Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] python-django: security bump to version 1.10.7
From: Peter Korsgaard @ 2017-04-27  7:37 UTC (permalink / raw)
  To: buildroot

Fixes the following security issues:

Since 1.10.3:

CVE-2016-9013 - User with hardcoded password created when running tests on
Oracle

Marti Raudsepp reported that a user with a hardcoded password is created
when running tests with an Oracle database.

CVE-2016-9014 - DNS rebinding vulnerability when DEBUG=True

Aymeric Augustin discovered that Django does not properly validate the Host
header against settings.ALLOWED_HOSTS when the debug setting is enabled.  A
remote attacker can take advantage of this flaw to perform DNS rebinding
attacks.

Since 1.10.7:

CVE-2017-7233 - Open redirect and possible XSS attack via user-supplied
numeric redirect URLs

It was discovered that is_safe_url() does not properly handle certain
numeric URLs as safe.  A remote attacker can take advantage of this flaw to
perform XSS attacks or to use a Django server as an open redirect.

CVE-2017-7234 - Open redirect vulnerability in django.views.static.serve()

Phithon from Chaitin Tech discovered an open redirect vulnerability in the
django.views.static.serve() view.  Note that this view is not intended for
production use.

Cc: Oli Vogt <oli.vogt.pub01@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/python-django/python-django.hash | 4 ++--
 package/python-django/python-django.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash
index 38b303bbf..09be18440 100644
--- a/package/python-django/python-django.hash
+++ b/package/python-django/python-django.hash
@@ -1,3 +1,3 @@
 # md5 from https://pypi.python.org/pypi/django/json, sha256 locally computed
-md5	5342e77374b2acd2eafa86d2bb68f8c9  Django-1.10.2.tar.gz
-sha256	e127f12a0bfb34843b6e8c82f91e26fff6445a7ca91d222c0794174cf97cbce1  Django-1.10.2.tar.gz
+md5	693dfeabad62c561cb205900d32c2a98  Django-1.10.7.tar.gz
+sha256	593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8  Django-1.10.7.tar.gz
diff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk
index 9065a687e..9056f00cf 100644
--- a/package/python-django/python-django.mk
+++ b/package/python-django/python-django.mk
@@ -4,10 +4,10 @@
 #
 ################################################################################
 
-PYTHON_DJANGO_VERSION = 1.10.2
+PYTHON_DJANGO_VERSION = 1.10.7
 PYTHON_DJANGO_SOURCE = Django-$(PYTHON_DJANGO_VERSION).tar.gz
 # The official Django site has an unpractical URL
-PYTHON_DJANGO_SITE = https://pypi.python.org/packages/57/9e/59444485f092b6ed4f1931e7d2e13b67fdab967c041d02f58a0d1dab8c23
+PYTHON_DJANGO_SITE = https://pypi.python.org/packages/15/b4/d4bb7313e02386bd23a60e1eb5670321313fb67289c6f36ec43bce747aff
 PYTHON_DJANGO_LICENSE = BSD-3-Clause
 PYTHON_DJANGO_LICENSE_FILES = LICENSE
 PYTHON_DJANGO_SETUP_TYPE = setuptools
-- 
2.11.0

^ permalink raw reply related

* [Buildroot] [PATCH 1/2] tiff: add upstream security fixes
From: Peter Korsgaard @ 2017-04-27  7:36 UTC (permalink / raw)
  To: buildroot

Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ..._read.c-libtiff-tiffiop.h-fix-uint32-over.patch |  46 +++++++++
 ..._ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch |  53 ++++++++++
 ..._pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch | 110 +++++++++++++++++++++
 ..._dirread.c-modify-ChopUpSingleUncompresse.patch | 107 ++++++++++++++++++++
 ...p.c-error-out-cleanly-in-cpContig2Separat.patch |  74 ++++++++++++++
 ..._getimage.c-add-explicit-uint32-cast-in-p.patch |  31 ++++++
 ...fiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch |  88 +++++++++++++++++
 ..._ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch |  43 ++++++++
 ..._ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch |  36 +++++++
 ..._jpeg.c-avoid-integer-division-by-zero-in.patch |  35 +++++++
 ..._dirread.c-avoid-division-by-floating-poi.patch |  47 +++++++++
 ..._jpeg.c-validate-BitsPerSample-in-JPEGSet.patch |  35 +++++++
 ..._read.c-avoid-potential-undefined-behavio.patch |  56 +++++++++++
 13 files changed, 761 insertions(+)
 create mode 100644 package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
 create mode 100644 package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
 create mode 100644 package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
 create mode 100644 package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
 create mode 100644 package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
 create mode 100644 package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
 create mode 100644 package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
 create mode 100644 package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
 create mode 100644 package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
 create mode 100644 package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
 create mode 100644 package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
 create mode 100644 package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
 create mode 100644 package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch

diff --git a/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch b/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
new file mode 100644
index 000000000..9df4577e1
--- /dev/null
+++ b/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
@@ -0,0 +1,46 @@
+From 438274f938e046d33cb0e1230b41da32ffe223e1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 21:56:56 +0000
+Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
+ in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
+
+Fixes CVE-2016-10266
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c | 2 +-
+ libtiff/tiffiop.h  | 4 ++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index c26c55f4..52bbf507 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
+ 	rowsperstrip=td->td_rowsperstrip;
+ 	if (rowsperstrip>td->td_imagelength)
+ 		rowsperstrip=td->td_imagelength;
+-	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+ 	stripinplane=(strip%stripsperplane);
+ 	plane=(uint16)(strip/stripsperplane);
+ 	rows=td->td_imagelength-stripinplane*rowsperstrip;
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index ffbb647b..cb59460a 100644
+--- a/libtiff/tiffiop.h
++++ b/libtiff/tiffiop.h
+@@ -250,6 +250,10 @@ struct tiff {
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+ 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+ 			   0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
+-- 
+2.11.0
+
diff --git a/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch b/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
new file mode 100644
index 000000000..d99b9007e
--- /dev/null
+++ b/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
@@ -0,0 +1,53 @@
+From 43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:15:18 +0000
+Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
+ of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
+ potential other issues. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+Fixes CVE-2016-10267
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 8 ++++++++
+ 1 files changed, 15 insertions(+)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index 1ccc3f9b..f19e8fd0 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -244,6 +244,7 @@ typedef enum {
+ 
+ typedef struct {
+ 	TIFF* tif;
++        int decoder_ok;
+ 	#ifndef LIBJPEG_ENCAP_EXTERNAL
+ 	JMP_BUF exit_jmpbuf;
+ 	#endif
+@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
+ 		}
+ 		sp->write_curstrile++;
+ 	}
++	sp->decoder_ok = 1;
+ 	return(1);
+ }
+ 
+@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++        static const char module[]="OJPEGDecode";
+ 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ 	(void)s;
++        if( !sp->decoder_ok )
++        {
++            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++            return 0;
++        }
+ 	if (sp->libjpeg_jpeg_query_style==0)
+ 	{
+ 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
+-- 
+2.11.0
+
diff --git a/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch b/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
new file mode 100644
index 000000000..290834ec0
--- /dev/null
+++ b/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
@@ -0,0 +1,110 @@
+From 1044b43637fa7f70fb19b93593777b78bd20da86 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 23:05:51 +0000
+Subject: [PATCH] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based
+ buffer overflow on generation of PixarLog / LUV compressed files, with
+ ColorMap, TransferFunction attached and nasty plays with bitspersample. The
+ fix for LUV has not been tested, but suffers from the same kind of issue of
+ PixarLog. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2604
+
+Fixes CVE-2016-10269
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_luv.c      | 18 ++++++++++++++----
+ libtiff/tif_pixarlog.c | 17 +++++++++++++++--
+ 2 files changed, 39 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index f68a9b13..e6783db5 100644
+--- a/libtiff/tif_luv.c
++++ b/libtiff/tif_luv.c
+@@ -158,6 +158,7 @@
+ typedef struct logLuvState LogLuvState;
+ 
+ struct logLuvState {
++        int                     encoder_state;  /* 1 if encoder correctly initialized */
+ 	int                     user_datafmt;   /* user data format */
+ 	int                     encode_meth;    /* encoding method */
+ 	int                     pixel_size;     /* bytes per pixel */
+@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
+ 		    td->td_photometric, "must be either LogLUV or LogL");
+ 		break;
+ 	}
++	sp->encoder_state = 1;
+ 	return (1);
+ notsupported:
+ 	TIFFErrorExt(tif->tif_clientdata, module,
+@@ -1563,19 +1565,27 @@ notsupported:
+ static void
+ LogLuvClose(TIFF* tif)
+ {
++        LogLuvState* sp = (LogLuvState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/*
+ 	 * For consistency, we always want to write out the same
+ 	 * bitspersample and sampleformat for our TIFF file,
+ 	 * regardless of the data format being used by the application.
+ 	 * Since this routine is called after tags have been set but
+ 	 * before they have been recorded in the file, we reset them here.
++         * Note: this is really a nasty approach. See PixarLogClose
+ 	 */
+-	td->td_samplesperpixel =
+-	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
+-	td->td_bitspersample = 16;
+-	td->td_sampleformat = SAMPLEFORMAT_INT;
++        if( sp->encoder_state )
++        {
++            /* See PixarLogClose. Might avoid issues with tags whose size depends
++             * on those below, but not completely sure this is enough. */
++            td->td_samplesperpixel =
++                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
++            td->td_bitspersample = 16;
++            td->td_sampleformat = SAMPLEFORMAT_INT;
++        }
+ }
+ 
+ static void
+diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
+index d1246c3d..aa99bc92 100644
+--- a/libtiff/tif_pixarlog.c
++++ b/libtiff/tif_pixarlog.c
+@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
+ static void
+ PixarLogClose(TIFF* tif)
+ {
++        PixarLogState* sp = (PixarLogState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/* In a really sneaky (and really incorrect, and untruthful, and
+ 	 * troublesome, and error-prone) maneuver that completely goes against
+ 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
+@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
+ 	 * readers that don't know about PixarLog, or how to set
+ 	 * the PIXARLOGDATFMT pseudo-tag.
+ 	 */
+-	td->td_bitspersample = 8;
+-	td->td_sampleformat = SAMPLEFORMAT_UINT;
++
++        if (sp->state&PLSTATE_INIT) {
++            /* We test the state to avoid an issue such as in
++             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
++             * What appends in that case is that the bitspersample is 1 and
++             * a TransferFunction is set. The size of the TransferFunction
++             * depends on 1<<bitspersample. So if we increase it, an access
++             * out of the buffer will happen@directory flushing.
++             * Another option would be to clear those targs. 
++             */
++            td->td_bitspersample = 8;
++            td->td_sampleformat = SAMPLEFORMAT_UINT;
++        }
+ }
+ 
+ static void
+-- 
+2.11.0
+
diff --git a/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch b/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
new file mode 100644
index 000000000..a24d5d848
--- /dev/null
+++ b/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
@@ -0,0 +1,107 @@
+From 9a72a69e035ee70ff5c41541c8c61cd97990d018 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:02:15 +0000
+Subject: [PATCH] * libtiff/tif_dirread.c: modify
+ ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
+ TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
+ the total size of data. Which is faulty is the total size of data is not
+ sufficient to fill the whole image, and thus results in reading outside of
+ the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
+
+* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
+for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
+the above change is a better fix that makes it unnecessary.
+
+Fixes CVE-2016-10270
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_dirread.c | 22 ++++++++++------------
+ libtiff/tif_strip.c   |  9 ---------
+ 2 files changed, 25 insertions(+), 21 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 3eec79c9..570d0c32 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	uint64 rowblockbytes;
+ 	uint64 stripbytes;
+ 	uint32 strip;
+-	uint64 nstrips64;
+-	uint32 nstrips32;
++	uint32 nstrips;
+ 	uint32 rowsperstrip;
+ 	uint64* newcounts;
+ 	uint64* newoffsets;
+@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	    return;
+ 
+ 	/*
+-	 * never increase the number of strips in an image
++	 * never increase the number of rows per strip
+ 	 */
+ 	if (rowsperstrip >= td->td_rowsperstrip)
+ 		return;
+-	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
+-	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
+-	    return;
+-	nstrips32 = (uint32)nstrips64;
++        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
++        if( nstrips == 0 )
++            return;
+ 
+-	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripByteCounts\" array");
+-	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripOffsets\" array");
+ 	if (newcounts == NULL || newoffsets == NULL) {
+ 		/*
+@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	 * Fill the strip information arrays with new bytecounts and offsets
+ 	 * that reflect the broken-up format.
+ 	 */
+-	for (strip = 0; strip < nstrips32; strip++) {
++	for (strip = 0; strip < nstrips; strip++) {
+ 		if (stripbytes > bytecount)
+ 			stripbytes = bytecount;
+ 		newcounts[strip] = stripbytes;
+-		newoffsets[strip] = offset;
++		newoffsets[strip] = stripbytes ? offset : 0;
+ 		offset += stripbytes;
+ 		bytecount -= stripbytes;
+ 	}
+ 	/*
+ 	 * Replace old single strip info with multi-strip info.
+ 	 */
+-	td->td_stripsperimage = td->td_nstrips = nstrips32;
++	td->td_stripsperimage = td->td_nstrips = nstrips;
+ 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+ 
+ 	_TIFFfree(td->td_stripbytecount);
+diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
+index 4c46ecf5..1676e47d 100644
+--- a/libtiff/tif_strip.c
++++ b/libtiff/tif_strip.c
+@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 	uint32 nstrips;
+ 
+-    /* If the value was already computed and store in td_nstrips, then return it,
+-       since ChopUpSingleUncompressedStrip might have altered and resized the
+-       since the td_stripbytecount and td_stripoffset arrays to the new value
+-       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
+-       tif_dirread.c ~line 3612.
+-       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
+-    if( td->td_nstrips )
+-        return td->td_nstrips;
+-
+ 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
+ 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
+ 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
+-- 
+2.11.0
+
diff --git a/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch b/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
new file mode 100644
index 000000000..c93be89e7
--- /dev/null
+++ b/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
@@ -0,0 +1,74 @@
+From 5c080298d59efa53264d7248bbe3a04660db6ef7 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 19:25:44 +0000
+Subject: [PATCH] * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
+ and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
+ overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
+ http://bugzilla.maptools.org/show_bug.cgi?id=2657
+
+Fixes CVE-2017-5225
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ tools/tiffcp.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index bdf754c3..8bbcd52f 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -591,7 +591,7 @@ static	copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
+ static int
+ tiffcp(TIFF* in, TIFF* out)
+ {
+-	uint16 bitspersample, samplesperpixel = 1;
++	uint16 bitspersample = 1, samplesperpixel = 1;
+ 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
+ 	copyFunc cf;
+ 	uint32 width, length;
+@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpContig2SeparateByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpSeparate2ContigByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel)
+ 	uint32 w, l, tw, tl;
+ 	int bychunk;
+ 
+-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
++	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
+ 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
+ 		fprintf(stderr,
+ 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
+-- 
+2.11.0
+
diff --git a/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch b/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
new file mode 100644
index 000000000..b3d8a40bb
--- /dev/null
+++ b/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
@@ -0,0 +1,31 @@
+From 48780b4fcc425cddc4ef8ffdf536f96a0d1b313b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:38:26 +0000
+Subject: [PATCH] libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+ avoid UndefinedBehaviorSanitizer warning.
+ Patch by Nicol?s Pe?a.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
+
+Fixes CVE-2017-7592
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_getimage.c | 2 +-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index fed31f1f..2fa1775c 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -1302,7 +1302,7 @@ DECLAREContigPutFunc(putagreytile)
+     while (h-- > 0) {
+ 	for (x = w; x-- > 0;)
+         {
+-            *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
++            *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
+             pp += samplesperpixel;
+         }
+ 	cp += toskew;
+-- 
+2.11.0
+
diff --git a/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch b/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
new file mode 100644
index 000000000..ec45bbe1f
--- /dev/null
+++ b/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
@@ -0,0 +1,88 @@
+From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 19:02:49 +0000
+Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
+ _TIFFcalloc()
+
+* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
+initialize tif_rawdata.
+Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
+
+Fixes CVE-2017-7593
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c  | 4 +++-
+ libtiff/tif_unix.c  | 8 ++++++++
+ libtiff/tif_win32.c | 8 ++++++++
+ libtiff/tiffio.h    | 1 +
+ 4 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index 277fdd69..4535ccb3 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -985,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
+ 				 "Invalid buffer size");
+ 		    return (0);
+ 		}
+-		tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++		/* Initialize to zero to avoid uninitialized buffers in case of */
++                /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++		tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+ 		tif->tif_flags |= TIFF_MYBUFFER;
+ 	}
+ 	if (tif->tif_rawdata == NULL) {
+diff --git a/libtiff/tif_unix.c b/libtiff/tif_unix.c
+index 7c7bc961..89dd32e8 100644
+--- a/libtiff/tif_unix.c
++++ b/libtiff/tif_unix.c
+@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+diff --git a/libtiff/tif_win32.c b/libtiff/tif_win32.c
+index d730b3ab..3e9001b7 100644
+--- a/libtiff/tif_win32.c
++++ b/libtiff/tif_win32.c
+@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+diff --git a/libtiff/tiffio.h b/libtiff/tiffio.h
+index 732da17f..fbd9171f 100644
+--- a/libtiff/tiffio.h
++++ b/libtiff/tiffio.h
+@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
+  */
+ 
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
+-- 
+2.11.0
+
diff --git a/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch b/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
new file mode 100644
index 000000000..418a3d698
--- /dev/null
+++ b/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
@@ -0,0 +1,43 @@
+From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 19:23:20 +0000
+Subject: [PATCH] * libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
+ OJPEGReadHeaderInfoSecTablesAcTable
+
+Fixes CVE-2017-7594
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 6 ++++++
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index b92f0ebd..5f6c684c 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
+ 			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
+ 			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ 			if (p!=64)
++                        {
++                                _TIFFfree(ob);
+ 				return(0);
++                        }
+ 			sp->qtable[m]=ob;
+ 			sp->sof_tq[m]=m;
+ 		}
+@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->dctable[m]=rb;
+ 			sp->sos_tda[m]=(m<<4);
+ 		}
+-- 
+2.11.0
+
diff --git a/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch b/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
new file mode 100644
index 000000000..a1aae2dce
--- /dev/null
+++ b/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
@@ -0,0 +1,36 @@
+From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 17:43:25 +0000
+Subject: [PATCH] libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesAcTable when read fails.
+ Patch by Nicol?s Pe?a.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes CVE-2017-7594
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 3 +++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index f19e8fd0..b92f0ebd 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->actable[m]=rb;
+ 			sp->sos_tda[m]=(sp->sos_tda[m]|m);
+ 		}
+-- 
+2.11.0
+
diff --git a/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch b/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
new file mode 100644
index 000000000..862aae2a5
--- /dev/null
+++ b/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
@@ -0,0 +1,35 @@
+From 47f2fb61a3a64667bce1a8398a8fcb1b348ff122 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 12:15:01 +0000
+Subject: [PATCH] * libtiff/tif_jpeg.c: avoid integer division by zero in
+ JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2653
+
+Fixes CVE-2017-7595
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_jpeg.c | 7 +++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
+index 38595f98..6c17c388 100644
+--- a/libtiff/tif_jpeg.c
++++ b/libtiff/tif_jpeg.c
+@@ -1626,6 +1626,13 @@ JPEGSetupEncode(TIFF* tif)
+ 	case PHOTOMETRIC_YCBCR:
+ 		sp->h_sampling = td->td_ycbcrsubsampling[0];
+ 		sp->v_sampling = td->td_ycbcrsubsampling[1];
++                if( sp->h_sampling == 0 || sp->v_sampling == 0 )
++                {
++                    TIFFErrorExt(tif->tif_clientdata, module,
++                            "Invalig horizontal/vertical sampling value");
++                    return (0);
++                }
++
+ 		/*
+ 		 * A ReferenceBlackWhite field *must* be present since the
+ 		 * default value is inappropriate for YCbCr.  Fill in the
+-- 
+2.11.0
+
diff --git a/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch b/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
new file mode 100644
index 000000000..c0c94291a
--- /dev/null
+++ b/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
@@ -0,0 +1,47 @@
+From 3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 13:28:01 +0000
+Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
+ in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
+ and return 0 in that case (instead of infinity as before presumably)
+ Apparently some sanitizers do not like those divisions by zero. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2644
+
+Fixes CVE-2017-7598
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_dirread.c | 10 ++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 570d0c32..8a1e42aa 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
+ 		m.l = direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if (m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if (m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)m.i[0]/(double)m.i[1];
+@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
+ 		m.l=direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if ((int32)m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if ((int32)m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)((int32)m.i[0])/(double)m.i[1];
+-- 
+2.11.0
+
diff --git a/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch b/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
new file mode 100644
index 000000000..4f46d9bb0
--- /dev/null
+++ b/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
@@ -0,0 +1,35 @@
+From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:13:50 +0000
+Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
+ JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
+ exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+
+Fixes CVE-2017-7601
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_jpeg.c | 7 +++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
+index 6c17c388..192989a9 100644
+--- a/libtiff/tif_jpeg.c
++++ b/libtiff/tif_jpeg.c
+@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
+                             "Invalig horizontal/vertical sampling value");
+                     return (0);
+                 }
++                if( td->td_bitspersample > 16 )
++                {
++                    TIFFErrorExt(tif->tif_clientdata, module,
++                                 "BitsPerSample %d not allowed for JPEG",
++                                 td->td_bitspersample);
++                    return (0);
++                }
+ 
+ 		/*
+ 		 * A ReferenceBlackWhite field *must* be present since the
+-- 
+2.11.0
+
diff --git a/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch b/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch
new file mode 100644
index 000000000..d049b130c
--- /dev/null
+++ b/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch
@@ -0,0 +1,56 @@
+From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:33:34 +0000
+Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
+ signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2650
+
+Fixes CVE-2017-7602
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c | 27 ++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index 52bbf507..b7aacbda 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
+ 			return ((tmsize_t)(-1));
+ 		}
+ 	} else {
+-		tmsize_t ma,mb;
++		tmsize_t ma;
+ 		tmsize_t n;
+-		ma=(tmsize_t)td->td_stripoffset[strip];
+-		mb=ma+size;
+-		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
+-			n=0;
+-		else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
+-			n=tif->tif_size-ma;
+-		else
+-			n=size;
++		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
++                    ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
++                {
++                    n=0;
++                }
++                else if( ma > TIFF_TMSIZE_T_MAX - size )
++                {
++                    n=0;
++                }
++                else
++                {
++                    tmsize_t mb=ma+size;
++                    if (mb>tif->tif_size)
++                            n=tif->tif_size-ma;
++                    else
++                            n=size;
++                }
+ 		if (n!=size) {
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			TIFFErrorExt(tif->tif_clientdata, module,
+-- 
+2.11.0
+
-- 
2.11.0

