34 files changed, 258 insertions, 65 deletions

diff --git a/user/openjdk7/APKBUILD b/legacy/openjdk7/APKBUILD
index e87060a19..e87060a19 100644
--- a/user/openjdk7/APKBUILD
+++ b/legacy/openjdk7/APKBUILD
diff --git a/user/openjdk7/icedtea-cpio.patch b/legacy/openjdk7/icedtea-cpio.patch
index c66c1ca60..c66c1ca60 100644
--- a/user/openjdk7/icedtea-cpio.patch
+++ b/legacy/openjdk7/icedtea-cpio.patch
diff --git a/user/openjdk7/icedtea-hotspot-musl-ppc.patch b/legacy/openjdk7/icedtea-hotspot-musl-ppc.patch
index eca684884..eca684884 100644
--- a/user/openjdk7/icedtea-hotspot-musl-ppc.patch
+++ b/legacy/openjdk7/icedtea-hotspot-musl-ppc.patch
diff --git a/user/openjdk7/icedtea-hotspot-musl.patch b/legacy/openjdk7/icedtea-hotspot-musl.patch
index 1da903148..1da903148 100644
--- a/user/openjdk7/icedtea-hotspot-musl.patch
+++ b/legacy/openjdk7/icedtea-hotspot-musl.patch
diff --git a/user/openjdk7/icedtea-hotspot-noagent-musl.patch b/legacy/openjdk7/icedtea-hotspot-noagent-musl.patch
index 37604acca..37604acca 100644
--- a/user/openjdk7/icedtea-hotspot-noagent-musl.patch
+++ b/legacy/openjdk7/icedtea-hotspot-noagent-musl.patch
diff --git a/user/openjdk7/icedtea-hotspot-uclibc-fixes.patch b/legacy/openjdk7/icedtea-hotspot-uclibc-fixes.patch
index 1c1d82276..1c1d82276 100644
--- a/user/openjdk7/icedtea-hotspot-uclibc-fixes.patch
+++ b/legacy/openjdk7/icedtea-hotspot-uclibc-fixes.patch
diff --git a/user/openjdk7/icedtea-jdk-execinfo.patch b/legacy/openjdk7/icedtea-jdk-execinfo.patch
index a6499dcb0..a6499dcb0 100644
--- a/user/openjdk7/icedtea-jdk-execinfo.patch
+++ b/legacy/openjdk7/icedtea-jdk-execinfo.patch
diff --git a/user/openjdk7/icedtea-jdk-fix-build.patch b/legacy/openjdk7/icedtea-jdk-fix-build.patch
index 9fae895b6..9fae895b6 100644
--- a/user/openjdk7/icedtea-jdk-fix-build.patch
+++ b/legacy/openjdk7/icedtea-jdk-fix-build.patch
diff --git a/user/openjdk7/icedtea-jdk-fix-ipv6-init.patch b/legacy/openjdk7/icedtea-jdk-fix-ipv6-init.patch
index 11f3bf6dd..11f3bf6dd 100644
--- a/user/openjdk7/icedtea-jdk-fix-ipv6-init.patch
+++ b/legacy/openjdk7/icedtea-jdk-fix-ipv6-init.patch
diff --git a/user/openjdk7/icedtea-jdk-musl.patch b/legacy/openjdk7/icedtea-jdk-musl.patch
index 49c16d73a..49c16d73a 100644
--- a/user/openjdk7/icedtea-jdk-musl.patch
+++ b/legacy/openjdk7/icedtea-jdk-musl.patch
diff --git a/user/openjdk7/icedtea-jdk-no-lib-nsl-uclibc.patch b/legacy/openjdk7/icedtea-jdk-no-lib-nsl-uclibc.patch
index 26f89bb54..26f89bb54 100644
--- a/user/openjdk7/icedtea-jdk-no-lib-nsl-uclibc.patch
+++ b/legacy/openjdk7/icedtea-jdk-no-lib-nsl-uclibc.patch
diff --git a/user/openjdk7/icedtea-jdk-no-soname.patch b/legacy/openjdk7/icedtea-jdk-no-soname.patch
index fe6bbb732..fe6bbb732 100644
--- a/user/openjdk7/icedtea-jdk-no-soname.patch
+++ b/legacy/openjdk7/icedtea-jdk-no-soname.patch
diff --git a/user/openjdk7/icedtea-remove-gawk.patch b/legacy/openjdk7/icedtea-remove-gawk.patch
index 98e9878b7..98e9878b7 100644
--- a/user/openjdk7/icedtea-remove-gawk.patch
+++ b/legacy/openjdk7/icedtea-remove-gawk.patch
diff --git a/user/openjdk7/icedtea-tar.patch b/legacy/openjdk7/icedtea-tar.patch
index 98c280184..98c280184 100644
--- a/user/openjdk7/icedtea-tar.patch
+++ b/legacy/openjdk7/icedtea-tar.patch
diff --git a/user/openjdk7/icedtea-xattr.patch b/legacy/openjdk7/icedtea-xattr.patch
index 51aee48c4..51aee48c4 100644
--- a/user/openjdk7/icedtea-xattr.patch
+++ b/legacy/openjdk7/icedtea-xattr.patch
diff --git a/user/openjdk7/remove-gawk.patch b/legacy/openjdk7/remove-gawk.patch
index dccddbab9..dccddbab9 100644
--- a/user/openjdk7/remove-gawk.patch
+++ b/legacy/openjdk7/remove-gawk.patch
diff --git a/user/openjdk7/xattr.patch b/legacy/openjdk7/xattr.patch
index 258f9f12d..258f9f12d 100644
--- a/user/openjdk7/xattr.patch
+++ b/legacy/openjdk7/xattr.patch
diff --git a/system/attr/APKBUILD b/system/attr/APKBUILD
index 9dccb1415..1d4997a5d 100644
--- a/system/attr/APKBUILD
+++ b/system/attr/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=attr
 pkgver=2.4.48
-pkgrel=0
+pkgrel=1
 pkgdesc="Utilities for managing filesystem extended attributes"
 url="https://savannah.nongnu.org/projects/attr"
 arch="all"
@@ -29,7 +29,8 @@ build() {
 		--libdir=/lib \
 		--includedir=/usr/include \
 		--mandir=/usr/share/man \
-		--datadir=/usr/share
+		--datadir=/usr/share \
+		--sysconfdir=/etc
 	make
 }
 
