upg nettle sqlite python gnutls

2022-08-02 00:55:14 +03:00 · 2022-08-02 00:55:14 +03:00 · 37e661f7c1
commit 37e661f7c1
parent 911f0591bd
14 changed files with 122 additions and 35 deletions
--- a/gnutls/0001_Fix_out-of-bounds_memcpy_in_gnutls_realloc_zero.diff
+++ b/gnutls/0001_Fix_out-of-bounds_memcpy_in_gnutls_realloc_zero.diff
@ -0,0 +1,80 @@
+From c061da4fd42eb98ec3ac4e80a75e63924e21b437 Mon Sep 17 00:00:00 2001
+From: Zoltan Fridrich <zfridric@redhat.com>
+Date: Wed, 18 May 2022 11:43:26 +0200
+Subject: [PATCH] Fix out-of-bounds memcpy in gnutls_realloc_zero()
+
+Co-authored-by: Tobias Heider <tobias.heider@canonical.com>
+Co-authored-by: Daiki Ueno <ueno@gnu.org>
+Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
+---
+ lib/nettle/init.c | 46 ++++++++++++++++++----------------------------
+ 1 file changed, 18 insertions(+), 28 deletions(-)
+
+diff --git a/lib/nettle/init.c b/lib/nettle/init.c
+index ddbc3ab624..d06faf941e 100644
+--- a/lib/nettle/init.c
+++ b/lib/nettle/init.c
+@@ -94,42 +94,32 @@ static void gnutls_free_zero(void *data, size_t size)
+  -*/
+ static void *gnutls_realloc_zero(void *data, size_t old_size, size_t new_size)
+ {
+-	void *newptr = NULL;
+	void *p;
+ 
+-	/* mini-gmp always passes old_size of 0 */
+-	if (old_size == 0) {
+-		newptr = realloc(data, new_size);
+-		if (newptr == NULL)
+	if (data == NULL || old_size == 0) {
+		p = realloc(data, new_size);
+		if (p == NULL)
+ 			abort();
+-		return newptr;
+		return p;
+ 	}
+ 
+-	if (data == NULL) {
+-		newptr = malloc(new_size);
+-		if (newptr == NULL)
+-			abort();
+-		return newptr;
+	if (new_size == 0) {
+		explicit_bzero(data, old_size);
+		free(data);
+		return NULL;
+ 	}
+ 
+-	if (new_size == 0)
+-		goto done;
+-
+-	if (new_size <= old_size) {
+-		size_t d = old_size - new_size;
+-		/* Don't bother reallocating */
+-		if (d < old_size / 2) {
+-			explicit_bzero((char *)data + new_size, d);
+-			return data;
+-		}
+-	}
+	if (old_size == new_size)
+		return data;
+ 
+-	newptr = malloc(new_size);
+-	if (newptr == NULL)
+	p = malloc(new_size);
+	if (p == NULL) {
+		explicit_bzero(data, old_size);
+ 		abort();
+-
+-	memcpy(newptr, data, old_size);
+- done:
+	}
+	memcpy(p, data, MIN(old_size, new_size));
+ 	explicit_bzero(data, old_size);
+ 	free(data);
+-	return newptr;
+
+	return p;
+ }
+-- 
+GitLab
+
--- a/gnutls/PKGBUILD
+++ b/gnutls/PKGBUILD
@ -6,9 +6,9 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=gnutls
-pkgver=3.7.6
+pkgver=3.7.7
 pkgrel=01
-pkgdesc="A library which provides a secure layer over a reliable transport layer"
+pkgdesc="A library which provides a secure layer over a reliable transport layer w/o zstd"
 arch=('x86_64')
 url="https://www.gnutls.org/"
 options=('!zipman')
@ -71,7 +71,6 @@ license=('GPL3' 'LGPL2.1')
 #validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
 validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>"

