diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-19 20:50:42 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-19 20:52:00 +0300 |
| commit | 96ff1984133494bf6a3451ddeb7f14548d3697e1 (patch) | |
| tree | f2c9093a4ddffe5fb78f5dccbba36fac85603f37 /poky/meta/recipes-devtools | |
| parent | fd4f7537ebeee494d4dd91b7438ed9512eeda303 (diff) | |
| download | openbmc-96ff1984133494bf6a3451ddeb7f14548d3697e1.tar.xz | |
subtree updates
poky: 67266331b0..835f7eac06:
Adrian Bunk (9):
valgrind: Remove dependency on libx11
bluez5: Remove obsolete dependency on dbus-glib
python3-dbus: Remove obsolete dependency on dbus-glib
cups: Remove unnecessary dependency on dbus-glib
libnotify: Remove obsolete dependency on dbus-glib
unfs3: Switch to new upstream location
i2c-tools: Add alternative for i2ctransfer
meta: Remove remnants of bluez4 support
e2fsprogs: Remove patch that disabled 64bit for ext4 by default
Adrian Freihofer (1):
yocto-bsp: runqemu runs beaglebone-yocto
Adrian Ratiu (1):
opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIR
Alejandro del Castillo (1):
opkg: upgrade to version 0.4.1
Alexander Kanavin (3):
rt-tests: exclude 1.4 version from upstream check as well
gtk-doc: correct the style.css permissions
mobile-broadband-provider-info: upgrade 20190116 -> 20190618
Alistair Francis (7):
mesa: Add support for the lima PACKAGECONFIG
u-boot: Update to 2019.07
packagegroup-core-sdk: Set blank sanitiser for RISC-V 32
opensbi: Update from 0.3 to 0.4
opensbi: Fix installed-vs-shipped warning
qemurunner.py: Be more verbose about problems
package_manager: Ensure the base-feed directory exists
Andrej Valek (2):
busybox: 1.30.1 -> 1.31.0
oe/copy_buildsystem: move layer into layers directory
Anuj Mittal (25):
gstreamer1.0-plugins-bad: depend on vulkan-loader now
vulkan-demos: depend on vulkan-loader
vulkan: remove
binutils: fix CVE-2019-12972 CVE-2019-9071
gnupg: upgrade 2.2.16 -> 2.2.17
libxslt: fix CVE-2019-13117 CVE-2019-13118
libva: upgrade 2.4.1 -> 2.5.0
libva-utils: upgrade 2.4.0 -> 2.5.0
nasm: fix CVE-2018-19755
python: fix CVE-2019-9740
python3: upgrade 3.7.3 -> 3.7.4
binutils: CVE-2019-9070 is same as CVE-2019-9071
qemu: fix CVE-2019-12155
bzip2: upgrade 1.0.7 -> 1.0.8
glib-2.0: upgrade 2.60.4 -> 2.60.5
vte: upgrade 0.56.1 -> 0.56.3
openssl: set CVE vendor to openssl
curl: upgrade 7.65.1 -> 7.65.2
rsync: fix CVEs for included zlib
glibc: CVE-2018-20796 is same as CVE-2019-9169
unzip: fix CVE-2019-13232
python: include CVE patches for python-native as well
gdb: fix CVE-2017-9778
iptables: upgrade 1.8.2 -> 1.8.3
piglit: fix SRC_URI
Armin Kuster (1):
timezone: update to 2019b
Bonnans, Laurent (1):
openssl: fix valgrind errors on v1.1.1c
Bruce Ashfield (5):
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
linux-yocto/5.0: make scsi-debug include scsi core configs
linux-yocto: bsp/beaglebone: support qemu -machine virt
linux-yocto/4.19: update to 4.19.57 and -rt22
package: check PKG_ variables before executing ontarget postinst
CHerzig@Gauselmann.de (1):
bitbake: fetch2/clearcase: Fix class import errors
Changqing Li (5):
quilt: run-ptest remove Interactive Input
mdadm: fix systemd service start up failure
mdam: fix mdmonitor start up failure
opkg: make ptest output format align with common style
mdadm: make ptest output format align with common style
Chee Yang Lee (1):
wic: add support for kernel with initramfs bundled
Chen Qi (13):
target-sdk-provides-dummy: add libperl.so.5 64bit
devtool: warn user about multiple layer having the same base name
image.bbclass: fix systemd_preset_all
devtool.py: track to clean devtool.conf in test_create_workspace
grub-efi.bbclass: take into consideration of multilib
sysstat: use service file from source codes
xmlcatalog: hold libxml2-native dependency
oeqa/runtime/rpm: ensure no user process running before deleting user
oeqa/runtime/rpm: Move test_rpm_query_nonroot test case to RpmBasicTest
qemurunner.py: fix race condition at qemu startup
msmtp: use alternatives to manage /usr/lib/sendmail
runtime_test.py: use track_for_cleanup for temp dir
devtool: remove temp dir in upgrade
Fabio Berton (1):
mesa: Update 19.1.0 -> 19.1.1
Haiqing Bai (1):
sysstat: Use sysstat.service in source for cron with systemd
He Zhe (1):
ltp: file01: Fix in was not recognized
Hongzhi.Song (3):
ltp: fix shmctl01 failure when executed.
ltp: diotest4: Let kernel pick an address when calling mmap
ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32
Jason Wessel (5):
glibc: Fix multilibs + usrmerge builds
psmisc: Fix dependency for USE_NLS=no
glibc-locale: Fix build error with PACKAGE_NO_GCONV = "1"
glibc/glibc-locale: Fix do_stash_locale to work with usrmerge and multilibs
glibc / glibc-locale: Fix stash_locale determinism problems
Joe Slater (1):
libtool: remove host information from libtool
Jon Mason (1):
oe_syslog.py: Handle syslogd/klogd restart race
Joshua Watt (5):
python3: Fix .pyc file reproduciblility
oeqa: Test bitbake --skip-setsecene
bitbake: bitbake: Add --skip-setscene option
classes/icecc: Disable remote pre-processing by default
scripts/buildstats-diff: Add option to filter tasks
Joël Esponde (1):
package.bbclass: fix directories setuid and setgid bits
Jun Nie (1):
kernel-fitimage: uboot-sign: fix missing signature
Kai Kang (4):
rng-tools: fix rngd blocks system shutdown
openssl: fix multilib files conflict
webkitgtk: set incomptible with tune mips
defaultsetup.conf: enable select init manager
Khem Raj (10):
efibootmgr: Pass correct flags to compiler from pkg-config
mpeg2dec: Fix PIE build and avoid relocation in text section on ARM
Revert "unzip: fix CVE-2019-13232"
musl: Upgrade to 1.1.23+
mdadm: Include sys/sysmacros.h for major/minor definitions
sysvinit: Include sys/sysmacros.h for major/minor definitions on musl too
pam_systemd: Include missing.h for secure_getenv
musl-obstack: Add recipe
elfutils: Fix eu-* utils builds for musl
maintainers: Account for musl-obstack and libssp-nonshared
Li Zhou (2):
bc: dc: fix exit code of q command
iptables: Security Advisory - iptables - CVE-2019-11360
Luca Boccassi (1):
bitbake: tests/fetch.py: add missing skipIfNoNetwork tags to tests that try to git clone
Matthias Schiffer (1):
systemd: backport patch to fix sysctl warning on boot
Mike Crowe (4):
bitbake.conf: Stop exporting TARGET_ flags variables
image.bbclass: Only append to IMAGE_LINK_NAME if it was already set
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifest
rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_data
Mikko Rapeli (3):
busybox: enable unicode support
cve-check.bbclass: initialize to_append
freetype: add --tag CC to libtool arguments
Mingli Yu (2):
go.bbclass: separate the ptest logic to go-ptest class
mdadm: fix ptest hang
Oleksandr Kravchuk (34):
mc: update to 4.8.23
encodings: update to 1.0.5
gawk: update to 5.0.1
libinput: update to 1.13.3
libxi: update to 1.7.10
libxt: update to 1.2.0
autoconf-archive: update to 2019.01.06
python3-mako: update to 1.0.12
python3-pbr: update to 5.3.1
python3-pygobject: update to 3.32.2
git: update to 2.22.0
eudev: update to 3.2.8
babeltrace: update to 1.5.7
dpkg: update to 1.19.7
apt: update to 1.2.31
libinput: update to 1.13.4
expat: update to 2.2.7
libsolf: update to 0.7.5
bison: update to 3.4.1
ruby: update to 2.5.5
quilt: update to 0.66
bzip2: update to 1.0.7
python3-mako: update to 1.0.13
ifupdown: update to 0.8.22
libdrm: update to 2.4.99
python3-pbr: update to 5.4.0
linux-firmware: bump to 20190618
iproute2: update to 5.2.0
udev-extraconf: do not mount swap partitions
python3-pbr: update to 5.4.1
xinput: update to 1.6.3
python3-scons: update to 3.1.0
python3-docutils: update to 0.15
python3-mako: update to 1.0.14
Pascal Bach (1):
cmake: 3.14.1 -> 3.14.5
Paul Eggleton (7):
libcap-ng: do not use symlink to share files with libcap-ng-python
scripts/contrib/ddimage: fix typo
scripts/contrib/ddimage: replace blacklist with mount check
scripts/contrib/ddimage: be explicit whether device doesn't exist or isn't writeable
list-packageconfig-flags: print PN instead of P
recipetool: ignore zero-length setup.py files
devtool: upgrade: fix handling of errors parsing upgraded recipe
Peter Kjellerstedt (4):
glib-2.0: Update to 2.60.4
glibc-package.inc: Do not use bitbake variable syntax for shell variables
meson.bbclass: Remove the MESON_*_ARGS variables
nativesdk-meson: Remove some unused variables
Pierre Le Magourou (10):
cve-update-db: Use std library instead of urllib3
cve-update-db: Manage proxy if needed.
cve-update-db: do_populate_cve_db depends on do_fetch
cve-update-db: Catch request.urlopen errors.
cve-check: Depends on cve-update-db-native
cve-update-db: Use NVD CPE data to populate PRODUCTS table
cve-check: Update unpatched CVE matching
cve-update-db-native: Skip recipe when cve-check class is not loaded.
cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
cve-update-db-native: Remove hash column from database.
Ricardo Ribalda Delgado (4):
nfs-mountd: Add missing dependency on systemd service
systemd: Fix interface bring-up on kernels >= 5.2
wic: Fix (again) partition files UIDs on multi rootfs images
systemd-bootconf: Mark as machine specific
Ricardo Salveti (1):
gcc-9.1: add back GLIBC_DYNAMIC_LINKER riscv changes
Richard Purdie (58):
multilib_global: Fix multilib rebuild issue
multilib_global: Fix KERNEL_VERSION expansion problems
sysklogd: Fix init script races
busybox: Improve syslog restart handling
oeqa/runtime/syslog: Improve test debug messages
oeqa/runtime/oesyslog: systemd syslog restart doesn't change pid
oeqa/runtime/syslog: Add delay to test to avoid failures
busybox: Fix typo in syslog initscript
pigz: Add debug for autobuilder errors
staging: Code cleanup
package: Build pkgdata specific to the current recipe
Revert "pigz: Add debug for autobuilder errors"
grub2: Drop unneeded code
bitbake: event: Clear ui_queue after handling it
bitbake: main: Ensure log messages are printed when no UI starts
bitbake: main: Alter EOFError handling
core-image-sato-sdk-ptest: Reduce image padding size due to bootimg 4GB limit
oeqa/bbtests: Tweak test bitbake output pattern matching
sstate: Add tweak to avoid multiple sstate stats messages
bitbake: siggen: Fix default handler
bitbake: siggen: Use unique hashes for tasks
bitbake: runqueue: Tweak buildable variable handling in scheduler
bitbake: runqueue: Drop unused BB_SETSCENE_VERIFY_FUNCTION2
bitbake: runqueue: Remove now uneeded code
bitbake: runqueue: Move scenequeue data generation to a separate function
bitbake: runqueue: Remove unused function parameter
bitbake: runqueue: Factor out the process_setscene_whitelist checks
bitbake: runqueue: Uniquely namespace the scenequeue functions
bitbake: runqueue: Merge stats handling together for setscene/real tasks
bitbake: runqueue: Merge scenequeue and real task queue code together
bitbake: runqueue: Fix counter/task updating glitch
bitbake: runqueue: Remove RunQueueExecuteScenequeue and RunQueueExecuteTasks
bitbake: runqueue: Simplify _execute_runqueue logic
bitbake: runqueue: Fold remains of the scenequeue setup into RunQueueExecute
bitbake: event/runqueue: Drop StampUpdate event, its pointless/unused
bitbake: runqueue: Add covered_tasks (or 'collated_deps') to scenequeue data
bitbake: runqueue: Simplify scenequeue unskippable calculation
bitbake: runqueue: Tweak comments and debug code
bitbake: runqueue: Code simplification
bitbake: runqueue: Remove pointless variable
bitbake: runqueue: Further scheduler buildable tasks cleanup
bitbake: runqueue: Clarify scenequeue_covered vs. tasks_covered
bitbake: runqueue: Merge the queues and execute setscene and normal tasks in parallel
bitbake: runqueue: Alter setscenewhitelist handling
bitbake: runqueue: Complete the merge of scenequeue and normal task execution
bitbake: tests: Add initial scenario based test for runqueue
bitbake: uihelper: No longer listen to scenequeue task started
bitbake: runqueue: Simplify some convoluted logic
bitbake: runqueue: Whitespace fix
bitbake: runqueue: Abstract hash verification function
bitbake: runqueue: Optimise multiconfig with overlapping setscene
bitbake: tests/runqueue: Allow common sstate tasks to become valid
bitbake: runqueue: Fix non setscene tasks targets being lost
staging: Drop clean_recipe_sysroot
poky-lsb: Drop features already in poky
poky-lsb: Drop libx11 PREFERRED_PROVIDER
distro/include: Add poky-distro-alt-test-config.inc
bitbake: siggen: Fix handling of tainted sig files
Robert Yang (13):
update-alternatives.bbclass: run update-alternatives firstly in postinst script
busybox: make postinst run firstly before update-alternatives
multilib.bbclass: Reduce ALTERNATIVE_PRIORITY for extended recipes
bitbake: bitbake: lib: Cleanup /usr/bin/env python
bitbake: bitbake: toaster:tests: python -> python3
ksum.py: python -> python3
wic: python2 -> python3
ext-sdk-prepare.py: python2 -> python3
oeqa: Cleanup /usr/bin/env python
package_rpm.bbclass: python2 -> python3
bitbake: cache: Remove duplicated lines for provides and rprovides
bitbake: cache: Set packages for skipped recipes
bitbake: cache: Create a symlink for current cachefile
Ross Burton (56):
cve-check: be idiomatic
gtk-icon-cache: rename intercept to update_gtk_icon_cache
fortran-helloworld: add a very dumb Fortran Hello World for testing
oeqa/buildoptions: check that Fortran code actually cross-compiles
buildhistory: write the contents of the sysroot
buildhistory: report sysroot changes
perl: fix Upstream-Status tags
efivar: ensure that target security flags are not used to build native code
multilib_script: fix whitespace
buildhistory_analysis: ignore ownership for sysroot diffs
insane: use clean_path for the host contamination warnings
libsndfile1: disable use of sqlite3 by default
libsndfile1: remove redundant autoconf seeding
buildhistory: don't output ownership for the sysroot
buildhistory: filter out the unexpected prefix for native/cross sysroots
alsa-utils: disable tools using GTK+2
packagegroup-core-lsb: remove GTK+
recipetool: add MD5 hash for the line-wrapped MPL-1.1 license
oeqa/recipetool: change the CMake test to use taglib
gtk+: remove GTK+ 2
gnome-themes-standard: remove
Revert "sysstat: use service file from source codes"
libpsl: update Upstream-Status
grub: build with python 3
qemu: use Python 3 to build
ninja: use Python 3
conf/poky: add debian-10 to the supported distribution list
tiff: remove redundant patch
tiff: fix CVE-2019-6128
tiff: fix CVE-2019-7663
cve-check: remove redundant readline CVE whitelisting
cve-check-tool: remove
glibc: exclude child recipes from CVE scanning
libid3tag: CVE-2017-11551 is the same as CVE-2004-2779
libid3tag: handle unknown encodings (CVE-2017-11550)
subversion: set CVE vendor to Apache
boost: set CVE vendor to Boost
git: set CVE vendor to git-scm
ed: set CVE vendor to avoid false positives
cve-check: allow comparison of Vendor as well as Product
flex: set CVE_PRODUCT to include vendor
cve-update-db-native: use SQL placeholders instead of format strings
xkeyboard-config: remove redundant intltool dependency
piglit: upgrade to latest revision
pkgconf: upgrade 1.6.1 -> 1.6.3
conf/poky: add Fedora 30 and Opensuse Leap 15.1 to supported distributions
cve-update-db-native: use os.path.join instead of +
cve-update-db: actually inherit native
cve-update-db-native: use executemany() to optimise CPE insertion
cve-update-db-native: improve metadata parsing
cve-update-db-native: clean up JSON fetching
freetype: upgrade to 2.10.1
unfs3: set upstream tag regex to avoid false-positives
meson.bbclass: export STRIP=${BUILD_STRIP}
ffmpeg: don't use hardcoded lookup tables
ffmpeg: upgrade to 4.1.4
Sai Hari Chandana Kalluri (3):
devtool/standard.py: Update devtool modify to copy source from work-shared if its already downloaded
devtool/standard.py: Create a copy of kernel source within work-shared if not present
devtool: provide support for devtool menuconfig command
Scott Rifenbark (5):
overview-manual: Fixed manual history table
sdk-manual: Updated devtool to talk about oe-local-files.
dev-manual: Provided proper link title
ref-manual: Fixed typo for BBMULTICONFIG variable.
ref-manual: Removed "python2" mention in example.
