summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/abuild/APKBUILD10
-rw-r--r--system/abuild/apkpath.patch25
-rw-r--r--system/abuild/fix-apk-invocation.patch29
-rw-r--r--system/argon2/APKBUILD5
-rw-r--r--system/musl/APKBUILD6
-rw-r--r--system/musl/CVE-2020-28928.patch112
6 files changed, 123 insertions, 64 deletions
diff --git a/system/abuild/APKBUILD b/system/abuild/APKBUILD
index 53d53a818..1ec934da1 100644
--- a/system/abuild/APKBUILD
+++ b/system/abuild/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=abuild
-pkgver=3.4.1
-pkgrel=2
+pkgver=3.4.2
+pkgrel=0
pkgdesc="Script to build APK packages"
url="https://code.foxkit.us/adelie/abuild"
arch="all"
@@ -19,8 +19,6 @@ makedepends="$makedepends_host $makedepends_build"
subpackages="abuild-rootbld:_rootbld:noarch $pkgname-doc"
install="$pkgname.pre-install $pkgname.pre-upgrade"
source="https://distfiles.adelielinux.org/source/abuild-$pkgver.tar.xz
- apkpath.patch
- fix-apk-invocation.patch
keyhole.patch
"
@@ -55,7 +53,5 @@ _rootbld() {
mkdir -p "$subpkgdir"
}
-sha512sums="6446171cc68d8341b5267816e7a05e0dc7b8a4e89c8c8410ae61e9501b163cc32db888476b14f032c16ef15bdd4dd4844e087394c2d061db8281f7bdfb34d450 abuild-3.4.1.tar.xz
-bc373c93344d498a48675256bb26cf9bebac74f54d8e53a09c0975e3047c481ee35c6b88e5de392efd2d0ce2a8de23ebbf0822e1a093ee01ea99349f238c62f7 apkpath.patch
-4ae8a0d7efb94e8390250c2c43294ba40afcf27409257cccffb9315f00e887972e29573ddbfb830a82eab473c6d292fe7a1bf30fb9761b6fa24b8fe8c0940c79 fix-apk-invocation.patch
+sha512sums="9bdeb31f54879878697b4a5436ec2bc7764e1b9840798e913ba3dd47c344437e362a3067b89440ca8a7940af1efcaa83a24e7c1077187f924bf73fb058f97fbf abuild-3.4.2.tar.xz
757d750d4b5c88bf00774b64f2b93a9461e03f284d9423dc58c581e1309f276628de3114fcb510afd7c3cd55ceb721c1278e42756977c97ebe2597207805318d keyhole.patch"
diff --git a/system/abuild/apkpath.patch b/system/abuild/apkpath.patch
deleted file mode 100644
index 4390fe0b0..000000000
--- a/system/abuild/apkpath.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From d9811dee71cfafde1fe6d596a2b9922b60dd0c4f Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Fri, 21 Feb 2020 19:28:36 -0600
-Subject: [PATCH] abuild: Solve, once and for all, 'apk: not found'
-
----
- abuild.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/abuild.in b/abuild.in
-index 1b8898b..2212789 100644
---- a/abuild.in
-+++ b/abuild.in
-@@ -23,7 +23,7 @@ fi
- # defaults
- : ${FAKEROOT:="fakeroot"}
- : ${SUDO_APK:="abuild-apk"}
--: ${APK:="apk"}
-+: ${APK:="/sbin/apk"}
- : ${ADDUSER:="abuild-adduser"}
- : ${ADDGROUP:="abuild-addgroup"}
-
---
-2.25.0
-
diff --git a/system/abuild/fix-apk-invocation.patch b/system/abuild/fix-apk-invocation.patch
deleted file mode 100644
index 71bc3d1c9..000000000
--- a/system/abuild/fix-apk-invocation.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9f703d3222a6a8d52ac560035fb1a988d2f9bff7 Mon Sep 17 00:00:00 2001
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Thu, 27 Feb 2020 04:41:04 -0600
-Subject: [PATCH] abuild: Use $APK instead of apk
-
-This is the only appearance of `apk` in the source. Appears accidental.
