diff options
Diffstat (limited to 'system')
73 files changed, 1582 insertions, 759 deletions
diff --git a/system/cmake/APKBUILD b/system/cmake/APKBUILD index 672caf7e0..983dd5335 100644 --- a/system/cmake/APKBUILD +++ b/system/cmake/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Valery Kartel <valery.kartel@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=cmake -pkgver=3.23.5 +pkgver=3.31.8 pkgrel=0 pkgdesc="Cross-platform build system" url="https://cmake.org" @@ -19,7 +19,7 @@ case $pkgver in esac source="https://cmake.org/files/$_v/cmake-${pkgver}.tar.gz - fix-tests-git-file-protocol-permission.patch + musl-ldso.patch " _parallel_opt() { @@ -41,6 +41,7 @@ build() { --datadir=/share/$pkgname \ --docdir=/share/doc/$pkgname \ --system-libs \ + --no-system-cppdap \ --no-system-jsoncpp \ $(_parallel_opt) make @@ -53,11 +54,13 @@ check() { ; # skip CTestTestUpload: tries to upload something during check... - #CTEST_PARALLEL_LEVEL=${JOBS} \ + # BundleUtilities fails in autobuilder env due to LD_PRELOAD hack + # RunCMake.CrosscompilingEmulator and RunCMake.add_test don't support + # running with parallel level > 1. + CTEST_PARALLEL_LEVEL=${JOBS} \ CTEST_OUTPUT_ON_FAILURE=TRUE \ bin/ctest \ - -E CTestTestUpload \ - -E BundleUtilities \ + -E '(CTestTestUpload|BundleUtilities|RunCMake\.(CrosscompilingEmulator|add_test))' \ ; } @@ -65,5 +68,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="298f02cd4a0b332184b3e49f343d8a03dcfa637004b0ee9d0a81f72b1ee568aca9caa7322dbf9fe82d9660a8c617f572404cef0c34b2f63297e9211e953cca12 cmake-3.23.5.tar.gz -353cae903076760c77a902256ea6c61102ada60c1ebd05227670cb2bb9aa8f49a4e9946513650f4e58ff94f9a1d108c427d88340b9a633df5376e8036498245e fix-tests-git-file-protocol-permission.patch" +sha512sums="07dbb5af1d449760ef92a921e43c0a0a091989ac51ce3f8b7607bf617b8b56e47c675486d3c620c04f1105b7dfa3852b926915e0888ff46ea473cd01e572f461 cmake-3.31.8.tar.gz +4ad2da9781f55686f4c5dbbb93f909748097f23760208a81109117b3b0976e02f2228253c3a916a6b26575a27f8b67012d2458c35a9cacf6668261d8cede9582 musl-ldso.patch" diff --git a/system/cmake/fix-tests-git-file-protocol-permission.patch b/system/cmake/fix-tests-git-file-protocol-permission.patch deleted file mode 100644 index c43d9a146..000000000 --- a/system/cmake/fix-tests-git-file-protocol-permission.patch +++ /dev/null @@ -1,21 +0,0 @@ -Backported: https://github.com/Kitware/CMake/commit/79ce0f434e916684d734e136b92e14f472a9d14a - -diff -ur a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt ---- a/Tests/CMakeLists.txt 2022-11-01 08:36:33.000000000 -0500 -+++ b/Tests/CMakeLists.txt 2023-02-28 15:24:14.294747915 -0600 -@@ -1586,6 +1586,7 @@ - ) - list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/ExternalProject") - set_tests_properties(ExternalProject PROPERTIES -+ ENVIRONMENT GIT_ALLOW_PROTOCOL=file - RUN_SERIAL 1 - TIMEOUT ${CMAKE_LONG_TEST_TIMEOUT}) - -@@ -2678,6 +2679,7 @@ - -P "${CMake_BINARY_DIR}/Tests/CTestUpdateGIT.cmake" - ) - list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/${CTestUpdateGIT_DIR}") -+ set_property(TEST CTest.UpdateGIT PROPERTY ENVIRONMENT GIT_ALLOW_PROTOCOL=file) - endif() - - # Test CTest Update with HG diff --git a/system/cmake/musl-ldso.patch b/system/cmake/musl-ldso.patch new file mode 100644 index 000000000..7fd68e374 --- /dev/null +++ b/system/cmake/musl-ldso.patch @@ -0,0 +1,5 @@ +--- cmake-3.31.8/Tests/RunCMake/RuntimePath/Stub-fail-stderr.txt.old 2025-06-12 08:51:05.000000000 -0500 ++++ cmake-3.31.8/Tests/RunCMake/RuntimePath/Stub-fail-stderr.txt 2025-06-16 19:11:24.657917052 -0500 +@@ -1 +1 @@ +-(error while loading shared libraries: libStub\.so\.1|Library not loaded: '?@rpath/libStub\.1\.dylib'?|(Cannot|Could not) load module libStub\.a\(libStub\.so\.1\)|fatal: libStub\.so\.1: open failed|Shared object "libStub\.so\.1" not found) ++(Error loading shared library libStub\.so\.1|error while loading shared libraries: libStub\.so\.1|Library not loaded: '?@rpath/libStub\.1\.dylib'?|(Cannot|Could not) load module libStub\.a\(libStub\.so\.1\)|fatal: libStub\.so\.1: open failed|Shared object "libStub\.so\.1" not found) diff --git a/system/libbsd/APKBUILD b/system/libbsd/APKBUILD index 8153a76e6..68b7c1505 100644 --- a/system/libbsd/APKBUILD +++ b/system/libbsd/APKBUILD @@ -9,8 +9,8 @@ url="https://libbsd.freedesktop.org/" arch="all" license="BSD-2-Clause-NetBSD AND BSD-3-Clause AND BSD-4-Clause AND BSD-5-Clause AND Expat AND ISC AND Public-Domain AND Beerware" depends="musl>=1.1.16-r22" -depends_dev="bsd-compat-headers linux-headers" -makedepends="$depends_dev libmd-dev" +depends_dev="bsd-compat-headers libmd-dev linux-headers" +makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-doc" source="https://libbsd.freedesktop.org/releases/$pkgname-$pkgver.tar.xz" diff --git a/system/libgpg-error/APKBUILD b/system/libgpg-error/APKBUILD index 3a75f5e81..a6fc5841f 100644 --- a/system/libgpg-error/APKBUILD +++ b/system/libgpg-error/APKBUILD @@ -19,7 +19,8 @@ build() { --prefix=/usr \ --sysconfdir=/etc \ --mandir=/usr/share/man \ - --localstatedir=/var + --localstatedir=/var \ + --enable-install-gpg-error-config make } diff --git a/system/lz4/APKBUILD b/system/lz4/APKBUILD index 3911e26f4..9b4991db7 100644 --- a/system/lz4/APKBUILD +++ b/system/lz4/APKBUILD @@ -1,20 +1,16 @@ # Contributor: Stuart Cardall <developer@it-offshore.co.uk> # Maintainer: Dan Theisen <djt@hxx.in> pkgname=lz4 -pkgver=1.9.4 +pkgver=1.10.0 pkgrel=0 pkgdesc="LZ4: Extremely Fast Compression algorithm" url="https://github.com/lz4/lz4" arch="all" -license="BSD-2-Clause GPL-2.0-only" +license="GPL-2.0+" checkdepends="diffutils" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz" -case "$CARCH" in -armhf) options="!check" ;; # FIXME -esac - # secfixes: # 1.9.3-r1: # - CVE-2021-3520 @@ -31,4 +27,9 @@ package() { make PREFIX="/usr" DESTDIR="$pkgdir" install } -sha512sums="043a9acb2417624019d73db140d83b80f1d7c43a6fd5be839193d68df8fd0b3f610d7ed4d628c2a9184f7cde9a0fd1ba9d075d8251298e3eb4b3a77f52736684 lz4-1.9.4.tar.gz" +libs() { + license="BSD-2-Clause" + default_libs +} + +sha512sums="8c4ceb217e6dc8e7e0beba99adc736aca8963867bcf9f970d621978ba11ce92855912f8b66138037a1d2ae171e8e17beb7be99281fea840106aa60373c455b28 lz4-1.10.0.tar.gz" diff --git a/system/lzip/APKBUILD b/system/lzip/APKBUILD index 9f664b6ce..c31cbf0cb 100644 --- a/system/lzip/APKBUILD +++ b/system/lzip/APKBUILD @@ -1,7 +1,7 @@ # Contributor: ScrumpyJack <scrumpyjack@st.ilet.to> # Maintainer: Dan Theisen <djt@hxx.in> pkgname=lzip -pkgver=1.23 +pkgver=1.25 pkgrel=0 pkgdesc="Lossless data compressor" url="https://www.nongnu.org/lzip/lzip.html" @@ -28,4 +28,4 @@ package() { make DESTDIR=$pkgdir install } -sha512sums="482804205b6e92fdf9cb17fb9482df7987227c7b1bef9e42d78787acfabe73995f5b1a66f847d2176423f22dce56f1122c5b1c9670f0b778c0bdad2852369c85 lzip-1.23.tar.gz" +sha512sums="6dec5625d5668d2f6f93816b0f2d7050ef357b5ce9a9af100bde45dddc21171341c2bcb623acdde8146b7eaed2248f8e0f5f32e64f57ecc6fe6cb9a0e187b796 lzip-1.25.tar.gz" diff --git a/system/m4/APKBUILD b/system/m4/APKBUILD index 90b5145c7..f24881d02 100644 --- a/system/m4/APKBUILD +++ b/system/m4/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Zach van Rijn <me@zv.io> pkgname=m4 -pkgver=1.4.19 -pkgrel=1 +pkgver=1.4.20 +pkgrel=0 pkgdesc="GNU macro processor" url="https://www.gnu.org/software/m4" arch="all" @@ -10,12 +10,8 @@ depends="" checkdepends="diffutils" makedepends="texinfo" subpackages="$pkgname-doc $pkgname-lang" -source="https://ftp.gnu.org/gnu/m4/$pkgname-$pkgver.tar.gz - disable-mbrtowc-test.patch +source="https://ftp.gnu.org/gnu/m4/$pkgname-$pkgver.tar.xz gnulib-tests-dont-require-gpg-passphrase.patch - m4-1.4.19-test-198.patch - posix-test.patch - fix-ppc-ucontext-regs.patch " build() { @@ -36,9 +32,5 @@ package() { rmdir -p "$pkgdir"/usr/lib 2>/dev/null || true } -sha512sums="f5dd0f02fcae65a176a16af9a8e1747c26e9440c6c224003ba458d3298b777a75ffb189aee9051fb0c4840b2a48278be4a51d959381af0b1d627570f478c58f2 m4-1.4.19.tar.gz -c39562852502282f83b9bfa46aff00c8859b19d4d4335dbdb488748b10f6df6a13ea8291784683bf967674a5a824276419af47d2395e8af18823452a8d4999da disable-mbrtowc-test.patch -fb7344bc8a7aea1f1ce87474109aaf3d5a5ca0cd86b517025c6aad9a388a9ede7c267e7095d171d8768d1c0f0d9d8009e307467352afa81484c54dc476db0ebd gnulib-tests-dont-require-gpg-passphrase.patch -f409fcfd70d55c099bba7d784bea8f99cd6ccbfe24dfc3d76a2e757df96b6c71f7e4b42f63d433259e3bec7b7e40e6569533c032c98537003a6e7314754dd6fb m4-1.4.19-test-198.patch -43c68f84c465b2e26a73ef0a5cf9bacafee70849f9de166eef45d7699438dce0ea3cacdd513daa8a8ae7fb677778290e2a78d01b551d9465de68eb167abcbc93 posix-test.patch -0d40a28e2a4d40c5f18c317e4e6bce7fda2c7316249ebf102c585eda32d069a63a1fb5ced5efcba6d2beb2d68d54d67c6b2789f881bbb488899c95130e152744 fix-ppc-ucontext-regs.patch" +sha512sums="dc7b4f61452e564b095010029bf6ce4246e5a03959989cd76b09eb8012db7424c52819143020fab21a3471ff57ab026d3eccbd00dd3969819208980565a9fec0 m4-1.4.20.tar.xz +aec2ad41e0e340491d764ca2fd3e64b06ea6874116700cbe514ef8e44d8edd4a02568dda0e012811d7e619518baa2279f409c7a65101d067da23fe842a8c904e gnulib-tests-dont-require-gpg-passphrase.patch" diff --git a/system/m4/fix-ppc-ucontext-regs.patch b/system/m4/fix-ppc-ucontext-regs.patch deleted file mode 100644 index d696da4ad..000000000 --- a/system/m4/fix-ppc-ucontext-regs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur a/lib/sigsegv.c b/lib/sigsegv.c ---- a/lib/sigsegv.c 2022-03-05 20:30:15.030000000 +0000 -+++ b/lib/sigsegv.c 2022-03-05 20:42:49.910000000 +0000 -@@ -220,7 +220,7 @@ - # if 0 - # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1] - # else --# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1] -+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gregs[1] - # endif - # endif - diff --git a/system/m4/gnulib-tests-dont-require-gpg-passphrase.patch b/system/m4/gnulib-tests-dont-require-gpg-passphrase.patch index d00fbfd6a..c414f2154 100644 --- a/system/m4/gnulib-tests-dont-require-gpg-passphrase.patch +++ b/system/m4/gnulib-tests-dont-require-gpg-passphrase.patch @@ -1,6 +1,6 @@ --- m4-1.4.18/tests/test-vc-list-files-git.sh.old 2018-01-03 18:36:29.000000000 -0600 +++ m4-1.4.18/tests/test-vc-list-files-git.sh 2018-06-18 21:57:08.305562148 -0500 -@@ -32,6 +32,7 @@ +@@ -39,6 +39,7 @@ touch d/a b c && git config user.email "you@example.com" && git config user.name "Your Name" && diff --git a/system/m4/m4-1.4.19-test-198.patch b/system/m4/m4-1.4.19-test-198.patch deleted file mode 100644 index 3ca4bd478..000000000 --- a/system/m4/m4-1.4.19-test-198.patch +++ /dev/null @@ -1,31 +0,0 @@ -From cd7f4d153ccccf601751e9fa82424412f6ecfc96 Mon Sep 17 00:00:00 2001 -From: Eric Blake <eblake@redhat.com> -Date: Tue, 1 Jun 2021 08:10:51 -0500 -Subject: [PATCH] tests: Fix 198.sysval - -In my attempt to avoid test failures on Haiku, I caused test failures -on platforms where sh is noisy when reporting a killed sub-process. - -* doc/m4.texi (Sysval): Avoid stderr noise during test. -Fixes: 17011ea76a (tests: Skip signal detection on Haiku) -Fixes: https://lists.gnu.org/archive/html/bug-m4/2021-05/msg00029.html ---- - doc/m4.texi | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/doc/m4.texi b/doc/m4.texi -index 247f2be5..3b833b2a 100644 ---- a/doc/m4.texi -+++ b/doc/m4.texi -@@ -6756,6 +6756,7 @@ ifdef(`__unix__', , - ')m4exit(`77')')dnl - changequote(`[', `]') - @result{} --syscmd([/bin/sh -c 'kill -9 $$'; st=$?; test $st = 137 || test $st = 265]) -+syscmd([@{ /bin/sh -c 'kill -9 $$'; @} 2>/dev/null; st=$?; -+test $st = 137 || test $st = 265]) - @result{} - ifelse(sysval, [0], , [errprint([ skipping: shell does not send signal 9 --- -2.17.1 - diff --git a/system/m4/posix-test.patch b/system/m4/posix-test.patch deleted file mode 100644 index 058c85c6f..000000000 --- a/system/m4/posix-test.patch +++ /dev/null @@ -1,18 +0,0 @@ -This behaviour does not pass on *this* platform. - ---- m4-1.4.19/tests/test-posix_spawn_file_actions_addclose.c.old 2021-04-22 15:28:47.000000000 -0500 -+++ m4-1.4.19/tests/test-posix_spawn_file_actions_addclose.c 2022-02-09 03:27:59.030000000 -0600 -@@ -54,13 +54,6 @@ - errno = 0; - ASSERT (posix_spawn_file_actions_addclose (&actions, -1) == EBADF); - } -- /* This behaviour is not mandated by POSIX, but happens to pass on all -- platforms. */ -- { -- int bad_fd = big_fd (); -- errno = 0; -- ASSERT (posix_spawn_file_actions_addclose (&actions, bad_fd) == EBADF); -- } - - posix_spawn_file_actions_destroy (&actions); - diff --git a/system/man-pages/APKBUILD b/system/man-pages/APKBUILD index 2ee5c69f1..53ac72bfc 100644 --- a/system/man-pages/APKBUILD +++ b/system/man-pages/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=man-pages -pkgver=5.13 +pkgver=6.14 _posixver=2017 -pkgrel=1 +pkgrel=0 pkgdesc="Linux man pages" url="https://www.kernel.org/doc/man-pages/" arch="noarch" @@ -12,7 +12,7 @@ license="GPL-2.0+ AND POSIX" depends="" makedepends="" install_if="docs build-tools" -source="https://cdn.kernel.org/pub/linux/docs/$pkgname/Archive/$pkgname-$pkgver.tar.xz +source="https://cdn.kernel.org/pub/linux/docs/$pkgname/$pkgname-$pkgver.tar.xz https://cdn.kernel.org/pub/linux/docs/$pkgname/$pkgname-posix/$pkgname-posix-${_posixver}-a.tar.xz " @@ -27,7 +27,7 @@ build() { } package() { - make prefix="$pkgdir"/usr install + make -R prefix="$pkgdir"/usr install find "$pkgdir"/usr/share/man -name "*.