diff --git a/.forgejo/bin/check_ver.sh b/.forgejo/bin/check_ver.sh index 05c2b54..66c7fd0 100755 --- a/.forgejo/bin/check_ver.sh +++ b/.forgejo/bin/check_ver.sh @@ -18,30 +18,8 @@ for pkg in $owned_by_you; do downstream_version=$(sed -n "/^P:$pkg$/,/^$/p" APKINDEX | awk -F ':' '{if($1=="V"){print $2}}' | sort -V | tail -n 1) downstream_version=${downstream_version/-*} - # special cases - case $pkg in - forgejo-aneksajo)upstream_version=${upstream_version/-git-annex/_git};; - authentik) - upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1) - latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' ) - # append version number to signal that this is not latest major version - if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then - echo "$pkg${latest_version%.*} major version available" - echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date - pkg=$pkg${upstream_version%.*} - fi - ;; - mastodon) - upstream_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/projects/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_versions' | jq -r ".[] | match(\"${downstream_version%.*}.*\").string" | head -n 1) - latest_version=$(curl --fail -X GET -sS -H 'Content-Type: application/json' "https://release-monitoring.org/api/v2/packages/?name=$pkg&distribution=Alpine" | jq -r '.items.[].stable_version' ) - # append version number to signal that this is not latest major version - if [ "${upstream_version%.*}" != "${latest_version%.*}" ]; then - echo "$pkg${latest_version%.*} major version available" - echo "$pkg${latest_version%.*} $downstream_version $latest_version $repo" >> out_of_date - pkg=$pkg${upstream_version%.*} - fi - ;; - esac + # special case for forgejo-aneksajo: + upstream_version=${upstream_version/-git-annex/_git} if [ -z "$upstream_version" ]; then echo "$pkg not in anitya" diff --git a/.forgejo/bin/create_issue.sh b/.forgejo/bin/create_issue.sh index 995e519..6369371 100755 --- a/.forgejo/bin/create_issue.sh +++ b/.forgejo/bin/create_issue.sh @@ -15,10 +15,10 @@ does_it_exist() { repo=$4 query="$repo/$name: upgrade to $upstream_version" - query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "Authorization: token $ISSUE_TOKEN" )" @@ -35,10 +35,10 @@ is_it_old() { repo=$4 query="$repo/$name: upgrade to" - query="%22$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )%22" + query="$(echo $query | sed 's| |%20|g' | sed 's|:|%3A|g' | sed 's|/|%2F|g' )" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" @@ -126,10 +126,10 @@ fi if [ -f not_in_anitya ]; then query="Add missing $repo packages to anitya" - query="%22$(echo $query | sed 's| |%20|g')%22" + query="$(echo $query | sed 's| |%20|g')" result="$(curl --silent -X 'GET' \ - "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues&sort=latest" \ + "$GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/issues?state=open&q=$query&type=issues" \ -H 'accept: application/json' \ -H "authorization: token $ISSUE_TOKEN" )" diff --git a/.forgejo/workflows/build-aarch64.yaml b/.forgejo/workflows/build-aarch64.yaml index 2a4dfc0..0364014 100644 --- a/.forgejo/workflows/build-aarch64.yaml +++ b/.forgejo/workflows/build-aarch64.yaml @@ -19,7 +19,6 @@ jobs: steps: - name: Environment setup run: | - doas apk upgrade -a doas apk add nodejs git patch curl net-tools doas hostname host.docker.internal cd /etc/apk/keys @@ -48,7 +47,7 @@ jobs: GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs-current curl findutils git gawk jq + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/.forgejo/workflows/build-x86_64.yaml b/.forgejo/workflows/build-x86_64.yaml index aaffb72..c805199 100644 --- a/.forgejo/workflows/build-x86_64.yaml +++ b/.forgejo/workflows/build-x86_64.yaml @@ -19,7 +19,6 @@ jobs: steps: - name: Environment setup run: | - doas apk upgrade -a doas apk add nodejs git patch curl net-tools doas hostname