Compare commits

...

131 Commits

Author SHA1 Message Date
Peter Korsgaard 962bef5d07 Update for 2018.11.4
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 23:04:10 +01:00
Fabrice Fontaine 5c5fd451d8 package/rdesktop: security bump to version 1.8.4
- Switch site to github
- Remove second patch (already in version)
- Add hash for license file
- Fix memory corruption in process_bitmap_data - CVE-2018-8794
- Fix remote code execution in process_bitmap_data - CVE-2018-8795
- Fix remote code execution in process_plane - CVE-2018-8797
- Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
- Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
- Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
- Fix Denial of Service in sec_recv - CVE-2018-20176
- Fix minor information leak in rdpdr_process - CVE-2018-8791
- Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
- Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
- Fix Denial of Service in process_bitmap_data - CVE-2018-8796
- Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
- Fix Denial of Service in process_secondary_order - CVE-2018-8799
- Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
- Fix major information leak in ui_clip_handle_data - CVE-2018-20174
- Fix memory corruption in rdp_in_unistr - CVE-2018-20177
- Fix Denial of Service in process_demand_active - CVE-2018-20178
- Fix remote code execution in lspci_process - CVE-2018-20179
- Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
- Fix remote code execution in seamless_process - CVE-2018-20181
- Fix remote code execution in seamless_process_line - CVE-2018-20182

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 992e84c49e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 11:17:39 +01:00
Bernd Kuhls 9f768645d9 package/clamav: security bump to version 0.101.2
Release notes:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

- Fixes for the following vulnerabilities affecting 0.101.1 and prior:
  - CVE-2019-1787:
    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.
  - CVE-2019-1789:
    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.
  - CVE-2019-1788:
    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

- Fixes for the following vulnerabilities affecting 0.101.1 and 0.101.0 only:
  - CVE-2019-1786:
    An out-of-bounds heap read condition may occur when scanning malformed PDF
    documents as a result of improper bounds-checking.
  - CVE-2019-1785:
    A path-traversal write condition may occur as a result of improper input
    validation when scanning RAR archives. Issue reported by aCaB.
  - CVE-2019-1798:
    A use-after-free condition may occur as a result of improper error
    handling when scanning nested RAR archives. Issue reported by David L.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4037c0a397)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:55:50 +01:00
Bernd Kuhls 481f3ad2e8 package/clamav: link with libatomic when needed
Configure check for OpenSSL fails:

/accts/mlweber1/rclinux/rc-buildroot-test/scripts/instance-3/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(threads_pthread.o): In function `CRYPTO_atomic_add':
threads_pthread.c:(.text+0x1dc): undefined reference to `__atomic_is_lock_free'
threads_pthread.c:(.text+0x1f4): undefined reference to `__atomic_fetch_add_4'

Fixes
http://autobuild.buildroot.net/results/cae8da81adff3ba493154e0ba8b21d90367f82eb/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 50610dccfa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:55:35 +01:00
Bernd Kuhls 146167f496 package/clamav: needs wchar
Fixes
http://autobuild.buildroot.net/results/77c/77cd536a0fab78eabe27e055d28db2da354008d7/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 25ff9dc1fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:55:22 +01:00
Fabrice Fontaine b2e8760dc1 clamav: needs C++
clamav needs C++ since bump to version 0.101.1 and
https://github.com/Cisco-Talos/clamav-devel/commit/d39cb6581f3c854476044f069d2393fc44702c36

Fixes:
 - http://autobuild.buildroot.org/results/be14aa571309cda32a5963feed9fd7f220e87fe6

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4d85d5038e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:55:12 +01:00
Bernd Kuhls 32b3b694d9 package/clamav: bump version to 0.101.1
Removed patch applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0e424610bc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:54:58 +01:00
Fabrice Fontaine 4bf53582cf package/swupdate: fix static build without lua
The lua_swupdate.so library was still built (without any object files)
and linked against swupdate even when HAVE_LUA was not set. This fails
in some static-only configurations.

Fixes:
 - http://autobuild.buildroot.org/results/c11c4d26983e0347d96f3dda62e6d72b031967bb

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit b251f50c8d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:52:29 +01:00
Fabrice Fontaine a4b34dc652 package/git: use pkg-config to get ssl dependencies
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

/home/test/autobuild/run/instance-2/output/host/sparc-buildroot-linux-uclibc/sysroot/usr/lib/libssl.a(ssl_cert.o): In function `CRYPTO_DOWN_REF':
/home/test/autobuild/run/instance-2/output/build/libopenssl-1.1.1a/include/internal/refcount.h:50: undefined reference to `__atomic_fetch_sub_4'

This is often for example the case on sparcv8 32 bit.

To fix this issue, use pkg-config to retrieve openssl dependencies
including atomic library, these dependencies must be passed to
LIB_4_CRYPTO IN GIT_MAKE_OPTS

Fixes:
 - http://autobuild.buildroot.org/results/3093897d14a854a7252b25b2fa1f8fdcbb26c9b7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1ae9640a9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:48:46 +01:00
Fabrice Fontaine 3e47a24ebc package/fetchmail: fix shared build
Update second patch to fix shared build

Fixes:
 - http://autobuild.buildroot.org/results/c27b9c82e68ade29b45dc84ecce5fe6653fbb7da

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3dc3b4c279)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:38:12 +01:00
Fabrice Fontaine 4f7f7105b9 package/fetchmail: use pkg-config to find openssl
openssl can have multiples dependencies such as libatomic on sparcv8
32 bits so drop first patch and add a new patch to use pkg-config

Fixes:
 - http://autobuild.buildroot.org/results/58e5aa7c6ba8fe7474071d7a3cba6ed3a1b4cff4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3aa3a72b45)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:38:06 +01:00
Baruch Siach 5de4984c6e package/putty: fix build with uClibc
Add patches fixing a number of build issues with uClibc. The issue fixed
in patch #2 has been reported upstream. Patch #3 has been suggested by
upstream but not applied yet.

Drop the _SUBDIR assignment. The configure script moved to top level
directory since upstream commit a947c49bec3 from 2014. This allows
AUTORECONF to find configure.ac.

Fixes:
http://autobuild.buildroot.net/results/801/801e2b2909363b5dcd9735362bb921e017569edc/
http://autobuild.buildroot.net/results/398/3984c6cdd3398645c8ad98bbe23af9090cf4bfcf/
http://autobuild.buildroot.net/results/632/632f93046f9cceffd9b604911542426c10967e0f/

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 35b72be8fe)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:26:06 +01:00
Baruch Siach bd0bacefa4 package/putty: enable static build
Add upstream patch fixing build when NO_GSSAPI is defined which is the
case on static builds.

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a6f73f3d26)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:25:59 +01:00
Baruch Siach ead3a25624 putty: security bump to version 0.71
CVE-2019-9894: A remotely triggerable memory overwrite in RSA key
exchange can occur before host key verification.

CVE-2019-9895: A remotely triggerable buffer overflow exists in any kind
of server-to-client forwarding.

CVE-2019-9897: Multiple denial-of-service attacks that can be triggered
by writing to the terminal.

CVE-2019-9898: Potential recycling of random numbers used in
cryptography.

Disable static build for now. When building statically configure defines
NO_GSSAPI. Build with NO_GSSAPI is currently broken. The issue has been
reported upstream.

Cc: Alexander Dahl <post@lespocky.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b6f47c0a43)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-28 10:25:47 +01:00
Bernd Kuhls 3c1a68a4b3 package/x11r7/xlib_libXdmcp: security bump version to 1.1.3
Fixes CVE-2017-2625:
https://lists.x.org/archives/xorg-announce/2019-March/002974.html

Added all hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 8a60253925)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 23:04:20 +01:00
Peter Korsgaard 61047b38d4 package/libseccomp: security bump to version 2.4.0
>From the advisory:

Jann Horn  identified a problem in current versions of
libseccomp where the library did not correctly generate 64-bit syscall
argument comparisons using the arithmetic operators (LT, GT, LE, GE).
Jann has done a search using codesearch.debian.net and it would appear
that only systemd and Tor are using libseccomp in such a way as to
trigger the bad code.  In the case of systemd this appears to affect
the socket address family and scheduling class filters.  In the case
of Tor it appears that the bad filters could impact the memory
addresses passed to mprotect(2).

The libseccomp v2.4.0 release fixes this problem, and should be a
direct drop-in replacement for previous v2.x releases.

https://www.openwall.com/lists/oss-security/2019/03/15/1

v2.4.0 adds a new scmp_api_level utility, so update 0001-remove-static.patch
to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02300786c2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 22:50:07 +01:00
Peter Korsgaard e81bf17e1e package/libssh2: security bump to latest git
Bump the version to latest git to fix the following security issues:

CVE-2019-3855
 Possible integer overflow in transport read allows out-of-bounds write
 URL: https://www.libssh2.org/CVE-2019-3855.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch

CVE-2019-3856
 Possible integer overflow in keyboard interactive handling allows
 out-of-bounds write
 URL: https://www.libssh2.org/CVE-2019-3856.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch

CVE-2019-3857
 Possible integer overflow leading to zero-byte allocation and out-of-bounds
 write
 URL: https://www.libssh2.org/CVE-2019-3857.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch

CVE-2019-3858
 Possible zero-byte allocation leading to an out-of-bounds read
 URL: https://www.libssh2.org/CVE-2019-3858.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch

CVE-2019-3859
 Out-of-bounds reads with specially crafted payloads due to unchecked use of
 `_libssh2_packet_require` and `_libssh2_packet_requirev`
 URL: https://www.libssh2.org/CVE-2019-3859.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch

CVE-2019-3860
 Out-of-bounds reads with specially crafted SFTP packets
 URL: https://www.libssh2.org/CVE-2019-3860.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch

CVE-2019-3861
 Out-of-bounds reads with specially crafted SSH packets
 URL: https://www.libssh2.org/CVE-2019-3861.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch

CVE-2019-3862
 Out-of-bounds memory comparison
 URL: https://www.libssh2.org/CVE-2019-3862.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch

CVE-2019-3863
 Integer overflow in user authenicate keyboard interactive allows
 out-of-bounds writes
 URL: https://www.libssh2.org/CVE-2019-3863.html
 Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt

Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
is now upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f4f7dd9557)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 22:32:09 +01:00
Fabrice Fontaine 3c679de05d package/jq: security bump to version 1.6
- Fix CVE-2015-8863 and  CVE-2016-4074:
  https://github.com/stedolan/jq/issues/1406
- Add hash for license file
- Disable oniguruma (enabled by default)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3a026d650c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 22:25:19 +01:00
Ryan Coe d6ad3888af package/mariadb: security bump to version 10.3.13
Release notes:
https://mariadb.com/kb/en/library/mariadb-10313-release-notes/

Changelog:
https://mariadb.com/kb/en/mariadb-10313-changelog/

Fixes the following security vulnerabilities:

CVE-2019-2510 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily exploitable vulnerability allows high
privileged attacker with network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of MySQL Server.

CVE-2019-2537 - Vulnerability in the MySQL Server component of Oracle MySQL
(subcomponent: Server: DDL). Supported versions that are affected are 5.6.42
and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via
multiple protocols to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL Server.

Note that the hash for README.md changed due to Travis CI and Appveyor CI
updates.

Signed-off-by: Ryan Coe <bluemrp9@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f389df2334)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 16:00:35 +01:00
Norbert Lange ccb612e3cc package/binutils: upstream fixes for 2.31.1
Combining musl and binutils 2.31.1 will produce static applications
that crash immediately. This commit picks up 3 upstream commits to
remedy this.

See https://sourceware.org/bugzilla/show_bug.cgi?id=23428

Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 0c34e138b5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 15:56:18 +01:00
Fabrice Fontaine 0e487f72a9 package/kf5-modemmanager-qt: link with libatomic when needed
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
 - http://autobuild.buildroot.org/results/b941a3deaa57cac79f1686d47ca6ababf2f0d5e4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3cb7546d95)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 15:55:34 +01:00
Fabrice Fontaine f15e362922 package/fltk: add optional xlib_libXrender dependency
xlib_libXrender is enabled by default and has been added since version
1.3.4-1 and
https://github.com/fltk/fltk/commit/a6c4b29a184ce7708819f4706877eedcd99a30f5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 65895f36ee)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 15:29:10 +01:00
Fabrice Fontaine a24e84b2c1 package/cups: security bump to version 2.2.10
- Fixes CVE-2018-4700: Linux session cookies used a predictable random
  number seed: https://github.com/apple/cups/releases/tag/v2.2.10.
- Remove fifth patch (already in version)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 260d9e5342)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-27 10:44:56 +01:00
Peter Korsgaard 8f9c21347c package/nodejs: security bump to version 8.15.1
Fixes the following security issues:

Node.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)
OpenSSL: 0-byte record padding oracle (CVE-2019-1559)

For more details, see the CHANGELOG:
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V8.md#8.15.1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 18ae511d81)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-26 15:02:37 +01:00
Bernd Kuhls d482e1521c package/samba4: security bump to version 4.9.5
Release notes: https://www.samba.org/samba/history/samba-4.9.5.html

Fixes CVE-2019-3824:
ldb: Out of bound read in ldb_wildcard_compare

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e7d67faac5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:24:19 +01:00
Fabrice Fontaine dfd0c6a9e4 package/beecrypt: fix build without C++
Do not check for C++ compiler as C++ support has been disabled since
commit dd4d3c18d6 otherwise
build will fail on toolchains without a working C++ compiler:

checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/data/buildroot/buildroot-test/instance-1/output/build/beecrypt-4.2.1':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Fixes:
 - http://autobuild.buildroot.org/results/3c79cc68f1b088ad24daf7f9bd70718d702be577

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 6255c81623)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 22:17:03 +01:00
Bernd Kuhls e5da7852f0 package/x11r7/xapp_xdm: security bump to version 1.1.12
Fixes CVE-2013-2179.

Release notes:
https://lists.x.org/archives/xorg-announce/2019-March/002959.html

Added all license hashes provided by upstream and license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2776484107)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:23:41 +01:00
Artem Panfilov 46f6b048ec package/avahi: add upstream security fix
Fixes CVE-2017-6519: avahi-daemon in Avahi through 0.6.32 and 0.7
inadvertently responds to IPv6 unicast queries with source addresses
that are not on-link, which allows remote attackers to cause a denial
of service (traffic amplification) and may cause information leakage
by obtaining potentially sensitive information from the responding
device via port-5353 UDP packets.

Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e17adf1c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 21:21:22 +01:00
Christian Stewart 1a0cee96f2 package/go: set GOCACHE to a host path
Set the GOCACHE environment variable properly.

It was previously unset, and defaults to $HOME/.cache/go-build.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3909423f1c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 19:02:11 +01:00
Peter Korsgaard 6eb5e585c5 package/openjpeg: security bump to latest git version
Current git contains fixes for a number of post-2.3.0 security issues:

git shortlog --no-merges -i --grep cve --grep overflow --grep zero v2.3.0..
Even Rouault (2):
      Avoid out-of-bounds write overflow due to uint32 overflow computation on images with huge dimensions.
      color_apply_icc_profile: avoid potential heap buffer overflow

Hugo Lefeuvre (4):
      convertbmp: fix issues with zero bitmasks
      jp3d/jpwl convert: fix write stack buffer overflow
      jp2: convert: fix null pointer dereference
      convertbmp: detect invalid file dimensions early

Karol Babioch (2):
      jp3d: Replace sprintf() by snprintf() in volumetobin()
      opj_mj2_extract: Check provided output prefix for length

Stefan Weil (1):
      Fix some potential overflow issues (#1161)

Young_X (5):
      [MJ2] To avoid divisions by zero / undefined behaviour on shift
      [JPWL] fix CVE-2018-16375
      [JPWL] imagetotga(): fix read heap buffer overflow if numcomps < 3 (#987)
      [JPWL] opj_compress: reorder checks related to code block dimensions to avoid potential int overflow
      [JP3D] To avoid divisions by zero / undefined behaviour on shift (CVE-2018-14423

ichlubna (1):
      openjp3d: Int overflow fixed (#1159)

setharnold (1):
      fix unchecked integer multiplication overflow

Drop now upstreamed 0004-install-static-lib.patch.

Add a hash for the LICENSE file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a5e8c81875)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 18:56:09 +01:00
Peter Korsgaard bae28f321e package/mosquitto: bump version to 1.5.8
Bugfix release, fixing a number of issues discovered post-1.5.7

https://mosquitto.org/blog/2019/02/version-1-5-8-released/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 24cc2eaa33)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 18:52:14 +01:00
Peter Korsgaard 07802ff814 package/php: security bump to version 7.2.16
php-7.2.16 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://www.php.net/ChangeLog-7.php#7.2.16

Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9a455a6c9b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 18:14:32 +01:00
Baruch Siach 94c3e6db04 ntp: security bump to version 4.2.8p13
Fixes CVE-2019-8936: Crafted null dereference attack in authenticated
mode 6 packet.

Drop upstream patches.

Update COPYRIGHT file hash; text formatting (line width) changes.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7ffdc08f04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:36:44 +01:00
Baruch Siach c5b0621a0b package/file: security bump to version 5.36
CVE-2019-8906: do_core_note in readelf.c in libmagic.a in file 5.35 has
an out-of-bounds read because memcpy is misused.

CVE-2019-8904: do_bid_note in readelf.c in libmagic.a in file 5.35 has a
stack-based buffer over-read, related to file_printf and file_vprintf.

Update license files hashes; removal of trailing white spaces.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 14d6e6df7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:34:26 +01:00
Fabrice Fontaine c01e8508b0 package/wireshark: add optional spandsp dependency
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ee772dad7b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:32:56 +01:00
Fabrice Fontaine 6f7f08e1cc package/xen: fix build with gcc 8.1
Fixes:
 - http://autobuild.buildroot.org/results/df5abe6ca8b4c8935f3d5c257aef816190771200

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 9b2bf1b745)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 17:27:55 +01:00
Gaël PORTAY 00c1a5a6bf qt5webkit: select leveldb package and memenv
This patch fixes the build issue reported by autobuilder [0].

        /home/naourr/work/instance-2/output/build/qt5webkit-5.9.1/Source/WebCore//.obj/platform/leveldb/LevelDBDatabase.o: In function
	`WebCore::LevelDBDatabase::openInMemory(WebCore::LevelDBComparator const*)':
	LevelDBDatabase.cpp.text._ZN7WebCore15LevelDBDatabase12openInMemoryEPKNS_17LevelDBComparatorE+0x34): undefined reference to `leveldb::NewMemEnv(leveldb::Env*)'
        collect2: error: ld returned 1 exit status
        make[3]: *** [Makefile.api:97: ../lib/libQt5WebKit.so.5.9.1]
	Error 1

The issue happens when both packages leveldb and qt5webkit are enabled.

QtWebKit builds its own copy of leveldb [1] (as a third-party) if the
system does not provided it (i.e. buildroot). It builds it differently
and this is the origin of that issue. Instead of using the Makefile
provided by leveldb [2], QtWebKit uses qmake to build that library [3].

The missing symbol issue happens because the symbol leveldb::NewMemEnv
is bundled in the static library libmemenv.a (aside libleveldb.so).
This static library consists of this single symbol which is like an
extra that is built but *NOT* shipped by default at installation in the
staging directory. Unfortunatly, that symbol is required later by
WebCore [4].

The copy built by QtWebKit is an all-in-one library including both
libleveldb and libmemenv; thus QtWebKit links against libleveldb only.
Also, the linker finds the buildroot's copy first (not the third-party):
that explains why it is complaining about a missing symbol. That copy
does not have the symbol leveldb::NewMemEnv.

Fortunatly, QtWebKit provides a facility to link against the system
leveldb package. The qmake flag WEBKIT_CONFIG+=use_system_leveldb tells
Qt5WebKit to link against libleveldb *AND* libmemenv [5].

To fix that issue, this commit selects the package leveldb that now
installs the libmemenv static library and its header. It ensures that
QtWebKit has everything it needs to be built. It also sets the
appropriate qmake configure flags to tell QtWebKit to use the leveldb
copy built by buildroot instead of the bundled one.

[0]: http://autobuild.buildroot.net/results/46033e82adf592c3b92c6d50cfaf45bd58beeaa4
[1]: https://github.com/qt/qtwebkit/tree/5.9/Source/ThirdParty/leveldb
[2]: https://github.com/qt/qtwebkit/blob/5.9/Source/ThirdParty/leveldb/Makefile#L167-L169
[3]: https://github.com/qt/qtwebkit/blob/5.9/Source/ThirdParty/leveldb/Target.pri#L80
[4]: https://github.com/qt/qtwebkit/blob/5.9/Source/WebCore/platform/leveldb/LevelDBDatabase.cpp#L185
[5]: https://github.com/qt/qtwebkit/blob/5.9/Source/WebCore/WebCore.pri#L254
[6]: https://github.com/google/leveldb/commit/739c25100e46576cdcdfff2d6f43f9f7008103c7

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 2d7c746ed8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:42:48 +01:00
Gaël PORTAY af07f24ffe leveldb: generate pic for static libraries
The project's static libraries are not compiled with the -fPIC compiler
flag. This prevents dynamic libraries to link against those libraries.

This commit adds a patch that sets the -fPIC compiler flag to the list of
CFLAGS/CXXFLAGS.

The project now generates position independant code for all of its
outputs (i.e. not limited anymore to its shared libraries).

Fixes:

	/home/gportay/src/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-amd-linux-gnu/6.2.0/../../../../x86_64-amd-linux-gnu/bin/ld: /home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a(memenv.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
	/home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a: error adding symbols: Bad value
	collect2: error: ld returned 1 exit status

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
[Arnout: renumber patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 088f261dbb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:42:39 +01:00
Gaël PORTAY 29cedb230b leveldb: install memenv static library and header
The project builds a tiny static library that consists of a single
symbol which creates an in-memory LevelDB database.

That library is not installed by default and may be used by other
projects.

This commit installs in the staging directory the libmemenv.a static
library and the memenv.h header file.

Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 16f847340d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-25 11:42:32 +01:00
Peter Korsgaard 71fec4456f package/libopenssl: security bump to version 1.0.2r
Fixes the following security issue:

0-byte record padding oracle (CVE-2019-1559)

If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC.  If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data.

For more details, see the advisory:

https://mta.openssl.org/pipermail/openssl-announce/2019-February/000148.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-24 09:29:12 +01:00
Abdelmalek Benelouezzane 3e37abb311 package/vsftpd: add patch to fix hang
This fixes a hang due to SIGCHLD not being handled correctly by
vsftpd. The patch comes from fedora and didn't make its way to
upstream yet.

More information about the bug can be found in:
 - https://bugzilla.redhat.com/show_bug.cgi?id=1198259

Signed-off-by: Abdelmalek Benelouezzane <abdelmalek.benelouezzane@savoirfairelinux.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 498dff7ea1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:30:58 +01:00
Fabrice Fontaine 7e50e03257 package/wireshark: fix build with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/c41d42fe3489bc63c42e7ce7a9eccb1b4ca7b9b2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e68fdaf414)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:27:40 +01:00
Fabrice Fontaine 4924fcc4bc package/wireshark: security bump to version 2.6.7
Fixes CVE-2019-9208, CVE-2019-9209 and CVE-2019-9214

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1de1fcb4d8)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:27:33 +01:00
Jared Bents d267478615 package/busybox: udhcp CVE-2019-5747 patch
Patch to resolve CVE-2019-5747 which affects versions prior
to 1.30.0

More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2019-5747

This applies to both master and 2019.02

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a49e8f34ff)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:00:29 +01:00
Jared Bents fe3ec98596 package/busybox: udhcp CVE-2018-20679 patch
Patch to resolve CVE-2018-20679 which affects versions prior
to 1.30.0

More information can be found at:
https://nvd.nist.gov/vuln/detail/CVE-2018-20679

This applies to both master and 2019.02

Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d65d1d066b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 21:00:22 +01:00
Vadim Kochan 97634f4ef3 package/efl: fix build with mesa
efl does not compile with mesa without OpenGL ES because it checks for
GL_ES_VERSION_2_0 and declares own GLintptr and GLsizeiptr types if such
version is not defined, but mesa declares them too for OpenGL version
1.5, so fix it by add check also for OpenGL 1.5 where these types are
defined.

Use patch from:
	https://git.enlightenment.org/core/efl.git/commit/?id=0d2b624f1e24240a1c4e651aa1cfe9a8dd10a573

Fixes:
	http://autobuild.buildroot.net/results/62ca120f1e54e8c3ae445f98b2624b526569f007

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 579dfd9499)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3cd71635f7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-19 20:21:50 +01:00
Jörg Krause e1dfd05e05 package/libsoxr: add patch to add Libs.private in soxr.pc
If libsoxr is build statically against libavutil other applications
needs to know that they must link with `-lavutil` when building in a
static context.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1f551e92dc)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:15:58 +01:00
Jörg Krause c0611f9411 Revert "package/libsoxr: add avutil to soxr.pc"
This reverts commit d81870ae81.

The patch attempts to fix static linking with libsoxr when it build with
avutils. The `Libs.private` field should not contain the full absolute path to
the static library, but only the link flags for private libraries, e.g
`-lm`.

Buildroots pkg-config prepends the sysroot to the value found in `Libs.private`
resulting in a malformed linker flag if libavutil is found:

```
-L/home/test/autobuild/run/instance-3/output/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib -lsoxr
/home/test/autobuild/run/instance-3/output/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/home/test/autobuild/run/instance-3/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libavutil.a
```

.. or if libavutils is not found:

```
-L/home/test/autobuild/run/instance-1/output/host/bin/../arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib -lsoxr AVUTIL_LIBRARIES-NOTFOUND
```

Revert this commit and replace the patch by a follow-up patch which only
adds `-lavutil` to `Libs.private` in case it is found and used by
libsoxr.

Fixes:
http://autobuild.buildroot.net/results/6eb4e2c9bd3884ab0152ddf873c20e62f0941181/
http://autobuild.buildroot.net/results/07207b0a58a08bf7c2cb78345a58244b5e6aab0e/

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb271e9d18)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:15:38 +01:00
Xavier Ruppen 2ff5e05f55 package/systemd: fix "Timed out waiting for device /dev/console."
Buildroot built with systemd fails to open a login prompt on the
serial port when /dev/console is specified as BR2_TARGET_GENERIC_GETTY_PORT
(which is its default value):

systemd[1]: dev-console.device: Job dev-console.device/start timed out.
systemd[1]: Timed out waiting for device /dev/console.
systemd[1]: Dependency failed for Serial Getty on console.
systemd[1]: serial-getty@console.service: Job serial-getty@console.service/start failed with result 'dependency'.
systemd[1]: dev-console.device: Job dev-console.device/start failed with result 'timeout'.
systemd[1]: Reached target Login Prompts.
systemd[1]: Reached target Multi-User System.

According to this issue on Github [1], serial-getty@.service should
not be instantiated on /dev/console, console-getty@.service should
be used instead. This stems from the fact that there should be no
dependency on /dev/console.

[1] https://github.com/systemd/systemd/issues/10914

Signed-off-by: Xavier Ruppen <xruppen@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Peter: drop SERVICE variable as suggested by Yann]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 940e7deab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:13:16 +01:00
Fabrice Fontaine 3458e595e8 package/gst-plugins-bad: disable spandsp
gst-plugins-bad does not build with spandsp so disable it (it's already
disabled in gst1-plugins-bad)

Fixes:
 - http://autobuild.buildroot.org/results/842ca572b7810bca70846274262a6fcdb38df49

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit b20f8a893f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:11:54 +01:00
Peter Korsgaard 796faf1c0b config-fragments: drop old crosstool-ng toolchains
These toolchains are very old and cause a number of autobuilder failures
that doesn't happen with more recent toolchains:

Fixes (glibc 2.18 does not provide O_TMPFILE):
http://autobuild.buildroot.net/results/c49e8361a1d4406eefd8fc1b35c8e5b061aa403b

Fixes (x86 toolchain built without libquadmath):
http://autobuild.buildroot.net/results/2d9724f169ccd60c7feb1cb549f1e2e1e9219ac3/

Use Codesourcery ARM toolchain (GCC 4.8.3) to provide a test with a old GCC
version.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d987412147)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:10:31 +01:00
Christian Stewart 53a135e4c8 go: explicitly disable modules to avoid unintended network lookup
Go "modules" refers to the dependency fetching, verification (hashing), and
version control system built into Go as of 1.11.

It is not desirable to have Go modules enabled in Buildroot in the normal case,
as Buildroot manages downloading the sources, and third party dependency
managers are typically not used.

In the absence of the GO111MODULE environment variable, the Go compiler will
correctly compile using the "vendor" version of dependencies downloaded by
Buildroot during the compilation process for Go-based packages.

However, if the user sets the GO111MODULE=on environment variable, the Go
compiler will download the Go dependencies for Buildroot packages, using the
modules system. This is potentially unintended behavior from user environment
variables.

This commit sets the GO111MODULE=off variable in the Go target and host
compilation environments, disabling Go modules support for Buildroot mainline
packages.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f7a2870dd1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 23:07:45 +01:00
Fabrice Fontaine 099c48f1fa package/libraw: security bump to version 0.19.2
- Fixes CVE-2018-5815 and CVE-2018-5816
- README has been renamed into README.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 23fd8458fd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 22:50:37 +01:00
Xavier Ruppen 37c6634283 package/devmem2: Fix DEVMEM2_SITE variable
The old free-electrons.com URL does not seem to work anymore,
resulting in the package failing to build. Use bootlin.com instead.

Signed-off-by: Xavier Ruppen <xruppen@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 408b48b5c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 22:49:29 +01:00
Peter Korsgaard b6c2671db6 {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit cbf1d861fa)
[Peter: drop 4.19.x/4.20.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 22:43:47 +01:00
Peter Korsgaard fbe6a5689e package/runc: blacklist Codesourcery ARM toolchain
Fixes:
http://autobuild.buildroot.net/results/018e309caa0fc662aa2993e47b2037fb6c569011/

This toolchain uses glibc 2.18, which does not provide O_TMPFILE support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ce76a98902)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 17:55:00 +01:00
Christian Stewart 82d40d87b0 runc: depend on linux headers >= 3.11 for O_TMPFILE
Fixes:
http://autobuild.buildroot.net/results/63e9d88ae5177541be463f1e2aafec59aa410479

Add dependency on headers >= 3.11 for O_TMPFILE, used by runc after the
fix for CVE-2019-5736 and propagate to the reverse dependencies of runc.

Notice that C library support for O_TMPFILE is also needed, which was added
in glibc 2.19 and musl 0.9.15.

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: squash series, extend commit message, mention C library dependency,
	fix indentation]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 905e976a6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-17 17:54:51 +01:00
Baruch Siach 89fc6f1d38 package/systemd: add upstream security fixes
CVE-2019-6454: systemd (PID1) crash with specially crafted D-Bus message
from unprivileged user

Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c12b32ba46)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-16 22:38:49 +01:00
Thomas De Schampheleire 5d5579dd34 package/iproute2: backport patch to fix compilation under glibc < 2.18
When compiling iproute2 using a toolchain containing glibc 2.17 and
older, it fails due to a missing definition of AF_VSOCK.

Add a submitted and accepted upstream patch to fix this issue.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a669c0f2f5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-16 22:34:38 +01:00
Fabrice Fontaine 9fdb949203 package/botan: link with libatomic when needed
On some architectures, atomic built-ins are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
 - http://autobuild.buildroot.org/results/a442734c570e4a02854014d831ba3aab9f592430

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ae7ba64501)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-15 16:22:12 +01:00
Peter Korsgaard f4d6d1f83d package/tor: security bump to 0.3.4.11
Release notes:
https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312

Fixes CVE-2019-8955:
KIST can write above outbuf highwater mark
https://trac.torproject.org/projects/tor/ticket/29168

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-15 15:56:13 +01:00
Fabrice Fontaine d8944d527d package/gdb: disable inprocess-agent in static build
Fixes:
 - http://autobuild.buildroot.org/results/b40bdbca6669a81301fca523e982dbc9584a4e65

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2a01a32819)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-13 17:18:20 +01:00
Peter Korsgaard e67fc5c0ca package/perl: security bump to version 5.26.3
Fixes the following security issues:

- [CVE-2018-12015] Directory traversal in module Archive::Tar
- [CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
- [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
- [CVE-2018-18313] Heap-buffer-overflow read in S_grok_bslash_N (regcomp.c)
- [CVE-2018-18314] Heap-buffer-overflow write in S_regatom (regcomp.c)

For more details, see perldelta:
https://metacpan.org/changes/release/SHAY/perl-5.26.3

Bump perlcross to 1.2.2 for perl 5.26.3 support.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-25 08:56:20 +01:00
Alexey Brodkin 665ae7cace package/gcc: enable __cxa_atexit
This is what GCC manual says [1]:
-------------------------->8----------------------
--enable-__cxa_atexit

    Define if you want to use __cxa_atexit, rather than atexit,
    to register C++ destructors for local statics and global objects.