diff --git a/system/bzip2/APKBUILD b/system/bzip2/APKBUILD
index 54b3e4d66..ed22b0137 100644
--- a/system/bzip2/APKBUILD
+++ b/system/bzip2/APKBUILD
@@ -1,28 +1,28 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=bzip2
-pkgver=1.0.6
-pkgrel=7
+pkgver=1.0.8
+pkgrel=0
 pkgdesc="A high-quality data compression program"
-url="http://sources.redhat.com/bzip2"
+url="https://www.sourceware.org/bzip2/"
 arch="all"
 license="BSD-4-Clause"
 depends=""
 subpackages="$pkgname-dev $pkgname-doc libbz2"
-source="https://downloads.sourceforge.net/bzip2/$pkgname-$pkgver.tar.gz
+source="https://sourceware.org/pub/bzip2/$pkgname-$pkgver.tar.gz
 	bzip2-1.0.4-makefile-CFLAGS.patch
-	bzip2-1.0.6-saneso.patch
+	bzip2-1.0.8-saneso.patch
 	bzip2-1.0.4-man-links.patch
 	bzip2-1.0.2-progress.patch
 	bzip2-1.0.3-no-test.patch
-	bzip2-1.0.4-POSIX-shell.patch
-	CVE-2016-3189.patch
 	"
+builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
 #   1.0.6-r5:
-#   - CVE-2016-3189
+#     - CVE-2016-3189
+#   1.0.8-r0:
+#     - CVE-2019-12900
 