-
-Fixes: 41343329 ("abuild: fix dependency tracing for cross builds")
-Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
----
- abuild.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/abuild.in b/abuild.in
-index 2212789..7daa366 100644
---- a/abuild.in
-+++ b/abuild.in
-@@ -1255,7 +1255,7 @@ trace_apk_deps() {
- autodeps="$autodeps pc:$pcprefix$i"
- elif subpkg_provides_pc "$i" \
- || $APK $apkroot info --quiet --installed "pc:$i"; then
-- local provider="$(apk $apkroot search --quiet "pc:$i")"
-+ local provider="$($APK $apkroot search --quiet "pc:$i")"
- if list_has "$provider" $depends_dev; then
- warning "$provider should be removed from depends_dev"
- fi
---
-2.25.1
-
diff --git a/system/argon2/APKBUILD b/system/argon2/APKBUILD
index 42d459e1f..c7a1bd6c2 100644
--- a/system/argon2/APKBUILD
+++ b/system/argon2/APKBUILD
@@ -4,7 +4,7 @@
pkgname=argon2
_pkgname=phc-winner-argon2
pkgver=20190702
-pkgrel=0
+pkgrel=1
pkgdesc="Password hashing library"
url="https://github.com/P-H-C/phc-winner-argon2"
arch="all"
@@ -30,7 +30,8 @@ package() {
sed -i 's#libdir=${prefix}/lib#libdir=/lib#' "$builddir"/libargon2.pc
make OPTTARGET=none DESTDIR="$pkgdir" LIBRARY_REL=lib install
# ...but cryptsetup needs this in /lib for early-boot
- mv "$pkgdir"/usr/lib "$pkgdir"/
+ mkdir "$pkgdir"/lib
+ mv "$pkgdir"/usr/lib/lib* "$pkgdir"/lib
}
sha512sums="0a4cb89e8e63399f7df069e2862ccd05308b7652bf4ab74372842f66bcc60776399e0eaf979a7b7e31436b5e6913fe5b0a6949549d8c82ebd06e0629b106e85f argon2-20190702.tar.gz"
diff --git a/system/musl/APKBUILD b/system/musl/APKBUILD
index 8517b148b..735541e51 100644
--- a/system/musl/APKBUILD
+++ b/system/musl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=musl
pkgver=1.2.0
-pkgrel=1
+pkgrel=2
pkgdesc="System library (libc) implementation"
url="https://www.musl-libc.org/"
arch="all"
@@ -27,6 +27,7 @@ source="https://musl.libc.org/releases/$pkgname-$pkgver.tar.gz
handle-aux-at_base.patch
fgetspent_r.patch
threads_minus_1.patch
+ CVE-2020-28928.patch
ldconfig
getent.c
@@ -38,6 +39,8 @@ source="https://musl.libc.org/releases/$pkgname-$pkgver.tar.gz
# - CVE-2016-8859
# 1.1.23-r2:
# - CVE-2019-14697
+# 1.2.0-r2:
+# - CVE-2020-28928
build() {
[ "$BOOTSTRAP" = "nocc" ] && return 0
@@ -123,6 +126,7 @@ f01ab92b9d385c15369c0bb7d95e1bc06a009c8851e363517d0ba1bae3fc2647af69fc2f363b5d96
6a7ff16d95b5d1be77e0a0fbb245491817db192176496a57b22ab037637d97a185ea0b0d19da687da66c2a2f5578e4343d230f399d49fe377d8f008410974238 handle-aux-at_base.patch
ded41235148930f8cf781538f7d63ecb0c65ea4e8ce792565f3649ee2523592a76b2a166785f0b145fc79f5852fd1fb1729a7a09110b3b8f85cba3912e790807 fgetspent_r.patch
68830961e297d9a499f3b609be84848ad5d3326a1af56e9e54a40ecd972c48da11532c51da572d45e0df3574d63191e7ae0d3a1b84a029365f8d00691de96952 threads_minus_1.patch
+343ac5e5365cf98a5d5b7bc192c671733fdba27f06b83484f1ac7647154228745415f62dd676029de538460f8b35e0a70ca453a0f8b73226ed1c420099b1cf90 CVE-2020-28928.patch
cb71d29a87f334c75ecbc911becde7be825ab30d8f39fa6d64cb53812a7c9abaf91d9804c72540e5be3ddd3c84cfe7fd9632274309005cb8bcdf9a9b09b4b923 ldconfig
378d70e65bcc65bb4e1415354cecfa54b0c1146dfb24474b69e418cdbf7ad730472cd09f6f103e1c99ba6c324c9560bccdf287f5889bbc3ef0bdf0e08da47413 getent.c
9d42d66fb1facce2b85dad919be5be819ee290bd26ca2db00982b2f8e055a0196290a008711cbe2b18ec9eee8d2270e3b3a4692c5a1b807013baa5c2b70a2bbf iconv.c"
diff --git a/system/musl/CVE-2020-28928.patch b/system/musl/CVE-2020-28928.patch
new file mode 100644
index 000000000..cc668e149
--- /dev/null
+++ b/system/musl/CVE-2020-28928.patch
@@ -0,0 +1,112 @@
+From 3ab2a4e02682df1382955071919d8aa3c3ec40d4 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Thu, 19 Nov 2020 17:12:43 -0500
+Subject: [PATCH] rewrite wcsnrtombs to fix buffer overflow and other bugs
+
+the original wcsnrtombs implementation, which has been largely
+untouched since 0.5.0, attempted to build input-length-limiting
+conversion on top of wcsrtombs, which only limits output length. as
+best I recall, this choice was made out of a mix of disdain over
+having yet another variant function to implement (added in POSIX 2008;
+not standard C) and preference not to switch things around and
+implement the wcsrtombs in terms of the more general new function,
+probably over namespace issues. the strategy employed was to impose
+output limits that would ensure the input limit wasn't exceeded, then
+finish up the tail character-at-a-time. unfortunately, none of that
+worked correctly.
