diff options
author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-06-08 02:11:51 -0500 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-06-08 02:11:51 -0500 |
commit | c86aec496298fb20f0770f5ce9a2a37935f7aa5b (patch) | |
tree | b95d17ae82ab73a2a147a2f0c9734c309e5f9807 /user | |
parent | fd2bb2f751c13b3c0c002b8e012810902b9da364 (diff) | |
download | packages-c86aec496298fb20f0770f5ce9a2a37935f7aa5b.tar.gz packages-c86aec496298fb20f0770f5ce9a2a37935f7aa5b.tar.bz2 packages-c86aec496298fb20f0770f5ce9a2a37935f7aa5b.tar.xz packages-c86aec496298fb20f0770f5ce9a2a37935f7aa5b.zip |
put user stuff in user, not system
Diffstat (limited to 'user')
161 files changed, 14933 insertions, 0 deletions
diff --git a/user/apr-util/APKBUILD b/user/apr-util/APKBUILD new file mode 100644 index 000000000..415c3e9cd --- /dev/null +++ b/user/apr-util/APKBUILD @@ -0,0 +1,64 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=apr-util +pkgver=1.6.1 +pkgrel=0 +pkgdesc="The Apache Portable Runtime Utility Library" +url="http://apr.apache.org/" +arch="all" +license="ASL 2.0" +depends= +subpackages="$pkgname-dev $pkgname-dbm_db $pkgname-dbd_pgsql + $pkgname-dbd_sqlite3 $pkgname-ldap" + +depends_dev="expat-dev apr-dev openldap-dev sqlite-dev postgresql-dev + db-dev openssl-dev" +makedepends="$depends_dev bash chrpath openssl" +source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2" +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --with-apr=/usr \ + --with-ldap \ + --with-pgsql \ + --with-sqlite3 \ + --with-berkeley-db \ + --with-crypto \ + --with-openssl \ + --without-sqlite2 \ + --without-gdbm + make +} + +check() { + cd "$builddir" + # testxlate fails because UTF-7 is unsupported + make check || return 0 +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + rm "$pkgdir"/usr/lib/*.exp + chrpath -d "$pkgdir"/usr/lib/*.so.* +} + +_mv_mod() { + pkgdesc="The Apache Portable Runtime Utility Library - $2 driver" + depends= + local _moddir="usr/lib/apr-util-1" + mkdir -p "$subpkgdir"/$_moddir + mv "$pkgdir"/$_moddir/apr_$1*.so "$subpkgdir"/$_moddir/ +} + +dbm_db() { _mv_mod dbm_db "Berkley DB"; } +dbd_pgsql() { _mv_mod dbd_pgsql "PostgreSQL"; } +dbd_mysql() { _mv_mod dbd_mysql "MySQL"; } +dbd_sqlite3() { _mv_mod dbd_sqlite "SQLite3"; } +ldap() { _mv_mod ldap "LDAP"; } + +sha512sums="40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2" diff --git a/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch new file mode 100644 index 000000000..93e3ac995 --- /dev/null +++ b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch @@ -0,0 +1,55 @@ +From ab11be0becb90542f10d5713659b559842c53af2 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Tue, 29 Mar 2016 15:15:17 +0200 +Subject: [PATCH] libavutil: clean up unused FF_SYMVER macro + +There is nothing using it since commit d63443b9 (lavc: drop the +av_fast_{re,m}alloc compatibility wrappers). + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + libavutil/internal.h | 28 ---------------------------- + 1 file changed, 28 deletions(-) + +diff --git a/libavutil/internal.h b/libavutil/internal.h +index 61784b5..69d63d5 100644 +--- a/libavutil/internal.h ++++ b/libavutil/internal.h +@@ -177,34 +177,6 @@ + #endif + + /** +- * Define a function with only the non-default version specified. +- * +- * On systems with ELF shared libraries, all symbols exported from +- * FFmpeg libraries are tagged with the name and major version of the +- * library to which they belong. If a function is moved from one +- * library to another, a wrapper must be retained in the original +- * location to preserve binary compatibility. +- * +- * Functions defined with this macro will never be used to resolve +- * symbols by the build-time linker. +- * +- * @param type return type of function +- * @param name name of function +- * @param args argument list of function +- * @param ver version tag to assign function +- */ +-#if HAVE_SYMVER_ASM_LABEL +-# define FF_SYMVER(type, name, args, ver) \ +- type ff_##name args __asm__ (EXTERN_PREFIX #name "@" ver); \ +- type ff_##name args +-#elif HAVE_SYMVER_GNU_ASM +-# define FF_SYMVER(type, name, args, ver) \ +- __asm__ (".symver ff_" #name "," EXTERN_PREFIX #name "@" ver); \ +- type ff_##name args; \ +- type ff_##name args +-#endif +- +-/** + * Return NULL if a threading library has not been enabled. + * Used to disable threading functions in AVCodec definitions + * when not needed. +-- +2.7.4 + diff --git a/user/ffmpeg/APKBUILD b/user/ffmpeg/APKBUILD new file mode 100644 index 000000000..a963e33f8 --- /dev/null +++ b/user/ffmpeg/APKBUILD @@ -0,0 +1,104 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=ffmpeg +pkgver=3.4 +pkgrel=1 +pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix" +url="http://ffmpeg.org/" +arch="all" +license="GPL" +options="!check textrels" # Test suite requires proper licensing headers on all files, + # which upstream does not provide. +subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" +makedepends="gnutls-dev lame-dev libvorbis-dev xvidcore-dev zlib-dev libvdpau-dev + imlib2-dev libtheora-dev coreutils bzip2-dev perl-dev libvpx-dev + pulseaudio-dev sdl2-dev libxfixes-dev libva-dev alsa-lib-dev rtmpdump-dev + v4l-utils-dev yasm opus-dev x265-dev xz-dev freetype-dev speex-dev + ladspa-dev libcdio-dev libcdio-paranoia-dev wavpack-dev libwebp-dev" +source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz + 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch + " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 3.3.4-r0: +# - CVE-2017-14054 +# - CVE-2017-14055 +# - CVE-2017-14056 +# - CVE-2017-14057 +# - CVE-2017-14058 +# - CVE-2017-14059 +# - CVE-2017-14169 +# - CVE-2017-14170 +# - CVE-2017-14171 +# - CVE-2017-14222 +# - CVE-2017-14223 +# - CVE-2017-14225 + +build() { + local _dbg="--disable-debug" + local _asm="" + [ -n "$DEBUG" ] && _dbg="--enable-debug" + + case "$CARCH" in + x86 | arm*) _asm="--disable-asm" ;; + ppc64) _asm="--cpu=G5" ;; + esac + + cd "$builddir" + ./configure \ + --prefix=/usr \ + --enable-avresample \ + --enable-avfilter \ + --enable-gnutls \ + --enable-gpl \ + --enable-libmp3lame \ + --enable-librtmp \ + --enable-libvorbis \ + --enable-libvpx \ + --enable-libxvid \ + --enable-libx265 \ + --enable-libtheora \ + --enable-libv4l2 \ + --enable-postproc \ + --enable-pic \ + --enable-pthreads \ + --enable-shared \ + --enable-libxcb \ + --disable-stripping \ + --disable-static \ + --enable-vaapi \ + --enable-vdpau \ + --enable-libopus \ + --enable-libcdio \ + --enable-ladspa \ + --enable-lzma \ + --enable-libspeex \ + --enable-libfreetype \ + --enable-libwavpack \ + --enable-libwebp \ + --enable-libpulse \ + $_asm $_dbg + make + ${CC:-gcc} -o tools/qt-faststart $CFLAGS tools/qt-faststart.c + make doc/ffmpeg.1 doc/ffplay.1 doc/ffserver.1 +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install install-man + install -D -m755 tools/qt-faststart "$pkgdir/usr/bin/qt-faststart" +# strip --strip-debug "$pkgdir"/usr/lib/*.a +} + +libs() { + pkgdesc="Libraries for ffmpeg" + replaces="ffmpeg" + mkdir -p "$subpkgdir"/usr + mv "$pkgdir"/usr/lib "$subpkgdir"/usr +} + +sha512sums="357445f0152848d43f8a22f1078825bc44adacff9194e12cc78e8b5edac8e826bbdf73dc8b37e0f2a3036125b76b6b9190153760c761e63ebd2452a39e39536f ffmpeg-3.4.tar.xz +32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch" diff --git a/user/freetype/0001-Enable-table-validation-modules.patch b/user/freetype/0001-Enable-table-validation-modules.patch new file mode 100644 index 000000000..3e9451fa8 --- /dev/null +++ b/user/freetype/0001-Enable-table-validation-modules.patch @@ -0,0 +1,34 @@ +From c3680bf8d38cf759c1e33dcc2d2d51e0a4fea2f9 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 23 Jun 2015 08:40:29 +0200 +Subject: [PATCH 1/3] Enable table validation modules + +--- + modules.cfg | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/modules.cfg b/modules.cfg +index f30049c38cc45159..7b8e50fe1b34584a 100644 +--- a/modules.cfg ++++ b/modules.cfg +@@ -120,7 +120,7 @@ AUX_MODULES += cache + # TrueType GX/AAT table validation. Needs ftgxval.c below. + # + # No FT_CONFIG_OPTION_PIC support. +-# AUX_MODULES += gxvalid ++AUX_MODULES += gxvalid + + # Support for streams compressed with gzip (files with suffix .gz). + # +@@ -143,7 +143,7 @@ AUX_MODULES += bzip2 + # OpenType table validation. Needs ftotval.c below. + # + # No FT_CONFIG_OPTION_PIC support. +-# AUX_MODULES += otvalid ++AUX_MODULES += otvalid + + # Auxiliary PostScript driver component to share common code. + # +-- +2.9.3 + diff --git a/user/freetype/0002-Enable-subpixel-rendering.patch b/user/freetype/0002-Enable-subpixel-rendering.patch new file mode 100644 index 000000000..dfb57966e --- /dev/null +++ b/user/freetype/0002-Enable-subpixel-rendering.patch @@ -0,0 +1,25 @@ +From 96f09f08417887b2618c177bccfb6da2906568d9 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 23 Jun 2015 08:43:07 +0200 +Subject: [PATCH 2/3] Enable subpixel rendering + +--- + include/freetype/config/ftoption.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h +index 90c123ef93e9ea04..67a361dd41e0b026 100644 +--- a/include/freetype/config/ftoption.h ++++ b/include/freetype/config/ftoption.h +@@ -122,7 +122,7 @@ FT_BEGIN_HEADER + /* This is done to allow FreeType clients to run unmodified, forcing */ + /* them to display normal gray-level anti-aliased glyphs. */ + /* */ +-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */ ++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING + + + /*************************************************************************/ +-- +2.9.3 + diff --git a/user/freetype/0003-Enable-infinality-subpixel-hinting.patch b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch new file mode 100644 index 000000000..bbfa2a2cd --- /dev/null +++ b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch @@ -0,0 +1,27 @@ +From 220e96a9a8d7aff6ad0f0f1aa12c79cdb563331c Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Mon, 29 Aug 2016 08:43:10 +0200 +Subject: [PATCH 3/3] Enable infinality subpixel hinting + +--- + include/freetype/config/ftoption.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h +index 67a361dd41e0b026..c4812862518b66a6 100644 +--- a/include/freetype/config/ftoption.h ++++ b/include/freetype/config/ftoption.h +@@ -675,8 +675,8 @@ FT_BEGIN_HEADER + /* [1] http://www.microsoft.com/typography/cleartype/truetypecleartype.aspx */ + /* */ + /* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING 1 */ +-#define TT_CONFIG_OPTION_SUBPIXEL_HINTING 2 +-/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING ( 1 | 2 ) */ ++/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING 2 */ ++#define TT_CONFIG_OPTION_SUBPIXEL_HINTING ( 1 | 2 ) + + + /*************************************************************************/ +-- +2.9.3 + diff --git a/user/freetype/0004-Enable-long-PCF-family-names.patch b/user/freetype/0004-Enable-long-PCF-family-names.patch new file mode 100644 index 000000000..675423a7c --- /dev/null +++ b/user/freetype/0004-Enable-long-PCF-family-names.patch @@ -0,0 +1,25 @@ +From 62da6a0f7f5cb77859a793863c386c452411e2a6 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Sun, 14 May 2017 18:09:31 +0200 +Subject: [PATCH 4/4] Enable long PCF family names + +--- + include/freetype/config/ftoption.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h +index ebb44acdbbef9a47..0b39b417162707e4 100644 +--- a/include/freetype/config/ftoption.h ++++ b/include/freetype/config/ftoption.h +@@ -865,7 +865,7 @@ FT_BEGIN_HEADER + /* If this option is activated, it can be controlled with the */ + /* `no-long-family-names' property of the pcf driver module. */ + /* */ +-/* #define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES */ ++#define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES + + + /*************************************************************************/ +-- +2.13.0 + diff --git a/user/freetype/40-memcpy-fix.patch b/user/freetype/40-memcpy-fix.patch new file mode 100644 index 000000000..89e61cd0b --- /dev/null +++ b/user/freetype/40-memcpy-fix.patch @@ -0,0 +1,14 @@ +--- ./src/psaux/psobjs.c~ 2006-04-26 16:38:17.000000000 +0200 ++++ ./src/psaux/psobjs.c 2006-09-10 15:01:13.000000000 +0200 +@@ -165,6 +165,11 @@ + return PSaux_Err_Invalid_Argument; + } + ++ if ( length < 0 ) { ++ FT_ERROR(( "ps_table_add: invalid length\n" )); ++ return PSaux_Err_Invalid_Argument; ++ } ++ + /* grow the base block if needed */ + if ( table->cursor + length > table->capacity ) + { diff --git a/user/freetype/APKBUILD b/user/freetype/APKBUILD new file mode 100644 index 000000000..fbb4e0103 --- /dev/null +++ b/user/freetype/APKBUILD @@ -0,0 +1,59 @@ +# Contributor: Carlo Landmeter <clandmeter@gmail.com> +# Maintainer: Carlo Landmeter <clandmeter@gmail.com> +pkgname=freetype +pkgver=2.8.1 +pkgrel=2 +pkgdesc="TrueType font rendering library" +url="https://www.freetype.org/" +arch="all" +license="GPL" +options="!check" +depends="" +depends_dev="" +makedepends="$depends_dev zlib-dev libpng-dev bzip2-dev" +subpackages="$pkgname-dev $pkgname-doc" +source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.bz2 + 40-memcpy-fix.patch + 0001-Enable-table-validation-modules.patch + 0003-Enable-infinality-subpixel-hinting.patch + 0004-Enable-long-PCF-family-names.patch + + freetype-profile.sh + " + +# secfixes: +# 2.7.1-r1: +# - CVE-2017-8105 +# - CVE-2017-8287 + +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --disable-static \ + --with-bzip2 \ + --with-png + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + install -Dm644 "$srcdir"/freetype-profile.sh \ + "$pkgdir"/etc/profile.d/freetype.sh +} + +sha512sums="ca59e47f0fceeeb9b8032be2671072604d0c79094675df24187829c05e99757d0a48a0f8062d4d688e056f783aa8f6090d732ad116562e94784fccf1339eb823 freetype-2.8.1.tar.bz2 +9981be8a3ea6f2cf856860b87a4e895e4610c9d5ea4beb611815e757e6080e060f6853ace02dd8ea55e5888cdf4bae5ad5eadd2d8a123754bb3c0bfe7ef41dea 40-memcpy-fix.patch +41a84be2631b53072a76b78c582575aa48b650ee7b00017d018381002bc25df10cf33da4954c95ef50db39f1fa566678e3b4ae9bfee1dfd705423fb53e53e494 0001-Enable-table-validation-modules.patch +7b52a3d67750d59b2c98e83dab4e0a0ab263142c2ca7bd5f8be5f8fe9cd1dc1f4debad44111c7886665329d8d2a3163756455618a6615df8f85d82bb0372d4dd 0003-Enable-infinality-subpixel-hinting.patch +64c20fbcbf48372ea35fe2e0dae8fec4be8c601c899a4a71913060c6ea4082a2f41d69701da511e09fee126bf198d560986469e2356bd088d2dd5961f437df63 0004-Enable-long-PCF-family-names.patch +7100cde5b2ca16bfbe968fce3e2eba5ba49e6ed53792d5db889c8d89e572d7d80da1338ccc9eeb9b243664ca2337467e9f73c1074bee0b34c417f6c7832ed390 freetype-profile.sh" diff --git a/user/freetype/freetype-profile.sh b/user/freetype/freetype-profile.sh new file mode 100644 index 000000000..a4cc6423b --- /dev/null +++ b/user/freetype/freetype-profile.sh @@ -0,0 +1,12 @@ +# Subpixel hinting mode can be chosen by setting the right TrueType interpreter +# version. The available settings are: +# +# truetype:interpreter-version=35 # Classic mode (default in 2.6) +# truetype:interpreter-version=38 # Infinality mode +# truetype:interpreter-version=40 # Minimal mode (default in 2.7) +# +# There are more properties that can be set, separated by whitespace. Please +# refer to the FreeType documentation for details. + +# Uncomment and configure below +export FREETYPE_PROPERTIES="truetype:interpreter-version=38" diff --git a/user/glib-networking/APKBUILD b/user/glib-networking/APKBUILD new file mode 100644 index 000000000..65ae109a0 --- /dev/null +++ b/user/glib-networking/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=glib-networking +pkgver=2.54.1 +_maj=${pkgver%%.*} +_min=${pkgver#${_maj}.} +_min=${_min%%.*} +_ver=$_maj.$_min +pkgrel=1 +pkgdesc="Networking support for GLib" +url="http://www.gnome.org" +arch="all" +license="LGPL-2.1+" +depends="ca-certificates" +makedepends="glib-dev gnutls-dev libproxy-dev intltool libgcrypt-dev bash p11-kit-dev" +install= +subpackages="$pkgname-lang" +source="http://download.gnome.org/sources/glib-networking/$_ver/glib-networking-$pkgver.tar.xz" + +build() { + cd "$builddir" + CONFIG_SHELL=/bin/bash ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --disable-more-warnings \ + --with-libproxy \ + --with-gnutls + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + rm -f "$pkgdir"/usr/lib/gio/modules/*.a +} + +sha512sums="8356d835914e33df43f4f2bb6a915ddcd48dd0565e4d5bc1f1d692e9c3124ee4421b99f87f2586f74e9fed24ef7421159f3242fd1eb7bd74950bd25e860896ec glib-networking-2.54.1.tar.xz" diff --git a/user/glib-networking/proxy-test.patch b/user/glib-networking/proxy-test.patch new file mode 100644 index 000000000..2cab5d9f6 --- /dev/null +++ b/user/glib-networking/proxy-test.patch @@ -0,0 +1,13 @@ +--- ./Makefile.am.orig ++++ ./Makefile.am +@@ -11,9 +11,9 @@ + + if HAVE_GNOME_PROXY + SUBDIRS += proxy/gnome ++SUBDIRS += proxy/tests + endif + +-SUBDIRS += proxy/tests + + if HAVE_GNUTLS + SUBDIRS += tls/gnutls diff --git a/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch new file mode 100644 index 000000000..50a9a8c28 --- /dev/null +++ b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch @@ -0,0 +1,47 @@ +From e4216dee57f5156e192b2910f13eb855a104cb18 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 6 Jul 2016 12:38:40 +0200 +Subject: [PATCH] gquark: fix initialization with c++ constructors + +C++ constructors may want create new quarks, but we can not guarantee +that the glib library ctor is executed first. Therefore we make sure +that quarks are always initialized from g_quark_from_string and +g_quark_from_static_string + +This fixes crashes in glibmm with musl which likely happens on AIX too. + +https://bugzilla.gnome.org/show_bug.cgi?id=768215 +https://bugzilla.gnome.org/show_bug.cgi?id=756139#c14 +--- + glib/gquark.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/glib/gquark.c b/glib/gquark.c +index 9e51a92..17ecd7f 100644 +--- a/glib/gquark.c ++++ b/glib/gquark.c +@@ -57,6 +57,11 @@ static gint quark_block_offset = 0; + void + g_quark_init (void) + { ++ /* we may be initialized from c++ constructor or the glib ctor, but we ++ cannot guarantee in what order. So we check if we have been initialized */ ++ if (quark_ht != NULL) ++ return; ++ + g_assert (quark_seq_id == 0); + quark_ht = g_hash_table_new (g_str_hash, g_str_equal); + quarks = g_new (gchar*, QUARK_BLOCK_SIZE); +@@ -179,6 +184,9 @@ quark_from_string (const gchar *string, + { + GQuark quark = 0; + ++ if (G_UNLIKELY (quark_ht == NULL)) ++ g_quark_init(); ++ + quark = GPOINTER_TO_UINT (g_hash_table_lookup (quark_ht, string)); + + if (!quark) +-- +2.9.0 + diff --git a/user/glib/APKBUILD b/user/glib/APKBUILD new file mode 100644 index 000000000..89a98754f --- /dev/null +++ b/user/glib/APKBUILD @@ -0,0 +1,103 @@ +# Contributor: Valery Kartel <valery.kartel@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=glib +pkgver=2.54.2 +pkgrel=1 +pkgdesc="Common C routines used by Gtk+ and other libs" +url="https://developer.gnome.org/glib/" +arch="all" +license="GPL" +depends= +triggers="$pkgname.trigger=/usr/share/glib-2.0/schemas:/usr/lib/gio/modules" +depends_dev="perl python3 attr-dev gettext-dev zlib-dev bzip2-dev libffi-dev + util-linux-dev" +makedepends="$depends_dev pcre-dev xmlto" +checkdepends="tzdata" +options="!checkroot" +source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz + 0001-gquark-fix-initialization-with-c-constructors.patch + broken-gio-tests.patch + fix-spawn.patch + i386-fpu-test.patch + musl-no-locale.patch + ridiculous-strerror-nonconformance.patch + thread-test-fix.patch + " +subpackages="$pkgname-dbg $pkgname-doc $pkgname-static $pkgname-dev $pkgname-lang $pkgname-bash-completion:bashcomp:noarch" +builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + cd "$builddir" + default_prepare + + # workaround packaging issue. gtk-doc.make timestamp was newer than + # Makefile.am, which triggers automake re-run + touch -r docs/reference/glib/Makefile.am gtk-doc.make +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --disable-gtk-doc \ + --disable-compile-warnings \ + --disable-selinux \ + --with-pcre=system \ + --with-python=python3 \ + --with-pic \ + --enable-static + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + rm -rf "$pkgdir"/usr/lib/charset.alias +} + +dev() { + default_dev + mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/share + find "$pkgdir"/usr/bin ! -name "glib-compile-schemas" -a \( \ + -name "gdbus-codegen" -o \ + -name "gobject-query" -o \ + -name "gresource" -o \ + -name "gtester*" -o \ + -name "glib-*" \) \ + -exec mv {} "$subpkgdir"/usr/bin \; + mv "$pkgdir"/usr/share/gdb "$pkgdir"/usr/share/glib-2.0 \ + "$subpkgdir"/usr/share +} + +static() { + pkgdesc="glib static libraries" + depends="gettext-static" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/ +} + +bashcomp() { + pkgdesc="Bash completion for $pkgname" + depends= + install_if="$pkgname=$pkgver-r$pkgrel bash-completion" + mkdir -p "$subpkgdir"/usr/share + mv "$pkgdir"/usr/share/bash-completion "$subpkgdir"/usr/share + [ "$(ls -A "$pkgdir"/usr/share)" ] || rmdir "$pkgdir"/usr/share +} + +sha512sums="09ee6fa3a6f3f15af229bd789bef536e3570f36d1e4ce624a57e97c4040577f6baccd6ab5746257863ccf7173b558cfa753951d562a278f854e52604104ba7ee glib-2.54.2.tar.xz +32e5aca9a315fb985fafa0b4355e4498c1f877fc1f0b58ad4ac261fb9fbced9f026c7756a5f2af7d61ce756b55c8cd02811bb08df397040e93510056f073756b 0001-gquark-fix-initialization-with-c-constructors.patch +9bf99de4672765704759098c883cfc4d2747cf10d9d568ae97134806a089e4bebae57886bae45dcc53694e0190248abe6ae52cc38dc742cd754d352406ac0680 broken-gio-tests.patch +0f0a98784aeed92f33cd9239d2f668bdc6c09b84ed020825ae88f6aacf6a922152dc3e1384c40d9f30f54c5ab78fe17e0ee5c42b268b297b595d2a6cde5b8998 fix-spawn.patch +aa7444bbdf7b88798adc67c15cdb8b7459450c0b7357caea16b74462c5c9179ba80d4018b1e656e90a5e3be5b2e3c14e9b8c0ccbb2ee4d8c92dc8fa627518b84 i386-fpu-test.patch +10d23961072e3d8c8bbe5ee9a6b6ad709734690485c7148f1f8a2081a3ecc06cc3e3ff02ea870e1b429cd8464df6ef6e9f266148010d889fd187f4e411f65bab musl-no-locale.patch +56c10a0f64cbd8ce584d428f818e7e678fdeb40a32df792843208ddfa3135d362cc2077bc9fe3bfebe13ee6af0ecf6403a593ad727e0a92276074a17a9c7029c ridiculous-strerror-nonconformance.patch +0cebf9cbf87a92c3160054eb30189a827847f5820a8b90f4842b4ad5ab5cc343ba06e5f55214864bd0f0d5a21e55ec5e7f35c66207e77b1496142b7ee0c75567 thread-test-fix.patch" diff --git a/user/glib/broken-gio-tests.patch b/user/glib/broken-gio-tests.patch new file mode 100644 index 000000000..d7006db87 --- /dev/null +++ b/user/glib/broken-gio-tests.patch @@ -0,0 +1,100 @@ +Requires update-desktop-database +--- glib-2.52.1/gio/tests/appinfo.c.old 2016-10-22 00:17:49.000000000 -0500 ++++ glib-2.52.1/gio/tests/appinfo.c 2017-08-20 23:23:32.581229536 -0500 +@@ -486,7 +486,7 @@ + g_test_add_func ("/appinfo/launch-context", test_launch_context); + g_test_add_func ("/appinfo/launch-context-signals", test_launch_context_signals); + g_test_add_func ("/appinfo/tryexec", test_tryexec); +- g_test_add_func ("/appinfo/associations", test_associations); ++ //g_test_add_func ("/appinfo/associations", test_associations); + g_test_add_func ("/appinfo/environment", test_environment); + g_test_add_func ("/appinfo/startup-wm-class", test_startup_wm_class); + g_test_add_func ("/appinfo/supported-types", test_supported_types); + + +Requires shared-mime-info +--- glib-2.53.7/gio/tests/contenttype.c.old 2017-07-13 18:03:39.000000000 -0500 ++++ glib-2.53.7/gio/tests/contenttype.c 2017-09-05 21:41:46.312547646 -0500 +@@ -345,9 +345,9 @@ + + g_test_bug_base ("http://bugzilla.gnome.org/"); + +- g_test_add_func ("/contenttype/guess", test_guess); ++ //g_test_add_func ("/contenttype/guess", test_guess); + g_test_add_func ("/contenttype/unknown", test_unknown); +- g_test_add_func ("/contenttype/subtype", test_subtype); ++ /*g_test_add_func ("/contenttype/subtype", test_subtype); + g_test_add_func ("/contenttype/list", test_list); + g_test_add_func ("/contenttype/executable", test_executable); + g_test_add_func ("/contenttype/description", test_description); +@@ -355,7 +355,7 @@ + g_test_add_func ("/contenttype/symbolic-icon", test_symbolic_icon); + g_test_add_func ("/contenttype/tree", test_tree); + g_test_add_func ("/contenttype/test_type_is_a_special_case", +- test_type_is_a_special_case); ++ test_type_is_a_special_case);*/ + + return g_test_run (); + } + + +Requires working iconv +--- glib-2.52.1/gio/tests/converter-stream.c.old 2016-10-22 00:18:11.000000000 -0500 ++++ glib-2.52.1/gio/tests/converter-stream.c 2017-08-20 23:21:31.711358101 -0500 +@@ -1203,7 +1203,7 @@ + }; + CharsetTest charset_tests[] = { + { "/converter-input-stream/charset/utf8->latin1", "UTF-8", "\303\205rr Sant\303\251", "ISO-8859-1", "\305rr Sant\351", 0 }, +- { "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 }, ++ //{ "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 }, +- { "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 }, ++ //{ "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 }, + }; + + + +Requires dconf +--- glib-2.52.1/gio/tests/gsettings.c.old 2017-08-20 23:26:31.284378974 -0500 ++++ glib-2.52.1/gio/tests/gsettings.c 2017-08-20 23:26:46.637699607 -0500 +@@ -2603,6 +2603,8 @@ + gchar *schema_text; + gchar *enums; + gint result; ++ printf("1..0\n"); ++ return 0; + + setlocale (LC_ALL, ""); + + +Requires update-desktop-database +--- glib-2.52.1/gio/tests/desktop-app-info.c.old 2016-10-22 00:17:55.000000000 -0500 ++++ glib-2.52.1/gio/tests/desktop-app-info.c 2017-08-20 23:38:16.840439686 -0500 +@@ -761,6 +761,8 @@ + { + gint result; + ++ printf("1..0\n"); ++ return 0; + g_test_init (&argc, &argv, NULL); + + basedir = g_get_current_dir (); + + +--- glib-2.52.1/gio/tests/resources.c.old 2016-10-22 00:18:12.000000000 -0500 ++++ glib-2.52.1/gio/tests/resources.c 2017-08-20 23:39:47.127025718 -0500 +@@ -426,6 +426,7 @@ + g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test1\n"); + g_bytes_unref (data); + ++#if 0 // dlclose is noop on musl + g_type_module_unuse (G_TYPE_MODULE (module)); + + found = g_resources_get_info ("/resourceplugin/test1.txt", +@@ -434,6 +435,7 @@ + g_assert (!found); + g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND); + g_clear_error (&error); ++#endif + } + } + diff --git a/user/glib/fix-spawn.patch b/user/glib/fix-spawn.patch new file mode 100644 index 000000000..df352fdc3 --- /dev/null +++ b/user/glib/fix-spawn.patch @@ -0,0 +1,22 @@ +--- glib-2.52.1/glib/tests/spawn-singlethread.c.old 2016-10-22 00:21:35.000000000 -0500 ++++ glib-2.52.1/glib/tests/spawn-singlethread.c 2017-08-20 22:31:52.548311424 -0500 +@@ -210,7 +210,7 @@ + g_test_init (&argc, &argv, NULL); + + dirname = g_path_get_dirname (argv[0]); +- echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL); ++ echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL); + if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS)) + { + g_free (echo_prog_path); +--- glib-2.52.1/glib/tests/spawn-multithreaded.c.old 2016-10-22 00:21:44.000000000 -0500 ++++ glib-2.52.1/glib/tests/spawn-multithreaded.c 2017-08-20 22:32:15.981614460 -0500 +@@ -222,7 +222,7 @@ + g_test_init (&argc, &argv, NULL); + + dirname = g_path_get_dirname (argv[0]); +- echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL); ++ echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL); + if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS)) + { + g_free (echo_prog_path); diff --git a/user/glib/glib.trigger b/user/glib/glib.trigger new file mode 100644 index 000000000..cf23eff7d --- /dev/null +++ b/user/glib/glib.trigger @@ -0,0 +1,16 @@ +#!/bin/sh + +for i in "$@"; do + if ! [ -e "$i" ]; then + continue + fi + case "$i" in + */modules) + /usr/bin/gio-querymodules "$i" + ;; + */schemas) + /usr/bin/glib-compile-schemas "$i" + ;; + esac +done + diff --git a/user/glib/i386-fpu-test.patch b/user/glib/i386-fpu-test.patch new file mode 100644 index 000000000..986c33164 --- /dev/null +++ b/user/glib/i386-fpu-test.patch @@ -0,0 +1,13 @@ +--- glib-2.54.2/glib/tests/timer.c.old 2016-10-22 00:21:30.000000000 -0500 ++++ glib-2.54.2/glib/tests/timer.c 2018-03-03 18:39:40.424741042 -0600 +@@ -203,7 +203,10 @@ + { + g_test_init (&argc, &argv, NULL); + ++ /* This test fails on the i386 because of crappy FPU */ ++#ifndef __i386__ + g_test_add_func ("/timer/basic", test_timer_basic); ++#endif + g_test_add_func ("/timer/stop", test_timer_stop); + g_test_add_func ("/timer/continue", test_timer_continue); + g_test_add_func ("/timer/reset", test_timer_reset); diff --git a/user/glib/musl-no-locale.patch b/user/glib/musl-no-locale.patch new file mode 100644 index 000000000..4b36b0b2e --- /dev/null +++ b/user/glib/musl-no-locale.patch @@ -0,0 +1,55 @@ +--- glib-2.52.1/glib/tests/option-context.c.old 2016-10-22 05:21:34.000000000 +0000 ++++ glib-2.52.1/glib/tests/option-context.c 2017-08-20 23:14:46.364133517 +0000 +@@ -638,7 +638,7 @@ + + old_locale = g_strdup (setlocale (LC_NUMERIC, locale)); + current_locale = setlocale (LC_NUMERIC, NULL); +- if (strcmp (current_locale, locale) != 0) ++ //if (strcmp (current_locale, locale) != 0) + { + fprintf (stderr, "Cannot set locale to %s, skipping\n", locale); + goto cleanup; +--- glib-2.52.1/glib/tests/gdatetime.c.old 2017-03-16 20:12:05.000000000 -0500 ++++ glib-2.52.1/glib/tests/gdatetime.c 2017-08-20 22:20:37.805908983 -0500 +@@ -1068,7 +1068,7 @@ + + oldlocale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, "fa_IR.utf-8"); +- if (strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL) ++ if ((1 == 0) && strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL) + { + TEST_PRINTF_TIME (23, 0, 0, "%OH", "\333\262\333\263"); /* '23' */ + TEST_PRINTF_TIME (23, 0, 0, "%OI", "\333\261\333\261"); /* '11' */ +--- glib-2.52.1/glib/tests/convert.c.old 2016-10-22 00:21:34.000000000 -0500 ++++ glib-2.52.1/glib/tests/convert.c 2017-08-20 22:51:48.363430954 -0500 +@@ -707,7 +707,7 @@ + + g_test_add_func ("/conversion/no-conv", test_no_conv); + g_test_add_func ("/conversion/iconv-state", test_iconv_state); +- g_test_add_func ("/conversion/illegal-sequence", test_one_half); ++ //g_test_add_func ("/conversion/illegal-sequence", test_one_half); +- g_test_add_func ("/conversion/byte-order", test_byte_order); ++ //g_test_add_func ("/conversion/byte-order", test_byte_order); + g_test_add_func ("/conversion/unicode", test_unicode_conversions); + g_test_add_func ("/conversion/filename-utf8", test_filename_utf8); +--- glib-2.54.2/glib/tests/collate.c.old 2017-03-08 21:37:21.000000000 -0600 ++++ glib-2.54.2/glib/tests/collate.c 2018-03-01 01:07:56.957714447 -0600 +@@ -279,7 +279,7 @@ + + g_setenv ("LC_ALL", "en_US", TRUE); + locale = setlocale (LC_ALL, ""); +- if (locale == NULL || strcmp (locale, "en_US") != 0) ++ //if (locale == NULL || strcmp (locale, "en_US") != 0) + { + g_test_message ("No suitable locale, skipping tests"); + missing_locale = TRUE; +--- glib-2.54.2/tests/run-collate-tests.sh.old 2016-10-22 00:17:10.000000000 -0500 ++++ glib-2.54.2/tests/run-collate-tests.sh 2018-03-01 01:22:01.107722429 -0600 +@@ -1,5 +1,7 @@ + #! /bin/sh + ++exit 77 ++ + fail () + { + echo "Test failed: $*" diff --git a/user/glib/ridiculous-strerror-nonconformance.patch b/user/glib/ridiculous-strerror-nonconformance.patch new file mode 100644 index 000000000..3ffc0aafa --- /dev/null +++ b/user/glib/ridiculous-strerror-nonconformance.patch @@ -0,0 +1,11 @@ +--- glib-2.52.1/glib/tests/strfuncs.c.old 2016-10-22 00:21:44.000000000 -0500 ++++ glib-2.52.1/glib/tests/strfuncs.c 2017-08-20 22:48:18.233702952 -0500 +@@ -1335,7 +1335,7 @@ + setlocale (LC_ALL, "C"); + + strs = g_hash_table_new (g_str_hash, g_str_equal); +- for (i = 1; i < 200; i++) ++ for (i = 1; i < 40; i++) + { + str = g_strerror (i); + g_assert (str != NULL); diff --git a/user/glib/thread-test-fix.patch b/user/glib/thread-test-fix.patch new file mode 100644 index 000000000..bcfcfc441 --- /dev/null +++ b/user/glib/thread-test-fix.patch @@ -0,0 +1,11 @@ +--- glib-2.52.1/glib/tests/thread.c.old 2016-10-22 05:21:37.000000000 +0000 ++++ glib-2.52.1/glib/tests/thread.c 2017-08-20 04:51:46.756496035 +0000 +@@ -174,7 +174,7 @@ + static gpointer + thread6_func (gpointer data) + { +-#ifdef HAVE_PTHREAD_SETNAME_NP_WITH_TID ++#if 0 + char name[16]; + + pthread_getname_np (pthread_self(), name, 16); diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD new file mode 100644 index 000000000..b64faaa64 --- /dev/null +++ b/user/gnutls/APKBUILD @@ -0,0 +1,74 @@ +# Contriburo: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: Michael Mason <ms13sp@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=gnutls +pkgver=3.6.1 +pkgrel=0 +pkgdesc="A TLS protocol implementation" +url="http://www.gnutls.org/" +arch="all" +license="GPL" +checkdepends="diffutils" +makedepends="nettle-dev zlib-dev libtasn1-dev p11-kit-dev libunistring-dev texinfo" +subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx" +_v=${pkgver%.*} +case $pkgver in +*.*.*.*) _v=${_v%.*};; +esac +source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz + tests-date-compat.patch" +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 3.5.13-r0: +# - CVE-2017-7507 + +build() { + cd "$builddir" + LIBS="-lgmp" ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --disable-openssl-compatibility \ + --disable-rpath \ + --disable-static \ + --disable-guile \ + --disable-valgrind-tests \ + --without-included-libtasn1 \ + --enable-cxx \ + --enable-manpages \ + --enable-tests \ + --disable-full-test-suite \ + --disable-sslv2-support \ + --with-zlib \ + --with-p11-kit + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir" install +} + +utils() { + pkgdesc="Command line tools for TLS protocol" + mkdir -p "$subpkgdir"/usr/ + mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ +} + +xx() { + pkgdesc="The C++ interface to GnuTLS" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ +} + +sha512sums="1f2bd3203ea96844c531be700b44623b79f46743143edf97011aab07895ca18d62f1659c7fafc5e1c4b0686fde490836f00358bdd60d6ac0b842526db002da23 gnutls-3.6.1.tar.xz +14b1be86a0180c914aaaada261ccf01914d48df9510b57572e4f32683d1dd984a907ecf2c848cc4773b1c139059de26383a2c617f509f8c75b985668a23fd28d tests-date-compat.patch" diff --git a/user/gnutls/tests-date-compat.patch b/user/gnutls/tests-date-compat.patch new file mode 100644 index 000000000..2717ab230 --- /dev/null +++ b/user/gnutls/tests-date-compat.patch @@ -0,0 +1,12 @@ +Busybox date does not support %N, this is GNU extension. +--- a/tests/scripts/common.sh ++++ b/tests/scripts/common.sh +@@ -59,7 +59,7 @@ + } + + # Find a port number not currently in use. +-GETPORT='rc=0; myrandom=$(date +%N | sed s/^0*//) ++GETPORT='rc=0; myrandom=$(date +%s | sed s/^0*//) + while test $rc = 0;do + PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" + check_if_port_in_use $PORT;rc=$? diff --git a/user/gpgme/APKBUILD b/user/gpgme/APKBUILD new file mode 100644 index 000000000..10ffc83de --- /dev/null +++ b/user/gpgme/APKBUILD @@ -0,0 +1,59 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=gpgme +pkgver=1.9.0 +pkgrel=2 +pkgdesc="GnuPG Made Easy" +url="http://www.gnupg.org/related_software/gpgme/" +arch="all" +license="GPL" +depends="gnupg" +depends_dev="libgpg-error-dev libassuan-dev qt5-qtbase-dev" +makedepends="$depends_dev doxygen" +subpackages="$pkgname-dev $pkgname-doc gpgmepp qgpgme" +source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2 + fix-bashism.patch" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +qgpgme() { + pkgdesc="$pkgdesc (Qt 5 library)" + mkdir -p "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/libqgpgme.so* "$subpkgdir"/usr/lib/ +} + +check() { + cd "$builddir" + make check +} + +gpgmepp() { + pkgdesc="C++ bindings for GPGME" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libgpgmepp.so.* "$subpkgdir"/usr/lib/ +} + + +sha512sums="2a33343e907d9d70cc57dc1ef4e1c01995e1030bb0db937f44435643d6abfbb1bd55d52ba241701fa702783ebf035c09941131604fd8a811474b8bee41afccc8 gpgme-1.9.0.tar.bz2 +6d83139277026d280fa08827623196c90c6158ecb9a39b58f58f3b4211d8d1e9694aa255eb71a08e40028776f6cc9df9b8f6a71d918065479504de14619a11bd fix-bashism.patch" diff --git a/user/gpgme/fix-bashism.patch b/user/gpgme/fix-bashism.patch new file mode 100644 index 000000000..19508c96e --- /dev/null +++ b/user/gpgme/fix-bashism.patch @@ -0,0 +1,10 @@ +diff --git a/tests/gpg/pinentry b/tests/gpg/pinentry +index 3b99726..b12caae 100755 +--- a/tests/gpg/pinentry ++++ b/tests/gpg/pinentry +@@ -1,4 +1,4 @@ +-#! /bin/bash ++#! /bin/sh + # Dummy pinentry + # + # Copyright 2008 g10 Code GmbH diff --git a/user/graphviz/0001-clone-nameclash.patch b/user/graphviz/0001-clone-nameclash.patch new file mode 100644 index 000000000..6222238d8 --- /dev/null +++ b/user/graphviz/0001-clone-nameclash.patch @@ -0,0 +1,87 @@ +From cb8bbbd3a48fa1f41965617852d11e02eb20b1f0 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Tue, 26 Jul 2011 12:41:21 +0000 +Subject: [PATCH] clone nameclash + +--- + lib/gvpr/actions.c | 6 +++--- + lib/gvpr/actions.h | 2 +- + lib/gvpr/compile.c | 2 +- + lib/gvpr/gvpr.c | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/lib/gvpr/actions.c b/lib/gvpr/actions.c +index 05bfcd1..b3b4a60 100644 +--- a/lib/gvpr/actions.c ++++ b/lib/gvpr/actions.c +@@ -380,7 +380,7 @@ Agraph_t *cloneG(Agraph_t * g, char* name) + * graph. Otherwise, create a clone subgraph of g. + * Assume obj != NULL. + */ +-Agobj_t *clone(Agraph_t * g, Agobj_t * obj) ++Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj) + { + Agobj_t *nobj = 0; + Agedge_t *e; +@@ -415,8 +415,8 @@ Agobj_t *clone(Agraph_t * g, Agobj_t * obj) + case AGINEDGE: + case AGOUTEDGE: + e = (Agedge_t *) obj; +- t = (Agnode_t *) clone(g, OBJ(agtail(e))); +- h = (Agnode_t *) clone(g, OBJ(aghead(e))); ++ t = (Agnode_t *) cloneO(g, OBJ(agtail(e))); ++ h = (Agnode_t *) cloneO(g, OBJ(aghead(e))); + name = agnameof (AGMKOUT(e)); + nobj = (Agobj_t *) openEdge(g, t, h, name); + if (nobj) +diff --git a/lib/gvpr/actions.h b/lib/gvpr/actions.h +index 5c62a3b..4223c52 100644 +--- a/lib/gvpr/actions.h ++++ b/lib/gvpr/actions.h +@@ -22,7 +22,7 @@ extern "C" { + #include "expr.h" + + extern void nodeInduce(Agraph_t * selected); +- extern Agobj_t *clone(Agraph_t * g, Agobj_t * obj); ++ extern Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj); + extern Agraph_t *cloneG(Agraph_t * g, char* name); + extern Agobj_t *copy(Agraph_t * g, Agobj_t * obj); + extern int copyAttr(Agobj_t * obj, Agobj_t * obj1); +diff --git a/lib/gvpr/compile.c b/lib/gvpr/compile.c +index c157572..0914210 100644 +--- a/lib/gvpr/compile.c ++++ b/lib/gvpr/compile.c +@@ -1087,7 +1087,7 @@ getval(Expr_t * pgm, Exnode_t * node, Exid_t * sym, Exref_t * ref, + error(ERROR_WARNING, "NULL object passed to clone()"); + v.integer = 0; + } else +- v.integer = PTR2INT(clone(gp, objp)); ++ v.integer = PTR2INT(cloneO(gp, objp)); + break; + case F_cloneG: + gp = INT2PTR(Agraph_t *, args[0].integer); +diff --git a/lib/gvpr/gvpr.c b/lib/gvpr/gvpr.c +index 0d47d70..9a1bfd1 100644 +--- a/lib/gvpr/gvpr.c ++++ b/lib/gvpr/gvpr.c +@@ -803,7 +803,7 @@ addOutputGraph (Gpr_t* state, gvpropts* uopts) + Agraph_t* g = state->outgraph; + + if ((agroot(g) == state->curgraph) && !uopts->ingraphs) +- g = (Agraph_t*)clone (0, (Agobj_t *)g); ++ g = (Agraph_t*)cloneO (0, (Agobj_t *)g); + + uopts->n_outgraphs++; + uopts->outgraphs = oldof(uopts->outgraphs,Agraph_t*,uopts->n_outgraphs,0); +@@ -988,7 +988,7 @@ int gvpr (int argc, char *argv[], gvpropts * uopts) + + /* begin graph */ + if (incoreGraphs && (opts->compflags & CLONE)) +- state->curgraph = (Agraph_t*)clone (0, (Agobj_t*)(state->curgraph)); ++ state->curgraph = (Agraph_t*)cloneO (0, (Agobj_t*)(state->curgraph)); + state->curobj = (Agobj_t *) state->curgraph; + state->tvroot = 0; + if (bp->begg_stmt) +-- +1.7.6 + diff --git a/user/graphviz/APKBUILD b/user/graphviz/APKBUILD new file mode 100644 index 000000000..7f5b34c1f --- /dev/null +++ b/user/graphviz/APKBUILD @@ -0,0 +1,120 @@ +# Contributor: Sören Tempel <soeren/alpine@soeren-tempel.net> +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=graphviz +pkgver=2.40.1 +pkgrel=1 +pkgdesc="Graph Visualization Tools" +url="http://www.graphviz.org/" +arch="all" +license="EPL" +options="!check" # Requires unpackaged Criterion test framework +depends="" +depends_dev="zlib-dev libpng-dev libjpeg-turbo-dev expat-dev + fontconfig-dev libsm-dev libxext-dev cairo-dev pango-dev + librsvg-dev gmp-dev freetype-dev" +makedepends="$depends_dev flex swig guile-dev m4 libtool + bison gtk+2.0-dev lua5.2-dev libltdl tcl" +install="$pkgname.pre-deinstall" +triggers="$pkgname.trigger=/usr/lib/graphviz" +subpackages="$pkgname-dev $pkgname-doc lua-$pkgname:_lua + $pkgname-gtk $pkgname-graphs guile-$pkgname:guile" +source="http://www.graphviz.org/pub/graphviz/stable/SOURCES/graphviz-$pkgver.tar.bz2 + $pkgname.trigger + 0001-clone-nameclash.patch + " + +prepare() { + # Rename unpacked directory with hash in the name to something sane... + mv "$srcdir"/$pkgname-stable_release_$pkgver-* "$builddir" + + default_prepare + + cd "$builddir" + ./autogen.sh NOCONFIG +} + +build() { + cd "$builddir" + + LIBPOSTFIX=/ \ + LUA=lua5.2 \ + LUA_CFLAGS="$(pkg-config --cflags lua5.2)" \ + LUA_LIBS="$(pkg-config --libs lua5.2)" \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --without-included-ltdl \ + --disable-ltdl-install \ + --disable-silent-rules \ + --enable-ltdl \ + --with-x \ + --disable-static \ + --disable-dependency-tracking \ + --enable-java=no \ + --enable-lua=yes \ + --enable-python34=yes \ + --enable-tcl=no \ + --without-mylibgd \ + --with-ipsepcola \ + --with-pangocairo \ + --with-gdk-pixbuf \ + --with-png \ + --with-jpeg \ + --with-rsvg + + if [ "$CARCH" = "x86_64" ]; then + # the configure script thinks we have sincos. we dont. + sed -i -e '/HAVE_SINCOS/d' config.h + fi + + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" \ + pkgconfigdir=/usr/lib/pkgconfig \ + install + + mkdir -p "$pkgdir"/usr/share/doc + mv "$pkgdir"/usr/share/graphviz/doc \ + "$pkgdir"/usr/share/doc/graphviz +} + +guile() { + pkgdesc="Guile bindings for graphviz" + mkdir -p "$subpkgdir"/usr/lib/graphviz + mv "$pkgdir"/usr/lib/graphviz/guile* \ + "$subpkgdir"/usr/lib/graphviz/ +} + +_lua() { + pkgdesc="Lua extension for graphviz" + mkdir -p "$subpkgdir"/usr/lib/graphviz \ + "$subpkgdir"/usr/lib/lua + mv "$pkgdir"/usr/lib/graphviz/lua \ + "$subpkgdir"/usr/lib/graphviz + mv "$pkgdir"/usr/lib/lua "$subpkgdir"/usr/lib/ +} + +gtk() { + pkgdesc="Gtk extension for graphviz" + mkdir -p "$subpkgdir"/usr/lib/graphviz + mv "$pkgdir"/usr/lib/graphviz/libgvplugin_g?k* \ + "$pkgdir"/usr/lib/graphviz/libgvplugin_rsvg* \ + "$subpkgdir"/usr/lib/graphviz +} + +graphs() { + pkgdesc="Demo graphs for graphviz" + mkdir -p "$subpkgdir"/usr/share/graphviz + mv "$pkgdir"/usr/share/graphviz/graphs \ + "$subpkgdir"/usr/share/graphviz/ +} + +sha512sums="4e819b3906f3b8e31245a021acd6fae4a1bc55df0a4df6b57a3578a62017e9db0b474a38f3f54682b9e9136d332f2374feee308af489e2848f8bc303ffab58ac graphviz-2.40.1.tar.bz2 +50947e6a11929f724759266f7716d52d10923eba6d59704ab39e4bdf18f8471d548c2b11ab051dd4b67cb82742aaf54d6358890d049d5b5982f3383b65f7ae8c graphviz.trigger +aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch" diff --git a/user/graphviz/graphviz.pre-deinstall b/user/graphviz/graphviz.pre-deinstall new file mode 100644 index 000000000..cfc43bf6a --- /dev/null +++ b/user/graphviz/graphviz.pre-deinstall @@ -0,0 +1,5 @@ +#!/bin/sh + +if [ -e /usr/lib/graphviz/config6 ]; then + rm /usr/lib/graphviz/config6 +fi diff --git a/user/graphviz/graphviz.trigger b/user/graphviz/graphviz.trigger new file mode 100644 index 000000000..99d447b9b --- /dev/null +++ b/user/graphviz/graphviz.trigger @@ -0,0 +1,3 @@ +#!/bin/sh + +exec /usr/bin/dot -c diff --git a/user/gsl/APKBUILD b/user/gsl/APKBUILD new file mode 100644 index 000000000..2820f36d6 --- /dev/null +++ b/user/gsl/APKBUILD @@ -0,0 +1,42 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=gsl +pkgver=2.4 +pkgrel=2 +pkgdesc="The GNU Scientific Library (GSL) is a modern numerical library for C and C++ programmers" +url="http://www.gnu.org/software/gsl/gsl.html" +arch="all" +license="GPL-3.0+" +depends= +makedepends= +install= +subpackages="$pkgname-dev $pkgname-doc" +source="http://ftp.gnu.org/gnu/gsl/gsl-$pkgver.tar.gz + dont-disable-deprecated.patch + aarch64-test-failure.patch" + +# dont-disable-deprecated.patch is workaround for: +# https://github.com/SciRuby/rb-gsl/issues/40 + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="12442b023dd959e8b22a9c486646b5cedec7fdba0daf2604cda365cf96d10d99aefdec2b42e59c536cc071da1525373454e5ed6f4b15293b305ca9b1dc6db130 gsl-2.4.tar.gz +88d40e599a9e619d8968f9848a91c54492d99032734371ee23072c8dae9d9920da445c1f8a880baa613479facec4afca3d3dec1070c240e5dfd5a662a41c92e8 dont-disable-deprecated.patch +68b685270a377341b3c3ce566ae6eff4ebfc27b75a73f3c7915c57446798bdcca7c1d9f0fa4ce8a50118b371bfe3e2947f9bf33590c86e85db8e807b3b0deae6 aarch64-test-failure.patch" diff --git a/user/gsl/aarch64-test-failure.patch b/user/gsl/aarch64-test-failure.patch new file mode 100644 index 000000000..0b6e80380 --- /dev/null +++ b/user/gsl/aarch64-test-failure.patch @@ -0,0 +1,13 @@ +https://lists.gnu.org/archive/html/help-gsl/2017-02/msg00002.html + +--- gsl-2.4/linalg/test_cholesky.c.old 2017-06-19 10:00:43.000000000 +0000 ++++ gsl-2.4/linalg/test_cholesky.c 2018-05-30 07:37:04.835628069 +0000 +@@ -551,7 +551,7 @@ + if (N <= 4) + { + create_hilbert_matrix2(m); +- test_mcholesky_invert_eps(m, 256.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert"); ++ test_mcholesky_invert_eps(m, 512.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert"); + } + + gsl_matrix_free(m); diff --git a/user/gsl/dont-disable-deprecated.patch b/user/gsl/dont-disable-deprecated.patch new file mode 100644 index 000000000..40a7c3bce --- /dev/null +++ b/user/gsl/dont-disable-deprecated.patch @@ -0,0 +1,24 @@ +diff -urp gsl-2.2.1/configure.ac patched/configure.ac +--- gsl-2.2.1/configure.ac 2016-08-31 15:54:07.000000000 +0100 ++++ patched/configure.ac 2017-01-31 14:52:10.000000000 +0000 +@@ -575,10 +575,6 @@ AH_BOTTOM([#if defined(GSL_RANGE_CHECK_O + AH_BOTTOM([#define RETURN_IF_NULL(x) if (!x) { return ; } + ]) + +-AH_VERBATIM([GSL_DISABLE_DEPRECATED], +-[/* Disable deprecated functions and enums while building */ +-#define GSL_DISABLE_DEPRECATED 1]) +- + dnl + AC_CONFIG_FILES([ \ + Makefile \ +--- gsl-2.2.1/config.h.in 2016-08-31 15:54:51.000000000 +0100 ++++ patched/config.h.in 2017-01-31 16:01:17.000000000 +0000 +@@ -1,8 +1,5 @@ + /* config.h.in. Generated from configure.ac by autoheader. */ + +-/* Disable deprecated functions and enums while building */ +-#define GSL_DISABLE_DEPRECATED 1 +- + /* Define if you have inline with C99 behavior */ + #undef HAVE_C99_INLINE diff --git a/user/hexchat/APKBUILD b/user/hexchat/APKBUILD new file mode 100644 index 000000000..5f43c168d --- /dev/null +++ b/user/hexchat/APKBUILD @@ -0,0 +1,61 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=hexchat +pkgver=2.12.4 +pkgrel=1 +pkgdesc="A popular and easy to use graphical IRC (chat) client" +url="https://hexchat.github.io" +arch="all" +license="GPL2+" +depends="" +makedepends="gtk+2.0-dev openssl-dev dbus-glib-dev perl-dev libsexy-dev + libnotify-dev libproxy-dev bash libtool autoconf automake" +install="" +subpackages="$pkgname-doc $pkgname-lang $pkgname-perl:_perl" +source="https://dl.hexchat.net/hexchat/hexchat-$pkgver-repack.tar.xz + pixdata.patch + " + +builddir="$srcdir"/hexchat-$pkgver +prepare() { + cd "$builddir" + default_prepare + autoreconf -vif +} + +build() { + cd "$builddir" + LUA=lua5.3 \ + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --enable-openssl \ + --enable-dbus \ + --disable-textfe \ + --enable-perl \ + --disable-python \ + --disable-lua + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + # not worth a -dev pkg + rm -r "$pkgdir"/usr/include +} + +_perl() { + pkgdesc="Perl plugin for Hexchat" + depends="$pkgname=$pkgver-r$pkgrel" + install_if="$pkgname=$pkgver-r$pkgrel perl" + mkdir -p "$subpkgdir"/usr/lib/hexchat/plugins + mv "$pkgdir"/usr/lib/hexchat/plugins/perl.so \ + "$subpkgdir"/usr/lib/hexchat/plugins +} + +sha512sums="30d42f5b488abec3fa457254720a39f62619338a5a2c3fe2e5a255aafe1b19817451b01cd260eab90868df1ebf9f663c60b78b6db974ca3c777272327c0b8a25 hexchat-2.12.4-repack.tar.xz +5cb7ac95e6d53d677d7ec82485636f2c36003ba7fa0c4d4d353095dc6207c51abdc7a2230d43616895fef8ce2c7c2096bec21ac47117d0adbc7416ff3d4ba2c3 pixdata.patch" diff --git a/user/hexchat/libressl.patch b/user/hexchat/libressl.patch new file mode 100644 index 000000000..d829dee39 --- /dev/null +++ b/user/hexchat/libressl.patch @@ -0,0 +1,105 @@ +From d583ca7d922e5ac6ff466df2e4411b1303a3a2a3 Mon Sep 17 00:00:00 2001 +From: Florian Stinglmayr <florian@n0la.org> +Date: Tue, 13 Dec 2016 18:41:43 +0100 +Subject: [PATCH] Use AC_CHECK_FUNCS to find functions not in LibreSSL + +LibreSSL might not have all functions of OpenSSL 1.1.0 so use +AC_CHECK_FUNCS to find them first before using them. + +Closes #1899 +Fixes #1898 +--- + configure.ac | 2 ++ + src/common/ssl.c | 4 ++-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 34e6def..1f442c5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -374,6 +374,8 @@ AS_IF([test "$openssl" != no], [ + openssl=yes + COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS" + COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS" ++ dnl Test for various functions that are not available in LibreSSL ++ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid]) + ], [ + unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h + AS_IF([test "$openssl" != yes], [ +diff --git a/src/common/ssl.c b/src/common/ssl.c +index cb58ce2..76fea7b 100644 +--- a/src/common/ssl.c ++++ b/src/common/ssl.c +@@ -176,7 +176,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl) + return 1; + + alg = OBJ_obj2nid (algor->algorithm); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#ifndef HAVE_X509_GET_SIGNATURE_NID + sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm); + #else + sign_alg = X509_get_signature_nid (peer_cert); +@@ -306,7 +306,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) + + SSL_set_fd (ssl, sd); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#ifndef HAVE_SSL_CTX_GET_SSL_METHOD + method = ctx->method; + #else + method = SSL_CTX_get_ssl_method (ctx); +From aa7080f8fe63939d7ff4a0d0b1ec60f0c3eb31be Mon Sep 17 00:00:00 2001 +From: Patrick Griffis <tingping@tingping.se> +Date: Tue, 13 Dec 2016 17:29:26 -0500 +Subject: [PATCH] Fix building fishlim against libressl also + +Also part of #1898 +--- + configure.ac | 2 +- + plugins/fishlim/dh1080.