Update to Buildroot 2024.02 #7
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rkflow Signed-off-by: Thomas Devoogdt <[email protected]> Reviewed-by: J. Neuschäfer <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 32753c6) Signed-off-by: Peter Korsgaard <[email protected]>
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Signed-off-by: Angelo Compagnucci <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit dfaa34d) Signed-off-by: Peter Korsgaard <[email protected]>
Commit dfaa34d forgot to update hash of LICENSE file: ERROR: LICENSE has wrong sha256 hash: ERROR: expected: e706384c6f299d1b6fa782ae657740b372b4bd7938a1a318bf94ac249114758a ERROR: got : cf234c27a3f275f5a050f4df3946f8855704226fe4e7ca8b33928cbcecbced37 LICENSE file has been updated to clean up authors and contributors: python-pillow/Pillow@4197263 Fixes: dfaa34d - http://autobuild.buildroot.org/results/5a35d83c73367e1b20534b1bc7f2f564cf653a38 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit b8a86f5) Signed-off-by: Peter Korsgaard <[email protected]>
Fixes CVE-2024-1874, CVE-2024-2756 & CVE-2024-3096. Changelog: https://www.php.net/ChangeLog-8.php#PHP_8_2 Release notes: https://news-web.php.net/php.announce/423 Signed-off-by: Peter Korsgaard <[email protected]>
To ensure the correct prefix is used in the generated tinycbor.pc instead of
/usr/local:
>>> tinycbor 0.6.0 Building
..
sed > tinycbor.pc < tinycbor.pc.in \
-e 's,@Prefix@,/usr/local,' \
-e 's,@exec_prefix@,/usr/local,' \
-e 's,@libdir@,/usr/local/lib,' \
-e 's,@includedir@,/usr/local/include,' \
-e 's,@Version@,0.6.0,'
>>> tinycbor 0.6.0 Installing to staging directory
..
install -m 644 tinycbor.pc /path/to/buildroot/output/host/aarch64-buildroot-linux-gnu/sysroot/usr/lib/pkgconfig/tinycbor.pc
Signed-off-by: Peter Korsgaard <[email protected]>
(cherry picked from commit b059e08)
Signed-off-by: Peter Korsgaard <[email protected]>
Fix the following CVEs: - CVE-2024-32041 [Low[ OutOfBound Read in zgfx_decompress_segment - CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in clear_decompress_residual_data - CVE-2024-32040 [Low] integer underflow in nsc_rle_decode - CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle - CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress - CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit 1126be7) Signed-off-by: Peter Korsgaard <[email protected]>
Fixes the following security issues: CVE-2021-3575: A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. Signed-off-by: Angelo Compagnucci <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]> (cherry picked from commit ff36bc6) Signed-off-by: Peter Korsgaard <[email protected]>
… series Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit 9c592ec) [Peter: drop 6.8.x bump] Signed-off-by: Peter Korsgaard <[email protected]>
Fixes the following security issues: CVE-2024-32473: Ensure IPv6 is disabled on interfaces only allocated an IPv4 address by the engine GHSA-x84c-p2g9-rqv9 Signed-off-by: Peter Korsgaard <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 8e37a88) Signed-off-by: Peter Korsgaard <[email protected]>
https://github.com/moby/moby/releases/tag/v26.0.2 Signed-off-by: Peter Korsgaard <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 49c8154) Signed-off-by: Peter Korsgaard <[email protected]>
- set CPE_ID_VENDOR to silence mismatched CVE-2001-0956 ([1], [2]) warning clearly aiming some other product/version ("speechd 0.54 with Festival or rsynth speech synthesis package") [1] https://security-tracker.debian.org/tracker/CVE-2001-0956 [2] GHSA-67cw-4jhh-3jm7 Signed-off-by: Peter Seiderer <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 2065273) Signed-off-by: Peter Korsgaard <[email protected]>
GCC14 now treats implicit int types as error so when check() from check-lxdialog.sh is called to check whether we can link against ncurses it will fail silently and the help text indicating to install ncurses is printed. However, this is not due to missing ncurses but once the stderr redirect to /dev/null is removed we can see the root cause: <stdin>:2:1: error: return type defaults to ‘int’ [-Wimplicit-int] So, in order for menuconfig to work with GCC14 lets just specify the return type of main() as int. Npte that the upstream kconfig in the linux kernel source tree no longer carries or uses the check-lxdialog.sh script since commit 1c5af5cf9308 (kconfig: refactor ncurses package checks for building mconf and nconf), so there is no commit we can backport to our kconfig copy. Signed-off-by: Robert Marko <[email protected]> Reviewed-by: Petr Vorel <[email protected]> Tested-by: Petr Vorel <[email protected]> [[email protected]: add note about upstream kernel] Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit a6210d2) Signed-off-by: Peter Korsgaard <[email protected]>
The commit [1] updated the u-boot version with the one used by orangepi_zero_plus2_defconfig but the dependency on openssl was forgotten. Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6703221868 [1] eb16148 Signed-off-by: Romain Naour <[email protected]> (cherry picked from commit bc75b09) Signed-off-by: Peter Korsgaard <[email protected]>
Since the toolchain Bootlin update to 2023.11-1 [1], the arm Linux
kernel build is broken with binutils >= 2.41 with:
arch/arm/mm/proc-v7.S: Assembler messages:
arch/arm/mm/proc-v7.S:640: Error: junk at end of line, first unrecognized character is `#'
A similar issue has already be fixed for qemu m68k [2].
