summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/cryptsetup/APKBUILD2
-rw-r--r--system/json-c/APKBUILD46
-rw-r--r--system/json-c/fix-libdir.patch11
-rw-r--r--system/ncurses/APKBUILD29
-rw-r--r--user/bind/APKBUILD2
-rw-r--r--user/cifs-utils/APKBUILD8
-rw-r--r--user/claws-mail/APKBUILD8
-rw-r--r--user/confuse/APKBUILD10
-rw-r--r--user/eigen/APKBUILD11
-rw-r--r--user/f2fs-tools/APKBUILD12
-rw-r--r--user/freetype/APKBUILD6
-rw-r--r--user/i3status/APKBUILD2
-rw-r--r--user/libcroco/APKBUILD11
-rw-r--r--user/libcroco/CVE-2020-12825.patch187
-rw-r--r--user/libjpeg-turbo/APKBUILD8
-rw-r--r--user/libjpeg-turbo/CVE-2020-13790.patch35
-rw-r--r--user/libproxy/APKBUILD13
-rw-r--r--user/libproxy/CVE-2020-25219.patch57
-rw-r--r--user/libproxy/CVE-2020-26154.patch93
-rw-r--r--user/meson/APKBUILD4
-rw-r--r--user/re2c/APKBUILD9
-rw-r--r--user/re2c/CVE-2020-11958.patch37
-rw-r--r--user/trojita/APKBUILD19
-rw-r--r--user/trojita/CVE-2019-10734.patch104
-rw-r--r--user/trojita/CVE-2020-15047.patch88
-rw-r--r--user/yubikey-personalization/APKBUILD6
-rw-r--r--user/yubikey-personalization/json_c.patch83
27 files changed, 731 insertions, 170 deletions
diff --git a/system/cryptsetup/APKBUILD b/system/cryptsetup/APKBUILD
index f9d5dab28..1786fbb0d 100644
--- a/system/cryptsetup/APKBUILD
+++ b/system/cryptsetup/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=cryptsetup
pkgver=2.3.4
-pkgrel=0
+pkgrel=1
pkgdesc="Utility for setting up encrypted filesystems"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
diff --git a/system/json-c/APKBUILD b/system/json-c/APKBUILD
index 32ee431dd..c05a7d9b7 100644
--- a/system/json-c/APKBUILD
+++ b/system/json-c/APKBUILD
@@ -1,52 +1,36 @@
# Maintainer:
pkgname=json-c
-pkgver=0.13.1
-pkgrel=1
+pkgver=0.15
+pkgrel=0
pkgdesc="A JSON implementation in C"
url="https://github.com/json-c/json-c/wiki"
arch="all"
license="MIT"
depends=""
-makedepends="autoconf automake libtool"
-subpackages="$pkgname-static $pkgname-dev"
+makedepends="cmake doxygen"
+subpackages="$pkgname-dev"
source="https://s3.amazonaws.com/${pkgname}_releases/releases/$pkgname-${pkgver}.tar.gz
- fix-libdir.patch
"
-prepare() {
- default_prepare
- autoreconf -f -v -i
-}
+# secfixes:
+# 0.15-r0:
+# - CVE-2020-12762
build() {
- export CFLAGS="${CFLAGS} -Wno-error=unused-but-set-variable"
- ./configure --prefix=/usr \
- --build=$CBUILD \
- --host=$CHOST \
- --libdir=/lib \
- --sysconfdir=/etc \
- --mandir=/usr/share/man \
- --infodir=/usr/share/info \
- --localstatedir=/var \
- --enable-shared \
- ac_cv_func_malloc_0_nonnull=yes \
- ac_cv_func_realloc_0_nonnull=yes
- make -j1
+ cmake -B "$builddir" \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=lib \
+ -DBUILD_SHARED_LIBS=ON
+ make
+ make doc
}
check() {
- make check
+ make test
}
package() {
make -j1 DESTDIR="$pkgdir" install
}
-static() {
- pkgdesc="Static JSON C library"
- mkdir -p "$subpkgdir"/lib
- mv "$pkgdir"/lib/*.a "$subpkgdir"/lib/
-}
-
-sha512sums="e984db2a42b9c95b52c798b2e8dd1b79951a8dcba27370af30c43b9549fbb00008dbcf052a535c528209aaee38e6d1f760168b706905ae72f3e704ed20f8a1a1 json-c-0.13.1.tar.gz
-939f2b02fe5beb5d85ebc3fd8463bee0cff6b7da98b48edb599e88dda7955b6ba65afc17f9e828025086a1b384aa99703be06b6613e405d9c48541cf52c380f0 fix-libdir.patch"
+sha512sums="dc01298bcc78f0f31a34f5fcfe45c0feebfd88518e97fb4f96f1a652f71ccdd303415a4c7bf5b573bdcbcca80428281f0dfccefc6545ea3a7f18dbb819332f34 json-c-0.15.tar.gz"
diff --git a/system/json-c/fix-libdir.patch b/system/json-c/fix-libdir.patch
deleted file mode 100644
index bf69168e7..000000000
--- a/system/json-c/fix-libdir.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- json-c-0.13.1/Makefile.am.old 2018-03-06 04:13:22.000000000 +0000
-+++ json-c-0.13.1/Makefile.am 2018-07-19 02:12:00.270000000 +0000
-@@ -14,7 +14,7 @@
-
- lib_LTLIBRARIES = libjson-c.la
-
--pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfigdir = /usr/lib/pkgconfig
- pkgconfig_DATA = json-c.pc
-
- libjson_cincludedir = $(includedir)/json-c
diff --git a/system/ncurses/APKBUILD b/system/ncurses/APKBUILD
index 73f5d922b..d2ad46900 100644
--- a/system/ncurses/APKBUILD
+++ b/system/ncurses/APKBUILD
@@ -2,7 +2,7 @@
pkgname=ncurses
pkgver=6.2
_ver=${pkgver}-20200212
-pkgrel=0
+pkgrel=1
pkgdesc="Console display library"
url="https://invisible-island.net/ncurses/ncurses.html"
arch="all"
@@ -12,9 +12,9 @@ depends=""
makedepends_build="ncurses"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs
$pkgname-terminfo-base:base:noarch $pkgname-terminfo:terminfo:noarch"
-source="https://mirrormaster.adelielinux.org/source/upstream/ncurses-$_ver.tgz"
-
-builddir="$srcdir"/ncurses-$_ver
+source="https://distfiles.adelielinux.org/source/upstream/$pkgname-$_ver.tgz
+ "
+builddir="$srcdir/$pkgname-$_ver"
# secfixes:
# 6.0_p20171125-r0:
@@ -48,16 +48,23 @@ package() {
# Install basic terms in /etc/terminfo
for i in ansi console dumb linux rxvt screen sun vt52 vt100 vt102 \
- vt200 vt220 xterm xterm-color xterm-xfree86; do
- local termfile="$(find "$pkgdir"/usr/share/terminfo/ -name "$i" 2>/dev/null)"
+ vt200 vt220 xterm xterm-color xterm-xfree86 xterm-256color \