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 1f442c5..10a1550 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -375,7 +375,7 @@ AS_IF([test "$openssl" != no], [ + COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS" + COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS" + dnl Test for various functions that are not available in LibreSSL +- AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid]) ++ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid DH_set0_pqg DH_get0_key DH_set0_key]) + ], [ + unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h + AS_IF([test "$openssl" != yes], [ +diff --git a/plugins/fishlim/dh1080.c b/plugins/fishlim/dh1080.c +index ff6e579..3611758 100644 +--- a/plugins/fishlim/dh1080.c ++++ b/plugins/fishlim/dh1080.c +@@ -74,7 +74,7 @@ dh1080_init (void) + + BN_set_word (g, 2); + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#ifndef HAVE_DH_SET0_PQG + g_dh->p = p; + g_dh->g = g; + #else +@@ -162,7 +162,7 @@ dh1080_generate_key (char **priv_key, char **pub_key) + return 0; + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#ifndef HAVE_DH_GET0_KEY + dh_pub_key = dh->pub_key; + dh_priv_key = dh->priv_key; + #else +@@ -213,7 +213,7 @@ dh1080_compute_key (const char *priv_key, const char *pub_key, char **secret_key + + priv_key_data = dh1080_decode_b64 (priv_key, &priv_key_len); + priv_key_num = BN_bin2bn(priv_key_data, priv_key_len, NULL); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#ifndef HAVE_DH_SET0_KEY + dh->priv_key = priv_key_num; + #else + DH_set0_key (dh, NULL, priv_key_num); diff --git a/user/hexchat/pixdata.patch b/user/hexchat/pixdata.patch new file mode 100644 index 000000000..4e720a848 --- /dev/null +++ b/user/hexchat/pixdata.patch @@ -0,0 +1,56 @@ +From 4c178782a779f013fafab476506f7d4dae372b8a Mon Sep 17 00:00:00 2001 +From: Patrick Griffis <tingping@tingping.se> +Date: Sat, 17 Dec 2016 19:55:06 -0500 +Subject: [PATCH] Don't combine compression with pixdata option for icon + resources + +This made minimal difference and is not recommended by upstream. +It also is affected by a regression in the latest gdk-pixbuf release. + +https://bugzilla.gnome.org/show_bug.cgi?id=776105 +--- + data/hexchat.gresource.xml | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/data/hexchat.gresource.xml b/data/hexchat.gresource.xml +index c125da2..5845da5 100644 +--- a/data/hexchat.gresource.xml ++++ b/data/hexchat.gresource.xml +@@ -1,23 +1,23 @@ + <?xml version="1.0" encoding="UTF-8"?> + <gresources> + <gresource prefix="/icons"> +- <file alias="hexchat.png" preprocess="to-pixdata" compressed="true">icons/hexchat.png</file> +- <file alias="book.png" preprocess="to-pixdata" compressed="true">icons/book.png</file> ++ <file alias="hexchat.png" preprocess="to-pixdata">icons/hexchat.png</file> ++ <file alias="book.png" preprocess="to-pixdata">icons/book.png</file> + +- <file alias="ulist_voice.png" preprocess="to-pixdata" compressed="true">icons/ulist_voice.png</file> +- <file alias="ulist_halfop.png" preprocess="to-pixdata" compressed="true">icons/ulist_halfop.png</file> +- <file alias="ulist_op.png" preprocess="to-pixdata" compressed="true">icons/ulist_op.png</file> +- <file alias="ulist_owner.png" preprocess="to-pixdata" compressed="true">icons/ulist_owner.png</file> +- <file alias="ulist_founder.png" preprocess="to-pixdata" compressed="true">icons/ulist_founder.png</file> +- <file alias="ulist_netop.png" preprocess="to-pixdata" compressed="true">icons/ulist_netop.png</file> ++ <file alias="ulist_voice.png" preprocess="to-pixdata">icons/ulist_voice.png</file> ++ <file alias="ulist_halfop.png" preprocess="to-pixdata">icons/ulist_halfop.png</file> ++ <file alias="ulist_op.png" preprocess="to-pixdata">icons/ulist_op.png</file> ++ <file alias="ulist_owner.png" preprocess="to-pixdata">icons/ulist_owner.png</file> ++ <file alias="ulist_founder.png" preprocess="to-pixdata">icons/ulist_founder.png</file> ++ <file alias="ulist_netop.png" preprocess="to-pixdata">icons/ulist_netop.png</file> + +- <file alias="tray_fileoffer.png" preprocess="to-pixdata" compressed="true">icons/tray_fileoffer.png</file> +- <file alias="tray_highlight.png" preprocess="to-pixdata" compressed="true">icons/tray_highlight.png</file> +- <file alias="tray_message.png" preprocess="to-pixdata" compressed="true">icons/tray_message.png</file> ++ <file alias="tray_fileoffer.png" preprocess="to-pixdata">icons/tray_fileoffer.png</file> ++ <file alias="tray_highlight.png" preprocess="to-pixdata">icons/tray_highlight.png</file> ++ <file alias="tray_message.png" preprocess="to-pixdata">icons/tray_message.png</file> + + <file alias="tree_channel.png" preprocess="to-pixdata">icons/tree_channel.png</file> +- <file alias="tree_dialog.png" preprocess="to-pixdata" compressed="true">icons/tree_dialog.png</file> +- <file alias="tree_server.png" preprocess="to-pixdata" compressed="true">icons/tree_server.png</file> +- <file alias="tree_util.png" preprocess="to-pixdata" compressed="true">icons/tree_util.png</file> ++ <file alias="tree_dialog.png" preprocess="to-pixdata">icons/tree_dialog.png</file> ++ <file alias="tree_server.png" preprocess="to-pixdata">icons/tree_server.png</file> ++ <file alias="tree_util.png" preprocess="to-pixdata">icons/tree_util.png</file> + </gresource> + </gresources> diff --git a/user/i3lock/APKBUILD b/user/i3lock/APKBUILD new file mode 100644 index 000000000..c11e9bca8 --- /dev/null +++ b/user/i3lock/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: Johannes Matheis <jomat+alpinebuild@jmt.gr> +# Maintainer: Johannes Matheis <jomat+alpinebuild@jmt.gr> +pkgname=i3lock +pkgver=2.10 +pkgrel=0 +pkgdesc="An improved screenlocker based upon XCB and PAM" +url="https://i3wm.org/i3lock/" +arch="all" +license="MIT" +depends="xkeyboard-config" +makedepends="libev-dev cairo-dev linux-pam-dev libxkbcommon-dev + xcb-util-image-dev which" +subpackages="$pkgname-doc" +source="$url/$pkgname-$pkgver.tar.bz2" +builddir="$srcdir/$pkgname-$pkgver" + +prepare() { + default_prepare + + cd "$builddir" + + # Fix ticket FS#31544, sed line taken from gentoo + sed -i -e 's:login:base-auth:g' i3lock.pam +} + +build() { + cd "$builddir" + make +} + +check() { + cd "$builddir" + ./i3lock -v +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + install -m755 -d "$pkgdir/usr/share/man/man1/" + install -m644 $pkgname.1 "$pkgdir/usr/share/man/man1/" +} + +sha512sums="ea865b202668212b58d0b97d0263171847e1bd0c529e2fd3d26c15ef253861b9a8357ff2efaa6a4f342c4d0d1ab03bc00f95f4d4008760ec8e0767ac29195517 i3lock-2.10.tar.bz2" diff --git a/user/jasper/APKBUILD b/user/jasper/APKBUILD new file mode 100644 index 000000000..74504d503 --- /dev/null +++ b/user/jasper/APKBUILD @@ -0,0 +1,49 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=jasper +pkgver=2.0.14 +pkgrel=0 +pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard" +url="http://www.ece.uvic.ca/~mdadams/jasper/" +arch="all" +license="custom:JasPer2.0" +depends= #"libjpeg>=8 freeglut libxi libxmu mesa" +makedepends="libjpeg-turbo-dev cmake" +subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" +source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz + " +builddir="$srcdir"/$pkgname-$pkgver + +# secfixes: +# 2.0.12-r1: +# - CVE-2017-1000050 + +build() { + mkdir "$builddir"/obj + cd "$builddir"/obj + # default of 16 causes stack overflow + export CFLAGS="${CFLAGS} -DJPC_QMFB_COLGRPSIZE=6" + cmake .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=/usr/lib + + make +} + +check() { + cd "$builddir"/obj + make test +} + +package() { + cd "$builddir"/obj + make DESTDIR="$pkgdir" install +} + +libs() { + pkgdesc="JPEG-2000 library" + install -d "$subpkgdir"/usr/ + mv "$pkgdir"/usr/lib "$subpkgdir"/usr +} + +sha512sums="9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8 jasper-2.0.14.tar.gz" diff --git a/user/libbluray/APKBUILD b/user/libbluray/APKBUILD new file mode 100644 index 000000000..925ad2cfd --- /dev/null +++ b/user/libbluray/APKBUILD @@ -0,0 +1,36 @@ +# Contributor: Timo Teräs <timo.teras@iki.fi> +# Maintainer: Timo Teräs <timo.teras@iki.fi> +pkgname=libbluray +pkgver=1.0.0 +pkgrel=1 +pkgdesc="a library designed for Blu-Ray Discs playback" +url="http://www.videolan.org/developers/libbluray.html" +arch="all" +license="LGPL" +options="!check" # Test requires an actual BD-ROM to play +makedepends="fontconfig-dev libxml2-dev" +subpackages="$pkgname-dev" +source="http://download.videolan.org/pub/videolan/libbluray/$pkgver/libbluray-$pkgver.tar.bz2" +builddir="$srcdir"/libbluray-$pkgver + +build() { + cd "$builddir" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --disable-bdjava + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="fcf2193c3b76f3436bc88ce8853cac16f29c3bb6c66447109c14202a41ea938cb6814502a8f724fb1b31add6bd36b42d3aed3eb4a8010c123537e073bd7a0be1 libbluray-1.0.0.tar.bz2" diff --git a/user/libcanberra/APKBUILD b/user/libcanberra/APKBUILD new file mode 100644 index 000000000..31cae167b --- /dev/null +++ b/user/libcanberra/APKBUILD @@ -0,0 +1,95 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: William Pitcock <nenolod@dereferenced.org> +pkgname=libcanberra +pkgver=0.30 +pkgrel=2 +pkgdesc="simple audio library for GTK applications" +url="http://0pointer.de/lennart/projects/libcanberra/" +license="LGPL" +options="!check" # No test suite. +depends= +makedepends="gtk+-dev libogg-dev libvorbis-dev alsa-lib-dev libtool gtk+3.0-dev + pulseaudio-dev gstreamer-dev" +install= +subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk2 $pkgname-gtk3 + $pkgname-gstreamer $pkgname-pulse" +source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz" +arch="all" + +depends_dev="$makedepends" + +builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + cd "$builddir" + update_config_sub + default_prepare +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --disable-oss + make +} + +package() { + cd "$builddir" + make -j1 DESTDIR="$pkgdir" install +} + +gtk2() { + pkgdesc="Gtk+ 2.x Bindings for libcanberra" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libcanberra-gtk.so.* \ + "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/gtk-2.0 \ + "$subpkgdir"/usr/lib/ +} + +gtk3() { + pkgdesc="Gtk+ 3.x Bindings for libcanberra" + mkdir -p "$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules \ + "$subpkgdir"/usr/bin \ + "$subpkgdir"/usr/share/gnome/autostart \ + "$subpkgdir"/usr/share/gnome/shutdown \ + "$subpkgdir"/usr/share/gdm/autostart/LoginWindow + mv "$pkgdir"/usr/lib/gtk-3.0 \ + "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/libcanberra-gtk3.so.* \ + "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/bin/canberra-gtk-play \ + "$subpkgdir"/usr/bin/ + mv "$pkgdir"/usr/share/gnome/autostart/libcanberra-login-sound.desktop \ + "$subpkgdir"/usr/share/gnome/autostart + mv "$pkgdir"/usr/share/gnome/shutdown/libcanberra-logout-sound.sh \ + "$subpkgdir"/usr/share/gnome/autostart/ + mv "$pkgdir"/usr/share/gdm/autostart/LoginWindow/libcanberra-ready-sound.desktop \ + "$subpkgdir"/usr/share/gdm/autostart/LoginWindow/ + mv "$pkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/canberra-gtk-module.desktop \ + "$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/ +} + +gstreamer() { + pkgdesc="GStreamer backend for libcanberra" + install_if="$pkgname=$pkgver-$pkgrel gstreamer" + mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver + mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-gstreamer.so \ + "$subpkgdir"/usr/lib/libcanberra-$pkgver/ +} + +pulse() { + pkgdesc="PulseAudio backend for libcanberra" + install_if="$pkgname=$pkgver-$pkgrel pulseaudio" + mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver + mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-pulse.so \ + "$subpkgdir"/usr/lib/libcanberra-$pkgver/ +} + +sha512sums="f7543582122256826cd01d0f5673e1e58d979941a93906400182305463d6166855cb51f35c56d807a56dc20b7a64f7ce4391368d24990c1b70782a7d0b4429c2 libcanberra-0.30.tar.xz" diff --git a/user/libgit2/APKBUILD b/user/libgit2/APKBUILD new file mode 100644 index 000000000..e7e4bbfad --- /dev/null +++ b/user/libgit2/APKBUILD @@ -0,0 +1,52 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libgit2 +pkgver=0.26.0 +pkgrel=0 +pkgdesc="A linkable library for Git" +url="https://libgit2.github.com/" +arch="all" +license="GPL-2.0" +depends="" +depends_dev="curl-dev libssh2-dev" +makedepends="$depends_dev python3 cmake zlib-dev openssl-dev" +subpackages="$pkgname-dev" +source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz + build-both-static-dynamic.patch + " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 0.25.1-r0: +# - CVE-2016-10128 +# - CVE-2016-10129 +# - CVE-2016-10130 +# 0.24.3-r0: +# - CVE-2016-8568 +# - CVE-2016-8569 + +build() { + cd "$builddir" + cmake \ + -DCMAKE_BUILD_TYPE=RelWithDebugInfo \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_C_FLAGS="$CFLAGS" + make +} + +check() { + cd "$builddir" + CTEST_OUTPUT_ON_FAILURE=TRUE ctest +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="b6e51f2216c7c23f352572b780ea1325a25a517396709f036bb573295c2bd02aa505ba616846ac7e07863e99e640e7d47fefc5727478a257b283da99060ee47c libgit2-0.26.0.tar.gz +39534d10f38f394446f93df810233464807fca3b0e903ee40067971ecbe1d78102bbe04283435032f757f970e6846ecf279eb727ab137c01e84427bd16913ee6 build-both-static-dynamic.patch" diff --git a/user/libgit2/build-both-static-dynamic.patch b/user/libgit2/build-both-static-dynamic.patch new file mode 100644 index 000000000..eeb179a1e --- /dev/null +++ b/user/libgit2/build-both-static-dynamic.patch @@ -0,0 +1,53 @@ +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Mon, 11 Apr 2017 3:23:00 +0200 +Subject: [PATCH] Build both static and dynamic library + +This is very hack-ish, it makes option BUILD_SHARED_LIBS unusable. +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -28,7 +28,6 @@ + # Build options + # + OPTION( SONAME "Set the (SO)VERSION of the target" ON ) +-OPTION( BUILD_SHARED_LIBS "Build Shared Library (OFF for Static)" ON ) + OPTION( THREADSAFE "Build libgit2 as threadsafe" ON ) + OPTION( BUILD_CLAR "Build Tests using the Clar suite" ON ) + OPTION( BUILD_EXAMPLES "Build library usage example apps" OFF ) +@@ -44,6 +43,8 @@ + OPTION( CURL "Use curl for HTTP if available" ON) + OPTION( DEBUG_POOL "Enable debug pool allocator" OFF ) + ++SET( BUILD_SHARED_LIBS ON ) ++ + IF(DEBUG_POOL) + ADD_DEFINITIONS(-DGIT_DEBUG_POOL) + ENDIF() +@@ -602,7 +603,8 @@ + ENDIF() + + # Compile and link libgit2 +-ADD_LIBRARY(git2 ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC}) ++ADD_LIBRARY(objlib OBJECT ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC}) ++ADD_LIBRARY(git2 SHARED $<TARGET_OBJECTS:objlib>) + TARGET_LINK_LIBRARIES(git2 ${SECURITY_DIRS}) + TARGET_LINK_LIBRARIES(git2 ${COREFOUNDATION_DIRS}) + TARGET_LINK_LIBRARIES(git2 ${SSL_LIBRARIES}) +@@ -611,6 +613,9 @@ + TARGET_LINK_LIBRARIES(git2 ${ICONV_LIBRARIES}) + TARGET_OS_LIBRARIES(git2) + ++ADD_LIBRARY(git2_static STATIC $<TARGET_OBJECTS:objlib>) ++SET_TARGET_PROPERTIES(git2_static PROPERTIES OUTPUT_NAME git2 CLEAN_DIRECT_OUTPUT 1) ++ + # Workaround for Cmake bug #0011240 (see http://public.kitware.com/Bug/view.php?id=11240) + # Win64+MSVC+static libs = linker error + IF(MSVC AND GIT_ARCH_64 AND NOT BUILD_SHARED_LIBS) +@@ -639,7 +644,7 @@ + ENDIF () + + # Install +-INSTALL(TARGETS git2 ++INSTALL(TARGETS git2 git2_static + RUNTIME DESTINATION ${BIN_INSTALL_DIR} + LIBRARY DESTINATION ${LIB_INSTALL_DIR} + ARCHIVE DESTINATION ${LIB_INSTALL_DIR} diff --git a/user/libgit2/libressl.patch b/user/libgit2/libressl.patch new file mode 100644 index 000000000..967cdc498 --- /dev/null +++ b/user/libgit2/libressl.patch @@ -0,0 +1,12 @@ +diff -ru src.orig/libgit2-0.25.1/src/openssl_stream.h src/libgit2-0.25.1/src/openssl_stream.h +--- libgit2-0.25.1/src/copenssl_stream.h.orig ++++ libgit2-0.25.1/src/openssl_stream.h +@@ -27,7 +27,7 @@ + + + +-# if OPENSSL_VERSION_NUMBER < 0x10100000L ++# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name) + { diff --git a/user/libgit2/pkgconfig-do-not-quote-Libs.patch b/user/libgit2/pkgconfig-do-not-quote-Libs.patch new file mode 100644 index 000000000..86133612e --- /dev/null +++ b/user/libgit2/pkgconfig-do-not-quote-Libs.patch @@ -0,0 +1,26 @@ +From 452ba68cde25423d13ebb36f0a54559f07aa53a2 Mon Sep 17 00:00:00 2001 +From: Igor Gnatenko <ignatenko@redhat.com> +Date: Tue, 7 Feb 2017 16:37:47 +0100 +Subject: [PATCH] pkgconfig: do not quote Libs + +It doesn't make sense at all. +--- + libgit2.pc.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libgit2.pc.in b/libgit2.pc.in +index 329a560a7..880266a30 100644 +--- a/libgit2.pc.in ++++ b/libgit2.pc.in +@@ -6,7 +6,7 @@ Name: libgit2 + Description: The git library, take 2 + Version: @LIBGIT2_VERSION_STRING@ + +-Libs: -L"${libdir}" -lgit2 ++Libs: -L${libdir} -lgit2 + Libs.private: @LIBGIT2_PC_LIBS@ + Requires.private: @LIBGIT2_PC_REQUIRES@ + +-- +2.11.0 + diff --git a/user/libnih/APKBUILD b/user/libnih/APKBUILD new file mode 100644 index 000000000..f12895d65 --- /dev/null +++ b/user/libnih/APKBUILD @@ -0,0 +1,57 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: William Pitcock <nenolod@dereferenced.org> +pkgname=libnih +pkgver=1.0.3 +pkgrel=5 +pkgdesc="glib-like library for embedded use" +url="http://launchpad.net/libnih" +arch="all" +license="LGPL" +options="!checkroot" +depends= +depends_dev="dbus-dev expat-dev" +makedepends="$depends_dev gettext-dev" +checkdepends="dbus-x11 linux-headers" +install="" +subpackages="$pkgname-dev $pkgname-doc" +source="http://launchpad.net/libnih/${pkgver%.*}/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz + musl-fix-signals.patch + disable-broken-test.patch + musl-enomem-message.patch + parse-test-fix.patch + " + +builddir="${srcdir}/${pkgname}-${pkgver}" +prepare() { + cd "$builddir" + update_config_sub + default_prepare +} + +build() { + cd "$builddir" + LIBS="-lintl" ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libdir=/lib \ + --sysconfdir=/etc \ + --localstatedir=/var + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="fce40d2445b28c27b8838631681ca3206a4f053b2dd4fc488fc9ef98bbd3d933e3d62b82cf346be2ef1677f6457f692cf5544cd915a6bb1e5c618f98ffa101b4 libnih-1.0.3.tar.gz +77a979b3076c4e4229359f28c2e9d4fb66d799a66d60391ab6fd7e0dfe2a615b88330a979877b105293a95ed147546596eca174f52b75beca0457c49a017d040 musl-fix-signals.patch +b5b77b1f18d7aa5d603a0d312b785c28200c38b7bbe5c384ee576c762bd9e3163682c29dd5410baf18c5c3734f0b719602caa1de096f1758d624d94b7753066a disable-broken-test.patch +b800c99153ad66c9d7399bc7544a0237de0c7a4ddac129509f13eb1c31805fcac31c93bbf2945da557dfc900c9ec837ec0fded1c3f9887095dae52ff6fc046ec musl-enomem-message.patch +3f24f648c27e9b5a6872859fe97b34055b0f43b11f0321508852b20b6dd94de5c8d24a6dbaab9d49e7004bf0c571c11ebf520d49630d8a89bceeb7783de7dcd2 parse-test-fix.patch" diff --git a/user/libnih/disable-broken-test.patch b/user/libnih/disable-broken-test.patch new file mode 100644 index 000000000..15027945a --- /dev/null +++ b/user/libnih/disable-broken-test.patch @@ -0,0 +1,11 @@ +--- libnih-1.0.3/nih/tests/test_child.c.old 2010-09-20 18:17:01.000000000 -0500 ++++ libnih-1.0.3/nih/tests/test_child.c 2017-09-27 20:22:23.576368549 -0500 +@@ -652,7 +652,7 @@ + char *argv[]) + { + test_add_watch (); +- test_poll (); ++ // test_poll (); + + return 0; + } diff --git a/user/libnih/musl-enomem-message.patch b/user/libnih/musl-enomem-message.patch new file mode 100644 index 000000000..2adeff852 --- /dev/null +++ b/user/libnih/musl-enomem-message.patch @@ -0,0 +1,489 @@ +--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old 2010-09-20 18:17:01.000000000 -0500 ++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c 2017-09-27 20:40:32.998734677 -0500 +@@ -1583,11 +1583,16 @@ + Signal * signal; + Property * property; + Argument * argument; ++ char mem_error[280] = "test:foo:[0-9]*:[0-9]*: "; + + TEST_FUNCTION ("parse_xml"); + fp = tmpfile (); + output = tmpfile (); + ++ ++ strerror_r(ENOMEM, mem_error+24, 254); ++ mem_error[strlen(mem_error)] = '\n'; ++ + /* Check that a file containing a single node entity is parsed + * successfully, returning a Node structure with no information + * attached. +@@ -1608,8 +1613,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1645,8 +1649,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1686,8 +1689,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1743,8 +1745,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1800,8 +1801,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1857,8 +1857,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1916,8 +1915,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -1973,8 +1971,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2047,8 +2044,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2121,8 +2117,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2195,8 +2190,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2271,8 +2265,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2345,8 +2338,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2419,8 +2411,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2493,8 +2484,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2567,8 +2557,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2641,8 +2630,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2729,8 +2717,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2817,8 +2804,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2904,8 +2890,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -2992,8 +2977,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3107,8 +3091,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3199,8 +3182,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3291,8 +3273,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3417,8 +3398,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3575,8 +3555,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3647,8 +3626,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3719,8 +3697,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3791,8 +3768,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3865,8 +3841,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -3937,8 +3912,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4023,8 +3997,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4108,8 +4081,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4194,8 +4166,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4306,8 +4277,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4426,8 +4396,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4579,8 +4548,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4652,8 +4620,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4725,8 +4692,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4800,8 +4766,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4875,8 +4840,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -4950,8 +4914,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -5027,8 +4990,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -5104,8 +5066,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -5233,8 +5194,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -5570,8 +5530,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; +@@ -5996,8 +5955,7 @@ + if (test_alloc_failed) { + TEST_EQ_P (node, NULL); + +- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: " +- "Cannot allocate memory\n")); ++ TEST_FILE_MATCH (output, mem_error); + TEST_FILE_END (output); + TEST_FILE_RESET (output); + continue; diff --git a/user/libnih/musl-fix-signals.patch b/user/libnih/musl-fix-signals.patch new file mode 100644 index 000000000..97ef8196d --- /dev/null +++ b/user/libnih/musl-fix-signals.patch @@ -0,0 +1,12 @@ +--- libnih-1.0.3.orig/nih/signal.c ++++ libnih-1.0.3/nih/signal.c +@@ -87,7 +87,9 @@ + { SIGSTKFLT, "STKFLT" }, + #endif + { SIGCHLD, "CHLD" }, ++#ifdef SIGCLD + { SIGCLD, "CLD" }, ++#endif + { SIGCONT, "CONT" }, + { SIGSTOP, "STOP" }, + { SIGTSTP, "TSTP" }, diff --git a/user/libnih/parse-test-fix.patch b/user/libnih/parse-test-fix.patch new file mode 100644 index 000000000..e993bf324 --- /dev/null +++ b/user/libnih/parse-test-fix.patch @@ -0,0 +1,11 @@ +--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old 2018-03-02 16:54:29.969068332 -0600 ++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c 2018-03-02 17:05:41.629074683 -0600 +@@ -7908,7 +7908,7 @@ + + TEST_EQ_P (node, NULL); + +- TEST_FILE_EQ (output, ("test:foo:2:0: " ++ TEST_FILE_EQ (output, ("test:foo:1:36: " + "Invalid object path in <node> name attribute\n")); + TEST_FILE_END (output); + TEST_FILE_RESET (output); diff --git a/user/libnotify/APKBUILD b/user/libnotify/APKBUILD new file mode 100644 index 000000000..a59730e1b --- /dev/null +++ b/user/libnotify/APKBUILD @@ -0,0 +1,34 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libnotify +pkgver=0.7.7 +pkgrel=1 +pkgdesc="Desktop notification library" +url="http://library.gnome.org/devel/notification-spec/" +arch="all" +license="LGPL" +options="!check" # Test suite requires running X11 +subpackages="$pkgname-dev $pkgname-doc" +depends= +depends_dev="dbus-dev" +makedepends="$depends_dev gdk-pixbuf-dev glib-dev autoconf automake + gobject-introspection-dev" +source="https://download.gnome.org/sources/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz" + +builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --disable-static \ + --disable-tests + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} +sha512sums="133874114407bf12267ef609f5941657181760bc7cf115c5973b1810cb72bf55072b621c143e32be1e7e8b49f244851925d14bc3f9f26457747b8a8695ee9954 libnotify-0.7.7.tar.xz" diff --git a/user/libsndfile/APKBUILD b/user/libsndfile/APKBUILD new file mode 100644 index 000000000..66abef4f7 --- /dev/null +++ b/user/libsndfile/APKBUILD @@ -0,0 +1,61 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libsndfile +pkgver=1.0.28 +pkgrel=3 +pkgdesc="A C library for reading and writing files containing sampled sound" +url="http://www.mega-nerd.com/libsndfile" +arch="all" +license="LGPL2+" +subpackages="$pkgname-dev $pkgname-doc" +depends= +depends_dev="flac-dev libvorbis-dev libogg-dev" +makedepends="linux-headers alsa-lib-dev $depends_dev" +source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz + CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch + CVE-2017-8362.patch + CVE-2017-12562.patch + varargs-32bit.patch + " + +# secfixes: +# 1.0.28-r2: +# - CVE-2017-12562 +# 1.0.28-r0: +# - CVE-2017-7585 +# - CVE-2017-7741 +# - CVE-2017-7742 +# 1.0.28-r1: +# - CVE-2017-8361 +# - CVE-2017-8362 +# - CVE-2017-8363 +# - CVE-2017-8365 + +builddir="$srcdir/$pkgname-$pkgver" +build () { + cd "$builddir" + ac_cv_sys_largefile_CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --disable-sqlite \ + --enable-largefile + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f libsndfile-1.0.28.tar.gz +f98c40696fca3e7bca867df993de55bb4145c23428e65d1a669182eb2293046478ac727ae7f94bb77123ef0355c3c53be4f9d6a432665c90c74687d8d3afd9e3 CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch +dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381aed3072644cd5ee03ba3598265aa7d202d63167da251cb595 CVE-2017-8362.patch +814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e CVE-2017-12562.patch +2b83bacec23665cd31a596a1ce1fb543f935c7609dfff93a85822f81d66b3483cd547cd043eefb901d543276c270a17add70bf0db6348b5279220a7ecbd8b339 varargs-32bit.patch" diff --git a/user/libsndfile/CVE-2017-12562.patch b/user/libsndfile/CVE-2017-12562.patch new file mode 100644 index 000000000..f195e87e4 --- /dev/null +++ b/user/libsndfile/CVE-2017-12562.patch @@ -0,0 +1,88 @@ +From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de> +Date: Wed, 14 Jun 2017 12:25:40 +0200 +Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings + in binheader + +Fixes the following problems: + 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. + 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the + big switch statement by an amount (16 bytes) which is enough for all cases + where only a single value gets added. Cases 's', 'S', 'p' however + additionally write an arbitrary length block of data and again enlarge the + buffer to the required amount. However, the required space calculation does + not take into account the size of the length field which gets output before + the data. + 3. Buffer size requirement calculation in case 'S' does not account for the + padding byte ("size += (size & 1) ;" happens after the calculation which + uses "size"). + 4. Case 'S' can overrun the header buffer by 1 byte when no padding is + involved + ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while + the buffer is only guaranteed to have "size" space available). + 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte + beyond the space which is guaranteed to be allocated in the header buffer. + 6. Case 's' can overrun the provided source string by 1 byte if padding is + involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" + where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, + plus optionally another 1 which is padding and not guaranteed to be + readable via the source string pointer). + +Closes: https://github.com/erikd/libsndfile/issues/292 +--- + src/common.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1a6204ca..6b2a2ee9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; ++ size += (size & 1) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; + count += 4 + size ; +@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else + header_put_le_int (psf, size) ; +- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; ++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; + size += (size & 1) ; + psf->header.indx += size ; +- psf->header.ptr [psf->header.indx] = 0 ; + count += 4 + size ; + break ; + +@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + size = (size & 1) ? size : size + 1 ; + size = (size > 254) ? 254 : size ; + +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) + return count ; + + header_put_byte (psf, size) ; diff --git a/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch new file mode 100644 index 000000000..1dc5b57f1 --- /dev/null +++ b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch @@ -0,0 +1,64 @@ +From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo <erikd@mega-nerd.com> +Date: Wed, 12 Apr 2017 19:45:30 +1000 +Subject: [PATCH] FLAC: Fix a buffer read overrun + +Buffer read overrun occurs when reading a FLAC file that switches +from 2 channels to one channel mid-stream. Only option is to +abort the read. + +Closes: https://github.com/erikd/libsndfile/issues/230 +--- + src/common.h | 1 + + src/flac.c | 13 +++++++++++++ + src/sndfile.c | 1 + + 3 files changed, 15 insertions(+) + +diff --git a/src/common.h b/src/common.h +index 0bd810c3..e2669b6a 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -725,6 +725,7 @@ enum + SFE_FLAC_INIT_DECODER, + SFE_FLAC_LOST_SYNC, + SFE_FLAC_BAD_SAMPLE_RATE, ++ SFE_FLAC_CHANNEL_COUNT_CHANGED, + SFE_FLAC_UNKOWN_ERROR, + + SFE_WVE_NOT_WVE, +diff --git a/src/flac.c b/src/flac.c +index 84de0e26..986a7b8f 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ + + switch (metadata->type) + { case FLAC__METADATA_TYPE_STREAMINFO : ++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) ++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" ++ "Nothing to be but to error out.\n" , ++ psf->sf.channels, metadata->data.stream_info.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return ; ++ } ; ++ ++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate) ++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n" ++ "Carrying on as if nothing happened.", ++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ; ++ } ; + psf->sf.channels = metadata->data.stream_info.channels ; + psf->sf.samplerate = metadata->data.stream_info.sample_rate ; + psf->sf.frames = metadata->data.stream_info.total_samples ; +diff --git a/src/sndfile.c b/src/sndfile.c +index 41875610..e2a87be8 100644 +--- a/src/sndfile.c ++++ b/src/sndfile.c +@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] = + { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." }, + { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." }, + { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." }, ++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." }, + { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." }, + + { SFE_WVE_NOT_WVE , "Error : not a WVE file." }, diff --git a/user/libsndfile/CVE-2017-8362.patch b/user/libsndfile/CVE-2017-8362.patch new file mode 100644 index 000000000..54fbfb44c --- /dev/null +++ b/user/libsndfile/CVE-2017-8362.patch @@ -0,0 +1,50 @@ +From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo <erikd@mega-nerd.com> +Date: Fri, 14 Apr 2017 15:19:16 +1000 +Subject: [PATCH] src/flac.c: Fix a buffer read overflow + +A file (generated by a fuzzer) which increased the number of channels +from one frame to the next could cause a read beyond the end of the +buffer provided by libFLAC. Only option is to abort the read. + +Closes: https://github.com/erikd/libsndfile/issues/231 +--- + src/flac.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/flac.c b/src/flac.c +index 5a4f8c21..e4f9aaa0 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf) + const int32_t* const *buffer = pflac->wbuffer ; + unsigned i = 0, j, offset, channels, len ; + ++ if (psf->sf.channels != (int) frame->header.channels) ++ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" ++ "Nothing to do but to error out.\n" , ++ psf->sf.channels, frame->header.channels) ; ++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; ++ return 0 ; ++ } ; ++ + /* + ** frame->header.blocksize is variable and we're using a constant blocksize + ** of FLAC__MAX_BLOCK_SIZE. +@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf) + return 0 ; + } ; + +- + len = SF_MIN (pflac->len, frame->header.blocksize) ; + + if (pflac->remain % channels != 0) +@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ + { case FLAC__METADATA_TYPE_STREAMINFO : + if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) + { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" +- "Nothing to be but to error out.\n" , ++ "Nothing to do but to error out.\n" , + psf->sf.channels, metadata->data.stream_info.channels) ; + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; + return ; diff --git a/user/libsndfile/varargs-32bit.patch b/user/libsndfile/varargs-32bit.patch new file mode 100644 index 000000000..81f149add --- /dev/null +++ b/user/libsndfile/varargs-32bit.patch @@ -0,0 +1,11 @@ +--- libsndfile-1.0.28/src/rf64.c.old 2017-04-02 02:43:22.000000000 -0500 ++++ libsndfile-1.0.28/src/rf64.c 2018-03-04 22:35:31.072461118 -0600 +@@ -737,7 +737,7 @@ + + pad_size = psf->dataoffset - 16 - psf->header.indx ; + if (pad_size >= 0) +- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ; ++ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ; + + if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES)) + psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ; diff --git a/user/libssh2/APKBUILD b/user/libssh2/APKBUILD new file mode 100644 index 000000000..1bfdfdef9 --- /dev/null +++ b/user/libssh2/APKBUILD @@ -0,0 +1,41 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libssh2 +pkgver=1.8.0 +pkgrel=1 +pkgdesc="library for accessing ssh1/ssh2 protocol servers" +url="http://libssh2.org/" +arch="all" +license="BSD" +makedepends_host="openssl-dev zlib-dev" +options="!check" +subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc" +source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz" +builddir="$srcdir"/libssh2-$pkgver + +prepare() { + cd "$builddir" + update_config_sub +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --with-libssl-prefix="${CBUILDROOT}"/usr \ + --disable-rpath + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="289aa45c4f99653bebf5f99565fe9c519abc204feb2084b47b7cc3badc8bf4ecdedd49ea6acdce8eb902b3c00995d5f92a3ca77b2508b92f04ae0e7de7287558 libssh2-1.8.0.tar.gz" diff --git a/user/libvpx/APKBUILD b/user/libvpx/APKBUILD new file mode 100644 index 000000000..27de30e06 --- /dev/null +++ b/user/libvpx/APKBUILD @@ -0,0 +1,52 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libvpx +pkgver=1.6.1 +pkgrel=1 +pkgdesc="Library for the vp8 codec" +url="http://www.webmproject.org/" +arch="all" +license="GPL" +options="!check" +depends="" +makedepends="coreutils yasm bash perl which" +subpackages="$pkgname-dev $pkgname-utils" +source="https://storage.googleapis.com/downloads.webmproject.org/releases/webm/$pkgname-$pkgver.tar.bz2" + +builddir="$srcdir"/$pkgname-$pkgver +build() { + cd "$builddir" + # build fix for arm + export CROSS=" " + bash ./configure \ + --enable-pic \ + --enable-libs \ + --enable-runtime-cpu-detect \ + --enable-vp8 \ + --enable-vp9 \ + --enable-shared \ + --disable-install-srcs \ + --enable-postproc + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DIST_DIR="$pkgdir"/usr install + chmod 644 "$pkgdir"/usr/include/vpx/*.h \ + "$pkgdir"/usr/lib/pkgconfig/* + chown root:root -R "$pkgdir" + chmod 755 "$pkgdir"/usr/lib/* +} + +utils() { + pkgdesc="VP8 utilities and tools" + install -d "$subpkgdir"/usr + mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ +} + +sha512sums="1a4b009fe1737715c6563a79848126a5859394a5074b1e9cca9bc2e213df90890c15e708040d5f2c96c7c21e268f51e1352ac6911514bf891a4bf3eea154159d libvpx-1.6.1.tar.bz2" diff --git a/user/libvpx/libm-pc.patch b/user/libvpx/libm-pc.patch new file mode 100644 index 000000000..87f07a398 --- /dev/null +++ b/user/libvpx/libm-pc.patch @@ -0,0 +1,11 @@ +--- ./libs.mk.orig ++++ ./libs.mk +@@ -241,7 +241,7 @@ + $(qexec)echo 'Version: $(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_PATCH)' >> $@ + $(qexec)echo 'Requires:' >> $@ + $(qexec)echo 'Conflicts:' >> $@ +- $(qexec)echo 'Libs: -L$${libdir} -lvpx' >> $@ ++ $(qexec)echo 'Libs: -L$${libdir} -lvpx -lm' >> $@ + $(qexec)echo 'Cflags: -I$${includedir}' >> $@ + INSTALL-LIBS-yes += $(LIBSUBDIR)/pkgconfig/vpx.pc + INSTALL_MAPS += $(LIBSUBDIR)/pkgconfig/%.pc %.pc diff --git a/user/lighttpd/APKBUILD b/user/lighttpd/APKBUILD new file mode 100644 index 000000000..356bce93e --- /dev/null +++ b/user/lighttpd/APKBUILD @@ -0,0 +1,116 @@ +# Contributor: Valery Kartel <valery.kartel@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=lighttpd +pkgver=1.4.48 +pkgrel=0 +pkgdesc="A secure, fast, compliant and very flexible web-server" +url="http://www.lighttpd.net/" +arch="all" +license="custom" +install="$pkgname.pre-install $pkgname.pre-upgrade" +pkgusers="lighttpd" +pkggroups="lighttpd" +makedepends="flex pcre-dev openssl-dev zlib-dev bzip2-dev lua5.2-dev + automake autoconf openldap-dev libxml2-dev sqlite-dev libev-dev + gamin-dev attr-dev" +subpackages="$pkgname-doc $pkgname-dbg $pkgname-mod_auth $pkgname-openrc + $pkgname-mod_webdav" +source="http://download.lighttpd.net/lighttpd/releases-1.4.x/$pkgname-$pkgver.tar.xz + $pkgname.initd + $pkgname.confd + $pkgname.logrotate + lighttpd.conf + mime-types.conf + mod_cgi.conf + mod_fastcgi.conf + mod_fastcgi_fpm.conf + char-signedness.patch" +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --disable-dependency-tracking \ + --enable-lfs \ + --libdir=/usr/lib/lighttpd \ + --without-mysql \ + --with-attr \ + --without-kerberos5 \ + --with-fam \ + --with-webdav-props \ + --with-webdav-locks \ + --without-gdbm \ + --with-bzip2 \ + --with-ldap \ + --with-openssl \ + --with-libev \ + --with-lua + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + + make DESTDIR="$pkgdir" install + + # create dirs + install -d -m755 -o lighttpd -g lighttpd \ + "$pkgdir"/var/log/lighttpd/ + install -d -m755 \ + "$pkgdir"/etc/lighttpd/ \ + "$pkgdir"/var/www/localhost/htdocs + + # lighttpd + install -D -m755 "$srcdir"/lighttpd.initd \ + "$pkgdir"/etc/init.d/lighttpd + install -D -m644 "$srcdir"/lighttpd.confd \ + "$pkgdir"/etc/conf.d/lighttpd + install -D -m644 "$srcdir"/lighttpd.logrotate \ + "$pkgdir"/etc/logrotate.d/lighttpd + + # config files + local i; for i in lighttpd.conf mime-types.conf mod_cgi.conf \ + mod_fastcgi.conf mod_fastcgi_fpm.conf + do + install -m644 "$srcdir"/$i "$pkgdir"/etc/lighttpd/$i + done +} + +_mv_mod() { + mkdir -p "$subpkgdir"/usr/lib/lighttpd + while [ $# -gt 0 ]; do + mv "$pkgdir"/usr/lib/lighttpd/$1.so \ + "$subpkgdir"/usr/lib/lighttpd/ + shift + done +} + +mod_auth() { + pkgdesc="Authentication module for lighttpd" + _mv_mod mod_auth +} + +mod_webdav() { + pkgdesc="WebDAV module for lighttpd" + _mv_mod mod_webdav +} + +sha512sums="361dbf07b280aa7345f3026cce6d12d0aeaa3bb535b5a5b2a894a568395f46a9c7ce723dfd1948225117495f3e63ec207b72d5e4b680da7cd56419e23cf8bae4 lighttpd-1.4.48.tar.xz +f2f3c5c7731550237fd75a8de66275f427eaf897cffff7ac7ef44178328ad8fad6c4ec6654759bfc665cbaf7991ddcdf0aaa916831c8b6aa440192d57b242038 lighttpd.initd +9d2ab5deb7353ebf290e90936b511941df440859c78589d0bcf130ef69a5e9c79e4d318548b6b118df002083c46f7476230a28954b7a10a9dbd05040e02b1291 lighttpd.confd +0536b4f21d2e8659f7831b45998c13d9f6051ae7ecde13be01f372f837d255bfc4e211de48a7686cc743d53aa9c08ab3f10ec19788896dcf8356b90053ca7a16 lighttpd.logrotate +b0fd7500ea7f7f7f9fbf04bb66eb06050cfed57bdc1730900b4c559598176442e4504395f1d406e037e7cffeaa1451d40a6cad408570f7f7e1dd6cc26c968912 lighttpd.conf +a3f2f5763885d7e4f510491b24164e34aaf62bb02daa12991575dc64335c12668355af5bb8d6ce191eb4e9cce95324b1f7c9ba61b323b4e7b50a1e03e021afcf mime-types.conf +27cc638d8068dcf47bd9db44943d1db6c6f4e8e6abd6b42af7cea004b1c093440068541d98c68f8bea70b956713adaf8ed59a4b642dea826ee8620a05f8cfde5 mod_cgi.conf +1d15b84c03fb648a0e67ab5c5411b85478b4454c44bc2959cc96d1700eeadd7ff429520a5f1550db6527267646622dccd3d47d3fd1258869fccaf5c22d4ad4b2 mod_fastcgi.conf +f9efc4b70d825600f5356c30e57d0b6cac11c01739337f7192c09c2cfd96cb76c8328b11d818ea4c2addc1a6d253975b84700106ae75854d55d0df73e220bd2b mod_fastcgi_fpm.conf +ce35c1d65d7b4fedd1fcfadd8a5e906d5efa8dcda318a4fa69958b708c2df329f708591f43b12adaaac4da6a2913d0cc8f9745e636e7f2016c1075bcd52c6bb2 char-signedness.patch" diff --git a/user/lighttpd/char-signedness.patch b/user/lighttpd/char-signedness.patch new file mode 100644 index 000000000..43f7f5faf --- /dev/null +++ b/user/lighttpd/char-signedness.patch @@ -0,0 +1,46 @@ + +Added by gstrauss 16 days ago + + ID d4083effab0f9bf76528d5c47198b17e7471ed13 + Parent 0c95ed37 + Child 37f9b60d + +[core] fix base64 decode when char is unsigned (fixes #2848) + +thx, codehero + +x-ref: +"buffer_append_base64_decode() broken on compilers where char is assumed unsigned" +https://redmine.lighttpd.net/issues/2848 + +diff --git a/src/base64.c b/src/base64.c +index f39dbaa2..3034181a 100644 +--- a/src/base64.c ++++ b/src/base64.c +@@ -11,7 +11,7 @@ + + /* BASE64_STANDARD: "A-Z a-z 0-9 + /" maps to 0-63, pad with "=" */ + static const char base64_standard_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; +-static const char base64_standard_reverse_table[] = { ++static const signed char base64_standard_reverse_table[] = { + /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */ + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */ +@@ -25,7 +25,7 @@ static const char base64_standard_reverse_table[] = { + + /* BASE64_URL: "A-Z a-z 0-9 - _" maps to 0-63, pad with "." */ + static const char base64_url_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_."; +-static const char base64_url_reverse_table[] = { ++static const signed char base64_url_reverse_table[] = { + /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */ + -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */ + -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */ +@@ -42,7 +42,7 @@ unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t i + size_t out_pos = 0; /* current output character (position) that is decoded. can contain partial result */ + unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */ + size_t i; +- const char *base64_reverse_table; ++ const signed char *base64_reverse_table; + + switch (charset) { + case BASE64_STANDARD: diff --git a/user/lighttpd/lighttpd.conf b/user/lighttpd/lighttpd.conf new file mode 100644 index 000000000..cfec00065 --- /dev/null +++ b/user/lighttpd/lighttpd.conf @@ -0,0 +1,261 @@ +################################### +# Default lighttpd.conf for Adélie +################################### + + +######## Variables ######## +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" + + +######## Modules ######## +# NOTE: the order of modules is important. +server.modules = ( +# "mod_rewrite", +# "mod_redirect", +# "mod_alias", + "mod_access", +# "mod_cml", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", + "mod_setenv", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", + "mod_compress", +# "mod_ssi", +# "mod_usertrack", + "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_webdav", + "mod_accesslog" +) + + +######## Inclusions ######## +include "mime-types.conf" +# uncomment for cgi support +# include "mod_cgi.conf" +# uncomment for php/fastcgi support +# include "mod_fastcgi.conf" +# uncomment for php/fastcgi fpm support +# include "mod_fastcgi_fpm.conf" + + +######## Global Settings ######## +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/run/lighttpd.pid" + +server.errorlog = var.logdir + "/error.log" +# To log errors to syslog instead, use: +# server.errorlog-use-syslog = "enable" + +server.indexfiles = ("index.html", "index.htm", "default.htm") + +# server.tag = "lighttpd" + +server.follow-symlink = "enable" + +server.event-handler = "linux-sysepoll" + +# To chroot to a directory: +# server.chroot = "/" + +# Default bind port is 80. To change: +# server.port = 81 + +# Default bind address is global (0.0.0.0). To change: +# server.bind = "grisu.home.kneschke.de" + +# error-handler for status 404 +# server.error-handler-404 = "/error-handler.html" + +# Format: <errorfile-prefix><status-code>.html +# -> ..../status-404.html for 'File not found' +# server.errorfile-prefix = var.basedir + "/error/status-" + +# FAM support for caching stat() calls +server.stat-cache-engine = "fam" + +# which extensions should not be handled via static-file transfer +# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc). +static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi") + + +######## mod_accesslog config ######## +accesslog.filename = var.logdir + "/access.log" + + +######## mod_dirlisting config ######## +# Enable directory listings if no indexfile is present. +#dir-listing.activate = "enable" + +# Don't list hidden files/directories (beginning with '.') +#dir-listing.hide-dotfiles = "enable" +# +# Specify a path here for custom directory listing CSS: +#dir-listing.external-css = "/path/to/dir-listing.css" +# +# Exclude files that match any regex in this list from directory listings: +#dir-listing.exclude = ("^\.", "~$") + + +######## mod_access config ######## +# See access.txt in lighttpd-doc package for more info. + +url.access-deny = ("~", ".inc") + + +######## mod_userdir config ######## +# This will give all users with valid homedirs the chance to publish a +# webpage from this server using traditional /~username/ paths. +# See userdir.txt in lighttpd-doc package for more info. +# +#userdir.path = "public_html" +#userdir.exclude-user = ("root") + + +######## mod_ssi config ######## +# This allows you to use server-side includes. +#ssi.extension = (".shtml") + + +######## SSL config ######## +# See ssl.txt in lighttpd-doc package for more info. +# The defaults here are NOT the server defaults. You need to uncomment +# them to use them. They are HIGHLY recommended; by default, lighttpd +# will serve older TLS protocols that may be vulnerable to attack. +# +#ssl.engine = "enable" +#ssl.honor-cipher-order = "enable" +#ssl.disable-client-renegotiation = "enable" +# pemfile is cert+privkey, ca-file is the intermediate chain in one file +#ssl.pemfile = "/path/to/signed_cert_plus_private_key.pem" +#ssl.ca-file = "/path/to/intermediate_certificate.pem" +# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`) +#ssl.ec-curve = "secp384r1" +# Environment flag for HTTPS enabled +#setenv.add-environment = ( +# "HTTPS" => "on" +#) +# Modern configuration, tweak to your needs +#ssl.use-sslv2 = "disable" +#ssl.use-sslv3 = "disable" +#ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" +# HSTS(15768000 seconds = 6 months) +#setenv.add-response-header = ( +# "Strict-Transport-Security" => "max-age=15768000;" +#) + + +######## mod_status config ######## +# This is generally handy and won't expose any sensitive info. +#status.status-url = "/server-status" +# This will expose some of your configuration to the world! +#status.config-url = "/server-config" + + +######## mod_compress config ######## +compress.cache-dir = var.statedir + "/cache/compress" +compress.filetype = ("text/plain", "text/html") + + +######## mod_proxy config ######## +# See proxy.txt in lighttpd-doc package for more info. +# proxy.server = ( ".php" => +# ( "localhost" => +# ( +# "host" => "192.168.0.101", +# "port" => 80 +# ) +# ) +# ) +# }}} + + +######## mod_auth config ######## +# See authentication.txt in lighttpd-doc package for more info. +#auth.backend = "plain" +#auth.backend.plain.userfile = "lighttpd.user" +#auth.backend.plain.groupfile = "lighttpd.group" + +#auth.backend.ldap.hostname = "localhost" +#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" +#auth.backend.ldap.filter = "(uid=$)" + +#auth.require = ( "/server-status" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "user=jan" +# ), +# "/server-info" => +# ( +# "method" => "digest", +# "realm" => "download archiv", +# "require" => "valid-user" +# ) +# ) + + +######## mod_rewrite config ######## +# Apache-style mod_rewrite for implementing URL rewriting. +# See rewrite.txt in lighttpd-doc package for more info. +# +#url.rewrite = ( +# "^/$" => "/server-status" +#) + + +######## mod_redirect config ######## +# See redirect.txt in lighttpd-doc package for more info. +# +#url.redirect = ( +# "^/wishlist/(.+)" => "http://www.123.org/$1" +#) + + +######## mod_expire config ######## +# It is highly recommended you configure Expire: headers correctly to +# conserve bandwidth, especially for users on slow links. +#expire.url = ( +# "/buggy/" => "access 2 hours", +# "/asdhas/" => "access plus 1 seconds 2 minutes" +#) + +# {{{ mod_trigger_b4_dl +# see trigger_b4_dl.txt +# +# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" +# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) +# trigger-before-download.trigger-url = "^/trigger/" +# trigger-before-download.download-url = "^/download/" +# trigger-before-download.deny-url = "http://127.0.0.1/index.html" +# trigger-before-download.trigger-timeout = 10 +# }}} + + +######## mod_webdav config ######## +# lighttpd can act as a WebDAV server. +# See webdav.txt in lighttpd-doc package for more info. +# +#$HTTP["url"] =~ "^/dav($|/)" { +# webdav.activate = "enable" +# webdav.is-readonly = "enable" +#} + + +######## Debugging options ######## +# debug.log-request-header = "enable" +# debug.log-response-header = "enable" +# debug.log-request-handling = "enable" +# debug.log-file-not-found = "enable" + +# vim: set ft=conf foldmethod=marker et : diff --git a/user/lighttpd/lighttpd.confd b/user/lighttpd/lighttpd.confd new file mode 100644 index 000000000..da524afb4 --- /dev/null +++ b/user/lighttpd/lighttpd.confd @@ -0,0 +1,12 @@ +# /etc/conf.d/lighttpd + +# Location of a shell used by the 'include_shell' directive +# in the lighttpd's configuration file +#export SHELL="/bin/bash" + +# Location of the lighttpd configuration file +LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf" + +# Location of the lighttpd pid file +LIGHTTPD_PID="/run/lighttpd.pid" + diff --git a/user/lighttpd/lighttpd.initd b/user/lighttpd/lighttpd.initd new file mode 100644 index 000000000..614cb2132 --- /dev/null +++ b/user/lighttpd/lighttpd.initd @@ -0,0 +1,75 @@ +#!/sbin/openrc-run +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd,v 1.21 2012/01/08 20:45:46 hwoarang Exp $ + +extra_started_commands="reload graceful" +required_files=$LIGHTTPD_CONF + +depend() { + need net + use mysql logger spawn-fcgi ldap slapd netmount dns + after firewall + after famd + after sshd +} + +checkconfig() { + if [ ! -f "${LIGHTTPD_CONF}" ] ; then + ewarn "${LIGHTTPD_CONF} does not exist." + return 1 + fi + + if [ -z "${LIGHTTPD_PID}" ] ; then + ewarn "server.pid-file variable in ${LIGHTTPD_CONF}" + ewarn "is not set. Falling back to lighttpd.pid" + LIGHTTPD_PID="/run/lighttpd.pid" + fi + /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null +} + +start() { + checkconfig || return 1 + checkpath -d -q -m 0750 -o lighttpd:lighttpd /run/lighttpd/ + + ebegin "Starting lighttpd" + start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \ + --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}" + eend $? +} + +stop() { + local rv=0 + ebegin "Stopping lighttpd" + start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}" + eend $? +} + +reload() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Re-opening lighttpd log files" + start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal HUP + eend $? +} + +graceful() { + if ! service_started "${SVCNAME}" ; then + eerror "${SVCNAME} isn't running" + return 1 + fi + checkconfig || return 1 + + ebegin "Gracefully stopping lighttpd" + start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \ + --signal INT + if eend $? ; then + rm -f "${LIGHTTPD_PID}" + start + fi +} diff --git a/user/lighttpd/lighttpd.logrotate b/user/lighttpd/lighttpd.logrotate new file mode 100644 index 000000000..8fbb20fb0 --- /dev/null +++ b/user/lighttpd/lighttpd.logrotate @@ -0,0 +1,15 @@ +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $ +# lighttpd logrotate script for Gentoo + +/var/log/lighttpd/*.log { + daily + missingok + copytruncate + rotate 7 + compress + notifempty + sharedscripts + postrotate + /etc/init.d/lighttpd --quiet --ifstarted reload + endscript +} diff --git a/user/lighttpd/lighttpd.pre-install b/user/lighttpd/lighttpd.pre-install new file mode 100644 index 000000000..81ccda1f9 --- /dev/null +++ b/user/lighttpd/lighttpd.pre-install @@ -0,0 +1,8 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +addgroup -S lighttpd 2>/dev/null +adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G lighttpd -g lighttpd lighttpd 2>/dev/null +addgroup lighttpd www-data 2>/dev/null + +exit 0 diff --git a/user/lighttpd/lighttpd.pre-upgrade b/user/lighttpd/lighttpd.pre-upgrade new file mode 120000 index 000000000..18a7fef66 --- /dev/null +++ b/user/lighttpd/lighttpd.pre-upgrade @@ -0,0 +1 @@ +lighttpd.pre-install
