diff options
30 files changed, 905 insertions, 217 deletions
diff --git a/aports/base-layout/APKBUILD b/aports/base-layout/APKBUILD index 8bb4724..8b643f3 100644 --- a/aports/base-layout/APKBUILD +++ b/aports/base-layout/APKBUILD @@ -2,7 +2,7 @@ pkgname=baselayout pkgver=3.2.0 -pkgrel=19 +pkgrel=19 # base: 22 pkgdesc="Base dir structure and init scripts (Alpine Linux)" url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" arch="all" diff --git a/aports/broadcom-wl/APKBUILD b/aports/broadcom-wl/APKBUILD index b6c15a2..3d3d5b8 100644 --- a/aports/broadcom-wl/APKBUILD +++ b/aports/broadcom-wl/APKBUILD @@ -2,7 +2,7 @@ pkgname=broadcom-wl pkgver=6.30.223.271 -pkgrel=2 +pkgrel=3 pkgdesc='Broadcom 802.11 Linux STA wireless driver' arch="x86_64" url='https://www.broadcom.com/support/download-search/?pf=Wireless+LAN+Infrastructure' diff --git a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch index f7f901f..d8f5ea0 100644 --- a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch +++ b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch @@ -1,4 +1,4 @@ -From cf95fcc20717e4c0906109b13565fdd06d874ee0 Mon Sep 17 00:00:00 2001 +From df5fffa062ebc46bd13d65c84a4abca6ae1c614d Mon Sep 17 00:00:00 2001 From: Ariadne Conill <ariadne@dereferenced.org> Date: Wed, 10 Mar 2021 23:38:57 -0700 Subject: [PATCH] ash: add built-in $BB_ASH_VERSION variable @@ -19,11 +19,11 @@ varinit_data 360 384 +24 Signed-off-by: Ariadne Conill <ariadne@dereferenced.org> --- - shell/ash.c | 26 +++++++++++++++++++------- - 1 file changed, 19 insertions(+), 7 deletions(-) + shell/ash.c | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/shell/ash.c b/shell/ash.c -index 6a16833b1..b8525dd57 100644 +index 827643808..5f8f41ee9 100644 --- a/shell/ash.c +++ b/shell/ash.c @@ -153,6 +153,14 @@ @@ -41,7 +41,7 @@ index 6a16833b1..b8525dd57 100644 //config:endif # ash options //applet:IF_ASH(APPLET(ash, BB_DIR_BIN, BB_SUID_DROP)) -@@ -2109,6 +2117,9 @@ static const struct { +@@ -2138,6 +2146,9 @@ static const struct { { VSTRFIXED|VTEXTFIXED , "PS1=$ " , NULL }, { VSTRFIXED|VTEXTFIXED , "PS2=> " , NULL }, { VSTRFIXED|VTEXTFIXED , "PS4=+ " , NULL }, @@ -51,7 +51,7 @@ index 6a16833b1..b8525dd57 100644 #if ENABLE_ASH_GETOPTS { VSTRFIXED|VTEXTFIXED , defoptindvar, getoptsreset }, #endif -@@ -2159,18 +2170,19 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; +@@ -2197,19 +2208,20 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var; #define vps1 varinit[VAR_OFFSET1 + 2] #define vps2 varinit[VAR_OFFSET1 + 3] #define vps4 varinit[VAR_OFFSET1 + 4] @@ -62,22 +62,21 @@ index 6a16833b1..b8525dd57 100644 #endif -#define VAR_OFFSET2 (VAR_OFFSET1 + ENABLE_ASH_GETOPTS) -#define vlineno varinit[VAR_OFFSET2 + 5] +-#define vfuncname varinit[VAR_OFFSET2 + 6] +#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_GETOPTS) +#define vlineno varinit[VAR_OFFSET3 + 5] ++#define vfuncname varinit[VAR_OFFSET3 + 6] #if ENABLE_ASH_RANDOM_SUPPORT --# define vrandom varinit[VAR_OFFSET2 + 6] -+# define vrandom varinit[VAR_OFFSET3 + 6] +-# define vrandom varinit[VAR_OFFSET2 + 7] ++# define vrandom varinit[VAR_OFFSET3 + 7] #endif -#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT) +#define VAR_OFFSET4 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT) #if BASH_EPOCH_VARS --# define vepochs varinit[VAR_OFFSET3 + 6] --# define vepochr varinit[VAR_OFFSET3 + 7] -+# define vepochs varinit[VAR_OFFSET4 + 6] -+# define vepochr varinit[VAR_OFFSET4 + 7] +-# define vepochs varinit[VAR_OFFSET3 + 7] +-# define vepochr varinit[VAR_OFFSET3 + 8] ++# define vepochs varinit[VAR_OFFSET4 + 7] ++# define vepochr varinit[VAR_OFFSET4 + 8] #endif #define INIT_G_var() do { \ unsigned i; \ --- -2.30.2 - diff --git a/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch b/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch new file mode 100644 index 0000000..246e9b0 --- /dev/null +++ b/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch @@ -0,0 +1,16 @@ +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Mon, 06 Sep 2021 23:13:05 +0200 +Subject: [PATCH] Avoid redefined warnings when building with utmps + +--- a/include/libbb.h ++++ b/include/libbb.h +@@ -107,6 +107,9 @@ + # define _PATH_UTMPX _PATH_UTMP + # else + # if !defined(__FreeBSD__) ++/* _PATH_UTMP and _PATH_WTMP are defined both in paths.h and utmps/utmp.h. */ ++# undef _PATH_UTMP ++# undef _PATH_WTMP + # include <utmp.h> + # else + # define _PATH_UTMPX "/var/run/utx.active" diff --git a/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch b/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch new file mode 100644 index 0000000..f1bf02f --- /dev/null +++ b/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch @@ -0,0 +1,140 @@ +From 8fed81a74070cb42e1dff1a8c2382bd123385e22 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Thu, 28 Apr 2022 16:03:16 +0200 +Subject: [PATCH] modinfo: add -k option for kernel version + +It is useful to be able to specify kernel version when generating +initramfs and similar for a kernel version that might not be the running +one. + +bloatcheck on x86_64: + +function old new delta +packed_usage 26193 26218 +25 +modinfo_main 391 414 +23 +.rodata 80296 80298 +2 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/0 up/down: 50/0) Total: 50 +bytes + text data bss dec hex filename + 834606 14124 2008 850738 cfb32 busybox_old + 834657 14124 2008 850789 cfb65 busybox_unstripped + +Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> +--- + modutils/modinfo.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/modutils/modinfo.c b/modutils/modinfo.c +index 0a86c3296..53bc02880 100644 +--- a/modutils/modinfo.c ++++ b/modutils/modinfo.c +@@ -38,17 +38,18 @@ static const char *const shortcuts[] ALIGN_PTR = { + + enum { + OPT_0 = (1 << 0), /* \0 as separator */ +- OPT_F = (1 << 1), /* field name */ ++ OPT_k = (1 << 1), /* kernel version */ ++ OPT_F = (1 << 2), /* field name */ + /* first bits are for -nadlp options, the rest are for + * fields not selectable with "shortcut" options + */ +- OPT_n = (1 << 2), +- OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 2, ++ OPT_n = (1 << 3), ++ OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 3, + }; + + static void display(const char *data, const char *pattern) + { +- int flag = option_mask32 >> 1; /* shift out -0 bit */ ++ int flag = option_mask32 >> 2; /* shift out -0 and -k bits */ + if (flag & (flag-1)) { + /* more than one field to show: print "FIELD:" pfx */ + int n = printf("%s:", pattern); +@@ -82,7 +83,8 @@ static void modinfo(const char *path, const char *version, + } + } + +- for (j = 1; (1<<j) & (OPT_TAGS|OPT_F); j++) { ++ /* skip initial -0 and -k option bits */ ++ for (j = 2; (1<<j) & (OPT_TAGS|OPT_F); j++) { + const char *pattern; + + if (!((1<<j) & tags)) +@@ -90,7 +92,7 @@ static void modinfo(const char *path, const char *version, + + pattern = field; + if ((1<<j) & OPT_TAGS) +- pattern = shortcuts[j-2]; ++ pattern = shortcuts[j-3]; + + if (strcmp(pattern, shortcuts[0]) == 0) { + /* "-n" or "-F filename" */ +@@ -123,7 +125,7 @@ static void modinfo(const char *path, const char *version, + } + + //usage:#define modinfo_trivial_usage +-//usage: "[-adlpn0] [-F keyword] MODULE" ++//usage: "[-adlpn0] [-F keyword] [-k kernel] MODULE" + //usage:#define modinfo_full_usage "\n\n" + //usage: " -a Shortcut for '-F author'" + //usage: "\n -d Shortcut for '-F description'" +@@ -131,6 +133,7 @@ static void modinfo(const char *path, const char *version, + //usage: "\n -p Shortcut for '-F parm'" + ////usage: "\n -n Shortcut for '-F filename'" + //usage: "\n -F keyword Keyword to look for" ++//usage: "\n -k kernel kernel version" + //usage: "\n -0 NUL terminated output" + //usage:#define modinfo_example_usage + //usage: "$ modinfo -F vermagic loop\n" +@@ -139,6 +142,7 @@ int modinfo_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; + int modinfo_main(int argc UNUSED_PARAM, char **argv) + { + const char *field; ++ const char *kernel; + char name[MODULE_NAME_LEN]; + struct utsname uts; + parser_t *parser; +@@ -147,15 +151,17 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + unsigned i; + + field = NULL; +- opts = getopt32(argv, "^" "0F:nadlp" "\0" "-1"/*minimum one arg*/, &field); ++ uname(&uts); ++ kernel = uts.release; ++ opts = getopt32(argv, "^" "0k:F:nadlp" "\0" "-1"/*minimum one arg*/, &kernel, &field); + /* If no field selected, show all */ + if (!