ilot/py3-django-rest-framework: drop due to unneeded old version

ilot/authentik: upgrade to 2025.4.0
ilot/go: new aport
2025-05-09 20:30:52 +00:00 · 2025-05-09 20:30:52 +00:00 · 2025-05-09 20:00:54 +00:00 · 2025-05-09 14:57:37 +00:00 · 2025-05-09 10:39:55 -04:00
11 changed files with 675 additions and 106 deletions
--- a/ilot/authentik/APKBUILD
+++ b/ilot/authentik/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=authentik
-pkgver=2025.2.4
+pkgver=2025.4.0
 pkgrel=0
 pkgdesc="An open-source Identity Provider focused on flexibility and versatility"
 url="https://github.com/goauthentik/authentik"
@ -41,7 +41,7 @@ depends="
 	py3-django-prometheus
 	py3-django-pglock
 	py3-django-redis
-	py3-django-rest-framework~3.14.0
+	py3-django-rest-framework
 	py3-django-rest-framework-guardian
 	py3-django-storages
 	py3-django-tenants
@ -127,7 +127,6 @@ source="
 	authentik-manage.sh
 	fix-ak-bash.patch
 	root-settings-csrf_trusted_origins.patch
-	go-downgrade-1.22.patch
 	"
 builddir="$srcdir/"authentik-version-$pkgver
 subpackages="$pkgname-openrc $pkgname-doc $pkgname-pyc"
@ -284,7 +283,7 @@ pyc() {
 }

 sha512sums="
-75928b3ab9ae126f3cbe88ff1256de8adba7add099b0d93615abb8c91a2b7f275e83664a232e8c5393c5031bd9757af2f20fdb9d0153dacdf9a482b6b4bb8b00  authentik-2025.2.4.tar.gz
+bafaac41c7d9e4981cd78f86c8274c81bb609e98172e5d1551e64e00eb6c1c1b50309e924c918e26afd6b982a84af9f62fa721d75692243959f09119d7ac7c90  authentik-2025.4.0.tar.gz
 4defb4fe3a4230f4aa517fbecd5e5b8bcef2a64e1b40615660ae9eec33597310a09df5e126f4d39ce7764bd1716c0a7040637699135c103cbc1879593c6c06f1  authentik.openrc
 6cb03b9b69df39bb4539fe05c966536314d766b2e9307a92d87070ba5f5b7e7ab70f1b5ee1ab3c0c50c23454f9c5a4caec29e63fdf411bbb7a124ad687569b89  authentik-worker.openrc
 351e6920d987861f8bf0d7ab2f942db716a8dbdad1f690ac662a6ef29ac0fd46cf817cf557de08f1c024703503d36bc8b46f0d9eb1ecaeb399dce4c3bb527d17  authentik-ldap.openrc
@ -292,5 +291,4 @@ sha512sums="
 f1a3cb215b6210fa7d857a452a9f2bc4dc0520e49b9fa7027547cff093d740a7e2548f1bf1f8831f7d5ccb80c8e523ee0c8bafcc4dc42d2788725f2137d21bee  authentik-manage.sh
 3d38076606d18a438a2d76cdd2067774d5471bb832e641050630726b4d7bd8b8c2218d25d7e987a1fb46ee6a4a81d13e899145f015b3c94204cece039c7fb182  fix-ak-bash.patch
 5c60e54b6a7829d611af66f5cb8184a002b5ae927efbd024c054a7c176fcb9efcfbe5685279ffcf0390b0f0abb3bb03e02782c6867c2b38d1ad2d508aae83fa0  root-settings-csrf_trusted_origins.patch
-badff70b19aad79cf16046bd46cb62db25c2a8b85b2673ce7c44c42eb60d42f6fcb1b9a7a7236c00f24803b25d3c66a4d64423f7ce14a59763b8415db292a5b9  go-downgrade-1.22.patch
 "
--- a/ilot/authentik/go-downgrade-1.22.patch
+++ b/ilot/authentik/go-downgrade-1.22.patch
@ -1,38 +0,0 @@
-diff --git a/go.mod.orig b/go.mod
-index 65490a2..13a611e 100644
--- a/go.mod.orig
-+++ b/go.mod
-@@ -1,8 +1,6 @@
- module goauthentik.io
- 
-go 1.23
-
-toolchain go1.23.0
-+go 1.22.2
- 
- require (
- 	beryju.io/ldap v0.1.0
-@@ -16,7 +14,7 @@ require (
- 	github.com/gorilla/handlers v1.5.2
- 	github.com/gorilla/mux v1.8.1
- 	github.com/gorilla/securecookie v1.1.2
-	github.com/gorilla/sessions v1.4.0
-+	github.com/gorilla/sessions v1.3.0
- 	github.com/gorilla/websocket v1.5.3
- 	github.com/jellydator/ttlcache/v3 v3.2.1
- 	github.com/mitchellh/mapstructure v1.5.0
-diff --git a/go.sum.orig b/go.sum
-index 94edf9c..856c2ee 100644
--- a/go.sum.orig
-+++ b/go.sum
-@@ -175,8 +175,8 @@ github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+
- github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
- github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