\ No newline at end of file diff --git a/user/lighttpd/mime-types.conf b/user/lighttpd/mime-types.conf new file mode 100644 index 000000000..f24d4d858 --- /dev/null +++ b/user/lighttpd/mime-types.conf @@ -0,0 +1,79 @@ +############################################################################### +# Default mime-types.conf for Gentoo. +# include'd from lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $ +############################################################################### + +# {{{ mime types +mimetype.assign = ( + ".svg" => "image/svg+xml", + ".svgz" => "image/svg+xml", + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".dmg" => "application/x-apple-diskimage", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".h" => "text/plain", + ".cc" => "text/plain", + ".cpp" => "text/plain", + ".hh" => "text/plain", + ".hpp" => "text/plain", + ".conf" => "text/plain", + ".log" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".diff" => "text/plain", + ".patch" => "text/plain", + ".ebuild" => "text/plain", + ".eclass" => "text/plain", + ".rtf" => "application/rtf", + ".bmp" => "image/bmp", + ".tif" => "image/tiff", + ".tiff" => "image/tiff", + ".ico" => "image/x-icon", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar" + ) +# }}} + +# vim: set ft=conf foldmethod=marker et : diff --git a/user/lighttpd/mod_cgi.conf b/user/lighttpd/mod_cgi.conf new file mode 100644 index 000000000..1cb3770f9 --- /dev/null +++ b/user/lighttpd/mod_cgi.conf @@ -0,0 +1,33 @@ +############################################################################### +# mod_cgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $ +############################################################################### + +# +# see cgi.txt for more information on using mod_cgi +# + +server.modules += ("mod_cgi") + +# NOTE: this requires mod_alias +alias.url = ( + "/cgi-bin/" => var.basedir + "/cgi-bin/" +) + +# +# Note that you'll also want to enable the +# cgi-bin alias via mod_alias (above). +# + +$HTTP["url"] =~ "^/cgi-bin/" { + # disable directory listings + dir-listing.activate = "disable" + # only allow cgi's in this directory + cgi.assign = ( + ".pl" => "/usr/bin/perl", + ".cgi" => "/usr/bin/perl" + ) +} + +# vim: set ft=conf foldmethod=marker et : diff --git a/user/lighttpd/mod_fastcgi.conf b/user/lighttpd/mod_fastcgi.conf new file mode 100644 index 000000000..549b84c2e --- /dev/null +++ b/user/lighttpd/mod_fastcgi.conf @@ -0,0 +1,17 @@ +############################################################################### +# mod_fastcgi.conf +# include'd by lighttpd.conf. +# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $ +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/user/lighttpd/mod_fastcgi_fpm.conf b/user/lighttpd/mod_fastcgi_fpm.conf new file mode 100644 index 000000000..926137a43 --- /dev/null +++ b/user/lighttpd/mod_fastcgi_fpm.conf @@ -0,0 +1,16 @@ +############################################################################### +# mod_fastcgi_fpm.conf +# include'd by lighttpd.conf. +############################################################################### + +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "host" => "127.0.0.1", + "port" => "9000" + ) + ) + ) + +# vim: set ft=conf foldmethod=marker et : diff --git a/user/lm_sensors/APKBUILD b/user/lm_sensors/APKBUILD new file mode 100644 index 000000000..694adb868 --- /dev/null +++ b/user/lm_sensors/APKBUILD @@ -0,0 +1,85 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=lm_sensors +pkgver=3.4.0 +pkgrel=5 +pkgdesc="Collection of user space tools for general SMBus access and hardware monitoring." +url="http://www.lm-sensors.org/" +arch="all" +license="GPL" +options="!check" # No test suite. +depends="bash sysfsutils" +makedepends="perl rrdtool-dev bison flex which" +subpackages="$pkgname-dev $pkgname-doc $pkgname-detect $pkgname-sensord + $pkgname-sensord-openrc:sensord_openrc" +#install=sensors.install + +# 2015-11-11 (bpiotrowski): upstream website is down, Fedora mirrored the file +#source="http://dl.lm-sensors.org/lm-sensors/releases/$pkgname-$pkgver.tar.bz2 +source="http://pkgs.fedoraproject.org/repo/pkgs/lm_sensors/lm_sensors-3.4.0.tar.bz2/c03675ae9d43d60322110c679416901a/lm_sensors-3.4.0.tar.bz2 + sensors-detect-alpine.patch + musl-fix-includes.patch + fancontrol.initd + sensord.confd + sensord.initd + " + +prepare() { + cd "$builddir" + sed -i -e 's:^# \(PROG_EXTRA\):\1:' Makefile + # Respect LDFLAGS + sed -i -e 's/\$(LIBDIR)$/\$(LIBDIR) \$(LDFLAGS)/g' Makefile + sed -i -e 's/\$(LIBSHSONAME) -o/$(LIBSHSONAME) \$(LDFLAGS) -o/g' \ + lib/Module.mk + + # do not check for libiconv in ldconfig cache + sed -i -e 's/^LIBICONV.*/LIBICONV ?=/' prog/sensors/Module.mk + + default_prepare +} + +build() { + cd "$builddir" + export CFLAGS="$CFLAGS -fno-stack-protector" + make PREFIX=/usr user +} + +package() { + cd "$builddir" + make PROG_EXTRA:=sensord user_install \ + PREFIX=/usr \ + MANDIR=/usr/share/man \ + DESTDIR="$pkgdir" + + cd "$srcdir" + install -Dm755 fancontrol.initd "$pkgdir"/etc/init.d/fancontrol +} + +detect() { + depends="perl" + pkgdesc="Detection/migration scripts for lm_sensors" + mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin + cd "$pkgdir" + mv usr/bin/sensors-conf-convert "$subpkgdir"/usr/bin/ + mv usr/sbin/sensors-detect "$subpkgdir"/usr/bin/ +} + +sensord() { + pkgdesc="sensord daemon" + cd "$builddir" + mkdir -p "$subpkgdir"/usr/sbin + mv "$pkgdir"/usr/sbin/sensord "$subpkgdir"/usr/sbin/sensord +} + +sensord_openrc() { + pkgdesc="sensord daemon (OpenRC init scripts)" + install_if="sensord=$pkgver-r$pkgrel openrc" + install -Dm755 "$srcdir"/sensord.initd "$subpkgdir"/etc/init.d/sensord + install -Dm755 "$srcdir"/sensord.confd "$subpkgdir"/etc/conf.d/sensord +} + +sha512sums="993064bd14b855c1ae8c057e89313df5b3d5efe441fb2e8c3e508f42bb15658564df2563fac8fabbdb0d650dfdbc694037736c748d45cb9d85dfb8fb5a3d1ea9 lm_sensors-3.4.0.tar.bz2 +794cf2aaa2a9e809c6b67f4c888a89064bba3e5b9333a9f0101a92372c25012e506fa48e86523f57cf30e5c2a808bc38058fd8640c870ea6b48faab44794cfbb sensors-detect-alpine.patch +333751cb580c94f2d32ef5520d2f2acc0ef7e1cd4a6390ea75cae4c755fbdfcade1805c979ba3319905f1267bdc120a6746e6f70d89e0c72a8c2faefd34a9e79 musl-fix-includes.patch +04756c3844033dc7897e1348181140a43f8470c1bb863f1524b21bbe6be2f13fbf17ac3a68270c96a70d8c148124fea569d1ef75619bbe383e15ec705ea18b21 fancontrol.initd +a77d81ab7ded085ba19e4c637e93268f889ccb8ce9e008a210ae135cb6e2140be07e5d455cf7fcc1084fd57cfbfb3f2bb37207123aebe9566f78b5183806fd7d sensord.confd +9a19874c158e82ab076ed5fb96a40d4bfb4957bfd5a2ce66aa207c06e577bc1b048336c0046a9f856f6d00dc10e68a0dc9726f6e726a8f7bfd50c4043ee1e26a sensord.initd" diff --git a/user/lm_sensors/fancontrol.initd b/user/lm_sensors/fancontrol.initd new file mode 100644 index 000000000..cb29a9ee9 --- /dev/null +++ b/user/lm_sensors/fancontrol.initd @@ -0,0 +1,33 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/fancontrol-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $ + +CONFIG=/etc/fancontrol +PID=/var/run/fancontrol.pid + +depend() { + after lm_sensors +} + +checkconfig() { + if [ ! -f ${CONFIG} ]; then + eerror "Configuration file ${CONFIG} not found" + return 1 + fi +} + +start() { + checkconfig || return 1 + + ebegin "Starting fancontrol" + start-stop-daemon --start --quiet --background --pidfile ${PID} \ + --exec /usr/sbin/fancontrol -- ${CONFIG} + eend ${?} +} + +stop() { + ebegin "Stopping fancontrol" + start-stop-daemon --stop --pidfile ${PID} + eend ${?} +} diff --git a/user/lm_sensors/musl-fix-includes.patch b/user/lm_sensors/musl-fix-includes.patch new file mode 100644 index 000000000..501f2dd76 --- /dev/null +++ b/user/lm_sensors/musl-fix-includes.patch @@ -0,0 +1,62 @@ +--- lm_sensors-3.3.4.orig/prog/dump/isadump.c ++++ lm_sensors-3.3.4/prog/dump/isadump.c +@@ -36,13 +36,7 @@ + #include "util.h" + #include "superio.h" + +- +-/* To keep glibc2 happy */ +-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0 + #include <sys/io.h> +-#else +-#include <asm/io.h> +-#endif + + #ifdef __powerpc__ + unsigned long isa_io_base = 0; /* XXX for now */ +--- lm_sensors-3.3.4.orig/prog/dump/isaset.c ++++ lm_sensors-3.3.4/prog/dump/isaset.c +@@ -32,13 +32,7 @@ + #include <string.h> + #include "util.h" + +- +-/* To keep glibc2 happy */ +-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0 + #include <sys/io.h> +-#else +-#include <asm/io.h> +-#endif + + #ifdef __powerpc__ + unsigned long isa_io_base = 0; /* XXX for now */ +--- lm_sensors-3.3.4.orig/prog/dump/superio.c ++++ lm_sensors-3.3.4/prog/dump/superio.c +@@ -20,12 +20,7 @@ + */ + + #include <stdlib.h> +- +-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0 + #include <sys/io.h> +-#else +-#include <asm/io.h> +-#endif + + #include "superio.h" + +--- lm_sensors-3.3.4.orig/prog/dump/util.c ++++ lm_sensors-3.3.4/prog/dump/util.c +@@ -11,12 +11,7 @@ + #include <stdio.h> + #include "util.h" + +-/* To keep glibc2 happy */ +-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0 + #include <sys/io.h> +-#else +-#include <asm/io.h> +-#endif + + /* Return 1 if we should continue, 0 if we should abort */ + int user_ack(int def) diff --git a/user/lm_sensors/sensord.confd b/user/lm_sensors/sensord.confd new file mode 100644 index 000000000..d82841aeb --- /dev/null +++ b/user/lm_sensors/sensord.confd @@ -0,0 +1,3 @@ +# Extra options to pass to the sensord daemon, +# see sensord(8) for more information +SENSORD_OPTIONS="" diff --git a/user/lm_sensors/sensord.initd b/user/lm_sensors/sensord.initd new file mode 100644 index 000000000..c100b1aa1 --- /dev/null +++ b/user/lm_sensors/sensord.initd @@ -0,0 +1,33 @@ +#!/sbin/openrc-run +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/sensord-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $ + +CONFIG=/etc/sensors3.conf + +depend() { + need logger + use lm_sensors +} + +checkconfig() { + if [ ! -f ${CONFIG} ]; then + eerror "Configuration file ${CONFIG} not found" + return 1 + fi +} + +start() { + checkconfig || return 1 + + ebegin "Starting sensord" + start-stop-daemon --start --exec /usr/sbin/sensord \ + -- --config-file ${CONFIG} ${SENSORD_OPTIONS} + eend ${?} +} + +stop() { + ebegin "Stopping sensord" + start-stop-daemon --stop --pidfile /var/run/sensord.pid + eend ${?} +} diff --git a/user/lm_sensors/sensors-detect-alpine.patch b/user/lm_sensors/sensors-detect-alpine.patch new file mode 100644 index 000000000..319fcec06 --- /dev/null +++ b/user/lm_sensors/sensors-detect-alpine.patch @@ -0,0 +1,47 @@ +diff --git a/prog/detect/sensors-detect b/prog/detect/sensors-detect +index 08721f0..6e83e97 100755 +--- a/prog/detect/sensors-detect ++++ b/prog/detect/sensors-detect +@@ -7059,31 +7059,20 @@ sub write_config + } + } + +- my $have_sysconfig = -d '/etc/sysconfig'; +- printf "Do you want to \%s /etc/sysconfig/lm_sensors? (\%s): ", +- (-e '/etc/sysconfig/lm_sensors' ? 'overwrite' : 'generate'), +- ($have_sysconfig ? 'YES/no' : 'yes/NO'); ++ my $config = '/etc/modules-load.d/lm_sensors.conf'; ++ my $have_config = -f $config; ++ printf "Do you want to \%s \%s? (\%s): ", ++ (-e $config ? 'overwrite' : 'generate'), ++ $config, ++ ($have_config ? 'YES/no' : 'yes/NO'); + $_ = read_answer(); +- if (($have_sysconfig and not m/^\s*n/i) or m/^\s*y/i) { +- unless ($have_sysconfig) { +- mkdir('/etc/sysconfig', 0777) +- or die "Sorry, can't create /etc/sysconfig ($!)"; +- } +- open(local *SYSCONFIG, ">/etc/sysconfig/lm_sensors") +- or die "Sorry, can't create /etc/sysconfig/lm_sensors ($!)"; ++ if (($have_config and not m/^\s*n/i) or m/^\s*y/i) { ++ open(local *SYSCONFIG, ">$config") ++ or die "Sorry, can't create $config ($!)"; + print SYSCONFIG "# Generated by sensors-detect on " . scalar localtime() . "\n"; +- print SYSCONFIG <<'EOT'; +-# This file is sourced by /etc/init.d/lm_sensors and defines the modules to +-# be loaded/unloaded. +-# +-# The format of this file is a shell script that simply defines variables: +-# HWMON_MODULES for hardware monitoring driver modules, and optionally +-# BUS_MODULES for any required bus driver module (for example for I2C or SPI). +- +-EOT +- print SYSCONFIG "BUS_MODULES=\"", join(" ", @{$bus_modules}), "\"\n" ++ print SYSCONFIG join("\n", @{$bus_modules}), "\n" + if @{$bus_modules}; +- print SYSCONFIG "HWMON_MODULES=\"", join(" ", @{$hwmon_modules}), "\"\n"; ++ print SYSCONFIG join("\n", @{$hwmon_modules}), "\n"; + close(SYSCONFIG); + + if (-x "/bin/systemctl" && -d "/lib/systemd/system" && diff --git a/user/lm_sensors/sensors.install b/user/lm_sensors/sensors.install new file mode 100644 index 000000000..d593f8414 --- /dev/null +++ b/user/lm_sensors/sensors.install @@ -0,0 +1,12 @@ +post_install() { + echo ">>> to control the lm_sensors daemon type" + echo ">>> \"/etc/rc.d/sensors start|stop|restart\" " + echo ">>> --------------------------------------" + echo ">>> before you can use the fancontrol daemon" + echo ">>> first create a fancontrol config file, use \"pwmconfig\"" + echo ">>> then type \"/etc/rc.d/fancontrol start|stop|restart\" " + echo ">>> --------------------------------------" + echo ">>> to decode memory SPD timings modprobe eeprom module" + echo ">>> and get this perl script from" + echo ">>> \"http://www.lm-sensors.org/browser/lm-sensors/trunk/prog/eeprom/decode-dimms.pl\"" +} diff --git a/user/ltrace/APKBUILD b/user/ltrace/APKBUILD new file mode 100644 index 000000000..bd07768bf --- /dev/null +++ b/user/ltrace/APKBUILD @@ -0,0 +1,44 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=ltrace +pkgver=0.7.3 +pkgrel=2 +pkgdesc="Tracks runtime library calls in dynamically linked programs" +url="http://ltrace.alioth.debian.org/" +arch="all" +options="!check" # Test suite has glibc stuff hardcoded. +license="GPL-2.0+" +makedepends="linux-headers libelf-dev autoconf automake" +subpackages="$pkgname-doc" +# you find latest release here, but need a login: +# https://alioth.debian.org/frs/?group_id=30892 +source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.bz2 + musl.patch + aarch64.patch + add_ppc64le.patch" + +builddir="$srcdir/$pkgname-$pkgver" +prepare() { + default_prepare + aclocal && autoconf && automake --add-missing --force +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --disable-werror + make +} + +package() { + cd "$builddir" + make install INSTALL=install DESTDIR="$pkgdir" +} + +sha512sums="a842b16dcb81da869afa0bddc755fdff0d57b35672505bf2c7164fd983b1938d28b126714128930994cc1230ced69d779456d0cfc16f4008c9b6d19f0852285d ltrace-0.7.3.tar.bz2 +c53e05471c52e161a7f7389994c6467e8f3671c5d8478546bc1897f067c62aeab848d728295f339a241a3fc186e180d47bcc2872a6335877c3813b1b62834698 musl.patch +e6682f8c9e1e049286b6462bbab03cbdcf31c1770f649be997393cbd9b3b2ce8ada93766474e16bb604624ffe3e3d46d467bfbedecac2af31b904bb4e763d43a aarch64.patch +987c6d18bdb559e8fe739f09cfb0b567dafcf79b2bd5db7ca32ebb205f3b1d74a8008576e4d73ea90873c1ab9bed17d96ddb7ad8752bf0a160ea0638c955eb1f add_ppc64le.patch" diff --git a/user/ltrace/aarch-part2.patch b/user/ltrace/aarch-part2.patch new file mode 100644 index 000000000..c40d0a797 --- /dev/null +++ b/user/ltrace/aarch-part2.patch @@ -0,0 +1,1982 @@ +From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001 +From: Petr Machata <pmachata@redhat.com> +Date: Fri, 24 Jan 2014 00:50:06 +0100 +Subject: [PATCH 1/1] Implement aarch64 support + +- IFUNC support is not implemented, the rest works well. The only + other failure is in wide char functions, and that occurs on x86_64 + as well. +--- + configure.ac | 3 +- + sysdeps/linux-gnu/Makefile.am | 4 +- + sysdeps/linux-gnu/aarch64/Makefile.am | 25 + + sysdeps/linux-gnu/aarch64/arch.h | 37 ++ + sysdeps/linux-gnu/aarch64/fetch.c | 365 +++++++++++ + sysdeps/linux-gnu/aarch64/plt.c | 38 ++ + sysdeps/linux-gnu/aarch64/ptrace.h | 22 + + sysdeps/linux-gnu/aarch64/regs.c | 130 ++++ + sysdeps/linux-gnu/aarch64/signalent.h | 52 ++ + sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++ + sysdeps/linux-gnu/aarch64/trace.c | 83 +++ + 11 files changed, 1857 insertions(+), 2 deletions(-) + create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am + create mode 100644 sysdeps/linux-gnu/aarch64/arch.h + create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c + create mode 100644 sysdeps/linux-gnu/aarch64/plt.c + create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h + create mode 100644 sysdeps/linux-gnu/aarch64/regs.c + create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h + create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h + create mode 100644 sysdeps/linux-gnu/aarch64/trace.c + +diff --git a/configure.ac b/configure.ac +index c6e6bf0..0e9a124 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,6 +1,6 @@ + # -*- Autoconf -*- + # This file is part of ltrace. +-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc. ++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc. + # Copyright (C) 2010,2011 Joe Damato + # Copyright (C) 2010 Marc Kleine-Budde + # Copyright (C) 2010 Zachary T Welch +@@ -399,6 +399,7 @@ AC_CONFIG_FILES([ + Makefile + sysdeps/Makefile + sysdeps/linux-gnu/Makefile ++ sysdeps/linux-gnu/aarch64/Makefile + sysdeps/linux-gnu/alpha/Makefile + sysdeps/linux-gnu/arm/Makefile + sysdeps/linux-gnu/cris/Makefile +diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am +index ecee577..ec26162 100644 +--- a/sysdeps/linux-gnu/Makefile.am ++++ b/sysdeps/linux-gnu/Makefile.am +@@ -1,4 +1,5 @@ + # This file is part of ltrace. ++# Copyright (C) 2014 Petr Machata, Red Hat, Inc. + # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix + # + # This program is free software; you can redistribute it and/or +@@ -16,7 +17,8 @@ + # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + # 02110-1301 USA + +-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86 ++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390 \ ++ sparc x86 + + SUBDIRS = \ + $(HOST_CPU) +diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am +new file mode 100644 +index 0000000..0af4e6e +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/Makefile.am +@@ -0,0 +1,25 @@ ++# This file is part of ltrace. ++# Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of the ++# License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++# 02110-1301 USA ++ ++noinst_LTLIBRARIES = ../libcpu.la ++ ++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c ++ ++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h ++ ++MAINTAINERCLEANFILES = Makefile.in +diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h +new file mode 100644 +index 0000000..4137613 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/arch.h +@@ -0,0 +1,37 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++#ifndef LTRACE_AARCH64_ARCH_H ++#define LTRACE_AARCH64_ARCH_H ++ ++/* | 31 21 | 20 5 | 4 0 | * ++ * | 1 1 0 1 0 1 0 0 0 0 1 | imm16 | 0 0 0 0 0 | */ ++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 } ++#define BREAKPOINT_LENGTH 4 ++#define DECR_PC_AFTER_BREAK 0 ++ ++#define LT_ELFCLASS ELFCLASS64 ++#define LT_ELF_MACHINE EM_AARCH64 ++ ++#define ARCH_HAVE_FETCH_ARG ++#define ARCH_ENDIAN_BIG ++#define ARCH_HAVE_SIZEOF ++#define ARCH_HAVE_ALIGNOF ++ ++#endif /* LTRACE_AARCH64_ARCH_H */ +diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c +new file mode 100644 +index 0000000..8779f03 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/fetch.c +@@ -0,0 +1,365 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> ++#include <stdlib.h> ++#include <string.h> ++ ++#include "fetch.h" ++#include "proc.h" ++#include "type.h" ++#include "value.h" ++ ++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs); ++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs); ++ ++ ++struct fetch_context ++{ ++ struct user_pt_regs gregs; ++ struct user_fpsimd_state fpregs; ++ arch_addr_t nsaa; ++ unsigned ngrn; ++ unsigned nsrn; ++ arch_addr_t x8; ++}; ++ ++static int ++context_init(struct fetch_context *context, struct Process *proc) ++{ ++ if (aarch64_read_gregs(proc, &context->gregs) < 0 ++ || aarch64_read_fregs(proc, &context->fpregs) < 0) ++ return -1; ++ ++ context->ngrn = 0; ++ context->nsrn = 0; ++ /* XXX double cast */ ++ context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp; ++ context->x8 = 0; ++ ++ return 0; ++} ++ ++struct fetch_context * ++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context) ++{ ++ struct fetch_context *ret = malloc(sizeof(*ret)); ++ if (ret == NULL) ++ return NULL; ++ return memcpy(ret, context, sizeof(*ret)); ++} ++ ++static void ++fetch_next_gpr(struct fetch_context *context, unsigned char *buf) ++{ ++ uint64_t u = context->gregs.regs[context->ngrn++]; ++ memcpy(buf, &u, 8); ++} ++ ++static int ++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz) ++{ ++ if (sz < 8) ++ sz = 8; ++ ++ unsigned char *buf = value_reserve(value, sz); ++ if (buf == NULL) ++ return -1; ++ ++ size_t i; ++ for (i = 0; i < sz; i += 8) ++ fetch_next_gpr(context, buf + i); ++ ++ return 0; ++} ++ ++static void ++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz) ++{ ++ __int128 u = context->fpregs.vregs[context->nsrn++]; ++ memcpy(buf, &u, sz); ++} ++ ++static int ++fetch_sse(struct fetch_context *context, struct value *value, size_t sz) ++{ ++ unsigned char *buf = value_reserve(value, sz); ++ if (buf == NULL) ++ return -1; ++ ++ fetch_next_sse(context, buf, sz); ++ return 0; ++} ++ ++static int ++fetch_hfa(struct fetch_context *context, ++ struct value *value, struct arg_type_info *hfa_t, size_t count) ++{ ++ size_t sz = type_sizeof(value->inferior, hfa_t); ++ unsigned char *buf = value_reserve(value, sz * count); ++ if (buf == NULL) ++ return -1; ++ ++ size_t i; ++ for (i = 0; i < count; ++i) { ++ fetch_next_sse(context, buf, sz); ++ buf += sz; ++ } ++ return 0; ++} ++ ++static int ++fetch_stack(struct fetch_context *context, struct value *value, ++ size_t align, size_t sz) ++{ ++ if (align < 8) ++ align = 8; ++ size_t amount = ((sz + align - 1) / align) * align; ++ ++ /* XXX double casts */ ++ uintptr_t sp = (uintptr_t) context->nsaa; ++ sp = ((sp + align - 1) / align) * align; ++ ++ value_in_inferior(value, (arch_addr_t) sp); ++ ++ sp += amount; ++ context->nsaa = (arch_addr_t) sp; ++ ++ return 0; ++} ++ ++enum convert_method { ++ CVT_ERR = -1, ++ CVT_NOP = 0, ++ CVT_BYREF, ++}; ++ ++enum fetch_method { ++ FETCH_NOP, ++ FETCH_STACK, ++ FETCH_GPR, ++ FETCH_SSE, ++ FETCH_HFA, ++}; ++ ++struct fetch_script { ++ enum convert_method c; ++ enum fetch_method f; ++ size_t sz; ++ struct arg_type_info *hfa_t; ++ size_t count; ++}; ++ ++static struct fetch_script ++pass_arg(struct fetch_context const *context, ++ struct Process *proc, struct arg_type_info *info) ++{ ++ enum fetch_method cvt = CVT_NOP; ++ ++ size_t sz = type_sizeof(proc, info); ++ if (sz == (size_t) -1) ++ return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz }; ++ ++ switch (info->type) { ++ case ARGTYPE_VOID: ++ return (struct fetch_script) { cvt, FETCH_NOP, sz }; ++ ++ case ARGTYPE_STRUCT: ++ case ARGTYPE_ARRAY:; ++ size_t count; ++ struct arg_type_info *hfa_t = type_get_hfa_type(info, &count); ++ if (hfa_t != NULL && count <= 4) { ++ if (context->nsrn + count <= 8) ++ return (struct fetch_script) ++ { cvt, FETCH_HFA, sz, hfa_t, count }; ++ return (struct fetch_script) ++ { cvt, FETCH_STACK, sz, hfa_t, count }; ++ } ++ ++ if (sz <= 16) { ++ size_t count = sz / 8; ++ if (context->ngrn + count <= 8) ++ return (struct fetch_script) ++ { cvt, FETCH_GPR, sz }; ++ } ++ ++ cvt = CVT_BYREF; ++ sz = 8; ++ /* Fall through. */ ++ ++ case ARGTYPE_POINTER: ++ case ARGTYPE_INT: ++ case ARGTYPE_UINT: ++ case ARGTYPE_LONG: ++ case ARGTYPE_ULONG: ++ case ARGTYPE_CHAR: ++ case ARGTYPE_SHORT: ++ case ARGTYPE_USHORT: ++ if (context->ngrn < 8 && sz <= 8) ++ return (struct fetch_script) { cvt, FETCH_GPR, sz }; ++ /* We don't support types wider than 8 bytes as of ++ * now. */ ++ assert(sz <= 8); ++ ++ return (struct fetch_script) { cvt, FETCH_STACK, sz }; ++ ++ case ARGTYPE_FLOAT: ++ case ARGTYPE_DOUBLE: ++ if (context->nsrn < 8) { ++ /* ltrace doesn't support float128. */ ++ assert(sz <= 8); ++ return (struct fetch_script) { cvt, FETCH_SSE, sz }; ++ } ++ ++ return (struct fetch_script) { cvt, FETCH_STACK, sz }; ++ } ++ ++ assert(! "Failed to allocate argument."); ++ abort(); ++} ++ ++static int ++convert_arg(struct value *value, struct fetch_script how) ++{ ++ switch (how.c) { ++ case CVT_NOP: ++ return 0; ++ case CVT_BYREF: ++ return value_pass_by_reference(value); ++ case CVT_ERR: ++ return -1; ++ } ++ ++ assert(! "Don't know how to convert argument."); ++ abort(); ++} ++ ++static int ++fetch_arg(struct fetch_context *context, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value, struct fetch_script how) ++{ ++ if (convert_arg(value, how) < 0) ++ return -1; ++ ++ switch (how.f) { ++ case FETCH_NOP: ++ return 0; ++ ++ case FETCH_STACK: ++ if (how.hfa_t != NULL && how.count != 0 && how.count <= 8) ++ context->nsrn = 8; ++ return fetch_stack(context, value, ++ type_alignof(proc, info), how.sz); ++ ++ case FETCH_GPR: ++ return fetch_gpr(context, value, how.sz); ++ ++ case FETCH_SSE: ++ return fetch_sse(context, value, how.sz); ++ ++ case FETCH_HFA: ++ return fetch_hfa(context, value, how.hfa_t, how.count); ++ } ++ ++ assert(! "Don't know how to fetch argument."); ++ abort(); ++} ++ ++struct fetch_context * ++arch_fetch_arg_init(enum tof type, struct Process *proc, ++ struct arg_type_info *ret_info) ++{ ++ struct fetch_context *context = malloc(sizeof *context); ++ if (context == NULL || context_init(context, proc) < 0) { ++ fail: ++ free(context); ++ return NULL; ++ } ++ ++ /* There's a provision in ARMv8 parameter passing convention ++ * for returning types that, if passed as first argument to a ++ * function, would be passed on stack. For those types, x8 ++ * contains an address where the return argument should be ++ * placed. The callee doesn't need to preserve the value of ++ * x8, so we need to fetch it now. ++ * ++ * To my knowledge, there are currently no types where this ++ * holds, but the code is here, utterly untested. */ ++ ++ struct fetch_script how = pass_arg(context, proc, ret_info); ++ if (how.c == CVT_ERR) ++ goto fail; ++ if (how.c == CVT_NOP && how.f == FETCH_STACK) { ++ /* XXX double cast. */ ++ context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8]; ++ /* See the comment above about the assert. */ ++ assert(! "Unexpected: first argument passed on stack."); ++ abort(); ++ } ++ ++ return context; ++} ++ ++int ++arch_fetch_arg_next(struct fetch_context *context, enum tof type, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value) ++{ ++ return fetch_arg(context, proc, info, value, ++ pass_arg(context, proc, info)); ++} ++ ++int ++arch_fetch_retval(struct fetch_context *context, enum tof type, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value) ++{ ++ if (context->x8 != 0) { ++ value_in_inferior(value, context->x8); ++ return 0; ++ } ++ ++ if (context_init(context, proc) < 0) ++ return -1; ++ ++ return fetch_arg(context, proc, info, value, ++ pass_arg(context, proc, info)); ++} ++ ++void ++arch_fetch_arg_done(struct fetch_context *context) ++{ ++ if (context != NULL) ++ free(context); ++} ++ ++size_t ++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg) ++{ ++ return (size_t) -2; ++} ++ ++size_t ++arch_type_alignof(struct Process *proc, struct arg_type_info *arg) ++{ ++ return (size_t) -2; ++} +diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c +new file mode 100644 +index 0000000..29dc4c9 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/plt.c +@@ -0,0 +1,38 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <gelf.h> ++ ++#include "backend.h" ++#include "proc.h" ++#include "library.h" ++#include "ltrace-elf.h" ++ ++arch_addr_t ++sym2addr(struct Process *proc, struct library_symbol *sym) ++{ ++ return sym->enter_addr; ++} ++ ++GElf_Addr ++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela) ++{ ++ return lte->plt_addr + 32 + ndx * 16; ++} +diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h +new file mode 100644 +index 0000000..283c314 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/ptrace.h +@@ -0,0 +1,22 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> +diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c +new file mode 100644 +index 0000000..06eb72b +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/regs.c +@@ -0,0 +1,131 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> ++#include <linux/uio.h> ++#include <assert.h> ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include "backend.h" ++#include "proc.h" ++ ++#define PC_OFF (32 * 4) ++ ++int ++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs) ++{ ++ *regs = (struct user_pt_regs) {}; ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++int ++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs) ++{ ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++int ++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs) ++{ ++ *regs = (struct user_fpsimd_state) {}; ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++arch_addr_t ++get_instruction_pointer(struct Process *proc) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* ++ char buf[128]; ++ sprintf(buf, "cat /proc/%d/maps", proc->pid); ++ system(buf); ++ */ ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.pc; ++} ++ ++void ++set_instruction_pointer(struct Process *proc, arch_addr_t addr) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return; ++ } ++ ++ /* XXX double cast */ ++ regs.pc = (uint64_t) (uintptr_t) addr; ++ ++ if (aarch64_write_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't write registers of %d.\n", proc->pid); ++ return; ++ } ++} ++ ++arch_addr_t ++get_stack_pointer(struct Process *proc) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_stack_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.sp; ++} ++ ++arch_addr_t ++get_return_addr(struct Process *proc, arch_addr_t stack_pointer) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_return_addr: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.regs[30]; ++} +diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h +new file mode 100644 +index 0000000..bf56ebc +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/signalent.h +@@ -0,0 +1,52 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2006 Ian Wienand ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++ "SIG_0", /* 0 */ ++ "SIGHUP", /* 1 */ ++ "SIGINT", /* 2 */ ++ "SIGQUIT", /* 3 */ ++ "SIGILL", /* 4 */ ++ "SIGTRAP", /* 5 */ ++ "SIGABRT", /* 6 */ ++ "SIGBUS", /* 7 */ ++ "SIGFPE", /* 8 */ ++ "SIGKILL", /* 9 */ ++ "SIGUSR1", /* 10 */ ++ "SIGSEGV", /* 11 */ ++ "SIGUSR2", /* 12 */ ++ "SIGPIPE", /* 13 */ ++ "SIGALRM", /* 14 */ ++ "SIGTERM", /* 15 */ ++ "SIGSTKFLT", /* 16 */ ++ "SIGCHLD", /* 17 */ ++ "SIGCONT", /* 18 */ ++ "SIGSTOP", /* 19 */ ++ "SIGTSTP", /* 20 */ ++ "SIGTTIN", /* 21 */ ++ "SIGTTOU", /* 22 */ ++ "SIGURG", /* 23 */ ++ "SIGXCPU", /* 24 */ ++ "SIGXFSZ", /* 25 */ ++ "SIGVTALRM", /* 26 */ ++ "SIGPROF", /* 27 */ ++ "SIGWINCH", /* 28 */ ++ "SIGIO", /* 29 */ ++ "SIGPWR", /* 30 */ ++ "SIGSYS", /* 31 */ +diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h +new file mode 100644 +index 0000000..aca8191 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/syscallent.h +@@ -0,0 +1,1100 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++ "io_setup", /* 0 */ ++ "io_destroy", /* 1 */ ++ "io_submit", /* 2 */ ++ "io_cancel", /* 3 */ ++ "io_getevents", /* 4 */ ++ "setxattr", /* 5 */ ++ "lsetxattr", /* 6 */ ++ "fsetxattr", /* 7 */ ++ "getxattr", /* 8 */ ++ "lgetxattr", /* 9 */ ++ "fgetxattr", /* 10 */ ++ "listxattr", /* 11 */ ++ "llistxattr", /* 12 */ ++ "flistxattr", /* 13 */ ++ "removexattr", /* 14 */ ++ "lremovexattr", /* 15 */ ++ "fremovexattr", /* 16 */ ++ "getcwd", /* 17 */ ++ "lookup_dcookie", /* 18 */ ++ "eventfd2", /* 19 */ ++ "epoll_create1", /* 20 */ ++ "epoll_ctl", /* 21 */ ++ "epoll_pwait", /* 22 */ ++ "dup", /* 23 */ ++ "dup3", /* 24 */ ++ "fcntl", /* 25 */ ++ "inotify_init1", /* 26 */ ++ "inotify_add_watch", /* 27 */ ++ "inotify_rm_watch", /* 28 */ ++ "ioctl", /* 29 */ ++ "ioprio_set", /* 30 */ ++ "ioprio_get", /* 31 */ ++ "flock", /* 32 */ ++ "mknodat", /* 33 */ ++ "mkdirat", /* 34 */ ++ "unlinkat", /* 35 */ ++ "symlinkat", /* 36 */ ++ "linkat", /* 37 */ ++ "renameat", /* 38 */ ++ "umount2", /* 39 */ ++ "mount", /* 40 */ ++ "pivot_root", /* 41 */ ++ "nfsservctl", /* 42 */ ++ "statfs", /* 43 */ ++ "fstatfs", /* 44 */ ++ "truncate", /* 45 */ ++ "ftruncate", /* 46 */ ++ "fallocate", /* 47 */ ++ "faccessat", /* 48 */ ++ "chdir", /* 49 */ ++ "fchdir", /* 50 */ ++ "chroot", /* 51 */ ++ "fchmod", /* 52 */ ++ "fchmodat", /* 53 */ ++ "fchownat", /* 54 */ ++ "fchown", /* 55 */ ++ "openat", /* 56 */ ++ "close", /* 57 */ ++ "vhangup", /* 58 */ ++ "pipe2", /* 59 */ ++ "quotactl", /* 60 */ ++ "getdents64", /* 61 */ ++ "lseek", /* 62 */ ++ "read", /* 63 */ ++ "write", /* 64 */ ++ "readv", /* 65 */ ++ "writev", /* 66 */ ++ "pread64", /* 67 */ ++ "pwrite64", /* 68 */ ++ "preadv", /* 69 */ ++ "pwritev", /* 70 */ ++ "sendfile", /* 71 */ ++ "pselect6", /* 72 */ ++ "ppoll", /* 73 */ ++ "signalfd4", /* 74 */ ++ "vmsplice", /* 75 */ ++ "splice", /* 76 */ ++ "tee", /* 77 */ ++ "readlinkat", /* 78 */ ++ "fstatat", /* 79 */ ++ "fstat", /* 80 */ ++ "sync", /* 81 */ ++ "fsync", /* 82 */ ++ "fdatasync", /* 83 */ ++ "sync_file_range", /* 84 */ ++ "timerfd_create", /* 85 */ ++ "timerfd_settime", /* 86 */ ++ "timerfd_gettime", /* 87 */ ++ "utimensat", /* 88 */ ++ "acct", /* 89 */ ++ "capget", /* 90 */ ++ "capset", /* 91 */ ++ "personality", /* 92 */ ++ "exit", /* 93 */ ++ "exit_group", /* 94 */ ++ "waitid", /* 95 */ ++ "set_tid_address", /* 96 */ ++ "unshare", /* 97 */ ++ "futex", /* 98 */ ++ "set_robust_list", /* 99 */ ++ "get_robust_list", /* 100 */ ++ "nanosleep", /* 101 */ ++ "getitimer", /* 102 */ ++ "setitimer", /* 103 */ ++ "kexec_load", /* 104 */ ++ "init_module", /* 105 */ ++ "delete_module", /* 106 */ ++ "timer_create", /* 107 */ ++ "timer_gettime", /* 108 */ ++ "timer_getoverrun", /* 109 */ ++ "timer_settime", /* 110 */ ++ "timer_delete", /* 111 */ ++ "clock_settime", /* 112 */ ++ "clock_gettime", /* 113 */ ++ "clock_getres", /* 114 */ ++ "clock_nanosleep", /* 115 */ ++ "syslog", /* 116 */ ++ "ptrace", /* 117 */ ++ "sched_setparam", /* 118 */ ++ "sched_setscheduler", /* 119 */ ++ "sched_getscheduler", /* 120 */ ++ "sched_getparam", /* 121 */ ++ "sched_setaffinity", /* 122 */ ++ "sched_getaffinity", /* 123 */ ++ "sched_yield", /* 124 */ ++ "sched_get_priority_max", /* 125 */ ++ "sched_get_priority_min", /* 126 */ ++ "sched_rr_get_interval", /* 127 */ ++ "restart_syscall", /* 128 */ ++ "kill", /* 129 */ ++ "tkill", /* 130 */ ++ "tgkill", /* 131 */ ++ "sigaltstack", /* 132 */ ++ "rt_sigsuspend", /* 133 */ ++ "rt_sigaction", /* 134 */ ++ "rt_sigprocmask", /* 135 */ ++ "rt_sigpending", /* 136 */ ++ "rt_sigtimedwait", /* 137 */ ++ "rt_sigqueueinfo", /* 138 */ ++ "rt_sigreturn", /* 139 */ ++ "setpriority", /* 140 */ ++ "getpriority", /* 141 */ ++ "reboot", /* 142 */ ++ "setregid", /* 143 */ ++ "setgid", /* 144 */ ++ "setreuid", /* 145 */ ++ "setuid", /* 146 */ ++ "setresuid", /* 147 */ ++ "getresuid", /* 148 */ ++ "setresgid", /* 149 */ ++ "getresgid", /* 150 */ ++ "setfsuid", /* 151 */ ++ "setfsgid", /* 152 */ ++ "times", /* 153 */ ++ "setpgid", /* 154 */ ++ "getpgid", /* 155 */ ++ "getsid", /* 156 */ ++ "setsid", /* 157 */ ++ "getgroups", /* 158 */ ++ "setgroups", /* 159 */ ++ "uname", /* 160 */ ++ "sethostname", /* 161 */ ++ "setdomainname", /* 162 */ ++ "getrlimit", /* 163 */ ++ "setrlimit", /* 164 */ ++ "getrusage", /* 165 */ ++ "umask", /* 166 */ ++ "prctl", /* 167 */ ++ "getcpu", /* 168 */ ++ "gettimeofday", /* 169 */ ++ "settimeofday", /* 170 */ ++ "adjtimex", /* 171 */ ++ "getpid", /* 172 */ ++ "getppid", /* 173 */ ++ "getuid", /* 174 */ ++ "geteuid", /* 175 */ ++ "getgid", /* 176 */ ++ "getegid", /* 177 */ ++ "gettid", /* 178 */ ++ "sysinfo", /* 179 */ ++ "mq_open", /* 180 */ ++ "mq_unlink", /* 181 */ ++ "mq_timedsend", /* 182 */ ++ "mq_timedreceive", /* 183 */ ++ "mq_notify", /* 184 */ ++ "mq_getsetattr", /* 185 */ ++ "msgget", /* 186 */ ++ "msgctl", /* 187 */ ++ "msgrcv", /* 188 */ ++ "msgsnd", /* 189 */ ++ "semget", /* 190 */ ++ "semctl", /* 191 */ ++ "semtimedop", /* 192 */ ++ "semop", /* 193 */ ++ "shmget", /* 194 */ ++ "shmctl", /* 195 */ ++ "shmat", /* 196 */ ++ "shmdt", /* 197 */ ++ "socket", /* 198 */ ++ "socketpair", /* 199 */ ++ "bind", /* 200 */ ++ "listen", /* 201 */ ++ "accept", /* 202 */ ++ "connect", /* 203 */ ++ "getsockname", /* 204 */ ++ "getpeername", /* 205 */ ++ "sendto", /* 206 */ ++ "recvfrom", /* 207 */ ++ "setsockopt", /* 208 */ ++ "getsockopt", /* 209 */ ++ "shutdown", /* 210 */ ++ "sendmsg", /* 211 */ ++ "recvmsg", /* 212 */ ++ "readahead", /* 213 */ ++ "brk", /* 214 */ ++ "munmap", /* 215 */ ++ "mremap", /* 216 */ ++ "add_key", /* 217 */ ++ "request_key", /* 218 */ ++ "keyctl", /* 219 */ ++ "clone", /* 220 */ ++ "execve", /* 221 */ ++ "mmap", /* 222 */ ++ "fadvise64", /* 223 */ ++ "swapon", /* 224 */ ++ "swapoff", /* 225 */ ++ "mprotect", /* 226 */ ++ "msync", /* 227 */ ++ "mlock", /* 228 */ ++ "munlock", /* 229 */ ++ "mlockall", /* 230 */ ++ "munlockall", /* 231 */ ++ "mincore", /* 232 */ ++ "madvise", /* 233 */ ++ "remap_file_pages", /* 234 */ ++ "mbind", /* 235 */ ++ "get_mempolicy", /* 236 */ ++ "set_mempolicy", /* 237 */ ++ "migrate_pages", /* 238 */ ++ "move_pages", /* 239 */ ++ "rt_tgsigqueueinfo", /* 240 */ ++ "perf_event_open", /* 241 */ ++ "accept4", /* 242 */ ++ "recvmmsg", /* 243 */ ++ "arch_specific_syscall", /* 244 */ ++ "245", /* 245 */ ++ "246", /* 246 */ ++ "247", /* 247 */ ++ "248", /* 248 */ ++ "249", /* 249 */ ++ "250", /* 250 */ ++ "251", /* 251 */ ++ "252", /* 252 */ ++ "253", /* 253 */ ++ "254", /* 254 */ ++ "255", /* 255 */ ++ "256", /* 256 */ ++ "257", /* 257 */ ++ "258", /* 258 */ ++ "259", /* 259 */ ++ "wait4", /* 260 */ ++ "prlimit64", /* 261 */ ++ "fanotify_init", /* 262 */ ++ "fanotify_mark", /* 263 */ ++ "name_to_handle_at", /* 264 */ ++ "open_by_handle_at", /* 265 */ ++ "clock_adjtime", /* 266 */ ++ "syncfs", /* 267 */ ++ "setns", /* 268 */ ++ "sendmmsg", /* 269 */ ++ "process_vm_readv", /* 270 */ ++ "process_vm_writev", /* 271 */ ++ "kcmp", /* 272 */ ++ "finit_module", /* 273 */ ++ "syscalls", /* 274 */ ++ "275", /* 275 */ ++ "276", /* 276 */ ++ "277", /* 277 */ ++ "278", /* 278 */ ++ "279", /* 279 */ ++ "280", /* 280 */ ++ "281", /* 281 */ ++ "282", /* 282 */ ++ "283", /* 283 */ ++ "284", /* 284 */ ++ "285", /* 285 */ ++ "286", /* 286 */ ++ "287", /* 287 */ ++ "288", /* 288 */ ++ "289", /* 289 */ ++ "290", /* 290 */ ++ "291", /* 291 */ ++ "292", /* 292 */ ++ "293", /* 293 */ ++ "294", /* 294 */ ++ "295", /* 295 */ ++ "296", /* 296 */ ++ "297", /* 297 */ ++ "298", /* 298 */ ++ "299", /* 299 */ ++ "300", /* 300 */ ++ "301", /* 301 */ ++ "302", /* 302 */ ++ "303", /* 303 */ ++ "304", /* 304 */ ++ "305", /* 305 */ ++ "306", /* 306 */ ++ "307", /* 307 */ ++ "308", /* 308 */ ++ "309", /* 309 */ ++ "310", /* 310 */ ++ "311", /* 311 */ ++ "312", /* 312 */ ++ "313", /* 313 */ ++ "314", /* 314 */ ++ "315", /* 315 */ ++ "316", /* 316 */ ++ "317", /* 317 */ ++ "318", /* 318 */ ++ "319", /* 319 */ ++ "320", /* 320 */ ++ "321", /* 321 */ ++ "322", /* 322 */ ++ "323", /* 323 */ ++ "324", /* 324 */ ++ "325", /* 325 */ ++ "326", /* 326 */ ++ "327", /* 327 */ ++ "328", /* 328 */ ++ "329", /* 329 */ ++ "330", /* 330 */ ++ "331", /* 331 */ ++ "332", /* 332 */ ++ "333", /* 333 */ ++ "334", /* 334 */ ++ "335", /* 335 */ ++ "336", /* 336 */ ++ "337", /* 337 */ ++ "338", /* 338 */ ++ "339", /* 339 */ ++ "340", /* 340 */ ++ "341", /* 341 */ ++ "342", /* 342 */ ++ "343", /* 343 */ ++ "344", /* 344 */ ++ "345", /* 345 */ ++ "346", /* 346 */ ++ "347", /* 347 */ ++ "348", /* 348 */ ++ "349", /* 349 */ ++ "350", /* 350 */ ++ "351", /* 351 */ ++ "352", /* 352 */ ++ "353", /* 353 */ ++ "354", /* 354 */ ++ "355", /* 355 */ ++ "356", /* 356 */ ++ "357", /* 357 */ ++ "358", /* 358 */ ++ "359", /* 359 */ ++ "360", /* 360 */ ++ "361", /* 361 */ ++ "362", /* 362 */ ++ "363", /* 363 */ ++ "364", /* 364 */ ++ "365", /* 365 */ ++ "366", /* 366 */ ++ "367", /* 367 */ ++ "368", /* 368 */ ++ "369", /* 369 */ ++ "370", /* 370 */ ++ "371", /* 371 */ ++ "372", /* 372 */ ++ "373", /* 373 */ ++ "374", /* 374 */ ++ "375", /* 375 */ ++ "376", /* 376 */ ++ "377", /* 377 */ ++ "378", /* 378 */ ++ "379", /* 379 */ ++ "380", /* 380 */ ++ "381", /* 381 */ ++ "382", /* 382 */ ++ "383", /* 383 */ ++ "384", /* 384 */ ++ "385", /* 385 */ ++ "386", /* 386 */ ++ "387", /* 387 */ ++ "388", /* 388 */ ++ "389", /* 389 */ ++ "390", /* 390 */ ++ "391", /* 391 */ ++ "392", /* 392 */ ++ "393", /* 393 */ ++ "394", /* 394 */ ++ "395", /* 395 */ ++ "396", /* 396 */ ++ "397", /* 397 */ ++ "398", /* 398 */ ++ "399", /* 399 */ ++ "400", /* 400 */ ++ "401", /* 401 */ ++ "402", /* 402 */ ++ "403", /* 403 */ ++ "404", /* 404 */ ++ "405", /* 405 */ ++ "406", /* 406 */ ++ "407", /* 407 */ ++ "408", /* 408 */ ++ "409", /* 409 */ ++ "410", /* 410 */ ++ "411", /* 411 */ ++ "412", /* 412 */ ++ "413", /* 413 */ ++ "414", /* 414 */ ++ "415", /* 415 */ ++ "416", /* 416 */ ++ "417", /* 417 */ ++ "418", /* 418 */ ++ "419", /* 419 */ ++ "420", /* 420 */ ++ "421", /* 421 */ ++ "422", /* 422 */ ++ "423", /* 423 */ ++ "424", /* 424 */ ++ "425", /* 425 */ ++ "426", /* 426 */ ++ "427", /* 427 */ ++ "428", /* 428 */ ++ "429", /* 429 */ ++ "430", /* 430 */ ++ "431", /* 431 */ ++ "432", /* 432 */ ++ "433", /* 433 */ ++ "434", /* 434 */ ++ "435", /* 435 */ ++ "436", /* 436 */ ++ "437", /* 437 */ ++ "438", /* 438 */ ++ "439", /* 439 */ ++ "440", /* 440 */ ++ "441", /* 441 */ ++ "442", /* 442 */ ++ "443", /* 443 */ ++ "444", /* 444 */ ++ "445", /* 445 */ ++ "446", /* 446 */ ++ "447", /* 447 */ ++ "448", /* 448 */ ++ "449", /* 449 */ ++ "450", /* 450 */ ++ "451", /* 451 */ ++ "452", /* 452 */ ++ "453", /* 453 */ ++ "454", /* 454 */ ++ "455", /* 455 */ ++ "456", /* 456 */ ++ "457", /* 457 */ ++ "458", /* 458 */ ++ "459", /* 459 */ ++ "460", /* 460 */ ++ "461", /* 461 */ ++ "462", /* 462 */ ++ "463", /* 463 */ ++ "464", /* 464 */ ++ "465", /* 465 */ ++ "466", /* 466 */ ++ "467", /* 467 */ ++ "468", /* 468 */ ++ "469", /* 469 */ ++ "470", /* 470 */ ++ "471", /* 471 */ ++ "472", /* 472 */ ++ "473", /* 473 */ ++ "474", /* 474 */ ++ "475", /* 475 */ ++ "476", /* 476 */ ++ "477", /* 477 */ ++ "478", /* 478 */ ++ "479", /* 479 */ ++ "480", /* 480 */ ++ "481", /* 481 */ ++ "482", /* 482 */ ++ "483", /* 483 */ ++ "484", /* 484 */ ++ "485", /* 485 */ ++ "486", /* 486 */ ++ "487", /* 487 */ ++ "488", /* 488 */ ++ "489", /* 489 */ ++ "490", /* 490 */ ++ "491", /* 491 */ ++ "492", /* 492 */ ++ "493", /* 493 */ ++ "494", /* 494 */ ++ "495", /* 495 */ ++ "496", /* 496 */ ++ "497", /* 497 */ ++ "498", /* 498 */ ++ "499", /* 499 */ ++ "500", /* 500 */ ++ "501", /* 501 */ ++ "502", /* 502 */ ++ "503", /* 503 */ ++ "504", /* 504 */ ++ "505", /* 505 */ ++ "506", /* 506 */ ++ "507", /* 507 */ ++ "508", /* 508 */ ++ "509", /* 509 */ ++ "510", /* 510 */ ++ "511", /* 511 */ ++ "512", /* 512 */ ++ "513", /* 513 */ ++ "514", /* 514 */ ++ "515", /* 515 */ ++ "516", /* 516 */ ++ "517", /* 517 */ ++ "518", /* 518 */ ++ "519", /* 519 */ ++ "520", /* 520 */ ++ "521", /* 521 */ ++ "522", /* 522 */ ++ "523", /* 523 */ ++ "524", /* 524 */ ++ "525", /* 525 */ ++ "526", /* 526 */ ++ "527", /* 527 */ ++ "528", /* 528 */ ++ "529", /* 529 */ ++ "530", /* 530 */ ++ "531", /* 531 */ ++ "532", /* 532 */ ++ "533", /* 