diff options
Diffstat (limited to 'user')
| -rw-r--r-- | user/bluez/APKBUILD | 10 | ||||
| -rw-r--r-- | user/elixir/APKBUILD | 9 | ||||
| -rw-r--r-- | user/elixir/tests1.patch | 87 | ||||
| -rw-r--r-- | user/elixir/tests2.patch | 159 | ||||
| -rw-r--r-- | user/http-parser/APKBUILD | 9 | ||||
| -rw-r--r-- | user/http-parser/remove-bogus-sizeof-test.patch | 14 | ||||
| -rw-r--r-- | user/lcms2/APKBUILD | 6 | ||||
| -rw-r--r-- | user/libgit2/APKBUILD | 7 | ||||
| -rw-r--r-- | user/libvncserver/APKBUILD | 19 | ||||
| -rw-r--r-- | user/libvncserver/CVE-2018-15127.patch | 44 | ||||
| -rw-r--r-- | user/libvncserver/CVE-2019-15681.patch | 23 | ||||
| -rw-r--r-- | user/libvncserver/CVE-2019-15690.patch | 36 | ||||
| -rw-r--r-- | user/node/APKBUILD | 27 | ||||
| -rw-r--r-- | user/z3/APKBUILD | 13 | ||||
| -rw-r--r-- | user/z3/_trailing_zeros32.patch | 23 |
15 files changed, 349 insertions, 137 deletions
diff --git a/user/bluez/APKBUILD b/user/bluez/APKBUILD index af4f09ba8..44cc8d6a1 100644 --- a/user/bluez/APKBUILD +++ b/user/bluez/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=bluez -pkgver=5.53 -pkgrel=1 +pkgver=5.54 +pkgrel=0 pkgdesc="Linux Bluetooth protocol stack" url="http://www.bluez.org/" arch="all" @@ -29,6 +29,10 @@ source="https://www.kernel.org/pub/linux/bluetooth/bluez-$pkgver.tar.xz time64.patch " +# secfixes: +# 5.54-r0: +# - CVE-2020-0556 + prepare() { default_prepare @@ -128,7 +132,7 @@ tools() { done } -sha512sums="62956e6293ec2517ec453dc7a6c82d34a8c446df8add8fe411b0a45fd5604817f3a19fbc646ad6f68df435f3cd2bd10ae040890e30db83b022f90b54cc6b3c74 bluez-5.53.tar.xz +sha512sums="e19d15d3a478a7af47c1921c8827843492e38787b1182152155bd3d8ad9e1d8ee25c5fda1f24e38c54ebbf946b09fe75007dca9a24d1c35f73303558e558dcbe bluez-5.54.tar.xz 41759d27bc3a258fefd7f4ff3277fa6ab9c21abb7b160e1a75aa8eba547bd90b288514e76264bd94fb0172da8a4faa54aab2c07b68a0356918ecf7f1969e866f readline-8.0.tar.gz fc43c78ed248ea412529eed5ae8bb47bacca9bf5b3b10de121ddd4e792c85893561a88be4aa2c6318106e5d2146a721445152d44fa60ca257ca0b4eb87318c1e bluetooth.initd 8d7b7c8938a2316ce0a855e9bdf1ef8fcdf33d23f4011df828270a088b88b140a19c432e83fef15355d0829e3c86be05b63e7718fef88563254ea239b8dc12ac rfcomm.initd diff --git a/user/elixir/APKBUILD b/user/elixir/APKBUILD index e23466f18..d37c550bf 100644 --- a/user/elixir/APKBUILD +++ b/user/elixir/APKBUILD @@ -11,7 +11,10 @@ license="Apache-2.0" depends="erlang" makedepends="erlang-dev" subpackages="$pkgname-doc" -source="$pkgname-$pkgver.tar.gz::https://github.com/elixir-lang/elixir/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/elixir-lang/elixir/archive/v$pkgver.tar.gz + tests1.patch + tests2.patch + " build() { make @@ -25,4 +28,6 @@ package() { make DESTDIR="$pkgdir" PREFIX=/usr install } -sha512sums="66b18b983e5374afbd4d94c43a880c5e46a9aa150fa6f38be74ff7f58a19eaaee00248b202d9ae3f6b78e2495fc8d5cec755de644256a731be367766c3812855 elixir-1.10.3.tar.gz" +sha512sums="66b18b983e5374afbd4d94c43a880c5e46a9aa150fa6f38be74ff7f58a19eaaee00248b202d9ae3f6b78e2495fc8d5cec755de644256a731be367766c3812855 elixir-1.10.3.tar.gz +4b014bc616c729dba673693b8157e1923eff840d83798051aeb297056383c7b3490fb9d0749eb21ba6c09f6128b36510f1c943e2d8daf393d4c719d021693978 tests1.patch +fa2f24514e4859449ec260cb179a1e523580d8681a9ad55aff7e447ae4feee6f5a09a4f1857b481a973d4f8e759cb194ffdd9b2b230ec8a59bd33fd53ad47730 