diff options
30 files changed, 586 insertions, 238 deletions
diff --git a/system/abuild/APKBUILD b/system/abuild/APKBUILD index 53d53a818..1ec934da1 100644 --- a/system/abuild/APKBUILD +++ b/system/abuild/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=abuild -pkgver=3.4.1 -pkgrel=2 +pkgver=3.4.2 +pkgrel=0 pkgdesc="Script to build APK packages" url="https://code.foxkit.us/adelie/abuild" arch="all" @@ -19,8 +19,6 @@ makedepends="$makedepends_host $makedepends_build" subpackages="abuild-rootbld:_rootbld:noarch $pkgname-doc" install="$pkgname.pre-install $pkgname.pre-upgrade" source="https://distfiles.adelielinux.org/source/abuild-$pkgver.tar.xz - apkpath.patch - fix-apk-invocation.patch keyhole.patch " @@ -55,7 +53,5 @@ _rootbld() { mkdir -p "$subpkgdir" } -sha512sums="6446171cc68d8341b5267816e7a05e0dc7b8a4e89c8c8410ae61e9501b163cc32db888476b14f032c16ef15bdd4dd4844e087394c2d061db8281f7bdfb34d450 abuild-3.4.1.tar.xz -bc373c93344d498a48675256bb26cf9bebac74f54d8e53a09c0975e3047c481ee35c6b88e5de392efd2d0ce2a8de23ebbf0822e1a093ee01ea99349f238c62f7 apkpath.patch -4ae8a0d7efb94e8390250c2c43294ba40afcf27409257cccffb9315f00e887972e29573ddbfb830a82eab473c6d292fe7a1bf30fb9761b6fa24b8fe8c0940c79 fix-apk-invocation.patch +sha512sums="9bdeb31f54879878697b4a5436ec2bc7764e1b9840798e913ba3dd47c344437e362a3067b89440ca8a7940af1efcaa83a24e7c1077187f924bf73fb058f97fbf abuild-3.4.2.tar.xz 757d750d4b5c88bf00774b64f2b93a9461e03f284d9423dc58c581e1309f276628de3114fcb510afd7c3cd55ceb721c1278e42756977c97ebe2597207805318d keyhole.patch" diff --git a/system/abuild/apkpath.patch b/system/abuild/apkpath.patch deleted file mode 100644 index 4390fe0b0..000000000 --- a/system/abuild/apkpath.patch +++ /dev/null @@ -1,25 +0,0 @@ -From d9811dee71cfafde1fe6d596a2b9922b60dd0c4f Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Fri, 21 Feb 2020 19:28:36 -0600 -Subject: [PATCH] abuild: Solve, once and for all, 'apk: not found' - ---- - abuild.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/abuild.in b/abuild.in -index 1b8898b..2212789 100644 ---- a/abuild.in -+++ b/abuild.in -@@ -23,7 +23,7 @@ fi - # defaults - : ${FAKEROOT:="fakeroot"} - : ${SUDO_APK:="abuild-apk"} --: ${APK:="apk"} -+: ${APK:="/sbin/apk"} - : ${ADDUSER:="abuild-adduser"} - : ${ADDGROUP:="abuild-addgroup"} - --- -2.25.0 - diff --git a/system/abuild/fix-apk-invocation.patch b/system/abuild/fix-apk-invocation.patch deleted file mode 100644 index 71bc3d1c9..000000000 --- a/system/abuild/fix-apk-invocation.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9f703d3222a6a8d52ac560035fb1a988d2f9bff7 Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Thu, 27 Feb 2020 04:41:04 -0600 -Subject: [PATCH] abuild: Use $APK instead of apk - -This is the only appearance of `apk` in the source. Appears accidental. - -Fixes: 41343329 ("abuild: fix dependency tracing for cross builds") -Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> ---- - abuild.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/abuild.in b/abuild.in -index 2212789..7daa366 100644 ---- a/abuild.in -+++ b/abuild.in -@@ -1255,7 +1255,7 @@ trace_apk_deps() { - autodeps="$autodeps pc:$pcprefix$i" - elif subpkg_provides_pc "$i" \ - || $APK $apkroot info --quiet --installed "pc:$i"; then -- local provider="$(apk $apkroot search --quiet "pc:$i")" -+ local provider="$($APK $apkroot search --quiet "pc:$i")" - if list_has "$provider" $depends_dev; then - warning "$provider should be removed from depends_dev" - fi --- -2.25.1 - diff --git a/system/argon2/APKBUILD b/system/argon2/APKBUILD index 42d459e1f..c7a1bd6c2 100644 --- a/system/argon2/APKBUILD +++ b/system/argon2/APKBUILD @@ -4,7 +4,7 @@ pkgname=argon2 _pkgname=phc-winner-argon2 pkgver=20190702 -pkgrel=0 +pkgrel=1 pkgdesc="Password hashing library" url="https://github.com/P-H-C/phc-winner-argon2" arch="all" @@ -30,7 +30,8 @@ package() { sed -i 's#libdir=${prefix}/lib#libdir=/lib#' "$builddir"/libargon2.pc make OPTTARGET=none DESTDIR="$pkgdir" LIBRARY_REL=lib install # ...but cryptsetup needs this in /lib for early-boot - mv "$pkgdir"/usr/lib "$pkgdir"/ + mkdir "$pkgdir"/lib + mv "$pkgdir"/usr/lib/lib* "$pkgdir"/lib } sha512sums="0a4cb89e8e63399f7df069e2862ccd05308b7652bf4ab74372842f66bcc60776399e0eaf979a7b7e31436b5e6913fe5b0a6949549d8c82ebd06e0629b106e85f argon2-20190702.tar.gz" diff --git a/system/bc/APKBUILD b/system/bc/APKBUILD index c234818af..cfeabb5a2 100644 --- a/system/bc/APKBUILD +++ b/system/bc/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=bc -pkgver=3.1.5 +pkgver=3.1.6 pkgrel=0 pkgdesc="An arbitrary precision numeric processing language (calculator)" url="https://github.com/gavinhoward/bc" @@ -25,4 +25,4 @@ package() { make install } -sha512sums="34be1c186df5906ab7a966739220a20afd7e3b227a5c7ba32a77256a36e097bbcc39b99ce6d6855de3e6e2296612f8fbe63dc0983ad91d4eb4c1e630dbb587a0 bc-3.1.5.tar.xz" +sha512sums="1219a074845b8c66a431ddb78bab643793f5275c26404e92e360e655418d70d1aafa02be2fc4dec25d99a85ae2da1aab7d615de893f85913ca8834448dcade53 bc-3.1.6.tar.xz" diff --git a/system/musl/APKBUILD b/system/musl/APKBUILD index 8517b148b..735541e51 100644 --- a/system/musl/APKBUILD +++ b/system/musl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=musl pkgver=1.2.0 -pkgrel=1 +pkgrel=2 pkgdesc="System library (libc) implementation" url="https://www.musl-libc.org/" arch="all" @@ -27,6 +27,7 @@ source="https://musl.libc.org/releases/$pkgname-$pkgver.tar.gz handle-aux-at_base.patch fgetspent_r.patch threads_minus_1.patch + CVE-2020-28928.patch ldconfig getent.c @@ -38,6 +39,8 @@ source="https://musl.libc.org/releases/$pkgname-$pkgver.tar.gz # - CVE-2016-8859 # 1.1.23-r2: # - CVE-2019-14697 +# 1.2.0-r2: +# - CVE-2020-28928 build() { [ "$BOOTSTRAP" = "nocc" ] && return 0 @@ -123,6 +126,7 @@ f01ab92b9d385c15369c0bb7d95e1bc06a009c8851e363517d0ba1bae3fc2647af69fc2f363b5d96 6a7ff16d95b5d1be77e0a0fbb245491817db192176496a57b22ab037637d97a185ea0b0d19da687da66c2a2f5578e4343d230f399d49fe377d8f008410974238 handle-aux-at_base.patch ded41235148930f8cf781538f7d63ecb0c65ea4e8ce792565f3649ee2523592a76b2a166785f0b145fc79f5852fd1fb1729a7a09110b3b8f85cba3912e790807 fgetspent_r.patch 68830961e297d9a499f3b609be84848ad5d3326a1af56e9e54a40ecd972c48da11532c51da572d45e0df3574d63191e7ae0d3a1b84a029365f8d00691de96952 threads_minus_1.patch +343ac5e5365cf98a5d5b7bc192c671733fdba27f06b83484f1ac7647154228745415f62dd676029de538460f8b35e0a70ca453a0f8b73226ed1c420099b1cf90 CVE-2020-28928.patch cb71d29a87f334c75ecbc911becde7be825ab30d8f39fa6d64cb53812a7c9abaf91d9804c72540e5be3ddd3c84cfe7fd9632274309005cb8bcdf9a9b09b4b923 ldconfig 378d70e65bcc65bb4e1415354cecfa54b0c1146dfb24474b69e418cdbf7ad730472cd09f6f103e1c99ba6c324c9560bccdf287f5889bbc3ef0bdf0e08da47413 getent.c 9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf iconv.c" diff --git a/system/musl/CVE-2020-28928.patch b/system/musl/CVE-2020-28928.patch new file mode 100644 index 000000000..cc668e149 --- /dev/null +++ b/system/musl/CVE-2020-28928.patch @@ -0,0 +1,112 @@ +From 3ab2a4e02682df1382955071919d8aa3c3ec40d4 Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Thu, 19 Nov 2020 17:12:43 -0500 +Subject: [PATCH] rewrite wcsnrtombs to fix buffer overflow and other bugs + +the original wcsnrtombs implementation, which has been largely +untouched since 0.5.0, attempted to build input-length-limiting +conversion on top of wcsrtombs, which only limits output length. as +best I recall, this choice was made out of a mix of disdain over +having yet another variant function to implement (added in POSIX 2008; +not standard C) and preference not to switch things around and +implement the wcsrtombs in terms of the more general new function, +probably over namespace issues. the strategy employed was to impose +output limits that would ensure the input limit wasn't exceeded, then +finish up the tail character-at-a-time. unfortunately, none of that +worked correctly. + +first, the logic in the wcsrtombs loop was wrong in that it could +easily get stuck making no forward progress, by imposing an output +limit too small to convert even one character. + +the character-at-a-time loop that followed was even worse. it made no +effort to ensure that the converted multibyte character would fit in +the remaining output space, only that there was a nonzero amount of +output space remaining. it also employed an incorrect interpretation +of wcrtomb's interface contract for converting the null character, +thereby failing to act on end of input, and remaining space accounting +was subject to unsigned wrap-around. together these errors allow +unbounded overflow of the destination buffer, controlled by input +length limit and input wchar_t string contents. + +given the extent to which this function was broken, it's plausible +that most applications that would have been rendered exploitable were +sufficiently broken not to be usable in the first place. however, it's +also plausible that common (especially ASCII-only) inputs succeeded in +the wcsrtombs loop, which mostly worked, while leaving the wildly +erroneous code in the second loop exposed to particular non-ASCII +inputs. + +CVE-2020-28928 has been assigned for this issue. +--- + src/multibyte/wcsnrtombs.c | 46 ++++++++++++++++---------------------- + 1 file changed, 19 insertions(+), 27 deletions(-) + +diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c +index 676932b5..95e25e70 100644 +--- a/src/multibyte/wcsnrtombs.c ++++ b/src/multibyte/wcsnrtombs.c +@@ -1,41 +1,33 @@ + #include <wchar.h> ++#include <limits.h> ++#include <string.h> + + size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st) + { +- size_t l, cnt=0, n2; +- char *s, buf[256]; + const wchar_t *ws = *wcs; +- const wchar_t *tmp_ws; +- +- if (!dst) s = buf, n = sizeof buf; +- else s = dst; +- +- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) { +- if (n2>=n) n2=n; +- tmp_ws = ws; +- l = wcsrtombs(s, &ws, n2, 0); +- if (!(l+1)) { +- cnt = l; +- n = 0; ++ size_t cnt = 0; ++ if (!dst) n=0; ++ while (ws && wn) { ++ char tmp[MB_LEN_MAX]; ++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0); ++ if (l==-1) { ++ cnt = -1; + break; + } +- if (s != buf) { +- s += l; ++ if (dst) { ++ if (n<MB_LEN_MAX) { ++ if (l>n) break; ++ memcpy(dst, tmp, l); ++ } ++ dst += l; + n -= l; + } +- wn = ws ? wn - (ws - tmp_ws) : 0; +- cnt += l; +- } +- if (ws) while (n && wn) { +- l = wcrtomb(s, *ws, 0); +- if ((l+1)<=1) { +- if (!l) ws = 0; +- else cnt = l; ++ if (!