- github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
-github.com/gorilla/sessions v1.4.0 h1:kpIYOp/oi6MG/p5PgxApU8srsSw9tuFbt46Lt7auzqQ=
-github.com/gorilla/sessions v1.4.0/go.mod h1:FLWm50oby91+hl7p/wRxDth9bWSuk0qVL2emc7lT5ik=
-+github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
-+github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
- github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
- github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
- github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
--- a/ilot/authentik/go-downgrade-1.23.patch
+++ b/ilot/authentik/go-downgrade-1.23.patch
@ -0,0 +1,12 @@
+diff --git a/go.mod.orig b/go.mod
+index 13956cf..d9303bf 100644
+--- a/go.mod.orig
+++ b/go.mod
+@@ -1,6 +1,6 @@
+ module goauthentik.io
+ 
+-go 1.24.0
+go 1.23.9
+ 
+ require (
+ 	beryju.io/ldap v0.1.0
--- a/ilot/freescout/APKBUILD
+++ b/ilot/freescout/APKBUILD
@ -1,7 +1,7 @@
 # Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
 # Contributor: Antoine Martin (ayakael) <dev@ayakael.net>
 pkgname=freescout
-pkgver=1.8.174
+pkgver=1.8.175
 pkgrel=0
 pkgdesc="Free self-hosted help desk & shared mailbox"
 arch="noarch"
@ -76,7 +76,7 @@ package() {
 	install -m755 -D "$srcdir"/freescout-manage.sh "$pkgdir"/usr/bin/freescout-manage
 }
 sha512sums="
-c5ec40b3dd7f6f593a950d96632e69d8e0a43e17f566f3d83b52aa44e2aac8ef98c536e9408faa834051d7fb3f07e003642f5e6e2a25a69ea51cf7b96290fb1d  freescout-1.8.174.tar.gz
+aa5f762eddaac34977a42bb59a0c2ec2113b0ad4f04b767465e9c23c4bb5d0dd722432735fb10975c23b0a5ca4a11abcfc52d893a3c6678d4908ceb29cefa736  freescout-1.8.175.tar.gz
 e4af6c85dc12f694bef2a02e4664e31ed50b2c109914d7ffad5001c2bbd764ef25b17ecaa59ff55ef41bccf17169bf910d1a08888364bdedd0ecc54d310e661f  freescout.nginx
 7ce9b3ee3a979db44f5e6d7daa69431e04a5281f364ae7be23e5a0a0547f96abc858d2a8010346be2fb99bd2355fb529e7030ed20d54f310249e61ed5db4d0ba  freescout-manage.sh
 0cba00b7d945ce84f72a2812d40028a073a5278856f610e46dbfe0ac78deff6bf5eba7643635fa4bc64d070c4d49eb47d24ea0a05ba1e6ea76690bfd77906366  rename-client-to-membre-fr-en.patch
--- a/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
+++ b/ilot/go/0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
@ -0,0 +1,45 @@
+From fa8e52baedd21265f69b5f425157e11c8c4ec24a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Sat, 25 Mar 2023 09:08:04 +0100
+Subject: [PATCH] cmd/link: prefer musl's over glibc's ld.so during dynamic
+ linking
+
+Without this commit glibc's is preferred over musl by default. This
+causes issues on Alpine when a dynamically linked Go binary is created
+while gcompat is installed, causing the binary to be linked against
+the ld.so provided by the gcompat package.
+
+This commit changes the logic to check for musl's ld.so first, if it
+does not exist we fallback to glibc. This default can be overwritten
+using the `-I` option of cmd/link.
+
+See https://gitlab.alpinelinux.org/alpine/aports/-/issues/14737
+---
+ src/cmd/link/internal/ld/elf.go | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/cmd/link/internal/ld/elf.go b/src/cmd/link/internal/ld/elf.go
+index 713f7739a5..8cf9377858 100644
+--- a/src/cmd/link/internal/ld/elf.go
+++ b/src/cmd/link/internal/ld/elf.go
+@@ -1886,14 +1886,14 @@ func asmbElf(ctxt *Link) {
+ 						Exitf("ELF interpreter not set")
+ 					}
+ 				} else {
+-					interpreter = thearch.ELF.Linuxdynld
+-					// If interpreter does not exist, try musl instead.
+					interpreter = thearch.ELF.LinuxdynldMusl
+					// If interpreter does not exist, try glibc instead.