^ permalink raw reply related

* [Buildroot] [autobuild.buildroot.net] Build results for 2017-04-26
From: Thomas Petazzoni @ 2017-04-27  6:28 UTC (permalink / raw)
  To: buildroot

Hello,

Build statistics for 2017-04-26
================================

      successes : 123
       failures : 55 
       timeouts : 1  
          TOTAL : 179

Classification of failures by reason
====================================

                    ola-0.10.2 | 12
           aircrack-ng-1.2-rc4 | 7 
                protobuf-3.2.0 | 6 
                 mplayer-1.3.0 | 5 
                    mpv-0.25.0 | 4 
           uboot-tools-2017.03 | 3 
                 xenomai-3.0.4 | 3 
                 binutils-2.27 | 2 
                  libcdio-0.94 | 2 
                  samba4-4.5.7 | 2 
                  boost-1.63.0 | 1 
                busybox-1.26.2 | 1 
                    ffmpeg-3.3 | 1 
kvm-unit-tests-5731572b2ac2... | 1 
                libepoxy-1.4.1 | 1 
                libselinux-2.6 | 1 
                    mpir-3.0.0 | 1 
                  nodejs-7.9.0 | 1 
                   scrub-2.6.1 | 1 
               wireshark-2.2.6 | 1 


Detail of failures
===================

   powerpc64 |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/e1569dac0b663b9c81d7b4eaabdcd557d4ab6a06 |     
         arm |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/b54bc31e820c906b501f390aab7d9a02e94fe490 |     
    mips64el |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/4b95875b9317f44cfab707de8a70e2f691a6a703 |     
       sparc |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/f10fd96a5ba41f7aacc3d1d2314e46dc984a9caa |     
         arm |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/7631470016f923e8f4a7696e65437c71b8668b6e |     
         arm |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/8182ce148de1127581813c0edbd90a33ced1d3c9 |     
     powerpc |            aircrack-ng-1.2-rc4 | NOK | http://autobuild.buildroot.net/results/309345957dfceff5b98f1bd360b0b420757ebd1d |     
        bfin |                  binutils-2.27 | NOK | http://autobuild.buildroot.net/results/f861555ae03535d611a1ae448a210afaca7525ea | ORPH
        bfin |                  binutils-2.27 | NOK | http://autobuild.buildroot.net/results/42e506b65ea3cb1bc4f74d214d96906aef561c7f | ORPH
         arm |                   boost-1.63.0 | NOK | http://autobuild.buildroot.net/results/2bc6919fc1183208fe5aed1c220b4d17325138c2 |     
         arm |                 busybox-1.26.2 | NOK | http://autobuild.buildroot.net/results/ab7c50788d1f90ee51d3d1825d4ba2a55812e51e | ORPH
        m68k |                     ffmpeg-3.3 | NOK | http://autobuild.buildroot.net/results/899271c1e1b1da9c8cb0ab5cb03bc1e9d03eb34e |     
      x86_64 | kvm-unit-tests-5731572b2ac2... | NOK | http://autobuild.buildroot.net/results/3858a1fc8c414a9636a5fd5b22d824cf2e28adfa |     
         arc |                   libcdio-0.94 | NOK | http://autobuild.buildroot.net/results/13c5cdede0221db4cacfac8a5ab82993cf35ced3 |     
         arc |                   libcdio-0.94 | NOK | http://autobuild.buildroot.net/results/e470fd6fd38a1052856d3eec190b9a025337c175 |     
   powerpc64 |                 libepoxy-1.4.1 | NOK | http://autobuild.buildroot.net/results/d2207e22d2a6c851b95739e2b1df32f9100a1f59 |     
         arm |                 libselinux-2.6 | NOK | http://autobuild.buildroot.net/results/d387aa27d248f8ff5bdc970ed5e14cb09c36e541 |     
         arm |                     mpir-3.0.0 | NOK | http://autobuild.buildroot.net/results/fd032f7dbd4cace84bb31e8017cb6139ef3c1072 |     
         arc |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/8461a0f1d71e42891e4a6e2d6dd5754cb0bb674b |     
        i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/56bdfeea2c1f6b1a993fe7ca2a33221a59476ea9 |     
        i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/97e792cf9dc41f5678171385abe7966593cea33a |     
        i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/b4aa3e3967e99284444928cd820634f4fc5495d5 |     
        i686 |                  mplayer-1.3.0 | NOK | http://autobuild.buildroot.net/results/36e4d8b7c2f7f9eda50c83782662c2ff6dab78ea |     
     powerpc |                     mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/a4fc6d0107620a3558a9e6dc662b5766d77bbadb |     
    mips64el |                     mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/f0ccc6cdd41a3649484e806d699a204ecc3c6a25 |     
        mips |                     mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/07a1527066cd87d3a4a0f600bbca326b77fbe5a5 |     
        or1k |                     mpv-0.25.0 | NOK | http://autobuild.buildroot.net/results/b658bd27a391c13731498d01256ff96719044ad6 |     
        i586 |                   nodejs-7.9.0 | NOK | http://autobuild.buildroot.net/results/df920e7b17617f1e4867d94eda52cab38f7b0622 |     
      x86_64 |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/bd30895d22003fb572abbffef849db1d58d384d7 |     
         arm |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/70073c38a91d0ac7fa98769323f0e8b3829df94e |     
        or1k |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/d6d657ae4437434887d0ad7f9d103a8a61bd8795 |     
        or1k |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/aaab38f94fd58e3119437278f9dcfdf5418abd76 |     
        mips |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/d0326ca1e7d0a5b5529484ecb5c58f4e00cdec61 |     
     aarch64 |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/261482eea27739eccd9a93326cf4227c2e1a00d4 |     
    mips64el |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/154f221cc607b3629dfcbb04013cf0c118b47070 |     
         arm |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/30e7daf0bf5fd74a13665352e684abe54b485ef7 |     
        mips |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/b83207bce589ecc85fbd1d353a40a1df7a2c3d5d |     
     sparc64 |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/787bd10cbdf9e3e80f197fc51801e11eea926e2e |     
      x86_64 |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/c9e389eb9db9620bd64b0f0b5e505b61314386bf |     
        mips |                     ola-0.10.2 | NOK | http://autobuild.buildroot.net/results/a423cf023d9f53c98d3042c81b8dc9dc446bba6c |     
         arm |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/c86f0df9c6f1f437e9887236618d93bb34f66d3a | ORPH
         arm |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/f7a47ee73ea7bae816c5bcda85a43f8031baaa03 | ORPH
         arm |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/f808670378ae66bab2c842448b9537083db43571 | ORPH
       sparc |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/1ee16a289d1bc1061b2c45448d1545304f640190 | ORPH
      x86_64 |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/1dac9d5e49342700036c90ed4785fff7398b8966 | ORPH
         arm |                 protobuf-3.2.0 | NOK | http://autobuild.buildroot.net/results/da07861304ed14096edeaaded646ac109689b980 | ORPH
         arc |                   samba4-4.5.7 | NOK | http://autobuild.buildroot.net/results/01eaccf39a15557fa7a1a480b40ec2900f6eac03 |     
         arc |                   samba4-4.5.7 | NOK | http://autobuild.buildroot.net/results/1e84bc9271f8c18574a14d8468024f418a6b302d |     
         arm |                    scrub-2.6.1 | TIM | http://autobuild.buildroot.net/results/5d8dd2faf00d7240ad77d5eea5a366cfb413e20a |     
        sh4a |            uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/ace34f91656eddd038ac94c3de977ff9ca7e72f0 | ORPH
     aarch64 |            uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/cef4074286d3bcbb5be5e8f90134bf2613c69eae | ORPH
         arm |            uboot-tools-2017.03 | NOK | http://autobuild.buildroot.net/results/1510f33692d04f0a18eedb6ace18fcc7b1029a0b | ORPH
         arc |                wireshark-2.2.6 | NOK | http://autobuild.buildroot.net/results/0a76f86a0373067dd37ab27e13e4fde825631975 |     
      x86_64 |                  xenomai-3.0.4 | NOK | http://autobuild.buildroot.net/results/3ff8f5967f1e7afd4f46259dc3121b0405b2de6d |     
         arm |                  xenomai-3.0.4 | NOK | http://autobuild.buildroot.net/results/c0ffeb4c6c84153ed7dab0976f9313cd959f9a5e |     
         arm |                  xenomai-3.0.4 | NOK | http://autobuild.buildroot.net/results/6a5dd7a52b4cc6281193df29b63d1ba0d9c93479 |     

-- 
http://autobuild.buildroot.net

^ permalink raw reply

* [Buildroot] [PATCH] libmpeg2: fix sparc32 build
From: Waldemar Brodkorb @ 2017-04-27  5:36 UTC (permalink / raw)
  To: buildroot

The output detection recognized wrong target output, because
sparcv9 optimization flags used for sparcv8 build.

