From 879740d141131be88d6edaeb224e3629444664b6 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 29 Aug 2019 12:31:58 -0500
Subject: user/faad2: [CVE] bump to 2.9.0

---
 user/faad2/APKBUILD       | 47 +++++++++++++++++++++++++++++++++++++----------
 user/faad2/automake.patch | 11 -----------
 user/faad2/overflow.patch | 25 -------------------------
 3 files changed, 37 insertions(+), 46 deletions(-)
 delete mode 100644 user/faad2/automake.patch
 delete mode 100644 user/faad2/overflow.patch

(limited to 'user')

diff --git a/user/faad2/APKBUILD b/user/faad2/APKBUILD
index 3794942b9..6b1fc47b1 100644
--- a/user/faad2/APKBUILD
+++ b/user/faad2/APKBUILD
@@ -1,7 +1,8 @@
 # Maintainer: 
 pkgname=faad2
-pkgver=2.8.8
-pkgrel=1
+pkgver=2.9.0
+_pkgver="$(printf '%s' "$pkgver" | tr . _)"
+pkgrel=0
 pkgdesc="ISO AAC audio decoder"
 url="https://www.audiocoding.com/"
 arch="all"
@@ -10,23 +11,49 @@ license="GPL-2.0+"
 subpackages="$pkgname-dev $pkgname-doc"
 depends=""
 makedepends="autoconf automake libtool"
-source="https://downloads.sourceforge.net/sourceforge/faac/$pkgname-$pkgver.tar.gz
-	overflow.patch
-	"
+source="$pkgname-$pkgver.tar.gz::https://github.com/knik0/faad2/archive/$_pkgver.tar.gz"
+builddir="$srcdir/$pkgname-$_pkgver"
+
+# secfixes:
+#   2.8.8-r1:
+#     - CVE-2018-19502
+#     - CVE-2019-15296
+#   2.8.8-r2:
+#     - CVE-2019-6956
+#     - CVE-2018-20196
+#     - CVE-2018-20199
+#     - CVE-2018-20360
+#   2.9.0-r0:
+#     - CVE-2018-19503
+#     - CVE-2018-19504
+#     - CVE-2018-20194
+#     - CVE-2018-20195
+#     - CVE-2018-20197
+#     - CVE-2018-20198
+#     - CVE-2018-20357
+#     - CVE-2018-20358
+#     - CVE-2018-20359
+#     - CVE-2018-20361
+#     - CVE-2018-20362
+
+prepare() {
+	default_prepare
+	./bootstrap
+}
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
-		--prefix=/usr
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var
 	make
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="3275d292b2a9fe984842962f4d81202894bddd17033f7cd6df95466554cc968dfcbf2890ae8b1df37da0cd25d645cca0a687f07e39b9fc37dd004fd5956a82af  faad2-2.8.8.tar.gz
-f9266ca424d1e4f5b46c2f6b4b1568caee86849d2b6edc3b6c1fb7cf08fd736c0a8fe2c096c3bc64674e4fa40619c24d45d6d6125f11360517feb09a5c996a34  overflow.patch"
+sha512sums="1756b2672f9e438a56b11160ddc77fc721d85860eaa325a3ff01b51a2524baf4c1c61068a97cbc4e99d47e7643f10e1d6afb997eede3295b44551fe4661fb5dc  faad2-2.9.0.tar.gz"
diff --git a/user/faad2/automake.patch b/user/faad2/automake.patch
deleted file mode 100644
index 809031eb0..000000000
--- a/user/faad2/automake.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./configure.in.orig	2012-12-31 10:42:26.394219312 +0000
-+++ ./configure.in	2012-12-31 10:42:43.294360781 +0000
-@@ -25,7 +25,7 @@
- AC_PROG_MAKE_SET
- AC_CHECK_PROGS(RPMBUILD, rpmbuild, rpm)
- 
--AM_CONFIG_HEADER(config.h)
-+AC_CONFIG_HEADER(config.h)
- 
- AC_ARG_WITH(xmms,[  --with-xmms             compile XMMS-1 plugin],
- 	     WITHXMMS=$withval, WITHXMMS=no)
diff --git a/user/faad2/overflow.patch b/user/faad2/overflow.patch
deleted file mode 100644
index 5a198f8d8..000000000
--- a/user/faad2/overflow.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- faad2/libfaad/bits.c	2007-11-01 13:33:29.000000000 +0100
-+++ faad2.new/libfaad/bits.c	2019-03-25 17:29:26.134199188 +0100
-@@ -167,7 +167,10 @@
-     int words = bits >> 5;
-     int remainder = bits & 0x1F;
- 
--    ld->bytes_left = ld->buffer_size - words*4;
-+    if (ld->buffer_size < words * 4)
-+        ld->bytes_left = 0;
-+    else
-+        ld->bytes_left = ld->buffer_size - words*4;
- 
-     if (ld->bytes_left >= 4)
-     {
---- faad2/libfaad/syntax.c	2019-03-25 17:57:36.930937066 +0100
-+++ faad2.new/libfaad/syntax.c	2019-03-25 17:49:26.135368525 +0100
-@@ -2292,6 +2292,8 @@
-     while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
-         DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
-     {
-+        if (i >= MAX_CHANNELS - num_excl_chan - 7)
-+            return n;
-         for (i = num_excl_chan; i < num_excl_chan+7; i++)
-         {
-             drc->exclude_mask[i] = faad_get1bit(ld
-- 
cgit v1.2.3-60-g2f50


From 162826e7e57fa3f73d6fcf904e3a059286df3476 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 29 Aug 2019 12:42:23 -0500
Subject: user/irssi: [CVE] bump to 1.2.2

---
 user/irssi/APKBUILD | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'user')

diff --git a/user/irssi/APKBUILD b/user/irssi/APKBUILD
index ffa7267ac..1d63fd4b2 100644
--- a/user/irssi/APKBUILD
+++ b/user/irssi/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
 # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
 pkgname=irssi
-pkgver=1.2.1
+pkgver=1.2.2
 pkgrel=0
 pkgdesc="Text-based IRC client"
 url="https://irssi.org"
@@ -14,9 +14,10 @@ source="https://github.com/irssi/irssi/releases/download/$pkgver/irssi-$pkgver.t
 # secfixes: irssi
 #   1.2.1-r0:
 #     - CVE-2019-13045
+#   1.2.2-r0:
+#     - CVE-2019-15717
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -31,12 +32,10 @@ build() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
@@ -48,4 +47,4 @@ perl() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
 	mv "$pkgdir"/usr/share/irssi/scripts "$subpkgdir"/usr/share/irssi
 }
-sha512sums="67c4501b5a0055c1b24fa6753305658de809cd66e952e6f9233701a112989fd8721a065b1c681725b82346b40b53a29bd2b6b8b8315ac0ad196235a9e5156d5a  irssi-1.2.1.tar.xz"
+sha512sums="5444ac102ff9ad3a6399a47c967d138e181330dd226eac68886d35fee4ad455932b9306a367bee3478095158e41ba67fb46deb8f0a33512046b9b83bae37c610  irssi-1.2.2.tar.xz"
-- 
cgit v1.2.3-60-g2f50