+ alacritty tmux tmux-256color terminator 'terminology*' \
+ vte vte-256color gnome gnome-256color kitty konsole konsole-256color \
+ konsole-linux putty putty-256color rxvt-256color 'st-*' \
+ screen-256color; do
+ local termfiles="$(find "$pkgdir"/usr/share/terminfo/ -name "$i" 2>/dev/null)"
local basedir="$(basename $(dirname "$termfile"))"
- [ -z "$termfile" ] && continue
-
+ [ -z "$termfiles" ] && continue
+
+ for termfile in $termfiles; do
+ local basedir=$(basename "$(dirname "$termfile")")
install -d "$pkgdir"/etc/terminfo/$basedir
- mv ${termfile} "$pkgdir"/etc/terminfo/$basedir/
- ln -s ../../../../etc/terminfo/$basedir/$i \
- "$pkgdir"/usr/share/terminfo/$basedir/$i
+ mv "$termfile" "$pkgdir"/etc/terminfo/$basedir/
+ ln -s ../../../../etc/terminfo/$basedir/${termfile##*/} \
+ "$pkgdir"/usr/share/terminfo/$basedir/${termfile##*/}
+ done
done
}
diff --git a/user/bind/APKBUILD b/user/bind/APKBUILD
index 2b39c5f1f..44cd5cf30 100644
--- a/user/bind/APKBUILD
+++ b/user/bind/APKBUILD
@@ -9,7 +9,7 @@ _p=${pkgver#*_p}
_ver=${pkgver%_p*}
_major=${pkgver%%.*}
[ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p"
-pkgrel=0
+pkgrel=1
pkgdesc="The ISC DNS server"
url="https://www.isc.org/downloads/bind/"
arch="all"
diff --git a/user/cifs-utils/APKBUILD b/user/cifs-utils/APKBUILD
index 798bb8a1e..17b83ab41 100644
--- a/user/cifs-utils/APKBUILD
+++ b/user/cifs-utils/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Max Rees <maxcrees@me.com>
pkgname=cifs-utils
-pkgver=6.10
+pkgver=6.11
pkgrel=0
pkgdesc="CIFS filesystem user-space tools"
url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
@@ -18,6 +18,10 @@ source="https://ftp.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2
xattr_size_max.patch
"
+# secfixes:
+# 6.11-r0:
+# - CVE-2020-14342
+
prepare() {
default_prepare
autoreconf -vif
@@ -48,7 +52,7 @@ package() {
chmod u+s "$pkgdir"/sbin/mount.cifs
}
-sha512sums="e19ca69b7948f01c1fd6a4ed069e00511588b903a5b8b0dc35ac1e00743170b9ca180b747c47d56cfacf273b296da21df60e1957404f26ebf2ba80bfa7e275cc cifs-utils-6.10.tar.bz2
+sha512sums="064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e cifs-utils-6.11.tar.bz2
99a2fab05bc2f14a600f89526ae0ed2c183cfa179fe386cb327075f710aee3aed5ae823f7c2f51913d1217c2371990d6d4609fdb8d80288bd3a6139df3c8aebe musl-fix-includes.patch
f3acb4f7873628d67c7dfb2378135c302fe382e314277829ea5569710bac0ddb43684aa6d143327d735aec641997084eaa567823b534138ed884bd74044b652a respect-destdir.patch
2a9366ec1ddb0389c535d2fa889f63287cb8374535a47232de102c7e50b6874f67a3d5ef3318df23733300fd8459c7ec4b11f3211508aca7800b756119308e98 xattr_size_max.patch"
diff --git a/user/claws-mail/APKBUILD b/user/claws-mail/APKBUILD
index 72256b3a5..1554a00da 100644
--- a/user/claws-mail/APKBUILD
+++ b/user/claws-mail/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=claws-mail
-pkgver=3.17.6
+pkgver=3.17.8
pkgrel=0
pkgdesc="User-friendly, lightweight, and fast email client"
url="https://www.claws-mail.org/"
@@ -15,6 +15,10 @@ makedepends="compface-dev curl-dev dbus-glib-dev enchant-dev gnutls-dev
subpackages="$pkgname-doc $pkgname-lang"
source="https://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.xz"
+# secfixes:
+# 3.17.8-r0:
+# - CVE-2020-16094
+
build() {
./configure \
--build=$CBUILD \
@@ -36,4 +40,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="07fdf7fce722ee1e50aa155bca720323a58842b372d8295bed33c7245fce5790a1bd3ed7462130664a218a804ab6bd1ba3663ee3e53fbbac6a4a477dd676ede0 claws-mail-3.17.6.tar.xz"
+sha512sums="dc29c968dc81a184af8f66c1afe5c9d17558ce6a4a8b196136a9fb5deec96aa67eec42148ed0f4d6d6ee94aec2791247b9034090dac81beec193bd7d366617d7 claws-mail-3.17.8.tar.xz"
diff --git a/user/confuse/APKBUILD b/user/confuse/APKBUILD
index 4bdfa851f..fc31d73d1 100644
--- a/user/confuse/APKBUILD
+++ b/user/confuse/APKBUILD
@@ -1,10 +1,10 @@
# Contributor: Mira Ressel <aranea@aixah.de>
# Maintainer:
pkgname=confuse
-pkgver=3.2.2
+pkgver=3.3
pkgrel=0
pkgdesc="Small configuration file parser library for C"
-url=" "
+url="https://github.com/martinh/libconfuse"
arch="all"
license="ISC"
depends=""
@@ -12,6 +12,10 @@ makedepends=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="https://github.com/martinh/libconfuse/releases/download/v$pkgver/$pkgname-$pkgver.tar.xz"
+# secfixes:
+# 3.3-r0:
+# - CVE-2018-19760
+
build() {
./configure \
--build=$CBUILD \
@@ -34,4 +38,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="c6baea65e064fe7f2d1bde187c6dcbb7f03c31f5d777cb04576f9cc2d94e9c96b7ee202e030e9a2c7eb619deb240d9e76fb12b3528ae5aa0d3abe231354d12c9 confuse-3.2.2.tar.xz"
+sha512sums="93cc62d98166199315f65a2f6f540a9c0d33592b69a2c6a57fd17f132aecc6ece39b9813b96c9a49ae2b66a99b7eba1188a9ce9e360e1c5fb4b973619e7088a0 confuse-3.3.tar.xz"
diff --git a/user/eigen/APKBUILD b/user/eigen/APKBUILD
index 125cf77fe..aa2a537d2 100644
--- a/user/eigen/APKBUILD
+++ b/user/eigen/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Bradley J Chambers <brad.chambers@gmail.com>
# Maintainer:
pkgname=eigen
-pkgver=3.3.7
+pkgver=3.3.8
pkgrel=0
pkgdesc="Eigen is a C++ template library for linear algebra"
url="http://eigen.tuxfamily.org/index.php?title=Main_Page"