-builddir="$srcdir"/$pkgname-$pkgver
 prepare() {
 	default_prepare
 
@@ -64,11 +64,9 @@ libbz2() {
 	mv "$pkgdir"/usr/lib/*.so.* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="00ace5438cfa0c577e5f578d8a808613187eff5217c35164ffe044fbafdfec9e98f4192c02a7d67e01e5a5ccced630583ad1003c37697219b0f147343a3fdd12  bzip2-1.0.6.tar.gz
+sha512sums="083f5e675d73f3233c7930ebe20425a533feedeaaa9d8cc86831312a6581cefbe6ed0d08d2fa89be81082f2a5abdabca8b3c080bf97218a1bd59dc118a30b9f3  bzip2-1.0.8.tar.gz
 58cc37430555520b6e35db2740e699cf37eacdd82989c21a222a593e36288710a0defb003662d4238235c12b3764bfc89cd646e6be9d0a08d54bd2c9baa6ad15  bzip2-1.0.4-makefile-CFLAGS.patch
-8a7528b5b931bb72f637c6940bc811d54fb816fd5bb453af56d9b4a87091004eb5e191ba799d972794b24c56cf8134344a618b58946d3f1d985c508f88190845  bzip2-1.0.6-saneso.patch
+bc52f6efc63ac8d06fcbbb0446cc9c8025964ba0651ef493b5a124e838bf03bebb0ef56247fdd007265c8ea091f3458e832a53856228e7fefa4d20a55065bba3  bzip2-1.0.8-saneso.patch
 2d9a306bc0f552a58916ebc702d32350a225103c487e070d2082121a54e07f1813d3228f43293cc80a4bee62053fd597294c99a1751b1685cd678f4e5c6a2fe7  bzip2-1.0.4-man-links.patch
 b6810c73428f17245e0d7c2decd00c88986cd8ad1cfe4982defe34bdab808d53870ed92cb513b2d00c15301747ceb6ca958fb0e0458d0663b7d8f7c524f7ba4e  bzip2-1.0.2-progress.patch
-aefcafaaadc7f19b20fe023e0bd161127b9f32e0cd364621f6e5c03e95fb976e7e69e354ec46673a554392519532a3bfe56d982a5cde608c10e0b18c3847a030  bzip2-1.0.3-no-test.patch
-64ab461bf739c29615383750e7f260abb2d49df7eb23916940d512bd61fd9a37aaade4d8f6f94280c95fc781b8f92587ad4f3dda51e87dec7a92a7a6f8d8ae86  bzip2-1.0.4-POSIX-shell.patch
-cef6f448b661a775cc433f9636730e89c1285d07075536217657056be56e0a11e96f41f7c14f6ec59e235464b9ddd649a71fb8de1c60eda2fd5c2cdfbb6a8fdc  CVE-2016-3189.patch"
+aefcafaaadc7f19b20fe023e0bd161127b9f32e0cd364621f6e5c03e95fb976e7e69e354ec46673a554392519532a3bfe56d982a5cde608c10e0b18c3847a030  bzip2-1.0.3-no-test.patch"
diff --git a/system/bzip2/bzip2-1.0.4-POSIX-shell.patch b/system/bzip2/bzip2-1.0.4-POSIX-shell.patch
deleted file mode 100644
index a5916eaff..000000000
--- a/system/bzip2/bzip2-1.0.4-POSIX-shell.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-bzgrep uses !/bin/sh but then uses the bashism ${var//} so replace those
-with calls to sed so POSIX shells work
-
-http://bugs.gentoo.org/193365
-
---- ./bzgrep
-+++ ./bzgrep
-@@ -63,10 +63,9 @@
-     bzip2 -cdfq "$i" | $grep $opt "$pat"
-     r=$?
-   else
--    j=${i//\\/\\\\}
--    j=${j//|/\\|}
--    j=${j//&/\\&}
--    j=`printf "%s" "$j" | tr '\n' ' '`
-+    # the backslashes here are doubled up as we have to escape each one for the
-+    # shell and then escape each one for the sed expression
-+    j=`printf "%s" "${i}" | sed -e 's:\\\\:\\\\\\\\:g' -e 's:[|]:\\\\|:g' -e 's:[&]:\\\\&:g' | tr '\n' ' '`
-     bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
-     r=$?
-   fi
diff --git a/system/bzip2/bzip2-1.0.6-saneso.patch b/system/bzip2/bzip2-1.0.6-saneso.patch
deleted file mode 100644
index 1968a63bf..000000000
--- a/system/bzip2/bzip2-1.0.6-saneso.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- ./Makefile-libbz2_so
-+++ ./Makefile-libbz2_so
-@@ -35,8 +35,8 @@
-       bzlib.o
- 
- all: $(OBJS)
--	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.6 $(OBJS)
--	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
-+	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.6 $(OBJS)
-+	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.6
- 	rm -f libbz2.so.1.0
- 	ln -s libbz2.so.1.0.6 libbz2.so.1.0
- 
diff --git a/system/bzip2/bzip2-1.0.8-saneso.patch b/system/bzip2/bzip2-1.0.8-saneso.patch
new file mode 100644
index 000000000..7aab257af
--- /dev/null
+++ b/system/bzip2/bzip2-1.0.8-saneso.patch
@@ -0,0 +1,13 @@
+--- bzip2-1.0.8/Makefile-libbz2_so	2019-07-13 17:50:05.000000000 +0000
++++ bzip2-1.0.8/Makefile-libbz2_so	2019-07-23 22:36:08.050034514 +0000
+@@ -35,8 +35,8 @@ OBJS= blocksort.o  \
+       bzlib.o
+ 
+ all: $(OBJS)
+-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.8 $(OBJS)
+-	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
++	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.8 $(OBJS)
++	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.8
+ 	rm -f libbz2.so.1.0
+ 	ln -s libbz2.so.1.0.8 libbz2.so.1.0
+ 
diff --git a/system/coreutils/APKBUILD b/system/coreutils/APKBUILD
index 4a70574c3..ff7df9e00 100644
--- a/system/coreutils/APKBUILD
+++ b/system/coreutils/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=coreutils
 pkgver=8.31
-pkgrel=3
+pkgrel=4
 pkgdesc="Basic file, shell, and text manipulation utilities"
 url="https://www.gnu.org/software/coreutils/"
 arch="all"
@@ -60,8 +60,11 @@ package() {
 