From bfc686181b6c0eaab1750e53c7597518d226941d Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 29 Aug 2019 13:08:34 -0500
Subject: user/libvorbis: new patch for CVE-2018-10392 (#157)

Also, use upstream patch for CVE-2017-14160
---
 user/libvorbis/APKBUILD                            | 17 ++++---
 user/libvorbis/CVE-2017-14160-and-2018-10393.patch | 27 ++++++++++
 user/libvorbis/CVE-2017-14160.patch                | 58 ----------------------
 user/libvorbis/CVE-2018-10392.patch                | 25 ++++++++++
 4 files changed, 62 insertions(+), 65 deletions(-)
 create mode 100644 user/libvorbis/CVE-2017-14160-and-2018-10393.patch
 delete mode 100644 user/libvorbis/CVE-2017-14160.patch
 create mode 100644 user/libvorbis/CVE-2018-10392.patch

(limited to 'user')

diff --git a/user/libvorbis/APKBUILD b/user/libvorbis/APKBUILD
index 2b5b41f4c..73520bf56 100644
--- a/user/libvorbis/APKBUILD
+++ b/user/libvorbis/APKBUILD
@@ -10,18 +10,21 @@ license="BSD-3-Clause"
 subpackages="$pkgname-dev $pkgname-doc"
 makedepends="libogg-dev"
 source="https://downloads.xiph.org/releases/vorbis/$pkgname-$pkgver.tar.xz
-	CVE-2017-14160.patch
+	CVE-2017-14160-and-2018-10393.patch
+	CVE-2018-10392.patch
 	"
 
 # secfixes:
+#   1.3.6-r1:
+#     - CVE-2018-10392
 #   1.3.5-r4:
-#   - CVE-2017-14632
-#   - CVE-2017-14633
+#     - CVE-2017-14632
+#     - CVE-2017-14633
 #   1.3.5-r3:
-#   - CVE-2017-14160
+#     - CVE-2017-14160
+#     - CVE-2018-10393
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -33,9 +36,9 @@ build() {
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
 sha512sums="a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132  libvorbis-1.3.6.tar.xz
-4c2f7be947f2159ae47175cba89950c7b7d357b37a20d54382e4fbecd8c268b148e6cb86cb148945c7b68bbe8b14f466e910b35b80903ab51f1b02cfccf5806e  CVE-2017-14160.patch"
+332081da5dd8fb28ee70dfbc123e7fcef279317ee977be9da97e97a105e788da452c33097bf597f369fea0e49749f876a93d6af0fa2fa20405acbc57771c89a9  CVE-2017-14160-and-2018-10393.patch
+294de5e0c40b64d495df7f53196260be5ffaba11c75fc4a1a54ec0c058eeba4793c1ef685c8cf866195a2972c91a7a896df5f05f478b7f25a564abb3f82f331f  CVE-2018-10392.patch"
diff --git a/user/libvorbis/CVE-2017-14160-and-2018-10393.patch b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch
new file mode 100644
index 000000000..3a7097ec7
--- /dev/null
+++ b/user/libvorbis/CVE-2017-14160-and-2018-10393.patch
@@ -0,0 +1,27 @@
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
++    if( lo>=0 ) break;
++    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
+-- 
+2.22.0
+
diff --git a/user/libvorbis/CVE-2017-14160.patch b/user/libvorbis/CVE-2017-14160.patch
deleted file mode 100644
index 9ad9d18f7..000000000
--- a/user/libvorbis/CVE-2017-14160.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 98a60969315dba8c1e8231f561e1551670bc80ae Mon Sep 17 00:00:00 2001
-Message-Id: <98a60969315dba8c1e8231f561e1551670bc80ae.1511192857.git.agx@sigxcpu.org>
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
-Date: Wed, 15 Nov 2017 13:12:00 +0100
-Subject: [PATCH] CVE-2017-14160: make sure we don't overflow
-
----
- lib/psy.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1e..8bbf6cf3 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -599,7 +599,7 @@ static void bark_noise_hybridmp(int n,const long *b,
-     XY[i] = tXY;
-   }
- 
--  for (i = 0, x = 0.f;; i++, x += 1.f) {
-+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
- 
-     lo = b[i] >> 16;
-     if( lo>=0 ) break;
-@@ -621,12 +621,11 @@ static void bark_noise_hybridmp(int n,const long *b,
-     noise[i] = R - offset;
-   }
- 
--  for ( ;; i++, x += 1.f) {
-+  for ( ; i < n; i++, x += 1.f) {
- 
-     lo = b[i] >> 16;
-     hi = b[i] & 0xffff;
-     if(hi>=n)break;
--
-     tN = N[hi] - N[lo];
-     tX = X[hi] - X[lo];
-     tXX = XX[hi] - XX[lo];
-@@ -651,7 +650,7 @@ static void bark_noise_hybridmp(int n,const long *b,
- 
-   if (fixed <= 0) return;
- 
--  for (i = 0, x = 0.f;; i++, x += 1.f) {
-+  for (i = 0, x = 0.f; i < n; i++, x += 1.f) {
-     hi = i + fixed / 2;
-     lo = hi - fixed;
-     if(lo>=0)break;
-@@ -670,7 +669,7 @@ static void bark_noise_hybridmp(int n,const long *b,
- 
-     if (R - offset < noise[i]) noise[i] = R - offset;
-   }
--  for ( ;; i++, x += 1.f) {
-+  for ( ; i < n; i++, x += 1.f) {
- 
-     hi = i + fixed / 2;
-     lo = hi - fixed;
--- 
-2.15.0
-
diff --git a/user/libvorbis/CVE-2018-10392.patch b/user/libvorbis/CVE-2018-10392.patch
new file mode 100644
index 000000000..a12038a94
--- /dev/null
+++ b/user/libvorbis/CVE-2018-10392.patch
@@ -0,0 +1,25 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
++  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+-- 
+2.22.0
+
-- 
cgit v1.2.3-60-g2f50