host.docker.internal cd /etc/apk/keys @@ -48,7 +47,7 @@ jobs: GITHUB_EVENT_NUMBER: ${{ github.event.number }} steps: - name: Setting up environment - run: apk add nodejs-current curl findutils git gawk jq + run: apk add nodejs curl findutils git gawk jq - name: Repo pull uses: actions/checkout@v4 - name: Package download diff --git a/.forgejo/workflows/check-ilot.yml b/.forgejo/workflows/check-ilot.yml index b57e80d..4361dba 100644 --- a/.forgejo/workflows/check-ilot.yml +++ b/.forgejo/workflows/check-ilot.yml @@ -16,7 +16,7 @@ jobs: LABEL_NUMBER: 8 steps: - name: Environment setup - run: apk add grep coreutils gawk curl wget bash nodejs-current git jq sed + run: apk add grep coreutils gawk curl wget bash nodejs git jq sed - name: Get scripts uses: actions/checkout@v4 with: diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml index 743cefc..3614deb 100644 --- a/.forgejo/workflows/lint.yaml +++ b/.forgejo/workflows/lint.yaml @@ -14,9 +14,7 @@ jobs: CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }} CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }} steps: - - run: | - doas apk upgrade -a - doas apk add nodejs git + - run: doas apk add nodejs git - uses: actions/checkout@v4 with: fetch-depth: 500 diff --git a/ilot/authentik/APKBUILD b/ilot/authentik/APKBUILD index 79b5870..b1e2694 100644 --- a/ilot/authentik/APKBUILD +++ b/ilot/authentik/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=authentik -pkgver=2025.2.4 -pkgrel=0 +pkgver=2025.2.3 +pkgrel=1 pkgdesc="An open-source Identity Provider focused on flexibility and versatility" url="https://github.com/goauthentik/authentik" # s390x: missing py3-celery py3-flower and py3-kombu @@ -41,7 +41,7 @@ depends=" py3-django-prometheus py3-django-pglock py3-django-redis - py3-django-rest-framework~3.14.0 + py3-django-rest-framework py3-django-rest-framework-guardian py3-django-storages py3-django-tenants @@ -284,7 +284,7 @@ pyc() { } sha512sums=" -75928b3ab9ae126f3cbe88ff1256de8adba7add099b0d93615abb8c91a2b7f275e83664a232e8c5393c5031bd9757af2f20fdb9d0153dacdf9a482b6b4bb8b00 authentik-2025.2.4.tar.gz +20dc45060ebccab996c19cef96291baefdf0f9af609e7e3e58fbda55b3dfb75c46bcb25b51a1e3c48d768fcf5dd9a05612e7cdb06fdf5d904d90d546ef4607d6 authentik-2025.2.3.tar.gz 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1 authentik.openrc 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89 authentik-worker.openrc 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17 authentik-ldap.openrc diff --git a/ilot/forgejo-aneksajo/APKBUILD b/ilot/forgejo-aneksajo/APKBUILD index d3a4462..d9e09b9 100644 --- a/ilot/forgejo-aneksajo/APKBUILD +++ b/ilot/forgejo-aneksajo/APKBUILD @@ -4,7 +4,7 @@ # Contributor: Patrycja Rosa # Maintainer: Antoine Martin (ayakael) pkgname=forgejo-aneksajo -pkgver=11.0.0_git0 +pkgver=10.0.3_git0 _gittag=v${pkgver/_git/-git-annex} pkgrel=0 pkgdesc="Self-hosted Git service written in Go with git-annex support" @@ -60,7 +60,7 @@ build() { export CGO_LDFLAGS="$LDFLAGS" unset LDFLAGS ## make FHS compliant - local setting="forgejo.org/modules/setting" + local setting="code.gitea.io/gitea/modules/setting" export LDFLAGS="$LDFLAGS -X $setting.CustomConf=/etc/forgejo/app.ini" export LDFLAGS="$LDFLAGS -X $setting.AppWorkPath=/var/lib/forgejo/" @@ -106,7 +106,7 @@ package() { } sha512sums=" -07f72fcd3bb02a6bbfbcf73f8526c51f1f3fe39d2a504395dfb0997743a190bd210389d58114aaf546fb6d0fabaa80a54240632e11eeba35250b9e6b9b63f438 forgejo-aneksajo-v11.0.0-git-annex0.tar.gz +e32c919228df167374e8f3099e2e59bfab610aac6c87465318efe1cac446d014535e270f57b0bf8b2a7eb3843c5dcb189eac4dad2e230b57acd9096ead647eca forgejo-aneksajo-v10.0.3-git-annex0.tar.gz 497d8575f2eb5ac43baf82452e76007ef85e22cca2cc769f1cf55ffd03d7ce4d50ac4dc2b013e23086b7a5577fc6de5a4c7e5ec7c287f0e3528e908aaa2982aa forgejo-aneksajo.initd