summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/binutils/APKBUILD6
-rw-r--r--system/binutils/CVE-2019-14444.patch28
-rw-r--r--system/e2fsprogs/APKBUILD10
-rw-r--r--system/e2fsprogs/CVE-2019-5094.patch211
-rw-r--r--system/execline/APKBUILD6
-rw-r--r--system/python3/APKBUILD8
-rw-r--r--system/python3/CVE-2019-16056.patch131
-rw-r--r--system/s6-linux-init/APKBUILD13
-rw-r--r--system/s6-linux-init/reboot.sh2
-rw-r--r--system/s6/APKBUILD8
-rw-r--r--system/skalibs/APKBUILD11
-rw-r--r--system/skalibs/env_dump-unterminated-strings.patch26
-rw-r--r--system/utmps/APKBUILD8
13 files changed, 411 insertions, 57 deletions
diff --git a/system/binutils/APKBUILD b/system/binutils/APKBUILD
index 33e6579c0..8304e5c7d 100644
--- a/system/binutils/APKBUILD
+++ b/system/binutils/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Adelie Platform Group <adelie-devel@lists.adelielinux.org>
pkgname=binutils
pkgver=2.32
-pkgrel=2
+pkgrel=3
pkgdesc="Tools necessary to build programs"
url="https://www.gnu.org/software/binutils/"
depends=""
@@ -30,6 +30,7 @@ source="https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
CVE-2019-9077.patch
CVE-2019-12972.patch
CVE-2019-14250.patch
+ CVE-2019-14444.patch
BTS-170.patch
BTS-196.patch
"
@@ -59,6 +60,8 @@ fi
# - CVE-2019-9077
# - CVE-2019-12972
# - CVE-2019-14250
+# 2.32-r3:
+# - CVE-2019-14444
build() {
local _sysroot=/
@@ -152,5 +155,6 @@ a46b9211608e2f35219b95363a5ba90506742dcb9e4bd4a43915af6c0b3e74bd8339a8318dc2923c
c0f50f1a843480f29b3895c8814df9801b9f90260edbaff1831aa5738fedd07a9e6b7a79f5b6f9be34df4954dbf02feb5232ebbecc596277fc2fe63673ed347c CVE-2019-9077.patch
9109a6ff9c55f310f86a1561fe6b404534928d402672490059bbe358f77c0c2a7f73c8b67f0a4450f00ba1776452858b63fa60cf2ec0744104a6b077e8fa3e42 CVE-2019-12972.patch
c277202272d9883741c2530a94c6d50d55dd9d0a9efaa43a1f8c9fc7529bd45e635255c0d90035dfc5920d5387010a4259612a4d711260a95d7b3d9fa6500e4f CVE-2019-14250.patch
+0942cc1a4c5ec03e931c6ebd15c5d60eae6be48cd0a3d9b7f6356f97361226bb6d53dbdcb01b20efcca0ccaf23764730d9bbad2c1bbe2ea6ca320e43b43b311b CVE-2019-14444.patch
d4543d2f77808d317d17a5f0eb9af21540ef8543fceaed4e3524213e31e058333321f3ba3b495199e3b57bfd0c4164929cf679369470389e26871b8895cb0110 BTS-170.patch
9cc17d9fe3fc1351d1f6b4fc1c916254529f3304c95db6f4698b867eeb623210b914dc798fb837eafbad2b287b78b31c4ed5482b3151a2992864da04e1dd5fac BTS-196.patch"
diff --git a/system/binutils/CVE-2019-14444.patch b/system/binutils/CVE-2019-14444.patch
new file mode 100644
index 000000000..43d4e2a91
--- /dev/null
+++ b/system/binutils/CVE-2019-14444.patch
@@ -0,0 +1,28 @@
+From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Aug 2019 10:40:35 +0100
+Subject: [PATCH] Catch potential integer overflow in readelf when processing
+ corrupt binaries.
+
+ PR 24829
+ * readelf.c (apply_relocations): Catch potential integer overflow
+ whilst checking reloc location against section size.
