Compare commits
137 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6ec5f4eb71 | |||
| dc2152dbb6 | |||
| d5438fdb06 | |||
| 7de027bf95 | |||
| 9806ac3df0 | |||
| 332e245792 | |||
| f1a83afe2d | |||
| eb5b33c51d | |||
| 6788863f84 | |||
| eac943b234 | |||
| 72ec125c16 | |||
| a81e60cebd | |||
| cc3e09eba0 | |||
| cd67d6c08b | |||
| 3aba2e0c2e | |||
| 15389955ae | |||
| 813178eb21 | |||
| 7d3df069d5 | |||
| 3fbff36337 | |||
| a4c252e967 | |||
| 53575d5ff2 | |||
| b4aea092ba | |||
| c64bec3a35 | |||
| 04f7aee1da | |||
| 267804d758 | |||
| e1e1767daa | |||
| 1ee1539bd0 | |||
| fea8055872 | |||
| f4cd4359ab | |||
| 7df4edb05a | |||
| fc24b95723 | |||
| 80c9d50e5e | |||
| 8ddefc303c | |||
| df77691b15 | |||
| 9393ff855d | |||
| da17a05721 | |||
| 94efdad6c7 | |||
| f7c58e57ad | |||
| 5bbe135cf8 | |||
| e551d8c364 | |||
| cf7176c3ef | |||
| 09c531ca09 | |||
| 5d18afcfe4 | |||
| af9b6c9e89 | |||
| 61b25934d8 | |||
| 1ef350aa6e | |||
| 93a9d8d127 | |||
| 3e499ad849 | |||
| d95e110e44 | |||
| 44dff152c6 | |||
| df8c34723e | |||
| 98adbe7f90 | |||
| 9cd8ee158f | |||
| ddf41cf9a7 | |||
| caf04bab8d | |||
| f23dd5e4a2 | |||
| d917bf4727 | |||
| 76bbb43441 | |||
| 09ba349f0d | |||
| fd9a468b4e | |||
| def480591c | |||
| 0567bb15cd | |||
| 0c0356e86c | |||
| 3d5c530da5 | |||
| aa9b2b0abe | |||
| aa1773ea21 | |||
| bda27f1b0c | |||
| a4de835979 | |||
| e0707286e6 | |||
| 0c871aaa38 | |||
| 777d730a00 | |||
| 10ba4cf76d | |||
| be53bbbdd0 | |||
| bc51041e6b | |||
| 8e0b8bcbd3 | |||
| 7cc13f49af | |||
| 44f78b11de | |||
| 94725bb729 | |||
| 6a8e31a27a | |||
| 48d9765054 | |||
| 903b4fa920 | |||
| 9f21e32341 | |||
| 0ab030f188 | |||
| 7c87a94ef8 | |||
| ef3585d6b8 | |||
| 75d97f2a8f | |||
| 3c98107873 | |||
| 3a8dd28bc5 | |||
| af549ab68f | |||
| 8ca8c1572c | |||
| 743b013a56 | |||
| 7f72379943 | |||
| 922cd9e7f7 | |||
| bd77d9131e | |||
| be642d909d | |||
| 7e7f34281b | |||
| 9c0aa8de35 | |||
| ff849fed45 | |||
| f0f7595cea | |||
| 9faba29108 | |||
| 329ff9e9b8 | |||
| c0cef3d444 | |||
| 9cc3e64390 | |||
| 408392d26f | |||
| b70686422d | |||
| 5a9d4094b7 | |||
| 7958c928fb | |||
| 91ad3f6e85 | |||
| c35e7bc7ed | |||
| 1dc191efe6 | |||
| 3957a66827 | |||
| 44f88e3084 | |||
| 1b420fc037 | |||
| 3bd799aa49 | |||
| 5247a63723 | |||
| 2ea0d106c9 | |||
| 785925c0eb | |||
| 9e4ffdc8cf | |||
| b620a7962b | |||
| 3cb9d2ecab | |||
| 5be79ef42d | |||
| 9e427ca5a9 | |||
| 6cbf1b57b0 | |||
| 0433910910 | |||
| 883e514f5b | |||
| b442ccb43e | |||
| 17041efcf9 | |||
| 7e90b0171f | |||
| 37b5713442 | |||
| 26c7864b4e | |||
| cf92dbcf81 | |||
| 1e88b79a75 | |||
| df83838d94 | |||
| 2c9acdc898 | |||
| 77fa6bd5b2 | |||
| 3a2bef1f4f | |||
| 8dbb329307 |
+23
-15
@@ -7,9 +7,10 @@
|
||||
image: buildroot/base:20191027.2027
|
||||
|
||||
.check_base:
|
||||
except:
|
||||
- /^.*-.*_defconfig$/
|
||||
- /^.*-tests\..*$/
|
||||
rules:
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
|
||||
when: never
|
||||
- when: always
|
||||
|
||||
check-DEVELOPERS:
|
||||
extends: .check_base
|
||||
@@ -69,17 +70,21 @@ check-package:
|
||||
extends: .defconfig_base
|
||||
# Running the defconfigs for every push is too much, so limit to
|
||||
# explicit triggers through the API.
|
||||
only:
|
||||
- triggers
|
||||
- tags
|
||||
- /-defconfigs$/
|
||||
rules:
|
||||
# For tags, create a pipeline.
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
# For pipeline created by using a trigger token.
|
||||
- if: '$CI_PIPELINE_TRIGGERED'
|
||||
# For the branch or tag name named *-defconfigs, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
|
||||
before_script:
|
||||
- DEFCONFIG_NAME=${CI_JOB_NAME}
|
||||
|
||||
one-defconfig:
|
||||
extends: .defconfig_base
|
||||
only:
|
||||
- /^.*-.*_defconfig$/
|
||||
rules:
|
||||
# For the branch or tag name named *-*_defconfigs, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
|
||||
before_script:
|
||||
- DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
|
||||
|
||||
@@ -103,17 +108,20 @@ one-defconfig:
|
||||
extends: .runtime_test_base
|
||||
# Running the runtime tests for every push is too much, so limit to
|
||||
# explicit triggers through the API.
|
||||
only:
|
||||
- triggers
|
||||
- tags
|
||||
- /-runtime-tests$/
|
||||
rules:
|
||||
# For tags, create a pipeline.
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
# For pipeline created by using a trigger token.
|
||||
- if: '$CI_PIPELINE_TRIGGERED'
|
||||
# For the branch or tag name named *-runtime-tests, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
|
||||
before_script:
|
||||
- TEST_CASE_NAME=${CI_JOB_NAME}
|
||||
|
||||
one-runtime_test:
|
||||
extends: .runtime_test_base
|
||||
only:
|
||||
- /^.*-tests\..*$/
|
||||
rules:
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
|
||||
before_script:
|
||||
- TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
|
||||
aarch64_efi_defconfig: { extends: .defconfig }
|
||||
|
||||
+23
-15
@@ -7,9 +7,10 @@
|
||||
image: buildroot/base:20191027.2027
|
||||
|
||||
.check_base:
|
||||
except:
|
||||
- /^.*-.*_defconfig$/
|
||||
- /^.*-tests\..*$/
|
||||
rules:
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/ || $CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
|
||||
when: never
|
||||
- when: always
|
||||
|
||||
check-DEVELOPERS:
|
||||
extends: .check_base
|
||||
@@ -69,17 +70,21 @@ check-package:
|
||||
extends: .defconfig_base
|
||||
# Running the defconfigs for every push is too much, so limit to
|
||||
# explicit triggers through the API.
|
||||
only:
|
||||
- triggers
|
||||
- tags
|
||||
- /-defconfigs$/
|
||||
rules:
|
||||
# For tags, create a pipeline.
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
# For pipeline created by using a trigger token.
|
||||
- if: '$CI_PIPELINE_TRIGGERED'
|
||||
# For the branch or tag name named *-defconfigs, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-defconfigs$/'
|
||||
before_script:
|
||||
- DEFCONFIG_NAME=${CI_JOB_NAME}
|
||||
|
||||
one-defconfig:
|
||||
extends: .defconfig_base
|
||||
only:
|
||||
- /^.*-.*_defconfig$/
|
||||
rules:
|
||||
# For the branch or tag name named *-*_defconfigs, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-.*_defconfig$/'
|
||||
before_script:
|
||||
- DEFCONFIG_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
|
||||
|
||||
@@ -103,16 +108,19 @@ one-defconfig:
|
||||
extends: .runtime_test_base
|
||||
# Running the runtime tests for every push is too much, so limit to
|
||||
# explicit triggers through the API.
|
||||
only:
|
||||
- triggers
|
||||
- tags
|
||||
- /-runtime-tests$/
|
||||
rules:
|
||||
# For tags, create a pipeline.
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
# For pipeline created by using a trigger token.
|
||||
- if: '$CI_PIPELINE_TRIGGERED'
|
||||
# For the branch or tag name named *-runtime-tests, create a pipeline.
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-runtime-tests$/'
|
||||
before_script:
|
||||
- TEST_CASE_NAME=${CI_JOB_NAME}
|
||||
|
||||
one-runtime_test:
|
||||
extends: .runtime_test_base
|
||||
only:
|
||||
- /^.*-tests\..*$/
|
||||
rules:
|
||||
- if: '$CI_COMMIT_REF_NAME =~ /^.*-tests\..*$/'
|
||||
before_script:
|
||||
- TEST_CASE_NAME=$(echo ${CI_COMMIT_REF_NAME} | sed -e 's,^.*-,,g')
|
||||
|
||||
@@ -1,3 +1,35 @@
|
||||
2020.02.5, released August 29th, 2020
|
||||
|
||||
Important / security related fixes.
|
||||
|
||||
Infrastructure: Ensure RPATH entries that may be needed for
|
||||
dlopen() are not dropped by patchelf.
|
||||
|
||||
BR_VERSION_FULL/setlocalversion (used by make print-version
|
||||
and /etc/os-release): Properly handle local git tags
|
||||
|
||||
Updated/fixed packages: apache, at91bootstrap3, bind, boost,
|
||||
busybox, capnproto, chrony, collectd, cpio, cryptsetup, cups,
|
||||
cvs, dbus, docker-engine, domoticz, dovecot,
|
||||
dovecot-pigeonhole, dropbear, efl, elixir, f2fs-tools, ffmpeg,
|
||||
gd, gdk-pixbuf, ghostscript, glibc, grub2, gst1-plugins-bad,
|
||||
hostapd, iputils, jasper, json-c, libcurl, libwebsockets,
|
||||
linux, live555, mesa3d, mosquitto, mpv, nodejs, opencv,
|
||||
opencv3, openjpeg, patchelf, perl, php, postgresql,
|
||||
python-django, python-gunicorn, python-matplotlib, ripgrep,
|
||||
rtl8188eu, rtl8821au, ruby, shadowsocks-libev, squid,
|
||||
tpm2-abrmd, tpm2-tools, trousers, uacme, webkitgtk, wireshark,
|
||||
wolfssl, wpa_supplicant, wpewebkit, xen, xlib_libX11,
|
||||
xserver_xorg-server
|
||||
|
||||
Issues resolved (http://bugs.uclibc.org):
|
||||
|
||||
#12876: nodejs fails to build when host-icu has been built before
|
||||
#13111: python-gunicorn: missing dependency on python-setuptools
|
||||
#13121: wpa_supplicant fails to build without libopenssl enabled
|
||||
#13141: Target-finalize fail with "depmod: ERROR: Bad version passed"
|
||||
#13156: package live555 new license
|
||||
|
||||
2020.02.4, released July 26th, 2020
|
||||
|
||||
Important / security related fixes.
|
||||
|
||||
+8
-3
@@ -186,18 +186,25 @@ F: package/rauc/
|
||||
|
||||
N: Angelo Compagnucci <angelo.compagnucci@gmail.com>
|
||||
F: package/corkscrew/
|
||||
F: package/cups/
|
||||
F: package/cups-filters/
|
||||
F: package/fail2ban/
|
||||
F: package/grep/
|
||||
F: package/i2c-tools/
|
||||
F: package/jq/
|
||||
F: package/libb64/
|
||||
F: package/mender/
|
||||
F: package/mender-artifact/
|
||||
F: package/mono/
|
||||
F: package/mono-gtksharp3/
|
||||
F: package/monolite/
|
||||
F: package/openjpeg/
|
||||
F: package/python-can/
|
||||
F: package/python-pillow/
|
||||
F: package/python-pydal/
|
||||
F: package/python-spidev/
|
||||
F: package/python-web2py/
|
||||
F: package/sam-ba/
|
||||
F: package/sshguard/
|
||||
F: package/sunwait/
|
||||
F: package/sysdig/
|
||||
@@ -1035,6 +1042,7 @@ N: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
|
||||
F: package/gnuradio/
|
||||
F: package/gqrx/
|
||||
F: package/gr-osmosdr/
|
||||
F: package/librtlsdr/
|
||||
F: package/libusbgx/
|
||||
F: package/python-cheetah/
|
||||
F: package/python-markdown/
|
||||
@@ -1713,9 +1721,6 @@ F: package/systemd-bootchart/
|
||||
F: package/tinyalsa/
|
||||
F: package/tinyxml/
|
||||
|
||||
N: Maxime Ripard <maxime.ripard@bootlin.com>
|
||||
F: package/kmsxx/
|
||||
|
||||
N: Michael Durrant <mdurrant@arcturusnetworks.com>
|
||||
F: board/arcturus/
|
||||
F: configs/arcturus_ucp1020_defconfig
|
||||
|
||||
@@ -92,9 +92,9 @@ all:
|
||||
.PHONY: all
|
||||
|
||||
# Set and export the version string
|
||||
export BR2_VERSION := 2020.02.4
|
||||
export BR2_VERSION := 2020.02.5
|
||||
# Actual time the release is cut (for reproducible builds)
|
||||
BR2_VERSION_EPOCH = 1595750000
|
||||
BR2_VERSION_EPOCH = 1598727000
|
||||
|
||||
# Save running make version since it's clobbered by the make package
|
||||
RUNNING_MAKE_VERSION := $(MAKE_VERSION)
|
||||
@@ -113,7 +113,13 @@ DATE := $(shell date +%Y%m%d)
|
||||
|
||||
# Compute the full local version string so packages can use it as-is
|
||||
# Need to export it, so it can be got from environment in children (eg. mconf)
|
||||
export BR2_VERSION_FULL := $(BR2_VERSION)$(shell $(TOPDIR)/support/scripts/setlocalversion)
|
||||
|
||||
BR2_LOCALVERSION := $(shell $(TOPDIR)/support/scripts/setlocalversion)
|
||||
ifeq ($(BR2_LOCALVERSION),)
|
||||
export BR2_VERSION_FULL := $(BR2_VERSION)
|
||||
else
|
||||
export BR2_VERSION_FULL := $(BR2_LOCALVERSION)
|
||||
endif
|
||||
|
||||
# List of targets and target patterns for which .config doesn't need to be read in
|
||||
noconfig_targets := menuconfig nconfig gconfig xconfig config oldconfig randconfig \
|
||||
@@ -793,9 +799,9 @@ endif
|
||||
# counterparts are appropriately setup as symlinks ones to the others.
|
||||
ifeq ($(BR2_ROOTFS_MERGED_USR),y)
|
||||
|
||||
@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
|
||||
$(call MESSAGE,"Sanity check in overlay $(d)"); \
|
||||
not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
|
||||
$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
|
||||
@$(call MESSAGE,"Sanity check in overlay $(d)")$(sep) \
|
||||
$(Q)not_merged_dirs="$$(support/scripts/check-merged-usr.sh $(d))"; \
|
||||
test -n "$$not_merged_dirs" && { \
|
||||
echo "ERROR: The overlay in $(d) is not" \
|
||||
"using a merged /usr for the following directories:" \
|
||||
@@ -805,20 +811,20 @@ ifeq ($(BR2_ROOTFS_MERGED_USR),y)
|
||||
|
||||
endif # merged /usr
|
||||
|
||||
@$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
|
||||
$(call MESSAGE,"Copying overlay $(d)"); \
|
||||
$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))
|
||||
$(foreach d, $(call qstrip,$(BR2_ROOTFS_OVERLAY)), \
|
||||
@$(call MESSAGE,"Copying overlay $(d)")$(sep) \
|
||||
$(Q)$(call SYSTEM_RSYNC,$(d),$(TARGET_DIR))$(sep))
|
||||
|
||||
$(if $(TARGET_DIR_FILES_LISTS), \
|
||||
$(Q)$(if $(TARGET_DIR_FILES_LISTS), \
|
||||
cat $(TARGET_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list.txt
|
||||
$(if $(HOST_DIR_FILES_LISTS), \
|
||||
$(Q)$(if $(HOST_DIR_FILES_LISTS), \
|
||||
cat $(HOST_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-host.txt
|
||||
$(if $(STAGING_DIR_FILES_LISTS), \
|
||||
$(Q)$(if $(STAGING_DIR_FILES_LISTS), \
|
||||
cat $(STAGING_DIR_FILES_LISTS)) > $(BUILD_DIR)/packages-file-list-staging.txt
|
||||
|
||||
@$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
|
||||
$(call MESSAGE,"Executing post-build script $(s)"); \
|
||||
$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))
|
||||
$(foreach s, $(call qstrip,$(BR2_ROOTFS_POST_BUILD_SCRIPT)), \
|
||||
@$(call MESSAGE,"Executing post-build script $(s)")$(sep) \
|
||||
$(Q)$(EXTRA_ENV) $(s) $(TARGET_DIR) $(call qstrip,$(BR2_ROOTFS_POST_SCRIPT_ARGS))$(sep))
|
||||
|
||||
touch $(TARGET_DIR)/usr
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
config BR2_TARGET_AT91BOOTSTRAP3
|
||||
bool "AT91 Bootstrap 3"
|
||||
depends on BR2_arm926t || BR2_cortex_a5
|
||||
depends on BR2_arm926t || BR2_cortex_a5 || BR2_cortex_a7
|
||||
help
|
||||
AT91Bootstrap is a first level bootloader for the Atmel AT91
|
||||
devices. It integrates algorithms for:
|
||||
|
||||
@@ -0,0 +1,73 @@
|
||||
From a7ab0cc98fa89a3d5098c29cbe44bcd24b0a6454 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Wed, 15 Apr 2020 15:45:02 -0400
|
||||
Subject: [PATCH] yylex: Make lexer fatal errors actually be fatal
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
When presented with a command that can't be tokenized to anything
|
||||
smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg),
|
||||
expecting that will stop further processing, as such:
|
||||
|
||||
#define YY_DO_BEFORE_ACTION \
|
||||
yyg->yytext_ptr = yy_bp; \
|
||||
yyleng = (int) (yy_cp - yy_bp); \
|
||||
yyg->yy_hold_char = *yy_cp; \
|
||||
*yy_cp = '\0'; \
|
||||
if ( yyleng >= YYLMAX ) \
|
||||
YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \
|
||||
yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \
|
||||
yyg->yy_c_buf_p = yy_cp;
|
||||
|
||||
The code flex generates expects that YY_FATAL_ERROR() will either return
|
||||
for it or do some form of longjmp(), or handle the error in some way at
|
||||
least, and so the strncpy() call isn't in an "else" clause, and thus if
|
||||
YY_FATAL_ERROR() is *not* actually fatal, it does the call with the
|
||||
questionable limit, and predictable results ensue.
|
||||
|
||||
Unfortunately, our implementation of YY_FATAL_ERROR() is:
|
||||
|
||||
#define YY_FATAL_ERROR(msg) \
|
||||
do { \
|
||||
grub_printf (_("fatal error: %s\n"), _(msg)); \
|
||||
} while (0)
|
||||
|
||||
The same pattern exists in yyless(), and similar problems exist in users
|
||||
of YY_INPUT(), several places in the main parsing loop,
|
||||
yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack,
|
||||
yy_scan_buffer(), etc.
|
||||
|
||||
All of these callers expect YY_FATAL_ERROR() to actually be fatal, and
|
||||
the things they do if it returns after calling it are wildly unsafe.
|
||||
|
||||
Fixes: CVE-2020-10713
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/script/yylex.l | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l
|
||||
index 7b44c37b7..b7203c823 100644
|
||||
--- a/grub-core/script/yylex.l
|
||||
+++ b/grub-core/script/yylex.l
|
||||
@@ -37,11 +37,11 @@
|
||||
|
||||
/*
|
||||
* As we don't have access to yyscanner, we cannot do much except to
|
||||
- * print the fatal error.
|
||||
+ * print the fatal error and exit.
|
||||
*/
|
||||
#define YY_FATAL_ERROR(msg) \
|
||||
do { \
|
||||
- grub_printf (_("fatal error: %s\n"), _(msg)); \
|
||||
+ grub_fatal (_("fatal error: %s\n"), _(msg));\
|
||||
} while (0)
|
||||
|
||||
#define COPY(str, hint) \
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,128 @@
|
||||
From 782a4580a5e347793443aa8e9152db1bf4a0fff8 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 15 Jun 2020 10:58:42 -0400
|
||||
Subject: [PATCH] safemath: Add some arithmetic primitives that check for
|
||||
overflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This adds a new header, include/grub/safemath.h, that includes easy to
|
||||
use wrappers for __builtin_{add,sub,mul}_overflow() declared like:
|
||||
|
||||
bool OP(a, b, res)
|
||||
|
||||
where OP is grub_add, grub_sub or grub_mul. OP() returns true in the
|
||||
case where the operation would overflow and res is not modified.
|
||||
Otherwise, false is returned and the operation is executed.
|
||||
|
||||
These arithmetic primitives require newer compiler versions. So, bump
|
||||
these requirements in the INSTALL file too.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
INSTALL | 22 ++--------------------
|
||||
include/grub/compiler.h | 8 ++++++++
|
||||
include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++
|
||||
3 files changed, 47 insertions(+), 20 deletions(-)
|
||||
create mode 100644 include/grub/safemath.h
|
||||
|
||||
diff --git a/INSTALL b/INSTALL
|
||||
index 8acb40902..dcb9b7d7b 100644
|
||||
--- a/INSTALL
|
||||
+++ b/INSTALL
|
||||
@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If
|
||||
you don't have any of them, please obtain and install them before
|
||||
configuring the GRUB.
|
||||
|
||||
-* GCC 4.1.3 or later
|
||||
- Note: older versions may work but support is limited
|
||||
-
|
||||
- Experimental support for clang 3.3 or later (results in much bigger binaries)
|
||||
+* GCC 5.1.0 or later
|
||||
+ Experimental support for clang 3.8.0 or later (results in much bigger binaries)
|
||||
for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64
|
||||
- Note: clang 3.2 or later works for i386 and x86_64 targets but results in
|
||||
- much bigger binaries.
|
||||
- earlier versions not tested
|
||||
- Note: clang 3.2 or later works for arm
|
||||
- earlier versions not tested
|
||||
- Note: clang on arm64 is not supported due to
|
||||
- https://llvm.org/bugs/show_bug.cgi?id=26030
|
||||
- Note: clang 3.3 or later works for mips(el)
|
||||
- earlier versions fail to generate .reginfo and hence gprel relocations
|
||||
- fail.
|
||||
- Note: clang 3.2 or later works for powerpc
|
||||
- earlier versions not tested
|
||||
- Note: clang 3.5 or later works for sparc64
|
||||
- earlier versions return "error: unable to interface with target machine"
|
||||
- Note: clang has no support for ia64 and hence you can't compile GRUB
|
||||
- for ia64 with clang
|
||||
* GNU Make
|
||||
* GNU Bison 2.3 or later
|
||||
* GNU gettext 0.17 or later
|
||||
diff --git a/include/grub/compiler.h b/include/grub/compiler.h
|
||||
index c9e1d7a73..8f3be3ae7 100644
|
||||
--- a/include/grub/compiler.h
|
||||
+++ b/include/grub/compiler.h
|
||||
@@ -48,4 +48,12 @@
|
||||
# define WARN_UNUSED_RESULT
|
||||
#endif
|
||||
|
||||
+#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__)
|
||||
+# define CLANG_PREREQ(maj,min) \
|
||||
+ ((__clang_major__ > (maj)) || \
|
||||
+ (__clang_major__ == (maj) && __clang_minor__ >= (min)))
|
||||
+#else
|
||||
+# define CLANG_PREREQ(maj,min) 0
|
||||
+#endif
|
||||
+
|
||||
#endif /* ! GRUB_COMPILER_HEADER */
|
||||
diff --git a/include/grub/safemath.h b/include/grub/safemath.h
|
||||
new file mode 100644
|
||||
index 000000000..c17b89bba
|
||||
--- /dev/null
|
||||
+++ b/include/grub/safemath.h
|
||||
@@ -0,0 +1,37 @@
|
||||
+/*
|
||||
+ * GRUB -- GRand Unified Bootloader
|
||||
+ * Copyright (C) 2020 Free Software Foundation, Inc.
|
||||
+ *
|
||||
+ * GRUB is free software: you can redistribute it and/or modify
|
||||
+ * it under the terms of the GNU General Public License as published by
|
||||
+ * the Free Software Foundation, either version 3 of the License, or
|
||||
+ * (at your option) any later version.
|
||||
+ *
|
||||
+ * GRUB is distributed in the hope that it will be useful,
|
||||
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ * GNU General Public License for more details.