Fixes:
  http://autobuild.buildroot.net/results/1b3158b03f7eaf5afb5a4dab9526091888f6c9b8

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 package/libmpeg2/0004-fix-sparc.patch | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 package/libmpeg2/0004-fix-sparc.patch

diff --git a/package/libmpeg2/0004-fix-sparc.patch b/package/libmpeg2/0004-fix-sparc.patch
new file mode 100644
index 0000000..d876b66
--- /dev/null
+++ b/package/libmpeg2/0004-fix-sparc.patch
@@ -0,0 +1,16 @@
+Do not use sparcv9 optimization flags for sparcv8 builds
+
+Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
+
+diff -Nur libmpeg2-0.5.1.orig/configure.ac libmpeg2-0.5.1/configure.ac
+--- libmpeg2-0.5.1.orig/configure.ac	2008-07-18 16:30:17.000000000 +0200
++++ libmpeg2-0.5.1/configure.ac	2017-04-26 21:09:15.780838339 +0200
+@@ -95,7 +95,7 @@
+ 		break
+ 	    fi
+ 	done;;
+-    sparc-* | sparc64-*)
++    sparc64-*)
+ 	AC_DEFINE([ARCH_SPARC],,[sparc architecture])
+ 	TRY_CFLAGS="$OPT_CFLAGS -mcpu=ultrasparc -mvis"
+ 	AC_TRY_CFLAGS([$TRY_CFLAGS $CFLAGS],[OPT_CFLAGS="$TRY_CFLAGS"]);;
-- 
2.1.4

^ permalink raw reply related

* [Buildroot] [PATCH 1/1] tovid: bump version to 0.35.2
From: Steve Kenton @ 2017-04-27  5:29 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Steve Kenton <skenton@ou.edu>
---
 package/tovid/tovid.hash | 4 ++--
 package/tovid/tovid.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/tovid/tovid.hash b/package/tovid/tovid.hash
index 9ddd750..0bd7668 100644
--- a/package/tovid/tovid.hash
+++ b/package/tovid/tovid.hash
@@ -1,2 +1,2 @@
-# Locally computed:
-sha256  06f7cb00b213bbe83d72f4f2076b675a662697034e1d2cdc2dce987e35c827bc  tovid-0.35.0.tar.gz
+# Locally calculated
+sha256 3193d081a7aa8e00f946b7514066f1fb7647f533ab1ebcc36b5ced927b0a1ab5  tovid-0.35.2.tar.gz
diff --git a/package/tovid/tovid.mk b/package/tovid/tovid.mk
index 079fada..c904b98 100644
--- a/package/tovid/tovid.mk
+++ b/package/tovid/tovid.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-TOVID_VERSION = 0.35.0
-TOVID_SITE = https://github.com/tovid-suite/tovid/releases/download/v$(TOVID_VERSION)
+TOVID_VERSION = 0.35.2
+TOVID_SITE = https://github.com/tovid-suite/tovid/releases/download/$(TOVID_VERSION)
 TOVID_LICENSE = GPL-2.0+
 TOVID_LICENSE_FILES = COPYING
 TOVID_SETUP_TYPE = distutils
-- 
2.9.0.137.gcf4c2cf

^ permalink raw reply related

* [Buildroot] [PATCH 1/1] package/libqmi: bump version to 1.18.0
From: Matt Weber @ 2017-04-27  1:02 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
---
 package/libqmi/libqmi.hash | 2 +-
 package/libqmi/libqmi.mk   | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/libqmi/libqmi.hash b/package/libqmi/libqmi.hash
index 08da1ae..3f40154 100644
--- a/package/libqmi/libqmi.hash
+++ b/package/libqmi/libqmi.hash
@@ -1,2 +1,2 @@
 # Locally computed:
-sha256  7ab6bb47fd23bf4d3fa17424e40ea5552d08b19e5ee4f125f21f316c8086ba2a  libqmi-1.16.0.tar.xz
+sha256 a0a42c55935e75a630208e2f70840bd4407f56fe1c5258f5b0f6c0aaedf88cec  libqmi-1.18.0.tar.xz
diff --git a/package/libqmi/libqmi.mk b/package/libqmi/libqmi.mk
index caa4398..92b635d 100644
--- a/package/libqmi/libqmi.mk
+++ b/package/libqmi/libqmi.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBQMI_VERSION = 1.16.0
+LIBQMI_VERSION = 1.18.0
 LIBQMI_SITE = http://www.freedesktop.org/software/libqmi
 LIBQMI_SOURCE = libqmi-$(LIBQMI_VERSION).tar.xz
 LIBQMI_LICENSE = LGPL-2.0+ (library), GPL-2.0+ (programs)
@@ -13,7 +13,7 @@ LIBQMI_INSTALL_STAGING = YES
 
 LIBQMI_DEPENDENCIES = libglib2
 
-# we don't want -Werror
-LIBQMI_CONF_OPTS = --enable-more-warnings=no
+# we don't want -Werror and disable gudev Gobject bindings
+LIBQMI_CONF_OPTS = --enable-more-warnings=no --without-udev
 
 $(eval $(autotools-package))
-- 
1.9.1

^ permalink raw reply related

* [Buildroot] [PATCH] tiff: add upstream security fixes
From: Peter Korsgaard @ 2017-04-26 21:58 UTC (permalink / raw)
  To: buildroot

Add upstream post-4.0.7 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2016-10266 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_read.c:351:22.

CVE-2016-10267 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash) via a crafted TIFF
image, related to libtiff/tif_ojpeg.c:816:8.

CVE-2016-10269 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 512" and
libtiff/tif_unix.c:340:2.

CVE-2016-10270 - LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (heap-based buffer over-read) or possibly have unspecified other
impact via a crafted TIFF image, related to "READ of size 8" and
libtiff/tif_read.c:523:22.

CVE-2017-5225 - LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via a
crafted BitsPerSample value.

CVE-2017-7592 - The putagreytile function in tif_getimage.c in LibTIFF 4.0.7
has a left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.

CVE-2017-7593 - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata
is properly initialized, which might allow remote attackers to obtain
sensitive information from process memory via a crafted image.

CVE-2017-7594 - The OJPEGReadHeaderInfoSecTablesDcTable function in
tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (memory leak) via a crafted image.

CVE-2017-7595 - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7
allows remote attackers to cause a denial of service (divide-by-zero error
and application crash) via a crafted image.

CVE-2017-7598 - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers
to cause a denial of service (divide-by-zero error and application crash)
via a crafted image.

CVE-2017-7601 - LibTIFF 4.0.7 has a "shift exponent too large for 64-bit
type long" undefined behavior issue, which might allow remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.

CVE-2017-7602 - LibTIFF 4.0.7 has a signed integer overflow, which might
allow remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ..._read.c-libtiff-tiffiop.h-fix-uint32-over.patch |  46 +++++++++
 ..._ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch |  53 ++++++++++
 ..._pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch | 110 +++++++++++++++++++++
 ..._dirread.c-modify-ChopUpSingleUncompresse.patch | 107 ++++++++++++++++++++
 ...p.c-error-out-cleanly-in-cpContig2Separat.patch |  74 ++++++++++++++
 ..._getimage.c-add-explicit-uint32-cast-in-p.patch |  31 ++++++
 ...fiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch |  88 +++++++++++++++++
 ..._ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch |  43 ++++++++
 ..._ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch |  36 +++++++
 ..._jpeg.c-avoid-integer-division-by-zero-in.patch |  35 +++++++
 ..._dirread.c-avoid-division-by-floating-poi.patch |  47 +++++++++
 ..._jpeg.c-validate-BitsPerSample-in-JPEGSet.patch |  35 +++++++
 ..._read.c-avoid-potential-undefined-behavio.patch |  56 +++++++++++
 13 files changed, 761 insertions(+)
 create mode 100644 package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
 create mode 100644 package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
 create mode 100644 package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
 create mode 100644 package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
 create mode 100644 package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
 create mode 100644 package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
 create mode 100644 package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
 create mode 100644 package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
 create mode 100644 package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
 create mode 100644 package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
 create mode 100644 package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
 create mode 100644 package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
 create mode 100644 package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch

diff --git a/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch b/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
new file mode 100644
index 000000000..9df4577e1
--- /dev/null
+++ b/package/tiff/0001-libtiff-tif_read.c-libtiff-tiffiop.h-fix-uint32-over.patch
@@ -0,0 +1,46 @@
+From 438274f938e046d33cb0e1230b41da32ffe223e1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 21:56:56 +0000
+Subject: [PATCH] * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow
+ in TIFFReadEncodedStrip() that caused an integer division by zero. Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
+
+Fixes CVE-2016-10266
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c | 2 +-
+ libtiff/tiffiop.h  | 4 ++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index c26c55f4..52bbf507 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -346,7 +346,7 @@ TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
+ 	rowsperstrip=td->td_rowsperstrip;
+ 	if (rowsperstrip>td->td_imagelength)
+ 		rowsperstrip=td->td_imagelength;
+-	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+ 	stripinplane=(strip%stripsperplane);
+ 	plane=(uint16)(strip/stripsperplane);
+ 	rows=td->td_imagelength-stripinplane*rowsperstrip;
+diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h
+index ffbb647b..cb59460a 100644
+--- a/libtiff/tiffiop.h
++++ b/libtiff/tiffiop.h
+@@ -250,6 +250,10 @@ struct tiff {
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+ 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+ 			   0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
+-- 
+2.11.0
+
diff --git a/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch b/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
new file mode 100644
index 000000000..d99b9007e
--- /dev/null
+++ b/package/tiff/0002-libtiff-tif_ojpeg.c-make-OJPEGDecode-early-exit-in-c.patch
@@ -0,0 +1,53 @@
+From 43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:15:18 +0000
+Subject: [PATCH] * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case
+ of failure in OJPEGPreDecode(). This will avoid a divide by zero, and
+ potential other issues. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+Fixes CVE-2016-10267
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 8 ++++++++
+ 1 files changed, 15 insertions(+)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index 1ccc3f9b..f19e8fd0 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -244,6 +244,7 @@ typedef enum {
+ 
+ typedef struct {
+ 	TIFF* tif;
++        int decoder_ok;
+ 	#ifndef LIBJPEG_ENCAP_EXTERNAL
+ 	JMP_BUF exit_jmpbuf;
+ 	#endif
+@@ -722,6 +723,7 @@ OJPEGPreDecode(TIFF* tif, uint16 s)
+ 		}
+ 		sp->write_curstrile++;
+ 	}
++	sp->decoder_ok = 1;
+ 	return(1);
+ }
+ 
+@@ -784,8 +786,14 @@ OJPEGPreDecodeSkipScanlines(TIFF* tif)
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++        static const char module[]="OJPEGDecode";
+ 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ 	(void)s;
++        if( !sp->decoder_ok )
++        {
++            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++            return 0;
++        }
+ 	if (sp->libjpeg_jpeg_query_style==0)
+ 	{
+ 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
+-- 
+2.11.0
+
diff --git a/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch b/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
new file mode 100644
index 000000000..290834ec0
--- /dev/null
+++ b/package/tiff/0003-libtiff-tif_pixarlog.c-libtiff-tif_luv.c-fix-heap-ba.patch
@@ -0,0 +1,110 @@
+From 1044b43637fa7f70fb19b93593777b78bd20da86 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Fri, 2 Dec 2016 23:05:51 +0000
+Subject: [PATCH] * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based
+ buffer overflow on generation of PixarLog / LUV compressed files, with
+ ColorMap, TransferFunction attached and nasty plays with bitspersample. The
+ fix for LUV has not been tested, but suffers from the same kind of issue of
+ PixarLog. Reported by Agostino Sarubbo. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2604
+
+Fixes CVE-2016-10269
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_luv.c      | 18 ++++++++++++++----
+ libtiff/tif_pixarlog.c | 17 +++++++++++++++--
+ 2 files changed, 39 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
+index f68a9b13..e6783db5 100644
+--- a/libtiff/tif_luv.c
++++ b/libtiff/tif_luv.c
+@@ -158,6 +158,7 @@
+ typedef struct logLuvState LogLuvState;
+ 
+ struct logLuvState {
++        int                     encoder_state;  /* 1 if encoder correctly initialized */
+ 	int                     user_datafmt;   /* user data format */
+ 	int                     encode_meth;    /* encoding method */
+ 	int                     pixel_size;     /* bytes per pixel */
+@@ -1552,6 +1553,7 @@ LogLuvSetupEncode(TIFF* tif)
+ 		    td->td_photometric, "must be either LogLUV or LogL");
+ 		break;
+ 	}
++	sp->encoder_state = 1;
+ 	return (1);
+ notsupported:
+ 	TIFFErrorExt(tif->tif_clientdata, module,
+@@ -1563,19 +1565,27 @@ notsupported:
+ static void
+ LogLuvClose(TIFF* tif)
+ {
++        LogLuvState* sp = (LogLuvState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/*
+ 	 * For consistency, we always want to write out the same
+ 	 * bitspersample and sampleformat for our TIFF file,
+ 	 * regardless of the data format being used by the application.
+ 	 * Since this routine is called after tags have been set but
+ 	 * before they have been recorded in the file, we reset them here.
++         * Note: this is really a nasty approach. See PixarLogClose
+ 	 */
+-	td->td_samplesperpixel =
+-	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
+-	td->td_bitspersample = 16;
+-	td->td_sampleformat = SAMPLEFORMAT_INT;
++        if( sp->encoder_state )
++        {
++            /* See PixarLogClose. Might avoid issues with tags whose size depends
++             * on those below, but not completely sure this is enough. */
++            td->td_samplesperpixel =
++                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
++            td->td_bitspersample = 16;
++            td->td_sampleformat = SAMPLEFORMAT_INT;
++        }
+ }
+ 
+ static void
+diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
+index d1246c3d..aa99bc92 100644
+--- a/libtiff/tif_pixarlog.c
++++ b/libtiff/tif_pixarlog.c
+@@ -1233,8 +1233,10 @@ PixarLogPostEncode(TIFF* tif)
+ static void
+ PixarLogClose(TIFF* tif)
+ {
++        PixarLogState* sp = (PixarLogState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/* In a really sneaky (and really incorrect, and untruthful, and
+ 	 * troublesome, and error-prone) maneuver that completely goes against
+ 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
+@@ -1243,8 +1245,19 @@ PixarLogClose(TIFF* tif)
+ 	 * readers that don't know about PixarLog, or how to set
+ 	 * the PIXARLOGDATFMT pseudo-tag.
+ 	 */
+-	td->td_bitspersample = 8;
+-	td->td_sampleformat = SAMPLEFORMAT_UINT;
++
++        if (sp->state&PLSTATE_INIT) {
++            /* We test the state to avoid an issue such as in
++             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
++             * What appends in that case is that the bitspersample is 1 and
++             * a TransferFunction is set. The size of the TransferFunction
++             * depends on 1<<bitspersample. So if we increase it, an access
++             * out of the buffer will happen@directory flushing.
++             * Another option would be to clear those targs. 
++             */
++            td->td_bitspersample = 8;
++            td->td_sampleformat = SAMPLEFORMAT_UINT;
++        }
+ }
+ 
+ static void
+-- 
+2.11.0
+
diff --git a/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch b/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
new file mode 100644
index 000000000..a24d5d848
--- /dev/null
+++ b/package/tiff/0004-libtiff-tif_dirread.c-modify-ChopUpSingleUncompresse.patch
@@ -0,0 +1,107 @@
+From 9a72a69e035ee70ff5c41541c8c61cd97990d018 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sat, 3 Dec 2016 11:02:15 +0000
+Subject: [PATCH] * libtiff/tif_dirread.c: modify
+ ChopUpSingleUncompressedStrip() to instanciate compute ntrips as
+ TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on
+ the total size of data. Which is faulty is the total size of data is not
+ sufficient to fill the whole image, and thus results in reading outside of
+ the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported
+ by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
+
+* libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
+for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since
+the above change is a better fix that makes it unnecessary.
+
+Fixes CVE-2016-10270
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_dirread.c | 22 ++++++++++------------
+ libtiff/tif_strip.c   |  9 ---------
+ 2 files changed, 25 insertions(+), 21 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 3eec79c9..570d0c32 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5502,8 +5502,7 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	uint64 rowblockbytes;
+ 	uint64 stripbytes;
+ 	uint32 strip;
+-	uint64 nstrips64;
+-	uint32 nstrips32;
++	uint32 nstrips;
+ 	uint32 rowsperstrip;
+ 	uint64* newcounts;
+ 	uint64* newoffsets;
+@@ -5534,18 +5533,17 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	    return;
+ 
+ 	/*
+-	 * never increase the number of strips in an image
++	 * never increase the number of rows per strip
+ 	 */
+ 	if (rowsperstrip >= td->td_rowsperstrip)
+ 		return;
+-	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
+-	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
+-	    return;
+-	nstrips32 = (uint32)nstrips64;
++        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
++        if( nstrips == 0 )
++            return;
+ 
+-	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripByteCounts\" array");
+-	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripOffsets\" array");
+ 	if (newcounts == NULL || newoffsets == NULL) {
+ 		/*
+@@ -5562,18 +5560,18 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ 	 * Fill the strip information arrays with new bytecounts and offsets
+ 	 * that reflect the broken-up format.
+ 	 */
+-	for (strip = 0; strip < nstrips32; strip++) {
++	for (strip = 0; strip < nstrips; strip++) {
+ 		if (stripbytes > bytecount)
+ 			stripbytes = bytecount;
+ 		newcounts[strip] = stripbytes;
+-		newoffsets[strip] = offset;
++		newoffsets[strip] = stripbytes ? offset : 0;
+ 		offset += stripbytes;
+ 		bytecount -= stripbytes;
+ 	}
+ 	/*
+ 	 * Replace old single strip info with multi-strip info.
+ 	 */
+-	td->td_stripsperimage = td->td_nstrips = nstrips32;
++	td->td_stripsperimage = td->td_nstrips = nstrips;
+ 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+ 
+ 	_TIFFfree(td->td_stripbytecount);
+diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
+index 4c46ecf5..1676e47d 100644
+--- a/libtiff/tif_strip.c
++++ b/libtiff/tif_strip.c
+@@ -63,15 +63,6 @@ TIFFNumberOfStrips(TIFF* tif)
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 	uint32 nstrips;
+ 
+-    /* If the value was already computed and store in td_nstrips, then return it,
+-       since ChopUpSingleUncompressedStrip might have altered and resized the
+-       since the td_stripbytecount and td_stripoffset arrays to the new value
+-       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
+-       tif_dirread.c ~line 3612.
+-       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
+-    if( td->td_nstrips )
+-        return td->td_nstrips;
+-
+ 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
+ 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
+ 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
+-- 
+2.11.0
+
diff --git a/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch b/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
new file mode 100644
index 000000000..c93be89e7
--- /dev/null
+++ b/package/tiff/0005-tools-tiffcp.c-error-out-cleanly-in-cpContig2Separat.patch
@@ -0,0 +1,74 @@
+From 5c080298d59efa53264d7248bbe3a04660db6ef7 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 19:25:44 +0000
+Subject: [PATCH] * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
+ and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
+ overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
+ http://bugzilla.maptools.org/show_bug.cgi?id=2657
+
+Fixes CVE-2017-5225
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ tools/tiffcp.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index bdf754c3..8bbcd52f 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -591,7 +591,7 @@ static	copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
+ static int
+ tiffcp(TIFF* in, TIFF* out)
+ {
+-	uint16 bitspersample, samplesperpixel = 1;
++	uint16 bitspersample = 1, samplesperpixel = 1;
+ 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
+ 	copyFunc cf;
+ 	uint32 width, length;
+@@ -1067,6 +1067,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpContig2SeparateByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1120,6 +1130,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpSeparate2ContigByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1784,7 +1804,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample, uint16 samplesperpixel)
+ 	uint32 w, l, tw, tl;
+ 	int bychunk;
+ 
+-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
++	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
+ 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
+ 		fprintf(stderr,
+ 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
+-- 
+2.11.0
+
diff --git a/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch b/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
new file mode 100644
index 000000000..b3d8a40bb
--- /dev/null
+++ b/package/tiff/0006-libtiff-tif_getimage.c-add-explicit-uint32-cast-in-p.patch
@@ -0,0 +1,31 @@
+From 48780b4fcc425cddc4ef8ffdf536f96a0d1b313b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:38:26 +0000
+Subject: [PATCH] libtiff/tif_getimage.c: add explicit uint32 cast in putagreytile to
+ avoid UndefinedBehaviorSanitizer warning.
+ Patch by Nicol?s Pe?a.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658
+
+Fixes CVE-2017-7592
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_getimage.c | 2 +-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
+index fed31f1f..2fa1775c 100644
+--- a/libtiff/tif_getimage.c
++++ b/libtiff/tif_getimage.c
+@@ -1302,7 +1302,7 @@ DECLAREContigPutFunc(putagreytile)
+     while (h-- > 0) {
+ 	for (x = w; x-- > 0;)
+         {
+-            *cp++ = BWmap[*pp][0] & (*(pp+1) << 24 | ~A1);
++            *cp++ = BWmap[*pp][0] & ((uint32)*(pp+1) << 24 | ~A1);
+             pp += samplesperpixel;
+         }
+ 	cp += toskew;
+-- 
+2.11.0
+
diff --git a/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch b/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
new file mode 100644
index 000000000..ec45bbe1f
--- /dev/null
+++ b/package/tiff/0007-libtiff-tiffiop.h-tif_unix.c-tif_win32.c-tif_vms.c-a.patch
@@ -0,0 +1,88 @@
+From d60332057b9575ada4f264489582b13e30137be1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 19:02:49 +0000
+Subject: [PATCH] * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add
+ _TIFFcalloc()
+
+* libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
+initialize tif_rawdata.
+Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651
+
+Fixes CVE-2017-7593
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c  | 4 +++-
+ libtiff/tif_unix.c  | 8 ++++++++
+ libtiff/tif_win32.c | 8 ++++++++
+ libtiff/tiffio.h    | 1 +
+ 4 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index 277fdd69..4535ccb3 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -985,7 +985,9 @@ TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
+ 				 "Invalid buffer size");
+ 		    return (0);
+ 		}
+-		tif->tif_rawdata = (uint8*) _TIFFmalloc(tif->tif_rawdatasize);
++		/* Initialize to zero to avoid uninitialized buffers in case of */
++                /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
++		tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
+ 		tif->tif_flags |= TIFF_MYBUFFER;
+ 	}
+ 	if (tif->tif_rawdata == NULL) {
+diff --git a/libtiff/tif_unix.c b/libtiff/tif_unix.c
+index 7c7bc961..89dd32e8 100644
+--- a/libtiff/tif_unix.c
++++ b/libtiff/tif_unix.c
+@@ -316,6 +316,14 @@ _TIFFmalloc(tmsize_t s)
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+diff --git a/libtiff/tif_win32.c b/libtiff/tif_win32.c
+index d730b3ab..3e9001b7 100644
+--- a/libtiff/tif_win32.c
++++ b/libtiff/tif_win32.c
+@@ -360,6 +360,14 @@ _TIFFmalloc(tmsize_t s)
+ 	return (malloc((size_t) s));
+ }
+ 
++void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz)
++{
++    if( nmemb == 0 || siz == 0 )
++        return ((void *) NULL);
++
++    return calloc((size_t) nmemb, (size_t)siz);
++}
++
+ void
+ _TIFFfree(void* p)
+ {
+diff --git a/libtiff/tiffio.h b/libtiff/tiffio.h
+index 732da17f..fbd9171f 100644
+--- a/libtiff/tiffio.h
++++ b/libtiff/tiffio.h
+@@ -293,6 +293,7 @@ extern TIFFCodec* TIFFGetConfiguredCODECs(void);
+  */
+ 
+ extern void* _TIFFmalloc(tmsize_t s);
++extern void* _TIFFcalloc(tmsize_t nmemb, tmsize_t siz);
+ extern void* _TIFFrealloc(void* p, tmsize_t s);
+ extern void _TIFFmemset(void* p, int v, tmsize_t c);
+ extern void _TIFFmemcpy(void* d, const void* s, tmsize_t c);
+-- 
+2.11.0
+
diff --git a/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch b/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
new file mode 100644
index 000000000..418a3d698
--- /dev/null
+++ b/package/tiff/0008-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
@@ -0,0 +1,43 @@
+From 2ea32f7372b65c24b2816f11c04bf59b5090d05b Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 19:23:20 +0000
+Subject: [PATCH] * libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and
+ OJPEGReadHeaderInfoSecTablesAcTable
+
+Fixes CVE-2017-7594
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 6 ++++++
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index b92f0ebd..5f6c684c 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -1790,7 +1790,10 @@ OJPEGReadHeaderInfoSecTablesQTable(TIFF* tif)
+ 			TIFFSeekFile(tif,sp->qtable_offset[m],SEEK_SET); 
+ 			p=(uint32)TIFFReadFile(tif,&ob[sizeof(uint32)+5],64);
+ 			if (p!=64)
++                        {
++                                _TIFFfree(ob);
+ 				return(0);
++                        }
+ 			sp->qtable[m]=ob;
+ 			sp->sof_tq[m]=m;
+ 		}
+@@ -1854,7 +1857,10 @@ OJPEGReadHeaderInfoSecTablesDcTable(TIFF* tif)
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->dctable[m]=rb;
+ 			sp->sos_tda[m]=(m<<4);
+ 		}
+-- 
+2.11.0
+
diff --git a/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch b/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
new file mode 100644
index 000000000..a1aae2dce
--- /dev/null
+++ b/package/tiff/0009-libtiff-tif_ojpeg.c-fix-leak-in-OJPEGReadHeaderInfoS.patch
@@ -0,0 +1,36 @@
+From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Thu, 12 Jan 2017 17:43:25 +0000
+Subject: [PATCH] libtiff/tif_ojpeg.c: fix leak in
+ OJPEGReadHeaderInfoSecTablesAcTable when read fails.
+ Patch by Nicol?s Pe?a.
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixes CVE-2017-7594
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_ojpeg.c | 3 +++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
+index f19e8fd0..b92f0ebd 100644
+--- a/libtiff/tif_ojpeg.c
++++ b/libtiff/tif_ojpeg.c
+@@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
+ 				rb[sizeof(uint32)+5+n]=o[n];
+ 			p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
+ 			if (p!=q)
++                        {
++                                _TIFFfree(rb);
+ 				return(0);
++                        }
+ 			sp->actable[m]=rb;
+ 			sp->sos_tda[m]=(sp->sos_tda[m]|m);
+ 		}
+-- 
+2.11.0
+
diff --git a/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch b/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
new file mode 100644
index 000000000..862aae2a5
--- /dev/null
+++ b/package/tiff/0010-libtiff-tif_jpeg.c-avoid-integer-division-by-zero-in.patch
@@ -0,0 +1,35 @@
+From 47f2fb61a3a64667bce1a8398a8fcb1b348ff122 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 12:15:01 +0000
+Subject: [PATCH] * libtiff/tif_jpeg.c: avoid integer division by zero in
+ JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2653
+
+Fixes CVE-2017-7595
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_jpeg.c | 7 +++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
+index 38595f98..6c17c388 100644
+--- a/libtiff/tif_jpeg.c
++++ b/libtiff/tif_jpeg.c
+@@ -1626,6 +1626,13 @@ JPEGSetupEncode(TIFF* tif)
+ 	case PHOTOMETRIC_YCBCR:
+ 		sp->h_sampling = td->td_ycbcrsubsampling[0];
+ 		sp->v_sampling = td->td_ycbcrsubsampling[1];
++                if( sp->h_sampling == 0 || sp->v_sampling == 0 )
++                {
++                    TIFFErrorExt(tif->tif_clientdata, module,
++                            "Invalig horizontal/vertical sampling value");
++                    return (0);
++                }
++
+ 		/*
+ 		 * A ReferenceBlackWhite field *must* be present since the
+ 		 * default value is inappropriate for YCbCr.  Fill in the
+-- 
+2.11.0
+
diff --git a/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch b/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
new file mode 100644
index 000000000..c0c94291a
--- /dev/null
+++ b/package/tiff/0011-libtiff-tif_dirread.c-avoid-division-by-floating-poi.patch
@@ -0,0 +1,47 @@
+From 3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 13:28:01 +0000
+Subject: [PATCH] * libtiff/tif_dirread.c: avoid division by floating point 0
+ in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(),
+ and return 0 in that case (instead of infinity as before presumably)
+ Apparently some sanitizers do not like those divisions by zero. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2644
+
+Fixes CVE-2017-7598
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_dirread.c | 10 ++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 570d0c32..8a1e42aa 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -2872,7 +2872,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
+ 		m.l = direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if (m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if (m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)m.i[0]/(double)m.i[1];
+@@ -2900,7 +2903,10 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
+ 		m.l=direntry->tdir_offset.toff_long8;
+ 	if (tif->tif_flags&TIFF_SWAB)
+ 		TIFFSwabArrayOfLong(m.i,2);
+-	if ((int32)m.i[0]==0)
++        /* Not completely sure what we should do when m.i[1]==0, but some */
++        /* sanitizers do not like division by 0.0: */
++        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
++	if ((int32)m.i[0]==0 || m.i[1]==0)
+ 		*value=0.0;
+ 	else
+ 		*value=(double)((int32)m.i[0])/(double)m.i[1];
+-- 
+2.11.0
+
diff --git a/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch b/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
new file mode 100644
index 000000000..4f46d9bb0
--- /dev/null
+++ b/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch
@@ -0,0 +1,35 @@
+From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:13:50 +0000
+Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
+ JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
+ exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+
+Fixes CVE-2017-7601
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_jpeg.c | 7 +++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
+index 6c17c388..192989a9 100644
+--- a/libtiff/tif_jpeg.c
++++ b/libtiff/tif_jpeg.c
+@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
+                             "Invalig horizontal/vertical sampling value");
+                     return (0);
+                 }
++                if( td->td_bitspersample > 16 )
++                {
++                    TIFFErrorExt(tif->tif_clientdata, module,
++                                 "BitsPerSample %d not allowed for JPEG",
++                                 td->td_bitspersample);
++                    return (0);
++                }
+ 
+ 		/*
+ 		 * A ReferenceBlackWhite field *must* be present since the
+-- 
+2.11.0
+
diff --git a/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch b/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch
new file mode 100644
index 000000000..d049b130c
--- /dev/null
+++ b/package/tiff/0013-libtiff-tif_read.c-avoid-potential-undefined-behavio.patch
@@ -0,0 +1,56 @@
+From 66e7bd59520996740e4df5495a830b42fae48bc4 Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:33:34 +0000
+Subject: [PATCH] * libtiff/tif_read.c: avoid potential undefined behaviour on
+ signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2650
+
+Fixes CVE-2017-7602
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ libtiff/tif_read.c | 27 ++++++++++++++++++---------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c
+index 52bbf507..b7aacbda 100644
+--- a/libtiff/tif_read.c
++++ b/libtiff/tif_read.c
+@@ -420,16 +420,25 @@ TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
+ 			return ((tmsize_t)(-1));
+ 		}
+ 	} else {
+-		tmsize_t ma,mb;
++		tmsize_t ma;
+ 		tmsize_t n;
+-		ma=(tmsize_t)td->td_stripoffset[strip];
+-		mb=ma+size;
+-		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
+-			n=0;
+-		else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
+-			n=tif->tif_size-ma;
+-		else
+-			n=size;
++		if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
++                    ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
++                {
++                    n=0;
++                }
++                else if( ma > TIFF_TMSIZE_T_MAX - size )
++                {
++                    n=0;
++                }
++                else
++                {
++                    tmsize_t mb=ma+size;
++                    if (mb>tif->tif_size)
++                            n=tif->tif_size-ma;
++                    else
++                            n=size;
++                }
+ 		if (n!=size) {
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ 			TIFFErrorExt(tif->tif_clientdata, module,
+-- 
+2.11.0
+
-- 
2.11.0

^ permalink raw reply related

* [Buildroot] [PATCH v2 8/8] linux: new Image.gz format for aarch64
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

Distributions such as Fedora use the Image.gz image format for aarch64
to be booted with grub. It exists in linux since v3.10.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
---
This was not in v1.
It is actually an independent patch from the rest of the grub2 changes
but is somewhat related as this is probably the image format to be used
with grub2 for aarch64.
---
 linux/Config.in | 4 ++++
 linux/linux.mk  | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/linux/Config.in b/linux/Config.in
index b651152..9062c9f 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -244,6 +244,10 @@ config BR2_LINUX_KERNEL_IMAGE
 	bool "Image"
 	depends on BR2_aarch64
 
+config BR2_LINUX_KERNEL_IMAGE_GZ
+	bool "Image.gz"
+	depends on BR2_aarch64
+
 config BR2_LINUX_KERNEL_LINUX_BIN
 	bool "linux.bin"
 	depends on BR2_microblaze
diff --git a/linux/linux.mk b/linux/linux.mk
index e387c7d..a4d90be 100644
--- a/linux/linux.mk
+++ b/linux/linux.mk
@@ -147,6 +147,8 @@ else ifeq ($(BR2_LINUX_KERNEL_SIMPLEIMAGE),y)
 LINUX_IMAGE_NAME = simpleImage.$(KERNEL_DTS_NAME)
 else ifeq ($(BR2_LINUX_KERNEL_IMAGE),y)
 LINUX_IMAGE_NAME = Image
+else ifeq ($(BR2_LINUX_KERNEL_IMAGE_GZ),y)
+LINUX_IMAGE_NAME = Image.gz
 else ifeq ($(BR2_LINUX_KERNEL_LINUX_BIN),y)
 LINUX_IMAGE_NAME = linux.bin
 else ifeq ($(BR2_LINUX_KERNEL_VMLINUX_BIN),y)
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 7/8] grub2: add usage notes for Grub 2 ARM and aarch64
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

Add notes to test grub2 running on ARM using qemu. arm shows how to run
it using u-boot and aarch64 shows how to do it using efi, which is
similar to what has to be done for x86_64.