    This is essential for fully standards-compliant handling of destructors,
    but requires __cxa_atexit in libc.

    This option is currently only available on systems with GNU libc
    ...
-------------------------->8----------------------

Important disadvantages of a simple atexit() are that [2]:
-------------------------->8----------------------
1999 C Standard only requires that the implementation support 32
registered functions, although most implementations support many more.

More important it does not deal at all with the ability in most implementations
to remove DSOs from a running program image by calling dlclose
prior to program termination.
-------------------------->8----------------------

Also it seems like all libc's we support in Buildroot (Glibc, uClibc and musl)
support __cxa_at_exit() so enable it unconditionally.

FWIW if we look around we'll see:
 1. In OpenEmbedded it is enabled for everything except gcc-cross-initial: [3], [4]
 2. In Crosstool-NG it is enabled by default: [5]
 3. In OpenWrt it is disabled only for uClibc, otherwise enabled: [6]

So I think we should be good with it as well.

[1] https://gcc.gnu.org/install/configure.html
[2] https://itanium-cxx-abi.github.io/cxx-abi/abi.html#dso-dtor-motivation
[3] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-configure-common.inc#L59
[4] https://github.com/openembedded/openembedded-core/blob/master/meta/recipes-devtools/gcc/gcc-cross-initial.inc#L23
[5] https://github.com/crosstool-ng/crosstool-ng/blob/master/config/cc/gcc.in#L270
[6] https://github.com/openwrt/openwrt/blob/master/toolchain/gcc/common.mk#L170

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Nicolas Cavallari <Nicolas.Cavallari@green-communications.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Mark Corbin <mark.corbin@embecosm.com>
Cc: Romain Naour <romain.naour@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Claudiu Zissulescu <claziss@synopsys.com>
Cc: Cupertino Miranda <cmiranda@synopsys.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3e53b51983)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-24 22:05:34 +01:00
Peter Korsgaard 8147c71039 Update for 2018.11.3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-23 23:13:58 +01:00
Grégoire Delattre 8ead378c7e board/pc: fix typo in board/pc/post-build.sh
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9f1256e1aa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-23 22:52:35 +01:00
Fabrice Fontaine 54ef49d468 package/reaver: fix build on m68k
Fixes:
 - http://autobuild.buildroot.org/results/935c038b921ffa0f185571de41223e4c201e964b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 26d0729789)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-23 19:40:38 +01:00
Peter Korsgaard c1ad352d26 package/bind: security bump to version 9.11.5-P4
Fixes the following security issues:

- named could crash during recursive processing of DNAME records when
  deny-answer-aliases was in use.  This flaw is disclosed in CVE-2018-5740.
  [GL #387]

- When recursion is enabled but the allow-recursion and allow-query-cache
  ACLs are not specified, they should be limited to local networks, but they
  were inadvertently set to match the default allow-query, thus allowing
  remote queries.  This flaw is disclosed in CVE-2018-5738.  [GL #309]

- Code change #4964, intended to prevent double signatures when deleting an
  inactive zone DNSKEY in some situations, introduced a new problem during
  zone processing in which some delegation glue RRsets are incorrectly
  identified as needing RRSIGs, which are then created for them using the
  current active ZSK for the zone.  In some, but not all cases, the
  newly-signed RRsets are added to the zone's NSEC/NSEC3 chain, but
  incompletely -- this can result in a broken chain, affecting validation of
  proof of nonexistence for records in the zone.  [GL #771]

- named could crash if it managed a DNSSEC security root with managed-keys
  and the authoritative zone rolled the key to an algorithm not supported by
  BIND 9.  This flaw is disclosed in CVE-2018-5745.  [GL #780]

- named leaked memory when processing a request with multiple Key Tag EDNS
  options present.  ISC would like to thank Toshifumi Sakaguchi for bringing
  this to our attention.  This flaw is disclosed in CVE-2018-5744.  [GL
  #772]

- Zone transfer controls for writable DLZ zones were not effective as the
  allowzonexfr method was not being called for such zones.  This flaw is
  disclosed in CVE-2019-6465.  [GL #790]

For more details, see the release notes:

http://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html

Change the upstream URL to HTTPS as the webserver uses HSTS:

>>> bind 9.11.5-P4 Downloading
URL transformed to HTTPS due to an HSTS policy

Update the hash of the license file to account for a change of copyright
year:

-Copyright (C) 1996-2018  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 12f644e2c5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-23 19:36:58 +01:00
Baruch Siach 37f35c2bc9 package/unzip: add security and bug fix patches from Debian
Debian bug #741384: Buffer overflow

Debian bug #744212: Buffer overflow

CVE-2014-8139: CRC32 verification heap-based overflow

CVE-2014-8140: Out-of-bounds write issue in test_compr_eb()

CVE-2014-8141: Out-of-bounds read issues in getZip64Data()

CVE-2014-9636: Heap overflow

CVE-2015-7696: Heap overflow when extracting password-protected archive

CVE-2015-7697: Infinite loop when extracting password-protected archive

Red Hat Bugzilla #1260944: Unsigned overflow on invalid input

Debian bug #842993: Do not ignore Unix Timestamps

CVE-2014-9913: Buffer overflow

CVE-2016-9844: Buffer overflow in zipinfo

CVE-2018-1000035: Buffer overflow in password protected ZIP archives

Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 872561cd5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-23 19:34:30 +01:00
Thomas De Schampheleire 2dafedb694 package/dtc: additional fix of include guards for older u-boot
With recent dtc but old u-boot, compilation issues occur related to libfdt.
These problems really are u-boot issue since it does not properly set
include paths so that its own headers are included. Nevertheless, since the
u-boot version is typically decided by users and stuck at some version
provided by a SoC or board vendor, it is not feasible to fix those old
versions.

Instead, already several fixes were made in the past, in Buildroot.
See commits:

c7ffd8a75d "package/dtc: fix include guards for older kernel/u-boot"
f437bf547c "uboot: fix build for older uboot source trees"
bf73334232 "uboot: fix build when libfdt-devel is installed system-wide"
0bf80e4bcd "uboot: ensure host includes are searched before system default
                includes"
b15a7a62d3 "uboot: revert "uboot: use local libfdt.h""
baae5156ce "uboot: use local fdt headers"
3a6573ccee "uboot: use local libfdt.h"

Commit c7ffd8a75d fixes the problem caused by
dtc having changed their include guards from _FOO_H to FOO_H (leading
underscore removed). Old u-boot would still use _FOO_H, which (combined with
host-dtc headers that use FOO_H) would cause the inclusion of two different
copies of the same nominal include file, e.g. libfdt.h or libfdt_env.h,
causing 'error: redefinition of xxx' compilation issues.
The fix sets the 'new' include guard when the 'old' one is detected,
preventing a second inclusion of the same nominal file.

For some u-boot versions, however, this change not only needs to be made in
libfdt.h and libfdt_env.h, but also in 'fdt.h'.

Update the dtc patch to do just that.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 4c24006b0e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 14:16:16 +01:00
Matt Weber a744c5c4da package/proftpd: prevent openssl pthread detection
The proftpd configure script doesn't use pkg-config to detect openssl
libraries. Instead, it just adds -lcrypto. Since openssl may be linked
with pthread, it tries to detect that by calling 'openssl version -f',
which gives the arguments with which openssl was compiled.

Since the openssl executable used is either host-openssl or the system
installed openssl, the output of 'openssl version -f' is useless in
Buildroot context. If the target toolchain doesn't have threads support,
it will wrongly pick up -pthread from host-openssl.

Fortunately there is a simple workaround: --without-openssl-cmdline says
that there is no openssl executable and skips the test, so -pthread is
not added. It turns out -pthread is never needed, even in static linking
cases, because openssl/libressl puts the thread support in a separate
object file that only gets linked in if the program actually uses
threads (which proftpd doesn't).

Fixes:
http://autobuild.buildroot.net/results/9c25c3cb3cf93b76c0538c5376a803641bf6575b

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[Rewrite commit log, after additional analysis and testing]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 51bb23652f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:33:38 +01:00
Fabrice Fontaine 7953a0d206 package/swupdate: update license files
COPYING contains only the license for GPL-2.0 so use the new license
files that have been added in the Licenses directory since version
2018.03 and
https://github.com/sbabic/swupdate/commit/32c1f98eaca69e362be074197f84a59d994c0876

Also update GPL-2.0+ to "GPL-2.0+ with OpenSSL exception" and add
Exceptions file, see:
https://github.com/sbabic/swupdate/commit/66d0dbe80f49eb49f8999c9d738579651fc38134

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d5f4b3621d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:31:29 +01:00
Yann E. MORIN 1520bdf65d package/imagemagick: fixup help text layout
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 858d2e9a27)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:29:51 +01:00
Gary Bisson 7b4ff16dd1 DEVELOPERS: update email address for Gary Bisson
Signed-off-by: Gary Bisson <bisson.gary@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 74693e09ae)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:29:30 +01:00
Gervais, Francois 6cb89720a2 systemd: Remove instance name usage in a non-template unit file
console-getty.service is not a template unit file (it doesn't have the
@ specifier), so %I doesn't get properly expanded in it. Thus, getty
startup will fail due to invalid options and no getty prompt is launched
on the console.

Fixes:
No getty prompt on boot

Signed-off-by: Francois Gervais <fgervais@distech-controls.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 77c057939d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:25:00 +01:00
Baruch Siach 19c889f776 package/poco: disable build for riscv
poco does not support the riscv target.

Fixes:
http://autobuild.buildroot.net/results/9a8/9a8213c502df53222eafc3ecd2fcfa36db20950b/
http://autobuild.buildroot.net/results/dd4/dd48cac70e8cb697b42ee51561902df81edcea40/
http://autobuild.buildroot.net/results/030/030c6cc8e2a59b015f8f3793d76234a2ef4ab772/

Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 0737f48c5f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:19:54 +01:00
Peter Korsgaard 487c31adca package/postgresql: bump to version 11.2
Fixes a long standing fsync issue and a number of other bugs:
https://www.postgresql.org/docs/11/release-11-2.html

https://wiki.postgresql.org/wiki/Fsync_Errors

The hash of the license file is only changed due to a year update:

-Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
+Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: update commit log to explain why the license file hash has
changed, as repoted by Peter Seiderer]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit d04a1efcb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:03:56 +01:00
Fabrice Fontaine f549b24581 package/log4cplus: link with libatomic when needed
On some architectures, atomic binutils are provided by the libatomic
library from gcc. Linking with libatomic is therefore necessary,
otherwise the build fails with:

sparc-buildroot-linux-uclibc/sysroot/lib/libatomic.so.1: error adding symbols: DSO missing from command line

This is often for example the case on sparcv8 32 bit.

Fixes:
 - http://autobuild.buildroot.org/results/16e360cb91afff7655f459a3d1fb906ca48f8464

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit a2fee08208)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 13:02:02 +01:00
Fabrice Fontaine a2975ab78e package/xenomai: fix build with gcc 8
Fixes:
 - http://autobuild.buildroot.org/results/3a53f54476828ee878602da9adddf1e1e70f7a69

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 85b3d8006b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 12:49:38 +01:00
Fabrice Fontaine 3064d39e5c package/safeclib: fix build with gcc 7
Fixes:
 - http://autobuild.buildroot.org/results/f4fe6bf54d213ca75bc1f16df61f8f92e648288e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ed5aa81b51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 12:48:18 +01:00
Yann E. MORIN f8373b57bb linux: don't check hashes for user-supplied patches
We have virtually no way to know the hashes for user-supplied patches,
so we should just ignore them.

Reported-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Simon van der Veldt <simon.vanderveldt@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3ae8dab9e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 12:45:36 +01:00
Peter Seiderer ef8c65c290 package/qt5/qt5base: handle sse2/sse3/ssse3/sse4.1/sse4.2/avx/avx2 configuration
The Qt configure auto detection (and announced runtime detection
feature) failes (see e.g. [1]), so override the configuration
with the buildroot determined settings.

[1] http://lists.busybox.net/pipermail/buildroot/2019-January/241862.html

Reported-by: David Picard <dplamp@gmx.com>
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 8f9009e5bd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 11:08:19 +01:00
Peter Seiderer ebf95cc9cb package/pulseaudio: fix S50pulseaudio init script
- fix the following start warnings:

  W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set.
  W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode.
  N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time.

- fix the following stop error:

  E: [pulseaudio] main.c: Failed to kill daemon: No such process

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 597b529927)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 11:04:05 +01:00
Fabrice Fontaine e8c20941cc package/madplay: fix static build
Add a patch to use pkg-config to find id3tag dependency (-lz)

Fixes:
 - http://autobuild.buildroot.org/results/5e4882ddacf205a92a3ff1e79649cf16e4b6c0ae

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Arnout: add comment to AUTORECONF to refer to the patch]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit da304a832b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 17:18:21 +01:00
Fabrice Fontaine 72751071f9 package/libid3tag: fix id3tag.pc
Add -lz to id3tag.pc, this fix is needed to be able to use pkg-config in
madplay to find id3tag dependencies

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit aa813cd9ac)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 17:18:21 +01:00
Jörg Krause 20bc4161a9 package/libid3tag: add .pc file and install to staging hook
The MPD project dropped autotools support in version 0.21.x in favor of
meson. While adapting the package to the meson build infrastructure, the
recognition of libid3tag failed, as only pkg-config is used to detect
the library. Note, that the version bump of the mpd package to 0.21.x is
not submitted, yet.

To help finding the build system to detect libid3tag with pkg-config
properly, add a .pc file and install it to staging.

This is exactly what Debian and Fedora do as well.

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d6b68e6b6a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 17:18:21 +01:00
Fabrice Fontaine 9d27255a4e package/madplay: add hash for license files
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c4211a7d64)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 17:14:59 +01:00
Fabrice Fontaine 3a56499bcf package/madplay: needs autoreconf
madplay uses a very old configure script.

When the toolchain lacks C++ and the build machine lacks /lib/cpp, this
old configure script fails because it can't find a C++ preprocessor that
is valid:

    checking for arm-buildroot-linux-uclibcgnueabi-g++... no
    checking whether we are using the GNU C++ compiler... no
    checking whether no accepts -g... no
    checking dependency style of no... none
    checking how to run the C++ preprocessor... /lib/cpp
    configure: error: C++ preprocessor "/lib/cpp" fails sanity check
    See `config.log' for more details.

This is yet another case that was tentatively fixed by bd39d11d2e
(core/infra: fix build on toolchain without C++), further amended by
4cd1ab1588 (core: alternate solution to disable C++).

However, this only works on libtool scripts that are recent enough, and
thus we need to autoreconf to get it.

We also need to patch configure.ac so that it does not fail on the
missing, GNU-specific files: NEWS, AUTHORS, and Changelog.

Finally, remove also patch on ltmain.sh and MADPLAY_LIBTOOL_PATCH=NO as
autoreconf will create an up to date ltmain.sh

Fixes:
 - http://autobuild.buildroot.org/results/fc927de0e9a42095789fb0a631d5facf14076f6e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit c05cc5de86)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 17:14:40 +01:00
Peter Korsgaard 2d11207f16 package/python-django: security bump to version 2.1.7
Fixes the following security issues:

CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the
the floatformat, filesizeformat, and intcomma templates filters – received a
Decimal with a large number of digits or a large exponent, it could lead to
significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using
scientific notation.

https://docs.djangoproject.com/en/2.1/releases/2.1.6/

2.1.6 contained a packaging error, fixed by 2.1.7:

https://docs.djangoproject.com/en/2.1/releases/2.1.7/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 653f86c0e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 14:06:27 +01:00
Bartosz Golaszewski b515faa339 package/libgpiod: bump version to v1.2.1
This is a bugfix release fixing two problems with C++ bindings.

Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 92f34e8fe2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 14:05:09 +01:00
Peter Korsgaard 650c9e082b {linux, linux-headers}: bump 4.{4, 9, 14, 19, 20}.x series
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e4bbdeec9d)
[Peter: drop 4.19.x/4.20.x bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 14:01:24 +01:00
Thomas Petazzoni b3865d4ae7 package/efivar: needs host gcc >= 4.8
The efivar code compiled for the host machine uses
__builtin_bswap16(), which is only available starting from gcc 4.8:

  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=52624

So let's add a dependency on host gcc >= 4.8 to efivar and its unique
reverse dependency, efibootmgr.

Fixes:

  http://autobuild.buildroot.net/results/48ba906bb6f4dc0c8af43ec11be64f7168dd62fd/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2135e869a0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 13:56:16 +01:00
Peter Korsgaard e9eea85162 utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling
For details, see https://github.com/snyk/zip-slip-vulnerability

Older python versions do not validate that the extracted files are inside
the target directory.  Detect and error out on evil paths before extracting
.zip / .tar file.

Given the scope of this (zip issue was fixed in python 2.7.4, released
2013-04-06, scanpypi is only used by a developer when adding a new python
package), the security impact is fairly minimal, but it is good to get it
fixed anyway.

Reported-by: Bas van Schaik <security-reports@semmle.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a83e30ad63)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 13:53:59 +01:00
Thomas Petazzoni 80375ba988 package/docker-containerd: fix typo in uclibc dependency
Commit 6e3f7fbc07 ("package/runc: add
upstream security fix for CVE-2019-5736") added a dependency of
docker-containerd to uclibc (inherited from runc), but the depends on
has a typo that makes it ineffective. Due to this, docker-containerd
can still be selected in uClibc configurations, causing runc to be
build, and failing to build due fexecve() being missing in uClibc.

Fixes:

  http://autobuild.buildroot.net/results/64ecdb1e007106fdb05979b10b42b90591255504/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 17c7b93379)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 13:49:48 +01:00
Peter Korsgaard 8529a378f8 package/runc: add upstream security fix for CVE-2019-5736
The vulnerability allows a malicious container to (with minimal user
interaction) overwrite the host runc binary and thus gain root-level
code execution on the host. The level of user interaction is being able
to run any command (it doesn't matter if the command is not
attacker-controlled) as root within a container in either of these
contexts:

  * Creating a new container using an attacker-controlled image.
  * Attaching (docker exec) into an existing container which the
    attacker had previous write access to.

For more details, see the advisory:

https://www.openwall.com/lists/oss-security/2019/02/11/2

The fix for this issue uses fexecve(3), which isn't available on uClibc, so
add a dependency on !uclibc to runc and propagate to the reverse
dependencies (containerd/docker-engine).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6e3f7fbc07)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 13:48:52 +01:00
Christian Stewart 0011277a9d package/runc: bump to version 1.0.0-rc6
Previously, a specific commit hash from the Docker runc.installer was
used to determine the required runc version for the Docker
Engine. This old commit hash used was a untagged pre-1.0.0 release of
runc, closer to an earlier release candidate.

The runc version used in the Debian distribution is not the pinned
version previously used by Buildroot. It is the latest release
candidate. The latest release candidate is known to be compatible with
the Docker Engine, and there is no justification for pinning to an
older RC anymore.

This commit bumps to the latest RC, 1.0.0-rc6. A v1.0.0 is expected
soon.

Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 247bb52b9c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 13:48:46 +01:00
Baruch Siach 8ed3d05594 package/ghostscript: add upstream security fixes
CVE-2019-6116: Remote code execution.

https://www.openwall.com/lists/oss-security/2019/01/23/5

Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2e060d64e2)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:46:13 +01:00
Baruch Siach 4db33a101a package/libarchive: add upstream security fixes
CVE-2019-1000019: Crash when parsing some 7zip archives.

CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause
read_CE() to loop forever.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 0526c9f781)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:45:17 +01:00
Matt Weber 8a7ad24530 package/sqlcipher: force libopenssl
v3.2.0 has a bug in the configure step which causes it to fail when being
built against libressl. As libopenssl is selected as the default, the
autobuilders have not uncovered this failure. The issue has been confirmed
in LTS 2018.02.10 (probably broken prior to that as well) and is not
related to the Openssl bump to 1.1.x.

Thread with more details
http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 886f3109a5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:43:50 +01:00
Baruch Siach fb8d97f58c package/jpeg-turbo: add upstream security fixes
CVE-2018-20330: Integer overflow causing segfault occurred when
attempting to load a BMP file with more than 1 billion pixels using the
`tjLoadImage()` function.

CVE-2018-19664: Buffer overrun occurred when attempting to decompress a
specially-crafted malformed JPEG image to a 256-color BMP using djpeg.

Cc: Murat Demirten <mdemirten@yh.com.tr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit f60925beda)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:34:34 +01:00
Fabrice Fontaine df52152451 jpeg-turbo: bump to version 2.0.1
Remove patch (already in version), see:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/950580eb0c020598a4c6c8aa46c86e31062e1ddc

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 95c78d277c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:34:28 +01:00
Baruch Siach a65615d954 openssh: add upstream security fixes
CVE-2019-6109: Due to missing character encoding in the progress
display, a malicious server (or Man-in-The-Middle attacker) can employ
crafted object names to manipulate the client output, e.g., by using
ANSI control codes to hide additional files being transferred. This
affects refresh_progress_meter() in progressmeter.c.

CVE-2019-6111: Due to the scp implementation being derived from 1983
rcp, the server chooses which files/directories are sent to the client.
However, the scp client only performs cursory validation of the object
name returned (only directory traversal attacks are prevented). A
malicious scp server (or Man-in-The-Middle attacker) can overwrite
arbitrary files in the scp client target directory. If recursive
operation (-r) is performed, the server can manipulate subdirectories as
well (for example, to overwrite the .ssh/authorized_keys file).

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7fe3741bc4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:32:40 +01:00
Thomas Petazzoni bb741013e3 package/sg3_utils: ensure to build against librt when needed
The sg3_utils has provisions to build against librt when needed, but
forgot to use that mechanism for the sg_turs program. This commit
fixes that. The patch has been submitted upstream to the sg3_utils
author.

Fixes:

  http://autobuild.buildroot.net/results/67b890a41d05497820ea4f44e187257dd6818b0b/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Tested-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit bb912b4ab0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:31:15 +01:00
Fabrice Fontaine 34c151a046 package/libupnp18: fix static linking with mpd
- Add a call to PKG_CHECK_MODULES in configure.ac to get openssl
  libraries and its dependencies if openssl support is enabled
- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
  pupnp (such as mpd) will be able to retrieve openssl libraries

Fixes:
 - http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2f67573373)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:28:50 +01:00
Adrian Perez de Castro 5443f89ae6 package/webkitgtk: security bump to version 2.22.6
This is a maintenance release of the current stable WebKitGTK+ version,
which contains security fixes for CVE identifiers: CVE-2019-6212,
CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6226,
CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, and CVE-2019-6234.
Additionally, it contains a few minor fixes.

Release notes can be found in the announcement:

  https://webkitgtk.org/2019/02/09/webkitgtk2.22.6-released.html

More details on the issues covered by securit fixes can be found
in the corresponding security advisory:

  https://webkitgtk.org/security/WSA-2019-0001.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 971afefaab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:25:54 +01:00
Peter Korsgaard 19d5c1da45 package/mosquitto: bump to version 1.5.7
Bugfix release, fixing a number of issues discovered post-1.5.6.

Drop patches as they are now included upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 640153775b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:23:36 +01:00
Peter Korsgaard 722ce8d620 package/mosquitto: security bump to version 1.5.6
Fixes the following security issues:

CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password.  If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username.  In particular, a
blank line will be treated as a valid empty username.  Other security
measures are unaffected.  Users who have only used the mosquitto_passwd
utility to create and modify their password files are unaffected by this
vulnerability.  Affects version 1.0 to 1.5.5 inclusive.

CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied.  Although denying access to all topics
is not a useful configuration, this behaviour is unexpected and could lead
to access being incorrectly granted in some circumstances.  Affects versions
1.0 to 1.5.5 inclusive.

CVE-2018-12546: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers.  This
behaviour may be undesirable in some applications, so a configuration option
check_retain_source has been introduced to enforce checking of the retained
message source on publish.

Add two upstream post-1.5.6 patches to fix a build error in the bridge code
when ADNS is enabled and when building with older toolchains not defaulting
to C99 mode.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e478977071)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:23:28 +01:00
Bernd Kuhls 2c0a6c34f8 package/php: security bump to version 7.2.15
Rebased patch 0004.

This bump fixes https://bugs.php.net/bug.php?id=77369,
status of CVE-ID: needed

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e5e40c94b3)
[Peter: bump to 7.2.15 instead]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-21 11:22:01 +01:00
Yann E. MORIN cc4bf0c323 core/pkg-infra: restore completeness of packages files lists
In commit 7fb6e78254 (core/instrumentation: shave minutes off the
build time), the built stampfile is used as a reference to detect files
installed by a package.

However, packages may install files keeping their mtime intact, and we
end up not detecting this. For example, the internal skeleton package
will install (e.g.) /etc/passwd with an mtime of when the file was
created in $(TOP_DIR), which could be the time the git repository was
checked out; that mtime is always older than the build stamp file, so
files installed by the skeleton package are never accounted for to that
package, or to any other package for that matters.

We switch to an alternate solution, which consists of storing some extra
metadata per file, so that we can more reasily detect modifications to
the files. Then we compare the state before the package is installed (by
reusing the existing list) and after the package is installed, compare
that to list any new file or modified files (in reality, ignoring
untouched and removed files). Finally, we store the file->package
association in the global list and store the new stat list as the global
list.

The format used for the .stat file is:

mtime:inode:perms:filetype:size,filename

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Cc: Trent Piepho <tpiepho@impinj.com>

[Peter: rename files, reformat, only look for files and symlinks and pass
	LC_ALL=C to comm as pointed out by Thomas De Schampheleire]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

(cherry picked from commit 3c8f0d9efa)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 21:03:58 +01:00
Matt Weber 000dfb84f1 package/gnuradio: disable xml document generation
Fixes
http://autobuild.buildroot.net/results/f94/f941d84c781b524530770f5b9360863a821e8ba1/

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit e43cbb3cc1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 20:56:16 +01:00
Peter Korsgaard 781ade9217 package/libcurl: security bump to version 7.64.0
Fixes the following security issues:

CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
https://curl.haxx.se/docs/CVE-2018-16890.html

CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
https://curl.haxx.se/docs/CVE-2019-3822.html

CVE-2019-3823: SMTP end-of-response out-of-bounds read
https://curl.haxx.se/docs/CVE-2019-3823.html

The copyright year changed in the COPYING file, so update the hash.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit e8a361b8d7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 20:48:47 +01:00
Chris Lesiak 5a849d26e0 package/openssh: Add sysusers.d snippet
Whether using the new sysusers.d snippet, or adding an entry to
/etc/password, set the service's home directory to /var/empty.
See README.privsep included as part of the openssh distribution.

Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit 9acbf811cd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 08:30:44 +01:00
Joel Carlson 95133ebdbc core/sdk: don't mangle symlinks with '.' or '..' at start
The current transform changes any '.' at the start of a filename to
$(BR2_SDK_PREFIX). This also applies to the target of a symlink, when
it is relative.

We thus might end up with something like:
    $(BR2_SDK_PREFIX)/bin/aarch64-linux-gnu-ar ->
    $(BR2_SDK_PREFIX)./opt/ext-toolchain/bin/aarch64-linux-gnu-ar

when it should be:
    $(BR2_SDK_PREFIX)/bin/aarch64-linux-gnu-ar ->
    ../opt/ext-toolchain/bin/aarch64-linux-gnu-ar

We fix that by making sure we always remove a known prefix, i.e. we
remove the path to host dir. The obvious solution would be to cd into
$(HOST_DIR)/.. , then tar ./host/ and finally use a --transfrom pattern
as 's,^\./$(notdir $(HOST_DIR)),$(BR2_SDK_PREFIX)'.

Since $(HOST_DIR) can point to a user-supplied location, we don't know
very well how the pattern may patch.

Instead, we cd into / and tar the full path to $(HOST_DIR).

Since tar removes any leading '/', it would spurr a warning message,
which is annoying. So we explicitly remove the leading '/' from
$(HOST_DIR) when we tar it.

Finally, we transform all filenames to replace a leading $(HOST_DIR)
(without a leading /) to the prefix to use.

Signed-off-by: Joel Carlson <JoelsonCarl@gmail.com>
[yann.morin.1998@free.fr:
  - use a single transform pattern
  - use full HOST_DIR path as pattern to replace
  - update commit log accordingly
]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

(cherry picked from commit 8fed162987)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 08:28:23 +01:00
Mikael Eliasson 716f7a9759 package/libb64: fix integer overflow and uninitialized C++ objects
Fixes a runtime bug on compilers where unsigned char is the default.
Fixes a runtime bug where _state variable in the encoder and decoder
c++ objects where not initialized by the constructors.

Signed-off-by: Mikael Eliasson <mikael@robomagi.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 3d76bde1a9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-19 08:24:37 +01:00
Jim Brennan dfbd3557b0 package/dhcpcd: systemv and systemd services conflict with NetworkManager
When NetworkManager and dhcpcd packages are both enabled, dhcpcd
services and NetworkManager both spawn dhcpcd. This causes the network
port to retrieve an IP address and later lose it a few seconds after
startup.

This patch prevents dhcpcd services from launching dhcpcd if
NetworkManager is enabled.

Signed-off-by: Jim Brennan <jbrennan@impinj.com>
[Thomas: add a comment in the code to explain the seemingly strange
condition.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

(cherry picked from commit 4b530daf42)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 23:41:37 +01:00
Peter Seiderer cd909750ea package/meson: fix RPATH patch
The re-added ([1]) patch missed to remove two lines of the original
unconditional code.

[1] https://git.buildroot.net/buildroot/commit/?id=5c939246a802c0ad9704dac1505105037542a1d3

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5c97f7387b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 23:40:26 +01:00
David J. Fogle 17e740380b package/systemd: set vconsole support option to default y
Without support for vconsole, systemd will abruptly kill anything
spawned on the console, thus preventing users from loging in from
the console, effectively locking them out if the target does not
have another mean of logging in (no sshd, no serial line...)

We fix that by making support for vconsole default to y, since
logging in from the console if more frequent than not. Users can
still de-activate it when they know they don't need it.

Note that logging from a serial line is not impacted, and still
works whether vconsole is enabled or not.

Signed-off-by: David Fogle <david.j.fogle@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit fc0787e76e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 23:26:14 +01:00
Joseph Kogut e705c89373 package/postgresql: change systemd service type to notify
During activation, pg_ctl uses exec to start the db server, which causes
the service to never finish activating when Type=forking. Upstream
recommends configuring --with-systemd and using Type=notify.

https://www.postgresql.org/docs/10/static/server-start.html

Upstream says:
    When using systemd, you can use the following service unit file
    [...]
    Using Type=notify requires that the server binary was built with
    configure --with-systemd.

Signed-off-by: Joseph Kogut <joseph.kogut@gmail.com>
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit eada187e77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 23:23:40 +01:00
Thomas De Schampheleire bb8928b34e support/download/scp: fix download with scheme prefix 'scp://'
The scp download helper is broken when the server URL starts with 'scp://'.
Such prefix is used in two situations:
1. to let FOO_SITE point to an scp location without explicitly having to set
   'FOO_SITE_METHOD = scp'

2. when BR2_PRIMARY_SITE or BR2_BACKUP_SITE points to an scp location. In
   this case, there is no equivalent of 'SITE_METHOD'.

Strip out the scheme prefix, similarly to how the 'file' download helper
does it. That helper has the same cases as above.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit aa62b36456)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 23:19:01 +01:00
Peter Korsgaard 68d6a01989 package/dovecot: security bump to version 2.3.4.1
Fixes the following security issues:

 * CVE-2019-3814: If imap/pop3/managesieve/submission client has
   trusted certificate with missing username field
   (ssl_cert_username_field), under some configurations Dovecot
   mistakenly trusts the username provided via authentication instead
   of failing.

