.drone.yml

+---
+kind: pipeline
+name: v3.9-x86
+
+clone:
+  depth: 50
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /home/buildozer/drone
+  path: aports
+
+steps:
+  - name: build
+    image: alpinelinux/alpine-drone-ci:v3.9-x86
+    commands:
+      - linux32 build.sh
+    environment:
+      GH_TOKEN:
+        from_secret: github_token
+    pull: always
+
+trigger:
+  event:
+    - pull_request
+
+---
+kind: pipeline
+name: v3.9-x86_64
+
+clone:
+  depth: 50
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /home/buildozer/drone
+  path: aports
+
+steps:
+  - name: build
+    image: alpinelinux/alpine-drone-ci:v3.9-x86_64
+    commands:
+      - build.sh
+    environment:
+      GH_TOKEN:
+        from_secret: github_token
+    pull: always
+
+trigger:
+  event:
+    - pull_request
+
+---
+kind: pipeline
+name: v3.9-aarch64
+
+clone:
+  depth: 50
+
+platform:
+  os: linux
+  arch: arm64
+
+workspace:
+  base: /home/buildozer/drone
+  path: aports
+
+steps:
+  - name: build
+    image: alpinelinux/alpine-drone-ci:v3.9-aarch64
+    commands:
+      - build.sh
+    environment:
+      GH_TOKEN:
+        from_secret: github_token
+    pull: always
+
+trigger:
+  event:
+    - pull_request
+
+---
+kind: pipeline
+name: v3.9-armhf
+
+clone:
+  depth: 50
+
+platform:
+  os: linux
+  arch: arm
+
+workspace:
+  base: /home/buildozer/drone
+  path: aports
+
+steps:
+  - name: build
+    image: alpinelinux/alpine-drone-ci:v3.9-armhf
+    commands:
+      - build.sh
+    environment:
+      GH_TOKEN:
+        from_secret: github_token
+    pull: always
+
+trigger:
+  event:
+    - pull_request
+
+---
+kind: pipeline
+name: v3.9-armv7
+
+clone:
+  depth: 50
+
+platform:
+  os: linux
+  arch: arm
+
+workspace:
+  base: /home/buildozer/drone
+  path: aports
+
+steps:
+  - name: build
+    image: alpinelinux/alpine-drone-ci:v3.9-armv7
+    commands:
+      - build.sh
+    environment:
+      GH_TOKEN:
+        from_secret: github_token
+    pull: always
+
+trigger:
+  event:
+    - pull_request
+

.gitlab-ci.yml

+stages:
+  - lint
+  - build
+
+variables:
+  GIT_STRATEGY: fetch
+  GIT_DEPTH: "0"
+
+default:
+    # Make sure master points to the correct upstream commit
+    before_script:
+      - >
+        git fetch $CI_MERGE_REQUEST_PROJECT_URL
+        +refs/heads/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME:refs/heads/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+
+lint:
+  stage: lint
+  image: alpinelinux/apkbuild-lint-tools:latest
+  script:
+    - changed-aports $CI_MERGE_REQUEST_TARGET_BRANCH_NAME | lint
+  allow_failure: true
+  only:
+    - merge_requests
+  tags:
+    - docker-alpine
+    - x86_64
+
+.build:
+  stage: build
+  image: alpinelinux/alpine-gitlab-ci:latest
+  script:
+    - build.sh
+    - cp -ar ~/packages packages/
+    - mkdir -p keys
+    - cp ~/.abuild/*.rsa.pub keys/
+  artifacts:
+    paths:
+      - packages/
+      - keys/
+    expire_in: 1 day
+  only:
+    - merge_requests
+
+build-x86_64:
+  extends: .build
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_x86_64
+  tags:
+    - docker-alpine
+    - ci-build
+    - x86_64
+
+build-x86:
+  extends: .build
+  image:
+    name: alpinelinux/alpine-gitlab-ci:latest-x86
+    entrypoint: ["linux32", "sh", "-c"]
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_x86
+  tags:
+    - docker-alpine
+    - ci-build
+    - x86
+
+build-s390x:
+  extends: .build
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_s390x
+  tags:
+    - docker-alpine
+    - ci-build
+    - s390x
+
+build-ppc64le:
+  extends: .build
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_ppc64le
+  tags:
+    - docker-alpine
+    - ci-build
+    - ppc64le
+
+build-aarch64:
+  extends: .build
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_aarch64
+  tags:
+    - docker-alpine
+    - ci-build
+    - aarch64
+
+build-armv7:
+  extends: .build
+  artifacts:
+    name: MR${CI_MERGE_REQUEST_ID}_armv7
+  tags:
+    - docker-alpine
+    - ci-build
+    - armv7

community/alpine-make-rootfs/APKBUILD

 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Jakub Jirutka <jakub@jirutka.cz>
 pkgname=alpine-make-rootfs
-pkgver=0.2.0
+pkgver=0.3.1
 pkgrel=0
 pkgdesc="Make customized Alpine Linux rootfs (base image) for containers"
 url="https://github.com/alpinelinux/alpine-make-rootfs"
@@ -17,4 +17,4 @@ package() {
 	make install DESTDIR="$pkgdir" PREFIX=/usr
 }
 
-sha512sums="8f500e11708eae1a856f77efcf6b183d7760576130082f1f2500d670f6ecdbac101b06a538d580a34890fb7c2a0d502b803796ca1a8eaf82ddfadfb43781618b  alpine-make-rootfs-0.2.0.tar.gz"
+sha512sums="7971ac0275e4d2e9bdc3ea29197b40a66e493bf9977249922418f06e1bd9434a62a4ffa0cc637839ae1837f2f8916535977e695cb959288213ce1fee90cc3b44  alpine-make-rootfs-0.3.1.tar.gz"

community/bareos/APKBUILD

@@ -3,7 +3,7 @@
 # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
 pkgname=bareos
 pkgver=17.2.7
-pkgrel=0
+pkgrel=1
 pkgdesc="Bareos - Backup Archiving REcovery Open Sourced"
 url="http://www.bareos.org"
 arch="all"
@@ -22,6 +22,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/Re
 	$pkgname-sd.initd
 	$pkgname-fd.initd
 	path-mounted.patch
+	fix-bsmtp-segfault.patch
+	pthread-double-detach.patch
 	"
 builddir="$srcdir"/${pkgname}-Release-${pkgver}
 
