aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/abuild/APKBUILD14
-rw-r--r--main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch110
-rw-r--r--main/abuild/mr131-newapkbuild-change-cmake-build-type.patch33
-rw-r--r--main/abuild/mr60-newapkbuild-use-abuild-meson.patch34
-rw-r--r--main/acct/APKBUILD47
-rw-r--r--main/acct/initd32
-rw-r--r--main/acct/logrotate12
-rw-r--r--main/acl/APKBUILD6
-rw-r--r--main/alpine-base/APKBUILD11
-rw-r--r--main/alpine-baselayout/APKBUILD30
-rw-r--r--main/alpine-baselayout/alpine-baselayout.pre-upgrade4
-rw-r--r--main/alpine-baselayout/color_prompt.sh.disabled19
-rw-r--r--main/alpine-baselayout/profile21
-rw-r--r--main/alpine-conf/APKBUILD9
-rw-r--r--main/alpine-ipxe/APKBUILD13
-rw-r--r--main/alpine-ipxe/gcc-11.patch23
-rw-r--r--main/alsa-lib/APKBUILD5
-rw-r--r--main/alsa-utils/APKBUILD4
-rw-r--r--main/amavis/APKBUILD6
-rw-r--r--main/apache-mod-fcgid/APKBUILD10
-rw-r--r--main/apache2/APKBUILD19
-rw-r--r--main/apg/APKBUILD5
-rw-r--r--main/apk-tools/APKBUILD4
-rw-r--r--main/apk-tools/_apk4
-rw-r--r--main/apr-util/APKBUILD10
-rw-r--r--main/apr/APKBUILD25
-rw-r--r--main/apr/CVE-2021-35940.patch53
-rw-r--r--main/arm-trusted-firmware/APKBUILD9
-rw-r--r--main/arpon/APKBUILD20
-rw-r--r--main/arpwatch/APKBUILD4
-rw-r--r--main/asciidoctor/APKBUILD2
-rw-r--r--main/asterisk/APKBUILD13
-rw-r--r--main/asterisk/CVE-2021-32558.patch126
-rw-r--r--main/at-spi2-core/APKBUILD4
-rw-r--r--main/atk/APKBUILD6
-rw-r--r--main/atop/APKBUILD16
-rw-r--r--main/atop/make-cron-background.patch28
-rw-r--r--main/audit/APKBUILD30
-rw-r--r--main/audit/musl.patch11
-rw-r--r--main/audit/usr-paths.patch (renamed from main/audit/0004-fix-path-in-au-remote-conf.patch)14
-rw-r--r--main/aumix/APKBUILD6
-rw-r--r--main/autoconf-archive/APKBUILD6
-rw-r--r--main/avahi/APKBUILD4
-rw-r--r--main/awall/APKBUILD6
-rw-r--r--main/bacula/APKBUILD12
-rw-r--r--main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch30
-rw-r--r--main/bash/APKBUILD11
-rw-r--r--main/bash/bashrc14
-rw-r--r--main/batctl/APKBUILD8
-rw-r--r--main/bats/APKBUILD4
-rw-r--r--main/bctoolbox/APKBUILD4
-rw-r--r--main/beep/0001-disable-gcc-ubsan.patch25
-rw-r--r--main/beep/0002-remove-option-werror.patch25
-rw-r--r--main/beep/0003-remove-option-werror.patch25
-rw-r--r--main/beep/APKBUILD20
-rw-r--r--main/bind/APKBUILD69
-rw-r--r--main/bind/bind.plugindir.patch13
-rw-r--r--main/bind/bind.so_bsdcompat.patch11
-rw-r--r--main/bind/named.initd6
-rw-r--r--main/binutils/APKBUILD26
-rw-r--r--main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch234
-rw-r--r--main/binutils/binutils-ppc-fix-machine-options.patch41
-rw-r--r--main/binutils/binutils-ppc64le-assertion.patch32
-rw-r--r--main/binutils/binutils-s390x-1.patch147
-rw-r--r--main/binutils/binutils-s390x-2.patch51
-rw-r--r--main/binutils/defang-no-split.patch38
-rw-r--r--main/bitlbee/APKBUILD48
-rw-r--r--main/bitlbee/bitlbee.confd9
-rw-r--r--main/bitlbee/bitlbee.initd29
-rw-r--r--main/bluez-firmware/APKBUILD22
-rw-r--r--main/bluez/APKBUILD9
-rw-r--r--main/bluez/fix-endianness.patch15
-rw-r--r--main/boost1.77/python-3.10.patch49
-rw-r--r--main/boost1.78/0001-revert-cease-dependence-on-range.patch (renamed from main/boost1.77/0001-revert-cease-dependence-on-range.patch)0
-rw-r--r--main/boost1.78/APKBUILD197
-rw-r--r--main/boost1.78/bjam-no-skip-install.patch73
-rw-r--r--main/boost1.78/boost-1.57.0-python-abi_letters.patch (renamed from main/boost1.77/boost-1.57.0-python-abi_letters.patch)0
-rw-r--r--main/boost1.78/boost-1.57.0-python-libpython_dep.patch (renamed from main/boost1.77/boost-1.57.0-python-libpython_dep.patch)0
-rw-r--r--main/boost1.78/boost-1.78.0-interprocess-musl-include.patch23
-rw-r--r--main/boost1.79/0001-revert-cease-dependence-on-range.patch49
-rw-r--r--main/boost1.79/APKBUILD (renamed from main/boost1.77/APKBUILD)49
-rw-r--r--main/boost1.79/boost-1.57.0-python-abi_letters.patch62
-rw-r--r--main/boost1.79/boost-1.57.0-python-libpython_dep.patch13
-rw-r--r--main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch50
-rw-r--r--main/botan/APKBUILD12
-rw-r--r--main/botan/CVE-2021-40529.patch132
-rw-r--r--main/botan/dl-exponents.patch304
-rw-r--r--main/btrfs-progs/APKBUILD32
-rw-r--r--main/bubblewrap/APKBUILD27
-rw-r--r--main/build-base/APKBUILD4
-rw-r--r--main/busybox-initscripts/APKBUILD31
-rw-r--r--main/busybox-initscripts/mdev.conf11
-rw-r--r--[-rwxr-xr-x]main/busybox-initscripts/ntpd.initd0
-rwxr-xr-xmain/busybox-initscripts/ptpdev15
-rw-r--r--main/busybox-initscripts/ptpdev.bats49
-rw-r--r--main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch40
-rw-r--r--main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch140
-rw-r--r--main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch152
-rw-r--r--main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch68
-rw-r--r--main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch32
-rw-r--r--main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch81
-rw-r--r--main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch34
-rw-r--r--main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch88
-rw-r--r--main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch94
-rw-r--r--main/busybox/APKBUILD73
-rw-r--r--main/busybox/CVE-2022-30065.patch63
-rw-r--r--main/busybox/busyboxconfig4
-rw-r--r--main/busybox/ssl_client.c118
-rw-r--r--main/busybox/test-fix-tarball-creation.patch16
-rw-r--r--main/busybox/test-timezone-workaround.patch28
-rw-r--r--main/byacc/APKBUILD4
-rw-r--r--main/ca-certificates/0001-update-ca-fix-compiler-warning.patch25
-rw-r--r--main/ca-certificates/0002-replace-python-script-with-perl-script.patch874
-rw-r--r--main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch38
-rw-r--r--main/cairo/APKBUILD62
-rw-r--r--main/cairo/CVE-2018-19876.patch30
-rw-r--r--main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch119
-rw-r--r--main/cairo/composite_color_glyphs.patch58
-rw-r--r--main/cairo/fix-mask-usage-in-image-compositor.patch172
-rw-r--r--main/cairo/fix-type1-subset-indexing.patch153
-rw-r--r--main/cairo/pdf-flush.patch33
-rw-r--r--main/ccache/APKBUILD32
-rw-r--r--main/cdparanoia/APKBUILD10
-rw-r--r--main/cdparanoia/no-cuserid.patch32
-rw-r--r--main/checkbashisms/APKBUILD6
-rw-r--r--main/cifs-utils/APKBUILD9
-rw-r--r--main/cjdns/APKBUILD4
-rw-r--r--main/ckbcomp/APKBUILD4
-rw-r--r--main/clang/10-add-musl-triples.patch48
-rw-r--r--main/clang/30-Enable-stack-protector-by-default-for-Alpine-Linux.patch50
-rw-r--r--main/clang/40-fix-ld-name-on-x86.patch20
-rw-r--r--main/clang/APKBUILD50
-rw-r--r--main/clang/llvm-hello.patch63
-rw-r--r--main/clucene/APKBUILD54
-rw-r--r--main/cmake/APKBUILD4
-rw-r--r--main/compiler-rt/APKBUILD40
-rw-r--r--main/compiler-rt/aarch64-ucontext.patch13
-rw-r--r--main/compiler-rt/fix-arch-detection-for-ppc64le.patch26
-rw-r--r--main/compiler-rt/fuzzer-size_t-musl.patch28
-rw-r--r--main/compiler-rt/link-execinfo.patch11
-rw-r--r--main/compiler-rt/sanitizer-ppc64-musl.patch14
-rw-r--r--main/compiler-rt/sanitizer-supported-arch.patch15
-rw-r--r--main/compiler-rt/sanitizer-x86_64-execinfo.patch17
-rw-r--r--main/conntrack-tools/APKBUILD10
-rw-r--r--main/conntrack-tools/conntrackd.initd35
-rw-r--r--main/coreutils/APKBUILD8
-rw-r--r--main/coreutils/fix-chmod-exit-code.patch62
-rw-r--r--main/ctags/APKBUILD4
-rw-r--r--main/cups/APKBUILD17
-rw-r--r--main/curl/APKBUILD39
-rw-r--r--main/curl/easy_lock.patch24
-rw-r--r--main/cyrus-sasl/APKBUILD24
-rw-r--r--main/cyrus-sasl/CVE-2019-19906.patch15
-rw-r--r--main/cyrus-sasl/autoconf-270.patch75
-rw-r--r--main/cyrus-sasl/cyrus-sasl-2.1.27-as_needed.patch25
-rw-r--r--main/cyrus-sasl/cyrus-sasl-2.1.27-avoid_pic_overwrite.patch17
-rw-r--r--main/cyrus-sasl/cyrus-sasl-2.1.27-dbm-errno.patch29
-rw-r--r--main/cyrus-sasl/cyrus-sasl-2.1.27-doc_build_fix.patch11
-rw-r--r--main/cyrus-sasl/cyrus-sasl-2.1.27-gss_c_nt_hostbased_service.patch16
-rw-r--r--main/cyrus-sasl/fix-saslauthd-man-page.patch31
-rw-r--r--main/cython/APKBUILD6
-rw-r--r--main/czmq/APKBUILD17
-rw-r--r--main/d-feet/APKBUILD5
-rw-r--r--main/d-feet/meson-0.60.patch18
-rw-r--r--main/dahdi-linux-lts/APKBUILD4
-rw-r--r--main/dansguardian/APKBUILD8
-rw-r--r--main/dansguardian/gcc11.patch222
-rw-r--r--main/dbus/0001-_dbus_generate_random_bytes-use-getrandom-2.patch127
-rw-r--r--main/dbus/0001-build-Treat-with-x-yes-the-same-as-with-x-auto.patch27
-rw-r--r--main/dbus/0002-Move-DBUS_X_-definitions-into-PKG_CHECK_MODULES-bloc.patch37
-rw-r--r--main/dbus/0003-Emit-an-error-when-with-x-was-given-but-no-X11-libs-.patch37
-rw-r--r--main/dbus/0004-Add-have_x11-no-if-without-x-was-given-to-make-later.patch25
-rw-r--r--main/dbus/0005-Convert-if-calls-to-AS_IF-macro-for-the-block-that-h.patch52
-rw-r--r--main/dbus/APKBUILD32
-rw-r--r--main/dbus/avoid-opendir-between-fork-exec.patch18
-rw-r--r--main/ddate/APKBUILD15
-rw-r--r--main/debootstrap/APKBUILD15
-rw-r--r--main/debootstrap/auto-detect-arch.patch26
-rw-r--r--main/dhcp/03-fix-unwind-import.patch16
-rw-r--r--main/dhcp/APKBUILD12
-rw-r--r--main/dhcp/remove-duplicate-definitions.patch44
-rw-r--r--main/dhcp/segfault-fix.patch37
-rw-r--r--main/dialog/APKBUILD4
-rw-r--r--main/dmidecode/APKBUILD8
-rw-r--r--main/dmraid/APKBUILD12
-rw-r--r--main/dnsmasq/0000-underflow.patch66
-rw-r--r--main/dnsmasq/0001-Retry-on-interrupted-error-in-tftp.patch27
-rw-r--r--main/dnsmasq/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch45
-rw-r--r--main/dnsmasq/0003-Small-safeguard-to-unexpected-data.patch30
-rw-r--r--main/dnsmasq/0004-Fix-bunch-of-warnings-in-auth.c.patch80
-rw-r--r--main/dnsmasq/0005-Fix-few-coverity-warnings-in-lease-tools.patch92
-rw-r--r--main/dnsmasq/0006-Fix-coverity-formats-issues-in-blockdata.patch23
-rw-r--r--main/dnsmasq/0007-Retry-dhcp6-ping-on-interrupts.patch23
-rw-r--r--main/dnsmasq/0008-Fix-coverity-warnings-on-dbus.patch84
-rw-r--r--main/dnsmasq/0009-Address-coverity-issues-detected-in-util.c.patch58
-rw-r--r--main/dnsmasq/0010-Fix-coverity-detected-issues-in-option.c.patch135
-rw-r--r--main/dnsmasq/0011-Fix-coverity-detected-issue-in-radv.c.patch23
-rw-r--r--main/dnsmasq/0012-Fix-coverity-detected-issues-in-cache.c.patch23
-rw-r--r--main/dnsmasq/0013-Fix-coverity-issues-detected-in-domain-match.c.patch61
-rw-r--r--main/dnsmasq/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch69
-rw-r--r--main/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch35
-rw-r--r--main/dnsmasq/0020-fix-domain-match-local.patch276
-rw-r--r--main/dnsmasq/0021-build_server_array.patch70
-rw-r--r--main/dnsmasq/0022-Fix-problems-with-upper-case-in-domain-match.patch84
-rw-r--r--main/dnsmasq/0023-Optimize-inserting-records-into-server-list.patch69
-rw-r--r--main/dnsmasq/0024-Fix-massive-confusion-on-server-reload.patch238
-rw-r--r--main/dnsmasq/0025-reuse-server.patch87
-rw-r--r--main/dnsmasq/APKBUILD129
-rw-r--r--main/dnsmasq/CVE-2022-0934.patch189
-rw-r--r--main/dnsmasq/config.h.patch12
-rw-r--r--main/dnsmasq/dnsmasq.conf.patch38
-rw-r--r--main/dnsmasq/dnsmasq.confd29
-rw-r--r--main/dnsmasq/dnsmasq.initd140
-rw-r--r--main/dnsmasq/uncomment-conf-dir.patch11
-rw-r--r--main/doas-sudo-shim/APKBUILD32
-rw-r--r--main/doas-sudo-shim/help-alpine.patch12
-rw-r--r--main/doas/APKBUILD13
-rw-r--r--main/doas/change-PATH.patch19
-rw-r--r--main/doas/configuration-directory.patch6
-rwxr-xr-xmain/doas/doas.post-install24
-rw-r--r--main/dovecot/APKBUILD10
-rw-r--r--main/dovecot/fix-check-s390x.patch52
-rw-r--r--main/doxygen/APKBUILD19
-rw-r--r--main/doxygen/fix-segfault.patch83
-rw-r--r--main/dpkg/0001-t-command-Fix-test_command_exec-program-invocation.patch33
-rw-r--r--main/dpkg/APKBUILD20
-rw-r--r--main/drbd-utils/APKBUILD4
-rw-r--r--main/dropbear/APKBUILD14
-rw-r--r--main/dropbear/dropbear-0.53.1-static_build_fix.patch26
-rw-r--r--main/dropbear/dropbear-options_sftp-server_path.patch2
-rw-r--r--main/e2fsprogs/APKBUILD5
-rw-r--r--main/ed/APKBUILD17
-rw-r--r--main/efivar/APKBUILD34
-rw-r--r--main/efivar/efivar-fix-format_guid.patch56
-rw-r--r--main/efivar/efivar-fix-packed.patch168
-rw-r--r--main/efivar/efivar-fix-ucs2.patch59
-rw-r--r--main/efivar/fix-build-riscv64.patch12
-rw-r--r--main/efivar/musl-bswap.patch33
-rw-r--r--main/efivar/musl-compat.patch231
-rw-r--r--main/efivar/ppc64le-compat.patch34
-rw-r--r--main/elfutils/APKBUILD10
-rw-r--r--main/elfutils/musl-macros.patch77
-rw-r--r--main/elfutils/musl-strndupa.patch18
-rw-r--r--main/ell/0001-build-fix-time.h-related-breakage-on-musl.patch79
-rw-r--r--main/ell/APKBUILD6
-rw-r--r--main/encfs/APKBUILD2
-rw-r--r--main/esh/APKBUILD6
-rw-r--r--main/ethtool/APKBUILD4
-rw-r--r--main/execline/APKBUILD9
-rw-r--r--main/expat/APKBUILD15
-rw-r--r--main/f2fs-tools/APKBUILD6
-rw-r--r--main/fail2ban/APKBUILD27
-rw-r--r--main/fail2ban/CVE-2021-32749.patch155
-rw-r--r--main/fail2ban/setuptools59.patch10
-rw-r--r--main/ferm/APKBUILD8
-rw-r--r--main/file/APKBUILD4
-rw-r--r--main/findutils/APKBUILD10
-rw-r--r--main/fish/APKBUILD29
-rw-r--r--main/fish/drop-failed-tests.patch15
-rw-r--r--main/flac/APKBUILD9
-rw-r--r--main/flex/APKBUILD6
-rw-r--r--main/font-liberation-sans-narrow/30-liberation-sans-narrow.conf (renamed from main/ttf-liberation/30-liberation-sans-narrow.conf)1
-rw-r--r--main/font-liberation-sans-narrow/45-liberation-sans-narrow.conf10
-rw-r--r--main/font-liberation-sans-narrow/90-liberation-sans-narrow.conf24
-rw-r--r--main/font-liberation-sans-narrow/APKBUILD40
-rw-r--r--main/font-liberation/30-liberation-mono.conf (renamed from main/ttf-liberation/30-liberation-mono.conf)0
-rw-r--r--main/font-liberation/30-liberation-sans.conf (renamed from main/ttf-liberation/30-liberation-sans.conf)0
-rw-r--r--main/font-liberation/30-liberation-serif.conf (renamed from main/ttf-liberation/30-liberation-serif.conf)0
-rw-r--r--main/font-liberation/45-liberation.conf (renamed from main/ttf-liberation/45-liberation.conf)7
-rw-r--r--main/font-liberation/90-liberation.conf (renamed from main/ttf-liberation/90-tt-liberation.conf)22
-rw-r--r--main/font-liberation/APKBUILD54
-rw-r--r--main/font-linux-libertine/APKBUILD26
-rw-r--r--main/fontconfig/APKBUILD19
-rw-r--r--main/fontconfig/fix-arithmetic.patch11
-rw-r--r--main/fping/APKBUILD13
-rw-r--r--main/freeradius/APKBUILD2
-rw-r--r--main/freeswitch-sounds-en-us-callie-32000/APKBUILD16
-rw-r--r--main/freeswitch-sounds-en-us-callie-8000/APKBUILD16
-rw-r--r--main/freeswitch-sounds-es-mx-maria-44100/APKBUILD16
-rw-r--r--main/freeswitch-sounds-fr-ca-june-8000/APKBUILD14
-rw-r--r--main/freeswitch-sounds-fr-fr-sibylle-8000/APKBUILD17
-rw-r--r--main/freeswitch-sounds-music-32000/APKBUILD16
-rw-r--r--main/freeswitch-sounds-music-8000/APKBUILD16
-rw-r--r--main/freeswitch-sounds-pt-br-karina-8000/APKBUILD13
-rw-r--r--main/freeswitch-sounds-ru-RU-elena-32000/APKBUILD14
-rw-r--r--main/freeswitch-sounds-ru-RU-elena-8000/APKBUILD14
-rw-r--r--main/freeswitch/APKBUILD7
-rw-r--r--main/freetds/APKBUILD4
-rw-r--r--main/freetype/APKBUILD45
-rw-r--r--main/fribidi/APKBUILD10
-rw-r--r--main/fuse3/APKBUILD48
-rw-r--r--main/gc/APKBUILD6
-rw-r--r--main/gc/data_start_riscv64.patch27
-rw-r--r--main/gcc/0001-posix_memalign.patch4
-rw-r--r--main/gcc/0002-gcc-poison-system-directories.patch8
-rw-r--r--main/gcc/0003-specs-turn-on-Wl-z-now-by-default.patch8
-rw-r--r--main/gcc/0004-Turn-on-D_FORTIFY_SOURCE-2-by-default-for-C-C-ObjC-O.patch12
-rw-r--r--main/gcc/0005-On-linux-targets-pass-as-needed-by-default-to-the-li.patch4
-rw-r--r--main/gcc/0006-Enable-Wformat-and-Wformat-security-by-default.patch4
-rw-r--r--main/gcc/0007-Enable-Wtrampolines-by-default.patch4
-rw-r--r--main/gcc/0008-Disable-ssp-on-nostdlib-nodefaultlibs-and-ffreestand.patch4
-rw-r--r--main/gcc/0009-Ensure-that-msgfmt-doesn-t-encounter-problems-during.patch4
-rw-r--r--main/gcc/0010-Don-t-declare-asprintf-if-defined-as-a-macro.patch4
-rw-r--r--main/gcc/0011-libiberty-copy-PIC-objects-during-build-process.patch4
-rw-r--r--main/gcc/0012-libitm-disable-FORTIFY.patch4
-rw-r--r--main/gcc/0013-libgcc_s.patch8
-rw-r--r--main/gcc/0014-nopie.patch4
-rw-r--r--main/gcc/0015-libffi-use-__linux__-instead-of-__gnu_linux__-for-mu.patch4
-rw-r--r--main/gcc/0016-dlang-update-zlib-binding.patch4
-rw-r--r--main/gcc/0017-dlang-use-libucontext-on-mips64.patch4
-rw-r--r--main/gcc/0018-dlang-libdruntime-define-fcntl.h-constants-for-mips6.patch4
-rw-r--r--main/gcc/0019-ada-fix-shared-linking.patch4
-rw-r--r--main/gcc/0020-build-fix-CXXFLAGS_FOR_BUILD-passing.patch4
-rw-r--r--main/gcc/0021-add-fortify-headers-paths.patch4
-rw-r--r--main/gcc/0022-Alpine-musl-package-provides-libssp_nonshared.a.-We-.patch4
-rw-r--r--main/gcc/0023-DP-Use-push-state-pop-state-for-gold-as-well-when-li.patch4
-rw-r--r--main/gcc/0024-mips64-disable-multilib-support.patch4
-rw-r--r--main/gcc/0025-aarch64-disable-multilib-support.patch4
-rw-r--r--main/gcc/0026-s390x-disable-multilib-support.patch4
-rw-r--r--main/gcc/0027-ppc64-le-disable-multilib-support.patch4
-rw-r--r--main/gcc/0028-x86_64-disable-multilib-support.patch4
-rw-r--r--main/gcc/0029-riscv-disable-multilib-support.patch4
-rw-r--r--main/gcc/0030-always-build-libgcc_eh.a.patch4
-rw-r--r--main/gcc/0031-ada-libgnarl-compatibility-for-musl.patch4
-rw-r--r--main/gcc/0032-ada-musl-support-fixes.patch8
-rw-r--r--main/gcc/0033-gcc-go-Fix-handling-of-signal-34-on-musl.patch4
-rw-r--r--main/gcc/0034-There-are-more-than-one-st_-a-m-c-tim-fields-in-stru.patch4
-rw-r--r--main/gcc/0035-gcc-go-signal-34-is-special-on-musl-libc.patch4
-rw-r--r--main/gcc/0036-gcc-go-undef-SETCONTEXT_CLOBBERS_TLS-in-proc.c.patch4
-rw-r--r--main/gcc/0037-gcc-go-link-to-libucontext.patch4
-rw-r--r--main/gcc/0038-Use-generic-errstr.go-implementation-on-musl.patch4
-rw-r--r--main/gcc/0039-configure-Add-enable-autolink-libatomic-use-in-LINK_.patch4
-rw-r--r--main/gcc/0040-configure-fix-detection-of-atomic-builtins-in-libato.patch4
-rw-r--r--main/gcc/0041-libgo-Recognize-off64_t-and-loff_t-definitions-of-mu.patch4
-rw-r--r--main/gcc/0042-Fix-attempt-to-use-poisoned-calloc-error-in-libgccji.patch4
-rw-r--r--main/gcc/0043-stddef.h-add-support-for-musl-typedef-macro-guards.patch4
-rw-r--r--main/gcc/0044-gcc-go-Use-int64-type-as-offset-argument-for-mmap.patch4
-rw-r--r--main/gcc/0045-Disable-fsplit-stack-support-on-non-glibc-targets.patch98
-rw-r--r--main/gcc/0045-libgo-include-asm-ptrace.h-for-pt_regs-definition-on.patch (renamed from main/gcc/0046-libgo-include-asm-ptrace.h-for-pt_regs-definition-on.patch)4
-rw-r--r--main/gcc/0046-Disable-fsplit-stack-support-on-non-glibc-targets.patch115
-rw-r--r--main/gcc/0047-x86-Properly-disable-fsplit-stack-support-on-non-gli.patch94
-rw-r--r--main/gcc/0048-gdc-unconditionally-link-libgphobos-against-libucont.patch (renamed from main/gcc/0047-gdc-unconditionally-link-libgphobos-against-libucont.patch)7
-rw-r--r--main/gcc/0049-properly-disable-fsplit-stack-on-non-glibc-targets-P.patch298
-rw-r--r--main/gcc/0050-x86-Fix-fsplit-stack-feature-detection-via-TARGET_CA.patch75
-rw-r--r--main/gcc/0051-go-gospec-forcibly-disable-fsplit-stack-support.patch33
-rw-r--r--main/gcc/APKBUILD121
-rw-r--r--main/gcc/libgo-musl-1.2.3.patch13
-rw-r--r--main/gcc9/0002-posix_memalign.patch42
-rw-r--r--main/gcc9/0003-gcc-poison-system-directories.patch194
-rw-r--r--main/gcc9/0008-s390x-muslldso.patch26
-rw-r--r--main/gcc9/0010-ldbl128-config.patch76
-rw-r--r--main/gcc9/0012-static-pie.patch107
-rw-r--r--main/gcc9/0016-invalid_tls_model.patch29
-rw-r--r--main/gcc9/002_all_default-relro.patch33
-rw-r--r--main/gcc9/003_all_default-fortify-source.patch40
-rw-r--r--main/gcc9/005_all_default-as-needed.patch244
-rw-r--r--main/gcc9/011_all_default-warn-format-security.patch22
-rw-r--r--main/gcc9/012_all_default-warn-trampolines.patch13
-rw-r--r--main/gcc9/013_all_default-ssp-fix.patch38
-rw-r--r--main/gcc9/020_all_msgfmt-libstdc++-link.patch39
-rw-r--r--main/gcc9/050_all_libiberty-asprintf.patch18
-rw-r--r--main/gcc9/051_all_libiberty-pic.patch10
-rw-r--r--main/gcc9/053_all_libitm-no-fortify-source.patch27
-rw-r--r--main/gcc9/090_all_pr55930-dependency-tracking.patch18
-rw-r--r--main/gcc9/203-libgcc_s.patch57
-rw-r--r--main/gcc9/205-nopie.patch75
-rw-r--r--main/gcc9/320-libffi-gnulinux.patch13
-rw-r--r--main/gcc9/400-dlang-phobos.patch1216
-rw-r--r--main/gcc9/401-dlang-32bits.patch25
-rw-r--r--main/gcc9/402-dlang-stat.patch448
-rw-r--r--main/gcc9/403-dlang-ibmz.patch137
-rw-r--r--main/gcc9/404-dlang-zlib.patch411
-rw-r--r--main/gcc9/405-dlang-mips.patch34
-rw-r--r--main/gcc9/406-dlang-fix-interface-visibility.patch22
-rw-r--r--main/gcc9/ada-musl.patch204
-rw-r--r--main/gcc9/ada-shared.patch30
-rw-r--r--main/gcc9/fix-cxxflags-passing.patch10
-rw-r--r--main/gcc9/futex-time64.patch21
-rw-r--r--main/gcc9/gcc-4.9-musl-fortify.patch11
-rw-r--r--main/gcc9/gcc-6.1-musl-libssp.patch20
-rw-r--r--main/gcc9/gcc-as-needed-gold.patch58
-rw-r--r--main/gcc9/gcc-pure64-mips.patch47
-rw-r--r--main/gcc9/gcc-pure64.patch89
-rw-r--r--main/gcc9/libgcc-always-build-gcceh.a.patch39
-rw-r--r--main/gcc9/libgnarl-musl.patch120
-rw-r--r--main/gd/APKBUILD24
-rw-r--r--main/gd/CVE-2021-38115.patch26
-rw-r--r--main/gd/CVE-2021-40145.patch124
-rw-r--r--main/gdb/APKBUILD18
-rw-r--r--main/gdbm/APKBUILD4
-rw-r--r--main/gdk-pixbuf/APKBUILD8
-rw-r--r--main/gettext/APKBUILD12
-rw-r--r--main/gettext/skip-tests-libunistring-1.0.patch55
-rw-r--r--main/ghostscript/9.55.0-typo.patch11
-rw-r--r--main/ghostscript/APKBUILD7
-rw-r--r--main/git/APKBUILD32
-rw-r--r--main/glib/APKBUILD8
-rw-r--r--main/glib/glib.trigger2
-rw-r--r--main/glib/musl-libintl.patch2
-rw-r--r--main/glslang/APKBUILD75
-rw-r--r--main/gmp/APKBUILD14
-rw-r--r--main/gnupg/70-gpg-import-Ed25519-private-keys-as-MPIs.patch53
-rw-r--r--main/gnupg/APKBUILD16
-rw-r--r--main/gnutls/APKBUILD17
-rw-r--r--main/gnutls/skip-crq.patch22
-rw-r--r--main/gnutls/tests-certtool.patch9
-rw-r--r--main/gnutls/tests-crq.patch31
-rw-r--r--main/goaccess/APKBUILD9
-rw-r--r--main/gobject-introspection/APKBUILD8
-rw-r--r--main/gobject-introspection/musl-time64.patch10
-rw-r--r--main/gpm/APKBUILD86
-rw-r--r--main/gpm/constify-format-strings.patch85
-rw-r--r--main/gpm/error-format.patch39
-rw-r--r--main/gpm/fix-highly-illegal-return-of-in-as-char.patch44
-rw-r--r--main/gpm/fix-signedness-issue.patch24
-rw-r--r--main/gpm/gcc-10.patch12
-rw-r--r--main/gpm/gpm-include-sysmacros.patch10
-rw-r--r--main/gpm/gpm.confd8
-rw-r--r--main/gpm/gpm.initd10
-rw-r--r--main/gpm/install-shared-libs-with-+x-perms.patch25
-rw-r--r--main/gpm/install-unversioned-solibrary.patch36
-rw-r--r--main/gpm/musl-fixes.patch64
-rw-r--r--main/gpsd/APKBUILD6
-rw-r--r--main/gptfdisk/0001-Fix-failure-crash-of-sgdisk-when-compiled-with-lates.patch57
-rw-r--r--main/gptfdisk/0002-Updated-guid.cc-to-deal-with-minor-change-in-libuuid.patch39
-rw-r--r--main/gptfdisk/APKBUILD10
-rw-r--r--main/graphene/0001-meson-don-t-install-introspection-file-with-installe.patch29
-rw-r--r--main/graphene/APKBUILD26
-rw-r--r--main/graphene/fix-gnome-shell-touch-issues.patch14
-rw-r--r--main/graphviz/APKBUILD10
-rw-r--r--main/gross/APKBUILD33
-rw-r--r--main/grub/0010-riscv-binutils-2.38.patch39
-rw-r--r--main/grub/0011-mkconfig-ignore-apk-new-files.patch30
-rw-r--r--main/grub/0012-remove-udevadm-usage.patch137
-rw-r--r--main/grub/APKBUILD12
-rw-r--r--main/gst-plugins-base/APKBUILD5
-rw-r--r--main/gstreamer/APKBUILD6
-rw-r--r--main/gtest/APKBUILD25
-rw-r--r--main/gtk+/APKBUILD22
-rw-r--r--main/gtk+2.0/APKBUILD13
-rw-r--r--main/gtk+2.0/gtk+2.0.post-install5
-rw-r--r--main/gtk+3.0/10-Revert-gdkseatdefault-Grab-touch-events-where-applic.patch28
-rw-r--r--main/gtk+3.0/APKBUILD20
-rw-r--r--main/gtk+3.0/check-version.py200
-rw-r--r--main/gtk+3.0/gtk+3.0.post-install5
-rw-r--r--main/guile/APKBUILD4
-rw-r--r--main/gzip/APKBUILD10
-rw-r--r--main/haproxy/APKBUILD6
-rw-r--r--main/haproxy/haproxy-openssl-3.patch42
-rw-r--r--main/harfbuzz/APKBUILD6
-rw-r--r--main/haveged/APKBUILD7
-rw-r--r--main/hdparm/APKBUILD4
-rw-r--r--main/heimdal/APKBUILD16
-rw-r--r--main/heimdal/silence-include-headers-redirect-warnings.patch80
-rw-r--r--main/help2man/APKBUILD4
-rw-r--r--main/highlight/APKBUILD6
-rw-r--r--main/hostapd/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch150
-rw-r--r--main/hostapd/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch59
-rw-r--r--main/hostapd/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch47
-rw-r--r--main/hostapd/APKBUILD65
-rw-r--r--main/hostapd/CVE-2019-16275.patch73
-rw-r--r--main/htop/APKBUILD6
-rw-r--r--main/hunspell/APKBUILD11
-rw-r--r--main/hylafaxplus/APKBUILD6
-rw-r--r--main/icu/001-fix-heap-buffer-overflow.patch31
-rw-r--r--main/icu/APKBUILD123
-rw-r--r--main/icu/data-filter-en.yml87
-rw-r--r--main/icu/icu-data-en.post-install10
-rw-r--r--main/icu/skip-flawed-tests.patch44
-rw-r--r--main/ifupdown-ng/APKBUILD25
-rw-r--r--main/ifupdown/APKBUILD14
-rw-r--r--main/ilbc/APKBUILD29
-rw-r--r--main/imlib2/0001-ICO-loader-Fix-compilation-on-big-endian-architectur.patch36
-rw-r--r--main/imlib2/APKBUILD8
-rw-r--r--main/inih/APKBUILD15
-rw-r--r--main/inih/fix-pkgconfig-version.patch28
-rw-r--r--main/intel-ucode/APKBUILD43
-rw-r--r--main/iperf/APKBUILD49
-rw-r--r--main/iperf/iperf.confd3
-rw-r--r--main/iperf/iperf.initd12
-rw-r--r--main/iperf3/APKBUILD4
-rw-r--r--main/iproute2/APKBUILD4
-rw-r--r--main/iptables/APKBUILD21
-rw-r--r--main/iptables/fix-u_int16_t.patch163
-rw-r--r--main/iptables/fix-xtables.patch10
-rw-r--r--main/iptables/use-sh-iptables-apply.patch39
-rw-r--r--main/iputils/APKBUILD17
-rw-r--r--main/irqbalance/APKBUILD20
-rw-r--r--main/irqbalance/aarch64-sigsegv.patch11
-rw-r--r--main/irssi/APKBUILD8
-rw-r--r--main/iso-codes/APKBUILD4
-rw-r--r--main/itstool/APKBUILD4
-rw-r--r--main/iw/APKBUILD24
-rw-r--r--main/jack/APKBUILD11
-rw-r--r--main/jitterentropy-library/02-use-proper-pointer-dereferencing.patch26
-rw-r--r--main/jitterentropy-library/03-fix-execution-flow-and-args-order.patch44
-rw-r--r--main/jitterentropy-library/04-c11-asm-correction.patch21
-rw-r--r--main/jitterentropy-library/05-gcd-sensible-max.patch37
-rw-r--r--main/jitterentropy-library/06-fix-memory-size.patch42
-rwxr-xr-xmain/jitterentropy-library/APKBUILD14
-rw-r--r--main/jpeg/APKBUILD4
-rw-r--r--main/json-c/APKBUILD22
-rw-r--r--main/kamailio/APKBUILD6
-rw-r--r--main/kamailio/fix-openldap-2.5-symbol-conflict.patch46
-rw-r--r--main/kbd/APKBUILD14
-rw-r--r--main/keyutils/APKBUILD4
-rw-r--r--main/kmod/APKBUILD17
-rw-r--r--main/knot/APKBUILD6
-rw-r--r--main/krb5/APKBUILD8
-rw-r--r--main/kyua/APKBUILD6
-rw-r--r--main/lcms2/APKBUILD20
-rw-r--r--main/ldb/APKBUILD6
-rw-r--r--main/ldns/APKBUILD18
-rw-r--r--main/lftp/APKBUILD6
-rw-r--r--main/libaio/APKBUILD38
-rw-r--r--main/libaio/test-poll.patch12
-rw-r--r--main/libaio/test.patch55
-rw-r--r--main/libarchive/APKBUILD8
-rw-r--r--main/libax25/APKBUILD12
-rw-r--r--main/libbsd/APKBUILD19
-rw-r--r--main/libbsd/disable-fpurge-test.patch17
-rw-r--r--main/libcap-ng/APKBUILD16
-rw-r--r--main/libcap/APKBUILD4
-rw-r--r--main/libcbor/APKBUILD8
-rw-r--r--main/libdaemon/APKBUILD4
-rw-r--r--main/libde265/APKBUILD19
-rw-r--r--main/libdrm/APKBUILD4
-rw-r--r--main/libepoxy/APKBUILD6
-rw-r--r--main/libfido2/APKBUILD11
-rw-r--r--main/libfido2/libfido2.pre-install12
-rw-r--r--main/libgcrypt/APKBUILD16
-rw-r--r--main/libgpg-error/APKBUILD8
-rw-r--r--main/libical/APKBUILD13
-rw-r--r--main/libid3tag/APKBUILD77
-rw-r--r--main/libidn2/APKBUILD13
-rw-r--r--main/libjpeg-turbo/APKBUILD18
-rw-r--r--main/libmaxminddb/APKBUILD4
-rw-r--r--main/libmd/APKBUILD6
-rw-r--r--main/libmnl/APKBUILD11
-rw-r--r--main/libnetfilter_cthelper/APKBUILD13
-rw-r--r--main/libnetfilter_cttimeout/APKBUILD13
-rw-r--r--main/libnetfilter_log/APKBUILD25
-rw-r--r--main/libnetfilter_log/sys-types.patch21
-rw-r--r--main/libnetfilter_log/sys-types2.patch14
-rw-r--r--main/libnfnetlink/APKBUILD23
-rw-r--r--main/libnfnetlink/musl-fix-includes.patch20
-rw-r--r--main/libnftnl/APKBUILD4
-rw-r--r--main/libnl3/APKBUILD16
-rw-r--r--main/libnl3/fix-tests.patch46
-rw-r--r--main/libogg/APKBUILD23
-rw-r--r--main/libpthread-stubs/APKBUILD29
-rw-r--r--main/libretls/APKBUILD10
-rw-r--r--main/librsync/APKBUILD17
-rw-r--r--main/librtlsdr/APKBUILD16
-rw-r--r--main/libsamplerate/APKBUILD25
-rw-r--r--main/libsecret/APKBUILD9
-rw-r--r--main/libshout/APKBUILD13
-rw-r--r--main/libsndfile/APKBUILD39
-rw-r--r--main/libspf2/APKBUILD30
-rw-r--r--main/libspf2/CVE-2021-20314.patch22
-rw-r--r--main/libspf2/fix-gcc-variadic-macros.patch18
-rw-r--r--main/libtirpc/APKBUILD4
-rw-r--r--main/libtool/APKBUILD42
-rw-r--r--main/libucontext/APKBUILD6
-rw-r--r--main/libunistring/APKBUILD17
-rw-r--r--main/libunwind/APKBUILD4
-rw-r--r--main/liburing/APKBUILD4
-rw-r--r--main/libusb/APKBUILD15
-rw-r--r--main/libusb/f38f09da98acc63966b65b72029b1f7f81166bef.patch217
-rw-r--r--main/libusb/f6d2cb561402c3b6d3627c0eb89e009b503d9067.patch58
-rw-r--r--main/libutempter/APKBUILD2
-rw-r--r--main/libuv/APKBUILD10
-rw-r--r--main/libuv/recvmmsg-padding.patch63
-rw-r--r--main/libva/APKBUILD4
-rw-r--r--main/libvdpau/APKBUILD6
-rw-r--r--main/libwebsockets/APKBUILD26
-rw-r--r--main/libx11/APKBUILD9
-rw-r--r--main/libxcb/APKBUILD8
-rw-r--r--main/libxcursor/APKBUILD15
-rw-r--r--main/libxkbcommon/APKBUILD11
-rw-r--r--main/libxml2/APKBUILD18
-rw-r--r--main/libxml2/revert-Make-xmlFreeNodeList-non-recursive.patch64
-rw-r--r--main/libxml2/whitespace-when-serializing-empty-html-documents.patch43
-rw-r--r--main/libxml2/work-around-lxml-api-abuse.patch211
-rw-r--r--main/libxslt/APKBUILD17
-rw-r--r--main/libxslt/Dont-set-maxDepth-in-XPath-contexts.patch70
-rw-r--r--main/libxslt/Stop-using-maxParserDepth-XPath-limit.patch37
-rw-r--r--main/libxslt/Transfer-XPath-limits-to-XPtr-context.patch42
-rw-r--r--main/libxvmc/APKBUILD10
-rw-r--r--main/lighttpd/APKBUILD7
-rw-r--r--main/lighttpd/lighttpd.initd2
-rw-r--r--main/links/APKBUILD6
-rw-r--r--main/linux-firmware/APKBUILD37
-rw-r--r--main/linux-headers/APKBUILD14
-rw-r--r--main/linux-headers/add-btf-float-uapi.patch38
-rw-r--r--main/linux-lts/APKBUILD179
-rw-r--r--main/linux-lts/config-lts.aarch6410074
-rw-r--r--main/linux-lts/config-lts.armv78566
-rw-r--r--main/linux-lts/config-lts.ppc64le4892
-rw-r--r--main/linux-lts/config-lts.s390x3721
-rw-r--r--main/linux-lts/config-lts.x869224
-rw-r--r--main/linux-lts/config-lts.x86_649495
-rw-r--r--main/linux-lts/config-virt.aarch645288
-rw-r--r--main/linux-lts/config-virt.armv75030
-rw-r--r--main/linux-lts/config-virt.ppc64le4767
-rw-r--r--main/linux-lts/config-virt.x864846
-rw-r--r--main/linux-lts/config-virt.x86_645073
-rw-r--r--main/linux-lts/lts.aarch64.config2954
-rw-r--r--main/linux-lts/lts.armv7.config2259
-rw-r--r--main/linux-lts/lts.ppc64le.config872
-rw-r--r--main/linux-lts/lts.s390x.config1048
-rw-r--r--main/linux-lts/lts.x86.config2976
-rw-r--r--main/linux-lts/lts.x86_64.config3084
-rw-r--r--main/linux-lts/ppc-export_mmu_feature_keys_as_non-GPL.patch42
-rw-r--r--main/linux-lts/virt.aarch64.config1082
-rw-r--r--main/linux-lts/virt.armv7.config1033
-rw-r--r--main/linux-lts/virt.ppc64le.config1030
-rw-r--r--main/linux-lts/virt.x86.config1052
-rw-r--r--main/linux-lts/virt.x86_64.config1095
-rw-r--r--main/linux-octeon/APKBUILD4
-rw-r--r--main/linux-pam/APKBUILD4
-rw-r--r--main/linux-pam/base-session.pamd1
-rw-r--r--main/linux-rpi/APKBUILD28
-rw-r--r--main/linux-rpi/config-changes-rpi.armhf1
-rw-r--r--main/llvm10/APKBUILD271
-rw-r--r--main/llvm10/fix-LLVMConfig-cmake-install-prefix.patch24
-rw-r--r--main/llvm10/fix-memory-mf_exec-on-aarch64.patch25
-rw-r--r--main/llvm10/python3-test.patch8
-rw-r--r--main/llvm11/0001-Disable-dynamic-lib-tests-for-musl-s-dlclose-is-noop.patch22
-rw-r--r--main/llvm12/fix-LLVMConfig-cmake-install-prefix.patch24
-rw-r--r--main/llvm13/0001-Disable-dynamic-lib-tests-for-musl-s-dlclose-is-noop.patch (renamed from main/llvm12/0001-Disable-dynamic-lib-tests-for-musl-s-dlclose-is-noop.patch)0
-rw-r--r--main/llvm13/APKBUILD (renamed from main/llvm12/APKBUILD)76
-rw-r--r--main/llvm13/fix-LLVMConfig-cmake-install-prefix.patch (renamed from main/llvm11/fix-LLVMConfig-cmake-install-prefix.patch)0
-rw-r--r--main/llvm13/fix-memory-mf_exec-on-aarch64.patch (renamed from main/llvm11/fix-memory-mf_exec-on-aarch64.patch)0
-rw-r--r--main/llvm14/0001-Disable-dynamic-lib-tests-for-musl-s-dlclose-is-noop.patch (renamed from main/llvm10/0001-Disable-dynamic-lib-tests-for-musl-s-dlclose-is-noop.patch)14
-rw-r--r--main/llvm14/APKBUILD (renamed from main/llvm11/APKBUILD)100
-rw-r--r--main/llvm14/fix-memory-mf_exec-on-aarch64.patch (renamed from main/llvm12/fix-memory-mf_exec-on-aarch64.patch)0
-rw-r--r--main/llvm14/install-prefix.patch30
-rw-r--r--main/lm-sensors/APKBUILD4
-rw-r--r--main/logrotate/APKBUILD16
-rw-r--r--main/logrotate/logrotate.post-upgrade12
-rw-r--r--main/lsof/APKBUILD6
-rw-r--r--main/lsyncd/APKBUILD24
-rw-r--r--main/lsyncd/fix-mandir.patch14
-rw-r--r--main/lsyncd/lua5.4.patch12
-rw-r--r--main/lttng-ust/APKBUILD6
-rw-r--r--main/lua-expat/APKBUILD8
-rw-r--r--main/lua-inspect/APKBUILD8
-rw-r--r--main/lua-luaxml/0001-Fix-error-where-TAG-should-be-xml.TAG.patch44
-rw-r--r--main/lua-luaxml/0001-XML-attributes.patch55
-rw-r--r--main/lua-luaxml/APKBUILD36
-rw-r--r--main/lua-mosquitto/APKBUILD16
-rw-r--r--main/lua-mosquitto/checkinteger.patch13
-rw-r--r--main/lua-mqtt-publish/APKBUILD14
-rw-r--r--main/lua-mqtt-publish/restore-sigpipe-handler.patch23
-rw-r--r--main/lua-optarg/APKBUILD16
-rw-r--r--main/lua-penlight/APKBUILD12
-rw-r--r--main/lua-resty-core/APKBUILD4
-rw-r--r--main/lua-schema/APKBUILD1
-rw-r--r--main/lua-unit/APKBUILD10
-rw-r--r--main/lua-xctrl/APKBUILD88
-rw-r--r--main/lua-xctrl/fix-linking.patch16
-rw-r--r--main/lua5.1/APKBUILD16
-rw-r--r--main/lua5.2/APKBUILD8
-rw-r--r--main/lua5.3/APKBUILD8
-rw-r--r--main/lua5.4/APKBUILD25
-rw-r--r--main/lua5.4/CVE-2022-28805.patch23
-rw-r--r--main/lua5.4/extern-c-for-cpp.patch23
-rw-r--r--main/lua5.4/fix-double-free.patch56
-rw-r--r--main/lxc/APKBUILD8
-rw-r--r--main/lxc/lxc.initd6
-rw-r--r--main/lzip/APKBUILD7
-rw-r--r--main/lzo/APKBUILD42
-rw-r--r--main/m4/APKBUILD18
-rw-r--r--main/m4/disable-mbrtowc-test.patch10
-rw-r--r--main/m4/fix-sysval-test.patch25
-rw-r--r--main/m4/localename-test-fix.patch34
-rw-r--r--main/m4/test-posix_spawn_file_actions_addclose.patch18
-rw-r--r--main/macifrename/APKBUILD6
-rw-r--r--main/mailcap/APKBUILD6
-rw-r--r--main/mandoc/APKBUILD4
-rw-r--r--main/mariadb-connector-c/APKBUILD10
-rw-r--r--main/mariadb/APKBUILD54
-rw-r--r--main/mbedtls/APKBUILD19
-rw-r--r--main/mc/APKBUILD8
-rw-r--r--main/mdadm/APKBUILD16
-rw-r--r--main/mdadm/fix-use-after-free.patch20
-rw-r--r--main/mdadm/no-werror.patch6
-rw-r--r--main/mdevd/APKBUILD38
-rw-r--r--main/mdevd/mdevd-init.initd17
-rw-r--r--main/mdevd/mdevd.initd22
-rw-r--r--main/memcached/APKBUILD4
-rw-r--r--main/mesa/APKBUILD27
-rw-r--r--main/meson/APKBUILD52
-rw-r--r--main/meson/fix-ninja-output-test.patch12
-rw-r--r--main/meson/skip-broken-tests.patch36
-rw-r--r--main/mg/APKBUILD7
-rw-r--r--main/mkfontscale/APKBUILD14
-rw-r--r--main/mkinitfs/0001-mkinitfs.in-ensure-when-run-in-chroot-that-correct-k.patch39
-rw-r--r--main/mkinitfs/APKBUILD11
-rw-r--r--main/mkinitfs/mkinitfs.trigger8
-rw-r--r--main/monit/APKBUILD4
-rw-r--r--main/mosh/APKBUILD8
-rw-r--r--main/mpg123/APKBUILD4
-rw-r--r--main/mqtt-exec/APKBUILD10
-rw-r--r--main/mqtt-exec/restore-default-sigpipe-handler.patch17
-rw-r--r--main/mrtg/APKBUILD4
-rw-r--r--main/mtools/APKBUILD4
-rw-r--r--main/multipath-tools/APKBUILD6
-rw-r--r--main/musl-obstack/APKBUILD6
-rw-r--r--main/musl/0001-fix-TZ-parsing-logic-for-identifying-POSIX-form-stri.patch57
-rw-r--r--main/musl/0001-riscv64-define-ELF_NFPREG.patch24
-rw-r--r--main/musl/APKBUILD36
-rw-r--r--main/musl/eh-frame.patch140
-rw-r--r--main/musl/qsort_r.patch213
-rw-r--r--main/musl/syscall-cp-epoll.patch16
-rw-r--r--main/nagios-plugins/APKBUILD12
-rw-r--r--main/nagios-plugins/check_mysql_query-fix-use-after-free.patch33
-rw-r--r--main/nagios/APKBUILD13
-rw-r--r--main/nagios/cgi-pairlist-truncation-fix.patch14
-rw-r--r--main/nano/APKBUILD4
-rw-r--r--main/ncdu/APKBUILD4
-rw-r--r--main/ncurses/APKBUILD6
-rw-r--r--main/ndisc6/APKBUILD12
-rw-r--r--main/ndisc6/remove-undef-gnu-source.patch17
-rw-r--r--main/neon/APKBUILD4
-rw-r--r--main/net-snmp/APKBUILD2
-rw-r--r--main/net-tools/APKBUILD41
-rw-r--r--main/nettle/APKBUILD4
-rw-r--r--main/nfs-utils/APKBUILD9
-rw-r--r--main/nfs-utils/musl-time64.patch51
-rw-r--r--main/nftables/APKBUILD12
-rw-r--r--main/nghttp2/APKBUILD6
-rw-r--r--main/nghttp2/remove-mruby-tests.patch119
-rw-r--r--main/nginx/APKBUILD83
-rw-r--r--main/nginx/njs~mktemp-busybox-compat.patch13
-rw-r--r--main/nginx/njs~nginx-1.20.x-compat.patch15
