From e0f3138f819f29fcd5d37b429ccc3626fd15afe8 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 4 Feb 2019 20:13:26 +0100 Subject: [PATCH 01/31] package/systemd: add optional valgrind dependency Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/systemd/systemd.mk | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index f9df66b039..5b2abdc3fe 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -117,6 +117,13 @@ else SYSTEMD_CONF_OPTS += -Dpam=false endif +ifeq ($(BR2_PACKAGE_VALGRIND),y) +SYSTEMD_DEPENDENCIES += valgrind +SYSTEMD_CONF_OPTS += -Dvalgrind=true +else +SYSTEMD_CONF_OPTS += -Dvalgrind=false +endif + ifeq ($(BR2_PACKAGE_XZ),y) SYSTEMD_DEPENDENCIES += xz SYSTEMD_CONF_OPTS += -Dxz=true From b96a4d090928daa90440dd11c0d5a377ef16e8e2 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 4 Feb 2019 20:13:27 +0100 Subject: [PATCH 02/31] package/systemd: add optional cryptsetup dependency Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/systemd/systemd.mk | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index 5b2abdc3fe..bbcc14901f 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -23,7 +23,6 @@ SYSTEMD_CONF_OPTS += \ -Dblkid=true \ -Dman=false \ -Dima=false \ - -Dlibcryptsetup=false \ -Defi=false \ -Dgnu-efi=false \ -Dldconfig=false \ @@ -57,6 +56,13 @@ else SYSTEMD_CONF_OPTS += -Daudit=false endif +ifeq ($(BR2_PACKAGE_CRYPTSETUP),y) +SYSTEMD_DEPENDENCIES += cryptsetup +SYSTEMD_CONF_OPTS += -Dlibcryptsetup=true +else +SYSTEMD_CONF_OPTS += -Dlibcryptsetup=false +endif + ifeq ($(BR2_PACKAGE_ELFUTILS),y) SYSTEMD_DEPENDENCIES += elfutils SYSTEMD_CONF_OPTS += -Delfutils=true From 84dfe5d9b5d08aad154e6f730366823b04996c45 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Mon, 4 Feb 2019 20:13:28 +0100 Subject: [PATCH 03/31] package/systemd: add optional bash-completion dependency Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/systemd/systemd.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index bbcc14901f..7a46a50ed3 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -10,6 +10,7 @@ SYSTEMD_LICENSE = LGPL-2.1+, GPL-2.0+ (udev), Public Domain (few source files, s SYSTEMD_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 README SYSTEMD_INSTALL_STAGING = YES SYSTEMD_DEPENDENCIES = \ + $(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \ host-gperf \ host-intltool \ kmod \ From 35dde6de1fc23bcc5a56eed30cac46d201b7104a Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Sun, 10 Feb 2019 14:18:59 +0100 Subject: [PATCH 04/31] package/brcm-patchram-plus: fix license file hash Commit 684bcc45e52a8300a2115799e96017b180695a14 ("package/brcm-patchram-plus: fix build on sparc") added a patch that modifies the src/main.c file, without paying attention to the fact that this file is used as the license file for the package, and therefore the .hash had to be updated at the same time. This commit updates the license file hash as needed. There are obviously no licensing related changes in the SPARC build fixes. Fixes: http://autobuild.buildroot.net/results/083ce1c3100b10e40480e6330ce0c29dde51f5e0/ Signed-off-by: Thomas Petazzoni --- package/brcm-patchram-plus/brcm-patchram-plus.hash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/brcm-patchram-plus/brcm-patchram-plus.hash b/package/brcm-patchram-plus/brcm-patchram-plus.hash index fb7a91f114..0da680cd85 100644 --- a/package/brcm-patchram-plus/brcm-patchram-plus.hash +++ b/package/brcm-patchram-plus/brcm-patchram-plus.hash @@ -1,3 +1,3 @@ # locally computed sha256 7d63f3a0c79cb5d187a0f2647734601f9c97d4eb8e545ce9ace7653c1f3f9a58 brcm-patchram-plus-94fb127e614b19a9a95561b8c1a0716e2e1e6293.tar.gz -sha256 3bbeac0dc9f456695e692687c9d90a3c4ffc0253b0476d487d8cede207a8dc5b src/main.c +sha256 2ba6b830c7d2186f6d5e4470ce5ffe73d97faf69b0d967f2455b725809dfca7b src/main.c From 12a3bd853e9340a0d1000d5e696d505c6fff9e72 Mon Sep 17 00:00:00 2001 From: "Yann E. MORIN" Date: Sun, 10 Feb 2019 16:48:15 +0100 Subject: [PATCH 05/31] package/googlefontdirectory: better solution to avoid check-package warning Rather than tell check-package to ignore a false-positive issue, just avoid the issue to begin with, by using an intermediate variable to construct the list of licenses. Signed-off-by: "Yann E. MORIN" Cc: Thomas Petazzoni Signed-off-by: Thomas Petazzoni --- package/googlefontdirectory/googlefontdirectory.mk | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/package/googlefontdirectory/googlefontdirectory.mk b/package/googlefontdirectory/googlefontdirectory.mk index cf918ac4ae..8773390f0c 100644 --- a/package/googlefontdirectory/googlefontdirectory.mk +++ b/package/googlefontdirectory/googlefontdirectory.mk @@ -11,22 +11,21 @@ GOOGLEFONTDIRECTORY_FONTS = \ $(call qstrip,$(BR2_PACKAGE_GOOGLEFONTDIRECTORY_FONTS)) ifneq ($(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS)),) -GOOGLEFONTDIRECTORY_LICENSE += Apache-2.0 +GOOGLEFONTDIRECTORY_ALL_LICENSES += Apache-2.0 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENSE.txt,$(filter apache/%,$(GOOGLEFONTDIRECTORY_FONTS))) endif ifneq ($(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS)),) -GOOGLEFONTDIRECTORY_LICENSE += OFL-1.1 +GOOGLEFONTDIRECTORY_ALL_LICENSES += OFL-1.1 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /OFL.txt,$(filter ofl/%,$(GOOGLEFONTDIRECTORY_FONTS))) endif ifneq ($(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS)),) -GOOGLEFONTDIRECTORY_LICENSE += UFL-1.1 +GOOGLEFONTDIRECTORY_ALL_LICENSES += UFL-1.1 GOOGLEFONTDIRECTORY_LICENSE_FILES += $(addsuffix /LICENCE.txt,$(filter ufl/%,$(GOOGLEFONTDIRECTORY_FONTS))) endif -# check-package OverriddenVariable -GOOGLEFONTDIRECTORY_LICENSE := $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_LICENSE)) +GOOGLEFONTDIRECTORY_LICENSE = $(subst $(space),$(comma)$(space),$(GOOGLEFONTDIRECTORY_ALL_LICENSES)) define GOOGLEFONTDIRECTORY_INSTALL_TARGET_CMDS $(foreach d,$(GOOGLEFONTDIRECTORY_FONTS), \ From 0a99f298a5a8f74962a99eda60f437b58c44736f Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 10 Feb 2019 18:27:39 +0100 Subject: [PATCH 06/31] package/brcm-patchram-plus: bump to version 95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042 - Remove patch (already in version) - Use COPYING as license file as COPYING has been fixed by: https://github.com/AsteroidOS/brcm-patchram-plus/commit/95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042 Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- .../0001-src-main.c-fix-build-on-SPARC.patch | 64 ------------------- .../brcm-patchram-plus.hash | 4 +- .../brcm-patchram-plus/brcm-patchram-plus.mk | 4 +- 3 files changed, 4 insertions(+), 68 deletions(-) delete mode 100644 package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch diff --git a/package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch b/package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch deleted file mode 100644 index 5567284cdf..0000000000 --- a/package/brcm-patchram-plus/0001-src-main.c-fix-build-on-SPARC.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 8ff9d421372a7cb780fbafd8b1d556ee549bf109 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Fri, 8 Feb 2019 23:21:04 +0100 -Subject: [PATCH] src/main.c: fix build on SPARC - -On SPARC, the definitions of B2500000, B3000000, B3500000 and B4000000 -are not necessarily available, so use those values only if defined in -the kernel headers. - -It fixes SPARC build failures such as: -main.c:382:13: error: 'B2500000' undeclared here (not in a function) - { 2500000, B2500000 }, - ^~~~~~~~ -main.c:383:13: error: 'B3000000' undeclared here (not in a function) - { 3000000, B3000000 }, - ^~~~~~~~ -main.c:385:13: error: 'B3500000' undeclared here (not in a function) - { 3500000, B3500000 }, - ^~~~~~~~ -main.c:386:13: error: 'B4000000' undeclared here (not in a function) - { 4000000, B4000000 } - -Fixes: - - http://autobuild.buildroot.org/results/f7012c08c935c3a6ccae50b84170190af5cd5cba - -Signed-off-by: Fabrice Fontaine -[Upstream status: https://github.com/AsteroidOS/brcm-patchram-plus/pull/1] ---- - src/main.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/main.c b/src/main.c -index 040cfe1..17c5191 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -378,12 +378,20 @@ tBaudRates baud_rates[] = { - { 1000000, B1000000 }, - { 1152000, B1152000 }, - { 1500000, B1500000 }, -- { 2000000, B2000000 }, -- { 2500000, B2500000 }, -- { 3000000, B3000000 }, -+ { 2000000, B2000000 } -+#ifdef B2500000 -+ ,{ 2500000, B2500000 } -+#endif -+#ifdef B3000000 -+ ,{ 3000000, B3000000 } -+#endif - #ifndef __CYGWIN__ -- { 3500000, B3500000 }, -- { 4000000, B4000000 } -+#ifdef B3500000 -+ ,{ 3500000, B3500000 } -+#endif -+#ifdef B4000000 -+ ,{ 4000000, B4000000 } -+#endif - #endif - }; - --- -2.14.1 - diff --git a/package/brcm-patchram-plus/brcm-patchram-plus.hash b/package/brcm-patchram-plus/brcm-patchram-plus.hash index 0da680cd85..f6910e714b 100644 --- a/package/brcm-patchram-plus/brcm-patchram-plus.hash +++ b/package/brcm-patchram-plus/brcm-patchram-plus.hash @@ -1,3 +1,3 @@ # locally computed -sha256 7d63f3a0c79cb5d187a0f2647734601f9c97d4eb8e545ce9ace7653c1f3f9a58 brcm-patchram-plus-94fb127e614b19a9a95561b8c1a0716e2e1e6293.tar.gz -sha256 2ba6b830c7d2186f6d5e4470ce5ffe73d97faf69b0d967f2455b725809dfca7b src/main.c +sha256 febad69fbc9185b4c6a31188cf381fd280b88d93cb7f5a40dfdbab9c599c29a7 brcm-patchram-plus-95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042.tar.gz +sha256 26324f5c563b7e338c2876c8abe90c3681c1e9a6163fc59b494c94ad6493eda4 COPYING diff --git a/package/brcm-patchram-plus/brcm-patchram-plus.mk b/package/brcm-patchram-plus/brcm-patchram-plus.mk index 511ec991bc..329571d9a9 100644 --- a/package/brcm-patchram-plus/brcm-patchram-plus.mk +++ b/package/brcm-patchram-plus/brcm-patchram-plus.mk @@ -4,10 +4,10 @@ # ################################################################################ -BRCM_PATCHRAM_PLUS_VERSION = 94fb127e614b19a9a95561b8c1a0716e2e1e6293 +BRCM_PATCHRAM_PLUS_VERSION = 95b7b6916d661a4da3f9c0adf52d5e1f4f8ab042 BRCM_PATCHRAM_PLUS_SITE = $(call github,AsteroidOS,brcm-patchram-plus,$(BRCM_PATCHRAM_PLUS_VERSION)) BRCM_PATCHRAM_PLUS_LICENSE = Apache-2.0 -BRCM_PATCHRAM_PLUS_LICENSE_FILES = src/main.c +BRCM_PATCHRAM_PLUS_LICENSE_FILES = COPYING BRCM_PATCHRAM_PLUS_AUTORECONF = YES $(eval $(autotools-package)) From d7690d3bfa4edde7e06e9ef457e765d0f6148923 Mon Sep 17 00:00:00 2001 From: Thomas De Schampheleire Date: Fri, 8 Feb 2019 21:50:41 +0100 Subject: [PATCH 07/31] package/opentracing-cpp: needs dynamic library support opentracing-cpp requires dlfcn.h from src/dynamic_load_unix.cpp. This file is compiled unconditionally. Disable opentracing-cpp on BR2_STATIC_LIBS configurations. Fixes: http://autobuild.buildroot.net/results/454173aef9ff7c808294a974088d7682cad240a8/ Signed-off-by: Thomas De Schampheleire Signed-off-by: Thomas Petazzoni --- package/opentracing-cpp/Config.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/package/opentracing-cpp/Config.in b/package/opentracing-cpp/Config.in index ebcce35aa8..ff3067b7d1 100644 --- a/package/opentracing-cpp/Config.in +++ b/package/opentracing-cpp/Config.in @@ -2,6 +2,7 @@ config BR2_PACKAGE_OPENTRACING_CPP bool "opentracing-cpp" depends on BR2_INSTALL_LIBSTDCPP depends on BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_STATIC_LIBS depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11 depends on !BR2_TOOLCHAIN_HAS_GCC_BUG_64735 # exception_ptr help @@ -9,8 +10,9 @@ config BR2_PACKAGE_OPENTRACING_CPP http://opentracing.io -comment "opentracing-cpp needs a toolchain w/ C++, threads, gcc >= 4.8" - depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 +comment "opentracing-cpp needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.8" + depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \ + || BR2_STATIC_LIBS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 comment "opentracing-cpp needs exception_ptr" depends on BR2_TOOLCHAIN_HAS_GCC_BUG_64735 From c96156add9b83e5f381edd89301ffb89ea9e0a86 Mon Sep 17 00:00:00 2001 From: Matt Weber Date: Wed, 6 Feb 2019 06:09:18 -0600 Subject: [PATCH 08/31] package/sqlcipher: add OpenSSL 1.1.x compatibility Fixes http://autobuild.buildroot.net/results/5e2/5e2c3178d8a6e11b1af1c37144737097730ba222/ Signed-off-by: Matthew Weber Signed-off-by: Thomas Petazzoni --- ...0001-Support-OpenSSL-1.1.0-and-prior.patch | 97 +++++++++++++++++++ ...it-and-cleanup-routines-on-versions-.patch | 42 ++++++++ ...rect-compliation-under-openssl-1.1.x.patch | 48 +++++++++ 3 files changed, 187 insertions(+) create mode 100644 package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch create mode 100644 package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch create mode 100644 package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch diff --git a/package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch b/package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch new file mode 100644 index 0000000000..4fa3e3c768 --- /dev/null +++ b/package/sqlcipher/0001-Support-OpenSSL-1.1.0-and-prior.patch @@ -0,0 +1,97 @@ +From 43f71fa7b4c6a20f4078b9098369abb8d38a5617 Mon Sep 17 00:00:00 2001 +From: Nick Parker +Date: Fri, 9 Dec 2016 11:47:39 -0600 +Subject: [PATCH] Support OpenSSL 1.1.0 and prior + +(cherry picked from commit 939c83a007e4724436c3955ae2afd8b11b92d867) +Signed-off-by: Matt Weber +--- + src/crypto_openssl.c | 53 +++++++++++++++++++++++++++++++++++++--------------- + 1 file changed, 38 insertions(+), 15 deletions(-) + +diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c +index 150ab92..6822325 100644 +--- a/src/crypto_openssl.c ++++ b/src/crypto_openssl.c +@@ -47,6 +47,29 @@ static unsigned int openssl_external_init = 0; + static unsigned int openssl_init_count = 0; + static sqlite3_mutex* openssl_rand_mutex = NULL; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); ++ if (ctx != NULL) { ++ HMAC_CTX_init(ctx); ++ } ++ return ctx; ++} ++ ++// Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes) ++// HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup. ++// HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these ++// calls are not needed. ++static void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ if (ctx != NULL) { ++ HMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++#endif ++ + static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) { + #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND + sqlite3_mutex_enter(openssl_rand_mutex); +@@ -143,14 +166,14 @@ static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) { + } + + static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { +- HMAC_CTX hctx; + unsigned int outlen; +- HMAC_CTX_init(&hctx); +- HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL); +- HMAC_Update(&hctx, in, in_sz); +- HMAC_Update(&hctx, in2, in2_sz); +- HMAC_Final(&hctx, out, &outlen); +- HMAC_CTX_cleanup(&hctx); ++ HMAC_CTX* hctx = HMAC_CTX_new(); ++ if(hctx == NULL) return SQLITE_ERROR; ++ HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL); ++ HMAC_Update(hctx, in, in_sz); ++ HMAC_Update(hctx, in2, in2_sz); ++ HMAC_Final(hctx, out, &outlen); ++ HMAC_CTX_free(hctx); + return SQLITE_OK; + } + +@@ -160,18 +183,18 @@ static int sqlcipher_openssl_kdf(void *ctx, const unsigned char *pass, int pass_ + } + + static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) { +- EVP_CIPHER_CTX ectx; + int tmp_csz, csz; +- +- EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode); +- EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding +- EVP_CipherInit(&ectx, NULL, key, iv, mode); +- EVP_CipherUpdate(&ectx, out, &tmp_csz, in, in_sz); ++ EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new(); ++ if(ectx == NULL) return SQLITE_ERROR; ++ EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode); ++ EVP_CIPHER_CTX_set_padding(ectx, 0); // no padding ++ EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode); ++ EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz); + csz = tmp_csz; + out += tmp_csz; +- EVP_CipherFinal(&ectx, out, &tmp_csz); ++ EVP_CipherFinal_ex(ectx, out, &tmp_csz); + csz += tmp_csz; +- EVP_CIPHER_CTX_cleanup(&ectx); ++ EVP_CIPHER_CTX_free(ectx); + assert(in_sz == csz); + return SQLITE_OK; + } +-- +1.9.1 + diff --git a/package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch b/package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch new file mode 100644 index 0000000000..1585b8d450 --- /dev/null +++ b/package/sqlcipher/0002-Guard-OpenSSL-init-and-cleanup-routines-on-versions-.patch @@ -0,0 +1,42 @@ +From 6b4dbecbcfe35d36fea264c04c41b338852d4e88 Mon Sep 17 00:00:00 2001 +From: Nick Parker +Date: Wed, 1 Mar 2017 15:35:43 -0600 +Subject: [PATCH] Guard OpenSSL init and cleanup routines on versions less + than 1.1.0 + +(cherry picked from commit 1c495b933cee3381f1ea6a70edcbcda1754d7409) +Signed-off-by: Matt Weber + +Conflicts: + src/crypto_openssl.c +--- + src/crypto_openssl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c +index 6822325..09bc2a2 100644 +--- a/src/crypto_openssl.c ++++ b/src/crypto_openssl.c +@@ -102,7 +102,9 @@ static int sqlcipher_openssl_activate(void *ctx) { + + if(openssl_init_count == 0 && openssl_external_init == 0) { + /* if the library was not externally initialized, then should be now */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_algorithms(); ++#endif + } + + #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND +@@ -131,7 +133,9 @@ static int sqlcipher_openssl_deactivate(void *ctx) { + Note: this code will only be reached if OpensSSL_add_all_algorithms() + is called by SQLCipher internally. This should prevent SQLCipher from + "cleaning up" openssl when it was initialized externally by the program */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_cleanup(); ++#endif + } + #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND + sqlite3_mutex_free(openssl_rand_mutex); +-- +1.9.1 + diff --git a/package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch b/package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch new file mode 100644 index 0000000000..b15fabcbec --- /dev/null +++ b/package/sqlcipher/0003-correct-compliation-under-openssl-1.1.x.patch @@ -0,0 +1,48 @@ +From 3da532754fb2bb7d379d4386a8c3339742edfb0b Mon Sep 17 00:00:00 2001 +From: Stephen Lombardo +Date: Wed, 10 Oct 2018 15:55:49 -0400 +Subject: [PATCH] correct compliation under openssl 1.1.x + +(cherry picked from commit 57ea35296ce7f2c1c93ce79194eea19a008b69ae) +Signed-off-by: Matt Weber + +Conflicts: + src/crypto_openssl.c +--- + src/crypto_openssl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c +index 09bc2a2..57a1104 100644 +--- a/src/crypto_openssl.c ++++ b/src/crypto_openssl.c +@@ -47,7 +47,7 @@ static unsigned int openssl_external_init = 0; + static unsigned int openssl_init_count = 0; + static sqlite3_mutex* openssl_rand_mutex = NULL; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + static HMAC_CTX *HMAC_CTX_new(void) + { + HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); +@@ -102,7 +102,7 @@ static int sqlcipher_openssl_activate(void *ctx) { + + if(openssl_init_count == 0 && openssl_external_init == 0) { + /* if the library was not externally initialized, then should be now */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + OpenSSL_add_all_algorithms(); + #endif + } +@@ -133,7 +133,7 @@ static int sqlcipher_openssl_deactivate(void *ctx) { + Note: this code will only be reached if OpensSSL_add_all_algorithms() + is called by SQLCipher internally. This should prevent SQLCipher from + "cleaning up" openssl when it was initialized externally by the program */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) + EVP_cleanup(); + #endif + } +-- +1.9.1 + From 2f67573373c7ee52b28771c8ed0fffb3dfcd5fbc Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Fri, 8 Feb 2019 21:46:56 +0100 Subject: [PATCH 09/31] package/libupnp18: fix static linking with mpd - Add a call to PKG_CHECK_MODULES in configure.ac to get openssl libraries and its dependencies if openssl support is enabled - Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with pupnp (such as mpd) will be able to retrieve openssl libraries Fixes: - http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073 Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- ...