From 75224126165d3ed2a97b0773c4e5558e85244c9c Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Thu, 29 Aug 2019 13:19:27 -0500
Subject: user/pango: patch for CVE-2019-1010238 (#133)

---
 user/pango/APKBUILD               | 14 +++++++++-----
 user/pango/CVE-2019-1010238.patch | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 5 deletions(-)
 create mode 100644 user/pango/CVE-2019-1010238.patch

(limited to 'user')

diff --git a/user/pango/APKBUILD b/user/pango/APKBUILD
index aff854dc0..c26726d5d 100644
--- a/user/pango/APKBUILD
+++ b/user/pango/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: 
 pkgname=pango
 pkgver=1.42.4
-pkgrel=0
+pkgrel=1
 pkgdesc="Library for laying out and rendering text"
 url="https://www.pango.org/"
 arch="all"
@@ -12,10 +12,14 @@ makedepends="$depends_dev cairo-dev expat-dev fontconfig-dev freetype-dev
 	fribidi-dev glib-dev gobject-introspection-dev harfbuzz-dev libxft-dev"
 install="$pkgname.pre-deinstall"
 triggers="$pkgname.trigger=/usr/lib/pango/*/modules"
-source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz"
+source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz
+	CVE-2019-1010238.patch"
+
+# secfixes:
+#   1.42.4-r1:
+#     - CVE-2019-1010238
 
 build () {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -26,9 +30,9 @@ build () {
 }
 
 package() {
-	cd "$builddir"
 	mkdir -p "$pkgdir"/etc/pango
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc  pango-1.42.4.tar.xz"
+sha512sums="993e97f647eba0c5ed90bcfcb8228bf67fa3f20b1f4331e4e40a30788d7c3ac55eee1209471bf21df125cb8fc6121acc8062a9da2f8a7d6cbe8e9ad13a9320dc  pango-1.42.4.tar.xz
+d11af8e56c59286f998d136d795d9ed22bea96b7dfaf4e02fe294ab0b147606ecb43ddfbd8caaa0eee1ee27b5a2f5c5a6f6f7a0b3193750649cf6b121cb6de50  CVE-2019-1010238.patch"
diff --git a/user/pango/CVE-2019-1010238.patch b/user/pango/CVE-2019-1010238.patch
new file mode 100644
index 000000000..cc65b3d53
--- /dev/null
+++ b/user/pango/CVE-2019-1010238.patch
@@ -0,0 +1,34 @@
+From 490f8979a260c16b1df055eab386345da18a2d54 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Wed, 10 Jul 2019 20:26:23 -0400
+Subject: [PATCH] bidi: Be safer against bad input
+
+Don't run off the end of an array that we
+allocated to certain length.
+
+Closes: https://gitlab.gnome.org/GNOME/pango/issues/342
+---
+ pango/pango-bidi-type.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/pango/pango-bidi-type.c b/pango/pango-bidi-type.c
+index 3e46b66c..5c02dbbb 100644
+--- a/pango/pango-bidi-type.c
++++ b/pango/pango-bidi-type.c
+@@ -181,8 +181,11 @@ pango_log2vis_get_embedding_levels (const gchar    *text,
+   for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), i++)
+     {
+       gunichar ch = g_utf8_get_char (p);
+-      FriBidiCharType char_type;
+-      char_type = fribidi_get_bidi_type (ch);
++      FriBidiCharType char_type = fribidi_get_bidi_type (ch);
++
++      if (i == n_chars)
++        break;
++
+       bidi_types[i] = char_type;
+       ored_types |= char_type;
+       if (FRIBIDI_IS_STRONG (char_type))
+-- 
+2.22.0
+
-- 
cgit v1.2.3-60-g2f50


From f0e2ba862dba46fc1243a15da47fab1ae3e9b7d6 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 2 Sep 2019 19:01:18 -0500
Subject: user/mpg123: bump to 1.25.12

This update fixes an out-of-bounds read and an invalid write. For more
information, see http://www.mpg123.de/cgi-bin/news.cgi#2019-08-24
---
 user/mpg123/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user')

diff --git a/user/mpg123/APKBUILD b/user/mpg123/APKBUILD
index 6948916b2..e21981859 100644
--- a/user/mpg123/APKBUILD
+++ b/user/mpg123/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=mpg123
-pkgver=1.25.11
+pkgver=1.25.12
 pkgrel=0
 pkgdesc="Real time MPEG Audio player for Layers 1, 2 and 3"
 url="https://www.mpg123.org/"
@@ -32,4 +32,4 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="986338d0f4829ec9e40990cb384746c7abfa80d3b3d5656b6dda73d03e2441c1f28ffbe7f3f82b0008a1c4ebcfa07aeffb493e95f13f7d04cbc818a09f1008ed  mpg123-1.25.11.tar.bz2"
+sha512sums="fa3c719c68dbe45b265fd7677d0932b07f6a14e7ffe365ede965ff1637e655c4b57c86f7e4cd60cace7df5fcc93d48e0d44f082931394b7c6ef19f5d11638eff  mpg123-1.25.12.tar.bz2"
-- 
cgit v1.2.3-60-g2f50


From 03ef76f450eda2661dff1b65f8dcd4b19b8bbfab Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 2 Sep 2019 19:16:27 -0500
Subject: user/vlc: [CVE] bump to 3.0.8 (#182)

---
 user/vlc/APKBUILD | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'user')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index 2dc82dde6..3da8680d2 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=vlc
-pkgver=3.0.7.1
-pkgrel=2
+pkgver=3.0.8
+pkgrel=0
 pkgdesc="Multi-platform MPEG, VCD/DVD, and DivX player"
 triggers="vlc-libs.trigger=/usr/lib/vlc/plugins"
 pkgusers="vlc"
@@ -11,7 +11,7 @@ pkggroups="vlc"
 url="https://www.videolan.org/vlc/"
 arch="all"
 license="GPL-2.0+"
-options="!checkroot textrel"
+options="textrel"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-qt $pkgname-pulse
 	$pkgname-daemon::noarch $pkgname-libs $pkgname-lang"
 depends="ttf-dejavu xdg-utils"
@@ -43,12 +43,25 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz
 	omxil-rpi-codecs.patch
 	tar-compat.patch
 	test-s390x.patch
-	vlc-libs.trigger
 	"
 