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License
|
||||
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||
+ *
|
||||
+ * Arithmetic operations that protect against overflow.
|
||||
+ */
|
||||
+
|
||||
+#ifndef GRUB_SAFEMATH_H
|
||||
+#define GRUB_SAFEMATH_H 1
|
||||
+
|
||||
+#include <grub/compiler.h>
|
||||
+
|
||||
+/* These appear in gcc 5.1 and clang 3.8. */
|
||||
+#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8)
|
||||
+
|
||||
+#define grub_add(a, b, res) __builtin_add_overflow(a, b, res)
|
||||
+#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res)
|
||||
+#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res)
|
||||
+
|
||||
+#else
|
||||
+#error gcc 5.1 or newer or clang 3.8 or newer is required
|
||||
+#endif
|
||||
+
|
||||
+#endif /* GRUB_SAFEMATH_H */
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,246 @@
|
||||
From 5775eb40862b67468ced816e6d7560dbe22a3670 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Mon, 15 Jun 2020 12:15:29 -0400
|
||||
Subject: [PATCH] calloc: Make sure we always have an overflow-checking
|
||||
calloc() available
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This tries to make sure that everywhere in this source tree, we always have
|
||||
an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.)
|
||||
available, and that they all safely check for overflow and return NULL when
|
||||
it would occur.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/kern/emu/misc.c | 12 +++++++++
|
||||
grub-core/kern/emu/mm.c | 10 ++++++++
|
||||
grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++
|
||||
grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++--
|
||||
grub-core/lib/posix_wrap/stdlib.h | 8 +++++-
|
||||
include/grub/emu/misc.h | 1 +
|
||||
include/grub/mm.h | 6 +++++
|
||||
7 files changed, 85 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c
|
||||
index 65db79baa..dfd8a8ec4 100644
|
||||
--- a/grub-core/kern/emu/misc.c
|
||||
+++ b/grub-core/kern/emu/misc.c
|
||||
@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...)
|
||||
exit (1);
|
||||
}
|
||||
|
||||
+void *
|
||||
+xcalloc (grub_size_t nmemb, grub_size_t size)
|
||||
+{
|
||||
+ void *p;
|
||||
+
|
||||
+ p = calloc (nmemb, size);
|
||||
+ if (!p)
|
||||
+ grub_util_error ("%s", _("out of memory"));
|
||||
+
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
void *
|
||||
xmalloc (grub_size_t size)
|
||||
{
|
||||
diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
|
||||
index f262e95e3..145b01d37 100644
|
||||
--- a/grub-core/kern/emu/mm.c
|
||||
+++ b/grub-core/kern/emu/mm.c
|
||||
@@ -25,6 +25,16 @@
|
||||
#include <string.h>
|
||||
#include <grub/i18n.h>
|
||||
|
||||
+void *
|
||||
+grub_calloc (grub_size_t nmemb, grub_size_t size)
|
||||
+{
|
||||
+ void *ret;
|
||||
+ ret = calloc (nmemb, size);
|
||||
+ if (!ret)
|
||||
+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
void *
|
||||
grub_malloc (grub_size_t size)
|
||||
{
|
||||
diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c
|
||||
index ee88ff611..f2822a836 100644
|
||||
--- a/grub-core/kern/mm.c
|
||||
+++ b/grub-core/kern/mm.c
|
||||
@@ -67,8 +67,10 @@
|
||||
#include <grub/dl.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/mm_private.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
#ifdef MM_DEBUG
|
||||
+# undef grub_calloc
|
||||
# undef grub_malloc
|
||||
# undef grub_zalloc
|
||||
# undef grub_realloc
|
||||
@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on
|
||||
+ * integer overflow.
|
||||
+ */
|
||||
+void *
|
||||
+grub_calloc (grub_size_t nmemb, grub_size_t size)
|
||||
+{
|
||||
+ void *ret;
|
||||
+ grub_size_t sz = 0;
|
||||
+
|
||||
+ if (grub_mul (nmemb, size, &sz))
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ ret = grub_memalign (0, sz);
|
||||
+ if (!ret)
|
||||
+ return NULL;
|
||||
+
|
||||
+ grub_memset (ret, 0, sz);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/* Allocate SIZE bytes and return the pointer. */
|
||||
void *
|
||||
grub_malloc (grub_size_t size)
|
||||
@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno)
|
||||
grub_printf ("\n");
|
||||
}
|
||||
|
||||
+void *
|
||||
+grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size)
|
||||
+{
|
||||
+ void *ptr;
|
||||
+
|
||||
+ if (grub_mm_debug)
|
||||
+ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ",
|
||||
+ file, line, size);
|
||||
+ ptr = grub_calloc (nmemb, size);
|
||||
+ if (grub_mm_debug)
|
||||
+ grub_printf ("%p\n", ptr);
|
||||
+ return ptr;
|
||||
+}
|
||||
+
|
||||
void *
|
||||
grub_debug_malloc (const char *file, int line, grub_size_t size)
|
||||
{
|
||||
diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c
|
||||
index beeb661a3..74c6eafe5 100644
|
||||
--- a/grub-core/lib/libgcrypt_wrap/mem.c
|
||||
+++ b/grub-core/lib/libgcrypt_wrap/mem.c
|
||||
@@ -4,6 +4,7 @@
|
||||
#include <grub/crypto.h>
|
||||
#include <grub/dl.h>
|
||||
#include <grub/env.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -36,7 +37,10 @@ void *
|
||||
gcry_xcalloc (size_t n, size_t m)
|
||||
{
|
||||
void *ret;
|
||||
- ret = grub_zalloc (n * m);
|
||||
+ size_t sz;
|
||||
+ if (grub_mul (n, m, &sz))
|
||||
+ grub_fatal ("gcry_xcalloc would overflow");
|
||||
+ ret = grub_zalloc (sz);
|
||||
if (!ret)
|
||||
grub_fatal ("gcry_xcalloc failed");
|
||||
return ret;
|
||||
@@ -56,7 +60,10 @@ void *
|
||||
gcry_xcalloc_secure (size_t n, size_t m)
|
||||
{
|
||||
void *ret;
|
||||
- ret = grub_zalloc (n * m);
|
||||
+ size_t sz;
|
||||
+ if (grub_mul (n, m, &sz))
|
||||
+ grub_fatal ("gcry_xcalloc would overflow");
|
||||
+ ret = grub_zalloc (sz);
|
||||
if (!ret)
|
||||
grub_fatal ("gcry_xcalloc failed");
|
||||
return ret;
|
||||
diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
|
||||
index 3b46f47ff..7a8d385e9 100644
|
||||
--- a/grub-core/lib/posix_wrap/stdlib.h
|
||||
+++ b/grub-core/lib/posix_wrap/stdlib.h
|
||||
@@ -21,6 +21,7 @@
|
||||
|
||||
#include <grub/mm.h>
|
||||
#include <grub/misc.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
static inline void
|
||||
free (void *ptr)
|
||||
@@ -37,7 +38,12 @@ malloc (grub_size_t size)
|
||||
static inline void *
|
||||
calloc (grub_size_t size, grub_size_t nelem)
|
||||
{
|
||||
- return grub_zalloc (size * nelem);
|
||||
+ grub_size_t sz;
|
||||
+
|
||||
+ if (grub_mul (size, nelem, &sz))
|
||||
+ return NULL;
|
||||
+
|
||||
+ return grub_zalloc (sz);
|
||||
}
|
||||
|
||||
static inline void *
|
||||
diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h
|
||||
index ce464cfd0..ff9c48a64 100644
|
||||
--- a/include/grub/emu/misc.h
|
||||
+++ b/include/grub/emu/misc.h
|
||||
@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev);
|
||||
#define GRUB_HOST_PRIuLONG_LONG "llu"
|
||||
#define GRUB_HOST_PRIxLONG_LONG "llx"
|
||||
|
||||
+void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT;
|
||||
void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT;
|
||||
void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT;
|
||||
char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT;
|
||||
diff --git a/include/grub/mm.h b/include/grub/mm.h
|
||||
index 28e2e53eb..9c38dd3ca 100644
|
||||
--- a/include/grub/mm.h
|
||||
+++ b/include/grub/mm.h
|
||||
@@ -29,6 +29,7 @@
|
||||
#endif
|
||||
|
||||
void grub_mm_init_region (void *addr, grub_size_t size);
|
||||
+void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size);
|
||||
void *EXPORT_FUNC(grub_malloc) (grub_size_t size);
|
||||
void *EXPORT_FUNC(grub_zalloc) (grub_size_t size);
|
||||
void EXPORT_FUNC(grub_free) (void *ptr);
|
||||
@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug);
|
||||
void grub_mm_dump_free (void);
|
||||
void grub_mm_dump (unsigned lineno);
|
||||
|
||||
+#define grub_calloc(nmemb, size) \
|
||||
+ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size)
|
||||
+
|
||||
#define grub_malloc(size) \
|
||||
grub_debug_malloc (GRUB_FILE, __LINE__, size)
|
||||
|
||||
@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno);
|
||||
#define grub_free(ptr) \
|
||||
grub_debug_free (GRUB_FILE, __LINE__, ptr)
|
||||
|
||||
+void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line,
|
||||
+ grub_size_t nmemb, grub_size_t size);
|
||||
void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line,
|
||||
grub_size_t size);
|
||||
void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line,
|
||||
--
|
||||
2.26.2
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,72 @@
|
||||
From e0dd17a3ce79c6622dc78c96e1f2ef1b20e2bf7b Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sat, 4 Jul 2020 12:25:09 -0400
|
||||
Subject: [PATCH] iso9660: Don't leak memory on realloc() failures
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/fs/iso9660.c | 24 ++++++++++++++++++++----
|
||||
1 file changed, 20 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c
|
||||
index 7ba5b300b..5ec4433b8 100644
|
||||
--- a/grub-core/fs/iso9660.c
|
||||
+++ b/grub-core/fs/iso9660.c
|
||||
@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx,
|
||||
{
|
||||
int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0;
|
||||
grub_size_t sz;
|
||||
+ char *new;
|
||||
|
||||
if (grub_add (size, len2, &sz) ||
|
||||
grub_add (sz, 1, &sz))
|
||||
return;
|
||||
|
||||
- ctx->symlink = grub_realloc (ctx->symlink, sz);
|
||||
- if (! ctx->symlink)
|
||||
- return;
|
||||
+ new = grub_realloc (ctx->symlink, sz);
|
||||
+ if (!new)
|
||||
+ {
|
||||
+ grub_free (ctx->symlink);
|
||||
+ ctx->symlink = NULL;
|
||||
+ return;
|
||||
+ }
|
||||
+ ctx->symlink = new;
|
||||
|
||||
grub_memcpy (ctx->symlink + size, part, len2);
|
||||
ctx->symlink[size + len2] = 0;
|
||||
@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
|
||||
is the length. Both are part of the `Component
|
||||
Record'. */
|
||||
if (ctx->symlink && !ctx->was_continue)
|
||||
- add_part (ctx, "/", 1);
|
||||
+ {
|
||||
+ add_part (ctx, "/", 1);
|
||||
+ if (grub_errno)
|
||||
+ return grub_errno;
|
||||
+ }
|
||||
+
|
||||
add_part (ctx, (char *) &entry->data[pos + 2],
|
||||
entry->data[pos + 1]);
|
||||
ctx->was_continue = (entry->data[pos] & 1);
|
||||
@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry,
|
||||
add_part (ctx, "/", 1);
|
||||
break;
|
||||
}
|
||||
+
|
||||
+ /* Check if grub_realloc() failed in add_part(). */
|
||||
+ if (grub_errno)
|
||||
+ return grub_errno;
|
||||
+
|
||||
/* In pos + 1 the length of the `Component Record' is
|
||||
stored. */
|
||||
pos += entry->data[pos + 1] + 2;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
From 73bc7a964c9496d5b0f00dbd69959dacf5adcebe Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Date: Tue, 7 Jul 2020 15:36:26 +0200
|
||||
Subject: [PATCH] font: Do not load more than one NAME section
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The GRUB font file can have one NAME section only. Though if somebody
|
||||
crafts a broken font file with many NAME sections and loads it then the
|
||||
GRUB leaks memory. So, prevent against that by loading first NAME
|
||||
section and failing in controlled way on following one.
|
||||
|
||||
Reported-by: Chris Coulson <chris.coulson@canonical.com>
|
||||
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/font/font.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/grub-core/font/font.c b/grub-core/font/font.c
|
||||
index 5edb477ac..d09bb38d8 100644
|
||||
--- a/grub-core/font/font.c
|
||||
+++ b/grub-core/font/font.c
|
||||
@@ -532,6 +532,12 @@ grub_font_load (const char *filename)
|
||||
if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME,
|
||||
sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0)
|
||||
{
|
||||
+ if (font->name != NULL)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
font->name = read_section_as_string (§ion);
|
||||
if (!font->name)
|
||||
goto fail;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
From 9ff609f0e7798bc5fb04f791131c98e7693bdd9b Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Wed, 8 Jul 2020 20:41:56 +0000
|
||||
Subject: [PATCH] gfxmenu: Fix double free in load_image()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
self->bitmap should be zeroed after free. Otherwise, there is a chance
|
||||
to double free (USE_AFTER_FREE) it later in rescale_image().
|
||||
|
||||
Fixes: CID 292472
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/gfxmenu/gui_image.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c
|
||||
index 29784ed2d..6b2e976f1 100644
|
||||
--- a/grub-core/gfxmenu/gui_image.c
|
||||
+++ b/grub-core/gfxmenu/gui_image.c
|
||||
@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path)
|
||||
return grub_errno;
|
||||
|
||||
if (self->bitmap && (self->bitmap != self->raw_bitmap))
|
||||
- grub_video_bitmap_destroy (self->bitmap);
|
||||
+ {
|
||||
+ grub_video_bitmap_destroy (self->bitmap);
|
||||
+ self->bitmap = 0;
|
||||
+ }
|
||||
if (self->raw_bitmap)
|
||||
grub_video_bitmap_destroy (self->raw_bitmap);
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
From dc9777dc17697b196c415c53187a55861d41fd2a Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Wed, 8 Jul 2020 21:30:43 +0000
|
||||
Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get
|
||||
allocated and freed in the caller.
|
||||
|
||||
Minor improvement: do prop fields initialization after memory allocations.
|
||||
|
||||
Fixes: CID 292442, CID 292457, CID 292460, CID 292466
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/i386/xnu.c | 17 ++++++++---------
|
||||
1 file changed, 8 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
|
||||
index b7d176b5d..e9e119259 100644
|
||||
--- a/grub-core/loader/i386/xnu.c
|
||||
+++ b/grub-core/loader/i386/xnu.c
|
||||
@@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev,
|
||||
if (!prop)
|
||||
return grub_errno;
|
||||
|
||||
- prop->name = utf8;
|
||||
- prop->name16 = utf16;
|
||||
- prop->name16len = utf16len;
|
||||
-
|
||||
- prop->length = datalen;
|
||||
- prop->data = grub_malloc (prop->length);
|
||||
+ prop->data = grub_malloc (datalen);
|
||||
if (!prop->data)
|
||||
{
|
||||
- grub_free (prop->name);
|
||||
- grub_free (prop->name16);
|
||||
grub_free (prop);
|
||||
return grub_errno;
|
||||
}
|
||||
- grub_memcpy (prop->data, data, prop->length);
|
||||
+ grub_memcpy (prop->data, data, datalen);
|
||||
+
|
||||
+ prop->name = utf8;
|
||||
+ prop->name16 = utf16;
|
||||
+ prop->name16len = utf16len;
|
||||
+ prop->length = datalen;
|
||||
+
|
||||
grub_list_push (GRUB_AS_LIST_P (&dev->properties),
|
||||
GRUB_AS_LIST (prop));
|
||||
return GRUB_ERR_NONE;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,55 @@
|
||||
From 78829f0c230680e386fff9f420bb1631bc20f761 Mon Sep 17 00:00:00 2001
|
||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Thu, 9 Jul 2020 03:05:23 +0000
|
||||
Subject: [PATCH] lzma: Make sure we don't dereference past array
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The two dimensional array p->posSlotEncoder[4][64] is being dereferenced
|
||||
using the GetLenToPosState() macro which checks if len is less than 5,
|
||||
and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294.
|
||||
Obviously we don't want to dereference that far out so we check if the
|
||||
position found is greater or equal kNumLenToPosStates (4) and bail out.
|
||||
|
||||
N.B.: Upstream LZMA 18.05 and later has this function completely rewritten
|
||||
without any history.
|
||||
|
||||
Fixes: CID 51526
|
||||
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/lib/LzmaEnc.c | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
|
||||
index f2ec04a8c..753e56a95 100644
|
||||
--- a/grub-core/lib/LzmaEnc.c
|
||||
+++ b/grub-core/lib/LzmaEnc.c
|
||||
@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize
|
||||
}
|
||||
else
|
||||
{
|
||||
- UInt32 posSlot;
|
||||
+ UInt32 posSlot, lenToPosState;
|
||||
RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
|
||||
p->state = kMatchNextStates[p->state];
|
||||
LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
|
||||
pos -= LZMA_NUM_REPS;
|
||||
GetPosSlot(pos, posSlot);
|
||||
- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot);
|
||||
+ lenToPosState = GetLenToPosState(len);
|
||||
+ if (lenToPosState >= kNumLenToPosStates)
|
||||
+ {
|
||||
+ p->result = SZ_ERROR_DATA;
|
||||
+ return CheckErrors(p);
|
||||
+ }
|
||||
+ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot);
|
||||
|
||||
if (posSlot >= kStartPosModelIndex)
|
||||
{
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,69 @@
|
||||
From 8d3b6f9da468f666e3a7976657f2ab5c52762a21 Mon Sep 17 00:00:00 2001
|
||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Tue, 7 Jul 2020 15:12:25 -0400
|
||||
Subject: [PATCH] term: Fix overflow on user inputs
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This requires a very weird input from the serial interface but can cause
|
||||
an overflow in input_buf (keys) overwriting the next variable (npending)
|
||||
with the user choice:
|
||||
|
||||
(pahole output)
|
||||
|
||||
struct grub_terminfo_input_state {
|
||||
int input_buf[6]; /* 0 24 */
|
||||
int npending; /* 24 4 */ <- CORRUPT
|
||||
...snip...
|
||||
|
||||
The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow
|
||||
npending with "q" (aka increase npending to 161). The simplest fix is to
|
||||
just to disallow overwrites input_buf, which exactly what this patch does.
|
||||
|
||||
Fixes: CID 292449
|
||||
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/term/terminfo.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c
|
||||
index d317efa36..5fa94c0c3 100644
|
||||
--- a/grub-core/term/terminfo.c
|
||||
+++ b/grub-core/term/terminfo.c
|
||||
@@ -398,7 +398,7 @@ grub_terminfo_getwh (struct grub_term_output *term)
|
||||
}
|
||||
|
||||
static void
|
||||
-grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
|
||||
+grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len, int max_len,
|
||||
int (*readkey) (struct grub_term_input *term))
|
||||
{
|
||||
int c;
|
||||
@@ -414,6 +414,9 @@ grub_terminfo_readkey (struct grub_term_input *term, int *keys, int *len,
|
||||
if (c == -1) \
|
||||
return; \
|
||||
\
|
||||
+ if (*len >= max_len) \
|
||||
+ return; \
|
||||
+ \
|
||||
keys[*len] = c; \
|
||||
(*len)++; \
|
||||
}
|
||||
@@ -602,8 +605,8 @@ grub_terminfo_getkey (struct grub_term_input *termi)
|
||||
return ret;
|
||||
}
|
||||
|
||||
- grub_terminfo_readkey (termi, data->input_buf,
|
||||
- &data->npending, data->readkey);
|
||||
+ grub_terminfo_readkey (termi, data->input_buf, &data->npending,
|
||||
+ GRUB_TERMINFO_READKEY_MAX_LEN, data->readkey);
|
||||
|
||||
#if defined(__powerpc__) && defined(GRUB_MACHINE_IEEE1275)
|
||||
if (data->npending == 1 && data->input_buf[0] == GRUB_TERM_ESC
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,59 @@
|
||||
From 748b691761d31bfff7e9d0d210caa606294c2b52 Mon Sep 17 00:00:00 2001
|
||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Tue, 7 Jul 2020 22:02:31 -0400
|
||||
Subject: [PATCH] udf: Fix memory leak
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes: CID 73796
|
||||
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/fs/udf.c | 17 +++++++++++++----
|
||||
1 file changed, 13 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c
|
||||
index 21ac7f446..2ac5c1d00 100644
|
||||
--- a/grub-core/fs/udf.c
|
||||
+++ b/grub-core/fs/udf.c
|
||||
@@ -965,8 +965,10 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
|
||||
return 0;
|
||||
|
||||
if (grub_udf_read_icb (dir->data, &dirent.icb, child))
|
||||
- return 0;
|
||||
-
|
||||
+ {
|
||||
+ grub_free (child);
|
||||
+ return 0;
|
||||
+ }
|
||||
if (dirent.characteristics & GRUB_UDF_FID_CHAR_PARENT)
|
||||
{
|
||||
/* This is the parent directory. */
|
||||
@@ -988,11 +990,18 @@ grub_udf_iterate_dir (grub_fshelp_node_t dir,
|
||||
dirent.file_ident_length,
|
||||
(char *) raw))
|
||||
!= dirent.file_ident_length)
|
||||
- return 0;
|
||||
+ {
|
||||
+ grub_free (child);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
filename = read_string (raw, dirent.file_ident_length, 0);
|
||||
if (!filename)
|
||||
- grub_print_error ();
|
||||
+ {
|
||||
+ /* As the hook won't get called. */
|
||||
+ grub_free (child);
|
||||
+ grub_print_error ();
|
||||
+ }
|
||||
|
||||
if (filename && hook (filename, type, child, hook_data))
|
||||
{
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
From 49bf3faa106498e151306fc780c63194a14751e3 Mon Sep 17 00:00:00 2001
|
||||
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Date: Fri, 26 Jun 2020 10:51:43 -0400
|
||||
Subject: [PATCH] multiboot2: Fix memory leak if
|
||||
grub_create_loader_cmdline() fails
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Fixes: CID 292468
|
||||
|
||||
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/multiboot_mbi2.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
|
||||
index 53da78615..0efc66062 100644
|
||||
--- a/grub-core/loader/multiboot_mbi2.c
|
||||
+++ b/grub-core/loader/multiboot_mbi2.c
|
||||
@@ -1070,7 +1070,11 @@ grub_multiboot2_add_module (grub_addr_t start, grub_size_t size,
|
||||
err = grub_create_loader_cmdline (argc, argv, newmod->cmdline,
|
||||
newmod->cmdline_size, GRUB_VERIFY_MODULE_CMDLINE);
|
||||
if (err)
|
||||
- return err;
|
||||
+ {
|
||||
+ grub_free (newmod->cmdline);
|
||||
+ grub_free (newmod);
|
||||
+ return err;
|
||||
+ }
|
||||
|
||||
if (modules_last)
|
||||
modules_last->next = newmod;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,283 @@
|
||||
From b6c4a1b204740fe52b32e7f530831a59f4038e20 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Thu, 9 Jul 2020 08:10:40 +0000
|
||||
Subject: [PATCH] tftp: Do not use priority queue
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
There is not need to reassemble the order of blocks. Per RFC 1350,
|
||||
server must wait for the ACK, before sending next block. Data packets
|
||||
can be served immediately without putting them to priority queue.