*ws) { ++ ws = 0; + break; + } +- ws++; wn--; +- /* safe - this loop runs fewer than sizeof(buf) times */ +- s+=l; n-=l; ++ ws++; ++ wn--; + cnt += l; + } + if (dst) *wcs = ws; +-- +2.25.4 + diff --git a/system/s6-linux-init/APKBUILD b/system/s6-linux-init/APKBUILD index 49a69ddad..742ed3ff6 100644 --- a/system/s6-linux-init/APKBUILD +++ b/system/s6-linux-init/APKBUILD @@ -1,14 +1,14 @@ # Contributor: Laurent Bercot <ska-adelie@skarnet.org> # Maintainer: Laurent Bercot <ska-adelie@skarnet.org> pkgname=s6-linux-init -pkgver=1.0.4.2 +pkgver=1.0.5.1 pkgrel=0 pkgdesc="A s6-based init system" url="https://skarnet.org/software/$pkgname/" arch="all" options="!check" # No test suite. license="ISC" -_skalibs_version=2.9.2.1 +_skalibs_version=2.9.3.0 _s6_version=2.9.2.0 depends="execline s6>=$_s6_version s6-linux-init-common" makedepends="skalibs-dev>=$_skalibs_version execline-dev s6-dev utmps-dev" @@ -119,8 +119,7 @@ doc() { mkdir -p "$subpkgdir/usr/share/doc" cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname" } - -sha512sums="31dfe6911f6de527c43120097bd711cfb84cdec6f056ccaa03d48a1bcecb852caacdbaabddf0188ea30c4827abe3293acb8ebff8dfe80ea8665934802fac0e53 s6-linux-init-1.0.4.2.tar.gz +sha512sums="c23fff1f5f2433119cbcfceb8e69c2f5542c8377079010891f4147a056d66c23fc08e08ca20ce0236d40386aac187cefd7b38bccb1bd5395d01ef4716c7a7432 s6-linux-init-1.0.5.1.tar.gz 756b0cbbe5dabb4631380c3c7ea199cc213224b2e36e50a2d012a61948170078b78bf49b85d886319fecf59843087f937d3d804723b2553ac9f94d088a2f0fd8 rc.init e73c3c32b118831074288d23fadace2158a2b15d5a13ffa73290b92a9e39c2a21c73d3b0eabea29bcbaa5f6381611fd8d0aaa6aa691ec7de91b8ef6ae404b6da runlevel 7bb050248a5c2ab6a56c50c35f87cde724f97ff9882f5e60b0f0f2f14bd93c1df7d99fedc3d81c8519cf1a1ed90e03f1cbb9bf891c7b3618aa9a5f5738d262f4 rc.shutdown diff --git a/system/skalibs/APKBUILD b/system/skalibs/APKBUILD index 129fa7e79..ed0414589 100644 --- a/system/skalibs/APKBUILD +++ b/system/skalibs/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Laurent Bercot <ska-adelie@skarnet.org> # Maintainer: Laurent Bercot <ska-adelie@skarnet.org> pkgname=skalibs -pkgver=2.9.2.1 +pkgver=2.9.3.0 pkgrel=0 pkgdesc="A set of general-purpose C programming libraries for skarnet.org software" url="https://skarnet.org/software/skalibs/" @@ -57,4 +57,4 @@ doc() { cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname" } -sha512sums="bd507faf30f0564fb8d3e5f86de04ab4b39961dab2497ba9f4a81980a57f7ff68cad366b9847b25d555b5b9263460d13f096e1774d080d1d286979f2e7324c54 skalibs-2.9.2.1.tar.gz" +sha512sums="41e867fcaf16da437840b796a41b2d34ea53aafedde8b4fc86d712934ec533e9f7f2a8b7902542570ea6b5bcba772569fc4f47bccef770b5dee4f9d113b3df11 skalibs-2.9.3.0.tar.gz" diff --git a/user/apkfoundry/APKBUILD b/user/apkfoundry/APKBUILD index 007c3d913..c06c33e20 100644 --- a/user/apkfoundry/APKBUILD +++ b/user/apkfoundry/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Max Rees <maxcrees@me.com> pkgname=apkfoundry -pkgver=0.5 +pkgver=0.6 pkgrel=0 pkgdesc="APK build orchestrator and distribution builder" url="https://dev.sick.bike/apkfoundry/" @@ -28,4 +28,4 @@ package() { make install DESTDIR="$pkgdir" } -sha512sums="169caf3b594929814c87fa7a3b7d8e56476a7862d64eaf7bfdf13468c4258e8879f5de738758de39631085a5cbae4b47f7656b4335bb4d7fafd2abce834ee233 apkfoundry-0.5.tar.gz" +sha512sums="71c1a0baabb2d1092e8873d438a14fba40eb953f7a11a93754e2dd6753da34a4427b2b7d50de6b7e7d34eb99b9bb91f829453d431649d3596a9789e1f1b34a0b apkfoundry-0.6.tar.gz" diff --git a/user/avahi/APKBUILD b/user/avahi/APKBUILD index f1534a5e5..d831ec801 100644 --- a/user/avahi/APKBUILD +++ b/user/avahi/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=avahi pkgver=0.8 -pkgrel=0 +pkgrel=1 pkgdesc="Local network service discovery library" url="https://avahi.org/" arch="all" @@ -40,7 +40,8 @@ build() { --with-distro=gentoo \ --enable-core-docs \ --disable-mono \ - --disable-gdbm + --disable-gdbm \ + --enable-compat-libdns_sd make } diff --git a/user/btrfs-progs/APKBUILD b/user/btrfs-progs/APKBUILD index e8412ef96..c2c423ff8 100644 --- a/user/btrfs-progs/APKBUILD +++ b/user/btrfs-progs/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=btrfs-progs -pkgver=5.7 +pkgver=5.9 pkgrel=0 pkgdesc="File system utilities for Btrfs" url="https://btrfs.wiki.kernel.org/index.php/Main_Page" @@ -31,4 +31,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="72c3af13ca589f2e0b96cb7602319035ef8aab6ee224fff3544a5d0bfc013a66552dde4533ec5e64696d404b8905431cd0f25367c40fd34ea39be7c0ed8c2d16 btrfs-progs-v5.7.tar.xz" +sha512sums="38db047198ab0467d3fe235f7e8e1fd14ade00dd0b182588220c5f5e4b598efbdcd30a3d5d56cf0a0ed8a902d2374af0927eb7f3720cd761172c7291a2a65c94 btrfs-progs-v5.9.tar.xz" diff --git a/user/gobject-introspection/APKBUILD b/user/gobject-introspection/APKBUILD index cc92875e1..f61e5bfc2 100644 --- a/user/gobject-introspection/APKBUILD +++ b/user/gobject-introspection/APKBUILD @@ -1,6 +1,6 @@ -# Maintainer: +# Maintainer: Nathan <ndowens@artixlinux.org> pkgname=gobject-introspection -pkgver=1.62.0 +pkgver=1.66.1 pkgrel=0 pkgdesc="Introspection system for GObject-based libraries" url="https://wiki.gnome.org/action/show/Projects/GObjectIntrospection" @@ -37,4 +37,4 @@ dev() { replaces="gobject-introspection" } -sha512sums="b460a95fd7a323e9b0c9a45e680ebe98bbae7632abfa53b3e0b0ec050775cab17dde693314d6d4f8e93614c32b5587f8ce0b4a4c9ee9ba46c029ce029014e638 gobject-introspection-1.62.0.tar.xz" +sha512sums="ea1e20cd94ff8af3572f417f35e96648ffc3e94a91d4e4c81adf99bb0f408ac21ecf40990f9dbd5f2e0f4e83360286ca5db88dbc45bd59289596a324acf7df3d