@@ -127,4 +129,6 @@ sha512sums="254eddacb067ef7e82b7a54bdfcbffd5cfa033fa045f697c7e5b5c28dd064b5e1ce9
 eb1e7072b579bf9ae21f2e351d6900abb277db64e373f4760bac8188b82929376e4a196d2c935cefe1ae4cc2c396f2fcba1a25642b26e2f92a0d008fbdc4b5f2  bareos-dir.initd
 c770b1d041fafef93d4eb0269ba8d9733e85ef465657fe8dd5d5c68a27ec773cec9c5c582d4a16596d95bbf6dbd3f7194dc9c0d8ed73138e9fb438fba9aa9445  bareos-sd.initd
 c6347079dbcef5f4a69ec0c4ecc31803520d715d599d89c6bbfbb3741a86c50d7295c30432889b13ee9c16f2feaa84b1c6ae992cfee6505d569c6493d7e85a5b  bareos-fd.initd
-eac4614c1b29ff0f12061837e425ae495890076021b6d1b0f1beb93501cfb905170342dac5dab69b09f825d5b9416eea25fa02e2174b5a704315c7feb08ff3d3  path-mounted.patch"
+eac4614c1b29ff0f12061837e425ae495890076021b6d1b0f1beb93501cfb905170342dac5dab69b09f825d5b9416eea25fa02e2174b5a704315c7feb08ff3d3  path-mounted.patch
+0974ce1ad1a7acd834d75253fe1decdcf40fb1fc0a9248f848514fb201d8482af5319a91b3d0032ee91f6e034225a46ddd9c8058d7f86a514a261408c84f31d1  fix-bsmtp-segfault.patch
+1487e1294ade656e63877994d33621c8cc22258c8db7e95c2e1fdc16a0c5cf6ce77d6a232f46642fe5b3672c404a6f3a79628a983aa01dc4192882bda0e8c51e  pthread-double-detach.patch"

community/bareos/fix-bsmtp-segfault.patch

+Patch from Michael Cassaniti, posted here:
+https://bugs.alpinelinux.org/issues/10156#note-5
+Until this issue is fixed upstream this patch is needed.
+
+diff --git a/src/lib/jcr.c b/src/lib/jcr.c
+index 00bfe8c87..338f90e59 100644
+--- a/src/lib/jcr.c
++++ b/src/lib/jcr.c
+@@ -77,6 +77,7 @@ static pthread_mutex_t jcr_lock = PTHREAD_MUTEX_INITIALIZER;
+ static pthread_mutex_t job_start_mutex = PTHREAD_MUTEX_INITIALIZER;
+ static pthread_mutex_t last_jobs_mutex = PTHREAD_MUTEX_INITIALIZER;
+
++static bool jcr_initialized = false;
+ #ifdef HAVE_WIN32
+ static bool tsd_initialized = false;
+ static pthread_key_t jcr_key;         /* Pointer to jcr for each thread */
+@@ -351,6 +352,8 @@ static void create_jcr_key()
+       berrno be;
+       Jmsg1(NULL, M_ABORT, 0, _("pthread key create failed: ERR=%s\n"),
+             be.bstrerror(status));
++   } else {
++     jcr_initialized = true;
+    }
+ }
+
+@@ -719,7 +722,10 @@ void set_jcr_in_tsd(JCR *jcr)
+  */
+ JCR *get_jcr_from_tsd()
+ {
+-   JCR *jcr = (JCR *)pthread_getspecific(jcr_key);
++   JCR *jcr = (JCR *)INVALID_JCR;
++   if (jcr_initialized){
++     jcr = (JCR *)pthread_getspecific(jcr_key);
++   }
+
+    /*
+     * Set any INVALID_JCR to NULL which the rest of BAREOS understands
+@@ -736,7 +742,7 @@ JCR *get_jcr_from_tsd()
+  */
+ uint32_t get_jobid_from_tsd()
+ {
+-   JCR *jcr = (JCR *)pthread_getspecific(jcr_key);
++   JCR *jcr = get_jcr_from_tsd();
+    uint32_t JobId = 0;
+
+    if (jcr && jcr != INVALID_JCR) {

community/bareos/pthread-double-detach.patch

+This patch fixes a double pthread_detach(), which is undefined behaviour
+and leads to a segfault when running with musl libc.
+Until this issue is fixed upstream this patch is needed.
+
+--- a/src/dird/ua_server.c
++++ b/src/dird/ua_server.c
+@@ -73,7 +73,15 @@
+    UAContext *ua;
+    JCR *jcr;
+ 
+-   pthread_detach(pthread_self());
++   /* only detach if not yet detached */
++   int _detachstate;
++   pthread_attr_t _gattr;
++   pthread_getattr_np(pthread_self(), &_gattr);
++   pthread_attr_getdetachstate(&_gattr, &_detachstate);
++   pthread_attr_destroy(&_gattr);
++   if(_detachstate != PTHREAD_CREATE_DETACHED) {
++      pthread_detach(pthread_self());
++   }
+ 
+    jcr = new_control_jcr("-Console-", JT_CONSOLE);
+ 
+--- a/src/dird/job.c
++++ b/src/dird/job.c
+@@ -420,7 +420,16 @@
+ {
+    JCR *jcr = (JCR *)arg;
+ 
+-   pthread_detach(pthread_self());
++   /* only detach if not yet detached */
++   int _detachstate;
++   pthread_attr_t _gattr;
++   pthread_getattr_np(pthread_self(), &_gattr);
++   pthread_attr_getdetachstate(&_gattr, &_detachstate);
++   pthread_attr_destroy(&_gattr);
++   if(_detachstate != PTHREAD_CREATE_DETACHED) {
++      pthread_detach(pthread_self());
++   }
++
+    Dsm_check(100);
+ 
+    Dmsg0(200, "=====Start Job=========\n");

