summaryrefslogtreecommitdiff
path: root/aports
diff options
context:
space:
mode:
Diffstat (limited to 'aports')
-rw-r--r--aports/base-layout/APKBUILD2
-rw-r--r--aports/broadcom-wl/APKBUILD2
-rw-r--r--aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch29
-rw-r--r--aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch16
-rw-r--r--aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch140
-rw-r--r--aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch32
-rw-r--r--aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch81
-rw-r--r--aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch34
-rw-r--r--aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch88
-rw-r--r--aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch94
-rw-r--r--aports/busybox/APKBUILD46
-rw-r--r--aports/busybox/config68
-rw-r--r--aports/hostapd/APKBUILD3
-rw-r--r--aports/ifupdown-ng/APKBUILD6
-rw-r--r--aports/iptables/APKBUILD12
-rw-r--r--aports/iptables/fix-u_int16_t.patch163
-rw-r--r--aports/iptables/fix-xtables.patch10
-rw-r--r--aports/iptables/use-sh-iptables-apply.patch39
-rw-r--r--aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch (renamed from aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch)3
-rw-r--r--aports/linux-lts/APKBUILD10
-rw-r--r--aports/openrc/0009-fix-bootmisc-mv-error.patch27
-rw-r--r--aports/openrc/0010-noexec-devfs.patch14
-rw-r--r--aports/openrc/APKBUILD44
-rw-r--r--[-rwxr-xr-x]aports/openrc/modloop.initd0
-rw-r--r--aports/openrc/networking.initd88
-rw-r--r--aports/rtw89/APKBUILD2
-rw-r--r--aports/socat/APKBUILD9
-rw-r--r--aports/wpa_supplicant/APKBUILD23
-rw-r--r--aports/wpa_supplicant/config6
-rw-r--r--aports/wpa_supplicant/no-tools.patch31
30 files changed, 905 insertions, 217 deletions
diff --git a/aports/base-layout/APKBUILD b/aports/base-layout/APKBUILD
index 8bb4724..8b643f3 100644
--- a/aports/base-layout/APKBUILD
+++ b/aports/base-layout/APKBUILD
@@ -2,7 +2,7 @@
pkgname=baselayout
pkgver=3.2.0
-pkgrel=19
+pkgrel=19 # base: 22
pkgdesc="Base dir structure and init scripts (Alpine Linux)"
url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout"
arch="all"
diff --git a/aports/broadcom-wl/APKBUILD b/aports/broadcom-wl/APKBUILD
index b6c15a2..3d3d5b8 100644
--- a/aports/broadcom-wl/APKBUILD
+++ b/aports/broadcom-wl/APKBUILD
@@ -2,7 +2,7 @@
pkgname=broadcom-wl
pkgver=6.30.223.271
-pkgrel=2
+pkgrel=3
pkgdesc='Broadcom 802.11 Linux STA wireless driver'
arch="x86_64"
url='https://www.broadcom.com/support/download-search/?pf=Wireless+LAN+Infrastructure'
diff --git a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
index f7f901f..d8f5ea0 100644
--- a/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
+++ b/aports/busybox/0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
@@ -1,4 +1,4 @@
-From cf95fcc20717e4c0906109b13565fdd06d874ee0 Mon Sep 17 00:00:00 2001
+From df5fffa062ebc46bd13d65c84a4abca6ae1c614d Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Wed, 10 Mar 2021 23:38:57 -0700
Subject: [PATCH] ash: add built-in $BB_ASH_VERSION variable
@@ -19,11 +19,11 @@ varinit_data 360 384 +24
Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
---
- shell/ash.c | 26 +++++++++++++++++++-------
- 1 file changed, 19 insertions(+), 7 deletions(-)
+ shell/ash.c | 28 ++++++++++++++++++++--------
+ 1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/shell/ash.c b/shell/ash.c
-index 6a16833b1..b8525dd57 100644
+index 827643808..5f8f41ee9 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -153,6 +153,14 @@
@@ -41,7 +41,7 @@ index 6a16833b1..b8525dd57 100644
//config:endif # ash options
//applet:IF_ASH(APPLET(ash, BB_DIR_BIN, BB_SUID_DROP))
-@@ -2109,6 +2117,9 @@ static const struct {
+@@ -2138,6 +2146,9 @@ static const struct {
{ VSTRFIXED|VTEXTFIXED , "PS1=$ " , NULL },
{ VSTRFIXED|VTEXTFIXED , "PS2=> " , NULL },
{ VSTRFIXED|VTEXTFIXED , "PS4=+ " , NULL },
@@ -51,7 +51,7 @@ index 6a16833b1..b8525dd57 100644
#if ENABLE_ASH_GETOPTS
{ VSTRFIXED|VTEXTFIXED , defoptindvar, getoptsreset },
#endif
-@@ -2159,18 +2170,19 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var;
+@@ -2197,19 +2208,20 @@ extern struct globals_var *BB_GLOBAL_CONST ash_ptr_to_globals_var;
#define vps1 varinit[VAR_OFFSET1 + 2]
#define vps2 varinit[VAR_OFFSET1 + 3]
#define vps4 varinit[VAR_OFFSET1 + 4]
@@ -62,22 +62,21 @@ index 6a16833b1..b8525dd57 100644
#endif
-#define VAR_OFFSET2 (VAR_OFFSET1 + ENABLE_ASH_GETOPTS)
-#define vlineno varinit[VAR_OFFSET2 + 5]
+-#define vfuncname varinit[VAR_OFFSET2 + 6]
+#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_GETOPTS)
+#define vlineno varinit[VAR_OFFSET3 + 5]
++#define vfuncname varinit[VAR_OFFSET3 + 6]
#if ENABLE_ASH_RANDOM_SUPPORT
--# define vrandom varinit[VAR_OFFSET2 + 6]
-+# define vrandom varinit[VAR_OFFSET3 + 6]
+-# define vrandom varinit[VAR_OFFSET2 + 7]
++# define vrandom varinit[VAR_OFFSET3 + 7]
#endif
-#define VAR_OFFSET3 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT)
+#define VAR_OFFSET4 (VAR_OFFSET2 + ENABLE_ASH_RANDOM_SUPPORT)
#if BASH_EPOCH_VARS
--# define vepochs varinit[VAR_OFFSET3 + 6]
--# define vepochr varinit[VAR_OFFSET3 + 7]
-+# define vepochs varinit[VAR_OFFSET4 + 6]
-+# define vepochr varinit[VAR_OFFSET4 + 7]
+-# define vepochs varinit[VAR_OFFSET3 + 7]
+-# define vepochr varinit[VAR_OFFSET3 + 8]
++# define vepochs varinit[VAR_OFFSET4 + 7]
++# define vepochr varinit[VAR_OFFSET4 + 8]
#endif
#define INIT_G_var() do { \
unsigned i; \
---
-2.30.2
-
diff --git a/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch b/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch
new file mode 100644
index 0000000..246e9b0
--- /dev/null
+++ b/aports/busybox/0001-avoid-redefined-warnings-when-building-with-utmps.patch
@@ -0,0 +1,16 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Mon, 06 Sep 2021 23:13:05 +0200
+Subject: [PATCH] Avoid redefined warnings when building with utmps
+
+--- a/include/libbb.h
++++ b/include/libbb.h
+@@ -107,6 +107,9 @@
+ # define _PATH_UTMPX _PATH_UTMP
+ # else
+ # if !defined(__FreeBSD__)
++/* _PATH_UTMP and _PATH_WTMP are defined both in paths.h and utmps/utmp.h. */
++# undef _PATH_UTMP
++# undef _PATH_WTMP
+ # include <utmp.h>
+ # else
+ # define _PATH_UTMPX "/var/run/utx.active"
diff --git a/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch b/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch
new file mode 100644
index 0000000..f1bf02f
--- /dev/null
+++ b/aports/busybox/0001-modinfo-add-k-option-for-kernel-version.patch
@@ -0,0 +1,140 @@
+From 8fed81a74070cb42e1dff1a8c2382bd123385e22 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 28 Apr 2022 16:03:16 +0200
+Subject: [PATCH] modinfo: add -k option for kernel version
+
+It is useful to be able to specify kernel version when generating
+initramfs and similar for a kernel version that might not be the running
+one.