gobject-introspection-1.66.1.tar.xz" diff --git a/user/horizon/APKBUILD b/user/horizon/APKBUILD index b49640561..8d2e480c2 100644 --- a/user/horizon/APKBUILD +++ b/user/horizon/APKBUILD @@ -1,8 +1,8 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=horizon -pkgver=0.9.5 -pkgrel=1 +pkgver=0.9.6 +pkgrel=0 pkgdesc="Installation tools for Adélie Linux" url="https://horizon.adelielinux.org/" arch="all" @@ -17,9 +17,7 @@ makedepends="bcnm-dev boost-dev cmake curl-dev eudev-dev libarchive-dev libcap-dev libx11-dev libxkbfile-dev qt5-qtbase-dev" subpackages="$pkgname-image $pkgname-dbg $pkgname-dev $pkgname-doc $pkgname-qt5 $pkgname-tools $pkgname-wizard $pkgname-boot" -source="https://distfiles.adelielinux.org/source/horizon-$pkgver.tar.xz - bootloader.patch - " +source="https://distfiles.adelielinux.org/source/horizon-$pkgver.tar.xz" build() { if [ "$CBUILD" != "$CHOST" ]; then @@ -158,5 +156,4 @@ GLOBALS "$subpkgdir"/usr/share/xsessions/horizon.desktop } -sha512sums="373cbf87aa468d0ea41abad07f61cdaa6088cfdcba13c0beff245dbd8e270aa42c3e301a22913299d148e829114bd0b5aa746541c4b4b0c7286da35015c54d88 horizon-0.9.5.tar.xz -88e7c6df4dc2c8c7f6befd5f96f82267fefccb98d0c5e6c26c611323e505f7ee964dcfd2128dbe165c064d953e7afef2787ab49a6c4a834ffe8fd50c00eb26ae bootloader.patch" +sha512sums="d5ffe9bd423e98272ca780c59e6e32c42b284c68f3a0bace07bd693d457e2edcd68d7fc03f638b545960154ea26b7c09feee083dbffa986da2a7cd418be9500f horizon-0.9.6.tar.xz" diff --git a/user/horizon/bootloader.patch b/user/horizon/bootloader.patch deleted file mode 100644 index a09b4a603..000000000 --- a/user/horizon/bootloader.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 3658104dcc622e69a64cf97fbc9ed477f3faed6c Mon Sep 17 00:00:00 2001 -From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -Date: Wed, 30 Sep 2020 19:19:59 -0500 -Subject: [PATCH] meta: Run update-boot when bootloader requested -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -If the user chooses no-boot or isn't installing Adélie, this will fail -quietly. But if the user is installing Adélie, this is necessary to -generate bootloader configuration. ---- - hscript/meta.cc | 26 ++++++++++++++++++++------ - 1 file changed, 20 insertions(+), 6 deletions(-) - -diff --git a/hscript/meta.cc b/hscript/meta.cc -index 4efdc80..84e851a 100644 ---- a/hscript/meta.cc -+++ b/hscript/meta.cc -@@ -823,7 +823,7 @@ bool Bootloader::execute() const { - << std::endl - << "chroot " << script->targetDirectory() - << " grub-install " << _device << std::endl; -- return true; -+ goto updateboot; - } - #ifdef HAS_INSTALL_ENV - if(run_command("/sbin/apk", -@@ -851,8 +851,8 @@ bool Bootloader::execute() const { - mount(nullptr, efipath.c_str(), nullptr, - MS_REMOUNT | MS_BIND | MS_RDONLY | MS_NOEXEC | MS_NODEV | - MS_NOSUID | MS_RELATIME, nullptr); -+ goto updateboot; - #endif /* HAS_INSTALL_ENV */ -- return true; /* LCOV_EXCL_LINE */ - } - else if(method == "grub-bios") { - if(script->options().test(Simulate)) { -@@ -861,7 +861,7 @@ bool Bootloader::execute() const { - << std::endl - << "chroot " << script->targetDirectory() - << " grub-install " << _device << std::endl; -- return true; -+ goto updateboot; - } - #ifdef HAS_INSTALL_ENV - if(run_command("/sbin/apk", -@@ -876,8 +876,8 @@ bool Bootloader::execute() const { - output_error(pos, "bootloader: failed to install GRUB"); - return false; - } -+ goto updateboot; - #endif /* HAS_INSTALL_ENV */ -- return true; /* LCOV_EXCL_LINE */ - } - else if(method == "iquik") { - output_error(pos, "bootloader: iQUIK is not yet supported"); -@@ -891,7 +891,7 @@ bool Bootloader::execute() const { - << "chroot " << script->targetDirectory() - << " grub-install --macppc-directory=/boot/grub " - << _device << std::endl; -- return true; -+ goto updateboot; - } - #ifdef HAS_INSTALL_ENV - if(run_command("/sbin/apk", -@@ -907,9 +907,23 @@ bool Bootloader::execute() const { - output_error(pos, "bootloader: failed to install GRUB"); - return false; - } -+ goto updateboot; - #endif /* HAS_INSTALL_ENV */ -- return true; /* LCOV_EXCL_LINE */ - } - - return false; /* LCOV_EXCL_LINE */ -+ -+updateboot: -+ /* We ignore if update-boot fails, in case the user has chosen no-boot. */ -+ if(script->options().test(Simulate)) { -+ std::cout << "chroot " << script->targetDirectory() -+ << " /usr/sbin/update-boot || true" << std::endl; -+ } -+#ifdef HAS_INSTALL_ENV -+ else { -+ run_command("chroot", -+ {script->targetDirectory(), "/usr/sbin/update-boot"}); -+ } -+#endif /* HAS_INSTALL_ENV */ -+ return true; - } --- -2.25.4 - diff --git a/user/imlib2/APKBUILD b/user/imlib2/APKBUILD index 09733a11b..698485e04 100644 --- a/user/imlib2/APKBUILD +++ b/user/imlib2/APKBUILD @@ -1,7 +1,7 @@ -# Maintainer: +# Maintainer: Nathan <ndowens@artixlinux.org> pkgname=imlib2 -pkgver=1.6.1 -pkgrel=2 +pkgver=1.7.0 +pkgrel=0 pkgdesc="Image manipulation library" url="https://sourceforge.net/projects/enlightenment" arch="all" @@ -11,7 +11,9 @@ depends_dev="freetype-dev libxext-dev libsm-dev" makedepends="$depends_dev tiff-dev giflib-dev bzip2-dev libpng-dev libid3tag-dev libjpeg-turbo-dev zlib-dev util-linux-dev" subpackages="$pkgname-dev" -source="https://downloads.sourceforge.net/enlightenment/$pkgname-src/$pkgname-$pkgver.tar.bz2" +source="https://downloads.sourceforge.net/enlightenment/$pkgname-src/$pkgname-$pkgver.tar.bz2 + loader-build.patch + " build() { ./configure \ @@ -41,4 +43,5 @@ package() { make DESTDIR=$pkgdir install } -sha512sums="ecdbdbfe8767ec2b1f22ce664cbab5e1d3f75be7a3c8f37488f5243b3c31dbc433414b8d50d2d1b70c67a80e31e42cc5398161991ce3955e991c114c82ddd58f imlib2-1.6.1.tar.bz2" +sha512sums="078126269565b55f4b167608ee65d558711e37c34283fb6193752b27f7fc59c738cbd38839b17203273defee20c2ffc41a495e44364089deebffbd39c67e6d72 imlib2-1.7.0.tar.bz2 +4f3139fa1caf64aff6f24f7fb95070b02280145119dcf5bb6f379ec1f4ded07d22317cb09eb42f911b12d90de4b84b6391ebf82305b129d6689089e5054c5e26 loader-build.patch" diff --git a/user/imlib2/loader-build.patch b/user/imlib2/loader-build.patch new file mode 100644 index 000000000..44af31f35 --- /dev/null +++ b/user/imlib2/loader-build.patch @@ -0,0 +1,26 @@ +From 92d3153fee9f915cf2bdbc92a7551e5a83985e81 Mon Sep 17 00:00:00 2001 +From: Daniel Kolesa <daniel@octaforge.org> +Date: Sun, 9 Aug 2020 21:00:46 +0200 +Subject: Fix big endian build + +--- + src/modules/loaders/loader_argb.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/modules/loaders/loader_argb.c b/src/modules/loaders/loader_argb.c +index ec58ca3..b915b7b 100644 +--- a/src/modules/loaders/loader_argb.c ++++ b/src/modules/loaders/loader_argb.c +@@ -7,6 +7,9 @@ load2(ImlibImage * im, int load_data) + int w = 0, h = 0, alpha = 0; + DATA32 *ptr; + int y; ++#ifdef WORDS_BIGENDIAN ++ int l; ++#endif + + rc = LOAD_FAIL; + +-- +cgit v1.2.1 + diff --git a/user/mbuffer/APKBUILD b/user/mbuffer/APKBUILD new file mode 100644 index 000000000..fbcaeaeb9 --- /dev/null +++ b/user/mbuffer/APKBUILD @@ -0,0 +1,36 @@ +# Contributor: CyberLeo <cyberleo@cyberleo.net> +# Maintainer: CyberLeo <cyberleo@cyberleo.net> +pkgname=mbuffer +pkgver=20200929 +pkgrel=0 +pkgdesc="mbuffer is a tool for buffering data streams." +url="http://www.maier-komor.de/mbuffer.html" +arch="all" +license="GPL-3.0-only" +depends="" +makedepends="" +subpackages="$pkgname-doc" +source="http://www.maier-komor.de/software/mbuffer/mbuffer-$pkgver.tgz + test-static-file-instead.patch" + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var + make +} + +check() { + make check +} + +package() { + make DESTDIR="$pkgdir" install +} + +sha512sums="332106205ea8743c9cf47529106c04ac15801a02b116d8e0c0fd3baadad51331c9f4ba1c8fa125edb42940cf401048a45ba23e2dac0e5189671bcf0ecee36996 mbuffer-20200929.tgz +28b7c7c7ee2b2130315cd6c4765d492e9d29376670a03ab0a1ab862a1ec5dea93e91e9de5e08604db69fe4139370eedb2a0754f16e5ebec3de9b48dc2a1dbea7 test-static-file-instead.patch" diff --git a/user/mbuffer/test-static-file-instead.patch b/user/mbuffer/test-static-file-instead.patch new file mode 100644 index 000000000..9c549bfaa --- /dev/null +++ b/user/mbuffer/test-static-file-instead.patch @@ -0,0 +1,11 @@ +--- mbuffer-20200929/Makefile.in.orig 2020-11-08 07:47:44.512670020 +0000 ++++ mbuffer-20200929/Makefile.in 2020-11-08 07:48:33.032115323 +0000 +@@ -101,7 +101,7 @@ + test.tar test.md5 mbuffer.md5 idev.so tapetest.so have-af + + test.tar: +- $(TAR) cf test.tar --ignore-failed-read $(TESTTREE) ++ truncate -s 10M test.tar + + test.md5: test.tar + openssl md5 < test.tar > test.md5 diff --git a/user/mumble/APKBUILD b/user/mumble/APKBUILD new file mode 100644 index 000000000..5e64e6af5 --- /dev/null +++ b/user/mumble/APKBUILD @@ -0,0 +1,127 @@ +# Maintainer: Max Rees <maxcrees@me.com> +pkgname=mumble +pkgver=1.3.3 +pkgrel=0 +pkgdesc="Low-latency, high-quality voice chat (client)" +url="https://www.mumble.info/" +arch="all" +license="BSD-3-Clause AND BSD-2-Clause AND MIT AND GPL-2.0+" +depends="qt5-qtbase-sqlite" +makedepends="alsa-lib-dev avahi-dev boost-dev cmd:which libcap-dev + libsndfile-dev libxi-dev opus-dev protobuf-dev pulseaudio-dev + qt5-qtbase-dev qt5-qtsvg-dev qt5-qttools-dev speech-dispatcher-dev + speex-dev speexdsp-dev" +subpackages="$pkgname-doc $pkgname-lang murmur murmur-openrc:openrc:noarch" +install="murmur.pre-install" +pkgusers="murmur" +pkggroups="murmur" +source="https://github.com/mumble-voip/mumble/releases/download/$pkgver/mumble-$pkgver.tar.gz + murmur.initd + default-config.patch + tests-networking.patch + " + +_qmake() { + qmake -recursive "$@" \ + CONFIG+="\ + bundled-celt \ + no-bundled-opus \ + no-bundled-speex \ + no-embed-qt-translations \ + no-g15 \ + no-ice \ + no-pch \ + no-rnnoise \ + no-update \ + " \ + DEFINES+="PLUGIN_PATH=/usr/lib/mumble" +} + +build() { + _qmake main.pro + make release +} + +check() { + cd src/tests + _qmake tests.pro + make check +} + +package() { + _ver=${pkgver%_rc*} + _maj="${_ver%%.*}" + _min="${_ver#*.}" + _min="${_min%%.*}" + + # Binaries + install -Dm755 release/mumble \ + "$pkgdir"/usr/bin/mumble + install -Dm755 release/murmurd \ + "$pkgdir"/usr/bin/murmurd + + # Libraries & plugins + install -Dm755 release/libmumble.so.$_ver \ + "$pkgdir"/usr/lib/mumble/libmumble.so.$_ver + for lib in libmumble.so libmumble.so.$_maj libmumble.so.$_maj.$_min; do + ln -s libmumble.so.