b537b41b6b3a945274a6028800f39787b48c318425a37cf5d40ace0d1b305444fd07f17b4acafcd31a629bedd7d008b0bb3e30f82ffeb3d7e7e947bdbe0ff4f3 forgejo-aneksajo.ini " diff --git a/ilot/freescout/APKBUILD b/ilot/freescout/APKBUILD index 5f4eb2d..addb28b 100644 --- a/ilot/freescout/APKBUILD +++ b/ilot/freescout/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Antoine Martin (ayakael) # Contributor: Antoine Martin (ayakael) pkgname=freescout -pkgver=1.8.175 +pkgver=1.8.173 pkgrel=0 pkgdesc="Free self-hosted help desk & shared mailbox" arch="noarch" @@ -76,7 +76,7 @@ package() { install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage } sha512sums=" -aa5f762eddaac34977a42bb59a0c2ec2113b0ad4f04b767465e9c23c4bb5d0dd722432735fb10975c23b0a5ca4a11abcfc52d893a3c6678d4908ceb29cefa736 freescout-1.8.175.tar.gz +1d349d2a84985e2ce9e767cdbf40943ffd1926db5e8b56cb9c3c4436f5a3c56f3c63265c4382acaadccf32965c0896e84eed3e2ef970ba2398a57440bf8dbeea freescout-1.8.173.tar.gz e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f freescout.nginx 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba freescout-manage.sh 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366 rename-client-to-membre-fr-en.patch diff --git a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch b/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch deleted file mode 100644 index 2cbbcd9..0000000 --- a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch +++ /dev/null @@ -1,45 +0,0 @@ -From fa8e52baedd21265f69b5f425157e11c8c4ec24a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= -Date: Sat, 25 Mar 2023 09:08:04 +0100 -Subject: [PATCH] cmd/link: prefer musl's over glibc's ld.so during dynamic - linking - -Without this commit glibc's is preferred over musl by default. This -causes issues on Alpine when a dynamically linked Go binary is created -while gcompat is installed, causing the binary to be linked against -the ld.so provided by the gcompat package. - -This commit changes the logic to check for musl's ld.so first, if it -does not exist we fallback to glibc. This default can be overwritten -using the `-I` option of cmd/link. - -See https://gitlab.alpinelinux.org/alpine/aports/-/issues/14737 ---- - src/cmd/link/internal/ld/elf.go | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/cmd/link/internal/ld/elf.go b/src/cmd/link/internal/ld/elf.go -index 713f7739a5..8cf9377858 100644 ---- a/src/cmd/link/internal/ld/elf.go -+++ b/src/cmd/link/internal/ld/elf.go -@@ -1886,14 +1886,14 @@ func asmbElf(ctxt *Link) { - Exitf("ELF interpreter not set") - } - } else { -- interpreter = thearch.ELF.Linuxdynld -- // If interpreter does not exist, try musl instead. -+ interpreter = thearch.ELF.LinuxdynldMusl -+ // If interpreter does not exist, try glibc instead. - // This lets the same cmd/link binary work on -- // both glibc-based and musl-based systems. -+ // both musl-based and glibc-based systems. - if _, err := os.Stat(interpreter); err != nil { -- if musl := thearch.ELF.LinuxdynldMusl; musl != "" { -- if _, err := os.Stat(musl); err == nil { -- interpreter = musl -+ if glibc := thearch.ELF.Linuxdynld; glibc != "" { -+ if _, err := os.Stat(glibc); err == nil { -+ interpreter = glibc - } - } - } diff --git a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch b/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch deleted file mode 100644 index db82330..0000000 --- a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 82ac7268f746c31d771e584c1c83f93890b33404 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= -Date: Tue, 11 Jul 2023 05:18:00 +0200 -Subject: [PATCH] go.env: Don't switch Go toolchain version as directed in - go.mod - -We want users and packages to use the version of Go that is provided -in our package repository. We don't want to download pre-built -toolchains from golang.org. - -Also note that prior to Go 1.21, pre-built Go binaries are linked -against