Bump to the latest kernel 4.19 that already include the backport
of 790756c7e022 ("ARM: 8933/1: replace Sun/Solaris style flag on section directive")
[1] 7e0e6e3
[2] a1ce947
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6703222383
Signed-off-by: Romain Naour <[email protected]>
(cherry picked from commit 7e126bd)
Signed-off-by: Peter Korsgaard <[email protected]>
Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6609466641 Signed-off-by: Julien Olivain <[email protected]> Reviewed-by: Fabio Estevam <[email protected]> Signed-off-by: Romain Naour <[email protected]> (cherry picked from commit ffe920b) Signed-off-by: Peter Korsgaard <[email protected]>
The build failed with: Incorrect selection of kernel headers: expected 6.8.x, got 6.5.x Fixes: https://gitlab.com/buildroot.org/buildroot/-/jobs/6498278078 Signed-off-by: Gero Schwäricke <[email protected]> Signed-off-by: Romain Naour <[email protected]> (cherry picked from commit f5aac04) Signed-off-by: Peter Korsgaard <[email protected]>
The build for this defconfig fails with:
Incorrect selection of kernel headers: expected 6.8.x, got 6.1.x
Found with the following command while trying to find boards that have
missing custom headers series:
grep --null --recursive --files-without-match "BR2_TOOLCHAIN_EXTERNAL=y" ./configs \
| xargs --null grep --null --files-with-matches "BR2_LINUX_KERNEL_CUSTOM_.*=y" \
| xargs --null grep --null --files-without-match "BR2_KERNEL_HEADERS_[0-9]\+_[0-9]\+=y"\
| xargs --null grep --files-without-match "BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_[0-9]\+_[0-9]\+=y"
./configs/mangopi_mq1rdw2_defconfig # patch pending
./configs/raspberrypizero2w_defconfig
./configs/sipeed_licheepi_nano_defconfig # patch pending
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/6712162631
Signed-off-by: Gero Schwäricke <[email protected]>
[Romain: add gitlab-ci link]
Signed-off-by: Romain Naour <[email protected]>
(cherry picked from commit dc18b63)
Signed-off-by: Peter Korsgaard <[email protected]>
Wireless regulatory database lists the allowed radio frequencies for each local jurisdiction. Since linux-4.15 the kernel supports loading the files regulatory.db/regulatory.db.p7s directly from the /lib/firmware directory. Currently this package is not enabled and kernel complains with the following message on every boot: """ platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 cfg80211: failed to load regulatory.db """ Add wireless regulatory database package to fix the issue. Signed-off-by: Konstantin Aladyshev <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 16e9f51) Signed-off-by: Peter Korsgaard <[email protected]>
For change log since v2.3.4, see: - https://github.com/FluidSynth/fluidsynth/releases/tag/v2.3.5 Signed-off-by: Julien Olivain <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 0215a6d) Signed-off-by: Peter Korsgaard <[email protected]>
Set ac_cv_path_SHUTDOWN to /sbin/shutdown to avoid the following build failure when shutdown is not available on host raised since the addition of the package in commit d12b63b: configure: error: Missing required tool; need any one of: shutdown shutdown.bsd Fixes: d12b63b - http://autobuild.buildroot.org/results/a8bbb5ced8343e08070361f260050de422144710 Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 640a790) Signed-off-by: Peter Korsgaard <[email protected]>
libgmp is included in coreutils (through bootstrap.conf) since bump to version 9.0 in commit 2ee43ba and https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=13046444888a7e96f48d28fdd5a6ffe03d4ab036: configure: WARNING: unrecognized options: --disable-gtk-doc, --disable-gtk-doc-html, --disable-doc, --disable-docs, --disable-documentation, --with-xmlto, --with-fop, --enable-ipv6, --enable-static, --enable-shared, --without-gmp Fixes: 2ee43ba Signed-off-by: Fabrice Fontaine <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 16463a0) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Julien Olivain <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 6317f6c) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Julien Olivain <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 7c1faf9) Signed-off-by: Peter Korsgaard <[email protected]>