-rw-r--r--main/nodejs/APKBUILD14
-rw-r--r--main/npm/APKBUILD124
-rw-r--r--main/npm/dont-check-for-last-version.patch15
-rw-r--r--main/npm/make-dont-install-deps.patch11
-rw-r--r--main/npm/npmrc6
-rw-r--r--main/npm/reproducible-documentation-build.patch20
-rw-r--r--main/npm/smoke-tests-npm-location.patch23
-rw-r--r--main/nsd/APKBUILD4
-rw-r--r--main/nspr/APKBUILD8
-rw-r--r--main/ntfs-3g/APKBUILD13
-rw-r--r--main/oniguruma/APKBUILD6
-rw-r--r--main/open-iscsi/0001-Don-t-use-GNU-sed.patch25
-rw-r--r--main/open-iscsi/APKBUILD8
-rw-r--r--main/openjpeg/APKBUILD15
-rw-r--r--main/openldap/APKBUILD8
-rw-r--r--main/openldap/tests-make-add-missing-dependency.patch13
-rw-r--r--main/openntpd/APKBUILD8
-rw-r--r--main/openrc/0009-fix-bootmisc-mv-error.patch27
-rw-r--r--main/openrc/0010-noexec-devfs.patch14
-rw-r--r--main/openrc/APKBUILD44
-rw-r--r--main/openrc/networking.initd2
-rw-r--r--main/openrc/seedrng.patch640
-rw-r--r--main/openresolv/APKBUILD17
-rw-r--r--main/openresolv/detect_init-remove-irrelevant.patch87
-rw-r--r--main/opensbi/APKBUILD4
-rw-r--r--main/opensmtpd/APKBUILD10
-rw-r--r--main/opensmtpd/smtpd.initd8
-rw-r--r--main/openssh/APKBUILD49
-rw-r--r--main/openssh/gss-serv.c.patch15
-rw-r--r--main/openssh/sshd.initd2
-rw-r--r--main/openssl/APKBUILD20
-rw-r--r--main/openssl3/APKBUILD19
-rw-r--r--main/openvpn/APKBUILD10
-rw-r--r--main/openvpn/openvpn.initd1
-rw-r--r--main/ortp/APKBUILD12
-rw-r--r--main/p11-kit/APKBUILD6
-rw-r--r--main/p7zip/APKBUILD47
-rw-r--r--main/p7zip/CVE-2016-9296.patch12
-rw-r--r--main/p7zip/CVE-2017-17969.patch16
-rw-r--r--main/p7zip/CVE-2018-10115.patch311
-rw-r--r--main/p7zip/CVE-2018-5996.patch221
-rw-r--r--main/p7zip/g++-warning.patch24
-rw-r--r--main/p7zip/gcc-10.patch26
-rw-r--r--main/pango/APKBUILD6
-rw-r--r--main/pango/disable-broken-test.patch11
-rw-r--r--main/parallel/APKBUILD18
-rw-r--r--main/parallel/completion-dir.patch18
-rw-r--r--main/parted/APKBUILD12
-rw-r--r--main/parted/fix-truncate-tests.patch48
-rw-r--r--main/parted/make-tests.patch13
-rw-r--r--main/parted/skip-duplicate-bsd-test-on-s390x.patch20
-rw-r--r--main/partimage/APKBUILD47
-rw-r--r--main/partimage/Use-SSLv3-by-default.patch80
-rw-r--r--main/partimage/openssl-1.1.patch13
-rw-r--r--main/partimage/partimage-0.6.9-common.patch10
-rw-r--r--main/partimage/partimage-0.6.9-zlib-1.2.6.patch35
-rw-r--r--main/partimage/partimage-include-sysmacros.patch10
-rw-r--r--main/pax-utils/APKBUILD6
-rw-r--r--main/pciutils/APKBUILD8
-rw-r--r--main/pcre/APKBUILD6
-rw-r--r--main/pcre2/APKBUILD9
-rw-r--r--main/pcsc-lite/APKBUILD52
-rw-r--r--main/pcsc-lite/pcscd.initd17
-rw-r--r--main/perl-b-cow/APKBUILD2
-rw-r--r--main/perl-b-hooks-endofscope/APKBUILD4
-rw-r--r--main/perl-cgi/APKBUILD5
-rw-r--r--main/perl-clone/APKBUILD2
-rw-r--r--main/perl-compress-raw-bzip2/APKBUILD8
-rw-r--r--main/perl-compress-raw-zlib/APKBUILD12
-rw-r--r--main/perl-convert-uulib/APKBUILD2
-rw-r--r--main/perl-cpanel-json-xs/APKBUILD4
-rw-r--r--main/perl-crypt-des/APKBUILD2
-rw-r--r--main/perl-crypt-eksblowfish/APKBUILD2
-rw-r--r--main/perl-crypt-openssl-random/APKBUILD2
-rw-r--r--main/perl-crypt-openssl-rsa/APKBUILD2
-rw-r--r--main/perl-crypt-rijndael/APKBUILD2
-rw-r--r--main/perl-crypt-ssleay/APKBUILD2
-rw-r--r--main/perl-css-minifier-xs/APKBUILD2
-rw-r--r--main/perl-data-uuid/APKBUILD2
-rw-r--r--main/perl-datetime-locale/APKBUILD4
-rw-r--r--main/perl-datetime-timezone/APKBUILD4
-rw-r--r--main/perl-datetime/APKBUILD6
-rw-r--r--main/perl-db/APKBUILD36
-rw-r--r--main/perl-dbd-mysql/APKBUILD2
-rw-r--r--main/perl-dbd-odbc/APKBUILD2
-rw-r--r--main/perl-dbd-pg/APKBUILD4
-rw-r--r--main/perl-dbd-sqlite/APKBUILD4
-rw-r--r--main/perl-dbd-sqlite/fix-test.patch11
-rw-r--r--main/perl-dbi/APKBUILD2
-rw-r--r--main/perl-dbix-searchbuilder/APKBUILD6
-rw-r--r--main/perl-devel-checklib/APKBUILD10
-rw-r--r--main/perl-device-serialport/APKBUILD2
-rw-r--r--main/perl-digest-md5/APKBUILD2
-rw-r--r--main/perl-digest-sha1/APKBUILD2
-rw-r--r--main/perl-encode-hanextra/APKBUILD2
-rw-r--r--main/perl-encode/APKBUILD4
-rw-r--r--main/perl-fcgi/APKBUILD2
-rw-r--r--main/perl-file-remove/APKBUILD6
-rw-r--r--main/perl-file-rsync/APKBUILD2
-rw-r--r--main/perl-future/APKBUILD4
-rw-r--r--main/perl-gd/APKBUILD6
-rw-r--r--main/perl-gdgraph/APKBUILD36
-rw-r--r--main/perl-html-parser/APKBUILD6
-rw-r--r--main/perl-http-daemon/APKBUILD8
-rw-r--r--main/perl-http-message/APKBUILD11
-rw-r--r--main/perl-inline-c/APKBUILD17
-rw-r--r--main/perl-io-async/APKBUILD37
-rw-r--r--main/perl-io-tty/APKBUILD8
-rw-r--r--main/perl-io/APKBUILD2
-rw-r--r--main/perl-ipc-sharelite/APKBUILD2
-rw-r--r--main/perl-javascript-minifier-xs/APKBUILD6
-rw-r--r--main/perl-json/APKBUILD6
-rw-r--r--main/perl-ldap/APKBUILD8
-rw-r--r--main/perl-libwww/APKBUILD4
-rw-r--r--main/perl-list-moreutils-xs/APKBUILD2
-rw-r--r--main/perl-list-someutils-xs/APKBUILD2
-rw-r--r--main/perl-mail-dkim/APKBUILD8
-rw-r--r--main/perl-mime-base64/APKBUILD2
-rw-r--r--main/perl-net-async-http/APKBUILD36
-rw-r--r--main/perl-net-dns/APKBUILD4
-rw-r--r--main/perl-net-http/APKBUILD6
-rw-r--r--main/perl-net-libidn/APKBUILD2
-rw-r--r--main/perl-net-openssh/APKBUILD6
-rw-r--r--main/perl-net-ssleay/APKBUILD9
-rw-r--r--main/perl-netaddr-ip/APKBUILD2
-rw-r--r--main/perl-package-anon/APKBUILD2
-rw-r--r--main/perl-package-stash-xs/APKBUILD10
-rw-r--r--main/perl-package-stash/APKBUILD6
-rw-r--r--main/perl-params-classify/APKBUILD2
-rw-r--r--main/perl-params-util/APKBUILD2
-rw-r--r--main/perl-params-validate/APKBUILD2
-rw-r--r--main/perl-pathtools/APKBUILD2
-rw-r--r--main/perl-pod-parser/APKBUILD8
-rw-r--r--main/perl-proc-wait3/APKBUILD2
-rw-r--r--main/perl-scalar-list-utils/APKBUILD6
-rw-r--r--main/perl-scope-upper/APKBUILD2
-rw-r--r--main/perl-snmp-session/APKBUILD16
-rw-r--r--main/perl-socket/APKBUILD6
-rw-r--r--main/perl-socket6/APKBUILD2
-rw-r--r--main/perl-specio/APKBUILD7
-rw-r--r--main/perl-sub-identify/APKBUILD2
-rw-r--r--main/perl-sub-name/APKBUILD2
-rw-r--r--main/perl-sys-mmap/APKBUILD2
-rw-r--r--main/perl-term-readkey/APKBUILD2
-rw-r--r--main/perl-test-deep/APKBUILD8
-rw-r--r--main/perl-test-harness/APKBUILD8
-rw-r--r--main/perl-test-leaktrace/APKBUILD2
-rw-r--r--main/perl-test-manifest/APKBUILD6
-rw-r--r--main/perl-test-simple/APKBUILD6
-rw-r--r--main/perl-test-taint/APKBUILD2
-rw-r--r--main/perl-test2-suite/APKBUILD4
-rw-r--r--main/perl-text-soundex/APKBUILD2
-rw-r--r--main/perl-time-hires/APKBUILD2
-rw-r--r--main/perl-tk/APKBUILD2
-rw-r--r--main/perl-type-tiny/APKBUILD4
-rw-r--r--main/perl-unix-syslog/APKBUILD2
-rw-r--r--main/perl-variable-magic/APKBUILD2
-rw-r--r--main/perl-want/APKBUILD2
-rw-r--r--main/perl-xml-parser/APKBUILD2
-rw-r--r--main/perl-xml-xpath/APKBUILD8
-rw-r--r--main/perl-yaml-libyaml/APKBUILD2
-rw-r--r--main/perl-yaml-syck/APKBUILD2
-rw-r--r--main/perl/APKBUILD18
-rw-r--r--main/perl/CVE-2021-36770.patch29
-rw-r--r--main/perl/zlib-no-zsolo.patch11
-rw-r--r--main/pgpool/APKBUILD4
-rw-r--r--main/pigz/APKBUILD10
-rw-r--r--main/pjproject/APKBUILD28
-rw-r--r--main/po4a/APKBUILD6
-rw-r--r--main/poppler/APKBUILD32
-rw-r--r--main/portaudio/APKBUILD2
-rw-r--r--main/postfix/APKBUILD32
-rw-r--r--main/postfix/dict_redis.c250
-rw-r--r--main/postfix/dict_redis.h39
-rw-r--r--main/postfix/postfix-redis.patch136
-rw-r--r--main/postgresql-common/APKBUILD8
-rw-r--r--main/postgresql-common/postgresql-common.trigger2
-rw-r--r--main/postgresql-common/postgresql.initd19
-rw-r--r--main/postgresql13/APKBUILD14
-rw-r--r--main/postgresql13/fix-test-temp-schema-cleanup.patch14
-rw-r--r--main/postgresql13/plperl-5.36-new-warnings-category.patch38
-rw-r--r--main/postgresql14/APKBUILD11
-rw-r--r--main/postgrey/APKBUILD39
-rw-r--r--main/postgrey/postgrey.confd55
-rw-r--r--main/postgrey/postgrey.initd102
-rw-r--r--main/postgrey/postgrey.pre-install6
-rw-r--r--main/pound/APKBUILD7
-rw-r--r--main/pound/dhparam.patch15
-rw-r--r--main/ppp/APKBUILD24
-rw-r--r--main/ppp/fix-linux-5.15-include.patch11
-rw-r--r--main/protobuf-c/APKBUILD2
-rw-r--r--main/protobuf/APKBUILD36
-rw-r--r--main/protobuf/skip-failing-tests.patch90
-rw-r--r--main/protobuf/trim-rakefile.patch56
-rw-r--r--main/proxychains-ng/APKBUILD4
-rw-r--r--main/psmisc/APKBUILD10
-rw-r--r--main/pspg/APKBUILD4
-rw-r--r--main/pstree/APKBUILD2
-rw-r--r--main/putty/APKBUILD19
-rw-r--r--main/py3-asn1crypto/APKBUILD31
-rw-r--r--main/py3-attrs/APKBUILD6
-rw-r--r--main/py3-bcrypt/APKBUILD20
-rw-r--r--main/py3-build/APKBUILD31
-rw-r--r--main/py3-cairo/APKBUILD18
-rw-r--r--main/py3-cairo/fix-tests.patch33
-rw-r--r--main/py3-certifi/APKBUILD5
-rw-r--r--main/py3-cffi/APKBUILD12
-rw-r--r--main/py3-cffi/musl-compat.patch65
-rw-r--r--main/py3-charset-normalizer/APKBUILD6
-rw-r--r--main/py3-dnspython/0001-ignore-setuptools-scm.patch10
-rw-r--r--main/py3-dnspython/APKBUILD27
-rw-r--r--main/py3-elementpath/APKBUILD32
-rw-r--r--main/py3-exceptiongroup/APKBUILD41
-rw-r--r--main/py3-exceptiongroup/use-flit-core.patch38
-rw-r--r--main/py3-extras/APKBUILD10
-rw-r--r--main/py3-fixtures/APKBUILD18
-rw-r--r--main/py3-fixtures/python-3.9-support.patch136
-rw-r--r--main/py3-flit-core/APKBUILD36
-rw-r--r--main/py3-future/APKBUILD14
-rw-r--r--main/py3-future/python-3.9-support.patch194
-rw-r--r--main/py3-gobject3/APKBUILD6
-rw-r--r--main/py3-hypothesis/APKBUILD6
-rw-r--r--main/py3-installer/APKBUILD35
-rw-r--r--main/py3-installer/default-bytecode-levels.patch24
-rw-r--r--main/py3-jinja2/APKBUILD11
-rw-r--r--main/py3-lxml/APKBUILD13
-rw-r--r--main/py3-lxml/tests-fix-encoding-name.patch14
-rw-r--r--main/py3-mako/APKBUILD13
-rw-r--r--main/py3-markupsafe/APKBUILD6
-rw-r--r--main/py3-monotonic/APKBUILD29
-rw-r--r--main/py3-more-itertools/APKBUILD28
-rw-r--r--main/py3-pbr/APKBUILD11
-rw-r--r--main/py3-pep517/APKBUILD25
-rw-r--r--main/py3-pexpect/APKBUILD7
-rw-r--r--main/py3-pillow/APKBUILD67
-rw-r--r--main/py3-pluggy/APKBUILD21
-rw-r--r--main/py3-pluggy/eliminate-setuptools_scm.patch55
-rw-r--r--main/py3-pygments/APKBUILD1
-rw-r--r--main/py3-pynacl/APKBUILD2
-rw-r--r--main/py3-pytest/0001-remove-setuptools_scm.patch14
-rw-r--r--main/py3-pytest/APKBUILD29
-rw-r--r--main/py3-requests/APKBUILD4
-rw-r--r--main/py3-setuptools-stage0/APKBUILD71
-rw-r--r--main/py3-setuptools/APKBUILD34
-rw-r--r--main/py3-snowballstemmer/APKBUILD8
-rw-r--r--main/py3-testtools/APKBUILD6
-rw-r--r--main/py3-tomli/APKBUILD36
-rw-r--r--main/py3-tz/APKBUILD8
-rw-r--r--main/py3-urllib3/APKBUILD9
-rw-r--r--main/py3-virtualenv/APKBUILD46
-rw-r--r--main/py3-virtualenv/sysconfig.patch210
-rw-r--r--main/py3-wcwidth/APKBUILD15
-rw-r--r--main/py3-wheel/APKBUILD14
-rw-r--r--main/py3-xmlschema/APKBUILD32
-rw-r--r--main/py3-yaml/APKBUILD8
-rw-r--r--main/python3/APKBUILD57
-rw-r--r--main/python3/custom-bluetooth-h-path.patch6
-rw-r--r--main/radvd/APKBUILD4
-rw-r--r--main/radvd/fix-alpine-plz.patch32
-rw-r--r--main/raspberrypi-bootloader/APKBUILD6
-rw-r--r--main/raspberrypi/APKBUILD23
-rw-r--r--main/razor/APKBUILD2
-rw-r--r--main/rdiff-backup/APKBUILD3
-rw-r--r--main/re2c/APKBUILD10
-rw-r--r--main/readline/APKBUILD8
-rw-r--r--main/redis/APKBUILD13
-rw-r--r--main/rhash/APKBUILD12
-rw-r--r--main/rlog/APKBUILD33
-rw-r--r--main/rng-tools/01-fix-warning.patch26
-rw-r--r--main/rng-tools/02-onecpu.patch204
-rw-r--r--main/rng-tools/03-fix-pthread-setaffinity-call.patch58
-rw-r--r--main/rng-tools/04-jitter-termination-sigs.patch33
-rw-r--r--main/rng-tools/05-jitter-shutdown-fix.patch27
-rw-r--r--main/rng-tools/06-musl-pthread-setaffinity-fix.patch21
-rw-r--r--main/rng-tools/07-use-jent_entropy_init_ex.patch70
-rw-r--r--main/rng-tools/08-correct-entflags.patch17
-rw-r--r--main/rng-tools/APKBUILD26
-rw-r--r--main/rng-tools/rngd-extra.initd1
-rw-r--r--main/rng-tools/rngd.initd1
-rw-r--r--main/rp-pppoe/APKBUILD10
-rw-r--r--main/rrdtool/APKBUILD10
-rw-r--r--main/rsync/APKBUILD12
-rw-r--r--main/rsync/Fix-regression-with---delay-updates.patch26
-rw-r--r--main/rsyslog/APKBUILD8
-rw-r--r--main/rtapd/APKBUILD27
-rw-r--r--main/rtapd/Makefile.patch2
-rw-r--r--main/ruby-augeas/APKBUILD2
-rw-r--r--main/ruby-bundler/APKBUILD4
-rw-r--r--main/ruby-debug/APKBUILD79
-rw-r--r--main/ruby-debug/gemspec.patch8
-rw-r--r--main/ruby-matrix/APKBUILD57
-rw-r--r--main/ruby-minitest/APKBUILD6
-rw-r--r--main/ruby-net-ftp/APKBUILD60
-rw-r--r--main/ruby-net-ftp/gemspec.patch8
-rw-r--r--main/ruby-net-imap/APKBUILD60
-rw-r--r--main/ruby-net-imap/gemspec.patch8
-rw-r--r--main/ruby-net-pop/APKBUILD60
-rw-r--r--main/ruby-net-pop/gemspec.patch7
-rw-r--r--main/ruby-net-smtp/APKBUILD60
-rw-r--r--main/ruby-net-smtp/gemspec.patch8
-rw-r--r--main/ruby-power_assert/APKBUILD6
-rw-r--r--main/ruby-power_assert/gemspec.patch18
-rw-r--r--main/ruby-prime/APKBUILD60
-rw-r--r--main/ruby-prime/gemspec.patch5
-rw-r--r--main/ruby-rake/APKBUILD2
-rw-r--r--main/ruby-rbs/APKBUILD50
-rw-r--r--main/ruby-rbs/gemspec.patch11
-rw-r--r--main/ruby-rexml/APKBUILD4
-rw-r--r--main/ruby-rr/APKBUILD58
-rw-r--r--main/ruby-rr/gemspec.patch23
-rw-r--r--main/ruby-rss/APKBUILD2
-rw-r--r--main/ruby-test-unit-rr/APKBUILD53
-rw-r--r--main/ruby-test-unit-rr/gemspec.patch8
-rw-r--r--main/ruby-test-unit/APKBUILD6
-rw-r--r--main/ruby-test-unit/gemspec.patch9
-rw-r--r--main/ruby-typeprof/APKBUILD6
-rw-r--r--main/ruby-typeprof/gemspec.patch11
-rw-r--r--main/ruby/APKBUILD62
-rw-r--r--main/ruby/dont-install-bundled-gems.patch8
-rw-r--r--main/ruby/fix-get_main_stack.patch4
-rw-r--r--main/ruby/fix-riscv64-build.patch38
-rw-r--r--main/ruby/get-ruby_nonempty_memcpy-to-have-c-linkage.patch31
-rw-r--r--main/ruby/test_insns-lower-recursion-depth.patch2
-rw-r--r--main/s390-tools/0400-busybox-compat.patch68
-rw-r--r--main/s390-tools/0500-remove-lib64.patch35
-rw-r--r--main/s390-tools/APKBUILD24
-rw-r--r--main/s390-tools/argz.patch50
-rw-r--r--main/s390-tools/bash.patch13
-rw-r--r--main/s390-tools/zkey-ekmfweb-install.patch11
-rw-r--r--main/s6-dns/APKBUILD6
-rw-r--r--main/s6-linux-init/APKBUILD6
-rw-r--r--main/s6-linux-utils/APKBUILD6
-rw-r--r--main/s6-networking/APKBUILD6
-rw-r--r--main/s6-portable-utils/APKBUILD6
-rw-r--r--main/s6-rc/APKBUILD6
-rw-r--r--main/s6/APKBUILD6
-rw-r--r--main/samba/APKBUILD6
-rw-r--r--main/samurai/APKBUILD3
-rw-r--r--main/scons/APKBUILD40
-rw-r--r--main/scons/broken-tests.patch21
-rw-r--r--main/scons/dont-install-manpages.patch17
-rw-r--r--main/screen/APKBUILD17
-rw-r--r--main/screen/CVE-2021-26937.patch59
-rw-r--r--main/seabios/APKBUILD4
-rw-r--r--main/secureboot-hook/APKBUILD4
-rw-r--r--main/shared-mime-info/APKBUILD6
-rw-r--r--main/skalibs/APKBUILD4
-rw-r--r--main/skytraq-datalogger/APKBUILD33
-rw-r--r--main/smartmontools/APKBUILD10
-rw-r--r--main/snappy/APKBUILD11
-rw-r--r--main/sngtc_client/APKBUILD2
-rw-r--r--main/snort/APKBUILD8
-rw-r--r--main/socat/APKBUILD7
-rw-r--r--main/sofia-sip/APKBUILD4
-rw-r--r--main/softhsm/APKBUILD2
-rw-r--r--main/source-highlight/APKBUILD7
-rw-r--r--main/source-highlight/gcc11.patch35
-rw-r--r--main/speedtest-cli/APKBUILD2
-rw-r--r--main/speex/APKBUILD24
-rw-r--r--main/speexdsp/APKBUILD20
-rw-r--r--main/spirv-headers/APKBUILD25
-rw-r--r--main/spirv-tools/APKBUILD39
-rw-r--r--main/sqlite-tcl/APKBUILD4
-rw-r--r--main/sqlite/APKBUILD7
-rw-r--r--main/squashfs-tools/0001-unsquashfs-use-squashfs_closedir-to-delete-directory.patch129
-rw-r--r--main/squashfs-tools/0002-unsquashfs-dynamically-allocate-name.patch102
-rw-r--r--main/squashfs-tools/0003-unsquashfs-use-linked-list-to-store-directory-names.patch320
-rw-r--r--main/squashfs-tools/0004-Unsquashfs-additional-write-outside-destination-dire.patch320
-rw-r--r--main/squashfs-tools/0005-Unsquashfs-Add-makefile-entry-for-unsquash-12.o.patch26
-rw-r--r--main/squashfs-tools/APKBUILD24
-rw-r--r--main/squid/APKBUILD4
-rw-r--r--main/sshfs/APKBUILD7
-rw-r--r--main/ssmtp/APKBUILD10
-rw-r--r--main/stfl/APKBUILD30
-rw-r--r--main/strace/APKBUILD4
-rw-r--r--main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch587
-rw-r--r--main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch47
-rw-r--r--main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch23
-rw-r--r--main/strongswan/APKBUILD20
-rw-r--r--main/subversion/APKBUILD15
-rw-r--r--main/subversion/fix-use-after-free.patch41
-rw-r--r--main/supervisor/APKBUILD11
-rw-r--r--main/swig/APKBUILD2
-rw-r--r--main/syslinux/APKBUILD12
-rw-r--r--main/syslinux/update-extlinux.conf2
-rw-r--r--main/syslog-ng/APKBUILD12
-rw-r--r--main/syslog-ng/syslog-ng.logrotate1
-rw-r--r--main/talloc/APKBUILD6
-rw-r--r--main/tarsnap/APKBUILD13
-rw-r--r--main/tcl/APKBUILD4
-rw-r--r--main/tcpdump/APKBUILD54
-rw-r--r--main/tcpflow/APKBUILD2
-rw-r--r--main/tdb/APKBUILD6
-rw-r--r--main/texinfo/APKBUILD2
-rw-r--r--main/thin-provisioning-tools/APKBUILD2
-rw-r--r--main/tiff/APKBUILD27
-rw-r--r--main/tiff/CVE-2018-12900.patch29
-rw-r--r--main/tiny-cloud/APKBUILD65
-rw-r--r--main/tiny-ec2-bootstrap/APKBUILD22
-rw-r--r--main/tinyproxy/APKBUILD8
-rw-r--r--main/tk/APKBUILD6
-rw-r--r--main/tmux/APKBUILD4
-rw-r--r--main/tree/APKBUILD6
-rw-r--r--main/ttf-cantarell/APKBUILD12
-rw-r--r--main/ttf-droid/APKBUILD14
-rw-r--r--main/ttf-liberation/APKBUILD52
-rw-r--r--main/ttf-linux-libertine/APKBUILD30
-rw-r--r--main/tzdata/APKBUILD20
-rw-r--r--main/u-boot/APKBUILD11
-rw-r--r--main/u-boot/fix-build-with-binutils-2.38.patch42
-rw-r--r--main/u-boot/mkimage-struc-tstat.st_size-may-not-be-long.patch45
-rw-r--r--main/unbound/APKBUILD60
-rw-r--r--main/unfs3/APKBUILD10
-rw-r--r--main/unfs3/fix-tcp.patch55
-rw-r--r--main/unifont/APKBUILD6
-rw-r--r--main/unixodbc/APKBUILD12
-rw-r--r--main/userspace-rcu/APKBUILD11
-rw-r--r--main/util-linux/APKBUILD48
-rw-r--r--main/util-linux/login.pamd6
-rw-r--r--main/util-linux/util-linux-misc.post-upgrade14
-rw-r--r--main/utmps/APKBUILD26
-rw-r--r--main/utmps/btmpd.initd24
-rw-r--r--main/utmps/btmpd.logrotate6
-rw-r--r--main/utmps/setup-utmp43
-rw-r--r--main/utmps/utmp-init.initd23
-rw-r--r--main/utmps/utmp-prepare.initd25
-rw-r--r--main/utmps/utmpd.initd4
-rw-r--r--main/utmps/wtmpd.initd4
-rw-r--r--main/vala/APKBUILD11
-rw-r--r--main/valgrind/APKBUILD19
-rw-r--r--main/varnish/0001-r02451-fix.patch9
-rw-r--r--main/varnish/APKBUILD31
-rw-r--r--main/vim/APKBUILD103
-rw-r--r--main/vim/vimrc4
-rw-r--r--main/vlan/APKBUILD10
-rw-r--r--main/wayland-protocols/APKBUILD8
-rw-r--r--main/wayland/APKBUILD6
-rw-r--r--main/wget/APKBUILD6
-rw-r--r--main/wireless-regdb/APKBUILD4
-rw-r--r--main/wpa_supplicant/APKBUILD4
-rw-r--r--main/wpa_supplicant/config6
-rw-r--r--main/xcb-proto/APKBUILD8
-rw-r--r--main/xen/APKBUILD163
-rw-r--r--main/xen/qemu-xen_paths.patch13
-rw-r--r--main/xen/xenqemu-xattr-size-max.patch13
-rw-r--r--main/xen/xsa401-4.16-1.patch170
-rw-r--r--main/xen/xsa401-4.16-2.patch191
-rw-r--r--main/xen/xsa402-4.16-1.patch43
-rw-r--r--main/xen/xsa402-4.16-2.patch213
-rw-r--r--main/xen/xsa402-4.16-3.patch284
-rw-r--r--main/xen/xsa402-4.16-4.patch83
-rw-r--r--main/xen/xsa402-4.16-5.patch148
-rw-r--r--main/xen/xsa404-4.16-1.patch239
-rw-r--r--main/xen/xsa404-4.16-2.patch85
-rw-r--r--main/xen/xsa404-4.16-3.patch177
-rw-r--r--main/xfsprogs/APKBUILD17
-rw-r--r--main/xfsprogs/musl-MAP_SYNC-fix.patch53
-rw-r--r--main/xkeyboard-config/APKBUILD19
-rw-r--r--main/xkeyboard-config/fix-syntax-error.patch58
-rw-r--r--main/xl2tpd/APKBUILD8
-rw-r--r--main/xmlrpc-c/APKBUILD24
-rw-r--r--main/xorgproto/APKBUILD5
-rw-r--r--main/xtables-addons-lts/APKBUILD8
-rw-r--r--main/xtables-addons/APKBUILD6
-rw-r--r--main/xz/APKBUILD14
-rw-r--r--main/xz/xzgrep-ZDI-CAN-16587.patch94
-rw-r--r--main/yajl/APKBUILD19
-rw-r--r--main/yx/APKBUILD29
-rw-r--r--main/zfs-lts/4900-ppc-get-user-workaround.patch60
-rw-r--r--main/zfs-lts/APKBUILD22
-rw-r--r--main/zfs-rpi/APKBUILD28
-rw-r--r--main/zfs/APKBUILD21
-rw-r--r--main/zfs/dont-fsck-or-mount-umount-fstab-entries.patch98
-rw-r--r--main/zfs/test-mmap_seek.patch11
-rw-r--r--main/zlib/APKBUILD20
-rw-r--r--main/zlib/Fix-CC-logic-in-configure.patch43
-rw-r--r--main/zlib/configure-Pass-LDFLAGS-to-link-tests.patch74
-rw-r--r--main/zlib/crc32.patch51
-rw-r--r--main/zsh/APKBUILD97
-rw-r--r--main/zsh/zprofile23
-rw-r--r--main/zsh/zsh-newuser-install-alpine.patch17
-rw-r--r--main/zsh/zshenv13
-rw-r--r--main/zsh/zshrc63
-rw-r--r--main/zstd/APKBUILD59
1221 files changed, 38280 insertions, 90726 deletions
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD
index 07cfdad867..7f029cc096 100644
--- a/main/abuild/APKBUILD
+++ b/main/abuild/APKBUILD
@@ -2,7 +2,7 @@
pkgname=abuild
pkgver=3.9.0
_ver=${pkgver%_git*}
-pkgrel=0
+pkgrel=2
pkgdesc="Script to build Alpine Packages"
url="https://git.alpinelinux.org/cgit/abuild/"
arch="all"
@@ -26,7 +26,10 @@ subpackages="
"
options="suid"
pkggroups="abuild"
-source="https://git.alpinelinux.org/abuild/snapshot/abuild-$pkgver.tar.xz
+source="https://gitlab.alpinelinux.org/alpine/abuild/-/archive/$pkgver/abuild-$pkgver.tar.gz
+ mr60-newapkbuild-use-abuild-meson.patch
+ mr128-newapkbuild-fetch-rust-deps-in-prepare.patch
+ mr131-newapkbuild-change-cmake-build-type.patch
"
builddir="$srcdir"/abuild-$pkgver
@@ -79,10 +82,13 @@ pypi() {
_rootbld() {
pkgdesc="Build packages in chroot"
- depends="abuild bubblewrap gettext git"
+ depends="abuild bubblewrap cmd:envsubst git"
mkdir -p "$subpkgdir"
}
sha512sums="
-b9f24d9d6f8f4eef320a5dbcc3ff94af64332d6034da306b237541e447839f4debc19eb2b937150166f53c63f9c9e518420cb54092c1f946f1c294c0464c521f abuild-3.9.0.tar.xz
+a3075b18d4a085ca796d1c2df703c3e7c80e682623175eb0822479f3a6d96ffba571f283bdec8ae3db832e296f9e58bdd0f58097b86b503a91fbb40148084a68 abuild-3.9.0.tar.gz
+a52fa7978d61f1636dbe3d120fee4e3fab6fae018a91f662c082f4eab37e6fd63d74c55124fd50fa3a676a8af71ba858cebf93f3ca21f95b03d3478fa1e55e6b mr60-newapkbuild-use-abuild-meson.patch
+f8d5c131cefb1c10d34962994ee3158fd8155acf68616fe471a7d07ce15e04d184bdfa3c181ec19bd1ca95e0f5acf1664f14a52b29451b2760aa580222e75f73 mr128-newapkbuild-fetch-rust-deps-in-prepare.patch
+56b71c3feff5a17d9550e1947fe316b7c7aa397f9e365532410e492ea992b8bfcfbb97041ddc2128c7bb9772e9e03584a9f5d5f5bcced00a1082e7374f02801a mr131-newapkbuild-change-cmake-build-type.patch
"
diff --git a/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch b/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch
new file mode 100644
index 0000000000..298f717e3b
--- /dev/null
+++ b/main/abuild/mr128-newapkbuild-fetch-rust-deps-in-prepare.patch
@@ -0,0 +1,110 @@
+Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/128
+--
+From 29611f3a6929b4edecd89506e666f963fa25ae52 Mon Sep 17 00:00:00 2001
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Thu, 16 Dec 2021 00:19:07 +0100
+Subject: [PATCH 1/2] newapkbuild: fetch rust dependencies in prepare phase
+
+Fetch all dependencies in the prepare phase and do not access network
+in the following phases.
+---
+ newapkbuild.in | 27 ++++++++++++++++++++++++---
+ 1 file changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/newapkbuild.in b/newapkbuild.in
+index c58d519..0182ad2 100644
+--- a/newapkbuild.in
++++ b/newapkbuild.in
+@@ -30,6 +30,12 @@ is_github_url() {
+ return 1
+ }
+
++prepare_rust() {
++ cat >>APKBUILD<<__EOF__
++ cargo fetch --locked
++__EOF__
++}
++
+ # Build sections
+ build_make() {
+ cat >>APKBUILD<<__EOF__
+@@ -104,7 +110,7 @@ __EOF__
+
+ build_rust() {
+ cat >>APKBUILD<<__EOF__
+- cargo build --release --locked
++ cargo build --frozen --release
+ __EOF__
+ }
+
+@@ -150,7 +156,7 @@ __EOF__
+
+ check_rust() {
+ cat >>APKBUILD<<__EOF__
+- cargo test --release --locked
++ cargo test --frozen --release
+ __EOF__
+ }
+
+@@ -199,7 +205,7 @@ __EOF__
+
+ package_rust() {
+ cat >>APKBUILD<<__EOF__
+- cargo install --locked --path . --root="\$pkgdir/usr"
++ cargo install --frozen --offline --path . --root="\$pkgdir/usr"
+ rm "\$pkgdir"/usr/.crates*
+ __EOF__
+ }
+@@ -333,6 +339,21 @@ __EOF__
+ fi
+ fi
+
++ case "$buildtype" in
++ rust)
++ cat >>APKBUILD<<__EOF__
++prepare() {
++ default_prepare
++
++__EOF__
++ prepare_rust
++ cat >>APKBUILD<<__EOF__
++}
++
++__EOF__
++ ;;
++ esac
++
+ # Create build() function
+ cat >>APKBUILD<<__EOF__
+ build() {
+--
+GitLab
+
+
+From 0a9374e4ffa8202ba011497ea39fb5443d7ef9a5 Mon Sep 17 00:00:00 2001
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Thu, 16 Dec 2021 00:23:48 +0100
+Subject: [PATCH 2/2] newapkbuild: do not run cargo test with --release
+
+It takes a longer time to compile and, most importantly, it may cause
+unnecessary rebuild of everything in the package phase (installation).
+---
+ newapkbuild.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/newapkbuild.in b/newapkbuild.in
+index 0182ad2..9e8643d 100644
+--- a/newapkbuild.in
++++ b/newapkbuild.in
+@@ -156,7 +156,7 @@ __EOF__
+
+ check_rust() {
+ cat >>APKBUILD<<__EOF__
+- cargo test --frozen --release
++ cargo test --frozen
+ __EOF__
+ }
+
+--
+GitLab
+
diff --git a/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch b/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch
new file mode 100644
index 0000000000..5b98b499a4
--- /dev/null
+++ b/main/abuild/mr131-newapkbuild-change-cmake-build-type.patch
@@ -0,0 +1,33 @@
+Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/131
+--
+From 6c43d67a053be0476384fcf8252c07fa2a235a87 Mon Sep 17 00:00:00 2001
+From: psykose <alice@ayaya.dev>
+Date: Thu, 30 Dec 2021 21:48:50 +0000
+Subject: [PATCH] newapkbuild: refine default cmake format
+
+MinSizeRel is a better recommended default- of course it can still be
+overriden.
+the dot is redundant- we already specify -B and so the dot is implicitly
+cwd.
+---
+ newapkbuild.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/newapkbuild.in b/newapkbuild.in
+index c58d519..63b387d 100644
+--- a/newapkbuild.in
++++ b/newapkbuild.in
+@@ -65,8 +65,8 @@ build_cmake() {
+ -DCMAKE_INSTALL_PREFIX=/usr \\
+ -DCMAKE_INSTALL_LIBDIR=lib \\
+ -DBUILD_SHARED_LIBS=True \\
+- -DCMAKE_BUILD_TYPE=None \\
+- \$CMAKE_CROSSOPTS .
++ -DCMAKE_BUILD_TYPE=MinSizeRel \\
++ \$CMAKE_CROSSOPTS
+ cmake --build build
+ __EOF__
+ }
+--
+GitLab
+
diff --git a/main/abuild/mr60-newapkbuild-use-abuild-meson.patch b/main/abuild/mr60-newapkbuild-use-abuild-meson.patch
new file mode 100644
index 0000000000..44aefd46bf
--- /dev/null
+++ b/main/abuild/mr60-newapkbuild-use-abuild-meson.patch
@@ -0,0 +1,34 @@
+Patch-Source: https://gitlab.alpinelinux.org/alpine/abuild/-/merge_requests/60
+--
+From 55b66b3ad702ba673384126d98026043cdf949ef Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Tue, 7 Jul 2020 13:37:31 -0300
+Subject: [PATCH] newapkbuild: use meson-abuild helper instead of meson
+
+abuild-meson is a shellscript that wraps around meson and passes options
+meant for packaging software that uses meson, for Alpine Linux.
+---
+ newapkbuild.in | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/newapkbuild.in b/newapkbuild.in
+index c58d519..d7a2eb5 100644
+--- a/newapkbuild.in
++++ b/newapkbuild.in
+@@ -78,12 +78,7 @@ build_meson() {
+ # TODO For cross compilation a cross_file needs to be created.
+
+ cat >>APKBUILD<<__EOF__
+- meson \\
+- --prefix=/usr \\
+- --sysconfdir=/etc \\
+- --mandir=/usr/share/man \\
+- --localstatedir=/var \\
+- --buildtype=plain \\
++ abuild-meson \\
+ . output
+ meson compile \${JOBS:+-j \${JOBS}} -C output
+ __EOF__
+--
+GitLab
+
diff --git a/main/acct/APKBUILD b/main/acct/APKBUILD
index 2b7d1bf03b..3b665ea853 100644
--- a/main/acct/APKBUILD
+++ b/main/acct/APKBUILD
@@ -1,28 +1,39 @@
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
+# Contributor: Dermot Bradley <dermot_bradley@yahoo.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=acct
pkgver=6.6.4
-pkgrel=0
+pkgrel=1
pkgdesc="The GNU Accounting Utilities"
url="https://www.gnu.org/software/acct/"
arch="all"
license="GPL-3.0-or-later"
-depends=""
-makedepends="linux-headers"
-install=""
-subpackages="$pkgname-doc"
-source="https://ftp.gnu.org/gnu/acct/$pkgname-$pkgver.tar.gz"
-builddir="$srcdir"/$pkgname-$pkgver
+makedepends="
+ linux-headers
+ "
+options="!check" # compares build utils with host utils so may fail
+subpackages="
+ $pkgname-doc
+ $pkgname-openrc
+ "
+source="
+ https://ftp.gnu.org/gnu/acct/acct-$pkgver.tar.gz
+ initd
+ logrotate
+ "
prepare() {
default_prepare
update_config_sub
sed -i -e '/gets is a/d' \
"$builddir"/lib/stdio.in.h
+
+ # correct the path to the wtmp file
+ sed -i -e 's|, WTMP_FILE|, "/var/log/wtmp"|' \
+ configure
}
build() {
- cd "$builddir"
# seems like this makefile does not respect DESTDIR
./configure \
--build=$CBUILD \
@@ -35,8 +46,24 @@ build() {
}
package() {
- cd "$builddir"
make prefix="$pkgdir/usr" install
+
+ # last is provided by util-linux-login
+ rm "$pkgdir"/usr/bin/last "$pkgdir"/usr/share/man/man1/last.1
+
+ install -m755 \
+ -D \
+ "$srcdir"/initd \
+ "$pkgdir"/etc/init.d/acct
+
+ install -m644 \
+ -D \
+ "$srcdir"/logrotate \
+ "$pkgdir"/etc/logrotate.d/acct
}
-sha512sums="413aa446caece8fd773c92e2995bbaa034f63dd0ced521815a676c49f118e02982862b9c0ab7e60be5212c87d1e82ba6325bda212cf4857392a068d359a1e2c2 acct-6.6.4.tar.gz"
+sha512sums="
+413aa446caece8fd773c92e2995bbaa034f63dd0ced521815a676c49f118e02982862b9c0ab7e60be5212c87d1e82ba6325bda212cf4857392a068d359a1e2c2 acct-6.6.4.tar.gz
+ccde27aeb9e21199c151fdd528dc195aefe4919d61996cdaf5321d488210e727f09a8d65a01b07e5d4cbd69bdc2ed4e8b75538dbcf4e6464474ed3fb5b62f9a4 initd
+4be87c186fc9898cc1d1096cfb37616954fd992cdb40f1dde8b5ddaf94794235015ea2bbd0fccd32f1f33798ea557186bb93d1da1c9105e8d328a6e2965d58fe logrotate
+"
diff --git a/main/acct/initd b/main/acct/initd
new file mode 100644
index 0000000000..52cf08dff1
--- /dev/null
+++ b/main/acct/initd
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+description="Enables process accounting."
+
+depend() {
+ keyword -prefix -lxc -docker
+}
+
+: ${acct_dir:=${ACCTDIR:-/var/log/account}}
+: ${acct_file:=${ACCTFILE:-pacct}}
+
+
+start() {
+ if [ ! -d "$acct_dir" ]; then
+ mkdir -p $acct_dir
+ chmod 770 $acct_dir
+ fi
+ if [ ! -f "$acct_dir/$acct_file" ]; then
+ touch $acct_dir/$acct_file
+ chmod 770 $acct_dir/$acct_file
+ fi
+
+ ebegin "Enabling process accounting"
+ accton on >/dev/null
+ eend $?
+}
+
+stop() {
+ ebegin "Disabling process accounting"
+ accton off
+ eend $?
+}
diff --git a/main/acct/logrotate b/main/acct/logrotate
new file mode 100644
index 0000000000..30fbf064a0
--- /dev/null
+++ b/main/acct/logrotate
@@ -0,0 +1,12 @@
+/var/log/account/pacct {
+ compress
+ create 0770 root root
+ daily
+ delaycompress
+ missingok
+ notifempty
+ postrotate
+ accton /var/log/account/pacct
+ endscript
+ rotate 14
+}
diff --git a/main/acl/APKBUILD b/main/acl/APKBUILD
index 50d750d514..367c811b86 100644
--- a/main/acl/APKBUILD
+++ b/main/acl/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=acl
-pkgver=2.2.53
+pkgver=2.3.1
pkgrel=0
pkgdesc="Access control list utilities"
url="https://savannah.nongnu.org/projects/acl"
@@ -37,4 +37,6 @@ libacl() {
mv "$pkgdir"/lib/libacl.so.* "$subpkgdir"/lib/
}
-sha512sums="176b7957fe0e7618e0b7bf2ac5071f7fa29417df718cce977661a576fa184e4af9d303b591c9d556b6ba8923e799457343afa401f5a9f7ecd9022185a4e06716 acl-2.2.53.tar.gz"
+sha512sums="
+f101e27058c959f4c412f475c3fc77a90d1ead8728701e4ce04ff08b34139d35e0e72278c9ac7622ba6054e81c0aeca066e09491b5f5666462e3866705a0e892 acl-2.3.1.tar.gz
+"
diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD
index 65c3702e8e..08c293d04b 100644
--- a/main/alpine-base/APKBUILD
+++ b/main/alpine-base/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-base
-pkgver=3.15.0
+pkgver=3.16.0
pkgrel=0
pkgdesc="Meta package for minimal alpine base"
url="https://alpinelinux.org"
@@ -46,6 +46,13 @@ ID=alpine
VERSION_ID=$pkgver
PRETTY_NAME="Alpine Linux $_rel"
HOME_URL="https://alpinelinux.org/"
-BUG_REPORT_URL="https://bugs.alpinelinux.org/"
+BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"
+EOF
+
+ # create secfixes.d repository list
+ mkdir -p "$pkgdir"/etc/secfixes.d
+ cat >"$pkgdir"/etc/secfixes.d/alpine<<EOF
+https://secdb.alpinelinux.org/$_rel/main.json
+https://secdb.alpinelinux.org/$_rel/community.json
EOF
}
diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD
index 4825ea730c..a31f17c380 100644
--- a/main/alpine-baselayout/APKBUILD
+++ b/main/alpine-baselayout/APKBUILD
@@ -2,13 +2,15 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-baselayout
pkgver=3.2.0
-pkgrel=18
+pkgrel=23
pkgdesc="Alpine base dir structure and init scripts"
url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout"
arch="all"
license="GPL-2.0-only"
pkggroups="shadow"
options="!fhs !check"
+depends="$pkgname-data=${pkgver}-r${pkgrel}"
+subpackages="$pkgname-data"
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade
$pkgname.post-install"
_nbver=6.2
@@ -50,6 +52,26 @@ build() {
}' "$srcdir"/passwd > shadow
}
+data() {
+ replaces="alpine-baselayout"
+ depends=
+
+ amove etc/fstab
+ amove etc/group
+ amove etc/hostname
+ amove etc/hosts
+ amove etc/inittab
+ amove etc/modules
+ amove etc/mtab
+ amove etc/passwd
+ amove etc/profile
+ amove etc/protocols
+ amove etc/services
+ amove etc/shadow
+ amove etc/shells
+ amove etc/sysctl.conf
+}
+
package() {
mkdir -p "$pkgdir"
cd "$pkgdir"
@@ -149,7 +171,7 @@ package() {
The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
- See <http://wiki.alpinelinux.org/>.
+ See <https://wiki.alpinelinux.org/>.
You can setup the system with the command: setup-alpine
@@ -235,7 +257,7 @@ package() {
sha512sums="
199a34716b1f029407b08679fed4fda58384a1ccefbbec9abe1c64f4a3f7ad2a89bc7c02fc19a7f791f7c6bb87f9f0c708cb3f18c027cb7f54f25976eba4b839 mkmntdirs.c
6e169c0975a1ad1ad871a863e8ee83f053de9ad0b58d94952efa4c28a8c221445d9e9732ad8b52832a50919c2f39aa965a929b3d5b3f9e62f169e2b2e0813d82 crontab
-7fcb5df98b0f19e609cb9444b2e6ca5ee97f5f308eb407436acdd0115781623fd89768a9285e9816e36778e565b6f27055f2a586a58f19d6d880de5446d263c4 color_prompt.sh.disabled
+558071efdce2fe92afe4277006235b1a6368b070337c7567e5632a1a3fe531f87ca692eb36f3dda498d4d29d1f834fc8f7139f2985669ae3400b6d103d6f4c5e color_prompt.sh.disabled
b2fc9b72846a43a45ba9a8749e581cef34d1915836833b51b7919dfbf4e275b7d55fec4dea7b23df3796380910971a41331e53e8cf0d304834e3da02cc135e5a locale.sh
bfe947bdd69e7d93b32c8cb4e2cabe5717cb6c1e1f49a74015ac2cfb13e96d1f12c4be23ae93a1d61aaa3760d33a032fa9bd99f227fb21223a76b5f5908acc65 aliases.conf
0a1e1afa580751e80bf26057b65fadffe269c0552e7a1903de498f94973ba3da8453b51f25e649968ca5f4841266f5ccf951700fa28465a8614b83d07344de60 blacklist.conf
@@ -244,7 +266,7 @@ bfe947bdd69e7d93b32c8cb4e2cabe5717cb6c1e1f49a74015ac2cfb13e96d1f12c4be23ae93a1d6
806b8f23f823a9471846d12fa6b55690b95eedb4c613b82aefaba7ffef23f83e17552befd891a487864f72ef24e395d8611738933f684a85eb4c336cb20994f8 group
fdab6f8fec2a556ab817d90a73635a927ea04dbc4e0470ed59ee6a62c87393f9534c9b746b09a776d938c25b8af9c9fb1686578e24f8307d1d074921ade1bdc7 inittab
06d12a7b9ca14fe17e412d0f24814620b67d035ae859be7906cbf4782dd69e359a6a555dafb98060b7fb7e4714aaa676c88d9017cded36e6d8398e23369bb290 passwd
-b14920eae431d1f15b066e264a94f804540c5dcbf91caef034019d95456c975c0c054672e53369082682dd9454a034f26bd45b312adfc0ab68a0311d97b037ac profile
+dfc810763c5d94ef6bd149bdb0b152712c0c0aadc7ad3c5c916e2c6e8ed57246e3cdac50d2743b9d009267bdbd47e91b6ad58fe6d068baf132043c38e8fd820d profile
eadc83e47fcc354ab83fd109bee452bda170886fb684e67faf615930c11480919505f4af60c685b124efc54af0ded9522663132f911eac6622144f8b4c8be695 protocols-6.2
adfae0d2f569c2a2f413b7e27683a007fc8ca689b8c3349672fe0dcb6208c192ede4402eff09c604b7e7b4fd9d8df93b875efa5bdaa6c14ff1d8022a7caad5cd services-6.2
"
diff --git a/main/alpine-baselayout/alpine-baselayout.pre-upgrade b/main/alpine-baselayout/alpine-baselayout.pre-upgrade
index 2fcbe17943..6f7b23d5aa 100644
--- a/main/alpine-baselayout/alpine-baselayout.pre-upgrade
+++ b/main/alpine-baselayout/alpine-baselayout.pre-upgrade
@@ -15,14 +15,14 @@ for i in /etc/modprobe.d/*; do
done
# migrate /var/run directory to /run
-if [ -d /var/run ]; then
+if [ -d /var/run ] && [ ! -L /var/run ]; then
cp -a /var/run/* /run 2>/dev/null
rm -rf /var/run
ln -s ../run /var/run
fi
# migrate /var/spool/mail directory to /var/mail
-if [ -d /var/spool/mail ]; then
+if [ -d /var/spool/mail ] && [ ! -L /var/spool/mail ]; then
mkdir -p /var/mail
cp -a /var/spool/mail/* /var/mail/ 2>/dev/null
rm -rf /var/spool/mail
diff --git a/main/alpine-baselayout/color_prompt.sh.disabled b/main/alpine-baselayout/color_prompt.sh.disabled
index eea81eca5c..96e47891b3 100644
--- a/main/alpine-baselayout/color_prompt.sh.disabled
+++ b/main/alpine-baselayout/color_prompt.sh.disabled
@@ -1,10 +1,17 @@
# Setup a red prompt for root and a green one for users.
-# rename this file to color_prompt.sh to actually enable it
-NORMAL="\[\e[0m\]"
-RED="\[\e[1;31m\]"
-GREEN="\[\e[1;32m\]"
+# Symlink this file to color_prompt.sh to actually enable it.