[0-9]" | xargs gzip -9 # provided by libiconv-doc @@ -50,5 +50,5 @@ package() { rm -f "$pkgdir"/usr/share/man/man1/localedef* } -sha512sums="a68c0bd5f078aff2f13f962060863e5d30734c1c562e8e9e3d5eda5a329b18ad3e9b4ebb883d31cacfc0a476f91fccb8dd4257598acd75d09dd21351893d3499 man-pages-5.13.tar.xz +sha512sums="e2981bb75e22d74ae4424dde7a9529d685693635777b072318af73e76f8156783bc74205e8fff5a433ec4d769ccaa8388078a9d061f3878b5182128e5af50693 man-pages-6.14.tar.xz dac6bd5bb3e1d5f8918bad3eb15e08eeb3e06ae160c04ccd5619bfb0c536139ac06faa62b6856656a1bb9a7496f3148e52a5227b83e4099be6e6b93230de211d man-pages-posix-2017-a.tar.xz" diff --git a/system/mawk/APKBUILD b/system/mawk/APKBUILD index 64b641031..221383e97 100644 --- a/system/mawk/APKBUILD +++ b/system/mawk/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=mawk -pkgver=1.3.4.20230525 +pkgver=1.3.4.20250131 pkgrel=0 pkgdesc="Pattern scanning and text processing language" url="https://invisible-island.net/mawk/mawk.html" @@ -37,4 +37,4 @@ package() { ln -s ../../bin/awk "$pkgdir"/usr/bin/awk } -sha512sums="704c1a94569e8e953af7b00ea81efa20df03483f57e4183935e73df62309874644f2250a307b136af34ce3df62d90170d8afe7b3a86eeacb31cf5845056126cb mawk-1.3.4-20230525.tgz" +sha512sums="100b1f5ee190d2841d5dee449c53601a6d32453e47b232de919f3489f6f7040d0c6d21f6c7d30df616b04abde2db9799c5eb16570c1f88dbc10fcd75c5838042 mawk-1.3.4-20250131.tgz" diff --git a/system/muon/APKBUILD b/system/muon/APKBUILD new file mode 100644 index 000000000..6ccf8a24d --- /dev/null +++ b/system/muon/APKBUILD @@ -0,0 +1,32 @@ +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=muon +pkgver=0.5.0 +pkgrel=0 +pkgdesc="A Meson-compatible build system" +url="https://muon.build/" +arch="all" +license="GPL-3.0-only AND MIT AND Unlicense AND Python-2.0 AND Apache-2.0" +depends="samurai" +checkdepends="python3" +makedepends="curl-dev libarchive-dev pkgconf-dev scdoc" +subpackages="$pkgname-doc" +source="https://muon.build/releases/v$pkgver/muon-v$pkgver.tar.gz" +builddir="$srcdir/$pkgname-v$pkgver" + +build() { + ./bootstrap.sh build + build/muon-bootstrap setup \ + -Dprefix=/usr \ + build + build/muon-bootstrap -C build samu +} + +check() { + build/muon-bootstrap -C build test +} + +package() { + DESTDIR="$pkgdir" build/muon-bootstrap -C build install +} + +sha512sums="3552e9b3ead9072de5a683cc1448eaab1ebd60a10653a3c8d183ec89b3b56ffce12dac4735be5f5e4ede7795e7d0abeafd3c404648ac1597cbf7d6d55f8d0ed7 muon-v0.5.0.tar.gz" diff --git a/system/nspr/APKBUILD b/system/nspr/APKBUILD index 033c5a6d6..c20fefbd2 100644 --- a/system/nspr/APKBUILD +++ b/system/nspr/APKBUILD @@ -1,11 +1,10 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=nspr -pkgver=4.35 +pkgver=4.36 pkgrel=0 pkgdesc="Netscape Portable Runtime" url="https://firefox-source-docs.mozilla.org/nspr/index.html" arch="all" -options="!check" # No test suite. license="MPL-1.1 AND GPL-2.0-only AND LGPL-2.1-only" depends="" # -dev package does not ship any symlinks so dependency cannot be autodetected @@ -40,6 +39,13 @@ build() { make CC="${CC:-gcc}" CXX="${CXX:-g++}" } +check() { + make -C "$builddir"/build/lib/tests + for i in arena base64t getopt string; do + "$builddir"/build/lib/tests/$i + done +} + package() { cd "$builddir"/build make DESTDIR="$pkgdir" install @@ -56,5 +62,5 @@ package() { "$pkgdir"/usr/include/nspr/md } -sha512sums="502815833116e25f79ddf71d1526484908aa92fbc55f8a892729cb404a4daafcc0470a89854cd080d2d20299fdb7d9662507c5362c7ae661cbacf308ac56ef7f nspr-4.35.tar.gz +sha512sums="55d21e196508ad29a179639fc8006f44b04dc2c0b5a85895e727f0a4f0ea37aeeceb936e37ac6b271b882a18e9f06d96133a60f19cee6345f8424c1c66e270ee nspr-4.36.tar.gz 1f694fc151f6578080449e3aa999c520486bbe117b8237150966ec43092db4156e81412ac889045e0c0c3bf65d459af5bdc1cf19c9fa3dab120405a60732f15a stacksize.patch" diff --git a/system/nss/APKBUILD b/system/nss/APKBUILD index f25f8d35c..834b5a857 100644 --- a/system/nss/APKBUILD +++ b/system/nss/APKBUILD @@ -1,13 +1,13 @@ # Contributor: Łukasz Jendrysik <scadu@yandex.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=nss -pkgver=3.103 +pkgver=3.112 _ver=$(printf '%s' "$pkgver" | tr . _) pkgrel=0 pkgdesc="Mozilla Network Security Services" url="https://firefox-source-docs.mozilla.org/security/nss/index.html" arch="all" -options="!check" +options="!check" # Requires builder name to resolve in the DNS + ~3hrs on gwyn license="MPL-2.0" depends="" depends_dev="nspr-dev" @@ -66,6 +66,15 @@ build() { make -C nss all } +check() { + export BUILD_OPT=1 + case "$CARCH" in + *64* | s390x) export USE_64=1;; + esac + + nss/tests/all.sh +} + package() { install -m755 -d "$pkgdir"/usr/lib/pkgconfig install -m755 -d "$pkgdir"/usr/bin @@ -157,7 +166,7 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="bc7680fc34d84de7953b27f1a220681f3f5c5a501a82be210ec6134894313f6a2c9bfcc350f4802152a5e3a1fc2defc74d700445ade338d6c86a923ac8b4dc75 nss-3.103.tar.gz +sha512sums="564ae4ded323d7213f224673b0ddc584dcfae71bbdd139310854e547d9ba2877ba45462da49f71ea2fae72caea1cf10fa51d9dfef656a21957256cadc5fa4b35 nss-3.112.tar.gz 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in 0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in 09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in diff --git a/system/openssl/APKBUILD b/system/openssl/APKBUILD index 9e178ca77..677942d41 100644 --- a/system/openssl/APKBUILD +++ b/system/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=openssl -pkgver=1.1.1v +pkgver=1.1.1z_p2 pkgrel=0 pkgdesc="Toolkit for SSL and TLS" url="https://www.openssl.org/" @@ -11,9 +11,14 @@ checkdepends="perl" makedepends_build="perl" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.1:libcrypto libssl1.1:libssl" -source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz +source="https://www.openssl.org/source/${pkgname}-${pkgver%z_p2}w.tar.gz ppc-auxv.patch ppc64.patch + x.patch + y.patch + za.patch + zb.patch + zb2.patch " # secfixes: @@ -63,6 +68,11 @@ source="https://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz # 1.1.1t-r1: # - CVE-2023-0465 +unpack() { + default_unpack + mv "$pkgname-${pkgver%z_p2}w" "$pkgname-$pkgver" +} + build() { # openssl will prepend crosscompile always core CC et al CC=${CC#${CROSS_COMPILE}} @@ -131,6 +141,11 @@ libssl() { done } -sha512sums="1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e openssl-1.1.1v.tar.gz +sha512sums="b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d openssl-1.1.1w.tar.gz 7fd3158c6eb3451f10e4bfd78f85c3e7aef84716eb38e00503d5cfc8e414b7bdf02e0671d0299a96a453dd2e38249dcf1281136b27b6df372f3ea08fbf78329b ppc-auxv.patch -e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch" +e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509 ppc64.patch +8116cc9e1ae192ac85ad3c85619a297748a04cbf80e91b9d72fc9857dcbfc7da449724b7d6782de97fe6367e5374d6cf06b8864355473608147b45f7fb741d8a x.patch +f696bb088cf75a4ad0307f919344b1e3361bb77a42f34c5db557cdba9e2c091ca1fe1f8d66cd4612fa2a7d64a41245bee72ba603789cf20d86b952490284756d y.patch +85f5eb3a5423ced9b01fa20d020cbbfd987e3c82467d9d196ba5f0bc327c8b09e1e39b98a479c8fc1f9a90b3eda82202995d8abe8ff536c4644b73cca630f053 za.patch +060992bff56f9e69f4dc89f3de3a74817cd21b7338e8062a9e9e52a74a08d7b461ead51fb5c7ae9fcc2c717e72e285d42922dd0c37b314b3e5d0e5cf3ae2682f zb.patch +b2c31f588aec1ef641985f08a302f815b3854e5be2291eeb2c9db4b12cf69caaa6c813ec75139e623fe3a48a6f4f02500b9b5b1ac2c83d9d053ef098c220a929 zb2.patch" diff --git a/system/openssl/x.patch b/system/openssl/x.patch new file mode 100644 index 000000000..52e575b08 --- /dev/null +++ b/system/openssl/x.patch @@ -0,0 +1,294 @@ +From 01ca0bbbe65215f6ae72bba7d63ea67fb53c4f9a Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 11:00:49 -0400 +Subject: [PATCH] Patch to openssl-1.1.1x. This version addresses two + vulnerabilities: CVE-2023-5678 and CVE-2024-0727 + +--- + crypto/dh/dh_check.c | 13 +++++++++++++ + crypto/dh/dh_err.c | 2 ++ + crypto/dh/dh_key.c | 10 ++++++++++ + crypto/err/openssl.txt | 2 ++ + crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++ + crypto/pkcs12/p12_mutl.c | 5 +++++ + crypto/pkcs12/p12_npas.c | 5 +++-- + crypto/pkcs12/pk12err.c | 2 ++ + crypto/pkcs7/pk7_mime.c | 9 +++++++-- + include/openssl/dh.h | 6 ++++-- + include/openssl/dherr.h | 2 ++ + include/openssl/opensslv.h | 4 ++-- + include/openssl/pkcs12err.h | 1 + + 13 files changed, 71 insertions(+), 8 deletions(-) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index ae1b03b..40dfc57 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -198,6 +198,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) + BN_CTX *ctx = NULL; + + *ret = 0; ++ ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE); ++ *ret = DH_CHECK_P_NOT_PRIME | DH_CHECK_PUBKEY_INVALID; ++ return 0; ++ } ++ ++ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) { ++ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; ++ return 1; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c +index 92800d3..048ba66 100644 +--- a/crypto/dh/dh_err.c ++++ b/crypto/dh/dh_err.c +@@ -21,6 +21,7 @@ static const ERR_STRING_DATA DH_str_functs[] = { + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"}, +@@ -82,6 +83,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), + "parameter encoding error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, ++ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), + "unable to check generator"}, +diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c +index 117f2fa..9f5e6f6 100644 +--- a/crypto/dh/dh_key.c ++++ b/crypto/dh/dh_key.c +@@ -114,6 +114,11 @@ static int generate_key(DH *dh) + return 0; + } + ++ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE); ++ return 0; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +@@ -207,6 +212,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + goto err; + } + ++ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE); ++ goto err; ++ } ++ + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index c0a3cd7..ec3823e 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -969,6 +969,7 @@ PKCS12_F_PKCS12_SETUP_MAC:122:PKCS12_setup_mac + PKCS12_F_PKCS12_SET_MAC:123:PKCS12_set_mac + PKCS12_F_PKCS12_UNPACK_AUTHSAFES:130:PKCS12_unpack_authsafes + PKCS12_F_PKCS12_UNPACK_P7DATA:131:PKCS12_unpack_p7data ++PKCS12_F_PKCS12_UNPACK_P7ENCDATA:134:PKCS12_unpack_p7encdata + PKCS12_F_PKCS12_VERIFY_MAC:126:PKCS12_verify_mac + PKCS12_F_PKCS8_ENCRYPT:125:PKCS8_encrypt + PKCS12_F_PKCS8_SET0_PBE:132:PKCS8_set0_pbe +@@ -2106,6 +2107,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set + DH_R_NO_PRIVATE_VALUE:100:no private value + DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error + DH_R_PEER_KEY_ERROR:111:peer key error ++DH_R_Q_TOO_LARGE:130:q too large + DH_R_SHARED_INFO_ERROR:113:shared info error + DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator + DSA_R_BAD_Q_VALUE:102:bad q value +diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c +index af184c8..6549691 100644 +--- a/crypto/pkcs12/p12_add.c ++++ b/crypto/pkcs12/p12_add.c +@@ -76,6 +76,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p7->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + +@@ -132,6 +138,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + { + if (!PKCS7_type_is_encrypted(p7)) + return NULL; ++ ++ if (p7->d.encrypted == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7ENCDATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, +@@ -159,6 +171,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c +index 3658003..766c9c1 100644 +--- a/crypto/pkcs12/p12_mutl.c ++++ b/crypto/pkcs12/p12_mutl.c +@@ -93,6 +93,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + return 0; + } + ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } ++ + salt = p12->mac->salt->data; + saltlen = p12->mac->salt->length; + if (!p12->mac->iter) +diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c +index 0334289..1303376 100644 +--- a/crypto/pkcs12/p12_npas.c ++++ b/crypto/pkcs12/p12_npas.c +@@ -78,8 +78,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +- if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- &pbe_nid, &pbe_iter, &pbe_saltlen)) ++ if (p7->d.encrypted == NULL ++ || !alg_get(p7->d.encrypted->enc_data->algorithm, ++ &pbe_nid, &pbe_iter, &pbe_saltlen)) + goto err; + } else { + continue; +diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c +index 38ce519..3eb7f2f 100644 +--- a/crypto/pkcs12/pk12err.c ++++ b/crypto/pkcs12/pk12err.c +@@ -58,6 +58,8 @@ static const ERR_STRING_DATA PKCS12_str_functs[] = { + "PKCS12_unpack_authsafes"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0), + "PKCS12_unpack_p7data"}, ++ {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7ENCDATA, 0), ++ "PKCS12_unpack_p7encdata"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0), + "PKCS12_verify_mac"}, + {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"}, +diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c +index 19e6868..635af10 100644 +--- a/crypto/pkcs7/pk7_mime.c ++++ b/crypto/pkcs7/pk7_mime.c +@@ -30,10 +30,15 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); +- if (ctype_nid == NID_pkcs7_signed) ++ if (ctype_nid == NID_pkcs7_signed) { ++ if (p7->d.sign == NULL) { ++ return 0; ++ } + mdalgs = p7->d.sign->md_algs; +- else ++ } ++ else { + mdalgs = NULL; ++ } + + flags ^= SMIME_OLDMIME; + +diff --git a/include/openssl/dh.h b/include/openssl/dh.h +index 6c6ff36..d2a9c0d 100644 +--- a/include/openssl/dh.h ++++ b/include/openssl/dh.h +@@ -71,14 +71,16 @@ DECLARE_ASN1_ITEM(DHparams) + /* #define DH_GENERATOR_3 3 */ + # define DH_GENERATOR_5 5 + +-/* DH_check error codes */ ++/* DH_check error codes, some of them shared with DH_check_pub_key */ + # define DH_CHECK_P_NOT_PRIME 0x01 + # define DH_CHECK_P_NOT_SAFE_PRIME 0x02 + # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 + # define DH_NOT_SUITABLE_GENERATOR 0x08 + # define DH_CHECK_Q_NOT_PRIME 0x10 +-# define DH_CHECK_INVALID_Q_VALUE 0x20 ++# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ + # define DH_CHECK_INVALID_J_VALUE 0x40 ++# define DH_MODULUS_TOO_SMALL 0x80 ++# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ + + /* DH_check_pub_key error codes */ + # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h +index 528c819..a98bb1e 100644 +--- a/include/openssl/dherr.h ++++ b/include/openssl/dherr.h +@@ -33,6 +33,7 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_CHECK 126 + # define DH_F_DH_CHECK_EX 121 + # define DH_F_DH_CHECK_PARAMS_EX 122 ++# define DH_F_DH_CHECK_PUB_KEY 127 + # define DH_F_DH_CHECK_PUB_KEY_EX 123 + # define DH_F_DH_CMS_DECRYPT 114 + # define DH_F_DH_CMS_SET_PEERKEY 115 +@@ -82,6 +83,7 @@ int ERR_load_DH_strings(void); + # define DH_R_NO_PRIVATE_VALUE 100 + # define DH_R_PARAMETER_ENCODING_ERROR 105 + # define DH_R_PEER_KEY_ERROR 111 ++# define DH_R_Q_TOO_LARGE 130 + # define DH_R_SHARED_INFO_ERROR 113 + # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index 5667d47..c16eafd 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010117fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1w 11 Sep 2023" ++# define OPENSSL_VERSION_NUMBER 0x1010118fL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1x 25 Jan 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/include/openssl/pkcs12err.h b/include/openssl/pkcs12err.h +index eff5eb2..0d2f15a 100644 +--- a/include/openssl/pkcs12err.h ++++ b/include/openssl/pkcs12err.h +@@ -49,6 +49,7 @@ int ERR_load_PKCS12_strings(void); + # define PKCS12_F_PKCS12_SET_MAC 123 + # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 + # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 ++# define PKCS12_F_PKCS12_UNPACK_P7ENCDATA 134 + # define PKCS12_F_PKCS12_VERIFY_MAC 126 + # define PKCS12_F_PKCS8_ENCRYPT 125 + # define PKCS12_F_PKCS8_SET0_PBE 132 diff --git a/system/openssl/y.patch b/system/openssl/y.patch new file mode 100644 index 000000000..3c8c4ace5 --- /dev/null +++ b/system/openssl/y.patch @@ -0,0 +1,183 @@ +From 4e975e3aec06165e760953f6c51a795f3dcfd1a0 Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 12:02:52 -0400 +Subject: [PATCH] Patch to openssl-1.1.1y. This version addresses two + vulnerabilities: CVE-2024-2511 and CVE-2024-4741 + +--- + include/openssl/opensslv.h | 4 ++-- + include/openssl/ssl.h | 2 +- + ssl/record/rec_layer_s3.c | 9 +++++++++ + ssl/record/record.h | 1 + + ssl/ssl_lib.c | 8 ++++++-- + ssl/ssl_local.h | 2 +- + ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ + ssl/statem/statem_srvr.c | 5 ++--- + 8 files changed, 44 insertions(+), 15 deletions(-) + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index c16eafd..585109a 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010118fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1x 