The http URL redirects to https. This commit updates this URL to directly use https. Signed-off-by: Julien Olivain <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 2aa3a23) Signed-off-by: Peter Korsgaard <[email protected]>
Bump to latest version, fixing couple of bugs. Remove patch already included in this release. https://github.com/linux-pam/linux-pam/releases/tag/v1.6.1 Signed-off-by: Jan Čermák <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 0d394c3) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Sébastien Szymanski <[email protected]> Signed-off-by: Romain Naour <[email protected]> (cherry picked from commit 74c0cf2) Signed-off-by: Peter Korsgaard <[email protected]>
Sebastian email address at Smile is bouncing, so drop it from the DEVELOPERS file. Signed-off-by: Romain Naour <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 7b973da) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Francois Perrad <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit 566eb38) Signed-off-by: Peter Korsgaard <[email protected]>
Release notes: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes https://forum.torproject.org/t/stable-release-0-4-8-11/12265 Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit f1723c9) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Bernd Kuhls <[email protected]> Signed-off-by: Thomas Petazzoni <[email protected]> (cherry picked from commit d476d2e) Signed-off-by: Peter Korsgaard <[email protected]>
No functional change as we install a python symlink, but use python3 for consistency with the other scripts. Signed-off-by: Peter Korsgaard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit ed92885) Signed-off-by: Peter Korsgaard <[email protected]>
Drop patch which is now upstream. Among other things, this fixes building with Linux 6.9. systemd/systemd-stable@a4ce409 Signed-off-by: James Hilliard <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit ba19e51) Signed-off-by: Peter Korsgaard <[email protected]>
The Debian control aarchive does not contain any patch for liblockfile 1.17; it has had no patch since Debian packaged version 1.16-1.1. Drop the path tarball now. Signed-off-by: Yann E. MORIN <[email protected]> [Arnout: also drop from hash file] Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit f84c8d1) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit 9fb9d71) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit c6ee0ea) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Cc: Adam Duskett <[email protected]> [Arnout: quote TAR="..."] Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit 68fd000) Signed-off-by: Peter Korsgaard <[email protected]>
Later commits will start using this variable. Signed-off-by: Yann E. MORIN <[email protected]> [Arnout: quote TAR="..."] Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit ce6b48c) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit 86f6c79) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit 84309d7) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Yann E. MORIN <[email protected]> Signed-off-by: Arnout Vandecappelle <[email protected]> (cherry picked from commit c013836) Signed-off-by: Peter Korsgaard <[email protected]>
Fixes the following error:
ERROR: Feature "opengles2": Forcing to "ON" breaks its condition:
NOT WIN32 AND NOT WATCHOS AND NOT QT_FEATURE_opengl_desktop AND GLESv2_FOUND
Condition values dump:
WIN32 = ""
WATCHOS = "0"
QT_FEATURE_opengl_desktop = "ON"
GLESv2_FOUND = "TRUE"
CMake Error at cmake/QtBuildInformation.cmake:209 (message):
Check the configuration messages for an error that has occurred.