 	# stdbuf(1) requires a /usr/libexec/ .so
 	# env(1) needs to be in /usr/bin/ for compatibility with the rest of the world
+	# install(1) " "
 	mkdir -p "$pkgdir"/usr/bin
-	mv "$pkgdir"/bin/stdbuf "$pkgdir"/bin/env "$pkgdir"/usr/bin/
+	for USR_PROGRAM in env install stdbuf; do
+		mv "$pkgdir"/bin/$USR_PROGRAM "$pkgdir"/usr/bin/
+	done
 }
 
 sha512sums="ef8941dae845bbf5ae5838bc49e44554a766302930601aada6fa594e8088f0fbad74e481ee392ff89633e68b99e4da3f761fcb5d31ee3b233d540fe2a2d4e1af  coreutils-8.31.tar.xz
diff --git a/system/libxslt/APKBUILD b/system/libxslt/APKBUILD
index 49a07d7cf..c387c6d45 100644
--- a/system/libxslt/APKBUILD
+++ b/system/libxslt/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=libxslt
 pkgver=1.1.33
-pkgrel=1
+pkgrel=2
 pkgdesc="XML stylesheet transformation library"
 url="http://xmlsoft.org/XSLT/"
 arch="all"
@@ -10,13 +10,18 @@ license="SGI-B-2.0"
 makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python3-dev"
 subpackages="$pkgname-doc $pkgname-dev"
 source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz
-	CVE-2019-11068.patch"
+	CVE-2019-11068.patch
+	CVE-2019-13117.patch
+	CVE-2019-13118.patch"
 
