diff options
52 files changed, 950 insertions, 730 deletions
diff --git a/system/libssh2/APKBUILD b/system/libssh2/APKBUILD index 383854b8f..913934a46 100644 --- a/system/libssh2/APKBUILD +++ b/system/libssh2/APKBUILD @@ -1,7 +1,7 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libssh2 -pkgver=1.8.2 +pkgver=1.9.0 pkgrel=0 pkgdesc="Library for accessing SSH servers" url="https://libssh2.org/" @@ -33,4 +33,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="390ab4ad93bb738415ec11a6eb92806c9b9e9e5d8ee7c442d841a58b4292c1c447a9bc99e153ba464e2e11f9c0d1913469303598c3046722d1ae821991e8cb93 libssh2-1.8.2.tar.gz" +sha512sums="41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17 libssh2-1.9.0.tar.gz" diff --git a/system/nss/APKBUILD b/system/nss/APKBUILD index f88776116..20aea14c3 100644 --- a/system/nss/APKBUILD +++ b/system/nss/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=nss -pkgver=3.44.1 +pkgver=3.45 _ver=$(printf '%s' "$pkgver" | tr . _) pkgrel=0 pkgdesc="Mozilla Network Security Services" @@ -21,6 +21,12 @@ source="https://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/s add_spi+cacert_ca_certs.patch " +# secfixes: +# 3.45-r0: +# - CVE-2019-11719 +# - CVE-2019-11727 +# - CVE-2019-11729 + prepare() { default_prepare @@ -141,7 +147,7 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="eb8777701a25b54377026633b6bf284e4c62308012058355f348a7c57525afe96db74a07de41ba01754e316a7dff06689de527359a5474ed7ab606779c4cf169 nss-3.44.1.tar.gz +sha512sums="33360a1bb4e0a0a974070c354ee82c515d5cfa2a12c9c96817a9fdb3e4ca1ad62eb95886b9b0d60e2f69efda964376d0671c1e3c920b2ea614aeecb719c6ff29 nss-3.45.tar.gz 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in 0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in 09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in diff --git a/user/aspell/APKBUILD b/user/aspell/APKBUILD index 88ab8a736..bce270974 100644 --- a/user/aspell/APKBUILD +++ b/user/aspell/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> # Maintainer: pkgname=aspell -pkgver=0.60.6.1 -pkgrel=15 +pkgver=0.60.7 +pkgrel=0 pkgdesc="Libre spell checker software" url="http://aspell.net/" arch="all" @@ -12,14 +12,7 @@ makedepends="ncurses-dev perl" provides="aspell-utils" subpackages="$pkgname-compat::noarch $pkgname-dev $pkgname-doc $pkgname-lang" -source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz - aspell-0.60.6.1-gcc7-fixes.patch - " - -prepare() { - default_prepare - update_config_sub -} +source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz" build() { LIBS="-ltinfo" ./configure \ @@ -49,5 +42,4 @@ compat() { mv spell ispell "$subpkgdir"/usr/bin/ } -sha512sums="f310c7590be98406589b5c26ca36a2ecfe4733f0b40fd6c176b96b7955ef2b5cd0ec9a3d770cf132146ae7a896042b4b698945112995ee1ae66adcfa5542247f aspell-0.60.6.1.tar.gz -7acdd483fa218952775282f42c28998b4901b1c70aeeef307835a205d1cde3fb2912898d08799ee596d744dde55d04e5c4905fb66d8bfa3028d1f5d45bb66d1e aspell-0.60.6.1-gcc7-fixes.patch" +sha512sums="6f5fcd1c29164ee18f205594b66f382b51d19b17686293a931ca92c1442d3f7228627ca7d604d860551d0d367ac34dfb2ae34170a844f51e84e390fb1edc4535 aspell-0.60.7.tar.gz" diff --git a/user/aspell/aspell-0.60.6.1-gcc7-fixes.patch b/user/aspell/aspell-0.60.6.1-gcc7-fixes.patch deleted file mode 100644 index 4eb825a24..000000000 --- a/user/aspell/aspell-0.60.6.1-gcc7-fixes.patch +++ /dev/null @@ -1,34 +0,0 @@ -commit 8089fa02122fed0a6394eba14bbedcb1d18e2384 -Author: Kevin Atkinson <kevina@gnu.org> -Date: Thu Dec 29 00:50:31 2016 -0500 - - Compile Fixes for GCC 7. - - Closes #519. - -diff --git a/modules/filter/tex.cpp b/modules/filter/tex.cpp -index a979539..19ab63c 100644 ---- a/modules/filter/tex.cpp -+++ b/modules/filter/tex.cpp -@@ -174,7 +174,7 @@ namespace { - - if (c == '{') { - -- if (top.in_what == Parm || top.in_what == Opt || top.do_check == '\0') -+ if (top.in_what == Parm || top.in_what == Opt || *top.do_check == '\0') - push_command(Parm); - - top.in_what = Parm; -diff --git a/prog/check_funs.cpp b/prog/check_funs.cpp -index db54f3d..89ee09d 100644 ---- a/prog/check_funs.cpp -+++ b/prog/check_funs.cpp -@@ -647,7 +647,7 @@ static void print_truncate(FILE * out, const char * word, int width) { - } - } - if (i == width-1) { -- if (word == '\0') -+ if (*word == '\0') - put(out,' '); - else if (word[len] == '\0') - put(out, word, len); diff --git a/user/catdoc/APKBUILD b/user/catdoc/APKBUILD index 2b6bc7d3d..4296c8167 100644 --- a/user/catdoc/APKBUILD +++ b/user/catdoc/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=catdoc pkgver=0.95 -pkgrel=1 +pkgrel=2 pkgdesc="Read information and data from Microsoft Office documents" url="http://www.wagner.pp.ru/~vitus/software/catdoc/" arch="all" @@ -11,7 +11,12 @@ license="GPL-2.0-only" depends="" makedepends="" subpackages="$pkgname-doc" -source="http://ftp.wagner.pp.ru/pub/catdoc/catdoc-$pkgver.tar.gz" +source="http://ftp.wagner.pp.ru/pub/catdoc/catdoc-$pkgver.tar.gz + CVE-2017-11110.patch" + +# secfixes: +# 0.95-r2: +# - CVE-2017-11110 build() { cd "$builddir" @@ -31,4 +36,5 @@ package() { make -j1 install } -sha512sums="dd6bded4b6b70749c007256b182b063ff266f86d53024d8582001678821e8096c5b980bc8f43015d9c82bbe022d71d4ba5fe68aff31b2ff6db3688595e651b2c catdoc-0.95.tar.gz" +sha512sums="dd6bded4b6b70749c007256b182b063ff266f86d53024d8582001678821e8096c5b980bc8f43015d9c82bbe022d71d4ba5fe68aff31b2ff6db3688595e651b2c catdoc-0.95.tar.gz +15d1da9fe095c6e4a990faa22ee67952d91494057a1fd6334f2eb671898156c95245b54f229549a5662d13dec6ecc4e607583e865fb9775fea8d163755cf04b0 CVE-2017-11110.patch" diff --git a/user/catdoc/CVE-2017-11110.patch b/user/catdoc/CVE-2017-11110.patch new file mode 100644 index 000000000..d36d5d63c --- /dev/null +++ b/user/catdoc/CVE-2017-11110.patch @@ -0,0 +1,32 @@ +Description: CVE-2017-11110: Heap buffer overflow in ole_init +Origin: vendor, https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?rev=d437c3be72c2e5a3516b75f4e9de6b35 +Bug-Debian: https://bugs.debian.org/867717 +Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1047877 +Forwarded: no +Author: Andreas Stieger <astieger@suse.com> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2017-07-20 + +--- a/src/ole.c ++++ b/src/ole.c +@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si + return NULL; + } + sectorSize = 1<<getshort(oleBuf,0x1e); ++ /* CVE-2017-11110 */ ++ if (sectorSize < 4) { ++ fprintf(stderr, "sectorSize < 4 not supported\n"); ++ return NULL; ++ } + shortSectorSize=1<<getshort(oleBuf,0x20); + + /* Read BBD into memory */ +@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si + } + + fseek(newfile, 512+mblock*sectorSize, SEEK_SET); +- if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, ++ if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >=4 for CVE-2017-11110 */ + 1, sectorSize, newfile) != sectorSize) { + fprintf(stderr, "Error read MSAT!\n"); + ole_finish(); diff --git a/user/gnupg/APKBUILD b/user/gnupg/APKBUILD index 1d6d41f94..e8d3ff2f4 100644 --- a/user/gnupg/APKBUILD +++ b/user/gnupg/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=gnupg -pkgver=2.2.16 +pkgver=2.2.17 pkgrel=0 pkgdesc="GNU Privacy Guard 2 - PGP replacement" url="https://www.gnupg.org/" @@ -18,6 +18,10 @@ source="https://gnupg.org/ftp/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2 60-scdaemon.rules" install="$pkgname.pre-install $pkgname.pre-upgrade" +# secfixes: +# 2.2.17-r0: +# - CVE-2019-13050 + build() { ./configure \ --build=$CBUILD \ @@ -46,7 +50,7 @@ package() { install -Dm644 "$srcdir"/60-scdaemon.rules "$pkgdir"/lib/udev/rules.d } -sha512sums="0e0040905cc4d1d9d29e184cfeda520b43990e4ec459212537c0ce6092de987157e05b1d1a3022398d9b3cbaeea0f58a7e686745f96933e5ac26be4229162247 gnupg-2.2.16.tar.bz2 +sha512sums="a3cd094addac62b4b4ec1683005a2bec761ea2aacf6daf904316b1819f4f6a41f256a8d9452cf28cad71b3e68228465baa27ae0eb1fa734fa91542ef0f159c5d gnupg-2.2.17.tar.bz2 c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7 0001-Include-sys-select.h-for-FD_SETSIZE.patch b19a44dacf061dd02b439ab8bd820e3c721aab77168f705f5ce65661f26527b03ea88eec16d78486a633c474120589ec8736692ebff57ab9b95f52f57190ba6b fix-i18n.patch 4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules" diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD index 627abf2ec..8578e002b 100644 --- a/user/gnutls/APKBUILD +++ b/user/gnutls/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Michael Mason <ms13sp@gmail.com> # Maintainer: pkgname=gnutls -pkgver=3.6.8 +pkgver=3.6.9 pkgrel=0 pkgdesc="A TLS protocol implementation" url="http://www.gnutls.org/" @@ -80,5 +80,5 @@ xx() { mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/ } -sha512sums="71f0899de0ffb2a39b25928042114e2bbfde7fbf2029d9f91f60bf60794916d13f544fc97337e4e3282e7faa17e79a8012b0e08f98805bee543c0ba4e5d5a905 gnutls-3.6.8.tar.xz +sha512sums="a9fd0f4edae4c081d5c539ba2e5574a4d7294bc00c5c73ea25ce26cb7fd126299c2842a282d45ef5cf0544108f27066e587df28776bc7915143d190d7d5b9d07 gnutls-3.6.9.tar.xz abc24ee59cc67805fe953535b0bae33080fc8b0bf788304377f6d10ec8c162c4cf203a69c98a4ba3483b4c60ed7a204433cc7db9b8190eddb0d68f6fb6dad52d gnulib-tests-dont-require-gpg-passphrase.patch" diff --git a/user/highlight/APKBUILD b/user/highlight/APKBUILD index d0289e95a..8ceb16c85 100644 --- a/user/highlight/APKBUILD +++ b/user/highlight/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: pkgname=highlight -pkgver=3.52 +pkgver=3.53 pkgrel=0 pkgdesc="Fast and