+ 					// This lets the same cmd/link binary work on
+-					// both glibc-based and musl-based systems.
+					// both musl-based and glibc-based systems.
+ 					if _, err := os.Stat(interpreter); err != nil {
+-						if musl := thearch.ELF.LinuxdynldMusl; musl != "" {
+-							if _, err := os.Stat(musl); err == nil {
+-								interpreter = musl
+						if glibc := thearch.ELF.Linuxdynld; glibc != "" {
+							if _, err := os.Stat(glibc); err == nil {
+								interpreter = glibc
+ 							}
+ 						}
+ 					}
--- a/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
+++ b/ilot/go/0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
@ -0,0 +1,29 @@
+From 82ac7268f746c31d771e584c1c83f93890b33404 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Tue, 11 Jul 2023 05:18:00 +0200
+Subject: [PATCH] go.env: Don't switch Go toolchain version as directed in
+ go.mod
+
+We want users and packages to use the version of Go that is provided
+in our package repository. We don't want to download pre-built
+toolchains from golang.org.
+
+Also note that prior to Go 1.21, pre-built Go binaries are linked
+against glibc and hence do not work on Alpine.
+---
+ go.env | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/go.env b/go.env
+index 6ff2b921d4..a106fb4638 100644
+--- a/go.env
+++ b/go.env
+@@ -7,6 +7,5 @@
+ GOPROXY=https://proxy.golang.org,direct
+ GOSUMDB=sum.golang.org
+ 
+-# Automatically download newer toolchains as directed by go.mod files.
+-# See https://go.dev/doc/toolchain for details.
+-GOTOOLCHAIN=auto
+# Don't attempt to switch to a newer toolchains by default.
+GOTOOLCHAIN=local
--- a/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
+++ b/ilot/go/0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
@ -0,0 +1,245 @@
+From 5c5b24702f5542fba019d6b98eec6121bc21df31 Mon Sep 17 00:00:00 2001
+From: Michael Pratt <mpratt@google.com>
+Date: Thu, 3 Apr 2025 11:15:13 +0000
+Subject: [PATCH] runtime: cleanup M vgetrandom state before dropping P
+
+When an M is destroyed, we put its vgetrandom state back on the shared
+list for another M to reuse. This list is simply a slice, so appending
+to the slice may allocate. Currently this operation is performed in
+mdestroy, after the P is released, meaning allocation is not allowed.
+
+More the cleanup earlier in mdestroy when allocation is still OK.
+
+Also add //go:nowritebarrierrec to mdestroy since it runs without a P,
+which would have caught this bug.
+
+Fixes #73141.
+
+Change-Id: I6a6a636c3fbf5c6eec09d07a260e39dbb4d2db12
+Reviewed-on: https://go-review.googlesource.com/c/go/+/662455
+Reviewed-by: Jason Donenfeld <Jason@zx2c4.com>
+LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+Reviewed-by: Keith Randall <khr@golang.org>
+Reviewed-by: Keith Randall <khr@google.com>
+---
+ src/runtime/os3_solaris.go            |  5 ++++-
+ src/runtime/os_aix.go                 |  5 ++++-
+ src/runtime/os_darwin.go              |  5 ++++-
+ src/runtime/os_dragonfly.go           |  5 ++++-
+ src/runtime/os_linux.go               |  9 ++++-----
+ src/runtime/os_netbsd.go              |  5 ++++-
+ src/runtime/os_openbsd.go             |  5 ++++-
+ src/runtime/os_plan9.go               |  5 ++++-
+ src/runtime/os_windows.go             |  4 +++-
+ src/runtime/proc.go                   |  3 +++
+ src/runtime/vgetrandom_linux.go       | 11 +++++++++--
+ src/runtime/vgetrandom_unsupported.go |  2 +-
+ 12 files changed, 48 insertions(+), 16 deletions(-)
+
+diff --git a/src/runtime/os3_solaris.go b/src/runtime/os3_solaris.go
+index cf163a6bf4..ded821b2e6 100644
+--- a/src/runtime/os3_solaris.go
+++ b/src/runtime/os3_solaris.go
+@@ -234,8 +234,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_aix.go b/src/runtime/os_aix.go
+index 93464cb997..1b483c2a7e 100644
+--- a/src/runtime/os_aix.go
+++ b/src/runtime/os_aix.go
+@@ -186,8 +186,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_darwin.go b/src/runtime/os_darwin.go
+index 0ecbea7ae4..6eab3b5c3d 100644
+--- a/src/runtime/os_darwin.go
+++ b/src/runtime/os_darwin.go
+@@ -344,8 +344,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_dragonfly.go b/src/runtime/os_dragonfly.go
+index a02696eb4f..9b3235084d 100644
+--- a/src/runtime/os_dragonfly.go
+++ b/src/runtime/os_dragonfly.go
+@@ -216,8 +216,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go
+index 8b3c4d0ecc..fb46b81682 100644
+--- a/src/runtime/os_linux.go
+++ b/src/runtime/os_linux.go
+@@ -412,13 +412,12 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+-	if mp.vgetrandomState != 0 {
+-		vgetrandomPutState(mp.vgetrandomState)
+-		mp.vgetrandomState = 0
+-	}
+ }
+ 
+ // #ifdef GOARCH_386
+diff --git a/src/runtime/os_netbsd.go b/src/runtime/os_netbsd.go
+index 735ace25ad..a06e5febbd 100644
+--- a/src/runtime/os_netbsd.go
+++ b/src/runtime/os_netbsd.go
+@@ -320,8 +320,11 @@ func unminit() {
+ 	// must continue working after unminit.