 # secfixes:
 #   1.1.29-r1:
 #     - CVE-2017-5029
 #   1.1.33-r1:
 #     - CVE-2019-11068
+#   1.1.33-r2:
+#     - CVE-2019-13117
+#     - CVE-2019-13118
 
 build() {
 	./configure \
@@ -35,4 +40,6 @@ package() {
 }
 
 sha512sums="ebbe438a38bf6355950167d3b580edc22baa46a77068c18c42445c1c9c716d42bed3b30c5cd5bec359ab32d03843224dae458e9e32dc61693e7cf4bab23536e0  libxslt-1.1.33.tar.gz
-48982b7486351d1eb2853f963db14381dd983c2b4347b7cbeb4507258146ebd8fca125506b2d15d4cbfd2e9ef3fef6341de41a2bfdffc3b0f6bea272b37d9e41  CVE-2019-11068.patch"
+48982b7486351d1eb2853f963db14381dd983c2b4347b7cbeb4507258146ebd8fca125506b2d15d4cbfd2e9ef3fef6341de41a2bfdffc3b0f6bea272b37d9e41  CVE-2019-11068.patch
+b311e253a5c4f425f84344397974562a76b253ca14f63b48af7aa0faa561d5f728cb73ee63024993fad3ee7fc7eddb9c9d7310ab8faa5f6a14fd1c6d0037999f  CVE-2019-13117.patch
+44d3bb5dda6965f48e3af96c77ffa5f1f2e3c191cf1f28ac1b7b3501420393b5628b12b99fe4008b5056384dfebfdcbbee7625f0644cfc27101424a051415da0  CVE-2019-13118.patch"
diff --git a/system/libxslt/CVE-2019-13117.patch b/system/libxslt/CVE-2019-13117.patch
new file mode 100644
index 000000000..78ebb9075
--- /dev/null
+++ b/system/libxslt/CVE-2019-13117.patch
@@ -0,0 +1,29 @@
+From c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sat, 27 Apr 2019 11:19:48 +0200
+Subject: [PATCH] Fix uninitialized read of xsl:number token
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index 89e1f668..75c31eba 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -382,7 +382,10 @@ xsltNumberFormatTokenize(const xmlChar *format,
+ 		tokens->tokens[tokens->nTokens].token = val - 1;
+ 		ix += len;
+ 		val = xmlStringCurrentChar(NULL, format+ix, &len);
+-	    }
++	    } else {
++                tokens->tokens[tokens->nTokens].token = (xmlChar)'0';
++                tokens->tokens[tokens->nTokens].width = 1;
++            }
+ 	} else if ( (val == (xmlChar)'A') ||
+ 		    (val == (xmlChar)'a') ||
+ 		    (val == (xmlChar)'I') ||
+-- 
+2.21.0
+
diff --git a/system/libxslt/CVE-2019-13118.patch b/system/libxslt/CVE-2019-13118.patch
new file mode 100644
index 000000000..b377f4bd6
--- /dev/null
+++ b/system/libxslt/CVE-2019-13118.patch
@@ -0,0 +1,71 @@
+From 6ce8de69330783977dd14f6569419489875fb71b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 3 Jun 2019 13:14:45 +0200
+Subject: [PATCH] Fix uninitialized read with UTF-8 grouping chars
+
+The character type in xsltFormatNumberConversion was too narrow and
+an invalid character/length combination could be passed to
+xsltNumberFormatDecimal, resulting in an uninitialized read.
+
+Found by OSS-Fuzz.
+---
+ libxslt/numbers.c         | 5 +++--
+ tests/docs/bug-222.xml    | 1 +
+ tests/general/bug-222.out | 2 ++
+ tests/general/bug-222.xsl | 6 ++++++
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+ create mode 100644 tests/docs/bug-222.xml
+ create mode 100644 tests/general/bug-222.out
+ create mode 100644 tests/general/bug-222.xsl
+
+diff --git a/libxslt/numbers.c b/libxslt/numbers.c
+index f1ed8846..20b99d5a 100644
+--- a/libxslt/numbers.c
++++ b/libxslt/numbers.c
+@@ -1298,13 +1298,14 @@ OUTPUT_NUMBER:
+     number = floor((scale * number + 0.5)) / scale;
+     if ((self->grouping != NULL) &&
+         (self->grouping[0] != 0)) {
++        int gchar;
+ 
+ 	len = xmlStrlen(self->grouping);
+-	pchar = xsltGetUTF8Char(self->grouping, &len);
++	gchar = xsltGetUTF8Char(self->grouping, &len);
+ 	xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ 				format_info.integer_digits,
+ 				format_info.group,
+-				pchar, len);
++				gchar, len);
+     } else
+ 	xsltNumberFormatDecimal(buffer, floor(number), self->zeroDigit[0],
+ 				format_info.integer_digits,
+diff --git a/tests/docs/bug-222.xml b/tests/docs/bug-222.xml
+new file mode 100644
+index 00000000..69d62f2c
+--- /dev/null
++++ b/tests/docs/bug-222.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-222.out b/tests/general/bug-222.out
+new file mode 100644
+index 00000000..e3139698
+--- /dev/null
++++ b/tests/general/bug-222.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++1⠢0
+diff --git a/tests/general/bug-222.xsl b/tests/general/bug-222.xsl
+new file mode 100644
+index 00000000..e32dc473
+--- /dev/null
++++ b/tests/general/bug-222.xsl
+@@ -0,0 +1,6 @@
++<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
++  <xsl:decimal-format name="f" grouping-separator="⠢"/>
++  <xsl:template match="/">
++    <xsl:value-of select="format-number(10,'#⠢0','f')"/>
++  </xsl:template>
++</xsl:stylesheet>
+-- 
+2.21.0
+
diff --git a/user/atril/APKBUILD b/user/atril/APKBUILD
index 5fd885123..d9f1127a9 100644
--- a/user/atril/APKBUILD
+++ b/user/atril/APKBUILD
@@ -13,7 +13,8 @@ makedepends="caja-dev djvulibre-dev gobject-introspection-dev gtk+3.0-dev
 	intltool itstool libgxps-dev libsecret-dev libsm-dev libspectre-dev
 	libxml2-dev libxml2-utils poppler-dev python3 tiff-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz"
+source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz
+	CVE-2019-1010006.patch"
 