(opts & (OPT_TAGS|OPT_F))) + option_mask32 |= OPT_TAGS; ++ + argv += optind; + +- uname(&uts); + parser = config_open2( +- xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, uts.release, CONFIG_DEFAULT_DEPMOD_FILE), ++ xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, kernel, CONFIG_DEFAULT_DEPMOD_FILE), + xfopen_for_read + ); + +@@ -167,7 +173,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + filename2modname(bb_basename(tokens[0]), name); + for (i = 0; argv[i]; i++) { + if (fnmatch(argv[i], name, 0) == 0) { +- modinfo(tokens[0], uts.release, field); ++ modinfo(tokens[0], kernel, field); + argv[i] = (char *) ""; + } + } +@@ -177,7 +183,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv) + + for (i = 0; argv[i]; i++) { + if (argv[i][0]) { +- modinfo(argv[i], uts.release, field); ++ modinfo(argv[i], kernel, field); + } + } + +-- +2.36.0 + diff --git a/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch b/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch new file mode 100644 index 0000000..944fd38 --- /dev/null +++ b/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch @@ -0,0 +1,32 @@ +From 7750b5a25a8cf9081b7c248687c876d0068e85bb Mon Sep 17 00:00:00 2001 +From: Denys Vlasenko <vda.linux@googlemail.com> +Date: Tue, 1 Mar 2022 09:56:54 +0100 +Subject: [PATCH] ash: fix unsafe use of mempcpy + +function old new delta +subevalvar 1549 1557 +8 + +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/ash.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/shell/ash.c b/shell/ash.c +index 54335c5dd..44ec2eafd 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc, + len = orig_len - pos; + + if (!quotes) { +- loc = mempcpy(startp, startp + pos, len); ++ /* want: loc = mempcpy(startp, startp + pos, len) ++ * but it does not allow overlapping arguments */ ++ loc = startp; ++ while (--len >= 0) { ++ *loc = loc[pos]; ++ loc++; ++ } + } else { + for (vstr = startp; pos != 0; pos--) { + if ((unsigned char)*vstr == CTLESC) diff --git a/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch b/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch new file mode 100644 index 0000000..6ff2b82 --- /dev/null +++ b/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch @@ -0,0 +1,81 @@ +From 103728181bfd9a60537166d036e5baca7b67cc1f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> +Date: Sat, 29 Jan 2022 06:11:12 +0100 +Subject: [PATCH] ash: fix use-after-free in bash pattern substitution +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +At Alpine Linux downstream, we were made aware of a segmentation fault +occurring during string replacement in BusyBox ash [0]. Further +debugging revealed that the segmentation fault occurs due to a +use-after-free in BusyBox's bash pattern substitution implementation. +Specially, the problem is that the repl variable (pointing to the +replacement string) points to a value in the stack string. However, when +accessing the repl pointer in Line 7350 it is possible that the stack +has been moved since the last repl assignment due to the STPUTC +invocations in Line 7317 and 7321 (since STPUTC may grow the stack via +realloc(3)). + +For this reason, the code in Line 7350 may access an unmapped memory +region and therefore causes a segmentation fault if prior STPUTC +invocations moved the stack via realloc(3). The valgrind output +for this edge case looks as follows: + + Invalid read of size 1 + at 0x15D8DD: subevalvar (ash.c:7350) + by 0x15DC43: evalvar (ash.c:7666) + by 0x15B717: argstr (ash.c:6893) + by 0x15BAEC: expandarg (ash.c:8090) + by 0x15F4CC: evalcommand (ash.c:10429) + by 0x15B26C: evaltree (ash.c:9365) + by 0x15E4FC: cmdloop (ash.c:13569) + by 0x15FD8B: ash_main (ash.c:14748) + by 0x115BF2: run_applet_no_and_exit (appletlib.c:967) + by 0x115F16: run_applet_and_exit (appletlib.c:986) + by 0x115EF9: busybox_main (appletlib.c:917) + by 0x115EF9: run_applet_and_exit (appletlib.c:979) + by 0x115F8F: main (appletlib.c:1126) + Address 0x48b8646 is 2,054 bytes inside a block of size 4,776 free'd + at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x116E86: xrealloc (xfuncs_printf.c:61) + by 0x1565DB: growstackblock (ash.c:1736) + by 0x156EF7: growstackstr (ash.c:1775) + by 0x156F1A: _STPUTC (ash.c:1816) + by 0x15D843: subevalvar (ash.c:7317) + by 0x15DC43: evalvar (ash.c:7666) + by 0x15B717: argstr (ash.c:6893) + by 0x15BAEC: expandarg (ash.c:8090) + by 0x15F4CC: evalcommand (ash.c:10429) + by 0x15B26C: evaltree (ash.c:9365) + by 0x15E4FC: cmdloop (ash.c:13569) + +A testcase for reproducing this edge case is provided in the downstream +bug report [1]. This commit fixes the issue by reconstructing the repl +pointer relative to stackblock() via strloc and slash_pos. + +[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469 +[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469#note_210530 + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +--- + shell/ash.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/shell/ash.c b/shell/ash.c +index 55df54bd0..24f9a8270 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7346,6 +7346,12 @@ subevalvar(char *start, char *str, int strloc, + idx = loc; + } + ++ // The STPUTC invocations above may resize and move the ++ // stack via realloc(3). Since repl is a pointer into the ++ // stack, we need to reconstruct it relative to stackblock(). ++ if (slash_pos >= 0) ++ repl = (char *)stackblock() + strloc + slash_pos + 1; ++ + //bb_error_msg("repl:'%s'", repl); + for (loc = (char*)repl; *loc; loc++) { + char *restart_detect = stackblock(); diff --git a/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch b/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch new file mode 100644 index 0000000..5697a55 --- /dev/null +++ b/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch @@ -0,0 +1,34 @@ +From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Tue, 8 Feb 2022 09:29:21 +0100 +Subject: [PATCH] ed: don't use memcpy with overlapping memory regions + +The memcpy invocations in the subCommand function, modified by this +commit, previously used memcpy with overlapping memory regions. This is +undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since +we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers +implementation catches this source of undefined behavior [0]. The issue +can only be triggered if the replacement string is the same size or +shorter than the old string. + +Looking at the code, it seems to me that a memmove(3) is what was +actually intended here, this commit modifies the code accordingly. + +[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504 +--- + editors/ed.