...
 
Commits (210)
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=alpine-make-rootfs
pkgver=0.3.0
pkgver=0.3.1
pkgrel=0
pkgdesc="Make customized Alpine Linux rootfs (base image) for containers"
url="https://github.com/alpinelinux/alpine-make-rootfs"
......@@ -17,4 +17,4 @@ package() {
make install DESTDIR="$pkgdir" PREFIX=/usr
}
sha512sums="1c595dac5f09f4bd74f16a16f771944972fa466ab22f69c9627d32b6a3edf776aa3133e327ad398ccd91fe0331a9ebeca1aaa220062531cbdbb8927afd2c79f1 alpine-make-rootfs-0.3.0.tar.gz"
sha512sums="7971ac0275e4d2e9bdc3ea29197b40a66e493bf9977249922418f06e1bd9434a62a4ffa0cc637839ae1837f2f8916535977e695cb959288213ce1fee90cc3b44 alpine-make-rootfs-0.3.1.tar.gz"
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=cesnet-tcs-cli
pkgver=0.1.1
pkgver=0.1.3
pkgrel=0
pkgdesc="Client utility for CESNET TCS API"
url="https://github.com/jirutka/cesnet-tcs-cli"
......@@ -16,4 +16,4 @@ package() {
make install DESTDIR="$pkgdir" prefix=/usr
}
sha512sums="21ca4939369237d82083d623be20177056ba01c924c93183f869ad9b97d4162bdaf973976aaa7a61ab80eac58683d959781c723310be1f4fbb941b35870bd4db cesnet-tcs-cli-0.1.1.tar.gz"
sha512sums="296d0302967d74ec7b24964683b64ca52c57027a609c9088c79c5e6472054c831b62376f9e55ff25b2352ab835321afd3d074a612432ade9419cd01d3494c6e5 cesnet-tcs-cli-0.1.3.tar.gz"
......@@ -4,8 +4,8 @@
pkgname=containerd
# NOTE: containerd's Makefile tries to get REVISION from git, but we're building from a tarball.
_commit=85f6aa58b8a3170aec9824568f7a31832878b603
pkgver=1.2.7
_commit=d50db0a42053864a270f648048f9a8b4f24eced3
pkgver=1.2.9
pkgrel=0
pkgdesc="An open and reliable container runtime"
url="https://containerd.io"
......@@ -18,6 +18,10 @@ source="containerd-$pkgver.tar.gz::https://github.com/containerd/containerd/arch
builddir="$srcdir/src/github.com/containerd/containerd"
# secfixes:
# 1.2.9:
# - CVE-2019-9512
# - CVE-2019-9514
# - CVE-2019-9515
# 1.2.6:
# - CVE-2019-9946
......@@ -32,12 +36,10 @@ build() {
}
check() {
cd "$builddir"
./bin/containerd --version
}
package() {
cd "$builddir"
install -d "$pkgdir"/usr/bin/
install -Dsm755 "$builddir"/bin/* "$pkgdir"/usr/bin/
install -d "$pkgdir"/usr/share/man/man1/
......@@ -46,4 +48,4 @@ package() {
install -Dm644 "$builddir"/man/*.5 "$pkgdir"/usr/share/man/man5/
}
sha512sums="b96ca236d28933c1bf309fc7204af7d2c356e19af394d5c2274a178c8f15298faf6ca9bb8e7d04acb7c3c9c41035446643a8df0103017f7ed0320bfc37cb8ca9 containerd-1.2.7.tar.gz"
sha512sums="60c7d08db3796caa8148f242f8386ff530943cef19fe73c72787fd7bbf2420feac06cadd558afc93d2baf168817d679245bf2ac9feb169547286cb312818be85 containerd-1.2.9.tar.gz"
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=docker-compose
pkgver=1.24.0
pkgrel=0
pkgver=1.24.1
pkgrel=1
pkgdesc="Define and run multi-container applications with Docker"
url="https://docs.docker.com/compose/"
arch="noarch"
......@@ -29,25 +29,61 @@ depends="python3
py3-yaml>=3.12
"
checkdepends="py3-pytest py3-nose py3-mock py3-flake8 py3-coverage"
subpackages="
$pkgname-bash-completion:bashcomp:noarch
$pkgname-zsh-completion:zshcomp:noarch
$pkgname-fish-completion:fishcomp:noarch
"
source="docker-compose-$pkgver.tar.gz::https://github.com/docker/compose/archive/$pkgver.tar.gz"
builddir="$srcdir/compose-$pkgver"
build() {
cd "$builddir"
# allow newer version of dependencies
sed -e 's/, < [0-9.]\+//' -i setup.py
python3 setup.py build
}
check() {
cd "$builddir"
# many of the tests fail. need more investigation
python3 setup.py test
}
package() {
cd "$builddir"
python3 setup.py install --prefix=/usr --root="$pkgdir"
install -Dm0644 "$builddir"/contrib/completion/bash/docker-compose \
"$pkgdir"/usr/share/bash-completion/completions/docker-compose
install -Dm0644 "$builddir"/contrib/completion/zsh/_docker-compose \
"$pkgdir"/usr/share/zsh/site-functions/_docker-compose
install -Dm0644 "$builddir"/contrib/completion/fish/docker-compose.fish \
"$pkgdir"/usr/share/fish/completions/docker-compose.fish
}
bashcomp() {
depends=""
pkgdesc="Bash completions for $pkgname"
install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
install -Dm644 "$pkgdir"/usr/share/bash-completion/completions/docker-compose \
"$subpkgdir"/usr/share/bash-completion/completions/docker-compose
}
zshcomp() {
depends=""
pkgdesc="Zsh compltions for $pkgname"
install_if="$pkgname=$pkgver-r$pkgrel zsh"
install -Dm644 "$pkgdir"/usr/share/zsh/site-functions/_docker-compose \
"$subpkgdir"/usr/share/zsh/site-functions/_docker-compose
}
fishcomp() {
depends=""
pkgdesc="Fish completions for $pkgname"
install_if="$pkgname=$pkgver-r$pkgrel fish"
install -Dm644 "$pkgdir"/usr/share/fish/completions/docker-compose.fish \
"$subpkgdir"/usr/share/fish/completions/docker-compose.fish
}
sha512sums="318c6bf9877147de09526b4d49c3fd86012d85626e7a9a15863ca55a60e10fa85b27429605045d0aaa993dddd3bc2e5f23cbb76856276a874e84793b878a3e86 docker-compose-1.24.0.tar.gz"
sha512sums="9b8632ef263b8dfa678e8b99b46e00441f779716a524280ce25f62fcd2605f400723b7790c466338374c34653946dc2c5d7f09593ddd892fee3409c2a2fd1a5f docker-compose-1.24.1.tar.gz"
......@@ -2,8 +2,8 @@
# Contributor: Jake Buchholz <tomalok@gmail.com>
# Maintainer: Jake Buchholz <tomalok@gmail.com>
pkgname=docker
pkgver=18.09.6
_gitcommit=481bc7715621adba10752357e0d537c8dc86507d # https://github.com/docker/docker-ce/commits/v$pkgver
pkgver=18.09.8
_gitcommit=0dd43dd87fd530113bf44c9bba9ad8b20ce4637f # https://github.com/docker/docker-ce/commits/v$pkgver
_ver=${pkgver/_/-}-ce
pkgrel=0
pkgdesc="Pack, ship and run any application as a lightweight container"
......@@ -11,13 +11,20 @@ url="http://www.docker.io/"
arch="all"
license="Apache-2.0"
depends="docker-engine docker-cli"
makedepends="go go-md2man btrfs-progs-dev bash linux-headers coreutils lvm2-dev libtool"
makedepends="go go-md2man btrfs-progs-dev bash linux-headers coreutils lvm2-dev libtool
libseccomp-dev"
install="$pkgname.pre-install"
# from https://github.com/docker/docker-ce/blob/v$pkgver/components/engine/vendor.conf
_libnetwork_ver=872f0a83c98add6cae255c8859e29532febc0039