+---
+ binutils/readelf.c | 2 +-
+
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index b896ad9..e785fde 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
+ }
+
+ rloc = start + rp->r_offset;
+- if ((rloc + reloc_size) > end || (rloc < start))
++ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
+ {
+ warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
+ (unsigned long) rp->r_offset,
+--
+2.9.3
+
diff --git a/system/e2fsprogs/APKBUILD b/system/e2fsprogs/APKBUILD
index 30d291ec0..ba7869fe8 100644
--- a/system/e2fsprogs/APKBUILD
+++ b/system/e2fsprogs/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=e2fsprogs
pkgver=1.45.3
-pkgrel=0
+pkgrel=1
pkgdesc="Standard ext2/3/4 filesystem utilities"
url="http://e2fsprogs.sourceforge.net"
arch="all"
@@ -13,8 +13,13 @@ makedepends="$depends_dev linux-headers"
subpackages="$pkgname-lang $pkgname-dev $pkgname-doc libcom_err $pkgname-libs"
source="https://www.kernel.org/pub/linux/kernel/people/tytso/$pkgname/v$pkgver/$pkgname-$pkgver.tar.xz
header-fix.patch
+ CVE-2019-5094.patch
"
+# secfixes:
+# 1.45.3-r1:
+# - CVE-2019-5094
+
build () {
./configure \
--build=$CBUILD \
@@ -55,4 +60,5 @@ libcom_err() {
}
sha512sums="9f898d353af48a1d357cb01f64187b6dfef671bb2e0450438530fe4fa9454fccc6b755c9469d81e702e6d85a4defd02ae0a493897a4b3284cb112e8444c9bf52 e2fsprogs-1.45.3.tar.xz
-34ca45c64a132bb4b507cd4ffb763c6d1b7979eccfed20f63417e514871b47639d32f2a3ecff090713c21a0f02ac503d5093960c80401d64081c592d01af279d header-fix.patch"
+34ca45c64a132bb4b507cd4ffb763c6d1b7979eccfed20f63417e514871b47639d32f2a3ecff090713c21a0f02ac503d5093960c80401d64081c592d01af279d header-fix.patch
+f82cf01938eb150446a7014ba48d51578ace42aecd427e225a3640033a4d8f2ec5a29dd02a3c0dfa45d2140cb2187303397c2d0124a2f987304c25182cc9578a CVE-2019-5094.patch"
diff --git a/system/e2fsprogs/CVE-2019-5094.patch b/system/e2fsprogs/CVE-2019-5094.patch
new file mode 100644
index 000000000..21baf660a
--- /dev/null
+++ b/system/e2fsprogs/CVE-2019-5094.patch
@@ -0,0 +1,211 @@
+From 8dbe7b475ec5e91ed767239f0e85880f416fc384 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Sun, 1 Sep 2019 00:59:16 -0400
+Subject: libsupport: add checks to prevent buffer overrun bugs in quota code
+
+A maliciously corrupted file systems can trigger buffer overruns in
+the quota code used by e2fsck. To fix this, add sanity checks to the
+quota header fields as well as to block number references in the quota
+tree.
+
+Addresses: CVE-2019-5094
+Addresses: TALOS-2019-0887
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+---
+ lib/support/mkquota.c | 1 +
+ lib/support/quotaio_tree.c | 71 ++++++++++++++++++++++++++++++----------------
+ lib/support/quotaio_v2.c | 28 ++++++++++++++++++
+ 3 files changed, 76 insertions(+), 24 deletions(-)
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index 0b9e7665..ddb53124 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -671,6 +671,7 @@ errcode_t quota_compare_and_update(quota_ctx_t qctx, enum quota_type qtype,
+ err = qh.qh_ops->scan_dquots(&qh, scan_dquots_callback, &scan_data);
+ if (err) {
+ log_debug("Error scanning dquots");
++ *usage_inconsistent = 1;
+ goto out_close_qh;
+ }
+
+diff --git a/lib/support/quotaio_tree.c b/lib/support/quotaio_tree.c
+index a7c2028c..6cc4fb5b 100644
+--- a/lib/support/quotaio_tree.c
++++ b/lib/support/quotaio_tree.c
+@@ -540,6 +540,17 @@ struct dquot *qtree_read_dquot(struct quota_handle *h, qid_t id)