@@ -11,12 +11,7 @@ license="MPL-2.0"
depends=""
makedepends=""
subpackages="$pkgname-dev"
-source="$pkgname-$pkgver.tar.gz::http://bitbucket.org/eigen/$pkgname/get/$pkgver.tar.gz"
-
-prepare() {
- mv "$srcdir"/eigen-eigen-* "$builddir" # directory name contains hash
- default_prepare
-}
+source="https://gitlab.com/libeigen/eigen/-/archive/$pkgver/eigen-$pkgver.tar.gz"
package() {
mkdir -p "$pkgdir"/usr/include/eigen3
@@ -24,4 +19,4 @@ package() {
cp -r "$builddir"/unsupported "$pkgdir"/usr/include/eigen3
}
-sha512sums="34cf600914cce719d61511577ef9cd26fbdcb7a6fad1d0ab8396f98b887fac6a5577d3967e84a8f56225cc50de38f3b91f34f447d14312028383e32b34ea1972 eigen-3.3.7.tar.gz"
+sha512sums="5b4b5985b0294e07b3ed1155720cbbfea322fe9ccad0fc8b0a10060b136a9169a15d5b9cb7a434470cadd45dff0a43049edc20d2e1070005481a120212edc355 eigen-3.3.8.tar.gz"
diff --git a/user/f2fs-tools/APKBUILD b/user/f2fs-tools/APKBUILD
index 7784c170d..59246c22e 100644
--- a/user/f2fs-tools/APKBUILD
+++ b/user/f2fs-tools/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: CyberLeo <cyberleo@cyberleo.net>
# Maintainer: CyberLeo <cyberleo@cyberleo.net>
pkgname=f2fs-tools
-pkgver=1.13.0
+pkgver=1.14.0
pkgrel=0
pkgdesc="Tools for the Flash-Friendly File System (F2FS)"
url="https://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-tools.git"
@@ -13,6 +13,14 @@ makedepends="automake autoconf bsd-compat-headers libtool util-linux-dev linux-h
subpackages="$pkgname-doc $pkgname-dev $pkgname-libs"
source="https://git.kernel.org/cgit/linux/kernel/git/jaegeuk/f2fs-tools.git/snapshot/$pkgname-$pkgver.tar.gz"
+#secfixes:
+# 1.14.0-r0:
+# - CVE-2020-6104
+# - CVE-2020-6105
+# - CVE-2020-6106
+# - CVE-2020-6107
+# - CVE-2020-6108
+
prepare() {
default_prepare
./autogen.sh
@@ -31,4 +39,4 @@ package() {
install -D -m644 mkfs/f2fs_format_utils.h "$pkgdir"/usr/include/
}
-sha512sums="fd920a19e8705a65395809aeef55791c5678ed31c026cdf41fc173e0dbcacdef1db7e0e184ec1aae8637b1784e2ad6e0207583e918255483fe43c73f89bd7f7f f2fs-tools-1.13.0.tar.gz"
+sha512sums="951b74178f99722550e73f331be066f124f6ee6022710f6b47ae47390b978b08f12a7f2a268d82ca69a32bf440cd3ce3adddc8a4c49c32df83da87e7f659f98d f2fs-tools-1.14.0.tar.gz"
diff --git a/user/freetype/APKBUILD b/user/freetype/APKBUILD
index 78c8d96ae..88f531f10 100644
--- a/user/freetype/APKBUILD
+++ b/user/freetype/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=freetype
-pkgver=2.10.2
+pkgver=2.10.4
pkgrel=0
pkgdesc="TrueType font rendering library"
url="https://www.freetype.org/"
@@ -14,6 +14,8 @@ subpackages="$pkgname-dev $pkgname-doc"
source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.xz"
# secfixes:
+# 2.10.4-r0:
+# - CVE-2020-15999
# 2.9.1-r0:
# - CVE-2018-6942
# 2.7.1-r1:
@@ -37,4 +39,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="cf45089bd8893d7de2cdcb59d91bbb300e13dd0f0a9ef80ed697464ba7aeaf46a5a81b82b59638e6b21691754d8f300f23e1f0d11683604541d77f0f581affaa freetype-2.10.2.tar.xz"
+sha512sums="827cda734aa6b537a8bcb247549b72bc1e082a5b32ab8d3cccb7cc26d5f6ee087c19ce34544fa388a1eb4ecaf97600dbabc3e10e950f2ba692617fee7081518f freetype-2.10.4.tar.xz"
diff --git a/user/i3status/APKBUILD b/user/i3status/APKBUILD
index 01e567cee..f143b6fc5 100644
--- a/user/i3status/APKBUILD
+++ b/user/i3status/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=i3status
pkgver=2.13
-pkgrel=1
+pkgrel=2
pkgdesc="Status bar generator for dzen2, xmobar or similar"
url="https://i3wm.org/i3status/"
arch="all"
diff --git a/user/libcroco/APKBUILD b/user/libcroco/APKBUILD
index 209720aaa..4470ac952 100644
--- a/user/libcroco/APKBUILD
+++ b/user/libcroco/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer:
pkgname=libcroco
pkgver=0.6.13
-pkgrel=0
+pkgrel=1
pkgdesc="GNOME CSS 2 parsing and manipulation toolkit"
url="https://gitlab.gnome.org/GNOME/libcroco"
arch="all"
@@ -11,11 +11,15 @@ subpackages="$pkgname-dev"
depends=""
makedepends="glib-dev libxml2-dev"
checkdepends="cmd:which"
-source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz"
+source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz
+ CVE-2020-12825.patch
+ "
# secfixes:
# 0.6.12-r2:
# - CVE-2017-7960
+# 0.6.13-r1:
+# - CVE-2020-12825
build() {
./configure \
@@ -34,4 +38,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz"
+sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz
+ae568a259a2a3a90f6cf107b4f0d5a0dbb6cb3a560262a43b96460457a4b72b7c5f45c2df9c061ed1f94c41b71bdcf69bd55582a77bf858e46c2c3c8a55fe6e3 CVE-2020-12825.patch"
diff --git a/user/libcroco/CVE-2020-12825.patch b/user/libcroco/CVE-2020-12825.patch
new file mode 100644
index 000000000..6fa66f659
--- /dev/null
+++ b/user/libcroco/CVE-2020-12825.patch
@@ -0,0 +1,187 @@
+From 44cbd1e718d6a08e59b9300280c340218a84e089 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 12 Aug 2020 13:54:15 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+---
+ src/cr-parser.c | 44 ++++++++++++++++++++++++++--------------
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/st/croco/cr-parser.c
+index 07f4ed9e8b..8304b75614 100644
+--- a/src/cr-parser.c
++++ b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+ * IS_NUM:
+ *@a_char: the char to test.