_libnetwork_ver=e7933d41e7b206756115aa9df5e0599fc5169742
_cobra_ver="0.0.3"
# secfixes:
# 18.09.8:
# - CVE-2019-13509
# 18.09.7:
# - CVE-2018-15664
subpackages="
$pkgname-engine:engine
$pkgname-openrc:engine_openrc:noarch
......@@ -40,7 +47,7 @@ source="
_dockerdir="$srcdir"/docker-$_ver
_cli_builddir="$_dockerdir"/components/cli
_daemon_builddir="$_dockerdir"/components/engine
_buildtags=""
_buildtags="seccomp"
_libnetwork_builddir="$srcdir"/libnetwork-$_libnetwork_ver
......@@ -205,8 +212,8 @@ cli_vim() {
done
}
sha512sums="f05fc78f5891fa0308878690576e245eebb1e72f306f5b629b0e82dc96a04812202a2393ee6fd352bc59a1c5d29d398f0d6cddf545d57b483a051d14d7a0ee28 docker-18.09.6.tar.gz
c8e8544a3d8d44dc0f309aa3520a2cf62cee374a06d40473542078de94d88cb484c0dca1cee7ad89fb312c969af1694c848f464d04d61df5a9888058e21a485e libnetwork-872f0a83c98add6cae255c8859e29532febc0039.tar.gz
sha512sums="34cf91da732ebbde88f0c8cd39664130e6bd344b18d4643715a00e1c4062d0838a37650a8ee68fb371abd8f01910c7bdce1237af74a49cd63b5ed5382eaf00ed docker-18.09.8.tar.gz
0a833510df0029999bfc05c23445a58a8b2ff165c0fb2fd5c411498d1e89b5b1990d2778b32346dd2b6d61c166ff707c6277a5d1937db6345c77d3825eb59875 libnetwork-e7933d41e7b206756115aa9df5e0599fc5169742.tar.gz
c38db9432a168f913b41a1e1b11d84bedfade82ff70791be9d343a6cc86b8a05b18bae344d67ebd8bae4c98662db7ac664a9dc86fa9b9ad4aa5c96cbf0178efb cobra-0.0.3.tar.gz
33155a79799cc6c0520a030e1a9bdba60441776d612e5e255574b23bbce1c7a8e5d868284b05a8a92704be6bbb7db905388564e867986a705acbe4884ac58584 docker-openrc-fixes.patch
9b24dc0c50904c3d12bb04c1a7df169651043ddbc258018647010a5aa01d8a19ad54d10ca79dce6d6283c81f4fa0cc8de417f6180dd824c5a588b22b23546cb5 docker-openrc-busybox-ash.patch"
......@@ -2,12 +2,12 @@
# Maintainer: Leo <thinkabit.ukim@gmail.com>
pkgname=elogind
pkgver=241.3
pkgrel=0
pkgrel=1
pkgdesc="Standalone fork of systemd's elogind"
url="https://github.com/elogind/elogind"
arch="all"
license="GPL-2.0-or-later LGPL-2.1-or-later"
depends="dbus"
depends="dbus shadow"
options="!check" # Tests fail on builders
makedepends="
meson
......@@ -34,7 +34,7 @@ subpackages="
$pkgname-zsh-completion:zshcomp:noarch
$pkgname-bash-completion:bashcomp:noarch"
source="
$pkgname-$pkgver.tar.gz::https://github.com/elogind/elogind/archive/v${pkgver}.tar.gz
$pkgname-$pkgver.tar.gz::https://github.com/elogind/elogind/archive/v$pkgver.tar.gz
reverse_DISABLE_BUFFER_in_cg_attach.patch
reverse_CLOSE_ON_EXEC_removal.patch"
......
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=esh
pkgver=0.1.1
pkgver=0.3.0
pkgrel=0
pkgdesc="Simple template system based on shell"
url="https://github.com/jirutka/esh"
......@@ -22,4 +22,4 @@ package() {
make DESTDIR="$pkgdir" prefix=/usr install
}
sha512sums="dd952e87379c48cc99e34d1c5e3bb323e7b2d3a2f9bffcd5d9770889439bc96d69c5fb85531c116776855c7704835ff6f020e3f5e703dd0525ec850a1be10c19 esh-0.1.1.tar.gz"
sha512sums="6c1a55a9301af37272223b1155b69000667bb86fb95e5533ee08ecafbaaafb3d93a63e538b8511e33268dfc04a9cbb767308bc5795e019b90c72e8ce687d55b6 esh-0.3.0.tar.gz"
# Contributor: Leo <thinkabit.ukim@gmail.com>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer:
# Maintainer:
pkgname=evince
pkgver=3.32.0
pkgrel=0
......@@ -16,12 +16,16 @@ makedepends="$depends_dev intltool itstool gnome-doc-utils
adwaita-icon-theme-dev gnome-common automake autoconf
gtk-doc yelp-tools appstream-glib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-libs"
source="https://download.gnome.org/sources/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz"
source="https://download.gnome.org/sources/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz
CVE-2019-11459.patch
"
builddir="${srcdir}/${pkgname}-${pkgver}"
# secfixes:
# 3.32.0-r1:
# - CVE-2019-11459
# 3.24.0-r2:
# - CVE-2017-1000083
# - CVE-2017-1000083
build() {
cd "$builddir"
......@@ -61,4 +65,5 @@ doc() {
fi
}
sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz"
sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz
ebb8e2e0b2754d4634c99fda7669171e97b583dfbcd383682b70eb36ce816f1bcf1c2cb81b4ffbfac86db891d9f63bd0c2d90ff9ca3838c64a258b6a0002f7c4 CVE-2019-11459.patch"
From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001
From: Jason Crain <jcrain@src.gnome.org>
Date: Mon, 15 Apr 2019 23:06:36 -0600
Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
The TIFFReadRGBAImageOriented function returns zero if it was unable to
read the image. Return NULL in this case instead of displaying
uninitialized memory.
Fixes #1129
---
backend/tiff/tiff-document.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 7715031b..38bb3bd8 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -292,18 +292,22 @@ tiff_document_render (EvDocument *document,
g_warning("Failed to allocate memory for rendering.");
return NULL;
}
-
+
+ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+ width, height,
+ (uint32 *)pixels,
+ orientation, 0)) {
+ g_warning ("Failed to read TIFF image.");
+ g_free (pixels);
+ return NULL;
+ }
+
surface = cairo_image_surface_create_for_data (pixels,
CAIRO_FORMAT_RGB24,
width, height,
rowstride);
cairo_surface_set_user_data (surface, &key,
pixels, (cairo_destroy_func_t)g_free);
-
- TIFFReadRGBAImageOriented (tiff_document->tiff,
- width, height,
- (uint32 *)pixels,
- orientation, 0);
pop_handlers ();
/* Convert the format returned by libtiff to
@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument *document,
if (!pixels)
return NULL;
+ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+ width, height,
+ (uint32 *)pixels,
+ ORIENTATION_TOPLEFT, 0)) {
+ g_free (pixels);
+ return NULL;
+ }
+
pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8,
width, height, rowstride,
(GdkPixbufDestroyNotify) g_free, NULL);
- TIFFReadRGBAImageOriented (tiff_document->tiff,
- width, height,
- (uint32 *)pixels,
- ORIENTATION_TOPLEFT, 0);
pop_handlers ();
ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res),
--
2.21.0
MY_CPU_BE expands to an empty token sequence, so defined (MY_CPU_BE)
has to be used in this context. This code is only reachable for
s390x, ppc64 sets MY_CPU_NAME earlier.