|
||||
|
||||
Logic to handle incoming packet is this:
|
||||
- if packet block id equal to expected block id, then
|
||||
process the packet,
|
||||
- if packet block id is less than expected - this is retransmit
|
||||
of old packet, then ACK it and drop the packet,
|
||||
- if packet block id is more than expected - that shouldn't
|
||||
happen, just drop the packet.
|
||||
|
||||
It makes the tftp receive path code simpler, smaller and faster.
|
||||
As a benefit, this change fixes CID# 73624 and CID# 96690, caused
|
||||
by following while loop:
|
||||
|
||||
while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
|
||||
|
||||
where tftph pointer is not moving from one iteration to another, causing
|
||||
to serve same packet again. Luckily, double serving didn't happen due to
|
||||
data->block++ during the first iteration.
|
||||
|
||||
Fixes: CID 73624, CID 96690
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/net/tftp.c | 168 ++++++++++++++-----------------------------
|
||||
1 file changed, 53 insertions(+), 115 deletions(-)
|
||||
|
||||
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
||||
index 7d90bf66e..b4297bc8d 100644
|
||||
--- a/grub-core/net/tftp.c
|
||||
+++ b/grub-core/net/tftp.c
|
||||
@@ -25,7 +25,6 @@
|
||||
#include <grub/mm.h>
|
||||
#include <grub/dl.h>
|
||||
#include <grub/file.h>
|
||||
-#include <grub/priority_queue.h>
|
||||
#include <grub/i18n.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
@@ -106,31 +105,8 @@ typedef struct tftp_data
|
||||
int have_oack;
|
||||
struct grub_error_saved save_err;
|
||||
grub_net_udp_socket_t sock;
|
||||
- grub_priority_queue_t pq;
|
||||
} *tftp_data_t;
|
||||
|
||||
-static int
|
||||
-cmp_block (grub_uint16_t a, grub_uint16_t b)
|
||||
-{
|
||||
- grub_int16_t i = (grub_int16_t) (a - b);
|
||||
- if (i > 0)
|
||||
- return +1;
|
||||
- if (i < 0)
|
||||
- return -1;
|
||||
- return 0;
|
||||
-}
|
||||
-
|
||||
-static int
|
||||
-cmp (const void *a__, const void *b__)
|
||||
-{
|
||||
- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__;
|
||||
- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__;
|
||||
- struct tftphdr *a = (struct tftphdr *) a_->data;
|
||||
- struct tftphdr *b = (struct tftphdr *) b_->data;
|
||||
- /* We want the first elements to be on top. */
|
||||
- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block));
|
||||
-}
|
||||
-
|
||||
static grub_err_t
|
||||
ack (tftp_data_t data, grub_uint64_t block)
|
||||
{
|
||||
@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
|
||||
return GRUB_ERR_NONE;
|
||||
}
|
||||
|
||||
- err = grub_priority_queue_push (data->pq, &nb);
|
||||
- if (err)
|
||||
- return err;
|
||||
-
|
||||
- {
|
||||
- struct grub_net_buff **nb_top_p, *nb_top;
|
||||
- while (1)
|
||||
- {
|
||||
- nb_top_p = grub_priority_queue_top (data->pq);
|
||||
- if (!nb_top_p)
|
||||
- return GRUB_ERR_NONE;
|
||||
- nb_top = *nb_top_p;
|
||||
- tftph = (struct tftphdr *) nb_top->data;
|
||||
- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0)
|
||||
- break;
|
||||
- ack (data, grub_be_to_cpu16 (tftph->u.data.block));
|
||||
- grub_netbuff_free (nb_top);
|
||||
- grub_priority_queue_pop (data->pq);
|
||||
- }
|
||||
- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0)
|
||||
- {
|
||||
- unsigned size;
|
||||
-
|
||||
- grub_priority_queue_pop (data->pq);
|
||||
-
|
||||
- if (file->device->net->packs.count < 50)
|
||||
+ /* Ack old/retransmitted block. */
|
||||
+ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
|
||||
+ ack (data, grub_be_to_cpu16 (tftph->u.data.block));
|
||||
+ /* Ignore unexpected block. */
|
||||
+ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
|
||||
+ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block);
|
||||
+ else
|
||||
+ {
|
||||
+ unsigned size;
|
||||
+
|
||||
+ if (file->device->net->packs.count < 50)
|
||||
+ {
|
||||
err = ack (data, data->block + 1);
|
||||
- else
|
||||
- {
|
||||
- file->device->net->stall = 1;
|
||||
- err = 0;
|
||||
- }
|
||||
- if (err)
|
||||
- return err;
|
||||
-
|
||||
- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) +
|
||||
- sizeof (tftph->u.data.block));
|
||||
- if (err)
|
||||
- return err;
|
||||
- size = nb_top->tail - nb_top->data;
|
||||
-
|
||||
- data->block++;
|
||||
- if (size < data->block_size)
|
||||
- {
|
||||
- if (data->ack_sent < data->block)
|
||||
- ack (data, data->block);
|
||||
- file->device->net->eof = 1;
|
||||
- file->device->net->stall = 1;
|
||||
- grub_net_udp_close (data->sock);
|
||||
- data->sock = NULL;
|
||||
- }
|
||||
- /* Prevent garbage in broken cards. Is it still necessary
|
||||
- given that IP implementation has been fixed?
|
||||
- */
|
||||
- if (size > data->block_size)
|
||||
- {
|
||||
- err = grub_netbuff_unput (nb_top, size - data->block_size);
|
||||
- if (err)
|
||||
- return err;
|
||||
- }
|
||||
- /* If there is data, puts packet in socket list. */
|
||||
- if ((nb_top->tail - nb_top->data) > 0)
|
||||
- grub_net_put_packet (&file->device->net->packs, nb_top);
|
||||
- else
|
||||
- grub_netbuff_free (nb_top);
|
||||
- }
|
||||
- }
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+ }
|
||||
+ else
|
||||
+ file->device->net->stall = 1;
|
||||
+
|
||||
+ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) +
|
||||
+ sizeof (tftph->u.data.block));
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+ size = nb->tail - nb->data;
|
||||
+
|
||||
+ data->block++;
|
||||
+ if (size < data->block_size)
|
||||
+ {
|
||||
+ if (data->ack_sent < data->block)
|
||||
+ ack (data, data->block);
|
||||
+ file->device->net->eof = 1;
|
||||
+ file->device->net->stall = 1;
|
||||
+ grub_net_udp_close (data->sock);
|
||||
+ data->sock = NULL;
|
||||
+ }
|
||||
+ /*
|
||||
+ * Prevent garbage in broken cards. Is it still necessary
|
||||
+ * given that IP implementation has been fixed?
|
||||
+ */
|
||||
+ if (size > data->block_size)
|
||||
+ {
|
||||
+ err = grub_netbuff_unput (nb, size - data->block_size);
|
||||
+ if (err)
|
||||
+ return err;
|
||||
+ }
|
||||
+ /* If there is data, puts packet in socket list. */
|
||||
+ if ((nb->tail - nb->data) > 0)
|
||||
+ {
|
||||
+ grub_net_put_packet (&file->device->net->packs, nb);
|
||||
+ /* Do not free nb. */
|
||||
+ return GRUB_ERR_NONE;
|
||||
+ }
|
||||
+ }
|
||||
+ grub_netbuff_free (nb);
|
||||
return GRUB_ERR_NONE;
|
||||
case TFTP_ERROR:
|
||||
data->have_oack = 1;
|
||||
@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
|
||||
}
|
||||
}
|
||||
|
||||
-static void
|
||||
-destroy_pq (tftp_data_t data)
|
||||
-{
|
||||
- struct grub_net_buff **nb_p;
|
||||
- while ((nb_p = grub_priority_queue_top (data->pq)))
|
||||
- {
|
||||
- grub_netbuff_free (*nb_p);
|
||||
- grub_priority_queue_pop (data->pq);
|
||||
- }
|
||||
-
|
||||
- grub_priority_queue_destroy (data->pq);
|
||||
-}
|
||||
-
|
||||
static grub_err_t
|
||||
tftp_open (struct grub_file *file, const char *filename)
|
||||
{
|
||||
@@ -372,17 +322,9 @@ tftp_open (struct grub_file *file, const char *filename)
|
||||
file->not_easily_seekable = 1;
|
||||
file->data = data;
|
||||
|
||||
- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp);
|
||||
- if (!data->pq)
|
||||
- {
|
||||
- grub_free (data);
|
||||
- return grub_errno;
|
||||
- }
|
||||
-
|
||||
err = grub_net_resolve_address (file->device->net->server, &addr);
|
||||
if (err)
|
||||
{
|
||||
- destroy_pq (data);
|
||||
grub_free (data);
|
||||
return err;
|
||||
}
|
||||
@@ -392,7 +334,6 @@ tftp_open (struct grub_file *file, const char *filename)
|
||||
file);
|
||||
if (!data->sock)
|
||||
{
|
||||
- destroy_pq (data);
|
||||
grub_free (data);
|
||||
return grub_errno;
|
||||
}
|
||||
@@ -406,7 +347,6 @@ tftp_open (struct grub_file *file, const char *filename)
|
||||
if (err)
|
||||
{
|
||||
grub_net_udp_close (data->sock);
|
||||
- destroy_pq (data);
|
||||
grub_free (data);
|
||||
return err;
|
||||
}
|
||||
@@ -423,7 +363,6 @@ tftp_open (struct grub_file *file, const char *filename)
|
||||
if (grub_errno)
|
||||
{
|
||||
grub_net_udp_close (data->sock);
|
||||
- destroy_pq (data);
|
||||
grub_free (data);
|
||||
return grub_errno;
|
||||
}
|
||||
@@ -466,7 +405,6 @@ tftp_close (struct grub_file *file)
|
||||
grub_print_error ();
|
||||
grub_net_udp_close (data->sock);
|
||||
}
|
||||
- destroy_pq (data);
|
||||
grub_free (data);
|
||||
return GRUB_ERR_NONE;
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,153 @@
|
||||
From 1c7b619c84f229c1602c1958bcd054b6d9937562 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Wed, 15 Jul 2020 06:42:37 +0000
|
||||
Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_addr()
|
||||
input args against integer underflow/overflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Use arithmetic macros from safemath.h to accomplish it. In this commit,
|
||||
I didn't want to be too paranoid to check every possible math equation
|
||||
for overflow/underflow. Only obvious places (with non zero chance of
|
||||
overflow/underflow) were refactored.
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/i386/linux.c | 9 +++++++--
|
||||
grub-core/loader/i386/pc/linux.c | 9 +++++++--
|
||||
grub-core/loader/i386/xen.c | 12 ++++++++++--
|
||||
grub-core/loader/xnu.c | 11 +++++++----
|
||||
4 files changed, 31 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
|
||||
index d0501e229..02a73463a 100644
|
||||
--- a/grub-core/loader/i386/linux.c
|
||||
+++ b/grub-core/loader/i386/linux.c
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <grub/lib/cmdline.h>
|
||||
#include <grub/linux.h>
|
||||
#include <grub/machine/kernel.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -547,9 +548,13 @@ grub_linux_boot (void)
|
||||
|
||||
{
|
||||
grub_relocator_chunk_t ch;
|
||||
+ grub_size_t sz;
|
||||
+
|
||||
+ if (grub_add (ctx.real_size, efi_mmap_size, &sz))
|
||||
+ return GRUB_ERR_OUT_OF_RANGE;
|
||||
+
|
||||
err = grub_relocator_alloc_chunk_addr (relocator, &ch,
|
||||
- ctx.real_mode_target,
|
||||
- (ctx.real_size + efi_mmap_size));
|
||||
+ ctx.real_mode_target, sz);
|
||||
if (err)
|
||||
return err;
|
||||
real_mode_mem = get_virtual_current_address (ch);
|
||||
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
||||
index 47ea2945e..31f09922b 100644
|
||||
--- a/grub-core/loader/i386/pc/linux.c
|
||||
+++ b/grub-core/loader/i386/pc/linux.c
|
||||
@@ -35,6 +35,7 @@
|
||||
#include <grub/i386/floppy.h>
|
||||
#include <grub/lib/cmdline.h>
|
||||
#include <grub/linux.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -218,8 +219,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
|
||||
setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS;
|
||||
|
||||
real_size = setup_sects << GRUB_DISK_SECTOR_BITS;
|
||||
- grub_linux16_prot_size = grub_file_size (file)
|
||||
- - real_size - GRUB_DISK_SECTOR_SIZE;
|
||||
+ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) ||
|
||||
+ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size))
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
|
||||
if (! grub_linux_is_bzimage
|
||||
&& GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size
|
||||
diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c
|
||||
index 8f662c8ac..cd24874ca 100644
|
||||
--- a/grub-core/loader/i386/xen.c
|
||||
+++ b/grub-core/loader/i386/xen.c
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <grub/linux.h>
|
||||
#include <grub/i386/memory.h>
|
||||
#include <grub/verify.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
|
||||
grub_relocator_chunk_t ch;
|
||||
grub_addr_t kern_start;
|
||||
grub_addr_t kern_end;
|
||||
+ grub_size_t sz;
|
||||
|
||||
if (argc == 0)
|
||||
return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
|
||||
@@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE);
|
||||
|
||||
- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start,
|
||||
- kern_end - kern_start);
|
||||
+
|
||||
+ if (grub_sub (kern_end, kern_start, &sz))
|
||||
+ {
|
||||
+ err = GRUB_ERR_OUT_OF_RANGE;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz);
|
||||
if (err)
|
||||
goto fail;
|
||||
kern_chunk_src = get_virtual_current_address (ch);
|
||||
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
|
||||
index 77d7060e1..9ae4ceb35 100644
|
||||
--- a/grub-core/loader/xnu.c
|
||||
+++ b/grub-core/loader/xnu.c
|
||||
@@ -34,6 +34,7 @@
|
||||
#include <grub/env.h>
|
||||
#include <grub/i18n.h>
|
||||
#include <grub/verify.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target)
|
||||
{
|
||||
grub_err_t err;
|
||||
grub_relocator_chunk_t ch;
|
||||
+ grub_addr_t tgt;
|
||||
+
|
||||
+ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt))
|
||||
+ return GRUB_ERR_OUT_OF_RANGE;
|
||||
|
||||
- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch,
|
||||
- grub_xnu_heap_target_start
|
||||
- + grub_xnu_heap_size, size);
|
||||
+ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
*src = get_virtual_current_address (ch);
|
||||
- *target = grub_xnu_heap_target_start + grub_xnu_heap_size;
|
||||
+ *target = tgt;
|
||||
grub_xnu_heap_size += size;
|
||||
grub_dprintf ("xnu", "val=%p\n", *src);
|
||||
return GRUB_ERR_NONE;
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,341 @@
|
||||
From 0cfbbca3ccd84d36ffb1bcd6644ada7c73b19fc0 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Wed, 8 Jul 2020 01:44:38 +0000
|
||||
Subject: [PATCH] relocator: Protect grub_relocator_alloc_chunk_align()
|
||||
max_addr against integer underflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This commit introduces integer underflow mitigation in max_addr calculation
|
||||
in grub_relocator_alloc_chunk_align() invocation.
|
||||
|
||||
It consists of 2 fixes:
|
||||
1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform
|
||||
sanity check for min/max and size values, and to make safe invocation of
|
||||
grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all
|
||||
invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...)
|
||||
by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...).
|
||||
2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top
|
||||
address (0xffffffff - size + 1) or similar.
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/lib/i386/relocator.c | 28 ++++++++++----------------
|
||||
grub-core/lib/mips/relocator.c | 6 ++----
|
||||
grub-core/lib/powerpc/relocator.c | 6 ++----
|
||||
grub-core/lib/x86_64/efi/relocator.c | 7 +++----
|
||||
grub-core/loader/i386/linux.c | 5 ++---
|
||||
grub-core/loader/i386/multiboot_mbi.c | 7 +++----
|
||||
grub-core/loader/i386/pc/linux.c | 6 ++----
|
||||
grub-core/loader/mips/linux.c | 9 +++------
|
||||
grub-core/loader/multiboot.c | 2 +-
|
||||
grub-core/loader/multiboot_elfxx.c | 10 ++++-----
|
||||
grub-core/loader/multiboot_mbi2.c | 10 ++++-----
|
||||
grub-core/loader/xnu_resume.c | 2 +-
|
||||
include/grub/relocator.h | 29 +++++++++++++++++++++++++++
|
||||
13 files changed, 69 insertions(+), 58 deletions(-)
|
||||
|
||||
diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c
|
||||
index 71dd4f0ab..34cbe834f 100644
|
||||
--- a/grub-core/lib/i386/relocator.c
|
||||
+++ b/grub-core/lib/i386/relocator.c
|
||||
@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel,
|
||||
/* Specific memory range due to Global Descriptor Table for use by payload
|
||||
that we will store in returned chunk. The address range and preference
|
||||
are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000,
|
||||
- 0x9a000 - RELOCATOR_SIZEOF (32),
|
||||
- RELOCATOR_SIZEOF (32), 16,
|
||||
- GRUB_RELOCATOR_PREFERENCE_LOW,
|
||||
- avoid_efi_bootservices);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000,
|
||||
+ RELOCATOR_SIZEOF (32), 16,
|
||||
+ GRUB_RELOCATOR_PREFERENCE_LOW,
|
||||
+ avoid_efi_bootservices);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel,
|
||||
grub_relocator_chunk_t ch;
|
||||
|
||||
/* Put it higher than the byte it checks for A20 check. */
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010,
|
||||
- 0xa0000 - RELOCATOR_SIZEOF (16)
|
||||
- - GRUB_RELOCATOR16_STACK_SIZE,
|
||||
- RELOCATOR_SIZEOF (16)
|
||||
- + GRUB_RELOCATOR16_STACK_SIZE, 16,
|
||||
- GRUB_RELOCATOR_PREFERENCE_NONE,
|
||||
- 0);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000,
|
||||
+ RELOCATOR_SIZEOF (16) +
|
||||
+ GRUB_RELOCATOR16_STACK_SIZE, 16,
|
||||
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel,
|
||||
void *relst;
|
||||
grub_relocator_chunk_t ch;
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr,
|
||||
- max_addr - RELOCATOR_SIZEOF (64),
|
||||
- RELOCATOR_SIZEOF (64), 16,
|
||||
- GRUB_RELOCATOR_PREFERENCE_NONE,
|
||||
- 0);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr,
|
||||
+ RELOCATOR_SIZEOF (64), 16,
|
||||
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c
|
||||
index 9d5f49cb9..743b213e6 100644
|
||||
--- a/grub-core/lib/mips/relocator.c
|
||||
+++ b/grub-core/lib/mips/relocator.c
|
||||
@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
|
||||
unsigned i;
|
||||
grub_addr_t vtarget;
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
|
||||
- (0xffffffff - stateset_size)
|
||||
- + 1, stateset_size,
|
||||
- sizeof (grub_uint32_t),
|
||||
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
|
||||
+ stateset_size, sizeof (grub_uint32_t),
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
if (err)
|
||||
return err;
|
||||
diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c
|
||||
index bdf2b111b..8ffb8b686 100644
|
||||
--- a/grub-core/lib/powerpc/relocator.c
|
||||
+++ b/grub-core/lib/powerpc/relocator.c
|
||||
@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel,
|
||||
unsigned i;
|
||||
grub_relocator_chunk_t ch;
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
|
||||
- (0xffffffff - stateset_size)
|
||||
- + 1, stateset_size,
|
||||
- sizeof (grub_uint32_t),
|
||||
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size),
|
||||
+ stateset_size, sizeof (grub_uint32_t),
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
if (err)
|
||||
return err;
|
||||
diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c
|
||||
index 3caef7a40..7d200a125 100644
|
||||
--- a/grub-core/lib/x86_64/efi/relocator.c
|
||||
+++ b/grub-core/lib/x86_64/efi/relocator.c
|
||||
@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel,
|
||||
* 64-bit relocator code may live above 4 GiB quite well.
|
||||
* However, I do not want ask for problems. Just in case.
