poky: subtree update:26ae42ded7..5951cbcabe

Alex Kiernan (1): recipetool: Fix list concatenation when using edit Alexander Kanavin (4): apr-util: make gdbm optional gobject-introspection: add a patch to fix a build race icu: merge .inc into main recipe icu: make filtered data generation optional, serial and off by default Alexandru N. Onea (3): bitbake: perforce: add basic progress handler for perforce bitbake: perforce: add local path handling SRC_URI options bitbake: bitbake-user-manual: update perforce fetcher docs Andreas M?ller (1): meson.bbclass: avoid unexpected operating-system names Andreas Müller (6): boost: Add upstream patch to fix build on depending projects libinput: upgrade 1.15.5 -> 1.15.6 sqlite3: upgrade 3.32.2 -> 3.32.3 desktop-file-utils: upgrade 0.24 -> 0.26 file: upgrade 5.38 -> 5.39 ffmpeg: upgrade 4.2.3 -> 4.3 Andrej Valek (1): oeqa/runtime/cases/ptest: Make output content path absolute Andrew Geissler (1): meson: backport library ordering fix Armin Kuster (1): libuv: move from meta-oe to core for bind update Arthur She (1): igt-gpu-tools: add new package Changqing Li (1): mime.bbclass: fix post install scriptlet error Chen Qi (1): systemd-serialgetty: do not use BindsTo Daniel McGregor (3): sign_rpm.bbclass: ignore thread count systemd-conf: Accept MTU from DHCP buildhistory-collect-srcrevs: sort directories He Zhe (1): ltp: Fix copy_file_rang02 for 32-bit arches Hongxu Jia (1): libmodulemd: switch branch master -> main Jacob Kroon (5): bitbake: lib/bb/utils.py: Do not preserve TERM in the environment bitbake: bitbake-user-manual: Remove TERM from BB_HASHBASE_WHITELIST example bitbake.conf: Remove TERM from default BB_HASHBASE_WHITELIST grub: Remove native version of grub-efi distro_alias: Remove unused grub-efi distro aliases Jens Rehsack (1): u-boot: avoid blind merging all *.cfg Joe Slater (1): systemd: fix CVE-2020-13776 Joshua Watt (5): sstatesig: Account for all dataCaches being passed bitbake: bitbake: cache: Fix error message with bad multiconfig wic: Fix error message when reporting invalid offset classes/archiver: Create patched archive before configuring bitbake: cache: Bump cache version Konrad Weihmann (3): oeqa/runtime: Add OERequirePackage decorator bitbake: cookerdata: Add BBFILES_DYNAMIC inverse mode bitbake: bitbake-user-manual: Add BBFILES_DYNAMIC Mark Morton (2): New source files and Makefile update for Test Manual test-manual: Fixed codeblock formatting Martin Jansa (1): net-tools: backport a patch from upstream to use the same ifconfig format as debian/ubuntu Mingli Yu (3): python3: add the rdepends for python3-misc python3: add rdepends for python3-idle python3-dbusmock: add the missing rdepends Otavio Salvador (2): systemd: Sync systemd-serialgetty@.service with upstream mtd-utils: Fix return value of ubiformat Ovidiu Panait (2): dbus-test: Remove EXTRA_OECONF_X configs dbus,dbus-test: Move common parts to dbus.inc Paul Barker (2): bitbake: fetch2/gitsm: Mark srcrev as fetched once all submodules are processed bitbake: fetch2/gitsm: Make need_update() process submodules Paul Eggleton (5): graph-tool: switch to argparse graph-tool: add filter subcommand dpkg-native: rebase and reinstate fix for "tar: file changed as we read it" shadow-sysroot: drop unused SRC_URI checksums devtool: fix typo Peter Kjellerstedt (1): relocatable.bbclass: Avoid an exception if an empty pkgconfig dir exist Pierre-Jean Texier (3): diffoscope: upgrade 146 -> 147 ell: upgrade 0.31 -> 0.32 curl: upgrade 7.70.0 -> 7.71.0 Rasmus Villemoes (1): curl: add debug info Richard Purdie (15): buildhistory: Add simplistic file move detection bitbake: bin/bitbake: Update to next series release version perl: Fix host specific modules problems sanity.conf: Require bitbake 1.47.0 as the minimum version patchelf: Upgrade 0.10 -> 0.11 test-manual: Add SPDX license headers Makefile: Drop obsolete edison/denzil branch conditionals bitbake: tests/fetch: Switch from git.infradead.org to a YP mirror pseudo: Fix attr errors due to incorrect library resolution issues oeqa/selftest/runcmd: Add better debug for thread count mismatch failures oeqa/utils/command: Improve stdin handling in runCmd vulkan-headers: Fix upstream branch deletion issue recipes: Fix Upstream-Status Accepted -> Backport scripts/install-buildtools: Update to 3.2 M1 buildtools scripts/install-buildtools: Handle new format checksum files Robert P. J. Day (1): python: use official "pypi.org" URLs for HOMEPAGE Ross Burton (8): install-buildtools: fail if an error occurs install-buildtools: remove hardcoded x86-64 architecture install-buildtools: add option to disable checksum validation common-licenses: add BSD-2-Clause-Patent gstreamer1.0-plugins-bad: add support for vdpau go-binary-native: add binary Go to bootstrap tcmode-default: use go-binary-native by default go-native: merge bb/inc and add comment Ryan Rowe (1): python3: fix PGO for non-reproducible biniaries Sakib Sajal (1): qemu: uprev v4.2.0 -> v5.0.0 Samuli Piippo (2): cmake: allow chainloading of the toolchain file perl: use relative paths in the perl wrapper Steve Sakoman (1): buildtools-tarball: export OPENSSL_CONF in environment setup Tanu Kaskinen (1): pulseaudio: remove unnecessary libltdl copying Trevor Gamblin (1): python3-setuptools: patch entrypoints for faster initialization Tuomas Salokanto (1): recipetool: create: fix SRCBRANCH not being passed to params Valentin Longchamp (2): tools-profile: disable valgrind for powerpc soft-float valgrind: disable it for powerpc soft-float Wang Mingyu (5): powertop: upgrade 2.12 -> 2.13 man-db: upgrade 2.9.2 -> 2.9.3 valgrind: upgrade 3.16.0 -> 3.16.1 man-pages: upgrade 5.06 -> 5.07 harfbuzz: upgrade 2.6.7 -> 2.6.8 Yi Zhao (2): iptables: fix invalid symbolic link for ip6tables-apply iptables: split iptables-apply to its own package Yongxin Liu (1): linux-firmware: add ice for Intel E800 series driver Yuki Hoshino (1): sysvinit-inittab: Add support for tty devices with 10 or more number. akuster (9): bind: update to 9.11.19 adt-manual: Add SPDX license headers bsp-guide: Add SPDX license headers brief-yoctoprojectsqa: Add SPDX license headers dev-manual: Add SPDX License headers kernel-dev: Add SPDX license headers profile-manual: Add SPDX licence headers sdk-manual: Add SPDX license headers toaster-manaul: Add SPDX license headers haiqing (1): libpam: Remove option 'obscure' from common-password hongxu (1): kmod: add nativesdk support zangrc (1): ethtool:upgrade 5.6 -> 5.7 Signed-off-by: Andrew Geissler <geissonator@yahoo.com> Change-Id: I1190ca17297b1167286cfc06033e8485396c7cce
author: Andrew Geissler <geissonator@yahoo.com> 2020-06-27 08:28:28 +0300
committer: Andrew Geissler <geissonator@yahoo.com> 2020-06-27 08:32:13 +0300
commit: d25ed3241ddffad58c7a52e45e388e6c48d5123a (patch)
tree: b097477c5b9204689d35c06f5761b1767093b338 /poky/meta/recipes-core
parent: c87764fefff10735006a31fab72d76c243a3eb40 (diff)
download: openbmc-d25ed3241ddffad58c7a52e45e388e6c48d5123a.tar.xz
12 files changed, 160 insertions, 75 deletions
diff --git a/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb b/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb
index 0063dcce6..755c841ba 100644
--- a/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb
+++ b/poky/meta/recipes-core/dbus/dbus-test_1.12.18.bb
@@ -1,57 +1,31 @@
 SUMMARY = "D-Bus test package (for D-bus functionality testing only)"
 HOMEPAGE = "http://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
 