533 */ ++ "534", /* 534 */ ++ "535", /* 535 */ ++ "536", /* 536 */ ++ "537", /* 537 */ ++ "538", /* 538 */ ++ "539", /* 539 */ ++ "540", /* 540 */ ++ "541", /* 541 */ ++ "542", /* 542 */ ++ "543", /* 543 */ ++ "544", /* 544 */ ++ "545", /* 545 */ ++ "546", /* 546 */ ++ "547", /* 547 */ ++ "548", /* 548 */ ++ "549", /* 549 */ ++ "550", /* 550 */ ++ "551", /* 551 */ ++ "552", /* 552 */ ++ "553", /* 553 */ ++ "554", /* 554 */ ++ "555", /* 555 */ ++ "556", /* 556 */ ++ "557", /* 557 */ ++ "558", /* 558 */ ++ "559", /* 559 */ ++ "560", /* 560 */ ++ "561", /* 561 */ ++ "562", /* 562 */ ++ "563", /* 563 */ ++ "564", /* 564 */ ++ "565", /* 565 */ ++ "566", /* 566 */ ++ "567", /* 567 */ ++ "568", /* 568 */ ++ "569", /* 569 */ ++ "570", /* 570 */ ++ "571", /* 571 */ ++ "572", /* 572 */ ++ "573", /* 573 */ ++ "574", /* 574 */ ++ "575", /* 575 */ ++ "576", /* 576 */ ++ "577", /* 577 */ ++ "578", /* 578 */ ++ "579", /* 579 */ ++ "580", /* 580 */ ++ "581", /* 581 */ ++ "582", /* 582 */ ++ "583", /* 583 */ ++ "584", /* 584 */ ++ "585", /* 585 */ ++ "586", /* 586 */ ++ "587", /* 587 */ ++ "588", /* 588 */ ++ "589", /* 589 */ ++ "590", /* 590 */ ++ "591", /* 591 */ ++ "592", /* 592 */ ++ "593", /* 593 */ ++ "594", /* 594 */ ++ "595", /* 595 */ ++ "596", /* 596 */ ++ "597", /* 597 */ ++ "598", /* 598 */ ++ "599", /* 599 */ ++ "600", /* 600 */ ++ "601", /* 601 */ ++ "602", /* 602 */ ++ "603", /* 603 */ ++ "604", /* 604 */ ++ "605", /* 605 */ ++ "606", /* 606 */ ++ "607", /* 607 */ ++ "608", /* 608 */ ++ "609", /* 609 */ ++ "610", /* 610 */ ++ "611", /* 611 */ ++ "612", /* 612 */ ++ "613", /* 613 */ ++ "614", /* 614 */ ++ "615", /* 615 */ ++ "616", /* 616 */ ++ "617", /* 617 */ ++ "618", /* 618 */ ++ "619", /* 619 */ ++ "620", /* 620 */ ++ "621", /* 621 */ ++ "622", /* 622 */ ++ "623", /* 623 */ ++ "624", /* 624 */ ++ "625", /* 625 */ ++ "626", /* 626 */ ++ "627", /* 627 */ ++ "628", /* 628 */ ++ "629", /* 629 */ ++ "630", /* 630 */ ++ "631", /* 631 */ ++ "632", /* 632 */ ++ "633", /* 633 */ ++ "634", /* 634 */ ++ "635", /* 635 */ ++ "636", /* 636 */ ++ "637", /* 637 */ ++ "638", /* 638 */ ++ "639", /* 639 */ ++ "640", /* 640 */ ++ "641", /* 641 */ ++ "642", /* 642 */ ++ "643", /* 643 */ ++ "644", /* 644 */ ++ "645", /* 645 */ ++ "646", /* 646 */ ++ "647", /* 647 */ ++ "648", /* 648 */ ++ "649", /* 649 */ ++ "650", /* 650 */ ++ "651", /* 651 */ ++ "652", /* 652 */ ++ "653", /* 653 */ ++ "654", /* 654 */ ++ "655", /* 655 */ ++ "656", /* 656 */ ++ "657", /* 657 */ ++ "658", /* 658 */ ++ "659", /* 659 */ ++ "660", /* 660 */ ++ "661", /* 661 */ ++ "662", /* 662 */ ++ "663", /* 663 */ ++ "664", /* 664 */ ++ "665", /* 665 */ ++ "666", /* 666 */ ++ "667", /* 667 */ ++ "668", /* 668 */ ++ "669", /* 669 */ ++ "670", /* 670 */ ++ "671", /* 671 */ ++ "672", /* 672 */ ++ "673", /* 673 */ ++ "674", /* 674 */ ++ "675", /* 675 */ ++ "676", /* 676 */ ++ "677", /* 677 */ ++ "678", /* 678 */ ++ "679", /* 679 */ ++ "680", /* 680 */ ++ "681", /* 681 */ ++ "682", /* 682 */ ++ "683", /* 683 */ ++ "684", /* 684 */ ++ "685", /* 685 */ ++ "686", /* 686 */ ++ "687", /* 687 */ ++ "688", /* 688 */ ++ "689", /* 689 */ ++ "690", /* 690 */ ++ "691", /* 691 */ ++ "692", /* 692 */ ++ "693", /* 693 */ ++ "694", /* 694 */ ++ "695", /* 695 */ ++ "696", /* 696 */ ++ "697", /* 697 */ ++ "698", /* 698 */ ++ "699", /* 699 */ ++ "700", /* 700 */ ++ "701", /* 701 */ ++ "702", /* 702 */ ++ "703", /* 703 */ ++ "704", /* 704 */ ++ "705", /* 705 */ ++ "706", /* 706 */ ++ "707", /* 707 */ ++ "708", /* 708 */ ++ "709", /* 709 */ ++ "710", /* 710 */ ++ "711", /* 711 */ ++ "712", /* 712 */ ++ "713", /* 713 */ ++ "714", /* 714 */ ++ "715", /* 715 */ ++ "716", /* 716 */ ++ "717", /* 717 */ ++ "718", /* 718 */ ++ "719", /* 719 */ ++ "720", /* 720 */ ++ "721", /* 721 */ ++ "722", /* 722 */ ++ "723", /* 723 */ ++ "724", /* 724 */ ++ "725", /* 725 */ ++ "726", /* 726 */ ++ "727", /* 727 */ ++ "728", /* 728 */ ++ "729", /* 729 */ ++ "730", /* 730 */ ++ "731", /* 731 */ ++ "732", /* 732 */ ++ "733", /* 733 */ ++ "734", /* 734 */ ++ "735", /* 735 */ ++ "736", /* 736 */ ++ "737", /* 737 */ ++ "738", /* 738 */ ++ "739", /* 739 */ ++ "740", /* 740 */ ++ "741", /* 741 */ ++ "742", /* 742 */ ++ "743", /* 743 */ ++ "744", /* 744 */ ++ "745", /* 745 */ ++ "746", /* 746 */ ++ "747", /* 747 */ ++ "748", /* 748 */ ++ "749", /* 749 */ ++ "750", /* 750 */ ++ "751", /* 751 */ ++ "752", /* 752 */ ++ "753", /* 753 */ ++ "754", /* 754 */ ++ "755", /* 755 */ ++ "756", /* 756 */ ++ "757", /* 757 */ ++ "758", /* 758 */ ++ "759", /* 759 */ ++ "760", /* 760 */ ++ "761", /* 761 */ ++ "762", /* 762 */ ++ "763", /* 763 */ ++ "764", /* 764 */ ++ "765", /* 765 */ ++ "766", /* 766 */ ++ "767", /* 767 */ ++ "768", /* 768 */ ++ "769", /* 769 */ ++ "770", /* 770 */ ++ "771", /* 771 */ ++ "772", /* 772 */ ++ "773", /* 773 */ ++ "774", /* 774 */ ++ "775", /* 775 */ ++ "776", /* 776 */ ++ "777", /* 777 */ ++ "778", /* 778 */ ++ "779", /* 779 */ ++ "780", /* 780 */ ++ "781", /* 781 */ ++ "782", /* 782 */ ++ "783", /* 783 */ ++ "784", /* 784 */ ++ "785", /* 785 */ ++ "786", /* 786 */ ++ "787", /* 787 */ ++ "788", /* 788 */ ++ "789", /* 789 */ ++ "790", /* 790 */ ++ "791", /* 791 */ ++ "792", /* 792 */ ++ "793", /* 793 */ ++ "794", /* 794 */ ++ "795", /* 795 */ ++ "796", /* 796 */ ++ "797", /* 797 */ ++ "798", /* 798 */ ++ "799", /* 799 */ ++ "800", /* 800 */ ++ "801", /* 801 */ ++ "802", /* 802 */ ++ "803", /* 803 */ ++ "804", /* 804 */ ++ "805", /* 805 */ ++ "806", /* 806 */ ++ "807", /* 807 */ ++ "808", /* 808 */ ++ "809", /* 809 */ ++ "810", /* 810 */ ++ "811", /* 811 */ ++ "812", /* 812 */ ++ "813", /* 813 */ ++ "814", /* 814 */ ++ "815", /* 815 */ ++ "816", /* 816 */ ++ "817", /* 817 */ ++ "818", /* 818 */ ++ "819", /* 819 */ ++ "820", /* 820 */ ++ "821", /* 821 */ ++ "822", /* 822 */ ++ "823", /* 823 */ ++ "824", /* 824 */ ++ "825", /* 825 */ ++ "826", /* 826 */ ++ "827", /* 827 */ ++ "828", /* 828 */ ++ "829", /* 829 */ ++ "830", /* 830 */ ++ "831", /* 831 */ ++ "832", /* 832 */ ++ "833", /* 833 */ ++ "834", /* 834 */ ++ "835", /* 835 */ ++ "836", /* 836 */ ++ "837", /* 837 */ ++ "838", /* 838 */ ++ "839", /* 839 */ ++ "840", /* 840 */ ++ "841", /* 841 */ ++ "842", /* 842 */ ++ "843", /* 843 */ ++ "844", /* 844 */ ++ "845", /* 845 */ ++ "846", /* 846 */ ++ "847", /* 847 */ ++ "848", /* 848 */ ++ "849", /* 849 */ ++ "850", /* 850 */ ++ "851", /* 851 */ ++ "852", /* 852 */ ++ "853", /* 853 */ ++ "854", /* 854 */ ++ "855", /* 855 */ ++ "856", /* 856 */ ++ "857", /* 857 */ ++ "858", /* 858 */ ++ "859", /* 859 */ ++ "860", /* 860 */ ++ "861", /* 861 */ ++ "862", /* 862 */ ++ "863", /* 863 */ ++ "864", /* 864 */ ++ "865", /* 865 */ ++ "866", /* 866 */ ++ "867", /* 867 */ ++ "868", /* 868 */ ++ "869", /* 869 */ ++ "870", /* 870 */ ++ "871", /* 871 */ ++ "872", /* 872 */ ++ "873", /* 873 */ ++ "874", /* 874 */ ++ "875", /* 875 */ ++ "876", /* 876 */ ++ "877", /* 877 */ ++ "878", /* 878 */ ++ "879", /* 879 */ ++ "880", /* 880 */ ++ "881", /* 881 */ ++ "882", /* 882 */ ++ "883", /* 883 */ ++ "884", /* 884 */ ++ "885", /* 885 */ ++ "886", /* 886 */ ++ "887", /* 887 */ ++ "888", /* 888 */ ++ "889", /* 889 */ ++ "890", /* 890 */ ++ "891", /* 891 */ ++ "892", /* 892 */ ++ "893", /* 893 */ ++ "894", /* 894 */ ++ "895", /* 895 */ ++ "896", /* 896 */ ++ "897", /* 897 */ ++ "898", /* 898 */ ++ "899", /* 899 */ ++ "900", /* 900 */ ++ "901", /* 901 */ ++ "902", /* 902 */ ++ "903", /* 903 */ ++ "904", /* 904 */ ++ "905", /* 905 */ ++ "906", /* 906 */ ++ "907", /* 907 */ ++ "908", /* 908 */ ++ "909", /* 909 */ ++ "910", /* 910 */ ++ "911", /* 911 */ ++ "912", /* 912 */ ++ "913", /* 913 */ ++ "914", /* 914 */ ++ "915", /* 915 */ ++ "916", /* 916 */ ++ "917", /* 917 */ ++ "918", /* 918 */ ++ "919", /* 919 */ ++ "920", /* 920 */ ++ "921", /* 921 */ ++ "922", /* 922 */ ++ "923", /* 923 */ ++ "924", /* 924 */ ++ "925", /* 925 */ ++ "926", /* 926 */ ++ "927", /* 927 */ ++ "928", /* 928 */ ++ "929", /* 929 */ ++ "930", /* 930 */ ++ "931", /* 931 */ ++ "932", /* 932 */ ++ "933", /* 933 */ ++ "934", /* 934 */ ++ "935", /* 935 */ ++ "936", /* 936 */ ++ "937", /* 937 */ ++ "938", /* 938 */ ++ "939", /* 939 */ ++ "940", /* 940 */ ++ "941", /* 941 */ ++ "942", /* 942 */ ++ "943", /* 943 */ ++ "944", /* 944 */ ++ "945", /* 945 */ ++ "946", /* 946 */ ++ "947", /* 947 */ ++ "948", /* 948 */ ++ "949", /* 949 */ ++ "950", /* 950 */ ++ "951", /* 951 */ ++ "952", /* 952 */ ++ "953", /* 953 */ ++ "954", /* 954 */ ++ "955", /* 955 */ ++ "956", /* 956 */ ++ "957", /* 957 */ ++ "958", /* 958 */ ++ "959", /* 959 */ ++ "960", /* 960 */ ++ "961", /* 961 */ ++ "962", /* 962 */ ++ "963", /* 963 */ ++ "964", /* 964 */ ++ "965", /* 965 */ ++ "966", /* 966 */ ++ "967", /* 967 */ ++ "968", /* 968 */ ++ "969", /* 969 */ ++ "970", /* 970 */ ++ "971", /* 971 */ ++ "972", /* 972 */ ++ "973", /* 973 */ ++ "974", /* 974 */ ++ "975", /* 975 */ ++ "976", /* 976 */ ++ "977", /* 977 */ ++ "978", /* 978 */ ++ "979", /* 979 */ ++ "980", /* 980 */ ++ "981", /* 981 */ ++ "982", /* 982 */ ++ "983", /* 983 */ ++ "984", /* 984 */ ++ "985", /* 985 */ ++ "986", /* 986 */ ++ "987", /* 987 */ ++ "988", /* 988 */ ++ "989", /* 989 */ ++ "990", /* 990 */ ++ "991", /* 991 */ ++ "992", /* 992 */ ++ "993", /* 993 */ ++ "994", /* 994 */ ++ "995", /* 995 */ ++ "996", /* 996 */ ++ "997", /* 997 */ ++ "998", /* 998 */ ++ "999", /* 999 */ ++ "1000", /* 1000 */ ++ "1001", /* 1001 */ ++ "1002", /* 1002 */ ++ "1003", /* 1003 */ ++ "1004", /* 1004 */ ++ "1005", /* 1005 */ ++ "1006", /* 1006 */ ++ "1007", /* 1007 */ ++ "1008", /* 1008 */ ++ "1009", /* 1009 */ ++ "1010", /* 1010 */ ++ "1011", /* 1011 */ ++ "1012", /* 1012 */ ++ "1013", /* 1013 */ ++ "1014", /* 1014 */ ++ "1015", /* 1015 */ ++ "1016", /* 1016 */ ++ "1017", /* 1017 */ ++ "1018", /* 1018 */ ++ "1019", /* 1019 */ ++ "1020", /* 1020 */ ++ "1021", /* 1021 */ ++ "1022", /* 1022 */ ++ "1023", /* 1023 */ ++ "open", /* 1024 */ ++ "link", /* 1025 */ ++ "unlink", /* 1026 */ ++ "mknod", /* 1027 */ ++ "chmod", /* 1028 */ ++ "chown", /* 1029 */ ++ "mkdir", /* 1030 */ ++ "rmdir", /* 1031 */ ++ "lchown", /* 1032 */ ++ "access", /* 1033 */ ++ "rename", /* 1034 */ ++ "readlink", /* 1035 */ ++ "symlink", /* 1036 */ ++ "utimes", /* 1037 */ ++ "stat", /* 1038 */ ++ "lstat", /* 1039 */ ++ "pipe", /* 1040 */ ++ "dup2", /* 1041 */ ++ "epoll_create", /* 1042 */ ++ "inotify_init", /* 1043 */ ++ "eventfd", /* 1044 */ ++ "signalfd", /* 1045 */ ++ "sendfile", /* 1046 */ ++ "ftruncate", /* 1047 */ ++ "truncate", /* 1048 */ ++ "stat", /* 1049 */ ++ "lstat", /* 1050 */ ++ "fstat", /* 1051 */ ++ "fcntl", /* 1052 */ ++ "fadvise64", /* 1053 */ ++ "newfstatat", /* 1054 */ ++ "fstatfs", /* 1055 */ ++ "statfs", /* 1056 */ ++ "lseek", /* 1057 */ ++ "mmap", /* 1058 */ ++ "alarm", /* 1059 */ ++ "getpgrp", /* 1060 */ ++ "pause", /* 1061 */ ++ "time", /* 1062 */ ++ "utime", /* 1063 */ ++ "creat", /* 1064 */ ++ "getdents", /* 1065 */ ++ "futimesat", /* 1066 */ ++ "select", /* 1067 */ ++ "poll", /* 1068 */ ++ "epoll_wait", /* 1069 */ ++ "ustat", /* 1070 */ ++ "vfork", /* 1071 */ ++ "oldwait4", /* 1072 */ ++ "recv", /* 1073 */ ++ "send", /* 1074 */ ++ "bdflush", /* 1075 */ ++ "umount", /* 1076 */ ++ "uselib", /* 1077 */ ++ "_sysctl", /* 1078 */ ++ "fork", /* 1079 */ +diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c +new file mode 100644 +index 0000000..5544b51 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/trace.c +@@ -0,0 +1,84 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <sys/types.h> ++#include <sys/wait.h> ++#include <asm/ptrace.h> ++#include <string.h> ++#include <stdio.h> ++#include <errno.h> ++ ++#include "backend.h" ++#include "proc.h" ++ ++void ++get_arch_dep(struct Process *proc) ++{ ++} ++ ++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs); ++ ++/* The syscall instruction is: ++ * | 31 21 | 20 5 | 4 0 | ++ * | 1 1 0 1 0 1 0 0 | 0 0 0 | imm16 | 0 0 0 0 1 | */ ++#define SVC_MASK 0xffe0001f ++#define SVC_VALUE 0xd4000001 ++ ++int ++syscall_p(struct Process *proc, int status, int *sysnum) ++{ ++ if (WIFSTOPPED(status) ++ && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) { ++ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "syscall_p: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return -1; ++ } ++ ++ errno = 0; ++ unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT, ++ proc->pid, ++ regs.pc - 4, 0); ++ if (insn == -1UL && errno != 0) { ++ fprintf(stderr, "syscall_p: " ++ "Couldn't peek into %d: %s\n", proc->pid, ++ strerror(errno)); ++ return -1; ++ } ++ ++ insn &= 0xffffffffUL; ++ if ((insn & SVC_MASK) == SVC_VALUE) { ++ *sysnum = regs.regs[8]; ++ ++ size_t d1 = proc->callstack_depth - 1; ++ if (proc->callstack_depth > 0 ++ && proc->callstack[d1].is_syscall ++ && proc->callstack[d1].c_un.syscall == *sysnum) ++ return 2; ++ ++ return 1; ++ } ++ } ++ ++ return 0; ++} +-- +1.9.1 + diff --git a/user/ltrace/aarch64.patch b/user/ltrace/aarch64.patch new file mode 100644 index 000000000..a89c3073a --- /dev/null +++ b/user/ltrace/aarch64.patch @@ -0,0 +1,2155 @@ +From 982cbca34b2b49a158086ff5f43eb9bba89edead Mon Sep 17 00:00:00 2001 +From: Petr Machata <pmachata@redhat.com> +Date: Wed, 6 Feb 2013 15:46:04 +0100 +Subject: [PATCH] Move get_hfa_type from IA64 backend to type.c, name it + type_get_hfa_type + +--- + sysdeps/linux-gnu/ia64/fetch.c | 48 ++++++++---------------------------------- + type.c | 36 +++++++++++++++++++++++++++++++ + type.h | 11 +++++++++- + 3 files changed, 55 insertions(+), 40 deletions(-) + +diff --git a/sysdeps/linux-gnu/ia64/fetch.c b/sysdeps/linux-gnu/ia64/fetch.c +index e90dbed..171c7a2 100644 +--- a/sysdeps/linux-gnu/ia64/fetch.c ++++ b/sysdeps/linux-gnu/ia64/fetch.c +@@ -1,6 +1,6 @@ + /* + * This file is part of ltrace. +- * Copyright (C) 2012 Petr Machata, Red Hat Inc. ++ * Copyright (C) 2012,2013 Petr Machata, Red Hat Inc. + * Copyright (C) 2008,2009 Juan Cespedes + * Copyright (C) 2006 Steve Fink + * Copyright (C) 2006 Ian Wienand +@@ -249,37 +249,6 @@ allocate_float(struct fetch_context *ctx, struct process *proc, + return 0; + } + +-static enum arg_type +-get_hfa_type(struct arg_type_info *info, size_t *countp) +-{ +- size_t n = type_aggregate_size(info); +- if (n == (size_t)-1) +- return ARGTYPE_VOID; +- +- enum arg_type type = ARGTYPE_VOID; +- *countp = 0; +- +- while (n-- > 0) { +- struct arg_type_info *emt = type_element(info, n); +- +- enum arg_type emt_type = emt->type; +- size_t emt_count = 1; +- if (emt_type == ARGTYPE_STRUCT || emt_type == ARGTYPE_ARRAY) +- emt_type = get_hfa_type(emt, &emt_count); +- +- if (type == ARGTYPE_VOID) { +- if (emt_type != ARGTYPE_FLOAT +- && emt_type != ARGTYPE_DOUBLE) +- return ARGTYPE_VOID; +- type = emt_type; +- } +- if (emt_type != type) +- return ARGTYPE_VOID; +- *countp += emt_count; +- } +- return type; +-} +- + static int + allocate_hfa(struct fetch_context *ctx, struct process *proc, + struct arg_type_info *info, struct value *valuep, +@@ -380,10 +349,11 @@ allocate_ret(struct fetch_context *ctx, struct process *proc, + * floating-point registers, beginning with f8. */ + if (info->type == ARGTYPE_STRUCT || info->type == ARGTYPE_ARRAY) { + size_t hfa_size; +- enum arg_type hfa_type = get_hfa_type(info, &hfa_size); +- if (hfa_type != ARGTYPE_VOID && hfa_size <= 8) ++ struct arg_type_info *hfa_info ++ = type_get_hfa_type(info, &hfa_size); ++ if (hfa_info != NULL && hfa_size <= 8) + return allocate_hfa(ctx, proc, info, valuep, +- hfa_type, hfa_size); ++ hfa_info->type, hfa_size); + } + + /* Integers and pointers are passed in r8. 128-bit integers +@@ -409,7 +379,7 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type, + struct arg_type_info *info, struct value *valuep) + { + switch (info->type) { +- enum arg_type hfa_type; ++ struct arg_type_info *hfa_info; + size_t hfa_size; + + case ARGTYPE_VOID: +@@ -421,10 +391,10 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type, + return allocate_float(ctx, proc, info, valuep, 1); + + case ARGTYPE_STRUCT: +- hfa_type = get_hfa_type(info, &hfa_size); +- if (hfa_type != ARGTYPE_VOID) ++ hfa_info = type_get_hfa_type(info, &hfa_size); ++ if (hfa_info != NULL) + return allocate_hfa(ctx, proc, info, valuep, +- hfa_type, hfa_size); ++ hfa_info->type, hfa_size); + /* Fall through. */ + case ARGTYPE_CHAR: + case ARGTYPE_SHORT: +diff --git a/type.c b/type.c +index 11b4ce1..d5bc98f 100644 +--- a/type.c ++++ b/type.c +@@ -564,3 +564,39 @@ type_get_fp_equivalent(struct arg_type_info *info) + } + abort(); + } ++ ++struct arg_type_info * ++type_get_hfa_type(struct arg_type_info *info, size_t *countp) ++{ ++ assert(info != NULL); ++ if (info->type != ARGTYPE_STRUCT ++ && info->type != ARGTYPE_ARRAY) ++ return NULL; ++ ++ size_t n = type_aggregate_size(info); ++ if (n == (size_t)-1) ++ return NULL; ++ ++ struct arg_type_info *ret = NULL; ++ *countp = 0; ++ ++ while (n-- > 0) { ++ struct arg_type_info *emt = type_element(info, n); ++ ++ size_t emt_count = 1; ++ if (emt->type == ARGTYPE_STRUCT || emt->type == ARGTYPE_ARRAY) ++ emt = type_get_hfa_type(emt, &emt_count); ++ if (emt == NULL) ++ return NULL; ++ if (ret == NULL) { ++ if (emt->type != ARGTYPE_FLOAT ++ && emt->type != ARGTYPE_DOUBLE) ++ return NULL; ++ ret = emt; ++ } ++ if (emt->type != ret->type) ++ return NULL; ++ *countp += emt_count; ++ } ++ return ret; ++} +diff --git a/type.h b/type.h +index b92c1af..3210677 100644 +--- a/type.h ++++ b/type.h +@@ -1,6 +1,6 @@ + /* + * This file is part of ltrace. +- * Copyright (C) 2011,2012 Petr Machata, Red Hat Inc. ++ * Copyright (C) 2011,2012,2013 Petr Machata, Red Hat Inc. + * Copyright (C) 1997-2009 Juan Cespedes + * + * This program is free software; you can redistribute it and/or +@@ -142,4 +142,13 @@ int type_is_signed(enum arg_type type); + * type. */ + struct arg_type_info *type_get_fp_equivalent(struct arg_type_info *info); + ++/* If INFO is homogeneous floating-point aggregate, return the ++ * corresponding floating point type, and set *COUNTP to number of ++ * fields of the structure. Otherwise return NULL. INFO is a HFA if ++ * it's an aggregate whose each field is either a HFA, or a ++ * floating-point type. */ ++struct arg_type_info *type_get_hfa_type(struct arg_type_info *info, ++ size_t *countp); ++ ++ + #endif /* TYPE_H */ +-- +1.9.1 + +From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001 +From: Petr Machata <pmachata@redhat.com> +Date: Fri, 24 Jan 2014 00:50:06 +0100 +Subject: [PATCH 1/1] Implement aarch64 support + +- IFUNC support is not implemented, the rest works well. The only + other failure is in wide char functions, and that occurs on x86_64 + as well. +--- + configure.ac | 3 +- + sysdeps/linux-gnu/Makefile.am | 4 +- + sysdeps/linux-gnu/aarch64/Makefile.am | 25 + + sysdeps/linux-gnu/aarch64/arch.h | 37 ++ + sysdeps/linux-gnu/aarch64/fetch.c | 365 +++++++++++ + sysdeps/linux-gnu/aarch64/plt.c | 38 ++ + sysdeps/linux-gnu/aarch64/ptrace.h | 22 + + sysdeps/linux-gnu/aarch64/regs.c | 130 ++++ + sysdeps/linux-gnu/aarch64/signalent.h | 52 ++ + sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++ + sysdeps/linux-gnu/aarch64/trace.c | 83 +++ + 11 files changed, 1857 insertions(+), 2 deletions(-) + create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am + create mode 100644 sysdeps/linux-gnu/aarch64/arch.h + create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c + create mode 100644 sysdeps/linux-gnu/aarch64/plt.c + create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h + create mode 100644 sysdeps/linux-gnu/aarch64/regs.c + create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h + create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h + create mode 100644 sysdeps/linux-gnu/aarch64/trace.c + +diff --git a/configure.ac b/configure.ac +index c6e6bf0..0e9a124 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1,6 +1,6 @@ + # -*- Autoconf -*- + # This file is part of ltrace. +-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc. ++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc. + # Copyright (C) 2010,2011 Joe Damato + # Copyright (C) 2010 Marc Kleine-Budde + # Copyright (C) 2010 Zachary T Welch +@@ -399,6 +399,7 @@ AC_CONFIG_FILES([ + Makefile + sysdeps/Makefile + sysdeps/linux-gnu/Makefile ++ sysdeps/linux-gnu/aarch64/Makefile + sysdeps/linux-gnu/alpha/Makefile + sysdeps/linux-gnu/arm/Makefile + sysdeps/linux-gnu/cris/Makefile +diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am +index ecee577..ec26162 100644 +--- a/sysdeps/linux-gnu/Makefile.am ++++ b/sysdeps/linux-gnu/Makefile.am +@@ -1,4 +1,5 @@ + # This file is part of ltrace. ++# Copyright (C) 2014 Petr Machata, Red Hat, Inc. + # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix + # + # This program is free software; you can redistribute it and/or +@@ -16,7 +17,8 @@ + # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + # 02110-1301 USA + +-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86 ++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390 \ ++ sparc x86 + + SUBDIRS = \ + $(HOST_CPU) +diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am +new file mode 100644 +index 0000000..0af4e6e +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/Makefile.am +@@ -0,0 +1,25 @@ ++# This file is part of ltrace. ++# Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of the ++# License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++# 02110-1301 USA ++ ++noinst_LTLIBRARIES = ../libcpu.la ++ ++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c ++ ++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h ++ ++MAINTAINERCLEANFILES = Makefile.in +diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h +new file mode 100644 +index 0000000..4137613 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/arch.h +@@ -0,0 +1,37 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++#ifndef LTRACE_AARCH64_ARCH_H ++#define LTRACE_AARCH64_ARCH_H ++ ++/* | 31 21 | 20 5 | 4 0 | * ++ * | 1 1 0 1 0 1 0 0 0 0 1 | imm16 | 0 0 0 0 0 | */ ++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 } ++#define BREAKPOINT_LENGTH 4 ++#define DECR_PC_AFTER_BREAK 0 ++ ++#define LT_ELFCLASS ELFCLASS64 ++#define LT_ELF_MACHINE EM_AARCH64 ++ ++#define ARCH_HAVE_FETCH_ARG ++#define ARCH_ENDIAN_BIG ++#define ARCH_HAVE_SIZEOF ++#define ARCH_HAVE_ALIGNOF ++ ++#endif /* LTRACE_AARCH64_ARCH_H */ +diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c +new file mode 100644 +index 0000000..8779f03 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/fetch.c +@@ -0,0 +1,365 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> ++#include <stdlib.h> ++#include <string.h> ++ ++#include "fetch.h" ++#include "proc.h" ++#include "type.h" ++#include "value.h" ++ ++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs); ++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs); ++ ++ ++struct fetch_context ++{ ++ struct user_pt_regs gregs; ++ struct user_fpsimd_state fpregs; ++ arch_addr_t nsaa; ++ unsigned ngrn; ++ unsigned nsrn; ++ arch_addr_t x8; ++}; ++ ++static int ++context_init(struct fetch_context *context, struct Process *proc) ++{ ++ if (aarch64_read_gregs(proc, &context->gregs) < 0 ++ || aarch64_read_fregs(proc, &context->fpregs) < 0) ++ return -1; ++ ++ context->ngrn = 0; ++ context->nsrn = 0; ++ /* XXX double cast */ ++ context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp; ++ context->x8 = 0; ++ ++ return 0; ++} ++ ++struct fetch_context * ++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context) ++{ ++ struct fetch_context *ret = malloc(sizeof(*ret)); ++ if (ret == NULL) ++ return NULL; ++ return memcpy(ret, context, sizeof(*ret)); ++} ++ ++static void ++fetch_next_gpr(struct fetch_context *context, unsigned char *buf) ++{ ++ uint64_t u = context->gregs.regs[context->ngrn++]; ++ memcpy(buf, &u, 8); ++} ++ ++static int ++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz) ++{ ++ if (sz < 8) ++ sz = 8; ++ ++ unsigned char *buf = value_reserve(value, sz); ++ if (buf == NULL) ++ return -1; ++ ++ size_t i; ++ for (i = 0; i < sz; i += 8) ++ fetch_next_gpr(context, buf + i); ++ ++ return 0; ++} ++ ++static void ++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz) ++{ ++ __int128 u = context->fpregs.vregs[context->nsrn++]; ++ memcpy(buf, &u, sz); ++} ++ ++static int ++fetch_sse(struct fetch_context *context, struct value *value, size_t sz) ++{ ++ unsigned char *buf = value_reserve(value, sz); ++ if (buf == NULL) ++ return -1; ++ ++ fetch_next_sse(context, buf, sz); ++ return 0; ++} ++ ++static int ++fetch_hfa(struct fetch_context *context, ++ struct value *value, struct arg_type_info *hfa_t, size_t count) ++{ ++ size_t sz = type_sizeof(value->inferior, hfa_t); ++ unsigned char *buf = value_reserve(value, sz * count); ++ if (buf == NULL) ++ return -1; ++ ++ size_t i; ++ for (i = 0; i < count; ++i) { ++ fetch_next_sse(context, buf, sz); ++ buf += sz; ++ } ++ return 0; ++} ++ ++static int ++fetch_stack(struct fetch_context *context, struct value *value, ++ size_t align, size_t sz) ++{ ++ if (align < 8) ++ align = 8; ++ size_t amount = ((sz + align - 1) / align) * align; ++ ++ /* XXX double casts */ ++ uintptr_t sp = (uintptr_t) context->nsaa; ++ sp = ((sp + align - 1) / align) * align; ++ ++ value_in_inferior(value, (arch_addr_t) sp); ++ ++ sp += amount; ++ context->nsaa = (arch_addr_t) sp; ++ ++ return 0; ++} ++ ++enum convert_method { ++ CVT_ERR = -1, ++ CVT_NOP = 0, ++ CVT_BYREF, ++}; ++ ++enum fetch_method { ++ FETCH_NOP, ++ FETCH_STACK, ++ FETCH_GPR, ++ FETCH_SSE, ++ FETCH_HFA, ++}; ++ ++struct fetch_script { ++ enum convert_method c; ++ enum fetch_method f; ++ size_t sz; ++ struct arg_type_info *hfa_t; ++ size_t count; ++}; ++ ++static struct fetch_script ++pass_arg(struct fetch_context const *context, ++ struct Process *proc, struct arg_type_info *info) ++{ ++ enum fetch_method cvt = CVT_NOP; ++ ++ size_t sz = type_sizeof(proc, info); ++ if (sz == (size_t) -1) ++ return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz }; ++ ++ switch (info->type) { ++ case ARGTYPE_VOID: ++ return (struct fetch_script) { cvt, FETCH_NOP, sz }; ++ ++ case ARGTYPE_STRUCT: ++ case ARGTYPE_ARRAY:; ++ size_t count; ++ struct arg_type_info *hfa_t = type_get_hfa_type(info, &count); ++ if (hfa_t != NULL && count <= 4) { ++ if (context->nsrn + count <= 8) ++ return (struct fetch_script) ++ { cvt, FETCH_HFA, sz, hfa_t, count }; ++ return (struct fetch_script) ++ { cvt, FETCH_STACK, sz, hfa_t, count }; ++ } ++ ++ if (sz <= 16) { ++ size_t count = sz / 8; ++ if (context->ngrn + count <= 8) ++ return (struct fetch_script) ++ { cvt, FETCH_GPR, sz }; ++ } ++ ++ cvt = CVT_BYREF; ++ sz = 8; ++ /* Fall through. */ ++ ++ case ARGTYPE_POINTER: ++ case ARGTYPE_INT: ++ case ARGTYPE_UINT: ++ case ARGTYPE_LONG: ++ case ARGTYPE_ULONG: ++ case ARGTYPE_CHAR: ++ case ARGTYPE_SHORT: ++ case ARGTYPE_USHORT: ++ if (context->ngrn < 8 && sz <= 8) ++ return (struct fetch_script) { cvt, FETCH_GPR, sz }; ++ /* We don't support types wider than 8 bytes as of ++ * now. */ ++ assert(sz <= 8); ++ ++ return (struct fetch_script) { cvt, FETCH_STACK, sz }; ++ ++ case ARGTYPE_FLOAT: ++ case ARGTYPE_DOUBLE: ++ if (context->nsrn < 8) { ++ /* ltrace doesn't support float128. */ ++ assert(sz <= 8); ++ return (struct fetch_script) { cvt, FETCH_SSE, sz }; ++ } ++ ++ return (struct fetch_script) { cvt, FETCH_STACK, sz }; ++ } ++ ++ assert(! "Failed to allocate argument."); ++ abort(); ++} ++ ++static int ++convert_arg(struct value *value, struct fetch_script how) ++{ ++ switch (how.c) { ++ case CVT_NOP: ++ return 0; ++ case CVT_BYREF: ++ return value_pass_by_reference(value); ++ case CVT_ERR: ++ return -1; ++ } ++ ++ assert(! "Don't know how to convert argument."); ++ abort(); ++} ++ ++static int ++fetch_arg(struct fetch_context *context, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value, struct fetch_script how) ++{ ++ if (convert_arg(value, how) < 0) ++ return -1; ++ ++ switch (how.f) { ++ case FETCH_NOP: ++ return 0; ++ ++ case FETCH_STACK: ++ if (how.hfa_t != NULL && how.count != 0 && how.count <= 8) ++ context->nsrn = 8; ++ return fetch_stack(context, value, ++ type_alignof(proc, info), how.sz); ++ ++ case FETCH_GPR: ++ return fetch_gpr(context, value, how.sz); ++ ++ case FETCH_SSE: ++ return fetch_sse(context, value, how.sz); ++ ++ case FETCH_HFA: ++ return fetch_hfa(context, value, how.hfa_t, how.count); ++ } ++ ++ assert(! "Don't know how to fetch argument."); ++ abort(); ++} ++ ++struct fetch_context * ++arch_fetch_arg_init(enum tof type, struct Process *proc, ++ struct arg_type_info *ret_info) ++{ ++ struct fetch_context *context = malloc(sizeof *context); ++ if (context == NULL || context_init(context, proc) < 0) { ++ fail: ++ free(context); ++ return NULL; ++ } ++ ++ /* There's a provision in ARMv8 parameter passing convention ++ * for returning types that, if passed as first argument to a ++ * function, would be passed on stack. For those types, x8 ++ * contains an address where the return argument should be ++ * placed. The callee doesn't need to preserve the value of ++ * x8, so we need to fetch it now. ++ * ++ * To my knowledge, there are currently no types where this ++ * holds, but the code is here, utterly untested. */ ++ ++ struct fetch_script how = pass_arg(context, proc, ret_info); ++ if (how.c == CVT_ERR) ++ goto fail; ++ if (how.c == CVT_NOP && how.f == FETCH_STACK) { ++ /* XXX double cast. */ ++ context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8]; ++ /* See the comment above about the assert. */ ++ assert(! "Unexpected: first argument passed on stack."); ++ abort(); ++ } ++ ++ return context; ++} ++ ++int ++arch_fetch_arg_next(struct fetch_context *context, enum tof type, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value) ++{ ++ return fetch_arg(context, proc, info, value, ++ pass_arg(context, proc, info)); ++} ++ ++int ++arch_fetch_retval(struct fetch_context *context, enum tof type, ++ struct Process *proc, struct arg_type_info *info, ++ struct value *value) ++{ ++ if (context->x8 != 0) { ++ value_in_inferior(value, context->x8); ++ return 0; ++ } ++ ++ if (context_init(context, proc) < 0) ++ return -1; ++ ++ return fetch_arg(context, proc, info, value, ++ pass_arg(context, proc, info)); ++} ++ ++void ++arch_fetch_arg_done(struct fetch_context *context) ++{ ++ if (context != NULL) ++ free(context); ++} ++ ++size_t ++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg) ++{ ++ return (size_t) -2; ++} ++ ++size_t ++arch_type_alignof(struct Process *proc, struct arg_type_info *arg) ++{ ++ return (size_t) -2; ++} +diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c +new file mode 100644 +index 0000000..29dc4c9 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/plt.c +@@ -0,0 +1,38 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <gelf.h> ++ ++#include "backend.h" ++#include "proc.h" ++#include "library.h" ++#include "ltrace-elf.h" ++ ++arch_addr_t ++sym2addr(struct Process *proc, struct library_symbol *sym) ++{ ++ return sym->enter_addr; ++} ++ ++GElf_Addr ++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela) ++{ ++ return lte->plt_addr + 32 + ndx * 16; ++} +diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h +new file mode 100644 +index 0000000..283c314 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/ptrace.h +@@ -0,0 +1,22 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> +diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c +new file mode 100644 +index 0000000..06eb72b +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/regs.c +@@ -0,0 +1,131 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <asm/ptrace.h> ++#include <linux/uio.h> ++#include <assert.h> ++#include <stdlib.h> ++#include <stdio.h> ++ ++#include "backend.h" ++#include "proc.h" ++ ++#define PC_OFF (32 * 4) ++ ++int ++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs) ++{ ++ *regs = (struct user_pt_regs) {}; ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++int ++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs) ++{ ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++int ++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs) ++{ ++ *regs = (struct user_fpsimd_state) {}; ++ struct iovec iovec; ++ iovec.iov_base = regs; ++ iovec.iov_len = sizeof *regs; ++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0 ++ ? -1 : 0; ++} ++ ++arch_addr_t ++get_instruction_pointer(struct Process *proc) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* ++ char buf[128]; ++ sprintf(buf, "cat /proc/%d/maps", proc->pid); ++ system(buf); ++ */ ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.pc; ++} ++ ++void ++set_instruction_pointer(struct Process *proc, arch_addr_t addr) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return; ++ } ++ ++ /* XXX double cast */ ++ regs.pc = (uint64_t) (uintptr_t) addr; ++ ++ if (aarch64_write_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_instruction_pointer: " ++ "Couldn't write registers of %d.\n", proc->pid); ++ return; ++ } ++} ++ ++arch_addr_t ++get_stack_pointer(struct Process *proc) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_stack_pointer: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.sp; ++} ++ ++arch_addr_t ++get_return_addr(struct Process *proc, arch_addr_t stack_pointer) ++{ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "get_return_addr: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return 0; ++ } ++ ++ /* XXX double cast */ ++ return (arch_addr_t) (uintptr_t) regs.regs[30]; ++} +diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h +new file mode 100644 +index 0000000..bf56ebc +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/signalent.h +@@ -0,0 +1,52 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2006 Ian Wienand ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++ "SIG_0", /* 0 */ ++ "SIGHUP", /* 1 */ ++ "SIGINT", /* 2 */ ++ "SIGQUIT", /* 3 */ ++ "SIGILL", /* 4 */ ++ "SIGTRAP", /* 5 */ ++ "SIGABRT", /* 6 */ ++ "SIGBUS", /* 7 */ ++ "SIGFPE", /* 8 */ ++ "SIGKILL", /* 9 */ ++ "SIGUSR1", /* 10 */ ++ "SIGSEGV", /* 11 */ ++ "SIGUSR2", /* 12 */ ++ "SIGPIPE", /* 13 */ ++ "SIGALRM", /* 14 */ ++ "SIGTERM", /* 15 */ ++ "SIGSTKFLT", /* 16 */ ++ "SIGCHLD", /* 17 */ ++ "SIGCONT", /* 18 */ ++ "SIGSTOP", /* 19 */ ++ "SIGTSTP", /* 20 */ ++ "SIGTTIN", /* 21 */ ++ "SIGTTOU", /* 22 */ ++ "SIGURG", /* 23 */ ++ "SIGXCPU", /* 24 */ ++ "SIGXFSZ", /* 25 */ ++ "SIGVTALRM", /* 26 */ ++ "SIGPROF", /* 27 */ ++ "SIGWINCH", /* 28 */ ++ "SIGIO", /* 29 */ ++ "SIGPWR", /* 30 */ ++ "SIGSYS", /* 31 */ +diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h +new file mode 100644 +index 0000000..aca8191 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/syscallent.h +@@ -0,0 +1,1100 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++ "io_setup", /* 0 */ ++ "io_destroy", /* 1 */ ++ "io_submit", /* 2 */ ++ "io_cancel", /* 3 */ ++ "io_getevents", /* 4 */ ++ "setxattr", /* 5 */ ++ "lsetxattr", /* 6 */ ++ "fsetxattr", /* 7 */ ++ "getxattr", /* 8 */ ++ "lgetxattr", /* 9 */ ++ "fgetxattr", /* 10 */ ++ "listxattr", /* 11 */ ++ "llistxattr", /* 12 */ ++ "flistxattr", /* 13 */ ++ "removexattr", /* 14 */ ++ "lremovexattr", /* 15 */ ++ "fremovexattr", /* 16 */ ++ "getcwd", /* 17 */ ++ "lookup_dcookie", /* 18 */ ++ "eventfd2", /* 19 */ ++ "epoll_create1", /* 20 */ ++ "epoll_ctl", /* 21 */ ++ "epoll_pwait", /* 22 */ ++ "dup", /* 23 */ ++ "dup3", /* 24 */ ++ "fcntl", /* 25 */ ++ "inotify_init1", /* 26 */ ++ "inotify_add_watch", /* 27 */ ++ "inotify_rm_watch", /* 28 */ ++ "ioctl", /* 29 */ ++ "ioprio_set", /* 30 */ ++ "ioprio_get", /* 31 */ ++ "flock", /* 32 */ ++ "mknodat", /* 33 */ ++ "mkdirat", /* 34 */ ++ "unlinkat", /* 35 */ ++ "symlinkat", /* 36 */ ++ "linkat", /* 37 */ ++ "renameat", /* 38 */ ++ "umount2", /* 39 */ ++ "mount", /* 40 */ ++ "pivot_root", /* 41 */ ++ "nfsservctl", /* 42 */ ++ "statfs", /* 43 */ ++ "fstatfs", /* 44 */ ++ "truncate", /* 45 */ ++ "ftruncate", /* 46 */ ++ "fallocate", /* 47 */ ++ "faccessat", /* 48 */ ++ "chdir", /* 49 */ ++ "fchdir", /* 50 */ ++ "chroot", /* 51 */ ++ "fchmod", /* 52 */ ++ "fchmodat", /* 53 */ ++ "fchownat", /* 54 */ ++ "fchown", /* 55 */ ++ "openat", /* 56 */ ++ "close", /* 57 */ ++ "vhangup", /* 58 */ ++ "pipe2", /* 59 */ ++ "quotactl", /* 60 */ ++ "getdents64", /* 61 */ ++ "lseek", /* 62 */ ++ "read", /* 63 */ ++ "write", /* 64 */ ++ "readv", /* 65 */ ++ "writev", /* 66 */ ++ "pread64", /* 67 */ ++ "pwrite64", /* 68 */ ++ "preadv", /* 69 */ ++ "pwritev", /* 70 */ ++ "sendfile", /* 71 */ ++ "pselect6", /* 72 */ ++ "ppoll", /* 73 */ ++ "signalfd4", /* 74 */ ++ "vmsplice", /* 75 */ ++ "splice", /* 76 */ ++ "tee", /* 77 */ ++ "readlinkat", /* 78 */ ++ "fstatat", /* 79 */ ++ "fstat", /* 80 */ ++ "sync", /* 81 */ ++ "fsync", /* 82 */ ++ "fdatasync", /* 83 */ ++ "sync_file_range", /* 84 */ ++ "timerfd_create", /* 85 */ ++ "timerfd_settime", /* 86 */ ++ "timerfd_gettime", /* 87 */ ++ "utimensat", /* 88 */ ++ "acct", /* 89 */ ++ "capget", /* 90 */ ++ "capset", /* 91 */ ++ "personality", /* 92 */ ++ "exit", /* 93 */ ++ "exit_group", /* 94 */ ++ "waitid", /* 95 */ ++ "set_tid_address", /* 96 */ ++ "unshare", /* 97 */ ++ "futex", /* 98 */ ++ "set_robust_list", /* 99 */ ++ "get_robust_list", /* 100 */ ++ "nanosleep", /* 101 */ ++ "getitimer", /* 102 */ ++ "setitimer", /* 103 */ ++ "kexec_load", /* 104 */ ++ "init_module", /* 105 */ ++ "delete_module", /* 106 */ ++ "timer_create", /* 107 */ ++ "timer_gettime", /* 108 */ ++ "timer_getoverrun", /* 109 */ ++ "timer_settime", /* 110 */ ++ "timer_delete", /* 111 */ ++ "clock_settime", /* 112 */ ++ "clock_gettime", /* 113 */ ++ "clock_getres", /* 114 */ ++ "clock_nanosleep", /* 115 */ ++ "syslog", /* 116 */ ++ "ptrace", /* 117 */ ++ "sched_setparam", /* 118 */ ++ "sched_setscheduler", /* 119 */ ++ "sched_getscheduler", /* 120 */ ++ "sched_getparam", /* 121 */ ++ "sched_setaffinity", /* 122 */ ++ "sched_getaffinity", /* 123 */ ++ "sched_yield", /* 124 */ ++ "sched_get_priority_max", /* 125 */ ++ "sched_get_priority_min", /* 126 */ ++ "sched_rr_get_interval", /* 127 */ ++ "restart_syscall", /* 128 */ ++ "kill", /* 129 */ ++ "tkill", /* 130 */ ++ "tgkill", /* 131 */ ++ "sigaltstack", /* 132 */ ++ "rt_sigsuspend", /* 133 */ ++ "rt_sigaction", /* 134 */ ++ "rt_sigprocmask", /* 135 */ ++ "rt_sigpending", /* 136 */ ++ "rt_sigtimedwait", /* 137 */ ++ "rt_sigqueueinfo", /* 138 */ ++ "rt_sigreturn", /* 139 */ ++ "setpriority", /* 140 */ ++ "getpriority", /* 141 */ ++ "reboot", /* 142 */ ++ "setregid", /* 143 */ ++ "setgid", /* 144 */ ++ "setreuid", /* 145 */ ++ "setuid", /* 146 */ ++ "setresuid", /* 147 */ ++ "getresuid", /* 148 */ ++ "setresgid", /* 149 */ ++ "getresgid", /* 150 */ ++ "setfsuid", /* 151 */ ++ "setfsgid", /* 152 */ ++ "times", /* 153 */ ++ "setpgid", /* 154 */ ++ "getpgid", /* 155 */ ++ "getsid", /* 156 */ ++ "setsid", /* 157 */ ++ "getgroups", /* 158 */ ++ "setgroups", /* 159 */ ++ "uname", /* 160 */ ++ "sethostname", /* 161 */ ++ "setdomainname", /* 162 */ ++ "getrlimit", /* 163 */ ++ "setrlimit", /* 164 */ ++ "getrusage", /* 165 */ ++ "umask", /* 166 */ ++ "prctl", /* 167 */ ++ "getcpu", /* 168 */ ++ "gettimeofday", /* 169 */ ++ "settimeofday", /* 170 */ ++ "adjtimex", /* 171 */ ++ "getpid", /* 172 */ ++ "getppid", /* 173 */ ++ "getuid", /* 174 */ ++ "geteuid", /* 175 */ ++ "getgid", /* 176 */ ++ "getegid", /* 177 */ ++ "gettid", /* 178 */ ++ "sysinfo", /* 179 */ ++ "mq_open", /* 180 */ ++ "mq_unlink", /* 181 */ ++ "mq_timedsend", /* 182 */ ++ "mq_timedreceive", /* 183 */ ++ "mq_notify", /* 184 */ ++ "mq_getsetattr", /* 185 */ ++ "msgget", /* 186 */ ++ "msgctl", /* 187 */ ++ "msgrcv", /* 188 */ ++ "msgsnd", /* 189 */ ++ "semget", /* 190 */ ++ "semctl", /* 191 */ ++ "semtimedop", /* 192 */ ++ "semop", /* 193 */ ++ "shmget", /* 194 */ ++ "shmctl", /* 195 */ ++ "shmat", /* 196 */ ++ "shmdt", /* 197 */ ++ "socket", /* 198 */ ++ "socketpair", /* 199 */ ++ "bind", /* 200 */ ++ "listen", /* 201 */ ++ "accept", /* 202 */ ++ "connect", /* 203 */ ++ "getsockname", /* 204 */ ++ "getpeername", /* 205 */ ++ "sendto", /* 206 */ ++ "recvfrom", /* 207 */ ++ "setsockopt", /* 208 */ ++ "getsockopt", /* 209 */ ++ "shutdown", /* 210 */ ++ "sendmsg", /* 211 */ ++ "recvmsg", /* 212 */ ++ "readahead", /* 213 */ ++ "brk", /* 214 */ ++ "munmap", /* 215 */ ++ "mremap", /* 216 */ ++ "add_key", /* 217 */ ++ "request_key", /* 218 */ ++ "keyctl", /* 219 */ ++ "clone", /* 220 */ ++ "execve", /* 221 */ ++ "mmap", /* 222 */ ++ "fadvise64", /* 223 */ ++ "swapon", /* 224 */ ++ "swapoff", /* 225 */ ++ "mprotect", /* 226 */ ++ "msync", /* 227 */ ++ "mlock", /* 228 */ ++ "munlock", /* 229 */ ++ "mlockall", /* 230 */ ++ "munlockall", /* 231 */ ++ "mincore", /* 232 */ ++ "madvise", /* 233 */ ++ "remap_file_pages", /* 234 */ ++ "mbind", /* 235 */ ++ "get_mempolicy", /* 236 */ ++ "set_mempolicy", /* 237 */ ++ "migrate_pages", /* 238 */ ++ "move_pages", /* 239 */ ++ "rt_tgsigqueueinfo", /* 240 */ ++ "perf_event_open", /* 241 */ ++ "accept4", /* 242 */ ++ "recvmmsg", /* 243 */ ++ "arch_specific_syscall", /* 244 */ ++ "245", /* 245 */ ++ "246", /* 246 */ ++ "247", /* 247 */ ++ "248", /* 248 */ ++ "249", /* 249 */ ++ "250", /* 250 */ ++ "251", /* 251 */ ++ "252", /* 252 */ ++ "253", /* 253 */ ++ "254", /* 254 */ ++ "255", /* 255 */ ++ "256", /* 256 */ ++ "257", /* 257 */ ++ "258", /* 258 */ ++ "259", /* 259 */ ++ "wait4", /* 260 */ ++ "prlimit64", /* 261 */ ++ "fanotify_init", /* 262 */ ++ "fanotify_mark", /* 263 */ ++ "name_to_handle_at", /* 264 */ ++ "open_by_handle_at", /* 265 */ ++ "clock_adjtime", /* 266 */ ++ "syncfs", /* 267 */ ++ "setns", /* 268 */ ++ "sendmmsg", /* 269 */ ++ "process_vm_readv", /* 270 */ ++ "process_vm_writev", /* 271 */ ++ "kcmp", /* 272 */ ++ "finit_module", /* 273 */ ++ "syscalls", /* 274 */ ++ "275", /* 275 */ ++ "276", /* 276 */ ++ "277", /* 277 */ ++ "278", /* 278 */ ++ "279", /* 279 */ ++ "280", /* 280 */ ++ "281", /* 281 */ ++ "282", /* 282 */ ++ "283", /* 283 */ ++ "284", /* 284 */ ++ "285", /* 285 */ ++ "286", /* 286 */ ++ "287", /* 287 */ ++ "288", /* 288 */ ++ "289", /* 289 */ ++ "290", /* 290 */ ++ "291", /* 291 */ ++ "292", /* 292 */ ++ "293", /* 293 */ ++ "294", /* 294 */ ++ "295", /* 295 */ ++ "296", /* 296 */ ++ "297", /* 297 */ ++ "298", /* 298 */ ++ "299", /* 299 */ ++ "300", /* 300 */ ++ "301", /* 301 */ ++ "302", /* 302 */ ++ "303", /* 303 */ ++ "304", /* 304 */ ++ "305", /* 305 */ ++ "306", /* 306 */ ++ "307", /* 307 */ ++ "308", /* 308 */ ++ "309", /* 309 */ ++ "310", /* 310 */ ++ "311", /* 311 */ ++ "312", /* 312 */ ++ "313", /* 313 */ ++ "314", /* 314 */ ++ "315", /* 315 */ ++ "316", /* 316 */ ++ "317", /* 317 */ ++ "318", /* 318 */ ++ "319", /* 319 */ ++ "320", /* 320 */ ++ "321", /* 321 */ ++ "322", /* 322 */ ++ "323", /* 323 */ ++ "324", /* 324 */ ++ "325", /* 325 */ ++ "326", /* 326 */ ++ "327", /* 327 */ ++ "328", /* 328 */ ++ "329", /* 329 */ ++ "330", /* 330 */ ++ "331", /* 331 */ ++ "332", /* 332 */ ++ "333", /* 333 */ ++ "334", /* 334 */ ++ "335", /* 335 */ ++ "336", /* 336 */ ++ "337", /* 337 */ ++ "338", /* 338 */ ++ "339", /* 339 */ ++ "340", /* 340 */ ++ "341", /* 341 */ ++ "342", /* 342 */ ++ "343", /* 343 */ ++ "344", /* 344 */ ++ "345", /* 345 */ ++ "346", /* 346 */ ++ "347", /* 347 */ ++ "348", /* 348 */ ++ "349", /* 349 */ ++ "350", /* 350 */ ++ "351", /* 351 */ ++ "352", /* 352 */ ++ "353", /* 353 */ ++ "354", /* 354 */ ++ "355", /* 355 */ ++ "356", /* 356 */ ++ "357", /* 357 */ ++ "358", /* 358 */ ++ "359", /* 359 */ ++ "360", /* 360 */ ++ "361", /* 361 */ ++ "362", /* 362 */ ++ "363", /* 363 */ ++ "364", /* 364 */ ++ "365", /* 365 */ ++ "366", /* 366 */ ++ "367", /* 367 */ ++ "368", /* 368 */ ++ "369", /* 369 */ ++ "370", /* 370 */ ++ "371", /* 371 */ ++ "372", /* 372 */ ++ "373", /* 373 */ ++ "374", /* 374 */ ++ "375", /* 375 */ ++ "376", /* 376 */ ++ "377", /* 377 */ ++ "378", /* 378 */ ++ "379", /* 379 */ ++ "380", /* 380 */ ++ "381", /* 381 */ ++ "382", /* 382 */ ++ "383", /* 383 */ ++ "384", /* 384 */ ++ "385", /* 385 */ ++ "386", /* 386 */ ++ "387", /* 387 */ ++ "388", /* 388 */ ++ "389", /* 389 */ ++ "390", /* 390 */ ++ "391", /* 391 */ ++ "392", /* 392 */ ++ "393", /* 393 */ ++ "394", /* 394 */ ++ "395", /* 395 */ ++ "396", /* 396 */ ++ "397", /* 397 */ ++ "398", /* 398 */ ++ "399", /* 399 */ ++ "400", /* 400 */ ++ "401", /* 401 */ ++ "402", /* 402 */ ++ "403", /* 403 */ ++ "404", /* 404 */ ++ "405", /* 405 */ ++ "406", /* 406 */ ++ "407", /* 407 */ ++ "408", /* 408 */ ++ "409", /* 409 */ ++ "410", /* 410 */ ++ "411", /* 411 */ ++ "412", /* 412 */ ++ "413", /* 413 */ ++ "414", /* 414 */ ++ "415", /* 415 */ ++ "416", /* 416 */ ++ "417", /* 417 */ ++ "418", /* 418 */ ++ "419", /* 419 */ ++ "420", /* 420 */ ++ "421", /* 421 */ ++ "422", /* 422 */ ++ "423", /* 423 */ ++ "424", /* 424 */ ++ "425", /* 425 */ ++ "426", /* 426 */ ++ "427", /* 427 */ ++ "428", /* 428 */ ++ "429", /* 429 */ ++ "430", /* 430 */ ++ "431", /* 431 */ ++ "432", /* 432 */ ++ "433", /* 433 */ ++ "434", /* 434 */ ++ "435", /* 435 */ ++ "436", /* 436 */ ++ "437", /* 437 */ ++ "438", /* 438 */ ++ "439", /* 439 */ ++ "440", /* 440 */ ++ "441", /* 441 */ ++ "442", /* 442 */ ++ "443", /* 443 */ ++ "444", /* 444 */ ++ "445", /* 445 */ ++ "446", /* 446 */ ++ "447", /* 447 */ ++ "448", /* 448 */ ++ "449", /* 449 */ ++ "450", /* 450 */ ++ "451", /* 451 */ ++ "452", /* 452 */ ++ "453", /* 453 */ ++ "454", /* 454 */ ++ "455", /* 455 */ ++ "456", /* 456 */ ++ "457", /* 457 */ ++ "458", /* 458 */ ++ "459", /* 459 */ ++ "460", /* 460 */ ++ "461", /* 461 */ ++ "462", /* 462 */ ++ "463", /* 463 */ ++ "464", /* 464 */ ++ "465", /* 465 */ ++ "466", /* 466 */ ++ "467", /* 467 */ ++ "468", /* 468 */ ++ "469", /* 469 */ ++ "470", /* 470 */ ++ "471", /* 471 */ ++ "472", /* 472 */ ++ "473", /* 473 */ ++ "474", /* 474 */ ++ "475", /* 475 */ ++ "476", /* 476 */ ++ "477", /* 477 */ ++ "478", /* 478 */ ++ "479", /* 479 */ ++ "480", /* 480 */ ++ "481", /* 481 */ ++ "482", /* 482 */ ++ "483", /* 483 */ ++ "484", /* 484 */ ++ "485", /* 485 */ ++ "486", /* 486 */ ++ "487", /* 487 */ ++ "488", /* 488 */ ++ "489", /* 489 */ ++ "490", /* 490 */ ++ "491", /* 491 */ ++ "492", /* 492 */ ++ "493", /* 493 */ ++ "494", /* 494 */ ++ "495", /* 495 */ ++ "496", /* 496 */ ++ "497", /* 497 */ ++ "498", /* 498 */ ++ "499", /* 499 */ ++ "500", /* 500 */ ++ "501", /* 501 */ ++ "502", /* 502 */ ++ "503", /* 503 */ ++ "504", /* 504 */ ++ "505", /* 505 */ ++ "506", /* 506 */ ++ "507", /* 507 */ ++ "508", /* 508 */ ++ "509", /* 509 */ ++ "510", /* 510 */ ++ "511", /* 511 */ ++ "512", /* 512 */ ++ "513", /* 513 */ ++ "514", /* 514 */ ++ "515", /* 515 */ ++ "516", /* 516 */ ++ "517", /* 517 */ ++ "518", /* 518 */ ++ "519", /* 519 */ ++ "520", /* 520 */ ++ "521", /* 521 */ ++ "522", /* 522 */ ++ "523", /* 523 */ ++ "524", /* 524 */ ++ "525", /* 525 */ ++ "526", /* 526 */ ++ "527", /* 527 */ ++ "528", /* 528 */ ++ "529", /* 529 */ ++ "530", /* 530 */ ++ "531", /* 531 */ ++ "532", /* 532 */ ++ "533", /* 533 */ ++ "534", /* 534 */ ++ "535", /* 535 */ ++ "536", /* 536 */ ++ "537", /* 537 */ ++ "538", /* 538 */ ++ "539", /* 539 */ ++ "540", /* 540 */ ++ "541", /* 541 */ ++ "542", /* 542 */ ++ "543", /* 543 */ ++ "544", /* 544 */ ++ "545", /* 545 */ ++ "546", /* 546 */ ++ "547", /* 547 */ ++ "548", /* 548 */ ++ "549", /* 549 */ ++ "550", /* 550 */ ++ "551", /* 551 */ ++ "552", /* 552 */ ++ "553", /* 553 */ ++ "554", /* 554 */ ++ "555", /* 555 */ ++ "556", /* 556 */ ++ "557", /* 557 */ ++ "558", /* 558 */ ++ "559", /* 559 */ ++ "560", /* 560 */ ++ "561", /* 561 */ ++ "562", /* 562 */ ++ "563", /* 563 */ ++ "564", /* 564 */ ++ "565", /* 565 */ ++ "566", /* 566 */ ++ "567", /* 567 */ ++ "568", /* 568 */ ++ "569", /* 569 */ ++ "570", /* 570 */ ++ "571", /* 571 */ ++ "572", /* 572 */ ++ "573", /* 573 */ ++ "574", /* 574 */ ++ "575", /* 575 */ ++ "576", /* 576 */ ++ "577", /* 577 */ ++ "578", /* 578 */ ++ "579", /* 579 */ ++ "580", /* 580 */ ++ "581", /* 581 */ ++ "582", /* 582 */ ++ "583", /* 583 */ ++ "584", /* 584 */ ++ "585", /* 585 */ ++ "586", /* 586 */ ++ "587", /* 587 */ ++ "588", /* 588 */ ++ "589", /* 589 */ ++ "590", /* 590 */ ++ "591", /* 591 */ ++ "592", /* 592 */ ++ "593", /* 593 */ ++ "594", /* 594 */ ++ "595", /* 595 */ ++ "596", /* 596 */ ++ "597", /* 597 */ ++ "598", /* 598 */ ++ "599", /* 599 */ ++ "600", /* 600 */ ++ "601", /* 601 */ ++ "602", /* 602 */ ++ "603", /* 603 */ ++ "604", /* 604 */ ++ "605", /* 605 */ ++ "606", /* 606 */ ++ "607", /* 607 */ ++ "608", /* 608 */ ++ "609", /* 609 */ ++ "610", /* 610 */ ++ "611", /* 611 */ ++ "612", /* 612 */ ++ "613", /* 613 */ ++ "614", /* 614 */ ++ "615", /* 615 */ ++ "616", /* 616 */ ++ "617", /* 617 */ ++ "618", /* 618 */ ++ "619", /* 619 */ ++ "620", /* 620 */ ++ "621", /* 621 */ ++ "622", /* 622 */ ++ "623", /* 623 */ ++ "624", /* 624 */ ++ "625", /* 625 */ ++ "626", /* 626 */ ++ "627", /* 627 */ ++ "628", /* 628 */ ++ "629", /* 629 */ ++ "630", /* 630 */ ++ "631", /* 631 */ ++ "632", /* 632 */ ++ "633", /* 633 */ ++ "634", /* 634 */ ++ "635", /* 635 */ ++ "636", /* 636 */ ++ "637", /* 637 */ ++ "638", /* 638 */ ++ "639", /* 639 */ ++ "640", /* 640 */ ++ "641", /* 641 */ ++ "642", /* 642 */ ++ "643", /* 643 */ ++ "644", /* 644 */ ++ "645", /* 645 */ ++ "646", /* 646 */ ++ "647", /* 647 */ ++ "648", /* 648 */ ++ "649", /* 649 */ ++ "650", /* 650 */ ++ "651", /* 651 */ ++ "652", /* 652 */ ++ "653", /* 653 */ ++ "654", /* 654 */ ++ "655", /* 655 */ ++ "656", /* 656 */ ++ "657", /* 657 */ ++ "658", /* 658 */ ++ "659", /* 659 */ ++ "660", /* 660 */ ++ "661", /* 661 */ ++ "662", /* 662 */ ++ "663", /* 663 */ ++ "664", /* 664 */ ++ "665", /* 665 */ ++ "666", /* 666 */ ++ "667", /* 667 */ ++ "668", /* 668 */ ++ "669", /* 669 */ ++ "670", /* 670 */ ++ "671", /* 671 */ ++ "672", /* 672 */ ++ "673", /* 673 */ ++ "674", /* 674 */ ++ "675", /* 675 */ ++ "676", /* 676 */ ++ "677", /* 677 */ ++ "678", /* 678 */ ++ "679", /* 679 */ ++ "680", /* 680 */ ++ "681", /* 681 */ ++ "682", /* 682 */ ++ "683", /* 683 */ ++ "684", /* 684 */ ++ "685", /* 685 */ ++ "686", /* 686 */ ++ "687", /* 687 */ ++ "688", /* 688 */ ++ "689", /* 689 */ ++ "690", /* 690 */ ++ "691", /* 691 */ ++ "692", /* 692 */ ++ "693", /* 693 */ ++ "694", /* 694 */ ++ "695", /* 695 */ ++ "696", /* 696 */ ++ "697", /* 697 */ ++ "698", /* 698 */ ++ "699", /* 699 */ ++ "700", /* 700 */ ++ "701", /* 701 */ ++ "702", /* 702 */ ++ "703", /* 703 */ ++ "704", /* 704 */ ++ "705", /* 705 */ ++ "706", /* 706 */ ++ "707", /* 707 */ ++ "708", /* 708 */ ++ "709", /* 709 */ ++ "710", /* 710 */ ++ "711", /* 711 */ ++ "712", /* 712 */ ++ "713", /* 713 */ ++ "714", /* 714 */ ++ "715", /* 715 */ ++ "716", /* 716 */ ++ "717", /* 717 */ ++ "718", /* 718 */ ++ "719", /* 719 */ ++ "720", /* 720 */ ++ "721", /* 721 */ ++ "722", /* 722 */ ++ "723", /* 723 */ ++ "724", /* 724 */ ++ "725", /* 725 */ ++ "726", /* 726 */ ++ "727", /* 727 */ ++ "728", /* 728 */ ++ "729", /* 729 */ ++ "730", /* 730 */ ++ "731", /* 731 */ ++ "732", /* 732 */ ++ "733", /* 733 */ ++ "734", /* 734 */ ++ "735", /* 735 */ ++ "736", /* 736 */ ++ "737", /* 737 */ ++ "738", /* 738 */ ++ "739", /* 739 */ ++ "740", /* 740 */ ++ "741", /* 741 */ ++ "742", /* 742 */ ++ "743", /* 743 */ ++ "744", /* 744 */ ++ "745", /* 745 */ ++ "746", /* 746 */ ++ "747", /* 747 */ ++ "748", /* 748 */ ++ "749", /* 749 */ ++ "750", /* 750 */ ++ "751", /* 751 */ ++ "752", /* 752 */ ++ "753", /* 753 */ ++ "754", /* 754 */ ++ "755", /* 755 */ ++ "756", /* 756 */ ++ "757", /* 757 */ ++ "758", /* 758 */ ++ "759", /* 759 */ ++ "760", /* 760 */ ++ "761", /* 761 */ ++ "762", /* 762 */ ++ "763", /* 763 */ ++ "764", /* 764 */ ++ "765", /* 765 */ ++ "766", /* 766 */ ++ "767", /* 767 */ ++ "768", /* 768 */ ++ "769", /* 769 */ ++ "770", /* 770 */ ++ "771", /* 771 */ ++ "772", /* 772 */ ++ "773", /* 773 */ ++ "774", /* 774 */ ++ "775", /* 775 */ ++ "776", /* 776 */ ++ "777", /* 777 */ ++ "778", /* 778 */ ++ "779", /* 779 */ ++ "780", /* 780 */ ++ "781", /* 781 */ ++ "782", /* 782 */ ++ "783", /* 783 */ ++ "784", /* 784 */ ++ "785", /* 785 */ ++ "786", /* 786 */ ++ "787", /* 787 */ ++ "788", /* 788 */ ++ "789", /* 789 */ ++ "790", /* 790 */ ++ "791", /* 791 */ ++ "792", /* 792 */ ++ "793", /* 793 */ ++ "794", /* 794 */ ++ "795", /* 795 */ ++ "796", /* 796 */ ++ "797", /* 797 */ ++ "798", /* 798 */ ++ "799", /* 799 */ ++ "800", /* 800 */ ++ "801", /* 801 */ ++ "802", /* 802 */ ++ "803", /* 803 */ ++ "804", /* 804 */ ++ "805", /* 805 */ ++ "806", /* 806 */ ++ "807", /* 807 */ ++ "808", /* 808 */ ++ "809", /* 809 */ ++ "810", /* 810 */ ++ "811", /* 811 */ ++ "812", /* 812 */ ++ "813", /* 813 */ ++ "814", /* 814 */ ++ "815", /* 815 */ ++ "816", /* 816 */ ++ "817", /* 817 */ ++ "818", /* 818 */ ++ "819", /* 819 */ ++ "820", /* 820 */ ++ "821", /* 821 */ ++ "822", /* 822 */ ++ "823", /* 823 */ ++ "824", /* 824 */ ++ "825", /* 825 */ ++ "826", /* 826 */ ++ "827", /* 827 */ ++ "828", /* 828 */ ++ "829", /* 829 */ ++ "830", /* 830 */ ++ "831", /* 831 */ ++ "832", /* 832 */ ++ "833", /* 833 */ ++ "834", /* 834 */ ++ "835", /* 835 */ ++ "836", /* 836 */ ++ "837", /* 837 */ ++ "838", /* 838 */ ++ "839", /* 839 */ ++ "840", /* 840 */ ++ "841", /* 841 */ ++ "842", /* 842 */ ++ "843", /* 843 */ ++ "844", /* 844 */ ++ "845", /* 845 */ ++ "846", /* 846 */ ++ "847", /* 847 */ ++ "848", /* 848 */ ++ "849", /* 849 */ ++ "850", /* 850 */ ++ "851", /* 851 */ ++ "852", /* 852 */ ++ "853", /* 853 */ ++ "854", /* 854 */ ++ "855", /* 855 */ ++ "856", /* 856 */ ++ "857", /* 857 */ ++ "858", /* 858 */ ++ "859", /* 859 */ ++ "860", /* 860 */ ++ "861", /* 861 */ ++ "862", /* 862 */ ++ "863", /* 863 */ ++ "864", /* 864 */ ++ "865", /* 865 */ ++ "866", /* 866 */ ++ "867", /* 867 */ ++ "868", /* 868 */ ++ "869", /* 869 */ ++ "870", /* 870 */ ++ "871", /* 871 */ ++ "872", /* 872 */ ++ "873", /* 873 */ ++ "874", /* 874 */ ++ "875", /* 875 */ ++ "876", /* 876 */ ++ "877", /* 877 */ ++ "878", /* 878 */ ++ "879", /* 879 */ ++ "880", /* 880 */ ++ "881", /* 881 */ ++ "882", /* 882 */ ++ "883", /* 883 */ ++ "884", /* 884 */ ++ "885", /* 885 */ ++ "886", /* 886 */ ++ "887", /* 887 */ ++ "888", /* 888 */ ++ "889", /* 889 */ ++ "890", /* 890 */ ++ "891", /* 891 */ ++ "892", /* 892 */ ++ "893", /* 893 */ ++ "894", /* 894 */ ++ "895", /* 895 */ ++ "896", /* 896 */ ++ "897", /* 897 */ ++ "898", /* 898 */ ++ "899", /* 899 */ ++ "900", /* 900 */ ++ "901", /* 901 */ ++ "902", /* 902 */ ++ "903", /* 903 */ ++ "904", /* 904 */ ++ "905", /* 905 */ ++ "906", /* 906 */ ++ "907", /* 907 */ ++ "908", /* 908 */ ++ "909", /* 909 */ ++ "910", /* 910 */ ++ "911", /* 911 */ ++ "912", /* 912 */ ++ "913", /* 913 */ ++ "914", /* 914 */ ++ "915", /* 915 */ ++ "916", /* 916 */ ++ "917", /* 917 */ ++ "918", /* 918 */ ++ "919", /* 919 */ ++ "920", /* 920 */ ++ "921", /* 921 */ ++ "922", /* 922 */ ++ "923", /* 923 */ ++ "924", /* 924 */ ++ "925", /* 925 */ ++ "926", /* 926 */ ++ "927", /* 927 */ ++ "928", /* 928 */ ++ "929", /* 929 */ ++ "930", /* 930 */ ++ "931", /* 931 */ ++ "932", /* 932 */ ++ "933", /* 933 */ ++ "934", /* 934 */ ++ "935", /* 935 */ ++ "936", /* 936 */ ++ "937", /* 937 */ ++ "938", /* 938 */ ++ "939", /* 939 */ ++ "940", /* 940 */ ++ "941", /* 941 */ ++ "942", /* 942 */ ++ "943", /* 943 */ ++ "944", /* 944 */ ++ "945", /* 945 */ ++ "946", /* 946 */ ++ "947", /* 947 */ ++ "948", /* 948 */ ++ "949", /* 949 */ ++ "950", /* 950 */ ++ "951", /* 951 */ ++ "952", /* 952 */ ++ "953", /* 953 */ ++ "954", /* 954 */ ++ "955", /* 955 */ ++ "956", /* 956 */ ++ "957", /* 957 */ ++ "958", /* 958 */ ++ "959", /* 959 */ ++ "960", /* 960 */ ++ "961", /* 961 */ ++ "962", /* 962 */ ++ "963", /* 963 */ ++ "964", /* 964 */ ++ "965", /* 965 */ ++ "966", /* 966 */ ++ "967", /* 967 */ ++ "968", /* 968 */ ++ "969", /* 969 */ ++ "970", /* 970 */ ++ "971", /* 971 */ ++ "972", /* 972 */ ++ "973", /* 973 */ ++ "974", /* 974 */ ++ "975", /* 975 */ ++ "976", /* 976 */ ++ "977", /* 977 */ ++ "978", /* 978 */ ++ "979", /* 979 */ ++ "980", /* 980 */ ++ "981", /* 981 */ ++ "982", /* 982 */ ++ "983", /* 983 */ ++ "984", /* 984 */ ++ "985", /* 985 */ ++ "986", /* 986 */ ++ "987", /* 987 */ ++ "988", /* 988 */ ++ "989", /* 989 */ ++ "990", /* 990 */ ++ "991", /* 991 */ ++ "992", /* 992 */ ++ "993", /* 993 */ ++ "994", /* 994 */ ++ "995", /* 995 */ ++ "996", /* 996 */ ++ "997", /* 997 */ ++ "998", /* 998 */ ++ "999", /* 999 */ ++ "1000", /* 1000 */ ++ "1001", /* 1001 */ ++ "1002", /* 1002 */ ++ "1003", /* 1003 */ ++ "1004", /* 1004 */ ++ "1005", /* 1005 */ ++ "1006", /* 1006 */ ++ "1007", /* 1007 */ ++ "1008", /* 1008 */ ++ "1009", /* 1009 */ ++ "1010", /* 1010 */ ++ "1011", /* 1011 */ ++ "1012", /* 1012 */ ++ "1013", /* 1013 */ ++ "1014", /* 1014 */ ++ "1015", /* 1015 */ ++ "1016", /* 1016 */ ++ "1017", /* 1017 */ ++ "1018", /* 1018 */ ++ "1019", /* 1019 */ ++ "1020", /* 1020 */ ++ "1021", /* 1021 */ ++ "1022", /* 1022 */ ++ "1023", /* 1023 */ ++ "open", /* 1024 */ ++ "link", /* 1025 */ ++ "unlink", /* 1026 */ ++ "mknod", /* 1027 */ ++ "chmod", /* 1028 */ ++ "chown", /* 1029 */ ++ "mkdir", /* 1030 */ ++ "rmdir", /* 1031 */ ++ "lchown", /* 1032 */ ++ "access", /* 1033 */ ++ "rename", /* 1034 */ ++ "readlink", /* 1035 */ ++ "symlink", /* 1036 */ ++ "utimes", /* 1037 */ ++ "stat", /* 1038 */ ++ "lstat", /* 1039 */ ++ "pipe", /* 1040 */ ++ "dup2", /* 1041 */ ++ "epoll_create", /* 1042 */ ++ "inotify_init", /* 1043 */ ++ "eventfd", /* 1044 */ ++ "signalfd", /* 1045 */ ++ "sendfile", /* 1046 */ ++ "ftruncate", /* 1047 */ ++ "truncate", /* 1048 */ ++ "stat", /* 1049 */ ++ "lstat", /* 1050 */ ++ "fstat", /* 1051 */ ++ "fcntl", /* 1052 */ ++ "fadvise64", /* 1053 */ ++ "newfstatat", /* 1054 */ ++ "fstatfs", /* 1055 */ ++ "statfs", /* 1056 */ ++ "lseek", /* 1057 */ ++ "mmap", /* 1058 */ ++ "alarm", /* 1059 */ ++ "getpgrp", /* 1060 */ ++ "pause", /* 1061 */ ++ "time", /* 1062 */ ++ "utime", /* 1063 */ ++ "creat", /* 1064 */ ++ "getdents", /* 1065 */ ++ "futimesat", /* 1066 */ ++ "select", /* 1067 */ ++ "poll", /* 1068 */ ++ "epoll_wait", /* 1069 */ ++ "ustat", /* 1070 */ ++ "vfork", /* 1071 */ ++ "oldwait4", /* 1072 */ ++ "recv", /* 1073 */ ++ "send", /* 1074 */ ++ "bdflush", /* 1075 */ ++ "umount", /* 1076 */ ++ "uselib", /* 1077 */ ++ "_sysctl", /* 1078 */ ++ "fork", /* 1079 */ +diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c +new file mode 100644 +index 0000000..5544b51 +--- /dev/null ++++ b/sysdeps/linux-gnu/aarch64/trace.c +@@ -0,0 +1,84 @@ ++/* ++ * This file is part of ltrace. ++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc. ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ++ * 02110-1301 USA ++ */ ++ ++#include <sys/ptrace.h> ++#include <sys/types.h> ++#include <sys/wait.h> ++#include <asm/ptrace.h> ++#include <string.h> ++#include <stdio.h> ++#include <errno.h> ++ ++#include "backend.h" ++#include "proc.h" ++ ++void ++get_arch_dep(struct Process *proc) ++{ ++} ++ ++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs); ++ ++/* The syscall instruction is: ++ * | 31 21 | 20 5 | 4 0 | ++ * | 1 1 0 1 0 1 0 0 | 0 0 0 | imm16 | 0 0 0 0 1 | */ ++#define SVC_MASK 0xffe0001f ++#define SVC_VALUE 0xd4000001 ++ ++int ++syscall_p(struct Process *proc, int status, int *sysnum) ++{ ++ if (WIFSTOPPED(status) ++ && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) { ++ ++ struct user_pt_regs regs; ++ if (aarch64_read_gregs(proc, ®s) < 0) { ++ fprintf(stderr, "syscall_p: " ++ "Couldn't read registers of %d.\n", proc->pid); ++ return -1; ++ } ++ ++ errno = 0; ++ unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT, ++ proc->pid, ++ regs.pc - 4, 0); ++ if (insn == -1UL && errno != 0) { ++ fprintf(stderr, "syscall_p: " ++ "Couldn't peek into %d: %s\n", proc->pid, ++ strerror(errno)); ++ return -1; ++ } ++ ++ insn &= 0xffffffffUL; ++ if ((insn & SVC_MASK) == SVC_VALUE) { ++ *sysnum = regs.regs[8]; ++ ++ size_t d1 = proc->callstack_depth - 1; ++ if (proc->callstack_depth > 0 ++ && proc->callstack[d1].is_syscall ++ && proc->callstack[d1].c_un.syscall == *sysnum) ++ return 2; ++ ++ return 1; ++ } ++ } ++ ++ return 0; ++} +-- +1.9.1 + diff --git a/user/ltrace/add_ppc64le.patch b/user/ltrace/add_ppc64le.patch new file mode 100644 index 000000000..32efa8b52 --- /dev/null +++ b/user/ltrace/add_ppc64le.patch @@ -0,0 +1,54 @@ +--- ltrace-0.7.3.orig/configure.ac ++++ ltrace-0.7.3/configure.ac +@@ -43,7 +43,7 @@ + arm*|sa110) HOST_CPU="arm" ;; + cris*) HOST_CPU="cris" ;; + mips*) HOST_CPU="mips" ;; +- powerpc|powerpc64) HOST_CPU="ppc" ;; ++ powerpc|powerpc64|powerpc64le) HOST_CPU="ppc" ;; + sun4u|sparc64) HOST_CPU="sparc" ;; + s390x) HOST_CPU="s390" ;; + i?86|x86_64) HOST_CPU="x86" ;; +@@ -159,7 +159,7 @@ + arm*|sa110) UNWIND_ARCH="arm" ;; + i?86) UNWIND_ARCH="x86" ;; + powerpc) UNWIND_ARCH="ppc32" ;; +- powerpc64) UNWIND_ARCH="ppc64" ;; ++ powerpc64|powerpc64le) UNWIND_ARCH="ppc64" ;; + mips*) UNWIND_ARCH="mips" ;; + *) UNWIND_ARCH="${host_cpu}" ;; + esac +--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/ptrace.h ++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/ptrace.h +@@ -18,4 +18,5 @@ + * 02110-1301 USA + */ + ++#include <asm/ptrace.h> + #include <sys/ptrace.h> +--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/regs.c ++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/regs.c +@@ -26,7 +26,9 @@ + #include <sys/ptrace.h> + #include <asm/ptrace.h> + #include <errno.h> ++#ifdef HAVE_ERROR_H + #include <error.h> ++#endif + + #include "proc.h" + #include "common.h" +@@ -47,8 +49,11 @@ + void + set_instruction_pointer(Process *proc, void *addr) + { +- if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0) +- error(0, errno, "set_instruction_pointer"); ++ if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0){ ++ strerror(0, errno, "set_instruction_pointer"); ++ report_global_error("%s: set_instruction_pointer", ++ strerror(errno)); ++ } + } + + void * diff --git a/user/ltrace/musl.patch b/user/ltrace/musl.patch new file mode 100644 index 000000000..2dc909c95 --- /dev/null +++ b/user/ltrace/musl.patch @@ -0,0 +1,153 @@ +--- ./configure.ac.orig ++++ ./configure.ac +@@ -34,6 +34,7 @@ + case "${host_os}" in + linux-gnu*) HOST_OS="linux-gnu" ;; + linux-uclibc*) HOST_OS="linux-gnu" ;; ++ linux-musl*) HOST_OS="linux-gnu" ;; + *) AC_MSG_ERROR([unkown host-os ${host_os}]) ;; + esac + AC_SUBST(HOST_OS) +@@ -234,6 +235,7 @@ + sys/param.h \ + sys/time.h \ + unistd.h \ ++ error.h \ + ]) + + # Checks for typedefs, structures, and compiler characteristics. +diff --git a/expr.c b/expr.c +index 32860fd..374c549 100644 +--- a/expr.c ++++ b/expr.c +@@ -19,9 +19,12 @@ + */ + + #include <string.h> ++#include <stdio.h> + #include <assert.h> + #include <errno.h> ++#ifdef HAVE_ERROR_H + #include <error.h> ++#endif + #include <stdlib.h> + + #include "expr.h" +@@ -330,8 +333,11 @@ expr_self(void) + static struct expr_node *node = NULL; + if (node == NULL) { + node = malloc(sizeof(*node)); +- if (node == NULL) +- error(1, errno, "malloc expr_self"); ++ if (node == NULL) { ++ fprintf(stderr, "%s: malloc expr_self\n", ++ strerror(errno)); ++ exit(1); ++ } + expr_init_self(node); + } + return node; +diff --git a/glob.c b/glob.c +index 075c867..06fec47 100644 +--- a/glob.c ++++ b/glob.c +@@ -180,7 +180,7 @@ glob_to_regex(const char *glob, char **retp) + goto fail; + } + *retp = buf; +- return REG_NOERROR; ++ return 0; + } + + int +@@ -188,7 +188,7 @@ globcomp(regex_t *preg, const char *glob, int cflags) + { + char *regex = NULL; + int status = glob_to_regex(glob, ®ex); +- if (status != REG_NOERROR) ++ if (status != 0) + return status; + assert(regex != NULL); + status = regcomp(preg, regex, cflags); +diff --git a/options.c b/options.c +index 1e19dc7..1dc5e1e 100644 +--- a/options.c ++++ b/options.c +@@ -204,7 +204,7 @@ compile_libname(const char *expr, const char *a_lib, int lib_re_p, + + regex_t lib_re; + int status = (lib_re_p ? regcomp : globcomp)(&lib_re, lib, 0); +- if (status != REG_NOERROR) { ++ if (status != 0) { + char buf[100]; + regerror(status, &lib_re, buf, sizeof buf); + fprintf(stderr, "Rule near '%s' will be ignored: %s.\n", +diff --git a/read_config_file.c b/read_config_file.c +index e247436..73528fe 100644 +--- a/read_config_file.c ++++ b/read_config_file.c +@@ -27,7 +27,9 @@ + #include <stdlib.h> + #include <ctype.h> + #include <errno.h> ++#ifdef HAVE_ERROR_H + #include <error.h> ++#endif + #include <assert.h> + + #include "common.h" +@@ -1258,8 +1260,12 @@ void + init_global_config(void) + { + struct arg_type_info *info = malloc(2 * sizeof(*info)); +- if (info == NULL) +- error(1, errno, "malloc in init_global_config"); ++ if (info == NULL) { ++ report_error(filename, line_no, ++ "%s: malloc in init_global_config", ++ strerror(errno)); ++ exit(1); ++ } + + memset(info, 0, 2 * sizeof(*info)); + info[0].type = ARGTYPE_POINTER; +diff --git a/zero.c b/zero.c +index bc119ee..e685f59 100644 +--- a/zero.c ++++ b/zero.c +@@ -18,8 +18,11 @@ + * 02110-1301 USA + */ + ++#ifdef HAVE_ERROR_H + #include <error.h> ++#endif + #include <errno.h> ++#include <string.h> + + #include "zero.h" + #include "common.h" +@@ -96,8 +99,11 @@ expr_node_zero(void) + static struct expr_node *node = NULL; + if (node == NULL) { + node = malloc(sizeof(*node)); +- if (node == NULL) +- error(1, errno, "malloc expr_node_zero"); ++ if (node == NULL) { ++ report_global_error("%s: malloc expr_node_zero", ++ strerror(errno)); ++ exit(1); ++ } + expr_init_cb1(node, &zero1_callback, + expr_self(), 0, (void *)-1); + } +--- ./proc.h.orig ++++ ./proc.h +@@ -26,6 +26,7 @@ + #include "config.h" + + #include <sys/time.h> ++#include <unistd.h> + + #if defined(HAVE_LIBUNWIND) + # include <libunwind.h> diff --git a/user/mlt/APKBUILD b/user/mlt/APKBUILD new file mode 100644 index 000000000..0dc7d8041 --- /dev/null +++ b/user/mlt/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: Carlo Landmeter <clandmeter@gmail.com> +# Maintainer: +pkgname=mlt +pkgver=6.8.0 +pkgrel=0 +pkgdesc="MLT Multimedia Framework" +url="https://www.mltframework.org/" +arch="all !s390x" # depends on fftw which does not work on s390x +options="!check" # No test suite. +license="LGPL-2.1" +makedepends="ffmpeg-dev libsamplerate-dev sox-dev gtk+2.0-dev sdl_image-dev + frei0r-plugins-dev libxml2-dev fftw-dev sdl2-dev sdl-dev libexif-dev + bsd-compat-headers qt5-qttools-dev qt5-qtsvg-dev" +subpackages="$pkgname-dev" +source="https://github.com/mltframework/mlt/releases/download/v$pkgver/mlt-$pkgver.tar.gz + mlt-6.8.0-locale-header.patch + " +builddir="$srcdir/mlt-$pkgver" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --avformat-swscale \ + --enable-motion-est \ + --enable-gpl \ + --enable-gpl3 \ + --disable-rtaudio + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="5f88d82b0b1656875d19c7cd322181cf974e1cad36692854835ae313723dfd412e6ba4fbb6cca9d70756ca83b512b0f78e95df517cfa007c76f94b26a9901ec8 mlt-6.8.0.tar.gz +c7c9fe70475ccf78c719c1ca6e1a7f2189e08abe04d556fe558dd787799bd7808d61326cfb2818eefe4a6868eed300b0c0d1480aa3df302b65b79a9a9aacc1b1 mlt-6.8.0-locale-header.patch" diff --git a/user/mlt/mlt-6.8.0-locale-header.patch b/user/mlt/mlt-6.8.0-locale-header.patch new file mode 100644 index 000000000..5b45b600a --- /dev/null +++ b/user/mlt/mlt-6.8.0-locale-header.patch @@ -0,0 +1,18 @@ +Extremely incorrect logic here; fix it so that locale_t is defined properly. + +--- mlt-6.8.0/src/framework/mlt_property.h.old 2018-05-10 20:16:56.000000000 -0500 ++++ mlt-6.8.0/src/framework/mlt_property.h 2018-06-07 05:22:57.345580154 -0500 +@@ -30,10 +30,10 @@ + #include <sys/param.h> + #endif + +-#if (defined(__GLIBC__) && !defined(__APPLE__)) || HAVE_LOCALE_H +-# include <locale.h> +-#elif defined(__APPLE__) || (__FreeBSD_version >= 900506) ++#if defined(__APPLE__) || (__FreeBSD_version >= 900506) + # include <xlocale.h> ++#elif defined(__linux__) || HAVE_LOCALE_H ++# include <locale.h> + #else + typedef char* locale_t; + #endif diff --git a/user/mutt/APKBUILD b/user/mutt/APKBUILD new file mode 100644 index 000000000..2b3424421 --- /dev/null +++ b/user/mutt/APKBUILD @@ -0,0 +1,61 @@ +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Contributor: Andrew Manison<amanison@anselsystems.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=mutt +pkgver=1.9.1 +pkgrel=0 +pkgdesc="a small but very powerful text-mode email client" +url="http://www.mutt.org" +arch="all" +license="GPL" +makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev + libidn-dev ncurses-dev openssl-dev perl" +options="suid !check" +subpackages="$pkgname-doc $pkgname-lang" +source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz" +builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$builddir" + ISPELL=/usr/bin/hunspell \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --enable-imap \ + --enable-pop \ + --enable-smtp \ + --enable-hcache \ + --enable-gpgme \ + --enable-sidebar \ + --enable-smime \ + --with-curses \ + --with-mailpath=/var/spool/mail \ + --with-docdir=/usr/share/doc/$pkgname \ + --without-included-gettext \ + --with-ssl \ + --with-sasl + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + rm "$pkgdir"/etc/*.dist \ + "$pkgdir"/etc/mime.types \ + "$pkgdir"/usr/bin/muttbug \ + "$pkgdir"/usr/bin/flea + + # Don't tamper with the global configuration file. + # Many options set in the global config cannot be + # overwritten in the users configuration file. + # Example: Resetting colors isn't possible. + install -Dm644 contrib/gpg.rc \ + "$pkgdir"/etc/Muttrc.gpg.dist +} + +sha512sums="1a6871eb8499c60ae18b03d56b81e64de1643c68f8fbe05bbe114085b20098be58175e5bd6d2515e8332a824cbed75640744a261d4f10654c56625f903224095 mutt-1.9.1.tar.gz" diff --git a/user/neon/APKBUILD b/user/neon/APKBUILD new file mode 100644 index 000000000..a0ddbd5d4 --- /dev/null +++ b/user/neon/APKBUILD @@ -0,0 +1,41 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=neon +pkgver=0.30.2 +pkgrel=2 +pkgdesc="HTTP and WebDAV client library with a C interface" +url="http://www.webdav.org/neon/" +arch="all" +license="GPL LGPL" +makedepends="expat-dev openssl-dev zlib-dev" +depends="ca-certificates" +depends_dev="$makedepends" +subpackages="$pkgname-dev $pkgname-doc" +source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver.tar.gz" + +build () { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --with-ssl \ + --with-expat \ + --without-gssapi \ + --disable-nls \ + --enable-shared \ + --disable-static \ + --enable-threadsafe-ssl=posix \ + --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} +sha512sums="634caf87522e0bd2695c6fba39cae2465e403f9fbd8007eb10e4e035c765d24cb8da932c67bfa35c34aa51b90c7bc7037ebebaa1ec43259366d5d07233efc631 neon-0.30.2.tar.gz" diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD new file mode 100644 index 000000000..84cbc1471 --- /dev/null +++ b/user/openldap/APKBUILD @@ -0,0 +1,212 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +# Contributor: Jakub Jirutka <jakub@jirutka.cz> +# +# secfixes: +# 2.4.46: +# - CVE-2017-14159 +# - CVE-2017-17740 +# 2.4.44-r5: +# - CVE-2017-9287 +# +pkgname=openldap +pkgver=2.4.46 +pkgrel=0 +pkgdesc="LDAP Server" +url="http://www.openldap.org/" +arch="all" +options="!check" # Test suite takes > 2 hours to complete on each builder. +license="custom" +depends="" +pkgusers="ldap" +pkggroups="ldap" +depends_dev="openssl-dev cyrus-sasl-dev util-linux-dev" +makedepends="$depends_dev db-dev groff unixodbc-dev libtool + autoconf automake libtool" +subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-openrc + $pkgname-clients $pkgname-passwd-pbkdf2:passwd_pbkdf2 + $pkgname-backend-all:_backend_all:noarch + $pkgname-overlay-all:_overlay_all:noarch" +install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade" +source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz + openldap-2.4-ppolicy.patch + openldap-2.4.11-libldap_r.patch + fix-manpages.patch + configs.patch + + slapd.initd + slapd.confd + " +builddir="$srcdir/$pkgname-$pkgver" + +# SLAPD backends +_backends="" +for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \ + relay shell sql sock +do + subpackages="$subpackages $pkgname-back-$_name:_backend" + _backends="$_backends $pkgname-back-$_name" +done + +# SLAPD overlays +_overlays="" +for _name in accesslog auditlog collect constraint dds deref dyngroup \ + dynlist memberof ppolicy proxycache refint retcode rwm seqmod \ + sssvlv syncprov translucent unique valsort +do + subpackages="$subpackages $pkgname-overlay-$_name:_overlay" + _overlays="$_overlays $pkgname-overlay-$_name" +done + +prepare() { + cd "$builddir" + update_config_sub + + sed -i '/^STRIP/s,-s,,g' build/top.mk + libtoolize --force && aclocal && autoconf +} + +build () { + cd "$builddir" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --libexecdir=/usr/lib \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var/lib/openldap \ + --enable-slapd \ + --enable-crypt \ + --enable-modules \ + --enable-dynamic \ + --enable-bdb=mod \ + --enable-dnssrv=mod \ + --enable-hdb=mod \ + --enable-ldap=mod \ + --enable-mdb=mod \ + --enable-meta=mod \ + --enable-monitor=mod \ + --enable-null=mod \ + --enable-passwd=mod \ + --enable-relay=mod \ + --enable-shell=mod \ + --enable-sock=mod \ + --enable-sql=mod \ + --enable-overlays=mod \ + --with-tls=openssl \ + --with-cyrus-sasl + make + + # Build passwd pbkdf2. + make prefix=/usr libexecdir=/usr/lib \ + -C contrib/slapd-modules/passwd/pbkdf2 +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + + make DESTDIR="$pkgdir" install + + # Install passwd pbkdf2. + make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \ + -C contrib/slapd-modules/passwd/pbkdf2 install + + cd "$pkgdir" + + rmdir var/lib/openldap/run + + # Fix tools symlinks to slapd. + local path; for path in $(find usr/sbin/ -type l); do + ln -sf slapd $path + done + + # Move executable from lib to sbin. + mv usr/lib/slapd usr/sbin/ + + # Move *.default configs to docs. + mkdir -p usr/share/doc/$pkgname + mv etc/openldap/*.default usr/share/doc/$pkgname/ + + chgrp ldap etc/openldap/slapd.* + chmod g+r etc/openldap/slapd.* + + install -d -m 700 -o ldap -g ldap \ + var/lib/openldap \ + var/lib/openldap/openldap-data + + install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd + install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd +} + +libldap() { + pkgdesc="OpenLDAP libraries" + depends="" + install="" + + _submv "usr/lib/*.so*" etc/openldap/ldap.conf +} + +clients() { + pkgdesc="LDAP client utilities" + + _submv usr/bin +} + +passwd_pbkdf2() { + pkgdesc="PBKDF2 OpenLDAP support" + depends="$pkgname" + + _submv "usr/lib/openldap/pw-pbkdf2.*" +} + +_backend_all() { + pkgdesc="Virtual package that installs all OpenLDAP backends" + depends="$_backends" + + mkdir -p "$subpkgdir" +} + +_overlay_all() { + pkgdesc="Virtual package that installs all OpenLDAP overlays" + depends="$_overlays" + + mkdir -p "$subpkgdir" +} + +_backend() { + backend_name="${subpkgname#openldap-back-}" + pkgdesc="OpenLDAP $backend_name backend" + + _submv "usr/lib/openldap/back_$backend_name*" +} + +_overlay() { + overlay_name="${subpkgname#openldap-overlay-}" + pkgdesc="OpenLDAP $backend_name overlay" + + case "$overlay_name" in + proxycache) overlay_name=pcache;; + esac + _submv "usr/lib/openldap/$overlay_name*" +} + +_submv() { + local path; for path in "$@"; do + mkdir -p "$subpkgdir"/${path%/*} + mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/ + done +} + +sha512sums="eef39d43f04aa09c657a1422cefef060fe00368559ae40d0d97536c08ebeaaa1ab06207b3f121ba6afcde54abdc550027c3505e5217e5fd47ae6f8c001260186 openldap-2.4.46.tgz +5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch +44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch +8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch +0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch +0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd +64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd" diff --git a/user/openldap/CVE-2017-9287.patch b/user/openldap/CVE-2017-9287.patch new file mode 100644 index 000000000..1599c1331 --- /dev/null +++ b/user/openldap/CVE-2017-9287.patch @@ -0,0 +1,28 @@ +From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 +From: Ryan Tandy <ryan@nardis.ca> +Date: Wed, 17 May 2017 20:07:39 -0700 +Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 + +Fixes a double free when a search includes the Paged Results control +with a page size of 0 and the search base matches the filter. +--- + servers/slapd/back-mdb/search.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c +index 301d1a4..43442aa 100644 +--- a/servers/slapd/back-mdb/search.c ++++ b/servers/slapd/back-mdb/search.c +@@ -1066,7 +1066,8 @@ notfound: + /* check size limit */ + if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { + if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { +- mdb_entry_return( op, e ); ++ if (e != base) ++ mdb_entry_return( op, e ); + e = NULL; + send_paged_response( op, rs, &lastid, tentries ); + goto done; +-- +1.7.10.4 + diff --git a/user/openldap/configs.patch b/user/openldap/configs.patch new file mode 100644 index 000000000..e7ec65c4b --- /dev/null +++ b/user/openldap/configs.patch @@ -0,0 +1,117 @@ +--- a/servers/slapd/slapd.conf ++++ b/servers/slapd/slapd.conf +@@ -2,7 +2,7 @@ + # See slapd.conf(5) for details on configuration options. + # This file should NOT be world readable. + # +-include %SYSCONFDIR%/schema/core.schema ++include /etc/openldap/schema/core.schema + + # Define global ACLs to disable default read access. + +@@ -10,13 +10,16 @@ + # service AND an understanding of referrals. + #referral ldap://root.openldap.org + +-pidfile %LOCALSTATEDIR%/run/slapd.pid +-argsfile %LOCALSTATEDIR%/run/slapd.args ++# If you change this, adjust pidfile path also in runscript! ++pidfile /run/openldap/slapd.pid ++argsfile /run/openldap/slapd.args + + # Load dynamic backend modules: +-# modulepath %MODULEDIR% +-# moduleload back_mdb.la +-# moduleload back_ldap.la ++modulepath /usr/lib/openldap ++moduleload back_mdb.so ++# moduleload back_hdb.so ++# moduleload back_bbd.so ++# moduleload back_ldap.so + + # Sample security restrictions + # Require integrity protection (prevent hijacking) +@@ -53,13 +56,16 @@ + maxsize 1073741824 + suffix "dc=my-domain,dc=com" + rootdn "cn=Manager,dc=my-domain,dc=com" ++ + # Cleartext passwords, especially for the rootdn, should + # be avoid. See slappasswd(8) and slapd.conf(5) for details. + # Use of strong authentication encouraged. + rootpw secret ++ + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-directory %LOCALSTATEDIR%/openldap-data ++directory /var/lib/openldap/openldap-data ++ + # Indices to maintain + index objectClass eq +--- a/servers/slapd/slapd.ldif ++++ b/servers/slapd/slapd.ldif +@@ -9,8 +9,9 @@ + # + # Define global ACLs to disable default read access. + # +-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args +-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid ++# If you change this, set pidfile variable in /etc/conf.d/slapd! ++olcPidFile: /run/openldap/slapd.pid ++olcArgsFile: /run/openldap/slapd.args + # + # Do not enable referrals until AFTER you have a working directory + # service AND an understanding of referrals. +@@ -26,22 +27,23 @@ + # + # Load dynamic backend modules: + # +-#dn: cn=module,cn=config +-#objectClass: olcModuleList +-#cn: module +-#olcModulepath: %MODULEDIR% +-#olcModuleload: back_bdb.la +-#olcModuleload: back_hdb.la +-#olcModuleload: back_ldap.la +-#olcModuleload: back_passwd.la +-#olcModuleload: back_shell.la ++dn: cn=module,cn=config ++objectClass: olcModuleList ++cn: module ++olcModulepath: /usr/lib/openldap ++#olcModuleload: back_bdb.so ++#olcModuleload: back_hdb.so ++#olcModuleload: back_ldap.so ++olcModuleload: back_mdb.so ++#olcModuleload: back_passwd.so ++#olcModuleload: back_shell.so + + + dn: cn=schema,cn=config + objectClass: olcSchemaConfig + cn: schema + +-include: file://%SYSCONFDIR%/schema/core.ldif ++include: file:///etc/openldap/schema/core.ldif + + # Frontend settings + # +@@ -83,13 +85,16 @@ + olcDatabase: mdb + olcSuffix: dc=my-domain,dc=com + olcRootDN: cn=Manager,dc=my-domain,dc=com ++ + # Cleartext passwords, especially for the rootdn, should + # be avoided. See slappasswd(8) and slapd-config(5) for details. + # Use of strong authentication encouraged. + olcRootPW: secret ++ + # The database directory MUST exist prior to running slapd AND + # should only be accessible by the slapd and slap tools. + # Mode 700 recommended. +-olcDbDirectory: %LOCALSTATEDIR%/openldap-data ++olcDbDirectory: /var/lib/openldap/openldap-data ++ + # Indices to maintain + olcDbIndex: objectClass eq diff --git a/user/openldap/fix-manpages.patch b/user/openldap/fix-manpages.patch new file mode 100644 index 000000000..179569494 --- /dev/null +++ b/user/openldap/fix-manpages.patch @@ -0,0 +1,75 @@ +Various manual pages changes: +* removes LIBEXECDIR from slapd.8 +* removes references to non-existing manpages (bz 624616) + +Patch-Source: https://src.fedoraproject.org/rpms/openldap/blob/f27/f/openldap-manpages.patch + +diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1 +index 3def6da..466c772 100644 +--- a/doc/man/man1/ldapmodify.1 ++++ b/doc/man/man1/ldapmodify.1 +@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error. + .BR ldap_add_ext (3), + .BR ldap_delete_ext (3), + .BR ldap_modify_ext (3), +-.BR ldap_modrdn_ext (3), +-.BR ldif (5). ++.BR ldif (5) + .SH AUTHOR + The OpenLDAP Project <http://www.openldap.org/> + .SH ACKNOWLEDGEMENTS +diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 +index cfde143..63592cb 100644 +--- a/doc/man/man5/ldap.conf.5 ++++ b/doc/man/man5/ldap.conf.5 +@@ -317,6 +317,7 @@ certificates in separate individual files. The + .B TLS_CACERT + is always used before + .B TLS_CACERTDIR. ++The specified directory must be managed with the LibreSSL c_rehash utility. + This parameter is ignored with GnuTLS. + + When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key +diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8 +index b739f4d..e2a1a00 100644 +--- a/doc/man/man8/slapd.8 ++++ b/doc/man/man8/slapd.8 +@@ -5,7 +5,7 @@ + .SH NAME + slapd \- Stand-alone LDAP Daemon + .SH SYNOPSIS +-.B LIBEXECDIR/slapd ++.B slapd + [\c + .BR \-4 | \-6 ] + [\c +@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type: + .LP + .nf + .ft tt +- LIBEXECDIR/slapd ++ slapd + .ft + .fi + .LP +@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type: + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255 ++ slapd -f /var/tmp/slapd.conf -d 255 + .ft + .fi + .LP +@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type: + .LP + .nf + .ft tt +- LIBEXECDIR/slapd \-Tt ++ slapd -Tt + .ft + .fi + .LP +-- +1.8.1.4 + diff --git a/user/openldap/libressl.patch b/user/openldap/libressl.patch new file mode 100644 index 000000000..ac0106418 --- /dev/null +++ b/user/openldap/libressl.patch @@ -0,0 +1,65 @@ +--- a/libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC ++++ b/libraries/libldap/tls_o.c +@@ -47,7 +47,7 @@ + #include <ssl.h> + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) + #endif + +@@ -157,7 +157,7 @@ tlso_init( void ) + (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_digests(); +@@ -205,7 +205,7 @@ static void + tlso_ctx_ref( tls_ctx *ctx ) + { + tlso_ctx *c = (tlso_ctx *)ctx; +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) + #endif + SSL_CTX_up_ref( c ); +@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * + if (!x) return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval + return LDAP_INVALID_CREDENTIALS; + + xn = X509_get_subject_name(x); +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + der_dn->bv_len = i2d_X509_NAME( xn, NULL ); + der_dn->bv_val = xn->bytes->data; + #else +@@ -721,7 +721,7 @@ struct tls_data { + Sockbuf_IO_Desc *sbiod; + }; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) + #define BIO_set_init(b, x) b->init = x + #define BIO_set_data(b, x) b->ptr = x + #define BIO_clear_flags(b, x) b->flags &= ~(x) +@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) + return tlso_bio_write( b, str, strlen( str ) ); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) + struct bio_method_st { + int type; + const char *name; diff --git a/user/openldap/openldap-2.4-ppolicy.patch b/user/openldap/openldap-2.4-ppolicy.patch new file mode 100644 index 000000000..c05790e3e --- /dev/null +++ b/user/openldap/openldap-2.4-ppolicy.patch @@ -0,0 +1,13 @@ +diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c +--- ./clients.orig/tools/common.c 2007-09-01 01:13:50.000000000 +0200 ++++ ./clients/tools/common.c 2008-01-13 21:50:06.000000000 +0100 +@@ -1262,8 +1262,8 @@ + int nsctrls = 0; + + #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST ++ LDAPControl c; + if ( ppolicy ) { +- LDAPControl c; + c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST; + c.ldctl_value.bv_val = NULL; + c.ldctl_value.bv_len = 0; diff --git a/user/openldap/openldap-2.4.11-libldap_r.patch b/user/openldap/openldap-2.4.11-libldap_r.patch new file mode 100644 index 000000000..448249a3b --- /dev/null +++ b/user/openldap/openldap-2.4.11-libldap_r.patch @@ -0,0 +1,11 @@ +diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in +--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800 ++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700 +@@ -37,6 +37,7 @@ + XLIBS = $(LIBRARY) + XXLIBS = + NT_LINK_LIBS = $(AC_LIBS) ++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS) + + XINCPATH = -I$(srcdir)/.. -I$(srcdir) + XDEFS = $(MODULES_CPPFLAGS) diff --git a/user/openldap/openldap-mqtt-overlay.patch b/user/openldap/openldap-mqtt-overlay.patch new file mode 100644 index 000000000..795480f1e --- /dev/null +++ b/user/openldap/openldap-mqtt-overlay.patch @@ -0,0 +1,447 @@ +diff --git a/contrib/slapd-modules/mqtt/Makefile b/contrib/slapd-modules/mqtt/Makefile +new file mode 100644 +index 0000000..2cb4db7 +--- /dev/null ++++ b/contrib/slapd-modules/mqtt/Makefile +@@ -0,0 +1,45 @@ ++# $OpenLDAP$ ++ ++LDAP_SRC = ../../.. ++LDAP_BUILD = ../../.. ++LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd ++LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ ++ $(LDAP_BUILD)/libraries/liblber/liblber.la ++ ++LIBTOOL = $(LDAP_BUILD)/libtool ++CC = gcc ++OPT = -g -O2 -Wall ++DEFS = ++INCS = $(LDAP_INC) ++LIBS = $(LDAP_LIB) -lmosquitto ++ ++PROGRAMS = mqtt.la ++LTVER = 0:0:0 ++ ++prefix=/usr/local ++exec_prefix=$(prefix) ++ldap_subdir=/openldap ++ ++libdir=$(exec_prefix)/lib ++libexecdir=$(exec_prefix)/libexec ++moduledir = $(libdir)$(ldap_subdir) ++ ++.SUFFIXES: .c .o .lo ++ ++.c.lo: ++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< ++ ++all: $(PROGRAMS) ++ ++mqtt.la: mqtt.lo ++ $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ ++ -rpath $(moduledir) -module -o $@ $? $(LIBS) ++ ++clean: ++ rm -rf *.o *.lo *.la .libs ++ ++install: $(PROGRAMS) ++ mkdir -p $(DESTDIR)$(moduledir) ++ for p in $(PROGRAMS) ; do \ ++ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ ++ done +diff --git a/contrib/slapd-modules/mqtt/mqtt.c b/contrib/slapd-modules/mqtt/mqtt.c +new file mode 100644 +index 0000000..b3a0a31 +--- /dev/null ++++ b/contrib/slapd-modules/mqtt/mqtt.c +@@ -0,0 +1,389 @@ ++/* $OpenLDAP$ */ ++/* This work is part of OpenLDAP Software <http://www.openldap.org/>. ++ * ++ * Copyright 2014 Timo Teräs <timo.teras@iki.fi>. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted only as authorized by the OpenLDAP ++ * Public License. ++ * ++ * A copy of this license is available in file LICENSE in the ++ * top-level directory of the distribution or, alternatively, at ++ * http://www.OpenLDAP.org/license.html. ++ */ ++/* mqtt-overlay ++ * ++ * This is an OpenLDAP overlay that... */ ++ ++#include <mosquitto.h> ++#include <unistd.h> ++ ++#include "portable.h" ++#include "slap.h" ++#include "config.h" ++ ++typedef struct mqtt_notify_t { ++ struct mqtt_notify_t *next; ++ char *topic; ++ char *dn_group_str; ++ char *oc_group_str; ++ char *str_member; ++ ++ struct berval ndn_group; ++ ObjectClass *oc_group; ++ AttributeDescription *ad_member; ++ int notify_pending; ++} mqtt_notify_t; ++ ++typedef struct mqtt_t { ++ struct mosquitto *mq; ++ int port; ++ char *hostname, *username, *password; ++ mqtt_notify_t *notify_map; ++} mqtt_t; ++ ++static ConfigDriver mqtt_config_notify; ++ ++static ConfigTable mqttcfg[] = { ++ { "mqtt-hostname", "hostname", 2, 2, 0, ++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, hostname), ++ "( OLcfgCtAt:5.1 NAME 'olcMqttHostname' " ++ "DESC 'Hostname of MQTT broker' " ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", ++ NULL, NULL }, ++ { "mqtt-port", "port", 2, 2, 0, ++ ARG_INT|ARG_OFFSET, (void *)offsetof(mqtt_t, port), ++ "( OLcfgCtAt:5.2 NAME 'olcMqttPort' " ++ "DESC 'Port of MQTT broker' " ++ "SYNTAX OMsInteger SINGLE-VALUE )", ++ NULL, NULL }, ++ { "mqtt-username", "username", 2, 2, 0, ++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, username), ++ "( OLcfgCtAt:5.3 NAME 'olcMqttUsername' " ++ "DESC 'Username for MQTT broker' " ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", ++ NULL, NULL }, ++ { "mqtt-password", "password", 2, 2, 0, ++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, password), ++ "( OLcfgCtAt:5.4 NAME 'olcMqttPassword' " ++ "DESC 'Password for MQTT broker' " ++ "SYNTAX OMsDirectoryString SINGLE-VALUE )", ++ NULL, NULL }, ++ { "mqtt-notify-password", "topic> <group-dn> <group-oc> <member-ad", 2, 5, 0, ++ ARG_MAGIC, mqtt_config_notify, ++ "( OLcfgCtAt:5.5 NAME 'olcMqttNotifyPassword' " ++ "DESC 'Notify password change on <topic>, optionally checking that the object is in the specified group.'" ++ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", ++ NULL, NULL }, ++ { NULL, NULL, 0, 0, 0, ARG_IGNORED } ++}; ++ ++static ConfigOCs mqttocs[] = { ++ { "( OLcfgCtOc:5.1 " ++ "NAME 'olcMqttConfig' " ++ "DESC 'MQTT configuration' " ++ "SUP olcOverlayConfig " ++ "MAY ( " ++ "olcMqttHostname " ++ "$ olcMqttPort" ++ "$ olcMqttUsername" ++ "$ olcMqttPassword" ++ "$ olcMqttNotifyPassword" ++ " ) )", ++ Cft_Overlay, mqttcfg }, ++ ++ { NULL, 0, NULL } ++}; ++ ++static int mqtt_init(BackendInfo *bi) ++{ ++ return mosquitto_lib_init(); ++} ++ ++static int mqtt_destroy(BackendInfo *bi) ++{ ++ return mosquitto_lib_cleanup(); ++} ++ ++static const char *ca_arg(ConfigArgs *c, int n) ++{ ++ return (c->argc <= n) ? NULL : c->argv[n]; ++} ++ ++static void free_notify(mqtt_notify_t *n) ++{ ++ ch_free(n->topic); ++ ch_free(n->oc_group_str); ++ ch_free(n->str_member); ++ ch_free(n->dn_group_str); ++ if (!BER_BVISNULL(&n->ndn_group)) ++ ber_memfree(n->ndn_group.bv_val); ++ ch_free(n); ++} ++ ++static void free_all_notifies(mqtt_t *mqtt) ++{ ++ mqtt_notify_t *n, *next; ++ ++ for (n = mqtt->notify_map; n; n = next) { ++ next = n->next; ++ free_notify(n); ++ } ++ mqtt->notify_map = NULL; ++} ++ ++static int mqtt_config_notify(ConfigArgs *c) ++{ ++ slap_overinst *on = (slap_overinst *)c->bi; ++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; ++ mqtt_notify_t *n, **pprev; ++ const char *text = NULL; ++ struct berval bv = BER_BVNULL, ndn = BER_BVNULL; ++ int rc, i; ++ ++ switch (c->op) { ++ case SLAP_CONFIG_EMIT: ++ for (i = 0, n = mqtt->notify_map; n; n = n->next, i++) { ++ char *ptr = c->cr_msg, *end = &c->cr_msg[sizeof(c->cr_msg)-1]; ++ ++ ptr += snprintf(ptr, end-ptr, SLAP_X_ORDERED_FMT "%s", i, n->topic); ++ if (n->dn_group_str) ++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->dn_group_str); ++ if (n->oc_group_str) ++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->oc_group_str); ++ if (n->str_member) ++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->str_member); ++ ++ bv.bv_val = c->cr_msg; ++ bv.bv_len = ptr - bv.bv_val; ++ value_add_one(&c->rvalue_vals, &bv); ++ } ++ return 0; ++ case LDAP_MOD_DELETE: ++ if (c->valx < 0) { ++ free_all_notifies(mqtt); ++ } else { ++ pprev = &mqtt->notify_map; ++ n = mqtt->notify_map; ++ for (i = 0; i < c->valx; i++) { ++ pprev = &n->next; ++ n = n->next; ++ } ++ *pprev = n->next; ++ free_notify(n); ++ } ++ return 0; ++ } ++ ++ const char *groupdn = ca_arg(c, 2); ++ const char *oc_name = ca_arg(c, 3); ++ const char *ad_name = ca_arg(c, 4); ++ ObjectClass *oc = NULL; ++ AttributeDescription *ad = NULL; ++ ++ if (groupdn) { ++ oc = oc_find(oc_name ?: SLAPD_GROUP_CLASS); ++ if (oc == NULL) { ++ Debug(LDAP_DEBUG_ANY, "mqtt_db_open: unable to find objectClass=\"%s\"\n", ++ oc_name, 0, 0); ++ return 1; ++ } ++ ++ rc = slap_str2ad(ad_name ?: SLAPD_GROUP_ATTR, &ad, &text); ++ if (rc != LDAP_SUCCESS) { ++ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: unable to find attribute=\"%s\": %s (%d)\n", ++ ad_name, text, rc); ++ return rc; ++ } ++ ++ ber_str2bv(groupdn, 0, 0, &bv); ++ rc = dnNormalize(0, NULL, NULL, &bv, &ndn, NULL); ++ if (rc != LDAP_SUCCESS) { ++ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: DN normalization failed for \"%s\": %d\n", ++ groupdn, rc, 0); ++ return rc; ++ } ++ } ++ ++ n = ch_calloc(1, sizeof(*n)); ++ n->topic = ch_strdup(c->argv[1]); ++ n->dn_group_str = groupdn ? ch_strdup(groupdn) : NULL; ++ n->oc_group_str = oc_name ? ch_strdup(oc_name) : NULL; ++ n->str_member = ad_name ? ch_strdup(ad_name) : NULL; ++ n->ndn_group = ndn; ++ n->oc_group = oc; ++ n->ad_member = ad; ++ ++ for (pprev = &mqtt->notify_map; *pprev; pprev = &(*pprev)->next); ++ *pprev = n; ++ ++ return 0; ++} ++ ++static void mqtt_send_notify(mqtt_t *mqtt, mqtt_notify_t *n) ++{ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_send_notify: pub on topic '%s'\n", n->topic, 0, 0); ++ n->notify_pending = mosquitto_publish(mqtt->mq, NULL, n->topic, 0, NULL, 1, true) == MOSQ_ERR_NO_CONN; ++} ++ ++static void mqtt_on_connect(struct mosquitto *mq, void *obj, int rc) ++{ ++ slap_overinst *on = (slap_overinst *) obj; ++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; ++ mqtt_notify_t *n; ++ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_on_connect: connected with status %d\n", rc, 0, 0); ++ if (rc != 0) ++ return; ++ ++ for (n = mqtt->notify_map; n; n = n->next) ++ if (n->notify_pending) ++ mqtt_send_notify(mqtt, n); ++} ++ ++static int mqtt_db_init(BackendDB *be, ConfigReply *cr) ++{ ++ slap_overinst *on = (slap_overinst *) be->bd_info; ++ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_init: initialize overlay\n", 0, 0, 0); ++ on->on_bi.bi_private = ch_calloc(1, sizeof(mqtt_t)); ++ ++ return 0; ++} ++ ++static int mqtt_db_destroy(BackendDB *be, ConfigReply *cr) ++{ ++ slap_overinst *on = (slap_overinst *) be->bd_info; ++ mqtt_t *mqtt = on->on_bi.bi_private; ++ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_destroy: destroy overlay\n", 0, 0, 0); ++ free_all_notifies(mqtt); ++ ch_free(mqtt); ++ ++ return 0; ++} ++ ++static int mqtt_db_open(BackendDB *be, ConfigReply *cr) ++{ ++ slap_overinst *on = (slap_overinst *) be->bd_info; ++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; ++ struct mosquitto *mq; ++ char id[256]; ++ int n; ++ ++ n = snprintf(id, sizeof(id), "openldap-mqtt/%d/", getpid()); ++ gethostname(&id[n], sizeof(id) - n); ++ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_open, id='%s'\n", id, 0, 0); ++ mqtt->mq = mq = mosquitto_new(id, true, on); ++ if (!mq) return 1; ++ ++ if (mqtt->username && mqtt->password) ++ mosquitto_username_pw_set(mq, mqtt->username, mqtt->password); ++ ++ mosquitto_connect_callback_set(mq, mqtt_on_connect); ++ mosquitto_connect_async(mq, mqtt->hostname ?: "127.0.0.1", mqtt->port ?: 1883, 60); ++ mosquitto_loop_start(mq); ++ ++ return 0; ++} ++ ++static int mqtt_db_close(BackendDB *be, ConfigReply *cr) ++{ ++ slap_overinst *on = (slap_overinst *) be->bd_info; ++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; ++ ++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_close\n", 0, 0, 0); ++ mosquitto_disconnect(mqtt->mq); ++ mosquitto_loop_stop(mqtt->mq, false); ++ mosquitto_destroy(mqtt->mq); ++ ++ free(mqtt->hostname); mqtt->hostname = NULL; ++ free(mqtt->username); mqtt->username = NULL; ++ free(mqtt->password); mqtt->password = NULL; ++ ++ return 0; ++} ++ ++static int mqtt_response(Operation *op, SlapReply *rs) ++{ ++ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; ++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; ++ Attribute *a; ++ Modifications *m; ++ bool change = false; ++ ++ switch (op->o_tag) { ++ case LDAP_REQ_ADD: ++ for (a = op->ora_e->e_attrs; a; a = a->a_next) { ++ if (a->a_desc == slap_schema.si_ad_userPassword) { ++ change = true; ++ break; ++ } ++ } ++ break; ++ case LDAP_REQ_MODIFY: ++ for (m = op->orm_modlist; m; m = m->sml_next) { ++ if (m->sml_desc == slap_schema.si_ad_userPassword) { ++ change = true; ++ break; ++ } ++ } ++ break; ++ case LDAP_REQ_EXTENDED: ++ if (ber_bvcmp(&slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid) == 0) ++ change = true; ++ break; ++ } ++ ++ if (change) { ++ mqtt_notify_t *n; ++ int r, cache; ++ ++ for (n = mqtt->notify_map; n; n = n->next) { ++ if (n->oc_group) { ++ cache = op->o_do_not_cache; ++ op->o_do_not_cache = 1; ++ r = backend_group(op, NULL, &n->ndn_group, &op->o_req_ndn, n->oc_group, n->ad_member); ++ op->o_do_not_cache = cache; ++ } else { ++ r = 0; ++ } ++ ++ Debug(LDAP_DEBUG_TRACE, "tested o_req_ndn='%s' in ndn_group='%s' r=%d\n", ++ op->o_req_ndn.bv_val, n->ndn_group.bv_val, r); ++ ++ if (r == 0) ++ mqtt_send_notify(mqtt, n); ++ } ++ } ++ ++ return SLAP_CB_CONTINUE; ++} ++ ++static int mqtt_init_overlay() ++{ ++ static slap_overinst ov; ++ int rc; ++ ++ ov.on_bi.bi_type = "mqtt"; ++ ov.on_bi.bi_init = mqtt_init; ++ ov.on_bi.bi_destroy = mqtt_destroy; ++ ov.on_bi.bi_db_init = mqtt_db_init; ++ ov.on_bi.bi_db_destroy = mqtt_db_destroy; ++ ov.on_bi.bi_db_open = mqtt_db_open; ++ ov.on_bi.bi_db_close = mqtt_db_close; ++ ov.on_bi.bi_cf_ocs = mqttocs; ++ ov.on_response = mqtt_response; ++ ++ rc = config_register_schema(mqttcfg, mqttocs); ++ if (rc) return rc; ++ ++ return overlay_register(&ov); ++} ++ ++int init_module(int argc, char *argv[]) ++{ ++ return mqtt_init_overlay(); ++} + diff --git a/user/openldap/openldap.post-install b/user/openldap/openldap.post-install new file mode 100644 index 000000000..e90d25760 --- /dev/null +++ b/user/openldap/openldap.post-install @@ -0,0 +1,11 @@ +#!/bin/sh + +cat >&2 <<-EOF +* +* To use LDAP server, you have to install some backend. Most users would need MDB +* backend which you can install with: apk add openldap-back-mdb. +* +* If you use overlays, you have to install them separately too: +* apk add openldap-overlay-<name>, or openldap-overlay-all to install them all. +* +EOF diff --git a/user/openldap/openldap.post-upgrade b/user/openldap/openldap.post-upgrade new file mode 100644 index 000000000..7be8906a9 --- /dev/null +++ b/user/openldap/openldap.post-upgrade @@ -0,0 +1,31 @@ +#!/bin/sh + +new_ver="$1" +old_ver="$2" + +if [ "$(apk version -t "$old_ver" "2.4.45-r2")" = "<" ]; then + cat >&2 <<-EOF + * + * All SLAPD backends and overlays have been moved to subpackages. + * You can install specific backend or overlay with apk: + * + * apk add openldap-back-<name> + * apk add openldap-overlay-<name> + * + * Or you can install all of them using metapackages openldap-back-all + * and openldap-overlay-all. + EOF + if [ -e /var/lib/openldap/openldap-data/data.mdb ]; then + cat >&2 <<-EOF + * + * Found existing MDB database. You have to install MDB backend: + * apk add openldap-back-mdb + * + * and add "moduleload back_mdb.so" to /etc/openldap/slapd.conf, + * or "olcModuleload back_mdb.so" to slapd.ldif. + * + EOF + else + echo "*" >&2 + fi +fi diff --git a/user/openldap/openldap.pre-install b/user/openldap/openldap.pre-install new file mode 100644 index 000000000..eb6b10fa4 --- /dev/null +++ b/user/openldap/openldap.pre-install @@ -0,0 +1,7 @@ +#!