diff -ur evince-3.25.4.orig/cut-n-paste/unarr/lzmasdk/CpuArch.h evince-3.25.4/cut-n-paste/unarr/lzmasdk/CpuArch.h
--- evince-3.25.4.orig/cut-n-paste/unarr/lzmasdk/CpuArch.h 2017-07-22 07:58:23.000000000 +0200
+++ evince-3.25.4/cut-n-paste/unarr/lzmasdk/CpuArch.h 2017-07-31 13:32:33.893245858 +0200
@@ -174,7 +174,7 @@
#ifndef MY_CPU_NAME
#ifdef MY_CPU_LE
#define MY_CPU_NAME "LE"
- #elif MY_CPU_BE
+ #elif defined (MY_CPU_BE)
#define MY_CPU_NAME "BE"
#else
/*
Only in evince-3.25.4/cut-n-paste/unarr/lzmasdk: CpuArch.h~
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=exempi
pkgver=2.5.0
pkgrel=1
pkgver=2.5.1
pkgrel=0
pkgdesc="A library to parse XMP metadata"
url="https://libopenraw.freedesktop.org/wiki/Exempi/"
arch="all"
......@@ -11,6 +11,10 @@ makedepends="expat-dev zlib-dev boost-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
source="https://libopenraw.freedesktop.org/download/exempi-$pkgver.tar.bz2"
# secfixes:
# 2.5.1-r0:
# - CVE-2018-12648
prepare() {
default_prepare
update_config_sub
......@@ -35,4 +39,4 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="1d042ffe3c3daadf937c4938e7892d52c4835275065e159f7991ddc9f533424fb6cd7d607600c3381440020db9dfa06af5ae15168d7a8012358fa5c8ac453bba exempi-2.5.0.tar.bz2"
sha512sums="97f2a688e1f92e219d0b68b077608112373cf3e6cbfe4141bbb9c3d1f416926bfd568957c1d0a081b95b524cbd500da0b7bca0ce45e1e8611818f66bcb1b6518 exempi-2.5.1.tar.bz2"
......@@ -5,10 +5,10 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Jesse Young <jlyo@jlyo.org>
pkgname=exim
pkgver=4.92
pkgver=4.92.2
pkgrel=0
pkgdesc="Message Transfer Agent"
url="https://www.exim.org"
url="https://www.exim.org/"
arch="all"
license="GPL-2.0-or-later"
options="!check suid"
......@@ -27,9 +27,12 @@ source="https://ftp.exim.org/pub/exim/exim4/$pkgname-$pkgver.tar.xz
exim.initd
exim.logrotate
exim.gencert"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.92.2-r0:
# - CVE-2019-15846
# 4.92.1-r0:
# - CVE-2019-13917
# 4.92-r0:
# - CVE-2019-10149
# 4.91-r0:
......@@ -54,13 +57,11 @@ prepare() {
}
build() {
cd "$builddir"
make makefile
make -j1
}
package() {
cd "$builddir"
install -m750 -D -g mail -d "$pkgdir"/etc/mail
make DESTDIR="$pkgdir" INSTALL_ARG="-no_symlink -no_chown exim" install
install -D -m644 doc/exim.8 "$pkgdir"/usr/share/man/man8/exim.8
......@@ -117,7 +118,7 @@ cdb() { _mv_ext cdb; }
dbmdb() { _mv_ext dbmdb; }
dnsdb() { _mv_ext dnsdb; }
sha512sums="62c327e6184a358ba7f0dbc38b44d2537234be91727a5bfac97e74af64a8d77e376b3221dcfdd8f6eca7d812f9233595503dc6e50e2972bed40a1b74eb209c31 exim-4.92.tar.xz
sha512sums="d27aca4d4e9df267b0afcbe7b3f74c9ca6e96e7e6eb4d2f86ff00b0e2234eaec90271405eb387a36a2e0d4ec5597b2920753f85318a5618ddbc8af475a7d81cd exim-4.92.2.tar.xz
691df92954f015711398350963ea321d143127bc731a985bcacc5364c71b6df84b6c21a2e8dc3cc2048fcd3dd02def3dc8015f4d84dd672f23d5a41348e72dc7 bounce-charset.patch
f764a09ac7b6dfa34a5cd8bf5ad8b5fea355ac3b21a14f7218c84804bce420c6212cbebd2811fa40b0034dba626f0c9b293de77dbd634432edd31b237003515e exim.Makefile
bb6f5ead067af19ace661cc92bcd428da97570aedd1f9dc5b61a34e7e3fb3e028be6c96d51df73353bdfcaf69a3ee053fb03d245f868d63ebf518aa96ec82d66 exim.confd
......
......@@ -3,10 +3,10 @@
# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ffmpeg
pkgver=4.1.3
pkgrel=1
pkgver=4.1.4
pkgrel=0
pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
url="https://ffmpeg.org"
url="https://ffmpeg.org/"
arch="all"
license="LGPL-2.1-or-later GPL-2.0-or-later"
options="!check" # tests/data/hls-lists.append.m3u8 fails
......@@ -21,22 +21,35 @@ source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
"
# secfixes:
# 4.1.4-r0:
# - CVE-2019-12730
# 4.1.3-r0:
# - CVE-2019-9718
# - CVE-2019-9721
# - CVE-2019-11338
# - CVE-2019-11339
# 4.1.1-r0:
# - CVE-2019-1000016
# 4.1-r0:
# - CVE-2018-13305
# - CVE-2018-15822
# 4.0.2-r0:
# - CVE-2018-13300
# - CVE-2018-13301
# - CVE-2018-13302
# - CVE-2018-13303
# - CVE-2018-13304
# - CVE-2018-14394
# - CVE-2018-14395
# - CVE-2018-1999010
# - CVE-2018-1999011
# - CVE-2018-1999012
# - CVE-2018-1999013
# - CVE-2018-1999014
# - CVE-2018-1999015
# 4.0.1-r0:
# - CVE-2018-12458
# - CVE-2018-12459
# - CVE-2018-12460
# 4.0.0-r0:
# - CVE-2018-6912
# - CVE-2018-7751
# - CVE-2018-7757
# - CVE-2018-9841
# 3.4.4-r0:
# - CVE-2018-14395
# 3.4.3-r0:
......@@ -124,5 +137,5 @@ libs() {
mv "$pkgdir"/usr/lib "$subpkgdir"/usr
}
sha512sums="0a540a0c5395f42c6079bc26d1b3baca453995693da7de21da469ce40b3a548bea14ff46a72c6f4c32256333855f9b86207cb8bf1d0dda33a17ddca54970daa3 ffmpeg-4.1.3.tar.xz
sha512sums="1d0c3c3e04d14094e98a8ea4274ea01b941a658afa501ff408a8b2ee146b997743d51b8863ae184e9590333a94297a0fa5c079a211739513cf7c8350d3bd64dd ffmpeg-4.1.4.tar.xz
1047a23eda51b576ac200d5106a1cd318d1d5291643b3a69e025c0a7b6f3dbc9f6eb0e1e6faa231b7e38c8dd4e49a54f7431f87a93664da35825cc2e9e8aedf4 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch"
......@@ -2,7 +2,7 @@
# Contributor:
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
pkgver=60.7.1
pkgver=60.9.0
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
......@@ -80,6 +80,28 @@ _mozappdir=/usr/lib/firefox
ldpath="$_mozappdir"
# secfixes:
# 69.9.0-r0:
# - CVE-2019-9812
# - CVE-2019-11740
# - CVE-2019-11742
# - CVE-2019-11743
# - CVE-2019-11744
# - CVE-2019-11746
# - CVE-2019-11752
# - CVE-2019-11753
# 60.8.0-r0:
# - CVE-2019-9811
# - CVE-2019-11709
# - CVE-2019-11711
# - CVE-2019-11712
# - CVE-2019-11713
# - CVE-2019-11715
# - CVE-2019-11717
# - CVE-2019-11719
# - CVE-2019-11729
# - CVE-2019-11730
# 60.7.2-r0:
# - CVE-2019-11708
# 60.7.1-r0:
# - CVE-2019-11707
# 60.7.0-r0:
......@@ -265,7 +287,7 @@ __EOF__
rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so
}
sha512sums="597e2872f6fb1959f0945d18b4d56add786dfd031c4cb99e76c5bd01d28c9c4705acc6bbdf8a0b6fcf9105e3f028403d6b79fe7e6d9218c97d743828afeb4087 firefox-60.7.1esr.source.tar.xz
sha512sums="4baea5c9c4eff257834bbaee6d7786f69f7e6bacd24ca13c2705226f4a0d88315ab38c650b2c5e9c76b698f2debc7cea1e5a99cb4dc24e03c48a24df5143a3cf firefox-60.9.0esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
845209a7f831c069a1c1d20f88e388423656f7c2f0915b5e7cfb7f47947883d4f9eb2f887b6f10ac5d75d0b323b495b693ec21cd2208ee5071283089bc023f07 fix-rust.patch
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
......