 * ssl_cert_username_field setting was ignored with external SMTP AUTH,
   because none of the MTAs (Postfix, Exim) currently send the
   cert_username field. This may have allowed users with trusted
   certificate to specify any username in the authentication. This bug
   didn't affect Dovecot's Submission service.

For more details, see the announcement:
https://www.dovecot.org/list/dovecot-news/2019-February/000394.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit a30d577a4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:27:51 +01:00
Bernd Kuhls 81701bd292 package/{dovecot, dovecot-pigeonhole}: bump version to 2.3.4, 0.5.4
We need to bump both packages in one commit:

https://dovecot.org/pipermail/dovecot-news/2018-November/000392.html

 Adjustments to several changes in Dovecot v2.3.4 make this Pigeonhole
 release dependent on that Dovecot release; it will not compile against
 older Dovecot versions. And, conversely, you need to upgrade
 Pigeonhole when upgrading Dovecot to v2.3.4.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 5c47cabd17)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:27:43 +01:00
Angelo Compagnucci f267c07967 linux: bump Linux CIP to version v4.4.171-cip30
This patch bumps the Linux CIP version to v4.4.171-cip30 and updates the
download url to the new official one.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fb26b85b90)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:22:35 +01:00
Thomas De Schampheleire bfd008d132 Makefile: unexport 'PLATFORM' and 'OS' environment variables
Some package builds may fail when environment variables are present with the
same names as make variables in a package. This is a bigger problem for
environment variables with generic names, like 'PLATFORM' and 'OS'.

'PLATFORM' is for example a problem for host-acl.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit d3e535a839)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:15:22 +01:00
Thomas De Schampheleire 6c0df3ee21 support/scripts/setlocalversion: ignore user settings for Mercurial
setlocalversion will use 'hg id' to determine whether or not the current
revision is tagged. If there is no tag, the Mercurial revision is printed,
otherwise nothing is printed.

The problem is that the user may have custom configuration settings (in
their ~/.hgrc file or similar) that changes the output of 'hg id' in a way
that the script does not expect. In such cases, the Mercurial revision may
not be printed or printed incorrectly.

It is good practice to ignore the user environment when calling Mercurial
commands from a well-defined script, by setting the environment variable
HGRCPATH to the empty string. See also 'hg help environment'.

In the particular case of Nokia, a custom extension adds dynamic tags in the
repository, i.e. tags that are stored in a file external to the repository
and only visible when the extension is active. These tags should not
influence the behavior of setlocalversion as they are not official Buildroot
tags, i.e. even if a revision is tagged, the Mercurial revision should still
be printed.

Note that this still does not solve the problem where an organization adds
_real_ tags in their Buildroot repository. For example, there might be a
moving tag 'last-validated' or tags indicating in which product release that
Buildroot revision was used. In these cases, setlocalversion will still not
behave as expected, i.e. show the Mercurial revision.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 44084aa981)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:12:46 +01:00
Thomas De Schampheleire a4fea6d9ff support/scripts/setlocalversion: fix detection of hg revision when _not_ on branch 'default'
When Buildroot is stored in a Mercurial repository on a branch other than
'default' ('master' in git terms), setlocalversion (used to populate
/etc/os-release) will incorrectly think that this is a tagged version and
will NOT print out the revision hash.

This is due to the fact that the output of 'hg id' is assumed to be
    "<revision> <tags-if-any>"
but when on a branch it actually is:
    "<revision> (<branch>) <tags-if-any>"

To let setlocalversion receive the output it expects, explicitly ask 'hg id'
to retrieve only the revision hash and any tags, ommitting any branch
information.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 57e6dcf5fb)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 17:12:41 +01:00
Fabrice Fontaine d0af3400db package/libgeotiff: fix build without C++
Do not check for C++ compiler as libgeotiff is written in C otherwise
build will fail on toolchains without a working C++ compiler:

checking how to run the C++ preprocessor... /lib/cpp
configure: error: in
`/data/buildroot/buildroot-test/instance-1/output/build/libgeotiff-1.4.2':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check

Fixes:
 - http://autobuild.buildroot.org/results/72f1c5c1b8fc337a1cff4b280abe99afd65f945b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 2693362a04)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 16:43:53 +01:00
Chris Lesiak ebdf6ec46d package/openssh: Set /var/empty permissions
The openssh privilege separation feature, enabled by default,
requires that the path /var/empty exists and has certain permissions
(not writable by the sshd user). Note that nothing ever gets writting
in this directory, so it works fine on a readonly rootfs.

See README.privsep included as part of the openssh distribution.

Signed-off-by: Chris Lesiak <chris.lesiak@licor.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f85665c585)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-18 16:42:31 +01:00
Peter Korsgaard c517779fcb package/python3: add upstream security fix for CVE-2019-5010
Fixes CVE-2019-5010: NULL pointer dereference using a specially crafted X509
certificate

https://bugs.python.org/issue35746

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3191d1624e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-15 16:02:28 +01:00
Peter Korsgaard b8b1bfae81 package/python: add upstream security fix for CVE-2019-5010
Fixes CVE-2019-5010: NULL pointer dereference using a specially crafted X509
certificate

https://bugs.python.org/issue35746

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2e07eaa7c0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-15 16:02:01 +01:00
Peter Korsgaard d9c73943e3 package/docker-engine: drop unused _DAEMON option
Since commit de336584d2 (package/docker-engine: split docker-{cli, engine},
bump to v18.09.0), the docker-engine package only builds the daemon part,
and the .mk file no longer use the _DAEMON option, so drop it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Tested-by: Christian Stewart <christian@paral.in>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1c47edee82)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-15 16:01:52 +01:00
Peter Korsgaard 7e8d02140f docker-compose: backport upstream patch for pyyaml 4.x support
Otherwise docker-compose fails at runtime with:

docker-compose
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 6, in <module>
    from pkg_resources import load_entry_point
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3123, in <module>
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3107, in _call_aside
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3136, in _initialize_master_working_set
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 580, in _build_master
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 593, in _build_from_requirements
  File "usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 781, in resolve
pkg_resources.DistributionNotFound: The 'PyYAML<4,>=3.10' distribution was not found and is required by docker-compose