+
+bloatcheck on x86_64:
+
+function old new delta
+packed_usage 26193 26218 +25
+modinfo_main 391 414 +23
+.rodata 80296 80298 +2
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 3/0 up/down: 50/0) Total: 50
+bytes
+ text data bss dec hex filename
+ 834606 14124 2008 850738 cfb32 busybox_old
+ 834657 14124 2008 850789 cfb65 busybox_unstripped
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ modutils/modinfo.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/modutils/modinfo.c b/modutils/modinfo.c
+index 0a86c3296..53bc02880 100644
+--- a/modutils/modinfo.c
++++ b/modutils/modinfo.c
+@@ -38,17 +38,18 @@ static const char *const shortcuts[] ALIGN_PTR = {
+
+ enum {
+ OPT_0 = (1 << 0), /* \0 as separator */
+- OPT_F = (1 << 1), /* field name */
++ OPT_k = (1 << 1), /* kernel version */
++ OPT_F = (1 << 2), /* field name */
+ /* first bits are for -nadlp options, the rest are for
+ * fields not selectable with "shortcut" options
+ */
+- OPT_n = (1 << 2),
+- OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 2,
++ OPT_n = (1 << 3),
++ OPT_TAGS = ((1 << ARRAY_SIZE(shortcuts)) - 1) << 3,
+ };
+
+ static void display(const char *data, const char *pattern)
+ {
+- int flag = option_mask32 >> 1; /* shift out -0 bit */
++ int flag = option_mask32 >> 2; /* shift out -0 and -k bits */
+ if (flag & (flag-1)) {
+ /* more than one field to show: print "FIELD:" pfx */
+ int n = printf("%s:", pattern);
+@@ -82,7 +83,8 @@ static void modinfo(const char *path, const char *version,
+ }
+ }
+
+- for (j = 1; (1<<j) & (OPT_TAGS|OPT_F); j++) {
++ /* skip initial -0 and -k option bits */
++ for (j = 2; (1<<j) & (OPT_TAGS|OPT_F); j++) {
+ const char *pattern;
+
+ if (!((1<<j) & tags))
+@@ -90,7 +92,7 @@ static void modinfo(const char *path, const char *version,
+
+ pattern = field;
+ if ((1<<j) & OPT_TAGS)
+- pattern = shortcuts[j-2];
++ pattern = shortcuts[j-3];
+
+ if (strcmp(pattern, shortcuts[0]) == 0) {
+ /* "-n" or "-F filename" */
+@@ -123,7 +125,7 @@ static void modinfo(const char *path, const char *version,
+ }
+
+ //usage:#define modinfo_trivial_usage
+-//usage: "[-adlpn0] [-F keyword] MODULE"
++//usage: "[-adlpn0] [-F keyword] [-k kernel] MODULE"
+ //usage:#define modinfo_full_usage "\n\n"
+ //usage: " -a Shortcut for '-F author'"
+ //usage: "\n -d Shortcut for '-F description'"
+@@ -131,6 +133,7 @@ static void modinfo(const char *path, const char *version,
+ //usage: "\n -p Shortcut for '-F parm'"
+ ////usage: "\n -n Shortcut for '-F filename'"
+ //usage: "\n -F keyword Keyword to look for"
++//usage: "\n -k kernel kernel version"
+ //usage: "\n -0 NUL terminated output"
+ //usage:#define modinfo_example_usage
+ //usage: "$ modinfo -F vermagic loop\n"
+@@ -139,6 +142,7 @@ int modinfo_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ {
+ const char *field;
++ const char *kernel;
+ char name[MODULE_NAME_LEN];
+ struct utsname uts;
+ parser_t *parser;
+@@ -147,15 +151,17 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ unsigned i;
+
+ field = NULL;
+- opts = getopt32(argv, "^" "0F:nadlp" "\0" "-1"/*minimum one arg*/, &field);
++ uname(&uts);
++ kernel = uts.release;
++ opts = getopt32(argv, "^" "0k:F:nadlp" "\0" "-1"/*minimum one arg*/, &kernel, &field);
+ /* If no field selected, show all */
+ if (!(opts & (OPT_TAGS|OPT_F)))
+ option_mask32 |= OPT_TAGS;
++
+ argv += optind;
+
+- uname(&uts);
+ parser = config_open2(
+- xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, uts.release, CONFIG_DEFAULT_DEPMOD_FILE),
++ xasprintf("%s/%s/%s", CONFIG_DEFAULT_MODULES_DIR, kernel, CONFIG_DEFAULT_DEPMOD_FILE),
+ xfopen_for_read
+ );
+
+@@ -167,7 +173,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+ filename2modname(bb_basename(tokens[0]), name);
+ for (i = 0; argv[i]; i++) {
+ if (fnmatch(argv[i], name, 0) == 0) {
+- modinfo(tokens[0], uts.release, field);
++ modinfo(tokens[0], kernel, field);
+ argv[i] = (char *) "";
+ }
+ }
+@@ -177,7 +183,7 @@ int modinfo_main(int argc UNUSED_PARAM, char **argv)
+
+ for (i = 0; argv[i]; i++) {
+ if (argv[i][0]) {
+- modinfo(argv[i], uts.release, field);
++ modinfo(argv[i], kernel, field);
+ }
+ }
+
+--
+2.36.0
+
diff --git a/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch b/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch
new file mode 100644
index 0000000..944fd38
--- /dev/null
+++ b/aports/busybox/0013-ash-fix-unsafe-use-of-mempcpy.patch
@@ -0,0 +1,32 @@
+From 7750b5a25a8cf9081b7c248687c876d0068e85bb Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 1 Mar 2022 09:56:54 +0100
+Subject: [PATCH] ash: fix unsafe use of mempcpy
+
+function old new delta
+subevalvar 1549 1557 +8
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ shell/ash.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 54335c5dd..44ec2eafd 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7191,7 +7191,13 @@ subevalvar(char *start, char *str, int strloc,
+ len = orig_len - pos;
+
+ if (!quotes) {
+- loc = mempcpy(startp, startp + pos, len);
++ /* want: loc = mempcpy(startp, startp + pos, len)
++ * but it does not allow overlapping arguments */
++ loc = startp;
++ while (--len >= 0) {
++ *loc = loc[pos];
++ loc++;
++ }
+ } else {
+ for (vstr = startp; pos != 0; pos--) {
+ if ((unsigned char)*vstr == CTLESC)
diff --git a/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch b/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
new file mode 100644
index 0000000..6ff2b82
--- /dev/null
+++ b/aports/busybox/0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
@@ -0,0 +1,81 @@
+From 103728181bfd9a60537166d036e5baca7b67cc1f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net>
+Date: Sat, 29 Jan 2022 06:11:12 +0100
+Subject: [PATCH] ash: fix use-after-free in bash pattern substitution
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+At Alpine Linux downstream, we were made aware of a segmentation fault
+occurring during string replacement in BusyBox ash [0]. Further
+debugging revealed that the segmentation fault occurs due to a
+use-after-free in BusyBox's bash pattern substitution implementation.
+Specially, the problem is that the repl variable (pointing to the
+replacement string) points to a value in the stack string. However, when
+accessing the repl pointer in Line 7350 it is possible that the stack
+has been moved since the last repl assignment due to the STPUTC
+invocations in Line 7317 and 7321 (since STPUTC may grow the stack via
+realloc(3)).
+
+For this reason, the code in Line 7350 may access an unmapped memory
+region and therefore causes a segmentation fault if prior STPUTC
+invocations moved the stack via realloc(3). The valgrind output
+for this edge case looks as follows:
+
+ Invalid read of size 1
+ at 0x15D8DD: subevalvar (ash.c:7350)
+ by 0x15DC43: evalvar (ash.c:7666)
+ by 0x15B717: argstr (ash.c:6893)
+ by 0x15BAEC: expandarg (ash.c:8090)
+ by 0x15F4CC: evalcommand (ash.c:10429)
+ by 0x15B26C: evaltree (ash.c:9365)
+ by 0x15E4FC: cmdloop (ash.c:13569)
+ by 0x15FD8B: ash_main (ash.c:14748)
+ by 0x115BF2: run_applet_no_and_exit (appletlib.c:967)
+ by 0x115F16: run_applet_and_exit (appletlib.c:986)
+ by 0x115EF9: busybox_main (appletlib.c:917)
+ by 0x115EF9: run_applet_and_exit (appletlib.c:979)
+ by 0x115F8F: main (appletlib.c:1126)
+ Address 0x48b8646 is 2,054 bytes inside a block of size 4,776 free'd
+ at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x116E86: xrealloc (xfuncs_printf.c:61)
+ by 0x1565DB: growstackblock (ash.c:1736)
+ by 0x156EF7: growstackstr (ash.c:1775)
+ by 0x156F1A: _STPUTC (ash.c:1816)
+ by 0x15D843: subevalvar (ash.c:7317)
+ by 0x15DC43: evalvar (ash.c:7666)
+ by 0x15B717: argstr (ash.c:6893)
+ by 0x15BAEC: expandarg (ash.c:8090)
+ by 0x15F4CC: evalcommand (ash.c:10429)
+ by 0x15B26C: evaltree (ash.c:9365)
+ by 0x15E4FC: cmdloop (ash.c:13569)
+
+A testcase for reproducing this edge case is provided in the downstream
+bug report [1]. This commit fixes the issue by reconstructing the repl
+pointer relative to stackblock() via strloc and slash_pos.
+
+[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469
+[1]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13469#note_210530
+
+Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>
+---
+ shell/ash.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 55df54bd0..24f9a8270 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7346,6 +7346,12 @@ subevalvar(char *start, char *str, int strloc,
+ idx = loc;
+ }
+
++ // The STPUTC invocations above may resize and move the
++ // stack via realloc(3). Since repl is a pointer into the
++ // stack, we need to reconstruct it relative to stackblock().
++ if (slash_pos >= 0)
++ repl = (char *)stackblock() + strloc + slash_pos + 1;
++
+ //bb_error_msg("repl:'%s'", repl);
+ for (loc = (char*)repl; *loc; loc++) {
+ char *restart_detect = stackblock();
diff --git a/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch b/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
new file mode 100644
index 0000000..5697a55
--- /dev/null
+++ b/aports/busybox/0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
@@ -0,0 +1,34 @@
+From 65bb493f2475368161431ed72816fd0c61e479b1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Tue, 8 Feb 2022 09:29:21 +0100
+Subject: [PATCH] ed: don't use memcpy with overlapping memory regions
+
+The memcpy invocations in the subCommand function, modified by this
+commit, previously used memcpy with overlapping memory regions. This is
+undefined behavior. On Alpine Linux, it causes BusyBox ed to crash since
+we compile BusyBox with -D_FORTIFY_SOURCE=2 and our fortify-headers
+implementation catches this source of undefined behavior [0]. The issue
+can only be triggered if the replacement string is the same size or
+shorter than the old string.
+
+Looking at the code, it seems to me that a memmove(3) is what was
+actually intended here, this commit modifies the code accordingly.
+
+[0]: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13504
+---
+ editors/ed.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/editors/ed.c b/editors/ed.c
+index 209ce9942..4a84f7433 100644
+--- a/editors/ed.c
++++ b/editors/ed.c
+@@ -720,7 +720,7 @@ static void subCommand(const char *cmd, int num1, int num2)
+ if (deltaLen <= 0) {
+ memcpy(&lp->data[offset], newStr, newLen);
+ if (deltaLen) {
+- memcpy(&lp->data[offset + newLen],
++ memmove(&lp->data[offset + newLen],
+ &lp->data[offset + oldLen],
+ lp->len - offset - oldLen);
+
diff --git a/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
new file mode 100644
index 0000000..3527fa5
--- /dev/null
+++ b/aports/busybox/0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
@@ -0,0 +1,88 @@
+From fa52ac9781f479de8ab4d8526276244c0a0471f4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren@soeren-tempel.net>
+Date: Mon, 28 Feb 2022 08:36:50 +0100
+Subject: [PATCH] ash: don't read past end of var in subvareval for bash
+ substitutions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Without this patch, BusyBox handles bash pattern substitutions without
+a terminating '/' character incorrectly.