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/editors/ed.c b/editors/ed.c +index 209ce9942..4a84f7433 100644 +--- a/editors/ed.c ++++ b/editors/ed.c +@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2) + if (deltaLen <= 0) { + memcpy(&lp->data[offset], newStr, newLen); + if (deltaLen) { +- memcpy(&lp->data[offset + newLen], ++ memmove(&lp->data[offset + newLen], + &lp->data[offset + oldLen], + lp->len - offset - oldLen); + diff --git a/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch new file mode 100644 index 0000000..3527fa5 --- /dev/null +++ b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch @@ -0,0 +1,88 @@ +From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net> +Date: Mon, 28 Feb 2022 08:36:50 +0100 +Subject: [PATCH] ash: don't read past end of var in subvareval for bash + substitutions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Without this patch, BusyBox handles bash pattern substitutions without +a terminating '/' character incorrectly. + +Consider the following shell script: + + _bootstrapver=5.0.211-r0 + _referencesdir="/usr/${_bootstrapver/-*}/Sources" + echo $_referencesdir + +This should output `/usr/5.0.211/Sources`. However, without this patch +it instead outputs `/usr/5.0.211Sources`. This is due to the fact that +BusyBox expects the bash pattern substitutions to always be terminated +with a '/' (at least in this part of subvareval) and thus reads passed +the substitution itself and consumes the '/' character which is part of +the literal string. If there is no '/' after the substitution then +BusyBox might perform an out-of-bounds read under certain circumstances. + +When replacing the bash pattern substitution with `${_bootstrapver/-*/}`, +or with this patch applied, ash outputs the correct value. + +Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + shell/ash.c | 4 ++++ + shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 + + shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++ + shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 + + shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++ + 5 files changed, 10 insertions(+) + create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right + create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests + create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right + create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests + +diff --git a/shell/ash.c b/shell/ash.c +index adb0f223a..54335c5dd 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc, + *repl = '\0'; + break; + } ++ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */ ++ repl = NULL; ++ break; ++ } + /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */ + if ((unsigned char)*repl == CTLESC && repl[1]) + repl++; +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +new file mode 100644 +index 000000000..5bff3a6fa +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right +@@ -0,0 +1 @@ ++b/d +diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +new file mode 100755 +index 000000000..c9513343d +--- /dev/null ++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests +@@ -0,0 +1,2 @@ ++a=b-c ++echo ${a/-*}/d diff --git a/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch b/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch new file mode 100644 index 0000000..22a2578 --- /dev/null +++ b/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch @@ -0,0 +1,94 @@ +From 3813e89e3622b034b0e51acae496493a717555cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Wed, 1 Jun 2022 11:51:40 +0200 +Subject: [PATCH] ash: Fix use-after-free on idx variable + +Consider the following code from ash.c: + + STPUTC(*idx, expdest); + if (quotes && (unsigned char)*idx == CTLESC) { + +The idx variable points to a value in the stack string (as managed +by STPUTC). STPUTC may resize this stack string via realloc(3). If +this happens, the idx pointer needs to be updated. Otherwise, +dereferencing idx may result in a use-after free. + +The valgrind output for this edge case looks as follows: + + Invalid read of size 1 + at 0x113AD7: subevalvar (ash.c:7326) + by 0x112EC7: evalvar (ash.c:7674) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + by 0x118989: evalcommand (ash.c:10377) + by 0x116744: evaltree (ash.c:9373) + by 0x1170DC: cmdloop (ash.c:13577) + by 0x1191E4: ash_main (ash.c:14756) + by 0x10CB3B: run_applet_no_and_exit (appletlib.c:967) + by 0x10CBCA: run_applet_and_exit (appletlib.c:986) + by 0x10CBCA: main (appletlib.c:1126) + Address 0x48b4099 is 857 bytes inside a block of size 2,736 free'd + at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x125B03: xrealloc (xfuncs_printf.c:61) + by 0x10F9D2: growstackblock (ash.c:1736) + by 0x10FA4E: growstackstr (ash.c:1775) + by 0x10FA71: _STPUTC (ash.c:1816) + by 0x113A94: subevalvar (ash.c:7325) + by 0x112EC7: evalvar (ash.c:7674) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + by 0x118989: evalcommand (ash.c:10377) + by 0x116744: evaltree (ash.c:9373) + by 0x1170DC: cmdloop (ash.c:13577) + Block was alloc'd at + at 0x48A26D5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x125AE9: xmalloc (xfuncs_printf.c:50) + by 0x10ED56: stalloc (ash.c:1622) + by 0x10F9FF: growstackblock (ash.c:1746) + by 0x10FB2A: growstackto (ash.c:1783) + by 0x10FB47: makestrspace (ash.c:1795) + by 0x10FDE7: memtodest (ash.c:6390) + by 0x10FE91: strtodest (ash.c:6417) + by 0x112CC5: varvalue (ash.c:7558) + by 0x112D80: evalvar (ash.c:7603) + by 0x113219: argstr (ash.c:6891) + by 0x113D10: expandarg (ash.c:8098) + +This patch fixes this issue by updating the pointers again via +the restart label if STPUTC re-sized the stack. This issue +has been reported to us at Alpine Linux downstream. + +Also: Move the second realloc-check inside the if statement +that follows so it isn't done twice if the condition evaluates +to false. + +See also: + +* https://gitlab.alpinelinux.org/alpine/aports/-/issues/13900 +* http://lists.busybox.net/pipermail/busybox/2022-April/089655.html +--- + shell/ash.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/shell/ash.c b/shell/ash.c +index ef4a47afe..cbc50eefe 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -7323,13 +7323,15 @@ subevalvar(char *start, char *str, int strloc, + if (idx >= end) + break; + STPUTC(*idx, expdest); ++ if (stackblock() != restart_detect) ++ goto restart; + if (quotes && (unsigned char)*idx == CTLESC) { + idx++; + len++; + STPUTC(*idx, expdest); ++ if (stackblock() != restart_detect) ++ goto restart; + } +- if (stackblock() != restart_detect) +- goto restart; + idx++; + len++; + rmesc++; diff --git a/aports/busybox/APKBUILD b/aports/busybox/APKBUILD index 40b1d3f..ec0d3fb 100644 --- a/aports/busybox/APKBUILD +++ b/aports/busybox/APKBUILD @@ -1,13 +1,16 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=busybox -pkgver=1.34.1 -pkgrel=5 +pkgver=1.35.0 +pkgrel=0 # base: 14, -initscripts: 4.1-r1 pkgdesc="Size optimized toolbox of many common UNIX utilities" url="https://busybox.net/" arch="all" license="GPL-2.0-only" makedepends_build="perl" -makedepends_host="linux-headers openssl1.1-compat-dev libretls-dev" +makedepends_host="linux-headers openssl-dev" +# Only build with UTMPS support if we are not bootstrapping. +# skalibs-static is needed for utmps-static +[ -z "$BOOTSTRAP" ] && makedepends_host="$makedepends_host utmps-dev utmps-static skalibs-static" makedepends="$makedepends_build $makedepends_host" checkdepends= provides="/bin/sh" @@ -15,8 +18,6 @@ install= subpackages= options="!check" source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 - 0001-rev-correct-output-for-long-input-lines.patch - 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch 0001-properly-fix-wget-https-support.patch @@ -31,16 +32,17 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 0009-depmod-support-generating-kmod-binary-index-files.patch 0010-Add-flag-for-not-following-symlinks-when-recursing.patch 0012-udhcpc-Don-t-background-if-n-is-given.patch - + 0013-ash-fix-unsafe-use-of-mempcpy.patch + 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch + 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch + 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch + 0017-ash-Fix-use-after-free-on-idx-variable.patch 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch - - 0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch - 0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch - 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch - + 0001-avoid-redefined-warnings-when-building-with-utmps.patch 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch 0002-nslookup-sanitize-all-printed-strings-with-printable.patch + 0001-modinfo-add-k-option-for-kernel-version.patch acpid.logrotate config @@ -59,6 +61,9 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 " # secfixes: +# 1.35.0-r7: +# - ALPINE-13661 +# - CVE-2022-28391 # 1.34.1-r5: # - ALPINE-13661 # - CVE-2022-28391 @@ -162,7 +167,8 @@ EOF install -m644 "$srcdir"/$i "$pkgdir"/etc/conf.d/${i%.