user/libproxy: bump { 0.4.15 --> 0.4.17 }, fix build with Python 3.10

4 files changed, 65 insertions, 159 deletions

diff --git a/user/libproxy/APKBUILD b/user/libproxy/APKBUILD
index 7a13ebc05..d0d3b6620 100644
--- a/user/libproxy/APKBUILD
+++ b/user/libproxy/APKBUILD
@@ -1,10 +1,10 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
-# Maintainer: 
+# Maintainer: Zach van Rijn <me@zv.io>
 pkgname=libproxy
-pkgver=0.4.15
-pkgrel=3
+pkgver=0.4.17
+pkgrel=0
 pkgdesc="Library providing automatic proxy configuration management"
-url="http://libproxy.github.io/libproxy/"
+url="https://libproxy.github.io/libproxy/"
 arch="all"
 license="LGPL-2.1+"
 depends=""
@@ -14,8 +14,7 @@ subpackages="$pkgname-dev $pkgname-bin py3-$pkgname:py"
 source="$pkgname-$pkgver.tar.gz::https://github.com/libproxy/libproxy/archive/$pkgver.tar.gz
 	libproxy-0.4.7-unistd.patch
 	fix-includes.patch
-	CVE-2020-25219.patch
-	CVE-2020-26154.patch
+	python3.10.patch
 	"
 
