NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Release 2019.02-rc1

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iHAEABECADAWIQSrB9gG0s50H7iG7lCwJbqLWcNjGQUCXGPPyRIcamFjbWV0QHVj
 bGliYy5vcmcACgkQsCW6i1nDYxlq/ACg0grNI9aHdoTLXdIehHDes+9T+v4AoKaU
 g4JR3RkQ3gePPFlrwnJgBpRJ
 =le0M
 -----END PGP SIGNATURE-----

Merge tag '2019.02-rc1' into next

Release 2019.02-rc1
This commit is contained in:
Thomas Petazzoni 2019-02-13 22:47:01 +01:00
commit c79fd35241
90 changed files with 3673 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
CHANGES
View File

@ -1,3 +1,153 @@
2019.02-rc1, released February 13th, 2019
Fixes all over the tree and new features.
Dependencies:
Require Python >= 2.7 as it is needed for E.G. building
libglib2.
Ensure GNU gzip is used for reproducible tarballs (instead of
pigz)
Infrastucture:
Ensure the PLATFORM and OS environment variables are not set,
as they cause build issues for some packages.
The package list infrastructure now correctly handles packages
installing files with old mtime.
Add a config option to force all optional host utilities to be
built, even if suitable versions are available on the build
machine.
graph-build-time: Also show time spent downloading
Download: fixes for SSH/SCP support
Ensure user provided permissions override permissions from
packages.
SDK: Fix handling of relative symlinks (targets starting with
'.' or '..')
BR2_SYSTEM_DEFAULT_PATH setting to customize the default path
for processes.
The custom skeleton logic will now populate the needed /bin,
/lib, /sbin directories/symlinks if not present. Merged /usr
can now be used with a custom skeleton.
Rootfs overlays can now override symbolic links from
packages. This was disabled to ensure the correct symbolic
links are present when merged /usr is used. Instead validate
that the rootfs overlays do not include invalid /bin, /sbin
and /lib entries.
The waf infrastructure now support the <pkg>_SUBDIR variable,
similar to the other package types.
cmake: Also set CMAKE_SYSTEM_VERSION in toolchainfile.cmake
Various improvements to the meson infrastructure.
Luarocks: A Buildroot addon has been added to automate
creating a Buildroot package from luarocks, similar to
scancpan and scanpypi.
scanpypi: protect against zip-slip vulnerability in zip/tar
handling
check-package: fix Python 3 support
get-developers: Fix behaviour when called from elsewhere than
the toplevel directory.
pkg-stats: Show latest upstream version of each package, based
on data from release-monitoring.org
kconfig: Fix for make linux-menuconfig / uboot-menuconfig from
a clean tree when ccache is enabled.
Default to sha256 password encoding, drop md5 support.
Architecture:
Support for RISC-V 32bit architecture, ARM A55, 75 and Saphira
variants, MIPS support for mips32r3, mips64r3 and Marvell
Octeon II/III variants.
Toolchain:
ARC toolchain 2018.09, ARM 8.2-2018.11, Codescape IMG/MTI MIPS
2018.09-02, MUSL 1.1.21, GCC 6.5.0 / 7.4.0, GDB 8.2.1
Packages:
openssl: Bump to 1.1.1x series, bringing TLSv1.3 support and
long term support.
fftw: Split into fftw-{single,double,long-double,quad}
packages for the different data precision options.
libcurl: Now has explicit TLS backend selection options.
linux: Support building device tree blobs with the -@ option
for device tree overlays.
weston: The weston-imx i.MX variant is now used when
imx-gpu-viv is enabled
pkgconf: Update to 1.5.3, which brings support for
--define-prefix (used by GStreamer)
Add host-python3-setuptools package to handle host python
packages needing python3 with setuptools support.
New defconfigs: Aarch64 EFI, Orangepi one plus, Orangepi lite
2, QEMU RISC-V 32bit virt, Rock64
New packages: brcm-patchram-plus, clinfo, cunit, docker-cli,
erlang-p1-eimp, exempi, fail2ban, fftw-double,
fftw-double-long, fftw-quad, fftw-single, gerbera, grpc,
gst1-shark, intel-gmmlib, iwd, kf5-kcoreaddons, libeastl,
libpackagekite, libtorrent-rasterbar, lua-std-debug,
lua-std-normalize, mini-snmpd, netsurf, pamtester, pcm-tools,
python-aiodns, python-aiohttp, python-aiohttp-jinja2,
python-aiohttp-remotes, python-aiohttp-security,
python-aiohttp-session, python-aiohttpd-sse, python-aiojobs,
python-cchardet, python-pycares, python-sentry-sdk,
python-wtforms, python3-setuptools, rcw, rtc-tools, shim,
utp_com, vmtouch, websocketpp
Removed packages: fftw, lua 5.2.x, luacrypto, perl-time-hires,
python-pyqt, qt, qtuio, tn5250
Issues resolved (http://bugs.uclibc.org):
#10851: Patch to handle numpad Enter key properly
#11066: x11r7 X11 S40xorg leads to a black screen on QEMU x86..
#11126: Bash Shell Programming using Buildroot
#11426: pps-tools bash dependency
#11476: stdio2.h error invalid use of __builtin_va_arg_pack
#11536: dt-utils building fails with glibc 2.28
#11546: open-vm-tools with glibc 2.28
#11566: Fix init script
#11576: Unable to start apache with event MPM on raspberry pi 3
#11591: [pkgconf 1.5.3] xserver OpenGL support is missing
#11606: libjpeg has no Config.in
#11616: 2018.02.09 fails to build libzlib with full RELRO..
#11656: Custom device tree and u-boot boot.scr not integrated..
#11666: Touchscreen with (Py)Qt5 should use tslib instead of evdev
2018.11.2, Released January 30th, 2019
Important / security related fixes.

6
Config.in.legacy
View File

@ -207,12 +207,6 @@ config BR2_PACKAGE_GNURADIO_QTGUI
help
The gr-qtgui option was removed.
config BR2_PACKAGE_MONGODB
bool "mongodb package removed"
select BR2_LEGACY
help
The mongodb package was removed.
config BR2_PACKAGE_LUACRYPTO
bool "luacrypto package removed"
select BR2_LEGACY

1
DEVELOPERS
View File

@ -797,6 +797,7 @@ F: package/libxslt/
F: package/mbedtls/
F: package/minissdpd/
F: package/minizip/
F: package/mongodb/
F: package/motion/
F: package/mutt/
F: package/ncmpc/

4
Makefile
View File

@ -92,9 +92,9 @@ all:
.PHONY: all
# Set and export the version string
export BR2_VERSION := 2019.02-git
export BR2_VERSION := 2019.02-rc1
# Actual time the release is cut (for reproducible builds)
BR2_VERSION_EPOCH = 1543701000
BR2_VERSION_EPOCH = 1550044800
# Save running make version since it's clobbered by the make package
RUNNING_MAKE_VERSION := $(MAKE_VERSION)

2
board/pc/post-build.sh
View File

@ -7,4 +7,4 @@ BOARD_DIR=$(dirname "$0")
cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg"
# Copy grub 1st stage to binaries, required for genimage
cp -f "$HOST_DIR/lib/grub/i387-pc/boot.img" "$BINARIES_DIR"
cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR"

75
board/qemu/arm-versatile/patches/linux/versatile-nommu.patch
View File

@ -1,10 +1,30 @@
Signed-Off-by: Waldemar Brodkorb <wbx@openadk.org>
From LKML.
From 4ac4324dcdaf237aa34545b3795acb2e5c42d10e Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Fri, 1 Feb 2019 11:36:20 +0100
Subject: [PATCH] arm-versatile-nommu: Linux patch
diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig
--- linux-4.15.13.orig/arch/arm/Kconfig 2018-03-24 11:02:53.000000000 +0100
+++ linux-4.15.13/arch/arm/Kconfig 2018-04-01 03:47:33.415078244 +0100
@@ -355,6 +355,17 @@
Originally made by Waldemar Brodkorb <wbx@openadk.org> from LKML.
Signed-Off-by: Waldemar Brodkorb <wbx@openadk.org>
[Gerome: reformated as a Git patch]
Signed-off-by: Gerome Burlats <gerome.burlats@smile.fr>
[Romain: fix Waldemar's authorship in Git patch]
Signed-off-by: Romain Naour <romain.naour@smile.fr>
---
arch/arm/Kconfig | 11 +++++++++++
arch/arm/Kconfig.debug | 3 ++-
arch/arm/include/asm/mach/map.h | 1 +
arch/arm/mach-versatile/Kconfig | 5 +++--
arch/arm/mach-versatile/Makefile.boot | 3 +++
arch/arm/mach-versatile/versatile_dt.c | 4 ++++
6 files changed, 24 insertions(+), 3 deletions(-)
create mode 100644 arch/arm/mach-versatile/Makefile.boot
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index e8cd55a5b04c..fc2dbff70394 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -353,6 +353,17 @@ config ARM_SINGLE_ARMV7M
select SPARSE_IRQ
select USE_OF
@ -22,10 +42,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig
config ARCH_EBSA110
bool "EBSA-110"
select ARCH_USES_GETTIMEOFFSET
diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconfig.debug
--- linux-4.15.13.orig/arch/arm/Kconfig.debug 2018-03-24 11:02:53.000000000 +0100
+++ linux-4.15.13/arch/arm/Kconfig.debug 2018-04-01 03:47:33.416078232 +0100
@@ -1795,7 +1795,8 @@
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
index f6fcb8a79889..92fc637d3db8 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -1843,7 +1843,8 @@ config DEBUG_UNCOMPRESS
config UNCOMPRESS_INCLUDE
string
default "debug/uncompress.h" if ARCH_MULTIPLATFORM || ARCH_MSM || \
@ -35,10 +56,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconf
default "mach/uncompress.h"
config EARLY_PRINTK
diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/arm/include/asm/mach/map.h
--- linux-4.15.13.orig/arch/arm/include/asm/mach/map.h 2018-03-24 11:02:53.000000000 +0100
+++ linux-4.15.13/arch/arm/include/asm/mach/map.h 2018-04-01 03:47:17.587276119 +0100
@@ -62,6 +62,7 @@
diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h
index 9b7c328fb207..b1fe9c8b5c3e 100644
--- a/arch/arm/include/asm/mach/map.h
+++ b/arch/arm/include/asm/mach/map.h
@@ -62,6 +62,7 @@ extern int ioremap_page(unsigned long virt, unsigned long phys,
#else
#define iotable_init(map,num) do { } while (0)
#define vm_reserve_area_early(a,s,c) do { } while (0)
@ -46,9 +68,10 @@ diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/
#endif
#endif
diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/arm/mach-versatile/Kconfig
--- linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig 2018-03-24 11:02:53.000000000 +0100
+++ linux-4.15.13/arch/arm/mach-versatile/Kconfig 2018-04-01 03:47:33.417078219 +0100
diff --git a/arch/arm/mach-versatile/Kconfig b/arch/arm/mach-versatile/Kconfig
index f5c275434d6c..06ad999d5978 100644
--- a/arch/arm/mach-versatile/Kconfig
+++ b/arch/arm/mach-versatile/Kconfig
@@ -1,7 +1,8 @@
# SPDX-License-Identifier: GPL-2.0
config ARCH_VERSATILE
@ -60,16 +83,19 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/
select ARM_AMBA
select ARM_TIMER_SP804
select ARM_VIC
diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot linux-4.15.13/arch/arm/mach-versatile/Makefile.boot
--- linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot 1970-01-01 01:00:00.000000000 +0100
+++ linux-4.15.13/arch/arm/mach-versatile/Makefile.boot 2018-04-01 03:47:25.644175394 +0100
diff --git a/arch/arm/mach-versatile/Makefile.boot b/arch/arm/mach-versatile/Makefile.boot
new file mode 100644
index 000000000000..eacfc3f5c33e
--- /dev/null
+++ b/arch/arm/mach-versatile/Makefile.boot
@@ -0,0 +1,3 @@
+# Empty file waiting for deletion once Makefile.boot isn't needed any more.
+# Patch waits for application at
+# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 .
diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c
--- linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c 2018-03-24 11:02:53.000000000 +0100
+++ linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c 2018-04-01 03:47:10.913359555 +0100
diff --git a/arch/arm/mach-versatile/versatile_dt.c b/arch/arm/mach-versatile/versatile_dt.c
index 3c8d39c12909..8cfa05a37295 100644
--- a/arch/arm/mach-versatile/versatile_dt.c
+++ b/arch/arm/mach-versatile/versatile_dt.c
@@ -37,7 +37,11 @@
#include <asm/mach/map.h>
@ -82,3 +108,6 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.1
#define __io_address(n) ((void __iomem __force *)IO_ADDRESS(n))
/*
--
2.14.5

1
board/qemu/xtensa-lx60/linux-nommu.config
View File

@ -6,6 +6,7 @@ CONFIG_XTENSA_VARIANT_CUSTOM_NAME="dc233c"
# CONFIG_XTENSA_VARIANT_MMU is not set
CONFIG_XTENSA_UNALIGNED_USER=y
CONFIG_PREEMPT=y
CONFIG_MEMMAP_CACHEATTR=0x2cccccc7
CONFIG_KERNEL_LOAD_ADDRESS=0x00003000
# CONFIG_PCI is not set
CONFIG_XTENSA_PLATFORM_XTFPGA=y

6
configs/qemu_aarch64_virt_defconfig
View File

@ -11,13 +11,13 @@ BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_4=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y

6
configs/qemu_arm_versatile_defconfig
View File

@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux.config"
BR2_LINUX_KERNEL_DTS_SUPPORT=y

6
configs/qemu_arm_versatile_nommu_defconfig
View File

@ -21,13 +21,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux-nommu.config"
BR2_LINUX_KERNEL_DTS_SUPPORT=y

6
configs/qemu_arm_vexpress_defconfig
View File

@ -13,13 +13,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"

6
configs/qemu_m68k_mcf5208_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_INITRAMFS=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-mcf5208/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_m68k_q800_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-q800/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_microblazebe_mmu_defconfig
View File

@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazebe-mmu/linux.config"
BR2_LINUX_KERNEL_LINUX_BIN=y

6
configs/qemu_microblazeel_mmu_defconfig
View File

@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazeel-mmu/linux.config"
BR2_LINUX_KERNEL_LINUX_BIN=y

6
configs/qemu_mips32r2_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips32r2el_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2el-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips32r6_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips32r6el_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6el-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips64_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips64el_malta_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64el-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips64r6_malta_defconfig
View File

@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_mips64r6el_malta_defconfig
View File

@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6el-malta/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_nios2_10m50_defconfig
View File

@ -1,10 +1,10 @@
BR2_nios2=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_DEFCONFIG="10m50"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/nios2-10m50/linux.fragment"
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y

6
configs/qemu_or1k_defconfig
View File

@ -5,12 +5,12 @@ BR2_or1k=y
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4,16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4,19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/or1k/linux.config"

4
configs/qemu_ppc64_e5500_defconfig
View File

@ -6,12 +6,12 @@ BR2_powerpc_e5500=y
BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
# Linux headers same as the kernel
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_DEFCONFIG="corenet64_smp"
BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/ppc64-e5500/linux.fragment"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y

6
configs/qemu_ppc64_pseries_defconfig
View File

@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_DEFCONFIG="pseries"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_ppc64le_pseries_defconfig
View File

@ -10,12 +10,12 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_DEFCONFIG="pseries_le"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_ppc_g3beige_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-g3beige/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_ppc_mpc8544ds_defconfig
View File

@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-mpc8544ds/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_ppc_virtex_ml507_defconfig
View File

@ -6,8 +6,8 @@ BR2_powerpc_440=y
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Use soft float
BR2_SOFT_FLOAT=y
@ -15,7 +15,7 @@ BR2_SOFT_FLOAT=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-virtex-ml507/linux.config"
BR2_LINUX_KERNEL_VMLINUX=y

6
configs/qemu_sh4_r2d_defconfig
View File

@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Linux kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4-r2d/linux.config"
BR2_LINUX_KERNEL_ZIMAGE=y

6
configs/qemu_sh4eb_r2d_defconfig
View File

@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Linux kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4eb-r2d/linux.config"
BR2_LINUX_KERNEL_ZIMAGE=y

6
configs/qemu_sparc64_sun4u_defconfig
View File

@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Linux kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc64-sun4u/linux.config"

6
configs/qemu_sparc_ss10_defconfig
View File

@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Linux kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc-ss10/linux.config"

6
configs/qemu_x86_64_defconfig
View File

@ -9,12 +9,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config"

6
configs/qemu_x86_defconfig
View File

@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1"
BR2_TARGET_ROOTFS_EXT2=y
# BR2_TARGET_ROOTFS_TAR is not set
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86/linux.config"

6
configs/qemu_xtensa_lx60_defconfig
View File

@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux.config"
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y

6
configs/qemu_xtensa_lx60_nommu_defconfig
View File

@ -15,13 +15,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0"
# BR2_TARGET_ROOTFS_TAR is not set
BR2_TARGET_ROOTFS_INITRAMFS=y
# Linux headers same as kernel, a 4.16 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y
# Linux headers same as kernel, a 4.19 series
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
# Kernel
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux-nommu.config"
BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y

22
docs/website/download.html
View File

@ -75,38 +75,38 @@
<p><a href="/downloads/buildroot-2018.11.2.tar.bz2.sign">PGP signature</a></p>
</div>
</div>
<!--
<h3 style="text-align: center;">Latest release candidate: <b>2018.11-rc3</b></h3>
<h3 style="text-align: center;">Latest release candidate: <b>2019.02-rc1</b></h3>
<div class="row mt centered">
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2018.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2019.02-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2018.11-rc3.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2019.02-rc1.tar.gz"><img src="images/zip.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2018.11-rc3.tar.gz">buildroot-2018.11-rc3.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2018.11-rc3.tar.gz.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2019.02-rc1.tar.gz">buildroot-2019.02-rc1.tar.gz</a></h3>
<p><a href="/downloads/buildroot-2019.02-rc1.tar.gz.sign">PGP signature</a></p>
</div>
<div class="col-sm-6">
<div class="flip-container center-block" ontouchstart="this.classList.toggle('hover');">
<div class="flipper">
<div class="front">
<a href="/downloads/buildroot-2018.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2019.02-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
<div class="back">
<a href="/downloads/buildroot-2018.11-rc3.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
<a href="/downloads/buildroot-2019.02-rc1.tar.bz2"><img src="images/package.png" width="180" alt=""></a>
</div>
</div>
</div>
<h3><a href="/downloads/buildroot-2018.11-rc3.tar.bz2">buildroot-2018.11-rc3.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2018.11-rc3.tar.bz2.sign">PGP signature</a></p>
<h3><a href="/downloads/buildroot-2019.02-rc1.tar.bz2">buildroot-2019.02-rc1.tar.bz2</a></h3>
<p><a href="/downloads/buildroot-2019.02-rc1.tar.bz2.sign">PGP signature</a></p>
</div>
</div>
@ -114,7 +114,7 @@
<a href="/downloads/">http://buildroot.net/downloads/</a>.
</div>
</div>
-->
<div class="panel panel-primary">
<div class="panel-heading">Source code</div>
<div class="panel-body">

23
docs/website/news.html
View File

@ -9,6 +9,29 @@
<h2>News</h2>
<ul class="timeline">
<li class="timeline-inverted">
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">
<div class="timeline-heading">
<h4 class="timeline-title">2019.02-rc1 released</h4>
<p><small class="text-muted"><i class="glyphicon glyphicon-time"></i>13 February 2019</small></p>
</div>
<div class="timeline-body">
<p>We have a new release candidate! Lots of changes all over the
tree, see the
<a href="http://git.buildroot.net/buildroot/plain/CHANGES?id=2019.02-rc1">CHANGES</a>
file for details.
</p>
<p>Head to the <a href="/downloads/">downloads page</a> to pick up the
<a href="/downloads/buildroot-2019.02-rc1.tar.bz2">2019.02-rc1
release candidate</a>, and report any problems found to the
<a href="support.html">mailing list</a> or
<a href="https://bugs.buildroot.org">bug tracker</a>.</p>
</div>
</div>
</li>
<li>
<div class="timeline-badge"><i class="glyphicon glyphicon-thumbs-up"></i></div>
<div class="timeline-panel">

1
package/Config.in
View File

@ -1215,6 +1215,7 @@ menu "Database"
source "package/leveldb/Config.in"
source "package/libgit2/Config.in"
source "package/libpqxx/Config.in"
source "package/mongodb/Config.in"
source "package/mysql/Config.in"
source "package/postgresql/Config.in"
source "package/redis/Config.in"

64
package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch
View File

@ -1,64 +0,0 @@
From 8ff9d421372a7cb780fbafd8b1d556ee549bf109 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 8 Feb 2019 23:21:04 +0100
Subject: [PATCH] src/main.c: fix build on SPARC
On SPARC, the definitions of B2500000, B3000000, B3500000 and B4000000
are not necessarily available, so use those values only if defined in
the kernel headers.
It fixes SPARC build failures such as:
main.c:382:13: error: 'B2500000' undeclared here (not in a function)
{ 2500000, B2500000 },
^~~~~~~~
main.c:383:13: error: 'B3000000' undeclared here (not in a function)
{ 3000000, B3000000 },
^~~~~~~~
main.c:385:13: error: 'B3500000' undeclared here (not in a function)
{ 3500000, B3500000 },
^~~~~~~~
main.c:386:13: error: 'B4000000' undeclared here (not in a function)
{ 4000000, B4000000 }
Fixes:
- http://autobuild.buildroot.org/results/f7012c08c935c3a6ccae50b84170190af5cd5cba
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/AsteroidOS/brcm-patchram-plus/pull/1]
---
src/main.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/main.c b/src/main.c
index 040cfe1..17c5191 100644
--- a/src/main.c
+++ b/src/main.c
@@ -378,12 +378,20 @@ tBaudRates baud_rates[] = {
{ 1000000, B1000000 },
{ 1152000, B1152000 },
{ 1500000, B1500000 },
- { 2000000, B2000000 },
- { 2500000, B2500000 },
- { 3000000, B3000000 },
+ { 2000000, B2000000 }
+#ifdef B2500000
+ ,{ 2500000, B2500000 }
+#endif
+#ifdef B3000000
+ ,{ 3000000, B3000000 }
+#endif
#ifndef __CYGWIN__
- { 3500000, B3500000 },
- { 4000000, B4000000 }
+#ifdef B3500000
+ ,{ 3500000, B3500000 }
+#endif
+#ifdef B4000000
+ ,{ 4000000, B4000000 }
+#endif
#endif
};
--
2.14.1

4
package/brcm-patchram-plus/brcm-patchram-plus.hash
View File

@ -1,3 +1,3 @@
# locally computed
sha256 7d63f3a0c79cb5d187a0f2647734601f9c97d4eb8e545ce9ace7653c1f3f9a58 brcm-patchram-plus-94fb127e614b19a9a95561b8c1a0716e2e1e6293.tar.gz
sha256 3bbeac0dc9f456695e692687c9d90a3c4ffc0253b0476d487d8cede207a8dc5b src/main.c
sha256 febad69fbc9185b4c6a31188cf381fd280b88d93cb7f5a40dfdbab9c599c29a7 brcm-patchram-plus-95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042.tar.gz
sha256 26324f5c563b7e338c2876c8abe90c3681c1e9a6163fc59b494c94ad6493eda4 COPYING

4
package/brcm-patchram-plus/brcm-patchram-plus.mk
View File

@ -4,10 +4,10 @@
#
################################################################################
BRCM_PATCHRAM_PLUS_VERSION = 94fb127e614b19a9a95561b8c1a0716e2e1e6293
BRCM_PATCHRAM_PLUS_VERSION = 95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042
BRCM_PATCHRAM_PLUS_SITE = $(call github,AsteroidOS,brcm-patchram-plus,$(BRCM_PATCHRAM_PLUS_VERSION))
BRCM_PATCHRAM_PLUS_LICENSE = Apache-2.0
BRCM_PATCHRAM_PLUS_LICENSE_FILES = src/main.c
BRCM_PATCHRAM_PLUS_LICENSE_FILES = COPYING
BRCM_PATCHRAM_PLUS_AUTORECONF = YES
$(eval $(autotools-package))

2
package/docker-cli/docker-cli.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 3e578406dead2fc72c4b52f77db39dc779fa8b460352116c06f1ae29219bd8c2 docker-cli-v18.09.0.tar.gz
sha256 29f3a435bfcd52dbe26f6315ee92bffc0220a537608935a2c3870f6b729fc16e docker-cli-v18.09.2.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE

2
package/docker-cli/docker-cli.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_CLI_VERSION = v18.09.0
DOCKER_CLI_VERSION = v18.09.2
DOCKER_CLI_SITE = $(call github,docker,cli,$(DOCKER_CLI_VERSION))
DOCKER_CLI_WORKSPACE = gopath

5
package/docker-containerd/Config.in
View File

@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_CONTAINERD
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_PACKAGE_TOOLCHAIN_USES_UCLIBC # runc
depends on BR2_USE_MMU # util-linux
select BR2_PACKAGE_RUNC # runtime dependency
select BR2_PACKAGE_UTIL_LINUX # runtime dependency
@ -27,8 +28,8 @@ config BR2_PACKAGE_DOCKER_CONTAINERD_DRIVER_BTRFS
endif
comment "docker-containerd needs a toolchain w/ threads"
comment "docker-containerd needs a glibc or musl toolchain w/ threads"
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC

2
package/docker-containerd/docker-containerd.hash
View File

@ -1,3 +1,3 @@
# Computed locally
sha256 a2780aca4d72bb8aced14ca9de99bdc9a90bdaacb06c5ddd8378a66443c1d70f docker-containerd-v1.2.1.tar.gz
sha256 ff4c2ad680c9e2484e335868a54b0c1ea49d9165dd5b38b64ef7d9dacf2b96b4 docker-containerd-v1.2.3.tar.gz
sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE

2
package/docker-containerd/docker-containerd.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_CONTAINERD_VERSION = v1.2.1
DOCKER_CONTAINERD_VERSION = v1.2.3
DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION))
DOCKER_CONTAINERD_LICENSE = Apache-2.0
DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

45
package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch Normal file
View File

@ -0,0 +1,45 @@
From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001
From: Christian Stewart <christian@paral.in>
Date: Mon, 26 Nov 2018 22:59:32 -0800
Subject: [PATCH] Fix faulty runc version commit scrape
This commit replaces faulty logic to determine the runc version commit hash.
The original logic takes the second line of the output of "runc --version" and
does not work if there are a different number of lines printed from the command
than expected. The buildroot version of runc outputs two lines instead of the
expected three, causing the error:
unknown output format: runc version commit: ...
This patch replaces this logic with a simple scan of the "runc --version"
output, searching for the "runc version commit" prefixed line.
Signed-off-by: Christian Stewart <christian@paral.in>
---
daemon/info_unix.go | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/daemon/info_unix.go b/daemon/info_unix.go
index 60b2f99870..688a510796 100644
--- a/daemon/info_unix.go
+++ b/daemon/info_unix.go
@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo)
defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path
if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil {
parts := strings.Split(strings.TrimSpace(string(rv)), "\n")
- if len(parts) == 3 {
- parts = strings.Split(parts[1], ": ")
- if len(parts) == 2 {
- v.RuncCommit.ID = strings.TrimSpace(parts[1])
+ for _, pt := range parts {
+ ptKv := strings.Split(pt, ":")
+ if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") {
+ v.RuncCommit.ID = strings.TrimSpace(ptKv[1])
+ break
}
}
--
2.18.1

5
package/docker-engine/Config.in
View File

@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_ENGINE
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc
depends on BR2_USE_MMU # docker-containerd
select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency
select BR2_PACKAGE_DOCKER_PROXY # runtime dependency
@ -49,8 +50,8 @@ config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_VFS
endif
comment "docker-engine needs a toolchain w/ threads"
comment "docker-engine needs a glibc or musl toolchain w/ threads"
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on !BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC
depends on BR2_USE_MMU

2
package/docker-engine/docker-engine.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 b5278b3f2b460ea61f47833abd2a844f348b4518e73f309294ad178c205a48e1 docker-engine-v18.09.0.tar.gz
sha256 4babbcbc3e1d7750c61a1e5bee29bd206256948961feaac5b44cabb0c70a50a6 docker-engine-v18.09.2.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE

2
package/docker-engine/docker-engine.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_ENGINE_VERSION = v18.09.0
DOCKER_ENGINE_VERSION = v18.09.2
DOCKER_ENGINE_SITE = $(call github,docker,engine,$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0

176
package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch Normal file
View File

@ -0,0 +1,176 @@
From a1de1e6ab51ab37a17975aad1193f2523e7e7e84 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 5 Dec 2018 12:22:13 +0000
Subject: [PATCH] Sanitize op stack for error conditions
We save the stacks to an array and store the array for the error handler to
access.
For SAFER, we traverse the array, and deep copy any op arrays (procedures). As
we make these copies, we check for operators that do *not* exist in systemdict,
when we find one, we replace the operator with a name object (of the form
"/--opname--").
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 13b0a36f818
psi/int.mak | 3 +-
psi/interp.c | 8 ++++++
psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
psi/istack.h | 3 ++
4 files changed, 91 insertions(+), 1 deletion(-)
diff --git a/psi/int.mak b/psi/int.mak
index 6ab5bf0069dd..6b349cb042dd 100644
--- a/psi/int.mak
+++ b/psi/int.mak
@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\
$(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\
$(ierrors_h) $(gsstruct_h) $(gsutil_h)\
$(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\
- $(store_h) $(INT_MAK) $(MAKEDIRS)
+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \
+ $(INT_MAK) $(MAKEDIRS)
$(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c
$(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\
diff --git a/psi/interp.c b/psi/interp.c
index 6dc0ddae1b3c..aa5779c51420 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
uint size = ref_stack_count(pstack) - skip;
uint save_space = ialloc_space(idmemory);
int code, i;
+ ref *safety, *safe;
if (size > 65535)
size = 65535;
@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr)
make_null(&arr->value.refs[i]);
}
}
+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 &&
+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) &&
+ safe->value.boolval == true) {
+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr);
+ if (code < 0)
+ return code;
+ }
ialloc_set_space(idmemory, save_space);
return code;
}
diff --git a/psi/istack.c b/psi/istack.c
index 8fe151fa5628..f1a3e511534d 100644
--- a/psi/istack.c
+++ b/psi/istack.c
@@ -27,6 +27,10 @@
#include "iutil.h"
#include "ivmspace.h" /* for local/global test */
#include "store.h"
+#include "icstate.h"
+#include "iname.h"
+#include "dstack.h"
+#include "idict.h"
/* Forward references */
static void init_block(ref_stack_t *pstack, const ref *pblock_array,
@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count,
return 0;
}
+int
+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr)
+{
+ int i, code;
+ ref obj, arr2;
+ ref *pobj2;
+ gs_memory_t *mem = (gs_memory_t *)idmemory->current;
+
+ if (!r_is_array(sarr) || !r_has_type(darr, t_array))
+ return_error(gs_error_typecheck);
+
+ for (i = 0; i < r_size(sarr); i++) {
+ code = array_get(mem, sarr, i, &obj);
+ if (code < 0)
+ make_null(&obj);
+ switch(r_type(&obj)) {
+ case t_operator:
+ {
+ int index = op_index(&obj);
+
+ if (index > 0 && index < op_def_count) {
+ const byte *data = (const byte *)(op_index_def(index)->oname + 1);
+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) {
+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize");
+ if (s) {
+ s[0] = '\0';
+ strcpy((char *)s, "--");
+ strcpy((char *)s + 2, (char *)data);
+ strcpy((char *)s + strlen((char *)data) + 2, "--");
+ }
+ else {
+ s = (byte *)data;
+ }
+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1);
+ if (code < 0) make_null(&obj);
+ if (s != data)
+ gs_free_object(mem, s, "ref_stack_array_sanitize");
+ }
+ }
+ else {
+ make_null(&obj);
+ }
+ ref_assign(darr->value.refs + i, &obj);
+ break;
+ }
+ case t_array:
+ case t_shortarray:
+ case t_mixedarray:
+ {
+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable);
+ /* We only want to copy executable arrays */
+ if (attrs & (a_execute | a_executable)) {
+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize");
+ if (code < 0) {
+ make_null(&arr2);
+ }
+ else {
+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2);
+ }
+ ref_assign(darr->value.refs + i, &arr2);
+ }
+ else {
+ ref_assign(darr->value.refs + i, &obj);
+ }
+ break;
+ }
+ default:
+ ref_assign(darr->value.refs + i, &obj);
+ }
+ }
+ return 0;
+}
+
+
/*
* Store the top 'count' elements of a stack, starting 'skip' elements below
* the top, into an array, with or without store/undo checking. age=-1 for
diff --git a/psi/istack.h b/psi/istack.h
index 051dcbe216cf..54be405adfb3 100644
--- a/psi/istack.h
+++ b/psi/istack.h
@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count,
uint skip, int age, bool check,
gs_dual_memory_t *idmem, client_name_t cname);
+int
+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr);
+
/*
* Pop the top N elements off a stack.
* The number must not exceed the number of elements in use.
--
2.20.1

441
package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch Normal file
View File

@ -0,0 +1,441 @@
From f0397dbfbe5eea325613ff375b30eb0db5551ffe Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 13 Dec 2018 15:28:34 +0000
Subject: [PATCH] Any transient procedures that call .force* operators
(i.e. for conditionals or loops) make them executeonly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 2db98f9c661
Resource/Init/gs_diskn.ps | 2 +-
Resource/Init/gs_dps1.ps | 4 ++--
Resource/Init/gs_fntem.ps | 4 ++--
Resource/Init/gs_fonts.ps | 12 ++++++------
Resource/Init/gs_init.ps | 4 ++--
Resource/Init/gs_lev2.ps | 11 ++++++-----
Resource/Init/gs_pdfwr.ps | 2 +-
Resource/Init/gs_res.ps | 4 ++--
Resource/Init/gs_setpd.ps | 2 +-
Resource/Init/pdf_base.ps | 13 ++++++++-----
Resource/Init/pdf_draw.ps | 16 +++++++++-------
Resource/Init/pdf_font.ps | 6 +++---
Resource/Init/pdf_main.ps | 4 ++--
Resource/Init/pdf_ops.ps | 7 ++++---
14 files changed, 49 insertions(+), 42 deletions(-)
diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps
index fd694bc44b5a..8bf20542040d 100644
--- a/Resource/Init/gs_diskn.ps
+++ b/Resource/Init/gs_diskn.ps
@@ -51,7 +51,7 @@ systemdict begin
mark 5 1 roll ] mark exch { { } forall } forall ]
//systemdict /.searchabledevs 2 index .forceput
exch .setglobal
- }
+ } executeonly
if
} .bind executeonly odef % must be bound and hidden for .forceput
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index ec5db61b9f03..4fae2839940c 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -78,7 +78,7 @@ level2dict begin
.currentglobal
{ % Current mode is global; delete from local directory too.
//systemdict /LocalFontDirectory .knownget
- { 1 index .forceundef } % LocalFontDirectory is readonly
+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly
if
}
{ % Current mode is local; if there was a shadowed global
@@ -126,7 +126,7 @@ level2dict begin
}
ifelse
} forall
- pop counttomark 2 idiv { .forceundef } repeat pop % readonly
+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly
}
if
//SharedFontDirectory exch .forcecopynew pop
diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps
index c1f7651f18cc..6eb672a6840e 100644
--- a/Resource/Init/gs_fntem.ps
+++ b/Resource/Init/gs_fntem.ps
@@ -401,12 +401,12 @@ currentdict end def
.forceput % FontInfo can be read-only.
pop % bool <font>
exit
- } if
+ } executeonly if
dup /FontInfo get % bool <font> <FI>
/GlyphNames2Unicode /Unicode /Decoding findresource
.forceput % FontInfo can be read-only.
exit
- } loop
+ } executeonly loop
exch setglobal
} .bind executeonly odef % must be bound and hidden for .forceput
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index 803faca4918d..290da0cd6819 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/.setnativefontmapbuilt { % set whether we've been run
dup type /booleantype eq {
systemdict exch /.nativefontmapbuilt exch .forceput
- }
+ } executeonly
{pop}
ifelse
} .bind executeonly odef
@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put
{ 2 index gcheck currentglobal
2 copy eq {
pop pop .forceput
- } {
+ } executeonly {
5 1 roll setglobal
dup length string copy
.forceput setglobal
- } ifelse
+ } executeonly ifelse
} .bind executeonly odef % must be bound and hidden for .forceput
% Attempt to load a font from a file.
@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put
.FontDirectory 3 index .forceundef % readonly
1 index (r) file .loadfont .FontDirectory exch
/.setglobal .systemvar exec
- }
+ } executeonly
{ .loadfont .FontDirectory
}
ifelse
@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put
dup 3 index .fontknownget
{ dup /PathLoad 4 index .putgstringcopy
4 1 roll pop pop pop //true exit
- } if
+ } executeonly if
% Maybe the file had a different FontName.
% See if we can get a FontName from the file, and if so,
@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put
ifelse % Stack: origfontname fontdict
exch pop //true exit
% Stack: fontdict
- }
+ } executeonly
if pop % Stack: origfontname fontdirectory path
}
if pop pop % Stack: origfontname
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index d733124b96d1..56c0bd268b53 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if
% Update the copy of the user parameters.
mark .currentuserparams counttomark 2 idiv {
userparams 3 1 roll .forceput % userparams is read-only
- } repeat pop
+ } executeonly repeat pop
% Turn on idiom recognition, if available.
currentuserparams /IdiomRecognition known {
/IdiomRecognition //true .definepsuserparam
@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if
% Remove real system params from pssystemparams.
mark .currentsystemparams counttomark 2 idiv {
pop pssystemparams exch .forceundef
- } repeat pop
+ } executeonly repeat pop
} if
% Set up AlignToPixels :
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
index 44fe61956659..0f0d57331c23 100644
--- a/Resource/Init/gs_lev2.ps
+++ b/Resource/Init/gs_lev2.ps
@@ -154,7 +154,8 @@ end
% protect top level of parameters that we copied
dup type dup /arraytype eq exch /stringtype eq or { readonly } if
/userparams .systemvar 3 1 roll .forceput % userparams is read-only
- } {
+ } executeonly
+ {
pop pop
} ifelse
} forall
@@ -224,7 +225,7 @@ end
% protect top level parameters that we copied
dup type dup /arraytype eq exch /stringtype eq or { readonly } if
//pssystemparams 3 1 roll .forceput % pssystemparams is read-only
- }
+ } executeonly
{ pop pop
}
ifelse
@@ -934,7 +935,7 @@ mark
dup /PaintProc get
1 index /Implementation known not {
1 index dup /Implementation //null .forceput readonly pop
- } if
+ } executeonly if
exec
}.bind odef
@@ -958,7 +959,7 @@ mark
dup /PaintProc get
1 index /Implementation known not {
1 index dup /Implementation //null .forceput readonly pop
- } if
+ } executeonly if
/UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not
%% [CTM] <<Form>> PaintProc .beginform -
{
@@ -1005,7 +1006,7 @@ mark
%% Form dictioanry using the /Implementation key).
1 dict dup /FormID 4 -1 roll put
1 index exch /Implementation exch .forceput readonly pop
- }
+ } executeonly
ifelse
}
{
diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps
index 58e75d3a4831..b425103d1cf3 100644
--- a/Resource/Init/gs_pdfwr.ps
+++ b/Resource/Init/gs_pdfwr.ps
@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef
} ifelse
} bind .makeoperator .forceput
systemdict /.pdf_hooked_DSC_Creator //true .forceput
- } if
+ } executeonly if
pop
} if
} {
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index 8eb8bb0e5829..d9b34599e7c2 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -152,7 +152,7 @@ setglobal
% use .forceput / .forcedef later to replace the dummy,
% empty .Instances dictionary with the real one later.
readonly
- } {
+ }{
/defineresource cvx /typecheck signaloperror
} ifelse
} bind executeonly odef
@@ -424,7 +424,7 @@ status {
% As noted above, Category dictionaries are read-only,
% so we have to use .forcedef here.
/.Instances 1 index .forcedef % Category dict is read-only
- } if
+ } executeonly if
}
{ .LocalInstances dup //.emptydict eq
{ pop 3 dict localinstancedict Category 2 index put
diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
index e22597ebb5f3..7875d1f2f131 100644
--- a/Resource/Init/gs_setpd.ps
+++ b/Resource/Init/gs_setpd.ps
@@ -634,7 +634,7 @@ NOMEDIAATTRS {
SETPDDEBUG { (Rolling back.) = pstack flush } if
3 index 2 index 3 -1 roll .forceput
4 index 1 index .knownget
- { 4 index 3 1 roll .forceput }
+ { 4 index 3 1 roll .forceput } executeonly
{ 3 index exch .undef }
ifelse
} bind executeonly odef
diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps
index b45e9803165e..73127296c221 100644
--- a/Resource/Init/pdf_base.ps
+++ b/Resource/Init/pdf_base.ps
@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef
/.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ?
PDFDEBUG {
- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if
+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if
PDFSTEP {
pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput
PDFSTEPcount 1 gt {
pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput
- } {
+ } executeonly
+ {
dup ==only
( step # ) print PDFtokencount =only
( ? ) print flush 1 //false .outputpage
(%stdin) (r) file 255 string readline {
token {
exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput
- } {
+ } executeonly
+ {
pdfdict /PDFSTEPcount 1 .forceput
- } ifelse % token
+ } executeonly ifelse % token
} {
pop /PDFSTEP //false def % EOF on stdin
} ifelse % readline
} ifelse % PDFSTEPcount > 1
- } {
+ } executeonly
+ {
dup ==only () = flush
} ifelse % PDFSTEP
} if % PDFDEBUG
diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps
index 6b0ba93e1e73..40c6ac80acce 100644
--- a/Resource/Init/pdf_draw.ps
+++ b/Resource/Init/pdf_draw.ps
@@ -1118,14 +1118,14 @@ currentdict end readonly def
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
end
} ifelse
} loop
@@ -1141,14 +1141,14 @@ currentdict end readonly def
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
pop
@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef
/IncrementAppearanceNumber {
pdfdict /AppearanceNumber .knownget {
1 add pdfdict /AppearanceNumber 3 -1 roll .forceput
- }{
+ } executeonly
+ {
pdfdict /AppearanceNumber 0 .forceput
- } ifelse
+ } executeonly ifelse
}bind executeonly odef
/MakeAppearanceName {
@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef
%% want to preserve it.
pdfdict /.PreservePDFForm false .forceput
/q cvx /execform cvx 5 -2 roll
- }{
+ } executeonly
+ {
/q cvx /PDFexecform cvx 5 -2 roll
} ifelse
diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps
index bea9ea95ad1d..4cd62b9d9bb4 100644
--- a/Resource/Init/pdf_font.ps
+++ b/Resource/Init/pdf_font.ps
@@ -714,7 +714,7 @@ currentdict end readonly def
pop pop pop
currentdict /.stackdepth .forceundef
currentdict /.dstackdepth .forceundef
- }
+ } executeonly
{pop pop pop}
ifelse
@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef
(\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n)
pdfformatwarning
pdfdict /.Qqwarning_issued //true .forceput
- } if
+ } executeonly if
Q
} repeat
Q
@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef
/CIDFallBack /CIDFont findresource
} if
exit
- } if
+ } executeonly if
} if
} if
diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps
index 00da47a48711..37e69b39ac98 100644
--- a/Resource/Init/pdf_main.ps
+++ b/Resource/Init/pdf_main.ps
@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
} if
pop
diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps
index 8672d617f363..aa0964139a56 100644
--- a/Resource/Init/pdf_ops.ps
+++ b/Resource/Init/pdf_ops.ps
@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
}
{
currentglobal pdfdict gcheck .setglobal
pdfdict /.Qqwarning_issued //true .forceput
.setglobal
pdfformaterror
- } ifelse
+ } executeonly ifelse
} if
} bind executeonly odef
@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef
dup type /booleantype eq {
.currentSMask type /dicttype eq {
.currentSMask /Processed 2 index .forceput
- } {
+ } executeonly
+ {
.setSMask
}ifelse
}{
--
2.20.1

31
package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch Normal file
View File

@ -0,0 +1,31 @@
From af9a9dceb7be7df743d55c4d078a1ae846b6f556 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Sat, 15 Dec 2018 09:08:32 +0000
Subject: [PATCH] Bug700317: Fix logic for an older change
Unlike almost every other function in gs, dict_find_string() returns 1 on
success 0 or <0 on failure. The logic for this case was wrong.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 99f13091a3
psi/interp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/psi/interp.c b/psi/interp.c
index aa5779c51420..f6c45bbe24dc 100644
--- a/psi/interp.c
+++ b/psi/interp.c
@@ -703,7 +703,7 @@ again:
* i.e. it's an internal operator we have hidden
*/
code = dict_find_string(systemdict, (const char *)bufptr, &tobj);
- if (code < 0) {
+ if (code <= 0) {
buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-';
rlen += 4;
bufptr = buf;
--
2.20.1

135
package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch Normal file
View File

@ -0,0 +1,135 @@
From b197ea0e528c20b7ee67785c50b4e06e0aa990f8 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Tue, 18 Dec 2018 10:42:10 +0000
Subject: [PATCH] Harden some uses of .force* operators
by adding a few immediate evalutions
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 59d8f4deef90
Resource/Init/gs_dps1.ps | 4 ++--
Resource/Init/gs_fonts.ps | 20 ++++++++++----------
Resource/Init/gs_init.ps | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index 4fae2839940c..b75ea14e77a3 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -74,7 +74,7 @@ level2dict begin
} odef
% undefinefont has to take local/global VM into account.
/undefinefont % <fontname> undefinefont -
- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly
.currentglobal
{ % Current mode is global; delete from local directory too.
//systemdict /LocalFontDirectory .knownget
@@ -85,7 +85,7 @@ level2dict begin
% definition, copy it into the local directory.
//systemdict /SharedFontDirectory .knownget
{ 1 index .knownget
- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly
if
}
if
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index 290da0cd6819..c13a2fcc2d43 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put
if
}
if
- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
% If the font originated as a resource, register it.
currentfile .currentresourcefile eq { dup .registerfont } if
readonly
@@ -943,7 +943,7 @@ $error /SubstituteFont { } put
% Try to find a font using only the present contents of Fontmap.
/.tryfindfont { % <fontname> .tryfindfont <font> true
% <fontname> .tryfindfont false
- .FontDirectory 1 index .fontknownget
+ //.FontDirectory 1 index .fontknownget
{ % Already loaded
exch pop //true
}
@@ -975,7 +975,7 @@ $error /SubstituteFont { } put
{ % Font with a procedural definition
exec % The procedure will load the font.
% Check to make sure this really happened.
- .FontDirectory 1 index .knownget
+ //.FontDirectory 1 index .knownget
{ exch pop //true exit }
if
}
@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put
% because it's different depending on language level.
.currentglobal exch /.setglobal .systemvar exec
% Remove the fake definition, if any.
- .FontDirectory 3 index .forceundef % readonly
- 1 index (r) file .loadfont .FontDirectory exch
+ //.FontDirectory 3 index .forceundef % readonly
+ 1 index (r) file .loadfont //.FontDirectory exch
/.setglobal .systemvar exec
} executeonly
- { .loadfont .FontDirectory
+ { .loadfont //.FontDirectory
}
ifelse
% Stack: fontname fontfilename fontdirectory
@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put
% Stack: origfontname fontdirectory filefontname fontdict
3 -1 roll pop
% Stack: origfontname filefontname fontdict
- dup /FontName get dup FontDirectory exch .forceundef
- GlobalFontDirectory exch .forceundef
+ dup /FontName get dup //.FontDirectory exch .forceundef
+ /GlobalFontDirectory .systemvar exch .forceundef
dup length dict .copydict dup 3 index /FontName exch put
2 index exch definefont
exch
@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef
{
{
pop dup type /stringtype eq { cvn } if
- .FontDirectory 1 index known not {
+ //.FontDirectory 1 index known not {
2 dict dup /FontName 3 index put
dup /FontType 1 put
- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly
} {
pop
} ifelse
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index 56c0bd268b53..d9a0829f7f97 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef
}ifelse
}forall
noaccess pop
- systemdict /.setsafeerrors .forceundef
- systemdict /.SAFERERRORLIST .forceundef
+ //systemdict /.setsafeerrors .forceundef
+ //systemdict /.SAFERERRORLIST .forceundef
} bind executeonly odef
SAFERERRORS {.setsafererrors} if
@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef
/.locksafe {
.locksafe_userparams
- systemdict /getenv {pop //false} .forceput
+ //systemdict /getenv {pop //false} .forceput
% setpagedevice has the side effect of clearing the page, but
% we will just document that. Using setpagedevice keeps the device
% properties and pagedevice .LockSafetyParams in agreement even
--
2.20.1

587
package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch Normal file
View File

@ -0,0 +1,587 @@
From 5628be1c41d23298aa5fce2f6dd48e2eb81f4be1 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Wed, 9 Jan 2019 14:24:07 +0000
Subject: [PATCH] Undefine a bunch of gs_fonts.ps specific procs
Also reorder and add some immediate evaluation, so it still works with the
undefining.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 2768d1a6dddb
Resource/Init/gs_dps1.ps | 3 +-
Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++-----------------
Resource/Init/gs_res.ps | 6 +-
3 files changed, 156 insertions(+), 128 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index b75ea14e77a3..8700c8cb304b 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -67,7 +67,8 @@ level2dict begin
/selectfont % <fontname> <size> selectfont -
{
- { 1 .argindex findfont
+ {
+ 1 .argindex findfont
1 index dup type /arraytype eq { makefont } { scalefont } ifelse
setfont pop pop
} stopped { /selectfont .systemvar $error /errorname get signalerror } if
diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps
index c13a2fcc2d43..056223544340 100644
--- a/Resource/Init/gs_fonts.ps
+++ b/Resource/Init/gs_fonts.ps
@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put
{ 2 index token not
{ (Fontmap entry for ) print 1 index =only
( ends prematurely! Giving up.) = flush
- {.loadFontmap} 0 get 1 .quit
+ {//.loadFontmap exec} 0 get 1 .quit
} if
dup /; eq { pop 3 index 3 1 roll .growput exit } if
pop
@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if
{ pop }
{ /FONTPATH (GS_FONTPATH) getenv not { () } if def }
ifelse
+
+% The following are dummy definitions that, if we have a FONTPATH, will
+% be replaced in the following section.
+% They are here so immediately evaulation will work, and allow them to
+% undefined at the bottom of the file.
+/.scanfontbegin{} bind def
+/.scanfontdir {} bind def
+
FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/FONTPATH [ FONTPATH .pathlist ] def
@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/.scanfontbegin
{ % Construct the table of all file names already in Fontmap.
currentglobal //true setglobal
- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength
Fontmap
{ exch pop
{ dup type /stringtype eq
- { .splitfilename pop .fonttempstring copy .lowerstring cvn
- .scanfontdict exch //true put
+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn
+ //.scanfontdict exch //true put
}
{ pop
}
@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
/txt //true
.dicttomark def
/.scan1fontstring 8192 string def
-% %%BeginFont: is not per Adobe documentation, but a few fonts have it.
+% BeginFont: is not per Adobe documentation, but a few fonts have it.
/.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def
-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header
+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header
/.scan1fontfirst exch string def
/.scanfontdir % <dirname> .scanfontdir -
{ currentglobal exch //true setglobal
@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
0 0 0 4 -1 roll % found scanned files
{ % stack: <fontcount> <scancount> <filecount> <filename>
exch 1 add exch % increment filecount
- dup .splitfilename .fonttempstring copy .lowerstring
+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec
% stack: <fontcount> <scancount> <filecount+1> <filename>
% <BASE> <ext>
- .scanfontskip exch known exch .scanfontdict exch known or
+ //.scanfontskip exch known exch //.scanfontdict exch known or
{ pop
% stack: <fontcount> <scancount> <filecount+1>
}
@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
% On some platforms, the file operator will open directories,
% but an error will occur if we try to read from one.
% Handle this possibility here.
- dup .scan1fontfirst { readstring } .internalstopped
+ dup //.scan1fontfirst { readstring } .internalstopped
{ pop pop () }
{ pop }
ifelse
@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
{ dup length 6 sub 6 exch getinterval }
if
% Check for font file headers.
- //false .scanfontheaders
+ //false //.scanfontheaders
{ 2 index exch .stringmatch or
}
forall exch pop
@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
{ exch copystring exch
DEBUG { ( ) print dup =only flush } if
1 index .definenativefontmap
- .splitfilename pop //true .scanfontdict 3 1 roll .growput
+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput
% Increment fontcount.
3 -1 roll 1 add 3 1 roll
}
@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if
}
ifelse
}
- .scan1fontstring filenameforall
+ //.scan1fontstring filenameforall
QUIET
{ pop pop pop }
{ ( ) print =only ( files, ) print =only ( scanned, ) print
@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt
//true .setnativefontmapbuilt
} ifelse
} bind def
-currentdict /.setnativefontmapbuilt .forceundef
% Create the dictionary that registers the .buildfont procedure
% (called by definefont) for each FontType.
@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put
% We use this only for explicitly aliased fonts, not substituted fonts:
% we think this matches the observed behavior of Adobe interpreters.
/.aliasfont % <name> <font> .aliasfont <newFont>
- { .currentglobal 3 1 roll dup .gcheck .setglobal
+ {
+ currentglobal 3 1 roll dup gcheck setglobal
% <bool> <name> <font>
dup length 2 add dict % <bool> <name> <font> <dict>
dup 3 -1 roll % <bool> <name> <dict> <dict> <font>
@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put
% whose FontName is a local non-string, if someone passed a
% garbage value to findfont. In this case, just don't
% call definefont at all.
- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or
+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or
{ pop % <bool> <name> <dict>
1 index dup type /stringtype eq { cvn } if
% <bool> <name> <dict> <name1>
@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put
% Don't bind in definefont, since Level 2 redefines it.
/definefont .systemvar exec
}
- { /findfont cvx {.completefont} .errorexec pop exch pop
+ {
+ /findfont cvx {.completefont} //.errorexec exec pop exch pop
}
ifelse
- exch .setglobal
+ exch setglobal
} odef % so findfont will bind it
% Define .loadfontfile for loading a font. If we recognize Type 1 and/or
@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put
[(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4]
[(Serif) 8] [(Sans) -8]
] readonly def
+
+/.fontnamestring { % <fontname> .fontnamestring <string|name>
+ dup type dup /nametype eq {
+ pop .namestring
+ } {
+ /stringtype ne { pop () } if
+ } ifelse
+} bind def
+
/.fontnameproperties { % <int> <string|name> .fontnameproperties
% <int'>
- .fontnamestring
- .substituteproperties {
+ //.fontnamestring exec
+ //.substituteproperties {
2 copy 0 get search {
pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch {
dup 0 ge { or } { neg not and } ifelse
@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put
% <other> .nametostring <other>
dup type /nametype eq { .namestring } if
} bind def
-/.fontnamestring { % <fontname> .fontnamestring <string|name>
- dup type dup /nametype eq {
- pop .namestring
- } {
- /stringtype ne { pop () } if
- } ifelse
-} bind def
+
/.substitutefontname { % <fontname> <properties> .substitutefontname
% <altname|null>
% Look for properties and/or a face name in the font name.
@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put
% base font; otherwise, use the default font.
% Note that the "substituted" font name may be the same as
% the requested one; the caller must check this.
- exch .fontnamestring {
+ exch //.fontnamestring exec {
defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique
/Helvetica-Narrow /Helvetica-Narrow-Oblique
/Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique
@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put
} 3 1 roll
% Stack: facelist properties fontname
% Look for a face name.
- .substitutefaces {
+ //.substitutefaces {
2 copy 0 get search {
pop pop pop
% Stack: facelist properties fontname [(pattern) family properties]
dup 2 get 4 -1 roll or 3 1 roll
- 1 get .substitutefamilies exch get
+ 1 get //.substitutefamilies exch get
4 -1 roll pop 3 1 roll
} {
pop pop
@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put
1 index length mod get exec
} bind def
/.substitutefont { % <fontname> .substitutefont <altname>
- dup 0 exch .fontnameproperties .substitutefontname
+ dup 0 exch //.fontnameproperties exec .substitutefontname
% Only accept fonts known in the Fontmap.
Fontmap 1 index known not
{
@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
counttomark 1 sub { .aliasfont } repeat end
% <fontname> mark <font>
exch pop exch pop
-} odef
+} bind odef
/findfont {
.findfont
} bind def
@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if
} {
dup .substitutefont
2 copy eq { pop defaultfontname } if
- .checkalias
+ //.checkalias exec
QUIET not {
SHORTERRORS {
(%%[) print 1 index =only
@@ -886,8 +898,8 @@ $error /SubstituteFont { } put
//null 0 1 FONTPATH length 1 sub {
FONTPATH 1 index get //null ne { exch pop exit } if pop
} for dup //null ne {
- dup 0 eq { .scanfontbegin } if
- FONTPATH 1 index get .scanfontdir
+ dup 0 eq { //.scanfontbegin exec} if
+ FONTPATH 1 index get //.scanfontdir exec
FONTPATH exch //null put //true
} {
pop //false
@@ -897,11 +909,10 @@ $error /SubstituteFont { } put
% scanning of FONTPATH.
/.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font>
.tryfindfont not {
-
% We didn't find the font. If we haven't scanned
% all the directories in FONTPATH, scan the next one
% now and look for the font again.
- .scannextfontdir {
+ //.scannextfontdir exec {
% Start over with an empty alias list.
counttomark 1 sub { pop } repeat % mark <fontname>
.dofindfont
@@ -927,6 +938,7 @@ $error /SubstituteFont { } put
} if
% Substitute for the font. Don't alias.
% Same stack as at the beginning of .dofindfont.
+
$error /SubstituteFont get exec
%
% igorm: I guess the surrounding code assumes that .stdsubstfont
@@ -935,72 +947,11 @@ $error /SubstituteFont { } put
% used in .dofindfont and through .stdsubstfont
% just to represent a simple iteration,
% which accumulates the aliases after the mark.
- .stdsubstfont
+ //.stdsubstfont exec
} ifelse
} ifelse
} if
} bind def
-% Try to find a font using only the present contents of Fontmap.
-/.tryfindfont { % <fontname> .tryfindfont <font> true
- % <fontname> .tryfindfont false
- //.FontDirectory 1 index .fontknownget
- { % Already loaded
- exch pop //true
- }
- {
- dup Fontmap exch .knownget
- { //true //true }
- { % Unknown font name. Look for a file with the
- % same name as the requested font.
- dup .tryloadfont
- { exch pop //true //false }
- {
- % if we can't load by name check the native font map
- dup .nativeFontmap exch .knownget
- { //true //true }
- { //false //false } ifelse
- } ifelse
- } ifelse
-
- { % Try each element of the Fontmap in turn.
- pop
- //false exch % (in case we exhaust the list)
- % Stack: fontname false fontmaplist
- { exch pop
- dup type /nametype eq
- { % Font alias
- .checkalias .tryfindfont exit
- }
- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
- { % Font with a procedural definition
- exec % The procedure will load the font.
- % Check to make sure this really happened.
- //.FontDirectory 1 index .knownget
- { exch pop //true exit }
- if
- }
- { % Font file name
- //true .loadfontloop { //true exit } if
- }
- ifelse
- }
- ifelse //false
- }
- forall
- % Stack: font true -or- fontname false
- { //true
- }
- { % None of the Fontmap entries worked.
- % Try loading a file with the same name
- % as the requested font.
- .tryloadfont
- }
- ifelse
- }
- if
- }
- ifelse
- } bind def
% any user of .putgstringcopy must use bind and executeonly
/.putgstringcopy % <dict> <name> <string> .putgstringcopy -
@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put
} executeonly ifelse
} .bind executeonly odef % must be bound and hidden for .forceput
-% Attempt to load a font from a file.
-/.tryloadfont { % <fontname> .tryloadfont <font> true
- % <fontname> .tryloadfont false
- dup .nametostring
- % Hack: check for the presence of the resource machinery.
- /.genericrfn where {
- pop
- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
- {//false .loadfontloop} .internalstopped {//false} if {
- //true
- } {
- dup .nametostring
- {//true .loadfontloop} .internalstopped {//false} if
- } ifelse
- } {
- {//true .loadfontloop} .internalstopped {//false} if
- } ifelse
-} bind def
-
/.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop
% <font> true
% -or-
@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put
} if
% Check to make sure the font was actually loaded.
- dup 3 index .fontknownget
+ dup 3 index //.fontknownget exec
{ dup /PathLoad 4 index .putgstringcopy
4 1 roll pop pop pop //true exit
} executeonly if
@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put
exch dup % Stack: origfontname fontdirectory path path
(r) file .findfontname
{ % Stack: origfontname fontdirectory path filefontname
- 2 index 1 index .fontknownget
+ 2 index 1 index //.fontknownget exec
{ % Yes. Stack: origfontname fontdirectory path filefontname fontdict
dup 4 -1 roll /PathLoad exch .putgstringcopy
% Stack: origfontname fontdirectory filefontname fontdict
@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put
% Stack: fontdict
} executeonly
if pop % Stack: origfontname fontdirectory path
- }
+ } executeonly
if pop pop % Stack: origfontname
% The font definitely did not load correctly.
@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put
} bind executeonly odef % must be bound and hidden for .putgstringcopy
-currentdict /.putgstringcopy .undef
+% Attempt to load a font from a file.
+/.tryloadfont { % <fontname> .tryloadfont <font> true
+ % <fontname> .tryloadfont false
+ dup //.nametostring exec
+ % Hack: check for the presence of the resource machinery.
+ /.genericrfn where {
+ pop
+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
+ {//false .loadfontloop} .internalstopped {//false} if {
+ //true
+ } {
+ dup //.nametostring exec
+ {//true .loadfontloop} .internalstopped {//false} if
+ } ifelse
+ } {
+ {//true .loadfontloop} .internalstopped {//false} if
+ } ifelse
+} bind def
+
+% Try to find a font using only the present contents of Fontmap.
+/.tryfindfont { % <fontname> .tryfindfont <font> true
+ % <fontname> .tryfindfont false
+ //.FontDirectory 1 index //.fontknownget exec
+ { % Already loaded
+ exch pop //true
+ }
+ {
+ dup Fontmap exch .knownget
+ { //true //true }
+ { % Unknown font name. Look for a file with the
+ % same name as the requested font.
+ dup //.tryloadfont exec
+ { exch pop //true //false }
+ {
+ % if we can't load by name check the native font map
+ dup .nativeFontmap exch .knownget
+ { //true //true }
+ { //false //false } ifelse
+ } ifelse
+ } ifelse
+
+ { % Try each element of the Fontmap in turn.
+ pop
+ //false exch % (in case we exhaust the list)
+ % Stack: fontname false fontmaplist
+ { exch pop
+ dup type /nametype eq
+ { % Font alias
+ //.checkalias exec
+ .tryfindfont exit
+ }
+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and
+ { % Font with a procedural definition
+ exec % The procedure will load the font.
+ % Check to make sure this really happened.
+ //.FontDirectory 1 index .knownget
+ { exch pop //true exit }
+ if
+ }
+ { % Font file name
+ //true .loadfontloop { //true exit } if
+ }
+ ifelse
+ }
+ ifelse //false
+ }
+ forall
+ % Stack: font true -or- fontname false
+ { //true
+ }
+ { % None of the Fontmap entries worked.
+ % Try loading a file with the same name
+ % as the requested font.
+ //.tryloadfont exec
+ }
+ ifelse
+ }
+ if
+ }
+ ifelse
+ } bind def
% Define a procedure to load all known fonts.
% This isn't likely to be very useful.
@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
/.loadinitialfonts
{ NOFONTMAP not
{ /FONTMAP where
- { pop [ FONTMAP .pathlist ]
+ { pop [ FONTMAP //.pathlist exec]
{ dup VMDEBUG findlibfile
- { exch pop .loadFontmap }
+ { exch pop //.loadFontmap exec }
{ /undefinedfilename signalerror }
ifelse
}
@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
pop pop
defaultfontmap_content { .definefontmap } forall
} {
- .loadFontmap
+ //.loadFontmap exec
} ifelse
} {
pop pop
@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined
{ .makemodifiedfont
dup /FontName get exch definefont pop
} bind def
+
+% Undef these, not needed outside this file
+[
+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there
+ % /.fontnameproperties - is used in pdf_font.ps
+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps
+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring
+ /.splitfilename /.scanfontdict /.scanfontbegin
+ /.scanfontskip /.scan1fontstring
+ /.scan1fontfirst /.scanfontdir
+ /.setnativefontmapbuilt /.aliasfont
+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies
+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont
+ /.putgstringcopy
+] {systemdict exch .forceundef} forall
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index d9b34599e7c2..fd7eaf953ae9 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put
dup type /nametype eq { .namestring } if
dup type /stringtype ne { //false exit } if
% Check the resource directory.
- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn
+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn
status {
pop pop pop pop //true exit
} if
@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put
% as the font.
findlibfile { closefile //true exit } if
% Scan a FONTPATH directory and try again.
- .scannextfontdir not { //false exit } if
+ //.scannextfontdir exec not { //false exit } if
} loop
} bind def
@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef
} ifelse
} bind executeonly
/ResourceForAll {
- { .scannextfontdir not { exit } if } loop
+ { //.scannextfontdir exec not { exit } if } loop
/Generic /Category findresource /ResourceForAll get exec
} bind executeonly
/.ResourceFileStatus {
--
2.20.1

345
package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch Normal file
View File

@ -0,0 +1,345 @@
From ba2336b3b1ca5cfe1e67dbe37a084c9644a65ac7 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 11 Jan 2019 13:36:36 +0000
Subject: [PATCH] Remove .forcedef, and harden .force* ops more
Remove .forcedef and replace all uses with a direct call to .forceput instead.
Ensure every procedure (named and trasient) that calls .forceput is
executeonly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 49c8092da88e
Resource/Init/gs_dps1.ps | 15 +++++++-----
Resource/Init/gs_init.ps | 28 ++++++++-------------
Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++--------------------
Resource/Init/gs_ll3.ps | 5 ++--
Resource/Init/gs_res.ps | 29 +++++++++++-----------
Resource/Init/gs_statd.ps | 4 +--
6 files changed, 63 insertions(+), 69 deletions(-)
diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps
index 8700c8cb304b..3d2cf7a1ad01 100644
--- a/Resource/Init/gs_dps1.ps
+++ b/Resource/Init/gs_dps1.ps
@@ -33,14 +33,17 @@ systemdict begin
/SharedFontDirectory .FontDirectory .gcheck
{ .currentglobal //false .setglobal
+ currentdict
/LocalFontDirectory .FontDirectory dup maxlength dict copy
- .forcedef % LocalFontDirectory is local, systemdict is global
+ .forceput % LocalFontDirectory is local, systemdict is global
.setglobal .FontDirectory
- }
- { /LocalFontDirectory .FontDirectory
- .forcedef % LocalFontDirectory is local, systemdict is global
+ } executeonly
+ {
+ currentdict
+ /LocalFontDirectory .FontDirectory
+ .forceput % LocalFontDirectory is local, systemdict is global
50 dict
- }
+ }executeonly
ifelse def
end % systemdict
@@ -55,7 +58,7 @@ level2dict begin
{ //SharedFontDirectory }
{ /LocalFontDirectory .systemvar } % can't embed ref to local VM
ifelse .forceput pop % LocalFontDirectory is local, systemdict is global
- } .bind odef
+ } .bind executeonly odef
% Don't just copy (load) the definition of .setglobal:
% it gets redefined for LL3.
/setshared { /.setglobal .systemvar exec } odef
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
index d9a0829f7f97..45bebf479bae 100644
--- a/Resource/Init/gs_init.ps
+++ b/Resource/Init/gs_init.ps
@@ -54,7 +54,7 @@ systemdict exch
dup /userdict
currentdict dup 200 .setmaxlength % userdict
.forceput % userdict is local, systemdict is global
- }
+ } executeonly
if begin
% Define dummy local/global operators if needed.
@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if
1 index exch .makeoperator def
} .bind def
-% Define a special version of def for storing local objects into global
-% dictionaries. Like .forceput, this exists only during initialization.
-/.forcedef { % <key> <value> .forcedef -
- 1 .argindex pop % check # of args
- currentdict 3 1 roll .forceput
-} .bind odef
-
% Define procedures for accessing variables in systemdict and userdict
% regardless of the contents of the dictionary stack.
/.systemvar { % <name> .systemvar <value>
@@ -347,7 +340,7 @@ DELAYBIND
}
ifelse
} .bind def
-} if
+} executeonly if
%**************** BACKWARD COMPATIBILITY ****************
/hwsizedict mark /HWSize //null .dicttomark readonly def
@@ -655,7 +648,7 @@ currentdict /.typenames .undef
/ifelse .systemvar
] cvx executeonly
exch .setglobal
-} odef
+} executeonly odef
systemdict /internaldict dup .makeinternaldict .makeoperator
.forceput % proc is local, systemdict is global
@@ -1093,7 +1086,7 @@ def
% Define $error. This must be in local VM.
.currentglobal //false .setglobal
-/$error 40 dict .forcedef % $error is local, systemdict is global
+currentdict /$error 40 dict .forceput % $error is local, systemdict is global
% newerror, errorname, command, errorinfo,
% ostack, estack, dstack, recordstacks,
% binary, globalmode,
@@ -1112,8 +1105,8 @@ end
% Define errordict similarly. It has one entry per error name,
% plus handleerror. However, some astonishingly badly written PostScript
% files require it to have at least one empty slot.
-/errordict ErrorNames length 3 add dict
-.forcedef % errordict is local, systemdict is global
+currentdict /errordict ErrorNames length 3 add dict
+.forceput % errordict is local, systemdict is global
.setglobal % back to global VM
% gserrordict contains all the default error handling methods, but unlike
% errordict it is noaccess after creation (also it is in global VM).
@@ -1273,8 +1266,9 @@ end
(END PROCS) VMDEBUG
% Define the font directory.
+currentdict
/FontDirectory //false .setglobal 100 dict //true .setglobal
-.forcedef % FontDirectory is local, systemdict is global
+.forceput % FontDirectory is local, systemdict is global
% Define the encoding dictionary.
/EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings
@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if
//systemdict /UndefinePostScriptOperators get exec
//systemdict /UndefinePDFOperators get exec
//systemdict /.forcecopynew .forceundef % remove temptation
- //systemdict /.forcedef .forceundef % ditto
//systemdict /.forceput .forceundef % ditto
//systemdict /.undef .forceundef % ditto
//systemdict /.forceundef .forceundef % ditto
@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if
% (and, if implemented, context switching).
.currentglobal //false .setglobal
mark userparams { } forall .dicttomark readonly
- /userparams exch .forcedef % systemdict is read-only
+ currentdict exch /userparams exch .forceput % systemdict is read-only
.setglobal
-} if
+} executeonly if
/.currentsystemparams where {
pop
% Remove real system params from pssystemparams.
@@ -2458,7 +2451,6 @@ end
DELAYBIND not {
systemdict /.bindnow .undef % We only need this for DELAYBIND
systemdict /.forcecopynew .undef % remove temptation
- systemdict /.forcedef .undef % ditto
systemdict /.forceput .undef % ditto
systemdict /.forceundef .undef % ditto
} if
diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps
index 0f0d57331c23..9c0c3a6fc485 100644
--- a/Resource/Init/gs_lev2.ps
+++ b/Resource/Init/gs_lev2.ps
@@ -304,31 +304,30 @@ end
psuserparams exch /.checkFilePermitparams load put
.setglobal
-pssystemparams begin
- /CurDisplayList 0 .forcedef
- /CurFormCache 0 .forcedef
- /CurInputDevice () .forcedef
- /CurOutlineCache 0 .forcedef
- /CurOutputDevice () .forcedef
- /CurPatternCache 0 .forcedef
- /CurUPathCache 0 .forcedef
- /CurScreenStorage 0 .forcedef
- /CurSourceList 0 .forcedef
- /DoPrintErrors //false .forcedef
- /JobTimeout 0 .forcedef
- /LicenseID (LN-001) .forcedef % bogus
- /MaxDisplayList 140000 .forcedef
- /MaxFormCache 100000 .forcedef
- /MaxImageBuffer 524288 .forcedef
- /MaxOutlineCache 65000 .forcedef
- /MaxPatternCache 100000 .forcedef
- /MaxUPathCache 300000 .forcedef
- /MaxScreenStorage 84000 .forcedef
- /MaxSourceList 25000 .forcedef
- /PrinterName product .forcedef
- /RamSize 4194304 .forcedef
- /WaitTimeout 40 .forcedef
-end
+pssystemparams
+dup /CurDisplayList 0 .forceput
+dup /CurFormCache 0 .forceput
+dup /CurInputDevice () .forceput
+dup /CurOutlineCache 0 .forceput
+dup /CurOutputDevice () .forceput
+dup /CurPatternCache 0 .forceput
+dup /CurUPathCache 0 .forceput
+dup /CurScreenStorage 0 .forceput
+dup /CurSourceList 0 .forceput
+dup /DoPrintErrors //false .forceput
+dup /JobTimeout 0 .forceput
+dup /LicenseID (LN-001) .forceput % bogus
+dup /MaxDisplayList 140000 .forceput
+dup /MaxFormCache 100000 .forceput
+dup /MaxImageBuffer 524288 .forceput
+dup /MaxOutlineCache 65000 .forceput
+dup /MaxPatternCache 100000 .forceput
+dup /MaxUPathCache 300000 .forceput
+dup /MaxScreenStorage 84000 .forceput
+dup /MaxSourceList 25000 .forceput
+dup /PrinterName product .forceput
+dup /RamSize 4194304 .forceput
+ /WaitTimeout 40 .forceput
% Define the procedures for handling comment scanning. The names
% %ProcessComment and %ProcessDSCComment are known to the interpreter.
@@ -710,7 +709,7 @@ pop % currentsystemparams
/statusdict currentdict def
currentdict end
-/statusdict exch .forcedef % statusdict is local, systemdict is global
+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global
% The following compatibility operators are in systemdict. They are
% defined here, rather than in gs_init.ps, because they require the
diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps
index c86721f39fc0..881af44e9fd2 100644
--- a/Resource/Init/gs_ll3.ps
+++ b/Resource/Init/gs_ll3.ps
@@ -521,9 +521,8 @@ end
% Define additional user and system parameters.
/HalftoneMode 0 .definepsuserparam
/MaxSuperScreen 1016 .definepsuserparam
-pssystemparams begin % read-only, so use .forcedef
- /MaxDisplayAndSourceList 160000 .forcedef
-end
+% read-only, so use .forceput
+pssystemparams /MaxDisplayAndSourceList 160000 .forceput
% Define the IdiomSet resource category.
{ /IdiomSet } {
diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps
index fd7eaf953ae9..0b4e0514b2a1 100644
--- a/Resource/Init/gs_res.ps
+++ b/Resource/Init/gs_res.ps
@@ -41,10 +41,10 @@ level2dict begin
% However, Ed Taft of Adobe says their interpreters don't implement this
% either, so we aren't going to worry about it for a while.
-currentglobal //false setglobal systemdict begin
- /localinstancedict 5 dict
- .forcedef % localinstancedict is local, systemdict is global
-end //true setglobal
+currentglobal //false setglobal
+ systemdict /localinstancedict 5 dict
+ .forceput % localinstancedict is local, systemdict is global
+//true setglobal
/.emptydict 0 dict readonly def
setglobal
@@ -149,7 +149,7 @@ setglobal
dup [ exch 0 -1 ] exch
.Instances 4 2 roll put
% Make the Category dictionary read-only. We will have to
- % use .forceput / .forcedef later to replace the dummy,
+ % use .forceput / .forceput later to replace the dummy,
% empty .Instances dictionary with the real one later.
readonly
}{
@@ -304,7 +304,8 @@ systemdict begin
dup () ne {
.file_name_directory_separator concatstrings
} if
- 2 index exch //false .file_name_combine not {
+ 2 index exch //false
+ .file_name_combine not {
(Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print =
/.default_resource_dir cvx /configurationerror signalerror
} if
@@ -317,14 +318,14 @@ currentdict /pssystemparams known not {
pssystemparams begin
.default_resource_dir
/FontResourceDir (Font) .resource_dir_name
- readonly .forcedef % pssys'params is r-o
+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
/GenericResourceDir () .resource_dir_name
- readonly .forcedef % pssys'params is r-o
+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o
pop % .default_resource_dir
/GenericResourcePathSep
- .file_name_separator readonly .forcedef % pssys'params is r-o
- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o
- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o
+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o
+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o
+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o
end
end
@@ -422,8 +423,8 @@ status {
.Instances dup //.emptydict eq {
pop 3 dict
% As noted above, Category dictionaries are read-only,
- % so we have to use .forcedef here.
- /.Instances 1 index .forcedef % Category dict is read-only
+ % so we have to use .forceput here.
+ currentdict /.Instances 2 index .forceput % Category dict is read-only
} executeonly if
}
{ .LocalInstances dup //.emptydict eq
@@ -441,7 +442,7 @@ status {
{ /defineresource cvx /typecheck signaloperror
}
ifelse
-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef
+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput
/UndefineResource
{ { dup 2 index .knownget
{ dup 1 get 1 ge
diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps
index 20d4c96c4f8f..b6a76590dd09 100644
--- a/Resource/Init/gs_statd.ps
+++ b/Resource/Init/gs_statd.ps
@@ -21,10 +21,10 @@ systemdict begin
% We make statusdict a little larger for Level 2 stuff.
% Note that it must be allocated in local VM.
.currentglobal //false .setglobal
- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global
+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global
% To support the Level 2 job control features,
% serverdict must also be in local VM.
- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global
+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global
.setglobal
end
--
2.20.1

9
package/googlefontdirectory/googlefontdirectory.mk
View File

@ -11,22 +11,21 @@ GOOGLEFONTDIRECTORY_FONTS = \
$(call qstrip,$(BR2_PACKAGE_GOOGLEFONTDIRECTORY_FONTS))
ifneq ($(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
GOOGLEFONTDIRECTORY_LICENSE += Apache-2.0
GOOGLEFONTDIRECTORY_ALL_LICENSES += Apache-2.0
GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENSE.txt,$(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS)))
endif
ifneq ($(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
GOOGLEFONTDIRECTORY_LICENSE += OFL-1.1
GOOGLEFONTDIRECTORY_ALL_LICENSES += OFL-1.1
GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /OFL.txt,$(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS)))
endif
ifneq ($(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS)),)
GOOGLEFONTDIRECTORY_LICENSE += UFL-1.1
GOOGLEFONTDIRECTORY_ALL_LICENSES += UFL-1.1
GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENCE.txt,$(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS)))
endif
# check-package OverriddenVariable
GOOGLEFONTDIRECTORY_LICENSE := $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_LICENSE))
GOOGLEFONTDIRECTORY_LICENSE = $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_ALL_LICENSES))
define GOOGLEFONTDIRECTORY_INSTALL_TARGET_CMDS
$(foreach d,$(GOOGLEFONTDIRECTORY_FONTS), \

51
package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch Normal file
View File

@ -0,0 +1,51 @@
From 3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3 Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 1 Jan 2019 18:57:36 -0600
Subject: [PATCH] tjLoadImage(): Fix int overflow/segfault w/big BMP
Fixes #304
[baruch: drop the ChangeLog.md hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 3d9c64e9f8aa
ChangeLog.md | 4 ++++
turbojpeg.c | 9 ++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/turbojpeg.c b/turbojpeg.c
index 90a9ce6a0be8..3f7cd640677f 100644
--- a/turbojpeg.c
+++ b/turbojpeg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
int align, int *height, int *pixelFormat,
int flags)
{
- int retval = 0, tempc, pitch;
+ int retval = 0, tempc;
+ size_t pitch;
tjhandle handle = NULL;
tjinstance *this;
j_compress_ptr cinfo = NULL;
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
*pixelFormat = cs2pf[cinfo->in_color_space];
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
+ (unsigned long long)((size_t)-1) ||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
_throwg("tjLoadImage(): Memory allocation failure");
if (setjmp(this->jerr.setjmp_buffer)) {
--
2.20.1

39
package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch Normal file
View File

@ -0,0 +1,39 @@
From f8cca819a4fb42aafa5f70df43c45e8c416d716f Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 1 Jan 2019 20:32:40 -0600
Subject: [PATCH] wrbmp.c: Don't allow quantization w/ non-RGB CS
If cinfo->quantize_colors == 1, then jpeg_calc_output_dimensions() will
set cinfo->output_components to 1, and if cinfo->out_color_space is not
RGB (or extended RGB), hilarity will ensue.
Fixes #305
[baruch: drop the ChangeLog.md hunk]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit f8cca819a4
ChangeLog.md | 4 ++++
wrbmp.c | 5 +++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/wrbmp.c b/wrbmp.c
index 4bf81426b0ef..239f64eb3c3f 100644
--- a/wrbmp.c
+++ b/wrbmp.c
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
dest->pub.put_pixel_rows = put_gray_rows;
else
dest->pub.put_pixel_rows = put_pixel_rows;
- } else if (cinfo->out_color_space == JCS_RGB565 ||
- cinfo->out_color_space == JCS_CMYK) {
+ } else if (!cinfo->quantize_colors &&
+ (cinfo->out_color_space == JCS_RGB565 ||
+ cinfo->out_color_space == JCS_CMYK)) {
dest->pub.put_pixel_rows = put_pixel_rows;
} else {
ERREXIT(cinfo, JERR_BMP_COLORSPACE);
--
2.20.1

62
package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch Normal file
View File

@ -0,0 +1,62 @@
From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 1 Jan 2019 17:10:49 +1100
Subject: [PATCH] iso9660: Fail when expected Rockridge extensions is missing
A corrupted or malicious ISO9660 image can cause read_CE() to loop
forever.
read_CE() calls parse_rockridge(), expecting a Rockridge extension
to be read. However, parse_rockridge() is structured as a while
loop starting with a sanity check, and if the sanity check fails
before the loop has run, the function returns ARCHIVE_OK without
advancing the position in the file. This causes read_CE() to retry
indefinitely.
Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
extension. As someone with no real knowledge of the format, this
seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
it to a fatal error immediately anyway.
Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 8312eaa57601
libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
index 28acfefbba8a..bad8f1dfef3a 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
const unsigned char *p, const unsigned char *end)
{
struct iso9660 *iso9660;
+ int entry_seen = 0;
iso9660 = (struct iso9660 *)(a->format->data);
@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
}
p += p[2];
+ entry_seen = 1;
+ }
+
+ if (entry_seen)
+ return (ARCHIVE_OK);
+ else {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "Tried to parse Rockridge extensions, but none found");
+ return (ARCHIVE_WARN);
}
- return (ARCHIVE_OK);
}
static int
--
2.20.1

62
package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch Normal file
View File

@ -0,0 +1,62 @@
From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Tue, 1 Jan 2019 16:01:40 +1100
Subject: [PATCH] 7zip: fix crash when parsing certain archives
Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
would sometimes fail to return at least 'minimum' bytes. This can cause
the crc32() invocation in header_bytes to read off into invalid memory.
A specially crafted archive can use this to cause a crash.
An ASAN trace is below, but ASAN is not required - an uninstrumented
binary will also crash.
==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
==7719==The signal is caused by a READ memory access.
#0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
#1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
#2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
#3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
#4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
#5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
#6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
#7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
#8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
#9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
#10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
#11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
This was primarly done with afl and FairFuzz. Some early corpus entries
may have been generated by qsym.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 65a23f5dbee
libarchive/archive_read_support_format_7zip.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
index bccbf896603b..b6d1505d372e 100644
--- a/libarchive/archive_read_support_format_7zip.c
+++ b/libarchive/archive_read_support_format_7zip.c
@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
/* Copy mode. */
- /*
- * Note: '1' here is a performance optimization.
- * Recall that the decompression layer returns a count of
- * available bytes; asking for more than that forces the
- * decompressor to combine reads by copying data.
- */
- *buff = __archive_read_ahead(a, 1, &bytes_avail);
+ *buff = __archive_read_ahead(a, minimum, &bytes_avail);
if (bytes_avail <= 0) {
archive_set_error(&a->archive,
ARCHIVE_ERRNO_FILE_FORMAT,
--
2.20.1

51
package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch Normal file
View File

@ -0,0 +1,51 @@
From c70d326f3ae88aa2dca903fb17a1f18d3b45a2ca Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 8 Feb 2019 16:45:32 +0100
Subject: [PATCH] configure.ac: fix build with openssl
- Add a call to PKG_CHECK_MODULES to get openssl libraries and its
dependencies if openssl support is enabled
- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with
pupnp (such as mpd) will be able to retrieve openssl libraries
Fixes:
- http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/mrjimenez/pupnp/pull/105]
---
configure.ac | 5 +++++
libupnp.pc.in | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 670d363..190b30c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -722,6 +722,11 @@ AC_COMPILE_IFELSE(
AC_MSG_ERROR([pthread_rwlock_t not available])])])
echo "-------------------------------------------------------------------------------"
+if test "x$enable_open_ssl" = xyes ; then
+ PKG_CHECK_MODULES(OPENSSL, libssl,
+ [LIBS="$LIBS $OPENSSL_LIBS" CFLAGS="$CFLAGS $OPENSSL_CFLAGS"],
+ [AC_MSG_ERROR([openssl not found])])
+fi
AC_CONFIG_FILES([
Makefile
diff --git a/libupnp.pc.in b/libupnp.pc.in
index bd2d7b3..54cba90 100644
--- a/libupnp.pc.in
+++ b/libupnp.pc.in
@@ -6,6 +6,6 @@ includedir=@includedir@
Name: libupnp
Description: Linux SDK for UPnP Devices
Version: @VERSION@
-Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml
+Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml @OPENSSL_LIBS@
Cflags: @PTHREAD_CFLAGS@ -I${includedir}/upnp
--
2.14.1

3
package/libupnp18/libupnp18.mk
View File

@ -11,11 +11,12 @@ LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
LIBUPNP18_INSTALL_STAGING = YES
LIBUPNP18_LICENSE = BSD-3-Clause
LIBUPNP18_LICENSE_FILES = COPYING
# We're patching configure.ac
LIBUPNP18_AUTORECONF = YES
ifeq ($(BR2_PACKAGE_OPENSSL),y)
LIBUPNP18_CONF_OPTS += --enable-open-ssl
LIBUPNP18_DEPENDENCIES += host-pkgconf openssl
LIBUPNP18_CONF_ENV += LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`"
else
LIBUPNP18_CONF_OPTS += --disable-open-ssl
endif

33
package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch Normal file
View File

@ -0,0 +1,33 @@
From ad66d3c202eb72ac5808f13a0489ac836dc55aac Mon Sep 17 00:00:00 2001
From: Bernd Kuhls <bernd.kuhls@t-online.de>
Date: Mon, 11 Feb 2019 20:31:42 +0100
Subject: [PATCH] Fix build failure when x11 support is disabled
Patch suggested on upstream bug tracker:
https://github.com/intel/libva-utils/issues/150#issuecomment-462059528
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
Makefile.am | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index d28175a..12da79e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,10 +24,10 @@ ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS}
AUTOMAKE_OPTIONS = foreign
-SUBDIRS = common decode encode vainfo videoprocess vendor/intel vendor/intel/sfcsample
+SUBDIRS = common decode encode vainfo videoprocess vendor/intel
if USE_X11
-SUBDIRS += putsurface
+SUBDIRS += putsurface vendor/intel/sfcsample
else
if USE_WAYLAND
SUBDIRS += putsurface
--
2.20.1

1
package/libva-utils/libva-utils.mk
View File

@ -10,6 +10,7 @@ LIBVA_UTILS_SITE = https://github.com/intel/libva-utils/releases/download/$(LIBV
LIBVA_UTILS_LICENSE = MIT
LIBVA_UTILS_LICENSE_FILES = COPYING
# 0001-check-ssp.patch
# 0002-Fix-build-failure-when-x11-support-is-disabled.patch
LIBVA_UTILS_AUTORECONF = YES
LIBVA_UTILS_DEPENDENCIES = host-pkgconf libva

1
package/libyaml/libyaml.mk
View File

@ -12,3 +12,4 @@ LIBYAML_LICENSE = MIT
LIBYAML_LICENSE_FILES = LICENSE
$(eval $(autotools-package))
$(eval $(host-autotools-package))

55
package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch Normal file
View File

@ -0,0 +1,55 @@
From 362be06fc16a5ad0f9e9aa90cc763c5242e8e35c Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sat, 9 Feb 2019 12:41:45 +0100
Subject: [PATCH] ssl_manager.cpp: fix build with gcc 7 and -fpermissive
Change prototype of DERToken::parse function from
parse(ConstDataRange cdr, size_t* outLength);
to parse(ConstDataRange cdr, uint64_t* outLength);
Otherwise, we got the following error:
src/mongo/util/net/ssl_manager.cpp: In static member function 'static mongo::StatusWith<mongo::{anonymous}::DERToken> mongo::{anonymous}::DERToken::parse(mongo::ConstDataRange, size_t*)':
src/mongo/util/net/ssl_manager.cpp:575:79: error: invalid conversion from 'size_t* {aka unsigned int*}' to 'long unsigned int*' [-fpermissive]
if (mongoUnsignedAddOverflow64(tagAndLengthByteCount, derLength, outLength) ||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/mongodb/mongo/pull/1296]
---
src/mongo/util/net/ssl_manager.cpp | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index b93ebe84a4..3511eb5d99 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -782,7 +782,7 @@ public:
*
* Returns a DERToken which consists of the (tag, length, value) tuple.
*/
- static StatusWith<DERToken> parse(ConstDataRange cdr, size_t* outLength);
+ static StatusWith<DERToken> parse(ConstDataRange cdr, uint64_t* outLength);
private:
DERType _type{DERType::EndOfContent};
@@ -799,7 +799,7 @@ struct DataType::Handler<DERToken> {
size_t length,
size_t* advanced,
std::ptrdiff_t debug_offset) {
- size_t outLength;
+ uint64_t outLength;
auto swPair = DERToken::parse(ConstDataRange(ptr, length), &outLength);
@@ -844,7 +844,7 @@ StatusWith<std::string> readDERString(ConstDataRangeCursor& cdc) {
}
-StatusWith<DERToken> DERToken::parse(ConstDataRange cdr, size_t* outLength) {
+StatusWith<DERToken> DERToken::parse(ConstDataRange cdr, uint64_t* outLength) {
const size_t kTagLength = 1;
const size_t kTagLengthAndInitialLengthByteLength = kTagLength + 1;
--
2.14.1

40
package/mongodb/Config.in Normal file
View File

@ -0,0 +1,40 @@
# from https://docs.mongodb.com/manual/installation/#supported-platforms
config BR2_PACKAGE_MONGODB_ARCH_SUPPORTS
bool
# ARM needs LDREX/STREX, so ARMv6+
default y if BR2_arm && !BR2_ARM_CPU_ARMV4 && !BR2_ARM_CPU_ARMV5
default y if BR2_aarch64 || BR2_powerpc64 || BR2_x86_64
config BR2_PACKAGE_MONGODB
bool "mongodb"
depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_USES_GLIBC # needs glibc malloc_usable_size
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
select BR2_PACKAGE_BOOST
select BR2_PACKAGE_BOOST_FILESYSTEM
select BR2_PACKAGE_BOOST_IOSTREAMS
select BR2_PACKAGE_BOOST_PROGRAM_OPTIONS
select BR2_PACKAGE_BOOST_SYSTEM
select BR2_PACKAGE_PCRE
select BR2_PACKAGE_SNAPPY
select BR2_PACKAGE_SQLITE
select BR2_PACKAGE_YAML_CPP
select BR2_PACKAGE_ZLIB
help
MongoDB is a cross-platform document-oriented database
(NoSQL).
It uses JSON-like documents with dynamic schemas (BSON),
making the integration of data in certain types of
applications easier and faster.
https://www.mongodb.org/
comment "mongodb needs a glibc toolchain w/ wchar, threads, C++, gcc >= 6"
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
!BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_USES_GLIBC || \
!BR2_TOOLCHAIN_GCC_AT_LEAST_6
depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS

4
package/mongodb/mongodb.hash Normal file
View File

@ -0,0 +1,4 @@
# Locally computed:
sha256 5db85f06b2a0b2ae393339a4aed1366928aaef2b46c7c32826fa87c3217dc6f7 mongodb-r4.0.6.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 APACHE-2.0.txt
sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27 LICENSE-Community.txt

92
package/mongodb/mongodb.mk Normal file
View File

@ -0,0 +1,92 @@
################################################################################
#
# mongodb
#
################################################################################
MONGODB_VERSION_BASE = 4.0.6
MONGODB_VERSION = r$(MONGODB_VERSION_BASE)
MONGODB_SITE = $(call github,mongodb,mongo,$(MONGODB_VERSION))
MONGODB_LICENSE = Apache-2.0 (drivers), SSPL (database)
MONGODB_LICENSE_FILES = APACHE-2.0.txt LICENSE-Community.txt
MONGODB_DEPENDENCIES = \
boost \
host-python-cheetah \
host-python-pyyaml \
host-python-typing \
host-scons \
pcre \
snappy \
sqlite \
yaml-cpp \
zlib
MONGODB_SCONS_TARGETS = mongod mongos
MONGODB_SCONS_ENV = CC="$(TARGET_CC)" CXX="$(TARGET_CXX)" \
-j"$(PARALLEL_JOBS)"
MONGODB_SCONS_OPTS = \
--disable-warnings-as-errors \
--use-system-boost \
--use-system-pcre \
--use-system-snappy \
--use-system-sqlite \
--use-system-yaml \
--use-system-zlib
# need to pass mongo version when not building from git repo
MONGODB_SCONS_OPTS += MONGO_VERSION=$(MONGODB_VERSION_BASE)-
# WiredTiger database storage engine only supported on 64 bits
ifeq ($(BR2_ARCH_IS_64),y)
MONGODB_SCONS_OPTS += --wiredtiger=on
else
MONGODB_SCONS_OPTS += --wiredtiger=off
endif
# JavaScript scripting engine and tcmalloc supported only on
# x86/x86-64 systems. Mongo target is a shell interface that
# depends on the javascript engine, so it will also only be
# built on x86/x86-64 systems.
ifeq ($(BR2_i386)$(BR2_x86_64),y)
MONGODB_SCONS_OPTS += --js-engine=mozjs --allocator=tcmalloc
MONGODB_SCONS_TARGETS += mongo
else
MONGODB_SCONS_OPTS += --js-engine=none --allocator=system
endif
ifeq ($(BR2_PACKAGE_LIBCURL),y)
MONGODB_DEPENDENCIES += libcurl
MONGODB_SCONS_OPTS += --enable-free-mon=on
else
MONGODB_SCONS_OPTS += --enable-free-mon=off
endif
ifeq ($(BR2_PACKAGE_OPENSSL),y)
MONGODB_DEPENDENCIES += openssl
MONGODB_SCONS_OPTS += \
--ssl \
--ssl-provider=openssl
endif
define MONGODB_BUILD_CMDS
(cd $(@D); \
$(SCONS) \
$(MONGODB_SCONS_ENV) \
$(MONGODB_SCONS_OPTS) \
$(MONGODB_SCONS_TARGETS))
endef
define MONGODB_INSTALL_TARGET_CMDS
(cd $(@D); \
$(SCONS) \
$(MONGODB_SCONS_ENV) \
$(MONGODB_SCONS_OPTS) \
--prefix=$(TARGET_DIR)/usr \
install)
endef
$(eval $(generic-package))

275
package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch Normal file
View File

@ -0,0 +1,275 @@
From 5979bdfeca813dd7e997a1edb0f928d77ce70304 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Wed, 23 Jan 2019 08:01:46 +0000
Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we
move
the progressmeter formatting outside of signal handler context and have the
atomicio callback called for EINTR too. bz#2434 with contributions from djm
and jjelen at redhat.com, ok djm@
OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status (openssh-portable): backported from commit 8976f1c4b27
---
atomicio.c | 20 ++++++++++++++-----
progressmeter.c | 53 ++++++++++++++++++++++---------------------------
progressmeter.h | 3 ++-
scp.c | 1 +
sftp-client.c | 16 ++++++++-------
5 files changed, 51 insertions(+), 42 deletions(-)
diff --git a/atomicio.c b/atomicio.c
index f854a06f5f50..d91bd7621c12 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
+/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller. All rights reserved.
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
res = (f) (fd, s + pos, n - pos);
switch (res) {
case -1:
- if (errno == EINTR)
+ if (errno == EINTR) {
+ /* possible SIGALARM, update callback */
+ if (cb != NULL && cb(cb_arg, 0) == -1) {
+ errno = EINTR;
+ return pos;
+ }
continue;
- if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ } else if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READ_COMPARISON
(void)poll(&pfd, 1, -1);
#endif
@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
res = (f) (fd, iov, iovcnt);
switch (res) {
case -1:
- if (errno == EINTR)
+ if (errno == EINTR) {
+ /* possible SIGALARM, update callback */
+ if (cb != NULL && cb(cb_arg, 0) == -1) {
+ errno = EINTR;
+ return pos;
+ }
continue;
- if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ } else if (errno == EAGAIN || errno == EWOULDBLOCK) {
#ifndef BROKEN_READV_COMPARISON
(void)poll(&pfd, 1, -1);
#endif
diff --git a/progressmeter.c b/progressmeter.c
index fe9bf52e4c90..add462dde500 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */
/*
* Copyright (c) 2003 Nils Nordman. All rights reserved.
*
@@ -31,6 +31,7 @@
#include <errno.h>
#include <signal.h>
+#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
@@ -39,6 +40,7 @@
#include "progressmeter.h"
#include "atomicio.h"
#include "misc.h"
+#include "utf8.h"
#define DEFAULT_WINSIZE 80
#define MAX_WINSIZE 512
@@ -61,7 +63,7 @@ static void setscreensize(void);
void refresh_progress_meter(void);
/* signal handler for updating the progress meter */
-static void update_progress_meter(int);
+static void sig_alarm(int);
static double start; /* start progress */
static double last_update; /* last progress update */
@@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
static int win_size; /* terminal window size */
static volatile sig_atomic_t win_resized; /* for window resizing */
+static volatile sig_atomic_t alarm_fired;
/* units for format_size */
static const char unit[] = " KMGT";
@@ -126,9 +129,17 @@ refresh_progress_meter(void)
off_t bytes_left;
int cur_speed;
int hours, minutes, seconds;
- int i, len;
int file_len;
+ if ((!alarm_fired && !win_resized) || !can_output())
+ return;
+ alarm_fired = 0;
+
+ if (win_resized) {
+ setscreensize();
+ win_resized = 0;
+ }
+
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
now = monotime_double();
@@ -158,16 +169,11 @@ refresh_progress_meter(void)
/* filename */
buf[0] = '\0';
- file_len = win_size - 35;
+ file_len = win_size - 36;
if (file_len > 0) {
- len = snprintf(buf, file_len + 1, "\r%s", file);
- if (len < 0)
- len = 0;
- if (len >= file_len + 1)
- len = file_len;
- for (i = len; i < file_len; i++)
- buf[i] = ' ';
- buf[file_len] = '\0';
+ buf[0] = '\r';
+ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s",
+ file_len * -1, file);
}
/* percent of transfer done */
@@ -228,22 +234,11 @@ refresh_progress_meter(void)
/*ARGSUSED*/
static void
-update_progress_meter(int ignore)
+sig_alarm(int ignore)
{
- int save_errno;
-
- save_errno = errno;
-
- if (win_resized) {
- setscreensize();
- win_resized = 0;
- }
- if (can_output())
- refresh_progress_meter();
-
- signal(SIGALRM, update_progress_meter);
+ signal(SIGALRM, sig_alarm);
+ alarm_fired = 1;
alarm(UPDATE_INTERVAL);
- errno = save_errno;
}
void
@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr)
bytes_per_second = 0;
setscreensize();
- if (can_output())
- refresh_progress_meter();
+ refresh_progress_meter();
- signal(SIGALRM, update_progress_meter);
+ signal(SIGALRM, sig_alarm);
signal(SIGWINCH, sig_winch);
alarm(UPDATE_INTERVAL);
}
@@ -286,6 +280,7 @@ stop_progress_meter(void)
static void
sig_winch(int sig)
{
+ signal(SIGWINCH, sig_winch);
win_resized = 1;
}
diff --git a/progressmeter.h b/progressmeter.h
index bf179dca6518..8f6678060195 100644
--- a/progressmeter.h
+++ b/progressmeter.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */
+/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */
/*
* Copyright (c) 2002 Nils Nordman. All rights reserved.
*
@@ -24,4 +24,5 @@
*/
void start_progress_meter(const char *, off_t, off_t *);
+void refresh_progress_meter(void);
void stop_progress_meter(void);
diff --git a/scp.c b/scp.c
index 4f3fdcd3db89..4a342a63873c 100644
--- a/scp.c
+++ b/scp.c
@@ -585,6 +585,7 @@ scpio(void *_cnt, size_t s)
off_t *cnt = (off_t *)_cnt;
*cnt += s;
+ refresh_progress_meter();
if (limit_kbps > 0)
bandwidth_limit(&bwlimit, s);
return 0;
diff --git a/sftp-client.c b/sftp-client.c
index 4986d6d8d291..2bc698f868bc 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount)
{
struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
- bandwidth_limit(bwlimit, amount);
+ refresh_progress_meter();
+ if (bwlimit != NULL)
+ bandwidth_limit(bwlimit, amount);
return 0;
}
@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m)
iov[1].iov_base = (u_char *)sshbuf_ptr(m);
iov[1].iov_len = sshbuf_len(m);
- if (atomiciov6(writev, conn->fd_out, iov, 2,
- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
+ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
+ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
sshbuf_len(m) + sizeof(mlen))
fatal("Couldn't send packet: %s", strerror(errno));
@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
if ((r = sshbuf_reserve(m, 4, &p)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if (atomicio6(read, conn->fd_in, p, 4,
- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
+ if (atomicio6(read, conn->fd_in, p, 4, sftpio,
+ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
if (errno == EPIPE || errno == ECONNRESET)
fatal("Connection closed");
else
@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial)
if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
- if (atomicio6(read, conn->fd_in, p, msg_len,
- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
+ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
+ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
!= msg_len) {
if (errno == EPIPE)
fatal("Connection closed");
--
2.20.1

186
package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch Normal file
View File

@ -0,0 +1,186 @@
From f853123eda6b279a87be48e18bbea8dec82a94f2 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sat, 26 Jan 2019 22:41:28 +0000
Subject: [PATCH] upstream: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcard specified by the user.
This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
files due to differences between client and server wildcard expansion rules.
For this reason, this also adds a new -T flag to disable the check.
reported by Harry Sintonen
fix approach suggested by markus@;
has been in snaps for ~1wk courtesy deraadt@
OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status (openssh-portable): backported from commit 8976f1c4b2
---
scp.1 | 12 +++++++++++-
scp.c | 37 +++++++++++++++++++++++++++++--------
2 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/scp.1 b/scp.1
index 0e5cc1b2d675..397e7709195a 100644
--- a/scp.1
+++ b/scp.1
@@ -18,7 +18,7 @@
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
-.Op Fl 346BCpqrv
+.Op Fl 346BCpqrTv
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
@@ -208,6 +208,16 @@ to use for the encrypted connection.
The program must understand
.Xr ssh 1
options.
+.It Fl T
+Disable strict filename checking.
+By default when copying files from a remote host to a local directory
+.Nm
+checks that the received filenames match those requested on the command-line
+to prevent the remote end from sending unexpected or unwanted files.
+Because of differences in how various operating systems and shells interpret
+filename wildcards, these checks may cause wanted files to be rejected.
+This option disables these checks at the expense of fully trusting that
+the server will not send unexpected filenames.
.It Fl v
Verbose mode.
Causes
diff --git a/scp.c b/scp.c
index 4a342a63873c..7b0a08efb274 100644
--- a/scp.c
+++ b/scp.c
@@ -94,6 +94,7 @@
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
+#include <fnmatch.h>
#include <limits.h>
#include <locale.h>
#include <pwd.h>
@@ -375,14 +376,14 @@ void verifydir(char *);
struct passwd *pwd;
uid_t userid;
int errs, remin, remout;
-int pflag, iamremote, iamrecursive, targetshouldbedirectory;
+int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
#define CMDNEEDS 64
char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */
int response(void);
void rsource(char *, struct stat *);
-void sink(int, char *[]);
+void sink(int, char *[], const char *);
void source(int, char *[]);
void tolocal(int, char *[]);
void toremote(int, char *[]);
@@ -421,8 +422,9 @@ main(int argc, char **argv)
addargs(&args, "-oRemoteCommand=none");
addargs(&args, "-oRequestTTY=no");
- fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1)
+ fflag = Tflag = tflag = 0;
+ while ((ch = getopt(argc, argv,
+ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
switch (ch) {
/* User-visible flags. */
case '1':
@@ -501,9 +503,13 @@ main(int argc, char **argv)
setmode(0, O_BINARY);
#endif
break;
+ case 'T':
+ Tflag = 1;
+ break;
default:
usage();
}
+ }
argc -= optind;
argv += optind;
@@ -534,7 +540,7 @@ main(int argc, char **argv)
}
if (tflag) {
/* Receive data. */
- sink(argc, argv);
+ sink(argc, argv, NULL);
exit(errs != 0);
}
if (argc < 2)
@@ -792,7 +798,7 @@ tolocal(int argc, char **argv)
continue;
}
free(bp);
- sink(1, argv + argc - 1);
+ sink(1, argv + argc - 1, src);
(void) close(remin);
remin = remout = -1;
}
@@ -968,7 +974,7 @@ rsource(char *name, struct stat *statp)
(sizeof(type) != 4 && sizeof(type) != 8))
void
-sink(int argc, char **argv)
+sink(int argc, char **argv, const char *src)
{
static BUF buffer;
struct stat stb;
@@ -984,6 +990,7 @@ sink(int argc, char **argv)
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
+ char *src_copy = NULL, *restrict_pattern = NULL;
struct timeval tv[2];
#define atime tv[0]
@@ -1008,6 +1015,17 @@ sink(int argc, char **argv)
(void) atomicio(vwrite, remout, "", 1);
if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
targisdir = 1;
+ if (src != NULL && !iamrecursive && !Tflag) {
+ /*
+ * Prepare to try to restrict incoming filenames to match
+ * the requested destination file glob.
+ */
+ if ((src_copy = strdup(src)) == NULL)
+ fatal("strdup failed");
+ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) {
+ *restrict_pattern++ = '\0';
+ }
+ }
for (first = 1;; first = 0) {
cp = buf;
if (atomicio(read, remin, cp, 1) != 1)
@@ -1112,6 +1130,9 @@ sink(int argc, char **argv)
run_err("error: unexpected filename: %s", cp);
exit(1);
}
+ if (restrict_pattern != NULL &&
+ fnmatch(restrict_pattern, cp, 0) != 0)
+ SCREWUP("filename does not match request");
if (targisdir) {
static char *namebuf;
static size_t cursize;
@@ -1149,7 +1170,7 @@ sink(int argc, char **argv)
goto bad;
}
vect[0] = xstrdup(np);
- sink(1, vect);
+ sink(1, vect, src);
if (setimes) {
setimes = 0;
if (utimes(vect[0], tv) < 0)
--
2.20.1

6
package/opentracing-cpp/Config.in
View File

@ -2,6 +2,7 @@ config BR2_PACKAGE_OPENTRACING_CPP
bool "opentracing-cpp"
depends on BR2_INSTALL_LIBSTDCPP
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_STATIC_LIBS
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # exception_ptr
help
@ -9,8 +10,9 @@ config BR2_PACKAGE_OPENTRACING_CPP
http://opentracing.io
comment "opentracing-cpp needs a toolchain w/ C++, threads, gcc >= 4.8"
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
comment "opentracing-cpp needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8"
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
comment "opentracing-cpp needs exception_ptr"
depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735

2
package/python-pyyaml/python-pyyaml.mk
View File

@ -11,5 +11,7 @@ PYTHON_PYYAML_SETUP_TYPE = distutils
PYTHON_PYYAML_LICENSE = MIT
PYTHON_PYYAML_LICENSE_FILES = LICENSE
PYTHON_PYYAML_DEPENDENCIES = libyaml
HOST_PYTHON_PYYAML_DEPENDENCIES = host-libyaml
$(eval $(python-package))
$(eval $(host-python-package))

1
package/python-typing/python-typing.mk
View File

@ -12,3 +12,4 @@ PYTHON_TYPING_LICENSE = Python-2.0, others
PYTHON_TYPING_LICENSE_FILES = LICENSE
$(eval $(python-package))
$(eval $(host-python-package))

338
package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch Normal file
View File

@ -0,0 +1,338 @@
From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 9 Jan 2019 13:40:01 +1100
Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary
to container
There are quite a few circumstances where /proc/self/exe pointing to a
pretty important container binary is a _bad_ thing, so to avoid this we
have to make a copy (preferably doing self-clean-up and not being
writeable).
We require memfd_create(2) -- though there is an O_TMPFILE fallback --
but we can always extend this to use a scratch MNT_DETACH overlayfs or
tmpfs. The main downside to this approach is no page-cache sharing for
the runc binary (which overlayfs would give us) but this is far less
complicated.
This is only done during nsenter so that it happens transparently to the
Go code, and any libcontainer users benefit from it. This also makes
ExtraFiles and --preserve-fds handling trivial (because we don't need to
worry about it).
Fixes: CVE-2019-5736
Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++++++++++
libcontainer/nsenter/nsexec.c | 11 ++
2 files changed, 279 insertions(+)
create mode 100644 libcontainer/nsenter/cloned_binary.c
diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
new file mode 100644
index 00000000..c8a42c23
--- /dev/null
+++ b/libcontainer/nsenter/cloned_binary.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com>
+ * Copyright (C) 2019 SUSE LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define _GNU_SOURCE
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <limits.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/vfs.h>
+#include <sys/mman.h>
+#include <sys/sendfile.h>
+#include <sys/syscall.h>
+
+/* Use our own wrapper for memfd_create. */
+#if !defined(SYS_memfd_create) && defined(__NR_memfd_create)
+# define SYS_memfd_create __NR_memfd_create
+#endif
+#ifdef SYS_memfd_create
+# define HAVE_MEMFD_CREATE
+/* memfd_create(2) flags -- copied from <linux/memfd.h>. */
+# ifndef MFD_CLOEXEC
+# define MFD_CLOEXEC 0x0001U
+# define MFD_ALLOW_SEALING 0x0002U
+# endif
+int memfd_create(const char *name, unsigned int flags)
+{
+ return syscall(SYS_memfd_create, name, flags);
+}
+#endif
+
+/* This comes directly from <linux/fcntl.h>. */
+#ifndef F_LINUX_SPECIFIC_BASE
+# define F_LINUX_SPECIFIC_BASE 1024
+#endif
+#ifndef F_ADD_SEALS
+# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
+# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
+#endif
+#ifndef F_SEAL_SEAL
+# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */
+# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */
+# define F_SEAL_GROW 0x0004 /* prevent file from growing */
+# define F_SEAL_WRITE 0x0008 /* prevent writes */
+#endif
+
+#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */
+#ifdef HAVE_MEMFD_CREATE
+# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe"
+# define RUNC_MEMFD_SEALS \
+ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
+#endif
+
+static void *must_realloc(void *ptr, size_t size)
+{
+ void *old = ptr;
+ do {
+ ptr = realloc(old, size);
+ } while(!ptr);
+ return ptr;
+}
+
+/*
+ * Verify whether we are currently in a self-cloned program (namely, is
+ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather
+ * for shmem files), and we want to be sure it's actually sealed.
+ */
+static int is_self_cloned(void)
+{
+ int fd, ret, is_cloned = 0;
+
+ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC);
+ if (fd < 0)
+ return -ENOTRECOVERABLE;
+
+#ifdef HAVE_MEMFD_CREATE
+ ret = fcntl(fd, F_GET_SEALS);
+ is_cloned = (ret == RUNC_MEMFD_SEALS);
+#else
+ struct stat statbuf = {0};
+ ret = fstat(fd, &statbuf);
+ if (ret >= 0)
+ is_cloned = (statbuf.st_nlink == 0);
+#endif
+ close(fd);
+ return is_cloned;
+}
+
+/*
+ * Basic wrapper around mmap(2) that gives you the file length so you can
+ * safely treat it as an ordinary buffer. Only gives you read access.
+ */
+static char *read_file(char *path, size_t *length)
+{
+ int fd;
+ char buf[4096], *copy = NULL;
+
+ if (!length)
+ return NULL;
+
+ fd = open(path, O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
+ return NULL;
+
+ *length = 0;
+ for (;;) {
+ int n;
+
+ n = read(fd, buf, sizeof(buf));
+ if (n < 0)
+ goto error;
+ if (!n)
+ break;
+
+ copy = must_realloc(copy, (*length + n) * sizeof(*copy));
+ memcpy(copy + *length, buf, n);
+ *length += n;
+ }
+ close(fd);
+ return copy;
+
+error:
+ close(fd);
+ free(copy);
+ return NULL;
+}
+
+/*
+ * A poor-man's version of "xargs -0". Basically parses a given block of
+ * NUL-delimited data, within the given length and adds a pointer to each entry
+ * to the array of pointers.
+ */
+static int parse_xargs(char *data, int data_length, char ***output)
+{
+ int num = 0;
+ char *cur = data;
+
+ if (!data || *output != NULL)
+ return -1;
+
+ while (cur < data + data_length) {
+ num++;
+ *output = must_realloc(*output, (num + 1) * sizeof(**output));
+ (*output)[num - 1] = cur;
+ cur += strlen(cur) + 1;
+ }
+ (*output)[num] = NULL;
+ return num;
+}
+
+/*
+ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ.
+ * This is necessary because we are running in a context where we don't have a
+ * main() that we can just get the arguments from.
+ */
+static int fetchve(char ***argv, char ***envp)
+{
+ char *cmdline = NULL, *environ = NULL;
+ size_t cmdline_size, environ_size;
+
+ cmdline = read_file("/proc/self/cmdline", &cmdline_size);
+ if (!cmdline)
+ goto error;
+ environ = read_file("/proc/self/environ", &environ_size);
+ if (!environ)
+ goto error;
+
+ if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
+ goto error;
+ if (parse_xargs(environ, environ_size, envp) <= 0)
+ goto error;
+
+ return 0;
+
+error:
+ free(environ);
+ free(cmdline);
+ return -EINVAL;
+}
+
+static int clone_binary(void)
+{
+ int binfd, memfd;
+ ssize_t sent = 0;
+
+#ifdef HAVE_MEMFD_CREATE
+ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING);
+#else
+ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711);
+#endif
+ if (memfd < 0)
+ return -ENOTRECOVERABLE;
+
+ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
+ if (binfd < 0)
+ goto error;
+
+ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX);
+ close(binfd);
+ if (sent < 0)
+ goto error;
+
+#ifdef HAVE_MEMFD_CREATE
+ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS);
+ if (err < 0)
+ goto error;
+#else
+ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */
+ int newfd;
+ char *fdpath = NULL;
+
+ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0)
+ goto error;
+ newfd = open(fdpath, O_RDONLY | O_CLOEXEC);
+ free(fdpath);
+ if (newfd < 0)
+ goto error;
+
+ close(memfd);
+ memfd = newfd;
+#endif
+ return memfd;
+
+error:
+ close(memfd);
+ return -EIO;
+}
+
+int ensure_cloned_binary(void)
+{
+ int execfd;
+ char **argv = NULL, **envp = NULL;
+
+ /* Check that we're not self-cloned, and if we are then bail. */
+ int cloned = is_self_cloned();
+ if (cloned > 0 || cloned == -ENOTRECOVERABLE)
+ return cloned;
+
+ if (fetchve(&argv, &envp) < 0)
+ return -EINVAL;
+
+ execfd = clone_binary();
+ if (execfd < 0)
+ return -EIO;
+
+ fexecve(execfd, argv, envp);
+ return -ENOEXEC;
+}
diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
index 28269dfc..7750af35 100644
--- a/libcontainer/nsenter/nsexec.c
+++ b/libcontainer/nsenter/nsexec.c
@@ -534,6 +534,9 @@ void join_namespaces(char *nslist)
free(namespaces);
}
+/* Defined in cloned_binary.c. */
+extern int ensure_cloned_binary(void);
+
void nsexec(void)
{
int pipenum;
@@ -549,6 +552,14 @@ void nsexec(void)
if (pipenum == -1)
return;
+ /*
+ * We need to re-exec if we are not in a cloned binary. This is necessary
+ * to ensure that containers won't be able to access the host binary
+ * through /proc/self/exe. See CVE-2019-5736.
+ */
+ if (ensure_cloned_binary() < 0)
+ bail("could not ensure we are a cloned binary");
+
/* Parse all of the netlink configuration. */
nl_parse(pipenum, &config);
--
2.11.0

5
package/runc/Config.in
View File

@ -3,13 +3,14 @@ config BR2_PACKAGE_RUNC
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS
depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
help
runC is a CLI tool for spawning and running containers
according to the OCP specification.
https://github.com/opencontainers/runc
comment "runc needs a toolchain w/ threads"
comment "runc needs a glibc or musl toolchain toolchain w/ threads"
depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS && \
BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS
depends on !BR2_TOOLCHAIN_HAS_THREADS
depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAN_USES_UCLIBC

29
package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch Normal file
View File

@ -0,0 +1,29 @@
From 68b0591cf37760e09e358533bbcecf36eddfceed Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Sun, 10 Feb 2019 14:46:41 +0100
Subject: [PATCH] src/Makefile.am: add missing @RT_LIB@ for sg_turs
The sg_turs program uses clock_gettime(), so it should link against
librt, as provided by @RT_LIB@.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
src/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 881cf29..0eba680 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -170,7 +170,7 @@ sg_test_rwbuf_LDADD = ../lib/libsgutils2.la
sg_timestamp_LDADD = ../lib/libsgutils2.la
-sg_turs_LDADD = ../lib/libsgutils2.la
+sg_turs_LDADD = ../lib/libsgutils2.la @RT_LIB@
sg_unmap_LDADD = ../lib/libsgutils2.la
--
2.20.1

2
package/sg3_utils/sg3_utils.mk
View File

@ -14,7 +14,7 @@ SG3_UTILS_LICENSE := $(SG3_UTILS_LICENSE), GPL-2.0+ (programs), BSD-3-Clause (pr
endif
SG3_UTILS_LICENSE_FILES = COPYING BSD_LICENSE
# Patching configure.ac
# Patching configure.ac/Makefile.am
SG3_UTILS_AUTORECONF = YES
# install the libsgutils2 library

97
package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch Normal file
View File

@ -0,0 +1,97 @@
From 43f71fa7b4c6a20f4078b9098369abb8d38a5617 Mon Sep 17 00:00:00 2001
From: Nick Parker <nparker@zetetic.net>
Date: Fri, 9 Dec 2016 11:47:39 -0600
Subject: [PATCH] Support OpenSSL 1.1.0 and prior
(cherry picked from commit 939c83a007e4724436c3955ae2afd8b11b92d867)
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
src/crypto_openssl.c | 53 +++++++++++++++++++++++++++++++++++++---------------
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 150ab92..6822325 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -47,6 +47,29 @@ static unsigned int openssl_external_init = 0;
static unsigned int openssl_init_count = 0;
static sqlite3_mutex* openssl_rand_mutex = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ if (ctx != NULL) {
+ HMAC_CTX_init(ctx);
+ }
+ return ctx;
+}
+
+// Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
+// HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
+// HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
+// calls are not needed.
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+#endif
+
static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
#ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
sqlite3_mutex_enter(openssl_rand_mutex);
@@ -143,14 +166,14 @@ static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
}
static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
- HMAC_CTX hctx;
unsigned int outlen;
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL);
- HMAC_Update(&hctx, in, in_sz);
- HMAC_Update(&hctx, in2, in2_sz);
- HMAC_Final(&hctx, out, &outlen);
- HMAC_CTX_cleanup(&hctx);
+ HMAC_CTX* hctx = HMAC_CTX_new();
+ if(hctx == NULL) return SQLITE_ERROR;
+ HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
+ HMAC_Update(hctx, in, in_sz);
+ HMAC_Update(hctx, in2, in2_sz);
+ HMAC_Final(hctx, out, &outlen);
+ HMAC_CTX_free(hctx);
return SQLITE_OK;
}
@@ -160,18 +183,18 @@ static int sqlcipher_openssl_kdf(void *ctx, const unsigned char *pass, int pass_
}
static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
- EVP_CIPHER_CTX ectx;
int tmp_csz, csz;
-
- EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
- EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding
- EVP_CipherInit(&ectx, NULL, key, iv, mode);
- EVP_CipherUpdate(&ectx, out, &tmp_csz, in, in_sz);
+ EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
+ if(ectx == NULL) return SQLITE_ERROR;
+ EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode);
+ EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding
+ EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
+ EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
csz = tmp_csz;
out += tmp_csz;
- EVP_CipherFinal(&ectx, out, &tmp_csz);
+ EVP_CipherFinal_ex(ectx, out, &tmp_csz);
csz += tmp_csz;
- EVP_CIPHER_CTX_cleanup(&ectx);
+ EVP_CIPHER_CTX_free(ectx);
assert(in_sz == csz);
return SQLITE_OK;
}
--
1.9.1

42
package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch Normal file
View File

@ -0,0 +1,42 @@
From 6b4dbecbcfe35d36fea264c04c41b338852d4e88 Mon Sep 17 00:00:00 2001
From: Nick Parker <nparker@zetetic.net>
Date: Wed, 1 Mar 2017 15:35:43 -0600
Subject: [PATCH] Guard OpenSSL init and cleanup routines on versions less
than 1.1.0
(cherry picked from commit 1c495b933cee3381f1ea6a70edcbcda1754d7409)
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Conflicts:
src/crypto_openssl.c
---
src/crypto_openssl.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 6822325..09bc2a2 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -102,7 +102,9 @@ static int sqlcipher_openssl_activate(void *ctx) {
if(openssl_init_count == 0 && openssl_external_init == 0) {
/* if the library was not externally initialized, then should be now */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_algorithms();
+#endif
}
#ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
@@ -131,7 +133,9 @@ static int sqlcipher_openssl_deactivate(void *ctx) {
Note: this code will only be reached if OpensSSL_add_all_algorithms()
is called by SQLCipher internally. This should prevent SQLCipher from
"cleaning up" openssl when it was initialized externally by the program */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup();
+#endif
}
#ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
sqlite3_mutex_free(openssl_rand_mutex);
--
1.9.1

48
package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch Normal file
View File

@ -0,0 +1,48 @@
From 3da532754fb2bb7d379d4386a8c3339742edfb0b Mon Sep 17 00:00:00 2001
From: Stephen Lombardo <sjlombardo@zetetic.net>
Date: Wed, 10 Oct 2018 15:55:49 -0400
Subject: [PATCH] correct compliation under openssl 1.1.x
(cherry picked from commit 57ea35296ce7f2c1c93ce79194eea19a008b69ae)
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
Conflicts:
src/crypto_openssl.c
---
src/crypto_openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 09bc2a2..57a1104 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -47,7 +47,7 @@ static unsigned int openssl_external_init = 0;
static unsigned int openssl_init_count = 0;
static sqlite3_mutex* openssl_rand_mutex = NULL;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
static HMAC_CTX *HMAC_CTX_new(void)
{
HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
@@ -102,7 +102,7 @@ static int sqlcipher_openssl_activate(void *ctx) {
if(openssl_init_count == 0 && openssl_external_init == 0) {
/* if the library was not externally initialized, then should be now */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
OpenSSL_add_all_algorithms();
#endif
}
@@ -133,7 +133,7 @@ static int sqlcipher_openssl_deactivate(void *ctx) {
Note: this code will only be reached if OpensSSL_add_all_algorithms()
is called by SQLCipher internally. This should prevent SQLCipher from
"cleaning up" openssl when it was initialized externally by the program */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
EVP_cleanup();
#endif
}
--
1.9.1

1
package/sqlcipher/Config.in
View File

@ -3,6 +3,7 @@ config BR2_PACKAGE_SQLCIPHER
depends on !BR2_PACKAGE_SQLITE
depends on BR2_TOOLCHAIN_HAS_THREADS
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
help
SQLCipher is an SQLite extension that provides 256 bits AES
encryption of database files. Note that it is a fork of

16
package/systemd/systemd.mk
View File

@ -10,6 +10,7 @@ SYSTEMD_LICENSE = LGPL-2.1+, GPL-2.0+ (udev), Public Domain (few source files, s
SYSTEMD_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 README
SYSTEMD_INSTALL_STAGING = YES
SYSTEMD_DEPENDENCIES = \
$(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \
host-gperf \
host-intltool \
kmod \
@ -23,7 +24,6 @@ SYSTEMD_CONF_OPTS += \
-Dblkid=true \
-Dman=false \
-Dima=false \
-Dlibcryptsetup=false \
-Defi=false \
-Dgnu-efi=false \
-Dldconfig=false \
@ -57,6 +57,13 @@ else
SYSTEMD_CONF_OPTS += -Daudit=false
endif
ifeq ($(BR2_PACKAGE_CRYPTSETUP),y)
SYSTEMD_DEPENDENCIES += cryptsetup
SYSTEMD_CONF_OPTS += -Dlibcryptsetup=true
else
SYSTEMD_CONF_OPTS += -Dlibcryptsetup=false
endif
ifeq ($(BR2_PACKAGE_ELFUTILS),y)
SYSTEMD_DEPENDENCIES += elfutils
SYSTEMD_CONF_OPTS += -Delfutils=true
@ -117,6 +124,13 @@ else
SYSTEMD_CONF_OPTS += -Dpam=false
endif
ifeq ($(BR2_PACKAGE_VALGRIND),y)
SYSTEMD_DEPENDENCIES += valgrind
SYSTEMD_CONF_OPTS += -Dvalgrind=true
else
SYSTEMD_CONF_OPTS += -Dvalgrind=false
endif
ifeq ($(BR2_PACKAGE_XZ),y)
SYSTEMD_DEPENDENCIES += xz
SYSTEMD_CONF_OPTS += -Dxz=true

13
support/testing/tests/package/test_docker_compose.py
View File

@ -4,19 +4,12 @@ import infra.basetest
class TestDockerCompose(infra.basetest.BRTest):
config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \
config = \
"""
BR2_x86_64=y
BR2_x86_core2=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y
BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-x86-64-core2-full-2018.05.tar.bz2"
BR2_TOOLCHAIN_EXTERNAL_GCC_6=y
BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_16=y
BR2_TOOLCHAIN_EXTERNAL_LOCALE=y
# BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set
BR2_TOOLCHAIN_EXTERNAL_CXX=y
BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
BR2_KERNEL_HEADERS_4_19=y
BR2_SYSTEM_DHCP="eth0"
BR2_ROOTFS_POST_BUILD_SCRIPT="{}"
BR2_ROOTFS_POST_SCRIPT_ARGS="{}"

18
utils/scanpypi
View File

@ -225,6 +225,22 @@ class BuildrootPackage():
self.filename = self.used_url['filename']
self.url = self.used_url['url']
def check_archive(self, members):
"""
Check archive content before extracting
Keyword arguments:
members -- list of archive members
"""
# Protect against https://github.com/snyk/zip-slip-vulnerability
# Older python versions do not validate that the extracted files are
# inside the target directory. Detect and error out on evil paths
evil = [e for e in members if os.path.relpath(e).startswith(('/', '..'))]
if evil:
print('ERROR: Refusing to extract {} with suspicious members {}'.format(
self.filename, evil))
sys.exit(1)
def extract_package(self, tmp_path):
"""
Extract the package contents into a directrory
@ -249,6 +265,7 @@ class BuildrootPackage():
print('Removing {pkg}...'.format(pkg=tmp_pkg))
shutil.rmtree(tmp_pkg)
os.makedirs(tmp_pkg)
self.check_archive(as_zipfile.namelist())
as_zipfile.extractall(tmp_pkg)
pkg_filename = self.filename.split(".zip")[0]
else:
@ -264,6 +281,7 @@ class BuildrootPackage():
print('Removing {pkg}...'.format(pkg=tmp_pkg))
shutil.rmtree(tmp_pkg)
os.makedirs(tmp_pkg)
self.check_archive(as_tarfile.getnames())
as_tarfile.extractall(tmp_pkg)
pkg_filename = self.filename.split(".tar")[0]