Call Stack (most recent call first):
cmake/QtBuildInformation.cmake:39 (qt_configure_print_summary)
cmake/QtBuildRepoHelpers.cmake:332 (qt_print_feature_summary)
CMakeLists.txt:208 (qt_build_repo_end)
To recreate the error, use the following defconfig (based on freescale_imx8mmevk_defconfig):
BR2_aarch64=y
BR2_ARM_FPU_VFPV3=y
BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_5_10=y
BR2_TOOLCHAIN_BUILDROOT_CXX=y
BR2_GLOBAL_PATCH_DIR="board/freescale/common/patches"
BR2_TARGET_GENERIC_GETTY_PORT="ttymxc1"
BR2_ROOTFS_POST_IMAGE_SCRIPT="board/freescale/common/imx/imx8-bootloader-prepare.sh board/freescale/common/imx/post-image.sh"
BR2_ROOTFS_POST_SCRIPT_ARGS="${UBOOT_DIR}/arch/arm/dts/imx8mm-evk.dtb"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_TARBALL=y
BR2_LINUX_KERNEL_CUSTOM_TARBALL_LOCATION="$(call github,nxp-imx,linux-imx,lf-5.10.y-1.0.0)/linux-imx-lf-5.10.y-1.0.0.tar.gz"
BR2_LINUX_KERNEL_DEFCONFIG="imx_v8"
BR2_LINUX_KERNEL_DTS_SUPPORT=y
BR2_LINUX_KERNEL_INTREE_DTS_NAME="freescale/imx8mm-evk freescale/imx8mm-evk-revb-qca-wifi"
BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
BR2_PACKAGE_QT6=y
BR2_PACKAGE_QT6BASE_GUI=y
BR2_PACKAGE_QT6BASE_OPENGL=y
BR2_PACKAGE_FREESCALE_IMX=y
BR2_PACKAGE_FREESCALE_IMX_PLATFORM_IMX8MM=y
BR2_PACKAGE_FIRMWARE_IMX=y
BR2_PACKAGE_IMX_GPU_VIV=y
BR2_PACKAGE_KERNEL_MODULE_IMX_GPU_VIV=y
BR2_TARGET_ROOTFS_EXT2=y
BR2_TARGET_ROOTFS_EXT2_4=y
BR2_TARGET_ROOTFS_EXT2_SIZE="256M"
BR2_TARGET_ARM_TRUSTED_FIRMWARE=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL=y
BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL_LOCATION="$(call github,nxp-imx,imx-atf,lf-5.10.y-1.0.0)/imx-atf-lf-5.10.y-1.0.0.tar.gz"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="imx8mm"
BR2_TARGET_ARM_TRUSTED_FIRMWARE_BL31=y
BR2_TARGET_UBOOT=y
BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
BR2_TARGET_UBOOT_CUSTOM_TARBALL=y
BR2_TARGET_UBOOT_CUSTOM_TARBALL_LOCATION="$(call github,nxp-imx,uboot-imx,lf-5.10.y-1.0.0)/uboot-imx-lf-5.10.y-1.0.0.tar.gz"
BR2_TARGET_UBOOT_BOARD_DEFCONFIG="imx8mm_evk"
BR2_TARGET_UBOOT_NEEDS_DTC=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="u-boot-nodtb.bin"
BR2_TARGET_UBOOT_SPL=y
BR2_PACKAGE_HOST_DOSFSTOOLS=y
BR2_PACKAGE_HOST_GENIMAGE=y
BR2_PACKAGE_HOST_IMX_MKIMAGE=y
BR2_PACKAGE_HOST_MTOOLS=y
BR2_PACKAGE_HOST_UBOOT_TOOLS=y
BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT=y
Signed-off-by: Roy Kollen Svendsen <[email protected]>
Signed-off-by: Arnout Vandecappelle <[email protected]>
(cherry picked from commit e4b8380)
Signed-off-by: Peter Korsgaard <[email protected]>
When running a test that uses host-python-setuptools using the Buildroot
Docker image, for example running the following command,
> ./utils/docker-run ./support/testing/run-tests -o output -s -k tests.package.test_python_pytest.TestPythonPy3Pytest
The build fails with the following error,
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/build/host-python-setuptools-69.2.0/setuptools/_distutils/dist.py", line 354, in _gen_paths
> yield pathlib.Path('~').expanduser() / filename
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/home/blmaier/buildroot/output/TestPythonPy3Pytest/host/lib/python3.11/pathlib.py", line 1385, in expanduser
> raise RuntimeError("Could not determine home directory.")
