PKG_NAME:=htop
PKG_VERSION:=2.2.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://hisham.hm/htop/releases/$(PKG_VERSION)/
+PKG_SOURCE_URL:=https://hisham.hm/htop/releases/$(PKG_VERSION)/
PKG_HASH:=d9d6826f10ce3887950d709b53ee1d8c1849a70fa38e91d5896ad8cbc6ba3c57
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:htop:htop
-PKG_FIXUP:=autoreconf
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
CATEGORY:=Administration
TITLE:=Interactive processes viewer
DEPENDS:=+libncurses
- URL:=http://htop.sourceforge.net/
+ URL:=https://hisham.hm/htop/
MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=monit
-PKG_VERSION:=5.24.0
+PKG_VERSION:=5.25.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=754d1f0e165e5a26d4639a6a83f44ccf839e381f2622e0946d5302fa1f2d2414
PKG_SOURCE_URL:=https://mmonit.com/monit/dist
+PKG_HASH:=aa0ce6361d1155e43e30a86dcff00b2003d434f221c360981ced830275abc64a
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_LICENSE:=AGPL-3.0
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:tildeslash:monit
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
--- a/configure
+++ b/configure
-@@ -13852,14 +13852,7 @@ fi
+@@ -14390,14 +14390,7 @@ fi
# Find the right directory to put the root-mode PID file in
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking pid file location" >&5
$as_echo_n "checking pid file location... " >&6; }
PECL_NAME:=pecl_http
PECL_LONGNAME:=Extended HTTP Support
-PKG_VERSION:=3.1.0
-PKG_RELEASE:=5
-PKG_HASH:=e3de67b156e7d5f6c2e5eb1e2b5f0acceb7004f1260d68c9f8b2c0f9629aabf0
+PKG_VERSION:=3.2.0
+PKG_RELEASE:=1
+PKG_HASH:=6fb7f038365fb1f3302f1b7e7d6b55d5c422bdea36057b1efe02bbe6ad3cc01b
PKG_NAME:=php7-pecl-http
PKG_SOURCE:=$(PECL_NAME)-$(PKG_VERSION).tgz
+++ /dev/null
---- a/src/php_http_etag.c 2016-12-12 10:04:21.000000000 +0100
-+++ b/src/php_http_etag.c 2016-12-23 21:10:59.523222367 +0100
-@@ -60,7 +60,7 @@
- unsigned char buf[4];
-
- *((uint *) e->ctx) = ~*((uint *) e->ctx);
--#if WORDS_BIGENDIAN
-+#ifdef WORDS_BIGENDIAN
- etag = php_http_etag_digest((unsigned char *) e->ctx, 4);
- #else
- buf[0] = ((unsigned char *) e->ctx)[3];
+++ /dev/null
-From ab5b4e3acd2b0379e5d8bc95a8d4f83ce5c91fb7 Mon Sep 17 00:00:00 2001
-From: Michael Heimpold <mhei@heimpold.de>
-Date: Sun, 4 Jun 2017 15:00:33 +0200
-Subject: [PATCH] Handle NULL strings gracefully during constant registration
-
-When libcurl is compiled not using e.g. libz or SSL, then a call to
-curl_version_info could return NULL in the corresponding fields of
-curl_version_info_data.
-
-Passing such NULL pointers down to REGISTER_NS_STRING_CONSTANT results
-in a segfault during php startup, so let's check for this special case
-and register a NULL constant in this case.
-
-Signed-off-by: Michael Heimpold <mhei@heimpold.de>
----
- src/php_http_client_curl.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/src/php_http_client_curl.c b/src/php_http_client_curl.c
-index f286324..f07bb8f 100644
---- a/src/php_http_client_curl.c
-+++ b/src/php_http_client_curl.c
-@@ -2429,6 +2429,14 @@ php_http_client_ops_t *php_http_client_curl_get_ops(void)
- return &php_http_client_curl_ops;
- }
-
-+#define REGISTER_NS_STRING_OR_NULL_CONSTANT(ns, name, str, flags) \
-+ do { \
-+ if ((str) != NULL) { \
-+ REGISTER_NS_STRING_CONSTANT(ns, name, str, flags); \
-+ } else { \
-+ REGISTER_NS_NULL_CONSTANT(ns, name, flags); \
-+ } \
-+ } while (0)
-
- PHP_MINIT_FUNCTION(http_client_curl)
- {
-@@ -2509,12 +2517,12 @@ PHP_MINIT_FUNCTION(http_client_curl)
- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl", "VERSIONS", curl_version(), CONST_CS|CONST_PERSISTENT);
- #if CURLVERSION_NOW >= 0
- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl\\Versions", "CURL", (char *) info->version, CONST_CS|CONST_PERSISTENT);
-- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl\\Versions", "SSL", (char *) info->ssl_version, CONST_CS|CONST_PERSISTENT);
-- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl\\Versions", "LIBZ", (char *) info->libz_version, CONST_CS|CONST_PERSISTENT);
-+ REGISTER_NS_STRING_OR_NULL_CONSTANT("http\\Client\\Curl\\Versions", "SSL", (char *) info->ssl_version, CONST_CS|CONST_PERSISTENT);
-+ REGISTER_NS_STRING_OR_NULL_CONSTANT("http\\Client\\Curl\\Versions", "LIBZ", (char *) info->libz_version, CONST_CS|CONST_PERSISTENT);
- # if CURLVERSION_NOW >= 1
-- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl\\Versions", "ARES", (char *) info->ares, CONST_CS|CONST_PERSISTENT);
-+ REGISTER_NS_STRING_OR_NULL_CONSTANT("http\\Client\\Curl\\Versions", "ARES", (char *) info->ares, CONST_CS|CONST_PERSISTENT);
- # if CURLVERSION_NOW >= 2
-- REGISTER_NS_STRING_CONSTANT("http\\Client\\Curl\\Versions", "IDN", (char *) info->libidn, CONST_CS|CONST_PERSISTENT);
-+ REGISTER_NS_STRING_OR_NULL_CONSTANT("http\\Client\\Curl\\Versions", "IDN", (char *) info->libidn, CONST_CS|CONST_PERSISTENT);
- # endif
- # endif
- #endif
---
-2.7.4
-
+++ /dev/null
-From 8158548a80733b3af9539356b47527d960a13287 Mon Sep 17 00:00:00 2001
-From: Michael Wallner <mike@php.net>
-Date: Thu, 1 Feb 2018 14:36:09 +0100
-Subject: [PATCH] fix #73
-
-include idna.h prior idn2.h to ensure INDA_H is defined and libidn2 does
-not try to define the idna compat layer
----
- src/php_http.c | 6 +++---
- src/php_http_url.c | 6 +++---
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/php_http.c b/src/php_http.c
-index 207c248..bc9166a 100644
---- a/src/php_http.c
-+++ b/src/php_http.c
-@@ -31,12 +31,12 @@
- #if PHP_HTTP_HAVE_LIBICU
- # include <unicode/uversion.h>
- #endif
--#if PHP_HTTP_HAVE_LIBIDN2
--# include <idn2.h>
--#endif
- #if PHP_HTTP_HAVE_LIBIDN
- # include <idna.h>
- #endif
-+#if PHP_HTTP_HAVE_LIBIDN2
-+# include <idn2.h>
-+#endif
- #if PHP_HTTP_HAVE_LIBIDNKIT2 || PHP_HTTP_HAVE_LIBIDNKIT
- #include "idn/version.h"
- #endif
-diff --git a/src/php_http_url.c b/src/php_http_url.c
-index 029e6a8..361e61c 100644
---- a/src/php_http_url.c
-+++ b/src/php_http_url.c
-@@ -12,12 +12,12 @@
-
- #include "php_http_api.h"
-
--#if PHP_HTTP_HAVE_LIBIDN2
--# include <idn2.h>
--#endif
- #if PHP_HTTP_HAVE_LIBIDN
- # include <idna.h>
- #endif
-+#if PHP_HTTP_HAVE_LIBIDN2
-+# include <idn2.h>
-+#endif
- #if PHP_HTTP_HAVE_LIBICU
- # include <unicode/uidna.h>
- #endif
---
-2.7.4
-
include $(TOPDIR)/rules.mk
PKG_NAME:=python-gnupg
-PKG_VERSION:=0.4.1
+PKG_VERSION:=0.4.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://pypi.python.org/packages/fc/f1/df6c06da34939f67ea622e0b31dbc5bdb5121b271ab530d151df59974425/
-PKG_HASH:=ef47b02eaf41dee3cf4b02ddf83130827318de9fe3eae89d01a3f05859e20e1a
+PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/fd/a6/4ae8ec46a256444f65d745a92827c05fe6d4f3f4e1a40289a58ac37fe2b9
+PKG_HASH:=2d158dfc6b54927752b945ebe57e6a0c45da27747fa3b9ae66eccc0d2147ac0d
PKG_LICENSE:=GPL-3.0+
PKG_LICENSE_FILES:=LICENSE
SECTION:=lang
CATEGORY:=Languages
SUBMENU:=Python
- URL:=https://github.com/isislovecruft/python-gnupg
+ URL:=https://gnupg.readthedocs.io/en/latest/
DEPENDS:=+gnupg
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=libgpiod
-PKG_VERSION:=1.1
+PKG_VERSION:=1.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/libs/libgpiod/
-PKG_HASH:=9758466468a7ef3f5e30c182c1303abef6241e665cda4d82a64328a7474838c1
+PKG_HASH:=172fa1544ecb51f37533b3e67862298d50c0a5cc84975f3c0706dc15467f0dfd
PKG_LICENSE:=LGPL-2.1+
PKG_LICENSE_FILES:=COPYING
PKG_NAME:=libxml2
PKG_VERSION:=2.9.8
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://xmlsoft.org/sources/
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:xmlsoft:libxml2
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
--- /dev/null
+From 2240fbf5912054af025fb6e01e26375100275e74 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 30 Jul 2018 13:14:11 +0200
+Subject: [PATCH 13/13] Fix infinite loop in LZMA decompression
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the liblzma error code more thoroughly to avoid infinite loops.