25 Jan 2024" ++# define OPENSSL_VERSION_NUMBER 0x1010119fL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1y 27 May 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h +index 9af0c89..64eaca3 100644 +--- a/include/openssl/ssl.h ++++ b/include/openssl/ssl.h +@@ -1659,7 +1659,7 @@ __owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + __owur int SSL_SESSION_is_resumable(const SSL_SESSION *s); + + __owur SSL_SESSION *SSL_SESSION_new(void); +-__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); ++__owur SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src); + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); + const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c +index 1db1712..525c3ab 100644 +--- a/ssl/record/rec_layer_s3.c ++++ b/ssl/record/rec_layer_s3.c +@@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) + return SSL3_BUFFER_get_left(&rl->rbuf) != 0; + } + ++int RECORD_LAYER_data_present(const RECORD_LAYER *rl) ++{ ++ if (rl->rstate == SSL_ST_READ_BODY) ++ return 1; ++ if (RECORD_LAYER_processed_read_pending(rl)) ++ return 1; ++ return 0; ++} ++ + /* Checks if we have decrypted unread record data pending */ + int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) + { +diff --git a/ssl/record/record.h b/ssl/record/record.h +index af56206..513ab39 100644 +--- a/ssl/record/record.h ++++ b/ssl/record/record.h +@@ -197,6 +197,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); + int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); + int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); + int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); ++int RECORD_LAYER_data_present(const RECORD_LAYER *rl); + void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); + void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); + int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 47adc32..356d65c 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -3515,9 +3515,10 @@ void ssl_update_cache(SSL *s, int mode) + + /* + * If the session_id_length is 0, we are not supposed to cache it, and it +- * would be rather hard to do anyway :-) ++ * would be rather hard to do anyway :-). Also if the session has already ++ * been marked as not_resumable we should not cache it for later reuse. + */ +- if (s->session->session_id_length == 0) ++ if (s->session->session_id_length == 0 || s->session->not_resumable) + return; + + /* +@@ -5247,6 +5248,9 @@ int SSL_free_buffers(SSL *ssl) + if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) + return 0; + ++ if (RECORD_LAYER_data_present(rl)) ++ return 0; ++ + RECORD_LAYER_release(rl); + return 1; + } +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index 5c79215..5e73fa4 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h +@@ -2261,7 +2261,7 @@ __owur int ssl_get_new_session(SSL *s, int session); + __owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id, + size_t sess_id_len); + __owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello); +-__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); ++__owur SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket); + __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); + DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); + __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c +index 68d1737..2b27a47 100644 +--- a/ssl/ssl_sess.c ++++ b/ssl/ssl_sess.c +@@ -94,16 +94,11 @@ SSL_SESSION *SSL_SESSION_new(void) + return ss; + } + +-SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src) +-{ +- return ssl_session_dup(src, 1); +-} +- + /* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) ++static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) + { + SSL_SESSION *dest; + +@@ -226,6 +221,27 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) + return NULL; + } + ++SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) ++{ ++ return ssl_session_dup_intern(src, 1); ++} ++ ++/* ++ * Used internally when duplicating a session which might be already shared. ++ * We will have resumed the original session. Subsequently we might have marked ++ * it as non-resumable (e.g. in another thread) - but this copy should be ok to ++ * resume from. ++ */ ++SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) ++{ ++ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); ++ ++ if (sess != NULL) ++ sess->not_resumable = 0; ++ ++ return sess; ++} ++ + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) + { + if (len) +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index 43f77a5..2f6ce8f 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -2403,9 +2403,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) + * so the following won't overwrite an ID that we're supposed + * to send back. + */ +- if (s->session->not_resumable || +- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) +- && !s->hit)) ++ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) ++ && !s->hit) + s->session->session_id_length = 0; + + if (usetls13) { diff --git a/system/openssl/za.patch b/system/openssl/za.patch new file mode 100644 index 000000000..90a30beb1 --- /dev/null +++ b/system/openssl/za.patch @@ -0,0 +1,108 @@ +From 72f5c8e48a09ab09dae91c869e53e3d0c75ef921 Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sat, 13 Jul 2024 12:19:50 -0400 +Subject: [PATCH] Patch to openssl-1.1.1za. This version addresses one + vulnerability: CVE-2024-5535 + +--- + include/openssl/opensslv.h | 4 +-- + ssl/ssl_lib.c | 63 ++++++++++++++++++++++++-------------- + 2 files changed, 42 insertions(+), 25 deletions(-) + +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index 585109a..a1a5d07 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010119fL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1y 27 May 2024" ++# define OPENSSL_VERSION_NUMBER 0x101011afL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1za 26 Jun 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 356d65c..ccb1d4a 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -2761,37 +2761,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + unsigned int server_len, + const unsigned char *client, unsigned int client_len) + { +- unsigned int i, j; +- const unsigned char *result; +- int status = OPENSSL_NPN_UNSUPPORTED; ++ PACKET cpkt, csubpkt, spkt, ssubpkt; ++ ++ if (!PACKET_buf_init(&cpkt, client, client_len) ++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) ++ || PACKET_remaining(&csubpkt) == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return OPENSSL_NPN_NO_OVERLAP; ++ } ++ ++ /* ++ * Set the default opportunistic protocol. Will be overwritten if we find ++ * a match. ++ */ ++ *out = (unsigned char *)PACKET_data(&csubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&csubpkt); + + /* + * For each protocol in server preference order, see if we support it. + */ +- for (i = 0; i < server_len;) { +- for (j = 0; j < client_len;) { +- if (server[i] == client[j] && +- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { +- /* We found a match */ +- result = &server[i]; +- status = OPENSSL_NPN_NEGOTIATED; +- goto found; ++ if (PACKET_buf_init(&spkt, server, server_len)) { ++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { ++ if (PACKET_remaining(&ssubpkt) == 0) ++ continue; /* Invalid - ignore it */ ++ if (PACKET_buf_init(&cpkt, client, client_len)) { ++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { ++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), ++ PACKET_remaining(&ssubpkt))) { ++ /* We found a match */ ++ *out = (unsigned char *)PACKET_data(&ssubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); ++ return OPENSSL_NPN_NEGOTIATED; ++ } ++ } ++ /* Ignore spurious trailing bytes in the client list */ ++ } else { ++ /* This should never happen */ ++ return OPENSSL_NPN_NO_OVERLAP; + } +- j += client[j]; +- j++; + } +- i += server[i]; +- i++; ++ /* Ignore spurious trailing bytes in the server list */ + } + +- /* There's no overlap between our protocols and the server's list. */ +- result = client; +- status = OPENSSL_NPN_NO_OVERLAP; +- +- found: +- *out = (unsigned char *)result + 1; +- *outlen = result[0]; +- return status; ++ /* ++ * There's no overlap between our protocols and the server's list. We use ++ * the default opportunistic protocol selected earlier ++ */ ++ return OPENSSL_NPN_NO_OVERLAP; + } + + #ifndef OPENSSL_NO_NEXTPROTONEG diff --git a/system/openssl/zb.patch b/system/openssl/zb.patch new file mode 100644 index 000000000..97a6239b9 --- /dev/null +++ b/system/openssl/zb.patch @@ -0,0 +1,345 @@ +From 9ad69b994ae7c73ba06d9f75efd2625102de814c Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Mon, 21 Oct 2024 16:24:47 -0400 +Subject: [PATCH] Patch to openssl-1.1.1zb. This version addresses one + vulnerability: CVE-2024-9143 + +--- + CHANGES | 134 +++++++++++++++++++++++++++++++++++++ + NEWS | 18 +++++ + README | 2 +- + crypto/bn/bn_gf2m.c | 28 +++++--- + include/openssl/opensslv.h | 4 +- + test/ec_internal_test.c | 51 ++++++++++++++ + 6 files changed, 226 insertions(+), 11 deletions(-) + +diff --git a/CHANGES b/CHANGES +index c440948..7d82f7a 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -7,6 +7,140 @@ + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + ++ Changes between 1.1.1za and 1.1.1zb [16 Oct 2024] ++ ++ *) Harden BN_GF2m_poly2arr against misuse ++ ++ The BN_GF2m_poly2arr() function converts characteristic-2 field ++ (GF_{2^m}) Galois polynomials from a representation as a BIGNUM bitmask, ++ to a compact array with just the exponents of the non-zero terms. ++ ++ These polynomials are then used in BN_GF2m_mod_arr() to perform modular ++ reduction. A precondition of calling BN_GF2m_mod_arr() is that the ++ polynomial must have a non-zero constant term (i.e. the array has `0` as ++ its final element). ++ ++ Internally, callers of BN_GF2m_poly2arr() did not verify that ++ precondition, and binary EC curve parameters with an invalid polynomial ++ could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr(). ++ ++ The precondition is always true for polynomials that arise from the ++ standard form of EC parameters for characteristic-two fields (X9.62). ++ See the "Finite Field Identification" section of: ++ ++ https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html ++ ++ The OpenSSL GF(2^m) code supports only the trinomial and pentanomial ++ basis X9.62 forms. ++ ++ This commit updates BN_GF2m_poly2arr() to return `0` (failure) when ++ the constant term is zero (i.e. the input bitmask BIGNUM is not odd). ++ ++ Additionally, the return value is made unambiguous when there is not ++ enough space to also pad the array with a final `-1` sentinel value. ++ The return value is now always the number of elements (including the ++ final `-1`) that would be filled when the output array is sufficiently ++ large. Previously the same count was returned both when the array has ++ just enough room for the final `-1` and when it had only enough space ++ for non-sentinel values. ++ ++ Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose ++ degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against ++ CPU exhausition attacks via excessively large inputs. ++ ++ The above issues do not arise in processing X.509 certificates. These ++ generally have EC keys from "named curves", and RFC5840 (Section 2.1.1) ++ disallows explicit EC parameters. The TLS code in OpenSSL enforces this ++ constraint only after the certificate is decoded, but, even if explicit ++ parameters are specified, they are in X9.62 form, which cannot represent ++ problem values as noted above. ++ ++ (CVE-2024-9143) ++ [Viktor Dukhovni] ++ ++ ++ Changes between 1.1.1y and 1.1.1za [26 Jun 2024] ++ ++ *) Fix SSL_select_next_proto ++ ++ Ensure that the provided client list is non-NULL and starts with a valid ++ entry. When called from the ALPN callback the client list should already ++ have been validated by OpenSSL so this should not cause a problem. When ++ called from the NPN callback the client list is locally configured and ++ will not have already been validated. Therefore SSL_select_next_proto ++ should not assume that it is correctly formatted. ++ ++ We implement stricter checking of the client protocol list. We also do the ++ same for the server list while we are about it. ++ ++ (CVE-2024-5535) ++ [Matt Caswell] ++ ++ ++ Changes between 1.1.1x and 1.1.1y [27 May 2024] ++ ++ *) Only free the read buffers if we're not using them ++ ++ If we're part way through processing a record, or the application has ++ not released all the records then we should not free our buffer because ++ they are still needed. ++ ++ (CVE-2024-4741) ++ [Matt Caswell] ++ [Watson Ladd] ++ ++ *) Fix unconstrained session cache growth in TLSv1.3 ++ ++ In TLSv1.3 we create a new session object for each ticket that we send. ++ We do this by duplicating the original session. If SSL_OP_NO_TICKET is in ++ use then the new session will be added to the session cache. However, if ++ early data is not in use (and therefore anti-replay protection is being ++ used), then multiple threads could be resuming from the same session ++ simultaneously. If this happens and a problem occurs on one of the threads, ++ then the original session object could be marked as not_resumable. When we ++ duplicate the session object this not_resumable status gets copied into the ++ new session object. The new session object is then added to the session ++ cache even though it is not_resumable. ++ ++ Subsequently, another bug means that the session_id_length is set to 0 for ++ sessions that are marked as not_resumable - even though that session is ++ still in the cache. Once this happens the session can never be removed from ++ the cache. When that object gets to be the session cache tail object the ++ cache never shrinks again and grows indefinitely. ++ ++ (CVE-2024-2511) ++ [Matt Caswell] ++ ++ ++ Changes between 1.1.1w and 1.1.1x [25 Jan 2024] ++ ++ *) Add NULL checks where ContentInfo data can be NULL ++ ++ PKCS12 structures contain PKCS7 ContentInfo fields. These fields are ++ optional and can be NULL even if the "type" is a valid value. OpenSSL ++ was not properly accounting for this and a NULL dereference can occur ++ causing a crash. ++ ++ (CVE-2024-0727) ++ [Matt Caswell] ++ ++ *) Make DH_check_pub_key() and DH_generate_key() safer yet ++ ++ We already check for an excessively large P in DH_generate_key(), but not in ++ DH_check_pub_key(), and none of them check for an excessively large Q. ++ ++ This change adds all the missing excessive size checks of P and Q. ++ ++ It's to be noted that behaviours surrounding excessively sized P and Q ++ differ. DH_check() raises an error on the excessively sized P, but only ++ sets a flag for the excessively sized Q. This behaviour is mimicked in ++ DH_check_pub_key(). ++ ++ (CVE-2024-5678) ++ [Richard Levitte] ++ [Hugo Landau] ++ ++ + Changes between 1.1.1v and 1.1.1w [11 Sep 2023] + + *) Fix POLY1305 MAC implementation corrupting XMM