-configure.ac-fix-build-with-openssl.patch | 51 +++++++++++++++++++ package/libupnp18/libupnp18.mk | 3 +- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch diff --git a/package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch b/package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch new file mode 100644 index 0000000000..6a09821dae --- /dev/null +++ b/package/libupnp18/0001-configure.ac-fix-build-with-openssl.patch @@ -0,0 +1,51 @@ +From c70d326f3ae88aa2dca903fb17a1f18d3b45a2ca Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Fri, 8 Feb 2019 16:45:32 +0100 +Subject: [PATCH] configure.ac: fix build with openssl + +- Add a call to PKG_CHECK_MODULES to get openssl libraries and its + dependencies if openssl support is enabled +- Add OPENSSL_LIBS to libupnp.pc.in so that applications linking with + pupnp (such as mpd) will be able to retrieve openssl libraries + +Fixes: + - http://autobuild.buildroot.org/results/a4148e516070b79816769f3443fc24d6d8192073 + +Signed-off-by: Fabrice Fontaine +[Upstream status: https://github.com/mrjimenez/pupnp/pull/105] +--- + configure.ac | 5 +++++ + libupnp.pc.in | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 670d363..190b30c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -722,6 +722,11 @@ AC_COMPILE_IFELSE( + AC_MSG_ERROR([pthread_rwlock_t not available])])]) + echo "-------------------------------------------------------------------------------" + ++if test "x$enable_open_ssl" = xyes ; then ++ PKG_CHECK_MODULES(OPENSSL, libssl, ++ [LIBS="$LIBS $OPENSSL_LIBS" CFLAGS="$CFLAGS $OPENSSL_CFLAGS"], ++ [AC_MSG_ERROR([openssl not found])]) ++fi + + AC_CONFIG_FILES([ + Makefile +diff --git a/libupnp.pc.in b/libupnp.pc.in +index bd2d7b3..54cba90 100644 +--- a/libupnp.pc.in ++++ b/libupnp.pc.in +@@ -6,6 +6,6 @@ includedir=@includedir@ + Name: libupnp + Description: Linux SDK for UPnP Devices + Version: @VERSION@ +-Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml ++Libs: @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -L${libdir} -lupnp -lixml @OPENSSL_LIBS@ + Cflags: @PTHREAD_CFLAGS@ -I${includedir}/upnp + +-- +2.14.1 + diff --git a/package/libupnp18/libupnp18.mk b/package/libupnp18/libupnp18.mk index 13536b8f7a..5154be5316 100644 --- a/package/libupnp18/libupnp18.mk +++ b/package/libupnp18/libupnp18.mk @@ -11,11 +11,12 @@ LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no LIBUPNP18_INSTALL_STAGING = YES LIBUPNP18_LICENSE = BSD-3-Clause LIBUPNP18_LICENSE_FILES = COPYING +# We're patching configure.ac +LIBUPNP18_AUTORECONF = YES ifeq ($(BR2_PACKAGE_OPENSSL),y) LIBUPNP18_CONF_OPTS += --enable-open-ssl LIBUPNP18_DEPENDENCIES += host-pkgconf openssl -LIBUPNP18_CONF_ENV += LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs libssl libcrypto`" else LIBUPNP18_CONF_OPTS += --disable-open-ssl endif From bb912b4ab0ca3d9620a63f96d65d03cda6aff34a Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Sun, 10 Feb 2019 14:51:30 +0100 Subject: [PATCH 10/31] package/sg3_utils: ensure to build against librt when needed The sg3_utils has provisions to build against librt when needed, but forgot to use that mechanism for the sg_turs program. This commit fixes that. The patch has been submitted upstream to the sg3_utils author. Fixes: http://autobuild.buildroot.net/results/67b890a41d05497820ea4f44e187257dd6818b0b/ Signed-off-by: Thomas Petazzoni Tested-by: Matthew Weber Signed-off-by: Thomas Petazzoni --- ...le.am-add-missing-RT_LIB-for-sg_turs.patch | 29 +++++++++++++++++++ package/sg3_utils/sg3_utils.mk | 2 +- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch diff --git a/package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch b/package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch new file mode 100644 index 0000000000..34a4e114ec --- /dev/null +++ b/package/sg3_utils/0002-src-Makefile.am-add-missing-RT_LIB-for-sg_turs.patch @@ -0,0 +1,29 @@ +From 68b0591cf37760e09e358533bbcecf36eddfceed Mon Sep 17 00:00:00 2001 +From: Thomas Petazzoni +Date: Sun, 10 Feb 2019 14:46:41 +0100 +Subject: [PATCH] src/Makefile.am: add missing @RT_LIB@ for sg_turs + +The sg_turs program uses clock_gettime(), so it should link against +librt, as provided by @RT_LIB@. + +Signed-off-by: Thomas Petazzoni +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 881cf29..0eba680 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -170,7 +170,7 @@ sg_test_rwbuf_LDADD = ../lib/libsgutils2.la + + sg_timestamp_LDADD = ../lib/libsgutils2.la + +-sg_turs_LDADD = ../lib/libsgutils2.la ++sg_turs_LDADD = ../lib/libsgutils2.la @RT_LIB@ + + sg_unmap_LDADD = ../lib/libsgutils2.la + +-- +2.20.1 + diff --git a/package/sg3_utils/sg3_utils.mk b/package/sg3_utils/sg3_utils.mk index b3a79d68ee..79521fd06e 100644 --- a/package/sg3_utils/sg3_utils.mk +++ b/package/sg3_utils/sg3_utils.mk @@ -14,7 +14,7 @@ SG3_UTILS_LICENSE := $(SG3_UTILS_LICENSE), GPL-2.0+ (programs), BSD-3-Clause (pr endif SG3_UTILS_LICENSE_FILES = COPYING BSD_LICENSE -# Patching configure.ac +# Patching configure.ac/Makefile.am SG3_UTILS_AUTORECONF = YES # install the libsgutils2 library From e9029aa1889a1b8d86ea321dd09f499ea369750a Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Mon, 11 Feb 2019 20:35:16 +0100 Subject: [PATCH 11/31] package/libva-utils: fix build failure when x11 support is disabled Fixes http://autobuild.buildroot.net/results/2f8/2f89e41f79e8bec1c0561b486ae5750fc87a6320/ Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni --- ...failure-when-x11-support-is-disabled.patch | 33 +++++++++++++++++++ package/libva-utils/libva-utils.mk | 1 + 2 files changed, 34 insertions(+) create mode 100644 package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch diff --git a/package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch b/package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch new file mode 100644 index 0000000000..b14b662abf --- /dev/null +++ b/package/libva-utils/0002-Fix-build-failure-when-x11-support-is-disabled.patch @@ -0,0 +1,33 @@ +From ad66d3c202eb72ac5808f13a0489ac836dc55aac Mon Sep 17 00:00:00 2001 +From: Bernd Kuhls +Date: Mon, 11 Feb 2019 20:31:42 +0100 +Subject: [PATCH] Fix build failure when x11 support is disabled + +Patch suggested on upstream bug tracker: +https://github.com/intel/libva-utils/issues/150#issuecomment-462059528 + +Signed-off-by: Bernd Kuhls +--- + Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index d28175a..12da79e 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -24,10 +24,10 @@ ACLOCAL_AMFLAGS = -I m4 ${ACLOCAL_FLAGS} + + AUTOMAKE_OPTIONS = foreign + +-SUBDIRS = common decode encode vainfo videoprocess vendor/intel vendor/intel/sfcsample ++SUBDIRS = common decode encode vainfo videoprocess vendor/intel + + if USE_X11 +-SUBDIRS += putsurface ++SUBDIRS += putsurface vendor/intel/sfcsample + else + if USE_WAYLAND + SUBDIRS += putsurface +-- +2.20.1 + diff --git a/package/libva-utils/libva-utils.mk b/package/libva-utils/libva-utils.mk index fab3894b18..be857bb4f1 100644 --- a/package/libva-utils/libva-utils.mk +++ b/package/libva-utils/libva-utils.mk @@ -10,6 +10,7 @@ LIBVA_UTILS_SITE = https://github.com/intel/libva-utils/releases/download/$(LIBV LIBVA_UTILS_LICENSE = MIT LIBVA_UTILS_LICENSE_FILES = COPYING # 0001-check-ssp.patch +# 0002-Fix-build-failure-when-x11-support-is-disabled.patch LIBVA_UTILS_AUTORECONF = YES LIBVA_UTILS_DEPENDENCIES = host-pkgconf libva From fb741b03a93880093be4a36b58ec93edd83057d9 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Tue, 12 Feb 2019 19:57:58 +0100 Subject: [PATCH 12/31] CHANGES: add recent changes In preparation for 2019.02-rc1 Signed-off-by: Peter Korsgaard --- CHANGES | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/CHANGES b/CHANGES index 188b88dfd8..0ef61f5882 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,133 @@ +2019.02-rc1, not yet released + + Fixes all over the tree and new features. + + + Dependencies: + + Require Python >= 2.7 as it is needed for E.G. building + libglib2. + + Ensure GNU gzip is used for reproducible tarballs (instead of + pigz) + + + Infrastucture: + + Ensure the PLATFORM and OS environment variables are not set, + as they cause build issues for some packages. + + The package list infrastructure now correctly handles packages + installing files with old mtime. + + Add a config option to force all optional host utilities to be + built, even if suitable versions are available on the build + machine. + + graph-build-time: Also show time spent downloading + + Download: fixes for SSH/SCP support + + Ensure user provided permissions override permissions from + packages. + + SDK: Fix handling of relative symlinks (targets starting with + '.' or '..') + + BR2_SYSTEM_DEFAULT_PATH setting to customize the default path + for processes. + + The custom skeleton logic will now populate the needed /bin, + /lib, /sbin directories/symlinks if not present. Merged /usr + can now be used with a custom skeleton. + + Rootfs overlays can now override symbolic links from + packages. This was disabled to ensure the correct symbolic + links are present when merged /usr is used. Instead validate + that the rootfs overlays do not include invalid /bin, /sbin + and /lib entries. + + The waf infrastructure now support the _SUBDIR variable, + similar to the other package types. + + cmake: Also set CMAKE_SYSTEM_VERSION in toolchainfile.cmake + + Various improvements to the meson infrastructure. + + Luarocks: A Buildroot addon has been added to automate + creating a Buildroot package from luarocks, similar to + scancpan and scanpypi. + + check-package: fix Python 3 support + + get-developers: Fix behaviour when called from elsewhere than + the toplevel directory. + + pkg-stats: Show latest upstream version of each package, based + on data from release-monitoring.org + + kconfig: Fix for make linux-menuconfig / uboot-menuconfig from + a clean tree when ccache is enabled. + + Default to sha256 password encoding, drop md5 support. + + + Architecture: + + Support for RISC-V 32bit architecture, ARM A55, 75 and Saphira + variants, MIPS support for mips32r3, mips64r3 and Marvell + Octeon II/III variants. + + + Toolchain: + + ARC toolchain 2018.09, ARM 8.2-2018.11, Codescape IMG/MTI MIPS + 2018.09-02, MUSL 1.1.21, GCC 6.5.0 / 7.4.0, GDB 8.2.1 + + + Packages: + + openssl: Bump to 1.1.1x series, bringing TLSv1.3 support and + long term support. + + fftw: Split into fftw-{single,double,long-double,quad} + packages for the different data precision options. + + libcurl: Now has explicit TLS backend selection options. + + linux: Support building device tree blobs with the -@ option + for device tree overlays. + + weston: The weston-imx i.MX variant is now used when + imx-gpu-viv is enabled + + pkgconf: Update to 1.5.3, which brings support for + --define-prefix (used by GStreamer) + + Add host-python3-setuptools package to handle host python + packages needing python3 with setuptools support. + + + New defconfigs: Aarch64 EFI, Orangepi one plus, Orangepi lite + 2, QEMU RISC-V 32bit virt, Rock64 + + + New packages: brcm-patchram-plus, clinfo, cunit, docker-cli, + erlang-p1-eimp, exempi, fail2ban, fftw-double, + fftw-double-long, fftw-quad, fftw-single, gerbera, grpc, + gst1-shark, intel-gmmlib, iwd, kf5-kcoreaddons, libeastl, + libpackagekite, libtorrent-rasterbar, lua-std-debug, + lua-std-normalize, mini-snmpd, netsurf, pamtester, pcm-tools, + python-aiodns, python-aiohttp, python-aiohttp-jinja2, + python-aiohttp-remotes, python-aiohttp-security, + python-aiohttp-session, python-aiohttpd-sse, python-aiojobs, + python-cchardet, python-pycares, python-sentry-sdk, + python-wtforms, python3-setuptools, rcw, rtc-tools, shim, + utp_com, vmtouch, websocketpp + + Removed packages: fftw, lua 5.2.x, luacrypto, mongodb, + perl-time-hires, python-pyqt, qt, qtuio, tn5250 + 2018.11.2, Released January 30th, 2019 Important / security related fixes. From 7fe3741bc4197f6bff48236f357f5db1269586c7 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Tue, 12 Feb 2019 14:13:04 +0200 Subject: [PATCH 13/31] openssh: add upstream security fixes CVE-2019-6109: Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6111: Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- ...e-scp-filenames-via-snmprintf.-To-do.patch | 275 ++++++++++++++++++ ...n-scp-client-that-filenames-sent-dur.patch | 186 ++++++++++++ 2 files changed, 461 insertions(+) create mode 100644 package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch create mode 100644 package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch diff --git a/package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch b/package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch new file mode 100644 index 0000000000..e5d137ef11 --- /dev/null +++ b/package/openssh/0002-upstream-Sanitize-scp-filenames-via-snmprintf.-To-do.patch @@ -0,0 +1,275 @@ +From 5979bdfeca813dd7e997a1edb0f928d77ce70304 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Wed, 23 Jan 2019 08:01:46 +0000 +Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we + move + +the progressmeter formatting outside of signal handler context and have the +atomicio callback called for EINTR too. bz#2434 with contributions from djm +and jjelen at redhat.com, ok djm@ + +OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 +Signed-off-by: Baruch Siach +--- +Upstream status (openssh-portable): backported from commit 8976f1c4b27 +--- + atomicio.c | 20 ++++++++++++++----- + progressmeter.c | 53 ++++++++++++++++++++++--------------------------- + progressmeter.h | 3 ++- + scp.c | 1 + + sftp-client.c | 16 ++++++++------- + 5 files changed, 51 insertions(+), 42 deletions(-) + +diff --git a/atomicio.c b/atomicio.c +index f854a06f5f50..d91bd7621c12 100644 +--- a/atomicio.c ++++ b/atomicio.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ ++/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2006 Damien Miller. All rights reserved. + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. +@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + res = (f) (fd, s + pos, n - pos); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READ_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + res = (f) (fd, iov, iovcnt); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READV_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +diff --git a/progressmeter.c b/progressmeter.c +index fe9bf52e4c90..add462dde500 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -31,6 +31,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -39,6 +40,7 @@ + #include "progressmeter.h" + #include "atomicio.h" + #include "misc.h" ++#include "utf8.h" + + #define DEFAULT_WINSIZE 80 + #define MAX_WINSIZE 512 +@@ -61,7 +63,7 @@ static void setscreensize(void); + void refresh_progress_meter(void); + + /* signal handler for updating the progress meter */ +-static void update_progress_meter(int); ++static void sig_alarm(int); + + static double start; /* start progress */ + static double last_update; /* last progress update */ +@@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + static int win_size; /* terminal window size */ + static volatile sig_atomic_t win_resized; /* for window resizing */ ++static volatile sig_atomic_t alarm_fired; + + /* units for format_size */ + static const char unit[] = " KMGT"; +@@ -126,9 +129,17 @@ refresh_progress_meter(void) + off_t bytes_left; + int cur_speed; + int hours, minutes, seconds; +- int i, len; + int file_len; + ++ if ((!alarm_fired && !win_resized) || !can_output()) ++ return; ++ alarm_fired = 0; ++ ++ if (win_resized) { ++ setscreensize(); ++ win_resized = 0; ++ } ++ + transferred = *counter - (cur_pos ? cur_pos : start_pos); + cur_pos = *counter; + now = monotime_double(); +@@ -158,16 +169,11 @@ refresh_progress_meter(void) + + /* filename */ + buf[0] = '\0'; +- file_len = win_size - 35; ++ file_len = win_size - 36; + if (file_len > 0) { +- len = snprintf(buf, file_len + 1, "\r%s", file); +- if (len < 0) +- len = 0; +- if (len >= file_len + 1) +- len = file_len; +- for (i = len; i < file_len; i++) +- buf[i] = ' '; +- buf[file_len] = '\0'; ++ buf[0] = '\r'; ++ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", ++ file_len * -1, file); + } + + /* percent of transfer done */ +@@ -228,22 +234,11 @@ refresh_progress_meter(void) + + /*ARGSUSED*/ + static void +-update_progress_meter(int ignore) ++sig_alarm(int ignore) + { +- int save_errno; +- +- save_errno = errno; +- +- if (win_resized) { +- setscreensize(); +- win_resized = 0; +- } +- if (can_output()) +- refresh_progress_meter(); +- +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); ++ alarm_fired = 1; + alarm(UPDATE_INTERVAL); +- errno = save_errno; + } + + void +@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- if (can_output()) +- refresh_progress_meter(); ++ refresh_progress_meter(); + +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); + alarm(UPDATE_INTERVAL); + } +@@ -286,6 +280,7 @@ stop_progress_meter(void) + static void + sig_winch(int sig) + { ++ signal(SIGWINCH, sig_winch); + win_resized = 1; + } + +diff --git a/progressmeter.h b/progressmeter.h +index bf179dca6518..8f6678060195 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,4 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); ++void refresh_progress_meter(void); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 4f3fdcd3db89..4a342a63873c 100644 +--- a/scp.c ++++ b/scp.c +@@ -585,6 +585,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; ++ refresh_progress_meter(); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 4986d6d8d291..2bc698f868bc 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- bandwidth_limit(bwlimit, amount); ++ refresh_progress_meter(); ++ if (bwlimit != NULL) ++ bandwidth_limit(bwlimit, amount); + return 0; + } + +@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) + iov[1].iov_base = (u_char *)sshbuf_ptr(m); + iov[1].iov_len = sshbuf_len(m); + +- if (atomiciov6(writev, conn->fd_out, iov, 2, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != ++ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != + sshbuf_len(m) + sizeof(mlen)) + fatal("Couldn't send packet: %s", strerror(errno)); + +@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, 4, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, 4, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { ++ if (atomicio6(read, conn->fd_in, p, 4, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { + if (errno == EPIPE || errno == ECONNRESET) + fatal("Connection closed"); + else +@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, msg_len, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) ++ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) + != msg_len) { + if (errno == EPIPE) + fatal("Connection closed"); +-- +2.20.1 + diff --git a/package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch b/package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch new file mode 100644 index 0000000000..98ce5cd876 --- /dev/null +++ b/package/openssh/0003-upstream-check-in-scp-client-that-filenames-sent-dur.patch @@ -0,0 +1,186 @@ +From f853123eda6b279a87be48e18bbea8dec82a94f2 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Sat, 26 Jan 2019 22:41:28 +0000 +Subject: [PATCH] upstream: check in scp client that filenames sent during + +remote->local directory copies satisfy the wildcard specified by the user. + +This checking provides some protection against a malicious server +sending unexpected filenames, but it comes at a risk of rejecting wanted +files due to differences between client and server wildcard expansion rules. + +For this reason, this also adds a new -T flag to disable the check. + +reported by Harry Sintonen +fix approach suggested by markus@; +has been in snaps for ~1wk courtesy deraadt@ + +OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda +Signed-off-by: Baruch Siach +--- +Upstream status (openssh-portable): backported from commit 8976f1c4b2 +--- + scp.1 | 12 +++++++++++- + scp.c | 37 +++++++++++++++++++++++++++++-------- + 2 files changed, 40 insertions(+), 9 deletions(-) + +diff --git a/scp.1 b/scp.1 +index 0e5cc1b2d675..397e7709195a 100644 +--- a/scp.1 ++++ b/scp.1 +@@ -18,7 +18,7 @@ + .Nd secure copy (remote file copy program) + .Sh SYNOPSIS + .Nm scp +-.Op Fl 346BCpqrv ++.Op Fl 346BCpqrTv + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +@@ -208,6 +208,16 @@ to use for the encrypted connection. + The program must understand + .Xr ssh 1 + options. ++.It Fl T ++Disable strict filename checking. ++By default when copying files from a remote host to a local directory ++.Nm ++checks that the received filenames match those requested on the command-line ++to prevent the remote end from sending unexpected or unwanted files. ++Because of differences in how various operating systems and shells interpret ++filename wildcards, these checks may cause wanted files to be rejected. ++This option disables these checks at the expense of fully trusting that ++the server will not send unexpected filenames. + .It Fl v + Verbose mode. + Causes +diff --git a/scp.c b/scp.c +index 4a342a63873c..7b0a08efb274 100644 +--- a/scp.c ++++ b/scp.c +@@ -94,6 +94,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -375,14 +376,14 @@ void verifydir(char *); + struct passwd *pwd; + uid_t userid; + int errs, remin, remout; +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; + + #define CMDNEEDS 64 + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + + int response(void); + void rsource(char *, struct stat *); +-void sink(int, char *[]); ++void sink(int, char *[], const char *); + void source(int, char *[]); + void tolocal(int, char *[]); + void toremote(int, char *[]); +@@ -421,8 +422,9 @@ main(int argc, char **argv) + addargs(&args, "-oRemoteCommand=none"); + addargs(&args, "-oRequestTTY=no"); + +- fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) ++ fflag = Tflag = tflag = 0; ++ while ((ch = getopt(argc, argv, ++ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) { + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -501,9 +503,13 @@ main(int argc, char **argv) + setmode(0, O_BINARY); + #endif + break; ++ case 'T': ++ Tflag = 1; ++ break; + default: + usage(); + } ++ } + argc -= optind; + argv += optind; + +@@ -534,7 +540,7 @@ main(int argc, char **argv) + } + if (tflag) { + /* Receive data. */ +- sink(argc, argv); ++ sink(argc, argv, NULL); + exit(errs != 0); + } + if (argc < 2) +@@ -792,7 +798,7 @@ tolocal(int argc, char **argv) + continue; + } + free(bp); +- sink(1, argv + argc - 1); ++ sink(1, argv + argc - 1, src); + (void) close(remin); + remin = remout = -1; + } +@@ -968,7 +974,7 @@ rsource(char *name, struct stat *statp) + (sizeof(type) != 4 && sizeof(type) != 8)) + + void +-sink(int argc, char **argv) ++sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +@@ -984,6 +990,7 @@ sink(int argc, char **argv) + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + + #define atime tv[0] +@@ -1008,6 +1015,17 @@ sink(int argc, char **argv) + (void) atomicio(vwrite, remout, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; ++ if (src != NULL && !iamrecursive && !Tflag) { ++ /* ++ * Prepare to try to restrict incoming filenames to match ++ * the requested destination file glob. ++ */ ++ if ((src_copy = strdup(src)) == NULL) ++ fatal("strdup failed"); ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { ++ *restrict_pattern++ = '\0'; ++ } ++ } + for (first = 1;; first = 0) { + cp = buf; + if (atomicio(read, remin, cp, 1) != 1) +@@ -1112,6 +1130,9 @@ sink(int argc, char **argv) + run_err("error: unexpected filename: %s", cp); + exit(1); + } ++ if (restrict_pattern != NULL && ++ fnmatch(restrict_pattern, cp, 0) != 0) ++ SCREWUP("filename does not match request"); + if (targisdir) { + static char *namebuf; + static size_t cursize; +@@ -1149,7 +1170,7 @@ sink(int argc, char **argv) + goto bad; + } + vect[0] = xstrdup(np); +- sink(1, vect); ++ sink(1, vect, src); + if (setimes) { + setimes = 0; + if (utimes(vect[0], tv) < 0) +-- +2.20.1 + From f60925beda57b67d0ce9c8bd5fc4b237f09e2024 Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Tue, 12 Feb 2019 15:28:27 +0200 Subject: [PATCH 14/31] package/jpeg-turbo: add upstream security fixes CVE-2018-20330: Integer overflow causing segfault occurred when attempting to load a BMP file with more than 1 billion pixels using the `tjLoadImage()` function. CVE-2018-19664: Buffer overrun occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. Cc: Murat Demirten Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- ...