-plugin/pr28138-2.c: Likewise. - * testsuite/ld-plugin/pr28138-3.c: Likewise. - * testsuite/ld-plugin/pr28138-4.c: Likewise. - * testsuite/ld-plugin/pr28138-5.c: Likewise. - * testsuite/ld-plugin/pr28138-6.c: Likewise. - * testsuite/ld-plugin/pr28138-7.c: Likewise. - -(cherry picked from commit 5a98fb7513b559e20dfebdbaa2a471afda3b4742) -(cherry picked from commit 7dc37e1e1209c80e0bab784df6b6bac335e836f2) ---- - bfd/plugin.c | 8 +++++++ - ld/testsuite/ld-plugin/lto.exp | 34 ++++++++++++++++++++++++++++++ - ld/testsuite/ld-plugin/pr28138-1.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-2.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-3.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-4.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-5.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-6.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138-7.c | 6 ++++++ - ld/testsuite/ld-plugin/pr28138.c | 20 ++++++++++++++++++ - 10 files changed, 104 insertions(+) - create mode 100644 ld/testsuite/ld-plugin/pr28138-1.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-2.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-3.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-4.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-5.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-6.c - create mode 100644 ld/testsuite/ld-plugin/pr28138-7.c - create mode 100644 ld/testsuite/ld-plugin/pr28138.c - -diff --git a/bfd/plugin.c b/bfd/plugin.c -index 6cfa2b66470..3bab8febe88 100644 ---- a/bfd/plugin.c -+++ b/bfd/plugin.c -@@ -291,6 +291,14 @@ bfd_plugin_close_file_descriptor (bfd *abfd, int fd) - && !bfd_is_thin_archive (abfd->my_archive)) - abfd = abfd->my_archive; - -+ /* Close the file descriptor if there is no archive plugin file -+ descriptor. */ -+ if (abfd->archive_plugin_fd == -1) -+ { -+ close (fd); -+ return; -+ } -+ - abfd->archive_plugin_fd_open_count--; - /* Dup the archive plugin file descriptor for later use, which - will be closed by _bfd_archive_close_and_cleanup. */ -diff --git a/ld/testsuite/ld-plugin/lto.exp b/ld/testsuite/ld-plugin/lto.exp -index def69e43ab3..999d911ce6a 100644 ---- a/ld/testsuite/ld-plugin/lto.exp -+++ b/ld/testsuite/ld-plugin/lto.exp -@@ -687,6 +687,40 @@ if { [is_elf_format] && [check_lto_shared_available] } { - } - } - -+run_cc_link_tests [list \ -+ [list \ -+ "Build pr28138.a" \ -+ "-T" "" \ -+ {pr28138-1.c pr28138-2.c pr28138-3.c pr28138-4.c pr28138-5.c \ -+ pr28138-6.c pr28138-7.c} {} "pr28138.a" \ -+ ] \ -+ [list \ -+ "Build pr28138.o" \ -+ "" "" \ -+ {pr28138.c} {} \ -+ ] \ -+] -+ -+set exec_output [run_host_cmd "sh" \ -+ "-c \"ulimit -n 20; \ -+ $CC -Btmpdir/ld -o tmpdir/pr28138 \ -+ tmpdir/pr28138.o tmpdir/pr28138.a\""] -+set exec_output [prune_warnings $exec_output] -+if [string match "" $exec_output] then { -+ if { [isnative] } { -+ set exec_output [run_host_cmd "tmpdir/pr28138" ""] -+ if [string match "PASS" $exec_output] then { -+ pass "PR ld/28138" -+ } else { -+ fail "PR ld/28138" -+ } -+ } else { -+ pass "PR ld/28138" -+ } -+} else { -+ fail "PR ld/28138" -+} -+ - set testname "Build liblto-11.a" - remote_file host delete "tmpdir/liblto-11.a" - set catch_output [run_host_cmd "$ar" "rc $plug_opt tmpdir/liblto-11.a tmpdir/lto-11a.o tmpdir/lto-11b.o tmpdir/lto-11c.o"] -diff --git a/ld/testsuite/ld-plugin/pr28138-1.c b/ld/testsuite/ld-plugin/pr28138-1.c -new file mode 100644 -index 00000000000..51d119e1642 ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-1.c -@@ -0,0 +1,6 @@ -+extern int a0(void); -+int -+a1(void) -+{ -+ return 1 + a0(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-2.c b/ld/testsuite/ld-plugin/pr28138-2.c -new file mode 100644 -index 00000000000..1120cd797e9 ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-2.c -@@ -0,0 +1,6 @@ -+extern int a1(void); -+int -+a2(void) -+{ -+ return 1 + a1(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-3.c b/ld/testsuite/ld-plugin/pr28138-3.c -new file mode 100644 -index 00000000000..ec464947ee6 ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-3.c -@@ -0,0 +1,6 @@ -+extern int a2(void); -+int -+a3(void) -+{ -+ return 1 + a2(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-4.c b/ld/testsuite/ld-plugin/pr28138-4.c -new file mode 100644 -index 00000000000..475701b2c5c ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-4.c -@@ -0,0 +1,6 @@ -+extern int a3(void); -+int -+a4(void) -+{ -+ return 1 + a3(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-5.c b/ld/testsuite/ld-plugin/pr28138-5.c -new file mode 100644 -index 00000000000..e24f86c363e ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-5.c -@@ -0,0 +1,6 @@ -+extern int a4(void); -+int -+a5(void) -+{ -+ return 1 + a4(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-6.c b/ld/testsuite/ld-plugin/pr28138-6.c -new file mode 100644 -index 00000000000..b5b938bdb21 ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-6.c -@@ -0,0 +1,6 @@ -+extern int a5(void); -+int -+a6(void) -+{ -+ return 1 + a5(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138-7.c b/ld/testsuite/ld-plugin/pr28138-7.c -new file mode 100644 -index 00000000000..4ef75bf0f0c ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138-7.c -@@ -0,0 +1,6 @@ -+extern int a6(void); -+int -+a7(void) -+{ -+ return 1 + a6(); -+} -diff --git a/ld/testsuite/ld-plugin/pr28138.c b/ld/testsuite/ld-plugin/pr28138.c -new file mode 100644 -index 00000000000..68252c9f382 ---- /dev/null -+++ b/ld/testsuite/ld-plugin/pr28138.c -@@ -0,0 +1,20 @@ -+#include <stdio.h> -+ -+extern int a7(void); -+ -+int -+a0(void) -+{ -+ return 0; -+} -+ -+int -+main() -+{ -+ if (a7() == 7) -+ { -+ printf ("PASS\n"); -+ return 0; -+ } -+ return 1; -+} --- -2.27.0 - diff --git a/main/binutils/binutils-ppc-fix-machine-options.patch b/main/binutils/binutils-ppc-fix-machine-options.patch new file mode 100644 index 0000000000..703ecf98a3 --- /dev/null +++ b/main/binutils/binutils-ppc-fix-machine-options.patch @@ -0,0 +1,41 @@ +Fix for DARN opcode error during ppc64le compilation of rng-tools which +occurs with binutils 2.38 but not with binutils 2.37.. + +https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=cebc89b9328;hp=9cbed90ee623d75e31994e7943960c997ba565f2 + + +diff -aur a/gas/config/tc-ppc.c b/gas/config/tc-ppc.c +--- a/gas/config/tc-ppc.c ++++ b/gas/config/tc-ppc.c +@@ -5965,7 +5965,30 @@ + options do not count as a new machine, instead they add + to currently selected opcodes. */ + ppc_cpu_t machine_sticky = 0; +- new_cpu = ppc_parse_cpu (ppc_cpu, &machine_sticky, cpu_string); ++ /* Unfortunately, some versions of gcc emit a .machine ++ directive very near the start of the compiler's assembly ++ output file. This is bad because it overrides user -Wa ++ cpu selection. Worse, there are versions of gcc that ++ emit the *wrong* cpu, not even respecting the -mcpu given ++ to gcc. See gcc pr101393. And to compound the problem, ++ as of 20220222 gcc doesn't pass the correct cpu option to ++ gas on the command line. See gcc pr59828. Hack around ++ this by keeping sticky options for an early .machine. */ ++ asection *sec; ++ for (sec = stdoutput->sections; sec != NULL; sec = sec->next) ++ { ++ segment_info_type *info = seg_info (sec); ++ /* Are the frags for this section perturbed from their ++ initial state? Even .align will count here. */ ++ if (info != NULL ++ && (info->frchainP->frch_root != info->frchainP->frch_last ++ || info->frchainP->frch_root->fr_type != rs_fill ++ || info->frchainP->frch_root->fr_fix != 0)) ++ break; ++ } ++ new_cpu = ppc_parse_cpu (ppc_cpu, ++ sec == NULL ? &sticky : &machine_sticky, ++ cpu_string); + if (new_cpu != 0) + ppc_cpu = new_cpu; + else diff --git a/main/binutils/binutils-ppc64le-assertion.patch b/main/binutils/binutils-ppc64le-assertion.patch new file mode 100644 index 0000000000..cd6113e6f8 --- /dev/null +++ b/main/binutils/binutils-ppc64le-assertion.patch @@ -0,0 +1,32 @@ +From 97dd8079feb35456d7b387a594b5e00f7654b3b8 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Thu, 23 Jun 2022 17:50:30 +0930 +Subject: [PATCH] PowerPC64: fix assertion in ppc_build_one_stub with -Os code + +save_res stubs aren't written in ppc_build_one_stub, their offsets +(which are zero) should not be checked. + + * elf64-ppc.c (ppc_build_one_stub): Don't check save_res offsets. + +(cherry picked from commit 570e911f4e533fad33ad5e4e1102929cf7e80bd7) +--- + bfd/elf64-ppc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c +index cb12ed476d8..df503341fe9 100644 +--- a/bfd/elf64-ppc.c ++++ b/bfd/elf64-ppc.c +@@ -11700,7 +11700,8 @@ ppc_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg) + if (htab == NULL) + return false; + +- BFD_ASSERT (stub_entry->stub_offset >= stub_entry->group->stub_sec->size); ++ BFD_ASSERT (stub_entry->stub_offset >= stub_entry->group->stub_sec->size ++ || stub_entry->type.main == ppc_stub_save_res); + loc = stub_entry->group->stub_sec->contents + stub_entry->stub_offset; + + htab->stub_count[stub_entry->type.main - 1] += 1; +-- +2.31.1 + diff --git a/main/binutils/binutils-s390x-1.patch b/main/binutils/binutils-s390x-1.patch new file mode 100644 index 0000000000..fab51a2fad --- /dev/null +++ b/main/binutils/binutils-s390x-1.patch @@ -0,0 +1,147 @@ +From 82a5bb730a16f8c7962568030268e784b4fb42c8 Mon Sep 17 00:00:00 2001 +From: Stefan Liebler <stli@linux.ibm.com> +Date: Thu, 28 Apr 2022 14:29:58 +0200 +Subject: [PATCH] s390: Avoid dynamic TLS relocs in PIE + +No dynamic relocs are needed for TLS defined in an executable, the +TP relative offset is known at link time. + +Fixes +FAIL: Build pr22263-1 + +bfd/ + PR ld/22263 + * elf64-s390.c (elf_s390_tls_transition): Use bfd_link_dll + instead of bfd_link_pic for TLS. + (elf_s390_check_relocs): Likewise. + (allocate_dynrelocs): Likewise. + (elf_s390_relocate_section): Likewise. + +(cherry picked from commit 26b1426577b5dcb32d149c64cca3e603b81948a9) +--- + bfd/elf64-s390.c | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c +index e780efa7181..00ee386baab 100644 +--- a/bfd/elf64-s390.c ++++ b/bfd/elf64-s390.c +@@ -774,7 +774,7 @@ elf_s390_tls_transition (struct bfd_link_info *info, + int r_type, + int is_local) + { +- if (bfd_link_pic (info)) ++ if (bfd_link_dll (info)) + return r_type; + + switch (r_type) +@@ -1026,7 +1026,7 @@ elf_s390_check_relocs (bfd *abfd, + case R_390_TLS_GOTIE20: + case R_390_TLS_GOTIE64: + case R_390_TLS_IEENT: +- if (bfd_link_pic (info)) ++ if (bfd_link_dll (info)) + info->flags |= DF_STATIC_TLS; + /* Fall through */ + +@@ -1107,7 +1107,7 @@ elf_s390_check_relocs (bfd *abfd, + if (r_type == R_390_TLS_LE64 && bfd_link_pie (info)) + break; + +- if (!bfd_link_pic (info)) ++ if (!bfd_link_dll (info)) + break; + info->flags |= DF_STATIC_TLS; + /* Fall through */ +@@ -1571,7 +1571,7 @@ allocate_dynrelocs (struct elf_link_hash_entry *h, + to R_390_TLS_LE64 requiring no TLS entry. For GOTIE12 and IEENT + we can save the dynamic TLS relocation. */ + if (h->got.refcount > 0 +- && !bfd_link_pic (info) ++ && !bfd_link_dll (info) + && h->dynindx == -1 + && elf_s390_hash_entry(h)->tls_type >= GOT_TLS_IE) + { +@@ -2662,7 +2662,7 @@ elf_s390_relocate_section (bfd *output_bfd, + + /* Relocations for tls literal pool entries. */ + case R_390_TLS_IE64: +- if (bfd_link_pic (info)) ++ if (bfd_link_dll (info)) + { + Elf_Internal_Rela outrel; + asection *sreloc; +@@ -2690,7 +2690,7 @@ elf_s390_relocate_section (bfd *output_bfd, + else if (h != NULL) + { + tls_type = elf_s390_hash_entry(h)->tls_type; +- if (!bfd_link_pic (info) && h->dynindx == -1 && tls_type >= GOT_TLS_IE) ++ if (!bfd_link_dll (info) && h->dynindx == -1 && tls_type >= GOT_TLS_IE) + r_type = R_390_TLS_LE64; + } + if (r_type == R_390_TLS_GD64 && tls_type >= GOT_TLS_IE) +@@ -2801,14 +2801,14 @@ elf_s390_relocate_section (bfd *output_bfd, + if (local_got_offsets == NULL) + abort(); + off = local_got_offsets[r_symndx]; +- if (bfd_link_pic (info)) ++ if (bfd_link_dll (info)) + goto emit_tls_relocs; + } + else + { + off = h->got.offset; + tls_type = elf_s390_hash_entry(h)->tls_type; +- if (bfd_link_pic (info) || h->dynindx != -1 || tls_type < GOT_TLS_IE) ++ if (bfd_link_dll (info) || h->dynindx != -1 || tls_type < GOT_TLS_IE) + goto emit_tls_relocs; + } + +@@ -2825,7 +2825,7 @@ elf_s390_relocate_section (bfd *output_bfd, + break; + + case R_390_TLS_LDM64: +- if (! bfd_link_pic (info)) ++ if (! bfd_link_dll (info)) + /* The literal pool entry this relocation refers to gets ignored + by the optimized code of the local exec model. Do nothing + and the value will turn out zero. */ +@@ -2900,7 +2900,7 @@ elf_s390_relocate_section (bfd *output_bfd, + continue; + + case R_390_TLS_LDO64: +- if (bfd_link_pic (info) || (input_section->flags & SEC_DEBUGGING)) ++ if (bfd_link_dll (info) || (input_section->flags & SEC_DEBUGGING)) + relocation -= dtpoff_base (info); + else + /* When converting LDO to LE, we must negate. */ +@@ -2922,7 +2922,7 @@ elf_s390_relocate_section (bfd *output_bfd, + + if (r_type == R_390_TLS_LOAD) + { +- if (!bfd_link_pic (info) && (h == NULL || h->dynindx == -1)) ++ if (!bfd_link_dll (info) && (h == NULL || h->dynindx == -1)) + { + /* IE->LE transition. Four valid cases: + lg %rx,(0,%ry) -> sllg %rx,%ry,0 +@@ -2972,7 +2972,7 @@ elf_s390_relocate_section (bfd *output_bfd, + invalid_tls_insn (input_bfd, input_section, rel); + return false; + } +- if (!bfd_link_pic (info) && (h == NULL || h->dynindx == -1)) ++ if (!bfd_link_dll (info) && (h == NULL || h->dynindx == -1)) + { + /* GD->LE transition. + brasl %r14,__tls_get_addr@plt -> brcl 0,. */ +@@ -2991,7 +2991,7 @@ elf_s390_relocate_section (bfd *output_bfd, + } + else if (r_type == R_390_TLS_LDCALL) + { +- if (!bfd_link_pic (info)) ++ if (!bfd_link_dll (info)) + { + unsigned int insn0, insn1; + +-- +2.27.0 + diff --git a/main/binutils/binutils-s390x-2.patch b/main/binutils/binutils-s390x-2.patch new file mode 100644 index 0000000000..75d7a931a3 --- /dev/null +++ b/main/binutils/binutils-s390x-2.patch @@ -0,0 +1,51 @@ +From 9a01457e02e7bb594ff9a9ac62a38c909e2e3083 Mon Sep 17 00:00:00 2001 +From: Stefan Liebler <stli@linux.ibm.com> +Date: Thu, 28 Apr 2022 14:30:55 +0200 +Subject: [PATCH] s390: Add DT_JMPREL pointing to .rela.[i]plt with static-pie + +In static-pie case, there are IRELATIVE-relocs in +.rela.iplt (htab->irelplt), which will later be grouped +to .rela.plt. On s390, the IRELATIVE relocations are +always located in .rela.iplt - even for non-static case. +Ensure that DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ is added +to the dynamic section even if htab->srelplt->size == 0. +See _bfd_elf_add_dynamic_tags in bfd/elflink.c. + +bfd/ + elf64-s390.c (elf_s390_size_dynamic_sections): + Enforce DT_JMPREL via htab->elf.dt_jmprel_required. + +(cherry picked from commit d942d8db12adf4c9e5c7d9ed6496a779ece7149e) +--- + bfd/elf64-s390.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c +index 00ee386baab..0b851f7ac0e 100644 +--- a/bfd/elf64-s390.c ++++ b/bfd/elf64-s390.c +@@ -1876,7 +1876,20 @@ elf_s390_size_dynamic_sections (bfd *output_bfd ATTRIBUTE_UNUSED, + else if (startswith (bfd_section_name (s), ".rela")) + { + if (s->size != 0 && s != htab->elf.srelplt) +- relocs = true; ++ { ++ relocs = true; ++ if (s == htab->elf.irelplt) ++ { ++ /* In static-pie case, there are IRELATIVE-relocs in ++ .rela.iplt (htab->irelplt), which will later be grouped ++ to .rela.plt. On s390, the IRELATIVE relocations are ++ always located in .rela.iplt - even for non-static case. ++ Ensure that DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ is added ++ to the dynamic section even if htab->srelplt->size == 0. ++ See _bfd_elf_add_dynamic_tags in bfd/elflink.c. */ ++ htab->elf.dt_jmprel_required = true; ++ } ++ } + + /* We use the reloc_count field as a counter if we need + to copy relocs into the output file. */ +-- +2.27.0 + diff --git a/main/binutils/defang-no-split.patch b/main/binutils/defang-no-split.patch deleted file mode 100644 index cea68edc5d..0000000000 --- a/main/binutils/defang-no-split.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2dad02b6d46eef438cbd14d8511487b056628a38 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <siarheit@google.com> -Date: Mon, 26 Jul 2021 22:51:18 +0100 -Subject: [PATCH 1/1] texi2pod.pl: add no-op --no-split option support - [PR28144] - -Change 2faf902da ("generate single html manual page by default") -added use of --no-split option to makeinfo. binutils reuses -makeinfo options for texi2pod.pl wrapper. Unsupported option -led to silent manpage truncation. - -The change adds no-op option support. - -etc/ - PR 28144 - * texi2pod.pl: Handle no-op --no-split option. - -(cherry picked from commit 96a7037cd8573cf065aa6b12baca68696f96d9ca) ---- - etc/texi2pod.pl | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/etc/texi2pod.pl b/etc/texi2pod.pl -index 11f70d156be..dcf2b437640 100644 ---- a/etc/texi2pod.pl -+++ b/etc/texi2pod.pl -@@ -59,6 +59,8 @@ while ($_ = shift) { - $flag = shift; - } - push (@ipath, $flag); -+ } elsif (/^--no-split$/) { -+ # ignore option for makeinfo compatibility - } elsif (/^-/) { - usage(); - } else { --- -2.27.0 - diff --git a/main/bitlbee/APKBUILD b/main/bitlbee/APKBUILD deleted file mode 100644 index 7daf428e07..0000000000 --- a/main/bitlbee/APKBUILD +++ /dev/null @@ -1,48 +0,0 @@ -# Contributor: Peter Bui <pnutzh4x0r@gmail.com> -# Maintainer: Sheila Aman <sheila@vulpine.house> -pkgname=bitlbee -pkgver=3.6 -pkgrel=2 -pkgdesc="An IRC to other chat networks gateway" -url="https://www.bitlbee.org/" -arch="all" -options="!check" # no test suite -license="GPL-2.0-or-later" -makedepends="python3 glib-dev gnutls-dev libotr-dev" -subpackages="$pkgname-dev $pkgname-doc $pkgname-otr $pkgname-openrc" -source="http://get.bitlbee.org/src/bitlbee-$pkgver.tar.gz - $pkgname.initd - $pkgname.confd - " - -build() { - PYTHON=python3 \ - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --otr=plugin \ - --prefix=/usr \ - --etcdir=/etc/bitlbee \ - --ssl=gnutls # https://bugs.bitlbee.org/ticket/886 - make -} - -package() { - make DESTDIR="$pkgdir" install install-etc install-dev - - install -m755 -D "$srcdir"/$pkgname.initd \ - "$pkgdir"/etc/init.d/$pkgname - install -m644 -D "$srcdir"/$pkgname.confd \ - "$pkgdir"/etc/conf.d/$pkgname - mkdir -p "$pkgdir"/var/lib/bitlbee - chown nobody:nobody "$pkgdir"/var/lib/bitlbee -} - -otr() { - mkdir -p "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/bitlbee "$subpkgdir"/usr/lib -} - -sha512sums="ccbf0f23e228de2de147241f36f59744b2256cba958e2fabfba0cfa60935e55bbb7d7e20fffa54da9a345e55ffa9ca82cb62e9b99dc738ba35c6e268c6561a8d bitlbee-3.6.tar.gz -300c3445b9be6dac41bbd6d3a3ef5b871668743d4ea68dd779962d7af941cdaac61cb7c61e7ab2610bffac6dd9accc7ef9590593aef45e6930e2f49abaf9bf40 bitlbee.initd -d86e85eecafe080d331034cfc0b1f38d8e5582772d1e1d7175d14b396e1ce3dfd1b94e8ee97ef54b85181b3eacf39bacd378a1da5014515ed909554708907991 bitlbee.confd" diff --git a/main/bitlbee/bitlbee.confd b/main/bitlbee/bitlbee.confd deleted file mode 100644 index 99f308cd97..0000000000 --- a/main/bitlbee/bitlbee.confd +++ /dev/null @@ -1,9 +0,0 @@ -# Sample conf.d file for alpine linux - -# -# Specify daemon options here. -# - -PORT="6667" -OPTS="-F" - diff --git a/main/bitlbee/bitlbee.initd b/main/bitlbee/bitlbee.initd deleted file mode 100644 index 79a439393d..0000000000 --- a/main/bitlbee/bitlbee.initd +++ /dev/null @@ -1,29 +0,0 @@ -#!/sbin/openrc-run - -name=bitlbee -daemon=/usr/sbin/$name - -. /etc/conf.d/$name - -depend() { - need net - after firewall -} - -start() { - ebegin "Starting ${name}" - start-stop-daemon --start --quiet \ - --pidfile /var/run/${name}.pid \ - --user nobody:nobody \ - --exec ${daemon} -- ${PORT} ${OPTS} - eend $? -} - -stop() { - ebegin "Stopping ${name}" - start-stop-daemon --stop --signal 9 --quiet \ - --pidfile /var/run/$name.pid \ - --exec ${daemon} - eend $? -} - diff --git a/main/bluez-firmware/APKBUILD b/main/bluez-firmware/APKBUILD index d0e3d4a272..e13d3d2c33 100644 --- a/main/bluez-firmware/APKBUILD +++ b/main/bluez-firmware/APKBUILD @@ -1,27 +1,25 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=bluez-firmware pkgver=1.2 -pkgrel=0 +pkgrel=1 pkgdesc="Firmware for Broadcom BCM203x Blutonium devices" url="http://www.bluez.org/" arch="all" -license="GPL-2.0" -depends="" -makedepends="" -source="http://bluez.sf.net/download/$pkgname-$pkgver.tar.gz" +license="GPL-2.0-or-later" +source="http://bluez.sf.net/download/bluez-firmware-$pkgver.tar.gz" build() { - cd "$srcdir/$pkgname-$pkgver" ./configure \ --build=$CBUILD \ --host=$CHOST \ - --libdir=/lib \ - || return 1 - make || return 1 + --libdir=/lib + make } package() { - cd "$srcdir/$pkgname-$pkgver" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install } -sha512sums="15db2f9d38a496882e4cc3754af1e58aa99e1b849f2066c541d76c66a8ffdc5532799fe1fd473cfc158bf5ea86a46687716cbcf83c6dcac0ce66d97d679648dd bluez-firmware-1.2.tar.gz" + +sha512sums=" +15db2f9d38a496882e4cc3754af1e58aa99e1b849f2066c541d76c66a8ffdc5532799fe1fd473cfc158bf5ea86a46687716cbcf83c6dcac0ce66d97d679648dd bluez-firmware-1.2.tar.gz +" diff --git a/main/bluez/APKBUILD b/main/bluez/APKBUILD index d9359d770a..43a6073005 100644 --- a/main/bluez/APKBUILD +++ b/main/bluez/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Leo <thinkabit.ukim@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=bluez -pkgver=5.63 +pkgver=5.64 pkgrel=0 pkgdesc="Tools for the Bluetooth protocol stack" url="http://www.bluez.org/" @@ -187,7 +187,7 @@ openrc() { } sha512sums=" -1b8ce7b1bd9611873c27a762a60df580edeefe5424e8733a2067b9afb1a47915f9319849bc1eeee148f5b1f33977b7975e05867e8dbdf73d33cd68e6b99ca75b bluez-5.63.tar.xz +f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd bluez-5.64.tar.xz e1d64fac673cceb657684b1bc5c36ff6d05f7cc5832d940863129adacd5b8ade1315b14df039a61f061950ac99e155266530efe2d2d35ea3c145b0469698a726 bluetooth.initd 8d7b7c8938a2316ce0a855e9bdf1ef8fcdf33d23f4011df828270a088b88b140a19c432e83fef15355d0829e3c86be05b63e7718fef88563254ea239b8dc12ac rfcomm.initd a70aa0dbbabe7e29ee81540a6f98bf191a850da55a28f678975635caf34b363cf4d461a801b3484120ee28fdd21240bd456a4f5d706262700924bd2e9a0972fb rfcomm.confd @@ -199,7 +199,8 @@ d5fd1c962bd846eaa6fff879bab85f753eb367d514f82d133b5d3242e1da989af5eddd942c60a87d 42ac04044a8c66e07487598b3a75ef52efc32999ebce4e7c63f6198e2f603f4a1442e74600e43a0938cb4f52d4db0298aa99050b18144b84990cda71748e9de5 004-Move-the-43xx-firmware-into-lib-firmware.patch ac635f9bca0e983835940572eb1b96ad70cf60fb84d5b0fde38c76ea6d1b13ef7d9adf81468b9fed779c890ab69dd5dfabf21970bff018466115c424668b82fb 005-hostname-Use-phone-class-for-handhelds.patch 04c4889372c8e790bb338dde7ffa76dc32fcf7370025c71b9184fcf17fd01ade4a6613d84d648303af3bbc54043ad489f29fc0cd4679ec8c9029dcb846d7e026 disable-lock-test.patch -118d55183860f395fc4bdc93efffb13902ebf7388cad722b9061cd2860d404333e500af521741c3d92c0f8a161f6810348fbeb6682e49c372383f417aed8c76a fix-endianness.patch +93ef2fe4e72cfa50d577adbae8de7449d3d070ab00d888bcc378d8a1783191130bf555f63cea781595701a5ef8b34355feae276423b10b1e22e2e43d10e09eac fix-endianness.patch 641e425333d269833eed624edec0e29cba04bb0ff6570f6afda178a164fc2bb77456fa88957fe49f36000d3601ac00bb7ba089400977c1577e9c226e74baa3d6 musl.patch 9c57bb1abf1b4927441a2a25c3c2599b0da82850e6b945d09e824e25be7c7efa99e54999cf5b799a1093303202badf08833cc4ccb36203901dfa516031ea8eb0 test-mesh-crypto.patch -2e92639512c11e69d3c47e222a012b4f58fa7727d18b3639130e8fe91654773b1205ddbe650efe49a26ec41a64d39ddba2806503272e09252c51d194e3ced33d fix-musl.patch" +2e92639512c11e69d3c47e222a012b4f58fa7727d18b3639130e8fe91654773b1205ddbe650efe49a26ec41a64d39ddba2806503272e09252c51d194e3ced33d fix-musl.patch +" diff --git a/main/bluez/fix-endianness.patch b/main/bluez/fix-endianness.patch index ee0e0d1e3e..c60e229329 100644 --- a/main/bluez/fix-endianness.patch +++ b/main/bluez/fix-endianness.patch @@ -1,10 +1,13 @@ ---- bluez-5.47/src/shared/util.h.old 2016-09-26 07:29:00.000000000 -0500 -+++ bluez-5.47/src/shared/util.h 2017-12-27 22:49:50.538716424 -0600 -@@ -26,6 +26,7 @@ - #include <alloca.h> +--- a/src/shared/util.h ++++ b/src/shared/util.h +@@ -15,6 +15,7 @@ #include <byteswap.h> #include <string.h> + #include <sys/types.h> +#include <endian.h> - #if __BYTE_ORDER == __LITTLE_ENDIAN - #define le16_to_cpu(val) (val) + #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) + #define BIT(n) (1 << (n)) +-- +2.30.2 + diff --git a/main/boost1.77/python-3.10.patch b/main/boost1.77/python-3.10.patch deleted file mode 100644 index 2e1d5e3431..0000000000 --- a/main/boost1.77/python-3.10.