+
+first, the logic in the wcsrtombs loop was wrong in that it could
+easily get stuck making no forward progress, by imposing an output
+limit too small to convert even one character.
+
+the character-at-a-time loop that followed was even worse. it made no
+effort to ensure that the converted multibyte character would fit in
+the remaining output space, only that there was a nonzero amount of
+output space remaining. it also employed an incorrect interpretation
+of wcrtomb's interface contract for converting the null character,
+thereby failing to act on end of input, and remaining space accounting
+was subject to unsigned wrap-around. together these errors allow
+unbounded overflow of the destination buffer, controlled by input
+length limit and input wchar_t string contents.
+
+given the extent to which this function was broken, it's plausible
+that most applications that would have been rendered exploitable were
+sufficiently broken not to be usable in the first place. however, it's
+also plausible that common (especially ASCII-only) inputs succeeded in
+the wcsrtombs loop, which mostly worked, while leaving the wildly
+erroneous code in the second loop exposed to particular non-ASCII
+inputs.
+
+CVE-2020-28928 has been assigned for this issue.
+---
+ src/multibyte/wcsnrtombs.c | 46 ++++++++++++++++----------------------
+ 1 file changed, 19 insertions(+), 27 deletions(-)
+
+diff --git a/src/multibyte/wcsnrtombs.c b/src/multibyte/wcsnrtombs.c
+index 676932b5..95e25e70 100644
+--- a/src/multibyte/wcsnrtombs.c
++++ b/src/multibyte/wcsnrtombs.c
+@@ -1,41 +1,33 @@
+ #include <wchar.h>
++#include <limits.h>
++#include <string.h>
+
+ size_t wcsnrtombs(char *restrict dst, const wchar_t **restrict wcs, size_t wn, size_t n, mbstate_t *restrict st)
+ {
+- size_t l, cnt=0, n2;
+- char *s, buf[256];
+ const wchar_t *ws = *wcs;
+- const wchar_t *tmp_ws;
+-
+- if (!dst) s = buf, n = sizeof buf;
+- else s = dst;
+-
+- while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
+- if (n2>=n) n2=n;
+- tmp_ws = ws;
+- l = wcsrtombs(s, &ws, n2, 0);
+- if (!(l+1)) {
+- cnt = l;
+- n = 0;
++ size_t cnt = 0;
++ if (!dst) n=0;
++ while (ws && wn) {
++ char tmp[MB_LEN_MAX];
++ size_t l = wcrtomb(n<MB_LEN_MAX ? tmp : dst, *ws, 0);
++ if (l==-1) {
++ cnt = -1;
+ break;
+ }
+- if (s != buf) {
+- s += l;
++ if (dst) {
++ if (n<MB_LEN_MAX) {
++ if (l>n) break;
++ memcpy(dst, tmp, l);
++ }
++ dst += l;
+ n -= l;
+ }
+- wn = ws ? wn - (ws - tmp_ws) : 0;
+- cnt += l;
+- }
+- if (ws) while (n && wn) {
+- l = wcrtomb(s, *ws, 0);
+- if ((l+1)<=1) {
+- if (!l) ws = 0;
+- else cnt = l;
++ if (!*ws) {
++ ws = 0;
+ break;
+ }
+- ws++; wn--;
+- /* safe - this loop runs fewer than sizeof(buf) times */
+- s+=l; n-=l;
++ ws++;
++ wn--;
+ cnt += l;
+ }
+ if (dst) *wcs = ws;
+--
+2.25.4
+