community/borgbackup/APKBUILD

@@ -2,7 +2,7 @@
 # Maintainer: Jakub Jirutka <jakub@jirutka.cz>
 pkgname=borgbackup
 pkgver=1.1.7
-pkgrel=1
+pkgrel=2
 pkgdesc="Deduplicating backup program"
 url="https://borgbackup.readthedocs.io/"
 arch="all"
@@ -10,7 +10,8 @@ license="BSD-3-Clause"
 depends="python3 py3-msgpack py3-zmq"
 makedepends="python3-dev lz4-dev acl-dev attr-dev openssl-dev linux-headers
 	py3-setuptools"
-source="https://github.com/$pkgname/borg/releases/download/$pkgver/$pkgname-$pkgver.tar.gz"
+source="https://github.com/$pkgname/borg/releases/download/$pkgver/$pkgname-$pkgver.tar.gz
+        msgpack-fix.patch"
 
 build() {
 	cd "$builddir"
@@ -26,4 +27,5 @@ package() {
 	find . -name '*.h' -delete -o -name '*.c' -delete -o -name '*.pyx' -delete
 }
 
-sha512sums="586420b9cad7e731f2f1b8b05f3cd3dc606691c5a5ec307e887035d941ac5ac6d4c988783660969960a1221e4d9f2b865ee5558d4007ea7524632d0a50a8a402  borgbackup-1.1.7.tar.gz"
+sha512sums="586420b9cad7e731f2f1b8b05f3cd3dc606691c5a5ec307e887035d941ac5ac6d4c988783660969960a1221e4d9f2b865ee5558d4007ea7524632d0a50a8a402  borgbackup-1.1.7.tar.gz
+0b30850df11124c7d699867a88852dc2c49c7e3b4025f1d75a3b4404ca5801d73ab21260f86a7725bb3b19650c8c0ddea05569f5696cb68b3e45c8faf54a97b6  msgpack-fix.patch"

community/borgbackup/msgpack-fix.patch

+--- borgbackup-1.1.7/setup.py.original
++++ borgbackup-1.1.7/setup.py
+@@ -39,7 +39,9 @@
+     # we are rather picky about msgpack versions, because a good working msgpack is
+     # very important for borg, see https://github.com/borgbackup/borg/issues/3753
+     # best versions seem to be 0.4.6, 0.4.7, 0.4.8 and 0.5.6:
+-    'msgpack-python >=0.4.6, <=0.5.6, !=0.5.0, !=0.5.1, !=0.5.2, !=0.5.3, !=0.5.4, !=0.5.5',
++    'msgpack-python >=0.4.6, <=0.5.6, !=0.5.0, !=0.5.1, !=0.5.2, !=0.5.3, !=0.5.4, !=0.5.5;python_version <"3.4"',
++    'msgpack-python >=0.4.6, <0.5;python_version=="3.4"',
++    'msgpack >=0.5.6;python_version >="3.5"',
+     # if you can't satisfy the above requirement, these are versions that might
+     # also work ok, IF you make sure to use the COMPILED version of msgpack-python,
+     # NOT the PURE PYTHON fallback implementation: ==0.5.1, ==0.5.4

community/chromium/APKBUILD

 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=chromium
-pkgver=71.0.3578.98
-pkgrel=2
+pkgver=72.0.3626.121
+pkgrel=0
 pkgdesc="chromium web browser"
 url="http://www.chromium.org/"
-arch="x86_64" # aarch64 armhf armv7 temp disable because we need clang for arm
+arch="x86_64 armv7" # aarch64 temp disable due to build failure
 license="BSD"
 depends="xdg-utils"
 depends_dev=""
@@ -17,8 +17,6 @@ makedepends="$depends_dev
 	bsd-compat-headers
 	bzip2-dev
 	cairo-dev
-	clang
-	clang-dev
 	cups-dev
 	dbus-glib-dev
 	eudev-dev
@@ -89,7 +87,6 @@ source="https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn
 	google-api.keys
 
 	default-pthread-stacksize.patch
-	gn-bootstrap-remove-sysroot-related-options.patch
 	musl-fixes.patch
 	musl-fixes-breakpad.patch
 	musl-hacks.patch
@@ -103,18 +100,22 @@ source="https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn
 
 	chromium-use-alpine-target.patch
 	chromium-gcc-r1.patch
-	chromium-skia-harmony.patch
 	media-base.patch
 	musl-crashpad.patch
-	chromium-71-gcc-0.patch
+	musl-v8-fix-deadlock.patch
+	musl-v8-monotonic-pthread-cont_timedwait.patch
 	gcc8-alignof.patch
-	chromium-fix_harfbuzz_2.patch
-	chromium-enable-vaapi.patch
-	chromium-i686-vaapi-fpermissive.patch
+	gcc-fno-delete-null-pointer-checks.patch
+	gcc-arm.patch
+	musl-arm-limits.patch
 	"
 
 builddir="$srcdir"/$pkgname-$pkgver
 
+# secfixes:
+#   72.0.3626.121-r0:
+#     - CVE-2019-5786
+
 if [ -n "$DEBUG" ]; then
 	_buildtype=Debug
 	_is_debug=true
@@ -148,6 +149,7 @@ prepare() {
 		ffmpeg
 		flac
 		fontconfig
+		freetype
 		harfbuzz-ng
 		libdrm
 		libevent
@@ -173,6 +175,11 @@ prepare() {
 			-delete
 	done
 
