diff options
| -rw-r--r-- | system/musl/APKBUILD | 6 | ||||
| -rw-r--r-- | system/musl/amalgamation.patch | 366 | ||||
| -rw-r--r-- | system/musl/stdio.patch | 69 | ||||
| -rw-r--r-- | user/boost/APKBUILD | 18 | ||||
| -rw-r--r-- | user/ksysguard/0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch | 31 | ||||
| -rw-r--r-- | user/ksysguard/APKBUILD | 4 | ||||
| -rw-r--r-- | user/netqmail/APKBUILD | 22 | ||||
| -rw-r--r-- | user/php7/APKBUILD | 36 | ||||
| -rw-r--r-- | user/php7/CVE-2018-19935.patch | 52 | ||||
| -rw-r--r-- | user/php7/enchant-2.patch | 63 |
10 files changed, 577 insertions, 90 deletions
diff --git a/system/musl/APKBUILD b/system/musl/APKBUILD index 0b6d3a959..dbb13a56f 100644 --- a/system/musl/APKBUILD +++ b/system/musl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=musl pkgver=1.1.21 -pkgrel=3 +pkgrel=4 pkgdesc="System library (libc) implementation" url="https://www.musl-libc.org/" arch="all" @@ -27,6 +27,7 @@ source="https://www.musl-libc.org/releases/musl-$pkgver.tar.gz handle-aux-at_base.patch fgetspent_r.patch gettext-preserve-errno.patch + stdio.patch ldconfig getent.c @@ -120,11 +121,12 @@ utils() { } sha512sums="fa6c4cc012626c5e517e0e10926fc845e3aa5f863ffaceeb38ac5b9ce0af631a37f6b94f470997db09aa0d5e03f4f28a2db83484b0f98481bea2239c1989d363 musl-1.1.21.tar.gz -3162b778101a46d9fb3a38927e3c4969781ccdabb9bb72de10d48ea31691215ecba605faee945ed86144a7e31fc948c31c2fee2881dc07897be3e82b6c6ff1e6 amalgamation.patch +e2227bf201e13fc5a537bc47096dfa4d2ff45fc7ce5609a7c1d640e11215cf8a62d7652a4d17d25ab5c13406ef14fd4856397fc2056419fd1a83c8c37171fdc1 amalgamation.patch 88ae443dbb8e0a4368235bdc3a1c5c7b718495afa75e06deb8e01becc76cb1f0d6964589e2204fc749c9c1b3190b8b9ac1ae2c0099cab8e2ce3ec877103d4332 3001-make-real-lastlog-h.patch 6a7ff16d95b5d1be77e0a0fbb245491817db192176496a57b22ab037637d97a185ea0b0d19da687da66c2a2f5578e4343d230f399d49fe377d8f008410974238 handle-aux-at_base.patch ded41235148930f8cf781538f7d63ecb0c65ea4e8ce792565f3649ee2523592a76b2a166785f0b145fc79f5852fd1fb1729a7a09110b3b8f85cba3912e790807 fgetspent_r.patch db180e437b8b7582e4d2baf06b592b88a9f6e5a8f18b7afa81d7a707240a774273778f8fec1c5cbea2a137e00cca49ff08fe762c871be20c70b50104b7e8e1e1 gettext-preserve-errno.patch +14862273d0facbec042f444dfa477d1793b16b68e058bf7038f492cb6e3f3c278b1c3ea8bd89816e4e8b847ffd48ac7c3abd55504769fccd02356f6f80af2fd4 stdio.patch cce2f1eeb61e55674469c26871a573cce61d739c3defe9c8f56f2b774f6ba5435849ad542a6714120efddc98c297098e9c98a1a424ac593df2243d4aa479f9a9 ldconfig 378d70e65bcc65bb4e1415354cecfa54b0c1146dfb24474b69e418cdbf7ad730472cd09f6f103e1c99ba6c324c9560bccdf287f5889bbc3ef0bdf0e08da47413 getent.c 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf iconv.c" diff --git a/system/musl/amalgamation.patch b/system/musl/amalgamation.patch index d4d4465dc..fa118c910 100644 --- a/system/musl/amalgamation.patch +++ b/system/musl/amalgamation.patch @@ -280,3 +280,369 @@ index 03c5a77b..c423b825 100644 int ret = __clock_gettime(CLOCK_REALTIME, ts); return ret < 0 ? 0 : base; } +diff --git a/src/stdio/setvbuf.c b/src/stdio/setvbuf.c +index 06ea296c..523dddc8 100644 +--- a/src/stdio/setvbuf.c ++++ b/src/stdio/setvbuf.c +@@ -12,13 +12,15 @@ int setvbuf(FILE *restrict f, char *restrict buf, int type, size_t size) + + if (type == _IONBF) { + f->buf_size = 0; +- } else { ++ } else if (type == _IOLBF || type == _IOFBF) { + if (buf && size >= UNGET) { + f->buf = (void *)(buf + UNGET); + f->buf_size = size - UNGET; + } + if (type == _IOLBF && f->buf_size) + f->lbf = '\n'; ++ } else { ++ return -1; + } + + f->flags |= F_SVB; +diff --git a/src/unistd/getcwd.c b/src/unistd/getcwd.c +index f407ffe0..4fd3a60c 100644 +--- a/src/unistd/getcwd.c ++++ b/src/unistd/getcwd.c +@@ -15,8 +15,11 @@ char *getcwd(char *buf, size_t size) + return 0; + } + long ret = syscall(SYS_getcwd, buf, size); +- if (ret < 0) ++ if (ret < 0) { ++ if (errno == ENAMETOOLONG) ++ errno = ENOMEM; + return 0; ++ } + if (ret == 0 || buf[0] != '/') { + errno = ENOENT; + return 0; +diff --git a/include/tar.h b/include/tar.h +index 2eba66ec..d15bd9b4 100644 +--- a/include/tar.h ++++ b/include/tar.h +@@ -5,9 +5,7 @@ + + #define TSUID 04000 + #define TSGID 02000 +-#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) || defined(_XOPEN_SOURCE) + #define TSVTX 01000 +-#endif + #define TUREAD 00400 + #define TUWRITE 00200 + #define TUEXEC 00100 +diff --git a/src/conf/fpathconf.c b/src/conf/fpathconf.c +index b6a9d63e..83e47e87 100644 +--- a/src/conf/fpathconf.c ++++ b/src/conf/fpathconf.c +@@ -5,7 +5,7 @@ + long fpathconf(int fd, int name) + { + static const long values[] = { +- [_PC_LINK_MAX] = _POSIX_LINK_MAX, ++ [_PC_LINK_MAX] = -1, + [_PC_MAX_CANON] = _POSIX_MAX_CANON, + [_PC_MAX_INPUT] = _POSIX_MAX_INPUT, + [_PC_NAME_MAX] = NAME_MAX, +diff --git a/include/unistd.h b/include/unistd.h +index 1bdd3292..cdb16c19 100644 +--- a/include/unistd.h ++++ b/include/unistd.h +@@ -33,16 +33,23 @@ extern "C" { + #include <bits/alltypes.h> + + int pipe(int [2]); +-int pipe2(int [2], int); + int close(int); +-int posix_close(int, int); + int dup(int); + int dup2(int, int); +-int dup3(int, int, int); + off_t lseek(int, off_t, int); + int fsync(int); + int fdatasync(int); + ++#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) \ ++ || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE+0 > 700) \ ++ || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE+0 > 200809L) ++int pipe2(int [2], int); ++int dup3(int, int, int); ++int posix_close(int, int); ++ ++#define POSIX_CLOSE_RESTART 0 ++#endif ++ + ssize_t read(int, void *, size_t); + ssize_t write(int, const void *, size_t); + ssize_t pread(int, void *, size_t, off_t); +@@ -200,8 +207,6 @@ int eaccess(const char *, int); + #define off64_t off_t + #endif + +-#define POSIX_CLOSE_RESTART 0 +- + #define _XOPEN_VERSION 700 + #define _XOPEN_UNIX 1 + #define _XOPEN_ENH_I18N 1 +diff --git a/src/misc/forkpty.c b/src/misc/forkpty.c +index caf13adb..047eb7d6 100644 +--- a/src/misc/forkpty.c ++++ b/src/misc/forkpty.c +@@ -1,3 +1,4 @@ ++#define _GNU_SOURCE + #include <pty.h> + #include <utmp.h> + #include <unistd.h> +diff --git a/src/misc/wordexp.c b/src/misc/wordexp.c +index db83a69f..1ae03f9f 100644 +--- a/src/misc/wordexp.c ++++ b/src/misc/wordexp.c +@@ -1,3 +1,4 @@ ++#define _GNU_SOURCE + #include <wordexp.h> + #include <unistd.h> + #include <stdio.h> +diff --git a/src/stdio/popen.c b/src/stdio/popen.c +index 92cb57ee..1ff9e0d9 100644 +--- a/src/stdio/popen.c ++++ b/src/stdio/popen.c +@@ -1,3 +1,4 @@ ++#define _GNU_SOURCE + #include <fcntl.h> + #include <unistd.h> + #include <errno.h> +diff --git a/src/unistd/faccessat.c b/src/unistd/faccessat.c +index 76bbd4c7..d5e70608 100644 +--- a/src/unistd/faccessat.c ++++ b/src/unistd/faccessat.c +@@ -1,3 +1,4 @@ ++#define _GNU_SOURCE + #include <unistd.h> + #include <fcntl.h> + #include <sys/wait.h> +diff --git a/include/fcntl.h b/include/fcntl.h +index 4d91338b..04321887 100644 +--- a/include/fcntl.h ++++ b/include/fcntl.h +@@ -36,8 +36,9 @@ int openat(int, const char *, int, ...); + int posix_fadvise(int, off_t, off_t, int); + int posix_fallocate(int, off_t, off_t); + +-#define O_SEARCH O_PATH +-#define O_EXEC O_PATH ++#define O_SEARCH O_PATH ++#define O_EXEC O_PATH ++#define O_TTY_INIT 0 + + #define O_ACCMODE (03|O_SEARCH) + #define O_RDONLY 00 +diff --git a/src/dirent/fdopendir.c