tests2.patch" diff --git a/user/elixir/tests1.patch b/user/elixir/tests1.patch new file mode 100644 index 000000000..7c74074a9 --- /dev/null +++ b/user/elixir/tests1.patch @@ -0,0 +1,87 @@ +From aaae97992d33ba11374a9140e2ad8aa9aca45e32 Mon Sep 17 00:00:00 2001 +From: Jonny Stoten <jonny@jonnystoten.com> +Date: Mon, 13 Jan 2020 08:37:20 +0000 +Subject: [PATCH] Don't GPG sign commits or tags in git tests (#9719) + +If the machine/user git config is set to sign all commits/tags, +these tests fail. +--- + lib/mix/test/mix/tasks/escript_test.exs | 2 +- + lib/mix/test/test_helper.exs | 16 ++++++++-------- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/lib/mix/test/mix/tasks/escript_test.exs b/lib/mix/test/mix/tasks/escript_test.exs +index 5d9eb8390a..f8f1baaf15 100644 +--- a/lib/mix/test/mix/tasks/escript_test.exs ++++ b/lib/mix/test/mix/tasks/escript_test.exs +@@ -351,7 +351,7 @@ defmodule Mix.Tasks.EscriptTest do + """) + + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m "ok"]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) + + send(self(), {:mix_shell_input, :yes?, true}) + Mix.Tasks.Escript.Install.run(["git", File.cwd!()]) +diff --git a/lib/mix/test/test_helper.exs b/lib/mix/test/test_helper.exs +index b652cd07b2..65e41aa1d1 100644 +--- a/lib/mix/test/test_helper.exs ++++ b/lib/mix/test/test_helper.exs +@@ -218,7 +218,7 @@ unless File.dir?(target) do + System.cmd("git", ~w[config user.email "mix@example.com"]) + System.cmd("git", ~w[config user.name "mix-repo"]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m "bad"]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m "bad"]) + end) + + File.write!(Path.join(target, "mix.exs"), """ +@@ -237,8 +237,8 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m "ok"]) +- System.cmd("git", ~w[tag without_module]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) ++ System.cmd("git", ~w[tag --no-sign without_module]) + end) + + File.write!(Path.join(target, "lib/git_repo.ex"), """ +@@ -279,8 +279,8 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m "lib"]) +- System.cmd("git", ~w[tag with_module]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m "lib"]) ++ System.cmd("git", ~w[tag --no-sign with_module]) + end) + end + +@@ -309,7 +309,7 @@ unless File.dir?(target) do + System.cmd("git", ~w[config user.email "mix@example.com"]) + System.cmd("git", ~w[config user.name "mix-repo"]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m without-dep]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m without-dep]) + end) + + File.write!(Path.join(target, "mix.exs"), """ +@@ -336,7 +336,7 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m with-dep]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m with-dep]) + end) + end + +@@ -364,7 +364,7 @@ unless File.dir?(target) do + System.cmd("git", ~w[config user.email "mix@example.com"]) + System.cmd("git", ~w[config user.name "mix-repo"]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit -m "ok"]) ++ System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) + end) + end + diff --git a/user/elixir/tests2.patch b/user/elixir/tests2.patch new file mode 100644 index 000000000..f44b028df --- /dev/null +++ b/user/elixir/tests2.patch @@ -0,0 +1,159 @@ +From 3d1c1b4e2396e9891d38d00185889bd4a421db1a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@dashbit.co> +Date: Sat, 13 Jun 2020 10:01:10 +0200 +Subject: [PATCH] Use global gitconfig instead of individual options on + commands + +Closes #10098. +--- + lib/mix/lib/mix/scm/git.ex | 7 ++-- + lib/mix/test/mix/tasks/escript_test.exs | 2 +- + lib/mix/test/test_helper.exs | 45 +++++++++++++------------ + 3 files changed, 29 insertions(+), 25 deletions(-) + +diff --git a/lib/mix/lib/mix/scm/git.ex b/lib/mix/lib/mix/scm/git.ex +index 2c07b9515f..6f66202052 100644 +--- a/lib/mix/lib/mix/scm/git.ex ++++ b/lib/mix/lib/mix/scm/git.ex +@@ -251,8 +251,11 @@ defmodule Mix.SCM.Git do + opts = cmd_opts(into: into, stderr_to_stdout: true) + + case System.cmd("git", args, opts) do +- {response, 0} -> response +- {_, _} -> Mix.raise("Command \"git #{Enum.join(args, " ")}\" failed") ++ {response, 0} -> ++ response ++ ++ {response, _} -> ++ Mix.raise("Command \"git #{Enum.join(args, " ")}\" failed with reason: #{response}") + end + end + +diff --git a/lib/mix/test/mix/tasks/escript_test.exs b/lib/mix/test/mix/tasks/escript_test.exs +index f8f1baaf15..5d9eb8390a 100644 +--- a/lib/mix/test/mix/tasks/escript_test.exs ++++ b/lib/mix/test/mix/tasks/escript_test.exs +@@ -351,7 +351,7 @@ defmodule Mix.Tasks.EscriptTest do + """) + + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) ++ System.cmd("git", ~w[commit -m "ok"]) + + send(self(), {:mix_shell_input, :yes?, true}) + Mix.Tasks.Escript.Install.run(["git", File.cwd!()]) +diff --git a/lib/mix/test/test_helper.exs b/lib/mix/test/test_helper.exs +index 88c6434816..1dec2be0b0 100644 +--- a/lib/mix/test/test_helper.exs ++++ b/lib/mix/test/test_helper.exs +@@ -182,18 +182,23 @@ defmodule MixTest.Case do + end + end + +-## Set up Mix home with Rebar ++## Set up globals + +-home = MixTest.Case.tmp_path(".mix") ++home = MixTest.Case.tmp_path(".home") + File.mkdir_p!(home) +-System.put_env("MIX_HOME", home) ++System.put_env("HOME", home) ++ ++mix = MixTest.Case.tmp_path(".mix") ++File.mkdir_p!(mix) ++System.put_env("MIX_HOME", mix) ++ + System.delete_env("XDG_DATA_HOME") + System.delete_env("XDG_CONFIG_HOME") + + rebar = System.get_env("REBAR") || Path.expand("fixtures/rebar", __DIR__) +-File.cp!(rebar, Path.join(home, "rebar")) ++File.cp!(rebar, Path.join(mix, "rebar")) + rebar = System.get_env("REBAR3") || Path.expand("fixtures/rebar3", __DIR__) +-File.cp!(rebar, Path.join(home, "rebar3")) ++File.cp!(rebar, Path.join(mix, "rebar3")) + + ## Copy fixtures to tmp + +@@ -207,6 +212,8 @@ Enum.each(fixtures, fn fixture -> + end) + + ## Generate Git repo fixtures ++System.cmd("git", ~w[config --global user.email "mix@example.com"]) ++System.cmd("git", ~w[config --global user.name "mix-repo"]) + + # Git repo + target = Path.expand("fixtures/git_repo", __DIR__) +@@ -220,11 +227,9 @@ unless File.dir?(target) do + """) + + File.cd!(target, fn -> +- System.cmd("git", ~w[-c core.hooksPath='' init]) +- System.cmd("git", ~w[config user.email "mix@example.com"]) +- System.cmd("git", ~w[config user.name "mix-repo"]) ++ System.cmd("git", ~w[init]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m "bad"]) ++ System.cmd("git", ~w[commit -m "bad"]) + end) + + File.write!(Path.join(target, "mix.exs"), """ +@@ -243,8 +248,8 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) +- System.cmd("git", ~w[tag --no-sign without_module]) ++ System.cmd("git", ~w[commit -m "ok"]) ++ System.cmd("git", ~w[tag without_module]) + end) + + File.write!