......@@ -2,7 +2,7 @@
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=go
pkgver=1.12.6
pkgver=1.12.8
pkgrel=0
pkgdesc="Go programming language compiler"
url="http://www.golang.org/"
......@@ -24,6 +24,10 @@ x86) options="!check" ;; # FIXME
esac
# secfixes:
# 1.12.8-r0:
# - CVE-2019-9512
# - CVE-2019-9514
# - CVE-2019-14809
# 1.11.5-r0:
# - CVE-2019-6486
# 1.9.4-r0:
......@@ -129,6 +133,6 @@ package() {
-exec rm -rf \{\} \+
}
sha512sums="431a0b916ce2e64d816808a04bc3bf028e955538ab55c571021c08e599781ae344487a55e119bb3aae3d32f84cd83e2c176dc72d336b95da0352edffeab07a48 go1.12.6.src.tar.gz
sha512sums="193a9b08752aa2479c19f5b56fdfe2296c7e6097e0c583290f0fce754ac7571e2ff345f66b69774d8e22f2caa147a3dc15658148017b09e5e7f49fd4569373d4 go1.12.8.src.tar.gz
a8f3afd97992f03ccf2680cde214eefccac47daeb9eeb689b5e0b206ea3c19cfb23d448a4eb532894d830d4b91cd97b249e88f04c17feba02d9e243b40243bd0 default-buildmode-pie.patch
faf8de430df185842902322f064254f3e9ecee0884b3075b5550c85da15ff61ea6c2bb8d0fb7cf3887abc0e40974bd73ee8f8c14da7f914dde7e9220177c4e2a set-external-linker.patch"
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=gvfs
pkgver=1.40.1
pkgver=1.40.2
pkgrel=0
pkgdesc="Backends for the gio framework in GLib"
url="https://wiki.gnome.org/Projects/gvfs"
......@@ -30,6 +30,13 @@ subpackages="$pkgname-dev $pkgname-lang
"
source="https://download.gnome.org/sources/gvfs/${pkgver%.*}/gvfs-$pkgver.tar.xz"
# secfixes:
# 1.40.2-r0:
# - CVE-2019-12795
# - CVE-2019-12449
# - CVE-2019-12447
# - CVE-2019-12448
build() {
meson \
--buildtype=release \
......@@ -173,4 +180,4 @@ afc() {
usr/share/dbus-1/services/org.gtk.vfs.AfcVolumeMonitor.service \
usr/share/gvfs/remote-volume-monitors/afc.monitor
}
sha512sums="de7fbcce5783c807ab4d7d56fa246244fbe2baf271c43a2abd9f332e41975026842f66423a5e0781d11ba04802a29358a6863e087120b76471c3bdd47f7a6a29 gvfs-1.40.1.tar.xz"
sha512sums="aec525091553e793e10ad9747e29080c92401b9d2a0b8dff98994c071d67057796628dc2a53c0ede46c53f2b149abb55e57c3ddd75e11a93c2f168713e5fb61c gvfs-1.40.2.tar.xz"
......@@ -2,8 +2,8 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=imagemagick6
_pkgname=ImageMagick
pkgver=6.9.10.47
_pkgname=ImageMagick6
pkgver=6.9.10.60
_pkgver=${pkgver%.*}-${pkgver##*.}
_abiver=${pkgname#imagemagick}
pkgrel=0
......@@ -18,10 +18,36 @@ makedepends="fontconfig-dev freetype-dev ghostscript-dev lcms2-dev
zlib-dev"
checkdepends="freetype fontconfig ghostscript ghostscript-fonts lcms2 graphviz"
subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx $pkgname-libs"
source="https://www.imagemagick.org/download/releases/$_pkgname-$_pkgver.tar.xz"
source="$_pkgname-$_pkgver.tar.gz::https://github.com/ImageMagick/ImageMagick6/archive/$_pkgver.tar.gz"
builddir="$srcdir/$_pkgname-$_pkgver"
# secfixes:
# 6.9.10.55-r0:
# - CVE-2019-13454
# 6.9.10.53-r0:
# - CVE-2019-13391
# - CVE-2019-13311
# - CVE-2019-13310
# - CVE-2019-13309
# - CVE-2019-13308
# - CVE-2019-13307
# - CVE-2019-13306
# - CVE-2019-13305
# - CVE-2019-13304
# - CVE-2019-13303
# - CVE-2019-13302
# - CVE-2019-13301
# - CVE-2019-13300
# - CVE-2019-13299
# - CVE-2019-13298
# - CVE-2019-13297
# - CVE-2019-13296
# - CVE-2019-13295
# - CVE-2019-13137
# - CVE-2019-13136
# - CVE-2019-13135
# - CVE-2019-13134
# - CVE-2019-13133
# 6.9.10.43-r0:
# - CVE-2019-11598
# - CVE-2019-11597
......@@ -160,4 +186,4 @@ _cxx() {
mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/
}
sha512sums="67eec1bbebff58eebe492b3a1bcfb9f403f690cbbc023da8afa3f735846974a4e914258f77b0fe62e8e29690af4517feca5d77b49bd6d8a2af3b61985f9fb603 ImageMagick-6.9.10-47.tar.xz"
sha512sums="e8a28fdce0e48261cbd68ec6e863e06ecfc4830ce0042f36a257f5e6d524e1deb260f590f6e04d01679148b69bd317813198237ef835777b13cb1adb09b5bea3 ImageMagick6-6.9.10-60.tar.gz"
# Maintainer: Marian Buschsieweke <marian.buschsieweke@ovgu.de>
pkgname=intel-ucode
pkgver=20190514a
pkgver=20190618
pkgrel=0
pkgdesc="Microcode update files for Intel CPUs"
arch="x86 x86_64"
......@@ -25,4 +25,4 @@ package() {
install -Dm644 license "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
sha512sums="2ccfd18964571f2b5bb579df20c2d8c10f3992ad4413f216db6af1454853e898934b7a60d411f6e742b00585268e3ea14d9dc912876183c766be52aae80deb2a microcode-20190514a.tar.gz"
sha512sums="f7717f476465705e14ea26b516cf7b1d04e29842da0924d7da5582346ad5dd5dfd8755041bdca8f3afa7fe64f138e91354498d87006fe4487701242858c24c17 microcode-20190618.tar.gz"
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libosinfo
pkgver=1.5.0
pkgrel=0
pkgrel=1
pkgdesc="A library for managing OS information for virtualization"
url="http://libosinfo.org/"
arch="all"
......@@ -10,9 +10,15 @@ license="LGPL-2.0-or-later"
depends="hwdata osinfo-db"
makedepends="glib-dev libsoup-dev libxml2-dev libxslt-dev vala intltool
gobject-introspection-dev check-dev perl-dev
automake autoconf libtool"
automake autoconf libtool xz"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="https://releases.pagure.org/$pkgname/$pkgname-$pkgver.tar.gz"
source="https://releases.pagure.org/$pkgname/$pkgname-$pkgver.tar.gz
CVE-2019-13313.patch
"
# secfixes:
# 1.5.0-r1:
# - CVE-2019-13313
prepare() {
default_prepare