$_ver \ + "$pkgdir"/usr/lib/mumble/$lib + done + install -Dm755 release/plugins/liblink.so \ + "$pkgdir"/usr/lib/mumble/liblink.so + install -Dm755 release/libcelt* \ + "$pkgdir"/usr/lib/mumble/ + + # Desktop files + install -Dm644 scripts/mumble.desktop \ + "$pkgdir"/usr/share/applications/mumble.desktop + install -Dm644 icons/mumble.svg \ + "$pkgdir"/usr/share/icons/hicolor/scalable/apps/mumble.svg + + # Man pages + install -Dm644 -t "$pkgdir"/usr/share/man/man1 \ + man/mumble.1 \ + man/murmurd.1 + + # Translations + install -Dm644 -t "$pkgdir"/usr/share/mumble/translations \ + src/mumble/*.qm + + # OpenRC + install -Dm755 "$srcdir"/murmur.initd \ + "$pkgdir"/etc/init.d/murmur +} + +lang() { + pkgdesc="Languages for package mumble" + install_if="$pkgname=$pkgver-r$pkgrel lang" + + cd "$builddir" + mkdir -p "$subpkgdir"/usr/share/mumble + mv "$pkgdir"/usr/share/mumble/translations \ + "$subpkgdir"/usr/share/mumble +} + +murmur() { + pkgdesc="Low latency, high-quality voice chat (server)" + + cd "$builddir" + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/murmurd \ + "$subpkgdir"/usr/bin + install -o murmur -g murmur -dm750 \ + "$subpkgdir"/var/lib/murmur + install -g murmur -Dm640 scripts/murmur.ini \ + "$subpkgdir"/etc/murmur.ini +} + +openrc() { + default_openrc + install_if="openrc murmur=$pkgver-r$pkgrel" + pkgdesc="Low latency, high-quality voice chat (server OpenRC init scripts)" +} + +sha512sums="be4c6d4de82a1059bf30d4c7e3c44e41e4bb50dc4a811b7d0def808c52059ff7bcccf65140db940f18cc1bb66d58ea4dab23ba5dcfae3b8b904866751f32edb3 mumble-1.3.3.tar.gz +59283687466c9ab460017c2191c731e63203baaa6a4a3d30b42075eb8597bafeb2d3494367ab64c785ee37c7b916ea101daf22b68bdfa27844b97e18cb1d71c0 murmur.initd +68c4c81a55663305d1525eb5d43e0b456e54f007ee327d45bf63572c59282edd88650ede7931644a9762a40c2f7e730b338b4900ae5b4da11b944b3af01c5387 default-config.patch +e89c20b39fdb24982153b046ffe41688d6a854eee593205535155d55e49b7e534f6cec14325108a7ebd2550a6043479b01139d7bf900840bcf63188625bca304 tests-networking.patch" diff --git a/user/mumble/default-config.patch b/user/mumble/default-config.patch new file mode 100644 index 000000000..0c93c2225 --- /dev/null +++ b/user/mumble/default-config.patch @@ -0,0 +1,36 @@ +--- mumble-1.3.2/scripts/murmur.ini 2020-07-09 13:06:18.000000000 -0400 ++++ mumble-1.3.2/scripts/murmur.ini 2020-09-13 00:05:08.070133921 -0400 +@@ -13,7 +13,7 @@ + + ; Path to database. If blank, will search for + ; murmur.sqlite in default locations or create it if not found. +-database= ++database=/var/lib/murmur/murmur.sqlite + + ; Murmur defaults to using SQLite with its default rollback journal. + ; In some situations, using SQLite's write-ahead log (WAL) can be +@@ -93,13 +93,13 @@ icesecretwrite= + ; logs to the file 'murmur.log'. If you leave this field blank + ; on Unix-like systems, Murmur will force itself into foreground + ; mode which logs to the console. +-;logfile=murmur.log ++logfile=/var/log/murmur.log + + ; If set, Murmur will write its process ID to this file + ; when running in daemon mode (when the -fg flag is not + ; specified on the command line). Only available on + ; Unix-like systems. +-;pidfile= ++pidfile=/var/run/murmur.pid + + ; The below will be used as defaults for new configured servers. + ; If you're just running one server (the default), it's easier to +@@ -291,7 +291,7 @@ allowping=true + + ; If Murmur is started as root, which user should it switch to? + ; This option is ignored if Murmur isn't started with root privileges. +-;uname= ++uname=murmur + + ; By default, in log files and in the user status window for privileged users, + ; Mumble will show IP addresses - in some situations you may find this unwanted diff --git a/user/mumble/murmur.initd b/user/mumble/murmur.initd new file mode 100644 index 000000000..dfbc46821 --- /dev/null +++ b/user/mumble/murmur.initd @@ -0,0 +1,35 @@ +#!/sbin/openrc-run +description="Mumble VoIP server" +command="/usr/bin/murmurd" +: "${config:=/etc/murmur.ini}" +: "${command_args:=-ini $config}" + +extra_started_commands="reload" +description_reload="Reload TLS settings" + +# As of 1.3.2 murmur will make the PID file *after* it switches to the +# unprivileged user, which is bad. So make start-stop-daemon handle the +# PID file and user switching instead. +command_background=true +command_args="$command_args -fg" + +command_user="$(awk -F= '$1 == "uname" { print $2 }' "$config")" +: "${command_user:=murmur}" + +pidfile="$(awk -F= '$1 == "pidfile" { print $2 }' "$config")" +: "${pidfile:=/var/run/$RC_SVCNAME.pid}" + +# Ignores logfile when -fg is used. +logfile="$(awk -F= '$1 == "logfile" { print $2 }' "$config")" +: "${logfile:=/var/log/murmur.log}" +start_stop_daemon_args="--stdout $logfile --stderr $logfile" + +start_pre() { + checkpath -m 0640 -f -o "$command_user" "$logfile" +} + +reload() { + ebegin "Reloading $RC_SVCNAME TLS settings" + start-stop-daemon --signal USR1 --pidfile "$pidfile" + eend $? +} diff --git a/user/mumble/murmur.pre-install b/user/mumble/murmur.pre-install new file mode 100644 index 000000000..7baafe4d9 --- /dev/null +++ b/user/mumble/murmur.pre-install @@ -0,0 +1,7 @@ +#!