 # secfixes: vlc_media_player
 #   3.0.4-r2:
 #     - CVE-2018-19857
+#   3.0.8-r0:
+#     - CVE-2019-13602
+#     - CVE-2019-13615
+#     - CVE-2019-13962
+#     - CVE-2019-14437
+#     - CVE-2019-14438
+#     - CVE-2019-14498
+#     - CVE-2019-14533
+#     - CVE-2019-14534
+#     - CVE-2019-14535
+#     - CVE-2019-14776
+#     - CVE-2019-14777
+#     - CVE-2019-14778
+#     - CVE-2019-14970
 
 prepare() {
 	default_prepare
@@ -57,7 +70,6 @@ prepare() {
 
 build() {
 	local _arch_opts=
-	cd "$builddir"
 	export CFLAGS="$CFLAGS -D_GNU_SOURCE"
 
 	case "$CARCH" in
@@ -127,7 +139,6 @@ build() {
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 	# delete cache as it's autocreated by trigger
 	rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat
@@ -137,7 +148,6 @@ package() {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
@@ -150,7 +160,7 @@ _mv() {
 pulse() {
 	pkgdesc="PulseAudio support for VLC"
 	depends=""
-	install_if="vlc pulseaudio"
+	install_if="vlc=$pkgver-r$pkgrel pulseaudio"
 	mkdir -p "$subpkgdir"/usr/lib/vlc
 	mv "$pkgdir"/usr/lib/vlc/libvlc_pulse* "$subpkgdir"/usr/lib/vlc/
 }
@@ -192,7 +202,7 @@ libs() {
 	default_libs
 }
 
-sha512sums="6b99ae0564630a7a7ca9187c3bb954c601e384522ce93460b73f2dbf31787ce5828daca9f31c781b97db77872d76b6a3e871ff3401d70f1b5829fee7c4e847fd  vlc-3.0.7.1.tar.xz
+sha512sums="5ade0b350e98fd6fa90035bffabda96f0addb3844a7c0a242b4db1cab6a746e1adb1d713ddcb48ae51a7d1736090f096f5d3b0637a9f958ccf4fcf27e838cf70  vlc-3.0.8.tar.xz
 22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa  check-headless.patch
 e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0  disable-sub-autodetect-fuzzy-1-test.patch
 e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd4630948e30c4329d27bd928f95de20fe1050d5e839778a4d012  endian-fix.patch
@@ -200,5 +210,4 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463
 35f83e38a6a0dd1e3c37e3dc6d63b1406d2f9454ed246854c1408d6f35ad74b743c5b0dbc19442bab65aad4268707ffa85bfda9e72b2d711c1d3412d955bf150  lua.patch
 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
 a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
-c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
-34d899b8b88de2058a8d64ce316389bd3437c0bbcd64a925eec4975adf2bc306a3a8d2e322bad5e3a18b5a28cbb5bf6705d8849dee655daf7e5a4bb007fe07e0  vlc-libs.trigger"
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch"
-- 
cgit v1.2.3-60-g2f50


From 9131a5fae6a17355286ebd41b37756dd2870464c Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Fri, 13 Sep 2019 14:08:26 -0500
Subject: user/links: [NO CVE] bump to 2.20.1

This update fixes a DNS leak when using tor. For more information,
consult the changelog: http://links.twibright.com/download/ChangeLo
---
 user/links/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user')

diff --git a/user/links/APKBUILD b/user/links/APKBUILD
index b3ade3cb2..5761ea7be 100644
--- a/user/links/APKBUILD
+++ b/user/links/APKBUILD
@@ -1,6 +1,6 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=links
-pkgver=2.19
+pkgver=2.20.1
 pkgrel=0
 pkgdesc="Text Web browser, similar to Lynx"
 url="http://links.twibright.com/"
@@ -28,4 +28,4 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="8716cea6feb5a02b59d7e2dd5bfd0af9b2ac2a4427c0f98a3c8a8eaabca31e7a96c16888c0de19976749485b3cdbf75cbff88a37cd3b58700c1f090acec328ea  links-2.19.tar.bz2"
+sha512sums="c7258e303a2012e9016385abd1e8882ffec47dd3baf479a54448742e41b03508d874387af6ea97c7ef9c4d37f2eecbe7bc0121d923df79b0f455f4f466747ca2  links-2.20.1.tar.bz2"
-- 
cgit v1.2.3-60-g2f50


From b38e3feeab3ad2e4aa95d1b5a1cd5863185280c0 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 17 Sep 2019 14:15:45 -0500
Subject: user/wpa_supplicant: patch CVE-2019-16275

---
 user/wpa_supplicant/APKBUILD             |  6 ++-
 user/wpa_supplicant/CVE-2019-16275.patch | 73 ++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 user/wpa_supplicant/CVE-2019-16275.patch

(limited to 'user')

diff --git a/user/wpa_supplicant/APKBUILD b/user/wpa_supplicant/APKBUILD
index 5d1a35b4e..dbd22b8c7 100644
--- a/user/wpa_supplicant/APKBUILD
+++ b/user/wpa_supplicant/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=wpa_supplicant
 pkgver=2.9
-pkgrel=0
+pkgrel=1
 pkgdesc="Utility providing key negotiation for WPA wireless networks"
 url="https://w1.fi/wpa_supplicant/"
 arch="all"
@@ -17,6 +17,7 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz
 	wpa_supplicant.conf
 	dbus.patch
 	eloop.patch
+	CVE-2019-16275.patch
 
 	config
 	wpa_cli.sh"
@@ -32,6 +33,8 @@ source="https://w1.fi/releases/$pkgname-$pkgver.tar.gz
 #     - CVE-2017-13086
 #     - CVE-2017-13087
 #     - CVE-2017-13088
+#   2.9-r1:
+#     - CVE-2019-16275
 
 prepare() {
 	default_prepare
@@ -104,5 +107,6 @@ sha512sums="37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd
 f8b224b6c5a8adf378d8224beb49f2a99817d303f7e6a724943ecb3313ae85ce0fdd8291a20c95563470681ebf5d991ffa31094b9171e470e9690b38bba25738  wpa_supplicant.conf
 dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed  dbus.patch
 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232  eloop.patch
+63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38  CVE-2019-16275.patch
 221660fa0350442a7d8371686b2118861052a4613fb352b7f80079e3750b82f4e48efc378b9d617455007d1106552b695fdca506a3c338283986641f3848b202  config
 45d3e70c47d0f7d6dc6730853af8cbcb40ed0713ee7b1069698f5a635939f273f66e72d4221e064c3c71a92154cf07841c8c0d4fc14d796dbb6fe0d92776ee2b  wpa_cli.sh"
diff --git a/user/wpa_supplicant/CVE-2019-16275.patch b/user/wpa_supplicant/CVE-2019-16275.patch
new file mode 100644
index 000000000..d764a9db0
--- /dev/null
+++ b/user/wpa_supplicant/CVE-2019-16275.patch
@@ -0,0 +1,73 @@
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1
+
-- 
cgit v1.2.3-60-g2f50