+
+_normal=$'\e[0m'
if [ "$USER" = root ]; then
- PS1="$RED\h [$NORMAL\w$RED]# $NORMAL"
+ _color=$'\e[1;31m'
+ _symbol='#'
else
- PS1="$GREEN\h [$NORMAL\w$GREEN]\$ $NORMAL"
+ _color=$'\e[1;32m'
+ _symbol='$'
fi
+if [ -n "$ZSH_VERSION" ]; then
+ PS1="%{$_color%}%m [%{$_normal%}%~%{$_color%}]$_symbol %{$_normal%}"
+else
+ PS1="\[$_color\]\h [\[$_normal\]\w\[$_color\]]$_symbol \[$_normal\]"
+fi
+unset _normal _color _symbol
diff --git a/main/alpine-baselayout/profile b/main/alpine-baselayout/profile
index fd7506b96f..7544958197 100644
--- a/main/alpine-baselayout/profile
+++ b/main/alpine-baselayout/profile
@@ -22,19 +22,18 @@ export PATH
export PAGER=less
umask 022
-# set up fallback default PS1
-: "${HOSTNAME:=$(hostname)}"
-PS1='${HOSTNAME%%.*}:$PWD'
-[ "$(id -u)" = "0" ] && PS1="${PS1}# "
-[ "$(id -u)" = "0" ] || PS1="${PS1}\$ "
-
# use nicer PS1 for bash and busybox ash
-[ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ] && PS1='\h:\w\$ '
-
+if [ -n "$BASH_VERSION" -o "$BB_ASH_VERSION" ]; then
+ PS1='\h:\w\$ '
# use nicer PS1 for zsh
-[ -n "$ZSH_VERSION" ] && PS1='%m:%~%# '
-
-# export PS1 as before
+elif [ -n "$ZSH_VERSION" ]; then
+ PS1='%m:%~%# '
+# set up fallback default PS1
+else
+ : "${HOSTNAME:=$(hostname)}"
+ PS1='${HOSTNAME%%.*}:$PWD'
+ [ "$(id -u)" -eq 0 ] && PS1="${PS1}# " || PS1="${PS1}\$ "
+fi
export PS1
for script in /etc/profile.d/*.sh ; do
diff --git a/main/alpine-conf/APKBUILD b/main/alpine-conf/APKBUILD
index d53b9cdfff..9c22ea0a01 100644
--- a/main/alpine-conf/APKBUILD
+++ b/main/alpine-conf/APKBUILD
@@ -1,12 +1,13 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-conf
-pkgver=3.13.0
+pkgver=3.14.2
pkgrel=0
pkgdesc="Alpine configuration management scripts"
url="https://git.alpinelinux.org/alpine-conf/about"
arch="all"
license="MIT"
depends="openrc>=0.24.1-r6 busybox>=1.26.1-r3"
+checkdepends="kyua"
source="https://gitlab.alpinelinux.org/alpine/alpine-conf/-/archive/$pkgver/alpine-conf-$pkgver.tar.gz
"
@@ -24,6 +25,10 @@ package() {
done
}
+check() {
+ make check
+}
+
sha512sums="
-ad5c26bc4b1cd0e5f3083340469d7748dc2a5e97cb6d5e9cd87cdff36633d64732d59b577ea23202aa5b75da4ca65f07682d2b3387e7529717f169d8718824cc alpine-conf-3.13.0.tar.gz
+beb1e283db82cda8ce892c1a209d15011ad0ac5f061a5040d8ef0dddf7668c31a6dd7568451078e4b44f519744ea5488f973e9d00735e925568f8d6e710d6f6b alpine-conf-3.14.2.tar.gz
"
diff --git a/main/alpine-ipxe/APKBUILD b/main/alpine-ipxe/APKBUILD
index 46bc0ada95..a54db2b92b 100644
--- a/main/alpine-ipxe/APKBUILD
+++ b/main/alpine-ipxe/APKBUILD
@@ -7,13 +7,11 @@ pkgdesc="iPXE build for Alpine Linux netboot"
url="https://boot.alpinelinux.org"
arch="x86 x86_64 aarch64"
license="GPL-2.0-or-later"
-depends=""
makedepends="xz-dev perl coreutils bash syslinux xorriso"
options="!strip !check !archcheck !tracedeps" # no tests
-install=""
-subpackages=""
source="ipxe-$pkgver.tar.gz::https://github.com/ipxe/ipxe/archive/v$pkgver.tar.gz
gcc-10.patch
+ gcc-11.patch
DST_Root_CA_X3.pem
alpine-netboot-ca.crt
boot.ipxe
@@ -42,7 +40,6 @@ done
prepare() {
default_prepare
- cd "$builddir"
local general="DIGEST_CMD NET_PROTO_IPV6 DOWNLOAD_PROTO_HTTPS IMAGE_TRUST_CMD
NSLOOKUP_CMD PING_CMD REBOOT_CMD NTP_CMD PCI_CMD TIME_CMD VLAN_CMD"
mkdir -p config/local
@@ -54,7 +51,6 @@ prepare() {
}
build() {
- cd "$builddir"
# DST_Root_CA_X3.pem is need for https (letsencrypt)
make EMBED="$srcdir/boot.ipxe" \
CERT="$srcdir"/alpine-netboot-ca.crt,"$srcdir"/DST_Root_CA_X3.pem \
@@ -80,8 +76,11 @@ _split() {
"$subpkgdir"/usr/share/$pkgname
}
-sha512sums="39142187c7b84e81ed95865b2c6ca6624fd10ee49350741bcf4beff47cd4ebdce91eca9d7b4d3d91e45b96bd50fa554fa6b71e8e3ea6bcc474b0a71f5d35e5cd ipxe-1.20.1.tar.gz
+sha512sums="
+39142187c7b84e81ed95865b2c6ca6624fd10ee49350741bcf4beff47cd4ebdce91eca9d7b4d3d91e45b96bd50fa554fa6b71e8e3ea6bcc474b0a71f5d35e5cd ipxe-1.20.1.tar.gz
99d6dfbfe3a1a5c3792246c18976d7aab708301a4a1163978a22ae2c3052ca59c10fa5a418d131b783f2c230d78c05aad8f295e87cf82e48479dfb345d8793be gcc-10.patch
+83469bf56d9bd344eb686dbd1cae85c731794c506ac7bbaecdd00d15f7a2497f512ef1364ecccf0f58099d6c4b9ed86eb8614fa0373c262f7a8b5a5bd3460d5a gcc-11.patch
1f52b62aa9e3ec0656ea3cb5c8e52eda924d58728e64bb03ca6c112858b91b13cf0a9328b105bb232973e240406b240ed14e72b5bd325e82e6fddf3126dbcc58 DST_Root_CA_X3.pem
68030e3f30983ee45c7f740445a246ea0df225becdd0644e06ffdbd84682ac576934dab79fecceb31b70929d81ce85b40301a977862bf7beb042270be21e6d34 alpine-netboot-ca.crt
-5a4f1edd0178e696e919e93b90689091f669bffe77ebb9da10d4872d208205fe42b285551f541a07b2067054a2344639052e2b297a582a1f71d907797a77d719 boot.ipxe"
+5a4f1edd0178e696e919e93b90689091f669bffe77ebb9da10d4872d208205fe42b285551f541a07b2067054a2344639052e2b297a582a1f71d907797a77d719 boot.ipxe
+"
diff --git a/main/alpine-ipxe/gcc-11.patch b/main/alpine-ipxe/gcc-11.patch
new file mode 100644
index 0000000000..a793cdb18e
--- /dev/null
+++ b/main/alpine-ipxe/gcc-11.patch
@@ -0,0 +1,23 @@
+fixes maybe-used-uninitialised errors
+--- a/tests/bigint_test.c
++++ b/tests/bigint_test.c
+@@ -210,7 +210,7 @@
+ static const uint8_t addend_raw[] = addend; \
+ static const uint8_t value_raw[] = value; \
+ static const uint8_t expected_raw[] = expected; \
+- uint8_t result_raw[ sizeof ( expected_raw ) ]; \
++ uint8_t result_raw[ sizeof ( expected_raw ) ] = {0}; \
+ unsigned int size = \
+ bigint_required_size ( sizeof ( value_raw ) ); \
+ bigint_t ( size ) addend_temp; \
+--- a/drivers/net/ath/ath5k/ath5k_eeprom.c
++++ b/drivers/net/ath/ath5k/ath5k_eeprom.c
+@@ -410,7 +410,7 @@
+ {
+ struct ath5k_eeprom_info *ee = &ah->ah_capabilities.cap_eeprom;
+ u32 o = *offset;
+- u16 val;
++ u16 val = 0;
+ int ret;
+
+ if (ee->ee_version < AR5K_EEPROM_VERSION_5_0)
diff --git a/main/alsa-lib/APKBUILD b/main/alsa-lib/APKBUILD
index 496426969d..20a3b8c828 100644
--- a/main/alsa-lib/APKBUILD
+++ b/main/alsa-lib/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alsa-lib
-pkgver=1.2.6.1
+pkgver=1.2.7.1
pkgrel=0
pkgdesc="Advanced Linux Sound Architecture (ALSA) library"
url="https://alsa-project.org/"
@@ -35,10 +35,11 @@ check() {
package() {
make -j1 DESTDIR="$pkgdir" install
+ install -d -m755 "$pkgdir"/etc/alsa/conf.d
}
sha512sums="
-70e539cf092b5d43e00e4134d8a3e184f0dc34312823e4b58a574320cbf06cb7369bc3251ecb1858033756a7a8c35d36faa8da48d49f6efe0cec905784adbd45 alsa-lib-1.2.6.1.tar.bz2
+2a0b4205e8bf602b56a6f5007ba219799e5443827393058e439adf5b391bb6c4815a48bb994b5d108b9f31a90db0eb43a96a0d7741216e2d710dc63d372de27e alsa-lib-1.2.7.1.tar.bz2
e15318431fe2d5bd1e42ef793f223e3e5995890d7befe6daa3d7456ccf5cb2f51eb79171539cecae13032a9b8a798ea35e04c89b27c7ef9567e2c03fb8db4512 remove-test.patch
f980d153c2f179e2f8fd90180d19250e5a5e12388f31d86a233d89be72ae7e96b944a8f435f0a11c6140378ac38eaa937175e1c100395ec4f635a9a6a4b1ae25 fix-PATH_MAX-on-ppc64le.patch
"
diff --git a/main/alsa-utils/APKBUILD b/main/alsa-utils/APKBUILD
index e83ac12060..8c72835a6b 100644
--- a/main/alsa-utils/APKBUILD
+++ b/main/alsa-utils/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alsa-utils
-pkgver=1.2.6
+pkgver=1.2.7
pkgrel=0
pkgdesc="Advanced Linux Sound Architecture (ALSA) utilities"
url="https://alsa-project.org/"
@@ -41,7 +41,7 @@ alsaconf() {
}
sha512sums="
-6842f0f4c2f7cc5ac3ba94736ee259d9988b5d3e0d2b522f858d712e16938d2845fa9ef64f4aa60222b8ef6738e053f9113a5ea24a197f2c0d6c4dbd70030f5e alsa-utils-1.2.6.tar.bz2
+1be8f617315193e6033653ac96a14bd1c3272cd9d8f3776cdb1357f35f5353652acd5975cfc5bd16278cd496f5bf409bb60432818a526282edad9a4c718a97c9 alsa-utils-1.2.7.tar.bz2
f04155e1e391c7f36d44422c8e769bf9370117f6bbea6c0664e9858f7a676cc958e4260e4b4d226e71d0716f6be4e6fdd60f1d07cb7e9922fff378ceec01c47d alsaconf.patch
c66959a4a1a24a727c9c91a455caa5fa093c523d17a563b56ec2449a02ff30c83683db555006954b1fe571446cf4a117cc41de8c8b869a6e875d386595b3cc1f alsa.initd
d7e212e9f624b09168117b46c66289204a23915adf0d1b0c9ae258049430397b8f2d86d3b5f7e3087151948a031c4eab863e8195a6c7b1276704e9cba9c2d2a7 alsa.confd
diff --git a/main/amavis/APKBUILD b/main/amavis/APKBUILD
index 02abe30078..943d4bb7fd 100644
--- a/main/amavis/APKBUILD
+++ b/main/amavis/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=amavis
pkgver=2.12.2
-pkgrel=0
+pkgrel=1
pkgdesc="High-performance interface between mailer (MTA) and content checkers"
url="https://gitlab.com/amavis/amavis"
arch="noarch !x86" # perl-db
@@ -12,7 +12,7 @@ depends="sed file perl perl-archive-zip perl-carp perl-convert-tnef
perl-exporter perl-io-stringy perl-mime-tools
perl-mailtools perl-socket perl-net-libidn perl-net-server
perl-time-hires perl-unix-syslog perl-mail-dkim
- perl-io-socket-inet6
+ perl-io-socket-inet6 perl-io-socket-ssl
perl-mail-spamassassin
"
makedepends=""
@@ -44,7 +44,7 @@ package() {
install -Dm755 -o root -g amavis "$file" "$pkgdir/usr/sbin/$file"
done
- install -Dm640 -o root amavisd.conf "$pkgdir"/etc/amavisd.conf
+ install -Dm640 -o root -g amavis amavisd.conf "$pkgdir"/etc/amavisd.conf
install -Dm755 "$srcdir"/amavisd.initd "$pkgdir"/etc/init.d/amavisd
install -Dm644 "$srcdir"/amavisd.confd "$pkgdir"/etc/conf.d/amavisd
}
diff --git a/main/apache-mod-fcgid/APKBUILD b/main/apache-mod-fcgid/APKBUILD
index a5b87e5eae..f816a1c3f2 100644
--- a/main/apache-mod-fcgid/APKBUILD
+++ b/main/apache-mod-fcgid/APKBUILD
@@ -3,9 +3,9 @@
pkgname=apache-mod-fcgid
_pkgreal=mod_fcgid
pkgver=2.3.9
-pkgrel=3
+pkgrel=4
pkgdesc="FastCGI module for Apache 2.x"
-url="http://httpd.apache.org/$_pkgreal/"
+url="https://httpd.apache.org/mod_fcgid/"
arch="all"
license="Apache-2.0"
depends="apache2"
@@ -28,5 +28,7 @@ package() {
rm -fr "$pkgdir"/etc/apache2/original
}
-sha512sums="cae8bf8ad324512a51e6f34cb32468ea49a17deaabd481f8b581444891656f2516f10d198630f92ebc18db3d575f61dd7254153938a8206fb6c1441c7850be63 mod_fcgid-2.3.9.tar.gz
-e5d7d81905f7cd73b5dbd3baa39c1d84e3c96e3fc3fda41fc52ada1a4353ca5186e53f56d782273d86a858cc9215c72321f34d92643ac176d4232df638a05812 mod_fcgid.conf"
+sha512sums="
+cae8bf8ad324512a51e6f34cb32468ea49a17deaabd481f8b581444891656f2516f10d198630f92ebc18db3d575f61dd7254153938a8206fb6c1441c7850be63 mod_fcgid-2.3.9.tar.gz
+e5d7d81905f7cd73b5dbd3baa39c1d84e3c96e3fc3fda41fc52ada1a4353ca5186e53f56d782273d86a858cc9215c72321f34d92643ac176d4232df638a05812 mod_fcgid.conf
+"
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 1e47daae52..1202ca36a6 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
-pkgver=2.4.52
+pkgver=2.4.54
pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="https://httpd.apache.org/"
@@ -48,9 +48,24 @@ source="https://dlcdn.apache.org/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
conf/0014-httpd-.conf-LoadModule.patch
"
options="suid"
+[ "$CARCH" = "riscv64" ] && options="$options textrels"
builddir="$srcdir"/$_pkgreal-$pkgver
# secfixes:
+# 2.4.54-r0:
+# - CVE-2022-26377
+# - CVE-2022-28330
+# - CVE-2022-28614
+# - CVE-2022-28615
+# - CVE-2022-29404
+# - CVE-2022-30522
+# - CVE-2022-30556
+# - CVE-2022-31813
+# 2.4.53-r0:
+# - CVE-2022-22719
+# - CVE-2022-22720
+# - CVE-2022-22721
+# - CVE-2022-23943
# 2.4.52-r0:
# - CVE-2021-44224
# - CVE-2021-44790
@@ -381,7 +396,7 @@ _lua() {
_load_mods
}
sha512sums="
-97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6 httpd-2.4.52.tar.bz2
+228493b2ff32c4142c6e484d304f2ea12e467498605fe12adce2b61388d8efe7b2e96ae2fd0abd1dc88a5f12d625e007d8da0ae5628cff2a5272806754f41e18 httpd-2.4.54.tar.bz2
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/apg/APKBUILD b/main/apg/APKBUILD
index 209509a2b7..fce949153f 100644
--- a/main/apg/APKBUILD
+++ b/main/apg/APKBUILD
@@ -1,13 +1,14 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apg
pkgver=2.2.3
-pkgrel=5
+pkgrel=6
pkgdesc="Automated Password Generator."
url="https://linux.die.net/man/1/apg" # Original homepage is dead
arch="all"
license="BSD-3-Clause"
# no check provided by upstream
options="!check"
+subpackages="$pkgname-doc"
source="https://launchpad.net/ubuntu/+archive/primary/+files/${pkgname}_${pkgver}.orig.tar.gz"
build() {
@@ -20,7 +21,7 @@ package() {
cd "$builddir"
for i in apg apgbfm; do
install -D -m755 $i "$pkgdir"/usr/bin/$i
- install -D -m644 doc/man/$i.1 "$pkgdir"/usr/man/man1/$i.1
+ install -D -m644 doc/man/$i.1 "$pkgdir"/usr/share/man/man1/$i.1
done
}
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD
index 26744eea6b..59f5710424 100644
--- a/main/apk-tools/APKBUILD
+++ b/main/apk-tools/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.12.9
-pkgrel=1
+pkgrel=5
pkgdesc="Alpine Package Keeper - package manager for alpine"
arch="all"
url="https://gitlab.alpinelinux.org/alpine/apk-tools"
@@ -87,5 +87,5 @@ luaapk() {
sha512sums="
2e299e50c5ca8733f04fad971247146ff4bebb697c3589e4692c9a940ede89432dd9fea48004dc947cb493db1206a336ac0ad1e876b02683183d69b4a127d1c6 apk-tools-v2.12.9.tar.gz
-48d5437bb8e76b56f972430ac95f1f408687dd2734ff3e69192140abe8f301154329d9cbef0c17da86ac8d825f32bc818376bdfb672bf44adbfa5e21c957d5ec _apk
+7870676720f5007eee9482786e02246f8e3474afb90e76c9c83aebe914747a8e007b5d2eed6441933f4922024b3f0664db270f21981ad6c2db877a110b0cd79e _apk
"
diff --git a/main/apk-tools/_apk b/main/apk-tools/_apk
index 0ce54d74de..4b4a238fc6 100644
--- a/main/apk-tools/_apk
+++ b/main/apk-tools/_apk
@@ -62,7 +62,7 @@ function _apk {
zstyle ":completion:${curcontext}:" cache-policy _ccache_apk_avail
local IFS=$'\n'
if _cache_invalid apk_index_packages_available || ! _retrieve_cache apk_index_packages_available; then
- _apk_available_packs=(${${$(/sbin/apk list -a 2>/dev/null)%% *}%%-[[:digit:].]##([[:alpha:]]#)#(_[[:alpha:]]#[[:digit:]])#(-r[[:digit:]]##)#})
+ _apk_available_packs=(${${$(/sbin/apk list -a 2>/dev/null)%% *}%-*-r[[:digit:]]*})
_store_cache apk_index_packages_available _apk_available_packs
fi
_describe 'available packages' _apk_available_packs
@@ -73,7 +73,7 @@ function _apk {
zstyle ":completion:${curcontext}:" cache-policy _ccache_apk_world
local IFS=$'\n'
if _cache_invalid apk_index_packages_installed || ! _retrieve_cache apk_index_packages_installed; then
- _apk_installed_packs=(${${$(/sbin/apk list -I 2>/dev/null)%% *}%%-[[:digit:].]##([[:alpha:]]#)#(_[[:alpha:]]#[[:digit:]])#(-r[[:digit:]]##)#})
+ _apk_installed_packs=(${${$(/sbin/apk list -I 2>/dev/null)%% *}%-*-r[[:digit:]]*})
_store_cache apk_index_packages_installed _apk_installed_packs
fi
_describe 'installed packages' _apk_installed_packs
diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD
index 265e51151a..f3fe4bec27 100644
--- a/main/apr-util/APKBUILD
+++ b/main/apr-util/APKBUILD
@@ -1,9 +1,9 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apr-util
pkgver=1.6.1
-pkgrel=11
+pkgrel=12
pkgdesc="The Apache Portable Runtime Utility Library"
-url="http://apr.apache.org/"
+url="https://apr.apache.org/"
arch="all"
license="Apache-2.0"
subpackages="$pkgname-dev $pkgname-dbd_pgsql $pkgname-dbd_mysql
@@ -55,5 +55,7 @@ dbd_mysql() { _mv_mod dbd_mysql "MySQL"; }
dbd_sqlite3() { _mv_mod dbd_sqlite "SQLite3"; }
ldap() { _mv_mod ldap "LDAP"; }
-sha512sums="40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2
-4672c55bbe78a401483dd21f29dd1f92d70887191f3d4945a616223c18e39e051609a3b52a5547a9dbcc54e315cf5866e5dfb5ef9507c3914e9d74a67e75a00e musl-fix-testsuite.patch"
+sha512sums="
+40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2
+4672c55bbe78a401483dd21f29dd1f92d70887191f3d4945a616223c18e39e051609a3b52a5547a9dbcc54e315cf5866e5dfb5ef9507c3914e9d74a67e75a00e musl-fix-testsuite.patch
+"
diff --git a/main/apr/APKBUILD b/main/apr/APKBUILD
index c2a40dad1e..431eb17f36 100644
--- a/main/apr/APKBUILD
+++ b/main/apr/APKBUILD
@@ -1,21 +1,25 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apr
pkgver=1.7.0
-pkgrel=0
+pkgrel=2
pkgdesc="The Apache Portable Runtime"
-url="http://apr.apache.org/"
+url="https://apr.apache.org/"
arch="all"
license="Apache-2.0"
-depends_dev="util-linux-dev bash"
+depends_dev="util-linux-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev"
source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2
apr-1.6.2-dont-test-dlclose.patch
semtimedop-s390x.patch
+ CVE-2021-35940.patch
"
+# secfixes:
+# 1.7.0-r2:
+# - CVE-2021-35940.patch
+
build() {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -27,27 +31,26 @@ build() {
}
check() {
- cd "$builddir"
- make -j1 check
+ make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
# basicly everything thats not a *.so* file belongs to the -dev package
# we override the pre-defined func.
dev() {
- local i
depends="$pkgname $depends_dev"
mkdir -p "$subpkgdir"
mv "$pkgdir"/* "$subpkgdir"/
mkdir -p "$pkgdir"/usr/lib
mv "$subpkgdir"/usr/lib/*.so* "$pkgdir"/usr/lib/
- return 0
}
-sha512sums="3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148 apr-1.7.0.tar.bz2
+sha512sums="
+3dc42d5caf17aab16f5c154080f020d5aed761e22db4c5f6506917f6bfd2bf8becfb40af919042bd4ce1077d5de74aa666f5edfba7f275efba78e8893c115148 apr-1.7.0.tar.bz2
9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef apr-1.6.2-dont-test-dlclose.patch
-5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch"
+5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch
+33c072ad4e27afee4b93df5b1076a8d858c6f4ef57df4e2dd1bf750f8b0390cb130744aa3bf67c4de359b35a558da07e479b10e0028ec935aa9a1ea4820c995e CVE-2021-35940.patch
+"
diff --git a/main/apr/CVE-2021-35940.patch b/main/apr/CVE-2021-35940.patch
new file mode 100644
index 0000000000..0b72ab964c
--- /dev/null
+++ b/main/apr/CVE-2021-35940.patch
@@ -0,0 +1,53 @@
+Patch-Source: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
+SECURITY: CVE-2021-35940 (cve.mitre.org)
+
+Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
+was addressed in 1.6.x in 1.6.3 and later via r1807976.
+
+The fix was merged back to 1.7.x in r1891198.
+
+Since this was a regression in 1.7.0, a new CVE name has been assigned
+to track this, CVE-2021-35940.
+
+Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
+
+https://svn.apache.org/viewvc?view=revision&revision=1891198
+
+Index: time/unix/time.c
+===================================================================
+--- a/time/unix/time.c (revision 1891197)
++++ b/time/unix/time.c (revision 1891198)
+@@ -142,6 +142,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
+Index: time/win32/time.c
+===================================================================
+--- a/time/win32/time.c (revision 1891197)
++++ b/time/win32/time.c (revision 1891198)
+@@ -54,6 +54,9 @@
+ static const int dayoffset[12] =
+ {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+
++ if (tm->wMonth < 1 || tm->wMonth > 12)
++ return APR_EBADDATE;
++
+ /* Note; the caller is responsible for filling in detailed tm_usec,
+ * tm_gmtoff and tm_isdst data when applicable.
+ */
+@@ -228,6 +231,9 @@
+ static const int dayoffset[12] =
+ {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
+
++ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
++ return APR_EBADDATE;
++
+ /* shift new year to 1st March in order to make leap year calc easy */
+
+ if (xt->tm_mon < 2)
diff --git a/main/arm-trusted-firmware/APKBUILD b/main/arm-trusted-firmware/APKBUILD
index 1b8c4a2fd3..aff371ab3e 100644
--- a/main/arm-trusted-firmware/APKBUILD
+++ b/main/arm-trusted-firmware/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Bart Ribbers <bribbers@disroot.org>
pkgname=arm-trusted-firmware
pkgver=2.6
-pkgrel=0
+pkgrel=1
pkgdesc="ARM Trusted Firmware-A (TF-A)"
url="https://github.com/ARM-software/arm-trusted-firmware"
arch="aarch64"
@@ -12,11 +12,16 @@ makedepends="dtc"
source="https://github.com/ARM-software/arm-trusted-firmware/archive/v$pkgver/arm-trusted-firmware-v$pkgver.tar.gz"
options="!check" # No tests
-_plats="sun50i_a64 sun50i_h6"
+_plats="
+ imx8mq
+ sun50i_a64
+ sun50i_h6
+ "
build() {
unset LDFLAGS
for plat in $_plats; do
+ msg "Building ATF for $plat"
make PLAT=$plat bl31
done
}
diff --git a/main/arpon/APKBUILD b/main/arpon/APKBUILD
index 772636a463..f331e358bb 100644
--- a/main/arpon/APKBUILD
+++ b/main/arpon/APKBUILD
@@ -3,12 +3,12 @@
pkgname=arpon
pkgver=3.0
_realver=3.0-ng
-pkgrel=5
+pkgrel=6
pkgdesc="Arp handler inspectiON is a handler daemon with tools to handle all ARP aspects"
-url="http://arpon.sourceforge.net/"
+url="https://arpon.sourceforge.io/"
arch="all"
license="BSD-2-Clause"
-makedepends="libdnet-dev libpcap-dev libnet-dev cmake"
+makedepends="libdnet-dev libpcap-dev libnet-dev cmake samurai"
subpackages="$pkgname-doc $pkgname-openrc"
source="https://downloads.sourceforge.net/project/arpon/arpon/ArpON-$_realver.tar.gz
fix-ppc64le-werror.patch
@@ -20,14 +20,20 @@ source="https://downloads.sourceforge.net/project/arpon/arpon/ArpON-$_realver.ta
builddir="$srcdir"/ArpON-$_realver
build() {
- cmake -B build . \
+ cmake -B build -G Ninja \
-DCMAKE_C_FLAGS="$CFLAGS" \
- -DCMAKE_BUILD_TYPE=MinSizeRel
- make -C build
+ -DCMAKE_BUILD_TYPE=MinSizeRel \
+ .
+ cmake --build build
+}
+
+check() {
+ cd build
+ CTEST_OUTPUT_ON_FAILURE=TRUE ctest
}
package() {
- make -C build install DESTDIR="$pkgdir"
+ DESTDIR="$pkgdir" cmake --install build
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
}
diff --git a/main/arpwatch/APKBUILD b/main/arpwatch/APKBUILD
index deff86dc18..22860803d7 100644
--- a/main/arpwatch/APKBUILD
+++ b/main/arpwatch/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Michael Mason <ms13sp@gmail.com>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=arpwatch
-pkgver=3.2
+pkgver=3.3
pkgrel=0
pkgdesc="Ethernet monitoring program"
url="https://www-nrg.ee.lbl.gov/"
@@ -55,7 +55,7 @@ package() {
}
sha512sums="
-0a028e770e73f8ff2e926da5ab58e067c05908924a60cfc52c5fb7d57a0f36d3087f6cedb4a8b39b66ce85a4f6a12a594e7e74fd044331e5f346bcc9add99585 arpwatch-3.2.tar.gz
+4e3d542917dc9060ae7b35b40f41cb696eb36e68846194a76f025c5ecb1df1e67d5c1c66ba3c7e581e1f915b988d05cb7805f28d410784bd27dc3a448dccdece arpwatch-3.3.tar.gz
854f6361bf02586516db4f50afdee729c047cd788985f72f475e592e0e744c24d7d765f0391d733dbf417048c26b6d43c00eb63c58e6798bdb2366b93cbfe03a arpwatch.confd
83fc559aecd82cefd430104df23fc7680ac14d2c27f74d4543585382166e16a65563e00122281e886278993a9ca574daa5b2b2100884369c3a3146a66b68a0f7 arpwatch.initd
b537220b7a19f7f28d1b60cfea6ef2e4d0c852ac83907fdd2515e467c3d16529b0c5a25ee653536e674c63d47a00709fc89fd6085efc5ba4a12f392df5ae5788 22_alpine_bihourly_script.patch
diff --git a/main/asciidoctor/APKBUILD b/main/asciidoctor/APKBUILD
index ab62dc6898..31e0e5f4ba 100644
--- a/main/asciidoctor/APKBUILD
+++ b/main/asciidoctor/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=asciidoctor
pkgver=2.0.17
-pkgrel=0
+pkgrel=1
pkgdesc="Converter for AsciiDoc to HTML5, DocBook 5 (or 4.5) and other formats"
url="https://rubygems.org/gems/$pkgname"
arch="noarch"
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index 80dc4cecdd..f19a684766 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Timo Teras <timo.teras@iki.fi>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
-pkgver=18.2.2
-pkgrel=5
+pkgver=18.11.2
+pkgrel=0
pkgdesc="Modular Open Source PBX System"
pkgusers="asterisk"
pkggroups="asterisk"
@@ -69,13 +69,16 @@ source="$_download/asterisk-$pkgver.tar.gz
20-musl-astmm-fix.patch
30-asterisk-mariadb.patch
40-asterisk-cdefs.patch
- CVE-2021-32558.patch
asterisk.initd
asterisk.confd
asterisk.logrotate
"
# secfixes:
+# 18.11.2-r0:
+# - CVE-2022-26498
+# - CVE-2022-26499
+# - CVE-2022-26651
# 18.2.2-r2:
# - CVE-2021-32558
# 18.2.1-r0:
@@ -162,7 +165,6 @@ build() {
--enable app_meetme \
--enable cdr_mysql \
--disable BUILD_NATIVE \
- --enable IMAP_STORAGE \
--enable codec_opus_open_source \
menuselect.makeopts
@@ -238,14 +240,13 @@ sound_en() {
}
sha512sums="
-e15fe3c7f46d49991bcb6f6f565f15e4af0d658b4cd6b091079209dd95a8027858effdc2f2314d72ed46a73cdebc089d3c27d5cf8db50d2d21f3c317a8a4a546 asterisk-18.2.2.tar.gz
+6b33949edb26b8dec5c4c79fe07f4fe3c82a83014944b142ffe5cdf9e626a7240e65c31f9215136ab964b14e077829c4ae99e1b0c2067e8b8ac016f628281e06 asterisk-18.11.2.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
69d82b878728f99b7bf7e862025cbc01aa5b6b9332a5372059ea89a788c66fd351f1103989b3573a7a4ba9ff533f3ee2ff5d88de938440e05d6246e41a882306 asterisk-13.7-90e8780faccc79e68c07775c6ab2fe1ffaccfa08.tar.gz
771237ba6d42ab62d914f2702234b23fd0bc8c22f2aa33b0e745c9170163c8046f6d48ecb299faab3d6fb397f1aa046421083c3cc88510c9779861c522f357dd 10-musl-mutex-init.patch
0fae11b42894ab3d405bc50e9275b9084712b482fbf9b4259ea938667fc5cbe413655f3ff83da0f607151bb2b6e49c2f741b5ada6944dbb478f076ef8d86380a 20-musl-astmm-fix.patch
616de74bdd3c4a6e899128c73e31f5ff219095d2afe321f85a51f518ec2e9dac9b63396eed8e2568c295f1beb90f9a506c72d28211a973b35185bfffd24af37e 30-asterisk-mariadb.patch
ba33f11169284f190b7dabab1da7d2751cb65d7976408db635a892fa17d7552e1660350017e7aada3464ecc7d9d6e99d6ad76d66c0036de062a386cffbc948e6 40-asterisk-cdefs.patch
-87df7c97c0963f41a6d61ed80c7b9996d7f38fa39bbca50c3157f4bb68146e1c977459dfdff734395aca4fd9d801c15d6c996bfabdd81be16b96f3bbe92ff480 CVE-2021-32558.patch
0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
449b5808d90c813c23432274fba47e53227e3a924a55719d2f9e5a90fd2dfb33660a5c85c7e8f11fbb1cd93387e5c68329ed5583f7a64c2451fadad62a9f87dd asterisk.logrotate
diff --git a/main/asterisk/CVE-2021-32558.patch b/main/asterisk/CVE-2021-32558.patch
deleted file mode 100644
index 522d8d6f4f..0000000000
--- a/main/asterisk/CVE-2021-32558.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 852a8780cb45db0dca7c18b364cb0485a1e09840 Mon Sep 17 00:00:00 2001
-From: Kevin Harwell <kharwell@sangoma.com>
-Date: Mon, 10 May 2021 17:59:00 -0500
-Subject: [PATCH] AST-2021-008 - chan_iax2: remote crash on unsupported media format
-
-If chan_iax2 received a packet with an unsupported media format, for
-example vp9, then it would set the frame's format to NULL. This could
-then result in a crash later when an attempt was made to access the
-format.
-
-This patch makes it so chan_iax2 now ignores/drops frames received
-with unsupported media format types.
-
-ASTERISK-29392 #close
-
-Change-Id: Ifa869a90dafe33eed8fd9463574fe6f1c0ad3eb1
----
-
-diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
-index 4122c04..c57434b 100644
---- a/channels/chan_iax2.c
-+++ b/channels/chan_iax2.c
-@@ -4132,6 +4132,7 @@
- long ms;
- long next;
- struct timeval now = ast_tvnow();
-+ struct ast_format *voicefmt;
-
- /* Make sure we have a valid private structure before going on */
- ast_mutex_lock(&iaxsl[callno]);
-@@ -4151,10 +4152,9 @@
-
- ms = ast_tvdiff_ms(now, pvt->rxcore);
-
-- if(ms >= (next = jb_next(pvt->jb))) {
-- struct ast_format *voicefmt;
-- voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat);
-- ret = jb_get(pvt->jb, &frame, ms, voicefmt ? ast_format_get_default_ms(voicefmt) : 20);
-+ voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat);
-+ if (voicefmt && ms >= (next = jb_next(pvt->jb))) {
-+ ret = jb_get(pvt->jb, &frame, ms, ast_format_get_default_ms(voicefmt));
- switch(ret) {
- case JB_OK:
- fr = frame.data;
-@@ -4182,7 +4182,7 @@
- pvt = iaxs[callno];
- }
- }
-- break;
-+ break;
- case JB_DROP:
- iax2_frame_free(frame.data);
- break;
-@@ -6451,8 +6451,14 @@
- f->frametype = fh->type;
- if (f->frametype == AST_FRAME_VIDEO) {
- f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40) | ((fh->csub >> 6) & 0x1));
-+ if (!f->subclass.format) {
-+ f->subclass.format = ast_format_none;
-+ }
- } else if (f->frametype == AST_FRAME_VOICE) {
- f->subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub));
-+ if (!f->subclass.format) {
-+ f->subclass.format = ast_format_none;
-+ }
- } else {
- f->subclass.integer = uncompress_subclass(fh->csub);
- }
-@@ -9929,8 +9935,8 @@
- } else if (iaxs[fr->callno]->voiceformat == 0) {
- ast_log(LOG_WARNING, "Received trunked frame before first full voice frame\n");
- iax2_vnak(fr->callno);
-- } else {
-- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat);
-+ } else if ((f.subclass.format = ast_format_compatibility_bitfield2format(
-+ iaxs[fr->callno]->voiceformat))) {
- f.datalen = len;
- if (f.datalen >= 0) {
- if (f.datalen)
-@@ -10173,11 +10179,17 @@
- f.frametype = fh->type;
- if (f.frametype == AST_FRAME_VIDEO) {
- f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub & ~0x40));
-+ if (!f.subclass.format) {
-+ return 1;
-+ }
- if ((fh->csub >> 6) & 0x1) {
- f.subclass.frame_ending = 1;
- }
- } else if (f.frametype == AST_FRAME_VOICE) {
- f.subclass.format = ast_format_compatibility_bitfield2format(uncompress_subclass(fh->csub));
-+ if (!f.subclass.format) {
-+ return 1;
-+ }
- } else {
- f.subclass.integer = uncompress_subclass(fh->csub);
- }
-@@ -11795,6 +11807,11 @@
- f.subclass.frame_ending = 1;
- }
- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->videoformat);
-+ if (!f.subclass.format) {
-+ ast_variables_destroy(ies.vars);
-+ ast_mutex_unlock(&iaxsl[fr->callno]);
-+ return 1;
-+ }
- } else {
- ast_log(LOG_WARNING, "Received mini frame before first full video frame\n");
- iax2_vnak(fr->callno);
-@@ -11816,9 +11833,14 @@
- } else {
- /* A mini frame */
- f.frametype = AST_FRAME_VOICE;
-- if (iaxs[fr->callno]->voiceformat > 0)
-+ if (iaxs[fr->callno]->voiceformat > 0) {
- f.subclass.format = ast_format_compatibility_bitfield2format(iaxs[fr->callno]->voiceformat);
-- else {
-+ if (!f.subclass.format) {
-+ ast_variables_destroy(ies.vars);
-+ ast_mutex_unlock(&iaxsl[fr->callno]);
-+ return 1;
-+ }
-+ } else {
- ast_debug(1, "Received mini frame before first full voice frame\n");
- iax2_vnak(fr->callno);
- ast_variables_destroy(ies.vars);
diff --git a/main/at-spi2-core/APKBUILD b/main/at-spi2-core/APKBUILD
index 3a811bfadd..6e7e7a26fb 100644
--- a/main/at-spi2-core/APKBUILD
+++ b/main/at-spi2-core/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=at-spi2-core
-pkgver=2.42.0
+pkgver=2.44.1
pkgrel=0
pkgdesc="Protocol definitions and daemon for D-Bus at-spi"
url="https://www.freedesktop.org/wiki/Accessibility/AT-SPI2/"
@@ -28,5 +28,5 @@ package() {
}
sha512sums="
-befcab94b3aa99471723238d9666fc6667041b058a2bac3b012cfa15a91950996431296f33c921764e0ec4ffd0cc41ebe00be461a8460d6f4d2bafff19a38e10 at-spi2-core-2.42.0.tar.xz
+8d85df75f886c4a19d829d14e5a9412b607b9cbe2d1b7ecb95b4082602f0624e90747fe955f96d378c3a52bc0e732074b97008bb34e6acc2722c7056b2c0504e at-spi2-core-2.44.1.tar.xz
"
diff --git a/main/atk/APKBUILD b/main/atk/APKBUILD
index abf7d04498..dd8c681811 100644
--- a/main/atk/APKBUILD
+++ b/main/atk/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=atk
-pkgver=2.36.0
+pkgver=2.38.0
pkgrel=0
pkgdesc="A library providing a set of interfaces for accessibility"
url="https://www.gtk.org/"
@@ -26,4 +26,6 @@ package() {
DESTDIR="$pkgdir" meson install --no-rebuild -C output
}
-sha512sums="d0f18204eaf96511e8448e3dfbc4b6953a7cf8b816151fb7caf5592cf578572b1cdb16836fe2157b11e3ad018ef171f1ca1bfdf255bb31bb455716d7519fd634 atk-2.36.0.tar.xz"
+sha512sums="
+dffd0a0814a9183027c38a985d86cb6544858e9e7d655843e153440467957d6bc1abd9c9479a57078aea018053410438a30a9befb7414dc79020b223cd2c774b atk-2.38.0.tar.xz
+"
diff --git a/main/atop/APKBUILD b/main/atop/APKBUILD
index 7084d21610..0915ff3967 100644
--- a/main/atop/APKBUILD
+++ b/main/atop/APKBUILD
@@ -1,22 +1,22 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=atop
pkgver=2.7.1
-pkgrel=0
+pkgrel=1
pkgdesc="Resource-specific view of processes"
url="https://www.atoptool.nl/"
arch="all"
license="GPL-2.0-or-later"
makedepends="zlib-dev ncurses-dev linux-headers"
-subpackages="$pkgname-doc"
+subpackages="$pkgname-doc $pkgname-openrc"
source="https://www.atoptool.nl/download/atop-$pkgver.tar.gz
atop-daily-bb.patch
atop-include-macros.patch
+ make-cron-background.patch
atop.initd
"
-options="suid"
+options="suid !check"
prepare() {
- cd "$builddir"
default_prepare
sed -i -e '/^CFLAGS/s: = -O : += :' \
@@ -28,25 +28,23 @@ prepare() {
}
build() {
- cd "$builddir"
+ make
}
package() {
- cd "$builddir"
- mkdir -p "$pkgdir"/var/log/atop "$pkgdir"/var/run "$pkgdir"/usr/sbin
- make -j1 DESTDIR="$pkgdir" \
+ make DESTDIR="$pkgdir" \
INIPATH=/etc/init.d \
SCRPATH=/etc/periodic/daily \
sysvinstall
rm -fr "$pkgdir"/etc/cron.d
mv "$pkgdir"/etc/periodic/daily/atop.daily \
"$pkgdir"/etc/periodic/daily/atop
-
}
sha512sums="
f5013dbc25b86f07c9892555705bb3db2eeb949478f53e6e5545308b0c7c173c4c7a8ed0eae1f173e075210f81fceee09d7a9d90de76c4f011e38ad4a76b780b atop-2.7.1.tar.gz
664225450074962aac0e13484c9b2feaf08620bbe1e0f9c5dc1b02f1ecd315224cd04df53134f2d107210fc9223a64d8885ae70d33d0663c2335fa6d46f6ddfd atop-daily-bb.patch
f30c9e6051332af8c8cafcd881f89a0e2d2a8e1d84eee8ac0c8c6b58f3ae3431fcf9c40dea6d03e271f8969802de449d33b4323c13045bdb38a539732c81a8b6 atop-include-macros.patch
+e563894eceadf63ff153714829218b8f78dd21a129b90817960bdb4452768f41ed884dc9967f94b979e42f04d6434fcbd423bcf1651976a5ad60c34b206ce7e9 make-cron-background.patch
172c9d367b936427ccbbbd1140c7808ec8ffe3194b3557ba024820dac8fa68c9919f7dc34d332e91283fde64d731db7bdbfee3c2d6caad3cd291e0f1c227cb03 atop.initd
"
diff --git a/main/atop/make-cron-background.patch b/main/atop/make-cron-background.patch
new file mode 100644
index 0000000000..a710572cf7
--- /dev/null
+++ b/main/atop/make-cron-background.patch
@@ -0,0 +1,28 @@
+From a2cd8d902a833e5bec024e81d6361684c1f84e4b Mon Sep 17 00:00:00 2001
+From: ptrcnull <git@ptrcnull.me>
+Date: Tue, 1 Mar 2022 15:33:05 +0100
+Subject: [PATCH] Make daily atop cron job run in the background
+
+---
+ atop.daily | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/atop.daily b/atop.daily
+index 55737fd..5e18650 100755
+--- a/atop.daily
++++ b/atop.daily
+@@ -57,8 +57,7 @@ fi
+ #
+ ( (sleep 3; find "$LOGPATH" -name 'atop_*' -mtime +"$LOGGENERATIONS" -exec rm {} \;)& )
+
+-# activate atop with an interval of S seconds (configurable),
+-# replacing the current shell
++# activate atop with an interval of S seconds (configurable)
+ #
+-echo $$ > $PIDFILE
+-exec $BINPATH/atop $LOGOPTS -w "$LOGPATH"/atop_"$CURDAY" "$LOGINTERVAL" > "$LOGPATH/daily.log" 2>&1
++$BINPATH/atop $LOGOPTS -w "$LOGPATH"/atop_"$CURDAY" "$LOGINTERVAL" > "$LOGPATH/daily.log" 2>&1 &
++echo $! > $PIDFILE
+--
+2.35.1
+
diff --git a/main/audit/APKBUILD b/main/audit/APKBUILD
index 29e20b52a0..d706e91a99 100644
--- a/main/audit/APKBUILD
+++ b/main/audit/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Dermot Bradley <dermot_bradley@yahoo.com>
# Maintainer: Tycho Andersen <tycho@docker.com>
pkgname=audit
-pkgver=3.0.6
+pkgver=3.0.8
pkgrel=0
-pkgdesc="User space tools for 2.6 kernel auditing"
+pkgdesc="User space tools for kernel auditing"
url="https://people.redhat.com/sgrubb/audit/"
arch="all"
license="GPL-2.0-or-later"
@@ -13,24 +13,12 @@ install="$pkgname.pre-install"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-openrc"
source="https://people.redhat.com/sgrubb/audit/audit-$pkgver.tar.gz
0003-all-get-rid-of-strndupa.patch
- 0004-fix-path-in-au-remote-conf.patch
+ usr-paths.patch
+ musl.patch
auditd.initd
auditd.confd"
-case "$CARCH" in
-mips*)
- # mips builder does not have audit support enabled
- options="$options !check"
- ;;
-esac
-
-builddir="$srcdir/audit-$pkgver"
-
build() {
- if [ "$CARCH" = "ppc64le" ]; then
- WITHOUT="--without-python3 --without-python"
- fi
-
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -41,13 +29,12 @@ build() {
--disable-zos-remote \
--enable-shared=audit \
--with-arm \
- --with-aarch64 \
- $WITHOUT
+ --with-aarch64
make
}
check() {
- make -j1 check
+ make check
}
package() {
@@ -63,9 +50,10 @@ static() {
}
sha512sums="
-74734e1b1fddea086db9c5dc8c4b7817917fdf17bc7ca4e5b440aae975484d020a17c3f485f6a37b6b150a307d809e50d559d31a8cbd6f1e554933719551bcd1 audit-3.0.6.tar.gz
+8379bf425d68381d182300e628e42de8460d2f3e15b2395e10880f94b9989656852a50a9bece75b632ec8a04c40c9e666ff4c9d6b25ace3a8f50d2011506afab audit-3.0.8.tar.gz
f3f2c4ee745e99877c981d889c5cbb0379d073a9b7634c1480ae603a21a13045f9978b51f8cb53c8d0ba414d249bb859af7bca7e302c464b3fc3c6463ecca762 0003-all-get-rid-of-strndupa.patch
-6a0e1fb81d7defe6ad84da447a55e1e0b90299fcbd1ca679934a1dfa1a211986ea4642a1c69abe0619120b64b16546a41fa028f55f27c79819d896178aac6df7 0004-fix-path-in-au-remote-conf.patch
+90c7d213a0b4ef27bf643e046dd2b3c5909706c62fba24ef34ecb32ff07b73fda13ed04c616a7cf8148115fc977aa1096b61e717abd5bd32f72f7bb4ac07999f usr-paths.patch
+a347c45cb1cd3c93ece5352218f1e7bc38938f3cbaf060158e4df40e9f027afbc3c6a3651f25e26e45ab9f2c96af2181d2638b09ed747a4348d0fc88af798798 musl.patch
b3d7ceba02b6b4406222c3b142fcfdf2b612dc52eebc490cfd121d696e4ef7c6cc5e27813d67937c464ed4c3cd283de9ccfcb75e63405a447523fa4641e79da3 auditd.initd
69d8777772ded7a8c0db2bcf84961b121bb355fa0d4ba0e14e311f8a8bfe665cbd2b7ac632d73477f9dfa9a6eec357a7ed458fe9b3e7b5ede75b166f3f092ab7 auditd.confd
"
diff --git a/main/audit/musl.patch b/main/audit/musl.patch
new file mode 100644
index 0000000000..c96ce65350
--- /dev/null
+++ b/main/audit/musl.patch
@@ -0,0 +1,11 @@
+--- a/auparse/auparse.h
++++ b/auparse/auparse.h
+@@ -51,7 +51,7 @@
+ void auparse_destroy(auparse_state_t *au);
+ void auparse_destroy_ext(auparse_state_t *au, auparse_destroy_what_t what);
+ auparse_state_t *auparse_init(ausource_t source, const void *b)
+- __attribute_malloc__ __attr_dealloc (auparse_destroy, 1);
++ __attribute__((__malloc__)) __attr_dealloc (auparse_destroy, 1);
+ int auparse_new_buffer(auparse_state_t *au, const char *data, size_t data_len)
+ __attr_access ((__read_only__, 2, 3));
+ int auparse_feed(auparse_state_t *au, const char *data, size_t data_len)
diff --git a/main/audit/0004-fix-path-in-au-remote-conf.patch b/main/audit/usr-paths.patch
index c3d1efd846..8e1c2b67d9 100644
--- a/main/audit/0004-fix-path-in-au-remote-conf.patch
+++ b/main/audit/usr-paths.patch
@@ -1,7 +1,8 @@
From: Dermot Bradley <dermot_bradley@yahoo.com>
Date: Fri, 29 May 2020 19:55:23 +0100
+Updated: Mon, 30 May 2022 23:42:39 +0000
-Fix the path to the audisp-remote binary.
+correct paths in plugins
--- a/audisp/plugins/remote/au-remote.conf
+++ b/audisp/plugins/remote/au-remote.conf
@@ -14,3 +15,14 @@ Fix the path to the audisp-remote binary.
type = always
#args =
format = string
+--- a/audisp/plugins/syslog/syslog.conf
++++ b/audisp/plugins/syslog/syslog.conf
+@@ -8,7 +8,7 @@
+
+ active = no
+ direction = out
+-path = /sbin/audisp-syslog
++path = /usr/sbin/audisp-syslog
+ type = always
+ args = LOG_INFO
+ format = string
diff --git a/main/aumix/APKBUILD b/main/aumix/APKBUILD
index 2fc8efeceb..5111a26cca 100644
--- a/main/aumix/APKBUILD
+++ b/main/aumix/APKBUILD
@@ -1,14 +1,14 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=aumix
pkgver=2.9.1
-pkgrel=7
+pkgrel=8
pkgdesc="color text mode sound mixer"
-url="http://www.jpj.net/~trevor/aumix.html"
+url="https://sourceforge.net/projects/aumix/"
arch="all"
license="GPL-2.0-or-later"
makedepends="ncurses-dev linux-headers"
subpackages="$pkgname-doc"
-source="http://jpj.net/~trevor/aumix/releases/aumix-$pkgver.tar.bz2
+source="https://downloads.sourceforge.net/aumix/$pkgver/aumix-$pkgver.tar.bz2
gcc-10.patch
aumix.initd
"
diff --git a/main/autoconf-archive/APKBUILD b/main/autoconf-archive/APKBUILD
index 36c8afb1a1..43f4159b1e 100644
--- a/main/autoconf-archive/APKBUILD
+++ b/main/autoconf-archive/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Maintainer: Roberto Oliveira <robertoguimaraes8@gmail.com>
pkgname=autoconf-archive
-pkgver=2021.02.19
-pkgrel=1
+pkgver=2022.02.11
+pkgrel=0
pkgdesc="Collection of re-usable GNU Autoconf macros"
url="https://www.gnu.org/software/autoconf-archive"
arch="noarch"
@@ -28,5 +28,5 @@ package() {
}
sha512sums="
-a968c355c3cf66d74dc5b452141afbdf763e84a6c43b12c25da9a08482910d6d57ba3952aaf270d8cd5fd8b9d2dadf2d7d943ae2e1b067d68b71d2738d881aa0 autoconf-archive-2021.02.19.tar.xz
+243e06a356ea2c0fddc527febd4241da49fe4c11fb64b548873744a54e079860739d7a1da842833b99540acde3f6a2ebfddc41897306cc2e61e2c6037a7d22ff autoconf-archive-2022.02.11.tar.xz
"
diff --git a/main/avahi/APKBUILD b/main/avahi/APKBUILD
index 8a18632628..2b0508dcea 100644
--- a/main/avahi/APKBUILD
+++ b/main/avahi/APKBUILD
@@ -1,11 +1,11 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=avahi
pkgver=0.8
-pkgrel=5
+pkgrel=6
pkgdesc="multicast/unicast DNS-SD framework"
url="https://www.avahi.org/"
arch="all"
-license="LGPL-2.0-or-later"
+license="LGPL-2.1-or-later"
pkgusers="avahi"
pkggroups="avahi"
depends_dev="gdbm-dev"
diff --git a/main/awall/APKBUILD b/main/awall/APKBUILD
index 80742b20cc..5503262464 100644
--- a/main/awall/APKBUILD
+++ b/main/awall/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Kaarle Ritvanen <kunkku@alpinelinux.org>
# Maintainer: Kaarle Ritvanen <kunkku@alpinelinux.org>
pkgname=awall
-pkgver=1.11.1
+pkgver=1.12.0
pkgrel=0
pkgdesc="Alpine Wall"
url="https://gitlab.alpinelinux.org/alpine/awall"
@@ -10,7 +10,7 @@ arch="noarch"
license="GPL-2.0-only"
replaces="awall-nat"
depends="drill ip6tables ipset iptables lua$_luaver lua$_luaver-alt-getopt
- lua$_luaver-cjson lua$_luaver-pc lua$_luaver-posix lua$_luaver-schema
+ lua$_luaver-cjson lua$_luaver-pc lua$_luaver-posix lua-schema
lua$_luaver-stringy lua$_luaver-lyaml xtables-addons"
subpackages="$pkgname-masquerade $pkgname-policies"
triggers="$pkgname.trigger=/usr/share/awall"
@@ -51,7 +51,7 @@ policies() {
}
sha512sums="
-5f23bbe324e5f0618b92b1658487d925ff92624914295e8bb46a757c554f963643f611c5362c15d8feb05da7745de934def3b00aa68fe396a868541a8943dfce awall-v1.11.1.tar.bz2
+1e5b2bb3a64229c79959bd44dfa02c3b6230135eb0368bdc83ee5f0ce97ff9c02259442a3e8f9ae4eb62aaab97186537de15e5a548c720c7bed1aac8ecf30aa2 awall-v1.12.0.tar.bz2
e83ea3281c298092530e45fa5b62f6f85b9e5109b11e109799465ea832608294c7d9c4c3f5b0f321dfc0e82040daf3a17d066e9dea65cb0dbae2c453ea9e62cd awall-init
1cd4b7fa5fc6c9ac6667dff5cc00d96a3cc42aaccafe3c5562d3dcfd9f22ddec9cfe5a9339fee8001b67ccb8e8b81c9417f39a461e5052af9bf74a2753559bf7 setup-firewall
"
diff --git a/main/bacula/APKBUILD b/main/bacula/APKBUILD
index 91a391c1b8..947154bd0d 100644
--- a/main/bacula/APKBUILD
+++ b/main/bacula/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=bacula
-pkgver=9.6.7
-pkgrel=2
+pkgver=11.0.6
+pkgrel=1
pkgdesc="Enterprise ready, network based backup program"
url="https://www.bacula.org"
arch="all"
@@ -21,6 +21,7 @@ source="https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgver/$pkg
bacula-sd.initd
bacula-fd.initd
bacula-7.4.0-path-mounted.patch
+ bacula-11.0.6-pthread-double-detach-fix.patch
"
options="!check" #no test suite provided
@@ -155,8 +156,11 @@ client() {
install -d -o $pkgname -g $pkgname "$subpkgdir"/$_bworkdir
}
-sha512sums="27551faa2e4b13c6c2b9a2500f1253dfa5ee84929013491a7bf512d965d655c5af78b08201090474bc9b29827ca0a5c1c5a23a55712a1f739f37de75449cfd4d bacula-9.6.7.tar.gz
+sha512sums="
+44abc9e3598f3d3beea3e85cca0867e4b9b77c4e7a17cb1902a5e952b049fb2b15f8f6319436fce1dd92ad52d26f04d7225dd052372ecc30aa55fb668a639149 bacula-11.0.6.tar.gz
bb954bb94bffa68ba80872046782a73012487291f019fb8d7ff77fc7f4325e25bee88612b3279b4db7d3c2002ac7448ffabcda62da7bab54642a7413904abc91 bacula-dir.initd
0505b9a74520af6982d5df4390525976f8e009e641d0acfe8f24b2ec9f155166a65eecbabee9ff70ffe188d523effa64f958acd8f657410b1c002a6d736e8aee bacula-sd.initd
91a53cb566cfd91b42a319bd6ff9947047cae187c6ec198767853d1a0253667d6c2c58f0e72ed43a7b9f40b76e705cafde7a1d6ac86577fa0f64f44b031dec11 bacula-fd.initd
-2d3757236aacca421261a8866ff04b5b0151538e1462559bd1240119b1bece1d456acbba9fee86dbc6aaec7af2a52eb2c0b7490c5f371b7deb478731c74342ff bacula-7.4.0-path-mounted.patch"
+2d3757236aacca421261a8866ff04b5b0151538e1462559bd1240119b1bece1d456acbba9fee86dbc6aaec7af2a52eb2c0b7490c5f371b7deb478731c74342ff bacula-7.4.0-path-mounted.patch
+775ff4449ac7164cfc0f303c6aeb2be1b2d08f4197ac89db453795185c3251e94ccb6ef27068b7802453845d6bcf8474785a1ac7254227f027743baa2ab754bc bacula-11.0.6-pthread-double-detach-fix.patch
+"
diff --git a/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch b/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch
new file mode 100644
index 0000000000..a8bcffefd0
--- /dev/null
+++ b/main/bacula/bacula-11.0.6-pthread-double-detach-fix.patch
@@ -0,0 +1,30 @@
+diff --git a/src/dird/ua_server.c b/src/dird/ua_server.c
+index 75342a3bfa..d8d767e81f 100644
+--- a/src/dird/ua_server.c
++++ b/src/dird/ua_server.c
+@@ -126,7 +126,9 @@ static void *handle_UA_client_request(void *arg)
+ JCR *jcr;
+ BSOCK *user = (BSOCK *)arg;
+
+- pthread_detach(pthread_self());
++ // Alpine: We know the thread is already detached (src/lib/workq.c:74).