/bin/sh + +groupadd -r murmur 2>/dev/null +useradd -c "Mumble daemon" -s /sbin/nologin -g murmur \ + -m -d /var/lib/murmur -r murmur 2>/dev/null + +exit 0 diff --git a/user/mumble/tests-networking.patch b/user/mumble/tests-networking.patch new file mode 100644 index 000000000..a1decd477 --- /dev/null +++ b/user/mumble/tests-networking.patch @@ -0,0 +1,33 @@ +--- mumble-1.3.2/src/tests/TestServerResolver/TestServerResolver.cpp 2020-07-09 17:06:18.000000000 +0000 ++++ mumble-1.3.2/src/tests/TestServerResolver/TestServerResolver.cpp 2020-09-20 06:15:32.741670504 +0000 +@@ -33,9 +33,7 @@ class TestServerResolver : public QObjec + }; + + void TestServerResolver::simpleSrv() { +-#ifdef USE_NO_SRV +- return; +-#endif ++ return; // network access required + + // Qt 5's SRV resolver does not work in Wine. + // For more info, see https://bugs.winehq.org/show_bug.cgi?id=44296 +@@ -86,9 +84,7 @@ void TestServerResolver::simpleSrv() { + } + + void TestServerResolver::srvCustomPort() { +-#ifdef USE_NO_SRV +- return; +-#endif ++ return; // network access required + + // Qt 5's SRV resolver does not work in Wine. + // For more info, see https://bugs.winehq.org/show_bug.cgi?id=44296 +@@ -139,6 +135,8 @@ void TestServerResolver::srvCustomPort() + + + void TestServerResolver::simpleCNAME() { ++ return; // network access required ++ + ServerResolver r; + QSignalSpy spy(&r, SIGNAL(resolved())); + diff --git a/user/pv/APKBUILD b/user/pv/APKBUILD new file mode 100644 index 000000000..b78efcd77 --- /dev/null +++ b/user/pv/APKBUILD @@ -0,0 +1,34 @@ +# Contributor: CyberLeo <cyberleo@cyberleo.net> +# Maintainer: CyberLeo <cyberleo@cyberleo.net> +pkgname=pv +pkgver=1.6.6 +pkgrel=0 +pkgdesc="Pipe Viewer - a terminal-based tool for monitoring the progress of data through a pipeline." +url="https://www.ivarch.com/programs/pv.shtml" +arch="all" +license="Artistic-2.0" +depends="" +makedepends="" +subpackages="$pkgname-doc $pkgname-lang" +source="https://www.ivarch.com/programs/sources/pv-$pkgver.tar.bz2" + +build() { + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var + make +} + +check() { + make check +} + +package() { + make DESTDIR="$pkgdir" install +} + +sha512sums="cc841b4bd00e4e8fcaed97da094ebac4a11af1c3f843ce5f73d0c3ab20aca29498c6b1a224c653d40127304d8269d96f413df66b980809e9278ff9544c834a26 pv-1.6.6.tar.bz2" diff --git a/user/vorbis-tools/APKBUILD b/user/vorbis-tools/APKBUILD index 07179decc..4ce488428 100644 --- a/user/vorbis-tools/APKBUILD +++ b/user/vorbis-tools/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Nathan <ndowens@artixlinux.org> pkgname=vorbis-tools pkgver=1.4.0 -pkgrel=0 +pkgrel=1 pkgdesc="Tools for Ogg-Vorbis" url="https://www.xiph.org/vorbis" arch="all" @@ -12,9 +12,10 @@ makedepends="curl-dev flac-dev libvorbis-dev libao-dev speex-dev" subpackages="$pkgname-lang $pkgname-doc" source="http://downloads.xiph.org/releases/vorbis/vorbis-tools-$pkgver.tar.gz - vorbis-tools-CVE-2015-6749.patch - vorbis-tools-cve9638-cve9639.patch - vorbis-tools-cve9640.patch" + CVE-2014-9638-and-9639.patch + CVE-2014-9640.patch + CVE-2015-6749.patch + " prepare() { update_config_guess @@ -37,6 +38,6 @@ package() { } sha512sums="d2473f2e8e6726b5a5083f567797ae42bbb7fa3f26aec3f7b83e641e028c64726299f71a9d75258595a53cf29c18acb84841bcbc39509258d2c8df859e4e3b99 vorbis-tools-1.4.0.tar.gz -c1faa062e7035770db533383ebb3ae18efaf167f7a103c12cef81418da4be43545e368eab2915c243c03354c3bf0b8dbb198da90e7eaa59c8e00f1461c65b601 vorbis-tools-CVE-2015-6749.patch -bcf5ae147de547f6463f3000e06398a8b4db326b44eab02bf314ca8ae3b90c45bd25481fb76ccbf39d9a2798a6c9fadb48600f393b6436f01f95ce2a20c04fe8 vorbis-tools-cve9638-cve9639.patch -3bb8a50309f2657a99662039818040abf345d540915543cf35c3e5855d865fd33bf4bbaf296882662e6b11570199a054c7d34cfdd44ef69f9d3c9f45f4d8671f vorbis-tools-cve9640.patch" +fbe006c1de1b5d03dd84a3213d840468658129bc83f1fad9bcb738d53fd0f76b5f2ebc17b95c456d8b73456b313282bad5e08703649ba8b506371e6c8b466557 CVE-2014-9638-and-9639.patch +9cb9ca5a7cc648e75a4b0027f29f59edd81156578864c46cc2ff773435175a35ea2f31da480e983d05c23d1285d59f0f8a0ec97dd57ba8c11ee5786b619fbaa2 CVE-2014-9640.patch +bf49f572e023678a12d764e459d518f067499a07bd9fe6c037e00730349e066d96174a52043f61dff44fd788b336018c68ae4d26ebe279dc6bf0a07852048ff0 CVE-2015-6749.patch" diff --git a/user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch b/user/vorbis-tools/CVE-2014-9638-and-9639.patch index 80238b741..2585b47be 100644 --- a/user/vorbis-tools/vorbis-tools-cve9638-cve9639.patch +++ b/user/vorbis-tools/CVE-2014-9638-and-9639.patch @@ -1,14 +1,23 @@ -... in order to prevent a division by zero (CVE-2014-9638) and integer -overflow (CVE-2014-9639). +From 3bbabc06c4b35c84f6747ed850213161aca568c7 Mon Sep 17 00:00:00 2001 +From: Petter Reinholdtsen <pere@debian.org> +Date: Tue, 22 Sep 2015 15:14:06 +0200 +Subject: [PATCH] oggenc: validate count of channels in the header + (CVE-2014-9638 & CVE-2014-9639) +Author: Kamil Dudka <kdudka@redhat.com> +Origin: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html Bug: https://trac.xiph.org/ticket/2136 Bug: https://trac.xiph.org/ticket/2137 +Bug-Debian: https://bugs.debian.org/776086 +Forwarded: not-needed +Reviewed-By: Petter Reinholdtsen <pere@hungry.com> +Last-Update: 2015-09-22 --- - oggenc/audio.c | 19 +++++++++++++++++-- - 1 file changed, 17 insertions(+), 2 deletions(-) + oggenc/audio.