From eb78aceece24112442a5bccc7ec52e99c0343a07 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 17 Sep 2019 14:39:56 -0500
Subject: user/faad2: 2.8.8-r2 no longer exists

---
 user/faad2/APKBUILD | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'user')

diff --git a/user/faad2/APKBUILD b/user/faad2/APKBUILD
index 6b1fc47b1..970d16f7e 100644
--- a/user/faad2/APKBUILD
+++ b/user/faad2/APKBUILD
@@ -18,21 +18,20 @@ builddir="$srcdir/$pkgname-$_pkgver"
 #   2.8.8-r1:
 #     - CVE-2018-19502
 #     - CVE-2019-15296
-#   2.8.8-r2:
-#     - CVE-2019-6956
-#     - CVE-2018-20196
-#     - CVE-2018-20199
-#     - CVE-2018-20360
 #   2.9.0-r0:
+#     - CVE-2019-6956
 #     - CVE-2018-19503
 #     - CVE-2018-19504
 #     - CVE-2018-20194
 #     - CVE-2018-20195
+#     - CVE-2018-20196
 #     - CVE-2018-20197
 #     - CVE-2018-20198
+#     - CVE-2018-20199
 #     - CVE-2018-20357
 #     - CVE-2018-20358
 #     - CVE-2018-20359
+#     - CVE-2018-20360
 #     - CVE-2018-20361
 #     - CVE-2018-20362
 
-- 
cgit v1.2.3-60-g2f50


From f6242ae2f1469ee2f390a4da8e686b0374048698 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 17 Sep 2019 16:02:23 -0500
Subject: user/opencv: patch CVE-2019-16249

---
 user/opencv/APKBUILD             | 10 +++++--
 user/opencv/CVE-2019-16249.patch | 57 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+), 2 deletions(-)
 create mode 100644 user/opencv/CVE-2019-16249.patch

(limited to 'user')

diff --git a/user/opencv/APKBUILD b/user/opencv/APKBUILD
index 76403ac60..a8a38c149 100644
--- a/user/opencv/APKBUILD
+++ b/user/opencv/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer:
 pkgname=opencv
 pkgver=4.1.1
-pkgrel=0
+pkgrel=1
 pkgdesc="Computer vision and machine learning software library"
 url="https://opencv.org"
 arch="all"
@@ -15,8 +15,13 @@ makedepends="cmake doxygen ffmpeg-dev gst-plugins-base-dev gtk+2.0-dev
 subpackages="$pkgname-dev $pkgname-libs"
 source="opencv-$pkgver.tar.gz::https://github.com/opencv/opencv/archive/$pkgver.tar.gz
 	cmake-license.patch
+	CVE-2019-16249.patch
 	"
 
+# secfixes:
+#   4.1.1-r1:
+#     - CVE-2019-16249
+
 prepare() {
 	default_prepare
 	# purge 3rd party except carotene
@@ -61,4 +66,5 @@ package() {
 }
 
 sha512sums="80fa48d992ca06a2a4ab6740df6d8c21f4926165486b393969da2c5bbe2f3a0b799fb76dee5e3654e90c743e49bbd2b5b02ad59a4766896bbf4cd5b4e3251e0f  opencv-4.1.1.tar.gz
-ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6  cmake-license.patch"
+ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6  cmake-license.patch
+39f2f9abb1051220d6b842e9337c3636ee229781c7efcc92e987dae47ac82072dc95568e6a766e01329ee61c0a3be4efdd82aa3b56c011b44e175444d81c134d  CVE-2019-16249.patch"
diff --git a/user/opencv/CVE-2019-16249.patch b/user/opencv/CVE-2019-16249.patch
new file mode 100644
index 000000000..a7f0027ac
--- /dev/null
+++ b/user/opencv/CVE-2019-16249.patch
@@ -0,0 +1,57 @@
+From cd7fa04985b10db5e66de542725d0da57f0d10b6 Mon Sep 17 00:00:00 2001
+From: Vitaly Tuzov <terfendail@mediana.jetos.com>
+Date: Tue, 17 Sep 2019 15:53:18 +0300
+Subject: [PATCH] Fixed out of bound reading in DIS optical flow evaluation
+ implementation
+
+---
+ modules/video/src/dis_flow.cpp | 18 +++++-------------
+ 1 file changed, 5 insertions(+), 13 deletions(-)
+
+diff --git a/modules/video/src/dis_flow.cpp b/modules/video/src/dis_flow.cpp
+index 85400c71ca7..a260b8726bb 100644
+--- a/modules/video/src/dis_flow.cpp
++++ b/modules/video/src/dis_flow.cpp
+@@ -494,7 +494,6 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp
+     v_float32x4 w10v = v_setall_f32(w10);                                                                              \
+     v_float32x4 w11v = v_setall_f32(w11);                                                                              \
+                                                                                                                        \
+-    v_uint8x16 I0_row_16, I1_row_16, I1_row_shifted_16, I1_row_next_16, I1_row_next_shifted_16;                        \
+     v_uint16x8 I0_row_8, I1_row_8, I1_row_shifted_8, I1_row_next_8, I1_row_next_shifted_8, tmp;                        \
+     v_uint32x4 I0_row_4_left, I1_row_4_left, I1_row_shifted_4_left, I1_row_next_4_left, I1_row_next_shifted_4_left;    \
+     v_uint32x4 I0_row_4_right, I1_row_4_right, I1_row_shifted_4_right, I1_row_next_4_right,                            \
+@@ -502,29 +501,22 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp
+     v_float32x4 I_diff_left, I_diff_right;                                                                             \
+                                                                                                                        \
+     /* Preload and expand the first row of I1: */                                                                      \
+-    I1_row_16 = v_load(I1_ptr);                                                                                        \
+-    I1_row_shifted_16 = v_extract<1>(I1_row_16, I1_row_16);                                                            \
+-    v_expand(I1_row_16, I1_row_8, tmp);                                                                                \
+-    v_expand(I1_row_shifted_16, I1_row_shifted_8, tmp);                                                                \
++    I1_row_8 = v_load_expand(I1_ptr);                                                                                  \
++    I1_row_shifted_8 = v_load_expand(I1_ptr + 1);                                                                      \
+     v_expand(I1_row_8, I1_row_4_left, I1_row_4_right);                                                                 \
+     v_expand(I1_row_shifted_8, I1_row_shifted_4_left, I1_row_shifted_4_right);                                         \
+     I1_ptr += I1_stride;
+ 
+ #define HAL_PROCESS_BILINEAR_8x8_PATCH_EXTRACTION                                                                      \
+     /* Load the next row of I1: */                                                                                     \
+-    I1_row_next_16 = v_load(I1_ptr);                                                                                   \
+-    /* Circular shift left by 1 element: */                                                                            \
+-    I1_row_next_shifted_16 = v_extract<1>(I1_row_next_16, I1_row_next_16);                                             \
+-    /* Expand to 8 ushorts (we only need the first 8 values): */                                                       \
+-    v_expand(I1_row_next_16, I1_row_next_8, tmp);                                                                      \
+-    v_expand(I1_row_next_shifted_16, I1_row_next_shifted_8, tmp);                                                      \
++    I1_row_next_8 = v_load_expand(I1_ptr);                                                                             \
++    I1_row_next_shifted_8 = v_load_expand(I1_ptr + 1);                                                                 \
+     /* Separate the left and right halves: */                                                                          \
+     v_expand(I1_row_next_8, I1_row_next_4_left, I1_row_next_4_right);                                                  \
+     v_expand(I1_row_next_shifted_8, I1_row_next_shifted_4_left, I1_row_next_shifted_4_right);                          \
+                                                                                                                        \
+     /* Load current row of I0: */                                                                                      \
+-    I0_row_16 = v_load(I0_ptr);                                                                                        \
+-    v_expand(I0_row_16, I0_row_8, tmp);                                                                                \
++    I0_row_8 = v_load_expand(I0_ptr);                                                                                  \
+     v_expand(I0_row_8, I0_row_4_left, I0_row_4_right);                                                                 \
+                                                                                                                        \
+     /* Compute diffs between I0 and bilinearly interpolated I1: */                                                     \
-- 
cgit v1.2.3-60-g2f50


