GCC support enabling secureplt for powerpc64.
From [1]
"PowerPC has two PLT models: BSS-PLT and Secure-PLT. BSS-PLT uses
runtime code generation to generate the PLT stubs. Secure-PLT was
introduced with GCC 4.1 and Binutils 2.17 (base has GCC 4.2.1 and
Binutils 2.17), and is a more secure PLT format, using a read-only
linkage table, with the dynamic linker populating a non-executable
index table."
This option is always enabled by glibc testing script
called build-many-glibcs.py [1]. This script exist since
glibc 2.25.
Runtime tested with qemu_ppc64_e5500_defconfig.
[1] https://reviews.freebsd.org/D20598
[2] https://sourceware.org/git/?p=glibc.git;a=blob;f=scripts/build-many-glibcs.py;h=9c08ab7b326e6385abb835eb32dd143952a71942;hb=9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3#l345
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matt Weber <matthew.weber@collins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport from upstream mailing list patch from Heiko Thiery which fixes
missing {name_to,open_by}_handle_at() on uclibc-ng < 1.0.35.
Drop patch from v5.8.0.
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Specify that iostat 'package' has been removed to be consistent with
other entries
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Commit fd7312940a (Makefile: add new missing-cpe target) added the
rule to generate a set of files to update the NVD.
For an in-tree build, 'make clean' remove the output directory, so
those files are removed. But for an out-of-tree build, the output
directory is not removed, so those files still linger around after a
clean.
Explicitly remove them on clean, to cater for both cases.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Matthew Weber <matthew.weber@collins.com>
Reviewed-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The application library (liblvm2app) has been dropped since version
2.03.00 and
0d22b58172
It should be noted that lvm2 support must be dropped from udisks until
a bump to at least version 2.7.0 and
4c0709a893
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
- slightly expand help text for legacy BR2_PACKAGE_UDISKS_LVM2
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issues:
- CVE-2020-8696: Description: Improper removal of sensitive information
before storage or transfer in some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local
access
- CVE-2020-8698: Description: Improper isolation of shared resources in some
Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
License file updated with the new year, so change hash accordingly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
From the release notes:
================================================================================
Redis 6.2.3 Released Mon May 3 19:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. LOW otherwise.
Read more on https://github.com/redis/redis/blob/6.2.3/00-RELEASENOTES
Signed-off-by: Titouan Christophe <titouanchristophe@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr: drop files from patches not applied]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Boot a QEMU sbsa-ref machine with ATF, EDK2, GRUB2 and a minimal
kernel. This is a simple but effective test of a compliant setup.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This introduces a configuration for the SBSA reference machine under
QEMU that is intended for developing and testing firmware. It consists
of ATF that load EDK2 as BL33 which in turn will load GRUB2.
Included with the board files is a minimal kernel configuration, almost
identical to that of board/qemu/aarch64-virt/linux.config. The main
difference is the addition of ACPI which is preferred over DTB for
booting an UEFI system.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
EDK2 is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications.
The initial version of this bootloader package makes it possible to
build firmware for the following seven configurations:
* QEMU x86-64 pc machine
* QEMU aarch64 virt machine, booting directly from flash
* QEMU aarch64 virt machine, booting via the kernel protocol
* QEMU aarch64 sbsa-ref machine
* ARM FVP vexpress machine
* Socionext SynQuacer Developerbox
* SolidRun MacchiatoBin
Support the use of EDK2 UEFI payloads as BL33 in ARM Trusted Firmware.
Signed-off-by: Dick Olsson <hi@senzilla.io>
[yann.morin.1998@free.fr:
- duplicate defaults in Config.in
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
EDK2 firmware is usually built from two sources; the core EDK2
environment, and additional platform description files maintained
separately. This package adds the latter set of description files to
staging so that the core EDK2 package can build with these for certain
platforms during the building process.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The riscv support has been added since v7.6.4 release.
137643f141
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
[yann.morin.1998@free.fr:
- split the long line
- reorder the archs alphabetically, and group related ones
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport an upstream patch fixing a link issue with libgc.so on RISC-V
riscv64-buildroot-linux-musl/sysroot/usr/lib/libgc.so: undefined reference to `__data_start'
https://gitlab.com/kubu93/buildroot/-/jobs/1229888983
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
lvmetad has been dropped since version 2.03.00 and
117160b27e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Openssl implements lot of algorithms that are not required in some
emdedded devices and cyphers known as weak. Secure embedded systems
shall disable unused algorithms (and weak algo) in order to be
certified.
This patch allows to select weak algorithms and mecanims to enable
such as md5.
To ensure backward compatibility, all items are selected by default.
Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
[yann.morin.1998@free.fr:
- drop help texts that just repeat the prompts
- fix check-package
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>