......@@ -43,4 +49,5 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="d5d5749eac1dbba0450fdff732c99c5c66b78b0889679cb9f3fd58e119fea4dd1c730013f4cad887b413abe21399143abb89b9d9554b906f117ba0cfc6685e5e libosinfo-1.5.0.tar.gz"
sha512sums="d5d5749eac1dbba0450fdff732c99c5c66b78b0889679cb9f3fd58e119fea4dd1c730013f4cad887b413abe21399143abb89b9d9554b906f117ba0cfc6685e5e libosinfo-1.5.0.tar.gz
f13e0f79609d210ecb3c9e88f59d4ab423bd5ebae04695c622da9ea21f0231c806625338e05460d6f7e733c2e2809b7fb3b1752b5aa6fe1e50177e40db3ca476 CVE-2019-13313.patch"
Let's add a new option so users can set their config from a file,
instead of directly passing the values via command-line.
Signed-off-by: Fabiano Fidêncio <fidencio redhat com>
---
tools/osinfo-install-script.c | 100 +++++++++++++++++++++++++++++++++-
1 file changed, 97 insertions(+), 3 deletions(-)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 15af48d..efa96ee 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -37,6 +37,34 @@ static gboolean list_profile = FALSE;
static gboolean list_inj_method = FALSE;
static gboolean quiet = FALSE;
+static const gchar *configs[] = {
+ OSINFO_INSTALL_CONFIG_PROP_HARDWARE_ARCH,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_TIMEZONE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_LANGUAGE,
+ OSINFO_INSTALL_CONFIG_PROP_L10N_KEYBOARD,
+ OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_USER_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_REALNAME,
+ OSINFO_INSTALL_CONFIG_PROP_USER_AUTOLOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_USER_ADMIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_LOGIN,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PASSWORD,
+ OSINFO_INSTALL_CONFIG_PROP_REG_PRODUCTKEY,
+ OSINFO_INSTALL_CONFIG_PROP_HOSTNAME,
+ OSINFO_INSTALL_CONFIG_PROP_TARGET_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_SCRIPT_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_AVATAR_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_PRE_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_DISK,
+ OSINFO_INSTALL_CONFIG_PROP_POST_INSTALL_DRIVERS_LOCATION,
+ OSINFO_INSTALL_CONFIG_PROP_DRIVER_SIGNING,
+ OSINFO_INSTALL_CONFIG_PROP_INSTALLATION_URL,
+ NULL
+};
+
static OsinfoInstallConfig *config;
static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
@@ -65,6 +93,47 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
}
+static gboolean handle_config_file(const gchar *option_name G_GNUC_UNUSED,
+ const gchar *value,
+ gpointer data G_GNUC_UNUSED,
+ GError **error)
+{
+ GKeyFile *key_file = NULL;
+ gchar *val = NULL;
+ gsize i;
+ gboolean ret = FALSE;
+
+ key_file = g_key_file_new();
+ if (!g_key_file_load_from_file(key_file, value, G_KEY_FILE_NONE, error))
+ goto error;
+
+ for (i = 0; configs[i] != NULL; i++) {
+ val = g_key_file_get_string(key_file, "install-script", configs[i], error);
+ if (val == NULL) {
+ if (g_error_matches(*error, G_KEY_FILE_ERROR,
+ G_KEY_FILE_ERROR_KEY_NOT_FOUND)) {
+ g_clear_error(error);
+ continue;
+ }
+
+ goto error;
+ }
+
+ osinfo_entity_set_param(OSINFO_ENTITY(config),
+ configs[i],
+ val);
+ g_free(val);
+ }
+
+ ret = TRUE;
+
+error:
+ g_key_file_unref(key_file);
+
+ return ret;
+}
+
+
static GOptionEntry entries[] =
{
{ "profile", 'p', 0, G_OPTION_ARG_STRING, (void*)&profile,
@@ -78,6 +147,9 @@ static GOptionEntry entries[] =
{ "config", 'c', 0, G_OPTION_ARG_CALLBACK,
handle_config,
N_("Set configuration parameter"), "key=value" },
+ { "config-file", 'f', 0, G_OPTION_ARG_CALLBACK,
+ handle_config_file,
+ N_("Set configuration parameters"), "file:///path/to/config/file" },
{ "list-config", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_config,
N_("List configuration parameters"), NULL },
{ "list-profiles", '\0', 0, G_OPTION_ARG_NONE, (void*)&list_profile,
@@ -448,6 +520,10 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
+=item B<--config-file=config-file>
+
+Set the configurations parameters according to the config-file passed.
+
=back
=head1 CONFIGURATION KEYS
@@ -510,18 +586,36 @@ The software registration user password
=back
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration file must consist in a file which contains a
+`install-script` group and, under this group, C<key>=C<value>
+pairs, as shown below:
+
+[install-script]
+l10n-timezone=GMT
+l10n-keyboard=uk
+l10n-language=en_GB
+admin-password=123456
+user-login=berrange
+user-password=123456
+user-realname="Daniel P Berrange"
+
=head1 EXAMPLE USAGE
-The following usage generates a Fedora 16 kickstart script
+The following usages generates a Fedora 16 kickstart script
+
+ # osinfo-install-script \
+ --profile jeos \
+ --config-file /path/to/the/config/file \
+ fedora16
# osinfo-install-script \
--profile jeos \
--config l10n-timezone=GMT \
--config l10n-keyboard=uk \
--config l10n-language=en_GB \
- --config admin-password=123456 \
--config user-login=berrange \
- --config user-password=123456 \
--config user-realname="Daniel P Berrange" \
fedora16
--
2.21.0
As passing user & admin password via command line is a low impact CVE,
let's error out when it's done and advertise the users to use
--config-file instead.