+ return dquot;
+ }
+
++static int check_reference(struct quota_handle *h, unsigned int blk)
++{
++ if (blk >= h->qh_info.u.v2_mdqi.dqi_qtree.dqi_blocks) {
++ log_err("Illegal reference (%u >= %u) in %s quota file",
++ blk, h->qh_info.u.v2_mdqi.dqi_qtree.dqi_blocks,
++ quota_type2name(h->qh_type));
++ return -1;
++ }
++ return 0;
++}
++
+ /*
+ * Scan all dquots in file and call callback on each
+ */
+@@ -558,7 +569,7 @@ static int report_block(struct dquot *dquot, unsigned int blk, char *bitmap,
+ int entries, i;
+
+ if (!buf)
+- return 0;
++ return -1;
+
+ set_bit(bitmap, blk);
+ read_blk(dquot->dq_h, blk, buf);
+@@ -580,23 +591,12 @@ static int report_block(struct dquot *dquot, unsigned int blk, char *bitmap,
+ return entries;
+ }
+
+-static void check_reference(struct quota_handle *h, unsigned int blk)
+-{
+- if (blk >= h->qh_info.u.v2_mdqi.dqi_qtree.dqi_blocks)
+- log_err("Illegal reference (%u >= %u) in %s quota file. "
+- "Quota file is probably corrupted.\n"
+- "Please run e2fsck (8) to fix it.",
+- blk,
+- h->qh_info.u.v2_mdqi.dqi_qtree.dqi_blocks,
+- quota_type2name(h->qh_type));
+-}
+-
+ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
+ char *bitmap,
+ int (*process_dquot) (struct dquot *, void *),
+ void *data)
+ {
+- int entries = 0, i;
++ int entries = 0, ret, i;
+ dqbuf_t buf = getdqbuf();
+ __le32 *ref = (__le32 *) buf;
+
+@@ -607,22 +607,40 @@ static int report_tree(struct dquot *dquot, unsigned int blk, int depth,
+ if (depth == QT_TREEDEPTH - 1) {
+ for (i = 0; i < QT_BLKSIZE >> 2; i++) {
+ blk = ext2fs_le32_to_cpu(ref[i]);
+- check_reference(dquot->dq_h, blk);
+- if (blk && !get_bit(bitmap, blk))
+- entries += report_block(dquot, blk, bitmap,
+- process_dquot, data);
++ if (check_reference(dquot->dq_h, blk)) {
++ entries = -1;
++ goto errout;
++ }
++ if (blk && !get_bit(bitmap, blk)) {
++ ret = report_block(dquot, blk, bitmap,
++ process_dquot, data);
++ if (ret < 0) {
++ entries = ret;
++ goto errout;
++ }
++ entries += ret;
++ }
+ }
+ } else {
+ for (i = 0; i < QT_BLKSIZE >> 2; i++) {
+ blk = ext2fs_le32_to_cpu(ref[i]);
+ if (blk) {
+- check_reference(dquot->dq_h, blk);
+- entries += report_tree(dquot, blk, depth + 1,
+- bitmap, process_dquot,
+- data);
++ if (check_reference(dquot->dq_h, blk)) {
++ entries = -1;
++ goto errout;
++ }
++ ret = report_tree(dquot, blk, depth + 1,
++ bitmap, process_dquot,
++ data);
++ if (ret < 0) {
++ entries = ret;
++ goto errout;
++ }
++ entries += ret;
+ }
+ }
+ }
++errout:
+ freedqbuf(buf);
+ return entries;
+ }
+@@ -642,6 +660,7 @@ int qtree_scan_dquots(struct quota_handle *h,
+ int (*process_dquot) (struct dquot *, void *),
+ void *data)
+ {
++ int ret;
+ char *bitmap;
+ struct v2_mem_dqinfo *v2info = &h->qh_info.u.v2_mdqi;
+ struct qtree_mem_dqinfo *info = &v2info->dqi_qtree;
+@@ -655,10 +674,14 @@ int qtree_scan_dquots(struct quota_handle *h,
+ ext2fs_free_mem(&dquot);
+ return -1;
+ }
+- v2info->dqi_used_entries = report_tree(dquot, QT_TREEOFF, 0, bitmap,
+- process_dquot, data);
++ ret = report_tree(dquot, QT_TREEOFF, 0, bitmap, process_dquot, data);
++ if (ret < 0)
++ goto errout;
++ v2info->dqi_used_entries = ret;
+ v2info->dqi_data_blocks = find_set_bits(bitmap, info->dqi_blocks);
++ ret = 0;
++errout:
+ ext2fs_free_mem(&bitmap);
+ ext2fs_free_mem(&dquot);
+- return 0;
++ return ret;
+ }
+diff --git a/lib/support/quotaio_v2.c b/lib/support/quotaio_v2.c
