diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-05-16 04:57:59 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-05-16 05:15:53 +0300 |
| commit | c342db356d4f451821781eb24eb9f3d39d6c0c5e (patch) | |
| tree | 13ee73073b2cee7d49d389aead46dd210c693cae /poky/meta/recipes-connectivity/openssh | |
| parent | 0dd04f33864280128a3d2869833d56fddad804d2 (diff) | |
| download | openbmc-c342db356d4f451821781eb24eb9f3d39d6c0c5e.tar.xz | |
subtree updates
poky: 4e511f0abc..a015ed7704:
Adrian Bunk (22):
gnutls: upgrade 3.6.5 -> 3.6.7
dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
Set XZ_COMPRESSION_LEVEL to -9
gcc: Remove Java support variables
Use the best xz compression for the SDK
gnome-doc-utils: Remove stale patch
libxcrypt: Stop adding -std=gnu99 to CPPFLAGS
file: Stop adding -std=c99 to CFLAGS
gnu-efi: Remove support patch for gcc < 4.7
grub: Use -Wno-error instead of doing this on a per-warning basis
socat: upgrade 1.7.3.2 -> 1.7.3.3
bison: upgrade 3.0.4 -> 3.1
mmc-utils: update to the latest upstream code
cogl: upgrade 1.22.2 -> 1.22.4
cogl: remove -Werror=maybe-uninitialized workaround
libxcb: remove workaround patch for a bug that was fixed in gcc 5 in 2015
sysstat: inherit upstream-version-is-even
ccache: upgrade 3.6 -> 3.7.1
lttng-modules: upgrade 2.10.8 -> 2.10.9
iproute2: Remove bogus workaround patch for musl
openssl: Remove openssl10
Remove irda-utils and the irda feature
Alejandro Enedino Hernandez Samaniego (1):
run-postinsts: Fix full execution of scripts at first boot
Alejandro del Castillo (1):
opkg: add ptest
Alex Kiernan (12):
systemd-conf: simplify creation of machine-specific configuration
systemctl-native: Rewrite in Python supporting preset-all and mask
image: call systemctl preset-all for images
uboot-sign: Fix build when UBOOT_DTB_BINARY is empty
patchelf: Upgrade 0.9 -> 0.10
python3: Add ntpath.py to python core
go: Exclude vcs files when installing deps
recipetool: fix unbound variable when fixed SRCREV can't be found
systemd: Default to non-stateless images
systemd-systemctl: Restore support for enable command
systemd: Restore mask and preset targets, fix instance creation
shadow: Backport last change reproducibility
Alexander Kanavin (38):
python3: add a tr-tr locale for test_locale ptest
gobject-introspection: update to 1.60.1
dtc: upgrade 1.4.7 -> 1.5.0
webkitgtk: update to 2.24.0
libdazzle: update to 3.32.1
vala: update to 0.44.3
libdnf: update to 0.28.1
libcomps: upgrade 0.1.10 -> 0.1.11
dnf: upgrade 4.1.0 -> 4.2.2
btrfs-tools: upgrade 4.20.1 -> 4.20.2
meson: update to 0.50.0
libmodulemd: update to 2.2.3
at-spi2-core: fix meson 0.50 build
ffmpeg: update to 4.1.3
python: update to 2.7.16
python: update to 3.7.3
python-numpy: update to 1.16.2
icu: update to 64.1
epiphany: update to 3.32.1.2
python3: add another multilib fix
meson: do not try to substitute the prefix in python supplied paths
python3-pygobject: update to 3.32.0
meson: add missing Upstream-Status and SOB to a patch
acpica: update to 20190405
msmtp: fix upstream version check
python-scons: update to 3.0.5
python-setuptools: update to 41.0.1
python3-mako: update to 1.0.9
python3-pbr: update to 5.1.3
python3-pip: update to 19.0.3
buildhistory: call a dependency parser only on actual dependency lists
gtk-doc.bbclass: unify option setting for meson-based recipes
python3-pycairo: update to 1.18.1
maintainers.inc: take over as perl maintainer
xorg-lib: drop native overrides for REQUIRED_DISTRO_FEATURES
meson: update to 0.50.1
perl: update to 5.28.2
packagegroup-self-hosted: drop epiphany
Alistair Francis (5):
u-boot: Upgrade from 2019.01 to 2019.04
beaglebone-yocto: Update u-boot config to match u-boot 19.04
u-boot: Fix missing Python.h build failure
libsoup: Upgrade from 2.64.2 to 2.66.1
qemu: Upgrade from 3.1.0 to 4.0.0
Andre Rosa (1):
bitbake: utils: Let mkdirhier fail if existing path is not a folder
Andreas Müller (17):
gobject-introspection: auto-enable/-disable gobject-introspection for meson
libmodulemd: use gobject-introspection.bbclass on/off mechanism
gdk-pixbuf: use gobject-introspection.bbclass on/off mechanism
json-glib: use gobject-introspection.bbclass on/off mechanism
libdazzle: use gobject-introspection.bbclass on/off mechanism
clutter-gtk-1.0: use gobject-introspection.bbclass on/off mechanism
pango: use gobject-introspection.bbclass on/off mechanism
at-spi2-core: use gobject-introspection.bbclass on/off mechanism
atk: use gobject-introspection.bbclass on/off mechanism
libsoup-2.4: use gobject-introspection.bbclass on/off mechanism
glib-networking: upgrade 2.58.0 -> 2.60.1
gst-plugins: move 'inherit gobject-introspection' to recipes supporting GI
gstreamer1.0-python: rework gobject-introspection handling
insane.bbclass: Trigger unrecognzed configure option for meson
vte: upgrade 0.52.2 -> 0.56.1
vte: move shell auto scripts into seperate package
qemu: split out vte into seperate PACKAGECONFIG
Andreas Obergschwandtner (1):
uboot-sign: add support for different u-boot configurations
Andrej Valek (2):
dropbear: update to 2019.78
systemd: upgrade to 242
Angus Lees (1):
Revert "wic: Set a miniumum FAT16 volume size."