Signed-off-by: Fabiano Fidêncio <fidencio redhat com>
---
tools/osinfo-install-script.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index efa96ee..3da4a69 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -85,6 +85,15 @@ static gboolean handle_config(const gchar *option_name G_GNUC_UNUSED,
val++;
key = g_strndup(value, len);
+ if (g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_USER_PASSWORD) ||
+ g_str_equal(key, OSINFO_INSTALL_CONFIG_PROP_ADMIN_PASSWORD)) {
+ g_set_error(error, OSINFO_ERROR, 0,
+ _("When setting user or admin password, use "
+ "--config-file instead.\n"));
+ g_free(key);
+ return FALSE;
+ }
+
osinfo_entity_set_param(OSINFO_ENTITY(config),
key,
val);
@@ -520,6 +529,8 @@ script. Defaults to C<media>, but can also be C<network>.
Set the configuration parameter C<key> to C<value>.
+Note: this option has been deprecated, use B<--config-file=> instead.
+
=item B<--config-file=config-file>
Set the configurations parameters according to the config-file passed.
--
2.21.0
......@@ -17,6 +17,9 @@ builddir="$srcdir"/LibRaw-$pkgver
# - CVE-2018-20363
# - CVE-2018-20364
# - CVE-2018-20365
# - CVE-2018-5817
# - CVE-2018-5818
# - CVE-2018-5819
# 0.18.6-r0:
# - CVE-2017-16910
# 0.18.5-r0:
......
......@@ -2,7 +2,7 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=libreoffice
pkgver=6.2.4.2
pkgver=6.2.7.1
pkgrel=0
pkgdesc="LibreOffice - Meta package for the full office suite"
url="https://www.libreoffice.org/"
......@@ -67,6 +67,18 @@ source="https://download.documentfoundation.org/libreoffice/src/${_v}/libreoffic
musl-libintl.patch
"
# secfixes:
# 6.2.7.1-r0:
# - CVE-2019-9854
# - CVE-2019-9855
# 6.2.6.2-r0:
# - CVE-2019-9850
# - CVE-2019-9851
# - CVE-2019-9852
# 6.2.5.2-r0:
# - CVE-2019-9848
# - CVE-2019-9849
add_lang() {
local pkglang="${3:-$1}"
subpackages="$subpackages $pkgname-lang-${1}:_lang_${1}"
......@@ -347,9 +359,9 @@ sdk_doc() {
_split sdk_doc
}
sha512sums="d3c28629315fa78c1a18384b9c4144773f573c9721cb33f2c1b2beccbaa73068b1096c7009353261b1a8993f1bf5296e9dfc4279605572938b749ce9c39026e5 libreoffice-6.2.4.2.tar.xz
a5b0e06961a9b2b10401cf8692b204aa437ad113ec6991605f750f36452309fcacfc8cf98e7f886038698f7e68bf2790800441d1b90198b830281747d05b202f libreoffice-dictionaries-6.2.4.2.tar.xz
f7c45d26364ac813eb77d020410542622989d809413dde0deea4c54bbf289dcf577b4ebd77490af691bc9cbec541da219d5e7bc64e67bf5b724f19e3c3272bd0 libreoffice-translations-6.2.4.2.tar.xz
sha512sums="9ed37c7957bb214a3de0b3dadea9debd5056d641052a669904d543a7065f1f5c721e09ddda800dfb478ff0474f71a275c7208077cb7b6566786d3b637f42860b libreoffice-6.2.7.1.tar.xz
bf842610a947a1916e2b9a2bcd9f0938ac17078d3d6917c237aa97a2eb5da0fbe70d09b997bb2f6de6b7bf85fd1c18744830246f6781a0675cc005986bb1a2d0 libreoffice-dictionaries-6.2.7.1.tar.xz
7b02f91f5c52fb8fe5a5dcf0db6b43b36a6ad13d4a9dfab8a5175e0d87df54df3cfae767a3a5b3ec6981b73d442cbaf42f5d2153cbce7dd9b33bbba7dfb58229 libreoffice-translations-6.2.7.1.tar.xz
a231eba4a1baca11766ef292ab45e302081115477fe23018652882923308856835cf8c9ecba61a5cf22543474ccef3136965d794a90c9e4e9e6dcc21f9af6e1a 17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip
9fe106bbdb55365f589246e5a0d10bbe9b35224132b66a1823dc6361633a67f2acc0e8c393dc7ed70d086858d16d242b8806b8b2184c98e3d20d0be85bed9c44 3404ab6b1792ae5f16bbd603bd1e1d03-libformula-1.1.7.zip
4a48f1e32907fb2dee601cda3cd7a0d7198b2d51f2a572b647f1e93f901fd511eef3567676e52dfb1723a2cdfbc01f2015ca0bb22903b0bc1476dd618cc9aa8a 35c94d2df8893241173de1d16b6034c0-swingExSrc.zip
......
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=miniupnpd
pkgver=2.1
pkgrel=0
pkgrel=1
pkgdesc="Lightweight UPnP IGD daemon"
url="http://miniupnp.free.fr"
arch="all"
......
......@@ -2,7 +2,7 @@
# Contributor: Andrew Manison <amanison@anselsystems.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mutt
pkgver=1.12.0
pkgver=1.12.1
pkgrel=0
pkgdesc="Small and very powerful text-mode email client"
url="http://www.mutt.org"
......@@ -55,4 +55,4 @@ package() {
"$pkgdir"/etc/Muttrc.gpg.dist
}
sha512sums="b9482af3bfeb39ab8be7244deda49b56a77cfa15b3dfc7dd2b0ec2d7eba8e32b742b7a254ff64e6827a6f74f563830276bf950e8b2b192d27a1fd6b1df70443c mutt-1.12.0.tar.gz"
sha512sums="0101120ad2acab89552be210725bae1a903f0b2c48be7207750589d141236537823f27c39e8d700eee16eb6b978058d056180b3d51e45e0242546f176b971538 mutt-1.12.1.tar.gz"
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nextcloud
pkgver=16.0.1
pkgver=16.0.4
pkgrel=0
pkgdesc="A safe home for all your data"
url="http://nextcloud.com"
......@@ -232,7 +232,7 @@ _package_app() {
mv "$pkgdir"/$_appsdir/$appname "$subpkgdir"/$_appsdir/
}
sha512sums="c7ac02fbf2f61ef42b8f12ea79472c1a47606524850fdf46766f32c9feab2166a608a9b557c0db05293b4b61d1fb3d9ea37828dd0f5840de0ed88ca8bd632b99 nextcloud-16.0.1.zip
sha512sums="2d024f2f791f367ec57ffca263f64b11ebf1955127e860a4cc9dcdf1bbe7b9d84a32023fe42ed119159f8c188b913cabf0d00239aef43a4d9571ba60b5f7883b nextcloud-16.0.4.zip
59151300c1153cad7fa2a1a972825c81a71df523b319b22799ce1bd846c1a63c7e37c608a125a98e4e733857cc65db9f329fafef7a5b1365d802c476450fce22 nextcloud15-dont-chmod.patch
ebc7fdfb9f4d4256186f80ae3a2aa92cb4c7c54db3c185b642a37cd9ecbbb9ad557a1beea143018b987fbfa47667812ca09e68b304d04cc21f308a690e658275 nextcloud16-app-encryption-info-add-mcrypt.patch
aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731 dont-update-htaccess.patch
......