-sha256sums=(77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff # gnutls-3.7.6.tar.xz
-	3f2c68c7ccfb550fe96c49a071a62bab06c12aaaf77c1b3c82321e3a852ccf2e) # gnutls-3.7.6.tar.xz.sig
-#	0bdd0c3de8de9d77183b2ad4eb021ddcaf43450f07d9db4b93c7d6d1528051db) # 0001_Fix_out-of-bounds_memcpy_in_gnutls_realloc_zero.diff
+sha256sums=(be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106 # gnutls-3.7.7.tar.xz
+	dd7d0e7ba0b82fbe07088eed3c1e3970ceceb1add01dea8fef93db0710aa5e97) # gnutls-3.7.7.tar.xz.sig

--- a/gnutls/PKGBUILD-arch
+++ b/gnutls/PKGBUILD-arch
@ -1,8 +1,8 @@
-# Maintainer: Jan de Groot <jgc@archlinux.org>
 # Maintainer: Andreas Radke <andyrtr@archlinux.org>
+# Contributor: Jan de Groot <jgc@archlinux.org>

 pkgname=gnutls
-pkgver=3.7.6
+pkgver=3.7.7
 pkgrel=1
 pkgdesc="A library which provides a secure layer over a reliable transport layer"
 arch=('x86_64')
@ -17,7 +17,7 @@ optdepends=('guile: for use with Guile bindings'
            'tpm2-tss: support for TPM2 wrapped keys'
            'zstd: for compression support')
 source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/${pkgname}-${pkgver}.tar.xz{,.sig})
-sha256sums=('77065719a345bfb18faa250134be4c53bef70c1bd61f6c0c23ceb8b44f0262ff'
+sha256sums=('be9143d0d58eab64dba9b77114aaafac529b6c0d7e81de6bdf1c9b59027d2106'
            'SKIP')
 #validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno <ueno@unixuser.org>"
 validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich <zfridric@redhat.com>"
--- a/gnutls/deps
+++ b/gnutls/deps
@ -2,5 +2,3 @@ net-tools
 tpm2-tss
 tpm2-tools

-
-
--- a/nettle/PKGBUILD
+++ b/nettle/PKGBUILD
@ -6,7 +6,7 @@
 #-----------------------------------------| DESCRIPTION |---------------------------------------

 pkgname=nettle
-pkgver=3.8
+pkgver=3.8.1
 pkgrel=01
 pkgdesc="A low-level cryptographic library"
 arch=('x86_64')
@ -40,6 +40,5 @@ license=('GPL2')

 validpgpkeys=('343C2FF0FBEE5EC2EDBEF399F3599FF828C67298') # Niels Möller <nisse@lysator.liu.se>

-sha256sums=(7576c68481c198f644b08c160d1a4850ba9449e308069455b5213319f234e8e6 # nettle-3.8.tar.gz
-	f3048e60e33ebaa533c1818f4bd381e87f4fd095d9ba9440d645a86321fe17bf) # nettle-3.8.tar.gz.sig
-
+sha256sums=(364f3e2b77cd7dcde83fd7c45219c834e54b0c75e428b6f894a23d12dd41cbfe # nettle-3.8.1.tar.gz
+	4a1d58eb45945ef1df9e4d63e438144fe064cd59eb8d91df17947855c36a7442) #  nettle-3.8.1.tar.gz.sig
--- a/nettle/PKGBUILD-arch
+++ b/nettle/PKGBUILD-arch
@ -2,7 +2,7 @@
 # Contributor: bender02 at gmx dot com

 pkgname=nettle
-pkgver=3.8
+pkgver=3.8.1
 pkgrel=1
 pkgdesc="A low-level cryptographic library"
 arch=('x86_64')
@ -13,7 +13,7 @@ provides=('libnettle.so' 'libhogweed.so')
 checkdepends=('valgrind')
 options=('debug')
 source=(https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz{,.sig})
-sha256sums=('7576c68481c198f644b08c160d1a4850ba9449e308069455b5213319f234e8e6'
+sha256sums=('364f3e2b77cd7dcde83fd7c45219c834e54b0c75e428b6f894a23d12dd41cbfe'
            'SKIP')
 validpgpkeys=('343C2FF0FBEE5EC2EDBEF399F3599FF828C67298') # Niels Möller <nisse@lysator.liu.se>