+
+Consider the following shell script:
+
+ _bootstrapver=5.0.211-r0
+ _referencesdir="/usr/${_bootstrapver/-*}/Sources"
+ echo $_referencesdir
+
+This should output `/usr/5.0.211/Sources`. However, without this patch
+it instead outputs `/usr/5.0.211Sources`. This is due to the fact that
+BusyBox expects the bash pattern substitutions to always be terminated
+with a '/' (at least in this part of subvareval) and thus reads passed
+the substitution itself and consumes the '/' character which is part of
+the literal string. If there is no '/' after the substitution then
+BusyBox might perform an out-of-bounds read under certain circumstances.
+
+When replacing the bash pattern substitution with `${_bootstrapver/-*/}`,
+or with this patch applied, ash outputs the correct value.
+
+Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ shell/ash.c | 4 ++++
+ shell/ash_test/ash-vars/var_bash_repl_unterminated.right | 1 +
+ shell/ash_test/ash-vars/var_bash_repl_unterminated.tests | 2 ++
+ shell/hush_test/hush-vars/var_bash_repl_unterminated.right | 1 +
+ shell/hush_test/hush-vars/var_bash_repl_unterminated.tests | 2 ++
+ 5 files changed, 10 insertions(+)
+ create mode 100644 shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+ create mode 100755 shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+ create mode 100644 shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+ create mode 100755 shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+
+diff --git a/shell/ash.c b/shell/ash.c
+index adb0f223a..54335c5dd 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7081,6 +7081,10 @@ subevalvar(char *start, char *str, int strloc,
+ *repl = '\0';
+ break;
+ }
++ if ((unsigned char)*repl == CTLENDVAR) { /* ${v/pattern} (no trailing /, no repl) */
++ repl = NULL;
++ break;
++ }
+ /* Handle escaped slashes, e.g. "${v/\//_}" (they are CTLESC'ed by this point) */
+ if ((unsigned char)*repl == CTLESC && repl[1])
+ repl++;
+diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.right b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+new file mode 100644
+index 000000000..5bff3a6fa
+--- /dev/null
++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.right
+@@ -0,0 +1 @@
++b/d
+diff --git a/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+new file mode 100755
+index 000000000..c9513343d
+--- /dev/null
++++ b/shell/ash_test/ash-vars/var_bash_repl_unterminated.tests
+@@ -0,0 +1,2 @@
++a=b-c
++echo ${a/-*}/d
+diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.right b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+new file mode 100644
+index 000000000..5bff3a6fa
+--- /dev/null
++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.right
+@@ -0,0 +1 @@
++b/d
+diff --git a/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+new file mode 100755
+index 000000000..c9513343d
+--- /dev/null
++++ b/shell/hush_test/hush-vars/var_bash_repl_unterminated.tests
+@@ -0,0 +1,2 @@
++a=b-c
++echo ${a/-*}/d
diff --git a/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch b/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch
new file mode 100644
index 0000000..22a2578
--- /dev/null
+++ b/aports/busybox/0017-ash-Fix-use-after-free-on-idx-variable.patch
@@ -0,0 +1,94 @@
+From 3813e89e3622b034b0e51acae496493a717555cc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Wed, 1 Jun 2022 11:51:40 +0200
+Subject: [PATCH] ash: Fix use-after-free on idx variable
+
+Consider the following code from ash.c:
+
+ STPUTC(*idx, expdest);
+ if (quotes && (unsigned char)*idx == CTLESC) {
+
+The idx variable points to a value in the stack string (as managed
+by STPUTC). STPUTC may resize this stack string via realloc(3). If
+this happens, the idx pointer needs to be updated. Otherwise,
+dereferencing idx may result in a use-after free.
+
+The valgrind output for this edge case looks as follows:
+
+ Invalid read of size 1
+ at 0x113AD7: subevalvar (ash.c:7326)
+ by 0x112EC7: evalvar (ash.c:7674)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+ by 0x118989: evalcommand (ash.c:10377)
+ by 0x116744: evaltree (ash.c:9373)
+ by 0x1170DC: cmdloop (ash.c:13577)
+ by 0x1191E4: ash_main (ash.c:14756)
+ by 0x10CB3B: run_applet_no_and_exit (appletlib.c:967)
+ by 0x10CBCA: run_applet_and_exit (appletlib.c:986)
+ by 0x10CBCA: main (appletlib.c:1126)
+ Address 0x48b4099 is 857 bytes inside a block of size 2,736 free'd
+ at 0x48A6FC9: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x125B03: xrealloc (xfuncs_printf.c:61)
+ by 0x10F9D2: growstackblock (ash.c:1736)
+ by 0x10FA4E: growstackstr (ash.c:1775)
+ by 0x10FA71: _STPUTC (ash.c:1816)
+ by 0x113A94: subevalvar (ash.c:7325)
+ by 0x112EC7: evalvar (ash.c:7674)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+ by 0x118989: evalcommand (ash.c:10377)
+ by 0x116744: evaltree (ash.c:9373)
+ by 0x1170DC: cmdloop (ash.c:13577)
+ Block was alloc'd at
+ at 0x48A26D5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
+ by 0x125AE9: xmalloc (xfuncs_printf.c:50)
+ by 0x10ED56: stalloc (ash.c:1622)
+ by 0x10F9FF: growstackblock (ash.c:1746)
+ by 0x10FB2A: growstackto (ash.c:1783)
+ by 0x10FB47: makestrspace (ash.c:1795)
+ by 0x10FDE7: memtodest (ash.c:6390)
+ by 0x10FE91: strtodest (ash.c:6417)
+ by 0x112CC5: varvalue (ash.c:7558)
+ by 0x112D80: evalvar (ash.c:7603)
+ by 0x113219: argstr (ash.c:6891)
+ by 0x113D10: expandarg (ash.c:8098)
+
+This patch fixes this issue by updating the pointers again via
+the restart label if STPUTC re-sized the stack. This issue
+has been reported to us at Alpine Linux downstream.
+
+Also: Move the second realloc-check inside the if statement
+that follows so it isn't done twice if the condition evaluates
+to false.
+
+See also:
+
+* https://gitlab.alpinelinux.org/alpine/aports/-/issues/13900
+* http://lists.busybox.net/pipermail/busybox/2022-April/089655.html
+---
+ shell/ash.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index ef4a47afe..cbc50eefe 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -7323,13 +7323,15 @@ subevalvar(char *start, char *str, int strloc,
+ if (idx >= end)
+ break;
+ STPUTC(*idx, expdest);
++ if (stackblock() != restart_detect)
++ goto restart;
+ if (quotes && (unsigned char)*idx == CTLESC) {
+ idx++;
+ len++;
+ STPUTC(*idx, expdest);
++ if (stackblock() != restart_detect)
++ goto restart;
+ }
+- if (stackblock() != restart_detect)
+- goto restart;
+ idx++;
+ len++;
+ rmesc++;
diff --git a/aports/busybox/APKBUILD b/aports/busybox/APKBUILD
index 40b1d3f..ec0d3fb 100644
--- a/aports/busybox/APKBUILD
+++ b/aports/busybox/APKBUILD
@@ -1,13 +1,16 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=busybox
-pkgver=1.34.1
-pkgrel=5
+pkgver=1.35.0
+pkgrel=0 # base: 14, -initscripts: 4.1-r1
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url="https://busybox.net/"
arch="all"
license="GPL-2.0-only"
makedepends_build="perl"
-makedepends_host="linux-headers openssl1.1-compat-dev libretls-dev"
+makedepends_host="linux-headers openssl-dev"
+# Only build with UTMPS support if we are not bootstrapping.