(Path.join(target, "lib/git_repo.ex"), """ +@@ -285,8 +290,8 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m "lib"]) +- System.cmd("git", ~w[tag --no-sign with_module]) ++ System.cmd("git", ~w[commit -m "lib"]) ++ System.cmd("git", ~w[tag with_module]) + end) + end + +@@ -311,11 +316,9 @@ unless File.dir?(target) do + """) + + File.cd!(target, fn -> +- System.cmd("git", ~w[-c core.hooksPath='' init]) +- System.cmd("git", ~w[config user.email "mix@example.com"]) +- System.cmd("git", ~w[config user.name "mix-repo"]) ++ System.cmd("git", ~w[init]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m without-dep]) ++ System.cmd("git", ~w[commit -m without-dep]) + end) + + File.write!(Path.join(target, "mix.exs"), """ +@@ -342,7 +345,7 @@ unless File.dir?(target) do + + File.cd!(target, fn -> + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m with-dep]) ++ System.cmd("git", ~w[commit -m with-dep]) + end) + end + +@@ -366,11 +369,9 @@ unless File.dir?(target) do + """) + + File.cd!(target, fn -> +- System.cmd("git", ~w[-c core.hooksPath='' init]) +- System.cmd("git", ~w[config user.email "mix@example.com"]) +- System.cmd("git", ~w[config user.name "mix-repo"]) ++ System.cmd("git", ~w[init]) + System.cmd("git", ~w[add .]) +- System.cmd("git", ~w[commit --no-gpg-sign -m "ok"]) ++ System.cmd("git", ~w[commit -m "ok"]) + end) + end + diff --git a/user/http-parser/APKBUILD b/user/http-parser/APKBUILD index af90a5f0e..cc6281b98 100644 --- a/user/http-parser/APKBUILD +++ b/user/http-parser/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=http-parser -pkgver=2.9.3 +pkgver=2.9.4 pkgrel=0 pkgdesc="Library for parsing HTTP messages in C" url=" " @@ -11,7 +11,9 @@ depends="" depends_dev="" makedepends="$depends_dev" subpackages="$pkgname-dev" -source="http-parser-$pkgver.tar.gz::https://github.com/nodejs/http-parser/archive/v$pkgver.tar.gz" +source="http-parser-$pkgver.tar.gz::https://github.com/nodejs/http-parser/archive/v$pkgver.tar.gz + remove-bogus-sizeof-test.patch + " build() { make @@ -25,4 +27,5 @@ package() { make PREFIX=/usr DESTDIR="$pkgdir" install } -sha512sums="d200c52f594192ba80a8d5b59d414404843f8601dac647f29c27845db75ac1f015789031e30e91aaab5b553af1ee6af50b90f9342a444c10c1027e10fdb9a31b http-parser-2.9.3.tar.gz" +sha512sums="b45df7b94d1c51079d44687d0a7f901f44faae51df4e84c7e3fe38f130c2d809d0e7c2a146c57b3723e60732aededc246bf44eadb10a95b710963d641f9fe7cd http-parser-2.9.4.tar.gz +aaf666728ab860a19398a631276d7caaf696d29bfbce39408bbcd65775f23d452e477af481333631b8dd07eacb8ba44fb4c58d1216dc5fb0dfac88062c7f478b remove-bogus-sizeof-test.patch" diff --git a/user/http-parser/remove-bogus-sizeof-test.patch b/user/http-parser/remove-bogus-sizeof-test.patch new file mode 100644 index 000000000..5f912fb5b --- /dev/null +++ b/user/http-parser/remove-bogus-sizeof-test.patch @@ -0,0 +1,14 @@ +Upstream issues: +https://github.com/nodejs/http-parser/issues/507 +https://github.com/nodejs/http-parser/pull/510 + +--- http-parser-2.9.4/test.c 2020-03-24 05:54:06.000000000 -0500 ++++ http-parser-2.9.4/test.c 2020-06-15 22:54:06.020315073 -0500 +@@ -4221,7 +4221,6 @@ main (void) + printf("http_parser v%u.%u.