/bin/sh + +addgroup -S ldap 2>/dev/null +adduser -S -D -H -h /usr/lib/openldap -s /sbin/nologin -G ldap \ + -g "OpenLdap User" ldap 2>/dev/null + +exit 0 diff --git a/user/openldap/slapd.confd b/user/openldap/slapd.confd new file mode 100644 index 000000000..f69f92b4a --- /dev/null +++ b/user/openldap/slapd.confd @@ -0,0 +1,12 @@ +# Configuration for /etc/init.d/slapd + +# Location of the configuration file. +cfgfile="/etc/openldap/slapd.conf" + +# Location of the configuration directory (OpenLDAP 2.3+). +#cfgdir="" + +# To enable both the standard unciphered server and the ssl encrypted +# one uncomment this line or set any other server starting options +# you may desire. +#command_args="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'" diff --git a/user/openldap/slapd.initd b/user/openldap/slapd.initd new file mode 100644 index 000000000..350cc0d50 --- /dev/null +++ b/user/openldap/slapd.initd @@ -0,0 +1,34 @@ +#!/sbin/openrc-run + +: ${pidfile:="/run/openldap/slapd.pid"} + +name="LDAP server" +extra_commands="checkconfig" +description_checkconfig="Check slapd.conf for errors" + +command="/usr/sbin/slapd" +# OPTS is for backward compatibility +cfg_opt="${cfgdir:+"-F $cfgdir"} ${cfgfile:+"-f $cfgfile"}" +command_args="-u ldap -g ldap $cfg_opt ${command_args:-${OPTS:-}}" + +stopsig=2 +start_stop_daemon_args=" + ${KRB5_KTNAME:+"--env KRB5_KTNAME=$KRB5_KTNAME"}" + +depend() { + need net + after firewall + before dbus hald avahi-daemon + provide ldap +} + +start_pre() { + checkpath --directory --owner ldap:ldap "${pidfile%/*}" + /usr/sbin/slaptest -u -Q $cfg_opt || /usr/sbin/slaptest -u $cfg_opt +} + +checkconfig() { + ebegin "Checking $name configuration..." + /usr/sbin/slaptest -u $cfg_opt + eend $? +} diff --git a/user/orbit2/APKBUILD b/user/orbit2/APKBUILD new file mode 100644 index 000000000..5caf3dcbc --- /dev/null +++ b/user/orbit2/APKBUILD @@ -0,0 +1,45 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=orbit2 +pkgver=2.14.19 +pkgrel=4 +pkgdesc="CORBA implementation for GNOME" +url="http://projects.gnome.org/ORBit2" +arch="all" +license="LGPL" +depends= +makedepends="glib-dev libidl-dev" +install="" +subpackages="$pkgname-dev $pkgname-doc" +source="ftp://ftp.gnome.org/pub/GNOME/sources/ORBit2/${pkgver%.*}/ORBit2-${pkgver}.tar.bz2 + glib-2.36.patch" + +builddir="${srcdir}/ORBit2-${pkgver}" +prepare() { + cd "$builddir" + update_config_sub + default_prepare +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="313e125234e8d1195be277ad125af169f12ce312cb541a4641c5d57d3c905bbdc6a46672a86a012409cf4d7af58b5122f0e5db250730b65e8d95b2d5f4c4657e ORBit2-2.14.19.tar.bz2 +b90d8e200d16b735bece54454d1e2b1a7c1b75aaac83986263b5a9ac38c4235eed747408a07a266c0aaaeb9c7a75e7fda1ef1b2ed54300003da38ff2251fdcfa glib-2.36.patch" diff --git a/user/orbit2/glib-2.36.patch b/user/orbit2/glib-2.36.patch new file mode 100644 index 000000000..c94f920f7 --- /dev/null +++ b/user/orbit2/glib-2.36.patch @@ -0,0 +1,15 @@ +$NetBSD: patch-linc2_src_Makefile.in,v 1.1 2013/04/19 14:28:54 prlw1 Exp $ + +Avoid compilation error caused by use of deprecated g_thread API + +--- ./linc2/src/Makefile.in.orig 2010-09-28 09:39:39.000000000 +0000 ++++ ./linc2/src/Makefile.in +@@ -244,7 +244,7 @@ noinst_LTLIBRARIES = liblinc.la + # -I$(top_srcdir)/include + INCLUDES = -I$(top_builddir)/linc2/include \ + -I$(top_srcdir)/linc2/include $(LINC_CFLAGS) $(WARN_CFLAGS) \ +- -DG_DISABLE_DEPRECATED $(am__append_1) ++ $(am__append_1) + liblinc_la_SOURCES = \ + linc.c \ + linc-connection.c \ diff --git a/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch new file mode 100644 index 000000000..1498e831a --- /dev/null +++ b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch @@ -0,0 +1,108 @@ +From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Sun, 20 May 2012 15:42:56 +0200 +Subject: [PATCH] Bug 50145 - make netgroup support optional + +https://bugs.freedesktop.org/show_bug.cgi?id=50145 + +netgroups are not defined in POSIX and are not be available on +all systems. + +We check for getnetgrent in configure script. + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + configure.ac | 2 +- + src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++-- + src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f325922..711aa7c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv) ++AC_CHECK_FUNCS(clearenv getnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c +index b53eda3..f14e924 100644 +--- a/src/polkitbackend/polkitbackendlocalauthority.c ++++ b/src/polkitbackend/polkitbackendlocalauthority.c +@@ -52,9 +52,10 @@ + + static GList *get_users_in_group (PolkitIdentity *group, + gboolean include_root); +- ++#if defined HAVE_GETNETGRENT + static GList *get_users_in_net_group (PolkitIdentity *group, + gboolean include_root); ++#endif + + static GList *get_groups_for_user (PolkitIdentity *user); + +@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti + { + ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); + } ++#if defined HAVE_GETNETGRENT + else if (POLKIT_IS_UNIX_NETGROUP (identity)) + { + ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); + } ++#endif + else + { + g_warning ("Unsupported identity %s", admin_identities[n]); +@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group, + return ret; + } + ++#if defined HAVE_GETNETGRENT + static GList * + get_users_in_net_group (PolkitIdentity *group, + gboolean include_root) +@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group, + endnetgrent (); + return ret; + } +- ++#endif + + static GList * + get_groups_for_user (PolkitIdentity *user) +diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c +index 2ddfe75..02553c4 100644 +--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c ++++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c +@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization + break; + } + ++#if defined HAVE_GETNETGRENT + /* if no identity specs matched and identity is a user, match against netgroups */ + if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) + { +@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization + const gchar *user_name = polkit_unix_user_get_name (user_identity); + if (!user_name) + continue; +- + for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) + { + if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) + break; + } + } ++#endif + + if (ll == NULL) + continue; +-- +1.7.10.2 + diff --git a/user/polkit/APKBUILD b/user/polkit/APKBUILD new file mode 100644 index 000000000..fdc37d634 --- /dev/null +++ b/user/polkit/APKBUILD @@ -0,0 +1,80 @@ +# Contributor: Carlo Landmeter +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=polkit +pkgver=0.105 +pkgrel=8 +pkgdesc="Application development toolkit for controlling system-wide privileges" +url="http://www.freedesktop.org/wiki/Software/polkit/" +arch="all" +license="LGPL" +depends= +options="suid" +depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev" +makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev + intltool autoconf automake libtool" +install= +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" +source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz + 0001-Bug-50145-make-netgroup-support-optional.patch + CVE-2013-4288.patch + CVE-2015-3218.patch + CVE-2015-3255.patch + CVE-2015-4625.patch + automake.patch + fix-parallel-make.patch + fix-consolekit-db-stat.patch + fix-test-fgetpwent.patch + disable-ck-test.patch +" + +prepare() { + cd "$builddir" + update_config_sub + default_prepare + libtoolize --force && aclocal && autoconf && automake --add-missing +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --libexecdir=/usr/lib/polkit-1 \ + --localstatedir=/var \ + --disable-static \ + --enable-nls \ + --enable-introspection \ + --with-os-type=alpine \ + --with-pam-include=base-auth \ + --disable-gtk-doc \ + --disable-gtk-doc-html \ + --disable-gtk-doc-pdf + + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz +09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch +d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch +625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch +0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch +32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch +25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch +6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch +95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch +966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch +f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch" diff --git a/user/polkit/CVE-2013-4288.patch b/user/polkit/CVE-2013-4288.patch new file mode 100644 index 000000000..0ca8131e8 --- /dev/null +++ b/user/polkit/CVE-2013-4288.patch @@ -0,0 +1,123 @@ +From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@verbum.org> +Date: Mon, 19 Aug 2013 12:16:11 -0400 +Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too + +The uid is a new addition; this allows callers such as libvirt to +close a race condition in reading the uid of the process talking to +them. They can read it via getsockopt(SO_PEERCRED) or equivalent, +rather than having pkcheck look at /proc later after the fact. + +Programs which invoke pkcheck but need to know beforehand (i.e. at +compile time) whether or not it supports passing the uid can +use: + +pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) +test x$pkcheck_supports_uid = xyes + +Conflicts: + docs/man/pkcheck.xml + src/programs/pkcheck.c +--- + data/polkit-gobject-1.pc.in | 3 +++ + docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------ + src/programs/pkcheck.c | 7 ++++++- + 3 files changed, 30 insertions(+), 13 deletions(-) + +diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in +index c39677d..5c4c620 100644 +--- a/data/polkit-gobject-1.pc.in ++++ b/data/polkit-gobject-1.pc.in +@@ -11,3 +11,6 @@ Version: @VERSION@ + Libs: -L${libdir} -lpolkit-gobject-1 + Cflags: -I${includedir}/polkit-1 + Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 ++# Programs using pkcheck can use this to determine ++# whether or not it can be passed a uid. ++pkcheck_supports_uid=true +diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml +index 6b8a874..9f2faef 100644 +--- a/docs/man/pkcheck.xml ++++ b/docs/man/pkcheck.xml +@@ -55,6 +55,9 @@ + <arg choice="plain"> + <replaceable>pid,pid-start-time</replaceable> + </arg> ++ <arg choice="plain"> ++ <replaceable>pid,pid-start-time,uid</replaceable> ++ </arg> + </group> + </arg> + <arg choice="plain"> +@@ -90,7 +93,7 @@ + <title>DESCRIPTION</title> + <para> + <command>pkcheck</command> is used to check whether a process, specified by +- either <option>--process</option> or <option>--system-bus-name</option>, ++ either <option>--process</option> (see below) or <option>--system-bus-name</option>, + is authorized for <replaceable>action</replaceable>. The <option>--detail</option> + option can be used zero or more times to pass details about <replaceable>action</replaceable>. + If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks +@@ -160,17 +163,23 @@ KEY3=VALUE3 + <refsect1 id="pkcheck-notes"> + <title>NOTES</title> + <para> +- Since process identifiers can be recycled, the caller should always use +- <replaceable>pid,pid-start-time</replaceable> to specify the process +- to check for authorization when using the <option>--process</option> option. +- The value of <replaceable>pid-start-time</replaceable> +- can be determined by consulting e.g. the +- <citerefentry> +- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum> +- </citerefentry> +- file system depending on the operating system. If only <replaceable>pid</replaceable> +- is passed to the <option>--process</option> option, then <command>pkcheck</command> +- will look up the start time itself but note that this may be racy. ++ Do not use either the bare <replaceable>pid</replaceable> or ++ <replaceable>pid,start-time</replaceable> syntax forms for ++ <option>--process</option>. There are race conditions in both. ++ New code should always use ++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of ++ <replaceable>start-time</replaceable> can be determined by ++ consulting e.g. the ++ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry> ++ file system depending on the operating system. If fewer than 3 ++ arguments are passed, <command>pkcheck</command> will attempt to ++ look up them up internally, but note that this may be racy. ++ </para> ++ <para> ++ If your program is a daemon with e.g. a custom Unix domain ++ socket, you should determine the <replaceable>uid</replaceable> ++ parameter via operating system mechanisms such as ++ <literal>PEERCRED</literal>. + </para> + </refsect1> + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 719a36c..057e926 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -372,6 +372,7 @@ main (int argc, char *argv[]) + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; ++ guint uid; + guint64 pid_start_time; + + n++; +@@ -381,7 +382,11 @@ main (int argc, char *argv[]) + goto out; + } + +- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) ++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); ++ } ++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } +-- +1.8.5.1 + diff --git a/user/polkit/CVE-2015-3218.patch b/user/polkit/CVE-2015-3218.patch new file mode 100644 index 000000000..977825102 --- /dev/null +++ b/user/polkit/CVE-2015-3218.patch @@ -0,0 +1,115 @@ +From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: CVE-2015-3218: backend: Handle invalid object paths in + RegisterAuthenticationAgent +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +`RegisterAuthenticationAgentWithOptions` and +`UnregisterAuthentication` have been validated to not need changes for +this. + +http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html +https://bugs.freedesktop.org/show_bug.cgi?id=90829 + +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Philip Withnall <philip@tecnocode.co.uk> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index f6ea0fc..587f954 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), +-- +cgit v0.10.2 + diff --git a/user/polkit/CVE-2015-3255.patch b/user/polkit/CVE-2015-3255.patch new file mode 100644 index 000000000..1bd7c6bcf --- /dev/null +++ b/user/polkit/CVE-2015-3255.patch @@ -0,0 +1,67 @@ +From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com> +Date: Wed, 1 Apr 2015 05:22:37 +0200 +Subject: CVE-2015-3255 Fix GHashTable usage. + +Don't assume that the hash table with free both the key and the value +at the same time, supply proper deallocation functions for the key +and value separately. + +Then drop ParsedAction::action_id which is no longer used for anything. + +https://bugs.freedesktop.org/show_bug.cgi?id=69501 +and +https://bugs.freedesktop.org/show_bug.cgi?id=83590 + +CVE: CVE-2015-3255 + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index bc14381..3894fe9 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -40,7 +40,6 @@ + + typedef struct + { +- gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; +@@ -62,7 +61,6 @@ typedef struct + static void + parsed_action_free (ParsedAction *action) + { +- g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); +@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, +- NULL, ++ g_free, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, +@@ -988,7 +986,6 @@ _end (void *data, const char *el) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); +- action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); +@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + +- g_hash_table_insert (priv->parsed_actions, action->action_id, action); ++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), ++ action); + + /* we steal these hash tables */ + pd->annotations = NULL; +-- +cgit v0.10.2 + diff --git a/user/polkit/CVE-2015-4625.patch b/user/polkit/CVE-2015-4625.patch new file mode 100644 index 000000000..4a43fb433 --- /dev/null +++ b/user/polkit/CVE-2015-4625.patch @@ -0,0 +1,1008 @@ +From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Thu, 4 Jun 2015 12:15:18 -0400 +Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Tavis noted that it'd be possible with a 32 bit counter for someone to +cause the cookie to wrap by creating Authentication requests in a +loop. + +Something important to note here is that wrapping of signed integers +is undefined behavior in C, so we definitely want to fix that. All +counter integers used in this patch are unsigned. + +See the comment above `authentication_agent_generate_cookie` for +details, but basically we're now using a cookie of the form: + +``` + <agent serial> - <agent random id> - <session serial> - <session +random id> +``` + +Which has multiple 64 bit counters, plus unpredictable random 128 bit +integer ids (effectively UUIDs, but we're not calling them that +because we don't need to be globally unique. + +We further ensure that the cookies are not visible to other processes +by changing the setuid helper to accept them over standard input. This +means that an attacker would have to guess both ids. + +In any case, the security hole here is better fixed with the other +change to bind user id (uid) of the agent with cookie lookups, making +cookie guessing worthless. + +Nevertheless, I think it's worth doing this change too, for defense in +depth. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 937386e..19062aa 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -65,7 +65,7 @@ main (int argc, char *argv[]) + { + int rc; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; +@@ -97,7 +97,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -105,7 +105,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + if (getuid () != 0) + { +@@ -203,6 +206,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -212,6 +217,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + if (pam_h != NULL) + pam_end (pam_h, rc); + +diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c +index a4f73ac..e877915 100644 +--- a/src/polkitagent/polkitagenthelper-shadow.c ++++ b/src/polkitagent/polkitagenthelper-shadow.c +@@ -46,7 +46,7 @@ main (int argc, char *argv[]) + { + struct spwd *shadow; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + time_t now; + + /* clear the entire environment to avoid attacks with +@@ -67,7 +67,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -86,7 +86,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +@@ -153,6 +156,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -162,6 +167,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c +index cfa77fc..e23f9f5 100644 +--- a/src/polkitagent/polkitagenthelperprivate.c ++++ b/src/polkitagent/polkitagenthelperprivate.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include "polkitagenthelperprivate.h" + #include <stdio.h> ++#include <string.h> + #include <stdlib.h> + #include <unistd.h> + +@@ -45,6 +46,38 @@ _polkit_clearenv (void) + #endif + + ++char * ++read_cookie (int argc, char **argv) ++{ ++ /* As part of CVE-2015-4625, we started passing the cookie ++ * on standard input, to ensure it's not visible to other ++ * processes. However, to ensure that things continue ++ * to work if the setuid binary is upgraded while old ++ * agents are still running (this will be common with ++ * package managers), we support both modes. ++ */ ++ if (argc == 3) ++ return strdup (argv[2]); ++ else ++ { ++ char *ret = NULL; ++ size_t n = 0; ++ ssize_t r = getline (&ret, &n, stdin); ++ if (r == -1) ++ { ++ if (!feof (stdin)) ++ perror ("getline"); ++ free (ret); ++ return NULL; ++ } ++ else ++ { ++ g_strchomp (ret); ++ return ret; ++ } ++ } ++} ++ + gboolean + send_dbus_message (const char *cookie, const char *user) + { +diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h +index aeca2c7..547fdcc 100644 +--- a/src/polkitagent/polkitagenthelperprivate.h ++++ b/src/polkitagent/polkitagenthelperprivate.h +@@ -38,6 +38,8 @@ + + int _polkit_clearenv (void); + ++char *read_cookie (int argc, char **argv); ++ + gboolean send_dbus_message (const char *cookie, const char *user); + + void flush_and_wait (); +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index f014773..8b93ad0 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -55,6 +55,7 @@ + #include <stdio.h> + #include <sys/types.h> + #include <sys/wait.h> ++#include <gio/gunixoutputstream.h> + #include <pwd.h> + + #include "polkitagentmarshal.h" +@@ -88,7 +89,7 @@ struct _PolkitAgentSession + gchar *cookie; + PolkitIdentity *identity; + +- int child_stdin; ++ GOutputStream *child_stdin; + int child_stdout; + GPid child_pid; + +@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + static void + polkit_agent_session_init (PolkitAgentSession *session) + { +- session->child_stdin = -1; + session->child_stdout = -1; + } + +@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) + session->child_stdout = -1; + } + +- if (session->child_stdin != -1) +- { +- g_warn_if_fail (close (session->child_stdin) == 0); +- session->child_stdin = -1; +- } ++ g_clear_object (&session->child_stdin); + + session->helper_is_running = FALSE; + +@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, + + add_newline = (response[response_len] != '\n'); + +- write (session->child_stdin, response, response_len); ++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); + if (add_newline) +- write (session->child_stdin, newline, 1); ++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); + } + + /** +@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + { + uid_t uid; + GError *error; +- gchar *helper_argv[4]; ++ gchar *helper_argv[3]; + struct passwd *passwd; ++ int stdin_fd = -1; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + +@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + + helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; +- helper_argv[2] = session->cookie; +- helper_argv[3] = NULL; ++ helper_argv[2] = NULL; + +- session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; +@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + NULL, + NULL, + &session->child_pid, +- &session->child_stdin, ++ &stdin_fd, + &session->child_stdout, + NULL, + &error)) +@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + ++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); ++ ++ /* Write the cookie on stdin so it can't be seen by other processes */ ++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), ++ NULL, NULL, NULL); ++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); ++ + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 3f339e9..15adc6a 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -214,6 +214,8 @@ typedef struct + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; ++ ++ guint64 agent_serial; + } PolkitBackendInteractiveAuthorityPrivate; + + /* ---------------------------------------------------------------------------------------------------- */ +@@ -439,11 +441,15 @@ struct AuthenticationAgent + volatile gint ref_count; + + PolkitSubject *scope; ++ guint64 serial; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; ++ GRand *cookie_pool; ++ gchar *cookie_prefix; ++ guint64 cookie_serial; + + GDBusProxy *proxy; + +@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, + authentication_session_cancel (session); + } + ++/* We're not calling this a UUID, but it's basically ++ * the same thing, just not formatted that way because: ++ * ++ * - I'm too lazy to do it ++ * - If we did, people might think it was actually ++ * generated from /dev/random, which we're not doing ++ * because this value doesn't actually need to be ++ * globally unique. ++ */ ++static void ++append_rand_u128_str (GString *buf, ++ GRand *pool) ++{ ++ g_string_append_printf (buf, "%08x%08x%08x%08x", ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool)); ++} ++ ++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) ++ * pair, and not guessable by other agents. ++ * ++ * <agent serial> - <agent uuid> - <session serial> - <session uuid> ++ * ++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ */ ++static gchar * ++authentication_agent_generate_cookie (AuthenticationAgent *agent) ++{ ++ GString *buf = g_string_new (""); ++ ++ g_string_append (buf, agent->cookie_prefix); ++ ++ g_string_append_c (buf, '-'); ++ agent->cookie_serial++; ++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, ++ agent->cookie_serial); ++ g_string_append_c (buf, '-'); ++ append_rand_u128_str (buf, agent->cookie_pool); ++ ++ return g_string_free (buf, FALSE); ++} ++ ++ + static AuthenticationSession * + authentication_session_new (AuthenticationAgent *agent, +- const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, +@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent, + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); +- session->cookie = g_strdup (cookie); ++ session->cookie = authentication_agent_generate_cookie (agent); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); +@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) + g_free (session); + } + +-static gchar * +-authentication_agent_new_cookie (AuthenticationAgent *agent) +-{ +- static gint counter = 0; +- +- /* TODO: use a more random-looking cookie */ +- +- return g_strdup_printf ("cookie%d", counter++); +-} +- + static PolkitSubject * + authentication_agent_get_scope (AuthenticationAgent *agent) + { +@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); ++ g_rand_free (agent->cookie_pool); ++ g_free (agent->cookie_prefix); + g_free (agent); + } + } + + static AuthenticationAgent * +-authentication_agent_new (PolkitSubject *scope, ++authentication_agent_new (guint64 serial, ++ PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, + + agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; ++ agent->serial = serial; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); +@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + agent->proxy = proxy; + ++ { ++ GString *cookie_prefix = g_string_new (""); ++ GRand *agent_private_rand = g_rand_new (); ++ ++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); ++ ++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, ++ * whose sequence will not correlate with the per-authentication session ++ * cookies. ++ */ ++ append_rand_u128_str (cookie_prefix, agent_private_rand); ++ g_rand_free (agent_private_rand); ++ ++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); ++ ++ /* And a newly seeded pool for per-session cookies */ ++ agent->cookie_pool = g_rand_new (); ++ } ++ + return agent; + } + +@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + { + PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + AuthenticationSession *session; +- gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; +@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + &localized_icon_name, + &localized_details); + +- cookie = authentication_agent_new_cookie (agent); +- + identities = NULL; + + /* select admin user if required by the implicit authorization */ +@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + user_identities = g_list_prepend (NULL, polkit_unix_user_new (0)); + + session = authentication_session_new (agent, +- cookie, + subject, + user_of_subject, + caller, +@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + g_list_free_full (user_identities, g_object_unref); + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); +- g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); +@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- agent = authentication_agent_new (subject, ++ priv->agent_serial++; ++ agent = authentication_agent_new (priv->agent_serial, ++ subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +-- +cgit v0.10.2 + +From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001 +From: Colin Walters <walters@redhat.com> +Date: Wed, 17 Jun 2015 13:07:02 -0400 +Subject: CVE-2015-4625: Bind use of cookies to specific uids +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + +The "cookie" value that Polkit hands out is global to all polkit +users. And when `AuthenticationAgentResponse` is invoked, we +previously only received the cookie and *target* identity, and +attempted to find an agent from that. + +The problem is that the current cookie is just an integer +counter, and if it overflowed, it would be possible for +an successful authorization in one session to trigger a response +in another session. + +The overflow and ability to guess the cookie were fixed by the +previous patch. + +This patch is conceptually further hardening on top of that. Polkit +currently treats uids as equivalent from a security domain +perspective; there is no support for +SELinux/AppArmor/etc. differentiation. + +We can retrieve the uid from `getuid()` in the setuid helper, which +allows us to ensure the uid invoking `AuthenticationAgentResponse2` +matches that of the agent. + +Then the authority only looks at authentication sessions matching the +cookie that were created by a matching uid, thus removing the ability +for different uids to interfere with each other entirely. + +Several fixes to this patch were contributed by: +Miloslav Trmač <mitr@redhat.com> + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy <taviso@google.com> +Reviewed-by: Miloslav Trmač <mitr@redhat.com> +Signed-off-by: Colin Walters <walters@redhat.com> + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 3b519c2..5beef7d 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -8,7 +8,19 @@ + <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/> + + <method name="BeginAuthentication"> +- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/> ++ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called ++ by the PolicyKit daemon when the authentication agent needs the ++ user to authenticate as one of the identities in @identities for ++ the action with the identifier @action_id.</para><para>This ++ authentication is normally achieved via the ++ polkit_agent_session_response() API, which invokes a private ++ setuid helper process to verify the authentication. When ++ successful, it calls the ++ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() ++ method on the #org.freedesktop.PolicyKit1.Authority interface of ++ the PolicyKit daemon before returning. If the user dismisses the ++ authentication dialog, the authentication agent should call ++ polkit_agent_session_cancel().</para>"/> + + <arg name="action_id" direction="in" type="s"> + <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/> +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index fbfb9cd..f9021ee 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -313,7 +313,29 @@ + </method> + + <method name="AuthenticationAgentResponse"> +- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/> ++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit."/> ++ ++ <arg name="cookie" direction="in" type="s"> ++ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> ++ </arg> ++ ++ <arg name="identity" direction="in" type="(sa{sv})"> ++ <annotation name="org.gtk.EggDBus.Type" value="Identity"/> ++ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/> ++ </arg> ++ </method> ++ ++ <method name="AuthenticationAgentResponse2"> ++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse ++as it fixes a security issue."/> ++ ++ <arg name="uid" direction="in" type="u"> ++ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/> ++ </arg> + + <arg name="cookie" direction="in" type="s"> + <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/> +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index 6525e25..e66bf53 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth + IN String object_path) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie, + IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) ++<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie, ++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject, + OUT Array<<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>> temporary_authorizations) + <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject) +@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie, + IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) + </programlisting> + <para> +-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++ </para> ++<variablelist role="params"> ++ <varlistentry> ++ <term><literal>IN String <parameter>cookie</parameter></literal>:</term> ++ <listitem> ++ <para> ++The cookie identifying the authentication request that was passed to the authentication agent. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> ++ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term> ++ <listitem> ++ <para> ++A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated. ++ </para> ++ </listitem> ++ </varlistentry> ++</variablelist> ++ </refsect2> ++ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2"> ++ <title>AuthenticationAgentResponse2 ()</title> ++ <programlisting> ++AuthenticationAgentResponse2 (IN uint32 uid, ++ IN String cookie, ++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity) ++ </programlisting> ++ <para> ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + </para> + <variablelist role="params"> + <varlistentry> ++ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term> ++ <listitem> ++ <para> ++The user id of the agent; normally this is the owner of the parent pid ++of the process that invoked the internal setuid helper. ++ </para> ++ </listitem> ++ </varlistentry> ++ <varlistentry> + <term><literal>IN String <parameter>cookie</parameter></literal>:</term> + <listitem> + <para> +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 150a7bc..176d2ea 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -314,16 +314,18 @@ + <para> + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit +- Authority using +- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> ++ Authority using the <link ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link> + method. When services are needed, the authority will invoke +- methods on +- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> ++ methods on the <link ++ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link> + D-Bus interface. Once the user is authenticated, (a privileged +- part of) the agent invokes +- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> +- method. Note that the polkit Authority itself does not care +- how the agent authenticates the user. ++ part of) the agent invokes the <link ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link> ++ method. This method should be treated as an internal ++ implementation detail, and callers should use the public shared ++ library API to invoke it, which currently uses a setuid helper ++ program. + </para> + <para> + The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link> +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index ab6d3cd..6bd684a 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + gpointer user_data) + { + GVariant *identity_value; ++ /* Note that in reality, this API is only accessible to root, and ++ * only called from the setuid helper `polkit-agent-helper-1`. ++ * ++ * However, because this is currently public API, we avoid ++ * triggering warnings from ABI diff type programs by just grabbing ++ * the real uid of the caller here. ++ */ ++ uid_t uid = getuid (); + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); +@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, +- "AuthenticationAgentResponse", +- g_variant_new ("(s@(sa{sv}))", ++ "AuthenticationAgentResponse2", ++ g_variant_new ("(us@(sa{sv}))", ++ (guint32)uid, + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 601a974..03a4e84 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + gboolean + polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority + } + else + { +- return klass->authentication_agent_response (authority, caller, cookie, identity, error); ++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); + } + } + +@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = + " <arg type='s' name='cookie' direction='in'/>" + " <arg type='(sa{sv})' name='identity' direction='in'/>" + " </method>" ++ " <method name='AuthenticationAgentResponse2'>" ++ " <arg type='u' name='uid' direction='in'/>" ++ " <arg type='s' name='cookie' direction='in'/>" ++ " <arg type='(sa{sv})' name='identity' direction='in'/>" ++ " </method>" + " <method name='EnumerateTemporaryAuthorizations'>" + " <arg type='(sa{sv})' name='subject' direction='in'/>" + " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>" +@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, ++ (uid_t)-1, ++ cookie, ++ identity, ++ &error)) ++ { ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ ++ out: ++ if (identity != NULL) ++ g_object_unref (identity); ++} ++ ++static void ++server_handle_authentication_agent_response2 (Server *server, ++ GVariant *parameters, ++ PolkitSubject *caller, ++ GDBusMethodInvocation *invocation) ++{ ++ const gchar *cookie; ++ GVariant *identity_gvariant; ++ PolkitIdentity *identity; ++ GError *error; ++ guint32 uid; ++ ++ identity = NULL; ++ ++ g_variant_get (parameters, ++ "(u&s@(sa{sv}))", ++ &uid, ++ &cookie, ++ &identity_gvariant); ++ ++ error = NULL; ++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); ++ if (identity == NULL) ++ { ++ g_prefix_error (&error, "Error getting identity: "); ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; ++ if (!polkit_backend_authority_authentication_agent_response (server->authority, ++ caller, ++ (uid_t)uid, + cookie, + identity, + &error)) +@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); ++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) ++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) +diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h +index f9f7385..88df82e 100644 +--- a/src/polkitbackend/polkitbackendauthority.h ++++ b/src/polkitbackend/polkitbackendauthority.h +@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend + + gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 15adc6a..96725f7 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI + PolkitSubject *subject); + + +-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie); ++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie); + + static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); +@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a + + static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -440,6 +442,7 @@ struct AuthenticationAgent + { + volatile gint ref_count; + ++ uid_t creator_uid; + PolkitSubject *scope; + guint64 serial; + +@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) + static AuthenticationAgent * + authentication_agent_new (guint64 serial, + PolkitSubject *scope, ++ PolkitIdentity *creator, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, + { + AuthenticationAgent *agent; + GDBusProxy *proxy; ++ PolkitUnixUser *creator_user; ++ ++ g_assert (POLKIT_IS_UNIX_USER (creator)); ++ creator_user = POLKIT_UNIX_USER (creator); + + if (!g_variant_is_object_path (object_path)) + { +@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, + agent->ref_count = 1; + agent->serial = serial; + agent->scope = g_object_ref (scope); ++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); +@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori + } + + static AuthenticationSession * +-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie) ++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie) + { + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; +@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author + { + GList *l; + ++ /* We need to ensure that if somehow we have duplicate cookies ++ * due to wrapping, that the cookie used is matched to the user ++ * who called AuthenticationAgentResponse2. See ++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ * Except if the legacy AuthenticationAgentResponse is invoked, ++ * we don't know the uid and hence use -1. Continue to support ++ * the old behavior for backwards compatibility, although everyone ++ * who is using our own setuid helper will automatically be updated ++ * to the new API. ++ */ ++ if (uid != (uid_t)-1) ++ { ++ if (agent->creator_uid != uid) ++ continue; ++ } ++ + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; +@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, ++ user_of_caller, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + static gboolean + polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + } + + /* find the authentication session */ +- session = get_authentication_session_for_cookie (interactive_authority, cookie); ++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); + if (session == NULL) + { + g_set_error (error, +-- +cgit v0.10.2 + +--- ./configure.ac.orig ++++ ./configure.ac +@@ -122,7 +122,7 @@ + changequote([,])dnl + fi + +-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) ++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + diff --git a/user/polkit/automake.patch b/user/polkit/automake.patch new file mode 100644 index 000000000..0f6825a26 --- /dev/null +++ b/user/polkit/automake.patch @@ -0,0 +1,19 @@ +--- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000 ++++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000 +@@ -3,7 +3,7 @@ + AC_PREREQ(2.59c) + AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) + AM_INIT_AUTOMAKE(polkit, 0.105) +-AM_CONFIG_HEADER(config.h) ++AC_CONFIG_HEADER(config.h) + AM_MAINTAINER_MODE + + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +@@ -24,7 +24,6 @@ + + AC_ISC_POSIX + AC_PROG_CC +-AM_PROG_CC_STDC + AC_HEADER_STDC + AM_PROG_LIBTOOL + AC_PROG_MAKE_SET diff --git a/user/polkit/disable-ck-test.patch b/user/polkit/disable-ck-test.patch new file mode 100644 index 000000000..e1987d40d --- /dev/null +++ b/user/polkit/disable-ck-test.patch @@ -0,0 +1,15 @@ +This test requires ConsoleKit to be running. + +--- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500 +@@ -36,8 +36,8 @@ + TEST_PROGS += polkitbackendlocalauthorizationstoretest + polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c + +-TEST_PROGS += polkitbackendlocalauthoritytest +-polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c ++#TEST_PROGS += polkitbackendlocalauthoritytest ++#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c + + # ---------------------------------------------------------------------------------------------------- + diff --git a/user/polkit/fix-consolekit-db-stat.patch b/user/polkit/fix-consolekit-db-stat.patch new file mode 100644 index 000000000..3deceb639 --- /dev/null +++ b/user/polkit/fix-consolekit-db-stat.patch @@ -0,0 +1,30 @@ +--- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2012-04-24 19:05:34.000000000 +0300 ++++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c 2015-08-17 14:50:51.428580856 +0300 +@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor + + GKeyFile *database; + GFileMonitor *database_monitor; +- time_t database_mtime; ++ struct timespec database_mtim; + }; + + struct _PolkitBackendSessionMonitorClass +@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon + goto out; + } + +- monitor->database_mtime = statbuf.st_mtime; ++ monitor->database_mtim = statbuf.st_mtim; + + monitor->database = g_key_file_new (); + if (!g_key_file_load_from_file (monitor->database, +@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon + strerror (errno)); + goto out; + } +- if (statbuf.st_mtime == monitor->database_mtime) ++ if (statbuf.st_mtim.tv_sec == monitor->database_mtim.tv_sec && ++ statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec) + { + ret = TRUE; + goto out; diff --git a/user/polkit/fix-parallel-make.patch b/user/polkit/fix-parallel-make.patch new file mode 100644 index 000000000..b693a34dd --- /dev/null +++ b/user/polkit/fix-parallel-make.patch @@ -0,0 +1,40 @@ +From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001 +From: Ryan Lortie <desrt@velocity.(none)> +Date: Tue, 13 Nov 2012 16:50:14 +0000 +Subject: build: Fix .gir generation for parallel make + +As per the intructions in the introspection Makefile, we should have a +line declaring a dependency between the .gir and .la files. + +https://bugs.freedesktop.org/show_bug.cgi?id=57077 + +Signed-off-by: David Zeuthen <zeuthen@gmail.com> +--- +diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am +index 39d6d84..d648d29 100644 +--- a/src/polkit/Makefile.am ++++ b/src/polkit/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + + INTROSPECTION_GIRS = Polkit-1.0.gir + ++Polkit-1.0.gir: libpolkit-gobject-1.la ++ + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = Polkit-1.0.gir + +diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am +index 1cfb73c..5b7d4c7 100644 +--- a/src/polkitagent/Makefile.am ++++ b/src/polkitagent/Makefile.am +@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = PolkitAgent-1.0.gir + ++PolkitAgent-1.0.gir: libpolkit-agent-1.la ++ + typelibsdir = $(INTROSPECTION_TYPELIBDIR) + typelibs_DATA = PolkitAgent-1.0.typelib + +-- +cgit v0.9.0.2-2-gbebe diff --git a/user/polkit/fix-test-fgetpwent.patch b/user/polkit/fix-test-fgetpwent.patch new file mode 100644 index 000000000..7bc6481cc --- /dev/null +++ b/user/polkit/fix-test-fgetpwent.patch @@ -0,0 +1,20 @@ +--- polkit-0.105/test/mocklibc/src/pwd.c.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/mocklibc/src/pwd.c 2017-09-27 19:40:57.883227673 -0500 +@@ -16,6 +16,7 @@ + * Author: Nikki VonHollen <vonhollen@gmail.com> + */ + ++#define _GNU_SOURCE + #include <pwd.h> + + #include <stdio.h> +--- polkit-0.105/test/mocklibc/src/grp.c.old 2012-04-24 11:05:34.000000000 -0500 ++++ polkit-0.105/test/mocklibc/src/grp.c 2017-09-27 19:44:57.759238450 -0500 +@@ -16,6 +16,7 @@ + * Author: Nikki VonHollen <vonhollen@gmail.com> + */ + ++#define _GNU_SOURCE + #include <grp.h> + + #include <stdio.h> diff --git a/user/py-dbus/APKBUILD b/user/py-dbus/APKBUILD new file mode 100644 index 000000000..87da11915 --- /dev/null +++ b/user/py-dbus/APKBUILD @@ -0,0 +1,44 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=py-dbus +pkgver=1.2.0 +pkgrel=3 +pkgdesc="Python bindings for DBUS" +url="http://www.freedesktop.org/wiki/Software/DBusBindings" +arch="all" +license="GPL LGPL" +depends="python3" +depends_dev="py-dbus" +makedepends="dbus-glib-dev python3-dev" +subpackages="$pkgname-dev $pkgname-doc" +source="http://dbus.freedesktop.org/releases/dbus-python/dbus-python-$pkgver.tar.gz" + +builddir="$srcdir"/dbus-python-$pkgver + +prepare() { + cd "$builddir" + update_config_sub + default_prepare +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr + make +} + +check() { + cd "$builddir" + make test +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +md5sums="b09cd2d1a057cc432ce944de3fc06bf7 dbus-python-1.2.0.tar.gz" +sha256sums="e12c6c8b2bf3a9302f75166952cbe41d6b38c3441bbc6767dbd498942316c6df dbus-python-1.2.0.tar.gz" +sha512sums="013b23e08fa1ed43f53a756587fefbc9770f7c51e93510e555acbd77230b7200693419bba9a69680d790bbaf123f4a195afa38b3eee1143da950fee0b5130bce dbus-python-1.2.0.tar.gz" diff --git a/user/qca/APKBUILD b/user/qca/APKBUILD new file mode 100644 index 000000000..669389ac7 --- /dev/null +++ b/user/qca/APKBUILD @@ -0,0 +1,35 @@ +# Contributor: William Pitcock <nenolod@dereferenced.org> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=qca +pkgver=2.1.3 +pkgrel=5 +pkgdesc="Qt cryptographic architecture" +url="http://delta.affinix.com/qca/" +arch="all" +license="LGPL-2.1+" +depends= +depends_dev="qt5-qtbase-dev" +makedepends="$depends_dev cmake cyrus-sasl-dev" +install="" +subpackages="$pkgname-dev $pkgname-doc" +source="http://download.kde.org/stable/qca/$pkgver/src/qca-${pkgver}.tar.xz" + +builddir="$srcdir"/qca-$pkgver + +build() { + cd "$builddir" + cmake -DCMAKE_INSTALL_PREFIX=/usr -DWITH_cyrus-sasl_PLUGIN=yes . + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +check() { + cd "$builddir" + make test +} + +sha512sums="0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a qca-2.1.3.tar.xz" diff --git a/user/redis/APKBUILD b/user/redis/APKBUILD new file mode 100644 index 000000000..fc8ea8426 --- /dev/null +++ b/user/redis/APKBUILD @@ -0,0 +1,87 @@ +# Contributor: V.Krishn <vkrishn4@gmail.com> +# Maintainer: +pkgname=redis +pkgver=4.0.2 +pkgrel=2 +pkgdesc="Advanced key-value store" +url="http://redis.io/" +arch="all" +license="BSD" +depends="" +makedepends="linux-headers" +checkdepends="tcl" +splitpackages="$pkgname-openrc" +install="redis.pre-install" +pkgusers="redis" +pkggroups="redis" +source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz + fix-ppc-atomics.patch + posix-runtest.patch + redis.initd + redis.logrotate + redis.confd + " +builddir="$srcdir/$pkgname-$pkgver" + +prepare() { + default_prepare + + cd "$builddir" + sed -i -e 's|^daemonize .*|daemonize yes|' \ + -e 's|^dir .*|dir /var/lib/redis/|' \ + -e 's|^logfile .*|logfile /var/log/redis/redis\.log|' \ + -e 's|^pidfile .*|pidfile /var/run/redis/redis\.pid|' \ + -e 's|^loglevel .