jeans/operating-system
jeans/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-07-28 15:36:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update buildroot to 2020.02.7 (#923)

Browse Source 
Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch>
This commit is contained in:
Pascal Vizeli 2020-10-22 17:05:36 +02:00 committed by GitHub
parent fdcb94f0d8
commit dcfb296dcf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
332 changed files with 10767 additions and 1806 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
buildroot/.gitlab-ci.yml
View File

@ -4,12 +4,13 @@
# It needs to be regenerated every time a defconfig is added, using
# "make .gitlab-ci.yml".
image: buildroot/base:20191027.2027
image: buildroot/base:20200814.2228
.check_base:
except:
- /^.*-.*_defconfig$/
- /^.*-tests\..*$/
rules:
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
when: never
- when: always
check-DEVELOPERS:
extends: .check_base
@ -27,7 +28,7 @@ check-flake8:
- find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
- sort -u files.txt | tee files.processed
script:
- python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
- python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
after_script:
- wc -l files.processed
@ -69,17 +70,21 @@ check-package:
extends: .defconfig_base
# Running the defconfigs for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
- /-defconfigs$/
rules:
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
# For pipeline created by using a trigger token.
- if: '$CI_PIPELINE_TRIGGERED'
# For the branch or tag name named *-defconfigs, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
before_script:
- DEFCONFIG_NAME=${CI_JOB_NAME}
one-defconfig:
extends: .defconfig_base
only:
- /^.*-.*_defconfig$/
rules:
# For the branch or tag name named *-*_defconfigs, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
before_script:
- DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
@ -103,17 +108,20 @@ one-defconfig:
extends: .runtime_test_base
# Running the runtime tests for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
- /-runtime-tests$/
rules:
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
# For pipeline created by using a trigger token.
- if: '$CI_PIPELINE_TRIGGERED'
# For the branch or tag name named *-runtime-tests, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
before_script:
- TEST_CASE_NAME=${CI_JOB_NAME}
one-runtime_test:
extends: .runtime_test_base
only:
- /^.*-tests\..*$/
rules:
- if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
before_script:
- TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
aarch64_efi_defconfig: { extends: .defconfig }

42
buildroot/.gitlab-ci.yml.in
View File

@ -4,12 +4,13 @@
# It needs to be regenerated every time a defconfig is added, using
# "make .gitlab-ci.yml".
image: buildroot/base:20191027.2027
image: buildroot/base:20200814.2228
.check_base:
except:
- /^.*-.*_defconfig$/
- /^.*-tests\..*$/
rules:
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
when: never
- when: always
check-DEVELOPERS:
extends: .check_base
@ -27,7 +28,7 @@ check-flake8:
- find * -type f -print0 | xargs -0 file | grep 'Python script' | cut -d':' -f1 >> files.txt
- sort -u files.txt | tee files.processed
script:
- python -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
- python3 -m flake8 --statistics --count --max-line-length=132 $(cat files.processed)
after_script:
- wc -l files.processed
@ -69,17 +70,21 @@ check-package:
extends: .defconfig_base
# Running the defconfigs for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
- /-defconfigs$/
rules:
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
# For pipeline created by using a trigger token.
- if: '$CI_PIPELINE_TRIGGERED'
# For the branch or tag name named *-defconfigs, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
before_script:
- DEFCONFIG_NAME=${CI_JOB_NAME}
one-defconfig:
extends: .defconfig_base
only:
- /^.*-.*_defconfig$/
rules:
# For the branch or tag name named *-*_defconfigs, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
before_script:
- DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
@ -103,16 +108,19 @@ one-defconfig:
extends: .runtime_test_base
# Running the runtime tests for every push is too much, so limit to
# explicit triggers through the API.
only:
- triggers
- tags
- /-runtime-tests$/
rules:
# For tags, create a pipeline.
- if: '$CI_COMMIT_TAG'
# For pipeline created by using a trigger token.
- if: '$CI_PIPELINE_TRIGGERED'
# For the branch or tag name named *-runtime-tests, create a pipeline.
- if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
before_script:
- TEST_CASE_NAME=${CI_JOB_NAME}
one-runtime_test:
extends: .runtime_test_base
only:
- /^.*-tests\..*$/
rules:
- if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
before_script:
- TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')

91
buildroot/CHANGES
View File

@ -1,3 +1,94 @@
2020.02.7, released October 12th, 2020
Important / security related fixes.
meson: Correct SDK cross-compilation.conf file when
per-package builds were used to build SDK.
systemd: Use /run rather than /var/run for PID files in units.
Toolchain: use Secure-PLT rather than BSS-PLT for PowerPC 32.
support/script/pycompile: Rework logic to ensure .pyc files
contain absolute target paths, fixing code inspection at
runtime when executed with cwd != '/'.
support/scripts/setlocalversion: Correct Mercurial output to
match behaviour with Git.
support/scripts/apply-patches.sh: Use patch
--no-backup-if-mismatch, so we no longer blindly have to
remove *.orig files after patching, fixing issues with
packages containing such files.
Updated/fixed packages: bandwidthd, barebox, bash, bison,
brotli, cifs-utils, cryptsetup, dhcpcd, dhcpdump, docker-cli,
docker-engine, ecryptfs-utils, efl, fail2ban, freetype, gcc,
gdb, ghostscript, gnutls, go, gst1-plugins-base,
gst1-plugins-ugly, ipmitool, libhtp, libraw, libssh, libxml2,
libxml-parser-perl, localedef, lua, memcached, mesa3d, meson,
minidlna, nginx, nodejs, nss-pam-ldapd, openvmtools, php,
postgresql, python, python-aenum, python-autobahn,
python-engineio, python-fire, python-pymodbus, python-scapy,
python-semver, python-sentry-sdk, python-socketio,
python-texttable, python-tinyrpc, python-txtorcon, python3,
qt5base, runc, samba4, strace, supertux, suricata, systemd,
vlc, wayland-protocols, wireguard-linux-compat, wireshark,
xserver_xorg-server, zeromq, zstd
Issues resolved (http://bugs.uclibc.org):
#12911: usb_modeswitch installation race condition
#13251: cryptsetup does not work on branch 2020.02 following..
2020.02.6, released September 5th, 2020
Important / security related fixes.
Fix a 2020.02.5 build regression in busybox when systemd (and
not less) are enabled because of missing infrastructure.
Updated/fixed packages: alsa-utils, avahi, busybox, cups,
docker-cli, graphite2, imagemagick, libeXosip2, mbedtls,
nvidia-driver, paho-mqtt-c, python-django, systemd, uclibc,
usb_modeswitch, wolfssl
Issues resolved (http://bugs.uclibc.org):
#12911: usb_modeswitch installation race condition
2020.02.5, released August 29th, 2020
Important / security related fixes.
Infrastructure: Ensure RPATH entries that may be needed for
dlopen() are not dropped by patchelf.
BR_VERSION_FULL/setlocalversion (used by make print-version
and /etc/os-release): Properly handle local git tags
Updated/fixed packages: apache, at91bootstrap3, bind, boost,
busybox, capnproto, chrony, collectd, cpio, cryptsetup, cups,
cvs, dbus, docker-engine, domoticz, dovecot,
dovecot-pigeonhole, dropbear, efl, elixir, f2fs-tools, ffmpeg,
gd, gdk-pixbuf, ghostscript, glibc, grub2, gst1-plugins-bad,
hostapd, iputils, jasper, json-c, libcurl, libwebsockets,
linux, live555, mesa3d, mosquitto, mpv, nodejs, opencv,
opencv3, openjpeg, patchelf, perl, php, postgresql,
python-django, python-gunicorn, python-matplotlib, ripgrep,
rtl8188eu, rtl8821au, ruby, shadowsocks-libev, squid,
tpm2-abrmd, tpm2-tools, trousers, uacme, webkitgtk, wireshark,
wolfssl, wpa_supplicant, wpewebkit, xen, xlib_libX11,
xserver_xorg-server
Issues resolved (http://bugs.uclibc.org):
#12876: nodejs fails to build when host-icu has been built before
#13111: python-gunicorn: missing dependency on python-setuptools
#13121: wpa_supplicant fails to build without libopenssl enabled
#13141: Target-finalize fail with "depmod: ERROR: Bad version passed"
#13156: package live555 new license
2020.02.4, released July 26th, 2020
Important / security related fixes.

15
buildroot/DEVELOPERS
View File

@ -186,18 +186,25 @@ F: package/rauc/
N: Angelo Compagnucci <angelo.compagnucci@gmail.com>
F: package/corkscrew/
F: package/cups/
F: package/cups-filters/
F: package/fail2ban/
F: package/grep/
F: package/i2c-tools/
F: package/jq/
F: package/libb64/
F: package/mender/
F: package/mender-artifact/
F: package/mono/
F: package/mono-gtksharp3/
F: package/monolite/
F: package/openjpeg/
F: package/python-can/
F: package/python-pillow/
F: package/python-pydal/
F: package/python-spidev/
F: package/python-web2py/
F: package/sam-ba/
F: package/sshguard/
F: package/sunwait/
F: package/sysdig/
@ -211,6 +218,8 @@ N: Anthony Viallard <viallard@syscom-instruments.com>
F: package/gnuplot/
N: Antoine Ténart <antoine.tenart@bootlin.com>
F: package/libselinux/
F: package/refpolicy/
F: package/wf111/
N: Antony Pavlov <antonynpavlov@gmail.com>
@ -1035,6 +1044,7 @@ N: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
F: package/gnuradio/
F: package/gqrx/
F: package/gr-osmosdr/
F: package/librtlsdr/
F: package/libusbgx/
F: package/python-cheetah/
F: package/python-markdown/
@ -1713,9 +1723,6 @@ F: package/systemd-bootchart/
F: package/tinyalsa/
F: package/tinyxml/
N: Maxime Ripard <maxime.ripard@bootlin.com>
F: package/kmsxx/
N: Michael Durrant <mdurrant@arcturusnetworks.com>
F: board/arcturus/
F: configs/arcturus_ucp1020_defconfig
@ -1810,6 +1817,7 @@ F: package/tpm-tools/
F: package/trousers/
N: Norbert Lange <nolange79@gmail.com>
F: package/systemd/
F: package/tcf-agent/
N: Nylon Chen <nylon7@andestech.com>
@ -2135,6 +2143,7 @@ F: package/davfs2/
N: Ryan Barnett <ryan.barnett@rockwellcollins.com>
F: package/atftp/
F: package/c-periphery/
F: package/miraclecast/
F: package/python-pyasn/
F: package/python-pysnmp/

36
buildroot/Makefile
View File

@ -92,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2020.02.4
export BR2_VERSION := 2020.02.7
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1595750000
BR2_VERSION_EPOCH = 1602538000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@ -113,7 +113,13 @@ DATE := $(shell date +%Y%m%d)
# Compute the full local version string so packages can use it as-is
# Need to export it, so it can be got from environment in children (eg. mconf)
export BR2_VERSION_FULL := $(BR2_VERSION)$(shell $(TOPDIR)/support/scripts/setlocalversion)
BR2_LOCALVERSION := $(shell $(TOPDIR)/support/scripts/setlocalversion)
ifeq ($(BR2_LOCALVERSION),)
export BR2_VERSION_FULL := $(BR2_VERSION)
else
export BR2_VERSION_FULL := $(BR2_LOCALVERSION)
endif
# List of targets and target patterns for which .config doesn't need to be read in
noconfig_targets := menuconfig nconfig gconfig xconfig config oldconfig randconfig \
@ -793,9 +799,9 @@ endif
# counterparts are appropriately setup as symlinks ones to the others.
ifeq ($(BR2_ROOTFS_MERGED_USR),y)
@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
$(call MESSAGE,"Sanity check in overlay $(d)"); \
not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
@$(call MESSAGE,"Sanity check in overlay $(d)")$(sep) \
$(Q)not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
test -n "$$not_merged_dirs" && { \
echo "ERROR: The overlay in $(d) is not" \
"using a merged /usr for the following directories:" \
@ -805,20 +811,20 @@ ifeq ($(BR2_ROOTFS_MERGED_USR),y)
endif # merged /usr
@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
$(call MESSAGE,"Copying overlay $(d)"); \
$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))
$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
@$(call MESSAGE,"Copying overlay $(d)")$(sep) \
$(Q)$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))
$(if $(TARGET_DIR_FILES_LISTS), \
$(Q)$(if $(TARGET_DIR_FILES_LISTS), \
cat $(TARGET_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list.txt
$(if $(HOST_DIR_FILES_LISTS), \
$(Q)$(if $(HOST_DIR_FILES_LISTS), \
cat $(HOST_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-host.txt
$(if $(STAGING_DIR_FILES_LISTS), \
$(Q)$(if $(STAGING_DIR_FILES_LISTS), \
cat $(STAGING_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-staging.txt
@$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
$(call MESSAGE,"Executing post-build script $(s)"); \
$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))
$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
@$(call MESSAGE,"Executing post-build script $(s)")$(sep) \
$(Q)$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))
touch $(TARGET_DIR)/usr

2
buildroot/boot/at91bootstrap3/Config.in
View File

@ -1,6 +1,6 @@
config BR2_TARGET_AT91BOOTSTRAP3
bool "AT91 Bootstrap 3"
depends on BR2_arm926t || BR2_cortex_a5
depends on BR2_arm926t || BR2_cortex_a5 || BR2_cortex_a7
help
AT91Bootstrap is a first level bootloader for the Atmel AT91
devices. It integrates algorithms for:

26
buildroot/boot/barebox/barebox.mk
View File

@ -88,13 +88,6 @@ $(1)_KCONFIG_DEPENDENCIES = \
$(BR2_BISON_HOST_DEPENDENCY) \
$(BR2_FLEX_HOST_DEPENDENCY)
ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
define $(1)_BUILD_BAREBOXENV_CMDS
$$(TARGET_CC) $$(TARGET_CFLAGS) $$(TARGET_LDFLAGS) -o $$(@D)/bareboxenv \
$$(@D)/scripts/bareboxenv.c
endef
endif
ifeq ($$(BR2_TARGET_$(1)_CUSTOM_ENV),y)
$(1)_ENV_NAME = $$(notdir $$(call qstrip,\
$$(BR2_TARGET_$(1)_CUSTOM_ENV_PATH)))
@ -109,12 +102,23 @@ endef
endif
ifneq ($$($(1)_CUSTOM_EMBEDDED_ENV_PATH),)
define $(1)_KCONFIG_FIXUP_CMDS
$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT,$$(@D)/.config)
$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)",$$(@D)/.config)
define $(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH
$$(call KCONFIG_ENABLE_OPT,CONFIG_DEFAULT_ENVIRONMENT)
$$(call KCONFIG_SET_OPT,CONFIG_DEFAULT_ENVIRONMENT_PATH,"$$($(1)_CUSTOM_EMBEDDED_ENV_PATH)")
endef
endif
define $(1)_KCONFIG_FIXUP_BAREBOXENV
$$(if $$(BR2_TARGET_$(1)_BAREBOXENV),\
$$(call KCONFIG_ENABLE_OPT,CONFIG_BAREBOXENV_TARGET),\
$$(call KCONFIG_DISABLE_OPT,CONFIG_BAREBOXENV_TARGET))
endef
define $(1)_KCONFIG_FIXUP_CMDS
$$($(1)_KCONFIG_FIXUP_CUSTOM_EMBEDDED_ENV_PATH)
$$($(1)_KCONFIG_FIXUP_BAREBOXENV)
endef
define $(1)_BUILD_CMDS
$$($(1)_BUILD_BAREBOXENV_CMDS)
$$(TARGET_MAKE_ENV) $$(MAKE) $$($(1)_MAKE_FLAGS) -C $$(@D)
@ -136,7 +140,7 @@ endef
ifeq ($$(BR2_TARGET_$(1)_BAREBOXENV),y)
define $(1)_INSTALL_TARGET_CMDS
cp $$(@D)/bareboxenv $$(TARGET_DIR)/usr/bin
cp $$(@D)/scripts/bareboxenv-target $$(TARGET_DIR)/usr/bin/bareboxenv
endef
endif

73
buildroot/boot/grub2/0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch Normal file
View File

@ -0,0 +1,73 @@
From a7ab0cc98fa89a3d5098c29cbe44bcd24b0a6454 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 15 Apr 2020 15:45:02 -0400
Subject: [PATCH] yylex: Make lexer fatal errors actually be fatal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When presented with a command that can't be tokenized to anything
smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
expecting that will stop further processing, as such:
#define YY_DO_BEFORE_ACTION \
yyg->yytext_ptr = yy_bp; \
yyleng = (int) (yy_cp - yy_bp); \
yyg->yy_hold_char = *yy_cp; \
*yy_cp = '\0'; \
if ( yyleng >= YYLMAX ) \
YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
yyg->yy_c_buf_p = yy_cp;
The code flex generates expects that YY_FATAL_ERROR() will either return
for it or do some form of longjmp(), or handle the error in some way at
least, and so the strncpy() call isn't in an "else" clause, and thus if
YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
questionable limit, and predictable results ensue.
Unfortunately, our implementation of YY_FATAL_ERROR() is:
#define YY_FATAL_ERROR(msg) \
do { \
grub_printf (_("fatal error: %s\n"), _(msg)); \
} while (0)
The same pattern exists in yyless(), and similar problems exist in users
of YY_INPUT(), several places in the main parsing loop,
yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
yy_scan_buffer(), etc.
All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
the things they do if it returns after calling it are wildly unsafe.
Fixes: CVE-2020-10713
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/script/yylex.l | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
index 7b44c37b7..b7203c823 100644
--- a/grub-core/script/yylex.l
+++ b/grub-core/script/yylex.l
@@ -37,11 +37,11 @@
/*
* As we don't have access to yyscanner, we cannot do much except to
- * print the fatal error.
+ * print the fatal error and exit.
*/
#define YY_FATAL_ERROR(msg) \
do { \
- grub_printf (_("fatal error: %s\n"), _(msg)); \
+ grub_fatal (_("fatal error: %s\n"), _(msg));\
} while (0)
#define COPY(str, hint) \
--
2.26.2

128
buildroot/boot/grub2/0003-safemath-Add-some-arithmetic-primitives-that-check-f.patch Normal file
View File

@ -0,0 +1,128 @@
From 782a4580a5e347793443aa8e9152db1bf4a0fff8 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 15 Jun 2020 10:58:42 -0400
Subject: [PATCH] safemath: Add some arithmetic primitives that check for
overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This adds a new header, include/grub/safemath.h, that includes easy to
use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
bool OP(a, b, res)
where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
case where the operation would overflow and res is not modified.
Otherwise, false is returned and the operation is executed.
These arithmetic primitives require newer compiler versions. So, bump
these requirements in the INSTALL file too.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
INSTALL | 22 ++--------------------
include/grub/compiler.h | 8 ++++++++
include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
3 files changed, 47 insertions(+), 20 deletions(-)
create mode 100644 include/grub/safemath.h
diff --git a/INSTALL b/INSTALL
index 8acb40902..dcb9b7d7b 100644
--- a/INSTALL
+++ b/INSTALL
@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
you don't have any of them, please obtain and install them before
configuring the GRUB.
-* GCC 4.1.3 or later
- Note: older versions may work but support is limited
-
- Experimental support for clang 3.3 or later (results in much bigger binaries)
+* GCC 5.1.0 or later
+ Experimental support for clang 3.8.0 or later (results in much bigger binaries)
for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
- Note: clang 3.2 or later works for i386 and x86_64 targets but results in
- much bigger binaries.
- earlier versions not tested
- Note: clang 3.2 or later works for arm
- earlier versions not tested
- Note: clang on arm64 is not supported due to
- https://llvm.org/bugs/show_bug.cgi?id=26030
- Note: clang 3.3 or later works for mips(el)
- earlier versions fail to generate .reginfo and hence gprel relocations
- fail.
- Note: clang 3.2 or later works for powerpc
- earlier versions not tested
- Note: clang 3.5 or later works for sparc64
- earlier versions return "error: unable to interface with target machine"
- Note: clang has no support for ia64 and hence you can't compile GRUB
- for ia64 with clang
* GNU Make
* GNU Bison 2.3 or later
* GNU gettext 0.17 or later
diff --git a/include/grub/compiler.h b/include/grub/compiler.h
index c9e1d7a73..8f3be3ae7 100644
--- a/include/grub/compiler.h
+++ b/include/grub/compiler.h
@@ -48,4 +48,12 @@
# define WARN_UNUSED_RESULT
#endif
+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
+# define CLANG_PREREQ(maj,min) \
+ ((__clang_major__ > (maj)) || \
+ (__clang_major__ == (maj) && __clang_minor__ >= (min)))
+#else
+# define CLANG_PREREQ(maj,min) 0
+#endif
+
#endif /* ! GRUB_COMPILER_HEADER */
diff --git a/include/grub/safemath.h b/include/grub/safemath.h
new file mode 100644
index 000000000..c17b89bba
--- /dev/null
+++ b/include/grub/safemath.h
@@ -0,0 +1,37 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2020 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * Arithmetic operations that protect against overflow.
+ */
+
+#ifndef GRUB_SAFEMATH_H
+#define GRUB_SAFEMATH_H 1
+
+#include <grub/compiler.h>
+
+/* These appear in gcc 5.1 and clang 3.8. */
+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
+
+#define grub_add(a, b, res) __builtin_add_overflow(a, b, res)
+#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
+#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
+
+#else
+#error gcc 5.1 or newer or clang 3.8 or newer is required
+#endif
+
+#endif /* GRUB_SAFEMATH_H */
--
2.26.2