-Fix-int-overflow-segfault-w-big-BMP.patch | 51 +++++++++++++++++++ ...on-t-allow-quantization-w-non-RGB-CS.patch | 39 ++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch create mode 100644 package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch diff --git a/package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch b/package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch new file mode 100644 index 0000000000..a10fcf62af --- /dev/null +++ b/package/jpeg-turbo/0001-tjLoadImage-Fix-int-overflow-segfault-w-big-BMP.patch @@ -0,0 +1,51 @@ +From 3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3 Mon Sep 17 00:00:00 2001 +From: DRC +Date: Tue, 1 Jan 2019 18:57:36 -0600 +Subject: [PATCH] tjLoadImage(): Fix int overflow/segfault w/big BMP + +Fixes #304 + +[baruch: drop the ChangeLog.md hunk] +Signed-off-by: Baruch Siach +--- +Upstream status: commit 3d9c64e9f8aa + + ChangeLog.md | 4 ++++ + turbojpeg.c | 9 ++++++--- + 2 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/turbojpeg.c b/turbojpeg.c +index 90a9ce6a0be8..3f7cd640677f 100644 +--- a/turbojpeg.c ++++ b/turbojpeg.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved. ++ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: +@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, + int align, int *height, int *pixelFormat, + int flags) + { +- int retval = 0, tempc, pitch; ++ int retval = 0, tempc; ++ size_t pitch; + tjhandle handle = NULL; + tjinstance *this; + j_compress_ptr cinfo = NULL; +@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, + *pixelFormat = cs2pf[cinfo->in_color_space]; + + pitch = PAD((*width) * tjPixelSize[*pixelFormat], align); +- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) ++ if ((unsigned long long)pitch * (unsigned long long)(*height) > ++ (unsigned long long)((size_t)-1) || ++ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) + _throwg("tjLoadImage(): Memory allocation failure"); + + if (setjmp(this->jerr.setjmp_buffer)) { +-- +2.20.1 + diff --git a/package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch b/package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch new file mode 100644 index 0000000000..3e4e5bd082 --- /dev/null +++ b/package/jpeg-turbo/0002-wrbmp.c-Don-t-allow-quantization-w-non-RGB-CS.patch @@ -0,0 +1,39 @@ +From f8cca819a4fb42aafa5f70df43c45e8c416d716f Mon Sep 17 00:00:00 2001 +From: DRC +Date: Tue, 1 Jan 2019 20:32:40 -0600 +Subject: [PATCH] wrbmp.c: Don't allow quantization w/ non-RGB CS + +If cinfo->quantize_colors == 1, then jpeg_calc_output_dimensions() will +set cinfo->output_components to 1, and if cinfo->out_color_space is not +RGB (or extended RGB), hilarity will ensue. + +Fixes #305 + +[baruch: drop the ChangeLog.md hunk] +Signed-off-by: Baruch Siach +--- +Upstream status: commit f8cca819a4 + + ChangeLog.md | 4 ++++ + wrbmp.c | 5 +++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/wrbmp.c b/wrbmp.c +index 4bf81426b0ef..239f64eb3c3f 100644 +--- a/wrbmp.c ++++ b/wrbmp.c +@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2, + dest->pub.put_pixel_rows = put_gray_rows; + else + dest->pub.put_pixel_rows = put_pixel_rows; +- } else if (cinfo->out_color_space == JCS_RGB565 || +- cinfo->out_color_space == JCS_CMYK) { ++ } else if (!cinfo->quantize_colors && ++ (cinfo->out_color_space == JCS_RGB565 || ++ cinfo->out_color_space == JCS_CMYK)) { + dest->pub.put_pixel_rows = put_pixel_rows; + } else { + ERREXIT(cinfo, JERR_BMP_COLORSPACE); +-- +2.20.1 + From 886f3109a55dccab3fac884d5f0fecd767edd4f0 Mon Sep 17 00:00:00 2001 From: Matt Weber Date: Tue, 12 Feb 2019 08:36:30 -0600 Subject: [PATCH 15/31] package/sqlcipher: force libopenssl v3.2.0 has a bug in the configure step which causes it to fail when being built against libressl. As libopenssl is selected as the default, the autobuilders have not uncovered this failure. The issue has been confirmed in LTS 2018.02.10 (probably broken prior to that as well) and is not related to the Openssl bump to 1.1.x. Thread with more details http://lists.busybox.net/pipermail/buildroot/2019-February/243133.html Signed-off-by: Matthew Weber Signed-off-by: Peter Korsgaard --- package/sqlcipher/Config.in | 1 + 1 file changed, 1 insertion(+) diff --git a/package/sqlcipher/Config.in b/package/sqlcipher/Config.in index 332754b15a..b26bc7709f 100644 --- a/package/sqlcipher/Config.in +++ b/package/sqlcipher/Config.in @@ -3,6 +3,7 @@ config BR2_PACKAGE_SQLCIPHER depends on !BR2_PACKAGE_SQLITE depends on BR2_TOOLCHAIN_HAS_THREADS select BR2_PACKAGE_OPENSSL + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL help SQLCipher is an SQLite extension that provides 256 bits AES encryption of database files. Note that it is a fork of From 9f1256e1aae0a1e91e033d51b968415adec117bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Delattre?= Date: Tue, 12 Feb 2019 18:05:15 +0100 Subject: [PATCH 16/31] board/pc: fix typo in board/pc/post-build.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Grégoire Delattre Signed-off-by: Peter Korsgaard --- board/pc/post-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/board/pc/post-build.sh b/board/pc/post-build.sh index 346f29ab6a..b245cc00c6 100755 --- a/board/pc/post-build.sh +++ b/board/pc/post-build.sh @@ -7,4 +7,4 @@ BOARD_DIR=$(dirname "$0") cp -f "$BOARD_DIR/grub-bios.cfg" "$TARGET_DIR/boot/grub/grub.cfg" # Copy grub 1st stage to binaries, required for genimage -cp -f "$HOST_DIR/lib/grub/i387-pc/boot.img" "$BINARIES_DIR" +cp -f "$HOST_DIR/lib/grub/i386-pc/boot.img" "$BINARIES_DIR" From 0526c9f7819722b2deebf7a15821689ac4ead56a Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Tue, 12 Feb 2019 18:57:29 +0200 Subject: [PATCH 17/31] package/libarchive: add upstream security fixes CVE-2019-1000019: Crash when parsing some 7zip archives. CVE-2019-1000020: A corrupted or malicious ISO9660 image can cause read_CE() to loop forever. Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- ...n-expected-Rockridge-extensions-is-m.patch | 62 +++++++++++++++++++ ...-crash-when-parsing-certain-archives.patch | 62 +++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch create mode 100644 package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch diff --git a/package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch b/package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch new file mode 100644 index 0000000000..bd36ce4b53 --- /dev/null +++ b/package/libarchive/0005-iso9660-Fail-when-expected-Rockridge-extensions-is-m.patch @@ -0,0 +1,62 @@ +From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 1 Jan 2019 17:10:49 +1100 +Subject: [PATCH] iso9660: Fail when expected Rockridge extensions is missing + +A corrupted or malicious ISO9660 image can cause read_CE() to loop +forever. + +read_CE() calls parse_rockridge(), expecting a Rockridge extension +to be read. However, parse_rockridge() is structured as a while +loop starting with a sanity check, and if the sanity check fails +before the loop has run, the function returns ARCHIVE_OK without +advancing the position in the file. This causes read_CE() to retry +indefinitely. + +Make parse_rockridge() return ARCHIVE_WARN if it didn't read an +extension. As someone with no real knowledge of the format, this +seems more apt than ARCHIVE_FATAL, but both the call-sites escalate +it to a fatal error immediately anyway. + +Found with a combination of AFL, afl-rb (FairFuzz) and qsym. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 8312eaa57601 + + libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c +index 28acfefbba8a..bad8f1dfef3a 100644 +--- a/libarchive/archive_read_support_format_iso9660.c ++++ b/libarchive/archive_read_support_format_iso9660.c +@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file, + const unsigned char *p, const unsigned char *end) + { + struct iso9660 *iso9660; ++ int entry_seen = 0; + + iso9660 = (struct iso9660 *)(a->format->data); + +@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file, + } + + p += p[2]; ++ entry_seen = 1; ++ } ++ ++ if (entry_seen) ++ return (ARCHIVE_OK); ++ else { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Tried to parse Rockridge extensions, but none found"); ++ return (ARCHIVE_WARN); + } +- return (ARCHIVE_OK); + } + + static int +-- +2.20.1 + diff --git a/package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch b/package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch new file mode 100644 index 0000000000..bad33d9526 --- /dev/null +++ b/package/libarchive/0006-7zip-fix-crash-when-parsing-certain-archives.patch @@ -0,0 +1,62 @@ +From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Tue, 1 Jan 2019 16:01:40 +1100 +Subject: [PATCH] 7zip: fix crash when parsing certain archives + +Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data() +would sometimes fail to return at least 'minimum' bytes. This can cause +the crc32() invocation in header_bytes to read off into invalid memory. + +A specially crafted archive can use this to cause a crash. + +An ASAN trace is below, but ASAN is not required - an uninstrumented +binary will also crash. + +==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0) +==7719==The signal is caused by a READ memory access. + #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c) + #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb) + #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156) + #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134) + #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690) + #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7) + #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63) + #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd) + #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f) + #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be) + #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb) + #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 + #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09) + +This was primarly done with afl and FairFuzz. Some early corpus entries +may have been generated by qsym. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 65a23f5dbee + + libarchive/archive_read_support_format_7zip.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c +index bccbf896603b..b6d1505d372e 100644 +--- a/libarchive/archive_read_support_format_7zip.c ++++ b/libarchive/archive_read_support_format_7zip.c +@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size, + if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) { + /* Copy mode. */ + +- /* +- * Note: '1' here is a performance optimization. +- * Recall that the decompression layer returns a count of +- * available bytes; asking for more than that forces the +- * decompressor to combine reads by copying data. +- */ +- *buff = __archive_read_ahead(a, 1, &bytes_avail); ++ *buff = __archive_read_ahead(a, minimum, &bytes_avail); + if (bytes_avail <= 0) { + archive_set_error(&a->archive, + ARCHIVE_ERRNO_FILE_FORMAT, +-- +2.20.1 + From 2e060d64e21a8f4dd8943acdbc3e1e563df13aba Mon Sep 17 00:00:00 2001 From: Baruch Siach Date: Tue, 12 Feb 2019 20:42:20 +0200 Subject: [PATCH 18/31] package/ghostscript: add upstream security fixes CVE-2019-6116: Remote code execution. https://www.openwall.com/lists/oss-security/2019/01/23/5 Cc: Bernd Kuhls Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard --- ...nitize-op-stack-for-error-conditions.patch | 176 ++++++ ...rocedures-that-call-.force-operators.patch | 441 +++++++++++++ ...700317-Fix-logic-for-an-older-change.patch | 31 + ...Harden-some-uses-of-.force-operators.patch | 135 ++++ ...-bunch-of-gs_fonts.ps-specific-procs.patch | 587 ++++++++++++++++++ ....forcedef-and-harden-.force-ops-more.patch | 345 ++++++++++ 6 files changed, 1715 insertions(+) create mode 100644 package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch create mode 100644 package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch create mode 100644 package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch create mode 100644 package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch create mode 100644 package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch create mode 100644 package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch diff --git a/package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch b/package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch new file mode 100644 index 0000000000..7909cfec70 --- /dev/null +++ b/package/ghostscript/0002-Sanitize-op-stack-for-error-conditions.patch @@ -0,0 +1,176 @@ +From a1de1e6ab51ab37a17975aad1193f2523e7e7e84 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 5 Dec 2018 12:22:13 +0000 +Subject: [PATCH] Sanitize op stack for error conditions + +We save the stacks to an array and store the array for the error handler to +access. + +For SAFER, we traverse the array, and deep copy any op arrays (procedures). As +we make these copies, we check for operators that do *not* exist in systemdict, +when we find one, we replace the operator with a name object (of the form +"/--opname--"). + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 13b0a36f818 + + psi/int.mak | 3 +- + psi/interp.c | 8 ++++++ + psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + psi/istack.h | 3 ++ + 4 files changed, 91 insertions(+), 1 deletion(-) + +diff --git a/psi/int.mak b/psi/int.mak +index 6ab5bf0069dd..6b349cb042dd 100644 +--- a/psi/int.mak ++++ b/psi/int.mak +@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\ + $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\ + $(ierrors_h) $(gsstruct_h) $(gsutil_h)\ + $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\ +- $(store_h) $(INT_MAK) $(MAKEDIRS) ++ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \ ++ $(INT_MAK) $(MAKEDIRS) + $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c + + $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\ +diff --git a/psi/interp.c b/psi/interp.c +index 6dc0ddae1b3c..aa5779c51420 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + uint size = ref_stack_count(pstack) - skip; + uint save_space = ialloc_space(idmemory); + int code, i; ++ ref *safety, *safe; + + if (size > 65535) + size = 65535; +@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) + make_null(&arr->value.refs[i]); + } + } ++ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 && ++ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) && ++ safe->value.boolval == true) { ++ code = ref_stack_array_sanitize(i_ctx_p, arr, arr); ++ if (code < 0) ++ return code; ++ } + ialloc_set_space(idmemory, save_space); + return code; + } +diff --git a/psi/istack.c b/psi/istack.c +index 8fe151fa5628..f1a3e511534d 100644 +--- a/psi/istack.c ++++ b/psi/istack.c +@@ -27,6 +27,10 @@ + #include "iutil.h" + #include "ivmspace.h" /* for local/global test */ + #include "store.h" ++#include "icstate.h" ++#include "iname.h" ++#include "dstack.h" ++#include "idict.h" + + /* Forward references */ + static void init_block(ref_stack_t *pstack, const ref *pblock_array, +@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count, + return 0; + } + ++int ++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr) ++{ ++ int i, code; ++ ref obj, arr2; ++ ref *pobj2; ++ gs_memory_t *mem = (gs_memory_t *)idmemory->current; ++ ++ if (!r_is_array(sarr) || !r_has_type(darr, t_array)) ++ return_error(gs_error_typecheck); ++ ++ for (i = 0; i < r_size(sarr); i++) { ++ code = array_get(mem, sarr, i, &obj); ++ if (code < 0) ++ make_null(&obj); ++ switch(r_type(&obj)) { ++ case t_operator: ++ { ++ int index = op_index(&obj); ++ ++ if (index > 0 && index < op_def_count) { ++ const byte *data = (const byte *)(op_index_def(index)->oname + 1); ++ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) { ++ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize"); ++ if (s) { ++ s[0] = '\0'; ++ strcpy((char *)s, "--"); ++ strcpy((char *)s + 2, (char *)data); ++ strcpy((char *)s + strlen((char *)data) + 2, "--"); ++ } ++ else { ++ s = (byte *)data; ++ } ++ code = name_ref(imemory, s, strlen((char *)s), &obj, 1); ++ if (code < 0) make_null(&obj); ++ if (s != data) ++ gs_free_object(mem, s, "ref_stack_array_sanitize"); ++ } ++ } ++ else { ++ make_null(&obj); ++ } ++ ref_assign(darr->value.refs + i, &obj); ++ break; ++ } ++ case t_array: ++ case t_shortarray: ++ case t_mixedarray: ++ { ++ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable); ++ /* We only want to copy executable arrays */ ++ if (attrs & (a_execute | a_executable)) { ++ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize"); ++ if (code < 0) { ++ make_null(&arr2); ++ } ++ else { ++ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2); ++ } ++ ref_assign(darr->value.refs + i, &arr2); ++ } ++ else { ++ ref_assign(darr->value.refs + i, &obj); ++ } ++ break; ++ } ++ default: ++ ref_assign(darr->value.refs + i, &obj); ++ } ++ } ++ return 0; ++} ++ ++ + /* + * Store the top 'count' elements of a stack, starting 'skip' elements below + * the top, into an array, with or without store/undo checking. age=-1 for +diff --git a/psi/istack.h b/psi/istack.h +index 051dcbe216cf..54be405adfb3 100644 +--- a/psi/istack.h ++++ b/psi/istack.h +@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count, + uint skip, int age, bool check, + gs_dual_memory_t *idmem, client_name_t cname); + ++int ++ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr); ++ + /* + * Pop the top N elements off a stack. + * The number must not exceed the number of elements in use. +-- +2.20.1 + diff --git a/package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch b/package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch new file mode 100644 index 0000000000..f4c1db11f0 --- /dev/null +++ b/package/ghostscript/0003-Any-transient-procedures-that-call-.force-operators.patch @@ -0,0 +1,441 @@ +From f0397dbfbe5eea325613ff375b30eb0db5551ffe Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Thu, 13 Dec 2018 15:28:34 +0000 +Subject: [PATCH] Any transient procedures that call .force* operators + +(i.e. for conditionals or loops) make them executeonly. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 2db98f9c661 + + Resource/Init/gs_diskn.ps | 2 +- + Resource/Init/gs_dps1.ps | 4 ++-- + Resource/Init/gs_fntem.ps | 4 ++-- + Resource/Init/gs_fonts.ps | 12 ++++++------ + Resource/Init/gs_init.ps | 4 ++-- + Resource/Init/gs_lev2.ps | 11 ++++++----- + Resource/Init/gs_pdfwr.ps | 2 +- + Resource/Init/gs_res.ps | 4 ++-- + Resource/Init/gs_setpd.ps | 2 +- + Resource/Init/pdf_base.ps | 13 ++++++++----- + Resource/Init/pdf_draw.ps | 16 +++++++++------- + Resource/Init/pdf_font.ps | 6 +++--- + Resource/Init/pdf_main.ps | 4 ++-- + Resource/Init/pdf_ops.ps | 7 ++++--- + 14 files changed, 49 insertions(+), 42 deletions(-) + +diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps +index fd694bc44b5a..8bf20542040d 100644 +--- a/Resource/Init/gs_diskn.ps ++++ b/Resource/Init/gs_diskn.ps +@@ -51,7 +51,7 @@ systemdict begin + mark 5 1 roll ] mark exch { { } forall } forall ] + //systemdict /.searchabledevs 2 index .forceput + exch .setglobal +- } ++ } executeonly + if + } .bind executeonly odef % must be bound and hidden for .forceput + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index ec5db61b9f03..4fae2839940c 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -78,7 +78,7 @@ level2dict begin + .currentglobal + { % Current mode is global; delete from local directory too. + //systemdict /LocalFontDirectory .knownget +- { 1 index .forceundef } % LocalFontDirectory is readonly ++ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly + if + } + { % Current mode is local; if there was a shadowed global +@@ -126,7 +126,7 @@ level2dict begin + } + ifelse + } forall +- pop counttomark 2 idiv { .forceundef } repeat pop % readonly ++ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly + } + if + //SharedFontDirectory exch .forcecopynew pop +diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps +index c1f7651f18cc..6eb672a6840e 100644 +--- a/Resource/Init/gs_fntem.ps ++++ b/Resource/Init/gs_fntem.ps +@@ -401,12 +401,12 @@ currentdict end def + .forceput % FontInfo can be read-only. + pop % bool + exit +- } if ++ } executeonly if + dup /FontInfo get % bool + /GlyphNames2Unicode /Unicode /Decoding findresource + .forceput % FontInfo can be read-only. + exit +- } loop ++ } executeonly loop + exch setglobal + } .bind executeonly odef % must be bound and hidden for .forceput + +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 803faca4918d..290da0cd6819 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + /.setnativefontmapbuilt { % set whether we've been run + dup type /booleantype eq { + systemdict exch /.nativefontmapbuilt exch .forceput +- } ++ } executeonly + {pop} + ifelse + } .bind executeonly odef +@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put + { 2 index gcheck currentglobal + 2 copy eq { + pop pop .forceput +- } { ++ } executeonly { + 5 1 roll setglobal + dup length string copy + .forceput setglobal +- } ifelse ++ } executeonly ifelse + } .bind executeonly odef % must be bound and hidden for .forceput + + % Attempt to load a font from a file. +@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put + .FontDirectory 3 index .forceundef % readonly + 1 index (r) file .loadfont .FontDirectory exch + /.setglobal .systemvar exec +- } ++ } executeonly + { .loadfont .FontDirectory + } + ifelse +@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put + dup 3 index .fontknownget + { dup /PathLoad 4 index .putgstringcopy + 4 1 roll pop pop pop //true exit +- } if ++ } executeonly if + + % Maybe the file had a different FontName. + % See if we can get a FontName from the file, and if so, +@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put + ifelse % Stack: origfontname fontdict + exch pop //true exit + % Stack: fontdict +- } ++ } executeonly + if pop % Stack: origfontname fontdirectory path + } + if pop pop % Stack: origfontname +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index d733124b96d1..56c0bd268b53 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if + % Update the copy of the user parameters. + mark .currentuserparams counttomark 2 idiv { + userparams 3 1 roll .forceput % userparams is read-only +- } repeat pop ++ } executeonly repeat pop + % Turn on idiom recognition, if available. + currentuserparams /IdiomRecognition known { + /IdiomRecognition //true .definepsuserparam +@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if + % Remove real system params from pssystemparams. + mark .currentsystemparams counttomark 2 idiv { + pop pssystemparams exch .forceundef +- } repeat pop ++ } executeonly repeat pop + } if + + % Set up AlignToPixels : +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +index 44fe61956659..0f0d57331c23 100644 +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -154,7 +154,8 @@ end + % protect top level of parameters that we copied + dup type dup /arraytype eq exch /stringtype eq or { readonly } if + /userparams .systemvar 3 1 roll .forceput % userparams is read-only +- } { ++ } executeonly ++ { + pop pop + } ifelse + } forall +@@ -224,7 +225,7 @@ end + % protect top level parameters that we copied + dup type dup /arraytype eq exch /stringtype eq or { readonly } if + //pssystemparams 3 1 roll .forceput % pssystemparams is read-only +- } ++ } executeonly + { pop pop + } + ifelse +@@ -934,7 +935,7 @@ mark + dup /PaintProc get + 1 index /Implementation known not { + 1 index dup /Implementation //null .forceput readonly pop +- } if ++ } executeonly if + exec + }.bind odef + +@@ -958,7 +959,7 @@ mark + dup /PaintProc get + 1 index /Implementation known not { + 1 index dup /Implementation //null .forceput readonly pop +- } if ++ } executeonly if + /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not + %% [CTM] <
> PaintProc .beginform - + { +@@ -1005,7 +1006,7 @@ mark + %% Form dictioanry using the /Implementation key). + 1 dict dup /FormID 4 -1 roll put + 1 index exch /Implementation exch .forceput readonly pop +- } ++ } executeonly + ifelse + } + { +diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps +index 58e75d3a4831..b425103d1cf3 100644 +--- a/Resource/Init/gs_pdfwr.ps ++++ b/Resource/Init/gs_pdfwr.ps +@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef + } ifelse + } bind .makeoperator .forceput + systemdict /.pdf_hooked_DSC_Creator //true .forceput +- } if ++ } executeonly if + pop + } if + } { +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index 8eb8bb0e5829..d9b34599e7c2 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -152,7 +152,7 @@ setglobal + % use .forceput / .forcedef later to replace the dummy, + % empty .Instances dictionary with the real one later. + readonly +- } { ++ }{ + /defineresource cvx /typecheck signaloperror + } ifelse + } bind executeonly odef +@@ -424,7 +424,7 @@ status { + % As noted above, Category dictionaries are read-only, + % so we have to use .forcedef here. + /.Instances 1 index .forcedef % Category dict is read-only +- } if ++ } executeonly if + } + { .LocalInstances dup //.emptydict eq + { pop 3 dict localinstancedict Category 2 index put +diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps +index e22597ebb5f3..7875d1f2f131 100644 +--- a/Resource/Init/gs_setpd.ps ++++ b/Resource/Init/gs_setpd.ps +@@ -634,7 +634,7 @@ NOMEDIAATTRS { + SETPDDEBUG { (Rolling back.) = pstack flush } if + 3 index 2 index 3 -1 roll .forceput + 4 index 1 index .knownget +- { 4 index 3 1 roll .forceput } ++ { 4 index 3 1 roll .forceput } executeonly + { 3 index exch .undef } + ifelse + } bind executeonly odef +diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps +index b45e9803165e..73127296c221 100644 +--- a/Resource/Init/pdf_base.ps ++++ b/Resource/Init/pdf_base.ps +@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef + + /.pdfexectoken { % .pdfexectoken ? + PDFDEBUG { +- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if ++ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if + PDFSTEP { + pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput + PDFSTEPcount 1 gt { + pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput +- } { ++ } executeonly ++ { + dup ==only + ( step # ) print PDFtokencount =only + ( ? ) print flush 1 //false .outputpage + (%stdin) (r) file 255 string readline { + token { + exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput +- } { ++ } executeonly ++ { + pdfdict /PDFSTEPcount 1 .forceput +- } ifelse % token ++ } executeonly ifelse % token + } { + pop /PDFSTEP //false def % EOF on stdin + } ifelse % readline + } ifelse % PDFSTEPcount > 1 +- } { ++ } executeonly ++ { + dup ==only () = flush + } ifelse % PDFSTEP + } if % PDFDEBUG +diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps +index 6b0ba93e1e73..40c6ac80acce 100644 +--- a/Resource/Init/pdf_draw.ps ++++ b/Resource/Init/pdf_draw.ps +@@ -1118,14 +1118,14 @@ currentdict end readonly def + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + end + } ifelse + } loop +@@ -1141,14 +1141,14 @@ currentdict end readonly def + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + pop + +@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef + /IncrementAppearanceNumber { + pdfdict /AppearanceNumber .knownget { + 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput +- }{ ++ } executeonly ++ { + pdfdict /AppearanceNumber 0 .forceput +- } ifelse ++ } executeonly ifelse + }bind executeonly odef + + /MakeAppearanceName { +@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef + %% want to preserve it. + pdfdict /.PreservePDFForm false .forceput + /q cvx /execform cvx 5 -2 roll +- }{ ++ } executeonly ++ { + /q cvx /PDFexecform cvx 5 -2 roll + } ifelse + +diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps +index bea9ea95ad1d..4cd62b9d9bb4 100644 +--- a/Resource/Init/pdf_font.ps ++++ b/Resource/Init/pdf_font.ps +@@ -714,7 +714,7 @@ currentdict end readonly def + pop pop pop + currentdict /.stackdepth .forceundef + currentdict /.dstackdepth .forceundef +- } ++ } executeonly + {pop pop pop} + ifelse + +@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef + (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) + pdfformatwarning + pdfdict /.Qqwarning_issued //true .forceput +- } if ++ } executeonly if + Q + } repeat + Q +@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef + /CIDFallBack /CIDFont findresource + } if + exit +- } if ++ } executeonly if + } if + } if + +diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps +index 00da47a48711..37e69b39ac98 100644 +--- a/Resource/Init/pdf_main.ps ++++ b/Resource/Init/pdf_main.ps +@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + } if + pop +diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps +index 8672d617f363..aa0964139a56 100644 +--- a/Resource/Init/pdf_ops.ps ++++ b/Resource/Init/pdf_ops.ps +@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } + { + currentglobal pdfdict gcheck .setglobal + pdfdict /.Qqwarning_issued //true .forceput + .setglobal + pdfformaterror +- } ifelse ++ } executeonly ifelse + } if + } bind executeonly odef + +@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef + dup type /booleantype eq { + .currentSMask type /dicttype eq { + .currentSMask /Processed 2 index .forceput +- } { ++ } executeonly ++ { + .setSMask + }ifelse + }{ +-- +2.20.1 + diff --git a/package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch b/package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch new file mode 100644 index 0000000000..65ebd44df2 --- /dev/null +++ b/package/ghostscript/0004-Bug700317-Fix-logic-for-an-older-change.patch @@ -0,0 +1,31 @@ +From af9a9dceb7be7df743d55c4d078a1ae846b6f556 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Sat, 15 Dec 2018 09:08:32 +0000 +Subject: [PATCH] Bug700317: Fix logic for an older change + +Unlike almost every other function in gs, dict_find_string() returns 1 on +success 0 or <0 on failure. The logic for this case was wrong. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 99f13091a3 + + psi/interp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/psi/interp.c b/psi/interp.c +index aa5779c51420..f6c45bbe24dc 100644 +--- a/psi/interp.c ++++ b/psi/interp.c +@@ -703,7 +703,7 @@ again: + * i.e. it's an internal operator we have hidden + */ + code = dict_find_string(systemdict, (const char *)bufptr, &tobj); +- if (code < 0) { ++ if (code <= 0) { + buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; + rlen += 4; + bufptr = buf; +-- +2.20.1 + diff --git a/package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch b/package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch new file mode 100644 index 0000000000..f5a70ac467 --- /dev/null +++ b/package/ghostscript/0005-Harden-some-uses-of-.force-operators.patch @@ -0,0 +1,135 @@ +From b197ea0e528c20b7ee67785c50b4e06e0aa990f8 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Tue, 18 Dec 2018 10:42:10 +0000 +Subject: [PATCH] Harden some uses of .force* operators + +by adding a few immediate evalutions + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 59d8f4deef90 + + Resource/Init/gs_dps1.ps | 4 ++-- + Resource/Init/gs_fonts.ps | 20 ++++++++++---------- + Resource/Init/gs_init.ps | 6 +++--- + 3 files changed, 15 insertions(+), 15 deletions(-) + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index 4fae2839940c..b75ea14e77a3 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -74,7 +74,7 @@ level2dict begin + } odef + % undefinefont has to take local/global VM into account. + /undefinefont % undefinefont - +- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly ++ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly + .currentglobal + { % Current mode is global; delete from local directory too. + //systemdict /LocalFontDirectory .knownget +@@ -85,7 +85,7 @@ level2dict begin + % definition, copy it into the local directory. + //systemdict /SharedFontDirectory .knownget + { 1 index .knownget +- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly ++ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly + if + } + if +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index 290da0cd6819..c13a2fcc2d43 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put + if + } + if +- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly + % If the font originated as a resource, register it. + currentfile .currentresourcefile eq { dup .registerfont } if + readonly +@@ -943,7 +943,7 @@ $error /SubstituteFont { } put + % Try to find a font using only the present contents of Fontmap. + /.tryfindfont { % .tryfindfont true + % .tryfindfont false +- .FontDirectory 1 index .fontknownget ++ //.FontDirectory 1 index .fontknownget + { % Already loaded + exch pop //true + } +@@ -975,7 +975,7 @@ $error /SubstituteFont { } put + { % Font with a procedural definition + exec % The procedure will load the font. + % Check to make sure this really happened. +- .FontDirectory 1 index .knownget ++ //.FontDirectory 1 index .knownget + { exch pop //true exit } + if + } +@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put + % because it's different depending on language level. + .currentglobal exch /.setglobal .systemvar exec + % Remove the fake definition, if any. +- .FontDirectory 3 index .forceundef % readonly +- 1 index (r) file .loadfont .FontDirectory exch ++ //.FontDirectory 3 index .forceundef % readonly ++ 1 index (r) file .loadfont //.FontDirectory exch + /.setglobal .systemvar exec + } executeonly +- { .loadfont .FontDirectory ++ { .loadfont //.FontDirectory + } + ifelse + % Stack: fontname fontfilename fontdirectory +@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put + % Stack: origfontname fontdirectory filefontname fontdict + 3 -1 roll pop + % Stack: origfontname filefontname fontdict +- dup /FontName get dup FontDirectory exch .forceundef +- GlobalFontDirectory exch .forceundef ++ dup /FontName get dup //.FontDirectory exch .forceundef ++ /GlobalFontDirectory .systemvar exch .forceundef + dup length dict .copydict dup 3 index /FontName exch put + 2 index exch definefont + exch +@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef + { + { + pop dup type /stringtype eq { cvn } if +- .FontDirectory 1 index known not { ++ //.FontDirectory 1 index known not { + 2 dict dup /FontName 3 index put + dup /FontType 1 put +- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly ++ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly + } { + pop + } ifelse +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index 56c0bd268b53..d9a0829f7f97 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef + }ifelse + }forall + noaccess pop +- systemdict /.setsafeerrors .forceundef +- systemdict /.SAFERERRORLIST .forceundef ++ //systemdict /.setsafeerrors .forceundef ++ //systemdict /.SAFERERRORLIST .forceundef + } bind executeonly odef + + SAFERERRORS {.setsafererrors} if +@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef + + /.locksafe { + .locksafe_userparams +- systemdict /getenv {pop //false} .forceput ++ //systemdict /getenv {pop //false} .forceput + % setpagedevice has the side effect of clearing the page, but + % we will just document that. Using setpagedevice keeps the device + % properties and pagedevice .LockSafetyParams in agreement even +-- +2.20.1 + diff --git a/package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch b/package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch new file mode 100644 index 0000000000..4bbdef9dd1 --- /dev/null +++ b/package/ghostscript/0006-Undefine-a-bunch-of-gs_fonts.ps-specific-procs.patch @@ -0,0 +1,587 @@ +From 5628be1c41d23298aa5fce2f6dd48e2eb81f4be1 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Wed, 9 Jan 2019 14:24:07 +0000 +Subject: [PATCH] Undefine a bunch of gs_fonts.ps specific procs + +Also reorder and add some immediate evaluation, so it still works with the +undefining. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 2768d1a6dddb + + Resource/Init/gs_dps1.ps | 3 +- + Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++----------------- + Resource/Init/gs_res.ps | 6 +- + 3 files changed, 156 insertions(+), 128 deletions(-) + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index b75ea14e77a3..8700c8cb304b 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -67,7 +67,8 @@ level2dict begin + + /selectfont % selectfont - + { +- { 1 .argindex findfont ++ { ++ 1 .argindex findfont + 1 index dup type /arraytype eq { makefont } { scalefont } ifelse + setfont pop pop + } stopped { /selectfont .systemvar $error /errorname get signalerror } if +diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps +index c13a2fcc2d43..056223544340 100644 +--- a/Resource/Init/gs_fonts.ps ++++ b/Resource/Init/gs_fonts.ps +@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put + { 2 index token not + { (Fontmap entry for ) print 1 index =only + ( ends prematurely! Giving up.) = flush +- {.loadFontmap} 0 get 1 .quit ++ {//.loadFontmap exec} 0 get 1 .quit + } if + dup /; eq { pop 3 index 3 1 roll .growput exit } if + pop +@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if + { pop } + { /FONTPATH (GS_FONTPATH) getenv not { () } if def } + ifelse ++ ++% The following are dummy definitions that, if we have a FONTPATH, will ++% be replaced in the following section. ++% They are here so immediately evaulation will work, and allow them to ++% undefined at the bottom of the file. ++/.scanfontbegin{} bind def ++/.scanfontdir {} bind def ++ + FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + /FONTPATH [ FONTPATH .pathlist ] def + +@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + /.scanfontbegin + { % Construct the table of all file names already in Fontmap. + currentglobal //true setglobal +- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength ++ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength + Fontmap + { exch pop + { dup type /stringtype eq +- { .splitfilename pop .fonttempstring copy .lowerstring cvn +- .scanfontdict exch //true put ++ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn ++ //.scanfontdict exch //true put + } + { pop + } +@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + /txt //true + .dicttomark def + /.scan1fontstring 8192 string def +-% %%BeginFont: is not per Adobe documentation, but a few fonts have it. ++% BeginFont: is not per Adobe documentation, but a few fonts have it. + /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def +-0 .scanfontheaders { length .max } forall 6 add % extra for PFB header ++0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header + /.scan1fontfirst exch string def + /.scanfontdir % .scanfontdir - + { currentglobal exch //true setglobal +@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + 0 0 0 4 -1 roll % found scanned files + { % stack: + exch 1 add exch % increment filecount +- dup .splitfilename .fonttempstring copy .lowerstring ++ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec + % stack: + % +- .scanfontskip exch known exch .scanfontdict exch known or ++ //.scanfontskip exch known exch //.scanfontdict exch known or + { pop + % stack: + } +@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + % On some platforms, the file operator will open directories, + % but an error will occur if we try to read from one. + % Handle this possibility here. +- dup .scan1fontfirst { readstring } .internalstopped ++ dup //.scan1fontfirst { readstring } .internalstopped + { pop pop () } + { pop } + ifelse +@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + { dup length 6 sub 6 exch getinterval } + if + % Check for font file headers. +- //false .scanfontheaders ++ //false //.scanfontheaders + { 2 index exch .stringmatch or + } + forall exch pop +@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + { exch copystring exch + DEBUG { ( ) print dup =only flush } if + 1 index .definenativefontmap +- .splitfilename pop //true .scanfontdict 3 1 roll .growput ++ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput + % Increment fontcount. + 3 -1 roll 1 add 3 1 roll + } +@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if + } + ifelse + } +- .scan1fontstring filenameforall ++ //.scan1fontstring filenameforall + QUIET + { pop pop pop } + { ( ) print =only ( files, ) print =only ( scanned, ) print +@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt + //true .setnativefontmapbuilt + } ifelse + } bind def +-currentdict /.setnativefontmapbuilt .forceundef + + % Create the dictionary that registers the .buildfont procedure + % (called by definefont) for each FontType. +@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put + % We use this only for explicitly aliased fonts, not substituted fonts: + % we think this matches the observed behavior of Adobe interpreters. + /.aliasfont % .aliasfont +- { .currentglobal 3 1 roll dup .gcheck .setglobal ++ { ++ currentglobal 3 1 roll dup gcheck setglobal + % + dup length 2 add dict % + dup 3 -1 roll % +@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put + % whose FontName is a local non-string, if someone passed a + % garbage value to findfont. In this case, just don't + % call definefont at all. +- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or ++ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or + { pop % + 1 index dup type /stringtype eq { cvn } if + % +@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put + % Don't bind in definefont, since Level 2 redefines it. + /definefont .systemvar exec + } +- { /findfont cvx {.completefont} .errorexec pop exch pop ++ { ++ /findfont cvx {.completefont} //.errorexec exec pop exch pop + } + ifelse +- exch .setglobal ++ exch setglobal + } odef % so findfont will bind it + + % Define .loadfontfile for loading a font. If we recognize Type 1 and/or +@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put + [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4] + [(Serif) 8] [(Sans) -8] + ] readonly def ++ ++/.fontnamestring { % .fontnamestring ++ dup type dup /nametype eq { ++ pop .namestring ++ } { ++ /stringtype ne { pop () } if ++ } ifelse ++} bind def ++ + /.fontnameproperties { % .fontnameproperties + % +- .fontnamestring +- .substituteproperties { ++ //.fontnamestring exec ++ //.substituteproperties { + 2 copy 0 get search { + pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch { + dup 0 ge { or } { neg not and } ifelse +@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put + % .nametostring + dup type /nametype eq { .namestring } if + } bind def +-/.fontnamestring { % .fontnamestring +- dup type dup /nametype eq { +- pop .namestring +- } { +- /stringtype ne { pop () } if +- } ifelse +-} bind def ++ + /.substitutefontname { % .substitutefontname + % + % Look for properties and/or a face name in the font name. +@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put + % base font; otherwise, use the default font. + % Note that the "substituted" font name may be the same as + % the requested one; the caller must check this. +- exch .fontnamestring { ++ exch //.fontnamestring exec { + defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique + /Helvetica-Narrow /Helvetica-Narrow-Oblique + /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique +@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put + } 3 1 roll + % Stack: facelist properties fontname + % Look for a face name. +- .substitutefaces { ++ //.substitutefaces { + 2 copy 0 get search { + pop pop pop + % Stack: facelist properties fontname [(pattern) family properties] + dup 2 get 4 -1 roll or 3 1 roll +- 1 get .substitutefamilies exch get ++ 1 get //.substitutefamilies exch get + 4 -1 roll pop 3 1 roll + } { + pop pop +@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put + 1 index length mod get exec + } bind def + /.substitutefont { % .substitutefont +- dup 0 exch .fontnameproperties .substitutefontname ++ dup 0 exch //.fontnameproperties exec .substitutefontname + % Only accept fonts known in the Fontmap. + Fontmap 1 index known not + { +@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if + counttomark 1 sub { .aliasfont } repeat end + % mark + exch pop exch pop +-} odef ++} bind odef + /findfont { + .findfont + } bind def +@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if + } { + dup .substitutefont + 2 copy eq { pop defaultfontname } if +- .checkalias ++ //.checkalias exec + QUIET not { + SHORTERRORS { + (%%[) print 1 index =only +@@ -886,8 +898,8 @@ $error /SubstituteFont { } put + //null 0 1 FONTPATH length 1 sub { + FONTPATH 1 index get //null ne { exch pop exit } if pop + } for dup //null ne { +- dup 0 eq { .scanfontbegin } if +- FONTPATH 1 index get .scanfontdir ++ dup 0 eq { //.scanfontbegin exec} if ++ FONTPATH 1 index get //.scanfontdir exec + FONTPATH exch //null put //true + } { + pop //false +@@ -897,11 +909,10 @@ $error /SubstituteFont { } put + % scanning of FONTPATH. + /.dofindfont { % mark .dofindfont % mark ... + .tryfindfont not { +- + % We didn't find the font. If we haven't scanned + % all the directories in FONTPATH, scan the next one + % now and look for the font again. +- .scannextfontdir { ++ //.scannextfontdir exec { + % Start over with an empty alias list. + counttomark 1 sub { pop } repeat % mark + .dofindfont +@@ -927,6 +938,7 @@ $error /SubstituteFont { } put + } if + % Substitute for the font. Don't alias. + % Same stack as at the beginning of .dofindfont. ++ + $error /SubstituteFont get exec + % + % igorm: I guess the surrounding code assumes that .stdsubstfont +@@ -935,72 +947,11 @@ $error /SubstituteFont { } put + % used in .dofindfont and through .stdsubstfont + % just to represent a simple iteration, + % which accumulates the aliases after the mark. +- .stdsubstfont ++ //.stdsubstfont exec + } ifelse + } ifelse + } if + } bind def +-% Try to find a font using only the present contents of Fontmap. +-/.tryfindfont { % .tryfindfont true +- % .tryfindfont false +- //.FontDirectory 1 index .fontknownget +- { % Already loaded +- exch pop //true +- } +- { +- dup Fontmap exch .knownget +- { //true //true } +- { % Unknown font name. Look for a file with the +- % same name as the requested font. +- dup .tryloadfont +- { exch pop //true //false } +- { +- % if we can't load by name check the native font map +- dup .nativeFontmap exch .knownget +- { //true //true } +- { //false //false } ifelse +- } ifelse +- } ifelse +- +- { % Try each element of the Fontmap in turn. +- pop +- //false exch % (in case we exhaust the list) +- % Stack: fontname false fontmaplist +- { exch pop +- dup type /nametype eq +- { % Font alias +- .checkalias .tryfindfont exit +- } +- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and +- { % Font with a procedural definition +- exec % The procedure will load the font. +- % Check to make sure this really happened. +- //.FontDirectory 1 index .knownget +- { exch pop //true exit } +- if +- } +- { % Font file name +- //true .loadfontloop { //true exit } if +- } +- ifelse +- } +- ifelse //false +- } +- forall +- % Stack: font true -or- fontname false +- { //true +- } +- { % None of the Fontmap entries worked. +- % Try loading a file with the same name +- % as the requested font. +- .tryloadfont +- } +- ifelse +- } +- if +- } +- ifelse +- } bind def + + % any user of .putgstringcopy must use bind and executeonly + /.putgstringcopy % .putgstringcopy - +@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put + } executeonly ifelse + } .bind executeonly odef % must be bound and hidden for .forceput + +-% Attempt to load a font from a file. +-/.tryloadfont { % .tryloadfont true +- % .tryloadfont false +- dup .nametostring +- % Hack: check for the presence of the resource machinery. +- /.genericrfn where { +- pop +- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn +- {//false .loadfontloop} .internalstopped {//false} if { +- //true +- } { +- dup .nametostring +- {//true .loadfontloop} .internalstopped {//false} if +- } ifelse +- } { +- {//true .loadfontloop} .internalstopped {//false} if +- } ifelse +-} bind def +- + /.loadfontloop { % .loadfontloop + % true + % -or- +@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put + } if + + % Check to make sure the font was actually loaded. +- dup 3 index .fontknownget ++ dup 3 index //.fontknownget exec + { dup /PathLoad 4 index .putgstringcopy + 4 1 roll pop pop pop //true exit + } executeonly if +@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put + exch dup % Stack: origfontname fontdirectory path path + (r) file .findfontname + { % Stack: origfontname fontdirectory path filefontname +- 2 index 1 index .fontknownget ++ 2 index 1 index //.fontknownget exec + { % Yes. Stack: origfontname fontdirectory path filefontname fontdict + dup 4 -1 roll /PathLoad exch .putgstringcopy + % Stack: origfontname fontdirectory filefontname fontdict +@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put + % Stack: fontdict + } executeonly + if pop % Stack: origfontname fontdirectory path +- } ++ } executeonly + if pop pop % Stack: origfontname + + % The font definitely did not load correctly. +@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put + + } bind executeonly odef % must be bound and hidden for .putgstringcopy + +-currentdict /.putgstringcopy .undef ++% Attempt to load a font from a file. ++/.tryloadfont { % .tryloadfont true ++ % .tryloadfont false ++ dup //.nametostring exec ++ % Hack: check for the presence of the resource machinery. ++ /.genericrfn where { ++ pop ++ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn ++ {//false .loadfontloop} .internalstopped {//false} if { ++ //true ++ } { ++ dup //.nametostring exec ++ {//true .loadfontloop} .internalstopped {//false} if ++ } ifelse ++ } { ++ {//true .loadfontloop} .internalstopped {//false} if ++ } ifelse ++} bind def ++ ++% Try to find a font using only the present contents of Fontmap. ++/.tryfindfont { % .tryfindfont true ++ % .tryfindfont false ++ //.FontDirectory 1 index //.fontknownget exec ++ { % Already loaded ++ exch pop //true ++ } ++ { ++ dup Fontmap exch .knownget ++ { //true //true } ++ { % Unknown font name. Look for a file with the ++ % same name as the requested font. ++ dup //.tryloadfont exec ++ { exch pop //true //false } ++ { ++ % if we can't load by name check the native font map ++ dup .nativeFontmap exch .knownget ++ { //true //true } ++ { //false //false } ifelse ++ } ifelse ++ } ifelse ++ ++ { % Try each element of the Fontmap in turn. ++ pop ++ //false exch % (in case we exhaust the list) ++ % Stack: fontname false fontmaplist ++ { exch pop ++ dup type /nametype eq ++ { % Font alias ++ //.checkalias exec ++ .tryfindfont exit ++ } ++ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and ++ { % Font with a procedural definition ++ exec % The procedure will load the font. ++ % Check to make sure this really happened. ++ //.FontDirectory 1 index .knownget ++ { exch pop //true exit } ++ if ++ } ++ { % Font file name ++ //true .loadfontloop { //true exit } if ++ } ++ ifelse ++ } ++ ifelse //false ++ } ++ forall ++ % Stack: font true -or- fontname false ++ { //true ++ } ++ { % None of the Fontmap entries worked. ++ % Try loading a file with the same name ++ % as the requested font. ++ //.tryloadfont exec ++ } ++ ifelse ++ } ++ if ++ } ++ ifelse ++ } bind def + + % Define a procedure to load all known fonts. + % This isn't likely to be very useful. +@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined + /.loadinitialfonts + { NOFONTMAP not + { /FONTMAP where +- { pop [ FONTMAP .pathlist ] ++ { pop [ FONTMAP //.pathlist exec] + { dup VMDEBUG findlibfile +- { exch pop .loadFontmap } ++ { exch pop //.loadFontmap exec } + { /undefinedfilename signalerror } + ifelse + } +@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined + pop pop + defaultfontmap_content { .definefontmap } forall + } { +- .loadFontmap ++ //.loadFontmap exec + } ifelse + } { + pop pop +@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined + { .makemodifiedfont + dup /FontName get exch definefont pop + } bind def ++ ++% Undef these, not needed outside this file ++[ ++ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there ++ % /.fontnameproperties - is used in pdf_font.ps ++ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps ++ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring ++ /.splitfilename /.scanfontdict /.scanfontbegin ++ /.scanfontskip /.scan1fontstring ++ /.scan1fontfirst /.scanfontdir ++ /.setnativefontmapbuilt /.aliasfont ++ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies ++ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont ++ /.putgstringcopy ++] {systemdict exch .forceundef} forall +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index d9b34599e7c2..fd7eaf953ae9 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put + dup type /nametype eq { .namestring } if + dup type /stringtype ne { //false exit } if + % Check the resource directory. +- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn ++ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn + status { + pop pop pop pop //true exit + } if +@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put + % as the font. + findlibfile { closefile //true exit } if + % Scan a FONTPATH directory and try again. +- .scannextfontdir not { //false exit } if ++ //.scannextfontdir exec not { //false exit } if + } loop + } bind def + +@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef + } ifelse + } bind executeonly + /ResourceForAll { +- { .scannextfontdir not { exit } if } loop ++ { //.scannextfontdir exec not { exit } if } loop + /Generic /Category findresource /ResourceForAll get exec + } bind executeonly + /.ResourceFileStatus { +-- +2.20.1 + diff --git a/package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch b/package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch new file mode 100644 index 0000000000..8c21c34ede --- /dev/null +++ b/package/ghostscript/0007-Remove-.forcedef-and-harden-.force-ops-more.patch @@ -0,0 +1,345 @@ +From ba2336b3b1ca5cfe1e67dbe37a084c9644a65ac7 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 11 Jan 2019 13:36:36 +0000 +Subject: [PATCH] Remove .forcedef, and harden .force* ops more + +Remove .forcedef and replace all uses with a direct call to .forceput instead. + +Ensure every procedure (named and trasient) that calls .forceput is +executeonly. + +Signed-off-by: Baruch Siach +--- +Upstream status: commit 49c8092da88e + + Resource/Init/gs_dps1.ps | 15 +++++++----- + Resource/Init/gs_init.ps | 28 ++++++++------------- + Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++-------------------- + Resource/Init/gs_ll3.ps | 5 ++-- + Resource/Init/gs_res.ps | 29 +++++++++++----------- + Resource/Init/gs_statd.ps | 4 +-- + 6 files changed, 63 insertions(+), 69 deletions(-) + +diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps +index 8700c8cb304b..3d2cf7a1ad01 100644 +--- a/Resource/Init/gs_dps1.ps ++++ b/Resource/Init/gs_dps1.ps +@@ -33,14 +33,17 @@ systemdict begin + + /SharedFontDirectory .FontDirectory .gcheck + { .currentglobal //false .setglobal ++ currentdict + /LocalFontDirectory .FontDirectory dup maxlength dict copy +- .forcedef % LocalFontDirectory is local, systemdict is global ++ .forceput % LocalFontDirectory is local, systemdict is global + .setglobal .FontDirectory +- } +- { /LocalFontDirectory .FontDirectory +- .forcedef % LocalFontDirectory is local, systemdict is global ++ } executeonly ++ { ++ currentdict ++ /LocalFontDirectory .FontDirectory ++ .forceput % LocalFontDirectory is local, systemdict is global + 50 dict +- } ++ }executeonly + ifelse def + + end % systemdict +@@ -55,7 +58,7 @@ level2dict begin + { //SharedFontDirectory } + { /LocalFontDirectory .systemvar } % can't embed ref to local VM + ifelse .forceput pop % LocalFontDirectory is local, systemdict is global +- } .bind odef ++ } .bind executeonly odef + % Don't just copy (load) the definition of .setglobal: + % it gets redefined for LL3. + /setshared { /.setglobal .systemvar exec } odef +diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps +index d9a0829f7f97..45bebf479bae 100644 +--- a/Resource/Init/gs_init.ps ++++ b/Resource/Init/gs_init.ps +@@ -54,7 +54,7 @@ systemdict exch + dup /userdict + currentdict dup 200 .setmaxlength % userdict + .forceput % userdict is local, systemdict is global +- } ++ } executeonly + if begin + + % Define dummy local/global operators if needed. +@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if + 1 index exch .makeoperator def + } .bind def + +-% Define a special version of def for storing local objects into global +-% dictionaries. Like .forceput, this exists only during initialization. +-/.forcedef { % .forcedef - +- 1 .argindex pop % check # of args +- currentdict 3 1 roll .forceput +-} .bind odef +- + % Define procedures for accessing variables in systemdict and userdict + % regardless of the contents of the dictionary stack. + /.systemvar { % .systemvar +@@ -347,7 +340,7 @@ DELAYBIND + } + ifelse + } .bind def +-} if ++} executeonly if + + %**************** BACKWARD COMPATIBILITY **************** + /hwsizedict mark /HWSize //null .dicttomark readonly def +@@ -655,7 +648,7 @@ currentdict /.typenames .undef + /ifelse .systemvar + ] cvx executeonly + exch .setglobal +-} odef ++} executeonly odef + systemdict /internaldict dup .makeinternaldict .makeoperator + .forceput % proc is local, systemdict is global + +@@ -1093,7 +1086,7 @@ def + + % Define $error. This must be in local VM. + .currentglobal //false .setglobal +-/$error 40 dict .forcedef % $error is local, systemdict is global ++currentdict /$error 40 dict .forceput % $error is local, systemdict is global + % newerror, errorname, command, errorinfo, + % ostack, estack, dstack, recordstacks, + % binary, globalmode, +@@ -1112,8 +1105,8 @@ end + % Define errordict similarly. It has one entry per error name, + % plus handleerror. However, some astonishingly badly written PostScript + % files require it to have at least one empty slot. +-/errordict ErrorNames length 3 add dict +-.forcedef % errordict is local, systemdict is global ++currentdict /errordict ErrorNames length 3 add dict ++.forceput % errordict is local, systemdict is global + .setglobal % back to global VM + % gserrordict contains all the default error handling methods, but unlike + % errordict it is noaccess after creation (also it is in global VM). +@@ -1273,8 +1266,9 @@ end + (END PROCS) VMDEBUG + + % Define the font directory. ++currentdict + /FontDirectory //false .setglobal 100 dict //true .setglobal +-.forcedef % FontDirectory is local, systemdict is global ++.forceput % FontDirectory is local, systemdict is global + + % Define the encoding dictionary. + /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings +@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if + //systemdict /UndefinePostScriptOperators get exec + //systemdict /UndefinePDFOperators get exec + //systemdict /.forcecopynew .forceundef % remove temptation +- //systemdict /.forcedef .forceundef % ditto + //systemdict /.forceput .forceundef % ditto + //systemdict /.undef .forceundef % ditto + //systemdict /.forceundef .forceundef % ditto +@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if + % (and, if implemented, context switching). + .currentglobal //false .setglobal + mark userparams { } forall .dicttomark readonly +- /userparams exch .forcedef % systemdict is read-only ++ currentdict exch /userparams exch .forceput % systemdict is read-only + .setglobal +-} if ++} executeonly if + /.currentsystemparams where { + pop + % Remove real system params from pssystemparams. +@@ -2458,7 +2451,6 @@ end + DELAYBIND not { + systemdict /.bindnow .undef % We only need this for DELAYBIND + systemdict /.forcecopynew .undef % remove temptation +- systemdict /.forcedef .undef % ditto + systemdict /.forceput .undef % ditto + systemdict /.forceundef .undef % ditto + } if +diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps +index 0f0d57331c23..9c0c3a6fc485 100644 +--- a/Resource/Init/gs_lev2.ps ++++ b/Resource/Init/gs_lev2.ps +@@ -304,31 +304,30 @@ end + psuserparams exch /.checkFilePermitparams load put + .setglobal + +-pssystemparams begin +- /CurDisplayList 0 .forcedef +- /CurFormCache 0 .forcedef +- /CurInputDevice () .forcedef +- /CurOutlineCache 0 .forcedef +- /CurOutputDevice () .forcedef +- /CurPatternCache 0 .forcedef +- /CurUPathCache 0 .forcedef +- /CurScreenStorage 0 .forcedef +- /CurSourceList 0 .forcedef +- /DoPrintErrors //false .forcedef +- /JobTimeout 0 .forcedef +- /LicenseID (LN-001) .forcedef % bogus +- /MaxDisplayList 140000 .forcedef +- /MaxFormCache 100000 .forcedef +- /MaxImageBuffer 524288 .forcedef +- /MaxOutlineCache 65000 .forcedef +- /MaxPatternCache 100000 .forcedef +- /MaxUPathCache 300000 .forcedef +- /MaxScreenStorage 84000 .forcedef +- /MaxSourceList 25000 .forcedef +- /PrinterName product .forcedef +- /RamSize 4194304 .forcedef +- /WaitTimeout 40 .forcedef +-end ++pssystemparams ++dup /CurDisplayList 0 .forceput ++dup /CurFormCache 0 .forceput ++dup /CurInputDevice () .forceput ++dup /CurOutlineCache 0 .forceput ++dup /CurOutputDevice () .forceput ++dup /CurPatternCache 0 .forceput ++dup /CurUPathCache 0 .forceput ++dup /CurScreenStorage 0 .forceput ++dup /CurSourceList 0 .forceput ++dup /DoPrintErrors //false .forceput ++dup /JobTimeout 0 .forceput ++dup /LicenseID (LN-001) .forceput % bogus ++dup /MaxDisplayList 140000 .forceput ++dup /MaxFormCache 100000 .forceput ++dup /MaxImageBuffer 524288 .forceput ++dup /MaxOutlineCache 65000 .forceput ++dup /MaxPatternCache 100000 .forceput ++dup /MaxUPathCache 300000 .forceput ++dup /MaxScreenStorage 84000 .forceput ++dup /MaxSourceList 25000 .forceput ++dup /PrinterName product .forceput ++dup /RamSize 4194304 .forceput ++ /WaitTimeout 40 .forceput + + % Define the procedures for handling comment scanning. The names + % %ProcessComment and %ProcessDSCComment are known to the interpreter. +@@ -710,7 +709,7 @@ pop % currentsystemparams + /statusdict currentdict def + + currentdict end +-/statusdict exch .forcedef % statusdict is local, systemdict is global ++currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global + + % The following compatibility operators are in systemdict. They are + % defined here, rather than in gs_init.ps, because they require the +diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps +index c86721f39fc0..881af44e9fd2 100644 +--- a/Resource/Init/gs_ll3.ps ++++ b/Resource/Init/gs_ll3.ps +@@ -521,9 +521,8 @@ end + % Define additional user and system parameters. + /HalftoneMode 0 .definepsuserparam + /MaxSuperScreen 1016 .definepsuserparam +-pssystemparams begin % read-only, so use .forcedef +- /MaxDisplayAndSourceList 160000 .forcedef +-end ++% read-only, so use .forceput ++pssystemparams /MaxDisplayAndSourceList 160000 .forceput + + % Define the IdiomSet resource category. + { /IdiomSet } { +diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps +index fd7eaf953ae9..0b4e0514b2a1 100644 +--- a/Resource/Init/gs_res.ps ++++ b/Resource/Init/gs_res.ps +@@ -41,10 +41,10 @@ level2dict begin + % However, Ed Taft of Adobe says their interpreters don't implement this + % either, so we aren't going to worry about it for a while. + +-currentglobal //false setglobal systemdict begin +- /localinstancedict 5 dict +- .forcedef % localinstancedict is local, systemdict is global +-end //true setglobal ++currentglobal //false setglobal ++ systemdict /localinstancedict 5 dict ++ .forceput % localinstancedict is local, systemdict is global ++//true setglobal + /.emptydict 0 dict readonly def + setglobal + +@@ -149,7 +149,7 @@ setglobal + dup [ exch 0 -1 ] exch + .Instances 4 2 roll put + % Make the Category dictionary read-only. We will have to +- % use .forceput / .forcedef later to replace the dummy, ++ % use .forceput / .forceput later to replace the dummy, + % empty .Instances dictionary with the real one later. + readonly + }{ +@@ -304,7 +304,8 @@ systemdict begin + dup () ne { + .file_name_directory_separator concatstrings + } if +- 2 index exch //false .file_name_combine not { ++ 2 index exch //false ++ .file_name_combine not { + (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print = + /.default_resource_dir cvx /configurationerror signalerror + } if +@@ -317,14 +318,14 @@ currentdict /pssystemparams known not { + pssystemparams begin + .default_resource_dir + /FontResourceDir (Font) .resource_dir_name +- readonly .forcedef % pssys'params is r-o ++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o + /GenericResourceDir () .resource_dir_name +- readonly .forcedef % pssys'params is r-o ++ readonly currentdict 3 1 roll .forceput % pssys'params is r-o + pop % .default_resource_dir + /GenericResourcePathSep +- .file_name_separator readonly .forcedef % pssys'params is r-o +- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o +- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o ++ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o ++ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o ++ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o + end + end + +@@ -422,8 +423,8 @@ status { + .Instances dup //.emptydict eq { + pop 3 dict + % As noted above, Category dictionaries are read-only, +- % so we have to use .forcedef here. +- /.Instances 1 index .forcedef % Category dict is read-only ++ % so we have to use .forceput here. ++ currentdict /.Instances 2 index .forceput % Category dict is read-only + } executeonly if + } + { .LocalInstances dup //.emptydict eq +@@ -441,7 +442,7 @@ status { + { /defineresource cvx /typecheck signaloperror + } + ifelse +-} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef ++} .bind executeonly .makeoperator % executeonly to prevent access to .forceput + /UndefineResource + { { dup 2 index .knownget + { dup 1 get 1 ge +diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps +index 20d4c96c4f8f..b6a76590dd09 100644 +--- a/Resource/Init/gs_statd.ps ++++ b/Resource/Init/gs_statd.ps +@@ -21,10 +21,10 @@ systemdict begin + % We make statusdict a little larger for Level 2 stuff. + % Note that it must be allocated in local VM. + .currentglobal //false .setglobal +- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global ++ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global + % To support the Level 2 job control features, + % serverdict must also be in local VM. +- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global ++ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global + .setglobal + end + +-- +2.20.1 + From 11c55c94da9a51f0448a1ae869065736993e1787 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Tue, 12 Feb 2019 14:15:03 +0100 Subject: [PATCH 19/31] support/testing: build a glibc toolchain for docker / docker-compose tests runc (which is a reverse dependency of docker-engine) is about to gain a !uclibc dependency, so move to a glibc toolchain instead. There are currently no prebuilt x86_64 / core2 / glibc toolchains available, so instead use the internal toolchain backend to build one. While we are at it, drop the infra.basetest.BASIC_TOOLCHAIN_CONFIG reference, as that ARM toolchain configuration doesn't make any sense for this x86-64 based test. add docker / docker-compose tests Signed-off-by: Peter Korsgaard --- .../testing/tests/package/test_docker_compose.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/support/testing/tests/package/test_docker_compose.py b/support/testing/tests/package/test_docker_compose.py index 8bf3ae00b5..de53a3da14 100644 --- a/support/testing/tests/package/test_docker_compose.py +++ b/support/testing/tests/package/test_docker_compose.py @@ -4,19 +4,12 @@ import infra.basetest class TestDockerCompose(infra.basetest.BRTest): - config = infra.basetest.BASIC_TOOLCHAIN_CONFIG + \ + config = \ """ BR2_x86_64=y BR2_x86_core2=y - BR2_TOOLCHAIN_EXTERNAL=y - BR2_TOOLCHAIN_EXTERNAL_CUSTOM=y - BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y - BR2_TOOLCHAIN_EXTERNAL_URL="http://autobuild.buildroot.org/toolchains/tarballs/br-x86-64-core2-full-2018.05.tar.bz2" - BR2_TOOLCHAIN_EXTERNAL_GCC_6=y - BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_16=y - BR2_TOOLCHAIN_EXTERNAL_LOCALE=y - # BR2_TOOLCHAIN_EXTERNAL_HAS_THREADS_DEBUG is not set - BR2_TOOLCHAIN_EXTERNAL_CXX=y + BR2_TOOLCHAIN_BUILDROOT_GLIBC=y + BR2_KERNEL_HEADERS_4_19=y BR2_SYSTEM_DHCP="eth0" BR2_ROOTFS_POST_BUILD_SCRIPT="{}" BR2_ROOTFS_POST_SCRIPT_ARGS="{}" From 6e3f7fbc072c88ab344f2ffa39e402464b566f19 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Tue, 12 Feb 2019 14:15:04 +0100 Subject: [PATCH 20/31] package/runc: add upstream security fix for CVE-2019-5736 The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root within a container in either of these contexts: * Creating a new container using an attacker-controlled image. * Attaching (docker exec) into an existing container which the attacker had previous write access to. For more details, see the advisory: https://www.openwall.com/lists/oss-security/2019/02/11/2 The fix for this issue uses fexecve(3), which isn't available on uClibc, so add a dependency on !uclibc to runc and propagate to the reverse dependencies (containerd/docker-engine). Signed-off-by: Peter Korsgaard --- package/docker-containerd/Config.in | 5 +- package/docker-engine/Config.in | 5 +- ...oc-self-exe-to-avoid-exposing-host-b.patch | 338 ++++++++++++++++++ package/runc/Config.in | 5 +- 4 files changed, 347 insertions(+), 6 deletions(-) create mode 100644 package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch diff --git a/package/docker-containerd/Config.in b/package/docker-containerd/Config.in index 851345f73e..bdb5dd7b80 100644 --- a/package/docker-containerd/Config.in +++ b/package/docker-containerd/Config.in @@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_CONTAINERD depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS depends on BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_PACKAGE_TOOLCHAIN_USES_UCLIBC # runc depends on BR2_USE_MMU # util-linux select BR2_PACKAGE_RUNC # runtime dependency select BR2_PACKAGE_UTIL_LINUX # runtime dependency @@ -27,8 +28,8 @@ config BR2_PACKAGE_DOCKER_CONTAINERD_DRIVER_BTRFS endif -comment "docker-containerd needs a toolchain w/ threads" +comment "docker-containerd needs a glibc or musl toolchain w/ threads" depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS depends on BR2_USE_MMU - depends on !BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC diff --git a/package/docker-engine/Config.in b/package/docker-engine/Config.in index 2a0c130fce..3c97310484 100644 --- a/package/docker-engine/Config.in +++ b/package/docker-engine/Config.in @@ -3,6 +3,7 @@ config BR2_PACKAGE_DOCKER_ENGINE depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS depends on BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_TOOLCHAIN_USES_UCLIBC # docker-containerd -> runc depends on BR2_USE_MMU # docker-containerd select BR2_PACKAGE_DOCKER_CONTAINERD # runtime dependency select BR2_PACKAGE_DOCKER_PROXY # runtime dependency @@ -49,8 +50,8 @@ config BR2_PACKAGE_DOCKER_ENGINE_DRIVER_VFS endif -comment "docker-engine needs a toolchain w/ threads" +comment "docker-engine needs a glibc or musl toolchain w/ threads" depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS - depends on !BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC depends on BR2_USE_MMU diff --git a/package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch b/package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch new file mode 100644 index 0000000000..a0bc7ba300 --- /dev/null +++ b/package/runc/0001-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch @@ -0,0 +1,338 @@ +From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Wed, 9 Jan 2019 13:40:01 +1100 +Subject: [PATCH] nsenter: clone /proc/self/exe to avoid exposing host binary + to container + +There are quite a few circumstances where /proc/self/exe pointing to a +pretty important container binary is a _bad_ thing, so to avoid this we +have to make a copy (preferably doing self-clean-up and not being +writeable). + +We require memfd_create(2) -- though there is an O_TMPFILE fallback -- +but we can always extend this to use a scratch MNT_DETACH overlayfs or +tmpfs. The main downside to this approach is no page-cache sharing for +the runc binary (which overlayfs would give us) but this is far less +complicated. + +This is only done during nsenter so that it happens transparently to the +Go code, and any libcontainer users benefit from it. This also makes +ExtraFiles and --preserve-fds handling trivial (because we don't need to +worry about it). + +Fixes: CVE-2019-5736 +Co-developed-by: Christian Brauner +Signed-off-by: Aleksa Sarai +Signed-off-by: Peter Korsgaard +--- + libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++++++++++ + libcontainer/nsenter/nsexec.c | 11 ++ + 2 files changed, 279 insertions(+) + create mode 100644 libcontainer/nsenter/cloned_binary.c + +diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c +new file mode 100644 +index 00000000..c8a42c23 +--- /dev/null ++++ b/libcontainer/nsenter/cloned_binary.c +@@ -0,0 +1,268 @@ ++/* ++ * Copyright (C) 2019 Aleksa Sarai ++ * Copyright (C) 2019 SUSE LLC ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#define _GNU_SOURCE ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* Use our own wrapper for memfd_create. */ ++#if !defined(SYS_memfd_create) && defined(__NR_memfd_create) ++# define SYS_memfd_create __NR_memfd_create ++#endif ++#ifdef SYS_memfd_create ++# define HAVE_MEMFD_CREATE ++/* memfd_create(2) flags -- copied from . */ ++# ifndef MFD_CLOEXEC ++# define MFD_CLOEXEC 0x0001U ++# define MFD_ALLOW_SEALING 0x0002U ++# endif ++int memfd_create(const char *name, unsigned int flags) ++{ ++ return syscall(SYS_memfd_create, name, flags); ++} ++#endif ++ ++/* This comes directly from . */ ++#ifndef F_LINUX_SPECIFIC_BASE ++# define F_LINUX_SPECIFIC_BASE 1024 ++#endif ++#ifndef F_ADD_SEALS ++# define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) ++# define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) ++#endif ++#ifndef F_SEAL_SEAL ++# define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ ++# define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ ++# define F_SEAL_GROW 0x0004 /* prevent file from growing */ ++# define F_SEAL_WRITE 0x0008 /* prevent writes */ ++#endif ++ ++#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */ ++#ifdef HAVE_MEMFD_CREATE ++# define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe" ++# define RUNC_MEMFD_SEALS \ ++ (F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) ++#endif ++ ++static void *must_realloc(void *ptr, size_t size) ++{ ++ void *old = ptr; ++ do { ++ ptr = realloc(old, size); ++ } while(!ptr); ++ return ptr; ++} ++ ++/* ++ * Verify whether we are currently in a self-cloned program (namely, is ++ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather ++ * for shmem files), and we want to be sure it's actually sealed. ++ */ ++static int is_self_cloned(void) ++{ ++ int fd, ret, is_cloned = 0; ++ ++ fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); ++ if (fd < 0) ++ return -ENOTRECOVERABLE; ++ ++#ifdef HAVE_MEMFD_CREATE ++ ret = fcntl(fd, F_GET_SEALS); ++ is_cloned = (ret == RUNC_MEMFD_SEALS); ++#else ++ struct stat statbuf = {0}; ++ ret = fstat(fd, &statbuf); ++ if (ret >= 0) ++ is_cloned = (statbuf.st_nlink == 0); ++#endif ++ close(fd); ++ return is_cloned; ++} ++ ++/* ++ * Basic wrapper around mmap(2) that gives you the file length so you can ++ * safely treat it as an ordinary buffer. Only gives you read access. ++ */ ++static char *read_file(char *path, size_t *length) ++{ ++ int fd; ++ char buf[4096], *copy = NULL; ++ ++ if (!length) ++ return NULL; ++ ++ fd = open(path, O_RDONLY | O_CLOEXEC); ++ if (fd < 0) ++ return NULL; ++ ++ *length = 0; ++ for (;;) { ++ int n; ++ ++ n = read(fd, buf, sizeof(buf)); ++ if (n < 0) ++ goto error; ++ if (!n) ++ break; ++ ++ copy = must_realloc(copy, (*length + n) * sizeof(*copy)); ++ memcpy(copy + *length, buf, n); ++ *length += n; ++ } ++ close(fd); ++ return copy; ++ ++error: ++ close(fd); ++ free(copy); ++ return NULL; ++} ++ ++/* ++ * A poor-man's version of "xargs -0". Basically parses a given block of ++ * NUL-delimited data, within the given length and adds a pointer to each entry ++ * to the array of pointers. ++ */ ++static int parse_xargs(char *data, int data_length, char ***output) ++{ ++ int num = 0; ++ char *cur = data; ++ ++ if (!data || *output != NULL) ++ return -1; ++ ++ while (cur < data + data_length) { ++ num++; ++ *output = must_realloc(*output, (num + 1) * sizeof(**output)); ++ (*output)[num - 1] = cur; ++ cur += strlen(cur) + 1; ++ } ++ (*output)[num] = NULL; ++ return num; ++} ++ ++/* ++ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ. ++ * This is necessary because we are running in a context where we don't have a ++ * main() that we can just get the arguments from. ++ */ ++static int fetchve(char ***argv, char ***envp) ++{ ++ char *cmdline = NULL, *environ = NULL; ++ size_t cmdline_size, environ_size; ++ ++ cmdline = read_file("/proc/self/cmdline", &cmdline_size); ++ if (!cmdline) ++ goto error; ++ environ = read_file("/proc/self/environ", &environ_size); ++ if (!environ) ++ goto error; ++ ++ if (parse_xargs(cmdline, cmdline_size, argv) <= 0) ++ goto error; ++ if (parse_xargs(environ, environ_size, envp) <= 0) ++ goto error; ++ ++ return 0; ++ ++error: ++ free(environ); ++ free(cmdline); ++ return -EINVAL; ++} ++ ++static int clone_binary(void) ++{ ++ int binfd, memfd; ++ ssize_t sent = 0; ++ ++#ifdef HAVE_MEMFD_CREATE ++ memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING); ++#else ++ memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711); ++#endif ++ if (memfd < 0) ++ return -ENOTRECOVERABLE; ++ ++ binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); ++ if (binfd < 0) ++ goto error; ++ ++ sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX); ++ close(binfd); ++ if (sent < 0) ++ goto error; ++ ++#ifdef HAVE_MEMFD_CREATE ++ int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS); ++ if (err < 0) ++ goto error; ++#else ++ /* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */ ++ int newfd; ++ char *fdpath = NULL; ++ ++ if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0) ++ goto error; ++ newfd = open(fdpath, O_RDONLY | O_CLOEXEC); ++ free(fdpath); ++ if (newfd < 0) ++ goto error; ++ ++ close(memfd); ++ memfd = newfd; ++#endif ++ return memfd; ++ ++error: ++ close(memfd); ++ return -EIO; ++} ++ ++int ensure_cloned_binary(void) ++{ ++ int execfd; ++ char **argv = NULL, **envp = NULL; ++ ++ /* Check that we're not self-cloned, and if we are then bail. */ ++ int cloned = is_self_cloned(); ++ if (cloned > 0 || cloned == -ENOTRECOVERABLE) ++ return cloned; ++ ++ if (fetchve(&argv, &envp) < 0) ++ return -EINVAL; ++ ++ execfd = clone_binary(); ++ if (execfd < 0) ++ return -EIO; ++ ++ fexecve(execfd, argv, envp); ++ return -ENOEXEC; ++} +diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c +index 28269dfc..7750af35 100644 +--- a/libcontainer/nsenter/nsexec.c ++++ b/libcontainer/nsenter/nsexec.c +@@ -534,6 +534,9 @@ void join_namespaces(char *nslist) + free(namespaces); + } + ++/* Defined in cloned_binary.c. */ ++extern int ensure_cloned_binary(void); ++ + void nsexec(void) + { + int pipenum; +@@ -549,6 +552,14 @@ void nsexec(void) + if (pipenum == -1) + return; + ++ /* ++ * We need to re-exec if we are not in a cloned binary. This is necessary ++ * to ensure that containers won't be able to access the host binary ++ * through /proc/self/exe. See CVE-2019-5736. ++ */ ++ if (ensure_cloned_binary() < 0) ++ bail("could not ensure we are a cloned binary"); ++ + /* Parse all of the netlink configuration. */ + nl_parse(pipenum, &config); + +-- +2.11.0 + diff --git a/package/runc/Config.in b/package/runc/Config.in index fd5dee7c5b..47c850ef30 100644 --- a/package/runc/Config.in +++ b/package/runc/Config.in @@ -3,13 +3,14 @@ config BR2_PACKAGE_RUNC depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS depends on BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS depends on BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve help runC is a CLI tool for spawning and running containers according to the OCP specification. https://github.com/opencontainers/runc -comment "runc needs a toolchain w/ threads" +comment "runc needs a glibc or musl toolchain toolchain w/ threads" depends on BR2_PACKAGE_HOST_GO_ARCH_SUPPORTS && \ BR2_PACKAGE_HOST_GO_CGO_LINKING_SUPPORTS - depends on !BR2_TOOLCHAIN_HAS_THREADS + depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAN_USES_UCLIBC From e35fb626991527938078113b8bba07bd1fba9ba0 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 10 Feb 2019 15:26:16 +0100 Subject: [PATCH 21/31] package/libyaml: add host variant host-libyaml is needed for host-python-pyyaml Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/libyaml/libyaml.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/libyaml/libyaml.mk b/package/libyaml/libyaml.mk index 26e318736c..dc7368a168 100644 --- a/package/libyaml/libyaml.mk +++ b/package/libyaml/libyaml.mk @@ -12,3 +12,4 @@ LIBYAML_LICENSE = MIT LIBYAML_LICENSE_FILES = LICENSE $(eval $(autotools-package)) +$(eval $(host-autotools-package)) From 66d618cadacce9a8d66e3f7084610e69067a428f Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 10 Feb 2019 15:26:17 +0100 Subject: [PATCH 22/31] package/python-pyyaml: add host variant host-python-pyyaml is needed for mongodb 4.0.6 Signed-off-by: Fabrice Fontaine [Peter: s/HOST_PYTHON/HOST_PYTHON_PYYAML/] Signed-off-by: Peter Korsgaard --- package/python-pyyaml/python-pyyaml.