......@@ -2,7 +2,7 @@
# Maintainer: Mark Riedesel <mark+alpine@klowner.com>
pkgname=openexr
pkgver=2.2.1
pkgrel=0
pkgrel=1
pkgdesc="A high dynamic-range image file format library"
url="http://www.openexr.com/"
arch="all"
......@@ -10,9 +10,15 @@ license="BSD"
depends=""
makedepends="ilmbase-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz"
source="http://download.savannah.nongnu.org/releases/openexr/${pkgname}-${pkgver}.tar.gz
CVE-2018-18444.patch
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 2.2.1-r1:
# - CVE-2018-18444
build() {
cd "$builddir"
./configure \
......@@ -37,4 +43,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz"
sha512sums="192100c6ac47534f3a93c55327d2ab90b07a8265156855086b326184328c257dcde12991b3f3f1831e2df4226fe884adcfe481c2f02a157c715aee665e89a480 openexr-2.2.1.tar.gz
c88f42bf9cb4fb2ccff493a3fded1a6efc67dedbe9475c0fa16e2bde8970fd6a03c5684558203cc7261b91c1f4521b0e007a653233ba16dfa3153320c7efe93d CVE-2018-18444.patch"
From 1b0f1e5d7dcf2e9d6cbb4e005e803808b010b1e0 Mon Sep 17 00:00:00 2001
From: pgajdos <pgajdos@suse.cz>
Date: Fri, 14 Jun 2019 22:19:30 +0200
Subject: [PATCH] fix CVE-2018-18444
---
exrmultiview/Image.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OpenEXR/exrmultiview/Image.h b/OpenEXR/exrmultiview/Image.h
index 5d718f5d..c465d380 100644
--- a/exrmultiview/Image.h
+++ b/exrmultiview/Image.h
@@ -227,7 +227,7 @@ template <class T>
void
TypedImageChannel<T>::black ()
{
- memset(&_pixels[0][0],0,image().width()/_xSampling*image().height()/_ySampling*sizeof(T));
+ memset(&_pixels[0][0],0,image().width()/_xSampling*(image().height()/_ySampling)*sizeof(T));
}
......@@ -6,7 +6,7 @@ _icedteaver=3.12.0
# pkgver is <JDK version>.<JDK update>.<JDK build>
# Check https://icedtea.classpath.org/wiki/Main_Page when updating!
pkgver=8.212.04
pkgrel=0
pkgrel=1
pkgdesc="OpenJDK 8 provided by IcedTea"
url="https://icedtea.classpath.org/"
arch="all"
......@@ -255,7 +255,7 @@ jre() {
jrebase() {
pkgdesc="OpenJDK 8 Java Runtime (no GUI support)"
depends="$pkgname-jre-lib java-common java-cacerts"
depends="$pkgname-jre-lib java-common java-cacerts nss"
mkdir -p "$subpkgdir"/$_java_home/bin \
"$subpkgdir"/$_java_home/lib/$_jarch
......
......@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=patchwork
pkgver=2.0.1
pkgrel=0
pkgrel=1
pkgdesc="Web-based patch tracking system"
url="https://github.com/getpatchwork/patchwork"
arch="noarch"
......@@ -15,12 +15,16 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/getpatchwork/$pkgname/archiv
0001-support-busybox-readlink.patch
0002-remove-uneeded-bashism-from-tools-and-change-path.patch
nginx-uwsgi-patchwork-conf.ini
nginx-patchwork.conf"
nginx-patchwork.conf
CVE-2019-13122.patch"
builddir="$srcdir"/$pkgname-$pkgver
# secfixes:
# 2.0.1-r1:
# - CVE-2019-13122
build() {
cd "$builddir"
return 0
}
......@@ -80,4 +84,5 @@ sha512sums="95dcfcdf19de0a65a77ab4274de82457c969e3a65705da25cbec742e4d6671e51e62
5facc2c2620b2d614011bcdc06bb481fb1481c79333579e5a7fa5b8bc4f97d1651cc8c4632a5e150b62674d64c00345341229319f1edb2016721868e84146826 0001-support-busybox-readlink.patch
f6d3590b3ac53797e0ae25fe50ab0935608be5ded44665599cbc91e93558895eddc6a7a717153d81fc194b314d7854686577ef5ecf9e0302b7824ce3b3863f7b 0002-remove-uneeded-bashism-from-tools-and-change-path.patch
28911a25e00a254237f7214fb681e5e984a2eae331e610be62967d5e246958e0f8d3f84861d8fd17c1190c1df72a25f28ddb33843b3679a3864beb00cb4b4961 nginx-uwsgi-patchwork-conf.ini
862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf"
862dd2522236a0b18d2a8d06f1ad91ad0fd0936fa502d95e09556641e67d42e1212821bfd7fb98923e4fe8b8a7369ded8c23831fb496b1e2833d9831c1b23725 nginx-patchwork.conf
fb1e70245d285e725a85d8c37a97ba5d393ccd7c1704130be9d518a44721e23ffe85345e325ef172bc23c959a3159b113616c5ecd8b80c560730a79177272f8a CVE-2019-13122.patch"
From 556f750d8d723791fded3476bcd9885d4b97355b Mon Sep 17 00:00:00 2001
From: Andrew Donnellan <ajd@linux.ibm.com>
Date: Mon, 1 Jul 2019 15:28:03 +1000
Subject: [PATCH 1/2] templatetags: Do not mark output of msgid tag as safe
The msgid template tag exists to remove angle brackets from either side of
the Message-ID header.
It also marks its output as safe, meaning it does not get autoescaped by
Django templating.
Its output is not safe. A maliciously crafted email can include HTML tags
inside the Message-ID header, and as long as the angle brackets are not at
the start and end of the header, we will quite happily render them.
Rather than using mark_safe(), use escape() to explicitly escape the
Message-ID.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
---
patchwork/templatetags/patch.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/patchwork/templatetags/patch.py b/patchwork/templatetags/patch.py
index ea5a71de362f..757f873b6043 100644
--- a/patchwork/templatetags/patch.py
+++ b/patchwork/templatetags/patch.py
@@ -5,6 +5,7 @@
# SPDX-License-Identifier: GPL-2.0-or-later
from django import template
+from django.utils.html import escape
from django.utils.safestring import mark_safe
from django.template.defaultfilters import stringfilter
@@ -64,4 +65,4 @@ def patch_checks(patch):
@register.filter
@stringfilter
def msgid(value):
- return mark_safe(value.strip('<>'))
+ return escape(value.strip('<>'))
--
2.20.1
From 3bf1aa7568a9a1f08f13ed28c5ac6102841bd4dd Mon Sep 17 00:00:00 2001
From: Andrew Donnellan <ajd@linux.ibm.com>
Date: Mon, 1 Jul 2019 18:04:53 +1000
Subject: [PATCH 2/2] tests: Add test for unescaped values in patch detail page
Add a test to check whether we are escaping values from the Patch model on
the patch detail page.
This test shouldn't be relied upon as proof that we've escaped everything
correctly, but may help catch regressions.