--- a/nettle/deps
+++ b/nettle/deps
@ -1,4 +1,3 @@
 valgrind
-
-
 libmicrohttpd
+
--- a/nettle/time
+++ b/nettle/time
@ -1,3 +1,5 @@
-real	0m34.187s
-user	1m16.695s
-sys	0m6.373s
+
+real	0m40.257s
+user	1m29.759s
+sys	0m8.724s
+
--- a/python/PKGBUILD
+++ b/python/PKGBUILD
@ -9,13 +9,14 @@ shopt -s extglob
 pkgbase=python
 pkgname=(python python-tests)
 pkgver=3.10.5
-pkgrel=01
+pkgrel=02
 _pybasever=${pkgver%.*}
 pkgdesc="Next generation of the python high-level scripting language - no ipv6 "
 arch=('x86_64')
 url="https://www.python.org/"
 depends=('bzip2' 'expat' 'gdbm' 'libffi' 'libnsl' 'libxcrypt' 'openssl' 'zlib')
 makedepends=('tk' 'sqlite' 'bluez-libs' 'mpdecimal' 'llvm' 'gdb' 'xorg-server-xvfb' 'ttf-font')
+#options=('debug')  ##  uncomment this to have the debug pkg produced
 source=("https://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz"{,.asc})
 #        https://github.com/python/cpython/commit/178a238f25ab8aff7689d7a09d66dc1583ecd6cb.patch)

@ -69,6 +70,9 @@ build() {
 #check() {
 #  # test_socket: test.test_socket.RDSTest.testPeek hangs https://bugs.python.org/issue35247
 #  # test_tk: tkinter.test.test_tkinter.test_colorchooser.DefaultRootTest hangs
+#  # test_pyexpat: our `debug` implementation rewrites source location, which breaks the build-time
+#  #               only test test.test_pyexpat.HandlerExceptionTest as it cannot find source file in
+#  #               the to-be-installed debug package
 #
 #  cd Python-${pkgver}
 #
@ -78,7 +82,7 @@ build() {
 #
 #  LD_LIBRARY_PATH="${srcdir}/Python-${pkgver}":${LD_LIBRARY_PATH} \
 #  LC_CTYPE=en_US.UTF-8 xvfb-run -s "-screen 0 1920x1080x16 -ac +extension GLX" -a -n "$servernum" \
-#    "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_socket -x test_tk
+#    "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_socket -x test_tk -x test_pyexpat
 #}

 package_python() {
@ -155,3 +159,5 @@ validpgpkeys=('0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D'  # Ned Deily (Python re

 sha256sums=(8437efd5b106ef0a75aabfbf23d880625120a73a86a22ade4d2e2e68d7b74486 # Python-3.10.5.tar.xz
 	80fad2180a1154abcea496ea994bc2504b54ccf6f464b4d82660767d2d4abfe6) #  Python-3.10.5.tar.xz.asc
+
+
--- a/python/PKGBUILD-arch
+++ b/python/PKGBUILD-arch
@ -9,12 +9,13 @@ shopt -s extglob
 pkgbase=python
 pkgname=(python python-tests)
 pkgver=3.10.5
-pkgrel=1
+pkgrel=2
 _pybasever=${pkgver%.*}
 pkgdesc="Next generation of the python high-level scripting language"
 arch=('x86_64')
 license=('custom')
 url="https://www.python.org/"
+options=('debug')
 depends=('bzip2' 'expat' 'gdbm' 'libffi' 'libnsl' 'libxcrypt' 'openssl' 'zlib')
 makedepends=('tk' 'sqlite' 'bluez-libs' 'mpdecimal' 'llvm' 'gdb' 'xorg-server-xvfb' 'ttf-font')
 source=("https://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz"{,.asc})
@ -68,6 +69,9 @@ build() {
 check() {
  # test_socket: test.test_socket.RDSTest.testPeek hangs https://bugs.python.org/issue35247
  # test_tk: tkinter.test.test_tkinter.test_colorchooser.DefaultRootTest hangs
+  # test_pyexpat: our `debug` implementation rewrites source location, which breaks the build-time
+  #               only test test.test_pyexpat.HandlerExceptionTest as it cannot find source file in
+  #               the to-be-installed debug package

  cd Python-${pkgver}

@ -77,7 +81,7 @@ check() {

  LD_LIBRARY_PATH="${srcdir}/Python-${pkgver}":${LD_LIBRARY_PATH} \
  LC_CTYPE=en_US.UTF-8 xvfb-run -s "-screen 0 1920x1080x16 -ac +extension GLX" -a -n "$servernum" \
-    "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_socket -x test_tk
+    "${srcdir}/Python-${pkgver}/python" -m test.regrtest -v -uall -x test_socket -x test_tk -x test_pyexpat
 }

 package_python() {
--- a/python/deps
+++ b/python/deps
@ -7,3 +7,4 @@ gdb
 xorg-server-xvfb
 ttf-liberation

+
--- a/sqlite/PKGBUILD
+++ b/sqlite/PKGBUILD
@ -7,10 +7,10 @@

 pkgbase="sqlite"
 pkgname=('sqlite' 'sqlite-tcl' 'sqlite-analyzer' 'lemon' 'sqlite-doc')
-_srcver=3390100
+_srcver=3390200
 _docver=${_srcver}
 #_docver=3330000
-pkgver=3.39.1
+pkgver=3.39.2
 pkgrel=01
 pkgdesc="A C library that implements an SQL database engine"
 arch=('x86_64')
@ -150,7 +150,8 @@ package_sqlite-doc() {

 license=('custom:Public Domain')

-sha256sums=(366c7abbee5dbe8882cd7578a61a6ed3f5d08c5f6de3535a0003125b4646cc57 # sqlite-src-3390100.zip
-	ab062e44c83276d4672379f428d049df373cef184c09ba19521925d32d5c86a7 # sqlite-doc-3390100.zip
+sha256sums=(e933d77000f45f3fbc8605f0050586a3013505a8de9b44032bd00ed72f1586f0 # sqlite-src-3390200.zip
+	50f08a09e8858b023f24b59963e0559e1cf2e24a0c4d9ca61f35414a900d409e # sqlite-doc-3390200.zip
 	55746d93b0df4b349c4aa4f09535746dac3530f9fd6de241c9f38e2c92e8ee97 # sqlite-lemon-system-template.patch
 	4e57d9ac979f1c9872e69799c2597eeef4c6ce7224f3ede0bf9dc8d217b1e65d) # license.txt
+
--- a/sqlite/PKGBUILD-arch
+++ b/sqlite/PKGBUILD-arch
@ -3,10 +3,10 @@

 pkgbase="sqlite"
 pkgname=('sqlite' 'sqlite-tcl' 'sqlite-analyzer' 'lemon' 'sqlite-doc')
-_srcver=3390100
+_srcver=3390200
 _docver=${_srcver}
 #_docver=3330000
-pkgver=3.39.1
+pkgver=3.39.2
 pkgrel=1
 pkgdesc="A C library that implements an SQL database engine"
 arch=('x86_64')
@ -19,8 +19,8 @@ source=(https://www.sqlite.org/2022/sqlite-src-${_srcver}.zip
        license.txt)
 options=('!emptydirs')
 # upstream now switched to sha3sums - currently not suppoerted by makepkg
-sha256sums=('366c7abbee5dbe8882cd7578a61a6ed3f5d08c5f6de3535a0003125b4646cc57'
-            'ab062e44c83276d4672379f428d049df373cef184c09ba19521925d32d5c86a7'
+sha256sums=('e933d77000f45f3fbc8605f0050586a3013505a8de9b44032bd00ed72f1586f0'
+            '50f08a09e8858b023f24b59963e0559e1cf2e24a0c4d9ca61f35414a900d409e'
            '55746d93b0df4b349c4aa4f09535746dac3530f9fd6de241c9f38e2c92e8ee97'
            '4e57d9ac979f1c9872e69799c2597eeef4c6ce7224f3ede0bf9dc8d217b1e65d')

--- a/sqlite/deps
+++ b/sqlite/deps
@ -1,5 +1,3 @@
 tcl
 sha3sum

-
-