-DEPENDS = "dbus glib-2.0"
+require dbus.inc
 
-RDEPENDS_${PN}-dev = ""
+SRC_URI += "file://run-ptest \
+            file://python-config.patch \
+	    "
 
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
-           file://tmpdir.patch \
-           file://run-ptest \
-           file://python-config.patch \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-           "
+DEPENDS = "dbus glib-2.0"
 
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+RDEPENDS_${PN}-dev = ""
 
 S="${WORKDIR}/dbus-${PV}"
 FILESEXTRAPATHS =. "${FILE_DIRNAME}/dbus:"
 
-inherit autotools pkgconfig gettext ptest upstream-version-is-even
+inherit ptest
 
-EXTRA_OECONF_X = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '--with-x', '--without-x', d)}"
-EXTRA_OECONF_X_class-native = "--without-x"
-
-EXTRA_OECONF = "--enable-tests \
+EXTRA_OECONF += "--enable-tests \
                 --enable-modular-tests \
                 --enable-installed-tests \
                 --enable-checks \
                 --enable-asserts \
-                --enable-largefile \
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
                 --with-dbus-test-dir=${PTEST_PATH} \
-                ${EXTRA_OECONF_X} \
                 --enable-embedded-tests \
              "
 
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
-PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
-
 do_install() {
     :
 }
diff --git a/poky/meta/recipes-core/dbus/dbus.inc b/poky/meta/recipes-core/dbus/dbus.inc
new file mode 100644
index 000000000..3bdb7ea4f
--- /dev/null
+++ b/poky/meta/recipes-core/dbus/dbus.inc
@@ -0,0 +1,34 @@
+inherit autotools pkgconfig gettext upstream-version-is-even
+
+LICENSE = "AFL-2.1 | GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
+                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
+           file://tmpdir.patch \
+           file://dbus-1.init \
+           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+"
+
+SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
+SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
+
+EXTRA_OECONF = "--disable-xml-docs \
+                --disable-doxygen-docs \
+                --disable-libaudit \
+                --enable-largefile \
+                --with-system-socket=/run/dbus/system_bus_socket \
+                "
+EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
+EXTRA_OECONF_append_class-native = " --disable-selinux"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
+                   user-session \
+                  "
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
+PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
+PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+PACKAGECONFIG[verbose-mode] = "--enable-verbose-mode,,,"
diff --git a/poky/meta/recipes-core/dbus/dbus_1.12.18.bb b/poky/meta/recipes-core/dbus/dbus_1.12.18.bb
index 2fcb3079a..cf6f7dc0e 100644
--- a/poky/meta/recipes-core/dbus/dbus_1.12.18.bb
+++ b/poky/meta/recipes-core/dbus/dbus_1.12.18.bb
@@ -2,9 +2,9 @@ SUMMARY = "D-Bus message bus"
 DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a \"single instance\" application or daemon, and to launch applications and daemons on demand when their services are needed."
 HOMEPAGE = "https://dbus.freedesktop.org"
 SECTION = "base"
-LICENSE = "AFL-2.1 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-                    file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
+
+require dbus.inc
+
 DEPENDS = "expat virtual/libintl autoconf-archive"
 RDEPENDS_dbus_class-native = ""
 RDEPENDS_dbus_class-nativesdk = ""
@@ -12,16 +12,7 @@ PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest', '',
 ALLOW_EMPTY_dbus-ptest = "1"
 RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"
 
-SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
-           file://tmpdir.patch \
-           file://dbus-1.init \
-           file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
-"
-
-SRC_URI[md5sum] = "4ca570c281be35d0b30ab83436712242"
-SRC_URI[sha256sum] = "64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306"
-
-inherit useradd autotools pkgconfig gettext update-rc.d upstream-version-is-even
+inherit useradd update-rc.d
 
 INITSCRIPT_NAME = "dbus-1"
 INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
@@ -92,27 +83,7 @@ pkg_postinst_dbus() {
 }
 
 
-EXTRA_OECONF = "--disable-tests \
-                --disable-xml-docs \
-                --disable-doxygen-docs \
-                --disable-libaudit \
-                --enable-largefile \
-                --with-system-socket=/run/dbus/system_bus_socket \
-                "
-
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-EXTRA_OECONF_append_class-native = " --disable-selinux"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)} \
-                   user-session \
-                  "
-
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir},--disable-systemd --without-systemdsystemunitdir,systemd"
-PACKAGECONFIG[x11] = "--with-x --enable-x11-autolaunch,--without-x --disable-x11-autolaunch, virtual/libx11 libsm"
-PACKAGECONFIG[user-session] = "--enable-user-session --with-systemduserunitdir=${systemd_user_unitdir},--disable-user-session"
+EXTRA_OECONF += "--disable-tests"
 
 do_install() {
 	autotools_do_install
diff --git a/poky/meta/recipes-core/ell/ell_0.31.bb b/poky/meta/recipes-core/ell/ell_0.32.bb
index 1db7131ab..07dc4d4cb 100644
--- a/poky/meta/recipes-core/ell/ell_0.31.bb
+++ b/poky/meta/recipes-core/ell/ell_0.32.bb
@@ -14,8 +14,7 @@ DEPENDS = "dbus"
 inherit autotools pkgconfig
 
 SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "3f670230be4d89d621b0508c70b1d36b"
-SRC_URI[sha256sum] = "ae88617275452f9f5840b2365e33e6c7fb6fa3405d42cbf9367de642ee8b6701"
+SRC_URI[sha256sum] = "42fdb9e24ff561a101389d51445cab1ff7d55f5385dc22a05b0493088cf99e30"
 
 do_configure_prepend () {
     mkdir -p ${S}/build-aux
diff --git a/poky/meta/recipes-core/meta/buildtools-tarball.bb b/poky/meta/recipes-core/meta/buildtools-tarball.bb
index c49802eef..d0f8dd7d7 100644
--- a/poky/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/poky/meta/recipes-core/meta/buildtools-tarball.bb
@@ -74,6 +74,7 @@ create_sdk_files_append () {
 	toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS}
 
 	echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
+	echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script
 	echo 'export OPENSSL_CONF="${SDKPATHNATIVE}${sysconfdir}/ssl/openssl.cnf"' >>$script
 
 	if [ "${SDKMACHINE}" = "i686" ]; then
diff --git a/poky/meta/recipes-core/meta/wic-tools.bb b/poky/meta/recipes-core/meta/wic-tools.bb
index 8aeb942ed..3e7d0ed48 100644
--- a/poky/meta/recipes-core/meta/wic-tools.bb
+++ b/poky/meta/recipes-core/meta/wic-tools.bb
@@ -4,7 +4,7 @@ LICENSE = "MIT"
 