++ // Detaching it again would crash on musl, so we disable this call
++ // pthread_detach(pthread_self());
+
+ jcr = new_control_jcr("-Console-", JT_CONSOLE);
+
+diff --git a/src/dird/job.c b/src/dird/job.c
+index 7df6351..62452bd 100644
+--- a/src/dird/job.c
++++ b/src/dird/job.c
+@@ -408,7 +408,9 @@ static void *job_thread(void *arg)
+ {
+ JCR *jcr = (JCR *)arg;
+
+- pthread_detach(pthread_self());
++ // Alpine: We know the thread is already detatched (src/lib/workq.c:74).
++ // Detatching it again would crash on musl, so we disable this call
++ // pthread_detach(pthread_self());
+ Dsm_check(100);
+
+ Dmsg0(200, "=====Start Job=========\n");
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index f25bd7e993..e5309b99bc 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -6,7 +6,7 @@ pkgver=5.1.16
_patchlevel=${pkgver##*.}
_myver=${pkgver%.*}
_patchbase=${_myver/./}
-pkgrel=0
+pkgrel=2
pkgdesc="The GNU Bourne Again shell"
url="https://www.gnu.org/software/bash/bash.html"
arch="all"
@@ -16,6 +16,7 @@ makedepends_host="readline-dev>8 ncurses-dev"
install="$pkgname.post-install $pkgname.post-upgrade $pkgname.pre-deinstall"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc"
source="https://ftp.gnu.org/gnu/bash/bash-$_myver.tar.gz
+ bashrc
bash-noinfo.patch
"
# generate url's to patches. note: no forks allowed!
@@ -25,7 +26,7 @@ while [ $_i -le $_patchlevel ]; do
[ $_i -ge 10 ] && _pad="0"
[ $_i -ge 100 ] && _pad=
source="$source https://ftp.gnu.org/gnu/bash/bash-$_myver-patches/bash$_patchbase-$_pad$_i"
- _i=$(( $_i + 1))
+ _i=$(( _i + 1))
done
# secfixes:
@@ -34,6 +35,8 @@ done
builddir="$srcdir/$pkgname-$_myver"
+export CFLAGS="$CFLAGS -DSYS_BASHRC='\"/etc/bash/bashrc\"'"
+
prepare() {
# NOTE: This section is for applying the vendor patches, which are required to fix
# security holes. `default_prepare` does *not* apply vendor patches in the format
@@ -78,8 +81,9 @@ check() {
}
package() {
+ mkdir -p "$pkgdir"/etc/bash
make DESTDIR="$pkgdir" install
-
+ install -Dm644 "$srcdir"/bashrc "$pkgdir"/etc/bash/bashrc
rm -rf "$pkgdir"/usr/share/locale
}
@@ -92,6 +96,7 @@ dev() {
sha512sums="
c44a0ce381469219548a3a27589af3fea4f22eda1ca4e9434b59fc16da81b471c29ce18e31590e0860a6a251a664b68c2b45e3a17d22cfc02799ffd9a208390c bash-5.1.tar.gz
+4542e19f2c6c31fff1f412379d5e36c65767cf2d91f1311e8d43f2566e2e50ab8dddff6045aec9b0272ed7387aa9b35daf6b0844478c0bda94d961efcf6f3ae3 bashrc
9d8845491d0fe335bdd8e9a2bd98bda54bfed2ae3c35b2196c6d5a38bdf96c4d97572ba7d6b19ab605ef4e8f001f64cf3312f87dedebb9e37a95ad2c44e33cdb bash-noinfo.patch
1cd86805a2639614372aec29a710bc456e330abcbbaa0867820c94f714a1fa5fb5c1b18aa2c10263ae0bce9dad7579c7af2f732282315c1c34bfd6a90777bfd2 bash51-001
923e7822a9629645347d3aea0058fb5e2d52223507159a62369309f264612df44a84931c19e0ccb3852e98ce672dfbd454477090b4041b5a0de477c94eb61088 bash51-002
diff --git a/main/bash/bashrc b/main/bash/bashrc
new file mode 100644
index 0000000000..b851cf50b0
--- /dev/null
+++ b/main/bash/bashrc
@@ -0,0 +1,14 @@
+# Do not edit this file.
+# Place your readable configs in /etc/profile.d/*.sh
+
+if [[ $- != *i* ]] ; then
+ # Shell is non-interactive. Be done now!
+ return
+fi
+
+if [ -d /etc/profile.d/ ]; then
+ for f in /etc/profile.d/*.sh; do
+ [ -r "$f" ] && . "$f"
+ done
+ unset f
+fi
diff --git a/main/batctl/APKBUILD b/main/batctl/APKBUILD
index 30a76028d6..d09134295d 100644
--- a/main/batctl/APKBUILD
+++ b/main/batctl/APKBUILD
@@ -1,11 +1,11 @@
# Maintainer: Ariadne Conill <ariadne@dereferenced.org>
pkgname=batctl
-pkgver=2021.1
-pkgrel=0
+pkgver=2022.0
+pkgrel=1
pkgdesc="B.A.T.M.A.N. advanced control and management tool"
url="https://www.open-mesh.org/"
arch="all"
-license="GPL-2"
+license="GPL-2.0-only AND MIT"
depends_dev="libnl3-dev linux-headers"
makedepends="$depends_dev"
subpackages="$pkgname-doc"
@@ -21,5 +21,5 @@ package() {
}
sha512sums="
-542343db3fb7d8f773656d9049285816359b0c94d7b26f26d5993209cae561b4b62442eef919b65bc46e0d8d23b10afd2f3d8c4beb2841641fffc643f65d8de6 batctl-2021.1.tar.gz
+4e839119914c471818dcdc6ee0850802f0141dade8303be92fd0fc6f4cf492e37e482401f4e519d815f3928c84b247a5d5e0000128eb958702b8a99ff6f4975e batctl-2022.0.tar.gz
"
diff --git a/main/bats/APKBUILD b/main/bats/APKBUILD
index 39d28860cd..6f8285b511 100644
--- a/main/bats/APKBUILD
+++ b/main/bats/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Jose-Luis Rivas <ghostbar@riseup.net>
pkgname=bats
-pkgver=1.5.0
+pkgver=1.6.0
pkgrel=0
pkgdesc="Bash Automated Testing System"
options="!check" # Test passes CI/locally, fails on builders
@@ -20,5 +20,5 @@ package() {
./install.sh "$pkgdir"/usr
}
sha512sums="
-4e0b4adbc6ae7d40cbeb353d856dd919485838f9ee1eca5fb6747bcdd7b88f4eda673005ab735e104c9e8c5740cd2357b955e31b3769cb1c2561564e7369179d bats-1.5.0.zip
+c76a219c0d6e8016bac90229b842c0666c1a63ae4c063c644a1cb2c78234e5b2685576889ca2c71cd1a6adfd3281be4c01e907b183873777e58e0d749e07d23c bats-1.6.0.zip
"
diff --git a/main/bctoolbox/APKBUILD b/main/bctoolbox/APKBUILD
index 53a23222fe..7a220d8cf3 100644
--- a/main/bctoolbox/APKBUILD
+++ b/main/bctoolbox/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=bctoolbox
-pkgver=5.0.66
+pkgver=5.1.45
pkgrel=0
pkgdesc="Utilities library used by Belledonne Communications softwares like belle-sip, mediastreamer2 and linphone"
url="https://github.com/BelledonneCommunications/bctoolbox"
@@ -46,5 +46,5 @@ dev() {
}
sha512sums="
-4918b778a18e311e9b477574859db92a3d88b2ffb8c85081918688bf3bc104ed16bd5a5f5609d4137b3f3009ce485121fa999703d25b4867175aa1c34eb29d9f bctoolbox-5.0.66.tar.gz
+488d296f3d0328858692d865ce4c315bd9f2baa9fbe9577a1fd214735d8bbe83005f082239c277607d8561682d220e0da0f30b695911780b1a7ec27cfea1c247 bctoolbox-5.1.45.tar.gz
"
diff --git a/main/beep/0001-disable-gcc-ubsan.patch b/main/beep/0001-disable-gcc-ubsan.patch
new file mode 100644
index 0000000000..24cad5942e
--- /dev/null
+++ b/main/beep/0001-disable-gcc-ubsan.patch
@@ -0,0 +1,25 @@
+From 30751070371ee32a3b58f8f416c07ddc1d3b5680 Mon Sep 17 00:00:00 2001
+From: Leonardo Arena <rnalrd@alpinelinux.org>
+Date: Tue, 1 Feb 2022 09:26:02 +0000
+Subject: [PATCH] disable gcc ubsan
+
+---
+ GNUmakefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/GNUmakefile b/GNUmakefile
+index a27b453..fbc3605 100644
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -169,7 +169,7 @@ $(eval $(call CHECK_CFLAGS,CFLAGS,-fanalyzer))
+ $(eval $(call CHECK_CFLAGS,CFLAGS,-fstack-protector-strong))
+ $(eval $(call CHECK_CFLAGS,CFLAGS,-fstack-clash-protection))
+ $(eval $(call CHECK_CFLAGS,CFLAGS,-fcf-protection))
+-$(eval $(call CHECK_CFLAGS,CFLAGS,-fsanitize=undefined))
++$(eval $(call CHECK_CFLAGS,CFLAGS))
+
+
+ CFLAGS += -save-temps=obj
+--
+2.35.1
+
diff --git a/main/beep/0002-remove-option-werror.patch b/main/beep/0002-remove-option-werror.patch
new file mode 100644
index 0000000000..7f650bcfd7
--- /dev/null
+++ b/main/beep/0002-remove-option-werror.patch
@@ -0,0 +1,25 @@
+From b471c291766e0b6a3afaa1324fd1c79be7ab0dab Mon Sep 17 00:00:00 2001
+From: Leonardo Arena <rnalrd@alpinelinux.org>
+Date: Tue, 1 Feb 2022 09:30:53 +0000
+Subject: [PATCH 1/2] remove option werror
+
+---
+ GNUmakefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/GNUmakefile b/GNUmakefile
+index a27b453..9747798 100644
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -155,7 +155,7 @@ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror=unknown-warning-option))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wall))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wextra))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Weverything))
+-$(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror))
++$(eval $(call CHECK_CFLAGS,common_CFLAGS))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wno-padded))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Werror=format-security))
+ $(eval $(call CHECK_CFLAGS,common_CFLAGS,-Wno-disabled-macro-expansion))
+--
+2.35.1
+
diff --git a/main/beep/0003-remove-option-werror.patch b/main/beep/0003-remove-option-werror.patch
new file mode 100644
index 0000000000..ec3046742e
--- /dev/null
+++ b/main/beep/0003-remove-option-werror.patch
@@ -0,0 +1,25 @@
+From 648ebb687339269bfd056703f0aa5a62a9ba4f06 Mon Sep 17 00:00:00 2001
+From: Leonardo Arena <rnalrd@alpinelinux.org>
+Date: Tue, 1 Feb 2022 09:31:33 +0000
+Subject: [PATCH 2/2] remove O2 optimization
+
+---
+ GNUmakefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/GNUmakefile b/GNUmakefile
+index 9747798..d192bab 100644
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -147,7 +147,7 @@ common_LIBS =
+
+ common_CPPFLAGS += -DPACKAGE_TARNAME='"$(PACKAGE_TARNAME)"'
+ common_CPPFLAGS += -DPACKAGE_VERSION='"$(PACKAGE_VERSION)"'
+-common_CFLAGS += -O2 -g
++common_CFLAGS += -g
+ common_CFLAGS += -std=gnu99
+ common_CFLAGS += $(if $(filter %.o,$@),-Wa$(comma)-adhlns=$(@:.o=.lst))
+ common_CFLAGS += -pedantic
+--
+2.35.1
+
diff --git a/main/beep/APKBUILD b/main/beep/APKBUILD
index 9c142fd4d0..716a1f1f8a 100644
--- a/main/beep/APKBUILD
+++ b/main/beep/APKBUILD
@@ -1,22 +1,32 @@
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=beep
-pkgver=1.4.9
+pkgver=1.4.12
pkgrel=0
pkgdesc="A terminal bell"
url="https://github.com/spkr-beep/beep"
arch="all"
license="GPL-2.0-or-later"
makedepends="linux-headers"
+options="!check" # no test suite
subpackages="$pkgname-doc"
-source="$pkgname-$pkgver.tar.gz::https://github.com/spkr-beep/beep/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/spkr-beep/beep/archive/v$pkgver.tar.gz
+ 0001-disable-gcc-ubsan.patch
+ 0002-remove-option-werror.patch
+ 0003-remove-option-werror.patch
+ "
build() {
- make
+ make prefix="/usr" DESTDIR="$pkgdir"
}
package() {
- make DESTDIR="$pkgdir" install
+ make prefix="/usr" DESTDIR="$pkgdir" install
}
-sha512sums="46e6066cb4d9ad4a0c55a03bf5a2163426648ce3831fe1f7bafa2f02d0e407b50c52e58cc2b123c346df96e92b73d2458b473c3fb001d9a0d1470b7cf38cc35b beep-1.4.9.tar.gz"
+sha512sums="
+18fed77bc4820ecc84ac12e903d516d5228fa2038df1788cc68db76e40b3c47a271911cc45bc48ce94e3f215803c5c05cb6c08ebb47ae6d7fcf1e0bc1ac169cd beep-1.4.12.tar.gz
+44d1871a1cd763468873242d77c21c9c9f8682c75a561592d61536ecb98917b108d61d1801d974cc05ffed5d009dfafe21cc9705f8494edcb6a01aa528b9cabd 0001-disable-gcc-ubsan.patch
+e04dff41163889b4ec263ceba3a0b5757e900863c8165b3b893af30b16894f1b08414d345b6195f229824811d9b737c3ff100c772fbf02de5f30442c9f3f64cf 0002-remove-option-werror.patch
+977b7e001c80af7086d388dc05add931e9aad985f163d511c873b350b7a001bc8faaa198e074b15d3b310d0a09413a7d9989b519be89bf73119d3d14a6cd4dd9 0003-remove-option-werror.patch
+"
diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD
index e96cdc6865..3b45936b28 100644
--- a/main/bind/APKBUILD
+++ b/main/bind/APKBUILD
@@ -5,16 +5,17 @@
# Contributor: ungleich <alpinelinux@ungleich.ch>
# Maintainer:
pkgname=bind
-pkgver=9.16.24
+pkgver=9.18.3
_ver=${pkgver%_p*}
_p=${pkgver#*_p}
_major=${pkgver%%.*}
[ "$_p" != "$pkgver" ] && _ver="$_ver-P$_p"
-pkgrel=0
+pkgrel=2
pkgdesc="The ISC DNS server"
url="https://www.isc.org/"
arch="all"
license="MPL-2.0"
+options="!check" # requires bind server
pkgusers="named"
pkggroups="named"
depends="dns-root-hints bind-tools"
@@ -22,23 +23,19 @@ depends_dev="$pkgname $pkgname-plugins $pkgname-tools"
_depends_plugins="$pkgname"
_root_keys_upstream="dnssec-root"
_depends_root_keys="$_root_keys_upstream"
-_py3deps="py3-ply python3"
makedepends="
bash
- bsd-compat-headers
fstrm-dev
- json-c-dev
krb5-dev
libcap-dev
libuv-dev
libxml2-dev
linux-headers
+ nghttp2-dev
openldap-dev
openssl1.1-compat-dev
perl
protobuf-c-dev
- $_py3deps
- python3-dev
$_depends_root_keys
"
install="$pkgname.pre-install $pkgname.post-install"
@@ -49,15 +46,12 @@ subpackages="
$pkgname-libs
$pkgname-openrc
$pkgname-${_root_keys_upstream}:root_keys:noarch
- py3-$pkgname:_py3
$pkgname-dnssec-tools:_dnssec_tools
$pkgname-plugins
$pkgname-tools
"
source="
https://downloads.isc.org/isc/bind$_major/$_ver/bind-$_ver.tar.xz
- bind.plugindir.patch
- bind.so_bsdcompat.patch
named.initd
named.confd
named.conf.authoritative
@@ -67,6 +61,9 @@ source="
"
# secfixes:
+# 9.16.27-r0:
+# - CVE-2022-0396
+# - CVE-2021-25220
# 9.16.22-r0:
# - CVE-2021-25219
# 9.16.20-r0:
@@ -132,7 +129,6 @@ prepare() {
-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
"$i"
done
- update_config_sub
}
build() {
@@ -147,28 +143,19 @@ build() {
--localstatedir=/var \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
- --with-dlopen=yes \
- --with-dlz-filesystem=yes \
- --with-dlz-ldap=yes \
- --with-dlz-stub=yes \
- --with-gssapi=/usr \
- --with-libjson \
- --with-libtool \
+ --with-gssapi=yes \
--with-libxml2 \
- --with-openssl=/usr \
- --with-python=python3 \
+ --with-openssl=yes \
--enable-dnstap \
--enable-largefile \
--enable-linux-caps \
--enable-shared \
- --enable-static \
- --disable-isc-spnego \
- --disable-backtrace
+ --disable-static
make
}
check() {
- ./bin/named/named -V
+ make test
}
package() {
@@ -200,21 +187,13 @@ package() {
ln -s named.ca root.cache
}
-_py3() {
- pkgdesc="A module allowing rndc commands to be sent from Python programs"
- depends="$_py3deps"
- mkdir -p "$subpkgdir"/usr/lib
- mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/
-}
-
_dnssec_tools() {
pkgdesc="Utilities for DNSSEC keys and DNS zone files management"
- depends="py3-$pkgname=$pkgver-r$pkgrel"
- mkdir -p "$subpkgdir"/usr/sbin
+ mkdir -p "$subpkgdir"/usr/bin
mv \
- "$pkgdir"/usr/sbin/nsec3hash \
- "$pkgdir"/usr/sbin/dnssec* \
- "$subpkgdir"/usr/sbin/
+ "$pkgdir"/usr/bin/nsec3hash \
+ "$pkgdir"/usr/bin/dnssec* \
+ "$subpkgdir"/usr/bin/
}
@@ -230,14 +209,18 @@ tools() {
pkgdesc="The ISC DNS tools"
depends="$depends_tools"
- mkdir -p "$subpkgdir"/usr
- mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+ mkdir -p "$subpkgdir"/usr/bin
+ for i in "$pkgdir"/usr/bin/*; do
+ case "${i##*/}" in
+ named-checkconf) ;;
+ *) mv "$i" "$subpkgdir"/usr/bin ;;
+ esac
+ done
mkdir -p "$subpkgdir"/usr/sbin
for i in "$pkgdir"/usr/sbin/*; do
- file "$i" | grep 'Python script' >/dev/null 2>&1 && continue || :
case "${i##*/}" in
- named|named-checkconf|rndc) ;;
+ named|rndc) ;;
*) mv "$i" "$subpkgdir"/usr/sbin ;;
esac
done
@@ -282,10 +265,8 @@ _gpgfingerprints="
"
sha512sums="
-a982bcad8c517dbcb81e768486e1a8b92e495efcf45c4961170c3bc7fac837903605dcd05cfb9b9e1074599b90be1b9c3dbca4162ede0a32fe4c3405ad92816b bind-9.16.24.tar.xz
-2b32d1e7f62cd1e01bb4fdd92d15460bc14761b933d5acc463a91f5ecd4773d7477c757c5dd2738e8e433693592cf3f623ffc142241861c91848f01aa84640d6 bind.plugindir.patch
-7167dccdb2833643dfdb92994373d2cc087e52ba23b51bd68bd322ff9aca6744f01fa9d8a4b9cd8c4ce471755a85c03ec956ec0d8a1d4fae02124ddbed6841f6 bind.so_bsdcompat.patch
-53db80f7ee4902f42fb1d0bc959242bcb6f20d95256bda99ce2c206af8b4703c7f72bb26d026c633f70451b84a37c3946b210951e34dd5d6620b181cd0183de4 named.initd
+eeb2c376172469cd9d788a48487dec026ef28f6a82c474c546464a6caf510ff8f005c780ad85de9a096f4201f41e7db3b6ddfdb8c31c10d62b727f160d918d94 bind-9.18.3.tar.xz
+3d1d3e954aaee5e125f6b6f3cb660b51fc91d803df4cad43c47dbe97f19789cef20b5ca2834624668f0d761a5b81ac72db8959745d6eb293ca1154a1b390a007 named.initd
127bdcc0b5079961f0951344bc3fad547450c81aee2149eac8c41a8c0c973ea0ffe3f956684c6fcb735a29c43d2ff48c153b6a71a0f15757819a72c492488ddf named.confd
d2f61d02d7829af51faf14fbe2bafe8bc90087e6b6697c6275a269ebbddcaa14a234fff5c41da793e945e8ff1de3de0858a40334e0d24289eab98df4bb721ac5 named.conf.authoritative
3aba9763cfaf0880a89fd01202f41406b465547296ce91373eb999ea7719040bc1ac4e47b0de025a8060f693d3d88774a20d09a43fa7ac6aa43989b58b5ee8fe named.conf.recursive
diff --git a/main/bind/bind.plugindir.patch b/main/bind/bind.plugindir.patch
deleted file mode 100644
index bcef2dbdec..0000000000
--- a/main/bind/bind.plugindir.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/make/rules.in b/make/rules.in
-index 8039856..bd29891 100644
---- a/make/rules.in
-+++ b/make/rules.in
-@@ -28,7 +28,7 @@ localstatedir = @localstatedir@
- mandir = @mandir@
- datarootdir = @datarootdir@
-
--plugindir = ${libdir}/named
-+plugindir = ${libdir}/bind
-
- DESTDIR =
-
diff --git a/main/bind/bind.so_bsdcompat.patch b/main/bind/bind.so_bsdcompat.patch
deleted file mode 100644
index 69751e13b3..0000000000
--- a/main/bind/bind.so_bsdcompat.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/lib/isc/unix/socket.c.orig 2005-11-03 17:08:42.000000000 -0600
-+++ b/lib/isc/unix/socket.c 2006-02-18 13:09:15.000000000 -0600
-@@ -245,6 +245,8 @@
-
- #define SOCK_DEAD(s) ((s)->references == 0)
-
-+#undef SO_BSDCOMPAT
-+
- static void
- manager_log(isc_socketmgr_t *sockmgr,
- isc_logcategory_t *category, isc_logmodule_t *module, int level,
diff --git a/main/bind/named.initd b/main/bind/named.initd
index cad932c68d..c7a8bb1a87 100644
--- a/main/bind/named.initd
+++ b/main/bind/named.initd
@@ -13,7 +13,7 @@ depend() {
_get_pidfile() {
[ -n "${PIDFILE}" ] || PIDFILE=$(\
- /usr/sbin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
+ /usr/bin/named-checkconf -p ${NAMED_CONF} | grep 'pid-file' | cut -d\" -f2)
[ -z "${PIDFILE}" ] && PIDFILE=/var/run/named/named.pid
}
@@ -25,7 +25,7 @@ checkconfig() {
return 1
fi
- /usr/sbin/named-checkconf ${NAMED_CONF} || {
+ /usr/bin/named-checkconf ${NAMED_CONF} || {
eerror "named-checkconf failed! Please fix your config first."
return 1
}
@@ -35,7 +35,7 @@ checkconfig() {
checkzones() {
ebegin "Checking named configuration and zones"
- /usr/sbin/named-checkconf -z -j ${NAMED_CONF}
+ /usr/bin/named-checkconf -z -j ${NAMED_CONF}
eend $?
}
diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD
index 16efeb3708..17fab6ace8 100644
--- a/main/binutils/APKBUILD
+++ b/main/binutils/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Ariadne Conill <ariadne@dereferenced.org>
pkgname=binutils
-pkgver=2.37 # XXX: remove man page workaround in prepare() on upgrade
-pkgrel=4
+pkgver=2.38
+pkgrel=3
pkgdesc="Tools necessary to build programs"
url="https://www.gnu.org/software/binutils/"
makedepends_build="bison flex texinfo"
@@ -17,8 +17,10 @@ source="https://ftp.gnu.org/gnu/binutils/binutils-$pkgver.tar.xz
ld-bfd-mips.patch
0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
binutils-mips-disable-assert.patch
- bfd-close-file-desriptor-if-there-is-no-archive-fd.patch
- defang-no-split.patch
+ binutils-ppc-fix-machine-options.patch
+ binutils-s390x-1.patch
+ binutils-s390x-2.patch
+ binutils-ppc64le-assertion.patch
"
builddir="$srcdir/$pkgname-$pkgver"
@@ -43,14 +45,6 @@ fi
# 2.28-r1:
# - CVE-2017-7614
-prepare() {
- default_prepare
-
- # Remove existing empty man pages to force them to be regenerated.
- # Workaround for https://gitlab.alpinelinux.org/alpine/aports/-/issues/13034
- find "$builddir" -name '[a-z]*\.[0-9]*' -empty -delete
-}
-
build() {
local _sysroot=/
local _cross_configure="--enable-install-libiberty --enable-shared"
@@ -142,12 +136,14 @@ gold() {
}
sha512sums="
-5c11aeef6935860a6819ed3a3c93371f052e52b4bdc5033da36037c1544d013b7f12cb8d561ec954fe7469a68f1b66f1a3cd53d5a3af7293635a90d69edd15e7 binutils-2.37.tar.xz
+8bf0b0d193c9c010e0518ee2b2e5a830898af206510992483b427477ed178396cd210235e85fd7bd99a96fc6d5eedbeccbd48317a10f752b7336ada8b2bb826d binutils-2.38.tar.xz
ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch
f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch
314d2ef9071c89940aa6c8118e8a1e2f191a5d0a4bf596da1ad9cc84f884d8bc7dea8bd7b9fc3f8f1bddd3fd41c6eb017e1e804044b3bf084df1ed9e6e095e2d ld-bfd-mips.patch
70ec22bd72ef6dddecfd970613387dd4a8cdc8730dd3cbf03d5a0c3a7c4d839383167bb06dad21bf7c235329fd44b5dc4aefe762f68544f17155cf002bf1be4a 0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
609cd90d8b334eb309f586b17b9d335a08d3dbb6def7c3eb5c010028fcb681674031e5b9d853aa7a39a50304356a86afc184b85562b3f228f8197f4d29395c8f binutils-mips-disable-assert.patch
-10a0074583d2cc4598710c7e434ba7088da074b105f4f5e951fc61af7150ad62adf60a7c98f6fd13b1771f169e45a5a1ef618240c6893d3f0f3d93fd768a03c6 bfd-close-file-desriptor-if-there-is-no-archive-fd.patch
-4652f092c9376f0cb7fd6c72cb37ff7c15c1c6e3408fac79329b7f41a7925c98eb35989a9a040682130988a36401901d6d95afa44f0ce50caa85ee478db6bf03 defang-no-split.patch
+27ea91e0e406e2ed464fd692cf92a07e338781789f2d968c8b95d9d5545985056a6f7f500df3952e5ab42165db28b741aa33d6b717e880b11a2e41fe406b13c4 binutils-ppc-fix-machine-options.patch
+a9efe2689624865f0ff33d4776a5bd295bcad6484bdd38d0ca490fea43691c4933ab33d17478851998eef12922dbf83d6c3225bb1f8faf92a1367d086390f7d3 binutils-s390x-1.patch
+0e291df80ad279005265634014d0935d2c115a5ed708d25407094b7ad4ddf267d1fb7fcbcb2d9ad73bd305b4e3974628b820bd1f249f56c095e4896872434cc9 binutils-s390x-2.patch
+63e58f45df3570279cb1ee5215ba3de77de012cac20da9cdd23f86a93890056e1efa397521559cfd0716d5239604607c440d8f4d089d83c98b8fbc1b5c5305f8 binutils-ppc64le-assertion.patch
"
diff --git a/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch b/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch
deleted file mode 100644
index 357d0f9701..0000000000
--- a/main/binutils/bfd-close-file-desriptor-if-there-is-no-archive-fd.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-Upstream: yes
-URL: https://sourceware.org/bugzilla/show_bug.cgi?id=28138
-From 1c611b40e6bfc8029bff7696814330b5bc0ee5c0 Mon Sep 17 00:00:00 2001
-From: "H.J. Lu" <hjl.tools@gmail.com>
-Date: Mon, 26 Jul 2021 05:59:55 -0700
-Subject: [PATCH] bfd: Close the file descriptor if there is no archive fd
-
-Close the file descriptor if there is no archive plugin file descriptor
-to avoid running out of file descriptors on thin archives with many
-archive members.
-
-bfd/
-
- PR ld/28138
- * plugin.c (bfd_plugin_close_file_descriptor): Close the file
- descriptor there is no archive plugin file descriptor.
-
-ld/
-
- PR ld/28138
- * testsuite/ld-plugin/lto.exp: Run tmpdir/pr28138 only for
- native build.
-
- PR ld/28138
- * testsuite/ld-plugin/lto.exp: Run ld/28138 tests.
- * testsuite/ld-plugin/pr28138.c: New file.
- * testsuite/ld-plugin/pr28138-1.c: Likewise.
- * testsuite/ld-plugin/pr28138-2.c: Likewise.
- * testsuite/ld-plugin/pr28138-3.c: Likewise.
- * testsuite/ld-plugin/pr28138-4.c: Likewise.
- * testsuite/ld-plugin/pr28138-5.c: Likewise.
- * testsuite/ld-plugin/pr28138-6.c: Likewise.
- * testsuite/ld-plugin/pr28138-7.c: Likewise.
-
-(cherry picked from commit 5a98fb7513b559e20dfebdbaa2a471afda3b4742)
-(cherry picked from commit 7dc37e1e1209c80e0bab784df6b6bac335e836f2)
----
- bfd/plugin.c | 8 +++++++
- ld/testsuite/ld-plugin/lto.exp | 34 ++++++++++++++++++++++++++++++
- ld/testsuite/ld-plugin/pr28138-1.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-2.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-3.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-4.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-5.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-6.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138-7.c | 6 ++++++
- ld/testsuite/ld-plugin/pr28138.c | 20 ++++++++++++++++++
- 10 files changed, 104 insertions(+)
- create mode 100644 ld/testsuite/ld-plugin/pr28138-1.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-2.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-3.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-4.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-5.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-6.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138-7.c
- create mode 100644 ld/testsuite/ld-plugin/pr28138.c
-
-diff --git a/bfd/plugin.c b/bfd/plugin.c
-index 6cfa2b66470..3bab8febe88 100644
---- a/bfd/plugin.c
-+++ b/bfd/plugin.c
-@@ -291,6 +291,14 @@ bfd_plugin_close_file_descriptor (bfd *abfd, int fd)
- && !bfd_is_thin_archive (abfd->my_archive))
- abfd = abfd->my_archive;
-
-+ /* Close the file descriptor if there is no archive plugin file
-+ descriptor. */
-+ if (abfd->archive_plugin_fd == -1)
-+ {
-+ close (fd);
-+ return;
-+ }
-+
- abfd->archive_plugin_fd_open_count--;
- /* Dup the archive plugin file descriptor for later use, which
- will be closed by _bfd_archive_close_and_cleanup. */
-diff --git a/ld/testsuite/ld-plugin/lto.exp b/ld/testsuite/ld-plugin/lto.exp
-index def69e43ab3..999d911ce6a 100644
---- a/ld/testsuite/ld-plugin/lto.exp
-+++ b/ld/testsuite/ld-plugin/lto.exp
-@@ -687,6 +687,40 @@ if { [is_elf_format] && [check_lto_shared_available] } {
- }
- }
-
-+run_cc_link_tests [list \
-+ [list \
-+ "Build pr28138.a" \
-+ "-T" "" \
-+ {pr28138-1.c pr28138-2.c pr28138-3.c pr28138-4.c pr28138-5.c \
-+ pr28138-6.c pr28138-7.c} {} "pr28138.a" \
-+ ] \
-+ [list \
-+ "Build pr28138.o" \
-+ "" "" \
-+ {pr28138.c} {} \
-+ ] \
-+]
-+
-+set exec_output [run_host_cmd "sh" \
-+ "-c \"ulimit -n 20; \
-+ $CC -Btmpdir/ld -o tmpdir/pr28138 \
-+ tmpdir/pr28138.o tmpdir/pr28138.a\""]
-+set exec_output [prune_warnings $exec_output]
-+if [string match "" $exec_output] then {
-+ if { [isnative] } {
-+ set exec_output [run_host_cmd "tmpdir/pr28138" ""]
-+ if [string match "PASS" $exec_output] then {
-+ pass "PR ld/28138"
-+ } else {
-+ fail "PR ld/28138"
-+ }
-+ } else {
-+ pass "PR ld/28138"
-+ }
-+} else {
-+ fail "PR ld/28138"
-+}
-+
- set testname "Build liblto-11.a"
- remote_file host delete "tmpdir/liblto-11.a"
- set catch_output [run_host_cmd "$ar" "rc $plug_opt tmpdir/liblto-11.a tmpdir/lto-11a.o tmpdir/lto-11b.o tmpdir/lto-11c.o"]
-diff --git a/ld/testsuite/ld-plugin/pr28138-1.c b/ld/testsuite/ld-plugin/pr28138-1.c
-new file mode 100644
-index 00000000000..51d119e1642
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-1.c
-@@ -0,0 +1,6 @@
-+extern int a0(void);
-+int
-+a1(void)
-+{
-+ return 1 + a0();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-2.c b/ld/testsuite/ld-plugin/pr28138-2.c
-new file mode 100644
-index 00000000000..1120cd797e9
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-2.c
-@@ -0,0 +1,6 @@
-+extern int a1(void);
-+int
-+a2(void)
-+{
-+ return 1 + a1();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-3.c b/ld/testsuite/ld-plugin/pr28138-3.c
-new file mode 100644
-index 00000000000..ec464947ee6
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-3.c
-@@ -0,0 +1,6 @@
-+extern int a2(void);
-+int
-+a3(void)
-+{
-+ return 1 + a2();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-4.c b/ld/testsuite/ld-plugin/pr28138-4.c
-new file mode 100644
-index 00000000000..475701b2c5c
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-4.c
-@@ -0,0 +1,6 @@
-+extern int a3(void);
-+int
-+a4(void)
-+{
-+ return 1 + a3();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-5.c b/ld/testsuite/ld-plugin/pr28138-5.c
-new file mode 100644
-index 00000000000..e24f86c363e
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-5.c
-@@ -0,0 +1,6 @@
-+extern int a4(void);
-+int
-+a5(void)
-+{
-+ return 1 + a4();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-6.c b/ld/testsuite/ld-plugin/pr28138-6.c
-new file mode 100644
-index 00000000000..b5b938bdb21
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-6.c
-@@ -0,0 +1,6 @@
-+extern int a5(void);
-+int
-+a6(void)
-+{
-+ return 1 + a5();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138-7.c b/ld/testsuite/ld-plugin/pr28138-7.c
-new file mode 100644
-index 00000000000..4ef75bf0f0c
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138-7.c
-@@ -0,0 +1,6 @@
-+extern int a6(void);
-+int
-+a7(void)
-+{
-+ return 1 + a6();
-+}
-diff --git a/ld/testsuite/ld-plugin/pr28138.c b/ld/testsuite/ld-plugin/pr28138.c
-new file mode 100644
-index 00000000000..68252c9f382
---- /dev/null
-+++ b/ld/testsuite/ld-plugin/pr28138.c
-@@ -0,0 +1,20 @@
-+#include <stdio.h>
-+
-+extern int a7(void);
-+
-+int
-+a0(void)
-+{
-+ return 0;
-+}
-+
-+int
-+main()
-+{
-+ if (a7() == 7)
-+ {
-+ printf ("PASS\n");
-+ return 0;
-+ }
-+ return 1;
-+}
---
-2.27.0
-
diff --git a/main/binutils/binutils-ppc-fix-machine-options.patch b/main/binutils/binutils-ppc-fix-machine-options.patch
new file mode 100644
index 0000000000..703ecf98a3
--- /dev/null
+++ b/main/binutils/binutils-ppc-fix-machine-options.patch
@@ -0,0 +1,41 @@
+Fix for DARN opcode error during ppc64le compilation of rng-tools which
+occurs with binutils 2.38 but not with binutils 2.37..
+
+https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=cebc89b9328;hp=9cbed90ee623d75e31994e7943960c997ba565f2
+
+
+diff -aur a/gas/config/tc-ppc.c b/gas/config/tc-ppc.c
+--- a/gas/config/tc-ppc.c
++++ b/gas/config/tc-ppc.c
+@@ -5965,7 +5965,30 @@
+ options do not count as a new machine, instead they add
+ to currently selected opcodes. */
+ ppc_cpu_t machine_sticky = 0;
+- new_cpu = ppc_parse_cpu (ppc_cpu, &machine_sticky, cpu_string);
++ /* Unfortunately, some versions of gcc emit a .machine
++ directive very near the start of the compiler's assembly
++ output file. This is bad because it overrides user -Wa
++ cpu selection. Worse, there are versions of gcc that
++ emit the *wrong* cpu, not even respecting the -mcpu given
++ to gcc. See gcc pr101393. And to compound the problem,
++ as of 20220222 gcc doesn't pass the correct cpu option to
++ gas on the command line. See gcc pr59828. Hack around
++ this by keeping sticky options for an early .machine. */
++ asection *sec;
++ for (sec = stdoutput->sections; sec != NULL; sec = sec->next)
++ {
++ segment_info_type *info = seg_info (sec);
++ /* Are the frags for this section perturbed from their
++ initial state? Even .align will count here. */
++ if (info != NULL
++ && (info->frchainP->frch_root != info->frchainP->frch_last
++ || info->frchainP->frch_root->fr_type != rs_fill
++ || info->frchainP->frch_root->fr_fix != 0))
++ break;
++ }
++ new_cpu = ppc_parse_cpu (ppc_cpu,
++ sec == NULL ? &sticky : &machine_sticky,
++ cpu_string);
+ if (new_cpu != 0)
+ ppc_cpu = new_cpu;
+ else
diff --git a/main/binutils/binutils-ppc64le-assertion.patch b/main/binutils/binutils-ppc64le-assertion.patch
new file mode 100644
index 0000000000..cd6113e6f8
--- /dev/null
+++ b/main/binutils/binutils-ppc64le-assertion.patch
@@ -0,0 +1,32 @@
+From 97dd8079feb35456d7b387a594b5e00f7654b3b8 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 23 Jun 2022 17:50:30 +0930
+Subject: [PATCH] PowerPC64: fix assertion in ppc_build_one_stub with -Os code
+
+save_res stubs aren't written in ppc_build_one_stub, their offsets
+(which are zero) should not be checked.
+
+ * elf64-ppc.c (ppc_build_one_stub): Don't check save_res offsets.
+
+(cherry picked from commit 570e911f4e533fad33ad5e4e1102929cf7e80bd7)
+---
+ bfd/elf64-ppc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
+index cb12ed476d8..df503341fe9 100644
+--- a/bfd/elf64-ppc.c
++++ b/bfd/elf64-ppc.c
+@@ -11700,7 +11700,8 @@ ppc_build_one_stub (struct bfd_hash_entry *gen_entry, void *in_arg)
+ if (htab == NULL)
+ return false;
+
+- BFD_ASSERT (stub_entry->stub_offset >= stub_entry->group->stub_sec->size);
++ BFD_ASSERT (stub_entry->stub_offset >= stub_entry->group->stub_sec->size
++ || stub_entry->type.main == ppc_stub_save_res);
+ loc = stub_entry->group->stub_sec->contents + stub_entry->stub_offset;
+
+ htab->stub_count[stub_entry->type.main - 1] += 1;
+--
+2.31.1
+
diff --git a/main/binutils/binutils-s390x-1.patch b/main/binutils/binutils-s390x-1.patch
new file mode 100644
index 0000000000..fab51a2fad
--- /dev/null
+++ b/main/binutils/binutils-s390x-1.patch
@@ -0,0 +1,147 @@
+From 82a5bb730a16f8c7962568030268e784b4fb42c8 Mon Sep 17 00:00:00 2001
+From: Stefan Liebler <stli@linux.ibm.com>
+Date: Thu, 28 Apr 2022 14:29:58 +0200
+Subject: [PATCH] s390: Avoid dynamic TLS relocs in PIE
+
+No dynamic relocs are needed for TLS defined in an executable, the
+TP relative offset is known at link time.
+
+Fixes
+FAIL: Build pr22263-1
+
+bfd/
+ PR ld/22263
+ * elf64-s390.c (elf_s390_tls_transition): Use bfd_link_dll
+ instead of bfd_link_pic for TLS.
+ (elf_s390_check_relocs): Likewise.
+ (allocate_dynrelocs): Likewise.
+ (elf_s390_relocate_section): Likewise.
+
+(cherry picked from commit 26b1426577b5dcb32d149c64cca3e603b81948a9)
+---
+ bfd/elf64-s390.c | 26 +++++++++++++-------------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c
+index e780efa7181..00ee386baab 100644
+--- a/bfd/elf64-s390.c
++++ b/bfd/elf64-s390.c
+@@ -774,7 +774,7 @@ elf_s390_tls_transition (struct bfd_link_info *info,
+ int r_type,
+ int is_local)
+ {
+- if (bfd_link_pic (info))
++ if (bfd_link_dll (info))
+ return r_type;
+
+ switch (r_type)
+@@ -1026,7 +1026,7 @@ elf_s390_check_relocs (bfd *abfd,
+ case R_390_TLS_GOTIE20:
+ case R_390_TLS_GOTIE64:
+ case R_390_TLS_IEENT:
+- if (bfd_link_pic (info))
++ if (bfd_link_dll (info))
+ info->flags |= DF_STATIC_TLS;
+ /* Fall through */
+
+@@ -1107,7 +1107,7 @@ elf_s390_check_relocs (bfd *abfd,
+ if (r_type == R_390_TLS_LE64 && bfd_link_pie (info))
+ break;
+
+- if (!bfd_link_pic (info))
++ if (!bfd_link_dll (info))
+ break;
+ info->flags |= DF_STATIC_TLS;
+ /* Fall through */
+@@ -1571,7 +1571,7 @@ allocate_dynrelocs (struct elf_link_hash_entry *h,
+ to R_390_TLS_LE64 requiring no TLS entry. For GOTIE12 and IEENT
+ we can save the dynamic TLS relocation. */
+ if (h->got.refcount > 0
+- && !bfd_link_pic (info)
++ && !bfd_link_dll (info)
+ && h->dynindx == -1
+ && elf_s390_hash_entry(h)->tls_type >= GOT_TLS_IE)
+ {
+@@ -2662,7 +2662,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+
+ /* Relocations for tls literal pool entries. */
+ case R_390_TLS_IE64:
+- if (bfd_link_pic (info))
++ if (bfd_link_dll (info))
+ {
+ Elf_Internal_Rela outrel;
+ asection *sreloc;
+@@ -2690,7 +2690,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+ else if (h != NULL)
+ {
+ tls_type = elf_s390_hash_entry(h)->tls_type;
+- if (!bfd_link_pic (info) && h->dynindx == -1 && tls_type >= GOT_TLS_IE)
++ if (!bfd_link_dll (info) && h->dynindx == -1 && tls_type >= GOT_TLS_IE)
+ r_type = R_390_TLS_LE64;
+ }
+ if (r_type == R_390_TLS_GD64 && tls_type >= GOT_TLS_IE)
+@@ -2801,14 +2801,14 @@ elf_s390_relocate_section (bfd *output_bfd,
+ if (local_got_offsets == NULL)
+ abort();
+ off = local_got_offsets[r_symndx];
+- if (bfd_link_pic (info))
++ if (bfd_link_dll (info))
+ goto emit_tls_relocs;
+ }
+ else
+ {
+ off = h->got.offset;
+ tls_type = elf_s390_hash_entry(h)->tls_type;
+- if (bfd_link_pic (info) || h->dynindx != -1 || tls_type < GOT_TLS_IE)
++ if (bfd_link_dll (info) || h->dynindx != -1 || tls_type < GOT_TLS_IE)
+ goto emit_tls_relocs;
+ }
+
+@@ -2825,7 +2825,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+ break;
+
+ case R_390_TLS_LDM64:
+- if (! bfd_link_pic (info))
++ if (! bfd_link_dll (info))
+ /* The literal pool entry this relocation refers to gets ignored
+ by the optimized code of the local exec model. Do nothing
+ and the value will turn out zero. */
+@@ -2900,7 +2900,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+ continue;
+
+ case R_390_TLS_LDO64:
+- if (bfd_link_pic (info) || (input_section->flags & SEC_DEBUGGING))
++ if (bfd_link_dll (info) || (input_section->flags & SEC_DEBUGGING))
+ relocation -= dtpoff_base (info);
+ else
+ /* When converting LDO to LE, we must negate. */
+@@ -2922,7 +2922,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+
+ if (r_type == R_390_TLS_LOAD)
+ {
+- if (!bfd_link_pic (info) && (h == NULL || h->dynindx == -1))
++ if (!bfd_link_dll (info) && (h == NULL || h->dynindx == -1))
+ {
+ /* IE->LE transition. Four valid cases:
+ lg %rx,(0,%ry) -> sllg %rx,%ry,0
+@@ -2972,7 +2972,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+ invalid_tls_insn (input_bfd, input_section, rel);
+ return false;
+ }
+- if (!bfd_link_pic (info) && (h == NULL || h->dynindx == -1))
++ if (!bfd_link_dll (info) && (h == NULL || h->dynindx == -1))
+ {
+ /* GD->LE transition.
+ brasl %r14,__tls_get_addr@plt -> brcl 0,. */
+@@ -2991,7 +2991,7 @@ elf_s390_relocate_section (bfd *output_bfd,
+ }
+ else if (r_type == R_390_TLS_LDCALL)
+ {
+- if (!bfd_link_pic (info))
++ if (!bfd_link_dll (info))
+ {
+ unsigned int insn0, insn1;
+
+--
+2.27.0
+
diff --git a/main/binutils/binutils-s390x-2.patch b/main/binutils/binutils-s390x-2.patch
new file mode 100644
index 0000000000..75d7a931a3
--- /dev/null
+++ b/main/binutils/binutils-s390x-2.patch
@@ -0,0 +1,51 @@
+From 9a01457e02e7bb594ff9a9ac62a38c909e2e3083 Mon Sep 17 00:00:00 2001
+From: Stefan Liebler <stli@linux.ibm.com>
+Date: Thu, 28 Apr 2022 14:30:55 +0200
+Subject: [PATCH] s390: Add DT_JMPREL pointing to .rela.[i]plt with static-pie
+
+In static-pie case, there are IRELATIVE-relocs in
+.rela.iplt (htab->irelplt), which will later be grouped
+to .rela.plt. On s390, the IRELATIVE relocations are
+always located in .rela.iplt - even for non-static case.
+Ensure that DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ is added
+to the dynamic section even if htab->srelplt->size == 0.
+See _bfd_elf_add_dynamic_tags in bfd/elflink.c.
+
+bfd/
+ elf64-s390.c (elf_s390_size_dynamic_sections):
+ Enforce DT_JMPREL via htab->elf.dt_jmprel_required.
+
+(cherry picked from commit d942d8db12adf4c9e5c7d9ed6496a779ece7149e)
+---
+ bfd/elf64-s390.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c
+index 00ee386baab..0b851f7ac0e 100644
+--- a/bfd/elf64-s390.c
++++ b/bfd/elf64-s390.c
+@@ -1876,7 +1876,20 @@ elf_s390_size_dynamic_sections (bfd *output_bfd ATTRIBUTE_UNUSED,
+ else if (startswith (bfd_section_name (s), ".rela"))
+ {
+ if (s->size != 0 && s != htab->elf.srelplt)
+- relocs = true;
++ {
++ relocs = true;
++ if (s == htab->elf.irelplt)
++ {
++ /* In static-pie case, there are IRELATIVE-relocs in
++ .rela.iplt (htab->irelplt), which will later be grouped
++ to .rela.plt. On s390, the IRELATIVE relocations are
++ always located in .rela.iplt - even for non-static case.
++ Ensure that DT_JMPREL, DT_PLTRELA, DT_PLTRELASZ is added
++ to the dynamic section even if htab->srelplt->size == 0.
++ See _bfd_elf_add_dynamic_tags in bfd/elflink.c. */
++ htab->elf.dt_jmprel_required = true;
++ }
++ }
+
+ /* We use the reloc_count field as a counter if we need
+ to copy relocs into the output file. */
+--
+2.27.0
+
diff --git a/main/binutils/defang-no-split.patch b/main/binutils/defang-no-split.patch
deleted file mode 100644
index cea68edc5d..0000000000
--- a/main/binutils/defang-no-split.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 2dad02b6d46eef438cbd14d8511487b056628a38 Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich <siarheit@google.com>
-Date: Mon, 26 Jul 2021 22:51:18 +0100
-Subject: [PATCH 1/1] texi2pod.pl: add no-op --no-split option support
- [PR28144]
-
-Change 2faf902da ("generate single html manual page by default")
-added use of --no-split option to makeinfo. binutils reuses
-makeinfo options for texi2pod.pl wrapper. Unsupported option
-led to silent manpage truncation.
-
-The change adds no-op option support.
-
-etc/
- PR 28144
- * texi2pod.pl: Handle no-op --no-split option.
-
-(cherry picked from commit 96a7037cd8573cf065aa6b12baca68696f96d9ca)
----
- etc/texi2pod.pl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/etc/texi2pod.pl b/etc/texi2pod.pl
-index 11f70d156be..dcf2b437640 100644
---- a/etc/texi2pod.pl
-+++ b/etc/texi2pod.pl
-@@ -59,6 +59,8 @@ while ($_ = shift) {
- $flag = shift;
- }
- push (@ipath, $flag);
-+ } elsif (/^--no-split$/) {
-+ # ignore option for makeinfo compatibility
- } elsif (/^-/) {
- usage();
- } else {
---
-2.27.0
-
diff --git a/main/bitlbee/APKBUILD b/main/bitlbee/APKBUILD
deleted file mode 100644
index 7daf428e07..0000000000
--- a/main/bitlbee/APKBUILD
+++ /dev/null
@@ -1,48 +0,0 @@
-# Contributor: Peter Bui <pnutzh4x0r@gmail.com>
-# Maintainer: Sheila Aman <sheila@vulpine.house>
-pkgname=bitlbee
-pkgver=3.6
-pkgrel=2
-pkgdesc="An IRC to other chat networks gateway"
-url="https://www.bitlbee.org/"
-arch="all"
-options="!check" # no test suite
-license="GPL-2.0-or-later"
-makedepends="python3 glib-dev gnutls-dev libotr-dev"
-subpackages="$pkgname-dev $pkgname-doc $pkgname-otr $pkgname-openrc"
-source="http://get.bitlbee.org/src/bitlbee-$pkgver.tar.gz
- $pkgname.initd
- $pkgname.confd
- "
-
-build() {
- PYTHON=python3 \
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --otr=plugin \
- --prefix=/usr \
- --etcdir=/etc/bitlbee \
- --ssl=gnutls # https://bugs.bitlbee.org/ticket/886
- make
-}
-
-package() {
- make DESTDIR="$pkgdir" install install-etc install-dev
-
- install -m755 -D "$srcdir"/$pkgname.initd \
- "$pkgdir"/etc/init.d/$pkgname
- install -m644 -D "$srcdir"/$pkgname.confd \
- "$pkgdir"/etc/conf.d/$pkgname
- mkdir -p "$pkgdir"/var/lib/bitlbee
- chown nobody:nobody "$pkgdir"/var/lib/bitlbee
-}
-
-otr() {
- mkdir -p "$subpkgdir"/usr/lib
- mv "$pkgdir"/usr/lib/bitlbee "$subpkgdir"/usr/lib
-}
-
-sha512sums="ccbf0f23e228de2de147241f36f59744b2256cba958e2fabfba0cfa60935e55bbb7d7e20fffa54da9a345e55ffa9ca82cb62e9b99dc738ba35c6e268c6561a8d bitlbee-3.6.tar.gz
-300c3445b9be6dac41bbd6d3a3ef5b871668743d4ea68dd779962d7af941cdaac61cb7c61e7ab2610bffac6dd9accc7ef9590593aef45e6930e2f49abaf9bf40 bitlbee.initd
-d86e85eecafe080d331034cfc0b1f38d8e5582772d1e1d7175d14b396e1ce3dfd1b94e8ee97ef54b85181b3eacf39bacd378a1da5014515ed909554708907991 bitlbee.confd"
diff --git a/main/bitlbee/bitlbee.confd b/main/bitlbee/bitlbee.confd
deleted file mode 100644
index 99f308cd97..0000000000
--- a/main/bitlbee/bitlbee.confd
+++ /dev/null
@@ -1,9 +0,0 @@
-# Sample conf.d file for alpine linux
-
-#
-# Specify daemon options here.
-#
-
-PORT="6667"
-OPTS="-F"
-
diff --git a/main/bitlbee/bitlbee.initd b/main/bitlbee/bitlbee.initd
deleted file mode 100644
index 79a439393d..0000000000
--- a/main/bitlbee/bitlbee.initd
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/sbin/openrc-run
-
-name=bitlbee
-daemon=/usr/sbin/$name
-
-. /etc/conf.d/$name
-
-depend() {
- need net
- after firewall
-}
-
-start() {
- ebegin "Starting ${name}"
- start-stop-daemon --start --quiet \
- --pidfile /var/run/${name}.pid \
- --user nobody:nobody \
- --exec ${daemon} -- ${PORT} ${OPTS}
- eend $?
-}
-
-stop() {
- ebegin "Stopping ${name}"
- start-stop-daemon --stop --signal 9 --quiet \
- --pidfile /var/run/$name.pid \
- --exec ${daemon}
- eend $?