246
buildroot/boot/grub2/0004-calloc-Make-sure-we-always-have-an-overflow-checking.patch Normal file
View File

@ -0,0 +1,246 @@
From 5775eb40862b67468ced816e6d7560dbe22a3670 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 15 Jun 2020 12:15:29 -0400
Subject: [PATCH] calloc: Make sure we always have an overflow-checking
calloc() available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This tries to make sure that everywhere in this source tree, we always have
an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
available, and that they all safely check for overflow and return NULL when
it would occur.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/kern/emu/misc.c | 12 +++++++++
grub-core/kern/emu/mm.c | 10 ++++++++
grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++
grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++--
grub-core/lib/posix_wrap/stdlib.h | 8 +++++-
include/grub/emu/misc.h | 1 +
include/grub/mm.h | 6 +++++
7 files changed, 85 insertions(+), 3 deletions(-)
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
index 65db79baa..dfd8a8ec4 100644
--- a/grub-core/kern/emu/misc.c
+++ b/grub-core/kern/emu/misc.c
@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
exit (1);
}
+void *
+xcalloc (grub_size_t nmemb, grub_size_t size)
+{
+ void *p;
+
+ p = calloc (nmemb, size);
+ if (!p)
+ grub_util_error ("%s", _("out of memory"));
+
+ return p;
+}
+
void *
xmalloc (grub_size_t size)
{
diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
index f262e95e3..145b01d37 100644
--- a/grub-core/kern/emu/mm.c
+++ b/grub-core/kern/emu/mm.c
@@ -25,6 +25,16 @@
#include <string.h>
#include <grub/i18n.h>
+void *
+grub_calloc (grub_size_t nmemb, grub_size_t size)
+{
+ void *ret;
+ ret = calloc (nmemb, size);
+ if (!ret)
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
+ return ret;
+}
+
void *
grub_malloc (grub_size_t size)
{
diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
index ee88ff611..f2822a836 100644
--- a/grub-core/kern/mm.c
+++ b/grub-core/kern/mm.c
@@ -67,8 +67,10 @@
#include <grub/dl.h>
#include <grub/i18n.h>
#include <grub/mm_private.h>
+#include <grub/safemath.h>
#ifdef MM_DEBUG
+# undef grub_calloc
# undef grub_malloc
# undef grub_zalloc
# undef grub_realloc
@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
return 0;
}
+/*
+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
+ * integer overflow.
+ */
+void *
+grub_calloc (grub_size_t nmemb, grub_size_t size)
+{
+ void *ret;
+ grub_size_t sz = 0;
+
+ if (grub_mul (nmemb, size, &sz))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ return NULL;
+ }
+
+ ret = grub_memalign (0, sz);
+ if (!ret)
+ return NULL;
+
+ grub_memset (ret, 0, sz);
+ return ret;
+}
+
/* Allocate SIZE bytes and return the pointer. */
void *
grub_malloc (grub_size_t size)
@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
grub_printf ("\n");
}
+void *
+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
+{
+ void *ptr;
+
+ if (grub_mm_debug)
+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
+ file, line, size);
+ ptr = grub_calloc (nmemb, size);
+ if (grub_mm_debug)
+ grub_printf ("%p\n", ptr);
+ return ptr;
+}
+
void *
grub_debug_malloc (const char *file, int line, grub_size_t size)
{
diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
index beeb661a3..74c6eafe5 100644
--- a/grub-core/lib/libgcrypt_wrap/mem.c
+++ b/grub-core/lib/libgcrypt_wrap/mem.c
@@ -4,6 +4,7 @@
#include <grub/crypto.h>
#include <grub/dl.h>
#include <grub/env.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -36,7 +37,10 @@ void *
gcry_xcalloc (size_t n, size_t m)
{
void *ret;
- ret = grub_zalloc (n * m);
+ size_t sz;
+ if (grub_mul (n, m, &sz))
+ grub_fatal ("gcry_xcalloc would overflow");
+ ret = grub_zalloc (sz);
if (!ret)
grub_fatal ("gcry_xcalloc failed");
return ret;
@@ -56,7 +60,10 @@ void *
gcry_xcalloc_secure (size_t n, size_t m)
{
void *ret;
- ret = grub_zalloc (n * m);
+ size_t sz;
+ if (grub_mul (n, m, &sz))
+ grub_fatal ("gcry_xcalloc would overflow");
+ ret = grub_zalloc (sz);
if (!ret)
grub_fatal ("gcry_xcalloc failed");
return ret;
diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
index 3b46f47ff..7a8d385e9 100644
--- a/grub-core/lib/posix_wrap/stdlib.h
+++ b/grub-core/lib/posix_wrap/stdlib.h
@@ -21,6 +21,7 @@
#include <grub/mm.h>
#include <grub/misc.h>
+#include <grub/safemath.h>
static inline void
free (void *ptr)
@@ -37,7 +38,12 @@ malloc (grub_size_t size)
static inline void *
calloc (grub_size_t size, grub_size_t nelem)
{
- return grub_zalloc (size * nelem);
+ grub_size_t sz;
+
+ if (grub_mul (size, nelem, &sz))
+ return NULL;
+
+ return grub_zalloc (sz);
}
static inline void *
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
index ce464cfd0..ff9c48a64 100644
--- a/include/grub/emu/misc.h
+++ b/include/grub/emu/misc.h
@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
#define GRUB_HOST_PRIuLONG_LONG "llu"
#define GRUB_HOST_PRIxLONG_LONG "llx"
+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
diff --git a/include/grub/mm.h b/include/grub/mm.h
index 28e2e53eb..9c38dd3ca 100644
--- a/include/grub/mm.h
+++ b/include/grub/mm.h
@@ -29,6 +29,7 @@
#endif
void grub_mm_init_region (void *addr, grub_size_t size);
+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
void EXPORT_FUNC(grub_free) (void *ptr);
@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
void grub_mm_dump_free (void);
void grub_mm_dump (unsigned lineno);
+#define grub_calloc(nmemb, size) \
+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
+
#define grub_malloc(size) \
grub_debug_malloc (GRUB_FILE, __LINE__, size)
@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
#define grub_free(ptr) \
grub_debug_free (GRUB_FILE, __LINE__, ptr)
+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
+ grub_size_t nmemb, grub_size_t size);
void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
grub_size_t size);
void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
--
2.26.2

1840
buildroot/boot/grub2/0005-calloc-Use-calloc-at-most-places.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1326
buildroot/boot/grub2/0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch Normal file
View File

File diff suppressed because it is too large Load Diff

72
buildroot/boot/grub2/0007-iso9660-Don-t-leak-memory-on-realloc-failures.patch Normal file
View File

@ -0,0 +1,72 @@
From e0dd17a3ce79c6622dc78c96e1f2ef1b20e2bf7b Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sat, 4 Jul 2020 12:25:09 -0400
Subject: [PATCH] iso9660: Don't leak memory on realloc() failures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/fs/iso9660.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
index 7ba5b300b..5ec4433b8 100644
--- a/grub-core/fs/iso9660.c
+++ b/grub-core/fs/iso9660.c
@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx,
{
int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
grub_size_t sz;
+ char *new;
if (grub_add (size, len2, &sz) ||
grub_add (sz, 1, &sz))
return;
- ctx->symlink = grub_realloc (ctx->symlink, sz);
- if (! ctx->symlink)
- return;
+ new = grub_realloc (ctx->symlink, sz);
+ if (!new)
+ {
+ grub_free (ctx->symlink);
+ ctx->symlink = NULL;
+ return;
+ }
+ ctx->symlink = new;
grub_memcpy (ctx->symlink + size, part, len2);
ctx->symlink[size + len2] = 0;
@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
is the length. Both are part of the `Component
Record'. */
if (ctx->symlink && !ctx->was_continue)
- add_part (ctx, "/", 1);
+ {
+ add_part (ctx, "/", 1);
+ if (grub_errno)
+ return grub_errno;
+ }
+
add_part (ctx, (char *) &entry->data[pos + 2],
entry->data[pos + 1]);
ctx->was_continue = (entry->data[pos] & 1);
@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
add_part (ctx, "/", 1);
break;
}
+
+ /* Check if grub_realloc() failed in add_part(). */
+ if (grub_errno)
+ return grub_errno;
+
/* In pos + 1 the length of the `Component Record' is
stored. */
pos += entry->data[pos + 1] + 2;
--
2.26.2

41
buildroot/boot/grub2/0008-font-Do-not-load-more-than-one-NAME-section.patch Normal file
View File

@ -0,0 +1,41 @@
From 73bc7a964c9496d5b0f00dbd69959dacf5adcebe Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Tue, 7 Jul 2020 15:36:26 +0200
Subject: [PATCH] font: Do not load more than one NAME section
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The GRUB font file can have one NAME section only. Though if somebody
crafts a broken font file with many NAME sections and loads it then the
GRUB leaks memory. So, prevent against that by loading first NAME
section and failing in controlled way on following one.
Reported-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/font/font.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 5edb477ac..d09bb38d8 100644
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -532,6 +532,12 @@ grub_font_load (const char *filename)
if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME,
sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0)
{
+ if (font->name != NULL)
+ {
+ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections");
+ goto fail;
+ }
+
font->name = read_section_as_string (&section);
if (!font->name)
goto fail;
--
2.26.2

39
buildroot/boot/grub2/0009-gfxmenu-Fix-double-free-in-load_image.patch Normal file
View File

@ -0,0 +1,39 @@
From 9ff609f0e7798bc5fb04f791131c98e7693bdd9b Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Wed, 8 Jul 2020 20:41:56 +0000
Subject: [PATCH] gfxmenu: Fix double free in load_image()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
self->bitmap should be zeroed after free. Otherwise, there is a chance
to double free (USE_AFTER_FREE) it later in rescale_image().
Fixes: CID 292472
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/gfxmenu/gui_image.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
index 29784ed2d..6b2e976f1 100644
--- a/grub-core/gfxmenu/gui_image.c
+++ b/grub-core/gfxmenu/gui_image.c
@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
return grub_errno;
if (self->bitmap && (self->bitmap != self->raw_bitmap))
- grub_video_bitmap_destroy (self->bitmap);
+ {
+ grub_video_bitmap_destroy (self->bitmap);
+ self->bitmap = 0;
+ }
if (self->raw_bitmap)
grub_video_bitmap_destroy (self->raw_bitmap);
--
2.26.2

58
buildroot/boot/grub2/0010-xnu-Fix-double-free-in-grub_xnu_devprop_add_property.patch Normal file
View File

@ -0,0 +1,58 @@
From dc9777dc17697b196c415c53187a55861d41fd2a Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Wed, 8 Jul 2020 21:30:43 +0000
Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
allocated and freed in the caller.
Minor improvement: do prop fields initialization after memory allocations.
Fixes: CID 292442, CID 292457, CID 292460, CID 292466
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/i386/xnu.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
index b7d176b5d..e9e119259 100644
--- a/grub-core/loader/i386/xnu.c
+++ b/grub-core/loader/i386/xnu.c
@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
if (!prop)
return grub_errno;
- prop->name = utf8;
- prop->name16 = utf16;
- prop->name16len = utf16len;
-
- prop->length = datalen;
- prop->data = grub_malloc (prop->length);
+ prop->data = grub_malloc (datalen);
if (!prop->data)
{
- grub_free (prop->name);
- grub_free (prop->name16);
grub_free (prop);
return grub_errno;
}
- grub_memcpy (prop->data, data, prop->length);
+ grub_memcpy (prop->data, data, datalen);
+
+ prop->name = utf8;
+ prop->name16 = utf16;
+ prop->name16len = utf16len;
+ prop->length = datalen;
+
grub_list_push (GRUB_AS_LIST_P (&dev->properties),
GRUB_AS_LIST (prop));
return GRUB_ERR_NONE;
--
2.26.2

55
buildroot/boot/grub2/0011-lzma-Make-sure-we-don-t-dereference-past-array.patch Normal file
View File

@ -0,0 +1,55 @@
From 78829f0c230680e386fff9f420bb1631bc20f761 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Thu, 9 Jul 2020 03:05:23 +0000
Subject: [PATCH] lzma: Make sure we don't dereference past array
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The two dimensional array p->posSlotEncoder[4][64] is being dereferenced
using the GetLenToPosState() macro which checks if len is less than 5,
and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294.
Obviously we don't want to dereference that far out so we check if the
position found is greater or equal kNumLenToPosStates (4) and bail out.
N.B.: Upstream LZMA 18.05 and later has this function completely rewritten
without any history.
Fixes: CID 51526
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/lib/LzmaEnc.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
index f2ec04a8c..753e56a95 100644
--- a/grub-core/lib/LzmaEnc.c
+++ b/grub-core/lib/LzmaEnc.c
@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize
}
else
{
- UInt32 posSlot;
+ UInt32 posSlot, lenToPosState;
RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
p->state = kMatchNextStates[p->state];
LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
pos -= LZMA_NUM_REPS;
GetPosSlot(pos, posSlot);
- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot);
+ lenToPosState = GetLenToPosState(len);
+ if (lenToPosState >= kNumLenToPosStates)
+ {
+ p->result = SZ_ERROR_DATA;
+ return CheckErrors(p);
+ }
+ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot);
if (posSlot >= kStartPosModelIndex)
{
--
2.26.2

69
buildroot/boot/grub2/0012-term-Fix-overflow-on-user-inputs.patch Normal file
View File

@ -0,0 +1,69 @@
From 8d3b6f9da468f666e3a7976657f2ab5c52762a21 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Tue, 7 Jul 2020 15:12:25 -0400
Subject: [PATCH] term: Fix overflow on user inputs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This requires a very weird input from the serial interface but can cause
an overflow in input_buf (keys) overwriting the next variable (npending)
with the user choice:
(pahole output)
struct grub_terminfo_input_state {
int input_buf[6]; /* 0 24 */
int npending; /* 24 4 */ <- CORRUPT
...snip...
The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow
npending with "q" (aka increase npending to 161). The simplest fix is to
just to disallow overwrites input_buf, which exactly what this patch does.
Fixes: CID 292449
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/term/terminfo.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
index d317efa36..5fa94c0c3 100644
--- a/grub-core/term/terminfo.c
+++ b/grub-core/term/terminfo.c
@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term)
}
static void
-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
+grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len,
int (*readkey) (struct grub_term_input *term))
{
int c;
@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
if (c == -1) \
return; \
\
+ if (*len >= max_len) \
+ return; \
+ \
keys[*len] = c; \
(*len)++; \
}
@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi)
return ret;
}
- grub_terminfo_readkey (termi, data->input_buf,
- &data->npending, data->readkey);
+ grub_terminfo_readkey (termi, data->input_buf, &data->npending,
+ GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey);
#if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275)
if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC
--
2.26.2

59
buildroot/boot/grub2/0013-udf-Fix-memory-leak.patch Normal file
View File

@ -0,0 +1,59 @@
From 748b691761d31bfff7e9d0d210caa606294c2b52 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Tue, 7 Jul 2020 22:02:31 -0400
Subject: [PATCH] udf: Fix memory leak
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: CID 73796
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/fs/udf.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
index 21ac7f446..2ac5c1d00 100644
--- a/grub-core/fs/udf.c
+++ b/grub-core/fs/udf.c
@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
return 0;
if (grub_udf_read_icb (dir->data, &dirent.icb, child))
- return 0;
-
+ {
+ grub_free (child);
+ return 0;
+ }
if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT)
{
/* This is the parent directory. */
@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
dirent.file_ident_length,
(char *) raw))
!= dirent.file_ident_length)
- return 0;
+ {
+ grub_free (child);
+ return 0;
+ }
filename = read_string (raw, dirent.file_ident_length, 0);
if (!filename)
- grub_print_error ();
+ {
+ /* As the hook won't get called. */
+ grub_free (child);
+ grub_print_error ();
+ }
if (filename && hook (filename, type, child, hook_data))
{
--
2.26.2

38
buildroot/boot/grub2/0014-multiboot2-Fix-memory-leak-if-grub_create_loader_cmd.patch Normal file
View File

@ -0,0 +1,38 @@
From 49bf3faa106498e151306fc780c63194a14751e3 Mon Sep 17 00:00:00 2001
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Date: Fri, 26 Jun 2020 10:51:43 -0400
Subject: [PATCH] multiboot2: Fix memory leak if
grub_create_loader_cmdline() fails
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes: CID 292468
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/multiboot_mbi2.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index 53da78615..0efc66062 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -1070,7 +1070,11 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE);
if (err)
- return err;
+ {
+ grub_free (newmod->cmdline);
+ grub_free (newmod);
+ return err;
+ }
if (modules_last)
modules_last->next = newmod;
--
2.26.2

283
buildroot/boot/grub2/0015-tftp-Do-not-use-priority-queue.patch Normal file
View File

@ -0,0 +1,283 @@
From b6c4a1b204740fe52b32e7f530831a59f4038e20 Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Thu, 9 Jul 2020 08:10:40 +0000
Subject: [PATCH] tftp: Do not use priority queue
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There is not need to reassemble the order of blocks. Per RFC 1350,
server must wait for the ACK, before sending next block. Data packets
can be served immediately without putting them to priority queue.
Logic to handle incoming packet is this:
- if packet block id equal to expected block id, then
process the packet,
- if packet block id is less than expected - this is retransmit
of old packet, then ACK it and drop the packet,
- if packet block id is more than expected - that shouldn't
happen, just drop the packet.
It makes the tftp receive path code simpler, smaller and faster.
As a benefit, this change fixes CID# 73624 and CID# 96690, caused
by following while loop:
while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
where tftph pointer is not moving from one iteration to another, causing
to serve same packet again. Luckily, double serving didn't happen due to
data->block++ during the first iteration.
Fixes: CID 73624, CID 96690
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/net/tftp.c | 168 ++++++++++++++-----------------------------
1 file changed, 53 insertions(+), 115 deletions(-)
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
index 7d90bf66e..b4297bc8d 100644
--- a/grub-core/net/tftp.c
+++ b/grub-core/net/tftp.c
@@ -25,7 +25,6 @@
#include <grub/mm.h>
#include <grub/dl.h>
#include <grub/file.h>
-#include <grub/priority_queue.h>
#include <grub/i18n.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -106,31 +105,8 @@ typedef struct tftp_data
int have_oack;
struct grub_error_saved save_err;
grub_net_udp_socket_t sock;
- grub_priority_queue_t pq;
} *tftp_data_t;
-static int
-cmp_block (grub_uint16_t a, grub_uint16_t b)
-{
- grub_int16_t i = (grub_int16_t) (a - b);
- if (i > 0)
- return +1;
- if (i < 0)
- return -1;
- return 0;
-}
-
-static int
-cmp (const void *a__, const void *b__)
-{
- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__;
- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__;
- struct tftphdr *a = (struct tftphdr *) a_->data;
- struct tftphdr *b = (struct tftphdr *) b_->data;
- /* We want the first elements to be on top. */
- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block));
-}
-
static grub_err_t
ack (tftp_data_t data, grub_uint64_t block)
{
@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
return GRUB_ERR_NONE;
}
- err = grub_priority_queue_push (data->pq, &nb);
- if (err)
- return err;
-
- {
- struct grub_net_buff **nb_top_p, *nb_top;
- while (1)
- {
- nb_top_p = grub_priority_queue_top (data->pq);
- if (!nb_top_p)
- return GRUB_ERR_NONE;
- nb_top = *nb_top_p;
- tftph = (struct tftphdr *) nb_top->data;
- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0)
- break;
- ack (data, grub_be_to_cpu16 (tftph->u.data.block));
- grub_netbuff_free (nb_top);
- grub_priority_queue_pop (data->pq);
- }
- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
- {
- unsigned size;
-
- grub_priority_queue_pop (data->pq);
-
- if (file->device->net->packs.count < 50)
+ /* Ack old/retransmitted block. */
+ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
+ ack (data, grub_be_to_cpu16 (tftph->u.data.block));
+ /* Ignore unexpected block. */
+ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
+ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block);
+ else
+ {
+ unsigned size;
+
+ if (file->device->net->packs.count < 50)
+ {
err = ack (data, data->block + 1);
- else
- {
- file->device->net->stall = 1;
- err = 0;
- }
- if (err)
- return err;
-
- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) +
- sizeof (tftph->u.data.block));
- if (err)
- return err;
- size = nb_top->tail - nb_top->data;
-
- data->block++;
- if (size < data->block_size)
- {
- if (data->ack_sent < data->block)
- ack (data, data->block);
- file->device->net->eof = 1;
- file->device->net->stall = 1;
- grub_net_udp_close (data->sock);
- data->sock = NULL;
- }
- /* Prevent garbage in broken cards. Is it still necessary
- given that IP implementation has been fixed?
- */
- if (size > data->block_size)
- {
- err = grub_netbuff_unput (nb_top, size - data->block_size);
- if (err)
- return err;
- }
- /* If there is data, puts packet in socket list. */
- if ((nb_top->tail - nb_top->data) > 0)
- grub_net_put_packet (&file->device->net->packs, nb_top);
- else
- grub_netbuff_free (nb_top);
- }
- }
+ if (err)
+ return err;
+ }
+ else
+ file->device->net->stall = 1;
+
+ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) +
+ sizeof (tftph->u.data.block));
+ if (err)
+ return err;
+ size = nb->tail - nb->data;
+
+ data->block++;
+ if (size < data->block_size)
+ {
+ if (data->ack_sent < data->block)
+ ack (data, data->block);
+ file->device->net->eof = 1;
+ file->device->net->stall = 1;
+ grub_net_udp_close (data->sock);
+ data->sock = NULL;
+ }
+ /*
+ * Prevent garbage in broken cards. Is it still necessary
+ * given that IP implementation has been fixed?
+ */
+ if (size > data->block_size)
+ {
+ err = grub_netbuff_unput (nb, size - data->block_size);
+ if (err)
+ return err;
+ }
+ /* If there is data, puts packet in socket list. */
+ if ((nb->tail - nb->data) > 0)
+ {
+ grub_net_put_packet (&file->device->net->packs, nb);
+ /* Do not free nb. */
+ return GRUB_ERR_NONE;
+ }
+ }
+ grub_netbuff_free (nb);
return GRUB_ERR_NONE;
case TFTP_ERROR:
data->have_oack = 1;
@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
}
}
-static void
-destroy_pq (tftp_data_t data)
-{
- struct grub_net_buff **nb_p;
- while ((nb_p = grub_priority_queue_top (data->pq)))
- {
- grub_netbuff_free (*nb_p);
- grub_priority_queue_pop (data->pq);
- }
-
- grub_priority_queue_destroy (data->pq);
-}
-
static grub_err_t
tftp_open (struct grub_file *file, const char *filename)
{
@@ -372,17 +322,9 @@ tftp_open (struct grub_file *file, const char *filename)
file->not_easily_seekable = 1;
file->data = data;
- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
- if (!data->pq)
- {
- grub_free (data);
- return grub_errno;
- }
-
err = grub_net_resolve_address (file->device->net->server, &addr);
if (err)
{
- destroy_pq (data);
grub_free (data);
return err;
}
@@ -392,7 +334,6 @@ tftp_open (struct grub_file *file, const char *filename)
file);
if (!data->sock)
{
- destroy_pq (data);
grub_free (data);
return grub_errno;
}
@@ -406,7 +347,6 @@ tftp_open (struct grub_file *file, const char *filename)
if (err)
{
grub_net_udp_close (data->sock);
- destroy_pq (data);
grub_free (data);
return err;
}
@@ -423,7 +363,6 @@ tftp_open (struct grub_file *file, const char *filename)
if (grub_errno)
{
grub_net_udp_close (data->sock);
- destroy_pq (data);
grub_free (data);
return grub_errno;
}
@@ -466,7 +405,6 @@ tftp_close (struct grub_file *file)
grub_print_error ();
grub_net_udp_close (data->sock);
}
- destroy_pq (data);
grub_free (data);
return GRUB_ERR_NONE;
}
--
2.26.2