|
||||
*/
|
||||
- err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
|
||||
- 0x100000000 - RELOCATOR_SIZEOF (64_efi),
|
||||
- RELOCATOR_SIZEOF (64_efi), 16,
|
||||
- GRUB_RELOCATOR_PREFERENCE_NONE, 1);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000,
|
||||
+ RELOCATOR_SIZEOF (64_efi), 16,
|
||||
+ GRUB_RELOCATOR_PREFERENCE_NONE, 1);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
|
||||
index 02a73463a..efbb99307 100644
|
||||
--- a/grub-core/loader/i386/linux.c
|
||||
+++ b/grub-core/loader/i386/linux.c
|
||||
@@ -181,9 +181,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align,
|
||||
for (; err && *align + 1 > min_align; (*align)--)
|
||||
{
|
||||
grub_errno = GRUB_ERR_NONE;
|
||||
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
|
||||
- 0x1000000,
|
||||
- 0xffffffff & ~prot_size,
|
||||
+ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000,
|
||||
+ UP_TO_TOP32 (prot_size),
|
||||
prot_size, 1 << *align,
|
||||
GRUB_RELOCATOR_PREFERENCE_LOW,
|
||||
1);
|
||||
diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c
|
||||
index ad3cc292f..a67d9d0a8 100644
|
||||
--- a/grub-core/loader/i386/multiboot_mbi.c
|
||||
+++ b/grub-core/loader/i386/multiboot_mbi.c
|
||||
@@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target)
|
||||
|
||||
bufsize = grub_multiboot_get_mbi_size ();
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch,
|
||||
- 0x10000, 0xa0000 - bufsize,
|
||||
- bufsize, 4,
|
||||
- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch,
|
||||
+ 0x10000, 0xa0000, bufsize, 4,
|
||||
+ GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
if (err)
|
||||
return err;
|
||||
ptrorig = get_virtual_current_address (ch);
|
||||
diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c
|
||||
index 31f09922b..5fed5ffdf 100644
|
||||
--- a/grub-core/loader/i386/pc/linux.c
|
||||
+++ b/grub-core/loader/i386/pc/linux.c
|
||||
@@ -453,10 +453,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
{
|
||||
grub_relocator_chunk_t ch;
|
||||
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
|
||||
- addr_min, addr_max - size,
|
||||
- size, 0x1000,
|
||||
- GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size,
|
||||
+ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0);
|
||||
if (err)
|
||||
return err;
|
||||
initrd_chunk = get_virtual_current_address (ch);
|
||||
diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c
|
||||
index 7b723bf18..e4ed95921 100644
|
||||
--- a/grub-core/loader/mips/linux.c
|
||||
+++ b/grub-core/loader/mips/linux.c
|
||||
@@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
|
||||
{
|
||||
grub_relocator_chunk_t ch;
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (relocator, &ch,
|
||||
- (target_addr & 0x1fffffff)
|
||||
- + linux_size + 0x10000,
|
||||
- (0x10000000 - size),
|
||||
- size, 0x10000,
|
||||
- GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) +
|
||||
+ linux_size + 0x10000, 0x10000000, size,
|
||||
+ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
|
||||
if (err)
|
||||
goto fail;
|
||||
diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c
|
||||
index 4a98d7082..facb13f3d 100644
|
||||
--- a/grub-core/loader/multiboot.c
|
||||
+++ b/grub-core/loader/multiboot.c
|
||||
@@ -403,7 +403,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
|
||||
{
|
||||
grub_relocator_chunk_t ch;
|
||||
err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
|
||||
- lowest_addr, (0xffffffff - size) + 1,
|
||||
+ lowest_addr, UP_TO_TOP32 (size),
|
||||
size, MULTIBOOT_MOD_ALIGN,
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE, 1);
|
||||
if (err)
|
||||
diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c
|
||||
index cc6853692..f2318e0d1 100644
|
||||
--- a/grub-core/loader/multiboot_elfxx.c
|
||||
+++ b/grub-core/loader/multiboot_elfxx.c
|
||||
@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
|
||||
if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size)
|
||||
return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch,
|
||||
- mld->min_addr, mld->max_addr - load_size,
|
||||
- load_size, mld->align ? mld->align : 1,
|
||||
- mld->preference, mld->avoid_efi_boot_services);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch,
|
||||
+ mld->min_addr, mld->max_addr,
|
||||
+ load_size, mld->align ? mld->align : 1,
|
||||
+ mld->preference, mld->avoid_efi_boot_services);
|
||||
|
||||
if (err)
|
||||
{
|
||||
@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld)
|
||||
continue;
|
||||
|
||||
err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0,
|
||||
- (0xffffffff - sh->sh_size) + 1,
|
||||
+ UP_TO_TOP32 (sh->sh_size),
|
||||
sh->sh_size, sh->sh_addralign,
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE,
|
||||
mld->avoid_efi_boot_services);
|
||||
diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c
|
||||
index 0efc66062..03967839c 100644
|
||||
--- a/grub-core/loader/multiboot_mbi2.c
|
||||
+++ b/grub-core/loader/multiboot_mbi2.c
|
||||
@@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
|
||||
return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size");
|
||||
}
|
||||
|
||||
- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
|
||||
- mld.min_addr, mld.max_addr - code_size,
|
||||
- code_size, mld.align ? mld.align : 1,
|
||||
- mld.preference, keep_bs);
|
||||
+ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch,
|
||||
+ mld.min_addr, mld.max_addr,
|
||||
+ code_size, mld.align ? mld.align : 1,
|
||||
+ mld.preference, keep_bs);
|
||||
}
|
||||
else
|
||||
err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator,
|
||||
@@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target)
|
||||
COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0);
|
||||
|
||||
err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch,
|
||||
- 0, 0xffffffff - bufsize,
|
||||
+ 0, UP_TO_TOP32 (bufsize),
|
||||
bufsize, MULTIBOOT_TAG_ALIGN,
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE, 1);
|
||||
if (err)
|
||||
diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c
|
||||
index 8089804d4..d648ef0cd 100644
|
||||
--- a/grub-core/loader/xnu_resume.c
|
||||
+++ b/grub-core/loader/xnu_resume.c
|
||||
@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename)
|
||||
{
|
||||
grub_relocator_chunk_t ch;
|
||||
err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0,
|
||||
- (0xffffffff - hibhead.image_size) + 1,
|
||||
+ UP_TO_TOP32 (hibhead.image_size),
|
||||
hibhead.image_size,
|
||||
GRUB_XNU_PAGESIZE,
|
||||
GRUB_RELOCATOR_PREFERENCE_NONE, 0);
|
||||
diff --git a/include/grub/relocator.h b/include/grub/relocator.h
|
||||
index 24d8672d2..1b3bdd92a 100644
|
||||
--- a/include/grub/relocator.h
|
||||
+++ b/include/grub/relocator.h
|
||||
@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
|
||||
int preference,
|
||||
int avoid_efi_boot_services);
|
||||
|
||||
+/*
|
||||
+ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of
|
||||
+ * protecting against integer underflow.
|
||||
+ *
|
||||
+ * Compare to its callee, max_addr has different meaning here.
|
||||
+ * It covers entire chunk and not just start address of the chunk.
|
||||
+ */
|
||||
+static inline grub_err_t
|
||||
+grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel,
|
||||
+ grub_relocator_chunk_t *out,
|
||||
+ grub_phys_addr_t min_addr,
|
||||
+ grub_phys_addr_t max_addr,
|
||||
+ grub_size_t size, grub_size_t align,
|
||||
+ int preference,
|
||||
+ int avoid_efi_boot_services)
|
||||
+{
|
||||
+ /* Sanity check and ensure following equation (max_addr - size) is safe. */
|
||||
+ if (max_addr < size || (max_addr - size) < min_addr)
|
||||
+ return GRUB_ERR_OUT_OF_RANGE;
|
||||
+
|
||||
+ return grub_relocator_alloc_chunk_align (rel, out, min_addr,
|
||||
+ max_addr - size,
|
||||
+ size, align, preference,
|
||||
+ avoid_efi_boot_services);
|
||||
+}
|
||||
+
|
||||
+/* Top 32-bit address minus s bytes and plus 1 byte. */
|
||||
+#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1)
|
||||
+
|
||||
#define GRUB_RELOCATOR_PREFERENCE_NONE 0
|
||||
#define GRUB_RELOCATOR_PREFERENCE_LOW 1
|
||||
#define GRUB_RELOCATOR_PREFERENCE_HIGH 2
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
From 73aa0776457066ee6ebc93486c3cf0e6b755d1b8 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Coulson <chris.coulson@canonical.com>
|
||||
Date: Fri, 10 Jul 2020 11:21:14 +0100
|
||||
Subject: [PATCH] script: Remove unused fields from grub_script_function
|
||||
struct
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
include/grub/script_sh.h | 5 -----
|
||||
1 file changed, 5 deletions(-)
|
||||
|
||||
diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
|
||||
index 360c2be1f..b382bcf09 100644
|
||||
--- a/include/grub/script_sh.h
|
||||
+++ b/include/grub/script_sh.h
|
||||
@@ -359,13 +359,8 @@ struct grub_script_function
|
||||
/* The script function. */
|
||||
struct grub_script *func;
|
||||
|
||||
- /* The flags. */
|
||||
- unsigned flags;
|
||||
-
|
||||
/* The next element. */
|
||||
struct grub_script_function *next;
|
||||
-
|
||||
- int references;
|
||||
};
|
||||
typedef struct grub_script_function *grub_script_function_t;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,113 @@
|
||||
From 26349fcf80982b4d0120b73b2836e88bcf16853c Mon Sep 17 00:00:00 2001
|
||||
From: Chris Coulson <chris.coulson@canonical.com>
|
||||
Date: Fri, 10 Jul 2020 14:41:45 +0100
|
||||
Subject: [PATCH] script: Avoid a use-after-free when redefining a
|
||||
function during execution
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Defining a new function with the same name as a previously defined
|
||||
function causes the grub_script and associated resources for the
|
||||
previous function to be freed. If the previous function is currently
|
||||
executing when a function with the same name is defined, this results
|
||||
in use-after-frees when processing subsequent commands in the original
|
||||
function.
|
||||
|
||||
Instead, reject a new function definition if it has the same name as
|
||||
a previously defined function, and that function is currently being
|
||||
executed. Although a behavioural change, this should be backwards
|
||||
compatible with existing configurations because they can't be
|
||||
dependent on the current behaviour without being broken.
|
||||
|
||||
Fixes: CVE-2020-15706
|
||||
|
||||
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/script/execute.c | 2 ++
|
||||
grub-core/script/function.c | 16 +++++++++++++---
|
||||
grub-core/script/parser.y | 3 ++-
|
||||
include/grub/script_sh.h | 2 ++
|
||||
4 files changed, 19 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
|
||||
index c8d6806fe..7e028e135 100644
|
||||
--- a/grub-core/script/execute.c
|
||||
+++ b/grub-core/script/execute.c
|
||||
@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args)
|
||||
old_scope = scope;
|
||||
scope = &new_scope;
|
||||
|
||||
+ func->executing++;
|
||||
ret = grub_script_execute (func->func);
|
||||
+ func->executing--;
|
||||
|
||||
function_return = 0;
|
||||
active_loops = loops;
|
||||
diff --git a/grub-core/script/function.c b/grub-core/script/function.c
|
||||
index d36655e51..3aad04bf9 100644
|
||||
--- a/grub-core/script/function.c
|
||||
+++ b/grub-core/script/function.c
|
||||
@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
|
||||
func = (grub_script_function_t) grub_malloc (sizeof (*func));
|
||||
if (! func)
|
||||
return 0;
|
||||
+ func->executing = 0;
|
||||
|
||||
func->name = grub_strdup (functionname_arg->str);
|
||||
if (! func->name)
|
||||
@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg,
|
||||
grub_script_function_t q;
|
||||
|
||||
q = *p;
|
||||
- grub_script_free (q->func);
|
||||
- q->func = cmd;
|
||||
grub_free (func);
|
||||
- func = q;
|
||||
+ if (q->executing > 0)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
|
||||
+ N_("attempt to redefine a function being executed"));
|
||||
+ func = NULL;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ grub_script_free (q->func);
|
||||
+ q->func = cmd;
|
||||
+ func = q;
|
||||
+ }
|
||||
}
|
||||
else
|
||||
{
|
||||
diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y
|
||||
index 4f0ab8319..f80b86b6f 100644
|
||||
--- a/grub-core/script/parser.y
|
||||
+++ b/grub-core/script/parser.y
|
||||
@@ -289,7 +289,8 @@ function: "function" "name"
|
||||
grub_script_mem_free (state->func_mem);
|
||||
else {
|
||||
script->children = state->scripts;
|
||||
- grub_script_function_create ($2, script);
|
||||
+ if (!grub_script_function_create ($2, script))
|
||||
+ grub_script_free (script);
|
||||
}
|
||||
|
||||
state->scripts = $<scripts>3;
|
||||
diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h
|
||||
index b382bcf09..6c48e0751 100644
|
||||
--- a/include/grub/script_sh.h
|
||||
+++ b/include/grub/script_sh.h
|
||||
@@ -361,6 +361,8 @@ struct grub_script_function
|
||||
|
||||
/* The next element. */
|
||||
struct grub_script_function *next;
|
||||
+
|
||||
+ unsigned executing;
|
||||
};
|
||||
typedef struct grub_script_function *grub_script_function_t;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,49 @@
|
||||
From 06aa91f79f902752cb7e5d22ac0ea8e13bffd056 Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Fri, 17 Jul 2020 05:17:26 +0000
|
||||
Subject: [PATCH] relocator: Fix grub_relocator_alloc_chunk_align() top
|
||||
memory allocation
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Current implementation of grub_relocator_alloc_chunk_align()
|
||||
does not allow allocation of the top byte.
|
||||
|
||||
Assuming input args are:
|
||||
max_addr = 0xfffff000;
|
||||
size = 0x1000;
|
||||
|
||||
And this is valid. But following overflow protection will
|
||||
unnecessarily move max_addr one byte down (to 0xffffefff):
|
||||
if (max_addr > ~size)
|
||||
max_addr = ~size;
|
||||
|
||||
~size + 1 will fix the situation. In addition, check size
|
||||
for non zero to do not zero max_addr.
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/lib/relocator.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
|
||||
index 5847aac36..f2c1944c2 100644
|
||||
--- a/grub-core/lib/relocator.c
|
||||
+++ b/grub-core/lib/relocator.c
|
||||
@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
|
||||
};
|
||||
grub_addr_t min_addr2 = 0, max_addr2;
|
||||
|
||||
- if (max_addr > ~size)
|
||||
- max_addr = ~size;
|
||||
+ if (size && (max_addr > ~size))
|
||||
+ max_addr = ~size + 1;
|
||||
|
||||
#ifdef GRUB_MACHINE_PCBIOS
|
||||
if (min_addr < 0x1000)
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,61 @@
|
||||
From feec993673d8e13fcf22fe2389ac29222b6daebd Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sun, 19 Jul 2020 14:43:31 -0400
|
||||
Subject: [PATCH] hfsplus: Fix two more overflows
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Both node->size and node->namelen come from the supplied filesystem,
|
||||
which may be user-supplied. We can't trust them for the math unless we
|
||||
know they don't overflow. Making sure they go through grub_add() or
|
||||
grub_calloc() first will give us that.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/fs/hfsplus.c | 11 ++++++++---
|
||||
1 file changed, 8 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
|
||||
index dae43becc..9c4e4c88c 100644
|
||||
--- a/grub-core/fs/hfsplus.c
|
||||
+++ b/grub-core/fs/hfsplus.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <grub/hfs.h>
|
||||
#include <grub/charset.h>
|
||||
#include <grub/hfsplus.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node)
|
||||
{
|
||||
char *symlink;
|
||||
grub_ssize_t numread;
|
||||
+ grub_size_t sz = node->size;
|
||||
|
||||
- symlink = grub_malloc (node->size + 1);
|
||||
+ if (grub_add (sz, 1, &sz))
|
||||
+ return NULL;
|
||||
+
|
||||
+ symlink = grub_malloc (sz);
|
||||
if (!symlink)
|
||||
return 0;
|
||||
|
||||
@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg)
|
||||
if (type == GRUB_FSHELP_UNKNOWN)
|
||||
return 0;
|
||||
|
||||
- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen)
|
||||
- * GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
+ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen),
|
||||
+ GRUB_MAX_UTF8_PER_UTF16 + 1);
|
||||
if (! filename)
|
||||
return 0;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
From a1845e90fc19fb5e904091bad8a378f458798e4a Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sun, 19 Jul 2020 15:48:20 -0400
|
||||
Subject: [PATCH] lvm: Fix two more potential data-dependent alloc
|
||||
overflows
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
It appears to be possible to make a (possibly invalid) lvm PV with
|
||||
a metadata size field that overflows our type when adding it to the
|
||||
address we've allocated. Even if it doesn't, it may be possible to do so
|
||||
with the math using the outcome of that as an operand. Check them both.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/disk/lvm.c | 48 ++++++++++++++++++++++++++++++++++++--------
|
||||
1 file changed, 40 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
|
||||
index d1df640b3..139fafd47 100644
|
||||
--- a/grub-core/disk/lvm.c
|
||||
+++ b/grub-core/disk/lvm.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include <grub/lvm.h>
|
||||
#include <grub/partition.h>
|
||||
#include <grub/i18n.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
#ifdef GRUB_UTIL
|
||||
#include <grub/emu/misc.h>
|
||||
@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk,
|
||||
{
|
||||
grub_err_t err;
|
||||
grub_uint64_t mda_offset, mda_size;
|
||||
+ grub_size_t ptr;
|
||||
char buf[GRUB_LVM_LABEL_SIZE];
|
||||
char vg_id[GRUB_LVM_ID_STRLEN+1];
|
||||
char pv_id[GRUB_LVM_ID_STRLEN+1];
|
||||
- char *metadatabuf, *p, *q, *vgname;
|
||||
+ char *metadatabuf, *p, *q, *mda_end, *vgname;
|
||||
struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf;
|
||||
struct grub_lvm_pv_header *pvh;
|
||||
struct grub_lvm_disk_locn *dlocn;
|
||||
@@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk,
|
||||
grub_le_to_cpu64 (rlocn->size) -
|
||||
grub_le_to_cpu64 (mdah->size));
|
||||
}
|
||||
- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset);
|
||||
|
||||
- while (*q != ' ' && q < metadatabuf + mda_size)
|
||||
- q++;
|
||||
-
|
||||
- if (q == metadatabuf + mda_size)
|
||||
+ if (grub_add ((grub_size_t)metadatabuf,
|
||||
+ (grub_size_t)grub_le_to_cpu64 (rlocn->offset),
|
||||
+ &ptr))
|
||||
{
|
||||
+ error_parsing_metadata:
|
||||
#ifdef GRUB_UTIL
|
||||
grub_util_info ("error parsing metadata");
|
||||
#endif
|
||||
goto fail2;
|
||||
}
|
||||
|
||||
+ p = q = (char *)ptr;
|
||||
+
|
||||
+ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr))
|
||||
+ goto error_parsing_metadata;
|
||||
+
|
||||
+ mda_end = (char *)ptr;
|
||||
+
|
||||
+ while (*q != ' ' && q < mda_end)
|
||||
+ q++;
|
||||
+
|
||||
+ if (q == mda_end)
|
||||
+ goto error_parsing_metadata;
|
||||
+
|
||||
vgname_len = q - p;
|
||||
vgname = grub_malloc (vgname_len + 1);
|
||||
if (!vgname)
|
||||
@@ -367,8 +381,26 @@ grub_lvm_detect (grub_disk_t disk,
|
||||
{
|
||||
const char *iptr;
|
||||
char *optr;
|
||||
- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len
|
||||
- + 1 + 2 * s + 1);
|
||||
+
|
||||
+ /*
|
||||
+ * This is kind of hard to read with our safe (but rather
|
||||
+ * baroque) math primatives, but it boils down to:
|
||||
+ *
|
||||
+ * sz0 = vgname_len * 2 + 1 +
|
||||
+ * s * 2 + 1 +
|
||||
+ * sizeof ("lvm/") - 1;
|
||||
+ */
|
||||
+ grub_size_t sz0 = vgname_len, sz1 = s;
|
||||
+
|
||||
+ if (grub_mul (sz0, 2, &sz0) ||
|
||||
+ grub_add (sz0, 1, &sz0) ||
|
||||
+ grub_mul (sz1, 2, &sz1) ||
|
||||
+ grub_add (sz1, 1, &sz1) ||
|
||||
+ grub_add (sz0, sz1, &sz0) ||
|
||||
+ grub_add (sz0, sizeof ("lvm/") - 1, &sz0))
|
||||
+ goto lvs_fail;
|
||||
+
|
||||
+ lv->fullname = grub_malloc (sz0);
|
||||
if (!lv->fullname)
|
||||
goto lvs_fail;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,38 @@
|
||||
From 320e86747a32e4d46d24ee4b64493741c161da50 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sun, 19 Jul 2020 16:08:08 -0400
|
||||
Subject: [PATCH] emu: Make grub_free(NULL) safe
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The grub_free() implementation in grub-core/kern/mm.c safely handles
|
||||
NULL pointers, and code at many places depends on this. We don't know
|
||||
that the same is true on all host OSes, so we need to handle the same
|
||||
behavior in grub-emu's implementation.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/kern/emu/mm.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c
|
||||
index 145b01d37..4d1046a21 100644
|
||||
--- a/grub-core/kern/emu/mm.c
|
||||
+++ b/grub-core/kern/emu/mm.c
|
||||
@@ -60,7 +60,8 @@ grub_zalloc (grub_size_t size)
|
||||
void
|
||||
grub_free (void *ptr)
|
||||
{
|
||||
- free (ptr);
|
||||
+ if (ptr)
|
||||
+ free (ptr);
|
||||
}
|
||||
|
||||
void *
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,239 @@
|
||||
From c330aa099a38bc5c4d3066954fe35767cc06adb1 Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Sun, 19 Jul 2020 16:53:27 -0400
|
||||
Subject: [PATCH] efi: Fix some malformed device path arithmetic errors
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Several places we take the length of a device path and subtract 4 from
|
||||
it, without ever checking that it's >= 4. There are also cases where
|
||||
this kind of malformation will result in unpredictable iteration,
|
||||
including treating the length from one dp node as the type in the next
|
||||
node. These are all errors, no matter where the data comes from.
|
||||
|
||||
This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which
|
||||
can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH()
|
||||
return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when
|
||||
the length is too small. Additionally, it makes several places in the
|
||||
code check for and return errors in these cases.
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/kern/efi/efi.c | 64 +++++++++++++++++++++++++-----
|
||||
grub-core/loader/efi/chainloader.c | 13 +++++-
|
||||
grub-core/loader/i386/xnu.c | 9 +++--
|
||||
include/grub/efi/api.h | 14 ++++---
|
||||
4 files changed, 79 insertions(+), 21 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
||||
index dc31caa21..c97969a65 100644
|
||||
--- a/grub-core/kern/efi/efi.c
|
||||
+++ b/grub-core/kern/efi/efi.c
|
||||
@@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
|
||||
|
||||
dp = dp0;
|
||||
|
||||
- while (1)
|
||||
+ while (dp)
|
||||
{
|
||||
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
|
||||
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
|
||||
@@ -342,9 +342,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
|
||||
if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
|
||||
&& subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
|
||||
{
|
||||
- grub_efi_uint16_t len;
|
||||
- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
|
||||
- / sizeof (grub_efi_char16_t));
|
||||
+ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
|
||||
+
|
||||
+ if (len < 4)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
|
||||
+ "malformed EFI Device Path node has length=%d", len);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ len = (len - 4) / sizeof (grub_efi_char16_t);
|
||||
filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2;
|
||||
}
|
||||
|
||||
@@ -360,7 +366,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
|
||||
if (!name)
|
||||
return NULL;
|
||||
|
||||
- while (1)
|
||||
+ while (dp)
|
||||
{
|
||||
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
|
||||
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
|
||||
@@ -376,8 +382,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
|
||||
|
||||
*p++ = '/';
|
||||
|
||||
- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4)
|
||||
- / sizeof (grub_efi_char16_t));
|
||||
+ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp);
|
||||
+ if (len < 4)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
|
||||
+ "malformed EFI Device Path node has length=%d", len);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ len = (len - 4) / sizeof (grub_efi_char16_t);
|
||||
fp = (grub_efi_file_path_device_path_t *) dp;
|
||||
/* According to EFI spec Path Name is NULL terminated */
|
||||
while (len > 0 && fp->path_name[len - 1] == 0)
|
||||
@@ -452,7 +465,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp)
|
||||
;
|
||||
p = GRUB_EFI_NEXT_DEVICE_PATH (p))
|
||||
{
|
||||
- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p);
|
||||
+ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p);
|
||||
+
|
||||
+ /*
|
||||
+ * In the event that we find a node that's completely garbage, for
|
||||
+ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size
|
||||
+ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and
|
||||
+ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue,
|
||||
+ * and neither should our consumers, but there won't be any error raised
|
||||
+ * even though the device path is junk.
|
||||
+ *
|
||||
+ * This keeps us from passing junk down back to our caller.
|
||||
+ */
|
||||
+ if (len < 4)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
|
||||
+ "malformed EFI Device Path node has length=%d", len);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ total_size += len;
|
||||
if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p))
|
||||
break;
|
||||
}
|
||||
@@ -497,7 +529,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor)
|
||||
void
|
||||
grub_efi_print_device_path (grub_efi_device_path_t *dp)
|
||||
{
|
||||
- while (1)
|
||||
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp))
|
||||
{
|
||||
grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
|
||||
grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
|
||||
@@ -909,7 +941,10 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
|
||||
/* Return non-zero. */
|
||||
return 1;
|
||||
|
||||
- while (1)
|
||||
+ if (dp1 == dp2)
|
||||
+ return 0;
|
||||
+
|
||||
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
|
||||
{
|
||||
grub_efi_uint8_t type1, type2;
|
||||
grub_efi_uint8_t subtype1, subtype2;
|
||||
@@ -945,5 +980,14 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1,
|
||||
dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2);
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * There's no "right" answer here, but we probably don't want to call a valid
|
||||
+ * dp and an invalid dp equal, so pick one way or the other.