+index 38be2a34..73906676 100644
+--- a/lib/support/quotaio_v2.c
++++ b/lib/support/quotaio_v2.c
+@@ -175,6 +175,8 @@ static int v2_check_file(struct quota_handle *h, int type, int fmt)
+ static int v2_init_io(struct quota_handle *h)
+ {
+ struct v2_disk_dqinfo ddqinfo;
++ struct v2_mem_dqinfo *info;
++ __u64 filesize;
+
+ h->qh_info.u.v2_mdqi.dqi_qtree.dqi_entry_size =
+ sizeof(struct v2r1_disk_dqblk);
+@@ -185,6 +187,32 @@ static int v2_init_io(struct quota_handle *h)
+ sizeof(ddqinfo)) != sizeof(ddqinfo))
+ return -1;
+ v2_disk2memdqinfo(&h->qh_info, &ddqinfo);
++
++ /* Check to make sure quota file info is sane */
++ info = &h->qh_info.u.v2_mdqi;
++ if (ext2fs_file_get_lsize(h->qh_qf.e2_file, &filesize))
++ return -1;
++ if ((filesize > (1U << 31)) ||
++ (info->dqi_qtree.dqi_blocks >
++ (filesize + QT_BLKSIZE - 1) >> QT_BLKSIZE_BITS)) {
++ log_err("Quota inode %u corrupted: file size %llu; "
++ "dqi_blocks %u", h->qh_qf.ino,
++ filesize, info->dqi_qtree.dqi_blocks);
++ return -1;
++ }
++ if (info->dqi_qtree.dqi_free_blk >= info->dqi_qtree.dqi_blocks) {
++ log_err("Quota inode %u corrupted: free_blk %u; dqi_blocks %u",
++ h->qh_qf.ino, info->dqi_qtree.dqi_free_blk,
++ info->dqi_qtree.dqi_blocks);
++ return -1;
++ }
++ if (info->dqi_qtree.dqi_free_entry >= info->dqi_qtree.dqi_blocks) {
++ log_err("Quota inode %u corrupted: free_entry %u; "
++ "dqi_blocks %u", h->qh_qf.ino,
++ info->dqi_qtree.dqi_free_entry,
++ info->dqi_qtree.dqi_blocks);
++ return -1;
++ }
+ return 0;
+ }
+
+--
+cgit 1.2-0.3.lf.el7
+
diff --git a/system/execline/APKBUILD b/system/execline/APKBUILD
index 79fca7177..361f03dbf 100644
--- a/system/execline/APKBUILD
+++ b/system/execline/APKBUILD
@@ -1,14 +1,14 @@
# Contributor: Laurent Bercot <ska-adelie@skarnet.org>
# Maintainer: Laurent Bercot <ska-adelie@skarnet.org>
pkgname=execline
-pkgver=2.5.1.0
+pkgver=2.5.2.0
pkgrel=0
pkgdesc="A small scripting language for non-interactive scripts"
url="https://skarnet.org/software/$pkgname/"
arch="all"
options="!check" # No test suite.
license="ISC"
-_skalibs_version=2.8
+_skalibs_version=2.9.0.0
makedepends="skalibs-dev>=$_skalibs_version"
subpackages="$pkgname-libs $pkgname-dev $pkgname-libs-dev:libsdev $pkgname-doc"
source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz"
@@ -63,4 +63,4 @@ doc() {
cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname"
}
-sha512sums="461a91d0e790e96233179c89c783bb29d89592def451643265c97259db83056556cd5f231d668e8c460396c35a8792f56b30193171e85488e60e3cb4feb7379c execline-2.5.1.0.tar.gz"
+sha512sums="cc9fc1ee4879112eb53fd72ef75e98f4d6705ee05d679c5fc62706bc453965a8982ffceb26dfe7ce8c4a06be549ba18482fea81defee01091fa131ec2013a0b6 execline-2.5.2.0.tar.gz"
diff --git a/system/python3/APKBUILD b/system/python3/APKBUILD
index 250f259b6..4fefa4e22 100644
--- a/system/python3/APKBUILD
+++ b/system/python3/APKBUILD
@@ -3,7 +3,7 @@
pkgname=python3
pkgver=3.6.9
_basever="${pkgver%.*}"
-pkgrel=0
+pkgrel=1
pkgdesc="A high-level scripting language"
url="https://www.python.org"
arch="all"
@@ -40,6 +40,7 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev xz-dev
source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz
musl-find_library.patch
fix-xattrs-glibc.patch
+ CVE-2019-16056.patch
"
builddir="$srcdir/Python-$pkgver"
@@ -57,6 +58,8 @@ builddir="$srcdir/Python-$pkgver"
# - CVE-2018-20852
# - CVE-2019-5010
# - CVE-2019-9948
+# 3.6.9-r1:
+# - CVE-2019-16056
prepare() {
default_prepare
@@ -184,4 +187,5 @@ wininst() {
sha512sums="05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819 Python-3.6.9.tar.xz
ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch
-37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch"
+37b6ee5d0d5de43799316aa111423ba5a666c17dc7f81b04c330f59c1d1565540eac4c585abe2199bbed52ebe7426001edb1c53bd0a17486a2a8e052d0f494ad fix-xattrs-glibc.patch
+1f1eb61355eb7832bef8e9c3915895cc3b2966a30c809371430b4416260452cd39c48ba593b2259574867bd1e8fea98efbc45c4b0bd95aeb0690c8514b380ea0 CVE-2019-16056.patch"
diff --git a/system/python3/CVE-2019-16056.patch b/system/python3/CVE-2019-16056.patch
new file mode 100644
index 000000000..b2f5ce826
--- /dev/null
+++ b/system/python3/CVE-2019-16056.patch
@@ -0,0 +1,131 @@
+From 13a19139b5e76175bc95294d54afc9425e4f36c9 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Fri, 9 Aug 2019 08:22:19 -0700
+Subject: [PATCH] bpo-34155: Dont parse domains containing @ (GH-13079)
+ (GH-14826)
+
+Before:
+
+ >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
+ (Address(display_name='', username='a', domain='malicious.org'),)
+
+ >>> parseaddr('a@malicious.org@important.com')
+ ('', 'a@malicious.org')
+
+ After:
+
+ >>> email.message_from_string('From: a@malicious.org@important.com', policy=email.policy.default)['from'].addresses
+ (Address(display_name='', username='', domain=''),)
+
+ >>> parseaddr('a@malicious.org@important.com')
+ ('', 'a@')
+
+https://bugs.python.org/issue34155
+(cherry picked from commit 8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9)
+
+Co-authored-by: jpic <jpic@users.noreply.github.com>
+---
+ Lib/email/_header_value_parser.py | 2 ++
+ Lib/email/_parseaddr.py | 11 ++++++++++-
+ Lib/test/test_email/test__header_value_parser.py | 10 ++++++++++
+ Lib/test/test_email/test_email.py | 14 ++++++++++++++
+ .../2019-05-04-13-33-37.bpo-34155.MJll68.rst | 1 +
+ 5 files changed, 37 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+
+diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
+index 737951e4b1b1..bc9c9b6241d4 100644
+--- a/Lib/email/_header_value_parser.py
++++ b/Lib/email/_header_value_parser.py
+@@ -1561,6 +1561,8 @@ def get_domain(value):
+ token, value = get_dot_atom(value)
+ except errors.HeaderParseError:
+ token, value = get_atom(value)
++ if value and value[0] == '@':
++ raise errors.HeaderParseError('Invalid Domain')
+ if leader is not None:
+ token[:0] = [leader]
+ domain.append(token)
+diff --git a/Lib/email/_parseaddr.py b/Lib/email/_parseaddr.py
+index cdfa3729adc7..41ff6f8c000d 100644
+--- a/Lib/email/_parseaddr.py
++++ b/Lib/email/_parseaddr.py
+@@ -379,7 +379,12 @@ def getaddrspec(self):
+ aslist.append('@')
+ self.pos += 1
+ self.gotonext()
+- return EMPTYSTRING.join(aslist) + self.getdomain()
++ domain = self.getdomain()
++ if not domain:
++ # Invalid domain, return an empty address instead of returning a
++ # local part to denote failed parsing.
++ return EMPTYSTRING
++ return EMPTYSTRING.join(aslist) + domain
+
+ def getdomain(self):
+ """Get the complete domain name from an address."""
+@@ -394,6 +399,10 @@ def getdomain(self):
+ elif self.field[self.pos] == '.':
+ self.pos += 1
+ sdlist.append('.')
++ elif self.field[self.pos] == '@':
++ # bpo-34155: Don't parse domains with two `@` like
++ # `a@malicious.org@important.com`.