registers on Windows. +diff --git a/NEWS b/NEWS +index 1b849cd..7810ece 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,24 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.1.1za and OpenSSL 1.1.1zb [16 Oct 2024] ++ ++ o Harden BN_GF2m_poly2arr against misuse ++ ++ Major changes between OpenSSL 1.1.1y and OpenSSL 1.1.1za [26 Jun 2024] ++ ++ o Fix SSL_select_next_proto ++ ++ Major changes between OpenSSL 1.1.1x and OpenSSL 1.1.1y [27 May 2024] ++ ++ o Only free the read buffers if we're not using them ++ o Fix unconstrained session cache growth in TLSv1.3 ++ ++ Major changes between OpenSSL 1.1.1w and OpenSSL 1.1.1x [25 Jan 2024] ++ ++ o Add NULL checks where ContentInfo data can be NULL ++ o Make DH_check_pub_key() and DH_generate_key() safer yet ++ + Major changes between OpenSSL 1.1.1v and OpenSSL 1.1.1w [11 Sep 2023] + + o Fix POLY1305 MAC implementation corrupting XMM registers on Windows +diff --git a/README b/README +index e924e15..6612eb0 100644 +--- a/README ++++ b/README +@@ -1,5 +1,5 @@ + +- OpenSSL 1.1.1w 11 Sep 2023 ++ OpenSSL 1.1.1zb 16 Oct 2024 + + Copyright (c) 1998-2023 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c +index a2ea867..6709471 100644 +--- a/crypto/bn/bn_gf2m.c ++++ b/crypto/bn/bn_gf2m.c +@@ -15,6 +15,7 @@ + #include "bn_local.h" + + #ifndef OPENSSL_NO_EC2M ++#include <openssl/ec.h> + + /* + * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should +@@ -1109,16 +1110,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + /* + * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * + * x^i) into an array of integers corresponding to the bits with non-zero +- * coefficient. Array is terminated with -1. Up to max elements of the array +- * will be filled. Return value is total number of array elements that would +- * be filled if array was large enough. ++ * coefficient. The array is intended to be suitable for use with ++ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be ++ * zero. This translates to a requirement that the input BIGNUM `a` is odd. ++ * ++ * Given sufficient room, the array is terminated with -1. Up to max elements ++ * of the array will be filled. ++ * ++ * The return value is total number of array elements that would be filled if ++ * array was large enough, including the terminating `-1`. It is `0` when `a` ++ * is not odd or the constant term is zero contrary to requirement. ++ * ++ * The return value is also `0` when the leading exponent exceeds ++ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks, + */ + int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) + { + int i, j, k = 0; + BN_ULONG mask; + +- if (BN_is_zero(a)) ++ if (!BN_is_odd(a)) + return 0; + + for (i = a->top - 1; i >= 0; i--) { +@@ -1136,12 +1147,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) + } + } + +- if (k < max) { ++ if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS) ++ return 0; ++ ++ if (k < max) + p[k] = -1; +- k++; +- } + +- return k; ++ return k + 1; + } + + /* +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index a1a5d07..ddf42b6 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -39,8 +39,8 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x101011afL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1za 26 Jun 2024" ++# define OPENSSL_VERSION_NUMBER 0x101011bfL ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1zb 16 Oct 2024" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c +index 390f41f..1590a18 100644 +--- a/test/ec_internal_test.c ++++ b/test/ec_internal_test.c +@@ -150,6 +150,56 @@ static int field_tests_ecp_mont(void) + } + + #ifndef OPENSSL_NO_EC2M ++/* Test that decoding of invalid GF2m field parameters fails. */ ++static int ec2m_field_sanity(void) ++{ ++ int ret = 0; ++ BN_CTX *ctx = BN_CTX_new(); ++ BIGNUM *p, *a, *b; ++ EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL; ++ ++ TEST_info("Testing GF2m hardening\n"); ++ ++ BN_CTX_start(ctx); ++ p = BN_CTX_get(ctx); ++ a = BN_CTX_get(ctx); ++ if (!TEST_ptr(b = BN_CTX_get(ctx)) ++ || !TEST_true(BN_one(a)) ++ || !TEST_true(BN_one(b))) ++ goto out; ++ ++ /* Even pentanomial value should be rejected */ ++ if (!TEST_true(BN_set_word(p, 0xf2))) ++ goto out; ++ if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("Zero constant term accepted in GF2m polynomial"); ++ ++ /* Odd hexanomial should also be rejected */ ++ if (!TEST_true(BN_set_word(p, 0xf3))) ++ goto out; ++ if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("Hexanomial accepted as GF2m polynomial"); ++ ++ /* Excessive polynomial degree should also be rejected */ ++ if (!TEST_true(BN_set_word(p, 0x71)) ++ || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1))) ++ goto out; ++ if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx))) ++ TEST_error("GF2m polynomial degree > %d accepted", ++ OPENSSL_ECC_MAX_FIELD_BITS); ++ ++ ret = group1 == NULL && group2 == NULL && group3 == NULL; ++ ++ out: ++ EC_GROUP_free(group1); ++ EC_GROUP_free(group2); ++ EC_GROUP_free(group3); ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ ++ return ret; ++} ++ + /* test EC_GF2m_simple_method directly */ + static int field_tests_ec2_simple(void) + { +@@ -367,6 +417,7 @@ int setup_tests(void) + ADD_TEST(field_tests_ecp_simple); + ADD_TEST(field_tests_ecp_mont); + #ifndef OPENSSL_NO_EC2M ++ ADD_TEST(ec2m_field_sanity); + ADD_TEST(field_tests_ec2_simple); + #endif + ADD_ALL_TESTS(field_tests_default, crv_len); diff --git a/system/openssl/zb2.patch b/system/openssl/zb2.patch new file mode 100644 index 000000000..f6405e003 --- /dev/null +++ b/system/openssl/zb2.patch @@ -0,0 +1,177 @@ +From 2a3058269d854754b66ef8bdaefb7820bd8c0908 Mon Sep 17 00:00:00 2001 +From: Ken Zalewski <ken.zalewski@gmail.com> +Date: Sun, 9 Feb 2025 11:47:12 -0500 +Subject: [PATCH] Patch to openssl-1.1.1zb p2. This version addresses one + vulnerability: CVE-2024-13176 + +--- + CHANGES | 25 +++++++++++++++++++++++++ + NEWS | 5 +++++ + README | 2 +- + crypto/bn/bn_exp.c | 21 +++++++++++++++------ + crypto/ec/ec_lib.c | 6 +++--- + include/crypto/bn.h | 3 +++ + include/openssl/opensslv.h | 2 +- + 7 files changed, 53 insertions(+), 11 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 7d82f7a..66ae239 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -7,6 +7,31 @@ + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + ++ Changes between 1.1.1zb_p1 and 1.1.1zb_p2 [20 Jan 2025] ++ ++ *) Fix timing side-channel in ECDSA signature computation ++ ++ There is a timing signal of around 300 nanoseconds when the top word of ++ the inverted ECDSA nonce value is zero. This can happen with significant ++ probability only for some of the supported elliptic curves. In particular ++ the NIST P-521 curve is affected. To be able to measure this leak, the ++ attacker process must either be located in the same physical computer or ++ must have a very fast network connection with low latency. ++ ++ Attacks on ECDSA nonce are also known as Minerva attack. ++ ++ [CVE-2024-13176] ++ [Tomas Mraz] ++ ++ ++ Changes between 1.1.1zb and 1.1.1zb_p1 [24 Oct 2024] ++ ++ *) Fix the version number for versions that require two letters. ++ ++ [V Petrischew] ++ [Ken Zalewski] ++ ++ + Changes between 1.1.1za and 1.1.1zb [16 Oct 2024] + + *) Harden BN_GF2m_poly2arr against misuse +diff --git a/NEWS b/NEWS +index 7810ece..ab46ab1 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,11 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.1.1zb and OpenSSL 1.1.1zb_p2 [20 Jan 2025] ++ ++ o Fix version number for versions that require two letters ++ o Fix timing side-channel in ECDSA signature computation ++ + Major changes between OpenSSL 1.1.1za and OpenSSL 1.1.1zb [16 Oct 2024] + + o Harden BN_GF2m_poly2arr against misuse +diff --git a/README b/README +index 6612eb0..a02895e 100644 +--- a/README ++++ b/README +@@ -1,5 +1,5 @@ + +- OpenSSL 1.1.1zb 16 Oct 2024 ++ OpenSSL 1.1.1zb_p2 20 Jan 2025 + + Copyright (c) 1998-2023 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c +index 517e3c2..0489658 100644 +--- a/crypto/bn/bn_exp.c ++++ b/crypto/bn/bn_exp.c +@@ -601,7 +601,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, + * out by Colin Percival, + * http://www.daemonology.net/hyperthreading-considered-harmful/) + */ +-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) + { +@@ -618,10 +618,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + unsigned int t4 = 0; + #endif + +- bn_check_top(a); +- bn_check_top(p); +- bn_check_top(m); +- + if (!BN_is_odd(m)) { + BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); + return 0; +@@ -1141,7 +1137,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + goto err; + } else + #endif +- if (!BN_from_montgomery(rr, &tmp, mont, ctx)) ++ if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) + goto err; + ret = 1; + err: +@@ -1155,6 +1151,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + return ret; + } + ++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont) ++{ ++ bn_check_top(a); ++ bn_check_top(p); ++ bn_check_top(m); ++ if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont)) ++ return 0; ++ bn_correct_top(rr); ++ return 1; ++} ++ + int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { +diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c +index 08db89f..fef0c2f 100644 +--- a/crypto/ec/ec_lib.c ++++ b/crypto/ec/ec_lib.c +@@ -1155,10 +1155,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, + if (!BN_sub(e, group->order, e)) + goto err; + /*- +- * Exponent e is public. +- * No need for scatter-gather or BN_FLG_CONSTTIME. ++ * Although the exponent is public we want the result to be ++ * fixed top. + */ +- if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) ++ if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data)) + goto err; + + ret = 1; +diff --git a/include/crypto/bn.h b/include/crypto/bn.h +index 250914c..10cfc84 100644 +--- a/include/crypto/bn.h ++++ b/include/crypto/bn.h +@@ -72,6 +72,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); + */ + int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); ++int bn_mode_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); + int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, +diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h +index ddf42b6..1568415 100644 +--- a/include/openssl/opensslv.h ++++ b/include/openssl/opensslv.h +@@ -40,7 +40,7 @@ extern "C" { + * major minor fix final patch/beta) + */ + # define OPENSSL_VERSION_NUMBER 0x101011bfL +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1zb 16 Oct 2024" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1z 20 Jan 2025" + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/system/parted/APKBUILD b/system/parted/APKBUILD index b83f7bd8b..d5d6c49ef 100644 --- a/system/parted/APKBUILD +++ b/system/parted/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=parted -pkgver=3.5 +pkgver=3.6 pkgrel=0 pkgdesc="Utility to create, destroy, resize, check and copy partitions" url="https://www.gnu.org/software/parted/parted.html" @@ -13,6 +13,7 @@ makedepends="ncurses-dev lvm2-dev bash util-linux-dev autoconf automake" checkdepends="check-dev e2fsprogs python3" source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz fix-includes.patch + modern-c.patch posix-shell.patch sysmacros.patch tests-call-name-correctly.patch @@ -41,8 +42,9 @@ package() { rmdir -p "$pkgdir"/usr/lib 2>/dev/null || true } -sha512sums="87fc69e947de5f0b670ee5373a7cdf86180cd782f6d7280f970f217f73f55ee1b1b018563f48954f3a54fdde5974b33e07eee68c9ccdf08e621d3dc0e3ce126a parted-3.5.tar.xz +sha512sums="034a44b25718acba175212019d24f092972a791c5bd1d921ae91e17478657a77c5c5dd0c832bed7968c3a07ec6c65c0785acfac2f90c1ca5e1692f3c141693ef parted-3.6.tar.xz 55ee63c218d1867c0f2c596e7c3eec5c42af160181456cc551fe3d432eabed0ac2dd3a3955ff0c375f76aeec8071e7f55a32834b87a0d39b8ef30361f671bfdd fix-includes.patch +66c74da28033b7340767c7339b307928c396930dca9c7cdd8f226f8cf18358eedba78ceba03036ad3f9a62fc5e164171edff81670477d3bf3af81847db3879d4 modern-c.patch 507d19454aca6631fe387ca53b28f2925c325044efc7b506e81429a5b42914e56c39e1644c570840b4c4c153da742237428cba2a1ff651487f2ef8a0a8c64d1f posix-shell.patch 5d2e8f22b6cd5bdd3289996848279a945ca09acd2862e82283bb769c2e4d61a24a31e1793d81385e8f3f1f4d48417e2308c5ea39dac47e832666363dde044ba7 sysmacros.patch -8bd86d2b0401566e7757c43d849b7f913cc4ec1bf50d5641dc72d7e278ca38db2ac746cd8dcc756b245021ea1f9738875b6a831f05185b9217d3f1c287944748 tests-call-name-correctly.patch" +62b5b94441288beddd01f2e51e6770c1c7cf1fea0b4354a77849568bf8a350724f6449e7efa04719b9970fa3c0fc1451dcc9dc3368a013b8d72854b23c8ff205 tests-call-name-correctly.patch" diff --git a/system/parted/modern-c.patch b/system/parted/modern-c.patch new file mode 100644 index 000000000..1f54f6782 --- /dev/null +++ b/system/parted/modern-c.patch @@ -0,0 +1,41 @@ +From 16343bda6ce0d41edf43f8dac368db3bbb63d271 Mon Sep 17 00:00:00 2001 +From: Rudi Heitbaum <rudi@heitbaum.com> +Date: Wed, 20 Nov 2024 12:22:22 +0000 +Subject: [PATCH] bug#74444: [PATCH] parted: fix do_version declaration + +With gcc 15-20241117 compile fails with the below error, update the +do_version declaration to match the header in command.h + +../../parted/parted.c: In function '_init_commands': +../../parted/parted.c:2469:9: error: passing argument 2 of 'command_create' from incompatible pointer type [-Wincompatible-pointer-types] + 2469 | do_version, + | ^~~~~~~~~~ + | | + | int (*)(void) +In file included from ../../parted/parted.c:28: +../../parted/command.h:35:39: note: expected 'int (*)(PedDevice **, PedDisk **)' {aka 'int (*)(struct _PedDevice **, struct _PedDisk **)'} but argument is of type 'int (*)(void)' + 35 | int (*method) (PedDevice** dev, PedDisk** diskp), + | ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> +Signed-off-by: Brian C. Lane <bcl@redhat.com> +--- + parted/parted.