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 3019b97648)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-01-31 12:28:13 +01:00
192 changed files with 6759 additions and 1113 deletions
+42
View File
@@ -1,3 +1,45 @@
2018.11.4, Released March 28th, 2019
Important / security related fixes.
Updated/fixed packages: avahi, beecrypt, binutils, botan,
busybox, clamav, cups, devmem2, efl, fetchmail, file, fltk,
gcc, gdb, git, go, gst-plugins-bad, iproute2, jq,
kf5-modemmanager-qt, leveldb, libopenssl, libraw, libseccomp,
libsoxr, libssh2, mariadb, mosquitto, nodejs, ntp, openjpeg,
perl, php, putty, qt5webkit, rdesktop, runc, samba4, swupdate,
systemd, tor, vsftpd, wireshark, xapp_xdm, xen, xlib_libXdmcp
2018.11.3, Released February 23th, 2019
Important / security related fixes.
Ensure the PLATFORM and OS environment variables are not set,
as they cause build issues for some packages.
The package list infrastructure now correctly handles packages
installing files with old mtime.
Linux: Skip hash checks for user supplied downloadable
patches, as no hash checksums are available for those.
scanpypi: protect against zip-slip vulnerability in zip/tar
handling
Download: fixes for SSH/SCP support
SDK: Fix handling of relative symlinks (targets starting with
'.' or '..')
Updated/fixed packages: bind, dhcpcd, docker-compose,
docker-containerd, docker-engine, dovecot, dovecot-pigeonhole,
dtc, efivar, ghostscript, gnuradio, imagemagick, jpeg-turbo,
libarchive, libb64, libcurl, libgeotiff, libgpiod, libid3tag,
libupnp18, log4cplus, madplay, meson, mosquitto, openssh, php,
poco, postgresql, proftpd, pulseaudio, python, python-django,
python3, qt5base, reaver, runc, sg3_utils, sqlcipher,
swupdate, systemd, unzip, webkitgtk, xenomai
2018.11.2, Released January 30th, 2019
Important / security related fixes.
+1 -1
View File
@@ -851,7 +851,7 @@ F: package/qt5/qt5webengine/
F: package/qt5/qt5webkit/
F: package/qt5/qt5webkit-examples/
N: Gary Bisson <gary.bisson@boundarydevices.com>
N: Gary Bisson <bisson.gary@gmail.com>
F: board/boundarydevices/
F: configs/nitrogen*
F: package/freescale-imx/
+6 -4
View File
@@ -92,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2018.11.2
export BR2_VERSION := 2018.11.4
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1545257000
BR2_VERSION_EPOCH = 1553810000
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
@@ -422,6 +422,8 @@ unexport TERMINFO
unexport MACHINE
unexport O
unexport GCC_COLORS
unexport PLATFORM
unexport OS
GNU_HOST_NAME := $(shell support/gnuconfig/config.guess)
@@ -602,8 +604,8 @@ sdk: prepare-sdk $(BR2_TAR_HOST_DEPENDENCY)
$(Q)mkdir -p $(BINARIES_DIR)
$(TAR) czf "$(BINARIES_DIR)/$(BR2_SDK_PREFIX).tar.gz" \
--owner=0 --group=0 --numeric-owner \
--transform='s#^\.#$(BR2_SDK_PREFIX)#' \
-C $(HOST_DIR) "."
--transform='s#^$(patsubst /%,%,$(HOST_DIR))#$(BR2_SDK_PREFIX)#' \
-C / $(patsubst /%,%,$(HOST_DIR))
# Populating the staging with the base directories is handled by the skeleton package
$(STAGING_DIR):
+1 -1
View File
@@ -11,5 +11,5 @@ else
cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"
# Copy grub 1st stage to binaries, required for genimage
cp -f "$HOST_DIR/lib/grub/i387-pc/boot.img" "$BINARIES_DIR"
cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR"
fi
+2 -2
View File
@@ -33,7 +33,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
bool "Latest version (4.18)"
config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
bool "Latest CIP SLTS version (v4.4.154-cip28)"
bool "Latest CIP SLTS version (v4.4.171-cip30)"
help
CIP launched in the spring of 2016 to address the needs of
organizations in industries such as power generation and
@@ -121,7 +121,7 @@ endif
config BR2_LINUX_KERNEL_VERSION
string
default "4.18.20" if BR2_LINUX_KERNEL_LATEST_VERSION
default "v4.4.154-cip28" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default "v4.4.171-cip30" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
if BR2_LINUX_KERNEL_CUSTOM_VERSION
default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL
+3 -3
View File
@@ -1,9 +1,9 @@
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
sha256 68ac319e0fb7edd6b6051541d9cf112cd4f77a29e16a69ae1e133ff51117f653 linux-4.18.20.tar.xz
sha256 41026d713ba4f7a5e9d514b876ce4ed28a1d993c0c58b42b2a2597d6a0e83021 linux-4.16.18.tar.xz
sha256 110daeae1a416b7e0ec8dce5e86d67552deeb4567f696c3869389be239f0ecb5 linux-4.14.96.tar.xz
sha256 9066929ec2550794ae107350a5f3c5b648438aa915cfc62bac5b7a54b9d7731a linux-4.9.153.tar.xz
sha256 fb4d16b3c1e508dfa0344e406caeb25286d1c258421d8891b5580323e4e639fb linux-4.4.172.tar.xz
sha256 7aa43e34e4c9e5965da29cef5ae196e06006f8c0d1d65fd755a2f197f0796a11 linux-4.14.103.tar.xz
sha256 c09af067af62d299f5e33c279968de58c88fb7c59bd05e8f3bb460f611f60515 linux-4.9.160.tar.xz
sha256 27da5401aa691762f3361c143f453877f499c02ea6c9c743b09538cb1af1c75d linux-4.4.176.tar.xz
sha256 6ad9389e55e0ea57768eae173747058a4487fa3630e10a7999cfec9f945e559c linux-4.1.52.tar.xz
# From https://www.kernel.org/pub/linux/kernel/v3.x/sha256sums.asc
sha256 ad96d797571496c969aa71bf5d08e9d2a8c84458090d29a120f1b2981185a99e linux-3.2.102.tar.xz
+4 -1
View File
@@ -30,7 +30,7 @@ else ifeq ($(BR2_LINUX_KERNEL_CUSTOM_SVN),y)
LINUX_SITE = $(call qstrip,$(BR2_LINUX_KERNEL_CUSTOM_REPO_URL))
LINUX_SITE_METHOD = svn
else ifeq ($(BR2_LINUX_KERNEL_LATEST_CIP_VERSION),y)
LINUX_SITE = git://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-cip.git
LINUX_SITE = git://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip.git
else ifneq ($(findstring -rc,$(LINUX_VERSION)),)
# Since 4.12-rc1, -rc kernels are generated from cgit. This also works for
# older -rc kernels.
@@ -55,6 +55,9 @@ endif
LINUX_PATCHES = $(call qstrip,$(BR2_LINUX_KERNEL_PATCH))
# We have no way to know the hashes for user-supplied patches.
BR_NO_CHECK_HASH_FOR += $(notdir $(LINUX_PATCHES))
# We rely on the generic package infrastructure to download and apply
# remote patches (downloaded from ftp, http or https). For local
# patches, we can't rely on that infrastructure, because there might
@@ -0,0 +1,48 @@
From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
From: Trent Lloyd <trent@lloyd.id.au>
Date: Sat, 22 Dec 2018 09:06:07 +0800
Subject: [PATCH] Drop legacy unicast queries from address not on local link
When handling legacy unicast queries, ensure that the source IP is
inside a subnet on the local link, otherwise drop the packet.
Fixes #145
Fixes #203
CVE-2017-6519
CVE-2018-100084
Backported from: e111def44a7df4624a4aa3f85fe98054bffb6b4f
Signed-off-by: Artem Panfilov <panfilov.artyom@gmail.com>
---
avahi-core/server.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/avahi-core/server.c b/avahi-core/server.c
index a2cb19a8..a2580e38 100644
--- a/avahi-core/server.c
+++ b/avahi-core/server.c
@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
if (avahi_dns_packet_is_query(p)) {
int legacy_unicast = 0;
+ char t[AVAHI_ADDRESS_STR_MAX];
/* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
* AR section completely here, so far. Until the day we add
@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
legacy_unicast = 1;
}
+ if (!is_mdns_mcast_address(dst_address) &&
+ !avahi_interface_address_on_link(i, src_address)) {
+
+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
+ return;
+ }
+
if (legacy_unicast)
reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
--
2.19.1
@@ -0,0 +1,27 @@
configure.ac: don't check for C++ compiler
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff -durN beecrypt-4.2.1-orig/configure.ac beecrypt-4.2.1/configure.ac
--- beecrypt-4.2.1-orig/configure.ac 2019-03-01 19:58:16.516117640 +0100
+++ beecrypt-4.2.1/configure.ac 2019-03-01 21:10:17.707391803 +0100
@@ -119,9 +119,6 @@
# Checks for C compiler and preprocessor
AC_PROG_CC
-AC_PROG_CPP
-AC_PROG_CXX
-AC_PROG_CXXCPP
AM_PROG_AS
AC_PROG_LD
AC_PROG_LN_S
@@ -133,9 +130,6 @@
AC_LANG_PUSH(C)
AC_OPENMP
AC_LANG_POP(C)
-AC_LANG_PUSH(C++)
-AC_OPENMP
-AC_LANG_POP(C++)
# Checks for compiler characteristics and flags
if test "$ac_enable_expert_mode" = no; then
+3 -3
View File
@@ -1,4 +1,4 @@
# Verified from https://ftp.isc.org/isc/bind9/9.11.5/bind-9.11.5.tar.gz.asc
# Verified from https://ftp.isc.org/isc/bind9/9.11.5-P4/bind-9.11.5-P4.tar.gz.asc
# with key BE0E9748B718253A28BB89FFF1B11BF05CF02E57
sha256 a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322 bind-9.11.5.tar.gz
sha256 336f3c40e37a1a13690efb4c63e20908faa4c40498cc02f3579fb67d3a1933a5 COPYRIGHT
sha256 7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434 bind-9.11.5-P4.tar.gz
sha256 cd02c93b8dcda794f55dfd1231828d69633072a98eee4874f9cf732d22d9dcde COPYRIGHT
+2 -2
View File
@@ -4,8 +4,8 @@
#
################################################################################
BIND_VERSION = 9.11.5
BIND_SITE = http://ftp.isc.org/isc/bind9/$(BIND_VERSION)
BIND_VERSION = 9.11.5-P4
BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
# bind does not support parallel builds.
BIND_MAKE = $(MAKE1)
BIND_INSTALL_STAGING = YES
@@ -0,0 +1,568 @@
From 6737a6b34f4823deb7142f27b4074831a37ac1e1 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 20 Jul 2018 09:18:47 -0700
Subject: [PATCH] x86: Add a GNU_PROPERTY_X86_ISA_1_USED note if needed
When -z separate-code, which is enabled by default for Linux/x86, is
used to create executable, ld won't place any data in the code-only
PT_LOAD segment. If there are no data sections placed before the
code-only PT_LOAD segment, the program headers won't be mapped into
any PT_LOAD segment. When the executable tries to access it (based
on the program header address passed in AT_PHDR), it will lead to
segfault. This patch inserts a GNU_PROPERTY_X86_ISA_1_USED note if
there may be no data sections before the text section so that the
first PT_LOAD segment won't be code-only and will contain the program
header.
Testcases are adjusted to either pass "-z noseparate-code" to ld or
discard the .note.gnu.property section. A Linux/x86 run-time test is
added.
bfd/
PR ld/23428
* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): If the
separate code program header is needed, make sure that the first
read-only PT_LOAD segment has no code by adding a
GNU_PROPERTY_X86_ISA_1_USED note.
ld/
PR ld/23428
* testsuite/ld-elf/linux-x86.S: New file.
* testsuite/ld-elf/linux-x86.exp: Likewise.
* testsuite/ld-elf/pr23428.c: Likewise.
* testsuite/ld-elf/sec64k.exp: Pass "-z noseparate-code" to ld
for Linux/x86 targets.
* testsuite/ld-i386/abs-iamcu.d: Likewise.
* testsuite/ld-i386/abs.d: Likewise.
* testsuite/ld-i386/pr12718.d: Likewise.
* testsuite/ld-i386/pr12921.d: Likewise.
* testsuite/ld-x86-64/abs-k1om.d: Likewise.
* testsuite/ld-x86-64/abs-l1om.d: Likewise.
* testsuite/ld-x86-64/abs.d: Likewise.
* testsuite/ld-x86-64/pr12718.d: Likewise.
* testsuite/ld-x86-64/pr12921.d: Likewise.
* testsuite/ld-linkonce/zeroeh.ld: Discard .note.gnu.property
section.
* testsuite/ld-scripts/print-memory-usage.t: Likewise.
* testsuite/ld-scripts/size-2.t: Likewise.
* testsuite/lib/ld-lib.exp (run_ld_link_exec_tests): Use ld
to create executable if language is "asm".
(cherry picked from commit 241e64e3b42cd9eba514b8e0ad2ef39a337f10a5)
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
bfd/ChangeLog | 8 ++++
bfd/elfxx-x86.c | 60 +++++++++++++++++++-------
ld/ChangeLog | 24 +++++++++++
ld/testsuite/ld-elf/linux-x86.S | 63 ++++++++++++++++++++++++++++
ld/testsuite/ld-elf/linux-x86.exp | 46 ++++++++++++++++++++
ld/testsuite/ld-elf/pr23428.c | 43 +++++++++++++++++++
ld/testsuite/ld-elf/sec64k.exp | 2 +
ld/testsuite/ld-i386/abs-iamcu.d | 2 +-
ld/testsuite/ld-i386/abs.d | 2 +-
ld/testsuite/ld-i386/pr12718.d | 2 +-
ld/testsuite/ld-i386/pr12921.d | 2 +-
ld/testsuite/ld-linkonce/zeroeh.ld | 1 +
ld/testsuite/ld-scripts/print-memory-usage.t | 2 +
ld/testsuite/ld-scripts/size-2.t | 1 +
ld/testsuite/ld-x86-64/abs-k1om.d | 2 +-
ld/testsuite/ld-x86-64/abs-l1om.d | 2 +-
ld/testsuite/ld-x86-64/abs.d | 2 +-
ld/testsuite/ld-x86-64/pr12718.d | 2 +-
ld/testsuite/ld-x86-64/pr12921.d | 2 +-
ld/testsuite/lib/ld-lib.exp | 5 ++-
20 files changed, 248 insertions(+), 25 deletions(-)
create mode 100644 ld/testsuite/ld-elf/linux-x86.S
create mode 100644 ld/testsuite/ld-elf/linux-x86.exp
create mode 100644 ld/testsuite/ld-elf/pr23428.c
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 1c1174a..d3831b7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-23 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR ld/23428
+ * elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): If the
+ separate code program header is needed, make sure that the first
+ read-only PT_LOAD segment has no code by adding a
+ GNU_PROPERTY_X86_ISA_1_USED note.
+
2018-07-18 Nick Clifton <nickc@redhat.com>
* development.sh: Set to true.
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index a2497aa..2e4ff88 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -2524,6 +2524,7 @@ _bfd_x86_elf_link_setup_gnu_properties
const struct elf_backend_data *bed;
unsigned int class_align = ABI_64_P (info->output_bfd) ? 3 : 2;
unsigned int got_align;
+ bfd_boolean has_text = FALSE;
features = 0;
if (info->ibt)
@@ -2538,24 +2539,59 @@ _bfd_x86_elf_link_setup_gnu_properties
if (bfd_get_flavour (pbfd) == bfd_target_elf_flavour
&& bfd_count_sections (pbfd) != 0)
{
+ if (!has_text)
+ {
+ /* Check if there is no non-empty text section. */
+ sec = bfd_get_section_by_name (pbfd, ".text");
+ if (sec != NULL && sec->size != 0)
+ has_text = TRUE;
+ }
+
ebfd = pbfd;
if (elf_properties (pbfd) != NULL)
break;
}
- if (ebfd != NULL && features)
+ bed = get_elf_backend_data (info->output_bfd);
+
+ htab = elf_x86_hash_table (info, bed->target_id);
+ if (htab == NULL)
+ return pbfd;
+
+ if (ebfd != NULL)
{
- /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and
- GNU_PROPERTY_X86_FEATURE_1_SHSTK. */
- prop = _bfd_elf_get_property (ebfd,
- GNU_PROPERTY_X86_FEATURE_1_AND,
- 4);
- prop->u.number |= features;
- prop->pr_kind = property_number;
+ prop = NULL;
+ if (features)
+ {
+ /* If features is set, add GNU_PROPERTY_X86_FEATURE_1_IBT and
+ GNU_PROPERTY_X86_FEATURE_1_SHSTK. */
+ prop = _bfd_elf_get_property (ebfd,
+ GNU_PROPERTY_X86_FEATURE_1_AND,
+ 4);
+ prop->u.number |= features;
+ prop->pr_kind = property_number;
+ }
+ else if (has_text
+ && elf_properties (ebfd) == NULL
+ && elf_tdata (info->output_bfd)->o->build_id.sec == NULL
+ && !htab->elf.dynamic_sections_created
+ && !info->traditional_format
+ && (info->output_bfd->flags & D_PAGED) != 0
+ && info->separate_code)
+ {
+ /* If the separate code program header is needed, make sure
+ that the first read-only PT_LOAD segment has no code by
+ adding a GNU_PROPERTY_X86_ISA_1_USED note. */
+ prop = _bfd_elf_get_property (ebfd,
+ GNU_PROPERTY_X86_ISA_1_USED,
+ 4);
+ prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
+ prop->pr_kind = property_number;
+ }
/* Create the GNU property note section if needed. */
- if (pbfd == NULL)
+ if (prop != NULL && pbfd == NULL)
{
sec = bfd_make_section_with_flags (ebfd,
NOTE_GNU_PROPERTY_SECTION_NAME,
@@ -2581,12 +2617,6 @@ error_alignment:
pbfd = _bfd_elf_link_setup_gnu_properties (info);
- bed = get_elf_backend_data (info->output_bfd);
-
- htab = elf_x86_hash_table (info, bed->target_id);
- if (htab == NULL)
- return pbfd;
-
htab->r_info = init_table->r_info;
htab->r_sym = init_table->r_sym;
diff --git a/ld/ChangeLog b/ld/ChangeLog
index c07e442..cfadbd4 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,27 @@
+2018-07-23 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR ld/23428
+ * testsuite/ld-elf/linux-x86.S: New file.
+ * testsuite/ld-elf/linux-x86.exp: Likewise.
+ * testsuite/ld-elf/pr23428.c: Likewise.
+ * testsuite/ld-elf/sec64k.exp: Pass "-z noseparate-code" to ld
+ for Linux/x86 targets.
+ * testsuite/ld-i386/abs-iamcu.d: Likewise.
+ * testsuite/ld-i386/abs.d: Likewise.
+ * testsuite/ld-i386/pr12718.d: Likewise.
+ * testsuite/ld-i386/pr12921.d: Likewise.
+ * testsuite/ld-x86-64/abs-k1om.d: Likewise.
+ * testsuite/ld-x86-64/abs-l1om.d: Likewise.
+ * testsuite/ld-x86-64/abs.d: Likewise.
+ * testsuite/ld-x86-64/pr12718.d: Likewise.
+ * testsuite/ld-x86-64/pr12921.d: Likewise.
+ * testsuite/ld-linkonce/zeroeh.ld: Discard .note.gnu.property
+ section.
+ * testsuite/ld-scripts/print-memory-usage.t: Likewise.
+ * testsuite/ld-scripts/size-2.t: Likewise.
+ * testsuite/lib/ld-lib.exp (run_ld_link_exec_tests): Use ld to
+ create executable if language is "asm".
+
2018-07-18 Nick Clifton <nickc@redhat.com>
2.31.1 Release point.
diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S
new file mode 100644
index 0000000..bdf40c6
--- /dev/null
+++ b/ld/testsuite/ld-elf/linux-x86.S
@@ -0,0 +1,63 @@
+ .text
+ .globl _start
+ .type _start,@function
+ .p2align 4
+_start:
+ xorl %ebp, %ebp
+#ifdef __LP64__
+ popq %rdi
+ movq %rsp, %rsi
+ andq $~15, %rsp
+#elif defined __x86_64__
+ mov (%rsp),%edi
+ addl $4,%esp
+ movl %esp, %esi
+ andl $~15, %esp
+#else
+ popl %esi
+ movl %esp, %ecx
+ andl $~15, %esp
+
+ subl $8,%esp
+ pushl %ecx
+ pushl %esi
+#endif
+
+ call main
+
+ hlt
+
+ .type syscall, @function
+ .globl syscall
+ .p2align 4
+syscall:
+#ifdef __x86_64__
+ movq %rdi, %rax /* Syscall number -> rax. */
+ movq %rsi, %rdi /* shift arg1 - arg5. */
+ movq %rdx, %rsi
+ movq %rcx, %rdx
+ movq %r8, %r10
+ movq %r9, %r8
+ movq 8(%rsp),%r9 /* arg6 is on the stack. */
+ syscall /* Do the system call. */
+#else
+ push %ebp
+ push %edi
+ push %esi
+ push %ebx
+ mov 0x2c(%esp),%ebp
+ mov 0x28(%esp),%edi
+ mov 0x24(%esp),%esi
+ mov 0x20(%esp),%edx
+ mov 0x1c(%esp),%ecx
+ mov 0x18(%esp),%ebx
+ mov 0x14(%esp),%eax
+ int $0x80
+ pop %ebx
+ pop %esi
+ pop %edi
+ pop %ebp
+#endif
+ ret /* Return to caller. */
+ .size syscall, .-syscall
+ .section .note.GNU-stack,"",@progbits
diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp
new file mode 100644
index 0000000..36217c6
--- /dev/null
+++ b/ld/testsuite/ld-elf/linux-x86.exp
@@ -0,0 +1,46 @@
+# Expect script for simple native Linux/x86 tests.
+# Copyright (C) 2018 Free Software Foundation, Inc.
+#
+# This file is part of the GNU Binutils.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston,
+# MA 02110-1301, USA.
+#
+
+# Test very simple native Linux/x86 programs with linux-x86.S.
+if { ![isnative] || [which $CC] == 0 \
+ || (![istarget "i?86-*-linux*"] \
+ && ![istarget "x86_64-*-linux*"] \
+ && ![istarget "amd64-*-linux*"]) } {
+ return
+}
+
+# Add $PLT_CFLAGS if PLT is expected.
+global PLT_CFLAGS
+# Add $NOPIE_CFLAGS and $NOPIE_LDFLAGS if non-PIE is required.
+global NOPIE_CFLAGS NOPIE_LDFLAGS
+
+run_ld_link_exec_tests [list \
+ [list \
+ "Run PR ld/23428 test" \
+ "--no-dynamic-linker -z separate-code" \
+ "" \
+ { linux-x86.S pr23428.c } \
+ "pr23428" \
+ "pass.out" \
+ "$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \
+ "asm" \
+ ] \
+]
diff --git a/ld/testsuite/ld-elf/pr23428.c b/ld/testsuite/ld-elf/pr23428.c
new file mode 100644
index 0000000..3631ed7
--- /dev/null
+++ b/ld/testsuite/ld-elf/pr23428.c
@@ -0,0 +1,43 @@
+#include <unistd.h>
+#include <link.h>
+#include <syscall.h>
+
+#define STRING_COMMA_LEN(STR) (STR), (sizeof (STR) - 1)
+
+int
+main (int argc, char **argv)
+{
+ char **ev = &argv[argc + 1];
+ char **evp = ev;
+ ElfW(auxv_t) *av;
+ const ElfW(Phdr) *phdr = NULL;
+ size_t phnum = 0;
+ size_t loadnum = 0;
+ int fd = STDOUT_FILENO;
+ size_t i;
+
+ while (*evp++ != NULL)
+ ;
+
+ av = (ElfW(auxv_t) *) evp;
+
+ for (; av->a_type != AT_NULL; ++av)
+ switch (av->a_type)
+ {
+ case AT_PHDR:
+ phdr = (const void *) av->a_un.a_val;
+ break;
+ case AT_PHNUM:
+ phnum = av->a_un.a_val;
+ break;
+ }
+
+ for (i = 0; i < phnum; i++, phdr++)
+ if (phdr->p_type == PT_LOAD)
+ loadnum++;
+
+ syscall (SYS_write, fd, STRING_COMMA_LEN ("PASS\n"));
+
+ syscall (SYS_exit, !loadnum);
+ return 0;
+}
diff --git a/ld/testsuite/ld-elf/sec64k.exp b/ld/testsuite/ld-elf/sec64k.exp
index b58139e..3909c0e 100644
--- a/ld/testsuite/ld-elf/sec64k.exp
+++ b/ld/testsuite/ld-elf/sec64k.exp
@@ -177,6 +177,8 @@ if { ![istarget "d10v-*-*"]
foreach sfile $sfiles { puts $ofd "#source: $sfile" }
if { [istarget spu*-*-*] } {
puts $ofd "#ld: --local-store 0:0"
+ } elseif { [istarget "i?86-*-linux*"] || [istarget "x86_64-*-linux*"] } {
+ puts $ofd "#ld: -z noseparate-code"
} else {
puts $ofd "#ld:"
}
diff --git a/ld/testsuite/ld-i386/abs-iamcu.d b/ld/testsuite/ld-i386/abs-iamcu.d
index ac9beff..aba7d6b 100644
--- a/ld/testsuite/ld-i386/abs-iamcu.d
+++ b/ld/testsuite/ld-i386/abs-iamcu.d
@@ -2,7 +2,7 @@
#source: abs.s
#source: zero.s
#as: --32 -march=iamcu
-#ld: -m elf_iamcu
+#ld: -m elf_iamcu -z noseparate-code
#objdump: -rs -j .text
.*: file format .*
diff --git a/ld/testsuite/ld-i386/abs.d b/ld/testsuite/ld-i386/abs.d
index e660aca..191ee44 100644
--- a/ld/testsuite/ld-i386/abs.d
+++ b/ld/testsuite/ld-i386/abs.d
@@ -2,7 +2,7 @@
#as: --32
#source: abs.s
#source: zero.s
-#ld: -melf_i386
+#ld: -melf_i386 -z noseparate-code
#objdump: -rs
.*: file format .*
diff --git a/ld/testsuite/ld-i386/pr12718.d b/ld/testsuite/ld-i386/pr12718.d
index ec51540..7eba52d 100644
--- a/ld/testsuite/ld-i386/pr12718.d
+++ b/ld/testsuite/ld-i386/pr12718.d
@@ -1,6 +1,6 @@
#name: PR ld/12718
#as: --32
-#ld: -melf_i386
+#ld: -melf_i386 -z noseparate-code
#readelf: -S
There are 5 section headers, starting at offset 0x[0-9a-f]+:
diff --git a/ld/testsuite/ld-i386/pr12921.d b/ld/testsuite/ld-i386/pr12921.d
index e49079b..ea2da3e 100644
--- a/ld/testsuite/ld-i386/pr12921.d
+++ b/ld/testsuite/ld-i386/pr12921.d
@@ -1,6 +1,6 @@
#name: PR ld/12921
#as: --32
-#ld: -melf_i386
+#ld: -melf_i386 -z noseparate-code
#readelf: -S --wide
There are 7 section headers, starting at offset 0x[0-9a-f]+:
diff --git a/ld/testsuite/ld-linkonce/zeroeh.ld b/ld/testsuite/ld-linkonce/zeroeh.ld
index b22eaa1..f89855a 100644
--- a/ld/testsuite/ld-linkonce/zeroeh.ld
+++ b/ld/testsuite/ld-linkonce/zeroeh.ld
@@ -2,4 +2,5 @@ SECTIONS {
.text 0xa00 : { *(.text); *(.gnu.linkonce.t.*) }
.gcc_except_table 0x2000 : { *(.gcc_except_table) }
.eh_frame 0x4000 : { *(.eh_frame) }
+ /DISCARD/ : { *(.note.gnu.property) }
}
diff --git a/ld/testsuite/ld-scripts/print-memory-usage.t b/ld/testsuite/ld-scripts/print-memory-usage.t
index 5ff057a..6eda1d2 100644
--- a/ld/testsuite/ld-scripts/print-memory-usage.t
+++ b/ld/testsuite/ld-scripts/print-memory-usage.t
@@ -11,4 +11,6 @@ SECTIONS
*(.data)
*(.rw)
}
+
+ /DISCARD/ : { *(.note.gnu.property) }
}
diff --git a/ld/testsuite/ld-scripts/size-2.t b/ld/testsuite/ld-scripts/size-2.t
index 7238639..c3c4edd 100644
--- a/ld/testsuite/ld-scripts/size-2.t
+++ b/ld/testsuite/ld-scripts/size-2.t
@@ -18,4 +18,5 @@ SECTIONS
LONG (SIZEOF (.tdata))
LONG (SIZEOF (.tbss))
} :image
+ /DISCARD/ : { *(.note.gnu.property) }
}
diff --git a/ld/testsuite/ld-x86-64/abs-k1om.d b/ld/testsuite/ld-x86-64/abs-k1om.d
index 2c26639..6b0fde0 100644
--- a/ld/testsuite/ld-x86-64/abs-k1om.d
+++ b/ld/testsuite/ld-x86-64/abs-k1om.d
@@ -2,7 +2,7 @@
#source: ../ld-i386/abs.s
#source: ../ld-i386/zero.s
#as: --64 -march=k1om
-#ld: -m elf_k1om
+#ld: -m elf_k1om -z noseparate-code
#objdump: -rs -j .text
.*: file format .*
diff --git a/ld/testsuite/ld-x86-64/abs-l1om.d b/ld/testsuite/ld-x86-64/abs-l1om.d
index 1fb96d4..f87869f 100644
--- a/ld/testsuite/ld-x86-64/abs-l1om.d
+++ b/ld/testsuite/ld-x86-64/abs-l1om.d
@@ -2,7 +2,7 @@
#source: ../ld-i386/abs.s
#source: ../ld-i386/zero.s
#as: --64 -march=l1om
-#ld: -m elf_l1om
+#ld: -m elf_l1om -z noseparate-code
#objdump: -rs -j .text
#target: x86_64-*-linux*
diff --git a/ld/testsuite/ld-x86-64/abs.d b/ld/testsuite/ld-x86-64/abs.d
index b24b018..d99ab46 100644
--- a/ld/testsuite/ld-x86-64/abs.d
+++ b/ld/testsuite/ld-x86-64/abs.d
@@ -1,7 +1,7 @@
#name: Absolute non-overflowing relocs
#source: ../ld-i386/abs.s
#source: ../ld-i386/zero.s
-#ld:
+#ld: -z noseparate-code
#objdump: -rs
.*: file format .*
diff --git a/ld/testsuite/ld-x86-64/pr12718.d b/ld/testsuite/ld-x86-64/pr12718.d
index 07d1732..2c503ff 100644
--- a/ld/testsuite/ld-x86-64/pr12718.d
+++ b/ld/testsuite/ld-x86-64/pr12718.d
@@ -1,6 +1,6 @@
#name: PR ld/12718
#as: --64
-#ld: -melf_x86_64
+#ld: -melf_x86_64 -z noseparate-code
#readelf: -S --wide
There are 5 section headers, starting at offset 0x[0-9a-f]+:
diff --git a/ld/testsuite/ld-x86-64/pr12921.d b/ld/testsuite/ld-x86-64/pr12921.d
index 6fe6abe..1162d55 100644
--- a/ld/testsuite/ld-x86-64/pr12921.d
+++ b/ld/testsuite/ld-x86-64/pr12921.d
@@ -1,6 +1,6 @@
#name: PR ld/12921
#as: --64
-#ld: -melf_x86_64
+#ld: -melf_x86_64 -z noseparate-code
#readelf: -S --wide
There are 7 section headers, starting at offset 0x[0-9a-f]+:
diff --git a/ld/testsuite/lib/ld-lib.exp b/ld/testsuite/lib/ld-lib.exp
index cfbefe9..1095091 100644
--- a/ld/testsuite/lib/ld-lib.exp
+++ b/ld/testsuite/lib/ld-lib.exp
@@ -1482,7 +1482,10 @@ proc run_ld_link_exec_tests { ldtests args } {
continue
}
- if { [ string match "c++" $lang ] } {
+ if { [ string match "asm" $lang ] } {
+ set link_proc ld_link
+ set link_cmd $ld
+ } elseif { [ string match "c++" $lang ] } {
set link_proc ld_link
set link_cmd $CXX
} else {
--
2.9.3
@@ -0,0 +1,588 @@
From d55c3e36094f06bb1fb02f5eac19fdccf1d91f7e Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 8 Aug 2018 06:09:15 -0700
Subject: [PATCH] x86: Properly merge GNU_PROPERTY_X86_ISA_1_USED
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Without the GNU_PROPERTY_X86_ISA_1_USED property, all ISAs may be used.
If a bit in the GNU_PROPERTY_X86_ISA_1_USED property is unset, the
corresponding x86 instruction set isn’t used. When merging properties
from 2 input files and one input file doesn't have the
GNU_PROPERTY_X86_ISA_1_USED property, the output file shouldn't have
it neither. This patch removes the GNU_PROPERTY_X86_ISA_1_USED
property if an input file doesn't have it.
This patch replaces the GNU_PROPERTY_X86_ISA_1_USED property with the
GNU_PROPERTY_X86_ISA_1_NEEDED property which is the minimum ISA
requirement.
bfd/
PR ld/23486
* elfxx-x86.c (_bfd_x86_elf_merge_gnu_properties): Remove
GNU_PROPERTY_X86_ISA_1_USED if an input file doesn't have it.
(_bfd_x86_elf_link_setup_gnu_properties): Adding the
GNU_PROPERTY_X86_ISA_1_NEEDED, instead of
GNU_PROPERTY_X86_ISA_1_USED, property.
ld/
PR ld/23486
* testsuite/ld-i386/i386.exp: Run PR ld/23486 tests.
* testsuite/ld-x86-64/x86-64.exp: Likewise.
* testsuite/ld-i386/pr23486a.d: New file.
* testsuite/ld-i386/pr23486b.d: Likewise.
* testsuite/ld-x86-64/pr23486a-x32.d: Likewise.
* testsuite/ld-x86-64/pr23486a.d: Likewise.
* testsuite/ld-x86-64/pr23486a.s: Likewise.
* testsuite/ld-x86-64/pr23486b-x32.d: Likewise.
* testsuite/ld-x86-64/pr23486b.d: Likewise.
* testsuite/ld-x86-64/pr23486b.s: Likewise.
* testsuite/ld-i386/property-3.r: Remove "x86 ISA used".
* testsuite/ld-i386/property-4.r: Likewise.
* testsuite/ld-i386/property-5.r: Likewise.
* testsuite/ld-i386/property-x86-ibt3a.d: Likewise.
* testsuite/ld-i386/property-x86-ibt3b.d: Likewise.
* testsuite/ld-i386/property-x86-shstk3a.d: Likewise.
* testsuite/ld-i386/property-x86-shstk3b.d: Likewise.
* testsuite/ld-x86-64/property-3.r: Likewise.
* testsuite/ld-x86-64/property-4.r: Likewise.
* testsuite/ld-x86-64/property-5.r: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3a-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3a.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3b-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-ibt3b.d: Likewise.
* testsuite/ld-x86-64/property-x86-shstk3a-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-shstk3a.d: Likewise.
* testsuite/ld-x86-64/property-x86-shstk3b-x32.d: Likewise.
* testsuite/ld-x86-64/property-x86-shstk3b.d: Likewise.
(cherry picked from commit f7309df20c4e787041cedc4a6aced89c15259e54)
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
bfd/ChangeLog | 9 +++++++
bfd/elfxx-x86.c | 25 ++++++++++++++----
ld/ChangeLog | 32 +++++++++++++++++++++++
ld/testsuite/ld-i386/i386.exp | 2 ++
ld/testsuite/ld-i386/pr23486a.d | 10 +++++++
ld/testsuite/ld-i386/pr23486b.d | 10 +++++++
ld/testsuite/ld-i386/property-3.r | 1 -
ld/testsuite/ld-i386/property-4.r | 1 -
ld/testsuite/ld-i386/property-5.r | 1 -
ld/testsuite/ld-i386/property-x86-ibt3a.d | 5 ++--
ld/testsuite/ld-i386/property-x86-ibt3b.d | 5 ++--
ld/testsuite/ld-i386/property-x86-shstk3a.d | 5 ++--
ld/testsuite/ld-i386/property-x86-shstk3b.d | 5 ++--
ld/testsuite/ld-x86-64/pr23486a-x32.d | 10 +++++++
ld/testsuite/ld-x86-64/pr23486a.d | 10 +++++++
ld/testsuite/ld-x86-64/pr23486a.s | 30 +++++++++++++++++++++
ld/testsuite/ld-x86-64/pr23486b-x32.d | 10 +++++++
ld/testsuite/ld-x86-64/pr23486b.d | 10 +++++++
ld/testsuite/ld-x86-64/pr23486b.s | 30 +++++++++++++++++++++
ld/testsuite/ld-x86-64/property-3.r | 1 -
ld/testsuite/ld-x86-64/property-4.r | 1 -
ld/testsuite/ld-x86-64/property-5.r | 1 -
ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-ibt3a.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-ibt3b.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-shstk3a.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d | 5 ++--
ld/testsuite/ld-x86-64/property-x86-shstk3b.d | 5 ++--
ld/testsuite/ld-x86-64/x86-64.exp | 4 +++
31 files changed, 211 insertions(+), 47 deletions(-)
create mode 100644 ld/testsuite/ld-i386/pr23486a.d
create mode 100644 ld/testsuite/ld-i386/pr23486b.d
create mode 100644 ld/testsuite/ld-x86-64/pr23486a-x32.d
create mode 100644 ld/testsuite/ld-x86-64/pr23486a.d
create mode 100644 ld/testsuite/ld-x86-64/pr23486a.s
create mode 100644 ld/testsuite/ld-x86-64/pr23486b-x32.d
create mode 100644 ld/testsuite/ld-x86-64/pr23486b.d
create mode 100644 ld/testsuite/ld-x86-64/pr23486b.s
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 2e4ff88..7ccfd25 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -2407,12 +2407,27 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info,
switch (pr_type)
{
case GNU_PROPERTY_X86_ISA_1_USED:
+ if (aprop == NULL || bprop == NULL)
+ {
+ /* Only one of APROP and BPROP can be NULL. */
+ if (aprop != NULL)
+ {
+ /* Remove this property since the other input file doesn't
+ have it. */
+ aprop->pr_kind = property_remove;
+ updated = TRUE;
+ }
+ break;
+ }
+ goto or_property;
+
case GNU_PROPERTY_X86_ISA_1_NEEDED:
if (aprop != NULL && bprop != NULL)
{
+or_property:
number = aprop->u.number;
aprop->u.number = number | bprop->u.number;
- /* Remove the property if ISA bits are empty. */
+ /* Remove the property if all bits are empty. */
if (aprop->u.number == 0)
{
aprop->pr_kind = property_remove;
@@ -2428,14 +2443,14 @@ _bfd_x86_elf_merge_gnu_properties (struct bfd_link_info *info,
{
if (aprop->u.number == 0)
{
- /* Remove APROP if ISA bits are empty. */
+ /* Remove APROP if all bits are empty. */
aprop->pr_kind = property_remove;
updated = TRUE;
}
}
else
{
- /* Return TRUE if APROP is NULL and ISA bits of BPROP
+ /* Return TRUE if APROP is NULL and all bits of BPROP
aren't empty to indicate that BPROP should be added
to ABFD. */
updated = bprop->u.number != 0;
@@ -2582,9 +2597,9 @@ _bfd_x86_elf_link_setup_gnu_properties
{
/* If the separate code program header is needed, make sure
that the first read-only PT_LOAD segment has no code by
- adding a GNU_PROPERTY_X86_ISA_1_USED note. */
+ adding a GNU_PROPERTY_X86_ISA_1_NEEDED note. */
prop = _bfd_elf_get_property (ebfd,
- GNU_PROPERTY_X86_ISA_1_USED,
+ GNU_PROPERTY_X86_ISA_1_NEEDED,
4);
prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
prop->pr_kind = property_number;
diff --git a/ld/testsuite/ld-i386/i386.exp b/ld/testsuite/ld-i386/i386.exp
index 6d794fe..78dad02 100644
--- a/ld/testsuite/ld-i386/i386.exp
+++ b/ld/testsuite/ld-i386/i386.exp
@@ -462,6 +462,8 @@ run_dump_test "pr23189"
run_dump_test "pr23194"
run_dump_test "pr23372a"
run_dump_test "pr23372b"
+run_dump_test "pr23486a"
+run_dump_test "pr23486b"
if { !([istarget "i?86-*-linux*"]
|| [istarget "i?86-*-gnu*"]
diff --git a/ld/testsuite/ld-i386/pr23486a.d b/ld/testsuite/ld-i386/pr23486a.d
new file mode 100644
index 0000000..41a6dcf
--- /dev/null
+++ b/ld/testsuite/ld-i386/pr23486a.d
@@ -0,0 +1,10 @@
+#source: ../ld-x86-64/pr23486a.s
+#source: ../ld-x86-64/pr23486b.s
+#as: --32
+#ld: -r -m elf_i386
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-i386/pr23486b.d b/ld/testsuite/ld-i386/pr23486b.d
new file mode 100644
index 0000000..08019b7
--- /dev/null
+++ b/ld/testsuite/ld-i386/pr23486b.d
@@ -0,0 +1,10 @@
+#source: ../ld-x86-64/pr23486b.s
+#source: ../ld-x86-64/pr23486a.s
+#as: --32
+#ld: -r -m elf_i386
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-i386/property-3.r b/ld/testsuite/ld-i386/property-3.r
index 0ed91f5..d03203c 100644
--- a/ld/testsuite/ld-i386/property-3.r
+++ b/ld/testsuite/ld-i386/property-3.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x800000
- x86 ISA used: 586, SSE
x86 ISA needed: i486, 586
#pass
diff --git a/ld/testsuite/ld-i386/property-4.r b/ld/testsuite/ld-i386/property-4.r
index cb2bc15..da295eb 100644
--- a/ld/testsuite/ld-i386/property-4.r
+++ b/ld/testsuite/ld-i386/property-4.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x800000
- x86 ISA used: i486, 586, SSE
x86 ISA needed: i486, 586, SSE
#pass
diff --git a/ld/testsuite/ld-i386/property-5.r b/ld/testsuite/ld-i386/property-5.r
index 5529650..e414159 100644
--- a/ld/testsuite/ld-i386/property-5.r
+++ b/ld/testsuite/ld-i386/property-5.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x900000