+	# workaround missing files for arm
+	for i in safe_conversions_arm_impl.h safe_math_arm_impl.h; do
+		ln -s ../../../../base/numerics/$i tools/gn/base/numerics/$i
+	done
+
 	msg "Replacing gyp files"
 	python build/linux/unbundle/replace_gn_files.py --system-libraries \
 		${use_system}
@@ -193,8 +200,6 @@ build() {
 	##############################################################
 	eval "$(base64 -d < $srcdir/google-api.keys)"
 
-	local _ca=""
-
 	msg "Bootstrapping GN"
 	local _c=$(_gn_flags is_clang=false \
 		use_sysroot=false \
@@ -208,11 +213,12 @@ build() {
 	)
 
 	AR="ar" CC="${CC:-gcc}" CXX="${CXX:-g++}" LD="${CXX:-g++}" \
-		python tools/gn/bootstrap/bootstrap.py -s -v --gn-gen-args "$_c $_ca"
+		python tools/gn/bootstrap/bootstrap.py -s -v --gn-gen-args "$_c"
 
 	msg "Configuring build"
 	_c=$(_gn_flags \
 		clang_use_chrome_plugins=false \
+		closure_compile=false \
 		custom_toolchain=\"//build/toolchain/linux/unbundle:default\" \
 		enable_hangout_services_extension=true \
 		enable_nacl=false \
@@ -228,6 +234,7 @@ build() {
 		host_toolchain=\"//build/toolchain/linux/unbundle:default\" \
 		icu_use_data_file=true \
 		is_clang=false \
+		is_component_build=false \
 		is_debug=$_is_debug \
 		is_desktop_linux=true \
 		linux_use_bundled_binutils=false \
@@ -245,7 +252,6 @@ build() {
 		use_pulseaudio=false \
 		use_sysroot=false \
 		use_system_harfbuzz=true \
-		use_vaapi=true \
 	)
 
 	AR="ar" CC="${CC:-gcc}" CXX="${CXX:-g++}" LD="${CXX:-g++}" NM=/usr/bin/nm \
@@ -325,14 +331,13 @@ chromedriver() {
 	mv "$pkgdir"/usr/bin/chromedriver "$subpkgdir"/usr/bin
 }
 
-sha512sums="dbeb90e16c6c05422c1f43e8fe747d60dab49c1fffdd0f33824ca24429f3871bda649eb1e6402470d3d9bb701e47d55d2fff4f46530e3f43e72f516d1837aad6  chromium-71.0.3578.98.tar.xz
+sha512sums="0bbeba7fa662d92ad60fdb56b3a73b79fc40ecb1499bb3b9a50b78ab7900b7a4de83f271c1c299e386dc9f72bfb2cbf71f83a388c6e14e288ab42b2b673fce96  chromium-72.0.3626.121.tar.xz
 a3bb959c65944ae2fb765725cedcffd743a58bc0c2cd1f1999d15fe79801d00f3474b08b4ed7b48859ed921eb57093d0ad09d90f201d729ed9b8a419a591ed29  pstables-2.8.h
 b9a810416dd7a8ffc3a5ced85ad9acebda1665bd08a57eec7b189698cc5f74d2c3fd69044e20fcb83297a43214b2772a1312b2c6122ea0eb716abacf39524d60  chromium-launcher.sh
 f6d962b9e4c22dd42183df3db5d3202dab33eccecafb1bf63ca678147289581262db1e5e64cbe8f9c212beefb0a6717bb8d311e497f56b55fe95b8bab2db493f  chromium.conf
 e182c998a43d22d1c76a86c561619afd1fca8c2be668265ad5e2f81a3806f7a154272cc027a2f8b370fb69446892c69e5967a4be76082325c14245ee7915234c  chromium.desktop
 2d8237a940ea691bd10b08315429677a587f7ef9692a0cca53bfd066eae82998a6c71f402a8669e9de39f94d7f3280745d1628ea6eac5d76ca7116844d4e0dac  google-api.keys
 230d1819b9d644ebaa6e194e948d662add8d237a99cc3d6b0f8a2fc2b331b43a3cd0766746f1c76c1a114f1730b40504c532d0c40aafa8cbc45022663cbcc245  default-pthread-stacksize.patch
-1c7398a68ee01b9d61c1bb1a3e6dfcc88662da42b9012844040bd86e858228dc480c7f21d2c52829e9959e4a3f6e39b8c5cb22f8f7c8394322c8347d828b6625  gn-bootstrap-remove-sysroot-related-options.patch
 9cd1defffb55cd1290e82b233a623e962775e19f001b26ae8f74330f3467499fd16067d607ca8e2b0b9b8d8988cd7ea2af93df65d7cc3d9299b8bc2b472c712e  musl-fixes.patch
 90efbc89151c77f32434364dcbaabaf9d9a207f4a77f147cd51b3fe100832fbfb3a9fb665303a79a3d788e400f4f41890de202ccbb7bd1fc6252e33c6e74e429  musl-fixes-breakpad.patch
 0aa3176f1021332088740d6e4fe2eadbe375240df0690c8449426a42a674fdf58e8a1fda85ca527dc1b4451e964d54564283fd81e3b7df059f5bcfccb8e07e84  musl-hacks.patch
@@ -345,11 +350,11 @@ db7f676d3476820c29f234b1f8f17a74e82b72d67fc727c715307734fd238e3cb0f99d8b5320d45f
 1b8647ab4081ec27f142eb564841b603dbf4c41118502e43b061d06f8866ebd1418d676457ed9ee0dc0a759e0369a29219bea98e74f687ddcba5d4513ca460ba  secure_getenv.patch
 246c43a0ab557671119ebc4ecb292925ebfee25312fb50e739a179dc085d23b9623bec2d7baecdd37ebd9318f8770664f20c12de6383def74cd89b7845d149ce  chromium-use-alpine-target.patch
 6e2bcbed44786c6c0d3beda935269f30fdcdf07c400defa6bf73f8359a60b1d59cc2f80dbc106be651a535635995641321d9e524b18919d3975bd6008a641d59  chromium-gcc-r1.patch
-cbd99d51178fa5c2c3dee1eb4990240ca2ff829cee9151384e36bc3c634698c0ecaf9b51c99e901f38d0a37eef7187fe5ad39b9b7f528f7a9066a855a0c6e49f  chromium-skia-harmony.patch
 589a7acf149d44db081da2dd24a7769f2b9572a8cc64d2aad78577a64768d3b6fb2bfa02292b5260acd2c4a28c3ae9b82847ff901ce8a21baeca0b46dcda0ca9  media-base.patch
 05c1af43038f76014f5f8b605085310414242f2bfad0e3258ddb29a08e7f4307de31b2d551b0a291986cc7d5a01cf3a003ac864216877195bb4310fd33193f0f  musl-crashpad.patch
-74fcae35afd964e2dc09508325465ee0d2efd13b94941eaf6464da1f4b32a34b326cf2c290fffcfc930acefda51a64dfbc980527900849efb5a94922cc17bc20  chromium-71-gcc-0.patch
+2c22e0d56b2557bafc842043911ecd0f8f70589013aeb7d3e8c7c8a5622bdbfe1f249e7223991ebf6130c7a45c7771a02dcc096dd03c48e2559ea4741147cfce  musl-v8-fix-deadlock.patch
+6953e83d4034f7a016dd055fed152a8a448f741a4c4f7a8f3b03cc7a4589d3d3c03775f844d76d6d4478ac15c655fee0be7355f0d5062ddc7fa9f6ce4b011116  musl-v8-monotonic-pthread-cont_timedwait.patch
 9bfc532fd1e84e30362ac41fcd68253e17ee4cb5e986ceb5bb122e3235e4617e295ce9dddfdfbbd0b9d3e67267096152da2a19e3bb4bb9111c7fdb22fa398872  gcc8-alignof.patch
-4e6bfecdece829306b8c2ea2a4b6d9b0598f97e5b164e0f468e765ffa10cac6b9e57c8814b79eb1244a314d81e8954654111a2e1e056b2c450b369994337cb40  chromium-fix_harfbuzz_2.patch
-b0e61b4710a8e9009bd9c10722d902391b83c0400a48a6a40cc0e117ca4c1895732babe5baa078f5b3096b72d105fa2d1f4196f8d35c1ae94ff4d8d99d2a17f5  chromium-enable-vaapi.patch
-42d64d07215476295a35568e4492297a00b66205b5a41288a98b1663985fe1868e9595e961284dfbbd8b5846cc1b04e365ab89733270ffbc6967e3366571cf47  chromium-i686-vaapi-fpermissive.patch"
+bb0f3dc1ade429a398d487ae190a278948533398c4a1085aeb35ff57fefb90a1e598008ba839423ca0acd30ba4c992950f395dba3b9994d3c7187fe68b9a93d7  gcc-fno-delete-null-pointer-checks.patch
+9f4a555b98ca47063fd5a90d119686de09d5c8ecdec2ef936f42cf45d3ba012e91a6455d3d550b3c90da15ca9b085238afd442a21ce47bea571ff356b74620f8  gcc-arm.patch
+3bcffb36f28a01d8bb91f1c1ee1e327caebb1e139d4e8772ad15460ee69cb5ea3307a235dc83184a9e09b687882d9617f3a3ce1a7b07cbd6e11b0a5d6a6ace81  musl-arm-limits.patch"