+
+Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/13
+Closes: https://bugzilla.gnome.org/show_bug.cgi?id=794914
+
+This is CVE-2018-9251 and CVE-2018-14567.
+
+Thanks to Dongliang Mu and Simon Wörner for the reports.
+---
+ xzlib.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index a839169e..0ba88cfa 100644
+--- a/xzlib.c
++++ b/xzlib.c
+@@ -562,6 +562,10 @@ xz_decomp(xz_statep state)
+ "internal error: inflate stream corrupt");
+ return -1;
+ }
++ /*
++ * FIXME: Remapping a couple of error codes and falling through
++ * to the LZMA error handling looks fragile.
++ */
+ if (ret == Z_MEM_ERROR)
+ ret = LZMA_MEM_ERROR;
+ if (ret == Z_DATA_ERROR)
+@@ -587,6 +591,11 @@ xz_decomp(xz_statep state)
+ xz_error(state, LZMA_PROG_ERROR, "compression error");
+ return -1;
+ }
++ if ((state->how != GZIP) &&
++ (ret != LZMA_OK) && (ret != LZMA_STREAM_END)) {
++ xz_error(state, ret, "lzma error");
++ return -1;
++ }
+ } while (strm->avail_out && ret != LZMA_STREAM_END);
+
+ /* update available output and crc check value */
+--
+2.18.0
+
include $(TOPDIR)/rules.mk
PKG_NAME:=postgresql
-PKG_VERSION:=9.6.8
+PKG_VERSION:=9.6.10
PKG_RELEASE:=1
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=PostgreSQL
http://ftp.postgresql.org/pub/source/v$(PKG_VERSION) \
ftp://ftp.postgresql.org/pub/source/v$(PKG_VERSION)
-PKG_HASH:=eafdb3b912e9ec34bdd28b651d00226a6253ba65036cb9a41cad2d9e82e3eb70
+PKG_HASH:=8615acc56646401f0ede97a767dfd27ce07a8ae9c952afdb57163b7234fe8426
PKG_USE_MIPS16:=0
PKG_FIXUP:=autoreconf
PKG_NAME:=tiff
PKG_VERSION:=4.0.9
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.osgeo.org/libtiff
PKG_LICENSE:=BSD
PKG_LICENSE_FILES:=COPYRIGHT
+PKG_CPE_ID:=cpe:/a:libtiff:libtiff
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_libtiffxx
+++ /dev/null
-From c6f41df7b581402dfba3c19a1e3df4454c551a01 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sun, 31 Dec 2017 15:09:41 +0100
-Subject: [PATCH] libtiff/tif_print.c: TIFFPrintDirectory(): fix null pointer dereference on corrupted file. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2770
-
----
- libtiff/tif_print.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/libtiff/tif_print.c
-+++ b/libtiff/tif_print.c
-@@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd,
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
- (unsigned long) s,
-- (unsigned __int64) td->td_stripoffset[s],
-- (unsigned __int64) td->td_stripbytecount[s]);
-+ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
-+ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
- #else
- fprintf(fd, " %3lu: [%8llu, %8llu]\n",
- (unsigned long) s,
-- (unsigned long long) td->td_stripoffset[s],
-- (unsigned long long) td->td_stripbytecount[s]);
-+ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
-+ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
- #endif
- }
- }
+++ /dev/null
---- a/libtiff/tif_dir.c
-+++ b/libtiff/tif_dir.c
-@@ -1067,6 +1067,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va
- if (td->td_samplesperpixel - td->td_extrasamples > 1) {
- *va_arg(ap, uint16**) = td->td_transferfunction[1];
- *va_arg(ap, uint16**) = td->td_transferfunction[2];
-+ } else {
-+ *va_arg(ap, uint16**) = NULL;
-+ *va_arg(ap, uint16**) = NULL;
- }
- break;
- case TIFFTAG_REFERENCEBLACKWHITE:
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -237,7 +237,7 @@ typedef struct {
- float tiff_whitechromaticities[2];
- float tiff_primarychromaticities[6];
- float tiff_referenceblackwhite[2];
-- float* tiff_transferfunction[3];
-+ uint16* tiff_transferfunction[3];
- int pdf_image_interpolate; /* 0 (default) : do not interpolate,
- 1 : interpolate */
- uint16 tiff_transferfunctioncount;
-@@ -1047,6 +1047,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
- uint16 pagen=0;
- uint16 paged=0;
- uint16 xuint16=0;
-+ uint16 tiff_transferfunctioncount=0;
-+ uint16* tiff_transferfunction[3];
-
- directorycount=TIFFNumberOfDirectories(input);
- t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
-@@ -1147,26 +1149,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF*
- }
- #endif
- if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
-- &(t2p->tiff_transferfunction[0]),
-- &(t2p->tiff_transferfunction[1]),
-- &(t2p->tiff_transferfunction[2]))) {
-- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[1] !=
-- t2p->tiff_transferfunction[0])) {
-- t2p->tiff_transferfunctioncount = 3;
-- t2p->tiff_pages[i].page_extra += 4;
-- t2p->pdf_xrefcount += 4;
-- } else {
-- t2p->tiff_transferfunctioncount = 1;
-- t2p->tiff_pages[i].page_extra += 2;
-- t2p->pdf_xrefcount += 2;
-- }
-- if(t2p->pdf_minorversion < 2)
-- t2p->pdf_minorversion = 2;
-+ &(tiff_transferfunction[0]),
-+ &(tiff_transferfunction[1]),
-+ &(tiff_transferfunction[2]))) {
-+
-+ if((tiff_transferfunction[1] != (uint16*) NULL) &&
-+ (tiff_transferfunction[2] != (uint16*) NULL)
-+ ) {
-+ tiff_transferfunctioncount=3;
-+ } else {
-+ tiff_transferfunctioncount=1;
-+ }
- } else {
-- t2p->tiff_transferfunctioncount=0;
-+ tiff_transferfunctioncount=0;
- }
-+
-+ if (i > 0){
-+ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
-+ TIFFError(
-+ TIFF2PDF_MODULE,
-+ "Different transfer function on page %d",
-+ i);
-+ t2p->t2p_error = T2P_ERR_ERROR;
-+ return;
-+ }
-+ }
-+
-+ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
-+ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
-+ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
-+ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
-+ if(tiff_transferfunctioncount == 3){
-+ t2p->tiff_pages[i].page_extra += 4;
-+ t2p->pdf_xrefcount += 4;
-+ if(t2p->pdf_minorversion < 2)
-+ t2p->pdf_minorversion = 2;
-+ } else if (tiff_transferfunctioncount == 1){
-+ t2p->tiff_pages[i].page_extra += 2;
-+ t2p->pdf_xrefcount += 2;
-+ if(t2p->pdf_minorversion < 2)
-+ t2p->pdf_minorversion = 2;
-+ }
-+
- if( TIFFGetField(
- input,
- TIFFTAG_ICCPROFILE,
-@@ -1827,10 +1851,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF*
- &(t2p->tiff_transferfunction[0]),
- &(t2p->tiff_transferfunction[1]),
- &(t2p->tiff_transferfunction[2]))) {
-- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
-- (t2p->tiff_transferfunction[1] !=
-- t2p->tiff_transferfunction[0])) {
-+ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
-+ (t2p->tiff_transferfunction[2] != (uint16*) NULL)
-+ ) {
- t2p->tiff_transferfunctioncount=3;
- } else {
- t2p->tiff_transferfunctioncount=1;
--- /dev/null
+From 49723b0eb683cca80142b01a48ba1475fed5188a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Fri, 23 Mar 2018 15:35:39 +0100
+Subject: [PATCH] Fix for bug 2772
+
+It is possible to craft a TIFF document where the IFD list is circular,
+leading to an infinite loop while traversing the chain. The libtiff
+directory reader has a failsafe that will break out of this loop after
+reading 65535 directory entries, but it will continue processing,
+consuming time and resources to process what is essentially a bogus TIFF
+document.
+
+This change fixes the above behavior by breaking out of processing when
+a TIFF document has >= 65535 directories and terminating with an error.