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
---
patchwork/tests/test_detail.py | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/patchwork/tests/test_detail.py b/patchwork/tests/test_detail.py
index 4ca1c9cda2f9..18408ecb95f6 100644
--- a/patchwork/tests/test_detail.py
+++ b/patchwork/tests/test_detail.py
@@ -34,6 +34,23 @@ class PatchViewTest(TestCase):
response = self.client.get(requested_url)
self.assertRedirects(response, redirect_url)
+ def test_escaping(self):
+ # Warning: this test doesn't guarantee anything - it only tests some
+ # fields
+ unescaped_string = 'blah<b>TEST</b>blah'
+ patch = create_patch()
+ patch.diff = unescaped_string
+ patch.commit_ref = unescaped_string
+ patch.pull_url = unescaped_string
+ patch.name = unescaped_string
+ patch.msgid = unescaped_string
+ patch.headers = unescaped_string
+ patch.content = unescaped_string
+ patch.save()
+ requested_url = reverse('patch-detail', kwargs={'patch_id': patch.id})
+ response = self.client.get(requested_url)
+ self.assertNotIn('<b>TEST</b>'.encode('utf-8'), response.content)
+
class CommentRedirectTest(TestCase):
--
2.20.1
diff --git a/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql b/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql
new file mode 100644
index 0000000..b0c2ee1
--- /dev/null
+++ b/modules/gpgsqlbackend/4.1.10_to_4.1.11.schema.pgsql.sql
@@ -0,0 +1 @@
+ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
diff --git a/modules/gpgsqlbackend/Makefile.am b/modules/gpgsqlbackend/Makefile.am
index 8a820d5..9e2f271 100644
--- a/modules/gpgsqlbackend/Makefile.am
+++ b/modules/gpgsqlbackend/Makefile.am
@@ -12,6 +12,7 @@ dist_doc_DATA = \
schema.pgsql.sql \
nodnssec-3.x_to_3.4.0_schema.pgsql.sql \
dnssec-3.x_to_3.4.0_schema.pgsql.sql \
+ 4.1.10_to_4.1.11.schema.pgsql.sql \
3.4.0_to_4.1.0_schema.pgsql.sql
libgpgsqlbackend_la_SOURCES = \
diff --git a/modules/gpgsqlbackend/Makefile.in b/modules/gpgsqlbackend/Makefile.in
index 4c1f978..9793c9d 100644
--- a/modules/gpgsqlbackend/Makefile.in
+++ b/modules/gpgsqlbackend/Makefile.in
@@ -479,6 +479,7 @@ dist_doc_DATA = \
schema.pgsql.sql \
nodnssec-3.x_to_3.4.0_schema.pgsql.sql \
dnssec-3.x_to_3.4.0_schema.pgsql.sql \
+ 4.1.10_to_4.1.11.schema.pgsql.sql \
3.4.0_to_4.1.0_schema.pgsql.sql
libgpgsqlbackend_la_SOURCES = \
......@@ -5,7 +5,7 @@
# Contributor: Fabian Zoske <fabian@zoske.it>
# Maintainer: Matt Smith <mcs@darkregion.net>
pkgname=pdns
pkgver=4.1.8
pkgver=4.1.11
pkgrel=0
pkgdesc="PowerDNS Authoritative Server"
url="https://www.powerdns.com/"
......@@ -37,10 +37,18 @@ pkgusers="pdns"
pkggroups="pdns"
source="https://downloads.powerdns.com/releases/$pkgname-$pkgver.tar.bz2
$pkgname.initd
$pkgname.conf"
$pkgname.conf
4.1.10_to_4.1.11.schema.pgsql.sql.patch
README.alpine
"
builddir="$srcdir/$pkgname-$pkgver"
# secfixes:
# 4.1.11-r0:
# - CVE-2019-10203
# 4.1.10-r0:
# - CVE-2019-10163
# - CVE-2019-10162
# 4.1.7-r0:
# - CVE-2019-3871
# 4.1.5-r0:
......@@ -82,6 +90,8 @@ package() {
install -m600 -D "$srcdir/$pkgname.conf" \
"$pkgdir/etc/$pkgname/$pkgname.conf"
chown pdns:pdns "$pkgdir/etc/$pkgname/$pkgname.conf"
install -Dm644 "$srcdir"/README.alpine "$pkgdir"/usr/share/doc/$pkgname/README.alpine
}
tools() {
......@@ -135,6 +145,8 @@ backend_remote() { _mv_backend remote; }
backend_sqlite3() { _mv_backend gsqlite3 sqlite; }
#backend_tinydns() { _mv_backend tinydns; }
sha512sums="1113745cdaa8fba591c176721893fb478e976861beee0cb6c0240e5afa6b68c9afae286579036b2ed77fffe76ca1e6f103cda915f8b7b875bcdc1253931ad935 pdns-4.1.8.tar.bz2
sha512sums="18215f523a39d48c8756bc13ecae1bd78967c2d66619d93ddaafb13062690002a9bdfe1d337796820706692c449286c7b9e9b8d45933684d32acbc20e490c0c4 pdns-4.1.11.tar.bz2
3a55547e1b6407e7d2faa6e02982ed903c2364381af1b7eeb626ae3a8b0e32558dd79bf31c982b134414e5636d4868c1f3660ac523f25d2440ed6f7b436843bf pdns.initd
3f809f3257680c3e496fa6a4c86c8a636db5d9d5b92aef96fe54c29b8266ee590deb792d13205cc171e27307fa73295dd3b101b09102fd66a2393a7cdbf9dd27 pdns.conf"
3f809f3257680c3e496fa6a4c86c8a636db5d9d5b92aef96fe54c29b8266ee590deb792d13205cc171e27307fa73295dd3b101b09102fd66a2393a7cdbf9dd27 pdns.conf
a3caac012fae6d53afa9d08eaf4d2e70b406197e586b6716e0a9177d3833165493a55bf119669fd29c4397a8230a33982e38ef0b5a6883d71ee8869c06f0fe22 4.1.10_to_4.1.11.schema.pgsql.sql.patch
f2781a23e14bea9b4bbb84f3b596663c76359c449ef6fd39c87b5ea1163c47e01c5ba490c804709033598f0542ac558bde477729ad1ab9f17d49606fa61b2049 README.alpine"
When upgrading from 4.1.10 and previous:
This release contains a fix for CVE-2019-10203
Upgrading is not enough you need to manually apply the schema change
ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;
......@@ -26,7 +26,7 @@
pkgname=php7
_pkgreal=php
pkgver=7.3.6
pkgver=7.3.9
pkgrel=0
_apiver=20180731
_suffix=${pkgname#php}
......@@ -48,6 +48,7 @@ _depends_mysqli="$pkgname-mysqlnd $pkgname-openssl"
makedepends="
$depends_dev
apache2-dev
argon2-dev
aspell-dev
bison
bzip2-dev
......@@ -181,6 +182,11 @@ case "$CARCH" in
esac
# secfixes:
# 7.3.9-r0:
# - CVE-2019-13224
# 7.3.8-r0:
# - CVE-2019-11041
# - CVE-2019-11042
# 7.2.19-r0:
# - CVE-2019-11039
# - CVE-2019-11040
......@@ -315,6 +321,7 @@ _build() {
--enable-opcache=shared \
--with-openssl=shared \
--with-system-ciphers \
--with-password-argon2 \
--enable-pcntl=shared \
--with-pcre-regex=/usr \
$without_pcre_jit \
......@@ -666,7 +673,7 @@ _mv() {
mv $@
}
sha512sums="3da2d1edfbffc1f7af77f391b10db1ae31ccfbabc756c49c1425b970b92157005c6c5086472769c3d5439d724d277e4dff87f6d40e97b9c3961419cde45e3b17 php-7.3.6.tar.bz2
sha512sums="a46beb28a91f7ee99f37215ddf5f65ab1743373ba98a703ed45615625ee6b4cbda1be8495901da54089f7cb285a6ac21773a29d32871e0a9540c43b57ea41b97 php-7.3.9.tar.bz2
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
......
......@@ -2,8 +2,8 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=ruby-nokogiri
_gemname=${pkgname#ruby-}
pkgver=1.10.3
pkgrel=0
pkgver=1.10.4
pkgrel=1
pkgdesc="An HTML, XML, SAX, and Reader parser"
url="http://nokogiri.org/"
arch="all"
......@@ -18,6 +18,10 @@ source="https://github.com/sparklemotion/$_gemname/archive/v$pkgver/$_gemname-$p
"
builddir="$srcdir/$_gemname-$pkgver"
# secfixes:
# 1.10.4-r0:
# - CVE-2019-5477
prepare() {
default_prepare