glibc and hence do not work on Alpine. ---- - go.env | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/go.env b/go.env -index 6ff2b921d4..a106fb4638 100644 ---- a/go.env -+++ b/go.env -@@ -7,6 +7,5 @@ - GOPROXY=https://proxy.golang.org,direct - GOSUMDB=sum.golang.org - --# Automatically download newer toolchains as directed by go.mod files. --# See https://go.dev/doc/toolchain for details. --GOTOOLCHAIN=auto -+# Don't attempt to switch to a newer toolchains by default. -+GOTOOLCHAIN=local diff --git a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch b/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch deleted file mode 100644 index 2e02033..0000000 --- a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 5c5b24702f5542fba019d6b98eec6121bc21df31 Mon Sep 17 00:00:00 2001 -From: Michael Pratt -Date: Thu, 3 Apr 2025 11:15:13 +0000 -Subject: [PATCH] runtime: cleanup M vgetrandom state before dropping P - -When an M is destroyed, we put its vgetrandom state back on the shared -list for another M to reuse. This list is simply a slice, so appending -to the slice may allocate. Currently this operation is performed in -mdestroy, after the P is released, meaning allocation is not allowed. - -More the cleanup earlier in mdestroy when allocation is still OK. - -Also add //go:nowritebarrierrec to mdestroy since it runs without a P, -which would have caught this bug. - -Fixes #73141. - -Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12 -Reviewed-on: https://go-review.googlesource.com/c/go/+/662455 -Reviewed-by: Jason Donenfeld -LUCI-TryBot-Result: Go LUCI -Reviewed-by: Keith Randall -Reviewed-by: Keith Randall ---- - src/runtime/os3_solaris.go | 5 ++++- - src/runtime/os_aix.go | 5 ++++- - src/runtime/os_darwin.go | 5 ++++- - src/runtime/os_dragonfly.go | 5 ++++- - src/runtime/os_linux.go | 9 ++++----- - src/runtime/os_netbsd.go | 5 ++++- - src/runtime/os_openbsd.go | 5 ++++- - src/runtime/os_plan9.go | 5 ++++- - src/runtime/os_windows.go | 4 +++- - src/runtime/proc.go | 3 +++ - src/runtime/vgetrandom_linux.go | 11 +++++++++-- - src/runtime/vgetrandom_unsupported.go | 2 +- - 12 files changed, 48 insertions(+), 16 deletions(-) - -diff --git a/src/runtime/os3_solaris.go b/src/runtime/os3_solaris.go -index cf163a6bf4..ded821b2e6 100644 ---- a/src/runtime/os3_solaris.go -+++ b/src/runtime/os3_solaris.go -@@ -234,8 +234,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_aix.go b/src/runtime/os_aix.go -index 93464cb997..1b483c2a7e 100644 ---- a/src/runtime/os_aix.go -+++ b/src/runtime/os_aix.go -@@ -186,8 +186,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_darwin.go b/src/runtime/os_darwin.go -index 0ecbea7ae4..6eab3b5c3d 100644 ---- a/src/runtime/os_darwin.go -+++ b/src/runtime/os_darwin.go -@@ -344,8 +344,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_dragonfly.go b/src/runtime/os_dragonfly.go -index a02696eb4f..9b3235084d 100644 ---- a/src/runtime/os_dragonfly.go -+++ b/src/runtime/os_dragonfly.go -@@ -216,8 +216,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go -index 8b3c4d0ecc..fb46b81682 100644 ---- a/src/runtime/os_linux.go -+++ b/src/runtime/os_linux.go -@@ -412,13 +412,12 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { -- if mp.vgetrandomState != 0 { -- vgetrandomPutState(mp.vgetrandomState) -- mp.vgetrandomState = 0 -- } - } - - // #ifdef GOARCH_386 -diff --git a/src/runtime/os_netbsd.go b/src/runtime/os_netbsd.go -index 735ace25ad..a06e5febbd 100644 ---- a/src/runtime/os_netbsd.go -+++ b/src/runtime/os_netbsd.go -@@ -320,8 +320,11 @@ func unminit() { - // must continue working after unminit. - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_openbsd.go b/src/runtime/os_openbsd.go -index 574bfa8b17..4ce4c3c58d 100644 ---- a/src/runtime/os_openbsd.go -+++ b/src/runtime/os_openbsd.go -@@ -182,8 +182,11 @@ func unminit() { - getg().m.