-}
-
diff --git a/main/bluez-firmware/APKBUILD b/main/bluez-firmware/APKBUILD
index d0e3d4a272..e13d3d2c33 100644
--- a/main/bluez-firmware/APKBUILD
+++ b/main/bluez-firmware/APKBUILD
@@ -1,27 +1,25 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=bluez-firmware
pkgver=1.2
-pkgrel=0
+pkgrel=1
pkgdesc="Firmware for Broadcom BCM203x Blutonium devices"
url="http://www.bluez.org/"
arch="all"
-license="GPL-2.0"
-depends=""
-makedepends=""
-source="http://bluez.sf.net/download/$pkgname-$pkgver.tar.gz"
+license="GPL-2.0-or-later"
+source="http://bluez.sf.net/download/bluez-firmware-$pkgver.tar.gz"
build() {
- cd "$srcdir/$pkgname-$pkgver"
./configure \
--build=$CBUILD \
--host=$CHOST \
- --libdir=/lib \
- || return 1
- make || return 1
+ --libdir=/lib
+ make
}
package() {
- cd "$srcdir/$pkgname-$pkgver"
- make DESTDIR="$pkgdir" install || return 1
+ make DESTDIR="$pkgdir" install
}
-sha512sums="15db2f9d38a496882e4cc3754af1e58aa99e1b849f2066c541d76c66a8ffdc5532799fe1fd473cfc158bf5ea86a46687716cbcf83c6dcac0ce66d97d679648dd bluez-firmware-1.2.tar.gz"
+
+sha512sums="
+15db2f9d38a496882e4cc3754af1e58aa99e1b849f2066c541d76c66a8ffdc5532799fe1fd473cfc158bf5ea86a46687716cbcf83c6dcac0ce66d97d679648dd bluez-firmware-1.2.tar.gz
+"
diff --git a/main/bluez/APKBUILD b/main/bluez/APKBUILD
index d9359d770a..43a6073005 100644
--- a/main/bluez/APKBUILD
+++ b/main/bluez/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Leo <thinkabit.ukim@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=bluez
-pkgver=5.63
+pkgver=5.64
pkgrel=0
pkgdesc="Tools for the Bluetooth protocol stack"
url="http://www.bluez.org/"
@@ -187,7 +187,7 @@ openrc() {
}
sha512sums="
-1b8ce7b1bd9611873c27a762a60df580edeefe5424e8733a2067b9afb1a47915f9319849bc1eeee148f5b1f33977b7975e05867e8dbdf73d33cd68e6b99ca75b bluez-5.63.tar.xz
+f11f9974b29c5c6fce3890d7e42425c1cb02e42c1b8f49c5cc4b249234e67b64317d0e5e82721e2fbf1b53269c8569a9c869d59ce42b5e927f6622f0753e53cd bluez-5.64.tar.xz
e1d64fac673cceb657684b1bc5c36ff6d05f7cc5832d940863129adacd5b8ade1315b14df039a61f061950ac99e155266530efe2d2d35ea3c145b0469698a726 bluetooth.initd
8d7b7c8938a2316ce0a855e9bdf1ef8fcdf33d23f4011df828270a088b88b140a19c432e83fef15355d0829e3c86be05b63e7718fef88563254ea239b8dc12ac rfcomm.initd
a70aa0dbbabe7e29ee81540a6f98bf191a850da55a28f678975635caf34b363cf4d461a801b3484120ee28fdd21240bd456a4f5d706262700924bd2e9a0972fb rfcomm.confd
@@ -199,7 +199,8 @@ d5fd1c962bd846eaa6fff879bab85f753eb367d514f82d133b5d3242e1da989af5eddd942c60a87d
42ac04044a8c66e07487598b3a75ef52efc32999ebce4e7c63f6198e2f603f4a1442e74600e43a0938cb4f52d4db0298aa99050b18144b84990cda71748e9de5 004-Move-the-43xx-firmware-into-lib-firmware.patch
ac635f9bca0e983835940572eb1b96ad70cf60fb84d5b0fde38c76ea6d1b13ef7d9adf81468b9fed779c890ab69dd5dfabf21970bff018466115c424668b82fb 005-hostname-Use-phone-class-for-handhelds.patch
04c4889372c8e790bb338dde7ffa76dc32fcf7370025c71b9184fcf17fd01ade4a6613d84d648303af3bbc54043ad489f29fc0cd4679ec8c9029dcb846d7e026 disable-lock-test.patch
-118d55183860f395fc4bdc93efffb13902ebf7388cad722b9061cd2860d404333e500af521741c3d92c0f8a161f6810348fbeb6682e49c372383f417aed8c76a fix-endianness.patch
+93ef2fe4e72cfa50d577adbae8de7449d3d070ab00d888bcc378d8a1783191130bf555f63cea781595701a5ef8b34355feae276423b10b1e22e2e43d10e09eac fix-endianness.patch
641e425333d269833eed624edec0e29cba04bb0ff6570f6afda178a164fc2bb77456fa88957fe49f36000d3601ac00bb7ba089400977c1577e9c226e74baa3d6 musl.patch
9c57bb1abf1b4927441a2a25c3c2599b0da82850e6b945d09e824e25be7c7efa99e54999cf5b799a1093303202badf08833cc4ccb36203901dfa516031ea8eb0 test-mesh-crypto.patch
-2e92639512c11e69d3c47e222a012b4f58fa7727d18b3639130e8fe91654773b1205ddbe650efe49a26ec41a64d39ddba2806503272e09252c51d194e3ced33d fix-musl.patch"
+2e92639512c11e69d3c47e222a012b4f58fa7727d18b3639130e8fe91654773b1205ddbe650efe49a26ec41a64d39ddba2806503272e09252c51d194e3ced33d fix-musl.patch
+"
diff --git a/main/bluez/fix-endianness.patch b/main/bluez/fix-endianness.patch
index ee0e0d1e3e..c60e229329 100644
--- a/main/bluez/fix-endianness.patch
+++ b/main/bluez/fix-endianness.patch
@@ -1,10 +1,13 @@
---- bluez-5.47/src/shared/util.h.old 2016-09-26 07:29:00.000000000 -0500
-+++ bluez-5.47/src/shared/util.h 2017-12-27 22:49:50.538716424 -0600
-@@ -26,6 +26,7 @@
- #include <alloca.h>
+--- a/src/shared/util.h
++++ b/src/shared/util.h
+@@ -15,6 +15,7 @@
#include <byteswap.h>
#include <string.h>
+ #include <sys/types.h>
+#include <endian.h>
- #if __BYTE_ORDER == __LITTLE_ENDIAN
- #define le16_to_cpu(val) (val)
+ #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
+ #define BIT(n) (1 << (n))
+--
+2.30.2
+
diff --git a/main/boost1.77/python-3.10.patch b/main/boost1.77/python-3.10.patch
deleted file mode 100644
index 2e1d5e3431..0000000000
--- a/main/boost1.77/python-3.10.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From e193f080c7d209516ac9b712fa0c50bb08026fa2 Mon Sep 17 00:00:00 2001
-From: Martin Jansa <martin.jansa@lge.com>
-Date: Tue, 19 Oct 2021 12:24:31 +0000
-Subject: [PATCH] BoostConfig.cmake: allow searching for python310
-
-* accept double digits in Python3_VERSION_MINOR
-
-* if someone is using e.g.:
- find_package(Python3 REQUIRED)
- find_package(Boost REQUIRED python${Python3_VERSION_MAJOR}${Python3_VERSION_MINOR})
-
- with python-3.10 then it currently fails with:
-
- -- Found PythonLibs: /usr/lib/libpython3.10.so (found version "3.10.0")
- -- Found Python3: -native/usr/bin/python3-native/python3 (found version "3.10.0") found components: Interpreter
- CMake Error at /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:141 (find_package):
- Could not find a package configuration file provided by "boost_python310"
- (requested version 1.77.0) with any of the following names:
-
- boost_python310Config.cmake
- boost_python310-config.cmake
-
- Add the installation prefix of "boost_python310" to CMAKE_PREFIX_PATH or
- set "boost_python310_DIR" to a directory containing one of the above files.
- If "boost_python310" provides a separate development package or SDK, be
- sure it has been installed.
- Call Stack (most recent call first):
- /usr/lib/cmake/Boost-1.77.0/BoostConfig.cmake:258 (boost_find_component)
- /usr/share/cmake-3.21/Modules/FindBoost.cmake:594 (find_package)
- CMakeLists.txt:18 (find_package)
-
-Signed-off-by: Martin Jansa <martin.jansa@lge.com>
----
- BoostConfig.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/BoostConfig.cmake b/BoostConfig.cmake
-index fd17821..5dffa58 100644
---- a/tools/boost_install/BoostConfig.cmake
-+++ b/tools/boost_install/BoostConfig.cmake
-@@ -113,7 +113,7 @@ macro(boost_find_component comp required quiet)
- set(_BOOST_REQUIRED REQUIRED)
- endif()
-
-- if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9])$")
-+ if("${comp}" MATCHES "^(python|numpy|mpi_python)([1-9])([0-9][0-9]?)$")
-
- # handle pythonXY and numpyXY versioned components for compatibility
-
diff --git a/main/boost1.77/0001-revert-cease-dependence-on-range.patch b/main/boost1.78/0001-revert-cease-dependence-on-range.patch
index a6002074ab..a6002074ab 100644
--- a/main/boost1.77/0001-revert-cease-dependence-on-range.patch
+++ b/main/boost1.78/0001-revert-cease-dependence-on-range.patch
diff --git a/main/boost1.78/APKBUILD b/main/boost1.78/APKBUILD
new file mode 100644
index 0000000000..bdb83372e5
--- /dev/null
+++ b/main/boost1.78/APKBUILD
@@ -0,0 +1,197 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=boost1.78
+pkgver=1.78.0
+_pkgver="${pkgver//./_}"
+pkgrel=2
+pkgdesc="Free peer-reviewed portable C++ source libraries"
+url="https://www.boost.org/"
+arch="all"
+license="BSL-1.0"
+depends="$pkgname-libs"
+depends_dev="$pkgname linux-headers bzip2-dev icu-dev xz-dev zlib-dev"
+makedepends="$depends_dev python3-dev>=3.8 flex bison"
+subpackages="
+ $pkgname-static
+ $pkgname-dev
+ $pkgname-doc
+ "
+source="https://boostorg.jfrog.io/artifactory/main/release/$pkgver/source/boost_$_pkgver.tar.bz2
+ boost-1.57.0-python-abi_letters.patch
+ boost-1.57.0-python-libpython_dep.patch
+ 0001-revert-cease-dependence-on-range.patch
+ bjam-no-skip-install.patch
+ boost-1.78.0-interprocess-musl-include.patch
+ "
+builddir="$srcdir/boost_$_pkgver"
+
+_enginedir="tools/build/src/engine"
+_bjam="$builddir"/$_enginedir/b2
+
+_libs="
+ atomic
+ chrono
+ container
+ context
+ contract
+ coroutine
+ date_time
+ fiber
+ filesystem
+ graph
+ iostreams
+ locale
+ log_setup
+ log
+ math
+ prg_exec_monitor
+ program_options
+ python3
+ random
+ regex
+ serialization
+ stacktrace_basic
+ stacktrace_noop
+ system
+ thread
+ timer
+ type_erasure
+ unit_test_framework
+ wave
+ wserialization
+ json
+ nowide
+ "
+for _lib in $_libs; do
+ subpackages="$subpackages $pkgname-${_lib}:_boostlib"
+done; unset -v _lib
+subpackages="$subpackages $pkgname-libs"
+
+_set_options() {
+ local _python="$(_pyversion python3)"
+ export PY3_VERSION="$_python"
+ export BOOST_ROOT="$builddir"
+
+ _options="
+ --user-config=\"$builddir/user-config.jam\"
+ --prefix=\"$pkgdir/usr\"
+ variant=release
+ python=$PY3_VERSION
+ toolset=gcc
+ debug-symbols=off
+ threading=multi
+ runtime-link=shared
+ link=shared,static
+ cflags=-fno-strict-aliasing
+ --layout=system
+ -q
+ -j${JOBS:-2}
+ "
+}
+
+prepare() {
+ default_prepare
+ _set_options
+
+ local abiflags="$(python3-config --abiflags)"
+
+ # create user-config.jam
+ cat > user-config.jam <<-__EOF__
+
+ using gcc : : $CC : <cxxflags>"$CXXFLAGS" <linkflags>"$LDFLAGS" ;
+ using python : $PY3_VERSION : /usr/bin/python3 : /usr/include/python${PY3_VERSION}$abiflags : : : : $abiflags ;
+
+ __EOF__
+}
+
+build() {
+ _set_options
+
+ msg "Building bjam"
+ cd "$builddir"/$_enginedir
+ CC= ./build.sh gcc
+
+ msg "Building bcp"
+ cd "$builddir"/tools/bcp
+ "$_bjam" -j${JOBS:-2}
+
+ msg "Building boost"
+ cd "$builddir"
+
+ "$_bjam" $_options
+}
+
+check() {
+ cd "$builddir"/tools/build/test
+
+ PATH="${_bjam%/*}:$PATH" python3 test_all.py --default-bjam
+}
+
+package() {
+ _set_options
+
+ install -Dm755 "$_bjam" \
+ "$pkgdir"/usr/bin/b2
+ ln -s b2 "$pkgdir"/usr/bin/bjam # old name for b2 binary
+
+ install -Dm755 dist/bin/bcp "$pkgdir"/usr/bin/bcp
+
+ install -Dm644 LICENSE_1_0.txt \
+ "$pkgdir"/usr/share/licenses/$pkgname/LICENSE_1_0.txt
+
+ "$pkgdir"/usr/bin/bjam $_options \
+ --includedir="$pkgdir"/usr/include \
+ --libdir="$pkgdir"/usr/lib \
+ install
+}
+
+static() {
+ pkgdesc="Boost static libraries"
+ depends="$depends_static"
+
+ amove usr/lib/lib*.a
+}
+
+_boostlib() {
+ local name="${subpkgname#$pkgname-}"
+ pkgdesc="Boost $name shared library"
+ depends="$depends__boostlib"
+
+ amove usr/lib/libboost_$name*.so.[0-9]*
+}
+
+libs() {
+ default_libs
+
+ pkgdesc="Boost shared libraries"
+ depends="$depends_libs"
+ local _pkg; for _pkg in $origsubpackages; do
+ case "$_pkg" in
+ *:_boostlib) depends="$depends ${_pkg%%:*}" ;;
+ esac
+ done
+
+ mkdir -p "$subpkgdir"
+ rmdir "$pkgdir"/usr/lib >/dev/null 2>&1 || :
+}
+
+dev() {
+ default_dev
+ replaces="boost1.77-dev"
+}
+
+doc() {
+ default_doc
+}
+
+_pyversion() {
+ "$1" -c 'import sys; print("%i.%i" % (sys.version_info.major, sys.version_info.minor))'
+}
+
+sha512sums="
+9c34a387a203b99aa773eb0c59f5abac7a99ba10e4623653e793c1d5b29b99b88e0e4e0d4e2e4ca5d497c42f2e46e23bab66417722433a457dc818d7670bcbbf boost_1_78_0.tar.bz2
+d96d4d37394a31764ed817d0bc4a99cffa68a75ff1ecfd4417b9e1e5ae2c31a96ed24f948c6f2758ffdac01328d2402c4cf0d33a37107e4f5f721e636daebd66 boost-1.57.0-python-abi_letters.patch
+132c4b62815d605c2d3c9038427fa4f422612a33711d47b2862f2311516af8a371d6b75bf078a7bffe20be863f8d21fb9fe74dc1a1bac3a10d061e9768ec3e02 boost-1.57.0-python-libpython_dep.patch
+9b53d2fe2dddd592e43db03c26fadd6c07d4c45a980ae4c775b7a914346a3914f6e0c3ef42dad5e2ea4568afb86c9967e09444ff609cfba1e1d39f4980b22ad6 0001-revert-cease-dependence-on-range.patch
+3e6679ce66b5fb5e89ba9500c7fdc94f0f7ede0c821cd89d488a618ecd7e6f2edd80b4a1928402a569f6e33fdefbd709bd16868b3d703a070c6117a65ac4761c bjam-no-skip-install.patch
+18d3944abd74a8f3b4dc53f39f47b4138a03b50f49f7a2cb7ccc49528d9a6c547d29b5589c620e02e0a6080c417fb33cd2b4d5a67644815d520091463771ed87 boost-1.78.0-interprocess-musl-include.patch
+"
diff --git a/main/boost1.78/bjam-no-skip-install.patch b/main/boost1.78/bjam-no-skip-install.patch
new file mode 100644
index 0000000000..bf63081f52
--- /dev/null
+++ b/main/boost1.78/bjam-no-skip-install.patch
@@ -0,0 +1,73 @@
+Patch-Source: https://github.com/bfgroup/b2/commit/78fd284a42caabe8815cb0870b46e5567872e75b
+From 78fd284a42caabe8815cb0870b46e5567872e75b Mon Sep 17 00:00:00 2001
+From: Dmitry <grisumbras@gmail.com>
+Date: Sat, 11 Dec 2021 16:58:23 +0300
+Subject: [PATCH] Don't skip install targets if there's <build>no in ureqs
+ (#113)
+
+---
+ src/tools/stage.jam | 4 ++++
+ test/install_build_no.py | 26 ++++++++++++++++++++++++++
+ test/test_all.py | 1 +
+ 3 files changed, 31 insertions(+)
+ create mode 100755 test/install_build_no.py
+
+diff --git a/src/tools/stage.jam b/src/tools/stage.jam
+index c5f02e3ba4..325129dc81 100644
+--- a/tools/build/src/tools/stage.jam
++++ b/tools/build/src/tools/stage.jam
+@@ -478,6 +478,10 @@ class install-target-class : basic-target
+ return [ sequence.unique $(result2) ] ;
+ }
+
++ rule skip-from-usage-requirements ( )
++ {
++ }
++
+ # Returns true iff 'type' is subtype of some element of 'types-to-include'.
+ #
+ local rule include-type ( type : types-to-include * )
+diff --git a/test/install_build_no.py b/test/install_build_no.py
+new file mode 100755
+index 0000000000..0ccf3c5cc6
+--- /dev/null
++++ b/tools/build/test/install_build_no.py
+@@ -0,0 +1,26 @@
++#!/usr/bin/python
++
++# Copyright 2021 Dmitry Arkhipov (grisumbras@gmail.com)
++# Distributed under the Boost Software License, Version 1.0.
++# (See accompanying file LICENSE.txt or https://www.bfgroup.xyz/b2/LICENSE.txt)
++
++# Check that <build>no in usage-requirements of dependencies does not affect
++# install rule, i.e. a skipped installed target does not affect insallation of
++# other targets.
++
++import BoostBuild
++
++t = BoostBuild.Tester()
++
++t.write("a.cpp", "int main() {}\n")
++
++t.write("jamroot.jam", """
++make x : : maker : <build>no ;
++exe a : a.cpp ;
++install install : x a ;
++""")
++
++t.run_build_system()
++t.expect_addition("install/a.exe")
++
++t.cleanup()
+diff --git a/test/test_all.py b/test/test_all.py
+index b7ef5ad701..9ed729d017 100644
+--- a/tools/build/test/test_all.py
++++ b/tools/build/test/test_all.py
+@@ -250,6 +250,7 @@ def reorder_tests(tests, first_test):
+ "inherit_toolset",
+ "inherited_dependency",
+ "inline",
++ "install_build_no",
+ "libjpeg",
+ "liblzma",
+ "libpng",
diff --git a/main/boost1.77/boost-1.57.0-python-abi_letters.patch b/main/boost1.78/boost-1.57.0-python-abi_letters.patch
index 7df3ee7047..7df3ee7047 100644
--- a/main/boost1.77/boost-1.57.0-python-abi_letters.patch
+++ b/main/boost1.78/boost-1.57.0-python-abi_letters.patch
diff --git a/main/boost1.77/boost-1.57.0-python-libpython_dep.patch b/main/boost1.78/boost-1.57.0-python-libpython_dep.patch
index 57bfc26774..57bfc26774 100644
--- a/main/boost1.77/boost-1.57.0-python-libpython_dep.patch
+++ b/main/boost1.78/boost-1.57.0-python-libpython_dep.patch
diff --git a/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch b/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch
new file mode 100644
index 0000000000..5a6f8a97c5
--- /dev/null
+++ b/main/boost1.78/boost-1.78.0-interprocess-musl-include.patch
@@ -0,0 +1,23 @@
+Patch-Source: https://github.com/boostorg/interprocess/commit/d002a0d929ecb031843d806c2bda69e013442e13
+From: Leonardo Neumann <leonardo@neumann.dev.br>
+Date: Mon, 13 Dec 2021 01:07:20 -0300
+Subject: [PATCH] Fix missing sys/stat.h include on musl-based systems
+
+Boost 1.78.0 fails to build on musl-based systems because musl does
+not include sys/stat.h by default.
+
+Fixes #161 ("Boost compiler error")
+--- a/boost/interprocess/permissions.hpp
++++ b/boost/interprocess/permissions.hpp
+@@ -29,6 +29,10 @@
+
+ #include <boost/interprocess/detail/win32_api.hpp>
+
++#else
++
++#include <sys/stat.h>
++
+ #endif
+
+ #endif //#ifndef BOOST_INTERPROCESS_DOXYGEN_INVOKED
+
diff --git a/main/boost1.79/0001-revert-cease-dependence-on-range.patch b/main/boost1.79/0001-revert-cease-dependence-on-range.patch
new file mode 100644
index 0000000000..a6002074ab
--- /dev/null
+++ b/main/boost1.79/0001-revert-cease-dependence-on-range.patch
@@ -0,0 +1,49 @@
+From 436e1dbe6fcd31523d261d18ad011392f1d6fbbc Mon Sep 17 00:00:00 2001
+From: Oliver Kowalke <oliver.kowalke@gmail.com>
+Date: Sun, 1 Dec 2019 20:40:28 +0100
+Subject: [PATCH] Revert "Cease dependence on Range"
+
+This reverts commit 0c556bb59241e682bbcd3f572815149c5a9b17db.
+
+see #44 (One test fails to compile after boostorg/coroutine submodule updated)
+---
+ boost/coroutine/asymmetric_coroutine.hpp | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+diff --git a/boost/coroutine/asymmetric_coroutine.hpp b/boost/coroutine/asymmetric_coroutine.hpp
+index ea96981..640896f 100644
+--- a/boost/coroutine/asymmetric_coroutine.hpp
++++ b/boost/coroutine/asymmetric_coroutine.hpp
+@@ -14,6 +14,7 @@
+ #include <boost/assert.hpp>
+ #include <boost/config.hpp>
+ #include <boost/move/move.hpp>
++#include <boost/range.hpp>
+ #include <boost/throw_exception.hpp>
+ #include <boost/utility/explicit_operator_bool.hpp>
+
+@@ -2354,19 +2355,12 @@ end( push_coroutine< R > & c)
+
+ }
+
+-// forward declaration of Boost.Range traits to break dependency on it
+-template<typename C, typename Enabler>
+-struct range_mutable_iterator;
+-
+-template<typename C, typename Enabler>
+-struct range_const_iterator;
+-
+ template< typename Arg >
+-struct range_mutable_iterator< coroutines::push_coroutine< Arg >, void >
++struct range_mutable_iterator< coroutines::push_coroutine< Arg > >
+ { typedef typename coroutines::push_coroutine< Arg >::iterator type; };
+
+ template< typename R >
+-struct range_mutable_iterator< coroutines::pull_coroutine< R >, void >
++struct range_mutable_iterator< coroutines::pull_coroutine< R > >
+ { typedef typename coroutines::pull_coroutine< R >::iterator type; };
+
+ }
+--
+2.24.1
+
diff --git a/main/boost1.77/APKBUILD b/main/boost1.79/APKBUILD
index 1032de5933..2292013a42 100644
--- a/main/boost1.77/APKBUILD
+++ b/main/boost1.79/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
-pkgname=boost1.77
-pkgver=1.77.0
+pkgname=boost1.79
+pkgver=1.79.0
_pkgver="${pkgver//./_}"
-pkgrel=3
+pkgrel=1
pkgdesc="Free peer-reviewed portable C++ source libraries"
url="https://www.boost.org/"
arch="all"
@@ -20,7 +20,7 @@ source="https://boostorg.jfrog.io/artifactory/main/release/$pkgver/source/boost_
boost-1.57.0-python-abi_letters.patch
boost-1.57.0-python-libpython_dep.patch
0001-revert-cease-dependence-on-range.patch
- python-3.10.patch
+ boost-1.79.0-fix-segfault-in-array-erase.patch
"
builddir="$srcdir/boost_$_pkgver"
@@ -69,19 +69,18 @@ subpackages="$subpackages $pkgname-libs"
# Claim the unversioned name, this must be removed once we switch our
# boost to a new version
provides="boost=$pkgver-r$pkgrel"
-replaces="boost"
+replaces="boost boost1.78"
_set_options() {
- [ -n "$PY3_VERSION" ] || PY3_VERSION="$(_pyversion python3)"
-
- local _options_python="${PY2_VERSION:+$PY2_VERSION,}$PY3_VERSION"
- [ -z "$_options_python" ] || _options_python="python=$_options_python"
+ local _python="$(_pyversion python3)"
+ export PY3_VERSION="$_python"
+ export BOOST_ROOT="$builddir"
_options="
--user-config=\"$builddir/user-config.jam\"
--prefix=\"$pkgdir/usr\"
- release
- $_options_python
+ variant=release
+ python=$PY3_VERSION
toolset=gcc
debug-symbols=off
threading=multi
@@ -91,27 +90,26 @@ _set_options() {
--layout=system
-q
-j${JOBS:-2}
- $_options_carch
"
}
prepare() {
default_prepare
-
_set_options
+
local abiflags="$(python3-config --abiflags)"
# create user-config.jam
cat > user-config.jam <<-__EOF__
using gcc : : $CC : <cxxflags>"$CXXFLAGS" <linkflags>"$LDFLAGS" ;
- using python : ${PY3_VERSION:+$PY3_VERSION }: /usr/bin/python3 : ${PY3_VERSION:+/usr/include/python${PY3_VERSION}$abiflags }: : : : ${abiflags:+$abiflags };
+ using python : $PY3_VERSION : /usr/bin/python3 : /usr/include/python${PY3_VERSION}$abiflags : : : : $abiflags ;
__EOF__
}
build() {
- export BOOST_ROOT="$builddir"
+ _set_options
msg "Building bjam"
cd "$builddir"/$_enginedir
@@ -123,7 +121,7 @@ build() {
msg "Building boost"
cd "$builddir"
- _set_options
+
"$_bjam" $_options
}
@@ -134,7 +132,6 @@ check() {
}
package() {
- export BOOST_ROOT="$builddir"
_set_options
install -Dm755 "$_bjam" \
@@ -161,8 +158,7 @@ static() {
provides="boost-static=$pkgver-r$pkgrel"
replaces="boost-static"
- mkdir -p "$subpkgdir"/usr/lib
- mv "$pkgdir"/usr/lib/lib*.a "$subpkgdir"/usr/lib/
+ amove usr/lib/lib*.a
}
_boostlib() {
@@ -175,8 +171,7 @@ _boostlib() {
provides="boost-$name=$pkgver-r$pkgrel"
replaces="boost-$name"
- mkdir -p "$subpkgdir"/usr/lib
- mv "$pkgdir"/usr/lib/libboost_$name*.so.[0-9]* "$subpkgdir"/usr/lib/
+ amove usr/lib/libboost_$name*.so.[0-9]*
}
libs() {
@@ -199,6 +194,14 @@ libs() {
rmdir "$pkgdir"/usr/lib >/dev/null 2>&1 || :
}
+dev() {
+ # Claim the unversioned name, this must be removed once we switch our
+ # boost to a new version. Replace previous boost version for clean -dev
+ # upgrade
+ default_dev
+ replaces="boost1.78-dev"
+}
+
_dev() {
# This makes boost-dev be a metapackage that depends on boostX.Y-dev
mkdir -p "$subpkgdir"
@@ -219,9 +222,9 @@ _pyversion() {
}
sha512sums="
-39b45c9b60bc5a2a4c669a4463d1272c1e093376b2fb374d7f20a84ea10a3e23bb04b335a735a83a04575731f874d9bff77e89acd947524b3fbbae1b26ae1f2f boost_1_77_0.tar.bz2
+70909e0561c213d10a1fdd692f9ae7b293d3cdc63e925bdc207da9e9bba6e86474341100e7ee5de6d94f9561196b1a3a1597055a7b7382babf8931131170a312 boost_1_79_0.tar.bz2
d96d4d37394a31764ed817d0bc4a99cffa68a75ff1ecfd4417b9e1e5ae2c31a96ed24f948c6f2758ffdac01328d2402c4cf0d33a37107e4f5f721e636daebd66 boost-1.57.0-python-abi_letters.patch
132c4b62815d605c2d3c9038427fa4f422612a33711d47b2862f2311516af8a371d6b75bf078a7bffe20be863f8d21fb9fe74dc1a1bac3a10d061e9768ec3e02 boost-1.57.0-python-libpython_dep.patch
9b53d2fe2dddd592e43db03c26fadd6c07d4c45a980ae4c775b7a914346a3914f6e0c3ef42dad5e2ea4568afb86c9967e09444ff609cfba1e1d39f4980b22ad6 0001-revert-cease-dependence-on-range.patch
-1d84ee5fecd7a8c2491b997fa1b9031195642c8d4946bb391f5a52c84f1fefd2cf4bb64a90601cbbd4fa1795d7a86f8cf78f4124fdbb1619b07ed31aa20e00bf python-3.10.patch
+17db69e7b41665b2fae5630aa5edf15f0b8d00aa04e8597b198eb4f530793e8227d0234ceb9c8a9859fac3a4ceb5b9eb51721329b91497a422d4ff579739b964 boost-1.79.0-fix-segfault-in-array-erase.patch
"
diff --git a/main/boost1.79/boost-1.57.0-python-abi_letters.patch b/main/boost1.79/boost-1.57.0-python-abi_letters.patch
new file mode 100644
index 0000000000..7df3ee7047
--- /dev/null
+++ b/main/boost1.79/boost-1.57.0-python-abi_letters.patch
@@ -0,0 +1,62 @@
+--- boost_1_57_0/tools/build/src/tools/python.jam 2013-05-21 06:14:18.000000000 +0200
++++ boost_1_55_0/tools/build/src/tools/python.jam 2014-05-29 19:09:12.115413877 +0200
+@@ -94,7 +94,7 @@ feature.feature pythonpath : : free opti
+ # using python : 2.3 : /usr/local/bin/python ;
+ #
+ rule init ( version ? : cmd-or-prefix ? : includes * : libraries ?
+- : condition * : extension-suffix ? )
++ : condition * : extension-suffix ? : abi-letters ? )
+ {
+ project.push-current $(.project) ;
+
+@@ -107,7 +107,7 @@ rule init ( version ? : cmd-or-prefix ?
+ }
+ }
+
+- configure $(version) : $(cmd-or-prefix) : $(includes) : $(libraries) : $(condition) : $(extension-suffix) ;
++ configure $(version) : $(cmd-or-prefix) : $(includes) : $(libraries) : $(condition) : $(extension-suffix) : $(abi-letters) ;
+
+ project.pop-current ;
+ }
+@@ -653,7 +653,7 @@ local rule system-library-dependencies (
+
+ # Declare a target to represent Python's library.
+ #
+-local rule declare-libpython-target ( version ? : requirements * )
++local rule declare-libpython-target ( version ? : requirements * : abi-letters ? )
+ {
+ # Compute the representation of Python version in the name of Python's
+ # library file.
+@@ -677,13 +677,13 @@ local rule declare-libpython-target ( ve
+ }
+
+ # Declare it.
+- lib python.lib : : <name>python$(lib-version) $(requirements) ;
++ lib python.lib : : <name>python$(lib-version)$(abi-letters) $(requirements) ;
+ }
+
+
+ # Implementation of init.
+ local rule configure ( version ? : cmd-or-prefix ? : includes * : libraries ? :
+- condition * : extension-suffix ? )
++ condition * : extension-suffix ? : abi-letters ? )
+ {
+ local prefix ;
+ local exec-prefix ;
+@@ -699,6 +699,7 @@ local rule configure ( version ? : cmd-o
+ extension-suffix ?= _d ;
+ }
+ extension-suffix ?= "" ;
++ abi-letters ?= "" ;
+
+ # Normalize and dissect any version number.
+ local major-minor ;
+@@ -922,7 +923,7 @@ local rule configure ( version ? : cmd-o
+ }
+ else
+ {
+- declare-libpython-target $(version) : $(target-requirements) ;
++ declare-libpython-target $(version) : $(target-requirements) : $(abi-letters) ;
+
+ # This is an evil hack. On, Windows, when Python is embedded, nothing
+ # seems to set up sys.path to include Python's standard library
diff --git a/main/boost1.79/boost-1.57.0-python-libpython_dep.patch b/main/boost1.79/boost-1.57.0-python-libpython_dep.patch
new file mode 100644
index 0000000000..57bfc26774
--- /dev/null
+++ b/main/boost1.79/boost-1.57.0-python-libpython_dep.patch
@@ -0,0 +1,13 @@
+Index: boost_1_57_0/tools/build/src/tools/python.jam
+===================================================================
+--- boost_1_57_0/tools/build/src/tools/python.jam (revision 50406)
++++ boost_1_57_0/tools/build/src/tools/python.jam (working copy)
+@@ -994,7 +994,7 @@
+ else
+ {
+ alias python_for_extensions
+- :
++ : python
+ : $(target-requirements)
+ :
+ : $(usage-requirements)
diff --git a/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch b/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch
new file mode 100644
index 0000000000..f853bc25dd
--- /dev/null
+++ b/main/boost1.79/boost-1.79.0-fix-segfault-in-array-erase.patch
@@ -0,0 +1,50 @@
+Patch-Source: https://www.boost.org/users/history/version_1_79_0.html , known-issues
+diff -ur boost_1_79_0/boost/json/impl/array.ipp boost_1_79_0/boost/json/impl/array.ipp
+--- boost_1_79_0/boost/json/impl/array.ipp 2022-04-06 17:02:43.000000000 -0400
++++ boost_1_79_0/boost/json/impl/array.ipp 2022-04-13 20:55:20.464359478 -0400
+@@ -491,8 +491,11 @@
+ auto const p = &(*t_)[0] +
+ (pos - &(*t_)[0]);
+ destroy(p, p + 1);
+- relocate(p, p + 1, 1);
+ --t_->size;
++ if(t_->size > 0)
++ relocate(p, p + 1,
++ t_->size - (p -
++ &(*t_)[0]));
+ return p;
+ }
+
+diff -ur boost_1_79_0/libs/json/test/array.cpp boost_1_79_0/libs/json/test/array.cpp
+--- boost_1_79_0/libs/json/test/array.cpp 2022-04-06 17:02:43.000000000 -0400
++++ boost_1_79_0/libs/json/test/array.cpp 2022-04-13 20:53:32.671782680 -0400
+@@ -1270,6 +1270,21 @@
+ }
+
+ void
++ testIssue692()
++ {
++ array a;
++ object obj;
++ obj["test1"] = "hello";
++ a.push_back(obj);
++ a.push_back(obj);
++ a.push_back(obj);
++ a.push_back(obj);
++ a.push_back(obj);
++ while(a.size())
++ a.erase(a.begin());
++ }
++
++ void
+ run()
+ {
+ testDestroy();
+@@ -1283,6 +1298,7 @@
+ testExceptions();
+ testEquality();
+ testHash();
++ testIssue692();
+ }
+ };
+
diff --git a/main/botan/APKBUILD b/main/botan/APKBUILD
index 3332e06e3e..938831a676 100644
--- a/main/botan/APKBUILD
+++ b/main/botan/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: tcely <tcely@users.noreply.github.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=botan
-pkgver=2.18.1
-pkgrel=4
+pkgver=2.19.1
+pkgrel=2
pkgdesc="Crypto and TLS for C++11"
url="https://botan.randombit.net/"
arch="all"
@@ -10,9 +10,7 @@ license="BSD-2-Clause"
depends_dev="boost-dev bzip2-dev openssl1.1-compat-dev sqlite-dev xz-dev zlib-dev"
makedepends="$depends_dev python3"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
-source="https://botan.randombit.net/releases/Botan-$pkgver.tar.xz
- dl-exponents.patch
- CVE-2021-40529.patch"
+source="https://botan.randombit.net/releases/Botan-$pkgver.tar.xz"
builddir="$srcdir/Botan-$pkgver"
# secfixes:
@@ -62,7 +60,5 @@ package() {
}
sha512sums="
-2f11d1ab703d977a2d64504d2a2489ce56109a2a6c46c0dc7c8db428470ce511bcc0160f70baedad29237abd5e1622f2c155ea58c4dec4d3ae57ee7b350415c3 Botan-2.18.1.tar.xz
-e0d5e2c07d1ea66def33cbf8d64ba87eeb46c10ff0c14a54bc518b87a668a74a184e18b89440a2ef4b78ddf97cb4e2b02f1a70b4bbf705170715e353b2abbddb dl-exponents.patch
-fd5d29ea98de0f0ddc63340270f118a2a633e740d604cf030780fdca46a87733654c38c01f933bb607f92cbb3750250a1af6ef9fe26fec601bbe8c9f079a6660 CVE-2021-40529.patch
+e604be0e7e82da89e3e1949d3035a87dc63314bd9854d5fe5129ccb3ed5bc78edb0406c7f8ad1a152b59a63b6d98ba207a0851a08428c3452cce794614b5eef5 Botan-2.19.1.tar.xz
"
diff --git a/main/botan/CVE-2021-40529.patch b/main/botan/CVE-2021-40529.patch
deleted file mode 100644
index c864ef5838..0000000000
--- a/main/botan/CVE-2021-40529.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 9a23e4e3bc3966340531f2ff608fa9d33b5185a2 Mon Sep 17 00:00:00 2001
-From: Jack Lloyd <jack@randombit.net>
-Date: Tue, 3 Aug 2021 18:20:29 -0400
-Subject: [PATCH] Avoid using short exponents with ElGamal
-
-Some off-brand PGP implementation generates keys where p - 1 is
-smooth, as a result short exponents can leak enough information about
-k to allow decryption.
----
- src/lib/pubkey/elgamal/elgamal.cpp | 8 +++-
- src/tests/data/pubkey/elgamal_decrypt.vec | 45 +++++++++++++++++++++++
- src/tests/data/pubkey/elgamal_encrypt.vec | 17 ++++++---
- 3 files changed, 62 insertions(+), 8 deletions(-)
-
-diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp
-index b3ec6df2cb..0e33c2ca5f 100644
---- a/src/lib/pubkey/elgamal/elgamal.cpp
-+++ b/src/lib/pubkey/elgamal/elgamal.cpp
-@@ -113,8 +113,12 @@ ElGamal_Encryption_Operation::raw_encrypt(const uint8_t msg[], size_t msg_len,
- if(m >= m_group.get_p())
- throw Invalid_Argument("ElGamal encryption: Input is too large");
-
-- const size_t k_bits = m_group.exponent_bits();
-- const BigInt k(rng, k_bits);
-+ /*
-+ Some ElGamal implementations foolishly use prime fields where p - 1 is
-+ smooth, as a result it is unsafe to use short exponents.
-+ */
-+ const size_t k_bits = m_group.p_bits() - 1;
-+ const BigInt k(rng, k_bits, false);
-
- const BigInt a = m_group.power_g_p(k, k_bits);
- const BigInt b = m_group.multiply_mod_p(m, monty_execute(*m_monty_y_p, k, k_bits));
-diff --git a/src/tests/data/pubkey/elgamal_decrypt.vec b/src/tests/data/pubkey/elgamal_decrypt.vec
-index f676be50e7..a9d9dd1679 100644
---- a/src/tests/data/pubkey/elgamal_decrypt.vec
-+++ b/src/tests/data/pubkey/elgamal_decrypt.vec
-@@ -58,3 +58,48 @@ G = 4956716650468111499852968442558584961751486202697832959709919208796153871740
- X = 4304232149632055597449717737864742436448127103739097
- Msg = F73BB7E5C8A5619380
- Ciphertext = C9881464A37749949D66D75CD9B7A8ACAD33DD1FAC7561F684E9CB5343D2ED15969D7EDB4135518B50F0FEC9A9559C1D5E44DAB42C14BBDE2D2711EA4D02D7F27D1A9BCFEC9E8B73FA64BA3C54707FDDE7D5BE695E17FB9D259FB576FD4E57D66C8F727DC236E2A6E9FD01709D34B8D09F7DD3890F003EBE616042B4E0A8A00F6C3F34DE7E002FE72A84AF8D014D64E8CD08B9B56CC3A6BBE6F966B92105A92C5ABF4F2BF735670622F6213FE9739FAD65692E1C0EBF708A47E18600A22972A5A3DA0F22D11C581D46F734151A083FF757E961351EB183B467A859FBB9ED1DAC396FA405701FD6E3A62EB126E93648C3C6DFA9C4DBF3C005880F4799F66B310E
-+
-+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF
-+G = 0x02
-+X = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E
-+Msg = 1C
-+Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F
-+
-+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
-+G = 0x02
-+X = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8
-+Msg = 7F0CCACA157707BF03
-+Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F
-+
-+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
-+G = 0x02
-+X = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C
-+Msg = D830F02AA1AE9328CF3F2C6CB7D86875
-+Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1
-+
-+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF
-+G = 0x02
-+X = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8
-+Msg = 0E738AF35B6AE8951E5C3BF8EB
-+Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D
-+
-+P = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF
-+G = 0x02
-+X = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6
-+Msg = D413DAC9D341361F17EDCE1C46A04D343424251B
-+Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE
-+
-+# Generated by Golang x/crypto
-+P = 0xB10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C69A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C013ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD7098488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708DF1FB2BC2E4A4371
-+G = 0xA4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507FD6406CFF14266D31266FEA1E5C41564B777E690F5504F213160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28AD662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24855E6EEB22B3B2E5
-+X = 0x626adfc4696e5dee7f95f24077c8377b1df439cb76ab82134fe4a48b673e565a
-+Msg = 0244454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454546444541444245454644454144424545464445414442454500476F207465737420766563746F72
-+Ciphertext = 0F0AF27EB240927497A4245E592BDA1AA12420054AA406080420E92FCEDA12A3DCBF1CDEDA86A87029DF05C8D2435DF91A53BF65164375C302C19773C88677E88C36C3BBC408DFAD0672C1A56E5CDB8932AE11DD250F3DC31CB601582CC10C2E4BD26149AA5519AEDC7619C35B6F920B53B3AAEF728B06F37D08250B14C7AA0E291F233A5F5A6EE2333C9839C7C654C21669795B5C1415F92AFFBD24273403160AFE1DF058F554085283E0D5D8C487CBD4F7EFFBAE620C67F285CE4DD83FB1A00733B5BF9CA22A33039A7A15169757EFECC36A15F67609707C751F88FB5E70861BDE09A72A6B4558EA2841792BC86EC523DF23094D4B55663527EAB70D182CA9
-+
-+[EME-PKCS1-v1_5]
-+# Same as above test from Go but with PKCS1 padding removed
-+P = 0xB10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C69A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C013ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD7098488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708DF1FB2BC2E4A4371
-+G = 0xA4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507FD6406CFF14266D31266FEA1E5C41564B777E690F5504F213160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28AD662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24855E6EEB22B3B2E5
-+X = 0x626adfc4696e5dee7f95f24077c8377b1df439cb76ab82134fe4a48b673e565a
-+Msg = 476F207465737420766563746F72
-+Ciphertext = 0F0AF27EB240927497A4245E592BDA1AA12420054AA406080420E92FCEDA12A3DCBF1CDEDA86A87029DF05C8D2435DF91A53BF65164375C302C19773C88677E88C36C3BBC408DFAD0672C1A56E5CDB8932AE11DD250F3DC31CB601582CC10C2E4BD26149AA5519AEDC7619C35B6F920B53B3AAEF728B06F37D08250B14C7AA0E291F233A5F5A6EE2333C9839C7C654C21669795B5C1415F92AFFBD24273403160AFE1DF058F554085283E0D5D8C487CBD4F7EFFBAE620C67F285CE4DD83FB1A00733B5BF9CA22A33039A7A15169757EFECC36A15F67609707C751F88FB5E70861BDE09A72A6B4558EA2841792BC86EC523DF23094D4B55663527EAB70D182CA9
-diff --git a/src/tests/data/pubkey/elgamal_encrypt.vec b/src/tests/data/pubkey/elgamal_encrypt.vec
-index 059eb1668d..92e8690549 100644
---- a/src/tests/data/pubkey/elgamal_encrypt.vec
-+++ b/src/tests/data/pubkey/elgamal_encrypt.vec
-@@ -3,30 +3,35 @@
- Group = modp/ietf/1024
- Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E
- Msg = 1C
--Nonce = EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297
-+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297
- Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F
-
-+Group = modp/ietf/1024
-+Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E
-+Msg = 1C
-+Nonce = D0F937A84865734C37877CBBD731D9A378EA8644B5C4D9A65B2C81C46F1014364F3593C6B9DFF25E0741EFB6C3E033522D66A6DA1C6B7666E8C15112BFAB850C38177C30CC05449B1A7D0D11EDD555997C57840D319279E5C80A51DC15F8103B820C5C870432DC14B70A12207EF749C835825C63B05B2E1A8FE36F0264D5B13D
-+Ciphertext = B1F5602B7E72A8B3B5932EE86F303A14D764BAD54BF37902F0AA4C2592E04D3BB70F6CAAD3287B613D48C4D735E776F212BB26D46F53699B08194A0105239C588A2678EDC7476DF68B6C60F83E8DE47BA3477E17B3AD72D96F41FC1066089940F99ED6C0C8E9E77F322D986FDC4C718451E2CFBA51DCE13741C78AF81878EC6D4155741BFDD369A9DB4C9619E3753E0E80BD39A9B788481FB82ABA9A26FEF1B7619F9FC524B5D64DA2E3B23F8E8C0922754EB56A495DBD4F31B2DD3F9DC76A2EAB4D94F957F4E3776F423B85A8CDB343787AAFF00C95AFC297875DFF49EC9C886A5D550E1130A6CCC25E4A1C2D078C3B98586FFFD3C87EABC3FDC13A15AD4666
-+
- Group = modp/ietf/1536
- Secret = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8
- Msg = 7F0CCACA157707BF03
--Nonce = F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857
-+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857
- Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F
-
- Group = modp/ietf/2048
- Secret = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C
- Msg = D830F02AA1AE9328CF3F2C6CB7D86875
--Nonce = DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538
-+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538
- Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1
-
- Group = modp/ietf/3072
- Secret = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8
- Msg = 0E738AF35B6AE8951E5C3BF8EB
--Nonce = F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306
-+Nonce = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306
- Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D
-
- Group = modp/ietf/4096
- Secret = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6
- Msg = D413DAC9D341361F17EDCE1C46A04D343424251B
--Nonce = B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257
-+Nonce = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257
- Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE
--
diff --git a/main/botan/dl-exponents.patch b/main/botan/dl-exponents.patch
deleted file mode 100644
index 28c5e06b81..0000000000
--- a/main/botan/dl-exponents.patch
+++ /dev/null
@@ -1,304 +0,0 @@
-From 9258696e147894e45d0422fd65a34193fba76211 Mon Sep 17 00:00:00 2001
-From: Jack Lloyd <jack@randombit.net>
-Date: Mon, 14 Dec 2020 07:15:20 -0500
-Subject: [PATCH] New sizes for DL exponents
-
-Avoid using a formula for this and instead just bucket into a few very
-rough sizes. In all cases (except very large keys) this results in
-using a somewhat larger exponent.
----
- src/lib/pubkey/workfactor.cpp | 23 +++++++------
- src/scripts/test_cli.py | 4 +--
- .../{elgamal.vec => elgamal_decrypt.vec} | 10 ------
- src/tests/data/pubkey/elgamal_encrypt.vec | 32 ++++++++++++++++++
- src/tests/data/pubkey/workfactor.vec | 18 ++++++----
- src/tests/{test_elg.cpp => test_elgamal.cpp} | 33 +++++++++++++++----
- src/tests/test_workfactor.cpp | 2 +-
- 7 files changed, 86 insertions(+), 36 deletions(-)
- rename src/tests/data/pubkey/{elgamal.vec => elgamal_decrypt.vec} (95%)
- create mode 100644 src/tests/data/pubkey/elgamal_encrypt.vec
- rename src/tests/{test_elg.cpp => test_elgamal.cpp} (54%)
-
-diff --git a/src/lib/pubkey/workfactor.cpp b/src/lib/pubkey/workfactor.cpp
-index cd0a83e5ce..13760351ea 100644
---- a/src/lib/pubkey/workfactor.cpp
-+++ b/src/lib/pubkey/workfactor.cpp
-@@ -51,16 +51,19 @@ size_t dl_work_factor(size_t bits)
-
- size_t dl_exponent_size(size_t bits)
- {
-- /*
-- This uses a slightly tweaked version of the standard work factor
-- function above. It assumes k is 1 (thus overestimating the strength
-- of the prime group by 5-6 bits), and always returns at least 128 bits
-- (this only matters for very small primes).