+@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+ FALSE);
+ goto done;
+@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ *in chapter 4.1 of the css2 spec.
+ *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *FIXME: code this function.
+ */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
+@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ } else {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ }
+@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+ ref++;
+ goto continue_parsing;
+@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ if (status == CR_OK) {
+ ref++;
+ goto continue_parsing;
+@@ -1161,10 +1170,12 @@ cr_parser_parse_value_core (CRParser * a_this)
+ * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
+ *
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *@return CR_OK upon successfull completion, an error code otherwise.
+ */
+ static enum CRStatus
+-cr_parser_parse_any_core (CRParser * a_this)
++cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token1 = NULL,
+ *token2 = NULL;
+@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
+@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ *We consider parameter as being an "any*" production.
+ */
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+--
+GitLab
+
diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD
index cbecdd1a4..5910e7011 100644
--- a/user/libjpeg-turbo/APKBUILD
+++ b/user/libjpeg-turbo/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libjpeg-turbo
-pkgver=2.0.4
-pkgrel=1
+pkgver=2.0.5
+pkgrel=0
pkgdesc="Accelerated JPEG compression and decompression library"
url="https://libjpeg-turbo.org/"
arch="all"
@@ -11,7 +11,6 @@ depends=""
makedepends="cmake"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
- CVE-2020-13790.patch
"
case "$CTARGET_ARCH" in
@@ -63,5 +62,4 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz
-83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a CVE-2020-13790.patch"
+sha512sums="5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555 libjpeg-turbo-2.0.5.tar.gz"
diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch
deleted file mode 100644
index aaeec0c9c..000000000
--- a/user/libjpeg-turbo/CVE-2020-13790.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 2 Jun 2020 14:15:37 -0500
-Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
-
-This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
-include binary PPM files with maximum values < 255, thus preventing a
-malformed binary PPM input file with those specifications from
-triggering an overrun of the rescale array and potentially crashing
-cjpeg, TJBench, or any program that uses the tjLoadImage() function.
-
-Fixes #433
-
-diff --git a/rdppm.c b/rdppm.c
-index 87bc33090..a8507b902 100644
---- a/rdppm.c
-+++ b/rdppm.c
-@@ -5,7 +5,7 @@
- * Copyright (C) 1991-1997, Thomas G. Lane.
- * Modified 2009 by Bill Allombert, Guido Vollbeding.
- * libjpeg-turbo Modifications:
-- * Copyright (C) 2015-2017, D. R. Commander.
-+ * Copyright (C) 2015-2017, 2020, D. R. Commander.
- * For conditions of distribution and use, see the accompanying README.ijg
- * file.
- *
-@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
- /* On 16-bit-int machines we have to be careful of maxval = 65535 */
- source->rescale = (JSAMPLE *)
- (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
-- (size_t)(((long)maxval + 1L) *
-+ (size_t)(((long)MAX(maxval, 255) + 1L) *
- sizeof(JSAMPLE)));
- half_maxval = maxval / 2;
- for (val = 0; val <= (long)maxval; val++) {
diff --git a/user/libproxy/APKBUILD b/user/libproxy/APKBUILD
index 1cdb0c9b5..7a13ebc05 100644
--- a/user/libproxy/APKBUILD
+++ b/user/libproxy/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=libproxy
pkgver=0.4.15
-pkgrel=2
+pkgrel=3
pkgdesc="Library providing automatic proxy configuration management"
url="http://libproxy.github.io/libproxy/"
arch="all"
@@ -14,8 +14,15 @@ subpackages="$pkgname-dev $pkgname-bin py3-$pkgname:py"
source="$pkgname-$pkgver.tar.gz::https://github.com/libproxy/libproxy/archive/$pkgver.tar.gz
libproxy-0.4.7-unistd.patch
fix-includes.patch
+ CVE-2020-25219.patch
+ CVE-2020-26154.patch
"
+# secfixes:
+# 0.4.15-r3:
+# - CVE-2020-25219
+# - CVE-2020-26154
+
build() {
cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
@@ -55,4 +62,6 @@ py() {
sha512sums="8f68bd56e44aeb3f553f4657bef82a5d14302780508dafa32454d6f724b724c884ceed6042f8df53a081d26ea0b05598cf35eab44823257c47c5ef8afb36442b libproxy-0.4.15.tar.gz
9929c308195bc59c1b9a7ddaaf708fb831da83c5d86d7ce122cb9774c9b9b16aef3c17fb721356e33a865de1af27db493f29a99d292e1e258cd0135218cacd32 libproxy-0.4.7-unistd.patch
-e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch"
+e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch
+908fbf49bec18764a8c2ab81ef5d5e6e1fc2423cf9a6608cc7d3a6d5ac44676e171646b0f95b39b7ade108afd62cc2ede8f7b57d6ba0d67025f30b18e5084292 CVE-2020-25219.patch
+01c784a8016bb2a2bf5058b6af7fac29250542bfd4e0679a91fa223c821336d651f8f4a968763072edb86a78a743618c312a2daeb2963c8e5207109f2d26a18f CVE-2020-26154.patch"
diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch
new file mode 100644
index 000000000..03cfbc00e
--- /dev/null
+++ b/user/libproxy/CVE-2020-25219.patch
@@ -0,0 +1,57 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+
+Fixes #134
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -388,16 +388,24 @@ string url::to_string() const {
+ return m_orig;
+ }
+
+-static inline string recvline(int fd) {
+- // Read a character.