+# skalibs-static is needed for utmps-static
+[ -z "$BOOTSTRAP" ] && makedepends_host="$makedepends_host utmps-dev utmps-static skalibs-static"
makedepends="$makedepends_build $makedepends_host"
checkdepends=
provides="/bin/sh"
@@ -15,8 +18,6 @@ install=
subpackages=
options="!check"
source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
- 0001-rev-correct-output-for-long-input-lines.patch
-
0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch
0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch
0001-properly-fix-wget-https-support.patch
@@ -31,16 +32,17 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
0009-depmod-support-generating-kmod-binary-index-files.patch
0010-Add-flag-for-not-following-symlinks-when-recursing.patch
0012-udhcpc-Don-t-background-if-n-is-given.patch
-
+ 0013-ash-fix-unsafe-use-of-mempcpy.patch
+ 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
+ 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
+ 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
+ 0017-ash-Fix-use-after-free-on-idx-variable.patch
0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
-
- 0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch
- 0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch
-
0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch
-
+ 0001-avoid-redefined-warnings-when-building-with-utmps.patch
0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+ 0001-modinfo-add-k-option-for-kernel-version.patch
acpid.logrotate
config
@@ -59,6 +61,9 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
"
# secfixes:
+# 1.35.0-r7:
+# - ALPINE-13661
+# - CVE-2022-28391
# 1.34.1-r5:
# - ALPINE-13661
# - CVE-2022-28391
@@ -162,7 +167,8 @@ EOF
install -m644 "$srcdir"/$i "$pkgdir"/etc/conf.d/${i%.*} || return 1
done
install -m644 mdev.conf "$pkgdir"/etc
- install -m755 persistent-storage "$pkgdir"/lib/mdev/
+ install -m755 persistent-storage \
+ "$pkgdir"/lib/mdev/
# poweroff script for acpid
cat >"$pkgdir"/etc/acpi/PWRF/00000080 <<EOF
@@ -173,8 +179,7 @@ EOF
}
sha512sums="
-fb7e53a56c07b1098a12ee7232ad5401b147816648a0619b3b5358fdcf0915cfbb054500c0e0dd4acb3bc0a93a584b62bc5448e1f16b28004f58b39518a13b9d busybox-1.34.1.tar.bz2
-054e766429887e610c4a17846f495b7099bb419217f5fcc0dce0ed62b8740c2d4ee53b12a609b1830c26ac2af1eca9beb6140063b7d2665939f99f8664dfcc05 0001-rev-correct-output-for-long-input-lines.patch
+62b2e718b6669271380445ed6db249618d777a4e8d5e6d879fa39ffee43887b6a2e93ceef874c615c565ad492deb772b03a19b7475c403202741579fb151e16a busybox-1.35.0.tar.bz2
ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch
a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch
1efe1c4894ae983fed5ac848125f8603f157b9d91c952c53f4192b48d3e50967e05559851148397b583f34fb02d480393547904b4635e4248248be567ab268ea 0001-properly-fix-wget-https-support.patch
@@ -189,14 +194,19 @@ f12916e70f7cc1ef4f6d85d09b9a496a52a494e6318029fdce9a9c812ab5c7b2a046c33b66834127
df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4bee37c729a4d20abf127f615b0e238a667d572137abe6a79e 0009-depmod-support-generating-kmod-binary-index-files.patch
ecbe5c890d966f09280c7eb534109f785c68e292765f17ed7ff62fcc61d20f61443c4155add0a1ebfb67ce8564e104c1aa22a8ef0400e119b0bca2bca3671f2d 0010-Add-flag-for-not-following-symlinks-when-recursing.patch
3ae5ecf3ea66c8d98762432026806fdb67b13a28075c6a3cb6e811a34ef89c2f0ed651946003aaad97fb4b7f74d132af3c394c114b7a72e1d20b319b739c5a6e 0012-udhcpc-Don-t-background-if-n-is-given.patch
-d12246f1134bbd3993462d27172c4739cc601b251d57ce8e088745773afa965551236e8cb8b9013dfc142fd055e369a771d86c7c54615c89bd30393400bfa390 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
-6f8fa4ec190d64d6c3d5377994be933885ed0b40361c99ca35881684db3b1b79664d6eab56a389df290b9f6c4db502c617ec8e4ffa6d5284bd41cea1f478b26c 0001-cpio-add-support-for-ignore-devno-like-GNU-cpio.patch
-97109be04445b7b887c402b7072c1da57212ef11f2eca6d34c24d5a4e3b2866ee79aca7a0ca41043726293d9bed1b2fa8aab100501569f00b8670c280a87a01c 0002-cpio-add-support-for-renumber-inodes-like-GNU-cpio.patch
+6b1ebc6da26c355a63c166f4c8d1774e7a9c5456ec76b773395a2158cb4848cf245fa5553843666c0a46f4c97d03e08815abae777f2b80bbb69d916618f94761 0013-ash-fix-unsafe-use-of-mempcpy.patch
+3eb7609054fa8e03d7e366f7debc5cb0630ff65d521a91be84803bdef3854f81e29d26a9567c501a121e94a55d3a3477894e774508f80def775f2ecc812805e7 0014-ash-fix-use-after-free-in-bash-pattern-substitution.patch
+0040800382a6e3adcc6a8094b821488c7e297fc80304afba23a4fca43b7b26ac699378dfbd930ebbf9985336b3e431301f7ca93e2d041a071902a48740d263ef 0015-ed-don-t-use-memcpy-with-overlapping-memory-regions.patch
+4c95dc4bf6aff9018bfb52b400f6d8375a1d22493b44ea516cb12dba6556f12797a3cba55768d2e59ff57c0f3247ec1ff95edb8f17561f3d37ec18d83ca47eb0 0016-ash-don-t-read-past-end-of-var-in-subvareval-for-bas.patch
+ccdf098fb15eaa316708181469a1193d6eec7067131e7b7645e0219bf03cfd07f4f79e8f62c1e560f6146dcc38186a29bdee08aaa39f290e11d020b8f07d2f65 0017-ash-Fix-use-after-free-on-idx-variable.patch
+6d100fe44da2b97c2cbdda253d0504b487212d195144d9315cddbe8c51d18fae3745701923b170b40e35f54b592f94f02cadbffd9cb716661c12a7f1da022763 0001-ash-add-built-in-BB_ASH_VERSION-variable.patch
e33dbc27d77c4636f4852d5d5216ef60a9a4343484e4559e391c13c813bf65c782b889914eff2e1f038d74cf02cb0d23824ebbb1044b5f8c86260d5a1bbc4e4d 0001-pgrep-add-support-for-matching-against-UID-and-RUID.patch
+2640698e5108434991a8491fcc508bd991d2111b14bb6957385393a36603e1d81fdf826ad7b150d487d2a924630ee54c0fc4f979214e90feca9ba7d2fd96a865 0001-avoid-redefined-warnings-when-building-with-utmps.patch
b52050678e79e4da856956906d07fcb620cbf35f2ef6b5a8ee3b8d244ea63b4b98eef505451184d5b4937740d91eef154ed748c30d329ac485be51b37626f251 0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
ead4ad65d270d8659e1898fa16f76b6cbcf567d8aba238eacccda3764edb4362240d9359d6389873bedc126d405f805fc6dfce653a7181618ebcc67c94bd08d2 0002-nslookup-sanitize-all-printed-strings-with-printable.patch
+4f6ddd59d6096943f617b0938fca428114190b8b37732d6783faab291451a2c30c452ed39299db22d1d9679d007022f87d43e93b38a4f6ced64a8659e9233773 0001-modinfo-add-k-option-for-kernel-version.patch
aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate
-86171e6e1a2c905ca4182997812758a249c5b38a3371e925e78c533845ff5f0e8035d8baf223dbe3f8c2afd2237c243f14b76d42d7c5db69117bed59dee245d2 config
+0b92eafab0722a6c9cc4880e3be4976de9713e1e1c715c6c727a948cbd68268fce01ce308291834f70d0cf3328f7c8a44cbdb5b7c70d90f91b15efcb5b90acb3 config
c3194ccffe7300a0f55d50fb56d38c8df55d588adac13056fd0be2676594974477f94de5570a5a882bc864c3711cf67aa43b6ad6808e672f4533dd0f7363d2f5 default.script
dd548670114a92404b8e35fb915fdbe5994498b05b0a418583271c3dd72fb7800950e42c095c902a014eb198c046b8a346d43dccd8e7a158048ae33767c572ed acpid.initd
c9d0fb0f8cc27d661d3b4e58c56eb598ca368890576e18ffffd42efdf68ba35537656be9be319b2e2818aa0152d3ca8611bece2433512fbfcd4eed7988765549 crond.initd
diff --git a/aports/busybox/config b/aports/busybox/config
index 71b8a4b..5114bd3 100644
--- a/aports/busybox/config
+++ b/aports/busybox/config
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
-# Busybox version: 1.34.1
-# Sun Apr 24 10:12:56 2022
+# Busybox version: 1.35.0
+# Sat Jun 25 18:59:59 2022
#
CONFIG_HAVE_DOT_CONFIG=y
@@ -94,9 +94,12 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
CONFIG_PASSWORD_MINLEN=6
CONFIG_MD5_SMALL=1
CONFIG_SHA3_SMALL=1
-# CONFIG_FEATURE_FAST_TOP is not set
-# CONFIG_FEATURE_ETC_NETWORKS is not set
-# CONFIG_FEATURE_ETC_SERVICES is not set
+CONFIG_FEATURE_NON_POSIX_CP=y
+# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
+CONFIG_FEATURE_USE_SENDFILE=y
+CONFIG_FEATURE_COPYBUF_KB=4
+CONFIG_MONOTONIC_SYSCALL=y
+CONFIG_IOCTL_HEX2STR_ERROR=y
CONFIG_FEATURE_EDITING=y
CONFIG_FEATURE_EDITING_MAX_LEN=1024