153
buildroot/boot/grub2/0016-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch Normal file
View File

@ -0,0 +1,153 @@
From 1c7b619c84f229c1602c1958bcd054b6d9937562 Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Wed, 15 Jul 2020 06:42:37 +0000
Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_addr()
input args against integer underflow/overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Use arithmetic macros from safemath.h to accomplish it. In this commit,
I didn't want to be too paranoid to check every possible math equation
for overflow/underflow. Only obvious places (with non zero chance of
overflow/underflow) were refactored.
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/i386/linux.c | 9 +++++++--
grub-core/loader/i386/pc/linux.c | 9 +++++++--
grub-core/loader/i386/xen.c | 12 ++++++++++--
grub-core/loader/xnu.c | 11 +++++++----
4 files changed, 31 insertions(+), 10 deletions(-)
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index d0501e229..02a73463a 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -36,6 +36,7 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/machine/kernel.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -547,9 +548,13 @@ grub_linux_boot (void)
{
grub_relocator_chunk_t ch;
+ grub_size_t sz;
+
+ if (grub_add (ctx.real_size, efi_mmap_size, &sz))
+ return GRUB_ERR_OUT_OF_RANGE;
+
err = grub_relocator_alloc_chunk_addr (relocator, &ch,
- ctx.real_mode_target,
- (ctx.real_size + efi_mmap_size));
+ ctx.real_mode_target, sz);
if (err)
return err;
real_mode_mem = get_virtual_current_address (ch);
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 47ea2945e..31f09922b 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -35,6 +35,7 @@
#include <grub/i386/floppy.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -218,8 +219,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS;
real_size = setup_sects << GRUB_DISK_SECTOR_BITS;
- grub_linux16_prot_size = grub_file_size (file)
- - real_size - GRUB_DISK_SECTOR_SIZE;
+ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) ||
+ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ goto fail;
+ }
if (! grub_linux_is_bzimage
&& GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size
diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
index 8f662c8ac..cd24874ca 100644
--- a/grub-core/loader/i386/xen.c
+++ b/grub-core/loader/i386/xen.c
@@ -41,6 +41,7 @@
#include <grub/linux.h>
#include <grub/i386/memory.h>
#include <grub/verify.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
grub_relocator_chunk_t ch;
grub_addr_t kern_start;
grub_addr_t kern_end;
+ grub_size_t sz;
if (argc == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
@@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE);
- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start,
- kern_end - kern_start);
+
+ if (grub_sub (kern_end, kern_start, &sz))
+ {
+ err = GRUB_ERR_OUT_OF_RANGE;
+ goto fail;
+ }
+
+ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz);
if (err)
goto fail;
kern_chunk_src = get_virtual_current_address (ch);
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index 77d7060e1..9ae4ceb35 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -34,6 +34,7 @@
#include <grub/env.h>
#include <grub/i18n.h>
#include <grub/verify.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target)
{
grub_err_t err;
grub_relocator_chunk_t ch;
+ grub_addr_t tgt;
+
+ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt))
+ return GRUB_ERR_OUT_OF_RANGE;
- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch,
- grub_xnu_heap_target_start
- + grub_xnu_heap_size, size);
+ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size);
if (err)
return err;
*src = get_virtual_current_address (ch);
- *target = grub_xnu_heap_target_start + grub_xnu_heap_size;
+ *target = tgt;
grub_xnu_heap_size += size;
grub_dprintf ("xnu", "val=%p\n", *src);
return GRUB_ERR_NONE;
--
2.26.2

341
buildroot/boot/grub2/0017-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch Normal file
View File

@ -0,0 +1,341 @@
From 0cfbbca3ccd84d36ffb1bcd6644ada7c73b19fc0 Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Wed, 8 Jul 2020 01:44:38 +0000
Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_align()
max_addr against integer underflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This commit introduces integer underflow mitigation in max_addr calculation
in grub_relocator_alloc_chunk_align() invocation.
It consists of 2 fixes:
1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
sanity check for min/max and size values, and to make safe invocation of
grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
address (0xffffffff - size + 1) or similar.
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/lib/i386/relocator.c | 28 ++++++++++----------------
grub-core/lib/mips/relocator.c | 6 ++----
grub-core/lib/powerpc/relocator.c | 6 ++----
grub-core/lib/x86_64/efi/relocator.c | 7 +++----
grub-core/loader/i386/linux.c | 5 ++---
grub-core/loader/i386/multiboot_mbi.c | 7 +++----
grub-core/loader/i386/pc/linux.c | 6 ++----
grub-core/loader/mips/linux.c | 9 +++------
grub-core/loader/multiboot.c | 2 +-
grub-core/loader/multiboot_elfxx.c | 10 ++++-----
grub-core/loader/multiboot_mbi2.c | 10 ++++-----
grub-core/loader/xnu_resume.c | 2 +-
include/grub/relocator.h | 29 +++++++++++++++++++++++++++
13 files changed, 69 insertions(+), 58 deletions(-)
diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c
index 71dd4f0ab..34cbe834f 100644
--- a/grub-core/lib/i386/relocator.c
+++ b/grub-core/lib/i386/relocator.c
@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel,
/* Specific memory range due to Global Descriptor Table for use by payload
that we will store in returned chunk. The address range and preference
are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000,
- 0x9a000 - RELOCATOR_SIZEOF (32),
- RELOCATOR_SIZEOF (32), 16,
- GRUB_RELOCATOR_PREFERENCE_LOW,
- avoid_efi_bootservices);
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000,
+ RELOCATOR_SIZEOF (32), 16,
+ GRUB_RELOCATOR_PREFERENCE_LOW,
+ avoid_efi_bootservices);
if (err)
return err;
@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel,
grub_relocator_chunk_t ch;
/* Put it higher than the byte it checks for A20 check. */
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010,
- 0xa0000 - RELOCATOR_SIZEOF (16)
- - GRUB_RELOCATOR16_STACK_SIZE,
- RELOCATOR_SIZEOF (16)
- + GRUB_RELOCATOR16_STACK_SIZE, 16,
- GRUB_RELOCATOR_PREFERENCE_NONE,
- 0);
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000,
+ RELOCATOR_SIZEOF (16) +
+ GRUB_RELOCATOR16_STACK_SIZE, 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
return err;
@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel,
void *relst;
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr,
- max_addr - RELOCATOR_SIZEOF (64),
- RELOCATOR_SIZEOF (64), 16,
- GRUB_RELOCATOR_PREFERENCE_NONE,
- 0);
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr,
+ RELOCATOR_SIZEOF (64), 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
return err;
diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c
index 9d5f49cb9..743b213e6 100644
--- a/grub-core/lib/mips/relocator.c
+++ b/grub-core/lib/mips/relocator.c
@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
unsigned i;
grub_addr_t vtarget;
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
- (0xffffffff - stateset_size)
- + 1, stateset_size,
- sizeof (grub_uint32_t),
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
+ stateset_size, sizeof (grub_uint32_t),
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
return err;
diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c
index bdf2b111b..8ffb8b686 100644
--- a/grub-core/lib/powerpc/relocator.c
+++ b/grub-core/lib/powerpc/relocator.c
@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
unsigned i;
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
- (0xffffffff - stateset_size)
- + 1, stateset_size,
- sizeof (grub_uint32_t),
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
+ stateset_size, sizeof (grub_uint32_t),
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
return err;
diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c
index 3caef7a40..7d200a125 100644
--- a/grub-core/lib/x86_64/efi/relocator.c
+++ b/grub-core/lib/x86_64/efi/relocator.c
@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel,
* 64-bit relocator code may live above 4 GiB quite well.
* However, I do not want ask for problems. Just in case.
*/
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
- 0x100000000 - RELOCATOR_SIZEOF (64_efi),
- RELOCATOR_SIZEOF (64_efi), 16,
- GRUB_RELOCATOR_PREFERENCE_NONE, 1);
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000,
+ RELOCATOR_SIZEOF (64_efi), 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 1);
if (err)
return err;
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 02a73463a..efbb99307 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -181,9 +181,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align,
for (; err && *align + 1 > min_align; (*align)--)
{
grub_errno = GRUB_ERR_NONE;
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
- 0x1000000,
- 0xffffffff & ~prot_size,
+ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000,
+ UP_TO_TOP32 (prot_size),
prot_size, 1 << *align,
GRUB_RELOCATOR_PREFERENCE_LOW,
1);
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
index ad3cc292f..a67d9d0a8 100644
--- a/grub-core/loader/i386/multiboot_mbi.c
+++ b/grub-core/loader/i386/multiboot_mbi.c
@@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target)
bufsize = grub_multiboot_get_mbi_size ();
- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch,
- 0x10000, 0xa0000 - bufsize,
- bufsize, 4,
- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch,
+ 0x10000, 0xa0000, bufsize, 4,
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
return err;
ptrorig = get_virtual_current_address (ch);
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
index 31f09922b..5fed5ffdf 100644
--- a/grub-core/loader/i386/pc/linux.c
+++ b/grub-core/loader/i386/pc/linux.c
@@ -453,10 +453,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
{
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
- addr_min, addr_max - size,
- size, 0x1000,
- GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
+ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size,
+ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
if (err)
return err;
initrd_chunk = get_virtual_current_address (ch);
diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c
index 7b723bf18..e4ed95921 100644
--- a/grub-core/loader/mips/linux.c
+++ b/grub-core/loader/mips/linux.c
@@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
{
grub_relocator_chunk_t ch;
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
- (target_addr & 0x1fffffff)
- + linux_size + 0x10000,
- (0x10000000 - size),
- size, 0x10000,
- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
+ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) +
+ linux_size + 0x10000, 0x10000000, size,
+ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0);
if (err)
goto fail;
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
index 4a98d7082..facb13f3d 100644
--- a/grub-core/loader/multiboot.c
+++ b/grub-core/loader/multiboot.c
@@ -403,7 +403,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
{
grub_relocator_chunk_t ch;
err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
- lowest_addr, (0xffffffff - size) + 1,
+ lowest_addr, UP_TO_TOP32 (size),
size, MULTIBOOT_MOD_ALIGN,
GRUB_RELOCATOR_PREFERENCE_NONE, 1);
if (err)
diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
index cc6853692..f2318e0d1 100644
--- a/grub-core/loader/multiboot_elfxx.c
+++ b/grub-core/loader/multiboot_elfxx.c
@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size)
return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
- mld->min_addr, mld->max_addr - load_size,
- load_size, mld->align ? mld->align : 1,
- mld->preference, mld->avoid_efi_boot_services);
+ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch,
+ mld->min_addr, mld->max_addr,
+ load_size, mld->align ? mld->align : 1,
+ mld->preference, mld->avoid_efi_boot_services);
if (err)
{
@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
continue;
err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0,
- (0xffffffff - sh->sh_size) + 1,
+ UP_TO_TOP32 (sh->sh_size),
sh->sh_size, sh->sh_addralign,
GRUB_RELOCATOR_PREFERENCE_NONE,
mld->avoid_efi_boot_services);
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
index 0efc66062..03967839c 100644
--- a/grub-core/loader/multiboot_mbi2.c
+++ b/grub-core/loader/multiboot_mbi2.c
@@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
}
- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
- mld.min_addr, mld.max_addr - code_size,
- code_size, mld.align ? mld.align : 1,
- mld.preference, keep_bs);
+ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch,
+ mld.min_addr, mld.max_addr,
+ code_size, mld.align ? mld.align : 1,
+ mld.preference, keep_bs);
}
else
err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator,
@@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target)
COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0);
err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
- 0, 0xffffffff - bufsize,
+ 0, UP_TO_TOP32 (bufsize),
bufsize, MULTIBOOT_TAG_ALIGN,
GRUB_RELOCATOR_PREFERENCE_NONE, 1);
if (err)
diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c
index 8089804d4..d648ef0cd 100644
--- a/grub-core/loader/xnu_resume.c
+++ b/grub-core/loader/xnu_resume.c
@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename)
{
grub_relocator_chunk_t ch;
err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0,
- (0xffffffff - hibhead.image_size) + 1,
+ UP_TO_TOP32 (hibhead.image_size),
hibhead.image_size,
GRUB_XNU_PAGESIZE,
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
diff --git a/include/grub/relocator.h b/include/grub/relocator.h
index 24d8672d2..1b3bdd92a 100644
--- a/include/grub/relocator.h
+++ b/include/grub/relocator.h
@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
int preference,
int avoid_efi_boot_services);
+/*
+ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of
+ * protecting against integer underflow.
+ *
+ * Compare to its callee, max_addr has different meaning here.
+ * It covers entire chunk and not just start address of the chunk.
+ */
+static inline grub_err_t
+grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel,
+ grub_relocator_chunk_t *out,
+ grub_phys_addr_t min_addr,
+ grub_phys_addr_t max_addr,
+ grub_size_t size, grub_size_t align,
+ int preference,
+ int avoid_efi_boot_services)
+{
+ /* Sanity check and ensure following equation (max_addr - size) is safe. */
+ if (max_addr < size || (max_addr - size) < min_addr)
+ return GRUB_ERR_OUT_OF_RANGE;
+
+ return grub_relocator_alloc_chunk_align (rel, out, min_addr,
+ max_addr - size,
+ size, align, preference,
+ avoid_efi_boot_services);
+}
+
+/* Top 32-bit address minus s bytes and plus 1 byte. */
+#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1)
+
#define GRUB_RELOCATOR_PREFERENCE_NONE 0
#define GRUB_RELOCATOR_PREFERENCE_LOW 1
#define GRUB_RELOCATOR_PREFERENCE_HIGH 2
--
2.26.2

37
buildroot/boot/grub2/0018-script-Remove-unused-fields-from-grub_script_functio.patch Normal file
View File

@ -0,0 +1,37 @@
From 73aa0776457066ee6ebc93486c3cf0e6b755d1b8 Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Fri, 10 Jul 2020 11:21:14 +0100
Subject: [PATCH] script: Remove unused fields from grub_script_function
struct
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
include/grub/script_sh.h | 5 -----
1 file changed, 5 deletions(-)
diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
index 360c2be1f..b382bcf09 100644
--- a/include/grub/script_sh.h
+++ b/include/grub/script_sh.h
@@ -359,13 +359,8 @@ struct grub_script_function
/* The script function. */
struct grub_script *func;
- /* The flags. */
- unsigned flags;
-
/* The next element. */
struct grub_script_function *next;
-
- int references;
};
typedef struct grub_script_function *grub_script_function_t;
--
2.26.2

113
buildroot/boot/grub2/0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch Normal file
View File

@ -0,0 +1,113 @@
From 26349fcf80982b4d0120b73b2836e88bcf16853c Mon Sep 17 00:00:00 2001
From: Chris Coulson <chris.coulson@canonical.com>
Date: Fri, 10 Jul 2020 14:41:45 +0100
Subject: [PATCH] script: Avoid a use-after-free when redefining a
function during execution
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Defining a new function with the same name as a previously defined
function causes the grub_script and associated resources for the
previous function to be freed. If the previous function is currently
executing when a function with the same name is defined, this results
in use-after-frees when processing subsequent commands in the original
function.
Instead, reject a new function definition if it has the same name as
a previously defined function, and that function is currently being
executed. Although a behavioural change, this should be backwards
compatible with existing configurations because they can't be
dependent on the current behaviour without being broken.
Fixes: CVE-2020-15706
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/script/execute.c | 2 ++
grub-core/script/function.c | 16 +++++++++++++---
grub-core/script/parser.y | 3 ++-
include/grub/script_sh.h | 2 ++
4 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index c8d6806fe..7e028e135 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
old_scope = scope;
scope = &new_scope;
+ func->executing++;
ret = grub_script_execute (func->func);
+ func->executing--;
function_return = 0;
active_loops = loops;
diff --git a/grub-core/script/function.c b/grub-core/script/function.c
index d36655e51..3aad04bf9 100644
--- a/grub-core/script/function.c
+++ b/grub-core/script/function.c
@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
func = (grub_script_function_t) grub_malloc (sizeof (*func));
if (! func)
return 0;
+ func->executing = 0;
func->name = grub_strdup (functionname_arg->str);
if (! func->name)
@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
grub_script_function_t q;
q = *p;
- grub_script_free (q->func);
- q->func = cmd;
grub_free (func);
- func = q;
+ if (q->executing > 0)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("attempt to redefine a function being executed"));
+ func = NULL;
+ }
+ else
+ {
+ grub_script_free (q->func);
+ q->func = cmd;
+ func = q;
+ }
}
else
{
diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
index 4f0ab8319..f80b86b6f 100644
--- a/grub-core/script/parser.y
+++ b/grub-core/script/parser.y
@@ -289,7 +289,8 @@ function: "function" "name"
grub_script_mem_free (state->func_mem);
else {
script->children = state->scripts;
- grub_script_function_create ($2, script);
+ if (!grub_script_function_create ($2, script))
+ grub_script_free (script);
}
state->scripts = $<scripts>3;
diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
index b382bcf09..6c48e0751 100644
--- a/include/grub/script_sh.h
+++ b/include/grub/script_sh.h
@@ -361,6 +361,8 @@ struct grub_script_function
/* The next element. */
struct grub_script_function *next;
+
+ unsigned executing;
};
typedef struct grub_script_function *grub_script_function_t;
--
2.26.2

49
buildroot/boot/grub2/0020-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch Normal file
View File

@ -0,0 +1,49 @@
From 06aa91f79f902752cb7e5d22ac0ea8e13bffd056 Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Fri, 17 Jul 2020 05:17:26 +0000
Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top
memory allocation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Current implementation of grub_relocator_alloc_chunk_align()
does not allow allocation of the top byte.
Assuming input args are:
max_addr = 0xfffff000;
size = 0x1000;
And this is valid. But following overflow protection will
unnecessarily move max_addr one byte down (to 0xffffefff):
if (max_addr > ~size)
max_addr = ~size;
~size + 1 will fix the situation. In addition, check size
for non zero to do not zero max_addr.
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/lib/relocator.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
index 5847aac36..f2c1944c2 100644
--- a/grub-core/lib/relocator.c
+++ b/grub-core/lib/relocator.c
@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
};
grub_addr_t min_addr2 = 0, max_addr2;
- if (max_addr > ~size)
- max_addr = ~size;
+ if (size && (max_addr > ~size))
+ max_addr = ~size + 1;
#ifdef GRUB_MACHINE_PCBIOS
if (min_addr < 0x1000)
--
2.26.2

