main/apk-tools: security upgrade to 2.10.1

main/apk-tools/0001-list-fix-segmentation-fault-with-virtual-packages.patch

-From 5c4b90dfd48d476b9e7aae2ad6627dd6f03ac557 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
-Date: Fri, 29 Jun 2018 15:39:56 +0200
-Subject: [PATCH] list: fix segmentation fault with virtual packages
-
-Virtual packages have the origin pointer set to NULL. Trying to print it
-using the BLOB_PRINTF macros causes a segmentation fault.
-
-Inspired by the `print_origin_name` function from `src/search.c` this
-commit attempts to fix it by checking whether `pkg->origin` is NULL
-before attempting to print it. If it is NULL the pkg name is printed
-instead.
-
-Since printing the pkg name requires a different format string this
-commit splits the printf call for printing the package line into
-multiple ones. The output format shouldn't have changed at all though.
----
- src/list.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/src/list.c b/src/list.c
-index 14f5fb5..e285e3f 100644
---- a/src/list.c
-+++ b/src/list.c
-@@ -101,9 +101,15 @@ static const struct apk_package *is_upgradable(struct apk_name *name, const stru
- 
- static void print_package(const struct apk_package *pkg, const struct list_ctx *ctx)
- {
--	printf(PKG_VER_FMT " " BLOB_FMT " {" BLOB_FMT "} (" BLOB_FMT ")",
--		PKG_VER_PRINTF(pkg), BLOB_PRINTF(*pkg->arch), BLOB_PRINTF(*pkg->origin),
--		BLOB_PRINTF(*pkg->license));
-+	printf(PKG_VER_FMT " " BLOB_FMT " ",
-+		PKG_VER_PRINTF(pkg), BLOB_PRINTF(*pkg->arch));
-+
-+	if (pkg->origin != NULL)
-+		printf("{" BLOB_FMT "}", BLOB_PRINTF(*pkg->origin));
-+	else
-+		printf("{%s}", pkg->name->name);
-+
-+	printf(" (" BLOB_FMT ")", BLOB_PRINTF(*pkg->license));
- 
- 	if (pkg->ipkg)
- 		printf(" [installed]");
--- 
-2.18.0
-

main/apk-tools/0001-prevent-automatic-repository-index-update-for-apk-de.patch

-From e1a05c74cb8ae6ab41ee960343cc64a0a9af95a5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Wed, 18 Jul 2018 13:28:49 +0300
-Subject: [PATCH] prevent automatic repository index update for 'apk del'
-
-ref #9063
----
- src/apk_database.h | 3 ++-
- src/database.c     | 6 ++++--
- src/del.c          | 2 +-
- 3 files changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/apk_database.h b/src/apk_database.h
-index 19bafcd..2a7cb3b 100644
---- a/src/apk_database.h
-+++ b/src/apk_database.h
-@@ -156,7 +156,7 @@ struct apk_database {
- 	unsigned int pending_triggers;
- 	int performing_self_upgrade : 1;
- 	int permanent : 1;
--	int open_write : 1;
-+	int autoupdate : 1;
- 	int open_complete : 1;
- 	int compat_newfeatures : 1;
- 	int compat_notinstallable : 1;
-@@ -211,6 +211,7 @@ struct apk_db_file *apk_db_file_query(struct apk_database *db,
- #define APK_OPENF_NO_SYS_REPOS		0x0100
- #define APK_OPENF_NO_INSTALLED_REPO	0x0200
- #define APK_OPENF_CACHE_WRITE		0x0400
-+#define APK_OPENF_NO_AUTOUPDATE		0x0800
- 
- #define APK_OPENF_NO_REPOS	(APK_OPENF_NO_SYS_REPOS |	\
- 				 APK_OPENF_NO_INSTALLED_REPO)
-diff --git a/src/database.c b/src/database.c
-index db34ed3..70a1053 100644
---- a/src/database.c
-+++ b/src/database.c
-@@ -1519,7 +1519,9 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
- 		r = -1;
- 		goto ret_r;
- 	}
--	if (dbopts->open_flags & APK_OPENF_WRITE) db->open_write = 1;
-+	if ((dbopts->open_flags & APK_OPENF_WRITE) &&
-+	    !(dbopts->open_flags & APK_OPENF_NO_AUTOUPDATE))
-+		db->autoupdate = 1;
- 	if (!dbopts->cache_dir) dbopts->cache_dir = "etc/apk/cache";
- 
- 	apk_db_setup_repositories(db, dbopts->cache_dir);
-@@ -2266,7 +2268,7 @@ int apk_db_add_repository(apk_database_t _db, apk_blob_t _repository)
- 			r = apk_repo_format_real_url(db, repo, NULL, buf, sizeof(buf));
- 			if (r == 0) apk_message("fetch %s", buf);
- 		} else {
--			if (db->open_write) apk_repository_update(db, repo);
-+			if (db->autoupdate) apk_repository_update(db, repo);
- 			r = apk_repo_format_cache_index(APK_BLOB_BUF(buf), repo);
- 		}
- 	} else {
-diff --git a/src/del.c b/src/del.c
-index d1a6015..8e149ab 100644
---- a/src/del.c
-+++ b/src/del.c
-@@ -161,7 +161,7 @@ static struct apk_applet apk_del = {
- 	.name = "del",
- 	.help = "Remove PACKAGEs from 'world' and uninstall them",
- 	.arguments = "PACKAGE...",
--	.open_flags = APK_OPENF_WRITE,
-+	.open_flags = APK_OPENF_WRITE | APK_OPENF_NO_AUTOUPDATE,
- 	.command_groups = APK_COMMAND_GROUP_INSTALL,
- 	.context_size = sizeof(struct del_ctx),
- 	.optgroups = { &optgroup_global, &optgroup_commit, &optgroup_applet },
--- 
-2.18.0
-