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_plan9.go b/src/runtime/os_plan9.go -index 2dbb42ad03..3b5965ab99 100644 ---- a/src/runtime/os_plan9.go -+++ b/src/runtime/os_plan9.go -@@ -217,8 +217,11 @@ func minit() { - func unminit() { - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. -+// -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - func mdestroy(mp *m) { - } - -diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go -index 7183e79f7d..54407a320c 100644 ---- a/src/runtime/os_windows.go -+++ b/src/runtime/os_windows.go -@@ -906,9 +906,11 @@ func unminit() { - mp.procid = 0 - } - --// Called from exitm, but not from drop, to undo the effect of thread-owned -+// Called from mexit, but not from dropm, to undo the effect of thread-owned - // resources in minit, semacreate, or elsewhere. Do not take locks after calling this. - // -+// This always runs without a P, so //go:nowritebarrierrec is required. -+//go:nowritebarrierrec - //go:nosplit - func mdestroy(mp *m) { - if mp.highResTimer != 0 { -diff --git a/src/runtime/proc.go b/src/runtime/proc.go -index e9873e54cd..21bee4df71 100644 ---- a/src/runtime/proc.go -+++ b/src/runtime/proc.go -@@ -1935,6 +1935,9 @@ func mexit(osStack bool) { - mp.gsignal = nil - } - -+ // Free vgetrandom state. -+ vgetrandomDestroy(mp) -+ - // Remove m from allm. - lock(&sched.lock) - for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink { -diff --git a/src/runtime/vgetrandom_linux.go b/src/runtime/vgetrandom_linux.go -index a6ec4b701c..40be022f24 100644 ---- a/src/runtime/vgetrandom_linux.go -+++ b/src/runtime/vgetrandom_linux.go -@@ -73,9 +73,16 @@ func vgetrandomGetState() uintptr { - return state - } - --func vgetrandomPutState(state uintptr) { -+// Free vgetrandom state from the M (if any) prior to destroying the M. -+// -+// This may allocate, so it must have a P. -+func vgetrandomDestroy(mp *m) { -+ if mp.vgetrandomState == 0 { -+ return -+ } -+ - lock(&vgetrandomAlloc.statesLock) -- vgetrandomAlloc.states = append(vgetrandomAlloc.states, state) -+ vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState) - unlock(&vgetrandomAlloc.statesLock) - } - -diff --git a/src/runtime/vgetrandom_unsupported.go b/src/runtime/vgetrandom_unsupported.go -index 070392cfaa..43c53e1198 100644 ---- a/src/runtime/vgetrandom_unsupported.go -+++ b/src/runtime/vgetrandom_unsupported.go -@@ -13,6 +13,6 @@ func vgetrandom(p []byte, flags uint32) (ret int, supported bool) { - return -1, false - } - --func vgetrandomPutState(state uintptr) {} -+func vgetrandomDestroy(mp *m) {} - - func vgetrandomInit() {} diff --git a/ilot/go/APKBUILD b/ilot/go/APKBUILD deleted file mode 100644 index 82a98ba..0000000 --- a/ilot/go/APKBUILD +++ /dev/null @@ -1,318 +0,0 @@ -# Contributor: Sören Tempel -# Contributor: Eivind Uggedal -# Maintainer: Sören Tempel -pkgname=go -# go binaries are statically linked, security updates require rebuilds -pkgver=1.24.2 -pkgrel=1 -pkgdesc="Go programming language compiler" -url="https://go.dev/" -arch="all" -license="BSD-3-Clause" -depends="binutils gcc musl-dev" -makedepends="bash" -options="!check" -checkdepends="binutils-gold git git-daemon" -subpackages="$pkgname-doc" -source="https://go.dev/dl/go$pkgver.src.tar.gz - 0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch - 0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch - 0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch - tests-fchmodat-not-supported.patch - " -case "$CARCH" in - arm*|aarch64) depends="$depends binutils-gold";; - riscv64|loongarch64) - # binutils-gold is not supported on riscv64 and loongarch64. - checkdepends="${checkdepends/binutils-gold/}" - ;; -esac - -# secfixes: -# 0: -# - CVE-2022-41716 -# - CVE-2022-41720 -# - CVE-2022-41722 -# - CVE-2024-24787 -# 1.24.2-r0: -# - CVE-2025-22871 -# 1.24.1-r0: -# - CVE-2025-22870 -# 1.23.6-r0: -# - CVE-2025-22866 -# 1.23.5-r0: -# - CVE-2024-45336 -# - CVE-2024-45341 -# 1.23.1-r0: -# - CVE-2024-34155 -# - CVE-2024-34156 -# - CVE-2024-34158 -# 1.22.5-r0: -# - CVE-2024-24791 -# 1.22.4-r0: -# - CVE-2024-24789 -# - CVE-2024-24790 -# 1.22.3-r0: -# - CVE-2024-24788 -# 1.22.2-r0: -# - CVE-2023-45288 -# 1.22.1-r0: -# - CVE-2024-24783 -# - CVE-2023-45290 -# - CVE-2023-45289 -# - CVE-2024-24785 -# - CVE-2024-24784 -# 1.21.5-r0: -# - CVE-2023-39324 -# - CVE-2023-39326 -# 1.21.3-r0: -# - CVE-2023-39325 -# - CVE-2023-44487 -# 1.21.2-r0: -# - CVE-2023-39323 -# 1.21.1-r0: -# - CVE-2023-39318 -# - CVE-2023-39319 -# - CVE-2023-39320 -# - CVE-2023-39321 -# - CVE-2023-39322 -# 1.20.7-r0: -# - CVE-2023-29409 -# 1.20.6-r0: -# - CVE-2023-29406 -# 1.20.5-r0: -# - CVE-2023-29402 -# - CVE-2023-29403 -# - CVE-2023-29404 -# - CVE-2023-29405 -# 1.20.4-r0: -# - CVE-2023-24539 -# - CVE-2023-24540 -# - CVE-2023-29400 -# 1.20.3-r0: -# - CVE-2023-24537 -# - CVE-2023-24538 -# - CVE-2023-24534 -# - CVE-2023-24536 -# 1.20.2-r0: -# - CVE-2023-24532 -# 1.20.1-r0: -# - CVE-2022-41725 -# - CVE-2022-41724 -# - CVE-2022-41723 -# 1.19.4-r0: -# - CVE-2022-41717 -# 1.19.2-r0: -# - CVE-2022-2879 -# - CVE-2022-2880 -# - CVE-2022-41715 -# 1.19.1-r0: -# - CVE-2022-27664 -# - CVE-2022-32190 -# 1.18.5-r0: -# - CVE-2022-32189 -# 1.18.4-r0: -# - CVE-2022-1705 -# - CVE-2022-1962 -# - CVE-2022-28131 -# - CVE-2022-30630 -# - CVE-2022-30631 -# - CVE-2022-30632 -# - CVE-2022-30633 -# - CVE-2022-30635 -# - CVE-2022-32148 -# 1.18.1-r0: -# - CVE-2022-28327 -# - CVE-2022-27536 -# - CVE-2022-24675 -# 1.17.8-r0: -# - CVE-2022-24921 -# 1.17.7-r0: -# - CVE-2022-23772 -# - CVE-2022-23773 -# - CVE-2022-23806 -# 1.17.6-r0: -# - CVE-2021-44716 -# - CVE-2021-44717 -# 1.17.3-r0: -# - CVE-2021-41772 -# - CVE-2021-41771 -# 1.17.2-r0: -# - CVE-2021-38297 -# 1.17.1-r0: -# - CVE-2021-39293 -# 1.17-r0: -# - CVE-2020-29509 -# - CVE-2020-29511 -# - CVE-2021-29923 -# 1.16.7-r0: -# - CVE-2021-36221 -# 1.16.6-r0: -# - CVE-2021-34558 -# 1.16.5-r0: -# - CVE-2021-33195 -# - CVE-2021-33196 -# - CVE-2021-33197 -# - CVE-2021-33198 -# 1.16.4-r0: -# - CVE-2021-31525 -# 1.16.2-r0: -# - CVE-2021-27918 -# - CVE-2021-27919 -# 1.15.7-r0: -# - CVE-2021-3114 -# - CVE-2021-3115 -# 1.15.5-r0: -# - CVE-2020-28362 -# - CVE-2020-28366 -# - CVE-2020-28367 -# 1.15.2-r0: -# - CVE-2020-24553 -# 1.15-r0: -# - CVE-2020-16845 -# 1.14.5-r0: -# - CVE-2020-15586 -# 1.13.7-r0: -# - CVE-2020-7919 -# 1.13.2-r0: -# - CVE-2019-17596 -# 1.13.1-r0: -# - CVE-2019-16276 -# 1.12.8-r0: -# - CVE-2019-9512 -# - CVE-2019-9514 -# - CVE-2019-14809 -# 1.11.5-r0: -# - CVE-2019-6486 -# 1.9.4-r0: -# - CVE-2018-6574 - -if [ "$CBUILD" = "$CTARGET" ]; then - makedepends="go-bootstrap $makedepends" - provides="go-bootstrap=$pkgver-r$pkgrel" -else - pkgname="go-bootstrap" - makedepends="go $makedepends" - # Go expect host linker instead of the cross-compiler - export CC_FOR_TARGET="$CC" - export CC="${HOSTLD:-gcc}" - export CXX="${HOSTLD:-g++}" - export LD="${HOSTLD:-ld}" -fi - -case "$CTARGET_ARCH" in -aarch64) export GOARCH="arm64" ;; -armel) export GOARCH="arm" GOARM=5 ;; -armhf) export GOARCH="arm" GOARM=6 ;; -armv7) export GOARCH="arm" GOARM=7 ;; -s390x) export GOARCH="s390x" ;; -x86) export GOARCH="386" ;; -x86_64) export GOARCH="amd64" ;; -ppc64) export GOARCH="ppc64" ;; -ppc64le) export GOARCH="ppc64le" ;; -riscv64) export GOARCH="riscv64" ;; -loongarch64) export GOARCH="loong64" ;; -*) export GOARCH="unsupported";; -esac - -# compile go itself as a PIE on supported arches. -case "$CARCH" in -x86_64|s390x|aarch64) export GO_LDFLAGS=-buildmode=pie ;; -esac - -prepare() { - default_prepare - - # The GitLab CI builds aports in a container. On ppc64le, ASLR - # needs to be disabled in order to have the following test case - # pass. However, the container doesn't have permissions to - # disable ASLR, hence we just