+- // If we don't get a character, return empty string.
+- // If we are at the end of the line, return empty string.
+- char c = '\0';
+-
+- if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+- return "";
+-
+- return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++ string line;
++ int ret;
++
++ // Reserve arbitrary amount of space to avoid small memory reallocations.
++ line.reserve(128);
++
++ do {
++ char c;
++ ret = recv(fd, &c, 1, 0);
++ if (ret == 1) {
++ if (c == '\n')
++ return line;
++ line += c;
++ }
++ } while (ret == 1 || (ret == -1 && errno == EINTR));
++
++ return line;
+ }
+
+ char* url::get_pac() {
diff --git a/user/libproxy/CVE-2020-26154.patch b/user/libproxy/CVE-2020-26154.patch
new file mode 100644
index 000000000..929083327
--- /dev/null
+++ b/user/libproxy/CVE-2020-26154.patch
@@ -0,0 +1,93 @@
+From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
+From: Fei Li <lifeibiren@gmail.com>
+Date: Fri, 17 Jul 2020 02:18:37 +0800
+Subject: [PATCH] Fix buffer overflow when PAC is enabled
+
+The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
+out to be the large PAC file (more than 102400 bytes) returned by a
+local proxy program with no content-length present.
+---
+ libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 31 insertions(+), 13 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..8684086 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -54,7 +54,7 @@ using namespace std;
+ #define PAC_MIME_TYPE_FB "text/plain"
+
+ // This is the maximum pac size (to avoid memory attacks)
+-#define PAC_MAX_SIZE 102400
++#define PAC_MAX_SIZE 0x800000
+ // This is the default block size to use when receiving via HTTP
+ #define PAC_HTTP_BLOCK_SIZE 512
+
+@@ -478,15 +478,13 @@ char* url::get_pac() {
+ }
+
+ // Get content
+- unsigned int recvd = 0;
+- buffer = new char[PAC_MAX_SIZE];
+- memset(buffer, 0, PAC_MAX_SIZE);
++ std::vector<char> dynamic_buffer;
+ do {
+ unsigned int chunk_length;
+
+ if (chunked) {
+ // Discard the empty line if we received a previous chunk
+- if (recvd > 0) recvline(sock);
++ if (!dynamic_buffer.empty()) recvline(sock);
+
+ // Get the chunk-length line as an integer
+ if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
+@@ -498,21 +496,41 @@ char* url::get_pac() {
+
+ if (content_length >= PAC_MAX_SIZE) break;
+
+- while (content_length == 0 || recvd != content_length) {
+- int r = recv(sock, buffer + recvd,
+- content_length == 0 ? PAC_HTTP_BLOCK_SIZE
+- : content_length - recvd, 0);
++ while (content_length == 0 || dynamic_buffer.size() != content_length) {
++ // Calculate length to recv
++ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
++ if (content_length > 0)
++ length_to_read = content_length - dynamic_buffer.size();
++
++ // Prepare buffer
++ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
++
++ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
++
++ // Shrink buffer to fit
++ if (r >= 0)
++ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
++
++ // PAC size too large, discard
++ if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
++ chunked = false;
++ dynamic_buffer.clear();
++ break;
++ }
++
+ if (r <= 0) {
+ chunked = false;
+ break;
+ }
+- recvd += r;
+ }
+ } while (chunked);
+
+- if (content_length != 0 && string(buffer).size() != content_length) {
+- delete[] buffer;
+- buffer = NULL;
++ if (content_length == 0 || content_length == dynamic_buffer.size()) {
++ buffer = new char[dynamic_buffer.size() + 1];
++ if (!dynamic_buffer.empty()) {
++ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
++ }
++ buffer[dynamic_buffer.size()] = '\0';
+ }
+ }
+
diff --git a/user/meson/APKBUILD b/user/meson/APKBUILD
index d975e1460..5164bae64 100644
--- a/user/meson/APKBUILD
+++ b/user/meson/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer:
pkgname=meson
-pkgver=0.52.1
+pkgver=0.55.3
pkgrel=0
pkgdesc="Fast, user-friendly build system"
url="https://mesonbuild.com/"
@@ -24,4 +24,4 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="81e8c5897ba5311ccffc401fd514bd9a67d16caaea1f28a5c5432605766341ecd82b70c05661fbbe0c9a6006ff5ea892950bbaa548e70c3f87350438775ea6fd meson-0.52.1.tar.gz"
+sha512sums="afb0bb25b367e681131d920995124df4b06f6d144ae1a95ebec27be13e06fefbd95840e0287cd1d84bdbb8d9c115b589a833d847c60926f55e0f15749cf66bae meson-0.55.3.tar.gz"
diff --git a/user/re2c/APKBUILD b/user/re2c/APKBUILD
index aad7b839e..3293c610d 100644
--- a/user/re2c/APKBUILD
+++ b/user/re2c/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Jeff Bilyk <jbilyk at gmail>
# Maintainer:
pkgname=re2c
-pkgver=1.3
-pkgrel=1
+pkgver=2.0.3
+pkgrel=0
pkgdesc="Fast lexer generator for C and C++"
url="http://re2c.org/"
arch="all"
@@ -12,13 +12,13 @@ checkdepends="bash"
makedepends=""
subpackages="$pkgname-doc"
source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.xz
- CVE-2020-11958.patch
"
# secfixes:
# 1.3-r1:
# - CVE-2020-11958
+
build() {
./configure \
--build=$CBUILD \
@@ -38,5 +38,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="c7084ab2399fb6b96cef74c1393715d90830f43b82b96af46feb71ef008c0215381c3dbea0b003ff810d869db6021e28001b9d588ad55c616642244b2da09c0e re2c-1.3.tar.xz
-f4376b8e0724d500f665fa60dfd6fb35685a281af50c500d2ff90d781a829fb78f21e8c93c5745a4519acd55a62ec48a570dbfacf0a9ee977502e06f3e2e474a CVE-2020-11958.patch"
+sha512sums="893c533e9847a6236d55ae65e413ddc48b7531b89f5552a3ad79beeac079317ceca4c35710f3c2d88a6de5a3c0a5070a24a8cffb1b4277578a41697ea0e3bf8c re2c-2.0.3.tar.xz"
diff --git a/user/re2c/CVE-2020-11958.patch b/user/re2c/CVE-2020-11958.patch
deleted file mode 100644
index b982b87e6..000000000
--- a/user/re2c/CVE-2020-11958.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001
-From: Ulya Trofimovich <skvadrik@gmail.com>
-Date: Fri, 17 Apr 2020 22:47:14 +0100
-Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo).