- x86 ISA used: i486, 586, SSE
x86 ISA needed: i486, 586, SSE
#pass
diff --git a/ld/testsuite/ld-i386/property-x86-ibt3a.d b/ld/testsuite/ld-i386/property-x86-ibt3a.d
index 4bb35b0..0aedea1 100644
--- a/ld/testsuite/ld-i386/property-x86-ibt3a.d
+++ b/ld/testsuite/ld-i386/property-x86-ibt3a.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: i486, 586, SSE2, SSE3
- x86 ISA needed: 586, SSE, SSE3, SSE4_1
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
diff --git a/ld/testsuite/ld-i386/property-x86-ibt3b.d b/ld/testsuite/ld-i386/property-x86-ibt3b.d
index 418d58a..bd69ac6 100644
--- a/ld/testsuite/ld-i386/property-x86-ibt3b.d
+++ b/ld/testsuite/ld-i386/property-x86-ibt3b.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: i486, 586, SSE2, SSE3
- x86 ISA needed: 586, SSE, SSE3, SSE4_1
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
diff --git a/ld/testsuite/ld-i386/property-x86-shstk3a.d b/ld/testsuite/ld-i386/property-x86-shstk3a.d
index e261038..76d2a39 100644
--- a/ld/testsuite/ld-i386/property-x86-shstk3a.d
+++ b/ld/testsuite/ld-i386/property-x86-shstk3a.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: i486, 586, SSE2, SSE3
- x86 ISA needed: 586, SSE, SSE3, SSE4_1
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
diff --git a/ld/testsuite/ld-i386/property-x86-shstk3b.d b/ld/testsuite/ld-i386/property-x86-shstk3b.d
index 25f3d23..e770ecf 100644
--- a/ld/testsuite/ld-i386/property-x86-shstk3b.d
+++ b/ld/testsuite/ld-i386/property-x86-shstk3b.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: i486, 586, SSE2, SSE3
- x86 ISA needed: 586, SSE, SSE3, SSE4_1
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: 586, SSE, SSE3, SSE4_1
diff --git a/ld/testsuite/ld-x86-64/pr23486a-x32.d b/ld/testsuite/ld-x86-64/pr23486a-x32.d
new file mode 100644
index 0000000..6d9fa68
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486a-x32.d
@@ -0,0 +1,10 @@
+#source: pr23486a.s
+#source: pr23486b.s
+#as: --x32
+#ld: -r -m elf32_x86_64
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-x86-64/pr23486a.d b/ld/testsuite/ld-x86-64/pr23486a.d
new file mode 100644
index 0000000..dc2b7bf
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486a.d
@@ -0,0 +1,10 @@
+#source: pr23486a.s
+#source: pr23486b.s
+#as: --64 -defsym __64_bit__=1
+#ld: -r -m elf_x86_64
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-x86-64/pr23486a.s b/ld/testsuite/ld-x86-64/pr23486a.s
new file mode 100644
index 0000000..a07d0c7
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486a.s
@@ -0,0 +1,30 @@
+ .section ".note.gnu.property", "a"
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ /* NT_GNU_PROPERTY_TYPE_0 */
+ .long 5 /* note type. */
+0:
+ .asciz "GNU" /* vendor name. */
+1:
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+ /* GNU_PROPERTY_X86_ISA_1_USED */
+ .long 0xc0000000 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0xa
+3:
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+4:
diff --git a/ld/testsuite/ld-x86-64/pr23486b-x32.d b/ld/testsuite/ld-x86-64/pr23486b-x32.d
new file mode 100644
index 0000000..0445e69
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486b-x32.d
@@ -0,0 +1,10 @@
+#source: pr23486b.s
+#source: pr23486a.s
+#as: --x32
+#ld: -r -m elf32_x86_64
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-x86-64/pr23486b.d b/ld/testsuite/ld-x86-64/pr23486b.d
new file mode 100644
index 0000000..dc2b7bf
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486b.d
@@ -0,0 +1,10 @@
+#source: pr23486a.s
+#source: pr23486b.s
+#as: --64 -defsym __64_bit__=1
+#ld: -r -m elf_x86_64
+#readelf: -n
+
+Displaying notes found in: .note.gnu.property
+ Owner Data size Description
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586
diff --git a/ld/testsuite/ld-x86-64/pr23486b.s b/ld/testsuite/ld-x86-64/pr23486b.s
new file mode 100644
index 0000000..c5167ee
--- /dev/null
+++ b/ld/testsuite/ld-x86-64/pr23486b.s
@@ -0,0 +1,30 @@
+ .section ".note.gnu.property", "a"
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ /* NT_GNU_PROPERTY_TYPE_0 */
+ .long 5 /* note type. */
+0:
+ .asciz "GNU" /* vendor name. */
+1:
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+ /* GNU_PROPERTY_X86_ISA_1_NEEDED */
+ .long 0xc0000001 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0x3
+3:
+.ifdef __64_bit__
+ .p2align 3
+.else
+ .p2align 2
+.endif
+4:
diff --git a/ld/testsuite/ld-x86-64/property-3.r b/ld/testsuite/ld-x86-64/property-3.r
index 0ed91f5..d03203c 100644
--- a/ld/testsuite/ld-x86-64/property-3.r
+++ b/ld/testsuite/ld-x86-64/property-3.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x800000
- x86 ISA used: 586, SSE
x86 ISA needed: i486, 586
#pass
diff --git a/ld/testsuite/ld-x86-64/property-4.r b/ld/testsuite/ld-x86-64/property-4.r
index cb2bc15..da295eb 100644
--- a/ld/testsuite/ld-x86-64/property-4.r
+++ b/ld/testsuite/ld-x86-64/property-4.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x800000
- x86 ISA used: i486, 586, SSE
x86 ISA needed: i486, 586, SSE
#pass
diff --git a/ld/testsuite/ld-x86-64/property-5.r b/ld/testsuite/ld-x86-64/property-5.r
index 5529650..e414159 100644
--- a/ld/testsuite/ld-x86-64/property-5.r
+++ b/ld/testsuite/ld-x86-64/property-5.r
@@ -3,6 +3,5 @@ Displaying notes found in: .note.gnu.property
Owner Data size Description
GNU 0x[0-9a-f]+ NT_GNU_PROPERTY_TYPE_0
Properties: stack size: 0x900000
- x86 ISA used: i486, 586, SSE
x86 ISA needed: i486, 586, SSE
#pass
diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
index 011426f..4cec728 100644
--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
+++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a-x32.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
index 1b4229a..a8df49a 100644
--- a/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
+++ b/ld/testsuite/ld-x86-64/property-x86-ibt3a.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
index 290ed6a..c112626 100644
--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
+++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b-x32.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
index 1142e03..f10dffd 100644
--- a/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
+++ b/ld/testsuite/ld-x86-64/property-x86-ibt3b.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
index 819542d..0147a3c 100644
--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
+++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a-x32.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
index 4c5d0e0..1f8c2dc 100644
--- a/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
+++ b/ld/testsuite/ld-x86-64/property-x86-shstk3a.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
index ba181e0..7ca2539 100644
--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
+++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b-x32.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000018 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x0000000c NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
index 5216f38..f66a40e 100644
--- a/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
+++ b/ld/testsuite/ld-x86-64/property-x86-shstk3b.d
@@ -6,6 +6,5 @@
Displaying notes found in: .note.gnu.property
Owner Data size Description
- GNU 0x00000020 NT_GNU_PROPERTY_TYPE_0
- Properties: x86 ISA used: 586, SSE, SSE3, SSE4_1
- x86 ISA needed: i486, 586, SSE2, SSE3
+ GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0
+ Properties: x86 ISA needed: i486, 586, SSE2, SSE3
diff --git a/ld/testsuite/ld-x86-64/x86-64.exp b/ld/testsuite/ld-x86-64/x86-64.exp
index 6edb9e8..ae21e55 100644
--- a/ld/testsuite/ld-x86-64/x86-64.exp
+++ b/ld/testsuite/ld-x86-64/x86-64.exp
@@ -403,6 +403,10 @@ run_dump_test "pr23372a"
run_dump_test "pr23372a-x32"
run_dump_test "pr23372b"
run_dump_test "pr23372b-x32"
+run_dump_test "pr23486a"
+run_dump_test "pr23486a-x32"
+run_dump_test "pr23486b"
+run_dump_test "pr23486b-x32"
if { ![istarget "x86_64-*-linux*"] && ![istarget "x86_64-*-nacl*"]} {
return
--
2.9.3
@@ -0,0 +1,140 @@
From 28a27bdbb9500797e6767f80c8128b09112aeed5 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sat, 11 Aug 2018 06:41:33 -0700
Subject: [PATCH] x86: Properly add X86_ISA_1_NEEDED property
Existing properties may be removed during property merging. We avoid
adding X86_ISA_1_NEEDED property only if existing properties won't be
removed.
bfd/
PR ld/23428
* elfxx-x86.c (_bfd_x86_elf_link_setup_gnu_properties): Don't
add X86_ISA_1_NEEDED property only if existing properties won't
be removed.
ld/
PR ld/23428
* testsuite/ld-elf/dummy.s: New file.
* testsuite/ld-elf/linux-x86.S: Add X86_FEATURE_1_AND property.
* testsuite/ld-elf/linux-x86.exp: Add dummy.s to pr23428.
(cherry picked from commit ab9e342807d132182892de1be1a92d6e91a5c1da)
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
bfd/ChangeLog | 7 +++++++
bfd/elfxx-x86.c | 28 ++++++++++++++++++++++------
ld/ChangeLog | 7 +++++++
ld/testsuite/ld-elf/dummy.s | 1 +
ld/testsuite/ld-elf/linux-x86.S | 28 ++++++++++++++++++++++++++++
ld/testsuite/ld-elf/linux-x86.exp | 2 +-
6 files changed, 66 insertions(+), 7 deletions(-)
create mode 100644 ld/testsuite/ld-elf/dummy.s
diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c
index 7ccfd25..2d8f7b6 100644
--- a/bfd/elfxx-x86.c
+++ b/bfd/elfxx-x86.c
@@ -2588,7 +2588,6 @@ _bfd_x86_elf_link_setup_gnu_properties
prop->pr_kind = property_number;
}
else if (has_text
- && elf_properties (ebfd) == NULL
&& elf_tdata (info->output_bfd)->o->build_id.sec == NULL
&& !htab->elf.dynamic_sections_created
&& !info->traditional_format
@@ -2598,11 +2597,28 @@ _bfd_x86_elf_link_setup_gnu_properties
/* If the separate code program header is needed, make sure
that the first read-only PT_LOAD segment has no code by
adding a GNU_PROPERTY_X86_ISA_1_NEEDED note. */
- prop = _bfd_elf_get_property (ebfd,
- GNU_PROPERTY_X86_ISA_1_NEEDED,
- 4);
- prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
- prop->pr_kind = property_number;
+ elf_property_list *list;
+ bfd_boolean need_property = TRUE;
+
+ for (list = elf_properties (ebfd); list; list = list->next)
+ switch (list->property.pr_type)
+ {
+ case GNU_PROPERTY_STACK_SIZE:
+ case GNU_PROPERTY_NO_COPY_ON_PROTECTED:
+ case GNU_PROPERTY_X86_ISA_1_NEEDED:
+ /* These properties won't be removed during merging. */
+ need_property = FALSE;
+ break;
+ }
+
+ if (need_property)
+ {
+ prop = _bfd_elf_get_property (ebfd,
+ GNU_PROPERTY_X86_ISA_1_NEEDED,
+ 4);
+ prop->u.number = GNU_PROPERTY_X86_ISA_1_486;
+ prop->pr_kind = property_number;
+ }
}
/* Create the GNU property note section if needed. */
diff --git a/ld/testsuite/ld-elf/dummy.s b/ld/testsuite/ld-elf/dummy.s
new file mode 100644
index 0000000..403f980
--- /dev/null
+++ b/ld/testsuite/ld-elf/dummy.s
@@ -0,0 +1 @@
+# Dummy
diff --git a/ld/testsuite/ld-elf/linux-x86.S b/ld/testsuite/ld-elf/linux-x86.S
index bdf40c6..d94abc1 100644
--- a/ld/testsuite/ld-elf/linux-x86.S
+++ b/ld/testsuite/ld-elf/linux-x86.S
@@ -61,3 +61,31 @@ syscall:
ret /* Return to caller. */
.size syscall, .-syscall
.section .note.GNU-stack,"",@progbits
+
+ .section ".note.gnu.property", "a"
+#ifdef __LP64__
+ .p2align 3
+#else
+ .p2align 2
+#endif
+ .long 1f - 0f /* name length */
+ .long 5f - 2f /* data length */
+ .long 5 /* note type */
+0: .asciz "GNU" /* vendor name */
+1:
+#ifdef __LP64__
+ .p2align 3
+#else
+ .p2align 2
+#endif
+2: .long 0xc0000002 /* pr_type. */
+ .long 4f - 3f /* pr_datasz. */
+3:
+ .long 0x2
+4:
+#ifdef __LP64__
+ .p2align 3
+#else
+ .p2align 2
+#endif
+5:
diff --git a/ld/testsuite/ld-elf/linux-x86.exp b/ld/testsuite/ld-elf/linux-x86.exp
index 36217c6..f6f5a80 100644
--- a/ld/testsuite/ld-elf/linux-x86.exp
+++ b/ld/testsuite/ld-elf/linux-x86.exp
@@ -37,7 +37,7 @@ run_ld_link_exec_tests [list \
"Run PR ld/23428 test" \
"--no-dynamic-linker -z separate-code" \
"" \
- { linux-x86.S pr23428.c } \
+ { linux-x86.S pr23428.c dummy.s } \
"pr23428" \
"pass.out" \
"$NOPIE_CFLAGS -fno-asynchronous-unwind-tables" \
--
2.9.3
+7
View File
@@ -17,9 +17,16 @@ BOTAN_CONF_OPTS = \
--os=linux \
--cc=gcc \
--cc-bin="$(TARGET_CXX)" \
--ldflags="$(BOTAN_LDFLAGS)" \
--prefix=/usr \
--without-documentation
BOTAN_LDFLAGS = $(TARGET_LDFLAGS)
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
BOTAN_LDFLAGS += -latomic
endif
ifeq ($(BR2_SHARED_LIBS),y)
BOTAN_CONF_OPTS += \
--disable-static-library \
@@ -0,0 +1,137 @@
From 6d3b4bb24da9a07c263f3c1acf8df85382ff562c Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 17 Dec 2018 18:07:18 +0100
Subject: udhcpc: check that 4-byte options are indeed 4-byte, closes 11506
function old new delta
udhcp_get_option32 - 27 +27
udhcp_get_option 231 248 +17
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/0 up/down: 44/0) Total: 44 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
---
networking/udhcp/common.c | 19 +++++++++++++++++++
networking/udhcp/common.h | 4 ++++
networking/udhcp/dhcpc.c | 6 +++---
networking/udhcp/dhcpd.c | 6 +++---
4 files changed, 29 insertions(+), 6 deletions(-)
diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
index e5fd74f91..41b05b855 100644
--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -272,6 +272,15 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
goto complain; /* complain and return NULL */
if (optionptr[OPT_CODE] == code) {
+ if (optionptr[OPT_LEN] == 0) {
+ /* So far no valid option with length 0 known.
+ * Having this check means that searching
+ * for DHCP_MESSAGE_TYPE need not worry
+ * that returned pointer might be unsafe
+ * to dereference.
+ */
+ goto complain; /* complain and return NULL */
+ }
log_option("option found", optionptr);
return optionptr + OPT_DATA;
}
@@ -289,6 +298,16 @@ uint8_t* FAST_FUNC udhcp_get_option(struct dhcp_packet *packet, int code)
return NULL;
}
+uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
+{
+ uint8_t *r = udhcp_get_option(packet, code);
+ if (r) {
+ if (r[-1] != 4)
+ r = NULL;
+ }
+ return r;
+}
+
/* Return the position of the 'end' option (no bounds checking) */
int FAST_FUNC udhcp_end_option(uint8_t *optionptr)
{
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 7ad603d33..9511152ff 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -205,6 +205,10 @@ extern const uint8_t dhcp_option_lengths[] ALIGN1;
unsigned FAST_FUNC udhcp_option_idx(const char *name, const char *option_strings);
uint8_t *udhcp_get_option(struct dhcp_packet *packet, int code) FAST_FUNC;
+/* Same as above + ensures that option length is 4 bytes
+ * (returns NULL if size is different)
+ */
+uint8_t *udhcp_get_option32(struct dhcp_packet *packet, int code) FAST_FUNC;
int udhcp_end_option(uint8_t *optionptr) FAST_FUNC;
void udhcp_add_binary_option(struct dhcp_packet *packet, uint8_t *addopt) FAST_FUNC;
#if ENABLE_UDHCPC || ENABLE_UDHCPD
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
index 4b23e4d39..5b3fd531c 100644
--- a/networking/udhcp/dhcpc.c
+++ b/networking/udhcp/dhcpc.c
@@ -1691,7 +1691,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
* They say ISC DHCP client supports this case.
*/
server_addr = 0;
- temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
+ temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
if (!temp) {
bb_error_msg("no server ID, using 0.0.0.0");
} else {
@@ -1718,7 +1718,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
struct in_addr temp_addr;
uint8_t *temp;
- temp = udhcp_get_option(&packet, DHCP_LEASE_TIME);
+ temp = udhcp_get_option32(&packet, DHCP_LEASE_TIME);
if (!temp) {
bb_error_msg("no lease time with ACK, using 1 hour lease");
lease_seconds = 60 * 60;
@@ -1813,7 +1813,7 @@ int udhcpc_main(int argc UNUSED_PARAM, char **argv)
uint32_t svid;
uint8_t *temp;
- temp = udhcp_get_option(&packet, DHCP_SERVER_ID);
+ temp = udhcp_get_option32(&packet, DHCP_SERVER_ID);
if (!temp) {
non_matching_svid:
log1("received DHCP NAK with wrong"
diff --git a/networking/udhcp/dhcpd.c b/networking/udhcp/dhcpd.c
index a8cd3f03b..477856d11 100644
--- a/networking/udhcp/dhcpd.c
+++ b/networking/udhcp/dhcpd.c
@@ -640,7 +640,7 @@ static void add_server_options(struct dhcp_packet *packet)
static uint32_t select_lease_time(struct dhcp_packet *packet)
{
uint32_t lease_time_sec = server_config.max_lease_sec;
- uint8_t *lease_time_opt = udhcp_get_option(packet, DHCP_LEASE_TIME);
+ uint8_t *lease_time_opt = udhcp_get_option32(packet, DHCP_LEASE_TIME);
if (lease_time_opt) {
move_from_unaligned32(lease_time_sec, lease_time_opt);
lease_time_sec = ntohl(lease_time_sec);
@@ -987,7 +987,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
}
/* Get SERVER_ID if present */
- server_id_opt = udhcp_get_option(&packet, DHCP_SERVER_ID);
+ server_id_opt = udhcp_get_option32(&packet, DHCP_SERVER_ID);
if (server_id_opt) {
uint32_t server_id_network_order;
move_from_unaligned32(server_id_network_order, server_id_opt);
@@ -1011,7 +1011,7 @@ int udhcpd_main(int argc UNUSED_PARAM, char **argv)
}
/* Get REQUESTED_IP if present */
- requested_ip_opt = udhcp_get_option(&packet, DHCP_REQUESTED_IP);
+ requested_ip_opt = udhcp_get_option32(&packet, DHCP_REQUESTED_IP);
if (requested_ip_opt) {
move_from_unaligned32(requested_nip, requested_ip_opt);
}
--
cgit v1.2.1
@@ -0,0 +1,58 @@
From 74d9f1ba37010face4bd1449df4d60dd84450b06 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 7 Jan 2019 15:33:42 +0100
Subject: udhcpc: when decoding DHCP_SUBNET, ensure it is 4 bytes long
function old new delta
udhcp_run_script 795 801 +6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
---
networking/udhcp/common.c | 2 +-
networking/udhcp/common.h | 2 +-
networking/udhcp/dhcpc.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/networking/udhcp/common.c b/networking/udhcp/common.c
index 4c2221b77..fc4de5716 100644
--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -302,7 +302,7 @@ uint8_t* FAST_FUNC udhcp_get_option32(struct dhcp_packet *packet, int code)
{
uint8_t *r = udhcp_get_option(packet, code);
if (r) {
- if (r[-1] != 4)
+ if (r[-OPT_DATA + OPT_LEN] != 4)
r = NULL;
}
return r;
diff --git a/networking/udhcp/common.h b/networking/udhcp/common.h
index 9511152ff..62f9a2a4a 100644
--- a/networking/udhcp/common.h
+++ b/networking/udhcp/common.h
@@ -119,7 +119,7 @@ enum {
//#define DHCP_TIME_SERVER 0x04 /* RFC 868 time server (32-bit, 0 = 1.1.1900) */
//#define DHCP_NAME_SERVER 0x05 /* IEN 116 _really_ ancient kind of NS */
//#define DHCP_DNS_SERVER 0x06
-//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog)
+//#define DHCP_LOG_SERVER 0x07 /* port 704 UDP log (not syslog) */
//#define DHCP_COOKIE_SERVER 0x08 /* "quote of the day" server */
//#define DHCP_LPR_SERVER 0x09
#define DHCP_HOST_NAME 0x0c /* 12: either client informs server or server gives name to client */
diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c
index 5b3fd531c..dcec8cdfd 100644
--- a/networking/udhcp/dhcpc.c
+++ b/networking/udhcp/dhcpc.c
@@ -531,7 +531,7 @@ static char **fill_envp(struct dhcp_packet *packet)
temp = udhcp_get_option(packet, code);
*curr = xmalloc_optname_optval(temp, &dhcp_optflags[i], opt_name);
putenv(*curr++);
- if (code == DHCP_SUBNET) {
+ if (code == DHCP_SUBNET && temp[-OPT_DATA + OPT_LEN] == 4) {
/* Subnet option: make things like "$ip/$mask" possible */
uint32_t subnet;
move_from_unaligned32(subnet, temp);
--
cgit v1.2.1
@@ -1,75 +0,0 @@
From 6b6ff53b5931c162be13504a1efc53fc5212f9d1 Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Mon, 7 May 2018 22:57:34 +0200
Subject: [PATCH] m4/reorganization/libs/curl.m4: fix curl-config detection
logic
The current logic in curl.m4 doesn't behave properly when
--without-libcurl is passed to the ./configure script.
Indeed, in this case what happens is that:
(1) Since --without-libcurl is passed, LIBCURL_HOME is set to nothing
(2) find_curl is set to "no"
(3) Due to find_curl being "no", LIBCURL_HOME is not set to
/usr/local and remains empty
(4) We test if $LIBCURL_HOME/bin/curl_config exists, which is
equivalent to testing if /bin/curl-config exists. So curl.m4 is
looking at /bin/curl-config, which is irrelevant in a
cross-compilation context: it is not because the build machine
has libcurl installed that it is available for the target.
Due to this mistake, it sets have_curl="yes"
Due to this, the ./configure script assumes it can build the
clamsubmit program, which fails at build time because curl/curl.h
doesn't exist.
To fix this, this commit rewrites the curl-config detection logic with
a simpler loop. If find_curl=yes, it means we have to find libcurl
ourselves, so we iterate over /usr/local and /usr, and check if a
bin/curl-config binary is available there. If so, we use this path as
LIBCURL_HOME and set have_curl="yes".
This preserves the existing behavior, while fixing the situation where
--without-libcurl is passed, but /bin/curl-config exists.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Upstream-status: https://github.com/Cisco-Talos/clamav-devel/pull/87
---
m4/reorganization/libs/curl.m4 | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/m4/reorganization/libs/curl.m4 b/m4/reorganization/libs/curl.m4
index 2a5966ee7..b6a9c2137 100644
--- a/m4/reorganization/libs/curl.m4
+++ b/m4/reorganization/libs/curl.m4
@@ -19,17 +19,12 @@ fi
[find_curl="yes"])
if test "X$find_curl" = "Xyes"; then
- LIBCURL_HOME=/usr/local
-fi
-if test -f "$LIBCURL_HOME/bin/curl-config"; then
- have_curl="yes"
-else
- if test "X$find_curl" = "Xyes"; then
- LIBCURL_HOME=/usr
- if test -f "$LIBCURL_HOME/bin/curl-config"; then
- have_curl="yes"
+ for p in /usr/local /usr ; do
+ if test -f "${p}/bin/curl-config"; then
+ LIBCURL_HOME=$p
+ have_curl="yes"
fi
- fi
+ done
fi
if test "X$have_curl" = "Xyes"; then
--
2.14.3
+5 -2
View File
@@ -1,7 +1,9 @@
config BR2_PACKAGE_CLAMAV
bool "clamav"
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_MMU # fork()
depends on BR2_USE_WCHAR
select BR2_PACKAGE_LIBTOOL
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_ZLIB
@@ -11,6 +13,7 @@ config BR2_PACKAGE_CLAMAV
http://www.clamav.net
comment "clamav needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
comment "clamav needs a toolchain w/ C++, threads, wchar"
depends on !BR2_INSTALL_LIBSTDCPP \
|| !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
depends on BR2_USE_MMU
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally calculated
sha256 4a2e4f0cd41e62adb5a713b4a1857c49145cd09a69957e6d946ecad575206dd6 clamav-0.100.2.tar.gz
sha256 0a12ebdf6ff7a74c0bde2bdc2b55cae33449e6dd953ec90824a9e01291277634 clamav-0.101.2.tar.gz
sha256 0c4fd2fa9733fc9122503797648710851e4ee6d9e4969dd33fcbd8c63cd2f584 COPYING
sha256 d72a145c90918184a05ef65a04c9e6f7466faa59bc1b82c8f6a8ddc7ddcb9bed COPYING.bzip2
sha256 dfb818a0d41411c6fb1c193c68b73018ceadd1994bda41ad541cbff292894bc6 COPYING.file
+5 -3
View File
@@ -4,7 +4,7 @@
#
################################################################################
CLAMAV_VERSION = 0.100.2
CLAMAV_VERSION = 0.101.2
CLAMAV_SITE = https://www.clamav.net/downloads/production
CLAMAV_LICENSE = GPL-2.0
CLAMAV_LICENSE_FILES = COPYING COPYING.bzip2 COPYING.file COPYING.getopt \
@@ -16,14 +16,16 @@ CLAMAV_DEPENDENCIES = \
openssl \
zlib \
$(TARGET_NLS_DEPENDENCIES)
# 0003-m4-reorganization-libs-curl.m4-fix-curl-config-detec.patch
CLAMAV_AUTORECONF = YES
# mmap cannot be detected when cross-compiling, needed for mempool support
CLAMAV_CONF_ENV = \
ac_cv_c_mmap_private=yes \
have_cv_ipv6=yes
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
CLAMAV_CONF_ENV += LIBS=-latomic
endif
# UCLIBC_HAS_FTS is disabled, therefore disable fanotify (missing fts.h)
CLAMAV_CONF_OPTS = \
--with-dbdir=/var/lib/clamav \
@@ -1,189 +0,0 @@
From 570933a6a3597371bae1beeb754ee8711d6305ab Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Mon, 2 Apr 2018 20:05:13 -0400
Subject: [PATCH] Fix builds without PAM (Issue #5283)
[baruch: drop CHANGES.md hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 570933a6a3
CHANGES.md | 8 ++-
scheduler/auth.c | 134 ++---------------------------------------------
2 files changed, 11 insertions(+), 131 deletions(-)
diff --git a/scheduler/auth.c b/scheduler/auth.c
index 8b134b5d7257..fa4e2715de34 100644
--- a/scheduler/auth.c
+++ b/scheduler/auth.c
@@ -1,8 +1,8 @@
/*
* Authorization routines for the CUPS scheduler.
*
- * Copyright 2007-2016 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
*
* This file contains Kerberos support code, copyright 2006 by
* Jelmer Vernooij.
@@ -71,9 +71,6 @@ static int check_authref(cupsd_client_t *con, const char *right);
static int compare_locations(cupsd_location_t *a,
cupsd_location_t *b);
static cupsd_authmask_t *copy_authmask(cupsd_authmask_t *am, void *data);
-#if !HAVE_LIBPAM
-static char *cups_crypt(const char *pw, const char *salt);
-#endif /* !HAVE_LIBPAM */
static void free_authmask(cupsd_authmask_t *am, void *data);
#if HAVE_LIBPAM
static int pam_func(int, const struct pam_message **,
@@ -694,14 +691,14 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */
* client...
*/
- pass = cups_crypt(password, pw->pw_passwd);
+ pass = crypt(password, pw->pw_passwd);
if (!pass || strcmp(pw->pw_passwd, pass))
{
# ifdef HAVE_SHADOW_H
if (spw)
{
- pass = cups_crypt(password, spw->sp_pwdp);
+ pass = crypt(password, spw->sp_pwdp);
if (pass == NULL || strcmp(spw->sp_pwdp, pass))
{
@@ -1995,129 +1992,6 @@ copy_authmask(cupsd_authmask_t *mask, /* I - Existing auth mask */
}
-#if !HAVE_LIBPAM
-/*
- * 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
- * as needed.
- */
-
-static char * /* O - Encrypted password */
-cups_crypt(const char *pw, /* I - Password string */
- const char *salt) /* I - Salt (key) string */
-{
- if (!strncmp(salt, "$1$", 3))
- {
- /*
- * Use MD5 passwords without the benefit of PAM; this is for
- * Slackware Linux, and the algorithm was taken from the
- * old shadow-19990827/lib/md5crypt.c source code... :(
- */
-
- int i; /* Looping var */
- unsigned long n; /* Output number */
- int pwlen; /* Length of password string */
- const char *salt_end; /* End of "salt" data for MD5 */
- char *ptr; /* Pointer into result string */
- _cups_md5_state_t state; /* Primary MD5 state info */
- _cups_md5_state_t state2; /* Secondary MD5 state info */
- unsigned char digest[16]; /* MD5 digest result */
- static char result[120]; /* Final password string */
-
-
- /*
- * Get the salt data between dollar signs, e.g. $1$saltdata$md5.
- * Get a maximum of 8 characters of salt data after $1$...
- */
-
- for (salt_end = salt + 3; *salt_end && (salt_end - salt) < 11; salt_end ++)
- if (*salt_end == '$')
- break;
-
- /*
- * Compute the MD5 sum we need...
- */
-
- pwlen = strlen(pw);
-
- _cupsMD5Init(&state);
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
- _cupsMD5Append(&state, (unsigned char *)salt, salt_end - salt);
-
- _cupsMD5Init(&state2);
- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
- _cupsMD5Append(&state2, (unsigned char *)salt + 3, salt_end - salt - 3);
- _cupsMD5Append(&state2, (unsigned char *)pw, pwlen);
- _cupsMD5Finish(&state2, digest);
-
- for (i = pwlen; i > 0; i -= 16)
- _cupsMD5Append(&state, digest, i > 16 ? 16 : i);
-
- for (i = pwlen; i > 0; i >>= 1)
- _cupsMD5Append(&state, (unsigned char *)((i & 1) ? "" : pw), 1);
-
- _cupsMD5Finish(&state, digest);
-
- for (i = 0; i < 1000; i ++)
- {
- _cupsMD5Init(&state);
-
- if (i & 1)
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
- else
- _cupsMD5Append(&state, digest, 16);
-
- if (i % 3)
- _cupsMD5Append(&state, (unsigned char *)salt + 3, salt_end - salt - 3);
-
- if (i % 7)
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
- if (i & 1)
- _cupsMD5Append(&state, digest, 16);
- else
- _cupsMD5Append(&state, (unsigned char *)pw, pwlen);
-
- _cupsMD5Finish(&state, digest);
- }
-
- /*
- * Copy the final sum to the result string and return...
- */
-
- memcpy(result, salt, (size_t)(salt_end - salt));
- ptr = result + (salt_end - salt);
- *ptr++ = '$';
-
- for (i = 0; i < 5; i ++, ptr += 4)
- {
- n = ((((unsigned)digest[i] << 8) | (unsigned)digest[i + 6]) << 8);
-
- if (i < 4)
- n |= (unsigned)digest[i + 12];
- else
- n |= (unsigned)digest[5];
-
- to64(ptr, n, 4);
- }
-
- to64(ptr, (unsigned)digest[11], 2);
- ptr += 2;
- *ptr = '\0';
-
- return (result);
- }
- else
- {
- /*
- * Use the standard crypt() function...
- */
-
- return (crypt(pw, salt));
- }
-}
-#endif /* !HAVE_LIBPAM */
-
-
/*
* 'free_authmask()' - Free function for auth masks.
*/
--
2.17.0
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated:
sha256 3c4b637b737077565ccdfbd5f61785d03f49461ae736fcc2c0ffaf41d2c6ea6a cups-2.2.7-source.tar.gz
sha256 77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb cups-2.2.10-source.tar.gz
sha256 6e0e0ffbde118aae709f7ef65590de9071e8b2cd322f84fd645c6b64f3cc452c LICENSE.txt
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
CUPS_VERSION = 2.2.7
CUPS_VERSION = 2.2.10
CUPS_SOURCE = cups-$(CUPS_VERSION)-source.tar.gz
CUPS_SITE = https://github.com/apple/cups/releases/download/v$(CUPS_VERSION)
CUPS_LICENSE = GPL-2.0, LGPL-2.0
+1 -1
View File
@@ -4,4 +4,4 @@ config BR2_PACKAGE_DEVMEM2
help
Simple program to read/write from/to any location in memory.
http://free-electrons.com/pub/mirror/devmem2.c
http://bootlin.com/pub/mirror/devmem2.c
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
DEVMEM2_SITE = http://free-electrons.com/pub/mirror
DEVMEM2_SITE = http://bootlin.com/pub/mirror
DEVMEM2_SOURCE = devmem2.c
DEVMEM2_VERSION = 1
DEVMEM2_LICENSE = GPL-2.0+
+5
View File
@@ -36,6 +36,10 @@ define DHCPCD_INSTALL_TARGET_CMDS
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
endef
# When network-manager is enabled together with dhcpcd, it will use
# dhcpcd as a DHCP client, and will be in charge of running, so we
# don't want the init script or service file to be installed.
ifeq ($(BR2_PACKAGE_NETWORK_MANAGER),)
define DHCPCD_INSTALL_INIT_SYSV
$(INSTALL) -m 755 -D package/dhcpcd/S41dhcpcd \
$(TARGET_DIR)/etc/init.d/S41dhcpcd
@@ -48,6 +52,7 @@ define DHCPCD_INSTALL_INIT_SYSTEMD
ln -sf ../../../../usr/lib/systemd/system/dhcpcd.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/dhcpcd.service
endef
endif
# NOTE: Even though this package has a configure script, it is not generated
# using the autotools, so we have to use the generic package infrastructure.
@@ -0,0 +1,27 @@
From 8419a670aed3364c39b86a0608782aaeae3ce5df Mon Sep 17 00:00:00 2001
From: Quentin Brunet <hello@quentinbrunet.com>
Date: Tue, 8 Jan 2019 14:04:54 +0100
Subject: [PATCH] Upgrade pyyaml to 4.2b1
Signed-off-by: Quentin Brunet <hello@quentinbrunet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
setup.py | 2 +-
1 file changed, 1 insertions(+), 1 deletions(-)
diff --git a/setup.py b/setup.py
index 4c49bab7..8b5f9d99 100644
--- a/setup.py
+++ b/setup.py
@@ -32,7 +32,7 @@ def find_version(*file_paths):
install_requires = [
'cached-property >= 1.2.0, < 2',
'docopt >= 0.6.1, < 0.7',
- 'PyYAML >= 3.10, < 4',
+ 'PyYAML >= 3.10, < 4.3',
'requests >= 2.6.1, != 2.11.0, != 2.12.2, != 2.18.0, < 3.0',
'texttable >= 0.9.0, < 0.10',
'websocket-client >= 0.32.0, < 1.0',
--
2.11.0
+7 -2
View File
@@ -3,6 +3,9 @@ config BR2_PACKAGE_DOCKER_CONTAINERD
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 # runc
depends on !BR2_TOOLCHAIN_USES_UCLIBC # runc
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # runc
depends on BR2_USE_MMU # util-linux
select BR2_PACKAGE_RUNC # runtime dependency
select BR2_PACKAGE_UTIL_LINUX # runtime dependency
@@ -27,8 +30,10 @@ config BR2_PACKAGE_DOCKER_CONTAINERD_DRIVER_BTRFS
endif
comment "docker-containerd needs a toolchain w/ threads"
comment "docker-containerd needs a glibc or musl toolchain w/ threads"
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 || BR2_TOOLCHAIN_USES_UCLIBC
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM
+13 -18
View File
@@ -3,6 +3,14 @@ config BR2_PACKAGE_DOCKER_ENGINE
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 # docker-containerd -> runc
depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM # docker-containerd -> runc
depends on BR2_USE_MMU # docker-containerd
select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
select BR2_PACKAGE_IPTABLES # runtime dependency
select BR2_PACKAGE_SQLITE # runtime dependency
help
Docker is a platform to build, ship,
and run applications as lightweight containers.
@@ -11,23 +19,9 @@ config BR2_PACKAGE_DOCKER_ENGINE
if BR2_PACKAGE_DOCKER_ENGINE
config BR2_PACKAGE_DOCKER_ENGINE_DAEMON
bool "docker daemon"
default y
depends on BR2_USE_MMU # docker-containerd
select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
select BR2_PACKAGE_IPTABLES # runtime dependency
select BR2_PACKAGE_SQLITE # runtime dependency
help
Build the Docker system daemon.
If not selected, will build client only.
config BR2_PACKAGE_DOCKER_ENGINE_EXPERIMENTAL
bool "build experimental features"
if BR2_PACKAGE_DOCKER_ENGINE_DAEMON
config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_BTRFS
bool "btrfs filesystem driver"
depends on BR2_USE_MMU # btrfs-progs
@@ -58,9 +52,10 @@ config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_VFS
endif
endif
comment "docker-engine needs a toolchain w/ threads"
comment "docker-engine needs a glibc or musl toolchain w/ threads, headers >= 3.11"
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on !BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_11 || BR2_TOOLCHAIN_USES_UCLIBC