From f5e2b019160afc329b746f9c6a890934e480611e Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 23 Sep 2019 06:11:32 -0500
Subject: user/vlc: fix initd / confd install

---
 user/vlc/APKBUILD | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'user')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index 3da8680d2..e2a1dbf2a 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -189,8 +189,8 @@ daemon() {
 
 	mkdir -p "$subpkgdir"
 	cd "$pkgdir"
-	install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc
-	install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc
+	install -D -m755 "$srcdir"/vlc.initd "$subpkgdir"/etc/init.d/vlc
+	install -D -m664 "$srcdir"/vlc.confd "$subpkgdir"/etc/conf.d/vlc
 	install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc
 }
 
-- 
cgit v1.2.3-60-g2f50


From b0e0d5808b32e66e12d096a66854b7bc65d418f9 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Mon, 23 Sep 2019 06:29:38 -0500
Subject: user/vlc: no, really, I mean it this time :TM:

---
 user/vlc/APKBUILD | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'user')

diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
index e2a1dbf2a..6c9a23c97 100644
--- a/user/vlc/APKBUILD
+++ b/user/vlc/APKBUILD
@@ -43,6 +43,9 @@ source="https://get.videolan.org/vlc/$pkgver/vlc-$pkgver.tar.xz
 	omxil-rpi-codecs.patch
 	tar-compat.patch
 	test-s390x.patch
+
+	$pkgname.initd
+	$pkgname.confd
 	"
 
 # secfixes: vlc_media_player
@@ -210,4 +213,6 @@ e063c727d952465bbea33f669db49190427521dc8e2291e9a5cbb0f5e8e879bd3ba76855e44bd463
 35f83e38a6a0dd1e3c37e3dc6d63b1406d2f9454ed246854c1408d6f35ad74b743c5b0dbc19442bab65aad4268707ffa85bfda9e72b2d711c1d3412d955bf150  lua.patch
 e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
 a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
-c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch"
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
+55e245190b443dde9c7215ea5210612fcca164900a9a4b025ccf0d1e3fc5206d00b52355b256974421e37c609875627f1db19f0f5a084511aec0daf677ecc9d6  vlc.initd
+d89190dca1b8b2c3faca5863dc6c7e6eb24e05178e6f75ed752fd3c6a73cb8a42d2625b6e56453296b7096ea868be642ecd42745dac20e7f13fc67dd3c3c7c49  vlc.confd"
-- 
cgit v1.2.3-60-g2f50


From 9d975a16f6054ccfa09bcd932da9f18eff7d37d1 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Tue, 24 Sep 2019 17:04:51 -0500
Subject: user/djvulibre: patch multiple CVEs (#185)

---
 user/djvulibre/APKBUILD             |  25 ++++++--
 user/djvulibre/CVE-2019-15142.patch |  94 +++++++++++++++++++++++++++++
 user/djvulibre/CVE-2019-15143.patch |  46 ++++++++++++++
 user/djvulibre/CVE-2019-15144.patch | 117 ++++++++++++++++++++++++++++++++++++
 user/djvulibre/CVE-2019-15145.patch |  34 +++++++++++
 5 files changed, 310 insertions(+), 6 deletions(-)
 create mode 100644 user/djvulibre/CVE-2019-15142.patch
 create mode 100644 user/djvulibre/CVE-2019-15143.patch
 create mode 100644 user/djvulibre/CVE-2019-15144.patch
 create mode 100644 user/djvulibre/CVE-2019-15145.patch

(limited to 'user')

diff --git a/user/djvulibre/APKBUILD b/user/djvulibre/APKBUILD
index a90485e6a..2b4a3ed0e 100644
--- a/user/djvulibre/APKBUILD
+++ b/user/djvulibre/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=djvulibre
 pkgver=3.5.27
-pkgrel=0
+pkgrel=1
 pkgdesc="Format for distributing documents and images"
 url="http://djvu.sourceforge.net/"
 arch="all"
@@ -11,10 +11,20 @@ depends=""
 depends_dev=""
 makedepends="$depends_dev imagemagick libjpeg-turbo-dev tiff-dev"
 subpackages="$pkgname-dev $pkgname-doc"
-source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz"
+source="https://downloads.sourceforge.net/djvu/djvulibre-$pkgver.tar.gz
+	CVE-2019-15142.patch
+	CVE-2019-15143.patch
+	CVE-2019-15144.patch
+	CVE-2019-15145.patch"
+
+# secfixes:
+#   3.5.27-r1:
+#     - CVE-2019-15142
+#     - CVE-2019-15143
+#     - CVE-2019-15144
+#     - CVE-2019-15145
 
 build() {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -26,13 +36,16 @@ build() {
 }
 