Stefan Agner (1):
psplash: create psplash tmpfs mount directory in psplash-init
Tim Orling (3):
vulkan-headers: add recipe
vulkan-loader: add recipe
vulkan-tools: add recipe
Ulrich Ölmann (1):
squashfs-tools: upgrade to commit f95864afe883
William Bourque (2):
wic/plugins: Source that support both EFI and BIOS
meta/lib/oeqa: Test for bootimg-biosplusefi Source
Yi Zhao (2):
debianutils: upgrade 4.8.6.1 -> 4.8.6.3
ltp: upgrade 20190115 -> 20190517
Zang Ruochen (9):
nss: upgrade 3.44 -> 3.44.1
util-linux:upgrade 2.33.2 -> 2.34
librepo:upgrade 1.10.3 -> 1.10.4
sqlite3: Upgrade 3.28.0 -> 3.29.0
nss: Upgrade 3.44.1 -> 3.45
xauth:upgrade 1.0.10 -> 1.1
libice:upgrade 1.0.9 -> 1.0.10
xwininfo:upgrade 1.1.4 -> 1.1.5
libpciaccess:upgrade 0.14 -> 0.16
meta-phosphor: fe8cee7488..601f253a66:
Brad Bishop (1):
meta-phosphor: systemd: remove upstreamed patches
Change-Id: If591144821cd2e5b990a7aa49a1cf426f6a906de
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-devtools')
89 files changed, 1634 insertions, 1574 deletions
diff --git a/poky/meta/recipes-devtools/apt/apt-native_1.2.24.bb b/poky/meta/recipes-devtools/apt/apt-native_1.2.31.bb index 5b16b503d..5b16b503d 100644 --- a/poky/meta/recipes-devtools/apt/apt-native_1.2.24.bb +++ b/poky/meta/recipes-devtools/apt/apt-native_1.2.31.bb diff --git a/poky/meta/recipes-devtools/apt/apt.inc b/poky/meta/recipes-devtools/apt/apt.inc index 842c30240..b855099e5 100644 --- a/poky/meta/recipes-devtools/apt/apt.inc +++ b/poky/meta/recipes-devtools/apt/apt.inc @@ -15,8 +15,8 @@ SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/${BPN}/${P file://0001-apt-1.2.12-Fix-musl-build.patch \ file://0001-Include-array.h-for-std-array.patch \ " -SRC_URI[md5sum] = "ce8f9ab11f4fd0a08ec73eaffd75c8f0" -SRC_URI[sha256sum] = "fa1311a9ce00e72379a0a3bc6d240ba30c0968cfbbb3472859e50b99e24e9598" +SRC_URI[md5sum] = "d30eed9304e82ea8238c854b5c5a34d9" +SRC_URI[sha256sum] = "03ded4f5e9b8d43ecec083704b2dcabf20c182ed382db9ac7251da0b0b038059" LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263" # the package is taken from snapshots.debian.org; that source is static and goes stale diff --git a/poky/meta/recipes-devtools/apt/apt_1.2.24.bb b/poky/meta/recipes-devtools/apt/apt_1.2.31.bb index ae0bce933..ae0bce933 100644 --- a/poky/meta/recipes-devtools/apt/apt_1.2.24.bb +++ b/poky/meta/recipes-devtools/apt/apt_1.2.31.bb diff --git a/poky/meta/recipes-devtools/autoconf-archive/autoconf-archive_2018.03.13.bb b/poky/meta/recipes-devtools/autoconf-archive/autoconf-archive_2019.01.06.bb index 7d62e52ab..985a254fc 100644 --- a/poky/meta/recipes-devtools/autoconf-archive/autoconf-archive_2018.03.13.bb +++ b/poky/meta/recipes-devtools/autoconf-archive/autoconf-archive_2019.01.06.bb @@ -6,8 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=11cc2d3ee574f9d6b7ee797bdce4d423 \ file://COPYING.EXCEPTION;md5=fdef168ebff3bc2f13664c365a5fb515" SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "46b13a5936372297b6d49980327a3c35" -SRC_URI[sha256sum] = "6175f90d9fa64c4d939bdbb3e8511ae0ee2134863a2c7bf8d9733819efa6e159" +SRC_URI[md5sum] = "d46413c8b00a125b1529bae385bbec55" +SRC_URI[sha256sum] = "17195c833098da79de5778ee90948f4c5d90ed1a0cf8391b4ab348e2ec511e3f" inherit autotools allarch diff --git a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc index 49e6827c1..31c24a37f 100644 --- a/poky/meta/recipes-devtools/binutils/binutils-2.32.inc +++ b/poky/meta/recipes-devtools/binutils/binutils-2.32.inc @@ -48,6 +48,8 @@ SRC_URI = "\ file://CVE-2019-9075.patch \ file://CVE-2019-9076.patch \ file://CVE-2019-9077.patch \ + file://CVE-2019-9071.patch \ + file://CVE-2019-12972.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch new file mode 100644 index 000000000..07d1d6546 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-12972.patch @@ -0,0 +1,51 @@ +From 30bcc01478433a1cb05b36dc5c4beef7d2c89b5b Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Fri, 21 Jun 2019 11:51:38 +0930 +Subject: [PATCH] PR24689, string table corruption + +The testcase in the PR had a e_shstrndx section of type SHT_GROUP. +hdr->contents were initialized by setup_group rather than being read +from the file, thus last byte was not zero and string dereference ran +off the end of the buffer. + + PR 24689 + * elfcode.h (elf_object_p): Check type of e_shstrndx section. + +Upstream-Status: Backport +CVE: CVE-2019-12972 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + bfd/ChangeLog | 5 +++++ + bfd/elfcode.h | 3 ++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index 91f09e6346..e66fb40a2c 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -1,3 +1,8 @@ ++2019-06-21 Alan Modra <amodra@gmail.com> ++ ++ PR 24689 ++ * elfcode.h (elf_object_p): Check type of e_shstrndx section. ++ + 2019-02-20 Alan Modra <amodra@gmail.com> + + PR 24236 +diff --git a/bfd/elfcode.h b/bfd/elfcode.h +index ec5ea766de..a35a629087 100644 +--- a/bfd/elfcode.h ++++ b/bfd/elfcode.h +@@ -755,7 +755,8 @@ elf_object_p (bfd *abfd) + /* A further sanity check. */ + if (i_ehdrp->e_shnum != 0) + { +- if (i_ehdrp->e_shstrndx >= elf_numsections (abfd)) ++ if (i_ehdrp->e_shstrndx >= elf_numsections (abfd) ++ || i_shdrp[i_ehdrp->e_shstrndx].sh_type != SHT_STRTAB) + { + /* PR 2257: + We used to just goto got_wrong_format_error here +-- +2.20.1 + diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-9071.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-9071.patch new file mode 100644 index 000000000..f02539942 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2019-9071.patch @@ -0,0 +1,165 @@ +From c1202057eb9161a86af27d867703235fee7b7555 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 10 Apr 2019 15:49:36 +0100 +Subject: [PATCH] Pull in patch for libiberty that fixes a stack exhaustion bug + when demangling a pathalogically constructed mangled name. + + PR 89394 + * cp-demangle.c (cplus_demangle_fill_name): Reject negative + lengths. + (d_count_templates_scopes): Replace num_templates and num_scopes + parameters with a struct d_print_info pointer parameter. Adjust + body of the function accordingly. Add recursion counter and check + that the recursion limit is not reached. + (d_print_init): Pass dpi parameter to d_count_templates_scopes. + Reset recursion counter afterwards, unless the recursion limit was + reached. + +CVE: CVE-2019-9071 +CVE: CVE-2019-9070 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + ChangeLog | 16 ++++++++++++++ + libiberty/cp-demangle.c | 48 ++++++++++++++++++++++------------------- + 2 files changed, 42 insertions(+), 22 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index cd631a15b6..4df3aaa62c 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,19 @@ ++2019-04-10 Nick Clifton <nickc@redhat.com> ++ ++ * libiberty: Sync with gcc. Bring in: ++ 2019-04-10 Nick Clifton <nickc@redhat.com> ++ ++ PR 89394 ++ * cp-demangle.c (cplus_demangle_fill_name): Reject negative ++ lengths. ++ (d_count_templates_scopes): Replace num_templates and num_scopes ++ parameters with a struct d_print_info pointer parameter. Adjust ++ body of the function accordingly. Add recursion counter and check ++ that the recursion limit is not reached. ++ (d_print_init): Pass dpi parameter to d_count_templates_scopes. ++ Reset recursion counter afterwards, unless the recursion limit was ++ reached. ++ + 2018-06-24 Nick Clifton <nickc@redhat.com> + + 2.32 branch created. +diff --git a/libiberty/cp-demangle.c b/libiberty/cp-demangle.c +index b34b485692..779b4e763a 100644 +--- a/libiberty/cp-demangle.c ++++ b/libiberty/cp-demangle.c +@@ -861,7 +861,7 @@ CP_STATIC_IF_GLIBCPP_V3 + int + cplus_demangle_fill_name (struct demangle_component *p, const char *s, int len) + { +- if (p == NULL || s == NULL || len == 0) ++ if (p == NULL || s == NULL || len <= 0) + return 0; + p->d_printing = 0; + p->type = DEMANGLE_COMPONENT_NAME; +@@ -4061,7 +4061,7 @@ d_growable_string_callback_adapter (const char *s, size_t l, void *opaque) + are larger than the actual numbers encountered. */ + + static void +-d_count_templates_scopes (int *num_templates, int *num_scopes, ++d_count_templates_scopes (struct d_print_info *dpi, + const struct demangle_component *dc) + { + if (dc == NULL) +@@ -4081,13 +4081,13 @@ d_count_templates_scopes (int *num_templates, int *num_scopes, + break; + + case DEMANGLE_COMPONENT_TEMPLATE: +- (*num_templates)++; ++ dpi->num_copy_templates++; + goto recurse_left_right; + + case DEMANGLE_COMPONENT_REFERENCE: + case DEMANGLE_COMPONENT_RVALUE_REFERENCE: + if (d_left (dc)->type == DEMANGLE_COMPONENT_TEMPLATE_PARAM) +- (*num_scopes)++; ++ dpi->num_saved_scopes++; + goto recurse_left_right; + + case DEMANGLE_COMPONENT_QUAL_NAME: +@@ -4152,42 +4152,42 @@ d_count_templates_scopes (int *num_templates, int *num_scopes, + case DEMANGLE_COMPONENT_TAGGED_NAME: + case DEMANGLE_COMPONENT_CLONE: + recurse_left_right: +- d_count_templates_scopes (num_templates, num_scopes, +- d_left (dc)); +- d_count_templates_scopes (num_templates, num_scopes, +- d_right (dc)); ++ /* PR 89394 - Check for too much recursion. */ ++ if (dpi->recursion > DEMANGLE_RECURSION_LIMIT) ++ /* FIXME: There ought to be a way to report to the ++ user that the recursion limit has been reached. */ ++ return; ++ ++ ++ dpi->recursion; ++ d_count_templates_scopes (dpi, d_left (dc)); ++ d_count_templates_scopes (dpi, d_right (dc)); ++ -- dpi->recursion; + break; + + case DEMANGLE_COMPONENT_CTOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_ctor.name); ++ d_count_templates_scopes (dpi, dc->u.s_ctor.name); + break; + + case DEMANGLE_COMPONENT_DTOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_dtor.name); ++ d_count_templates_scopes (dpi, dc->u.s_dtor.name); + break; + + case DEMANGLE_COMPONENT_EXTENDED_OPERATOR: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_extended_operator.name); ++ d_count_templates_scopes (dpi, dc->u.s_extended_operator.name); + break; + + case DEMANGLE_COMPONENT_FIXED_TYPE: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_fixed.length); ++ d_count_templates_scopes (dpi, dc->u.s_fixed.length); + break; + + case DEMANGLE_COMPONENT_GLOBAL_CONSTRUCTORS: + case DEMANGLE_COMPONENT_GLOBAL_DESTRUCTORS: +- d_count_templates_scopes (num_templates, num_scopes, +- d_left (dc)); ++ d_count_templates_scopes (dpi, d_left (dc)); + break; + + case DEMANGLE_COMPONENT_LAMBDA: + case DEMANGLE_COMPONENT_DEFAULT_ARG: +- d_count_templates_scopes (num_templates, num_scopes, +- dc->u.s_unary_num.sub); ++ d_count_templates_scopes (dpi, dc->u.s_unary_num.sub); + break; + } + } +@@ -4222,8 +4222,12 @@ d_print_init (struct d_print_info *dpi, demangle_callbackref callback, + dpi->next_copy_template = 0; + dpi->num_copy_templates = 0; + +- d_count_templates_scopes (&dpi->num_copy_templates, +- &dpi->num_saved_scopes, dc); ++ d_count_templates_scopes (dpi, dc); ++ /* If we did not reach the recursion limit, then reset the ++ current recursion value back to 0, so that we can print ++ the templates. */ ++ if (dpi->recursion < DEMANGLE_RECURSION_LIMIT) ++ dpi->recursion = 0; + dpi->num_copy_templates *= dpi->num_saved_scopes; + + dpi->current_template = NULL; +-- +2.20.1 + diff --git a/poky/meta/recipes-devtools/bison/bison_3.3.2.bb b/poky/meta/recipes-devtools/bison/bison_3.4.1.bb index adb9d48e9..7946e20c5 100644 --- a/poky/meta/recipes-devtools/bison/bison_3.3.2.bb +++ b/poky/meta/recipes-devtools/bison/bison_3.4.1.bb @@ -17,8 +17,8 @@ SRC_URI = "${GNU_MIRROR}/bison/bison-${PV}.tar.xz \ # No point in hardcoding path to m4, just use PATH EXTRA_OECONF += "M4=m4" -SRC_URI[md5sum] = "c9b552dee234b2f6b66e56b27e5234c9" -SRC_URI[sha256sum] = "039ee45b61d95e5003e7e8376f9080001b4066ff357bde271b7faace53b9d804" +SRC_URI[md5sum] = "201286a573b12da109df96282fe4ff4a" +SRC_URI[sha256sum] = "27159ac5ebf736dffd5636fd2cd625767c9e437de65baa63cb0de83570bd820d" inherit autotools gettext texinfo diff --git a/poky/meta/recipes-devtools/cmake/cmake-native_3.14.1.bb b/poky/meta/recipes-devtools/cmake/cmake-native_3.14.5.bb index b2952ee5f..b2952ee5f 100644 --- a/poky/meta/recipes-devtools/cmake/cmake-native_3.14.1.bb +++ b/poky/meta/recipes-devtools/cmake/cmake-native_3.14.5.bb diff --git a/poky/meta/recipes-devtools/cmake/cmake.inc b/poky/meta/recipes-devtools/cmake/cmake.inc index 5b0bce680..da3aadcc0 100644 --- a/poky/meta/recipes-devtools/cmake/cmake.inc +++ b/poky/meta/recipes-devtools/cmake/cmake.inc @@ -18,7 +18,7 @@ SRC_URI = "https://cmake.org/files/v${CMAKE_MAJOR_VERSION}/cmake-${PV}.tar.gz \ file://0004-Fail-silently-if-system-Qt-installation-is-broken.patch \ " -SRC_URI[md5sum] = "7efe5394e85c3292ad020b8b70e55669" -SRC_URI[sha256sum] = "7321be640406338fc12590609c42b0fae7ea12980855c1be363d25dcd76bb25f" +SRC_URI[md5sum] = "a8cbfc3510b95ea686b4059d8b1f765c" +SRC_URI[sha256sum] = "505ae49ebe3c63c595fa5f814975d8b72848447ee13b6613b0f8b96ebda18c06" UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/poky/meta/recipes-devtools/cmake/cmake_3.14.1.bb b/poky/meta/recipes-devtools/cmake/cmake_3.14.5.bb index e0457677e..e0457677e 100644 --- a/poky/meta/recipes-devtools/cmake/cmake_3.14.1.bb +++ b/poky/meta/recipes-devtools/cmake/cmake_3.14.5.bb diff --git a/poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb b/poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb deleted file mode 100644 index 1c84fb1cf..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/cve-check-tool_5.6.4.bb +++ /dev/null @@ -1,62 +0,0 @@ -SUMMARY = "cve-check-tool" -DESCRIPTION = "cve-check-tool is a tool for checking known (public) CVEs.\ -The tool will identify potentially vunlnerable software packages within Linux distributions through version matching." -HOMEPAGE = "https://github.com/ikeydoherty/cve-check-tool" -SECTION = "Development/Tools" -LICENSE = "GPL-2.0+" -LIC_FILES_CHKSUM = "file://LICENSE;md5=e8c1458438ead3c34974bc0be3a03ed6" - -SRC_URI = "https://github.com/ikeydoherty/${BPN}/releases/download/v${PV}/${BP}.tar.xz \ - file://check-for-malloc_trim-before-using-it.patch \ - file://0001-print-progress-in-percent-when-downloading-CVE-db.patch \ - file://0001-curl-allow-overriding-default-CA-certificate-file.patch \ - file://0001-update-Compare-computed-vs-expected-sha256-digit-str.patch \ - file://0001-Fix-freeing-memory-allocated-by-sqlite.patch \ - " - -SRC_URI[md5sum] = "c5f4247140fc9be3bf41491d31a34155" -SRC_URI[sha256sum] = "b8f283be718af8d31232ac1bfc10a0378fb958aaaa49af39168f8acf501e6a5b" - -UPSTREAM_CHECK_URI = "https://github.com/ikeydoherty/cve-check-tool/releases" - -DEPENDS = "libcheck glib-2.0 json-glib curl libxml2 sqlite3 openssl ca-certificates" - -RDEPENDS_${PN} = "ca-certificates" - -inherit pkgconfig autotools - -EXTRA_OECONF = "--disable-coverage --enable-relative-plugins" -CFLAGS_append = " -Wno-error=pedantic" - -do_populate_cve_db() { - if [ "${BB_NO_NETWORK}" = "1" ] ; then - bbwarn "BB_NO_NETWORK is set; Can't update cve-check-tool database, new CVEs won't be detected" - return - fi - - # In case we don't inherit cve-check class, use default values defined in the class. - cve_dir="${CVE_CHECK_DB_DIR}" - cve_file="${CVE_CHECK_TMP_FILE}" - - [ -z "${cve_dir}" ] && cve_dir="${DL_DIR}/CVE_CHECK" - [ -z "${cve_file}" ] && cve_file="${TMPDIR}/cve_check" - - unused="${@bb.utils.export_proxies(d)}" - bbdebug 2 "Updating cve-check-tool database located in $cve_dir" - # --cacert works around curl-native not finding the CA bundle - if cve-check-update --cacert ${sysconfdir}/ssl/certs/ca-certificates.crt -d "$cve_dir" ; then - printf "CVE database was updated on %s UTC\n\n" "$(LANG=C date --utc +'%F %T')" > "$cve_file" - else - bbwarn "Error in executing cve-check-update" - if [ "${@'1' if bb.data.inherits_class('cve-check', d) else '0'}" -ne 0 ] ; then - bbwarn "Failed to update cve-check-tool database, CVEs won't be checked" - fi - fi -} - -addtask populate_cve_db after do_populate_sysroot -do_populate_cve_db[depends] = "cve-check-tool-native:do_populate_sysroot" -do_populate_cve_db[nostamp] = "1" -do_populate_cve_db[progress] = "percent" - -BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch b/poky/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch deleted file mode 100644 index 4a82cf2dd..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/files/0001-Fix-freeing-memory-allocated-by-sqlite.patch +++ /dev/null @@ -1,50 +0,0 @@ -From a3353429652f83bb8b0316500faa88fa2555542d Mon Sep 17 00:00:00 2001 -From: Peter Marko <peter.marko@siemens.com> -Date: Thu, 13 Apr 2017 23:09:52 +0200 -Subject: [PATCH] Fix freeing memory allocated by sqlite - -Upstream-Status: Backport -Signed-off-by: Peter Marko <peter.marko@siemens.com> ---- - src/core.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/core.c b/src/core.c -index 6263031..6788f16 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -82,7 +82,7 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - -@@ -91,7 +91,7 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - -@@ -99,11 +99,11 @@ static bool ensure_table(CveDB *self) - rc = sqlite3_exec(self->db, query, NULL, NULL, &err); - if (rc != SQLITE_OK) { - fprintf(stderr, "ensure_table(): %s\n", err); -- free(err); -+ sqlite3_free(err); - return false; - } - if (err) { -- free(err); -+ sqlite3_free(err); - } - - return true; --- -2.1.4 - diff --git a/poky/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch b/poky/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch deleted file mode 100644 index 3d8ebd1bd..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/files/0001-curl-allow-overriding-default-CA-certificate-file.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 825a9969dea052b02ba868bdf39e676349f10dce Mon Sep 17 00:00:00 2001 -From: Jussi Kukkonen <jussi.kukkonen@intel.com> -Date: Thu, 9 Feb 2017 14:51:28 +0200 -Subject: [PATCH] curl: allow overriding default CA certificate file - -Similar to curl, --cacert can now be used in cve-check-tool and -cve-check-update to override the default CA certificate file. Useful -in cases where the system default is unsuitable (for example, -out-dated) or broken (as in OE's current native libcurl, which embeds -a path string from one build host and then uses it on another although -the right path may have become something different). - -Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/45] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - - -Took Patrick Ohlys original patch from meta-security-isafw, rebased -on top of other patches. - -Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> ---- - src/library/cve-check-tool.h | 1 + - src/library/fetch.c | 10 +++++++++- - src/library/fetch.h | 3 ++- - src/main.c | 5 ++++- - src/update-main.c | 4 +++- - src/update.c | 12 +++++++----- - src/update.h | 2 +- - 7 files changed, 27 insertions(+), 10 deletions(-) - -diff --git a/src/library/cve-check-tool.h b/src/library/cve-check-tool.h -index e4bb5b1..f89eade 100644 ---- a/src/library/cve-check-tool.h -+++ b/src/library/cve-check-tool.h -@@ -43,6 +43,7 @@ typedef struct CveCheckTool { - bool bugs; /**<Whether bug tracking is enabled */ - GHashTable *mapping; /**<CVE Mapping */ - const char *output_file; /**<Output file, if any */ -+ const char *cacert_file; /**<Non-default SSL certificate file, if any */ - } CveCheckTool; - - /** -diff --git a/src/library/fetch.c b/src/library/fetch.c -index 0fe6d76..8f998c3 100644 ---- a/src/library/fetch.c -+++ b/src/library/fetch.c -@@ -60,7 +60,8 @@ static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow - } - - FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -- unsigned int start_percent, unsigned int end_percent) -+ unsigned int start_percent, unsigned int end_percent, -+ const char *cacert_file) - { - FetchStatus ret = FETCH_STATUS_FAIL; - CURLcode res; -@@ -74,6 +75,13 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, - return ret; - } - -+ if (cacert_file) { -+ res = curl_easy_setopt(curl, CURLOPT_CAINFO, cacert_file); -+ if (res != CURLE_OK) { -+ goto bail; -+ } -+ } -+ - if (stat(target, &st) == 0) { - res = curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); - if (res != CURLE_OK) { -diff --git a/src/library/fetch.h b/src/library/fetch.h -index 4cce5d1..836c7d7 100644 ---- a/src/library/fetch.h -+++ b/src/library/fetch.h -@@ -29,7 +29,8 @@ typedef enum { - * @return A FetchStatus, indicating the operation taken - */ - FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -- unsigned int this_percent, unsigned int next_percent); -+ unsigned int this_percent, unsigned int next_percent, -+ const char *cacert_file); - - /** - * Attempt to extract the given gzipped file -diff --git a/src/main.c b/src/main.c -index 8e6f158..ae69d47 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -280,6 +280,7 @@ static bool csv_mode = false; - static