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/python-pyyaml/python-pyyaml.mk b/package/python-pyyaml/python-pyyaml.mk index 95f0f0bb9e..b73b4356a0 100644 --- a/package/python-pyyaml/python-pyyaml.mk +++ b/package/python-pyyaml/python-pyyaml.mk @@ -11,5 +11,7 @@ PYTHON_PYYAML_SETUP_TYPE = distutils PYTHON_PYYAML_LICENSE = MIT PYTHON_PYYAML_LICENSE_FILES = LICENSE PYTHON_PYYAML_DEPENDENCIES = libyaml +HOST_PYTHON_PYYAML_DEPENDENCIES = host-libyaml $(eval $(python-package)) +$(eval $(host-python-package)) From dbbba13e718957a6ac3cf95dd3242db4dbdb4ce8 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 10 Feb 2019 15:26:18 +0100 Subject: [PATCH 23/31] package/python-typing: add host variant host-python-typing is needed for mongodb 4.0.6 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/python-typing/python-typing.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/python-typing/python-typing.mk b/package/python-typing/python-typing.mk index acb5316129..663227dfc9 100644 --- a/package/python-typing/python-typing.mk +++ b/package/python-typing/python-typing.mk @@ -12,3 +12,4 @@ PYTHON_TYPING_LICENSE = Python-2.0, others PYTHON_TYPING_LICENSE_FILES = LICENSE $(eval $(python-package)) +$(eval $(host-python-package)) From c5b7678b4a2cc6a2659ac1637bf74ea7ff14c147 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 10 Feb 2019 15:26:19 +0100 Subject: [PATCH 24/31] package/mongodb: new package Here is the list of the changes compared to the removed mongodb 3.3.4 version: - Remove patch (not applicable anymore) - Add patch (sent upstream) to fix openssl build with gcc 7 and -fpermissive - Remove 32 bits x86 platforms, removed since version 3.4: https://docs.mongodb.com/manual/installation/#supported-platforms - Change license: since October 2018, license is SSPL: - https://www.mongodb.com/community/licensing - https://jira.mongodb.org/browse/SERVER-38767 - gcc must be at least 5.3 so add a dependency on gcc >= 6 - Add a dependency on host-python-xxx modules: https://github.com/mongodb/mongo/blob/r4.0.6/docs/building.md - Use system versions of boost, pcre, snappy, sqlite, yaml-cpp and zlib instead of embedded mongodb ones - Add hash for license files Signed-off-by: Fabrice Fontaine Tested-by: Adam Duskett Signed-off-by: Peter Korsgaard --- Config.in.legacy | 6 -- DEVELOPERS | 1 + package/Config.in | 1 + ...fix-build-with-gcc-7-and-fpermissive.patch | 55 +++++++++++ package/mongodb/Config.in | 40 ++++++++ package/mongodb/mongodb.hash | 4 + package/mongodb/mongodb.mk | 92 +++++++++++++++++++ 7 files changed, 193 insertions(+), 6 deletions(-) create mode 100644 package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch create mode 100644 package/mongodb/Config.in create mode 100644 package/mongodb/mongodb.hash create mode 100644 package/mongodb/mongodb.mk diff --git a/Config.in.legacy b/Config.in.legacy index 80bab04448..25b48fba82 100644 --- a/Config.in.legacy +++ b/Config.in.legacy @@ -207,12 +207,6 @@ config BR2_PACKAGE_GNURADIO_QTGUI help The gr-qtgui option was removed. -config BR2_PACKAGE_MONGODB - bool "mongodb package removed" - select BR2_LEGACY - help - The mongodb package was removed. - config BR2_PACKAGE_LUACRYPTO bool "luacrypto package removed" select BR2_LEGACY diff --git a/DEVELOPERS b/DEVELOPERS index f2e69cc041..c17ba6db99 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -789,6 +789,7 @@ F: package/libxslt/ F: package/mbedtls/ F: package/minissdpd/ F: package/minizip/ +F: package/mongodb/ F: package/motion/ F: package/mutt/ F: package/ncmpc/ diff --git a/package/Config.in b/package/Config.in index 29862c478c..cc232b9fba 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1214,6 +1214,7 @@ menu "Database" source "package/leveldb/Config.in" source "package/libgit2/Config.in" source "package/libpqxx/Config.in" + source "package/mongodb/Config.in" source "package/mysql/Config.in" source "package/postgresql/Config.in" source "package/redis/Config.in" diff --git a/package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch b/package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch new file mode 100644 index 0000000000..b4b1746682 --- /dev/null +++ b/package/mongodb/0001-ssl_manager.cpp-fix-build-with-gcc-7-and-fpermissive.patch @@ -0,0 +1,55 @@ +From 362be06fc16a5ad0f9e9aa90cc763c5242e8e35c Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Sat, 9 Feb 2019 12:41:45 +0100 +Subject: [PATCH] ssl_manager.cpp: fix build with gcc 7 and -fpermissive + +Change prototype of DERToken::parse function from +parse(ConstDataRange cdr, size_t* outLength); +to parse(ConstDataRange cdr, uint64_t* outLength); + +Otherwise, we got the following error: + +src/mongo/util/net/ssl_manager.cpp: In static member function 'static mongo::StatusWith mongo::{anonymous}::DERToken::parse(mongo::ConstDataRange, size_t*)': +src/mongo/util/net/ssl_manager.cpp:575:79: error: invalid conversion from 'size_t* {aka unsigned int*}' to 'long unsigned int*' [-fpermissive] + if (mongoUnsignedAddOverflow64(tagAndLengthByteCount, derLength, outLength) || + +Signed-off-by: Fabrice Fontaine +[Upstream status: https://github.com/mongodb/mongo/pull/1296] +--- + src/mongo/util/net/ssl_manager.cpp | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp +index b93ebe84a4..3511eb5d99 100644 +--- a/src/mongo/util/net/ssl_manager.cpp ++++ b/src/mongo/util/net/ssl_manager.cpp +@@ -782,7 +782,7 @@ public: + * + * Returns a DERToken which consists of the (tag, length, value) tuple. + */ +- static StatusWith parse(ConstDataRange cdr, size_t* outLength); ++ static StatusWith parse(ConstDataRange cdr, uint64_t* outLength); + + private: + DERType _type{DERType::EndOfContent}; +@@ -799,7 +799,7 @@ struct DataType::Handler { + size_t length, + size_t* advanced, + std::ptrdiff_t debug_offset) { +- size_t outLength; ++ uint64_t outLength; + + auto swPair = DERToken::parse(ConstDataRange(ptr, length), &outLength); + +@@ -844,7 +844,7 @@ StatusWith readDERString(ConstDataRangeCursor& cdc) { + } + + +-StatusWith DERToken::parse(ConstDataRange cdr, size_t* outLength) { ++StatusWith DERToken::parse(ConstDataRange cdr, uint64_t* outLength) { + const size_t kTagLength = 1; + const size_t kTagLengthAndInitialLengthByteLength = kTagLength + 1; + +-- +2.14.1 + diff --git a/package/mongodb/Config.in b/package/mongodb/Config.in new file mode 100644 index 0000000000..969b8e062f --- /dev/null +++ b/package/mongodb/Config.in @@ -0,0 +1,40 @@ +# from https://docs.mongodb.com/manual/installation/#supported-platforms +config BR2_PACKAGE_MONGODB_ARCH_SUPPORTS + bool + # ARM needs LDREX/STREX, so ARMv6+ + default y if BR2_arm && !BR2_ARM_CPU_ARMV4 && !BR2_ARM_CPU_ARMV5 + default y if BR2_aarch64 || BR2_powerpc64 || BR2_x86_64 + +config BR2_PACKAGE_MONGODB + bool "mongodb" + depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS + depends on BR2_TOOLCHAIN_USES_GLIBC # needs glibc malloc_usable_size + depends on BR2_USE_WCHAR + depends on BR2_TOOLCHAIN_HAS_THREADS + depends on BR2_INSTALL_LIBSTDCPP + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6 + select BR2_PACKAGE_BOOST + select BR2_PACKAGE_BOOST_FILESYSTEM + select BR2_PACKAGE_BOOST_IOSTREAMS + select BR2_PACKAGE_BOOST_PROGRAM_OPTIONS + select BR2_PACKAGE_BOOST_SYSTEM + select BR2_PACKAGE_PCRE + select BR2_PACKAGE_SNAPPY + select BR2_PACKAGE_SQLITE + select BR2_PACKAGE_YAML_CPP + select BR2_PACKAGE_ZLIB + help + MongoDB is a cross-platform document-oriented database + (NoSQL). + + It uses JSON-like documents with dynamic schemas (BSON), + making the integration of data in certain types of + applications easier and faster. + + https://www.mongodb.org/ + +comment "mongodb needs a glibc toolchain w/ wchar, threads, C++, gcc >= 6" + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_USES_GLIBC || \ + !BR2_TOOLCHAIN_GCC_AT_LEAST_6 + depends on BR2_PACKAGE_MONGODB_ARCH_SUPPORTS diff --git a/package/mongodb/mongodb.hash b/package/mongodb/mongodb.hash new file mode 100644 index 0000000000..916323d7c1 --- /dev/null +++ b/package/mongodb/mongodb.hash @@ -0,0 +1,4 @@ +# Locally computed: +sha256 5db85f06b2a0b2ae393339a4aed1366928aaef2b46c7c32826fa87c3217dc6f7 mongodb-r4.0.6.tar.gz +sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 APACHE-2.0.txt +sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27 LICENSE-Community.txt diff --git a/package/mongodb/mongodb.mk b/package/mongodb/mongodb.mk new file mode 100644 index 0000000000..e420ecb41d --- /dev/null +++ b/package/mongodb/mongodb.mk @@ -0,0 +1,92 @@ +################################################################################ +# +# mongodb +# +################################################################################ + +MONGODB_VERSION_BASE = 4.0.6 +MONGODB_VERSION = r$(MONGODB_VERSION_BASE) +MONGODB_SITE = $(call github,mongodb,mongo,$(MONGODB_VERSION)) + +MONGODB_LICENSE = Apache-2.0 (drivers), SSPL (database) +MONGODB_LICENSE_FILES = APACHE-2.0.txt LICENSE-Community.txt + +MONGODB_DEPENDENCIES = \ + boost \ + host-python-cheetah \ + host-python-pyyaml \ + host-python-typing \ + host-scons \ + pcre \ + snappy \ + sqlite \ + yaml-cpp \ + zlib + +MONGODB_SCONS_TARGETS = mongod mongos + +MONGODB_SCONS_ENV = CC="$(TARGET_CC)" CXX="$(TARGET_CXX)" \ + -j"$(PARALLEL_JOBS)" + +MONGODB_SCONS_OPTS = \ + --disable-warnings-as-errors \ + --use-system-boost \ + --use-system-pcre \ + --use-system-snappy \ + --use-system-sqlite \ + --use-system-yaml \ + --use-system-zlib + +# need to pass mongo version when not building from git repo +MONGODB_SCONS_OPTS += MONGO_VERSION=$(MONGODB_VERSION_BASE)- + +# WiredTiger database storage engine only supported on 64 bits +ifeq ($(BR2_ARCH_IS_64),y) +MONGODB_SCONS_OPTS += --wiredtiger=on +else +MONGODB_SCONS_OPTS += --wiredtiger=off +endif + +# JavaScript scripting engine and tcmalloc supported only on +# x86/x86-64 systems. Mongo target is a shell interface that +# depends on the javascript engine, so it will also only be +# built on x86/x86-64 systems. +ifeq ($(BR2_i386)$(BR2_x86_64),y) +MONGODB_SCONS_OPTS += --js-engine=mozjs --allocator=tcmalloc +MONGODB_SCONS_TARGETS += mongo +else +MONGODB_SCONS_OPTS += --js-engine=none --allocator=system +endif + +ifeq ($(BR2_PACKAGE_LIBCURL),y) +MONGODB_DEPENDENCIES += libcurl +MONGODB_SCONS_OPTS += --enable-free-mon=on +else +MONGODB_SCONS_OPTS += --enable-free-mon=off +endif + +ifeq ($(BR2_PACKAGE_OPENSSL),y) +MONGODB_DEPENDENCIES += openssl +MONGODB_SCONS_OPTS += \ + --ssl \ + --ssl-provider=openssl +endif + +define MONGODB_BUILD_CMDS + (cd $(@D); \ + $(SCONS) \ + $(MONGODB_SCONS_ENV) \ + $(MONGODB_SCONS_OPTS) \ + $(MONGODB_SCONS_TARGETS)) +endef + +define MONGODB_INSTALL_TARGET_CMDS + (cd $(@D); \ + $(SCONS) \ + $(MONGODB_SCONS_ENV) \ + $(MONGODB_SCONS_OPTS) \ + --prefix=$(TARGET_DIR)/usr \ + install) +endef + +$(eval $(generic-package)) From f51e3a50041eb18604b81c18c146d97cdb0afd35 Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Tue, 12 Feb 2019 01:35:28 -0800 Subject: [PATCH 25/31] docker-containerd: bump to v1.2.3 Signed-off-by: Christian Stewart Signed-off-by: Peter Korsgaard --- package/docker-containerd/docker-containerd.hash | 2 +- package/docker-containerd/docker-containerd.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-containerd/docker-containerd.hash b/package/docker-containerd/docker-containerd.hash index 52bf8e03d2..cae88f40e2 100644 --- a/package/docker-containerd/docker-containerd.hash +++ b/package/docker-containerd/docker-containerd.hash @@ -1,3 +1,3 @@ # Computed locally -sha256 a2780aca4d72bb8aced14ca9de99bdc9a90bdaacb06c5ddd8378a66443c1d70f docker-containerd-v1.2.1.tar.gz +sha256 ff4c2ad680c9e2484e335868a54b0c1ea49d9165dd5b38b64ef7d9dacf2b96b4 docker-containerd-v1.2.3.tar.gz sha256 4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4 LICENSE diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk index 12f2324a8c..9088c17660 100644 --- a/package/docker-containerd/docker-containerd.mk +++ b/package/docker-containerd/docker-containerd.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_CONTAINERD_VERSION = v1.2.1 +DOCKER_CONTAINERD_VERSION = v1.2.3 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION)) DOCKER_CONTAINERD_LICENSE = Apache-2.0 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE From 97bdc36e3d22ebb9c00b7cef48e49dd5a72dbef0 Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Tue, 12 Feb 2019 01:35:29 -0800 Subject: [PATCH 26/31] docker-cli: bump to v18.09.2 Signed-off-by: Christian Stewart Signed-off-by: Peter Korsgaard --- package/docker-cli/docker-cli.hash | 2 +- package/docker-cli/docker-cli.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash index 03322a4f6d..9782f34baa 100644 --- a/package/docker-cli/docker-cli.hash +++ b/package/docker-cli/docker-cli.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 3e578406dead2fc72c4b52f77db39dc779fa8b460352116c06f1ae29219bd8c2 docker-cli-v18.09.0.tar.gz +sha256 29f3a435bfcd52dbe26f6315ee92bffc0220a537608935a2c3870f6b729fc16e docker-cli-v18.09.2.tar.gz sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk index c73caa2652..c3dd536937 100644 --- a/package/docker-cli/docker-cli.mk +++ b/package/docker-cli/docker-cli.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_CLI_VERSION = v18.09.0 +DOCKER_CLI_VERSION = v18.09.2 DOCKER_CLI_SITE = $(call github,docker,cli,$(DOCKER_CLI_VERSION)) DOCKER_CLI_WORKSPACE = gopath From 087e5147c32ed8e75e462e4ea5c0cf2fd3c40be4 Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Tue, 12 Feb 2019 01:35:30 -0800 Subject: [PATCH 27/31] docker-engine: bump to v18.09.2 Signed-off-by: Christian Stewart Signed-off-by: Peter Korsgaard --- package/docker-engine/docker-engine.hash | 2 +- package/docker-engine/docker-engine.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash index 1e3939f240..fe7b0d3b94 100644 --- a/package/docker-engine/docker-engine.hash +++ b/package/docker-engine/docker-engine.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 b5278b3f2b460ea61f47833abd2a844f348b4518e73f309294ad178c205a48e1 docker-engine-v18.09.0.tar.gz +sha256 4babbcbc3e1d7750c61a1e5bee29bd206256948961feaac5b44cabb0c70a50a6 docker-engine-v18.09.2.tar.gz sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk index aae44ab6df..e2f59666df 100644 --- a/package/docker-engine/docker-engine.mk +++ b/package/docker-engine/docker-engine.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_ENGINE_VERSION = v18.09.0 +DOCKER_ENGINE_VERSION = v18.09.2 DOCKER_ENGINE_SITE = $(call github,docker,engine,$(DOCKER_ENGINE_VERSION)) DOCKER_ENGINE_LICENSE = Apache-2.0 From 424a90241c07fd15cd1caadd707f751461cf11fc Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Tue, 12 Feb 2019 01:35:31 -0800 Subject: [PATCH 28/31] docker-engine: fix runc version check warning Fixes the startup warning from Docker: failed to retrieve runc version: unknown output format: runc version commit ... Introduces a patch to replace the faulty version detection logic in the Docker engine. Signed-off-by: Christian Stewart Signed-off-by: Peter Korsgaard --- ...ix-faulty-runc-version-commit-scrape.patch | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch diff --git a/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch b/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch new file mode 100644 index 0000000000..dc47a8f9ef --- /dev/null +++ b/package/docker-engine/0001-Fix-faulty-runc-version-commit-scrape.patch @@ -0,0 +1,45 @@ +From 324e7be4b252c13002bca6a9d82e7b2e43664634 Mon Sep 17 00:00:00 2001 +From: Christian Stewart +Date: Mon, 26 Nov 2018 22:59:32 -0800 +Subject: [PATCH] Fix faulty runc version commit scrape + +This commit replaces faulty logic to determine the runc version commit hash. + +The original logic takes the second line of the output of "runc --version" and +does not work if there are a different number of lines printed from the command +than expected. The buildroot version of runc outputs two lines instead of the +expected three, causing the error: + +unknown output format: runc version commit: ... + +This patch replaces this logic with a simple scan of the "runc --version" +output, searching for the "runc version commit" prefixed line. + +Signed-off-by: Christian Stewart +--- + daemon/info_unix.go | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/daemon/info_unix.go b/daemon/info_unix.go +index 60b2f99870..688a510796 100644 +--- a/daemon/info_unix.go ++++ b/daemon/info_unix.go +@@ -32,10 +32,11 @@ func (daemon *Daemon) fillPlatformInfo(v *types.Info, sysInfo *sysinfo.SysInfo) + defaultRuntimeBinary := daemon.configStore.GetRuntime(v.DefaultRuntime).Path + if rv, err := exec.Command(defaultRuntimeBinary, "--version").Output(); err == nil { + parts := strings.Split(strings.TrimSpace(string(rv)), "\n") +- if len(parts) == 3 { +- parts = strings.Split(parts[1], ": ") +- if len(parts) == 2 { +- v.RuncCommit.ID = strings.TrimSpace(parts[1]) ++ for _, pt := range parts { ++ ptKv := strings.Split(pt, ":") ++ if strings.HasSuffix(strings.TrimSpace(ptKv[0]), "commit") { ++ v.RuncCommit.ID = strings.TrimSpace(ptKv[1]) ++ break + } + } + +-- +2.18.1 + From a83e30ad63e00d6c81a6409161c2d3010d98d373 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 11 Feb 2019 23:22:02 +0100 Subject: [PATCH 29/31] utils/scanpypi: protect against zip-slip vulnerability in zip/tar handling For details, see https://github.com/snyk/zip-slip-vulnerability Older python versions do not validate that the extracted files are inside the target directory. Detect and error out on evil paths before extracting .zip / .tar file. Given the scope of this (zip issue was fixed in python 2.7.4, released 2013-04-06, scanpypi is only used by a developer when adding a new python package), the security impact is fairly minimal, but it is good to get it fixed anyway. Reported-by: Bas van Schaik Signed-off-by: Peter Korsgaard --- utils/scanpypi | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/utils/scanpypi b/utils/scanpypi index a75d696222..bdce6924b6 100755 --- a/utils/scanpypi +++ b/utils/scanpypi @@ -225,6 +225,22 @@ class BuildrootPackage(): self.filename = self.used_url['filename'] self.url = self.used_url['url'] + def check_archive(self, members): + """ + Check archive content before extracting + + Keyword arguments: + members -- list of archive members + """ + # Protect against https://github.com/snyk/zip-slip-vulnerability + # Older python versions do not validate that the extracted files are + # inside the target directory. Detect and error out on evil paths + evil = [e for e in members if os.path.relpath(e).startswith(('/', '..'))] + if evil: + print('ERROR: Refusing to extract {} with suspicious members {}'.format( + self.filename, evil)) + sys.exit(1) + def extract_package(self, tmp_path): """ Extract the package contents into a directrory @@ -249,6 +265,7 @@ class BuildrootPackage(): print('Removing {pkg}...'.format(pkg=tmp_pkg)) shutil.rmtree(tmp_pkg) os.makedirs(tmp_pkg) + self.check_archive(as_zipfile.namelist()) as_zipfile.extractall(tmp_pkg) pkg_filename = self.filename.split(".zip")[0] else: @@ -264,6 +281,7 @@ class BuildrootPackage(): print('Removing {pkg}...'