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/oggenc/audio.c b/oggenc/audio.c -index 477da8c..1167f1b 100644 +index 4921fb9..535a704 100644 --- a/oggenc/audio.c +++ b/oggenc/audio.c @@ -13,6 +13,7 @@ @@ -27,7 +36,7 @@ index 477da8c..1167f1b 100644 if(buf[11]=='C') aifc=1; -@@ -277,11 +279,17 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) +@@ -277,11 +279,16 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) return 0; } @@ -42,11 +51,10 @@ index 477da8c..1167f1b 100644 + fprintf(stderr, _("Warning: Unsupported count of channels in AIFF header\n")); + return 0; + } -+ aiff->bigendian = 1; if(aifc) -@@ -416,6 +424,7 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen) +@@ -416,6 +423,7 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen) wav_fmt format; wavfile *wav = malloc(sizeof(wavfile)); int i; @@ -54,7 +62,7 @@ index 477da8c..1167f1b 100644 /* Ok. At this point, we know we have a WAV file. Now we have to detect * whether we support the subtype, and we have to find the actual data -@@ -453,12 +462,18 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen) +@@ -453,12 +461,18 @@ int wav_open(FILE *in, oe_enc_opt *opt, unsigned char *oldbuf, int buflen) } format.format = READ_U16_LE(buf); @@ -75,3 +83,5 @@ index 477da8c..1167f1b 100644 { if(len<40) -- +GitLab + diff --git a/user/vorbis-tools/CVE-2014-9640.patch b/user/vorbis-tools/CVE-2014-9640.patch new file mode 100644 index 000000000..f21994b58 --- /dev/null +++ b/user/vorbis-tools/CVE-2014-9640.patch @@ -0,0 +1,51 @@ +From 514116d7bea89dad9f1deb7617b2277b5e9115cd Mon Sep 17 00:00:00 2001 +From: Gregory Maxwell <greg@xiph.org> +Date: Wed, 16 Apr 2014 23:55:10 +0000 +Subject: [PATCH] oggenc: fix crash on raw file close, reported by Hanno in + issue #2009. pointer to a non-static struct was escaping its scope. Also fix + a C99-ism. + +svn path=/trunk/vorbis-tools/; revision=19117 +--- + oggenc/oggenc.c | 4 ++-- + oggenc/skeleton.h | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c +index 4a120f3..e7de0bb 100644 +--- a/oggenc/oggenc.c ++++ b/oggenc/oggenc.c +@@ -97,6 +97,8 @@ int main(int argc, char **argv) + .3,-1, + 0,0,0.f, + 0, 0, 0, 0, 0}; ++ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", ++ N_("RAW file reader")}; + + int i; + +@@ -239,8 +241,6 @@ int main(int argc, char **argv) + + if(opt.rawmode) + { +- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", +- N_("RAW file reader")}; + + enc_opts.rate=opt.raw_samplerate; + enc_opts.channels=opt.raw_channels; +diff --git a/oggenc/skeleton.h b/oggenc/skeleton.h +index cf87dc2..168b8b6 100644 +--- a/oggenc/skeleton.h ++++ b/oggenc/skeleton.h +@@ -41,7 +41,7 @@ typedef struct { + ogg_int64_t granule_rate_d; /* granule rate denominator */ + ogg_int64_t start_granule; /* start granule value */ + ogg_uint32_t preroll; /* preroll */ +- unsigned char granule_shift; // a 8-bit field /* 1 byte value holding the granule shift */ ++ unsigned char granule_shift; /* 1 byte value holding the granule shift */ + char *message_header_fields; /* holds all the message header fields */ + /* current total size of the message header fields, for realloc purpose, initially zero */ + ogg_uint32_t current_header_size; +-- +GitLab + diff --git a/user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch b/user/vorbis-tools/CVE-2015-6749.patch index 78e3c810e..b83f70cc2 100644 --- a/user/vorbis-tools/vorbis-tools-CVE-2015-6749.patch +++ b/user/vorbis-tools/CVE-2015-6749.patch @@ -1,9 +1,14 @@ -From 04815d3e1bfae3a6cdfb2c25358a5a72b61299f7 Mon Sep 17 00:00:00 2001 -From: Mark Harris <mark.hsj@gmail.com> -Date: Sun, 30 Aug 2015 05:54:46 -0700 -Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input +From c1059cd1e5c9278fe73a044d0e0792cac75f44b3 Mon Sep 17 00:00:00 2001 +From: Petter Reinholdtsen <pere@debian.org> +Date: Tue, 22 Sep 2015 14:56:58 +0200 +Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input (CVE-2015-6749). -Fixes #2212 +Author: Mark Harris <mark.hsj@gmail.com> +Origin: https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch +Bug-Debian: https://bugs.debian.org/797461 +Forwarded: https://trac.xiph.org/ticket/2212 +Reviewed-By: Petter Reinholdtsen <pere@hungry.com> +Last-Update: 2015-09-22 --- oggenc/audio.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) @@ -37,5 +42,5 @@ index 477da8c..4921fb9 100644 fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n")); return 0; -- -2.5.0 +GitLab diff --git a/user/vorbis-tools/vorbis-tools-cve9640.patch b/user/vorbis-tools/vorbis-tools-cve9640.patch deleted file mode 100644 index 97d18e0db..000000000 --- a/user/vorbis-tools/vorbis-tools-cve9640.patch +++ /dev/null @@ -1,29 +0,0 @@ -Index: vorbis-tools/oggenc/oggenc.c
-===================================================================
---- vorbis-tools/oggenc/oggenc.c (revision 19116)
-+++ vorbis-tools/oggenc/oggenc.c (revision 19117)
-@@ -98,4 +98,6 @@
- 0,0,0.f,
- 0, 0, 0, 0, 0};
-+ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
-+ N_("RAW file reader")};
-
- int i;
-@@ -240,6 +242,4 @@
- if(opt.rawmode)
- {
-- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
-- N_("RAW file reader")};
-
- enc_opts.rate=opt.raw_samplerate;
-Index: vorbis-tools/oggenc/skeleton.h
-===================================================================
---- vorbis-tools/oggenc/skeleton.h (revision 19116)
-+++ vorbis-tools/oggenc/skeleton.h (revision 19117)
-@@ -42,5 +42,5 @@
- ogg_int64_t start_granule; /* start granule value */
- ogg_uint32_t preroll; /* preroll */
-- unsigned char granule_shift; // a 8-bit field /* 1 byte value holding the granule shift */
-+ unsigned char granule_shift; /* 1 byte value holding the granule shift */
- char *message_header_fields; /* holds all the message header fields */
- /* current total size of the message header fields, for realloc purpose, initially zero */
|