b/src/dirent/fdopendir.c +index c377271d..d78fb87f 100644 +--- a/src/dirent/fdopendir.c ++++ b/src/dirent/fdopendir.c +@@ -13,6 +13,10 @@ DIR *fdopendir(int fd) + if (fstat(fd, &st) < 0) { + return 0; + } ++ if (fcntl(fd, F_GETFL) & O_PATH) { ++ errno = EBADF; ++ return 0; ++ } + if (!S_ISDIR(st.st_mode)) { + errno = ENOTDIR; + return 0; +diff --git a/src/unistd/renameat.c b/src/unistd/renameat.c +index 12574822..07386407 100644 +--- a/src/unistd/renameat.c ++++ b/src/unistd/renameat.c +@@ -1,7 +1,38 @@ ++#include <errno.h> ++#include <libgen.h> ++#include <limits.h> + #include <stdio.h> ++#include <string.h> + #include "syscall.h" + + int renameat(int oldfd, const char *old, int newfd, const char *new) + { ++ char old_copy[PATH_MAX+1], new_copy[PATH_MAX+1]; ++ char *base; ++ ++ if (strlen(old) > PATH_MAX || strlen(new) > PATH_MAX) { ++ errno = ENAMETOOLONG; ++ return -1; ++ } ++ ++ if (strlen(old) == 0 || strlen(new) == 0) { ++ errno = ENOENT; ++ return -1; ++ } ++ ++ strcpy(old_copy, old); ++ strcpy(new_copy, new); ++ ++ base = basename(old_copy); ++ strncpy(old_copy, base, sizeof(old_copy)); ++ base = basename(new_copy); ++ strncpy(new_copy, base, sizeof(new_copy)); ++ ++ if (strcmp(old_copy, ".") == 0 || strcmp(old_copy, "..") == 0 || ++ strcmp(new_copy, ".") == 0 || strcmp(new_copy, "..") == 0) { ++ errno = EINVAL; ++ return -1; ++ } ++ + return syscall(SYS_renameat, oldfd, old, newfd, new); + } +diff --git a/src/unistd/renameat.c b/src/unistd/renameat.c +index 07386407..7e850401 100644 +--- a/src/unistd/renameat.c ++++ b/src/unistd/renameat.c +@@ -1,16 +1,23 @@ + #include <errno.h> ++#include <fcntl.h> + #include <libgen.h> + #include <limits.h> + #include <stdio.h> + #include <string.h> ++#include <sys/stat.h> ++#include <sys/types.h> ++#include <unistd.h> + #include "syscall.h" + + int renameat(int oldfd, const char *old, int newfd, const char *new) + { + char old_copy[PATH_MAX+1], new_copy[PATH_MAX+1]; + char *base; ++ size_t old_size, new_size; ++ struct stat statbuf; + +- if (strlen(old) > PATH_MAX || strlen(new) > PATH_MAX) { ++ if ((old_size = strlen(old)) > PATH_MAX || \ ++ (new_size = strlen(new)) > PATH_MAX) { + errno = ENAMETOOLONG; + return -1; + } +@@ -34,5 +41,31 @@ int renameat(int oldfd, const char *old, int newfd, const char *new) + return -1; + } + ++ /* The Linux kernel will fail when attempting to rename a symlink of a ++ directory with a trailing slash. We therefore have to handle this ++ case ourselves. */ ++ if (old[old_size - 1] == '/') { ++ /* Calling stat(2) on a symlink to a dir with the trailing ++ slash causes stat(2) to return the actual directory instead ++ of the symlink itself. */ ++ strcpy(old_copy, old); ++ old_copy[old_size - 1] = '\0'; ++ if (fstatat(oldfd, old_copy, &statbuf, AT_SYMLINK_NOFOLLOW) == -1) { ++ return -1; ++ } ++ if (S_ISLNK(statbuf.st_mode)) { ++ if (fstatat(oldfd, old, &statbuf, 0) == -1) { ++ return -1; ++ } ++ if (S_ISDIR(statbuf.st_mode)) { ++ old = old_copy; ++ } else { ++ /* may as well not waste the syscall */ ++ errno = ENOTDIR; ++ return -1; ++ } ++ } ++ } ++ + return syscall(SYS_renameat, oldfd, old, newfd, new); + } +diff --git a/src/unistd/renameat.c b/src/unistd/renameat.c +index d0f31c21..e2f03d39 100644 +--- a/src/unistd/renameat.c ++++ b/src/unistd/renameat.c +@@ -9,12 +9,31 @@ + #include <unistd.h> + #include "syscall.h" + ++static inline int test_symlink_dirness(int fd, const char *pathname) ++{ ++ struct stat statbuf; ++ if (fstatat(fd, pathname, &statbuf, AT_SYMLINK_NOFOLLOW) == -1) { ++ return 1; ++ } ++ if (S_ISLNK(statbuf.st_mode)) { ++ if (fstatat(fd, pathname, &statbuf, 0) == -1) return 1; ++ ++ if (S_ISDIR(statbuf.st_mode)) return 0; ++ else { ++ errno = ENOTDIR; ++ return -1; ++ } ++ } ++ return 1; ++} ++ + int renameat(int oldfd, const char *old, int newfd, const char *new) + { + char old_copy[PATH_MAX+1], new_copy[PATH_MAX+1]; + char *base; + size_t old_size, new_size; +- struct stat statbuf; ++ struct stat oldstat, newstat; ++ int r; + + if ((old_size = strlen(old)) > PATH_MAX || \ + (new_size = strlen(new)) > PATH_MAX) { +@@ -22,11 +41,18 @@ int renameat(int oldfd, const char *old, int newfd, const char *new) + return -1; + } + +- if (strlen(old) == 0 || strlen(new) == 0) { ++ if (old_size == 0 || new_size == 0) { + errno = ENOENT; + return -1; + } + ++ /* Test equality of old and new. ++ If they both resolve to the same dentry, we do nothing. */ ++ if (fstatat(oldfd, old, &oldstat, 0) == 0 && \ ++ fstatat(newfd, new, &newstat, 0) == 0 && \ ++ oldstat.st_dev == newstat.st_dev && \ ++ oldstat.st_ino == newstat.st_ino) return 0; ++ + strcpy(old_copy, old); + strcpy(new_copy, new); + +@@ -50,21 +76,17 @@ int renameat(int oldfd, const char *old, int newfd, const char *new) + of the symlink itself. */ + strcpy(old_copy, old); + old_copy[old_size - 1] = '\0'; +- if (fstatat(oldfd, old_copy, &statbuf, AT_SYMLINK_NOFOLLOW) == -1) { +- return -1; +- } +- if (S_ISLNK(statbuf.st_mode)) { +- if (fstatat(oldfd, old, &statbuf, 0) == -1) { +- return -1; +- } +- if (S_ISDIR(statbuf.st_mode)) { +- old = old_copy; +- } else { +- /* may as well not waste the syscall */ +- errno = ENOTDIR; +- return -1; +- } +- } ++ r = test_symlink_dirness(oldfd, old_copy); ++ if (r == 0) old = old_copy; ++ else if (r == -1) return -1; ++ } ++ ++ if (new[new_size - 1] == '/') { ++ strcpy(new_copy, new); ++ new_copy[new_size - 1] = '\0'; ++ r = test_symlink_dirness(newfd, new_copy); ++ if (r == 0) new = new_copy; ++ else if (r == -1) return -1; + } + + return syscall(SYS_renameat, oldfd, old, newfd, new); diff --git a/system/musl/stdio.patch b/system/musl/stdio.patch new file mode 100644 index 000000000..9ddfa5738 --- /dev/null +++ b/system/musl/stdio.patch @@ -0,0 +1,69 @@ +diff --git a/include/alltypes.h.in b/include/alltypes.h.in +index 622ca01..4cc879b 100644 +--- a/include/alltypes.h.in ++++ b/include/alltypes.h.in +@@ -57,6 +57,7 @@ TYPEDEF struct { unsigned __attr; } pthread_condattr_t; + TYPEDEF struct { unsigned __attr; } pthread_barrierattr_t; + TYPEDEF struct { unsigned __attr[2]; } pthread_rwlockattr_t; + ++STRUCT _IO_FILE { char __x; }; + TYPEDEF struct _IO_FILE FILE; + + TYPEDEF struct __mbstate_t { unsigned __opaque1, __opaque2; } mbstate_t; +diff --git a/include/stdio.h b/include/stdio.h +index afadd91..3604198 100644 +--- a/include/stdio.h ++++ b/include/stdio.h +@@ -11,6 +11,10 @@ extern "C" { + #define __NEED___isoc_va_list + #define __NEED_size_t + ++#if __STDC_VERSION__ < 201112L ++#define __NEED_struct__IO_FILE ++#endif ++ + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ + || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) \ + || defined(_BSD_SOURCE) +diff --git a/include/wchar.h b/include/wchar.h +index 369b1e9..88eb55b 100644 +--- a/include/wchar.h ++++ b/include/wchar.h +@@ -14,6 +14,10 @@ extern "C" { + #define __NEED_wint_t + #define __NEED_mbstate_t + ++#if __STDC_VERSION__ < 201112L ++#define __NEED_struct__IO_FILE ++#endif ++ + #if defined(_POSIX_SOURCE) || defined(_POSIX_C_SOURCE) \ + || defined(_XOPEN_SOURCE) || defined(_GNU_SOURCE) || defined(_BSD_SOURCE) + #define __NEED_locale_t +diff --git a/src/include/stdio.h b/src/include/stdio.h +index 534c690..fae3755 100644 +--- a/src/include/stdio.h ++++ b/src/include/stdio.h +@@ -1,6 +1,8 @@ + #ifndef STDIO_H + #define STDIO_H + ++#define __DEFINED_struct__IO_FILE ++ + #include "../../include/stdio.h" + + #undef stdin +diff --git a/src/include/wchar.h b/src/include/wchar.h +index e69de29..79f5d0e 100644 +--- a/src/include/wchar.h ++++ b/src/include/wchar.h +@@ -0,0 +1,9 @@ ++#ifndef WCHAR_H ++#define WCHAR_H ++ ++#define __DEFINED_struct__IO_FILE ++ ++#include "../../include/wchar.h" ++ ++#endif ++ diff --git a/user/boost/APKBUILD b/user/boost/APKBUILD index e979993d8..5c836d68a 100644 --- a/user/boost/APKBUILD +++ b/user/boost/APKBUILD @@ -11,7 +11,7 @@ license="BSL-1.0" options="!check" # No test suite. depends="" depends_dev="linux-headers" -makedepends="$depends_dev python3-dev flex bison bzip2-dev zlib-dev" +makedepends="$depends_dev byacc bzip2-dev flex python3-dev xz-dev zstd-dev" subpackages="$pkgname-dev $pkgname-doc" source="http://downloads.sourceforge.net/$pkgname/${pkgname}_$_pkgver.tar.bz2 boost-1.57.0-python-abi_letters.patch @@ -19,7 +19,14 @@ source="http://downloads.sourceforge.net/$pkgname/${pkgname}_$_pkgver.tar.bz2 " builddir="$srcdir/${pkgname}_${_pkgver}" -_libs="date_time +_libs=" + atomic + chrono + container + contract + coroutine + date_time + fiber filesystem graph iostreams @@ -66,20 +73,21 @@ esac _enginedir=tools/build/src/engine _bjam="${builddir}/$_enginedir/bin.linux${_boostarch}/bjam" [ "$_boostarch" = "s390" ] && _bjam="${builddir}/$_enginedir/bin.linux390/bjam" && \ - _options_s390="--without-context --without-coroutine --without-coroutine2" + _options_s390="--without-coroutine --without-coroutine2" +# context is broken on at least s390 and sparc _options="--user-config=\"$builddir/user-config.jam\" --prefix=\"$pkgdir/usr\" release debug-symbols=off - threading=single,multi runtime-link=shared link=shared,static cflags=-fno-strict-aliasing -sPYTHON_ROOT=/usr -sTOOLS=gcc - --layout=tagged + --layout=system -q + --without-context -j${JOBS:-2} ${_options_s390} " diff --git a/user/ksysguard/0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch b/user/ksysguard/0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch new file mode 100644 index 000000000..8828736f3 --- /dev/null +++ b/user/ksysguard/0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch @@ -0,0 +1,31 @@ +From d6fa7c0ab6c3a6b1494ffd12b93ee5cc2e4d3d5c Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Mon, 18 Mar 2019 14:34:26 -0500 +Subject: [PATCH] Linux softraid: define _GNU_SOURCE for pipe2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In a strict POSIX compilation environment, pipe2 is not defined. Use +the _GNU_SOURCE FTM to expose it. + +Fixes a failure to build ksysguard on Adélie Linux. +--- + ksysguardd/Linux/softraid.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ksysguardd/Linux/softraid.c b/ksysguardd/Linux/softraid.c +index c2123fb7..96eb373e 100644 +--- a/ksysguardd/Linux/softraid.c ++++ b/ksysguardd/Linux/softraid.c +@@ -27,6 +27,7 @@ + #include <sys/types.h> /* for open */ + #include <sys/stat.h> /* for open */ + #include <fcntl.h> /* for open */ ++#define _GNU_SOURCE /* pipe2 */ + #include <unistd.h> /* for read, close, exec, fork */ + #include <stdlib.h> /* for exit */ + #include <sys/wait.h> /* for wait :) */ +-- +2.19.2 + diff --git a/user/ksysguard/APKBUILD b/user/ksysguard/APKBUILD index 33810d40e..864e7add2 100644 --- a/user/ksysguard/APKBUILD +++ b/user/ksysguard/APKBUILD @@ -15,6 +15,7 @@ makedepends="qt5-qtbase-dev kconfig-dev kcoreaddons-dev kdbusaddons-dev kio-dev subpackages="$pkgname-doc $pkgname-lang" source="https://download.kde.org/stable/plasma/$pkgver/ksysguard-$pkgver.tar.xz ksysguard-5.6.5-rindex-header.patch + 0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch " build() { @@ -44,4 +45,5 @@ package() { } sha512sums="745958c74914d9b21373919b0e54cf7d1dd0621769aa8a480bac924862c494c68c86fa36c019fb13d71d8d86c8d923161290ef9a967b98c1182df88da63bbb35 ksysguard-5.12.7.tar.xz -13a26451c459cff1d3b00af27c953d10c55e7e8f43ef7a6f0f54dd05dcb612546545c0170089e9499bb041f004cdacf19cb112d247a8ccf8fd4e77fea0d1c8bc ksysguard-5.6.5-rindex-header.patch" +13a26451c459cff1d3b00af27c953d10c55e7e8f43ef7a6f0f54dd05dcb612546545c0170089e9499bb041f004cdacf19cb112d247a8ccf8fd4e77fea0d1c8bc ksysguard-5.6.5-rindex-header.patch +0a424bb5e23f283d0cccfe86c0a6c2915f563a82e27a1dc16be8b4dc4b3d90ce116c4eb448dd1d5dc07602225468880206a5eb70c1b66d1e19e9a405fae7aa88 0001-Linux-softraid-define-_GNU_SOURCE-for-pipe2.patch" diff --git a/user/netqmail/APKBUILD b/user/netqmail/APKBUILD index b5b50d6ad..8329792ad 100644 --- a/user/netqmail/APKBUILD +++ b/user/netqmail/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Laurent Bercot <ska-adelie@skarnet.org> pkgname=netqmail pkgver=1.06 -pkgrel=4 +pkgrel=5 pkgdesc="The qmail mail transfer agent (community version)" url="http://www.qmail.org/$pkgname/" arch="all" @@ -13,9 +13,9 @@ depends="execline s6 s6-networking" makedepends="utmps-dev" subpackages="$pkgname-doc $pkgname-openrc" install="$pkgname.post-install $pkgname.pre-deinstall" -source="http://www.qmail.org/$pkgname-$pkgver.tar.gz \ - 0001-DESTDIR.patch \ - 0002-qbiffutmpx-20170820.patch \ +source="http://www.qmail.org/$pkgname-$pkgver.tar.gz + 0001-DESTDIR.patch + 0002-qbiffutmpx-20170820.patch 0003-qmailremote-20170716.patch 0004-notifyfd.patch qmail.run @@ -66,21 +66,19 @@ makeservicedir() build() { cd "$builddir" - echo "gcc -O2 -pipe -W -Wall -Wextra" > conf-cc - echo "gcc -s -static" > conf-ld - echo "gcc -s" > conf-ldi # because fakeroot doesn't work with static programs + echo "$CC $CFLAGS" > conf-cc + echo "$CC $LDFLAGS -s -static" > conf-ld + echo "$CC $LDFLAGS" > conf-ldi # because fakeroot doesn't work with static programs echo 022 > conf-patrn echo /var/qmail > conf-qmail echo 255 > conf-spawn { echo alias; echo qmaild; echo qmaill; echo root; echo qmailp; echo qmailq; echo qmailr; echo qmails; } > conf-users { echo qmail; echo nofiles; } > conf-groups make +} - - # The following should be done in package(), but abuild only - # does it under fakeroot when it's done in build() and - # there's no package() function. - +package() { + cd "$builddir" mkdir -p -m 0755 "$pkgdir"/var/qmail/services "$pkgdir"/var/log/qmail "$pkgdir"/usr/bin "$pkgdir"/usr/sbin "$pkgdir"/usr/share/doc "$pkgdir"/etc/qmail/services "$pkgdir"/etc/conf.d "$pkgdir"/etc/init.d chown qmaill:qmaill "$pkgdir"/var/log/qmail chmod 2700 "$pkgdir"/var/log/qmail diff --git a/user/php7/APKBUILD b/user/php7/APKBUILD index 9da2b1de2..187646dd3 100644 --- a/user/php7/APKBUILD +++ b/user/php7/APKBUILD @@ -23,15 +23,25 @@ # ----------+-------------------------------------------- # zlib | https://bugs.alpinelinux.org/issues/8299 +# secfixes: +# 7.2.16-r0: +# - CVE-2016-10166 +# - CVE-2018-20783 +# - CVE-2019-6977 +# - CVE-2019-9020 +# - CVE-2019-9021 +# - CVE-2019-9022 +# - CVE-2019-9023 +# - CVE-2019-9024 + pkgname=php7 _pkgname=php -pkgver=7.2.11 -pkgrel=3 +pkgver=7.2.16 +pkgrel=0 _apiver=20170718 pkgdesc="The PHP7 language runtime engine" url="https://php.net/" arch="all" -options="!checkroot" license="PHP-3.01 AND Zend-2.0 AND Custom:TSRM AND LGPL-2.1+ AND MIT AND Beerware AND Public-Domain AND BSD-3-Clause AND Apache-1.0 AND PostgreSQL AND BSD-2-Clause AND Zlib AND BSD-4-Clause" depends="" depends_dev="$pkgname=$pkgver-r$pkgrel autoconf icu-dev libedit-dev libxml2-dev @@ -77,12 +87,12 @@ source="http://php.net/distributions/$_pkgname-$pkgver.tar.bz2 $_pkgname-fpm.logrotate $_pkgname-module.conf disabled-tests.list - CVE-2018-19935.patch install-pear.patch fpm-paths.patch allow-build-recode-and-imap-together.patch fix-tests-devserver.patch - pwbuflen.patch" + pwbuflen.patch + enchant-2.patch" builddir="$srcdir/$_pkgname-$pkgver" _libdir="/usr/lib/$_pkgname" _extension_dir="$_libdir/modules" @@ -229,8 +239,6 @@ enable_ext 'zip' \ # - CVE-2018-19935 prepare() { - cd "$builddir" - default_prepare update_config_sub @@ -269,8 +277,6 @@ prepare() { # * Doesn't work with system-provided onigurama, some tests fail (invalid code # point); probably because bundled onigurama is version 5.x, but we have 6.x. _build() { - cd "$builddir" - EXTENSION_DIR=$_extension_dir ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -302,8 +308,6 @@ _build() { } build() { - cd "$builddir" - # phpdbg _build --enable-phpdbg \ --enable-phpdbg-webhelper \ @@ -325,8 +329,6 @@ build() { } check() { - cd "$builddir" - # PHP is so stupid that it's not able to resolve dependencies # between extensions and load them in correct order, so we must # help it... @@ -346,8 +348,6 @@ check() { } package() { - cd "$builddir" - make -j1 INSTALL_ROOT="$pkgdir" install install -Dm644 php.ini-production "$pkgdir"/etc/$_pkgname/php.ini @@ -526,14 +526,14 @@ _mv() { mv $@ } -sha512sums="a6bdd639648ae7845467e01303d0b4f4b85fd541409be97a5a605e91a9c994609e4e221a9c87c576134e66a2439920486d1f444e6fe8c34b0e5d025cee6d0cc8 php-7.2.11.tar.bz2 +sha512sums="f97545905a3ec4bc1ce431e306bffb2d7b6357164ea035a6899ea1589d8df4e6617af3924fa1abcb5da428ad691967504c3f94187d4cae6f2ef285e963d07e3d php-7.2.16.tar.bz2 23df4e779c809db3e3b8e5b0353b1aafaad2f3dc56f2d1cd45f9b0e3ad71b32e40700d6ebfe914b3c87e8e0b670d0dc862ded1e5c898adf160e33dea372e044f php-fpm.initd 01d4ba3ef104ea378eb0e8cbb7bdee3fdf65e4bd6865eb3bc6c0dc4af31c2d52887abdf0150b5ef984b877860285a3b1af84b11ffebb5b8b722ea9faf83edfeb php-fpm.logrotate a7f9ba5e11652fd1cb9e756c3269269a95de083ecb5be936a85c7a09c1396db9088e0251c6a643c40235c0e776fce2a471e5c7f5a033b85c7d3b3110c2b39e48 php-module.conf b1008eabc86fcff88336fe2961e3229c159c930a05d97359136c381c5c1cc572a33110308a3e5ef5e31c60327f76c9ef02b375cd2ea8ff9caa7deeddc216f4ce disabled-tests.list -4b6e4a8062808fcc54321b159f0b8bfef93267e0824f698f6ab06fc82796d62878a2e73cb44ef4bbad231658f9c0ee819ece1f7ca7517e56eea54309c92128c7 CVE-2018-19935.patch f1177cbf6b1f44402f421c3d317aab1a2a40d0b1209c11519c1158df337c8945f3a313d689c939768584f3e4edbe52e8bd6103fb6777462326a9d94e8ab1f505 install-pear.patch a77dd3bdf9dc7a0f2c06ff3e7c425d062bbaa29902c17402ce98701dc99499be863ad543aa5e6a7d1c249702d6afb193398dd3199ae58e42b32b95d434fb1883 fpm-paths.patch f8ecae241a90cbc3e98aa4deb3d5d35ef555f51380e29f4e182a8060dffeb84be74f030a14c6b452668471030d78964f52795ca74275db05543ccad20ef1f2cc allow-build-recode-and-imap-together.patch f8bb322e56df79dd9f391737fb8737945cc730b14c7dc2ae8688979c565a9b97f5f2a12c9fcd0d8124624a9d09bd10228147d9e999bb94909bbe249f0a50646c fix-tests-devserver.patch -8e538063d872f6770a57cdb844226a771ccda3d387dd1f199bb08c274b94fbe12ec0ef6df75c32071f308cb8f4ab51b91b520c7c2ed687adf96d0d322788e463 pwbuflen.patch" +8e538063d872f6770a57cdb844226a771ccda3d387dd1f199bb08c274b94fbe12ec0ef6df75c32071f308cb8f4ab51b91b520c7c2ed687adf96d0d322788e463 pwbuflen.patch +03de56676449ddc1ba1fc9c4fee2b2ed620cd1a8ce52d288c91b42e081182871ade55c8dbbe1c8286bc4eadcd92d497a62ac7b689ea8d6b1bcb5eb25225595c4 enchant-2.patch" diff --git a/user/php7/CVE-2018-19935.patch b/user/php7/CVE-2018-19935.patch deleted file mode 100644 index e24310f42..000000000 --- a/user/php7/CVE-2018-19935.