 build() {
 	cd "$builddir"
@@ -41,4 +42,5 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d  atril-1.22.1.tar.xz"
+sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d  atril-1.22.1.tar.xz
+ea6db09fe033a8ddf6d90f080858057fad5452a23801e0f41f7a90ec352b71344e8b596a0913deabca333ff24dc5023628eab7c18bc526c0a7f8fb0d680acdf7  CVE-2019-1010006.patch"
diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch
new file mode 100644
index 000000000..ce107d193
--- /dev/null
+++ b/user/atril/CVE-2019-1010006.patch
@@ -0,0 +1,56 @@
+From e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 Mon Sep 17 00:00:00 2001
+From: Jason Crain <jcrain@src.gnome.org>
+Date: Sat, 2 Dec 2017 20:24:33 -0600
+Subject: [PATCH] Fix overflow checks in tiff backend
+
+The overflow checks in tiff_document_render and
+tiff_document_get_thumbnail don't work when optimizations are enabled.
+Change the checks so they don't rely on undefined behavior.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=788980
+---
+ backend/tiff/tiff-document.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
+index 8f40934e..7bf95c2b 100644
+--- a/backend/tiff/tiff-document.c
++++ b/backend/tiff/tiff-document.c
+@@ -284,12 +284,12 @@ tiff_document_render (EvDocument      *document,
+ 		return NULL;                
+ 	}
+ 	
+-	bytes = height * rowstride;
+-	if (bytes / rowstride != height) {
++	if (height >= INT_MAX / rowstride) {
+ 		g_warning("Overflow while rendering document.");
+ 		/* overflow */
+ 		return NULL;
+ 	}
++	bytes = height * rowstride;
+ 	
+ 	pixels = g_try_malloc (bytes);
+ 	if (!pixels) {
+@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument      *document,
+ 	if (width <= 0 || height <= 0)
+ 		return NULL;                
+ 
+-	rowstride = width * 4;
+-	if (rowstride / 4 != width)
++	if (width >= INT_MAX / 4)
+ 		/* overflow */
+ 		return NULL;                
++	rowstride = width * 4;
+         
+-	bytes = height * rowstride;
+-	if (bytes / rowstride != height)
++	if (height >= INT_MAX / rowstride)
+ 		/* overflow */
+ 		return NULL;                
++	bytes = height * rowstride;
+ 	
+ 	pixels = g_try_malloc (bytes);
+ 	if (!pixels)
+-- 
+2.21.0
+
diff --git a/user/i3status/APKBUILD b/user/i3status/APKBUILD
index b892fef2f..422c1dfd4 100644
--- a/user/i3status/APKBUILD
+++ b/user/i3status/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Luis Ressel <aranea@aixah.de>
 pkgname=i3status
 pkgver=2.13
-pkgrel=0
+pkgrel=1
 pkgdesc="Status bar generator for dzen2, xmobar or similar"
 url="https://i3wm.org/i3status/"
 arch="all"
@@ -28,7 +28,8 @@ build() {
 	PATH_ASCIIDOC=/usr/bin/asciidoctor ../configure \
 		--build=$CBUILD \
 		--host=$CHOST \
-		--prefix=/usr
+		--prefix=/usr \
+		--sysconfdir=/etc
 	make
 }
 