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_openbsd.go b/src/runtime/os_openbsd.go
+index 574bfa8b17..4ce4c3c58d 100644
+--- a/src/runtime/os_openbsd.go
+++ b/src/runtime/os_openbsd.go
+@@ -182,8 +182,11 @@ func unminit() {
+ 	getg().m.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_plan9.go b/src/runtime/os_plan9.go
+index 2dbb42ad03..3b5965ab99 100644
+--- a/src/runtime/os_plan9.go
+++ b/src/runtime/os_plan9.go
+@@ -217,8 +217,11 @@ func minit() {
+ func unminit() {
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+//
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ func mdestroy(mp *m) {
+ }
+ 
+diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go
+index 7183e79f7d..54407a320c 100644
+--- a/src/runtime/os_windows.go
+++ b/src/runtime/os_windows.go
+@@ -906,9 +906,11 @@ func unminit() {
+ 	mp.procid = 0
+ }
+ 
+-// Called from exitm, but not from drop, to undo the effect of thread-owned
+// Called from mexit, but not from dropm, to undo the effect of thread-owned
+ // resources in minit, semacreate, or elsewhere. Do not take locks after calling this.
+ //
+// This always runs without a P, so //go:nowritebarrierrec is required.
+//go:nowritebarrierrec
+ //go:nosplit
+ func mdestroy(mp *m) {
+ 	if mp.highResTimer != 0 {
+diff --git a/src/runtime/proc.go b/src/runtime/proc.go
+index e9873e54cd..21bee4df71 100644
+--- a/src/runtime/proc.go
+++ b/src/runtime/proc.go
+@@ -1935,6 +1935,9 @@ func mexit(osStack bool) {
+ 		mp.gsignal = nil
+ 	}
+ 
+	// Free vgetrandom state.
+	vgetrandomDestroy(mp)
+
+ 	// Remove m from allm.
+ 	lock(&sched.lock)
+ 	for pprev := &allm; *pprev != nil; pprev = &(*pprev).alllink {
+diff --git a/src/runtime/vgetrandom_linux.go b/src/runtime/vgetrandom_linux.go
+index a6ec4b701c..40be022f24 100644
+--- a/src/runtime/vgetrandom_linux.go
+++ b/src/runtime/vgetrandom_linux.go
+@@ -73,9 +73,16 @@ func vgetrandomGetState() uintptr {
+ 	return state
+ }
+ 
+-func vgetrandomPutState(state uintptr) {
+// Free vgetrandom state from the M (if any) prior to destroying the M.
+//
+// This may allocate, so it must have a P.
+func vgetrandomDestroy(mp *m) {
+	if mp.vgetrandomState == 0 {
+		return
+	}
+
+ 	lock(&vgetrandomAlloc.statesLock)
+-	vgetrandomAlloc.states = append(vgetrandomAlloc.states, state)
+	vgetrandomAlloc.states = append(vgetrandomAlloc.states, mp.vgetrandomState)
+ 	unlock(&vgetrandomAlloc.statesLock)
+ }
+ 
+diff --git a/src/runtime/vgetrandom_unsupported.go b/src/runtime/vgetrandom_unsupported.go
+index 070392cfaa..43c53e1198 100644
+--- a/src/runtime/vgetrandom_unsupported.go
+++ b/src/runtime/vgetrandom_unsupported.go
+@@ -13,6 +13,6 @@ func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
+ 	return -1, false
+ }
+ 
+-func vgetrandomPutState(state uintptr) {}
+func vgetrandomDestroy(mp *m) {}
+ 
+ func vgetrandomInit() {}
--- a/ilot/go/APKBUILD
+++ b/ilot/go/APKBUILD
@ -0,0 +1,318 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Eivind Uggedal <eu@eju.no>
+# Maintainer: Sören Tempel <soeren+alpine@soeren-tempel.net>
+pkgname=go
+# go binaries are statically linked, security updates require rebuilds
+pkgver=1.24.2
+pkgrel=1
+pkgdesc="Go programming language compiler"
+url="https://go.dev/"
+arch="all"
+license="BSD-3-Clause"
+depends="binutils gcc musl-dev"
+makedepends="bash"
+options="!check"
+checkdepends="binutils-gold git git-daemon"
+subpackages="$pkgname-doc"
+source="https://go.dev/dl/go$pkgver.src.tar.gz
+	0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
+	0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
+	0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
+	tests-fchmodat-not-supported.patch
+	"
+case "$CARCH" in
+	arm*|aarch64) depends="$depends binutils-gold";;
+	riscv64|loongarch64)
+		# binutils-gold is not supported on riscv64 and loongarch64.