%u (0x%06lx)\n", major, minor, patch, version); + + printf("sizeof(http_parser) = %u\n", (unsigned int)sizeof(http_parser)); +- assert(sizeof(http_parser) == 4 + 4 + 8 + 2 + 2 + 4 + sizeof(void *)); + + //// API + test_preserve_data(); diff --git a/user/lcms2/APKBUILD b/user/lcms2/APKBUILD index c1df9d6d2..d096b78cc 100644 --- a/user/lcms2/APKBUILD +++ b/user/lcms2/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=lcms2 -pkgver=2.9 +pkgver=2.11 pkgrel=0 pkgdesc="Colour management engine using ICC standard" url="http://www.littlecms.com/" @@ -14,6 +14,8 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" source="http://www.littlecms.com/lcms2-$pkgver.tar.gz" # secfixes: +# 2.11-r0: +# - CVE-2018-16435 # 2.8-r1: # - CVE-2016-10165 @@ -48,4 +50,4 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="70b1c51fa8d137d5072425e580745ff1fbf49c6e8bb1da0a8adb0647d3b7c095208793cb02de1e8d1a01363b8575fa60c61bedbff99bbec57a44228239cb00e5 lcms2-2.9.tar.gz" +sha512sums="96643da4770c86eb56f454e605d7661024afb33f4e621c23c590307c31a0eec02100eca4f4ac6718639d99d750ed4834a9b2523e910469da717c3ddd78b4b50e lcms2-2.11.tar.gz" diff --git a/user/libgit2/APKBUILD b/user/libgit2/APKBUILD index bfa1a39b3..246642192 100644 --- a/user/libgit2/APKBUILD +++ b/user/libgit2/APKBUILD @@ -3,7 +3,7 @@ # Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libgit2 -pkgver=0.28.4 +pkgver=0.28.5 pkgrel=0 pkgdesc="Pure C re-entrant library for custom Git applications" url="https://libgit2.org/" @@ -37,11 +37,12 @@ build() { } check() { - CTEST_OUTPUT_ON_FAILURE=TRUE ctest + # Don't run online tests by default. + CTEST_OUTPUT_ON_FAILURE=TRUE ctest -E online } package() { make DESTDIR="$pkgdir" install } -sha512sums="b81160608003b25d9b922d259ebbbbf941b6bd5100fa1875497c8cd29de320e292fff568c757a7a85b2b3044ddc1cb92c74dbcb13d630d62ecf9a8559b619d15 libgit2-0.28.4.tar.gz" +sha512sums="abfea885f46444b0304ae57c32c06f4252afb0093c924da5e1ba10aaed952824d1b84036adb79b5b8ad8bea56a6331a51c62f3b9839aead16c7b26cb4554b53a libgit2-0.28.5.tar.gz" diff --git a/user/libvncserver/APKBUILD b/user/libvncserver/APKBUILD index 7058ad208..8992096b8 100644 --- a/user/libvncserver/APKBUILD +++ b/user/libvncserver/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libvncserver -pkgver=0.9.12 -pkgrel=1 +pkgver=0.9.13 +pkgrel=0 pkgdesc="Library to make writing a vnc server easy" url="https://libvnc.github.io/" arch="all" @@ -14,11 +14,7 @@ depends_dev="libgcrypt-dev libjpeg-turbo-dev gnutls-dev libpng-dev libxi-dev libxinerama-dev libxrandr-dev libxtst-dev" makedepends="$depends_dev cmake" subpackages="$pkgname-dev" -source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz - CVE-2018-15127.patch - CVE-2019-15681.patch - CVE-2019-15690.patch - " +source="https://github.com/LibVNC/libvncserver/archive/LibVNCServer-$pkgver.tar.gz" builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver # secfixes: @@ -30,6 +26,9 @@ builddir="$srcdir"/libvncserver-LibVNCServer-$pkgver # 0.9.12-r1: # - CVE-2019-15681 # - CVE-2019-15690 +# 0.9.13-r0: +# - CVE-2019-20788 +# - CVE-2020-14401 build() { if [ "$CBUILD" != "$CHOST" ]; then @@ -37,6 +36,7 @@ build() { fi cmake \ -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib \ -DBUILD_SHARED_LIBS=True \ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ @@ -54,7 +54,4 @@ package() { make install DESTDIR="$pkgdir" } -sha512sums="60ff1cc93a937d6f8f97449bc58b763095846207112f7b1b3c43eb2d74448b595d6da949903a764bd484ee54e38ff6277e882adbe965dd6d26ba15ef6ff6fcb8 