*} || return 1 done install -m644 mdev.conf "$pkgdir"/etc - install -m755 persistent-storage "$pkgdir"/lib/mdev/ + install -m755 persistent-storage \ + "$pkgdir"/lib/mdev/ # poweroff script for acpid cat >"$pkgdir"/etc/acpi/PWRF/00000080 <<EOF @@ -173,8 +179,7 @@ EOF } sha512sums=" -fb7e53a56c07b1098a12ee7232ad5401b147816648a0619b3b5358fdcf0915cfbb054500c0e0dd4acb3bc0a93a584b62bc5448e1f16b28004f58b39518a13b9d busybox-1.34.1.tar.bz2 -054e766429887e610c4a17846f495b7099bb419217f5fcc0dce0ed62b8740c2d4ee53b12a609b1830c26ac2af1eca9beb6140063b7d2665939f99f8664dfcc05 0001-rev-correct-output-for-long-input-lines.patch +62b2e718b6669271380445ed6db249618d777a4e8d5e6d879fa39ffee43887b6a2e93ceef874c615c565ad492deb772b03a19b7475c403202741579fb151e16a busybox-1.35.0.tar.bz2 ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch 1efe1c4894ae983fed5ac848125f8603f157b9d91c952c53f4192b48d3e50967e05559851148397b583f34fb02d480393547904b4635e4248248be567ab268ea 0001-properly-fix-wget-https-support.patch @@ -189,14 +194,19 @@ f12916e70f7cc1ef4f6d85d09b9a496a52a494e6318029fdce9a9c812ab5c7b2a046c33b66834127 df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4bee37c729a4d20abf127f615b0e238a667d572137abe6a79e 0009-depmod-support-generating-kmod-binary-index-files.patch ecbe5c890d966f09280c7eb534109f785c68e292765f17ed7ff62fcc61d20f61443c4155add0a1ebfb67ce8564e104c1aa22a8ef0400e119b0bca2bca3671f2d 0010-Add-flag-for-not-following-symlinks-when-recursing.patch 3ae5ecf3ea66c8d98762432026806fdb67b13a28075c6a3cb6e811a34ef89c2f0ed651946003aaad97fb4b7f74d132af3c394c114b7a72e1d20b319b739c5a6e 0012-udhcpc-Don-t-background-if-n-is-given.patch -d12246f1134bbd3993462d27172c4739cc601b251d57ce8e088745773afa965551236e8cb8b9013dfc142fd055e369a771d86c7c54615c89bd30393400bfa390 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch -6f8fa4ec190d64d6c3d5377994be933885ed0b40361c99ca35881684db3b1b79664d6eab56a389df290b9f6c4db502c617ec8e4ffa6d5284bd41cea1f478b26c 0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch -97109be04445b7b887c402b7072c1da57212ef11f2eca6d34c24d5a4e3b2866ee79aca7a0ca41043726293d9bed1b2fa8aab100501569f00b8670c280a87a01c 0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch +6b1ebc6da26c355a63c166f4c8d1774e7a9c5456ec76b773395a2158cb4848cf245fa5553843666c0a46f4c97d03e08815abae777f2b80bbb69d916618f94761 0013-ash-fix-unsafe-use-of-mempcpy.patch +3eb7609054fa8e03d7e366f7debc5cb0630ff65d521a91be84803bdef3854f81e29d26a9567c501a121e94a55d3a3477894e774508f80def775f2ecc812805e7 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch +0040800382a6e3adcc6a8094b821488c7e297fc80304afba23a4fca43b7b26ac699378dfbd930ebbf9985336b3e431301f7ca93e2d041a071902a48740d263ef 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch +4c95dc4bf6aff9018bfb52b400f6d8375a1d22493b44ea516cb12dba6556f12797a3cba55768d2e59ff57c0f3247ec1ff95edb8f17561f3d37ec18d83ca47eb0 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch +ccdf098fb15eaa316708181469a1193d6eec7067131e7b7645e0219bf03cfd07f4f79e8f62c1e560f6146dcc38186a29bdee08aaa39f290e11d020b8f07d2f65 0017-ash-Fix-use-after-free-on-idx-variable.patch +6d100fe44da2b97c2cbdda253d0504b487212d195144d9315cddbe8c51d18fae3745701923b170b40e35f54b592f94f02cadbffd9cb716661c12a7f1da022763 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch e33dbc27d77c4636f4852d5d5216ef60a9a4343484e4559e391c13c813bf65c782b889914eff2e1f038d74cf02cb0d23824ebbb1044b5f8c86260d5a1bbc4e4d 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch +2640698e5108434991a8491fcc508bd991d2111b14bb6957385393a36603e1d81fdf826ad7b150d487d2a924630ee54c0fc4f979214e90feca9ba7d2fd96a865 0001-avoid-redefined-warnings-when-building-with-utmps.patch b52050678e79e4da856956906d07fcb620cbf35f2ef6b5a8ee3b8d244ea63b4b98eef505451184d5b4937740d91eef154ed748c30d329ac485be51b37626f251 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch ead4ad65d270d8659e1898fa16f76b6cbcf567d8aba238eacccda3764edb4362240d9359d6389873bedc126d405f805fc6dfce653a7181618ebcc67c94bd08d2 0002-nslookup-sanitize-all-printed-strings-with-printable.patch +4f6ddd59d6096943f617b0938fca428114190b8b37732d6783faab291451a2c30c452ed39299db22d1d9679d007022f87d43e93b38a4f6ced64a8659e9233773 0001-modinfo-add-k-option-for-kernel-version.patch aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate -86171e6e1a2c905ca4182997812758a249c5b38a3371e925e78c533845ff5f0e8035d8baf223dbe3f8c2afd2237c243f14b76d42d7c5db69117bed59dee245d2 config +0b92eafab0722a6c9cc4880e3be4976de9713e1e1c715c6c727a948cbd68268fce01ce308291834f70d0cf3328f7c8a44cbdb5b7c70d90f91b15efcb5b90acb3 config c3194ccffe7300a0f55d50fb56d38c8df55d588adac13056fd0be2676594974477f94de5570a5a882bc864c3711cf67aa43b6ad6808e672f4533dd0f7363d2f5 default.script dd548670114a92404b8e35fb915fdbe5994498b05b0a418583271c3dd72fb7800950e42c095c902a014eb198c046b8a346d43dccd8e7a158048ae33767c572ed acpid.initd c9d0fb0f8cc27d661d3b4e58c56eb598ca368890576e18ffffd42efdf68ba35537656be9be319b2e2818aa0152d3ca8611bece2433512fbfcd4eed7988765549 crond.initd diff --git a/aports/busybox/config b/aports/busybox/config index 71b8a4b..5114bd3 100644 --- a/aports/busybox/config +++ b/aports/busybox/config @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.34.1 -# Sun Apr 24 10:12:56 2022 +# Busybox version: 1.35.0 +# Sat Jun 25 18:59:59 2022 # CONFIG_HAVE_DOT_CONFIG=y @@ -94,9 +94,12 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y CONFIG_PASSWORD_MINLEN=6 CONFIG_MD5_SMALL=1 CONFIG_SHA3_SMALL=1 -# CONFIG_FEATURE_FAST_TOP is not set -# CONFIG_FEATURE_ETC_NETWORKS is not set -# CONFIG_FEATURE_ETC_SERVICES is not set +CONFIG_FEATURE_NON_POSIX_CP=y +# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set +CONFIG_FEATURE_USE_SENDFILE=y +CONFIG_FEATURE_COPYBUF_KB=4 +CONFIG_MONOTONIC_SYSCALL=y +CONFIG_IOCTL_HEX2STR_ERROR=y CONFIG_FEATURE_EDITING=y CONFIG_FEATURE_EDITING_MAX_LEN=1024 # CONFIG_FEATURE_EDITING_VI is not set @@ -120,14 +123,6 @@ CONFIG_LAST_SUPPORTED_WCHAR=767 # CONFIG_UNICODE_BIDI_SUPPORT is not set # CONFIG_UNICODE_NEUTRAL_TABLE is not set # CONFIG_UNICODE_PRESERVE_BROKEN is not set -CONFIG_FEATURE_NON_POSIX_CP=y -# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set -CONFIG_FEATURE_USE_SENDFILE=y -CONFIG_FEATURE_COPYBUF_KB=4 -CONFIG_FEATURE_SKIP_ROOTFS=y -CONFIG_MONOTONIC_SYSCALL=y -CONFIG_IOCTL_HEX2STR_ERROR=y -# CONFIG_FEATURE_HWIB is not set # # Applets @@ -199,6 +194,22 @@ CONFIG_GZIP_FAST=0 # # Coreutils # +CONFIG_FEATURE_VERBOSE=y + +# +# Common options for date and touch +# +CONFIG_FEATURE_TIMEZONE=y + +# +# Common options for cp and mv +# +CONFIG_FEATURE_PRESERVE_HARDLINKS=y + +# +# Common options for df, du, ls +# +CONFIG_FEATURE_HUMAN_READABLE=y CONFIG_BASENAME=y CONFIG_CAT=y CONFIG_FEATURE_CATN=y @@ -227,6 +238,7 @@ CONFIG_FEATURE_DATE_COMPAT=y # CONFIG_FEATURE_DD_STATUS is not set CONFIG_DF=y CONFIG_FEATURE_DF_FANCY=y +CONFIG_FEATURE_SKIP_ROOTFS=y CONFIG_DIRNAME=y # CONFIG_DOS2UNIX is not set # CONFIG_UNIX2DOS is not set @@ -346,21 +358,6 @@ CONFIG_WHOAMI=y CONFIG_YES=y # -# Common options -# -CONFIG_FEATURE_VERBOSE=y - -# -# Common options for cp and mv -# -CONFIG_FEATURE_PRESERVE_HARDLINKS=y - -# -# Common options for df, du, ls -# -CONFIG_FEATURE_HUMAN_READABLE=y - -# # Console Utilities # # CONFIG_CHVT is not set @@ -446,7 +443,11 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=0 CONFIG_FIND=y CONFIG_FEATURE_FIND_PRINT0=y CONFIG_FEATURE_FIND_MTIME=y +CONFIG_FEATURE_FIND_ATIME=y +CONFIG_FEATURE_FIND_CTIME=y CONFIG_FEATURE_FIND_MMIN=y +CONFIG_FEATURE_FIND_AMIN=y +CONFIG_FEATURE_FIND_CMIN=y CONFIG_FEATURE_FIND_PERM=y CONFIG_FEATURE_FIND_TYPE=y CONFIG_FEATURE_FIND_EXECUTABLE=y @@ -454,6 +455,7 @@ CONFIG_FEATURE_FIND_XDEV=y CONFIG_FEATURE_FIND_MAXDEPTH=y CONFIG_FEATURE_FIND_NEWER=y CONFIG_FEATURE_FIND_INUM=y +CONFIG_FEATURE_FIND_SAMEFILE=y CONFIG_FEATURE_FIND_EXEC=y CONFIG_FEATURE_FIND_EXEC_PLUS=y CONFIG_FEATURE_FIND_USER=y @@ -850,6 +852,9 @@ CONFIG_FEATURE_IPV6=y # CONFIG_FEATURE_UNIX_LOCAL is not set CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y # CONFIG_VERBOSE_RESOLUTION_ERRORS is not set +# CONFIG_FEATURE_ETC_NETWORKS is not set +# CONFIG_FEATURE_ETC_SERVICES is not set +# CONFIG_FEATURE_HWIB is not set # CONFIG_FEATURE_TLS_SHA1 is not set # CONFIG_ARP is not set # CONFIG_ARPING is not set @@ -868,6 +873,7 @@ CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y CONFIG_HOSTNAME=y # CONFIG_DNSDOMAINNAME is not set # CONFIG_HTTPD is not set +CONFIG_FEATURE_HTTPD_PORT_DEFAULT=0 # CONFIG_FEATURE_HTTPD_RANGES is not set # CONFIG_FEATURE_HTTPD_SETUID is not set # CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set @@ -960,6 +966,7 @@ CONFIG_SLATTACH=y # CONFIG_FEATURE_TELNET_WIDTH is not set # CONFIG_TELNETD is not set # CONFIG_FEATURE_TELNETD_STANDALONE is not set +CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set # CONFIG_TFTP is not set # CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set @@ -1024,17 +1031,19 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="" # # Mail Utilities # +CONFIG_FEATURE_MIME_CHARSET="" # CONFIG_MAKEMIME is not set # CONFIG_POPMAILDIR is not set # CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set # CONFIG_REFORMIME is not set # CONFIG_FEATURE_REFORMIME_COMPAT is not set # CONFIG_SENDMAIL is not set -CONFIG_FEATURE_MIME_CHARSET="" # # Process Utilities # +# CONFIG_FEATURE_FAST_TOP is not set +CONFIG_FEATURE_SHOW_THREADS=y CONFIG_FREE=y CONFIG_FUSER=y CONFIG_IOSTAT=y @@ -1073,7 +1082,6 @@ CONFIG_FEATURE_TOPMEM=y CONFIG_UPTIME=y CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y CONFIG_WATCH=y -CONFIG_FEATURE_SHOW_THREADS=y # # Runit Utilities diff --git a/aports/hostapd/APKBUILD b/aports/hostapd/APKBUILD index 60265f0..12d4224 100644 --- a/aports/hostapd/APKBUILD +++ b/aports/hostapd/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=hostapd pkgver=2.10 -pkgrel=0 +pkgrel=1 # base: 1 pkgdesc="daemon for wireless software access points" url="https://w1.fi/hostapd/" arch="all" @@ -53,6 +53,7 @@ prepare() { -e '/^#CONFIG_IEEE80211N=y/s/^#//' \ -e '/^#CONFIG_IEEE80211R=y/s/^#//' \ -e '/^#CONFIG_IEEE80211AC=y/s/^#//' \ + -e '/^#CONFIG_IEEE80211AX=y/s/^#//' \ -e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \ -e '/^#CONFIG_LIBNL32=y/s/^#//' \ -e '/^#CONFIG_ACS=y/s/^#//' \ diff --git a/aports/ifupdown-ng/APKBUILD b/aports/ifupdown-ng/APKBUILD index e8c7f3f..85c6087 100644 --- a/aports/ifupdown-ng/APKBUILD +++ b/aports/ifupdown-ng/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=ifupdown-ng -pkgver=0.11.3 -pkgrel=1 +pkgver=0.12.1 +pkgrel=0 # base: 0 pkgdesc="tools for managing network configuration" url="https://github.com/ifupdown-ng/ifupdown-ng" arch="all" @@ -35,7 +35,7 @@ package() { } sha512sums=" -7339d8d14bc881968093fa4a92c84850d99b5469847858be5423b98c5ed25776198fe1065686c22b6823cf7ace17845e96d7932782c111207264f8e3a52cbbb7 ifupdown-ng-0.11.3.tar.xz +c2c1e27fbd53eeb4150e544a893352f13845b491850e982a5880160c3be03b628794f7989c802ff823ac3e8c6c34dc4ab97c0abcefdda85f06fcd64ced8ac60c ifupdown-ng-0.12.1.tar.xz e261fd3f185372bf8f2075216b9dd3e2d8090e978654ee742122ee7869017d309eac54b1415e79878015f312a39fa8fdd4b0d8c2bed8515e5a94c15da1b7b844 no-examples.patch cde5422ed19c79f970b24fde267f9bef34f069f806e7ed671fb443df6ff169e81791baaeebbe02595218f30224add65dabfd0337f9984d2387965001872a1038 interfaces " diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD index 720bd19..4dc6dc6 100644 --- a/aports/iptables/APKBUILD +++ b/aports/iptables/APKBUILD @@ -1,14 +1,17 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=iptables -pkgver=1.8.7 -pkgrel=2 +pkgver=1.8.8 +pkgrel=0 # base: 1 pkgdesc="Linux kernel firewall, NAT and packet mangling tools" url="https://www.netfilter.org/projects/iptables/index.html" arch="all" license="GPL-2.0-or-later" makedepends="libnftnl-dev bison flex autoconf automake" source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.bz2 + use-sh-iptables-apply.patch + fix-xtables.patch + fix-u_int16_t.patch iptables.initd iptables.confd ip6tables.confd @@ -56,7 +59,10 @@ package() { } sha512sums=" -c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 iptables-1.8.7.tar.bz2 +f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 iptables-1.8.8.tar.bz2 +ac78898c2acbe66ed8d32a06f41ff08cde7c22c3df6dfec6bc89a912d2cef2bde730de19d25a5407886d567cb0972a0b7bde7e6b18a34c4511495b4dad3b90ad use-sh-iptables-apply.patch +ce8c4ff001be49b77bb82efc3cb8b9f3c8f8684abcb07d079c6a00fab5c7a22e0d7f66f8ccdf3aab63d8fdb2b01b249679a89561e2f723111c8ce4075681b134 fix-xtables.patch +015ca550cf27802446d74521b7618095a342663d4fd73700975f3186428ecdc9eec27016f4d40862d3837cbbe0bb43509c1022b19ef8692ab28cc24e18831d57 fix-u_int16_t.patch a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d iptables.initd 85bb1660c2452fdede5ae0a483489a3648a8b327ea658839a1ad8c6405f6526bdf842a62d4df3f6e3cbbb9ad59137d37b39266cee21e252814191964d4c50f44 iptables.confd 0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd diff --git a/aports/iptables/fix-u_int16_t.patch b/aports/iptables/fix-u_int16_t.patch new file mode 100644 index 0000000..37b3950 --- /dev/null +++ b/aports/iptables/fix-u_int16_t.patch @@ -0,0 +1,163 @@ +From f319389525b066b7dc6d389c88f16a0df3b8f189 Mon Sep 17 00:00:00 2001 +From: Nick Hainke <vincent@systemli.org> +Date: Mon, 16 May 2022 18:16:41 +0200 +Subject: treewide: use uint* instead of u_int* + +Gcc complains about missing types. Some commits introduced u_int* instead +of uint*. Use uint treewide. + +Fixes errors in the form of: +In file included from xtables-legacy-multi.c:5: +xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? + 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, + | ^~~~~~~~~ + | uint16_t +make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1 + +Avoid libipq API breakage by adjusting libipq.h include accordingly. For +arpt_mangle.h kernel uAPI header, apply same change as in kernel commit +e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t"). + +Signed-off-by: Nick Hainke <vincent@systemli.org> +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + extensions/libxt_conntrack.c | 2 +- + include/libipq/libipq.h | 8 ++++---- + include/libiptc/libxtc.h | 2 +- + include/linux/netfilter_arp/arpt_mangle.h | 2 +- + iptables/xshared.c | 2 +- + iptables/xshared.h | 2 +- + libipq/ipq_create_handle.3 | 2 +- + libipq/ipq_set_mode.3 | 2 +- + 8 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c +index 64018ce1..234085c5 