 # secfixes:
@@ -60,8 +59,7 @@ py() {
 	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="8f68bd56e44aeb3f553f4657bef82a5d14302780508dafa32454d6f724b724c884ceed6042f8df53a081d26ea0b05598cf35eab44823257c47c5ef8afb36442b  libproxy-0.4.15.tar.gz
+sha512sums="589045538a78dc7453335ed61c60adad3352b840b224885d4a58ae284e52224ae3ff2eebd77df57aebbc3ae75d7b6d69a825f24f01c19e75bf0a3345dce53126  libproxy-0.4.17.tar.gz
 9929c308195bc59c1b9a7ddaaf708fb831da83c5d86d7ce122cb9774c9b9b16aef3c17fb721356e33a865de1af27db493f29a99d292e1e258cd0135218cacd32  libproxy-0.4.7-unistd.patch
 e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9  fix-includes.patch
-908fbf49bec18764a8c2ab81ef5d5e6e1fc2423cf9a6608cc7d3a6d5ac44676e171646b0f95b39b7ade108afd62cc2ede8f7b57d6ba0d67025f30b18e5084292  CVE-2020-25219.patch
-01c784a8016bb2a2bf5058b6af7fac29250542bfd4e0679a91fa223c821336d651f8f4a968763072edb86a78a743618c312a2daeb2963c8e5207109f2d26a18f  CVE-2020-26154.patch"
+9f506d918c4bacbc224cf798b776a7daeb124782352270cca184c5af0f6f4cab73de724f3724e380ddd9240521e0eee46b1a22f2953d1d3026edc3926b3ff9b0  python3.10.patch"
diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch
deleted file mode 100644
index 03cfbc00e..000000000
--- a/user/libproxy/CVE-2020-25219.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
-From: Michael Catanzaro <mcatanzaro@gnome.org>
-Date: Wed, 9 Sep 2020 11:12:02 -0500
-Subject: [PATCH] Rewrite url::recvline to be nonrecursive
-
-This function processes network input. It's semi-trusted, because the
-PAC ought to be trusted. But we still shouldn't allow it to control how
-far we recurse. A malicious PAC can cause us to overflow the stack by
-sending a sufficiently-long line without any '\n' character.
-
-Also, this function failed to properly handle EINTR, so let's fix that
-too, for good measure.
-
-Fixes #134
----
- libproxy/url.cpp | 28 ++++++++++++++++++----------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..68d69cd 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -388,16 +388,24 @@ string url::to_string() const {
- 	return m_orig;
- }
- 
--static inline string recvline(int fd) {
--	// Read a character.
--	// If we don't get a character, return empty string.
--	// If we are at the end of the line, return empty string.
--	char c = '\0';
--	
--	if (recv(fd, &c, 1, 0) != 1 || c == '\n')
--		return "";
--
--	return string(1, c) + recvline(fd);
-+static string recvline(int fd) {
-+	string line;
-+	int ret;
-+
-+	// Reserve arbitrary amount of space to avoid small memory reallocations.
-+	line.reserve(128);
-+
-+	do {
-+		char c;
-+		ret = recv(fd, &c, 1, 0);
-+		if (ret == 1) {
-+			if (c == '\n')
-+				return line;
-+			line += c;
-+		}
-+	} while (ret == 1 || (ret == -1 && errno == EINTR));
-+
-+	return line;
- }
- 
- char* url::get_pac() {
diff --git a/user/libproxy/CVE-2020-26154.patch b/user/libproxy/CVE-2020-26154.patch
deleted file mode 100644
index 929083327..000000000
--- a/user/libproxy/CVE-2020-26154.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
-From: Fei Li <lifeibiren@gmail.com>
-Date: Fri, 17 Jul 2020 02:18:37 +0800
-Subject: [PATCH] Fix buffer overflow when PAC is enabled
-
-The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
-out to be the large PAC file (more than 102400 bytes) returned by a
-local proxy program with no content-length present.
----
- libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
- 1 file changed, 31 insertions(+), 13 deletions(-)
-
-diff --git a/libproxy/url.cpp b/libproxy/url.cpp
-index ee776b2..8684086 100644
---- a/libproxy/url.cpp
-+++ b/libproxy/url.cpp
-@@ -54,7 +54,7 @@ using namespace std;
- #define PAC_MIME_TYPE_FB "text/plain"
- 
- // This is the maximum pac size (to avoid memory attacks)
--#define PAC_MAX_SIZE 102400
-+#define PAC_MAX_SIZE 0x800000
- // This is the default block size to use when receiving via HTTP
- #define PAC_HTTP_BLOCK_SIZE 512
- 
-@@ -478,15 +478,13 @@ char* url::get_pac() {
- 		}
- 
- 		// Get content
--		unsigned int recvd = 0;
--		buffer = new char[PAC_MAX_SIZE];
--		memset(buffer, 0, PAC_MAX_SIZE);
-+		std::vector<char> dynamic_buffer;
- 		do {
- 			unsigned int chunk_length;
- 
- 			if (chunked) {
- 				// Discard the empty line if we received a previous chunk
--				if (recvd > 0) recvline(sock);
-+				if (!dynamic_buffer.empty()) recvline(sock);
- 
- 				// Get the chunk-length line as an integer
- 				if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
-@@ -498,21 +496,41 @@ char* url::get_pac() {
- 
- 			if (content_length >= PAC_MAX_SIZE) break;
- 
--			while (content_length == 0 || recvd != content_length) {
--				int r = recv(sock, buffer + recvd,
--				             content_length == 0 ? PAC_HTTP_BLOCK_SIZE
--				                                 : content_length - recvd, 0);
-+			while (content_length == 0 || dynamic_buffer.size() != content_length) {
-+				// Calculate length to recv
-+				unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
-+				if (content_length > 0)
-+					length_to_read = content_length - dynamic_buffer.size();
-+
-+				// Prepare buffer
-+				dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
-+
-+				int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
-+
-+				// Shrink buffer to fit
-+				if (r >= 0)
-+					dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
-+
-+				// PAC size too large, discard
-+				if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
-+					chunked = false;
-+					dynamic_buffer.clear();
-+					break;
-+				}
-+
- 				if (r <= 0) {
- 					chunked = false;
- 					break;
- 				}
--				recvd += r;
- 			}
- 		} while (chunked);
- 
--		if (content_length != 0 && string(buffer).size() != content_length) {
--			delete[] buffer;
--			buffer = NULL;
-+		if (content_length == 0 || content_length == dynamic_buffer.size()) {
-+			buffer = new char[dynamic_buffer.size() + 1];
-+			if (!dynamic_buffer.empty()) {
-+				memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
-+			}
-+			buffer[dynamic_buffer.size()] = '\0';
- 		}
- 	}
- 
diff --git a/user/libproxy/python3.10.patch b/user/libproxy/python3.10.patch
new file mode 100644
index 000000000..73645cee6
--- /dev/null
+++ b/user/libproxy/python3.10.patch
@@ -0,0 +1,58 @@
+From 04eeeabb42436cb58e9bac2f6c31c0fb87905a72 Mon Sep 17 00:00:00 2001
+From: David King <amigadave@amigadave.com>
+Date: Mon, 21 Jun 2021 17:10:43 +0100
+Subject: [PATCH] python: Support Python 3.10 and above
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As suggested by Miro Hrončok, change the way that the Python interpreter
+version is found. Additionally, update the static list of accepted
+Python 3 versions.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1898060
+---
+ bindings/python/python2/CMakeLists.txt | 2 +-
+ bindings/python/python3/CMakeLists.txt | 2 +-
+ cmake/FindPython3Interp.cmake          | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bindings/python/python2/CMakeLists.txt b/bindings/python/python2/CMakeLists.txt
+index 00df551b..f4d2b91a 100644
+--- a/bindings/python/python2/CMakeLists.txt
++++ b/bindings/python/python2/CMakeLists.txt
+@@ -6,7 +6,7 @@ if(PYTHON2INTERP_FOUND)
+   if(NOT PYTHON2_SITEPKG_DIR)
+     execute_process(COMMAND
+ 		    ${PYTHON2_EXECUTABLE}
+-		    -c "import sys; print (sys.version[0:3])"
++		    -c "import sys; print('{}.{}'.format(*sys.version_info[0:2]))"
+ 		    OUTPUT_VARIABLE PYTHON2_VERSION
+ 		    OUTPUT_STRIP_TRAILING_WHITESPACE)
+ 
+diff --git a/bindings/python/python3/CMakeLists.txt b/bindings/python/python3/CMakeLists.txt
+index bf87dfcc..fc3b24b2 100644
+--- a/bindings/python/python3/CMakeLists.txt
++++ b/bindings/python/python3/CMakeLists.txt
+@@ -6,7 +6,7 @@ if(PYTHON3INTERP_FOUND)
+   if(NOT PYTHON3_SITEPKG_DIR)
+     execute_process(COMMAND
+ 		    ${PYTHON3_EXECUTABLE}
+-		    -c "import sys; print (sys.version[0:3])"
++		    -c "import sys; print('{}.{}'.format(*sys.version_info[0:2]))"
+ 		    OUTPUT_VARIABLE PYTHON3_VERSION
+ 		    OUTPUT_STRIP_TRAILING_WHITESPACE)
+ 
+diff --git a/cmake/FindPython3Interp.cmake b/cmake/FindPython3Interp.cmake
+index 74398b2b..5b25e5af 100644
+--- a/cmake/FindPython3Interp.cmake
++++ b/cmake/FindPython3Interp.cmake
+@@ -39,7 +39,7 @@
+ 
+ unset(_Python3_NAMES)
+ 
+-set(_Python3_VERSIONS 3.9 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
++set(_Python3_VERSIONS 3.10 3.9 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
+ 
+ if(Python3Interp_FIND_VERSION)
+     if(Python3Interp_FIND_VERSION_COUNT GREATER 1)