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001 -From: Martin Jansa <martin.jansa@lge.com> -Date: Tue, 19 Oct 2021 12:24:31 +0000 -Subject: [PATCH] BoostConfig.cmake: allow searching for python310 - -* accept double digits in Python3_VERSION_MINOR - -* if someone is using e.g.: - find_package(Python3 REQUIRED) - find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR}) - - with python-3.10 then it currently fails with: - - -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0") - -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter - CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package): - Could not find a package configuration file provided by "boost_python310" - (requested version 1.77.0) with any of the following names: - - boost_python310Config.cmake - boost_python310-config.cmake - - Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or - set "boost_python310_DIR" to a directory containing one of the above files. - If "boost_python310" provides a separate development package or SDK, be - sure it has been installed. - Call Stack (most recent call first): - /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component) - /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package) - CMakeLists.txt:18 (find_package) - -Signed-off-by: Martin Jansa <martin.jansa@lge.com> ---- - BoostConfig.cmake | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BoostConfig.cmake b/BoostConfig.cmake -index fd17821..5dffa58 100644 ---- a/tools/boost_install/BoostConfig.cmake -+++ b/tools/boost_install/BoostConfig.cmake -@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet) - set(_BOOST_REQUIRED REQUIRED) - endif() - -- if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$") -+ if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$") - - # handle pythonXY and numpyXY versioned components for compatibility - diff --git a/main/boost1.77/0001-revert-cease-dependence-on-range.patch b/main/boost1.78/0001-revert-cease-dependence-on-range.patch index a6002074ab..a6002074ab 100644 --- a/main/boost1.77/0001-revert-cease-dependence-on-range.patch +++ b/main/boost1.78/0001-revert-cease-dependence-on-range.patch diff --git a/main/boost1.78/APKBUILD b/main/boost1.78/APKBUILD new file mode 100644 index 0000000000..bdb83372e5 --- /dev/null +++ b/main/boost1.78/APKBUILD @@ -0,0 +1,197 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=boost1.78 +pkgver=1.78.0 +_pkgver="${pkgver//./_}" +pkgrel=2 +pkgdesc="Free peer-reviewed portable C++ source libraries" +url="https://www.boost.org/" +arch="all" +license="BSL-1.0" +depends="$pkgname-libs" +depends_dev="$pkgname linux-headers bzip2-dev icu-dev xz-dev zlib-dev" +makedepends="$depends_dev python3-dev>=3.8 flex bison" +subpackages=" + $pkgname-static + $pkgname-dev + $pkgname-doc + " +source="https://boostorg.jfrog.io/artifactory/main/release/$pkgver/source/boost_$_pkgver.tar.bz2 + boost-1.57.0-python-abi_letters.patch + boost-1.57.0-python-libpython_dep.patch + 0001-revert-cease-dependence-on-range.patch + bjam-no-skip-install.patch + boost-1.78.0-interprocess-musl-include.patch + " +builddir="$srcdir/boost_$_pkgver" + +_enginedir="tools/build/src/engine" +_bjam="$builddir"/$_enginedir/b2 + +_libs=" + atomic + chrono + container + context + contract + coroutine + date_time + fiber + filesystem + graph + iostreams + locale + log_setup + log + math + prg_exec_monitor + program_options + python3 + random + regex + serialization + stacktrace_basic + stacktrace_noop + system + thread + timer + type_erasure + unit_test_framework + wave + wserialization + json + nowide + " +for _lib in $_libs; do + subpackages="$subpackages $pkgname-${_lib}:_boostlib" +done; unset -v _lib +subpackages="$subpackages $pkgname-libs" + +_set_options() { + local _python="$(_pyversion python3)" + export PY3_VERSION="$_python" + export BOOST_ROOT="$builddir" + + _options=" + --user-config=\"$builddir/user-config.jam\" + --prefix=\"$pkgdir/usr\" + variant=release + python=$PY3_VERSION + toolset=gcc + debug-symbols=off + threading=multi + runtime-link=shared + link=shared,static + cflags=-fno-strict-aliasing + --layout=system + -q + -j${JOBS:-2} + " +} + +prepare() { + default_prepare + _set_options + + local abiflags="$(python3-config --abiflags)" + + # create user-config.jam + cat > user-config.jam <<-__EOF__ + + using gcc : : $CC : <cxxflags>"$CXXFLAGS" <linkflags>"$LDFLAGS" ; + using python : $PY3_VERSION : /usr/bin/python3 : /usr/include/python${PY3_VERSION}$abiflags : : : : $abiflags ; + + __EOF__ +} + +build() { + _set_options + + msg "Building bjam" + cd "$builddir"/$_enginedir + CC= ./build.sh gcc + + msg "Building bcp" + cd "$builddir"/tools/bcp + "$_bjam" -j${JOBS:-2} + + msg "Building boost" + cd "$builddir" + + "$_bjam" $_options +} + +check() { + cd "$builddir"/tools/build/test + + PATH="${_bjam%/*}:$PATH" python3 test_all.py --default-bjam +} + +package() { + _set_options + + install -Dm755 "$_bjam" \ + "$pkgdir"/usr/bin/b2 + ln -s b2 "$pkgdir"/usr/bin/bjam # old name for b2 binary + + install -Dm755 dist/bin/bcp "$pkgdir"/usr/bin/bcp + + install -Dm644 LICENSE_1_0.txt \ + "$pkgdir"/usr/share/licenses/$pkgname/LICENSE_1_0.txt + + "$pkgdir"/usr/bin/bjam $_options \ + --includedir="$pkgdir"/usr/include \ + --libdir="$pkgdir"/usr/lib \ + install +} + +static() { + pkgdesc="Boost static libraries" + depends="$depends_static" + + amove usr/lib/lib*.a +} + +_boostlib() { + local name="${subpkgname#$pkgname-}" + pkgdesc="Boost $name shared library" + depends="$depends__boostlib" + + amove usr/lib/libboost_$name*.so.[0-9]* +} + +libs() { + default_libs + + pkgdesc="Boost shared libraries" + depends="$depends_libs" + local _pkg; for _pkg in $origsubpackages; do + case "$_pkg" in + *:_boostlib) depends="$depends ${_pkg%%:*}" ;; + esac + done + + mkdir -p "$subpkgdir" + rmdir "$pkgdir"/usr/lib >/dev/null 2>&1 || : +} + +dev() { + default_dev + replaces="boost1.77-dev" +} + +doc() { + default_doc +} + +_pyversion() { + "$1" -c 'import sys; print("%i.%i" % (sys.version_info.major, sys.version_info.minor))' +} + +sha512sums=" +9c34a387a203b99aa773eb0c59f5abac7a99ba10e4623653e793c1d5b29b99b88e0e4e0d4e2e4ca5d497c42f2e46e23bab66417722433a457dc818d7670bcbbf boost_1_78_0.tar.bz2 +d96d4d37394a31764ed817d0bc4a99cffa68a75ff1ecfd4417b9e1e5ae2c31a96ed24f948c6f2758ffdac01328d2402c4cf0d33a37107e4f5f721e636daebd66 boost-1.57.0-python-abi_letters.patch +132c4b62815d605c2d3c9038427fa4f422612a33711d47b2862f2311516af8a371d6b75bf078a7bffe20be863f8d21fb9fe74dc1a1bac3a10d061e9768ec3e02 boost-1.57.0-python-libpython_dep.patch +9b53d2fe2dddd592e43db03c26fadd6c07d4c45a980ae4c775b7a914346a3914f6e0c3ef42dad5e2ea4568afb86c9967e09444ff609cfba1e1d39f4980b22ad6 0001-revert-cease-dependence-on-range.patch +3e6679ce66b5fb5e89ba9500c7fdc94f0f7ede0c821cd89d488a618ecd7e6f2edd80b4a1928402a569f6e33fdefbd709bd16868b3d703a070c6117a65ac4761c bjam-no-skip-install.patch +18d3944abd74a8f3b4dc53f39f47b4138a03b50f49f7a2cb7ccc49528d9a6c547d29b5589c620e02e0a6080c417fb33cd2b4d5a67644815d520091463771ed87 boost-1.78.0-interprocess-musl-include.patch +" diff --git a/main/boost1.78/bjam-no-skip-install.patch b/main/boost1.78/bjam-no-skip-install.patch new file mode 100644 index 0000000000..bf63081f52 --- /dev/null +++ b/main/boost1.78/bjam-no-skip-install.patch @@ -0,0 +1,73 @@ +Patch-Source: https://github.com/bfgroup/b2/commit/78fd284a42caabe8815cb0870b46e5567872e75b +From 78fd284a42caabe8815cb0870b46e5567872e75b Mon Sep 17 00:00:00 2001 +From: Dmitry <grisumbras@gmail.com> +Date: Sat, 11 Dec 2021 16:58:23 +0300 +Subject: [PATCH] Don't skip install targets if there's <build>no in ureqs + (#113) + +--- + src/tools/stage.jam | 4 ++++ + test/install_build_no.py | 26 ++++++++++++++++++++++++++ + test/test_all.py | 1 + + 3 files changed, 31 insertions(+) + create mode 100755 test/install_build_no.py + +diff --git a/src/tools/stage.jam b/src/tools/stage.jam +index c5f02e3ba4..325129dc81 100644 +--- a/tools/build/src/tools/stage.jam ++++ b/tools/build/src/tools/stage.jam +@@ -478,6 +478,10 @@ class install-target-class : basic-target + return [ sequence.unique $(result2) ] ; + } + ++ rule skip-from-usage-requirements ( ) ++ { ++ } ++ + # Returns true iff 'type' is subtype of some element of 'types-to-include'. + # + local rule include-type ( type : types-to-include * ) +diff --git a/test/install_build_no.py b/test/install_build_no.py +new file mode 100755 +index 0000000000..0ccf3c5cc6 +--- /dev/null ++++ b/tools/build/test/install_build_no.py +@@ -0,0 +1,26 @@ ++#!/usr/bin/python ++ ++# Copyright 2021 Dmitry Arkhipov (grisumbras@gmail.com) ++# Distributed under the Boost Software License, Version 1.0. ++# (See accompanying file LICENSE.txt or https://www.bfgroup.xyz/b2/LICENSE.txt) ++ ++# Check that <build>no in usage-requirements of dependencies does not affect ++# install rule, i.e. a skipped installed target does not affect insallation of ++# other targets. ++ ++import BoostBuild ++ ++t = BoostBuild.Tester() ++ ++t.write("a.cpp", "int main() {}\n") ++ ++t.write("jamroot.jam", """ ++make x : : maker : <build>no ; ++exe a : a.cpp ; ++install install : x a ; ++""") ++ ++t.run_build_system() ++t.expect_addition("install/a.exe") ++ ++t.cleanup() +diff --git a/test/test_all.py b/test/test_all.py +index b7ef5ad701..9ed729d017 100644 +--- a/tools/build/test/test_all.py ++++ b/tools/build/test/test_all.py +@@ -250,6 +250,7 @@ def reorder_tests(tests, first_test): + "inherit_toolset", + "inherited_dependency", + "inline", ++ "install_build_no", + "libjpeg", + "liblzma", + "libpng", diff --git a/main/boost1.77/boost-1.57.0-python-abi_letters.patch b/main/boost1.78/boost-1.57.0-python-abi_letters.patch index 7df3ee7047..7df3ee7047 100644 --- a/main/boost1.77/boost-1.57.0-python-abi_letters.patch +++ b/main/boost1.78/boost-1.57.0-python-abi_letters.patch diff --git a/main/boost1.77/boost-1.57.0-python-libpython_dep.patch b/main/boost1.78/boost-1.57.0-python-libpython_dep.patch index 57bfc26774..57bfc26774 100644 --- a/main/boost1.77/boost-1.57.0-python-libpython_dep.patch +++ b/main/boost1.78/boost-1.57.0-python-libpython_dep.patch diff --git a/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch b/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch new file mode 100644 index 0000000000..5a6f8a97c5 --- /dev/null +++ b/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch @@ -0,0 +1,23 @@ +Patch-Source: https://github.com/boostorg/interprocess/commit/d002a0d929ecb031843d806c2bda69e013442e13 +From: Leonardo Neumann <leonardo@neumann.dev.br> +Date: Mon, 13 Dec 2021 01:07:20 -0300 +Subject: [PATCH] Fix missing sys/stat.h include on musl-based systems + +Boost 1.78.0 fails to build on musl-based systems because musl does +not include sys/stat.h by default. + +Fixes #161 ("Boost compiler error") +--- a/boost/interprocess/permissions.hpp ++++ b/boost/interprocess/permissions.hpp +@@ -29,6 +29,10 @@ + + #include <boost/interprocess/detail/win32_api.hpp> + ++#else ++ ++#include <sys/stat.h> ++ + #endif + + #endif //#ifndef BOOST_INTERPROCESS_DOXYGEN_INVOKED + diff --git a/main/boost1.79/0001-revert-cease-dependence-on-range.patch b/main/boost1.79/0001-revert-cease-dependence-on-range.patch new file mode 100644 index 0000000000..a6002074ab --- /dev/null +++ b/main/boost1.79/0001-revert-cease-dependence-on-range.patch @@ -0,0 +1,49 @@ +From 436e1dbe6fcd31523d261d18ad011392f1d6fbbc Mon Sep 17 00:00:00 2001 +From: Oliver Kowalke <oliver.kowalke@gmail.com> +Date: Sun, 1 Dec 2019 20:40:28 +0100 +Subject: [PATCH] Revert "Cease dependence on Range" + +This reverts commit 0c556bb59241e682bbcd3f572815149c5a9b17db. + +see #44 (One test fails to compile after boostorg/coroutine submodule updated) +--- + boost/coroutine/asymmetric_coroutine.hpp | 12 +++--------- + 1 file changed, 3 insertions(+), 9 deletions(-) + +diff --git a/boost/coroutine/asymmetric_coroutine.hpp b/boost/coroutine/asymmetric_coroutine.hpp +index ea96981..640896f 100644 +--- a/boost/coroutine/asymmetric_coroutine.hpp ++++ b/boost/coroutine/asymmetric_coroutine.hpp +@@ -14,6 +14,7 @@ + #include <boost/assert.hpp> + #include <boost/config.hpp> + #include <boost/move/move.hpp> ++#include <boost/range.hpp> + #include <boost/throw_exception.hpp> + #include <boost/utility/explicit_operator_bool.hpp> + +@@ -2354,19 +2355,12 @@ end( push_coroutine< R > & c) + + } + +-// forward declaration of Boost.Range traits to break dependency on it +-template<typename C, typename Enabler> +-struct range_mutable_iterator; +- +-template<typename C, typename Enabler> +-struct range_const_iterator; +- + template< typename Arg > +-struct range_mutable_iterator< coroutines::push_coroutine< Arg >, void > ++struct range_mutable_iterator< coroutines::push_coroutine< Arg > > + { typedef typename coroutines::push_coroutine< Arg >::iterator type; }; + + template< typename R > +-struct range_mutable_iterator< coroutines::pull_coroutine< R >, void > ++struct range_mutable_iterator< coroutines::pull_coroutine< R > > + { typedef typename coroutines::pull_coroutine< R >::iterator type; }; + + } +-- +2.24.1 + diff --git a/main/boost1.77/APKBUILD b/main/boost1.79/APKBUILD index 1032de5933..2292013a42 100644 --- a/main/boost1.77/APKBUILD +++ b/main/boost1.79/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> -pkgname=boost1.77 -pkgver=1.77.0 +pkgname=boost1.79 +pkgver=1.79.0 _pkgver="${pkgver//./_}" -pkgrel=3 +pkgrel=1 pkgdesc="Free peer-reviewed portable C++ source libraries" url="https://www.boost.org/" arch="all" @@ -20,7 +20,7 @@ source="https://boostorg.jfrog.io/artifactory/main/release/$pkgver/source/boost_ boost-1.57.0-python-abi_letters.patch boost-1.57.0-python-libpython_dep.patch 0001-revert-cease-dependence-on-range.patch - python-3.10.patch + boost-1.79.0-fix-segfault-in-array-erase.patch " builddir="$srcdir/boost_$_pkgver" @@ -69,19 +69,18 @@ subpackages="$subpackages $pkgname-libs" # Claim the unversioned name, this must be removed once we switch our # boost to a new version provides="boost=$pkgver-r$pkgrel" -replaces="boost" +replaces="boost boost1.78" _set_options() { - [ -n "$PY3_VERSION" ] || PY3_VERSION="$(_pyversion python3)" - - local _options_python="${PY2_VERSION:+$PY2_VERSION,}$PY3_VERSION" - [ -z "$_options_python" ] || _options_python="python=$_options_python" + local _python="$(_pyversion python3)" + export PY3_VERSION="$_python" + export BOOST_ROOT="$builddir" _options=" --user-config=\"$builddir/user-config.jam\" --prefix=\"$pkgdir/usr\" - release - $_options_python + variant=release + python=$PY3_VERSION toolset=gcc debug-symbols=off threading=multi @@ -91,27 +90,26 @@ _set_options() { --layout=system -q -j${JOBS:-2} - $_options_carch " } prepare() { default_prepare - _set_options + local abiflags="$(python3-config --abiflags)" # create user-config.jam cat > user-config.jam <<-__EOF__ using gcc : : $CC : <cxxflags>"$CXXFLAGS" <linkflags>"$LDFLAGS" ; - using python : ${PY3_VERSION:+$PY3_VERSION }: /usr/bin/python3 : ${PY3_VERSION:+/usr/include/python${PY3_VERSION}$abiflags }: : : : ${abiflags:+$abiflags }; + using python : $PY3_VERSION : /usr/bin/python3 : /usr/include/python${PY3_VERSION}$abiflags : : : : $abiflags ; __EOF__ } build() { - export BOOST_ROOT="$builddir" + _set_options msg "Building bjam" cd "$builddir"/$_enginedir @@ -123,7 +121,7 @@ build() { msg "Building boost" cd "$builddir" - _set_options + "$_bjam" $_options } @@ -134,7 +132,6 @@ check() { } package() { - export BOOST_ROOT="$builddir" _set_options install -Dm755 "$_bjam" \ @@ -161,8 +158,7 @@ static() { provides="boost-static=$pkgver-r$pkgrel" replaces="boost-static" - mkdir -p "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/lib*.a "$subpkgdir"/usr/lib/ + amove usr/lib/lib*.a } _boostlib() { @@ -175,8 +171,7 @@ _boostlib() { provides="boost-$name=$pkgver-r$pkgrel" replaces="boost-$name" - mkdir -p "$subpkgdir"/usr/lib - mv "$pkgdir"/usr/lib/libboost_$name*.so.[0-9]* "$subpkgdir"/usr/lib/ + amove usr/lib/libboost_$name*.so.[0-9]* } libs() { @@ -199,6 +194,14 @@ libs() { rmdir "$pkgdir"/usr/lib >/dev/null 2>&1 || : } +dev() { + # Claim the unversioned name, this must be removed once we switch our + # boost to a new version. Replace previous boost version for clean -dev + # upgrade + default_dev + replaces="boost1.78-dev" +} + _dev() { # This makes boost-dev be a metapackage that depends on boostX.Y-dev mkdir -p "$subpkgdir" @@ -219,9 +222,9 @@ _pyversion() { } sha512sums=" -39b45c9b60bc5a2a4c669a4463d1272c1e093376b2fb374d7f20a84ea10a3e23bb04b335a735a83a04575731f874d9bff77e89acd947524b3fbbae1b26ae1f2f boost_1_77_0.tar.bz2 +70909e0561c213d10a1fdd692f9ae7b293d3cdc63e925bdc207da9e9bba6e86474341100e7ee5de6d94f9561196b1a3a1597055a7b7382babf8931131170a312 boost_1_79_0.tar.bz2 d96d4d37394a31764ed817d0bc4a99cffa68a75ff1ecfd4417b9e1e5ae2c31a96ed24f948c6f2758ffdac01328d2402c4cf0d33a37107e4f5f721e636daebd66 boost-1.57.0-python-abi_letters.patch 132c4b62815d605c2d3c9038427fa4f422612a33711d47b2862f2311516af8a371d6b75bf078a7bffe20be863f8d21fb9fe74dc1a1bac3a10d061e9768ec3e02 boost-1.57.0-python-libpython_dep.patch 9b53d2fe2dddd592e43db03c26fadd6c07d4c45a980ae4c775b7a914346a3914f6e0c3ef42dad5e2ea4568afb86c9967e09444ff609cfba1e1d39f4980b22ad6 0001-revert-cease-dependence-on-range.patch -1d84ee5fecd7a8c2491b997fa1b9031195642c8d4946bb391f5a52c84f1fefd2cf4bb64a90601cbbd4fa1795d7a86f8cf78f4124fdbb1619b07ed31aa20e00bf python-3.10.patch +17db69e7b41665b2fae5630aa5edf15f0b8d00aa04e8597b198eb4f530793e8227d0234ceb9c8a9859fac3a4ceb5b9eb51721329b91497a422d4ff579739b964 boost-1.79.0-fix-segfault-in-array-erase.patch " diff --git a/main/boost1.79/boost-1.57.0-python-abi_letters.patch b/main/boost1.79/boost-1.57.0-python-abi_letters.patch new file mode 100644 index 0000000000..7df3ee7047 --- /dev/null +++ b/main/boost1.79/boost-1.57.0-python-abi_letters.patch @@ -0,0 +1,62 @@ +--- boost_1_57_0/tools/build/src/tools/python.jam 2013-05-21 06:14:18.000000000 +0200 ++++ boost_1_55_0/tools/build/src/tools/python.jam 2014-05-29 19:09:12.115413877 +0200 +@@ -94,7 +94,7 @@ feature.feature pythonpath : : free opti + # using python : 2.3 : /usr/local/bin/python ; + # + rule init ( version ? : cmd-or-prefix ? : includes * : libraries ? +- : condition * : extension-suffix ? ) ++ : condition * : extension-suffix ? : abi-letters ? ) + { + project.push-current $(.project) ; + +@@ -107,7 +107,7 @@ rule init ( version ? : cmd-or-prefix ? + } + } + +- configure $(version) : $(cmd-or-prefix) : $(includes) : $(libraries) : $(condition) : $(extension-suffix) ; ++ configure $(version) : $(cmd-or-prefix) : $(includes) : $(libraries) : $(condition) : $(extension-suffix) : $(abi-letters) ; + + project.pop-current ; + } +@@ -653,7 +653,7 @@ local rule system-library-dependencies ( + + # Declare a target to represent Python's library. + # +-local rule declare-libpython-target ( version ? : requirements * ) ++local rule declare-libpython-target ( version ? : requirements * : abi-letters ? ) + { + # Compute the representation of Python version in the name of Python's + # library file. +@@ -677,13 +677,13 @@ local rule declare-libpython-target ( ve + } + + # Declare it. +- lib python.lib : : <name>python$(lib-version) $(requirements) ; ++ lib python.lib : : <name>python$(lib-version)$(abi-letters) $(requirements) ; + } + + + # Implementation of init. + local rule configure ( version ? : cmd-or-prefix ? : includes * : libraries ? : +- condition * : extension-suffix ? ) ++ condition * : extension-suffix ? : abi-letters ? ) + { + local prefix ; + local exec-prefix ; +@@ -699,6 +699,7 @@ local rule configure ( version ? : cmd-o + extension-suffix ?= _d ; + } + extension-suffix ?= "" ; ++ abi-letters ?= "" ; + + # Normalize and dissect any version number. + local major-minor ; +@@ -922,7 +923,7 @@ local rule configure ( version ? : cmd-o + } + else + { +- declare-libpython-target $(version) : $(target-requirements) ; ++ declare-libpython-target $(version) : $(target-requirements) : $(abi-letters) ; + + # This is an evil hack. On, Windows, when Python is embedded, nothing + # seems to set up sys.path to include Python's standard library diff --git a/main/boost1.79/boost-1.57.0-python-libpython_dep.patch b/main/boost1.79/boost-1.57.0-python-libpython_dep.patch new file mode 100644 index 0000000000..57bfc26774 --- /dev/null +++ b/main/boost1.79/boost-1.57.0-python-libpython_dep.patch @@ -0,0 +1,13 @@ +Index: boost_1_57_0/tools/build/src/tools/python.jam +=================================================================== +--- boost_1_57_0/tools/build/src/tools/python.jam (revision 50406) ++++ boost_1_57_0/tools/build/src/tools/python.jam (working copy) +@@ -994,7 +994,7 @@ + else + { + alias python_for_extensions +- : ++ : python + : $(target-requirements) + : + : $(usage-requirements) diff --git a/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch b/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch new file mode 100644 index 0000000000..f853bc25dd --- /dev/null +++ b/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch @@ -0,0 +1,50 @@ +Patch-Source: https://www.boost.org/users/history/version_1_79_0.html , known-issues +diff -ur boost_1_79_0/boost/json/impl/array.ipp boost_1_79_0/boost/json/impl/array.ipp +--- boost_1_79_0/boost/json/impl/array.ipp 2022-04-06 17:02:43.000000000 -0400 ++++ boost_1_79_0/boost/json/impl/array.ipp 2022-04-13 20:55:20.464359478 -0400 +@@ -491,8 +491,11 @@ + auto const p = &(*t_)[0] + + (pos - &(*t_)[0]); + destroy(p, p + 1); +- relocate(p, p + 1, 1); + --t_->size; ++ if(t_->size > 0) ++ relocate(p, p + 1, ++ t_->size - (p - ++ &(*t_)[0])); + return p; + } + +diff -ur boost_1_79_0/libs/json/test/array.cpp boost_1_79_0/libs/json/test/array.cpp +--- boost_1_79_0/libs/json/test/array.cpp 2022-04-06 17:02:43.000000000 -0400 ++++ boost_1_79_0/libs/json/test/array.cpp 2022-04-13 20:53:32.671782680 -0400 +@@ -1270,6 +1270,21 @@ + } + + void ++ testIssue692() ++ { ++ array a; ++ object obj; ++ obj["test1"] = "hello"; ++ a.push_back(obj); ++ a.push_back(obj); ++ a.push_back(obj); ++ a.push_back(obj); ++ a.push_back(obj); ++ while(a.size()) ++ a.erase(a.begin()); ++ } ++ ++ void + run() + { + testDestroy(); +@@ -1283,6 +1298,7 @@ + testExceptions(); + testEquality(); + testHash(); ++ testIssue692(); + } + }; + diff --git a/main/botan/APKBUILD b/main/botan/APKBUILD index 3332e06e3e..938831a676 100644 --- a/main/botan/APKBUILD +++ b/main/botan/APKBUILD @@ -1,8 +1,8 @@ # Contributor: tcely <tcely@users.noreply.github.