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/parted/parted.c b/parted/parted.c +index 3abb52f..fc2aeba 100644 +--- a/parted/parted.c ++++ b/parted/parted.c +@@ -2172,7 +2172,7 @@ do_unit (PedDevice** dev, PedDisk** diskp) + } + + static int +-do_version () ++do_version (PedDevice** dev, PedDisk** diskp) + { + printf ("\n%s\n%s", + prog_name, +-- +2.39.5 + diff --git a/system/parted/tests-call-name-correctly.patch b/system/parted/tests-call-name-correctly.patch index 27a6287e8..30645842d 100644 --- a/system/parted/tests-call-name-correctly.patch +++ b/system/parted/tests-call-name-correctly.patch @@ -17,8 +17,8 @@ mkpart syntax recently changed, tests do not reflect that. dd if=/dev/null of=$dev bs=1M seek=$n_mbs || fail=1 # create 1st partition --parted --align=none -s $dev mklabel gpt mkpart p1 1MiB 2MiB > err 2>&1 || fail=1 -+parted --align=none -s $dev mklabel gpt mkpart primary 1MiB 2MiB name 1 p1 > err 2>&1 || fail=1 +-parted --align=none -s $dev mklabel gpt mkpart p1 1MiB 2048KiB > err 2>&1 || fail=1 ++parted --align=none -s $dev mklabel gpt mkpart primary 1MiB 2048KiB name 1 p1 > err 2>&1 || fail=1 compare /dev/null err || fail=1 # expect no output #parted -m -s $dev u s p > exp || fail=1 diff --git a/system/patch/APKBUILD b/system/patch/APKBUILD index 62a551259..19f07c789 100644 --- a/system/patch/APKBUILD +++ b/system/patch/APKBUILD @@ -1,23 +1,16 @@ # Maintainer: Síle Ekaterin Liszka <sheila@vulpine.house> pkgname=patch -pkgver=2.7.6 -pkgrel=5 +pkgver=2.8 +pkgrel=0 pkgdesc="Utility to apply diffs to files" url="https://www.gnu.org/software/patch/patch.html" arch="all" license="GPL-3.0+" depends="" -checkdepends="autoconf automake bash ed" -makedepends="autoconf automake" +checkdepends="bash ed" +makedepends="" subpackages="$pkgname-doc" -source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz - allow-missing.patch - CVE-2018-1000156.patch - CVE-2018-6951.patch - CVE-2018-6952.patch - CVE-2019-13636.patch - CVE-2019-13638.patch - " +source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz" # secfixes: # 2.7.6-r2: @@ -29,11 +22,6 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz # - CVE-2019-13636 # - CVE-2019-13638 -prepare() { - default_prepare - aclocal && autoheader && autoconf && automake --add-missing -} - build() { ./configure \ --build=$CBUILD \ @@ -58,10 +46,4 @@ package() { rmdir -p "$pkgdir"/usr/lib 2>/dev/null || true } -sha512sums="fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd patch-2.7.6.tar.xz -317c922c3adcf347024a9ffd2374a1827b19cc1f275a90e195e070cbcf16fb47788b14ffd18365ae5e1f867ed650e6f9aed6acf287bfc427107f3ed8bcd2b3af allow-missing.patch -93414b33413b493eaa15027dfbe39c00eb1c556acf9f30af4c0ca113303867c5e7ad441c2596a7f9d060b8b67735a2a1c8be5db3c779ea47302f616ef8530d5d CVE-2018-1000156.patch -db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0 CVE-2018-6951.patch -99df964d826d400f87e9b82bf2600d8663c59bb8f9bf4aec082adc8cf6261744f37d416e15492d6e883202ade521d4436cb41c91f516085c3e6ce8e01a8956fb CVE-2018-6952.patch -cecb80d8d48dfe66bc13c22a5ed0eb52157cc85a1b74d03d4a8ea1ebcfe5d59bae975aec34ac685adc71129dcdb794579fee0e221144412a7c1fa71c460f63c1 CVE-2019-13636.patch -d60f8c2364fca9b73aa73b5914cfd6571d11528d13fa7703ccfa93730cbdf8a6e4c9ca04cb7d02a40d33c38075890790b490052d5217e728b0948991da937980 CVE-2019-13638.patch" +sha512sums="d689d696660a662753e8660792733c3be0a94c76abfe7a28b0f9f70300c3a42d6437d081553a59bfde6e1b0d5ee13ed89be48d0b00b6da2cadbfc14a15ada603 patch-2.8.tar.xz" diff --git a/system/patch/CVE-2018-1000156.patch b/system/patch/CVE-2018-1000156.patch deleted file mode 100644 index 36f33dea2..000000000 --- a/system/patch/CVE-2018-1000156.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Fri, 6 Apr 2018 12:14:49 +0200 -Subject: Fix arbitrary command execution in ed-style patches - (CVE-2018-1000156) - -* src/pch.c (do_ed_script): Write ed script to a temporary file instead -of piping it to ed: this will cause ed to abort on invalid commands -instead of rejecting them and carrying on. -* tests/ed-style: New test case. -* tests/Makefile.am (TESTS): Add test case. ---- - src/pch.c | 91 ++++++++++++++++++++++++++++++++++++++++--------------- - tests/Makefile.am | 1 + - tests/ed-style | 41 +++++++++++++++++++++++++ - 3 files changed, 108 insertions(+), 25 deletions(-) - create mode 100644 tests/ed-style - -diff --git a/src/pch.c b/src/pch.c -index 0c5cc26..4fd5a05 100644 ---- a/src/pch.c -+++ b/src/pch.c -@@ -33,6 +33,7 @@ - # include <io.h> - #endif - #include <safe.h> -+#include <sys/wait.h> - - #define INITHUNKMAX 125 /* initial dynamic allocation size */ - -@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname, - static char const editor_program[] = EDITOR_PROGRAM; - - file_offset beginning_of_this_line; -- FILE *pipefp = 0; - size_t chars_read; -+ FILE *tmpfp = 0; -+ char const *tmpname; -+ int tmpfd; -+ pid_t pid; -+ -+ if (! dry_run && ! skip_rest_of_patch) -+ { -+ /* Write ed script to a temporary file. This causes ed to abort on -+ invalid commands such as when line numbers or ranges exceed the -+ number of available lines. When ed reads from a pipe, it rejects -+ invalid commands and treats the next line as a new command, which -+ can lead to arbitrary command execution. */ -+ -+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); -+ if (tmpfd == -1) -+ pfatal ("Can't create temporary file %s", quotearg (tmpname)); -+ tmpfp = fdopen (tmpfd, "w+b"); -+ if (! tmpfp) -+ pfatal ("Can't open stream for file %s", quotearg (tmpname)); -+ } - -- if (! dry_run && ! skip_rest_of_patch) { -- int exclusive = *outname_needs_removal ? 0 : O_EXCL; -- if (inerrno != ENOENT) -- { -- *outname_needs_removal = true; -- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -- } -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); -- fflush (stdout); -- pipefp = popen(buf, binary_transput ? "wb" : "w"); -- if (!pipefp) -- pfatal ("Can't open pipe to %s", quotearg (buf)); -- } - for (;;) { - char ed_command_letter; - beginning_of_this_line = file_tell (pfp); -@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname, - } - ed_command_letter = get_ed_command_letter (buf); - if (ed_command_letter) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (ed_command_letter != 'd' && ed_command_letter != 's') { - p_pass_comments_through = true; - while ((chars_read = get_line ()) != 0) { -- if (pipefp) -- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) -+ if (tmpfp) -+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) - write_fatal (); - if (chars_read == 2 && strEQ (buf, ".\n")) - break; -@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname, - break; - } - } -- if (!pipefp) -+ if (!tmpfp) - return; -- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 -- || fflush (pipefp) != 0) -+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 -+ || fflush (tmpfp) != 0) - write_fatal (); -- if (pclose (pipefp) != 0) -- fatal ("%s FAILED", editor_program); -+ -+ if (lseek (tmpfd, 0, SEEK_SET) == -1) -+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); -+ -+ if (! dry_run && ! skip_rest_of_patch) { -+ int exclusive = *outname_needs_removal ? 0 : O_EXCL; -+ *outname_needs_removal = true; -+ if (inerrno != ENOENT) -+ { -+ *outname_needs_removal = true; -+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -+ } -+ sprintf (buf, "%s %s%s", editor_program, -+ verbosity == VERBOSE ? "" : "- ", -+ outname); -+ fflush (stdout); -+ -+ pid = fork(); -+ if (pid == -1) -+ pfatal ("Can't fork"); -+ else if (pid == 0) -+ { -+ dup2 (tmpfd, 0); -+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ _exit (2); -+ } -+ else -+ { -+ int wstatus; -+ if (waitpid (pid, &wstatus, 0) == -1 -+ || ! WIFEXITED (wstatus) -+ || WEXITSTATUS (wstatus) != 0) -+ fatal ("%s FAILED", editor_program); -+ } -+ } -+ -+ fclose (tmpfp); -+ safe_unlink (tmpname); - - if (ofp) - { -diff --git a/tests/Makefile.am b/tests/Makefile.am -index 6b6df63..16f8693 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -32,6 +32,7 @@ TESTS = \ - crlf-handling \ - dash-o-append \ - deep-directories \ -+ ed-style \ - empty-files \ - false-match \ - fifo \ -diff --git a/tests/ed-style b/tests/ed-style -new file mode 100644 -index 0000000..d8c0689 ---- /dev/null -+++ b/tests/ed-style -@@ -0,0 +1,41 @@ -+# Copyright (C) 2018 Free Software Foundation, Inc. -+# -+# Copying and distribution of this file, with or without modification, -+# in any medium, are permitted without royalty provided the copyright -+# notice and this notice are preserved. -+ -+. $srcdir/test-lib.sh -+ -+require cat -+use_local_patch -+use_tmpdir -+ -+# ============================================================== -+ -+cat > ed1.diff <<EOF -+0a -+foo -+. -+EOF -+ -+check 'patch -e foo -i ed1.diff' <<EOF -+EOF -+ -+check 'cat foo' <<EOF -+foo -+EOF -+ -+cat > ed2.diff <<EOF -+1337a -+r !echo bar -+,p -+EOF -+ -+check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF -+? -+Status: 2 -+EOF -+ -+check 'cat foo' <<EOF -+foo -+EOF --- -cgit v1.0-41-gc330 - diff --git a/system/patch/CVE-2018-6951.patch b/system/patch/CVE-2018-6951.patch deleted file mode 100644 index 002d8ffd9..000000000 --- a/system/patch/CVE-2018-6951.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Mon, 12 Feb 2018 16:48:24 +0100 -Subject: Fix segfault with mangled rename patch - -http://savannah.gnu.org/bugs/?53132 -* src/pch.c (intuit_diff_type): Ensure that two filenames are specified -for renames and copies (fix the existing check). ---- - src/pch.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/pch.c b/src/pch.c -index ff9ed2c..bc6278c 100644 ---- a/src/pch.c -+++ b/src/pch.c -@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type) - if ((pch_rename () || pch_copy ()) - && ! inname - && ! ((i == OLD || i == NEW) && -- p_name[! reverse] && -+ p_name[reverse] && p_name[! reverse] && -+ name_is_valid (p_name[reverse]) && - name_is_valid (p_name[! reverse]))) - { - say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); --- -cgit v1.0-41-gc330 - diff --git a/system/patch/CVE-2018-6952.patch b/system/patch/CVE-2018-6952.patch deleted file mode 100644 index d9ad374a2..000000000 --- a/system/patch/CVE-2018-6952.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Fri, 17 Aug 2018 13:35:40 +0200 -Subject: Fix swapping fake lines in pch_swap - -* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a -blank line in the middle of a context-diff hunk: that empty line stays -in the middle of the hunk and isn't swapped. - -Fixes: https://savannah.gnu.org/bugs/index.php?53133 ---- - src/pch.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/pch.c b/src/pch.c -index e92bc64..a500ad9 100644 ---- a/src/pch.c -+++ b/src/pch.c -@@ -2122,7 +2122,7 @@ pch_swap (void) - } - if (p_efake >= 0) { /* fix non-freeable ptr range */ - if (p_efake <= i) -- n = p_end - i + 1; -+ n = p_end - p_ptrn_lines; - else - n = -i; - p_efake += n; --- -cgit v1.0-41-gc330 - diff --git a/system/patch/CVE-2019-13636.patch b/system/patch/CVE-2019-13636.patch deleted file mode 100644 index e62c3d417..000000000 --- a/system/patch/CVE-2019-13636.patch +++ /dev/null @@ -1,108 +0,0 @@ -From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Mon, 15 Jul 2019 16:21:48 +0200 -Subject: Don't follow symlinks unless --follow-symlinks is given - -* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file, -append_to_file): Unless the --follow-symlinks option is given, open files with -the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing -that consistently for input files. -* src/util.c (create_backup): When creating empty backup files, (re)create them -with O_CREAT | O_EXCL to avoid following symlinks in that case as well. ---- - src/inp.c | 12 ++++++++++-- - src/util.c | 14 +++++++++++--- - 2 files changed, 21 insertions(+), 5 deletions(-) - -diff --git a/src/inp.c b/src/inp.c -index 32d0919..22d7473 100644 ---- a/src/inp.c -+++ b/src/inp.c -@@ -238,8 +238,13 @@ plan_a (char const *filename) - { - if (S_ISREG (instat.st_mode)) - { -- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0); -+ int flags = O_RDONLY | binary_transput; - size_t buffered = 0, n; -+ int ifd; -+ -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ ifd = safe_open (filename, flags, 0); - if (ifd < 0) - pfatal ("can't open file %s", quotearg (filename)); - -@@ -340,6 +345,7 @@ plan_a (char const *filename) - static void - plan_b (char const *filename) - { -+ int flags = O_RDONLY | binary_transput; - int ifd; - FILE *ifp; - int c; -@@ -353,7 +359,9 @@ plan_b (char const *filename) - - if (instat.st_size == 0) - filename = NULL_DEVICE; -- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0 -+ if (! follow_symlinks) -+ flags |= O_NOFOLLOW; -+ if ((ifd = safe_open (filename, flags, 0)) < 0 - || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r"))) - pfatal ("Can't open file %s", quotearg (filename)); - if (TMPINNAME_needs_removal) -diff --git a/src/util.c b/src/util.c -index 1cc08ba..fb38307 100644 ---- a/src/util.c -+++ b/src/util.c -@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original) - - try_makedirs_errno = ENOENT; - safe_unlink (bakname); -- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0) -+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0) - { - if (errno != try_makedirs_errno) - pfatal ("Can't create file %s", quotearg (bakname)); -@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode, - static void - copy_to_fd (const char *from, int tofd) - { -+ int from_flags = O_RDONLY | O_BINARY; - int fromfd; - ssize_t i; - -- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0) -+ if (! follow_symlinks) -+ from_flags |= O_NOFOLLOW; -+ if ((fromfd = safe_open (from, from_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (from)); - while ((i = read (fromfd, buf, bufsize)) != 0) - { -@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost, - else - { - assert (S_ISREG (mode)); -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; - tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode, - to_dir_known_to_exist); - copy_to_fd (from, tofd); -@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost, - void - append_to_file (char const *from, char const *to) - { -+ int to_flags = O_WRONLY | O_APPEND | O_BINARY; - int tofd; - -- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0) -+ if (! follow_symlinks) -+ to_flags |= O_NOFOLLOW; -+ if ((tofd = safe_open (to, to_flags, 0)) < 0) - pfatal ("Can't reopen file %s", quotearg (to)); - copy_to_fd (from, tofd); - if (close (tofd) != 0) --- -cgit v1.0-41-gc330 - diff --git a/system/patch/CVE-2019-13638.patch b/system/patch/CVE-2019-13638.patch deleted file mode 100644 index 38caff628..000000000 --- a/system/patch/CVE-2019-13638.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Fri, 6 Apr 2018 19:36:15 +0200 -Subject: Invoke ed directly instead of using the shell - -* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell -command to avoid quoting vulnerabilities. ---- - src/pch.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/pch.c b/src/pch.c -index 4fd5a05..16e001a 100644 ---- a/src/pch.c -+++ b/src/pch.c -@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname, - *outname_needs_removal = true; - copy_file (inname, outname, 0, exclusive, instat.st_mode, true); - } -- sprintf (buf, "%s %s%s", editor_program, -- verbosity == VERBOSE ? "" : "- ", -- outname); - fflush (stdout); - - pid = fork(); -@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname, - else if (pid == 0) - { - dup2 (tmpfd, 0); -- execl ("/bin/sh", "sh", "-c", buf, (char *) 0); -+ assert (outname[0] != '!' && outname[0] != '-'); -+ execlp (editor_program, editor_program, "-", outname, (char *) NULL); - _exit (2); - } - else --- -cgit v1.0-41-gc330 - diff --git a/system/patch/allow-missing.patch b/system/patch/allow-missing.patch deleted file mode 100644 index 98c9aa877..000000000 --- a/system/patch/allow-missing.patch +++ /dev/null @@ -1,33 +0,0 @@ -From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001 -From: Andreas Gruenbacher <agruen@gnu.org> -Date: Fri, 6 Apr 2018 11:34:51 +0200 -Subject: Allow input files to be missing for ed-style patches - -* src/pch.c (do_ed_script): Allow input files to be missing so that new -files will be created as with non-ed-style patches. ---- - src/pch.