100644 +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric, + + static void + conntrack_dump_ports(const char *prefix, const char *opt, +- u_int16_t port_low, u_int16_t port_high) ++ uint16_t port_low, uint16_t port_high) + { + if (port_high == 0 || port_low == port_high) + printf(" %s%s %u", prefix, opt, port_low); +diff --git a/include/libipq/libipq.h b/include/libipq/libipq.h +index 3cd13292..dd0cb205 100644 +--- a/include/libipq/libipq.h ++++ b/include/libipq/libipq.h +@@ -24,7 +24,7 @@ + #include <errno.h> + #include <unistd.h> + #include <fcntl.h> +-#include <sys/types.h> ++#include <stdint.h> + #include <sys/socket.h> + #include <sys/uio.h> + #include <asm/types.h> +@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t; + struct ipq_handle + { + int fd; +- u_int8_t blocking; ++ uint8_t blocking; + struct sockaddr_nl local; + struct sockaddr_nl peer; + }; + +-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); ++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol); + + int ipq_destroy_handle(struct ipq_handle *h); + + ssize_t ipq_read(const struct ipq_handle *h, + unsigned char *buf, size_t len, int timeout); + +-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); ++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len); + + ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); + +diff --git a/include/libiptc/libxtc.h b/include/libiptc/libxtc.h +index 37010188..a1d16ef9 100644 +--- a/include/libiptc/libxtc.h ++++ b/include/libiptc/libxtc.h +@@ -10,7 +10,7 @@ extern "C" { + #endif + + #ifndef XT_MIN_ALIGN +-/* xt_entry has pointers and u_int64_t's in it, so if you align to ++/* xt_entry has pointers and uint64_t's in it, so if you align to + it, you'll also align to any crazy matches and targets someone + might write */ + #define XT_MIN_ALIGN (__alignof__(struct xt_entry)) +diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/linux/netfilter_arp/arpt_mangle.h +index 250f5029..8c2b16a1 100644 +--- a/include/linux/netfilter_arp/arpt_mangle.h ++++ b/include/linux/netfilter_arp/arpt_mangle.h +@@ -13,7 +13,7 @@ struct arpt_mangle + union { + struct in_addr tgt_ip; + } u_t; +- u_int8_t flags; ++ __u8 flags; + int target; + }; + +diff --git a/iptables/xshared.c b/iptables/xshared.c +index a8512d38..9b5e5b5b 100644 +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] = + }; + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert) + { + if (*options & option) +diff --git a/iptables/xshared.h b/iptables/xshared.h +index 14568bb0..f8212988 100644 +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -80,7 +80,7 @@ struct xtables_target; + #define IPT_INV_ARPHRD 0x0800 + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert); + + /** +diff --git a/libipq/ipq_create_handle.3 b/libipq/ipq_create_handle.3 +index 11ef95c4..ebe46daa 100644 +--- a/libipq/ipq_create_handle.3 ++++ b/libipq/ipq_create_handle.3 +@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles. + .br + .B #include <libipq.h> + .sp +-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" ++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");" + .br + .BI "int ipq_destroy_handle(struct ipq_handle *" h ); + .SH DESCRIPTION +diff --git a/libipq/ipq_set_mode.3 b/libipq/ipq_set_mode.3 +index 0edd3c00..e206886c 100644 +--- a/libipq/ipq_set_mode.3 ++++ b/libipq/ipq_set_mode.3 +@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode + .br + .B #include <libipq.h> + .sp +-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); ++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range ); + .SH DESCRIPTION + The + .B ipq_set_mode +-- +cgit v1.2.3 + diff --git a/aports/iptables/fix-xtables.patch b/aports/iptables/fix-xtables.patch new file mode 100644 index 0000000..657c821 --- /dev/null +++ b/aports/iptables/fix-xtables.patch @@ -0,0 +1,10 @@ +--- a/libxtables/xtables.c 2022-05-13 13:26:26.000000000 +0000 ++++ b/libxtables/xtables.c 2022-05-17 08:56:52.670556393 +0000 +@@ -45,7 +45,6 @@ + + #include <xtables.h> + #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */ +-#include <linux/if_ether.h> /* ETH_ALEN */ + #include <linux/netfilter_ipv4/ip_tables.h> + #include <linux/netfilter_ipv6/ip6_tables.h> + #include <libiptc/libxtc.h> diff --git a/aports/iptables/use-sh-iptables-apply.patch b/aports/iptables/use-sh-iptables-apply.patch new file mode 100644 index 0000000..b31fc94 --- /dev/null +++ b/aports/iptables/use-sh-iptables-apply.patch @@ -0,0 +1,39 @@ +From: Simon Frankenberger <simon-alpine@fraho.eu> + +make iptables-apply use posix sh + +--- a/iptables/iptables-apply ++++ b/iptables/iptables-apply +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + # iptables-apply -- a safer way to update iptables remotely + # + # Usage: +@@ -110,7 +110,7 @@ + } + + function checkcommands() { +- for cmd in "${COMMANDS[@]}"; do ++ for cmd in ${COMMANDS}; do + if ! command -v "$cmd" >/dev/null; then + echo "Error: needed command not found: $cmd" >&2 + exit 127 +@@ -184,7 +184,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD") ++ COMMANDS="mktemp $SAVE $RESTORE $RUNCMD" + checkcommands + ;; + (*) +@@ -196,7 +196,7 @@ + fi + + # Needed commands +- COMMANDS=(mktemp "$SAVE" "$RESTORE") ++ COMMANDS="mktemp $SAVE $RESTORE" + checkcommands + ;; + esac diff --git a/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch b/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch index fdf3b77..008bfbe 100644 --- a/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch +++ b/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch @@ -1,11 +1,10 @@ --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c -@@ -14,6 +14,8 @@ +@@ -14,6 +14,7 @@ static const struct pci_device_id mt7921_pci_device_table[] = { { PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x7961) }, + { PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x0608) }, -+ { PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x0616) }, { }, }; diff --git a/aports/linux-lts/APKBUILD b/aports/linux-lts/APKBUILD index aca3090..e496113 100644 --- a/aports/linux-lts/APKBUILD +++ b/aports/linux-lts/APKBUILD @@ -1,12 +1,12 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=linux-lts -pkgver=5.15.46 +pkgver=5.15.49 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux LTS kernel" url="https://www.kernel.org" depends= @@ -16,7 +16,7 @@ options="!strip" install= source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz config-lts.x86_64 - 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch + 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch " subpackages="$pkgname-dev:_dev:$CBUILD_ARCH" @@ -163,6 +163,6 @@ _dev() { sha512sums=" d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a linux-5.15.tar.xz 707daa3a56186daac44478e746a883f65d8b198ccedc2f32febaf9302482685270bde9695786a14914020925197f6d952530cd5753a709731f183ad32303b099 config-lts.x86_64 -a1dae2bcf296bf5b52f726595c0d19170f581a0be101eaef7238117a349873631c33bfc7595c58ddd0742b6b00d75e6800bec56857c339fa9457bd1adbfcd749 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch -3da10b4e961bf40aa90c7e738f39efb12e04c9e87da08a90a5976c3fd9363bd58a75f972b8841d782adf54d950974951361d9c6353cc8f500754f68132fdf7b6 patch-5.15.46.xz +65504e60731f7254079caa997cd44585f8b9608aa66e0879e677872f89b91aa77b67f28617eddef7fe9932a73a5942466c12c733432405ee7e42944daadef6d4 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch +08ede2bc8363a24a6f843021fee93ebe46d2bc01d2bf732fa140bbd5aa99130f00ea021b2b86a49a021a48368fe4d2e848604c7d86a801d268df83c02a183cab patch-5.15.49.xz " diff --git a/aports/openrc/0009-fix-bootmisc-mv-error.patch b/aports/openrc/0009-fix-bootmisc-mv-error.patch new file mode 100644 index 0000000..e87f9bb --- /dev/null +++ b/aports/openrc/0009-fix-bootmisc-mv-error.patch @@ -0,0 +1,27 @@ +From: Dermot Bradley <dermot_bradley@yahoo.com> +Date: Sat, 29 Jan 2022 19:28 +0000 +Subject: prevent a bootmisc trying to move a nonexistant file + +During boot if the "previous_dmesg" setting is enabled in +/etc/conf.d/bootmisc then during the 1st boot of a machine the +bootmisc init.d script will attempt to move a nonexistant dmesg +file, so generating an error on the console. + +Modify the script to only move an existing file. + +Upstream has merged this as PR 496 so it will be in the next release. + +--- + +diff -aur a/init.d/bootmisc.in b/init.d/bootmisc.in +--- a/init.d/bootmisc.in ++++ b/init.d/bootmisc.in +@@ -226,7 +226,7 @@ + case "$RC_SYS" in + VSERVER|OPENVZ|LXC|SYSTEMD-NSPAWN) ;; + *) +- if yesno ${previous_dmesg:-no}; then ++ if yesno ${previous_dmesg:-no} && [ -e /var/log/dmesg ]; then + mv /var/log/dmesg /var/log/dmesg.old + fi + dmesg > /var/log/dmesg diff --git a/aports/openrc/0010-noexec-devfs.patch b/aports/openrc/0010-noexec-devfs.patch new file mode 100644 index 0000000..9a8928c --- /dev/null +++ b/aports/openrc/0010-noexec-devfs.patch @@ -0,0 +1,14 @@ +--- a/init.d/devfs.in ++++ b/init.d/devfs.in +@@ -24,8 +24,9 @@ mount_dev() + action=--mount + conf_d_dir="${RC_SERVICE%/*/*}/conf.d" + msg=Mounting +- # Some devices require exec, Bug #92921 +- mountopts="exec,nosuid,mode=0755" ++ # Some devices require exec, https://bugs.gentoo.org/92921 ++ # Users with such requirements can use an fstab entry for /dev ++ mountopts="noexec,nosuid,mode=0755" + if yesno ${skip_mount_dev:-no} ; then + einfo "/dev will not be mounted due to user request" + return 0 diff --git a/aports/openrc/APKBUILD b/aports/openrc/APKBUILD index fd2f6de..daff08b 100644 --- a/aports/openrc/APKBUILD +++ b/aports/openrc/APKBUILD @@ -1,13 +1,13 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=openrc -pkgver=0.44.7 -pkgrel=5 +pkgver=0.44.10 +pkgrel=0 # base: 7 pkgdesc="OpenRC manages the services, startup and shutdown of a host" url="https://github.com/OpenRC/openrc" arch="all" license="BSD-2-Clause" depends="ifupdown-any" -makedepends="bsd-compat-headers linux-headers" +makedepends="bsd-compat-headers linux-headers meson" checkdepends= subpackages= install= @@ -21,8 +21,9 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve 0006-Add-support-for-starting-services-in-a-specified-VRF.patch 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch + 0009-fix-bootmisc-mv-error.patch + 0010-noexec-devfs.patch seedrng.patch - openrc.logrotate hostname.initd hwdrivers.initd @@ -34,6 +35,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve sysctl.initd machine-id.initd " +options="!check" # not updated to meson build system, require makefile build # secfixes: # 0.44.6-r1: @@ -41,19 +43,39 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve prepare() { default_prepare - sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile + # meson overrides this with the aports tag, + # we get there first :) + sed -i -e "s|@VCS_TAG@|$pkgver|" \ + src/common/version.h.in \ + src/common/version.in } + build() { - export MKZSHCOMP=no - export MKBASHCOMP=no - make LIBDIR=/lib LIBEXECDIR=/lib/rc + abuild-meson \ + -Dzsh-completions=false \ + -Dbash-completions=false \ + -Dpam=false \ + -Dsplit-usr=false \ + -Dpkgconfig=false \ + --default-library=both \ + --prefix=/ \ + --libdir=/usr/lib \ + --libexecdir=/lib \ + --bindir=/bin \ + --sbindir=/sbin \ + . output + meson compile -C output } package() { local i j - make LIBEXECDIR=/lib/rc DESTDIR="$pkgdir/" install + DESTDIR="$pkgdir" meson install --no-rebuild -C output + + # Alpine does not use openrc as its init so delete + # openrc-init & openrc-shutdown to avoid confusion. + rm -f "$pkgdir"/sbin/openrc-init "$pkgdir"/sbin/openrc-shutdown # we cannot have anything turned on by default rm -f "$pkgdir"/etc/runlevels/*/* @@ -101,7 +123,7 @@ package() { } sha512sums=" -c6b3e2e30615d97a5185320a140ced881bc59ba31ea8dff5d80440396166af237826de6ffc7836ec141e305c92176cd9cc3dabff7e42ac0d80e5238513fefdb7 openrc-0.44.7.tar.gz +0e41f5268c6b8c325a6773511ca58c38ba52a1987aa47165794df8a99359bd1bfcb99d30e0d129b9242a2661663234f6f85c92c55c891dbb6c5b8a11d93edea4 openrc-0.44.10.tar.gz 6085d127f7385eb86a00676a263c8613748fb0cbbf064bc908d346a1b368e226d8a3014e871d281f57d334a70ec1301269fe431e085f0e907b4f6ef8a99bf07f 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch 3f47b4f7e6c5b7fb53ff8a13470fbada67f7470e5eba71a683e6c022162c3905f560d561c3d61698e3fde367d6ae715edf76e99949f52a22a3bbf79debc33f64 0002-fsck-don-t-add-C0-to-busybox-fsck.patch 61c72be18283108163bde4349616e55adb535bd34312ee09f90fcd85277ffe17dcef792bbf465877c0d8b1fec87a3836f714d8d849a9cf322902a89bc1256e13 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch @@ -110,6 +132,8 @@ c6b3e2e30615d97a5185320a140ced881bc59ba31ea8dff5d80440396166af237826de6ffc7836ec 8bf00b82d7fc0eb1b529ec735009f91d277141ba7e5c04e23d10bbcf36eb453f0b31d48aec45e50b5be4c14f611acc4454933f3cefdf8beab07d851328223464 0006-Add-support-for-starting-services-in-a-specified-VRF.patch 431ac28808e684bea5511386bf5f06efe7f509f1dbe7e15ae6309563d813deae8f3edd872a0943ef8088e3cf778d7bc5ebd15a893dc4a08f4022b7a56bbafc63 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 475f4ea63b9b5d7eb9c623e96b6cc3d3072abcb7194d0045b84e0688836c8514fccfc68b0eae0b4bee60878cdea8042c3ce7e48406ee7a2f0e4a3e128a153468 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch +354b2df343ddf82aedba104039bbdb1dd5fdd9c4abac52f89e881341443b73fcf000ed9e8b88e9610f1c3218cb89722ff6a774e1ef2f7fe71fa6ff62b75f572b 0009-fix-bootmisc-mv-error.patch +0535d7837ae0c695f25208199f4dec3a4031558366da346a8a1dd13c0fa2a044f14088b75eca37ce0f4a681e85c82b84aac3d65aac9176639e82b33a9355cb2a 0010-noexec-devfs.patch 715af2188cf4d1ed42f75b31ad718f5c533ea6f8cfc3c5df0fd7fc4240cd342dc637b7edf358c5da1e77d700618adaa7927ddaeae60698dd9f130dd64d83d8d5 seedrng.patch 12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate 493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd diff --git a/aports/openrc/modloop.initd b/aports/openrc/modloop.initd index fb7006c..fb7006c 100755..100644 --- a/aports/openrc/modloop.initd +++ b/aports/openrc/modloop.initd diff --git a/aports/openrc/networking.initd b/aports/openrc/networking.initd deleted file mode 100644 index 417f4a3..0000000 --- a/aports/openrc/networking.initd +++ /dev/null @@ -1,88 +0,0 @@ -#!/sbin/openrc-run - -# note that the spoofprotect, syncoockies and ip_forward options are set in -# /etc/sysctl.conf - -: ${cfgfile:="/etc/network/interfaces"} -: ${ifquery:="ifquery"} -: ${ifstate:="/run/ifstate"} - -single_iface="${RC_SVCNAME#*.