+		checkdepends="${checkdepends/binutils-gold/}"
+		;;
+esac
+
+# secfixes:
+#   0:
+#     - CVE-2022-41716
+#     - CVE-2022-41720
+#     - CVE-2022-41722
+#     - CVE-2024-24787
+#   1.24.2-r0:
+#     - CVE-2025-22871
+#   1.24.1-r0:
+#     - CVE-2025-22870
+#   1.23.6-r0:
+#     - CVE-2025-22866
+#   1.23.5-r0:
+#     - CVE-2024-45336
+#     - CVE-2024-45341
+#   1.23.1-r0:
+#     - CVE-2024-34155
+#     - CVE-2024-34156
+#     - CVE-2024-34158
+#   1.22.5-r0:
+#     - CVE-2024-24791
+#   1.22.4-r0:
+#     - CVE-2024-24789
+#     - CVE-2024-24790
+#   1.22.3-r0:
+#     - CVE-2024-24788
+#   1.22.2-r0:
+#     - CVE-2023-45288
+#   1.22.1-r0:
+#     - CVE-2024-24783
+#     - CVE-2023-45290
+#     - CVE-2023-45289
+#     - CVE-2024-24785
+#     - CVE-2024-24784
+#   1.21.5-r0:
+#     - CVE-2023-39324
+#     - CVE-2023-39326
+#   1.21.3-r0:
+#     - CVE-2023-39325
+#     - CVE-2023-44487
+#   1.21.2-r0:
+#     - CVE-2023-39323
+#   1.21.1-r0:
+#     - CVE-2023-39318
+#     - CVE-2023-39319
+#     - CVE-2023-39320
+#     - CVE-2023-39321
+#     - CVE-2023-39322
+#   1.20.7-r0:
+#     - CVE-2023-29409
+#   1.20.6-r0:
+#     - CVE-2023-29406
+#   1.20.5-r0:
+#     - CVE-2023-29402
+#     - CVE-2023-29403
+#     - CVE-2023-29404
+#     - CVE-2023-29405
+#   1.20.4-r0:
+#     - CVE-2023-24539
+#     - CVE-2023-24540
+#     - CVE-2023-29400
+#   1.20.3-r0:
+#     - CVE-2023-24537
+#     - CVE-2023-24538
+#     - CVE-2023-24534
+#     - CVE-2023-24536
+#   1.20.2-r0:
+#     - CVE-2023-24532
+#   1.20.1-r0:
+#     - CVE-2022-41725
+#     - CVE-2022-41724
+#     - CVE-2022-41723
+#   1.19.4-r0:
+#     - CVE-2022-41717
+#   1.19.2-r0:
+#     - CVE-2022-2879
+#     - CVE-2022-2880
+#     - CVE-2022-41715
+#   1.19.1-r0:
+#     - CVE-2022-27664
+#     - CVE-2022-32190
+#   1.18.5-r0:
+#     - CVE-2022-32189
+#   1.18.4-r0:
+#     - CVE-2022-1705
+#     - CVE-2022-1962
+#     - CVE-2022-28131
+#     - CVE-2022-30630
+#     - CVE-2022-30631
+#     - CVE-2022-30632
+#     - CVE-2022-30633
+#     - CVE-2022-30635
+#     - CVE-2022-32148
+#   1.18.1-r0:
+#     - CVE-2022-28327
+#     - CVE-2022-27536
+#     - CVE-2022-24675
+#   1.17.8-r0:
+#     - CVE-2022-24921
+#   1.17.7-r0:
+#     - CVE-2022-23772
+#     - CVE-2022-23773
+#     - CVE-2022-23806
+#   1.17.6-r0:
+#     - CVE-2021-44716
+#     - CVE-2021-44717
+#   1.17.3-r0:
+#     - CVE-2021-41772
+#     - CVE-2021-41771
+#   1.17.2-r0:
+#     - CVE-2021-38297
+#   1.17.1-r0:
+#     - CVE-2021-39293
+#   1.17-r0:
+#     - CVE-2020-29509
+#     - CVE-2020-29511
+#     - CVE-2021-29923
+#   1.16.7-r0:
+#     - CVE-2021-36221
+#   1.16.6-r0:
+#     - CVE-2021-34558
+#   1.16.5-r0:
+#     - CVE-2021-33195
+#     - CVE-2021-33196
+#     - CVE-2021-33197
+#     - CVE-2021-33198
+#   1.16.4-r0:
+#     - CVE-2021-31525
+#   1.16.2-r0:
+#     - CVE-2021-27918
+#     - CVE-2021-27919
+#   1.15.7-r0:
+#     - CVE-2021-3114