LibVNCServer-0.9.12.tar.gz -8b5b6742e6c3a181c60652484b15ec42cc0a3acc1e82cef38e82b61f43f1de456d09731976f4e5dfab44abf3e551e22aaf4300cb8418cd8e136d705fcb2a7dbe CVE-2018-15127.patch -5ecb5a26813f3f07440ef6c54eebaca4e9b4f7c1cf2ba13375e3b23b950a9b818d068d4eef5532d7ea4d7ae084c4356af7257c45426101ff51afe2b7da338a1f CVE-2019-15681.patch -52f62a65c3e91b7c7a11b5ad6e1432d697e1314bf6c938b5cb0c9cc8bdffbf1c25612c33e05282c11d59c6523e208b882f963fca8bcd34a5c72dd476427e7542 CVE-2019-15690.patch" +sha512sums="18b0a1698d32bbdbfe6f65f76130b2a95860e3cc76e8adb904269663698c7c0ae982f451fda1f25e5461f096045d40a89d9014258f439366d5b4feaa4999d643 LibVNCServer-0.9.13.tar.gz" diff --git a/user/libvncserver/CVE-2018-15127.patch b/user/libvncserver/CVE-2018-15127.patch deleted file mode 100644 index 146243670..000000000 --- a/user/libvncserver/CVE-2018-15127.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 09e8fc02f59f16e2583b34fe1a270c238bd9ffec Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com> -Date: Mon, 7 Jan 2019 10:40:01 +0100 -Subject: [PATCH] Limit lenght to INT_MAX bytes in - rfbProcessFileTransferReadBuffer() - -This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap -out-of-bound write access in rfbProcessFileTransferReadBuffer() when -reading a transfered file content in a server. The former fix did not -work on platforms with a 32-bit int type (expected by rfbReadExact()). - -CVE-2018-15127 -<https://github.com/LibVNC/libvncserver/issues/243> -<https://github.com/LibVNC/libvncserver/issues/273> ---- - libvncserver/rfbserver.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 7af84906..f2edbeea 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -88,6 +88,8 @@ - #include <errno.h> - /* strftime() */ - #include <time.h> -+/* INT_MAX */ -+#include <limits.h> - - #ifdef LIBVNCSERVER_WITH_WEBSOCKETS - #include "rfbssl.h" -@@ -1472,8 +1474,11 @@ char *rfbProcessFileTransferReadBuffer(rfbClientPtr cl, uint32_t length) - 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF - will safely be allocated since this check will never trigger and malloc() can digest length+1 - without problems as length is a uint32_t. -+ We also later pass length to rfbReadExact() that expects a signed int type and -+ that might wrap on platforms with a 32-bit int type if length is bigger -+ than 0X7FFFFFFF. - */ -- if(length == SIZE_MAX) { -+ if(length == SIZE_MAX || length > INT_MAX) { - rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); - rfbCloseClient(cl); - return NULL; diff --git a/user/libvncserver/CVE-2019-15681.patch b/user/libvncserver/CVE-2019-15681.patch deleted file mode 100644 index e328d8792..000000000 --- a/user/libvncserver/CVE-2019-15681.patch +++ /dev/null @@ -1,23 +0,0 @@ -From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Mon, 19 Aug 2019 22:32:25 +0200 -Subject: [PATCH] rfbserver: don't leak stack memory to the remote - -Thanks go to Pavel Cheremushkin of Kaspersky for reporting. ---- - libvncserver/rfbserver.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c -index 3bacc891..310e5487 100644 ---- a/libvncserver/rfbserver.c -+++ b/libvncserver/rfbserver.c -@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len) - rfbServerCutTextMsg sct; - rfbClientIteratorPtr iterator; - -+ memset((char *)&sct, 0, sizeof(sct)); -+ - iterator = rfbGetClientIterator(rfbScreen); - while ((cl = rfbClientIteratorNext(iterator)) != NULL) { - sct.type = rfbServerCutText; diff --git a/user/libvncserver/CVE-2019-15690.patch b/user/libvncserver/CVE-2019-15690.patch deleted file mode 100644 index 7fe36e454..000000000 --- a/user/libvncserver/CVE-2019-15690.