-- */
-- const size_t min_workfactor = 64;
-- const double log2_k = 0;
--
-- return 2 * std::max<size_t>(min_workfactor, nfs_workfactor(bits, log2_k));
-+ if(bits == 0)
-+ return 0;
-+ if(bits <= 256)
-+ return bits - 1;
-+ if(bits <= 1024)
-+ return 192;
-+ if(bits <= 1536)
-+ return 224;
-+ if(bits <= 2048)
-+ return 256;
-+ if(bits <= 4096)
-+ return 384;
-+ return 512;
- }
-
- }
-diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
-index 7fb46feab4..5fc2f04e84 100755
---- a/src/scripts/test_cli.py
-+++ b/src/scripts/test_cli.py
-@@ -278,7 +278,7 @@ def cli_gen_dl_group_tests(_tmp_dir):
- mFvAZ/8wal0=
- -----END X9.42 DH PARAMETERS-----"""
-
-- test_cli("gen_dl_group", "--pbits=1043", pem)
-+ test_cli("gen_dl_group", ["--pbits=1043", "--qbits=174"], pem)
-
- dsa_grp = """-----BEGIN DSA PARAMETERS-----
- MIIBHgKBgQCyP1vosC/axliM2hmJ9EOSdd1zBkuzMP25CYD8PFkRVrPLr1ClSUtn
-@@ -679,7 +679,7 @@ def cli_pk_workfactor_tests(_tmp_dir):
- test_cli("pk_workfactor", "2048", "111")
- test_cli("pk_workfactor", ["--type=rsa", "512"], "58")
- test_cli("pk_workfactor", ["--type=dl", "512"], "58")
-- test_cli("pk_workfactor", ["--type=dl_exp", "512"], "128")
-+ test_cli("pk_workfactor", ["--type=dl_exp", "512"], "192")
-
- def cli_dl_group_info_tests(_tmp_dir):
-
-diff --git a/src/tests/data/pubkey/elgamal.vec b/src/tests/data/pubkey/elgamal_decrypt.vec
-similarity index 95%
-rename from src/tests/data/pubkey/elgamal.vec
-rename to src/tests/data/pubkey/elgamal_decrypt.vec
-index 5cfbacdeee..f676be50e7 100644
---- a/src/tests/data/pubkey/elgamal.vec
-+++ b/src/tests/data/pubkey/elgamal_decrypt.vec
-@@ -3,68 +3,58 @@ P = 1365501321293735349225077112267598047546199828869335521691442858164229618266
- G = 13
- X = 1510837665211600837455333225484573368412905214721958306259132011740929687444
- Msg = 02AD1D776D591520E4D8BEF8B21CC2F54FB4EB788E52ECEBE13564435DA66284D51A6A6696E615EF599786CE4CBEFAFF066E0A1CD8868454EB5CE0CA99241B29E1D1492CF2712C2C101B3F3779034683AD8271098C2E3FBAA83901A97D9645FA5815AF79F4F638ECBE09020003F434D708914899C668F34830E70F4CAF0803
--Nonce = 0A5842A8D0C1B07E5DE6FD3E0C6B1108523D4D35417F
- Ciphertext = 5B99F58B48F3D473327075F2FF4EEA3C8C1FEB0B241F042864610D6FC512A81F431A965724195DB71C3B84B6B9F1DFAE0DAE60E7CDA957703D10FCCDA45CDD0EF8C8F76AA4F51F3EDAD8E5085B97D69523A3EAC89D67CDFDDCF0A30491A98BE2FD6C5E69C3A2C95300B9DB4EDF2111E7613EF7B2CA430D0CFFBDECF6A7BE592A853B404B6910C48A0204ED3430691E766FBAF21A428B9F833C5932C053C616EEB59850150A22331A8FB5AF2065B595E4F08881B1DB7CB85A28A33F4449890739679CCAA431A9205210995BEA68759B475BE4183A975C9D042FBBEDF589AB6AF017D7523B2CC90CD63526BC584F1E9EF42ABAAA9238987D7F73B94E323C6AADFD
-
- P = 1541287358797997024335652872773425159872421808416662301794871595911973385718041854467851087853175356350298847849929853669980047096240555092681165983790725605204837589691602540741068782404825906414885161661820441988899240406981724303
- G = 5
- X = 1344717445208905302019700797220481877896877304443340806021921711564
- Msg = 02C1ED6A171875F055809F12BC61829961CC740935C6DCC468FA663E8D1A7DE9E0555E3EA99476436743FC5C76D3E041055FAEB7641907F8E2F1F94061B22E72B7CD39EDD7A6367828CCDC000301CEA7D91CB1E8A3E20DC85FAA23EF6D08E6
--Nonce = F42F854C10C9DD14A6712594A31326A1FD2CF5
- Ciphertext = 9E47FB001BDDB12F2D8E0FA5501A7EAC1B185FDFC7D2FF3E4461B0D75D626F5156DEDD4D25F13C6C1F5F9A1F916058045705F5E82F748E9B6F0DC95D572B8DC2770159092EECA13946F0522FE2A859705009B615818A1B4F98E8DD38CF00DE746ABD5F3852D93F8D9299DE18EB763F11E41A8B9660C5F056538EED431BB8E2199D9012F50C7FBEF5AAD35ECCD7F141CD9AC6553315A2699D6718F50EBDCEAE62A11ACC466E8533EDBAF13C15B5532B323EBF283B108F892DBFCEA21231DFD548
-
- P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223
- G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549
- X = 175607362627753240470186183617696577774
- Msg = 47E586A7E7D98C116A6F553F652E57BF
--Nonce = BEF5E7EFAA76C52A8ECEE604EDAFD31B
- Ciphertext = CD70DE085B0C586B4E64097EA3AB4CE0B60A71B0F640FE4468F4F940412EDBDD9035EEC602530CFF81B2CDC35805264A866E4689DDBADC3438575B6337118BB23A5AB7710F85F2A4E1E0DBEC5652FEF73C868747ECB7043BA08241A0879A2DC588D3EC14ED552E62B1B111646FF4DFA9050754240A46A840EA5EB1D97712F2BB
-
- P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223
- G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549
- X = 226260657342880764984259695048075261500
- Msg = 74BC8D009250F4CD2E08BC556EE01449
--Nonce = A2951BE393736E39E9D209FE978C7546
- Ciphertext = 6D6ED1C6E519C628CACC7981A5BBE487F6E013B26448D711911698CEEAA4F746182A716602183A746FC35B022BD7B27EF079F7164309653D148D0CE91907FF6C4A9001A0CCA2A0A163F3F93200C2E40A957919CB84AC35B928E026F1827E6D4A9B986B592BE39861538414D5EA6980248FD3C3C0CDEE372F392D5AC46DB8EEFB
-
- P = 13232376895198612407547930718267435757728527029623408872245156039757713029036368719146452186041204237350521785240337048752071462798273003935646236777459223
- G = 11629401773565540073100961473632977008134185076958364415809981826641612629974728305105606061133984394938666464842000720534465163992699133277631369246002549
- X = 190989497955271245954961490592364802400
- Msg = 01AFE1A93EDB9CD3E3715523C952478D
--Nonce = 9500DDCD404618F64A2063BC19941A6E
- Ciphertext = 0636C3F1C63C54CAB4B48B6EF0ECBFF00BA6AB70DF4DB6266D0785351B37279D41D957D16CAB48C64035DCB2A1CD75BAC298C8ECAE8057D87071EADAA5DA6E2B69B5F353B5753F7E24DA81ABAD40059CD73CFA6E78CAB1C7DA418D55E5DBD42FA4F2B876A25B4AF63588C80E0DB11E8BAB1531960E951C08C1A68C8FAE0DA87C
-
- P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983
- G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440
- X = 5693645782587047029911723275175292231768316497
- Msg = 58E72BD0F04B11
--Nonce = EF07721FF6B28A8A3B4EBC95C16B13A83649B7
- Ciphertext = C7B6ACADBBCFD3A34EDA31CE9CA7F7889FBB2DF5C6C25793EB974591BF0EDE93637B6A95E8075BDB2A987039D92487665465C98AAD0C123FA00BB9736170E78069AA32DFBEB07099A0B7D439AA807A2D3D6F9F913EBC673F9F8CD5D3C0E9DD0D988EAC4D8204928C2DA8ECD1FA3A598FCBFFEF5017DB8542D123CF69E8C92EB956F10DC995AE6B6564967D5C12A07BA35607C54CC3F10A36FF3603DD7CC1490664610002977CE8C4A4EFFBD1421C902D4D8DFF81D014E1AB55F239E0F2FD28AB
-
- P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983
- G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440
- X = 4008521039270359712424267366152273661245582878
- Msg = C37AA41207A357DBCCFBE93DC45C5BD91D29FD29CBA29B26AC437A9B560C3BEA
--Nonce = A36338E4D7815E6A4B178E951BEF073C6D5A7F
- Ciphertext = D824C94623313298600CC20203F8A40006CAFCFC8F883C99AC09DBAE4B95E6DB9FB5737E24D9D7E39B603893076BC81A2BC0C0D608B32B353972B57066535DAAC49E3F7F2A0E243618EEE01C5AB3AFAE1D55E3A1DB33CF713E5187AD51D55144B1A108354ECA651E55F85F253FE73C1C15FA5EDDDA47467BD0425F09E3C4156548E71896659C618B84FD72BA176E2DEEECD8B15F2C05F870697EA464B88273742BD6ECBA5164424F34EBB9E13E31683A16712901818C7E5F502720FBCB075EA1
-
- P = 1418488780399624169246918906980830188668962659968489177172519612007411971965075884911751185624649475197807409457369163882960326663412481439463507475025544888587052733646843233033458377686354235239579046252542291754237282749312023983
- G = 1351977104923085061876231022324913317418268765766371251774974499254352282996737121345129752664271877383194755574993089982460597274051441610498438524702048238124542105329402087161253933648442955133245175046317041420863434958965806440
- X = 5316253934868425065538718034591876558413406625
- Msg = 36FDC0501B44AF
--Nonce = 832BC01DB63F958D47B6962AEAA74C0831A6AB
- Ciphertext = 62E46CDF100BADF4419215256BEC8427DD0388D1B60B5A8675532C0934351BA0036AF58032AB6C4DB829F1A0C8217FBF2CB9C10A5C60FF285919BCAF238E89FBAA4771CAD13D4A69AB2C1FFF0A44D2F9287F1E70D58210AE859074B3969EE800A9D1507BA48582BD1E03CC234B0CB11408BE0932763EDC99CA4BEC6E496A452237F920972C629714EA2F1FF212460C23B66DB56BC73E94743D32D2CD3536A17A136F56D7F7C24E3B8F102F48BBB21633279D3E584E71DC37B436104CA69A6BB3
-
- P = 178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239
- G = 49567166504681114998529684425585849617514862026978329597099192087961538717407709177883083441369264146939535263894140299406849834767828526204179623557679393249247253593623658376992386256295047165071989556654741504656225128772294708626157371448610928885819291350567633953878147205134001752476855481804967677085
- X = 3756315909532643155590215634844150624450334340186095
- Msg = DF72B687F62AFEA3A51195EE876E4C87708F7ABB8D2D5DD72B68256DAC6D
--Nonce = 0B333C9C486C5F3A96F37D00133ADD18113376C9BE76
- Ciphertext = 4156CF437A39C415B212AAA34C9AACAFA3F3113F53BB75E0BD3D759089E21754EF89B4BA1A8B37E5EDA13F8A2F87D16F03F3B6FE19A5CF799B17D83F7B5E9A225F324AAD7D46E80A1DAFCA337A3F500930A7831D1F3785763EB9A6994063CED033177E1CA2770B751B3053C1445ADFEAED790E49E4685A05B9563D1EF32BD321971D541B525D648EA7C8741D8FA7E46293D46A0F4345BE73EA4FAF1E4C16BCBE11C53BA0FCBA2975BD37F11FE5ADA8731CAED3C403EA6E43AE47ADAA7E28433404AD3ADE6AA8E12BFC374BADAAFB167F3AAF91DC6F8398003E5F8528E8D4773F800D48C8EDDAEDD72A3870E97679F946CE27FB692BC11677757A28F3899A3DA8
-
- P = 178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239
- G = 49567166504681114998529684425585849617514862026978329597099192087961538717407709177883083441369264146939535263894140299406849834767828526204179623557679393249247253593623658376992386256295047165071989556654741504656225128772294708626157371448610928885819291350567633953878147205134001752476855481804967677085
- X = 4304232149632055597449717737864742436448127103739097
- Msg = F73BB7E5C8A5619380
--Nonce = 0AD9527B09EAD1E59B4A1CAF58C861B69A856AB8AA80
- Ciphertext = C9881464A37749949D66D75CD9B7A8ACAD33DD1FAC7561F684E9CB5343D2ED15969D7EDB4135518B50F0FEC9A9559C1D5E44DAB42C14BBDE2D2711EA4D02D7F27D1A9BCFEC9E8B73FA64BA3C54707FDDE7D5BE695E17FB9D259FB576FD4E57D66C8F727DC236E2A6E9FD01709D34B8D09F7DD3890F003EBE616042B4E0A8A00F6C3F34DE7E002FE72A84AF8D014D64E8CD08B9B56CC3A6BBE6F966B92105A92C5ABF4F2BF735670622F6213FE9739FAD65692E1C0EBF708A47E18600A22972A5A3DA0F22D11C581D46F734151A083FF757E961351EB183B467A859FBB9ED1DAC396FA405701FD6E3A62EB126E93648C3C6DFA9C4DBF3C005880F4799F66B310E
-diff --git a/src/tests/data/pubkey/elgamal_encrypt.vec b/src/tests/data/pubkey/elgamal_encrypt.vec
-new file mode 100644
-index 0000000000..059eb1668d
---- /dev/null
-+++ b/src/tests/data/pubkey/elgamal_encrypt.vec
-@@ -0,0 +1,32 @@
-+# These were generated by Botan and not checked against other implementations
-+
-+Group = modp/ietf/1024
-+Secret = 0xCC13EE3533858E0F0024FFC935DC5BD297DEC9385AC8EF7E
-+Msg = 1C
-+Nonce = EEE23AAA149AF29E18EF8D66AD8D4BACB72076BAE583A297
-+Ciphertext = D73F6E5CEF558B92C924FEC2329774ACD75E7CEA04D2485F07920EF4E5B86E361E23E42AB6F3A97F5B1F46218BF3C00E93A2EA981B8BB48EDD020A3F96D61FDA0F3E4D26F5538B2179B7D7E333CE78414F18E6CD0AE74C3F44FBFAC9121A3A6CF80C85E89280F9BC476078F9FD686A6500590B1AD75616C0A92BC73838A6D4437368304638242BCD628A72EA432FE7C1892922136B3C19B39990980185328E5BBD35DE42549819C8E301348320BA80602E751172D9ACAA8E0B67FB97996310BC0C14B9E40626FE54138851E4BC4CA4CB2F0A1F3D3F042556A4942B2B03B4C2F75E50260365865FEE0050DAC3604E78708715549FF878F1B337D6ABF8B695462F
-+
-+Group = modp/ietf/1536
-+Secret = 0x8D81343C4994DAF21AD0E6CB88C74F55529925EC953381470B72B3C8
-+Msg = 7F0CCACA157707BF03
-+Nonce = F0A0844B268ECEABA04827E7CE9F960119E0053CFBA00ADA47604857
-+Ciphertext = 2EDE1A9F975FCAF943AEEB51EB37EAEDF54C4D939D0DCF7C80874A3BF8601B511685B1FDE52E07D8894EA647C50E480DE7A48ACADD89F79EEB9411234507CE6AB8503BD47B284134E301A78BD7FAC8D8B15A5D1424B820FF3FE1F363FC88FF510183165F52EE022A55EC43D4DD75763297C13F9EE3BCD579ADBA6800348F0C6240F49744B385737926A770EDF67257E7F5654C478C614700B6D2D671A13B28006C11C499BEB29658EF10C3E2EEC390A972372EBF733BA6EE5F4D600AAE1DDDC87EFA6D9FB05CBC995F82C3EF47CF862715E17DF7CC948846E849661D5C82C6A120610D90BB2D373D189A0BF13175F551326ECACF2D349A4BD2D265FDAC716E4B0A5D850E7EDA92CF9F8863BF1CD31C3888BFD81500DA4C615575EE8FA27615EF8E4B9D23A53852B236057E15DA7FC5827668A7B8AA699D3F79201567F4F0DAF7D89919906486A66ABA689FFD9E3BB5F0D1C677CCC12EA29BBFE1083C4FC349EE7E236BC8DC02DEE063E7F7C7B719E3176739D55196A2B7E6C3AA2A543135AB8F
-+
-+Group = modp/ietf/2048
-+Secret = 0xA9F666E685F4F0BAFFF22C407B28461591CBF43F8DA1A8C3B1510BB6AA3BCD6C
-+Msg = D830F02AA1AE9328CF3F2C6CB7D86875
-+Nonce = DFA4E0979DADE5A620C4B9ED87C205F34D7AE739761BCDD060A9EC530E066538
-+Ciphertext = E8AC61EE6EA9DCBEDF5DD10247240E0FF3A6D1B1D2C9832A73C5EF2F96FB23C6FA571F9E407089ADAB459086B4331DBCBB3E5FC69B996748131D0D499EFF4F3654CEF8ED3C14C97C4985E5E0D6E0714E789F9D926CB26A23ACB52D6308CDB3C4DBF92F7A701513B133A0512A0CC16E13BCC7F983BC181C71A42252D48B113BAB4B861430AC6157E3043BD861C44D0804CCBB0B9D5BA599650DABE9FA7BF286EB08A97D11D5F88CB0157A4522E2C9F4EF53EB9D7679974C5AD86554EED49736D0D7B39461B92C73CBBEBAD8E92A6501293AE9A5BF0FBDA11BC743E032F78740F96F8CD71D30EA0F17F42181783C908A6008E339620CCB80226E9CDD7E5D50DEF9310DF03C971955CCF70557C9816049C2137CB7554998BD90B81AD549E9B65347E4BC798039BF05929DED052EE816EA3A87014B0D25E2E279B7736446201F52E542AA6E494BDC6D02A9A0479E1F90D5F3898A36AF7BA03E8F0BCBBF891A1C1B0B300EA664349E765EA331841ABC7963012C623318EF9B681711461ECC83EDC88722DE5E16FF1AB57B23F285CC5E75F6FCB46EEC9F919D1C089E7C045535E64A97F16662DF9CEFFB0E6C9C6402A43E47D1D073A5555A470E2451809234ABFD463A013D70288BA4A093E51FCED6A434886ED70490D63DFD809F27A773CDAC3D848A21C2937CA194C4FFBF8E50C05AEB3A530A7AB8B39B91A72EA45034A2FF8F16B1
-+
-+Group = modp/ietf/3072
-+Secret = 0x981606068AE29B5B86E6F1E4E578010E43E1DBCB12504857CA6CDFC77913EFF0B3F563E1DDB40934B4F33099A6BF8EE8
-+Msg = 0E738AF35B6AE8951E5C3BF8EB
-+Nonce = F53B7EF9224D33392AE79CA3816755F066A2B15689B157FBA588CD5C247EFC9050DB2F84FA40C12E3493230D94D89306
-+Ciphertext = 659C8E28BF6A26E5D55386E437F2B66282EB9F9ECA54522D8A1FDE6BC6C4D65E5412D030BDC9833F93E3653B7B58FFD66A2EBFB8AAF1F7BBB52C3CD43E08DDB3D2C73E26EEA988EEF9CFDC9C59872B4D2454A1F500911B4D3BD3EED99107FAF39D97A3302166AD5B0381ECAB769953406DD3FEB502D23587D9CF2C89F93FE6A73167E3734CD0676EE95F7C43A558A56E7B0264A6084875D1E7F2312FA7BA7145AAA5921F904EDDC7A6EC823C57AFE323E4368CD7D47CAF2F8A94D6D3117A8BE92BAF6F0392A20C7FCFE381789755B7B47B9C5496382FF26533EA7F911472F02E2F9E29CAC9CFF4AEB90C36E55A1AF5D0259B195E2824C7F6B40299D8A0858E162B3D9392E323F62B48DA629089902F16D01D1AB3DCFBAAB46F1E74ECA6560B3A97E85E9B88B8F11AA83F78E8E542B8A3B4C0E7B47220594979BC7DD12E97238EB4B91D23A8F2D5362CB8B08C1F07B3461AD0968FB3053F60ECC2B3C0E900A0A7C2924C3FA79CCB43B33B336B807C6F4B83A7AE0112BD72A13822E3CD0B2E2AF7717F2CB21BE02D8DB0EB3BCCF66836BD83C828C221569EFCAA53124D206CB51D3718BC1511799DEA0558DD6FDBFB06B3D96BAC451FE71A4244BD3CD6826BF27EA3CC7782C17DCAF52EAA944CEA734D011145F10A4132A271349A8BF1ED0D7F7EF2ABC7031475B4397574F8A7EC4F5480D85CF0CA1F7C69097A2A009FFD4927AA769FD821F64741812FE5DB996ECAD3265CE93DBA7B40532A2133FB8EE5066A0C5F91C7E0F3902B6CEA39D5BB4B59B2993B5DAA2B61FF589BF45613D1EF36D5F7D959E8255C0010EC439AAE1C9B682BAC92C2883ED279CD8C644A301150879EB8D37B217B36447CBAC37C132C0278AA8CB38A8596392E3A3CAA91573370ED44DF46311EEE878B63F947F2A28930133D343737502623D0C7D3EA5D8D8123D7963C70AD30CC865BCD68F96C1A13A3484AB4EF3828CE338BF8E087F2300B777D556974D5E23FAFD55AB54353BCA31BEC13003AC7258510578F96B8F1E2254E91768A78CF9FCC6D8CFB0493701D523F75EC25B37B623B5A73A28009DBC169A084E95D
-+
-+Group = modp/ietf/4096
-+Secret = 0xB73A80EB48DB4DF3108BE1345281A1B39B4373BFE71CB4DA9F3594A94C525E2E288F06089F61C1D29D6A99EA775C05D6
-+Msg = D413DAC9D341361F17EDCE1C46A04D343424251B
-+Nonce = B9AFD0F2F97C677BD3088B032696E7928DD62AD20912367113CFE5ABEEB7B4DFAD22E30442B04571CDC683D9971DE257
-+Ciphertext = 085E76D450C7FF0B2DB59D41D12596AD1B0D8AF877F5C63416D2B355ED137A5AEAB3B75AC4CBFB5168F37EC02724EA057ED5B9AAF0C40D5469FB9E068C7E090C6EB411CDFBC9A500294E2433A9F879F52F8359B0865128A76801B7C4E22D5A3A6279F755291ECC9454AC3C1F1395DA5FA8E25CD951FCBF9B569EED304B3B82B0198913FAFD0B9A3ED32A64B0E394F96C153D25FBFEF92ECB38F79F2DE12570A041C8B4E8ADB998D6A559BC9640EBA8B61A6D0387CF0CA621B6C3F60D464DE7D27D5347F79CABD09533219DD2CDA8BAB74E886E206409A94054CCF3EBBA570C33FE456BD6B0BEB564F406AF49400550AE01A21A68126C90E0B8295CB7F9C2F4C790D8B0FEFD1FC6BFF40A00737AF9EDA25A1BF00E7FEC8CE776C3D24C61EBF48049CE5B27E024B796566BA670090BAB1A6015C01DB57DFDDAD61240F151C61BC80C3BA320050D1E537D501611627531E41793C3468B87F28BF2281CE996957901BE6CE41FAB0F88467ECBC0DE6C5F60AB5A1AF21A9528B0E8BABAD56FA23F2AD3CBC521A8D54047F15F58FC9C5CD4BB322A0838EDAC053415CFED87FD0756FBFF6B052D385C2EED6FD4686E024F7175A9840DF7E74740FF368DA4DAEB879D7C0D265D51809BD6EC6A66717498A4998D0232586CA4C5F7858EBEC824821CDBD1133DA557612A398EA8F9AC959A39381FCF1D727D08136CAFC4D72E9A945043E6DE2C67F6B55C21B7EDBFDCEA2B63CF9A5BB931DFE76CA2BE5D3D964AA2C348E6DFBA4FFC4D5E463105E243BD20AF38531A70BE1DD4930F998E28C3182665507700976BC14438452179747E623B2E5328A3ED5925FA526AE897ACF67059D76D159CB31D85F03589A4874AB11A7E2BB680FCEF7A4CEBFD98B0DC18BC1AF838524107E3264C2FDACF883ED2701CF3306E83CB8E75F5ED148F3377A77474D47522596F50DADEFC149A91C619F4A9366771681CAE1A82AA57BB038E0180BD38C4323928E63FA890B85009B1A25C022AEE8DB4D7F4E34260677A22B3BC7F24089E98FC484B93EC95ED68D9D56B2F6DDBCE73AB844F5CBBD908E51651517F6920DC42F41B874EEB9DA244C4485D2A931C7A76E99D490E6B3D4AE44484CAE4B784A0773782D2B9CFB4D893E79D35CF4282CB9A70EA53700F49F6F47F374161D0B820690D2C99E3A2602B31E659E64E5D4D4BD111C73FD5AF47412748091E272947A307309F3732E04FA848AACC312ADD0323F09F7947788D9F2BC55BDB7DDDD1FE664C5C9E861F6052F8F94084927116CAB24C6B11FEE69ADD2BCED4CC7EF330519D287531861A75E0F00CA8E52CBE9B77E8F840168937222D5851C84195DD4E698AB8BB558A05026EBC09520A1B1F0BC44F699478A69E1C1384F37F16102DE90ED960CEFFD9EA299FB79D416F3AF6CCD1A022895CFE032AC65978486998E3714A56E3DBAE
-+
-diff --git a/src/tests/data/pubkey/workfactor.vec b/src/tests/data/pubkey/workfactor.vec
-index 7d8999da84..1b7fa70235 100644
---- a/src/tests/data/pubkey/workfactor.vec
-+++ b/src/tests/data/pubkey/workfactor.vec
-@@ -24,20 +24,26 @@ ParamSize = 14400
- Workfactor = 256
-
- [DL_Exponent_Size]
-+ParamSize = 192
-+Workfactor = 191
-+
-+ParamSize = 512
-+Workfactor = 192
-+
- ParamSize = 1024
--Workfactor = 86
-+Workfactor = 192
-
- ParamSize = 1536
--Workfactor = 103
-+Workfactor = 224
-
- ParamSize = 2048
--Workfactor = 116
-+Workfactor = 256
-
- ParamSize = 3072
--Workfactor = 138
-+Workfactor = 384
-
- ParamSize = 4096
--Workfactor = 156
-+Workfactor = 384
-
- ParamSize = 8192
--Workfactor = 208
-+Workfactor = 512
-diff --git a/src/tests/test_elg.cpp b/src/tests/test_elgamal.cpp
-similarity index 54%
-rename from src/tests/test_elg.cpp
-rename to src/tests/test_elgamal.cpp
-index 6a6bdb8b54..cb69657251 100644
---- a/src/tests/test_elg.cpp
-+++ b/src/tests/test_elgamal.cpp
-@@ -1,5 +1,5 @@
- /*
--* (C) 2014,2015 Jack Lloyd
-+* (C) 2014,2015,2020 Jack Lloyd
- *
- * Botan is released under the Simplified BSD License (see license.txt)
- */
-@@ -17,15 +17,33 @@ namespace {
-
- #if defined(BOTAN_HAS_ELGAMAL)
-
--class ElGamal_KAT_Tests final : public PK_Encryption_Decryption_Test
-+class ElGamal_Encrypt_Tests final : public PK_Encryption_Decryption_Test
- {
- public:
-- ElGamal_KAT_Tests()
-+ ElGamal_Encrypt_Tests()
- : PK_Encryption_Decryption_Test(
- "ElGamal",
-- "pubkey/elgamal.vec",
-- "P,G,X,Msg,Nonce,Ciphertext",
-- "Padding") {}
-+ "pubkey/elgamal_encrypt.vec",
-+ "Group,Padding,Secret,Nonce,Msg,Ciphertext") {}
-+
-+ std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override
-+ {
-+ const Botan::BigInt x = vars.get_req_bn("Secret");
-+ const Botan::DL_Group grp(vars.get_req_str("Group"));
-+
-+ std::unique_ptr<Botan::Private_Key> key(new Botan::ElGamal_PrivateKey(Test::rng(), grp, x));
-+ return key;
-+ }
-+ };
-+
-+class ElGamal_Decrypt_Tests final : public PK_Decryption_Test
-+ {
-+ public:
-+ ElGamal_Decrypt_Tests()
-+ : PK_Decryption_Test(
-+ "ElGamal",
-+ "pubkey/elgamal_decrypt.vec",
-+ "P,G,X,Msg,Ciphertext") {}
-
- std::unique_ptr<Botan::Private_Key> load_private_key(const VarMap& vars) override
- {
-@@ -53,7 +71,8 @@ class ElGamal_Keygen_Tests final : public PK_Key_Generation_Test
- }
- };
-
--BOTAN_REGISTER_TEST("pubkey", "elgamal_encrypt", ElGamal_KAT_Tests);
-+BOTAN_REGISTER_TEST("pubkey", "elgamal_encrypt", ElGamal_Encrypt_Tests);
-+BOTAN_REGISTER_TEST("pubkey", "elgamal_decrypt", ElGamal_Decrypt_Tests);
- BOTAN_REGISTER_TEST("pubkey", "elgamal_keygen", ElGamal_Keygen_Tests);
-
- #endif
-diff --git a/src/tests/test_workfactor.cpp b/src/tests/test_workfactor.cpp
-index fe61f80e46..8c11869c73 100644
---- a/src/tests/test_workfactor.cpp
-+++ b/src/tests/test_workfactor.cpp
-@@ -34,7 +34,7 @@ class PK_Workfactor_Tests final : public Text_Based_Test
- }
- else if(type == "DL_Exponent_Size")
- {
-- output = Botan::dl_exponent_size(param_size) / 2;
-+ output = Botan::dl_exponent_size(param_size);
- }
-
- Test::Result result(type + " work factor calculation");
diff --git a/main/btrfs-progs/APKBUILD b/main/btrfs-progs/APKBUILD
index 298d4129da..078b06c4b2 100644
--- a/main/btrfs-progs/APKBUILD
+++ b/main/btrfs-progs/APKBUILD
@@ -2,19 +2,37 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=btrfs-progs
-pkgver=5.16
+pkgver=5.18.1
pkgrel=0
pkgdesc="BTRFS filesystem utilities"
url="https://btrfs.wiki.kernel.org"
arch="all"
license="GPL-2.0-or-later LGPL-3.0-or-later"
depends_dev="linux-headers"
-makedepends="$depends_dev acl-dev asciidoc attr-dev autoconf automake
- e2fsprogs-dev libtool lzo-dev py3-setuptools python3-dev util-linux-dev
- xmlto zlib-dev zstd-dev eudev-dev"
-subpackages="$pkgname-doc $pkgname-static $pkgname-dev
+makedepends="$depends_dev
+ acl-dev
+ asciidoc
+ attr-dev
+ autoconf
+ automake
+ e2fsprogs-dev
+ libtool
+ lzo-dev
+ py3-setuptools
+ python3-dev
+ util-linux-dev
+ xmlto
+ zlib-dev
+ zstd-dev
+ eudev-dev
+ py3-sphinx"
+subpackages="$pkgname-doc
+ $pkgname-static
+ $pkgname-dev
$pkgname-bash-completion
- py3-$pkgname:py3 $pkgname-libs $pkgname-extra"
+ py3-$pkgname:py3
+ $pkgname-libs
+ $pkgname-extra"
source="https://www.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs/btrfs-progs-v$pkgver.tar.xz"
builddir="$srcdir/$pkgname-v$pkgver"
@@ -71,5 +89,5 @@ extra() {
}
sha512sums="
-3ba557134b19f1abb6c63bf3e2092852f92e988677c4bcf9421c824824b87565ae5cc0e5bca0370be81766a8c8fbda21dfb443dcd159f705f31e70b6bf19aa63 btrfs-progs-v5.16.tar.xz
+265a03b0db00a231ad51bb75fb161dee0a7a51cd120a696ca0524f08ef635b18afe43b391fa9889a4a79734ccc3931e4374bd950eb26dc47ddc8482368efed0e btrfs-progs-v5.18.1.tar.xz
"
diff --git a/main/bubblewrap/APKBUILD b/main/bubblewrap/APKBUILD
index b3fad96bde..ebc23f8f14 100644
--- a/main/bubblewrap/APKBUILD
+++ b/main/bubblewrap/APKBUILD
@@ -1,14 +1,14 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=bubblewrap
-pkgver=0.5.0
+pkgver=0.6.2
pkgrel=0
pkgdesc="Unprivileged sandboxing tool"
url="https://github.com/containers/bubblewrap"
arch="all"
license="LGPL-2.0-or-later"
options="!check" # Testsuite fails
-makedepends="autoconf automake libcap-dev docbook-xsl"
+makedepends="bash meson libcap-dev docbook-xsl"
subpackages="$pkgname-doc $pkgname-bash-completion $pkgname-zsh-completion"
source="bubblewrap-$pkgver.tar.gz::https://github.com/containers/bubblewrap/archive/v$pkgver.tar.gz"
@@ -16,28 +16,17 @@ source="bubblewrap-$pkgver.tar.gz::https://github.com/containers/bubblewrap/arch
# 0.4.1-r0:
# - CVE-2020-5291
-prepare() {
- NOCONFIGURE=1 ./autogen.sh
- default_prepare
-}
-
build() {
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --prefix=/usr \
- --mandir=/usr/share/man \
- --infodir=/usr/share/info \
- --localstatedir=/var \
- --with-priv-mode=none \
- --enable-require-userns=yes
- make
+ abuild-meson \
+ -Drequire_userns=true \
+ . output
+ meson compile ${JOBS:+-j ${JOBS}} -C output
}
package() {
- make install DESTDIR="$pkgdir"
+ DESTDIR="$pkgdir" meson install --no-rebuild -C output
}
sha512sums="
-9d1faa02aaf78a8005d5f032cfc708d9823b5d110bd35f600a7d075122eeda785db72dd5c5e416a35ade437cd0ff9b176d24aea980971e304600e03c793d1865 bubblewrap-0.5.0.tar.gz
+09b89836242941bd5d1975a64a9543caae77c344ace7baf06670fddbfce28be22728cf0a7e4c2df142b2d89a903df92cfd4671b442058953ea4ebb099eb05577 bubblewrap-0.6.2.tar.gz
"
diff --git a/main/build-base/APKBUILD b/main/build-base/APKBUILD
index 7dff94e7ec..709b5eec6b 100644
--- a/main/build-base/APKBUILD
+++ b/main/build-base/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=build-base
pkgver=0.5
-pkgrel=2
+pkgrel=3
url=http://dev.alpinelinux.org/cgit
pkgdesc="Meta package for build base"
depends="binutils file gcc g++ make libc-dev fortify-headers patch"
@@ -11,7 +11,7 @@ if [ "$CHOST" != "$CTARGET" ]; then
depends="binutils-$CTARGET_ARCH gcc-$CTARGET_ARCH g++-$CTARGET_ARCH $depends"
fi
arch="noarch"
-license=none
+license="MIT"
options="!check"
build() {
diff --git a/main/busybox-initscripts/APKBUILD b/main/busybox-initscripts/APKBUILD
index 84bea82d4c..65bec6c676 100644
--- a/main/busybox-initscripts/APKBUILD
+++ b/main/busybox-initscripts/APKBUILD
@@ -1,24 +1,32 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox-initscripts
-pkgver=4.0
-pkgrel=5
+pkgver=4.1
+pkgrel=1
pkgdesc="Init scripts for busybox daemons"
url="https://git.alpinelinux.org/aports/tree/main/busybox-initscripts"
arch="noarch"
license="GPL-2.0-only"
-depends="busybox openrc>=0.24.1-r6"
+depends="busybox openrc>=0.24.1-r6 mdev-conf=$pkgver-r$pkgrel"
makedepends=""
install="$pkgname.post-install $pkgname.post-upgrade"
-subpackages=""
-options="!check"
+subpackages="mdev-conf:_mdev_conf"
+checkdepends="bats"
replaces="alpine-baselayout openntpd"
source="acpid.initd crond.initd dnsd.initd httpd.initd inetd.initd klogd.initd
mdev.initd ntpd.initd rdate.initd syslog.initd udhcpd.initd loadkmap.initd
watchdog.initd crond.confd klogd.confd ntpd.confd rdate.confd syslog.confd
watchdog.confd loadkmap.confd mdev.conf dvbdev usbdev persistent-storage
+ ptpdev
+ ptpdev.bats
"
+check() {
+ cd "$srcdir"
+ msg "running tests"
+ bats *.bats
+}
+
package() {
local i
cd "$srcdir"
@@ -32,7 +40,8 @@ package() {
install -m644 "$srcdir"/$i "$pkgdir"/etc/conf.d/${i%.*} || return 1
done
install -m644 mdev.conf "$pkgdir"/etc
- install -m755 dvbdev usbdev persistent-storage "$pkgdir"/lib/mdev/
+ install -m755 dvbdev persistent-storage ptpdev usbdev \
+ "$pkgdir"/lib/mdev/
# poweroff script for acpid
cat >"$pkgdir"/etc/acpi/PWRF/00000080 <<EOF
@@ -42,6 +51,12 @@ EOF
chmod +x "$pkgdir"/etc/acpi/PWRF/00000080
}
+_mdev_conf() {
+ pkgdesc="Configuration files for mdev and mdevd"
+ depends=
+ amove etc/mdev.conf lib/mdev
+}
+
sha512sums="
dd548670114a92404b8e35fb915fdbe5994498b05b0a418583271c3dd72fb7800950e42c095c902a014eb198c046b8a346d43dccd8e7a158048ae33767c572ed acpid.initd
c9d0fb0f8cc27d661d3b4e58c56eb598ca368890576e18ffffd42efdf68ba35537656be9be319b2e2818aa0152d3ca8611bece2433512fbfcd4eed7988765549 crond.initd
@@ -63,8 +78,10 @@ b0ba67585f39d83320ed6de183d7463a0e163807b9f3dc6f0baa212236056f22aeb2c5399dfdcd54
bf8173ee33a5d2b61cbdbc1b070e599a17a21e5433a0d8aa9beef71e4ac831304076af8e7e58dc594cdee61562329793afdc57af91e5496bf5fffb9b734a3d9c syslog.confd
359af0a4a1841dd6557eaf3e71d39f0d7a2687bad6a8fc6ef436eccf72a40f85c6400a3b7880c7f64d8e460b6af8a0ff3dd5ffc3a4b1aa8eb0d8f7eaf99ee3e4 watchdog.confd
acbba3385fb2c416362eb9176f24146b617a2e394ee0e00b9eff89350f82468a5ab8396f4f52b0aaf03d341ac6150c73182e808fa3f29a2dc71c69271cdfb811 loadkmap.confd
-634fa067629febcdd8ba9516fbaafddd5be2d38ac37bff9eccfacce0fcf3b259426c12ff967b179bd93b2962401a4a2f15709d32da0623bd078688b8611817cd mdev.conf
+b5c299d5dcd854eb23717aab6938e2e1c9572d10ed667595b4a98f9cddca9f81c3f8f7ae508b62db5fe203c45c696d3c2a9ce62761aa329b2bcfcc5e5a3a9224 mdev.conf
ebd82f935da2ca89097234dd8a8f47e179a423652c151123a1f3343f3e1e7bfaba2b8800380e988d4e8f4294545d3a9ab6708ae2e77c5b108b5f091bbce8f94a dvbdev
b2dcf0ded9264334d79fbbb05dd12d649dc3119a060db5893f0e8aeca2141323961c3ba4c822a0ffb00dba848742d5cb374dc77e776b57cecde352a3e8e30f8a usbdev
0f54666072a8ee32965cc1b5205a6d35bc2ba6655f298c37ba9ccd72949fa7c41b1e540ec91f41b11f4b261ace614cdcc42dccf390bf0a22698d0ba499feae39 persistent-storage
+46b9379a5def08ce0afffae546693c19be158ca4fa4ce3c619ec81e0adbaa087ea5dd6df10abbfcd59bfdaf351d7170a7d24c2b403eceeb80f4f04f090630227 ptpdev
+5e1f6fabd7845f9cd6f90477f10a0b428b4414caed18a6dfe8e86e2ce3d373521d593aa6a9ee475b138a18b15c7a403a2bb0e1987b1dbdb6d465ebd7d5836a86 ptpdev.bats
"
diff --git a/main/busybox-initscripts/mdev.conf b/main/busybox-initscripts/mdev.conf
index 903786fd00..0857942cab 100644
--- a/main/busybox-initscripts/mdev.conf
+++ b/main/busybox-initscripts/mdev.conf
@@ -58,7 +58,7 @@ vcs[0-9]* root:tty 0660
vcsa[0-9]* root:tty 0660
# rpi bluetooth
-#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N &
+#ttyAMA0 root:tty 660 @btattach -B /dev/$MDEV -P bcm -S 115200 -N &
ttyACM[0-9] root:dialout 0660 @ln -sf $MDEV modem
ttyUSB[0-9] root:dialout 0660 @ln -sf $MDEV modem
@@ -87,6 +87,9 @@ sequencer.* root:audio 0660 >sound/
SUBSYSTEM=sound;.* root:audio 0660
+# PTP devices
+ptp[0-9] root:root 0660 */lib/mdev/ptpdev
+
# virtio-ports
SUBSYSTEM=virtio-ports;vport.* root:root 0600 @mkdir -p virtio-ports; ln -sf ../$MDEV virtio-ports/$(cat /sys/class/virtio-ports/$MDEV/name)
@@ -130,5 +133,9 @@ ida/(.*) root:disk 0660 =ida/%1
rd!(.*) root:disk 0660 =rd/%1
rd/(.*) root:disk 0660 =rd/%1
+# tape devices
+nst[0-9]+.* root:tape 0660
+st[0-9]+.* root:tape 0660
+
# fallback for any!device -> any/device
-(.*)!(.*) root:root 0660 =%1/%2
+(.*)!(.*) root:root 0660 =%1/%2
diff --git a/main/busybox-initscripts/ntpd.initd b/main/busybox-initscripts/ntpd.initd
index ad738057da..ad738057da 100755..100644
--- a/main/busybox-initscripts/ntpd.initd
+++ b/main/busybox-initscripts/ntpd.initd
diff --git a/main/busybox-initscripts/ptpdev b/main/busybox-initscripts/ptpdev
new file mode 100755
index 0000000000..56757fba28
--- /dev/null
+++ b/main/busybox-initscripts/ptpdev
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+symlink_action() {
+ case "$ACTION" in
+ add) ln -sf "$1" "$2";;
+ remove) rm -f "$2";;
+ esac
+}
+
+clock_name=$(cat ${SYSFS:-/sys}/class/ptp/$MDEV/clock_name 2>/dev/null | sed -e 's/ /_/g')
+case "$clock_name" in
+ KVM_virtual_PTP) symlink_action $MDEV ptp_kvm ;;
+ ptp_vmw) symlink_action $MDEV ptp_vmw ;;
+ hyperv) symlink_action $MDEV ptp_hyperv ;;
+esac
diff --git a/main/busybox-initscripts/ptpdev.bats b/main/busybox-initscripts/ptpdev.bats
new file mode 100644
index 0000000000..7c43c482d0
--- /dev/null
+++ b/main/busybox-initscripts/ptpdev.bats
@@ -0,0 +1,49 @@
+setup() {
+ mdevscript=${BATS_TEST_FILENAME%.bats}
+ root="$BATS_FILE_TMPDIR"
+ mkdir -p "$root"/dev "$root"/sys "$root"/bin
+ PATH="$root/bin:$PATH"
+ export SYSFS="$root/sys"
+
+ mkdir -p "$root"/sys/class/ptp/ptp0 \
+ "$root"/sys/class/ptp/ptp1 \
+ "$root"/sys/class/ptp/ptp2
+
+ echo "KVM virtual PTP" > "$root"/sys/class/ptp/ptp0/clock_name
+ echo "ptp vmw" > "$root"/sys/class/ptp/ptp1/clock_name
+ echo hyperv > "$root"/sys/class/ptp/ptp2/clock_name
+
+ cd "$root"/dev
+}
+
+teardown() {
+ rm -r "$root"
+}
+
+@test "ptpdev kvm" {
+ MDEV=ptp0 ACTION=add sh $mdevscript
+ [ $(readlink ptp_kvm) = ptp0 ]
+
+ MDEV=ptp0 ACTION=remove sh $mdevscript
+ run readlink ptp_kvm
+ [ "$status" -ne 0 ]
+}
+
+@test "ptpdev vmw" {
+ MDEV=ptp1 ACTION=add sh $mdevscript
+ [ $(readlink ptp_vmw) = ptp1 ]
+
+ MDEV=ptp1 ACTION=remove sh $mdevscript
+ run readlink ptp_vmw
+ [ "$status" -ne 0 ]
+}
+
+@test "ptpdev hyperv" {
+ MDEV=ptp2 ACTION=add sh $mdevscript
+ run readlink ptp_hyperv
+ [ $(readlink ptp_hyperv) = ptp2 ]
+
+ MDEV=ptp2 ACTION=remove sh $mdevscript
+ run readlink ptp_hyperv
+ [ "$status" -ne 0 ]
+}
diff --git a/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
new file mode 100644
index 0000000000..1d1716e3b0
--- /dev/null
+++ b/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
@@ -0,0 +1,40 @@
+From 0c8da1bead8ffaf270b4b723ead2c517371405d7 Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Sun, 3 Apr 2022 12:14:33 +0000
+Subject: [PATCH 1/2] libbb: sockaddr2str: ensure only printable characters are
+ returned for the hostname part
+
+CVE: Pending
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
+---
+ libbb/xconnect.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libbb/xconnect.c b/libbb/xconnect.c
+index 0e0b247b8..02c061e67 100644
+--- a/libbb/xconnect.c
++++ b/libbb/xconnect.c
+@@ -497,8 +497,9 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ );
+ if (rc)
+ return NULL;
++ /* ensure host contains only printable characters */
+ if (flags & IGNORE_PORT)
+- return xstrdup(host);
++ return xstrdup(printable_string(host));
+ #if ENABLE_FEATURE_IPV6
+ if (sa->sa_family == AF_INET6) {
+ if (strchr(host, ':')) /* heh, it's not a resolved hostname */
+@@ -509,7 +510,7 @@ static char* FAST_FUNC sockaddr2str(const struct sockaddr *sa, int flags)
+ #endif
+ /* For now we don't support anything else, so it has to be INET */
+ /*if (sa->sa_family == AF_INET)*/
+- return xasprintf("%s:%s", host, serv);
++ return xasprintf("%s:%s", printable_string(host), serv);
+ /*return xstrdup(host);*/
+ }
+
+--
+2.35.1
+
diff --git a/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch b/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch
new file mode 100644
index 0000000000..f1bf02fdd2
--- /dev/null
+++ b/main/busybox/0001-modinfo-add-k-option-for-kernel-version.patch
@@ -0,0 +1,140 @@
+From 8fed81a74070cb42e1dff1a8c2382bd123385e22 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 28 Apr 2022 16:03:16 +0200
+Subject: [PATCH] modinfo: add -k option for kernel version
+
+It is useful to be able to specify kernel version when generating
+initramfs and similar for a kernel version that might not be the running
+one.
+
+bloatcheck on x86_64:
+
+function old new delta
+packed_usage 26193 26218 +25
+modinfo_main 391 414 +23
+.rodata 80296 80298 +2
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 3/0 up/down: 50/0) Total: 50
+bytes
+ text data bss dec hex filename
+ 834606 14124 2008 850738 cfb32 busybox_old
+ 834657 14124 2008 850789 cfb65 busybox_unstripped
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ modutils/modinfo.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/modutils/modinfo.c b/modutils/modinfo.c
+index 0a86c3296..53bc02880 100644
+--- a/modutils/modinfo.c
++++ b/modutils/modinfo.c
+@@ -38,17 +38,18 @@ static const char *const shortcuts[] ALIGN_PTR = {
+
+ enum {
+ OPT_0 = (1 << 0), /* \0 as separator */
+- OPT_F = (1 << 1), /* field name */
++ OPT_k = (1 << 1), /* kernel version */
++ OPT_F = (1 << 2), /* field name */
+ /* first bits are for -nadlp options, the rest are for
+ * fields not selectable with "shortcut" options
+ */
+- OPT_n = (1 << 2),
+- OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 2,
++ OPT_n = (1 << 3),
++ OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 3,
+ };
+
+ static void display(const char *data, const char *pattern)
+ {
+- int flag = option_mask32 >> 1; /* shift out -0 bit */
++ int flag = option_mask32 >> 2; /* shift out -0 and -k bits */
+ if (flag & (flag-1)) {
+ /* more than one field to show: print "FIELD:" pfx */
+ int n = printf("%s:", pattern);
+@@ -82,7 +83,8 @@ static void modinfo(const char *path, const char *version,
+ }
+ }
+
+- for (j = 1; (1<<j) & (OPT_TAGS|OPT_F); j++) {
++ /* skip initial -0 and -k option bits */
++ for (j = 2; (1<<j) & (OPT_TAGS|OPT_F); j++) {
+ const char *pattern;
+
+ if (!((1<<j) & tags))
+@@ -90,7 +92,7 @@ static void modinfo(const char *path, const char *version,
+
+ pattern = field;
+ if ((1<<j) & OPT_TAGS)
+- pattern = shortcuts[j-2];
++ pattern = shortcuts[j-3];
+
+ if (strcmp(pattern, shortcuts[0]) == 0) {
+ /* "-n" or "-F filename" */
+@@ -123,7 +125,7 @@ static void modinfo(const char *path, const char *version,
+ }
+
+ //usage:#define modinfo_trivial_usage
+-//usage: "[-adlpn0] [-F keyword] MODULE"
++//usage: "[-adlpn0] [-F keyword] [-k kernel] MODULE"
+ //usage:#define modinfo_full_usage "\n\n"
+ //usage: " -a Shortcut for '-F author'"
+ //usage: "\n -d Shortcut for '-F description'"
+@@ -131,6 +133,7 @@ static void modinfo(const char *path, const char *version,
+ //usage: "\n -p Shortcut for '-F parm'"
+ ////usage: "\n -n Shortcut for '-F filename'"
+ //usage: "\n -F keyword Keyword to look for"
++//usage: "\n -k kernel kernel version"
+ //usage: "\n -0 NUL terminated output"
+ //usage:#define modinfo_example_usage
+ //usage: "$ modinfo -F vermagic loop\n"
+@@ -139,6 +142,7 @@ int modinfo_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ {
+ const char *field;
++ const char *kernel;
+ char name[MODULE_NAME_LEN];
+ struct utsname uts;
+ parser_t *parser;
+@@ -147,15 +151,17 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ unsigned i;
+
+ field = NULL;
+- opts = getopt32(argv, "^" "0F:nadlp" "\0" "-1"/*minimum one arg*/, &field);
++ uname(&uts);
++ kernel = uts.release;
++ opts = getopt32(argv, "^" "0k:F:nadlp" "\0" "-1"/*minimum one arg*/, &kernel, &field);
+ /* If no field selected, show all */
+ if (!(opts & (OPT_TAGS|OPT_F)))
+ option_mask32 |= OPT_TAGS;
++
+ argv += optind;
+
+- uname(&uts);
+ parser = config_open2(
+- xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, uts.release, CONFIG_DEFAULT_DEPMOD_FILE),
++ xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, kernel, CONFIG_DEFAULT_DEPMOD_FILE),
+ xfopen_for_read
+ );
+
+@@ -167,7 +173,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ filename2modname(bb_basename(tokens[0]), name);
+ for (i = 0; argv[i]; i++) {
+ if (fnmatch(argv[i], name, 0) == 0) {
+- modinfo(tokens[0], uts.release, field);
++ modinfo(tokens[0], kernel, field);
+ argv[i] = (char *) "";
+ }
+ }
+@@ -177,7 +183,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+
+ for (i = 0; argv[i]; i++) {
+ if (argv[i][0]) {
+- modinfo(argv[i], uts.release, field);
++ modinfo(argv[i], kernel, field);
+ }
+ }
+
+--
+2.36.0
+
diff --git a/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch b/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch
new file mode 100644
index 0000000000..813010e5f2
--- /dev/null
+++ b/main/busybox/0001-modutils-check-ELF-header-before-calling-finit_module.patch
@@ -0,0 +1,152 @@
+Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088398.html
+Patch-Source: http://lists.busybox.net/pipermail/busybox/2021-January/088399.html
+See-Also: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13427
+
+The purpose of this patch is to remove confusing error messages
+"Module has invalid ELF structures" produced by kernel when loading gzip
+compressed kernel modules using busybox modprobe.
+--
+From: Qu Wenruo <wqu@suse.com>
+Date: Sun, 03 Jan 2021 04:10:52 +0000
+Subject: [PATCH v2] modutils: check ELF header before calling finit_module()
+
+finit_module() and init_module() system calls have clear specification
+to only accept valid ELF image.
+
+Although we try finit_module() on compressed modules to let the kernel
+determine if it's an ELF image, but it's not ideal, especially when
+newer kernel will complain when some invalid files/memory is passed in.
+
+Treat the kernel better by just doing a very basic ELF header check
+before calling finit_module().
+
+Signed-off-by: Qu Wenruo <wqu at suse.com>
+
+diff --git a/modutils/modutils.c b/modutils/modutils.c
+index f7ad5e8058fe..037d609e42df 100644
+--- a/modutils/modutils.c
++++ b/modutils/modutils.c
+@@ -7,6 +7,7 @@
+ */
+ #include "modutils.h"
+
++#include <elf.h>
+ #include <sys/syscall.h>
+
+ #define init_module(mod, len, opts) syscall(__NR_init_module, mod, len, opts)
+@@ -186,6 +187,33 @@ void* FAST_FUNC try_to_mmap_module(const char *filename, size_t *image_size_p)
+ }
+ #endif
+
++#ifdef __NR_finit_module
++/*
++ * Return:
++ * 0 on success,
++ * <0 for error.
++ *
++ * finit_module()/init_module() only accepts ELF format.
++ * Do basic ELF check to avoid calling finit_module() with compressed module.
++ */
++static int check_elf_header(int fd)
++{
++ unsigned char buf[EI_NIDENT];
++ int ret;
++
++ ret = pread(fd, buf, sizeof(buf), 0);
++ if (ret < sizeof(buf))
++ return -EIO;
++ if (buf[EI_MAG0] != ELFMAG0 ||
++ buf[EI_MAG1] != ELFMAG1 ||
++ buf[EI_MAG2] != ELFMAG2 ||
++ buf[EI_MAG3] != ELFMAG3)
++ return -EINVAL;
++ /* Other more comprehensive check will be done inside kernel */
++ return 0;
++}
++#endif
++
+ /* Return:
+ * 0 on success,
+ * -errno on open/read error,
+@@ -212,12 +240,19 @@ int FAST_FUNC bb_init_module(const char *filename, const char *options)
+ * to only allow loading of modules off of secure storage (like a read-
+ * only rootfs) which needs the finit_module call. If it fails, we fall
+ * back to normal module loading to support compressed modules.
++ *
++ * Note that finit_module()/init_module() only accept ELF image, do
++ * basic check before calling finit_module() to avoid kernel
++ * complaining.
+ */
+ # ifdef __NR_finit_module
+ {
+ int fd = open(filename, O_RDONLY | O_CLOEXEC);
+ if (fd >= 0) {
+- rc = finit_module(fd, options, 0) != 0;
++ if (!check_elf_header(fd))
++ rc = finit_module(fd, options, 0) != 0;
++ else
++ rc = 1;
+ close(fd);
+ if (rc == 0)
+ return rc;
+
+diff --git a/modutils/modprobe-small.c b/modutils/modprobe-small.c
+index db44a2ed0ab5..d2cd6a64c1d0 100644
+--- a/modutils/modprobe-small.c
++++ b/modutils/modprobe-small.c
+@@ -24,6 +24,7 @@
+ //kbuild:lib-$(CONFIG_MODPROBE_SMALL) += modprobe-small.o
+
+ #include "libbb.h"
++#include <elf.h> /* for ELF header magic */
+ /* After libbb.h, since it needs sys/types.h on some systems */
+ #include <sys/utsname.h> /* uname() */
+ #include <fnmatch.h>
+@@ -249,6 +250,33 @@ static const char *moderror(int err)
+ }
+ }
+
++#ifdef __NR_finit_module
++/*
++ * Return:
++ * 0 on success,
++ * <0 for error.
++ *
++ * finit_module()/init_module() only accepts ELF format.
++ * Do basic ELF check to avoid calling finit_module() with compressed module.
++ */
++static int check_elf_header(int fd)
++{
++ unsigned char buf[EI_NIDENT];
++ int ret;
++
++ ret = pread(fd, buf, sizeof(buf), 0);
++ if (ret < sizeof(buf))
++ return -EIO;
++ if (buf[EI_MAG0] != ELFMAG0 ||
++ buf[EI_MAG1] != ELFMAG1 ||
++ buf[EI_MAG2] != ELFMAG2 ||
++ buf[EI_MAG3] != ELFMAG3)
++ return -EINVAL;
++ /* Other more comprehensive check will be done inside kernel */
++ return 0;
++}
++#endif
++
+ static int load_module(const char *fname, const char *options)
+ {
+ #if 1
+@@ -272,7 +300,10 @@ static int load_module(const char *fname, const char *options)
+ {
+ int fd = open(fname, O_RDONLY | O_CLOEXEC);
+ if (fd >= 0) {
+- r = finit_module(fd, options, 0) != 0;
++ if (!check_elf_header(fd))
++ r = finit_module(fd, options, 0) != 0;
++ else
++ r = 1;
+ close(fd);
+ }
+ }
+--
+2.29.2
diff --git a/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch b/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
new file mode 100644
index 0000000000..01c45c9ba6
--- /dev/null
+++ b/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
@@ -0,0 +1,68 @@
+From 812b407e545b70b16cf32aade135b5c32eaf674f Mon Sep 17 00:00:00 2001
+From: Ariadne Conill <ariadne@dereferenced.org>
+Date: Sun, 3 Apr 2022 12:16:45 +0000
+Subject: [PATCH 2/2] nslookup: sanitize all printed strings with
+ printable_string
+
+Otherwise, terminal sequences can be injected, which enables various terminal injection
+attacks from DNS results.
+
+CVE: Pending
+Upstream-Status: Pending
+Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
+---
+ networking/nslookup.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/networking/nslookup.c b/networking/nslookup.c
+index 6da97baf4..4bdcde1b8 100644
+--- a/networking/nslookup.c
++++ b/networking/nslookup.c
+@@ -407,7 +407,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ //printf("Unable to uncompress domain: %s\n", strerror(errno));
+ return -1;
+ }
+- printf(format, ns_rr_name(rr), dname);
++ printf(format, ns_rr_name(rr), printable_string(dname));
+ break;
+
+ case ns_t_mx:
+@@ -422,7 +422,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ //printf("Cannot uncompress MX domain: %s\n", strerror(errno));
+ return -1;
+ }
+- printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, dname);
++ printf("%s\tmail exchanger = %d %s\n", ns_rr_name(rr), n, printable_string(dname));
+ break;
+
+ case ns_t_txt:
+@@ -434,7 +434,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ if (n > 0) {
+ memset(dname, 0, sizeof(dname));
+ memcpy(dname, ns_rr_rdata(rr) + 1, n);
+- printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), dname);
++ printf("%s\ttext = \"%s\"\n", ns_rr_name(rr), printable_string(dname));
+ }
+ break;
+
+@@ -454,7 +454,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ }
+
+ printf("%s\tservice = %u %u %u %s\n", ns_rr_name(rr),
+- ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), dname);
++ ns_get16(cp), ns_get16(cp + 2), ns_get16(cp + 4), printable_string(dname));
+ break;
+
+ case ns_t_soa:
+@@ -483,7 +483,7 @@ static NOINLINE int parse_reply(const unsigned char *msg, size_t len)
+ return -1;
+ }
+
+- printf("\tmail addr = %s\n", dname);
++ printf("\tmail addr = %s\n", printable_string(dname));
+ cp += n;
+
+ printf("\tserial = %lu\n", ns_get32(cp));
+--
+2.35.1
+
diff --git a/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch b/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch
new file mode 100644
index 0000000000..944fd38318
--- /dev/null
+++ b/main/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch
@@ -0,0 +1,32 @@
+From 7750b5a25a8cf9081b7c248687c876d0068e85bb Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 1 Mar 2022 09:56:54 +0100
+Subject: [PATCH] ash: fix unsafe use of mempcpy
+
+function old new delta
+subevalvar 1549 1557 +8
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ shell/ash.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 54335c5dd..44ec2eafd 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc,
+ len = orig_len - pos;
+
+ if (!quotes) {
+- loc = mempcpy(startp, startp + pos, len);
++ /* want: loc = mempcpy(startp, startp + pos, len)
++ * but it does not allow overlapping arguments */
++ loc = startp;
++ while (--len >= 0) {
++ *loc = loc[pos];
++ loc++;
++ }
+ } else {
+ for (vstr = startp; pos != 0; pos--) {
+ if ((unsigned char)*vstr == CTLESC)
diff --git a/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch b/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
new file mode 100644
index 0000000000..6ff2b8286e
--- /dev/null
+++ b/main/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
@@ -0,0 +1,81 @@
+From 103728181bfd9a60537166d036e5baca7b67cc1f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net>
+Date: Sat, 29 Jan 2022 06:11:12 +0100
+Subject: [PATCH] ash: fix use-after-free in bash pattern substitution
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+At Alpine Linux downstream, we were made aware of a segmentation fault
+occurring during string replacement in BusyBox ash [0]. Further
+debugging revealed that the segmentation fault occurs due to a
+use-after-free in BusyBox's bash pattern substitution implementation.