community/chromium/chromium-71-gcc-0.patch

-From 65be571f6ac2f7942b4df9e50b24da517f829eec Mon Sep 17 00:00:00 2001
-From: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
-Date: Mon, 15 Oct 2018 20:26:10 +0000
-Subject: [PATCH] google_util: Explicitly use std::initializer_list with
- base::NoDestructor
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Follow-up to ac53c5c53 ("Remove CR_DEFINE_STATIC_LOCAL from /components").
-Due to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84849, having
-base::NoDestructor<T<U>> and passing an initializer list of Us does not
-work if this is not done explicitly, as GCC incorrectly fails to determine
-which constructor overload to use:
-
-    ../../components/google/core/common/google_util.cc: In function ‘bool google_util::{anonymous}::IsCanonicalHostGoogleHostname(base::StringPiece, google_util::SubdomainPermission)’:
-    ../../components/google/core/common/google_util.cc:120:24: error: call of overloaded ‘NoDestructor(<brace-enclosed initializer list>)’ is ambiguous
-           {GOOGLE_TLD_LIST});
-
-See also: https://chromium-review.googlesource.com/c/chromium/src/+/1170905
-
-Bug: 819294
-Change-Id: Ie1490b6646d7998d636c485769caabf56c1cf44c
-Reviewed-on: https://chromium-review.googlesource.com/c/1275854
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Commit-Queue: Raphael Kubo da Costa (CET) <raphael.kubo.da.costa@intel.com>
-Cr-Commit-Position: refs/heads/master@{#599733}
----
- components/google/core/common/google_util.cc | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/google/core/common/google_util.cc b/components/google/core/common/google_util.cc
-index a44c84393820..7733848a0443 100644
---- components/google/core/common/google_util.cc
-+++ components/google/core/common/google_util.cc
-@@ -117,7 +117,7 @@ bool IsCanonicalHostGoogleHostname(base::StringPiece canonical_host,
-   StripTrailingDot(&tld);
- 
-   static base::NoDestructor<std::set<std::string>> google_tlds(
--      {GOOGLE_TLD_LIST});
-+      std::initializer_list<std::string>({GOOGLE_TLD_LIST}));
-   return base::ContainsKey(*google_tlds, tld.as_string());
- }
- 
-@@ -132,7 +132,8 @@ bool IsGoogleSearchSubdomainUrl(const GURL& url) {
-   StripTrailingDot(&host);
- 
-   static base::NoDestructor<std::set<std::string>> google_subdomains(
--      {"ipv4.google.com", "ipv6.google.com"});
-+      std::initializer_list<std::string>(
-+          {"ipv4.google.com", "ipv6.google.com"}));
- 
-   return base::ContainsKey(*google_subdomains, host.as_string());
- }
--- 
-2.19.1
-