 DEPENDS = "\
            parted-native syslinux-native gptfdisk-native dosfstools-native \
-           mtools-native bmap-tools-native grub-efi-native cdrtools-native \
+           mtools-native bmap-tools-native grub-native cdrtools-native \
            btrfs-tools-native squashfs-tools-native pseudo-native \
            e2fsprogs-native util-linux-native tar-native\
            "
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
index ac180b542..8aed1e845 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
@@ -61,6 +61,7 @@ VALGRIND_armv6 = ""
 VALGRIND_armeb = ""
 VALGRIND_aarch64 = ""
 VALGRIND_riscv64 = ""
+VALGRIND_powerpc = "${@bb.utils.contains('TARGET_FPU', 'soft', '', 'valgrind', d)}"
 VALGRIND_linux-gnux32 = ""
 VALGRIND_linux-gnun32 = ""
 
diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
index ff807ba31..dcf353459 100644
--- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network
+++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
@@ -6,5 +6,6 @@ KernelCommandLine=!nfsroot
 DHCP=yes
 
 [DHCP]
+UseMTU=yes
 RouteMetric=10
 ClientIdentifier=mac
diff --git a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
index 15af16a9f..549d56600 100644
--- a/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
+++ b/poky/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
@@ -1,3 +1,5 @@
+#  SPDX-License-Identifier: LGPL-2.1+
+#
 #  This file is part of systemd.
 #
 #  systemd is free software; you can redistribute it and/or modify it
@@ -11,7 +13,7 @@ Documentation=man:agetty(8) man:systemd-getty-generator(8)
 Documentation=http://0pointer.de/blog/projects/serial-console.html
 PartOf=dev-%i.device
 ConditionPathExists=/dev/%i
-After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service
+After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
 After=rc-local.service
 
 # If additional gettys are spawned during boot then we should make
@@ -20,12 +22,17 @@ After=rc-local.service
 Before=getty.target
 IgnoreOnIsolate=yes
 
+# IgnoreOnIsolate causes issues with sulogin, if someone isolates
+# rescue.target or starts rescue.service from multi-user.target or
+# graphical.target.
+Conflicts=rescue.service
+Before=rescue.service
+
 [Service]
 Environment="TERM=xterm"
 ExecStart=-/sbin/agetty -8 -L %I @BAUDRATE@ $TERM
 Type=idle
 Restart=always
-RestartSec=0
 UtmpIdentifier=%I
 TTYPath=/dev/%I
 TTYReset=yes
diff --git a/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
new file mode 100644
index 000000000..7b5e3e7f7
--- /dev/null
+++ b/poky/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch
@@ -0,0 +1,96 @@
+From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 31 May 2020 18:21:09 +0200
+Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group
+ numbers
+
+We would parse numbers with base prefixes as user identifiers. For example,
+"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
+interpreted as UID==1000. This parsing was used also in cases where either a
+user/group name or number may be specified. This means that names like
+0x2b3bfa0 would be ambiguous: they are a valid user name according to our
+documented relaxed rules, but they would also be parsed as numeric uids.
+
+This behaviour is definitely not expected by users, since tools generally only
+accept decimal numbers (e.g. id, getent passwd), while other tools only accept
+user names and thus will interpret such strings as user names without even
+attempting to convert them to numbers (su, ssh). So let's follow suit and only
+accept numbers in decimal notation. Effectively this means that we will reject
+such strings as a username/uid/groupname/gid where strict mode is used, and try
+to look up a user/group with such a name in relaxed mode.
+
+Since the function changed is fairly low-level and fairly widely used, this
+affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
+the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
+etc.
+
+Fixes #15985.
+---
+ src/basic/user-util.c     |  2 +-
+ src/test/test-user-util.c | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 ---
+
+
+Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e
+
+CVE: CVE-2020-13776
+
+Upstream-Status: Backport [https://github.com/systemd/systemd.git]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+
+--- git.orig/src/basic/user-util.c
++++ git/src/basic/user-util.c
+@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret)
+         assert(s);
+ 
+         assert_cc(sizeof(uid_t) == sizeof(uint32_t));
+-        r = safe_atou32(s, &uid);
++        r = safe_atou32_full(s, 10, &uid);
+         if (r < 0)
+                 return r;
+ 
+--- git.orig/src/test/test-user-util.c
++++ git/src/test/test-user-util.c
+@@ -48,9 +48,19 @@ static void test_parse_uid(void) {
+ 
+         r = parse_uid("65535", &uid);
+         assert_se(r == -ENXIO);
++        assert_se(uid == 100);
++
++        r = parse_uid("0x1234", &uid);
++        assert_se(r == -EINVAL);
++        assert_se(uid == 100);
++
++        r = parse_uid("01234", &uid);
++        assert_se(r == 0);
++        assert_se(uid == 1234);
+ 
+         r = parse_uid("asdsdas", &uid);
+         assert_se(r == -EINVAL);
++        assert_se(uid == 1234);
+ }
+ 
+ static void test_uid_ptr(void) {
+--- git.orig/src/basic/parse-util.h
++++ git/src/basic/parse-util.h
+@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha
+ 
+ int safe_atoi16(const char *s, int16_t *ret);
+ 
+-static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) {
+         assert_cc(sizeof(uint32_t) == sizeof(unsigned));
+-        return safe_atou(s, (unsigned*) ret_u);
++        return safe_atou_full(s, base, (unsigned*) ret_u);
++}
++
++static inline int safe_atou32(const char *s, uint32_t *ret_u) {
++        return safe_atou32_full(s, 0, (unsigned*) ret_u);
+ }
+ 
+ static inline int safe_atoi32(const char *s, int32_t *ret_i) {
diff --git a/poky/meta/recipes-core/systemd/systemd_245.6.bb b/poky/meta/recipes-core/systemd/systemd_245.6.bb
index ece422098..b6681b206 100644
--- a/poky/meta/recipes-core/systemd/systemd_245.6.bb
+++ b/poky/meta/recipes-core/systemd/systemd_245.6.bb
@@ -20,6 +20,7 @@ SRC_URI += "file://touchscreen.rules \
            file://99-default.preset \
            file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \
            file://0003-implment-systemd-sysv-install-for-OE.patch \
+           file://CVE-2020-13776.patch \
            "
 