# CONFIG_FEATURE_EDITING_VI is not set
@@ -120,14 +123,6 @@ CONFIG_LAST_SUPPORTED_WCHAR=767
# CONFIG_UNICODE_BIDI_SUPPORT is not set
# CONFIG_UNICODE_NEUTRAL_TABLE is not set
# CONFIG_UNICODE_PRESERVE_BROKEN is not set
-CONFIG_FEATURE_NON_POSIX_CP=y
-# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
-CONFIG_FEATURE_USE_SENDFILE=y
-CONFIG_FEATURE_COPYBUF_KB=4
-CONFIG_FEATURE_SKIP_ROOTFS=y
-CONFIG_MONOTONIC_SYSCALL=y
-CONFIG_IOCTL_HEX2STR_ERROR=y
-# CONFIG_FEATURE_HWIB is not set
#
# Applets
@@ -199,6 +194,22 @@ CONFIG_GZIP_FAST=0
#
# Coreutils
#
+CONFIG_FEATURE_VERBOSE=y
+
+#
+# Common options for date and touch
+#
+CONFIG_FEATURE_TIMEZONE=y
+
+#
+# Common options for cp and mv
+#
+CONFIG_FEATURE_PRESERVE_HARDLINKS=y
+
+#
+# Common options for df, du, ls
+#
+CONFIG_FEATURE_HUMAN_READABLE=y
CONFIG_BASENAME=y
CONFIG_CAT=y
CONFIG_FEATURE_CATN=y
@@ -227,6 +238,7 @@ CONFIG_FEATURE_DATE_COMPAT=y
# CONFIG_FEATURE_DD_STATUS is not set
CONFIG_DF=y
CONFIG_FEATURE_DF_FANCY=y
+CONFIG_FEATURE_SKIP_ROOTFS=y
CONFIG_DIRNAME=y
# CONFIG_DOS2UNIX is not set
# CONFIG_UNIX2DOS is not set
@@ -346,21 +358,6 @@ CONFIG_WHOAMI=y
CONFIG_YES=y
#
-# Common options
-#
-CONFIG_FEATURE_VERBOSE=y
-
-#
-# Common options for cp and mv
-#
-CONFIG_FEATURE_PRESERVE_HARDLINKS=y
-
-#
-# Common options for df, du, ls
-#
-CONFIG_FEATURE_HUMAN_READABLE=y
-
-#
# Console Utilities
#
# CONFIG_CHVT is not set
@@ -446,7 +443,11 @@ CONFIG_FEATURE_VI_UNDO_QUEUE_MAX=0
CONFIG_FIND=y
CONFIG_FEATURE_FIND_PRINT0=y
CONFIG_FEATURE_FIND_MTIME=y
+CONFIG_FEATURE_FIND_ATIME=y
+CONFIG_FEATURE_FIND_CTIME=y
CONFIG_FEATURE_FIND_MMIN=y
+CONFIG_FEATURE_FIND_AMIN=y
+CONFIG_FEATURE_FIND_CMIN=y
CONFIG_FEATURE_FIND_PERM=y
CONFIG_FEATURE_FIND_TYPE=y
CONFIG_FEATURE_FIND_EXECUTABLE=y
@@ -454,6 +455,7 @@ CONFIG_FEATURE_FIND_XDEV=y
CONFIG_FEATURE_FIND_MAXDEPTH=y
CONFIG_FEATURE_FIND_NEWER=y
CONFIG_FEATURE_FIND_INUM=y
+CONFIG_FEATURE_FIND_SAMEFILE=y
CONFIG_FEATURE_FIND_EXEC=y
CONFIG_FEATURE_FIND_EXEC_PLUS=y
CONFIG_FEATURE_FIND_USER=y
@@ -850,6 +852,9 @@ CONFIG_FEATURE_IPV6=y
# CONFIG_FEATURE_UNIX_LOCAL is not set
CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
# CONFIG_VERBOSE_RESOLUTION_ERRORS is not set
+# CONFIG_FEATURE_ETC_NETWORKS is not set
+# CONFIG_FEATURE_ETC_SERVICES is not set
+# CONFIG_FEATURE_HWIB is not set
# CONFIG_FEATURE_TLS_SHA1 is not set
# CONFIG_ARP is not set
# CONFIG_ARPING is not set
@@ -868,6 +873,7 @@ CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
CONFIG_HOSTNAME=y
# CONFIG_DNSDOMAINNAME is not set
# CONFIG_HTTPD is not set
+CONFIG_FEATURE_HTTPD_PORT_DEFAULT=0
# CONFIG_FEATURE_HTTPD_RANGES is not set
# CONFIG_FEATURE_HTTPD_SETUID is not set
# CONFIG_FEATURE_HTTPD_BASIC_AUTH is not set
@@ -960,6 +966,7 @@ CONFIG_SLATTACH=y
# CONFIG_FEATURE_TELNET_WIDTH is not set
# CONFIG_TELNETD is not set
# CONFIG_FEATURE_TELNETD_STANDALONE is not set
+CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0
# CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
# CONFIG_TFTP is not set
# CONFIG_FEATURE_TFTP_PROGRESS_BAR is not set
@@ -1024,17 +1031,19 @@ CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS=""
#
# Mail Utilities
#
+CONFIG_FEATURE_MIME_CHARSET=""
# CONFIG_MAKEMIME is not set
# CONFIG_POPMAILDIR is not set
# CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set
# CONFIG_REFORMIME is not set
# CONFIG_FEATURE_REFORMIME_COMPAT is not set
# CONFIG_SENDMAIL is not set
-CONFIG_FEATURE_MIME_CHARSET=""
#
# Process Utilities
#
+# CONFIG_FEATURE_FAST_TOP is not set
+CONFIG_FEATURE_SHOW_THREADS=y
CONFIG_FREE=y
CONFIG_FUSER=y
CONFIG_IOSTAT=y
@@ -1073,7 +1082,6 @@ CONFIG_FEATURE_TOPMEM=y
CONFIG_UPTIME=y
CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y
CONFIG_WATCH=y
-CONFIG_FEATURE_SHOW_THREADS=y
#
# Runit Utilities
diff --git a/aports/hostapd/APKBUILD b/aports/hostapd/APKBUILD
index 60265f0..12d4224 100644
--- a/aports/hostapd/APKBUILD
+++ b/aports/hostapd/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=hostapd
pkgver=2.10
-pkgrel=0
+pkgrel=1 # base: 1
pkgdesc="daemon for wireless software access points"
url="https://w1.fi/hostapd/"
arch="all"
@@ -53,6 +53,7 @@ prepare() {
-e '/^#CONFIG_IEEE80211N=y/s/^#//' \
-e '/^#CONFIG_IEEE80211R=y/s/^#//' \
-e '/^#CONFIG_IEEE80211AC=y/s/^#//' \
+ -e '/^#CONFIG_IEEE80211AX=y/s/^#//' \
-e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \
-e '/^#CONFIG_LIBNL32=y/s/^#//' \
-e '/^#CONFIG_ACS=y/s/^#//' \
diff --git a/aports/ifupdown-ng/APKBUILD b/aports/ifupdown-ng/APKBUILD
index e8c7f3f..85c6087 100644
--- a/aports/ifupdown-ng/APKBUILD
+++ b/aports/ifupdown-ng/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=ifupdown-ng
-pkgver=0.11.3
-pkgrel=1
+pkgver=0.12.1
+pkgrel=0 # base: 0
pkgdesc="tools for managing network configuration"
url="https://github.com/ifupdown-ng/ifupdown-ng"
arch="all"
@@ -35,7 +35,7 @@ package() {
}
sha512sums="
-7339d8d14bc881968093fa4a92c84850d99b5469847858be5423b98c5ed25776198fe1065686c22b6823cf7ace17845e96d7932782c111207264f8e3a52cbbb7 ifupdown-ng-0.11.3.tar.xz
+c2c1e27fbd53eeb4150e544a893352f13845b491850e982a5880160c3be03b628794f7989c802ff823ac3e8c6c34dc4ab97c0abcefdda85f06fcd64ced8ac60c ifupdown-ng-0.12.1.tar.xz
e261fd3f185372bf8f2075216b9dd3e2d8090e978654ee742122ee7869017d309eac54b1415e79878015f312a39fa8fdd4b0d8c2bed8515e5a94c15da1b7b844 no-examples.patch
cde5422ed19c79f970b24fde267f9bef34f069f806e7ed671fb443df6ff169e81791baaeebbe02595218f30224add65dabfd0337f9984d2387965001872a1038 interfaces
"
diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD
index 720bd19..4dc6dc6 100644
--- a/aports/iptables/APKBUILD
+++ b/aports/iptables/APKBUILD
@@ -1,14 +1,17 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=iptables
-pkgver=1.8.7
-pkgrel=2
+pkgver=1.8.8
+pkgrel=0 # base: 1
pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
url="https://www.netfilter.org/projects/iptables/index.html"
arch="all"
license="GPL-2.0-or-later"
makedepends="libnftnl-dev bison flex autoconf automake"
source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.bz2
+ use-sh-iptables-apply.patch
+ fix-xtables.patch
+ fix-u_int16_t.patch
iptables.initd
iptables.confd
ip6tables.confd
@@ -56,7 +59,10 @@ package() {
}
sha512sums="
-c0a33fafbf1139157a9f52860938ebedc282a1394a68dcbd58981159379eb525919f999b25925f2cb4d6b18089bd99a94b00b3e73cff5cb0a0e47bdff174ed75 iptables-1.8.7.tar.bz2
+f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59 iptables-1.8.8.tar.bz2
+ac78898c2acbe66ed8d32a06f41ff08cde7c22c3df6dfec6bc89a912d2cef2bde730de19d25a5407886d567cb0972a0b7bde7e6b18a34c4511495b4dad3b90ad use-sh-iptables-apply.patch
+ce8c4ff001be49b77bb82efc3cb8b9f3c8f8684abcb07d079c6a00fab5c7a22e0d7f66f8ccdf3aab63d8fdb2b01b249679a89561e2f723111c8ce4075681b134 fix-xtables.patch
+015ca550cf27802446d74521b7618095a342663d4fd73700975f3186428ecdc9eec27016f4d40862d3837cbbe0bb43509c1022b19ef8692ab28cc24e18831d57 fix-u_int16_t.patch
a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d iptables.initd
85bb1660c2452fdede5ae0a483489a3648a8b327ea658839a1ad8c6405f6526bdf842a62d4df3f6e3cbbb9ad59137d37b39266cee21e252814191964d4c50f44 iptables.confd
0897a7a22f8b700f7f1f5c355ad6cbf39740e44d6c962af99e479978d8a2d556ca7fe4e31f238829046b4a871ce0b5fd52e2544f1361d15dd1ea3e33992646c4 ip6tables.confd
diff --git a/aports/iptables/fix-u_int16_t.patch b/aports/iptables/fix-u_int16_t.patch
new file mode 100644
index 0000000..37b3950
--- /dev/null
+++ b/aports/iptables/fix-u_int16_t.patch
@@ -0,0 +1,163 @@
+From f319389525b066b7dc6d389c88f16a0df3b8f189 Mon Sep 17 00:00:00 2001
+From: Nick Hainke <vincent@systemli.org>
+Date: Mon, 16 May 2022 18:16:41 +0200
+Subject: treewide: use uint* instead of u_int*
+
+Gcc complains about missing types. Some commits introduced u_int* instead
+of uint*. Use uint treewide.