-
-The crash happened in a rare case of a very long lexeme that doen't fit
-into the buffer, forcing buffer reallocation.
-
-The crash was caused by an incorrect calculation of the shift offset
-(it was smaller than necessary). As a consequence, the data from buffer
-start and up to the beginning of the current lexeme was not discarded
-(as it should have been), resulting in less free space for new data than
-expected.
----
- src/parse/scanner.cc | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc
-index 1d6e9efa..bd651314 100644
---- a/src/parse/scanner.cc
-+++ b/src/parse/scanner.cc
-@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need)
- if (!buf) fatal("out of memory");
-
- memmove(buf, tok, copy);
-- shift_ptrs_and_fpos(buf - bot);
-+ shift_ptrs_and_fpos(buf - tok);
- delete [] bot;
- bot = buf;
-
- free = BSIZE - copy;
- }
-
-+ DASSERT(lim + free <= bot + BSIZE);
- if (!read(free)) {
- eof = lim;
- memset(lim, 0, YYMAXFILL);
diff --git a/user/trojita/APKBUILD b/user/trojita/APKBUILD
index c55e5453c..3dd6a5ab6 100644
--- a/user/trojita/APKBUILD
+++ b/user/trojita/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house>
pkgname=trojita
pkgver=0.7
-pkgrel=0
+pkgrel=1
pkgdesc="Qt-based IMAP email client"
url="http://trojita.flaska.net/"
arch="all"
@@ -15,7 +15,15 @@ makedepends="cmake extra-cmake-modules zlib-dev qt5-qtbase-dev qt5-qtwebkit-dev
qtkeychain-dev"
source="https://sourceforge.net/projects/trojita/files/src/trojita-$pkgver.tar.xz
use-qgpgme.patch
- fix-gpg.patch"
+ fix-gpg.patch
+ CVE-2019-10734.patch
+ CVE-2020-15047.patch
+ "
+
+# secfixes:
+# 0.7-r1:
+# - CVE-2019-10734
+# - CVE-2020-15047
build() {
if [ "$CBUILD" != "$CHOST" ]; then
@@ -34,7 +42,8 @@ build() {
}
check() {
- CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+ # test_Html_formatting: requires X11
+ CTEST_OUTPUT_ON_FAILURE=TRUE ctest -E test_Html_formatting
}
package() {
@@ -43,4 +52,6 @@ package() {
sha512sums="fe4d9316f97d913619f27d24a5023c3d8dd4a6b9fb058651be12c67188f394aa8cbb60c7593e5eb28fc12fc883b76deeeb5f4f631edd255fdec4c5862c9a91c8 trojita-0.7.tar.xz
740c2410d7236d722482f05dd1d2c681e35543620823cb7c1396710081f9de4f6ae530c5b5442ecf5d08a8e552f0697f3a35bf51e07a3b4336dec7021b665706 use-qgpgme.patch
-9d0fbf7c0b0f6975990a7705f9d43043e5807401cee179d7a07f9514856332d6bb1aa8448e84d0083003c34a3bb181080b973e8c1f77d1b5a8930d07d57702da fix-gpg.patch"
+9d0fbf7c0b0f6975990a7705f9d43043e5807401cee179d7a07f9514856332d6bb1aa8448e84d0083003c34a3bb181080b973e8c1f77d1b5a8930d07d57702da fix-gpg.patch
+db96a566924b5d7b80787ab624af3726d5dd3459653192436a377d6482ab73801a7dcca1df1b1d937cf0d0798b827e04f8ef2c1124f91dc9da3e8036ef61e28a CVE-2019-10734.patch
+2477612aca1e558fa3ba2b434a701cc255c573ac7e2001e7b5921c9b991f7c95720f53b70b49824e36bafb53ab53477950cb8d436e637fda4d59c7ec5883ce5f CVE-2020-15047.patch"
diff --git a/user/trojita/CVE-2019-10734.patch b/user/trojita/CVE-2019-10734.patch
new file mode 100644
index 000000000..d52edb042
--- /dev/null
+++ b/user/trojita/CVE-2019-10734.patch
@@ -0,0 +1,104 @@
+From 8db7f450d52539b4c72ee968384911b6813ad1e7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org>
+Date: Thu, 25 Jun 2020 21:39:34 +0200
+Subject: [PATCH] Prevent a possible decryption oracle attack
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Jens Mueller (Ruhr-Uni Bochum and FH Münster) for reporting
+this. The gist is that an attacker can embed arbitrary ciphertext into
+their messages. Trojita decrypts that, and when we hit reply, the
+original *cleartext* gets quoted and put into a reply for the attacker
+to see.
+
+Fix this by not quoting any plaintext which originated in an encrypted
+message. That's pretty draconian, but hey, it works and we never came up
+with any better patch. Also, given that Trojita does not encrypt
+outgoing messages yet, this is probably also a conservative thing to do.