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=botan -pkgver=2.18.1 -pkgrel=4 +pkgver=2.19.1 +pkgrel=2 pkgdesc="Crypto and TLS for C++11" url="https://botan.randombit.net/" arch="all" @@ -10,9 +10,7 @@ license="BSD-2-Clause" depends_dev="boost-dev bzip2-dev openssl1.1-compat-dev sqlite-dev xz-dev zlib-dev" makedepends="$depends_dev python3" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" -source="https://botan.randombit.net/releases/Botan-$pkgver.tar.xz - dl-exponents.patch - CVE-2021-40529.patch" +source="https://botan.randombit.net/releases/Botan-$pkgver.tar.xz" builddir="$srcdir/Botan-$pkgver" # secfixes: @@ -62,7 +60,5 @@ package() { } sha512sums=" -2f11d1ab703d977a2d64504d2a2489ce56109a2a6c46c0dc7c8db428470ce511bcc0160f70baedad29237abd5e1622f2c155ea58c4dec4d3ae57ee7b350415c3 Botan-2.18.1.tar.xz -e0d5e2c07d1ea66def33cbf8d64ba87eeb46c10ff0c14a54bc518b87a668a74a184e18b89440a2ef4b78ddf97cb4e2b02f1a70b4bbf705170715e353b2abbddb dl-exponents.patch -fd5d29ea98de0f0ddc63340270f118a2a633e740d604cf030780fdca46a87733654c38c01f933bb607f92cbb3750250a1af6ef9fe26fec601bbe8c9f079a6660 CVE-2021-40529.patch +e604be0e7e82da89e3e1949d3035a87dc63314bd9854d5fe5129ccb3ed5bc78edb0406c7f8ad1a152b59a63b6d98ba207a0851a08428c3452cce794614b5eef5 Botan-2.19.1.tar.xz " diff --git a/main/botan/CVE-2021-40529.patch b/main/botan/CVE-2021-40529.patch deleted file mode 100644 index c864ef5838..0000000000 --- a/main/botan/CVE-2021-40529.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 9a23e4e3bc3966340531f2ff608fa9d33b5185a2 Mon Sep 17 00:00:00 2001 -From: Jack Lloyd <jack@randombit.net> -Date: Tue, 3 Aug 2021 18:20:29 -0400 -Subject: [PATCH] Avoid using short exponents with ElGamal - -Some off-brand PGP implementation generates keys where p - 1 is -smooth, as a result short exponents can leak enough information about -k to allow decryption. ---- - src/lib/pubkey/elgamal/elgamal.cpp | 8 +++- - src/tests/data/pubkey/elgamal_decrypt.vec | 45 +++++++++++++++++++++++ - src/tests/data/pubkey/elgamal_encrypt.vec | 17 ++++++--- - 3 files changed, 62 insertions(+), 8 deletions(-) - -diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp -index b3ec6df2cb..0e33c2ca5f 100644 ---- a/src/lib/pubkey/elgamal/elgamal.cpp -+++ b/src/lib/pubkey/elgamal/elgamal.cpp -@@ -113,8 +113,12 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len, - if(m >= m_group.get_p()) - throw Invalid_Argument("ElGamal encryption: Input is too large"); - -- const size_t k_bits = m_group.exponent_bits(); -- const BigInt k(rng, k_bits); -+ /* -+ Some ElGamal implementations foolishly use prime fields where p - 1 is -+ smooth, as a result it is unsafe to use short exponents. -+ */ -+ const size_t k_bits = m_group.p_bits() - 1; -+ const BigInt k(rng, k_bits, false); - - const BigInt a = m_group.power_g_p(k, k_bits); - const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits)); -diff --git a/src/tests/data/pubkey/elgamal_decrypt.vec b/src/tests/data/pubkey/elgamal_decrypt.vec -index f676be50e7..a9d9dd1679 100644 ---- a/src/tests/data/pubkey/elgamal_decrypt.vec -+++ b/src/tests/data/pubkey/elgamal_decrypt.vec -@@ -58,3 +58,48 @@ G = 4956716650468111499852968442558584961751486202697832959709919208796153871740 - X = 4304232149632055597449717737864742436448127103739097 - Msg = F73BB7E5C8A5619380 - Ciphertext = C9881464A37749949D66D75CD9B7A8ACAD33DD1FAC7561F684E9CB5343D2ED15969D7EDB4135518B50F0FEC9A9559C1D5E44DAB42C14BBDE2D2711EA4D02D7F27D1A9BCFEC9E8B73FA64BA3C54707FDDE7D5BE695E17FB9D259FB576FD4E57D66C8F727DC236E2A6E9FD01709D34B8D09F7DD3890F003EBE616042B4E0A8A00F6C3F34DE7E002FE72A84AF8D014D64E8CD08B9B56CC3A6BBE6F966B92105A92C5ABF4F2BF735670622F6213FE9739FAD65692E1C0EBF708A47E18600A22972A5A3DA0F22D11C581D46F734151A083FF757E961351EB183B467A859FBB9ED1DAC396FA405701FD6E3A62EB126E93648C3C6DFA9C4DBF3C005880F4799F66B310E -+ -+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF -+G = 0x02 -+X = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E -+Msg = 1C -+Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F -+ -+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF -+G = 0x02 -+X = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8 -+Msg = 7F0CCACA157707BF03 -+Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F -+ -+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF -+G = 0x02 -+X = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C -+Msg = D830F02AA1AE9328CF3F2C6CB7D86875 -+Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1 -+ -+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF -+G = 0x02 -+X = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8 -+Msg = 0E738AF35B6AE8951E5C3BF8EB -+Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D -+ -+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF -+G = 0x02 -+X = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6 -+Msg = D413DAC9D341361F17EDCE1C46A04D343424251B -+Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE -+ -+# Generated by Golang x/crypto -+P = 0xB10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C69A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C013ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD7098488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708DF1FB2BC2E4A4371 -+G = 0xA4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507FD6406CFF14266D31266FEA1E5C41564B777E690F5504F213160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28AD662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24855E6EEB22B3B2E5 -+X = 0x626adfc4696e5dee7f95f24077c8377b1df439cb76ab82134fe4a48b673e565a -+Msg = 0244454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454500476F207465737420766563746F72 -+Ciphertext = 0F0AF27EB240927497A4245E592BDA1AA12420054AA406080420E92FCEDA12A3DCBF1CDEDA86A87029DF05C8D2435DF91A53BF65164375C302C19773C88677E88C36C3BBC408DFAD0672C1A56E5CDB8932AE11DD250F3DC31CB601582CC10C2E4BD26149AA5519AEDC7619C35B6F920B53B3AAEF728B06F37D08250B14C7AA0E291F233A5F5A6EE2333C9839C7C654C21669795B5C1415F92AFFBD24273403160AFE1DF058F554085283E0D5D8C487CBD4F7EFFBAE620C67F285CE4DD83FB1A00733B5BF9CA22A33039A7A15169757EFECC36A15F67609707C751F88FB5E70861BDE09A72A6B4558EA2841792BC86EC523DF23094D4B55663527EAB70D182CA9 -+ -+[EME-PKCS1-v1_5] -+# Same as above test from Go but with PKCS1 padding removed -+P = 0xB10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C69A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C013ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD7098488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708DF1FB2BC2E4A4371 -+G = 0xA4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507FD6406CFF14266D31266FEA1E5C41564B777E690F5504F213160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28AD662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24855E6EEB22B3B2E5 -+X = 0x626adfc4696e5dee7f95f24077c8377b1df439cb76ab82134fe4a48b673e565a -+Msg = 476F207465737420766563746F72 -+Ciphertext = 0F0AF27EB240927497A4245E592BDA1AA12420054AA406080420E92FCEDA12A3DCBF1CDEDA86A87029DF05C8D2435DF91A53BF65164375C302C19773C88677E88C36C3BBC408DFAD0672C1A56E5CDB8932AE11DD250F3DC31CB601582CC10C2E4BD26149AA5519AEDC7619C35B6F920B53B3AAEF728B06F37D08250B14C7AA0E291F233A5F5A6EE2333C9839C7C654C21669795B5C1415F92AFFBD24273403160AFE1DF058F554085283E0D5D8C487CBD4F7EFFBAE620C67F285CE4DD83FB1A00733B5BF9CA22A33039A7A15169757EFECC36A15F67609707C751F88FB5E70861BDE09A72A6B4558EA2841792BC86EC523DF23094D4B55663527EAB70D182CA9 -diff --git a/src/tests/data/pubkey/elgamal_encrypt.vec b/src/tests/data/pubkey/elgamal_encrypt.vec -index 059eb1668d..92e8690549 100644 ---- a/src/tests/data/pubkey/elgamal_encrypt.vec -+++ b/src/tests/data/pubkey/elgamal_encrypt.vec -@@ -3,30 +3,35 @@ - Group = modp/ietf/1024 - Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E - Msg = 1C --Nonce = EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297 -+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297 - Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F - -+Group = modp/ietf/1024 -+Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E -+Msg = 1C -+Nonce = D0F937A84865734C37877CBBD731D9A378EA8644B5C4D9A65B2C81C46F1014364F3593C6B9DFF25E0741EFB6C3E033522D66A6DA1C6B7666E8C15112BFAB850C38177C30CC05449B1A7D0D11EDD555997C57840D319279E5C80A51DC15F8103B820C5C870432DC14B70A12207EF749C835825C63B05B2E1A8FE36F0264D5B13D -+Ciphertext = B1F5602B7E72A8B3B5932EE86F303A14D764BAD54BF37902F0AA4C2592E04D3BB70F6CAAD3287B613D48C4D735E776F212BB26D46F53699B08194A0105239C588A2678EDC7476DF68B6C60F83E8DE47BA3477E17B3AD72D96F41FC1066089940F99ED6C0C8E9E77F322D986FDC4C718451E2CFBA51DCE13741C78AF81878EC6D4155741BFDD369A9DB4C9619E3753E0E80BD39A9B788481FB82ABA9A26FEF1B7619F9FC524B5D64DA2E3B23F8E8C0922754EB56A495DBD4F31B2DD3F9DC76A2EAB4D94F957F4E3776F423B85A8CDB343787AAFF00C95AFC297875DFF49EC9C886A5D550E1130A6CCC25E4A1C2D078C3B98586FFFD3C87EABC3FDC13A15AD4666 -+ - Group = modp/ietf/1536 - Secret = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8 - Msg = 7F0CCACA157707BF03 --Nonce = F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857 -+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857 - Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F - - Group = modp/ietf/2048 - Secret = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C - Msg = D830F02AA1AE9328CF3F2C6CB7D86875 --Nonce = DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538 -+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538 - Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1 - - Group = modp/ietf/3072 - Secret = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8 - Msg = 0E738AF35B6AE8951E5C3BF8EB --Nonce = F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306 -+Nonce = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306 - Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D - - Group = modp/ietf/4096 - Secret = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6 - Msg = D413DAC9D341361F17EDCE1C46A04D343424251B --Nonce = B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257 -+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257 - Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE -- diff --git a/main/botan/dl-exponents.patch b/main/botan/dl-exponents.patch deleted file mode 100644 index 28c5e06b81..0000000000 --- a/main/botan/dl-exponents.patch +++ /dev/null @@ -1,304 +0,0 @@ -From 9258696e147894e45d0422fd65a34193fba76211 Mon Sep 17 00:00:00 2001 -From: Jack Lloyd <jack@randombit.net> -Date: Mon, 14 Dec 2020 07:15:20 -0500 -Subject: [PATCH] New sizes for DL exponents - -Avoid using a formula for this and instead just bucket into a few very -rough sizes. In all cases (except very large keys) this results in -using a somewhat larger exponent. ---- - src/lib/pubkey/workfactor.cpp | 23 +++++++------ - src/scripts/test_cli.py | 4 +-- - .../{elgamal.vec => elgamal_decrypt.vec} | 10 ------ - src/tests/data/pubkey/elgamal_encrypt.vec | 32 ++++++++++++++++++ - src/tests/data/pubkey/workfactor.vec | 18 ++++++---- - src/tests/{test_elg.cpp => test_elgamal.cpp} | 33 +++++++++++++++---- - src/tests/test_workfactor.cpp | 2 +- - 7 files changed, 86 insertions(+), 36 deletions(-) - rename src/tests/data/pubkey/{elgamal.vec => elgamal_decrypt.vec} (95%) - create mode 100644 src/tests/data/pubkey/elgamal_encrypt.vec - rename src/tests/{test_elg.cpp => test_elgamal.cpp} (54%) - -diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp -index cd0a83e5ce..13760351ea 100644 ---- a/src/lib/pubkey/workfactor.cpp -+++ b/src/lib/pubkey/workfactor.cpp -@@ -51,16 +51,19 @@ size_t dl_work_factor(size_t bits) - - size_t dl_exponent_size(size_t bits) - { -- /* -- This uses a slightly tweaked version of the standard work factor -- function above. It assumes k is 1 (thus overestimating the strength -- of the prime group by 5-6 bits), and always returns at least 128 bits -- (this only matters for very small primes). -- */ -- const size_t min_workfactor = 64; -- const double log2_k = 0; -- -- return 2 * std::max<size_t>(min_workfactor, nfs_workfactor(bits, log2_k)); -+ if(bits == 0) -+ return 0; -+ if(bits <= 256) -+ return bits - 1; -+ if(bits <= 1024) -+ return 192; -+ if(bits <= 1536) -+ return 224; -+ if(bits <= 2048) -+ return 256; -+ if(bits <= 4096) -+ return 384; -+ return 512; - } - - } -diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py -index 7fb46feab4..5fc2f04e84 100755 ---- a/src/scripts/test_cli.py -+++ b/src/scripts/test_cli.py -@@ -278,7 +278,7 @@ def cli_gen_dl_group_tests(_tmp_dir): - mFvAZ/8wal0= - -----END X9.42 DH PARAMETERS-----""" - -- test_cli("gen_dl_group", "--pbits=1043", pem) -+ test_cli("gen_dl_group", ["--pbits=1043", "--qbits=174"], pem) - - dsa_grp = """-----BEGIN DSA PARAMETERS----- - MIIBHgKBgQCyP1vosC/axliM2hmJ9EOSdd1zBkuzMP25CYD8PFkRVrPLr1ClSUtn -@@ -679,7 +679,7 @@ def cli_pk_workfactor_tests(_tmp_dir): - test_cli("pk_workfactor", "2048", "111") - test_cli("pk_workfactor", ["--type=rsa", "512"], "58") - test_cli("pk_workfactor", ["--type=dl", "512"], "58") -- test_cli("pk_workfactor", ["--type=dl_exp", "512"], "128") -+ test_cli("pk_workfactor", ["--type=dl_exp", "512"], "192") - - def cli_dl_group_info_tests(_tmp_dir): - -diff --git a/src/tests/data/pubkey/elgamal.vec b/src/tests/data/pubkey/elgamal_decrypt.vec -similarity index 95% -rename from src/tests/data/pubkey/elgamal.vec -rename to src/tests/data/pubkey/elgamal_decrypt.vec -index 5cfbacdeee..f676be50e7 100644 ---- a/src/tests/data/pubkey/elgamal.vec -+++ b/src/tests/data/pubkey/elgamal_decrypt.vec -@@ -3,68 +3,58 @@ P = 1365501321293735349225077112267598047546199828869335521691442858164229618266 - G = 13 - X = 1510837665211600837455333225484573368412905214721958306259132011740929687444 - Msg = 02AD1D776D591520E4D8BEF8B21CC2F54FB4EB788E52ECEBE13564435DA66284D51A6A6696E615EF599786CE4CBEFAFF066E0A1CD8868454EB5CE0CA99241B29E1D1492CF2712C2C101B3F3779034683AD8271098C2E3FBAA83901A97D9645FA5815AF79F4F638ECBE09020003F434D708914899C668F34830E70F4CAF0803 --Nonce = 0A5842A8D0C1B07E5DE6FD3E0C6B1108523D4D35417F - Ciphertext = 5B99F58B48F3D473327075F2FF4EEA3C8C1FEB0B241F042864610D6FC512A81F431A965724195DB71C3B84B6B9F1DFAE0DAE60E7CDA957703D10FCCDA45CDD0EF8C8F76AA4F51F3EDAD8E5085B97D69523A3EAC89D67CDFDDCF0A30491A98BE2FD6C5E69C3A2C95300B9DB4EDF2111E7613EF7B2CA430D0CFFBDECF6A7BE592A853B404B6910C48A0204ED3430691E766FBAF21A428B9F833C5932C053C616EEB59850150A22331A8FB5AF2065B595E4F08881B1DB7CB85A28A33F4449890739679CCAA431A9205210995BEA68759B475BE4183A975C9D042FBBEDF589AB6AF017D7523B2CC90CD63526BC584F1E9EF42ABAAA9238987D7F73B94E323C6AADFD - - P = 1541287358797997024335652872773425159872421808416662301794871595911973385718041854467851087853175356350298847849929853669980047096240555092681165983790725605204837589691602540741068782404825906414885161661820441988899240406981724303 - G = 5 - X = 1344717445208905302019700797220481877896877304443340806021921711564 - Msg = 02C1ED6A171875F055809F12BC61829961CC740935C6DCC468FA663E8D1A7DE9E0555E3EA99476436743FC5C76D3E041055FAEB7641907F8E2F1F94061B22E72B7CD39EDD7A6367828CCDC000301CEA7D91CB1E8A3E20DC85FAA23EF6D08E6 --Nonce = F42F854C10C9DD14A6712594A31326A1FD2CF5 - Ciphertext = 9E47FB001BDDB12F2D8E0FA5501A7EAC1B185FDFC7D2FF3E4461B0D75D626F5156DEDD4D25F13C6C1F5F9A1F916058045705F5E82F748E9B6F0DC95D572B8DC2770159092EECA13946F0522FE2A859705009B615818A1B4F98E8DD38CF00DE746ABD5F3852D93F8D9299DE18EB763F11E41A8B9660C5F056538EED431BB8E2199D9012F50C7FBEF5AAD35ECCD7F141CD9AC6553315A2699D6718F50EBDCEAE62A11ACC466E8533EDBAF13C15B5532B323EBF283B108F892DBFCEA21231DFD548 - - P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223 - G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549 - X = 175607362627753240470186183617696577774 - Msg = 47E586A7E7D98C116A6F553F652E57BF --Nonce = BEF5E7EFAA76C52A8ECEE604EDAFD31B - Ciphertext = CD70DE085B0C586B4E64097EA3AB4CE0B60A71B0F640FE4468F4F940412EDBDD9035EEC602530CFF81B2CDC35805264A866E4689DDBADC3438575B6337118BB23A5AB7710F85F2A4E1E0DBEC5652FEF73C868747ECB7043BA08241A0879A2DC588D3EC14ED552E62B1B111646FF4DFA9050754240A46A840EA5EB1D97712F2BB - - P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223 - G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549 - X = 226260657342880764984259695048075261500 - Msg = 74BC8D009250F4CD2E08BC556EE01449 --Nonce = A2951BE393736E39E9D209FE978C7546 - Ciphertext = 6D6ED1C6E519C628CACC7981A5BBE487F6E013B26448D711911698CEEAA4F746182A716602183A746FC35B022BD7B27EF079F7164309653D148D0CE91907FF6C4A9001A0CCA2A0A163F3F93200C2E40A957919CB84AC35B928E026F1827E6D4A9B986B592BE39861538414D5EA6980248FD3C3C0CDEE372F392D5AC46DB8EEFB - - P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223 - G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549 - X = 190989497955271245954961490592364802400 - Msg = 01AFE1A93EDB9CD3E3715523C952478D --Nonce = 9500DDCD404618F64A2063BC19941A6E - Ciphertext = 0636C3F1C63C54CAB4B48B6EF0ECBFF00BA6AB70DF4DB6266D0785351B37279D41D957D16CAB48C64035DCB2A1CD75BAC298C8ECAE8057D87071EADAA5DA6E2B69B5F353B5753F7E24DA81ABAD40059CD73CFA6E78CAB1C7DA418D55E5DBD42FA4F2B876A25B4AF63588C80E0DB11E8BAB1531960E951C08C1A68C8FAE0DA87C - - P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983 - G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440 - X = 5693645782587047029911723275175292231768316497 - Msg = 58E72BD0F04B11 --Nonce = EF07721FF6B28A8A3B4EBC95C16B13A83649B7 - Ciphertext = C7B6ACADBBCFD3A34EDA31CE9CA7F7889FBB2DF5C6C25793EB974591BF0EDE93637B6A95E8075BDB2A987039D92487665465C98AAD0C123FA00BB9736170E78069AA32DFBEB07099A0B7D439AA807A2D3D6F9F913EBC673F9F8CD5D3C0E9DD0D988EAC4D8204928C2DA8ECD1FA3A598FCBFFEF5017DB8542D123CF69E8C92EB956F10DC995AE6B6564967D5C12A07BA35607C54CC3F10A36FF3603DD7CC1490664610002977CE8C4A4EFFBD1421C902D4D8DFF81D014E1AB55F239E0F2FD28AB - - P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983 - G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440 - X = 4008521039270359712424267366152273661245582878 - Msg = C37AA41207A357DBCCFBE93DC45C5BD91D29FD29CBA29B26AC437A9B560C3BEA --Nonce = A36338E4D7815E6A4B178E951BEF073C6D5A7F - Ciphertext = D824C94623313298600CC20203F8A40006CAFCFC8F883C99AC09DBAE4B95E6DB9FB5737E24D9D7E39B603893076BC81A2BC0C0D608B32B353972B57066535DAAC49E3F7F2A0E243618EEE01C5AB3AFAE1D55E3A1DB33CF713E5187AD51D55144B1A108354ECA651E55F85F253FE73C1C15FA5EDDDA47467BD0425F09E3C4156548E71896659C618B84FD72BA176E2DEEECD8B15F2C05F870697EA464B88273742BD6ECBA5164424F34EBB9E13E31683A16712901818C7E5F502720FBCB075EA1 - - P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983 - G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440 - X = 5316253934868425065538718034591876558413406625 - Msg = 36FDC0501B44AF --Nonce = 832BC01DB63F958D47B6962AEAA74C0831A6AB - Ciphertext = 62E46CDF100BADF4419215256BEC8427DD0388D1B60B5A8675532C0934351BA0036AF58032AB6C4DB829F1A0C8217FBF2CB9C10A5C60FF285919BCAF238E89FBAA4771CAD13D4A69AB2C1FFF0A44D2F9287F1E70D58210AE859074B3969EE800A9D1507BA48582BD1E03CC234B0CB11408BE0932763EDC99CA4BEC6E496A452237F920972C629714EA2F1FF212460C23B66DB56BC73E94743D32D2CD3536A17A136F56D7F7C24E3B8F102F48BBB21633279D3E584E71DC37B436104CA69A6BB3 - - P = 178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239 - G = 49567166504681114998529684425585849617514862026978329597099192087961538717407709177883083441369264146939535263894140299406849834767828526204179623557679393249247253593623658376992386256295047165071989556654741504656225128772294708626157371448610928885819291350567633953878147205134001752476855481804967677085 - X = 3756315909532643155590215634844150624450334340186095 - Msg = DF72B687F62AFEA3A51195EE876E4C87708F7ABB8D2D5DD72B68256DAC6D --Nonce = 0B333C9C486C5F3A96F37D00133ADD18113376C9BE76 - Ciphertext = 4156CF437A39C415B212AAA34C9AACAFA3F3113F53BB75E0BD3D759089E21754EF89B4BA1A8B37E5EDA13F8A2F87D16F03F3B6FE19A5CF799B17D83F7B5E9A225F324AAD7D46E80A1DAFCA337A3F500930A7831D1F3785763EB9A6994063CED033177E1CA2770B751B3053C1445ADFEAED790E49E4685A05B9563D1EF32BD321971D541B525D648EA7C8741D8FA7E46293D46A0F4345BE73EA4FAF1E4C16BCBE11C53BA0FCBA2975BD37F11FE5ADA8731CAED3C403EA6E43AE47ADAA7E28433404AD3ADE6AA8E12BFC374BADAAFB167F3AAF91DC6F8398003E5F8528E8D4773F800D48C8EDDAEDD72A3870E97679F946CE27FB692BC11677757A28F3899A3DA8 - - P = 178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239 - G = 49567166504681114998529684425585849617514862026978329597099192087961538717407709177883083441369264146939535263894140299406849834767828526204179623557679393249247253593623658376992386256295047165071989556654741504656225128772294708626157371448610928885819291350567633953878147205134001752476855481804967677085 - X = 4304232149632055597449717737864742436448127103739097 - Msg = F73BB7E5C8A5619380 --Nonce = 0AD9527B09EAD1E59B4A1CAF58C861B69A856AB8AA80 - Ciphertext = C9881464A37749949D66D75CD9B7A8ACAD33DD1FAC7561F684E9CB5343D2ED15969D7EDB4135518B50F0FEC9A9559C1D5E44DAB42C14BBDE2D2711EA4D02D7F27D1A9BCFEC9E8B73FA64BA3C54707FDDE7D5BE695E17FB9D259FB576FD4E57D66C8F727DC236E2A6E9FD01709D34B8D09F7DD3890F003EBE616042B4E0A8A00F6C3F34DE7E002FE72A84AF8D014D64E8CD08B9B56CC3A6BBE6F966B92105A92C5ABF4F2BF735670622F6213FE9739FAD65692E1C0EBF708A47E18600A22972A5A3DA0F22D11C581D46F734151A083FF757E961351EB183B467A859FBB9ED1DAC396FA405701FD6E3A62EB126E93648C3C6DFA9C4DBF3C005880F4799F66B310E -diff --git a/src/tests/data/pubkey/elgamal_encrypt.vec b/src/tests/data/pubkey/elgamal_encrypt.vec -new file mode 100644 -index 0000000000..059eb1668d ---- /dev/null -+++ b/src/tests/data/pubkey/elgamal_encrypt.vec -@@ -0,0 +1,32 @@ -+# These were generated by Botan and not checked against other implementations -+ -+Group = modp/ietf/1024 -+Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E -+Msg = 1C -+Nonce = EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297 -+Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F -+ -+Group = modp/ietf/1536 -+Secret = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8 -+Msg = 7F0CCACA157707BF03 -+Nonce = F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857 -+Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F -+ -+Group = modp/ietf/2048 -+Secret = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C -+Msg = D830F02AA1AE9328CF3F2C6CB7D86875 -+Nonce = DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538 -+Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1 -+ -+Group = modp/ietf/3072 -+Secret = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8 -+Msg = 0E738AF35B6AE8951E5C3BF8EB -+Nonce = F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306 -+Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D -+ -+Group = modp/ietf/4096 -+Secret = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6 -+Msg = D413DAC9D341361F17EDCE1C46A04D343424251B -+Nonce = B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257 -+Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE -+ -diff --git a/src/tests/data/pubkey/workfactor.vec b/src/tests/data/pubkey/workfactor.vec -index 7d8999da84..1b7fa70235 100644 ---- a/src/tests/data/pubkey/workfactor.vec -+++ b/src/tests/data/pubkey/workfactor.vec -@@ -24,20 +24,26 @@ ParamSize = 14400 - Workfactor = 256 - - [DL_Exponent_Size] -+ParamSize = 192 -+Workfactor = 191 -+ -+ParamSize = 512 -+Workfactor = 192 -+ - ParamSize = 1024 --Workfactor = 86 -+Workfactor = 192 - - ParamSize = 1536 --Workfactor = 103 -+Workfactor = 224 - - ParamSize = 2048 --Workfactor = 116 -+Workfactor = 256 - - ParamSize = 3072 --Workfactor = 138 -+Workfactor = 384 - - ParamSize = 4096 --Workfactor = 156 -+Workfactor = 384 - - ParamSize = 8192 --Workfactor = 208 -+Workfactor = 512 -diff --git a/src/tests/test_elg.cpp b/src/tests/test_elgamal.cpp -similarity index 54% -rename from src/tests/test_elg.cpp -rename to src/tests/test_elgamal.cpp -index 6a6bdb8b54..cb69657251 100644 ---- a/src/tests/test_elg.cpp -+++ b/src/tests/test_elgamal.cpp -@@ -1,5 +1,5 @@ - /* --* (C) 2014,2015 Jack Lloyd -+* (C) 2014,2015,2020 Jack Lloyd - * - * Botan is released under the Simplified BSD License (see license.txt) - */ -@@ -17,15 +17,33 @@ namespace { - - #if defined(BOTAN_HAS_ELGAMAL) - --class ElGamal_KAT_Tests final : public PK_Encryption_Decryption_Test -+class ElGamal_Encrypt_Tests final : public PK_Encryption_Decryption_Test - { - public: -- ElGamal_KAT_Tests() -+ ElGamal_Encrypt_Tests() - : PK_Encryption_Decryption_Test( - "ElGamal", -- "pubkey/elgamal.vec", -- "P,G,X,Msg,Nonce,Ciphertext", -- "Padding") {} -+ "pubkey/elgamal_encrypt.vec", -+ "Group,Padding,Secret,Nonce,Msg,Ciphertext") {} -+ -+ std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override -+ { -+ const Botan::BigInt x = vars.get_req_bn("Secret"); -+ const Botan::DL_Group grp(vars.get_req_str("Group")); -+ -+ std::unique_ptr<Botan::Private_Key> key(new Botan::ElGamal_PrivateKey(Test::rng(), grp, x)); -+ return key; -+ } -+ }; -+ -+class ElGamal_Decrypt_Tests final : public PK_Decryption_Test -+ { -+ public: -+ ElGamal_Decrypt_Tests() -+ : PK_Decryption_Test( -+ "ElGamal", -+ "pubkey/elgamal_decrypt.vec", -+ "P,G,X,Msg,Ciphertext") {} - - std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override - { -@@ -53,7 +71,8 @@ class ElGamal_Keygen_Tests final : public PK_Key_Generation_Test - } - }; - --BOTAN_REGISTER_TEST("pubkey", "elgamal_encrypt", ElGamal_KAT_Tests); -+BOTAN_REGISTER_TEST("pubkey", "elgamal_encrypt", ElGamal_Encrypt_Tests); -+BOTAN_REGISTER_TEST("pubkey", "elgamal_decrypt", ElGamal_Decrypt_Tests); - BOTAN_REGISTER_TEST("pubkey", "elgamal_keygen", ElGamal_Keygen_Tests); - - #endif -diff --git a/src/tests/test_workfactor.cpp b/src/tests/test_workfactor.cpp -index fe61f80e46..8c11869c73 100644 ---- a/src/tests/test_workfactor.cpp -+++ b/src/tests/test_workfactor.cpp -@@ -34,7 +34,7 @@ class PK_Workfactor_Tests final : public Text_Based_Test - } - else if(type == "DL_Exponent_Size") - { -- output = Botan::dl_exponent_size(param_size) / 2; -+ output = Botan::dl_exponent_size(param_size); - } - - Test::Result result(type + " work factor calculation"); diff --git a/main/btrfs-progs/APKBUILD b/main/btrfs-progs/APKBUILD index 298d4129da..078b06c4b2 100644 --- a/main/btrfs-progs/APKBUILD +++ b/main/btrfs-progs/APKBUILD @@ -2,19 +2,37 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=btrfs-progs -pkgver=5.16 +pkgver=5.18.1 pkgrel=0 pkgdesc="BTRFS filesystem utilities" url="https://btrfs.wiki.kernel.org" arch="all" license="GPL-2.0-or-later LGPL-3.0-or-later" depends_dev="linux-headers" -makedepends="$depends_dev acl-dev asciidoc attr-dev autoconf automake - e2fsprogs-dev libtool lzo-dev py3-setuptools python3-dev util-linux-dev - xmlto zlib-dev zstd-dev eudev-dev" -subpackages="$pkgname-doc $pkgname-static $pkgname-dev +makedepends="$depends_dev + acl-dev + asciidoc + attr-dev + autoconf + automake + e2fsprogs-dev + libtool + lzo-dev + py3-setuptools + python3-dev + util-linux-dev + xmlto + zlib-dev + zstd-dev + eudev-dev + py3-sphinx" +subpackages="$pkgname-doc + $pkgname-static + $pkgname-dev $pkgname-bash-completion - py3-$pkgname:py3 $pkgname-libs $pkgname-extra" + py3-$pkgname:py3 + $pkgname-libs + $pkgname-extra" source="https://www.