flexible source code highlighter" url="http://www.andre-simon.de/doku/highlight/highlight.html" @@ -20,4 +20,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="4a44f6c4d29836c6f1af9db02c4e989c7ce155bcb387ca294170c361ae6c41b7441b03810ee27e7b7cdbd3ec73907fb5746ab545b7a44dfc482cc242a86681fe highlight-3.52.tar.bz2" +sha512sums="b25340aa881e5188fb9862d4858fab17627a80329835723a75de95bbf523f2453f42fa4e6ed842345b5e2842d66a40f16b03c19fbbbea4a226e247a93130a5e3 highlight-3.53.tar.bz2" diff --git a/user/id3lib/APKBUILD b/user/id3lib/APKBUILD index 724429e96..957ed5eb0 100644 --- a/user/id3lib/APKBUILD +++ b/user/id3lib/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=id3lib pkgver=3.8.3 -pkgrel=1 +pkgrel=2 pkgdesc="Library for reading, writing, and manipulating ID3v2 tags" url="http://id3lib.sourceforge.net" arch="all" @@ -15,8 +15,13 @@ source="https://downloads.sourceforge.net/project/id3lib/id3lib/$pkgver/id3lib-$ cstring.patch modern-cpp.patch test-expose-proper-stdlib-symbols.patch + CVE-2007-4460.patch " +# secfixes: +# 3.8.3-r2: +# - CVE-2007-4460 + prepare() { default_prepare update_config_sub @@ -49,4 +54,5 @@ package() { sha512sums="3787e261f86933c1c2f2bff2c4b349b42f5d8636e489e4f39f9d75e6dfbdc79b87009a0f4ce4b786f2fb3dbc01ca9d56c4112095b46244f897e6c9a28573adaf id3lib-3.8.3.tar.gz e379e848788f7fda3a86b02b9865dfe5db69d66ffcfb81184c1cd92f2f1ed7b4d40f13cc77f9de294afc13ae61ab50c3aa13f9a4cc4eb85cb7a727d25268ee6a cstring.patch 334eed099c93ea279d877437a92f684bfb0df12774fd7fffb628b6e8c4b17b17952d6f7c0bf0dff03a87887f0f1233c70d98b69f23580dcf3bf64c8d4b93fc85 modern-cpp.patch -cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch" +cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch +97b1686ca3b7feefe7c2cc5f90a31f42fb55fd7baf45b0abe07c6d879bdf752f21305a6a883241c18e20847c43175c3d2c911dce14aa5f382f46bf44c07759f1 CVE-2007-4460.patch" diff --git a/user/id3lib/CVE-2007-4460.patch b/user/id3lib/CVE-2007-4460.patch new file mode 100644 index 000000000..36c84179f --- /dev/null +++ b/user/id3lib/CVE-2007-4460.patch @@ -0,0 +1,54 @@ +This patch fixes an issues where temporary files were created in an insecure +way. + +It was first intruduced in version 3.8.3-7 and fixes +http://bugs.debian.org/438540 +--- a/src/tag_file.cpp ++++ b/src/tag_file.cpp +@@ -242,8 +242,8 @@ + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); +@@ -285,14 +285,14 @@ + uchar tmpBuffer[BUFSIZ]; + while (file) + { +- file.read(tmpBuffer, BUFSIZ); ++ file.read((char *)tmpBuffer, BUFSIZ); + size_t nBytes = file.gcount(); +- tmpOut.write(tmpBuffer, nBytes); ++ tmpOut.write((char *)tmpBuffer, nBytes); + } + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); diff --git a/user/imagemagick/APKBUILD b/user/imagemagick/APKBUILD index af4e6b383..468d8671c 100644 --- a/user/imagemagick/APKBUILD +++ b/user/imagemagick/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: pkgname=imagemagick -pkgver=7.0.8.53 +pkgver=7.0.8.59 _abiver=7 _pkgver=${pkgver%.*}-${pkgver##*.} pkgrel=0 @@ -19,8 +19,11 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx $pkgname-libs" source="https://github.com/ImageMagick/ImageMagick/archive/$_pkgver.tar.gz" builddir="$srcdir/ImageMagick-${_pkgver}" +# secfixes: +# 7.0.8.59-r0: +# - CVE-2019-13454 + build() { - cd "$builddir" # fix doc dir, Gentoo bug 91911 sed -i -e \ 's:DOCUMENTATION_PATH="${DATA_DIR}/doc/${DOCUMENTATION_RELATIVE_PATH}":DOCUMENTATION_PATH="/usr/share/doc/imagemagick":g' \ @@ -53,12 +56,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make -j1 DESTDIR="$pkgdir" install if ! [ -e "$pkgdir"/usr/lib/libMagickCore-$_abiver.Q16HDRI.so ]; then error "Has ABI verision changed? (current is $_abiver)" @@ -81,4 +82,4 @@ _cxx() { mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/ } -sha512sums="f96de743266cefdb48e14e8c18cd36d629641894b056637e2d17bbf8cd0626c81b3c762db0893c919a3caaa60c6b34ab777f40d19c8f75b7604eb2975fdd56be 7.0.8-53.tar.gz" +sha512sums="518557ca23035fa78c34a475123c77381ab413de6bec2a85d71f299b41ff51a213fb4a2cb605409428a499bbb9154f72ad28c709214c72f3a3963110f33ac64e 7.0.8-59.tar.gz" diff --git a/user/libcdio-paranoia/APKBUILD b/user/libcdio-paranoia/APKBUILD index befa3a20d..4230d8fe0 100644 --- a/user/libcdio-paranoia/APKBUILD +++ b/user/libcdio-paranoia/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: pkgname=libcdio-paranoia -pkgver=0.94_p1 -_pkgver="10.2+${pkgver%_p*}+${pkgver#*_p}" -pkgrel=1 +pkgver=10.2.2.0.0 +_pkgver="${pkgver/10.2./10.2+}" +pkgrel=0 pkgdesc="CD paranoia on top of libcdio" url="https://www.gnu.org/software/libcdio/" arch="all" @@ -10,19 +10,18 @@ license="GPL-2.0+ AND LGPL-2.0+" depends_dev="ncurses-dev" makedepends="$depends_dev libcdio-dev autoconf automake libtool" subpackages="$pkgname-dev $pkgname-doc" -source="http://ftp.gnu.org/gnu/libcdio/$pkgname-$_pkgver.tar.gz" +source="https://ftp.gnu.org/gnu/libcdio/$pkgname-$_pkgver.tar.bz2" builddir="$srcdir/$pkgname-$_pkgver" -prepare() { - default_prepare - - cd "$builddir" - sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADER/' configure.ac - autoreconf -i -} +#prepare() { +# default_prepare +# +# cd "$builddir" +# sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADER/' configure.ac +# autoreconf -i +#} build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -36,13 +35,11 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="9b2381491271090bac08594cb1d84de98e9f0a5afc6a2c98e9ffcf4b95addc3adcd0f0b9adeb928dfbf8178356ad6a7ccfeb048685c823d138b2af232f0b4c93 libcdio-paranoia-10.2+0.94+1.tar.gz" +sha512sums="0398617f9af63632d74c5a93c4efae1bc69d339fb7ab2e36dbfa6d19c0940f3bf27ea3ed482698d2842838d2034df3e40304774f1648db8c274d441130ef40a2 libcdio-paranoia-10.2+2.0.0.tar.bz2" diff --git a/user/libcdio/APKBUILD b/user/libcdio/APKBUILD index 031f11fae..7735bdbe0 100644 --- a/user/libcdio/APKBUILD +++ b/user/libcdio/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=libcdio -pkgver=2.0.0 -pkgrel=1 +pkgver=2.1.0 +pkgrel=0 pkgdesc="GNU Compact Disc Input and Control Library" url="https://www.gnu.org/software/libcdio/" arch="all" @@ -14,7 +14,6 @@ source="https://ftp.gnu.org/gnu/libcdio/${pkgname}-${pkgver}.tar.bz2 disable-broken-test.patch" build() { - cd "$builddir" LIBS="-ltinfo" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -30,12 +29,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make -j1 DESTDIR="$pkgdir" install } @@ -51,5 +48,5 @@ _cpp() { mv "$pkgdir"/usr/lib/*++.* "$subpkgdir"/usr/lib/ } -sha512sums="a18abc9ec9e8189b5f37c037e16bf24056fa603610cef58684788515555878146ad43aec4ada5e93bf54b74d0ed6dae3683043613d5996d6687e59da8bb350a0 libcdio-2.0.0.tar.bz2 +sha512sums="c290821da55fd9ae366670a58857aa6efcebc9f25b7caea063cf12f9cbda84fe770c5f59f972227fda50517ca58c5f39c0137daa0f93179e3daa45303d8b610f libcdio-2.1.0.tar.bz2 be0149128bb2fa131f514bcff848279d826340a99a05b958e104f4640bda1a89d6146b0ec348783f4bbd8a3c313c41297152f75ee04f492f08b337bd79dd9c3e disable-broken-test.patch" diff --git a/user/libexif/APKBUILD b/user/libexif/APKBUILD index cfe2dd75f..71c9f7d06 100644 --- a/user/libexif/APKBUILD +++ b/user/libexif/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=libexif pkgver=0.6.21 -pkgrel=2 +pkgrel=3 pkgdesc="Library to parse EXIF metadata" url="https://sourceforge.net/projects/libexif" arch="all" @@ -9,16 +9,21 @@ license="LGPL-2.0+" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" depends="" makedepends="" -source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2" +source="https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2 + CVE-2017-7544.patch + CVE-2018-20030.patch" + +# secfixes: +# 0.6.21-r3: +# - CVE-2017-7544 +# - CVE-2018-20030 prepare() { - cd "$builddir" update_config_sub default_prepare } build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -27,12 +32,13 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2" + +sha512sums="4e0fe2abe85d1c95b41cb3abe1f6333dc3a9eb69dba106a674a78d74a4d5b9c5a19647118fa1cc2d72b98a29853394f1519eda9e2889eb28d3be26b21c7cfc35 libexif-0.6.21.tar.bz2 +d529c6c5bd26dc21c0946702574184e1f61c2bfd4fb95b41e314f486a0dd55571963ff2cad566d2fb0804de3c0799bcd956c15a3dc10a520ce207728edad4e2d CVE-2017-7544.patch +0d6123bd275ace338ad9cebb31a2e714de0141b91860f07394b281686a5393566c3f4159679d4ba689ae7ea69ae2e412b158c3deb451c40c210b5817f6888bbc CVE-2018-20030.patch" diff --git a/user/libexif/CVE-2017-7544.patch b/user/libexif/CVE-2017-7544.patch new file mode 100644 index 000000000..534817417 --- /dev/null +++ b/user/libexif/CVE-2017-7544.patch @@ -0,0 +1,30 @@ +From c39acd1692023b26290778a02a9232c873f9d71a Mon Sep 17 00:00:00 2001 +From: Marcus Meissner <marcus@jet.franken.de> +Date: Tue, 25 Jul 2017 23:38:56 +0200 +Subject: [PATCH] On saving makernotes, make sure the makernote container tags + has a type with 1 byte components. + +Fixes (at least): + https://sourceforge.net/p/libexif/bugs/130 + https://sourceforge.net/p/libexif/bugs/129 +--- + libexif/exif-data.