diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-26 08:33:31 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-26 08:33:45 +0300 |
commit | c68388fccb8c0b5bf4d6b8efff91203796be98b2 (patch) | |
tree | f2b3d0381b84be54f0fc03f24daf603d2a6cb95a /poky/meta/recipes-devtools/patch | |
parent | 665fd026517259031fd55bcfb2a9dab0d9f3582a (diff) | |
download | openbmc-c68388fccb8c0b5bf4d6b8efff91203796be98b2.tar.xz |
poky: subtree update:20946c63c2..c17113f1e2
Adrian Bunk (3):
shadow: musl now supports secure_getenv
kmod: Replace dolt hacks with backport of upstream dolt removal
btrfs-tools: Add a PACKAGECONFIG for zstd
Alexander Kanavin (12):
linux-yocto: add drm-bochs support
mesa: fix upstream version check
conf/conf-notes.txt: add a mention of common tools
conf/conf-notes.txt: add a mention of common tools
gtk-doc: upgrade 1.30 -> 1.31
desktop-file-utils: upgrade 0.23 -> 0.24
libdazzle: upgrade 3.32.2 -> 3.32.3
rt-tests: exclude another development version
vala: upgrade 0.44.5 -> 0.44.7
epiphany: upgrade 3.32.3 -> 3.32.4
libmodulemd: depend on target python at build time
createrepo-c: upgrade 0.14.3 -> 0.15.0
Alistair Francis (3):
qemu: Upgrade to version 4.1
scripts/runqemu: Add support for the BIOS variable
qemuriscv64: Specify the firmware as a bios instead of kernel
Anuj Mittal (2):
binutils: fix CVE-2019-14250 CVE-2019-14444
patch: backport fixes
Bruce Ashfield (6):
kernel-devsrc: tweak for v5.3+
kern-tools: Add SPDX license headers to source files
linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
kernel-yocto: import security fragments from meta-security
kconf_check: tweak CONFIG_ regex
linux-yocto/4.19: make drm-bochs feature available
Changqing Li (2):
dbus: disable test-bus
qemumips/qemumips64: move QB_SYSTEM_NAME to corresponding conf
Chen Qi (1):
target-sdk-provides-dummy: extend packages for multilib case
He Zhe (2):
ltp: Fix tgkill03 failure
ltp: Fix ustat02 failure
Hongxu Jia (3):
nfs-utils: decrease RLIMIT_NOFILE to 4k for systemd
distcc: upgrade 3.3.2 -> 3.3.3
ncurses: upgrade 6.1+20181013 -> 6.1+20190803
Jaewon Lee (1):
devtool: build: Also run deploy for devtool build if applicable
Jason Wessel (2):
cross-localedef-native: Add hardlink resolver from util-linux
libc-package.bbclass: Split locale hard link processing into two parts
Jon Mason (1):
resulttool: Prevent multiple results for the same test
Kai Kang (1):
webkitgtk: disable gold on mipsn32
Kevin Hao (1):
psplash: Avoid mount the psplash tmpfs twice
Khem Raj (10):
musl: Update to latest tip
systemd: Drop musl __secure_getenv patch
mesa: Add packageconfigs for vc4 and v3d
util-linux: Make pam specific logic apply to target recipe alone
systemd.bbclass: Limit rm_sysvinit_initddir and rm_systemd_unitdir to target alone
systemd: Refresh patch after removal of __secure_getenv patch
gcc-9: Upgrade to 9.2
gcc: Search in OE specific target gcclibdir
opensbi: Disable SECURITY_CFLAGS since it cant link with libssp
libffi: Upgrade to 3.3-rc0
Lei Maohui (2):
nativesdk-qemu: support aarch64_be.
at: fix a spelling mistake.
Mikko Rapeli (1):
stress-ng: provide stress
Mingli Yu (1):
python3: fix the test_locale output format
Oleksandr Kravchuk (8):
ffmpeg: update to 4.2
python-setuptools: update to 41.1.0
python3-scons: update to 3.1.1
ofono: update to 1.30
bitbake.conf: fix XORG_MIRROR URL
cups: update to 2.2.12
git: update to 2.23.0
python-setuptools: update to 41.2.0
Otavio Salvador (2):
linux-firmware: Upgrade 20190618 -> 20190815
kmscube: Bump revision to f632b23
Philippe Normand (1):
libtasn1: Enable nativesdk support
Ricardo Ribalda Delgado (1):
packagegroup-core-base-utils: Make it machine specific
Richard Purdie (7):
yocto-check-layer: Ensure we use OEBasicHash as the signature handler
package: Fix race between do_package and do_packagedata
bitbake: cookerdata: Delay the setup of the siggen slightly to allow metadata defined siggens
bitbake: runqueue: Small but critical fix
bitbake: runqueue: Optimise holdoff task handling
bitbake: runqueue: Further optimise holdoff tasks
bitbake: runqueue: Optimise build_taskdepdata slightly
Ross Burton (2):
systemd: add PACKAGECONFIG for gnu-efi
pango: upgrade to 1.44.5
Trevor Gamblin (2):
quilt: Export QUILT_PC variable in ptest Makefile
quilt: added less to RDEPENDS list
Wes Lindauer (5):
iw: Fix license field to BSD-2-Clause
openssh: Update LICENSE field with missing values
shadow: Fix BSD license file checksum
sudo: Fix BSD license file checksum
libunwind: Fix MIT license file checksum
Yuan Chao (1):
libnss-nis: upgrade 3.0 -> 3.1
Zang Ruochen (3):
acpid: upgrade 2.0.31 -> 2.0.32
lz4:upgrade 1.9.1 -> 1.9.2
python3-pip:upgrade 19.2.1 -> 19.2.2
Change-Id: I2068692bfdbbf18f892761a12f85e913b8212f3f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-devtools/patch')