|
||||
+ */
|
||||
+ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && !GRUB_EFI_DEVICE_PATH_VALID (dp2))
|
||||
+ return 1;
|
||||
+ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && GRUB_EFI_DEVICE_PATH_VALID (dp2))
|
||||
+ return -1;
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
||||
index daf8c6b54..a8d7b9155 100644
|
||||
--- a/grub-core/loader/efi/chainloader.c
|
||||
+++ b/grub-core/loader/efi/chainloader.c
|
||||
@@ -156,9 +156,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
|
||||
size = 0;
|
||||
d = dp;
|
||||
- while (1)
|
||||
+ while (d)
|
||||
{
|
||||
- size += GRUB_EFI_DEVICE_PATH_LENGTH (d);
|
||||
+ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d);
|
||||
+
|
||||
+ if (len < 4)
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE,
|
||||
+ "malformed EFI Device Path node has length=%d", len);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ size += len;
|
||||
if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d)))
|
||||
break;
|
||||
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
|
||||
diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c
|
||||
index e9e119259..a70093607 100644
|
||||
--- a/grub-core/loader/i386/xnu.c
|
||||
+++ b/grub-core/loader/i386/xnu.c
|
||||
@@ -515,14 +515,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)),
|
||||
|
||||
devhead = buf;
|
||||
buf = devhead + 1;
|
||||
- dpstart = buf;
|
||||
+ dp = dpstart = buf;
|
||||
|
||||
- do
|
||||
+ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend)
|
||||
{
|
||||
- dp = buf;
|
||||
buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp);
|
||||
+ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp))
|
||||
+ break;
|
||||
+ dp = buf;
|
||||
}
|
||||
- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend);
|
||||
|
||||
dev = grub_xnu_devprop_add_device (dpstart, (char *) buf
|
||||
- (char *) dpstart);
|
||||
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
|
||||
index addcbfa8f..cf1355a8c 100644
|
||||
--- a/include/grub/efi/api.h
|
||||
+++ b/include/grub/efi/api.h
|
||||
@@ -625,6 +625,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
|
||||
#define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f)
|
||||
#define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype)
|
||||
#define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length)
|
||||
+#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4)
|
||||
|
||||
/* The End of Device Path nodes. */
|
||||
#define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f)
|
||||
@@ -633,13 +634,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t;
|
||||
#define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01
|
||||
|
||||
#define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \
|
||||
- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
|
||||
- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
|
||||
- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))
|
||||
+ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \
|
||||
+ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \
|
||||
+ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \
|
||||
+ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)))
|
||||
|
||||
#define GRUB_EFI_NEXT_DEVICE_PATH(dp) \
|
||||
- ((grub_efi_device_path_t *) ((char *) (dp) \
|
||||
- + GRUB_EFI_DEVICE_PATH_LENGTH (dp)))
|
||||
+ (GRUB_EFI_DEVICE_PATH_VALID (dp) \
|
||||
+ ? ((grub_efi_device_path_t *) \
|
||||
+ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \
|
||||
+ : NULL)
|
||||
|
||||
/* Hardware Device Path. */
|
||||
#define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,78 @@
|
||||
From fb55bc37dd510911df4eaf649da939f5fafdc7ce Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Date: Wed, 29 Jul 2020 13:38:31 +0200
|
||||
Subject: [PATCH] efi/chainloader: Propagate errors from copy_file_path()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Without any error propagated to the caller, make_file_path()
|
||||
would then try to advance the invalid device path node with
|
||||
GRUB_EFI_NEXT_DEVICE_PATH(), which would fail, returning a NULL
|
||||
pointer that would subsequently be dereferenced. Hence, propagate
|
||||
errors from copy_file_path().
|
||||
|
||||
Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/efi/chainloader.c | 19 +++++++++++++------
|
||||
1 file changed, 13 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
|
||||
index a8d7b9155..7b31c3fb9 100644
|
||||
--- a/grub-core/loader/efi/chainloader.c
|
||||
+++ b/grub-core/loader/efi/chainloader.c
|
||||
@@ -106,7 +106,7 @@ grub_chainloader_boot (void)
|
||||
return grub_errno;
|
||||
}
|
||||
|
||||
-static void
|
||||
+static grub_err_t
|
||||
copy_file_path (grub_efi_file_path_device_path_t *fp,
|
||||
const char *str, grub_efi_uint16_t len)
|
||||
{
|
||||
@@ -118,7 +118,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
|
||||
|
||||
path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name));
|
||||
if (!path_name)
|
||||
- return;
|
||||
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer");
|
||||
|
||||
size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8,
|
||||
(const grub_uint8_t *) str, len, 0);
|
||||
@@ -131,6 +131,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp,
|
||||
fp->path_name[size++] = '\0';
|
||||
fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp);
|
||||
grub_free (path_name);
|
||||
+ return GRUB_ERR_NONE;
|
||||
}
|
||||
|
||||
static grub_efi_device_path_t *
|
||||
@@ -189,13 +190,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
|
||||
d = (grub_efi_device_path_t *) ((char *) file_path
|
||||
+ ((char *) d - (char *) dp));
|
||||
grub_efi_print_device_path (d);
|
||||
- copy_file_path ((grub_efi_file_path_device_path_t *) d,
|
||||
- dir_start, dir_end - dir_start);
|
||||
+ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
|
||||
+ dir_start, dir_end - dir_start) != GRUB_ERR_NONE)
|
||||
+ {
|
||||
+ fail:
|
||||
+ grub_free (file_path);
|
||||
+ return 0;
|
||||
+ }
|
||||
|
||||
/* Fill the file path for the file. */
|
||||
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
|
||||
- copy_file_path ((grub_efi_file_path_device_path_t *) d,
|
||||
- dir_end + 1, grub_strlen (dir_end + 1));
|
||||
+ if (copy_file_path ((grub_efi_file_path_device_path_t *) d,
|
||||
+ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE)
|
||||
+ goto fail;
|
||||
|
||||
/* Fill the end of device path nodes. */
|
||||
d = GRUB_EFI_NEXT_DEVICE_PATH (d);
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,183 @@
|
||||
From 8a6d6299efcffd14c1130942195e6c0d9b50cacd Mon Sep 17 00:00:00 2001
|
||||
From: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Date: Mon, 20 Jul 2020 23:03:05 +0000
|
||||
Subject: [PATCH] efi: Fix use-after-free in halt/reboot path
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
commit 92bfc33db984 ("efi: Free malloc regions on exit")
|
||||
introduced memory freeing in grub_efi_fini(), which is
|
||||
used not only by exit path but by halt/reboot one as well.
|
||||
As result of memory freeing, code and data regions used by
|
||||
modules, such as halt, reboot, acpi (used by halt) also got
|
||||
freed. After return to module code, CPU executes, filled
|
||||
by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as
|
||||
a code. Which leads to #UD exception later.
|
||||
|
||||
grub> halt
|
||||
!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!!
|
||||
RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246
|
||||
RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41
|
||||
RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000
|
||||
RSI - 00000000064DB768, RDI - 000000000832C5C3
|
||||
R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52
|
||||
R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4
|
||||
R14 - 0000000003E10D80, R15 - 00000000061E2F60
|
||||
DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030
|
||||
GS - 0000000000000030, SS - 0000000000000030
|
||||
CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000
|
||||
CR4 - 0000000000000668, CR8 - 0000000000000000
|
||||
DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
|
||||
DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
|
||||
GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000
|
||||
IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000
|
||||
FXSAVE_STATE - 0000000007F0F4C0
|
||||
|
||||
Proposal here is to continue to free allocated memory for
|
||||
exit boot services path but keep it for halt/reboot path
|
||||
as it won't be much security concern here.
|
||||
Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY
|
||||
loader flag to be used by efi halt/reboot path.
|
||||
|
||||
Signed-off-by: Alexey Makhalov <amakhalov@vmware.com>
|
||||
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/kern/arm/efi/init.c | 3 +++
|
||||
grub-core/kern/arm64/efi/init.c | 3 +++
|
||||
grub-core/kern/efi/efi.c | 3 ++-
|
||||
grub-core/kern/efi/init.c | 1 -
|
||||
grub-core/kern/i386/efi/init.c | 9 +++++++--
|
||||
grub-core/kern/ia64/efi/init.c | 9 +++++++--
|
||||
grub-core/kern/riscv/efi/init.c | 3 +++
|
||||
grub-core/lib/efi/halt.c | 3 ++-
|
||||
include/grub/loader.h | 1 +
|
||||
9 files changed, 28 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c
|
||||
index 06df60e2f..40c3b467f 100644
|
||||
--- a/grub-core/kern/arm/efi/init.c
|
||||
+++ b/grub-core/kern/arm/efi/init.c
|
||||
@@ -71,4 +71,7 @@ grub_machine_fini (int flags)
|
||||
efi_call_1 (b->close_event, tmr_evt);
|
||||
|
||||
grub_efi_fini ();
|
||||
+
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
|
||||
+ grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c
|
||||
index 6224999ec..5010caefd 100644
|
||||
--- a/grub-core/kern/arm64/efi/init.c
|
||||
+++ b/grub-core/kern/arm64/efi/init.c
|
||||
@@ -57,4 +57,7 @@ grub_machine_fini (int flags)
|
||||
return;
|
||||
|
||||
grub_efi_fini ();
|
||||
+
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
|
||||
+ grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
|
||||
index c97969a65..9cfd88d77 100644
|
||||
--- a/grub-core/kern/efi/efi.c
|
||||
+++ b/grub-core/kern/efi/efi.c
|
||||
@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle)
|
||||
void
|
||||
grub_reboot (void)
|
||||
{
|
||||
- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
|
||||
+ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
|
||||
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
|
||||
efi_call_4 (grub_efi_system_table->runtime_services->reset_system,
|
||||
GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL);
|
||||
for (;;) ;
|
||||
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
|
||||
index 3dfdf2d22..2c31847bf 100644
|
||||
--- a/grub-core/kern/efi/init.c
|
||||
+++ b/grub-core/kern/efi/init.c
|
||||
@@ -80,5 +80,4 @@ grub_efi_fini (void)
|
||||
{
|
||||
grub_efidisk_fini ();
|
||||
grub_console_fini ();
|
||||
- grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c
|
||||
index da499aba0..deb2eacd8 100644
|
||||
--- a/grub-core/kern/i386/efi/init.c
|
||||
+++ b/grub-core/kern/i386/efi/init.c
|
||||
@@ -39,6 +39,11 @@ grub_machine_init (void)
|
||||
void
|
||||
grub_machine_fini (int flags)
|
||||
{
|
||||
- if (flags & GRUB_LOADER_FLAG_NORETURN)
|
||||
- grub_efi_fini ();
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
|
||||
+ return;
|
||||
+
|
||||
+ grub_efi_fini ();
|
||||
+
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
|
||||
+ grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c
|
||||
index b5ecbd091..f1965571b 100644
|
||||
--- a/grub-core/kern/ia64/efi/init.c
|
||||
+++ b/grub-core/kern/ia64/efi/init.c
|
||||
@@ -70,6 +70,11 @@ grub_machine_init (void)
|
||||
void
|
||||
grub_machine_fini (int flags)
|
||||
{
|
||||
- if (flags & GRUB_LOADER_FLAG_NORETURN)
|
||||
- grub_efi_fini ();
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_NORETURN))
|
||||
+ return;
|
||||
+
|
||||
+ grub_efi_fini ();
|
||||
+
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
|
||||
+ grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c
|
||||
index 7eb1969d0..38795fe67 100644
|
||||
--- a/grub-core/kern/riscv/efi/init.c
|
||||
+++ b/grub-core/kern/riscv/efi/init.c
|
||||
@@ -73,4 +73,7 @@ grub_machine_fini (int flags)
|
||||
return;
|
||||
|
||||
grub_efi_fini ();
|
||||
+
|
||||
+ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY))
|
||||
+ grub_efi_memory_fini ();
|
||||
}
|
||||
diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c
|
||||
index 5859f0498..29d413641 100644
|
||||
--- a/grub-core/lib/efi/halt.c
|
||||
+++ b/grub-core/lib/efi/halt.c
|
||||
@@ -28,7 +28,8 @@
|
||||
void
|
||||
grub_halt (void)
|
||||
{
|
||||
- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN);
|
||||
+ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN |
|
||||
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY);
|
||||
#if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \
|
||||
!defined(__riscv)
|
||||
grub_acpi_halt ();
|
||||
diff --git a/include/grub/loader.h b/include/grub/loader.h
|
||||
index 7f82a499f..b20864282 100644
|
||||
--- a/include/grub/loader.h
|
||||
+++ b/include/grub/loader.h
|
||||
@@ -33,6 +33,7 @@ enum
|
||||
{
|
||||
GRUB_LOADER_FLAG_NORETURN = 1,
|
||||
GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2,
|
||||
+ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4,
|
||||
};
|
||||
|
||||
void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void),
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
From a2a7464e9f10a677d6f91e1c4fa527d084c22e7c Mon Sep 17 00:00:00 2001
|
||||
From: Peter Jones <pjones@redhat.com>
|
||||
Date: Fri, 24 Jul 2020 13:57:27 -0400
|
||||
Subject: [PATCH] loader/linux: Avoid overflow on initrd size calculation
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Peter Jones <pjones@redhat.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/linux.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
|
||||
index 471b214d6..4cd8c20c7 100644
|
||||
--- a/grub-core/loader/linux.c
|
||||
+++ b/grub-core/loader/linux.c
|
||||
@@ -151,8 +151,7 @@ grub_initrd_init (int argc, char *argv[],
|
||||
initrd_ctx->nfiles = 0;
|
||||
initrd_ctx->components = 0;
|
||||
|
||||
- initrd_ctx->components = grub_zalloc (argc
|
||||
- * sizeof (initrd_ctx->components[0]));
|
||||
+ initrd_ctx->components = grub_calloc (argc, sizeof (initrd_ctx->components[0]));
|
||||
if (!initrd_ctx->components)
|
||||
return grub_errno;
|
||||
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -0,0 +1,173 @@
|
||||
From 0367e7d1b9bac3a78608a672bf6e4ace6a28b964 Mon Sep 17 00:00:00 2001
|
||||
From: Colin Watson <cjwatson@debian.org>
|
||||
Date: Sat, 25 Jul 2020 12:15:37 +0100
|
||||
Subject: [PATCH] linux: Fix integer overflows in initrd size handling
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
These could be triggered by a crafted filesystem with very large files.
|
||||
|
||||
Fixes: CVE-2020-15707
|
||||
|
||||
Signed-off-by: Colin Watson <cjwatson@debian.org>
|
||||
Reviewed-by: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
|
||||
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
||||
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
|
||||
---
|
||||
grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 54 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
|
||||
index 4cd8c20c7..3fe390f17 100644
|
||||
--- a/grub-core/loader/linux.c
|
||||
+++ b/grub-core/loader/linux.c
|
||||
@@ -4,6 +4,7 @@
|
||||
#include <grub/misc.h>
|
||||
#include <grub/file.h>
|
||||
#include <grub/mm.h>
|
||||
+#include <grub/safemath.h>
|
||||
|
||||
struct newc_head
|
||||
{
|
||||
@@ -98,13 +99,13 @@ free_dir (struct dir *root)
|
||||
grub_free (root);
|
||||
}
|
||||
|
||||
-static grub_size_t
|
||||
+static grub_err_t
|
||||
insert_dir (const char *name, struct dir **root,
|
||||
- grub_uint8_t *ptr)
|
||||
+ grub_uint8_t *ptr, grub_size_t *size)
|
||||
{
|
||||
struct dir *cur, **head = root;
|
||||
const char *cb, *ce = name;
|
||||
- grub_size_t size = 0;
|
||||
+ *size = 0;
|
||||
while (1)
|
||||
{
|
||||
for (cb = ce; *cb == '/'; cb++);
|
||||
@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root,
|
||||
ptr = make_header (ptr, name, ce - name,
|
||||
040777, 0);
|
||||
}
|
||||
- size += ALIGN_UP ((ce - (char *) name)
|
||||
- + sizeof (struct newc_head), 4);
|
||||
+ if (grub_add (*size,
|
||||
+ ALIGN_UP ((ce - (char *) name)
|
||||
+ + sizeof (struct newc_head), 4),
|
||||
+ size))
|
||||
+ {
|
||||
+ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
|
||||
+ grub_free (n->name);
|
||||
+ grub_free (n);
|
||||
+ return grub_errno;
|
||||
+ }
|
||||
*head = n;
|
||||
cur = n;
|
||||
}
|
||||
root = &cur->next;
|
||||
}
|
||||
- return size;
|
||||
+ return GRUB_ERR_NONE;
|
||||
}
|
||||
|
||||
grub_err_t
|
||||
@@ -172,26 +181,33 @@ grub_initrd_init (int argc, char *argv[],
|
||||
eptr = grub_strchr (ptr, ':');
|
||||
if (eptr)
|
||||
{
|
||||
+ grub_size_t dir_size, name_len;
|
||||
+
|
||||
initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr);
|
||||
- if (!initrd_ctx->components[i].newc_name)
|
||||
+ if (!initrd_ctx->components[i].newc_name ||
|
||||
+ insert_dir (initrd_ctx->components[i].newc_name, &root, 0,
|
||||
+ &dir_size))
|
||||
{
|
||||
grub_initrd_close (initrd_ctx);
|
||||
return grub_errno;
|
||||
}
|
||||
- initrd_ctx->size
|
||||
- += ALIGN_UP (sizeof (struct newc_head)
|
||||
- + grub_strlen (initrd_ctx->components[i].newc_name),
|
||||
- 4);
|
||||
- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name,
|
||||
- &root, 0);
|
||||
+ name_len = grub_strlen (initrd_ctx->components[i].newc_name);
|
||||
+ if (grub_add (initrd_ctx->size,
|
||||
+ ALIGN_UP (sizeof (struct newc_head) + name_len, 4),
|
||||
+ &initrd_ctx->size) ||
|
||||
+ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size))
|
||||
+ goto overflow;
|
||||
newc = 1;
|
||||
fname = eptr + 1;
|
||||
}
|
||||
}
|
||||
else if (newc)
|
||||
{
|
||||
- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
|
||||
- + sizeof ("TRAILER!!!") - 1, 4);
|
||||
+ if (grub_add (initrd_ctx->size,
|
||||
+ ALIGN_UP (sizeof (struct newc_head)
|
||||
+ + sizeof ("TRAILER!!!") - 1, 4),
|
||||
+ &initrd_ctx->size))
|
||||
+ goto overflow;
|
||||
free_dir (root);
|
||||
root = 0;
|
||||
newc = 0;
|
||||
@@ -207,19 +223,29 @@ grub_initrd_init (int argc, char *argv[],
|
||||
initrd_ctx->nfiles++;
|
||||
initrd_ctx->components[i].size
|
||||
= grub_file_size (initrd_ctx->components[i].file);
|
||||
- initrd_ctx->size += initrd_ctx->components[i].size;
|
||||
+ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size,
|
||||
+ &initrd_ctx->size))
|
||||
+ goto overflow;
|
||||
}
|
||||
|
||||
if (newc)
|
||||
{
|
||||
initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4);
|
||||
- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head)
|
||||
- + sizeof ("TRAILER!!!") - 1, 4);
|
||||
+ if (grub_add (initrd_ctx->size,
|
||||
+ ALIGN_UP (sizeof (struct newc_head)
|
||||
+ + sizeof ("TRAILER!!!") - 1, 4),
|
||||
+ &initrd_ctx->size))
|
||||
+ goto overflow;
|
||||
free_dir (root);
|
||||
root = 0;
|
||||
}
|
||||
|
||||
return GRUB_ERR_NONE;
|
||||
+
|
||||
+ overflow:
|
||||
+ free_dir (root);
|
||||
+ grub_initrd_close (initrd_ctx);
|
||||
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected"));
|
||||
}
|
||||
|
||||
grub_size_t
|
||||
@@ -260,8 +286,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
|
||||
|
||||
if (initrd_ctx->components[i].newc_name)
|
||||
{
|
||||
- ptr += insert_dir (initrd_ctx->components[i].newc_name,
|
||||
- &root, ptr);
|
||||
+ grub_size_t dir_size;
|
||||
+
|
||||
+ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr,
|
||||
+ &dir_size))
|
||||
+ {
|
||||
+ free_dir (root);
|
||||
+ grub_initrd_close (initrd_ctx);
|
||||
+ return grub_errno;
|
||||
+ }
|
||||
+ ptr += dir_size;
|
||||
ptr = make_header (ptr, initrd_ctx->components[i].newc_name,
|
||||
grub_strlen (initrd_ctx->components[i].newc_name),
|
||||
0100777,
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@@ -21,6 +21,17 @@ endef
|
||||
GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
|
||||
HOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF
|
||||
|
||||
# 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
|
||||
GRUB2_IGNORE_CVES += CVE-2020-10713
|
||||
# 0005-calloc-Use-calloc-at-most-places.patch
|
||||
GRUB2_IGNORE_CVES += CVE-2020-14308
|
||||
# 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch
|
||||
GRUB2_IGNORE_CVES += CVE-2020-14309 CVE-2020-14310 CVE-2020-14311
|
||||
# 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch
|
||||
GRUB2_IGNORE_CVES += CVE-2020-15706
|
||||
# 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch
|
||||
GRUB2_IGNORE_CVES += CVE-2020-15707
|
||||
|
||||
ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y)
|
||||
GRUB2_INSTALL_TARGET = YES
|
||||
else
|
||||
|
||||
+3
-2
@@ -16,6 +16,7 @@ UBOOT_INSTALL_IMAGES = YES
|
||||
|
||||
# u-boot 2020.01+ needs make 4.0+
|
||||
UBOOT_DEPENDENCIES = $(BR2_MAKE_HOST_DEPENDENCY)
|
||||
UBOOT_MAKE = $(BR2_MAKE)
|
||||
|
||||
ifeq ($(UBOOT_VERSION),custom)
|
||||
# Handle custom U-Boot tarballs as specified by the configuration
|
||||
@@ -247,7 +248,7 @@ UBOOT_POST_PATCH_HOOKS += UBOOT_FIXUP_LIBFDT_INCLUDE
|
||||
ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_LEGACY),y)
|
||||
define UBOOT_CONFIGURE_CMDS
|
||||
$(TARGET_CONFIGURE_OPTS) \
|
||||
$(BR2_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
|
||||
$(UBOOT_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
|
||||
$(UBOOT_BOARD_NAME)_config
|
||||
endef
|
||||
else ifeq ($(BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG),y)
|
||||
@@ -284,7 +285,7 @@ define UBOOT_BUILD_CMDS
|
||||
cp -f $(UBOOT_CUSTOM_DTS_PATH) $(@D)/arch/$(UBOOT_ARCH)/dts/
|
||||
)
|
||||
$(TARGET_CONFIGURE_OPTS) \
|
||||
$(BR2_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
|
||||
$(UBOOT_MAKE) -C $(@D) $(UBOOT_MAKE_OPTS) \
|
||||
$(UBOOT_MAKE_TARGET)
|
||||
$(if $(BR2_TARGET_UBOOT_FORMAT_SD),
|
||||
$(@D)/tools/mxsboot sd $(@D)/u-boot.sb $(@D)/u-boot.sd)
|
||||
|
||||
@@ -47,32 +47,31 @@ package. Let's start with an example:
|
||||
13: FOO_DEPENDENCIES = host-cargo
|
||||
14:
|
||||
15: FOO_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo
|
||||
16: FOO_CARGO_MODE = $(if $(BR2_ENABLE_DEBUG),debug,release)
|
||||
17:
|
||||
18: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
|
||||
19:
|
||||
20: FOO_CARGO_OPTS = \
|
||||
21: --$(FOO_CARGO_MODE) \
|
||||
22: --target=$(RUSTC_TARGET_NAME) \
|
||||
23: --manifest-path=$(@D)/Cargo.toml
|
||||
24:
|
||||
25: define FOO_BUILD_CMDS
|
||||
26: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
|
||||
27: cargo build $(FOO_CARGO_OPTS)
|
||||
28: endef
|
||||
29:
|
||||
30: define FOO_INSTALL_TARGET_CMDS
|
||||
31: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
|
||||
32: $(TARGET_DIR)/usr/bin/foo
|
||||
33: endef
|
||||
34:
|
||||
35: $(eval $(generic-package))
|
||||
16:
|
||||
17: FOO_BIN_DIR = target/$(RUSTC_TARGET_NAME)/$(FOO_CARGO_MODE)
|
||||
18:
|
||||
19: FOO_CARGO_OPTS = \
|
||||
20: $(if $(BR2_ENABLE_DEBUG),,--release) \
|
||||
21: --target=$(RUSTC_TARGET_NAME) \
|
||||
22: --manifest-path=$(@D)/Cargo.toml
|
||||
23:
|
||||
24: define FOO_BUILD_CMDS
|
||||
25: $(TARGET_MAKE_ENV) $(FOO_CARGO_ENV) \
|
||||
26: cargo build $(FOO_CARGO_OPTS)
|
||||
27: endef
|
||||
28:
|
||||
29: define FOO_INSTALL_TARGET_CMDS
|
||||
30: $(INSTALL) -D -m 0755 $(@D)/$(FOO_BIN_DIR)/foo \
|
||||
31: $(TARGET_DIR)/usr/bin/foo
|
||||
32: endef
|
||||
33:
|
||||
34: $(eval $(generic-package))
|
||||
--------------------------------
|
||||
|
||||
The Makefile starts with the definition of the standard variables for package
|
||||
declaration (lines 7 to 11).
