Skip to content
Snippets Groups Projects
  1. Feb 24, 2021
    • Adrian Schmutzler's avatar
      imx-bootlets: refresh patches · 702147b7
      Adrian Schmutzler authored
      
      Tidy this up a little.
      
      Signed-off-by: default avatarAdrian Schmutzler <freifunk@adrianschmutzler.de>
      702147b7
    • Adrian Schmutzler's avatar
      zlib: properly split patches · 221eefaf
      Adrian Schmutzler authored
      
      This package had two patches (with two headers etc.) in one file,
      which would have quilt merging them during a refresh.
      
      Separate these patches into two files, as the original intent seems
      to be having them separate.
      
      Signed-off-by: default avatarAdrian Schmutzler <freifunk@adrianschmutzler.de>
      221eefaf
    • Daniel Golle's avatar
      base-files: remove unneeded '$' signs in nand.sh · 287bd78e
      Daniel Golle authored
      
      When using Shell arithmetric evaluation via $((..)) the variables in
      the expression do not need to be prefixed by the '$' sign.
      
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      Unverified
      287bd78e
    • Daniel Golle's avatar
      sysupgrade-nand: allow limiting rootfs_data by setting env variable · 5c10f26c
      Daniel Golle authored
      
      Check if firmware environment variable 'rootfs_data_max' exists and is
      set to a numerical value greater than 0. If so, limit rootfs_data
      volume to that size instead of using the maximum available size.
      
      This is useful on devices with lots of flash where users may want to
      have eg. a volume for persistent logs and statistics or for external
      applications/containers. Persistence on rootfs overlay is limited by
      the size of memory available during the sysugprade process as that
      data needs to be copied to RAM while the volume is being recreated
      during sysupgrade. Hence it is unsuitable for keeping larger amounts
      of data accross upgrade which makes additional volume(s) for
      application data desirable.
      
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      5c10f26c
    • Daniel Golle's avatar
      image: add support for building FIT image with filesystem · e6aac8d9
      Daniel Golle authored
      
      Allow for single (external-data) FIT image to hold kernel, dtb and
      squashfs. In that way, the bootloader verifies the system integrity
      including the rootfs, because what's the point of checking that the
      hash of the kernel is correct if it won't boot in case of squashfs
      being corrupted? Better allow bootloader to check everything needed
      to make it at least up to failsafe mode. As a positive side effect
      this change also makes the sysupgrade process on nand potentially
      much easier as it is now.
      In short: mkimage has a parameter '-E' which allows generating FIT
      images with 'external' data rather than embedding the data into the
      device-tree blob itself. In this way, the FIT structure itself remains
      small and can be parsed easily (rather than having to page around
      megabytes of image content). This patch makes use of that and adds
      support for adding sub-images of type 'filesystem' which are used to
      store the squashfs. Now U-Boot can verify the whole OS and the new
      partition parsers added in the Linux kernel can detect the filesystem
      sub-images, create partitions for them, and select the active rootfs
      volume based on the configuration in FIT (passing configuration via
      device tree could be implemented easily at a later stage).
      
      This new FIT partition parser works for NOR flash (on top of mtdblock),
      NAND flash (on top of ubiblock) as well as classic block devices
      (ie. eMMC, SDcard, SATA, NVME, ...).
      It could even be used to mount such FIT images via `losetup -P` on a
      user PC if this patch gets included in Linux upstream one day ;)
      
      Signed-off-by: default avatarJohn Crispin <john@phrozen.org>
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      e6aac8d9
  2. Feb 23, 2021
  3. Feb 22, 2021
  4. Feb 21, 2021
    • Georgi Valkov's avatar
      libusb: Fix parsing of descriptors for multi-configuration devices · 4b37e3bc
      Georgi Valkov authored
      
      Prerequisite patch:
      Correct a typo in the Changelog and clean up a stray file
      
      Fix changes in libusb which introduced a regression:
      Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
      initialization") introduced a regression for devices with multiple
      configurations. The logic that verifies the reported length of the
      configuration descriptors failed to count the length of the
      configuration descriptor itself and would truncate the actual length by
      9 bytes, leading to a parsing error for subsequent descriptors.
      
      Signed-off-by: default avatarGeorgi Valkov <gvalkov@abv.bg>
      4b37e3bc
  5. Feb 20, 2021
  6. Feb 19, 2021
  7. Feb 18, 2021
  8. Feb 17, 2021
    • Eneas U de Queiroz's avatar
      openssl: bump to 1.1.1j · 482c9ff2
      Eneas U de Queiroz authored
      
      This fixes 4 security vulnerabilities/bugs:
      
      - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
        SSLv2, but the affected functions still exist. Considered just a bug.
      
      - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
        EVP_DecryptUpdate may overflow the output length argument in some
        cases where the input length is close to the maximum permissable
        length for an integer on the platform. In such cases the return value
        from the function call will be 1 (indicating success), but the output
        length value will be negative.
      
      - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
        create a unique hash value based on the issuer and serial number data
        contained within an X509 certificate. However it was failing to
        correctly handle any errors that may occur while parsing the issuer
        field (which might occur if the issuer field is maliciously
        constructed). This may subsequently result in a NULL pointer deref and
        a crash leading to a potential denial of service attack.
      
      - Fixed SRP_Calc_client_key so that it runs in constant time. This could
        be exploited in a side channel attack to recover the password.
      
      The 3 CVEs above are currently awaiting analysis.
      
      Signed-off-by: default avatarEneas U de Queiroz <cotequeiroz@gmail.com>
      482c9ff2
    • Rosen Penev's avatar
      gettext-full: update to 0.21 · b59905f0
      Rosen Penev authored
      
      Add m4 patch to avoid conflict with tools/autoconf-archive.
      
      Add build parallel as it seems to work now.
      
      Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.
      
      Format security patch was fixed upstream.
      
      Refreshed other patches.
      
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      b59905f0
  9. Feb 16, 2021
  10. Feb 15, 2021
Loading