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/btrfs-progs-v$pkgver.tar.xz" builddir="$srcdir/$pkgname-v$pkgver" @@ -71,5 +89,5 @@ extra() { } sha512sums=" -3ba557134b19f1abb6c63bf3e2092852f92e988677c4bcf9421c824824b87565ae5cc0e5bca0370be81766a8c8fbda21dfb443dcd159f705f31e70b6bf19aa63 btrfs-progs-v5.16.tar.xz +265a03b0db00a231ad51bb75fb161dee0a7a51cd120a696ca0524f08ef635b18afe43b391fa9889a4a79734ccc3931e4374bd950eb26dc47ddc8482368efed0e btrfs-progs-v5.18.1.tar.xz " diff --git a/main/bubblewrap/APKBUILD b/main/bubblewrap/APKBUILD index b3fad96bde..ebc23f8f14 100644 --- a/main/bubblewrap/APKBUILD +++ b/main/bubblewrap/APKBUILD @@ -1,14 +1,14 @@ # Contributor: Timo Teräs <timo.teras@iki.fi> # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=bubblewrap -pkgver=0.5.0 +pkgver=0.6.2 pkgrel=0 pkgdesc="Unprivileged sandboxing tool" url="https://github.com/containers/bubblewrap" arch="all" license="LGPL-2.0-or-later" options="!check" # Testsuite fails -makedepends="autoconf automake libcap-dev docbook-xsl" +makedepends="bash meson libcap-dev docbook-xsl" subpackages="$pkgname-doc $pkgname-bash-completion $pkgname-zsh-completion" source="bubblewrap-$pkgver.tar.gz::https://github.com/containers/bubblewrap/archive/v$pkgver.tar.gz" @@ -16,28 +16,17 @@ source="bubblewrap-$pkgver.tar.gz::https://github.com/containers/bubblewrap/arch # 0.4.1-r0: # - CVE-2020-5291 -prepare() { - NOCONFIGURE=1 ./autogen.sh - default_prepare -} - build() { - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --mandir=/usr/share/man \ - --infodir=/usr/share/info \ - --localstatedir=/var \ - --with-priv-mode=none \ - --enable-require-userns=yes - make + abuild-meson \ + -Drequire_userns=true \ + . output + meson compile ${JOBS:+-j ${JOBS}} -C output } package() { - make install DESTDIR="$pkgdir" + DESTDIR="$pkgdir" meson install --no-rebuild -C output } sha512sums=" -9d1faa02aaf78a8005d5f032cfc708d9823b5d110bd35f600a7d075122eeda785db72dd5c5e416a35ade437cd0ff9b176d24aea980971e304600e03c793d1865 bubblewrap-0.5.0.tar.gz +09b89836242941bd5d1975a64a9543caae77c344ace7baf06670fddbfce28be22728cf0a7e4c2df142b2d89a903df92cfd4671b442058953ea4ebb099eb05577 bubblewrap-0.6.2.tar.gz " diff --git a/main/build-base/APKBUILD b/main/build-base/APKBUILD index 7dff94e7ec..709b5eec6b 100644 --- a/main/build-base/APKBUILD +++ b/main/build-base/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=build-base pkgver=0.5 -pkgrel=2 +pkgrel=3 url=http://dev.alpinelinux.org/cgit pkgdesc="Meta package for build base" depends="binutils file gcc g++ make libc-dev fortify-headers patch" @@ -11,7 +11,7 @@ if [ "$CHOST" != "$CTARGET" ]; then depends="binutils-$CTARGET_ARCH gcc-$CTARGET_ARCH g++-$CTARGET_ARCH $depends" fi arch="noarch" -license=none +license="MIT" options="!check" build() { diff --git a/main/busybox-initscripts/APKBUILD b/main/busybox-initscripts/APKBUILD index 84bea82d4c..65bec6c676 100644 --- a/main/busybox-initscripts/APKBUILD +++ b/main/busybox-initscripts/APKBUILD @@ -1,24 +1,32 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=busybox-initscripts -pkgver=4.0 -pkgrel=5 +pkgver=4.1 +pkgrel=1 pkgdesc="Init scripts for busybox daemons" url="https://git.alpinelinux.org/aports/tree/main/busybox-initscripts" arch="noarch" license="GPL-2.0-only" -depends="busybox openrc>=0.24.1-r6" +depends="busybox openrc>=0.24.1-r6 mdev-conf=$pkgver-r$pkgrel" makedepends="" install="$pkgname.post-install $pkgname.post-upgrade" -subpackages="" -options="!check" +subpackages="mdev-conf:_mdev_conf" +checkdepends="bats" replaces="alpine-baselayout openntpd" source="acpid.initd crond.initd dnsd.initd httpd.initd inetd.initd klogd.initd mdev.initd ntpd.initd rdate.initd syslog.initd udhcpd.initd loadkmap.initd watchdog.initd crond.confd klogd.confd ntpd.confd rdate.confd syslog.confd watchdog.confd loadkmap.confd mdev.conf dvbdev usbdev persistent-storage + ptpdev + ptpdev.bats " +check() { + cd "$srcdir" + msg "running tests" + bats *.bats +} + package() { local i cd "$srcdir" @@ -32,7 +40,8 @@ package() { install -m644 "$srcdir"/$i "$pkgdir"/etc/conf.d/${i%.*} || return 1 done install -m644 mdev.conf "$pkgdir"/etc - install -m755 dvbdev usbdev persistent-storage "$pkgdir"/lib/mdev/ + install -m755 dvbdev persistent-storage ptpdev usbdev \ + "$pkgdir"/lib/mdev/ # poweroff script for acpid cat >"$pkgdir"/etc/acpi/PWRF/00000080 <<EOF @@ -42,6 +51,12 @@ EOF chmod +x "$pkgdir"/etc/acpi/PWRF/00000080 } +_mdev_conf() { + pkgdesc="Configuration files for mdev and mdevd" + depends= + amove etc/mdev.conf lib/mdev +} + sha512sums=" dd548670114a92404b8e35fb915fdbe5994498b05b0a418583271c3dd72fb7800950e42c095c902a014eb198c046b8a346d43dccd8e7a158048ae33767c572ed acpid.initd c9d0fb0f8cc27d661d3b4e58c56eb598ca368890576e18ffffd42efdf68ba35537656be9be319b2e2818aa0152d3ca8611bece2433512fbfcd4eed7988765549 crond.initd @@ -63,8 +78,10 @@ b0ba67585f39d83320ed6de183d7463a0e163807b9f3dc6f0baa212236056f22aeb2c5399dfdcd54 bf8173ee33a5d2b61cbdbc1b070e599a17a21e5433a0d8aa9beef71e4ac831304076af8e7e58dc594cdee61562329793afdc57af91e5496bf5fffb9b734a3d9c syslog.confd 359af0a4a1841dd6557eaf3e71d39f0d7a2687bad6a8fc6ef436eccf72a40f85c6400a3b7880c7f64d8e460b6af8a0ff3dd5ffc3a4b1aa8eb0d8f7eaf99ee3e4 watchdog.confd acbba3385fb2c416362eb9176f24146b617a2e394ee0e00b9eff89350f82468a5ab8396f4f52b0aaf03d341ac6150c73182e808fa3f29a2dc71c69271cdfb811 loadkmap.confd -634fa067629febcdd8ba9516fbaafddd5be2d38ac37bff9eccfacce0fcf3b259426c12ff967b179bd93b2962401a4a2f15709d32da0623bd078688b8611817cd mdev.conf +b5c299d5dcd854eb23717aab6938e2e1c9572d10ed667595b4a98f9cddca9f81c3f8f7ae508b62db5fe203c45c696d3c2a9ce62761aa329b2bcfcc5e5a3a9224 mdev.conf ebd82f935da2ca89097234dd8a8f47e179a423652c151123a1f3343f3e1e7bfaba2b8800380e988d4e8f4294545d3a9ab6708ae2e77c5b108b5f091bbce8f94a dvbdev b2dcf0ded9264334d79fbbb05dd12d649dc3119a060db5893f0e8aeca2141323961c3ba4c822a0ffb00dba848742d5cb374dc77e776b57cecde352a3e8e30f8a usbdev 0f54666072a8ee32965cc1b5205a6d35bc2ba6655f298c37ba9ccd72949fa7c41b1e540ec91f41b11f4b261ace614cdcc42dccf390bf0a22698d0ba499feae39 persistent-storage +46b9379a5def08ce0afffae546693c19be158ca4fa4ce3c619ec81e0adbaa087ea5dd6df10abbfcd59bfdaf351d7170a7d24c2b403eceeb80f4f04f090630227 ptpdev +5e1f6fabd7845f9cd6f90477f10a0b428b4414caed18a6dfe8e86e2ce3d373521d593aa6a9ee475b138a18b15c7a403a2bb0e1987b1dbdb6d465ebd7d5836a86 ptpdev.bats " diff --git a/main/busybox-initscripts/mdev.conf b/main/busybox-initscripts/mdev.conf index 903786fd00..0857942cab 100644 --- a/main/busybox-initscripts/mdev.conf +++ b/main/busybox-initscripts/mdev.conf @@ -58,7 +58,7 @@ vcs[0-9]* root:tty 0660 vcsa[0-9]* root:tty 0660 # rpi bluetooth -#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N & +#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N & ttyACM[0-9] root:dialout 0660 @ln -sf $MDEV modem ttyUSB[0-9] root:dialout 0660 @ln -sf $MDEV modem @@ -87,6 +87,9 @@ sequencer.* root:audio 0660 >sound/ SUBSYSTEM=sound;.* root:audio 0660 +# PTP devices +ptp[0-9] root:root 0660 */lib/mdev/ptpdev + # virtio-ports SUBSYSTEM=virtio-ports;vport.* root:root 0600 @mkdir -p virtio-ports; ln -sf ../$MDEV virtio-ports/$(cat /sys/class/virtio-ports/$MDEV/name) @@ -130,5 +133,9 @@ ida/(.*) root:disk 0660 =ida/%1 rd!(.*) root:disk 0660 =rd/%1 rd/(.*) root:disk 0660 =rd/%1 +# tape devices +nst[0-9]+.* root:tape 0660 +st[0-9]+.* root:tape 0660 + # fallback for any!device -> any/device -(.*)!(.*) root:root 0660 =%1/%2 +(.*)!(.*) root:root 0660 =%1/%2 diff --git a/main/busybox-initscripts/ntpd.initd b/main/busybox-initscripts/ntpd.initd index ad738057da..ad738057da 100755..100644 --- a/main/busybox-initscripts/ntpd.initd +++ b/main/busybox-initscripts/ntpd.initd diff --git a/main/busybox-initscripts/ptpdev b/main/busybox-initscripts/ptpdev new file mode 100755 index 0000000000..56757fba28 --- /dev/null +++ b/main/busybox-initscripts/ptpdev @@ -0,0 +1,15 @@ +#!/bin/sh + +symlink_action() { + case "$ACTION" in + add) ln -sf "$1" "$2";; + remove) rm -f "$2";; + esac +} + +clock_name=$(cat ${SYSFS:-/sys}/class/ptp/$MDEV/clock_name 2>/dev/null | sed -e 's/ /_/g') +case "$clock_name" in + KVM_virtual_PTP) symlink_action $MDEV ptp_kvm ;; + ptp_vmw) symlink_action $MDEV ptp_vmw ;; + hyperv) symlink_action $MDEV ptp_hyperv ;; +esac diff --git a/main/busybox-initscripts/ptpdev.bats b/main/busybox-initscripts/ptpdev.bats new file mode 100644 index 0000000000..7c43c482d0 --- /dev/null +++ b/main/busybox-initscripts/ptpdev.bats @@ -0,0 +1,49 @@ +setup() { + mdevscript=${BATS_TEST_FILENAME%.bats} + root="$BATS_FILE_TMPDIR" + mkdir -p "$root"/dev "$root"/sys "$root"/bin + PATH="$root/bin:$PATH" + export SYSFS="$root/sys" + + mkdir -p "$root"/sys/class/ptp/ptp0 \ + "$root"/sys/class/ptp/ptp1 \ + "$root"/sys/class/ptp/ptp2 + + echo "KVM virtual PTP" > "$root"/sys/class/ptp/ptp0/clock_name + echo "ptp vmw" > "$root"/sys/class/ptp/ptp1/clock_name + echo hyperv > "$root"/sys/class/ptp/ptp2/clock_name + + cd "$root"/dev +} + +teardown() { + rm -r "$root" +} + +@test "ptpdev kvm" { + MDEV=ptp0 ACTION=add sh $mdevscript + [ $(readlink ptp_kvm) = ptp0 ] + + MDEV=ptp0 ACTION=remove sh $mdevscript + run readlink ptp_kvm + [ "$status" -ne 0 ] +} + +@test "ptpdev vmw" { + MDEV=ptp1 ACTION=add sh $mdevscript + [ $(readlink ptp_vmw) = ptp1 ] + + MDEV=ptp1 ACTION=remove sh $mdevscript + run readlink ptp_vmw + [ "$status" -ne 0 ] +} + +@test "ptpdev hyperv" { + MDEV=ptp2 ACTION=add sh $mdevscript + run readlink ptp_hyperv + [ $(readlink ptp_hyperv) = ptp2 ] + + MDEV=ptp2 ACTION=remove sh $mdevscript + run readlink ptp_hyperv + [ "$status" -ne 0 ] +} diff --git a/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch new file mode 100644 index 0000000000..1d1716e3b0 --- /dev/null +++ b/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch @@ -0,0 +1,40 @@ +From 0c8da1bead8ffaf270b4b723ead2c517371405d7 Mon Sep 17 00:00:00 2001 +From: Ariadne Conill <ariadne@dereferenced.org> +Date: Sun, 3 Apr 2022 12:14:33 +0000 +Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are + returned for the hostname part + +CVE: Pending +Upstream-Status: Pending +Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> +--- + libbb/xconnect.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libbb/xconnect.c b/libbb/xconnect.c +index 0e0b247b8..02c061e67 100644 +--- a/libbb/xconnect.c ++++ b/libbb/xconnect.c +@@ -497,8 +497,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + ); + if (rc) + return NULL; ++ /* ensure host contains only printable characters */ + if (flags & IGNORE_PORT) +- return xstrdup(host); ++ return xstrdup(printable_string(host)); + #if ENABLE_FEATURE_IPV6 + if (sa->sa_family == AF_INET6) { + if (strchr(host, ':')) /* heh, it's not a resolved hostname */ +@@ -509,7 +510,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags) + #endif + /* For now we don't support anything else, so it has to be INET */ + /*if (sa->sa_family == AF_INET)*/ +- return xasprintf("%s:%s", host, serv); ++ return xasprintf("%s:%s", printable_string(host), serv); + /*return xstrdup(host);*/ + } + +-- +2.35.1 + diff --git a/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch b/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch new file mode 100644 index 0000000000..f1bf02fdd2 --- /dev/null +++ b/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch @@ -0,0 +1,140 @@ +From 8fed81a74070cb42e1dff1a8c2382bd123385e22 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 28 Apr 2022 16:03:16 +0200 +Subject: [PATCH] modinfo: add -k option for kernel version + +It is useful to be able to specify kernel version when generating +initramfs and similar for a kernel version that might not be the running +one. + +bloatcheck on x86_64: + +function old new delta +packed_usage 26193 26218 +25 +modinfo_main 391 414 +23 +.rodata 80296 80298 +2 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/0 up/down: 50/0) Total: 50 +bytes + text data bss dec hex filename + 834606 14124 2008 850738 cfb32 busybox_old + 834657 14124 2008 850789 cfb65 busybox_unstripped + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + modutils/modinfo.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/modutils/modinfo.c b/modutils/modinfo.c +index 0a86c3296..53bc02880 100644 +--- a/modutils/modinfo.c ++++ b/modutils/modinfo.c +@@ -38,17 +38,18 @@ static const char *const shortcuts[] ALIGN_PTR = { + + enum { + OPT_0 = (1 << 0), /* \0 as separator */ +- OPT_F = (1 << 1), /* field name */ ++ OPT_k = (1 << 1), /* kernel version */ ++ OPT_F = (1 << 2), /* field name */ + /* first bits are for -nadlp options, the rest are for + * fields not selectable with "shortcut" options + */ +- OPT_n = (1 << 2), +- OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 2, ++ OPT_n = (1 << 3), ++ OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 3, + }; + + static void display(const char *data, const char *pattern) + { +- int flag = option_mask32 >> 1; /* shift out -0 bit */ ++ int flag = option_mask32 >> 2; /* shift out -0 and -k bits */ + if (flag & (flag-1)) { + /* more than one field to show: print "FIELD:" pfx */ + int n = printf("%s:", pattern); +@@ -82,7 +83,8 @@ static void modinfo(const char *path, const char *version, + } + } + +- for (j = 1; (1<<j) & (OPT_TAGS|OPT_F); j++) { ++ /* skip initial -0 and -k option bits */ ++ for (j = 2; (1<<j) & (OPT_TAGS|OPT_F); j++) { + const char *pattern; + + if (!((1<<j) & tags)) +@@ -90,7 +92,7 @@ static void modinfo(const char *path, const char *version, + + pattern = field; + if ((1<<j) & OPT_TAGS) +- pattern = shortcuts[j-2]; ++ pattern = shortcuts[j-3]; + + if (strcmp(pattern, shortcuts[0]) == 0) { + /* "-n" or "-F filename" */ +@@ -123,7 +125,7 @@ static void modinfo(const char *path, const char *version, + } + + //usage:#define modinfo_trivial_usage +-//usage: "[-adlpn0] [-F keyword] MODULE" ++//usage: "[-adlpn0] [-F keyword] [-k kernel] MODULE" + //usage:#define modinfo_full_usage "\n\n" + //usage: " -a Shortcut for '-F author'" + //usage: "\n -d Shortcut for '-F description'" +@@ -131,6 +133,7 @@ static void modinfo(const char *path, const char *version, + //usage: "\n -p Shortcut for '-F parm'" + ////usage: "\n -n Shortcut for '-F filename'" + //usage: "\n -F keyword Keyword to look for" ++//usage: "\n -k kernel kernel version" + //usage: "\n -0 NUL terminated output" + //usage:#define modinfo_example_usage + //usage: "$ modinfo -F vermagic loop\n" +@@ -139,6 +142,7 @@ int modinfo_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int modinfo_main(int argc UNUSED_PARAM, char **argv) + { + const char *field; ++ const char *kernel; + char name[MODULE_NAME_LEN]; + struct utsname uts; + parser_t *parser; +@@ -147,15 +151,17 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + unsigned i; + + field = NULL; +- opts = getopt32(argv, "^" "0F:nadlp" "\0" "-1"/*minimum one arg*/, &field); ++ uname(&uts); ++ kernel = uts.release; ++ opts = getopt32(argv, "^" "0k:F:nadlp" "\0" "-1"/*minimum one arg*/, &kernel, &field); + /* If no field selected, show all */ + if (!(opts & (OPT_TAGS|OPT_F))) + option_mask32 |= OPT_TAGS; ++ + argv += optind; + +- uname(&uts); + parser = config_open2( +- xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, uts.release, CONFIG_DEFAULT_DEPMOD_FILE), ++ xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, kernel, CONFIG_DEFAULT_DEPMOD_FILE), + xfopen_for_read + ); + +@@ -167,7 +173,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + filename2modname(bb_basename(tokens[0]), name); + for (i = 0; argv[i]; i++) { + if (fnmatch(argv[i], name, 0) == 0) { +- modinfo(tokens[0], uts.release, field); ++ modinfo(tokens[0], kernel, field); + argv[i] = (char *) ""; + } + } +@@ -177,7 +183,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + + for (i = 0; argv[i]; i++) { + if (argv[i][0]) { +- modinfo(argv[i], uts.release, field); ++ modinfo(argv[i], kernel, field); + } + } + +-- +2.36.0 + diff --git a/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch b/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch new file mode 100644 index 0000000000..813010e5f2 --- /dev/null +++ b/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch @@ -0,0 +1,152 @@ +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088398.html +Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088399.html +See-Also: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13427 + +The purpose of this patch is to remove confusing error messages +"Module has invalid ELF structures" produced by kernel when loading gzip +compressed kernel modules using busybox modprobe. +-- +From: Qu Wenruo <wqu@suse.com> +Date: Sun, 03 Jan 2021 04:10:52 +0000 +Subject: [PATCH v2] modutils: check ELF header before calling finit_module() + +finit_module() and init_module() system calls have clear specification +to only accept valid ELF image. + +Although we try finit_module() on compressed modules to let the kernel +determine if it's an ELF image, but it's not ideal, especially when +newer kernel will complain when some invalid files/memory is passed in. + +Treat the kernel better by just doing a very basic ELF header check +before calling finit_module(). + +Signed-off-by: Qu Wenruo <wqu at suse.com> + +diff --git a/modutils/modutils.c b/modutils/modutils.c +index f7ad5e8058fe..037d609e42df 100644 +--- a/modutils/modutils.c ++++ b/modutils/modutils.c +@@ -7,6 +7,7 @@ + */ + #include "modutils.h" + ++#include <elf.h> + #include <sys/syscall.h> + + #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts) +@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p) + } + #endif + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + /* Return: + * 0 on success, + * -errno on open/read error, +@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options) + * to only allow loading of modules off of secure storage (like a read- + * only rootfs) which needs the finit_module call. If it fails, we fall + * back to normal module loading to support compressed modules. ++ * ++ * Note that finit_module()/init_module() only accept ELF image, do ++ * basic check before calling finit_module() to avoid kernel ++ * complaining. + */ + # ifdef __NR_finit_module + { + int fd = open(filename, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- rc = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ rc = finit_module(fd, options, 0) != 0; ++ else ++ rc = 1; + close(fd); + if (rc == 0) + return rc; + +diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c +index db44a2ed0ab5..d2cd6a64c1d0 100644 +--- a/modutils/modprobe-small.c ++++ b/modutils/modprobe-small.c +@@ -24,6 +24,7 @@ + //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o + + #include "libbb.h" ++#include <elf.h> /* for ELF header magic */ + /* After libbb.h, since it needs sys/types.h on some systems */ + #include <sys/utsname.h> /* uname() */ + #include <fnmatch.h> +@@ -249,6 +250,33 @@ static const char *moderror(int err) + } + } + ++#ifdef __NR_finit_module ++/* ++ * Return: ++ * 0 on success, ++ * <0 for error. ++ * ++ * finit_module()/init_module() only accepts ELF format. ++ * Do basic ELF check to avoid calling finit_module() with compressed module. ++ */ ++static int check_elf_header(int fd) ++{ ++ unsigned char buf[EI_NIDENT]; ++ int ret; ++ ++ ret = pread(fd, buf, sizeof(buf), 0); ++ if (ret < sizeof(buf)) ++ return -EIO; ++ if (buf[EI_MAG0] != ELFMAG0 || ++ buf[EI_MAG1] != ELFMAG1 || ++ buf[EI_MAG2] != ELFMAG2 || ++ buf[EI_MAG3] != ELFMAG3) ++ return -EINVAL; ++ /* Other more comprehensive check will be done inside kernel */ ++ return 0; ++} ++#endif ++ + static int load_module(const char *fname, const char *options) + { + #if 1 +@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options) + { + int fd = open(fname, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { +- r = finit_module(fd, options, 0) != 0; ++ if (!check_elf_header(fd)) ++ r = finit_module(fd, options, 0) != 0; ++ else ++ r = 1; + close(fd); + } + } +-- +2.29.2 diff --git a/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch new file mode 100644 index 0000000000..01c45c9ba6 --- /dev/null +++ b/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch @@ -0,0 +1,68 @@ +From 812b407e545b70b16cf32aade135b5c32eaf674f Mon Sep 17 00:00:00 2001 +From: Ariadne Conill <ariadne@dereferenced.org> +Date: Sun, 3 Apr 2022 12:16:45 +0000 +Subject: [PATCH 2/2] nslookup: sanitize all printed strings with + printable_string + +Otherwise, terminal sequences can be injected, which enables various terminal injection +attacks from DNS results. + +CVE: Pending +Upstream-Status: Pending +Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> +--- + networking/nslookup.