Anuj Mittal (4):
gcc: fix CVE-2018-18484
gdb: fix CVE-2017-9778
binutils: fix CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077
openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
Armin Kuster (8):
resulttool: add ltp test support
logparser: Add decoding ltp logs
ltp: add runtime test
resulttool: add LTP compliance section
logparser: Add LTP compliance section
ltp_compliance: add new runtime
manual compliance: remove bits done at runtime
nss: cleanup recipe to match OE style
Beniamin Sandu (1):
kernel-devsrc: check for localversion files in the kernel source tree
Breno Leitao (3):
weston-init: Fix tab indentation
weston-init: Add support for non-root start
weston-init: Fix WESTON_USER typo
Bruce Ashfield (8):
linux-yocto/5.0: update to v5.0.5
linux-yocto-rt: update to 5.0.5-rt3
linux-yocto/5.0: update to v5.0.7
linux-yocto/4.19: update to v4.19.34
linux-yocto-rt/4.19: fix merge conflict in lru_drain
linux-yocto/5.0: port RAID configuration tweaks from master
linux-yocto/5.0: integrate TCP timeout / hang fix
linux-yocto/5.0: update TCP patch to mainline version
Changhyeok Bae (2):
iw: upgrade 4.14 -> 5.0.1
iptables: upgrade 1.6.2 -> 1.8.2
Changqing Li (11):
ruby: make ext module fiddle can compile success
ruby: add ptest
cogl: fix compile error caused by -Werror=maybe-uninitialized
systemd: change default locale from C.UTF-8 to C
m4: add ptest support
gettext: add ptest support
waffle: supprt build waffle without x11
piglit: support build piglit without x11
dbus: fix ptest failure
populate_sdk_base: provide options to set sdk type
python3: fix do_install fail for parallel buiild
Chee Yang Lee (1):
wic/bootimg-efi: replace hardcoded volume name with label
Chen Qi (9):
runqemu: do not check return code of tput
busybox: fix ptest failure about 'dc'
base-files: move hostname operations out of issue file settings
webkitgtk: set CVE_PRODUCT
dropbear: set CVE_PRODUCT
libsdl: set CVE_PRODUCT
ghostscript: set CVE_PRODUCT
flac: also add flac to CVE_PRODUCT
squashfs-tools: set CVE_PRODUCT
David Reyna (1):
bitbake: toaster: update to Warrior
Dengke Du (2):
perf: workaround the error cased by maybe-uninitialized warning
linux-yocto_5.0: set devicetree for armv5
Denys Dmytriyenko (1):
weston: upgrade 5.0.0 -> 6.0.0
Douglas Royds (2):
distutils: Run python from the PATH in the -native case as well
distutils: Tidy and simplify for readability
Fabio Berton (1):
mesa: Update 19.0.1 -> 19.0.3
He Zhe (2):
ltp: Fix setrlimit03 call succeeded unexpectedly
systemd: Bump up SRCREV to systemd-stable top to include the fix for shutdown now hang
Hongxu Jia (15):
image_types.bbclass: fix a race between the ubi and ubifs FSTYPES
cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid native clashing
acpica: use update-alternatives for acpidump
apr: upgrade 1.6.5 -> 1.7.0
man-pages: upgrade 4.16 -> 5.01
man-db: upgrade 2.8.4 -> 2.8.5
bash: upgrade 4.4.18 -> 5.0
ncurses: fix incorrect UPSTREAM_CHECK_GITTAGREGEX
gpgme: upgrade 1.12.0 -> 1.13.0
subversion: upgrade 1.11.1 -> 1.12.0
groff: upgrade 1.22.3 -> 1.22.4
libxml2: upgrade 2.9.8 -> 2.9.9
ghostscript: 9.26 -> 9.27
groff: imporve musl support
oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd
Jacob Kroon (3):
grub-efi-native: Install grub-editenv
bitbake: knotty: Pretty print task elapsed time
base-passwd: Add kvm group
Jaewon Lee (1):
Adding back wrapper and using OEPYTHON3HOME variable for python3
Jens Rehsack (1):
kernel-module-split.bbclass: support CONFIG_MODULE_COMPRESS=y
Jonas Bonn (3):
systemd: don't build firstboot by default
systemd: do not create machine-id
systemd: create preset files instead of installing in image
Joshua Watt (6):
classes/waf: Set WAFLOCK
resulttool: Load results from URL
resulttool: Add log subcommand
qemux86: Allow higher tunes
bitbake.conf: Account for older versions of bitbake
resulttool: Add option to dump all ptest logs
Kai Kang (5):
msmtp: 1.6.6 -> 1.8.3
cryptodev: fix module loading error
target-sdk-provides-dummy: resolve sstate conflict
bitbake.conf: set NO_RECOMMENDATIONS with weak assignment
webkitgtk: fix compile error for arm64
Kevin Hao (1):
meta-yocto-bsp: Bump to the latest stable kernel for all the BSP
Khem Raj (9):
gcc-cross-canadian: Make baremetal specific code generic
musl: Upgrade to master past 1.1.22
webkitgtk: Fix build with clang
mdadm: Disable Werror
gcc-target: Do not set --with-sysroot and gxx-include-dir paths
systemd: Add -Wno-error=format-overflow to fix build with gcc9
systemd: Backport patch to fix build with gcc9
libgfortan: Package target gcc include directory to fix
gcc-9: Add recipes for gcc 9.1 release
Lei Maohui (2):
dnf: Enable nativesdk
icu: Added armeb support.
Lei Yang (1):
recipetool: add missed module
Luca Boccassi (1):
systemd: add cgroupv2 PACKAGECONFIG
Mardegan, Alberto (1):
oeqa/core/runner: dump stdout and stderr of each test case
Mariano Lopez (5):
update-alternatives.bbclass: Add function to get metadata
ptest.bbclass: Add feature to populate a binary directory
util-linux: Use PTEST binary directory
busybox: Use PTEST binary directory
ptest.bbclass: Use d.getVar instead of os.environ
Martin Jansa (6):
connman: add PACKAGECONFIG for nfc, fix MACHINE_ARCH signature when l2tp is enabled
icecc.bbclass: stop causing everything to be effectivelly MACHINE_ARCH
glibc: always use bfd linker
opkg: fix ptest packaging when OPKGLIBDIR == libdir
kexec-tools: refresh patches with devtool
perf: make sure that the tools/include/uapi/asm-generic directory exists
Matthias Schiffer (1):
systemd: move "machines" symlinks to systemd-container
Max Kellermann (2):
useradd-staticids: print exception after parse_args() error
initrdscripts: merge multiple "mkdir" calls
Michael Scott (2):
kernel-fitimage: support RISC-V
procps: update legacy sysctl.conf to fix rp_filter sysctl issue
Mikko Rapeli (3):
elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries
oeqa/sdk: use bash to execute SDK test commands
openssh: recommend rng-tools with sshd
Mingli Yu (6):
nettle: fix ptest failure
elfutils: add ptest support
elfutils: fix build failure with musl
gcc-sanitizers: fix -Werror=maybe-uninitialized issue
nettle: fix the Segmentation fault
nettle: fix ptest failure
Nathan Rossi (1):
ccmake.bbclass: Fix up un-escaped quotes in output formatting
Naveen Saini (5):
core-image-rt: make sure that we append to DEPENDS
core-image-rt-sdk: make sure that we append to DEPENDS
bitbake.conf: add git-lfs to HOSTTOOLS_NONFATAL
bitbake: bitbake: fetch2/git: git-lfs check
linux-yocto: update genericx86* SRCREV for 4.19
Oleksandr Kravchuk (52):
iproute2: update to 5.0.0
curl: update to 7.64.1
libxext: update to 1.3.4
x11perf: update to 1.6.1
libxdmcp: update to 1.1.3
libxkbfile: update 1.1.0
libxvmc: update to 1.0.11
libxrandr: update to 1.5.2
connman: update to 1.37
ethtool: update to 5.0
tar: update to 1.32
ffmpeg: update to 4.1.2