3 files changed, 175 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch new file mode 100644 index 000000000..9891526e4 --- /dev/null +++ b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch @@ -0,0 +1,93 @@ +From 7f770b9c20da1a192dad8cb572a6391f2773285a Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Thu, 3 May 2018 14:31:55 +0200 +Subject: [PATCH 1/2] Don't leak temporary file on failed ed-style patch + +Now that we write ed-style patches to a temporary file before we +apply them, we need to ensure that the temporary file is removed +before we leave, even on fatal error. + +* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local + tmpname. Don't unlink the file directly, instead tag it for removal + at exit time. +* src/patch.c (cleanup): Unlink TMPEDNAME at exit. + +This closes bug #53820: +https://savannah.gnu.org/bugs/index.php?53820 + +Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + src/common.h | 2 ++ + src/pch.c | 12 +++++------- + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/common.h b/src/common.h +index ec50b40..22238b5 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -94,10 +94,12 @@ XTERN char const *origsuff; + XTERN char const * TMPINNAME; + XTERN char const * TMPOUTNAME; + XTERN char const * TMPPATNAME; ++XTERN char const * TMPEDNAME; + + XTERN bool TMPINNAME_needs_removal; + XTERN bool TMPOUTNAME_needs_removal; + XTERN bool TMPPATNAME_needs_removal; ++XTERN bool TMPEDNAME_needs_removal; + + #ifdef DEBUGGING + XTERN int debug; +diff --git a/src/pch.c b/src/pch.c +index 16e001a..c1a62cf 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char const *outname, + file_offset beginning_of_this_line; + size_t chars_read; + FILE *tmpfp = 0; +- char const *tmpname; + int tmpfd; + pid_t pid; + +@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname, + invalid commands and treats the next line as a new command, which + can lead to arbitrary command execution. */ + +- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); ++ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0); + if (tmpfd == -1) +- pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME)); ++ TMPEDNAME_needs_removal = true; + tmpfp = fdopen (tmpfd, "w+b"); + if (! tmpfp) +- pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME)); + } + + for (;;) { +@@ -2449,8 +2449,7 @@ do_ed_script (char const *inname, char const *outname, + write_fatal (); + + if (lseek (tmpfd, 0, SEEK_SET) == -1) +- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); +- ++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME)); + if (! dry_run && ! skip_rest_of_patch) { + int exclusive = *outname_needs_removal ? 0 : O_EXCL; + *outname_needs_removal = true; +@@ -2482,7 +2481,6 @@ do_ed_script (char const *inname, char const *outname, + } + + fclose (tmpfp); +- safe_unlink (tmpname); + + if (ofp) + { +-- +2.17.0 + diff --git a/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch new file mode 100644 index 000000000..d6a219a1b --- /dev/null +++ b/poky/meta/recipes-devtools/patch/patch/0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch @@ -0,0 +1,80 @@ +From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Mon, 7 May 2018 15:14:45 +0200 +Subject: Don't leak temporary file on failed multi-file ed-style patch + +The previous fix worked fine with single-file ed-style patches, but +would still leak temporary files in the case of multi-file ed-style +patch. Fix that case as well, and extend the test case to check for +it. + +* src/patch.c (main): Unlink TMPEDNAME if needed before moving to + the next file in a patch. + +This closes bug #53820: +https://savannah.gnu.org/bugs/index.php?53820 + +Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)") +Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch") + +Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727] +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + src/patch.c | 1 + + tests/ed-style | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+) + +diff --git a/src/patch.c b/src/patch.c +index 9146597..81c7a02 100644 +--- a/src/patch.c ++++ b/src/patch.c +@@ -236,6 +236,7 @@ main (int argc, char **argv) + } + remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal); + } ++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal); + + if (! skip_rest_of_patch && ! file_type) + { +diff --git a/tests/ed-style b/tests/ed-style +index 6b6ef9d..504e6e5 100644 +--- a/tests/ed-style ++++ b/tests/ed-style +@@ -38,3 +38,34 @@ EOF + check 'cat foo' <<EOF + foo + EOF ++ ++# Test the case where one ed-style patch modifies several files ++ ++cat > ed3.diff <<EOF ++--- foo +++++ foo ++1c ++bar ++. ++--- baz +++++ baz ++0a ++baz ++. ++EOF ++ ++# Apparently we can't create a file with such a patch, while it works fine ++# when the file name is provided on the command line ++cat > baz <<EOF ++EOF ++ ++check 'patch -e -i ed3.diff' <<EOF ++EOF ++ ++check 'cat foo' <<EOF ++bar ++EOF ++ ++check 'cat baz' <<EOF ++baz ++EOF +-- +cgit v1.0-41-gc330 + diff --git a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb index 8908910f7..5d7f55f8d 100644 --- a/poky/meta/recipes-devtools/patch/patch_2.7.6.bb +++ b/poky/meta/recipes-devtools/patch/patch_2.7.6.bb @@ -8,6 +8,8 @@ SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \ file://CVE-2019-13636.patch \ file://0001-Invoke-ed-directly-instead-of-using-the-shell.patch \ + file://0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch \ + file://0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch \ " SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600" |