diff --git a/user/mplayer/APKBUILD b/user/mplayer/APKBUILD
index 8fb03660a..6b6ce9a71 100644
--- a/user/mplayer/APKBUILD
+++ b/user/mplayer/APKBUILD
@@ -28,12 +28,14 @@ build() {
 	./configure \
 		--prefix=/usr \
 		--mandir=/usr/share/man \
+		--confdir=/etc/mplayer \
 		--disable-ffmpeg_a
 	make
 }
 
 package() {
 	make DESTDIR="$pkgdir" install
+	rm -r "$pkgdir/etc"
 }
 
 sha512sums="8ef71cad187d8c8f81c837279bd3a421b440c892d3347a667670b21c954007e35cf0d15828f0901f347b9c1b053e8da4bc7f0fb6de34382d1e463074923d7b34  MPlayer-1.4.tar.xz"
diff --git a/user/openldap/openldap.pre-install b/user/openldap/openldap.pre-install
index a98a882ae..b6bc3c7b4 100644
--- a/user/openldap/openldap.pre-install
+++ b/user/openldap/openldap.pre-install
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 groupadd -r ldap 2>/dev/null
-useradd -c "OpenLdap User" -s /sbin/nologin -g ldap \
+useradd -c "OpenLDAP User" -s /sbin/nologin -g ldap \
 	-m -d /usr/lib/openldap -r ldap 2>/dev/null
 
 exit 0
diff --git a/user/pulseaudio/APKBUILD b/user/pulseaudio/APKBUILD
index 2829f044a..611a788a0 100644
--- a/user/pulseaudio/APKBUILD
+++ b/user/pulseaudio/APKBUILD
@@ -3,7 +3,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=pulseaudio
 pkgver=12.2
-pkgrel=4
+pkgrel=5
 pkgdesc="A featureful, general-purpose sound server"
 url="https://www.freedesktop.org/wiki/Software/PulseAudio"
 pkgusers="pulse"
@@ -23,11 +23,11 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-libs $pkgname-bluez
 source="https://freedesktop.org/software/pulseaudio/releases/pulseaudio-$pkgver.tar.xz
 	$pkgname.initd
 	$pkgname.confd
+	alsa-include.patch
 	disable-flat-volume.patch
 	"
 
 build() {
-	cd "$builddir"
 	LIBS="-lintl" ./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -50,12 +50,10 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make -j1 DESTDIR="$pkgdir" install
 }
 