The source for OVMF builds is also changed to
https://www.kraxel.org/repos/jenkins/edk2/ which is the source for
nightly builds (as rpms but which can be extracted in any distribution),
as the sourceforge link provided only very old builds.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
This was not in v1
---
 boot/grub2/readme.txt | 141 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 137 insertions(+), 4 deletions(-)

diff --git a/boot/grub2/readme.txt b/boot/grub2/readme.txt
index 278d770..14a966a 100644
--- a/boot/grub2/readme.txt
+++ b/boot/grub2/readme.txt
@@ -53,8 +53,8 @@ To test your BIOS image in Qemu
 
 qemu-system-{i386,x86-64} -hda disk.img
 
-Notes on using Grub2 for EFI-based platforms
-============================================
+Notes on using Grub2 for x86/x86_64 EFI-based platforms
+=======================================================
 
 1. Create a disk image
    dd if=/dev/zero of=disk.img bs=1M count=32
@@ -83,16 +83,149 @@ Notes on using Grub2 for EFI-based platforms
    sudo losetup -d /dev/loop0
 7. Your disk.img is ready!
 
-To test your EFI image in Qemu
+To test your i386/x86-64 EFI image in Qemu
 ------------------------------
 
 1. Download the EFI BIOS for Qemu
    Version IA32 or X64 depending on the chosen Grub2
    platform (i386-efi vs. x86-64-efi)
-   http://sourceforge.net/projects/edk2/files/OVMF/
+   https://www.kraxel.org/repos/jenkins/edk2/
+   (or use one provided by your distribution as OVMF)
 2. Extract, and rename OVMF.fd to bios.bin and
    CirrusLogic5446.rom to vgabios-cirrus.bin.
 3. qemu-system-{i386,x86-64} -L ovmf-dir/ -hda disk.img
 4. Make sure to pass pci=nocrs to the kernel command line,
    to workaround a bug in the EFI BIOS regarding the
    EFI framebuffer.
+
+Notes on using Grub2 for ARM u-boot-based platforms
+===================================================
+
+The following steps are used to exemplify the arm-uboot platform working in the
+simplest way possible and with a single buildroot-generated filesystem. The
+steps can of course be adapted to have a more common setup (i.e. with a
+separate boot partition).
+
+ 1. Load qemu_arm_vexpress_defconfig
+ 2. Enable u-boot with the vexpress_ca9x4 board name and with u-boot.elf image
+    format.
+ 3. Enable grub2 for the arm-uboot platform.
+ 4. Enable "Install kernel image to /boot in target" in the kernel menu to
+    populate a /boot directory with zImage in it.
+ 5. The upstream u-boot vexpress_ca9x4 doesn't have CONFIG_API enabled by
+    default, which is required.
+    Before building, patch u-boot (for example, make u-boot-extract to edit the
+    source before buildling) file include/configs/vexpress_common.h to define:
+
+    #define CONFIG_API
+    #define CONFIG_SYS_MMC_MAX_DEVICE   1
+
+ 6. Create a custom grub2 menu entries config file with the following contents
+    and set its path in BR2_TARGET_GRUB2_CFG:
+
+    set default="0"
+    set timeout="5"
+
+    menuentry "Buildroot" {
+        set root='(hd0)'
+        linux /boot/zImage root=/dev/mmcblk0 console=ttyAMA0
+        devicetree /boot/vexpress-v2p-ca9.dtb
+    }
+
+ 7. Create a custom builtin config file with the following contents and set its
+    path in BR2_TARGET_GRUB2_BUILTIN_CONFIG:
+
+    set root=(hd0)
+    set prefix=/boot/grub
+
+ 8. Create a custom post-build script which copies files from
+    ${BINARIES_DIR}/boot-part to $(TARGET_DIR)/boot (set its path in
+    BR2_ROOTFS_POST_BUILD_SCRIPT):
+
+    #!/bin/sh
+    cp -r ${BINARIES_DIR}/boot-part/* ${TARGET_DIR}/boot/
+
+ 9. make
+10. Run qemu with:
+
+    qemu-system-arm -M vexpress-a9 -kernel output/images/u-boot -m 1024 \
+    -nographic -sd output/images/rootfs.ext2
+
+11. In u-boot, stop at the prompt and run grub2 with:
+
+  => ext2load mmc 0:0 ${loadaddr} /boot/grub/grub.img
+  => bootm
+
+12. This should bring the grub2 menu, upon which selecting the "Buildroot"
+    entry should boot Linux.
+
+
+Notes on using Grub2 for Aarch64 EFI-based platforms
+====================================================
+
+The following steps are used to exemplify the arm64-efi platform with the use
+of qemu and EFI firmware built for qemu.
+
+ 1. Load qemu_aarch64_virt_defconfig
+ 2. Enable grub2 for the arm64-efi platform.
+ 3. Create a custom grub2 menu entries config file with the following contents
+    and set its path in BR2_TARGET_GRUB2_CFG:
+
+    set default="0"
+    set timeout="5"
+    menuentry "Buildroot" {
+        linux /Image console=ttyAMA0
+    }
+
+ 4. Enable host genimage and create a genimage.cfg script which creates the
+    disk image containing a EFI system partition:
+
+    image efi-part.vfat {
+      vfat {
+        file startup.nsh {
+          image = "efi-part/startup.nsh"
+        }
+        file EFI {
+          image = "efi-part/EFI"
+        }
+        file Image {
+          image = "Image"
+        }
+      }
+      size = 16M
+    }
+    image disk.img {
+      hdimage {
+      }
+      partition boot {
+        partition-type = 0xEF
+        image = "efi-part.vfat"
+      }
+    }
+
+ 5. Create a custom post-image script  (set its path in BR2_ROOTFS_POST_IMAGE_SCRIPT):
+
+    BOARD_DIR="$(dirname $0)"
+    GENIMAGE_CFG="${BOARD_DIR}/genimage.cfg"
+    GENIMAGE_TMP="${BUILD_DIR}/genimage.tmp"
+    rm -rf "${GENIMAGE_TMP}"
+    genimage                              \
+           --rootpath "${TARGET_DIR}"     \
+           --tmppath "${GENIMAGE_TMP}"    \
+           --inputpath "${BINARIES_DIR}"  \
+           --outputpath "${BINARIES_DIR}" \
+           --config "${GENIMAGE_CFG}"
+
+ 6. Run qemu with:
+ 7. Download the EFI firmware for qemu aarch64
+    https://www.kraxel.org/repos/jenkins/edk2/
+    (or use one provided by your distribution as OVMF-aarch64 or AAVMF)
+
+ 8. Run qemu with:
+
+    qemu-system-aarch64 -M virt -cpu cortex-a57 -m 512 -nographic \
+    -bios <path/to/EDK2>/QEMU_EFI.fd -hda output/images/disk.img \
+    -netdev user,id=eth0 -device virtio-net-device,netdev=eth0
+
+ 9. This should bring the grub2 menu, upon which selecting the "Buildroot"
+    entry should boot Linux.
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 6/8] grub2: move usage notes to package readme.txt
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

As discussed in the mailing list, grub2 usage notes were growing too big
for a Config.in documentation, and so it was agreed that a readme.txt in
the package directory is a better place to put them.

This commit simply moves the documentation as-is to preserve the
original contents as they were in Config.in which can be worked on in
further commits.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
This was not in v1.
---
 boot/grub2/Config.in  | 100 +-------------------------------------------------
 boot/grub2/readme.txt |  98 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+), 98 deletions(-)
 create mode 100644 boot/grub2/readme.txt

diff --git a/boot/grub2/Config.in b/boot/grub2/Config.in
index 77f5e7b..8b66952 100644
--- a/boot/grub2/Config.in
+++ b/boot/grub2/Config.in
@@ -12,104 +12,8 @@ config BR2_TARGET_GRUB2
 	  Amongst others, GRUB2 offers EFI support, which GRUB Legacy
 	  doesn't provide.
 
-	  Notes on using Grub2 for BIOS-based platforms
-	  =============================================
-
-	  1. Create a disk image
-	     dd if=/dev/zero of=disk.img bs=1M count=32
-	  2. Partition it (either legacy or GPT style partitions work)
-	     cfdisk disk.img
-	      - Create one partition, type Linux, for the root
-		filesystem. The only constraint is to make sure there
-		is enough free space *before* the first partition to
-		store Grub2. Leaving 1 MB of free space is safe.
-	  3. Setup loop device and loop partitions
-	     sudo losetup -f disk.img
-	     sudo partx -a /dev/loop0
-	  4. Prepare the root partition
-	     sudo mkfs.ext3 -L root /dev/loop0p1
-	     sudo mount /dev/loop0p1 /mnt
-	     sudo tar -C /mnt -xf output/images/rootfs.tar
-	     sudo umount /mnt
-	  5. Install Grub2
-	     sudo ./output/host/usr/sbin/grub-bios-setup \
-			-b ./output/host/usr/lib/grub/i386-pc/boot.img \
-			-c ./output/images/grub.img -d . /dev/loop0
-	  6. Cleanup loop device
-	     sudo partx -d /dev/loop0
-	     sudo losetup -d /dev/loop0
-	  7. Your disk.img is ready!
-
-	  Using genimage
-	  --------------
-
-	  If you use genimage to generate your complete image,
-	  installing Grub can be tricky. Here is how to achieve Grub's
-	  installation with genimage:
-
-	  partition boot {
-	      in-partition-table = "no"
-	      image = "path_to_boot.img"
-	      offset = 0
-	      size = 512
-	  }
-	  partition grub {
-	      in-partition-table = "no"
-	      image = "path_to_grub.img"
-	      offset = 512
-	  }
-
-	  The result is not byte to byte identical to what
-	  grub-bios-setup does but it works anyway.
-
-	  To test your BIOS image in Qemu
-	  -------------------------------
-
-	  qemu-system-{i386,x86-64} -hda disk.img
-
-	  Notes on using Grub2 for EFI-based platforms
-	  ============================================
-
-	  1. Create a disk image
-	     dd if=/dev/zero of=disk.img bs=1M count=32
-	  2. Partition it with GPT partitions
-	     cgdisk disk.img
-	      - Create a first partition, type EF00, for the
-		bootloader and kernel image
-	      - Create a second partition, type 8300, for the root
-		filesystem.
-	  3. Setup loop device and loop partitions
-	     sudo losetup -f disk.img
-	     sudo partx -a /dev/loop0
-	  4. Prepare the boot partition
-	     sudo mkfs.vfat -n boot /dev/loop0p1
-	     sudo mount /dev/loop0p1 /mnt
-	     sudo cp -a output/images/efi-part/* /mnt/
-	     sudo cp output/images/bzImage /mnt/
-	     sudo umount /mnt
-	  5. Prepare the root partition
-	     sudo mkfs.ext3 -L root /dev/loop0p2
-	     sudo mount /dev/loop0p2 /mnt
-	     sudo tar -C /mnt -xf output/images/rootfs.tar
-	     sudo umount /mnt
-	  6  Cleanup loop device
-	     sudo partx -d /dev/loop0
-	     sudo losetup -d /dev/loop0
-	  7. Your disk.img is ready!
-
-	  To test your EFI image in Qemu
-	  ------------------------------
-
-	  1. Download the EFI BIOS for Qemu
-	     Version IA32 or X64 depending on the chosen Grub2
-	     platform (i386-efi vs. x86-64-efi)
-	     http://sourceforge.net/projects/edk2/files/OVMF/
-	  2. Extract, and rename OVMF.fd to bios.bin and
-	     CirrusLogic5446.rom to vgabios-cirrus.bin.
-	  3. qemu-system-{i386,x86-64} -L ovmf-dir/ -hda disk.img
-	  4. Make sure to pass pci=nocrs to the kernel command line,
-	     to workaround a bug in the EFI BIOS regarding the
-	     EFI framebuffer.
+	  For additional notes on using Grub 2 with Buildroot, please
+	  check boot/grub2/readme.txt
 
 	  http://www.gnu.org/software/grub/
 
diff --git a/boot/grub2/readme.txt b/boot/grub2/readme.txt
new file mode 100644
index 0000000..278d770
--- /dev/null
+++ b/boot/grub2/readme.txt
@@ -0,0 +1,98 @@
+Notes on using Grub2 for BIOS-based platforms
+=============================================
+
+1. Create a disk image
+   dd if=/dev/zero of=disk.img bs=1M count=32
+2. Partition it (either legacy or GPT style partitions work)
+   cfdisk disk.img
+    - Create one partition, type Linux, for the root
+      filesystem. The only constraint is to make sure there
+      is enough free space *before* the first partition to
+      store Grub2. Leaving 1 MB of free space is safe.
+3. Setup loop device and loop partitions
+   sudo losetup -f disk.img
+   sudo partx -a /dev/loop0
+4. Prepare the root partition
+   sudo mkfs.ext3 -L root /dev/loop0p1
+   sudo mount /dev/loop0p1 /mnt
+   sudo tar -C /mnt -xf output/images/rootfs.tar
+   sudo umount /mnt
+5. Install Grub2
+   sudo ./output/host/usr/sbin/grub-bios-setup \
+      	-b ./output/host/usr/lib/grub/i386-pc/boot.img \
+      	-c ./output/images/grub.img -d . /dev/loop0
+6. Cleanup loop device
+   sudo partx -d /dev/loop0
+   sudo losetup -d /dev/loop0
+7. Your disk.img is ready!
+
+Using genimage
+--------------
+
+If you use genimage to generate your complete image,
+installing Grub can be tricky. Here is how to achieve Grub's
+installation with genimage:
+
+partition boot {
+    in-partition-table = "no"
+    image = "path_to_boot.img"
+    offset = 0
+    size = 512
+}
+partition grub {
+    in-partition-table = "no"
+    image = "path_to_grub.img"
+    offset = 512
+}
+
+The result is not byte to byte identical to what
+grub-bios-setup does but it works anyway.
+
+To test your BIOS image in Qemu
+-------------------------------
+
+qemu-system-{i386,x86-64} -hda disk.img
+
+Notes on using Grub2 for EFI-based platforms
+============================================
+
+1. Create a disk image
+   dd if=/dev/zero of=disk.img bs=1M count=32
+2. Partition it with GPT partitions
+   cgdisk disk.img
+    - Create a first partition, type EF00, for the
+      bootloader and kernel image
+    - Create a second partition, type 8300, for the root
+      filesystem.
+3. Setup loop device and loop partitions
+   sudo losetup -f disk.img
+   sudo partx -a /dev/loop0
+4. Prepare the boot partition
+   sudo mkfs.vfat -n boot /dev/loop0p1
+   sudo mount /dev/loop0p1 /mnt
+   sudo cp -a output/images/efi-part/* /mnt/
+   sudo cp output/images/bzImage /mnt/
+   sudo umount /mnt
+5. Prepare the root partition
+   sudo mkfs.ext3 -L root /dev/loop0p2
+   sudo mount /dev/loop0p2 /mnt
+   sudo tar -C /mnt -xf output/images/rootfs.tar
+   sudo umount /mnt
+6  Cleanup loop device
+   sudo partx -d /dev/loop0
+   sudo losetup -d /dev/loop0
+7. Your disk.img is ready!
+
+To test your EFI image in Qemu
+------------------------------
+
+1. Download the EFI BIOS for Qemu
+   Version IA32 or X64 depending on the chosen Grub2
+   platform (i386-efi vs. x86-64-efi)
+   http://sourceforge.net/projects/edk2/files/OVMF/
+2. Extract, and rename OVMF.fd to bios.bin and
+   CirrusLogic5446.rom to vgabios-cirrus.bin.
+3. qemu-system-{i386,x86-64} -L ovmf-dir/ -hda disk.img
+4. Make sure to pass pci=nocrs to the kernel command line,
+   to workaround a bug in the EFI BIOS regarding the
+   EFI framebuffer.
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 5/8] grub2: introduce BR2_TARGET_GRUB2_CFG
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

This config can be used to provide a custom Grub 2 configuration file
containing menu entries. In the previous implementation, this had to be
always done by an external script, overwriting the default file.
This should be backwards compatible as the default value is the previous
hardcoded value.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
Changes v1 -> v2:
  - Only patch rebase and commit rewording.
---
 boot/grub2/Config.in | 7 +++++++
 boot/grub2/grub2.mk  | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/boot/grub2/Config.in b/boot/grub2/Config.in
index 498d5cd..77f5e7b 100644
--- a/boot/grub2/Config.in
+++ b/boot/grub2/Config.in
@@ -197,6 +197,13 @@ config BR2_TARGET_GRUB2_BUILTIN_CONFIG
 	  device and other configuration parameters, but however menu
 	  entries cannot be described in this embedded configuration.
 