char *modified_stamp = NULL; - static gchar *mapping_file = NULL; - static gchar *output_file = NULL; -+static gchar *cacert_file = NULL; - - static GOptionEntry _entries[] = { - { "not-patched", 'n', 0, G_OPTION_ARG_NONE, &hide_patched, "Hide patched/addressed CVEs", NULL }, -@@ -294,6 +295,7 @@ static GOptionEntry _entries[] = { - { "csv", 'c', 0, G_OPTION_ARG_NONE, &csv_mode, "Output CSV formatted data only", NULL }, - { "mapping", 'M', 0, G_OPTION_ARG_STRING, &mapping_file, "Path to a mapping file", NULL}, - { "output-file", 'o', 0, G_OPTION_ARG_STRING, &output_file, "Path to the output file (output plugin specific)", NULL}, -+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL}, - { .short_name = 0 } - }; - -@@ -492,6 +494,7 @@ int main(int argc, char **argv) - - quiet = csv_mode || !no_html; - self->output_file = output_file; -+ self->cacert_file = cacert_file; - - if (!csv_mode && self->output_file) { - quiet = false; -@@ -530,7 +533,7 @@ int main(int argc, char **argv) - if (status) { - fprintf(stderr, "Update of db forced\n"); - cve_db_unlock(); -- if (!update_db(quiet, db_path->str)) { -+ if (!update_db(quiet, db_path->str, self->cacert_file)) { - fprintf(stderr, "DB update failure\n"); - goto cleanup; - } -diff --git a/src/update-main.c b/src/update-main.c -index 2379cfa..c52d9d0 100644 ---- a/src/update-main.c -+++ b/src/update-main.c -@@ -43,11 +43,13 @@ the Free Software Foundation; either version 2 of the License, or\n\ - static gchar *nvds = NULL; - static bool _show_version = false; - static bool _quiet = false; -+static const char *_cacert_file = NULL; - - static GOptionEntry _entries[] = { - { "nvd-dir", 'd', 0, G_OPTION_ARG_STRING, &nvds, "NVD directory in filesystem", NULL }, - { "version", 'v', 0, G_OPTION_ARG_NONE, &_show_version, "Show version", NULL }, - { "quiet", 'q', 0, G_OPTION_ARG_NONE, &_quiet, "Run silently", NULL }, -+ { "cacert", 'C', 0, G_OPTION_ARG_STRING, &_cacert_file, "Path to the combined SSL certificates file (system default is used if not set)", NULL}, - { .short_name = 0 } - }; - -@@ -88,7 +90,7 @@ int main(int argc, char **argv) - goto end; - } - -- if (update_db(_quiet, db_path->str)) { -+ if (update_db(_quiet, db_path->str, _cacert_file)) { - ret = EXIT_SUCCESS; - } else { - fprintf(stderr, "Failed to update database\n"); -diff --git a/src/update.c b/src/update.c -index 070560a..8cb4a39 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -267,7 +267,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok) - - static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db, - bool db_exist, bool verbose, -- unsigned int this_percent, unsigned int next_percent) -+ unsigned int this_percent, unsigned int next_percent, -+ const char *cacert_file) - { - const char nvd_uri[] = URI_PREFIX; - autofree(cve_string) *uri_meta = NULL; -@@ -331,14 +332,14 @@ refetch: - } - - /* Fetch NVD META file */ -- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent); -+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent, cacert_file); - if (st == FETCH_STATUS_FAIL) { - fprintf(stderr, "Failed to fetch %s\n", uri_meta->str); - return -1; - } - - /* Fetch NVD XML file */ -- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent); -+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent, cacert_file); - switch (st) { - case FETCH_STATUS_FAIL: - fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str); -@@ -391,7 +392,7 @@ refetch: - return 0; - } - --bool update_db(bool quiet, const char *db_file) -+bool update_db(bool quiet, const char *db_file, const char *cacert_file) - { - autofree(char) *db_dir = NULL; - autofree(CveDB) *cve_db = NULL; -@@ -466,7 +467,8 @@ bool update_db(bool quiet, const char *db_file) - if (!quiet) - fprintf(stderr, "completed: %u%%\r", start_percent); - rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet, -- start_percent, end_percent); -+ start_percent, end_percent, -+ cacert_file); - switch (rc) { - case 0: - if (!quiet) -diff --git a/src/update.h b/src/update.h -index b8e9911..ceea0c3 100644 ---- a/src/update.h -+++ b/src/update.h -@@ -15,7 +15,7 @@ cve_string *get_db_path(const char *path); - - int update_required(const char *db_file); - --bool update_db(bool quiet, const char *db_file); -+bool update_db(bool quiet, const char *db_file, const char *cacert_file); - - - /* --- -2.1.4 - diff --git a/poky/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch b/poky/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch deleted file mode 100644 index 8ea6f686e..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/files/0001-print-progress-in-percent-when-downloading-CVE-db.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e9ed26cde63f8ca7607a010a518329339f8c02d3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> -Date: Mon, 26 Sep 2016 12:12:41 +0100 -Subject: [PATCH] print progress in percent when downloading CVE db -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Upstream-Status: Pending -Signed-off-by: André Draszik <git@andred.net> ---- - src/library/fetch.c | 28 +++++++++++++++++++++++++++- - src/library/fetch.h | 3 ++- - src/update.c | 16 ++++++++++++---- - 3 files changed, 41 insertions(+), 6 deletions(-) - -diff --git a/src/library/fetch.c b/src/library/fetch.c -index 06d4b30..0fe6d76 100644 ---- a/src/library/fetch.c -+++ b/src/library/fetch.c -@@ -37,13 +37,37 @@ static size_t write_func(void *ptr, size_t size, size_t nmemb, struct fetch_t *f - return fwrite(ptr, size, nmemb, f->f); - } - --FetchStatus fetch_uri(const char *uri, const char *target, bool verbose) -+struct percent_t { -+ unsigned int start; -+ unsigned int end; -+}; -+ -+static int progress_callback_new(void *ptr, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow) -+{ -+ (void) ultotal; -+ (void) ulnow; -+ -+ struct percent_t *percent = (struct percent_t *) ptr; -+ -+ if (dltotal && percent && percent->end >= percent->start) { -+ unsigned int diff = percent->end - percent->start; -+ if (diff) { -+ fprintf(stderr,"completed: %"CURL_FORMAT_CURL_OFF_T"%%\r", percent->start + (diff * dlnow / dltotal)); -+ } -+ } -+ -+ return 0; -+} -+ -+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -+ unsigned int start_percent, unsigned int end_percent) - { - FetchStatus ret = FETCH_STATUS_FAIL; - CURLcode res; - struct stat st; - CURL *curl = NULL; - struct fetch_t *f = NULL; -+ struct percent_t percent = { .start = start_percent, .end = end_percent }; - - curl = curl_easy_init(); - if (!curl) { -@@ -67,6 +91,8 @@ FetchStatus fetch_uri(const char *uri, const char *target, bool verbose) - } - if (verbose) { - (void)curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L); -+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &percent); -+ (void)curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_callback_new); - } - res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)write_func); - if (res != CURLE_OK) { -diff --git a/src/library/fetch.h b/src/library/fetch.h -index 70c3779..4cce5d1 100644 ---- a/src/library/fetch.h -+++ b/src/library/fetch.h -@@ -28,7 +28,8 @@ typedef enum { - * @param verbose Whether to be verbose - * @return A FetchStatus, indicating the operation taken - */ --FetchStatus fetch_uri(const char *uri, const char *target, bool verbose); -+FetchStatus fetch_uri(const char *uri, const char *target, bool verbose, -+ unsigned int this_percent, unsigned int next_percent); - - /** - * Attempt to extract the given gzipped file -diff --git a/src/update.c b/src/update.c -index 30fbe96..eaeeefd 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -266,7 +266,8 @@ static inline void update_end(int fd, const char *update_fname, bool ok) - } - - static int do_fetch_update(int year, const char *db_dir, CveDB *cve_db, -- bool db_exist, bool verbose) -+ bool db_exist, bool verbose, -+ unsigned int this_percent, unsigned int next_percent) - { - const char nvd_uri[] = URI_PREFIX; - autofree(cve_string) *uri_meta = NULL; -@@ -330,14 +331,14 @@ refetch: - } - - /* Fetch NVD META file */ -- st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose); -+ st = fetch_uri(uri_meta->str, nvdcve_meta->str, verbose, this_percent, this_percent); - if (st == FETCH_STATUS_FAIL) { - fprintf(stderr, "Failed to fetch %s\n", uri_meta->str); - return -1; - } - - /* Fetch NVD XML file */ -- st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose); -+ st = fetch_uri(uri_data_gz->str, nvdcve_data_gz->str, verbose, this_percent, next_percent); - switch (st) { - case FETCH_STATUS_FAIL: - fprintf(stderr, "Failed to fetch %s\n", uri_data_gz->str); -@@ -459,10 +460,17 @@ bool update_db(bool quiet, const char *db_file) - for (int i = YEAR_START; i <= year+1; i++) { - int y = i > year ? -1 : i; - int rc; -+ unsigned int start_percent = ((i+0 - YEAR_START) * 100) / (year+2 - YEAR_START); -+ unsigned int end_percent = ((i+1 - YEAR_START) * 100) / (year+2 - YEAR_START); - -- rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet); -+ if (!quiet) -+ fprintf(stderr, "completed: %u%%\r", start_percent); -+ rc = do_fetch_update(y, db_dir, cve_db, db_exist, !quiet, -+ start_percent, end_percent); - switch (rc) { - case 0: -+ if (!quiet) -+ fprintf(stderr,"completed: %u%%\r", end_percent); - continue; - case ENOMEM: - goto oom; --- -2.9.3 - diff --git a/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch b/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch deleted file mode 100644 index 458c0cc84..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/files/0001-update-Compare-computed-vs-expected-sha256-digit-str.patch +++ /dev/null @@ -1,52 +0,0 @@ -From b0426e63c9ac61657e029f689bcb8dd051e752c6 Mon Sep 17 00:00:00 2001 -From: Sergey Popovich <popovich_sergei@mail.ua> -Date: Fri, 21 Apr 2017 07:32:23 -0700 -Subject: [PATCH] update: Compare computed vs expected sha256 digit string - ignoring case - -We produce sha256 digest string using %x snprintf() -qualifier for each byte of digest which uses alphabetic -characters from "a" to "f" in lower case to represent -integer values from 10 to 15. - -Previously all of the NVD META files supply sha256 -digest string for corresponding XML file in lower case. - -However due to some reason this changed recently to -provide digest digits in upper case causing fetched -data consistency checks to fail. This prevents database -from being updated periodically. - -While commit c4f6e94 (update: Do not treat sha256 failure -as fatal if requested) adds useful option to skip -digest validation at all and thus provides workaround for -this situation, it might be unacceptable for some -deployments where we need to ensure that downloaded -data is consistent before start parsing it and update -SQLite database. - -Use strcasecmp() to compare two digest strings case -insensitively and addressing this case. - -Upstream-Status: Backport -Signed-off-by: Sergey Popovich <popovich_sergei@mail.ua> ---- - src/update.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/update.c b/src/update.c -index 8588f38..3cc6b67 100644 ---- a/src/update.c -+++ b/src/update.c -@@ -187,7 +187,7 @@ static bool nvdcve_data_ok(const char *meta, const char *data) - snprintf(&csum_data[idx], len, "%02hhx", digest[i]); - } - -- ret = streq(csum_meta, csum_data); -+ ret = !strcasecmp(csum_meta, csum_data); - - err_unmap: - munmap(buffer, length); --- -2.11.0 - diff --git a/poky/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch b/poky/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch deleted file mode 100644 index 0774ad946..000000000 --- a/poky/meta/recipes-devtools/cve-check-tool/files/check-for-malloc_trim-before-using-it.patch +++ /dev/null @@ -1,51 +0,0 @@ -From ce64633b9733e962b8d8482244301f614d8b5845 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 22 Aug 2016 22:54:24 -0700 -Subject: [PATCH] Check for malloc_trim before using it - -malloc_trim is gnu specific and not all libc -implement it, threfore write a configure check -to poke for it first and use the define to -guard its use. - -Helps in compiling on musl based systems - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- -Upstream-Status: Submitted [https://github.com/ikeydoherty/cve-check-tool/pull/48] - configure.ac | 2 ++ - src/core.c | 4 ++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index d3b66ce..79c3542 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -19,6 +19,8 @@ m4_define([json_required_version], [0.16.0]) - m4_define([openssl_required_version],[1.0.0]) - # TODO: Set minimum sqlite - -+AC_CHECK_FUNCS_ONCE(malloc_trim) -+ - PKG_CHECK_MODULES(CVE_CHECK_TOOL, - [ - glib-2.0 >= glib_required_version, -diff --git a/src/core.c b/src/core.c -index 6263031..0d5df29 100644 ---- a/src/core.c -+++ b/src/core.c -@@ -498,9 +498,9 @@ bool cve_db_load(CveDB *self, const char *fname) - } - - b = true; -- -+#ifdef HAVE_MALLOC_TRIM - malloc_trim(0); -- -+#endif - xmlFreeTextReader(r); - if (fd) { - close(fd); --- -2.9.3 - diff --git a/poky/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb b/poky/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb index 4b6a28e34..6452c8d99 100644 --- a/poky/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb +++ b/poky/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb @@ -8,8 +8,6 @@ HOMEPAGE = "http://www.docbook.org/xml/" LICENSE = "OASIS" LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE-OASIS;md5=c608985dd5f7f215e669e7639a0b1d2e" -DEPENDS = "libxml2-native" - # Note: the upstream sources are not distributed with a license file. # LICENSE-OASIS is included as a "patch" to workaround this. When # upgrading this recipe, please verify whether this is still needed. diff --git a/poky/meta/recipes-devtools/docbook-xml/docbook-xsl-stylesheets_1.79.1.bb b/poky/meta/recipes-devtools/docbook-xml/docbook-xsl-stylesheets_1.79.1.bb index ff38e874b..c5d3a2480 100644 --- a/poky/meta/recipes-devtools/docbook-xml/docbook-xsl-stylesheets_1.79.1.bb +++ b/poky/meta/recipes-devtools/docbook-xml/docbook-xsl-stylesheets_1.79.1.bb @@ -14,8 +14,6 @@ UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/docbook/files/docbook-xsl/ # Reject versions ending in .0 as those are release candidates UPSTREAM_CHECK_REGEX = "/docbook-xsl/(?P<pver>(\d+[\.\-_]*)+(?!\.0)\.\d+)/" -DEPENDS = "libxml2-native" - S = "${WORKDIR}/docbook-xsl-${PV}" inherit allarch xmlcatalog diff --git a/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch b/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch index b88be8749..9ca7262eb 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch +++ b/poky/meta/recipes-devtools/dpkg/dpkg/0003-Our-pre-postinsts-expect-D-to-be-set-when-running-in.patch @@ -1,7 +1,7 @@ -From 24229971492515b64c81e8c6392e5dfbdc22b44c Mon Sep 17 00:00:00 2001 +From dd11ed66640f79143e42d778b58fdd5a61fb5836 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Wed, 26 Aug 2015 16:25:45 +0300 -Subject: [PATCH 3/5] Our pre/postinsts expect $D to be set when running in a +Subject: [PATCH] Our pre/postinsts expect $D to be set when running in a sysroot and don't expect a chroot. This matches up our system expectations with what dpkg does. @@ -12,11 +12,11 @@ ALIMON 2016/05/26 ALIMON 2017/02/21 KKang 2019/02/20 --- - src/script.c | 44 +++----------------------------------------- - 1 file changed, 3 insertions(+), 41 deletions(-) + src/script.c | 53 +++------------------------------------------------- + 1 file changed, 3 insertions(+), 50 deletions(-) diff --git a/src/script.c b/src/script.c -index 0865b95..73ed35d 100644 +index abe65b6f7..621ff9b27 100644 --- a/src/script.c +++ b/src/script.c @@ -96,58 +96,11 @@ setexecute(const char *path, struct stat *stab) @@ -27,12 +27,12 @@ index 0865b95..73ed35d 100644 - const char *changedir; - size_t instdirlen = strlen(instdir); - -- if (instdirlen > 0 && fc_script_chrootless) +- if (instdirlen > 0 && in_force(FORCE_SCRIPT_CHROOTLESS)) - changedir = instdir; - else - changedir = "/"; - -- if (instdirlen > 0 && !fc_script_chrootless) { +- if (instdirlen > 0 && !in_force(FORCE_SCRIPT_CHROOTLESS)) { - int rc; - - if (strncmp(admindir, instdir, instdirlen) != 0) @@ -43,7 +43,7 @@ index 0865b95..73ed35d 100644 - ohshite(_("unable to setenv for subprocesses")); - - rc = chroot(instdir); -- if (rc && fc_nonroot && errno == EPERM) +- if (rc && in_force(FORCE_NON_ROOT) && errno == EPERM) - ohshit(_("not enough privileges to change root " - "directory with --force-not-root, consider " - "using --force-script-chrootless?")); @@ -69,7 +69,7 @@ index 0865b95..73ed35d 100644 - args.buf); - varbuf_destroy(&args); - } -- if (instdirlen == 0 || fc_script_chrootless) +- if (instdirlen == 0 || in_force(FORCE_SCRIPT_CHROOTLESS)) - return cmd->filename; - - if (strlen(cmd->filename) < instdirlen) @@ -82,5 +82,5 @@ index 0865b95..73ed35d 100644 /** -- -2.1.4 +2.17.1 diff --git a/poky/meta/recipes-devtools/dpkg/dpkg_1.19.4.bb b/poky/meta/recipes-devtools/dpkg/dpkg_1.19.7.bb index b83868fec..e9dec337b 100644 --- a/poky/meta/recipes-devtools/dpkg/dpkg_1.19.4.bb +++ b/poky/meta/recipes-devtools/dpkg/dpkg_1.19.7.bb @@ -18,5 +18,5 @@ SRC_URI_append_class-native = " \ file://tweak-options-require-tar-1.27.patch \ " -SRC_URI[md5sum] = "1e4420409426d8c58bbe13a8e07c0c0b" -SRC_URI[sha256sum] = "c15234e98655689586bff2d517a6fdc6135d139c54d52ae9cfa6a90007fee0ae" +SRC_URI[md5sum] = "60f57c5494e6dfa177504d47bfa0e383" +SRC_URI[sha256sum] = "4c27fededf620c0aa522fff1a48577ba08144445341257502e7730f2b1a296e8" diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch deleted file mode 100644 index d7e09b6be..000000000 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs/Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 0a392baf1874964651115d9f77b0daa6851d1daa Mon Sep 17 00:00:00 2001 -From: Jonathan Liu <net147@gmail.com> -Date: Tue, 1 Mar 2016 14:28:01 +1100 -Subject: [PATCH] Revert "mke2fs: enable the metadata_csum and 64bit features - by default" - -This reverts commit cd27af3ecb83e8fd1e3eaa14994284a1818c7c15 as we -don't want to enable features by default that are not supported by -the latest stable e2fsprogs release. - -Upstream-Status: Inappropriate [configuration] -Signed-off-by: Jonathan Liu <net147@gmail.com> - -Rebase to 1.43: -The upstream has disabled metadata_csum by default -this rebase just revert 64bit feature. -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> ---- - misc/mke2fs.conf.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/misc/mke2fs.conf.in b/misc/mke2fs.conf.in -index 01e35cf..25105b3 100644 ---- a/misc/mke2fs.conf.in -+++ b/misc/mke2fs.conf.in -@@ -11,8 +11,9 @@ - features = has_journal - } - ext4 = { -- features = has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize -+ features = has_journal,extent,huge_file,flex_bg,metadata_csum,dir_nlink,extra_isize - inode_size = 256 -+ auto_64-bit_support = 1 - } - small = { - blocksize = 1024 diff --git a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb index ed946159b..5cda89f59 100644 --- a/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb +++ b/poky/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.44.5.bb @@ -3,7 +3,6 @@ require e2fsprogs.inc SRC_URI += "file://remove.ldconfig.call.patch \ file://run-ptest \ file://ptest.patch \ - file://Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch \ file://mkdir_p.patch \ file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \ file://0001-create_inode-fix-copying-large-files.patch \ diff --git a/poky/meta/recipes-devtools/elfutils/elfutils_0.176.bb b/poky/meta/recipes-devtools/elfutils/elfutils_0.176.bb index 5b8049f53..75acf59d2 100644 --- a/poky/meta/recipes-devtools/elfutils/elfutils_0.176.bb +++ b/poky/meta/recipes-devtools/elfutils/elfutils_0.176.bb @@ -4,7 +4,7 @@ SECTION = "base" LICENSE = "GPLv2 & LGPLv3+ & GPLv3+" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" DEPENDS = "libtool bzip2 zlib virtual/libintl" -DEPENDS_append_libc-musl = " argp-standalone fts " +DEPENDS_append_libc-musl = " argp-standalone fts musl-obstack " # The Debian patches below are from: # http://ftp.de.debian.org/debian/pool/main/e/elfutils/elfutils_0.175-1.debian.tar.xz SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \ @@ -31,12 +31,13 @@ SRC_URI = "https://sourceware.org/elfutils/ftp/${PV}/${BP}.tar.bz2 \ file://0001-skip-the-test-when-gcc-not-deployed.patch \ file://run-ptest \ file://ptest.patch \ - file://musl.patch \ " -SRC_URI_append_libc-musl = " file://0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch \ - file://0001-fix-err-variable-and-function-conflicts.patch \ -" - +SRC_URI_append_libc-musl = " \ + file://musl-obstack-fts.patch \ + file://musl-libs.patch \ + file://musl-utils.patch \ + file://musl-tests.patch \ + " SRC_URI[md5sum] = "077e4f49320cad82bf17a997068b1db9" SRC_URI[sha256sum] = "eb5747c371b0af0f71e86215a5ebb88728533c3a104a43d4231963f308cd1023" @@ -85,8 +86,6 @@ do_install_ptest() { EXTRA_OEMAKE_class-native = "" EXTRA_OEMAKE_class-nativesdk = "" -ALLOW_EMPTY_${PN}_libc-musl = "1" - BBCLASSEXTEND = "native nativesdk" # Package utilities separately diff --git a/poky/meta/recipes-devtools/elfutils/files/0001-fix-err-variable-and-function-conflicts.patch b/poky/meta/recipes-devtools/elfutils/files/0001-fix-err-variable-and-function-conflicts.patch deleted file mode 100644 index 433db133b..000000000 --- a/poky/meta/recipes-devtools/elfutils/files/0001-fix-err-variable-and-function-conflicts.