community/chromium/chromium-fix_harfbuzz_2.patch

-From 7ae38170a117e909bb28e1470842b68de3501197 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppymaster@gmail.com>
-Date: Sun, 21 Oct 2018 10:06:53 -0400
-Subject: [PATCH] blink: add 'const' modifier for harfbuzz hb_codepoint_t
- pointers
-
-This resolves a build failure against harfbuzz 2.0.
-
-Based on a patch by Alexandre Fierreira.
-
-Bug: https://bugs.gentoo.org/669034
----
- .../renderer/platform/fonts/shaping/harfbuzz_face.cc     | 2 +-
- .../renderer/platform/fonts/skia/skia_text_metrics.cc    | 9 +++++++--
- .../renderer/platform/fonts/skia/skia_text_metrics.h     | 2 +-
- 3 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/third_party/blink/renderer/platform/fonts/shaping/harfbuzz_face.cc b/third_party/blink/renderer/platform/fonts/shaping/harfbuzz_face.cc
-index 8e7d91ca371f..e279a5876cb3 100644
---- third_party/blink/renderer/platform/fonts/shaping/harfbuzz_face.cc
-+++ third_party/blink/renderer/platform/fonts/shaping/harfbuzz_face.cc
-@@ -139,7 +139,7 @@ static hb_position_t HarfBuzzGetGlyphHorizontalAdvance(hb_font_t* hb_font,
- static void HarfBuzzGetGlyphHorizontalAdvances(hb_font_t* font,
-                                                void* font_data,
-                                                unsigned count,
--                                               hb_codepoint_t* first_glyph,
-+                                               const hb_codepoint_t* first_glyph,
-                                                unsigned int glyph_stride,
-                                                hb_position_t* first_advance,
-                                                unsigned int advance_stride,
-diff --git a/third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.cc b/third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.cc
-index 77ec6209fab9..9f9070921448 100644
---- third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.cc
-+++ third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.cc
-@@ -18,6 +18,11 @@ T* advance_by_byte_size(T* p, unsigned byte_size) {
-   return reinterpret_cast<T*>(reinterpret_cast<uint8_t*>(p) + byte_size);
- }
- 
-+template <class T>
-+T* advance_by_byte_size_const(T* p, unsigned byte_size) {
-+  return reinterpret_cast<T*>(reinterpret_cast<const uint8_t*>(p) + byte_size);
-+}
-+
- }  // namespace
- 
- SkiaTextMetrics::SkiaTextMetrics(const SkPaint* paint) : paint_(paint) {
-@@ -39,7 +44,7 @@ void SkiaTextMetrics::GetGlyphWidthForHarfBuzz(hb_codepoint_t codepoint,
- }
- 
- void SkiaTextMetrics::GetGlyphWidthForHarfBuzz(unsigned count,
--                                               hb_codepoint_t* glyphs,
-+                                               const hb_codepoint_t* glyphs,
-                                                unsigned glyph_stride,
-                                                hb_position_t* advances,
-                                                unsigned advance_stride) {
-@@ -48,7 +53,7 @@ void SkiaTextMetrics::GetGlyphWidthForHarfBuzz(unsigned count,
-   // array that copy them to a regular array.
-   Vector<Glyph, 256> glyph_array(count);
-   for (unsigned i = 0; i < count;
--       i++, glyphs = advance_by_byte_size(glyphs, glyph_stride)) {
-+       i++, glyphs = advance_by_byte_size_const(glyphs, glyph_stride)) {
-     glyph_array[i] = *glyphs;
-   }
-   Vector<SkScalar, 256> sk_width_array(count);
-diff --git a/third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.h b/third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.h
-index 787d8af0375a..3bc4407c641b 100644
---- third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.h
-+++ third_party/blink/renderer/platform/fonts/skia/skia_text_metrics.h
-@@ -19,7 +19,7 @@ class SkiaTextMetrics final {
- 
-   void GetGlyphWidthForHarfBuzz(hb_codepoint_t, hb_position_t* width);
-   void GetGlyphWidthForHarfBuzz(unsigned count,
--                                hb_codepoint_t* first_glyph,
-+                                const hb_codepoint_t* first_glyph,
-                                 unsigned glyph_stride,
-                                 hb_position_t* first_advance,
-                                 unsigned advance_stride);
--- 
-2.19.1
-

community/chromium/chromium-i686-vaapi-fpermissive.patch

---- media/gpu/vaapi/BUILD.gn.i686permissive	2018-11-29 09:27:02.405909871 -0500
-+++ media/gpu/vaapi/BUILD.gn	2018-11-29 09:29:50.648259696 -0500
-@@ -10,6 +10,11 @@ import("//ui/ozone/ozone.gni")
- 
- assert(use_vaapi)
- 
-+config("vaapi_permissive") {
-+  cflags = [ "-fpermissive" ]
-+}
-+
-+
- action("libva_generate_stubs") {
-   extra_header = "va_stub_header.fragment"
- 
-@@ -98,6 +103,8 @@ source_set("vaapi") {
-     "//third_party/libyuv",
-   ]
- 
-+  configs += [ ":vaapi_permissive" ]
-+
-   if (use_x11) {
-     configs += [ "//build/config/linux:x11" ]
-     deps += [ "//ui/gfx/x" ]