|
||||
|
||||
As seen in line 35, it is based on the
|
||||
As seen in line 34, it is based on the
|
||||
xref:generic-package-tutorial[+generic-package+ infrastructure]. So, it defines
|
||||
the variables required by this particular infrastructure, where Cargo is
|
||||
invoked:
|
||||
|
||||
@@ -34,7 +34,7 @@ will automatically download the tarball from this location.
|
||||
|
||||
On line 10, we tell Buildroot what options to enable for libfoo.
|
||||
|
||||
On line 11, we tell Buildroot the depednencies of libfoo.
|
||||
On line 11, we tell Buildroot the dependencies of libfoo.
|
||||
|
||||
Finally, on line line 13, we invoke the +waf-package+
|
||||
macro that generates all the Makefile rules that actually allows the
|
||||
|
||||
@@ -1,4 +1,15 @@
|
||||
#!/bin/sh
|
||||
# devtmpfs does not get automounted for initramfs
|
||||
/bin/mount -t devtmpfs devtmpfs /dev
|
||||
|
||||
# use the /dev/console device node from devtmpfs if possible to not
|
||||
# confuse glibc's ttyname_r().
|
||||
# This may fail (E.G. booted with console=), and errors from exec will
|
||||
# terminate the shell, so use a subshell for the test
|
||||
if (exec 0</dev/console) 2>/dev/null; then
|
||||
exec 0</dev/console
|
||||
exec 1>/dev/console
|
||||
exec 2>/dev/console
|
||||
fi
|
||||
|
||||
exec /sbin/init "$@"
|
||||
|
||||
+5
-5
@@ -30,7 +30,7 @@ config BR2_LINUX_KERNEL_LATEST_VERSION
|
||||
bool "Latest version (5.4)"
|
||||
|
||||
config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
|
||||
bool "Latest CIP SLTS version (4.19.118-cip25)"
|
||||
bool "Latest CIP SLTS version (4.19.132-cip30)"
|
||||
help
|
||||
CIP launched in the spring of 2016 to address the needs of
|
||||
organizations in industries such as power generation and
|
||||
@@ -49,7 +49,7 @@ config BR2_LINUX_KERNEL_LATEST_CIP_VERSION
|
||||
https://www.cip-project.org
|
||||
|
||||
config BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
|
||||
bool "Latest CIP RT SLTS version (4.19.115-cip24-rt9)"
|
||||
bool "Latest CIP RT SLTS version (4.19.132-cip30-rt12)"
|
||||
help
|
||||
Same as the CIP version, but this is the PREEMPT_RT realtime
|
||||
variant.
|
||||
@@ -128,9 +128,9 @@ endif
|
||||
|
||||
config BR2_LINUX_KERNEL_VERSION
|
||||
string
|
||||
default "5.4.45" if BR2_LINUX_KERNEL_LATEST_VERSION
|
||||
default "4.19.118-cip25" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
|
||||
default "4.19.115-cip24-rt9" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
|
||||
default "5.4.61" if BR2_LINUX_KERNEL_LATEST_VERSION
|
||||
default "4.19.132-cip30" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
|
||||
default "4.19.132-cip30-rt12" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
|
||||
default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
|
||||
if BR2_LINUX_KERNEL_CUSTOM_VERSION
|
||||
default "custom" if BR2_LINUX_KERNEL_CUSTOM_TARBALL
|
||||
|
||||
+7
-7
@@ -1,13 +1,13 @@
|
||||
# From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
|
||||
sha256 103f039f34a9009c42ea643b4f473bda6bb9607d5ad7f63b56b3e2351615fe2e linux-5.4.45.tar.xz
|
||||
sha256 86f13d050f6389c5a1727fa81510ee8eceac795297bc584f443354609617fea4 linux-5.4.61.tar.xz
|
||||
# From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
|
||||
sha256 418299385195f09b27e371a35f305f3aff148e7557a341b53460091303aa9bb7 linux-4.4.226.tar.xz
|
||||
sha256 460a8c168fe5c60ce5b30015a4e4bf348d93a89f8b949de1f90779567ef345ca linux-4.9.226.tar.xz
|
||||
sha256 4265afef56819b04656107a5abecde205c5bc5fb04b2e81447955e7e45db8085 linux-4.14.183.tar.xz
|
||||
sha256 82af886bc588b5c8d7474beb2bac13810ee3ed07da356a2553c81ae8e52e586f linux-4.19.127.tar.xz
|
||||
sha256 6994dda988e9fb7f5661cf80ff42039016cb0044acd39f830937ba0220296388 linux-4.4.234.tar.xz
|
||||
sha256 756f8544d261e8117716c911261690e4fb5491e14c1f4612c83e0986453782e3 linux-4.9.234.tar.xz
|
||||
sha256 394f28798670240baacd9e2cce521fbd79f8da5e1fc191695b0e11381445a021 linux-4.14.195.tar.xz
|
||||
sha256 6912db1c242d72ce9c8d4ff71982ac935d97690822af5c1c6ec22412b31667a4 linux-4.19.142.tar.xz
|
||||
# Locally computed
|
||||
sha256 ea53913813cb5a9069608532b327de7a7ed0fdc8fed8c6f10cd55d1ac6a58ffb linux-cip-4.19.118-cip25.tar.gz
|
||||
sha256 7f0a0db0e1cfb14053523f4432f1ad1468b5bd42305b44905c4b103466c8d655 linux-cip-4.19.115-cip24-rt9.tar.gz
|
||||
sha256 c20f9014b89ea3e27f55f1d407aa5a4724ed38ac520c197291e9d644f164c43a linux-cip-4.19.132-cip30.tar.gz
|
||||
sha256 81dd791d9ad6c3fddaeaffc6d7d8df0e13831283a5fe494c437ac7820d79ca39 linux-cip-4.19.132-cip30-rt12.tar.gz
|
||||
|
||||
# Licenses hashes
|
||||
sha256 ee5808b032a67f587d3541099d46de34f5bec8cd5976114ba07f1299ee6001ff COPYING
|
||||
|
||||
+4
-2
@@ -160,7 +160,8 @@ endif
|
||||
|
||||
# Get the real Linux version, which tells us where kernel modules are
|
||||
# going to be installed in the target filesystem.
|
||||
LINUX_VERSION_PROBED = `$(MAKE) $(LINUX_MAKE_FLAGS) -C $(LINUX_DIR) --no-print-directory -s kernelrelease 2>/dev/null`
|
||||
# Filter out 'w' from MAKEFLAGS, to workaround a bug in make 4.1 (#13141)
|
||||
LINUX_VERSION_PROBED = `MAKEFLAGS='$(filter-out w,$(MAKEFLAGS))' $(MAKE) $(LINUX_MAKE_FLAGS) -C $(LINUX_DIR) --no-print-directory -s kernelrelease 2>/dev/null`
|
||||
|
||||
LINUX_DTS_NAME += $(call qstrip,$(BR2_LINUX_KERNEL_INTREE_DTS_NAME))
|
||||
|
||||
@@ -531,7 +532,8 @@ endef
|
||||
# Run depmod in a target-finalize hook, to encompass modules installed by
|
||||
# packages.
|
||||
define LINUX_RUN_DEPMOD
|
||||
if grep -q "CONFIG_MODULES=y" $(LINUX_DIR)/.config; then \
|
||||
if test -d $(TARGET_DIR)/lib/modules/$(LINUX_VERSION_PROBED) \
|
||||
&& grep -q "CONFIG_MODULES=y" $(LINUX_DIR)/.config; then \
|
||||
$(HOST_DIR)/sbin/depmod -a -b $(TARGET_DIR) $(LINUX_VERSION_PROBED); \
|
||||
fi
|
||||
endef
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
# From http://archive.apache.org/dist/httpd/httpd-2.4.43.tar.bz2.sha256
|
||||
sha256 a497652ab3fc81318cdc2a203090a999150d86461acff97c1065dc910fe10f43 httpd-2.4.43.tar.bz2
|
||||
# From http://archive.apache.org/dist/httpd/httpd-2.4.46.tar.bz2.{sha256,sha512}
|
||||
sha256 740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea httpd-2.4.46.tar.bz2
|
||||
sha512 5936784bb662e9d8a4f7fe38b70c043b468114d931cd10ea831bfe74461ea5856b64f88f42c567ab791fc8907640a99884ba4b6a600f86d661781812735b6f13 httpd-2.4.46.tar.bz2
|
||||
# Locally computed
|
||||
sha256 47b8c2b6c3309282a99d4a3001575c790fead690cc14734628c4667d2bbffc43 LICENSE
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
APACHE_VERSION = 2.4.43
|
||||
APACHE_VERSION = 2.4.46
|
||||
APACHE_SOURCE = httpd-$(APACHE_VERSION).tar.bz2
|
||||
APACHE_SITE = http://archive.apache.org/dist/httpd
|
||||
APACHE_LICENSE = Apache-2.0
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Verified from https://ftp.isc.org/isc/bind9/9.11.20/bind-9.11.20.tar.gz.asc
|
||||
# Verified from https://ftp.isc.org/isc/bind9/9.11.22/bind-9.11.22.tar.gz.asc
|
||||
# with key AE3FAC796711EC59FC007AA474BB6B9A4CBB3D38
|
||||
sha256 306831a738a275693bbe1d6839a09b34a2c8b5c26f8a42ea57ef000a6a99c2b6 bind-9.11.20.tar.gz
|
||||
sha256 afc6d8015006f1cabf699ff19f517bb8fd9c1811e5231f26baf51c3550262ac9 bind-9.11.22.tar.gz
|
||||
sha256 da2aec2b7f6f0feb16bcb080e2c587375fd3195145f047e4d92d112f5b9db501 COPYRIGHT
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
BIND_VERSION = 9.11.20
|
||||
BIND_VERSION = 9.11.22
|
||||
BIND_SITE = https://ftp.isc.org/isc/bind9/$(BIND_VERSION)
|
||||
# bind does not support parallel builds.
|
||||
BIND_MAKE = $(MAKE1)
|
||||
|
||||
@@ -134,6 +134,7 @@ define BOOST_CONFIGURE_CMDS
|
||||
(cd $(@D) && ./bootstrap.sh $(BOOST_FLAGS))
|
||||
echo "using gcc : `$(TARGET_CC) -dumpversion` : $(TARGET_CXX) : <cxxflags>\"$(BOOST_TARGET_CXXFLAGS)\" <linkflags>\"$(TARGET_LDFLAGS)\" ;" > $(@D)/user-config.jam
|
||||
echo "" >> $(@D)/user-config.jam
|
||||
sed -i "s/: -O.* ;/: $(TARGET_OPTIMIZATION) ;/" $(@D)/tools/build/src/tools/gcc.jam
|
||||
endef
|
||||
|
||||
define BOOST_BUILD_CMDS
|
||||
|
||||
@@ -237,6 +237,18 @@ define BUSYBOX_SET_SELINUX
|
||||
endef
|
||||
endif
|
||||
|
||||
# enable relevant options to allow the Busybox less applet to be used
|
||||
# as a systemd pager
|
||||
ifeq ($(BR2_PACKAGE_SYSTEMD):$(BR2_PACKAGE_LESS),y:)
|
||||
define BUSYBOX_SET_LESS_FLAGS
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_DASHCMD)
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_RAW)
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_TRUNCATE)
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_FLAGS)
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_FEATURE_LESS_ENV)
|
||||
endef
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
|
||||
define BUSYBOX_SET_INDIVIDUAL_BINARIES
|
||||
$(call KCONFIG_ENABLE_OPT,CONFIG_BUILD_LIBBUSYBOX,$(BUSYBOX_BUILD_CONFIG))
|
||||
@@ -338,6 +350,7 @@ define BUSYBOX_KCONFIG_FIXUP_CMDS
|
||||
$(BUSYBOX_SET_INIT)
|
||||
$(BUSYBOX_SET_WATCHDOG)
|
||||
$(BUSYBOX_SET_SELINUX)
|
||||
$(BUSYBOX_SET_LESS_FLAGS)
|
||||
$(BUSYBOX_SET_INDIVIDUAL_BINARIES)
|
||||
endef
|
||||
|
||||
|
||||
@@ -21,5 +21,12 @@ endif
|
||||
# The actual source to be compiled is within a 'c++' subdirectory
|
||||
CAPNPROTO_SUBDIR = c++
|
||||
|
||||
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||
CAPNPROTO_CONF_OPTS += --with-openssl
|
||||
CAPNPROTO_DEPENDENCIES += openssl
|
||||
else
|
||||
CAPNPROTO_CONF_OPTS += --without-openssl
|
||||
endif
|
||||
|
||||
$(eval $(autotools-package))
|
||||
$(eval $(host-autotools-package))
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
# From https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2019/05/msg00001.html
|
||||
md5 5f66338bc940a9b51eede8f391e7bed3 chrony-3.5.tar.gz
|
||||
sha1 79e9aeace143550300387a99f17bff04b45673f7 chrony-3.5.tar.gz
|
||||
# From https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html
|
||||
sha256 1ba82f70db85d414cd7420c39858e3ceca4b9eb8b028cbe869512c3a14a2dca7 chrony-3.5.1.tar.gz
|
||||
# Locally calculated
|
||||
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
|
||||
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
CHRONY_VERSION = 3.5
|
||||
CHRONY_VERSION = 3.5.1
|
||||
CHRONY_SITE = http://download.tuxfamily.org/chrony
|
||||
CHRONY_LICENSE = GPL-2.0
|
||||
CHRONY_LICENSE_FILES = COPYING
|
||||
|
||||
@@ -593,7 +593,6 @@ comment "grpc needs a toolchain w/ C++, gcc >= 4.8"
|
||||
|
||||
config BR2_PACKAGE_COLLECTD_MQTT
|
||||
bool "mqtt"
|
||||
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # mosquitto
|
||||
select BR2_PACKAGE_MOSQUITTO
|
||||
help
|
||||
Sends metrics to and/or receives metrics from an MQTT broker.
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
From 641d3f489cf6238bb916368d4ba0d9325a235afb Mon Sep 17 00:00:00 2001
|
||||
From: Sergey Poznyakoff <gray@gnu.org>
|
||||
Date: Mon, 20 Jan 2020 07:45:39 +0200
|
||||
Subject: Minor fix * src/global.c: Remove superfluous declaration of
|
||||
program_name
|
||||
|
||||
[Retrieved from:
|
||||
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=641d3f489cf6238bb916368d4ba0d9325a235afb]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
src/global.c | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/src/global.c b/src/global.c
|
||||
index fb3abe9..acf92bc 100644
|
||||
--- a/src/global.c
|
||||
+++ b/src/global.c
|
||||
@@ -184,9 +184,6 @@ unsigned int warn_option = 0;
|
||||
/* Extract to standard output? */
|
||||
bool to_stdout_option = false;
|
||||
|
||||
-/* The name this program was run with. */
|
||||
-char *program_name;
|
||||
-
|
||||
/* A pointer to either lstat or stat, depending on whether
|
||||
dereferencing of symlinks is done for input files. */
|
||||
int (*xstat) ();
|
||||
--
|
||||
cgit v1.2.1
|
||||
|
||||
@@ -0,0 +1,179 @@
|
||||
From 604abec333a0efb44fd8bc610aa0b1151dd0f612 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
||||
Date: Mon, 13 Apr 2020 11:48:17 +0200
|
||||
Subject: [PATCH] Add support for upcoming json-c 0.14.0.
|
||||
|
||||
* TRUE/FALSE are not defined anymore. 1 and 0 are used instead.
|
||||
* json_object_get_uint64() and json_object_new_uint64() are part
|
||||
of the upstream API now.
|
||||
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
---
|
||||
lib/luks2/luks2_internal.h | 4 +++-
|
||||
lib/luks2/luks2_json_metadata.c | 38 +++++++++++++++++----------------
|
||||
2 files changed, 23 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
|
||||
index b9fec6b5..939101d6 100644
|
||||
--- a/lib/luks2/luks2_internal.h
|
||||
+++ b/lib/luks2/luks2_internal.h
|
||||
@@ -58,9 +58,11 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
|
||||
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
|
||||
const char *sep, const char *line_sep);
|
||||
|
||||
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
|
||||
uint64_t json_object_get_uint64(json_object *jobj);
|
||||
-uint32_t json_object_get_uint32(json_object *jobj);
|
||||
json_object *json_object_new_uint64(uint64_t value);
|
||||
+#endif
|
||||
+uint32_t json_object_get_uint32(json_object *jobj);
|
||||
|
||||
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
|
||||
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
|
||||
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
|
||||
index 781280c2..712c2bbd 100644
|
||||
--- a/lib/luks2/luks2_json_metadata.c
|
||||
+++ b/lib/luks2/luks2_json_metadata.c
|
||||
@@ -234,13 +234,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
|
||||
tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
|
||||
if (*endptr || errno) {
|
||||
*value = 0;
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
*value = tmp;
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
|
||||
uint64_t json_object_get_uint64(json_object *jobj)
|
||||
{
|
||||
uint64_t r;
|
||||
@@ -262,6 +263,7 @@ json_object *json_object_new_uint64(uint64_t value)
|
||||
jobj = json_object_new_string(num);
|
||||
return jobj;
|
||||
}
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Validate helpers
|
||||
@@ -273,9 +275,9 @@ static json_bool numbered(struct crypt_device *cd, const char *name, const char
|
||||
for (i = 0; key[i]; i++)
|
||||
if (!isdigit(key[i])) {
|
||||
log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
|
||||
@@ -300,7 +302,7 @@ json_bool validate_json_uint32(json_object *jobj)
|
||||
errno = 0;
|
||||
tmp = json_object_get_int64(jobj);
|
||||
|
||||
- return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
|
||||
+ return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
|
||||
}
|
||||
|
||||
static json_bool validate_keyslots_array(struct crypt_device *cd,
|
||||
@@ -313,17 +315,17 @@ static json_bool validate_keyslots_array(struct crypt_device *cd,
|
||||
jobj = json_object_array_get_idx(jarr, i);
|
||||
if (!json_object_is_type(jobj, json_type_string)) {
|
||||
log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
if (!json_contains(cd, jobj_keys, "", "Keyslots section",
|
||||
json_object_get_string(jobj), json_type_object))
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
|
||||
i++;
|
||||
}
|
||||
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static json_bool validate_segments_array(struct crypt_device *cd,
|
||||
@@ -336,17 +338,17 @@ static json_bool validate_segments_array(struct crypt_device *cd,
|
||||
jobj = json_object_array_get_idx(jarr, i);
|
||||
if (!json_object_is_type(jobj, json_type_string)) {
|
||||
log_dbg(cd, "Illegal value type in segments array at index %d.", i);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
if (!json_contains(cd, jobj_segments, "", "Segments section",
|
||||
json_object_get_string(jobj), json_type_object))
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
|
||||
i++;
|
||||
}
|
||||
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
|
||||
@@ -357,10 +359,10 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
|
||||
UNUSED(key);
|
||||
json_object_object_get_ex(val, "segments", &jobj_segments);
|
||||
if (LUKS2_array_jobj(jobj_segments, segment_name))
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
static json_bool validate_intervals(struct crypt_device *cd,
|
||||
@@ -372,18 +374,18 @@ static json_bool validate_intervals(struct crypt_device *cd,
|
||||
while (i < length) {
|
||||
if (ix[i].offset < 2 * metadata_size) {
|
||||
log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
if (!ix[i].length) {
|
||||
log_dbg(cd, "Area length must be greater than zero.");
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
|
||||
log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
|
||||
ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
for (j = 0; j < length; j++) {
|
||||
@@ -393,14 +395,14 @@ static json_bool validate_intervals(struct crypt_device *cd,
|
||||
log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
|
||||
ix[i].offset, ix[i].offset + ix[i].length,
|
||||
ix[j].offset, ix[j].offset + ix[j].length);
|
||||
- return FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
}
|
||||
|
||||
i++;
|
||||
}
|
||||
|
||||
- return TRUE;
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
#!/bin/sh
|
||||
|
||||
DAEMON="cupsd"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
|
||||
-- -C /etc/cups/cupsd.conf -s /etc/cups/cups-files
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
||||
@@ -21,7 +21,8 @@ CUPS_CONF_OPTS = \
|
||||
--with-docdir=/usr/share/cups/doc-root \
|
||||
--disable-gssapi \
|
||||
--disable-pam \
|
||||
--libdir=/usr/lib
|
||||
--libdir=/usr/lib \
|
||||
--without-rcdir
|
||||
CUPS_CONFIG_SCRIPTS = cups-config
|
||||
CUPS_DEPENDENCIES = \
|
||||
host-autoconf \
|
||||
@@ -71,4 +72,9 @@ else
|
||||
CUPS_CONF_OPTS += --disable-avahi
|
||||
endif
|
||||
|
||||
define CUPS_INSTALL_INIT_SYSV
|
||||
$(INSTALL) -D -m 0755 package/cups/S81cupsd \
|
||||
$(TARGET_DIR)/etc/init.d/S81cupsd
|
||||
endef
|
||||
|
||||
$(eval $(autotools-package))
|
||||
|
||||
+3
-1
@@ -12,7 +12,9 @@ CVS_LICENSE = GPL-1.0+, LGPL-2.0+, LGPL-2.1+ (glob)
|
||||
CVS_LICENSE_FILES = COPYING COPYING.LIB lib/glob-libc.h
|
||||
CVS_DEPENDENCIES = ncurses
|
||||
|
||||
CVS_CONF_ENV = cvs_cv_func_printf_ptr=yes
|
||||
CVS_CONF_ENV = \
|
||||
ac_cv_func_working_mktime=yes \
|
||||
cvs_cv_func_printf_ptr=yes
|
||||
|
||||
CVS_CONFIGURE_ARGS = --disable-old-info-format-support
|
||||
ifeq ($(BR2_PACKAGE_CVS_SERVER),y)
|
||||
|
||||
@@ -107,6 +107,7 @@ HOST_DBUS_CONF_OPTS = \
|
||||
--disable-selinux \
|
||||
--disable-xml-docs \
|
||||
--disable-doxygen-docs \
|
||||
--disable-systemd \
|
||||
--without-x \
|
||||
--with-xml=expat
|
||||
|
||||
|
||||
@@ -5,6 +5,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS
|
||||
depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
|
||||
depends on BR2_USE_MMU # docker-containerd
|
||||
select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime dependency
|
||||
select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
|
||||
select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
|
||||
select BR2_PACKAGE_IPTABLES # runtime dependency
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
config BR2_PACKAGE_DOMOTICZ
|
||||
bool "domoticz"
|
||||
depends on BR2_USE_MMU # mosquitto
|
||||
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # mosquitto
|
||||
depends on !BR2_STATIC_LIBS # mosquitto
|
||||
depends on BR2_USE_MMU # fork()
|
||||
depends on !BR2_STATIC_LIBS
|
||||
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # sleep_for
|
||||
# pthread_condattr_setclock
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS_NPTL # mosquitto
|
||||
depends on BR2_INSTALL_LIBSTDCPP
|
||||
depends on BR2_USE_WCHAR
|
||||
depends on BR2_PACKAGE_LUA_5_3
|
||||
@@ -30,7 +29,6 @@ config BR2_PACKAGE_DOMOTICZ
|
||||
|
||||
comment "domoticz needs lua 5.3 and a toolchain w/ C++, gcc >= 4.8, NPTL, wchar, dynamic library"
|
||||
depends on BR2_USE_MMU
|
||||
depends on BR2_TOOLCHAIN_HAS_SYNC_4
|
||||
depends on !BR2_INSTALL_LIBSTDCPP || \
|
||||
!BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 || \
|
||||
!BR2_TOOLCHAIN_HAS_THREADS_NPTL || \
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
# Locally computed after checking signature
|
||||
sha256 36da68aae5157b83e21383f711b8977e5b6f5477f369f71e7e22e76a738bbd05 dovecot-2.3-pigeonhole-0.5.9.tar.gz
|
||||
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
|
||||
sha256 0b972a441f680545ddfacd2f41fb2a705fb03249d46ed5ce7e01fe68b6cfb5f0 dovecot-2.3-pigeonhole-0.5.11.tar.gz
|
||||
sha256 fc9e9522216f2a9a28b31300e3c73c1df56acc27dfae951bf516e7995366b51a COPYING
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
DOVECOT_PIGEONHOLE_VERSION = 0.5.9
|
||||
DOVECOT_PIGEONHOLE_VERSION = 0.5.11
|
||||
DOVECOT_PIGEONHOLE_SOURCE = dovecot-2.3-pigeonhole-$(DOVECOT_PIGEONHOLE_VERSION).tar.gz
|
||||
DOVECOT_PIGEONHOLE_SITE = https://pigeonhole.dovecot.org/releases/2.3
|
||||
DOVECOT_PIGEONHOLE_LICENSE = LGPL-2.1
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# Locally computed after checking signature
|
||||
sha256 6642e62f23b1b23cfac235007ca6e21cb67460cca834689fad450724456eb10c dovecot-2.3.10.1.tar.gz
|
||||
sha256 d3d9ea9010277f57eb5b9f4166a5d2ba539b172bd6d5a2b2529a6db524baafdc dovecot-2.3.11.3.tar.gz
|
||||
sha256 a363b132e494f662d98c820d1481297e6ae72f194c2c91b6c39e1518b86240a8 COPYING
|
||||
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
|
||||
sha256 52b8c95fabb19575281874b661ef7968ea47e8f5d74ba0dd40ce512e52b3fc97 COPYING.MIT
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
################################################################################
|
||||
|
||||
DOVECOT_VERSION_MAJOR = 2.3
|
||||
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).10.1
|
||||
DOVECOT_VERSION = $(DOVECOT_VERSION_MAJOR).11.3
|
||||
DOVECOT_SITE = https://dovecot.org/releases/$(DOVECOT_VERSION_MAJOR)
|
||||
DOVECOT_INSTALL_STAGING = YES
|
||||
DOVECOT_LICENSE = LGPL-2.1, MIT, Public Domain, BSD-3-Clause, Unicode-DFS-2015
|
||||
|
||||
@@ -0,0 +1,24 @@
|
||||
# HG changeset patch
|
||||
# User Haelwenn Monnier <contact+github.com@hacktivis.me>
|
||||
# Date 1590411269 -7200
|
||||
# Mon May 25 14:54:29 2020 +0200
|
||||
# Node ID 087c2804147074c95b6a3f35137b4f4b726b1452
|
||||
# Parent 009d52ae26d35f3381c801e02318fa9be34be93c
|
||||
scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
|
||||
|
||||
[backport from 2020.79 to 2019.78 for Buildroot 2020.02.x]
|
||||
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
|
||||
|
||||
diff --git a/scp.c b/scp.c
|
||||
--- a/scp.c
|
||||
+++ b/scp.c
|
||||
@@ -935,7 +935,8 @@ sink(int argc, char **argv)
|
||||
size = size * 10 + (*cp++ - '0');
|
||||
if (*cp++ != ' ')
|
||||
SCREWUP("size not delimited");
|
||||
- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
|
||||
+ if (*cp == '\0' || strchr(cp, '/') != NULL ||
|
||||
+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
|
||||
run_err("error: unexpected filename: %s", cp);
|
||||
exit(1);
|
||||
}
|
||||
@@ -3,17 +3,16 @@ config BR2_PACKAGE_EFL
|
||||
# g++ issue with 4.4.5, tested with g++ 4.7.2
|
||||
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_7
|
||||
depends on BR2_INSTALL_LIBSTDCPP
|
||||
depends on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS # luajit
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS # untested without threads
|
||||
depends on BR2_USE_MMU
|
||||
depends on BR2_USE_WCHAR # use wchar_t
|
||||
depends on !BR2_STATIC_LIBS # dlfcn.h
|
||||
# https://phab.enlightenment.org/T2728
|
||||
depends on BR2_PACKAGE_LUAJIT
|
||||
select BR2_PACKAGE_DBUS
|
||||
select BR2_PACKAGE_FREETYPE
|
||||
select BR2_PACKAGE_JPEG # Emile needs libjpeg
|
||||
select BR2_PACKAGE_LIBCURL # Ecore_con_url, runtime dependency
|
||||
# https://phab.enlightenment.org/T2728
|
||||
select BR2_PACKAGE_LUAJIT # Lua support broken
|
||||
select BR2_PACKAGE_LZ4
|
||||
select BR2_PACKAGE_ZLIB
|
||||
help
|
||||
@@ -306,5 +305,4 @@ comment "efl needs a toolchain w/ C++, dynamic library, gcc >= 4.7, threads, wch
|
||||
depends on !BR2_INSTALL_LIBSTDCPP \
|
||||
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_4_7 \
|
||||
|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_USE_WCHAR
|
||||
depends on BR2_PACKAGE_LUAJIT_ARCH_SUPPORTS
|
||||
depends on BR2_USE_MMU
|
||||
|
||||
@@ -8,7 +8,7 @@ ELIXIR_VERSION = 1.9.4
|
||||
ELIXIR_SITE = $(call github,elixir-lang,elixir,v$(ELIXIR_VERSION))
|
||||
ELIXIR_LICENSE = Apache-2.0
|
||||
ELIXIR_LICENSE_FILES = LICENSE
|
||||
ELIXIR_DEPENDENCIES = host-erlang
|
||||
HOST_ELIXIR_DEPENDENCIES = host-erlang
|
||||
|
||||
define HOST_ELIXIR_BUILD_CMDS
|
||||
$(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) compile
|
||||
|
||||
@@ -0,0 +1,195 @@
|
||||
From eee12fe5e2e6c5f71bc7cbe25a608b730fd5362e Mon Sep 17 00:00:00 2001
|
||||
From: Chao Yu <yuchao0@huawei.com>
|
||||
Date: Fri, 7 Aug 2020 10:02:31 +0800
|
||||
Subject: [PATCH] fsck.f2fs: correct return value
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
As Norbert Lange reported:
|
||||
|
||||
"
|
||||
$ fsck.f2fs -a /dev/mmcblk0p5; echo $?