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 54220248886b5001fbbb9fa73c4e1a2cb9413fed Mon Sep 17 00:00:00 2001 -From: Christian Beier <dontmind@freeshell.org> -Date: Sun, 17 Nov 2019 17:18:35 +0100 -Subject: [PATCH] libvncclient/cursor: limit width/height input values - -Avoids a possible heap overflow reported by Pavel Cheremushkin -<Pavel.Cheremushkin@kaspersky.com>. - -re #275 ---- - libvncclient/cursor.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/libvncclient/cursor.c b/libvncclient/cursor.c -index 67f45726..40ffb3b0 100644 ---- a/libvncclient/cursor.c -+++ b/libvncclient/cursor.c -@@ -28,6 +28,8 @@ - #define OPER_SAVE 0 - #define OPER_RESTORE 1 - -+#define MAX_CURSOR_SIZE 1024 -+ - #define RGB24_TO_PIXEL(bpp,r,g,b) \ - ((((uint##bpp##_t)(r) & 0xFF) * client->format.redMax + 127) / 255 \ - << client->format.redShift | \ -@@ -54,6 +56,9 @@ rfbBool HandleCursorShape(rfbClient* client,int xhot, int yhot, int width, int h - if (width * height == 0) - return TRUE; - -+ if (width >= MAX_CURSOR_SIZE || height >= MAX_CURSOR_SIZE) -+ return FALSE; -+ - /* Allocate memory for pixel data and temporary mask data. */ - if(client->rcSource) - free(client->rcSource); diff --git a/user/node/APKBUILD b/user/node/APKBUILD index d60a359af..c74516b71 100644 --- a/user/node/APKBUILD +++ b/user/node/APKBUILD @@ -1,15 +1,16 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=node -pkgver=10.19.0 +pkgver=10.21.0 pkgrel=0 pkgdesc="JavaScript runtime" url="https://nodejs.org/" arch="all" -license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND OpenSSL AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0" +options="net" # Required in check() +license="MIT AND ICU AND BSD-3-Clause AND BSD-2-Clause AND ISC AND Public-Domain AND Zlib AND Artistic-2.0 AND Apache-2.0 AND CC0-1.0" depends="" makedepends="c-ares-dev http-parser-dev icu-dev libexecinfo-dev libuv-dev - nghttp2-dev python3 zlib-dev" + nghttp2-dev>=1.41 openssl-dev python3 zlib-dev" subpackages="$pkgname-dev $pkgname-doc" source="https://nodejs.org/download/release/v$pkgver/node-v$pkgver.tar.xz https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tar.xz @@ -30,11 +31,15 @@ builddir="$srcdir/$pkgname-v$pkgver" # - CVE-2019-9516 # - CVE-2019-9517 # - CVE-2019-9518 +# 10.21.0-r0: +# - CVE-2020-7598 +# - CVE-2020-8174 unpack() { default_unpack [ -z $SKIP_PYTHON ] || return 0 + # TODO: when bumping to 12.x, python3 should be usable msg "Killing all remaining hope for humanity and building Python 2..." cd "$srcdir/Python-2.7.15" [ -d ../python ] && rm -r ../python @@ -47,7 +52,6 @@ unpack() { build() { export PATH="$srcdir/python/bin:$PATH" - # We can't use --shared-openssl until 1.1 is available. python ./configure.py \ --prefix=/usr \ --with-intl=system-icu \ @@ -55,15 +59,24 @@ build() { --shared-http-parser \ --shared-libuv \ --shared-nghttp2 \ - --openssl-no-asm \ + --shared-openssl \ + --openssl-use-def-ca-store \ --shared-zlib # keep DESTDIR set, to avoid a full rebuild in package() make