+
+Fixes errors in the form of:
+In file included from xtables-legacy-multi.c:5:
+xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
+ 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
+ | ^~~~~~~~~
+ | uint16_t
+make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
+
+Avoid libipq API breakage by adjusting libipq.h include accordingly. For
+arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
+e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
+
+Signed-off-by: Nick Hainke <vincent@systemli.org>
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ extensions/libxt_conntrack.c | 2 +-
+ include/libipq/libipq.h | 8 ++++----
+ include/libiptc/libxtc.h | 2 +-
+ include/linux/netfilter_arp/arpt_mangle.h | 2 +-
+ iptables/xshared.c | 2 +-
+ iptables/xshared.h | 2 +-
+ libipq/ipq_create_handle.3 | 2 +-
+ libipq/ipq_set_mode.3 | 2 +-
+ 8 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
+index 64018ce1..234085c5 100644
+--- a/extensions/libxt_conntrack.c
++++ b/extensions/libxt_conntrack.c
+@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
+
+ static void
+ conntrack_dump_ports(const char *prefix, const char *opt,
+- u_int16_t port_low, u_int16_t port_high)
++ uint16_t port_low, uint16_t port_high)
+ {
+ if (port_high == 0 || port_low == port_high)
+ printf(" %s%s %u", prefix, opt, port_low);
+diff --git a/include/libipq/libipq.h b/include/libipq/libipq.h
+index 3cd13292..dd0cb205 100644
+--- a/include/libipq/libipq.h
++++ b/include/libipq/libipq.h
+@@ -24,7 +24,7 @@
+ #include <errno.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+-#include <sys/types.h>
++#include <stdint.h>
+ #include <sys/socket.h>
+ #include <sys/uio.h>
+ #include <asm/types.h>
+@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
+ struct ipq_handle
+ {
+ int fd;
+- u_int8_t blocking;
++ uint8_t blocking;
+ struct sockaddr_nl local;
+ struct sockaddr_nl peer;
+ };
+
+-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
+
+ int ipq_destroy_handle(struct ipq_handle *h);
+
+ ssize_t ipq_read(const struct ipq_handle *h,
+ unsigned char *buf, size_t len, int timeout);
+
+-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
+
+ ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
+
+diff --git a/include/libiptc/libxtc.h b/include/libiptc/libxtc.h
+index 37010188..a1d16ef9 100644
+--- a/include/libiptc/libxtc.h
++++ b/include/libiptc/libxtc.h
+@@ -10,7 +10,7 @@ extern "C" {
+ #endif
+
+ #ifndef XT_MIN_ALIGN
+-/* xt_entry has pointers and u_int64_t's in it, so if you align to
++/* xt_entry has pointers and uint64_t's in it, so if you align to
+ it, you'll also align to any crazy matches and targets someone
+ might write */
+ #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
+diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/linux/netfilter_arp/arpt_mangle.h
+index 250f5029..8c2b16a1 100644
+--- a/include/linux/netfilter_arp/arpt_mangle.h
++++ b/include/linux/netfilter_arp/arpt_mangle.h
+@@ -13,7 +13,7 @@ struct arpt_mangle
+ union {
+ struct in_addr tgt_ip;
+ } u_t;
+- u_int8_t flags;
++ __u8 flags;
+ int target;
+ };
+
+diff --git a/iptables/xshared.c b/iptables/xshared.c
+index a8512d38..9b5e5b5b 100644
+--- a/iptables/xshared.c
++++ b/iptables/xshared.c
+@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
+ };
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert)
+ {
+ if (*options & option)
+diff --git a/iptables/xshared.h b/iptables/xshared.h
+index 14568bb0..f8212988 100644
+--- a/iptables/xshared.h
++++ b/iptables/xshared.h
+@@ -80,7 +80,7 @@ struct xtables_target;
+ #define IPT_INV_ARPHRD 0x0800
+
+ void
+-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
++set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
+ bool invert);
+
+ /**
+diff --git a/libipq/ipq_create_handle.3 b/libipq/ipq_create_handle.3
+index 11ef95c4..ebe46daa 100644
+--- a/libipq/ipq_create_handle.3
++++ b/libipq/ipq_create_handle.3
+@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
+ .br
+ .BI "int ipq_destroy_handle(struct ipq_handle *" h );
+ .SH DESCRIPTION
+diff --git a/libipq/ipq_set_mode.3 b/libipq/ipq_set_mode.3
+index 0edd3c00..e206886c 100644
+--- a/libipq/ipq_set_mode.3
++++ b/libipq/ipq_set_mode.3
+@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
+ .br
+ .B #include <libipq.h>
+ .sp
+-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
+ .SH DESCRIPTION
+ The
+ .B ipq_set_mode
+--
+cgit v1.2.3
+
diff --git a/aports/iptables/fix-xtables.patch b/aports/iptables/fix-xtables.patch
new file mode 100644
index 0000000..657c821
--- /dev/null
+++ b/aports/iptables/fix-xtables.patch
@@ -0,0 +1,10 @@
+--- a/libxtables/xtables.c 2022-05-13 13:26:26.000000000 +0000
++++ b/libxtables/xtables.c 2022-05-17 08:56:52.670556393 +0000
+@@ -45,7 +45,6 @@
+
+ #include <xtables.h>
+ #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
+-#include <linux/if_ether.h> /* ETH_ALEN */
+ #include <linux/netfilter_ipv4/ip_tables.h>
+ #include <linux/netfilter_ipv6/ip6_tables.h>
+ #include <libiptc/libxtc.h>
diff --git a/aports/iptables/use-sh-iptables-apply.patch b/aports/iptables/use-sh-iptables-apply.patch
new file mode 100644
index 0000000..b31fc94
--- /dev/null
+++ b/aports/iptables/use-sh-iptables-apply.patch
@@ -0,0 +1,39 @@
+From: Simon Frankenberger <simon-alpine@fraho.eu>
+
+make iptables-apply use posix sh
+
+--- a/iptables/iptables-apply
++++ b/iptables/iptables-apply
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # iptables-apply -- a safer way to update iptables remotely
+ #
+ # Usage:
+@@ -110,7 +110,7 @@
+ }
+
+ function checkcommands() {
+- for cmd in "${COMMANDS[@]}"; do
++ for cmd in ${COMMANDS}; do
+ if ! command -v "$cmd" >/dev/null; then
+ echo "Error: needed command not found: $cmd" >&2
+ exit 127
+@@ -184,7 +184,7 @@
+ fi
+
+ # Needed commands
+- COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD")
++ COMMANDS="mktemp $SAVE $RESTORE $RUNCMD"
+ checkcommands
+ ;;
+ (*)
+@@ -196,7 +196,7 @@
+ fi
+
+ # Needed commands
+- COMMANDS=(mktemp "$SAVE" "$RESTORE")
++ COMMANDS="mktemp $SAVE $RESTORE"
+ checkcommands
+ ;;
+ esac
diff --git a/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch b/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch
index fdf3b77..008bfbe 100644
--- a/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch
+++ b/aports/linux-lts/0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch
@@ -1,11 +1,10 @@
--- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c
-@@ -14,6 +14,8 @@
+@@ -14,6 +14,7 @@
static const struct pci_device_id mt7921_pci_device_table[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x7961) },
+ { PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x0608) },
-+ { PCI_DEVICE(PCI_VENDOR_ID_MEDIATEK, 0x0616) },
{ },
};
diff --git a/aports/linux-lts/APKBUILD b/aports/linux-lts/APKBUILD
index aca3090..e496113 100644
--- a/aports/linux-lts/APKBUILD
+++ b/aports/linux-lts/APKBUILD
@@ -1,12 +1,12 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=linux-lts
-pkgver=5.15.46
+pkgver=5.15.49
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
esac
-pkgrel=1
+pkgrel=0
pkgdesc="Linux LTS kernel"
url="https://www.kernel.org"
depends=
@@ -16,7 +16,7 @@ options="!strip"
install=
source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz
config-lts.x86_64
- 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch
+ 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch
"
subpackages="$pkgname-dev:_dev:$CBUILD_ARCH"
@@ -163,6 +163,6 @@ _dev() {
sha512sums="
d25ad40b5bcd6a4c6042fd0fd84e196e7a58024734c3e9a484fd0d5d54a0c1d87db8a3c784eff55e43b6f021709dc685eb0efa18d2aec327e4f88a79f405705a linux-5.15.tar.xz
707daa3a56186daac44478e746a883f65d8b198ccedc2f32febaf9302482685270bde9695786a14914020925197f6d952530cd5753a709731f183ad32303b099 config-lts.x86_64
-a1dae2bcf296bf5b52f726595c0d19170f581a0be101eaef7238117a349873631c33bfc7595c58ddd0742b6b00d75e6800bec56857c339fa9457bd1adbfcd749 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608-0x0616.patch
-3da10b4e961bf40aa90c7e738f39efb12e04c9e87da08a90a5976c3fd9363bd58a75f972b8841d782adf54d950974951361d9c6353cc8f500754f68132fdf7b6 patch-5.15.46.xz
+65504e60731f7254079caa997cd44585f8b9608aa66e0879e677872f89b91aa77b67f28617eddef7fe9932a73a5942466c12c733432405ee7e42944daadef6d4 0001-mt76-mt7921-add-support-for-PCIe-ID-0x0608.patch
+08ede2bc8363a24a6f843021fee93ebe46d2bc01d2bf732fa140bbd5aa99130f00ea021b2b86a49a021a48368fe4d2e848604c7d86a801d268df83c02a183cab patch-5.15.49.xz
"
diff --git a/aports/openrc/0009-fix-bootmisc-mv-error.patch b/aports/openrc/0009-fix-bootmisc-mv-error.patch
new file mode 100644
index 0000000..e87f9bb
--- /dev/null
+++ b/aports/openrc/0009-fix-bootmisc-mv-error.patch
@@ -0,0 +1,27 @@
+From: Dermot Bradley <dermot_bradley@yahoo.com>
+Date: Sat, 29 Jan 2022 19:28 +0000
+Subject: prevent a bootmisc trying to move a nonexistant file
+
+During boot if the "previous_dmesg" setting is enabled in
+/etc/conf.d/bootmisc then during the 1st boot of a machine the
+bootmisc init.d script will attempt to move a nonexistant dmesg
+file, so generating an error on the console.