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index 67df4db..91f4c33 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e, + exif_mnote_data_set_offset (data->priv->md, *ds - 6); + exif_mnote_data_save (data->priv->md, &e->data, &e->size); + e->components = e->size; ++ if (exif_format_get_size (e->format) != 1) { ++ /* e->format is taken from input code, ++ * but we need to make sure it is a 1 byte ++ * entity due to the multiplication below. */ ++ e->format = EXIF_FORMAT_UNDEFINED; ++ } + } + } + diff --git a/user/libexif/CVE-2018-20030.patch b/user/libexif/CVE-2018-20030.patch new file mode 100644 index 000000000..837d003d7 --- /dev/null +++ b/user/libexif/CVE-2018-20030.patch @@ -0,0 +1,115 @@ +Edited slightly to backport to stable + +From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 +From: Dan Fandrich <dan@coneharvesters.com> +Date: Fri, 12 Oct 2018 16:01:45 +0200 +Subject: [PATCH] Improve deep recursion detection in + exif_data_load_data_content. + +The existing detection was still vulnerable to pathological cases +causing DoS by wasting CPU. The new algorithm takes the number of tags +into account to make it harder to abuse by cases using shallow recursion +but with a very large number of tags. This improves on commit 5d28011c +which wasn't sufficient to counter this kind of case. + +The limitation in the previous fix was discovered by Laurent Delosieres, +Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned +the identifier CVE-2018-20030. +--- + libexif/exif-data.c | 45 +++++++++++++++++++++++++++++++++++++-------- + +diff --git a/libexif/exif-data.c b/libexif/exif-data.c +index e35403d..a6f9c94 100644 +--- a/libexif/exif-data.c ++++ b/libexif/exif-data.c +@@ -35,6 +35,7 @@ + #include <libexif/olympus/exif-mnote-data-olympus.h> + #include <libexif/pentax/exif-mnote-data-pentax.h> + ++#include <math.h> + #include <stdlib.h> + #include <stdio.h> + #include <string.h> +@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) { \ + break; \ + } + ++/*! Calculate the recursion cost added by one level of IFD loading. ++ * ++ * The work performed is related to the cost in the exponential relation ++ * work=1.1**cost ++ */ ++static unsigned int ++level_cost(unsigned int n) ++{ ++ static const double log_1_1 = 0.09531017980432493; ++ ++ /* Adding 0.1 protects against the case where n==1 */ ++ return ceil(log(n + 0.1)/log_1_1); ++} ++ + /*! Load data for an IFD. + * + * \param[in,out] data #ExifData +@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) { \ + * \param[in] d pointer to buffer containing raw IFD data + * \param[in] ds size of raw data in buffer at \c d + * \param[in] offset offset into buffer at \c d at which IFD starts +- * \param[in] recursion_depth number of times this function has been +- * recursively called without returning ++ * \param[in] recursion_cost factor indicating how expensive this recursive ++ * call could be + */ + static void + exif_data_load_data_content (ExifData *data, ExifIfd ifd, + const unsigned char *d, +- unsigned int ds, unsigned int offset, unsigned int recursion_depth) ++ unsigned int ds, unsigned int offset, unsigned int recursion_cost) + { + ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; + ExifShort n; +@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) + return; + +- if (recursion_depth > 30) { ++ if (recursion_cost > 170) { ++ /* ++ * recursion_cost is a logarithmic-scale indicator of how expensive this ++ * recursive call might end up being. It is an indicator of the depth of ++ * recursion as well as the potential for worst-case future recursive ++ * calls. Since it's difficult to tell ahead of time how often recursion ++ * will occur, this assumes the worst by assuming every tag could end up ++ * causing recursion. ++ * The value of 170 was chosen to limit typical EXIF structures to a ++ * recursive depth of about 6, but pathological ones (those with very ++ * many tags) to only 2. ++ */ + exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", +- "Deep recursion detected!"); ++ "Deep/expensive recursion detected!"); + return; + } + +@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, + switch (tag) { + case EXIF_TAG_EXIF_IFD_POINTER: + CHECK_REC (EXIF_IFD_EXIF); +- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_GPS_INFO_IFD_POINTER: + CHECK_REC (EXIF_IFD_GPS); +- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: + CHECK_REC (EXIF_IFD_INTEROPERABILITY); +- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); ++ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, ++ recursion_cost + level_cost(n)); + break; + case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: + thumbnail_offset = o; diff --git a/user/libid3tag/APKBUILD b/user/libid3tag/APKBUILD index df96d8b79..0984fc93f 100644 --- a/user/libid3tag/APKBUILD +++ b/user/libid3tag/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=libid3tag pkgver=0.15.1b -pkgrel=9 +pkgrel=10 pkgdesc="Library for manipulating IDv3 tags in MP3 audio files" url="http://www.underbit.com/products/mad/" arch="all" @@ -11,17 +11,24 @@ depends="" makedepends="zlib-dev" subpackages="$pkgname-dev" source="ftp://ftp.mars.org/pub/mpeg/libid3tag-$pkgver.tar.gz - CVE-2008-2109.patch + CVE-2004-2779.patch + CVE-2017-11550.patch " +# secfixes: +# 0.15.1b-r8: +# - CVE-2008-2109 +# 0.15.1b-r10: +# - CVE-2004-2779 +# - CVE-2017-11550 +# - CVE-2017-11551 + prepare() { - cd "$builddir" update_config_sub default_prepare } build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,12 +40,10 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install mkdir -p "$pkgdir"/usr/lib/pkgconfig cat > "$pkgdir"/usr/lib/pkgconfig/id3tag.pc <<EOF @@ -57,4 +62,5 @@ EOF } sha512sums="ade7ce2a43c3646b4c9fdc642095174b9d4938b078b205cd40906d525acd17e87ad76064054a961f391edcba6495441450af2f68be69f116549ca666b069e6d3 libid3tag-0.15.1b.tar.gz -fc79d44ca9d1435ab5b11d4da6b46d3684827a1384a0156cd88242225f98f3a0668c0d6e6a88159f0c4985fcbdc636777c2f100d7f371eef258a6050d6fde567 CVE-2008-2109.patch" +4c27e104d45ae34affc1bef8ec613e65c7e4791185d2ef1cb27974ec7025c06c35d30d6278ce7e3107dff959bd55a708246c3c1a9d5ad7b093424cfb93b79f63 CVE-2004-2779.patch +6627d6e73958309b199a02cd6fa1008a81554151238d8a099dc27e535b8d14f7a9c1ba19894fdf2c927e59c0ca855d50b2f1289f116b45bc41e02d31659d1535 CVE-2017-11550.patch" diff --git a/user/libid3tag/CVE-2004-2779.patch b/user/libid3tag/CVE-2004-2779.patch new file mode 100644 index 000000000..b7e1e2280 --- /dev/null +++ b/user/libid3tag/CVE-2004-2779.patch @@ -0,0 +1,32 @@ +Lifted from Debian: +https://sources.debian.org/patches/libid3tag/0.15.1b-14/10_utf16.dpatch/ + +Also fixes: + +CVE-2008-2109 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480187#12 +CVE-2017-11551 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870333#10 + +Handle bogus UTF16 sequences that have a length that is not +an even number of 8 bit characters. + +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } diff --git a/user/libid3tag/CVE-2008-2109.patch b/user/libid3tag/CVE-2008-2109.patch deleted file mode 100644 index 6226d14af..000000000 --- a/user/libid3tag/CVE-2008-2109.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/field.c.orig 2008-05-05 09:49:15.000000000 -0400 -+++ b/field.c 2008-05-05 09:49:25.000000000 -0400 -@@ -291,7 +291,7 @@ - - end = *ptr + length; - -- while (end - *ptr > 0) { -+ while (end - *ptr > 0 && **ptr != '\0') { - ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); - if (ucs4 == 0) - goto fail; diff --git a/user/libid3tag/CVE-2017-11550.patch b/user/libid3tag/CVE-2017-11550.patch new file mode 100644 index 000000000..abf6cbd43 --- /dev/null +++ b/user/libid3tag/CVE-2017-11550.patch @@ -0,0 +1,33 @@ +Lifted from Debian: +https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/ + +In case of an unknown/invalid encoding, id3_parse_string() will +return NULL, but the return value wasn't checked resulting +in segfault in id3_ucs4_length(). This is the only place +the return value wasn't checked. + +--- libid3tag-0.15.1b/compat.gperf 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000 +@@ -236,6 +236,10 @@ + + encoding = id3_parse_uint(&data, 1); + string = id3_parse_string(&data, end - data, encoding, 0); ++ if (!string) ++ { ++ continue; ++ } + + if (id3_ucs4_length(string) < 4) { + free(string); +--- libid3tag-0.15.1b/parse.c 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000 +@@ -165,6 +165,9 @@ + case ID3_FIELD_TEXTENCODING_UTF_8: + ucs4 = id3_utf8_deserialize(ptr, length); + break; ++ default: ++ /* FIXME: Unknown encoding! Print warning? */ ++ return NULL; + } + + if (ucs4 && !full) { diff --git a/user/libtasn1/APKBUILD b/user/libtasn1/APKBUILD index faf3a82b2..f3fcce75d 100644 --- a/user/libtasn1/APKBUILD +++ b/user/libtasn1/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libtasn1 -pkgver=4.13 +pkgver=4.14 pkgrel=0 pkgdesc="Highly portable ASN.1 library" url="https://www.gnu.org/software/libtasn1/" @@ -13,10 +13,12 @@ source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz " # secfixes: +# 4.14-r0: +# - CVE-2018-1000654 # 4.13-r0: -# - CVE-2018-6003 +# - CVE-2018-6003 # 4.12-r1: -# - CVE-2017-10790 +# - CVE-2017-10790 build() { cd "$builddir" @@ -47,4 +49,4 @@ tools() { mv -i "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="bf5b60a296795e0a8a4a658c0106492393aa7ce698e785256b3427c17215c2a5b6178a61a2043c93ea4334f754eabece20221ac8fef0fd5644086a3891d98a9f libtasn1-4.13.tar.gz" +sha512sums="efdcf3729e9e057cafbfdc9929f08531de03cf3b64e7db62cb53c26bf34c8db4d73786fd853620ab1a10dbafe55e119ad17bfeb40e191071945c7b4db9c9e223 libtasn1-4.14.tar.gz" diff --git a/user/libvncserver/APKBUILD b/user/libvncserver/APKBUILD index 0801da573..764fec75a 100644 --- a/user/libvncserver/APKBUILD +++ b/user/libvncserver/APKBUILD @@ -14,13 +14,16 @@ depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev libxi-dev libxinerama-dev