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 2c50fe7068bd6911958c6d851aef88179e73bb21 Mon Sep 17 00:00:00 2001 -From: Mingli Yu <Mingli.Yu@windriver.com> -Date: Tue, 16 Apr 2019 15:30:38 +0800 -Subject: [PATCH] fix err variable and function conflicts - -There comes below build failure with musl when -ptest enabled. -| In file included from ../../elfutils-0.176/tests/dwfl-proc-attach.c:33: -| ../../elfutils-0.176/lib/system.h:63:35: error: called object 'err' is not a function or function pointer -| #define error(status, errno, ...) err(status, __VA_ARGS__) -| ^~~ -| ../../elfutils-0.176/tests/dwfl-proc-attach.c:92:5: note: in expansion of macro 'error' -| error (-1, 0, "dwfl_linux_proc_attach pid %d: %s", pid, -| ^~~~~ -| ../../elfutils-0.176/tests/dwfl-proc-attach.c:79:7: note: declared here -| int err; -| ^~~ - -It is because there is no error.h in musl and -the patch 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch -has updated to use err.h to replace error.h -and also added macro definiton as below when -use musl. - #define error(status, errno, ...) err(status, __VA_ARGS__) - -And in err.h, there is below logic: -_Noreturn void err(int, const char *, ...); - -But when ptest enabled, there comes below error -as there is both variable and function defined -to be err in tests/dwfl-proc-attach.c. -So change the err variable's name to workaround -the build failure with musl. - -Upstream-Status: Inappropriate [workaround in musl] - -Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> ---- - tests/dwfl-proc-attach.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -Index: elfutils-0.176/tests/dwfl-proc-attach.c -=================================================================== ---- elfutils-0.176.orig/tests/dwfl-proc-attach.c -+++ elfutils-0.176/tests/dwfl-proc-attach.c -@@ -76,10 +76,10 @@ main (int argc __attribute__ ((unused)), - char **argv __attribute__ ((unused))) - { - /* Create two extra threads to iterate through. */ -- int err; -- if ((err = pthread_create (&thread1, NULL, sleeper, NULL)) != 0) -+ int err1; -+ if ((err1 = pthread_create (&thread1, NULL, sleeper, NULL)) != 0) - error (-1, err, "Couldn't create thread1"); -- if ((err = pthread_create (&thread2, NULL, sleeper, NULL)) != 0) -+ if ((err1 = pthread_create (&thread2, NULL, sleeper, NULL)) != 0) - error (-1, err, "Couldn't create thread2"); - - Dwfl *dwfl = dwfl_begin (&proc_callbacks); -Index: elfutils-0.176/tests/backtrace.c -=================================================================== ---- elfutils-0.176.orig/tests/backtrace.c -+++ elfutils-0.176/tests/backtrace.c -@@ -219,23 +219,23 @@ dump (Dwfl *dwfl) - { - ptrdiff_t ptrdiff = dwfl_getmodules (dwfl, dump_modules, NULL, 0); - assert (ptrdiff == 0); -- bool err = false; -+ bool err1 = false; - switch (dwfl_getthreads (dwfl, thread_callback, NULL)) - { - case 0: - break; - case DWARF_CB_ABORT: -- err = true; -+ err1 = true; - break; - case -1: - error (0, 0, "dwfl_getthreads: %s", dwfl_errmsg (-1)); -- err = true; -+ err1 = true; - break; - default: - abort (); - } - callback_verify (0, 0, 0, NULL, dwfl); -- if (err) -+ if (err1) - exit (EXIT_FAILURE); - } - diff --git a/poky/meta/recipes-devtools/elfutils/files/0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch b/poky/meta/recipes-devtools/elfutils/files/0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch deleted file mode 100644 index 10cdac646..000000000 --- a/poky/meta/recipes-devtools/elfutils/files/0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch +++ /dev/null @@ -1,196 +0,0 @@ -From 990d377a92f4bab04bf6820fc81b3dcb6cf5e31d Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 2 Jul 2018 09:52:23 +0800 -Subject: [PATCH] build: Provide alternatives for glibc assumptions helps - compiling it on musl - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Rebase to 0.175 - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> - ---- - Makefile.am | 2 +- - lib/fixedsizehash.h | 1 - - lib/system.h | 12 +++++++++++- - libdw/Makefile.am | 3 ++- - libdwfl/dwfl_build_id_find_elf.c | 1 + - libdwfl/dwfl_error.c | 4 +++- - libdwfl/dwfl_module_getdwarf.c | 1 + - libdwfl/libdwfl_crc32_file.c | 9 +++++++++ - libdwfl/linux-kernel-modules.c | 1 + - libelf/elf.h | 8 ++++++-- - libelf/libelf.h | 1 + - libelf/libelfP.h | 1 + - 12 files changed, 37 insertions(+), 7 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 2ff444e..41f77df 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -28,7 +28,7 @@ pkginclude_HEADERS = version.h - - # Add doc back when we have some real content. - SUBDIRS = config m4 lib libelf libebl libdwelf libdwfl libdw libcpu libasm \ -- backends src po tests -+ backends po tests - - EXTRA_DIST = elfutils.spec GPG-KEY NOTES CONTRIBUTING \ - COPYING COPYING-GPLV2 COPYING-LGPLV3 -diff --git a/lib/fixedsizehash.h b/lib/fixedsizehash.h -index dac2a5f..43016fc 100644 ---- a/lib/fixedsizehash.h -+++ b/lib/fixedsizehash.h -@@ -30,7 +30,6 @@ - #include <errno.h> - #include <stdlib.h> - #include <string.h> --#include <sys/cdefs.h> - - #include <system.h> - -diff --git a/lib/system.h b/lib/system.h -index 292082b..308a762 100644 ---- a/lib/system.h -+++ b/lib/system.h -@@ -30,7 +30,7 @@ - #define LIB_SYSTEM_H 1 - - #include <errno.h> --#include <error.h> -+#include <err.h> - #include <stddef.h> - #include <stdint.h> - #include <sys/param.h> -@@ -51,6 +51,8 @@ - #else - # error "Unknown byte order" - #endif -+ -+#define error(status, errno, ...) err(status, __VA_ARGS__) - - #ifndef MAX - #define MAX(m, n) ((m) < (n) ? (n) : (m)) -diff --git a/libdw/Makefile.am b/libdw/Makefile.am -index 7a3d532..7ac1241 100644 ---- a/libdw/Makefile.am -+++ b/libdw/Makefile.am -@@ -108,7 +108,8 @@ am_libdw_pic_a_OBJECTS = $(libdw_a_SOURCES:.c=.os) - libdw_so_LIBS = libdw_pic.a ../libdwelf/libdwelf_pic.a \ - ../libdwfl/libdwfl_pic.a ../libebl/libebl.a - libdw_so_DEPS = ../lib/libeu.a ../libelf/libelf.so --libdw_so_LDLIBS = $(libdw_so_DEPS) -ldl -lz $(argp_LDADD) $(zip_LIBS) -+fts_LDADD = -lfts -+libdw_so_LDLIBS = $(libdw_so_DEPS) -ldl -lz $(argp_LDADD) $(zip_LIBS) $(fts_LDADD) - libdw_so_SOURCES = - libdw.so$(EXEEXT): $(srcdir)/libdw.map $(libdw_so_LIBS) $(libdw_so_DEPS) - # The rpath is necessary for libebl because its $ORIGIN use will -diff --git a/libdwfl/dwfl_build_id_find_elf.c b/libdwfl/dwfl_build_id_find_elf.c -index cc6c3f6..b06ab59 100644 ---- a/libdwfl/dwfl_build_id_find_elf.c -+++ b/libdwfl/dwfl_build_id_find_elf.c -@@ -31,6 +31,7 @@ - #endif - - #include "libdwflP.h" -+#include "system.h" - #include <inttypes.h> - #include <fcntl.h> - #include <unistd.h> -diff --git a/libdwfl/dwfl_error.c b/libdwfl/dwfl_error.c -index 7bcf61c..c345797 100644 ---- a/libdwfl/dwfl_error.c -+++ b/libdwfl/dwfl_error.c -@@ -140,6 +140,7 @@ __libdwfl_seterrno (Dwfl_Error error) - const char * - dwfl_errmsg (int error) - { -+ static __thread char s[64] = ""; - if (error == 0 || error == -1) - { - int last_error = global_error; -@@ -154,7 +155,8 @@ dwfl_errmsg (int error) - switch (error &~ 0xffff) - { - case OTHER_ERROR (ERRNO): -- return strerror_r (error & 0xffff, "bad", 0); -+ strerror_r (error & 0xffff, s, sizeof(s)); -+ return s; - case OTHER_ERROR (LIBELF): - return elf_errmsg (error & 0xffff); - case OTHER_ERROR (LIBDW): -diff --git a/libdwfl/dwfl_module_getdwarf.c b/libdwfl/dwfl_module_getdwarf.c -index 56e6105..f4a0649 100644 ---- a/libdwfl/dwfl_module_getdwarf.c -+++ b/libdwfl/dwfl_module_getdwarf.c -@@ -35,6 +35,7 @@ - #include <fcntl.h> - #include <string.h> - #include <unistd.h> -+#include "system.h" - #include "../libdw/libdwP.h" /* DWARF_E_* values are here. */ - #include "../libelf/libelfP.h" - #include "system.h" -diff --git a/libdwfl/linux-kernel-modules.c b/libdwfl/linux-kernel-modules.c -index 360e4ee..b5aa397 100644 ---- a/libdwfl/linux-kernel-modules.c -+++ b/libdwfl/linux-kernel-modules.c -@@ -41,6 +41,7 @@ - - #include "libelfP.h" - #include "libdwflP.h" -+#include "system.h" - #include <inttypes.h> - #include <errno.h> - #include <stdio.h> -diff --git a/libelf/elf.h b/libelf/elf.h -index 5dc632b..14da1b7 100644 ---- a/libelf/elf.h -+++ b/libelf/elf.h -@@ -21,7 +21,9 @@ - - #include <features.h> - --__BEGIN_DECLS -+#ifdef __cplusplus -+extern "C" { -+#endif - - /* Standard ELF types. */ - -@@ -3937,6 +3939,8 @@ enum - #define R_METAG_TLS_LE_HI16 60 - #define R_METAG_TLS_LE_LO16 61 - --__END_DECLS -+#ifdef __cplusplus -+} -+#endif - - #endif /* elf.h */ -diff --git a/libelf/libelf.h b/libelf/libelf.h -index 1ff11c9..c21e018 100644 ---- a/libelf/libelf.h -+++ b/libelf/libelf.h -@@ -29,6 +29,7 @@ - #ifndef _LIBELF_H - #define _LIBELF_H 1 - -+#include <fcntl.h> - #include <stdint.h> - #include <sys/types.h> - -diff --git a/libelf/libelfP.h b/libelf/libelfP.h -index 9f3e8e9..10a347a 100644 ---- a/libelf/libelfP.h -+++ b/libelf/libelfP.h -@@ -32,6 +32,7 @@ - - #include <ar.h> - #include <gelf.h> -+#include <libelf.h> - - #include <errno.h> - #include <stdbool.h> diff --git a/poky/meta/recipes-devtools/elfutils/files/musl-libs.patch b/poky/meta/recipes-devtools/elfutils/files/musl-libs.patch new file mode 100644 index 000000000..51ca630ef --- /dev/null +++ b/poky/meta/recipes-devtools/elfutils/files/musl-libs.patch @@ -0,0 +1,111 @@ +Collection of fixes needed to compile libelf and other libraries +provided by elfutils for musl targets + +error is glibc specific API, so this patch will mostly not accepted +upstream given that elfutils has been closely tied to glibc + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Inappropriate [workaround for musl] + +--- /dev/null ++++ b/lib/error.h +@@ -0,0 +1,27 @@ ++#ifndef _ERROR_H_ ++#define _ERROR_H_ ++ ++#include <stdarg.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <errno.h> ++ ++static unsigned int error_message_count = 0; ++ ++static inline void error(int status, int errnum, const char* format, ...) ++{ ++ va_list ap; ++ fprintf(stderr, "%s: ", program_invocation_name); ++ va_start(ap, format); ++ vfprintf(stderr, format, ap); ++ va_end(ap); ++ if (errnum) ++ fprintf(stderr, ": %s", strerror(errnum)); ++ fprintf(stderr, "\n"); ++ error_message_count++; ++ if (status) ++ exit(status); ++} ++ ++#endif /* _ERROR_H_ */ +--- a/lib/fixedsizehash.h ++++ b/lib/fixedsizehash.h +@@ -30,7 +30,6 @@ + #include <errno.h> + #include <stdlib.h> + #include <string.h> +-#include <sys/cdefs.h> + + #include <system.h> + +--- a/lib/libeu.h ++++ b/lib/libeu.h +@@ -29,6 +29,7 @@ + #ifndef LIBEU_H + #define LIBEU_H + ++#include "system.h" + #include <stddef.h> + #include <stdint.h> + +--- a/libdwfl/dwfl_error.c ++++ b/libdwfl/dwfl_error.c +@@ -154,7 +154,16 @@ dwfl_errmsg (int error) + switch (error &~ 0xffff) + { + case OTHER_ERROR (ERRNO): ++#if defined(__GLIBC__) + return strerror_r (error & 0xffff, "bad", 0); ++#else ++ { ++ static __thread char buf[128] = ""; ++ if (strerror_r (error & 0xffff, buf, sizeof(buf)) == 0) ++ return buf; ++ } ++ return "strerror_r() failed"; ++#endif + case OTHER_ERROR (LIBELF): + return elf_errmsg (error & 0xffff); + case OTHER_ERROR (LIBDW): +--- a/libdwfl/linux-kernel-modules.c ++++ b/libdwfl/linux-kernel-modules.c +@@ -50,6 +50,7 @@ + #include <sys/utsname.h> + #include <fcntl.h> + #include <unistd.h> ++#include "system.h" + + /* If fts.h is included before config.h, its indirect inclusions may not + give us the right LFS aliases of these functions, so map them manually. */ +--- a/libelf/elf.h ++++ b/libelf/elf.h +@@ -21,7 +21,9 @@ + + #include <features.h> + +-__BEGIN_DECLS ++#ifdef __cplusplus ++extern "C" { ++#endif + + /* Standard ELF types. */ + +@@ -3937,6 +3939,7 @@ enum + #define R_METAG_TLS_LE_HI16 60 + #define R_METAG_TLS_LE_LO16 61 + +-__END_DECLS +- ++#ifdef __cplusplus ++} ++#endif + #endif /* elf.h */ diff --git a/poky/meta/recipes-devtools/elfutils/files/musl-obstack-fts.patch b/poky/meta/recipes-devtools/elfutils/files/musl-obstack-fts.patch new file mode 100644 index 000000000..0fb7eb923 --- /dev/null +++ b/poky/meta/recipes-devtools/elfutils/files/musl-obstack-fts.patch @@ -0,0 +1,105 @@ +Look for libfts and libobstack during configure, these +libraries are external to libc when using musl, whereas +on glibc these libraries are provided in libc itself. + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Inappropriate [workaround for musl] +--- a/configure.ac ++++ b/configure.ac +@@ -494,6 +494,60 @@ else + fi + AC_SUBST([argp_LDADD]) + ++dnl Check if we have fts available from our libc ++AC_LINK_IFELSE( ++ [AC_LANG_PROGRAM( ++ [#if !defined(__x86_64__) ++ #undef _FILE_OFFSET_BITS ++ #define _FILE_OFFSET_BITS 32 ++ #endif ++ #include <fts.h>], ++ [FTS* fts = 0; return fts_close(fts); return 0;] ++ )], ++ [libc_has_fts="true"], ++ [libc_has_fts="false"] ++) ++ ++dnl If our libc doesn't provide fts, then test for libfts ++if test "$libc_has_fts" = "false" ; then ++ AC_MSG_WARN("libc does not have fts") ++ AC_CHECK_LIB([fts], [fts_close], [have_fts="true"], [have_fts="false"]) ++ ++ if test "$have_fts" = "false"; then ++ AC_MSG_ERROR("no libfts found") ++ else ++ fts_LDADD="-lfts" ++ fi ++else ++ fts_LDADD="" ++fi ++AC_SUBST([fts_LDADD]) ++ ++dnl Check if we have obstack available from our libc ++AC_LINK_IFELSE( ++ [AC_LANG_PROGRAM( ++ [#include <obstack.h>], ++ [_obstack_begin(0, 0, 0, NULL, NULL); return 0;] ++ )], ++ [libc_has_obstack="true"], ++ [libc_has_obstack="false"] ++) ++ ++dnl If our libc doesn't provide obstack, then test for libobstack ++if test "$libc_has_obstack" = "false" ; then ++ AC_MSG_WARN("libc does not have obstack") ++ AC_CHECK_LIB([obstack], [_obstack_begin], [have_obstack="true"], [have_obstack="false"]) ++ ++ if test "$have_obstack" = "false"; then ++ AC_MSG_ERROR("no libobstack found") ++ else ++ obstack_LDADD="-lobstack" ++ fi ++else ++ obstack_LDADD="" ++fi ++AC_SUBST([obstack_LDADD]) ++ + dnl The directories with content. + + dnl Documentation. +--- a/libdw/Makefile.am ++++ b/libdw/Makefile.am +@@ -108,7 +108,7 @@ am_libdw_pic_a_OBJECTS = $(libdw_a_SOURC + libdw_so_LIBS = libdw_pic.a ../libdwelf/libdwelf_pic.a \ + ../libdwfl/libdwfl_pic.a ../libebl/libebl.a + libdw_so_DEPS = ../lib/libeu.a ../libelf/libelf.so +-libdw_so_LDLIBS = $(libdw_so_DEPS) -ldl -lz $(argp_LDADD) $(zip_LIBS) ++libdw_so_LDLIBS = $(libdw_so_DEPS) -ldl -lz $(argp_LDADD) $(fts_LDADD) $(zip_LIBS) + libdw_so_SOURCES = + libdw.so$(EXEEXT): $(srcdir)/libdw.map $(libdw_so_LIBS) $(libdw_so_DEPS) + # The rpath is necessary for libebl because its $ORIGIN use will +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -68,8 +68,8 @@ ar_no_Wstack_usage = yes + unstrip_no_Wstack_usage = yes + + readelf_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(argp_LDADD) -ldl +-nm_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(argp_LDADD) -ldl \ +- $(demanglelib) ++nm_LDADD = $(libdw) $(libebl) $(libelf) $(libeu) $(argp_LDADD) \ ++ $(obstack_LDADD) -ldl $(demanglelib) + size_LDADD = $(libelf) $(libeu) $(argp_LDADD) + strip_LDADD = $(libebl) $(libelf) $(libdw) $(libeu) $(argp_LDADD) -ldl + elflint_LDADD = $(libebl) $(libelf) $(libeu) $(argp_LDADD) -ldl +@@ -77,9 +77,9 @@ findtextrel_LDADD = $(libdw) $(libelf) $ + addr2line_LDADD = $(libdw) $(libelf) $(libeu) $(argp_LDADD) $(demanglelib) + elfcmp_LDADD = $(libebl) $(libelf) $(libeu) $(argp_LDADD) -ldl + objdump_LDADD = $(libasm) $(libebl) $(libelf) $(libeu) $(argp_LDADD) -ldl +-ranlib_LDADD = libar.a $(libelf) $(libeu) $(argp_LDADD) ++ranlib_LDADD = libar.a $(libelf) $(libeu) $(argp_LDADD) $(obstack_LDADD) + strings_LDADD = $(libelf) $(libeu) $(argp_LDADD) +-ar_LDADD = libar.a $(libelf) $(libeu) $(argp_LDADD) ++ar_LDADD = libar.a $(libelf) $(libeu) $(argp_LDADD) $(obstack_LDADD) + unstrip_LDADD = $(libebl) $(libelf) $(libdw) $(libeu) $(argp_LDADD) -ldl + stack_LDADD = $(libebl) $(libelf) $(libdw) $(libeu) $(argp_LDADD) -ldl $(demanglelib) + elfcompress_LDADD = $(libebl) $(libelf) $(libdw) $(libeu) $(argp_LDADD) diff --git a/poky/meta/recipes-devtools/elfutils/files/musl.patch b/poky/meta/recipes-devtools/elfutils/files/musl-tests.patch index be35791b1..be35791b1 100644 --- a/poky/meta/recipes-devtools/elfutils/files/musl.patch +++ b/poky/meta/recipes-devtools/elfutils/files/musl-tests.patch diff --git a/poky/meta/recipes-devtools/elfutils/files/musl-utils.patch b/poky/meta/recipes-devtools/elfutils/files/musl-utils.patch new file mode 100644 index 000000000..8e636bf66 --- /dev/null +++ b/poky/meta/recipes-devtools/elfutils/files/musl-utils.patch @@ -0,0 +1,136 @@ +Provide missing defines which otherwise are available on glibc system headers + +Alter the error API to match posix version +use qsort instead of qsort_r which is glibc specific API + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Inappropriate [workaround for musl] +--- a/src/arlib.h ++++ b/src/arlib.h +@@ -29,6 +29,12 @@ + #include <stdint.h> + #include <sys/types.h> + ++#if !defined(ALLPERMS) ++# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) /* 07777 */ ++#endif ++#if !defined(DEFFILEMODE) ++# define DEFFILEMODE (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH)/* 0666*/ ++#endif + + /* State of -D/-U flags. */ + extern bool arlib_deterministic_output; +--- a/src/elfcompress.c ++++ b/src/elfcompress.c +@@ -37,6 +37,13 @@ + #include "libeu.h" + #include "printversion.h" + ++#if !defined(ALLPERMS) ++# define ALLPERMS (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) /* 07777 */ ++#endif ++#if !defined(FNM_EXTMATCH) ++# define FNM_EXTMATCH (0) ++#endif ++ + /* Name and version of program. */ + ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; + +--- a/src/readelf.c ++++ b/src/readelf.c +@@ -4792,10 +4792,11 @@ listptr_base (struct listptr *p) + return cudie_base (&cu); + } + ++static const char *listptr_name; ++ + static int +-compare_listptr (const void *a, const void *b, void *arg) ++compare_listptr (const void *a, const void *b) + { +- const char *name = arg; + struct listptr *p1 = (void *) a; + struct listptr *p2 = (void *) b; + +@@ -4811,21 +4812,21 @@ compare_listptr (const void *a, const vo + p1->warned = p2->warned = true; + error (0, 0, + gettext ("%s %#" PRIx64 " used with different address sizes"), +- name, (uint64_t) p1->offset); ++ listptr_name, (uint64_t) p1->offset); + } + if (p1->dwarf64 != p2->dwarf64) + { + p1->warned = p2->warned = true; + error (0, 0, + gettext ("%s %#" PRIx64 " used with different offset sizes"), +- name, (uint64_t) p1->offset); ++ listptr_name, (uint64_t) p1->offset); + } + if (listptr_base (p1) != listptr_base (p2)) + { + p1->warned = p2->warned = true; + error (0, 0, + gettext ("%s %#" PRIx64 " used with different base addresses"), +- name, (uint64_t) p1->offset); ++ listptr_name, (uint64_t) p1->offset); + } + if (p1->attr != p2 ->attr) + { +@@ -4833,7 +4834,7 @@ compare_listptr (const void *a, const vo + error (0, 0, + gettext ("%s %#" PRIx64 + " used with different attribute %s and %s"), +- name, (uint64_t) p1->offset, dwarf_attr_name (p2->attr), ++ listptr_name, (uint64_t) p1->offset, dwarf_attr_name (p2->attr), + dwarf_attr_name (p2->attr)); + } + } +@@ -4905,8 +4906,11 @@ static void + sort_listptr (struct listptr_table *table, const char *name) + { + if (table->n > 0) +- qsort_r (table->table, table->n, sizeof table->table[0], +- &compare_listptr, (void *) name); ++ { ++ listptr_name = name; ++ qsort (table->table, table->n, sizeof table->table[0], ++ &compare_listptr); ++ } + } + + static bool +--- a/src/strip.c ++++ b/src/strip.c +@@ -46,6 +46,13 @@ + #include <system.h> + #include <printversion.h> + ++#if !defined(ACCESSPERMS) ++# define ACCESSPERMS (S_IRWXU|S_IRWXG|S_IRWXO) /* 0777 */ ++#endif ++#if !defined(FNM_EXTMATCH) ++# define FNM_EXTMATCH (0) ++#endif ++ + typedef uint8_t GElf_Byte; + + /* Name and version of program. */ +--- a/src/unstrip.c ++++ b/src/unstrip.c +@@ -56,6 +56,15 @@ + # define _(str) gettext (str) + #endif + ++#ifndef strndupa ++#define strndupa(s, n) \ ++ ({const char *__in = (s); \ ++ size_t __len = strnlen (__in, (n)) + 1; \ ++ char *__out = (char *) alloca (__len); \ ++ __out[__len-1] = '\0'; \ ++ (char *) memcpy (__out, __in, __len-1);}) ++#endif ++ + /* Name and version of program. */ + ARGP_PROGRAM_VERSION_HOOK_DEF = print_version; + diff --git a/poky/meta/recipes-devtools/flex/flex_2.6.0.bb b/poky/meta/recipes-devtools/flex/flex_2.6.0.bb index b477cd8c7..12ce0cb46 100644 --- a/poky/meta/recipes-devtools/flex/flex_2.6.0.bb +++ b/poky/meta/recipes-devtools/flex/flex_2.6.0.bb @@ -68,3 +68,6 @@ do_install_ptest() { -e 's/^builddir = \(.