 check() {
-	cd "$builddir"
+	# This doesn't actually do anything yet
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee  djvulibre-3.5.27.tar.gz"
+sha512sums="62abcaa2fe7edab536477929ba38b882453dab1a06e119a3f838b38d5c61f5d8c252e4769e6534582b826e49bcfb490513179580fab9c3afa84aa92053ccebee  djvulibre-3.5.27.tar.gz
+d9e4301fb98a35b8c2f1854eb4be53611f98b3fc9fdd357dd5502b5b189bdf61957a48b220f3ab7465bbf1df8606ce04513e10df74643a9e289c349f94721561  CVE-2019-15142.patch
+3527e1c84f7c7d36f902cb3d7e9ddb6866acbdd4b47675ce3ffd164accf2e2931a4c6bbaae2ea775b4710d88ae34dd4dcd39a5846fce13bef2c82a99d608b8c1  CVE-2019-15143.patch
+f8f1abf328a97d69514b2626e4c6449c0c7b7e2b5518d56bba6a61a944aaf4b7fffd1371c26396353728f6a1399c6d87492af5c17e6b623dae7751b81eac11f9  CVE-2019-15144.patch
+790ef1e05874635c762600c990ecbd3e29e2eb01c59e25a0f8b2a15dbadbd3673d9dbb651d9dcb53fd3e5f4cb6bded47c3eefaaef8b4ccac39bd28f8bbec2068  CVE-2019-15145.patch"
diff --git a/user/djvulibre/CVE-2019-15142.patch b/user/djvulibre/CVE-2019-15142.patch
new file mode 100644
index 000000000..84ed64e24
--- /dev/null
+++ b/user/djvulibre/CVE-2019-15142.patch
@@ -0,0 +1,94 @@
+Lifted from SUSE: backport of two upstream commits
+
+https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e
+https://sourceforge.net/p/djvu/djvulibre-git/ci/89d71b01d606e57ecec2c2930c145bb20ba5bbe3
+https://bugzilla.suse.com/show_bug.cgi?id=1146702#c3
+https://build.opensuse.org/package/view_file/graphics/djvulibre/djvulibre-CVE-2019-15142.patch
+
+Index: djvulibre-3.5.27/libdjvu/DjVmDir.cpp
+===================================================================
+--- djvulibre-3.5.27.orig/libdjvu/DjVmDir.cpp 2014-07-08 23:15:07.000000000 +0200
++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp 2019-09-02 13:46:28.076374501 +0200
+@@ -300,36 +300,44 @@ DjVmDir::decode(const GP<ByteStream> &gs
+          memcpy((char*) strings+strings_size, buffer, length);
+       }
+       DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
+-   
+-         // Copy names into the files
++      int strings_size=strings.size();
++      strings.resize(strings_size+3);
++      memset((char*) strings+strings_size, 0, 4);
++      
++      // Copy names into the files
+       const char * ptr=strings;
+       for(pos=files_list;pos;++pos)
+       {
+          GP<File> file=files_list[pos];
+-
++         if (ptr >= (const char*)strings + strings_size)
++           G_THROW( "DjVu document is corrupted (DjVmDir)" );
+          file->id=ptr;
+          ptr+=file->id.length()+1;
+          if (file->flags & File::HAS_NAME)
+          {
+-            file->name=ptr;
+-            ptr+=file->name.length()+1;
+-         } else
++           file->name=ptr;
++           ptr+=file->name.length()+1;
++         }
++         else
+          {
+             file->name=file->id;
+          }
+          if (file->flags & File::HAS_TITLE)
+          {
+-            file->title=ptr;
+-       ptr+=file->title.length()+1;
+-         } else
+-       file->title=file->id;
+-   /* msr debug:  multipage file, file->title is null.  
++           file->title=ptr;
++           ptr+=file->title.length()+1;
++         }
++         else
++         {
++           file->title=file->id;
++         }
++         /* msr debug:  multipage file, file->title is null.  
+          DEBUG_MSG(file->name << ", " << file->id << ", " << file->title << ", " <<
+                    file->offset << ", " << file->size << ", " <<
+                    file->is_page() << "\n"); */
+       }
+ 
+-         // Check that there is only one file with SHARED_ANNO flag on
++      // Check that there is only one file with SHARED_ANNO flag on
+       int shared_anno_cnt=0;
+       for(pos=files_list;pos;++pos)
+       {
+Index: djvulibre-3.5.27/libdjvu/miniexp.cpp
+===================================================================
+--- djvulibre-3.5.27.orig/libdjvu/miniexp.cpp 2015-02-11 05:35:37.000000000 +0100
++++ djvulibre-3.5.27/libdjvu/miniexp.cpp 2019-09-02 13:46:28.072374476 +0200
+@@ -1028,7 +1028,7 @@ print_c_string(const char *s, char *d, i
+     {
+       if (char_quoted(c, flags))
+         {
+-          char buffer[10];
++          char buffer[16]; /* 10+1 */
+           static const char *tr1 = "\"\\tnrbf";
+           static const char *tr2 = "\"\\\t\n\r\b\f";
+           buffer[0] = buffer[1] = 0;
+Index: djvulibre-3.5.27/tools/csepdjvu.cpp
+===================================================================
+--- djvulibre-3.5.27.orig/tools/csepdjvu.cpp 2014-07-24 23:12:05.000000000 +0200
++++ djvulibre-3.5.27/tools/csepdjvu.cpp 2019-09-02 13:46:28.072374476 +0200
+@@ -1814,7 +1814,7 @@ main(int argc, const char **argv)
+                 ByteStream::create(GURL::Filename::UTF8(arg),"rb");
+               BufferByteStream ibs(*fbs);
+               do {
+-                char pagename[16];
++                char pagename[20];
+                 sprintf(pagename, "p%04d.djvu", ++pageno);
+                 if (opts.verbose > 1)
+                   DjVuPrintErrorUTF8("%s","--------------------\n");
diff --git a/user/djvulibre/CVE-2019-15143.patch b/user/djvulibre/CVE-2019-15143.patch
new file mode 100644
index 000000000..db04087e1
--- /dev/null
+++ b/user/djvulibre/CVE-2019-15143.patch
@@ -0,0 +1,46 @@
+From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001
+From: Leon Bottou <leon@bottou.org>
+Date: Tue, 26 Mar 2019 20:45:46 -0400
+Subject: [PATCH] fix for bug #297
+
+---
+ libdjvu/DjVmDir.cpp | 2 +-
+ libdjvu/GBitmap.cpp | 6 ++++--
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
+index 0a0fac6..5a49015 100644
+--- a/libdjvu/DjVmDir.cpp