+---
+ contrib/addtiffo/tif_overview.c | 14 +++++++++++++-
+ tools/tiff2pdf.c | 10 ++++++++++
+ tools/tiffcrop.c | 13 +++++++++++--
+ 3 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/addtiffo/tif_overview.c b/contrib/addtiffo/tif_overview.c
+index c61ffbb..03b3573 100644
+--- a/contrib/addtiffo/tif_overview.c
++++ b/contrib/addtiffo/tif_overview.c
+@@ -65,6 +65,8 @@
+ # define MAX(a,b) ((a>b) ? a : b)
+ #endif
+
++#define TIFF_DIR_MAX 65534
++
+ void TIFFBuildOverviews( TIFF *, int, int *, int, const char *,
+ int (*)(double,void*), void * );
+
+@@ -91,6 +93,7 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize,
+ {
+ toff_t nBaseDirOffset;
+ toff_t nOffset;
++ tdir_t iNumDir;
+
+ (void) bUseSubIFDs;
+
+@@ -147,7 +150,16 @@ uint32 TIFF_WriteOverview( TIFF *hTIFF, uint32 nXSize, uint32 nYSize,
+ return 0;
+
+ TIFFWriteDirectory( hTIFF );
+- TIFFSetDirectory( hTIFF, (tdir_t) (TIFFNumberOfDirectories(hTIFF)-1) );
++ iNumDir = TIFFNumberOfDirectories(hTIFF);
++ if( iNumDir > TIFF_DIR_MAX )
++ {
++ TIFFErrorExt( TIFFClientdata(hTIFF),
++ "TIFF_WriteOverview",
++ "File `%s' has too many directories.\n",
++ TIFFFileName(hTIFF) );
++ exit(-1);
++ }
++ TIFFSetDirectory( hTIFF, (tdir_t) (iNumDir - 1) );
+
+ nOffset = TIFFCurrentDirOffset( hTIFF );
+
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index 454befb..bdb9126 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -68,6 +68,8 @@ extern int getopt(int, char**, char*);
+
+ #define PS_UNIT_SIZE 72.0F
+
++#define TIFF_DIR_MAX 65534
++
+ /* This type is of PDF color spaces. */
+ typedef enum {
+ T2P_CS_BILEVEL = 0x01, /* Bilevel, black and white */
+@@ -1049,6 +1051,14 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ uint16 xuint16=0;
+
+ directorycount=TIFFNumberOfDirectories(input);
++ if(directorycount > TIFF_DIR_MAX) {
++ TIFFError(
++ TIFF2PDF_MODULE,
++ "TIFF contains too many directories, %s",
++ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
+ t2p->tiff_pages = (T2P_PAGE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,directorycount,sizeof(T2P_PAGE)));
+ if(t2p->tiff_pages==NULL){
+ TIFFError(
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index c69177e..c60cb38 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -217,6 +217,8 @@ extern int getopt(int argc, char * const argv[], const char *optstring);
+ #define DUMP_TEXT 1
+ #define DUMP_RAW 2
+
++#define TIFF_DIR_MAX 65534
++
+ /* Offsets into buffer for margins and fixed width and length segments */
+ struct offset {
+ uint32 tmargin;
+@@ -2233,7 +2235,7 @@ main(int argc, char* argv[])
+ pageNum = -1;
+ else
+ total_images = 0;
+- /* read multiple input files and write to output file(s) */
++ /* Read multiple input files and write to output file(s) */
+ while (optind < argc - 1)
+ {
+ in = TIFFOpen (argv[optind], "r");
+@@ -2241,7 +2243,14 @@ main(int argc, char* argv[])
+ return (-3);
+
+ /* If only one input file is specified, we can use directory count */
+- total_images = TIFFNumberOfDirectories(in);
++ total_images = TIFFNumberOfDirectories(in);
++ if (total_images > TIFF_DIR_MAX)
++ {
++ TIFFError (TIFFFileName(in), "File contains too many directories");
++ if (out != NULL)
++ (void) TIFFClose(out);
++ return (1);
++ }
+ if (image_count == 0)
+ {
+ dirnum = 0;
+--
+2.13.6
+
--- /dev/null
+From de5385cd882a5ff0970f63f4d93da0cbc87230c2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
+Date: Tue, 17 Apr 2018 18:42:09 +0200
+Subject: [PATCH] Fix NULL pointer dereference in TIFFPrintDirectory
+
+The TIFFPrintDirectory function relies on the following assumptions,
+supposed to be guaranteed by the specification:
+
+(a) A Transfer Function field is only present if the TIFF file has
+ photometric type < 3.
+
+(b) If SamplesPerPixel > Color Channels, then the ExtraSamples field
+ has count SamplesPerPixel - (Color Channels) and contains
+ information about supplementary channels.
+
+While respect of (a) and (b) are essential for the well functioning of
+TIFFPrintDirectory, no checks are realized neither by the callee nor
+by TIFFPrintDirectory itself. Hence, following scenarios might happen
+and trigger the NULL pointer dereference:
+
+(1) TIFF File of photometric type 4 or more has illegal Transfer
+ Function field.
+
+(2) TIFF File has photometric type 3 or less and defines a
+ SamplesPerPixel field such that SamplesPerPixel > Color Channels
+ without defining all extra samples in the ExtraSamples fields.
+
+In this patch, we address both issues with respect of the following
+principles:
+
+(A) In the case of (1), the defined transfer table should be printed
+ safely even if it isn't 'legal'. This allows us to avoid expensive
+ checks in TIFFPrintDirectory. Also, it is quite possible that
+ an alternative photometric type would be developed (not part of the
+ standard) and would allow definition of Transfer Table. We want
+ libtiff to be able to handle this scenario out of the box.
+
+(B) In the case of (2), the transfer table should be printed at its
+ right size, that is if TIFF file has photometric type Palette
+ then the transfer table should have one row and not three, even
+ if two extra samples are declared.
+
+In order to fulfill (A) we simply add a new 'i < 3' end condition to
+the broken TIFFPrintDirectory loop. This makes sure that in any case
+where (b) would be respected but not (a), everything stays fine.
+
+(B) is fulfilled by the loop condition
+'i < td->td_samplesperpixel - td->td_extrasamples'. This is enough as
+long as (b) is respected.
+
+Naturally, we also make sure (b) is respected. This is done in the
+TIFFReadDirectory function by making sure any non-color channel is
+counted in ExtraSamples.
+
+This commit addresses CVE-2018-7456.
+---
+ libtiff/tif_dirread.c | 62 +++++++++++++++++++++++++++++++++++++++++++
+ libtiff/tif_print.c | 2 +-
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 5e62e81..80aaf8d 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -167,6 +167,7 @@ static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uin
+ static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
+ static void ChopUpSingleUncompressedStrip(TIFF*);
+ static uint64 TIFFReadUInt64(const uint8 *value);
++static int _TIFFGetMaxColorChannels(uint16 photometric);
+
+ static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
+
+@@ -3506,6 +3507,35 @@ static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, c
+ }
+ }
+
++/*
++ * Return the maximum number of color channels specified for a given photometric
++ * type. 0 is returned if photometric type isn't supported or no default value
++ * is defined by the specification.
++ */
++static int _TIFFGetMaxColorChannels( uint16 photometric )
++{
++ switch (photometric) {
++ case PHOTOMETRIC_PALETTE:
++ case PHOTOMETRIC_MINISWHITE:
++ case PHOTOMETRIC_MINISBLACK:
++ return 1;
++ case PHOTOMETRIC_YCBCR:
++ case PHOTOMETRIC_RGB:
++ case PHOTOMETRIC_CIELAB:
++ return 3;
++ case PHOTOMETRIC_SEPARATED:
++ case PHOTOMETRIC_MASK:
++ return 4;
++ case PHOTOMETRIC_LOGL:
++ case PHOTOMETRIC_LOGLUV:
++ case PHOTOMETRIC_CFA:
++ case PHOTOMETRIC_ITULAB:
++ case PHOTOMETRIC_ICCLAB:
++ default:
++ return 0;
++ }
++}
++
+ /*
+ * Read the next TIFF directory from a file and convert it to the internal
+ * format. We read directories sequentially.
+@@ -3522,6 +3552,7 @@ TIFFReadDirectory(TIFF* tif)
+ uint32 fii=FAILED_FII;
+ toff_t nextdiroff;
+ int bitspersample_read = FALSE;
++ int color_channels;
+
+ tif->tif_diroff=tif->tif_nextdiroff;
+ if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
+@@ -4026,6 +4057,37 @@ TIFFReadDirectory(TIFF* tif)
+ }
+ }
+ }
++
++ /*
++ * Make sure all non-color channels are extrasamples.
++ * If it's not the case, define them as such.
++ */
++ color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
++ if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
++ uint16 old_extrasamples;
++ uint16 *new_sampleinfo;
++
++ TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
++ "color channels and ExtraSamples doesn't match SamplesPerPixel. "
++ "Defining non-color channels as ExtraSamples.");
++
++ old_extrasamples = tif->tif_dir.td_extrasamples;
++ tif->tif_dir.td_extrasamples = (tif->tif_dir.td_samplesperpixel - color_channels);
++
++ // sampleinfo should contain information relative to these new extra samples
++ new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
++ if (!new_sampleinfo) {
++ TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
++ "temporary new sampleinfo array (%d 16 bit elements)",
++ tif->tif_dir.td_extrasamples);
++ goto bad;
++ }
++
++ memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
++ _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
++ _TIFFfree(new_sampleinfo);
++ }
++
+ /*
+ * Verify Palette image has a Colormap.
+ */
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 24d4b98..10a588e 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -546,7 +546,7 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ uint16 i;
+ fprintf(fd, " %2ld: %5u",
+ l, td->td_transferfunction[0][l]);
+- for (i = 1; i < td->td_samplesperpixel; i++)
++ for (i = 1; i < td->td_samplesperpixel - td->td_extrasamples && i < 3; i++)
+ fprintf(fd, " %5u",
+ td->td_transferfunction[i][l]);
+ fputc('\n', fd);
+--
+2.17.0
+
--- /dev/null
+From e1cd2d7ab032e7fe80b4c13e07895194c8bac85e Mon Sep 17 00:00:00 2001
+From: Brian May <brian@linuxpenguins.xyz>
+Date: Thu, 7 Dec 2017 07:46:47 +1100
+Subject: [PATCH 1/4] [PATCH] tiff2pdf: Fix CVE-2017-9935
+
+Fix for http://bugzilla.maptools.org/show_bug.cgi?id=2704
+
+This vulnerability - at least for the supplied test case - is because we
+assume that a tiff will only have one transfer function that is the same
+for all pages. This is not required by the TIFF standards.
+
+We than read the transfer function for every page. Depending on the
+transfer function, we allocate either 2 or 4 bytes to the XREF buffer.
+We allocate this memory after we read in the transfer function for the
+page.
+
+For the first exploit - POC1, this file has 3 pages. For the first page
+we allocate 2 extra extra XREF entries. Then for the next page 2 more
+entries. Then for the last page the transfer function changes and we
+allocate 4 more entries.
+
+When we read the file into memory, we assume we have 4 bytes extra for
+each and every page (as per the last transfer function we read). Which
+is not correct, we only have 2 bytes extra for the first 2 pages. As a
+result, we end up writing past the end of the buffer.
+
+There are also some related issues that this also fixes. For example,
+TIFFGetField can return uninitalized pointer values, and the logic to
+detect a N=3 vs N=1 transfer function seemed rather strange.
+
+It is also strange that we declare the transfer functions to be of type
+float, when the standard says they are unsigned 16 bit values. This is
+fixed in another patch.
+
+This patch will check to ensure that the N value for every transfer
+function is the same for every page. If this changes, we abort with an
+error. In theory, we should perhaps check that the transfer function
+itself is identical for every page, however we don't do that due to the
+confusion of the type of the data in the transfer function.