*|loglevel notice|' \ + redis.conf + + # disable broken tests + # see: https://github.com/antirez/redis/issues/2814 + # https://github.com/antirez/redis/issues/3810 + + sed -i -e '/integration\/aof/d' \ + -e '/integration\/logging/d' \ + tests/test_helper.tcl +} + +build() { + cd "$builddir" + make PREFIX=/usr \ + INSTALL_BIN="$pkgdir"/usr/bin \ + MALLOC=libc \ + FINAL_LIBS="-latomic " \ + all +} + +check() { + cd "$builddir" + make test +} + +package() { + cd "$builddir" + mkdir -p "$pkgdir"/usr/bin + install -d -o redis -g redis \ + "$pkgdir"/var/lib/redis \ + "$pkgdir"/var/log/redis \ + "$pkgdir"/var/run/redis + + install -D -m755 "$builddir/COPYING" \ + "$pkgdir/usr/share/licenses/redis/COPYING" + install -D -m755 "$srcdir/redis.initd" "$pkgdir/etc/init.d/redis" \ + && install -Dm644 "$srcdir/redis.logrotate" \ + "$pkgdir/etc/logrotate.d/redis" \ + && install -Dm644 "$srcdir/redis.confd" \ + "$pkgdir/etc/conf.d/redis" + install -D -m644 "$builddir/redis.conf" "$pkgdir/etc/redis.conf" + + make PREFIX=/usr \ + INSTALL_BIN="$pkgdir/usr/bin" \ + install +} + +sha512sums="1458909c6fc16cff8ca5e6dddff23b988ee1e447f2d0bccf5941553b22bab6abb851732b3fe53dafb8a69d6c0939c3ce7e0686d51e03be720fb018c038d3b1b4 redis-4.0.2.tar.gz +f768acea3e1868dbf0596085640c83e58d899860d7d647b0965fa858844c494d0a49b229fb417456d83f3e2690e5450950c31e0fa40529df85a9cde38d8981c4 fix-ppc-atomics.patch +856ae98e9e8670801827c3bd793dc14ed2c62c37365f8d04b452d7e1ab97300a0bf18c59b52ea686c2689d53aeed8e29e2c55207d3d4fb1fd8fc7fc820f33157 posix-runtest.patch +91b663f802aea9a473195940d3bf2ce3ca2af4e5b6e61a2d28ebbfe502ef2c764b574b7e87c49e60345d1a5d6b73d12920924c93b26be110c2ce824023347b6f redis.initd +6d17d169b40a7e23a0a2894eff0f3e2fe8e4461b36f2a9d45468f0abd84ea1035d679b4c0a34029bce093147f9c7bb697e843c113c17769d38c934d4a78a5848 redis.logrotate +d87aad6185300c99cc9b6a478c83bf62c450fb2c225592d74cc43a3adb93e19d8d2a42cc279907b385aa73a7b9c77b66828dbfb001009edc16a604abb2087e99 redis.confd" diff --git a/user/redis/fix-ppc-atomics.patch b/user/redis/fix-ppc-atomics.patch new file mode 100644 index 000000000..0263bb531 --- /dev/null +++ b/user/redis/fix-ppc-atomics.patch @@ -0,0 +1,13 @@ +--- redis-4.0.2/src/Makefile.old 2017-09-21 09:12:52.000000000 -0500 ++++ redis-4.0.2/src/Makefile 2018-05-26 18:45:23.494413590 -0500 +@@ -109,6 +109,10 @@ + # Include paths to dependencies + FINAL_CFLAGS+= -I../deps/hiredis -I../deps/linenoise -I../deps/lua/src + ++ifeq ($(uname_M),ppc) ++ FINAL_LIBS+= -latomic ++endif ++ + ifeq ($(MALLOC),tcmalloc) + FINAL_CFLAGS+= -DUSE_TCMALLOC + FINAL_LIBS+= -ltcmalloc diff --git a/user/redis/posix-runtest.patch b/user/redis/posix-runtest.patch new file mode 100644 index 000000000..84d76ad10 --- /dev/null +++ b/user/redis/posix-runtest.patch @@ -0,0 +1,33 @@ +--- redis-4.0.2/runtest.old 2017-09-21 09:12:52.000000000 -0500 ++++ redis-4.0.2/runtest 2017-12-31 05:50:13.037119127 -0600 +@@ -3,7 +3,7 @@ + TCLSH="" + + for VERSION in $TCL_VERSIONS; do +- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL ++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL + done + + if [ -z $TCLSH ] +--- redis-4.0.2/runtest-cluster.old 2017-09-21 09:12:52.000000000 -0500 ++++ redis-4.0.2/runtest-cluster 2017-12-31 05:50:20.517111722 -0600 +@@ -3,7 +3,7 @@ + TCLSH="" + + for VERSION in $TCL_VERSIONS; do +- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL ++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL + done + + if [ -z $TCLSH ] +--- redis-4.0.2/runtest-sentinel.old 2017-09-21 09:12:52.000000000 -0500 ++++ redis-4.0.2/runtest-sentinel 2017-12-31 05:50:26.877105425 -0600 +@@ -3,7 +3,7 @@ + TCLSH="" + + for VERSION in $TCL_VERSIONS; do +- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL ++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL + done + + if [ -z $TCLSH ] diff --git a/user/redis/redis.confd b/user/redis/redis.confd new file mode 100644 index 000000000..a79f61ccd --- /dev/null +++ b/user/redis/redis.confd @@ -0,0 +1,9 @@ +# Redis user. +REDIS_USER="redis" + +# Redis group. +REDIS_GROUP="redis" + +# Redis configuration file. +REDIS_CONF="/etc/redis.conf" + diff --git a/user/redis/redis.initd b/user/redis/redis.initd new file mode 100755 index 000000000..ce6aba7e3 --- /dev/null +++ b/user/redis/redis.initd @@ -0,0 +1,52 @@ +#!/sbin/openrc-run + +REDIS_CONF=${REDIS_CONF:-/etc/redis.conf} +REDIS_USER=${REDIS_USER:-redis} +REDIS_GROUP=${REDIS_GROUP:-redis} + +name="Redis server" +command=/usr/bin/redis-server +command_args=${REDIS_CONF} + +depend() { + use net localmount logger + after keepalived firewall +} + +# get global pidfile, logfile, and dir from config file +get_config() { + if [ ! -f "${REDIS_CONF}" ] ; then + eerror "You need a ${REDIS_CONF} file to run redis" + return 1; + fi + + pidfile=$(awk '$1 == "pidfile" { print $2 }' "$REDIS_CONF") + logfile=$(awk '$1 == "logfile" { print $2 }' "$REDIS_CONF") + dir=$(awk '$1 == "dir" { print $2 }' "$REDIS_CONF") + : ${pidfile:=/var/run/redis/redis.pid} + : ${logfile:=/var/log/redis/redis.log} + : ${dir:=/var/lib/redis} +} + +start() { + get_config || return 1 + checkpath -d -o ${REDIS_USER}:${REDIS_GROUP} ${pidfile%/*} \ + ${logfile%/*} ${dir} + + ebegin "Starting $name" + start-stop-daemon --start \ + --chdir "${dir}" \ + --user ${REDIS_USER}:${REDIS_GROUP} \ + --pidfile "${pidfile}" \ + --exec "${command}" \ + -- ${command_args} + eend $? +} + +stop() { + get_config + ebegin "Stopping $name" + start-stop-daemon --stop --retry 30 --pidfile "${pidfile}" + eend $? +} + diff --git a/user/redis/redis.logrotate b/user/redis/redis.logrotate new file mode 100644 index 000000000..c77c9a0e8 --- /dev/null +++ b/user/redis/redis.logrotate @@ -0,0 +1,4 @@ +/var/log/redis/redis.log { + notifempty + missingok +} diff --git a/user/redis/redis.pre-install b/user/redis/redis.pre-install new file mode 100644 index 000000000..f73213126 --- /dev/null +++ b/user/redis/redis.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S redis 2>/dev/null +adduser -S -D -H -h /var/lib/redis -s /bin/false -G redis -g redis redis 2>/dev/null + +exit 0 diff --git a/user/snappy/APKBUILD b/user/snappy/APKBUILD new file mode 100644 index 000000000..588164d55 --- /dev/null +++ b/user/snappy/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=snappy +pkgver=1.1.7 +pkgrel=0 +pkgdesc="Fast compression and decompression library" +url="http://google.github.io/snappy/" +arch="all" +license="BSD-3-Clause" +subpackages="$pkgname-dbg $pkgname-dev" +source="snappy-$pkgver.tar.gz::https://github.com/google/snappy/archive/$pkgver.tar.gz + " +[ "$CARCH" = "armhf" ] && options="!check" # does not pass testsuite on armhf + +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + if [ "$CBUILD" != "$CHOST" ]; then + CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux" + fi + cmake \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ + -DBUILD_SHARED_LIBS=True \ + -DCMAKE_BUILD_TYPE=RelWithDebugInfo \ + -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_C_FLAGS="$CFLAGS" \ + ${CMAKE_CROSSOPTS} + make +} + +check() { + cd "$builddir" + CTEST_OUTPUT_ON_FAILURE=TRUE ctest +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="32046f532606ba545a4e4825c0c66a19be449f2ca2ff760a6fa170a3603731479a7deadb683546e5f8b5033414c50f4a9a29f6d23b7a41f047e566e69eca7caf snappy-1.1.7.tar.gz" diff --git a/user/spice/APKBUILD b/user/spice/APKBUILD new file mode 100644 index 000000000..a40b5853f --- /dev/null +++ b/user/spice/APKBUILD @@ -0,0 +1,43 @@ +# Contributor: A. Wilcox <awilfox@adelielinux.org> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=spice +pkgver=0.14.0 +pkgrel=0 +pkgdesc="Solution for seamless access to virtual machines" +url="https://www.spice-space.org/" +arch="all" +license="LGPL-2.1+" +depends="gst-plugins-base" +depends_dev="" +makedepends="$depends_dev openssl-dev zlib-dev libjpeg-turbo-dev cyrus-sasl-dev + opus-dev lz4-dev gstreamer-dev gst-plugins-base-dev glib-dev orc-dev + python3 spice-protocol pixman-dev gstreamer-tools" +install="" +subpackages="$pkgname-dev" +source="https://www.spice-space.org/download/releases/spice-$pkgver.tar.bz2" +builddir="$srcdir/spice-$pkgver" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --disable-celt051 + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f spice-0.14.0.tar.bz2" diff --git a/user/upower/APKBUILD b/user/upower/APKBUILD new file mode 100644 index 000000000..9c596f3e0 --- /dev/null +++ b/user/upower/APKBUILD @@ -0,0 +1,40 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=upower +pkgver=0.99.6 +pkgrel=0 +pkgdesc="Power Management Services" +url="http://upower.freedesktop.org" +arch="all" +license="GPL2+" +depends="" +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" +makedepends="linux-headers gtk+-dev libgudev-dev libusb-dev polkit-dev + dbus-glib-dev libxslt gobject-introspection-dev docbook-xsl" +source="http://upower.freedesktop.org/releases/upower-$pkgver.tar.xz + " + +builddir="$srcdir"/$pkgname-$pkgver +build() { + cd "$builddir" + DATADIRNAME=share ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/upower \ + --disable-static + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +sha512sums="7e7256491ecb5d3f04abf41f05a761b79761c8868a1aedadfc5085c3b9cf15f6099c1494596e6a24b0951511bc7cac074e93ebb2b84abb9fb7a4374483052d3f upower-0.99.6.tar.xz" diff --git a/user/upower/daemon-fix-get_critical_action.patch b/user/upower/daemon-fix-get_critical_action.patch new file mode 100644 index 000000000..6afe9b7a9 --- /dev/null +++ b/user/upower/daemon-fix-get_critical_action.patch @@ -0,0 +1,28 @@ +From 28cee8e2845b094488c337c4ecfa84ada0b6be60 Mon Sep 17 00:00:00 2001 +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Tue, 23 Feb 2016 09:51:07 +0100 +Subject: daemon: fix get_critical_action() + +Fix copy&paste error from e7e9156f that called the wrong _complete_ function +for up_daemon_get_critical_action(). + +https://bugs.freedesktop.org/show_bug.cgi?id=94262 + +diff --git a/src/up-daemon.c b/src/up-daemon.c +index be14cbe..e95f904 100644 +--- a/src/up-daemon.c ++++ b/src/up-daemon.c +@@ -435,8 +435,8 @@ up_daemon_get_critical_action (UpExportedDaemon *skeleton, + GDBusMethodInvocation *invocation, + UpDaemon *daemon) + { +- up_exported_daemon_complete_get_display_device (skeleton, invocation, +- up_backend_get_critical_action (daemon->priv->backend)); ++ up_exported_daemon_complete_get_critical_action (skeleton, invocation, ++ up_backend_get_critical_action (daemon->priv->backend)); + return TRUE; + } + +-- +cgit v0.10.2 + diff --git a/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch new file mode 100644 index 000000000..47e2f4799 --- /dev/null +++ b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch @@ -0,0 +1,184 @@ +From 932a6a39e35754be571e1274aec4730fd42dba13 Mon Sep 17 00:00:00 2001 +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Wed, 18 May 2016 09:22:43 +0200 +Subject: lib: Add proper error and cancellable handling to UpClient + constructor + +A GObject's _init() should never fail or block, but this is currently the case +as up_client_init() connects to upowerd on D-Bus. Convert this to the GInitable +interface and provide a new constructor up_client_new_full() which accepts a +GCancellable and GError, so that clients can do proper error handling +and reporting. + +This changes up_client_new() to return NULL when connecting to upowerd fails. +This provides a more well-defined behaviour in this case as clients can check +for this and our methods stop segfaulting as they have checks like + + g_return_val_if_fail (UP_IS_CLIENT (client), ...) + +Previously we returned a valid object, but trying to call any method on it +segfaulted due to the NULL D-Bus proxy, so client code had no chance to check +whether the UpClient object was really valid. + +https://bugs.freedesktop.org/show_bug.cgi?id=95350 + +diff --git a/libupower-glib/up-client.c b/libupower-glib/up-client.c +index 5b2218f..adc0b9b 100644 +--- a/libupower-glib/up-client.c ++++ b/libupower-glib/up-client.c +@@ -39,9 +39,10 @@ + #include "up-daemon-generated.h" + #include "up-device.h" + +-static void up_client_class_init (UpClientClass *klass); +-static void up_client_init (UpClient *client); +-static void up_client_finalize (GObject *object); ++static void up_client_class_init (UpClientClass *klass); ++static void up_client_initable_iface_init (GInitableIface *iface); ++static void up_client_init (UpClient *client); ++static void up_client_finalize (GObject *object); + + #define UP_CLIENT_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), UP_TYPE_CLIENT, UpClientPrivate)) + +@@ -73,7 +74,8 @@ enum { + static guint signals [UP_CLIENT_LAST_SIGNAL] = { 0 }; + static gpointer up_client_object = NULL; + +-G_DEFINE_TYPE (UpClient, up_client, G_TYPE_OBJECT) ++G_DEFINE_TYPE_WITH_CODE (UpClient, up_client, G_TYPE_OBJECT, ++ G_IMPLEMENT_INTERFACE(G_TYPE_INITABLE, up_client_initable_iface_init)) + + /** + * up_client_get_devices: +@@ -434,11 +436,10 @@ up_client_class_init (UpClientClass *klass) + * up_client_init: + * @client: This class instance + */ +-static void +-up_client_init (UpClient *client) ++static gboolean ++up_client_initable_init (GInitable *initable, GCancellable *cancellable, GError **error) + { +- GError *error = NULL; +- ++ UpClient *client = UP_CLIENT (initable); + client->priv = UP_CLIENT_GET_PRIVATE (client); + + /* connect to main interface */ +@@ -446,13 +447,10 @@ up_client_init (UpClient *client) + G_DBUS_PROXY_FLAGS_NONE, + "org.freedesktop.UPower", + "/org/freedesktop/UPower", +- NULL, +- &error); +- if (client->priv->proxy == NULL) { +- g_warning ("Couldn't connect to proxy: %s", error->message); +- g_error_free (error); +- return; +- } ++ cancellable, ++ error); ++ if (client->priv->proxy == NULL) ++ return FALSE; + + /* all callbacks */ + g_signal_connect (client->priv->proxy, "device-added", +@@ -461,6 +459,23 @@ up_client_init (UpClient *client) + G_CALLBACK (up_device_removed_cb), client); + g_signal_connect (client->priv->proxy, "notify", + G_CALLBACK (up_client_notify_cb), client); ++ ++ return TRUE; ++} ++ ++static void ++up_client_initable_iface_init (GInitableIface *iface) ++{ ++ iface->init = up_client_initable_init; ++} ++ ++/* ++ * up_client_init: ++ * @client: This class instance ++ */ ++static void ++up_client_init (UpClient *client) ++{ + } + + /* +@@ -482,23 +497,52 @@ up_client_finalize (GObject *object) + } + + /** +- * up_client_new: ++ * up_client_new_full: ++ * @cancellable: (allow-none): A #GCancellable or %NULL. ++ * @error: Return location for error or %NULL. + * +- * Creates a new #UpClient object. ++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails, ++ % this returns %NULL and sets @error. + * +- * Return value: a new UpClient object. ++ * Return value: a new UpClient object, or %NULL on failure. + * +- * Since: 0.9.0 ++ * Since: 0.99.5 + **/ + UpClient * +-up_client_new (void) ++up_client_new_full (GCancellable *cancellable, GError **error) + { + if (up_client_object != NULL) { + g_object_ref (up_client_object); + } else { +- up_client_object = g_object_new (UP_TYPE_CLIENT, NULL); +- g_object_add_weak_pointer (up_client_object, &up_client_object); ++ up_client_object = g_initable_new (UP_TYPE_CLIENT, cancellable, error, NULL); ++ if (up_client_object) ++ g_object_add_weak_pointer (up_client_object, &up_client_object); + } + return UP_CLIENT (up_client_object); + } + ++/** ++ * up_client_new: ++ * ++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails, ++ * this returns %NULL and prints out a warning with the error message. ++ * Consider using up_client_new_full() instead which allows you to handle errors ++ * and cancelling long operations yourself. ++ * ++ * Return value: a new UpClient object, or %NULL on failure. ++ * ++ * Since: 0.9.0 ++ **/ ++UpClient * ++up_client_new (void) ++{ ++ GError *error = NULL; ++ UpClient *client; ++ client = up_client_new_full (NULL, &error); ++ if (client == NULL) { ++ g_warning ("Couldn't connect to proxy: %s", error->message); ++ g_error_free (error); ++ } ++ return client; ++} ++ +diff --git a/libupower-glib/up-client.h b/libupower-glib/up-client.h +index 79c2d9e..5b9af3c 100644 +--- a/libupower-glib/up-client.h ++++ b/libupower-glib/up-client.h +@@ -72,6 +72,7 @@ typedef struct + /* general */ + GType up_client_get_type (void); + UpClient *up_client_new (void); ++UpClient *up_client_new_full (GCancellable *cancellable, GError **error); + + /* sync versions */ + UpDevice * up_client_get_display_device (UpClient *client); +-- +cgit v0.10.2 + diff --git a/user/valgrind/APKBUILD b/user/valgrind/APKBUILD new file mode 100644 index 000000000..c5371950d --- /dev/null +++ b/user/valgrind/APKBUILD @@ -0,0 +1,76 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=valgrind +pkgver=3.13.0 +pkgrel=0 +pkgdesc="A tool to help find memory-management problems in programs" +url="http://valgrind.org/" +arch="all" +license="GPL-2.0-or-later" +# it seems like busybox sed works but the configure script requires GNU sed +makedepends="sed paxmark perl bash autoconf automake libtool" +# from README_PACKAGERS: +# Don't strip the debug info off lib/valgrind/$platform/vgpreload*.so +# in the installation tree. Either Valgrind won't work at all, or it +# will still work if you do, but will generate less helpful error +# messages. +options="!strip !check" +subpackages="$pkgname-dev $pkgname-doc" +source="ftp://sourceware.org/pub/$pkgname/$pkgname-$pkgver.tar.bz2 + uclibc.patch + arm.patch + coregrind-elfv2.patch" +# musl-fixes.patch +builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + default_prepare + cd "$builddir" + aclocal && autoconf && automake --add-missing + echo '#include <linux/a.out.h>' > include/a.out.h +} + +build() { + cd "$builddir" + # fails to build with ccache + export CC="gcc" + export CFLAGS="$CFLAGS -fno-stack-protector -no-pie" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --without-mpicc + make +} + +check() { + cd "$buildir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + # we have options=!strip above so we strip the /usr/bin/* manually + if [ -z "$DEBUG" ]; then + strip "$pkgdir"/usr/bin/valgrind \ + "$pkgdir"/usr/bin/valgrind-di-server \ + "$pkgdir"/usr/bin/vgdb \ + "$pkgdir"/usr/bin/valgrind-listener \ + "$pkgdir"/usr/bin/cg_merge + fi + + # pax causes some issues + # http://marc.info/?l=gentoo-hardened&m=119512627126298&w=2 + # http://bugs.alpinelinux.org/issues/999 + paxmark -m "$pkgdir"/usr/lib/valgrind/*-*-linux +} + +sha512sums="34e1013cd3815d30a459b86220e871bb0a6209cc9e87af968f347083693779f022e986f211bdf1a5184ad7370cde12ff2cfca8099967ff94732970bd04a97009 valgrind-3.13.0.tar.bz2 +d59a10db9037e120df2ee94a103402ca95a79abee9d8be63e4e1bca29c82dca775cc402a79b854ec11a2160a4d2da202c237369418e221d1925267ea2613fd5d uclibc.patch +9ee297d1b2b86891584443ad0caadc4977e1447979611ccf1cc55dbee61911b0b063bc4ad936d86c451cedae410cb3219b5a088b2ad0aa17df182d564fe36cfe arm.patch +0f54b7b207870f495a0cf010b3091e2c0626bbf93b8a5ba7956b690981d4186de61f3e3b1fdc3aec2dfcacb69e712900f32c883a09dd4733c1e4569506272520 coregrind-elfv2.patch" diff --git a/user/valgrind/arm.patch b/user/valgrind/arm.patch new file mode 100644 index 000000000..8281c8ba1 --- /dev/null +++ b/user/valgrind/arm.patch @@ -0,0 +1,11 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -234,7 +234,7 @@ + ARCH_MAX="s390x" + ;; + +- armv7*) ++ arm*) + AC_MSG_RESULT([ok (${host_cpu})]) + ARCH_MAX="arm" + ;; diff --git a/user/valgrind/coregrind-elfv2.patch b/user/valgrind/coregrind-elfv2.patch new file mode 100644 index 000000000..7e4a2d636 --- /dev/null +++ b/user/valgrind/coregrind-elfv2.patch @@ -0,0 +1,443 @@ +The LE and BE code here is the same, except the BE has the old-style +function descriptor. So, we use the LE code on ELFv2 to fix build errors. + +--- valgrind-3.13.0/coregrind/m_libcsetjmp.c 2017-05-31 10:14:45.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_libcsetjmp.c 2018-05-25 20:07:37.007835735 -0500 +@@ -149,7 +149,7 @@ + + /* ------------ ppc64-linux ------------ */ + +-#if defined(VGP_ppc64be_linux) ++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + + __asm__( + ".section \".toc\",\"aw\"" "\n" +@@ -268,7 +268,8 @@ + ".previous" "\n" + ); + +-#elif defined(VGP_ppc64le_linux) ++#elif (defined(VGP_ppc64le_linux)) || \ ++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2) + __asm__( + ".section \".toc\",\"aw\"" "\n" + +--- valgrind-3.13.0/coregrind/m_main.c.old 2017-05-31 10:14:52.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_main.c 2018-05-30 19:01:00.534083618 -0500 +@@ -2585,7 +2585,7 @@ + "\ttrap\n" + ".previous\n" + ); +-#elif defined(VGP_ppc64be_linux) ++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + asm("\n" + /* PPC64 ELF ABI says '_start' points to a function descriptor. + So we must have one, and that is what goes into the .opd section. */ +@@ -2631,9 +2631,9 @@ + "\tnop\n" + "\ttrap\n" + ); +-#elif defined(VGP_ppc64le_linux) +-/* Little Endian uses ELF version 2 but in the future may also +- * support other ELF versions. ++#elif defined(VGP_ppc64le_linux) || \ ++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2) ++/* PowerPC 64 ELF version 2 does not use function descriptors. + */ + asm("\n" + "\t.align 2\n" +--- valgrind-3.13.0/coregrind/m_syscall.c.old 2017-05-31 10:14:29.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_syscall.c 2018-05-30 19:02:00.984023769 -0500 +@@ -470,7 +470,7 @@ + ".previous\n" + ); + +-#elif defined(VGP_ppc64be_linux) ++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + /* Due to the need to return 65 bits of result, this is completely + different from the ppc32 case. The single arg register points to a + 7-word block containing the syscall # and the 6 args. The syscall +@@ -506,7 +506,8 @@ + " blr\n" + ); + +-#elif defined(VGP_ppc64le_linux) ++#elif defined(VGP_ppc64le_linux) || \ ++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2) + /* Due to the need to return 65 bits of result, this is completely + different from the ppc32 case. The single arg register points to a + 7-word block containing the syscall # and the 6 args. The syscall +--- valgrind-3.13.0/coregrind/m_signals.c.old 2017-05-31 10:14:52.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_signals.c 2018-05-30 22:12:46.082692356 -0500 +@@ -889,7 +889,7 @@ + " sc\n" \ + ".previous\n" + +-#elif defined(VGP_ppc64be_linux) ++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + # define _MY_SIGRETURN(name) \ + ".align 2\n" \ + ".globl my_sigreturn\n" \ +@@ -904,7 +904,8 @@ + " li 0, " #name "\n" \ + " sc\n" + +-#elif defined(VGP_ppc64le_linux) ++#elif defined(VGP_ppc64le_linux) || \ ++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2) + /* Little Endian supports ELF version 2. In the future, it may + * support other versions. + */ +--- valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c.old 2017-05-31 10:14:39.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c 2018-05-30 22:15:42.112518074 -0500 +@@ -71,12 +71,12 @@ + // r4 = retaddr + // r5 = function descriptor + // r6 = arg1 +-/* On PPC64, a func ptr is represented by a TOC entry ptr. ++/* On ELFv1, a func ptr is represented by a TOC entry ptr. + This TOC entry contains three words; the first word is the function + address, the second word is the TOC ptr (r2), and the third word is + the static chain value. */ + asm( +-#if defined(VGP_ppc64be_linux) ++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + " .align 2\n" + " .globl vgModuleLocal_call_on_new_stack_0_1\n" + " .section \".opd\",\"aw\"\n" +@@ -126,7 +126,7 @@ + " bctr\n\t" // jump to dst + " trap\n" // should never get here + #else +-// ppc64le_linux ++// ppc64le_linux, or ELFv2 ABI on BE + " .align 2\n" + " .globl vgModuleLocal_call_on_new_stack_0_1\n" + "vgModuleLocal_call_on_new_stack_0_1:\n" +@@ -211,7 +211,7 @@ + + // See priv_syswrap-linux.h for arg profile. + asm( +-#if defined(VGP_ppc64be_linux) ++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1) + " .align 2\n" + " .globl do_syscall_clone_ppc64_linux\n" + " .section \".opd\",\"aw\"\n" +--- valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S.old 2017-05-31 10:14:39.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S 2018-05-30 22:18:31.742350130 -0500 +@@ -29,7 +29,7 @@ + + #include "pub_core_basics_asm.h" + +-#if defined(VGP_ppc64be_linux) ++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) + + #include "pub_core_vkiscnums_asm.h" + #include "libvex_guest_offsets.h" +@@ -76,12 +76,25 @@ + + .align 2 + .globl ML_(do_syscall_for_client_WRK) ++#if _CALL_ELF == 2 ++.type .ML_(do_syscall_for_client_WRK),@function ++ML_(do_syscall_for_client_WRK): ++0: addis 2,12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK) ++#else + .section ".opd","aw" + .align 3 +-ML_(do_syscall_for_client_WRK): ++ML_(do_syscall_for_client_WRK): + .quad .ML_(do_syscall_for_client_WRK),.TOC.@tocbase,0 + .previous +-.type .ML_(do_syscall_for_client_WRK),@function ++#endif ++#if _CALL_ELF == 2 ++0: addis 2,12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK) ++#endif ++.type .ML_(do_syscall_for_client_WRK),@function + .globl .ML_(do_syscall_for_client_WRK) + .ML_(do_syscall_for_client_WRK): + /* make a stack frame */ +@@ -145,7 +158,11 @@ + /* failure: return 0x8000 | error code */ + 7: ori 3,3,0x8000 /* FAILURE -- ensure return value is nonzero */ + b 5b +- ++#if _CALL_ELF == 2 ++ .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK) ++#else ++ .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK) ++#endif + .section .rodata + /* export the ranges so that + VG_(fixup_guest_state_after_syscall_interrupted) can do the +@@ -162,7 +179,7 @@ + ML_(blksys_committed): .quad 4b + ML_(blksys_finished): .quad 5b + +-#endif // defined(VGP_ppc64be_linux) ++#endif // defined(VGP_ppc64le_linux) + + /* Let the linker know we don't need an executable stack */ + MARK_STACK_NO_EXEC +--- valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S.old 2017-05-31 10:14:33.000000000 -0500 ++++ valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S 2018-05-30 22:39:37.951096498 -0500 +@@ -30,12 +30,21 @@ + + #include "pub_core_basics_asm.h" + +-#if defined(VGP_ppc64be_linux) ++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) + + #include "pub_core_dispatch_asm.h" + #include "pub_core_transtab_asm.h" + #include "libvex_guest_offsets.h" /* for OFFSET_ppc64_CIA */ + ++/* NOTE: PPC64 supports Big Endian and Little Endian. It also supports the ++ ELF version 1 and ELF version 2 APIs. ++ ++ Currently LE uses ELF version 2 and BE uses ELF version 1. However, ++ BE and LE may support the other ELF version in the future. So, the ++ _CALL_ELF is used in the assembly function to enable code for a ++ specific ELF version independently of the endianness of the machine. ++ The test "#if _CALL_ELF == 2" checks if ELF version 2 is being used. ++*/ + + /* References to globals via the TOC */ + +@@ -75,14 +84,26 @@ + .section ".text" + .align 2 + .globl VG_(disp_run_translations) ++#if _CALL_ELF == 2 ++.type VG_(disp_run_translations),@function ++VG_(disp_run_translations): ++.type .VG_(disp_run_translations),@function ++#else + .section ".opd","aw" + .align 3 + VG_(disp_run_translations): + .quad .VG_(disp_run_translations),.TOC.@tocbase,0 + .previous + .type .VG_(disp_run_translations),@function ++#endif + .globl .VG_(disp_run_translations) + .VG_(disp_run_translations): ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_run_translations), .-VG_(disp_run_translations) ++#endif ++ + /* r3 holds two_words */ + /* r4 holds guest_state */ + /* r5 holds host_addr */ +@@ -229,8 +250,13 @@ + /* make a stack frame for the code we are calling */ + stdu 1,-48(1) + +- /* Set up the guest state ptr */ ++ /* Set up the guest state ptr */ + mr 31,4 /* r31 (generated code gsp) = r4 */ ++#if _CALL_ELF == 2 ++/* for the LE ABI need to setup r2 and r12 */ ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++#endif + + /* and jump into the code cache. Chained translations in + the code cache run, until for whatever reason, they can't +@@ -385,6 +411,9 @@ + mtlr 0 + addi 1,1,624 /* stack_size */ + blr ++#if _CALL_ELF == 2 ++ .size VG_(disp_run_translations),.-VG_(disp_run_translations) ++#endif + + + /*----------------------------------------------------*/ +@@ -395,15 +424,25 @@ + .section ".text" + .align 2 + .globl VG_(disp_cp_chain_me_to_slowEP) +- .section ".opd","aw" ++#if _CALL_ELF == 2 ++ .type VG_(disp_cp_chain_me_to_slowEP),@function ++ VG_(disp_cp_chain_me_to_slowEP): ++#else ++ .section ".opd","aw" + .align 3 + VG_(disp_cp_chain_me_to_slowEP): + .quad .VG_(disp_cp_chain_me_to_slowEP),.TOC.@tocbase,0 + .previous ++#endif + .type .VG_(disp_cp_chain_me_to_slowEP),@function + .globl .VG_(disp_cp_chain_me_to_slowEP) + .VG_(disp_cp_chain_me_to_slowEP): +- /* We got called. The return address indicates ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_cp_chain_me_to_slowEP), .-VG_(disp_cp_chain_me_to_slowEP) ++#endif ++ /* We got called. The return address indicates + where the patching needs to happen. Collect + the return address and, exit back to C land, + handing the caller the pair (Chain_me_S, RA) */ +@@ -415,20 +454,33 @@ + */ + subi 7,7,20+4+4 + b .postamble ++#if _CALL_ELF == 2 ++ .size VG_(disp_cp_chain_me_to_slowEP),.-VG_(disp_cp_chain_me_to_slowEP) ++#endif + + /* ------ Chain me to fast entry point ------ */ + .section ".text" + .align 2 + .globl VG_(disp_cp_chain_me_to_fastEP) +- .section ".opd","aw" ++#if _CALL_ELF == 2 ++ .type VG_(disp_cp_chain_me_to_fastEP),@function ++VG_(disp_cp_chain_me_to_fastEP): ++#else ++ .section ".opd","aw" + .align 3 + VG_(disp_cp_chain_me_to_fastEP): + .quad .VG_(disp_cp_chain_me_to_fastEP),.TOC.@tocbase,0 + .previous ++#endif + .type .VG_(disp_cp_chain_me_to_fastEP),@function + .globl .VG_(disp_cp_chain_me_to_fastEP) + .VG_(disp_cp_chain_me_to_fastEP): +- /* We got called. The return address indicates ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_cp_chain_me_to_fastEP), .-VG_(disp_cp_chain_me_to_fastEP) ++#endif ++ /* We got called. The return address indicates + where the patching needs to happen. Collect + the return address and, exit back to C land, + handing the caller the pair (Chain_me_S, RA) */ +@@ -440,20 +492,33 @@ + */ + subi 7,7,20+4+4 + b .postamble ++#if _CALL_ELF == 2 ++ .size VG_(disp_cp_chain_me_to_fastEP),.-VG_(disp_cp_chain_me_to_fastEP) ++#endif + + /* ------ Indirect but boring jump ------ */ + .section ".text" + .align 2 + .globl VG_(disp_cp_xindir) +- .section ".opd","aw" ++#if _CALL_ELF == 2 ++ .type VG_(disp_cp_xindir),@function ++VG_(disp_cp_xindir): ++#else ++ .section ".opd","aw" + .align 3 + VG_(disp_cp_xindir): + .quad .VG_(disp_cp_xindir),.TOC.@tocbase,0 + .previous ++#endif + .type .VG_(disp_cp_xindir),@function + .globl .VG_(disp_cp_xindir) + .VG_(disp_cp_xindir): +- /* Where are we going? */ ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_cp_xindir), .-VG_(disp_cp_xindir) ++#endif ++ /* Where are we going? */ + ld 3,OFFSET_ppc64_CIA(31) + + /* stats only */ +@@ -479,6 +544,9 @@ + /* Found a match. Jump to .host. */ + mtctr 7 + bctr ++#if _CALL_ELF == 2 ++ .size VG_(disp_cp_xindir),.-VG_(disp_cp_xindir) ++#endif + + .fast_lookup_failed: + /* stats only */ +@@ -496,39 +564,64 @@ + .section ".text" + .align 2 + .globl VG_(disp_cp_xassisted) +- .section ".opd","aw" ++#if _CALL_ELF == 2 ++ .type VG_(disp_cp_xassisted),@function ++VG_(disp_cp_xassisted): ++#else ++ .section ".opd","aw" + .align 3 + VG_(disp_cp_xassisted): + .quad .VG_(disp_cp_xassisted),.TOC.@tocbase,0 + .previous +- .type .VG_(disp_cp_xassisted),@function ++#endif ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_cp_xassisted), .-VG_(disp_cp_xassisted) ++#endif ++ .type .VG_(disp_cp_xassisted),@function + .globl .VG_(disp_cp_xassisted) + .VG_(disp_cp_xassisted): + /* r31 contains the TRC */ + mr 6,31 + li 7,0 + b .postamble ++#if _CALL_ELF == 2 ++ .size VG_(disp_cp_xassisted),.-VG_(disp_cp_xassisted) ++#endif + + /* ------ Event check failed ------ */ + .section ".text" + .align 2 + .globl VG_(disp_cp_evcheck_fail) +- .section ".opd","aw" ++#if _CALL_ELF == 2 ++ .type VG_(disp_cp_evcheck_fail),@function ++VG_(disp_cp_evcheck_fail): ++#else ++ .section ".opd","aw" + .align 3 + VG_(disp_cp_evcheck_fail): + .quad .VG_(disp_cp_evcheck_fail),.TOC.@tocbase,0 + .previous ++#endif ++#if _CALL_ELF == 2 ++0: addis 2, 12,.TOC.-0b@ha ++ addi 2,2,.TOC.-0b@l ++ .localentry VG_(disp_cp_evcheck_fail), .-VG_(disp_cp_evcheck_fail) ++#endif + .type .VG_(disp_cp_evcheck_fail),@function + .globl .VG_(disp_cp_evcheck_fail) + .VG_(disp_cp_evcheck_fail): + li 6,VG_TRC_INNER_COUNTERZERO + li 7,0 + b .postamble ++#if _CALL_ELF == 2 ++ .size VG_(disp_cp_evcheck_fail),.-VG_(disp_cp_evcheck_fail) ++#endif + +- + .size .VG_(disp_run_translations), .-.VG_(disp_run_translations) + +-#endif // defined(VGP_ppc64be_linux) ++#endif // defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux) + + /* Let the linker know we don't need an executable stack */ + MARK_STACK_NO_EXEC diff --git a/user/valgrind/uclibc.patch b/user/valgrind/uclibc.patch new file mode 100644 index 000000000..69281ab2c --- /dev/null +++ b/user/valgrind/uclibc.patch @@ -0,0 +1,10 @@ +--- ./coregrind/vg_preloaded.c.orig ++++ ./coregrind/vg_preloaded.c +@@ -42,6 +42,7 @@ + originates from Valgrind. + ------------------------------------------------------------------ */ + ++#include <features.h> + #include "pub_core_basics.h" + #include "pub_core_clreq.h" + #include "pub_core_debuginfo.h" // Needed for pub_core_redir.h diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD new file mode 100644 index 000000000..a11b883f7 --- /dev/null +++ b/user/vlc/APKBUILD @@ -0,0 +1,362 @@ +# Contributor: Łukasz Jendrysik <scadu@yandex.com> +# Contributor: Leonardo Arena <rnalrd@alpinelinux.org> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=vlc +pkgver=3.0.3 +_pkgver=${pkgver/_/-} +_ver=${_pkgver%[a-z]} +pkgrel=1 +pkgdesc="A multi-platform MPEG, VCD/DVD, and DivX player" +triggers="vlc-libs.trigger=/usr/lib/vlc/plugins" +pkgusers="vlc" +pkggroups="vlc" +url="https://www.videolan.org/vlc/" +arch="all" +license="GPL-2.0-or-later" +options="!checkroot textrel" +subpackages="$pkgname-dev + $pkgname-doc + $pkgname-qt + $pkgname-xorg + $pkgname-daemon::noarch + $pkgname-libs + $pkgname-plugins + + $pkgname-plugins-access:plugins_access + $pkgname-plugins-access_output:plugins_access_output + $pkgname-plugins-audio_filter:plugins_audio_filter + $pkgname-plugins-audio_mixer:plugins_audio_mixer + $pkgname-plugins-audio_output:plugins_audio_output + $pkgname-plugins-codec:plugins_codec + $pkgname-plugins-control:plugins_control + $pkgname-plugins-demux:plugins_demux + $pkgname-plugins-gui:plugins_gui + $pkgname-plugins-lua:plugins_lua + $pkgname-plugins-meta_engine:plugins_meta_engine + $pkgname-plugins-misc:plugins_misc + $pkgname-plugins-mux:plugins_mux + $pkgname-plugins-notify:plugins_notify + $pkgname-plugins-packetizer:plugins_packetizer + $pkgname-plugins-services_discovery:plugins_services_discovery + $pkgname-plugins-stream_filter:plugins_stream_filter + $pkgname-plugins-stream_out:plugins_stream_out + $pkgname-plugins-text_renderer:plugins_text_renderer + $pkgname-plugins-video_chroma:plugins_video_chroma + $pkgname-plugins-video_filter:plugins_video_filter + $pkgname-plugins-video_output:plugins_video_output + $pkgname-plugins-visualization:plugins_visualization" +depends="ttf-dejavu $pkgname-plugins" +makedepends=" + a52dec-dev + alsa-lib-dev + automake + autoconf + bison + libtool + dbus-dev + faad2-dev + ffmpeg-dev + flac-dev + flex + fluidsynth-dev + freetype-dev + fribidi-dev + gtk+3.0-dev + libbluray-dev>=0.2.1 libbluray-dev<20100000 + libavc1394-dev + libcddb-dev + libdc1394-dev>=2.1.0 + libdca-dev + libdvbpsi-dev + libdvdnav-dev + libdvdread-dev + libgcrypt-dev + libice-dev + libjpeg-turbo-dev + libmad-dev + libmatroska-dev + libmpeg2-dev + libnotify-dev + libogg-dev + libraw1394-dev>=2.0.1 + librsvg-dev + libshout-dev + libsm-dev + libtheora-dev + libva-dev + libvdpau-dev + libvorbis-dev + libvpx-dev + libx11-dev + libxext-dev + libxinerama-dev + libxml2-dev + libxpm-dev + libxv-dev + live-media-dev>=2012.01.26 + lua5.2-dev + mesa-dev + ncurses-dev + opus-dev + pkgconfig + pulseaudio-dev + qt5-qtbase-dev + qt5-qtsvg-dev + qt5-qtx11extras-dev + sdl2-dev + speex-dev + speexdsp-dev + sysfsutils-dev + taglib-dev + eudev-dev + v4l-utils-dev + wayland-protocols + x264-dev + x265-dev + xcb-util-renderutil-dev + xcb-util-keysyms-dev + xdg-utils + " +source="http://get.videolan.org/vlc/$_ver/vlc-$_ver.tar.xz + omxil-rpi-codecs.patch + check-headless.patch + disable-sub-autodetect-fuzzy-1-test.patch + fribidi-update.patch + tar-compat.patch + test-s390x.patch + vlc-libs.trigger" + +builddir="$srcdir"/$pkgname-$_ver + +prepare() { + default_prepare + NOCONFIGURE=1 ./bootstrap +} + +build() { + local _arch_opts= + cd "$builddir" + export CFLAGS="$CFLAGS -D_GNU_SOURCE" + + case "$CARCH" in + arm*) _arch_opts="--enable-omxil --enable-omxil-vout --enable-rpi-omxil" ;; + aarch64) _arch_opts="--enable-neon" ;; + ppc64*) _arch_opts="--enable-altivec" ;; + esac + + LUA=lua5.2 \ + LUAC=luac5.2 \ + BUILDCC="${CC:-gcc} -std=c99" \ + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --disable-mmx \ + --disable-sse \ + --enable-nls \ + --enable-optimizations \ + --enable-optimize-memory \ + --disable-rpath \ + --enable-a52 \ + --enable-avcodec \ + --enable-avformat \ + --enable-bluray \ + --enable-cdda \ + --enable-dbus \ + --enable-dc1394 \ + --enable-dca \ + --enable-dvbpsi \ + --enable-dvdread \ + --enable-dvdnav \ + --enable-faad \ + --enable-flac \ + --enable-fluidsynth \ + --enable-jpeg \ + --enable-libcddb \ + --enable-libmpeg2 \ + --enable-libva \ + --enable-live555 \ + --enable-mad \ + --enable-merge-ffmpeg \ + --enable-notify \ + --enable-ncurses \ + --enable-ogg \ + --enable-opus \ + --enable-png \ + --enable-pulse \ + --enable-qt \ + --enable-realrtsp \ + --enable-shout \ + --enable-skins2 \ + --enable-speex \ + --enable-sout \ + --enable-taglib \ + --enable-theora \ + --enable-udev \ + --enable-v4l2 \ + --enable-vdpau \ + --enable-vlm \ + --enable-vorbis \ + --enable-vpx \ + --enable-wma-fixed \ + --enable-x264 \ + --enable-x265 \ + --enable-xvideo \ + $_arch_opts + + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + # delete cache as it's autocreated by trigger + rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat + # delete unneeded mozilla and kde support files + rm -rf "$pkgdir"/usr/lib/mozilla + rm -rf "$pkgdir"/usr/share/kde4 +} + +check() { + cd "$builddir" + make check +} + +plugins() { + pkgdesc="$pkgname all plugins meta package" + depends="$pkgname-plugins-access + $pkgname-plugins-access_output + $pkgname-plugins-audio_filter + $pkgname-plugins-audio_mixer + $pkgname-plugins-audio_output + $pkgname-plugins-codec + $pkgname-plugins-control + $pkgname-plugins-demux + $pkgname-plugins-gui + $pkgname-plugins-lua + $pkgname-plugins-meta_engine + $pkgname-plugins-misc + $pkgname-plugins-mux + $pkgname-plugins-notify + $pkgname-plugins-packetizer + $pkgname-plugins-services_discovery + $pkgname-plugins-stream_filter + $pkgname-plugins-stream_out + $pkgname-plugins-text_renderer + $pkgname-plugins-video_chroma + $pkgname-plugins-video_filter + $pkgname-plugins-video_output + $pkgname-plugins-visualization" + mkdir -p "$subpkgdir" +} + +_mv() { + local dir=${1%/*} + mkdir -p "$subpkgdir"/$dir + mv "$1" "$subpkgdir"/$dir/ +} + +qt() { + pkgdesc="Qt frontend for VLC" + depends="vlc-xorg=$pkgver-r$pkgrel" + cd "$pkgdir" + # scan for elf files that directly or indirectly depends on + # libQt* libraries + cd "$pkgdir" + for i in $(find . -type f ); do + if ldd $i 2>/dev/null | grep -q "libQt"; then + _mv "$i" || return 1 + fi + done + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/qvlc \ + "$subpkgdir"/usr/bin/ +} + +xorg() { + pkgdesc="Video LAN X.org support" + depends="xdg-utils vlc=$pkgver-r$pkgrel" + + # scan for elf files that directly or indirectly depends on + # libX* libraries + cd "$pkgdir" + for i in $(find . -type f ); do + if ldd $i 2>/dev/null | grep -E -q "libX|x11|libxcb|libGL"; then + echo $i | grep libavcodec_plugin.so || _mv "$i" || return 1 + fi + done + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/svlc \ + "$subpkgdir"/usr/bin + + mkdir -p "$subpkgdir"/usr/share/vlc + mv "$pkgdir"/usr/share/applications \ + "$pkgdir"/usr/share/icons \ + "$subpkgdir"/usr/share/ + + mv "$pkgdir"/usr/share/vlc/skins2 \ + "$subpkgdir"/usr/share/vlc +} + +daemon() { + pkgdesc="Support for running VLC as a daemon" + install="vlc-daemon.pre-install" + depends="vlc=$pkgver-r$pkgrel" + + mkdir -p "$subpkgdir" + cd "$pkgdir" + install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc + install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc + install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc +} + +libs() { + depends= + mkdir -p "$subpkgdir"/usr/lib/vlc + mv "$pkgdir"/usr/lib/vlc/vlc-cache-gen \ + "$subpkgdir"/usr/lib/vlc/ + default_libs +} + +_mv_plugins() { + local plugin=$1 + pkgdesc="$pkgname $plugin plugin" + depends= + mkdir -p "$subpkgdir"/usr/lib/vlc/plugins + mv "$pkgdir"/usr/lib/vlc/plugins/"$plugin" \ + "$subpkgdir"/usr/lib/vlc/plugins +} + +plugins_access() { _mv_plugins access; } +plugins_access_output() { _mv_plugins access_output; } +plugins_audio_filter() { _mv_plugins audio_filter; } +plugins_audio_mixer() { _mv_plugins audio_mixer; } +plugins_audio_output() { _mv_plugins audio_output; } +plugins_codec() { _mv_plugins codec; } +plugins_control() { _mv_plugins control; } +plugins_demux() { _mv_plugins demux; } +plugins_gui() { _mv_plugins gui; } +plugins_lua() { _mv_plugins lua; } +plugins_meta_engine() { _mv_plugins meta_engine; } +plugins_misc() { _mv_plugins misc; } +plugins_mux() { _mv_plugins mux; } +plugins_notify() { _mv_plugins notify; } +plugins_packetizer() { _mv_plugins packetizer; } +plugins_services_discovery() { _mv_plugins services_discovery; } +plugins_stream_filter() { _mv_plugins stream_filter; } +plugins_stream_out() { _mv_plugins stream_out; } +plugins_text_renderer() { _mv_plugins text_renderer; } +plugins_video_chroma() { _mv_plugins video_chroma; } +plugins_video_filter() { _mv_plugins video_filter; } +plugins_video_output() { _mv_plugins video_output; } +plugins_visualization() { _mv_plugins visualization; } + +sha512sums="1569cefa6623b2631a832679bc9a63ebeba222901e5221d254e896a68d2ee467054da8de9eda566924e80a11bb29a673a9f0c4243793845547d8027b58a238ab vlc-3.0.3.tar.xz +e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89 omxil-rpi-codecs.patch +22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa check-headless.patch +e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0 disable-sub-autodetect-fuzzy-1-test.patch +3338531d385f76d9eedf10498d1b0b78565c531eedb3018d4500e377815f9ccbfcc16ec398cb8559bcc624f65b61d376125c4a5e6880cbad90ec9880dd4b9ce5 fribidi-update.patch +a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3 tar-compat.patch +c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5 test-s390x.patch +b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406 vlc-libs.trigger" diff --git a/user/vlc/check-headless.patch b/user/vlc/check-headless.patch new file mode 100644 index 000000000..25016f437 --- /dev/null +++ b/user/vlc/check-headless.patch @@ -0,0 +1,13 @@ +diff --git a/test/run_vlc.sh b/test/run_vlc.sh +index af35987..9a0175b 100755 +--- a/test/run_vlc.sh ++++ b/test/run_vlc.sh +@@ -2,7 +2,7 @@ + + set -e + +-VLC="./vlc --ignore-config --rc-fake-tty" ++VLC="./vlc -I dummy --ignore-config --rc-fake-tty" + + $VLC -H + $VLC -vv vlc://quit diff --git a/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch new file mode 100644 index 000000000..b3dd8a1b7 --- /dev/null +++ b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch @@ -0,0 +1,20 @@ +This test fails on x86 and s390x so disable it for now +reported upstream: https://trac.videolan.org/vlc/ticket/19321 + +diff --git a/test/libvlc/slaves.c b/test/libvlc/slaves.c +index 7b2c24fa43..7c47b3147b 100644 +--- a/test/libvlc/slaves.c ++++ b/test/libvlc/slaves.c +@@ -194,10 +194,12 @@ main (void) + assert(p_expected_slaves[i].psz_uri != NULL); + } + ++#if 0 + printf("== Testing --sub-autodetect-fuzzy 1 (everything) ==\n"); + test_media_has_slaves_from_parent(p_vlc, SLAVES_DIR "/test.mp4", + p_expected_slaves, + EXPECTED_SLAVES_COUNT); ++#endif + libvlc_release(p_vlc); + + printf("== Testing --sub-autodetect-fuzzy 2 (full, left, and right match) ==\n"); diff --git a/user/vlc/fribidi-update.patch b/user/vlc/fribidi-update.patch new file mode 100644 index 000000000..fd293eea4 --- /dev/null +++ b/user/vlc/fribidi-update.patch @@ -0,0 +1,83 @@ +From 26e2d3906658c30f2f88f4b1bc9630ec43bf5525 Mon Sep 17 00:00:00 2001 +From: Shaleen Jain <shaleen@jain.sh> +Date: Sun, 25 Feb 2018 18:42:27 +0530 +Subject: [PATCH 1/1] fribidi: update for version 1.0 + +Update functions deprecated in version 1.0 when building with release 1.0 and +above. + +Signed-off-by: Thomas Guillem <thomas@gllm.fr> +--- + modules/text_renderer/freetype/text_layout.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/modules/text_renderer/freetype/text_layout.c b/modules/text_renderer/freetype/text_layout.c +index 13efd567b4..1a28786d09 100644 +--- a/modules/text_renderer/freetype/text_layout.c ++++ b/modules/text_renderer/freetype/text_layout.c +@@ -153,6 +153,9 @@ typedef struct paragraph_t + + #ifdef HAVE_FRIBIDI + FriBidiCharType *p_types; ++#if FRIBIDI_MAJOR_VERSION >= 1 ++ FriBidiBracketType *p_btypes; ++#endif + FriBidiLevel *p_levels; + FriBidiStrIndex *pi_reordered_indices; + FriBidiParType paragraph_type; +@@ -361,6 +364,9 @@ static paragraph_t *NewParagraph( filter_t *p_filter, + #ifdef HAVE_FRIBIDI + p_paragraph->p_levels = vlc_alloc( i_size, sizeof( *p_paragraph->p_levels ) ); + p_paragraph->p_types = vlc_alloc( i_size, sizeof( *p_paragraph->p_types ) ); ++#if FRIBIDI_MAJOR_VERSION >= 1 ++ p_paragraph->p_btypes = vlc_alloc( i_size, sizeof( *p_paragraph->p_btypes ) ); ++#endif + p_paragraph->pi_reordered_indices = + vlc_alloc( i_size, sizeof( *p_paragraph->pi_reordered_indices ) ); + +@@ -398,6 +404,9 @@ error: + #ifdef HAVE_FRIBIDI + if( p_paragraph->p_levels ) free( p_paragraph->p_levels ); + if( p_paragraph->p_types ) free( p_paragraph->p_types ); ++#if FRIBIDI_MAJOR_VERSION >= 1 ++ if( p_paragraph->p_btypes ) free( p_paragraph->p_btypes ); ++#endif + if( p_paragraph->pi_reordered_indices ) + free( p_paragraph->pi_reordered_indices ); + #endif +@@ -424,6 +433,9 @@ static void FreeParagraph( paragraph_t *p_paragraph ) + #ifdef HAVE_FRIBIDI + free( p_paragraph->pi_reordered_indices ); + free( p_paragraph->p_types ); ++#if FRIBIDI_MAJOR_VERSION >= 1 ++ free( p_paragraph->p_btypes ); ++#endif + free( p_paragraph->p_levels ); + #endif + +@@ -436,10 +448,22 @@ static int AnalyzeParagraph( paragraph_t *p_paragraph ) + fribidi_get_bidi_types( p_paragraph->p_code_points, + p_paragraph->i_size, + p_paragraph->p_types ); ++#if FRIBIDI_MAJOR_VERSION >= 1 ++ fribidi_get_bracket_types( p_paragraph->p_code_points, ++ p_paragraph->i_size, ++ p_paragraph->p_types, ++ p_paragraph->p_btypes ); ++ fribidi_get_par_embedding_levels_ex( p_paragraph->p_types, ++ p_paragraph->p_btypes, ++ p_paragraph->i_size, ++ &p_paragraph->paragraph_type, ++ p_paragraph->p_levels ); ++#else + fribidi_get_par_embedding_levels( p_paragraph->p_types, + p_paragraph->i_size, + &p_paragraph->paragraph_type, + p_paragraph->p_levels ); ++#endif + + #ifdef HAVE_HARFBUZZ + hb_unicode_funcs_t *p_funcs = hb_unicode_funcs_get_default(); +-- +2.11.0 + diff --git a/user/vlc/omxil-rpi-codecs.patch b/user/vlc/omxil-rpi-codecs.patch new file mode 100644 index 000000000..9b7accfe7 --- /dev/null +++ b/user/vlc/omxil-rpi-codecs.patch @@ -0,0 +1,15 @@ +--- vlc-2.2.0/modules/codec/omxil/omxil_core.c.orig 2015-02-28 08:37:54.044936036 -0200 ++++ vlc-2.2.0/modules/codec/omxil/omxil_core.c 2015-02-28 08:38:38.738271654 -0200 +@@ -204,6 +204,12 @@ + #ifdef RPI_OMX + { "video_decoder.avc", "OMX.broadcom.video_decode" }, + { "video_decoder.mpeg2", "OMX.broadcom.video_decode" }, ++ { "video_decoder.mpeg4", "OMX.broadcom.video_decode" }, ++ { "video_decoder.vp6", "OMX.broadcom.video_decode" }, ++ { "video_decoder.vp8", "OMX.broadcom.video_decode" }, ++ { "video_decoder.theora", "OMX.broadcom.video_decode" }, ++ { "video_decoder.mjpg", "OMX.broadcom.video_decode" }, ++ { "video_decoder.vc1", "OMX.broadcom.video_decode" }, + { "iv_renderer", "OMX.broadcom.video_render" }, + #endif + { 0, 0 } diff --git a/user/vlc/tar-compat.patch b/user/vlc/tar-compat.patch new file mode 100644 index 000000000..34169ef56 --- /dev/null +++ b/user/vlc/tar-compat.patch @@ -0,0 +1,11 @@ +--- vlc-3.0.1/share/Makefile.am.old 2018-02-06 18:41:06.000000000 +0000 ++++ vlc-3.0.1/share/Makefile.am 2018-04-05 23:19:37.081889895 +0000 +@@ -94,7 +94,7 @@ + $(AM_V_at)rm -f -- skins2/default.vlt.tmp + $(AM_V_GEN)GZIP=--no-name \ + tar cvvzf skins2/default.vlt.tmp \ +- --owner=root --group=root --directory="$(srcdir)/skins2" \ ++ --uid=0 --gid=0 --directory="$(srcdir)/skins2" \ + default/ + $(AM_V_at)mv -f -- skins2/default.vlt.tmp skins2/default.vlt + diff --git a/user/vlc/test-s390x.patch b/user/vlc/test-s390x.patch new file mode 100644 index 000000000..8f221ee06 --- /dev/null +++ b/user/vlc/test-s390x.patch @@ -0,0 +1,13 @@ +diff --git a/test/modules/packetizer/hxxx.c b/test/modules/packetizer/hxxx.c +index 93362a1..e1b7604 100644 +--- a/test/modules/packetizer/hxxx.c ++++ b/test/modules/packetizer/hxxx.c +@@ -210,7 +210,7 @@ static void test_annexb() + + int main( void ) + { +- test_annexb(); ++ //test_annexb(); + + return 0; + } diff --git a/user/vlc/vlc-daemon.pre-install b/user/vlc/vlc-daemon.pre-install new file mode 100644 index 000000000..aed6c1893 --- /dev/null +++ b/user/vlc/vlc-daemon.pre-install @@ -0,0 +1,15 @@ +#!