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/networking/nslookup.c b/networking/nslookup.c +index 6da97baf4..4bdcde1b8 100644 +--- a/networking/nslookup.c ++++ b/networking/nslookup.c +@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + //printf("Unable to uncompress domain: %s\n", strerror(errno)); + return -1; + } +- printf(format, ns_rr_name(rr), dname); ++ printf(format, ns_rr_name(rr), printable_string(dname)); + break; + + case ns_t_mx: +@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + //printf("Cannot uncompress MX domain: %s\n", strerror(errno)); + return -1; + } +- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname); ++ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname)); + break; + + case ns_t_txt: +@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + if (n > 0) { + memset(dname, 0, sizeof(dname)); + memcpy(dname, ns_rr_rdata(rr) + 1, n); +- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname); ++ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname)); + } + break; + +@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + } + + printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr), +- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname); ++ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname)); + break; + + case ns_t_soa: +@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len) + return -1; + } + +- printf("\tmail addr = %s\n", dname); ++ printf("\tmail addr = %s\n", printable_string(dname)); + cp += n; + + printf("\tserial = %lu\n", ns_get32(cp)); +-- +2.35.1 + diff --git a/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch b/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch new file mode 100644 index 0000000000..944fd38318 --- /dev/null +++ b/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch @@ -0,0 +1,32 @@ +From 7750b5a25a8cf9081b7c248687c876d0068e85bb Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Tue, 1 Mar 2022 09:56:54 +0100 +Subject: [PATCH] ash: fix unsafe use of mempcpy + +function old new delta +subevalvar 1549 1557 +8 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/ash.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/shell/ash.c b/shell/ash.c +index 54335c5dd..44ec2eafd 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc, + len = orig_len - pos; + + if (!quotes) { +- loc = mempcpy(startp, startp + pos, len); ++ /* want: loc = mempcpy(startp, startp + pos, len) ++ * but it does not allow overlapping arguments */ ++ loc = startp; ++ while (--len >= 0) { ++ *loc = loc[pos]; ++ loc++; ++ } + } else { + for (vstr = startp; pos != 0; pos--) { + if ((unsigned char)*vstr == CTLESC) diff --git a/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch b/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch new file mode 100644 index 0000000000..6ff2b8286e --- /dev/null +++ b/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch @@ -0,0 +1,81 @@ +From 103728181bfd9a60537166d036e5baca7b67cc1f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> +Date: Sat, 29 Jan 2022 06:11:12 +0100 +Subject: [PATCH] ash: fix use-after-free in bash pattern substitution +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +At Alpine Linux downstream, we were made aware of a segmentation fault +occurring during string replacement in BusyBox ash [0]. Further +debugging revealed that the segmentation fault occurs due to a +use-after-free in BusyBox's bash pattern substitution implementation. +Specially, the problem is that the repl variable (pointing to the +replacement string) points to a value in the stack string. However, when +accessing the repl pointer in Line 7350 it is possible that the stack +has been moved since the last repl assignment due to the STPUTC +invocations in Line 7317 and 7321 (since STPUTC may grow the stack via +realloc(3)). + +For this reason, the code in Line 7350 may access an unmapped memory +region and therefore causes a segmentation fault if prior STPUTC +invocations moved the stack via realloc(3). The valgrind output +for this edge case looks as follows: + + Invalid read of size 1 + at 0x15D8DD: subevalvar (ash.c:7350) + by 0x15DC43: evalvar (ash.c:7666) + by 0x15B717: argstr (ash.c:6893) + by 0x15BAEC: expandarg (ash.c:8090) + by 0x15F4CC: evalcommand (ash.c:10429) + by 0x15B26C: evaltree (ash.c:9365) + by 0x15E4FC: cmdloop (ash.c:13569) + by 0x15FD8B: ash_main (ash.c:14748) + by 0x115BF2: run_applet_no_and_exit (appletlib.c:967) + by 0x115F16: run_applet_and_exit (appletlib.c:986) + by 0x115EF9: busybox_main (appletlib.c:917) + by 0x115EF9: run_applet_and_exit (appletlib.c:979) + by 0x115F8F: main (appletlib.c:1126) + Address 0x48b8646 is 2,054 bytes inside a block of size 4,776 free'd + at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x116E86: xrealloc (xfuncs_printf.c:61) + by 0x1565DB: growstackblock (ash.c:1736) + by 0x156EF7: growstackstr (ash.c:1775) + by 0x156F1A: _STPUTC (ash.c:1816) + by 0x15D843: subevalvar (ash.c:7317) + by 0x15DC43: evalvar (ash.c:7666) + by 0x15B717: argstr (ash.c:6893) + by 0x15BAEC: expandarg (ash.c:8090) + by 0x15F4CC: evalcommand (ash.c:10429) + by 0x15B26C: evaltree (ash.c:9365) + by 0x15E4FC: cmdloop (ash.c:13569) + +A testcase for reproducing this edge case is provided in the downstream +bug report [1]. This commit fixes the issue by reconstructing the repl +pointer relative to stackblock() via strloc and slash_pos. + +[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469 +[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469#note_210530 + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +--- + shell/ash.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/shell/ash.c b/shell/ash.c +index 55df54bd0..24f9a8270 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7346,6 +7346,12 @@ subevalvar(char *start, char *str, int strloc, + idx = loc; + } + ++ // The STPUTC invocations above may resize and move the ++ // stack via realloc(3). Since repl is a pointer into the ++ // stack, we need to reconstruct it relative to stackblock(). ++ if (slash_pos >= 0) ++ repl = (char *)stackblock() + strloc + slash_pos + 1; ++ + //bb_error_msg("repl:'%s'", repl); + for (loc = (char*)repl; *loc; loc++) { + char *restart_detect = stackblock(); diff --git a/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch b/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch new file mode 100644 index 0000000000..5697a5559a --- /dev/null +++ b/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch @@ -0,0 +1,34 @@ +From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Tue, 8 Feb 2022 09:29:21 +0100 +Subject: [PATCH] ed: don't use memcpy with overlapping memory regions + +The memcpy invocations in the subCommand function, modified by this +commit, previously used memcpy with overlapping memory regions. This is +undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since +we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers +implementation catches this source of undefined behavior [0]. The issue +can only be triggered if the replacement string is the same size or +shorter than the old string. + +Looking at the code, it seems to me that a memmove(3) is what was +actually intended here, this commit modifies the code accordingly. + +[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 +--- + editors/ed.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/editors/ed.c b/editors/ed.c +index 209ce9942..4a84f7433 100644 +--- a/editors/ed.c ++++ b/editors/ed.c +@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2) + if (deltaLen <= 0) { + memcpy(&lp->data[offset], newStr, newLen); + if (deltaLen) { +- memcpy(&lp->data[offset + newLen], ++ memmove(&lp->data[offset + newLen], + &lp->data[offset + oldLen], + lp->len - offset - oldLen); + diff --git a/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch new file mode 100644 index 0000000000..3527fa5722 --- /dev/null +++ b/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch @@ -0,0 +1,88 @@ +From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> +Date: Mon, 28 Feb 2022 08:36:50 +0100 +Subject: [PATCH] ash: don't read past end of var in subvareval for bash + substitutions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this patch, BusyBox handles bash pattern substitutions without +a terminating '/' character incorrectly. + +Consider the following shell script: + + _bootstrapver=5.0.211-r0 + _referencesdir="/usr/${_bootstrapver/-*}/Sources" + echo $_referencesdir + +This should output `/usr/5.0.211/Sources`. However, without this patch +it instead outputs `/usr/5.0.211Sources`. This is due to the fact that +BusyBox expects the bash pattern substitutions to always be terminated +with a '/' (at least in this part of subvareval) and thus reads passed +the substitution itself and consumes the '/' character which is part of +the literal string. If there is no '/' after the substitution then +BusyBox might perform an out-of-bounds read under certain circumstances. + +When replacing the bash pattern substitution with `${_bootstrapver/-*/}`, +or with this patch applied, ash outputs the correct value. + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/ash.c | 4 ++++ + shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 + + shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++ + shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 + + shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++ + 5 files changed, 10 insertions(+) + create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right + create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests + create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right + create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests + +diff --git a/shell/ash.c b/shell/ash.c +index adb0f223a..54335c5dd 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc, + *repl = '\0'; + break; + } ++ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */ ++ repl = NULL; ++ break; ++ } + /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */ + if ((unsigned char)*repl == CTLESC && repl[1]) + repl++; +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d diff --git a/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch b/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch new file mode 100644 index 0000000000..22a2578e39 --- /dev/null +++ b/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch @@ -0,0 +1,94 @@ +From 3813e89e3622b034b0e51acae496493a717555cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Wed, 1 Jun 2022 11:51:40 +0200 +Subject: [PATCH] ash: Fix use-after-free on idx variable + +Consider the following code from ash.c: + + STPUTC(*idx, expdest); + if (quotes && (unsigned char)*idx == CTLESC) { + +The idx variable points to a value in the stack string (as managed +by STPUTC). STPUTC may resize this stack string via realloc(3). If +this happens, the idx pointer needs to be updated. Otherwise, +dereferencing idx may result in a use-after free. + +The valgrind output for this edge case looks as follows: + + Invalid read of size 1 + at 0x113AD7: subevalvar (ash.c:7326) + by 0x112EC7: evalvar (ash.c:7674) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + by 0x118989: evalcommand (ash.c:10377) + by 0x116744: evaltree (ash.c:9373) + by 0x1170DC: cmdloop (ash.c:13577) + by 0x1191E4: ash_main (ash.c:14756) + by 0x10CB3B: run_applet_no_and_exit (appletlib.c:967) + by 0x10CBCA: run_applet_and_exit (appletlib.c:986) + by 0x10CBCA: main (appletlib.c:1126) + Address 0x48b4099 is 857 bytes inside a block of size 2,736 free'd + at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x125B03: xrealloc (xfuncs_printf.c:61) + by 0x10F9D2: growstackblock (ash.c:1736) + by 0x10FA4E: growstackstr (ash.c:1775) + by 0x10FA71: _STPUTC (ash.c:1816) + by 0x113A94: subevalvar (ash.c:7325) + by 0x112EC7: evalvar (ash.c:7674) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + by 0x118989: evalcommand (ash.c:10377) + by 0x116744: evaltree (ash.c:9373) + by 0x1170DC: cmdloop (ash.c:13577) + Block was alloc'd at + at 0x48A26D5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x125AE9: xmalloc (xfuncs_printf.c:50) + by 0x10ED56: stalloc (ash.c:1622) + by 0x10F9FF: growstackblock (ash.c:1746) + by 0x10FB2A: growstackto (ash.c:1783) + by 0x10FB47: makestrspace (ash.c:1795) + by 0x10FDE7: memtodest (ash.c:6390) + by 0x10FE91: strtodest (ash.c:6417) + by 0x112CC5: varvalue (ash.c:7558) + by 0x112D80: evalvar (ash.c:7603) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + +This patch fixes this issue by updating the pointers again via +the restart label if STPUTC re-sized the stack. This issue +has been reported to us at Alpine Linux downstream. + +Also: Move the second realloc-check inside the if statement +that follows so it isn't done twice if the condition evaluates +to false. + +See also: + +* https://gitlab.alpinelinux.org/alpine/aports/-/issues/13900 +* http://lists.busybox.net/pipermail/busybox/2022-April/089655.html +--- + shell/ash.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/shell/ash.c b/shell/ash.c +index ef4a47afe..cbc50eefe 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7323,13 +7323,15 @@ subevalvar(char *start, char *str, int strloc, + if (idx >= end) + break; + STPUTC(*idx, expdest); ++ if (stackblock() != restart_detect) ++ goto restart; + if (quotes && (unsigned char)*idx == CTLESC) { + idx++; + len++; + STPUTC(*idx, expdest); ++ if (stackblock() != restart_detect) ++ goto restart; + } +- if (stackblock() != restart_detect) +- goto restart; + idx++; + len++; + rmesc++; diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD index 7a8b36c545..7c685460e2 100644 --- a/main/busybox/APKBUILD +++ b/main/busybox/APKBUILD @@ -1,37 +1,35 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Contributor: Oliver Smith <ollieparanoid@postmarketos.org> # Contributor: Michal Artazov <michal@artazov.cz> -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net> pkgname=busybox pkgver=1.35.0 -pkgrel=1 +pkgrel=17 pkgdesc="Size optimized toolbox of many common UNIX utilities" url="https://busybox.net/" arch="all" license="GPL-2.0-only" makedepends_build="perl" +makedepends_host="linux-headers openssl-dev" +# Only build with UTMPS support if we are not bootstraping. # skalibs-static is needed for utmps-static -makedepends_host=" - linux-headers - openssl1.1-compat-dev - libretls-dev - utmps-dev - utmps-static - skalibs-static - " +[ -z "$BOOTSTRAP" ] && makedepends_host="$makedepends_host utmps-dev utmps-static skalibs-static" makedepends="$makedepends_build $makedepends_host" checkdepends="zip" provides="/bin/sh" +provider_priority=100 install="$pkgname.post-install $pkgname.post-upgrade $pkgname-extras.post-install $pkgname-extras.pre-deinstall" subpackages="$pkgname-static $pkgname-doc $pkgname-suid $pkgname-extras ssl_client $pkgname-ifupdown" -options="suid !check" +options="suid net" # net needed for check() replaces="busybox-initscripts" # move of default.script triggers="busybox.trigger=/bin:/usr/bin:/sbin:/usr/sbin:/lib/modules/*" source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch 0001-properly-fix-wget-https-support.patch + 0001-modutils-check-ELF-header-before-calling-finit_module.patch 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch 0003-ash-exec-busybox.static.patch 0004-app-location-for-cpio-vi-and-lspci.patch @@ -42,12 +40,24 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 0009-depmod-support-generating-kmod-binary-index-files.patch 0010-Add-flag-for-not-following-symlinks-when-recursing.patch 0012-udhcpc-Don-t-background-if-n-is-given.patch + 0013-ash-fix-unsafe-use-of-mempcpy.patch + 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch + 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch + 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch + 0017-ash-Fix-use-after-free-on-idx-variable.patch 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch 0001-avoid-redefined-warnings-when-building-with-utmps.patch + test-fix-tarball-creation.patch + test-timezone-workaround.patch + + 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch + 0002-nslookup-sanitize-all-printed-strings-with-printable.patch + 0001-modinfo-add-k-option-for-kernel-version.patch + CVE-2022-30065.patch acpid.logrotate busyboxconfig @@ -59,6 +69,11 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 " # secfixes: +# 1.35.0-r17: +# - CVE-2022-30065 +# 1.35.0-r7: +# - ALPINE-13661 +# - CVE-2022-28391 # 1.34.0-r0: # - CVE-2021-42374 # - CVE-2021-42375 @@ -96,6 +111,8 @@ _config="$srcdir"/busyboxconfig _config_extras="$srcdir"/busyboxconfig-extras prepare() { + # remove SGID if set as it confuses the busybox testsuite + chmod -R g-s "$builddir" default_prepare mkdir -p "$_staticdir" "$_dyndir" "$_dyndir_extras" @@ -109,8 +126,8 @@ build() { msg "Building ssl_client" # shellcheck disable=SC2046 # Allow wordsplitting for pkg-config - ${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} $(pkg-config --cflags libtls) \ - "$srcdir"/ssl_client.c -o "$_dyndir"/ssl_client ${LDFLAGS} $(pkg-config --libs libtls) + ${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} $(pkg-config --cflags libcrypto libssl) \ + "$srcdir"/ssl_client.c -o "$_dyndir"/ssl_client ${LDFLAGS} $(pkg-config --libs libcrypto libssl) # build dynamic cd "$_dyndir" @@ -121,10 +138,15 @@ build() { -e "s/CONFIG_EXTRA_COMPAT=y/CONFIG_EXTRA_COMPAT=n/" \ .config make -C "$builddir" O="$PWD" silentoldconfig + + local _extra_cflags="" _extra_libs="" + if [ -z "$BOOTSTRAP" ]; then + _extra_cflags="$(pkg-config --cflags --static utmps)" + _extra_libs="$(pkg-config --libs --static utmps)" + fi + # NOTE: Defining CONFIG_EXTRA_LDLIBS in .config doesn't work, the second -l is ignored. - make \ - CONFIG_EXTRA_CFLAGS="$(pkg-config --cflags --static utmps)" \ - CONFIG_EXTRA_LDLIBS="$(pkg-config --libs --static utmps)" + make CONFIG_EXTRA_CFLAGS="$_extra_cflags" CONFIG_EXTRA_LDLIBS="$_extra_libs" # build dynamic (extras) cd "$_dyndir_extras" @@ -154,6 +176,9 @@ build() { } check() { + # Set VERBOSE to see expected outcome of each test (runtest -v flag). + # Set DEBUG to enable command trace (see testsuite/testing.sh). + cd "$_dyndir" SKIP_KNOWN_BUGS=1 make -C "$builddir" O="$PWD" V=1 check @@ -259,6 +284,7 @@ sha512sums=" ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch 1efe1c4894ae983fed5ac848125f8603f157b9d91c952c53f4192b48d3e50967e05559851148397b583f34fb02d480393547904b4635e4248248be567ab268ea 0001-properly-fix-wget-https-support.patch +0cac9b944928500293e366b42e03211d4159d05b622da60664825e5ee87c9bf6d5a8ea5e794584713f7464efb4cdc431e02f439c717b7e62b1864a228bc8cbac 0001-modutils-check-ELF-header-before-calling-finit_module.patch d8694293edc8cd55cecafeb902f03c01af318e13966f399365cf792b840793891ac086bb67ef83e7a5a2e01b246497a6c6511cb6a856834f6672dee4bca76896 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch 8c34dd5ce9a6e84279fa6494cbae0b254778976f341af1d0ccc2a3afb405fb22d374e9623ea83d1500da77c7463db2ed5218d2c9f49350a21114bd0bb17fd87d 0003-ash-exec-busybox.static.patch f9745497abd4d04621f089c62d9f2104c30d54f342125f597292253f2974d385c5f4a46e7d87a5d1b641b11b34ba5221183dd5dad1e3bbe74a787fb8d6a994b7 0004-app-location-for-cpio-vi-and-lspci.patch @@ -269,14 +295,25 @@ f12916e70f7cc1ef4f6d85d09b9a496a52a494e6318029fdce9a9c812ab5c7b2a046c33b66834127 df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4bee37c729a4d20abf127f615b0e238a667d572137abe6a79e 0009-depmod-support-generating-kmod-binary-index-files.patch ecbe5c890d966f09280c7eb534109f785c68e292765f17ed7ff62fcc61d20f61443c4155add0a1ebfb67ce8564e104c1aa22a8ef0400e119b0bca2bca3671f2d 0010-Add-flag-for-not-following-symlinks-when-recursing.patch 3ae5ecf3ea66c8d98762432026806fdb67b13a28075c6a3cb6e811a34ef89c2f0ed651946003aaad97fb4b7f74d132af3c394c114b7a72e1d20b319b739c5a6e 0012-udhcpc-Don-t-background-if-n-is-given.patch +6b1ebc6da26c355a63c166f4c8d1774e7a9c5456ec76b773395a2158cb4848cf245fa5553843666c0a46f4c97d03e08815abae777f2b80bbb69d916618f94761 0013-ash-fix-unsafe-use-of-mempcpy.patch +3eb7609054fa8e03d7e366f7debc5cb0630ff65d521a91be84803bdef3854f81e29d26a9567c501a121e94a55d3a3477894e774508f80def775f2ecc812805e7 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch +0040800382a6e3adcc6a8094b821488c7e297fc80304afba23a4fca43b7b26ac699378dfbd930ebbf9985336b3e431301f7ca93e2d041a071902a48740d263ef 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch +4c95dc4bf6aff9018bfb52b400f6d8375a1d22493b44ea516cb12dba6556f12797a3cba55768d2e59ff57c0f3247ec1ff95edb8f17561f3d37ec18d83ca47eb0 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch +ccdf098fb15eaa316708181469a1193d6eec7067131e7b7645e0219bf03cfd07f4f79e8f62c1e560f6146dcc38186a29bdee08aaa39f290e11d020b8f07d2f65 0017-ash-Fix-use-after-free-on-idx-variable.patch 6d100fe44da2b97c2cbdda253d0504b487212d195144d9315cddbe8c51d18fae3745701923b170b40e35f54b592f94f02cadbffd9cb716661c12a7f1da022763 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch e33dbc27d77c4636f4852d5d5216ef60a9a4343484e4559e391c13c813bf65c782b889914eff2e1f038d74cf02cb0d23824ebbb1044b5f8c86260d5a1bbc4e4d 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch 2640698e5108434991a8491fcc508bd991d2111b14bb6957385393a36603e1d81fdf826ad7b150d487d2a924630ee54c0fc4f979214e90feca9ba7d2fd96a865 0001-avoid-redefined-warnings-when-building-with-utmps.patch +9b66151ef51293292b3829adaf721e5453c0710b1d151ab7e959aff0ffae2ec704e686161909cbbfc09c700e23e7200f5e14539ccc5583bccaa11193ea0cffce test-fix-tarball-creation.patch +f65052adc4df305c22f79cc2819d7750b528ad66289512fc15c442c4347ebd6bc14340e60f2c5209d2e7d2e7feb7d19f372e02dca2451dd36787c5f6908c21d8 test-timezone-workaround.patch +b52050678e79e4da856956906d07fcb620cbf35f2ef6b5a8ee3b8d244ea63b4b98eef505451184d5b4937740d91eef154ed748c30d329ac485be51b37626f251 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch +ead4ad65d270d8659e1898fa16f76b6cbcf567d8aba238eacccda3764edb4362240d9359d6389873bedc126d405f805fc6dfce653a7181618ebcc67c94bd08d2 0002-nslookup-sanitize-all-printed-strings-with-printable.patch +4f6ddd59d6096943f617b0938fca428114190b8b37732d6783faab291451a2c30c452ed39299db22d1d9679d007022f87d43e93b38a4f6ced64a8659e9233773 0001-modinfo-add-k-option-for-kernel-version.patch +22e2fa8f7a6105fd9990f93b71c235980fd4eab62269939a0e3a920fe517ee4f913c6bd0148a554b67fe01d1660bf0fd76a80e9dcac290b4b8b2c304ef6080a9 CVE-2022-30065.patch aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate -a820037a4c74ce18efe5b7f56f18992a5f1bf2d9f729ff5d5f540ee29f88db527724d5c81ccc6a9327d6d905ac4ed0488b10aa7e45184732e1273dc426eaae3c busyboxconfig +20ad8edb3741ffffa99bdb4c00603ddfc76564c869cb46736f878eba01cc3d3f611dd8049625a66ad7f018ce485a9d9592ec133fc8fe7f13da3d69daa6c545ec busyboxconfig 9dc49c5ff0750cd713f49ee566a19e705e6b68e360a82e2c99b15a5271c7e8a5c47aaf399a03828befbe4e9ccbebb3de766cc0cfc1672848a939b5ae97b44aa1 busyboxconfig-extras 0becc2186d6c32fb0c401cf7bc0e46268b38ce8892db33be1daf40273024c1c02d518283f44086a313a2ccef34230a1d945ec148cc173f26e6aa9d88a7426e54 bbsuid.c 6321c1d96d8938a3b5eab21731de289ede136fff550f98127c509452bfb17769ccf94b118491f7b81d3c60e1bbb3e80bb07186e4ce07e29724a52f0daba9b218 dad.if-up -646ad9aefe3596d0170d92c8506ca1846e43b5b83cbef97ae565f15ffa7b14665a8c7061bc69c608c043f834c134c5d63f042509f8999031e89163508a868e46 ssl_client.c +26eac967d6cfe13b7dc973112de145543ac0bdda9e9dd3a69bbd8c133ae6a20387abe9377917efb770b191130d3a6385ff5738abc84a8216d7b86ae88b159260 ssl_client.c c3194ccffe7300a0f55d50fb56d38c8df55d588adac13056fd0be2676594974477f94de5570a5a882bc864c3711cf67aa43b6ad6808e672f4533dd0f7363d2f5 default.script " diff --git a/main/busybox/CVE-2022-30065.patch b/main/busybox/CVE-2022-30065.patch new file mode 100644 index 0000000000..4a9cd67c98 --- /dev/null +++ b/main/busybox/CVE-2022-30065.patch @@ -0,0 +1,63 @@ +From 3c284dcb726ff6599d3b87fb366fb04411cf5595 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Fri, 17 Jun 2022 09:52:11 +0000 +Subject: [PATCH 1/2] awk: fix use after free (CVE-2022-30065) + +fixes https://bugs.busybox.net/show_bug.cgi?id=14781 + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + editors/awk.