disable this test for now. - # - # See https://github.com/golang/go/issues/49066#issuecomment-1252948861 - if [ "$CTARGET_ARCH" = "ppc64le" ]; then - rm test/fixedbugs/bug513.go - fi -} - -builddir="$srcdir"/go -build() { - cd "$builddir/src" - - export GOOS="linux" - export GOPATH="$srcdir" - export GOROOT="$builddir" - export GOBIN="$GOROOT"/bin - export GOROOT_FINAL=/usr/lib/go - - local p; for p in /usr/lib/go-bootstrap /usr/lib/go-linux-$GOARCH-bootstrap /usr/lib/go; do - if [ -d "$p" ]; then - export GOROOT_BOOTSTRAP="$p" - break - fi - done - - ./make.bash -v - - # copied from bootstrap.bash to fixup cross-built bootstrap go - if [ "$CBUILD" != "$CTARGET" ]; then - local gohostos="$(../bin/go env GOHOSTOS)" - local gohostarch="$(../bin/go env GOHOSTARCH)" - mv ../bin/*_*/* ../bin - rmdir ../bin/*_* - rm -rf "../pkg/${gohostos}_$gohostarch"* "../pkg/tool/${gohostos}_$gohostarch"* - rm -rf ../pkg/bootstrap ../pkg/obj - fi -} - -check() { - cd "$builddir/src" - if [ "$CTARGET_ARCH" = "armhf" ]; then - export GO_TEST_TIMEOUT_SCALE=2 - fi - - # Test suite does not pass with ccache, thus remove it form $PATH. - export PATH="$(echo "$PATH" | sed 's|/usr/lib/ccache/bin:||g')" - - PATH="$builddir/bin:$PATH" ./run.bash -no-rebuild -} - -package() { - mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go - - for binary in go gofmt; do - install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary" - ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/ - done - - cp -a misc pkg src lib "$pkgdir"/usr/lib/go - cp -r doc "$pkgdir"/usr/share/doc/go - rm -rf "$pkgdir"/usr/lib/go/pkg/obj - rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap - rm -f "$pkgdir"/usr/lib/go/pkg/tool/*/api - - # Install go.env, see https://go.dev/doc/toolchain#GOTOOLCHAIN. - install -Dm644 "$builddir"/go.env "$pkgdir"/usr/lib/go/go.env - install -Dm644 VERSION "$pkgdir/usr/lib/go/VERSION" - - # Remove tests from /usr/lib/go/src to reduce package size, - # these should not be needed at run-time by any program. - find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \ - -exec rm -rf \{\} \+ - find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \ - -exec rm -rf \{\} \+ - - # Remove rc (plan 9) and bat scripts (windows) to reduce package - # size further. The bash scripts are actually needed at run-time. - # - # See: https://gitlab.alpinelinux.org/alpine/aports/issues/11091 - find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.rc" -o -name "*.bat" \) \ - -exec rm -rf \{\} \+ -} - -sha512sums=" -6366a32f6678e7908b138f62dafeed96f7144b3b93505e75fba374b33727da8b1d087c1f979f493382b319758ebfcbeb30e9d7dadcb2923b628c8abe7db41c6f go1.24.2.src.tar.gz -34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41 0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch -8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4 0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch -d56b796ac81f8901cf426711e381b386ec6e039090fd914ebb2246e5b2ccaa6c1dcb40810a886c5e1b0a748c9bcd4cfe9749d85da91e7ce4c11aaf470295e549 0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch -33ecefca77fa0af52a3b2b66a76977af27a88c8dddb89f03e0a5ae6794b9aac53a62d7be33020b49022e9a89d4cdfa383038ee10e160eb94548b2430bf3cfb5e tests-fchmodat-not-supported.patch -" diff --git a/ilot/go/tests-fchmodat-not-supported.patch b/ilot/go/tests-fchmodat-not-supported.patch deleted file mode 100644 index 168ca71..0000000 --- a/ilot/go/tests-fchmodat-not-supported.patch +++ /dev/null @@ -1,19 +0,0 @@ -Without this patch, the TestFchmodat fails on our arm CI with: - - syscall_linux_test.go:139: Fchmodat: unexpected error: operation not permitted, expected EOPNOTSUPP - -The "operation not permitted" means that EPERM was returned which -is likely due to the security policy of our CI container. - -diff -upr go.orig/src/syscall/syscall_linux_test.go