*\)/builddir = ./' -e 's/^top_builddir = \(.*\)/top_builddir = ./' \ -i ${D}${PTEST_PATH}/Makefile } + +# Not Apache Flex, or Adobe Flex, or IBM Flex. +CVE_PRODUCT = "flex_project:flex" diff --git a/poky/meta/recipes-devtools/gcc/gcc-9.1/0012-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/poky/meta/recipes-devtools/gcc/gcc-9.1/0012-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch index f23a314c1..1ff85c807 100644 --- a/poky/meta/recipes-devtools/gcc/gcc-9.1/0012-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch +++ b/poky/meta/recipes-devtools/gcc/gcc-9.1/0012-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch @@ -1,4 +1,4 @@ -From 492f008dce784749e39e1c396aeea6fa1d977374 Mon Sep 17 00:00:00 2001 +From 0e13b09ae400d8c8755e2869c72a158ed0dbc0b6 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Fri, 29 Mar 2013 09:24:50 +0400 Subject: [PATCH 12/37] Define GLIBC_DYNAMIC_LINKER and UCLIBC_DYNAMIC_LINKER @@ -23,11 +23,12 @@ Upstream-Status: Inappropriate [OE configuration] gcc/config/i386/linux64.h | 6 +++--- gcc/config/linux.h | 8 ++++---- gcc/config/mips/linux.h | 12 ++++++------ + gcc/config/riscv/linux.h | 2 +- gcc/config/rs6000/linux64.h | 15 +++++---------- gcc/config/sh/linux.h | 2 +- gcc/config/sparc/linux.h | 2 +- gcc/config/sparc/linux64.h | 4 ++-- - 11 files changed, 28 insertions(+), 33 deletions(-) + 12 files changed, 29 insertions(+), 34 deletions(-) diff --git a/gcc/config/alpha/linux-elf.h b/gcc/config/alpha/linux-elf.h index 824861befec..6afacce3292 100644 @@ -152,11 +153,24 @@ index 6f79ac9c01a..25de96f9561 100644 #undef MUSL_DYNAMIC_LINKER32 #define MUSL_DYNAMIC_LINKER32 \ +diff --git a/gcc/config/riscv/linux.h b/gcc/config/riscv/linux.h +index 58dd18b89f3..112ba9cd764 100644 +--- a/gcc/config/riscv/linux.h ++++ b/gcc/config/riscv/linux.h +@@ -22,7 +22,7 @@ along with GCC; see the file COPYING3. If not see + GNU_USER_TARGET_OS_CPP_BUILTINS(); \ + } while (0) + +-#define GLIBC_DYNAMIC_LINKER "/lib/ld-linux-riscv" XLEN_SPEC "-" ABI_SPEC ".so.1" ++#define GLIBC_DYNAMIC_LINKER SYSTEMLIBS_DIR "ld-linux-riscv" XLEN_SPEC "-" ABI_SPEC ".so.1" + + #define MUSL_ABI_SUFFIX \ + "%{mabi=ilp32:-sf}" \ diff --git a/gcc/config/rs6000/linux64.h b/gcc/config/rs6000/linux64.h -index bcc540b5ff2..982ca274621 100644 +index 5380f6a6a6f..c0f2dc1f43e 100644 --- a/gcc/config/rs6000/linux64.h +++ b/gcc/config/rs6000/linux64.h -@@ -428,24 +428,19 @@ extern int dot_symbols; +@@ -435,24 +435,19 @@ extern int dot_symbols; #undef LINK_OS_DEFAULT_SPEC #define LINK_OS_DEFAULT_SPEC "%(link_os_linux)" @@ -200,10 +214,10 @@ index c9897b7aca5..82f275319cc 100644 #undef SUBTARGET_LINK_EMUL_SUFFIX #define SUBTARGET_LINK_EMUL_SUFFIX "%{mfdpic:_fd;:_linux}" diff --git a/gcc/config/sparc/linux.h b/gcc/config/sparc/linux.h -index 2db9ea2172e..1979cfff5d3 100644 +index 08476f1d94d..80440e712ad 100644 --- a/gcc/config/sparc/linux.h +++ b/gcc/config/sparc/linux.h -@@ -83,7 +83,7 @@ extern const char *host_detect_local_cpu (int argc, const char **argv); +@@ -84,7 +84,7 @@ extern const char *host_detect_local_cpu (int argc, const char **argv); When the -shared link option is used a final link is not being done. */ @@ -213,7 +227,7 @@ index 2db9ea2172e..1979cfff5d3 100644 #undef LINK_SPEC #define LINK_SPEC "-m elf32_sparc %{shared:-shared} \ diff --git a/gcc/config/sparc/linux64.h b/gcc/config/sparc/linux64.h -index 21e13001951..d39c38a531f 100644 +index 789d1df4bd5..b920c680fb1 100644 --- a/gcc/config/sparc/linux64.h +++ b/gcc/config/sparc/linux64.h @@ -84,8 +84,8 @@ along with GCC; see the file COPYING3. If not see diff --git a/poky/meta/recipes-devtools/gdb/gdb-8.3.inc b/poky/meta/recipes-devtools/gdb/gdb-8.3.inc index db8d5f349..a5ef936fb 100644 --- a/poky/meta/recipes-devtools/gdb/gdb-8.3.inc +++ b/poky/meta/recipes-devtools/gdb/gdb-8.3.inc @@ -16,6 +16,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \ file://0009-Change-order-of-CFLAGS.patch \ file://0010-resolve-restrict-keyword-conflict.patch \ file://0011-Fix-invalid-sigprocmask-call.patch \ + file://CVE-2017-9778.patch \ " SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" SRC_URI[sha256sum] = "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" diff --git a/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch b/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch new file mode 100644 index 000000000..f142ed00d --- /dev/null +++ b/poky/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch @@ -0,0 +1,98 @@ +From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001 +From: Sandra Loosemore <sandra@codesourcery.com> +Date: Thu, 25 Apr 2019 07:27:02 -0700 +Subject: [PATCH] Detect invalid length field in debug frame FDE header. + +GDB was failing to catch cases where a corrupt ELF or core file +contained an invalid length value in a Dwarf debug frame FDE header. +It was checking for buffer overflow but not cases where the length was +negative or caused pointer wrap-around. + +In addition to the additional validity check, this patch cleans up the +multiple signed/unsigned conversions on the length field so that an +unsigned representation is used consistently throughout. + +This patch fixes CVE-2017-9778 and PR gdb/21600. + +2019-04-25 Sandra Loosemore <sandra@codesourcery.com> + Kang Li <kanglictf@gmail.com> + + PR gdb/21600 + + * dwarf2-frame.c (read_initial_length): Be consistent about using + unsigned representation of length. + (decode_frame_entry_1): Likewise. Check for wraparound of + end pointer as well as buffer overflow. + +Upstream-Status: Backport +CVE: CVE-2017-9778 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + gdb/ChangeLog | 10 ++++++++++ + gdb/dwarf2-frame.c | 14 +++++++------- + 2 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/gdb/ChangeLog b/gdb/ChangeLog +index 1c125de..d028d2b 100644 +--- a/gdb/ChangeLog ++++ b/gdb/ChangeLog +@@ -1,3 +1,13 @@ ++2019-04-25 Sandra Loosemore <sandra@codesourcery.com> ++ Kang Li <kanglictf@gmail.com> ++ ++ PR gdb/21600 ++ ++ * dwarf2-frame.c (read_initial_length): Be consistent about using ++ unsigned representation of length. ++ (decode_frame_entry_1): Likewise. Check for wraparound of ++ end pointer as well as buffer overflow. ++ + 2019-05-11 Joel Brobecker <brobecker@adacore.com> + + * version.in: Set GDB version number to 8.3. +diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c +index 178ac44..dc5d3b3 100644 +--- a/gdb/dwarf2-frame.c ++++ b/gdb/dwarf2-frame.c +@@ -1488,7 +1488,7 @@ static ULONGEST + read_initial_length (bfd *abfd, const gdb_byte *buf, + unsigned int *bytes_read_ptr) + { +- LONGEST result; ++ ULONGEST result; + + result = bfd_get_32 (abfd, buf); + if (result == 0xffffffff) +@@ -1789,7 +1789,7 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start, + { + struct gdbarch *gdbarch = get_objfile_arch (unit->objfile); + const gdb_byte *buf, *end; +- LONGEST length; ++ ULONGEST length; + unsigned int bytes_read; + int dwarf64_p; + ULONGEST cie_id; +@@ -1800,15 +1800,15 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start, + buf = start; + length = read_initial_length (unit->abfd, buf, &bytes_read); + buf += bytes_read; +- end = buf + length; +- +- /* Are we still within the section? */ +- if (end > unit->dwarf_frame_buffer + unit->dwarf_frame_size) +- return NULL; ++ end = buf + (size_t) length; + + if (length == 0) + return end; + ++ /* Are we still within the section? */ ++ if (end <= buf || end > unit->dwarf_frame_buffer + unit->dwarf_frame_size) ++ return NULL; ++ + /* Distinguish between 32 and 64-bit encoded frame info. */ + dwarf64_p = (bytes_read == 12); + +-- +2.20.1 + diff --git a/poky/meta/recipes-devtools/git/git.inc b/poky/meta/recipes-devtools/git/git.inc index 26a22ac1e..6e137432f 100644 --- a/poky/meta/recipes-devtools/git/git.inc +++ b/poky/meta/recipes-devtools/git/git.inc @@ -13,6 +13,8 @@ S = "${WORKDIR}/git-${PV}" LIC_FILES_CHKSUM = "file://COPYING;md5=7c0d7ef03a7eb04ce795b0f60e68e7e1" +CVE_PRODUCT = "git-scm:git" + PACKAGECONFIG ??= "" PACKAGECONFIG[cvsserver] = "" PACKAGECONFIG[svn] = "" diff --git a/poky/meta/recipes-devtools/git/git_2.21.0.bb b/poky/meta/recipes-devtools/git/git_2.21.0.bb deleted file mode 100644 index 434ff8f3d..000000000 --- a/poky/meta/recipes-devtools/git/git_2.21.0.bb +++ /dev/null @@ -1,11 +0,0 @@ -require git.inc - -EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ - ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \ - " -EXTRA_OEMAKE += "NO_GETTEXT=1" - -SRC_URI[tarball.md5sum] = "b8e00c2997774c5d4aaf26fd9d9aaf64" -SRC_URI[tarball.sha256sum] = "85eca51c7404da75e353eba587f87fea9481ba41e162206a6f70ad8118147bee" -SRC_URI[manpages.md5sum] = "8a168697b99a9a3f04f29f7d4bacd70b" -SRC_URI[manpages.sha256sum] = "14c76ebb4e31f9e55cf5338a04fd3a13bced0323cd51794ccf45fc74bd0c1080" diff --git a/poky/meta/recipes-devtools/git/git_2.22.0.bb b/poky/meta/recipes-devtools/git/git_2.22.0.bb new file mode 100644 index 000000000..9e55fd6ea --- /dev/null +++ b/poky/meta/recipes-devtools/git/git_2.22.0.bb @@ -0,0 +1,11 @@ +require git.inc + +EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ + ac_cv_fread_reads_directories=${ac_cv_fread_reads_directories=yes} \ + " +EXTRA_OEMAKE += "NO_GETTEXT=1" + +SRC_URI[tarball.md5sum] = "6deab33485c07cb3391ea0f255a936f2" +SRC_URI[tarball.sha256sum] = "a4b7e4365bee43caa12a38d646d2c93743d755d1cea5eab448ffb40906c9da0b" +SRC_URI[manpages.md5sum] = "d6cb42f12185a47ce3adaac24a1ded50" +SRC_URI[manpages.sha256sum] = "f6a5750dfc4a0aa5ec0c0cc495d4995d1f36ed47591c3941be9756c1c3a1aa0a" diff --git a/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb b/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb index 2b4563d4f..dcbd05aed 100644 --- a/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb +++ b/poky/meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb @@ -34,8 +34,9 @@ RDEPENDS_${PN}-misc = "${PN} perl perl-module-posix \ " ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "i2cdetect i2cdump i2cget i2cset" +ALTERNATIVE_${PN} = "i2cdetect i2cdump i2cget i2cset i2ctransfer" ALTERNATIVE_LINK_NAME[i2cdetect] = "${sbindir}/i2cdetect" ALTERNATIVE_LINK_NAME[i2cdump] = "${sbindir}/i2cdump" ALTERNATIVE_LINK_NAME[i2cget] = "${sbindir}/i2cget" ALTERNATIVE_LINK_NAME[i2cset] = "${sbindir}/i2cset" +ALTERNATIVE_LINK_NAME[i2ctransfer] = "${sbindir}/i2ctransfer" diff --git a/poky/meta/recipes-devtools/librepo/librepo_1.10.3.bb b/poky/meta/recipes-devtools/librepo/librepo_1.10.4.bb index d7c83edce..50c9a82e7 100644 --- a/poky/meta/recipes-devtools/librepo/librepo_1.10.3.bb +++ b/poky/meta/recipes-devtools/librepo/librepo_1.10.4.bb @@ -7,7 +7,7 @@ SRC_URI = "git://github.com/rpm-software-management/librepo.git \ file://0004-Set-gpgme-variables-with-pkg-config-not-with-cmake-m.patch \ " -SRCREV = "2eb0a27031956fd98340ca2707f03abb7b780372" +SRCREV = "9b2df22dbcdf9352672334098fff56335aa10423" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch b/poky/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch new file mode 100755 index 000000000..5add0cca3 --- /dev/null +++ b/poky/meta/recipes-devtools/libtool/libtool/debian-no_hostname.patch @@ -0,0 +1,21 @@ +libtool: remove host specific info from header file + +https://sources.debian.org/data/main/libt/libtool/2.4.6-10/debian/patches/ + no_hostname.patch + +Upstream-Status: Inappropriate [not author] +Signed-off-by: Joe Slater <joe.slater@windriver.com> + +--- +Index: libtool-2.4.6/m4/libtool.m4 +=================================================================== +--- libtool-2.4.6.orig/m4/libtool.m4 ++++ libtool-2.4.6/m4/libtool.m4 +@@ -728,7 +728,6 @@ _LT_CONFIG_SAVE_COMMANDS([ + cat <<_LT_EOF >> "$cfgfile" + #! $SHELL + # Generated automatically by $as_me ($PACKAGE) $VERSION +-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: + # NOTE: Changes made to this file will be lost: look at ltmain.sh. + + # Provide generalized library-building support services. diff --git a/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb b/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb index f5fdd00e5..a5715faaa 100644 --- a/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb +++ b/poky/meta/recipes-devtools/libtool/libtool_2.4.6.bb @@ -1,6 +1,6 @@ require libtool-${PV}.inc -SRC_URI += "file://multilib.patch" +SRC_URI += "file://multilib.patch file://debian-no_hostname.patch" RDEPENDS_${PN} += "bash" diff --git a/poky/meta/recipes-devtools/meson/nativesdk-meson_0.50.1.bb b/poky/meta/recipes-devtools/meson/nativesdk-meson_0.50.1.bb index 1549357a5..1756f342c 100644 --- a/poky/meta/recipes-devtools/meson/nativesdk-meson_0.50.1.bb +++ b/poky/meta/recipes-devtools/meson/nativesdk-meson_0.50.1.bb @@ -16,11 +16,6 @@ def meson_endian(prefix, d): else: bb.fatal("Cannot determine endianism for %s-%s" % (arch, os)) -MESON_TOOLCHAIN_ARGS = "${BUILDSDK_CC_ARCH}${TOOLCHAIN_OPTIONS}" -MESON_C_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_CFLAGS}" -MESON_CPP_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_CXXFLAGS}" -MESON_LINK_ARGS = "${MESON_TOOLCHAIN_ARGS} ${BUILDSDK_LDFLAGS}" - # The cross file logic is similar but not identical to that in meson.bbclass, # since it's generating for an SDK rather than a cross-compile. Important # differences are: diff --git a/poky/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch b/poky/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch new file mode 100644 index 000000000..6e3f909d0 --- /dev/null +++ b/poky/meta/recipes-devtools/nasm/nasm/CVE-2018-19755.patch @@ -0,0 +1,116 @@ +From 3079f7966dbed4497e36d5067cbfd896a90358cb Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov <gorcunov@gmail.com> +Date: Wed, 14 Nov 2018 10:03:42 +0300 +Subject: [PATCH] preproc: Fix malformed parameter count + +readnum returns 64bit number which may become +a negative integer upon conversion which in +turn lead to out of bound array access. + +Fix it by explicit conversion with bounds check + + | POC6:2: error: parameter count `2222222222' is out of bounds [0; 2147483647] + +https://bugzilla.nasm.us/show_bug.cgi?id=3392528 + +Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> + +Upstream-Status: Backport +CVE: CVE-2018-19755 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + asm/preproc.c | 43 +++++++++++++++++++++---------------------- + 1 file changed, 21 insertions(+), 22 deletions(-) + +diff --git a/asm/preproc.c b/asm/preproc.c +index b6afee3..e5ad05a 100644 +--- a/asm/preproc.c ++++ b/asm/preproc.c +@@ -1650,6 +1650,23 @@ smacro_defined(Context * ctx, const char *name, int nparam, SMacro ** defn, + return false; + } + ++/* param should be a natural number [0; INT_MAX] */ ++static int read_param_count(const char *str) ++{ ++ int result; ++ bool err; ++ ++ result = readnum(str, &err); ++ if (result < 0 || result > INT_MAX) { ++ result = 0; ++ nasm_error(ERR_NONFATAL, "parameter count `%s' is out of bounds [%d; %d]", ++ str, 0, INT_MAX); ++ } else if (err) { ++ nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'", str); ++ } ++ return result; ++} ++ + /* + * Count and mark off the parameters in a multi-line macro call. + * This is called both from within the multi-line macro expansion +@@ -1871,11 +1888,7 @@ static bool if_condition(Token * tline, enum preproc_token ct) + pp_directives[ct]); + } else { + searching.nparam_min = searching.nparam_max = +- readnum(tline->text, &j); +- if (j) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", +- tline->text); ++ read_param_count(tline->text); + } + if (tline && tok_is_(tline->next, "-")) { + tline = tline->next->next; +@@ -1886,11 +1899,7 @@ static bool if_condition(Token * tline, enum preproc_token ct) + "`%s' expects a parameter count after `-'", + pp_directives[ct]); + else { +- searching.nparam_max = readnum(tline->text, &j); +- if (j) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", +- tline->text); ++ searching.nparam_max = read_param_count(tline->text); + if (searching.nparam_min > searching.nparam_max) { + nasm_error(ERR_NONFATAL, + "minimum parameter count exceeds maximum"); +@@ -2079,8 +2088,6 @@ static void undef_smacro(Context *ctx, const char *mname) + */ + static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + { +- bool err; +- + tline = tline->next; + skip_white_(tline); + tline = expand_id(tline); +@@ -2103,11 +2110,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + if (!tok_type_(tline, TOK_NUMBER)) { + nasm_error(ERR_NONFATAL, "`%s' expects a parameter count", directive); + } else { +- def->nparam_min = def->nparam_max = +- readnum(tline->text, &err); +- if (err) +- nasm_error(ERR_NONFATAL, +- "unable to parse parameter count `%s'", tline->text); ++ def->nparam_min = def->nparam_max = read_param_count(tline->text); + } + if (tline && tok_is_(tline->next, "-")) { + tline = tline->next->next; +@@ -2117,11 +2120,7 @@ static bool parse_mmacro_spec(Token *tline, MMacro *def, const char *directive) + nasm_error(ERR_NONFATAL, + "`%s' expects a parameter count after `-'", directive); + } else { +- def->nparam_max = readnum(tline->text, &err); +- if (err) { +- nasm_error(ERR_NONFATAL, "unable to parse parameter count `%s'", +- tline->text); +- } ++ def->nparam_max = read_param_count(tline->text); + if (def->nparam_min > def->nparam_max) { + nasm_error(ERR_NONFATAL, "minimum parameter count exceeds maximum"); + def->nparam_max = def->nparam_min; +-- +2.10.5.GIT + diff --git a/poky/meta/recipes-devtools/nasm/nasm_2.14.02.bb b/poky/meta/recipes-devtools/nasm/nasm_2.14.02.bb index ecec78d8e..e4f964ce9 100644 --- a/poky/meta/recipes-devtools/nasm/nasm_2.14.02.bb +++ b/poky/meta/recipes-devtools/nasm/nasm_2.14.02.bb @@ -3,7 +3,9 @@ SECTION = "devel" LICENSE = "BSD-2-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" -SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2" +SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ + file://CVE-2018-19755.patch \ + " SRC_URI[md5sum] = "3f489aa48ad2aa1f967dc5e293bbd06f" SRC_URI[sha256sum] = "34fd26c70a277a9fdd54cb5ecf389badedaf48047b269d1008fbc819b24e80bc" diff --git a/poky/meta/recipes-devtools/ninja/ninja_1.9.0.bb b/poky/meta/recipes-devtools/ninja/ninja_1.9.0.bb index 1b0632896..f1236e8ac 100644 --- a/poky/meta/recipes-devtools/ninja/ninja_1.9.0.bb +++ b/poky/meta/recipes-devtools/ninja/ninja_1.9.0.bb @@ -17,11 +17,11 @@ S = "${WORKDIR}/git" do_configure[noexec] = "1" do_compile_class-native() { - ./configure.py --bootstrap + python3 ./configure.py --bootstrap } do_compile() { - ./configure.py + python3 ./configure.py ninja } diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch deleted file mode 100644 index 47d1b3c37..000000000 --- a/poky/meta/recipes-devtools/opkg/opkg/0001-libopkg-add-add-ignore-recommends-option.