+config BR2_TARGET_GRUB2_CFG
+	string "grub2 menu entries config"
+	default "boot/grub2/grub.cfg"
+	help
+	  Path to a Grub 2 configuration file containing the grub2 menu
+	  entries.
+
 endif # BR2_TARGET_GRUB2
 
 comment "grub2 needs a toolchain w/ wchar"
diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk
index 7bbdb40..7c9505f 100644
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -105,8 +105,9 @@ define GRUB2_INSTALL_IMAGES_CMDS
 		-p "$(GRUB2_PREFIX)" \
 		$(if $(GRUB2_BUILTIN_CONFIG),-c $(GRUB2_BUILTIN_CONFIG)) \
 		$(GRUB2_BUILTIN_MODULES)
-	mkdir -p $(dir $(GRUB2_CFG))
-	$(INSTALL) -D -m 0644 boot/grub2/grub.cfg $(GRUB2_CFG)
+	$(if $(BR2_TARGET_GRUB2_CFG), \
+		mkdir -p $(dir $(GRUB2_CFG)) && \
+		$(INSTALL) -D -m 0644 $(BR2_TARGET_GRUB2_CFG) $(GRUB2_CFG))
 	$(GRUB2_IMAGE_INSTALL_ELTORITO)
 endef
 
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 4/8] grub2: enable support for arm and aarch64 targets
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

This commit enables the arm-uboot, arm-efi and aarch64-efi Grub 2
platforms in Buildroot.

As a uboot platform, Grub 2 image gets built as a u-boot image (i.e.
u-boot mkimage) and is loaded from u-boot through a regular "bootm". The
only requirement from u-boot side in order to allow this is that u-boot
is built with CONFIG_API enabled. CONFIG_API seems to not be enabled by
default in most in-tree configurations, however, it seems to be
available for quite some time now. So it might be possible to use this
even on older u-boot versions. This is available only for arm (32-bit).

As an efi platform, Grub 2 gets built as an EFI executable. This allows
EFI firmware to find and load it similarly as it can be done for x86_64.
Also, since u-boot v2016.05, u-boot is able to load and boot an EFI
executable, so the Grub 2 efi platform can also be used from u-boot in
recent versions. This has been enabled (mostly) by default for ARM
u-boot.
efi platform is available for both arm and aarch64.

These targets have been tested in the following environments:

arm-uboot: qemu arm vexpress and BeagleBone
arm-efi: BeagleBone
aarch64-efi: qemu aarch64 virt and Odroid-C2

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
---
Changes v1 -> v2:
  - Moved a small fix from this patch to the previous one (pointed out
    by Arnout Vandecappelle)
---
 boot/grub2/Config.in | 40 +++++++++++++++++++++++++++++++++++-----
 boot/grub2/grub2.mk  | 21 +++++++++++++++++++++
 2 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/boot/grub2/Config.in b/boot/grub2/Config.in
index eede814..498d5cd 100644
--- a/boot/grub2/Config.in
+++ b/boot/grub2/Config.in
@@ -1,6 +1,6 @@
 config BR2_TARGET_GRUB2
 	bool "grub2"
-	depends on BR2_i386 || BR2_x86_64
+	depends on BR2_i386 || BR2_x86_64 || BR2_arm || BR2_aarch64
 	depends on BR2_USE_WCHAR
 	help
 	  GNU GRUB is a Multiboot boot loader. It was derived from
@@ -120,12 +120,14 @@ choice
 
 config BR2_TARGET_GRUB2_I386_PC
 	bool "i386-pc"
+	depends on BR2_i386 || BR2_x86_64
 	help
 	  Select this option if the platform you're targetting is a
 	  x86 or x86-64 legacy BIOS based platform.
 
 config BR2_TARGET_GRUB2_I386_EFI
 	bool "i386-efi"
+	depends on BR2_i386 || BR2_x86_64
 	help
 	  Select this option if the platform you're targetting has a
 	  32 bits EFI BIOS. Note that some x86-64 platforms use a 32
@@ -133,14 +135,38 @@ config BR2_TARGET_GRUB2_I386_EFI
 
 config BR2_TARGET_GRUB2_X86_64_EFI
 	bool "x86-64-efi"
-	depends on BR2_ARCH_IS_64
+	depends on BR2_x86_64
 	help
 	  Select this option if the platform you're targetting has a
 	  64 bits EFI BIOS.
 
+config BR2_TARGET_GRUB2_ARM_UBOOT
+	bool "arm-uboot"
+	depends on BR2_arm
+	help
+	  Select this option if the platform you're targetting is an
+	  ARM u-boot platform, and you want to boot Grub 2 as an u-boot
+	  compatible image.
+
+config BR2_TARGET_GRUB2_ARM_EFI
+	bool "arm-efi"
+	depends on BR2_arm
+	help
+	  Select this option if the platform you're targetting is an
+	  ARM platform and you want to boot Grub 2 as an EFI
+	  application.
+
+config BR2_TARGET_GRUB2_ARM64_EFI
+	bool "arm64-efi"
+	depends on BR2_aarch64
+	help
+	  Select this option if the platform you're targetting is an
+	  Aarch64 platform and you want to boot Grub 2 as an EFI
+	  application.
+
 endchoice
 
-if BR2_TARGET_GRUB2_I386_PC
+if BR2_TARGET_GRUB2_I386_PC || BR2_TARGET_GRUB2_ARM_UBOOT
 
 config BR2_TARGET_GRUB2_BOOT_PARTITION
 	string "boot partition"
@@ -151,13 +177,17 @@ config BR2_TARGET_GRUB2_BOOT_PARTITION
 	  first disk if using a legacy partition table, or 'hd0,gpt1'
 	  if using GPT partition table.
 
-endif # BR2_TARGET_GRUB2_I386_PC
+endif # BR2_TARGET_GRUB2_I386_PC || BR2_TARGET_GRUB2_ARM_UBOOT
 
 config BR2_TARGET_GRUB2_BUILTIN_MODULES
 	string "builtin modules"
 	default "boot linux ext2 fat squash4 part_msdos part_gpt normal biosdisk" if BR2_TARGET_GRUB2_I386_PC
 	default "boot linux ext2 fat squash4 part_msdos part_gpt normal efi_gop" \
-		if BR2_TARGET_GRUB2_I386_EFI || BR2_TARGET_GRUB2_X86_64_EFI
+		if BR2_TARGET_GRUB2_I386_EFI || \
+		BR2_TARGET_GRUB2_X86_64_EFI || \
+		BR2_TARGET_GRUB2_ARM_EFI || \\
+		BR2_TARGET_GRUB2_ARM64_EFI
+	default "linux ext2 fat part_msdos normal" if BR2_TARGET_GRUB2_ARM_UBOOT
 
 config BR2_TARGET_GRUB2_BUILTIN_CONFIG
 	string "builtin config"
diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk
index f0bd2ee..7bbdb40 100644
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -38,6 +38,27 @@ GRUB2_PREFIX = /EFI/BOOT
 GRUB2_TUPLE = x86_64-efi
 GRUB2_TARGET = x86_64
 GRUB2_PLATFORM = efi
+else ifeq ($(BR2_TARGET_GRUB2_ARM_UBOOT),y)
+GRUB2_IMAGE = $(BINARIES_DIR)/boot-part/grub/grub.img
+GRUB2_CFG = $(BINARIES_DIR)/boot-part/grub/grub.cfg
+GRUB2_PREFIX = ($(GRUB2_BOOT_PARTITION))/boot/grub
+GRUB2_TUPLE = arm-uboot
+GRUB2_TARGET = arm
+GRUB2_PLATFORM = uboot
+else ifeq ($(BR2_TARGET_GRUB2_ARM_EFI),y)
+GRUB2_IMAGE = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootarm.efi
+GRUB2_CFG = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg
+GRUB2_PREFIX = /EFI/BOOT
+GRUB2_TUPLE = arm-efi
+GRUB2_TARGET = arm
+GRUB2_PLATFORM = efi
+else ifeq ($(BR2_TARGET_GRUB2_ARM64_EFI),y)
+GRUB2_IMAGE = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootaa64.efi
+GRUB2_CFG = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg
+GRUB2_PREFIX = /EFI/BOOT
+GRUB2_TUPLE = arm64-efi
+GRUB2_TARGET = aarch64
+GRUB2_PLATFORM = efi
 endif
 
 # Grub2 is kind of special: it considers CC, LD and so on to be the
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 3/8] grub2: use grub2-tools as a host package
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

Grub 2 requires the host grub2-mkimage tool to build some of its target
images.
The current way of obtaining this tool in the grub2 package is to
perform a simultaneous host-tools/target-bootloader build during the
grub2 build step.

During work to enable Grub 2 support for arm/aarch64 (to come in
upcoming patches), this flow was a complication and led to hard-to-debug
problems in the target image (i.e. strange relocation errors in
runtime).

By making a better separation between the build of grub2 host tools and
target boot loader image, these problems have not been observed and it
makes the grub2 recipe less complex to understand.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
---
Changes v1 -> v2:
  - Moved a small fix from the next patch to this one (pointed out by
    Arnout Vandecappelle)
---
 boot/grub2/grub2.mk                | 32 +++++++++++---------------------
 package/grub2-tools/grub2-tools.mk |  7 +++++++
 2 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk
index 171829d..f0bd2ee 100644
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -9,7 +9,9 @@ GRUB2_SITE = http://ftp.gnu.org/gnu/grub
 GRUB2_SOURCE = grub-$(GRUB2_VERSION).tar.xz
 GRUB2_LICENSE = GPL-3.0+
 GRUB2_LICENSE_FILES = COPYING
-GRUB2_DEPENDENCIES = host-bison host-flex
+GRUB2_DEPENDENCIES = host-bison host-flex host-grub2-tools
+GRUB2_INSTALL_TARGET = NO
+GRUB2_INSTALL_IMAGES = YES
 
 GRUB2_BUILTIN_MODULES = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES))
 GRUB2_BUILTIN_CONFIG = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG))
@@ -41,24 +43,20 @@ endif
 # Grub2 is kind of special: it considers CC, LD and so on to be the
 # tools to build the native tools (i.e to be executed on the build
 # machine), and uses TARGET_CC, TARGET_CFLAGS, TARGET_CPPFLAGS,
-# TARGET_LDFLAGS to build the bootloader itself. However, to add to
-# the confusion, it also uses NM, OBJCOPY and STRIP to build the
-# bootloader itself; none of these are used to build the native
-# tools.
+# TARGET_LDFLAGS to build the bootloader itself.
 #
 # NOTE: TARGET_STRIP is overridden by BR2_STRIP_none, so always
 # use the cross compile variant to ensure grub2 builds
 
 GRUB2_CONF_ENV = \
-	$(HOST_CONFIGURE_OPTS) \
-	CPP="$(HOSTCC) -E" \
+	CPP="$(TARGET_CC) -E" \
 	TARGET_CC="$(TARGET_CC)" \
 	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
 	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
 	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
-	NM="$(TARGET_NM)" \
-	OBJCOPY="$(TARGET_OBJCOPY)" \
-	STRIP="$(TARGET_CROSS)strip"
+	TARGET_NM="$(TARGET_NM)" \
+	TARGET_OBJCOPY="$(TARGET_OBJCOPY)" \
+	TARGET_STRIP="$(TARGET_CROSS)strip"
 
 GRUB2_CONF_OPTS = \
 	--target=$(GRUB2_TARGET) \
@@ -70,13 +68,6 @@ GRUB2_CONF_OPTS = \
 	--enable-libzfs=no \
 	--disable-werror
 
-# We don't want all the native tools and Grub2 modules to be installed
-# in the target. So we in fact install everything into the host
-# directory, and the image generation process (below) will use the
-# grub-mkimage tool and Grub2 modules from the host directory.
-
-GRUB2_INSTALL_TARGET_OPTS = DESTDIR=$(HOST_DIR) install
-
 ifeq ($(BR2_TARGET_GRUB2_I386_PC),y)
 define GRUB2_IMAGE_INSTALL_ELTORITO
 	cat $(HOST_DIR)/usr/lib/grub/$(GRUB2_TUPLE)/cdboot.img $(GRUB2_IMAGE) > \
@@ -84,10 +75,10 @@ define GRUB2_IMAGE_INSTALL_ELTORITO
 endef
 endif
 
-define GRUB2_IMAGE_INSTALLATION
+define GRUB2_INSTALL_IMAGES_CMDS
 	mkdir -p $(dir $(GRUB2_IMAGE))
 	$(HOST_DIR)/usr/bin/grub-mkimage \
-		-d $(HOST_DIR)/usr/lib/grub/$(GRUB2_TUPLE) \
+		-d $(@D)/grub-core/ \
 		-O $(GRUB2_TUPLE) \
 		-o $(GRUB2_IMAGE) \
 		-p "$(GRUB2_PREFIX)" \
@@ -97,14 +88,13 @@ define GRUB2_IMAGE_INSTALLATION
 	$(INSTALL) -D -m 0644 boot/grub2/grub.cfg $(GRUB2_CFG)
 	$(GRUB2_IMAGE_INSTALL_ELTORITO)
 endef
-GRUB2_POST_INSTALL_TARGET_HOOKS += GRUB2_IMAGE_INSTALLATION
 
 ifeq ($(GRUB2_PLATFORM),efi)
 define GRUB2_EFI_STARTUP_NSH
 	echo $(notdir $(GRUB2_IMAGE)) > \
 		$(BINARIES_DIR)/efi-part/startup.nsh
 endef
-GRUB2_POST_INSTALL_TARGET_HOOKS += GRUB2_EFI_STARTUP_NSH
+GRUB2_POST_INSTALL_IMAGES_HOOKS += GRUB2_EFI_STARTUP_NSH
 endif
 
 $(eval $(autotools-package))
diff --git a/package/grub2-tools/grub2-tools.mk b/package/grub2-tools/grub2-tools.mk
index 8bf1a31..f98f4aa 100644
--- a/package/grub2-tools/grub2-tools.mk
+++ b/package/grub2-tools/grub2-tools.mk
@@ -10,6 +10,10 @@ GRUB2_TOOLS_SOURCE = grub-$(GRUB2_VERSION).tar.xz
 GRUB2_TOOLS_LICENSE = GPLv3+
 GRUB2_TOOLS_LICENSE_FILES = COPYING
 GRUB2_TOOLS_DEPENDENCIES = host-bison host-flex
+HOST_GRUB2_TOOLS_DEPENDENCIES = host-bison host-flex
+
+HOST_GRUB2_TOOLS_CONF_ENV = \
+	CPP="$(HOSTCC) -E"
 
 GRUB2_TOOLS_CONF_ENV = \
 	CPP="$(TARGET_CC) -E" \
@@ -29,4 +33,7 @@ GRUB2_TOOLS_CONF_OPTS = \
 	--enable-libzfs=no \
 	--disable-werror
 
+HOST_GRUB2_TOOLS_CONF_OPTS = $(GRUB2_TOOLS_CONF_OPTS)
+
 $(eval $(autotools-package))
+$(eval $(host-autotools-package))
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 2/8] grub2-tools: new package
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

Support tools to interact with GNU GRUB Multiboot boot loader.