go/src/syscall/syscall_linux_test.go ---- go.orig/src/syscall/syscall_linux_test.go 2024-02-07 22:54:39.316022227 +0100 -+++ go/src/syscall/syscall_linux_test.go 2024-02-07 22:56:05.104871102 +0100 -@@ -135,7 +135,7 @@ func TestFchmodat(t *testing.T) { - } - - err = syscall.Fchmodat(_AT_FDCWD, "symlink1", 0444, _AT_SYMLINK_NOFOLLOW) -- if err != syscall.EOPNOTSUPP { -+ if !testenv.SyscallIsNotSupported(err) && err != syscall.EOPNOTSUPP { - t.Fatalf("Fchmodat: unexpected error: %v, expected EOPNOTSUPP", err) - } - } diff --git a/ilot/listmonk/APKBUILD b/ilot/listmonk/APKBUILD index 704084b..1bf9721 100644 --- a/ilot/listmonk/APKBUILD +++ b/ilot/listmonk/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Antoine Martin (ayakael) # Maintainer: Antoine Martin (ayakael) pkgname=listmonk -pkgver=5.0.0 +pkgver=4.1.0 pkgrel=0 pkgdesc='Self-hosted newsletter and mailing list manager with a modern dashboard' arch="all" @@ -67,7 +67,7 @@ package() { ln -s /etc/listmonk/config.toml "$pkgdir"/usr/share/webapps/listmonk/config.toml } sha512sums=" -b0875124106ac737550eb340c209f079698c0b9e1f1e55c70eca113720dbc9dcfaac63aa65722299a1448a582cedf0f9ee20b24ea0625d4e780d83e0d6bab198 listmonk-5.0.0.tar.gz +936b33d6de1d69ee4e7f768810116ac997c516754aace0371089bc8106bebee944197864afc11b7bc5725afa9a4f195d6629957bfcdd37c847e3780aa34558ec listmonk-4.1.0.tar.gz 939450af4b23708e3d23a5a88fad4c24b957090bdd21351a6dd520959e52e45e5fcac117a3eafa280d9506616dae39ad3943589571f008cac5abe1ffd8062424 listmonk.sh 8e9c0b1f335c295fb741418246eb17c7566e5e4200a284c6483433e8ddbf5250aa692435211cf062ad1dfcdce3fae9148def28f03f2492d33fe5e66cbeebd4bd listmonk.openrc " diff --git a/ilot/mastodon/APKBUILD b/ilot/mastodon/APKBUILD index dcf1bd5..5ce4fc0 100644 --- a/ilot/mastodon/APKBUILD +++ b/ilot/mastodon/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Antoine Martin (ayakael) pkgname=mastodon _pkgname=$pkgname -pkgver=4.2.20 +pkgver=4.2.19 _gittag=v$pkgver pkgrel=0 pkgdesc="Self-hosted social media and network server based on ActivityPub and OStatus" @@ -192,7 +192,7 @@ assets() { } sha512sums=" -132df11b54bf0f900e2ee6e149ddb730706a67fc6130ead63b327028fa590944f21a19bcba07d859885717208b6abc005d0aee7675fd8e0fb09ad8d6f8f631b7 mastodon-v4.2.20.tar.gz +cb57227876fbf8ca358104970de6d0c3c9b5913246df4a0d0cfa35b79fa3961d98c309d77222bf596941842062d099065d4502fc1f3dd4531394350e10a9860c mastodon-v4.2.19.tar.gz d49fea9451c97ccefe5e35b68e4274aeb427f9d1e910b89c1f6c810489c3bec1ccff72952fdaef95abf944b8aff0da84a52347540d36ff1fba5ccc19e1d935c6 mastodon.initd eefe12a31268245f802222c0001dac884e03adb0d301e53a1512a3cd204836ca03ad083908cd14d146cf0dce99e3a4366570efd0e40a9a490ccd381d4c63c32f mastodon.web.initd 8fc9249c01693bb02b8d1a6177288d5d3549addde8c03eb35cc7a32dde669171872ebc2b5deb8019dc7a12970098f1af707171fa41129be31b04e1dc1651a777 mastodon.sidekiq.initd diff --git a/ilot/nextcloud30/APKBUILD b/ilot/nextcloud30/APKBUILD index 161f723..66aca75 100644 --- a/ilot/nextcloud30/APKBUILD +++ b/ilot/nextcloud30/APKBUILD @@ -2,7 +2,7 @@ # Contributor: jahway603 # Maintainer: Leonardo Arena _pkgname=nextcloud -pkgver=30.0.10 +pkgver=30.0.8 pkgrel=0 is_latest=true _pkgvermaj=${pkgver%%.*} @@ -310,7 +310,7 @@ _package_app() { } sha512sums=" -c8c9800fff46c5634576b9e0696afd4083e34d24000762ebf3a66192d1dea3f664d1c1d42e6ae262535757991d0a60ee7ee1e1d24757677be56bb8ea7d4d3fd5 nextcloud-30.0.10.tar.bz2 +0bca2f42ccfb7db4befdd2aeeb1df72d2f9acad88907706f8524ced55bd0213b30b687a5e4c623615e59f22246562e195fd74bbb409c4f60b713482e1237d755 nextcloud-30.0.8.tar.bz2 daeabeaa315bb908cc1e49612cce4b2debd71d17acb84b5d14e15fe124c907884b72d54e9aa669ec209eee1b1934d0bc242d72a28d8db7339cfb08383f66fd5c nextcloud-dont-chmod.patch 12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0 dont-update-htaccess.patch cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0 disable-integrity-check-as-default.patch