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_ARM
depends on BR2_USE_MMU
@@ -1,3 +1,3 @@
# Locally computed after checking signature
sha256 e02f2741c05f9e2af1c5f46da35efb74997f9d4b941ba68936206d310ddf2622 dovecot-2.3-pigeonhole-0.5.3.tar.gz
sha256 547999e67a001abc5e654c7e35653d3fe057fa9a47a24257e39a79c41ef08516 dovecot-2.3-pigeonhole-0.5.4.tar.gz
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
@@ -4,7 +4,7 @@
#
################################################################################
DOVECOT_PIGEONHOLE_VERSION = 0.5.3
DOVECOT_PIGEONHOLE_VERSION = 0.5.4
DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
+1 -1
View File
@@ -1,5 +1,5 @@
# Locally computed after checking signature
sha256 15af27ee25258afb4ad9581f8df681be998b763597086bbae54ca7d77a066d8e dovecot-2.3.3.tar.gz
sha256 b8873e2ce5c33e58963bb7a8d2ff8427c09dbfdd63e13a0b0f4502864043aa07 dovecot-2.3.4.1.tar.gz
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
+1 -1
View File
@@ -5,7 +5,7 @@
################################################################################
DOVECOT_VERSION_MAJOR = 2.3
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).3
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).4.1
DOVECOT_SITE = https://www.dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
DOVECOT_INSTALL_STAGING = YES
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
@@ -1,7 +1,7 @@
From b1f8b84489c96465b63485b884238b61d31ca84d Mon Sep 17 00:00:00 2001
From 086283ed7f1886de05407bc75dd4c070c78a6f50 Mon Sep 17 00:00:00 2001
From: Lothar Felten <lothar.felten@gmail.com>
Date: Mon, 8 Oct 2018 13:29:44 +0200
Subject: [PATCH 1/1] Fix include guards for older kernel/u-boot sources
Subject: [PATCH] Fix include guards for older kernel/u-boot sources
Linux kernels before 4.17 and U-Boot versions before 2018.07 use libfdt
include guards with leading underscores.
@@ -12,11 +12,27 @@ This patch handles both include guard types and allows the compilation
of older Linux kernel and u-boot sources.
Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
[ThomasDS: also update fdt.h which has the same issue, seen on U-Boot
2011.03]
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
---
libfdt/fdt.h | 4 ++++
libfdt/libfdt.h | 4 ++++
libfdt/libfdt_env.h | 4 ++++
2 files changed, 8 insertions(+)
3 files changed, 12 insertions(+)
diff --git a/libfdt/fdt.h b/libfdt/fdt.h
index 74961f9..2904f48 100644
--- a/libfdt/fdt.h
+++ b/libfdt/fdt.h
@@ -1,3 +1,7 @@
+#ifdef _FDT_H
+#warning "Please consider updating your kernel and/or u-boot version"
+#define FDT_H
+#endif
#ifndef FDT_H
#define FDT_H
/*
diff --git a/libfdt/libfdt.h b/libfdt/libfdt.h
index 830b77e..bef4566 100644
--- a/libfdt/libfdt.h
@@ -42,5 +58,5 @@ index eb20538..6a61e6a 100644
#define LIBFDT_ENV_H
/*
--
2.11.0
2.19.2
+4 -2
View File
@@ -4,6 +4,7 @@ config BR2_PACKAGE_EFIBOOTMGR
depends on !BR2_STATIC_LIBS # efivar
depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # efivar
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # efivar
depends on BR2_HOST_GCC_AT_LEAST_4_8 # efivar
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS
select BR2_PACKAGE_EFIVAR
select BR2_PACKAGE_POPT
@@ -15,9 +16,10 @@ config BR2_PACKAGE_EFIBOOTMGR
https://github.com/rhboot/efibootmgr
comment "efibootmgr needs a glibc or uClibc toolchain w/ dynamic library, headers >= 3.12, gcc >= 4.9"
comment "efibootmgr needs a glibc or uClibc toolchain w/ dynamic library, headers >= 3.12, gcc >= 4.9, host gcc >= 4.8"
depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
depends on BR2_STATIC_LIBS || \
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 || \
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
!BR2_HOST_GCC_AT_LEAST_4_8
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS
+5 -2
View File
@@ -17,14 +17,17 @@ config BR2_PACKAGE_EFIVAR
# toolchains.
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
# needs __builtin_bswap16
depends on BR2_HOST_GCC_AT_LEAST_4_8
help
Tools and libraries to manipulate EFI variables
https://github.com/rhboot/efivar
comment "efivar needs a toolchain w/ dynamic library, headers >= 3.12, gcc >= 4.9"
comment "efivar needs a toolchain w/ dynamic library, headers >= 3.12, gcc >= 4.9, host gcc >= 4.8"
depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
depends on BR2_STATIC_LIBS || \
!BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 || \
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
!BR2_HOST_GCC_AT_LEAST_4_8
depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS
@@ -0,0 +1,34 @@
From d045dd99acdd47be238642d4f9384dccacde2b42 Mon Sep 17 00:00:00 2001
From: "Carsten Haitzler (Rasterman)" <raster@rasterman.com>
Date: Sat, 15 Dec 2018 16:19:01 +0000
Subject: [PATCH] evas gl - make GLintptr etc. also ndefed for GL_VERSION_1_5
fix typedef
It seems that GL_VERSION_1_5 define == these provided by gl already. At
least reading the mesa headers I do, so this should fix T7502
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
---
src/lib/evas/Evas_GL.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/lib/evas/Evas_GL.h b/src/lib/evas/Evas_GL.h
index fa3e6f4..5524d82 100644
--- a/src/lib/evas/Evas_GL.h
+++ b/src/lib/evas/Evas_GL.h
@@ -4272,9 +4272,11 @@ typedef signed int GLfixed; // Changed khronos_int32_t
#ifndef GL_ES_VERSION_2_0
/* GL types for handling large vertex buffer objects */
-#include <stddef.h>
+# ifndef GL_VERSION_1_5
+# include <stddef.h>
typedef ptrdiff_t GLintptr; // Changed khronos_intptr_t
typedef ptrdiff_t GLsizeiptr; // Changed khronos_ssize_t
+# endif
#endif
/* Some definitions from GLES 3.0.
--
2.14.1
@@ -1,30 +0,0 @@
Fix checking for statically build OpenSSL with libz dependency
Fixes
http://autobuild.buildroot.net/results/48a/48ad6d3659cf1f04581b7e3d115bebf454ff17fd/
configure: Enabling OpenSSL support in /home/br/br/output/host/usr/i486-buildroot-linux-uclibc/sysroot/usr.
checking for additional library dependencies of SSL... error
configure: error: cannot link with SSL - check config.log
In config.log multiple linking errors to libz can be found:
configure:10099: /home/br/br/output/host/usr/bin/i486-ctng-linux-uclibc-gcc -o
conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64
/home/br/br/output/host/usr/i486-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(c_zlib.o):
In function `zlib_stateful_c_zlib.c:(.text+0x56): undefined reference to `inflate'
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
diff -uNr fetchmail-6.3.26.org/configure.ac fetchmail-6.3.26/configure.ac
--- fetchmail-6.3.26.org/configure.ac 2013-04-23 22:51:10.000000000 +0200
+++ fetchmail-6.3.26/configure.ac 2014-07-27 09:20:25.000000000 +0200
@@ -778,7 +778,7 @@
AC_MSG_ERROR([SSL support enabled, but OpenSSL not found])
fi
LDFLAGS="$LDFLAGS -L$with_ssl/lib"
- LIBS="$LIBS -lssl -lcrypto"
+ LIBS="-lssl -lcrypto $LIBS"
dnl check if -ldl is needed
AC_MSG_CHECKING([for additional library dependencies of SSL])
found=0
@@ -0,0 +1,69 @@
From 1ed0af7f1bbcaccbd7356bd90596f5c942b64720 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 22 Mar 2019 20:24:54 +0100
Subject: [PATCH 1/1] configure.ac: use pkg-config to find openssl
openssl can have multiples dependencies such as libatomic on sparcv8
32 bits
Fixes:
- http://autobuild.buildroot.org/results/58e5aa7c6ba8fe7474071d7a3cba6ed3a1b4cff4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status:
https://gitlab.com/fetchmail/fetchmail/merge_requests/14]
---
configure.ac | 37 +++++++++++++++++++------------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/configure.ac b/configure.ac
index 16b0fcba..3a75ec6e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -778,24 +778,25 @@ then
else
AC_MSG_ERROR([SSL support enabled, but OpenSSL not found])
fi
- LDFLAGS="$LDFLAGS -L$with_ssl/lib"
- LIBS="$LIBS -lssl -lcrypto"
- dnl check if -ldl is needed
- AC_MSG_CHECKING([for additional library dependencies of SSL])
- found=0
- save_LIBS="$LIBS"
- for i in "" "-ldl" ; do
- LIBS="$LDFLAGS $save_LIBS $i"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_library_init()])],[found=1; break])
- done
- if test $found = 0 ; then
- AC_MSG_RESULT([error])
- AC_MSG_ERROR([cannot link with SSL - check config.log])
- fi
- LIBS="$save_LIBS $i"
- if test "$i" = "" ; then i="(none)" ; fi
- AC_MSG_RESULT($i)
- dnl XXX FIXME: use pkg-config if available!
+ PKG_CHECK_MODULES([SSL],[libssl libcrypto],[LIBS="$LIBS $SSL_LIBS"],[
+ LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+ LIBS="$LIBS -lssl -lcrypto"
+ dnl check if -ldl is needed
+ AC_MSG_CHECKING([for additional library dependencies of SSL])
+ found=0
+ save_LIBS="$LIBS"
+ for i in "" "-ldl" ; do
+ LIBS="$LDFLAGS $save_LIBS $i"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <openssl/ssl.h>],[SSL_library_init()])],[found=1; break])
+ done
+ if test $found = 0 ; then
+ AC_MSG_RESULT([error])
+ AC_MSG_ERROR([cannot link with SSL - check config.log])
+ fi
+ LIBS="$save_LIBS $i"
+ if test "$i" = "" ; then i="(none)" ; fi
+ AC_MSG_RESULT($i)
+ ])
AC_DEFINE(SSL_ENABLE)
else
AC_MSG_WARN(Disabling SSL support.)
--
2.20.1
+1 -6
View File
@@ -13,17 +13,12 @@ FETCHMAIL_LICENSE_FILES = COPYING
FETCHMAIL_AUTORECONF = YES
FETCHMAIL_GETTEXTIZE = YES
# needed to help fetchmail detecting the availability of openssl,
# because it doesn't use pkg-config
ifeq ($(BR2_STATIC_LIBS),y)
FETCHMAIL_CONF_ENV += LIBS="-lz"
endif
FETCHMAIL_CONF_OPTS = \
--with-ssl=$(STAGING_DIR)/usr
FETCHMAIL_DEPENDENCIES = \
ca-certificates \
host-pkgconf \
openssl \
$(TARGET_NLS_DEPENDENCIES)
+7 -5
View File
@@ -1,5 +1,7 @@
# Locally calculated
sha256 f15a50dbbfa83fec0bd1161e8e191b092ec832720e30cd14536e044ac623b20a file-5.34.tar.gz
sha256 3c0ad13c36f891a9b4f951e59eb2fc108065a46f849697cc6fd3cdb41cc23a3d COPYING
sha256 d98ee4d8d95e7d021a5dfc41f137ecc3b624a7b98e8bd793130202d12a21ed57 src/mygetopt.h
sha256 85e358d575ad4ac5b38b623a25b24246ccff3c7e680d930c0a9ff5228fe434b6 src/vasprintf.c
# Locally calculated after verifying signature
# ftp://ftp.astron.com/pub/file/file-5.36.tar.gz.asc
# using key BE04995BA8F90ED0C0C176C471112AB16CB33B3A
sha256 fb608290c0fd2405a8f63e5717abf6d03e22e183fb21884413d1edd918184379 file-5.36.tar.gz
sha256 0bfa856a9930bddadbef95d1be1cf4e163c0be618e76ea3275caaf255283e274 COPYING
sha256 4ccb60d623884ef637af4a5bc16b2cb350163e2135e967655837336019a64462 src/mygetopt.h
sha256 7ac061e1a1c840c4dfa0573aec6f3497676c9295b5ec4190d3576646eb1646bf src/vasprintf.c
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
FILE_VERSION = 5.34
FILE_VERSION = 5.36
FILE_SITE = ftp://ftp.astron.com/pub/file
FILE_DEPENDENCIES = host-file zlib
HOST_FILE_DEPENDENCIES = host-zlib
+7
View File
@@ -54,4 +54,11 @@ else
FLTK_CONF_OPTS += --disable-xinerama
endif
ifeq ($(BR2_PACKAGE_XLIB_LIBXRENDER),y)
FLTK_DEPENDENCIES += xlib_libXrender
FLTK_CONF_OPTS += --enable-xrender
else
FLTK_CONF_OPTS += --disable-xrender
endif
$(eval $(autotools-package))
+1 -1
View File
@@ -87,7 +87,7 @@ HOST_GCC_COMMON_DEPENDENCIES = \
HOST_GCC_COMMON_CONF_OPTS = \
--target=$(GNU_TARGET_NAME) \
--with-sysroot=$(STAGING_DIR) \
--disable-__cxa_atexit \
--enable-__cxa_atexit \
--with-gnu-ld \
--disable-libssp \
--disable-multilib \
+5
View File
@@ -139,6 +139,11 @@ ifneq ($(BR2_INSTALL_LIBSTDCPP),y)
GDB_CONF_OPTS += --disable-build-with-cxx
endif
# inprocess-agent can't be built statically
ifeq ($(BR2_STATIC_LIBS),y)
GDB_CONF_OPTS += --disable-inprocess-agent
endif
ifeq ($(BR2_PACKAGE_GDB_TUI),y)
GDB_CONF_OPTS += --enable-tui
else
@@ -0,0 +1,176 @@
From a1de1e6ab51ab37a17975aad1193f2523e7e7e84 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 5 Dec 2018 12:22:13 +0000
Subject: [PATCH] Sanitize op stack for error conditions
We save the stacks to an array and store the array for the error handler to
access.
For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
we make these copies, we check for operators that do *not* exist in systemdict,
when we find one, we replace the operator with a name object (of the form
"/--opname--").
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 13b0a36f818
psi/int.mak | 3 +-
psi/interp.c | 8 ++++++
psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
psi/istack.h | 3 ++
4 files changed, 91 insertions(+), 1 deletion(-)
diff --git a/psi/int.mak b/psi/int.mak
index 6ab5bf0069dd..6b349cb042dd 100644
--- a/psi/int.mak
+++ b/psi/int.mak
@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
$(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
$(ierrors_h) $(gsstruct_h) $(gsutil_h)\
$(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
- $(store_h) $(INT_MAK) $(MAKEDIRS)
+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
+ $(INT_MAK) $(MAKEDIRS)
$(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
$(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
diff --git a/psi/interp.c b/psi/interp.c
index 6dc0ddae1b3c..aa5779c51420 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
uint size = ref_stack_count(pstack) - skip;
uint save_space = ialloc_space(idmemory);
int code, i;
+ ref *safety, *safe;
if (size > 65535)
size = 65535;
@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
make_null(&arr->value.refs[i]);
}
}
+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
+ safe->value.boolval == true) {
+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
+ if (code < 0)
+ return code;
+ }
ialloc_set_space(idmemory, save_space);
return code;
}
diff --git a/psi/istack.c b/psi/istack.c
index 8fe151fa5628..f1a3e511534d 100644
--- a/psi/istack.c
+++ b/psi/istack.c
@@ -27,6 +27,10 @@
#include "iutil.h"
#include "ivmspace.h" /* for local/global test */
#include "store.h"
+#include "icstate.h"
+#include "iname.h"
+#include "dstack.h"
+#include "idict.h"
/* Forward references */
static void init_block(ref_stack_t *pstack, const ref *pblock_array,
@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
return 0;
}
+int
+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
+{
+ int i, code;
+ ref obj, arr2;
+ ref *pobj2;
+ gs_memory_t *mem = (gs_memory_t *)idmemory->current;
+
+ if (!r_is_array(sarr) || !r_has_type(darr, t_array))
+ return_error(gs_error_typecheck);
+
+ for (i = 0; i < r_size(sarr); i++) {
+ code = array_get(mem, sarr, i, &obj);
+ if (code < 0)
+ make_null(&obj);
+ switch(r_type(&obj)) {
+ case t_operator:
+ {
+ int index = op_index(&obj);
+
+ if (index > 0 && index < op_def_count) {
+ const byte *data = (const byte *)(op_index_def(index)->oname + 1);
+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
+ if (s) {
+ s[0] = '\0';
+ strcpy((char *)s, "--");
+ strcpy((char *)s + 2, (char *)data);
+ strcpy((char *)s + strlen((char *)data) + 2, "--");
+ }
+ else {
+ s = (byte *)data;
+ }
+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
+ if (code < 0) make_null(&obj);
+ if (s != data)
+ gs_free_object(mem, s, "ref_stack_array_sanitize");
+ }
+ }
+ else {
+ make_null(&obj);
+ }
+ ref_assign(darr->value.refs + i, &obj);
+ break;
+ }
+ case t_array:
+ case t_shortarray:
+ case t_mixedarray:
+ {
+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
+ /* We only want to copy executable arrays */
+ if (attrs & (a_execute | a_executable)) {
+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
+ if (code < 0) {
+ make_null(&arr2);
+ }
+ else {
+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
+ }
+ ref_assign(darr->value.refs + i, &arr2);
+ }
+ else {
+ ref_assign(darr->value.refs + i, &obj);
+ }
+ break;
+ }
+ default:
+ ref_assign(darr->value.refs + i, &obj);
+ }
+ }
+ return 0;
+}
+
+
/*
* Store the top 'count' elements of a stack, starting 'skip' elements below
* the top, into an array, with or without store/undo checking. age=-1 for
diff --git a/psi/istack.h b/psi/istack.h
index 051dcbe216cf..54be405adfb3 100644
--- a/psi/istack.h
+++ b/psi/istack.h
@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
uint skip, int age, bool check,
gs_dual_memory_t *idmem, client_name_t cname);
+int
+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
+
/*
* Pop the top N elements off a stack.
* The number must not exceed the number of elements in use.
--
2.20.1
@@ -0,0 +1,441 @@
From f0397dbfbe5eea325613ff375b30eb0db5551ffe Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 13 Dec 2018 15:28:34 +0000
Subject: [PATCH] Any transient procedures that call .force* operators
(i.e. for conditionals or loops) make them executeonly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 2db98f9c661
Resource/Init/gs_diskn.ps | 2 +-
Resource/Init/gs_dps1.ps | 4 ++--
Resource/Init/gs_fntem.ps | 4 ++--
Resource/Init/gs_fonts.ps | 12 ++++++------
Resource/Init/gs_init.ps | 4 ++--
Resource/Init/gs_lev2.ps | 11 ++++++-----
Resource/Init/gs_pdfwr.ps | 2 +-
Resource/Init/gs_res.ps | 4 ++--
Resource/Init/gs_setpd.ps | 2 +-
Resource/Init/pdf_base.ps | 13 ++++++++-----
Resource/Init/pdf_draw.ps | 16 +++++++++-------
Resource/Init/pdf_font.ps | 6 +++---
Resource/Init/pdf_main.ps | 4 ++--
Resource/Init/pdf_ops.ps | 7 ++++---
14 files changed, 49 insertions(+), 42 deletions(-)
diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
index fd694bc44b5a..8bf20542040d 100644
--- a/Resource/Init/gs_diskn.ps
+++ b/Resource/Init/gs_diskn.ps
@@ -51,7 +51,7 @@ systemdict begin
mark 5 1 roll ] mark exch { { } forall } forall ]
//systemdict /.searchabledevs 2 index .forceput
exch .setglobal
- }
+ } executeonly
if
} .bind executeonly odef % must be bound and hidden for .forceput
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index ec5db61b9f03..4fae2839940c 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -78,7 +78,7 @@ level2dict begin
.currentglobal
{ % Current mode is global; delete from local directory too.
//systemdict /LocalFontDirectory .knownget
- { 1 index .forceundef } % LocalFontDirectory is readonly
+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly
if
}
{ % Current mode is local; if there was a shadowed global
@@ -126,7 +126,7 @@ level2dict begin
}
ifelse
} forall
- pop counttomark 2 idiv { .forceundef } repeat pop % readonly
+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly
}
if
//SharedFontDirectory exch .forcecopynew pop
diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
index c1f7651f18cc..6eb672a6840e 100644
--- a/Resource/Init/gs_fntem.ps
+++ b/Resource/Init/gs_fntem.ps
@@ -401,12 +401,12 @@ currentdict end def
.forceput % FontInfo can be read-only.
pop % bool <font>
exit
- } if
+ } executeonly if
dup /FontInfo get % bool <font> <FI>
/GlyphNames2Unicode /Unicode /Decoding findresource
.forceput % FontInfo can be read-only.
exit
- } loop
+ } executeonly loop
exch setglobal
} .bind executeonly odef % must be bound and hidden for .forceput
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index 803faca4918d..290da0cd6819 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/.setnativefontmapbuilt { % set whether we've been run
dup type /booleantype eq {
systemdict exch /.nativefontmapbuilt exch .forceput
- }
+ } executeonly
{pop}
ifelse
} .bind executeonly odef
@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
{ 2 index gcheck currentglobal
2 copy eq {
pop pop .forceput
- } {
+ } executeonly {
5 1 roll setglobal
dup length string copy
.forceput setglobal
- } ifelse
+ } executeonly ifelse
} .bind executeonly odef % must be bound and hidden for .forceput
% Attempt to load a font from a file.
@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
.FontDirectory 3 index .forceundef % readonly
1 index (r) file .loadfont .FontDirectory exch
/.setglobal .systemvar exec
- }
+ } executeonly
{ .loadfont .FontDirectory
}
ifelse
@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
dup 3 index .fontknownget
{ dup /PathLoad 4 index .putgstringcopy
4 1 roll pop pop pop //true exit
- } if
+ } executeonly if
% Maybe the file had a different FontName.
% See if we can get a FontName from the file, and if so,
@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
ifelse % Stack: origfontname fontdict
exch pop //true exit
% Stack: fontdict
- }
+ } executeonly
if pop % Stack: origfontname fontdirectory path
}
if pop pop % Stack: origfontname
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index d733124b96d1..56c0bd268b53 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
% Update the copy of the user parameters.
mark .currentuserparams counttomark 2 idiv {
userparams 3 1 roll .forceput % userparams is read-only
- } repeat pop
+ } executeonly repeat pop
% Turn on idiom recognition, if available.
currentuserparams /IdiomRecognition known {
/IdiomRecognition //true .definepsuserparam
@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
% Remove real system params from pssystemparams.
mark .currentsystemparams counttomark 2 idiv {
pop pssystemparams exch .forceundef
- } repeat pop
+ } executeonly repeat pop
} if
% Set up AlignToPixels :
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
index 44fe61956659..0f0d57331c23 100644
--- a/Resource/Init/gs_lev2.ps
+++ b/Resource/Init/gs_lev2.ps
@@ -154,7 +154,8 @@ end
% protect top level of parameters that we copied
dup type dup /arraytype eq exch /stringtype eq or { readonly } if
/userparams .systemvar 3 1 roll .forceput % userparams is read-only
- } {
+ } executeonly
+ {
pop pop
} ifelse
} forall
@@ -224,7 +225,7 @@ end
% protect top level parameters that we copied
dup type dup /arraytype eq exch /stringtype eq or { readonly } if
//pssystemparams 3 1 roll .forceput % pssystemparams is read-only
- }
+ } executeonly
{ pop pop
}
ifelse
@@ -934,7 +935,7 @@ mark
dup /PaintProc get
1 index /Implementation known not {
1 index dup /Implementation //null .forceput readonly pop
- } if
+ } executeonly if
exec
}.bind odef
@@ -958,7 +959,7 @@ mark
dup /PaintProc get
1 index /Implementation known not {
1 index dup /Implementation //null .forceput readonly pop
- } if
+ } executeonly if
/UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
%% [CTM] <<Form>> PaintProc .beginform -
{
@@ -1005,7 +1006,7 @@ mark
%% Form dictioanry using the /Implementation key).
1 dict dup /FormID 4 -1 roll put
1 index exch /Implementation exch .forceput readonly pop
- }
+ } executeonly
ifelse
}
{
diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
index 58e75d3a4831..b425103d1cf3 100644
--- a/Resource/Init/gs_pdfwr.ps
+++ b/Resource/Init/gs_pdfwr.ps
@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
} ifelse
} bind .makeoperator .forceput
systemdict /.pdf_hooked_DSC_Creator //true .forceput
- } if
+ } executeonly if
pop
} if
} {
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index 8eb8bb0e5829..d9b34599e7c2 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -152,7 +152,7 @@ setglobal
% use .forceput / .forcedef later to replace the dummy,
% empty .Instances dictionary with the real one later.
readonly
- } {
+ }{
/defineresource cvx /typecheck signaloperror
} ifelse
} bind executeonly odef
@@ -424,7 +424,7 @@ status {
% As noted above, Category dictionaries are read-only,
% so we have to use .forcedef here.
/.Instances 1 index .forcedef % Category dict is read-only
- } if
+ } executeonly if
}
{ .LocalInstances dup //.emptydict eq
{ pop 3 dict localinstancedict Category 2 index put
diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
index e22597ebb5f3..7875d1f2f131 100644
--- a/Resource/Init/gs_setpd.ps
+++ b/Resource/Init/gs_setpd.ps
@@ -634,7 +634,7 @@ NOMEDIAATTRS {
SETPDDEBUG { (Rolling back.) = pstack flush } if
3 index 2 index 3 -1 roll .forceput
4 index 1 index .knownget
- { 4 index 3 1 roll .forceput }
+ { 4 index 3 1 roll .forceput } executeonly
{ 3 index exch .undef }
ifelse
} bind executeonly odef
diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
index b45e9803165e..73127296c221 100644
--- a/Resource/Init/pdf_base.ps
+++ b/Resource/Init/pdf_base.ps
@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
/.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
PDFDEBUG {
- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
PDFSTEP {
pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
PDFSTEPcount 1 gt {
pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
- } {
+ } executeonly
+ {
dup ==only
( step # ) print PDFtokencount =only
( ? ) print flush 1 //false .outputpage
(%stdin) (r) file 255 string readline {
token {
exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
- } {
+ } executeonly
+ {
pdfdict /PDFSTEPcount 1 .forceput
- } ifelse % token
+ } executeonly ifelse % token
} {
pop /PDFSTEP //false def % EOF on stdin
} ifelse % readline
} ifelse % PDFSTEPcount > 1
- } {
+ } executeonly
+ {
dup ==only () = flush
} ifelse % PDFSTEP
} if % PDFDEBUG
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
index 6b0ba93e1e73..40c6ac80acce 100644
--- a/Resource/Init/pdf_draw.ps
+++ b/Resource/Init/pdf_draw.ps
@@ -1118,14 +1118,14 @@ currentdict end readonly def
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
end
} ifelse
} loop
@@ -1141,14 +1141,14 @@ currentdict end readonly def
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
pop
@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
/IncrementAppearanceNumber {
pdfdict /AppearanceNumber .knownget {
1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
- }{
+ } executeonly
+ {
pdfdict /AppearanceNumber 0 .forceput
- } ifelse
+ } executeonly ifelse
}bind executeonly odef
/MakeAppearanceName {
@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
%% want to preserve it.
pdfdict /.PreservePDFForm false .forceput
/q cvx /execform cvx 5 -2 roll
- }{
+ } executeonly
+ {
/q cvx /PDFexecform cvx 5 -2 roll
} ifelse
diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
index bea9ea95ad1d..4cd62b9d9bb4 100644
--- a/Resource/Init/pdf_font.ps
+++ b/Resource/Init/pdf_font.ps
@@ -714,7 +714,7 @@ currentdict end readonly def
pop pop pop
currentdict /.stackdepth .forceundef
currentdict /.dstackdepth .forceundef
- }
+ } executeonly
{pop pop pop}
ifelse
@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
(\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
pdfformatwarning
pdfdict /.Qqwarning_issued //true .forceput
- } if
+ } executeonly if
Q
} repeat
Q
@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
/CIDFallBack /CIDFont findresource
} if
exit
- } if
+ } executeonly if
} if
} if
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
index 00da47a48711..37e69b39ac98 100644
--- a/Resource/Init/pdf_main.ps
+++ b/Resource/Init/pdf_main.ps
@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
} if
pop
diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
index 8672d617f363..aa0964139a56 100644
--- a/Resource/Init/pdf_ops.ps
+++ b/Resource/Init/pdf_ops.ps
@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
} bind executeonly odef
@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
dup type /booleantype eq {
.currentSMask type /dicttype eq {
.currentSMask /Processed 2 index .forceput
- } {
+ } executeonly
+ {
.setSMask
}ifelse
}{
--
2.20.1
@@ -0,0 +1,31 @@
From af9a9dceb7be7df743d55c4d078a1ae846b6f556 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 15 Dec 2018 09:08:32 +0000
Subject: [PATCH] Bug700317: Fix logic for an older change
Unlike almost every other function in gs, dict_find_string() returns 1 on
success 0 or <0 on failure. The logic for this case was wrong.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 99f13091a3
psi/interp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psi/interp.c b/psi/interp.c
index aa5779c51420..f6c45bbe24dc 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -703,7 +703,7 @@ again:
* i.e. it's an internal operator we have hidden
*/
code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
- if (code < 0) {
+ if (code <= 0) {
buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
rlen += 4;
bufptr = buf;
--
2.20.1
@@ -0,0 +1,135 @@
From b197ea0e528c20b7ee67785c50b4e06e0aa990f8 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 18 Dec 2018 10:42:10 +0000
Subject: [PATCH] Harden some uses of .force* operators
by adding a few immediate evalutions
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 59d8f4deef90
Resource/Init/gs_dps1.ps | 4 ++--
Resource/Init/gs_fonts.ps | 20 ++++++++++----------
Resource/Init/gs_init.ps | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index 4fae2839940c..b75ea14e77a3 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -74,7 +74,7 @@ level2dict begin
} odef
% undefinefont has to take local/global VM into account.
/undefinefont % <fontname> undefinefont -
- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
.currentglobal
{ % Current mode is global; delete from local directory too.
//systemdict /LocalFontDirectory .knownget
@@ -85,7 +85,7 @@ level2dict begin
% definition, copy it into the local directory.
//systemdict /SharedFontDirectory .knownget
{ 1 index .knownget
- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
if
}
if
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index 290da0cd6819..c13a2fcc2d43 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
if
}
if
- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
% If the font originated as a resource, register it.
currentfile .currentresourcefile eq { dup .registerfont } if
readonly
@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
% Try to find a font using only the present contents of Fontmap.
/.tryfindfont { % <fontname> .tryfindfont <font> true
% <fontname> .tryfindfont false
- .FontDirectory 1 index .fontknownget
+ //.FontDirectory 1 index .fontknownget
{ % Already loaded
exch pop //true
}
@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
{ % Font with a procedural definition
exec % The procedure will load the font.
% Check to make sure this really happened.
- .FontDirectory 1 index .knownget
+ //.FontDirectory 1 index .knownget
{ exch pop //true exit }
if
}
@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
% because it's different depending on language level.
.currentglobal exch /.setglobal .systemvar exec
% Remove the fake definition, if any.
- .FontDirectory 3 index .forceundef % readonly
- 1 index (r) file .loadfont .FontDirectory exch
+ //.FontDirectory 3 index .forceundef % readonly
+ 1 index (r) file .loadfont //.FontDirectory exch
/.setglobal .systemvar exec
} executeonly
- { .loadfont .FontDirectory
+ { .loadfont //.FontDirectory
}
ifelse
% Stack: fontname fontfilename fontdirectory
@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
% Stack: origfontname fontdirectory filefontname fontdict
3 -1 roll pop
% Stack: origfontname filefontname fontdict
- dup /FontName get dup FontDirectory exch .forceundef
- GlobalFontDirectory exch .forceundef
+ dup /FontName get dup //.FontDirectory exch .forceundef
+ /GlobalFontDirectory .systemvar exch .forceundef
dup length dict .copydict dup 3 index /FontName exch put
2 index exch definefont
exch
@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
{
{
pop dup type /stringtype eq { cvn } if
- .FontDirectory 1 index known not {
+ //.FontDirectory 1 index known not {
2 dict dup /FontName 3 index put
dup /FontType 1 put
- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
} {
pop
} ifelse
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index 56c0bd268b53..d9a0829f7f97 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
}ifelse
}forall
noaccess pop
- systemdict /.setsafeerrors .forceundef
- systemdict /.SAFERERRORLIST .forceundef
+ //systemdict /.setsafeerrors .forceundef
+ //systemdict /.SAFERERRORLIST .forceundef
} bind executeonly odef
SAFERERRORS {.setsafererrors} if
@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
/.locksafe {
.locksafe_userparams
- systemdict /getenv {pop //false} .forceput
+ //systemdict /getenv {pop //false} .forceput
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
% properties and pagedevice .LockSafetyParams in agreement even
--
2.20.1
@@ -0,0 +1,587 @@
From 5628be1c41d23298aa5fce2f6dd48e2eb81f4be1 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 9 Jan 2019 14:24:07 +0000
Subject: [PATCH] Undefine a bunch of gs_fonts.ps specific procs
Also reorder and add some immediate evaluation, so it still works with the
undefining.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 2768d1a6dddb
Resource/Init/gs_dps1.ps | 3 +-
Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++-----------------
Resource/Init/gs_res.ps | 6 +-
3 files changed, 156 insertions(+), 128 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index b75ea14e77a3..8700c8cb304b 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -67,7 +67,8 @@ level2dict begin
/selectfont % <fontname> <size> selectfont -
{
- { 1 .argindex findfont
+ {
+ 1 .argindex findfont
1 index dup type /arraytype eq { makefont } { scalefont } ifelse
setfont pop pop
} stopped { /selectfont .systemvar $error /errorname get signalerror } if
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index c13a2fcc2d43..056223544340 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put
{ 2 index token not
{ (Fontmap entry for ) print 1 index =only
( ends prematurely! Giving up.) = flush
- {.loadFontmap} 0 get 1 .quit
+ {//.loadFontmap exec} 0 get 1 .quit
} if
dup /; eq { pop 3 index 3 1 roll .growput exit } if
pop
@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if
{ pop }
{ /FONTPATH (GS_FONTPATH) getenv not { () } if def }
ifelse
+
+% The following are dummy definitions that, if we have a FONTPATH, will