+Specially, the problem is that the repl variable (pointing to the
+replacement string) points to a value in the stack string. However, when
+accessing the repl pointer in Line 7350 it is possible that the stack
+has been moved since the last repl assignment due to the STPUTC
+invocations in Line 7317 and 7321 (since STPUTC may grow the stack via
+realloc(3)).
+
+For this reason, the code in Line 7350 may access an unmapped memory
+region and therefore causes a segmentation fault if prior STPUTC
+invocations moved the stack via realloc(3). The valgrind output
+for this edge case looks as follows:
+
+ Invalid read of size 1
+ at 0x15D8DD: subevalvar (ash.c:7350)
+ by 0x15DC43: evalvar (ash.c:7666)
+ by 0x15B717: argstr (ash.c:6893)
+ by 0x15BAEC: expandarg (ash.c:8090)
+ by 0x15F4CC: evalcommand (ash.c:10429)
+ by 0x15B26C: evaltree (ash.c:9365)
+ by 0x15E4FC: cmdloop (ash.c:13569)
+ by 0x15FD8B: ash_main (ash.c:14748)
+ by 0x115BF2: run_applet_no_and_exit (appletlib.c:967)
+ by 0x115F16: run_applet_and_exit (appletlib.c:986)
+ by 0x115EF9: busybox_main (appletlib.c:917)
+ by 0x115EF9: run_applet_and_exit (appletlib.c:979)
+ by 0x115F8F: main (appletlib.c:1126)
+ Address 0x48b8646 is 2,054 bytes inside a block of size 4,776 free'd
+ at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x116E86: xrealloc (xfuncs_printf.c:61)
+ by 0x1565DB: growstackblock (ash.c:1736)
+ by 0x156EF7: growstackstr (ash.c:1775)
+ by 0x156F1A: _STPUTC (ash.c:1816)
+ by 0x15D843: subevalvar (ash.c:7317)
+ by 0x15DC43: evalvar (ash.c:7666)
+ by 0x15B717: argstr (ash.c:6893)
+ by 0x15BAEC: expandarg (ash.c:8090)
+ by 0x15F4CC: evalcommand (ash.c:10429)
+ by 0x15B26C: evaltree (ash.c:9365)
+ by 0x15E4FC: cmdloop (ash.c:13569)
+
+A testcase for reproducing this edge case is provided in the downstream
+bug report [1]. This commit fixes the issue by reconstructing the repl
+pointer relative to stackblock() via strloc and slash_pos.
+
+[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469
+[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469#note_210530
+
+Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>
+---
+ shell/ash.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 55df54bd0..24f9a8270 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7346,6 +7346,12 @@ subevalvar(char *start, char *str, int strloc,
+ idx = loc;
+ }
+
++ // The STPUTC invocations above may resize and move the
++ // stack via realloc(3). Since repl is a pointer into the
++ // stack, we need to reconstruct it relative to stackblock().
++ if (slash_pos >= 0)
++ repl = (char *)stackblock() + strloc + slash_pos + 1;
++
+ //bb_error_msg("repl:'%s'", repl);
+ for (loc = (char*)repl; *loc; loc++) {
+ char *restart_detect = stackblock();
diff --git a/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch b/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
new file mode 100644
index 0000000000..5697a5559a
--- /dev/null
+++ b/main/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
@@ -0,0 +1,34 @@
+From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Tue, 8 Feb 2022 09:29:21 +0100
+Subject: [PATCH] ed: don't use memcpy with overlapping memory regions
+
+The memcpy invocations in the subCommand function, modified by this
+commit, previously used memcpy with overlapping memory regions. This is
+undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
+we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
+implementation catches this source of undefined behavior [0]. The issue
+can only be triggered if the replacement string is the same size or
+shorter than the old string.
+
+Looking at the code, it seems to me that a memmove(3) is what was
+actually intended here, this commit modifies the code accordingly.
+
+[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
+---
+ editors/ed.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/editors/ed.c b/editors/ed.c
+index 209ce9942..4a84f7433 100644
+--- a/editors/ed.c
++++ b/editors/ed.c
+@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
+ if (deltaLen <= 0) {
+ memcpy(&lp->data[offset], newStr, newLen);
+ if (deltaLen) {
+- memcpy(&lp->data[offset + newLen],
++ memmove(&lp->data[offset + newLen],
+ &lp->data[offset + oldLen],
+ lp->len - offset - oldLen);
+
diff --git a/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
new file mode 100644
index 0000000000..3527fa5722
--- /dev/null
+++ b/main/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
@@ -0,0 +1,88 @@
+From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net>
+Date: Mon, 28 Feb 2022 08:36:50 +0100
+Subject: [PATCH] ash: don't read past end of var in subvareval for bash
+ substitutions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Without this patch, BusyBox handles bash pattern substitutions without
+a terminating '/' character incorrectly.
+
+Consider the following shell script:
+
+ _bootstrapver=5.0.211-r0
+ _referencesdir="/usr/${_bootstrapver/-*}/Sources"
+ echo $_referencesdir
+
+This should output `/usr/5.0.211/Sources`. However, without this patch
+it instead outputs `/usr/5.0.211Sources`. This is due to the fact that
+BusyBox expects the bash pattern substitutions to always be terminated
+with a '/' (at least in this part of subvareval) and thus reads passed
+the substitution itself and consumes the '/' character which is part of
+the literal string. If there is no '/' after the substitution then
+BusyBox might perform an out-of-bounds read under certain circumstances.
+
+When replacing the bash pattern substitution with `${_bootstrapver/-*/}`,
+or with this patch applied, ash outputs the correct value.
+
+Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ shell/ash.c | 4 ++++
+ shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 +
+ shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++
+ shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 +
+ shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++
+ 5 files changed, 10 insertions(+)
+ create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+ create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+ create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+ create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+
+diff --git a/shell/ash.c b/shell/ash.c
+index adb0f223a..54335c5dd 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc,
+ *repl = '\0';
+ break;
+ }
++ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */
++ repl = NULL;
++ break;
++ }
+ /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */
+ if ((unsigned char)*repl == CTLESC && repl[1])
+ repl++;
+diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+new file mode 100644
+index 000000000..5bff3a6fa
+--- /dev/null
++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+@@ -0,0 +1 @@
++b/d
+diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+new file mode 100755
+index 000000000..c9513343d
+--- /dev/null
++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+@@ -0,0 +1,2 @@
++a=b-c
++echo ${a/-*}/d
+diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+new file mode 100644
+index 000000000..5bff3a6fa
+--- /dev/null
++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+@@ -0,0 +1 @@
++b/d
+diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+new file mode 100755
+index 000000000..c9513343d
+--- /dev/null
++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+@@ -0,0 +1,2 @@
++a=b-c
++echo ${a/-*}/d
diff --git a/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch b/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch
new file mode 100644
index 0000000000..22a2578e39
--- /dev/null
+++ b/main/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch
@@ -0,0 +1,94 @@
+From 3813e89e3622b034b0e51acae496493a717555cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Wed, 1 Jun 2022 11:51:40 +0200
+Subject: [PATCH] ash: Fix use-after-free on idx variable
+
+Consider the following code from ash.c:
+
+ STPUTC(*idx, expdest);
+ if (quotes && (unsigned char)*idx == CTLESC) {
+
+The idx variable points to a value in the stack string (as managed
+by STPUTC). STPUTC may resize this stack string via realloc(3). If
+this happens, the idx pointer needs to be updated. Otherwise,
+dereferencing idx may result in a use-after free.
+
+The valgrind output for this edge case looks as follows:
+
+ Invalid read of size 1
+ at 0x113AD7: subevalvar (ash.c:7326)
+ by 0x112EC7: evalvar (ash.c:7674)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+ by 0x118989: evalcommand (ash.c:10377)
+ by 0x116744: evaltree (ash.c:9373)
+ by 0x1170DC: cmdloop (ash.c:13577)
+ by 0x1191E4: ash_main (ash.c:14756)
+ by 0x10CB3B: run_applet_no_and_exit (appletlib.c:967)
+ by 0x10CBCA: run_applet_and_exit (appletlib.c:986)
+ by 0x10CBCA: main (appletlib.c:1126)
+ Address 0x48b4099 is 857 bytes inside a block of size 2,736 free'd
+ at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x125B03: xrealloc (xfuncs_printf.c:61)
+ by 0x10F9D2: growstackblock (ash.c:1736)
+ by 0x10FA4E: growstackstr (ash.c:1775)
+ by 0x10FA71: _STPUTC (ash.c:1816)
+ by 0x113A94: subevalvar (ash.c:7325)
+ by 0x112EC7: evalvar (ash.c:7674)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+ by 0x118989: evalcommand (ash.c:10377)
+ by 0x116744: evaltree (ash.c:9373)
+ by 0x1170DC: cmdloop (ash.c:13577)
+ Block was alloc'd at
+ at 0x48A26D5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x125AE9: xmalloc (xfuncs_printf.c:50)
+ by 0x10ED56: stalloc (ash.c:1622)
+ by 0x10F9FF: growstackblock (ash.c:1746)
+ by 0x10FB2A: growstackto (ash.c:1783)
+ by 0x10FB47: makestrspace (ash.c:1795)
+ by 0x10FDE7: memtodest (ash.c:6390)
+ by 0x10FE91: strtodest (ash.c:6417)
+ by 0x112CC5: varvalue (ash.c:7558)
+ by 0x112D80: evalvar (ash.c:7603)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+
+This patch fixes this issue by updating the pointers again via
+the restart label if STPUTC re-sized the stack. This issue
+has been reported to us at Alpine Linux downstream.
+
+Also: Move the second realloc-check inside the if statement
+that follows so it isn't done twice if the condition evaluates
+to false.
+
+See also:
+
+* https://gitlab.alpinelinux.org/alpine/aports/-/issues/13900
+* http://lists.busybox.net/pipermail/busybox/2022-April/089655.html
+---
+ shell/ash.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index ef4a47afe..cbc50eefe 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7323,13 +7323,15 @@ subevalvar(char *start, char *str, int strloc,
+ if (idx >= end)
+ break;
+ STPUTC(*idx, expdest);
++ if (stackblock() != restart_detect)
++ goto restart;
+ if (quotes && (unsigned char)*idx == CTLESC) {
+ idx++;
+ len++;
+ STPUTC(*idx, expdest);
++ if (stackblock() != restart_detect)
++ goto restart;
+ }
+- if (stackblock() != restart_detect)
+- goto restart;
+ idx++;
+ len++;
+ rmesc++;
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 7a8b36c545..7c685460e2 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -1,37 +1,35 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Contributor: Oliver Smith <ollieparanoid@postmarketos.org>
# Contributor: Michal Artazov <michal@artazov.cz>
-# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
pkgname=busybox
pkgver=1.35.0
-pkgrel=1
+pkgrel=17
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url="https://busybox.net/"
arch="all"
license="GPL-2.0-only"
makedepends_build="perl"
+makedepends_host="linux-headers openssl-dev"
+# Only build with UTMPS support if we are not bootstraping.
# skalibs-static is needed for utmps-static
-makedepends_host="
- linux-headers
- openssl1.1-compat-dev
- libretls-dev
- utmps-dev
- utmps-static
- skalibs-static
- "
+[ -z "$BOOTSTRAP" ] && makedepends_host="$makedepends_host utmps-dev utmps-static skalibs-static"
makedepends="$makedepends_build $makedepends_host"
checkdepends="zip"
provides="/bin/sh"
+provider_priority=100
install="$pkgname.post-install $pkgname.post-upgrade
$pkgname-extras.post-install $pkgname-extras.pre-deinstall"
subpackages="$pkgname-static $pkgname-doc $pkgname-suid $pkgname-extras ssl_client $pkgname-ifupdown"
-options="suid !check"
+options="suid net" # net needed for check()
replaces="busybox-initscripts" # move of default.script
triggers="busybox.trigger=/bin:/usr/bin:/sbin:/usr/sbin:/lib/modules/*"
source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch
0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch
0001-properly-fix-wget-https-support.patch
+ 0001-modutils-check-ELF-header-before-calling-finit_module.patch
0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch
0003-ash-exec-busybox.static.patch
0004-app-location-for-cpio-vi-and-lspci.patch
@@ -42,12 +40,24 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
0009-depmod-support-generating-kmod-binary-index-files.patch
0010-Add-flag-for-not-following-symlinks-when-recursing.patch
0012-udhcpc-Don-t-background-if-n-is-given.patch
+ 0013-ash-fix-unsafe-use-of-mempcpy.patch
+ 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
+ 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
+ 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
+ 0017-ash-Fix-use-after-free-on-idx-variable.patch
0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch
0001-avoid-redefined-warnings-when-building-with-utmps.patch
+ test-fix-tarball-creation.patch
+ test-timezone-workaround.patch
+
+ 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+ 0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+ 0001-modinfo-add-k-option-for-kernel-version.patch
+ CVE-2022-30065.patch
acpid.logrotate
busyboxconfig
@@ -59,6 +69,11 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
"
# secfixes:
+# 1.35.0-r17:
+# - CVE-2022-30065
+# 1.35.0-r7:
+# - ALPINE-13661
+# - CVE-2022-28391
# 1.34.0-r0:
# - CVE-2021-42374
# - CVE-2021-42375
@@ -96,6 +111,8 @@ _config="$srcdir"/busyboxconfig
_config_extras="$srcdir"/busyboxconfig-extras
prepare() {
+ # remove SGID if set as it confuses the busybox testsuite
+ chmod -R g-s "$builddir"
default_prepare
mkdir -p "$_staticdir" "$_dyndir" "$_dyndir_extras"
@@ -109,8 +126,8 @@ build() {
msg "Building ssl_client"
# shellcheck disable=SC2046 # Allow wordsplitting for pkg-config
- ${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} $(pkg-config --cflags libtls) \
- "$srcdir"/ssl_client.c -o "$_dyndir"/ssl_client ${LDFLAGS} $(pkg-config --libs libtls)
+ ${CC:-${CROSS_COMPILE}gcc} ${CPPFLAGS} ${CFLAGS} $(pkg-config --cflags libcrypto libssl) \
+ "$srcdir"/ssl_client.c -o "$_dyndir"/ssl_client ${LDFLAGS} $(pkg-config --libs libcrypto libssl)
# build dynamic
cd "$_dyndir"
@@ -121,10 +138,15 @@ build() {
-e "s/CONFIG_EXTRA_COMPAT=y/CONFIG_EXTRA_COMPAT=n/" \
.config
make -C "$builddir" O="$PWD" silentoldconfig
+
+ local _extra_cflags="" _extra_libs=""
+ if [ -z "$BOOTSTRAP" ]; then
+ _extra_cflags="$(pkg-config --cflags --static utmps)"
+ _extra_libs="$(pkg-config --libs --static utmps)"
+ fi
+
# NOTE: Defining CONFIG_EXTRA_LDLIBS in .config doesn't work, the second -l is ignored.
- make \
- CONFIG_EXTRA_CFLAGS="$(pkg-config --cflags --static utmps)" \
- CONFIG_EXTRA_LDLIBS="$(pkg-config --libs --static utmps)"
+ make CONFIG_EXTRA_CFLAGS="$_extra_cflags" CONFIG_EXTRA_LDLIBS="$_extra_libs"
# build dynamic (extras)
cd "$_dyndir_extras"
@@ -154,6 +176,9 @@ build() {
}
check() {
+ # Set VERBOSE to see expected outcome of each test (runtest -v flag).
+ # Set DEBUG to enable command trace (see testsuite/testing.sh).
+
cd "$_dyndir"
SKIP_KNOWN_BUGS=1 make -C "$builddir" O="$PWD" V=1 check
@@ -259,6 +284,7 @@ sha512sums="
ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch
a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch
1efe1c4894ae983fed5ac848125f8603f157b9d91c952c53f4192b48d3e50967e05559851148397b583f34fb02d480393547904b4635e4248248be567ab268ea 0001-properly-fix-wget-https-support.patch
+0cac9b944928500293e366b42e03211d4159d05b622da60664825e5ee87c9bf6d5a8ea5e794584713f7464efb4cdc431e02f439c717b7e62b1864a228bc8cbac 0001-modutils-check-ELF-header-before-calling-finit_module.patch
d8694293edc8cd55cecafeb902f03c01af318e13966f399365cf792b840793891ac086bb67ef83e7a5a2e01b246497a6c6511cb6a856834f6672dee4bca76896 0002-fsck-resolve-LABEL-.-UUID-.-spec-to-device.patch
8c34dd5ce9a6e84279fa6494cbae0b254778976f341af1d0ccc2a3afb405fb22d374e9623ea83d1500da77c7463db2ed5218d2c9f49350a21114bd0bb17fd87d 0003-ash-exec-busybox.static.patch
f9745497abd4d04621f089c62d9f2104c30d54f342125f597292253f2974d385c5f4a46e7d87a5d1b641b11b34ba5221183dd5dad1e3bbe74a787fb8d6a994b7 0004-app-location-for-cpio-vi-and-lspci.patch
@@ -269,14 +295,25 @@ f12916e70f7cc1ef4f6d85d09b9a496a52a494e6318029fdce9a9c812ab5c7b2a046c33b66834127
df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4bee37c729a4d20abf127f615b0e238a667d572137abe6a79e 0009-depmod-support-generating-kmod-binary-index-files.patch
ecbe5c890d966f09280c7eb534109f785c68e292765f17ed7ff62fcc61d20f61443c4155add0a1ebfb67ce8564e104c1aa22a8ef0400e119b0bca2bca3671f2d 0010-Add-flag-for-not-following-symlinks-when-recursing.patch
3ae5ecf3ea66c8d98762432026806fdb67b13a28075c6a3cb6e811a34ef89c2f0ed651946003aaad97fb4b7f74d132af3c394c114b7a72e1d20b319b739c5a6e 0012-udhcpc-Don-t-background-if-n-is-given.patch
+6b1ebc6da26c355a63c166f4c8d1774e7a9c5456ec76b773395a2158cb4848cf245fa5553843666c0a46f4c97d03e08815abae777f2b80bbb69d916618f94761 0013-ash-fix-unsafe-use-of-mempcpy.patch
+3eb7609054fa8e03d7e366f7debc5cb0630ff65d521a91be84803bdef3854f81e29d26a9567c501a121e94a55d3a3477894e774508f80def775f2ecc812805e7 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
+0040800382a6e3adcc6a8094b821488c7e297fc80304afba23a4fca43b7b26ac699378dfbd930ebbf9985336b3e431301f7ca93e2d041a071902a48740d263ef 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
+4c95dc4bf6aff9018bfb52b400f6d8375a1d22493b44ea516cb12dba6556f12797a3cba55768d2e59ff57c0f3247ec1ff95edb8f17561f3d37ec18d83ca47eb0 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
+ccdf098fb15eaa316708181469a1193d6eec7067131e7b7645e0219bf03cfd07f4f79e8f62c1e560f6146dcc38186a29bdee08aaa39f290e11d020b8f07d2f65 0017-ash-Fix-use-after-free-on-idx-variable.patch
6d100fe44da2b97c2cbdda253d0504b487212d195144d9315cddbe8c51d18fae3745701923b170b40e35f54b592f94f02cadbffd9cb716661c12a7f1da022763 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
e33dbc27d77c4636f4852d5d5216ef60a9a4343484e4559e391c13c813bf65c782b889914eff2e1f038d74cf02cb0d23824ebbb1044b5f8c86260d5a1bbc4e4d 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch
2640698e5108434991a8491fcc508bd991d2111b14bb6957385393a36603e1d81fdf826ad7b150d487d2a924630ee54c0fc4f979214e90feca9ba7d2fd96a865 0001-avoid-redefined-warnings-when-building-with-utmps.patch
+9b66151ef51293292b3829adaf721e5453c0710b1d151ab7e959aff0ffae2ec704e686161909cbbfc09c700e23e7200f5e14539ccc5583bccaa11193ea0cffce test-fix-tarball-creation.patch
+f65052adc4df305c22f79cc2819d7750b528ad66289512fc15c442c4347ebd6bc14340e60f2c5209d2e7d2e7feb7d19f372e02dca2451dd36787c5f6908c21d8 test-timezone-workaround.patch
+b52050678e79e4da856956906d07fcb620cbf35f2ef6b5a8ee3b8d244ea63b4b98eef505451184d5b4937740d91eef154ed748c30d329ac485be51b37626f251 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+ead4ad65d270d8659e1898fa16f76b6cbcf567d8aba238eacccda3764edb4362240d9359d6389873bedc126d405f805fc6dfce653a7181618ebcc67c94bd08d2 0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+4f6ddd59d6096943f617b0938fca428114190b8b37732d6783faab291451a2c30c452ed39299db22d1d9679d007022f87d43e93b38a4f6ced64a8659e9233773 0001-modinfo-add-k-option-for-kernel-version.patch
+22e2fa8f7a6105fd9990f93b71c235980fd4eab62269939a0e3a920fe517ee4f913c6bd0148a554b67fe01d1660bf0fd76a80e9dcac290b4b8b2c304ef6080a9 CVE-2022-30065.patch
aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate
-a820037a4c74ce18efe5b7f56f18992a5f1bf2d9f729ff5d5f540ee29f88db527724d5c81ccc6a9327d6d905ac4ed0488b10aa7e45184732e1273dc426eaae3c busyboxconfig
+20ad8edb3741ffffa99bdb4c00603ddfc76564c869cb46736f878eba01cc3d3f611dd8049625a66ad7f018ce485a9d9592ec133fc8fe7f13da3d69daa6c545ec busyboxconfig
9dc49c5ff0750cd713f49ee566a19e705e6b68e360a82e2c99b15a5271c7e8a5c47aaf399a03828befbe4e9ccbebb3de766cc0cfc1672848a939b5ae97b44aa1 busyboxconfig-extras
0becc2186d6c32fb0c401cf7bc0e46268b38ce8892db33be1daf40273024c1c02d518283f44086a313a2ccef34230a1d945ec148cc173f26e6aa9d88a7426e54 bbsuid.c
6321c1d96d8938a3b5eab21731de289ede136fff550f98127c509452bfb17769ccf94b118491f7b81d3c60e1bbb3e80bb07186e4ce07e29724a52f0daba9b218 dad.if-up
-646ad9aefe3596d0170d92c8506ca1846e43b5b83cbef97ae565f15ffa7b14665a8c7061bc69c608c043f834c134c5d63f042509f8999031e89163508a868e46 ssl_client.c
+26eac967d6cfe13b7dc973112de145543ac0bdda9e9dd3a69bbd8c133ae6a20387abe9377917efb770b191130d3a6385ff5738abc84a8216d7b86ae88b159260 ssl_client.c
c3194ccffe7300a0f55d50fb56d38c8df55d588adac13056fd0be2676594974477f94de5570a5a882bc864c3711cf67aa43b6ad6808e672f4533dd0f7363d2f5 default.script
"
diff --git a/main/busybox/CVE-2022-30065.patch b/main/busybox/CVE-2022-30065.patch
new file mode 100644
index 0000000000..4a9cd67c98
--- /dev/null
+++ b/main/busybox/CVE-2022-30065.patch
@@ -0,0 +1,63 @@
+From 3c284dcb726ff6599d3b87fb366fb04411cf5595 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 17 Jun 2022 09:52:11 +0000
+Subject: [PATCH 1/2] awk: fix use after free (CVE-2022-30065)
+
+fixes https://bugs.busybox.net/show_bug.cgi?id=14781
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ editors/awk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index 079d0bde5..728ee8685 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -3128,6 +3128,9 @@ static var *evaluate(node *op, var *res)
+
+ case XC( OC_MOVE ):
+ debug_printf_eval("MOVE\n");
++ /* make sure that we never return a temp var */
++ if (L.v == TMPVAR0)
++ L.v = res;
+ /* if source is a temporary string, jusk relink it to dest */
+ if (R.v == TMPVAR1
+ && !(R.v->type & VF_NUMBER)
+--
+2.36.1
+
+
+From 30c8f8e69230ef27f116a2c10ca2e4a6cc343dad Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 16 Jun 2022 21:54:48 +0200
+Subject: [PATCH 2/2] awk: add tests for CVE-2022-30065
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ testsuite/awk.tests | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index 93e25d8c1..6c3a03c37 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -479,4 +479,15 @@ testing 'awk backslash+newline eaten with no trace' \
+ "Hello world\n" \
+ '' ''
+
++testing 'awk use-after-free (CVE-2022-30065)' \
++ "awk '\$3i\$3in\$9=\$r||\$9=i6/6-9f'" \
++ "" \
++ "" \
++ ""
++
++testing 'awk assign while test' \
++ "awk '\$1==\$1=\"foo\" {print \$1}'" \
++ "foo\n" \
++ "" \
++ "foo"
+ exit $FAILCOUNT
+--
+2.36.1
+
diff --git a/main/busybox/busyboxconfig b/main/busybox/busyboxconfig
index 7b6369c45c..ebf00edc78 100644
--- a/main/busybox/busyboxconfig
+++ b/main/busybox/busyboxconfig
@@ -555,9 +555,9 @@ CONFIG_VLOCK=y
#
# Linux Ext2 FS Progs
#
-# CONFIG_CHATTR is not set
+CONFIG_CHATTR=y
CONFIG_FSCK=y
-# CONFIG_LSATTR is not set
+CONFIG_LSATTR=y
# CONFIG_TUNE2FS is not set
#
diff --git a/main/busybox/ssl_client.c b/main/busybox/ssl_client.c
index df7b5f9bfb..1be9e585b3 100644
--- a/main/busybox/ssl_client.c
+++ b/main/busybox/ssl_client.c
@@ -5,7 +5,9 @@
#include <stdlib.h>
#include <unistd.h>
-#include <tls.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
#define BUFSIZE 16384
@@ -17,7 +19,13 @@
# define dbg(...) ((void)0)
#endif
-static void copy_from_stdin_to_tls(struct tls *ctx, int *fd)
+static void ssl_fatal(const char *msg)
+{
+ ERR_print_errors_fp(stderr);
+ errx(1, "%s", msg);
+}
+
+static void copy_from_stdin_to_tls(SSL *ssl, int *fd)
{
static size_t buf[BUFSIZE];
ssize_t n;
@@ -34,17 +42,28 @@ static void copy_from_stdin_to_tls(struct tls *ctx, int *fd)
}
while (n > 0) {
- ssize_t r = tls_write(ctx, &buf[i], n);
- if (r == TLS_WANT_POLLIN || r == TLS_WANT_POLLOUT)
- continue;
- if (r < 0)
- err(1, "tls_write: %s", tls_error(ctx));
+ ssize_t r = SSL_write(ssl, &buf[i], n);
+ if (r < 0) {
+ if (SSL_get_error(ssl, r) == SSL_ERROR_WANT_WRITE) {
+ ERR_clear_error();
+ continue;
+ }
+ ssl_fatal("SSL_write");
+ }
i += r;
n -= r;
}
}
-static int copy_from_tls_to_stdout(struct tls *ctx)
+static int should_retry_read(SSL *ssl, int n)
+{
+ if (n >= 0 || SSL_get_error(ssl, n) != SSL_ERROR_WANT_READ)
+ return 0;
+ ERR_clear_error();
+ return 1;
+}
+
+static int copy_from_tls_to_stdout(SSL *ssl)
{
static size_t buf[BUFSIZE];
ssize_t n,r;
@@ -52,10 +71,11 @@ static int copy_from_tls_to_stdout(struct tls *ctx)
dbg("DEBUG: data from TLS\n");
do {
- n = tls_read(ctx, buf, sizeof(buf));
- } while (n == TLS_WANT_POLLIN || r == TLS_WANT_POLLOUT);
+ n = SSL_read(ssl, buf, sizeof(buf));
+
+ } while (should_retry_read(ssl, n));
if (n < 0)
- err(1, "tls read: %s", tls_error(ctx));
+ ssl_fatal("SSL_read");
if (n == 0)
return 1;
@@ -70,17 +90,15 @@ static int copy_from_tls_to_stdout(struct tls *ctx)
return 0;
}
-int do_poll(struct pollfd *fds, int nfds)
+void do_poll(struct pollfd *fds, int nfds)
{
- int r;
- while ((r = poll(fds, nfds, -1)) < 0) {
+ while (poll(fds, nfds, -1) < 0) {
if (errno != EINTR && errno != ENOMEM)
err(1, "poll");
}
- return r;
}
-static void copy_loop(struct tls *ctx, int sfd, int eofexit)
+static void copy_loop(SSL *ssl, int sfd)
{
struct pollfd fds[2] = {
{ .fd = STDIN_FILENO, .events = POLLIN },
@@ -88,20 +106,18 @@ static void copy_loop(struct tls *ctx, int sfd, int eofexit)
};
while (1) {
- int r = do_poll(fds, 2);
+ do_poll(fds, 2);
if (fds[0].revents) {
- copy_from_stdin_to_tls(ctx, &fds[0].fd);
- if (eofexit && fds[0].fd == -1)
- break;
+ copy_from_stdin_to_tls(ssl, &fds[0].fd);
}
- if (fds[1].revents && copy_from_tls_to_stdout(ctx))
+ if (fds[1].revents && copy_from_tls_to_stdout(ssl))
break;
}
}
void usage(const char *prog, int ret) {
- printf("usage: %s [-s FD] [-I] [-e] -n SNI\n", prog);
+ printf("usage: %s [-s FD] [-I] -n SNI\n", prog);
exit(ret);
}
@@ -109,16 +125,12 @@ int main(int argc, char *argv[])
{
int c, sfd = 1;;
const char *sni = NULL;
- struct tls_config *tc;
- struct tls *ctx;
int insecure = 0;
- int localeofexit = 0;
+ SSL_CTX *ctx;
+ SSL *ssl = NULL;
- while ((c = getopt(argc, argv, "ehs:n:I")) != -1) {
+ while ((c = getopt(argc, argv, "hs:n:I")) != -1) {
switch (c) {
- case 'e':
- localeofexit = 1;
- break;
case 'h':
usage(argv[0], 0);
break;
@@ -136,30 +148,36 @@ int main(int argc, char *argv[])
}
}
- if (tls_init() == -1)
- errx(1, "tls_init() failed");
-
- if ((ctx = tls_client()) == NULL)
- errx(1, "tls_client() failed");
-
- if (insecure) {
- if ((tc = tls_config_new()) == NULL)
- errx(1, "tls_config_new() failed");
- tls_config_insecure_noverifycert(tc);
- tls_config_insecure_noverifyname(tc);
- tls_config_insecure_noverifytime(tc);
- if (tls_configure(ctx, tc) == -1)
- err(1, "tls_configure: %s", tls_error(ctx));
- tls_config_free(tc);
+ OPENSSL_init_ssl(0, NULL);
+
+ if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+ ssl_fatal("SSL_CTX_new");
+
+ SSL_CTX_set_default_verify_paths(ctx);
+
+ if ((ssl = SSL_new(ctx)) == NULL)
+ ssl_fatal("SSL_new");
+
+ SSL_set_fd(ssl, sfd);
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+
+ if (SSL_set_tlsext_host_name(ssl, sni) != 1)
+ ssl_fatal("SSL_set_tlsext_host_name");
+
+ if (SSL_set1_host(ssl, sni) != 1)
+ ssl_fatal(sni);
+
+ if (!insecure) {
+ SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
}
- if (tls_connect_fds(ctx, sfd, sfd, sni) == -1)
- errx(1, "%s: TLS connect failed", sni);
+ ERR_clear_error();
+ if (SSL_connect(ssl) != 1)
+ ssl_fatal("SSL_connect");
- if (tls_handshake(ctx) == -1)
- errx(1, "%s: %s", sni, tls_error(ctx));
+ copy_loop(ssl, sfd);
- copy_loop(ctx, sfd, localeofexit);
- tls_close(ctx);
+ SSL_CTX_free(ctx);
return 0;
}
diff --git a/main/busybox/test-fix-tarball-creation.patch b/main/busybox/test-fix-tarball-creation.patch
new file mode 100644
index 0000000000..a071dc4f23
--- /dev/null
+++ b/main/busybox/test-fix-tarball-creation.patch
@@ -0,0 +1,16 @@
+Without this patch, the chmod 644 invocation takes away the executable
+bit from the input_dir directory, thus preventing the chmod of the files
+within the input_dir directory (due to lack of x-bit).
+
+diff -upr a/testsuite/tar.tests b/testsuite/tar.tests
+--- a/testsuite/tar.tests 2021-12-26 17:53:21.000000000 +0100
++++ b/testsuite/tar.tests 2022-03-02 20:48:55.873880158 +0100
+@@ -67,7 +67,7 @@ testing "tar hardlinks and repeated file
+ ln input_hard1 input_hard2
+ mkdir input_dir
+ >input_dir/file
+-chmod -R 644 *
++for f in *; do [ "$f" = "input_dir" ] || chmod -R 644 "$f"; done
+ chmod 755 input_dir
+ tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input
+ tar tvf test.tar | sed "s/.*[0-9] input/input/"
diff --git a/main/busybox/test-timezone-workaround.patch b/main/busybox/test-timezone-workaround.patch
new file mode 100644
index 0000000000..35814eed4c
--- /dev/null
+++ b/main/busybox/test-timezone-workaround.patch
@@ -0,0 +1,28 @@
+musl doesn't seem to recognize UTC0 as a timezone. UTC works though.
+
+TODO: Figure out if musl /should/ regonize UTC0.
+
+diff -upr busybox-1.35.0.orig/testsuite/date/date-timezone busybox-1.35.0/testsuite/date/date-timezone
+--- busybox-1.35.0.orig/testsuite/date/date-timezone 2022-03-02 22:53:12.337143305 +0100
++++ busybox-1.35.0/testsuite/date/date-timezone 2022-03-02 22:53:24.047137763 +0100
+@@ -1,17 +1,17 @@
+ # FEATURE: CONFIG_FEATURE_TIMEZONE
+
+ # 'Z' is UTC
+-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5Z')
++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5Z')
+ dt=$(echo "$dt" | cut -b1-19)
+ test x"$dt" = x"Sat Jan 2 03:04:05"
+
+ # '+0600' is six hours ahead of UTC
+-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 +0600')
++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 +0600')
+ dt=$(echo "$dt" | cut -b1-19)
+ test x"$dt" = x"Fri Jan 1 21:04:05"
+
+ # '-0600' is six hours behind UTC
+-dt=$(TZ=UTC0 busybox date -d '1999-1-2 3:4:5 -0600')
++dt=$(TZ=UTC busybox date -d '1999-1-2 3:4:5 -0600')
+ dt=$(echo "$dt" | cut -b1-19)
+ test x"$dt" = x"Sat Jan 2 09:04:05"
+
diff --git a/main/byacc/APKBUILD b/main/byacc/APKBUILD
index ee1276c26c..c8293b8524 100644
--- a/main/byacc/APKBUILD
+++ b/main/byacc/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Nathan Angelacos <nangel@alpinelinux.org>
pkgname=byacc
-pkgver=20210808
+pkgver=20220128
pkgrel=0
pkgdesc="The Berkeley Yacc general-purpose parser generator"
url="https://invisible-island.net/byacc/byacc.html"
@@ -30,5 +30,5 @@ package() {
}
sha512sums="
-cde092dbd845364752aca228a838b97fc34378c7dd7f860c614d13c8ec7167b8416422ded82864d22e8c3c447b47b30abca591ef8ab667c49f9fa070d68114c4 byacc-20210808.tgz
+e8ae4c56f5be4cc0ef1d281c43f02c6296fdc40f630269f2a61af511f270ae059ad185b9718190b8133018f7b74b7ca6f84ced5d63a359960b52ea2a3ef562ea byacc-20220128.tgz
"
diff --git a/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch b/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch
deleted file mode 100644
index 9630cf7fd6..0000000000
--- a/main/ca-certificates/0001-update-ca-fix-compiler-warning.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 3184fe80e403b9dc6d5fe3b7ebcd9d375363e2e4 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 5 Feb 2020 14:42:38 +0100
-Subject: [PATCH 1/3] update-ca: fix compiler warning
-
----
- update-ca.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/update-ca.c b/update-ca.c
-index 7bb4f1b..2b3195b 100644
---- a/update-ca.c
-+++ b/update-ca.c
-@@ -330,7 +330,7 @@ int main(int a, char **v)
- free(tmpfile);
-
- /* Execute run-parts */
-- static const char *run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 };
-+ static char *const run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 };
- execve("/usr/bin/run-parts", run_parts_args, NULL);
- execve("/bin/run-parts", run_parts_args, NULL);
- perror("run-parts");
---
-2.25.0
-
diff --git a/main/ca-certificates/0002-replace-python-script-with-perl-script.patch b/main/ca-certificates/0002-replace-python-script-with-perl-script.patch
deleted file mode 100644
index fe7e3d98b9..0000000000
--- a/main/ca-certificates/0002-replace-python-script-with-perl-script.patch
+++ /dev/null
@@ -1,874 +0,0 @@
-From 6674063331cc37a6a496e44577d9be434cbfc9a2 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 5 Feb 2020 15:58:32 +0100
-Subject: [PATCH 2/3] replace python script with perl script
-
-we need ca-certificates when bootstrapping new architectures. Avoid use
-of python to reduce number of dependencies when bootstrapping.
-
-So use mk-ca-bundle.pl script from curl, and add a small shell script
-that splits the bundle to separate .crt files, similar way that the
-python script did.
----
- .gitignore | 1 +
- Makefile | 11 +-
- certdata2pem.py | 155 ------------
- mk-ca-bundle.pl | 604 +++++++++++++++++++++++++++++++++++++++++++++
- split-ca-bundle.sh | 30 +++
- 5 files changed, 642 insertions(+), 159 deletions(-)
- delete mode 100644 certdata2pem.py
- create mode 100644 mk-ca-bundle.pl
- create mode 100644 split-ca-bundle.sh
-
-diff --git a/.gitignore b/.gitignore
-index 8878f38..6f5e9fe 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -2,3 +2,4 @@ update-ca-certificates
- c_rehash
- certdata.stamp
- *.crt
-+*.pem
-diff --git a/Makefile b/Makefile
-index 3eb6672..c688d73 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,4 +1,4 @@
--PYTHON := python3
-+PERL := perl
-
- all: update-ca-certificates c_rehash certdata.stamp
-
-@@ -8,8 +8,11 @@ update-ca-certificates: update-ca.c
- c_rehash: c_rehash.c
- ${CC} ${CFLAGS} -o $@ c_rehash.c -lcrypto ${LDFLAGS}
-
--certdata.stamp:
-- ${PYTHON} certdata2pem.py
-+cert.pem: mk-ca-bundle.pl
-+ ${PERL} mk-ca-bundle.pl -n -w 64 $@
-+
-+certdata.stamp: cert.pem split-ca-bundle.sh
-+ ${SHELL} split-ca-bundle.sh < cert.pem
- touch $@
-
- install: all
-@@ -29,7 +32,7 @@ install: all
- install -m755 c_rehash ${DESTDIR}/usr/bin
-
- clean:
-- rm -rf update-ca-certificates c_rehash certdata.stamp *.crt
-+ rm -rf update-ca-certificates c_rehash certdata.stamp *.crt cert.pem
-
- # https://hg.mozilla.org/mozilla-central/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
- update:
-diff --git a/certdata2pem.py b/certdata2pem.py
-deleted file mode 100644
-index f91422b..0000000
---- a/certdata2pem.py
-+++ /dev/null
-@@ -1,155 +0,0 @@
--#!/usr/bin/python
--# vim:set et sw=4:
--#
--# certdata2pem.py - splits certdata.txt into multiple files
--#
--# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
--#
--# This program is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 2 of the License, or
--# (at your option) any later version.
--#
--# This program is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with this program; if not, write to the Free Software
--# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
--# USA.
--
--import base64
--import os.path
--import re
--import sys
--import textwrap
--import io
--
--objects = []
--
--# Dirty file parser.
--in_data, in_multiline, in_obj = False, False, False
--field, type, value, obj = None, None, None, dict()
--
--# Python 3 will not let us decode non-ascii characters if we
--# have not specified an encoding, but Python 2's open does not
--# have an option to set the encoding. Python 3's open is io.open
--# and io.open has been backported to Python 2.6 and 2.7, so use io.open.
--for line in io.open('certdata.txt', 'rt', encoding='utf8'):
-- # Ignore the file header.
-- if not in_data:
-- if line.startswith('BEGINDATA'):
-- in_data = True
-- continue
-- # Ignore comment lines.
-- if line.startswith('#'):
-- continue
-- # Empty lines are significant if we are inside an object.
-- if in_obj and len(line.strip()) == 0:
-- objects.append(obj)
-- obj = dict()
-- in_obj = False
-- continue
-- if len(line.strip()) == 0:
-- continue
-- if in_multiline:
-- if not line.startswith('END'):
-- if type == 'MULTILINE_OCTAL':
-- line = line.strip()
-- for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
-- value.append(int(i.group(1), 8))
-- else:
-- value += line
-- continue
-- obj[field] = value
-- in_multiline = False
-- continue
-- if line.startswith('CKA_CLASS'):
-- in_obj = True
-- line_parts = line.strip().split(' ', 2)
-- if len(line_parts) > 2:
-- field, type = line_parts[0:2]
-- value = ' '.join(line_parts[2:])
-- elif len(line_parts) == 2:
-- field, type = line_parts
-- value = None
-- else:
-- raise NotImplementedError('line_parts < 2 not supported.')
-- if type == 'MULTILINE_OCTAL':
-- in_multiline = True
-- value = bytearray()
-- continue
-- obj[field] = value
--if len(obj) > 0:
-- objects.append(obj)
--
--# Read blacklist.
--blacklist = []
--if os.path.exists('blacklist.txt'):
-- for line in open('blacklist.txt', 'r'):
-- line = line.strip()
-- if line.startswith('#') or len(line) == 0:
-- continue
-- item = line.split('#', 1)[0].strip()
-- blacklist.append(item)
--
--# Build up trust database.
--trust = dict()
--for obj in objects:
-- if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
-- continue
-- if obj['CKA_LABEL'] in blacklist:
-- print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
-- elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
-- trust[obj['CKA_LABEL']] = True
-- elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
-- trust[obj['CKA_LABEL']] = True
-- elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
-- print('!'*74)
-- print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
-- print('!'*74)
-- else:
-- print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
-- (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
-- obj['CKA_TRUST_EMAIL_PROTECTION']))
--
--for obj in objects:
-- if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
-- if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
-- continue
-- bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
-- .replace(' ', '_')\
-- .replace('(', '=')\
-- .replace(')', '=')\
-- .replace(',', '_')
--
-- # this is the only way to decode the way NSS stores multi-byte UTF-8
-- # and we need an escaped string for checking existence of things
-- # otherwise we're dependant on the user's current locale.
-- if bytes != str:
-- # We're in python 3, convert the utf-8 string to a
-- # sequence of bytes that represents this utf-8 string
-- # then encode the byte-sequence as an escaped string that
-- # can be passed to open() and os.path.exists()
-- bname = bname.encode('utf-8').decode('unicode_escape').encode('latin-1')
-- else:
-- # Python 2
-- # Convert the unicode string back to its original byte form
-- # (contents of files returned by io.open are returned as
-- # unicode strings)
-- # then to an escaped string that can be passed to open()
-- # and os.path.exists()
-- bname = bname.encode('utf-8').decode('string_escape')
--
-- fname = bname + b'.crt'
-- if os.path.exists(fname):
-- print("Found duplicate certificate name %s, renaming." % bname)
-- fname = bname + b'_2.crt'
-- f = open(fname, 'w')
-- f.write("-----BEGIN CERTIFICATE-----\n")
-- encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
-- f.write("\n".join(textwrap.wrap(encoded, 64)))
-- f.write("\n-----END CERTIFICATE-----\n")
--
-diff --git a/mk-ca-bundle.pl b/mk-ca-bundle.pl
-new file mode 100644
-index 0000000..09e8e5b
---- /dev/null
-+++ b/mk-ca-bundle.pl
-@@ -0,0 +1,604 @@
-+#!/usr/bin/env perl
-+# ***************************************************************************
-+# * _ _ ____ _
-+# * Project ___| | | | _ \| |
-+# * / __| | | | |_) | |
-+# * | (__| |_| | _ <| |___
-+# * \___|\___/|_| \_\_____|
-+# *
-+# * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
-+# *
-+# * This software is licensed as described in the file COPYING, which
-+# * you should have received as part of this distribution. The terms
-+# * are also available at https://curl.haxx.se/docs/copyright.html.
-+# *
-+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-+# * copies of the Software, and permit persons to whom the Software is
-+# * furnished to do so, under the terms of the COPYING file.
-+# *
-+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-+# * KIND, either express or implied.
-+# *
-+# ***************************************************************************
-+# This Perl script creates a fresh ca-bundle.crt file for use with libcurl.
-+# It downloads certdata.txt from Mozilla's source tree (see URL below),
-+# then parses certdata.txt and extracts CA Root Certificates into PEM format.
-+# These are then processed with the OpenSSL commandline tool to produce the
-+# final ca-bundle.crt file.
-+# The script is based on the parse-certs script written by Roland Krikava.
-+# This Perl script works on almost any platform since its only external
-+# dependency is the OpenSSL commandline tool for optional text listing.
-+# Hacked by Guenter Knauf.
-+#
-+use Encode;
-+use Getopt::Std;
-+use MIME::Base64;
-+use strict;
-+use warnings;
-+use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w);
-+use List::Util;
-+use Text::Wrap;
-+use Time::Local;
-+my $MOD_SHA = "Digest::SHA";
-+eval "require $MOD_SHA";
-+if ($@) {
-+ $MOD_SHA = "Digest::SHA::PurePerl";
-+ eval "require $MOD_SHA";
-+}
-+eval "require LWP::UserAgent";
-+
-+my %urls = (
-+ 'nss' =>
-+ 'https://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt',
-+ 'central' =>
-+ 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
-+ 'beta' =>
-+ 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
-+ 'release' =>
-+ 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt',
-+);
-+
-+$opt_d = 'release';
-+
-+# If the OpenSSL commandline is not in search path you can configure it here!
-+my $openssl = 'openssl';
-+
-+my $version = '1.27';
-+
-+$opt_w = 76; # default base64 encoded lines length
-+
-+# default cert types to include in the output (default is to include CAs which may issue SSL server certs)
-+my $default_mozilla_trust_purposes = "SERVER_AUTH";
-+my $default_mozilla_trust_levels = "TRUSTED_DELEGATOR";
-+$opt_p = $default_mozilla_trust_purposes . ":" . $default_mozilla_trust_levels;
-+
-+my @valid_mozilla_trust_purposes = (
-+ "DIGITAL_SIGNATURE",
-+ "NON_REPUDIATION",
-+ "KEY_ENCIPHERMENT",
-+ "DATA_ENCIPHERMENT",
-+ "KEY_AGREEMENT",
-+ "KEY_CERT_SIGN",
-+ "CRL_SIGN",
-+ "SERVER_AUTH",
-+ "CLIENT_AUTH",
-+ "CODE_SIGNING",
-+ "EMAIL_PROTECTION",
-+ "IPSEC_END_SYSTEM",
-+ "IPSEC_TUNNEL",
-+ "IPSEC_USER",
-+ "TIME_STAMPING",
-+ "STEP_UP_APPROVED"
-+);
-+
-+my @valid_mozilla_trust_levels = (
-+ "TRUSTED_DELEGATOR", # CAs
-+ "NOT_TRUSTED", # Don't trust these certs.
-+ "MUST_VERIFY_TRUST", # This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA.
-+ "TRUSTED" # This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA).
-+);
-+
-+my $default_signature_algorithms = $opt_s = "MD5";
-+
-+my @valid_signature_algorithms = (
-+ "MD5",
-+ "SHA1",
-+ "SHA256",
-+ "SHA384",
-+ "SHA512"
-+);
-+
-+$0 =~ s@.*(/|\\)@@;
-+$Getopt::Std::STANDARD_HELP_VERSION = 1;
-+getopts('bd:fhiklmnp:qs:tuvw:');
-+
-+if(!defined($opt_d)) {
-+ # to make plain "-d" use not cause warnings, and actually still work
-+ $opt_d = 'release';
-+}
-+
-+# Use predefined URL or else custom URL specified on command line.
-+my $url;
-+if(defined($urls{$opt_d})) {
-+ $url = $urls{$opt_d};
-+ if(!$opt_k && $url !~ /^https:\/\//i) {
-+ die "The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n";
-+ }
-+}
-+else {
-+ $url = $opt_d;
-+}
-+
-+my $curl = `curl -V`;
-+
-+if ($opt_i) {
-+ print ("=" x 78 . "\n");
-+ print "Script Version : $version\n";
-+ print "Perl Version : $]\n";
-+ print "Operating System Name : $^O\n";
-+ print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n";
-+ print "Encode::Encoding.pm Version : ${Encode::Encoding::VERSION}\n";
-+ print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n";
-+ print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION);
-+ print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION);
-+ print "Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n" if ($Digest::SHA::VERSION);
-+ print "Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n" if ($Digest::SHA::PurePerl::VERSION);
-+ print ("=" x 78 . "\n");
-+}
-+
-+sub warning_message() {
-+ if ( $opt_d =~ m/^risk$/i ) { # Long Form Warning and Exit
-+ print "Warning: Use of this script may pose some risk:\n";
-+ print "\n";
-+ print " 1) If you use HTTP URLs they are subject to a man in the middle attack\n";
-+ print " 2) Default to 'release', but more recent updates may be found in other trees\n";
-+ print " 3) certdata.txt file format may change, lag time to update this script\n";
-+ print " 4) Generally unwise to blindly trust CAs without manual review & verification\n";
-+ print " 5) Mozilla apps use additional security checks aren't represented in certdata\n";
-+ print " 6) Use of this script will make a security engineer grind his teeth and\n";
-+ print " swear at you. ;)\n";
-+ exit;
-+ } else { # Short Form Warning
-+ print "Warning: Use of this script may pose some risk, -d risk for more details.\n";
-+ }
-+}
-+
-+sub HELP_MESSAGE() {
-+ print "Usage:\t${0} [-b] [-d<certdata>] [-f] [-i] [-k] [-l] [-n] [-p<purposes:levels>] [-q] [-s<algorithms>] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n";
-+ print "\t-b\tbackup an existing version of ca-bundle.crt\n";
-+ print "\t-d\tspecify Mozilla tree to pull certdata.txt or custom URL\n";
-+ print "\t\t Valid names are:\n";
-+ print "\t\t ", join( ", ", map { ( $_ =~ m/$opt_d/ ) ? "$_ (default)" : "$_" } sort keys %urls ), "\n";
-+ print "\t-f\tforce rebuild even if certdata.txt is current\n";
-+ print "\t-i\tprint version info about used modules\n";
-+ print "\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n";
-+ print "\t-l\tprint license info about certdata.txt\n";
-+ print "\t-m\tinclude meta data in output\n";
-+ print "\t-n\tno download of certdata.txt (to use existing)\n";
-+ print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n";
-+ print "\t\t Valid purposes are:\n";
-+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_purposes ) ), "\n";
-+ print "\t\t Valid levels are:\n";
-+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_levels ) ), "\n";
-+ print "\t-q\tbe really quiet (no progress output at all)\n";
-+ print wrap("\t","\t\t", "-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n");
-+ print "\t\t Valid signature algorithms are:\n";
-+ print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_signature_algorithms ) ), "\n";
-+ print "\t-t\tinclude plain text listing of certificates\n";
-+ print "\t-u\tunlink (remove) certdata.txt after processing\n";
-+ print "\t-v\tbe verbose and print out processed CAs\n";
-+ print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n";
-+ exit;
-+}
-+
-+sub VERSION_MESSAGE() {
-+ print "${0} version ${version} running Perl ${]} on ${^O}\n";
-+}
-+
-+warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i );
-+HELP_MESSAGE() if ($opt_h);
-+
-+sub report($@) {
-+ my $output = shift;
-+
-+ print STDERR $output . "\n" unless $opt_q;
-+}
-+
-+sub is_in_list($@) {
-+ my $target = shift;
-+
-+ return defined(List::Util::first { $target eq $_ } @_);
-+}
-+
-+# Parses $param_string as a case insensitive comma separated list with optional whitespace
-+# validates that only allowed parameters are supplied
-+sub parse_csv_param($$@) {
-+ my $description = shift;
-+ my $param_string = shift;
-+ my @valid_values = @_;
-+
-+ my @values = map {
-+ s/^\s+//; # strip leading spaces
-+ s/\s+$//; # strip trailing spaces
-+ uc $_ # return the modified string as upper case
-+ } split( ',', $param_string );
-+
-+ # Find all values which are not in the list of valid values or "ALL"
-+ my @invalid = grep { !is_in_list($_,"ALL",@valid_values) } @values;
-+
-+ if ( scalar(@invalid) > 0 ) {
-+ # Tell the user which parameters were invalid and print the standard help message which will exit
-+ print "Error: Invalid ", $description, scalar(@invalid) == 1 ? ": " : "s: ", join( ", ", map { "\"$_\"" } @invalid ), "\n";
-+ HELP_MESSAGE();
-+ }
-+
-+ @values = @valid_values if ( is_in_list("ALL",@values) );
-+
-+ return @values;
-+}
-+
-+sub sha256 {
-+ my $result;
-+ if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) {
-+ open(FILE, $_[0]) or die "Can't open '$_[0]': $!";
-+ binmode(FILE);
-+ $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest;
-+ close(FILE);
-+ } else {
-+ # Use OpenSSL command if Perl Digest::SHA modules not available
-+ $result = `"$openssl" dgst -r -sha256 "$_[0]"`;
-+ $result =~ s/^([0-9a-f]{64}) .+/$1/is;
-+ }
-+ return $result;
-+}
-+
-+
-+sub oldhash {
-+ my $hash = "";
-+ open(C, "<$_[0]") || return 0;
-+ while(<C>) {
-+ chomp;
-+ if($_ =~ /^\#\# SHA256: (.*)/) {
-+ $hash = $1;
-+ last;
-+ }
-+ }
-+ close(C);
-+ return $hash;
-+}
-+
-+if ( $opt_p !~ m/:/ ) {
-+ print "Error: Mozilla trust identifier list must include both purposes and levels\n";
-+ HELP_MESSAGE();
-+}
-+
-+(my $included_mozilla_trust_purposes_string, my $included_mozilla_trust_levels_string) = split( ':', $opt_p );
-+my @included_mozilla_trust_purposes = parse_csv_param( "trust purpose", $included_mozilla_trust_purposes_string, @valid_mozilla_trust_purposes );
-+my @included_mozilla_trust_levels = parse_csv_param( "trust level", $included_mozilla_trust_levels_string, @valid_mozilla_trust_levels );
-+
-+my @included_signature_algorithms = parse_csv_param( "signature algorithm", $opt_s, @valid_signature_algorithms );
-+
-+sub should_output_cert(%) {
-+ my %trust_purposes_by_level = @_;
-+
-+ foreach my $level (@included_mozilla_trust_levels) {
-+ # for each level we want to output, see if any of our desired purposes are included
-+ return 1 if ( defined( List::Util::first { is_in_list( $_, @included_mozilla_trust_purposes ) } @{$trust_purposes_by_level{$level}} ) );
-+ }
-+
-+ return 0;
-+}
-+
-+my $crt = $ARGV[0] || 'ca-bundle.crt';
-+(my $txt = $url) =~ s@(.*/|\?.*)@@g;
-+
-+my $stdout = $crt eq '-';
-+my $resp;
-+my $fetched;
-+
-+my $oldhash = oldhash($crt);
-+
-+report "SHA256 of old file: $oldhash";
-+
-+if(!$opt_n) {
-+ report "Downloading $txt ...";
-+
-+ # If we have an HTTPS URL then use curl
-+ if($url =~ /^https:\/\//i) {
-+ if($curl) {
-+ if($curl =~ /^Protocols:.* https( |$)/m) {
-+ report "Get certdata with curl!";
-+ my $proto = !$opt_k ? "--proto =https" : "";
-+ my $quiet = $opt_q ? "-s" : "";
-+ my @out = `curl -w %{response_code} $proto $quiet -o "$txt" "$url"`;
-+ if(!$? && @out && $out[0] == 200) {
-+ $fetched = 1;
-+ report "Downloaded $txt";
-+ }
-+ else {
-+ report "Failed downloading via HTTPS with curl";
-+ if(-e $txt && !unlink($txt)) {
-+ report "Failed to remove '$txt': $!";
-+ }
-+ }
-+ }
-+ else {
-+ report "curl lacks https support";
-+ }
-+ }
-+ else {
-+ report "curl not found";
-+ }
-+ }
-+
-+ # If nothing was fetched then use LWP
-+ if(!$fetched) {
-+ if($url =~ /^https:\/\//i) {
-+ report "Falling back to HTTP";
-+ $url =~ s/^https:\/\//http:\/\//i;
-+ }
-+ if(!$opt_k) {
-+ report "URLs other than HTTPS are disabled by default, to enable use -k";
-+ exit 1;
-+ }
-+ report "Get certdata with LWP!";
-+ if(!defined(${LWP::UserAgent::VERSION})) {
-+ report "LWP is not available (LWP::UserAgent not found)";
-+ exit 1;
-+ }
-+ my $ua = new LWP::UserAgent(agent => "$0/$version");
-+ $ua->env_proxy();
-+ $resp = $ua->mirror($url, $txt);
-+ if($resp && $resp->code eq '304') {
-+ report "Not modified";
-+ exit 0 if -e $crt && !$opt_f;
-+ }
-+ else {
-+ $fetched = 1;
-+ report "Downloaded $txt";
-+ }
-+ if(!$resp || $resp->code !~ /^(?:200|304)$/) {
-+ report "Unable to download latest data: "
-+ . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed");
-+ exit 1 if -e $crt || ! -r $txt;
-+ }
-+ }
-+}
-+
-+my $filedate = $resp ? $resp->last_modified : (stat($txt))[9];
-+my $datesrc = "as of";
-+if(!$filedate) {
-+ # mxr.mozilla.org gave us a time, hg.mozilla.org does not!