++ return EMPTYSTRING
+ elif self.field[self.pos] in self.atomends:
+ break
+ else:
+diff --git a/Lib/test/test_email/test__header_value_parser.py b/Lib/test/test_email/test__header_value_parser.py
+index a2c900fa7fd2..02ef3e1006c6 100644
+--- a/Lib/test/test_email/test__header_value_parser.py
++++ b/Lib/test/test_email/test__header_value_parser.py
+@@ -1418,6 +1418,16 @@ def test_get_addr_spec_dot_atom(self):
+ self.assertEqual(addr_spec.domain, 'example.com')
+ self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')
+
++ def test_get_addr_spec_multiple_domains(self):
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@a.star@example.com')
++
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@a@example.com')
++
++ with self.assertRaises(errors.HeaderParseError):
++ parser.get_addr_spec('star@172.17.0.1@example.com')
++
+ # get_obs_route
+
+ def test_get_obs_route_simple(self):
+diff --git a/Lib/test/test_email/test_email.py b/Lib/test/test_email/test_email.py
+index f97ccc6711cc..68d052279987 100644
+--- a/Lib/test/test_email/test_email.py
++++ b/Lib/test/test_email/test_email.py
+@@ -3035,6 +3035,20 @@ def test_parseaddr_empty(self):
+ self.assertEqual(utils.parseaddr('<>'), ('', ''))
+ self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')
+
++ def test_parseaddr_multiple_domains(self):
++ self.assertEqual(
++ utils.parseaddr('a@b@c'),
++ ('', '')
++ )
++ self.assertEqual(
++ utils.parseaddr('a@b.c@c'),
++ ('', '')
++ )
++ self.assertEqual(
++ utils.parseaddr('a@172.17.0.1@c'),
++ ('', '')
++ )
++
+ def test_noquote_dump(self):
+ self.assertEqual(
+ utils.formataddr(('A Silly Person', 'person@dom.ain')),
+diff --git a/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+new file mode 100644
+index 000000000000..50292e29ed1d
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2019-05-04-13-33-37.bpo-34155.MJll68.rst
+@@ -0,0 +1 @@
++Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.
diff --git a/system/s6-linux-init/APKBUILD b/system/s6-linux-init/APKBUILD
index a52c329d5..7dff13d2e 100644
--- a/system/s6-linux-init/APKBUILD
+++ b/system/s6-linux-init/APKBUILD
@@ -1,14 +1,14 @@
# Contributor: Laurent Bercot <ska-adelie@skarnet.org>
# Maintainer: Laurent Bercot <ska-adelie@skarnet.org>
pkgname=s6-linux-init
-pkgver=1.0.2.1
-pkgrel=1
+pkgver=1.0.3.0
+pkgrel=0
pkgdesc="A s6-based init system"
url="https://skarnet.org/software/$pkgname/"
arch="all"
options="!check" # No test suite.
license="ISC"
-_skalibs_version=2.8.1.0
+_skalibs_version=2.9.0.0
depends="execline s6 s6-linux-init-common"
makedepends="skalibs-dev>=$_skalibs_version execline-dev s6-dev utmps-dev"
subpackages="$pkgname-common:common:noarch $pkgname-early-getty:earlygetty:noarch $pkgname-libs $pkgname-dev $pkgname-libs-dev:libsdev $pkgname-doc"
@@ -55,8 +55,7 @@ package() {
-f "$pkgdir/etc/s6-linux-init/skel" \
-U "" \
"$pkgdir/etc/s6-linux-init/current"
- mkdir -p -m 0755 "$pkgdir/sbin" "$pkgdir/etc/runlevels/empty" "$pkgdir/etc/sysctl.d"
- echo 'kernel.ctrl-alt-del = 0' > "$pkgdir/etc/sysctl.d/ctrlaltdel.conf"
+ mkdir -p -m 0755 "$pkgdir/sbin" "$pkgdir/etc/runlevels/empty"
for i in init halt poweroff reboot shutdown telinit ; do