+% be replaced in the following section.
+% They are here so immediately evaulation will work, and allow them to
+% undefined at the bottom of the file.
+/.scanfontbegin{} bind def
+/.scanfontdir {} bind def
+
FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/FONTPATH [ FONTPATH .pathlist ] def
@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/.scanfontbegin
{ % Construct the table of all file names already in Fontmap.
currentglobal //true setglobal
- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
Fontmap
{ exch pop
{ dup type /stringtype eq
- { .splitfilename pop .fonttempstring copy .lowerstring cvn
- .scanfontdict exch //true put
+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn
+ //.scanfontdict exch //true put
}
{ pop
}
@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/txt //true
.dicttomark def
/.scan1fontstring 8192 string def
-% %%BeginFont: is not per Adobe documentation, but a few fonts have it.
+% BeginFont: is not per Adobe documentation, but a few fonts have it.
/.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def
-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header
+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header
/.scan1fontfirst exch string def
/.scanfontdir % <dirname> .scanfontdir -
{ currentglobal exch //true setglobal
@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
0 0 0 4 -1 roll % found scanned files
{ % stack: <fontcount> <scancount> <filecount> <filename>
exch 1 add exch % increment filecount
- dup .splitfilename .fonttempstring copy .lowerstring
+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec
% stack: <fontcount> <scancount> <filecount+1> <filename>
% <BASE> <ext>
- .scanfontskip exch known exch .scanfontdict exch known or
+ //.scanfontskip exch known exch //.scanfontdict exch known or
{ pop
% stack: <fontcount> <scancount> <filecount+1>
}
@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
% On some platforms, the file operator will open directories,
% but an error will occur if we try to read from one.
% Handle this possibility here.
- dup .scan1fontfirst { readstring } .internalstopped
+ dup //.scan1fontfirst { readstring } .internalstopped
{ pop pop () }
{ pop }
ifelse
@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
{ dup length 6 sub 6 exch getinterval }
if
% Check for font file headers.
- //false .scanfontheaders
+ //false //.scanfontheaders
{ 2 index exch .stringmatch or
}
forall exch pop
@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
{ exch copystring exch
DEBUG { ( ) print dup =only flush } if
1 index .definenativefontmap
- .splitfilename pop //true .scanfontdict 3 1 roll .growput
+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput
% Increment fontcount.
3 -1 roll 1 add 3 1 roll
}
@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
}
ifelse
}
- .scan1fontstring filenameforall
+ //.scan1fontstring filenameforall
QUIET
{ pop pop pop }
{ ( ) print =only ( files, ) print =only ( scanned, ) print
@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt
//true .setnativefontmapbuilt
} ifelse
} bind def
-currentdict /.setnativefontmapbuilt .forceundef
% Create the dictionary that registers the .buildfont procedure
% (called by definefont) for each FontType.
@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put
% We use this only for explicitly aliased fonts, not substituted fonts:
% we think this matches the observed behavior of Adobe interpreters.
/.aliasfont % <name> <font> .aliasfont <newFont>
- { .currentglobal 3 1 roll dup .gcheck .setglobal
+ {
+ currentglobal 3 1 roll dup gcheck setglobal
% <bool> <name> <font>
dup length 2 add dict % <bool> <name> <font> <dict>
dup 3 -1 roll % <bool> <name> <dict> <dict> <font>
@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put
% whose FontName is a local non-string, if someone passed a
% garbage value to findfont. In this case, just don't
% call definefont at all.
- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or
+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or
{ pop % <bool> <name> <dict>
1 index dup type /stringtype eq { cvn } if
% <bool> <name> <dict> <name1>
@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put
% Don't bind in definefont, since Level 2 redefines it.
/definefont .systemvar exec
}
- { /findfont cvx {.completefont} .errorexec pop exch pop
+ {
+ /findfont cvx {.completefont} //.errorexec exec pop exch pop
}
ifelse
- exch .setglobal
+ exch setglobal
} odef % so findfont will bind it
% Define .loadfontfile for loading a font. If we recognize Type 1 and/or
@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put
[(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4]
[(Serif) 8] [(Sans) -8]
] readonly def
+
+/.fontnamestring { % <fontname> .fontnamestring <string|name>
+ dup type dup /nametype eq {
+ pop .namestring
+ } {
+ /stringtype ne { pop () } if
+ } ifelse
+} bind def
+
/.fontnameproperties { % <int> <string|name> .fontnameproperties
% <int'>
- .fontnamestring
- .substituteproperties {
+ //.fontnamestring exec
+ //.substituteproperties {
2 copy 0 get search {
pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch {
dup 0 ge { or } { neg not and } ifelse
@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put
% <other> .nametostring <other>
dup type /nametype eq { .namestring } if
} bind def
-/.fontnamestring { % <fontname> .fontnamestring <string|name>
- dup type dup /nametype eq {
- pop .namestring
- } {
- /stringtype ne { pop () } if
- } ifelse
-} bind def
+
/.substitutefontname { % <fontname> <properties> .substitutefontname
% <altname|null>
% Look for properties and/or a face name in the font name.
@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put
% base font; otherwise, use the default font.
% Note that the "substituted" font name may be the same as
% the requested one; the caller must check this.
- exch .fontnamestring {
+ exch //.fontnamestring exec {
defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique
/Helvetica-Narrow /Helvetica-Narrow-Oblique
/Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique
@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put
} 3 1 roll
% Stack: facelist properties fontname
% Look for a face name.
- .substitutefaces {
+ //.substitutefaces {
2 copy 0 get search {
pop pop pop
% Stack: facelist properties fontname [(pattern) family properties]
dup 2 get 4 -1 roll or 3 1 roll
- 1 get .substitutefamilies exch get
+ 1 get //.substitutefamilies exch get
4 -1 roll pop 3 1 roll
} {
pop pop
@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put
1 index length mod get exec
} bind def
/.substitutefont { % <fontname> .substitutefont <altname>
- dup 0 exch .fontnameproperties .substitutefontname
+ dup 0 exch //.fontnameproperties exec .substitutefontname
% Only accept fonts known in the Fontmap.
Fontmap 1 index known not
{
@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
counttomark 1 sub { .aliasfont } repeat end
% <fontname> mark <font>
exch pop exch pop
-} odef
+} bind odef
/findfont {
.findfont
} bind def
@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
} {
dup .substitutefont
2 copy eq { pop defaultfontname } if
- .checkalias
+ //.checkalias exec
QUIET not {
SHORTERRORS {
(%%[) print 1 index =only
@@ -886,8 +898,8 @@ $error /SubstituteFont { } put
//null 0 1 FONTPATH length 1 sub {
FONTPATH 1 index get //null ne { exch pop exit } if pop
} for dup //null ne {
- dup 0 eq { .scanfontbegin } if
- FONTPATH 1 index get .scanfontdir
+ dup 0 eq { //.scanfontbegin exec} if
+ FONTPATH 1 index get //.scanfontdir exec
FONTPATH exch //null put //true
} {
pop //false
@@ -897,11 +909,10 @@ $error /SubstituteFont { } put
% scanning of FONTPATH.
/.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font>
.tryfindfont not {
-
% We didn't find the font. If we haven't scanned
% all the directories in FONTPATH, scan the next one
% now and look for the font again.
- .scannextfontdir {
+ //.scannextfontdir exec {
% Start over with an empty alias list.
counttomark 1 sub { pop } repeat % mark <fontname>
.dofindfont
@@ -927,6 +938,7 @@ $error /SubstituteFont { } put
} if
% Substitute for the font. Don't alias.
% Same stack as at the beginning of .dofindfont.
+
$error /SubstituteFont get exec
%
% igorm: I guess the surrounding code assumes that .stdsubstfont
@@ -935,72 +947,11 @@ $error /SubstituteFont { } put
% used in .dofindfont and through .stdsubstfont
% just to represent a simple iteration,
% which accumulates the aliases after the mark.
- .stdsubstfont
+ //.stdsubstfont exec
} ifelse
} ifelse
} if
} bind def
-% Try to find a font using only the present contents of Fontmap.
-/.tryfindfont { % <fontname> .tryfindfont <font> true
- % <fontname> .tryfindfont false
- //.FontDirectory 1 index .fontknownget
- { % Already loaded
- exch pop //true
- }
- {
- dup Fontmap exch .knownget
- { //true //true }
- { % Unknown font name. Look for a file with the
- % same name as the requested font.
- dup .tryloadfont
- { exch pop //true //false }
- {
- % if we can't load by name check the native font map
- dup .nativeFontmap exch .knownget
- { //true //true }
- { //false //false } ifelse
- } ifelse
- } ifelse
-
- { % Try each element of the Fontmap in turn.
- pop
- //false exch % (in case we exhaust the list)
- % Stack: fontname false fontmaplist
- { exch pop
- dup type /nametype eq
- { % Font alias
- .checkalias .tryfindfont exit
- }
- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
- { % Font with a procedural definition
- exec % The procedure will load the font.
- % Check to make sure this really happened.
- //.FontDirectory 1 index .knownget
- { exch pop //true exit }
- if
- }
- { % Font file name
- //true .loadfontloop { //true exit } if
- }
- ifelse
- }
- ifelse //false
- }
- forall
- % Stack: font true -or- fontname false
- { //true
- }
- { % None of the Fontmap entries worked.
- % Try loading a file with the same name
- % as the requested font.
- .tryloadfont
- }
- ifelse
- }
- if
- }
- ifelse
- } bind def
% any user of .putgstringcopy must use bind and executeonly
/.putgstringcopy % <dict> <name> <string> .putgstringcopy -
@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put
} executeonly ifelse
} .bind executeonly odef % must be bound and hidden for .forceput
-% Attempt to load a font from a file.
-/.tryloadfont { % <fontname> .tryloadfont <font> true
- % <fontname> .tryloadfont false
- dup .nametostring
- % Hack: check for the presence of the resource machinery.
- /.genericrfn where {
- pop
- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
- {//false .loadfontloop} .internalstopped {//false} if {
- //true
- } {
- dup .nametostring
- {//true .loadfontloop} .internalstopped {//false} if
- } ifelse
- } {
- {//true .loadfontloop} .internalstopped {//false} if
- } ifelse
-} bind def
-
/.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop
% <font> true
% -or-
@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put
} if
% Check to make sure the font was actually loaded.
- dup 3 index .fontknownget
+ dup 3 index //.fontknownget exec
{ dup /PathLoad 4 index .putgstringcopy
4 1 roll pop pop pop //true exit
} executeonly if
@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put
exch dup % Stack: origfontname fontdirectory path path
(r) file .findfontname
{ % Stack: origfontname fontdirectory path filefontname
- 2 index 1 index .fontknownget
+ 2 index 1 index //.fontknownget exec
{ % Yes. Stack: origfontname fontdirectory path filefontname fontdict
dup 4 -1 roll /PathLoad exch .putgstringcopy
% Stack: origfontname fontdirectory filefontname fontdict
@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put
% Stack: fontdict
} executeonly
if pop % Stack: origfontname fontdirectory path
- }
+ } executeonly
if pop pop % Stack: origfontname
% The font definitely did not load correctly.
@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put
} bind executeonly odef % must be bound and hidden for .putgstringcopy
-currentdict /.putgstringcopy .undef
+% Attempt to load a font from a file.
+/.tryloadfont { % <fontname> .tryloadfont <font> true
+ % <fontname> .tryloadfont false
+ dup //.nametostring exec
+ % Hack: check for the presence of the resource machinery.
+ /.genericrfn where {
+ pop
+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
+ {//false .loadfontloop} .internalstopped {//false} if {
+ //true
+ } {
+ dup //.nametostring exec
+ {//true .loadfontloop} .internalstopped {//false} if
+ } ifelse
+ } {
+ {//true .loadfontloop} .internalstopped {//false} if
+ } ifelse
+} bind def
+
+% Try to find a font using only the present contents of Fontmap.
+/.tryfindfont { % <fontname> .tryfindfont <font> true
+ % <fontname> .tryfindfont false
+ //.FontDirectory 1 index //.fontknownget exec
+ { % Already loaded
+ exch pop //true
+ }
+ {
+ dup Fontmap exch .knownget
+ { //true //true }
+ { % Unknown font name. Look for a file with the
+ % same name as the requested font.
+ dup //.tryloadfont exec
+ { exch pop //true //false }
+ {
+ % if we can't load by name check the native font map
+ dup .nativeFontmap exch .knownget
+ { //true //true }
+ { //false //false } ifelse
+ } ifelse
+ } ifelse
+
+ { % Try each element of the Fontmap in turn.
+ pop
+ //false exch % (in case we exhaust the list)
+ % Stack: fontname false fontmaplist
+ { exch pop
+ dup type /nametype eq
+ { % Font alias
+ //.checkalias exec
+ .tryfindfont exit
+ }
+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
+ { % Font with a procedural definition
+ exec % The procedure will load the font.
+ % Check to make sure this really happened.
+ //.FontDirectory 1 index .knownget
+ { exch pop //true exit }
+ if
+ }
+ { % Font file name
+ //true .loadfontloop { //true exit } if
+ }
+ ifelse
+ }
+ ifelse //false
+ }
+ forall
+ % Stack: font true -or- fontname false
+ { //true
+ }
+ { % None of the Fontmap entries worked.
+ % Try loading a file with the same name
+ % as the requested font.
+ //.tryloadfont exec
+ }
+ ifelse
+ }
+ if
+ }
+ ifelse
+ } bind def
% Define a procedure to load all known fonts.
% This isn't likely to be very useful.
@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
/.loadinitialfonts
{ NOFONTMAP not
{ /FONTMAP where
- { pop [ FONTMAP .pathlist ]
+ { pop [ FONTMAP //.pathlist exec]
{ dup VMDEBUG findlibfile
- { exch pop .loadFontmap }
+ { exch pop //.loadFontmap exec }
{ /undefinedfilename signalerror }
ifelse
}
@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
pop pop
defaultfontmap_content { .definefontmap } forall
} {
- .loadFontmap
+ //.loadFontmap exec
} ifelse
} {
pop pop
@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
{ .makemodifiedfont
dup /FontName get exch definefont pop
} bind def
+
+% Undef these, not needed outside this file
+[
+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there
+ % /.fontnameproperties - is used in pdf_font.ps
+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps
+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring
+ /.splitfilename /.scanfontdict /.scanfontbegin
+ /.scanfontskip /.scan1fontstring
+ /.scan1fontfirst /.scanfontdir
+ /.setnativefontmapbuilt /.aliasfont
+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies
+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont
+ /.putgstringcopy
+] {systemdict exch .forceundef} forall
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index d9b34599e7c2..fd7eaf953ae9 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put
dup type /nametype eq { .namestring } if
dup type /stringtype ne { //false exit } if
% Check the resource directory.
- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
status {
pop pop pop pop //true exit
} if
@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put
% as the font.
findlibfile { closefile //true exit } if
% Scan a FONTPATH directory and try again.
- .scannextfontdir not { //false exit } if
+ //.scannextfontdir exec not { //false exit } if
} loop
} bind def
@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef
} ifelse
} bind executeonly
/ResourceForAll {
- { .scannextfontdir not { exit } if } loop
+ { //.scannextfontdir exec not { exit } if } loop
/Generic /Category findresource /ResourceForAll get exec
} bind executeonly
/.ResourceFileStatus {
--
2.20.1
@@ -0,0 +1,345 @@
From ba2336b3b1ca5cfe1e67dbe37a084c9644a65ac7 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 11 Jan 2019 13:36:36 +0000
Subject: [PATCH] Remove .forcedef, and harden .force* ops more
Remove .forcedef and replace all uses with a direct call to .forceput instead.
Ensure every procedure (named and trasient) that calls .forceput is
executeonly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 49c8092da88e
Resource/Init/gs_dps1.ps | 15 +++++++-----
Resource/Init/gs_init.ps | 28 ++++++++-------------
Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++--------------------
Resource/Init/gs_ll3.ps | 5 ++--
Resource/Init/gs_res.ps | 29 +++++++++++-----------
Resource/Init/gs_statd.ps | 4 +--
6 files changed, 63 insertions(+), 69 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index 8700c8cb304b..3d2cf7a1ad01 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -33,14 +33,17 @@ systemdict begin
/SharedFontDirectory .FontDirectory .gcheck
{ .currentglobal //false .setglobal
+ currentdict
/LocalFontDirectory .FontDirectory dup maxlength dict copy
- .forcedef % LocalFontDirectory is local, systemdict is global
+ .forceput % LocalFontDirectory is local, systemdict is global
.setglobal .FontDirectory
- }
- { /LocalFontDirectory .FontDirectory
- .forcedef % LocalFontDirectory is local, systemdict is global
+ } executeonly
+ {
+ currentdict
+ /LocalFontDirectory .FontDirectory
+ .forceput % LocalFontDirectory is local, systemdict is global
50 dict
- }
+ }executeonly
ifelse def
end % systemdict
@@ -55,7 +58,7 @@ level2dict begin
{ //SharedFontDirectory }
{ /LocalFontDirectory .systemvar } % can't embed ref to local VM
ifelse .forceput pop % LocalFontDirectory is local, systemdict is global
- } .bind odef
+ } .bind executeonly odef
% Don't just copy (load) the definition of .setglobal:
% it gets redefined for LL3.
/setshared { /.setglobal .systemvar exec } odef
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index d9a0829f7f97..45bebf479bae 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -54,7 +54,7 @@ systemdict exch
dup /userdict
currentdict dup 200 .setmaxlength % userdict
.forceput % userdict is local, systemdict is global
- }
+ } executeonly
if begin
% Define dummy local/global operators if needed.
@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
1 index exch .makeoperator def
} .bind def
-% Define a special version of def for storing local objects into global
-% dictionaries. Like .forceput, this exists only during initialization.
-/.forcedef { % <key> <value> .forcedef -
- 1 .argindex pop % check # of args
- currentdict 3 1 roll .forceput
-} .bind odef
-
% Define procedures for accessing variables in systemdict and userdict
% regardless of the contents of the dictionary stack.
/.systemvar { % <name> .systemvar <value>
@@ -347,7 +340,7 @@ DELAYBIND
}
ifelse
} .bind def
-} if
+} executeonly if
%**************** BACKWARD COMPATIBILITY ****************
/hwsizedict mark /HWSize //null .dicttomark readonly def
@@ -655,7 +648,7 @@ currentdict /.typenames .undef
/ifelse .systemvar
] cvx executeonly
exch .setglobal
-} odef
+} executeonly odef
systemdict /internaldict dup .makeinternaldict .makeoperator
.forceput % proc is local, systemdict is global
@@ -1093,7 +1086,7 @@ def
% Define $error. This must be in local VM.
.currentglobal //false .setglobal
-/$error 40 dict .forcedef % $error is local, systemdict is global
+currentdict /$error 40 dict .forceput % $error is local, systemdict is global
% newerror, errorname, command, errorinfo,
% ostack, estack, dstack, recordstacks,
% binary, globalmode,
@@ -1112,8 +1105,8 @@ end
% Define errordict similarly. It has one entry per error name,
% plus handleerror. However, some astonishingly badly written PostScript
% files require it to have at least one empty slot.
-/errordict ErrorNames length 3 add dict
-.forcedef % errordict is local, systemdict is global
+currentdict /errordict ErrorNames length 3 add dict
+.forceput % errordict is local, systemdict is global
.setglobal % back to global VM
% gserrordict contains all the default error handling methods, but unlike
% errordict it is noaccess after creation (also it is in global VM).
@@ -1273,8 +1266,9 @@ end
(END PROCS) VMDEBUG
% Define the font directory.
+currentdict
/FontDirectory //false .setglobal 100 dict //true .setglobal
-.forcedef % FontDirectory is local, systemdict is global
+.forceput % FontDirectory is local, systemdict is global
% Define the encoding dictionary.
/EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings
@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
//systemdict /UndefinePostScriptOperators get exec
//systemdict /UndefinePDFOperators get exec
//systemdict /.forcecopynew .forceundef % remove temptation
- //systemdict /.forcedef .forceundef % ditto
//systemdict /.forceput .forceundef % ditto
//systemdict /.undef .forceundef % ditto
//systemdict /.forceundef .forceundef % ditto
@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
% (and, if implemented, context switching).
.currentglobal //false .setglobal
mark userparams { } forall .dicttomark readonly
- /userparams exch .forcedef % systemdict is read-only
+ currentdict exch /userparams exch .forceput % systemdict is read-only
.setglobal
-} if
+} executeonly if
/.currentsystemparams where {
pop
% Remove real system params from pssystemparams.
@@ -2458,7 +2451,6 @@ end
DELAYBIND not {
systemdict /.bindnow .undef % We only need this for DELAYBIND
systemdict /.forcecopynew .undef % remove temptation
- systemdict /.forcedef .undef % ditto
systemdict /.forceput .undef % ditto
systemdict /.forceundef .undef % ditto
} if
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
index 0f0d57331c23..9c0c3a6fc485 100644
--- a/Resource/Init/gs_lev2.ps
+++ b/Resource/Init/gs_lev2.ps
@@ -304,31 +304,30 @@ end
psuserparams exch /.checkFilePermitparams load put
.setglobal
-pssystemparams begin
- /CurDisplayList 0 .forcedef
- /CurFormCache 0 .forcedef
- /CurInputDevice () .forcedef
- /CurOutlineCache 0 .forcedef
- /CurOutputDevice () .forcedef
- /CurPatternCache 0 .forcedef
- /CurUPathCache 0 .forcedef
- /CurScreenStorage 0 .forcedef
- /CurSourceList 0 .forcedef
- /DoPrintErrors //false .forcedef
- /JobTimeout 0 .forcedef
- /LicenseID (LN-001) .forcedef % bogus
- /MaxDisplayList 140000 .forcedef
- /MaxFormCache 100000 .forcedef
- /MaxImageBuffer 524288 .forcedef
- /MaxOutlineCache 65000 .forcedef
- /MaxPatternCache 100000 .forcedef
- /MaxUPathCache 300000 .forcedef
- /MaxScreenStorage 84000 .forcedef
- /MaxSourceList 25000 .forcedef
- /PrinterName product .forcedef
- /RamSize 4194304 .forcedef
- /WaitTimeout 40 .forcedef
-end
+pssystemparams
+dup /CurDisplayList 0 .forceput
+dup /CurFormCache 0 .forceput
+dup /CurInputDevice () .forceput
+dup /CurOutlineCache 0 .forceput
+dup /CurOutputDevice () .forceput
+dup /CurPatternCache 0 .forceput
+dup /CurUPathCache 0 .forceput
+dup /CurScreenStorage 0 .forceput
+dup /CurSourceList 0 .forceput
+dup /DoPrintErrors //false .forceput
+dup /JobTimeout 0 .forceput
+dup /LicenseID (LN-001) .forceput % bogus
+dup /MaxDisplayList 140000 .forceput
+dup /MaxFormCache 100000 .forceput
+dup /MaxImageBuffer 524288 .forceput
+dup /MaxOutlineCache 65000 .forceput
+dup /MaxPatternCache 100000 .forceput
+dup /MaxUPathCache 300000 .forceput
+dup /MaxScreenStorage 84000 .forceput
+dup /MaxSourceList 25000 .forceput
+dup /PrinterName product .forceput
+dup /RamSize 4194304 .forceput
+ /WaitTimeout 40 .forceput
% Define the procedures for handling comment scanning. The names
% %ProcessComment and %ProcessDSCComment are known to the interpreter.
@@ -710,7 +709,7 @@ pop % currentsystemparams
/statusdict currentdict def
currentdict end
-/statusdict exch .forcedef % statusdict is local, systemdict is global
+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global
% The following compatibility operators are in systemdict. They are
% defined here, rather than in gs_init.ps, because they require the
diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
index c86721f39fc0..881af44e9fd2 100644
--- a/Resource/Init/gs_ll3.ps
+++ b/Resource/Init/gs_ll3.ps
@@ -521,9 +521,8 @@ end
% Define additional user and system parameters.
/HalftoneMode 0 .definepsuserparam
/MaxSuperScreen 1016 .definepsuserparam
-pssystemparams begin % read-only, so use .forcedef
- /MaxDisplayAndSourceList 160000 .forcedef
-end
+% read-only, so use .forceput
+pssystemparams /MaxDisplayAndSourceList 160000 .forceput
% Define the IdiomSet resource category.
{ /IdiomSet } {
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index fd7eaf953ae9..0b4e0514b2a1 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -41,10 +41,10 @@ level2dict begin
% However, Ed Taft of Adobe says their interpreters don't implement this
% either, so we aren't going to worry about it for a while.
-currentglobal //false setglobal systemdict begin
- /localinstancedict 5 dict
- .forcedef % localinstancedict is local, systemdict is global
-end //true setglobal
+currentglobal //false setglobal
+ systemdict /localinstancedict 5 dict
+ .forceput % localinstancedict is local, systemdict is global
+//true setglobal
/.emptydict 0 dict readonly def
setglobal
@@ -149,7 +149,7 @@ setglobal
dup [ exch 0 -1 ] exch
.Instances 4 2 roll put
% Make the Category dictionary read-only. We will have to
- % use .forceput / .forcedef later to replace the dummy,
+ % use .forceput / .forceput later to replace the dummy,
% empty .Instances dictionary with the real one later.
readonly
}{
@@ -304,7 +304,8 @@ systemdict begin
dup () ne {
.file_name_directory_separator concatstrings
} if
- 2 index exch //false .file_name_combine not {
+ 2 index exch //false
+ .file_name_combine not {
(Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
/.default_resource_dir cvx /configurationerror signalerror
} if
@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
pssystemparams begin
.default_resource_dir
/FontResourceDir (Font) .resource_dir_name
- readonly .forcedef % pssys'params is r-o
+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
/GenericResourceDir () .resource_dir_name
- readonly .forcedef % pssys'params is r-o
+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
pop % .default_resource_dir
/GenericResourcePathSep
- .file_name_separator readonly .forcedef % pssys'params is r-o
- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o
- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o
+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o
+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o
end
end
@@ -422,8 +423,8 @@ status {
.Instances dup //.emptydict eq {
pop 3 dict
% As noted above, Category dictionaries are read-only,
- % so we have to use .forcedef here.
- /.Instances 1 index .forcedef % Category dict is read-only
+ % so we have to use .forceput here.
+ currentdict /.Instances 2 index .forceput % Category dict is read-only
} executeonly if
}
{ .LocalInstances dup //.emptydict eq
@@ -441,7 +442,7 @@ status {
{ /defineresource cvx /typecheck signaloperror
}
ifelse
-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef
+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput
/UndefineResource
{ { dup 2 index .knownget
{ dup 1 get 1 ge
diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
index 20d4c96c4f8f..b6a76590dd09 100644
--- a/Resource/Init/gs_statd.ps
+++ b/Resource/Init/gs_statd.ps
@@ -21,10 +21,10 @@ systemdict begin
% We make statusdict a little larger for Level 2 stuff.
% Note that it must be allocated in local VM.
.currentglobal //false .setglobal
- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global
+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global
% To support the Level 2 job control features,
% serverdict must also be in local VM.
- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global
+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global
.setglobal
end
--
2.20.1
+2 -2
View File
@@ -12,9 +12,9 @@ GIT_LICENSE_FILES = COPYING LGPL-2.1
GIT_DEPENDENCIES = zlib $(TARGET_NLS_DEPENDENCIES)
ifeq ($(BR2_PACKAGE_OPENSSL),y)
GIT_DEPENDENCIES += openssl
GIT_DEPENDENCIES += host-pkgconf openssl
GIT_CONF_OPTS += --with-openssl
GIT_CONF_ENV_LIBS += $(if $(BR2_STATIC_LIBS),-lz)
GIT_MAKE_OPTS += LIB_4_CRYPTO="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
else
GIT_CONF_OPTS += --without-openssl
endif
+2 -1
View File
@@ -25,7 +25,8 @@ endif
GNURADIO_CONF_OPTS = \
-DENABLE_DEFAULT=OFF \
-DENABLE_VOLK=ON \
-DENABLE_GNURADIO_RUNTIME=ON
-DENABLE_GNURADIO_RUNTIME=ON \
-DXMLTO_EXECUTABLE=NOTFOUND
# For third-party blocks, the gnuradio libraries are mandatory at
# compile time.
+6
View File
@@ -37,12 +37,16 @@ GO_GOARCH = mips64le
endif
HOST_GO_DEPENDENCIES = host-go-bootstrap
HOST_GO_HOST_CACHE = $(HOST_DIR)/usr/share/host-go-cache
HOST_GO_ROOT = $(HOST_DIR)/lib/go
HOST_GO_TARGET_CACHE = $(HOST_DIR)/usr/share/go-cache
# For the convienience of target packages.
HOST_GO_TOOLDIR = $(HOST_GO_ROOT)/pkg/tool/linux_$(GO_GOARCH)
HOST_GO_TARGET_ENV = \
GO111MODULE=off \
GOARCH=$(GO_GOARCH) \
GOCACHE="$(HOST_GO_TARGET_CACHE)" \
GOROOT="$(HOST_GO_ROOT)" \
CC="$(TARGET_CC)" \
CXX="$(TARGET_CXX)" \
@@ -61,6 +65,8 @@ endif
# The go build system is not compatible with ccache, so use
# HOSTCC_NOCCACHE. See https://github.com/golang/go/issues/11685.
HOST_GO_MAKE_ENV = \
GO111MODULE=off \
GOCACHE=$(HOST_GO_HOST_CACHE) \
GOROOT_BOOTSTRAP=$(HOST_GO_BOOTSTRAP_ROOT) \
GOROOT_FINAL=$(HOST_GO_ROOT) \
GOROOT="$(@D)" \
@@ -12,7 +12,8 @@ GST_PLUGINS_BAD_LICENSE = LGPL-2.1+, GPL-2.0+
GST_PLUGINS_BAD_LICENSE_FILES = COPYING.LIB COPYING
GST_PLUGINS_BAD_CONF_OPTS = \
--disable-examples
--disable-examples \
--disable-spandsp
GST_PLUGINS_BAD_DEPENDENCIES = gst-plugins-base gstreamer
+2 -2
View File
@@ -9,8 +9,8 @@ config BR2_PACKAGE_IMAGEMAGICK
JPEG, JPEG-2000, PDF, PhotoCD, PNG, Postscript, SVG, and TIFF.
Use ImageMagick to translate, flip, mirror, rotate, scale,
shear and transform images, adjust image colors, apply various
special effects, or draw text,
lines, polygons, ellipses and Bézier curves.
special effects, or draw text, lines, polygons, ellipses and
Bézier curves.
http://www.imagemagick.org/
@@ -0,0 +1,39 @@
From 9700927a008a803ac119bdf816bdc1baa69d705c Mon Sep 17 00:00:00 2001
From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Date: Wed, 20 Feb 2019 15:41:51 +0100
Subject: [PATCH] ss: fix compilation under glibc < 2.18
Commit c759116a0b2b6da8df9687b0a40ac69050132c77 introduced support for
AF_VSOCK. This define is only provided since glibc version 2.18, so
compilation fails when using older toolchains.
Provide the necessary definitions if needed.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
misc/ss.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/misc/ss.c b/misc/ss.c
index 9e821faf..766fdc5f 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -51,6 +51,14 @@
#include <linux/tipc_netlink.h>
#include <linux/tipc_sockets_diag.h>
+/* AF_VSOCK/PF_VSOCK is only provided since glibc 2.18 */
+#ifndef PF_VSOCK
+#define PF_VSOCK 40
+#endif
+#ifndef AF_VSOCK
+#define AF_VSOCK PF_VSOCK
+#endif
+
#define MAGIC_SEQ 123456
#define BUF_CHUNK (1024 * 1024)
#define LEN_ALIGN(x) (((x) + 1) & ~1)
--
2.19.2
@@ -1,42 +0,0 @@
From f8c7732e24502c06739944f9a721c9d84a50319d Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 26 Aug 2018 19:11:55 +0200
Subject: [PATCH] fix install of binaries with a static only library
Define CMAKE_INSTALL_RPATH only if ENABLE_SHARED is set otherwise the
following error is raised:
CMake Error at cmake_install.cmake:73 (file):
file RPATH_CHANGE could not write new RPATH:
/usr/lib
to the file:
/home/fabrice/buildroot/output/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/bin/rdjpgcom
No valid ELF RPATH or RUNPATH entry exists in the file;
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/273]
---
CMakeLists.txt | 2 ++
1 file changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1719522..862ab11 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -109,7 +109,9 @@ endif()
include(cmakescripts/GNUInstallDirs.cmake)
+if(ENABLE_SHARED)
set(CMAKE_INSTALL_RPATH ${CMAKE_INSTALL_FULL_LIBDIR})
+endif()
macro(report_directory var)
if(CMAKE_INSTALL_${var} STREQUAL CMAKE_INSTALL_FULL_${var})
--
2.14.1
@@ -0,0 +1,51 @@
From 3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3 Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 1 Jan 2019 18:57:36 -0600
Subject: [PATCH] tjLoadImage(): Fix int overflow/segfault w/big BMP
Fixes #304
[baruch: drop the ChangeLog.md hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 3d9c64e9f8aa
ChangeLog.md | 4 ++++
turbojpeg.c | 9 ++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/turbojpeg.c b/turbojpeg.c
index 90a9ce6a0be8..3f7cd640677f 100644
--- a/turbojpeg.c
+++ b/turbojpeg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
int align, int *height, int *pixelFormat,
int flags)
{
- int retval = 0, tempc, pitch;
+ int retval = 0, tempc;
+ size_t pitch;
tjhandle handle = NULL;
tjinstance *this;
j_compress_ptr cinfo = NULL;