+#     - CVE-2021-3115
+#   1.15.5-r0:
+#     - CVE-2020-28362
+#     - CVE-2020-28366
+#     - CVE-2020-28367
+#   1.15.2-r0:
+#     - CVE-2020-24553
+#   1.15-r0:
+#     - CVE-2020-16845
+#   1.14.5-r0:
+#     - CVE-2020-15586
+#   1.13.7-r0:
+#     - CVE-2020-7919
+#   1.13.2-r0:
+#     - CVE-2019-17596
+#   1.13.1-r0:
+#     - CVE-2019-16276
+#   1.12.8-r0:
+#     - CVE-2019-9512
+#     - CVE-2019-9514
+#     - CVE-2019-14809
+#   1.11.5-r0:
+#     - CVE-2019-6486
+#   1.9.4-r0:
+#     - CVE-2018-6574
+
+if [ "$CBUILD" = "$CTARGET" ]; then
+	makedepends="go-bootstrap $makedepends"
+	provides="go-bootstrap=$pkgver-r$pkgrel"
+else
+	pkgname="go-bootstrap"
+	makedepends="go $makedepends"
+	# Go expect host linker instead of the cross-compiler
+	export CC_FOR_TARGET="$CC"
+	export CC="${HOSTLD:-gcc}"
+	export CXX="${HOSTLD:-g++}"
+	export LD="${HOSTLD:-ld}"
+fi
+
+case "$CTARGET_ARCH" in
+aarch64) export GOARCH="arm64" ;;
+armel)   export GOARCH="arm" GOARM=5 ;;
+armhf)   export GOARCH="arm" GOARM=6 ;;
+armv7)   export GOARCH="arm" GOARM=7 ;;
+s390x)   export GOARCH="s390x" ;;
+x86)     export GOARCH="386" ;;
+x86_64)  export GOARCH="amd64" ;;
+ppc64)   export GOARCH="ppc64" ;;
+ppc64le) export GOARCH="ppc64le" ;;
+riscv64) export GOARCH="riscv64" ;;
+loongarch64) export GOARCH="loong64" ;;
+*)       export GOARCH="unsupported";;
+esac
+
+# compile go itself as a PIE on supported arches.
+case "$CARCH" in
+x86_64|s390x|aarch64) export GO_LDFLAGS=-buildmode=pie ;;
+esac
+
+prepare() {
+	default_prepare
+
+	# The GitLab CI builds aports in a container. On ppc64le, ASLR
+	# needs to be disabled in order to have the following test case
+	# pass. However, the container doesn't have permissions to
+	# disable ASLR, hence we just disable this test for now.
+	#
+	# See https://github.com/golang/go/issues/49066#issuecomment-1252948861
+	if [ "$CTARGET_ARCH" = "ppc64le" ]; then
+		rm test/fixedbugs/bug513.go
+	fi
+}
+
+builddir="$srcdir"/go
+build() {
+	cd "$builddir/src"
+
+	export GOOS="linux"
+	export GOPATH="$srcdir"
+	export GOROOT="$builddir"
+	export GOBIN="$GOROOT"/bin
+	export GOROOT_FINAL=/usr/lib/go
+
+	local p; for p in /usr/lib/go-bootstrap /usr/lib/go-linux-$GOARCH-bootstrap /usr/lib/go; do
+		if [ -d "$p" ]; then
+			export GOROOT_BOOTSTRAP="$p"
+			break
+		fi
+	done
+
+	./make.bash -v
+
+	# copied from bootstrap.bash to fixup cross-built bootstrap go
+	if [ "$CBUILD" != "$CTARGET" ]; then
+		local gohostos="$(../bin/go env GOHOSTOS)"
+		local gohostarch="$(../bin/go env GOHOSTARCH)"
+		mv ../bin/*_*/* ../bin
+		rmdir ../bin/*_*
+		rm -rf "../pkg/${gohostos}_$gohostarch"* "../pkg/tool/${gohostos}_$gohostarch"*
+		rm -rf ../pkg/bootstrap ../pkg/obj
+	fi
+}
+
+check() {
+	cd "$builddir/src"
+	if [ "$CTARGET_ARCH" = "armhf" ]; then
+		export GO_TEST_TIMEOUT_SCALE=2
+	fi
+
+	# Test suite does not pass with ccache, thus remove it form $PATH.