+---
+ libtiff/tif_dir.c | 3 +++
+ tools/tiff2pdf.c | 69 +++++++++++++++++++++++++++++++----------------
+ 2 files changed, 49 insertions(+), 23 deletions(-)
+
+diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
+index f00f808..c36a5f3 100644
+--- a/libtiff/tif_dir.c
++++ b/libtiff/tif_dir.c
+@@ -1067,6 +1067,9 @@ _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
+ if (td->td_samplesperpixel - td->td_extrasamples > 1) {
+ *va_arg(ap, uint16**) = td->td_transferfunction[1];
+ *va_arg(ap, uint16**) = td->td_transferfunction[2];
++ } else {
++ *va_arg(ap, uint16**) = NULL;
++ *va_arg(ap, uint16**) = NULL;
+ }
+ break;
+ case TIFFTAG_REFERENCEBLACKWHITE:
+diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
+index bdb9126..bd23c9e 100644
+--- a/tools/tiff2pdf.c
++++ b/tools/tiff2pdf.c
+@@ -239,7 +239,7 @@ typedef struct {
+ float tiff_whitechromaticities[2];
+ float tiff_primarychromaticities[6];
+ float tiff_referenceblackwhite[2];
+- float* tiff_transferfunction[3];
++ uint16* tiff_transferfunction[3];
+ int pdf_image_interpolate; /* 0 (default) : do not interpolate,
+ 1 : interpolate */
+ uint16 tiff_transferfunctioncount;
+@@ -1049,6 +1049,8 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ uint16 pagen=0;
+ uint16 paged=0;
+ uint16 xuint16=0;
++ uint16 tiff_transferfunctioncount=0;
++ uint16* tiff_transferfunction[3];
+
+ directorycount=TIFFNumberOfDirectories(input);
+ if(directorycount > TIFF_DIR_MAX) {
+@@ -1157,26 +1159,48 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
+ }
+ #endif
+ if (TIFFGetField(input, TIFFTAG_TRANSFERFUNCTION,
+- &(t2p->tiff_transferfunction[0]),
+- &(t2p->tiff_transferfunction[1]),
+- &(t2p->tiff_transferfunction[2]))) {
+- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[1] !=
+- t2p->tiff_transferfunction[0])) {
+- t2p->tiff_transferfunctioncount = 3;
+- t2p->tiff_pages[i].page_extra += 4;
+- t2p->pdf_xrefcount += 4;
+- } else {
+- t2p->tiff_transferfunctioncount = 1;
+- t2p->tiff_pages[i].page_extra += 2;
+- t2p->pdf_xrefcount += 2;
+- }
+- if(t2p->pdf_minorversion < 2)
+- t2p->pdf_minorversion = 2;
++ &(tiff_transferfunction[0]),
++ &(tiff_transferfunction[1]),
++ &(tiff_transferfunction[2]))) {
++
++ if((tiff_transferfunction[1] != (uint16*) NULL) &&
++ (tiff_transferfunction[2] != (uint16*) NULL)
++ ) {
++ tiff_transferfunctioncount=3;
++ } else {
++ tiff_transferfunctioncount=1;
++ }
+ } else {
+- t2p->tiff_transferfunctioncount=0;
++ tiff_transferfunctioncount=0;
+ }
++
++ if (i > 0){
++ if (tiff_transferfunctioncount != t2p->tiff_transferfunctioncount){
++ TIFFError(
++ TIFF2PDF_MODULE,
++ "Different transfer function on page %d",
++ i);
++ t2p->t2p_error = T2P_ERR_ERROR;
++ return;
++ }
++ }
++
++ t2p->tiff_transferfunctioncount = tiff_transferfunctioncount;
++ t2p->tiff_transferfunction[0] = tiff_transferfunction[0];
++ t2p->tiff_transferfunction[1] = tiff_transferfunction[1];
++ t2p->tiff_transferfunction[2] = tiff_transferfunction[2];
++ if(tiff_transferfunctioncount == 3){
++ t2p->tiff_pages[i].page_extra += 4;
++ t2p->pdf_xrefcount += 4;
++ if(t2p->pdf_minorversion < 2)
++ t2p->pdf_minorversion = 2;
++ } else if (tiff_transferfunctioncount == 1){
++ t2p->tiff_pages[i].page_extra += 2;
++ t2p->pdf_xrefcount += 2;
++ if(t2p->pdf_minorversion < 2)
++ t2p->pdf_minorversion = 2;
++ }
++
+ if( TIFFGetField(
+ input,
+ TIFFTAG_ICCPROFILE,
+@@ -1837,10 +1861,9 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
+ &(t2p->tiff_transferfunction[0]),
+ &(t2p->tiff_transferfunction[1]),
+ &(t2p->tiff_transferfunction[2]))) {
+- if((t2p->tiff_transferfunction[1] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[2] != (float*) NULL) &&
+- (t2p->tiff_transferfunction[1] !=
+- t2p->tiff_transferfunction[0])) {
++ if((t2p->tiff_transferfunction[1] != (uint16*) NULL) &&
++ (t2p->tiff_transferfunction[2] != (uint16*) NULL)
++ ) {
+ t2p->tiff_transferfunctioncount=3;
+ } else {
+ t2p->tiff_transferfunctioncount=1;
+--
+2.17.0
+
--- /dev/null
+From b1997b9c3ac0d6bac5effd7558141986487217a9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 31 Dec 2017 15:09:41 +0100
+Subject: [PATCH 2/4] libtiff/tif_print.c: TIFFPrintDirectory(): fix null
+ pointer dereference on corrupted file. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2770 / CVE-2017-18013
+
+---
+ libtiff/tif_print.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/libtiff/tif_print.c b/libtiff/tif_print.c
+index 10a588e..b9b53a0 100644
+--- a/libtiff/tif_print.c
++++ b/libtiff/tif_print.c
+@@ -667,13 +667,13 @@ TIFFPrintDirectory(TIFF* tif, FILE* fd, long flags)
+ #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
+ fprintf(fd, " %3lu: [%8I64u, %8I64u]\n",
+ (unsigned long) s,
+- (unsigned __int64) td->td_stripoffset[s],
+- (unsigned __int64) td->td_stripbytecount[s]);
++ td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0,
++ td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0);
+ #else
+ fprintf(fd, " %3lu: [%8llu, %8llu]\n",
+ (unsigned long) s,
+- (unsigned long long) td->td_stripoffset[s],
+- (unsigned long long) td->td_stripbytecount[s]);
++ td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0,
++ td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0);
+ #endif
+ }
+ }
+--
+2.17.0
+
--- /dev/null
+From 1c127eb3cb7653bd61b61f9c3cfeb36fd10edab1 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 15:32:31 +0200
+Subject: [PATCH 3/4] LZWDecodeCompat(): fix potential index-out-of-bounds
+ write. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 /
+ CVE-2018-8905
+
+The fix consists in using the similar code LZWDecode() to validate we
+don't write outside of the output buffer.
+---
+ libtiff/tif_lzw.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
+index bc8f9c8..186ea3c 100644
+--- a/libtiff/tif_lzw.c
++++ b/libtiff/tif_lzw.c
+@@ -604,6 +604,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ char *tp;
+ unsigned char *bp;
+ int code, nbits;
++ int len;
+ long nextbits, nextdata, nbitsmask;
+ code_t *codep, *free_entp, *maxcodep, *oldcodep;
+
+@@ -755,13 +756,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
+ } while (--occ);
+ break;
+ }
+- assert(occ >= codep->length);
+- op += codep->length;
+- occ -= codep->length;
+- tp = op;
++ len = codep->length;
++ tp = op + len;
+ do {
+- *--tp = codep->value;
+- } while( (codep = codep->next) != NULL );
++ int t;
++ --tp;
++ t = codep->value;
++ codep = codep->next;
++ *tp = (char)t;
++ } while (codep && tp > op);
++ assert(occ >= len);
++ op += len;
++ occ -= len;
+ } else {
+ *op++ = (char)code;
+ occ--;
+--
+2.17.0
+
--- /dev/null
+From 98ed6179dec22db48f6e235d8ca9e2708bf4e71a Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sat, 12 May 2018 14:24:15 +0200
+Subject: [PATCH 4/4] TIFFWriteDirectorySec: avoid assertion. Fixes
+ http://bugzilla.maptools.org/show_bug.cgi?id=2795. CVE-2018-10963
+
+---
+ libtiff/tif_dirwrite.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c
+index c68d6d2..5d0a669 100644
+--- a/libtiff/tif_dirwrite.c
++++ b/libtiff/tif_dirwrite.c
+@@ -697,8 +697,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff)
+ }
+ break;
+ default:
+- assert(0); /* we should never get here */
+- break;
++ TIFFErrorExt(tif->tif_clientdata,module,
++ "Cannot write tag %d (%s)",
++ TIFFFieldTag(o),
++ o->field_name ? o->field_name : "unknown");
++ goto bad;
+ }
+ }
+ }
+--
+2.17.0
+
--- /dev/null
+From 5c3bc1c78dfe05eb5f4224650ad606b75e1f7034 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 11 Mar 2018 11:14:01 +0100
+Subject: [PATCH] ChopUpSingleUncompressedStrip: avoid memory exhaustion
+ (CVE-2017-11613)
+
+In ChopUpSingleUncompressedStrip(), if the computed number of strips is big
+enough and we are in read only mode, validate that the file size is consistent
+with that number of strips to avoid useless attempts at allocating a lot of
+memory for the td_stripbytecount and td_stripoffset arrays.
+
+Rework fix done in 3719385a3fac5cfb20b487619a5f08abbf967cf8 to work in more
+cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979.