-+ $filedate = time();
-+ $datesrc="downloaded on";
-+}
-+
-+# get the hash from the download file
-+my $newhash= sha256($txt);
-+
-+if(!$opt_f && $oldhash eq $newhash) {
-+ report "Downloaded file identical to previous run\'s source file. Exiting";
-+ if($opt_u && -e $txt && !unlink($txt)) {
-+ report "Failed to remove $txt: $!\n";
-+ }
-+ exit;
-+}
-+
-+report "SHA256 of new file: $newhash";
-+
-+my $currentdate = scalar gmtime($filedate);
-+
-+my $format = $opt_t ? "plain text and " : "";
-+if( $stdout ) {
-+ open(CRT, '> -') or die "Couldn't open STDOUT: $!\n";
-+} else {
-+ open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n";
-+}
-+print CRT <<EOT;
-+##
-+## Bundle of CA Root Certificates
-+##
-+## Certificate data from Mozilla ${datesrc}: ${currentdate} GMT
-+##
-+## This is a bundle of X.509 certificates of public Certificate Authorities
-+## (CA). These were automatically extracted from Mozilla's root certificates
-+## file (certdata.txt). This file can be found in the mozilla source tree:
-+## ${url}
-+##
-+## It contains the certificates in ${format}PEM format and therefore
-+## can be directly used with curl / libcurl / php_curl, or with
-+## an Apache+mod_ssl webserver for SSL client authentication.
-+## Just configure this file as the SSLCACertificateFile.
-+##
-+## Conversion done with mk-ca-bundle.pl version $version.
-+## SHA256: $newhash
-+##
-+
-+EOT
-+
-+report "Processing '$txt' ...";
-+my $caname;
-+my $certnum = 0;
-+my $skipnum = 0;
-+my $start_of_cert = 0;
-+my @precert;
-+my $cka_value;
-+my $valid = 1;
-+
-+open(TXT,"$txt") or die "Couldn't open $txt: $!\n";
-+while (<TXT>) {
-+ if (/\*\*\*\*\* BEGIN LICENSE BLOCK \*\*\*\*\*/) {
-+ print CRT;
-+ print if ($opt_l);
-+ while (<TXT>) {
-+ print CRT;
-+ print if ($opt_l);
-+ last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
-+ }
-+ }
-+ elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
-+ push @precert, $_;
-+ $valid = 1;
-+ next;
-+ }
-+ elsif(/^#|^\s*$/) {
-+ undef @precert;
-+ next;
-+ }
-+ chomp;
-+
-+ # Example:
-+ # CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
-+ # \062\060\060\066\061\067\060\060\060\060\060\060\132
-+ # END
-+
-+ if (/^CKA_NSS_SERVER_DISTRUST_AFTER (CK_BBOOL CK_FALSE|MULTILINE_OCTAL)/) {
-+ if($1 eq "MULTILINE_OCTAL") {
-+ my @timestamp;
-+ while (<TXT>) {
-+ last if (/^END/);
-+ chomp;
-+ my @octets = split(/\\/);
-+ shift @octets;
-+ for (@octets) {
-+ push @timestamp, chr(oct);
-+ }
-+ }
-+ # A trailing Z in the timestamp signifies UTC
-+ if($timestamp[12] ne "Z") {
-+ report "distrust date stamp is not using UTC";
-+ }
-+ # Example date: 200617000000Z
-+ # Means 2020-06-17 00:00:00 UTC
-+ my $distrustat =
-+ timegm($timestamp[10] . $timestamp[11], # second
-+ $timestamp[8] . $timestamp[9], # minute
-+ $timestamp[6] . $timestamp[7], # hour
-+ $timestamp[4] . $timestamp[5], # day
-+ ($timestamp[2] . $timestamp[3]) - 1, # month
-+ "20" . $timestamp[0] . $timestamp[1]); # year
-+ if(time >= $distrustat) {
-+ # not trusted anymore
-+ $skipnum++;
-+ report "Skipping: $caname is not trusted anymore" if ($opt_v);
-+ $valid = 0;
-+ }
-+ else {
-+ # still trusted
-+ }
-+ }
-+ next;
-+ }
-+
-+ # this is a match for the start of a certificate
-+ if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
-+ $start_of_cert = 1
-+ }
-+ if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
-+ $caname = $1;
-+ }
-+ my %trust_purposes_by_level;
-+ if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
-+ $cka_value="";
-+ while (<TXT>) {
-+ last if (/^END/);
-+ chomp;
-+ my @octets = split(/\\/);
-+ shift @octets;
-+ for (@octets) {
-+ $cka_value .= chr(oct);
-+ }
-+ }
-+ }
-+ if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) {
-+ # now scan the trust part to determine how we should trust this cert
-+ while (<TXT>) {
-+ last if (/^#/);
-+ if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) {
-+ if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) {
-+ report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2";
-+ } elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) {
-+ report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2";
-+ } else {
-+ push @{$trust_purposes_by_level{$2}}, $1;
-+ }
-+ }
-+ }
-+
-+ if ( !should_output_cert(%trust_purposes_by_level) ) {
-+ $skipnum ++;
-+ report "Skipping: $caname" if ($opt_v);
-+ } else {
-+ my $data = $cka_value;
-+ $cka_value = "";
-+ my $encoded = MIME::Base64::encode_base64($data, '');
-+ $encoded =~ s/(.{1,${opt_w}})/$1\n/g;
-+ my $pem = "-----BEGIN CERTIFICATE-----\n"
-+ . $encoded
-+ . "-----END CERTIFICATE-----\n";
-+ print CRT "\n$caname\n";
-+ print CRT @precert if($opt_m);
-+ my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK | Encode::LEAVE_SRC));
-+ if ($opt_t) {
-+ foreach my $key (keys %trust_purposes_by_level) {
-+ my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}});
-+ $maxStringLength = List::Util::max( length($string), $maxStringLength );
-+ print CRT $string . "\n";
-+ }
-+ }
-+ print CRT ("=" x $maxStringLength . "\n");
-+ if (!$opt_t) {
-+ print CRT $pem;
-+ } else {
-+ my $pipe = "";
-+ foreach my $hash (@included_signature_algorithms) {
-+ $pipe = "|$openssl x509 -" . $hash . " -fingerprint -noout -inform PEM";
-+ if (!$stdout) {
-+ $pipe .= " >> $crt.~";
-+ close(CRT) or die "Couldn't close $crt.~: $!";
-+ }
-+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!";
-+ print TMP $pem;
-+ close(TMP) or die "Couldn't close openssl pipe: $!";
-+ if (!$stdout) {
-+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
-+ }
-+ }
-+ $pipe = "|$openssl x509 -text -inform PEM";
-+ if (!$stdout) {
-+ $pipe .= " >> $crt.~";
-+ close(CRT) or die "Couldn't close $crt.~: $!";
-+ }
-+ open(TMP, $pipe) or die "Couldn't open openssl pipe: $!";
-+ print TMP $pem;
-+ close(TMP) or die "Couldn't close openssl pipe: $!";
-+ if (!$stdout) {
-+ open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
-+ }
-+ }
-+ report "Parsing: $caname" if ($opt_v);
-+ $certnum ++;
-+ $start_of_cert = 0;
-+ }
-+ undef @precert;
-+ }
-+
-+}
-+close(TXT) or die "Couldn't close $txt: $!\n";
-+close(CRT) or die "Couldn't close $crt.~: $!\n";
-+unless( $stdout ) {
-+ if ($opt_b && -e $crt) {
-+ my $bk = 1;
-+ while (-e "$crt.~${bk}~") {
-+ $bk++;
-+ }
-+ rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n";
-+ } elsif( -e $crt ) {
-+ unlink( $crt ) or die "Failed to remove $crt: $!\n";
-+ }
-+ rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n";
-+}
-+if($opt_u && -e $txt && !unlink($txt)) {
-+ report "Failed to remove $txt: $!\n";
-+}
-+report "Done ($certnum CA certs processed, $skipnum skipped).";
-diff --git a/split-ca-bundle.sh b/split-ca-bundle.sh
-new file mode 100644
-index 0000000..d0f39a8
---- /dev/null
-+++ b/split-ca-bundle.sh
-@@ -0,0 +1,30 @@
-+#!/bin/sh
-+
-+mkcert() {
-+ local name="$1"
-+ local line
-+ rm -f "$name"
-+ while read line; do
-+ printf "%s\n" "$line" >> "$name"
-+ if [ "$line" = "-----END CERTIFICATE-----" ]; then
-+ break;
-+ fi
-+ done
-+}
-+
-+prev=
-+while read line; do
-+ case "$line" in
-+ =*=)
-+ fname="$(printf "%s" "$prev" | tr '/ (),' '__==_').crt"
-+ while read cline; do
-+ printf "%s\n" "$cline"
-+ if [ "$cline" = "-----END CERTIFICATE-----" ]; then
-+ break;
-+ fi
-+ done > "$fname"
-+ ;;
-+ esac
-+ prev="$line"
-+done
-+
---
-2.25.0
-
diff --git a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch b/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
deleted file mode 100644
index 4a945a076b..0000000000
--- a/main/ca-certificates/0003-update-ca-insert-newline-between-certs.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From fd399b2416191bd7f3b0f267bdb530ed829de271 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Wed, 5 Feb 2020 17:40:57 +0100
-Subject: [PATCH 3/3] update-ca: insert newline between certs
-
-There may be certificates that lack a trailing newline, which is allowed
-in the certificate format. We work around that by inject a newline after
-each cert.
-
-see https://gitlab.alpinelinux.org/alpine/aports/issues/8379
----
- update-ca.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/update-ca.c b/update-ca.c
-index 2b3195b..0260f83 100644
---- a/update-ca.c
-+++ b/update-ca.c
-@@ -191,6 +191,7 @@ static void proc_localglobaldir(const char *fullpath, struct hash *h, int tmpfil
- fprintf(stderr, "Warning! Cannot hash: %s\n", fullpath);
- if (!copyfile(fullpath, tmpfile_fd))
- fprintf(stderr, "Warning! Cannot copy to bundle: %s\n", fullpath);
-+ write(tmpfile_fd, "\n", 1);
- free(actual_file);
- }
-
-@@ -260,7 +261,7 @@ static bool dir_readfiles(struct hash* d, const char* path,
- DIR *dp = opendir(path);
- if (!dp)
- return false;
--
-+
- struct dirent *dirp;
- while ((dirp = readdir(dp)) != NULL) {
- if (str_begins(dirp->d_name, "."))
---
-2.25.0
-
diff --git a/main/cairo/APKBUILD b/main/cairo/APKBUILD
index e4b684c330..5b075754c3 100644
--- a/main/cairo/APKBUILD
+++ b/main/cairo/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cairo
-pkgver=1.16.0
-pkgrel=3
+pkgver=1.17.6
+pkgrel=2
pkgdesc="A vector graphics library"
url="https://cairographics.org/"
arch="all"
@@ -17,63 +17,49 @@ depends_dev="
xcb-util-dev
"
makedepends="$depends_dev
- autoconf
- automake
expat-dev
glib-dev
+ gtk-doc
libpng-dev
- libtool
+ meson
zlib-dev
"
subpackages="
+ $pkgname-dbg
$pkgname-static
$pkgname-dev
$pkgname-doc
$pkgname-gobject
$pkgname-tools
- $pkgname-dbg
"
-source="https://cairographics.org/releases/cairo-$pkgver.tar.xz
+source="https://gitlab.freedesktop.org/cairo/cairo/-/archive/$pkgver/cairo-$pkgver.tar.bz2
musl-stacksize.patch
- CVE-2018-19876.patch
- pdf-flush.patch
- fix-mask-usage-in-image-compositor.patch
- composite_color_glyphs.patch
- cff-allow-empty-array-of-operands-for-certain-operat.patch
+ fix-type1-subset-indexing.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
+# 1.17.4-r1:
+# - CVE-2019-6462
# 1.16.0-r2:
# - CVE-2020-35492
# 1.16.0-r1:
# - CVE-2018-19876
build() {
- ./configure \
- --build=$CBUILD \
- --host=$CHOST \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --enable-ft \
- --enable-gobject \
- --enable-pdf \
- --enable-png \
- --enable-ps \
- --enable-svg \
- --enable-tee \
- --enable-x \
- --enable-xcb \
- --enable-xcb-shm \
- --enable-xlib \
- --enable-xlib-xrender \
- --disable-xlib-xcb
- make
+ abuild-meson \
+ -Ddefault_library=both \
+ -Dgtk_doc=true \
+ output
+ meson compile ${JOBS:+-j ${JOBS}} -C output
+}
+
+check() {
+ meson test --no-rebuild -v -C output
}
package() {
- make DESTDIR="$pkgdir" install
+ DESTDIR="$pkgdir" meson install --no-rebuild -C output
}
gobject() {
@@ -89,10 +75,8 @@ tools() {
amove usr/lib/cairo/libcairo-trace.*
}
-sha512sums="9eb27c4cf01c0b8b56f2e15e651f6d4e52c99d0005875546405b64f1132aed12fbf84727273f493d84056a13105e065009d89e94a8bfaf2be2649e232b82377f cairo-1.16.0.tar.xz
+sha512sums="
+1537b34ca49b853f4f60a7ceac0c1b878e7e2874f1ca3a37ab6ccbb704a37872314447016ad07b82312b302bb6df86b71265232a802ccdb9fb8cd18f211ff185 cairo-1.17.6.tar.bz2
86f26fe41deb5e14f553c999090d1ec1d92a534fa7984112c9a7f1d6c6a8f1b7bb735947e8ec3f26e817f56410efe8cc46c5e682f6a278d49b40a683513740e0 musl-stacksize.patch
-8f13cdcae0f134e04778cf5915f858fb8d5357a7e0a454791c93d1566935b985ec66dfe1683cd0b74a1cb44a130923d7a27cf006f3fc70b9bee93abd58a55aa3 CVE-2018-19876.patch
-533ea878dc7f917af92e2694bd3f535a09cde77f0ecd0cc00881fbc9ec1ea86f60026eacc76129705f525f6672929ad8d15d8cfe1bfa61e9962e805a7fbded81 pdf-flush.patch
-20699d2dd10531f99587cdcd187a23e23bca5a9f031255c95aade4dadb79bbb62118c7ddff677c2fd20e4ba7694eee4debcd79a4d0736d62951a4fcee56ccae0 fix-mask-usage-in-image-compositor.patch
-a056e85549e8410782674cb4ce7b38b035cdde8f4319c18dd942a18b33d35c5be4d0c0c34081ee556473df4f2725cdba508a387ee6222214484b10a5d9eaad90 composite_color_glyphs.patch
-ae079840a842ec645ab3c9a2d5db8d3f8bb4e25ce4090afc3d226ba292f15b85bdaaed0967bb12bfa429d7f6376a28c87518df194ab6b1d2a2e7c96ab6df8ba2 cff-allow-empty-array-of-operands-for-certain-operat.patch"
+fe9badbffceea378cab893f8a13f76e7c411bba18bab69a768ceda68b05357a94b41bb9f025d05f0ae7d1d324f0cdf98bf5a2c27b35db45f3fc5a70bfa091113 fix-type1-subset-indexing.patch
+"
diff --git a/main/cairo/CVE-2018-19876.patch b/main/cairo/CVE-2018-19876.patch
deleted file mode 100644
index c9cd71f4ae..0000000000
--- a/main/cairo/CVE-2018-19876.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 90e85c2493fdfa3551f202ff10282463f1e36645 Mon Sep 17 00:00:00 2001
-From: Carlos Garcia Campos <cgarcia@igalia.com>
-Date: Mon, 19 Nov 2018 12:33:07 +0100
-Subject: [PATCH] ft: Use FT_Done_MM_Var instead of free when available in
- cairo_ft_apply_variations
-
-Fixes a crash when using freetype >= 2.9
----
- src/cairo-ft-font.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
-index 325dd61b4..981973f78 100644
---- a/src/cairo-ft-font.c
-+++ b/src/cairo-ft-font.c
-@@ -2393,7 +2393,11 @@ skip:
- done:
- free (coords);
- free (current_coords);
-+#if HAVE_FT_DONE_MM_VAR
-+ FT_Done_MM_Var (face->glyph->library, ft_mm_var);
-+#else
- free (ft_mm_var);
-+#endif
- }
- }
-
---
-2.18.1
-
diff --git a/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch b/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch
deleted file mode 100644
index 3149dadba6..0000000000
--- a/main/cairo/cff-allow-empty-array-of-operands-for-certain-operat.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From ef959bc76e65ea0b0d4ba3ee50dfbce31c3484ad Mon Sep 17 00:00:00 2001
-From: Marek Kasik <mkasik@redhat.com>
-Date: Fri, 27 Mar 2020 19:39:46 +0100
-Subject: [PATCH] cff: Allow empty array of operands for certain operators
-
-Operators BlueValues, OtherBlues, FamilyBlues, FamilyOtherBlues,
-StemSnapH and StemSnapV have operands of type delta which can be
-a number or an array of delta-encoded numbers. This array can be
-empty according to freetype developers.
-This commit checks whether current operator is among those listed
-and permits empty operand in such case.
----
- src/cairo-cff-subset.c | 78 ++++++++++++++++++++++++++----------------
- 1 file changed, 49 insertions(+), 29 deletions(-)
-
-Patch-Source: https://src.fedoraproject.org/rpms/cairo/blob/ba42ecc23bb1162a1951edc0209f9f48e87bba7e/f/0001-cff-Allow-empty-array-of-operands-for-certain-operat.patch
-See-Also: https://bugzilla.redhat.com/show_bug.cgi?id=1817958
-
-diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
-index 37727eddb..fce4195e9 100644
---- a/src/cairo-cff-subset.c
-+++ b/src/cairo-cff-subset.c
-@@ -56,30 +56,36 @@
-
- /* CFF Dict Operators. If the high byte is 0 the command is encoded
- * with a single byte. */
--#define BASEFONTNAME_OP 0x0c16
--#define CIDCOUNT_OP 0x0c22
--#define CHARSET_OP 0x000f
--#define CHARSTRINGS_OP 0x0011
--#define COPYRIGHT_OP 0x0c00
--#define DEFAULTWIDTH_OP 0x0014
--#define ENCODING_OP 0x0010
--#define FAMILYNAME_OP 0x0003
--#define FDARRAY_OP 0x0c24
--#define FDSELECT_OP 0x0c25
--#define FONTBBOX_OP 0x0005
--#define FONTMATRIX_OP 0x0c07
--#define FONTNAME_OP 0x0c26
--#define FULLNAME_OP 0x0002
--#define LOCAL_SUB_OP 0x0013
--#define NOMINALWIDTH_OP 0x0015
--#define NOTICE_OP 0x0001
--#define POSTSCRIPT_OP 0x0c15
--#define PRIVATE_OP 0x0012
--#define ROS_OP 0x0c1e
--#define UNIQUEID_OP 0x000d
--#define VERSION_OP 0x0000
--#define WEIGHT_OP 0x0004
--#define XUID_OP 0x000e
-+#define BASEFONTNAME_OP 0x0c16
-+#define CIDCOUNT_OP 0x0c22
-+#define CHARSET_OP 0x000f
-+#define CHARSTRINGS_OP 0x0011
-+#define COPYRIGHT_OP 0x0c00
-+#define DEFAULTWIDTH_OP 0x0014
-+#define ENCODING_OP 0x0010
-+#define FAMILYNAME_OP 0x0003
-+#define FDARRAY_OP 0x0c24
-+#define FDSELECT_OP 0x0c25
-+#define FONTBBOX_OP 0x0005
-+#define FONTMATRIX_OP 0x0c07
-+#define FONTNAME_OP 0x0c26
-+#define FULLNAME_OP 0x0002
-+#define LOCAL_SUB_OP 0x0013
-+#define NOMINALWIDTH_OP 0x0015
-+#define NOTICE_OP 0x0001
-+#define POSTSCRIPT_OP 0x0c15
-+#define PRIVATE_OP 0x0012
-+#define ROS_OP 0x0c1e
-+#define UNIQUEID_OP 0x000d
-+#define VERSION_OP 0x0000
-+#define WEIGHT_OP 0x0004
-+#define XUID_OP 0x000e
-+#define BLUEVALUES_OP 0x0006
-+#define OTHERBLUES_OP 0x0007
-+#define FAMILYBLUES_OP 0x0008
-+#define FAMILYOTHERBLUES_OP 0x0009
-+#define STEMSNAPH_OP 0x0c0c
-+#define STEMSNAPV_OP 0x0c0d
-
- #define NUM_STD_STRINGS 391
-
-@@ -615,13 +621,27 @@ cff_dict_create_operator (int operator,
- return _cairo_error (CAIRO_STATUS_NO_MEMORY);
-
- _cairo_dict_init_key (op, operator);
-- op->operand = _cairo_malloc (size);
-- if (unlikely (op->operand == NULL)) {
-- free (op);
-- return _cairo_error (CAIRO_STATUS_NO_MEMORY);
-+ if (size != 0) {
-+ op->operand = _cairo_malloc (size);
-+ if (unlikely (op->operand == NULL)) {
-+ free (op);
-+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
-+ }
-+ memcpy (op->operand, operand, size);
-+ } else {
-+ op->operand = NULL;
-+ /* Delta-encoded arrays can be empty. */
-+ if (operator != BLUEVALUES_OP &&
-+ operator != OTHERBLUES_OP &&
-+ operator != FAMILYBLUES_OP &&
-+ operator != FAMILYOTHERBLUES_OP &&
-+ operator != STEMSNAPH_OP &&
-+ operator != STEMSNAPV_OP) {
-+ free (op);
-+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
-+ }
- }
-
-- memcpy (op->operand, operand, size);
- op->operand_length = size;
- op->operand_offset = -1;
-
---
-2.26.0
-
diff --git a/main/cairo/composite_color_glyphs.patch b/main/cairo/composite_color_glyphs.patch
deleted file mode 100644
index 97440f27f7..0000000000
--- a/main/cairo/composite_color_glyphs.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001
-From: Matthias Clasen <mclasen@redhat.com>
-Date: Thu, 30 May 2019 07:30:55 -0400
-Subject: [PATCH] Fix a thinko in composite_color_glyphs
-
-We can't just move around the contents of the
-passed-in string, we need to make a copy. This
-was showing up as memory corruption in pango.
-
-See https://gitlab.gnome.org/GNOME/pango/issues/346
----
- src/cairo-surface.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-Patch-Source: https://github.com/matthiasclasen/cairo/commit/79ad01724161502e8d9d2bd384ff1f0174e5df6e
-
-diff --git a/src/cairo-surface.c b/src/cairo-surface.c
-index c30f84087..e112b660a 100644
---- a/src/cairo-surface.c
-+++ b/src/cairo-surface.c
-@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
- const cairo_clip_t *clip)
- {
- cairo_int_status_t status;
-+ char *utf8_copy = NULL;
-
- TRACE ((stderr, "%s\n", __FUNCTION__));
- if (unlikely (surface->status))
-@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
- status = CAIRO_INT_STATUS_UNSUPPORTED;
-
- if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
-+ utf8_copy = malloc (sizeof (char) * utf8_len);
-+ memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
-+ utf8 = utf8_copy;
-+
- status = composite_color_glyphs (surface, op,
- source,
- (char *)utf8, &utf8_len,
-@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
- if (num_glyphs == 0)
- goto DONE;
- }
-+ else
-+ utf8_copy = NULL;
-
- /* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
- * show_text_glyphs. Keep in synch. */
-@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
- surface->serial++;
- }
-
-+ if (utf8_copy)
-+ free (utf8_copy);
-+
- return _cairo_surface_set_error (surface, status);
- }
-
diff --git a/main/cairo/fix-mask-usage-in-image-compositor.patch b/main/cairo/fix-mask-usage-in-image-compositor.patch
deleted file mode 100644
index 8d5717ffa2..0000000000
--- a/main/cairo/fix-mask-usage-in-image-compositor.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
-From: Heiko Lewin <heiko.lewin@worldiety.de>
-Date: Tue, 15 Dec 2020 16:48:19 +0100
-Subject: [PATCH 1/3] Fix mask usage in image-compositor
-
----
- src/cairo-image-compositor.c | 8 ++--
- test/Makefile.sources | 1 +
- test/bug-image-compositor.c | 39 ++++++++++++++++++++
- test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes
- 4 files changed, 44 insertions(+), 4 deletions(-)
- create mode 100644 test/bug-image-compositor.c
- create mode 100644 test/reference/bug-image-compositor.ref.png
-
-diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
-index 79ad69f68..4f8aaed99 100644
---- a/src/cairo-image-compositor.c
-+++ b/src/cairo-image-compositor.c
-@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
- unsigned num_spans)
- {
- cairo_image_span_renderer_t *r = abstract_renderer;
-- uint8_t *m;
-+ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
- int x0;
-
- if (num_spans == 0)
- return CAIRO_STATUS_SUCCESS;
-
- x0 = spans[0].x;
-- m = r->_buf;
-+ m = base;
- do {
- int len = spans[1].x - spans[0].x;
- if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
-@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
- spans[0].x, y,
- spans[1].x - spans[0].x, h);
-
-- m = r->_buf;
-+ m = base;
- x0 = spans[1].x;
- } else if (spans[0].coverage == 0x0) {
- if (spans[0].x != x0) {
-@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
- #endif
- }
-
-- m = r->_buf;
-+ m = base;
- x0 = spans[1].x;
- } else {
- *m++ = spans[0].coverage;
-diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
-new file mode 100644
-index 000000000..fc4fd370b
---- /dev/null
-+++ b/test/bug-image-compositor.c
-@@ -0,0 +1,39 @@
-+#include "cairo-test.h"
-+
-+static cairo_test_status_t
-+draw (cairo_t *cr, int width, int height)
-+{
-+ cairo_set_source_rgb (cr, 0., 0., 0.);
-+ cairo_paint (cr);
-+
-+ cairo_set_source_rgb (cr, 1., 1., 1.);
-+ cairo_set_line_width (cr, 1.);
-+
-+ cairo_pattern_t *p = cairo_pattern_create_linear (0, 0, width, height);
-+ cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
-+ cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
-+ cairo_set_source (cr, p);
-+
-+ cairo_move_to (cr, 0.5, -1);
-+ for (int i = 0; i < width; i+=3) {
-+ cairo_rel_line_to (cr, 2, 2);
-+ cairo_rel_line_to (cr, 1, -2);
-+ }
-+
-+ cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
-+ cairo_stroke (cr);
-+
-+ cairo_pattern_destroy(p);
-+
-+ return CAIRO_TEST_SUCCESS;
-+}
-+
-+
-+CAIRO_TEST (bug_image_compositor,
-+ "Crash in image-compositor",
-+ "stroke, stress", /* keywords */
-+ NULL, /* requirements */
-+ 10000, 1,
-+ NULL, draw)
-+
-+
-
-From 8bc14a6bba3bc8a64ff0749c74d9b96305bf6429 Mon Sep 17 00:00:00 2001
-From: Heiko Lewin <heiko.lewin@worldiety.de>
-Date: Tue, 15 Dec 2020 17:14:18 +0100
-Subject: [PATCH 2/3] Minor cleanups
-
----
- test/bug-image-compositor.c | 33 ++++++++++++++++++++++++++++++---
- 1 file changed, 30 insertions(+), 3 deletions(-)
-
-diff --git a/test/bug-image-compositor.c b/test/bug-image-compositor.c
-index fc4fd370b..304ea089c 100644
---- a/test/bug-image-compositor.c
-+++ b/test/bug-image-compositor.c
-@@ -1,5 +1,34 @@
-+/*
-+ * Copyright © 2020 Uli Schlachter, Heiko Lewin
-+ *
-+ * Permission is hereby granted, free of charge, to any person
-+ * obtaining a copy of this software and associated documentation
-+ * files (the "Software"), to deal in the Software without
-+ * restriction, including without limitation the rights to use, copy,
-+ * modify, merge, publish, distribute, sublicense, and/or sell copies
-+ * of the Software, and to permit persons to whom the Software is
-+ * furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice shall be
-+ * included in all copies or substantial portions of the Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-+ * SOFTWARE.
-+ *
-+ * Author: Uli Schlachter <psychon@znc.in>
-+ * Author: Heiko Lewin <hlewin@gmx.de>
-+ */
- #include "cairo-test.h"
-
-+
-+/* This test reproduces an overflow of a mask-buffer in cairo-image-compositor.c */
-+
- static cairo_test_status_t
- draw (cairo_t *cr, int width, int height)
- {
-@@ -13,6 +42,7 @@ draw (cairo_t *cr, int width, int height)
- cairo_pattern_add_color_stop_rgb (p, 0, 0.99, 1, 1);
- cairo_pattern_add_color_stop_rgb (p, 1, 1, 1, 1);
- cairo_set_source (cr, p);
-+ cairo_pattern_destroy(p);
-
- cairo_move_to (cr, 0.5, -1);
- for (int i = 0; i < width; i+=3) {
-@@ -23,8 +53,6 @@ draw (cairo_t *cr, int width, int height)
- cairo_set_operator (cr, CAIRO_OPERATOR_SOURCE);
- cairo_stroke (cr);
-
-- cairo_pattern_destroy(p);
--
- return CAIRO_TEST_SUCCESS;
- }
-
-@@ -36,4 +64,3 @@ CAIRO_TEST (bug_image_compositor,
- 10000, 1,
- NULL, draw)
-
--
---
-GitLab
-
diff --git a/main/cairo/fix-type1-subset-indexing.patch b/main/cairo/fix-type1-subset-indexing.patch
new file mode 100644
index 0000000000..87ce4b8abd
--- /dev/null
+++ b/main/cairo/fix-type1-subset-indexing.patch
@@ -0,0 +1,153 @@
+Patch-Source: https://github.com/freedesktop/cairo/commit/ff4fd6f960deb7afdac233465a1f4e807234ad15
+From ff4fd6f960deb7afdac233465a1f4e807234ad15 Mon Sep 17 00:00:00 2001
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Sun, 3 Apr 2022 20:03:58 +0930
+Subject: [PATCH] Fix type1-subset indexing
+
+Fixes #551
+---
+ src/cairo-type1-subset.c | 50 ++++++++++++++++++++++++++--------------
+ 1 file changed, 33 insertions(+), 17 deletions(-)
+
+diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
+index 73f414dc4..0166f7a78 100644
+--- a/src/cairo-type1-subset.c
++++ b/src/cairo-type1-subset.c
+@@ -70,7 +70,7 @@ typedef struct _cairo_type1_font_subset {
+ struct {
+ unsigned int font_id;
+ char *base_font;
+- unsigned int num_glyphs;
++ unsigned int num_glyphs; /* Num /CharStrings in font */
+ double x_min, y_min, x_max, y_max;
+ double ascent, descent;
+ double units_per_em;
+@@ -81,6 +81,9 @@ typedef struct _cairo_type1_font_subset {
+ unsigned long trailer_size;
+ } base;
+
++ /* Num glyphs in subset. May be greater than
++ * scaled_font_subset->num_glyphs due to glyphs required by the
++ * SEAC operator. */
+ int num_glyphs;
+
+ /* The glyphs and glyph_names arrays are indexed by the order of
+@@ -89,12 +92,12 @@ typedef struct _cairo_type1_font_subset {
+ * function is used to map the glyph index to the glyph order in
+ * the Charstrings. */
+
+- glyph_data_t *glyphs;
+- char **glyph_names;
+ cairo_array_t glyphs_array;
++ glyph_data_t *glyphs; /* pointer to first element of above array */
+ cairo_array_t glyph_names_array;
++ char **glyph_names; /* pointer to first element of above array */
+
+- int num_subrs;
++ int num_subrs; /* Num /Subrs routines in the font */
+ cairo_bool_t subset_subrs;
+ struct {
+ const char *subr_string;
+@@ -102,12 +105,17 @@ typedef struct _cairo_type1_font_subset {
+ const char *np;
+ int np_length;
+ cairo_bool_t used;
+- } *subrs;
++ } *subrs; /* array with num_subrs elements */
+
+- /* Indexed by subset_index this maps to the glyph order in the
+- * glyph_names and glyphs arrays. Has font->num_glyphs
+- * elements. */
+- int *subset_index_to_glyphs;
++ /* Maps scaled_font_subset index to glyphs_array.
++ * Array size = scaled_font_subset->num_glyphs. */
++ int *scaled_subset_index_to_glyphs;
++
++ /* Keeps track of the glyphs that will be emitted in the subset.
++ * Allocated size = base.num_glyphs. Number of entries = num_glyphs.
++ * Array values are glyph_array indexes.
++ */
++ int *type1_subset_index_to_glyphs;
+
+ cairo_output_stream_t *output;
+ cairo_array_t contents;
+@@ -159,7 +167,12 @@ _cairo_type1_font_subset_init (cairo_type1_font_subset_t *font,
+
+ _cairo_array_init (&font->glyphs_array, sizeof (glyph_data_t));
+ _cairo_array_init (&font->glyph_names_array, sizeof (char *));
+- font->subset_index_to_glyphs = NULL;
++ font->scaled_subset_index_to_glyphs = calloc (scaled_font_subset->num_glyphs, sizeof font->scaled_subset_index_to_glyphs[0]);
++ if (unlikely (font->scaled_subset_index_to_glyphs == NULL))
++ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
++
++
++ font->type1_subset_index_to_glyphs = NULL;
+ font->base.num_glyphs = 0;
+ font->num_subrs = 0;
+ font->subset_subrs = TRUE;
+@@ -180,7 +193,7 @@ cairo_type1_font_subset_use_glyph (cairo_type1_font_subset_t *font, int glyph)
+ return;
+
+ font->glyphs[glyph].subset_index = font->num_glyphs;
+- font->subset_index_to_glyphs[font->num_glyphs] = glyph;
++ font->type1_subset_index_to_glyphs[font->num_glyphs] = glyph;
+ font->num_glyphs++;
+ }
+
+@@ -552,7 +565,7 @@ cairo_type1_font_subset_write_header (cairo_type1_font_subset_t *font,
+ }
+ } else {
+ for (i = 1; i < font->scaled_font_subset->num_glyphs; i++) {
+- glyph = font->scaled_font_subset->glyphs[i];
++ glyph = font->scaled_subset_index_to_glyphs[i];
+ _cairo_output_stream_printf (font->output,
+ "dup %d /%s put\n",
+ i,
+@@ -1391,8 +1404,8 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font,
+ font->glyphs = _cairo_array_index (&font->glyphs_array, 0);
+ font->glyph_names = _cairo_array_index (&font->glyph_names_array, 0);
+ font->base.num_glyphs = _cairo_array_num_elements (&font->glyphs_array);
+- font->subset_index_to_glyphs = calloc (font->base.num_glyphs, sizeof font->subset_index_to_glyphs[0]);
+- if (unlikely (font->subset_index_to_glyphs == NULL))
++ font->type1_subset_index_to_glyphs = calloc (font->base.num_glyphs, sizeof font->type1_subset_index_to_glyphs[0]);
++ if (unlikely (font->type1_subset_index_to_glyphs == NULL))
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+
+ backend = font->scaled_font_subset->scaled_font->backend;
+@@ -1414,6 +1427,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font,
+ return status;
+
+ cairo_type1_font_subset_use_glyph (font, index);
++ font->scaled_subset_index_to_glyphs[i] = index;
+ }
+
+ /* Go through the charstring of each glyph in use, get the glyph
+@@ -1421,7 +1435,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font,
+ * seac operator (which may cause font->num_glyphs to increase
+ * while this loop is executing). Also subset the Subrs. */
+ for (j = 0; j < font->num_glyphs; j++) {
+- glyph = font->subset_index_to_glyphs[j];
++ glyph = font->type1_subset_index_to_glyphs[j];
+ font->build_stack.sp = 0;
+ font->ps_stack.sp = 0;
+ status = cairo_type1_font_subset_parse_charstring (font,
+@@ -1711,7 +1725,9 @@ _cairo_type1_font_subset_fini (cairo_type1_font_subset_t *font)
+
+ free (font->base.base_font);
+
+- free (font->subset_index_to_glyphs);
++ free (font->scaled_subset_index_to_glyphs);
++
++ free (font->type1_subset_index_to_glyphs);
+
+ free (font->cleartext);
+
+@@ -1765,7 +1781,7 @@ _cairo_type1_subset_init (cairo_type1_subset_t *type1_subset,
+ goto fail2;
+
+ for (i = 0; i < font.scaled_font_subset->num_glyphs; i++) {
+- glyph = font.scaled_font_subset->glyphs[i];
++ glyph = font.scaled_subset_index_to_glyphs[i];
+ type1_subset->widths[i] = font.glyphs[glyph].width;
+ }
+
diff --git a/main/cairo/pdf-flush.patch b/main/cairo/pdf-flush.patch
deleted file mode 100644
index c6e2251a51..0000000000
--- a/main/cairo/pdf-flush.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From https://cgit.freedesktop.org/cairo/commit/?id=4c8813f0eaacc32c27126ad2296951a626300b89
-
-Fixes https://gitlab.freedesktop.org/cairo/cairo/issues/342
-
-From 4c8813f0eaacc32c27126ad2296951a626300b89 Mon Sep 17 00:00:00 2001
-From: Adrian Johnson <ajohnson@redneon.com>
-Date: Thu, 25 Oct 2018 18:46:17 +1030
-Subject: pdf: add missing flush
-
-Issue #342
----
- src/cairo-pdf-surface.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c
-index 7eb61aa..939b2d2 100644
---- a/src/cairo-pdf-surface.c
-+++ b/src/cairo-pdf-surface.c
-@@ -7711,6 +7711,11 @@ _cairo_pdf_surface_mask (void *abstract_surface,
- * and most common, case to handle. */
- if (_cairo_pattern_is_constant_alpha (mask, &extents.bounded, &alpha) &&
- _can_paint_pattern (source)) {
-+
-+ status = _cairo_pdf_operators_flush (&surface->pdf_operators);
-+ if (unlikely (status))
-+ goto cleanup;
-+
- _cairo_output_stream_printf (surface->output, "q\n");
- status = _cairo_pdf_surface_paint_pattern (surface,
- op,
---
-cgit v1.1
-
diff --git a/main/ccache/APKBUILD b/main/ccache/APKBUILD
index 1de923bdd7..2a1642b305 100644
--- a/main/ccache/APKBUILD
+++ b/main/ccache/APKBUILD
@@ -1,20 +1,34 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ccache
-pkgver=4.4.2
-pkgrel=1
+pkgver=4.6.1
+pkgrel=0
pkgdesc="fast C/C++ compiler cache"
url="https://ccache.dev/"
arch="all"
license="GPL-3.0-or-later"
-makedepends="cmake zstd-dev hiredis-dev asciidoctor perl linux-headers"
+makedepends="
+ asciidoctor
+ cmake
+ hiredis-dev
+ linux-headers
+ perl
+ samurai
+ zstd-dev
+ "
checkdepends="bash util-linux-misc python3 redis"
subpackages="$pkgname-doc"
source="https://github.com/ccache/ccache/releases/download/v$pkgver/ccache-$pkgver.tar.xz
ioctl.patch"
+# XXX: https://github.com/ccache/ccache/issues/1014
+case "$CARCH" in
+s390x) options="!check" ;;
+esac
+
build() {
- cmake -B build \
+ cmake -B build -G Ninja \
+ -DCCACHE_DEV_MODE=OFF \
-DCMAKE_BUILD_TYPE=MinSizeRel \
-DCMAKE_INSTALL_PREFIX=/usr
cmake --build build
@@ -23,24 +37,24 @@ build() {
check() {
case $CARCH in
armhf) echo "SKIP make -C build test on $CARCH" ;;
- *) make -C build test ;;
+ *) ninja -C build test ;;
esac
}
package() {
- install -Dm 755 build/ccache "$pkgdir"/usr/bin/ccache
- install -Dm 644 build/doc/ccache.1 "$pkgdir"/usr/share/man/man1/ccache.1
+ DESTDIR="$pkgdir" cmake --install build
local link=
mkdir -p "$pkgdir"/usr/lib/ccache/bin
for link in cc gcc g++ cpp c++ $CHOST-cc $CHOST-gcc \
- $CHOST-g++ $CHOST-cpp $CHOST-c++; do
+ $CHOST-g++ $CHOST-cpp $CHOST-c++ \
+ clang clang++; do
ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/$link
done
}
sha512sums="
-afcec4806b1e307ec16006ecd9e39eb69fc1376407877f024c882926725d41f2b08eccdcfb3efd8dac9e481d07f9c08c043b8cea5ea563a0f49b2f587325e4a7 ccache-4.4.2.tar.xz
+361427ccecd74e8c25ca6a98ef3d3c125d81862196767eb383f6f8159fed8e1695cd5bc8731cb591c23c55352f0114a088b32a673717711efbfbb178a6c08c82 ccache-4.6.1.tar.xz
785ce34305a3bb6c24117341157356c2bd2272eca9d58fa20acd14a023abe6f784c88d9c55656d2f37320392bb73a61c52cd8b6bd9ac7c5316c8ed187dd6f5fb ioctl.patch
"
diff --git a/main/cdparanoia/APKBUILD b/main/cdparanoia/APKBUILD
index 5afc0c0b67..2d1c905184 100644
--- a/main/cdparanoia/APKBUILD
+++ b/main/cdparanoia/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cdparanoia
pkgver=10.2
-pkgrel=9
+pkgrel=10
pkgdesc="An audio CD extraction application"
url="http://www.xiph.org/paranoia"
arch="all"
@@ -12,8 +12,7 @@ makedepends="libtool autoconf automake linux-headers"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="http://downloads.xiph.org/releases/cdparanoia/cdparanoia-III-$pkgver.src.tgz
gcc.patch
- fix-includes.patch
- no-cuserid.patch"
+ fix-includes.patch"
builddir="$srcdir/$pkgname-III-$pkgver"
prepare() {
@@ -48,7 +47,8 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
}
-sha512sums="4ab0a0f5ef44d56c1af72d1fc1035566a1a89c4eeddb9e8baea675fe51c06138d913342afc8bed167d9fa55672fa25a2763ce21f7e24c1232e4739aff20733a7 cdparanoia-III-10.2.src.tgz
+sha512sums="
+4ab0a0f5ef44d56c1af72d1fc1035566a1a89c4eeddb9e8baea675fe51c06138d913342afc8bed167d9fa55672fa25a2763ce21f7e24c1232e4739aff20733a7 cdparanoia-III-10.2.src.tgz
27bf216e8b5b9d6971e3999166544025f166587df06065b89657dac62d0d53c01b76f53146c1e9a400dd71460567fadb8fd4ce00576836f972914d69e8855909 gcc.patch
e8a5ef0f5bcdba697d2d49e31346832bfa2460e6f6cac9256420f57c74a5da2945bdc664368c91365a880ba76e638f58773468d8e8bd16e7afcaff955a1a82ce fix-includes.patch
-52882bdc689e1a34bc0f3961aa649f400232a3fe769526a01fcbff4ba0d5183c1ad0737265b69668b857b0887b4e4e3f2c78bad913329cc7b621b14d47e873f9 no-cuserid.patch"
+"
diff --git a/main/cdparanoia/no-cuserid.patch b/main/cdparanoia/no-cuserid.patch
deleted file mode 100644
index dd6417f836..0000000000
--- a/main/cdparanoia/no-cuserid.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Since IEEE 1003.1-1988 cuserid is not standardized anymore. The musl
-libc, used by Alpine Linux, currently does not supporting using it with
-a NULL pointer argument [1]. Doing so causes a segmentation fault, to
-fix this remove use of cuserid entirely. This is currently achieved by
-not including the user name in the error message, while it would be
-possible to achieve the same output using getpwuid(geteuid()) this
-requires error handling and would make the patch more complicated.
-
-[1]: https://www.openwall.com/lists/musl/2020/01/29/2
-
-diff -upr cdparanoia-III-10.2.orig/interface/scan_devices.c cdparanoia-III-10.2/interface/scan_devices.c
---- cdparanoia-III-10.2.orig/interface/scan_devices.c 2020-02-12 20:29:46.232958848 +0100
-+++ cdparanoia-III-10.2/interface/scan_devices.c 2020-02-12 20:30:06.336297868 +0100
-@@ -6,8 +6,6 @@
- *
- ******************************************************************/
-
--#define _GNU_SOURCE /* get cuserid */
--#define _USE_XOPEN /* get cuserid */
- #include <limits.h>
- #include <stdio.h>
- #include <unistd.h>
-@@ -93,8 +91,7 @@ cdrom_drive *cdda_find_a_cdrom(int messa
- i++;
- }
- idmessage(messagedest,messages,
-- "\n\nNo cdrom drives accessible to %s found.\n",
-- cuserid(NULL));
-+ "\n\nNo cdrom drives accessible to current user found.\n", NULL);
- return(NULL);
- }
-
diff --git a/main/checkbashisms/APKBUILD b/main/checkbashisms/APKBUILD
index b93086f688..1be57cb006 100644
--- a/main/checkbashisms/APKBUILD
+++ b/main/checkbashisms/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=checkbashisms
-pkgver=2.21.7
+pkgver=2.22.1
pkgrel=0
pkgdesc="Check shell scripts for POXIX compliance"
url="https://tracker.debian.org/pkg/devscripts"
@@ -8,7 +8,7 @@ arch="noarch"
license="GPL-2.0-or-later"
depends="perl"
subpackages="$pkgname-doc $pkgname-bash-completion"
-source="http://cdn.debian.net/debian/pool/main/d/devscripts/devscripts_$pkgver.tar.xz"
+source="https://ftp.debian.org/debian/pool/main/d/devscripts/devscripts_$pkgver.tar.xz"
builddir="$srcdir/devscripts-$pkgver/scripts"
check() {
@@ -32,5 +32,5 @@ package() {
}
sha512sums="
-a64ee9529b3c013cdd1e203c44dc577ddfa0a3ae2a19ba1af1c0e33950af49b0adcf2fff9c075467af5b897cb40645ffedd357d68636762d135c21d7a865a745 devscripts_2.21.7.tar.xz
+260603e1a655035c5aca3c9734db1bc6aa7e9aa017ece7e9158c57e06a1ee548922ec2defdd9dcb4560743d78aef08d30695b1bc833bd4d77fe1c7497d157c45 devscripts_2.22.1.tar.xz
"
diff --git a/main/cifs-utils/APKBUILD b/main/cifs-utils/APKBUILD
index 63782052fd..03ccae8f85 100644
--- a/main/cifs-utils/APKBUILD
+++ b/main/cifs-utils/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=cifs-utils
-pkgver=6.14
+pkgver=6.15
pkgrel=0
pkgdesc="CIFS filesystem user-space tools"
url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
@@ -17,6 +17,11 @@ source="https://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-$pkgver.tar.b
options="suid"
# secfixes:
+# 6.15-r0:
+# - CVE-2022-27239
+# - CVE-2022-29869
+# 6.13-r0:
+# - CVE-2021-20208
# 0:
# - CVE-2020-14342 # requires --with-systemd
@@ -45,7 +50,7 @@ package() {
}
sha512sums="
-dd875e110988f84ac766900426e1a75c043607de1f24b87e95cd942f2f58561e1133d16466f02863643c8395fc0160df4050636d1ce0db005f2e52a592c7f0ab cifs-utils-6.14.tar.bz2
+eedb8066563db584595a8ba7cb7a603e6b763ac2c1261430d605c327fcc5a831acd48b58ea55dd243af778dfdc827ab8c6daf4015764ff550dcffc2182773510 cifs-utils-6.15.tar.bz2
99a2fab05bc2f14a600f89526ae0ed2c183cfa179fe386cb327075f710aee3aed5ae823f7c2f51913d1217c2371990d6d4609fdb8d80288bd3a6139df3c8aebe musl-fix-includes.patch
2a9366ec1ddb0389c535d2fa889f63287cb8374535a47232de102c7e50b6874f67a3d5ef3318df23733300fd8459c7ec4b11f3211508aca7800b756119308e98 xattr_size_max.patch
"
diff --git a/main/cjdns/APKBUILD b/main/cjdns/APKBUILD
index 5d8202b1f7..9044aa21e7 100644
--- a/main/cjdns/APKBUILD
+++ b/main/cjdns/APKBUILD
@@ -3,10 +3,10 @@
# Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org>
pkgname=cjdns
pkgver=21.1
-pkgrel=1
+pkgrel=2
pkgdesc="A routing engine designed for security, scalability, speed and ease of use"
url="https://github.com/cjdelisle/cjdns"
-arch="all !mips64 !s390x !ppc64le !riscv64"
+#arch="all !mips64 !s390x !ppc64le !riscv64"
license="GPL-3.0-or-later"
makedepends="nodejs python3 linux-headers libseccomp-dev"
install="$pkgname.post-install"
diff --git a/main/ckbcomp/APKBUILD b/main/ckbcomp/APKBUILD
index 1cb70d4bd6..4b9770b262 100644
--- a/main/ckbcomp/APKBUILD
+++ b/main/ckbcomp/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ckbcomp
-pkgver=1.207
+pkgver=1.208
pkgrel=0
pkgdesc="Compile a XKB keyboard description to a keymap"
url="https://packages.debian.org/sid/console-setup"
@@ -18,5 +18,5 @@ package() {
}
sha512sums="
-0652b43c2488246e5bf7fac7ad5dc7986ba0ae832ae2179d2ade14da0412639f9055216e6a5e73a7a7c682d4e606441bf3a24dd5dbce0c3b0aff8416571587e5 console-setup_1.207.tar.xz
+2fbc68bd6cf10e61eae50cef8fa8e26cc293f22d8303969032e2b693e9e4424cd87bcb7a411868694f7fac66365b3ac2f414dd281bc3dd3ad22d52a25e268313 console-setup_1.208.tar.xz
"
diff --git a/main/clang/10-add-musl-triples.patch b/main/clang/10-add-musl-triples.patch
index 27e28aa1d3..0ed9c81675 100644
--- a/main/clang/10-add-musl-triples.patch
+++ b/main/clang/10-add-musl-triples.patch
@@ -1,37 +1,39 @@
-diff --git a/lib/Driver/ToolChains/Gnu.cpp b/lib/Driver/ToolChains/Gnu.cpp
-index da197e47..505439ea 100644
--- a/lib/Driver/ToolChains/Gnu.cpp
+++ b/lib/Driver/ToolChains/Gnu.cpp
-@@ -2049,6 +2049,7 @@ void Generic_GCC::GCCInstallationDetector::AddDefaultGCCPrefixes(
+@@ -2073,7 +2073,7 @@
static const char *const AArch64LibDirs[] = {"/lib64", "/lib"};
static const char *const AArch64Triples[] = {
"aarch64-none-linux-gnu", "aarch64-linux-gnu", "aarch64-redhat-linux",
-+ "aarch64-linux-musl",
- "aarch64-suse-linux", "aarch64-linux-android"};
+- "aarch64-suse-linux"};
++ "aarch64-suse-linux", "aarch64-linux-musl"};
static const char *const AArch64beLibDirs[] = {"/lib"};
static const char *const AArch64beTriples[] = {"aarch64_be-none-linux-gnu",