libxrandr-dev libxtst-dev" makedepends="$depends_dev autoconf automake libtool" subpackages="$pkgname-dev" -source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz" +source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz + CVE-2018-15127.patch" builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver # secfixes: # 0.9.11-r0: # - CVE-2016-9941 # - CVE-2016-9942 +# 0.9.12-r0: +# - CVE-2018-15127 build() { if [ "$CBUILD" != "$CHOST" ]; then @@ -45,4 +48,5 @@ package() { make install DESTDIR="$pkgdir" } -sha512sums="60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 LibVNCServer-0.9.12.tar.gz" +sha512sums="60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 LibVNCServer-0.9.12.tar.gz +8b5b6742e6c3a181c60652484b15ec42cc0a3acc1e82cef38e82b61f43f1de456d09731976f4e5dfab44abf3e551e22aaf4300cb8418cd8e136d705fcb2a7dbe CVE-2018-15127.patch" diff --git a/user/libvncserver/CVE-2018-15127.patch b/user/libvncserver/CVE-2018-15127.patch new file mode 100644 index 000000000..146243670 --- /dev/null +++ b/user/libvncserver/CVE-2018-15127.patch @@ -0,0 +1,44 @@ +From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> +Date: Mon, 7 Jan 2019 10:40:01 +0100 +Subject: [PATCH] Limit lenght to INT_MAX bytes in + rfbProcessFileTransferReadBuffer() + +This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap +out-of-bound write access in rfbProcessFileTransferReadBuffer() when +reading a transfered file content in a server. The former fix did not +work on platforms with a 32-bit int type (expected by rfbReadExact()). + +CVE-2018-15127 +<https://github.com/LibVNC/libvncserver/issues/243> +<https://github.com/LibVNC/libvncserver/issues/273> +--- + libvncserver/rfbserver.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c +index 7af84906..f2edbeea 100644 +--- a/libvncserver/rfbserver.c ++++ b/libvncserver/rfbserver.c +@@ -88,6 +88,8 @@ + #include <errno.h> + /* strftime() */ + #include <time.h> ++/* INT_MAX */ ++#include <limits.h> + + #ifdef LIBVNCSERVER_WITH_WEBSOCKETS + #include "rfbssl.h" +@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) + 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF + will safely be allocated since this check will never trigger and malloc() can digest length+1 + without problems as length is a uint32_t. ++ We also later pass length to rfbReadExact() that expects a signed int type and ++ that might wrap on platforms with a 32-bit int type if length is bigger ++ than 0X7FFFFFFF. + */ +- if(length == SIZE_MAX) { ++ if(length == SIZE_MAX || length > INT_MAX) { + rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); + rfbCloseClient(cl); + return NULL; diff --git a/user/live-media/APKBUILD b/user/live-media/APKBUILD index 9f7d23674..856b852ba 100644 --- a/user/live-media/APKBUILD +++ b/user/live-media/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: pkgname=live-media -pkgver=2019.06.28 +pkgver=2019.07.27 pkgrel=0 pkgdesc="Libraries for multimedia streaming" url="http://live555.com/liveMedia" @@ -50,4 +50,4 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="6ac241967a4374f0f584bc2f15f107788da658cedc81d9399cb408a6885e5b65d95a3418824b251d8df6c9315ef9a5003e0749b1344266aecdcda420f6e57ee9 live.2019.06.28.tar.gz" +sha512sums="909dff48bcd5c0b4b3a04b9f44030d720125fcbfa7c289bb035b85cd1e9defb8490453bb80ce2a453ceda1d0ccd790f56f551720c1ed99d1feae8d3871f9f7e6 live.2019.07.27.tar.gz" diff --git a/user/meson/APKBUILD b/user/meson/APKBUILD index 25dae2457..555799dab 100644 --- a/user/meson/APKBUILD +++ b/user/meson/APKBUILD @@ -1,10 +1,10 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: pkgname=meson -pkgver=0.50.1 +pkgver=0.51.1 pkgrel=0 pkgdesc="Fast, user-friendly build system" -url="http://mesonbuild.com/" +url="https://mesonbuild.com/" arch="noarch" license="Apache-2.0" depends="python3 ninja" @@ -13,18 +13,15 @@ subpackages="$pkgname-doc" source="https://github.com/mesonbuild/$pkgname/releases/download/$pkgver/$pkgname-$pkgver.tar.gz" build() { - cd "$builddir" python3 setup.py build } check() { - cd "$builddir" python3 setup.py check } package() { - cd "$builddir" python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="1e3dda7684e999b408a34b4b594f0b7d22494328dc0e98ec794625f16d821f2ef96303ffc761a52249e3919b52befe9fc02577dbd52e50f4b16e6c0f79ba2fca meson-0.50.1.tar.gz" +sha512sums="b0b220de2a20c355cbd2f63aff195374ad8b2dae64f0dc4efb7abf84d7a9e70b6d4239d3d94b2b8ba2de5dd6e871589848b057c842c8f256016c666e9aa882f1 meson-0.51.1.tar.gz" diff --git a/user/ntfs-3g/APKBUILD b/user/ntfs-3g/APKBUILD index d403c4f42..aaa5be24b 100644 --- a/user/ntfs-3g/APKBUILD +++ b/user/ntfs-3g/APKBUILD @@ -5,7 +5,7 @@ pkgname=ntfs-3g _pkgname=ntfs-3g_ntfsprogs pkgver=2017.3.23 -pkgrel=1 +pkgrel=2 pkgdesc="Stable, full-featured, read-write NTFS" url="https://www.tuxera.com/community/open-source-ntfs-3g/" arch="all" @@ -13,9 +13,14 @@ options="!check" # No test suite. license="LGPL-2.1-only AND BSD-2-Clause AND GPL-2.0+ AND GPL-3.0+" makedepends="attr-dev util-linux-dev linux-headers fuse-dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-libs" -source="https://tuxera.com/opensource/$_pkgname-$pkgver.tgz" +source="https://tuxera.com/opensource/$_pkgname-$pkgver.tgz + CVE-2019-9755.patch" builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: +# 2017.3.23-r2: +# - CVE-2019-9755 + build() { cd "$builddir" ./configure \ @@ -37,4 +42,5 @@ package() { ln -s /bin/ntfs-3g "$pkgdir"/sbin/mount.ntfs } -sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz" +sha512sums="3a607f0d7be35204c992d8931de0404fbc52032c13b4240d2c5e6f285c318a28eb2a385d7cf5ac4cd445876aee5baa5753bb636ada0d870d84a9d3fdbce794ef ntfs-3g_ntfsprogs-2017.3.23.tgz +c79ae27e3c9490f0f893a16f27bb19c2cef2fe7b098aabca392163f4105b7ee9797b648d1013ce4c096adf639f6da2b8c43829cfabcc6ac3208c07454a6c0c5c CVE-2019-9755.patch" diff --git a/user/ntfs-3g/CVE-2019-9755.patch b/user/ntfs-3g/CVE-2019-9755.patch new file mode 100644 index 000000000..d1a95541f --- /dev/null +++ b/user/ntfs-3g/CVE-2019-9755.patch @@ -0,0 +1,63 @@ +From 85c1634a26faa572d3c558d4cf8aaaca5202d4e9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr> +Date: Wed, 19 Dec 2018 15:57:50 +0100 +Subject: [PATCH] Fixed reporting an error when failed to build the mountpoint + +The size check was inefficient because getcwd() uses an unsigned int +argument. +--- + src/lowntfs-3g.c | 6 +++++- + src/ntfs-3g.c | 6 +++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/lowntfs-3g.c b/src/lowntfs-3g.c +index 993867fa..0660439b 100644 +--- a/src/lowntfs-3g.c ++++ b/src/lowntfs-3g.c +@@ -4411,7 +4411,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4419,6 +4420,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +diff --git a/src/ntfs-3g.c b/src/ntfs-3g.c +index 6ce89fef..4e0912ae 100644 +--- a/src/ntfs-3g.c ++++ b/src/ntfs-3g.c +@@ -4148,7 +4148,8 @@ int main(int argc, char *argv[]) + else { + ctx->abs_mnt_point = (char*)ntfs_malloc(PATH_MAX); + if (ctx->abs_mnt_point) { +- if (getcwd(ctx->abs_mnt_point, ++ if ((strlen(opts.mnt_point) < PATH_MAX) ++ && getcwd(ctx->abs_mnt_point, + PATH_MAX - strlen(opts.mnt_point) - 1)) { + strcat(ctx->abs_mnt_point, "/"); + strcat(ctx->abs_mnt_point, opts.mnt_point); +@@ -4156,6 +4157,9 @@ int main(int argc, char *argv[]) + /* Solaris also wants the absolute mount point */ + opts.mnt_point = ctx->abs_mnt_point; + #endif /* defined(__sun) && defined (__SVR4) */ ++ } else { ++ free(ctx->abs_mnt_point); ++ ctx->abs_mnt_point = (char*)NULL; + } + } + } +-- +2.22.0 + diff --git a/user/oniguruma/APKBUILD b/user/oniguruma/APKBUILD index 7df3e3af5..b62084508 100644 --- a/user/oniguruma/APKBUILD +++ b/user/oniguruma/APKBUILD @@ -3,15 +3,22 @@ # Maintainer: Samuel Holland <samuel@sholland.org> pkgname=oniguruma pkgver=6.9.2 -pkgrel=0 +pkgrel=1 pkgdesc="A regular expression library" url="https://github.com/kkos/oniguruma" arch="all" license="BSD-2-Clause" subpackages="$pkgname-dev" -source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz" +source="https://github.com/kkos/$pkgname/releases/download/v$pkgver/onig-$pkgver.tar.gz + CVE-2019-13224.patch + CVE-2019-13225.patch" builddir="$srcdir/onig-$pkgver" +# secfixes: +# 6.9.2-r1: +# - CVE-2019-13224 +# - CVE-2019-13225 + build() { ./configure \ --build=$CBUILD \ @@ -32,4 +39,6 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001 onig-6.9.2.tar.gz" +sha512sums="c10134e42a3c0b0eeae2027ffb7a3e1bcc9228dee286f6b6e997f8a73d717217fa74de0e19c40975d2e78044c8c4f029eb622f90c8eb4fdc4667eb4804e97001 onig-6.9.2.tar.gz +7f1b42e1ceb6e9addf87bbd456848afd9db3b721352157e3a7362354c3a4cabd58fac202d199d9f9c2f08f0c5c98e3de8583367e7716028278dae96c3d6bb43a CVE-2019-13224.patch +4c1df67369055f945c49d579c3f2ae5ffc41bb1c8a2510555908f07691c669b290accd9152f017e02a2a21f8a365c9ffd8fab42a3d11409150551f0c0c919dc7 CVE-2019-13225.patch" diff --git a/user/oniguruma/CVE-2019-13224.patch b/user/oniguruma/CVE-2019-13224.patch new file mode 100644 index 000000000..22bc6bd2f --- /dev/null +++ b/user/oniguruma/CVE-2019-13224.patch @@ -0,0 +1,41 @@ +From 0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 Mon Sep 17 00:00:00 2001 +From: "K.Kosako" <kosako@sofnec.co.jp> +Date: Thu, 27 Jun 2019 17:25:26 +0900 +Subject: [PATCH] Fix CVE-2019-13224: don't allow different encodings for + onig_new_deluxe() + +--- + src/regext.