ln -sf "../etc/s6-linux-init/current/bin/$i" "$pkgdir/sbin/$i"
done
@@ -120,8 +119,8 @@ doc() {
cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname"
}
-sha512sums="65ffd4c7a1457c6ad7397ccf7c4ee92dd04e546e21acf75bbfd49ace5b93eb22bac673185061ad9389449d324b6164577715258ab292825da8973140bc548d92 s6-linux-init-1.0.2.1.tar.gz
+sha512sums="defcf58a21dc763b899212f66879ecece350d7248ea77974fda7b4679035143172bb31b456ea1bd43284a1a85a39ef246dfd9fa7e2f2bcb549a7daac2d4f24ae s6-linux-init-1.0.3.0.tar.gz
756b0cbbe5dabb4631380c3c7ea199cc213224b2e36e50a2d012a61948170078b78bf49b85d886319fecf59843087f937d3d804723b2553ac9f94d088a2f0fd8 rc.init
e73c3c32b118831074288d23fadace2158a2b15d5a13ffa73290b92a9e39c2a21c73d3b0eabea29bcbaa5f6381611fd8d0aaa6aa691ec7de91b8ef6ae404b6da runlevel
7bb050248a5c2ab6a56c50c35f87cde724f97ff9882f5e60b0f0f2f14bd93c1df7d99fedc3d81c8519cf1a1ed90e03f1cbb9bf891c7b3618aa9a5f5738d262f4 rc.shutdown
-de702d3a221993cd3192dae4544842402dfbe362bcc4105f3071df15eb0aa6c218bf401bbf221298ee063f6545fe909fd54abf1d1e9222e13bcdc9a29f9a2b19 reboot.sh"
+6fb2a1112988fd2322b4bc4862bfb948a1c2e43921c5d01ae873c0d31b39fe74fc2934a5018c08b1704a2b2199b31d3a3d7365be369bba734f153b74e000aa74 reboot.sh"
diff --git a/system/s6-linux-init/reboot.sh b/system/s6-linux-init/reboot.sh
index d0d87aeb6..38838f402 100644
--- a/system/s6-linux-init/reboot.sh
+++ b/system/s6-linux-init/reboot.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -e
+#!/bin/sh
# This script performs a "poor man's reboot" when the
# init infrastructures are not there to do a proper one.
diff --git a/system/s6/APKBUILD b/system/s6/APKBUILD
index ad5f1f28f..6a87bdd52 100644
--- a/system/s6/APKBUILD
+++ b/system/s6/APKBUILD
@@ -1,14 +1,14 @@
# Contributor: Laurent Bercot <ska-adelie@skarnet.org>
# Maintainer: Laurent Bercot <ska-adelie@skarnet.org>
pkgname=s6
-pkgver=2.8.0.1
-pkgrel=1
+pkgver=2.9.0.0
+pkgrel=0
pkgdesc="skarnet.org's small & secure supervision software suite"
url="https://skarnet.org/software/$pkgname/"
arch="all"
options="!check" # No test suite.
license="ISC"
-_skalibs_version=2.8.1.0
+_skalibs_version=2.9.0.0
depends="execline"
makedepends="skalibs-dev>=$_skalibs_version execline-dev"
install="$pkgname.post-upgrade"
@@ -68,4 +68,4 @@ doc() {
cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname"
}
-sha512sums="03478aed129c1e50b34e0b75d7ff50bd84f62eadee862b6227c4313153d47776e7cbeae728d63209773b91931a2abc8372bb7db4953762807d0ed3d305efd23f s6-2.8.0.1.tar.gz"
+sha512sums="0ac007c1464633ec6c6acc75e845fee99c6ad8ec8ac52fc646bd542559f281a94035f18b3f8858bf13249f52b9d512253edfdaf6d74a56488f00cc3be64b2df6 s6-2.9.0.0.tar.gz"
diff --git a/system/skalibs/APKBUILD b/system/skalibs/APKBUILD
index cbf64462e..e621916be 100644
--- a/system/skalibs/APKBUILD
+++ b/system/skalibs/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Laurent Bercot <ska-adelie@skarnet.org>
# Maintainer: Laurent Bercot <ska-adelie@skarnet.org>
pkgname=skalibs
-pkgver=2.8.1.0
+pkgver=2.9.0.0
pkgrel=1
pkgdesc="A set of general-purpose C programming libraries for skarnet.org software"
url="https://skarnet.org/software/skalibs/"
@@ -9,16 +9,14 @@ arch="all"
options="!check" # No test suite.
