Fixes the following security issue:
CVE-2017-3145: Improper sequencing during cleanup can lead to a
use-after-free error, triggering an assertion failure and crash in
named.
For more details, see the advisory:
https://lists.isc.org/pipermail/bind-announce/2018-January/001072.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit d72a2b9247)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
It's broken since 1c9846ec "linux-firmware: Bump to the latest version"
Fix it by updating the name of the file to install.
Do not use * since it would install also old versions that would take
1MB extra space in the target.
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot's "make nconfig" command stopped working a while ago on
Gentoo systems. Running the command would result in a crash.
The issue is caused by lxdialog's cflags which are also used to build
nconfig; It would detect *ncursesw* and turn on WIDECHAR support --
but the Makefile would still link to plain *ncurses* while building
nconfig (which was built without WIDECHAR support).
This would cause a crash after using *wattrset* on a WINDOW instance.
WIDECHAR *wattrset* would try to set the _color member in the WINDOW
struct which does not exist in the NON-WIDECHAR ncurses instance. It
would end up clobbering data outside the struct (usually _line entries).
An upstream patch fixes the issue, so we're applying it to Buildroot's
kconfig.
Signed-off-by: Guillermo A. Amaral <g@maral.me>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 8aa4ee2b02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
See: http://www.ti.com/tool/download/PRU-CGT-2-2
The ti-cgt-pru v2.1.x installer are affected by a bug with recent
distribution (Fedora 27 and Ubuntu 17.10) using kernel 4.13 or 4.14
with a glibc 2.26.
The installer is stuck in a futex(wait) system call.
While at it, add license hash.
Fixes:
http://autobuild.buildroot.net/results/68f/68f60ad38d9b6eae83b5d233966616a25d8c9391
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Ash Charles <ash.charles@savoirfairelinux.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Tested-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 0e162b932d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Only busybox and sysvinit handle the BR2_TARGET_GENERIC_GETTY_TERM and
BR2_TARGET_GENERIC_GETTY_OPTIONS options; the other init systems do
not.
So, protect those options behind appropriate dependencies on busybox
or sysvinit.
Fixes#10301.
Reported-by: Michael Heinemann <posted@heine.so>
Suggested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 5e23eb5da7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#10216
Building mcookie generates a warning about possible wrong arguments to
memset:
mcookie.c:207:26: warning: argument to ‘sizeof’ in ‘memset’ call is the same expression
as the destination; did you mean to dereference it? [-Wsizeof-pointer-memaccess]
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
ctx is a pointer to a structure, so the code should use the size of the
structure and not the size of the pointer when it tries to clear the
structure, similar to how it got fixed upstream back in 2009:
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/lib/md5.c?id=6596057175c6ed342dc20e85eae8a42eb29b629f
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 40f4191f2a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Prior to commit 8ad38a4fc2
("package/lz4: bump version to r131"), the lz4 package was installing
both libraries and programs, but this commit changed the behavior to
only install libraries.
The contributor might have been confused by the fact that the build
command was "$(MAKE) ... -C $(@D) liblz4", suggesting that only the
library was built. But since the install command was "$(MAKE) ... -C
$(@D) install", the programs were effectively built as part of the
install step, and installed as well.
Since it makes sense for lz4 to also installs its programs, this
commit adjusts the package accordingly.
It is worth mentioning that using the "all" target during the build
step is important. Indeed, otherwise the programs/Makefile has a
"default" target that doesn't build everything (especially the lz4c
program) and it end up being built as part of the install step, due to
how the makefile dependencies are handled in the lz4 project. To make
sure that everything gets built during the build step, we explicitly
use the "all" target.
Fixes bug #9996
Reported-by: Jamin Collins <jamin.collins@gmail.com>
Initial-analysis-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 6f1c11f79a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current busybox.mk explicitly removes S01logging if CONFIG_SYSLOGD
is disabled in the Busybox configuration. However:
- This causes the removal of the S01logging script potentially
installed by another package (currently syslog-ng, rsyslog and
sysklogd can all install a S01logging script).
- We generally don't try to clean-up stuff that we may have installed
in a previous make invocation and that is no longer needed
following a configuration change.
Fixes bug #10176
Reported-by: Karl Krach <mail@kkrach.de>
Fix-provided-by: Karl Krach <mail@kkrach.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84e835ea92)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The kmsxx build system can only build either shared libraries *or*
static libraries, not both. Therefore, the build currently fails when
BR2_SHARED_STATIC_LIBS=y because we try to install the static
libraries, that haven't been built.
We fix this by not installing the static libraries when
BR2_SHARED_STATIC_LIBS=y, making BR2_SHARED_STATIC_LIBS=y essentially
the same as BR2_SHARED_LIBS=y for this package.
Fixes bug #10331.
Reported-by: Frederic MATHIEU <frederic.mathieu@dualis.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 28d5ca9c96)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
There is an obvious typo in avahi_tmpfiles.conf: avahi-autoipd is
badly spelled.
Fixes bug #10641.