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/pch.c b/src/pch.c -index bc6278c..0c5cc26 100644 ---- a/src/pch.c -+++ b/src/pch.c -@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname, - - if (! dry_run && ! skip_rest_of_patch) { - int exclusive = *outname_needs_removal ? 0 : O_EXCL; -- assert (! inerrno); -- *outname_needs_removal = true; -- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -+ if (inerrno != ENOENT) -+ { -+ *outname_needs_removal = true; -+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); -+ } - sprintf (buf, "%s %s%s", editor_program, - verbosity == VERBOSE ? "" : "- ", - outname); --- -cgit v1.0-41-gc330 - diff --git a/system/pax-utils/APKBUILD b/system/pax-utils/APKBUILD index 9d306faf2..9b64e2668 100644 --- a/system/pax-utils/APKBUILD +++ b/system/pax-utils/APKBUILD @@ -1,28 +1,31 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Zach van Rijn <me@zv.io> pkgname=pax-utils -pkgver=1.3.4 +pkgver=1.3.8 pkgrel=0 -pkgdesc="ELF related utils for ELF 32/64 binaries" +pkgdesc="ELF utils that can check files for security relevant properties" url="https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities" arch="all" -options="!check" # depends on nx package(s) +options="!check" # depends on unpackaged py3-pyelftools license="GPL-2.0-only" depends="scanelf" -makedepends="linux-headers libcap-dev" -# ATTENTION MAINTAINERS: Generate a new tarball from upstream sources: -# git clone https://anongit.gentoo.org/git/proj/pax-utils.git -# cd pax-utils -# ./make-tarball.sh v$pkgver -source="https://distfiles.adelielinux.org/source/upstream/$pkgname-$pkgver.tar.xz" +makedepends="linux-headers libcap-dev muon xmlto" +source="https://dev.gentoo.org/~sam/distfiles/app-misc/$pkgname/$pkgname-$pkgver.tar.xz" subpackages="$pkgname-doc scanelf:_scanelf" build() { - make USE_CAP=yes + muon setup \ + -Dprefix=/usr \ + -Dlddtree_implementation=sh \ + -Duse_libcap=enabled \ + -Dbuild_manpages=enabled \ + -Duse_fuzzing=false \ + build + muon -C build samu } package() { - make DESTDIR="$pkgdir/" install + DESTDIR="$pkgdir" muon -C build install # Don't conflict with lddtree package rm -f "$pkgdir"/usr/bin/lddtree @@ -36,4 +39,4 @@ _scanelf() { mv "$pkgdir"/usr/bin/scanelf "$subpkgdir"/usr/bin/ } -sha512sums="44a475860823e8b70b1d09d69e5fba3ed8298511d07e1e7b09ce62237cb8b1ecee8fc2fc550d6853d0b9f8db3c350bf78ced49d5f210997b294dc10e36627fcd pax-utils-1.3.4.tar.xz" +sha512sums="0dde95f86802729d80b7b38af84dec636e973f6abc70600633edcb05d3d5f95c1b2861300ce478dd7f798c7a1e5eccb1011c06c53adba38e11a996b69d463656 pax-utils-1.3.8.tar.xz" diff --git a/system/perl-io-socket-ssl/APKBUILD b/system/perl-io-socket-ssl/APKBUILD index e8b9f6556..210fcabc3 100644 --- a/system/perl-io-socket-ssl/APKBUILD +++ b/system/perl-io-socket-ssl/APKBUILD @@ -5,7 +5,7 @@ _pkgreal=IO-Socket-SSL _author=SULLR _au=${_author%%"${_author#??}"} _a=${_author%%"${_author#?}"} -pkgver=2.085 +pkgver=2.095 pkgrel=0 pkgdesc="Perl module implementing SSL/TLS with IO::Socket interface" url="https://metacpan.org/release/IO-Socket-SSL" @@ -31,4 +31,4 @@ package() { find "$pkgdir" \( -name perllocal.pod -o -name .packlist \) -delete } -sha512sums="c4e045e88f69579d53a3663ed8f74d342fe3529e24e06d9e7d299debafdb840839c6f5bccb579b4d03f7501615439dba4661ac006312f379a2598a3030634cfd IO-Socket-SSL-2.085.tar.gz" +sha512sums="6025bc0eac4258e81eb0fc6da9297e8c3c648ed02ba0b2b66a6f604f83a7bd5d8b4a945e7c51c733754a7738ed1309316d4d1be6eccf1f7744fc58fd9fb27109 IO-Socket-SSL-2.095.tar.gz" diff --git a/system/perl-net-http/APKBUILD b/system/perl-net-http/APKBUILD index 6235d2fc0..1cff0a513 100644 --- a/system/perl-net-http/APKBUILD +++ b/system/perl-net-http/APKBUILD @@ -23,6 +23,7 @@ build() { } check() { + export NO_NETWORK_TESTING=1 #986 make test } diff --git a/system/pkgconf/APKBUILD b/system/pkgconf/APKBUILD index e67f27565..a3cb2132e 100644 --- a/system/pkgconf/APKBUILD +++ b/system/pkgconf/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=pkgconf -pkgver=1.9.4 +pkgver=2.4.3 pkgrel=0 pkgdesc="Toolkit for maintaining development package metadata" url="http://pkgconf.org/" @@ -47,4 +47,4 @@ dev() { mv "$subpkgdir"/usr/share/aclocal/pkg.m4 "$pkgdir"/usr/share/aclocal/ } -sha512sums="079436244f3942161f91c961c96d382a85082079c9843fec5ddd7fb245ba7500a9f7a201b5ef2c70a7a079fe1aacf3a52b73de5402a6f061df87bcdcf0a90755 pkgconf-1.9.4.tar.xz" +sha512sums="7e59b6aaf875ec3fc8c225985937384d2aef57d9daf64b7ea88242bf1a11349fe52cf6d1238d728f0509599982d69c761a0f01e8f8e24de028db58288760896f pkgconf-2.4.3.tar.xz" diff --git a/system/po4a/APKBUILD b/system/po4a/APKBUILD index f5cdb0755..728357272 100644 --- a/system/po4a/APKBUILD +++ b/system/po4a/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Christian Kampka <christian@kampka.net> # Maintainer: Zach van Rijn <me@zv.io> pkgname=po4a -pkgver=0.69 +pkgver=0.73 pkgrel=0 pkgdesc="Tools for helping translation of documentation" url="https://po4a.org" @@ -35,5 +35,5 @@ package() { find ${pkgdir} -name .packlist -o -name perllocal.pod -delete } -sha512sums="9cb5eec547ab18d1c3ebdda212b909fc4f5489a74641ba2d7e0a3a1d060f245d23667c16e687c678c5ccc3809c9315d20673266dcc3764172a899caa397238e3 po4a-0.69.tar.gz -be457a023383c60864bd155b13d8952f8ae523b709a464af2419695a3fb64c1ee6b4176b23811241fa9bed87c2d0c44dbf8c19178046b052b49ea191d03ccc5a disable-stats.patch" +sha512sums="5860af1da2a0ab1875a994b09ae2da481c12a6777655610e8c8ded4a6132048a33aeea10eaa756a73af1a7bf1e3e65f7ab5ded9d799904ae3240c6ec3b0a31d2 po4a-0.73.tar.gz +2765d06cb3009126af21570faea8c6bb04b570716d26ab1b519868023ac22662f0aa489de063bd55f444baa7f6403f4e0c2c8605f6b4cfa4e1a0c2762b9f2def disable-stats.patch" diff --git a/system/po4a/disable-stats.patch b/system/po4a/disable-stats.patch index 692888460..bbe6bc5e2 100644 --- a/system/po4a/disable-stats.patch +++ b/system/po4a/disable-stats.patch @@ -10,7 +10,7 @@ This is because stdout/stderr is empty. --- po4a-0.66/Po4aBuilder.pm.old 2022-01-01 18:10:18.000000000 -0600 +++ po4a-0.66/Po4aBuilder.pm 2022-05-07 19:42:25.316006467 -0500 -@@ -15,7 +15,8 @@ +@@ -22,7 +22,8 @@ $self->depends_on('docs'); $self->depends_on('distmeta'); # regenerate META.yml $self->depends_on('man') unless ($^O eq 'MSWin32'); diff --git a/system/procps/APKBUILD b/system/procps/APKBUILD index 11ccc7172..e0c3aac92 100644 --- a/system/procps/APKBUILD +++ b/system/procps/APKBUILD @@ -1,19 +1,20 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=procps -pkgver=3.3.17 +pkgver=4.0.5 pkgrel=0 pkgdesc="Utilities for monitoring your system and processes on your system" url="https://gitlab.com/procps-ng/procps" arch="all" -license="GPL-2.0+ LGPL-2.0+" +license="GPL-2.0+ AND LGPL-2.0+" depends="" checkdepends="dejagnu" makedepends_build="autoconf automake libtool gettext-tiny" makedepends_host="ncurses-dev utmps-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang libproc" source="https://gitlab.com/procps-ng/procps/-/archive/v$pkgver/procps-v$pkgver.tar.bz2 - use-utmpx.patch - add-langinfo-header.patch + shell-portability.patch + ut-hostsize.patch + utmpx.patch " builddir="$srcdir/$pkgname-v$pkgver" @@ -24,6 +25,7 @@ prepare() { } build() { + export CFLAGS="$CFLAGS -D__UT_HOSTSIZE=UT_HOSTSIZE" export LIBS="$LIBS -lutmps -lskarnet" export VERSION="$pkgver" ./configure \ @@ -70,6 +72,7 @@ libproc() { mv "$pkgdir"/lib "$subpkgdir"/ } -sha512sums="7f4ad6a76b042a2478fa866ea63d6826129b08b734c6341155134fcc73c0cf0df429c369dbd5aa65b28ebeeb1ab6ee8df4f2dab2083951bad539bce916e14b64 procps-v3.3.17.tar.bz2 -77cfd89cf75e937806dd068a83da3ad548000b941401fce49a482988dc8db82438ade2a939cf6fe795a59059275ffc4a61520b169da60f53ecef408a24042bcf use-utmpx.patch -f1085cec2fab869b94d2a4b45baf68d6316e8f2ac729cd23341ef27c871df91f83f8953a777a0e858b244d8faf5171f9c640b9e7616c9a5d9c816fa044b92a78 add-langinfo-header.patch" +sha512sums="8fc75d8c205ea18605a1f1eccf487a4236cd0503543d5c2917bcb047e760beba3b25b4ad3cb3224a48b390ec9289993bd5fed77105fa97c6b464c17708e97403 procps-v4.0.5.tar.bz2 +99bb972229204afda5236e71bdfaeaca383e9ab509cd21b78140457193b7dcc301b1306a621fe5164d975928a2d17128ed23f46502dd36c1aa10daaef28b792c shell-portability.patch +bb22cf9875f08d027825645f46d467fbfe4b7d7b0374412f44929577e7afc723b44495edd9751901c2ba2292b2a59e9e5d532324047fefd986c30675563f7f45 ut-hostsize.patch +670b4ff2e160fd4090be5c2474a08f44f3560d177de6276c734236e176148edfd877ebee3e326df6ccdb62cabb5d6281b14326a61cda7df9b7349115d9ce7853 utmpx.patch" diff --git a/system/procps/add-langinfo-header.patch b/system/procps/add-langinfo-header.patch deleted file mode 100644 index 8498271e8..000000000 --- a/system/procps/add-langinfo-header.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -ur a/proc/escape.c b/proc/escape.c ---- a/proc/escape.c 2022-05-04 06:50:01.750000000 +0000 -+++ b/proc/escape.c 2022-05-04 06:50:29.050000000 +0000 -@@ -20,6 +20,7 @@ - #include <stdio.h> - #include <sys/types.h> - #include <string.h> -+#include <langinfo.h> - #include <limits.h> - #include "procps.h" - #include "escape.h" diff --git a/system/procps/shell-portability.patch b/system/procps/shell-portability.patch new file mode 100644 index 000000000..98e161483 --- /dev/null +++ b/system/procps/shell-portability.patch @@ -0,0 +1,11 @@ +--- procps-v4.0.5/Makefile.am.old 2024-12-18 18:41:10.000000000 -0600 ++++ procps-v4.0.5/Makefile.am 2025-06-16 04:03:21.753061719 -0500 +@@ -455,7 +455,7 @@ + last_capname=`sed -n -e 's/^#define\s*CAP_LAST_CAP\s*\([A-Z_]*\)$$/\1/p' $(LNX_CAP_HEADER)`; \ + capability_count=`sed -n -e "s/^#define\s*$$last_capname\s*\([0-9]*\)$$/\1/p" $(LNX_CAP_HEADER)`; \ + sed -n -e 's/^#define\s*CAP_\([A-Z_]*\)\s*\([0-9]*\)$$/ [\2] = \"\L\1\",/p' $(LNX_CAP_HEADER) >> $@; \ +- echo -e "};\n\n" >> $@; \ ++ printf '};\n\n' >> $@; \ + echo "#define CAPABILITY_COUNT $$capability_count" >> $@; \ + echo "$$capnames_footer" >> $@; \ + echo ""; \ diff --git a/system/procps/use-utmpx.patch b/system/procps/use-utmpx.patch deleted file mode 100644 index 608ea6182..000000000 --- a/system/procps/use-utmpx.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -ur a/proc/whattime.c b/proc/whattime.c ---- a/proc/whattime.c 2022-05-04 07:08:11.390000000 +0000 -+++ b/proc/whattime.c 2022-05-04 07:08:42.860000000 +0000 -@@ -33,7 +33,7 @@ - #include <fcntl.h> - #include <unistd.h> - #include <time.h> --#include <utmp.h> -+#include <utmpx.h> - #include <sys/ioctl.h> - #include "whattime.h" - #include "sysinfo.h" -@@ -42,7 +43,7 @@ - static double av[3]; - - char *sprint_uptime(int human_readable) { -- struct utmp *utmpstruct; -+ struct utmpx *utmpstruct; - int upminutes, uphours, updays, upweeks, upyears, updecades; - int pos; - int comma; -@@ -98,13 +99,13 @@ - /* count the number of users */ - - numuser = 0; -- setutent(); -- while ((utmpstruct = getutent())) { -+ setutxent(); -+ while ((utmpstruct = getutxent())) { - if ((utmpstruct->ut_type == USER_PROCESS) && - (utmpstruct->ut_name[0] != '\0')) - numuser++; - } -- endutent(); -+ endutxent(); - - pos += sprintf(buf + pos, "%2d user%s, ", numuser, numuser == 1 ? "" : "s"); - diff --git a/system/procps/ut-hostsize.patch b/system/procps/ut-hostsize.patch new file mode 100644 index 000000000..3bc3255f7 --- /dev/null +++ b/system/procps/ut-hostsize.patch @@ -0,0 +1,14 @@ +--- procps-v4.0.5/configure.ac.old 2024-12-18 18:41:10.000000000 -0600 ++++ procps-v4.0.5/configure.ac 2025-06-16 03:13:14.743718810 -0500 +@@ -81,9 +81,9 @@ + dnl Needed for musl + if test "x$ac_cv_header_utmpx_h" = xyes + then : +-AC_CHECK_DECLS([__UT_HOSTSIZE], ++AC_CHECK_DECLS([UT_HOSTSIZE], + [AC_DEFINE([HAVE_UT_HOSTSIZE_IN_UTMPX], [1], +- [Define if __UT_HOSTSIZE in utmpx.h])], ++ [Define if UT_HOSTSIZE in utmpx.h])], + [], + [[#include <utmpx.h>]]) + fi diff --git a/system/procps/utmpx.patch b/system/procps/utmpx.patch new file mode 100644 index 000000000..c4af55ede --- /dev/null +++ b/system/procps/utmpx.patch @@ -0,0 +1,44 @@ +--- procps-v4.0.5/library/uptime.c.old 2024-12-18 18:41:10.000000000 -0600 ++++ procps-v4.0.5/library/uptime.c 2025-06-16 03:14:07.898014940 -0500 +@@ -30,7 +30,11 @@ + #include <string.h> + #include <time.h> + #include <unistd.h> ++#ifdef HAVE_UTMPX_H ++#include <utmpx.h> ++#else + #include <utmp.h> ++#endif + #ifdef WITH_SYSTEMD + #include <systemd/sd-daemon.h> + #include <systemd/sd-login.h> +@@ -63,7 +67,7 @@ + PROCPS_EXPORT int procps_users(void) + { + int numuser = 0; +-#ifdef HAVE_UTMP_X ++#ifdef HAVE_UTMPX_H + struct utmpx *ut; + #else + struct utmp *ut; +@@ -99,7 +103,7 @@ + } + #endif + +-#ifdef HAVE_UTMP_X ++#ifdef HAVE_UTMPX_H + setutxent(); + while ((ut = getutxent())) { + #else +@@ -109,7 +113,11 @@ + if ((ut->ut_type == USER_PROCESS) && (ut->ut_name[0] != '\0')) + numuser++; + } ++#ifdef HAVE_UTMPX_H ++ endutxent(); ++#else + endutent(); ++#endif + + return numuser; + } diff --git a/system/psmisc/APKBUILD b/system/psmisc/APKBUILD index b80969030..36244bc77 100644 --- a/system/psmisc/APKBUILD +++ b/system/psmisc/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: Zach van Rijn <me@zv.io> pkgname=psmisc -pkgver=23.6 +pkgver=23.7 pkgrel=0 pkgdesc="Miscellaneous utilities that use the proc filesystem" url="https://gitlab.com/psmisc/psmisc" @@ -49,5 +49,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="17ee04c2ce8bd5107b583069853dbf296ecbbf5b3bfb395d02e35691212de453e8b8cae15666a61a3041487cc0e4d1a6e7fbe105afc3a0114bd5b19682efa17a psmisc-23.6.tar.bz2 -a910611896368a088503f50a04a1c2af00d57ee20f3613e81c79cd89574805a505dff43e356ed833a464e3b59d7c1e11fd52cf0bbf32fcfece4dbd2380f23b71 fix-peekfd-on-ppc.patch" +sha512sums="facb57c8f4dcd4ed7ece729c2108f91aaaf2f2c5123c71f8f645d30c4bfb8ec147f1f222da262c37e18a7b0def7c25b66e3b5d0e216a45a016e8085f472121eb psmisc-23.7.tar.bz2 +2832aab7a76fa2e9190eeca5131bb2697464c939f451e3662b5d1a102b26a20249d096a840c58db4be50fe6759b4e810706f496b49b0b77dd7eeb5e47edacc86 fix-peekfd-on-ppc.patch" diff --git a/system/psmisc/fix-peekfd-on-ppc.patch b/system/psmisc/fix-peekfd-on-ppc.patch index b28e17efb..5368f33d7 100644 --- a/system/psmisc/fix-peekfd-on-ppc.patch +++ b/system/psmisc/fix-peekfd-on-ppc.patch @@ -1,6 +1,6 @@ --- psmisc-23.0/src/peekfd.c.old 2017-06-12 00:29:46.000000000 +0000 +++ psmisc-23.0/src/peekfd.c 2017-06-28 10:15:18.635344983 +0000 -@@ -266,11 +266,11 @@ +@@ -341,11 +341,11 @@ if (WIFSTOPPED(status)) { #ifdef PPC struct pt_regs regs; diff --git a/system/python3/APKBUILD b/system/python3/APKBUILD index 64fd5ec98..07a7b44bd 100644 --- a/system/python3/APKBUILD +++ b/system/python3/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Síle Ekaterin Liszka <sheila@vulpine.house> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=python3 -pkgver=3.11.5 +pkgver=3.11.13 _basever="${pkgver%.