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/editors/awk.c b/editors/awk.c +index 079d0bde5..728ee8685 100644 +--- a/editors/awk.c ++++ b/editors/awk.c +@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res) + + case XC( OC_MOVE ): + debug_printf_eval("MOVE\n"); ++ /* make sure that we never return a temp var */ ++ if (L.v == TMPVAR0) ++ L.v = res; + /* if source is a temporary string, jusk relink it to dest */ + if (R.v == TMPVAR1 + && !(R.v->type & VF_NUMBER) +-- +2.36.1 + + +From 30c8f8e69230ef27f116a2c10ca2e4a6cc343dad Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 16 Jun 2022 21:54:48 +0200 +Subject: [PATCH 2/2] awk: add tests for CVE-2022-30065 + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + testsuite/awk.tests | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/testsuite/awk.tests b/testsuite/awk.tests +index 93e25d8c1..6c3a03c37 100755 +--- a/testsuite/awk.tests ++++ b/testsuite/awk.tests +@@ -479,4 +479,15 @@ testing 'awk backslash+newline eaten with no trace' \ + "Hello world\n" \ + '' '' + ++testing 'awk use-after-free (CVE-2022-30065)' \ ++ "awk '\$3i\$3in\$9=\$r||\$9=i6/6-9f'" \ ++ "" \ ++ "" \ ++ "" ++ ++testing 'awk assign while test' \ ++ "awk '\$1==\$1=\"foo\" {print \$1}'" \ ++ "foo\n" \ ++ "" \ ++ "foo" + exit $FAILCOUNT +-- +2.36.1 + diff --git a/main/busybox/busyboxconfig b/main/busybox/busyboxconfig index 7b6369c45c..ebf00edc78 100644 --- a/main/busybox/busyboxconfig +++ b/main/busybox/busyboxconfig @@ -555,9 +555,9 @@ CONFIG_VLOCK=y # # Linux Ext2 FS Progs # -# CONFIG_CHATTR is not set +CONFIG_CHATTR=y CONFIG_FSCK=y -# CONFIG_LSATTR is not set +CONFIG_LSATTR=y # CONFIG_TUNE2FS is not set # diff --git a/main/busybox/ssl_client.c b/main/busybox/ssl_client.c index df7b5f9bfb..1be9e585b3 100644 --- a/main/busybox/ssl_client.c +++ b/main/busybox/ssl_client.c @@ -5,7 +5,9 @@ #include <stdlib.h> #include <unistd.h> -#include <tls.h> +#include <openssl/err.h> +#include <openssl/ssl.h> +#include <openssl/x509v3.h> #define BUFSIZE 16384 @@ -17,7 +19,13 @@ # define dbg(...) ((void)0) #endif -static void copy_from_stdin_to_tls(struct tls *ctx, int *fd) +static void ssl_fatal(const char *msg) +{ + ERR_print_errors_fp(stderr); + errx(1, "%s", msg); +} + +static void copy_from_stdin_to_tls(SSL *ssl, int *fd) { static size_t buf[BUFSIZE]; ssize_t n; @@ -34,17 +42,28 @@ static void copy_from_stdin_to_tls(struct tls *ctx, int *fd) } while (n > 0) { - ssize_t r = tls_write(ctx, &buf[i], n); - if (r == TLS_WANT_POLLIN || r == TLS_WANT_POLLOUT) - continue; - if (r < 0) - err(1, "tls_write: %s", tls_error(ctx)); + ssize_t r = SSL_write(ssl, &buf[i], n); + if (r < 0) { + if (SSL_get_error(ssl, r) == SSL_ERROR_WANT_WRITE) { + ERR_clear_error(); + continue; + } + ssl_fatal("SSL_write"); + } i += r; n -= r; } } -static int copy_from_tls_to_stdout(struct tls *ctx) +static int should_retry_read(SSL *ssl, int n) +{ + if (n >= 0 || SSL_get_error(ssl, n) != SSL_ERROR_WANT_READ) + return 0; + ERR_clear_error(); + return 1; +} + +static int copy_from_tls_to_stdout(SSL *ssl) { static size_t buf[BUFSIZE]; ssize_t n,r; @@ -52,10 +71,11 @@ static int copy_from_tls_to_stdout(struct tls *ctx) dbg("DEBUG: data from TLS\n"); do { - n = tls_read(ctx, buf, sizeof(buf)); - } while (n == TLS_WANT_POLLIN || r == TLS_WANT_POLLOUT); + n = SSL_read(ssl, buf, sizeof(buf)); + + } while (should_retry_read(ssl, n)); if (n < 0) - err(1, "tls read: %s", tls_error(ctx)); + ssl_fatal("SSL_read"); if (n == 0) return 1; @@ -70,17 +90,15 @@ static int copy_from_tls_to_stdout(struct tls *ctx) return 0; } -int do_poll(struct pollfd *fds, int nfds) +void do_poll(struct pollfd *fds, int nfds) { - int r; - while ((r = poll(fds, nfds, -1)) < 0) { + while (poll(fds, nfds, -1) < 0) { if (errno != EINTR && errno != ENOMEM) err(1, "poll"); } - return r; } -static void copy_loop(struct tls *ctx, int sfd, int eofexit) +static void copy_loop(SSL *ssl, int sfd) { struct pollfd fds[2] = { { .fd = STDIN_FILENO, .events = POLLIN }, @@ -88,20 +106,18 @@ static void copy_loop(struct tls *ctx, int sfd, int eofexit) }; while (1) { - int r = do_poll(fds, 2); + do_poll(fds, 2); if (fds[0].revents) { - copy_from_stdin_to_tls(ctx, &fds[0].fd); - if (eofexit && fds[0].fd == -1) - break; + copy_from_stdin_to_tls(ssl, &fds[0].fd); } - if (fds[1].revents && copy_from_tls_to_stdout(ctx)) + if (fds[1].revents && copy_from_tls_to_stdout(ssl)) break; } } void usage(const char *prog, int ret) { - printf("usage: %s [-s FD] [-I] [-e] -n SNI\n", prog); + printf("usage: %s [-s FD] [-I] -n SNI\n", prog); exit(ret); } @@ -109,16 +125,12 @@ int main(int argc, char *argv[]) { int c, sfd = 1;; const char *sni = NULL; - struct tls_config *tc; - struct tls *ctx; int insecure = 0; - int localeofexit = 0; + SSL_CTX *ctx; + SSL *ssl = NULL; - while ((c = getopt(argc, argv, "ehs:n:I")) != -1) { + while ((c = getopt(argc, argv, "hs:n:I")) != -1) { switch (c) { - case 'e': - localeofexit = 1; - break; case 'h': usage(argv[0], 0); break; @@ -136,30 +148,36 @@ int main(int argc, char *argv[]) } } - if (tls_init() == -1) - errx(1, "tls_init() failed"); - - if ((ctx = tls_client()) == NULL) - errx(1, "tls_client() failed"); - - if (insecure) { - if ((tc = tls_config_new()) == NULL) - errx(1, "tls_config_new() failed"); - tls_config_insecure_noverifycert(tc); - tls_config_insecure_noverifyname(tc); - tls_config_insecure_noverifytime(tc); - if (tls_configure(ctx, tc) == -1) - err(1, "tls_configure: %s", tls_error(ctx)); - tls_config_free(tc); + OPENSSL_init_ssl(0, NULL); + + if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) + ssl_fatal("SSL_CTX_new"); + + SSL_CTX_set_default_verify_paths(ctx); + + if ((ssl = SSL_new(ctx)) == NULL) + ssl_fatal("SSL_new"); + + SSL_set_fd(ssl, sfd); + SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + + if (SSL_set_tlsext_host_name(ssl, sni) != 1) + ssl_fatal("SSL_set_tlsext_host_name"); + + if (SSL_set1_host(ssl, sni) != 1) + ssl_fatal(sni); + + if (!insecure) { + SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); } - if (tls_connect_fds(ctx, sfd, sfd, sni) == -1) - errx(1, "%s: TLS connect failed", sni); + ERR_clear_error(); + if (SSL_connect(ssl) != 1) + ssl_fatal("SSL_connect"); - if (tls_handshake(ctx) == -1) - errx(1, "%s: %s", sni, tls_error(ctx)); + copy_loop(ssl, sfd); - copy_loop(ctx, sfd, localeofexit); - tls_close(ctx); + SSL_CTX_free(ctx); return 0; } diff --git a/main/busybox/test-fix-tarball-creation.patch b/main/busybox/test-fix-tarball-creation.patch new file mode 100644 index 0000000000..a071dc4f23 --- /dev/null +++ b/main/busybox/test-fix-tarball-creation.patch @@ -0,0 +1,16 @@ +Without this patch, the chmod 644 invocation takes away the executable +bit from the input_dir directory, thus preventing the chmod of the files +within the input_dir directory (due to lack of x-bit). + +diff -upr a/testsuite/tar.tests b/testsuite/tar.tests +--- a/testsuite/tar.tests 2021-12-26 17:53:21.000000000 +0100 ++++ b/testsuite/tar.tests 2022-03-02 20:48:55.873880158 +0100 +@@ -67,7 +67,7 @@ testing "tar hardlinks and repeated file + ln input_hard1 input_hard2 + mkdir input_dir + >input_dir/file +-chmod -R 644 * ++for f in *; do [ "$f" = "input_dir" ] || chmod -R 644 "$f"; done + chmod 755 input_dir + tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input + tar tvf test.tar | sed "s/.*[0-9] input/input/" diff --git a/main/busybox/test-timezone-workaround.patch b/main/busybox/test-timezone-workaround.patch new file mode 100644 index 0000000000..35814eed4c --- /dev/null +++ b/main/busybox/test-timezone-workaround.patch @@ -0,0 +1,28 @@ +musl doesn't seem to recognize UTC0 as a timezone. UTC works though. + +TODO: Figure out if musl /should/ regonize UTC0. + +diff -upr busybox-1.35.0.orig/testsuite/date/date-timezone busybox-1.35.0/testsuite/date/date-timezone +--- busybox-1.35.0.orig/testsuite/date/date-timezone 2022-03-02 22:53:12.337143305 +0100 ++++ busybox-1.35.0/testsuite/date/date-timezone 2022-03-02 22:53:24.047137763 +0100 +@@ -1,17 +1,17 @@ + # FEATURE: CONFIG_FEATURE_TIMEZONE + + # 'Z' is UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5Z') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5Z') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Sat Jan 2 03:04:05" + + # '+0600' is six hours ahead of UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 +0600') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 +0600') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Fri Jan 1 21:04:05" + + # '-0600' is six hours behind UTC +-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 -0600') ++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 -0600') + dt=$(echo "$dt" | cut -b1-19) + test x"$dt" = x"Sat Jan 2 09:04:05" + diff --git a/main/byacc/APKBUILD b/main/byacc/APKBUILD index ee1276c26c..c8293b8524 100644 --- a/main/byacc/APKBUILD +++ b/main/byacc/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Nathan Angelacos <nangel@alpinelinux.org> pkgname=byacc -pkgver=20210808 +pkgver=20220128 pkgrel=0 pkgdesc="The Berkeley Yacc general-purpose parser generator" url="https://invisible-island.net/byacc/byacc.html" @@ -30,5 +30,5 @@ package() { } sha512sums=" -cde092dbd845364752aca228a838b97fc34378c7dd7f860c614d13c8ec7167b8416422ded82864d22e8c3c447b47b30abca591ef8ab667c49f9fa070d68114c4 byacc-20210808.tgz +e8ae4c56f5be4cc0ef1d281c43f02c6296fdc40f630269f2a61af511f270ae059ad185b9718190b8133018f7b74b7ca6f84ced5d63a359960b52ea2a3ef562ea byacc-20220128.tgz " diff --git a/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch b/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch deleted file mode 100644 index 9630cf7fd6..0000000000 --- a/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3184fe80e403b9dc6d5fe3b7ebcd9d375363e2e4 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Wed, 5 Feb 2020 14:42:38 +0100 -Subject: [PATCH 1/3] update-ca: fix compiler warning - ---- - update-ca.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/update-ca.c b/update-ca.c -index 7bb4f1b..2b3195b 100644 ---- a/update-ca.c -+++ b/update-ca.c -@@ -330,7 +330,7 @@ int main(int a, char **v) - free(tmpfile); - - /* Execute run-parts */ -- static const char *run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 }; -+ static char *const run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 }; - execve("/usr/bin/run-parts", run_parts_args, NULL); - execve("/bin/run-parts", run_parts_args, NULL); - perror("run-parts"); --- -2.25.0 - diff --git a/main/ca-certificates/0002-replace-python-script-with-perl-script.patch b/main/ca-certificates/0002-replace-python-script-with-perl-script.patch deleted file mode 100644 index fe7e3d98b9..0000000000 --- a/main/ca-certificates/0002-replace-python-script-with-perl-script.patch +++ /dev/null @@ -1,874 +0,0 @@ -From 6674063331cc37a6a496e44577d9be434cbfc9a2 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Wed, 5 Feb 2020 15:58:32 +0100 -Subject: [PATCH 2/3] replace python script with perl script - -we need ca-certificates when bootstrapping new architectures. Avoid use -of python to reduce number of dependencies when bootstrapping. - -So use mk-ca-bundle.pl script from curl, and add a small shell script -that splits the bundle to separate .crt files, similar way that the -python script did. ---- - .gitignore | 1 + - Makefile | 11 +- - certdata2pem.py | 155 ------------ - mk-ca-bundle.pl | 604 +++++++++++++++++++++++++++++++++++++++++++++ - split-ca-bundle.sh | 30 +++ - 5 files changed, 642 insertions(+), 159 deletions(-) - delete mode 100644 certdata2pem.py - create mode 100644 mk-ca-bundle.pl - create mode 100644 split-ca-bundle.sh - -diff --git a/.gitignore b/.gitignore -index 8878f38..6f5e9fe 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -2,3 +2,4 @@ update-ca-certificates - c_rehash - certdata.stamp - *.crt -+*.pem -diff --git a/Makefile b/Makefile -index 3eb6672..c688d73 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,4 +1,4 @@ --PYTHON := python3 -+PERL := perl - - all: update-ca-certificates c_rehash certdata.stamp - -@@ -8,8 +8,11 @@ update-ca-certificates: update-ca.c - c_rehash: c_rehash.c - ${CC} ${CFLAGS} -o $@ c_rehash.c -lcrypto ${LDFLAGS} - --certdata.stamp: -- ${PYTHON} certdata2pem.py -+cert.pem: mk-ca-bundle.pl -+ ${PERL} mk-ca-bundle.pl -n -w 64 $@ -+ -+certdata.stamp: cert.pem split-ca-bundle.sh -+ ${SHELL} split-ca-bundle.sh < cert.pem - touch $@ - - install: all -@@ -29,7 +32,7 @@ install: all - install -m755 c_rehash ${DESTDIR}/usr/bin - - clean: -- rm -rf update-ca-certificates c_rehash certdata.stamp *.crt -+ rm -rf update-ca-certificates c_rehash certdata.stamp *.crt cert.pem - - # https://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/certdata.txt - update: -diff --git a/certdata2pem.py b/certdata2pem.py -deleted file mode 100644 -index f91422b..0000000 ---- a/certdata2pem.py -+++ /dev/null -@@ -1,155 +0,0 @@ --#!/usr/bin/python --# vim:set et sw=4: --# --# certdata2pem.py - splits certdata.txt into multiple files --# --# Copyright (C) 2009 Philipp Kern <pkern@debian.org> --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 2 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, --# USA. -- --import base64 --import os.path --import re --import sys --import textwrap --import io -- --objects = [] -- --# Dirty file parser. --in_data, in_multiline, in_obj = False, False, False --field, type, value, obj = None, None, None, dict() -- --# Python 3 will not let us decode non-ascii characters if we --# have not specified an encoding, but Python 2's open does not --# have an option to set the encoding. Python 3's open is io.open --# and io.open has been backported to Python 2.6 and 2.7, so use io.open. --for line in io.open('certdata.txt', 'rt', encoding='utf8'): -- # Ignore the file header. -- if not in_data: -- if line.startswith('BEGINDATA'): -- in_data = True -- continue -- # Ignore comment lines. -- if line.startswith('#'): -- continue -- # Empty lines are significant if we are inside an object. -- if in_obj and len(line.strip()) == 0: -- objects.append(obj) -- obj = dict() -- in_obj = False -- continue -- if len(line.strip()) == 0: -- continue -- if in_multiline: -- if not line.startswith('END'): -- if type == 'MULTILINE_OCTAL': -- line = line.strip() -- for i in re.finditer(r'\\([0-3][0-7][0-7])', line): -- value.append(int(i.group(1), 8)) -- else: -- value += line -- continue -- obj[field] = value -- in_multiline = False -- continue -- if line.startswith('CKA_CLASS'): -- in_obj = True -- line_parts = line.strip().split(' ', 2) -- if len(line_parts) > 2: -- field, type = line_parts[0:2] -- value = ' '.join(line_parts[2:]) -- elif len(line_parts) == 2: -- field, type = line_parts -- value = None -- else: -- raise NotImplementedError('line_parts < 2 not supported.') -- if type == 'MULTILINE_OCTAL': -- in_multiline = True -- value = bytearray() -- continue -- obj[field] = value --if len(obj) > 0: -- objects.append(obj) -- --# Read blacklist. --blacklist = [] --if os.path.exists('blacklist.txt'): -- for line in open('blacklist.txt', 'r'): -- line = line.strip() -- if line.startswith('#') or len(line) == 0: -- continue -- item = line.split('#', 1)[0].strip() -- blacklist.append(item) -- --# Build up trust database. --trust = dict() --for obj in objects: -- if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': -- continue -- if obj['CKA_LABEL'] in blacklist: -- print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) -- elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': -- trust[obj['CKA_LABEL']] = True -- elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': -- trust[obj['CKA_LABEL']] = True -- elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED': -- print('!'*74) -- print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) -- print('!'*74) -- else: -- print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ -- (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], -- obj['CKA_TRUST_EMAIL_PROTECTION'])) -- --for obj in objects: -- if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': -- if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: -- continue -- bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ -- .replace(' ', '_')\ -- .replace('(', '=')\ -- .replace(')', '=')\ -- .replace(',', '_') -- -- # this is the only way to decode the way NSS stores multi-byte UTF-8 -- # and we need an escaped string for checking existence of things -- # otherwise we're dependant on the user's current locale. -- if bytes != str: -- # We're in python 3, convert the utf-8 string to a -- # sequence of bytes that represents this utf-8 string -- # then encode the byte-sequence as an escaped string that -- # can be passed to open() and os.path.exists() -- bname = bname.encode('utf-8').decode('unicode_escape').encode('latin-1') -- else: -- # Python 2 -- # Convert the unicode string back to its original byte form -- # (contents of files returned by io.open are returned as -- # unicode strings) -- # then to an escaped string that can be passed to open() -- # and os.path.exists() -- bname = bname.encode('utf-8').decode('string_escape') -- -- fname = bname + b'.crt' -- if os.path.exists(fname): -- print("Found duplicate certificate name %s, renaming." % bname) -- fname = bname + b'_2.crt' -- f = open(fname, 'w') -- f.write("-----BEGIN CERTIFICATE-----\n") -- encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8') -- f.write("\n".join(textwrap.wrap(encoded, 64))) -- f.write("\n-----END CERTIFICATE-----\n") -- -diff --git a/mk-ca-bundle.pl b/mk-ca-bundle.pl -new file mode 100644 -index 0000000..09e8e5b ---- /dev/null -+++ b/mk-ca-bundle.pl -@@ -0,0 +1,604 @@ -+#!/usr/bin/env perl -+# *************************************************************************** -+# * _ _ ____ _ -+# * Project ___| | | | _ \| | -+# * / __| | | | |_) | | -+# * | (__| |_| | _ <| |___ -+# * \___|\___/|_| \_\_____| -+# * -+# * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. -+# * -+# * This software is licensed as described in the file COPYING, which -+# * you should have received as part of this distribution. The terms -+# * are also available at https://curl.haxx.se/docs/copyright.html. -+# * -+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -+# * copies of the Software, and permit persons to whom the Software is -+# * furnished to do so, under the terms of the COPYING file. -+# * -+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -+# * KIND, either express or implied. -+# * -+# *************************************************************************** -+# This Perl script creates a fresh ca-bundle.crt file for use with libcurl. -+# It downloads certdata.txt from Mozilla's source tree (see URL below), -+# then parses certdata.txt and extracts CA Root Certificates into PEM format. -+# These are then processed with the OpenSSL commandline tool to produce the -+# final ca-bundle.crt file. -+# The script is based on the parse-certs script written by Roland Krikava. -+# This Perl script works on almost any platform since its only external -+# dependency is the OpenSSL commandline tool for optional text listing. -+# Hacked by Guenter Knauf. -+# -+use Encode; -+use Getopt::Std; -+use MIME::Base64; -+use strict; -+use warnings; -+use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w); -+use List::Util; -+use Text::Wrap; -+use Time::Local; -+my $MOD_SHA = "Digest::SHA"; -+eval "require $MOD_SHA"; -+if ($@) { -+ $MOD_SHA = "Digest::SHA::PurePerl"; -+ eval "require $MOD_SHA"; -+} -+eval "require LWP::UserAgent"; -+ -+my %urls = ( -+ 'nss' => -+ 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt', -+ 'central' => -+ 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', -+ 'beta' => -+ 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', -+ 'release' => -+ 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', -+); -+ -+$opt_d = 'release'; -+ -+# If the OpenSSL commandline is not in search path you can configure it here! -+my $openssl = 'openssl'; -+ -+my $version = '1.27'; -+ -+$opt_w = 76; # default base64 encoded lines length -+ -+# default cert types to include in the output (default is to include CAs which may issue SSL server certs) -+my $default_mozilla_trust_purposes = "SERVER_AUTH"; -+my $default_mozilla_trust_levels = "TRUSTED_DELEGATOR"; -+$opt_p = $default_mozilla_trust_purposes . ":" . $default_mozilla_trust_levels; -+ -+my @valid_mozilla_trust_purposes = ( -+ "DIGITAL_SIGNATURE", -+ "NON_REPUDIATION", -+ "KEY_ENCIPHERMENT", -+ "DATA_ENCIPHERMENT", -+ "KEY_AGREEMENT", -+ "KEY_CERT_SIGN", -+ "CRL_SIGN", -+ "SERVER_AUTH", -+ "CLIENT_AUTH", -+ "CODE_SIGNING", -+ "EMAIL_PROTECTION", -+ "IPSEC_END_SYSTEM", -+ "IPSEC_TUNNEL", -+ "IPSEC_USER", -+ "TIME_STAMPING", -+ "STEP_UP_APPROVED" -+); -+ -+my @valid_mozilla_trust_levels = ( -+ "TRUSTED_DELEGATOR", # CAs -+ "NOT_TRUSTED", # Don't trust these certs. -+ "MUST_VERIFY_TRUST", # This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA. -+ "TRUSTED" # This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA). -+); -+ -+my $default_signature_algorithms = $opt_s = "MD5"; -+ -+my @valid_signature_algorithms = ( -+ "MD5", -+ "SHA1", -+ "SHA256", -+ "SHA384", -+ "SHA512" -+); -+ -+$0 =~ s@.*(/|\\)@@; -+$Getopt::Std::STANDARD_HELP_VERSION = 1; -+getopts('bd:fhiklmnp:qs:tuvw:'); -+ -+if(!defined($opt_d)) { -+ # to make plain "-d" use not cause warnings, and actually still work -+ $opt_d = 'release'; -+} -+ -+# Use predefined URL or else custom URL specified on command line. -+my $url; -+if(defined($urls{$opt_d})) { -+ $url = $urls{$opt_d}; -+ if(!$opt_k && $url !~ /^https:\/\//i) { -+ die "The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n"; -+ } -+} -+else { -+ $url = $opt_d; -+} -+ -+my $curl = `curl -V`; -+ -+if ($opt_i) { -+ print ("=" x 78 . "\n"); -+ print "Script Version : $version\n"; -+ print "Perl Version : $]\n"; -+ print "Operating System Name : $^O\n"; -+ print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n"; -+ print "Encode::Encoding.pm Version : ${Encode::Encoding::VERSION}\n"; -+ print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n"; -+ print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION); -+ print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION); -+ print "Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n" if ($Digest::SHA::VERSION); -+ print "Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n" if ($Digest::SHA::PurePerl::VERSION); -+ print ("=" x 78 . "\n"); -+} -+ -+sub warning_message() { -+ if ( $opt_d =~ m/^risk$/i ) { # Long Form Warning and Exit -+ print "Warning: Use of this script may pose some risk:\n"; -+ print "\n"; -+ print " 1) If you use HTTP URLs they are subject to a man in the middle attack\n"; -+ print " 2) Default to 'release', but more recent updates may be found in other trees\n"; -+ print " 3) certdata.txt file format may change, lag time to update this script\n"; -+ print " 4) Generally unwise to blindly trust CAs without manual review & verification\n"; -+ print " 5) Mozilla apps use additional security checks aren't represented in certdata\n"; -+ print " 6) Use of this script will make a security engineer grind his teeth and\n"; -+ print " swear at you. ;)\n"; -+ exit; -+ } else { # Short Form Warning -+ print "Warning: Use of this script may pose some risk, -d risk for more details.