|
||||
Info: Fix the reported corruption.
|
||||
Info: Mounted device!
|
||||
Info: Check FS only on RO mounted device
|
||||
Error: Failed to open the device!
|
||||
255
|
||||
"
|
||||
|
||||
Michael Laß reminds:
|
||||
|
||||
"
|
||||
I think the return value is exactly the problem here. See fsck(8) (
|
||||
https://linux.die.net/man/8/fsck) which specifies the return values.
|
||||
Systemd looks at these and decides how to proceed:
|
||||
|
||||
https://github.com/systemd/systemd/blob/a859abf062cef1511e4879c4ee39c6036ebeaec8/src/fsck/fsck.c#L407
|
||||
|
||||
That means, if fsck.f2fs returns 255, then
|
||||
the FSCK_SYSTEM_SHOULD_REBOOT bit is set and systemd will reboot.
|
||||
"
|
||||
|
||||
So the problem here is fsck.f2fs didn't return correct value to userspace
|
||||
apps, result in later unexpected behavior of rebooting, let's fix this.
|
||||
|
||||
Reported-by: Norbert Lange <nolange79@gmail.com>
|
||||
Reported-by: Michael Laß <bevan@bi-co.net>
|
||||
Signed-off-by: Chao Yu <yuchao0@huawei.com>
|
||||
Signed-off-by: Norbert Lange <nolange79@gmail.com>
|
||||
---
|
||||
fsck/fsck.h | 11 +++++++++++
|
||||
fsck/main.c | 45 +++++++++++++++++++++++++++++++--------------
|
||||
2 files changed, 42 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/fsck/fsck.h b/fsck/fsck.h
|
||||
index ccf4a39..c8aeb06 100644
|
||||
--- a/fsck/fsck.h
|
||||
+++ b/fsck/fsck.h
|
||||
@@ -13,6 +13,17 @@
|
||||
|
||||
#include "f2fs.h"
|
||||
|
||||
+enum {
|
||||
+ FSCK_SUCCESS = 0,
|
||||
+ FSCK_ERROR_CORRECTED = 1 << 0,
|
||||
+ FSCK_SYSTEM_SHOULD_REBOOT = 1 << 1,
|
||||
+ FSCK_ERRORS_LEFT_UNCORRECTED = 1 << 2,
|
||||
+ FSCK_OPERATIONAL_ERROR = 1 << 3,
|
||||
+ FSCK_USAGE_OR_SYNTAX_ERROR = 1 << 4,
|
||||
+ FSCK_USER_CANCELLED = 1 << 5,
|
||||
+ FSCK_SHARED_LIB_ERROR = 1 << 7,
|
||||
+};
|
||||
+
|
||||
struct quota_ctx;
|
||||
|
||||
#define FSCK_UNMATCHED_EXTENT 0x00000001
|
||||
diff --git a/fsck/main.c b/fsck/main.c
|
||||
index 8c62a14..b0f2ec3 100644
|
||||
--- a/fsck/main.c
|
||||
+++ b/fsck/main.c
|
||||
@@ -591,7 +591,7 @@ void f2fs_parse_options(int argc, char *argv[])
|
||||
error_out(prog);
|
||||
}
|
||||
|
||||
-static void do_fsck(struct f2fs_sb_info *sbi)
|
||||
+static int do_fsck(struct f2fs_sb_info *sbi)
|
||||
{
|
||||
struct f2fs_checkpoint *ckpt = F2FS_CKPT(sbi);
|
||||
u32 flag = le32_to_cpu(ckpt->ckpt_flags);
|
||||
@@ -614,7 +614,7 @@ static void do_fsck(struct f2fs_sb_info *sbi)
|
||||
} else {
|
||||
MSG(0, "[FSCK] F2FS metadata [Ok..]");
|
||||
fsck_free(sbi);
|
||||
- return;
|
||||
+ return FSCK_SUCCESS;
|
||||
}
|
||||
|
||||
if (!c.ro)
|
||||
@@ -646,7 +646,7 @@ static void do_fsck(struct f2fs_sb_info *sbi)
|
||||
ret = quota_init_context(sbi);
|
||||
if (ret) {
|
||||
ASSERT_MSG("quota_init_context failure: %d", ret);
|
||||
- return;
|
||||
+ return FSCK_OPERATIONAL_ERROR;
|
||||
}
|
||||
}
|
||||
fsck_chk_orphan_node(sbi);
|
||||
@@ -654,8 +654,14 @@ static void do_fsck(struct f2fs_sb_info *sbi)
|
||||
F2FS_FT_DIR, TYPE_INODE, &blk_cnt, NULL);
|
||||
fsck_chk_quota_files(sbi);
|
||||
|
||||
- fsck_verify(sbi);
|
||||
+ ret = fsck_verify(sbi);
|
||||
fsck_free(sbi);
|
||||
+
|
||||
+ if (!c.bug_on)
|
||||
+ return FSCK_SUCCESS;
|
||||
+ if (!ret)
|
||||
+ return FSCK_ERROR_CORRECTED;
|
||||
+ return FSCK_ERRORS_LEFT_UNCORRECTED;
|
||||
}
|
||||
|
||||
static void do_dump(struct f2fs_sb_info *sbi)
|
||||
@@ -763,7 +769,7 @@ static int do_sload(struct f2fs_sb_info *sbi)
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
struct f2fs_sb_info *sbi;
|
||||
- int ret = 0;
|
||||
+ int ret = 0, ret2;
|
||||
clock_t start = clock();
|
||||
|
||||
f2fs_init_configuration();
|
||||
@@ -771,10 +777,15 @@ int main(int argc, char **argv)
|
||||
f2fs_parse_options(argc, argv);
|
||||
|
||||
if (c.func != DUMP && f2fs_devs_are_umounted() < 0) {
|
||||
- if (errno == EBUSY)
|
||||
+ if (errno == EBUSY) {
|
||||
+ if (c.func == FSCK)
|
||||
+ return FSCK_OPERATIONAL_ERROR;
|
||||
return -1;
|
||||
+ }
|
||||
if (!c.ro || c.func == DEFRAG) {
|
||||
MSG(0, "\tError: Not available on mounted device!\n");
|
||||
+ if (c.func == FSCK)
|
||||
+ return FSCK_OPERATIONAL_ERROR;
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -789,8 +800,11 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
/* Get device */
|
||||
- if (f2fs_get_device_info() < 0)
|
||||
+ if (f2fs_get_device_info() < 0) {
|
||||
+ if (c.func == FSCK)
|
||||
+ return FSCK_OPERATIONAL_ERROR;
|
||||
return -1;
|
||||
+ }
|
||||
|
||||
fsck_again:
|
||||
memset(&gfsck, 0, sizeof(gfsck));
|
||||
@@ -808,7 +822,7 @@ fsck_again:
|
||||
|
||||
switch (c.func) {
|
||||
case FSCK:
|
||||
- do_fsck(sbi);
|
||||
+ ret = do_fsck(sbi);
|
||||
break;
|
||||
#ifdef WITH_DUMP
|
||||
case DUMP:
|
||||
@@ -856,8 +870,8 @@ fsck_again:
|
||||
char ans[255] = {0};
|
||||
retry:
|
||||
printf("Do you want to fix this partition? [Y/N] ");
|
||||
- ret = scanf("%s", ans);
|
||||
- ASSERT(ret >= 0);
|
||||
+ ret2 = scanf("%s", ans);
|
||||
+ ASSERT(ret2 >= 0);
|
||||
if (!strcasecmp(ans, "y"))
|
||||
c.fix_on = 1;
|
||||
else if (!strcasecmp(ans, "n"))
|
||||
@@ -869,12 +883,15 @@ retry:
|
||||
goto fsck_again;
|
||||
}
|
||||
}
|
||||
- ret = f2fs_finalize_device();
|
||||
- if (ret < 0)
|
||||
- return ret;
|
||||
+ ret2 = f2fs_finalize_device();
|
||||
+ if (ret2) {
|
||||
+ if (c.func == FSCK)
|
||||
+ return FSCK_OPERATIONAL_ERROR;
|
||||
+ return ret2;
|
||||
+ }
|
||||
|
||||
printf("\nDone: %lf secs\n", (clock() - start) / (double)CLOCKS_PER_SEC);
|
||||
- return 0;
|
||||
+ return ret;
|
||||
|
||||
out_err:
|
||||
if (sbi->ckpt)
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# Locally calculated
|
||||
sha256 9df6c90aed1337634c1fb026fb01c154c29c82a64ea71291ff2da9aacb9aad31 ffmpeg-4.2.3.tar.xz
|
||||
sha256 0d5da81feba073ee78e0f18e0966bcaf91464ae75e18e9a0135186249e3d2a0b ffmpeg-4.2.4.tar.xz
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPLv2
|
||||
sha256 b634ab5640e258563c536e658cad87080553df6f34f62269a21d554844e58bfe COPYING.LGPLv2.1
|
||||
sha256 cad1218c22121b169fb1380178ab7a0b33cb38a3ff6d3915b8533d1d954f3ce7 LICENSE.md
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FFMPEG_VERSION = 4.2.3
|
||||
FFMPEG_VERSION = 4.2.4
|
||||
FFMPEG_SOURCE = ffmpeg-$(FFMPEG_VERSION).tar.xz
|
||||
FFMPEG_SITE = http://ffmpeg.org/releases
|
||||
FFMPEG_INSTALL_STAGING = YES
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
From a93eac0e843148dc2d631c3ba80af17e9c8c860f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?F=C3=A1bio=20Cabral=20Pacheco?= <fcabralpacheco@gmail.com>
|
||||
Date: Fri, 20 Dec 2019 12:03:33 -0300
|
||||
Subject: [PATCH] Fix potential NULL pointer dereference in gdImageClone()
|
||||
|
||||
[Retrieved (and updated to remove .gitignore and tests) from:
|
||||
https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
src/gd.c | 9 +--------
|
||||
tests/gdimageclone/.gitignore | 1 +
|
||||
tests/gdimageclone/CMakeLists.txt | 1 +
|
||||
tests/gdimageclone/Makemodule.am | 3 ++-
|
||||
tests/gdimageclone/style.c | 30 ++++++++++++++++++++++++++++++
|
||||
5 files changed, 35 insertions(+), 9 deletions(-)
|
||||
create mode 100644 tests/gdimageclone/style.c
|
||||
|
||||
diff --git a/src/gd.c b/src/gd.c
|
||||
index 592a0286..d564d1f9 100644
|
||||
--- a/src/gd.c
|
||||
+++ b/src/gd.c
|
||||
@@ -2865,14 +2865,6 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
|
||||
}
|
||||
}
|
||||
|
||||
- if (src->styleLength > 0) {
|
||||
- dst->styleLength = src->styleLength;
|
||||
- dst->stylePos = src->stylePos;
|
||||
- for (i = 0; i < src->styleLength; i++) {
|
||||
- dst->style[i] = src->style[i];
|
||||
- }
|
||||
- }
|
||||
-
|
||||
dst->interlace = src->interlace;
|
||||
|
||||
dst->alphaBlendingFlag = src->alphaBlendingFlag;
|
||||
@@ -2907,6 +2899,7 @@ BGD_DECLARE(gdImagePtr) gdImageClone (gdImagePtr src) {
|
||||
|
||||
if (src->style) {
|
||||
gdImageSetStyle(dst, src->style, src->styleLength);
|
||||
+ dst->stylePos = src->stylePos;
|
||||
}
|
||||
|
||||
for (i = 0; i < gdMaxColors; i++) {
|
||||
+39
@@ -0,0 +1,39 @@
|
||||
From 2e886046f86d0d6bfc14aab94a881259a081e3f4 Mon Sep 17 00:00:00 2001
|
||||
From: wilson chen <willson.chenwx@gmail.com>
|
||||
Date: Fri, 20 Dec 2019 10:12:04 +0800
|
||||
Subject: [PATCH] Fix #497: gdImageColorMatch Out Of Bounds Write on Heap
|
||||
(CVE-2019-6977)
|
||||
|
||||
Fixed CVE-2019-6977 and add corresponding testcase.
|
||||
|
||||
Original patch by Christoph M. Bechker <cmbecker69@gmx.de>
|
||||
https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
|
||||
|
||||
[Retrieved (and updated to remove .gitignore and tests) from:
|
||||
https://github.com/libgd/libgd/commit/2e886046f86d0d6bfc14aab94a881259a081e3f4]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
src/gd_color_match.c | 5 ++---
|
||||
tests/gdimagecolormatch/.gitignore | 1 +
|
||||
tests/gdimagecolormatch/CMakeLists.txt | 1 +
|
||||
tests/gdimagecolormatch/Makemodule.am | 1 +
|
||||
tests/gdimagecolormatch/cve_2019_6977.c | 25 +++++++++++++++++++++++++
|
||||
5 files changed, 30 insertions(+), 3 deletions(-)
|
||||
create mode 100644 tests/gdimagecolormatch/cve_2019_6977.c
|
||||
|
||||
diff --git a/src/gd_color_match.c b/src/gd_color_match.c
|
||||
index f0842b69..f0194302 100644
|
||||
--- a/src/gd_color_match.c
|
||||
+++ b/src/gd_color_match.c
|
||||
@@ -31,9 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
|
||||
return -4; /* At least 1 color must be allocated */
|
||||
}
|
||||
|
||||
- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
|
||||
- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
|
||||
-
|
||||
+ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
|
||||
+ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
|
||||
for (x=0; x < im1->sx; x++) {
|
||||
for( y=0; y<im1->sy; y++ ) {
|
||||
color = im2->pixels[y][x];
|
||||
@@ -14,6 +14,19 @@ GD_CONFIG_SCRIPTS = gdlib-config
|
||||
GD_CONF_OPTS = --without-x --disable-rpath --disable-werror
|
||||
GD_DEPENDENCIES = host-pkgconf
|
||||
|
||||
# 0001-bmp-check-return-value-in-gdImageBmpPtr.patch
|
||||
GD_IGNORE_CVES += CVE-2018-1000222
|
||||
# 0002-Fix-420-Potential-infinite-loop-in-gdImageCreateFrom.patch
|
||||
GD_IGNORE_CVES += CVE-2018-5711
|
||||
# 0003-Fix-501-Uninitialized-read-in-gdImageCreateFromXbm-C.patch
|
||||
GD_IGNORE_CVES += CVE-2019-11038
|
||||
# 0004-Fix-492-Potential-double-free-in-gdImage-Ptr.patch
|
||||
GD_IGNORE_CVES += CVE-2019-6978
|
||||
# 0005-Fix-potential-NULL-pointer-dereference-in-gdImageClone.patch
|
||||
GD_IGNORE_CVES += CVE-2018-14553
|
||||
# 0006-Fix-497-gdImageColorMatch-Out-Of-Bounds-Write-on-Heap-CVE-2019-6977.patch
|
||||
GD_IGNORE_CVES += CVE-2019-6977
|
||||
|
||||
# gd forgets to link utilities with -pthread even though it uses
|
||||
# pthreads, causing linking errors with static linking
|
||||
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.10.sha256sum
|
||||
sha256 f8f6fa896b89475c73b6e9e8d2a2b062fc359c4b4ccb8e96470d6ab5da949ace gdk-pixbuf-2.36.10.tar.xz
|
||||
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.36/gdk-pixbuf-2.36.12.sha256sum
|
||||
sha256 fff85cf48223ab60e3c3c8318e2087131b590fd6f1737e42cb3759a3b427a334 gdk-pixbuf-2.36.12.tar.xz
|
||||
# Locally calculated
|
||||
sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
|
||||
sha256 d245807f90032872d1438d741ed21e2490e1175dc8aa3afa5ddb6c8e529b58e5 COPYING
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
################################################################################
|
||||
|
||||
GDK_PIXBUF_VERSION_MAJOR = 2.36
|
||||
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).10
|
||||
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).12
|
||||
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
|
||||
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
|
||||
GDK_PIXBUF_LICENSE = LGPL-2.0+
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs950/SHA512SUMS
|
||||
sha512 3c1e5db519a427f4b6bfb8d93f3c3dfb67d5ec9ccd19c7afa7670deb768515f3fc617c5588e54934bbfbedfdf8609ce2ffa36dd7da3cb618937fe034f64f43ee ghostscript-9.50.tar.xz
|
||||
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/SHA512SUMS
|
||||
sha512 4c4a33884e1138bad553eee61fac1a72158297ad5c2ce46a4b36150848dea8158affaf2b902f4ff03e4f72ebc8154c198b618112624f409230a610b7648faa67 ghostscript-9.52.tar.xz
|
||||
|
||||
# Hash for license file:
|
||||
sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2 LICENSE
|
||||
sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2 LICENSE
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
GHOSTSCRIPT_VERSION = 9.50
|
||||
GHOSTSCRIPT_VERSION = 9.52
|
||||
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
|
||||
GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
|
||||
GHOSTSCRIPT_LICENSE = AGPL-3.0
|
||||
@@ -34,7 +34,8 @@ GHOSTSCRIPT_POST_PATCH_HOOKS += GHOSTSCRIPT_REMOVE_LIBS
|
||||
|
||||
GHOSTSCRIPT_CONF_ENV = \
|
||||
CCAUX="$(HOSTCC)" \
|
||||
CFLAGSAUX="$(HOST_CFLAGS) $(HOST_LDFLAGS)"
|
||||
CFLAGSAUX="$(HOST_CFLAGS) $(HOST_LDFLAGS)" \
|
||||
PKGCONFIG="$(PKG_CONFIG_HOST_BINARY)"
|
||||
|
||||
GHOSTSCRIPT_CONF_OPTS = \
|
||||
--disable-compile-inits \
|
||||
|
||||
+1
-1
@@ -1,5 +1,5 @@
|
||||
# Locally calculated (fetched from Github)
|
||||
sha256 4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
|
||||
sha256 ce788d30851a215d58ff94c972d9cff5956725cc5ee906298711ddc63078c315 glibc-2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d.tar.gz
|
||||
|
||||
# Hashes for license files
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||
@@ -17,7 +17,7 @@ else
|
||||
# Generate version string using:
|
||||
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
||||
# When updating the version, please also update localedef
|
||||
GLIBC_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
|
||||
GLIBC_VERSION = 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d
|
||||
# Upstream doesn't officially provide an https download link.
|
||||
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
|
||||
# sometimes the connection times out. So use an unofficial github mirror.
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
From 1bc387f8feaab9020be72e88cf26ccc1a67a6a10 Mon Sep 17 00:00:00 2001
|
||||
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
Date: Sat, 22 Aug 2020 23:33:48 +0200
|
||||
Subject: [PATCH] meson: allow the user to disable opencv
|
||||
|
||||
Allow the user to really disable opencv through meson (i.e.
|
||||
-Dopencv=disabled).