+Credit to OSS Fuzz
+
+Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
+---
+ libtiff/tif_dirread.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 80aaf8d..5896a78 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -5760,6 +5760,16 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
+ if( nstrips == 0 )
+ return;
+
++ /* If we are going to allocate a lot of memory, make sure that the */
++ /* file is as big as needed */
++ if( tif->tif_mode == O_RDONLY &&
++ nstrips > 1000000 &&
++ (offset >= TIFFGetFileSize(tif) ||
++ stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
++ {
++ return;
++ }
++
+ newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ "for chopped \"StripByteCounts\" array");
+ newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+--
+2.17.1
+
include $(TOPDIR)/rules.mk
PKG_NAME:=alpine
-PKG_VERSION:=2.21.999
+PKG_VERSION:=2.21.9999
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://repo.or.cz/alpine.git
-PKG_SOURCE_VERSION:=349642a84039a4b026513c32a3b4f8594acd50df
-PKG_MIRROR_HASH:=8db14c4ae14329a7cffc8ea5099b7fa5c7adf79ca03893b23b1a8c45b847e5af
+PKG_SOURCE_VERSION:=d3e6f3932f2af9deca8eed09e30a55e9bd524362
+PKG_MIRROR_HASH:=72f9e8c4c3ecbd5f73f527af98ad23f716fcede3af0ab0400c6e0bc9b1288e30
PKG_MAINTAINER:=Antti Seppälä <a.seppala@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
CATEGORY:=Mail
DEPENDS:=+libopenssl +libncurses +libpthread +libpam $(ICONV_DEPENDS) $(INTL_DEPENDS)
TITLE:=Alternatively Licensed Program for Internet News and Email
- URL:=http://www.washington.edu/alpine
+ URL:=http://alpine.x10host.com/alpine/
endef
define Package/alpine/Default/description
# Strip off FPU notation
REAL_CPU_TYPE:=$(firstword $(subst +, ,$(CONFIG_CPU_TYPE)))
+# Fixup cpu types recogized by ffmpeg configure
+REAL_CPU_TYPE:=$(subst octeonplus,octeon+,$(REAL_CPU_TYPE))
FFMPEG_CONFIGURE:= \
CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(FPIC)" \
else ifneq ($(findstring powerpc,$(CONFIG_ARCH)),)
FFMPEG_CONFIGURE+= \
--disable-altivec
+# libavcode/mips/aacdec_mips.c build problem
+else ifneq ($(findstring 24kf,$(CONFIG_CPU_TYPE)),)
+FFMPEG_CONFIGURE+= \
+ --disable-inline-asm
endif
# selectively disable optimizations according to arch/cpu type
ifneq ($(CONFIG_TARGET_x86),)
ifeq ($(CONFIG_NASM),y)
- FFMPEG_CONFIGURE += --yasmexe=nasm
+ # Set yasmexe to anything but YASM/NASM (ffmpeg configure will then find NASM correctly)
+ # Newer ffmpeg packages will use --enable-x86asm (with NASM default)
+ FFMPEG_CONFIGURE += --yasmexe=xyzzy
else
FFMPEG_CONFIGURE += --disable-yasm
endif
# IPv6 ( ( 0-9a-f 1-4char ":") min 1x) ( ( 0-9a-f 1-4char )optional) ( (":" 0-9a-f 1-4char ) min 1x)
IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)"
+# characters that are dangerous to pass to a shell command line
+SHELL_ESCAPE="[\"\'\`\$\!();><{}?|\[\]\*\\\\]"
+
+# dns character set
+DNS_CHARSET="[@a-zA-Z0-9._-]"
+
# detect if called by ddns-lucihelper.sh script, disable retrys (empty variable == false)
LUCI_HELPER=$(printf %s "$MYPROG" | grep -i "luci")
return $status
}
+# sanitize a variable
+# $1 variable name
+# $2 allowed shell pattern
+# $3 disallowed shell pattern
+sanitize_variable() {
+ local __VAR=$1
+ eval __VALUE=\$$__VAR
+ local __ALLOWED=$2
+ local __REJECT=$3
+
+ # removing all allowed should give empty string
+ if [ -n "$__ALLOWED" ]; then
+ [ -z "${__VALUE//$__ALLOWED}" ] || write_log 12 "sanitize on $__VAR found characters outside allowed subset"
+ fi
+
+ # removing rejected pattern should give the same string as the input
+ if [ -n "$__REJECT" ]; then
+ [ "$__VALUE" = "${__VALUE//$__REJECT}" ] || write_log 12 "sanitize on $__VAR found rejected characters"
+ fi
+}
+
# verify given host and port is connectable
# $1 Host/IP to verify
# $2 Port to verify
__RUNPROG="$NSLOOKUP $__HOST >$DATFILE 2>$ERRFILE"
fi
write_log 7 "#> $__RUNPROG"
- eval $__RUNPROG
+ (
+ set -o noglob
+ eval $__RUNPROG
+ )
__ERR=$?
# command error
[ $__ERR -gt 0 ] && {
if [ -n "$__NCEXT" ]; then # BusyBox nc compiled with extensions (timeout support)
__RUNPROG="$__NC -w 1 $__IP $__PORT </dev/null >$DATFILE 2>$ERRFILE"
write_log 7 "#> $__RUNPROG"
- eval $__RUNPROG
+ (
+ set -o noglob
+ eval $__RUNPROG
+ )
__ERR=$?
[ $__ERR -eq 0 ] && return 0
write_log 3 "Connect error - BusyBox nc (netcat) Error '$__ERR'"
else # nc compiled without extensions (no timeout support)
__RUNPROG="timeout 2 -- $__NC $__IP $__PORT </dev/null >$DATFILE 2>$ERRFILE"
write_log 7 "#> $__RUNPROG"
- eval $__RUNPROG
+ (
+ set -o noglob
+ eval $__RUNPROG
+ )
__ERR=$?
[ $__ERR -eq 0 ] && return 0
write_log 3 "Connect error - BusyBox nc (netcat) timeout Error '$__ERR'"
local __BINDIP
# set correct program to detect IP
[ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" || __RUNPROG="network_get_ipaddr6"
- eval "$__RUNPROG __BINDIP $bind_network" || \
+ ( set -o noglob ; eval "$__RUNPROG __BINDIP $bind_network" ) || \
write_log 13 "Can not detect local IP using '$__RUNPROG $bind_network' - Error: '$?'"
write_log 7 "Force communication via IP '$__BINDIP'"
__PROG="$__PROG --bind-address=$__BINDIP"
while : ; do
write_log 7 "#> $__RUNPROG"
- eval $__RUNPROG # DO transfer
+ (
+ set -o noglob
+ eval $__RUNPROG # DO transfer
+ )
__ERR=$? # save error code
[ $__ERR -eq 0 ] && return 0 # no error leave
[ -n "$LUCI_HELPER" ] && return 1 # no retry if called by LuCI helper script
network_flush_cache # force re-read data from ubus
[ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" \
|| __RUNPROG="network_get_ipaddr6"
- eval "$__RUNPROG __DATA $ip_network" || \
+ ( set -o noglob ; eval "$__RUNPROG __DATA $ip_network" ) || \
write_log 13 "Can not detect local IP using $__RUNPROG '$ip_network' - Error: '$?'"
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on network '$ip_network'"
elif [ -n "$ip_interface" ]; then
[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on interface '$ip_interface'"
elif [ -n "$ip_script" ]; then
write_log 7 "#> $ip_script >$DATFILE 2>$ERRFILE"
- eval $ip_script >$DATFILE 2>$ERRFILE
+ (
+ set -o noglob
+ eval $ip_script >$DATFILE 2>$ERRFILE
+ )
__ERR=$?
if [ $__ERR -eq 0 ]; then
__DATA=$(cat $DATFILE)
while : ; do
write_log 7 "#> $__RUNPROG"
- eval $__RUNPROG
+ (
+ set -o noglob
+ eval $__RUNPROG
+ )
__ERR=$?
if [ $__ERR -ne 0 ]; then
write_log 3 "$__PROG error: '$__ERR'"
# without lookup host and possibly other required options we can do nothing for you
[ -z "$lookup_host" ] && write_log 14 "Service section not configured correctly! Missing 'lookup_host'"
+# verify validity of variables
+[ -n "$lookup_host" ] && sanitize_variable lookup_host "$DNS_CHARSET" ""
+[ -n "$dns_server" ] && sanitize_variable dns_server "$DNS_CHARSET" ""
+[ -n "$domain" ] && sanitize_variable domain "$DNS_CHARSET" ""
+
+# Filter shell escape characters, if these are required in the URL, they
+# can still be passed url encoded
+[ -n "$param_opt" ] && sanitize_variable param_opt "" "$SHELL_ESCAPE"
+
[ -n "$update_url" ] && {
# only check if update_url is given, update_scripts have to check themselves
[ -z "$domain" ] && $(echo "$update_url" | grep "\[DOMAIN\]" >/dev/null 2>&1) && \
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_NAME:=go-ethereum
-PKG_VERSION:=1.8.12
+PKG_VERSION:=1.8.13
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ethereum/go-ethereum/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=53cfd6ff2f82f7a42fa5175e2a795aada4425a22353e5d46008cd566bfb5e239
+PKG_HASH:=c0c211172c1bc80855d19387300321fe233708bf8af1e4839ccf3b7de447bfb1
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
include $(TOPDIR)/rules.mk
PKG_NAME:=gitolite
-PKG_VERSION:=3.6.6
+PKG_VERSION:=3.6.8
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
-PKG_MIRROR_HASH:=b2d96c36682391f45c63b21a91fbe77a969a7b362417c851dd0091a06fcc74d9
+PKG_MIRROR_HASH:=652d3b3f8ed93b8ef56153337465cc7260974e5cd2653e949da1bb97a8421ea0
+
PKG_SOURCE_URL:=https://github.com/sitaramc/gitolite.git
-PKG_SOURCE_VERSION:=908f8c6f3b8ef5b95829be7155be2557e71f4579
+PKG_SOURCE_VERSION:=e126e97a4d5575821f89ae80dac402b017db94aa
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
Gitolite is a system for managing access to git repositories. Note you will need to make
sure dropbear does not interfere with OpenSSH as gitolite depends on feature not in
dropbear (to my knowledge).