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 64aa98646a17c299bf37af2975b98daf5d7d30b4 Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Thu, 31 Jan 2019 18:16:08 -0600 -Subject: [PATCH] libopkg: add --add-ignore-recommends option - -Add option to ignore specific recommended packages. On the libsolv -backed, this feature will only work on libsolv version > 0.7.2 [1]. - -[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openSUSE_libsolv_issues_254&d=DwIBaQ&c=I_0YwoKy7z5LMTVdyO6YCiE2uzI1jjZZuIPelcSjixA&r=wNcrL2akRn6jfxhHaKavUrJB_C9JAMXtynjLd8ZzgXQ&m=GObNHzFJpWpf_PripIrf-K2RhsktYdAUEieAJexXOKw&s=3G-meChUqClFggFPqsrAxIZBfLnRKIHm62Uuy1X6nQQ&e= - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> - -Upstream-Status: Accepted ---- - libopkg/opkg_conf.c | 2 + - libopkg/opkg_conf.h | 1 + - .../solvers/internal/pkg_depends_internal.c | 3 +- - libopkg/solvers/libsolv/opkg_solver_libsolv.c | 21 ++++++- - man/opkg.1.in | 3 + - src/opkg.c | 6 ++ - tests/Makefile | 1 + - tests/core/43_add_ignore_recommends.py | 62 +++++++++++++++++++ - 8 files changed, 97 insertions(+), 2 deletions(-) - create mode 100755 tests/core/43_add_ignore_recommends.py - -diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c -index 06880a1..f2330cd 100644 ---- a/libopkg/opkg_conf.c -+++ b/libopkg/opkg_conf.c -@@ -597,6 +597,7 @@ int opkg_conf_init(void) - pkg_dest_list_init(&opkg_config->tmp_dest_list); - nv_pair_list_init(&opkg_config->arch_list); - str_list_init(&opkg_config->exclude_list); -+ str_list_init(&opkg_config->ignore_recommends_list); - - return 0; - } -@@ -938,6 +939,7 @@ void opkg_conf_deinit(void) - pkg_dest_list_deinit(&opkg_config->pkg_dest_list); - nv_pair_list_deinit(&opkg_config->arch_list); - str_list_deinit(&opkg_config->exclude_list); -+ str_list_deinit(&opkg_config->ignore_recommends_list); - - if (opkg_config->verbosity >= DEBUG) { - hash_print_stats(&opkg_config->pkg_hash); -diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h -index eb56a29..316c500 100644 ---- a/libopkg/opkg_conf.h -+++ b/libopkg/opkg_conf.h -@@ -61,6 +61,7 @@ typedef struct opkg_conf { - pkg_dest_list_t tmp_dest_list; - nv_pair_list_t arch_list; - str_list_t exclude_list; -+ str_list_t ignore_recommends_list; - - int restrict_to_default_dest; - pkg_dest_t *default_dest; -diff --git a/libopkg/solvers/internal/pkg_depends_internal.c b/libopkg/solvers/internal/pkg_depends_internal.c -index cd56d84..5deee70 100644 ---- a/libopkg/solvers/internal/pkg_depends_internal.c -+++ b/libopkg/solvers/internal/pkg_depends_internal.c -@@ -228,7 +228,8 @@ int pkg_hash_fetch_unsatisfied_dependencies(pkg_t *pkg, - || compound_depend->type == SUGGEST) - && (satisfying_pkg->state_want == SW_DEINSTALL - || satisfying_pkg->state_want == SW_PURGE -- || opkg_config->no_install_recommends); -+ || opkg_config->no_install_recommends -+ || str_list_contains(&opkg_config->ignore_recommends_list, satisfying_pkg->name)); - if (ignore) { - opkg_msg(NOTICE, - "%s: ignoring recommendation for " -diff --git a/libopkg/solvers/libsolv/opkg_solver_libsolv.c b/libopkg/solvers/libsolv/opkg_solver_libsolv.c -index 2b27e3a..403e07b 100644 ---- a/libopkg/solvers/libsolv/opkg_solver_libsolv.c -+++ b/libopkg/solvers/libsolv/opkg_solver_libsolv.c -@@ -484,6 +484,7 @@ static void pkg2solvable(pkg_t *pkg, Solvable *solvable_out) - static void populate_installed_repo(libsolv_solver_t *libsolv_solver) - { - int i; -+ Id what; - - pkg_vec_t *installed_pkgs = pkg_vec_alloc(); - -@@ -507,6 +508,15 @@ static void populate_installed_repo(libsolv_solver_t *libsolv_solver) - /* set solvable attributes */ - pkg2solvable(pkg, solvable); - -+ /* if the package is in ignore-recommends-list, disfavor installation */ -+ if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) { -+ opkg_message(NOTICE, "Disfavor package: %s\n", -+ pkg->name); -+ what = pool_str2id(libsolv_solver->pool, pkg->name, 1); -+ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME -+ | SOLVER_DISFAVOR, what); -+ } -+ - /* if the package is not autoinstalled, mark it as user installed */ - if (!pkg->auto_installed) - queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE -@@ -539,7 +549,7 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver) - { - int i; - Solvable *solvable; -- Id solvable_id; -+ Id solvable_id, what; - - pkg_vec_t *available_pkgs = pkg_vec_alloc(); - -@@ -608,6 +618,15 @@ static void populate_available_repos(libsolv_solver_t *libsolv_solver) - solvable = pool_id2solvable(libsolv_solver->pool, solvable_id); - pkg2solvable(pkg, solvable); - -+ /* if the package is in ignore-recommends-list, disfavor installation */ -+ if (str_list_contains(&opkg_config->ignore_recommends_list, pkg->name)) { -+ opkg_message(NOTICE, "Disfavor package: %s\n", -+ pkg->name); -+ what = pool_str2id(libsolv_solver->pool, pkg->name, 1); -+ queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE_NAME -+ | SOLVER_DISFAVOR, what); -+ } -+ - /* if the --force-depends option is specified make dependencies weak */ - if (opkg_config->force_depends) - queue_push2(&libsolv_solver->solver_jobs, SOLVER_SOLVABLE -diff --git a/man/opkg.1.in b/man/opkg.1.in -index 27fa9c1..f192c3b 100644 ---- a/man/opkg.1.in -+++ b/man/opkg.1.in -@@ -162,6 +162,9 @@ priority \fIprio\fP. Lower priorities take precedence. - \fB\--add-exclude <\fIname\fP>\fR - Register package to be excluded from install - .TP -+\fB\--add-ignore-recommends <\fIname\fP>\fR -+Register package to be ignored as a recomendee -+.TP - \fB\--prefer-arch-to-version\fR - Use the architecture priority package rather than the higher version - one if more than one candidate is found. -diff --git a/src/opkg.c b/src/opkg.c -index 650e278..3c93a3b 100644 ---- a/src/opkg.c -+++ b/src/opkg.c -@@ -51,6 +51,7 @@ enum { - ARGS_OPT_ADD_DEST, - ARGS_OPT_SIZE, - ARGS_OPT_ADD_EXCLUDE, -+ ARGS_OPT_ADD_IGNORE_RECOMMENDS, - ARGS_OPT_NOACTION, - ARGS_OPT_DOWNLOAD_ONLY, - ARGS_OPT_NODEPS, -@@ -112,6 +113,7 @@ static struct option long_options[] = { - {"add-dest", 1, 0, ARGS_OPT_ADD_DEST}, - {"size", 0, 0, ARGS_OPT_SIZE}, - {"add-exclude", 1, 0, ARGS_OPT_ADD_EXCLUDE}, -+ {"add-ignore-recommends", 1, 0, ARGS_OPT_ADD_IGNORE_RECOMMENDS}, - {"test", 0, 0, ARGS_OPT_NOACTION}, - {"tmp-dir", 1, 0, 't'}, - {"tmp_dir", 1, 0, 't'}, -@@ -234,6 +236,9 @@ static int args_parse(int argc, char *argv[]) - case ARGS_OPT_ADD_EXCLUDE: - str_list_append(&opkg_config->exclude_list, optarg); - break; -+ case ARGS_OPT_ADD_IGNORE_RECOMMENDS: -+ str_list_append(&opkg_config->ignore_recommends_list, optarg); -+ break; - case ARGS_OPT_SIZE: - opkg_config->size = 1; - break; -@@ -343,6 +348,7 @@ static void usage() - printf("\t--add-dest <name>:<path> Register destination with given path\n"); - printf("\t--add-arch <arch>:<prio> Register architecture with given priority\n"); - printf("\t--add-exclude <name> Register package to be excluded from install\n"); -+ printf("\t--add-ignore-recommends <name> Register package to be ignored as a recomendee\n"); - printf("\t--prefer-arch-to-version Use the architecture priority package rather\n"); - printf("\t than the higher version one if more\n"); - printf("\t than one candidate is found.\n"); -diff --git a/tests/Makefile b/tests/Makefile -index 8e5be08..799816d 100644 ---- a/tests/Makefile -+++ b/tests/Makefile -@@ -42,6 +42,7 @@ REGRESSION_TESTS := core/01_install.py \ - core/40_arch.py \ - core/41_info_fields.py \ - core/42_info_description.py \ -+ core/43_add_ignore_recommends.py \ - regress/issue26.py \ - regress/issue31.py \ - regress/issue32.py \ -diff --git a/tests/core/43_add_ignore_recommends.py b/tests/core/43_add_ignore_recommends.py -new file mode 100755 -index 0000000..7da0096 ---- /dev/null -+++ b/tests/core/43_add_ignore_recommends.py -@@ -0,0 +1,62 @@ -+#! /usr/bin/env python3 -+# -+# Create package 'a' (1.0) which Recommends 'c'. -+# Install 'a' with --add-ignore-recommends 'c'. -+# Check that only 'a' (1.0) is installed. -+# Create package 'b' which Depends on 'c'. -+# Install 'a' & 'b', with --add-ignore-recommends 'c'. -+# Verify that 'a','b' & 'c' are installed. -+# Uninstall 'b' & 'c'. -+# Create package 'a' (2.0), which Recommends 'c'. -+# Upgrade 'a' with --add-ignore-recommends 'c' -+# Verify that only 'a' (2.0) is installed -+# -+ -+import os -+import opk, cfg, opkgcl -+ -+opk.regress_init() -+o = opk.OpkGroup() -+ -+o.add(Package='a', Recommends='c', Version='1.0') -+o.add(Package='b', Depends='c') -+o.add(Package='c') -+o.write_opk() -+o.write_list() -+ -+opkgcl.update() -+ -+opkgcl.install('a', '--add-ignore-recommends c') -+ -+if not opkgcl.is_installed('a'): -+ opk.fail("Package 'a' installed but reports as not installed.") -+ -+if opkgcl.is_installed('c'): -+ opk.xfail("[libsolv<0.7.3] Package 'c' should not have been installed since it was in --add-ignore-recommends.") -+ -+opkgcl.remove('a') -+opkgcl.install('a b', '--add-ignore-recommends c') -+ -+if not opkgcl.is_installed('a'): -+ opk.fail("Package 'a' installed but reports as not installed.") -+ -+if not opkgcl.is_installed('b'): -+ opk.fail("Package 'b' installed but reports as not installed.") -+ -+if not opkgcl.is_installed('c'): -+ opk.fail("Package 'c' should have been installed since 'b' depends on it.") -+ -+opkgcl.remove('b c', '--force-depends') -+o.add(Package='a', Recommends='c', Version='2.0') -+o.write_opk() -+o.write_list() -+ -+opkgcl.update() -+ -+opkgcl.upgrade('a', '--add-ignore-recommends c') -+ -+if not opkgcl.is_installed('a', '2.0'): -+ opk.fail("Package 'a (2.0)' installed but reports as not installed.") -+ -+if opkgcl.is_installed('c'): -+ opk.fail("Package 'c' should not have been installed since it was in --add-ignore-recommends.") --- -2.20.1 - diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-opkg-add-target-for-testsuite-installation.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-opkg-add-target-for-testsuite-installation.patch deleted file mode 100644 index 951c18676..000000000 --- a/poky/meta/recipes-devtools/opkg/opkg/0001-opkg-add-target-for-testsuite-installation.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 8fb0364bd0e19f35c20616dd1ab10aa00e08fa8f Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Wed, 10 Apr 2019 14:49:43 -0500 -Subject: [PATCH] opkg: add target for testsuite installation - -- Add target to install testsuite -- Add override of opkg binary used during test via OPKG_PATH environment -variable. - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> ---- -Upstream-Status: Submitted - - Makefile.am | 5 +++++ - tests/cfg.py | 2 +- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index 90cfcae..1f6a784 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -18,3 +18,8 @@ run-tests: - $(MAKE) -C tests DATADIR=@datadir@ SYSCONFDIR=@sysconfdir@ VARDIR=@localstatedir@ - - check: run-tests -+ -+install-ptest: -+ cp -r $(srcdir)/tests $(DESTDIR) -+ cp Makefile $(DESTDIR) -+ sed -e 's/^Makefile/_Makefile/' < Makefile > $(DESTDIR)/Makefile -diff --git a/tests/cfg.py b/tests/cfg.py -index 4efaff6..ca59d03 100644 ---- a/tests/cfg.py -+++ b/tests/cfg.py -@@ -2,4 +2,4 @@ import os - - opkdir = "/tmp/opk" - offline_root = "/tmp/opkg" --opkgcl = os.path.realpath("../src/opkg") -+opkgcl = os.getenv('OPKG_PATH', os.path.realpath("../src/opkg")) --- -2.20.1 - diff --git a/poky/meta/recipes-devtools/opkg/opkg/0001-regress-issue72.py-resolve-paths-before-comparision.patch b/poky/meta/recipes-devtools/opkg/opkg/0001-regress-issue72.py-resolve-paths-before-comparision.patch deleted file mode 100644 index 75ecb5fb4..000000000 --- a/poky/meta/recipes-devtools/opkg/opkg/0001-regress-issue72.py-resolve-paths-before-comparision.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5f005830eea7d03c02107a3a3fc58907b0a037bf Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Mon, 8 Apr 2019 11:14:56 -0500 -Subject: [PATCH] regress/issue72.py: resolve paths before comparision - -In systems that have a volatile /tmp, the test incorrectly fails since -it doesn't resolve the real path in all cases. - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> ---- -Upstream-Status: Submitted - - tests/regress/issue72.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/regress/issue72.py b/tests/regress/issue72.py -index 1626877..2f24dec 100755 ---- a/tests/regress/issue72.py -+++ b/tests/regress/issue72.py -@@ -56,7 +56,7 @@ if not os.path.lexists("{}/{}".format(cfg.offline_root, long_filename2)): - "not created.") - - linky = os.path.realpath("{}/{}".format(cfg.offline_root, long_filename2)) --linky_dst = "{}/{}".format(cfg.offline_root, long_filename) -+linky_dst = os.path.realpath("{}/{}".format(cfg.offline_root, long_filename)) - if linky != linky_dst: - opk.fail("symlink path truncated.") - --- -2.20.1 - diff --git a/poky/meta/recipes-devtools/opkg/opkg_0.4.0.bb b/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb index e2305d096..627086289 100644 --- a/poky/meta/recipes-devtools/opkg/opkg_0.4.0.bb +++ b/poky/meta/recipes-devtools/opkg/opkg_0.4.1.bb @@ -14,14 +14,11 @@ PE = "1" SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz \ file://opkg.conf \ file://0001-opkg_conf-create-opkg.lock-in-run-instead-of-var-run.patch \ - file://0001-libopkg-add-add-ignore-recommends-option.patch \ - file://0001-regress-issue72.py-resolve-paths-before-comparision.patch \ - file://0001-opkg-add-target-for-testsuite-installation.patch \ file://run-ptest \ " -SRC_URI[md5sum] = "ae51d95fee599bb4dce08453529158f5" -SRC_URI[sha256sum] = "f6c00515d8a2ad8f6742a8e73830315d1983ed0459cba77c4d656cfc9e7fe6fe" +SRC_URI[md5sum] = "ba0c21305fc93b26e844981ef100dc85" +SRC_URI[sha256sum] = "45ac1e037d3877f635d883f8a555e172883a25d3eeb7986c75890fdd31250a43" # This needs to be before ptest inherit, otherwise all ptest files end packaged # in libopkg package if OPKGLIBDIR == libdir, because default @@ -31,7 +28,7 @@ PACKAGES =+ "libopkg" inherit autotools pkgconfig systemd ptest target_localstatedir := "${localstatedir}" -OPKGLIBDIR = "${target_localstatedir}/lib" +OPKGLIBDIR ??= "${target_localstatedir}/lib" PACKAGECONFIG ??= "libsolv" @@ -45,6 +42,16 @@ PACKAGECONFIG[libsolv] = "--with-libsolv,--without-libsolv,libsolv" EXTRA_OECONF_class-native = "--localstatedir=/${@os.path.relpath('${localstatedir}', '${STAGING_DIR_NATIVE}')} --sysconfdir=/${@os.path.relpath('${sysconfdir}', '${STAGING_DIR_NATIVE}')}" +# Release tarball has unused binaries on the tests folder, automatically created by automake. +# For now, delete them to avoid packaging errors (wrong architecture) +do_unpack_append () { + bb.build.exec_func('remove_test_binaries', d) +} + +remove_test_binaries () { + rm ${WORKDIR}/opkg-${PV}/tests/libopkg_test* +} + do_install_append () { install -d ${D}${sysconfdir}/opkg install -m 0644 ${WORKDIR}/opkg.conf ${D}${sysconfdir}/opkg/opkg.conf @@ -54,6 +61,11 @@ do_install_append () { install -d ${D}${OPKGLIBDIR}/opkg } +do_install_ptest () { + sed -i -e '/@echo $^/d' ${D}${PTEST_PATH}/tests/Makefile + sed -i -e '/@PYTHONPATH=. $(PYTHON) $^/a\\t@if [ "$$?" != "0" ];then echo "FAIL:"$^;else echo "PASS:"$^;fi' ${D}${PTEST_PATH}/tests/Makefile +} + RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_update-alternatives} opkg-arch-config libarchive" RDEPENDS_${PN}_class-native = "" RDEPENDS_${PN}_class-nativesdk = "" diff --git a/poky/meta/recipes-devtools/perl/files/0001-enc2xs-Add-environment-variable-to-suppress-comments.patch b/poky/meta/recipes-devtools/perl/files/0001-enc2xs-Add-environment-variable-to-suppress-comments.patch index 07f153162..3a41820f4 100644 --- a/poky/meta/recipes-devtools/perl/files/0001-enc2xs-Add-environment-variable-to-suppress-comments.patch +++ b/poky/meta/recipes-devtools/perl/files/0001-enc2xs-Add-environment-variable-to-suppress-comments.patch @@ -8,7 +8,7 @@ ENC2XS_NO_COMMENTS environment variable. This allows enc2xs to produce reproducible output by omitting the name of the generating program. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> -Upstream-status: Accepted [https://github.com/dankogai/p5-encode/pull/145] +Upstream-Status: Accepted [https://github.com/dankogai/p5-encode/pull/145] --- cpan/Encode/bin/enc2xs | 1 + 1 file changed, 1 insertion(+) diff --git a/poky/meta/recipes-devtools/perl/files/0002-Constant-Fix-up-shebang.patch b/poky/meta/recipes-devtools/perl/files/0002-Constant-Fix-up-shebang.patch index e70ff67f7..686cc7167 100644 --- a/poky/meta/recipes-devtools/perl/files/0002-Constant-Fix-up-shebang.patch +++ b/poky/meta/recipes-devtools/perl/files/0002-Constant-Fix-up-shebang.patch @@ -9,7 +9,7 @@ makes the file non-reproducible when building because ^X could be the absolute path to miniperl. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> -Upstream-status: Submitted [https://rt.cpan.org/Public/Bug/Display.html?id=129866] +Upstream-Status: Submitted [https://rt.cpan.org/Public/Bug/Display.html?id=129866] --- cpan/ExtUtils-Constant/lib/ExtUtils/Constant/XS.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.6.1.bb b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.6.3.bb index c60ef7422..94bc112b9 100644 --- a/poky/meta/recipes-devtools/pkgconf/pkgconf_1.6.1.bb +++ b/poky/meta/recipes-devtools/pkgconf/pkgconf_1.6.3.bb @@ -21,8 +21,8 @@ SRC_URI = "\ file://pkg-config-native.in \ file://pkg-config-esdk.in \ " -SRC_URI[md5sum] = "556bae2b9e0cc7b46e7c00083cb6d95d" -SRC_URI[sha256sum] = "22b9ee38438901f9d60f180e5182821180854fa738fd071f593ea26a81da208c" +SRC_URI[md5sum] = "f93fb1be95a5cb62e43c219c82b5791a" +SRC_URI[sha256sum] = "61f0b31b0d5ea0e862b454a80c170f57bad47879c0c42bd8de89200ff62ea210" inherit autotools diff --git a/poky/meta/recipes-devtools/python/python.inc b/poky/meta/recipes-devtools/python/python.inc index 779df5352..8d0e90862 100644 --- a/poky/meta/recipes-devtools/python/python.inc +++ b/poky/meta/recipes-devtools/python/python.inc @@ -8,6 +8,11 @@ INC_PR = "r1" LIC_FILES_CHKSUM = "file://LICENSE;md5=e466242989bd33c1bd2b6a526a742498" SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ + file://bpo-35907-cve-2019-9948.patch \ + file://bpo-35907-cve-2019-9948-fix.patch \ + file://bpo-36216-cve-2019-9636.patch \ + file://bpo-36216-cve-2019-9636-fix.patch \ + file://CVE-2019-9740.patch \ " SRC_URI[md5sum] = "30157d85a2c0479c09ea2cbe61f2aaf5" diff --git a/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch new file mode 100644 index 000000000..066ac6829 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python/CVE-2019-9740.patch @@ -0,0 +1,215 @@ +From bb8071a4cae5ab3fe321481dd3d73662ffb26052 Mon Sep 17 00:00:00 2001 +From: Victor Stinner <victor.stinner@gmail.com> +Date: Tue, 21 May 2019 15:12:33 +0200 +Subject: [PATCH] bpo-30458: Disallow control chars in http URLs (GH-12755) + (GH-13154) (GH-13315) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Disallow control chars in http URLs in urllib2.urlopen. This +addresses a potential security problem for applications that do not +sanity check their URLs where http request headers could be injected. + +Disable https related urllib tests on a build without ssl (GH-13032) +These tests require an SSL enabled build. Skip these tests when +python is built without SSL to fix test failures. + +Use httplib.InvalidURL instead of ValueError as the new error case's +exception. (GH-13044) + +Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz> + +(cherry picked from commit 7e200e0763f5b71c199aaf98bd5588f291585619) + +Notes on backport to Python 2.7: + +* test_urllib tests urllib.urlopen() which quotes the URL and so is + not vulerable to HTTP Header Injection. +* Add tests to test_urllib2 on urllib2.urlopen(). +* Reject non-ASCII characters: range 0x80-0xff. + +Upstream-Status: Backport +CVE: CVE-2019-9740 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + Lib/httplib.py | 16 ++++++ + Lib/test/test_urllib.py | 25 +++++++++ + Lib/test/test_urllib2.py | 51 ++++++++++++++++++- + Lib/test/test_xmlrpc.py | 8 ++- + .../2019-04-10-08-53-30.bpo-30458.51E-DA.rst | 1 + + 5 files changed, 99 insertions(+), 2 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst + +diff --git a/Lib/httplib.py b/Lib/httplib.py +index 60a8fb4e355f..1b41c346e090 100644 +--- a/Lib/httplib.py ++++ b/Lib/httplib.py +@@ -247,6 +247,16 @@ + _is_legal_header_name = re.compile(r'\A[^:\s][^:\r\n]*\Z').match + _is_illegal_header_value = re.compile(r'\n(?![ \t])|\r(?![ \t\n])').search + ++# These characters are not allowed within HTTP URL paths. ++# See https://tools.ietf.org/html/rfc3986#section-3.3 and the ++# https://tools.ietf.org/html/rfc3986#appendix-A pchar definition. ++# Prevents CVE-2019-9740. Includes control characters such as \r\n. ++# Restrict non-ASCII characters above \x7f (0x80-0xff). ++_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f-\xff]') ++# Arguably only these _should_ allowed: ++# _is_allowed_url_pchars_re = re.compile(r"^[/!$&'()*+,;=:@%a-zA-Z0-9._~-]+$") ++# We are more lenient for assumed real world compatibility purposes. ++ + # We always set the Content-Length header for these methods because some + # servers will otherwise respond with a 411 + _METHODS_EXPECTING_BODY = {'PATCH', 'POST', 'PUT'} +@@ -927,6 +937,12 @@ def putrequest(self, method, url, skip_host=0, skip_accept_encoding=0): + self._method = method + if not url: + url = '/' ++ # Prevent CVE-2019-9740. ++ match = _contains_disallowed_url_pchar_re.search(url) ++ if match: ++ raise InvalidURL("URL can't contain control characters. %r " ++ "(found at least %r)" ++ % (url, match.group())) + hdr = '%s %s %s' % (method, url, self._http_vsn_str) + + self._output(hdr) +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 1ce9201c0693..d7778d4194f3 100644 +--- a/Lib/test/test_urllib.py ++++ b/Lib/test/test_urllib.py +@@ -257,6 +257,31 @@ def test_url_fragment(self): + finally: + self.unfakehttp() + ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(char, resp.geturl()) ++ finally: ++ self.unfakehttp() ++ ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # urllib quotes the URL so there is no injection. ++ resp = urllib.urlopen("http:" + schemeless_url) ++ self.assertNotIn(' ', resp.geturl()) ++ self.assertNotIn('\r', resp.geturl()) ++ self.assertNotIn('\n', resp.geturl()) ++ finally: ++ self.unfakehttp() ++ + def test_read_bogus(self): + # urlopen() should raise IOError for many error codes. + self.fakehttp('''HTTP/1.1 401 Authentication Required +diff --git a/Lib/test/test_urllib2.py b/Lib/test/test_urllib2.py +index 6d24d5ddf83c..9531818e16b2 100644 +--- a/Lib/test/test_urllib2.py ++++ b/Lib/test/test_urllib2.py +@@ -15,6 +15,9 @@ + except ImportError: + ssl = None + ++from test.test_urllib import FakeHTTPMixin ++ ++ + # XXX + # Request + # CacheFTPHandler (hard to write) +@@ -1262,7 +1265,7 @@ def _test_basic_auth(self, opener, auth_handler, auth_header, + self.assertEqual(len(http_handler.requests), 1) + self.assertFalse(http_handler.requests[0].has_header(auth_header)) + +-class MiscTests(unittest.TestCase): ++class MiscTests(unittest.TestCase, FakeHTTPMixin): + + def test_build_opener(self): + class MyHTTPHandler(urllib2.HTTPHandler): pass +@@ -1317,6 +1320,52 @@ def test_unsupported_algorithm(self): + "Unsupported digest authentication algorithm 'invalid'" + ) + ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_control_char_rejected(self): ++ for char_no in range(0, 0x21) + range(0x7f, 0x100): ++ char = chr(char_no) ++ schemeless_url = "//localhost:7777/test%s/" % char ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ try: ++ # We explicitly test urllib.request.