\n"; -+ } -+} -+ -+sub HELP_MESSAGE() { -+ print "Usage:\t${0} [-b] [-d<certdata>] [-f] [-i] [-k] [-l] [-n] [-p<purposes:levels>] [-q] [-s<algorithms>] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n"; -+ print "\t-b\tbackup an existing version of ca-bundle.crt\n"; -+ print "\t-d\tspecify Mozilla tree to pull certdata.txt or custom URL\n"; -+ print "\t\t Valid names are:\n"; -+ print "\t\t ", join( ", ", map { ( $_ =~ m/$opt_d/ ) ? "$_ (default)" : "$_" } sort keys %urls ), "\n"; -+ print "\t-f\tforce rebuild even if certdata.txt is current\n"; -+ print "\t-i\tprint version info about used modules\n"; -+ print "\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n"; -+ print "\t-l\tprint license info about certdata.txt\n"; -+ print "\t-m\tinclude meta data in output\n"; -+ print "\t-n\tno download of certdata.txt (to use existing)\n"; -+ print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n"; -+ print "\t\t Valid purposes are:\n"; -+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_purposes ) ), "\n"; -+ print "\t\t Valid levels are:\n"; -+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_levels ) ), "\n"; -+ print "\t-q\tbe really quiet (no progress output at all)\n"; -+ print wrap("\t","\t\t", "-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n"); -+ print "\t\t Valid signature algorithms are:\n"; -+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_signature_algorithms ) ), "\n"; -+ print "\t-t\tinclude plain text listing of certificates\n"; -+ print "\t-u\tunlink (remove) certdata.txt after processing\n"; -+ print "\t-v\tbe verbose and print out processed CAs\n"; -+ print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n"; -+ exit; -+} -+ -+sub VERSION_MESSAGE() { -+ print "${0} version ${version} running Perl ${]} on ${^O}\n"; -+} -+ -+warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i ); -+HELP_MESSAGE() if ($opt_h); -+ -+sub report($@) { -+ my $output = shift; -+ -+ print STDERR $output . "\n" unless $opt_q; -+} -+ -+sub is_in_list($@) { -+ my $target = shift; -+ -+ return defined(List::Util::first { $target eq $_ } @_); -+} -+ -+# Parses $param_string as a case insensitive comma separated list with optional whitespace -+# validates that only allowed parameters are supplied -+sub parse_csv_param($$@) { -+ my $description = shift; -+ my $param_string = shift; -+ my @valid_values = @_; -+ -+ my @values = map { -+ s/^\s+//; # strip leading spaces -+ s/\s+$//; # strip trailing spaces -+ uc $_ # return the modified string as upper case -+ } split( ',', $param_string ); -+ -+ # Find all values which are not in the list of valid values or "ALL" -+ my @invalid = grep { !is_in_list($_,"ALL",@valid_values) } @values; -+ -+ if ( scalar(@invalid) > 0 ) { -+ # Tell the user which parameters were invalid and print the standard help message which will exit -+ print "Error: Invalid ", $description, scalar(@invalid) == 1 ? ": " : "s: ", join( ", ", map { "\"$_\"" } @invalid ), "\n"; -+ HELP_MESSAGE(); -+ } -+ -+ @values = @valid_values if ( is_in_list("ALL",@values) ); -+ -+ return @values; -+} -+ -+sub sha256 { -+ my $result; -+ if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) { -+ open(FILE, $_[0]) or die "Can't open '$_[0]': $!"; -+ binmode(FILE); -+ $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest; -+ close(FILE); -+ } else { -+ # Use OpenSSL command if Perl Digest::SHA modules not available -+ $result = `"$openssl" dgst -r -sha256 "$_[0]"`; -+ $result =~ s/^([0-9a-f]{64}) .+/$1/is; -+ } -+ return $result; -+} -+ -+ -+sub oldhash { -+ my $hash = ""; -+ open(C, "<$_[0]") || return 0; -+ while(<C>) { -+ chomp; -+ if($_ =~ /^\#\# SHA256: (.*)/) { -+ $hash = $1; -+ last; -+ } -+ } -+ close(C); -+ return $hash; -+} -+ -+if ( $opt_p !~ m/:/ ) { -+ print "Error: Mozilla trust identifier list must include both purposes and levels\n"; -+ HELP_MESSAGE(); -+} -+ -+(my $included_mozilla_trust_purposes_string, my $included_mozilla_trust_levels_string) = split( ':', $opt_p ); -+my @included_mozilla_trust_purposes = parse_csv_param( "trust purpose", $included_mozilla_trust_purposes_string, @valid_mozilla_trust_purposes ); -+my @included_mozilla_trust_levels = parse_csv_param( "trust level", $included_mozilla_trust_levels_string, @valid_mozilla_trust_levels ); -+ -+my @included_signature_algorithms = parse_csv_param( "signature algorithm", $opt_s, @valid_signature_algorithms ); -+ -+sub should_output_cert(%) { -+ my %trust_purposes_by_level = @_; -+ -+ foreach my $level (@included_mozilla_trust_levels) { -+ # for each level we want to output, see if any of our desired purposes are included -+ return 1 if ( defined( List::Util::first { is_in_list( $_, @included_mozilla_trust_purposes ) } @{$trust_purposes_by_level{$level}} ) ); -+ } -+ -+ return 0; -+} -+ -+my $crt = $ARGV[0] || 'ca-bundle.crt'; -+(my $txt = $url) =~ s@(.*/|\?.*)@@g; -+ -+my $stdout = $crt eq '-'; -+my $resp; -+my $fetched; -+ -+my $oldhash = oldhash($crt); -+ -+report "SHA256 of old file: $oldhash"; -+ -+if(!$opt_n) { -+ report "Downloading $txt ..."; -+ -+ # If we have an HTTPS URL then use curl -+ if($url =~ /^https:\/\//i) { -+ if($curl) { -+ if($curl =~ /^Protocols:.* https( |$)/m) { -+ report "Get certdata with curl!"; -+ my $proto = !$opt_k ? "--proto =https" : ""; -+ my $quiet = $opt_q ? "-s" : ""; -+ my @out = `curl -w %{response_code} $proto $quiet -o "$txt" "$url"`; -+ if(!$? && @out && $out[0] == 200) { -+ $fetched = 1; -+ report "Downloaded $txt"; -+ } -+ else { -+ report "Failed downloading via HTTPS with curl"; -+ if(-e $txt && !unlink($txt)) { -+ report "Failed to remove '$txt': $!"; -+ } -+ } -+ } -+ else { -+ report "curl lacks https support"; -+ } -+ } -+ else { -+ report "curl not found"; -+ } -+ } -+ -+ # If nothing was fetched then use LWP -+ if(!$fetched) { -+ if($url =~ /^https:\/\//i) { -+ report "Falling back to HTTP"; -+ $url =~ s/^https:\/\//http:\/\//i; -+ } -+ if(!$opt_k) { -+ report "URLs other than HTTPS are disabled by default, to enable use -k"; -+ exit 1; -+ } -+ report "Get certdata with LWP!"; -+ if(!defined(${LWP::UserAgent::VERSION})) { -+ report "LWP is not available (LWP::UserAgent not found)"; -+ exit 1; -+ } -+ my $ua = new LWP::UserAgent(agent => "$0/$version"); -+ $ua->env_proxy(); -+ $resp = $ua->mirror($url, $txt); -+ if($resp && $resp->code eq '304') { -+ report "Not modified"; -+ exit 0 if -e $crt && !$opt_f; -+ } -+ else { -+ $fetched = 1; -+ report "Downloaded $txt"; -+ } -+ if(!$resp || $resp->code !~ /^(?:200|304)$/) { -+ report "Unable to download latest data: " -+ . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed"); -+ exit 1 if -e $crt || ! -r $txt; -+ } -+ } -+} -+ -+my $filedate = $resp ? $resp->last_modified : (stat($txt))[9]; -+my $datesrc = "as of"; -+if(!$filedate) { -+ # mxr.mozilla.org gave us a time, hg.mozilla.org does not! -+ $filedate = time(); -+ $datesrc="downloaded on"; -+} -+ -+# get the hash from the download file -+my $newhash= sha256($txt); -+ -+if(!$opt_f && $oldhash eq $newhash) { -+ report "Downloaded file identical to previous run\'s source file. Exiting"; -+ if($opt_u && -e $txt && !unlink($txt)) { -+ report "Failed to remove $txt: $!\n"; -+ } -+ exit; -+} -+ -+report "SHA256 of new file: $newhash"; -+ -+my $currentdate = scalar gmtime($filedate); -+ -+my $format = $opt_t ? "plain text and " : ""; -+if( $stdout ) { -+ open(CRT, '> -') or die "Couldn't open STDOUT: $!\n"; -+} else { -+ open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n"; -+} -+print CRT <<EOT; -+## -+## Bundle of CA Root Certificates -+## -+## Certificate data from Mozilla ${datesrc}: ${currentdate} GMT -+## -+## This is a bundle of X.509 certificates of public Certificate Authorities -+## (CA). These were automatically extracted from Mozilla's root certificates -+## file (certdata.txt). This file can be found in the mozilla source tree: -+## ${url} -+## -+## It contains the certificates in ${format}PEM format and therefore -+## can be directly used with curl / libcurl / php_curl, or with -+## an Apache+mod_ssl webserver for SSL client authentication. -+## Just configure this file as the SSLCACertificateFile. -+## -+## Conversion done with mk-ca-bundle.pl version $version. -+## SHA256: $newhash -+## -+ -+EOT -+ -+report "Processing '$txt' ..."; -+my $caname; -+my $certnum = 0; -+my $skipnum = 0; -+my $start_of_cert = 0; -+my @precert; -+my $cka_value; -+my $valid = 1; -+ -+open(TXT,"$txt") or die "Couldn't open $txt: $!\n"; -+while (<TXT>) { -+ if (/\*\*\*\*\* BEGIN LICENSE BLOCK \*\*\*\*\*/) { -+ print CRT; -+ print if ($opt_l); -+ while (<TXT>) { -+ print CRT; -+ print if ($opt_l); -+ last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/); -+ } -+ } -+ elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) { -+ push @precert, $_; -+ $valid = 1; -+ next; -+ } -+ elsif(/^#|^\s*$/) { -+ undef @precert; -+ next; -+ } -+ chomp; -+ -+ # Example: -+ # CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL -+ # \062\060\060\066\061\067\060\060\060\060\060\060\132 -+ # END -+ -+ if (/^CKA_NSS_SERVER_DISTRUST_AFTER (CK_BBOOL CK_FALSE|MULTILINE_OCTAL)/) { -+ if($1 eq "MULTILINE_OCTAL") { -+ my @timestamp; -+ while (<TXT>) { -+ last if (/^END/); -+ chomp; -+ my @octets = split(/\\/); -+ shift @octets; -+ for (@octets) { -+ push @timestamp, chr(oct); -+ } -+ } -+ # A trailing Z in the timestamp signifies UTC -+ if($timestamp[12] ne "Z") { -+ report "distrust date stamp is not using UTC"; -+ } -+ # Example date: 200617000000Z -+ # Means 2020-06-17 00:00:00 UTC -+ my $distrustat = -+ timegm($timestamp[10] . $timestamp[11], # second -+ $timestamp[8] . $timestamp[9], # minute -+ $timestamp[6] . $timestamp[7], # hour -+ $timestamp[4] . $timestamp[5], # day -+ ($timestamp[2] . $timestamp[3]) - 1, # month -+ "20" . $timestamp[0] . $timestamp[1]); # year -+ if(time >= $distrustat) { -+ # not trusted anymore -+ $skipnum++; -+ report "Skipping: $caname is not trusted anymore" if ($opt_v); -+ $valid = 0; -+ } -+ else { -+ # still trusted -+ } -+ } -+ next; -+ } -+ -+ # this is a match for the start of a certificate -+ if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { -+ $start_of_cert = 1 -+ } -+ if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) { -+ $caname = $1; -+ } -+ my %trust_purposes_by_level; -+ if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { -+ $cka_value=""; -+ while (<TXT>) { -+ last if (/^END/); -+ chomp; -+ my @octets = split(/\\/); -+ shift @octets; -+ for (@octets) { -+ $cka_value .= chr(oct); -+ } -+ } -+ } -+ if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) { -+ # now scan the trust part to determine how we should trust this cert -+ while (<TXT>) { -+ last if (/^#/); -+ if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) { -+ if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) { -+ report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2"; -+ } elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) { -+ report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2"; -+ } else { -+ push @{$trust_purposes_by_level{$2}}, $1; -+ } -+ } -+ } -+ -+ if ( !should_output_cert(%trust_purposes_by_level) ) { -+ $skipnum ++; -+ report "Skipping: $caname" if ($opt_v); -+ } else { -+ my $data = $cka_value; -+ $cka_value = ""; -+ my $encoded = MIME::Base64::encode_base64($data, ''); -+ $encoded =~ s/(.{1,${opt_w}})/$1\n/g; -+ my $pem = "-----BEGIN CERTIFICATE-----\n" -+ . $encoded -+ . "-----END CERTIFICATE-----\n"; -+ print CRT "\n$caname\n"; -+ print CRT @precert if($opt_m); -+ my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK | Encode::LEAVE_SRC)); -+ if ($opt_t) { -+ foreach my $key (keys %trust_purposes_by_level) { -+ my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}}); -+ $maxStringLength = List::Util::max( length($string), $maxStringLength ); -+ print CRT $string . "\n"; -+ } -+ } -+ print CRT ("=" x $maxStringLength . "\n"); -+ if (!$opt_t) { -+ print CRT $pem; -+ } else { -+ my $pipe = ""; -+ foreach my $hash (@included_signature_algorithms) { -+ $pipe = "|$openssl x509 -" . $hash . " -fingerprint -noout -inform PEM"; -+ if (!$stdout) { -+ $pipe .= " >> $crt.~"; -+ close(CRT) or die "Couldn't close $crt.~: $!"; -+ } -+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; -+ print TMP $pem; -+ close(TMP) or die "Couldn't close openssl pipe: $!"; -+ if (!$stdout) { -+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; -+ } -+ } -+ $pipe = "|$openssl x509 -text -inform PEM"; -+ if (!$stdout) { -+ $pipe .= " >> $crt.~"; -+ close(CRT) or die "Couldn't close $crt.~: $!"; -+ } -+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; -+ print TMP $pem; -+ close(TMP) or die "Couldn't close openssl pipe: $!"; -+ if (!$stdout) { -+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; -+ } -+ } -+ report "Parsing: $caname" if ($opt_v); -+ $certnum ++; -+ $start_of_cert = 0; -+ } -+ undef @precert; -+ } -+ -+} -+close(TXT) or die "Couldn't close $txt: $!\n"; -+close(CRT) or die "Couldn't close $crt.~: $!\n"; -+unless( $stdout ) { -+ if ($opt_b && -e $crt) { -+ my $bk = 1; -+ while (-e "$crt.~${bk}~") { -+ $bk++; -+ } -+ rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n"; -+ } elsif( -e $crt ) { -+ unlink( $crt ) or die "Failed to remove $crt: $!\n"; -+ } -+ rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n"; -+} -+if($opt_u && -e $txt && !unlink($txt)) { -+ report "Failed to remove $txt: $!\n"; -+} -+report "Done ($certnum CA certs processed, $skipnum skipped)."; -diff --git a/split-ca-bundle.sh b/split-ca-bundle.sh -new file mode 100644 -index 0000000..d0f39a8 ---- /dev/null -+++ b/split-ca-bundle.sh -@@ -0,0 +1,30 @@ -+#!/bin/sh -+ -+mkcert() { -+ local name="$1" -+ local line -+ rm -f "$name" -+ while read line; do -+ printf "%s\n" "$line" >> "$name" -+ if [ "$line" = "-----END CERTIFICATE-----" ]; then -+ break; -+ fi -+ done -+} -+ -+prev= -+while read line; do -+ case "$line" in -+ =*=) -+ fname="$(printf "%s" "$prev" | tr '/ (),' '__==_').crt" -+ while read cline; do -+ printf "%s\n" "$cline" -+ if [ "$cline" = "-----END CERTIFICATE-----" ]; then -+ break; -+ fi -+ done > "$fname" -+ ;; -+ esac -+ prev="$line" -+done -+ --- -2.25.0 - diff --git a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch deleted file mode 100644 index 4a945a076b..0000000000 --- a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch +++ /dev/null @@ -1,38 +0,0 @@ -From fd399b2416191bd7f3b0f267bdb530ed829de271 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Wed, 5 Feb 2020 17:40:57 +0100 -Subject: [PATCH 3/3] update-ca: insert newline between certs - -There may be certificates that lack a trailing newline, which is allowed -in the certificate format. We work around that by inject a newline after -each cert. - -see https://gitlab.alpinelinux.org/alpine/aports/issues/8379 ---- - update-ca.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/update-ca.c b/update-ca.c -index 2b3195b..0260f83 100644 ---- a/update-ca.c -+++ b/update-ca.c -@@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil - fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath); - if (!copyfile(fullpath, tmpfile_fd)) - fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath); -+ write(tmpfile_fd, "\n", 1); - free(actual_file); - } - -@@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path, - DIR *dp = opendir(path); - if (!dp) - return false; -- -+ - struct dirent *dirp; - while ((dirp = readdir(dp)) != NULL) { - if (str_begins(dirp->d_name, ".")) --- -2.25.0 - diff --git a/main/cairo/APKBUILD b/main/cairo/APKBUILD index e4b684c330..5b075754c3 100644 --- a/main/cairo/APKBUILD +++ b/main/cairo/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cairo -pkgver=1.16.0 -pkgrel=3 +pkgver=1.17.6 +pkgrel=2 pkgdesc="A vector graphics library" url="https://cairographics.org/" arch="all" @@ -17,63 +17,49 @@ depends_dev=" xcb-util-dev " makedepends="$depends_dev - autoconf - automake expat-dev glib-dev + gtk-doc libpng-dev - libtool + meson zlib-dev " subpackages=" + $pkgname-dbg $pkgname-static $pkgname-dev $pkgname-doc $pkgname-gobject $pkgname-tools - $pkgname-dbg " -source="https://cairographics.org/releases/cairo-$pkgver.tar.xz +source="https://gitlab.freedesktop.org/cairo/cairo/-/archive/$pkgver/cairo-$pkgver.tar.bz2 musl-stacksize.patch - CVE-2018-19876.patch - pdf-flush.patch - fix-mask-usage-in-image-compositor.patch - composite_color_glyphs.patch - cff-allow-empty-array-of-operands-for-certain-operat.patch + fix-type1-subset-indexing.patch " builddir="$srcdir/$pkgname-$pkgver" # secfixes: +# 1.17.4-r1: +# - CVE-2019-6462 # 1.16.0-r2: # - CVE-2020-35492 # 1.16.0-r1: # - CVE-2018-19876 build() { - ./configure \ - --build=$CBUILD \ - --host=$CHOST \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --enable-ft \ - --enable-gobject \ - --enable-pdf \ - --enable-png \ - --enable-ps \ - --enable-svg \ - --enable-tee \ - --enable-x \ - --enable-xcb \ - --enable-xcb-shm \ - --enable-xlib \ - --enable-xlib-xrender \ - --disable-xlib-xcb - make + abuild-meson \ + -Ddefault_library=both \ + -Dgtk_doc=true \ + output + meson compile ${JOBS:+-j ${JOBS}} -C output +} + +check() { + meson test --no-rebuild -v -C output } package() { - make DESTDIR="$pkgdir" install + DESTDIR="$pkgdir" meson install --no-rebuild -C output } gobject() { @@ -89,10 +75,8 @@ tools() { amove usr/lib/cairo/libcairo-trace.* } -sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz +sha512sums=" +1537b34ca49b853f4f60a7ceac0c1b878e7e2874f1ca3a37ab6ccbb704a37872314447016ad07b82312b302bb6df86b71265232a802ccdb9fb8cd18f211ff185 cairo-1.17.6.tar.bz2 86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch -8f13cdcae0f134e04778cf5915f858fb8d5357a7e0a454791c93d1566935b985ec66dfe1683cd0b74a1cb44a130923d7a27cf006f3fc70b9bee93abd58a55aa3 CVE-2018-19876.patch -533ea878dc7f917af92e2694bd3f535a09cde77f0ecd0cc00881fbc9ec1ea86f60026eacc76129705f525f6672929ad8d15d8cfe1bfa61e9962e805a7fbded81 pdf-flush.patch -20699d2dd10531f99587cdcd187a23e23bca5a9f031255c95aade4dadb79bbb62118c7ddff677c2fd20e4ba7694eee4debcd79a4d0736d62951a4fcee56ccae0 fix-mask-usage-in-image-compositor.patch -a056e85549e8410782674cb4ce7b38b035cdde8f4319c18dd942a18b33d35c5be4d0c0c34081ee556473df4f2725cdba508a387ee6222214484b10a5d9eaad90 composite_color_glyphs.patch -ae079840a842ec645ab3c9a2d5db8d3f8bb4e25ce4090afc3d226ba292f15b85bdaaed0967bb12bfa429d7f6376a28c87518df194ab6b1d2a2e7c96ab6df8ba2 cff-allow-empty-array-of-operands-for-certain-operat.patch" +fe9badbffceea378cab893f8a13f76e7c411bba18bab69a768ceda68b05357a94b41bb9f025d05f0ae7d1d324f0cdf98bf5a2c27b35db45f3fc5a70bfa091113 fix-type1-subset-indexing.patch +" diff --git a/main/cairo/CVE-2018-19876.patch b/main/cairo/CVE-2018-19876.patch deleted file mode 100644 index c9cd71f4ae..0000000000 --- a/main/cairo/CVE-2018-19876.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos <cgarcia@igalia.com> -Date: Mon, 19 Nov 2018 12:33:07 +0100 -Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in - cairo_ft_apply_variations - -Fixes a crash when using freetype >= 2.9 ---- - src/cairo-ft-font.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c -index 325dd61b4..981973f78 100644 ---- a/src/cairo-ft-font.c -+++ b/src/cairo-ft-font.c -@@ -2393,7 +2393,11 @@ skip: - done: - free (coords); - free (current_coords); -+#if HAVE_FT_DONE_MM_VAR -+ FT_Done_MM_Var (face->glyph->library, ft_mm_var); -+#else - free (ft_mm_var); -+#endif - } - } - --- -2.18.1 - diff --git a/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch b/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch deleted file mode 100644 index 3149dadba6..0000000000 --- a/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch +++ /dev/null @@ -1,119 +0,0 @@ -From ef959bc76e65ea0b0d4ba3ee50dfbce31c3484ad Mon Sep 17 00:00:00 2001 -From: Marek Kasik <mkasik@redhat.com> -Date: Fri, 27 Mar 2020 19:39:46 +0100 -Subject: [PATCH] cff: Allow empty array of operands for certain operators - -Operators BlueValues, OtherBlues, FamilyBlues, FamilyOtherBlues, -StemSnapH and StemSnapV have operands of type delta which can be -a number or an array of delta-encoded numbers. This array can be -empty according to freetype developers. -This commit checks whether current operator is among those listed -and permits empty operand in such case. ---- - src/cairo-cff-subset.c | 78 ++++++++++++++++++++++++++---------------- - 1 file changed, 49 insertions(+), 29 deletions(-) - -Patch-Source: https://src.fedoraproject.org/rpms/cairo/blob/ba42ecc23bb1162a1951edc0209f9f48e87bba7e/f/0001-cff-Allow-empty-array-of-operands-for-certain-operat.patch -See-Also: https://bugzilla.redhat.com/show_bug.cgi?id=1817958 - -diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c -index 37727eddb..fce4195e9 100644 ---- a/src/cairo-cff-subset.c -+++ b/src/cairo-cff-subset.c -@@ -56,30 +56,36 @@ - - /* CFF Dict Operators. If the high byte is 0 the command is encoded - * with a single byte. */ --#define BASEFONTNAME_OP 0x0c16 --#define CIDCOUNT_OP 0x0c22 --#define CHARSET_OP 0x000f --#define CHARSTRINGS_OP 0x0011 --#define COPYRIGHT_OP 0x0c00 --#define DEFAULTWIDTH_OP 0x0014 --#define ENCODING_OP 0x0010 --#define FAMILYNAME_OP 0x0003 --#define FDARRAY_OP 0x0c24 --#define FDSELECT_OP 0x0c25 --#define FONTBBOX_OP 0x0005 --#define FONTMATRIX_OP 0x0c07 --#define FONTNAME_OP 0x0c26 --#define FULLNAME_OP 0x0002 --#define LOCAL_SUB_OP 0x0013 --#define NOMINALWIDTH_OP 0x0015 --#define NOTICE_OP 0x0001 --#define POSTSCRIPT_OP 0x0c15 --#define PRIVATE_OP 0x0012 --#define ROS_OP 0x0c1e --#define UNIQUEID_OP 0x000d --#define VERSION_OP 0x0000 --#define WEIGHT_OP 0x0004 --#define XUID_OP 0x000e -+#define BASEFONTNAME_OP 0x0c16 -+#define CIDCOUNT_OP 0x0c22 -+#define CHARSET_OP 0x000f -+#define CHARSTRINGS_OP 0x0011 -+#define COPYRIGHT_OP 0x0c00 -+#define DEFAULTWIDTH_OP 0x0014 -+#define ENCODING_OP 0x0010 -+#define FAMILYNAME_OP 0x0003 -+#define FDARRAY_OP 0x0c24 -+#define FDSELECT_OP 0x0c25 -+#define FONTBBOX_OP 0x0005 -+#define FONTMATRIX_OP 0x0c07 -+#define FONTNAME_OP 0x0c26 -+#define FULLNAME_OP 0x0002 -+#define LOCAL_SUB_OP 0x0013 -+#define NOMINALWIDTH_OP 0x0015 -+#define NOTICE_OP 0x0001 -+#define POSTSCRIPT_OP 0x0c15 -+#define PRIVATE_OP 0x0012 -+#define ROS_OP 0x0c1e -+#define UNIQUEID_OP 0x000d -+#define VERSION_OP 0x0000 -+#define WEIGHT_OP 0x0004 -+#define XUID_OP 0x000e -+#define BLUEVALUES_OP 0x0006 -+#define OTHERBLUES_OP 0x0007 -+#define FAMILYBLUES_OP 0x0008 -+#define FAMILYOTHERBLUES_OP 0x0009 -+#define STEMSNAPH_OP 0x0c0c -+#define STEMSNAPV_OP 0x0c0d - - #define NUM_STD_STRINGS 391 - -@@ -615,13 +621,27 @@ cff_dict_create_operator (int operator, - return _cairo_error (CAIRO_STATUS_NO_MEMORY); - - _cairo_dict_init_key (op, operator); -- op->operand = _cairo_malloc (size); -- if (unlikely (op->operand == NULL)) { -- free (op); -- return _cairo_error (CAIRO_STATUS_NO_MEMORY); -+ if (size != 0) { -+ op->operand = _cairo_malloc (size); -+ if (unlikely (op->operand == NULL)) { -+ free (op); -+ return _cairo_error (CAIRO_STATUS_NO_MEMORY); -+ } -+ memcpy (op->operand, operand, size); -+ } else { -+ op->operand = NULL; -+ /* Delta-encoded arrays can be empty. */ -+ if (operator != BLUEVALUES_OP && -+ operator != OTHERBLUES_OP && -+ operator != FAMILYBLUES_OP && -+ operator != FAMILYOTHERBLUES_OP && -+ operator != STEMSNAPH_OP && -+ operator != STEMSNAPV_OP) { -+ free (op); -+ return _cairo_error (CAIRO_STATUS_NO_MEMORY); -+ } - } - -- memcpy (op->operand, operand, size); - op->operand_length = size; - op->operand_offset = -1; - --- -2.26.0 - diff --git a/main/cairo/composite_color_glyphs.patch b/main/cairo/composite_color_glyphs.patch deleted file mode 100644 index 97440f27f7..0000000000 --- a/main/cairo/composite_color_glyphs.