+ See https://openwrt.org/docs/guide-user/services/gitolite for a guide on installation.
endef
define Package/gitolite/postinst
sed -i -e 's,/var/run/git,/srv/git,' $${IPKG_INSTROOT}/etc/passwd
sed -i -e 's,git:\(.*\):/bin/false,git:\1:/bin/ash,' $${IPKG_INSTROOT}/etc/passwd
+sed -i -e 's,git:x:0:\(.*\)$$,git:x:99999:\1,' $${IPKG_INSTROOT}/etc/shadow
endef
define Build/Configure
+++ /dev/null
-From d0409ae1164030913801d37ce5425ed93529c69d Mon Sep 17 00:00:00 2001
-From: Daniel Dickinson <gitolite@daniel.thecshore.com>
-Date: Fri, 1 Jul 2016 00:37:23 -0400
-Subject: [PATCH] Conf::Store: Fix missing hooks dir for symlink
-
-At least when doing 'gitolite setup -pk user.pub', the
-symlinking of hooks fails because the hooks directory
-does not exist. Make sure we create it if it's missing.
----
- src/lib/Gitolite/Conf/Store.pm | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/lib/Gitolite/Conf/Store.pm b/src/lib/Gitolite/Conf/Store.pm
-index 5568b3f..aac90d4 100644
---- a/src/lib/Gitolite/Conf/Store.pm
-+++ b/src/lib/Gitolite/Conf/Store.pm
-@@ -363,6 +363,7 @@ sub store_common {
- chmod 0755, "$rc{GL_ADMIN_BASE}/hooks/gitolite-admin/post-update";
- $hook_reset++;
- }
-+ _mkdir("$repo.git/hooks");
-
- # propagate user-defined (custom) hooks to all repos
- ln_sf( "$rc{LOCAL_CODE}/hooks/common", "*", "$repo.git/hooks" ) if $rc{LOCAL_CODE};
---
-2.7.4
-
PKG_NAME:=rpcbind
PKG_VERSION:=0.2.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_URL:=@SF/rpcbind
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libtirpc +RPCBIND_LIBWRAP:libwrap
- TITLE:=Universal addresses to RPC mapper
+ TITLE:=Universal addresses to RPC mapper
URL:=http://libtirpc.sourceforge.net/
USERID:=rpc=65533:rpc=65533
endef
define Package/rpcbind/description
The rpcbind utility is a server that converts RPC program numbers into universal addresses.
It must be running on the host to be able to make RPC calls on a server on that machine.
-
+
Rpcbind replaces portmap for NFS v2/v3. It has more features, like ipv6 support.
Note: Nfs4 only configurations can run without it.
endef
-define Package/rpcbind/config
+define Package/rpcbind/config
if PACKAGE_rpcbind
config RPCBIND_LIBWRAP
bool "Enable libwrap (TCP wrappers) support."
bool "Enable warmstarts support"
default y
help
- The warmstart feature saves RPC registrations on termination.
+ The warmstart feature saves RPC registrations on termination.
endif
endef
ifeq ($(CONFIG_RPCBIND_LIBWRAP),y)
CONFIGURE_ARGS += --enable-libwrap
+else
+ CONFIGURE_ARGS += --disable-libwrap
endif
ifeq ($(CONFIG_RPCBIND_WARMSTARTS),y)
CONFIGURE_ARGS += --enable-warmstarts
endif
-
+
define Package/rpcbind/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/{rpcbind,rpcinfo} $(1)/usr/bin/
include $(TOPDIR)/rules.mk
PKG_NAME:=samba
-PKG_VERSION:=4.8.3
-PKG_RELEASE:=3
+PKG_VERSION:=4.8.4
+PKG_RELEASE:=1
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
PKG_LICENSE:=GPL-3.0-only
PKG_SOURCE_URL:=https://download.samba.org/pub/samba/stable/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed
+PKG_HASH:=f5044d149e01894a08b1d114b8b69aed78171a7bb19608bd1fd771453b9a5406
# Buildroot bug? Can't add target deps via '+SAMBA4_SERVER_AD_DC:python-crypto' (as work-around we select via config.in)
-PKG_BUILD_DEPENDS:=perl/host python/host SAMBA4_SERVER_AD_DC:python-crypto nfs-kernel-server/host
+PKG_BUILD_DEPENDS:=SAMBA4_SERVER_AD_DC:python-crypto nfs-kernel-server/host
PKG_CONFIG_DEPENDS:= \
CONFIG_SAMBA4_SERVER_NETBIOS \
TITLE+= libs
DEPENDS:= +zlib +libtirpc +krb5-libs +libpopt \
+PACKAGE_libcap:libcap +PACKAGE_jansson:jansson +PACKAGE_libpthread:libpthread +PACKAGE_libnettle:libnettle \
- +PACKAGE_libarchive:libarchive +PACKAGE_libgcrypt:libgcrypt +PACKAGE_libpam:libpam \
+ +PACKAGE_libarchive:libarchive +PACKAGE_libgcrypt:libgcrypt +PACKAGE_libpam:libpam +PACKAGE_dbus:dbus +PACKAGE_libavahi-client:libavahi-client \
+SAMBA4_SERVER_VFS:attr \
+SAMBA4_SERVER_ACL:acl +SAMBA4_SERVER_ACL:attr \
+SAMBA4_SERVER_AVAHI:libavahi-client \
endif
ifeq ($(CONFIG_SAMBA4_SERVER_ACL),y)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sharesec $(1)/usr/bin/
-endif
-ifeq ($(CONFIG_SAMBA4_SERVER_AVAHI),y)
- $(INSTALL_DIR) $(1)/etc/avahi/services
- $(INSTALL_DATA) ./files/samba.service $(1)/etc/avahi/services/
endif
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/samba $(1)/etc/init.d
$(INSTALL_DATA) ./files/samba.config $(1)/etc/config/samba4
/etc/samba/idmap.ldb
/etc/samba/lmhosts
/etc/nsswitch.conf
-/etc/avahi/services/samba.service
endef
$(eval $(call BuildPackage,samba4-libs))
+++ /dev/null
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
- <name replace-wildcards="yes">%h</name>
- <service>
- <type>_adisk._tcp</type>
- <txt-record>sys=waMa=0,adVF=0x100</txt-record>
- <txt-record>dk0=adVN=TimeMachine,adVF=0x82</txt-record>
- </service>
- <service>
- <type>_smb._tcp</type>
- <port>445</port>
- </service>
-</service-group>
include $(TOPDIR)/rules.mk
PKG_NAME:=scapy
-PKG_VERSION:=2.3.1
+PKG_VERSION:=2.4.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=PKG-INFO
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=https://bitbucket.org/secdev/scapy/downloads/
-PKG_HASH:=8972c02e39a826a10c02c2bdd5025f7251dce9589c57befd9bb55c65f02e4934
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/secdev/scapy/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=3836c62c33dd3f7c1ae30f5c2c1ab8078e4e32f5bf9c8be758dbaafe1c6a580e
include $(INCLUDE_DIR)/package.mk
include ../../lang/python/python-package.mk
CATEGORY:=Network
TITLE:=Interactive packet manipulation tool and network scanner
MAINTAINER:=W. Michael Petullo <mike@flyn.org>
- URL:=http://www.secdev.org/projects/scapy/
+ URL:=https://scapy.net/
DEPENDS:=+python
endef
PKG_NAME:=unbound
PKG_VERSION:=1.7.3
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
sub( /.*\//, "", cdr2 ) ;
+ if ( hst !~ /^[[:alnum:]]([-[:alnum:]]*[[:alnum:]])?$/ ) {
+ # that is not a valid host name (RFC1123)
+ hst = "-" ;