 # patches needed by musl
diff --git a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty
index 96fd6cfcf..dfa799ada 100644
--- a/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty
+++ b/poky/meta/recipes-core/sysvinit/sysvinit-inittab/start_getty
@@ -11,7 +11,7 @@
 active_serial=$(grep "serial" /proc/tty/drivers | cut -d/ -f1 | sed "s/ *$//")
 
 # Rephrase input parameter from ttyS target index (ttyS1, ttyS2, ttyAMA0, etc).
-runtime_tty=$(echo $2 | grep -oh '[0-9]')
+runtime_tty=$(echo $2 | grep -oh '[0-9]\+')
 
 # busybox' getty does this itself, util-linux' agetty needs extra help
 getty="/sbin/getty"
@@ -36,7 +36,7 @@ for line in $active_serial; do
         then
 		# Remove all unknown entries and discard the first line (desc).
 		activetty=$(grep -v "unknown" "/proc/tty/driver/$line" \
-			    | tail -n +2 | grep -oh "^\s*\S*[0-9]")
+			    | tail -n +2 | grep -oh "^\s*\S*[0-9]\+")
 		for active in $activetty; do
 			# If indexes do match then enable the serial console.
 			if [ $active -eq $runtime_tty ]
author	Andrew Geissler <geissonator@yahoo.com>	2020-06-27 08:28:28 +0300
committer	Andrew Geissler <geissonator@yahoo.com>	2020-06-27 08:32:13 +0300
commit	d25ed3241ddffad58c7a52e45e388e6c48d5123a (patch)
tree	b097477c5b9204689d35c06f5761b1767093b338 /poky/meta/recipes-core
parent	c87764fefff10735006a31fab72d76c243a3eb40 (diff)
download	openbmc-d25ed3241ddffad58c7a52e45e388e6c48d5123a.tar.xz