++++ b/libdjvu/DjVmDir.cpp
+@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
+       {
+          GP<File> file=files_list[pos];
+          if (ptr >= (const char*)strings + strings_size)
+-           G_THROW( "DjVu document is corrupted (DjVmDir)" );
++           G_THROW( ByteStream::EndOfFile );
+          file->id=ptr;
+          ptr+=file->id.length()+1;
+          if (file->flags & File::HAS_NAME)
+diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
+index 0e487f0..c2fdbe4 100644
+--- a/libdjvu/GBitmap.cpp
++++ b/libdjvu/GBitmap.cpp
+@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
+   int c = 0;
+   while (n >= 0)
+     {
+-      bs.read(&h, 1);
++      if (bs.read(&h, 1) <= 0)
++        G_THROW( ByteStream::EndOfFile );
+       int x = h;
+       if (x >= (int)RUNOVERFLOWVALUE)
+         {
+-          bs.read(&h, 1);
++          if (bs.read(&h, 1) <= 0)
++            G_THROW( ByteStream::EndOfFile );
+           x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
+         }
+       if (c+x > ncolumns)
+-- 
+2.22.1
+
diff --git a/user/djvulibre/CVE-2019-15144.patch b/user/djvulibre/CVE-2019-15144.patch
new file mode 100644
index 000000000..1b0c71c5f
--- /dev/null
+++ b/user/djvulibre/CVE-2019-15144.patch
@@ -0,0 +1,117 @@
+From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001
+From: Leon Bottou <leon@bottou.org>
+Date: Mon, 8 Apr 2019 22:25:55 -0400
+Subject: [PATCH] bug 299 fixed
+
+---
+ libdjvu/GContainer.h | 87 ++++++++++++++++++++++++--------------------
+ 1 file changed, 48 insertions(+), 39 deletions(-)
+
+diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
+index 96b067c..0140211 100644
+--- a/libdjvu/GContainer.h
++++ b/libdjvu/GContainer.h
+@@ -550,52 +550,61 @@ public:
+ template <class TYPE> void
+ GArrayTemplate<TYPE>::sort(int lo, int hi)
+ {
+-  if (hi <= lo)
+-    return;
+-  if (hi > hibound || lo<lobound)
+-    G_THROW( ERR_MSG("GContainer.illegal_subscript") );
+   TYPE *data = (TYPE*)(*this);
+-  // Test for insertion sort
+-  if (hi <= lo + 50)
++  while(true)
+     {
+-      for (int i=lo+1; i<=hi; i++)
++      if (hi <= lo)
++        return;
++      if (hi > hibound || lo<lobound)
++        G_THROW( ERR_MSG("GContainer.illegal_subscript") );
++      // Test for insertion sort
++      if (hi <= lo + 50)
+         {
+-          int j = i;
+-          TYPE tmp = data[i];
+-          while ((--j>=lo) && !(data[j]<=tmp))
+-            data[j+1] = data[j];
+-          data[j+1] = tmp;
++          for (int i=lo+1; i<=hi; i++)
++            {
++              int j = i;
++              TYPE tmp = data[i];
++              while ((--j>=lo) && !(data[j]<=tmp))
++                data[j+1] = data[j];
++              data[j+1] = tmp;
++            }
++          return;
+         }
+-      return;
+-    }
+-  // -- determine suitable quick-sort pivot
+-  TYPE tmp = data[lo];
+-  TYPE pivot = data[(lo+hi)/2];
+-  if (pivot <= tmp)
+-    { tmp = pivot; pivot=data[lo]; }
+-  if (data[hi] <= tmp)
+-    { pivot = tmp; }
+-  else if (data[hi] <= pivot)
+-    { pivot = data[hi]; }
+-  // -- partition set
+-  int h = hi;
+-  int l = lo;
+-  while (l < h)
+-    {
+-      while (! (pivot <= data[l])) l++;
+-      while (! (data[h] <= pivot)) h--;
+-      if (l < h)
++      // -- determine median-of-three pivot
++      TYPE tmp = data[lo];
++      TYPE pivot = data[(lo+hi)/2];
++      if (pivot <= tmp)
++        { tmp = pivot; pivot=data[lo]; }
++      if (data[hi] <= tmp)
++        { pivot = tmp; }
++      else if (data[hi] <= pivot)
++        { pivot = data[hi]; }
++      // -- partition set
++      int h = hi;
++      int l = lo;
++      while (l < h)
+         {
+-          tmp = data[l];
+-          data[l] = data[h];
+-          data[h] = tmp;
+-          l = l+1;
+-          h = h-1;
++          while (! (pivot <= data[l])) l++;
++          while (! (data[h] <= pivot)) h--;
++          if (l < h)
++            {
++              tmp = data[l];
++              data[l] = data[h];
++              data[h] = tmp;
++              l = l+1;
++              h = h-1;
++            }
++        }
++      // -- recurse, small partition first
++      //    tail-recursion elimination
++      if (h - lo <= hi - l) {
++        sort(lo,h);
++        lo = l; // sort(l,hi)
++      } else {
++        sort(l,hi);
++        hi = h; // sort(lo,h)
+       }
+     }
+-  // -- recursively restart
+-  sort(lo, h);
+-  sort(l, hi);
+ }
+ 
+ template<class TYPE> inline TYPE&
+-- 
+2.22.1
+
diff --git a/user/djvulibre/CVE-2019-15145.patch b/user/djvulibre/CVE-2019-15145.patch
new file mode 100644
index 000000000..2a545cee2
--- /dev/null
+++ b/user/djvulibre/CVE-2019-15145.patch
@@ -0,0 +1,34 @@
+From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001
+From: Leon Bottou <leon@bottou.org>
+Date: Mon, 8 Apr 2019 22:55:38 -0400
+Subject: [PATCH] fix bug #298
+
+---
+ libdjvu/GBitmap.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h
+index e8e0c9b..ca89a19 100644
+--- a/libdjvu/GBitmap.h
++++ b/libdjvu/GBitmap.h
+@@ -566,7 +566,7 @@ GBitmap::operator[](int row)
+ {
+   if (!bytes) 
+     uncompress();
+-  if (row<0 || row>=nrows) {
++  if (row<0 || row>=nrows || !bytes) {
+ #ifndef NDEBUG
+     if (zerosize < bytes_per_row + border)
+       G_THROW( ERR_MSG("GBitmap.zero_small") );
+@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const
+ {
+   if (!bytes) 
+     ((GBitmap*)this)->uncompress();
+-  if (row<0 || row>=nrows) {
++  if (row<0 || row>=nrows || !bytes) {
+ #ifndef NDEBUG
+     if (zerosize < bytes_per_row + border)
+       G_THROW( ERR_MSG("GBitmap.zero_small") );
+-- 
+2.22.1
+
-- 
cgit v1.2.3-60-g2f50