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/regext.c b/src/regext.c +index fa4b360..965c793 100644 +--- a/src/regext.c ++++ b/src/regext.c +@@ -29,6 +29,7 @@ + + #include "regint.h" + ++#if 0 + static void + conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) + { +@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e + + return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } ++#endif + + extern int + onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, +@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, + if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; + + if (ci->pattern_enc != ci->target_enc) { +- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, +- &cpat, &cpat_end); +- if (r != 0) return r; ++ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } + else { + cpat = (UChar* )pattern; diff --git a/user/oniguruma/CVE-2019-13225.patch b/user/oniguruma/CVE-2019-13225.patch new file mode 100644 index 000000000..26e296d8d --- /dev/null +++ b/user/oniguruma/CVE-2019-13225.patch @@ -0,0 +1,69 @@ +From c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c Mon Sep 17 00:00:00 2001 +From: "K.Kosako" <kosako@sofnec.co.jp> +Date: Thu, 27 Jun 2019 14:11:55 +0900 +Subject: [PATCH] Fix CVE-2019-13225: problem in converting if-then-else + pattern to bytecode. + +--- + src/regcomp.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/src/regcomp.c b/src/regcomp.c +index c2c04a4..ff3431f 100644 +--- a/src/regcomp.c ++++ b/src/regcomp.c +@@ -1307,8 +1307,9 @@ compile_length_bag_node(BagNode* node, regex_t* reg) + len += tlen; + } + ++ len += SIZE_OP_JUMP + SIZE_OP_ATOMIC_END; ++ + if (IS_NOT_NULL(Else)) { +- len += SIZE_OP_JUMP; + tlen = compile_length_tree(Else, reg); + if (tlen < 0) return tlen; + len += tlen; +@@ -1455,7 +1456,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) + + case BAG_IF_ELSE: + { +- int cond_len, then_len, jump_len; ++ int cond_len, then_len, else_len, jump_len; + Node* cond = NODE_BAG_BODY(node); + Node* Then = node->te.Then; + Node* Else = node->te.Else; +@@ -1472,8 +1473,7 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) + else + then_len = 0; + +- jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END; +- if (IS_NOT_NULL(Else)) jump_len += SIZE_OP_JUMP; ++ jump_len = cond_len + then_len + SIZE_OP_ATOMIC_END + SIZE_OP_JUMP; + + r = add_op(reg, OP_PUSH); + if (r != 0) return r; +@@ -1490,11 +1490,20 @@ compile_bag_node(BagNode* node, regex_t* reg, ScanEnv* env) + } + + if (IS_NOT_NULL(Else)) { +- int else_len = compile_length_tree(Else, reg); +- r = add_op(reg, OP_JUMP); +- if (r != 0) return r; +- COP(reg)->jump.addr = else_len + SIZE_INC_OP; ++ else_len = compile_length_tree(Else, reg); ++ if (else_len < 0) return else_len; ++ } ++ else ++ else_len = 0; + ++ r = add_op(reg, OP_JUMP); ++ if (r != 0) return r; ++ COP(reg)->jump.addr = SIZE_OP_ATOMIC_END + else_len + SIZE_INC_OP; ++ ++ r = add_op(reg, OP_ATOMIC_END); ++ if (r != 0) return r; ++ ++ if (IS_NOT_NULL(Else)) { + r = compile_tree(Else, reg, env); + } + } diff --git a/user/opencv/APKBUILD b/user/opencv/APKBUILD index 235847209..fed685d80 100644 --- a/user/opencv/APKBUILD +++ b/user/opencv/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: pkgname=opencv -pkgver=4.1.0 +pkgver=4.1.1 pkgrel=0 pkgdesc="Computer vision and machine learning software library" url="https://opencv.org" @@ -57,5 +57,5 @@ package() { make DESTDIR="$pkgdir" -C build install } -sha512sums="492168c1260cd30449393c4b266d75202e751493a8f1e184af6c085d8f4a38800ee954d84fe8c36fcceb690b1ebb5e511b68c05901f64be79a0915f3f8a46dc0 opencv-4.1.0.tar.gz +sha512sums="80fa48d992ca06a2a4ab6740df6d8c21f4926165486b393969da2c5bbe2f3a0b799fb76dee5e3654e90c743e49bbd2b5b02ad59a4766896bbf4cd5b4e3251e0f opencv-4.1.1.tar.gz ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6 cmake-license.patch" diff --git a/user/openjpeg/APKBUILD b/user/openjpeg/APKBUILD index c549987d8..e454afa61 100644 --- a/user/openjpeg/APKBUILD +++ b/user/openjpeg/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=openjpeg pkgver=2.3.1 -pkgrel=1 +pkgrel=2 pkgdesc="Open-source implementation of JPEG 2000 image codec" url="http://www.openjpeg.org/" arch="all" @@ -11,7 +11,8 @@ license="BSD-2-Clause-NetBSD" depends_dev="$pkgname-tools" makedepends="libpng-dev tiff-dev lcms2-dev doxygen cmake" subpackages="$pkgname-dev $pkgname-tools" -source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz + CVE-2019-12973.patch" build() { cmake . \ @@ -23,6 +24,8 @@ build() { } # secfixes: +# 2.3.1-r2: +# - CVE-2019-12973 # 2.3.0-r0: # - CVE-2017-14039 # 2.2.0-r2: @@ -47,4 +50,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03 openjpeg-2.3.1.tar.gz" +sha512sums="339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03 openjpeg-2.3.1.tar.gz +472deba1d521553f9c7af805ba3d0c4fc31564fd36e37c598646f468b7d05bf5f81d2320fd6fadf8c0e3344ebce7bc0d04cece55a1b3cec2ef693a6e65bd2516 CVE-2019-12973.patch" diff --git a/user/openjpeg/CVE-2019-12973.patch b/user/openjpeg/CVE-2019-12973.patch new file mode 100644 index 000000000..0d330ae6d --- /dev/null +++ b/user/openjpeg/CVE-2019-12973.patch @@ -0,0 +1,152 @@ +From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 19:57:27 +0800 +Subject: [PATCH 1/2] convertbmp: detect invalid file dimensions early + +width/length dimensions read from bmp headers are not necessarily +valid. For instance they may have been maliciously set to very large +values with the intention to cause DoS (large memory allocation, stack +overflow). In these cases we want to detect the invalid size as early +as possible. + +This commit introduces a counter which verifies that the number of +written bytes corresponds to the advertized width/length. + +See commit 8ee335227bbc for details. + +Signed-off-by: Young Xiao <YangX92@hotmail.com> +--- + src/bin/jp2/convertbmp.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index 0af52f816..ec34f535b 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + } else { /* absolute mode */ + c = getc(IN); +@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + c1 = (OPJ_UINT8)getc(IN); + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); ++ written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ + getc(IN); +@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } + } + } /* while(y < height) */ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } + return OPJ_TRUE; + } + + +From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001 +From: Young Xiao <YangX92@hotmail.com> +Date: Sat, 16 Mar 2019 20:09:59 +0800 +Subject: [PATCH 2/2] bmp_read_rle4_data(): avoid potential infinite loop + +--- + src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index ec34f535b..2fc4e9bc4 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + while (y < height) { + int c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c) { /* encoded mode */ +- int j; +- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN); ++ int j, c1_int; ++ OPJ_UINT8 c1; ++ ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { +@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + } else { /* absolute mode */ + c = getc(IN); + if (c == EOF) { +- break; ++ return OPJ_FALSE; + } + + if (c == 0x00) { /* EOL */ +@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + break; + } else if (c == 0x02) { /* MOVE by dxdy */ + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + x += (OPJ_UINT32)c; + c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + y += (OPJ_UINT32)c; + pix = pData + y * stride + x; + } else { /* 03 .. 255 : absolute mode */ +@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData, + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + if ((j & 1) == 0) { +- c1 = (OPJ_UINT8)getc(IN); ++ int c1_int; ++ c1_int = getc(IN); ++ if (c1_int == EOF) { ++ return OPJ_FALSE; ++ } ++ c1 = (OPJ_UINT8)c1_int; + } + *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU)); + written++; + } + if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */ +- getc(IN); ++ c = getc(IN); ++ if (c == EOF) { ++ return OPJ_FALSE; ++ } + } + } + } diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD index 22d31dac7..3f84e64c7 100644 --- a/user/openldap/APKBUILD +++ b/user/openldap/APKBUILD @@ -2,15 +2,18 @@ # Contributor: Jakub Jirutka <jakub@jirutka.cz> # # secfixes: +# 2.4.48-r0: +# - CVE-2019-13057 +# - CVE-2019-13565 # 2.4.46: -# - CVE-2017-14159 -# - CVE-2017-17740 +# - CVE-2017-14159 +# - CVE-2017-17740 # 2.4.44-r5: -# - CVE-2017-9287 +# - CVE-2017-9287 # pkgname=openldap -pkgver=2.4.47 -pkgrel=1 +pkgver=2.4.48 +pkgrel=0 pkgdesc="LDAP Server" url="http://www.openldap.org/" arch="all" @@ -202,7 +205,7 @@ _submv() { done } -sha512sums="d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11 openldap-2.4.47.tgz +sha512sums="cf694a415be0bd55cc7f606099da2ed461748efd276561944cd29d7f5a8252a9be799d8778fac2d4fa9f382731eb4ca48c6b85630cb58a3b8249843561ae8feb openldap-2.4.48.tgz 5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch 44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch 8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch diff --git a/user/openldap/CVE-2017-9287.patch b/user/openldap/CVE-2017-9287.patch deleted file mode 100644 index 1599c1331..000000000 --- a/user/openldap/CVE-2017-9287.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001 -From: Ryan Tandy <ryan@nardis.ca> -Date: Wed, 17 May 2017 20:07:39 -0700 -Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0 - -Fixes a double free when a search includes the Paged Results control -with a page size of 0 and the search base matches the filter. ---- - servers/slapd/back-mdb/search.