In commit 0c82f3f635 (package/gcc: remove powerpc conditional patching
logic), the macro defining the conditional patch was removed, but it was
still referenced and expanded in the apply-patches hook.
Drop that now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-39325: rapid stream resets can cause excessive work
A malicious HTTP/2 client which rapidly creates requests and immediately
resets them can cause excessive server resource consumption. While the
total number of requests is bounded to the http2.Server.MaxConcurrentStreams
setting, resetting an in-progress request allows the attacker to create a
new request while the existing one is still executing.
go1.21.3 (released 2023-10-10) includes a security fix to the net/http
package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Reviewed-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issues:
ZDI-CAN-21443: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0004.html
ZDI-CAN-21444: Heap-based buffer overflow in the RealMedia file demuxer when
handling malformed files in GStreamer versions before 1.22.5 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0005.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37327: Heap-based buffer overflow in the FLAC parser when
handling malformed image tags in GStreamer versions before 1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2023-37328: Heap-based buffer overflow in the subparse subtitle
parser when handling certain SRT subtitle files in GStreamer versions before
1.22.4 / 1.20.7.
https://gstreamer.freedesktop.org/security/sa-2023-0002.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update hash of license file (modern MIT license text used since
6d077838f7)
https://c-ares.org/changelog.html#1_20_1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The gpt-auto-generator can generate the boot.mount unit, which reports
an error if this directory can't be created (if / is read-only). There
is no reason not to create this directory, even if the platform doesn't
actually have a boot partition that can be mounted there.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
journald will always have a runtime log in /run/systemd/journal,
and a persistent one in /var/log/journal under certain conditions.
By default it will check for the existence of that directory.
When /var is not backed by mass-storage you typically don't want your
log duplicated and journald should be tuned to account for
having only RAM available.
With this commit, the directory will no longer be created automatically,
but instead it's created only if the root filesystem is writeable.
It is rather easy for users to opt-in by either creating that directory
(e.g. with a tmpfiles fragment) or editing /etc/systemd/journald.conf.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
The mode should reflect the mount directory,
and 755 is the default - so drop the mount option.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- use a simple mount unit for
TestInitSystemSystemdRoFullOverlayfsVarBacking;
- change the test of TestInitSystemSystemdRoFullOverlayfsVarBacking to
check that the exact expected mount was performed;
- add a test of var backing with fstab instead of mount unit.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Systemd requires /var to be writeable [1]. With read-only rootfs, we
need a solution that makes sure /var is writeable. We already have a
solution using a factory, with systemd-tmpfiles. This approach has a few
limitations:
- The behaviour of what happens when the rootfs is updated and the
contents of the factory /var changes are not very intuitive.
- systemd-tmpfiles is not started super early in the boot, so there's a
relatively long time that /var is not writeable. There is also no easy
way in systemd to express dependencies on the subdirectories of /var
to have been populated from the factory.
- The contents of /var is duplicated. If it is big, the rootfs size
increases unnecessarily and it takes a long time before the copying is
done. This is also not done atomically.
This commit adds an alternative using an overlay filesystem that has the
following characteristics:
- Don't depend on anything being available, except the
API File Systems [2]. In other words, this can be done very early in
the boot process. This is useful because /var is meant to be
available before normal and even some early services are running.
- Be a clean drop-in, that can be trivially added / removed.
- Make sure that overlayfs is available in the kernel.
- Units are (partially) reusable for custom solutions. This goal is
actually not fully reached yet: for that the service file should be
converted into a template, and the mount unit should use a specifier
for all repeated references to /var.
Mounting the overlay is slightly acrobatic and requires a few steps:
- First, we have to make sure the directories for overlayfs's upper,
lower and work directories are available on a tmpfs. Note that
"upper" and "work" must be on the same filesystem.
- The writeable overlay upper directory must be mounted.
- The original contents of /var must be bind-mounted to the overlay
lower directory.
- Finally, the overlay must be mounted on /var.
For the overlayfs directories, we create a tree on /run. Since there is
no standard name convention for this, we create a new directory
"/run/buildroot" with subdirectory "mounts" for everything
mount-related. Below that, a subdirectory is created for every mount
point that needs helper directories. Thus, we arrive to
/run/buildroot/mounts/var as the base directory for the overlay. Below
this, the directories lower, upper and work are created.
The bind-mount of /var is done in the same service as the one creating
the overlay lower, upper and work directories. Creating those
directories can't be done in a mount unit, and bind-mounting /var in a
mount unit would create a circular dependency. Indeed, if we had a mount
unit to do the bind mount, then it sould look like:
# run-buildroot-mounts-var-lower.mount
[Mount]
What=/var
Where=/run/buildroot/mounts/var/lower
Options=bind
and then the var.mount unit would need to have a dependency on that
unit:
# var.mount
[Unit]
After=run-buildroot-mounts-var-lower.mount
[Mount]
Where=/var
However, the What=/var of the first unit automatically adds an implicit
dependency on /var, and since there is a unit providing Where=/var, we
would have run-buildroot-mounts-var-lower.mount depend on var.mount, but
we need var.mount to depend on run-buildroot-mounts-var-lower.mount, so
this is a circular dependency. There is no way to tell systemd no to add
the implicit dependency. So we do the bind mont manually in the service
unit that prepares the overlay structure.
For the writeable upper layer, we don't need to do anything. In the
default configuration, the upper layer is supposed to be a tmpfs, and
/run/buildroot/mounts/var/upper is already a tmpfs so it can serve as
is. To make it persistent, we suggest to the user to mount a writeable,
persistent filesystem on /run/buildroot/mounts/var. The
RequiresMountsFor dependency in the prepare-var-overlay service makes
sure that that mount is performed before the overlay is started. Using
/run/buildroot/mounts/var/upper as the mount point sounds more logical
at first, but since the work directory is supposed to be on the same
filesystem as the upper directory, this wouldn't work very well.
As example, consider using /dev/sdc1 as upper layer for var, this can be
achieved by adding the following line to fstab:
/dev/sdc1 /run/buildroot/mounts/var ext4 defaults
Systemd will convert this into a mount unit with all the proper
dependencies.
Norbert provided some systemd units as a starting point, and that was
quite a huge help in understanding how to fit all those things together.
[1] - https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems/
Co-authored-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Romain Naour <romain.naour@smile.fr>
Cc: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
[Arnout:
- Merge commit messages from Yann and from Norbert.
- Remove the run-buildroot-mounts-var.mount unit; instead, just reuse
the existing tmpfs for the upper layer in the default case.
- Update the help text to explain how to mount a custom upper layer
with fstab.
]
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Currently, we have a single solution to handle the /var content on a
read-only root filesystem, and users can opt out of using it.
We're going to introduce another solution (based on an overlayfs), which
is incompatible with using the factory, so we'll have a choice of three
mutually exclusive options.
Introduce that choice now with just the existing /var factory, and a new
option to opt out of it.
Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Norbert Lange <nolange79@gmail.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Romain Naour <romain.naour@smile.fr>
Cc : Jérémy Rosen <jeremy.rosen@smile.fr>
Acked-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Fixes CVE-2023-39323: Line directives ("//line") can be used to bypass the
restrictions on "//go:cgo_" directives, allowing blocked linker and compiler
flags to be passed during compilation. This can result in unexpected
execution of arbitrary code when running "go build".
go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the compiler, the go command, the linker,
the runtime, and the runtime/metrics package.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit b574a9606e (package/erlang: do not hard-code the Erlang
Interface Version (EI_VSN)) removed the need to care about keeping
the erlang version and its API version in sync, as the latter is
automatically extracted from installed files. The corresponding comment
was removed in that commit:
# Whenever updating Erlang, this value should be updated as well, to the
# value of EI_VSN in the file lib/erl_interface/vsn.mk
However, the removal of the comment above the package version was
leftover (probably because of a conflict with a version bump that was
improperly resolved).
Drop the comment now.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
am62x_sk_defconfig should be ti_am62x_sk_defconfig
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