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Upstream status:
|
||||
https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1533]
|
||||
---
|
||||
gst-libs/gst/opencv/meson.build | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gst-libs/gst/opencv/meson.build b/gst-libs/gst/opencv/meson.build
|
||||
index 6cc4602f3..fb6c46e40 100644
|
||||
--- a/gst-libs/gst/opencv/meson.build
|
||||
+++ b/gst-libs/gst/opencv/meson.build
|
||||
@@ -13,7 +13,7 @@ opencv_dep = dependency('opencv', version : '>= 3.0.0', required : false)
|
||||
if not opencv_dep.found()
|
||||
opencv_dep = dependency('opencv4', version : '>= 4.0.0', required : false)
|
||||
endif
|
||||
-if opencv_dep.found()
|
||||
+if not get_option('opencv').disabled() and opencv_dep.found()
|
||||
gstopencv = library('gstopencv-' + api_version,
|
||||
opencv_sources,
|
||||
c_args : gst_plugins_bad_args + ['-DBUILDING_GST_OPENCV'],
|
||||
--
|
||||
2.28.0
|
||||
|
||||
@@ -1,3 +1,6 @@
|
||||
# Locally calculated
|
||||
sha256 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 hostapd-2.9.tar.gz
|
||||
sha256 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
|
||||
sha256 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
|
||||
sha256 a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
|
||||
sha256 9da5dd0776da266b180b915e460ff75c6ff729aca1196ab396529510f24f3761 README
|
||||
|
||||
@@ -8,6 +8,10 @@ HOSTAPD_VERSION = 2.9
|
||||
HOSTAPD_SITE = http://w1.fi/releases
|
||||
HOSTAPD_SUBDIR = hostapd
|
||||
HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
|
||||
HOSTAPD_PATCH = \
|
||||
https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
|
||||
https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
|
||||
https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
|
||||
HOSTAPD_DEPENDENCIES = host-pkgconf
|
||||
HOSTAPD_CFLAGS = $(TARGET_CFLAGS)
|
||||
HOSTAPD_LICENSE = BSD-3-Clause
|
||||
@@ -16,6 +20,9 @@ HOSTAPD_LICENSE_FILES = README
|
||||
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2019-16275
|
||||
|
||||
# 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2020-12695
|
||||
|
||||
HOSTAPD_CONFIG_SET =
|
||||
|
||||
HOSTAPD_CONFIG_ENABLE = \
|
||||
|
||||
@@ -40,13 +40,8 @@ IPUTILS_DEPENDENCIES += libgcrypt
|
||||
else ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||
IPUTILS_CONF_OPTS += -DUSE_CRYPTO=openssl
|
||||
IPUTILS_DEPENDENCIES += openssl
|
||||
else ifeq ($(BR2_PACKAGE_LINUX_HEADERS),y)
|
||||
IPUTILS_CONF_OPTS += -DUSE_CRYPTO=kernel
|
||||
IPUTILS_DEPENDENCIES += linux-headers
|
||||
else
|
||||
IPUTILS_CONF_OPTS += -DUSE_CRYPTO=none
|
||||
# BUILD_NINFOD=true and USE_CRYPTO=none cannot be combined
|
||||
IPUTILS_NINFOD = n
|
||||
IPUTILS_CONF_OPTS += -DUSE_CRYPTO=kernel
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_SYSTEMD),y)
|
||||
|
||||
@@ -89,7 +89,6 @@ config BR2_PACKAGE_JANUS_GATEWAY_UNIX_SOCKETS
|
||||
|
||||
config BR2_PACKAGE_JANUS_GATEWAY_WEBSOCKETS
|
||||
bool "WebSockets"
|
||||
depends on BR2_USE_MMU
|
||||
select BR2_PACKAGE_LIBWEBSOCKETS
|
||||
|
||||
endif
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
From 24fc4d6f01d2d4c8297d1bebec02360f796e01c2 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Vetter <jubalh@iodoru.org>
|
||||
Date: Mon, 4 Nov 2019 18:17:44 +0100
|
||||
Subject: [PATCH] Verify range data in jp2_pclr_getdata
|
||||
|
||||
This fixes CVE-2018-19541.
|
||||
We need to verify the data is in the expected range. Otherwise we get
|
||||
problems later.
|
||||
|
||||
This is a better fix for https://github.com/mdadams/jasper/pull/199
|
||||
which caused segfaults under certain circumstances.
|
||||
|
||||
Patch by Adam Majer <adam.majer@suse.de>
|
||||
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
|
||||
---
|
||||
src/libjasper/jp2/jp2_cod.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/libjasper/jp2/jp2_cod.c b/src/libjasper/jp2/jp2_cod.c
|
||||
index 890e6ad..0f8d804 100644
|
||||
--- a/src/libjasper/jp2/jp2_cod.c
|
||||
+++ b/src/libjasper/jp2/jp2_cod.c
|
||||
@@ -855,6 +855,12 @@ static int jp2_pclr_getdata(jp2_box_t *box, jas_stream_t *in)
|
||||
jp2_getuint8(in, &pclr->numchans)) {
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
+ // verify in range data as per I.5.3.4 - Palette box
|
||||
+ if (pclr->numchans < 1 || pclr->numlutents < 1 || pclr->numlutents > 1024) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
lutsize = pclr->numlutents * pclr->numchans;
|
||||
if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
|
||||
return -1;
|
||||
@@ -1,24 +0,0 @@
|
||||
From fc62d1b7164ded2405fd6a0604548b34a5a77462 Mon Sep 17 00:00:00 2001
|
||||
From: Timothy Lyanguzov <timothy.lyanguzov@sap.com>
|
||||
Date: Mon, 18 Mar 2019 16:46:24 +1300
|
||||
Subject: [PATCH] Fix CVE-2018-19542: Check for NULL pointer in jp2_decode
|
||||
|
||||
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
|
||||
---
|
||||
src/libjasper/jp2/jp2_dec.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
|
||||
index 03b0eaf..a535c19 100644
|
||||
--- a/src/libjasper/jp2/jp2_dec.c
|
||||
+++ b/src/libjasper/jp2/jp2_dec.c
|
||||
@@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
|
||||
jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
|
||||
}
|
||||
#endif
|
||||
+ } else {
|
||||
+ jas_eprintf("error: invalid MTYP in CMAP box\n");
|
||||
+ goto error;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
From e38454aa1a15b78c028a778fc8bfba3587e25c25 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Vetter <jubalh@iodoru.org>
|
||||
Date: Fri, 15 Mar 2019 11:01:02 +0100
|
||||
Subject: [PATCH] Make sure asclen is at least 1
|
||||
|
||||
If txtdesc->asclen is < 1, the array index of txtdesc->ascdata will be negative which causes the heap based overflow.
|
||||
|
||||
Regards CVE-2018-19540.
|
||||
Regards https://github.com/mdadams/jasper/issues/182 bug#3
|
||||
Fix by Markus Koschany <apo@debian.org>.
|
||||
From https://gist.github.com/apoleon/13598a45bf6522f6a79b77a629205823
|
||||
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
|
||||
---
|
||||
src/libjasper/base/jas_icc.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
|
||||
index 4607930..762c0e8 100644
|
||||
--- a/src/libjasper/base/jas_icc.c
|
||||
+++ b/src/libjasper/base/jas_icc.c
|
||||
@@ -1104,6 +1104,8 @@ static int jas_icctxtdesc_input(jas_iccattrval_t *attrval, jas_stream_t *in,
|
||||
if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) !=
|
||||
JAS_CAST(int, txtdesc->asclen))
|
||||
goto error;
|
||||
+ if (txtdesc->asclen < 1)
|
||||
+ goto error;
|
||||
txtdesc->ascdata[txtdesc->asclen - 1] = '\0';
|
||||
if (jas_iccgetuint32(in, &txtdesc->uclangcode) ||
|
||||
jas_iccgetuint32(in, &txtdesc->uclen))
|
||||
@@ -1,3 +1,3 @@
|
||||
# Locally calculated
|
||||
sha256 f1d8b90f231184d99968f361884e2054a1714fdbbd9944ba1ae4ebdcc9bbfdb1 jasper-2.0.16.tar.gz
|
||||
sha256 b9d16162a088617ada36450f2374d72165377cb64b33ed197c200bcfb73ec76c jasper-2.0.19.tar.gz
|
||||
sha256 4ad1bb42aff888c4403d792e6e2c5f1716d6c279fea70b296333c9d577d30b81 LICENSE
|
||||
|
||||
@@ -4,8 +4,8 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
JASPER_VERSION = 2.0.16
|
||||
JASPER_SITE = $(call github,mdadams,jasper,version-$(JASPER_VERSION))
|
||||
JASPER_VERSION = 2.0.19
|
||||
JASPER_SITE = $(call github,jasper-software,jasper,version-$(JASPER_VERSION))
|
||||
JASPER_INSTALL_STAGING = YES
|
||||
JASPER_LICENSE = JasPer-2.0
|
||||
JASPER_LICENSE_FILES = LICENSE
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# From https://github.com/json-c/json-c/wiki
|
||||
sha256 b87e608d4d3f7bfdd36ef78d56d53c74e66ab278d318b71e6002a369d36f4873 json-c-0.13.1.tar.gz
|
||||
sha256 b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6 json-c-0.15.tar.gz
|
||||
# Locally calculated
|
||||
sha256 74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c COPYING
|
||||
sha256 74c1e6ca5eba76b54d0ad00d4815c8315c1b3bc45ff99de61d103dc92486284c COPYING
|
||||
|
||||
@@ -4,19 +4,11 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
JSON_C_VERSION = 0.13.1
|
||||
JSON_C_VERSION = 0.15
|
||||
JSON_C_SITE = https://s3.amazonaws.com/json-c_releases/releases
|
||||
JSON_C_INSTALL_STAGING = YES
|
||||
JSON_C_LICENSE = MIT
|
||||
JSON_C_LICENSE_FILES = COPYING
|
||||
|
||||
# update config.h.in timestamp to avoid autoheader run
|
||||
define JSON_C_UPDATE_CONFIG_TIMESTAMP
|
||||
touch $(@D)/config.h.in
|
||||
endef
|
||||
|
||||
JSON_C_POST_EXTRACT_HOOKS += JSON_C_UPDATE_CONFIG_TIMESTAMP
|
||||
HOST_JSON_C_POST_EXTRACT_HOOKS += JSON_C_UPDATE_CONFIG_TIMESTAMP
|
||||
|
||||
$(eval $(autotools-package))
|
||||
$(eval $(host-autotools-package))
|
||||
$(eval $(cmake-package))
|
||||
$(eval $(host-cmake-package))
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
From 3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <3a46be47cad5a3498b5f6d6007b7d1fe5b8dff78.1594274321.git.baruch@tkos.co.il>
|
||||
From: Baruch Siach <baruch@tkos.co.il>
|
||||
Date: Thu, 9 Jul 2020 08:14:49 +0300
|
||||
Subject: [PATCH] bearssl: fix build with disabled proxy support
|
||||
|
||||
Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
|
||||
defined.
|
||||
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
---
|
||||
Upstream status: https://github.com/curl/curl/pull/5666
|
||||
|
||||
lib/vtls/bearssl.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c
|
||||
index 628e16a124a9..44e7406e8e39 100644
|
||||
--- a/lib/vtls/bearssl.c
|
||||
+++ b/lib/vtls/bearssl.c
|
||||
@@ -300,8 +300,12 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
struct ssl_backend_data *backend = connssl->backend;
|
||||
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
||||
conn->host.name;
|
||||
+#else
|
||||
+ const char *hostname = conn->host.name;
|
||||
+#endif
|
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||
const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
|
||||
CURLcode ret;
|
||||
@@ -386,8 +390,11 @@ static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
|
||||
*/
|
||||
|
||||
#ifdef USE_NGHTTP2
|
||||
- if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
||||
- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
|
||||
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
+ && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||
+#endif
|
||||
+ ) {
|
||||
backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
|
||||
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
||||
}
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
From d040da28f57d0b3fcd6f63809a8c85a600f87a62 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <d040da28f57d0b3fcd6f63809a8c85a600f87a62.1594274337.git.baruch@tkos.co.il>
|
||||
From: Baruch Siach <baruch@tkos.co.il>
|
||||
Date: Thu, 9 Jul 2020 08:14:49 +0300
|
||||
Subject: [PATCH] nss: fix build with disabled proxy support
|
||||
|
||||
Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
|
||||
defined.
|
||||
|
||||
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
|
||||
---
|
||||
Upstream status: https://github.com/curl/curl/pull/5667
|
||||
|
||||
lib/vtls/nss.c | 44 +++++++++++++++++++++++++++++++++++---------
|
||||
1 file changed, 35 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
|
||||
index fca292613815..0f0d1ee6c80f 100644
|
||||
--- a/lib/vtls/nss.c
|
||||
+++ b/lib/vtls/nss.c
|
||||
@@ -1027,9 +1027,11 @@ static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
|
||||
CERTCertificate *cert;
|
||||
|
||||
/* remember the cert verification result */
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
if(SSL_IS_PROXY())
|
||||
data->set.proxy_ssl.certverifyresult = err;
|
||||
else
|
||||
+#endif
|
||||
data->set.ssl.certverifyresult = err;
|
||||
|
||||
if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost))
|
||||
@@ -1553,24 +1555,32 @@ static void nss_close(struct ssl_connect_data *connssl)
|
||||
static void Curl_nss_close(struct connectdata *conn, int sockindex)
|
||||
{
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
|
||||
+#endif
|
||||
struct ssl_backend_data *backend = connssl->backend;
|
||||
|
||||
- if(backend->handle || connssl_proxy->backend->handle) {
|
||||
+ if(backend->handle
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
+ || connssl_proxy->backend->handle
|
||||
+#endif
|
||||
+ ) {
|
||||
/* NSS closes the socket we previously handed to it, so we must mark it
|
||||
as closed to avoid double close */
|
||||
fake_sclose(conn->sock[sockindex]);
|
||||
conn->sock[sockindex] = CURL_SOCKET_BAD;
|
||||
}
|
||||
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
if(backend->handle)
|
||||
/* nss_close(connssl) will transitively close also
|
||||
connssl_proxy->backend->handle if both are used. Clear it to avoid
|
||||
a double close leading to crash. */
|
||||
connssl_proxy->backend->handle = NULL;
|
||||
|
||||
- nss_close(connssl);
|
||||
nss_close(connssl_proxy);
|
||||
+#endif
|
||||
+ nss_close(connssl);
|
||||
}
|
||||
|
||||
/* return true if NSS can provide error code (and possibly msg) for the
|
||||
@@ -1828,6 +1838,12 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
CURLcode result;
|
||||
bool second_layer = FALSE;
|
||||
SSLVersionRange sslver_supported;
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
+ const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
||||
+ conn->host.name;
|
||||
+#else
|
||||
+ const char *hostname = conn->host.name;
|
||||
+#endif
|
||||
|
||||
SSLVersionRange sslver = {
|
||||
SSL_LIBRARY_VERSION_TLS_1_0, /* min */
|
||||
@@ -1932,9 +1948,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
goto error;
|
||||
|
||||
/* not checked yet */
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
if(SSL_IS_PROXY())
|
||||
data->set.proxy_ssl.certverifyresult = 0;
|
||||
else
|
||||
+#endif
|
||||
data->set.ssl.certverifyresult = 0;
|
||||
|
||||
if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
|
||||
@@ -1991,12 +2009,14 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
goto error;
|
||||
}
|
||||
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
if(conn->proxy_ssl[sockindex].use) {
|
||||
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
||||
DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
|
||||
nspr_io = conn->proxy_ssl[sockindex].backend->handle;
|
||||
second_layer = TRUE;
|
||||
}
|
||||
+#endif
|
||||
else {
|
||||
/* wrap OS file descriptor by NSPR's file descriptor abstraction */
|
||||
nspr_io = PR_ImportTCPSocket(sockfd);
|
||||
@@ -2077,8 +2097,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
unsigned char protocols[128];
|
||||
|
||||
#ifdef USE_NGHTTP2
|
||||
- if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
||||
- (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
|
||||
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
+ && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
||||
+#endif
|
||||
+ ) {
|
||||
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
||||
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
||||
NGHTTP2_PROTO_VERSION_ID_LEN);
|
||||
@@ -2101,14 +2124,11 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
||||
goto error;
|
||||
|
||||
/* propagate hostname to the TLS layer */
|
||||
- if(SSL_SetURL(backend->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
||||
- conn->host.name) != SECSuccess)
|
||||
+ if(SSL_SetURL(backend->handle, hostname) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
/* prevent NSS from re-using the session for a different hostname */
|
||||
- if(SSL_SetSockPeerID(backend->handle, SSL_IS_PROXY() ?
|
||||
- conn->http_proxy.host.name : conn->host.name)
|
||||
- != SECSuccess)
|
||||
+ if(SSL_SetSockPeerID(backend->handle, hostname) != SECSuccess)
|
||||
goto error;
|
||||
|
||||
return CURLE_OK;
|
||||
@@ -2127,11 +2147,17 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
|
||||
struct Curl_easy *data = conn->data;
|
||||
CURLcode result = CURLE_SSL_CONNECT_ERROR;
|
||||
PRUint32 timeout;
|
||||
+#ifndef CURL_DISABLE_PROXY
|
||||
long * const certverifyresult = SSL_IS_PROXY() ?
|
||||
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
||||
const char * const pinnedpubkey = SSL_IS_PROXY() ?
|
||||
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
|
||||
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
||||
+#else
|
||||
+ long * const certverifyresult = &data->set.ssl.certverifyresult;
|
||||
+ const char * const pinnedpubkey =
|
||||
+ data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
||||
+#endif
|
||||
|
||||
|
||||
/* check timeout situation */
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# Locally calculated after checking pgp signature
|
||||
# https://curl.haxx.se/download/curl-7.71.1.tar.xz.asc
|
||||
# https://curl.haxx.se/download/curl-7.72.0.tar.xz.asc
|
||||
# signed with key 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2
|
||||
sha256 40f83eda27cdbeb25cd4da48cefb639af1b9395d6026d2da1825bf059239658c curl-7.71.1.tar.xz
|
||||
sha256 0ded0808c4d85f2ee0db86980ae610cc9d165e9ca9da466196cc73c346513713 curl-7.72.0.tar.xz
|
||||
sha256 db3c4a3b3695a0f317a0c5176acd2f656d18abc45b3ee78e50935a78eb1e132e COPYING
|
||||
|
||||
@@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBCURL_VERSION = 7.71.1
|
||||
LIBCURL_VERSION = 7.72.0
|
||||
LIBCURL_SOURCE = curl-$(LIBCURL_VERSION).tar.xz
|
||||
LIBCURL_SITE = https://curl.haxx.se/download
|
||||
LIBCURL_DEPENDENCIES = host-pkgconf \
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
config BR2_PACKAGE_LIBWEBSOCKETS
|
||||
bool "libwebsockets"
|
||||
depends on BR2_USE_MMU # fork()
|
||||
select BR2_PACKAGE_ZLIB
|
||||
help
|
||||
Libwebsockets is a lightweight pure C library built to use
|
||||
|
||||
@@ -318,11 +318,11 @@ endchoice
|
||||
|
||||
config BR2_DEFAULT_KERNEL_HEADERS
|
||||
string
|
||||
default "4.4.226" if BR2_KERNEL_HEADERS_4_4
|
||||
default "4.9.226" if BR2_KERNEL_HEADERS_4_9
|
||||
default "4.14.183" if BR2_KERNEL_HEADERS_4_14
|
||||
default "4.19.127" if BR2_KERNEL_HEADERS_4_19
|
||||
default "5.4.45" if BR2_KERNEL_HEADERS_5_4
|
||||
default "4.4.234" if BR2_KERNEL_HEADERS_4_4
|
||||
default "4.9.234" if BR2_KERNEL_HEADERS_4_9
|
||||
default "4.14.195" if BR2_KERNEL_HEADERS_4_14
|
||||
default "4.19.142" if BR2_KERNEL_HEADERS_4_19
|
||||
default "5.4.61" if BR2_KERNEL_HEADERS_5_4
|
||||
default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
|
||||
default "custom" if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
|
||||
default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# From http://www.live555.com/liveMedia/public/live555-latest-md5.txt
|
||||
md5 12e105c8fef9d34658d68367dc26a3d9 live.2019.09.30.tar.gz
|
||||
# Locally generated
|
||||
sha256 ef44f48a84324525cebc2081dd2d0f1e908f2d0a79d9d30dd41967e142dfb06b live.2019.09.30.tar.gz
|
||||
sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 COPYING
|
||||
sha256 ef44f48a84324525cebc2081dd2d0f1e908f2d0a79d9d30dd41967e142dfb06b live.2019.09.30.tar.gz
|
||||
sha256 da7eabb7bafdf7d3ae5e9f223aa5bdc1eece45ac569dc21b3b037520b4464768 COPYING.LESSER
|
||||
|
||||
@@ -7,8 +7,12 @@
|
||||
LIVE555_VERSION = 2019.09.30
|
||||
LIVE555_SOURCE = live.$(LIVE555_VERSION).tar.gz
|
||||
LIVE555_SITE = http://www.live555.com/liveMedia/public
|
||||
LIVE555_LICENSE = LGPL-2.1+
|
||||
LIVE555_LICENSE_FILES = COPYING
|
||||
# There is a COPYING file with the GPL-3.0 license text, but none of
|
||||
# the source files appear to be released under GPL-3.0, and the
|
||||
# project web site says it's licensed under the LGPL:
|
||||
# http://live555.com/liveMedia/faq.html#copyright-and-license
|
||||
LIVE555_LICENSE = LGPL-3.0+
|
||||
LIVE555_LICENSE_FILES = COPYING.LESSER
|
||||
LIVE555_INSTALL_STAGING = YES
|
||||
|
||||
LIVE555_CFLAGS = $(TARGET_CFLAGS)
|
||||
|
||||
@@ -320,6 +320,7 @@ config BR2_PACKAGE_MESA3D_XVMC
|
||||
depends on BR2_PACKAGE_XORG7
|
||||
depends on BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_NOUVEAU \
|
||||
|| BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_R600
|
||||
select BR2_PACKAGE_MESA3D_NEEDS_X11
|
||||
select BR2_PACKAGE_XLIB_LIBXV
|
||||
select BR2_PACKAGE_XLIB_LIBXVMC
|
||||
help
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# Locally calculated after checking gpg signature
|
||||
# from https://mosquitto.org/files/source/mosquitto-1.6.9.tar.gz.asc
|
||||
sha256 412979b2db0a0020bd02fa64f0a0de9e7000b84462586e32b67f29bb1f6c1685 mosquitto-1.6.9.tar.gz
|
||||
# from https://mosquitto.org/files/source/mosquitto-1.6.12.tar.gz.asc
|
||||
sha256 548d73d19fb787dd0530334e398fd256ef3a581181678488a741a995c4f007fb mosquitto-1.6.12.tar.gz
|
||||
|
||||
# License files
|
||||
sha256 cc77e25bafd40637b7084f04086d606f0a200051b61806f97c93405926670bc1 LICENSE.txt
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user