> RuntimeError: Could not determine home directory.
>
> ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel
Python setuptools is looking for $HOME but failing to find it.
Signed-off-by: Brandon Maier <[email protected]>
Signed-off-by: Arnout Vandecappelle <[email protected]>
(cherry picked from commit 4dafb8b)
Signed-off-by: Peter Korsgaard <[email protected]>
Fixes: ef57da2 Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 139e478) Signed-off-by: Peter Korsgaard <[email protected]>
Previously, when running `PYTHON3_REMOVE_USELESS_FILES`, the hook to clean up files from the python config directory assumed a pattern of "config-$(VERSION)m-$(PLATFORM_TRIPLET)". However, the "m" ABI suffix was dropped in python 3.8, so the hook would never actually find files to delete. No error was raised due to the use of a subshell to invoke find. Also, if a platform triplet is not detected during the configure stage, the config directory (LIBPL) defaults to `config-$VERSION`, and has no trailing `-$PLATFORM_TRIPLET`. Now, we glob anything after the version to ensure files get deleted. Signed-off-by: Vincent Fazio <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit a1efb54) Signed-off-by: Peter Korsgaard <[email protected]>
Signed-off-by: Kilian Zinnecker <[email protected]> Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 436d868) Signed-off-by: Peter Korsgaard <[email protected]>
The matching in genrandconfig is idiomatically done by matching whole lines, i.e. with the terminating \n but a few places are missing that. Those are only matching against '=y', a boolean symbol, so it is in practice not causing any issue. Still, for consistency, fix those. Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 8b8f5e3) Signed-off-by: Peter Korsgaard <[email protected]>
It is perfectly valid for a patch file to have trailing spaces, when for example an empty or space-only line is appears in a hunk: if the line if part of the context, whether it be empty or with only spaces, there will aways be the leading space introduced by the patch itsef, making for a sapce-only line; if the line is space-only and removed (or added) that will also appear as a space-only line. Currently, our editorconfig wants to unconditionally drop trailing spaces, so when one edits a patch file to add their SoB and Upstream tags, such a patch would get badly mangled and would not apply, causing quite some grief and questioning (sad experience looming in the recent past here)... Signed-off-by: Yann E. MORIN <[email protected]> (cherry picked from commit 85736a2) Signed-off-by: Peter Korsgaard <[email protected]>
Fixes the following security issues: GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Null pointer crash after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) Signed-off-by: Peter Korsgaard <[email protected]> Reviewed-by: Yann E. MORIN <[email protected]> Signed-off-by: Peter Korsgaard <[email protected]>
The kernel patches branches as a clever optimzation technique to help the branch predictor. However, we don't have a branch predictor, so the effect is basically zero, and the overhead of patching makes both the performance and kernel size worse. (I haven't benchmarked the performance admittedly.)
Since 5.10, there was a printk buffer change that separates messages and metadata into two buffers. This grew the kernel size significantly. As noted in the linked mailing list archive, one less is roughly the same amount of record storage. So we reduce by one to bring back down our memory usage. See https://lists.openwall.net/linux-kernel/2020/10/15/283
This shrinks the kernel much more than you might think. When enabled, every segment is forced to be in its own 2MB mapping (while it seems like page aligning should enough, they are aligning to PMD_SIZE, I believe to simplify the page tables. See 00cb41d5ad3189f52a59f42766918557693f94fa) I say let those who would write a kernel exploit for sedna have their fun!
|
I tried this a few times (look at closed prs) and got no responses, this repo will probably be unmaintained forever |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This massive PR is not quite as scary as it looks. 99.9% of the changes are just the result of merging the changes from Buildroot 2024.02.03 into the sedna branch.
The rest of the changes are tweaks to the kernel config to address changes between the previous 5.9 kernel and the 6.6 kernel. And some size/performance tweaks. We had one kernel patch previously which is now upstreamed, so we can drop that.
The kernel Image is now 3MB, down from 11MB. The bulk of the size savings are from disabling STRICT_KERNEL_RWX, which eliminates a lot of empty space caused by alignment
Note that to boot the 6.6 kernel, fnuecke/sedna#22 needs to be merged to fix the bug breaking newer kernels