librepo: update to 1.9.6
libxmu: update to 1.1.3
libxcrypt: update to 4.4.4
wget: update to 1.20.2
libsecret: 0.18.8
createrepo-c: update to 0.12.2
libinput: update to 1.13.0
cronie: update to 1.5.4
libyaml: update to 0.2.2
fontconfig: update to 2.13.1
makedepend: update to 1.0.6
libdrm: update to 2.4.98
libinput: update to 1.13.1
libnotify: update to 0.7.8
libpng: update to 1.6.37
libcroco: update to 0.6.13
libpsl: update to 0.21.0
git: update to 2.21.0
quota: update to 4.05
gnupg: update to 2.2.15
lz4: update to 1.9.0
orc: update to 0.4.29
help2man-native: update to 1.47.10
cups: update to 2.2.11
pixman: update to 0.38.4
libcap: update to 2.27
ninja: add Upstream-Status and SOB for musl patch
python-numpy: update to 1.16.3
python3-pygobject: update to 3.32.1
wget: update to 1.20.3
libsolv: update to 0.7.4
ell: add recipe
sqlite3: update to 3.28.0
kmscube: update to latest revision
coreutils: update to 8.31
mtools: update to 4.0.23
msmtp: update to 1.8.4
wpa-supplicant: update to 2.8
bitbake.conf: use https instead of http
ell: update to 0.20
Paul Barker (3):
oe.path: Add copyhardlink() helper function
license_image: Use new oe.path.copyhardlink() helper
gdb: Fix aarch64 build with musl
Peter Kjellerstedt (1):
systemd: Use PACKAGECONFIG definition to depend on libnss-myhostname
Randy MacLeod (5):
valgrind: update from 3.14.0 to 3.15.0
valgrind: fix vg_regtest return code
valgrind: update the ptest subdirs list
valgrind: adjust test filters and expected output
valgrind: fix call/cachegrind ptests
Richard Purdie (52):
pseudo: Update to gain key bugfixes
python3: Avoid hanging tests
python3: Fix ptest output parsing
go.bbclass: Remove unused override
goarch.bbclass: Simplify logic
e2fsprogs: Skip slow ptest tests
bitbake: bitbake: Update version to 1.42.0
poky.conf: Bump version for 2.7 warrior release
build-appliance-image: Update to warrior head revision
bitbake: bitbake: Post release version bumnp to 1.43
poky.conf: Post release version bump
build-appliance-image: Update to master head revision
Revert "nettle: fix ptest failure"
core-image-sato-sdk-ptest: Try and keep image below 4GB limit
core-image-sato-ptest-fast: Add 'fast' ptest execution image
core-image-sato-sdk-ptest: Include more ptests in ptest image
core-image-sato-sdk-ptest: Add temporary PROVIDES core-image-sato-ptest
resultool/resultutils: Fix module import error
lttng-tools: Add missing patch Upstream-Status
utils/multiprocess_launch: Improve failing subprocess output
python3: Drop ptest hack
ptest-packagelists: Add m4 and gettext as 'fast' ptests
bitbake: knotty: Implement console 'keepalive' output
bitbake: build: Ensure warning for invalid task dependencies is useful
bitbake: build: Disable warning about dependent tasks for now
oeqa/ssh: Avoid unicode decode exceptions
elfutils: ptest fixes
elfutils: Fix ptest compile failures on musl
bitbake: bitbake: Add initial pass of SPDX license headers to source code
bitbake: bitbake: Drop duplicate license boilerplace text
bitbake: bitbake: Strip old editor directives from file headers
bitbake: HEADER: Drop it
openssh/systemd/python/qemu: Fix patch Upstream-Status
scripts/pybootchart: Fix mixed indentation
scripts/pybootchart: Port to python3
scripts/pybootchart/draw: Clarify some variable names
scripts/pybootchart/draw: Fix some bounding problems
coreutils: Fix patch upstream status field
oeqa: Drop OETestID
meta/lib+scripts: Convert to SPDX license headers
oeqa/core/runner: Handle unexpectedSucesses
oeqa/systemd_boot: Drop OETestID
oeqa/runner: Fix subunit setupClass/setupModule failure handling
oeqa/concurrenttest: Patch subunit module to handle classSetup failures
tcmode-default: Add PREFERRED_VERSION for libgfortran
oeqa/selftest: Automate manual pybootchart tests
openssh: Avoid PROVIDES warning from rng-tools dependency
oeqa/target/ssh: Replace suggogatepass with ignoring errors
core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit
valgrind: Include debugging symbols in ptests
dbus-test: Improve ptest dependencies dependencies
ptest: Add RDEPENDS frpm PN-ptest to PN package
Robert Joslyn (1):
qemu: Add PACKAGECONFIG for snappy
Robert Yang (6):
bitbake: bitbake-diffsigs: Use 4 spaces as indent for recursecb
bitbake: bb: siggen: Make dump_sigfile and compare_sigfiles print uuid4
bitbake: bb: siggen: Print more info when basehash are mis-matched
bitbake: BBHandler: Fix addtask and deltask
bitbake: build.py: check dependendent task for addtask
bitbake: tests/parse.py: Add testcase for addtask and deltask
Ross Burton (14):
lttng-tools: fix Upstream-Status
acpica: upgrade to 20190215
staging: add ${datadir}/gtk-doc/html to the sysroot blacklist
mpg123: port to use libsdl2
meta-poky: remove obsolete DISTRO_FEATURES_LIBC
m4: update patch status
packagegroup-core-full-cmdline: remove zlib
wic: change expand behaviour to match docs
wic: add global debug option
gtk-icon-cache: clean up DEPENDS
patch: add minver and maxver parameters
glib-2.0: fix locale handling
glib-2.0: add missing locales for the tests
glib-2.0: fix last failing ptest
Scott Rifenbark (34):
bitbake: poky.ent: Removed "ECLIPSE" entity variables.
bitbake: bitbake-user-manual: Added section on modifying variables
Makefile: Removed Eclipse support
Documentation: Removed customization.xsl files for Eclipse
mega-manual: Removed two Eclipse figures from tarball list
mega-manual, overview-manual: Added updated index releases figure
poky.ent: Removed Eclipse related variables.
mega-manual: Removed the Eclipse chapters
dev-manual: Removed all references to Eclipse.
overview-manual: Removed all references to Eclipse
profile-manual: Removed all references to Eclipse
ref-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
dev-manual; brief-yoctoprojectqs: Updated checkout branch example
dev-manual: Added reasoning blurb to "Viewing Variables" section.
ref-manual: Inserted Migration 2.7 section.
ref-manual: Added Eclipse removal for migration section.
ref-manual: Added "License Value Corrections to migration.
ref-manual: Added Fedora 29 to the supported distros list.
poky.ent: changed 2.7 release variable date to "May 2019"
ref-manual: Review comments applied to 2.7 migration section.
documentation: Prepared for 2.8 release
bsp-guide: Removed inaccurate "container layer" references.
ref-manual: Updated the "Container Layer" term.
bsp-guide: Updated the "beaglebone-yocto.conf" example.
documentation: Cleaned up "plug-in"/"plugin" terminology.
bsp-guide: Updated the BSP kernel recipe example.
ref-manual: Updated PREFERRED_VERSION variable to use 5.0
bsp-guide: More corrections to the BSP Kernel Recipe example
dev-manual: Added cross-link to "Fetchers" section in BB manual.
bitbake: bitbake-user-manual: Added npm to other fetcher list.
overview-manual: Updated SMC section to link to fetchers
ref-manual: Added "npm" information to the SRC_URI variable.