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001 -From: Matthias Clasen <mclasen@redhat.com> -Date: Thu, 30 May 2019 07:30:55 -0400 -Subject: [PATCH] Fix a thinko in composite_color_glyphs - -We can't just move around the contents of the -passed-in string, we need to make a copy. This -was showing up as memory corruption in pango. - -See https://gitlab.gnome.org/GNOME/pango/issues/346 ---- - src/cairo-surface.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -Patch-Source: https://github.com/matthiasclasen/cairo/commit/79ad01724161502e8d9d2bd384ff1f0174e5df6e - -diff --git a/src/cairo-surface.c b/src/cairo-surface.c -index c30f84087..e112b660a 100644 ---- a/src/cairo-surface.c -+++ b/src/cairo-surface.c -@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface, - const cairo_clip_t *clip) - { - cairo_int_status_t status; -+ char *utf8_copy = NULL; - - TRACE ((stderr, "%s\n", __FUNCTION__)); - if (unlikely (surface->status)) -@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface, - status = CAIRO_INT_STATUS_UNSUPPORTED; - - if (_cairo_scaled_font_has_color_glyphs (scaled_font)) { -+ utf8_copy = malloc (sizeof (char) * utf8_len); -+ memcpy (utf8_copy, utf8, sizeof (char) * utf8_len); -+ utf8 = utf8_copy; -+ - status = composite_color_glyphs (surface, op, - source, - (char *)utf8, &utf8_len, -@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface, - if (num_glyphs == 0) - goto DONE; - } -+ else -+ utf8_copy = NULL; - - /* The logic here is duplicated in _cairo_analysis_surface show_glyphs and - * show_text_glyphs. Keep in synch. */ -@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface, - surface->serial++; - } - -+ if (utf8_copy) -+ free (utf8_copy); -+ - return _cairo_surface_set_error (surface, status); - } - diff --git a/main/cairo/fix-mask-usage-in-image-compositor.patch b/main/cairo/fix-mask-usage-in-image-compositor.patch deleted file mode 100644 index 8d5717ffa2..0000000000 --- a/main/cairo/fix-mask-usage-in-image-compositor.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 -From: Heiko Lewin <heiko.lewin@worldiety.de> -Date: Tue, 15 Dec 2020 16:48:19 +0100 -Subject: [PATCH 1/3] Fix mask usage in image-compositor - ---- - src/cairo-image-compositor.c | 8 ++-- - test/Makefile.sources | 1 + - test/bug-image-compositor.c | 39 ++++++++++++++++++++ - test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes - 4 files changed, 44 insertions(+), 4 deletions(-) - create mode 100644 test/bug-image-compositor.c - create mode 100644 test/reference/bug-image-compositor.ref.png - -diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c -index 79ad69f68..4f8aaed99 100644 ---- a/src/cairo-image-compositor.c -+++ b/src/cairo-image-compositor.c -@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - unsigned num_spans) - { - cairo_image_span_renderer_t *r = abstract_renderer; -- uint8_t *m; -+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); - int x0; - - if (num_spans == 0) - return CAIRO_STATUS_SUCCESS; - - x0 = spans[0].x; -- m = r->_buf; -+ m = base; - do { - int len = spans[1].x - spans[0].x; - if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { -@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - spans[0].x, y, - spans[1].x - spans[0].x, h); - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else if (spans[0].coverage == 0x0) { - if (spans[0].x != x0) { -@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, - #endif - } - -- m = r->_buf; -+ m = base; - x0 = spans[1].x; - } else { - *m++ = spans[0].coverage; -diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c -new file mode 100644 -index 000000000..fc4fd370b ---- /dev/null -+++ b/test/bug-image-compositor.c -@@ -0,0 +1,39 @@ -+#include "cairo-test.h" -+ -+static cairo_test_status_t -+draw (cairo_t *cr, int width, int height) -+{ -+ cairo_set_source_rgb (cr, 0., 0., 0.); -+ cairo_paint (cr); -+ -+ cairo_set_source_rgb (cr, 1., 1., 1.); -+ cairo_set_line_width (cr, 1.); -+ -+ cairo_pattern_t *p = cairo_pattern_create_linear (0, 0, width, height); -+ cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1); -+ cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1); -+ cairo_set_source (cr, p); -+ -+ cairo_move_to (cr, 0.5, -1); -+ for (int i = 0; i < width; i+=3) { -+ cairo_rel_line_to (cr, 2, 2); -+ cairo_rel_line_to (cr, 1, -2); -+ } -+ -+ cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE); -+ cairo_stroke (cr); -+ -+ cairo_pattern_destroy(p); -+ -+ return CAIRO_TEST_SUCCESS; -+} -+ -+ -+CAIRO_TEST (bug_image_compositor, -+ "Crash in image-compositor", -+ "stroke, stress", /* keywords */ -+ NULL, /* requirements */ -+ 10000, 1, -+ NULL, draw) -+ -+ - -From 8bc14a6bba3bc8a64ff0749c74d9b96305bf6429 Mon Sep 17 00:00:00 2001 -From: Heiko Lewin <heiko.lewin@worldiety.de> -Date: Tue, 15 Dec 2020 17:14:18 +0100 -Subject: [PATCH 2/3] Minor cleanups - ---- - test/bug-image-compositor.c | 33 ++++++++++++++++++++++++++++++--- - 1 file changed, 30 insertions(+), 3 deletions(-) - -diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c -index fc4fd370b..304ea089c 100644 ---- a/test/bug-image-compositor.c -+++ b/test/bug-image-compositor.c -@@ -1,5 +1,34 @@ -+/* -+ * Copyright © 2020 Uli Schlachter, Heiko Lewin -+ * -+ * Permission is hereby granted, free of charge, to any person -+ * obtaining a copy of this software and associated documentation -+ * files (the "Software"), to deal in the Software without -+ * restriction, including without limitation the rights to use, copy, -+ * modify, merge, publish, distribute, sublicense, and/or sell copies -+ * of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be -+ * included in all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -+ * SOFTWARE. -+ * -+ * Author: Uli Schlachter <psychon@znc.in> -+ * Author: Heiko Lewin <hlewin@gmx.de> -+ */ - #include "cairo-test.h" - -+ -+/* This test reproduces an overflow of a mask-buffer in cairo-image-compositor.c */ -+ - static cairo_test_status_t - draw (cairo_t *cr, int width, int height) - { -@@ -13,6 +42,7 @@ draw (cairo_t *cr, int width, int height) - cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1); - cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1); - cairo_set_source (cr, p); -+ cairo_pattern_destroy(p); - - cairo_move_to (cr, 0.5, -1); - for (int i = 0; i < width; i+=3) { -@@ -23,8 +53,6 @@ draw (cairo_t *cr, int width, int height) - cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE); - cairo_stroke (cr); - -- cairo_pattern_destroy(p); -- - return CAIRO_TEST_SUCCESS; - } - -@@ -36,4 +64,3 @@ CAIRO_TEST (bug_image_compositor, - 10000, 1, - NULL, draw) - -- --- -GitLab - diff --git a/main/cairo/fix-type1-subset-indexing.patch b/main/cairo/fix-type1-subset-indexing.patch new file mode 100644 index 0000000000..87ce4b8abd --- /dev/null +++ b/main/cairo/fix-type1-subset-indexing.patch @@ -0,0 +1,153 @@ +Patch-Source: https://github.com/freedesktop/cairo/commit/ff4fd6f960deb7afdac233465a1f4e807234ad15 +From ff4fd6f960deb7afdac233465a1f4e807234ad15 Mon Sep 17 00:00:00 2001 +From: Adrian Johnson <ajohnson@redneon.com> +Date: Sun, 3 Apr 2022 20:03:58 +0930 +Subject: [PATCH] Fix type1-subset indexing + +Fixes #551 +--- + src/cairo-type1-subset.c | 50 ++++++++++++++++++++++++++-------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c +index 73f414dc4..0166f7a78 100644 +--- a/src/cairo-type1-subset.c ++++ b/src/cairo-type1-subset.c +@@ -70,7 +70,7 @@ typedef struct _cairo_type1_font_subset { + struct { + unsigned int font_id; + char *base_font; +- unsigned int num_glyphs; ++ unsigned int num_glyphs; /* Num /CharStrings in font */ + double x_min, y_min, x_max, y_max; + double ascent, descent; + double units_per_em; +@@ -81,6 +81,9 @@ typedef struct _cairo_type1_font_subset { + unsigned long trailer_size; + } base; + ++ /* Num glyphs in subset. May be greater than ++ * scaled_font_subset->num_glyphs due to glyphs required by the ++ * SEAC operator. */ + int num_glyphs; + + /* The glyphs and glyph_names arrays are indexed by the order of +@@ -89,12 +92,12 @@ typedef struct _cairo_type1_font_subset { + * function is used to map the glyph index to the glyph order in + * the Charstrings. */ + +- glyph_data_t *glyphs; +- char **glyph_names; + cairo_array_t glyphs_array; ++ glyph_data_t *glyphs; /* pointer to first element of above array */ + cairo_array_t glyph_names_array; ++ char **glyph_names; /* pointer to first element of above array */ + +- int num_subrs; ++ int num_subrs; /* Num /Subrs routines in the font */ + cairo_bool_t subset_subrs; + struct { + const char *subr_string; +@@ -102,12 +105,17 @@ typedef struct _cairo_type1_font_subset { + const char *np; + int np_length; + cairo_bool_t used; +- } *subrs; ++ } *subrs; /* array with num_subrs elements */ + +- /* Indexed by subset_index this maps to the glyph order in the +- * glyph_names and glyphs arrays. Has font->num_glyphs +- * elements. */ +- int *subset_index_to_glyphs; ++ /* Maps scaled_font_subset index to glyphs_array. ++ * Array size = scaled_font_subset->num_glyphs. */ ++ int *scaled_subset_index_to_glyphs; ++ ++ /* Keeps track of the glyphs that will be emitted in the subset. ++ * Allocated size = base.num_glyphs. Number of entries = num_glyphs. ++ * Array values are glyph_array indexes. ++ */ ++ int *type1_subset_index_to_glyphs; + + cairo_output_stream_t *output; + cairo_array_t contents; +@@ -159,7 +167,12 @@ _cairo_type1_font_subset_init (cairo_type1_font_subset_t *font, + + _cairo_array_init (&font->glyphs_array, sizeof (glyph_data_t)); + _cairo_array_init (&font->glyph_names_array, sizeof (char *)); +- font->subset_index_to_glyphs = NULL; ++ font->scaled_subset_index_to_glyphs = calloc (scaled_font_subset->num_glyphs, sizeof font->scaled_subset_index_to_glyphs[0]); ++ if (unlikely (font->scaled_subset_index_to_glyphs == NULL)) ++ return _cairo_error (CAIRO_STATUS_NO_MEMORY); ++ ++ ++ font->type1_subset_index_to_glyphs = NULL; + font->base.num_glyphs = 0; + font->num_subrs = 0; + font->subset_subrs = TRUE; +@@ -180,7 +193,7 @@ cairo_type1_font_subset_use_glyph (cairo_type1_font_subset_t *font, int glyph) + return; + + font->glyphs[glyph].subset_index = font->num_glyphs; +- font->subset_index_to_glyphs[font->num_glyphs] = glyph; ++ font->type1_subset_index_to_glyphs[font->num_glyphs] = glyph; + font->num_glyphs++; + } + +@@ -552,7 +565,7 @@ cairo_type1_font_subset_write_header (cairo_type1_font_subset_t *font, + } + } else { + for (i = 1; i < font->scaled_font_subset->num_glyphs; i++) { +- glyph = font->scaled_font_subset->glyphs[i]; ++ glyph = font->scaled_subset_index_to_glyphs[i]; + _cairo_output_stream_printf (font->output, + "dup %d /%s put\n", + i, +@@ -1391,8 +1404,8 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font, + font->glyphs = _cairo_array_index (&font->glyphs_array, 0); + font->glyph_names = _cairo_array_index (&font->glyph_names_array, 0); + font->base.num_glyphs = _cairo_array_num_elements (&font->glyphs_array); +- font->subset_index_to_glyphs = calloc (font->base.num_glyphs, sizeof font->subset_index_to_glyphs[0]); +- if (unlikely (font->subset_index_to_glyphs == NULL)) ++ font->type1_subset_index_to_glyphs = calloc (font->base.num_glyphs, sizeof font->type1_subset_index_to_glyphs[0]); ++ if (unlikely (font->type1_subset_index_to_glyphs == NULL)) + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + + backend = font->scaled_font_subset->scaled_font->backend; +@@ -1414,6 +1427,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font, + return status; + + cairo_type1_font_subset_use_glyph (font, index); ++ font->scaled_subset_index_to_glyphs[i] = index; + } + + /* Go through the charstring of each glyph in use, get the glyph +@@ -1421,7 +1435,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font, + * seac operator (which may cause font->num_glyphs to increase + * while this loop is executing). Also subset the Subrs. */ + for (j = 0; j < font->num_glyphs; j++) { +- glyph = font->subset_index_to_glyphs[j]; ++ glyph = font->type1_subset_index_to_glyphs[j]; + font->build_stack.sp = 0; + font->ps_stack.sp = 0; + status = cairo_type1_font_subset_parse_charstring (font, +@@ -1711,7 +1725,9 @@ _cairo_type1_font_subset_fini (cairo_type1_font_subset_t *font) + + free (font->base.base_font); + +- free (font->subset_index_to_glyphs); ++ free (font->scaled_subset_index_to_glyphs); ++ ++ free (font->type1_subset_index_to_glyphs); + + free (font->cleartext); + +@@ -1765,7 +1781,7 @@ _cairo_type1_subset_init (cairo_type1_subset_t *type1_subset, + goto fail2; + + for (i = 0; i < font.scaled_font_subset->num_glyphs; i++) { +- glyph = font.scaled_font_subset->glyphs[i]; ++ glyph = font.scaled_subset_index_to_glyphs[i]; + type1_subset->widths[i] = font.glyphs[glyph].width; + } + diff --git a/main/cairo/pdf-flush.patch b/main/cairo/pdf-flush.patch deleted file mode 100644 index c6e2251a51..0000000000 --- a/main/cairo/pdf-flush.patch +++ /dev/null @@ -1,33 +0,0 @@ -From https://cgit.freedesktop.org/cairo/commit/?id=4c8813f0eaacc32c27126ad2296951a626300b89 - -Fixes https://gitlab.freedesktop.org/cairo/cairo/issues/342 - -From 4c8813f0eaacc32c27126ad2296951a626300b89 Mon Sep 17 00:00:00 2001 -From: Adrian Johnson <ajohnson@redneon.com> -Date: Thu, 25 Oct 2018 18:46:17 +1030 -Subject: pdf: add missing flush - -Issue #342 ---- - src/cairo-pdf-surface.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c -index 7eb61aa..939b2d2 100644 ---- a/src/cairo-pdf-surface.c -+++ b/src/cairo-pdf-surface.c -@@ -7711,6 +7711,11 @@ _cairo_pdf_surface_mask (void *abstract_surface, - * and most common, case to handle. */ - if (_cairo_pattern_is_constant_alpha (mask, &extents.bounded, &alpha) && - _can_paint_pattern (source)) { -+ -+ status = _cairo_pdf_operators_flush (&surface->pdf_operators); -+ if (unlikely (status)) -+ goto cleanup; -+ - _cairo_output_stream_printf (surface->output, "q\n"); - status = _cairo_pdf_surface_paint_pattern (surface, - op, --- -cgit v1.1 - diff --git a/main/ccache/APKBUILD b/main/ccache/APKBUILD index 1de923bdd7..2a1642b305 100644 --- a/main/ccache/APKBUILD +++ b/main/ccache/APKBUILD @@ -1,20 +1,34 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ccache -pkgver=4.4.2 -pkgrel=1 +pkgver=4.6.1 +pkgrel=0 pkgdesc="fast C/C++ compiler cache" url="https://ccache.dev/" arch="all" license="GPL-3.0-or-later" -makedepends="cmake zstd-dev hiredis-dev asciidoctor perl linux-headers" +makedepends=" + asciidoctor + cmake + hiredis-dev + linux-headers + perl + samurai + zstd-dev + " checkdepends="bash util-linux-misc python3 redis" subpackages="$pkgname-doc" source="https://github.com/ccache/ccache/releases/download/v$pkgver/ccache-$pkgver.tar.xz ioctl.patch" +# XXX: https://github.com/ccache/ccache/issues/1014 +case "$CARCH" in +s390x) options="!check" ;; +esac + build() { - cmake -B build \ + cmake -B build -G Ninja \ + -DCCACHE_DEV_MODE=OFF \ -DCMAKE_BUILD_TYPE=MinSizeRel \ -DCMAKE_INSTALL_PREFIX=/usr cmake --build build @@ -23,24 +37,24 @@ build() { check() { case $CARCH in armhf) echo "SKIP make -C build test on $CARCH" ;; - *) make -C build test ;; + *) ninja -C build test ;; esac } package() { - install -Dm 755 build/ccache "$pkgdir"/usr/bin/ccache - install -Dm 644 build/doc/ccache.1 "$pkgdir"/usr/share/man/man1/ccache.1 + DESTDIR="$pkgdir" cmake --install build local link= mkdir -p "$pkgdir"/usr/lib/ccache/bin for link in cc gcc g++ cpp c++ $CHOST-cc $CHOST-gcc \ - $CHOST-g++ $CHOST-cpp $CHOST-c++; do + $CHOST-g++ $CHOST-cpp $CHOST-c++ \ + clang clang++; do ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/$link done } sha512sums=" -afcec4806b1e307ec16006ecd9e39eb69fc1376407877f024c882926725d41f2b08eccdcfb3efd8dac9e481d07f9c08c043b8cea5ea563a0f49b2f587325e4a7 ccache-4.4.2.tar.xz +361427ccecd74e8c25ca6a98ef3d3c125d81862196767eb383f6f8159fed8e1695cd5bc8731cb591c23c55352f0114a088b32a673717711efbfbb178a6c08c82 ccache-4.6.1.tar.xz 785ce34305a3bb6c24117341157356c2bd2272eca9d58fa20acd14a023abe6f784c88d9c55656d2f37320392bb73a61c52cd8b6bd9ac7c5316c8ed187dd6f5fb ioctl.patch " diff --git a/main/cdparanoia/APKBUILD b/main/cdparanoia/APKBUILD index 5afc0c0b67..2d1c905184 100644 --- a/main/cdparanoia/APKBUILD +++ b/main/cdparanoia/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=cdparanoia pkgver=10.2 -pkgrel=9 +pkgrel=10 pkgdesc="An audio CD extraction application" url="http://www.xiph.org/paranoia" arch="all" @@ -12,8 +12,7 @@ makedepends="libtool autoconf automake linux-headers" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" source="http://downloads.xiph.org/releases/cdparanoia/cdparanoia-III-$pkgver.src.tgz gcc.patch - fix-includes.patch - no-cuserid.patch" + fix-includes.patch" builddir="$srcdir/$pkgname-III-$pkgver" prepare() { @@ -48,7 +47,8 @@ libs() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr/ } -sha512sums="4ab0a0f5ef44d56c1af72d1fc1035566a1a89c4eeddb9e8baea675fe51c06138d913342afc8bed167d9fa55672fa25a2763ce21f7e24c1232e4739aff20733a7 cdparanoia-III-10.2.src.tgz +sha512sums=" +4ab0a0f5ef44d56c1af72d1fc1035566a1a89c4eeddb9e8baea675fe51c06138d913342afc8bed167d9fa55672fa25a2763ce21f7e24c1232e4739aff20733a7 cdparanoia-III-10.2.src.tgz 27bf216e8b5b9d6971e3999166544025f166587df06065b89657dac62d0d53c01b76f53146c1e9a400dd71460567fadb8fd4ce00576836f972914d69e8855909 gcc.patch e8a5ef0f5bcdba697d2d49e31346832bfa2460e6f6cac9256420f57c74a5da2945bdc664368c91365a880ba76e638f58773468d8e8bd16e7afcaff955a1a82ce fix-includes.patch -52882bdc689e1a34bc0f3961aa649f400232a3fe769526a01fcbff4ba0d5183c1ad0737265b69668b857b0887b4e4e3f2c78bad913329cc7b621b14d47e873f9 no-cuserid.patch" +" diff --git a/main/cdparanoia/no-cuserid.patch b/main/cdparanoia/no-cuserid.patch deleted file mode 100644 index dd6417f836..0000000000 --- a/main/cdparanoia/no-cuserid.patch +++ /dev/null @@ -1,32 +0,0 @@ -Since IEEE 1003.1-1988 cuserid is not standardized anymore. The musl -libc, used by Alpine Linux, currently does not supporting using it with -a NULL pointer argument [1]. Doing so causes a segmentation fault, to -fix this remove use of cuserid entirely. This is currently achieved by -not including the user name in the error message, while it would be -possible to achieve the same output using getpwuid(geteuid()) this -requires error handling and would make the patch more complicated. - -[1]: https://www.openwall.com/lists/musl/2020/01/29/2 - -diff -upr cdparanoia-III-10.2.orig/interface/scan_devices.c cdparanoia-III-10.2/interface/scan_devices.c ---- cdparanoia-III-10.2.orig/interface/scan_devices.c 2020-02-12 20:29:46.232958848 +0100 -+++ cdparanoia-III-10.2/interface/scan_devices.c 2020-02-12 20:30:06.336297868 +0100 -@@ -6,8 +6,6 @@ - * - ******************************************************************/ - --#define _GNU_SOURCE /* get cuserid */ --#define _USE_XOPEN /* get cuserid */ - #include <limits.h> - #include <stdio.h> - #include <unistd.h> -@@ -93,8 +91,7 @@ cdrom_drive *cdda_find_a_cdrom(int messa - i++; - } - idmessage(messagedest,messages, -- "\n\nNo cdrom drives accessible to %s found.\n", -- cuserid(NULL)); -+ "\n\nNo cdrom drives accessible to current user found.\n", NULL); - return(NULL); - } - diff --git a/main/checkbashisms/APKBUILD b/main/checkbashisms/APKBUILD index b93086f688..1be57cb006 100644 --- a/main/checkbashisms/APKBUILD +++ b/main/checkbashisms/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=checkbashisms -pkgver=2.21.7 +pkgver=2.22.1 pkgrel=0 pkgdesc="Check shell scripts for POXIX compliance" url="https://tracker.debian.org/pkg/devscripts" @@ -8,7 +8,7 @@ arch="noarch" license="GPL-2.0-or-later" depends="perl" subpackages="$pkgname-doc $pkgname-bash-completion" -source="http://cdn.debian.net/debian/pool/main/d/devscripts/devscripts_$pkgver.tar.xz" +source="https://ftp.debian.org/debian/pool/main/d/devscripts/devscripts_$pkgver.tar.xz" builddir="$srcdir/devscripts-$pkgver/scripts" check() { @@ -32,5 +32,5 @@ package() { } sha512sums=" -a64ee9529b3c013cdd1e203c44dc577ddfa0a3ae2a19ba1af1c0e33950af49b0adcf2fff9c075467af5b897cb40645ffedd357d68636762d135c21d7a865a745 devscripts_2.21.7.tar.xz +260603e1a655035c5aca3c9734db1bc6aa7e9aa017ece7e9158c57e06a1ee548922ec2defdd9dcb4560743d78aef08d30695b1bc833bd4d77fe1c7497d157c45 devscripts_2.22.1.tar.xz " diff --git a/main/cifs-utils/APKBUILD b/main/cifs-utils/APKBUILD index 63782052fd..03ccae8f85 100644 --- a/main/cifs-utils/APKBUILD +++ b/main/cifs-utils/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=cifs-utils -pkgver=6.14 +pkgver=6.15 pkgrel=0 pkgdesc="CIFS filesystem user-space tools" url="https://wiki.samba.org/index.php/LinuxCIFS_utils" @@ -17,6 +17,11 @@ source="https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-$pkgver.tar.b options="suid" # secfixes: +# 6.15-r0: +# - CVE-2022-27239 +# - CVE-2022-29869 +# 6.13-r0: +# - CVE-2021-20208 # 0: # - CVE-2020-14342 # requires --with-systemd @@ -45,7 +50,7 @@ package() { } sha512sums=" -dd875e110988f84ac766900426e1a75c043607de1f24b87e95cd942f2f58561e1133d16466f02863643c8395fc0160df4050636d1ce0db005f2e52a592c7f0ab cifs-utils-6.14.tar.bz2 +eedb8066563db584595a8ba7cb7a603e6b763ac2c1261430d605c327fcc5a831acd48b58ea55dd243af778dfdc827ab8c6daf4015764ff550dcffc2182773510 cifs-utils-6.15.tar.bz2 99a2fab05bc2f14a600f89526ae0ed2c183cfa179fe386cb327075f710aee3aed5ae823f7c2f51913d1217c2371990d6d4609fdb8d80288bd3a6139df3c8aebe musl-fix-includes.patch 2a9366ec1ddb0389c535d2fa889f63287cb8374535a47232de102c7e50b6874f67a3d5ef3318df23733300fd8459c7ec4b11f3211508aca7800b756119308e98 xattr_size_max.patch " diff --git a/main/cjdns/APKBUILD b/main/cjdns/APKBUILD index 5d8202b1f7..9044aa21e7 100644 --- a/main/cjdns/APKBUILD +++ b/main/cjdns/APKBUILD @@ -3,10 +3,10 @@ # Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> pkgname=cjdns pkgver=21.1 -pkgrel=1 +pkgrel=2 pkgdesc="A routing engine designed for security, scalability, speed and ease of use" url="https://github.com/cjdelisle/cjdns" -arch="all !mips64 !s390x !ppc64le !riscv64" +#arch="all !mips64 !s390x !ppc64le !riscv64" license="GPL-3.0-or-later" makedepends="nodejs python3 linux-headers libseccomp-dev" install="$pkgname.post-install" diff --git a/main/ckbcomp/APKBUILD b/main/ckbcomp/APKBUILD index 1cb70d4bd6..4b9770b262 100644 --- a/main/ckbcomp/APKBUILD +++ b/main/ckbcomp/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ckbcomp -pkgver=1.207 +pkgver=1.208 pkgrel=0 pkgdesc="Compile a XKB keyboard description to a keymap" url="https://packages.debian.org/sid/console-setup" @@ -18,5 +18,5 @@ package() { } sha512sums=" -0652b43c2488246e5bf7fac7ad5dc7986ba0ae832ae2179d2ade14da0412639f9055216e6a5e73a7a7c682d4e606441bf3a24dd5dbce0c3b0aff8416571587e5 console-setup_1.207.tar.xz +2fbc68bd6cf10e61eae50cef8fa8e26cc293f22d8303969032e2b693e9e4424cd87bcb7a411868694f7fac66365b3ac2f414dd281bc3dd3ad22d52a25e268313 console-setup_1.208.tar.xz " diff --git a/main/clang/10-add-musl-triples.patch b/main/clang/10-add-musl-triples.patch index 27e28aa1d3..0ed9c81675 100644 --- a/main/clang/10-add-musl-triples.patch +++ b/main/clang/10-add-musl-triples.patch @@ -1,37 +1,39 @@ -diff --git a/lib/Driver/ToolChains/Gnu.cpp b/lib/Driver/ToolChains/Gnu.cpp -index da197e47..505439ea 100644 --- a/lib/Driver/ToolChains/Gnu.cpp +++ b/lib/Driver/ToolChains/Gnu.cpp -@@ -2049,6 +2049,7 @@ void Generic_GCC::GCCInstallationDetector::AddDefaultGCCPrefixes( +@@ -2073,7 +2073,7 @@ static const char *const AArch64LibDirs[] = {"/lib64", "/lib"}; static const char *const AArch64Triples[] = { "aarch64-none-linux-gnu", "aarch64-linux-gnu", "aarch64-redhat-linux", -+ "aarch64-linux-musl", - "aarch64-suse-linux", "aarch64-linux-android"}; +- "aarch64-suse-linux"}; ++ "aarch64-suse-linux", "aarch64-linux-musl"}; static const char *const AArch64beLibDirs[] = {"/lib"}; static const char *const AArch64beTriples[] = {"aarch64_be-none-linux-gnu", |