+
+Change-Id: I84c45b9e707eb7c99eb7183c6ef59ef41cd62c43
+CVE: CVE-2019-10734
+BUG: 404697
+---
+ src/Cryptography/GpgMe++.cpp | 2 ++
+ src/Gui/MessageView.cpp | 9 ++++++++-
+ src/Gui/PartWidget.cpp | 8 ++++++++
+ src/Imap/Model/ItemRoles.h | 2 +-
+ 4 files changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/src/Cryptography/GpgMe++.cpp b/src/Cryptography/GpgMe++.cpp
+index e012f603..716b8aff 100644
+--- a/src/Cryptography/GpgMe++.cpp
++++ b/src/Cryptography/GpgMe++.cpp
+@@ -267,6 +267,8 @@ QVariant GpgMePart::data(int role) const
+ switch (role) {
+ case Imap::Mailbox::RolePartSignatureVerifySupported:
+ return m_wasSigned;
++ case RolePartDecryptionSupported:
++ return m_isAllegedlyEncrypted;
+ case RolePartCryptoNotFinishedYet:
+ return m_waitingForData ||
+ (m_crypto.valid() &&
+diff --git a/src/Gui/MessageView.cpp b/src/Gui/MessageView.cpp
+index 7d649308..c95e0878 100644
+--- a/src/Gui/MessageView.cpp
++++ b/src/Gui/MessageView.cpp
+@@ -354,7 +354,6 @@ bool MessageView::eventFilter(QObject *object, QEvent *event)
+ QString MessageView::quoteText() const
+ {
+ if (auto w = bodyWidget()) {
+- QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+ const Imap::Message::Envelope &e = message.data(Imap::Mailbox::RoleMessageEnvelope).value<Imap::Message::Envelope>();
+ QString sender;
+ if (!e.from.isEmpty())
+@@ -362,6 +361,14 @@ QString MessageView::quoteText() const
+ if (e.from.isEmpty())
+ sender = tr("you");
+
++ if (messageModel->index(0, 0) /* fake message root */.child(0, 0) /* first MIME part */.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++ // This is just an UX improvement shortcut: real filtering for CVE-2019-10734 is in
++ // MultipartSignedEncryptedWidget::quoteMe().
++ // That is required because the encrypted part might not be the root part of the message.
++ return tr("On %1, %2 sent an encrypted message:\n> ...\n\n").arg(e.date.toLocalTime().toString(Qt::SystemLocaleLongDate), sender);
++ }
++
++ QStringList quote = Composer::quoteText(w->quoteMe().split(QLatin1Char('\n')));
+ // One extra newline at the end of the quoted text to separate the response
+ quote << QString();
+
+diff --git a/src/Gui/PartWidget.cpp b/src/Gui/PartWidget.cpp
+index bb27604d..96eff338 100644
+--- a/src/Gui/PartWidget.cpp
++++ b/src/Gui/PartWidget.cpp
+@@ -378,6 +378,14 @@ void MultipartSignedEncryptedWidget::updateStatusIndicator()
+
+ QString MultipartSignedEncryptedWidget::quoteMe() const
+ {
++ if (m_partIndex.data(Imap::Mailbox::RolePartDecryptionSupported).toBool()) {
++ // See CVE-2019-10734, the point is not to leak cleartext from encrypted content. Even when Trojita starts supporting
++ // encryption of outgoing mail, we will have to check whether the encrypted cleartext is from the same sender, whether
++ // it matches the list of recipients (which is dynamic and can be set later on), etc etc.
++ // TL;DR, this is a can of worms.
++ return tr("[Encrypted message]");
++ }
++
+ return quoteMeHelper(children());
+ }
+
+diff --git a/src/Imap/Model/ItemRoles.h b/src/Imap/Model/ItemRoles.h
+index 4588d4d0..00adb3bb 100644
+--- a/src/Imap/Model/ItemRoles.h
++++ b/src/Imap/Model/ItemRoles.h
+@@ -193,7 +193,7 @@ enum {
+ RolePartSignatureVerifySupported,
+ /** @short Is the format of this particular multipart/encrypted supported and recognized?
+
+- See RolePartSignatureVerifySupported, this is an equivalent.
++ If true, this message part represents content of an encrypted message that Trojita can attempt to decrypt.
+ */
+ RolePartDecryptionSupported,
+ /** @short Is there any point in waiting longer?
+--
+GitLab
+
diff --git a/user/trojita/CVE-2020-15047.patch b/user/trojita/CVE-2020-15047.patch
new file mode 100644
index 000000000..6199c01fd
--- /dev/null
+++ b/user/trojita/CVE-2020-15047.patch
@@ -0,0 +1,88 @@
+From 77ddd5d44f2bf4155d0c9b6f7d05f01713b32d5d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= <jkt@kde.org>
+Date: Thu, 25 Jun 2020 11:30:51 +0200
+Subject: [PATCH] SMTP: Do not ignore TLS errors
+
+This fixes a CVE-2020-15047 (category: CWE-295). Since commit 0083eea5ed
+which added initial, experimental support for SMTP message submission,
+we have apparently never implemented proper SSL/TLS error handling, and
+the code has ever since just kept silently ignoring any certificate
+verification errors. As a result, Trojita was susceptible to a MITM
+attack when sending e-mails. The information leaked include user's
+authentication details, including the password, and the content of sent
+messages.
+
+Sorry for this :(.
+
+Now, this patch re-enabes proper TLS error handling. It was not possible
+to directly re-use our code for TLS key pinning which we are using for
+IMAP connections. In the Qt TLS code, the decision to accept or not
+accept a TLS connection is a blocking one, so the IMAP code relies upon
+the protocol state machine (i.e., another layer) for deciding whether to
+use or not to use the just-established TLS connection. Implementing an
+equivalent code in the SMTP library would be nice, but this hot-fix has
+a priority. As a result, SMTP connections to hosts with, e.g.,
+self-signed TLS certs, are no longer possible. Let's hope that this is
+not a practical problem with Lets Encrypt anymore.
+
+Thanks to Damian Poddebniak for reporting this bug.
+
+Change-Id: Icd6bbb2b0fb3e45159fc9699ebd07ab84262fe37
+CVE: CVE-2020-15047
+BUG: 423453
+---
+ src/MSA/SMTP.cpp | 11 +++++++++--
+ src/MSA/SMTP.h | 1 +
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/MSA/SMTP.cpp b/src/MSA/SMTP.cpp
+index 3a054516..ac1eefc5 100644
+--- a/src/MSA/SMTP.cpp
++++ b/src/MSA/SMTP.cpp
+@@ -21,6 +21,7 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+ #include "SMTP.h"
++#include "UiUtils/Formatting.h"
+
+ namespace MSA
+ {
+@@ -32,8 +33,8 @@ SMTP::SMTP(QObject *parent, const QString &host, quint16 port, bool encryptedCon
+ user(user), failed(false), isWaitingForPassword(false), sendingMode(MODE_SMTP_INVALID)
+ {
+ qwwSmtp = new QwwSmtpClient(this);
+- // FIXME: handle SSL errors properly
+- connect(qwwSmtp, &QwwSmtpClient::sslErrors, qwwSmtp, &QwwSmtpClient::ignoreSslErrors);
++ // FIXME: handle SSL errors in the same way as we handle IMAP TLS errors, with key pinning, etc.