Stefan Kral (1):
bitbake: build: Add verbnote to shell log commands
Stefan Müller-Klieser (1):
cml1.bbclass: fix undefined behavior
Steven Hung (洪于玉) (1):
kernel.bbclass: convert base_do_unpack_append() to a task
Tom Rini (2):
vim: Rework to not rely on relative directories
vim: Update to 8.1.1240
Wenlin Kang (1):
systemd: install libnss-myhostname.so when myhostname be enabled
Yeoh Ee Peng (1):
resulttool/manualexecution: Refactor and remove duplicate code
Yi Zhao (2):
harfbuzz: update source checksums after upstream replaced the tarball
libyaml: update SRC_URI[md5sum] and SRC_URI[sha256sum]
Ying-Chun Liu (PaulLiu) (1):
uboot-sign: Fix u-boot-nodtb symlinks
Zang Ruochen (10):
libatomic-ops:upgrade 7.6.8 -> 7.6.10
libgpg-error:upgrade 1.35 -> 1.36
libxft:upgrade 2.3.2 -> 2.3.3
libxxf86dga:upgrade 1.1.4 -> 1.1.5
nss:upgrade 3.42.1 -> 3.43
sysprof:upgrade 3.30.2 -> 3.32.0
libtirpc:upgrade 1.0.3 -> 1.1.4
xtrans:upgrade 1.3.5 -> 1.4.0
harfbuzz:upgrade 2.3.1 -> 2.4.0
icu: Upgrade 64.1 -> 64.2
Zheng Ruoqin (1):
sanity: check_perl_modules bug fix
sangeeta jain (1):
resulttool/manualexecution: Enable test case configuration option
meta-openembedded: 4a9deabbc8..1ecd8b4364:
Adrian Bunk (34):
linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCH
linux-atm: Replace bogus on_exit removal with musl-specific hack
ledmon: Mark as incompatible on musl instead of adding bogus patch
efivars: Drop workaround patch for host gcc < 4.7
sshfs-fuse: upgrade 2.8 -> 2.10
wv: upgrade 1.2.4 -> 1.2.9
caps: Upgrade 0.9.24 -> 0.9.26
dvb-apps: Remove dvb-fe-xc5000c-4.1.30.7.fw
schroedinger: Remove the obsolete DEPENDS on liboil
vlc: Remove workaround and patches for problems fixed upstream
Remove liboil
dnrd: Remove stale files of recipe removed 2 years ago
postfix: Upgrade 3.4.1 -> 3.4.5
pptp-linux: Upgrade 1.9.0 -> 1.10.0
dovecot: Upgrade 2.2.36 -> 2.2.36.3
postgresql: Upgrade 11.2 -> 11.3
rocksdb: Upgrade 5.18.2 -> 5.18.3
cloud9: Remove stale files of recipe removed 2 years ago
fluentbit: Upgrade 0.12.1 -> 0.12.19
libcec: Upgrade 4.0.2 -> 4.0.4
libqb: Upgrade 1.0.3 -> 1.0.5
openwsman: Upgrade 2.6.8 -> 2.6.9
glm: Upgrade 0.9.9.3 -> 0.9.9.5
fvwm: Upgrade 2.6.7 -> 2.6.8
augeas: Upgrade 1.11.0 -> 1.12.0
ccid: Upgrade 1.4.24 -> 1.4.30
daemonize: Upgrade 1.7.7 -> 1.7.8
inotify-tools: Upgrade 3.14 -> 3.20.1
liboop: Upgrade 1.0 -> 1.0.1
ode: Remove stale file of recipe removed 2 years ago
openwbem: Remove stale files of recipe removed 2 years ago
catch2: Upgrade 2.6.1 -> 2.7.2
geos: Upgrade 3.4.2 -> 3.4.3
rdfind: Upgrade 1.3.4 -> 1.4.1
Akshay Bhat (3):
python-urllib3: Set CVE_PRODUCT
python3-pillow: Set CVE_PRODUCT
python-requests: Set CVE_PRODUCT
Alistair Francis (3):
mycroft: Update the systemd service to ensure we are ready to start
mycroft: Bump from 19.2.2 to 19.2.3
python-obd: Add missing RDEPENDS
Andreas Müller (33):
gvfs: remove executable permission from systemd user services
udisks2: upgrade 2.8.1 -> 2.8.2
parole: upgrade 1.0.1 -> 1.0.2
ristretto: upgrade 0.8.3 -> 0.8.4
networkmanager: rework musl build
gvfs: remove systemd user unit executable permission adjustment
fltk: upgrade 1.3.4-2 -> 1.3.5
samba: install bundled libs into seperate packages
samba: rework localstatedir package split
fluidsynth: upgrade 2.0.4 -> 2.0.5
xfce4-vala: auto-detect vala api version
gnome-desktop3: set correct meson gtk doc option
vlc: rework qt PACKAGECONFIG
evince: add patch to fix build with recent gobject-introspection
xfce4-cpufreq-plugin: Fix memory leak and reduce CPU load
packagegroup-meta-networking: replace DISTRO_FEATURE by DISTRO_FEATURES
meta-xfce: add meta-networking to layer depends
gtksourceview4: initial add 4.2.0
gtksourceview-classic-light: extend to gtksourceview4
itstool: rework - it went out too early
fontforge: upgrade 20170731 -> 20190413
exo: upgrade 0.12.4 -> 0.12.5
xfce4-places-plugin: upgrade 1.7.0 -> 1.8.0
xfce4-datetime-plugin: upgrade 0.7.0 -> 0.7.1
xfce4-notifyd: upgrade 0.4.3 -> 0.4.4
desktop-file-utils: remove - a more recent version is in oe-core
libwnck3: upgrade 3.30.0 and move to meson build
xfce4-terminal: add vte-prompt to RRECOMMENDS
xfce4-session: get rid of machine-host
xfce4-session: remove strange entry in FILES_${PN}
libxfce4ui: Add PACKAGECONFIG 'gladeui2' for glade (gtk3) support
glade3: move to to meta-xfce
Remove me as maintainer
Andrej Valek (2):
squid: upgrade squid 3.5.28 -> 4.6
ntp: upgrade 4.2.8p12 -> 4.2.8p13
Ankit Navik (1):
libnfc: Initial recipe for Near Field Communication library.