*}" pkgrel=0 pkgdesc="A high-level scripting language" @@ -189,6 +189,6 @@ tests() { "$subpkgdir"/usr/lib/python$_basever/ } -sha512sums="93fa640bedcea449060caac8aa691aa315a19f172fd9f0422183d17749c3512d4ecac60e7599f9ef14e3cdb3c8b4b060e484c9061b1e7ee8d958200d6041e408 Python-3.11.5.tar.xz -df1c7096a7744c94312ee6cacdd54345e384bcdf2a17148163f5f4c70f0cfa80301efbcbb2398306401ec53106e5c6922ba582a7df226e718cedb53396cc4786 musl-find_library.patch +sha512sums="70f57464d548eac4fe0d0c7f85a14b0e549a4e25ef66de4fc36b06ce72a3efe87dadfcd56ee275c10483cf802fbc9d73b61f9fb2941a46e2f92f075aeb1afe85 Python-3.11.13.tar.xz +43dcf9955c9f7bee8b509d94bcce9f3946fe082c9987a2fe3ce2bf39a63f40473a524c30af47bef9ea1913545956cd75adeb25cf095b72c971fe8c5da8f1ffd9 musl-find_library.patch 75c60afecba2e57f11d58c20aadc611ebbb5c68e05b14415c5cf2f7aa75e103986764ca22f76e6a58b2c08e2ff3acffdbf6d85d2c8c4589743a0b949a4c90687 musl-has-login_tty.patch" diff --git a/system/python3/musl-find_library.patch b/system/python3/musl-find_library.patch index 6181ede0a..b60ee20fa 100644 --- a/system/python3/musl-find_library.patch +++ b/system/python3/musl-find_library.patch @@ -1,7 +1,7 @@ diff -ru Python-2.7.12.orig/Lib/ctypes/util.py Python-2.7.12/Lib/ctypes/util.py --- Python-2.7.12.orig/Lib/ctypes/util.py 2016-06-26 00:49:30.000000000 +0300 +++ Python-2.7.12/Lib/ctypes/util.py 2016-11-03 16:05:46.954665040 +0200 -@@ -265,6 +265,41 @@ +@@ -268,6 +268,41 @@ def find_library(name, is64 = False): return _get_soname(_findLib_crle(name, is64) or _findLib_gcc(name)) diff --git a/system/rhash/APKBUILD b/system/rhash/APKBUILD index c58756509..34010792e 100644 --- a/system/rhash/APKBUILD +++ b/system/rhash/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Przemyslaw Pawelczyk <przemoc@zoho.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=rhash -pkgver=1.4.3 +pkgver=1.4.6 pkgrel=0 pkgdesc="Utility for calculation and verification of hash sums and magnet links" url="https://rhash.sourceforge.net/" @@ -31,4 +31,4 @@ package() { make -j1 DESTDIR="$pkgdir" install install-gmo install-lib-headers install-lib-so-link install-man } -sha512sums="d87ffcde28d8f25cf775c279fed457e52d24523ed9b695629dae694b3c22372247d18f6032f8ce13a0b70fa2953be408982e46659daaa7c4ab227ae89eaed9c7 rhash-1.4.3.tar.gz" +sha512sums="c125b71ec36cce2ec31057239cac8b987555f5e3b152dacb6386b905f8cc4d449c1de5b53e5a5206a2d87975681225c9b54e5826c10ffd91b3440f8595d22b15 rhash-1.4.6.tar.gz" diff --git a/system/rsync/APKBUILD b/system/rsync/APKBUILD index 09fe1740c..cfbf8695b 100644 --- a/system/rsync/APKBUILD +++ b/system/rsync/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Síle Ekaterin Liszka <sheila@vulpine.house> pkgname=rsync -pkgver=3.4.0 +pkgver=3.4.1 pkgrel=0 pkgdesc="File transfer program to keep remote files in sync" url="https://rsync.samba.org/" @@ -75,7 +75,7 @@ rrsync() { install -D -m 755 "$builddir"/support/rrsync "$subpkgdir"/usr/bin/rrsync } -sha512sums="4a0e7817e6e71e0173713ddd6b6bc7ee86237d092bd0a8c830a69f9993b76b5712a13a3ca60c7bbf42162cdc837df8783e07f8cd65c32fcb12c35f751043c56b rsync-3.4.0.tar.gz +sha512sums="a3ecde4843ddb795308dca88581b868ac0221eb6f88a1477d7a9a2ecb4e4686042966bdddbab40866f90a4715d3104daa7b83222ddf0f3387b796a86bde8e5c2 rsync-3.4.1.tar.gz 638d87c9a753b35044f6321ccd09d2c0addaab3c52c40863eb6905905576b5268bec67b496df81225528c9e39fbd92e9225d7b3037ab1fda78508d452c78158f rsyncd.initd c7527e289c81bee5e4c14b890817cdb47d14f0d26dd8dcdcbe85c7199cf27c57a0b679bdd1b115bfe00de77b52709cc5d97522a47f63c1bb5104f4a7220c9961 rsyncd.confd 3db8a2b364fc89132af6143af90513deb6be3a78c8180d47c969e33cb5edde9db88aad27758a6911f93781e3c9846aeadc80fffc761c355d6a28358853156b62 rsyncd.conf diff --git a/system/ruby/APKBUILD b/system/ruby/APKBUILD index c01d0fec0..93cb3a460 100644 --- a/system/ruby/APKBUILD +++ b/system/ruby/APKBUILD @@ -42,7 +42,7 @@ # - CVE-2020-8130 # pkgname=ruby -pkgver=3.4.1 +pkgver=3.4.4 _abiver="${pkgver%.*}.0" pkgrel=0 pkgdesc="An object-oriented language for quick and easy programming" @@ -274,7 +274,7 @@ _mvgem() { done } -sha512sums="8d2e34117696f9debf463ae1eed288fdbb5c1a12e32800e901b69218e3b7302a0066052077e2ebca851e3a635296199bd5a10437eea1d6f787f69a77bb865680 ruby-3.4.1.tar.xz +sha512sums="0d258cf790daad424c866404b5cbdc8adba0e4e13764847a89adf2335229e5184095c9f3e9594705897697e48bcc322d9a9f919b04047abb2075daca9fce8871 ruby-3.4.4.tar.xz a142199140fa711a64717429e9069fd2082319abaf4b129f561db374b3bc16e2a90cc4c849b5d28334505d1c71fed242aef3c44d983da3513d239dcb778673a5 rubygems-avoid-platform-specific-gems.patch 814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch 3ffc034c01110ee5531265333ca5ee8d61d08131843fe3004c5b34c88c9c1b32cb4ed89574f393177c8bd526e9c15da61ab344f93adf07b9148c561ee19e2eb5 fix-get_main_stack.patch" diff --git a/system/samurai/APKBUILD b/system/samurai/APKBUILD new file mode 100644 index 000000000..3bcd50c72 --- /dev/null +++ b/system/samurai/APKBUILD @@ -0,0 +1,37 @@ +# Contributor: Síle Ekaterin Liszka <sheila@vulpine.house> +# Maintainer: Síle Ekaterin Liszka <sheila@vulpine.house> +pkgname=samurai +pkgver=1.2 +pkgrel=0 +pkgdesc="Pure-C drop-in replacement for ninja" +url="https://github.com/michaelforney/samurai" +arch="all" +options="!check" # no test suite and upstream build-tests against Chromium anyhow +license="Apache-2.0 OR ISC" +depends="" +makedepends="" +provides="ninja" +replaces="ninja" +subpackages="$pkgname-doc" +source="https://github.com/michaelforney/samurai/releases/download/$pkgver/samurai-$pkgver.tar.gz + CVE-2021-30218.patch + CVE-2021-30219.patch" + +# secfixes: +# 1.2-r0: +# - CVE-2021-30218 +# - CVE-2021-30219 + +build() { + make +} + +package() { + make PREFIX=/usr DESTDIR="$pkgdir" install + cd "$pkgdir/usr/bin" + ln -s samu ninja +} + +sha512sums="bbe6a582c34b04f1df53b76c1647aa3e03c4698ebf7591a203935f11ffa05971bbcb86dc1a8c06aeb904cdc741abb08918122810fc47216fed0a6d9f87fd1225 samurai-1.2.tar.gz +6e1c3a0bd92e006f364a81e9e51394f1bc583efa96120306fe33dc0a48cb4babaa8e8c97d754d3c37cda4b4936e77f64e4c138ccb8cfedfdce43adb09c393edb CVE-2021-30218.patch +0504b137fc9ac113453075a22bdfac4ab7616f668e640b7125041400729aaecad1173c528934223246035f68a95d92c6a85e62d1ea5fea996d85647cb33483eb CVE-2021-30219.patch" diff --git a/system/samurai/CVE-2021-30218.patch b/system/samurai/CVE-2021-30218.patch new file mode 100644 index 000000000..1d6663865 --- /dev/null +++ b/system/samurai/CVE-2021-30218.patch @@ -0,0 +1,29 @@ +From e84b6d99c85043fa1ba54851ee500540ec206918 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Fri, 2 Apr 2021 17:27:48 -0700 +Subject: [PATCH] util: Check for NULL string in writefile + +This check was there previously, but was removed in f549b757 with +the addition of a check during parse that every rule has rspfile +if and only if it has rspfile_content. However, this fails to +consider the possibility of those variables coming from the edge +or global environment. So, re-add the check. + +Fixes #67. +--- + util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util.c b/util.c +index ea5c3ce..2a59881 100644 +--- a/util.c ++++ b/util.c +@@ -258,7 +258,7 @@ writefile(const char *name, struct string *s) + return -1; + } + ret = 0; +- if (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0) { ++ if (s && (fwrite(s->s, 1, s->n, f) != s->n || fflush(f) != 0)) { + warn("write %s:", name); + ret = -1; + } diff --git a/system/samurai/CVE-2021-30219.patch b/system/samurai/CVE-2021-30219.patch new file mode 100644 index 000000000..fbc97b03d --- /dev/null +++ b/system/samurai/CVE-2021-30219.patch @@ -0,0 +1,26 @@ +From d2af3bc375e2a77139c3a28d6128c60cd8d08655 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Sun, 4 Apr 2021 03:50:09 -0700 +Subject: [PATCH] parse: Check for non-empty command/rspfile/rspfile_content + +This matches ninja behavior and prevents the possibility of a rule +with an empty (NULL) command string. + +Fixes #68. +--- + parse.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/parse.c b/parse.c +index f79a5ee..b4b98a1 100644 +--- a/parse.c ++++ b/parse.c +@@ -42,6 +42,8 @@ parserule(struct scanner *s, struct environment *env) + var = scanname(s); + parselet(s, &val); + ruleaddvar(r, var, val); ++ if (!val) ++ continue; + if (strcmp(var, "command") == 0) + hascommand = true; + else if (strcmp(var, "rspfile") == 0) diff --git a/system/scdoc/APKBUILD b/system/scdoc/APKBUILD index d496dce6a..348ccc385 100644 --- a/system/scdoc/APKBUILD +++ b/system/scdoc/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=scdoc -pkgver=1.11.2 +pkgver=1.11.3 pkgrel=0 pkgdesc="Small man page generator" url="https://git.sr.ht/~sircmpwn/scdoc" @@ -21,4 +21,4 @@ package() { make PREFIX=/usr DESTDIR=$pkgdir install } -sha512sums="3fbf1a74b222dd88410636124e4b6ca73f7e77f67d512cf430a878fefcaa5c6c13a1e9f6c0c9654de15353f94bb1bd528665acebc2293bebb325501d1eb6cda3 scdoc-1.11.2.tar.gz" +sha512sums="fbecc505b44c396890c53c05183d34336160dbd02993ee120421fc6e2a3ec78ba349747e8acfe97af956a0081c923309290ff97fb7babafbc3ca8addc9ec92f9 scdoc-1.11.3.tar.gz" diff --git a/system/strace/APKBUILD b/system/strace/APKBUILD index 7894f3ae4..55b7da853 100644 --- a/system/strace/APKBUILD +++ b/system/strace/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=strace -pkgver=6.9 +pkgver=6.15 pkgrel=0 pkgdesc="A useful diagnositic, instructional, and debugging tool" url="https://strace.io/" @@ -54,5 +54,5 @@ package() { make -j1 DESTDIR="$pkgdir" install } -sha512sums="aa80b9b6ec41082f1710f2327f7a22003cdce6d95ab0e5083ada9c5b7b40b8f7cbc7dc6c017878dc0e42c52e405e98ed1488c51d17bc3538989ff4be2c2411e1 strace-6.9.tar.xz +sha512sums="5bb21b55d52aab6883821d4aea9449138d5efafac99f72b3831de710ed1ece11bb4a21b16fab97d772397213f43d06072e1d467ae03c38198ead0e65ddcd6ab5 strace-6.15.tar.xz 6616161b6e015c5e56b7171995d28ab63a865156b7f9826b4be26beaac863f0ebc341014910ea53157a810c6afafc10ce80b2d31f4d649d28718a9be78795c6c nlattr-fix.patch" diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD index 8010e5e88..7bcd318e1 100644 --- a/system/sudo/APKBUILD +++ b/system/sudo/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Horst Burkhardt <horst@adelielinux.org> pkgname=sudo -pkgver=1.9.10 +pkgver=1.9.17 if [ "${pkgver%_*}" != "$pkgver" ]; then _realver=${pkgver%_*}${pkgver#*_} else @@ -78,4 +78,4 @@ package() { rm -rf "$pkgdir"/var/run } -sha512sums="65cf92b67b64413cb807da8b9602fc90b75e5b30dd1402d682ca36f276a3d6209a8a59c14e463898abc9856bc56263e5ba4bb6d44774f56a2885a9eea4a35375 sudo-1.9.10.tar.gz" +sha512sums="e94df174ca63a828d953d8400d7e68f8cb86119ca1cd845567b7b452d09bef806a6bd0a6cfc232acfdf7c85aa915f2897b29990c7df89b36c92c62aa469cd7a7 sudo-1.9.17.tar.gz" diff --git a/system/sysvinit/APKBUILD b/system/sysvinit/APKBUILD index 1532dfd35..bc7db3d00 100644 --- a/system/sysvinit/APKBUILD +++ b/system/sysvinit/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=sysvinit -pkgver=3.11 +pkgver=3.14 pkgrel=0 pkgdesc="System V-style init programs" url="https://savannah.nongnu.org/projects/sysvinit" @@ -14,8 +14,9 @@ install="sysvinit.post-upgrade sysvinit.post-install" provides="/sbin/init=0" subpackages="$pkgname-doc" source="https://github.com/slicer69/sysvinit/releases/download/$pkgver/$pkgname-$pkgver.tar.xz - inittab-2.88 + bounds.patch utmpx.patch + inittab-2.88 s6-svscanboot " @@ -71,7 +72,8 @@ package() { _install_s6_stuff } -sha512sums="12e2d11b76702b493e8f083e5409b98a1daf41a8d9fb7ef8a36416bb0310d5a26b92eaee0c9396c03cf08842258b953f79541ae147ef730f3bc54530da4d1029 sysvinit-3.11.tar.xz +sha512sums="d2b7279523b301b3d7325c5cf9acef8f9fcc35199dc0f284eee22306c2cb96b42f9a27375a7877033c4d3b16b30fb32c1be32c3665fd2cba183630e008a682a3 sysvinit-3.14.tar.xz +f845750b21d5504e56b0841f3b299ae33770399456da9db6a155d1294a1f27daa68ccc4b078ccb83f1f72d559b87674207b6703043e9a85d1479ec857ecf2c09 bounds.patch +033fb17f7e02bddf1068e5565e3a578abfd2c8caba4a67640a4da8d25e40fd38d3d2d624ebf8818465ebd1d0cd83424608df57c57730ab4283a20aead9023f70 utmpx.patch 87668b49690091a227c0384fd2400f1006d24c27cc27a25efa7eba56839ccb1eead00b58ce4b654eab9c0208d68aa2cbb888fd5f2990905845aa9688442a69a0 inittab-2.88 -78d04e33099de13b40243ac0be3e93bf4f2addcee3155c799e711ffec0dc003bf416d956d302aba92ec3e80d2dc6b2d73da0133e3466fce49531f672190ca2d9 utmpx.patch e52fd49daa5abfc583f1973f3428b1e00a71e7136a8bc6418e94b345d53ef250b3b3c3bee389fe37872b26a78d0957ae852e221428f33b2c728dfd3d50b59634 s6-svscanboot" diff --git a/system/sysvinit/bounds.patch b/system/sysvinit/bounds.patch new file mode 100644 index 000000000..bf30d56e2 --- /dev/null +++ b/system/sysvinit/bounds.patch @@ -0,0 +1,19 @@ +--- sysvinit-3.14/src/dowall.c.old 2025-06-24 02:38:56.414501867 -0500 ++++ sysvinit-3.14/src/dowall.c 2025-06-25 01:36:34.943110622 -0500 +@@ -44,6 +44,7 @@ + #ifndef HOST_NAME_MAX + # define HOST_NAME_MAX 255 + #endif ++#define MIN(a,b) (((a)<(b))?(a):(b)) + + static sigjmp_buf jbuf; + +@@ -226,7 +227,7 @@ + utmp->ut_user[0] == 0) continue; + if (strncmp(utmp->ut_line, _PATH_DEV, strlen(_PATH_DEV)) == 0) { + term[0] = 0; +- strncat(term, utmp->ut_line, sizeof(term)-1); ++ strncat(term, utmp->ut_line, MIN(UT_LINESIZE,sizeof(term)-1)); + } else + snprintf(term, sizeof(term), _PATH_DEV "%.*s", + UT_LINESIZE, utmp->ut_line); diff --git a/system/sysvinit/utmpx.patch b/system/sysvinit/utmpx.patch index e839a0834..195532b4c 100644 --- a/system/sysvinit/utmpx.patch +++ b/system/sysvinit/utmpx.patch @@ -10,7 +10,7 @@ diff -ur a/src/dowall.c b/src/dowall.c #include <pwd.h> #include <fcntl.h> #include <signal.h> -@@ -160,7 +160,7 @@ +@@ -161,7 +161,7 @@ { FILE *tp; struct sigaction sa; @@ -19,7 +19,7 @@ diff -ur a/src/dowall.c b/src/dowall.c time_t t; char term[UT_LINESIZE+ strlen(_PATH_DEV) + 1]; char line[256]; -@@ -217,9 +217,9 @@ +@@ -220,9 +220,9 @@ sigemptyset(&sa.sa_mask); sigaction(SIGALRM, &sa, NULL); @@ -31,7 +31,7 @@ diff -ur a/src/dowall.c b/src/dowall.c if(utmp->ut_type != USER_PROCESS || utmp->ut_user[0] == 0) continue; if (strncmp(utmp->ut_line, _PATH_DEV, strlen(_PATH_DEV)) == 0) { -@@ -253,7 +253,7 @@ +@@ -256,7 +256,7 @@ if (fd >= 0) close(fd); if (tp != NULL) fclose(tp); } @@ -105,7 +105,7 @@ diff -ur a/src/init.c b/src/init.c char *console_dev; /* Console device. */ int pipe_fd = -1; /* /run/initctl */ int did_boot = 0; /* Did we already do BOOT* stuff? */ -@@ -2332,12 +2328,6 @@ +@@ -2367,12 +2363,6 @@ static void redo_utmp_wtmp(void) { @@ -118,7 +118,7 @@ diff -ur a/src/init.c b/src/init.c if ((wrote_wtmp_reboot == 0) || (wrote_utmp_reboot == 0)) write_utmp_wtmp("reboot", "~~", 0, BOOT_TIME, "~"); -@@ -2879,8 +2869,6 @@ +@@ -2914,8 +2904,6 @@ console_init(); if (!reload) { @@ -127,7 +127,7 @@ diff -ur a/src/init.c b/src/init.c /* Close whatever files are open, and reset the console. */ close(0); close(1); -@@ -2894,13 +2882,6 @@ +@@ -2929,13 +2917,6 @@ setenv("PATH", PATH_DEFAULT, 1 /* Overwrite */); /* @@ -198,7 +198,7 @@ diff -ur a/src/shutdown.c b/src/shutdown.c #include <syslog.h> #include "paths.h" #include "reboot.h" -@@ -355,6 +351,9 @@ +@@ -358,6 +354,9 @@ for(i = 3; i < 20; i++) close(i); close(255); @@ -208,7 +208,7 @@ diff -ur a/src/shutdown.c b/src/shutdown.c /* First idle init. */ if (kill(1, SIGTSTP) < 0) { fprintf(stderr, "shutdown: can't idle init: %s.