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ escaped_char_repr = repr(char).replace('\\', r'\\') ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp( ++ InvalidURL, "contain control.*" + escaped_char_repr): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ @unittest.skipUnless(ssl, "ssl module required") ++ def test_url_with_newline_header_injection_rejected(self): ++ self.fakehttp(b"HTTP/1.1 200 OK\r\n\r\nHello.") ++ host = "localhost:7777?a=1 HTTP/1.1\r\nX-injected: header\r\nTEST: 123" ++ schemeless_url = "//" + host + ":8080/test/?test=a" ++ try: ++ # We explicitly test urllib2.urlopen() instead of the top ++ # level 'def urlopen()' function defined in this... (quite ugly) ++ # test suite. They use different url opening codepaths. Plain ++ # urlopen uses FancyURLOpener which goes via a codepath that ++ # calls urllib.parse.quote() on the URL which makes all of the ++ # above attempts at injection within the url _path_ safe. ++ InvalidURL = httplib.InvalidURL ++ with self.assertRaisesRegexp( ++ InvalidURL, r"contain control.*\\r.*(found at least . .)"): ++ urllib2.urlopen("http:" + schemeless_url) ++ with self.assertRaisesRegexp(InvalidURL, r"contain control.*\\n"): ++ urllib2.urlopen("https:" + schemeless_url) ++ finally: ++ self.unfakehttp() ++ ++ + + class RequestTests(unittest.TestCase): + +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +index 36b3be67fd6b..90ccb30716ff 100644 +--- a/Lib/test/test_xmlrpc.py ++++ b/Lib/test/test_xmlrpc.py +@@ -659,7 +659,13 @@ def test_dotted_attribute(self): + def test_partial_post(self): + # Check that a partial POST doesn't make the server loop: issue #14001. + conn = httplib.HTTPConnection(ADDR, PORT) +- conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye') ++ conn.send('POST /RPC2 HTTP/1.0\r\n' ++ 'Content-Length: 100\r\n\r\n' ++ 'bye HTTP/1.1\r\n' ++ 'Host: %s:%s\r\n' ++ 'Accept-Encoding: identity\r\n' ++ 'Content-Length: 0\r\n\r\n' ++ % (ADDR, PORT)) + conn.close() + + class SimpleServerEncodingTestCase(BaseServerTestCase): +diff --git a/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst +new file mode 100644 +index 000000000000..47cb899df1af +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2019-04-10-08-53-30.bpo-30458.51E-DA.rst +@@ -0,0 +1 @@ ++Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an httplib.InvalidURL exception to be raised. diff --git a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb index c9bf8df42..923da3c00 100644 --- a/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb +++ b/poky/meta/recipes-devtools/python/python3-dbus_1.2.8.bb @@ -3,7 +3,7 @@ SECTION = "devel/python" HOMEPAGE = "http://www.freedesktop.org/Software/dbus" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=b03240518994df6d8c974675675e5ca4" -DEPENDS = "expat dbus dbus-glib virtual/libintl" +DEPENDS = "expat dbus glib-2.0 virtual/libintl" SRC_URI = "http://dbus.freedesktop.org/releases/dbus-python/dbus-python-${PV}.tar.gz \ " diff --git a/poky/meta/recipes-devtools/python/python3-docutils_0.14.bb b/poky/meta/recipes-devtools/python/python3-docutils_0.15.bb index 81a449d64..f5c3f5d70 100644 --- a/poky/meta/recipes-devtools/python/python3-docutils_0.14.bb +++ b/poky/meta/recipes-devtools/python/python3-docutils_0.15.bb @@ -7,12 +7,11 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=35a23d42b615470583563132872c97d6" DEPENDS = "python3" SRC_URI = "${SOURCEFORGE_MIRROR}/docutils/docutils-${PV}.tar.gz" -SRC_URI[md5sum] = "c53768d63db3873b7d452833553469de" -SRC_URI[sha256sum] = "51e64ef2ebfb29cae1faa133b3710143496eca21c530f3f71424d77687764274" +SRC_URI[md5sum] = "f51729f19e70a9dc4837433193a5e798" +SRC_URI[sha256sum] = "c35e87e985f70106f6f97e050f3bed990641e0e104566134b9cd23849a460e96" S = "${WORKDIR}/docutils-${PV}" inherit distutils3 BBCLASSEXTEND = "native" - diff --git a/poky/meta/recipes-devtools/python/python3-mako_1.0.10.bb b/poky/meta/recipes-devtools/python/python3-mako_1.0.10.bb deleted file mode 100644 index 17803f1b0..000000000 --- a/poky/meta/recipes-devtools/python/python3-mako_1.0.10.bb +++ /dev/null @@ -1,3 +0,0 @@ -inherit setuptools3 -require python-mako.inc - diff --git a/poky/meta/recipes-devtools/python/python-mako.inc b/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb index 20808fe5a..d2f5188cc 100644 --- a/poky/meta/recipes-devtools/python/python-mako.inc +++ b/poky/meta/recipes-devtools/python/python3-mako_1.0.14.bb @@ -2,14 +2,14 @@ SUMMARY = "Templating library for Python" HOMEPAGE = "http://www.makotemplates.org/" SECTION = "devel/python" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=1bb21fa2d2f7a534c884b990430a6863" +LIC_FILES_CHKSUM = "file://LICENSE;md5=df7e6c7c82990acf0228a55e00d29bc9" PYPI_PACKAGE = "Mako" -inherit pypi +inherit pypi setuptools3 -SRC_URI[md5sum] = "a94d376078dda65f834ea5049a81ebb5" -SRC_URI[sha256sum] = "7165919e78e1feb68b4dbe829871ea9941398178fa58e6beedb9ba14acf63965" +SRC_URI[md5sum] = "e162578170331f0cc6a4adb063c7c0f6" +SRC_URI[sha256sum] = "f5a642d8c5699269ab62a68b296ff990767eb120f51e2e8f3d6afb16bdb57f4b" RDEPENDS_${PN} = "${PYTHON_PN}-html \ ${PYTHON_PN}-netclient \ diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.2.0.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.2.0.bb deleted file mode 100644 index ed6832e4a..000000000 --- a/poky/meta/recipes-devtools/python/python3-pbr_5.2.0.bb +++ /dev/null @@ -1,5 +0,0 @@ -inherit setuptools3 -require python-pbr.inc -SRC_URI[md5sum] = "2bca008fd08d035a2f78c606d876a6db" -SRC_URI[sha256sum] = "d950c64aeea5456bbd147468382a5bb77fe692c13c9f00f0219814ce5b642755" - diff --git a/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb b/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb new file mode 100644 index 000000000..338ac8b70 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3-pbr_5.4.1.bb @@ -0,0 +1,5 @@ +inherit setuptools3 +require python-pbr.inc + +SRC_URI[md5sum] = "ab6e26026ab306989a636ec2d50a435a" +SRC_URI[sha256sum] = "0ca44dc9fd3b04a22297c2a91082d8df2894862e8f4c86a49dac69eae9e85ca0" diff --git a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.1.bb b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb index 8eda06e9e..05688be60 100644 --- a/poky/meta/recipes-devtools/python/python3-pygobject_3.32.1.bb +++ b/poky/meta/recipes-devtools/python/python3-pygobject_3.32.2.bb @@ -9,16 +9,16 @@ inherit gnomebase distutils3-base gobject-introspection upstream-version-is-even DEPENDS += "python3 glib-2.0" SRCNAME="pygobject" + SRC_URI = " \ http://ftp.gnome.org/pub/GNOME/sources/${SRCNAME}/${@gnome_verdir("${PV}")}/${SRCNAME}-${PV}.tar.xz \ file://0001-Do-not-build-tests.patch \ " +SRC_URI[md5sum] = "92ffa25351782feb96362f0dace2089f" +SRC_URI[sha256sum] = "c39ca2a28364b57fa00549c6e836346031e6b886c3ceabfd8ab4b4fed0a83611" UNKNOWN_CONFIGURE_WHITELIST = "introspection" -SRC_URI[md5sum] = "9d5dbca10162dd9b0d03fed0c6cf865d" -SRC_URI[sha256sum] = "32c99def94b8dea5ce9e4bc99576ef87591ea779b4db77cfdca7af81b76d04d8" - S = "${WORKDIR}/${SRCNAME}-${PV}" PACKAGECONFIG ??= "${@bb.utils.contains_any('DISTRO_FEATURES', [ 'directfb', 'wayland', 'x11' ], 'cairo', '', d)}" diff --git a/poky/meta/recipes-devtools/python/python3-scons-native_3.0.5.bb b/poky/meta/recipes-devtools/python/python3-scons-native_3.1.0.bb index 5cd595662..5cd595662 100644 --- a/poky/meta/recipes-devtools/python/python3-scons-native_3.0.5.bb +++ b/poky/meta/recipes-devtools/python/python3-scons-native_3.1.0.bb diff --git a/poky/meta/recipes-devtools/python/python3-scons_3.0.5.bb b/poky/meta/recipes-devtools/python/python3-scons_3.1.0.bb index 7fb75a627..f1545dade 100644 --- a/poky/meta/recipes-devtools/python/python3-scons_3.0.5.bb +++ b/poky/meta/recipes-devtools/python/python3-scons_3.1.0.bb @@ -4,8 +4,8 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=37bb53a08e6beaea0c90e7821d731284" SRC_URI = "${SOURCEFORGE_MIRROR}/scons/scons-${PV}.tar.gz" -SRC_URI[md5sum] = "9f9c163e8bd48cf8cd92f03e85ca6395" -SRC_URI[sha256sum] = "df676f23dc6d4bfa384fc389d95dcd21ab907e6349d4c848958ba4befb73c73e" +SRC_URI[md5sum] = "e2fe9d16f81b0285b969238af4b552ff" +SRC_URI[sha256sum] = "f3f548d738d4a2179123ecd744271ec413b2d55735ea7625a59b1b59e6cd132f" S = "${WORKDIR}/scons-${PV}" diff --git a/poky/meta/recipes-devtools/python/python3/0001-Use-FLAG_REF-always-for-interned-strings.patch b/poky/meta/recipes-devtools/python/python3/0001-Use-FLAG_REF-always-for-interned-strings.patch new file mode 100644 index 000000000..957839bf3 --- /dev/null +++ b/poky/meta/recipes-devtools/python/python3/0001-Use-FLAG_REF-always-for-interned-strings.patch @@ -0,0 +1,35 @@ +From 6c8ea7c1dacd42f3ba00440231ec0e6b1a38300d Mon Sep 17 00:00:00 2001 +From: Inada Naoki <songofacandy@gmail.com> +Date: Sat, 14 Jul 2018 00:46:11 +0900 +Subject: [PATCH] Use FLAG_REF always for interned strings + +Upstream-Status: Submitted [https://github.com/python/cpython/pull/8226] +Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> +--- + Python/marshal.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/Python/marshal.c b/Python/marshal.c +index 6d06266c6a..51db2e3b2e 100644 +--- a/Python/marshal.c ++++ b/Python/marshal.c +@@ -275,9 +275,14 @@ w_ref(PyObject *v, char *flag, WFILE *p) + if (p->version < 3 || p->hashtable == NULL) + return 0; /* not writing object references */ + +- /* if it has only one reference, it definitely isn't shared */ +- if (Py_REFCNT(v) == 1) ++ /* If it has only one reference, it definitely isn't shared. ++ * But we use TYPE_REF always for interned string, to PYC file stable ++ * as possible. ++ */ ++ if (Py_REFCNT(v) == 1 && ++ !(PyUnicode_CheckExact(v) && PyUnicode_CHECK_INTERNED(v))) { + return 0; ++ } + + entry = _Py_HASHTABLE_GET_ENTRY(p->hashtable, v); + if (entry != NULL) { +-- +2.21.0 + diff --git a/poky/meta/recipes-devtools/python/python3_3.7.3.bb b/poky/meta/recipes-devtools/python/python3_3.7.4.bb index 3409d94ba..a63abfd6c 100644 --- a/poky/meta/recipes-devtools/python/python3_3.7.3.bb +++ b/poky/meta/recipes-devtools/python/python3_3.7.4.bb @@ -26,6 +26,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-bpo-36852-proper-detection-of-mips-architecture-for-.patch \ file://crosspythonpath.patch \ file://reformat_sysconfig.py \ + file://0001-Use-FLAG_REF-always-for-interned-strings.patch \ " SRC_URI_append_class-native = " \ @@ -36,8 +37,8 @@ SRC_URI_append_class-nativesdk = " \ file://0001-main.c-if-OEPYTHON3HOME-is-set-use-instead-of-PYTHON.patch \ " -SRC_URI[md5sum] = "93df27aec0cd18d6d42173e601ffbbfd" -SRC_URI[sha256sum] = "da60b54064d4cfcd9c26576f6df2690e62085123826cff2e667e72a91952d318" +SRC_URI[md5sum] = "d33e4aae66097051c2eca45ee3604803" +SRC_URI[sha256sum] = "fb799134b868199930b75f26678f18932214042639cd52b16da7fd134cd9b13f" # exclude pre-releases for both python 2.x and 3.x UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar" diff --git a/poky/meta/recipes-devtools/python/python_2.7.16.bb b/poky/meta/recipes-devtools/python/python_2.7.16.bb index 5f387b8af..c093f84a3 100644 --- a/poky/meta/recipes-devtools/python/python_2.7.16.bb +++ b/poky/meta/recipes-devtools/python/python_2.7.16.bb @@ -30,10 +30,6 @@ SRC_URI += " \ file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ file://float-endian.patch \ file://0001-python2-use-cc_basename-to-replace-CC-for-checking-c.patch \ - file://bpo-35907-cve-2019-9948.patch \ - file://bpo-35907-cve-2019-9948-fix.patch \ - file://bpo-36216-cve-2019-9636.patch \ - file://bpo-36216-cve-2019-9636-fix.patch \ " S = "${WORKDIR}/Python-${PV}" diff --git a/poky/meta/recipes-devtools/qemu/qemu-native.inc b/poky/meta/recipes-devtools/qemu/qemu-native.inc index 34ab8e640..c04297cad 100644 --- a/poky/meta/recipes-devtools/qemu/qemu-native.inc +++ b/poky/meta/recipes-devtools/qemu/qemu-native.inc @@ -6,7 +6,6 @@ SRC_URI_append = " \ file://0011-fix-libcap-header-issue-on-some-distro.patch \ file://0012-cpus.c-Add-error-messages-when-qemi_cpu_kick_thread-.patch \ " -EXTRA_OECONF_append = " --python=python2.7" EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'" diff --git a/poky/meta/recipes-devtools/qemu/qemu.inc b/poky/meta/recipes-devtools/qemu/qemu.inc index ac475a8e2..7f0b3a7a7 100644 --- a/poky/meta/recipes-devtools/qemu/qemu.inc +++ b/poky/meta/recipes-devtools/qemu/qemu.inc @@ -5,7 +5,7 @@ LICENSE = "GPLv2 & LGPLv2.1" RDEPENDS_${PN}-ptest = "bash make" require qemu-targets.inc -inherit pkgconfig bluetooth ptest +inherit pkgconfig ptest LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \ file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f" @@ -24,6 +24,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \ file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \ file://0013-target-arm-Fix-vector-operation-segfault.patch \ + file://CVE-2019-12155.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" @@ -77,6 +78,8 @@ export LIBTOOL="${HOST_SYS}-libtool" B = "${WORKDIR}/build" +EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3" + do_configure_prepend_class-native() { # Append build host pkg-config paths for native target since the host may provide sdl BHOST_PKGCONFIG_PATH=$(PATH=/usr/bin:/bin pkg-config --variable pc_path pkg-config || echo "") @@ -148,7 +151,7 @@ PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo" PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl" PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls" PACKAGECONFIG[bzip2] = "--enable-bzip2,--disable-bzip2,bzip2" -PACKAGECONFIG[bluez] = "--enable-bluez,--disable-bluez,${BLUEZ}" +PACKAGECONFIG[bluez] = "--enable-bluez,--disable-bluez,bluez5" PACKAGECONFIG[libiscsi] = "--enable-libiscsi,--disable-libiscsi" PACKAGECONFIG[kvm] = "--enable-kvm,--disable-kvm" PACKAGECONFIG[virglrenderer] = "--enable-virglrenderer,--disable-virglrenderer,virglrenderer" diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch new file mode 100644 index 000000000..c49a5e9a2 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch @@ -0,0 +1,35 @@ +From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001 +From: Prasad J Pandit <pjp@fedoraproject.org> +Date: Thu, 25 Apr 2019 12:05:34 +0530 +Subject: [PATCH] qxl: check release info object + +When releasing spice resources in release_resource() routine, +if release info object 'ext.info' is null, it leads to null +pointer dereference. Add check to avoid it. + +Reported-by: Bugs SysSec <bugs-syssec@rub.de> +Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> +Message-id: 20190425063534.32747-1-ppandit@redhat.com +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-12155 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + hw/display/qxl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index c8ce5781e03..632923add23 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -777,6 +777,9 @@ static void interface_release_resource(QXLInstance *sin, + QXLReleaseRing *ring; + uint64_t *item, id; + ++ if (!ext.info) { ++ return; ++ } + if (ext.group_id == MEMSLOT_GROUP_HOST) { + /* host group -> vga mode update request */ + QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id); diff --git a/poky/meta/recipes-devtools/quilt/quilt-native_0.65.bb b/poky/meta/recipes-devtools/quilt/quilt-native_0.66.bb index 22374425f..22374425f 100644 --- a/poky/meta/recipes-devtools/quilt/quilt-native_0.65.bb +++ b/poky/meta/recipes-devtools/quilt/quilt-native_0.66.bb diff --git a/poky/meta/recipes-devtools/quilt/quilt.inc b/poky/meta/recipes-devtools/quilt/quilt.inc index dbf722be2..dcba62c84 100644 --- a/poky/meta/recipes-devtools/quilt/quilt.inc +++ b/poky/meta/recipes-devtools/quilt/quilt.inc @@ -13,8 +13,8 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/quilt/quilt-${PV}.tar.gz \ SRC_URI_append_class-target = " file://gnu_patch_test_fix_target.patch" -SRC_URI[md5sum] = "c67ba0228f5b7b8bbe469474661f92d6" -SRC_URI[sha256sum] = "f6cbc788e5cbbb381a3c6eab5b9efce67c776a8662a7795c7432fd27aa096819" +SRC_URI[md5sum] = "6800c2404a2c0598ab2eff92a636ba70" +SRC_URI[sha256sum] = "314b319a6feb13bf9d0f9ffa7ce6683b06919e734a41275087ea457cc9dc6e07" inherit autotools-brokensep ptest diff --git a/poky/meta/recipes-devtools/quilt/quilt/0001-tests-Allow-different-output-from-mv.patch b/poky/meta/recipes-devtools/quilt/quilt/0001-tests-Allow-different-output-from-mv.patch index 21219a0bb..6d0f4aedf 100644 --- a/poky/meta/recipes-devtools/quilt/quilt/0001-tests-Allow-different-output-from-mv.patch +++ b/poky/meta/recipes-devtools/quilt/quilt/0001-tests-Allow-different-output-from-mv.patch @@ -1,4 +1,4 @@ -From 1530138960cfafbeefb95f2a760954c00b4d0ef0 Mon Sep 17 00:00:00 2001 +From e9fa816677993e520adff8bba26cb3e71f5a6665 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen <jussi.kukkonen@intel.com> Date: Wed, 29 Mar 2017 15:11:59 +0300 Subject: [PATCH] tests: Allow different output from mv @@ -12,18 +12,18 @@ Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/failbackup.test b/test/failbackup.test -index 37046f7..fce6725 100644 +index 5f0f54f..0902b12 100644 --- a/test/failbackup.test +++ b/test/failbackup.test @@ -16,7 +16,7 @@ What happens when refresh fails because of a permission error? $ cat > test.txt < This is updated test.txt. $ quilt refresh --backup -- >~ mv: cannot move [`']?%{P}test.diff'? to [`']?%{P}test.diff~'?: Permission denied +- >~ mv: cannot move [`']?patches/test.diff'? to [`']?patches/test.diff~'?: Permission denied + >~ mv: .*: Permission denied $ echo %{?} > 1 -- -2.1.4 +2.17.1 diff --git a/poky/meta/recipes-devtools/quilt/quilt/run-ptest b/poky/meta/recipes-devtools/quilt/quilt/run-ptest index 4b808aee4..d2de5c855 100755 --- a/poky/meta/recipes-devtools/quilt/quilt/run-ptest +++ b/poky/meta/recipes-devtools/quilt/quilt/run-ptest @@ -2,7 +2,7 @@ THIS_SH=/bin/sh ln -sf /bin/ed /usr/bin/ed -/usr/sbin/adduser --disabled-password quilttest +/usr/sbin/adduser --disabled-password --gecos "" quilttest su -c "${THIS_SH} ./test.sh" quilttest /usr/sbin/deluser quilttest rm -f /usr/bin/ed diff --git a/poky/meta/recipes-devtools/quilt/quilt_0.65.bb b/poky/meta/recipes-devtools/quilt/quilt_0.66.bb index ff9726576..ff9726576 100644 --- a/poky/meta/recipes-devtools/quilt/quilt_0.65.bb +++ b/poky/meta/recipes-devtools/quilt/quilt_0.66.bb diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch new file mode 100644 index 000000000..758188779 --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch @@ -0,0 +1,75 @@ +From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Wed, 21 Sep 2016 23:35:50 -0700 +Subject: [PATCH] Remove offset pointer optimization in inftrees.c. + +inftrees.c was subtracting an offset from a pointer to an array, +in order to provide a pointer that allowed indexing starting at +the offset. This is not compliant with the C standard, for which +the behavior of a pointer decremented before its allocated memory +is undefined. Per the recommendation of a security audit of the +zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this tiny optimization was removed, in order +to avoid the possibility of undefined behavior. + +CVE: CVE-2016-9840 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + inftrees.