Armin Kuster (1):
meta-filesystems: drop bitbake from README
Changqing Li (5):
gd: fix compile error caused by -Werror=maybe-uninitialized
apache2: add back patch for set perlbin
php: upgrade 7.3.2 -> 7.3.4
postgresql: fix compile error
php: correct httpd path
Chris Garren (1):
python-cryptography: Move linker flag to .inc
Denys Dmytriyenko (1):
v4l-utils: upgrade 1.16.0 -> 1.16.5
Gianfranco Costamagna (1):
cpprest: update to 2.10.13, drop 32bit build fix upstream
Hains van den Bosch (1):
libcdio: update to version 2.1.0
Hongxu Jia (1):
pmtools: use update-alternatives for acpidump
Hongzhi.Song (1):
lua: upgrade from v5.3.4 to v5.3.5
Ivan Maidanski (1):
bdwgc: upgrade 7.6.12 -> 8.0.4
Johannes Pointner (1):
samba: update to 4.8.11
Kai Kang (3):
gvfs: fix typo libexec
drbd: fix compile errors
drbd-utils: fix file conflict with base-files
Khem Raj (3):
redis: Upgrade to 4.0.14
squid: Link with libatomic on mips/ppc
cpupower: Inherit bash completion class
Leon Anavi (1):
openbox: Add python-shell as a runtime dependency
Liwei Song (1):
ledmon: control hard disk led for RAID arrays
Mark Asselstine (1):
xfconf: fix 'Failed to get connection to xfconfd' during do_rootfs
Martin Jansa (13):
ftgl: add x11 to required DISTRO_FEATURES like freeglut
libforms: add x11 to required DISTRO_FEATURES because of libx11
Revert "ell: remove recipe"
ne10: set NE10_TARGET_ARCH with an override instead of anonymous python
libopus: use armv7a, aarch64 overrides when adding ne10 dependency
esound: fix SRC_URI for multilib
opusfile: fix SRC_URI for multilib
miniupnpd: fix SRC_URI for multilib
zbar: fix SRC_URI for multilib
libvncserver: set PV in the recipe
efivar: prevent native efivar depending on target kernel
libdbi-perl: prevent native libdbi-perl depending on target perl
aufs-util: prevent native aufs-util depending on target kernel
Ming Liu (1):
libmodbus: add documentation PACKAGECONFIG
Mingli Yu (6):
indent: Upgrade to 2.2.12
hostapd: Upgrade to 2.8
hwdata: Upgrade to 0.322
rrdtool: Upgrade to 1.7.1
libdev-checklib-perl: add new recipe
libdbd-mysql-perl: Upgrade to 4.050
Nathan Rossi (1):
fatresize_1.0.2.bb: Add recipe for fatresize command line tool
Nicolas Dechesne (3):
cpupower: remove LIC_FILES_CHKSUM
bpftool: remove LIC_FILES_CHKSUM
cannelloni: move from meta-oe to meta-networking
Oleksandr Kravchuk (38):
smcroute: update to 2.4.4
phytool: update to v2
fwknop: update to 2.6.10
cifs-utils: update to 6.9
keepalived: update to 2.0.15
usbredir: update to 0.8.0
open-isns: update to 0.99
nanomsg: update to 1.1.5
stunnel: update to 5.51
babeld: update to 1.8.4
drbd-utils: update to 9.8.0
drbd: update to 9.0.17-1
macchanger: update to 1.7.0
wolfssl: update to 4.0.0
ell: remove recipe
analyze-suspend: update to 5.3
chrony: update to 3.4
nghttp2: update to 1.38
nano: update to 4.1
networkmanager-openvpn: update to 1.8.10
wpan-tools: update to 0.9
uftp: update to 4.9.9
vblade: add UPSTREAM_CHECK_URI
traceroute: add UPSTREAM_CHECK_URI
nuttcp: update to 8.2.2
nfacct: add UPSTREAM_CHECK_URI
nftables: add UPSTREAM_CHECK_URI
libnetfilter-queue: update to 1.0.3
arno-iptables-firewall: update to 2.0.3
ypbind-mt: update to 2.6
ebtables: add UPSTREAM_CHECK_URI
doxygen: replace ninja 1.9.0 fix with official one
libnetfilter-queue: fix update to 1.0.3
networkd-dispatcher: update to 2.0.1
opensaf: update to 5.19.01
libnetfilter-conntrack: update to 1.0.7
conntrack-tools: update to 1.4.5
openvpn: update to 2.4.7
Paolo Valente (1):
s-suite: push SRCREV to version 3.2
Parthiban Nallathambi (6):
python3-aiohttp: add version 3.5.4
python3-supervisor: add version 4.0.2
python3-websocket-client: add version 0.56.0
python3-tinyrecord: add version 0.1.5
python3-sentry-sdk: add version 0.7.14
python3-raven: add version 6.10.0
Pascal Bach (2):
paho-mqtt-c: 1.2.1 -> 1.3.0
thrift: update to 0.12.0
Pavel Modilaynen (1):
jsoncpp: add native BBCLASSEXTEND
Peter Kjellerstedt (2):
apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS
apache2: Correct packaging of build and doc related files
Philip Balister (1):
sip: Update to 4.19.16.