+	export PATH="$(echo "$PATH" | sed 's|/usr/lib/ccache/bin:||g')"
+
+	PATH="$builddir/bin:$PATH" ./run.bash -no-rebuild
+}
+
+package() {
+	mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go
+
+	for binary in go gofmt; do
+		install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary"
+		ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/
+	done
+
+	cp -a misc pkg src lib "$pkgdir"/usr/lib/go
+	cp -r doc "$pkgdir"/usr/share/doc/go
+	rm -rf "$pkgdir"/usr/lib/go/pkg/obj
+	rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap
+	rm -f  "$pkgdir"/usr/lib/go/pkg/tool/*/api
+
+	# Install go.env, see https://go.dev/doc/toolchain#GOTOOLCHAIN.
+	install -Dm644 "$builddir"/go.env "$pkgdir"/usr/lib/go/go.env
+	install -Dm644 VERSION "$pkgdir/usr/lib/go/VERSION"
+
+	# Remove tests from /usr/lib/go/src to reduce package size,
+	# these should not be needed at run-time by any program.
+	find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \
+		-exec rm -rf \{\} \+
+	find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \
+		-exec rm -rf \{\} \+
+
+	# Remove rc (plan 9) and bat scripts (windows) to reduce package
+	# size further. The bash scripts are actually needed at run-time.
+	#
+	# See: https://gitlab.alpinelinux.org/alpine/aports/issues/11091
+	find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.rc" -o -name "*.bat" \) \
+		-exec rm -rf \{\} \+
+}
+
+sha512sums="
+6366a32f6678e7908b138f62dafeed96f7144b3b93505e75fba374b33727da8b1d087c1f979f493382b319758ebfcbeb30e9d7dadcb2923b628c8abe7db41c6f  go1.24.2.src.tar.gz
+34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41  0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
+8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4  0002-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
+d56b796ac81f8901cf426711e381b386ec6e039090fd914ebb2246e5b2ccaa6c1dcb40810a886c5e1b0a748c9bcd4cfe9749d85da91e7ce4c11aaf470295e549  0003-runtime-cleanup-M-vgetrandom-state-before-dropping-P.patch
+33ecefca77fa0af52a3b2b66a76977af27a88c8dddb89f03e0a5ae6794b9aac53a62d7be33020b49022e9a89d4cdfa383038ee10e160eb94548b2430bf3cfb5e  tests-fchmodat-not-supported.patch
+"
--- a/ilot/go/tests-fchmodat-not-supported.patch
+++ b/ilot/go/tests-fchmodat-not-supported.patch
@ -0,0 +1,19 @@
+Without this patch, the TestFchmodat fails on our arm CI with:
+
+	syscall_linux_test.go:139: Fchmodat: unexpected error: operation not permitted, expected EOPNOTSUPP
+
+The "operation not permitted" means that EPERM was returned which
+is likely due to the security policy of our CI container.
+
+diff -upr go.orig/src/syscall/syscall_linux_test.go go/src/syscall/syscall_linux_test.go
+--- go.orig/src/syscall/syscall_linux_test.go	2024-02-07 22:54:39.316022227 +0100
+++ go/src/syscall/syscall_linux_test.go	2024-02-07 22:56:05.104871102 +0100
+@@ -135,7 +135,7 @@ func TestFchmodat(t *testing.T) {
+ 	}
+ 
+ 	err = syscall.Fchmodat(_AT_FDCWD, "symlink1", 0444, _AT_SYMLINK_NOFOLLOW)
+-	if err != syscall.EOPNOTSUPP {
+	if !testenv.SyscallIsNotSupported(err) && err != syscall.EOPNOTSUPP {
+ 		t.Fatalf("Fchmodat: unexpected error: %v, expected EOPNOTSUPP", err)
+ 	}
+ }
--- a/ilot/nextcloud30/APKBUILD
+++ b/ilot/nextcloud30/APKBUILD
@ -2,7 +2,7 @@
 # Contributor: jahway603 <jahway603@protonmail.com>
 # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
 _pkgname=nextcloud
-pkgver=30.0.8
+pkgver=30.0.10
 pkgrel=0
 is_latest=true
 _pkgvermaj=${pkgver%%.*}
@ -310,7 +310,7 @@ _package_app() {
 }

 sha512sums="