+
+Modify the script to only move an existing file.
+
+Upstream has merged this as PR 496 so it will be in the next release.
+
+---
+
+diff -aur a/init.d/bootmisc.in b/init.d/bootmisc.in
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -226,7 +226,7 @@
+ case "$RC_SYS" in
+ VSERVER|OPENVZ|LXC|SYSTEMD-NSPAWN) ;;
+ *)
+- if yesno ${previous_dmesg:-no}; then
++ if yesno ${previous_dmesg:-no} && [ -e /var/log/dmesg ]; then
+ mv /var/log/dmesg /var/log/dmesg.old
+ fi
+ dmesg > /var/log/dmesg
diff --git a/aports/openrc/0010-noexec-devfs.patch b/aports/openrc/0010-noexec-devfs.patch
new file mode 100644
index 0000000..9a8928c
--- /dev/null
+++ b/aports/openrc/0010-noexec-devfs.patch
@@ -0,0 +1,14 @@
+--- a/init.d/devfs.in
++++ b/init.d/devfs.in
+@@ -24,8 +24,9 @@ mount_dev()
+ action=--mount
+ conf_d_dir="${RC_SERVICE%/*/*}/conf.d"
+ msg=Mounting
+- # Some devices require exec, Bug #92921
+- mountopts="exec,nosuid,mode=0755"
++ # Some devices require exec, https://bugs.gentoo.org/92921
++ # Users with such requirements can use an fstab entry for /dev
++ mountopts="noexec,nosuid,mode=0755"
+ if yesno ${skip_mount_dev:-no} ; then
+ einfo "/dev will not be mounted due to user request"
+ return 0
diff --git a/aports/openrc/APKBUILD b/aports/openrc/APKBUILD
index fd2f6de..daff08b 100644
--- a/aports/openrc/APKBUILD
+++ b/aports/openrc/APKBUILD
@@ -1,13 +1,13 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=openrc
-pkgver=0.44.7
-pkgrel=5
+pkgver=0.44.10
+pkgrel=0 # base: 7
pkgdesc="OpenRC manages the services, startup and shutdown of a host"
url="https://github.com/OpenRC/openrc"
arch="all"
license="BSD-2-Clause"
depends="ifupdown-any"
-makedepends="bsd-compat-headers linux-headers"
+makedepends="bsd-compat-headers linux-headers meson"
checkdepends=
subpackages=
install=
@@ -21,8 +21,9 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve
0006-Add-support-for-starting-services-in-a-specified-VRF.patch
0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
+ 0009-fix-bootmisc-mv-error.patch
+ 0010-noexec-devfs.patch
seedrng.patch
-
openrc.logrotate
hostname.initd
hwdrivers.initd
@@ -34,6 +35,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve
sysctl.initd
machine-id.initd
"
+options="!check" # not updated to meson build system, require makefile build
# secfixes:
# 0.44.6-r1:
@@ -41,19 +43,39 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve
prepare() {
default_prepare
- sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile
+ # meson overrides this with the aports tag,
+ # we get there first :)
+ sed -i -e "s|@VCS_TAG@|$pkgver|" \
+ src/common/version.h.in \
+ src/common/version.in
}
+
build() {
- export MKZSHCOMP=no
- export MKBASHCOMP=no
- make LIBDIR=/lib LIBEXECDIR=/lib/rc
+ abuild-meson \
+ -Dzsh-completions=false \
+ -Dbash-completions=false \
+ -Dpam=false \
+ -Dsplit-usr=false \
+ -Dpkgconfig=false \
+ --default-library=both \
+ --prefix=/ \
+ --libdir=/usr/lib \
+ --libexecdir=/lib \
+ --bindir=/bin \
+ --sbindir=/sbin \
+ . output
+ meson compile -C output
}
package() {
local i j
- make LIBEXECDIR=/lib/rc DESTDIR="$pkgdir/" install
+ DESTDIR="$pkgdir" meson install --no-rebuild -C output
+
+ # Alpine does not use openrc as its init so delete
+ # openrc-init & openrc-shutdown to avoid confusion.
+ rm -f "$pkgdir"/sbin/openrc-init "$pkgdir"/sbin/openrc-shutdown
# we cannot have anything turned on by default
rm -f "$pkgdir"/etc/runlevels/*/*
@@ -101,7 +123,7 @@ package() {
}
sha512sums="
-c6b3e2e30615d97a5185320a140ced881bc59ba31ea8dff5d80440396166af237826de6ffc7836ec141e305c92176cd9cc3dabff7e42ac0d80e5238513fefdb7 openrc-0.44.7.tar.gz
+0e41f5268c6b8c325a6773511ca58c38ba52a1987aa47165794df8a99359bd1bfcb99d30e0d129b9242a2661663234f6f85c92c55c891dbb6c5b8a11d93edea4 openrc-0.44.10.tar.gz
6085d127f7385eb86a00676a263c8613748fb0cbbf064bc908d346a1b368e226d8a3014e871d281f57d334a70ec1301269fe431e085f0e907b4f6ef8a99bf07f 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
3f47b4f7e6c5b7fb53ff8a13470fbada67f7470e5eba71a683e6c022162c3905f560d561c3d61698e3fde367d6ae715edf76e99949f52a22a3bbf79debc33f64 0002-fsck-don-t-add-C0-to-busybox-fsck.patch
61c72be18283108163bde4349616e55adb535bd34312ee09f90fcd85277ffe17dcef792bbf465877c0d8b1fec87a3836f714d8d849a9cf322902a89bc1256e13 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
@@ -110,6 +132,8 @@ c6b3e2e30615d97a5185320a140ced881bc59ba31ea8dff5d80440396166af237826de6ffc7836ec
8bf00b82d7fc0eb1b529ec735009f91d277141ba7e5c04e23d10bbcf36eb453f0b31d48aec45e50b5be4c14f611acc4454933f3cefdf8beab07d851328223464 0006-Add-support-for-starting-services-in-a-specified-VRF.patch
431ac28808e684bea5511386bf5f06efe7f509f1dbe7e15ae6309563d813deae8f3edd872a0943ef8088e3cf778d7bc5ebd15a893dc4a08f4022b7a56bbafc63 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch
475f4ea63b9b5d7eb9c623e96b6cc3d3072abcb7194d0045b84e0688836c8514fccfc68b0eae0b4bee60878cdea8042c3ce7e48406ee7a2f0e4a3e128a153468 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch
+354b2df343ddf82aedba104039bbdb1dd5fdd9c4abac52f89e881341443b73fcf000ed9e8b88e9610f1c3218cb89722ff6a774e1ef2f7fe71fa6ff62b75f572b 0009-fix-bootmisc-mv-error.patch
+0535d7837ae0c695f25208199f4dec3a4031558366da346a8a1dd13c0fa2a044f14088b75eca37ce0f4a681e85c82b84aac3d65aac9176639e82b33a9355cb2a 0010-noexec-devfs.patch
715af2188cf4d1ed42f75b31ad718f5c533ea6f8cfc3c5df0fd7fc4240cd342dc637b7edf358c5da1e77d700618adaa7927ddaeae60698dd9f130dd64d83d8d5 seedrng.patch
12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate
493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd
diff --git a/aports/openrc/modloop.initd b/aports/openrc/modloop.initd
index fb7006c..fb7006c 100755..100644
--- a/aports/openrc/modloop.initd
+++ b/aports/openrc/modloop.initd
diff --git a/aports/openrc/networking.initd b/aports/openrc/networking.initd
deleted file mode 100644
index 417f4a3..0000000
--- a/aports/openrc/networking.initd
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/sbin/openrc-run
-
-# note that the spoofprotect, syncoockies and ip_forward options are set in
-# /etc/sysctl.conf
-
-: ${cfgfile:="/etc/network/interfaces"}
-: ${ifquery:="ifquery"}
-: ${ifstate:="/run/ifstate"}
-
-single_iface="${RC_SVCNAME#*.}"
-if [ "$single_iface" = "$RC_SVCNAME" ]; then
- single_iface=
-fi
-
-depend() {
- need localmount
- want dev-settle
- after bootmisc hwdrivers modules
- provide net
- keyword -jail -prefix -vserver -docker
-}
-
-# find interfaces we want to start
-find_ifaces() {
- if [ -n "$single_iface" ]; then
- echo $single_iface
- return 0
- fi
-
- if command -v "$ifquery" >/dev/null; then
- $ifquery -i "$cfgfile" --list --auto
- return
- fi
-
- # fallback in case ifquery does not exist
- awk '$1 == "auto" {for (i = 2; i <= NF; i = i + 1) printf("%s ", $i)}' "$cfgfile"
-}
-
-# return the list of interfaces we should try stop
-find_running_ifaces() {
- if [ -n "$single_iface" ]; then
- echo $single_iface
- return 0
- fi
-
- if command -v "$ifquery" >/dev/null; then
- $ifquery --state-file $ifstate -i "$cfgfile" --running
- return
- fi
-
- # fallback
- awk -F= '{print $2}' $ifstate
-}
-
-start() {
- local iface= ret=1
- ebegin "Starting networking"
- eindent
- for iface in $(find_ifaces); do
- local r=0
- ebegin "$iface"
- if ! ifup -i "$cfgfile" $iface >/dev/null; then
- ifdown -i "$cfgfile" $iface >/dev/null 2>&1
- r=1
- fi
- # atleast one interface needs to be started for action
- # to be success
- eend $r && ret=0
- done
- eoutdent
- return $ret
-}
-
-stop() {
- local iface=
- # Don't stop the network at shutdown.
- yesno ${keep_network:-YES} && yesno $RC_GOINGDOWN && return 0
-
- ebegin "Stopping networking"
- eindent
- for iface in $(find_running_ifaces); do
- ebegin "$iface"
- ifdown -i "$cfgfile" -f $iface >/dev/null
- eend $?