61
buildroot/boot/grub2/0021-hfsplus-Fix-two-more-overflows.patch Normal file
View File

@ -0,0 +1,61 @@
From feec993673d8e13fcf22fe2389ac29222b6daebd Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sun, 19 Jul 2020 14:43:31 -0400
Subject: [PATCH] hfsplus: Fix two more overflows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Both node->size and node->namelen come from the supplied filesystem,
which may be user-supplied. We can't trust them for the math unless we
know they don't overflow. Making sure they go through grub_add() or
grub_calloc() first will give us that.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/fs/hfsplus.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index dae43becc..9c4e4c88c 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@ -31,6 +31,7 @@
#include <grub/hfs.h>
#include <grub/charset.h>
#include <grub/hfsplus.h>
+#include <grub/safemath.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node)
{
char *symlink;
grub_ssize_t numread;
+ grub_size_t sz = node->size;
- symlink = grub_malloc (node->size + 1);
+ if (grub_add (sz, 1, &sz))
+ return NULL;
+
+ symlink = grub_malloc (sz);
if (!symlink)
return 0;
@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg)
if (type == GRUB_FSHELP_UNKNOWN)
return 0;
- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen)
- * GRUB_MAX_UTF8_PER_UTF16 + 1);
+ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen),
+ GRUB_MAX_UTF8_PER_UTF16 + 1);
if (! filename)
return 0;
--
2.26.2

116
buildroot/boot/grub2/0022-lvm-Fix-two-more-potential-data-dependent-alloc-over.patch Normal file
View File

@ -0,0 +1,116 @@
From a1845e90fc19fb5e904091bad8a378f458798e4a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sun, 19 Jul 2020 15:48:20 -0400
Subject: [PATCH] lvm: Fix two more potential data-dependent alloc
overflows
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It appears to be possible to make a (possibly invalid) lvm PV with
a metadata size field that overflows our type when adding it to the
address we've allocated. Even if it doesn't, it may be possible to do so
with the math using the outcome of that as an operand. Check them both.
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 40 insertions(+), 8 deletions(-)
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
index d1df640b3..139fafd47 100644
--- a/grub-core/disk/lvm.c
+++ b/grub-core/disk/lvm.c
@@ -25,6 +25,7 @@
#include <grub/lvm.h>
#include <grub/partition.h>
#include <grub/i18n.h>
+#include <grub/safemath.h>
#ifdef GRUB_UTIL
#include <grub/emu/misc.h>
@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk,
{
grub_err_t err;
grub_uint64_t mda_offset, mda_size;
+ grub_size_t ptr;
char buf[GRUB_LVM_LABEL_SIZE];
char vg_id[GRUB_LVM_ID_STRLEN+1];
char pv_id[GRUB_LVM_ID_STRLEN+1];
- char *metadatabuf, *p, *q, *vgname;
+ char *metadatabuf, *p, *q, *mda_end, *vgname;
struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf;
struct grub_lvm_pv_header *pvh;
struct grub_lvm_disk_locn *dlocn;
@@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk,
grub_le_to_cpu64 (rlocn->size) -
grub_le_to_cpu64 (mdah->size));
}
- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset);
- while (*q != ' ' && q < metadatabuf + mda_size)
- q++;
-
- if (q == metadatabuf + mda_size)
+ if (grub_add ((grub_size_t)metadatabuf,
+ (grub_size_t)grub_le_to_cpu64 (rlocn->offset),
+ &ptr))
{
+ error_parsing_metadata:
#ifdef GRUB_UTIL
grub_util_info ("error parsing metadata");
#endif
goto fail2;
}
+ p = q = (char *)ptr;
+
+ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
+ goto error_parsing_metadata;
+
+ mda_end = (char *)ptr;
+
+ while (*q != ' ' && q < mda_end)
+ q++;
+
+ if (q == mda_end)
+ goto error_parsing_metadata;
+
vgname_len = q - p;
vgname = grub_malloc (vgname_len + 1);
if (!vgname)
@@ -367,8 +381,26 @@ grub_lvm_detect (grub_disk_t disk,
{
const char *iptr;
char *optr;
- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len
- + 1 + 2 * s + 1);
+
+ /*
+ * This is kind of hard to read with our safe (but rather
+ * baroque) math primatives, but it boils down to:
+ *
+ * sz0 = vgname_len * 2 + 1 +
+ * s * 2 + 1 +
+ * sizeof ("lvm/") - 1;
+ */
+ grub_size_t sz0 = vgname_len, sz1 = s;
+
+ if (grub_mul (sz0, 2, &sz0) ||
+ grub_add (sz0, 1, &sz0) ||
+ grub_mul (sz1, 2, &sz1) ||
+ grub_add (sz1, 1, &sz1) ||
+ grub_add (sz0, sz1, &sz0) ||
+ grub_add (sz0, sizeof ("lvm/") - 1, &sz0))
+ goto lvs_fail;
+
+ lv->fullname = grub_malloc (sz0);
if (!lv->fullname)
goto lvs_fail;
--
2.26.2

38
buildroot/boot/grub2/0023-emu-Make-grub_free-NULL-safe.patch Normal file
View File

@ -0,0 +1,38 @@
From 320e86747a32e4d46d24ee4b64493741c161da50 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sun, 19 Jul 2020 16:08:08 -0400
Subject: [PATCH] emu: Make grub_free(NULL) safe
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The grub_free() implementation in grub-core/kern/mm.c safely handles
NULL pointers, and code at many places depends on this. We don't know
that the same is true on all host OSes, so we need to handle the same
behavior in grub-emu's implementation.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/kern/emu/mm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
index 145b01d37..4d1046a21 100644
--- a/grub-core/kern/emu/mm.c
+++ b/grub-core/kern/emu/mm.c
@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size)
void
grub_free (void *ptr)
{
- free (ptr);
+ if (ptr)
+ free (ptr);
}
void *
--
2.26.2

239
buildroot/boot/grub2/0024-efi-Fix-some-malformed-device-path-arithmetic-errors.patch Normal file
View File

@ -0,0 +1,239 @@
From c330aa099a38bc5c4d3066954fe35767cc06adb1 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Sun, 19 Jul 2020 16:53:27 -0400
Subject: [PATCH] efi: Fix some malformed device path arithmetic errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Several places we take the length of a device path and subtract 4 from
it, without ever checking that it's >= 4. There are also cases where
this kind of malformation will result in unpredictable iteration,
including treating the length from one dp node as the type in the next
node. These are all errors, no matter where the data comes from.
This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
the length is too small. Additionally, it makes several places in the
code check for and return errors in these cases.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/kern/efi/efi.c | 64 +++++++++++++++++++++++++-----
grub-core/loader/efi/chainloader.c | 13 +++++-
grub-core/loader/i386/xnu.c | 9 +++--
include/grub/efi/api.h | 14 ++++---
4 files changed, 79 insertions(+), 21 deletions(-)
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index dc31caa21..c97969a65 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
dp = dp0;
- while (1)
+ while (dp)
{
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
@@ -342,9 +342,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
&& subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
{
- grub_efi_uint16_t len;
- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
- / sizeof (grub_efi_char16_t));
+ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
+
+ if (len < 4)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "malformed EFI Device Path node has length=%d", len);
+ return NULL;
+ }
+ len = (len - 4) / sizeof (grub_efi_char16_t);
filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
}
@@ -360,7 +366,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
if (!name)
return NULL;
- while (1)
+ while (dp)
{
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
@@ -376,8 +382,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
*p++ = '/';
- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
- / sizeof (grub_efi_char16_t));
+ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
+ if (len < 4)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "malformed EFI Device Path node has length=%d", len);
+ return NULL;
+ }
+
+ len = (len - 4) / sizeof (grub_efi_char16_t);
fp = (grub_efi_file_path_device_path_t *) dp;
/* According to EFI spec Path Name is NULL terminated */
while (len > 0 && fp->path_name[len - 1] == 0)
@@ -452,7 +465,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp)
;
p = GRUB_EFI_NEXT_DEVICE_PATH (p))
{
- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
+ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
+
+ /*
+ * In the event that we find a node that's completely garbage, for
+ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size
+ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and
+ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue,
+ * and neither should our consumers, but there won't be any error raised
+ * even though the device path is junk.
+ *
+ * This keeps us from passing junk down back to our caller.
+ */
+ if (len < 4)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "malformed EFI Device Path node has length=%d", len);
+ return NULL;
+ }
+
+ total_size += len;
if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p))
break;
}
@@ -497,7 +529,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor)
void
grub_efi_print_device_path (grub_efi_device_path_t *dp)
{
- while (1)
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp))
{
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
@@ -909,7 +941,10 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
/* Return non-zero. */
return 1;
- while (1)
+ if (dp1 == dp2)
+ return 0;
+
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
{
grub_efi_uint8_t type1, type2;
grub_efi_uint8_t subtype1, subtype2;
@@ -945,5 +980,14 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2);
}
+ /*
+ * There's no "right" answer here, but we probably don't want to call a valid
+ * dp and an invalid dp equal, so pick one way or the other.
+ */
+ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && !GRUB_EFI_DEVICE_PATH_VALID (dp2))
+ return 1;
+ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
+ return -1;
+
return 0;
}
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index daf8c6b54..a8d7b9155 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -156,9 +156,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
size = 0;
d = dp;
- while (1)
+ while (d)
{
- size += GRUB_EFI_DEVICE_PATH_LENGTH (d);
+ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d);
+
+ if (len < 4)
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
+ "malformed EFI Device Path node has length=%d", len);
+ return NULL;
+ }
+
+ size += len;
if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d)))
break;
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
index e9e119259..a70093607 100644
--- a/grub-core/loader/i386/xnu.c
+++ b/grub-core/loader/i386/xnu.c
@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)),
devhead = buf;
buf = devhead + 1;
- dpstart = buf;
+ dp = dpstart = buf;
- do
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend)
{
- dp = buf;
buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp);
+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
+ break;
+ dp = buf;
}
- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend);
dev = grub_xnu_devprop_add_device (dpstart, (char *) buf
- (char *) dpstart);
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index addcbfa8f..cf1355a8c 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -625,6 +625,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
#define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f)
#define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype)
#define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length)
+#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4)
/* The End of Device Path nodes. */
#define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f)
@@ -633,13 +634,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
#define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01
#define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \
- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))
+ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \
+ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
+ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
+ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)))
#define GRUB_EFI_NEXT_DEVICE_PATH(dp) \
- ((grub_efi_device_path_t *) ((char *) (dp) \
- + GRUB_EFI_DEVICE_PATH_LENGTH (dp)))
+ (GRUB_EFI_DEVICE_PATH_VALID (dp) \
+ ? ((grub_efi_device_path_t *) \
+ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \
+ : NULL)
/* Hardware Device Path. */
#define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1
--
2.26.2

78
buildroot/boot/grub2/0025-efi-chainloader-Propagate-errors-from-copy_file_path.patch Normal file
View File

@ -0,0 +1,78 @@
From fb55bc37dd510911df4eaf649da939f5fafdc7ce Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Wed, 29 Jul 2020 13:38:31 +0200
Subject: [PATCH] efi/chainloader: Propagate errors from copy_file_path()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Without any error propagated to the caller, make_file_path()
would then try to advance the invalid device path node with
GRUB_EFI_NEXT_DEVICE_PATH(), which would fail, returning a NULL
pointer that would subsequently be dereferenced. Hence, propagate
errors from copy_file_path().
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/efi/chainloader.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
index a8d7b9155..7b31c3fb9 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -106,7 +106,7 @@ grub_chainloader_boot (void)
return grub_errno;
}
-static void
+static grub_err_t
copy_file_path (grub_efi_file_path_device_path_t *fp,
const char *str, grub_efi_uint16_t len)
{
@@ -118,7 +118,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
if (!path_name)
- return;
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer");
size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8,
(const grub_uint8_t *) str, len, 0);
@@ -131,6 +131,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
fp->path_name[size++] = '\0';
fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
grub_free (path_name);
+ return GRUB_ERR_NONE;
}
static grub_efi_device_path_t *
@@ -189,13 +190,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
d = (grub_efi_device_path_t *) ((char *) file_path
+ ((char *) d - (char *) dp));
grub_efi_print_device_path (d);
- copy_file_path ((grub_efi_file_path_device_path_t *) d,
- dir_start, dir_end - dir_start);
+ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
+ dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
+ {
+ fail:
+ grub_free (file_path);
+ return 0;
+ }
/* Fill the file path for the file. */
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
- copy_file_path ((grub_efi_file_path_device_path_t *) d,
- dir_end + 1, grub_strlen (dir_end + 1));
+ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
+ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE)
+ goto fail;
/* Fill the end of device path nodes. */
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
--
2.26.2

183
buildroot/boot/grub2/0026-efi-Fix-use-after-free-in-halt-reboot-path.patch Normal file
View File

@ -0,0 +1,183 @@
From 8a6d6299efcffd14c1130942195e6c0d9b50cacd Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Mon, 20 Jul 2020 23:03:05 +0000
Subject: [PATCH] efi: Fix use-after-free in halt/reboot path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 92bfc33db984 ("efi: Free malloc regions on exit")
introduced memory freeing in grub_efi_fini(), which is
used not only by exit path but by halt/reboot one as well.
As result of memory freeing, code and data regions used by
modules, such as halt, reboot, acpi (used by halt) also got
freed. After return to module code, CPU executes, filled
by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
a code. Which leads to #UD exception later.
grub> halt
!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246
RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
RSI - 00000000064DB768, RDI - 000000000832C5C3
R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52
R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
R14 - 0000000003E10D80, R15 - 00000000061E2F60
DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
GS - 0000000000000030, SS - 0000000000000030
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
CR4 - 0000000000000668, CR8 - 0000000000000000
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000
FXSAVE_STATE - 0000000007F0F4C0
Proposal here is to continue to free allocated memory for
exit boot services path but keep it for halt/reboot path
as it won't be much security concern here.
Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
loader flag to be used by efi halt/reboot path.
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/kern/arm/efi/init.c | 3 +++
grub-core/kern/arm64/efi/init.c | 3 +++
grub-core/kern/efi/efi.c | 3 ++-
grub-core/kern/efi/init.c | 1 -
grub-core/kern/i386/efi/init.c | 9 +++++++--
grub-core/kern/ia64/efi/init.c | 9 +++++++--
grub-core/kern/riscv/efi/init.c | 3 +++
grub-core/lib/efi/halt.c | 3 ++-
include/grub/loader.h | 1 +
9 files changed, 28 insertions(+), 7 deletions(-)
diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c
index 06df60e2f..40c3b467f 100644
--- a/grub-core/kern/arm/efi/init.c
+++ b/grub-core/kern/arm/efi/init.c
@@ -71,4 +71,7 @@ grub_machine_fini (int flags)
efi_call_1 (b->close_event, tmr_evt);
grub_efi_fini ();
+
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
+ grub_efi_memory_fini ();
}
diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c
index 6224999ec..5010caefd 100644
--- a/grub-core/kern/arm64/efi/init.c
+++ b/grub-core/kern/arm64/efi/init.c
@@ -57,4 +57,7 @@ grub_machine_fini (int flags)
return;
grub_efi_fini ();
+
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
+ grub_efi_memory_fini ();
}
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index c97969a65..9cfd88d77 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle)
void
grub_reboot (void)
{
- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
+ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
efi_call_4 (grub_efi_system_table->runtime_services->reset_system,
GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL);
for (;;) ;
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index 3dfdf2d22..2c31847bf 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -80,5 +80,4 @@ grub_efi_fini (void)
{
grub_efidisk_fini ();
grub_console_fini ();
- grub_efi_memory_fini ();
}
diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c
index da499aba0..deb2eacd8 100644
--- a/grub-core/kern/i386/efi/init.c
+++ b/grub-core/kern/i386/efi/init.c
@@ -39,6 +39,11 @@ grub_machine_init (void)
void
grub_machine_fini (int flags)
{
- if (flags & GRUB_LOADER_FLAG_NORETURN)
- grub_efi_fini ();
+ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
+ return;
+
+ grub_efi_fini ();
+
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
+ grub_efi_memory_fini ();
}
diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c
index b5ecbd091..f1965571b 100644
--- a/grub-core/kern/ia64/efi/init.c
+++ b/grub-core/kern/ia64/efi/init.c
@@ -70,6 +70,11 @@ grub_machine_init (void)
void
grub_machine_fini (int flags)
{
- if (flags & GRUB_LOADER_FLAG_NORETURN)
- grub_efi_fini ();
+ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
+ return;
+
+ grub_efi_fini ();
+
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
+ grub_efi_memory_fini ();
}
diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c
index 7eb1969d0..38795fe67 100644
--- a/grub-core/kern/riscv/efi/init.c
+++ b/grub-core/kern/riscv/efi/init.c
@@ -73,4 +73,7 @@ grub_machine_fini (int flags)
return;
grub_efi_fini ();
+
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
+ grub_efi_memory_fini ();
}
diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c
index 5859f0498..29d413641 100644
--- a/grub-core/lib/efi/halt.c
+++ b/grub-core/lib/efi/halt.c
@@ -28,7 +28,8 @@
void
grub_halt (void)
{
- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
+ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
#if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \
!defined(__riscv)
grub_acpi_halt ();
diff --git a/include/grub/loader.h b/include/grub/loader.h
index 7f82a499f..b20864282 100644
--- a/include/grub/loader.h
+++ b/include/grub/loader.h
@@ -33,6 +33,7 @@ enum
{
GRUB_LOADER_FLAG_NORETURN = 1,
GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2,
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4,
};
void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
--
2.26.2

32
buildroot/boot/grub2/0027-loader-linux-Avoid-overflow-on-initrd-size-calculati.patch Normal file
View File

@ -0,0 +1,32 @@
From a2a7464e9f10a677d6f91e1c4fa527d084c22e7c Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 24 Jul 2020 13:57:27 -0400
Subject: [PATCH] loader/linux: Avoid overflow on initrd size calculation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/linux.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index 471b214d6..4cd8c20c7 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -151,8 +151,7 @@ grub_initrd_init (int argc, char *argv[],
initrd_ctx->nfiles = 0;
initrd_ctx->components = 0;
- initrd_ctx->components = grub_zalloc (argc
- * sizeof (initrd_ctx->components[0]));
+ initrd_ctx->components = grub_calloc (argc, sizeof (initrd_ctx->components[0]));
if (!initrd_ctx->components)
return grub_errno;
--
2.26.2

173
buildroot/boot/grub2/0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch Normal file
View File

@ -0,0 +1,173 @@
From 0367e7d1b9bac3a78608a672bf6e4ace6a28b964 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 25 Jul 2020 12:15:37 +0100
Subject: [PATCH] linux: Fix integer overflows in initrd size handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
These could be triggered by a crafted filesystem with very large files.
Fixes: CVE-2020-15707
Signed-off-by: Colin Watson <cjwatson@debian.org>
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++-----------
1 file changed, 54 insertions(+), 20 deletions(-)
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
index 4cd8c20c7..3fe390f17 100644
--- a/grub-core/loader/linux.c
+++ b/grub-core/loader/linux.c
@@ -4,6 +4,7 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/mm.h>
+#include <grub/safemath.h>
struct newc_head
{
@@ -98,13 +99,13 @@ free_dir (struct dir *root)
grub_free (root);
}
-static grub_size_t
+static grub_err_t
insert_dir (const char *name, struct dir **root,
- grub_uint8_t *ptr)
+ grub_uint8_t *ptr, grub_size_t *size)
{
struct dir *cur, **head = root;
const char *cb, *ce = name;
- grub_size_t size = 0;
+ *size = 0;
while (1)
{
for (cb = ce; *cb == '/'; cb++);
@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root,
ptr = make_header (ptr, name, ce - name,
040777, 0);
}
- size += ALIGN_UP ((ce - (char *) name)
- + sizeof (struct newc_head), 4);
+ if (grub_add (*size,
+ ALIGN_UP ((ce - (char *) name)
+ + sizeof (struct newc_head), 4),
+ size))
+ {
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
+ grub_free (n->name);
+ grub_free (n);
+ return grub_errno;
+ }
*head = n;
cur = n;
}
root = &cur->next;
}
- return size;
+ return GRUB_ERR_NONE;
}
grub_err_t
@@ -172,26 +181,33 @@ grub_initrd_init (int argc, char *argv[],
eptr = grub_strchr (ptr, ':');
if (eptr)
{
+ grub_size_t dir_size, name_len;
+
initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
- if (!initrd_ctx->components[i].newc_name)
+ if (!initrd_ctx->components[i].newc_name ||
+ insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
+ &dir_size))
{
grub_initrd_close (initrd_ctx);
return grub_errno;
}
- initrd_ctx->size
- += ALIGN_UP (sizeof (struct newc_head)
- + grub_strlen (initrd_ctx->components[i].newc_name),
- 4);
- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
- &root, 0);
+ name_len = grub_strlen (initrd_ctx->components[i].newc_name);
+ if (grub_add (initrd_ctx->size,
+ ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
+ &initrd_ctx->size) ||
+ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
+ goto overflow;
newc = 1;
fname = eptr + 1;
}
}
else if (newc)
{
- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
- + sizeof ("TRAILER!!!") - 1, 4);
+ if (grub_add (initrd_ctx->size,
+ ALIGN_UP (sizeof (struct newc_head)
+ + sizeof ("TRAILER!!!") - 1, 4),
+ &initrd_ctx->size))
+ goto overflow;
free_dir (root);
root = 0;
newc = 0;
@@ -207,19 +223,29 @@ grub_initrd_init (int argc, char *argv[],
initrd_ctx->nfiles++;
initrd_ctx->components[i].size
= grub_file_size (initrd_ctx->components[i].file);
- initrd_ctx->size += initrd_ctx->components[i].size;
+ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
+ &initrd_ctx->size))
+ goto overflow;
}
if (newc)
{
initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
- + sizeof ("TRAILER!!!") - 1, 4);
+ if (grub_add (initrd_ctx->size,
+ ALIGN_UP (sizeof (struct newc_head)
+ + sizeof ("TRAILER!!!") - 1, 4),
+ &initrd_ctx->size))
+ goto overflow;
free_dir (root);
root = 0;
}
return GRUB_ERR_NONE;
+
+ overflow:
+ free_dir (root);
+ grub_initrd_close (initrd_ctx);
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
}
grub_size_t
@@ -260,8 +286,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
if (initrd_ctx->components[i].newc_name)
{
- ptr += insert_dir (initrd_ctx->components[i].newc_name,
- &root, ptr);
+ grub_size_t dir_size;
+
+ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
+ &dir_size))
+ {
+ free_dir (root);
+ grub_initrd_close (initrd_ctx);
+ return grub_errno;
+ }
+ ptr += dir_size;
ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
grub_strlen (initrd_ctx->components[i].newc_name),
0100777,
--
2.26.2