Qi.Chen@windriver.com (4):
multipath-tools: fix up patch to avoid segfault
netkit-rsh: add tag to CVE patch
ipsec-tools: fix CVE tag in patch
gd: set CVE_PRODUCT
Randy MacLeod (1):
imagemagick: update from 7.0.8-35 to 7.0.8-43
Robert Joslyn (5):
gpm: Fix gpm path in unit file
gpm: Add PID file to systemd unit file
gpm: Generate documentation
gpm: Remove duplicate definition of _GNU_SOURCE
gpm: Recipe cleanup
Sean Nyekjaer (2):
cannelloni: new package, CAN to ethernet proxy
ser2net: upgrade to version 3.5.1
Vincent Prince (1):
mongodb: Fix build with gcc
Wenlin Kang (1):
samba: add PACKAGECONFIG for libunwind
Yi Zhao (7):
python-flask-socketio: move to meta-python directory
apache2: upgrade 2.4.34 -> 2.4.39
apache-websocket: upgrade to latest git rev
netkit-rsh: security fixes
openhpi: fix failure of ptest case ohpi_035
openhpi: update openhpi-fix-testfail-errors.patch
phpmyadmin: upgrade 4.8.3 -> 4.8.5
Zang Ruochen (43):
xlsatoms: upgrade 1.1.2 -> 1.1.3
xrdb: upgrade 1.1.1 -> 1.2.0
xrefresh: upgrade 1.0.5 -> 1.0.6
xsetroot: upgrade 1.1.1 -> 1.1.2
xstdcmap: upgrade 1.0.3 -> 1.0.4
xbitmaps: upgrade 1.1.1 -> 1.1.2
wireshark: upgrade 3.0.0 -> 3.0.1
python-cffi: upgrade 1.11.5 -> 1.12.2
python-attrs: upgrade 18.1.0 -> 19.1.0
python-certifi: upgrade 2018.8.13 -> 2019.3.9
python-beabutifulsoup4: upgrade 4.6.0 -> 4.7.1
python-dateutil: upgrade 2.7.3 -> 2.8.0
python-mako: upgrade 1.0.7 -> 1.0.9
python-msgpack: upgrade 0.6.0 -> 0.6.1
python-paste: upgrade 3.0.6 -> 3.0.8
python-psutil: upgrade 5.4.6 -> 5.6.1
python-py: upgrade 1.6.0 -> 1.8.0
python-pymongo: upgrade 3.7.1 -> 3.7.2
python-pyopenssl: upgrade 18.0.0 -> 19.0.0
python-pytz: upgrade 2018.5 -> 2019.1
python-stevedore: upgrade 1.29.0 -> 1.30.1
python-pbr: upgrade 4.2.0 -> 5.1.3
python-cython: upgrade 0.28.5 -> 0.29.6
python-editor: upgrade 1.0.3 -> 1.0.4
python-jinja2: upgrade 2.10 -> 2.10.1
python-lxml: upgrade 4.3.1 -> 4.3.3
python-alembic: upgrade 1.0.0 -> 1.0.9
python-cffi: upgrade 1.12.2 -> 1.12.3
python-hyperlink: upgrade 18.0.0 -> 19.0.0
python-twisted: upgrade 18.4.0 -> 19.2.0
python-zopeinterface: upgrade 4.5.0 -> 4.6.0
python-decorator: upgrade 4.3.0 -> 4.4.0
python-pip: upgrade 18.0 -> 19.1
python-pyasn1: upgrade 0.4.4 -> 0.4.5
libnet-dns-perl: upgrade 1.19 -> 1.20
python-alembic: upgrade 1.0.9 -> 1.0.10
python-cython: upgrade 0.29.6 -> 0.29.7
python-mock: upgrade 2.0.0 -> 3.0.5
python-pbr: upgrade 5.1.3 -> 5.2.0
python-psutil: upgrade 5.6.1 -> 5.6.2
python-pymongo: upgrade 3.7.2 -> 3.8.0
python-pyperclip: upgrade 1.6.2 -> 1.7.0
python-rfc3987: upgrade 1.3.7 -> 1.3.8
leimaohui (3):
To fix confilict error with python3-pbr.
python-pycodestyle: Fix conflict error with python3-pycodestyle during do_rootfs
mozjs: Make mozjs support arm32BE.
meta-raspberrypi: 9ceb84ee9e..7059c37451:
Francesco Giancane (1):
qtbase_%.bbappend: update PACKAGECONFIG name for xkbcommon
Gianluigi Tiesi (1):
psplash: Raise alternatives priority to 200
Martin Jansa (3):
linux_raspberrypi_4.19: Update to 4.19.34
bluez5: apply the same patches and pi-bluetooth dependency for all rpi MACHINEs
userland: use default PACKAGE_ARCH
Paul Barker (3):
linux-raspberrypi: Update 4.14.y kernel
linux-raspberrypi: Switch default back to 4.14.y
linux-raspberrypi 4.9: Drop old version
meta-security: 8a1f54a246..9f5cc2a7eb:
Alexander Kanavin (1):
apparmor: fetch from git
Armin Kuster (15):
clamav runtime: add resolve.conf support
clamav: fix llvm reference version
libldb: add waf-cross-answeres
clamav: runtime fix local routing
clamav: add clamav-cvd package for cvd db
clamav-native: fix new build issue
apparmor: fix fragment for 5.0 kernel
apparmor: add a few more runtime
smack: move patch to smack dir
smack-test: add smack tests from meta-intel-iot-security
samhain: add more tests and fix ret checks
libldb: add earlier version
libseccomp: update to 2.4.1
oe-selftest: add running cve checker
smack: kernel fragment update
Yi Zhao (2):
meta-tpm/conf/layer.conf: update layer dependencies
meta-tpm/README: update
Change-Id: I9e02cb75a779f25fca84395144025410bb609dfa
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/openssh')
5 files changed, 628 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch new file mode 100644 index 000000000..4c9d57442 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch @@ -0,0 +1,121 @@ +From 5df934e2279e8ed1f07b990f4b2b3baf6470f7e5 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Thu, 24 Jan 2019 16:52:17 +0000 +Subject: [PATCH] upstream: Have progressmeter force an update at the beginning + and + +end of each transfer. Fixes the problem recently introduces where very quick +transfers do not display the progressmeter at all. Spotted by naddy@ + +OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + progressmeter.c | 13 +++++-------- + progressmeter.h | 4 ++-- + scp.c | 2 +- + sftp-client.c | 2 +- + 4 files changed, 9 insertions(+), 12 deletions(-) + +diff --git a/progressmeter.c b/progressmeter.c +index add462d..e385c12 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.47 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -59,9 +59,6 @@ static void format_rate(char *, int, off_t); + static void sig_winch(int); + static void setscreensize(void); + +-/* updates the progressmeter to reflect the current state of the transfer */ +-void refresh_progress_meter(void); +- + /* signal handler for updating the progress meter */ + static void sig_alarm(int); + +@@ -120,7 +117,7 @@ format_size(char *buf, int size, off_t bytes) + } + + void +-refresh_progress_meter(void) ++refresh_progress_meter(int force_update) + { + char buf[MAX_WINSIZE + 1]; + off_t transferred; +@@ -131,7 +128,7 @@ refresh_progress_meter(void) + int hours, minutes, seconds; + int file_len; + +- if ((!alarm_fired && !win_resized) || !can_output()) ++ if ((!force_update && !alarm_fired && !win_resized) || !can_output()) + return; + alarm_fired = 0; + +@@ -254,7 +251,7 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); +@@ -271,7 +268,7 @@ stop_progress_meter(void) + + /* Ensure we complete the progress */ + if (cur_pos != end_pos) +- refresh_progress_meter(); ++ refresh_progress_meter(1); + + atomicio(vwrite, STDOUT_FILENO, "\n", 1); + } +diff --git a/progressmeter.h b/progressmeter.h +index 8f66780..1703ea7 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,5 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); +-void refresh_progress_meter(void); ++void refresh_progress_meter(int); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 4a342a6..0587cec 100644 +--- a/scp.c ++++ b/scp.c +@@ -585,7 +585,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 2bc698f..cf2887a 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -101,7 +101,7 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- refresh_progress_meter(); ++ refresh_progress_meter(0); + if (bwlimit != NULL) + bandwidth_limit(bwlimit, amount); + return 0; +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch new file mode 100644 index 000000000..c5b3baece --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2018-20685.patch @@ -0,0 +1,40 @@ +From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Fri, 16 Nov 2018 03:03:10 +0000 +Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer + to the + +current directory; based on report/patch from Harry Sintonen + +OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 + +CVE: CVE-2018-20685 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + scp.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/scp.c b/scp.c +index 60682c6..4f3fdcd 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ ++/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -1106,7 +1106,8 @@ sink(int argc, char **argv) + SCREWUP("size out of range"); + size = (off_t)ull; + +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + } +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch new file mode 100644 index 000000000..dabe4a6c9 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6109.patch @@ -0,0 +1,275 @@ +From 15d47c3bd8551521240bc459fc004c280daef817 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" <dtucker@openbsd.org> +Date: Wed, 23 Jan 2019 08:01:46 +0000 +Subject: [PATCH] upstream: Sanitize scp filenames via snmprintf. To do this we + move + +the progressmeter formatting outside of signal handler context and have the +atomicio callback called for EINTR too. bz#2434 with contributions from djm +and jjelen at redhat.com, ok djm@ + +OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 +CVE: CVE-2019-6109 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + atomicio.c | 20 +++++++++++++++----- + progressmeter.c | 53 ++++++++++++++++++++++++----------------------------- + progressmeter.h | 3 ++- + scp.c | 1 + + sftp-client.c | 16 +++++++++------- + 5 files changed, 51 insertions(+), 42 deletions(-) + +diff --git a/atomicio.c b/atomicio.c +index f854a06..d91bd76 100644 +--- a/atomicio.c ++++ b/atomicio.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */ ++/* $OpenBSD: atomicio.c,v 1.29 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2006 Damien Miller. All rights reserved. + * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved. +@@ -65,9 +65,14 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n, + res = (f) (fd, s + pos, n - pos); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READ_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +@@ -122,9 +127,14 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + res = (f) (fd, iov, iovcnt); + switch (res) { + case -1: +- if (errno == EINTR) ++ if (errno == EINTR) { ++ /* possible SIGALARM, update callback */ ++ if (cb != NULL && cb(cb_arg, 0) == -1) { ++ errno = EINTR; ++ return pos; ++ } + continue; +- if (errno == EAGAIN || errno == EWOULDBLOCK) { ++ } else if (errno == EAGAIN || errno == EWOULDBLOCK) { + #ifndef BROKEN_READV_COMPARISON + (void)poll(&pfd, 1, -1); + #endif +diff --git a/progressmeter.c b/progressmeter.c +index fe9bf52..add462d 100644 +--- a/progressmeter.c ++++ b/progressmeter.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */ ++/* $OpenBSD: progressmeter.c,v 1.46 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2003 Nils Nordman. All rights reserved. + * +@@ -31,6 +31,7 @@ + + #include <errno.h> + #include <signal.h> ++#include <stdarg.h> + #include <stdio.h> + #include <string.h> + #include <time.h> +@@ -39,6 +40,7 @@ + #include "progressmeter.h" + #include "atomicio.h" + #include "misc.h" ++#include "utf8.h" + + #define DEFAULT_WINSIZE 80 + #define MAX_WINSIZE 512 +@@ -61,7 +63,7 @@ static void setscreensize(void); + void refresh_progress_meter(void); + + /* signal handler for updating the progress meter */ +-static void update_progress_meter(int); ++static void sig_alarm(int); + + static double start; /* start progress */ + static double last_update; /* last progress update */ +@@ -74,6 +76,7 @@ static long stalled; /* how long we have been stalled */ + static int bytes_per_second; /* current speed in bytes per second */ + static int win_size; /* terminal window size */ + static volatile sig_atomic_t win_resized; /* for window resizing */ ++static volatile sig_atomic_t alarm_fired; + + /* units for format_size */ + static const char unit[] = " KMGT"; +@@ -126,9 +129,17 @@ refresh_progress_meter(void) + off_t bytes_left; + int cur_speed; + int hours, minutes, seconds; +- int i, len; + int file_len; + ++ if ((!alarm_fired && !win_resized) || !can_output()) ++ return; ++ alarm_fired = 0; ++ ++ if (win_resized) { ++ setscreensize(); ++ win_resized = 0; ++ } ++ + transferred = *counter - (cur_pos ? cur_pos : start_pos); + cur_pos = *counter; + now = monotime_double(); +@@ -158,16 +169,11 @@ refresh_progress_meter(void) + + /* filename */ + buf[0] = '\0'; +- file_len = win_size - 35; ++ file_len = win_size - 36; + if (file_len > 0) { +- len = snprintf(buf, file_len + 1, "\r%s", file); +- if (len < 0) +- len = 0; +- if (len >= file_len + 1) +- len = file_len; +- for (i = len; i < file_len; i++) +- buf[i] = ' '; +- buf[file_len] = '\0'; ++ buf[0] = '\r'; ++ snmprintf(buf+1, sizeof(buf)-1 , &file_len, "%*s", ++ file_len * -1, file); + } + + /* percent of transfer done */ +@@ -228,22 +234,11 @@ refresh_progress_meter(void) + + /*ARGSUSED*/ + static void +-update_progress_meter(int ignore) ++sig_alarm(int ignore) + { +- int save_errno; +- +- save_errno = errno; +- +- if (win_resized) { +- setscreensize(); +- win_resized = 0; +- } +- if (can_output()) +- refresh_progress_meter(); +- +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); ++ alarm_fired = 1; + alarm(UPDATE_INTERVAL); +- errno = save_errno; + } + + void +@@ -259,10 +254,9 @@ start_progress_meter(const char *f, off_t filesize, off_t *ctr) + bytes_per_second = 0; + + setscreensize(); +- if (can_output()) +- refresh_progress_meter(); ++ refresh_progress_meter(); + +- signal(SIGALRM, update_progress_meter); ++ signal(SIGALRM, sig_alarm); + signal(SIGWINCH, sig_winch); + alarm(UPDATE_INTERVAL); + } +@@ -286,6 +280,7 @@ stop_progress_meter(void) + static void + sig_winch(int sig) + { ++ signal(SIGWINCH, sig_winch); + win_resized = 1; + } + +diff --git a/progressmeter.h b/progressmeter.h +index bf179dc..8f66780 100644 +--- a/progressmeter.h ++++ b/progressmeter.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */ ++/* $OpenBSD: progressmeter.h,v 1.4 2019/01/23 08:01:46 dtucker Exp $ */ + /* + * Copyright (c) 2002 Nils Nordman. All rights reserved. + * +@@ -24,4 +24,5 @@ + */ + + void start_progress_meter(const char *, off_t, off_t *); ++void refresh_progress_meter(void); + void stop_progress_meter(void); +diff --git a/scp.c b/scp.c +index 4f3fdcd..4a342a6 100644 +--- a/scp.c ++++ b/scp.c +@@ -585,6 +585,7 @@ scpio(void *_cnt, size_t s) + off_t *cnt = (off_t *)_cnt; + + *cnt += s; ++ refresh_progress_meter(); + if (limit_kbps > 0) + bandwidth_limit(&bwlimit, s); + return 0; +diff --git a/sftp-client.c b/sftp-client.c +index 4986d6d..2bc698f 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -101,7 +101,9 @@ sftpio(void *_bwlimit, size_t amount) + { + struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit; + +- bandwidth_limit(bwlimit, amount); ++ refresh_progress_meter(); ++ if (bwlimit != NULL) ++ bandwidth_limit(bwlimit, amount); + return 0; + } + +@@ -121,8 +123,8 @@ send_msg(struct sftp_conn *conn, struct sshbuf *m) + iov[1].iov_base = (u_char *)sshbuf_ptr(m); + iov[1].iov_len = sshbuf_len(m); + +- if (atomiciov6(writev, conn->fd_out, iov, 2, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != ++ if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) != + sshbuf_len(m) + sizeof(mlen)) + fatal("Couldn't send packet: %s", strerror(errno)); + +@@ -138,8 +140,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, 4, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, 4, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) { ++ if (atomicio6(read, conn->fd_in, p, 4, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) { + if (errno == EPIPE || errno == ECONNRESET) + fatal("Connection closed"); + else +@@ -157,8 +159,8 @@ get_msg_extended(struct sftp_conn *conn, struct sshbuf *m, int initial) + + if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); +- if (atomicio6(read, conn->fd_in, p, msg_len, +- conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) ++ if (atomicio6(read, conn->fd_in, p, msg_len, sftpio, ++ conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) + != msg_len) { + if (errno == EPIPE) + fatal("Connection closed"); +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch new file mode 100644 index 000000000..e498da381 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/CVE-2019-6111.patch @@ -0,0 +1,187 @@ +From 15cc3497367d2e9729353b3df75518548e845c82 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sat, 26 Jan 2019 22:41:28 +0000 +Subject: [PATCH] upstream: check in scp client that filenames sent during + +remote->local directory copies satisfy the wildcard specified by the user. + +This checking provides some protection against a malicious server +sending unexpected filenames, but it comes at a risk of rejecting wanted +files due to differences between client and server wildcard expansion rules. + +For this reason, this also adds a new -T flag to disable the check. + +reported by Harry Sintonen +fix approach suggested by markus@; +has been in snaps for ~1wk courtesy deraadt@ + +OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda + +CVE: CVE-2019-6111 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + scp.1 | 12 +++++++++++- + scp.c | 37 +++++++++++++++++++++++++++++-------- + 2 files changed, 40 insertions(+), 9 deletions(-) + +diff --git a/scp.1 b/scp.1 +index 0e5cc1b..397e770 100644 +--- a/scp.1 ++++ b/scp.1 +@@ -18,7 +18,7 @@ + .Nd secure copy (remote file copy program) + .Sh SYNOPSIS + .Nm scp +-.Op Fl 346BCpqrv ++.Op Fl 346BCpqrTv + .Op Fl c Ar cipher + .Op Fl F Ar ssh_config + .Op Fl i Ar identity_file +@@ -208,6 +208,16 @@ to use for the encrypted connection. + The program must understand + .Xr ssh 1 + options. ++.It Fl T ++Disable strict filename checking. ++By default when copying files from a remote host to a local directory ++.Nm ++checks that the received filenames match those requested on the command-line ++to prevent the remote end from sending unexpected or unwanted files. ++Because of differences in how various operating systems and shells interpret ++filename wildcards, these checks may cause wanted files to be rejected. ++This option disables these checks at the expense of fully trusting that ++the server will not send unexpected filenames. + .It Fl v + Verbose mode. + Causes +diff --git a/scp.c b/scp.c +index 0587cec..b2d331e 100644 +--- a/scp.c ++++ b/scp.c +@@ -94,6 +94,7 @@ + #include <dirent.h> + #include <errno.h> + #include <fcntl.h> ++#include <fnmatch.h> + #include <limits.h> + #include <locale.h> + #include <pwd.h> +@@ -375,14 +376,14 @@ void verifydir(char *); + struct passwd *pwd; + uid_t userid; + int errs, remin, remout; +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; + + #define CMDNEEDS 64 + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + + int response(void); + void rsource(char *, struct stat *); +-void sink(int, char *[]); ++void sink(int, char *[], const char *); + void source(int, char *[]); + void tolocal(int, char *[]); + void toremote(int, char *[]); +@@ -421,8 +422,9 @@ main(int argc, char **argv) + addargs(&args, "-oRemoteCommand=none"); + addargs(&args, "-oRequestTTY=no"); + +- fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) ++ fflag = Tflag = tflag = 0; ++ while ((ch = getopt(argc, argv, ++ "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) { + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -501,9 +503,13 @@ main(int argc, char **argv) + setmode(0, O_BINARY); + #endif + break; ++ case 'T': ++ Tflag = 1; ++ break; + default: + usage(); + } ++ } + argc -= optind; + argv += optind; + +@@ -534,7 +540,7 @@ main(int argc, char **argv) + } + if (tflag) { + /* Receive data. */ +- sink(argc, argv); ++ sink(argc, argv, NULL); + exit(errs != 0); + } + if (argc < 2) +@@ -792,7 +798,7 @@ tolocal(int argc, char **argv) + continue; + } + free(bp); +- sink(1, argv + argc - 1); ++ sink(1, argv + argc - 1, src); + (void) close(remin); + remin = remout = -1; + } +@@ -968,7 +974,7 @@ rsource(char *name, struct stat *statp) + (sizeof(type) != 4 && sizeof(type) != 8)) + + void +-sink(int argc, char **argv) ++sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +@@ -984,6 +990,7 @@ sink(int argc, char **argv) + unsigned long long ull; + int setimes, targisdir, wrerrno = 0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + + #define atime tv[0] +@@ -1008,6 +1015,17 @@ sink(int argc, char **argv) + (void) atomicio(vwrite, remout, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; ++ if (src != NULL && !iamrecursive && !Tflag) { ++ /* ++ * Prepare to try to restrict incoming filenames to match ++ * the requested destination file glob. ++ */ ++ if ((src_copy = strdup(src)) == NULL) ++ fatal("strdup failed"); ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { ++ *restrict_pattern++ = '\0'; ++ } ++ } + for (first = 1;; first = 0) { + cp = buf; + if (atomicio(read, remin, cp, 1) != 1) +@@ -1112,6 +1130,9 @@ sink(int argc, char **argv) + run_err("error: unexpected filename: %s", cp); + exit(1); + } ++ if (restrict_pattern != NULL && ++ fnmatch(restrict_pattern, cp, 0) != 0) ++ SCREWUP("filename does not match request"); + if (targisdir) { + static char *namebuf; + static size_t cursize; +@@ -1149,7 +1170,7 @@ sink(int argc, char **argv) + goto bad; + } + vect[0] = xstrdup(np); +- sink(1, vect); ++ sink(1, vect, src); + if (setimes) { + setimes = 0; + if (utimes(vect[0], tv) < 0) +-- +2.7.4 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb index 6260135d5..3b4ed7223 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_7.9p1.bb @@ -24,6 +24,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://CVE-2018-20685.patch \ + file://CVE-2019-6109.patch \ + file://0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch \ + file://CVE-2019-6111.patch \ " SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f" SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad" @@ -144,6 +148,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" +RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed" RPROVIDES_${PN}-ssh = "ssh" |