/bin/sh + +groups="vlc audio video" + +for group in $groups; do + addgroup -S $group 2>/dev/null +done +adduser -S -D -h /home/vlc -s /bin/sh -G vlc -g vlc vlc 2>/dev/null + +# make sure vlc are in all groups +for group in $groups; do + addgroup vlc $group 2>/dev/null +done + +exit 0 diff --git a/user/vlc/vlc-libs.trigger b/user/vlc/vlc-libs.trigger new file mode 100644 index 000000000..c13bace99 --- /dev/null +++ b/user/vlc/vlc-libs.trigger @@ -0,0 +1,5 @@ +#!/bin/sh + +exec /usr/lib/vlc/vlc-cache-gen "$@" >&/dev/null +exit 0 + diff --git a/user/vlc/vlc.confd b/user/vlc/vlc.confd new file mode 100644 index 000000000..9a58842bd --- /dev/null +++ b/user/vlc/vlc.confd @@ -0,0 +1,15 @@ +# Sample vlc params suitable for running as a daemon + +## --file-logging enable file logging +## --logfile logfile name/path +## -vvv verbose logging +## -I dummy disable X11 interface +## --sout PARAMS encoding parameters + + +## Do NOT quote 'PARAMS' otherwise shell expansions will broke vlc +## +## The --daemon option will automatically be added so no need to add it +## here. + +VLC_OPTS="--quiet -I dummy alsa://hw:0,0 --file-logging --logfile /var/log/vlc/vlc.log --sout #transcode{acodec=mp3,ab=48,channels=1,samplerate=22050}:std{access=http,mux=ogg,dst=:8080}" diff --git a/user/vlc/vlc.initd b/user/vlc/vlc.initd new file mode 100755 index 000000000..541a07180 --- /dev/null +++ b/user/vlc/vlc.initd @@ -0,0 +1,32 @@ +#!/sbin/openrc-run + +description="VideoLAN daemon" +pidfile="/var/run/vlc/${RC_SVCNAME}.pid" +command="/usr/bin/vlc" + +depend() { + need net + after firewall +} + +start_pre() { + checkpath --directory --owner vlc:vlc --mode 775 ${pidfile%/*} +} + +start() { + ebegin "Starting ${RC_SVCNAME}" + start-stop-daemon --start \ + --user vlc \ + --pidfile ${pidfile} \ + --exec ${command} \ + -- \ + --daemon --pidfile ${pidfile} ${VLC_OPTS} + eend $? +} + +stop() { + ebegin "Stopping ${RC_SVCNAME}" + start-stop-daemon --stop \ + --pidfile ${pidfile} + eend $? +} diff --git a/user/wayland/APKBUILD b/user/wayland/APKBUILD new file mode 100644 index 000000000..a25cc87a1 --- /dev/null +++ b/user/wayland/APKBUILD @@ -0,0 +1,59 @@ +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> +# Maintainer: Valery Kartel <valery.kartel@gmail.com> +pkgname=wayland +pkgver=1.14.0 +pkgrel=2 +pkgdesc="A computer display server protocol" +url="http://wayland.freedesktop.org" +arch=all +license="MIT" +depends="$pkgname-libs-client $pkgname-libs-cursor $pkgname-libs-server" +depends_dev="libffi-dev expat-dev" +makedepends="$depends_dev doxygen xmlto graphviz grep libxml2-dev bash" +subpackages="$pkgname-dev $pkgname-libs-client:_libs + $pkgname-libs-cursor:_libs $pkgname-libs-server:_libs" +source="http://wayland.freedesktop.org/releases/$pkgname-$pkgver.tar.xz" + +builddir="$srcdir/$pkgname-$pkgver" + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --disable-documentation \ + --disable-static + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +dev() { + mkdir -p "$subpkgdir"/usr + mv "$pkgdir"/usr/bin "$pkgdir"/usr/share \ + "$subpkgdir"/usr + default_dev +} + +_libs() { + local name=${subpkgname#$pkgname-libs-} + pkgdesc="$pkgdesc ($name library)" + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/*-$name.so.* "$subpkgdir"/usr/lib +} + +sha512sums="bd38b2b8963d4d98d42c270e5d7dbff6323789a173b19b67a18258424fd8adee5021b282c9d7f6dad0bd25aa0160e76aecd8ed803d4eb25d911ef0a81cd713a5 wayland-1.14.0.tar.xz" diff --git a/user/weechat/APKBUILD b/user/weechat/APKBUILD new file mode 100644 index 000000000..2fe4eb629 --- /dev/null +++ b/user/weechat/APKBUILD @@ -0,0 +1,66 @@ +# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org> +pkgname=weechat +pkgver=1.9.1 +pkgrel=1 +pkgdesc="A fast, light, extensible ncurses-based chat client" +url="http://www.weechat.org" +arch="all" +license="GPL-3.0+" +options="!check" # Requires itself until 2.0. +depends_dev="cmake gettext-dev ncurses-dev gnutls-dev libgcrypt-dev curl-dev + aspell-dev guile-dev lua5.3-dev perl-dev python3-dev zlib-dev" +makedepends="$depends_dev" +checkdepends="cpputest" +subpackages="$pkgname-dev $pkgname-aspell:_plugin $pkgname-lua:_plugin + $pkgname-perl:_plugin $pkgname-python:_plugin + $pkgname-guile:_plugin $pkgname-lang" +source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz + fix-python-linking.patch + libintl-fix.patch" +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 1.7.1-r0: +# - CVE-2017-8073 +# 1.9.1-r0: +# - CVE-2017-14727 + +prepare() { + cd "$builddir" + default_prepare +} + +build() { + cd "$builddir" + mkdir -p build + cd build + cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_MAN=ON -DENABLE_TESTS=ON -DENABLE_PYTHON3=ON + make +} + +package() { + cd "$builddir"/build + make DESTDIR="$pkgdir/" install +} + +_plugin() { + local _name=${subpkgname#*-} + local _dir=usr/lib/weechat/plugins + pkgdesc="WeeChat $_name plugin" + depends="weechat" + if [ "$_name" = python ]; then + depends="$depends python3" + fi + + mkdir -p "$subpkgdir"/$_dir + mv "$pkgdir"/$_dir/${_name}.so "$subpkgdir"/$_dir +} + +check() { + cd "$builddir"/build + ctest -V +} + +sha512sums="e52bb5239e24477ec38f2ad71cb2274e0ffc4226fc36ec00beeb7cf7e754a8c58d9bbc424cb0900e7c803ed47b0956e8f420eaa4cc9cf407ab6dd4769ec94326 weechat-1.9.1.tar.gz +23b1e3fa9fcade74738d9013b533a0be01dbadabe8a7d82c97d338cdf3e4efe0943b9671f6ec47ac4838d3ad29ab4fd2ce0e6b3c74b4c7280abfd7b040407678 fix-python-linking.patch +59841bc343b1d10a542631eb01380789f96cac896380dbb3b159444c4806bd6367952e457b9ffd42fb87c1e19fc77eba78c38fd2178ef202ab9f7f1a543417ca libintl-fix.patch" diff --git a/user/weechat/fix-python-linking.patch b/user/weechat/fix-python-linking.patch new file mode 100644 index 000000000..c94be8026 --- /dev/null +++ b/user/weechat/fix-python-linking.patch @@ -0,0 +1,11 @@ +--- weechat-1.9/cmake/FindPython.cmake.old 2017-06-25 03:20:52.000000000 -0500 ++++ weechat-1.9/cmake/FindPython.cmake 2017-09-24 18:04:48.181662013 -0500 +@@ -67,7 +67,7 @@ + ) + if(ENABLE_PYTHON3) + find_library(PYTHON_LIBRARY +- NAMES python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python ++ NAMES python3.6m python3.6 python3.5m python3.5 python3.4m python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python + HINTS ${PYTHON_POSSIBLE_LIB_PATH} + ) + else() diff --git a/user/weechat/libintl-fix.patch b/user/weechat/libintl-fix.patch new file mode 100644 index 000000000..a67cb37b6 --- /dev/null +++ b/user/weechat/libintl-fix.patch @@ -0,0 +1,12 @@ +libc gettext is never sufficient on musl + +--- weechat-1.9/CMakeLists.txt.old 2017-06-25 03:20:52.000000000 -0500 ++++ weechat-1.9/CMakeLists.txt 2017-09-13 02:30:43.577284569 -0500 +@@ -162,6 +162,7 @@ + find_package(Gettext) + if(GETTEXT_FOUND) + add_definitions(-DENABLE_NLS) ++ list(APPEND EXTRA_LIBS intl) + endif() + endif() + diff --git a/user/wget/APKBUILD b/user/wget/APKBUILD new file mode 100644 index 000000000..5f7093ea5 --- /dev/null +++ b/user/wget/APKBUILD @@ -0,0 +1,50 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Contributor: Carlo Landmeter <clandmeter@gmail.com> +# Maintainer: Carlo Landmeter <clandmeter@gmail.com> +pkgname=wget +pkgver=1.19.2 +pkgrel=1 +pkgdesc="A network utility to retrieve files from the Web" +url="http://www.gnu.org/software/wget/wget.html" +arch="all" +license="GPL-3.0+" +depends="" +makedepends="openssl-dev perl gettext-dev" +checkdepends="perl-http-daemon" +subpackages="$pkgname-doc $pkgname-lang" +install="" +source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz " +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 1.19.1-r1: +# - CVE-2017-6508 +# 1.19.2-r0: +# - CVE-2017-13090 + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --with-ssl=openssl + make +} + +check() { + cd "$builddir" + make check +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + rm -rf "$pkgdir"/usr/lib +} + +sha512sums="a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd wget-1.19.2.tar.gz" diff --git a/user/wpa_supplicant/APKBUILD b/user/wpa_supplicant/APKBUILD new file mode 100644 index 000000000..7aebbef1f --- /dev/null +++ b/user/wpa_supplicant/APKBUILD @@ -0,0 +1,104 @@ +# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=wpa_supplicant +pkgver=2.6 +pkgrel=7 +pkgdesc="A utility providing key negotiation for WPA wireless networks" +url="https://w1.fi/wpa_supplicant/" +arch="all" +license="BSD" +subpackages="$pkgname-doc $pkgname-openrc" +depends="dbus" +makedepends="linux-headers openssl-dev dbus-dev libnl3-dev pcsc-lite-dev" +source="http://w1.fi/releases/$pkgname-$pkgver.tar.gz + rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch + rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch + rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch + rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch + rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch + rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch + rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch + rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch + + wpa_supplicant.initd + wpa_supplicant.confd + eloop.patch + + config + wpa_cli.sh" + +# secfixes: +# 2.6-r7: +# - CVE-2017-13077 +# - CVE-2017-13078 +# - CVE-2017-13079 +# - CVE-2017-13080 +# - CVE-2017-13081 +# - CVE-2017-13082 +# - CVE-2017-13086 +# - CVE-2017-13087 +# - CVE-2017-13088 + +builddir="$srcdir"/$pkgname-$pkgver +prepare() { + cd "$builddir" + default_prepare + + # Copy our configuration file to the build directory + cp "$srcdir"/config "$builddir"/wpa_supplicant/.config +} + +build() { + cd "$builddir"/wpa_supplicant + make LIBDIR=/lib BINDIR=/sbin +} + +check() { + cd "$builddir"/wpa_supplicant + make eapol_test +} + +package() { + cd "$builddir"/wpa_supplicant + make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install + install -Dm644 wpa_supplicant.conf \ + "$pkgdir"/usr/share/doc/wpa_supplicant/examples/wpa_supplicant.conf + install -Dm755 "$srcdir"/wpa_cli.sh \ + "$pkgdir"/etc/wpa_supplicant/wpa_cli.sh + + local man= + for man in doc/docbook/*.?; do + install -Dm644 "$man" \ + "$pkgdir"/usr/share/man/man${man##*.}/${man##*/} + done + install -Dm755 eapol_test "$pkgdir"/sbin/eapol_test + + # dbus + cd dbus + install -d "$pkgdir"/etc/dbus-1/system.d + install -m644 dbus-wpa_supplicant.conf \ + "$pkgdir"/etc/dbus-1/system.d/wpa_supplicant.conf + install -d "$pkgdir"/usr/share/dbus-1/system-services + install fi.epitest.hostap.WPASupplicant.service \ + "$pkgdir"/usr/share/dbus-1/system-services + install -d "$pkgdir"/var/run/wpa_supplicant + install -Dm755 "$srcdir"/wpa_supplicant.initd \ + "$pkgdir"/etc/init.d/wpa_supplicant + install -Dm644 "$srcdir"/wpa_supplicant.confd \ + "$pkgdir"/etc/conf.d/wpa_supplicant +} + +sha512sums="46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6 wpa_supplicant-2.6.tar.gz +f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6 rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch +a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch +51ed806f0d5b3f588e26d4db4dcfc6be2cfb12002e26893a6cedd62c7cad0d0de75aed4a666223c4877fc1854b08dce6ddf6f6c4cfd752a5d8d58ad4a968b553 rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch +8707a123cd78149dfee9f5bd791761ee1eca605ef96580167044c2339c896920cf0e030b184a5afa9e310f5755afb30bef8ebd4522fc52753f3fbd6acead2cdf rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch +37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927 rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch +111e655cfbb3a86e3792040e0ea375490d31c42c9d43cbe911290d54df5f4db437e4c8ad0e937c51729dcefeb0db0989b8ab55b9523398683abd08ebfec18076 rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch +fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch +11eed22f6e793f40c788d586c715deecae03c421d11761b7b4a376660bce812c54cc6f353c7d4d5da9c455aeffd778baefb9e76d380027a729574a756e54ddcc wpa_supplicant.initd +29103161ec2b9631fca9e8d9a97fafd60ffac3fe78cf613b834395ddcaf8be1e253c22e060d7d9f9b974b2d7ce794caa932a2125e29f6494b75bce475f7b30e1 wpa_supplicant.confd +2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch +6707991f9a071f2fcb09d164d31d12b1f52b91fbb5574b70b8d6f9727f72bbe42b03dd66d10fcc2126f5b7e49ac785657dec90e88b4bf54a9aa5638582f6e505 config +44d33cfe419cdb65cc14f2ac05aa9f8a1b9f2f432181e498071e41ef835662db1e4c5142adf4cfab2475e7b606696169936bd159d1d711f803322db93f242361 wpa_cli.sh" diff --git a/user/wpa_supplicant/config b/user/wpa_supplicant/config new file mode 100644 index 000000000..f35daa0d1 --- /dev/null +++ b/user/wpa_supplicant/config @@ -0,0 +1,550 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +CONFIG_EAP_PSK=y + +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + +# EAP-PAX +CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# EAP-EKE +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +CONFIG_PCSC=y + +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +#CONFIG_VHT_OVERRIDES=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# udp6 = UDP IPv6 sockets using localhost (::1) +# named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) +# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +CONFIG_WPA_CLI_EDIT=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operating system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +#CONFIG_ELOOP=eloop + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +#CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# Disable Linux packet socket workaround applicable for station interface +# in a bridge for EAPOL frames. This should be uncommented only if the kernel +# is known to not have the regression issue in packet socket behavior with +# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). +#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection), also known as PMF +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e<entropy file> command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +#CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable interface matching in wpa_supplicant +#CONFIG_MATCH_IFACE=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +CONFIG_P2P=y + +# Enable TDLS support +#CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +#CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +#CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + +# OS X builds. This is only for building eapol_test. +#CONFIG_OSX=y + +# Automatic Channel Selection +# This will allow wpa_supplicant to pick the channel automatically when channel +# is set to "0". +# +# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative +# to "channel=0". This would enable us to eventually add other ACS algorithms in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with +# a newly to create wpa_supplicant.conf variable acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +#CONFIG_ACS=y + +# Support Multi Band Operation +#CONFIG_MBO=y diff --git a/user/wpa_supplicant/eloop.patch b/user/wpa_supplicant/eloop.patch new file mode 100644 index 000000000..bab2cee4e --- /dev/null +++ b/user/wpa_supplicant/eloop.patch @@ -0,0 +1,16 @@ +$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $ + +don't try to access list members to free them unless already initialised + +--- a/src/utils/eloop.c.orig Sun Sep 27 21:02:05 2015 ++++ b/src/utils/eloop.c Mon Sep 28 09:35:05 2015 +@@ -1064,6 +1064,9 @@ void eloop_destroy(void) + struct eloop_timeout *timeout, *prev; + struct os_reltime now; + ++ if (eloop.timeout.prev == NULL) ++ return; ++ + os_get_reltime(&now); + dl_list_for_each_safe(timeout, prev, &eloop.timeout, + struct eloop_timeout, list) { diff --git a/user/wpa_supplicant/libressl.patch b/user/wpa_supplicant/libressl.patch new file mode 100644 index 000000000..56146eab5 --- /dev/null +++ b/user/wpa_supplicant/libressl.patch @@ -0,0 +1,49 @@ +--- a/src/crypto/crypto_openssl.c.orig ++++ b/src/crypto/crypto_openssl.c +@@ -611,7 +611,7 @@ + + void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DH *dh; + struct wpabuf *pubkey = NULL, *privkey = NULL; + size_t publen, privlen; +@@ -712,7 +712,7 @@ + + void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) + { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + DH *dh; + + dh = DH_new(); +--- a/src/crypto/tls_openssl.c.orig ++++ b/src/crypto/tls_openssl.c +@@ -919,7 +919,7 @@ + } + #endif /* OPENSSL_FIPS */ + #endif /* CONFIG_FIPS */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + SSL_load_error_strings(); + SSL_library_init(); + #ifndef OPENSSL_NO_SHA256 +@@ -1043,7 +1043,7 @@ + + tls_openssl_ref_count--; + if (tls_openssl_ref_count == 0) { +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); + #endif /* OPENSSL_NO_ENGINE */ +@@ -2334,7 +2334,7 @@ + return 0; + + #ifdef PKCS12_FUNCS +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + /* + * Clear previously set extra chain certificates, if any, from PKCS#12 + * processing in tls_parse_pkcs12() to allow OpenSSL to build a new diff --git a/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch new file mode 100644 index 000000000..727684865 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch @@ -0,0 +1,174 @@ +From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Fri, 14 Jul 2017 15:15:35 +0200 +Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake + +Do not reinstall TK to the driver during Reassociation Response frame +processing if the first attempt of setting the TK succeeded. This avoids +issues related to clearing the TX/RX PN that could result in reusing +same PN values for transmitted frames (e.g., due to CCM nonce reuse and +also hitting replay protection on the receiver) and accepting replayed +frames on RX side. + +This issue was introduced by the commit +0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in +authenticator') which allowed wpa_ft_install_ptk() to be called multiple +times with the same PTK. While the second configuration attempt is +needed with some drivers, it must be done only if the first attempt +failed. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +--- + src/ap/ieee802_11.c | 16 +++++++++++++--- + src/ap/wpa_auth.c | 11 +++++++++++ + src/ap/wpa_auth.h | 3 ++- + src/ap/wpa_auth_ft.c | 10 ++++++++++ + src/ap/wpa_auth_i.h | 1 + + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index 4e04169..333035f 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, + { + struct ieee80211_ht_capabilities ht_cap; + struct ieee80211_vht_capabilities vht_cap; ++ int set = 1; + + /* + * Remove the STA entry to ensure the STA PS state gets cleared and +@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, + * FT-over-the-DS, where a station re-associates back to the same AP but + * skips the authentication flow, or if working with a driver that + * does not support full AP client state. ++ * ++ * Skip this if the STA has already completed FT reassociation and the ++ * TK has been configured since the TX/RX PN must not be reset to 0 for ++ * the same key. + */ +- if (!sta->added_unassoc) ++ if (!sta->added_unassoc && ++ (!(sta->flags & WLAN_STA_AUTHORIZED) || ++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { + hostapd_drv_sta_remove(hapd, sta->addr); ++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); ++ set = 0; ++ } + + #ifdef CONFIG_IEEE80211N + if (sta->flags & WLAN_STA_HT) +@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, + sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, + sta->flags | WLAN_STA_ASSOC, sta->qosinfo, + sta->vht_opmode, sta->p2p_ie ? 1 : 0, +- sta->added_unassoc)) { ++ set)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, + "Could not %s STA to kernel driver", +- sta->added_unassoc ? "set" : "add"); ++ set ? "set" : "add"); + + if (sta->added_unassoc) { + hostapd_drv_sta_remove(hapd, sta->addr); +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 3587086..707971d 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) + #else /* CONFIG_IEEE80211R */ + break; + #endif /* CONFIG_IEEE80211R */ ++ case WPA_DRV_STA_REMOVED: ++ sm->tk_already_set = FALSE; ++ return 0; + } + + #ifdef CONFIG_IEEE80211R +@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) + } + + ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) ++{ ++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) ++ return 0; ++ return sm->tk_already_set; ++} ++ ++ + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) + { +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 0de8d97..97461b0 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, + u8 *data, size_t data_len); + enum wpa_event { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, +- WPA_REAUTH_EAPOL, WPA_ASSOC_FT ++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED + }; + void wpa_remove_ptk(struct wpa_state_machine *sm); + int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); +@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); + int wpa_auth_get_pairwise(struct wpa_state_machine *sm); + int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); + int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); ++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); + int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); + struct rsn_pmksa_cache_entry * +diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c +index 42242a5..e63b99a 100644 +--- a/src/ap/wpa_auth_ft.c ++++ b/src/ap/wpa_auth_ft.c +@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + return; + } + ++ if (sm->tk_already_set) { ++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX ++ * PN in the driver */ ++ wpa_printf(MSG_DEBUG, ++ "FT: Do not re-install same PTK to the driver"); ++ return; ++ } ++ + /* FIX: add STA entry to kernel/driver here? The set_key will fail + * most likely without this.. At the moment, STA entry is added only + * after association has been completed. This function will be called +@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) + + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; ++ sm->tk_already_set = TRUE; + } + + +@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, + + sm->pairwise = pairwise; + sm->PTK_valid = TRUE; ++ sm->tk_already_set = FALSE; + wpa_ft_install_ptk(sm); + + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + +diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h +index 72b7eb3..7fd8f05 100644 +--- a/src/ap/wpa_auth_i.h ++++ b/src/ap/wpa_auth_i.h +@@ -65,6 +65,7 @@ struct wpa_state_machine { + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; ++ Boolean tk_already_set; + int keycount; + Boolean Pair; + struct wpa_key_replay_counter { +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch new file mode 100644 index 000000000..1802d664a --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch @@ -0,0 +1,250 @@ +From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Wed, 12 Jul 2017 16:03:24 +0200 +Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key + +Track the current GTK and IGTK that is in use and when receiving a +(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do +not install the given key if it is already in use. This prevents an +attacker from trying to trick the client into resetting or lowering the +sequence counter associated to the group key. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +--- + src/common/wpa_common.h | 11 +++++ + src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ + src/rsn_supp/wpa_i.h | 4 ++ + 3 files changed, 87 insertions(+), 44 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index af1d0f0..d200285 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -217,6 +217,17 @@ struct wpa_ptk { + size_t tk_len; + }; + ++struct wpa_gtk { ++ u8 gtk[WPA_GTK_MAX_LEN]; ++ size_t gtk_len; ++}; ++ ++#ifdef CONFIG_IEEE80211W ++struct wpa_igtk { ++ u8 igtk[WPA_IGTK_MAX_LEN]; ++ size_t igtk_len; ++}; ++#endif /* CONFIG_IEEE80211W */ + + /* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 3c47879..95bd7be 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + ++ /* Detect possible key reinstallation */ ++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", ++ gd->keyidx, gd->tx, gd->gtk_len); ++ return 0; ++ } ++ + wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", +@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ + return 0; + } + +@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + } + + ++#ifdef CONFIG_IEEE80211W ++static int wpa_supplicant_install_igtk(struct wpa_sm *sm, ++ const struct wpa_igtk_kde *igtk) ++{ ++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); ++ u16 keyidx = WPA_GET_LE16(igtk->keyid); ++ ++ /* Detect possible key reinstallation */ ++ if (sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", ++ keyidx); ++ return 0; ++ } ++ ++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, ++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", ++ keyidx, MAC2STR(igtk->pn)); ++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); ++ if (keyidx > 4095) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Invalid IGTK KeyID %d", keyidx); ++ return -1; ++ } ++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), ++ broadcast_ether_addr, ++ keyidx, 0, igtk->pn, sizeof(igtk->pn), ++ igtk->igtk, len) < 0) { ++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ++ "WPA: Failed to configure IGTK to the driver"); ++ return -1; ++ } ++ ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ ++ return 0; ++} ++#endif /* CONFIG_IEEE80211W */ ++ ++ + static int ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) + { +@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + if (ie->igtk) { + size_t len; + const struct wpa_igtk_kde *igtk; +- u16 keyidx; ++ + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) + return -1; ++ + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- keyidx = WPA_GET_LE16(igtk->keyid); +- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " +- "pn %02x%02x%02x%02x%02x%02x", +- keyidx, MAC2STR(igtk->pn)); +- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", +- igtk->igtk, len); +- if (keyidx > 4095) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Invalid IGTK KeyID %d", keyidx); +- return -1; +- } +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igtk->pn, sizeof(igtk->pn), +- igtk->igtk, len) < 0) { +- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, +- "WPA: Failed to configure IGTK to the driver"); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } + } + + return 0; +@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) + */ + void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + { +- int clear_ptk = 1; ++ int clear_keys = 1; + + if (sm == NULL) + return; +@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + /* Prepare for the next transition */ + wpa_ft_prepare_auth_request(sm, NULL); + +- clear_ptk = 0; ++ clear_keys = 0; + } + #endif /* CONFIG_IEEE80211R */ + +- if (clear_ptk) { ++ if (clear_keys) { + /* + * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if + * this is not part of a Fast BSS Transition. +@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + } + + #ifdef CONFIG_TDLS +@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(sm->pmk, 0, sizeof(sm->pmk)); + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); ++ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++#ifdef CONFIG_IEEE80211W ++ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++#endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); + os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); +@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + os_memset(&gd, 0, sizeof(gd)); + #ifdef CONFIG_IEEE80211W + } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { +- struct wpa_igtk_kde igd; +- u16 keyidx; +- +- os_memset(&igd, 0, sizeof(igd)); +- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); +- os_memcpy(igd.keyid, buf + 2, 2); +- os_memcpy(igd.pn, buf + 4, 6); +- +- keyidx = WPA_GET_LE16(igd.keyid); +- os_memcpy(igd.igtk, buf + 10, keylen); +- +- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", +- igd.igtk, keylen); +- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), +- broadcast_ether_addr, +- keyidx, 0, igd.pn, sizeof(igd.pn), +- igd.igtk, keylen) < 0) { +- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " +- "WNM mode"); +- os_memset(&igd, 0, sizeof(igd)); ++ const struct wpa_igtk_kde *igtk; ++ ++ igtk = (const struct wpa_igtk_kde *) (buf + 2); ++ if (wpa_supplicant_install_igtk(sm, igtk) < 0) + return -1; +- } +- os_memset(&igd, 0, sizeof(igd)); + #endif /* CONFIG_IEEE80211W */ + } else { + wpa_printf(MSG_DEBUG, "Unknown element id"); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index f653ba6..afc9e37 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -31,6 +31,10 @@ struct wpa_sm { + u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; ++ struct wpa_gtk gtk; ++#ifdef CONFIG_IEEE80211W ++ struct wpa_igtk igtk; ++#endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ + +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch new file mode 100644 index 000000000..e2937b851 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch @@ -0,0 +1,184 @@ +From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 1 Oct 2017 12:12:24 +0300 +Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep + Mode cases + +This extends the protection to track last configured GTK/IGTK value +separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a +corner case where these two different mechanisms may get used when the +GTK/IGTK has changed and tracking a single value is not sufficient to +detect a possible key reconfiguration. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- + src/rsn_supp/wpa_i.h | 2 ++ + 2 files changed, 40 insertions(+), 15 deletions(-) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 95bd7be..7a2c68d 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -709,14 +709,17 @@ struct wpa_gtk_data { + + static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + const struct wpa_gtk_data *gd, +- const u8 *key_rsc) ++ const u8 *key_rsc, int wnm_sleep) + { + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + + /* Detect possible key reinstallation */ +- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && +- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { ++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || ++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && ++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); +@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, + } + os_memset(gtk_buf, 0, sizeof(gtk_buf)); + +- sm->gtk.gtk_len = gd->gtk_len; +- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ if (wnm_sleep) { ++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, ++ sm->gtk_wnm_sleep.gtk_len); ++ } else { ++ sm->gtk.gtk_len = gd->gtk_len; ++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); ++ } + + return 0; + } +@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || +- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { ++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "RSN: Failed to install GTK"); + os_memset(&gd, 0, sizeof(gd)); +@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, + + #ifdef CONFIG_IEEE80211W + static int wpa_supplicant_install_igtk(struct wpa_sm *sm, +- const struct wpa_igtk_kde *igtk) ++ const struct wpa_igtk_kde *igtk, ++ int wnm_sleep) + { + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->keyid); + + /* Detect possible key reinstallation */ +- if (sm->igtk.igtk_len == len && +- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { ++ if ((sm->igtk.igtk_len == len && ++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || ++ (sm->igtk_wnm_sleep.igtk_len == len && ++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); +@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, + return -1; + } + +- sm->igtk.igtk_len = len; +- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ if (wnm_sleep) { ++ sm->igtk_wnm_sleep.igtk_len = len; ++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, ++ sm->igtk_wnm_sleep.igtk_len); ++ } else { ++ sm->igtk.igtk_len = len; ++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); ++ } + + return 0; + } +@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, + return -1; + + igtk = (const struct wpa_igtk_kde *) ie->igtk; +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) + return -1; + } + +@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, + if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) + key_rsc = null_rsc; + +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || + wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) + goto failed; + os_memset(&gd, 0, sizeof(gd)); +@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) + sm->tptk_set = 0; + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + } + +@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) + os_memset(&sm->ptk, 0, sizeof(sm->ptk)); + os_memset(&sm->tptk, 0, sizeof(sm->tptk)); + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); ++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); + #ifdef CONFIG_IEEE80211W + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); ++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211R + os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); +@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + + wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", + gd.gtk, gd.gtk_len); +- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { ++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { + os_memset(&gd, 0, sizeof(gd)); + wpa_printf(MSG_DEBUG, "Failed to install the GTK in " + "WNM mode"); +@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) + const struct wpa_igtk_kde *igtk; + + igtk = (const struct wpa_igtk_kde *) (buf + 2); +- if (wpa_supplicant_install_igtk(sm, igtk) < 0) ++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) + return -1; + #endif /* CONFIG_IEEE80211W */ + } else { +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index afc9e37..9a54631 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -32,8 +32,10 @@ struct wpa_sm { + int rx_replay_counter_set; + u8 request_counter[WPA_REPLAY_COUNTER_LEN]; + struct wpa_gtk gtk; ++ struct wpa_gtk gtk_wnm_sleep; + #ifdef CONFIG_IEEE80211W + struct wpa_igtk igtk; ++ struct wpa_igtk igtk_wnm_sleep; + #endif /* CONFIG_IEEE80211W */ + + struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch new file mode 100644 index 000000000..22ee21794 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch @@ -0,0 +1,79 @@ +From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +Date: Fri, 29 Sep 2017 04:22:51 +0200 +Subject: [PATCH 4/8] Prevent installation of an all-zero TK + +Properly track whether a PTK has already been installed to the driver +and the TK part cleared from memory. This prevents an attacker from +trying to trick the client into installing an all-zero TK. + +This fixes the earlier fix in commit +ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the +driver in EAPOL-Key 3/4 retry case') which did not take into account +possibility of an extra message 1/4 showing up between retries of +message 3/4. + +Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> +--- + src/common/wpa_common.h | 1 + + src/rsn_supp/wpa.c | 5 ++--- + src/rsn_supp/wpa_i.h | 1 - + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h +index d200285..1021ccb 100644 +--- a/src/common/wpa_common.h ++++ b/src/common/wpa_common.h +@@ -215,6 +215,7 @@ struct wpa_ptk { + size_t kck_len; + size_t kek_len; + size_t tk_len; ++ int installed; /* 1 if key has already been installed to driver */ + }; + + struct wpa_gtk { +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 7a2c68d..0550a41 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, + os_memset(buf, 0, sizeof(buf)); + } + sm->tptk_set = 1; +- sm->tk_to_set = 1; + + kde = sm->assoc_wpa_ie; + kde_len = sm->assoc_wpa_ie_len; +@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + enum wpa_alg alg; + const u8 *key_rsc; + +- if (!sm->tk_to_set) { ++ if (sm->ptk.installed) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Do not re-install same PTK to the driver"); + return 0; +@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, + + /* TK is not needed anymore in supplicant */ + os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); +- sm->tk_to_set = 0; ++ sm->ptk.installed = 1; + + if (sm->wpa_ptk_rekey) { + eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 9a54631..41f371f 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -24,7 +24,6 @@ struct wpa_sm { + struct wpa_ptk ptk, tptk; + int ptk_set, tptk_set; + unsigned int msg_3_of_4_ok:1; +- unsigned int tk_to_set:1; + u8 snonce[WPA_NONCE_LEN]; + u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ + int renew_snonce; +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch new file mode 100644 index 000000000..c19c4c710 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch @@ -0,0 +1,64 @@ +From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 1 Oct 2017 12:32:57 +0300 +Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce + +The Authenticator state machine path for PTK rekeying ended up bypassing +the AUTHENTICATION2 state where a new ANonce is generated when going +directly to the PTKSTART state since there is no need to try to +determine the PMK again in such a case. This is far from ideal since the +new PTK would depend on a new nonce only from the supplicant. + +Fix this by generating a new ANonce when moving to the PTKSTART state +for the purpose of starting new 4-way handshake to rekey PTK. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- + 1 file changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index 707971d..bf10cc1 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch new file mode 100644 index 000000000..e1bd5a572 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch @@ -0,0 +1,132 @@ +From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 11:03:15 +0300 +Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration + +Do not try to reconfigure the same TPK-TK to the driver after it has +been successfully configured. This is an explicit check to avoid issues +related to resetting the TX/RX packet number. There was already a check +for this for TPK M2 (retries of that message are ignored completely), so +that behavior does not get modified. + +For TPK M3, the TPK-TK could have been reconfigured, but that was +followed by immediate teardown of the link due to an issue in updating +the STA entry. Furthermore, for TDLS with any real security (i.e., +ignoring open/WEP), the TPK message exchange is protected on the AP path +and simple replay attacks are not feasible. + +As an additional corner case, make sure the local nonce gets updated if +the peer uses a very unlikely "random nonce" of all zeros. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 36 insertions(+), 2 deletions(-) + +diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c +index e424168..9eb9738 100644 +--- a/src/rsn_supp/tdls.c ++++ b/src/rsn_supp/tdls.c +@@ -112,6 +112,7 @@ struct wpa_tdls_peer { + u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ + } tpk; + int tpk_set; ++ int tk_set; /* TPK-TK configured to the driver */ + int tpk_success; + int tpk_in_progress; + +@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + u8 rsc[6]; + enum wpa_alg alg; + ++ if (peer->tk_set) { ++ /* ++ * This same TPK-TK has already been configured to the driver ++ * and this new configuration attempt (likely due to an ++ * unexpected retransmitted frame) would result in clearing ++ * the TX/RX sequence number which can break security, so must ++ * not allow that to happen. ++ */ ++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR ++ " has already been configured to the driver - do not reconfigure", ++ MAC2STR(peer->addr)); ++ return -1; ++ } ++ + os_memset(rsc, 0, 6); + + switch (peer->cipher) { +@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + return -1; + } + ++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, ++ MAC2STR(peer->addr)); + if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, + rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { + wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " + "driver"); + return -1; + } ++ peer->tk_set = 1; + return 0; + } + +@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) + peer->cipher = 0; + peer->qos_info = 0; + peer->wmm_capable = 0; +- peer->tpk_set = peer->tpk_success = 0; ++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; + peer->chan_switch_enabled = 0; + os_memset(&peer->tpk, 0, sizeof(peer->tpk)); + os_memset(peer->inonce, 0, WPA_NONCE_LEN); +@@ -1159,6 +1177,7 @@ skip_rsnie: + wpa_tdls_peer_free(sm, peer); + return -1; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", + peer->inonce, WPA_NONCE_LEN); + os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); +@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, + } + + ++static int tdls_nonce_set(const u8 *nonce) ++{ ++ int i; ++ ++ for (i = 0; i < WPA_NONCE_LEN; i++) { ++ if (nonce[i]) ++ return 1; ++ } ++ ++ return 0; ++} ++ ++ + static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, + const u8 *buf, size_t len) + { +@@ -2004,7 +2036,8 @@ skip_rsn: + peer->rsnie_i_len = kde.rsn_ie_len; + peer->cipher = cipher; + +- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { ++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || ++ !tdls_nonce_set(peer->inonce)) { + /* + * There is no point in updating the RNonce for every obtained + * TPK M1 frame (e.g., retransmission due to timeout) with the +@@ -2020,6 +2053,7 @@ skip_rsn: + "TDLS: Failed to get random data for responder nonce"); + goto error; + } ++ peer->tk_set = 0; /* A new nonce results in a new TK */ + } + + #if 0 +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch new file mode 100644 index 000000000..85ea1d62b --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch @@ -0,0 +1,43 @@ +From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 11:25:02 +0300 +Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending + request + +Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep +Mode Response if WNM-Sleep Mode has not been used') started ignoring the +response when no WNM-Sleep Mode Request had been used during the +association. This can be made tighter by clearing the used flag when +successfully processing a response. This adds an additional layer of +protection against unexpected retransmissions of the response frame. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + wpa_supplicant/wnm_sta.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c +index 1b3409c..67a07ff 100644 +--- a/wpa_supplicant/wnm_sta.c ++++ b/wpa_supplicant/wnm_sta.c +@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + + if (!wpa_s->wnmsleep_used) { + wpa_printf(MSG_DEBUG, +- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); ++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); + return; + } + +@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, + return; + } + ++ wpa_s->wnmsleep_used = 0; ++ + if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || + wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { + wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " +-- +2.7.4 + diff --git a/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch new file mode 100644 index 000000000..b9678f681 --- /dev/null +++ b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch @@ -0,0 +1,82 @@ +From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Fri, 22 Sep 2017 12:06:37 +0300 +Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames + +The driver is expected to not report a second association event without +the station having explicitly request a new association. As such, this +case should not be reachable. However, since reconfiguring the same +pairwise or group keys to the driver could result in nonce reuse issues, +be extra careful here and do an additional state check to avoid this +even if the local driver ends up somehow accepting an unexpected +Reassociation Response frame. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/rsn_supp/wpa.c | 3 +++ + src/rsn_supp/wpa_ft.c | 8 ++++++++ + src/rsn_supp/wpa_i.h | 1 + + 3 files changed, 12 insertions(+) + +diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c +index 0550a41..2a53c6f 100644 +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) + #ifdef CONFIG_TDLS + wpa_tdls_disassoc(sm); + #endif /* CONFIG_TDLS */ ++#ifdef CONFIG_IEEE80211R ++ sm->ft_reassoc_completed = 0; ++#endif /* CONFIG_IEEE80211R */ + + /* Keys are not needed in the WPA state machine anymore */ + wpa_sm_drop_sa(sm); +diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c +index 205793e..d45bb45 100644 +--- a/src/rsn_supp/wpa_ft.c ++++ b/src/rsn_supp/wpa_ft.c +@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, + u16 capab; + + sm->ft_completed = 0; ++ sm->ft_reassoc_completed = 0; + + buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + + 2 + sm->r0kh_id_len + ric_ies_len + 100; +@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ if (sm->ft_reassoc_completed) { ++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); ++ return 0; ++ } ++ + if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { + wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); + return -1; +@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, + return -1; + } + ++ sm->ft_reassoc_completed = 1; ++ + if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) + return -1; + +diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h +index 41f371f..56f88dc 100644 +--- a/src/rsn_supp/wpa_i.h ++++ b/src/rsn_supp/wpa_i.h +@@ -128,6 +128,7 @@ struct wpa_sm { + size_t r0kh_id_len; + u8 r1kh_id[FT_R1KH_ID_LEN]; + int ft_completed; ++ int ft_reassoc_completed; + int over_the_ds_in_progress; + u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ + int set_ptk_after_assoc; +-- +2.7.4 + diff --git a/user/wpa_supplicant/wpa_cli.sh b/user/wpa_supplicant/wpa_cli.sh new file mode 100644 index 000000000..0a5a6cc03 --- /dev/null +++ b/user/wpa_supplicant/wpa_cli.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Distributed under the terms of the BSD License. +# Copyright (c) 2015 Sören Tempel <soeren+alpine@soeren-tempel.net> + +IFUP="/sbin/ifup" +IFDOWN="/sbin/ifdown" + +if [ -z "${1}" -o -z "${2}" ]; then + logger -t wpa_cli "this script should be called from wpa_cli(8)" + exit 1 +elif ! [ -x "${IFUP}" -a -x "${IFDOWN}" ]; then + logger -t wpa_cli "${IFUP} or ${IFDOWN} doesn't exist" + exit 1 +fi + +IFNAME="${1}" +ACTION="${2}" + +EXEC="" +case "${ACTION}" in + CONNECTED) + EXEC="${IFUP}" + ;; + DISCONNECTED) + EXEC="${IFDOWN}" + ;; + *) + logger -t wpa_cli "unknown action '${ACTION}'" + exit 1 +esac + +logger -t wpa_cli "interface ${IFNAME} ${ACTION}" +${EXEC} "${IFNAME}" || logger -t wpa_cli "executing '${EXEC}' failed" diff --git a/user/wpa_supplicant/wpa_supplicant.confd b/user/wpa_supplicant/wpa_supplicant.confd new file mode 100644 index 000000000..104b9dc5d --- /dev/null +++ b/user/wpa_supplicant/wpa_supplicant.confd @@ -0,0 +1,6 @@ +# conf.d file for wpa_supplicant +# +# Please check man 8 wpa_supplicant for more information about the options +# wpa_supplicant accepts. +# +wpa_supplicant_args="" diff --git a/user/wpa_supplicant/wpa_supplicant.initd b/user/wpa_supplicant/wpa_supplicant.initd new file mode 100644 index 000000000..988b267d1 --- /dev/null +++ b/user/wpa_supplicant/wpa_supplicant.initd @@ -0,0 +1,53 @@ +#!/sbin/openrc-run +# Copyright (c) 2009 Roy Marples <roy@marples.name> +# All rights reserved. Released under the 2-clause BSD license. + +command=/sbin/wpa_supplicant +: ${wpa_supplicant_conf:=/etc/wpa_supplicant/wpa_supplicant.conf} +wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if +command_args="$wpa_supplicant_args -B -c$wpa_supplicant_conf $wpa_supplicant_if" +name="WPA Supplicant Daemon" + +depend() +{ + need localmount + use logger dbus + after bootmisc modules + before dns dhcpcd net + keyword -shutdown +} + +find_wireless() +{ + local iface= + for iface in /sys/class/net/*; do + if [ -e "$iface"/wireless -o -e "$iface"/phy80211 ]; then + echo "${iface##*/}" + return 0 + fi + done + + return 1 +} + +append_wireless() +{ + local iface= i= + + iface=$(find_wireless) + if [ -n "$iface" ]; then + for i in $iface; do + command_args="$command_args -i$i" + done + else + eerror "Could not find a wireless interface" + fi +} + +start_pre() +{ + case " $command_args" in + *" -i"*) ;; + *) append_wireless;; + esac +} diff --git a/user/xf86-video-ati/APKBUILD b/user/xf86-video-ati/APKBUILD new file mode 100644 index 000000000..b5d128d60 --- /dev/null +++ b/user/xf86-video-ati/APKBUILD @@ -0,0 +1,36 @@ +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=xf86-video-ati +pkgver=18.0.1 +pkgrel=0 +pkgdesc="ATI video driver" +url="http://xorg.freedesktop.org/" +arch="all" +license="MIT" +subpackages="$pkgname-doc" +depends="mesa-dri-ati" +makedepends="xorg-server-dev libxi-dev fontsproto randrproto util-macros + videoproto renderproto libdrm-dev xf86driproto glproto mesa-dev + xineramaproto eudev-dev pixman-dev" +options="!check" +source="http://www.x.org/releases/individual/driver/$pkgname-$pkgver.tar.bz2" +builddir="$srcdir"/$pkgname-$pkgver + +build() { + cd "$builddir" + export LDFLAGS="$LDFLAGS -Wl,-z,lazy" + + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --enable-glamor + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING +} + +sha512sums="b468a78503a596bbf71a1b91b231ce1fa32908f619ff2dfe249352d046696a3641f2a9ff065e32545fff77100134b4b237591215e78ef885b6509d6b16112d14 xf86-video-ati-18.0.1.tar.bz2" |