11
buildroot/boot/grub2/grub2.mk
View File

@ -21,6 +21,17 @@ endef
GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
HOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
# 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
GRUB2_IGNORE_CVES += CVE-2020-10713
# 0005-calloc-Use-calloc-at-most-places.patch
GRUB2_IGNORE_CVES += CVE-2020-14308
# 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
GRUB2_IGNORE_CVES += CVE-2020-14309 CVE-2020-14310 CVE-2020-14311
# 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
GRUB2_IGNORE_CVES += CVE-2020-15706
# 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
GRUB2_IGNORE_CVES += CVE-2020-15707
ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
GRUB2_INSTALL_TARGET = YES
else

5
buildroot/boot/uboot/uboot.mk
View File

@ -16,6 +16,7 @@ UBOOT_INSTALL_IMAGES = YES
# u-boot 2020.01+ needs make 4.0+
UBOOT_DEPENDENCIES = $(BR2_MAKE_HOST_DEPENDENCY)
UBOOT_MAKE = $(BR2_MAKE)
ifeq ($(UBOOT_VERSION),custom)
# Handle custom U-Boot tarballs as specified by the configuration
@ -247,7 +248,7 @@ UBOOT_POST_PATCH_HOOKS += UBOOT_FIXUP_LIBFDT_INCLUDE
ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_LEGACY),y)
define UBOOT_CONFIGURE_CMDS
$(TARGET_CONFIGURE_OPTS) \
$(BR2_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
$(UBOOT_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
$(UBOOT_BOARD_NAME)_config
endef
else ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG),y)
@ -284,7 +285,7 @@ define UBOOT_BUILD_CMDS
cp -f $(UBOOT_CUSTOM_DTS_PATH) $(@D)/arch/$(UBOOT_ARCH)/dts/
)
$(TARGET_CONFIGURE_OPTS) \
$(BR2_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
$(UBOOT_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
$(UBOOT_MAKE_TARGET)
$(if $(BR2_TARGET_UBOOT_FORMAT_SD),
$(@D)/tools/mxsboot sd $(@D)/u-boot.sb $(@D)/u-boot.sd)

18
buildroot/docs/manual/adding-board-support.txt
View File

@ -10,9 +10,9 @@ that is known to work. You are welcome to add support for other boards
to Buildroot too.
To do so, you need to create a normal Buildroot configuration that
builds a basic system for the hardware: toolchain, kernel, bootloader,
filesystem and a simple BusyBox-only userspace. No specific package
should be selected: the configuration should be as minimal as
builds a basic system for the hardware: (internal) toolchain, kernel,
bootloader, filesystem and a simple BusyBox-only userspace. No specific
package should be selected: the configuration should be as minimal as
possible, and should only build a working basic BusyBox system for the
target platform. You can of course use more complicated configurations
for your internal projects, but the Buildroot project will only
@ -22,7 +22,17 @@ selections are highly application-specific.
Once you have a known working configuration, run +make
savedefconfig+. This will generate a minimal +defconfig+ file at the
root of the Buildroot source tree. Move this file into the +configs/+
directory, and rename it +<boardname>_defconfig+.
directory, and rename it +<boardname>_defconfig+. If the configuration
is a bit more complicated, it is nice to manually reformat it and
separate it into sections, with a comment before each section. Typical
sections are _Architecture_, _Toolchain options_ (typically just linux
headers version), _Firmware_, _Bootloader_, _Kernel_, and _Filesystem_.
Always use fixed versions or commit hashes for the different
components, not the "latest" version. For example, set
+BR2_LINUX_KERNEL_CUSTOM_VERSION=y+ and
+BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE+ to the kernel version you tested
with.
It is recommended to use as much as possible upstream versions of the
Linux kernel and bootloaders, and to use as much as possible default

41
buildroot/docs/manual/adding-packages-cargo.txt
View File

@ -47,32 +47,31 @@ package. Let's start with an example:
13: FOO_DEPENDENCIES = host-cargo
14:
15: FOO_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo
16: FOO_CARGO_MODE = $(if $(BR2_ENABLE_DEBUG),debug,release)
17:
18: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
19:
20: FOO_CARGO_OPTS = \
21: --$(FOO_CARGO_MODE) \
22: --target=$(RUSTC_TARGET_NAME) \
23: --manifest-path=$(@D)/Cargo.toml
24:
25: define FOO_BUILD_CMDS
26: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
27: cargo build $(FOO_CARGO_OPTS)
28: endef
29:
30: define FOO_INSTALL_TARGET_CMDS
31: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
32: $(TARGET_DIR)/usr/bin/foo
33: endef
34:
35: $(eval $(generic-package))
16:
17: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
18:
19: FOO_CARGO_OPTS = \
20: $(if $(BR2_ENABLE_DEBUG),,--release) \
21: --target=$(RUSTC_TARGET_NAME) \
22: --manifest-path=$(@D)/Cargo.toml
23:
24: define FOO_BUILD_CMDS
25: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
26: cargo build $(FOO_CARGO_OPTS)
27: endef
28:
29: define FOO_INSTALL_TARGET_CMDS
30: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
31: $(TARGET_DIR)/usr/bin/foo
32: endef
33:
34: $(eval $(generic-package))
--------------------------------
The Makefile starts with the definition of the standard variables for package
declaration (lines 7 to 11).
As seen in line 35, it is based on the
As seen in line 34, it is based on the
xref:generic-package-tutorial[+generic-package+ infrastructure]. So, it defines
the variables required by this particular infrastructure, where Cargo is
invoked:

2
buildroot/docs/manual/adding-packages-waf.txt
View File

@ -34,7 +34,7 @@ will automatically download the tarball from this location.
On line 10, we tell Buildroot what options to enable for libfoo.
On line 11, we tell Buildroot the depednencies of libfoo.
On line 11, we tell Buildroot the dependencies of libfoo.
Finally, on line line 13, we invoke the +waf-package+
macro that generates all the Makefile rules that actually allows the

31
buildroot/docs/manual/contribute.txt
View File

@ -371,6 +371,37 @@ in the following cases:
* whenever you feel it will help presenting your work, your choices,
the review process, etc.
==== Patches for maintenance branches
When fixing bugs on a maintenance branch, bugs should be fixed on the
master branch first. The commit log for such a patch may then contain a
post-commit note specifying what branches are affected:
----
package/foo: fix stuff
Signed-off-by: Your Real Name <your@email.address>
---
Backport to: 2020.02.x, 2020.05.x
(2020.08.x not affected as the version was bumped)
----
Those changes will then be backported by a maintainer to the affected
branches.
However, some bugs may apply only to a specific release, for example
because it is using an older version of a package. In that case, patches
should be based off the maintenance branch, and the patch subject prefix
must include the maintenance branch name (for example "[PATCH 2020.02.x]").
This can be done with the +git format-patch+ flag +--subject-prefix+:
---------------------
$ git format-patch --subject-prefix "PATCH 2020.02.x" \
-M -s -o outgoing origin/2020.02.x
---------------------
Then send the patches with +git send-email+, as described above.
==== Patch revision changelog
When improvements are requested, the new revision of each commit

86
buildroot/docs/manual/manual.html
View File

File diff suppressed because one or more lines are too long

BIN
buildroot/docs/manual/manual.pdf
View File

Binary file not shown.

93
buildroot/docs/manual/manual.text
View File

@ -167,13 +167,13 @@ List of Examples
---------------------------------------------------------------------
Buildroot 2020.02.4 manual generated on 2020-07-26 08:11:34 UTC from
git revision dee53013da
Buildroot 2020.02.7 manual generated on 2020-10-12 21:37:33 UTC from
git revision d8082db677
The Buildroot manual is written by the Buildroot developers. It is
licensed under the GNU General Public License, version 2. Refer to
the COPYING [http://git.buildroot.org/buildroot/tree/COPYING?id=
dee53013da87dfa4bcb3433bdef79ec43b5a5c24] file in the Buildroot
d8082db677046e004a6537828b3e4f4b9a818a4f] file in the Buildroot
sources for the full text of this license.
Copyright © 2004-2020 The Buildroot developers
@ -3670,7 +3670,7 @@ build a system that is known to work. You are welcome to add support
for other boards to Buildroot too.
To do so, you need to create a normal Buildroot configuration that
builds a basic system for the hardware: toolchain, kernel,
builds a basic system for the hardware: (internal) toolchain, kernel,
bootloader, filesystem and a simple BusyBox-only userspace. No
specific package should be selected: the configuration should be as
minimal as possible, and should only build a working basic BusyBox
@ -3682,7 +3682,17 @@ This is because package selections are highly application-specific.
Once you have a known working configuration, run make savedefconfig.
This will generate a minimal defconfig file at the root of the
Buildroot source tree. Move this file into the configs/ directory,
and rename it <boardname>_defconfig.
and rename it <boardname>_defconfig. If the configuration is a bit
more complicated, it is nice to manually reformat it and separate it
into sections, with a comment before each section. Typical sections
are Architecture, Toolchain options (typically just linux headers
version), Firmware, Bootloader, Kernel, and Filesystem.
Always use fixed versions or commit hashes for the different
components, not the "latest" version. For example, set
BR2_LINUX_KERNEL_CUSTOM_VERSION=y and
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE to the kernel version you
tested with.
It is recommended to use as much as possible upstream versions of the
Linux kernel and bootloaders, and to use as much as possible default
@ -5877,7 +5887,7 @@ will automatically download the tarball from this location.
On line 10, we tell Buildroot what options to enable for libfoo.
On line 11, we tell Buildroot the depednencies of libfoo.
On line 11, we tell Buildroot the dependencies of libfoo.
Finally, on line line 13, we invoke the waf-package macro that
generates all the Makefile rules that actually allows the package to
@ -6080,31 +6090,30 @@ for such a package. Lets start with an example:
13: FOO_DEPENDENCIES = host-cargo
14:
15: FOO_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo
16: FOO_CARGO_MODE = $(if $(BR2_ENABLE_DEBUG),debug,release)
17:
18: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
19:
20: FOO_CARGO_OPTS = \
21: --$(FOO_CARGO_MODE) \
22: --target=$(RUSTC_TARGET_NAME) \
23: --manifest-path=$(@D)/Cargo.toml
24:
25: define FOO_BUILD_CMDS
26: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
27: cargo build $(FOO_CARGO_OPTS)
28: endef
29:
30: define FOO_INSTALL_TARGET_CMDS
31: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
32: $(TARGET_DIR)/usr/bin/foo
33: endef
34:
35: $(eval $(generic-package))
16:
17: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
18:
19: FOO_CARGO_OPTS = \
20: $(if $(BR2_ENABLE_DEBUG),,--release) \
21: --target=$(RUSTC_TARGET_NAME) \
22: --manifest-path=$(@D)/Cargo.toml
23:
24: define FOO_BUILD_CMDS
25: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
26: cargo build $(FOO_CARGO_OPTS)
27: endef
28:
29: define FOO_INSTALL_TARGET_CMDS
30: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
31: $(TARGET_DIR)/usr/bin/foo
32: endef
33:
34: $(eval $(generic-package))
The Makefile starts with the definition of the standard variables for
package declaration (lines 7 to 11).
As seen in line 35, it is based on the generic-package infrastructure
As seen in line 34, it is based on the generic-package infrastructure
. So, it defines the variables required by this particular
infrastructure, where Cargo is invoked:
@ -7499,7 +7508,35 @@ the following cases:
* whenever you feel it will help presenting your work, your
choices, the review process, etc.
21.5.4. Patch revision changelog
21.5.4. Patches for maintenance branches
When fixing bugs on a maintenance branch, bugs should be fixed on the
master branch first. The commit log for such a patch may then contain
a post-commit note specifying what branches are affected:
package/foo: fix stuff
Signed-off-by: Your Real Name <your@email.address>
---
Backport to: 2020.02.x, 2020.05.x
(2020.08.x not affected as the version was bumped)
Those changes will then be backported by a maintainer to the affected
branches.
However, some bugs may apply only to a specific release, for example
because it is using an older version of a package. In that case,
patches should be based off the maintenance branch, and the patch
subject prefix must include the maintenance branch name (for example
"[PATCH 2020.02.x]"). This can be done with the git format-patch flag
--subject-prefix:
$ git format-patch --subject-prefix "PATCH 2020.02.x" \
-M -s -o outgoing origin/2020.02.x
Then send the patches with git send-email, as described above.
21.5.5. Patch revision changelog
When improvements are requested, the new revision of each commit
should include a changelog of the modifications between each

11
buildroot/fs/cpio/init
View File

@ -1,4 +1,15 @@
#!/bin/sh
# devtmpfs does not get automounted for initramfs
/bin/mount -t devtmpfs devtmpfs /dev
# use the /dev/console device node from devtmpfs if possible to not
# confuse glibc's ttyname_r().
# This may fail (E.G. booted with console=), and errors from exec will
# terminate the shell, so use a subshell for the test
if (exec 0</dev/console) 2>/dev/null; then
exec 0</dev/console
exec 1>/dev/console
exec 2>/dev/console
fi
exec /sbin/init "$@"

10
buildroot/linux/Config.in
View File

@ -30,7 +30,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
bool "Latest version (5.4)"
config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
bool "Latest CIP SLTS version (4.19.118-cip25)"
bool "Latest CIP SLTS version (4.19.132-cip30)"
help
CIP launched in the spring of 2016 to address the needs of
organizations in industries such as power generation and
@ -49,7 +49,7 @@ config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
https://www.cip-project.org
config BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
bool "Latest CIP RT SLTS version (4.19.115-cip24-rt9)"
bool "Latest CIP RT SLTS version (4.19.132-cip30-rt12)"
help
Same as the CIP version, but this is the PREEMPT_RT realtime
variant.
@ -128,9 +128,9 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
default "5.4.45" if BR2_LINUX_KERNEL_LATEST_VERSION
default "4.19.118-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default "4.19.115-cip24-rt9" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
default "5.4.70" if BR2_LINUX_KERNEL_LATEST_VERSION
default "4.19.132-cip30" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default "4.19.132-cip30-rt12" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
if BR2_LINUX_KERNEL_CUSTOM_VERSION
default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL

14
buildroot/linux/linux.hash
View File

@ -1,13 +1,13 @@
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
sha256 103f039f34a9009c42ea643b4f473bda6bb9607d5ad7f63b56b3e2351615fe2e linux-5.4.45.tar.xz
sha256 c0b3d8085c5ba235df38b00b740e053659709e8a5ca21957a239f6bc22c45007 linux-5.4.70.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
sha256 418299385195f09b27e371a35f305f3aff148e7557a341b53460091303aa9bb7 linux-4.4.226.tar.xz
sha256 460a8c168fe5c60ce5b30015a4e4bf348d93a89f8b949de1f90779567ef345ca linux-4.9.226.tar.xz
sha256 4265afef56819b04656107a5abecde205c5bc5fb04b2e81447955e7e45db8085 linux-4.14.183.tar.xz
sha256 82af886bc588b5c8d7474beb2bac13810ee3ed07da356a2553c81ae8e52e586f linux-4.19.127.tar.xz
sha256 067814035c17e77dee84076dcc06a95eb675344cd926b7b79a16b80fee593364 linux-4.4.238.tar.xz
sha256 b1eaf60b771ec4df0546d2b7539e164355008ea2f680a0642ae430e9cb134a3f linux-4.9.238.tar.xz
sha256 5d404a0224a34b5379f1871cc46825487d557c2660459d2b5c3cd4871d699a38 linux-4.14.200.tar.xz
sha256 f2f709ef086a4d8cb3c15a857daa44dfecf1b88d7d7c53c980fb180f6dccbace linux-4.19.150.tar.xz
# Locally computed
sha256 ea53913813cb5a9069608532b327de7a7ed0fdc8fed8c6f10cd55d1ac6a58ffb linux-cip-4.19.118-cip25.tar.gz
sha256 7f0a0db0e1cfb14053523f4432f1ad1468b5bd42305b44905c4b103466c8d655 linux-cip-4.19.115-cip24-rt9.tar.gz
sha256 c20f9014b89ea3e27f55f1d407aa5a4724ed38ac520c197291e9d644f164c43a linux-cip-4.19.132-cip30.tar.gz
sha256 81dd791d9ad6c3fddaeaffc6d7d8df0e13831283a5fe494c437ac7820d79ca39 linux-cip-4.19.132-cip30-rt12.tar.gz
# Licenses hashes
sha256 ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff COPYING

6
buildroot/linux/linux.mk
View File

@ -160,7 +160,8 @@ endif
# Get the real Linux version, which tells us where kernel modules are
# going to be installed in the target filesystem.
LINUX_VERSION_PROBED = `$(MAKE) $(LINUX_MAKE_FLAGS) -C $(LINUX_DIR) --no-print-directory -s kernelrelease 2>/dev/null`
# Filter out 'w' from MAKEFLAGS, to workaround a bug in make 4.1 (#13141)
LINUX_VERSION_PROBED = `MAKEFLAGS='$(filter-out w,$(MAKEFLAGS))' $(MAKE) $(LINUX_MAKE_FLAGS) -C $(LINUX_DIR) --no-print-directory -s kernelrelease 2>/dev/null`
LINUX_DTS_NAME += $(call qstrip,$(BR2_LINUX_KERNEL_INTREE_DTS_NAME))
@ -535,7 +536,8 @@ endef
# Run depmod in a target-finalize hook, to encompass modules installed by
# packages.
define LINUX_RUN_DEPMOD
if grep -q "CONFIG_MODULES=y" $(LINUX_DIR)/.config; then \
if test -d $(TARGET_DIR)/lib/modules/$(LINUX_VERSION_PROBED) \
&& grep -q "CONFIG_MODULES=y" $(LINUX_DIR)/.config; then \
$(HOST_DIR)/sbin/depmod -a -b $(TARGET_DIR) $(LINUX_VERSION_PROBED); \
fi
endef

4
buildroot/package/alsa-utils/alsa-utils.mk
View File

@ -90,10 +90,10 @@ define ALSA_UTILS_INSTALL_INIT_SYSTEMD
$(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service
$(INSTALL) -D -m 0644 $(@D)/alsactl/alsa-state.service \
$(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service
mkdir $(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d
$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d
printf '[Install]\nWantedBy=multi-user.target\n' \
>$(TARGET_DIR)/usr/lib/systemd/system/alsa-restore.service.d/buildroot-enable.conf
mkdir $(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d
$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d
printf '[Install]\nWantedBy=multi-user.target\n' \
>$(TARGET_DIR)/usr/lib/systemd/system/alsa-state.service.d/buildroot-enable.conf;
endef

5
buildroot/package/apache/apache.hash
View File

@ -1,4 +1,5 @@
# From http://archive.apache.org/dist/httpd/httpd-2.4.43.tar.bz2.sha256
sha256 a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43 httpd-2.4.43.tar.bz2
# From http://archive.apache.org/dist/httpd/httpd-2.4.46.tar.bz2.{sha256,sha512}
sha256 740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea httpd-2.4.46.tar.bz2
sha512 5936784bb662e9d8a4f7fe38b70c043b468114d931cd10ea831bfe74461ea5856b64f88f42c567ab791fc8907640a99884ba4b6a600f86d661781812735b6f13 httpd-2.4.46.tar.bz2
# Locally computed
sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE

2
buildroot/package/apache/apache.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
APACHE_VERSION = 2.4.43
APACHE_VERSION = 2.4.46
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
APACHE_SITE = http://archive.apache.org/dist/httpd
APACHE_LICENSE = Apache-2.0

1
buildroot/package/avahi/avahi.mk
View File

@ -81,6 +81,7 @@ AVAHI_CONF_OPTS = \
--disable-mono \
--disable-monodoc \
--disable-stack-protector \
--disable-introspection \
--with-distro=none \
--disable-manpages \
$(if $(BR2_PACKAGE_AVAHI_AUTOIPD),--enable,--disable)-autoipd \

2
buildroot/package/bandwidthd/bandwidthd.service
View File

@ -5,7 +5,7 @@ After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/bandwidthd
PIDFile=/var/run/bandwidthd.pid
PIDFile=/run/bandwidthd.pid
[Install]
WantedBy=multi-user.target

293
buildroot/package/bash/0017-bash50-017.patch Normal file
View File

@ -0,0 +1,293 @@
From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-017
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BASH PATCH REPORT
=================
Bash-Release: 5.0
Patch-ID: bash50-017
Bug-Reported-by: Valentin Lab <valentin.lab@kalysto.org>
Bug-Reference-ID: <ab981b9c-60a5-46d0-b7e6-a6d88b80df50@kalysto.org>
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2020-03/msg00062.html
Bug-Description:
There were cases where patch 16 reaped process substitution file descriptors
(or FIFOs) and processes to early. This is a better fix for the problem that
bash50-016 attempted to solve.
Patch (apply with `patch -p0'):
*** bash-5.0-patched/subst.c 2019-08-29 11:16:49.000000000 -0400
--- b/subst.c 2020-04-02 16:24:19.000000000 -0400
***************
*** 5337,5341 ****
}
! char *
copy_fifo_list (sizep)
int *sizep;
--- b/5337,5341 ----
}
! void *
copy_fifo_list (sizep)
int *sizep;
***************
*** 5343,5347 ****
if (sizep)
*sizep = 0;
! return (char *)NULL;
}
--- b/5343,5347 ----
if (sizep)
*sizep = 0;
! return (void *)NULL;
}
***************
*** 5409,5414 ****
if (fifo_list[i].file)
{
! fifo_list[j].file = fifo_list[i].file;
! fifo_list[j].proc = fifo_list[i].proc;
j++;
}
--- b/5409,5419 ----
if (fifo_list[i].file)
{
! if (i != j)
! {
! fifo_list[j].file = fifo_list[i].file;
! fifo_list[j].proc = fifo_list[i].proc;
! fifo_list[i].file = (char *)NULL;
! fifo_list[i].proc = 0;
! }
j++;
}
***************
*** 5426,5433 ****
void
close_new_fifos (list, lsize)
! char *list;
int lsize;
{
int i;
if (list == 0)
--- b/5431,5439 ----
void
close_new_fifos (list, lsize)
! void *list;
int lsize;
{
int i;
+ char *plist;
if (list == 0)
***************
*** 5437,5442 ****
}
! for (i = 0; i < lsize; i++)
! if (list[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
unlink_fifo (i);
--- b/5443,5448 ----
}
! for (plist = (char *)list, i = 0; i < lsize; i++)
! if (plist[i] == 0 && i < fifo_list_size && fifo_list[i].proc != -1)
unlink_fifo (i);
***************
*** 5560,5568 ****
}
! char *
copy_fifo_list (sizep)
int *sizep;
{
! char *ret;
if (nfds == 0 || totfds == 0)
--- b/5566,5574 ----
}
! void *
copy_fifo_list (sizep)
int *sizep;
{
! void *ret;
if (nfds == 0 || totfds == 0)
***************
*** 5570,5579 ****
if (sizep)
*sizep = 0;
! return (char *)NULL;
}
if (sizep)
*sizep = totfds;
! ret = (char *)xmalloc (totfds * sizeof (pid_t));
return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
}
--- b/5576,5585 ----
if (sizep)
*sizep = 0;
! return (void *)NULL;
}
if (sizep)
*sizep = totfds;
! ret = xmalloc (totfds * sizeof (pid_t));
return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t)));
}
***************
*** 5648,5655 ****
void
close_new_fifos (list, lsize)
! char *list;
int lsize;
{
int i;
if (list == 0)
--- b/5654,5662 ----
void
close_new_fifos (list, lsize)
! void *list;
int lsize;
{
int i;
+ pid_t *plist;
if (list == 0)
***************
*** 5659,5664 ****
}
! for (i = 0; i < lsize; i++)
! if (list[i] == 0 && i < totfds && dev_fd_list[i])
unlink_fifo (i);
--- b/5666,5671 ----
}
! for (plist = (pid_t *)list, i = 0; i < lsize; i++)
! if (plist[i] == 0 && i < totfds && dev_fd_list[i])
unlink_fifo (i);
*** bash-5.0-patched/subst.h 2018-10-21 18:46:09.000000000 -0400
--- b/subst.h 2020-04-02 16:29:28.000000000 -0400
***************
*** 274,280 ****
extern void unlink_fifo __P((int));
! extern char *copy_fifo_list __P((int *));
! extern void unlink_new_fifos __P((char *, int));
! extern void close_new_fifos __P((char *, int));
extern void clear_fifo_list __P((void));
--- b/274,279 ----
extern void unlink_fifo __P((int));
! extern void *copy_fifo_list __P((int *));
! extern void close_new_fifos __P((void *, int));
extern void clear_fifo_list __P((void));
*** bash-5.0-patched/execute_cmd.c 2020-02-06 20:16:48.000000000 -0500
--- b/execute_cmd.c 2020-04-02 17:00:10.000000000 -0400
***************
*** 565,569 ****
#if defined (PROCESS_SUBSTITUTION)
volatile int ofifo, nfifo, osize, saved_fifo;
! volatile char *ofifo_list;
#endif
--- b/565,569 ----
#if defined (PROCESS_SUBSTITUTION)
volatile int ofifo, nfifo, osize, saved_fifo;
! volatile void *ofifo_list;
#endif
***************
*** 751,760 ****
# endif
! if (variable_context != 0) /* XXX - also if sourcelevel != 0? */
{
ofifo = num_fifos ();
ofifo_list = copy_fifo_list ((int *)&osize);
begin_unwind_frame ("internal_fifos");
! add_unwind_protect (xfree, ofifo_list);
saved_fifo = 1;
}
--- b/751,762 ----
# endif
! /* XXX - also if sourcelevel != 0? */
! if (variable_context != 0)
{
ofifo = num_fifos ();
ofifo_list = copy_fifo_list ((int *)&osize);
begin_unwind_frame ("internal_fifos");
! if (ofifo_list)
! add_unwind_protect (xfree, ofifo_list);
saved_fifo = 1;
}
***************
*** 1100,1123 ****
nfifo = num_fifos ();
if (nfifo > ofifo)
! close_new_fifos ((char *)ofifo_list, osize);
free ((void *)ofifo_list);
discard_unwind_frame ("internal_fifos");
}
- # if defined (HAVE_DEV_FD)
- /* Reap process substitutions at the end of loops */
- switch (command->type)
- {
- case cm_while:
- case cm_until:
- case cm_for:
- case cm_group:
- # if defined (ARITH_FOR_COMMAND)
- case cm_arith_for:
- # endif
- reap_procsubs ();
- default:
- break;
- }
- # endif /* HAVE_DEV_FD */
#endif
--- b/1102,1109 ----
nfifo = num_fifos ();
if (nfifo > ofifo)
! close_new_fifos ((void *)ofifo_list, osize);
free ((void *)ofifo_list);
discard_unwind_frame ("internal_fifos");
}
#endif
*** bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 16
#endif /* _PATCHLEVEL_H_ */
--- b/26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 17
#endif /* _PATCHLEVEL_H_ */

49
buildroot/package/bash/0018-bash50-018.patch Normal file
View File

@ -0,0 +1,49 @@
From https://ftp.gnu.org/gnu/bash/bash-5.0-patches/bash55-018
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BASH PATCH REPORT
=================
Bash-Release: 5.0
Patch-ID: bash50-018
Bug-Reported-by: oguzismailuysal@gmail.com
Bug-Reference-ID:
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2019-10/msg00098.html
Bug-Description:
In certain cases, bash does not perform quoted null removal on patterns
that are used as part of word expansions such as ${parameter##pattern}, so
empty patterns are treated as non-empty.
Patch (apply with `patch -p0'):
*** bash-5.0.17/subst.c 2020-04-02 17:14:58.000000000 -0400
--- b/subst.c 2020-07-09 15:28:19.000000000 -0400
***************
*** 5113,5116 ****
--- b/5113,5118 ----
(int *)NULL, (int *)NULL)
: (WORD_LIST *)0;
+ if (l)
+ word_list_remove_quoted_nulls (l);
pat = string_list (l);
dispose_words (l);
*** bash-5.0/patchlevel.h 2016-06-22 14:51:03.000000000 -0400
--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 17
#endif /* _PATCHLEVEL_H_ */
--- b/26,30 ----
looks for to find the patch level (for the sccs version string). */
! #define PATCHLEVEL 18
#endif /* _PATCHLEVEL_H_ */

0
buildroot/package/bash/0017-input.h-add-missing-include-on-stdio.h.patch → buildroot/package/bash/0019-input.h-add-missing-include-on-stdio.h.patch
View File

0
buildroot/package/bash/0018-locale.c-fix-build-without-wchar.patch → buildroot/package/bash/0020-locale.c-fix-build-without-wchar.patch
View File

4
buildroot/package/bind/bind.hash
View File

@ -1,4 +1,4 @@
# Verified from https://ftp.isc.org/isc/bind9/9.11.20/bind-9.11.20.tar.gz.asc
# Verified from https://ftp.isc.org/isc/bind9/9.11.22/bind-9.11.22.tar.gz.asc
# with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
sha256 306831a738a275693bbe1d6839a09b34a2c8b5c26f8a42ea57ef000a6a99c2b6 bind-9.11.20.tar.gz
sha256 afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9 bind-9.11.22.tar.gz
sha256 da2aec2b7f6f0feb16bcb080e2c587375fd3195145f047e4d92d112f5b9db501 COPYRIGHT

2
buildroot/package/bind/bind.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
BIND_VERSION = 9.11.20
BIND_VERSION = 9.11.22
BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)

1
buildroot/package/bison/bison.mk
View File

@ -13,5 +13,6 @@ BISON_LICENSE_FILES = COPYING
BISON_MAKE = $(MAKE1)
HOST_BISON_DEPENDENCIES = host-m4
HOST_BISON_CONF_OPTS = --enable-relocatable
HOST_BISON_CONF_ENV = ac_cv_libtextstyle=no
$(eval $(host-autotools-package))

1
buildroot/package/boost/boost.mk
View File

@ -134,6 +134,7 @@ define BOOST_CONFIGURE_CMDS
(cd $(@D) && ./bootstrap.sh $(BOOST_FLAGS))
echo "using gcc : `$(TARGET_CC) -dumpversion` : $(TARGET_CXX) : <cxxflags>\"$(BOOST_TARGET_CXXFLAGS)\" <linkflags>\"$(TARGET_LDFLAGS)\" ;" > $(@D)/user-config.jam
echo "" >> $(@D)/user-config.jam
sed -i "s/: -O.* ;/: $(TARGET_OPTIMIZATION) ;/" $(@D)/tools/build/src/tools/gcc.jam
endef
define BOOST_BUILD_CMDS

92
buildroot/package/brotli/0001-CMake-Allow-using-BUILD_SHARED_LIBS-to-choose-static.patch
View File

@ -1,6 +1,6 @@
From 7289e5a378ba13801996a84d89d8fe95c3fc4c11 Mon Sep 17 00:00:00 2001
From 6cb16322decd643fed9de332d9cda77f7738b7af Mon Sep 17 00:00:00 2001
From: Adrian Perez de Castro <aperez@igalia.com>
Date: Mon, 26 Mar 2018 19:08:31 +0100
Date: Mon, 7 Sep 2020 12:14:22 +0300
Subject: [PATCH] CMake: Allow using BUILD_SHARED_LIBS to choose static/shared
libs
@ -18,16 +18,16 @@ This way, the following will both work as expected:
This is helpful for distributions which need (or want) to build only
static libraries.
---
CMakeLists.txt | 42 ++++++++++++++----------------------------
c/fuzz/test_fuzzer.sh | 6 +++---
2 files changed, 17 insertions(+), 31 deletions(-)
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Upstream-Status: Submitted [https://github.com/google/brotli/pull/655]
[Upstream status: https://github.com/google/brotli/pull/655]
---
CMakeLists.txt | 46 ++++++++++++++-----------------------------
c/fuzz/test_fuzzer.sh | 6 +++---
2 files changed, 18 insertions(+), 34 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fc45f80..3f87f13 100644
index 4ff3401..f889311 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,6 +6,8 @@ cmake_minimum_required(VERSION 2.8.6)
@ -36,10 +36,10 @@ index fc45f80..3f87f13 100644
+option(BUILD_SHARED_LIBS "Build shared libraries" ON)
+
# If Brotli is being bundled in another project, we don't want to
# install anything. However, we want to let people override this, so
# we'll use the BROTLI_BUNDLED_MODE variable to let them do that; just
@@ -114,10 +116,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
message(STATUS "Setting build type to Release as none was specified.")
set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose the type of build." FORCE)
@@ -137,10 +139,6 @@ set(BROTLI_LIBRARIES_CORE brotlienc brotlidec brotlicommon)
set(BROTLI_LIBRARIES ${BROTLI_LIBRARIES_CORE} ${LIBM_LIBRARY})
mark_as_advanced(BROTLI_LIBRARIES)
@ -50,14 +50,20 @@ index fc45f80..3f87f13 100644
if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
add_definitions(-DOS_LINUX)
elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
@@ -137,24 +135,22 @@ endfunction()
transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
@@ -161,29 +159,25 @@ transform_sources_list("scripts/sources.lst" "${CMAKE_CURRENT_BINARY_DIR}/source
include("${CMAKE_CURRENT_BINARY_DIR}/sources.lst.cmake")
-add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
-add_library(brotlidec SHARED ${BROTLI_DEC_C})
-add_library(brotlienc SHARED ${BROTLI_ENC_C})
-
if(BROTLI_EMSCRIPTEN)
- set(BROTLI_SHARED_LIBS "")
-else()
- set(BROTLI_SHARED_LIBS brotlicommon brotlidec brotlienc)
- add_library(brotlicommon SHARED ${BROTLI_COMMON_C})
- add_library(brotlidec SHARED ${BROTLI_DEC_C})
- add_library(brotlienc SHARED ${BROTLI_ENC_C})
+ set(BUILD_SHARED_LIBS OFF)
endif()
-set(BROTLI_STATIC_LIBS brotlicommon-static brotlidec-static brotlienc-static)
-add_library(brotlicommon-static STATIC ${BROTLI_COMMON_C})
-add_library(brotlidec-static STATIC ${BROTLI_DEC_C})
-add_library(brotlienc-static STATIC ${BROTLI_ENC_C})
@ -68,27 +74,27 @@ index fc45f80..3f87f13 100644
# Older CMake versions does not understand INCLUDE_DIRECTORIES property.
include_directories(${BROTLI_INCLUDE_DIRS})
-foreach(lib IN LISTS BROTLI_SHARED_LIBS)
- target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
- string(TOUPPER "${lib}" LIB)
- set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
-endforeach()
+if(BUILD_SHARED_LIBS)
+ foreach(lib brotlicommon brotlidec brotlienc)
+ target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
+ string(TOUPPER "${lib}" LIB)
+ set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
+ set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION")
+ endforeach()
+endif()
+
foreach(lib brotlicommon brotlidec brotlienc)
- target_compile_definitions(${lib} PUBLIC "BROTLI_SHARED_COMPILATION" )
- string(TOUPPER "${lib}" LIB)
- set_target_properties (${lib} PROPERTIES DEFINE_SYMBOL "${LIB}_SHARED_COMPILATION" )
-endforeach()
-
-foreach(lib brotlicommon brotlidec brotlienc brotlicommon-static brotlidec-static brotlienc-static)
-foreach(lib IN LISTS BROTLI_SHARED_LIBS BROTLI_STATIC_LIBS)
+foreach(lib brotlicommon brotlidec brotlienc)
target_link_libraries(${lib} ${LIBM_LIBRARY})
set_property(TARGET ${lib} APPEND PROPERTY INCLUDE_DIRECTORIES ${BROTLI_INCLUDE_DIRS})
set_target_properties(${lib} PROPERTIES
@@ -167,9 +163,6 @@ endforeach()
target_link_libraries(brotlidec brotlicommon)
@@ -200,9 +194,6 @@ target_link_libraries(brotlidec brotlicommon)
target_link_libraries(brotlienc brotlicommon)
endif()
-target_link_libraries(brotlidec-static brotlicommon-static)
-target_link_libraries(brotlienc-static brotlicommon-static)
@ -96,7 +102,7 @@ index fc45f80..3f87f13 100644
# For projects stuck on older versions of CMake, this will set the
# BROTLI_INCLUDE_DIRS and BROTLI_LIBRARIES variables so they still
# have a relatively easy way to use Brotli:
@@ -183,7 +176,7 @@ endif()
@@ -216,7 +207,7 @@ endif()
# Build the brotli executable
add_executable(brotli ${BROTLI_CLI_C})
@ -104,8 +110,8 @@ index fc45f80..3f87f13 100644
+target_link_libraries(brotli ${BROTLI_LIBRARIES})
# Installation
if(NOT BROTLI_BUNDLED_MODE)
@@ -199,13 +192,6 @@ if(NOT BROTLI_BUNDLED_MODE)
if(NOT BROTLI_EMSCRIPTEN)
@@ -233,13 +224,6 @@ if(NOT BROTLI_BUNDLED_MODE)
RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"
)
@ -119,26 +125,6 @@ index fc45f80..3f87f13 100644
install(
DIRECTORY ${BROTLI_INCLUDE_DIRS}/brotli
DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}"
diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh
index 9985194..4b99947 100755
--- a/c/fuzz/test_fuzzer.sh
+++ b/c/fuzz/test_fuzzer.sh
@@ -13,12 +13,12 @@ mkdir bin
cd bin
cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \
- -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address
-make -j$(nproc) brotlidec-static
+ -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF -DENABLE_SANITIZER=address
+make -j$(nproc) brotlidec
${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \
$SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \
- ./libbrotlidec-static.a ./libbrotlicommon-static.a
+ ./libbrotlidec.a ./libbrotlicommon.a
mkdir decode_corpora
unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora
--
2.19.1
2.28.0

51
buildroot/package/brotli/0002-Revert-Add-runtime-linker-path-to-pkg-config-files.patch Normal file
View File

@ -0,0 +1,51 @@
From 09b0992b6acb7faa6fd3b23f9bc036ea117230fc Mon Sep 17 00:00:00 2001
From: Eugene Kliuchnikov <eustas.ru@gmail.com>
Date: Wed, 2 Sep 2020 11:38:26 +0200
Subject: [PATCH] Revert "Add runtime linker path to pkg-config files (#740)"
(#838)
This reverts commit 31754d4ffce14153b5c2addf7a11019ec23f51c1.
[Retrieved from:
https://github.com/google/brotli/commit/09b0992b6acb7faa6fd3b23f9bc036ea117230fc]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
scripts/libbrotlicommon.pc.in | 2 +-
scripts/libbrotlidec.pc.in | 2 +-
scripts/libbrotlienc.pc.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/libbrotlicommon.pc.in b/scripts/libbrotlicommon.pc.in
index 10ca969e..2a8cf7a3 100644
--- a/scripts/libbrotlicommon.pc.in
+++ b/scripts/libbrotlicommon.pc.in
@@ -7,5 +7,5 @@ Name: libbrotlicommon
URL: https://github.com/google/brotli
Description: Brotli common dictionary library
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -R${libdir} -lbrotlicommon
+Libs: -L${libdir} -lbrotlicommon
Cflags: -I${includedir}
diff --git a/scripts/libbrotlidec.pc.in b/scripts/libbrotlidec.pc.in
index e7c3124f..6f8ef2e4 100644
--- a/scripts/libbrotlidec.pc.in
+++ b/scripts/libbrotlidec.pc.in
@@ -7,6 +7,6 @@ Name: libbrotlidec
URL: https://github.com/google/brotli
Description: Brotli decoder library
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -R${libdir} -lbrotlidec
+Libs: -L${libdir} -lbrotlidec
Requires.private: libbrotlicommon >= 1.0.2
Cflags: -I${includedir}
diff --git a/scripts/libbrotlienc.pc.in b/scripts/libbrotlienc.pc.in
index 4dd0811b..2098afe2 100644
--- a/scripts/libbrotlienc.pc.in
+++ b/scripts/libbrotlienc.pc.in
@@ -7,6 +7,6 @@ Name: libbrotlienc
URL: https://github.com/google/brotli
Description: Brotli encoder library
Version: @PACKAGE_VERSION@
-Libs: -L${libdir} -R${libdir} -lbrotlienc
+Libs: -L${libdir} -lbrotlienc
Requires.private: libbrotlicommon >= 1.0.2
Cflags: -I${includedir}