license="ISC"
subpackages="$pkgname-libs $pkgname-dev $pkgname-libs-dev:libsdev $pkgname-doc"
-source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz
- env_dump-unterminated-strings.patch"
+source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz"
build() {
cd "$builddir"
./configure \
--enable-shared \
--enable-static \
- --libdir=/usr/lib \
- --enable-clock
+ --libdir=/usr/lib
make
}
@@ -60,5 +58,4 @@ doc() {
cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname"
}
-sha512sums="d2717e6f034af22a7b2ce31b019f30cfa270f64c61549db7b60b319defc5236fc6b58d29a4dae0f740ffdf32180b1940630f4239ea40cbedfcc5861398d20d86 skalibs-2.8.1.0.tar.gz
-286a8e0537399fc52c550c1aeac7dd0748c07d34d51b65cb36ab9e3db5a44ff51ba988c212c6bafa74b107ce80698bcab37a99df6276fe7ce60550de0ffc0567 env_dump-unterminated-strings.patch"
+sha512sums="7ed4b45bc527e87fb436b6ac81148a31534c91f7097fe064da586f84afa3188577720d23df9499ebe8fc3eae2cd73f7378c243ca6825e02f986f5802169eee22 skalibs-2.9.0.0.tar.gz"
diff --git a/system/skalibs/env_dump-unterminated-strings.patch b/system/skalibs/env_dump-unterminated-strings.patch
deleted file mode 100644
index a20a78125..000000000
--- a/system/skalibs/env_dump-unterminated-strings.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From d69644de85148f56efeed4259a783881e2a1bddc Mon Sep 17 00:00:00 2001
-From: Laurent Bercot <ska-skaware@skarnet.org>
-Date: Wed, 31 Jul 2019 23:47:35 +0000
-Subject: [PATCH] bugfix: env_dump() unterminated strings
-
----
- src/libstddjb/env_dump.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/libstddjb/env_dump.c b/src/libstddjb/env_dump.c
-index fc79bc3..10f5913 100644
---- a/src/libstddjb/env_dump.c
-+++ b/src/libstddjb/env_dump.c
-@@ -32,7 +32,8 @@ int env_dump (char const *dir, mode_t mode, char const *const *envp)
- size_t len = str_chr(*envp, '=') ;
- size_t vallen = strlen(*envp + len + 1) ;
- char fn[len + 1] ;
-- memcpy(fn, *envp, len + 1) ;
-+ memcpy(fn, *envp, len) ;
-+ fn[len] = 0 ;
- len = openwritenclose_at(fd, fn, *envp + len + 1, vallen) ;
- if (len < vallen) goto cerr ;
- }
---
-2.22.0
-
diff --git a/system/utmps/APKBUILD b/system/utmps/APKBUILD
index 50bd13dba..52ed77de6 100644
--- a/system/utmps/APKBUILD
+++ b/system/utmps/APKBUILD
@@ -1,15 +1,15 @@
# Contributor: Laurent Bercot <ska-adelie@skarnet.org>
# Maintainer: Laurent Bercot <ska-adelie@skarnet.org>
pkgname=utmps
-pkgver=0.0.2.2
-pkgrel=1
+pkgver=0.0.3.0
+pkgrel=0
pkgdesc="A secure utmp/wtmp implementation"
url="https://skarnet.org/software/$pkgname/"
arch="all"
options="!check" # No test suite
license="ISC"
depends="execline s6"
-_skalibs_version=2.8
+_skalibs_version=2.9.0.0
makedepends="skalibs-dev>=$_skalibs_version"
subpackages="$pkgname-libs $pkgname-dev $pkgname-libs-dev:libsdev $pkgname-doc"
install="$pkgname.post-upgrade"
@@ -76,6 +76,6 @@ doc() {
cp -a "$builddir/doc" "$subpkgdir/usr/share/doc/$pkgname"
}
-sha512sums="1e7b53e7fcbd15a113aef8001ac77c3646ecd4723eaca77b36400c76ee96dafe919a993603a1fd441f1c9fff08c5924714910d43ae86fbf85971c39b950323c0 utmps-0.0.2.2.tar.gz
+sha512sums="2bfd88f2f965a82c50e9e1ef420e578085f888dadbd5a3af2549048d243c524b46a678ae527fa696d9757ddd81d8917b706f87951ee41e41d8969355cdc4b21a utmps-0.0.3.0.tar.gz
0ec30284c64c6ea9f25142c5f4a643bd48b137fe85781b650104f5137ffa4dfc35ca7be3e41e3acd3403ebe1d8c5378073afa4e2f3607d3d794fcd9f98ed51c4 utmpd.run
cba4f2ec3b8f5becf3ae57eecf584745d783046ee6cf5d116322421ad5ffd074d2955da22d31d2b5b1d05f906378aae92f221d2ac95ac21b54a361fbdc0566e7 wtmpd.run"
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-10 07:45:36 +0000