DESTDIR="$pkgdir" } check() { + case "$CARCH" in + pmmx) + # https://bts.adelielinux.org/show_bug.cgi?id=306 + _skip="parallel/test-http-invalid-te,parallel/test-worker-stdio" + ;; + esac + export PATH="$srcdir/python/bin:$PATH" - make DESTDIR="$pkgdir" test-only + make DESTDIR="$pkgdir" test-only \ + ${_skip:+CI_SKIP_TESTS="$_skip"} } package() { @@ -71,7 +84,7 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="512efc58415ed789938c434af131d76bdd51772cac9f7e380afaa79d83cc9c433a979068fc7272adba6ba6551d195267978e1fc819236926b0d1fd6cf91c5eee node-v10.19.0.tar.xz +sha512sums="613d3c1bca79ea5f127dc6793de2b5cfdfa056c01ec092e3b7ee79205894b21ca5ec4a367265122641dd1d360c675cfb36a4f7892894194ddd18abd1b2206544 node-v10.21.0.tar.xz 27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6 Python-2.7.15.tar.xz 8f64922d586bce9d82c83042a989739cc55ecc5e015778cdfbda21c257aa50527ddb18740985bcb2068e4a749b71eb8a135d9a8152b374d361589df7f33c9b60 libatomic.patch 6d37794c7c78ef92ebb845852af780e22dc8c14653b63a8609c21ab6860877b9dffc5cf856a8516b7978ec704f312c0627075c6440ace55d039f95bdc4c85add ppc32.patch diff --git a/user/z3/APKBUILD b/user/z3/APKBUILD index adac93a71..262a7f530 100644 --- a/user/z3/APKBUILD +++ b/user/z3/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=z3 pkgver=4.8.7 -pkgrel=0 +pkgrel=1 pkgdesc="Mathematical theorem prover" url=" " arch="all" @@ -10,9 +10,15 @@ license="MIT" depends="" makedepends="gmp-dev python3-dev cmd:which" subpackages="$pkgname-dev py3-$pkgname:py3:noarch" -source="https://github.com/Z3Prover/z3/archive/z3-$pkgver.tar.gz" +source="https://github.com/Z3Prover/z3/archive/z3-$pkgver.tar.gz + _trailing_zeros32.patch + " builddir="$srcdir/z3-z3-$pkgver" +case "$CARCH" in +pmmx) options="$options textrels";; +esac + build() { PYTHON=python3 ./configure \ --prefix=/usr \ @@ -37,4 +43,5 @@ py3() { mv "$pkgdir"/usr/lib/python3* "$subpkgdir"/usr/lib/ } -sha512sums="145e2b2f1fa4edd0917107c7e1d54d779c7ed85c48af2ce6def4c90d1c4db05f74c9657e173cedf48770589fbe484c97fa1923295271cd3792523ffc4f67ed0c z3-4.8.7.tar.gz" +sha512sums="145e2b2f1fa4edd0917107c7e1d54d779c7ed85c48af2ce6def4c90d1c4db05f74c9657e173cedf48770589fbe484c97fa1923295271cd3792523ffc4f67ed0c z3-4.8.7.tar.gz +6cf6ee35b23f9ef9fe879369a1900c82d38836f245e927f0f80eb6361e3340c32c8b94f00b1cb69eb8cad1626675b8f7b9bdaecffa5072cd5e8b12ecf1e7e3c0 _trailing_zeros32.patch" diff --git a/user/z3/_trailing_zeros32.patch b/user/z3/_trailing_zeros32.patch new file mode 100644 index 000000000..05b977f51 --- /dev/null +++ b/user/z3/_trailing_zeros32.patch @@ -0,0 +1,23 @@ +From e212159f4e941c78fc03239e0884f2f0454f581f Mon Sep 17 00:00:00 2001 +From: Nikolaj Bjorner <nbjorner@microsoft.com> +Date: Wed, 20 Nov 2019 15:01:04 -0800 +Subject: [PATCH] fix #2727 + +Signed-off-by: Nikolaj Bjorner <nbjorner@microsoft.com> +--- + src/util/mpz.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/util/mpz.cpp b/src/util/mpz.cpp +index a8190df1b0..9c2d3d5ffb 100644 +--- a/src/util/mpz.cpp ++++ b/src/util/mpz.cpp +@@ -72,6 +72,8 @@ inline uint64_t _trailing_zeros64(uint64_t x) { + + #if defined(_WINDOWS) && !defined(_M_ARM) && !defined(_M_ARM64) + // _trailing_zeros32 already defined using intrinsics ++#elif defined(__GNUC__) ++// _trailing_zeros32 already defined using intrinsics + #else + inline uint32_t _trailing_zeros32(uint32_t x) { + uint32_t r = 0; |