\r\n", strerror(errno)); -@@ -381,9 +380,6 @@ +@@ -384,9 +383,6 @@ /* Give init the chance to collect zombies. */ /* sleep(1); */ @@ -218,7 +218,7 @@ diff -ur a/src/shutdown.c b/src/shutdown.c /* This is for those who have quota installed. */ #if defined(ACCTON_OFF) # if (ACCTON_OFF > 1) && (_BSD_SOURCE || (_XOPEN_SOURCE && _XOPEN_SOURCE < 500)) -@@ -514,7 +510,7 @@ +@@ -517,7 +513,7 @@ struct sigaction sa; struct tm *lt; struct stat st; @@ -227,7 +227,7 @@ diff -ur a/src/shutdown.c b/src/shutdown.c time_t t, target_time; char *halttype; char *downusers[32]; -@@ -634,7 +630,7 @@ +@@ -637,7 +633,7 @@ fclose(fp); /* Now walk through /var/run/utmp to find logged in users. */ @@ -236,7 +236,7 @@ diff -ur a/src/shutdown.c b/src/shutdown.c /* See if this is a user process on a VC. */ if (ut->ut_type != USER_PROCESS) continue; -@@ -660,7 +656,7 @@ +@@ -663,7 +659,7 @@ break; } } diff --git a/system/tcl/APKBUILD b/system/tcl/APKBUILD index 7b4097e9b..87341d6f6 100644 --- a/system/tcl/APKBUILD +++ b/system/tcl/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Zach van Rijn <me@zv.io> pkgname=tcl -pkgver=8.6.13 +pkgver=8.6.16 pkgrel=0 pkgdesc="The Tcl scripting language" url="https://tcl.sourceforge.net/" @@ -72,5 +72,5 @@ dev() { done } -sha512sums="b597f6b62fd71457e96445401a4f8aa662c2678de8a52127c60b0abddebf1fd4452ba5364420902a15b263c0118fc91167550fd1ad2d24fa4ab2204e372c027e tcl8.6.13-src.tar.gz +sha512sums="434c92f8181fb8dca6bc065b0f1f5078779086f19adf008818c90a3108596c63465ef43e9f3c1cfb3d4151a9de244d0bf0e6ee5b40e714b1ddca4a78eb43050b tcl8.6.16-src.tar.gz cd52cbe80fd2be227c9018dbe38fa0888302293402e7a57f2e231c195b7c1902f1b58bc87d19c9d123915ca757e871abf084c0ef23b1a7f187bc03ba93904cc2 tcl-stat64.patch" diff --git a/system/texinfo/APKBUILD b/system/texinfo/APKBUILD index e32cf71d6..66d457c0f 100644 --- a/system/texinfo/APKBUILD +++ b/system/texinfo/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=texinfo -pkgver=7.0.3 +pkgver=7.2 pkgrel=0 pkgdesc="Utilities to manage on-line documentation" url="https://www.gnu.org/software/texinfo/" @@ -30,4 +30,4 @@ package() { gzip "$pkgdir"/usr/share/info/* } -sha512sums="7d14f7458f2b7d0ee0b740e00a5fc2a9d61d33811aa5905d649875ec518dcb4f01be46fb0c46748f7dfe36950597a852f1473ab0648d5add225bc8f35528a8ff texinfo-7.0.3.tar.xz" +sha512sums="8e67337ae12a552fc620c43725507a4978710ea6630e98b0f5e98eb3f79a90e191dde5225699aa6217c26f171d277461f76150f0459cd07b40c3234d2f3d89bf texinfo-7.2.tar.xz" diff --git a/system/tzdata/APKBUILD b/system/tzdata/APKBUILD index de3eb0a51..0261ba76b 100644 --- a/system/tzdata/APKBUILD +++ b/system/tzdata/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=tzdata -pkgver=2023c +pkgver=2025b pkgrel=0 pkgdesc="Time zone data" url="https://www.iana.org/time-zones" @@ -47,5 +47,5 @@ package() { rm -f "$pkgdir"/usr/share/zoneinfo/localtime } -sha512sums="fa18bae9c0e7c061bc9d5f5f2eb9967f0e4ddb2baafdee9887fa30cd0c60f4aa6f21eacffb17df0d59d26ff54d08c5dcefa98159309eba497e86443624913a82 tzcode2023c.tar.gz -608bd286ebcbd0004cfdc1da183273f08aff61f90c8867661154453d77a05d421e4c46ad6d066a1fe2e87d5c82ec0f1c0224667a3b35f3180a3eb7f6ff84cbf5 tzdata2023c.tar.gz" +sha512sums="19826b12968c10fc4db7e4b07ba782bfb8590eeebaec6f719d74b92a2e642ab817bd72bceff0015ce52a838edfdb00753b3cd87dd84b35abf2606e5bee445f76 tzcode2025b.tar.gz +7d83741f3cae81fac8131994b43c55b6da7328df18b706e5ee40e9b3212bc506e6f8fc90988b18da424ed59eff69bce593f2783b7b5f18eb483a17aeb94258d6 tzdata2025b.tar.gz" diff --git a/system/util-linux/0000-utmps-paths.patch b/system/util-linux/0000-utmps-paths.patch index 861e38ff3..709a8e208 100644 --- a/system/util-linux/0000-utmps-paths.patch +++ b/system/util-linux/0000-utmps-paths.patch @@ -18,7 +18,7 @@ diff -rNU3 util-linux-2.38.1.old/include/pathnames.h util-linux-2.38.1/include/p diff -rNU3 util-linux-2.38.1.old/login-utils/login.c util-linux-2.38.1/login-utils/login.c --- util-linux-2.38.1.old/login-utils/login.c 2022-05-11 08:13:10.903531622 +0000 +++ util-linux-2.38.1/login-utils/login.c 2023-08-30 14:57:20.930021550 +0000 -@@ -71,6 +71,9 @@ +@@ -72,6 +72,9 @@ # include <libaudit.h> #endif @@ -28,7 +28,7 @@ diff -rNU3 util-linux-2.38.1.old/login-utils/login.c util-linux-2.38.1/login-uti #include "c.h" #include "pathnames.h" #include "strutils.h" -@@ -623,7 +626,8 @@ +@@ -630,7 +633,8 @@ sizeof(ut.ut_addr_v6)); } @@ -38,7 +38,7 @@ diff -rNU3 util-linux-2.38.1.old/login-utils/login.c util-linux-2.38.1/login-uti } #ifdef HAVE_LIBAUDIT -@@ -731,7 +735,7 @@ +@@ -742,7 +746,7 @@ struct utmpx *utp = NULL; struct timeval tv = { 0 }; @@ -47,7 +47,7 @@ diff -rNU3 util-linux-2.38.1.old/login-utils/login.c util-linux-2.38.1/login-uti setutxent(); /* Find pid in utmp. -@@ -794,7 +798,8 @@ +@@ -805,7 +809,8 @@ pututxline(&ut); endutxent(); diff --git a/system/util-linux/APKBUILD b/system/util-linux/APKBUILD index b532a613b..4357a8cd3 100644 --- a/system/util-linux/APKBUILD +++ b/system/util-linux/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=util-linux -pkgver=2.38.1 +pkgver=2.41.1 case $pkgver in *.*.*) _v=${pkgver%.*};; @@ -56,6 +56,7 @@ build() { --disable-kill \ --disable-login \ --disable-chfn-chsh \ + --disable-liblastlog2 \ --without-python make } @@ -98,6 +99,6 @@ libmount() { mv "$pkgdir"/lib/libmount.so.* "$subpkgdir"/lib/ } -sha512sums="07f11147f67dfc6c8bc766dfc83266054e6ede776feada0566b447d13276b6882ee85c6fe53e8d94a17c03332106fc0549deca3cf5f2e92dda554e9bc0551957 util-linux-2.38.1.tar.xz +sha512sums="12cf37ab2d62d0378b16a40e0194ef7131ef1ad06737cca3f169cfc04b9da08a4233076c819b30705e8fb2c3b8d91a1d83aac4f036ce58b9cf5928f545e511a2 util-linux-2.41.1.tar.xz 876bb9041eca1b2cca1e9aac898f282db576f7860aba690a95c0ac629d7c5b2cdeccba504dda87ff55c2a10b67165985ce16ca41a0694a267507e1e0cafd46d9 ttydefaults.h -b1d992b58af516bd4c19dfa3f7df2680f4d0c31608fd20b5ae5eab23138df00666a8b1895d8d19d8afb66ce5f535f04a1ce81b248ae69b1f68c991d6549e6726 0000-utmps-paths.patch" +eea323f157040e7cc4a12dc98d3a2d4fe3f719307d8de164dc1673ac4b6fdd92cb0173cd3cfb2746aff3069dff7ee3fe660a350aa1ae6bc8745f5a6b11ad80ab 0000-utmps-paths.patch" diff --git a/system/utmps/APKBUILD b/system/utmps/APKBUILD index 75c22fb25..07767cc33 100644 --- a/system/utmps/APKBUILD +++ b/system/utmps/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Laurent Bercot <ska-adelie@skarnet.org> pkgname=utmps -pkgver=0.1.3.0 +pkgver=0.1.3.1 pkgrel=0 pkgdesc="A secure utmp/wtmp implementation" url="https://skarnet.org/software/utmps/" @@ -60,7 +60,7 @@ openrc() { ln -s ../../init.d/utmps "$rldir/utmps" } -sha512sums="307010371d8c7d9e56e1823c599d84f44719e6050ccf30799f08d7a6c071ca2fbc46ef236d5e2422dc1b96f8a7582ae735635302c28becd6aac3263302c385d9 utmps-0.1.3.0.tar.gz +sha512sums="9dd4ba69d771bc85298de7789140d2603a2dd8ce38cf71e21725c2cd3b5986caddac4f2bba1a72a3956af055a695af5bf486f3eb7427ffa6fcf6fb1f8e054a27 utmps-0.1.3.1.tar.gz 0ec30284c64c6ea9f25142c5f4a643bd48b137fe85781b650104f5137ffa4dfc35ca7be3e41e3acd3403ebe1d8c5378073afa4e2f3607d3d794fcd9f98ed51c4 utmpd.run 9e875a5cd37be531320a8e582afed2c980dd0a1bdfc2f6f3d826d5e5389fc6ab93f973ed1506edb23f4c73cf24a2357aefe856148eaacff86c2aafe376c575e2 wtmpd.run 503bdbb3d244243934b9b4e3deea0bf92a95f88417c822ad9cf6202584d4724d5e182a0d88d7f09069e435a8a97230b85d2b264736c85c893da193fd5ec34c71 btmpd.run diff --git a/system/xmlto/APKBUILD b/system/xmlto/APKBUILD index cbba646f5..ff9811e02 100644 --- a/system/xmlto/APKBUILD +++ b/system/xmlto/APKBUILD @@ -2,18 +2,19 @@ # Contributor: Molly Miller <adelie@m-squa.red> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=xmlto -pkgver=0.0.28 -pkgrel=3 +pkgver=0.0.29 +pkgrel=0 pkgdesc="Tool for converting XML files to various formats" url="https://pagure.io/xmlto/" arch="all" license="GPL-2.0+" depends="libxslt perl-yaml-syck perl-test-pod bash docbook-xsl" -makedepends="bash" +makedepends="autoconf automake bash" subpackages="$pkgname-doc" source="https://releases.pagure.org/xmlto/xmlto-$pkgver.tar.bz2" build() { + autoreconf -vif ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -31,4 +32,4 @@ package() { make -j1 DESTDIR="$pkgdir" install } -sha512sums="6e0c4968d4f1b7a3b132904182aa72a73f6167553eabdeb65cfafa6295ef7b960541685769d04144207963cca77b0c44db4f9fbb2796348ffcb37b3b399f18f1 xmlto-0.0.28.tar.bz2" +sha512sums="fcf76a4cbe22d09126924d3e4a735ad5e448c22aa3b553e54766ecc7579f5b0d467b52e79301e495201fdc955de411a2a26081b8089643851f3794efa8b55158 xmlto-0.0.29.tar.bz2" diff --git a/system/xz/APKBUILD b/system/xz/APKBUILD index 0b52b0f85..c60ca30be 100644 --- a/system/xz/APKBUILD +++ b/system/xz/APKBUILD @@ -1,12 +1,12 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: Dan Theisen <djt@hxx.in> pkgname=xz -pkgver=5.4.2 +pkgver=5.8.1 pkgrel=0 pkgdesc="Library and command line tools for XZ and LZMA compressed files" url="https://tukaani.org/xz/" arch="all" -license="Public-Domain AND LGPL-2.1+" +license="0BSD AND LGPL-2.1+" depends="" makedepends="" subpackages="$pkgname-doc $pkgname-dev $pkgname-lang $pkgname-libs" @@ -43,5 +43,5 @@ package() { "$pkgdir"/usr/share/licenses/$pkgname } -sha512sums="149f980338bea3d66de1ff5994b2b236ae1773135eda68b62b009df0c9dcdf5467f8cb2c06da95a71b6556d60bd3d21f475feced34d5dfdb80ee95416a2f9737 xz-5.4.2.tar.gz -54bbe1f8aae954d2550941f69a509e210d0f6bee2393494dcf445a14d14046953c125177b4cc9fa79ec55b81379dfe4ae0187f106abd2f3cc4331782a5c0b4fd dont-use-libdir-for-pkgconfig.patch" +sha512sums="151b2a47fdf00274c4fd71ceada8fb6c892bdac44070847ebf3259e602b97c95ee5ee88974e03d7aa821ab4f16d5c38e50dfb2baf660cf39c199878a666e19ad xz-5.8.1.tar.gz +e70d945e7a6f572c073312a1807f4a6384d670e61a637ed291b1ed2324d876e533902dee7f4e18e8d0fc86bd23d0703aaebc611d32839c9c6f6b016f544669ee dont-use-libdir-for-pkgconfig.patch" diff --git a/system/xz/dont-use-libdir-for-pkgconfig.patch b/system/xz/dont-use-libdir-for-pkgconfig.patch index c6b1c480c..332d1e79c 100644 --- a/system/xz/dont-use-libdir-for-pkgconfig.patch +++ b/system/xz/dont-use-libdir-for-pkgconfig.patch @@ -11,10 +11,10 @@ --- xz-5.2.4/src/liblzma/Makefile.in.old 2018-04-29 16:01:26.000000000 +0000 +++ xz-5.2.4/src/liblzma/Makefile.in 2018-07-19 02:18:33.600000000 +0000 -@@ -879,7 +879,7 @@ +@@ -883,7 +883,7 @@ - liblzma_la_LDFLAGS = -no-undefined -version-info 9:2:4 $(am__append_1) \ - $(am__append_2) $(am__append_48) + liblzma_la_LDFLAGS = -no-undefined -version-info 13:1:8 \ + $(am__append_1) $(am__append_2) $(am__append_47) -pkgconfigdir = $(libdir)/pkgconfig +pkgconfigdir = /usr/lib/pkgconfig pkgconfig_DATA = liblzma.pc diff --git a/system/zsh/APKBUILD b/system/zsh/APKBUILD index 6ae71a896..f5d0ba889 100644 --- a/system/zsh/APKBUILD +++ b/system/zsh/APKBUILD @@ -3,8 +3,8 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Dan Theisen <djt@hxx.in> pkgname=zsh -pkgver=5.8.1 -pkgrel=1 +pkgver=5.9 +pkgrel=0 pkgdesc="A very advanced and programmable command interpreter (shell)" url="https://www.zsh.org/" arch="all" @@ -14,6 +14,7 @@ makedepends_host="ncurses-dev pcre-dev utmps-dev" install="zsh.post-install zsh.post-upgrade zsh.pre-deinstall" # Note the custom fetch() function source="https://www.zsh.org/pub/$pkgname-$pkgver.tar.xz + datetime-test-fix.patch fix-deprecated-egrep.patch skel @@ -51,7 +52,7 @@ _comps="android-tools:Unix/_adb rsync:Unix/_rsync subversion:Unix/_subversion tmux:Unix/_tmux - zfs:Unix/_zfs*:Unix/_zpool" + " for _i in $_comps; do subpackages="$subpackages ${_i%%:*}-zsh-completion:_completion:noarch" done @@ -114,8 +115,8 @@ check() { rm "$builddir"/Test/B03print.ztst # Not guaranteed to work portably (requires atime) rm "$builddir"/Test/C02cond.ztst - # PPC? - rm "$builddir"/Test/V09datetime.ztst + # Breaks with musl locale: https://zsh.org/workers/50246 + rm "$builddir"/Test/E02xtrace.ztst make test } @@ -181,8 +182,9 @@ _submv() { mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/ } -sha512sums="f54a5a47ed15d134902613f6169c985680afc45a67538505e11b66b348fcb367145e9b8ae2d9eac185e07ef5f97254b85df01ba97294002a8c036fd02ed5e76d zsh-5.8.1.tar.xz -fdb5c46637c7e981c0889ea9f3acd450dcd51deab57bbce11c3778c0811a36fe16dfbe06aa997c1eaa4e5c056e99fb747d4a2c93b72b9acad8e590923bfaa4fe fix-deprecated-egrep.patch +sha512sums="d9138b7f379ad942a5f46819d2dd52d31f3a1129f2a0d1b53d4c5cd43c318b60396da6d37c57c477b8e958fb750209aca0ae93f8c9dd42ac958de006a0ff067e zsh-5.9.tar.xz +e1d0f931a7dd12343741226f81532ca402336eaed1d255b434aebbeecdc386dfc7a13e7390c74c40be88e0f5093c3aa0bca7fb5718027daaae9187b33d3f5e34 datetime-test-fix.patch +08bf4c2f14fd04f6844dc3d6d2488bd109e5ea488a5a22a263829ae52264f63a4b3978a7840b4c1e1dd0b9a63e8e7e92303769f0ce4a8d991a9d283cdd8e70c5 fix-deprecated-egrep.patch d820fcf65bb3c52f23e968110b5df1188fc0b64079312f64d22ffe35de3b4f3055d4d629b3b0f97a1bfaddf62dbc80676af31c3a1a79645632082abfc854cf97 skel 63167188e22bf8933eb420a5ba068ab897531b90c8d8b8ec892f26a9180267a971013046a72b810d5b9d3add427cf650df608b0e008cd0789681ed1371b172c3 zprofile 1675e016f97333cad89b587f4292d81b6bc10e27b75482e3e0c3808539c95bd49b907b6579fb98d817f77f2f2384c0df5afa3e2b6f43b6ae9b466925cd9ccffc zshrc" diff --git a/system/zsh/datetime-test-fix.patch b/system/zsh/datetime-test-fix.patch new file mode 100644 index 000000000..3703fb417 --- /dev/null +++ b/system/zsh/datetime-test-fix.patch @@ -0,0 +1,14 @@ +# Ref: https://bugs.gentoo.org/833981 +--- a/Test/V09datetime.ztst ++++ b/Test/V09datetime.ztst +@@ -79,8 +79,8 @@ + >1973^@03^@03 + + # We assume '%@' is not a valid format on any OSs. +-# The result can be '%@' (Linux), '@' (BSDs) or an error (Cygwin). +- [[ $(strftime '%@' 0 2> /dev/null) == (%|)@ || $? != 0 ]] ++# The result can be '%@' (Linux), '\n' (Linux with musl libc) '@', (BSDs) or an error (Cygwin). ++ [[ $(strftime '%@' 0 2> /dev/null) == (%|)@ || $? != 0 || $'\n' ]] + 0:bad format specifier + + # This test may fail at 23:59:59.xxx on New Year's Eve :/ diff --git a/system/zsh/fix-deprecated-egrep.patch b/system/zsh/fix-deprecated-egrep.patch index 58d141002..c5ec96f7b 100644 --- a/system/zsh/fix-deprecated-egrep.patch +++ b/system/zsh/fix-deprecated-egrep.patch @@ -25,7 +25,7 @@ diff -ur a/Test/D07multibyte.ztst b/Test/D07multibyte.ztst diff -ur a/Test/E01options.ztst b/Test/E01options.ztst --- a/Test/E01options.ztst 2023-04-06 03:22:25.019387496 +0000 +++ b/Test/E01options.ztst 2023-04-06 03:22:45.338578392 +0000 -@@ -649,7 +649,7 @@ +@@ -651,7 +651,7 @@ >noktarg1 >0 1 @@ -37,7 +37,7 @@ diff -ur a/Test/E01options.ztst b/Test/E01options.ztst diff -ur a/Test/V07pcre.ztst b/Test/V07pcre.ztst --- a/Test/V07pcre.ztst 2023-04-06 03:22:25.019387496 +0000 +++ b/Test/V07pcre.ztst 2023-04-06 03:24:15.802995141 +0000 -@@ -13,7 +13,7 @@ +@@ -12,7 +12,7 @@ unset -m LC_\* mb_ok= langs=(en_{US,GB}.{UTF-,utf}8 en.UTF-8 @@ -61,8 +61,8 @@ diff -ur a/Test/X02zlevi.ztst b/Test/X02zlevi.ztst diff -ur a/Test/X03zlebindkey.ztst b/Test/X03zlebindkey.ztst --- a/Test/X03zlebindkey.ztst 2023-04-06 03:22:25.015387655 +0000 +++ b/Test/X03zlebindkey.ztst 2023-04-06 03:24:02.531518995 +0000 -@@ -5,7 +5,7 @@ - %prep +@@ -6,7 +6,7 @@ + unset -m LC_\* ZSH_TEST_LANG= langs=(en_{US,GB}.{UTF-,utf}8 en.UTF-8 - $(locale -a 2>/dev/null | egrep 'utf8|UTF-8')) |