2
buildroot/package/brotli/brotli.hash
View File

@ -1,5 +1,5 @@
# Locally generated:
sha512 a82362aa36d2f2094bca0b2808d9de0d57291fb3a4c29d7c0ca0a37e73087ec5ac4df299c8c363e61106fccf2fe7f58b5cf76eb97729e2696058ef43b1d3930a v1.0.7.tar.gz
sha512 b8e2df955e8796ac1f022eb4ebad29532cb7e3aa6a4b6aee91dbd2c7d637eee84d9a144d3e878895bb5e62800875c2c01c8f737a1261020c54feacf9f676b5f5 v1.0.9.tar.gz
# Hash for license files:
sha512 bae78184c2f50f86d8c727826d3982c469454c42b9af81f4ef007e39036434fa894cf5be3bf5fc65b7de2301f0a72d067a8186e303327db8a96bd14867e0a3a8 LICENSE

2
buildroot/package/brotli/brotli.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
BROTLI_VERSION = 1.0.7
BROTLI_VERSION = 1.0.9
BROTLI_SOURCE = v$(BROTLI_VERSION).tar.gz
BROTLI_SITE = https://github.com/google/brotli/archive
BROTLI_LICENSE = MIT

13
buildroot/package/busybox/busybox.mk
View File

@ -237,6 +237,18 @@ define BUSYBOX_SET_SELINUX
endef
endif
# enable relevant options to allow the Busybox less applet to be used
# as a systemd pager
ifeq ($(BR2_PACKAGE_SYSTEMD):$(BR2_PACKAGE_LESS),y:)
define BUSYBOX_SET_LESS_FLAGS
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_DASHCMD)
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_RAW)
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_TRUNCATE)
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_FLAGS)
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_ENV)
endef
endif
ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
define BUSYBOX_SET_INDIVIDUAL_BINARIES
$(call KCONFIG_ENABLE_OPT,CONFIG_BUILD_LIBBUSYBOX,$(BUSYBOX_BUILD_CONFIG))
@ -338,6 +350,7 @@ define BUSYBOX_KCONFIG_FIXUP_CMDS
$(BUSYBOX_SET_INIT)
$(BUSYBOX_SET_WATCHDOG)
$(BUSYBOX_SET_SELINUX)
$(BUSYBOX_SET_LESS_FLAGS)
$(BUSYBOX_SET_INDIVIDUAL_BINARIES)
endef

6
buildroot/package/busybox/udhcpc.script
View File

@ -42,19 +42,19 @@ case "$1" in
rm -f $TMPFILE
if [ -x /usr/sbin/avahi-autoipd ]; then
/usr/sbin/avahi-autoipd -k $interface
/usr/sbin/avahi-autoipd -c $interface && /usr/sbin/avahi-autoipd -k $interface
fi
;;
leasefail|nak)
if [ -x /usr/sbin/avahi-autoipd ]; then
/usr/sbin/avahi-autoipd -wD $interface --no-chroot
/usr/sbin/avahi-autoipd -c $interface || /usr/sbin/avahi-autoipd -wD $interface --no-chroot
fi
;;
renew|bound)
if [ -x /usr/sbin/avahi-autoipd ]; then
/usr/sbin/avahi-autoipd -k $interface
/usr/sbin/avahi-autoipd -c $interface && /usr/sbin/avahi-autoipd -k $interface
fi
/sbin/ifconfig $interface $ip $BROADCAST $NETMASK
if [ -n "$ipv6" ] ; then

7
buildroot/package/capnproto/capnproto.mk
View File

@ -21,5 +21,12 @@ endif
# The actual source to be compiled is within a 'c++' subdirectory
CAPNPROTO_SUBDIR = c++
ifeq ($(BR2_PACKAGE_OPENSSL),y)
CAPNPROTO_CONF_OPTS += --with-openssl
CAPNPROTO_DEPENDENCIES += openssl
else
CAPNPROTO_CONF_OPTS += --without-openssl
endif
$(eval $(autotools-package))
$(eval $(host-autotools-package))

7
buildroot/package/chrony/chrony.hash
View File

@ -1,5 +1,4 @@
# From https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2019/05/msg00001.html
md5 5f66338bc940a9b51eede8f391e7bed3 chrony-3.5.tar.gz
sha1 79e9aeace143550300387a99f17bff04b45673f7 chrony-3.5.tar.gz
# From https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html
sha256 1ba82f70db85d414cd7420c39858e3ceca4b9eb8b028cbe869512c3a14a2dca7 chrony-3.5.1.tar.gz
# Locally calculated
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING

2
buildroot/package/chrony/chrony.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CHRONY_VERSION = 3.5
CHRONY_VERSION = 3.5.1
CHRONY_SITE = http://download.tuxfamily.org/chrony
CHRONY_LICENSE = GPL-2.0
CHRONY_LICENSE_FILES = COPYING

41
buildroot/package/cifs-utils/0001-Use-DESTDIR-when-installing-mount.smb3-and-optionall.patch Normal file
View File

@ -0,0 +1,41 @@
From dbb4452787cb966cc74b2015689961875fd5d668 Mon Sep 17 00:00:00 2001
From: Ryan Barnett <ryanbarnett3@gmail.com>
Date: Mon, 27 Apr 2020 22:03:25 -0500
Subject: [PATCH] Use DESTDIR when installing mount.smb3 and optionally install
man page
Properly create mount.smb3 symlink by using DESTDIR. Also use
CONFIG_MAN to optionally install manpage for mount.smb3.
Signed-off-by: Ryan Barnett <ryanbarnett3@gmail.com>
---
Upstream: https://marc.info/?l=linux-cifs&m=158804444725745&w=2
---
Makefile.am | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index fe9cd34..e0587f1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -119,11 +119,13 @@ endif
SUBDIRS = contrib
install-exec-hook:
- (cd $(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
+ (cd $(DESTDIR)$(ROOTSBINDIR) && ln -sf mount.cifs mount.smb3)
+if CONFIG_MAN
install-data-hook:
- (cd $(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
+ (cd $(DESTDIR)$(man8dir) && ln -sf mount.cifs.8 mount.smb3.8)
+endif
uninstall-hook:
- (cd $(ROOTSBINDIR) && rm -f $(ROOTSBINDIR)/mount.smb3)
- (cd $(man8dir) && rm -f $(man8dir)/mount.smb3.8)
+ rm -f $(DESTDIR)$(ROOTSBINDIR)/mount.smb3
+ rm -f $(DESTDIR)$(man8dir)/mount.smb3.8
--
2.17.1

4
buildroot/package/cifs-utils/cifs-utils.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
sha256 18d8f1bf92c13c4d611502dbd6759e3a766ddc8467ec8a2eda3f589e40b9ac9c cifs-utils-6.9.tar.bz2
sha256 b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9 cifs-utils-6.11.tar.bz2
# Hash for license file:
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING

7
buildroot/package/cifs-utils/cifs-utils.mk
View File

@ -4,12 +4,12 @@
#
################################################################################
CIFS_UTILS_VERSION = 6.9
CIFS_UTILS_VERSION = 6.11
CIFS_UTILS_SOURCE = cifs-utils-$(CIFS_UTILS_VERSION).tar.bz2
CIFS_UTILS_SITE = http://ftp.samba.org/pub/linux-cifs/cifs-utils
CIFS_UTILS_LICENSE = GPL-3.0+
CIFS_UTILS_LICENSE_FILES = COPYING
# Missing install-sh in release tarball
# Missing install-sh in release tarball and patching Makefile.am
CIFS_UTILS_AUTORECONF = YES
CIFS_UTILS_DEPENDENCIES = host-pkgconf
@ -17,6 +17,9 @@ CIFS_UTILS_DEPENDENCIES = host-pkgconf
# the global BR2_RELRO_FULL option.
CIFS_UTILS_CONF_OPTS = --disable-pie --disable-man
# uses C11 code in smbinfo.c and mtab.c
CIFS_UTILS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=gnu11"
ifeq ($(BR2_PACKAGE_KEYUTILS),y)
CIFS_UTILS_DEPENDENCIES += keyutils
endif

1
buildroot/package/collectd/Config.in
View File

@ -593,7 +593,6 @@ comment "grpc needs a toolchain w/ C++, gcc >= 4.8"
config BR2_PACKAGE_COLLECTD_MQTT
bool "mqtt"
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # mosquitto
select BR2_PACKAGE_MOSQUITTO
help
Sends metrics to and/or receives metrics from an MQTT broker.

30
buildroot/package/cpio/0001-Minor-fix.patch Normal file
View File

@ -0,0 +1,30 @@
From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Mon, 20 Jan 2020 07:45:39 +0200
Subject: Minor fix * src/global.c: Remove superfluous declaration of
program_name
[Retrieved from:
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=641d3f489cf6238bb916368d4ba0d9325a235afb]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/global.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/global.c b/src/global.c
index fb3abe9..acf92bc 100644
--- a/src/global.c
+++ b/src/global.c
@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
/* Extract to standard output? */
bool to_stdout_option = false;
-/* The name this program was run with. */
-char *program_name;
-
/* A pointer to either lstat or stat, depending on whether
dereferencing of symlinks is done for input files. */
int (*xstat) ();
--
cgit v1.2.1

179
buildroot/package/cryptsetup/0002-Add-support-for-upcoming-json-c-0.14.0.patch Normal file
View File

@ -0,0 +1,179 @@
From 604abec333a0efb44fd8bc610aa0b1151dd0f612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Mon, 13 Apr 2020 11:48:17 +0200
Subject: [PATCH] Add support for upcoming json-c 0.14.0.
* TRUE/FALSE are not defined anymore. 1 and 0 are used instead.
* json_object_get_uint64() and json_object_new_uint64() are part
of the upstream API now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
lib/luks2/luks2_internal.h | 4 +++-
lib/luks2/luks2_json_metadata.c | 38 +++++++++++++++++----------------
2 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
index b9fec6b5..939101d6 100644
--- a/lib/luks2/luks2_internal.h
+++ b/lib/luks2/luks2_internal.h
@@ -58,9 +58,11 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
uint64_t json_object_get_uint64(json_object *jobj);
-uint32_t json_object_get_uint32(json_object *jobj);
json_object *json_object_new_uint64(uint64_t value);
+#endif
+uint32_t json_object_get_uint32(json_object *jobj);
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 781280c2..712c2bbd 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -234,13 +234,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
if (*endptr || errno) {
*value = 0;
- return FALSE;
+ return 0;
}
*value = tmp;
- return TRUE;
+ return 1;
}
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
uint64_t json_object_get_uint64(json_object *jobj)
{
uint64_t r;
@@ -262,6 +263,7 @@ json_object *json_object_new_uint64(uint64_t value)
jobj = json_object_new_string(num);
return jobj;
}
+#endif
/*
* Validate helpers
@@ -273,9 +275,9 @@ static json_bool numbered(struct crypt_device *cd, const char *name, const char
for (i = 0; key[i]; i++)
if (!isdigit(key[i])) {
log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
- return FALSE;
+ return 0;
}
- return TRUE;
+ return 1;
}
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
@@ -300,7 +302,7 @@ json_bool validate_json_uint32(json_object *jobj)
errno = 0;
tmp = json_object_get_int64(jobj);
- return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
+ return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
}
static json_bool validate_keyslots_array(struct crypt_device *cd,
@@ -313,17 +315,17 @@ static json_bool validate_keyslots_array(struct crypt_device *cd,
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
- return FALSE;
+ return 0;
}
if (!json_contains(cd, jobj_keys, "", "Keyslots section",
json_object_get_string(jobj), json_type_object))
- return FALSE;
+ return 0;
i++;
}
- return TRUE;
+ return 1;
}
static json_bool validate_segments_array(struct crypt_device *cd,
@@ -336,17 +338,17 @@ static json_bool validate_segments_array(struct crypt_device *cd,
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in segments array at index %d.", i);
- return FALSE;
+ return 0;
}
if (!json_contains(cd, jobj_segments, "", "Segments section",
json_object_get_string(jobj), json_type_object))
- return FALSE;
+ return 0;
i++;
}
- return TRUE;
+ return 1;
}
static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
@@ -357,10 +359,10 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
UNUSED(key);
json_object_object_get_ex(val, "segments", &jobj_segments);
if (LUKS2_array_jobj(jobj_segments, segment_name))
- return TRUE;
+ return 1;
}
- return FALSE;
+ return 0;
}
static json_bool validate_intervals(struct crypt_device *cd,
@@ -372,18 +374,18 @@ static json_bool validate_intervals(struct crypt_device *cd,
while (i < length) {
if (ix[i].offset < 2 * metadata_size) {
log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
- return FALSE;
+ return 0;
}
if (!ix[i].length) {
log_dbg(cd, "Area length must be greater than zero.");
- return FALSE;
+ return 0;
}
if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
- return FALSE;
+ return 0;
}
for (j = 0; j < length; j++) {
@@ -393,14 +395,14 @@ static json_bool validate_intervals(struct crypt_device *cd,
log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
ix[i].offset, ix[i].offset + ix[i].length,
ix[j].offset, ix[j].offset + ix[j].length);
- return FALSE;
+ return 0;
}
}
i++;
}
- return TRUE;
+ return 1;
}
static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
--
2.20.1

512
buildroot/package/cryptsetup/0003-Avoid-name-clash-with-newer-json-c-library.patch Normal file
View File

@ -0,0 +1,512 @@
From 55cf272d275c561459f2c9c3dc943ef7a69c9d4c Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Tue, 14 Apr 2020 17:24:54 +0200
Subject: [PATCH] Avoid name clash with newer json-c library.
This is partial revert of previous commit and also
fixes wrong decision to name our internal helpers with
json_object prefix.
(cherry picked from commit e6a356974330e3ae21579a5737976e9a2aad1b51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
lib/luks2/luks2_internal.h | 8 +++-----
lib/luks2/luks2_json_format.c | 6 +++---
lib/luks2/luks2_json_metadata.c | 18 ++++++++----------
lib/luks2/luks2_keyslot.c | 8 ++++----
lib/luks2/luks2_keyslot_luks2.c | 16 ++++++++--------
lib/luks2/luks2_keyslot_reenc.c | 20 ++++++++++----------
lib/luks2/luks2_luks1_convert.c | 22 +++++++++++-----------
lib/luks2/luks2_reencrypt.c | 16 ++++++++--------
lib/luks2/luks2_segment.c | 12 ++++++------
9 files changed, 61 insertions(+), 65 deletions(-)
diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
index 6a8b8f2a..d2222e84 100644
--- a/lib/luks2/luks2_internal.h
+++ b/lib/luks2/luks2_internal.h
@@ -59,11 +59,9 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);
-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
-uint64_t json_object_get_uint64(json_object *jobj);
-json_object *json_object_new_uint64(uint64_t value);
-#endif
-uint32_t json_object_get_uint32(json_object *jobj);
+uint64_t crypt_jobj_get_uint64(json_object *jobj);
+uint32_t crypt_jobj_get_uint32(json_object *jobj);
+json_object *crypt_jobj_new_uint64(uint64_t value);
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
index d4f36247..32ea0ea4 100644
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -325,8 +325,8 @@ int LUKS2_generate_hdr(
json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
- json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
- json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
+ json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
JSON_DBG(cd, hdr->jobj, "Header JSON:");
return 0;
@@ -400,6 +400,6 @@ int LUKS2_set_keyslots_size(struct crypt_device *cd,
if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
return 1;
- json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
return 0;
}
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 52421fac..19fb9588 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -219,7 +219,7 @@ int LUKS2_get_default_segment(struct luks2_hdr *hdr)
* json_type_int needs to be validated first.
* See validate_json_uint32()
*/
-uint32_t json_object_get_uint32(json_object *jobj)
+uint32_t crypt_jobj_get_uint32(json_object *jobj)
{
return json_object_get_int64(jobj);
}
@@ -241,15 +241,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
return 1;
}
-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
-uint64_t json_object_get_uint64(json_object *jobj)
+uint64_t crypt_jobj_get_uint64(json_object *jobj)
{
uint64_t r;
json_str_to_uint64(jobj, &r);
return r;
}
-json_object *json_object_new_uint64(uint64_t value)
+json_object *crypt_jobj_new_uint64(uint64_t value)
{
/* 18446744073709551615 */
char num[21];
@@ -263,7 +262,6 @@ json_object *json_object_new_uint64(uint64_t value)
jobj = json_object_new_string(num);
return jobj;
}
-#endif
/*
* Validate helpers
@@ -457,7 +455,7 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
json = json_object_to_json_string_ext(hdr_jobj,
JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
- json_area_size = json_object_get_uint64(jobj1);
+ json_area_size = crypt_jobj_get_uint64(jobj1);
json_size = (uint64_t)strlen(json);
if (hdr_json_size != json_area_size) {
@@ -545,7 +543,7 @@ static int hdr_validate_crypt_segment(struct crypt_device *cd,
return 1;
}
- sector_size = json_object_get_uint32(jobj_sector_size);
+ sector_size = crypt_jobj_get_uint32(jobj_sector_size);
if (!sector_size || MISALIGNED_512(sector_size)) {
log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
return 1;
@@ -1569,7 +1567,7 @@ static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
log_std(cd, " %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : "");
if (json_object_object_get_ex(val, "key_size", &jobj2))
- log_std(cd, "\tKey: %u bits\n", json_object_get_uint32(jobj2) * 8);
+ log_std(cd, "\tKey: %u bits\n", crypt_jobj_get_uint32(jobj2) * 8);
log_std(cd, "\tPriority: %s\n", get_priority_desc(val));
@@ -1652,7 +1650,7 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
- log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", json_object_get_uint32(jobj1));
+ log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) &&
json_object_object_get_ex(jobj1, "type", &jobj2))
@@ -1749,7 +1747,7 @@ int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
return 0;
}
- tmp += json_object_get_uint64(jobj_size);
+ tmp += crypt_jobj_get_uint64(jobj_size);
}
/* impossible, real device size must not be zero */
diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
index 7d06df80..d853fc8e 100644
--- a/lib/luks2/luks2_keyslot.c
+++ b/lib/luks2/luks2_keyslot.c
@@ -301,11 +301,11 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
return -EINVAL;
- *offset = json_object_get_uint64(jobj);
+ *offset = crypt_jobj_get_uint64(jobj);
if (!json_object_object_get_ex(jobj_area, "size", &jobj))
return -EINVAL;
- *length = json_object_get_uint64(jobj);
+ *length = crypt_jobj_get_uint64(jobj);
return 0;
}
@@ -840,8 +840,8 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
/* Area object */
jobj_area = json_object_new_object();
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area);
json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
index 7b438a8b..953ba168 100644
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -220,7 +220,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj2);
+ area_offset = crypt_jobj_get_uint64(jobj2);
if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
return -EINVAL;
@@ -313,7 +313,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj2);
+ area_offset = crypt_jobj_get_uint64(jobj2);
if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
return -EINVAL;
@@ -494,8 +494,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
/* Area object */
jobj_area = json_object_new_object();
json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area);
json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
@@ -607,7 +607,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tCipher: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_area, "key_size", &jobj1);
- log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
+ log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
json_object_object_get_ex(jobj_kdf, "type", &jobj1);
log_std(cd, "\tPBKDF: %s\n", json_object_get_string(jobj1));
@@ -617,7 +617,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tHash: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
- log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
} else {
json_object_object_get_ex(jobj_kdf, "time", &jobj1);
log_std(cd, "\tTime cost: %" PRIu64 "\n", json_object_get_int64(jobj1));
@@ -640,10 +640,10 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tAF hash: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_area, "offset", &jobj1);
- log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
json_object_object_get_ex(jobj_area, "size", &jobj1);
- log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
return 0;
}
diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c
index 64b8d274..c6b92db3 100644
--- a/lib/luks2/luks2_keyslot_reenc.c
+++ b/lib/luks2/luks2_keyslot_reenc.c
@@ -67,13 +67,13 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
if (params->data_shift) {
json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
- json_object_object_add(jobj_area, "shift_size", json_object_new_uint64(params->data_shift << SECTOR_SHIFT));
+ json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
} else
/* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
json_object_object_add(jobj_area, "type", json_object_new_string("none"));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
@@ -113,8 +113,8 @@ static int reenc_keyslot_store_data(struct crypt_device *cd,
!json_object_object_get_ex(jobj_area, "size", &jobj_length))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj_offset);
- area_length = json_object_get_uint64(jobj_length);
+ area_offset = crypt_jobj_get_uint64(jobj_offset);
+ area_length = crypt_jobj_get_uint64(jobj_length);
if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length))
return -EINVAL;
@@ -242,14 +242,14 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1));
} else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) {
json_object_object_get_ex(jobj_area, "shift_size", &jobj1);
- log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", json_object_get_uint64(jobj1));
+ log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1));
}
json_object_object_get_ex(jobj_area, "offset", &jobj1);
- log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
json_object_object_get_ex(jobj_area, "size", &jobj1);
- log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
return 0;
}
@@ -304,7 +304,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
return -EINVAL;
if (!validate_json_uint32(jobj_sector_size))
return -EINVAL;
- sector_size = json_object_get_uint32(jobj_sector_size);
+ sector_size = crypt_jobj_get_uint32(jobj_sector_size);
if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
return -EINVAL;
@@ -313,7 +313,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
return -EINVAL;
- shift_size = json_object_get_uint64(jobj_shift_size);
+ shift_size = crypt_jobj_get_uint64(jobj_shift_size);
if (!shift_size)
return -EINVAL;
diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
index 7f5f26b7..cbaa8603 100644
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -91,8 +91,8 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
}
area_size = offs_b - offs_a;
json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_size));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
json_object_object_add(keyslot_obj, "area", jobj_area);
*keyslot_object = keyslot_obj;
@@ -145,7 +145,7 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object
/* offset field */
number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
- field = json_object_new_uint64(number);
+ field = crypt_jobj_new_uint64(number);
if (!field) {
json_object_put(segment_obj);
return -ENOMEM;
@@ -401,8 +401,8 @@ static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks
json_object_object_add(luks1_obj, "config", field);
json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
- json_object_object_add(field, "json_size", json_object_new_uint64(json_size));
- json_object_object_add(field, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
+ json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
*luks1_object = luks1_obj;
return 0;
@@ -418,8 +418,8 @@ static void move_keyslot_offset(json_object *jobj, int offset_add)
UNUSED(key);
json_object_object_get_ex(val, "area", &jobj_area);
json_object_object_get_ex(jobj_area, "offset", &jobj2);
- offset = json_object_get_uint64(jobj2) + offset_add;
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
+ offset = crypt_jobj_get_uint64(jobj2) + offset_add;
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
}
}
@@ -749,7 +749,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
return -EINVAL;
if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
return -EINVAL;
- offset = json_object_get_uint64(jobj1);
+ offset = crypt_jobj_get_uint64(jobj1);
} else {
if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
return -EINVAL;
@@ -781,7 +781,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
continue;
- hdr1->keyblock[i].passwordIterations = json_object_get_uint32(jobj1);
+ hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
continue;
@@ -822,7 +822,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
return -EINVAL;
- hdr1->mkDigestIterations = json_object_get_uint32(jobj1);
+ hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
return -EINVAL;
@@ -847,7 +847,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
return -EINVAL;
- offset = json_object_get_uint64(jobj1) / SECTOR_SIZE;
+ offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
if (offset > UINT32_MAX)
return -EINVAL;
/* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
index 6bac4420..c99577cc 100644
--- a/lib/luks2/luks2_reencrypt.c
+++ b/lib/luks2/luks2_reencrypt.c
@@ -165,7 +165,7 @@ static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
return 0;
- return json_object_get_uint32(jobj_sector_size);
+ return crypt_jobj_get_uint32(jobj_sector_size);
}
static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
@@ -200,13 +200,13 @@ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
json_segment_remove_flag(jobj_seg_new, "in-reencryption");
tmp = rh->length;
} else {
- json_object_object_add(jobj_seg_new, "offset", json_object_new_uint64(rh->offset + data_offset));
- json_object_object_add(jobj_seg_new, "iv_tweak", json_object_new_uint64(rh->offset >> SECTOR_SHIFT));
+ json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
+ json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
}
/* alter size of new segment, reenc_seg == 0 we're finished */
- json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? json_object_new_uint64(tmp) : json_object_new_string("dynamic"));
+ json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
return jobj_segs_post;
@@ -256,7 +256,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_devic
jobj_seg_shrunk = NULL;
if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
goto err;
- json_object_object_add(jobj_seg_shrunk, "size", json_object_new_uint64(segment_size - rh->length));
+ json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
}
@@ -336,7 +336,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd
goto err;
jobj_old_seg = jobj_old_seg_copy;
fixed_length = rh->device_size - fixed_length;
- json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(fixed_length));
+ json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
} else
json_object_get(jobj_old_seg);
json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
@@ -491,7 +491,7 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd
if (rh->offset) {
if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
goto err;
- json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(rh->offset));
+ json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
}
@@ -575,7 +575,7 @@ static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
return 0;
- return json_object_get_uint64(jobj_data_shift);
+ return crypt_jobj_get_uint64(jobj_data_shift);
}
static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)
diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c
index 6ece2fdd..cd5108e8 100644
--- a/lib/luks2/luks2_segment.c
+++ b/lib/luks2/luks2_segment.c
@@ -55,7 +55,7 @@ uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
!json_object_object_get_ex(jobj_segment, "offset", &jobj))
return 0;
- return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+ return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
}
const char *json_segment_type(json_object *jobj_segment)
@@ -77,7 +77,7 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
!json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
return 0;
- return json_object_get_uint64(jobj);
+ return crypt_jobj_get_uint64(jobj);
}
uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
@@ -88,7 +88,7 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
!json_object_object_get_ex(jobj_segment, "size", &jobj))
return 0;
- return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+ return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
}
const char *json_segment_get_cipher(json_object *jobj_segment)
@@ -229,8 +229,8 @@ static json_object *_segment_create_generic(const char *type, uint64_t offset, c
return NULL;
json_object_object_add(jobj, "type", json_object_new_string(type));
- json_object_object_add(jobj, "offset", json_object_new_uint64(offset));
- json_object_object_add(jobj, "size", length ? json_object_new_uint64(*length) : json_object_new_string("dynamic"));
+ json_object_object_add(jobj, "offset", crypt_jobj_new_uint64(offset));
+ json_object_object_add(jobj, "size", length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
return jobj;
}
@@ -252,7 +252,7 @@ json_object *json_segment_create_crypt(uint64_t offset,
if (!jobj)
return NULL;
- json_object_object_add(jobj, "iv_tweak", json_object_new_uint64(iv_offset));
+ json_object_object_add(jobj, "iv_tweak", crypt_jobj_new_uint64(iv_offset));
json_object_object_add(jobj, "encryption", json_object_new_string(cipher));
json_object_object_add(jobj, "sector_size", json_object_new_int(sector_size));
if (reencryption)
--
2.20.1