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
*pixelFormat = cs2pf[cinfo->in_color_space];
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
+ (unsigned long long)((size_t)-1) ||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
_throwg("tjLoadImage(): Memory allocation failure");
if (setjmp(this->jerr.setjmp_buffer)) {
--
2.20.1
@@ -0,0 +1,39 @@
From f8cca819a4fb42aafa5f70df43c45e8c416d716f Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 1 Jan 2019 20:32:40 -0600
Subject: [PATCH] wrbmp.c: Don't allow quantization w/ non-RGB CS
If cinfo->quantize_colors == 1, then jpeg_calc_output_dimensions() will
set cinfo->output_components to 1, and if cinfo->out_color_space is not
RGB (or extended RGB), hilarity will ensue.
Fixes #305
[baruch: drop the ChangeLog.md hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit f8cca819a4
ChangeLog.md | 4 ++++
wrbmp.c | 5 +++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/wrbmp.c b/wrbmp.c
index 4bf81426b0ef..239f64eb3c3f 100644
--- a/wrbmp.c
+++ b/wrbmp.c
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
dest->pub.put_pixel_rows = put_gray_rows;
else
dest->pub.put_pixel_rows = put_pixel_rows;
- } else if (cinfo->out_color_space == JCS_RGB565 ||
- cinfo->out_color_space == JCS_CMYK) {
+ } else if (!cinfo->quantize_colors &&
+ (cinfo->out_color_space == JCS_RGB565 ||
+ cinfo->out_color_space == JCS_CMYK)) {
dest->pub.put_pixel_rows = put_pixel_rows;
} else {
ERREXIT(cinfo, JERR_BMP_COLORSPACE);
--
2.20.1
+4 -4
View File
@@ -1,7 +1,7 @@
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.0/
sha1 fe49aea935617748c21ecbe46c986d6c1b98f39b libjpeg-turbo-2.0.0.tar.gz
md5 b12a3fcf1d078db38410f27718a91b83 libjpeg-turbo-2.0.0.tar.gz
# From https://sourceforge.net/projects/libjpeg-turbo/files/2.0.1/
sha1 7ea4a288bccbb5a2d5bfad5fb328d4a839853f4e libjpeg-turbo-2.0.1.tar.gz
md5 1b05a66aa9b006fd04ed29f408e68f46 libjpeg-turbo-2.0.1.tar.gz
# Locally computed
sha256 778876105d0d316203c928fd2a0374c8c01f755d0a00b12a1c8934aeccff8868 libjpeg-turbo-2.0.0.tar.gz
sha256 e5f86cec31df1d39596e0cca619ab1b01f99025a27dafdfc97a30f3a12f866ff libjpeg-turbo-2.0.1.tar.gz
sha256 8412238c5ad95965cf3c3197791e9dea8b5fae505d133449e33ee2fa754fe61e LICENSE.md
sha256 82fece2bff2669c476495f0fe70096b154e8bc5b40916a64e99836d9a01c3110 README.ijg
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
JPEG_TURBO_VERSION = 2.0.0
JPEG_TURBO_VERSION = 2.0.1
JPEG_TURBO_SOURCE = libjpeg-turbo-$(JPEG_TURBO_VERSION).tar.gz
JPEG_TURBO_SITE = https://downloads.sourceforge.net/project/libjpeg-turbo/$(JPEG_TURBO_VERSION)
JPEG_TURBO_LICENSE = IJG (libjpeg), BSD-3-Clause (TurboJPEG), Zlib (SIMD)
+2 -1
View File
@@ -1,2 +1,3 @@
# Locally calculated
sha256 c4d2bfec6436341113419debf479d833692cc5cdab7eb0326b5a4d4fbe9f493c jq-1.5.tar.gz
sha256 5de8c8e29aaa3fb9cc6b47bb27299f271354ebb72514e3accadc7d38b5bbaa72 jq-1.6.tar.gz
sha256 111136aebcbfa68b6b0084e582b30e981da76adcff84eab6f9be32a1f38c5bf1 COPYING
+3 -3
View File
@@ -4,7 +4,7 @@
#
################################################################################
JQ_VERSION = 1.5
JQ_VERSION = 1.6
JQ_SITE = https://github.com/stedolan/jq/releases/download/jq-$(JQ_VERSION)
JQ_LICENSE = MIT (code), CC-BY-3.0 (documentation)
JQ_LICENSE_FILES = COPYING
@@ -17,8 +17,8 @@ JQ_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99 -D_GNU_SOURCE"
HOST_JQ_CONF_ENV += CFLAGS="$(HOST_CFLAGS) -std=c99 -D_GNU_SOURCE"
# jq explicitly enables maintainer mode, which we don't need/want
JQ_CONF_OPTS += --disable-maintainer-mode
HOST_JQ_CONF_OPTS += --disable-maintainer-mode
JQ_CONF_OPTS += --disable-maintainer-mode --without-oniguruma
HOST_JQ_CONF_OPTS += --disable-maintainer-mode --without-oniguruma
$(eval $(autotools-package))
$(eval $(host-autotools-package))
@@ -13,4 +13,9 @@ KF5_MODEMMANAGER_QT_LICENSE_FILE = COPYING.LIB
KF5_MODEMMANAGER_QT_DEPENDENCIES = kf5-extra-cmake-modules modem-manager qt5base
KF5_MODEMMANAGER_QT_INSTALL_STAGING = YES
# Uses __atomic_fetch_add_4
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
KF5_MODEMMANAGER_QT_CONF_OPTS += -DCMAKE_CXX_FLAGS="$(TARGET_CXXFLAGS) -latomic"
endif
$(eval $(cmake-package))
@@ -0,0 +1,52 @@
From 6ed1b57ef6bcee0d497c181730710b2b0fafbfb3 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ga=C3=ABl=20PORTAY?= <gael.portay@savoirfairelinux.com>
Date: Fri, 31 Aug 2018 12:23:46 -0400
Subject: [PATCH] Generate position independant code for static library
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Currently, only shared libraries are using the PIC flag.
Generalize this flag for static libraries in order to let them linkable
by dynamic libraries.
Fixes:
/home/gportay/src/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-amd-linux-gnu/6.2.0/../../../../x86_64-amd-linux-gnu/bin/ld: /home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a(memenv.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
/home/gportay/src/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/libmemenv.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
Upstream-Status: Inappropriate [upstream has migrated to cmake]
Signed-off-by: Gaël PORTAY <gael.portay@savoirfairelinux.com>
---
build_detect_platform | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/build_detect_platform b/build_detect_platform
index d2a20ce..4839444 100755
--- a/build_detect_platform
+++ b/build_detect_platform
@@ -55,8 +55,8 @@ fi
COMMON_FLAGS=
CROSS_COMPILE=
-PLATFORM_CCFLAGS=
-PLATFORM_CXXFLAGS=
+PLATFORM_CCFLAGS="-fPIC"
+PLATFORM_CXXFLAGS="-fPIC"
PLATFORM_LDFLAGS=
PLATFORM_LIBS=
PLATFORM_SHARED_EXT="so"
@@ -197,7 +197,7 @@ else
EOF
if [ "$?" = 0 ]; then
COMMON_FLAGS="$COMMON_FLAGS -DLEVELDB_PLATFORM_POSIX -DLEVELDB_ATOMIC_PRESENT"
- PLATFORM_CXXFLAGS="-std=c++0x"
+ PLATFORM_CXXFLAGS="$PLATFORM_CXXFLAGS -std=c++0x"
else
COMMON_FLAGS="$COMMON_FLAGS -DLEVELDB_PLATFORM_POSIX"
fi
--
2.18.0
+2
View File
@@ -25,6 +25,8 @@ define LEVELDB_INSTALL_STAGING_CMDS
$(TARGET_MAKE_ENV) $(MAKE1) \
INSTALL_ROOT=$(STAGING_DIR) INSTALL_PREFIX=/usr \
$(LEVELDB_MAKE_ARGS) -C $(@D) install
$(INSTALL) -D -m 0644 $(@D)/out-static/libmemenv.a $(STAGING_DIR)/usr/lib/libmemenv.a
$(INSTALL) -D -m 0644 $(@D)/helpers/memenv/memenv.h $(STAGING_DIR)/usr/include/helpers/memenv/memenv.h
endef
define LEVELDB_INSTALL_TARGET_CMDS
@@ -0,0 +1,62 @@
From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 1 Jan 2019 17:10:49 +1100
Subject: [PATCH] iso9660: Fail when expected Rockridge extensions is missing
A corrupted or malicious ISO9660 image can cause read_CE() to loop
forever.
read_CE() calls parse_rockridge(), expecting a Rockridge extension
to be read. However, parse_rockridge() is structured as a while
loop starting with a sanity check, and if the sanity check fails
before the loop has run, the function returns ARCHIVE_OK without
advancing the position in the file. This causes read_CE() to retry
indefinitely.
Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
extension. As someone with no real knowledge of the format, this
seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
it to a fatal error immediately anyway.
Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 8312eaa57601
libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
index 28acfefbba8a..bad8f1dfef3a 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
const unsigned char *p, const unsigned char *end)
{
struct iso9660 *iso9660;
+ int entry_seen = 0;
iso9660 = (struct iso9660 *)(a->format->data);
@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
}
p += p[2];
+ entry_seen = 1;
+ }
+
+ if (entry_seen)
+ return (ARCHIVE_OK);
+ else {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Tried to parse Rockridge extensions, but none found");
+ return (ARCHIVE_WARN);
}
- return (ARCHIVE_OK);
}
static int
--
2.20.1
@@ -0,0 +1,62 @@
From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 1 Jan 2019 16:01:40 +1100
Subject: [PATCH] 7zip: fix crash when parsing certain archives
Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
would sometimes fail to return at least 'minimum' bytes. This can cause
the crc32() invocation in header_bytes to read off into invalid memory.
A specially crafted archive can use this to cause a crash.
An ASAN trace is below, but ASAN is not required - an uninstrumented
binary will also crash.
==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
==7719==The signal is caused by a READ memory access.
#0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
#1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
#2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
#3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
#4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
#5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
#6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
#7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
#8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
#9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
#10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
#11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
This was primarly done with afl and FairFuzz. Some early corpus entries
may have been generated by qsym.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 65a23f5dbee
libarchive/archive_read_support_format_7zip.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index bccbf896603b..b6d1505d372e 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
/* Copy mode. */
- /*
- * Note: '1' here is a performance optimization.
- * Recall that the decompression layer returns a count of
- * available bytes; asking for more than that forces the
- * decompressor to combine reads by copying data.
- */
- *buff = __archive_read_ahead(a, 1, &bytes_avail);
+ *buff = __archive_read_ahead(a, minimum, &bytes_avail);
if (bytes_avail <= 0) {
archive_set_error(&a->archive,
ARCHIVE_ERRNO_FILE_FORMAT,
--
2.20.1
@@ -0,0 +1,73 @@
Fix integer overflows. Will not work on compilers with unsigned char
as the default.
Fetched from: https://sources.debian.org/patches/libb64/1.2-5/
Combined "integer overflows.diff" and "off by one.diff" and adapted
for version 1.2.1.
Signed-off-by: Mikael Eliasson <mikael@robomagi.com>
diff --git a/src/cdecode.c b/src/cdecode.c
index a6c0a42..45da4e1 100644
--- a/src/cdecode.c
+++ b/src/cdecode.c
@@ -9,10 +9,11 @@ For details, see http://sourceforge.net/projects/libb64
int base64_decode_value(char value_in)
{
- static const char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
+ static const signed char decoding[] = {62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-2,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51};
static const char decoding_size = sizeof(decoding);
+ if (value_in < 43) return -1;
value_in -= 43;
- if (value_in < 0 || value_in >= decoding_size) return -1;
+ if (value_in >= decoding_size) return -1;
return decoding[(int)value_in];
}
@@ -26,7 +27,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
{
const char* codechar = code_in;
char* plainchar = plaintext_out;
- char fragment;
+ int fragment;
*plainchar = state_in->plainchar;
@@ -42,7 +43,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar = (fragment & 0x03f) << 2;
case step_b:
@@ -53,7 +54,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x030) >> 4;
*plainchar = (fragment & 0x00f) << 4;
@@ -65,7 +66,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x03c) >> 2;
*plainchar = (fragment & 0x003) << 6;
@@ -77,7 +78,7 @@ int base64_decode_block(const char* code_in, const int length_in, char* plaintex
state_in->plainchar = *plainchar;
return plainchar - plaintext_out;
}
- fragment = (char)base64_decode_value(*codechar++);
+ fragment = base64_decode_value(*codechar++);
} while (fragment < 0);
*plainchar++ |= (fragment & 0x03f);
}
@@ -0,0 +1,38 @@
Fixes uninitialized C++ encoder and decoder _state variable bug.
Fetched from: https://sources.debian.org/patches/libb64/1.2-5/
initialize-coder-state.diff patch without modifications.
Signed-off-by: Mikael Eliasson <mikael@robomagi.com>
diff --git a/include/b64/decode.h b/include/b64/decode.h
index 12b16ea..d3f7d60 100644
--- a/include/b64/decode.h
+++ b/include/b64/decode.h
@@ -24,7 +24,9 @@ namespace base64
decoder(int buffersize_in = BUFFERSIZE)
: _buffersize(buffersize_in)
- {}
+ {
+ base64_init_decodestate(&_state);
+ }
int decode(char value_in)
{
diff --git a/include/b64/encode.h b/include/b64/encode.h
index 5d807d9..49aafdc 100644
--- a/include/b64/encode.h
+++ b/include/b64/encode.h
@@ -24,7 +24,9 @@ namespace base64
encoder(int buffersize_in = BUFFERSIZE)
: _buffersize(buffersize_in)
- {}
+ {
+ base64_init_encodestate(&_state);
+ }
int encode(char value_in)
{
+3 -3
View File
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
# https://curl.haxx.se/download/curl-7.62.0.tar.xz.asc
# https://curl.haxx.se/download/curl-7.64.0.tar.xz.asc
# with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
sha256 dab5643a5fe775ae92570b9f3df6b0ef4bc2a827a959361fb130c73b721275c1 curl-7.62.0.tar.xz
sha256 5f3849ec38ddb927e79f514bf948890c41b8d1407286a49609b8fb1585931095 COPYING
sha256 2f2f13fa34d44aa29cb444077ad7dc4dc6d189584ad552e0aaeb06e608af6001 curl-7.64.0.tar.xz
sha256 8c8824f50e73a021f5dde1fccbf69685939247399a33a32abab1fa448c9ddabb COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBCURL_VERSION = 7.62.0
LIBCURL_VERSION = 7.64.0
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
LIBCURL_SITE = https://curl.haxx.se/download
LIBCURL_DEPENDENCIES = host-pkgconf \
@@ -0,0 +1,65 @@
From edc9ec69b43c27955ee4f24db2e6808bb1a8974d Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 3 Feb 2019 23:20:43 +0100
Subject: [PATCH] libgeotiff/configure.ac: do not check for C++
Do not check for C++ compiler as libgeotiff is written in C otherwise
build will fail on toolchains without a working C++ compiler:
checking how to run the C++ preprocessor... /lib/cpp
configure: error: in `/data/buildroot/buildroot-test/instance-1/output/build/libgeotiff-1.4.2':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Fixes:
- http://autobuild.buildroot.org/results/72f1c5c1b8fc337a1cff4b280abe99afd65f945b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/OSGeo/libgeotiff/pull/9]
---
libgeotiff/configure.ac | 6 ------
1 file changed, 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index a334416..4ebbd6f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,8 +25,6 @@ dnl #########################################################################
AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_PROG_CC
-AC_PROG_CXX
-AC_PROG_CXXCPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
@@ -46,7 +44,6 @@ dnl #########################################################################
m4_define([debug_default],[no])
CFLAGS="$CFLAGS"
-CXXFLAGS="$CXXFLAGS"
dnl We want to honor the users wishes with regard to linking.
LIBS="$LDFLAGS $LIBS"
@@ -82,11 +79,9 @@ AC_MSG_CHECKING([for debug enabled])
if test "x$enable_debug" = "xyes"; then
CFLAGS="$CFLAGS -g -DDEBUG -Wall"
- CXXFLAGS="$CXXFLAGS -g -DDEBUG -Wall"
AC_MSG_RESULT(yes)
else
CFLAGS="$CFLAGS -O3 -DNDEBUG"
- CXXFLAGS="$CXXFLAGS -O3 -DNDEBUG"
AC_MSG_RESULT(no)
fi
@@ -367,7 +362,6 @@ LOC_MSG()
LOC_MSG([ Version..................: ${RELEASE_VERSION}])
LOC_MSG([ Installation directory...: ${prefix}])
LOC_MSG([ C compiler...............: ${CC} ${CFLAGS}])
-LOC_MSG([ C++ compiler.............: ${CXX} ${CXXFLAGS}])
LOC_MSG([ Debugging support........: ${enable_debug}])
LOC_MSG()
--
2.14.1
+1 -1
View File
@@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/software/libs/libgpiod/sha256sums.asc
sha256 b6b9079c933f7c8524815437937dda6b795a16141bca202a9eec70ba5844b5ba libgpiod-1.2.tar.xz
sha256 736d8b511ad247c2acb01b592f2bbe5e757e14e1d8347b2d80683081ab4b31b8 libgpiod-1.2.1.tar.xz
# Hash for license file
sha256 ce64d5f7b49ea6d80fdb6d4cdee6839d1a94274f7493dc797c3b55b65ec8e9ed COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBGPIOD_VERSION = 1.2
LIBGPIOD_VERSION = 1.2.1
LIBGPIOD_SOURCE = libgpiod-$(LIBGPIOD_VERSION).tar.xz
LIBGPIOD_SITE = https://www.kernel.org/pub/software/libs/libgpiod
LIBGPIOD_LICENSE = LGPL-2.1+
+12
View File
@@ -0,0 +1,12 @@
prefix=/usr
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: id3tag
Description: ID3 tag reading library
Version: 0.15.1b
Requires:
Libs: -L${libdir} -lid3tag
Libs.private: -lz
Cflags: -I${includedir}
+7
View File
@@ -15,4 +15,11 @@ LIBID3TAG_DEPENDENCIES = zlib
# is able to properly behave in the face of a missing C++ compiler.
LIBID3TAG_AUTORECONF = YES
define LIBID3TAG_INSTALL_STAGING_PC
$(INSTALL) -D package/libid3tag/id3tag.pc \
$(STAGING_DIR)/usr/lib/pkgconfig/id3tag.pc
endef
LIBID3TAG_POST_INSTALL_STAGING_HOOKS += LIBID3TAG_INSTALL_STAGING_PC
$(eval $(autotools-package))
+4 -4
View File
@@ -1,7 +1,7 @@
# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha256
sha256 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 openssl-1.0.2q.tar.gz
# From https://www.openssl.org/source/openssl-1.0.2q.tar.gz.sha1
sha1 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 openssl-1.0.2q.tar.gz
# From https://www.openssl.org/source/openssl-1.0.2r.tar.gz.sha256
sha256 ae51d08bba8a83958e894946f15303ff894d75c2b8bbd44a852b64e3fe11d0d6 openssl-1.0.2r.tar.gz
# From https://www.openssl.org/source/openssl-1.0.2r.tar.gz.sha1
sha1 b9aec1fa5cedcfa433aed37c8fe06b0ab0ce748d openssl-1.0.2r.tar.gz
# Locally computed
sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBOPENSSL_VERSION = 1.0.2q
LIBOPENSSL_VERSION = 1.0.2r
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
+2 -2
View File
@@ -1,5 +1,5 @@
# Locally calculated
sha256 7cf724a40a0d8915869498f51062a952167e4f5bae2b6920542c9e0e079a471d LibRaw-0.18.11.tar.gz
sha256 400d47969292291d297873a06fb0535ccce70728117463927ddd9452aa849644 LibRaw-0.19.2.tar.gz
sha256 eea173a556abac0370461e57e12aab266894ea6be3874c2be05fd87871f75449 LICENSE.LGPL
sha256 0e3098d2d54a12434715f6679ea408d57da5e8d613c385c58ecc6fe5d30cc81f LICENSE.CDDL
sha256 7fe7564c5d48c5d353d7c1966dcddada3791586a4c2eedbc68ad56e96955e75d README
sha256 eee0055723d3483ef3ee7920e2178177b14a334c2a622be4101bcfb05d21407e README.md
+2 -2
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBRAW_VERSION = 0.18.11
LIBRAW_VERSION = 0.19.2
LIBRAW_SOURCE = LibRaw-$(LIBRAW_VERSION).tar.gz
LIBRAW_SITE = http://www.libraw.org/data
LIBRAW_INSTALL_STAGING = YES
@@ -14,7 +14,7 @@ LIBRAW_CONF_OPTS += \
--disable-demosaic-pack-gpl2 \
--disable-demosaic-pack-gpl3
LIBRAW_LICENSE = LGPL-2.1 or CDDL-1.0
LIBRAW_LICENSE_FILES = LICENSE.LGPL LICENSE.CDDL README
LIBRAW_LICENSE_FILES = LICENSE.LGPL LICENSE.CDDL README.md
LIBRAW_DEPENDENCIES = host-pkgconf
LIBRAW_CXXFLAGS = $(TARGET_CXXFLAGS)
LIBRAW_CONF_ENV = CXXFLAGS="$(LIBRAW_CXXFLAGS)"
+11 -7
View File
@@ -1,4 +1,4 @@
From 8632287cf6863b580340f846ac14adf2609abdb0 Mon Sep 17 00:00:00 2001
From 5d010fb06eae43b284e5ccc322f6de47eb42b751 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 2 Jun 2018 13:45:22 +0200
Subject: [PATCH] remove static
@@ -14,16 +14,18 @@ and slighly updated to work with 2.3.3
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: updated for v2.4.0 which adds scmp_api_level]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
tools/Makefile.am | 2 --
1 file changed, 2 deletions(-)
tools/Makefile.am | 3 ---
1 file changed, 3 deletions(-)
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 70b4aed..ef74270 100644
index f768365..5f9d571 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -35,8 +35,6 @@ scmp_bpf_disasm_SOURCES = scmp_bpf_disasm.c bpf.h util.h
scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
@@ -37,10 +37,7 @@ scmp_bpf_sim_SOURCES = scmp_bpf_sim.c bpf.h util.h
scmp_api_level_SOURCES = scmp_api_level.c
scmp_sys_resolver_LDADD = ../src/libseccomp.la
-scmp_sys_resolver_LDFLAGS = -static
@@ -31,6 +33,8 @@ index 70b4aed..ef74270 100644
-scmp_arch_detect_LDFLAGS = -static
scmp_bpf_disasm_LDADD = util.la
scmp_bpf_sim_LDADD = util.la
scmp_api_level_LDADD = ../src/libseccomp.la
-scmp_api_level_LDFLAGS = -static
--
2.14.1
2.11.0
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 5a52495207f00d1254707f11226e17c16ec53f5038d65bbabf1892873fa2fe5b libseccomp-v2.3.3.tar.gz
sha256 b7ee0299157fb7a6a81c99f2e0d7e64429b7d7c0eae43c3a6ef91e87eeed2868 libseccomp-v2.4.0.tar.gz
sha256 102900208eef27b766380135906d431dba87edaa7ec6aa72e6ebd3dd67f3a97b LICENSE
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBSECCOMP_VERSION = v2.3.3
LIBSECCOMP_VERSION = v2.4.0
LIBSECCOMP_SITE = $(call github,seccomp,libseccomp,$(LIBSECCOMP_VERSION))
LIBSECCOMP_LICENSE = LGPL-2.1
LIBSECCOMP_LICENSE_FILES = LICENSE
@@ -0,0 +1,43 @@
From 7d2d1039f303b6322ecb72eebae39b699fd28d19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Krause?= <joerg.krause@embedded.rocks>
Date: Fri, 22 Feb 2019 01:31:11 +0100
Subject: [PATCH] Add Libs.private in soxr.pc.in for static linking
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If libsoxr is build statically against libavutil other applications
needs to know that they must link with `-lavutil` when building in a
static context.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
---
CMakeLists.txt | 1 +
src/soxr.pc.in | 1 +
2 files changed, 2 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ee48f6c..714bd4d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -139,6 +139,7 @@ if (WITH_AVFFT OR (CMAKE_SYSTEM_PROCESSOR MATCHES "^arm" AND SIMD32_FOUND AND WI
if (AVUTIL_FOUND)
include_directories (${AVUTIL_INCLUDE_DIRS})
set (LIBS ${LIBS} ${AVUTIL_LIBRARIES})
+ set (PKGCONF_LIBS_PRIV ${PKGCONF_LIBS_PRIV} -lavutil)
endif ()
endif ()
diff --git a/src/soxr.pc.in b/src/soxr.pc.in
index 69d225b..6c530a6 100644
--- a/src/soxr.pc.in
+++ b/src/soxr.pc.in
@@ -2,4 +2,5 @@ Name: ${PROJECT_NAME}
Description: ${DESCRIPTION_SUMMARY}
Version: ${PROJECT_VERSION}
Libs: -L${LIB_INSTALL_DIR} -l${PROJECT_NAME}
+Libs.private: ${PKGCONF_LIBS_PRIV}
Cflags: -I${INCLUDE_INSTALL_DIR}
--
2.20.1
@@ -1,33 +0,0 @@
From 8c1edfc22f8b714062b149e3d80ab4357a1a4e49 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Thu, 22 Nov 2018 19:10:03 +0100
Subject: [PATCH] soxr.pc.in: add avutil libraries
Add ${AVUTIL_LIBRARIES} to soxr.pc.in so applications such as
shairport-sync will know that they must link with -lavutil when
building statically
Fixes:
- http://autobuild.buildroot.org/results/839c0ce6475accc1de7e8a180d4358edb6750c64
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://sourceforge.net/p/soxr/code/merge-requests/2]
[Thomas: move to Libs.private.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
src/soxr.pc.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/soxr.pc.in b/src/soxr.pc.in
index 69d225b..ed212a8 100644
--- a/src/soxr.pc.in
+++ b/src/soxr.pc.in
@@ -2,4 +2,5 @@ Name: ${PROJECT_NAME}
Description: ${DESCRIPTION_SUMMARY}
Version: ${PROJECT_VERSION}
Libs: -L${LIB_INSTALL_DIR} -l${PROJECT_NAME}
+Libs.private: ${AVUTIL_LIBRARIES}
Cflags: -I${INCLUDE_INSTALL_DIR}
--
2.19.1
@@ -1,51 +0,0 @@
From 28fe5e4de437f8fce6e428b7db9bc8640cda4c61 Mon Sep 17 00:00:00 2001
From: Giulio Benetti <giulio.benetti@micronovasrl.com>
Date: Thu, 13 Sep 2018 09:51:35 +0200
Subject: [PATCH] openssl: fix dereferencing ambiguity potentially causing
build failure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When dereferencing from *aes_ctr_cipher, being a pointer itself,
ambiguity can occur with compiler and build can fail reporting:
openssl.c:574:20: error: *aes_ctr_cipher is a pointer; did you mean to use ->?
*aes_ctr_cipher->nid = type;
Sorround every *aes_ctr_cipher-> occurence with paranthesis like this
(*aes_ctr_cipher)->
Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
Upstream: https://github.com/libssh2/libssh2/commit/b5b6673c2823a18753a14571a6c01bde33fa3a8b
---
src/openssl.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/openssl.c b/src/openssl.c
index 678d5de..c26aaec 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -571,13 +571,13 @@ make_ctr_evp (size_t keylen, EVP_CIPHER **aes_ctr_cipher, int type)
EVP_CIPHER_meth_set_cleanup(*aes_ctr_cipher, aes_ctr_cleanup);
}
#else
- *aes_ctr_cipher->nid = type;
- *aes_ctr_cipher->block_size = 16;
- *aes_ctr_cipher->key_len = keylen;
- *aes_ctr_cipher->iv_len = 16;
- *aes_ctr_cipher->init = aes_ctr_init;
- *aes_ctr_cipher->do_cipher = aes_ctr_do_cipher;
- *aes_ctr_cipher->cleanup = aes_ctr_cleanup;
+ (*aes_ctr_cipher)->nid = type;
+ (*aes_ctr_cipher)->block_size = 16;
+ (*aes_ctr_cipher)->key_len = keylen;
+ (*aes_ctr_cipher)->iv_len = 16;
+ (*aes_ctr_cipher)->init = aes_ctr_init;
+ (*aes_ctr_cipher)->do_cipher = aes_ctr_do_cipher;
+ (*aes_ctr_cipher)->cleanup = aes_ctr_cleanup;
#endif
return *aes_ctr_cipher;
--
2.17.1
+1 -1
View File
@@ -1,3 +1,3 @@
# Locally calculated
sha256 ec2b32b44ae5f8fe094f663f63953fb31314de838eb36e8c47e5a89137b5a1bc libssh2-8b870ad771cbd9cd29edbb3dbb0878e950f868ab.tar.gz
sha256 468e7a81a8121c06cb099eef2e17106b0b8c2e1d890b1c0e34e1951f182babb1 libssh2-1b3cbaff518f32e5b70650d4b7b52361b1410d37.tar.gz
sha256 e15ed284a15e80115467d6d7f030f0d89d8fabbecd78fb6e0f861f0cfc128fd9 COPYING
+1 -1
View File
@@ -4,7 +4,7 @@
#
################################################################################
LIBSSH2_VERSION = 8b870ad771cbd9cd29edbb3dbb0878e950f868ab
LIBSSH2_VERSION = 1b3cbaff518f32e5b70650d4b7b52361b1410d37
LIBSSH2_SITE = $(call github,libssh2,libssh2,$(LIBSSH2_VERSION))
LIBSSH2_LICENSE = BSD
LIBSSH2_LICENSE_FILES = COPYING
@@ -0,0 +1,51 @@
From c70d326f3ae88aa2dca903fb17a1f18d3b45a2ca Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 8 Feb 2019 16:45:32 +0100
Subject: [PATCH] configure.ac: fix build with openssl
- Add a call to PKG_CHECK_MODULES to get openssl libraries and its
dependencies if openssl support is enabled
- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
pupnp (such as mpd) will be able to retrieve openssl libraries
Fixes:
- http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/mrjimenez/pupnp/pull/105]
---
configure.ac | 5 +++++
libupnp.pc.in | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 670d363..190b30c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -722,6 +722,11 @@ AC_COMPILE_IFELSE(
AC_MSG_ERROR([pthread_rwlock_t not available])])])
echo "-------------------------------------------------------------------------------"
+if test "x$enable_open_ssl" = xyes ; then
+ PKG_CHECK_MODULES(OPENSSL, libssl,
+ [LIBS="$LIBS $OPENSSL_LIBS" CFLAGS="$CFLAGS $OPENSSL_CFLAGS"],
+ [AC_MSG_ERROR([openssl not found])])
+fi
AC_CONFIG_FILES([
Makefile
diff --git a/libupnp.pc.in b/libupnp.pc.in
index bd2d7b3..54cba90 100644
--- a/libupnp.pc.in
+++ b/libupnp.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
Name: libupnp
Description: Linux SDK for UPnP Devices
Version: @VERSION@
-Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml
+Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml @OPENSSL_LIBS@
Cflags: @PTHREAD_CFLAGS@ -I${includedir}/upnp
--
2.14.1
+2 -1
View File
@@ -11,11 +11,12 @@ LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
LIBUPNP18_INSTALL_STAGING = YES
LIBUPNP18_LICENSE = BSD-3-Clause
LIBUPNP18_LICENSE_FILES = COPYING
# We're patching configure.ac
LIBUPNP18_AUTORECONF = YES
ifeq ($(BR2_PACKAGE_OPENSSL),y)
LIBUPNP18_CONF_OPTS += --enable-open-ssl
LIBUPNP18_DEPENDENCIES += host-pkgconf openssl
LIBUPNP18_CONF_ENV += LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
else
LIBUPNP18_CONF_OPTS += --disable-open-ssl
endif
+3 -3
View File
@@ -290,9 +290,9 @@ config BR2_DEFAULT_KERNEL_HEADERS
string
default "3.2.102" if BR2_KERNEL_HEADERS_3_2
default "4.1.52" if BR2_KERNEL_HEADERS_4_1
default "4.4.172" if BR2_KERNEL_HEADERS_4_4
default "4.9.153" if BR2_KERNEL_HEADERS_4_9
default "4.14.96" if BR2_KERNEL_HEADERS_4_14
default "4.4.176" if BR2_KERNEL_HEADERS_4_4
default "4.9.160" if BR2_KERNEL_HEADERS_4_9
default "4.14.103" if BR2_KERNEL_HEADERS_4_14
default "4.16.18" if BR2_KERNEL_HEADERS_4_16
default "4.18.20" if BR2_KERNEL_HEADERS_4_18
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
+4
View File
@@ -11,4 +11,8 @@ LOG4CPLUS_LICENSE = Apache-2.0, BSD-2-Clause, BSD-like (threadpool)
LOG4CPLUS_LICENSE_FILES = LICENSE
LOG4CPLUS_INSTALL_STAGING = YES
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
LOG4CPLUS_CONF_ENV += LIBS='-latomic'
endif
$(eval $(autotools-package))
@@ -1,109 +0,0 @@
From ce661985c098635965573aac8fc983a72f60d396 Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Tue, 30 May 2017 16:42:34 +0200
Subject: [PATCH] buildroot-libtool-v1.5.patch
Apply buildroot-libtool-v1.5.patch rebased on libtool 1.5.2 used
in madplay and fixing all conflicts.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
ltmain.sh | 40 ++++++++++++++++++++++++++++++----------
1 file changed, 30 insertions(+), 10 deletions(-)
diff --git a/ltmain.sh b/ltmain.sh
index 4b9f940..0b71220 100644
--- a/ltmain.sh
+++ b/ltmain.sh
@@ -164,6 +164,11 @@ do
arg="$1"
shift
+ # Make -static behave as -all-static
+ case $arg in
+ -static) arg="-all-static" ;;
+ esac
+
case $arg in
-*=*) optarg=`$echo "X$arg" | $Xsed -e 's/[-_a-zA-Z0-9]*=//'` ;;
*) optarg= ;;
@@ -549,8 +554,9 @@ if test -z "$show_help"; then
# line option must be used.
if test -z "$tagname"; then
$echo "$modename: unable to infer tagged configuration"
- $echo "$modename: specify a tag with \`--tag'" 1>&2
- exit 1
+ $echo "$modename: defaulting to \`CC'"
+ $echo "$modename: if this is not correct, specify a tag with \`--tag'"
+# exit 1
# else
# $echo "$modename: using $tagname tagged configuration"
fi
@@ -1228,7 +1234,8 @@ EOF
prevarg="$arg"
case $arg in
- -all-static)
+ # Make -static behave like -all-static
+ -all-static | -static)
if test -n "$link_static_flag"; then
compile_command="$compile_command $link_static_flag"
finalize_command="$finalize_command $link_static_flag"
@@ -2135,8 +2142,14 @@ EOF
absdir="$abs_ladir"
libdir="$abs_ladir"
else
- dir="$libdir"
- absdir="$libdir"
+ # Adding 'libdir' from the .la file to our library search paths
+ # breaks crosscompilation horribly. We cheat here and don't add
+ # it, instead adding the path where we found the .la. -CL
+ dir="$abs_ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ #dir="$libdir"
+ #absdir="$libdir"
fi
else
dir="$ladir/$objdir"
@@ -2261,7 +2274,7 @@ EOF
{ test "$prefer_static_libs" = no || test -z "$old_library"; }; then
if test "$installed" = no; then
notinst_deplibs="$notinst_deplibs $lib"
- need_relink=yes
+ need_relink=no
fi
# This is a shared library
@@ -5146,6 +5159,10 @@ fi\
# Replace all uninstalled libtool libraries with the installed ones
newdependency_libs=
for deplib in $dependency_libs; do
+ # Replacing uninstalled with installed can easily break crosscompilation,
+ # since the installed path is generally the wrong architecture. -CL
+ newdependency_libs="$newdependency_libs $deplib"
+ continue
case $deplib in
*.la)
name=`$echo "X$deplib" | $Xsed -e 's%^.*/%%'`
@@ -5464,10 +5481,13 @@ relink_command=\"$relink_command\""
# At present, this check doesn't affect windows .dll's that
# are installed into $libdir/../bin (currently, that works fine)
# but it's something to keep an eye on.
- if test "$inst_prefix_dir" = "$destdir"; then
- $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
- exit 1
- fi
+ #
+ # This breaks install into our staging area. -PB
+ #
+ # if test "$inst_prefix_dir" = "$destdir"; then
+ # $echo "$modename: error: cannot install \`$file' to a directory not ending in $libdir" 1>&2
+ # exit 1
+ # fi
if test -n "$inst_prefix_dir"; then
# Stick the inst_prefix_dir data into the link command.
--
2.9.4
@@ -0,0 +1,16 @@
configure.ac: don't require GNU-specific files when running automake
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff -durN madplay-0.15.2b-orig/configure.ac madplay-0.15.2b/configure.ac
--- madplay-0.15.2b-orig/configure.ac 2019-02-14 21:34:01.507212449 +0100
+++ madplay-0.15.2b/configure.ac 2019-02-14 21:34:23.439336353 +0100
@@ -26,7 +26,7 @@
AC_CONFIG_SRCDIR([madplay.c])
-AM_INIT_AUTOMAKE
+AM_INIT_AUTOMAKE([foreign])
AM_CONFIG_HEADER([config.h])
@@ -0,0 +1,23 @@
configure.ac: use pkg-config to find id3tag
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff -durN madplay-0.15.2b-orig/configure.ac madplay-0.15.2b/configure.ac
--- madplay-0.15.2b-orig/configure.ac 2019-02-14 21:34:01.507212449 +0100
+++ madplay-0.15.2b/configure.ac 2019-02-15 23:24:00.079876087 +0100
@@ -182,12 +182,13 @@
*** environment variable to specify its installed location, e.g. -L<dir>.])
])
-AC_CHECK_LIB(id3tag, id3_tag_parse, :, [
+PKG_CHECK_MODULES(ID3TAG, id3tag, [
+ CFLAGS="$CFLAGS $ID3TAG_CFLAGS" LIBS="$LIBS $ID3TAG_LIBS"], [
AC_MSG_ERROR([libid3tag was not found
*** You must first install libid3tag before you can build this package.
*** If libid3tag is already installed, you may need to use the LDFLAGS
*** environment variable to specify its installed location, e.g. -L<dir>.])
-], [-lz])
+])
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(madvise localeconv)
+2
View File
@@ -1,2 +1,4 @@
# Locally computed:
sha256 5a79c7516ff7560dffc6a14399a389432bc619c905b13d3b73da22fa65acede0 madplay-0.15.2b.tar.gz
sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
sha256 915bfd70548f31d11f9b4ffb21f343d1196af96c79d6aaac5663ea46c39dd3a3 COPYRIGHT

Some files were not shown because too many files have changed in this diff Show More