Reported-by: Michael Heinemann <posted@heine.so>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit c427ce4d9f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains mitigations for CVE-2017-5753 and CVE-2017-5715, the
vulnerabilities known as the "Spectre" attack. It also contains a fix
which allows building the reference documentation with newer gtk-doc
versions.
Release notes can be found in the announcement:
https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 4c5bc08ba3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
* AST-2017-014: Crash in PJSIP resource when missing a contact header A
select set of SIP messages create a dialog in Asterisk. Those SIP
messages must contain a contact header. For those messages, if the header
was not present and using the PJSIP channel driver, it would cause
Asterisk to crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the crash point.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4f13dc362d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes#10556
The --with-crypto handling in ntp only works with libopenssl, not with
libressl, where it ends up with compilation issues like:
ntp_control.c:(.text+0x64): undefined reference to `EVP_MD_CTX_new'
ntp_control.c:(.text+0x10c): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `bighash':
ntp_crypto.c:(.text+0x2e8): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x328): undefined reference to `EVP_MD_CTX_free'
libntpd.a(ntp_crypto.o): In function `crypto_verify':
ntp_crypto.c:(.text+0x6cc): undefined reference to `EVP_MD_CTX_new'
ntp_crypto.c:(.text+0x710): undefined reference to `EVP_MD_CTX_free'
ntp_crypto.c:(.text+0x72c): undefined reference to `EVP_MD_CTX_free'
So ensure we only pass --with-crypto when libopenssl is used.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 522111f81c)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
14.6.1:
* AST-2017-005 (applied to all released versions): The "strictrtp" option in
rtp.conf enables a feature of the RTP stack that learns the source address
of media for a session and drops any packets that do not originate from
the expected address. This option is enabled by default in Asterisk 11
and above. The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the RTP stack.
This uses the source address of incoming media as the target address of
any sent media. This option is not enabled by default but is commonly
enabled to handle devices behind NAT.
A change was made to the strict RTP support in the RTP stack to better
tolerate late media when a reinvite occurs. When combined with the
symmetric RTP support this introduced an avenue where media could be
hijacked. Instead of only learning a new address when expected the new
code allowed a new source address to be learned at all times.
If a flood of RTP traffic was received the strict RTPsupport would allow
the new address to provide media and with symmetric RTP enabled outgoing
traffic would be sent to this new address, allowing the media to be
hijacked. Provided the attacker continued to send traffic they would
continue to receive traffic as well.
* AST-2017-006 (applied to all released versions): The app_minivm module has
an “externnotify” program configuration option that is executed by the
MinivmNotify dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS shell for
interpretation and execution. Since the caller-id name and number can
come from an untrusted source, a crafted caller-id name or number allows
an arbitrary shell command injection.
* AST-2017-007 (applied only to 13.17.1 and 14.6.1): A carefully crafted URI
in a From, To or Contact header could cause Asterisk to crash
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11252-13171-1461-116-cert17-1313-cert5-now-available-security
14.6.2:
* AST-2017-008: Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the “nat” and “symmetric_rtp”
options allow redirecting where Asterisk sends the next RTCP report.
The RTP stream qualification to learn the source address of media always
accepted the first RTP packet as the new source and allowed what
AST-2017-005 was mitigating. The intent was to qualify a series of
packets before accepting the new source address.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-11253-13172-1462-116-cert18-1313-cert6-now-available-security
Drop 0004-configure-in-cross-complation-assimne-eventfd-are-av.patch as this
is now handled differently upstream (by disabling eventfd for cross
compilation, see commit 2e927990b3d2 (eventfd: Disable during cross
compilation)). If eventfd support is needed then this should be submitted
upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 3f1d2c6c74)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
>From the advisory (https://irssi.org/security/irssi_sa_2018_01.txt):
Multiple vulnerabilities have been located in Irssi.
(a) When the channel topic is set without specifying a sender, Irssi
may dereference NULL pointer. Found by Joseph Bisch. (CWE-476)
CVE-2018-5206 was assigned to this issue.
(b) When using incomplete escape codes, Irssi may access data beyond
the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5205 was assigned to this issue.
(c) A calculation error in the completion code could cause a heap
buffer overflow when completing certain strings. (CWE-126) Found
by Joseph Bisch.
CVE-2018-5208 was assigned to this issue.
(d) When using an incomplete variable argument, Irssi may access data
beyond the end of the string. (CWE-126) Found by Joseph Bisch.
CVE-2018-5207 was assigned to this issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit aebdb1cd4b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Verified experimentally by using exception_ptr with m68k_cf5208 and
looking at the value of ATOMIC_INT_LOCK_FREE. ATOMIC_INT_LOCK_FREE=1,
so the issue is present. Also verified that gcc 7.x fixed it also for
cf5208.
Signed-off-by: Jan Heylen <jan.heylen@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 98b3b83fb5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Autotools-based packages that do not need C++ but check for it, and use
libtool, will fail to configure on distros that lack /lib/cpp.
This is the case for example on Arch Linux, where expat fails to build
with:
configure: error: in `/home/dkc/src/buildroot/build/build/expat-2.2.4':
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
This is because libtool uses AC_PROC_CXXCPP, which can not be avoided,
and does require a cpp that passes some "sanity" checks (does not choke
on valid input, but does choke on invalid input). So we can use neither
/bin/false nor /bin/true...
We instead need something that can digest some basic C++ preprocessor
input. We can't use the target preprocessor: that does not work, because
it obviously has no C++ cupport:
arm-linux-cpp.br_real: error: conftest.cpp: C++ compiler not
installed on this system
We can however consider that the host machine does have a C++ compiler,
so we use the host' cpp, which is gcc's compiler wrapper that ends up
calling the host's C++ preprocessor.
That would give us a valid C++ preprocessor when we don't have one, in
fact. But autotools will then correctly fail anyway, because there is
indeed no C++ compiler at all, as we can see in this excerpt of a
configure log from expat:
checking whether we are using the GNU C++ compiler... no
checking whether false accepts -g... no
checking dependency style of false... none
checking how to run the C++ preprocessor... cpp
checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
libtool.m4: error: problem compiling CXX test program
checking for false option to produce PIC... -DPIC
checking if false PIC flag -DPIC works... no
checking if false static flag works... no
checking if false supports -c -o file.o... no
checking if false supports -c -o file.o... (cached) no
checking whether the false linker (/home/ymorin/dev/buildroot/O/host/bin/arm-linux-ld) supports shared libraries... yes
So, using the host's C++ preprocessor (by way of gcc's wrapper) leads to
a working situation, where the end result is as expected.
Reported-by: Damien Riegel <damien.riegel@savoirfairelinux.com>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Damien Riegel <damien.riegel@savoirfairelinux.com>
Cc: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit bd39d11d2e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Make sure that the pie charts produced by 'graph-build' and 'graph-size'
targets are sorted on the size of each piece of the pie. Otherwise, making
visual analysis is difficult, as one needs to look at the legends of each
piece and do the sorting manually in their head.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit a3f37c53d5)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
BusyBox installs kill, link, mktemp, nice and printenv on /bin, so
ensure that coreutils replaces them.
Signed-off-by: Carlos Santos <casantos@datacom.ind.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 443897bce4)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current link leads to a 400 Bad Request error page.
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit b0748bd1ba)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
If we don't explicitly disable SELinux support in the host-tar build,
it might pick up system-wide installed SELinux libraries, causing the
tar in HOST_DIR/bin/ to depend on the host SELinux libraries, which is
not desirable to make the SDK portable/relocatable.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 121807c089)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
First, the .pc file was so far fixed as a post-configure hook of the
matchbox-fakekey package, by directly tweaking the .pc file installed in
staging by matchbox-lib. That's uterly wrong and bad.
So, we move the fix to matchbox-lib.
Second, it was incorreclty tweaking the .pc file when xlib_libXft was
not enabled, because only then a path to staging was present.
Third, even when xlib_libXft was enabled, the tweaking was still wrong,
because unnecessary.
Fix all that.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 84a2645e5b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
matchbox-lib build-depends on xlib_libXext, but forgets to select it.
It also build-depends on expat without selecting it, but it does need
it.
Fix that: select xlib_libXext, remove expat.
Add myself to developpers for matchbox packages.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 2cfda4704e)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Avahi needs avahi-daemon and D-Bus to build avahi-client.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 18e00edb77)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bump mfgtools to include the fix [1] for the C++ build issue reported
by the autobuilders.
This bump include only 4 small commits fixing memory leak and this
build issue.
Remove CPOL.htm (removed upstream) from MFGTOOLS_LICENSE_FILES but CPOL
license is still valid.
Add the README.txt file to MFGTOOLS_LICENSE_FILES since it contains
licensing informations:
Licenses:
- CPOL: MfgToolLib/XmlLite.CPP and XmlLite.h
- BSD: Others.
Add license file hash.
[1] b370a43e54
Fixes:
http://autobuild.buildroot.net/results/7c2bbbe13ab315684f3502afd96958a76879b1d5
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Gary Bisson <gary.bisson@boundarydevices.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 34c4c0680a)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The old SGI site is not accessible anymore. Use the link from the README
file.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 1fa2f7646f)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is a maintenance release of the current stable WebKitGTK+ version,
which contains fixes for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856. Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer based
multimedia backend, and fixes a bug when handling cookie removal.
Release notes can be found in the announcement:
https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html
More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:
https://webkitgtk.org/security/WSA-2017-0010.html
Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit fbf6a483e0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e7f82694cf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
CVE-2017-13672: QEMU (aka Quick Emulator), when built with the VGA display
emulator support, allows local guest OS privileged users to cause a denial
of service (out-of-bounds read and QEMU process crash) via vectors involving
display update.
CVE-2017-15118: Stack buffer overflow in NBD server triggered via long
export name
CVE-2017-15119: DoS via large option request
CVE-2017-15268: Qemu through 2.10.0 allows remote attackers to cause a
memory leak by triggering slow data-channel read operations, related to
io/channel-websock.c.
For more details, see the release announcement:
https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg03618.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit eb2b3df626)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This would make the unicode challenged menuconfig show something
sensible.
Split the sentence for the text to make sense.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 5099c90939)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