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 648fc1e369fc05fb9200a42c7938912236b2a318 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Sun, 11 Nov 2018 10:04:01 -0800 -Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail - -If an empty $message is passed to imap_mail(), we must not set message -to NULL, since _php_imap_mail() is not supposed to handle NULL pointers -(opposed to pointers to NUL). - -(cherry picked from commit 7edc639b9ff1c3576773d79d016abbeed1f93846) ---- - ext/imap/php_imap.c | 1 - - ext/imap/tests/bug77020.phpt | 15 +++++++++++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - create mode 100644 ext/imap/tests/bug77020.phpt - -diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c -index 9e626a4..01d1a5f 100644 ---- a/ext/imap/php_imap.c -+++ b/ext/imap/php_imap.c -@@ -4116,7 +4116,6 @@ PHP_FUNCTION(imap_mail) - if (!ZSTR_LEN(message)) { - /* this is not really an error, so it is allowed. */ - php_error_docref(NULL, E_WARNING, "No message string in mail command"); -- message = NULL; - } - - if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL, -diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt -new file mode 100644 -index 0000000..8a65232 ---- /dev/null -+++ b/ext/imap/tests/bug77020.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+Bug #77020 (null pointer dereference in imap_mail) -+--SKIPIF-- -+<?php -+if (!extension_loaded('imap')) die('skip imap extension not available'); -+?> -+--FILE-- -+<?php -+imap_mail('1', 1, NULL); -+?> -+===DONE=== -+--EXPECTF-- -+Warning: imap_mail(): No message string in mail command in %s on line %d -+%s -+===DONE=== --- -2.1.4 - diff --git a/user/php7/enchant-2.patch b/user/php7/enchant-2.patch new file mode 100644 index 000000000..ed048de28 --- /dev/null +++ b/user/php7/enchant-2.patch @@ -0,0 +1,63 @@ +Lifted from Arch: https://git.archlinux.org/svntogit/packages.git/tree/trunk/enchant-2.patch?h=packages/php + +--- php-7.1.13/ext/enchant/config.m4.orig 2018-01-03 02:32:29.000000000 +0000 ++++ php-7.1.13/ext/enchant/config.m4 2018-01-21 22:10:03.788875780 +0000 +@@ -14,9 +14,9 @@ + ENCHANT_SEARCH_DIRS="/usr/local /usr" + fi + for i in $ENCHANT_SEARCH_DIRS; do +- if test -f $i/include/enchant/enchant.h; then ++ if test -f $i/include/enchant-2/enchant.h; then + ENCHANT_DIR=$i +- ENCHANT_INCDIR=$i/include/enchant ++ ENCHANT_INCDIR=$i/include/enchant-2 + elif test -f $i/include/enchant.h; then + ENCHANT_DIR=$i + ENCHANT_INCDIR=$i/include +@@ -31,7 +31,7 @@ + + AC_DEFINE(HAVE_ENCHANT,1,[ ]) + PHP_SUBST(ENCHANT_SHARED_LIBADD) +- PHP_ADD_LIBRARY_WITH_PATH(enchant, $ENCHANT_LIBDIR, ENCHANT_SHARED_LIBADD) ++ PHP_ADD_LIBRARY_WITH_PATH(enchant-2, $ENCHANT_LIBDIR, ENCHANT_SHARED_LIBADD) + PHP_ADD_INCLUDE($ENCHANT_INCDIR) + PHP_CHECK_LIBRARY(enchant, enchant_broker_set_param, + [ +--- php-7.2.1/ext/enchant/enchant.c.orig 2018-01-02 22:36:05.000000000 +0000 ++++ php-7.2.1/ext/enchant/enchant.c 2018-01-21 22:34:50.205791491 +0000 +@@ -741,7 +741,7 @@ + for (i = 0; i < n_sugg; i++) { + add_next_index_string(sugg, suggs[i]); + } +- enchant_dict_free_suggestions(pdict->pdict, suggs); ++ enchant_dict_free_string_list(pdict->pdict, suggs); + } + + +@@ -798,7 +798,7 @@ + add_next_index_string(return_value, suggs[i]); + } + +- enchant_dict_free_suggestions(pdict->pdict, suggs); ++ enchant_dict_free_string_list(pdict->pdict, suggs); + } + } + /* }}} */ +@@ -818,7 +818,7 @@ + + PHP_ENCHANT_GET_DICT; + +- enchant_dict_add_to_personal(pdict->pdict, word, wordlen); ++ enchant_dict_add(pdict->pdict, word, wordlen); + } + /* }}} */ + +@@ -856,7 +856,7 @@ + + PHP_ENCHANT_GET_DICT; + +- RETURN_BOOL(enchant_dict_is_in_session(pdict->pdict, word, wordlen)); ++ RETURN_BOOL(enchant_dict_is_added(pdict->pdict, word, wordlen)); + } + /* }}} */ + |