community/chromium/chromium-skia-harmony.patch

---- third_party/skia/src/ports/SkFontHost_FreeType.cpp.orig	2017-10-10 17:42:06.956950985 +0200
-+++ third_party/skia/src/ports/SkFontHost_FreeType.cpp	2017-10-10 17:46:05.824187787 +0200
-@@ -99,8 +99,6 @@
-     FreeTypeLibrary()
-         : fGetVarDesignCoordinates(nullptr)
-         , fLibrary(nullptr)
--        , fIsLCDSupported(false)
--        , fLCDExtra(0)
-     {
-         if (FT_New_Library(&gFTMemory, &fLibrary)) {
-             return;
-@@ -147,12 +145,7 @@
-         }
- #endif
- 
--        // Setup LCD filtering. This reduces color fringes for LCD smoothed glyphs.
--        // The default has changed over time, so this doesn't mean the same thing to all users.
--        if (FT_Library_SetLcdFilter(fLibrary, FT_LCD_FILTER_DEFAULT) == 0) {
--            fIsLCDSupported = true;
--            fLCDExtra = 2; //Using a filter adds one full pixel to each side.
--        }
-+        FT_Library_SetLcdFilter(fLibrary, FT_LCD_FILTER_DEFAULT);
-     }
-     ~FreeTypeLibrary() {
-         if (fLibrary) {
-@@ -161,8 +153,6 @@
-     }
- 
-     FT_Library library() { return fLibrary; }
--    bool isLCDSupported() { return fIsLCDSupported; }
--    int lcdExtra() { return fLCDExtra; }
- 
-     // FT_Get_{MM,Var}_{Blend,Design}_Coordinates were added in FreeType 2.7.1.
-     // Prior to this there was no way to get the coordinates out of the FT_Face.
-@@ -173,8 +163,6 @@
- 
- private:
-     FT_Library fLibrary;
--    bool fIsLCDSupported;
--    int fLCDExtra;
- 
-     // FT_Library_SetLcdFilterWeights was introduced in FreeType 2.4.0.
-     // The following platforms provide FreeType of at least 2.4.0.
-@@ -704,17 +692,6 @@
-         rec->fTextSize = SkIntToScalar(1 << 14);
-     }
- 
--    if (isLCD(*rec)) {
--        // TODO: re-work so that FreeType is set-up and selected by the SkFontMgr.
--        SkAutoMutexAcquire ama(gFTMutex);
--        ref_ft_library();
--        if (!gFTLibrary->isLCDSupported()) {
--            // If the runtime Freetype library doesn't support LCD, disable it here.
--            rec->fMaskFormat = SkMask::kA8_Format;
--        }
--        unref_ft_library();
--    }
--
-     SkPaint::Hinting h = rec->getHinting();
-     if (SkPaint::kFull_Hinting == h && !isLCD(*rec)) {
-         // collapse full->normal hinting if we're not doing LCD
-@@ -1115,11 +1092,11 @@
- void SkScalerContext_FreeType::updateGlyphIfLCD(SkGlyph* glyph) {
-     if (isLCD(fRec)) {
-         if (fLCDIsVert) {
--            glyph->fHeight += gFTLibrary->lcdExtra();
--            glyph->fTop -= gFTLibrary->lcdExtra() >> 1;
-+            glyph->fHeight += 2;
-+            glyph->fTop -= 1;
-         } else {
--            glyph->fWidth += gFTLibrary->lcdExtra();
--            glyph->fLeft -= gFTLibrary->lcdExtra() >> 1;
-+            glyph->fWidth += 2;
-+            glyph->fLeft -= 1;
-         }
-     }
- }

community/chromium/gcc-arm.patch

+diff --git a/third_party/zlib/BUILD.gn b/third_party/zlib/BUILD.gn
+index b44bda6..1d159d8 100644
+--- ./third_party/zlib/BUILD.gn
++++ ./third_party/zlib/BUILD.gn
+@@ -63,7 +63,7 @@ config("zlib_arm_crc32_config") {
+     #  - ChromeOS has wrapper scripts that are borking the compiler flags.
+     #  - Fuchsia just added a syscall for feature detection.
+     # TODO(cavalcantii): crbug.com/810125.
+-    if (!is_ios && !is_chromeos && !is_fuchsia) {
++    if (is_clang && !is_ios && !is_chromeos && !is_fuchsia) {
+       defines = [ "CRC32_ARMV8_CRC32" ]
+       if (is_android) {
+         defines += [ "ARMV8_OS_ANDROID" ]

community/chromium/gcc-fno-delete-null-pointer-checks.patch

+diff --git a/v8/BUILD.gn b/v8/BUILD.gn
+index 3c03942..870b1e6 100644
+--- ./v8/BUILD.gn
++++ ./v8/BUILD.gn
+@@ -577,6 +577,14 @@ config("toolchain") {
+     defines += [ "V8_ANDROID_LOG_STDOUT" ]
+   }
+ 
++  if (!is_win && !is_clang) {
++    # GCC 6+ can optimize away pointer comparisons to null. This is
++    # problematic as V8 encodes Values through tagged pointers and comparisons
++    # with 0 are actually necessary in many cases. As a temporary Workaround
++    # we disable this optimization. See: https://crbug.com/v8/3782
++    cflags += [ "-fno-delete-null-pointer-checks" ]
++  }
++
+   # TODO(jochen): Support v8_enable_prof on Windows.
+   # TODO(jochen): Add support for compiling with simulators.
+ 

community/chromium/gn-bootstrap-remove-sysroot-related-options.patch

-See: https://chromium.googlesource.com/chromium/src/tools/gn/+/6630c2e334d7bc179e95a3d543a8eca3201d6725%5E%21/#F0
-diff --git a/bootstrap/bootstrap.py b/bootstrap/bootstrap.py
-index 261fddd..1945852 100755
---- tools/gn/bootstrap/bootstrap.py
-+++ tools/gn/bootstrap/bootstrap.py
-@@ -46,10 +46,6 @@
-       '--build-path',
-       help='The directory in which to build gn, '
-       'relative to the src directory. (eg. out/Release)')
--  parser.add_option(
--      '--with-sysroot',
--      action='store_true',
--      help='Download and build with the Debian sysroot.')
-   parser.add_option('-v', '--verbose', help='ignored')
-   parser.add_option(
-       '--skip-generate-buildfiles',
-@@ -76,8 +72,6 @@
-       '--no-last-commit-position',
-       '--out-path=' + gn_build_dir,
-   ]
--  if not options.with_sysroot:
--    cmd.append('--no-sysroot')
-   if options.debug:
-     cmd.append('--debug')
-   subprocess.check_call(cmd)