++ connect(qwwSmtp, &QwwSmtpClient::sslErrors, this, &SMTP::handleSslErrors);
+ connect(qwwSmtp, &QwwSmtpClient::connected, this, &AbstractMSA::sending);
+ connect(qwwSmtp, &QwwSmtpClient::done, this, &SMTP::handleDone);
+ connect(qwwSmtp, &QwwSmtpClient::socketError, this, &SMTP::handleError);
+@@ -78,6 +79,12 @@ void SMTP::handleError(QAbstractSocket::SocketError err, const QString &msg)
+ emit error(msg);
+ }
+
++void SMTP::handleSslErrors(const QList<QSslError>& errors)
++{
++ auto msg = UiUtils::Formatting::sslErrorsToHtml(errors);
++ emit error(tr("<p>Cannot send message due to an SSL/TLS error</p>\n%1").arg(msg));
++}
++
+ void SMTP::setPassword(const QString &password)
+ {
+ pass = password;
+diff --git a/src/MSA/SMTP.h b/src/MSA/SMTP.h
+index 453407d3..913bb873 100644
+--- a/src/MSA/SMTP.h
++++ b/src/MSA/SMTP.h
+@@ -43,6 +43,7 @@ public slots:
+ virtual void setPassword(const QString &password);
+ void handleDone(bool ok);
+ void handleError(QAbstractSocket::SocketError err, const QString &msg);
++ void handleSslErrors(const QList<QSslError>& errors);
+ private:
+ QwwSmtpClient *qwwSmtp;
+ QString host;
+--
+GitLab
+
diff --git a/user/yubikey-personalization/APKBUILD b/user/yubikey-personalization/APKBUILD
index 1db97be94..3ff2ce728 100644
--- a/user/yubikey-personalization/APKBUILD
+++ b/user/yubikey-personalization/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house>
pkgname=yubikey-personalization
pkgver=1.20.0
-pkgrel=0
+pkgrel=1
pkgdesc="Cross-platform library & tools for personalizing YubiKey devices"
url="https://developers.yubico.com/yubikey-personalization/"
arch="all"
@@ -13,6 +13,7 @@ makedepends="yubico-c-dev libusb-dev json-c-dev asciidoctor
subpackages="$pkgname-dev $pkgname-doc"
source="yubikey-personalization-$pkgver.tar.gz::https://github.com/Yubico/yubikey-personalization/archive/v$pkgver.tar.gz
use-asciidoctor.patch
+ json_c.patch
"
prepare() {
@@ -40,4 +41,5 @@ package() {
}
sha512sums="a38b26700793f0a801e5f5889bbbce4a3f728d22aaecf8d0890f1b5135e67bed16a78b7a36dbc323c5d296901f6dd420fa658a982492a0cd9f0bbf95a5fbc823 yubikey-personalization-1.20.0.tar.gz
-d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch"
+d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch
+a8bc7ae71d0a05476688abfaea070ca7dc2eaa68e033524d4a1b2b6240eec2932d867e9eeaa248874a04f254618cd79bf9ebaa17421938b0c2e62502bf90c055 json_c.patch"
diff --git a/user/yubikey-personalization/json_c.patch b/user/yubikey-personalization/json_c.patch
new file mode 100644
index 000000000..ca5a918d2
--- /dev/null
+++ b/user/yubikey-personalization/json_c.patch
@@ -0,0 +1,83 @@
+From 0aa2e2cae2e1777863993a10c809bb50f4cde7f8 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Sat, 25 Apr 2020 20:55:28 +0200
+Subject: [PATCH] fix boolean value with json-c 0.14
+
+Upstream removed the TRUE and FALSE defines in commit
+0992aac61f8b087efd7094e9ac2b84fa9c040fcd.
+---
+ ykpers-json.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/ykpers-json.c b/ykpers-json.c
+index a62e907..15ad380 100644
+--- a/ykpers-json.c
++++ b/ykpers-json.c
+@@ -40,7 +40,7 @@
+ #define yk_json_object_object_get(obj, key, value) json_object_object_get_ex(obj, key, &value)
+ #else
+ typedef int json_bool;
+-#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE
++#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? 0 : 1
+ #endif
+
+ static void set_json_value(struct map_st *p, int mode, json_object *options, YKP_CONFIG *cfg) {
+@@ -50,7 +50,7 @@ static void set_json_value(struct map_st *p, int mode, json_object *options, YKP
+ if(p->mode && (mode & p->mode) == mode) {
+ json_object *joption;
+ json_bool ret = yk_json_object_object_get(options, p->json_text, joption);
+- if(ret == TRUE && json_object_get_type(joption) == json_type_boolean) {
++ if(ret == 1 && json_object_get_type(joption) == json_type_boolean) {
+ int value = json_object_get_boolean(joption);
+ if(value == 1) {
+ p->setter(cfg, true);
+@@ -230,20 +230,20 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == FALSE) {
++ if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(yprod_json, "mode", jmode) == FALSE) {
++ if(yk_json_object_object_get(yprod_json, "mode", jmode) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(yprod_json, "options", options) == FALSE) {
++ if(yk_json_object_object_get(yprod_json, "options", options) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+
+- if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == TRUE) {
++ if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == 1) {
+ int target_config = json_object_get_int(jtarget);
+ int command;
+ if(target_config == 1) {
+@@ -275,13 +275,13 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ if(mode == MODE_OATH_HOTP) {
+ json_object *jdigits, *jrandom;
+ ykp_set_tktflag_OATH_HOTP(cfg, true);
+- if(yk_json_object_object_get(options, "oathDigits", jdigits) == TRUE) {
++ if(yk_json_object_object_get(options, "oathDigits", jdigits) == 1) {
+ int digits = json_object_get_int(jdigits);
+ if(digits == 8) {
+ ykp_set_cfgflag_OATH_HOTP8(cfg, true);
+ }
+ }
+- if(yk_json_object_object_get(options, "randomSeed", jrandom) == TRUE) {
++ if(yk_json_object_object_get(options, "randomSeed", jrandom) == 1) {
+ int random = json_object_get_boolean(jrandom);
+ int seed = 0;
+ if(random == 1) {
+@@ -290,7 +290,7 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ goto out;
+ } else {
+ json_object *jseed;
+- if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == TRUE) {
++ if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == 1) {
+ seed = json_object_get_int(jseed);
+ }
+ }