8
buildroot/package/cups/0001-Remove-man-from-BUILDDIRS-in-configure.patch
View File

@ -6,15 +6,17 @@ Subject: [PATCH] Remove man from BUILDDIRS in configure
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Fabrice: updated for 2.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Michael: updated for 2.3.3]
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
---
config-scripts/cups-common.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config-scripts/cups-common.m4 b/config-scripts/cups-common.m4
index fbba715..77d0f5c 100644
index a460a73..d427acb 100644
--- a/config-scripts/cups-common.m4
+++ b/config-scripts/cups-common.m4
@@ -446,7 +446,7 @@ AC_ARG_WITH(components, [ --with-components set components to build:
@@ -434,7 +434,7 @@ LIBHEADERSPRIV="\$(COREHEADERSPRIV) \$(DRIVERHEADERSPRIV)"
case "$COMPONENTS" in
all)
@ -24,5 +26,5 @@ index fbba715..77d0f5c 100644
core)
--
2.8.1
2.17.1

14
buildroot/package/cups/0002-Do-not-use-genstrings.patch
View File

@ -16,23 +16,25 @@ genstrings call.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Fabrice: updated for 2.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Michael: updated for 2.3.3]
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
---
ppdc/Makefile | 2 --
1 file changed, 2 deletions(-)
diff --git a/ppdc/Makefile b/ppdc/Makefile
index 68bf6b2..d57a0c9 100644
index 32e2e0b..7b18879 100644
--- a/ppdc/Makefile
+++ b/ppdc/Makefile
@@ -242,8 +242,6 @@ genstrings: genstrings.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) \
$(LD_CXX) $(ARCHFLAGS) $(ALL_LDFLAGS) -o genstrings genstrings.o \
libcupsppdc.a $(LINKCUPSSTATIC)
$(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@
@@ -186,8 +186,6 @@ genstrings: genstrings.o libcupsppdc.a ../cups/$(LIBCUPSSTATIC) \
$(LD_CXX) $(ARCHFLAGS) $(ALL_LDFLAGS) -o genstrings genstrings.o \
libcupsppdc.a $(LINKCUPSSTATIC)
$(CODE_SIGN) -s "$(CODE_SIGN_IDENTITY)" $@
- echo Generating localization strings...
- ./genstrings >sample.c
#
--
2.6.4
2.17.1

8
buildroot/package/cups/0004-Remove-PIE-flags-from-the-build.patch
View File

@ -13,15 +13,17 @@ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
[Fabrice: updated for 2.3.0]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Michael: updated for 2.3.3]
Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
---
Makedefs.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makedefs.in b/Makedefs.in
index 3afef0a..299b297 100644
index 5f1d32f..d669ea8 100644
--- a/Makedefs.in
+++ b/Makedefs.in
@@ -148,7 +148,7 @@ IPPFIND_BIN = @IPPFIND_BIN@
@@ -155,7 +155,7 @@ ALL_CXXFLAGS = -I.. -D_CUPS_SOURCE $(CXXFLAGS) \
$(ONDEMANDFLAGS) $(OPTIONS)
ALL_DSOFLAGS = -L../cups @ARCHFLAGS@ @RELROFLAGS@ $(DSOFLAGS) $(OPTIM)
ALL_LDFLAGS = -L../cups @LDARCHFLAGS@ @RELROFLAGS@ $(LDFLAGS) \
@ -31,5 +33,5 @@ index 3afef0a..299b297 100644
ARFLAGS = @ARFLAGS@
BACKLIBS = @BACKLIBS@
--
2.7.4
2.17.1

3
buildroot/package/cups/70-usb-printers.rules Normal file
View File

@ -0,0 +1,3 @@
# Allow USB printers in the lp group
# Match rules converted from usblp.c driver's usblp_ids
ACTION=="add", SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="07", ATTR{bInterfaceSubClass}=="01", GROUP="lp"

48
buildroot/package/cups/S81cupsd Normal file
View File

@ -0,0 +1,48 @@
#!/bin/sh
DAEMON="cupsd"
PIDFILE="/var/run/$DAEMON.pid"
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
-- -C /etc/cups/cupsd.conf -s /etc/cups/cups-files
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

2
buildroot/package/cups/cups.hash
View File

@ -1,4 +1,4 @@
# Locally calculated:
sha256 1bca9d89507e3f68cbc84482fe46ae8d5333af5bc2b9061347b2007182ac77ce cups-2.3.1-source.tar.gz
sha256 261fd948bce8647b6d5cb2a1784f0c24cc52b5c4e827b71d726020bcc502f3ee cups-2.3.3-source.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE
sha256 a5d616e6322a9cb1a971e18765025edfca4f3cd9c0eafc32d6d2eb4b8c8787b5 NOTICE

29
buildroot/package/cups/cups.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CUPS_VERSION = 2.3.1
CUPS_VERSION = 2.3.3
CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
CUPS_SITE = https://github.com/apple/cups/releases/download/v$(CUPS_VERSION)
CUPS_LICENSE = Apache-2.0 with GPL-2.0/LGPL-2.0 exception
@ -21,7 +21,11 @@ CUPS_CONF_OPTS = \
--with-docdir=/usr/share/cups/doc-root \
--disable-gssapi \
--disable-pam \
--libdir=/usr/lib
--libdir=/usr/lib \
--with-cups-user=lp \
--with-cups-group=lp \
--with-system-groups="lpadmin sys root" \
--without-rcdir
CUPS_CONFIG_SCRIPTS = cups-config
CUPS_DEPENDENCIES = \
host-autoconf \
@ -71,4 +75,25 @@ else
CUPS_CONF_OPTS += --disable-avahi
endif
ifeq ($(BR2_PACKAGE_HAS_UDEV),y)
define CUPS_INSTALL_UDEV_RULES
$(INSTALL) -D -m 0644 package/cups/70-usb-printers.rules \
$(TARGET_DIR)/lib/udev/rules.d/70-usb-printers.rules
endef
CUPS_POST_INSTALL_TARGET_HOOKS += CUPS_INSTALL_UDEV_RULES
endif
define CUPS_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/cups/S81cupsd \
$(TARGET_DIR)/etc/init.d/S81cupsd
endef
# lp user is needed to run cups spooler
# lpadmin group membership grants administrative privileges
define CUPS_USERS
lp -1 lp -1 * /var/spool/lpd /bin/false - lp
- - lpadmin -1 * - - - Printers admin group.
endef
$(eval $(autotools-package))

4
buildroot/package/cvs/cvs.mk
View File

@ -12,7 +12,9 @@ CVS_LICENSE = GPL-1.0+, LGPL-2.0+, LGPL-2.1+ (glob)
CVS_LICENSE_FILES = COPYING COPYING.LIB lib/glob-libc.h
CVS_DEPENDENCIES = ncurses
CVS_CONF_ENV = cvs_cv_func_printf_ptr=yes
CVS_CONF_ENV = \
ac_cv_func_working_mktime=yes \
cvs_cv_func_printf_ptr=yes
CVS_CONFIGURE_ARGS = --disable-old-info-format-support
ifeq ($(BR2_PACKAGE_CVS_SERVER),y)

1
buildroot/package/dbus/dbus.mk
View File

@ -107,6 +107,7 @@ HOST_DBUS_CONF_OPTS = \
--disable-selinux \
--disable-xml-docs \
--disable-doxygen-docs \
--disable-systemd \
--without-x \
--with-xml=expat

2
buildroot/package/dhcpcd/dhcpcd.service
View File

@ -5,7 +5,7 @@ After=network.target
[Service]
Type=forking
EnvironmentFile=-/etc/default/dhcpcd
PIDFile=/var/run/dhcpcd.pid
PIDFile=/run/dhcpcd.pid
ExecStart=/sbin/dhcpcd $DAEMON_ARGS
Restart=always

2
buildroot/package/dhcpdump/dhcpdump.mk
View File

@ -20,7 +20,7 @@ DHCPDUMP_CFLAGS = $(TARGET_CFLAGS) -DHAVE_STRSEP
define DHCPDUMP_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) CC="$(TARGET_CC) $(DHCPDUMP_CFLAGS) \
-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)"
-D_GNU_SOURCE" LIBS="$(DHCPDUMP_LIBS)" dhcpdump
endef
define DHCPDUMP_INSTALL_TARGET_CMDS

2
buildroot/package/docker-cli/docker-cli.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 a5b1d6c5766f77896273e864a448a7f0ea4055bb52f50f884f14ad6ef0d5fdb4 docker-cli-19.03.11.tar.gz
sha256 00801d6b7e9777cf2cf54255ca5afb7b58b3d35c14bb0f60bb9f07d031883223 docker-cli-19.03.12.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE

6
buildroot/package/docker-cli/docker-cli.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_CLI_VERSION = 19.03.11
DOCKER_CLI_VERSION = 19.03.12
DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
DOCKER_CLI_WORKSPACE = gopath
@ -17,8 +17,8 @@ DOCKER_CLI_TAGS = autogen
DOCKER_CLI_BUILD_TARGETS = cmd/docker
DOCKER_CLI_LDFLAGS = \
-X github.com/docker/cli/cli.GitCommit=$(DOCKER_CLI_VERSION) \
-X github.com/docker/cli/cli.Version=$(DOCKER_CLI_VERSION)
-X github.com/docker/cli/cli/version.GitCommit=$(DOCKER_CLI_VERSION) \
-X github.com/docker/cli/cli/version.Version=$(DOCKER_CLI_VERSION)
ifeq ($(BR2_PACKAGE_DOCKER_CLI_STATIC),y)
DOCKER_CLI_LDFLAGS += -extldflags '-static'

1
buildroot/package/docker-engine/Config.in
View File

@ -5,6 +5,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
depends on BR2_USE_MMU # docker-containerd
select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime dependency
select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
select BR2_PACKAGE_IPTABLES # runtime dependency

2
buildroot/package/docker-engine/docker-engine.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 5ff62d7b3638a275b2c459e53a4d1a7a8fb03dde8305defcd55e05e059e5618d docker-engine-19.03.11.tar.gz
sha256 858e4e74ee0097bcbdb71d737e268dfcfd1970efa4a1600354253b02fd403e39 docker-engine-19.03.12.tar.gz
sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE

2
buildroot/package/docker-engine/docker-engine.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_ENGINE_VERSION = 19.03.11
DOCKER_ENGINE_VERSION = 19.03.12
DOCKER_ENGINE_SITE = $(call github,docker,engine,v$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0

8
buildroot/package/domoticz/Config.in
View File

@ -1,11 +1,10 @@
config BR2_PACKAGE_DOMOTICZ
bool "domoticz"
depends on BR2_USE_MMU # mosquitto
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # mosquitto
depends on !BR2_STATIC_LIBS # mosquitto
depends on BR2_USE_MMU # fork()
depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # sleep_for
# pthread_condattr_setclock
depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL
depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # mosquitto
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_USE_WCHAR
depends on BR2_PACKAGE_LUA_5_3
@ -30,7 +29,6 @@ config BR2_PACKAGE_DOMOTICZ
comment "domoticz needs lua 5.3 and a toolchain w/ C++, gcc >= 4.8, NPTL, wchar, dynamic library"
depends on BR2_USE_MMU
depends on BR2_TOOLCHAIN_HAS_SYNC_4
depends on !BR2_INSTALL_LIBSTDCPP || \
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 || \
!BR2_TOOLCHAIN_HAS_THREADS_NPTL || \

4
buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.hash
View File

@ -1,3 +1,3 @@
# Locally computed after checking signature
sha256 36da68aae5157b83e21383f711b8977e5b6f5477f369f71e7e22e76a738bbd05 dovecot-2.3-pigeonhole-0.5.9.tar.gz
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
sha256 0b972a441f680545ddfacd2f41fb2a705fb03249d46ed5ce7e01fe68b6cfb5f0 dovecot-2.3-pigeonhole-0.5.11.tar.gz
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING

2
buildroot/package/dovecot-pigeonhole/dovecot-pigeonhole.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOVECOT_PIGEONHOLE_VERSION = 0.5.9
DOVECOT_PIGEONHOLE_VERSION = 0.5.11
DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1

2
buildroot/package/dovecot/dovecot.hash
View File

@ -1,5 +1,5 @@
# Locally computed after checking signature
sha256 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c dovecot-2.3.10.1.tar.gz
sha256 d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc dovecot-2.3.11.3.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT

2
buildroot/package/dovecot/dovecot.mk
View File

@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.3
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).10.1
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).11.3
DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015

24
buildroot/package/dropbear/0001-scp-Port-OpenSSH-CVE-2018-20685-fix.patch Normal file
View File

@ -0,0 +1,24 @@
# HG changeset patch
# User Haelwenn Monnier <contact+github.com@hacktivis.me>
# Date 1590411269 -7200
# Mon May 25 14:54:29 2020 +0200
# Node ID 087c2804147074c95b6a3f35137b4f4b726b1452
# Parent 009d52ae26d35f3381c801e02318fa9be34be93c
scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
[backport from 2020.79 to 2019.78 for Buildroot 2020.02.x]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
diff --git a/scp.c b/scp.c
--- a/scp.c
+++ b/scp.c
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
size = size * 10 + (*cp++ - '0');
if (*cp++ != ' ')
SCREWUP("size not delimited");
- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
run_err("error: unexpected filename: %s", cp);
exit(1);
}

1
buildroot/package/ecryptfs-utils/ecryptfs-utils.mk
View File

@ -15,6 +15,7 @@ ECRYPTFS_UTILS_CONF_OPTS = --disable-pywrap
#Needed for build system to find pk11func.h and libnss3.so
ECRYPTFS_UTILS_CONF_ENV = \
ac_cv_path_POD2MAN=true \
NSS_CFLAGS="-I$(STAGING_DIR)/usr/include/nss -I$(STAGING_DIR)/usr/include/nspr" \
NSS_LIBS="-lnss3"

17
buildroot/package/efl/Config.in
View File

@ -1,19 +1,18 @@
config BR2_PACKAGE_EFL
bool "efl"
# g++ issue with 4.4.5, tested with g++ 4.7.2
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # C++11
depends on BR2_HOST_GCC_AT_LEAST_4_9 # host-efl
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS # luajit
depends on BR2_TOOLCHAIN_HAS_THREADS # untested without threads
depends on BR2_USE_MMU
depends on BR2_USE_WCHAR # use wchar_t
depends on !BR2_STATIC_LIBS # dlfcn.h
# https://phab.enlightenment.org/T2728
depends on BR2_PACKAGE_LUAJIT
select BR2_PACKAGE_DBUS
select BR2_PACKAGE_FREETYPE
select BR2_PACKAGE_JPEG # Emile needs libjpeg
select BR2_PACKAGE_LIBCURL # Ecore_con_url, runtime dependency
# https://phab.enlightenment.org/T2728
select BR2_PACKAGE_LUAJIT # Lua support broken
select BR2_PACKAGE_LZ4
select BR2_PACKAGE_ZLIB
help
@ -302,9 +301,9 @@ comment "SVG loader needs a toolchain w/ gcc >= 4.8"
endif # BR2_PACKAGE_EFL
comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.7, threads, wchar"
comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.9, host gcc >= 4.9, threads, wchar"
depends on !BR2_INSTALL_LIBSTDCPP \
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
depends on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 \
|| !BR2_HOST_GCC_AT_LEAST_4_9 || BR2_STATIC_LIBS \
|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
depends on BR2_USE_MMU

Some files were not shown because too many files have changed in this diff Show More