- done
- eoutdent
- return 0
-}
diff --git a/aports/rtw89/APKBUILD b/aports/rtw89/APKBUILD
index 887643e..91b0ef3 100644
--- a/aports/rtw89/APKBUILD
+++ b/aports/rtw89/APKBUILD
@@ -2,7 +2,7 @@
pkgname='rtw89'
pkgver=20220421
-pkgrel=2
+pkgrel=3
_gitrev='da9d01e4f08cdaa862bff0ec5dad73600016a4dc'
pkgdesc='Driver for Realtek 8852AE, an 802.11ax device'
arch="x86_64"
diff --git a/aports/socat/APKBUILD b/aports/socat/APKBUILD
index deb9d81..c3f567b 100644
--- a/aports/socat/APKBUILD
+++ b/aports/socat/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=socat
-pkgver=1.7.4.2
-pkgrel=0
+pkgver=1.7.4.3
+pkgrel=0 # base: 0
pkgdesc="Multipurpose relay for binary protocols"
options="!check"
url="http://www.dest-unreach.org/socat/"
@@ -17,6 +17,9 @@ source="http://www.dest-unreach.org/socat/download/socat-$pkgver.tar.gz
"
build() {
+ # Just like Solaris, musl doesn't have getprotobynumber_r.
+ # Setting the configure variable to 2 ensures it isn't used.
+ sc_cv_getprotobynumber_r=2 \
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -57,7 +60,7 @@ package() {
}
sha512sums="
-c331a6348e0febb35cd8adc2b116e3b8896cd7f64bcd93e507df4b8197ee1e6738ca256abf74c9b225e7a3769cf9643f0e237826125c6f390b5124ce0f10c972 socat-1.7.4.2.tar.gz
+81cb34c245052b6a0ae38a711591358460b6070957af4a9eeb11a3cadb4aff184eeaedabbc7ecdc7fdf21a6126c06f90f19b24a87ce74b30bfd60a3879181046 socat-1.7.4.3.tar.gz
2032b6528cb27b69d8fb6a6f64af32fcc1f6e4934bb0d7c8931b38ab7ad5e27f6f4344a6cf49751fa3178cd725f954e195373362f7d5929e587d7f0309346059 use-linux-headers.patch
22a6e0c2317a9317997c98114daac258ebbcc3d8e58e49a6ebf24781b98967afed47c63807282582fa0909076fe349281f05e4462faacb90e7aabc853903d6e6 netdb-internal.patch
de2ca2d318ada9ac7140ad6fbc42006ea0ef040d68cc579ed1452246fd16a7eceb4ce577336bc20e513cf6fe24da296447529ec36c22fa17a4c18be29e180b81 no-extras.patch
diff --git a/aports/wpa_supplicant/APKBUILD b/aports/wpa_supplicant/APKBUILD
index 0d9f843..5e7e18b 100644
--- a/aports/wpa_supplicant/APKBUILD
+++ b/aports/wpa_supplicant/APKBUILD
@@ -1,27 +1,20 @@
# Maintainer: Gabor Pali <pali.gabor@gmail.com>
pkgname=wpa_supplicant
-pkgver=2.9
-pkgrel=18
+pkgver=2.10
+pkgrel=0 # base: 1
pkgdesc="utility providing key negotiation for WPA wireless networks"
url="https://w1.fi/wpa_supplicant/"
-arch="x86_64"
+arch="all"
options="!check" # has no tests
license="BSD-3-Clause"
subpackages=
makedepends="linux-headers openssl1.1-compat-dev dbus-dev libnl3-dev pcsc-lite-dev"
source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz
-
wpa_supplicant.initd
wpa_supplicant.confd
-
eloop.patch
no-tools.patch
- CVE-2019-16275.patch
- CVE-2021-0326.patch
- CVE-2021-27803.patch
- CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15
-
config"
# secfixes:
@@ -78,14 +71,10 @@ package() {
}
sha512sums="
-37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8 wpa_supplicant-2.9.tar.gz
+021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 wpa_supplicant-2.10.tar.gz
92c4cbaa9776a354275640c9411d2f547f4c0e00415af4ab30039f1a0be6a11082d49e2514905010f0abcc4a9276353276da9864e3d5f7264a0f0767c8cc9d78 wpa_supplicant.initd
c7e4041fe41743c5e63a07edc9234d0c44c4c0f193a180b27342b43f3be45fb87b42ee0f9e4a20614cf6ad58cf64d25f74d1e75e2e1d521c2f6d45cdc5737eae wpa_supplicant.confd
2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch
-39cb1a0706bdaf1797dc88543a62c5b68497a2f733e8b42e8eb1e1bb39a6513fc10bfdde8f7fcb0ad8370aba6325c7613b2b9a390be4a07c4e556a2c6c618d86 no-tools.patch
-63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch
-e212dd6a2c56c086c14a2c96f479f7a8e6521b6a24c648eb03363db078398e64a38e343ff6faa327d5a0244a7969ecd34c5844d676c697eeb8eb842101fa9cf9 CVE-2021-0326.patch
-af8b4a526a6833de4921fcbbd1b03da7e027276c909d512bd59a95e9767ffe8580135f9aee8947c4317681c4fe130f7ec50cba947f8375313f832a66c66b2cd5 CVE-2021-27803.patch
-674328dc44246ce10939a769ed70c71e94e61600592d54ed9088dacbed1fd3dd3d0a834c75825d1448380ec8c076eb30e0d72e601794f507c12db3b6e724af5e CVE-2021-30004.patch
-5aeebaad14f9d43bac8d7322a5a001a54d2cbc83376528f08eaff60217b170c67a44b5a634c3c14c90eec134aee844d9b79c471c45cd601948f492d645ec9678 config
+3278eff7118f9dc9e177adc3ed91cad562a8edde396af8619321ac8552a86e9c7de25212d5578ea17cbe4b6dc928d83cd6e9a7f0d41e07576656e6e9274107d6 no-tools.patch
+0e1af7084026c3b50b3a77636758f1ce3c1004e1e6d7eb71038e42c5c63866e2bbee3b0933b1131b80a6f2f6848983847a017ba2555a3162f0ccd3aa57fcf257 config
"
diff --git a/aports/wpa_supplicant/config b/aports/wpa_supplicant/config
index 9b940cb..ab425d0 100644
--- a/aports/wpa_supplicant/config
+++ b/aports/wpa_supplicant/config
@@ -201,10 +201,10 @@ CONFIG_SMARTCARD=y
CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-#CONFIG_HT_OVERRIDES=y
+CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-#CONFIG_VHT_OVERRIDES=y
+CONFIG_VHT_OVERRIDES=y
# Development testing
CONFIG_EAPOL_TEST=n
@@ -542,7 +542,7 @@ CONFIG_P2P=y
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
+CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
diff --git a/aports/wpa_supplicant/no-tools.patch b/aports/wpa_supplicant/no-tools.patch
index 3282352..f3bf3cd 100644
--- a/aports/wpa_supplicant/no-tools.patch
+++ b/aports/wpa_supplicant/no-tools.patch
@@ -1,9 +1,6 @@
---- wpa_supplicant-2.9/wpa_supplicant/Makefile.orig
-+++ wpa_supplicant-2.9/wpa_supplicant/Makefile
-@@ -44,12 +44,8 @@
- CONFIG_TDLS_TESTING=y
- endif
-
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -1,9 +1,5 @@
-BINALL=wpa_supplicant wpa_cli
+BINALL=wpa_supplicant
@@ -14,27 +11,29 @@
ALL = $(BINALL)
ALL += systemd/wpa_supplicant.service
ALL += systemd/wpa_supplicant@.service
-@@ -1805,7 +1801,7 @@
+@@ -1812,7 +1808,7 @@
OBJS_priv += ../src/drivers/driver_common.o
- OBJS += wpa_supplicant.o events.o blacklist.o wpas_glue.o scan.o
+ OBJS += wpa_supplicant.o events.o bssid_ignore.o wpas_glue.o scan.o
-OBJS_t := $(OBJS) $(OBJS_l2) eapol_test.o
+OBJS_t := $(OBJS) $(OBJS_l2)
OBJS_t += ../src/radius/radius_client.o
OBJS_t += ../src/radius/radius.o
- ifndef CONFIG_AP
-@@ -1903,10 +1899,6 @@
+ OBJS_t2 := $(OBJS) $(OBJS_l2) preauth_test.o
+@@ -1894,12 +1890,6 @@
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
+-_OBJS_VAR := OBJS_t
+-include ../src/objs.mk
-eapol_test: $(OBJS_t)
- $(Q)$(LDO) $(LDFLAGS) -o eapol_test $(OBJS_t) $(LIBS)
- @$(E) " LD " $@
-
+ _OBJS_VAR := OBJS_t2
+ include ../src/objs.mk
preauth_test: $(OBJS_t2)
- $(Q)$(LDO) $(LDFLAGS) -o preauth_test $(OBJS_t2) $(LIBS)
- @$(E) " LD " $@
-@@ -2007,8 +1999,6 @@
+@@ -2030,8 +2020,6 @@
mv -f $< $@
win_if_list.exe: win_if_list
mv -f $< $@
@@ -43,12 +42,12 @@
WINALL=wpa_supplicant.exe wpa_cli.exe wpa_passphrase.exe win_if_list.exe
-@@ -2040,7 +2030,7 @@
+@@ -2064,7 +2052,7 @@
$(MAKE) -C ../src clean
$(MAKE) -C dbus clean
rm -f core *~ *.o *.d *.gcno *.gcda *.gcov
-- rm -f eap_*.so $(ALL) $(WINALL) eapol_test preauth_test
-+ rm -f eap_*.so $(ALL) $(WINALL) preauth_test
+- rm -f eap_*.so $(WINALL) eapol_test preauth_test
++ rm -f eap_*.so $(WINALL) preauth_test
rm -f wpa_priv
rm -f nfc_pw_token
rm -f lcov.info