community/chromium/musl-arm-limits.patch

+diff --git a/third_party/crashpad/crashpad/snapshot/linux/cpu_context_linux.cc b/third_party/crashpad/crashpad/snapshot/linux/cpu_context_linux.cc
+index 6ba52a8..0c7a9f9 100644
+--- ./third_party/crashpad/crashpad/snapshot/linux/cpu_context_linux.cc
++++ ./third_party/crashpad/crashpad/snapshot/linux/cpu_context_linux.cc
+@@ -14,6 +14,7 @@
+ 
+ #include "snapshot/linux/cpu_context_linux.h"
+ 
++#include <limits>
+ #include <stddef.h>
+ #include <string.h>
+ 

community/chromium/musl-v8-fix-deadlock.patch

+Release the mutex before mess with the stack guard
+
+Upstream report: https://bugs.chromium.org/p/v8/issues/detail?id=8881
+
+diff --git a/v8/src/compiler-dispatcher/optimizing-compile-dispatcher.cc b/v8/src/compiler-dispatcher/optimizing-compile-dispatcher.cc
+index 09226e1..29a1871 100644
+--- ./v8/src/compiler-dispatcher/optimizing-compile-dispatcher.cc
++++ ./v8/src/compiler-dispatcher/optimizing-compile-dispatcher.cc
+@@ -132,8 +132,10 @@ void OptimizingCompileDispatcher::CompileNext(OptimizedCompilationJob* job) {
+   // The function may have already been optimized by OSR.  Simply continue.
+   // Use a mutex to make sure that functions marked for install
+   // are always also queued.
+-  base::MutexGuard access_output_queue_(&output_queue_mutex_);
+-  output_queue_.push(job);
++  {
++    base::MutexGuard access_output_queue_(&output_queue_mutex_);
++    output_queue_.push(job);
++  }
+   isolate_->stack_guard()->RequestInstallCode();
+ }
+ 

community/chromium/musl-v8-monotonic-pthread-cont_timedwait.patch

+Use monotonic clock for pthread_cond_timedwait with musl too.
+
+diff --git a/v8/src/base/platform/condition-variable.cc b/v8/src/base/platform/condition-variable.cc
+index 5ea7083..c13027e 100644
+--- ./v8/src/base/platform/condition-variable.cc
++++ ./v8/src/base/platform/condition-variable.cc
+@@ -16,7 +16,7 @@ namespace base {
+ 
+ ConditionVariable::ConditionVariable() {
+ #if (V8_OS_FREEBSD || V8_OS_NETBSD || V8_OS_OPENBSD || \
+-     (V8_OS_LINUX && V8_LIBC_GLIBC))
++     V8_OS_LINUX)
+   // On Free/Net/OpenBSD and Linux with glibc we can change the time
+   // source for pthread_cond_timedwait() to use the monotonic clock.
+   pthread_condattr_t attr;
+@@ -92,7 +92,7 @@ bool ConditionVariable::WaitFor(Mutex* mutex, const TimeDelta& rel_time) {
+       &native_handle_, &mutex->native_handle(), &ts);
+ #else
+ #if (V8_OS_FREEBSD || V8_OS_NETBSD || V8_OS_OPENBSD || \
+-     (V8_OS_LINUX && V8_LIBC_GLIBC))
++     V8_OS_LINUX)
+   // On Free/Net/OpenBSD and Linux with glibc we can change the time
+   // source for pthread_cond_timedwait() to use the monotonic clock.
+   result = clock_gettime(CLOCK_MONOTONIC, &ts);

community/containerd/APKBUILD

@@ -4,8 +4,8 @@
 pkgname=containerd
 
 # NOTE: containerd's Makefile tries to get REVISION from git, but we're building from a tarball.
-_commit=9754871865f7fe2f4e74d43e2fc7ccd237edcbce
-pkgver=1.2.2
+_commit=85f6aa58b8a3170aec9824568f7a31832878b603
+pkgver=1.2.7
 pkgrel=0
 pkgdesc="An open and reliable container runtime"
 url="https://containerd.io"
@@ -17,6 +17,10 @@ subpackages="$pkgname-doc"
 source="containerd-$pkgver.tar.gz::https://github.com/containerd/containerd/archive/v$pkgver.tar.gz"
 builddir="$srcdir/src/github.com/containerd/containerd"
 
+# secfixes:
+#   1.2.6:
+#     - CVE-2019-9946
+
 build() {
 	cd "$srcdir"
 	export GOPATH="$PWD"
@@ -42,4 +46,4 @@ package() {
 	install -Dm644 "$builddir"/man/*.5 "$pkgdir"/usr/share/man/man5/
 }
 
-sha512sums="0fdd8799c5afb75074b6f00d5191e983ff570b323242665055c73b2e7a6bdd74a745e287f4f7b675dde26e8bf083c144104151e794ad24d2a8f6f39ae2ee6fff  containerd-1.2.2.tar.gz"
+sha512sums="b96ca236d28933c1bf309fc7204af7d2c356e19af394d5c2274a178c8f15298faf6ca9bb8e7d04acb7c3c9c41035446643a8df0103017f7ed0320bfc37cb8ca9  containerd-1.2.7.tar.gz"

community/docker/APKBUILD

+# Contributor: Eivind Uggedal <eu@eju.no>
 # Contributor: Jake Buchholz <tomalok@gmail.com>
 # Maintainer: Jake Buchholz <tomalok@gmail.com>