+ }
+
+
if ( bisolt == 1 ) {
# TODO: this might be better with a substituion option,
# or per DHCP pool do-not-DNS option, but its getting busy here.
}
- if ( cls == "ipv4" ) {
- if ( NF == 8 ) {
- # odhcpd errata in field format without host name
- adr = $8 ; hst = "-" ; cdr = adr ;
- sub( /\/.*/, "", adr ) ;
- sub( /.*\//, "", cdr ) ;
- }
-
-
- if (( cdr == 32 ) && ( hst != "-" )) {
- # only for provided hostnames and full /32 assignments
- ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
- slaac = slaac_eui64( id ) ;
+ if ((cls == "ipv4") && (hst != "-") && (cdr == 32) && (NF == 9)) {
+ # IPV4 ; only for provided hostnames and full /32 assignments
+ # NF=9 ; odhcpd errata in field format without host name
+ ptr = adr ; qpr = "" ; split( ptr, ptr, "." ) ;
+ slaac = slaac_eui64( id ) ;
- if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
- y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
- print ( x "\n" y "\n" ) > hostfile ;
- }
+ if ( bconf == 1 ) {
+ x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
+ y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
+ print ( x "\n" y "\n" ) > hostfile ;
+ }
- else {
- for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
- x = ( fqdn ". 300 IN A " adr ) ;
- y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
- print ( x "\n" y ) > hostfile ;
- }
+ else {
+ for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
+ x = ( fqdn ". 300 IN A " adr ) ;
+ y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
+ print ( x "\n" y ) > hostfile ;
+ }
- if (( bslaac == 1 ) && ( slaac != 0 )) {
- # UCI option to discover IPV6 routed SLAAC addresses
- # NOT TODO - ping probe take too long when added in awk-rule loop
- cmd = ( "ip -6 --oneline route show dev " net ) ;
+ if (( bslaac == 1 ) && ( slaac != 0 )) {
+ # UCI option to discover IPV6 routed SLAAC addresses
+ # NOT TODO - ping probe take too long when added in awk-rule loop
+ cmd = ( "ip -6 --oneline route show dev " net ) ;
- while ( ( cmd | getline adr ) > 0 ) {
- if (( substr( adr, 1, 5 ) <= "fdff:" ) \
- && ( index( adr, "anycast" ) == 0 ) \
- && ( index( adr, "via" ) == 0 )) {
- # GA or ULA routed addresses only (not LL or MC)
- sub( /\/.*/, "", adr ) ;
- adr = ( adr slaac ) ;
+ while ( ( cmd | getline adr ) > 0 ) {
+ if (( substr( adr, 1, 5 ) <= "fdff:" ) \
+ && ( index( adr, "anycast" ) == 0 ) \
+ && ( index( adr, "via" ) == 0 )) {
+ # GA or ULA routed addresses only (not LL or MC)
+ sub( /\/.*/, "", adr ) ;
+ adr = ( adr slaac ) ;
- if ( split( adr, tmp0, ":" ) > 8 ) {
- sub( "::", ":", adr ) ;
- }
+ if ( split( adr, tmp0, ":" ) > 8 ) {
+ sub( "::", ":", adr ) ;
+ }
- if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
- y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
- print ( x "\n" y "\n" ) > hostfile ;
- }
+ if ( bconf == 1 ) {
+ x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
+ y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
+ print ( x "\n" y "\n" ) > hostfile ;
+ }
- else {
- qpr = ipv6_ptr( adr ) ;
- x = ( fqdn ". 300 IN AAAA " adr ) ;
- y = ( qpr ". 300 IN PTR " fqdn ) ;
- print ( x "\n" y ) > hostfile ;
- }
+ else {
+ qpr = ipv6_ptr( adr ) ;
+ x = ( fqdn ". 300 IN AAAA " adr ) ;
+ y = ( qpr ". 300 IN PTR " fqdn ) ;
+ print ( x "\n" y ) > hostfile ;
}
}
+ }
- close( cmd ) ;
- }
+ close( cmd ) ;
}
}
- else {
- if (( cdr == 128 ) && ( hst != "-" )) {
+ else if ((cls != "ipv4") && (hst != "-") && (9 <= NF) && (NF <= 10)) {
+ if (cdr == 128) {
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
}
}
- if (( cdr2 == 128 ) && ( hst != "-" )) {
+ if (cdr2 == 128) {
if ( bconf == 1 ) {
x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
}
}
}
+
+ else {
+ # dump non-conforming lease records
+ }
}
##############################################################################
PKG_NAME:=xtables-addons
PKG_VERSION:=2.14
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_HASH:=d215a9a8b8e66aae04b982fa2e1228e8a71e7dfe42320df99e34e5000cbdf152
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+#endif /* _NETFILTER_MIME_H */
--- /dev/null
+++ b/extensions/rtsp/nf_conntrack_rtsp.c
-@@ -0,0 +1,732 @@
+@@ -0,0 +1,761 @@
+/*
+ * RTSP extension for IP connection tracking
+ * (C) 2003 by Tom Marshall <tmarshall at real.com>
+ * 2018-04-18: Hans Dedecker <dedeckeh at gmail.com>
+ * - update RTP expected connection source IP based on SOURCE
+ * in the SETUP reply message
++ * 2018-08-03: Alin Nastac <alin.nastac at gmail.com>
++ * Hans Dedecker <dedeckeh at gmail.com>
++ * - parse non-standard destination=address:port format
+ *
+ * based on ip_conntrack_irc.c
+ *
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <net/netfilter/nf_conntrack_helper.h>
++#include <net/netfilter/nf_conntrack_zones.h>
+#include "nf_conntrack_rtsp.h"
+
+#define NF_NEED_STRNCASECMP
+ -1, NULL))
+ pr_debug("source found : %pI4\n",
+ &prtspexp->srvaddr.ip);
++ } else if (nextfieldoff - off > 12 && strncmp(ptran+off, "destination=", 12) == 0) {
++ const char *psep;
++ u_int16_t port;
++
++ off += 12;
++
++ if (in4_pton(ptran+off, nextfieldoff - off - 1, (u8 *)&prtspexp->cltaddr.in, -1, NULL)) {
++ pr_debug("destination found : %pI4\n", &prtspexp->cltaddr.ip);
++
++ /*
++ * Some RTSP clients(mostly STBs) use non-standard destination parameters:
++ * destination=address:port
++ */
++ psep = memchr(ptran+off, ':', nextfieldoff-off);
++ if (psep != NULL && nf_strtou16(psep + 1, &port)) {
++ if (prtspexp->loport != 0 && prtspexp->loport != port)
++ pr_debug("multiple ports found, port %hu ignored\n", port);
++ else {
++ pr_debug("lo port found : %hu\n", port);
++ prtspexp->loport = prtspexp->hiport = port;
++ }
++ }
++ }
+ }
+
+ /*
+ ret = help_in(skb, rb_ptr, datalen, ct, ctinfo);
+#endif
+ break;
++ default:
++ break;
+ }
+
+ spin_unlock_bh(&rtsp_buffer_lock);
+module_exit(fini);
--- /dev/null
+++ b/extensions/rtsp/nf_conntrack_rtsp.h
-@@ -0,0 +1,73 @@
+@@ -0,0 +1,74 @@
+/*
+ * RTSP extension for IP connection tracking.
+ * (C) 2003 by Tom Marshall <tmarshall at real.com>
+ u_int16_t loport; /* Port that was requested, low or first */
+ u_int16_t hiport; /* Port that was requested, high or second */
+ union nf_inet_addr srvaddr; /* src address in SETUP reply */
++ union nf_inet_addr cltaddr; /* destination address */
+#if 0
+ uint method; /* RTSP method */
+ uint cseq; /* CSeq from request */
+#endif /* _IP_CONNTRACK_RTSP_H */
--- /dev/null
+++ b/extensions/rtsp/nf_nat_rtsp.c
-@@ -0,0 +1,617 @@
+@@ -0,0 +1,634 @@
+/*
+ * RTSP extension for TCP NAT alteration
+ * (C) 2003 by Tom Marshall <tmarshall at real.com>
+ struct nf_conntrack_tuple *rtp_t;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)
-+ char szextaddr[INET6_ADDRSTRLEN];
++ char szextaddr[INET6_ADDRSTRLEN + 16];
+#else
-+ char szextaddr[INET_ADDRSTRLEN];
++ char szextaddr[INET_ADDRSTRLEN + 16];
+#endif
+ uint extaddrlen;
+ int is_stun;
+
+ pfieldend = memchr(ptran+off, ';', nextparamoff-off);
+ nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1;
++ SKIP_WSPACE(ptran, nextfieldoff, off);
+
-+ if (dstact != DSTACT_NONE && strncmp(ptran+off, "destination=", 12) == 0) {
++ if (dstact != DSTACT_NONE && nextfieldoff - off > 12 && strncmp(ptran+off, "destination=", 12) == 0) {
+ if (strncmp(ptran+off+12, szextaddr, extaddrlen) == 0)
+ is_stun = 1;
+
+ uint dstreplen = 0;
+ diff = dstlen;
+ if (dstact == DSTACT_AUTO && !is_stun) {
-+ pr_debug("RTSP: replace dst addr\n");
++ const char* psep = memchr(ptran+off, ':', dstlen);
++ u_int16_t port;
++
+ dstoff += 12;
+ dstlen -= 13;
+ pdstrep = szextaddr;
-+ dstreplen = extaddrlen;
-+ diff = nextfieldoff-off-13-extaddrlen;
++
++ if (psep != NULL && nf_strtou16(psep + 1, &port)) {
++ pr_debug("RTSP: replace dst addr&port\n");
++
++ if (port != prtspexp->loport) {
++ pr_debug("multiple ports found, port %hu ignored\n", port);
++ dstreplen = extaddrlen;
++ } else {
++ sprintf(szextaddr+extaddrlen, ":%s", rbuf1);
++ dstreplen = extaddrlen+1+rbuf1len;
++ }
++ } else {
++ pr_debug("RTSP: replace dst addr\n");
++ dstreplen = extaddrlen;
++ }
++ diff = nextfieldoff-off-13-dstreplen;
+ }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0)
+ pfieldend = memchr(ptran+off, ';', nextparamoff-off);
+ nextfieldoff = (pfieldend == NULL) ? nextparamoff : pfieldend-ptran+1;
+
-+ if (strncmp(ptran+off, "client_port=", 12) == 0) {
++ if (nextfieldoff - off > 12 && strncmp(ptran+off, "client_port=", 12) == 0) {
+ u_int16_t port;
+ uint numlen;
+ uint origoff;
PKG_NAME:=shairport-sync
PKG_VERSION:=3.2.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/mikebrady/shairport-sync.git
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/shairport-sync.init $(1)/etc/init.d/shairport-sync
$(INSTALL_DIR) $(1)/etc/config
- $(INSTALL_DATA) ./files/shairport-sync.config $(1)/etc/config/shairport-sync
+ $(INSTALL_CONF) ./files/shairport-sync.config $(1)/etc/config/shairport-sync
endef
Package/shairport-sync-openssl/install = $(Package/shairport-sync/default/install)
PKG_NAME:=bluelog
PKG_VERSION:=1.1.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=ftp://ftp.digifail.com/software/bluelog
-PKG_HASH:=9750b007daffaffecea3b8dd2332bf74cc24955c307861197a20d04d845bc412
+PKG_SOURCE_URL:=https://codeload.github.com/MS3FGX/Bluelog/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=ebbc1357e14bc46cbddd8390cdbd29c0131b09b8ab680a1c382164ef076cb53e
+PKG_BUILD_DIR:=$(BUILD_DIR)/Bluelog-$(PKG_VERSION)
OUI_SOURCE:=oui-2016-05-30.txt.gz
-OUI_URL:=http://sources.lede-project.org/
+OUI_URL:=https://sources.openwrt.org/
OUI_MD5SUM:=38048729fdb5a7a7e0c5db6a51dc2dd1
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Nicolas Thill <nico@openwrt.org>
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Bluetooth scanner and logger
- URL:=http://www.digifail.com/software/bluelog.shtml
+ URL:=https://github.com/MS3FGX/Bluelog
DEPENDS:=+bluez-libs +kmod-bluetooth
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=btrfs-progs
-PKG_VERSION:=4.17
+PKG_VERSION:=4.17.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs/
-PKG_HASH:=82ca0ecf76350a1e3c6543fe220c0910e240511e663d51fc79c32bd0052c117c
-PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/people/kdave/btrfs-progs
+PKG_HASH:=bf0b34f1538c0b6e88f959937b0419678cadbf2ba7044336dcbfb2bcdc28cd74
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-v$(PKG_VERSION)
+PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=acl
-PKG_FIXUP:=autoreconf
-
include $(INCLUDE_DIR)/package.mk
define Package/btrfs-progs
SUBMENU:=Filesystem
DEPENDS:=+libattr +libuuid +zlib +libblkid +liblzo +libpthread
TITLE:=Btrfs filesystems utilities
- URL:=http://btrfs.wiki.kernel.org/
+ URL:=https://btrfs.wiki.kernel.org/
endef
define Package/btrfs-progs/description
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=device-observatory
+PKG_VERSION:=1.2.0
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-3.0+
+
+PKG_SOURCE_URL:=https://codeload.github.com/mwarning/device-observatory/tar.gz/v$(PKG_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=83b3f362f154a427abbd3af31b3c2dda9983cdc15f6b833d804727ef0fbdc72e
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/device-observatory
+ SECTION:=utils
+ CATEGORY:=Utilities
+ TITLE:=device-observatory
+ MAINTAINER:=Moritz Warning <moritzwarning@web.de>
+ URL:=https://github.com/mwarning/device-observatory/
+ DEPENDS:=+iw +libpcap +libmicrohttpd-no-ssl
+endef
+
+define Package/device-observatory/description
+ Show information about connected devices and connections to increase security awareness.