In the context of Buildroot, some useful target tools provided by
grub2-tools are grub2-editenv, grub2-reboot, which provide means to
manage the Grub 2 environment, boot order, and others.

This package is also meant as a preparation step to be turned into a
host-package later and help decouple the target and host portions of the
actual Grub 2 boot loader package.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
Changes v1 -> v2:
  - bump to 2.02 instead of git, as discussed in the mailing list, and
  also 2.02 final release has finally been done this week.
  - grub 2.02 is not in the Buildroot default gnu mirror yet it seems.
  - needs wchar
  - add myself to the DEVELOPERS file
---
 DEVELOPERS                           |  1 +
 package/Config.in                    |  1 +
 package/grub2-tools/Config.in        | 10 ++++++++++
 package/grub2-tools/grub2-tools.hash |  2 ++
 package/grub2-tools/grub2-tools.mk   | 32 ++++++++++++++++++++++++++++++++
 5 files changed, 46 insertions(+)
 create mode 100644 package/grub2-tools/Config.in
 create mode 100644 package/grub2-tools/grub2-tools.hash
 create mode 100644 package/grub2-tools/grub2-tools.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 123a8f9..d6e7b85 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -472,6 +472,7 @@ F:	package/acpitool/
 F:	package/efibootmgr/
 F:	package/efivar/
 F:	package/fwts/
+F:	package/grub2-tools/
 F:	package/spi-tools/
 F:	package/xdotool/
 
diff --git a/package/Config.in b/package/Config.in
index 4eaa95b..6eee7d4 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -398,6 +398,7 @@ endmenu
 	source "package/gpm/Config.in"
 	source "package/gpsd/Config.in"
 	source "package/gptfdisk/Config.in"
+	source "package/grub2-tools/Config.in"
 	source "package/gvfs/Config.in"
 	source "package/hdparm/Config.in"
 	source "package/hwdata/Config.in"
diff --git a/package/grub2-tools/Config.in b/package/grub2-tools/Config.in
new file mode 100644
index 0000000..24a5664
--- /dev/null
+++ b/package/grub2-tools/Config.in
@@ -0,0 +1,10 @@
+config BR2_PACKAGE_GRUB2_TOOLS
+	bool "grub2-tools"
+	depends on BR2_USE_WCHAR
+	help
+	  Support tools to interact with GNU GRUB Multiboot boot loader.
+
+	  http://www.gnu.org/software/grub/
+
+comment "grub2-tools needs a toolchain w/ wchar"
+	depends on !BR2_USE_WCHAR
diff --git a/package/grub2-tools/grub2-tools.hash b/package/grub2-tools/grub2-tools.hash
new file mode 100644
index 0000000..7f0679f
--- /dev/null
+++ b/package/grub2-tools/grub2-tools.hash
@@ -0,0 +1,2 @@
+# Locally computed:
+sha256 810b3798d316394f94096ec2797909dbf23c858e48f7b3830826b8daa06b7b0f grub-2.02.tar.xz
diff --git a/package/grub2-tools/grub2-tools.mk b/package/grub2-tools/grub2-tools.mk
new file mode 100644
index 0000000..8bf1a31
--- /dev/null
+++ b/package/grub2-tools/grub2-tools.mk
@@ -0,0 +1,32 @@
+################################################################################
+#
+# grub2-tools
+#
+################################################################################
+
+GRUB2_TOOLS_VERSION = 2.02
+GRUB2_TOOLS_SITE = http://ftp.gnu.org/gnu/grub
+GRUB2_TOOLS_SOURCE = grub-$(GRUB2_VERSION).tar.xz
+GRUB2_TOOLS_LICENSE = GPLv3+
+GRUB2_TOOLS_LICENSE_FILES = COPYING
+GRUB2_TOOLS_DEPENDENCIES = host-bison host-flex
+
+GRUB2_TOOLS_CONF_ENV = \
+	CPP="$(TARGET_CC) -E" \
+	TARGET_CC="$(TARGET_CC)" \
+	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
+	TARGET_CPPFLAGS="$(TARGET_CPPFLAGS)" \
+	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
+	TARGET_NM="$(TARGET_NM)" \
+	TARGET_OBJCOPY="$(TARGET_OBJCOPY)" \
+	TARGET_STRIP="$(TARGET_CROSS)strip"
+
+GRUB2_TOOLS_CONF_OPTS = \
+	--disable-grub-mkfont \
+	--enable-efiemu=no \
+	ac_cv_lib_lzma_lzma_code=no \
+	--enable-device-mapper=no \
+	--enable-libzfs=no \
+	--disable-werror
+
+$(eval $(autotools-package))
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 1/8] grub2: bump up version
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426213953.14904-1-nunes.erico@gmail.com>

After many years since the last release and a long time with grub 2.02
in beta, there is finally a release and it brings many bug fixes and
interesting features such as support for ARM.

Patch boot/grub2/0001-remove-gets.patch doesn't seem to be required
anymore as grub-core/gnulib/stdio.in.h has changed significantly since
"053cfcd Import new gnulib." and has another treatment for gets.
Patch
boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
was a backport which is present after the bump and therefore is also no
longer necessary.

Signed-off-by: Erico Nunes <nunes.erico@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
Changes v1 -> v2:
  - bump to 2.02 instead of git, as discussed in the mailing list, and
  also the 2.02 final release has finally been done this week.
  - grub 2.02 is not in the Buildroot default gnu mirror yet it seems.
  - needs wchar
---
 boot/grub2/0001-remove-gets.patch                  | 21 ------------
 ...ettext-gettext.c-main_context-secondary_c.patch | 39 ----------------------
 boot/grub2/Config.in                               |  5 +++
 boot/grub2/grub2.hash                              |  4 +--
 boot/grub2/grub2.mk                                |  4 +--
 5 files changed, 9 insertions(+), 64 deletions(-)
 delete mode 100644 boot/grub2/0001-remove-gets.patch
 delete mode 100644 boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch

diff --git a/boot/grub2/0001-remove-gets.patch b/boot/grub2/0001-remove-gets.patch
deleted file mode 100644
index 0da71b3..0000000
--- a/boot/grub2/0001-remove-gets.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-ISO C11 removes the specification of gets() from the C language, eglibc 2.16+ removed it
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-
-Upstream-Status: Pending
-Index: grub-1.99/grub-core/gnulib/stdio.in.h
-===================================================================
---- grub-1.99.orig/grub-core/gnulib/stdio.in.h	2010-12-01 06:45:43.000000000 -0800
-+++ grub-1.99/grub-core/gnulib/stdio.in.h	2012-07-04 12:25:02.057099107 -0700
-@@ -140,8 +140,10 @@
- /* It is very rare that the developer ever has full control of stdin,
-    so any use of gets warrants an unconditional warning.  Assume it is
-    always declared, since it is required by C89.  */
-+#if defined gets
- #undef gets
- _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
-+#endif
- 
- #if @GNULIB_FOPEN@
- # if @REPLACE_FOPEN@
diff --git a/boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch b/boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
deleted file mode 100644
index 94be092..0000000
--- a/boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From f30c692c1f9ef0e93bee2b408a24baa017f1ca9d Mon Sep 17 00:00:00 2001
-From: Vladimir Serbinenko <phcoder@gmail.com>
-Date: Thu, 7 Nov 2013 01:01:47 +0100
-Subject: [PATCH] 	* grub-core/gettext/gettext.c (main_context),
- (secondary_context): 	Define after defining type and not before.
-
-[Thomas: backport from upstream commit
-f30c692c1f9ef0e93bee2b408a24baa017f1ca9d, and remove ChangeLog
-modifications to avoid conflicts.]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
----
- grub-core/gettext/gettext.c | 4 ++--
- 2 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c
-index df73570..4880cef 100644
---- a/grub-core/gettext/gettext.c
-+++ b/grub-core/gettext/gettext.c
-@@ -34,8 +34,6 @@ GRUB_MOD_LICENSE ("GPLv3+");
-    http://www.gnu.org/software/autoconf/manual/gettext/MO-Files.html .
- */
- 
--static struct grub_gettext_context main_context, secondary_context;
--
- static const char *(*grub_gettext_original) (const char *s);
- 
- struct grub_gettext_msg
-@@ -69,6 +67,8 @@ struct grub_gettext_context
-   struct grub_gettext_msg *grub_gettext_msg_list;
- };
- 
-+static struct grub_gettext_context main_context, secondary_context;
-+
- #define MO_MAGIC_NUMBER 		0x950412de
- 
- static grub_err_t
--- 
-2.7.4
-
diff --git a/boot/grub2/Config.in b/boot/grub2/Config.in
index 7dc5cae..eede814 100644
--- a/boot/grub2/Config.in
+++ b/boot/grub2/Config.in
@@ -1,6 +1,7 @@
 config BR2_TARGET_GRUB2
 	bool "grub2"
 	depends on BR2_i386 || BR2_x86_64
+	depends on BR2_USE_WCHAR
 	help
 	  GNU GRUB is a Multiboot boot loader. It was derived from
 	  GRUB, the GRand Unified Bootloader, which was originally
@@ -167,3 +168,7 @@ config BR2_TARGET_GRUB2_BUILTIN_CONFIG
 	  entries cannot be described in this embedded configuration.
 
 endif # BR2_TARGET_GRUB2
+
+comment "grub2 needs a toolchain w/ wchar"
+	depends on BR2_i386 || BR2_x86_64 || BR2_arm || BR2_aarch64
+	depends on !BR2_USE_WCHAR
diff --git a/boot/grub2/grub2.hash b/boot/grub2/grub2.hash
index 8883905..7f0679f 100644
--- a/boot/grub2/grub2.hash
+++ b/boot/grub2/grub2.hash
@@ -1,2 +1,2 @@
-# Locally calculated after checking pgp signature
-sha256	784ec38e7edc32239ad75b8e66df04dc8bfb26d88681bc9f627133a6eb85c458	grub-2.00.tar.xz
+# Locally computed:
+sha256 810b3798d316394f94096ec2797909dbf23c858e48f7b3830826b8daa06b7b0f grub-2.02.tar.xz
diff --git a/boot/grub2/grub2.mk b/boot/grub2/grub2.mk
index dc01983..171829d 100644
--- a/boot/grub2/grub2.mk
+++ b/boot/grub2/grub2.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-GRUB2_VERSION = 2.00
-GRUB2_SITE = $(BR2_GNU_MIRROR)/grub
+GRUB2_VERSION = 2.02
+GRUB2_SITE = http://ftp.gnu.org/gnu/grub
 GRUB2_SOURCE = grub-$(GRUB2_VERSION).tar.xz
 GRUB2_LICENSE = GPL-3.0+
 GRUB2_LICENSE_FILES = COPYING
-- 
2.9.3

^ permalink raw reply related

* [Buildroot] [PATCH v2 0/8] grub2: bump and add support for arm and aarch64
From: Erico Nunes @ 2017-04-26 21:39 UTC (permalink / raw)
  To: buildroot

This patch series bumps Grub 2 to the latest and recent release
(finally) and performs some changes to the package (notably the split
into grub2 and grub2-tools) to enable arm and aarch64 support in it.

Some significant effort was put into figuring how to make this all work.
Unfortunately, not a lot of documentation or examples are available on
the subject.
Initial encouragement that this might be possible with Buildroot targets
came from [1].

Grub 2 for arm/aarch64 can be used either in a uboot platform or efi
platform.

As a uboot platform, Grub 2 image gets built as a u-boot image (i.e. output
from u-boot mkimage) and is booted in u-boot through a regular "bootm". The
only requirement from u-boot side in order to allow this is that u-boot is
built with CONFIG_API enabled. CONFIG_API is not enabled by default in most
in-tree configurations, however, it is available for quite some time now. So it
may be possible to use this even on older u-boot versions.
This is available only for arm (32-bit).

As an efi platform, Grub 2 gets built as an EFI executable. This allows
EFI firmware to find and load it similarly as it can be done for x86_64.
It is possible to run aarch64 EFI firmware in qemu [2] and load Grub 2
to test it this way (I have actually used the aarch64 firmware
distributed with edk2-aarch64 from Fedora).
Also, there is a very cool recent u-boot feature which allows u-boot to
load and boot an EFI executable - bootefi [3] - so the Grub 2 efi
platform can also be used from u-boot in recent versions. This has been
released only in u-boot v2016.05 and is enabled (mostly) by default for
arm u-boot.
efi platform is available for both arm and aarch64.

After enabling support for these Grub 2 platform in Buildroot, I have
tested them (and found to work) in the following environments:

arm-uboot:
- qemu arm vexpress, loaded through u-boot bootm as in [1], no patches
necessary.
- BeagleBone, loaded through u-boot bootm (worked after a small patch I
crafted for Grub 2 which I hope to sort out with upstream, possibly
platform specific).

arm-efi:
- BeagleBone, with u-boot v2016.05, loaded through u-boot bootefi as in
[3], no patches necessary.

aarch64-efi:
- qemu aarch64 virt, using EDK II firmware for aarch64, Grub 2 loaded
through usual UEFI path, no patches necessary.
- Odroid-C2, aarch64, using an upstream u-boot and upstream v4.11-rc8
kernel, with Grub 2 loaded through u-boot bootefi as in [3].

I have also verified that pc_x86_64_bios_defconfig and
pc_x86_64_efi_defconfig build and boot correctly with Grub 2 without
modifications after applying this patch series.


During development, I split the grub2 package into (host-)grub2-tools
and grub2. Since v1 I was having trouble in trying to make the existing
grub2 package work for arm, getting some weird relocation errors when
executing it on the target, despite it working as expected by manually
following [1] with recent grub2 and u-boot versions. I tracked it down
as much as to be something related to the use of $(HOST_CONFIGURE_OPTS)
in GRUB2_CONF_ENV, but didn't find the exact cause.
By spliting the packages into a host and target version, the errors
ceased, it also made the grub2 recipe clearer (less confusion about
mixed host/target build variables) and we also get the added benefit of
enabling grub2-tools to be built for the target. It is interesting to
have it in the target for tools such as grub2-reboot.
(I didn't actually spend more time on this for v2 as the split seems to
 make much more sense anyway).


Changes v1 -> v2:
  - Update to the 2.02 release, this settles the questions about using
  git master or a beta release, as it is now an official release.
  - Moved the grub2 additional documentation from its Config.in to a
  readme.txt in the package directory as it was discussed in v1.
  - Added grub2 extra documentation for arm and aarch64.
  - Fixed small bugs such as the lack of depends on wchar.
  - Re-tested everything, including pc_* defconfigs, except BeagleBone
  (lots of extra work, not my primary target, and nothing changed on the
   arm-efi part).
  Odroid-C2 works much more nicely with u-boot bootefi + grub2
  aarch64-efi now that it has better u-boot/kernel upstream support.
  - The Image.gz format for linux aarch64.