}" -if [ "$single_iface" = "$RC_SVCNAME" ]; then - single_iface= -fi - -depend() { - need localmount - want dev-settle - after bootmisc hwdrivers modules - provide net - keyword -jail -prefix -vserver -docker -} - -# find interfaces we want to start -find_ifaces() { - if [ -n "$single_iface" ]; then - echo $single_iface - return 0 - fi - - if command -v "$ifquery" >/dev/null; then - $ifquery -i "$cfgfile" --list --auto - return - fi - - # fallback in case ifquery does not exist - awk '$1 == "auto" {for (i = 2; i <= NF; i = i + 1) printf("%s ", $i)}' "$cfgfile" -} - -# return the list of interfaces we should try stop -find_running_ifaces() { - if [ -n "$single_iface" ]; then - echo $single_iface - return 0 - fi - - if command -v "$ifquery" >/dev/null; then - $ifquery --state-file $ifstate -i "$cfgfile" --running - return - fi - - # fallback - awk -F= '{print $2}' $ifstate -} - -start() { - local iface= ret=1 - ebegin "Starting networking" - eindent - for iface in $(find_ifaces); do - local r=0 - ebegin "$iface" - if ! ifup -i "$cfgfile" $iface >/dev/null; then - ifdown -i "$cfgfile" $iface >/dev/null 2>&1 - r=1 - fi - # atleast one interface needs to be started for action - # to be success - eend $r && ret=0 - done - eoutdent - return $ret -} - -stop() { - local iface= - # Don't stop the network at shutdown. - yesno ${keep_network:-YES} && yesno $RC_GOINGDOWN && return 0 - - ebegin "Stopping networking" - eindent - for iface in $(find_running_ifaces); do - ebegin "$iface" - ifdown -i "$cfgfile" -f $iface >/dev/null - eend $? - done - eoutdent - return 0 -} diff --git a/aports/rtw89/APKBUILD b/aports/rtw89/APKBUILD index 887643e..91b0ef3 100644 --- a/aports/rtw89/APKBUILD +++ b/aports/rtw89/APKBUILD @@ -2,7 +2,7 @@ pkgname='rtw89' pkgver=20220421 -pkgrel=2 +pkgrel=3 _gitrev='da9d01e4f08cdaa862bff0ec5dad73600016a4dc' pkgdesc='Driver for Realtek 8852AE, an 802.11ax device' arch="x86_64" diff --git a/aports/socat/APKBUILD b/aports/socat/APKBUILD index deb9d81..c3f567b 100644 --- a/aports/socat/APKBUILD +++ b/aports/socat/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=socat -pkgver=1.7.4.2 -pkgrel=0 +pkgver=1.7.4.3 +pkgrel=0 # base: 0 pkgdesc="Multipurpose relay for binary protocols" options="!check" url="http://www.dest-unreach.org/socat/" @@ -17,6 +17,9 @@ source="http://www.dest-unreach.org/socat/download/socat-$pkgver.tar.gz " build() { + # Just like Solaris, musl doesn't have getprotobynumber_r. + # Setting the configure variable to 2 ensures it isn't used. + sc_cv_getprotobynumber_r=2 \ ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -57,7 +60,7 @@ package() { } sha512sums=" -c331a6348e0febb35cd8adc2b116e3b8896cd7f64bcd93e507df4b8197ee1e6738ca256abf74c9b225e7a3769cf9643f0e237826125c6f390b5124ce0f10c972 socat-1.7.4.2.tar.gz +81cb34c245052b6a0ae38a711591358460b6070957af4a9eeb11a3cadb4aff184eeaedabbc7ecdc7fdf21a6126c06f90f19b24a87ce74b30bfd60a3879181046 socat-1.7.4.3.tar.gz 2032b6528cb27b69d8fb6a6f64af32fcc1f6e4934bb0d7c8931b38ab7ad5e27f6f4344a6cf49751fa3178cd725f954e195373362f7d5929e587d7f0309346059 use-linux-headers.patch 22a6e0c2317a9317997c98114daac258ebbcc3d8e58e49a6ebf24781b98967afed47c63807282582fa0909076fe349281f05e4462faacb90e7aabc853903d6e6 netdb-internal.patch de2ca2d318ada9ac7140ad6fbc42006ea0ef040d68cc579ed1452246fd16a7eceb4ce577336bc20e513cf6fe24da296447529ec36c22fa17a4c18be29e180b81 no-extras.patch diff --git a/aports/wpa_supplicant/APKBUILD b/aports/wpa_supplicant/APKBUILD index 0d9f843..5e7e18b 100644 --- a/aports/wpa_supplicant/APKBUILD +++ b/aports/wpa_supplicant/APKBUILD @@ -1,27 +1,20 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=wpa_supplicant -pkgver=2.9 -pkgrel=18 +pkgver=2.10 +pkgrel=0 # base: 1 pkgdesc="utility providing key negotiation for WPA wireless networks" url="https://w1.fi/wpa_supplicant/" -arch="x86_64" +arch="all" options="!check" # has no tests license="BSD-3-Clause" subpackages= makedepends="linux-headers openssl1.1-compat-dev dbus-dev libnl3-dev pcsc-lite-dev" source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz - wpa_supplicant.initd wpa_supplicant.confd - eloop.patch no-tools.patch - CVE-2019-16275.patch - CVE-2021-0326.patch - CVE-2021-27803.patch - CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15 - config" # secfixes: @@ -78,14 +71,10 @@ package() { } sha512sums=" -37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8 wpa_supplicant-2.9.tar.gz +021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 wpa_supplicant-2.10.tar.gz 92c4cbaa9776a354275640c9411d2f547f4c0e00415af4ab30039f1a0be6a11082d49e2514905010f0abcc4a9276353276da9864e3d5f7264a0f0767c8cc9d78 wpa_supplicant.initd c7e4041fe41743c5e63a07edc9234d0c44c4c0f193a180b27342b43f3be45fb87b42ee0f9e4a20614cf6ad58cf64d25f74d1e75e2e1d521c2f6d45cdc5737eae wpa_supplicant.confd 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch -39cb1a0706bdaf1797dc88543a62c5b68497a2f733e8b42e8eb1e1bb39a6513fc10bfdde8f7fcb0ad8370aba6325c7613b2b9a390be4a07c4e556a2c6c618d86 no-tools.patch -63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch -e212dd6a2c56c086c14a2c96f479f7a8e6521b6a24c648eb03363db078398e64a38e343ff6faa327d5a0244a7969ecd34c5844d676c697eeb8eb842101fa9cf9 CVE-2021-0326.patch -af8b4a526a6833de4921fcbbd1b03da7e027276c909d512bd59a95e9767ffe8580135f9aee8947c4317681c4fe130f7ec50cba947f8375313f832a66c66b2cd5 CVE-2021-27803.patch -674328dc44246ce10939a769ed70c71e94e61600592d54ed9088dacbed1fd3dd3d0a834c75825d1448380ec8c076eb30e0d72e601794f507c12db3b6e724af5e CVE-2021-30004.patch -5aeebaad14f9d43bac8d7322a5a001a54d2cbc83376528f08eaff60217b170c67a44b5a634c3c14c90eec134aee844d9b79c471c45cd601948f492d645ec9678 config +3278eff7118f9dc9e177adc3ed91cad562a8edde396af8619321ac8552a86e9c7de25212d5578ea17cbe4b6dc928d83cd6e9a7f0d41e07576656e6e9274107d6 no-tools.patch +0e1af7084026c3b50b3a77636758f1ce3c1004e1e6d7eb71038e42c5c63866e2bbee3b0933b1131b80a6f2f6848983847a017ba2555a3162f0ccd3aa57fcf257 config " diff --git a/aports/wpa_supplicant/config b/aports/wpa_supplicant/config index 9b940cb..ab425d0 100644 --- a/aports/wpa_supplicant/config +++ b/aports/wpa_supplicant/config @@ -201,10 +201,10 @@ CONFIG_SMARTCARD=y CONFIG_PCSC=y # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) -#CONFIG_HT_OVERRIDES=y +CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) -#CONFIG_VHT_OVERRIDES=y +CONFIG_VHT_OVERRIDES=y # Development testing CONFIG_EAPOL_TEST=n @@ -542,7 +542,7 @@ CONFIG_P2P=y # For exponential module: #CONFIG_AUTOSCAN_EXPONENTIAL=y # For periodic module: -#CONFIG_AUTOSCAN_PERIODIC=y +CONFIG_AUTOSCAN_PERIODIC=y # Password (and passphrase, etc.) backend for external storage # These optional mechanisms can be used to add support for storing passwords diff --git a/aports/wpa_supplicant/no-tools.patch b/aports/wpa_supplicant/no-tools.patch index 3282352..f3bf3cd 100644 --- a/aports/wpa_supplicant/no-tools.patch +++ b/aports/wpa_supplicant/no-tools.patch @@ -1,9 +1,6 @@ ---- wpa_supplicant-2.9/wpa_supplicant/Makefile.orig -+++ wpa_supplicant-2.9/wpa_supplicant/Makefile -@@ -44,12 +44,8 @@ - CONFIG_TDLS_TESTING=y - endif - +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -1,9 +1,5 @@ -BINALL=wpa_supplicant wpa_cli +BINALL=wpa_supplicant @@ -14,27 +11,29 @@ ALL = $(BINALL) ALL += systemd/wpa_supplicant.service ALL += systemd/wpa_supplicant@.service -@@ -1805,7 +1801,7 @@ +@@ -1812,7 +1808,7 @@ OBJS_priv += ../src/drivers/driver_common.o - OBJS += wpa_supplicant.o events.o blacklist.o wpas_glue.o scan.o + OBJS += wpa_supplicant.o events.o bssid_ignore.o wpas_glue.o scan.o -OBJS_t := $(OBJS) $(OBJS_l2) eapol_test.o +OBJS_t := $(OBJS) $(OBJS_l2) OBJS_t += ../src/radius/radius_client.o OBJS_t += ../src/radius/radius.o - ifndef CONFIG_AP -@@ -1903,10 +1899,6 @@ + OBJS_t2 := $(OBJS) $(OBJS_l2) preauth_test.o +@@ -1894,12 +1890,6 @@ $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) @$(E) " LD " $@ +-_OBJS_VAR := OBJS_t +-include ../src/objs.mk -eapol_test: $(OBJS_t) - $(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS) - @$(E) " LD " $@ - + _OBJS_VAR := OBJS_t2 + include ../src/objs.mk preauth_test: $(OBJS_t2) - $(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS) - @$(E) " LD " $@ -@@ -2007,8 +1999,6 @@ +@@ -2030,8 +2020,6 @@ mv -f $< $@ win_if_list.exe: win_if_list mv -f $< $@ @@ -43,12 +42,12 @@ WINALL=wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe win_if_list.exe -@@ -2040,7 +2030,7 @@ +@@ -2064,7 +2052,7 @@ $(MAKE) -C ../src clean $(MAKE) -C dbus clean rm -f core *~ *.o *.d *.gcno *.gcda *.gcov -- rm -f eap_*.so $(ALL) $(WINALL) eapol_test preauth_test -+ rm -f eap_*.so $(ALL) $(WINALL) preauth_test +- rm -f eap_*.so $(WINALL) eapol_test preauth_test ++ rm -f eap_*.so $(WINALL) preauth_test rm -f wpa_priv rm -f nfc_pw_token rm -f lcov.info |