From 4403c9c241d1d52c3ebf97d548fc8b36abdc4472 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 5 Jan 2022 19:33:08 -0600
Subject: [PATCH] Update Alpine scripts

- Install nss, nss-tools and nss-dev from 3.14/3.15 repository.
  It is not necessary to install from edge because the latest
  3.14/3.15 nss related packages are already patched to fix
  CVE-2021-43527.
  Ref: https://git.alpinelinux.org/aports/tree/community/nss?h=3.15-stable
       https://git.alpinelinux.org/aports/tree/community/nss?h=3.14-stable
       603b198
---
 extras/vpnupgrade_alpine.sh | 10 ++--------
 vpnsetup_alpine.sh          | 10 ++--------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/extras/vpnupgrade_alpine.sh b/extras/vpnupgrade_alpine.sh
index e17a478..e59c4e7 100755
--- a/extras/vpnupgrade_alpine.sh
+++ b/extras/vpnupgrade_alpine.sh
@@ -149,16 +149,10 @@ install_pkgs() {
   (
     set -x
     apk add -U -q bash bind-tools coreutils openssl wget iproute2 sed grep \
-    libcap-ng libcurl libevent linux-pam musl nspr \
-    bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev \
+    libcap-ng libcurl libevent linux-pam musl nspr nss nss-tools \
+    bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev nss-dev \
     libcap-ng-dev libevent-dev curl-dev nspr-dev uuidgen openrc
   ) || exiterr2
-  (
-    set -x
-    apk add -q --no-cache \
-    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
-    nss nss-tools nss-dev
-  ) || exiterr2
 }
 
 get_libreswan() {
diff --git a/vpnsetup_alpine.sh b/vpnsetup_alpine.sh
index 1105b89..a3fdf58 100755
--- a/vpnsetup_alpine.sh
+++ b/vpnsetup_alpine.sh
@@ -160,16 +160,10 @@ install_vpn_pkgs() {
   bigecho "Installing packages required for the VPN..."
   (
     set -x
-    apk add -U -q libcap-ng libcurl libevent linux-pam musl nspr \
-      bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev \
+    apk add -U -q libcap-ng libcurl libevent linux-pam musl nspr nss nss-tools \
+      bison flex gcc make libc-dev bsd-compat-headers linux-pam-dev nss-dev \
       libcap-ng-dev libevent-dev curl-dev nspr-dev uuidgen openrc xl2tpd
   ) || exiterr2
-  (
-    set -x
-    apk add -q --no-cache \
-    --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community \
-    nss nss-tools nss-dev
-  ) || exiterr2
 }
 
 install_fail2ban() {