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c -index 301d1a4..43442aa 100644 ---- a/servers/slapd/back-mdb/search.c -+++ b/servers/slapd/back-mdb/search.c -@@ -1066,7 +1066,8 @@ notfound: - /* check size limit */ - if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) { - if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) { -- mdb_entry_return( op, e ); -+ if (e != base) -+ mdb_entry_return( op, e ); - e = NULL; - send_paged_response( op, rs, &lastid, tentries ); - goto done; --- -1.7.10.4 - diff --git a/user/openldap/libressl.patch b/user/openldap/libressl.patch deleted file mode 100644 index ac0106418..000000000 --- a/user/openldap/libressl.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- a/libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC -+++ b/libraries/libldap/tls_o.c -@@ -47,7 +47,7 @@ - #include <ssl.h> - #endif - --#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) - #endif - -@@ -157,7 +157,7 @@ tlso_init( void ) - (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) - SSL_load_error_strings(); - SSL_library_init(); - OpenSSL_add_all_digests(); -@@ -205,7 +205,7 @@ static void - tlso_ctx_ref( tls_ctx *ctx ) - { - tlso_ctx *c = (tlso_ctx *)ctx; --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) - #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) - #endif - SSL_CTX_up_ref( c ); -@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * - if (!x) return LDAP_INVALID_CREDENTIALS; - - xn = X509_get_subject_name(x); --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) - der_dn->bv_len = i2d_X509_NAME( xn, NULL ); - der_dn->bv_val = xn->bytes->data; - #else -@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval - return LDAP_INVALID_CREDENTIALS; - - xn = X509_get_subject_name(x); --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) - der_dn->bv_len = i2d_X509_NAME( xn, NULL ); - der_dn->bv_val = xn->bytes->data; - #else -@@ -721,7 +721,7 @@ struct tls_data { - Sockbuf_IO_Desc *sbiod; - }; - --#if OPENSSL_VERSION_NUMBER < 0x10100000 -+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) - #define BIO_set_init(b, x) b->init = x - #define BIO_set_data(b, x) b->ptr = x - #define BIO_clear_flags(b, x) b->flags &= ~(x) -@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) - return tlso_bio_write( b, str, strlen( str ) ); - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) - struct bio_method_st { - int type; - const char *name; diff --git a/user/openldap/openldap-mqtt-overlay.patch b/user/openldap/openldap-mqtt-overlay.patch deleted file mode 100644 index 795480f1e..000000000 --- a/user/openldap/openldap-mqtt-overlay.patch +++ /dev/null @@ -1,447 +0,0 @@ -diff --git a/contrib/slapd-modules/mqtt/Makefile b/contrib/slapd-modules/mqtt/Makefile -new file mode 100644 -index 0000000..2cb4db7 ---- /dev/null -+++ b/contrib/slapd-modules/mqtt/Makefile -@@ -0,0 +1,45 @@ -+# $OpenLDAP$ -+ -+LDAP_SRC = ../../.. -+LDAP_BUILD = ../../.. -+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd -+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \ -+ $(LDAP_BUILD)/libraries/liblber/liblber.la -+ -+LIBTOOL = $(LDAP_BUILD)/libtool -+CC = gcc -+OPT = -g -O2 -Wall -+DEFS = -+INCS = $(LDAP_INC) -+LIBS = $(LDAP_LIB) -lmosquitto -+ -+PROGRAMS = mqtt.la -+LTVER = 0:0:0 -+ -+prefix=/usr/local -+exec_prefix=$(prefix) -+ldap_subdir=/openldap -+ -+libdir=$(exec_prefix)/lib -+libexecdir=$(exec_prefix)/libexec -+moduledir = $(libdir)$(ldap_subdir) -+ -+.SUFFIXES: .c .o .lo -+ -+.c.lo: -+ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $< -+ -+all: $(PROGRAMS) -+ -+mqtt.la: mqtt.lo -+ $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \ -+ -rpath $(moduledir) -module -o $@ $? $(LIBS) -+ -+clean: -+ rm -rf *.o *.lo *.la .libs -+ -+install: $(PROGRAMS) -+ mkdir -p $(DESTDIR)$(moduledir) -+ for p in $(PROGRAMS) ; do \ -+ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \ -+ done -diff --git a/contrib/slapd-modules/mqtt/mqtt.c b/contrib/slapd-modules/mqtt/mqtt.c -new file mode 100644 -index 0000000..b3a0a31 ---- /dev/null -+++ b/contrib/slapd-modules/mqtt/mqtt.c -@@ -0,0 +1,389 @@ -+/* $OpenLDAP$ */ -+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. -+ * -+ * Copyright 2014 Timo Teräs <timo.teras@iki.fi>. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted only as authorized by the OpenLDAP -+ * Public License. -+ * -+ * A copy of this license is available in file LICENSE in the -+ * top-level directory of the distribution or, alternatively, at -+ * http://www.OpenLDAP.org/license.html. -+ */ -+/* mqtt-overlay -+ * -+ * This is an OpenLDAP overlay that... */ -+ -+#include <mosquitto.h> -+#include <unistd.h> -+ -+#include "portable.h" -+#include "slap.h" -+#include "config.h" -+ -+typedef struct mqtt_notify_t { -+ struct mqtt_notify_t *next; -+ char *topic; -+ char *dn_group_str; -+ char *oc_group_str; -+ char *str_member; -+ -+ struct berval ndn_group; -+ ObjectClass *oc_group; -+ AttributeDescription *ad_member; -+ int notify_pending; -+} mqtt_notify_t; -+ -+typedef struct mqtt_t { -+ struct mosquitto *mq; -+ int port; -+ char *hostname, *username, *password; -+ mqtt_notify_t *notify_map; -+} mqtt_t; -+ -+static ConfigDriver mqtt_config_notify; -+ -+static ConfigTable mqttcfg[] = { -+ { "mqtt-hostname", "hostname", 2, 2, 0, -+ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, hostname), -+ "( OLcfgCtAt:5.1 NAME 'olcMqttHostname' " -+ "DESC 'Hostname of MQTT broker' " -+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", -+ NULL, NULL }, -+ { "mqtt-port", "port", 2, 2, 0, -+ ARG_INT|ARG_OFFSET, (void *)offsetof(mqtt_t, port), -+ "( OLcfgCtAt:5.2 NAME 'olcMqttPort' " -+ "DESC 'Port of MQTT broker' " -+ "SYNTAX OMsInteger SINGLE-VALUE )", -+ NULL, NULL }, -+ { "mqtt-username", "username", 2, 2, 0, -+ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, username), -+ "( OLcfgCtAt:5.3 NAME 'olcMqttUsername' " -+ "DESC 'Username for MQTT broker' " -+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", -+ NULL, NULL }, -+ { "mqtt-password", "password", 2, 2, 0, -+ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, password), -+ "( OLcfgCtAt:5.4 NAME 'olcMqttPassword' " -+ "DESC 'Password for MQTT broker' " -+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", -+ NULL, NULL }, -+ { "mqtt-notify-password", "topic> <group-dn> <group-oc> <member-ad", 2, 5, 0, -+ ARG_MAGIC, mqtt_config_notify, -+ "( OLcfgCtAt:5.5 NAME 'olcMqttNotifyPassword' " -+ "DESC 'Notify password change on <topic>, optionally checking that the object is in the specified group.'" -+ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", -+ NULL, NULL }, -+ { NULL, NULL, 0, 0, 0, ARG_IGNORED } -+}; -+ -+static ConfigOCs mqttocs[] = { -+ { "( OLcfgCtOc:5.1 " -+ "NAME 'olcMqttConfig' " -+ "DESC 'MQTT configuration' " -+ "SUP olcOverlayConfig " -+ "MAY ( " -+ "olcMqttHostname " -+ "$ olcMqttPort" -+ "$ olcMqttUsername" -+ "$ olcMqttPassword" -+ "$ olcMqttNotifyPassword" -+ " ) )", -+ Cft_Overlay, mqttcfg }, -+ -+ { NULL, 0, NULL } -+}; -+ -+static int mqtt_init(BackendInfo *bi) -+{ -+ return mosquitto_lib_init(); -+} -+ -+static int mqtt_destroy(BackendInfo *bi) -+{ -+ return mosquitto_lib_cleanup(); -+} -+ -+static const char *ca_arg(ConfigArgs *c, int n) -+{ -+ return (c->argc <= n) ? NULL : c->argv[n]; -+} -+ -+static void free_notify(mqtt_notify_t *n) -+{ -+ ch_free(n->topic); -+ ch_free(n->oc_group_str); -+ ch_free(n->str_member); -+ ch_free(n->dn_group_str); -+ if (!BER_BVISNULL(&n->ndn_group)) -+ ber_memfree(n->ndn_group.bv_val); -+ ch_free(n); -+} -+ -+static void free_all_notifies(mqtt_t *mqtt) -+{ -+ mqtt_notify_t *n, *next; -+ -+ for (n = mqtt->notify_map; n; n = next) { -+ next = n->next; -+ free_notify(n); -+ } -+ mqtt->notify_map = NULL; -+} -+ -+static int mqtt_config_notify(ConfigArgs *c) -+{ -+ slap_overinst *on = (slap_overinst *)c->bi; -+ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; -+ mqtt_notify_t *n, **pprev; -+ const char *text = NULL; -+ struct berval bv = BER_BVNULL, ndn = BER_BVNULL; -+ int rc, i; -+ -+ switch (c->op) { -+ case SLAP_CONFIG_EMIT: -+ for (i = 0, n = mqtt->notify_map; n; n = n->next, i++) { -+ char *ptr = c->cr_msg, *end = &c->cr_msg[sizeof(c->cr_msg)-1]; -+ -+ ptr += snprintf(ptr, end-ptr, SLAP_X_ORDERED_FMT "%s", i, n->topic); -+ if (n->dn_group_str) -+ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->dn_group_str); -+ if (n->oc_group_str) -+ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->oc_group_str); -+ if (n->str_member) -+ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->str_member); -+ -+ bv.bv_val = c->cr_msg; -+ bv.bv_len = ptr - bv.bv_val; -+ value_add_one(&c->rvalue_vals, &bv); -+ } -+ return 0; -+ case LDAP_MOD_DELETE: -+ if (c->valx < 0) { -+ free_all_notifies(mqtt); -+ } else { -+ pprev = &mqtt->notify_map; -+ n = mqtt->notify_map; -+ for (i = 0; i < c->valx; i++) { -+ pprev = &n->next; -+ n = n->next; -+ } -+ *pprev = n->next; -+ free_notify(n); -+ } -+ return 0; -+ } -+ -+ const char *groupdn = ca_arg(c, 2); -+ const char *oc_name = ca_arg(c, 3); -+ const char *ad_name = ca_arg(c, 4); -+ ObjectClass *oc = NULL; -+ AttributeDescription *ad = NULL; -+ -+ if (groupdn) { -+ oc = oc_find(oc_name ?: SLAPD_GROUP_CLASS); -+ if (oc == NULL) { -+ Debug(LDAP_DEBUG_ANY, "mqtt_db_open: unable to find objectClass=\"%s\"\n", -+ oc_name, 0, 0); -+ return 1; -+ } -+ -+ rc = slap_str2ad(ad_name ?: SLAPD_GROUP_ATTR, &ad, &text); -+ if (rc != LDAP_SUCCESS) { -+ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: unable to find attribute=\"%s\": %s (%d)\n", -+ ad_name, text, rc); -+ return rc; -+ } -+ -+ ber_str2bv(groupdn, 0, 0, &bv); -+ rc = dnNormalize(0, NULL, NULL, &bv, &ndn, NULL); -+ if (rc != LDAP_SUCCESS) { -+ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: DN normalization failed for \"%s\": %d\n", -+ groupdn, rc, 0); -+ return rc; -+ } -+ } -+ -+ n = ch_calloc(1, sizeof(*n)); -+ n->topic = ch_strdup(c->argv[1]); -+ n->dn_group_str = groupdn ? ch_strdup(groupdn) : NULL; -+ n->oc_group_str = oc_name ? ch_strdup(oc_name) : NULL; -+ n->str_member = ad_name ? ch_strdup(ad_name) : NULL; -+ n->ndn_group = ndn; -+ n->oc_group = oc; -+ n->ad_member = ad; -+ -+ for (pprev = &mqtt->notify_map; *pprev; pprev = &(*pprev)->next); -+ *pprev = n; -+ -+ return 0; -+} -+ -+static void mqtt_send_notify(mqtt_t *mqtt, mqtt_notify_t *n) -+{ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_send_notify: pub on topic '%s'\n", n->topic, 0, 0); -+ n->notify_pending = mosquitto_publish(mqtt->mq, NULL, n->topic, 0, NULL, 1, true) == MOSQ_ERR_NO_CONN; -+} -+ -+static void mqtt_on_connect(struct mosquitto *mq, void *obj, int rc) -+{ -+ slap_overinst *on = (slap_overinst *) obj; -+ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; -+ mqtt_notify_t *n; -+ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_on_connect: connected with status %d\n", rc, 0, 0); -+ if (rc != 0) -+ return; -+ -+ for (n = mqtt->notify_map; n; n = n->next) -+ if (n->notify_pending) -+ mqtt_send_notify(mqtt, n); -+} -+ -+static int mqtt_db_init(BackendDB *be, ConfigReply *cr) -+{ -+ slap_overinst *on = (slap_overinst *) be->bd_info; -+ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_db_init: initialize overlay\n", 0, 0, 0); -+ on->on_bi.bi_private = ch_calloc(1, sizeof(mqtt_t)); -+ -+ return 0; -+} -+ -+static int mqtt_db_destroy(BackendDB *be, ConfigReply *cr) -+{ -+ slap_overinst *on = (slap_overinst *) be->bd_info; -+ mqtt_t *mqtt = on->on_bi.bi_private; -+ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_db_destroy: destroy overlay\n", 0, 0, 0); -+ free_all_notifies(mqtt); -+ ch_free(mqtt); -+ -+ return 0; -+} -+ -+static int mqtt_db_open(BackendDB *be, ConfigReply *cr) -+{ -+ slap_overinst *on = (slap_overinst *) be->bd_info; -+ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; -+ struct mosquitto *mq; -+ char id[256]; -+ int n; -+ -+ n = snprintf(id, sizeof(id), "openldap-mqtt/%d/", getpid()); -+ gethostname(&id[n], sizeof(id) - n); -+ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_db_open, id='%s'\n", id, 0, 0); -+ mqtt->mq = mq = mosquitto_new(id, true, on); -+ if (!mq) return 1; -+ -+ if (mqtt->username && mqtt->password) -+ mosquitto_username_pw_set(mq, mqtt->username, mqtt->password); -+ -+ mosquitto_connect_callback_set(mq, mqtt_on_connect); -+ mosquitto_connect_async(mq, mqtt->hostname ?: "127.0.0.1", mqtt->port ?: 1883, 60); -+ mosquitto_loop_start(mq); -+ -+ return 0; -+} -+ -+static int mqtt_db_close(BackendDB *be, ConfigReply *cr) -+{ -+ slap_overinst *on = (slap_overinst *) be->bd_info; -+ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; -+ -+ Debug(LDAP_DEBUG_TRACE, "mqtt_db_close\n", 0, 0, 0); -+ mosquitto_disconnect(mqtt->mq); -+ mosquitto_loop_stop(mqtt->mq, false); -+ mosquitto_destroy(mqtt->mq); -+ -+ free(mqtt->hostname); mqtt->hostname = NULL; -+ free(mqtt->username); mqtt->username = NULL; -+ free(mqtt->password); mqtt->password = NULL; -+ -+ return 0; -+} -+ -+static int mqtt_response(Operation *op, SlapReply *rs) -+{ -+ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; -+ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private; -+ Attribute *a; -+ Modifications *m; -+ bool change = false; -+ -+ switch (op->o_tag) { -+ case LDAP_REQ_ADD: -+ for (a = op->ora_e->e_attrs; a; a = a->a_next) { -+ if (a->a_desc == slap_schema.si_ad_userPassword) { -+ change = true; -+ break; -+ } -+ } -+ break; -+ case LDAP_REQ_MODIFY: -+ for (m = op->orm_modlist; m; m = m->sml_next) { -+ if (m->sml_desc == slap_schema.si_ad_userPassword) { -+ change = true; -+ break; -+ } -+ } -+ break; -+ case LDAP_REQ_EXTENDED: -+ if (ber_bvcmp(&slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid) == 0) -+ change = true; -+ break; -+ } -+ -+ if (change) { -+ mqtt_notify_t *n; -+ int r, cache; -+ -+ for (n = mqtt->notify_map; n; n = n->next) { -+ if (n->oc_group) { -+ cache = op->o_do_not_cache; -+ op->o_do_not_cache = 1; -+ r = backend_group(op, NULL, &n->ndn_group, &op->o_req_ndn, n->oc_group, n->ad_member); -+ op->o_do_not_cache = cache; -+ } else { -+ r = 0; -+ } -+ -+ Debug(LDAP_DEBUG_TRACE, "tested o_req_ndn='%s' in ndn_group='%s' r=%d\n", -+ op->o_req_ndn.bv_val, n->ndn_group.bv_val, r); -+ -+ if (r == 0) -+ mqtt_send_notify(mqtt, n); -+ } -+ } -+ -+ return SLAP_CB_CONTINUE; -+} -+ -+static int mqtt_init_overlay() -+{ -+ static slap_overinst ov; -+ int rc; -+ -+ ov.on_bi.bi_type = "mqtt"; -+ ov.on_bi.bi_init = mqtt_init; -+ ov.on_bi.bi_destroy = mqtt_destroy; -+ ov.on_bi.bi_db_init = mqtt_db_init; -+ ov.on_bi.bi_db_destroy = mqtt_db_destroy; -+ ov.on_bi.bi_db_open = mqtt_db_open; -+ ov.on_bi.bi_db_close = mqtt_db_close; -+ ov.on_bi.bi_cf_ocs = mqttocs; -+ ov.on_response = mqtt_response; -+ -+ rc = config_register_schema(mqttcfg, mqttocs); -+ if (rc) return rc; -+ -+ return overlay_register(&ov); -+} -+ -+int init_module(int argc, char *argv[]) -+{ -+ return mqtt_init_overlay(); -+} - diff --git a/user/plib/APKBUILD b/user/plib/APKBUILD index fe02621ac..46a6ce3d6 100644 --- a/user/plib/APKBUILD +++ b/user/plib/APKBUILD @@ -14,8 +14,8 @@ subpackages="$pkgname-dev" source="http://plib.sourceforge.net/dist/plib-$pkgver.tar.gz fix-openflight.patch joystick.patch - plib-1.8.5-CVE-2011-4620.patch - plib-1.8.5-CVE-2012-4552.patch + CVE-2011-4620.patch + CVE-2012-4552.patch shared.patch " @@ -49,6 +49,6 @@ package() { sha512sums="17154cc77243fe576c2bcbcb0285b98aef1a0634658f5473e95fe0ac8fa3ed477dbe5620e44ccf0b7cc616f812af0cd44d6fcbba0c563180d3b61c9d6f158e1d plib-1.8.5.tar.gz fac9c78a57a0c564c46d586ebf541b45cf7dc838387498f3263bac78f0f78c53c85000667d6dfd349e328b1cd4254ac0d786dd825aefbe957f94e6d3b91ec41b fix-openflight.patch d9909c81fe2ed696c639623c532cb16a1378b0e2843ccbef00bb16bc6459cc7c708b2b0903dbdc89e6fb05522debd79f0f88b311bf12c3d415e303591033f0a8 joystick.patch -c046cf65e80629f238aaba724f522c31b434f5c9687ea02b019846ce3469c6b074bd014f81a7a4e6b43db7b084f4dcd9d4c04b557dbc1b8b8ca00f2d782fdf1c plib-1.8.5-CVE-2011-4620.patch -a09462ecb085703aae7cd3b77954cc800410aa37a9616255cca2f21456e6d5dcf8ead3f684c98236deb1455c6a034dc8ec874bafdbab003f7a63517ea1f8350d plib-1.8.5-CVE-2012-4552.patch +c046cf65e80629f238aaba724f522c31b434f5c9687ea02b019846ce3469c6b074bd014f81a7a4e6b43db7b084f4dcd9d4c04b557dbc1b8b8ca00f2d782fdf1c CVE-2011-4620.patch +a09462ecb085703aae7cd3b77954cc800410aa37a9616255cca2f21456e6d5dcf8ead3f684c98236deb1455c6a034dc8ec874bafdbab003f7a63517ea1f8350d CVE-2012-4552.patch 8f4fcbf3a07f64212b3ce891a4629fb45b1c62b251730a9d5f7da6e6fe65c39540f80519e97cf6a45c32f950f25e4d383ba891a6c0a92ae8a37089e51c0c5020 shared.patch" diff --git a/user/plib/plib-1.8.5-CVE-2011-4620.patch b/user/plib/CVE-2011-4620.patch index 41fac5fe4..41fac5fe4 100644 --- a/user/plib/plib-1.8.5-CVE-2011-4620.patch +++ b/user/plib/CVE-2011-4620.patch diff --git a/user/plib/plib-1.8.5-CVE-2012-4552.patch b/user/plib/CVE-2012-4552.patch index 78f1b22ae..78f1b22ae 100644 --- a/user/plib/plib-1.8.5-CVE-2012-4552.patch +++ b/user/plib/CVE-2012-4552.patch diff --git a/user/py3-jinja2/APKBUILD b/user/py3-jinja2/APKBUILD index 71a4c2313..457262361 100644 --- a/user/py3-jinja2/APKBUILD +++ b/user/py3-jinja2/APKBUILD @@ -4,7 +4,7 @@ pkgname=py3-jinja2 _pkgname=Jinja2 _p="${_pkgname#?}" _p="${_pkgname%"$_p"}" -pkgver=2.10 +pkgver=2.10.1 pkgrel=0 pkgdesc="A small but fast and easy to use stand-alone template engine written in pure python." url="https://pypi.python.org/pypi/Jinja2" @@ -16,20 +16,20 @@ checkdepends="py3-pytest py3-markupsafe" source="$pkgname-$pkgver.tar.gz::https://files.pythonhosted.org/packages/source/$_p/$_pkgname/$_pkgname-$pkgver.tar.gz" builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: jinja2 +# 2.10.1-r0: +# - CVE-2019-10906 + build() { - cd "$builddir" python3 setup.py build } check() { - cd "$builddir" PYTHONPATH="$builddir:$PYTHONPATH" pytest } package() { - cd "$builddir" python3 setup.py install --prefix=/usr --root="$pkgdir" - } -sha512sums="0ea7371be67ffcf19e46dfd06523a45a0806e678a407d54f5f2f3e573982f0959cf82ec5d07b203670309928a62ef71109701ab16547a9bba2ebcdc178cb67f2 py3-jinja2-2.10.tar.gz" +sha512sums="a00153a0e07bb7d67f301b4eaf7af657726a1985e9ffc7ae2d76bdbb4c062d672efc8065e398767e1039b18a483a0092e206deac91e4047aad64920b56869623 py3-jinja2-2.10.1.tar.gz" diff --git a/user/py3-pyyaml/APKBUILD b/user/py3-pyyaml/APKBUILD index 1ea1a41f6..e2ce44251 100644 --- a/user/py3-pyyaml/APKBUILD +++ b/user/py3-pyyaml/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=py3-pyyaml _pkgname=pyyaml -pkgver=5.1.1 +pkgver=5.1.2 pkgrel=0 pkgdesc="YAML parser and emitter for Python" url="https://pyyaml.org/wiki/PyYAML" @@ -28,4 +28,4 @@ package() { python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="5c89f432b370990702db74b1e54fa185c38d2666377d3325aebcbb4841897aa2039b10a2c8196ce7ed4bb1300a854312335d3475821d785016190d70195f1480 py3-pyyaml-5.1.1.tar.gz" +sha512sums="7bc3dceadcfd512ede67581625887d00822464f20d3b646904f4a73afce8cf3b9766829c6004b626c31757edf8e2eedc27e60d96bee13afa68d3296a8a7f33bb py3-pyyaml-5.1.2.tar.gz" diff --git a/user/py3-tz/APKBUILD b/user/py3-tz/APKBUILD index a065d6bd8..f9c40cc4b 100644 --- a/user/py3-tz/APKBUILD +++ b/user/py3-tz/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: pkgname=py3-tz _pkgname=pytz -pkgver=2019.1 +pkgver=2019.2 pkgrel=0 pkgdesc="Timezone definitions for Python" url="http://pytz.sourceforge.net/" @@ -27,6 +27,6 @@ package() { mkdir -p "$pkgdir" python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="981a5aa2430bb7740bc1fd53e6c7416552c4f19d33a82701854b087ca5624ec3211b55add802e1e004f3728c32447f93d934c0d2bff993cd1be5e96e41fd44d6 pytz-2019.1.tar.gz +sha512sums="86d8b600373274f66200e5e9426303d5855221c85488415ad9270059fc7853c6f5f9399b11aad41f6522fbccc0878b9caf896c9bba16fde9857e412620151beb pytz-2019.2.tar.gz be61b829014be0d0d7db0c544481d378a95324c1f5968cbbcd7887c6ee8ce52a0b47ae734e16fc5fb2429d8d49c8ef199b6b3b7194f9e654699bb73ab8f3a10d zoneinfo-noinstall.patch 7629da5d76056789e7c29a4f047d25fe77586d4a78e8a1ce7ad7c513507d286098666edb24ee5cadc9b0a4d5623336bba8a6b0f786072ce741177022201fdc54 zoneinfo-fix.patch" diff --git a/user/re2c/APKBUILD b/user/re2c/APKBUILD index 703bcacdd..525604c4f 100644 --- a/user/re2c/APKBUILD +++ b/user/re2c/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Jeff Bilyk <jbilyk at gmail> # Maintainer: pkgname=re2c -pkgver=1.1.1 +pkgver=1.2 pkgrel=0 pkgdesc="Fast lexer generator for C and C++" url="http://re2c.org/" @@ -9,10 +9,9 @@ arch="all" license="Public-Domain" checkdepends="bash" subpackages="$pkgname-doc" -source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.gz" +source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.xz" build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -24,13 +23,11 @@ build() { } check() { - cd "$builddir" make tests } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="a6fe73611103588043748340976f0e6d07169a6546cb80627c0ccd2ceac83f362dbbf371530361d893537fd95deb19503b2c73c41ed40efe7787210d6c757397 re2c-1.1.1.tar.gz" +sha512sums="d029abc3493a26761eaa911cf73961f5b8ec2e00958c97740e73f568fc72b02b5f56d80e09657a95dcf2e7767f3e5085775bb78f0f5bc472d506682a3a7fc278 re2c-1.2.tar.xz" diff --git a/user/subversion/APKBUILD b/user/subversion/APKBUILD index 9cb297aa6..f05892f09 100644 --- a/user/subversion/APKBUILD +++ b/user/subversion/APKBUILD @@ -1,8 +1,8 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=subversion -pkgver=1.12.0 -pkgrel=1 +pkgver=1.12.2 +pkgrel=0 pkgdesc="Version control system from 2000" url="https://subversion.apache.org/" arch="all" @@ -18,10 +18,14 @@ makedepends="apr-dev apr-util-dev cyrus-sasl-dev db-dev dbus-dev file-dev subpackages="$pkgname-dev $pkgname-doc $pkgname-gnome $pkgname-kwallet $pkgname-pl $pkgname-lang" source="https://www-eu.apache.org/dist/subversion/subversion-$pkgver.tar.bz2 - apr-1.7.0.patch python3-bang.patch " +# secfixes: +# 1.12.2-r0: +# - CVE-2018-11782 +# - CVE-2019-0203 + build() { # this is only needed for autogen.sh _PATH=$PATH @@ -85,6 +89,5 @@ pl() { mv "$pkgdir"/usr/lib/*perl* "$subpkgdir"/usr/lib/ } -sha512sums="87a00b23bdac63124fa00642e2ac7e6f7818b092bc6422cabdeb2ca8fbc8c481fb8c1e4fbd86aac94e8e1fc099fa163aa0609aca23265ceb96ef4ebe78a64c13 subversion-1.12.0.tar.bz2 -71b22f08a972a51347af00f979c4ec540c5795b44f3ced07ab2fcf8b1294b59add945983af4a63815d9f5d3b0ba88c24320cf2ec21189bf48c0ec46c7c0b48cf apr-1.7.0.patch +sha512sums="b1f859b460afa54598778d8633f648acb4fa46138f7d6f0c1451e3c6a1de71df859233cd9ac7f19f0f20d7237ed3988f0a38da7552ffa58391e19d957bc7c136 subversion-1.12.2.tar.bz2 1b96b791f70c2f6e05da8dbc9d42ccadf4603f25392c6676c4e30ecdb142ce74dd9b8dc27dc68b1cb461f4409d79c4c2aeed1d39a5a442d9349079a819358f5a python3-bang.patch" diff --git a/user/subversion/apr-1.7.0.patch b/user/subversion/apr-1.7.0.patch deleted file mode 100644 index a74e5e454..000000000 --- a/user/subversion/apr-1.7.0.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- subversion-1.11.1/build/ac-macros/swig.m4 -+++ subversion-1.11.1/build/ac-macros/swig.m4 -@@ -137,13 +137,13 @@ - AC_CACHE_CHECK([for apr_int64_t Python/C API format string], - [svn_cv_pycfmt_apr_int64_t], [ - if test "x$svn_cv_pycfmt_apr_int64_t" = "x"; then -- AC_EGREP_CPP([MaTcHtHiS +\"lld\" +EnDeNd], -+ AC_EGREP_CPP([MaTcHtHiS +\"ll(\" *\")?d\" +EnDeNd], - [#include <apr.h> - MaTcHtHiS APR_INT64_T_FMT EnDeNd], - [svn_cv_pycfmt_apr_int64_t="L"]) - fi - if test "x$svn_cv_pycfmt_apr_int64_t" = "x"; then -- AC_EGREP_CPP([MaTcHtHiS +\"ld\" +EnDeNd],r -+ AC_EGREP_CPP([MaTcHtHiS +\"l(\" *\")?d\" +EnDeNd],r - [#include <apr.h> - MaTcHtHiS APR_INT64_T_FMT EnDeNd], - [svn_cv_pycfmt_apr_int64_t="l"]) diff --git a/user/taglib/APKBUILD b/user/taglib/APKBUILD index 60586f78e..0b7731116 100644 --- a/user/taglib/APKBUILD +++ b/user/taglib/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=taglib pkgver=1.11.1 -pkgrel=2 +pkgrel=3 pkgdesc="Library for manipulating audio file metadata" url="https://taglib.org/" arch="all" @@ -10,7 +10,14 @@ license="LGPL-2.1-only AND MPL-1.1" depends="" makedepends="cmake zlib-dev" subpackages="$pkgname-dev" -source="http://taglib.org/releases/taglib-$pkgver.tar.gz" +source="http://taglib.org/releases/taglib-$pkgver.tar.gz + CVE-2017-12678.patch + CVE-2018-11439.patch" + +# secfixes: +# 1.11.1-r3: +# - CVE-2017-12678 +# - CVE-2018-11439 build() { cd "$builddir" @@ -27,4 +34,6 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz" +sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz +e50810e8d790c490b7d6752c4bf65da812b7534b9920c505d83b8bd0d67fe9991b4db488b6a63e69b206bbcb3cf80754018b17294b5832dd05bfad9a0fbc56c6 CVE-2017-12678.patch +9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2 CVE-2018-11439.patch" diff --git a/user/taglib/CVE-2017-12678.patch b/user/taglib/CVE-2017-12678.patch new file mode 100644 index 000000000..71081c6d6 --- /dev/null +++ b/user/taglib/CVE-2017-12678.patch @@ -0,0 +1,31 @@ +From cb9f07d9dcd791b63e622da43f7b232adaec0a9a Mon Sep 17 00:00:00 2001 +From: "Stephen F. Booth" <me@sbooth.org> +Date: Sat, 30 Sep 2017 10:15:41 -0500 +Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame + (#831) + +If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame +which causes problems in rebuildAggregateFrames() when it is assumed +that TDRC is a TextIdentificationFrame +--- + taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp +index 759a9b7be..9347ab869 100644 +--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp ++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp +@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const + tag->frameList("TDAT").size() == 1) + { + TextIdentificationFrame *tdrc = +- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); ++ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); + UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); + +- if(tdrc->fieldList().size() == 1 && ++ if(tdrc && ++ tdrc->fieldList().size() == 1 && + tdrc->fieldList().front().size() == 4 && + tdat->data().size() >= 5) + { diff --git a/user/taglib/CVE-2018-11439.patch b/user/taglib/CVE-2018-11439.patch new file mode 100644 index 000000000..20b777e74 --- /dev/null +++ b/user/taglib/CVE-2018-11439.patch @@ -0,0 +1,42 @@ +From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001 +From: Scott Gayou <github.scott@gmail.com> +Date: Tue, 9 Oct 2018 18:46:55 -0500 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + (#869) + +CVE-2018-11439 is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d04508a..07ea9dccc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD index 7adeefa35..d273d4acc 100644 --- a/user/tcpdump/APKBUILD +++ b/user/tcpdump/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Dan Theisen <djt@hxx.in> pkgname=tcpdump pkgver=4.9.2 -pkgrel=1 +pkgrel=2 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" @@ -11,12 +11,15 @@ depends="" makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz + CVE-2017-16808.patch CVE-2018-19519.patch " # secfixes: # 4.9.2-r1: # - CVE-2018-19519 +# 4.9.2-r2: +# - CVE-2017-16808 build () { cd "$builddir" @@ -42,4 +45,5 @@ package() { } sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz +d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch" diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch new file mode 100644 index 000000000..6b41aad8c --- /dev/null +++ b/user/tcpdump/CVE-2017-16808.patch @@ -0,0 +1,26 @@ +From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko <denis@ovsienko.info> +Date: Thu, 31 Aug 2017 21:15:37 +0100 +Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. + +In aoev1_reserve_print() check bounds before trying to print an Ethernet +address. + +This fixes a buffer over-read discovered by Bhargava Shastry, +SecT/TU Berlin. +--- + print-aoe.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/print-aoe.c b/print-aoe.c +index 97e93df2e..2c78a55d3 100644 +--- a/print-aoe.c ++++ b/print-aoe.c +@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, + goto invalid; + /* addresses */ + for (i = 0; i < nmacs; i++) { ++ ND_TCHECK2(*cp, ETHER_ADDR_LEN); + ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); + cp += ETHER_ADDR_LEN; + } |