[1] https://www.hellion.org.uk/blog/posts/grub-on-uboot-on-qemu/
[2] https://www.kraxel.org/repos/jenkins/edk2/
[3] https://www.youtube.com/watch?v=bNL1pd-rwCU

Erico Nunes (8):
  grub2: bump up version
  grub2-tools: new package
  grub2: use grub2-tools as a host package
  grub2: enable support for arm and aarch64 targets
  grub2: introduce BR2_TARGET_GRUB2_CFG
  grub2: move usage notes to package readme.txt
  grub2: add usage notes for Grub 2 ARM and aarch64
  linux: new Image.gz format for aarch64

 DEVELOPERS                                         |   1 +
 boot/grub2/0001-remove-gets.patch                  |  21 --
 ...ettext-gettext.c-main_context-secondary_c.patch |  39 ----
 boot/grub2/Config.in                               | 152 +++++---------
 boot/grub2/grub2.hash                              |   4 +-
 boot/grub2/grub2.mk                                |  62 +++---
 boot/grub2/readme.txt                              | 231 +++++++++++++++++++++
 linux/Config.in                                    |   4 +
 linux/linux.mk                                     |   2 +
 package/Config.in                                  |   1 +
 package/grub2-tools/Config.in                      |  10 +
 package/grub2-tools/grub2-tools.hash               |   2 +
 package/grub2-tools/grub2-tools.mk                 |  39 ++++
 13 files changed, 378 insertions(+), 190 deletions(-)
 delete mode 100644 boot/grub2/0001-remove-gets.patch
 delete mode 100644 boot/grub2/0002-grub-core-gettext-gettext.c-main_context-secondary_c.patch
 create mode 100644 boot/grub2/readme.txt
 create mode 100644 package/grub2-tools/Config.in
 create mode 100644 package/grub2-tools/grub2-tools.hash
 create mode 100644 package/grub2-tools/grub2-tools.mk

-- 
2.9.3

^ permalink raw reply

* [Buildroot] [PATCH 9/9] package/python-ipython: Add dependecy list
From: Andrey Smirnov @ 2017-04-26 18:48 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426033812.mzyxtmigeaz7m5zz@sapphire.tkos.co.il>

On Tue, Apr 25, 2017 at 8:38 PM, Baruch Siach <baruch@tkos.co.il> wrote:
> Hi Andrey,
>
> On Tue, Apr 25, 2017 at 12:14:23PM -0700, Andrey Smirnov wrote:
>> List minimal set of packages needed to be installed alongside to be able
>> to run IPython with Python 3 (not tested on Python 2)
>
> [...]
>
>> diff --git a/package/python-ipython/python-ipython.mk b/package/python-ipython/python-ipython.mk
>> index e57d69d..f627846 100644
>> --- a/package/python-ipython/python-ipython.mk
>> +++ b/package/python-ipython/python-ipython.mk
>> @@ -10,5 +10,19 @@ PYTHON_IPYTHON_SITE = https://pypi.python.org/packages/6e/cf/c2a3ca5942e2d808457
>>  PYTHON_IPYTHON_LICENSE = BSD-3-Clause
>>  PYTHON_IPYTHON_LICENSE_FILES = COPYING.rst
>>  PYTHON_IPYTHON_SETUP_TYPE = distutils
>> +PYTHON_IPYTHON_DEPENDS =     \
>> +     python-traitlets        \
>> +     python-six              \
>> +     python-ipython-genutils \
>> +     python-pygments         \
>> +     python-pexpect          \
>> +     python-ptyprocess       \
>> +     python-pickleshare      \
>> +     python-prompt-toolkit   \
>> +     python-simplegeneric
>> +
>> +ifeq ($(BR2_PACKAGE_PYTHON),y)
>> +PYTHON_IPYTHON_DEPENDS += python-backports-shutil-get-terminal-size
>> +endif
>
> Are these run-time only dependencies? If so there is no need to list them in
> <PKG>_DEPENDS, since they are not needed at build time.
>

They are and agreed. Will remove in v2.

Thanks,
Andrey Smirnov

^ permalink raw reply

* [Buildroot] [PATCH 2/9] package/python-traitlets: New package
From: Andrey Smirnov @ 2017-04-26 18:47 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426092624.7687d704@free-electrons.com>

On Wed, Apr 26, 2017 at 12:26 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Tue, 25 Apr 2017 12:14:16 -0700, Andrey Smirnov wrote:
>> diff --git a/package/python-traitlets/Config.in b/package/python-traitlets/Config.in
>> new file mode 100644
>> index 0000000..ba79218
>> --- /dev/null
>> +++ b/package/python-traitlets/Config.in
>> @@ -0,0 +1,8 @@
>> +config BR2_PACKAGE_PYTHON_TRAITLETS
>> +     select BR2_PACKAGE_PYTHON_DECORATOR
>> +     select BR2_PACKAGE_PYTHON_ENUM if BR2_PACKAGE_PYTHON
>> +     bool "python-traitlets"
>
> The "bool" should be before the selects. Have you run your packages
> through support/scripts/check-package ?

No, forgot to do that, my bad, sorry. Will do in v2.

>
>> +PYTHON_TRAITLETS_DEPENDENCIES = python-decorator
>> +
>> +ifeq ($(BR2_PACKAGE_PYTHON),y)
>> +PYTHON_TRAITLETS_DEPENDENCIES += python-enum
>> +endif
>
> Are these really build time dependencies, or just runtime dependencies?

I think all of those are runtime dependencies. Will remove code like
this for non build time dependencies globally in v2.

Thanks,
Andrey Smirnov

^ permalink raw reply

* [Buildroot] [PATCH 1/9] package/python-decorator: New package
From: Andrey Smirnov @ 2017-04-26 18:41 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426092525.3a0b2661@free-electrons.com>

On Wed, Apr 26, 2017 at 12:25 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
> Hello,
>
> On Tue, 25 Apr 2017 12:14:15 -0700, Andrey Smirnov wrote:
>
>> +PYTHON_DECORATOR_VERSION = 4.0.11
>> +PYTHON_DECORATOR_SITE = https://github.com/micheles/decorator.git
>> +PYTHON_DECORATOR_SITE_METHOD = git
>> +PYTHON_DECORATOR_LICENSE = BSD-2c
>
> This is not the correct SPDX license code: we have recently switched to
> use SPDX license codes everywhere in Buildroot, so this should be
> BSD-2-Clause (see https://spdx.org/licenses/).
>
> This should be fixed globally in your patch series.

OK, will do in v2.

Thanks,
Andrey Smirnov

^ permalink raw reply

* [Buildroot] [PATCH] binutils: fix bfin compile error
From: Waldemar Brodkorb @ 2017-04-26 17:48 UTC (permalink / raw)
  To: buildroot

Newer gcc requires even lower optimization, only with -O0 we
can successfully compile binutils for the target.

Fixes:
  http://autobuild.buildroot.net/results/fb95cd7f7fcc532d036ed8f13853bc6f9a64d1b3

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 package/binutils/binutils.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/binutils/binutils.mk b/package/binutils/binutils.mk
index 03fd3a5..72e2d0b 100644
--- a/package/binutils/binutils.mk
+++ b/package/binutils/binutils.mk
@@ -64,10 +64,10 @@ HOST_BINUTILS_CONF_ENV += MAKEINFO=true
 HOST_BINUTILS_MAKE_OPTS += MAKEINFO=true
 HOST_BINUTILS_INSTALL_OPTS += MAKEINFO=true install
 
-# gcc bug with Os/O2/O3, PR77311
+# gcc bug with Os/O1/O2/O3, PR77311
 # error: unable to find a register to spill in class 'CCREGS'
 ifeq ($(BR2_bfin),y)
-BINUTILS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -O1"
+BINUTILS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -O0"
 endif
 
 # Workaround a build issue with -Os for ARM Cortex-M cpus.
-- 
2.1.4

^ permalink raw reply related

* [Buildroot] [PATCH] package/protobuf: depend on gcc >= 4.5
From: mrugiero at gmail.com @ 2017-04-26 16:28 UTC (permalink / raw)
  To: buildroot

From: "Mario J. Rugiero" <mrugiero@gmail.com>

Protobuf hits a bug in gcc < 4.5 which breaks the build.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=189

Signed-off-by: Mario J. Rugiero <mrugiero@gmail.com>
---
 package/protobuf/Config.in | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/package/protobuf/Config.in b/package/protobuf/Config.in
index 03d118cfc..e3c94dcd6 100644
--- a/package/protobuf/Config.in
+++ b/package/protobuf/Config.in
@@ -22,6 +22,7 @@ config BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS
 	default y if BR2_x86_64
 	default y if BR2_sparc64
 	default y if BR2_TOOLCHAIN_HAS_ATOMIC
+	depends on BR2_HOST_GCC_AT_LEAST_4_5
 	depends on BR2_HOSTARCH = "x86_64" || BR2_HOSTARCH = "x86"
 	depends on BR2_USE_MMU # fork()
 
@@ -30,6 +31,7 @@ config BR2_PACKAGE_PROTOBUF
 	depends on BR2_INSTALL_LIBSTDCPP
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_5
 	depends on !BR2_STATIC_LIBS
 	help
 	  Protocol buffers are Google's language-neutral, platform-neutral,
@@ -37,7 +39,7 @@ config BR2_PACKAGE_PROTOBUF
 
 	  https://developers.google.com/protocol-buffers
 
-comment "protobuf needs a toolchain w/ C++, threads, dynamic library"
+comment "protobuf needs a toolchain w/ C++, threads, dynamic library, gcc >= 4.5"
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
-		|| BR2_STATIC_LIBS
+		|| BR2_STATIC_LIBS || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_5
 	depends on BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS
-- 
2.12.2

^ permalink raw reply related

* [Buildroot] [Bug 9836] triggerhappy: systemd unit broken
From: bugzilla at busybox.net @ 2017-04-26 15:07 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <bug-9836-163@https.bugs.busybox.net/>

https://bugs.busybox.net/show_bug.cgi?id=9836

Michael Heinemann <posted@heine.so> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |posted at heine.so

--- Comment #2 from Michael Heinemann <posted@heine.so> ---
Created attachment 7046
  --> https://bugs.busybox.net/attachment.cgi?id=7046&action=edit
patch to bump version to 0.5.0

Proposed fix to bump version and fix systemd unit

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply

* [Buildroot] [PATCH 1/1] setlocalversion: fix detection of hg revision for untagged versions
From: Thomas De Schampheleire @ 2017-04-26 13:56 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <87r30fmhvp.fsf@dell.be.48ers.dk>

Hi Peter,

2017-04-26 15:13 GMT+02:00 Peter Korsgaard <peter@korsgaard.com>:
>>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes:
>
>  > From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
>  > By default, cut prints the entire line if the specified delimiter is not
>  > present at all:
>
>  >     $ printf "foo bar" | cut -d' ' -f2
>  >     bar
>  >     $ printf "foobar" | cut -d' ' -f2
>  >     foobar
>
>  > In setlocalversion, cut is presented with the output of 'hg id' which has
>  > the format:
>
>  >     "<revision> <tags-if-any>"
>
>  > If the current revision is not tagged, the output of 'hg id' does not
>  > contain the delimiter (space), cut prints the entire string, and
>  > setlocalversion thinks the version is the tag.
>  > As setlocalversion does not print anything for tagged versions, there is no
>  > output overall, and no correct indication of the mercurial revision.
>
>  > Fix by passing the extra cut option '--only-delimited', which suppresses
>  > output if no delimiter is found.
>
>  > This problem likely went unnoticed for so long, because the tag 'tip' (i.e.
>  > most recent revision of the branch) is treated specially: in this case the
>  > mercurial revision _is_ printed, i.e. the situation is treated as
>  > 'untagged'.
>  > The problem is only seen when you are _not_ at the most recent revision in
>  > your branch.
>
> setlocalversion comes from the kernel. Do you have the same problem
> there?
>
> I see this particular line changed back in 2010 in the kernel repo:
>
>
> commit 8558f59edf935cf5ee5ffc29a9e9458fd9a71be1
> Author: Michal Marek <mmarek@suse.cz>
> Date:   Mon Aug 16 17:09:52 2010 +0200
>
>     setlocalversion: Ignote SCMs above the linux source tree
>
>     Dan McGee <dpmcgee@gmail.com> writes:
>     > Note that when in git, you get the appended "+" sign. If
>     > LOCALVERSION_AUTO is set, you will get something like
>     > "eee-gb01b08c-dirty" (whereas the copy of the tree in /tmp still
>     > returns "eee"). It doesn't matter whether the working tree is dirty or
>     > clean.
>     >
>     > Is there a way to disable this? I'm building from a clean tarball that
>     > just happens to be unpacked inside a git repository. One would think
>     > setting LOCALVERSION_AUTO to false would do it, but no such luck...
>
>     Fix this by checking if the kernel source tree is the root of the git or
>     hg repository. No fix for svn: If the kernel source is not tracked in
>     the svn repository, it works as expected, otherwise determining the
>     'repository root' is not really a defined task.
>
>     Reported-and-tested-by: Dan McGee <dpmcgee@gmail.com>
>     Signed-off-by: Michal Marek <mmarek@suse.cz>
>
>
> Perhaps synching with the kernel would be a better way forward than
> adding local modifications?


I tried using the latest version from the kernel in Buildroot and
notice the following:

- the version from the kernel now expects to find
include/config/auto.conf and bails out otherwise. Commenting out this
test...
- the output of that script is now just a +   i.e. the actual output
of the scm version does not matter. This is due to following code:
        scm=$(scm_version --short)
        res="$res${scm:++}"

   which means: if scm is empty, don't change res -- if scm is not
empty, then the literal '+' is appended to res.
- if I ignore that point and check the actual content of the 'scm'
variable, I notice that this script suffers from the same problem as
the buildroot one. My fix solves that aspect also in the kernel
script.


The kernel script has evolved a lot from the version that Buildroot
once took, I don't know if the changes have real value for us.
I also assume that the kernel developers will not really want to
customize their version of the script to add more configuration
switches to tweak the behavior.
https://github.com/torvalds/linux/blob/master/scripts/setlocalversion

Based on this feedback, how do you think we should proceed?

Thanks,
Thomas

^ permalink raw reply

* [Buildroot] [PATCH 1/1] setlocalversion: fix detection of hg revision for untagged versions
From: Peter Korsgaard @ 2017-04-26 13:13 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426124311.11449-1-patrickdepinguin@gmail.com>

>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes:

 > From: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
 > By default, cut prints the entire line if the specified delimiter is not
 > present at all:

 >     $ printf "foo bar" | cut -d' ' -f2
 >     bar
 >     $ printf "foobar" | cut -d' ' -f2
 >     foobar

 > In setlocalversion, cut is presented with the output of 'hg id' which has
 > the format:

 >     "<revision> <tags-if-any>"

 > If the current revision is not tagged, the output of 'hg id' does not
 > contain the delimiter (space), cut prints the entire string, and
 > setlocalversion thinks the version is the tag.
 > As setlocalversion does not print anything for tagged versions, there is no
 > output overall, and no correct indication of the mercurial revision.

 > Fix by passing the extra cut option '--only-delimited', which suppresses
 > output if no delimiter is found.

 > This problem likely went unnoticed for so long, because the tag 'tip' (i.e.
 > most recent revision of the branch) is treated specially: in this case the
 > mercurial revision _is_ printed, i.e. the situation is treated as
 > 'untagged'.
 > The problem is only seen when you are _not_ at the most recent revision in
 > your branch.

setlocalversion comes from the kernel. Do you have the same problem
there?

I see this particular line changed back in 2010 in the kernel repo:


commit 8558f59edf935cf5ee5ffc29a9e9458fd9a71be1
Author: Michal Marek <mmarek@suse.cz>
Date:   Mon Aug 16 17:09:52 2010 +0200

    setlocalversion: Ignote SCMs above the linux source tree

    Dan McGee <dpmcgee@gmail.com> writes:
    > Note that when in git, you get the appended "+" sign. If
    > LOCALVERSION_AUTO is set, you will get something like
    > "eee-gb01b08c-dirty" (whereas the copy of the tree in /tmp still
    > returns "eee"). It doesn't matter whether the working tree is dirty or
    > clean.
    >
    > Is there a way to disable this? I'm building from a clean tarball that
    > just happens to be unpacked inside a git repository. One would think
    > setting LOCALVERSION_AUTO to false would do it, but no such luck...

    Fix this by checking if the kernel source tree is the root of the git or
    hg repository. No fix for svn: If the kernel source is not tracked in
    the svn repository, it works as expected, otherwise determining the
    'repository root' is not really a defined task.

    Reported-and-tested-by: Dan McGee <dpmcgee@gmail.com>
    Signed-off-by: Michal Marek <mmarek@suse.cz>


Perhaps synching with the kernel would be a better way forward than
adding local modifications?

-- 
Bye, Peter Korsgaard

^ permalink raw reply

* [Buildroot] [PATCH 1/1] package/pcsc-lite: bump version to 1.8.20
From: Peter Korsgaard @ 2017-04-26 13:03 UTC (permalink / raw)
  To: buildroot
In-Reply-To: <20170426122600.ngu6qdfhsneanbje@sapphire.tkos.co.il>

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Hi Peter,
 > On Wed, Apr 26, 2017 at 09:06:53AM +0200, Peter Korsgaard wrote:
 >> >>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
 >> 
 >> > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
 >> 
 >> Committed, thanks.

 > Not in master as of 0a0524876b2872.

Hmm, indeed - Fixed now. Thanks!

-- 
Bye, Peter Korsgaard

^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox