diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-06-27 08:28:28 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-06-27 08:32:13 +0300 |
commit | d25ed3241ddffad58c7a52e45e388e6c48d5123a (patch) | |
tree | b097477c5b9204689d35c06f5761b1767093b338 /poky/meta/recipes-connectivity | |
parent | c87764fefff10735006a31fab72d76c243a3eb40 (diff) | |
download | openbmc-d25ed3241ddffad58c7a52e45e388e6c48d5123a.tar.xz |
poky: subtree update:26ae42ded7..5951cbcabe
Alex Kiernan (1):
recipetool: Fix list concatenation when using edit
Alexander Kanavin (4):
apr-util: make gdbm optional
gobject-introspection: add a patch to fix a build race
icu: merge .inc into main recipe
icu: make filtered data generation optional, serial and off by default
Alexandru N. Onea (3):
bitbake: perforce: add basic progress handler for perforce
bitbake: perforce: add local path handling SRC_URI options
bitbake: bitbake-user-manual: update perforce fetcher docs
Andreas M?ller (1):
meson.bbclass: avoid unexpected operating-system names
Andreas Müller (6):
boost: Add upstream patch to fix build on depending projects
libinput: upgrade 1.15.5 -> 1.15.6
sqlite3: upgrade 3.32.2 -> 3.32.3
desktop-file-utils: upgrade 0.24 -> 0.26
file: upgrade 5.38 -> 5.39
ffmpeg: upgrade 4.2.3 -> 4.3
Andrej Valek (1):
oeqa/runtime/cases/ptest: Make output content path absolute
Andrew Geissler (1):
meson: backport library ordering fix
Armin Kuster (1):
libuv: move from meta-oe to core for bind update
Arthur She (1):
igt-gpu-tools: add new package
Changqing Li (1):
mime.bbclass: fix post install scriptlet error
Chen Qi (1):
systemd-serialgetty: do not use BindsTo
Daniel McGregor (3):
sign_rpm.bbclass: ignore thread count
systemd-conf: Accept MTU from DHCP
buildhistory-collect-srcrevs: sort directories
He Zhe (1):
ltp: Fix copy_file_rang02 for 32-bit arches
Hongxu Jia (1):
libmodulemd: switch branch master -> main
Jacob Kroon (5):
bitbake: lib/bb/utils.py: Do not preserve TERM in the environment
bitbake: bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example
bitbake.conf: Remove TERM from default BB_HASHBASE_WHITELIST
grub: Remove native version of grub-efi
distro_alias: Remove unused grub-efi distro aliases
Jens Rehsack (1):
u-boot: avoid blind merging all *.cfg
Joe Slater (1):
systemd: fix CVE-2020-13776
Joshua Watt (5):
sstatesig: Account for all dataCaches being passed
bitbake: bitbake: cache: Fix error message with bad multiconfig
wic: Fix error message when reporting invalid offset
classes/archiver: Create patched archive before configuring
bitbake: cache: Bump cache version
Konrad Weihmann (3):
oeqa/runtime: Add OERequirePackage decorator
bitbake: cookerdata: Add BBFILES_DYNAMIC inverse mode
bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC
Mark Morton (2):
New source files and Makefile update for Test Manual
test-manual: Fixed codeblock formatting
Martin Jansa (1):
net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu
Mingli Yu (3):
python3: add the rdepends for python3-misc
python3: add rdepends for python3-idle
python3-dbusmock: add the missing rdepends
Otavio Salvador (2):
systemd: Sync systemd-serialgetty@.service with upstream
mtd-utils: Fix return value of ubiformat
Ovidiu Panait (2):
dbus-test: Remove EXTRA_OECONF_X configs
dbus,dbus-test: Move common parts to dbus.inc
Paul Barker (2):
bitbake: fetch2/gitsm: Mark srcrev as fetched once all submodules are processed
bitbake: fetch2/gitsm: Make need_update() process submodules
Paul Eggleton (5):
graph-tool: switch to argparse
graph-tool: add filter subcommand
dpkg-native: rebase and reinstate fix for "tar: file changed as we read it"
shadow-sysroot: drop unused SRC_URI checksums
devtool: fix typo
Peter Kjellerstedt (1):
relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist
Pierre-Jean Texier (3):
diffoscope: upgrade 146 -> 147
ell: upgrade 0.31 -> 0.32
curl: upgrade 7.70.0 -> 7.71.0
Rasmus Villemoes (1):
curl: add debug info
Richard Purdie (15):
buildhistory: Add simplistic file move detection
bitbake: bin/bitbake: Update to next series release version
perl: Fix host specific modules problems
sanity.conf: Require bitbake 1.47.0 as the minimum version
patchelf: Upgrade 0.10 -> 0.11
test-manual: Add SPDX license headers
Makefile: Drop obsolete edison/denzil branch conditionals
bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror
pseudo: Fix attr errors due to incorrect library resolution issues
oeqa/selftest/runcmd: Add better debug for thread count mismatch failures
oeqa/utils/command: Improve stdin handling in runCmd
vulkan-headers: Fix upstream branch deletion issue
recipes: Fix Upstream-Status Accepted -> Backport
scripts/install-buildtools: Update to 3.2 M1 buildtools
scripts/install-buildtools: Handle new format checksum files
Robert P. J. Day (1):
python: use official "pypi.org" URLs for HOMEPAGE
Ross Burton (8):
install-buildtools: fail if an error occurs
install-buildtools: remove hardcoded x86-64 architecture
install-buildtools: add option to disable checksum validation
common-licenses: add BSD-2-Clause-Patent
gstreamer1.0-plugins-bad: add support for vdpau
go-binary-native: add binary Go to bootstrap
tcmode-default: use go-binary-native by default
go-native: merge bb/inc and add comment
Ryan Rowe (1):
python3: fix PGO for non-reproducible biniaries
Sakib Sajal (1):
qemu: uprev v4.2.0 -> v5.0.0
Samuli Piippo (2):
cmake: allow chainloading of the toolchain file
perl: use relative paths in the perl wrapper
Steve Sakoman (1):
buildtools-tarball: export OPENSSL_CONF in environment setup
Tanu Kaskinen (1):
pulseaudio: remove unnecessary libltdl copying
Trevor Gamblin (1):
python3-setuptools: patch entrypoints for faster initialization
Tuomas Salokanto (1):
recipetool: create: fix SRCBRANCH not being passed to params
Valentin Longchamp (2):
tools-profile: disable valgrind for powerpc soft-float
valgrind: disable it for powerpc soft-float
Wang Mingyu (5):
powertop: upgrade 2.12 -> 2.13
man-db: upgrade 2.9.2 -> 2.9.3
valgrind: upgrade 3.16.0 -> 3.16.1
man-pages: upgrade 5.06 -> 5.07
harfbuzz: upgrade 2.6.7 -> 2.6.8
Yi Zhao (2):
iptables: fix invalid symbolic link for ip6tables-apply
iptables: split iptables-apply to its own package
Yongxin Liu (1):
linux-firmware: add ice for Intel E800 series driver
Yuki Hoshino (1):
sysvinit-inittab: Add support for tty devices with 10 or more number.
akuster (9):
bind: update to 9.11.19
adt-manual: Add SPDX license headers
bsp-guide: Add SPDX license headers
brief-yoctoprojectsqa: Add SPDX license headers
dev-manual: Add SPDX License headers
kernel-dev: Add SPDX license headers
profile-manual: Add SPDX licence headers
sdk-manual: Add SPDX license headers
toaster-manaul: Add SPDX license headers
haiqing (1):
libpam: Remove option 'obscure' from common-password
hongxu (1):
kmod: add nativesdk support
zangrc (1):
ethtool:upgrade 5.6 -> 5.7
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I1190ca17297b1167286cfc06033e8485396c7cce
Diffstat (limited to 'poky/meta/recipes-connectivity')
-rw-r--r-- | poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch | 206 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch | 29 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/bind/bind_9.11.19.bb (renamed from poky/meta/recipes-connectivity/bind/bind_9.11.13.bb) | 7 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/libuv/libuv_1.34.2.bb | 19 |
4 files changed, 21 insertions, 240 deletions
diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch deleted file mode 100644 index 8f0023191..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8616.patch +++ /dev/null @@ -1,206 +0,0 @@ -Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8616.patch] -CVE: CVE-2020-8616 -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> ---- -diff --git a/lib/dns/adb.c b/lib/dns/adb.c -index 058495f6a5..6b8a9537f0 100644 ---- a/lib/dns/adb.c -+++ b/lib/dns/adb.c -@@ -404,14 +404,13 @@ static void log_quota(dns_adbentry_t *entry, const char *fmt, ...) - */ - #define FIND_WANTEVENT(fn) (((fn)->options & DNS_ADBFIND_WANTEVENT) != 0) - #define FIND_WANTEMPTYEVENT(fn) (((fn)->options & DNS_ADBFIND_EMPTYEVENT) != 0) --#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) \ -- != 0) --#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) \ -- != 0) --#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) --#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) --#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) --#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) -+#define FIND_AVOIDFETCHES(fn) (((fn)->options & DNS_ADBFIND_AVOIDFETCHES) != 0) -+#define FIND_STARTATZONE(fn) (((fn)->options & DNS_ADBFIND_STARTATZONE) != 0) -+#define FIND_HINTOK(fn) (((fn)->options & DNS_ADBFIND_HINTOK) != 0) -+#define FIND_GLUEOK(fn) (((fn)->options & DNS_ADBFIND_GLUEOK) != 0) -+#define FIND_HAS_ADDRS(fn) (!ISC_LIST_EMPTY((fn)->list)) -+#define FIND_RETURNLAME(fn) (((fn)->options & DNS_ADBFIND_RETURNLAME) != 0) -+#define FIND_NOFETCH(fn) (((fn)->options & DNS_ADBFIND_NOFETCH) != 0) - - /* - * These are currently used on simple unsigned ints, so they are -@@ -3155,21 +3154,26 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - * Listen to negative cache hints, and don't start - * another query. - */ -- if (NCACHE_RESULT(result) || AUTH_NX(result)) -+ if (NCACHE_RESULT(result) || AUTH_NX(result)) { - goto fetch; -+ } - -- if (!NAME_FETCH_V6(adbname)) -+ if (!NAME_FETCH_V6(adbname)) { - wanted_fetches |= DNS_ADBFIND_INET6; -+ } - } - - fetch: - if ((WANT_INET(wanted_addresses) && NAME_HAS_V4(adbname)) || - (WANT_INET6(wanted_addresses) && NAME_HAS_V6(adbname))) -+ { - have_address = true; -- else -+ } else { - have_address = false; -- if (wanted_fetches != 0 && -- ! (FIND_AVOIDFETCHES(find) && have_address)) { -+ } -+ if (wanted_fetches != 0 && !(FIND_AVOIDFETCHES(find) && have_address) && -+ !FIND_NOFETCH(find)) -+ { - /* - * We're missing at least one address family. Either the - * caller hasn't instructed us to avoid fetches, or we don't -@@ -3177,8 +3181,9 @@ dns_adb_createfind2(dns_adb_t *adb, isc_task_t *task, isc_taskaction_t action, - * be acceptable so we have to launch fetches. - */ - -- if (FIND_STARTATZONE(find)) -+ if (FIND_STARTATZONE(find)) { - start_at_zone = true; -+ } - - /* - * Start V4. -diff --git a/lib/dns/include/dns/adb.h b/lib/dns/include/dns/adb.h -index 63a13c4e41..edf6e54935 100644 ---- a/lib/dns/include/dns/adb.h -+++ b/lib/dns/include/dns/adb.h -@@ -207,6 +207,10 @@ struct dns_adbfind { - * lame for this query. - */ - #define DNS_ADBFIND_OVERQUOTA 0x00000400 -+/*% -+ * Don't perform a fetch even if there are no address records available. -+ */ -+#define DNS_ADBFIND_NOFETCH 0x00000800 - - /*% - * The answers to queries come back as a list of these. -diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c -index 7c44478a26..0a40859d08 100644 ---- a/lib/dns/resolver.c -+++ b/lib/dns/resolver.c -@@ -172,6 +172,14 @@ - #define DEFAULT_MAX_QUERIES 75 - #endif - -+/* -+ * After NS_FAIL_LIMIT attempts to fetch a name server address, -+ * if the number of addresses in the NS RRset exceeds NS_RR_LIMIT, -+ * stop trying to fetch, in order to avoid wasting resources. -+ */ -+#define NS_FAIL_LIMIT 4 -+#define NS_RR_LIMIT 5 -+ - /* Number of hash buckets for zone counters */ - #ifndef RES_DOMAIN_BUCKETS - #define RES_DOMAIN_BUCKETS 523 -@@ -3130,8 +3138,7 @@ sort_finds(dns_adbfindlist_t *findlist, unsigned int bias) { - static void - findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, - unsigned int options, unsigned int flags, isc_stdtime_t now, -- bool *overquota, bool *need_alternate) --{ -+ bool *overquota, bool *need_alternate, unsigned int *no_addresses) { - dns_adbaddrinfo_t *ai; - dns_adbfind_t *find; - dns_resolver_t *res; -@@ -3219,7 +3226,12 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, - find->result_v6 != DNS_R_NXDOMAIN) || - (res->dispatches6 == NULL && - find->result_v4 != DNS_R_NXDOMAIN))) -+ { - *need_alternate = true; -+ } -+ if (no_addresses != NULL) { -+ (*no_addresses)++; -+ } - } else { - if ((find->options & DNS_ADBFIND_OVERQUOTA) != 0) { - if (overquota != NULL) -@@ -3270,6 +3282,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - dns_rdata_ns_t ns; - bool need_alternate = false; - bool all_spilled = true; -+ unsigned int no_addresses = 0; - - FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth); - -@@ -3437,20 +3450,28 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - * Extract the name from the NS record. - */ - result = dns_rdata_tostruct(&rdata, &ns, NULL); -- if (result != ISC_R_SUCCESS) -+ if (result != ISC_R_SUCCESS) { - continue; -+ } - -- findname(fctx, &ns.name, 0, stdoptions, 0, now, -- &overquota, &need_alternate); -+ if (no_addresses > NS_FAIL_LIMIT && -+ dns_rdataset_count(&fctx->nameservers) > NS_RR_LIMIT) -+ { -+ stdoptions |= DNS_ADBFIND_NOFETCH; -+ } -+ findname(fctx, &ns.name, 0, stdoptions, 0, now, &overquota, -+ &need_alternate, &no_addresses); - -- if (!overquota) -+ if (!overquota) { - all_spilled = false; -+ } - - dns_rdata_reset(&rdata); - dns_rdata_freestruct(&ns); - } -- if (result != ISC_R_NOMORE) -+ if (result != ISC_R_NOMORE) { - return (result); -+ } - - /* - * Do we need to use 6 to 4? -@@ -3465,7 +3486,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) { - if (!a->isaddress) { - findname(fctx, &a->_u._n.name, a->_u._n.port, - stdoptions, FCTX_ADDRINFO_FORWARDER, -- now, NULL, NULL); -+ now, NULL, NULL, NULL); - continue; - } - if (isc_sockaddr_pf(&a->_u.addr) != family) -@@ -3827,16 +3827,14 @@ fctx_try(fetchctx_t *fctx, bool retrying, bool badcache) { - } - } - -- if (dns_name_countlabels(&fctx->domain) > 2) { -- result = isc_counter_increment(fctx->qc); -- if (result != ISC_R_SUCCESS) { -- isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, -- DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), -- "exceeded max queries resolving '%s'", -- fctx->info); -- fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); -- return; -- } -+ result = isc_counter_increment(fctx->qc); -+ if (result != ISC_R_SUCCESS) { -+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER, -+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3), -+ "exceeded max queries resolving '%s'", -+ fctx->info); -+ fctx_done(fctx, DNS_R_SERVFAIL, __LINE__); -+ return; - } - - bucketnum = fctx->bucketnum; diff --git a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch b/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch deleted file mode 100644 index d8769c45c..000000000 --- a/poky/meta/recipes-connectivity/bind/bind/CVE-2020-8617.patch +++ /dev/null @@ -1,29 +0,0 @@ -Upstream-Status: Backport [https://downloads.isc.org/isc/bind9/9.11.19/patches/CVE-2020-8617.patch] -CVE: CVE-2020-8617 -Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> ---- -diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c -index b597a18d49..6357a3a486 100644 ---- a/lib/dns/tsig.c -+++ b/lib/dns/tsig.c -@@ -1427,8 +1424,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, - goto cleanup_context; - } - msg->verified_sig = 1; -- } else if (tsig.error != dns_tsigerror_badsig && -- tsig.error != dns_tsigerror_badkey) { -+ } else if (!response || (tsig.error != dns_tsigerror_badsig && -+ tsig.error != dns_tsigerror_badkey)) -+ { - tsig_log(msg->tsigkey, 2, "signature was empty"); - return (DNS_R_TSIGVERIFYFAILURE); - } -@@ -1484,7 +1482,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg, - } - } - -- if (tsig.error != dns_rcode_noerror) { -+ if (response && tsig.error != dns_rcode_noerror) { - msg->tsigstatus = tsig.error; - if (tsig.error == dns_tsigerror_badtime) - ret = DNS_R_CLOCKSKEW; diff --git a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb b/poky/meta/recipes-connectivity/bind/bind_9.11.19.bb index 8f2d702dc..276173e09 100644 --- a/poky/meta/recipes-connectivity/bind/bind_9.11.13.bb +++ b/poky/meta/recipes-connectivity/bind/bind_9.11.19.bb @@ -3,7 +3,7 @@ HOMEPAGE = "http://www.isc.org/sw/bind/" SECTION = "console/network" LICENSE = "ISC & BSD" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=bf39058a7f64b2a934ce14dc9ec1dd45" DEPENDS = "openssl libcap zlib" @@ -18,12 +18,9 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \ file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \ file://0001-avoid-start-failure-with-bind-user.patch \ - file://CVE-2020-8616.patch \ - file://CVE-2020-8617.patch \ " -SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057" -SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d" +SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4 diff --git a/poky/meta/recipes-connectivity/libuv/libuv_1.34.2.bb b/poky/meta/recipes-connectivity/libuv/libuv_1.34.2.bb new file mode 100644 index 000000000..234cec37b --- /dev/null +++ b/poky/meta/recipes-connectivity/libuv/libuv_1.34.2.bb @@ -0,0 +1,19 @@ +SUMMARY = "A multi-platform support library with a focus on asynchronous I/O" +HOMEPAGE = "https://github.com/libuv/libuv" +BUGTRACKER = "https://github.com/libuv/libuv/issues" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47" + +SRCREV = "f868c9ab0c307525a16fff99fd21e32a6ebc3837" +SRC_URI = "git://github.com/libuv/libuv;branch=v1.x" + +S = "${WORKDIR}/git" + +inherit autotools + +do_configure() { + ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh" + oe_runconf +} + +BBCLASSEXTEND = "native" |