@@ -134,4 +132,5 @@ zshcomp() {
 sha512sums="877754c1838b3cb042dbc18a5f1cc3cf313ffcaee7a64703330406d1f86279c34f1107634ac3083b158365e6757fbacf5ec406bc3c5788d291de67b77a561a4e  pulseaudio-12.2.tar.xz
 34fe54ece5df60ce63a7955cd828a2716670fef71f40960698ae5518fdaf9cd599f4d8f8852e2c88d715600a9ad06a38984415e5eb320071012e5eb6e5c1b8b1  pulseaudio.initd
 75b54581591519d63a3362b155c0f9b0501a60763ab394693a456c44d0216138cf3a40bdd0f7442028663bc045e9ffee286f8f8eaf2ee3bb17379b43615fee0e  pulseaudio.confd
+1549c495395ea0b9bf863f063be85c5847cdffc27b4e59e8d528aae5de29d1f2552dbae94f8c649fcab264e07ede330e584dcee46118b98ddf64c63cb1e8397e  alsa-include.patch
 dcb50f7c4fd86b0311ab050f7f0340dcf54379a685903951f22e24df6aee5486ee5e02f866c9e53dd55a54ba302658ad282114ce37f169d185855dc37dae0349  disable-flat-volume.patch"
diff --git a/user/pulseaudio/alsa-include.patch b/user/pulseaudio/alsa-include.patch
new file mode 100644
index 000000000..2654838e5
--- /dev/null
+++ b/user/pulseaudio/alsa-include.patch
@@ -0,0 +1,45 @@
+From b89d33bb182c42db5ad3987b0e91b7bf62f421e8 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Sun, 21 Apr 2019 11:59:30 +0200
+Subject: [PATCH] alsa: Fix inclusion of use-case.h
+
+The recent change in ALSA upstream stripped -I$include/alsa path from
+pkgconfig.  We already fixed for this change in some places but still
+the code for UCM was overlooked, and this resulted in the unresolved
+symbols in alsa card module. Fix them as well.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+---
+ configure.ac                | 2 +-
+ src/modules/alsa/alsa-ucm.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index c004bd70d..b44ed1595 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -826,7 +826,7 @@ AS_IF([test "x$enable_alsa" = "xyes" && test "x$HAVE_ALSA" = "x0"],
+ AS_IF([test "x$HAVE_ALSA" = "x1"],
+     [
+         save_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS $ASOUNDLIB_CFLAGS"
+-        AC_CHECK_HEADERS([use-case.h], HAVE_ALSA_UCM=1, HAVE_ALSA_UCM=0)
++        AC_CHECK_HEADERS([alsa/use-case.h], HAVE_ALSA_UCM=1, HAVE_ALSA_UCM=0)
+         CPPFLAGS="$save_CPPFLAGS"
+     ],
+     HAVE_ALSA_UCM=0)
+diff --git a/src/modules/alsa/alsa-ucm.h b/src/modules/alsa/alsa-ucm.h
+index 53abf3f90..c926f3cc3 100644
+--- a/src/modules/alsa/alsa-ucm.h
++++ b/src/modules/alsa/alsa-ucm.h
+@@ -23,7 +23,7 @@
+ ***/
+ 
+ #ifdef HAVE_ALSA_UCM
+-#include <use-case.h>
++#include <alsa/use-case.h>
+ #else
+ typedef void snd_use_case_mgr_t;
+ #endif
+-- 
+2.21.0
+
diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index 6bd76fafe..1cd7f5981 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -201,4 +201,4 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463
 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
 a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
 c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
-b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406  vlc-libs.trigger"
+34d899b8b88de2058a8d64ce316389bd3437c0bbcd64a925eec4975adf2bc306a3a8d2e322bad5e3a18b5a28cbb5bf6705d8849dee655daf7e5a4bb007fe07e0  vlc-libs.trigger"