main/apk-tools/0001-prevent-automatic-repository-index-update-with-no-ne.patch

-From 13c534db7755865380bfd930aa384aebc16347e6 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Tue, 21 Aug 2018 12:24:26 +0000
-Subject: [PATCH] prevent automatic repository index update with --no-network
-
-We should not update repository index when --no-network is specified.
-
-ref #9126
----
- src/database.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/database.c b/src/database.c
-index 70a1053..eea7177 100644
---- a/src/database.c
-+++ b/src/database.c
-@@ -1520,7 +1520,8 @@ int apk_db_open(struct apk_database *db, struct apk_db_options *dbopts)
- 		goto ret_r;
- 	}
- 	if ((dbopts->open_flags & APK_OPENF_WRITE) &&
--	    !(dbopts->open_flags & APK_OPENF_NO_AUTOUPDATE))
-+	    !(dbopts->open_flags & APK_OPENF_NO_AUTOUPDATE) &&
-+	    !(apk_flags & APK_NO_NETWORK))
- 		db->autoupdate = 1;
- 	if (!dbopts->cache_dir) dbopts->cache_dir = "etc/apk/cache";
- 
--- 
-2.18.0
-

main/apk-tools/APKBUILD

 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=apk-tools
-pkgver=2.10.0
-pkgrel=3
+pkgver=2.10.1
+pkgrel=0
 pkgdesc="Alpine Package Keeper - package manager for alpine"
 subpackages="$pkgname-static"
 depends=
@@ -13,9 +13,6 @@ if [ "$CBUILD" = "$CHOST" ]; then
 	makedepends="$makedepends lua5.2-dev"
 fi
 source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz
-	0001-list-fix-segmentation-fault-with-virtual-packages.patch
-	0001-prevent-automatic-repository-index-update-for-apk-de.patch
-	0001-prevent-automatic-repository-index-update-with-no-ne.patch
 	"
 
 url="https://git.alpinelinux.org/cgit/apk-tools/"
@@ -85,7 +82,4 @@ luaapk() {
 	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/lib/
 }
 
-sha512sums="96b840fa5fb7342bb5f6ad5c25e837f705299256e168130d6ef5c1940569df3e7dfa50d36128c0f9a76e662c80b342dd92a8270acd82b4eb91093020b599fcc6  apk-tools-2.10.0.tar.xz
-1e83e68b67dd66a0a8ccdbb6ca34ccb7748eff82d032d0d9101b7155a0ff768dc2a849e99387cb9970f0fd9ff5606d08fca9f3bd1a5a561b8b0995d97c69e971  0001-list-fix-segmentation-fault-with-virtual-packages.patch
-8fb88998baa470b4ea498a3f75f19d981e7f41055e472fabf24a2c6ae478aa34f686c43b615b3c492ee4805369a1cbff3ee0a2e81b31257b080845b3d492872d  0001-prevent-automatic-repository-index-update-for-apk-de.patch
-17071687e532b00c9f276bb7e42369ec04231b15d223fd3eb803a51eb5cd4f2611d9c7525d905482a42e9b9fc293274887a411a2bf7520eee0607de2bf7a1268  0001-prevent-automatic-repository-index-update-with-no-ne.patch"
+sha512sums="f994dba20b9ba7ee0ad4cbd9d137f65b814851f348f0d5eb75eb60c7d6a21f88648b472239e14298eaf1348c517de00652432e7f8c8abd54565914c7d49e3cd3  apk-tools-2.10.1.tar.xz"