+endef
+
+define Package/device-observatory/install
+ $(CP) files/* $(1)
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/device-observatory $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/usr/share/device-observatory
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/misc/macdb.txt $(1)/usr/share/device-observatory/macdb.txt
+endef
+
+$(eval $(call BuildPackage,device-observatory))
--- /dev/null
+
+config setup
+ list dev 'wlan0'
+ list mdev 'mon0'
+
+ option mac_db '/usr/share/device-observatory/macdb.txt'
+ option port_db '/etc/services'
+
+ # Optional JSON output into file
+# option json_output '/tmp/device-observatory.json'
+
+ # Time after which a device is removed from the record
+ option device_timeout 3600
+
+ # Create monitoring interface mon0 based on physical interface wifi phy0.
+ # See 'iw dev' output for a list of interfaces.
+ list create_monitor 'mon0'
+
+ # Track router itself as device
+ option track_localhost 0
+
+ # Set to 0 to disable webserver
+ option webserver_port 8080
+
+ # Not needed, all necessary files are included
+# option webserver_path '/www'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=90
+USE_PROCD=1
+PROG=/usr/bin/device-observatory
+OPTS=""
+
+
+boot() {
+ local dev="$(uci get -q device-observatory.@setup[0].dev | cut -d ' ' -f 1)"
+
+ # Wait for interface to be up
+ ubus -t 15 wait_for network.interface network.${dev:-localhost} 2>/dev/null
+ rc_procd start_service
+}
+
+xappend() {
+ local name="$2" value="$1"
+ OPTS="$OPTS --${name//_/-} ${value//'/\\'}"
+}
+
+append_opts() {
+ local name value cfg="$1"; shift
+ for name in $*; do
+ config_get value "$cfg" "$name"
+ [ -n "$value" ] && xappend "$value" "$name"
+ done
+}
+
+append_opts_list() {
+ local name cfg="$1"; shift
+ for name in $*; do
+ config_list_foreach "$cfg" "$name" xappend "$name"
+ done
+}
+
+create_monitor_interface() {
+ local ifce="$1" n=$(echo -n "$1" | tail -c 1)
+
+ if [ ! -d "/sys/class/net/$ifce/" ]; then
+ iw phy "phy$n" interface add "$ifce" type monitor
+ ip link set dev "$ifce" up
+ fi
+}
+
+start_instance() {
+ local cfg="$1"
+
+ OPTS=""
+
+ config_list_foreach "$cfg" "create_monitor" create_monitor_interface "create_monitor"
+
+ append_opts_list "$cfg" dev mdev
+ append_opts "$cfg" mac_db port_db json_output device_timeout webserver_port webserver_path track_localhost
+
+ procd_open_instance
+ procd_set_param command $PROG $OPTS
+ procd_set_param stderr 1
+ procd_set_param stdout 0
+ procd_close_instance
+}
+
+start_service() {
+ config_load 'device-observatory'
+ config_foreach start_instance 'setup'
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=grep
-PKG_VERSION:=2.26
+PKG_VERSION:=3.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GNU/grep
-PKG_HASH:=246a8fb37e82aa33d495b07c22fdab994c039ab0f818538eac81b01e78636870
+PKG_HASH:=db625c7ab3bb3ee757b3926a5cfa8d9e1c3991ad24707a83dde8a5ef2bf7a07e
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=COPYING
include $(INCLUDE_DIR)/package.mk
-TARGET_CFLAGS+=--std=gnu99
-
define Package/grep
SECTION:=utils
CATEGORY:=Utilities
TITLE:=grep search utility - full version
DEPENDS:=+libpcre
- URL:=http://www.gnu.org/software/grep/
+ URL:=https://www.gnu.org/software/grep/
endef
define Package/grep/description
include $(TOPDIR)/rules.mk
PKG_NAME:=LVM2
-PKG_VERSION:=2.02.177
-PKG_RELEASE:=2
+PKG_VERSION:=2.02.181
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0 LGPL-2.1
PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tgz
-PKG_SOURCE_URL:=ftp://sources.redhat.com/pub/lvm2/releases \
- http://ftp.gwdg.de/pub/linux/sources.redhat.com/lvm2/
-PKG_HASH:=4025a23ec9b15c2cb7486d151c29dc953b75efc4d452cfe9dbbc7c0fac8e80f2
+PKG_SOURCE_URL:=https://sourceware.org/pub/lvm2
+PKG_HASH:=400fead33b3abc2d82bd631b63f644b646e83040699f2e8f91ff5779119bb89e
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME).$(PKG_VERSION)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=The Linux Kernel Device Mapper userspace library
- URL:=http://sourceware.org/dm/
+ URL:=https://sourceware.org/dm/
DEPENDS:=+kmod-dm +libpthread +libuuid +librt
endef
CATEGORY:=Utilities
SUBMENU:=Disc
TITLE:=The Linux Logical Volume Manager
- URL:=http://sourceware.org/lvm2/
- DEPENDS:=+libdevmapper +libblkid +libreadline +libncurses
+ URL:=https://sourceware.org/lvm2/
+ DEPENDS:=+libdevmapper +libblkid +libreadline +libncurses +libaio
endef
define Package/lvm2/description
--- a/make.tmpl.in
+++ b/make.tmpl.in
-@@ -19,7 +19,7 @@ SHELL = @SHELL@
+@@ -25,7 +25,7 @@ SHELL = @SHELL@
# Allow environment to override any built-in default value for CC.
# If there is a built-in default, CC is NOT set to @CC@ here.
--- a/lib/device/dev-type.c
+++ b/lib/device/dev-type.c
-@@ -22,7 +22,7 @@
+@@ -24,7 +24,7 @@
#include <ctype.h>
#ifdef BLKID_WIPING_SUPPORT
--- a/lib/commands/toolcontext.c
+++ b/lib/commands/toolcontext.c
-@@ -1869,7 +1869,7 @@ struct cmd_context *create_toolcontext(u
+@@ -1860,7 +1860,7 @@ struct cmd_context *create_toolcontext(unsigned is_clvmd,
/* FIXME Make this configurable? */
reset_lvm_errno(1);
-#ifndef VALGRIND_POOL
+#if defined(__GLIBC__) && !defined(VALGRIND_POOL)
/* Set in/out stream buffering before glibc */
- if (set_buffering) {
- /* Allocate 2 buffers */
-@@ -2249,7 +2249,7 @@ void destroy_toolcontext(struct cmd_cont
+ if (set_buffering
+ #ifdef SYS_gettid
+@@ -2254,7 +2254,7 @@ void destroy_toolcontext(struct cmd_context *cmd)
if (cmd->libmem)
dm_pool_destroy(cmd->libmem);
if (is_valid_fd(STDIN_FILENO) &&
--- a/tools/lvmcmdline.c
+++ b/tools/lvmcmdline.c
-@@ -3074,6 +3074,7 @@ int lvm_split(char *str, int *argc, char
+@@ -3109,6 +3109,7 @@ int lvm_split(char *str, int *argc, char **argv, int max)
/* Make sure we have always valid filedescriptors 0,1,2 */
static int _check_standard_fds(void)
{
int err = is_valid_fd(STDERR_FILENO);
if (!is_valid_fd(STDIN_FILENO) &&
-@@ -3100,6 +3101,12 @@ static int _check_standard_fds(void)
+@@ -3135,6 +3136,12 @@ static int _check_standard_fds(void)
strerror(errno));
return 0;
}
--- a/lib/mm/memlock.c
+++ b/lib/mm/memlock.c
-@@ -174,12 +174,15 @@ static void _allocate_memory(void)
+@@ -183,12 +183,15 @@ static void _allocate_memory(void)
* memory on free(), this is good enough for our purposes.
*/
while (missing > 0) {
inf = mallinfo();
if (hblks < inf.hblks) {
-@@ -189,9 +192,12 @@ static void _allocate_memory(void)
+@@ -198,9 +201,12 @@ static void _allocate_memory(void)
free(areas[area]);
_size_malloc_tmp /= 2;
} else {
if (area == max_areas && missing > 0) {
/* Too bad. Warn the user and proceed, as things are
-@@ -480,8 +486,13 @@ static void _lock_mem(struct cmd_context
+@@ -521,8 +527,13 @@ static void _lock_mem(struct cmd_context
* will not block memory locked thread
* Note: assuming _memlock_count_daemon is updated before _memlock_count
*/
--- a/lib/device/dev-io.c
+++ b/lib/device/dev-io.c
-@@ -529,7 +529,7 @@ int dev_open_flags(struct device *dev, i
+@@ -570,7 +570,7 @@ int dev_open_flags(struct device *dev, i
return 0;
}