.format(pkg=tmp_pkg)) shutil.rmtree(tmp_pkg) os.makedirs(tmp_pkg) + self.check_archive(as_tarfile.getnames()) as_tarfile.extractall(tmp_pkg) pkg_filename = self.filename.split(".tar")[0] From fd8a02fd75d652b85f64c1cd7e9adf1ee2329261 Mon Sep 17 00:00:00 2001 From: Gerome Burlats Date: Tue, 12 Feb 2019 23:24:13 +0100 Subject: [PATCH 30/31] configs/qemu: Update defconfigs to Linux 4.19.16 Linux version are changed to 4.19.16 (LTS) for all qemu defconfigs, except for riscv. riscv defconfigs are left unchanged because they have a custom Linux repository causing more difficulties when upgrading to 4.19 for riscv32. And for the riscv64, it has been updated recently to Linux 4.20 by another contributor. Patch for arm-versatile-nommu is changed into a git format Add cache attributes for xtensa-lx60-nommu config because the commit https://github.com/torvalds/linux/commit/7bb516ca5424e12b42124fab2906b6da9c81ba9c added a new config variable for memory cache attribute: CONFIG_MEMMAP_CACHEATTR All these updated configs have been built successfully. Signed-off-by: Gerome Burlats Cc: Romain Naour Signed-off-by: Romain Naour Signed-off-by: Peter Korsgaard --- .../patches/linux/versatile-nommu.patch | 75 +++++++++++++------ board/qemu/xtensa-lx60/linux-nommu.config | 1 + configs/qemu_aarch64_virt_defconfig | 6 +- configs/qemu_arm_versatile_defconfig | 6 +- configs/qemu_arm_versatile_nommu_defconfig | 6 +- configs/qemu_arm_vexpress_defconfig | 6 +- configs/qemu_m68k_mcf5208_defconfig | 6 +- configs/qemu_m68k_q800_defconfig | 6 +- configs/qemu_microblazebe_mmu_defconfig | 6 +- configs/qemu_microblazeel_mmu_defconfig | 6 +- configs/qemu_mips32r2_malta_defconfig | 6 +- configs/qemu_mips32r2el_malta_defconfig | 6 +- configs/qemu_mips32r6_malta_defconfig | 6 +- configs/qemu_mips32r6el_malta_defconfig | 6 +- configs/qemu_mips64_malta_defconfig | 6 +- configs/qemu_mips64el_malta_defconfig | 6 +- configs/qemu_mips64r6_malta_defconfig | 6 +- configs/qemu_mips64r6el_malta_defconfig | 6 +- configs/qemu_nios2_10m50_defconfig | 6 +- configs/qemu_or1k_defconfig | 6 +- configs/qemu_ppc64_e5500_defconfig | 4 +- configs/qemu_ppc64_pseries_defconfig | 6 +- configs/qemu_ppc64le_pseries_defconfig | 6 +- configs/qemu_ppc_g3beige_defconfig | 6 +- configs/qemu_ppc_mpc8544ds_defconfig | 6 +- configs/qemu_ppc_virtex_ml507_defconfig | 6 +- configs/qemu_sh4_r2d_defconfig | 6 +- configs/qemu_sh4eb_r2d_defconfig | 6 +- configs/qemu_sparc64_sun4u_defconfig | 6 +- configs/qemu_sparc_ss10_defconfig | 6 +- configs/qemu_x86_64_defconfig | 6 +- configs/qemu_x86_defconfig | 6 +- configs/qemu_xtensa_lx60_defconfig | 6 +- configs/qemu_xtensa_lx60_nommu_defconfig | 6 +- 34 files changed, 148 insertions(+), 118 deletions(-) diff --git a/board/qemu/arm-versatile/patches/linux/versatile-nommu.patch b/board/qemu/arm-versatile/patches/linux/versatile-nommu.patch index 883bd0de6e..a2c0962f85 100644 --- a/board/qemu/arm-versatile/patches/linux/versatile-nommu.patch +++ b/board/qemu/arm-versatile/patches/linux/versatile-nommu.patch @@ -1,10 +1,30 @@ -Signed-Off-by: Waldemar Brodkorb -From LKML. +From 4ac4324dcdaf237aa34545b3795acb2e5c42d10e Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Fri, 1 Feb 2019 11:36:20 +0100 +Subject: [PATCH] arm-versatile-nommu: Linux patch -diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig ---- linux-4.15.13.orig/arch/arm/Kconfig 2018-03-24 11:02:53.000000000 +0100 -+++ linux-4.15.13/arch/arm/Kconfig 2018-04-01 03:47:33.415078244 +0100 -@@ -355,6 +355,17 @@ +Originally made by Waldemar Brodkorb from LKML. + +Signed-Off-by: Waldemar Brodkorb +[Gerome: reformated as a Git patch] +Signed-off-by: Gerome Burlats +[Romain: fix Waldemar's authorship in Git patch] +Signed-off-by: Romain Naour +--- + arch/arm/Kconfig | 11 +++++++++++ + arch/arm/Kconfig.debug | 3 ++- + arch/arm/include/asm/mach/map.h | 1 + + arch/arm/mach-versatile/Kconfig | 5 +++-- + arch/arm/mach-versatile/Makefile.boot | 3 +++ + arch/arm/mach-versatile/versatile_dt.c | 4 ++++ + 6 files changed, 24 insertions(+), 3 deletions(-) + create mode 100644 arch/arm/mach-versatile/Makefile.boot + +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index e8cd55a5b04c..fc2dbff70394 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -353,6 +353,17 @@ config ARM_SINGLE_ARMV7M select SPARSE_IRQ select USE_OF @@ -22,10 +42,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig linux-4.15.13/arch/arm/Kconfig config ARCH_EBSA110 bool "EBSA-110" select ARCH_USES_GETTIMEOFFSET -diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconfig.debug ---- linux-4.15.13.orig/arch/arm/Kconfig.debug 2018-03-24 11:02:53.000000000 +0100 -+++ linux-4.15.13/arch/arm/Kconfig.debug 2018-04-01 03:47:33.416078232 +0100 -@@ -1795,7 +1795,8 @@ +diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug +index f6fcb8a79889..92fc637d3db8 100644 +--- a/arch/arm/Kconfig.debug ++++ b/arch/arm/Kconfig.debug +@@ -1843,7 +1843,8 @@ config DEBUG_UNCOMPRESS config UNCOMPRESS_INCLUDE string default "debug/uncompress.h" if ARCH_MULTIPLATFORM || ARCH_MSM || \ @@ -35,10 +56,11 @@ diff -Nur linux-4.15.13.orig/arch/arm/Kconfig.debug linux-4.15.13/arch/arm/Kconf default "mach/uncompress.h" config EARLY_PRINTK -diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/arm/include/asm/mach/map.h ---- linux-4.15.13.orig/arch/arm/include/asm/mach/map.h 2018-03-24 11:02:53.000000000 +0100 -+++ linux-4.15.13/arch/arm/include/asm/mach/map.h 2018-04-01 03:47:17.587276119 +0100 -@@ -62,6 +62,7 @@ +diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h +index 9b7c328fb207..b1fe9c8b5c3e 100644 +--- a/arch/arm/include/asm/mach/map.h ++++ b/arch/arm/include/asm/mach/map.h +@@ -62,6 +62,7 @@ extern int ioremap_page(unsigned long virt, unsigned long phys, #else #define iotable_init(map,num) do { } while (0) #define vm_reserve_area_early(a,s,c) do { } while (0) @@ -46,9 +68,10 @@ diff -Nur linux-4.15.13.orig/arch/arm/include/asm/mach/map.h linux-4.15.13/arch/ #endif #endif -diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/arm/mach-versatile/Kconfig ---- linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig 2018-03-24 11:02:53.000000000 +0100 -+++ linux-4.15.13/arch/arm/mach-versatile/Kconfig 2018-04-01 03:47:33.417078219 +0100 +diff --git a/arch/arm/mach-versatile/Kconfig b/arch/arm/mach-versatile/Kconfig +index f5c275434d6c..06ad999d5978 100644 +--- a/arch/arm/mach-versatile/Kconfig ++++ b/arch/arm/mach-versatile/Kconfig @@ -1,7 +1,8 @@ # SPDX-License-Identifier: GPL-2.0 config ARCH_VERSATILE @@ -60,16 +83,19 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Kconfig linux-4.15.13/arch/ select ARM_AMBA select ARM_TIMER_SP804 select ARM_VIC -diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot linux-4.15.13/arch/arm/mach-versatile/Makefile.boot ---- linux-4.15.13.orig/arch/arm/mach-versatile/Makefile.boot 1970-01-01 01:00:00.000000000 +0100 -+++ linux-4.15.13/arch/arm/mach-versatile/Makefile.boot 2018-04-01 03:47:25.644175394 +0100 +diff --git a/arch/arm/mach-versatile/Makefile.boot b/arch/arm/mach-versatile/Makefile.boot +new file mode 100644 +index 000000000000..eacfc3f5c33e +--- /dev/null ++++ b/arch/arm/mach-versatile/Makefile.boot @@ -0,0 +1,3 @@ +# Empty file waiting for deletion once Makefile.boot isn't needed any more. +# Patch waits for application at +# http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7889/1 . -diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c ---- linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c 2018-03-24 11:02:53.000000000 +0100 -+++ linux-4.15.13/arch/arm/mach-versatile/versatile_dt.c 2018-04-01 03:47:10.913359555 +0100 +diff --git a/arch/arm/mach-versatile/versatile_dt.c b/arch/arm/mach-versatile/versatile_dt.c +index 3c8d39c12909..8cfa05a37295 100644 +--- a/arch/arm/mach-versatile/versatile_dt.c ++++ b/arch/arm/mach-versatile/versatile_dt.c @@ -37,7 +37,11 @@ #include @@ -82,3 +108,6 @@ diff -Nur linux-4.15.13.orig/arch/arm/mach-versatile/versatile_dt.c linux-4.15.1 #define __io_address(n) ((void __iomem __force *)IO_ADDRESS(n)) /* +-- +2.14.5 + diff --git a/board/qemu/xtensa-lx60/linux-nommu.config b/board/qemu/xtensa-lx60/linux-nommu.config index 10f7ee125c..8077645eec 100644 --- a/board/qemu/xtensa-lx60/linux-nommu.config +++ b/board/qemu/xtensa-lx60/linux-nommu.config @@ -6,6 +6,7 @@ CONFIG_XTENSA_VARIANT_CUSTOM_NAME="dc233c" # CONFIG_XTENSA_VARIANT_MMU is not set CONFIG_XTENSA_UNALIGNED_USER=y CONFIG_PREEMPT=y +CONFIG_MEMMAP_CACHEATTR=0x2cccccc7 CONFIG_KERNEL_LOAD_ADDRESS=0x00003000 # CONFIG_PCI is not set CONFIG_XTENSA_PLATFORM_XTFPGA=y diff --git a/configs/qemu_aarch64_virt_defconfig b/configs/qemu_aarch64_virt_defconfig index a7b097ef40..638e18beb7 100644 --- a/configs/qemu_aarch64_virt_defconfig +++ b/configs/qemu_aarch64_virt_defconfig @@ -11,13 +11,13 @@ BR2_TARGET_ROOTFS_EXT2=y BR2_TARGET_ROOTFS_EXT2_4=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/aarch64-virt/linux.config" BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y diff --git a/configs/qemu_arm_versatile_defconfig b/configs/qemu_arm_versatile_defconfig index 348b91bc96..ce7cb5efe4 100644 --- a/configs/qemu_arm_versatile_defconfig +++ b/configs/qemu_arm_versatile_defconfig @@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux.config" BR2_LINUX_KERNEL_DTS_SUPPORT=y diff --git a/configs/qemu_arm_versatile_nommu_defconfig b/configs/qemu_arm_versatile_nommu_defconfig index 910c382439..81fb5b6ca4 100644 --- a/configs/qemu_arm_versatile_nommu_defconfig +++ b/configs/qemu_arm_versatile_nommu_defconfig @@ -21,13 +21,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/arm-versatile/linux-nommu.config" BR2_LINUX_KERNEL_DTS_SUPPORT=y diff --git a/configs/qemu_arm_vexpress_defconfig b/configs/qemu_arm_vexpress_defconfig index 34a50aa8d5..66f198ac5d 100644 --- a/configs/qemu_arm_vexpress_defconfig +++ b/configs/qemu_arm_vexpress_defconfig @@ -13,13 +13,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyAMA0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_DEFCONFIG="vexpress" BR2_LINUX_KERNEL_DTS_SUPPORT=y BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9" diff --git a/configs/qemu_m68k_mcf5208_defconfig b/configs/qemu_m68k_mcf5208_defconfig index 8f8d0a048a..44fd918ec0 100644 --- a/configs/qemu_m68k_mcf5208_defconfig +++ b/configs/qemu_m68k_mcf5208_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_INITRAMFS=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-mcf5208/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_m68k_q800_defconfig b/configs/qemu_m68k_q800_defconfig index d9238b650f..0dd90a97b3 100644 --- a/configs/qemu_m68k_q800_defconfig +++ b/configs/qemu_m68k_q800_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/m68k-q800/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_microblazebe_mmu_defconfig b/configs/qemu_microblazebe_mmu_defconfig index 3055a0f8cd..95fdfeda6c 100644 --- a/configs/qemu_microblazebe_mmu_defconfig +++ b/configs/qemu_microblazebe_mmu_defconfig @@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazebe-mmu/linux.config" BR2_LINUX_KERNEL_LINUX_BIN=y diff --git a/configs/qemu_microblazeel_mmu_defconfig b/configs/qemu_microblazeel_mmu_defconfig index 073a7173fa..7400dafa5f 100644 --- a/configs/qemu_microblazeel_mmu_defconfig +++ b/configs/qemu_microblazeel_mmu_defconfig @@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyUL0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/microblazeel-mmu/linux.config" BR2_LINUX_KERNEL_LINUX_BIN=y diff --git a/configs/qemu_mips32r2_malta_defconfig b/configs/qemu_mips32r2_malta_defconfig index d07bc11003..0ee7a58888 100644 --- a/configs/qemu_mips32r2_malta_defconfig +++ b/configs/qemu_mips32r2_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips32r2el_malta_defconfig b/configs/qemu_mips32r2el_malta_defconfig index 55e68b1fdc..075088df82 100644 --- a/configs/qemu_mips32r2el_malta_defconfig +++ b/configs/qemu_mips32r2el_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r2el-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips32r6_malta_defconfig b/configs/qemu_mips32r6_malta_defconfig index 5802393368..b0bf94ce7b 100644 --- a/configs/qemu_mips32r6_malta_defconfig +++ b/configs/qemu_mips32r6_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips32r6el_malta_defconfig b/configs/qemu_mips32r6el_malta_defconfig index 93e2a86509..077d836da3 100644 --- a/configs/qemu_mips32r6el_malta_defconfig +++ b/configs/qemu_mips32r6el_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips32r6el-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips64_malta_defconfig b/configs/qemu_mips64_malta_defconfig index 99b457a9f8..12502eac6a 100644 --- a/configs/qemu_mips64_malta_defconfig +++ b/configs/qemu_mips64_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips64el_malta_defconfig b/configs/qemu_mips64el_malta_defconfig index f2dacbd760..5ddb759bbe 100644 --- a/configs/qemu_mips64el_malta_defconfig +++ b/configs/qemu_mips64el_malta_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64el-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips64r6_malta_defconfig b/configs/qemu_mips64r6_malta_defconfig index d291213db7..bfa32f657e 100644 --- a/configs/qemu_mips64r6_malta_defconfig +++ b/configs/qemu_mips64r6_malta_defconfig @@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_mips64r6el_malta_defconfig b/configs/qemu_mips64r6el_malta_defconfig index 4740bdee28..2fd855d79b 100644 --- a/configs/qemu_mips64r6el_malta_defconfig +++ b/configs/qemu_mips64r6el_malta_defconfig @@ -10,13 +10,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/mips64r6el-malta/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_nios2_10m50_defconfig b/configs/qemu_nios2_10m50_defconfig index cff219257a..d7e7c335a3 100644 --- a/configs/qemu_nios2_10m50_defconfig +++ b/configs/qemu_nios2_10m50_defconfig @@ -1,10 +1,10 @@ BR2_nios2=y BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_DEFCONFIG="10m50" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/nios2-10m50/linux.fragment" BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y diff --git a/configs/qemu_or1k_defconfig b/configs/qemu_or1k_defconfig index 636a0d25b1..3fc53f4186 100644 --- a/configs/qemu_or1k_defconfig +++ b/configs/qemu_or1k_defconfig @@ -5,12 +5,12 @@ BR2_or1k=y # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4,16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4,19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/or1k/linux.config" diff --git a/configs/qemu_ppc64_e5500_defconfig b/configs/qemu_ppc64_e5500_defconfig index 7a325a5070..59b8636918 100644 --- a/configs/qemu_ppc64_e5500_defconfig +++ b/configs/qemu_ppc64_e5500_defconfig @@ -6,12 +6,12 @@ BR2_powerpc_e5500=y BR2_TARGET_GENERIC_GETTY_PORT="ttyS0" # Linux headers same as the kernel -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_DEFCONFIG="corenet64_smp" BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="board/qemu/ppc64-e5500/linux.fragment" BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y diff --git a/configs/qemu_ppc64_pseries_defconfig b/configs/qemu_ppc64_pseries_defconfig index d2d69f1c3c..5f55b246f7 100644 --- a/configs/qemu_ppc64_pseries_defconfig +++ b/configs/qemu_ppc64_pseries_defconfig @@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="hvc0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_DEFCONFIG="pseries" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_ppc64le_pseries_defconfig b/configs/qemu_ppc64le_pseries_defconfig index 9a85f76dd9..8356e4e250 100644 --- a/configs/qemu_ppc64le_pseries_defconfig +++ b/configs/qemu_ppc64le_pseries_defconfig @@ -10,12 +10,12 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_DEFCONFIG="pseries_le" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_ppc_g3beige_defconfig b/configs/qemu_ppc_g3beige_defconfig index 451a9b52d8..4b2f3ed2fe 100644 --- a/configs/qemu_ppc_g3beige_defconfig +++ b/configs/qemu_ppc_g3beige_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-g3beige/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_ppc_mpc8544ds_defconfig b/configs/qemu_ppc_mpc8544ds_defconfig index 38e41a7fa2..d6ebef7561 100644 --- a/configs/qemu_ppc_mpc8544ds_defconfig +++ b/configs/qemu_ppc_mpc8544ds_defconfig @@ -9,13 +9,13 @@ BR2_SYSTEM_DHCP="eth0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-mpc8544ds/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_ppc_virtex_ml507_defconfig b/configs/qemu_ppc_virtex_ml507_defconfig index 6824afca3c..c71465dd56 100644 --- a/configs/qemu_ppc_virtex_ml507_defconfig +++ b/configs/qemu_ppc_virtex_ml507_defconfig @@ -6,8 +6,8 @@ BR2_powerpc_440=y # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Use soft float BR2_SOFT_FLOAT=y @@ -15,7 +15,7 @@ BR2_SOFT_FLOAT=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/ppc-virtex-ml507/linux.config" BR2_LINUX_KERNEL_VMLINUX=y diff --git a/configs/qemu_sh4_r2d_defconfig b/configs/qemu_sh4_r2d_defconfig index ec4a91c999..e194d7ecf2 100644 --- a/configs/qemu_sh4_r2d_defconfig +++ b/configs/qemu_sh4_r2d_defconfig @@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Linux kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4-r2d/linux.config" BR2_LINUX_KERNEL_ZIMAGE=y diff --git a/configs/qemu_sh4eb_r2d_defconfig b/configs/qemu_sh4eb_r2d_defconfig index e7dbd46a2b..f1aad8b64f 100644 --- a/configs/qemu_sh4eb_r2d_defconfig +++ b/configs/qemu_sh4eb_r2d_defconfig @@ -10,13 +10,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttySC1" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Linux kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sh4eb-r2d/linux.config" BR2_LINUX_KERNEL_ZIMAGE=y diff --git a/configs/qemu_sparc64_sun4u_defconfig b/configs/qemu_sparc64_sun4u_defconfig index baa8dbfb59..f4da2bc08d 100644 --- a/configs/qemu_sparc64_sun4u_defconfig +++ b/configs/qemu_sparc64_sun4u_defconfig @@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Linux kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc64-sun4u/linux.config" diff --git a/configs/qemu_sparc_ss10_defconfig b/configs/qemu_sparc_ss10_defconfig index 9943781a5b..e027b73ebf 100644 --- a/configs/qemu_sparc_ss10_defconfig +++ b/configs/qemu_sparc_ss10_defconfig @@ -9,12 +9,12 @@ BR2_SYSTEM_DHCP="eth0" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Linux kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/sparc-ss10/linux.config" diff --git a/configs/qemu_x86_64_defconfig b/configs/qemu_x86_64_defconfig index 12b30bf764..afa2396931 100644 --- a/configs/qemu_x86_64_defconfig +++ b/configs/qemu_x86_64_defconfig @@ -9,12 +9,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86_64/linux.config" diff --git a/configs/qemu_x86_defconfig b/configs/qemu_x86_defconfig index 985ff32b44..3441ad5cb1 100644 --- a/configs/qemu_x86_defconfig +++ b/configs/qemu_x86_defconfig @@ -10,12 +10,12 @@ BR2_TARGET_GENERIC_GETTY_PORT="tty1" BR2_TARGET_ROOTFS_EXT2=y # BR2_TARGET_ROOTFS_TAR is not set -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/x86/linux.config" diff --git a/configs/qemu_xtensa_lx60_defconfig b/configs/qemu_xtensa_lx60_defconfig index a735c991c7..6bf48a2ada 100644 --- a/configs/qemu_xtensa_lx60_defconfig +++ b/configs/qemu_xtensa_lx60_defconfig @@ -11,13 +11,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux.config" BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y diff --git a/configs/qemu_xtensa_lx60_nommu_defconfig b/configs/qemu_xtensa_lx60_nommu_defconfig index f4d6837bc1..5ff9646270 100644 --- a/configs/qemu_xtensa_lx60_nommu_defconfig +++ b/configs/qemu_xtensa_lx60_nommu_defconfig @@ -15,13 +15,13 @@ BR2_TARGET_GENERIC_GETTY_PORT="ttyS0" # BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ROOTFS_INITRAMFS=y -# Linux headers same as kernel, a 4.16 series -BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_16=y +# Linux headers same as kernel, a 4.19 series +BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y # Kernel BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.16.7" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.16" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="board/qemu/xtensa-lx60/linux-nommu.config" BR2_LINUX_KERNEL_IMAGE_TARGET_CUSTOM=y From 23a288533340c9dd6d5b337ec9c27e96decaf252 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Wed, 13 Feb 2019 09:03:54 +0100 Subject: [PATCH 31/31] Update for 2019.02-rc1 Signed-off-by: Peter Korsgaard --- CHANGES | 26 +++++++++++++++++++++++--- Makefile | 4 ++-- docs/website/download.html | 22 +++++++++++----------- docs/website/news.html | 23 +++++++++++++++++++++++ 4 files changed, 59 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index 0ef61f5882..215f8e323d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,4 @@ -2019.02-rc1, not yet released +2019.02-rc1, released February 13th, 2019 Fixes all over the tree and new features. @@ -58,6 +58,9 @@ creating a Buildroot package from luarocks, similar to scancpan and scanpypi. + scanpypi: protect against zip-slip vulnerability in zip/tar + handling + check-package: fix Python 3 support get-developers: Fix behaviour when called from elsewhere than @@ -125,8 +128,25 @@ python-wtforms, python3-setuptools, rcw, rtc-tools, shim, utp_com, vmtouch, websocketpp - Removed packages: fftw, lua 5.2.x, luacrypto, mongodb, - perl-time-hires, python-pyqt, qt, qtuio, tn5250 + Removed packages: fftw, lua 5.2.x, luacrypto, perl-time-hires, + python-pyqt, qt, qtuio, tn5250 + + Issues resolved (http://bugs.uclibc.org): + + #10851: Patch to handle numpad Enter key properly + #11066: x11r7 X11 S40xorg leads to a black screen on QEMU x86.. + #11126: Bash Shell Programming using Buildroot + #11426: pps-tools bash dependency + #11476: stdio2.h error invalid use of __builtin_va_arg_pack + #11536: dt-utils building fails with glibc 2.28 + #11546: open-vm-tools with glibc 2.28 + #11566: Fix init script + #11576: Unable to start apache with event MPM on raspberry pi 3 + #11591: [pkgconf 1.5.3] xserver OpenGL support is missing + #11606: libjpeg has no Config.in + #11616: 2018.02.09 fails to build libzlib with full RELRO.. + #11656: Custom device tree and u-boot boot.scr not integrated.. + #11666: Touchscreen with (Py)Qt5 should use tslib instead of evdev 2018.11.2, Released January 30th, 2019 diff --git a/Makefile b/Makefile index 0d2659c46e..f736ecfb3e 100644 --- a/Makefile +++ b/Makefile @@ -92,9 +92,9 @@ all: .PHONY: all # Set and export the version string -export BR2_VERSION := 2019.02-git +export BR2_VERSION := 2019.02-rc1 # Actual time the release is cut (for reproducible builds) -BR2_VERSION_EPOCH = 1543701000 +BR2_VERSION_EPOCH = 1550044800 # Save running make version since it's clobbered by the make package RUNNING_MAKE_VERSION := $(MAKE_VERSION) diff --git a/docs/website/download.html b/docs/website/download.html index e089ad57e6..52c8b1d565 100644 --- a/docs/website/download.html +++ b/docs/website/download.html @@ -75,38 +75,38 @@

PGP signature

- +
Source code
diff --git a/docs/website/news.html b/docs/website/news.html index 6f7ebad5d7..d72c6b7fcf 100644 --- a/docs/website/news.html +++ b/docs/website/news.html @@ -9,6 +9,29 @@

News