-0bca2f42ccfb7db4befdd2aeeb1df72d2f9acad88907706f8524ced55bd0213b30b687a5e4c623615e59f22246562e195fd74bbb409c4f60b713482e1237d755  nextcloud-30.0.8.tar.bz2
+c8c9800fff46c5634576b9e0696afd4083e34d24000762ebf3a66192d1dea3f664d1c1d42e6ae262535757991d0a60ee7ee1e1d24757677be56bb8ea7d4d3fd5  nextcloud-30.0.10.tar.bz2
 daeabeaa315bb908cc1e49612cce4b2debd71d17acb84b5d14e15fe124c907884b72d54e9aa669ec209eee1b1934d0bc242d72a28d8db7339cfb08383f66fd5c  nextcloud-dont-chmod.patch
 12f4a39aef0f81a0115c81bf2b345cc194537a7e8300748b800b0e35bc07928091296074b23c2019c17aced69854a11d1ed7225f67eefd27cf00c3969a75c5b0  dont-update-htaccess.patch
 cb04252d01407c7030e87dd54616c621ea0f85ef0212674b1161288182538cae0fb31c67e7cc07c66f9607075774c64e386009cc66365b1f1b155f6ad4f83ac0  disable-integrity-check-as-default.patch
--- a/ilot/py3-django-rest-framework/APKBUILD
+++ b/ilot/py3-django-rest-framework/APKBUILD
@ -1,59 +0,0 @@
-# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
-# Contributor: Justin Berthault <justin.berthault@zaclys.net>
-# Maintainer: Antoine Martin (ayakael) <dev@ayakael.net>
-pkgname=py3-django-rest-framework
-_pkgname=django-rest-framework
-pkgver=3.14.0
-pkgrel=1
-pkgdesc="Web APIs for Django"
-url="https://github.com/encode/django-rest-framework"
-arch="noarch"
-license="Custom"
-depends="
-	py3-django
-	py3-tz
-"
-makedepends="
-	py3-setuptools
-	py3-gpep517
-	py3-wheel
-"
-checkdepends="
-	py3-pytest-django
-	py3-pytest-cov
-	py3-core-api
-	py3-jinja2
-	py3-uritemplate
-	py3-django-guardian
-	py3-psycopg2
-	py3-markdown
-	py3-yaml
-	py3-inflection
-"
-subpackages="$pkgname-pyc"
-source="$pkgname-$pkgver.tar.gz::https://github.com/encode/$_pkgname/archive/$pkgver.tar.gz"
-options="!check" # Failing tests
-builddir="$srcdir"/$_pkgname-$pkgver
-
-build() {
-	gpep517 build-wheel \
-		--wheel-dir .dist \
-		--output-fd 3 3>&1 >&2
-}
-
-check() {
-	python3 -m venv --clear --without-pip --system-site-packages .testenv
-	.testenv/bin/python3 -m installer "$builddir"/.dist/*.whl
-	# test_urlpatterns: AssertionError: assert [<URLPattern ''>] is not [<URLPattern ''>]
-	# test_markdown: rather hard to decipher assertion error
-	.testenv/bin/python3 -m pytest -v -k 'not test_urlpatterns and not test_markdown'
-}
-
-package() {
-	python3 -m installer -d "$pkgdir" \
-		.dist/*.whl
-}
-
-sha512sums="
-c1012c656b427e0318b2056e2f984ddc75a5b4e85f375c76fba165ad06e285848eee1bc6dc76c097daec57d780efb2551110199d62ce636a03951aec13ab4013  py3-django-rest-framework-3.14.0.tar.gz
-"
Author	SHA1	Message	Date
Antoine Martin	3221b6d451	ilot/py3-django-rest-framework: drop due to unneeded old version Some checks failed / lint (pull_request) Successful in 44s Details / deploy-x86_64 (pull_request) Has been skipped Details / build-x86_64 (pull_request) Failing after 8m35s Details / build-aarch64 (pull_request) Failing after 32m47s Details / deploy-aarch64 (pull_request) Has been skipped Details	2025-05-09 20:30:52 +00:00
Antoine Martin	2adf8ed1e7	ilot/authentik: upgrade to 2025.4.0	2025-05-09 20:30:52 +00:00
Antoine Martin	d095638cf0	ilot/go: new aport	2025-05-09 20:00:54 +00:00
Antoine Martin	5944fd27d4	ilot/nextcloud30: upgrade to 30.0.10	2025-05-09 14:57:37 +00:00
Antoine Martin	23161d31ee	ilot/freescout: upgrade to 1.8.175 All checks were successful / lint (pull_request) Successful in 38s Details / build-x86_64 (pull_request) Successful in 1m22s Details / deploy-x86_64 (pull_request) Successful in 42s Details / build-aarch64 (pull_request) Successful in 3m15s Details / deploy-aarch64 (pull_request) Successful in 1m10s Details	2025-05-09 10:39:55 -04:00