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/zlib/inftrees.c b/zlib/inftrees.c +index 22fcd666..0d2670d5 100644 +--- a/zlib/inftrees.c ++++ b/zlib/inftrees.c +@@ -54,7 +54,7 @@ unsigned short FAR *work; + code FAR *next; /* next available space in table */ + const unsigned short FAR *base; /* base value table to use */ + const unsigned short FAR *extra; /* extra bits table to use */ +- int end; /* use base and extra for symbol > end */ ++ unsigned match; /* use base and extra for symbol >= match */ + unsigned short count[MAXBITS+1]; /* number of codes of each length */ + unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ + static const unsigned short lbase[31] = { /* Length codes 257..285 base */ +@@ -181,19 +181,17 @@ unsigned short FAR *work; + switch (type) { + case CODES: + base = extra = work; /* dummy value--not used */ +- end = 19; ++ match = 20; + break; + case LENS: + base = lbase; +- base -= 257; + extra = lext; +- extra -= 257; +- end = 256; ++ match = 257; + break; + default: /* DISTS */ + base = dbase; + extra = dext; +- end = -1; ++ match = 0; + } + + /* initialize state for loop */ +@@ -216,13 +214,13 @@ unsigned short FAR *work; + for (;;) { + /* create table entry */ + here.bits = (unsigned char)(len - drop); +- if ((int)(work[sym]) < end) { ++ if (work[sym] + 1 < match) { + here.op = (unsigned char)0; + here.val = work[sym]; + } +- else if ((int)(work[sym]) > end) { +- here.op = (unsigned char)(extra[work[sym]]); +- here.val = base[work[sym]]; ++ else if (work[sym] >= match) { ++ here.op = (unsigned char)(extra[work[sym] - match]); ++ here.val = base[work[sym] - match]; + } + else { + here.op = (unsigned char)(32 + 64); /* end of block */ diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch new file mode 100644 index 000000000..3942176de --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9841.patch @@ -0,0 +1,228 @@ +From 9aaec95e82117c1cb0f9624264c3618fc380cecb Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Wed, 21 Sep 2016 22:25:21 -0700 +Subject: [PATCH] Use post-increment only in inffast.c. + +An old inffast.c optimization turns out to not be optimal anymore +with modern compilers, and furthermore was not compliant with the +C standard, for which decrementing a pointer before its allocated +memory is undefined. Per the recommendation of a security audit of +the zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this "optimization" was removed, in order to +avoid the possibility of undefined behavior. + +CVE: CVE-2016-9841 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + zlib/inffast.c | 81 +++++++++++++++++++++---------------------------------- + 1 file changed, 31 insertions(+), 50 deletions(-) + +diff --git a/zlib/inffast.c b/zlib/inffast.c +index bda59ceb..f0d163db 100644 +--- a/zlib/inffast.c ++++ b/zlib/inffast.c +@@ -10,25 +10,6 @@ + + #ifndef ASMINF + +-/* Allow machine dependent optimization for post-increment or pre-increment. +- Based on testing to date, +- Pre-increment preferred for: +- - PowerPC G3 (Adler) +- - MIPS R5000 (Randers-Pehrson) +- Post-increment preferred for: +- - none +- No measurable difference: +- - Pentium III (Anderson) +- - M68060 (Nikl) +- */ +-#ifdef POSTINC +-# define OFF 0 +-# define PUP(a) *(a)++ +-#else +-# define OFF 1 +-# define PUP(a) *++(a) +-#endif +- + /* + Decode literal, length, and distance codes and write out the resulting + literal and match bytes until either not enough input or output is +@@ -96,9 +77,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + + /* copy state to local variables */ + state = (struct inflate_state FAR *)strm->state; +- in = strm->next_in - OFF; ++ in = strm->next_in; + last = in + (strm->avail_in - 5); +- out = strm->next_out - OFF; ++ out = strm->next_out; + beg = out - (start - strm->avail_out); + end = out + (strm->avail_out - 257); + #ifdef INFLATE_STRICT +@@ -119,9 +100,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + input data or output space */ + do { + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = lcode[hold & lmask]; +@@ -134,14 +115,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ? + "inflate: literal '%c'\n" : + "inflate: literal 0x%02x\n", here.val)); +- PUP(out) = (unsigned char)(here.val); ++ *out++ = (unsigned char)(here.val); + } + else if (op & 16) { /* length base */ + len = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (op) { + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + len += (unsigned)hold & ((1U << op) - 1); +@@ -150,9 +131,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + } + Tracevv((stderr, "inflate: length %u\n", len)); + if (bits < 15) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + here = dcode[hold & dmask]; +@@ -165,10 +146,10 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + dist = (unsigned)(here.val); + op &= 15; /* number of extra bits */ + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + if (bits < op) { +- hold += (unsigned long)(PUP(in)) << bits; ++ hold += (unsigned long)(*in++) << bits; + bits += 8; + } + } +@@ -196,30 +177,30 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + #ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR + if (len <= op - whave) { + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--len); + continue; + } + len -= op - whave; + do { +- PUP(out) = 0; ++ *out++ = 0; + } while (--op > whave); + if (op == 0) { + from = out - dist; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--len); + continue; + } + #endif + } +- from = window - OFF; ++ from = window; + if (wnext == 0) { /* very common case */ + from += wsize - op; + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -230,14 +211,14 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from end of window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); +- from = window - OFF; ++ from = window; + if (wnext < len) { /* some from start of window */ + op = wnext; + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } +@@ -248,35 +229,35 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + if (op < len) { /* some from window */ + len -= op; + do { +- PUP(out) = PUP(from); ++ *out++ = *from++; + } while (--op); + from = out - dist; /* rest from output */ + } + } + while (len > 2) { +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + else { + from = out - dist; /* copy direct from output */ + do { /* minimum length is three */ +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); +- PUP(out) = PUP(from); ++ *out++ = *from++; ++ *out++ = *from++; ++ *out++ = *from++; + len -= 3; + } while (len > 2); + if (len) { +- PUP(out) = PUP(from); ++ *out++ = *from++; + if (len > 1) +- PUP(out) = PUP(from); ++ *out++ = *from++; + } + } + } +@@ -313,8 +294,8 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */ + hold &= (1U << bits) - 1; + + /* update state and return */ +- strm->next_in = in + OFF; +- strm->next_out = out + OFF; ++ strm->next_in = in; ++ strm->next_out = out; + strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last)); + strm->avail_out = (unsigned)(out < end ? + 257 + (end - out) : 257 - (out - end)); diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch new file mode 100644 index 000000000..810d8a3fd --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9842.patch @@ -0,0 +1,33 @@ +From e54e1299404101a5a9d0cf5e45512b543967f958 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Sat, 5 Sep 2015 17:45:55 -0700 +Subject: [PATCH] Avoid shifts of negative values inflateMark(). + +The C standard says that bit shifts of negative integers is +undefined. This casts to unsigned values to assure a known +result. + +CVE: CVE-2016-9842 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + inflate.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/zlib/inflate.c b/zlib/inflate.c +index 2889e3a0..a7184167 100644 +--- a/zlib/inflate.c ++++ b/zlib/inflate.c +@@ -1506,9 +1506,10 @@ z_streamp strm; + { + struct inflate_state FAR *state; + +- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16; ++ if (strm == Z_NULL || strm->state == Z_NULL) ++ return (long)(((unsigned long)0 - 1) << 16); + state = (struct inflate_state FAR *)strm->state; +- return ((long)(state->back) << 16) + ++ return (long)(((unsigned long)((long)state->back)) << 16) + + (state->mode == COPY ? state->length : + (state->mode == MATCH ? state->was - state->length : 0)); + } diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch new file mode 100644 index 000000000..ea2e42fe7 --- /dev/null +++ b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9843.patch @@ -0,0 +1,53 @@ +From d1d577490c15a0c6862473d7576352a9f18ef811 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Wed, 28 Sep 2016 20:20:25 -0700 +Subject: [PATCH] Avoid pre-decrement of pointer in big-endian CRC calculation. + +There was a small optimization for PowerPCs to pre-increment a +pointer when accessing a word, instead of post-incrementing. This +required prefacing the loop with a decrement of the pointer, +possibly pointing before the object passed. This is not compliant +with the C standard, for which decrementing a pointer before its +allocated memory is undefined. When tested on a modern PowerPC +with a modern compiler, the optimization no longer has any effect. +Due to all that, and per the recommendation of a security audit of +the zlib code by Trail of Bits and TrustInSoft, in support of the +Mozilla Foundation, this "optimization" was removed, in order to +avoid the possibility of undefined behavior. + +CVE: CVE-2016-9843 +Upstream-Status: Backport +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + crc32.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/zlib/crc32.c b/zlib/crc32.c +index 979a7190..05733f4e 100644 +--- a/zlib/crc32.c ++++ b/zlib/crc32.c +@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len) + } + + /* ========================================================================= */ +-#define DOBIG4 c ^= *++buf4; \ ++#define DOBIG4 c ^= *buf4++; \ + c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \ + crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24] + #define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4 +@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len) + } + + buf4 = (const z_crc_t FAR *)(const void FAR *)buf; +- buf4--; + while (len >= 32) { + DOBIG32; + len -= 32; +@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len) + DOBIG4; + len -= 4; + } +- buf4++; + buf = (const unsigned char FAR *)buf4; + + if (len) do { diff --git a/poky/meta/recipes-devtools/rsync/rsync_3.1.3.bb b/poky/meta/recipes-devtools/rsync/rsync_3.1.3.bb index 29cb231f3..ffb1d061c 100644 --- a/poky/meta/recipes-devtools/rsync/rsync_3.1.3.bb +++ b/poky/meta/recipes-devtools/rsync/rsync_3.1.3.bb @@ -11,6 +11,10 @@ DEPENDS = "popt" SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://rsyncd.conf \ file://makefile-no-rebuild.patch \ + file://CVE-2016-9840.patch \ + file://CVE-2016-9841.patch \ + file://CVE-2016-9842.patch \ + file://CVE-2016-9843.patch \ " SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf" diff --git a/poky/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/poky/meta/recipes-devtools/ruby/ruby_2.5.5.bb index 519daf294..8ad59a765 100644 --- a/poky/meta/recipes-devtools/ruby/ruby_2.5.3.bb +++ b/poky/meta/recipes-devtools/ruby/ruby_2.5.5.bb @@ -6,8 +6,8 @@ SRC_URI += " \ file://run-ptest \ " -SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef" -SRC_URI[sha256sum] = "9828d03852c37c20fa333a0264f2490f07338576734d910ee3fd538c9520846c" +SRC_URI[md5sum] = "7e156fb526b8f4bb1b30a3dd8a7ce400" +SRC_URI[sha256sum] = "28a945fdf340e6ba04fc890b98648342e3cccfd6d223a48f3810572f11b2514c" # it's unknown to configure script, but then passed to extconf.rb # maybe it's not really needed as we're hardcoding the result with diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-mksquashfs.c-get-inline-functions-work-with-C99.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-mksquashfs.c-get-inline-functions-work-with-C99.patch deleted file mode 100644 index a5bab0544..000000000 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-mksquashfs.c-get-inline-functions-work-with-C99.patch +++ /dev/null @@ -1,154 +0,0 @@ -From ac6268e843c43286eebff2a1052182c2393cdb2e Mon Sep 17 00:00:00 2001 -From: Roy Li <rongqing.li@windriver.com> -Date: Mon, 14 Sep 2015 12:31:42 +0800 -Subject: [PATCH] mksquashfs.c: get inline functions work with both gnu11 and gnu89 - -Upstream-Status: Pending - -After gcc upgraded to gcc5, and if the codes is compiled without optimization(-O0), -and the below error will happen: - -| mksquashfs.o: In function `create_inode': -| git/squashfs-tools/mksquashfs.c:897: undefined reference to `get_inode_no' -| git/squashfs-tools/mksquashfs.c:960: undefined reference to `get_parent_no' -| git/squashfs-tools/mksquashfs.c:983: undefined reference to `get_parent_no' -| mksquashfs.o: In function `reader_read_process': -| git/squashfs-tools/mksquashfs.c:2132: undefined reference to `is_fragment' -| mksquashfs.o: In function `reader_read_file': -| git/squashfs-tools/mksquashfs.c:2228: undefined reference to `is_fragment' -| mksquashfs.o: In function `dir_scan': -| git/squashfs-tools/mksquashfs.c:3101: undefined reference to `create_dir_entry' - -gcc5 defaults to -std=gnu11 instead of -std=gnu89, and it requires that exactly one C -source file has the callable copy of the inline function. Consider the following -program: - - inline int - foo (void) - { - return 42; - } - - int - main (void) - { - return foo (); - } - -The program above will not link with the C99 inline semantics, because no out-of-line -function foo is generated. To fix this, either mark the function foo as static, or -add the following declaration: - static inline int foo (void); - -more information refer to: https://gcc.gnu.org/gcc-5/porting_to.html; - -but the use of "extern inline" will lead to the compilation issue if gcc is not -gcc5, as the commit in oe-core d0af30c92fde [alsa-lib: Change function type to -"static __inline__"] - "extern __inline__ function()" is the inlined version that - can be used in this compilation unit, but there will be another - definition of this function somewhere, so compiler will not emit - any code for the function body. This causes problem in -O0, - where functions are never inlined, the function call is preserved, - but linker can't find the symbol, thus the error happens. - -so replace "inline" with "static inline" to make it work with both gnu11 and gnu89 - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - squashfs-tools/mksquashfs.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/squashfs-tools/mksquashfs.c b/squashfs-tools/mksquashfs.c -index d221c35..6bba1d2 100644 ---- a/squashfs-tools/mksquashfs.c -+++ b/squashfs-tools/mksquashfs.c -@@ -828,13 +828,13 @@ char *subpathname(struct dir_ent *dir_ent) - } - - --inline unsigned int get_inode_no(struct inode_info *inode) -+static inline unsigned int get_inode_no(struct inode_info *inode) - { - return inode->inode_number; - } - - --inline unsigned int get_parent_no(struct dir_info *dir) -+static inline unsigned int get_parent_no(struct dir_info *dir) - { - return dir->depth ? get_inode_no(dir->dir_ent->inode) : inode_no; - } -@@ -2027,7 +2027,7 @@ struct file_info *duplicate(long long file_size, long long bytes, - } - - --inline int is_fragment(struct inode_info *inode) -+static inline int is_fragment(struct inode_info *inode) - { - off_t file_size = inode->buf.st_size; - -@@ -2996,13 +2996,13 @@ struct inode_info *lookup_inode2(struct stat *buf, int pseudo, int id) - } - - --inline struct inode_info *lookup_inode(struct stat *buf) -+static inline struct inode_info *lookup_inode(struct stat *buf) - { - return lookup_inode2(buf, 0, 0); - } - - --inline void alloc_inode_no(struct inode_info *inode, unsigned int use_this) -+static inline void alloc_inode_no(struct inode_info *inode, unsigned int use_this) - { - if (inode->inode_number == 0) { - inode->inode_number = use_this ? : inode_no ++; -@@ -3013,7 +3013,7 @@ inline void alloc_inode_no(struct inode_info *inode, unsigned int use_this) - } - - --inline struct dir_ent *create_dir_entry(char *name, char *source_name, -+static inline struct dir_ent *create_dir_entry(char *name, char *source_name, - char *nonstandard_pathname, struct dir_info *dir) - { - struct dir_ent *dir_ent = malloc(sizeof(struct dir_ent)); -@@ -3031,7 +3031,7 @@ inline struct dir_ent *create_dir_entry(char *name, char *source_name, - } - - --inline void add_dir_entry(struct dir_ent *dir_ent, struct dir_info *sub_dir, -+static inline void add_dir_entry(struct dir_ent *dir_ent, struct dir_info *sub_dir, - struct inode_info *inode_info) - { - struct dir_info *dir = dir_ent->our_dir; -@@ -3047,7 +3047,7 @@ inline void add_dir_entry(struct dir_ent *dir_ent, struct dir_info *sub_dir, - } - - --inline void add_dir_entry2(char *name, char *source_name, -+static inline void add_dir_entry2(char *name, char *source_name, - char *nonstandard_pathname, struct dir_info *sub_dir, - struct inode_info *inode_info, struct dir_info *dir) - { -@@ -3059,7 +3059,7 @@ inline void add_dir_entry2(char *name, char *source_name, - } - - --inline void free_dir_entry(struct dir_ent *dir_ent) -+static inline void free_dir_entry(struct dir_ent *dir_ent) - { - if(dir_ent->name) - free(dir_ent->name); -@@ -3080,7 +3080,7 @@ inline void free_dir_entry(struct dir_ent *dir_ent) - } - - --inline void add_excluded(struct dir_info *dir) -+static inline void add_excluded(struct dir_info *dir) - { - dir->excluded ++; - } --- -1.9.1 - diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch deleted file mode 100644 index 2261ea94b..000000000 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 3c0d67184d6edb63f3b7d6d5eb81531daa6388f3 Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Tue, 28 Aug 2018 16:25:36 +0800 -Subject: [PATCH] squashfs-tools: patch for CVE-2015-4645(6) - -Upstream-Status: Backport[https://github.com/devttys0/sasquatch/pull/ - 5/commits/6777e08cc38bc780d27c69c1d8c272867b74524f] - -CVE: CVE-2015-4645 CVE-2015-4646 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - squashfs-tools/unsquash-4.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/squashfs-tools/unsquash-4.c b/squashfs-tools/unsquash-4.c -index ecdaac7..692ae25 100644 ---- a/squashfs-tools/unsquash-4.c -+++ b/squashfs-tools/unsquash-4.c -@@ -31,9 +31,9 @@ static unsigned int *id_table; - int read_fragment_table_4(long long *directory_table_end) - { - int res, i; -- int bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); -- int indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); -- long long fragment_table_index[indexes]; -+ size_t bytes = SQUASHFS_FRAGMENT_BYTES(sBlk.s.fragments); -+ size_t indexes = SQUASHFS_FRAGMENT_INDEXES(sBlk.s.fragments); -+ long long *fragment_table_index; - - TRACE("read_fragment_table: %d fragments, reading %d fragment indexes " - "from 0x%llx\n", sBlk.s.fragments, indexes, -@@ -43,6 +43,11 @@ int read_fragment_table_4(long long *directory_table_end) - *directory_table_end = sBlk.s.fragment_table_start; - return TRUE; - } -+ -+ fragment_table_index = malloc(indexes*sizeof(long long)); -+ if(fragment_table_index == NULL) -+ EXIT_UNSQUASH("read_fragment_table: failed to allocate " -+ "fragment table index\n"); - - fragment_table = malloc(bytes); - if(fragment_table == NULL) --- -2.7.4 - diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/fix-compat.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/fix-compat.patch deleted file mode 100644 index 87c1e8cac..000000000 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/fix-compat.patch +++ /dev/null @@ -1,17 +0,0 @@ -include missing sys/stat.h for stat* function declarations - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: squashfs-tools/pseudo.c -=================================================================== ---- squashfs-tools.orig/pseudo.c -+++ squashfs-tools/pseudo.c -@@ -32,6 +32,7 @@ - #include <stdlib.h> - #include <sys/types.h> - #include <sys/wait.h> -+#include <sys/stat.h> - #include <ctype.h> - - #include "pseudo.h" diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch index 39521a7d8..f2e88f416 100644 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools/squashfs-tools-4.3-sysmacros.patch @@ -19,7 +19,7 @@ sys/types.h might not always include sys/sysmacros.h for major/minor/makedev #include "squashfs_fs.h" --- a/squashfs-tools/unsquashfs.c +++ b/squashfs-tools/unsquashfs.c -@@ -38,6 +38,10 @@ +@@ -40,6 +40,10 @@ #include <limits.h> #include <ctype.h> diff --git a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb index dc1568a77..ab2ff01b6 100644 --- a/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb +++ b/poky/meta/recipes-devtools/squashfs-tools/squashfs-tools_git.bb @@ -6,12 +6,9 @@ LICENSE = "GPL-2" LIC_FILES_CHKSUM = "file://../COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" PV = "4.3+gitr${SRCPV}" -SRCREV = "9c1db6d13a51a2e009f0027ef336ce03624eac0d" +SRCREV = "f95864afe8833fe3ad782d714b41378e860977b1" SRC_URI = "git://github.com/plougher/squashfs-tools.git;protocol=https \ - file://0001-mksquashfs.c-get-inline-functions-work-with-C99.patch;striplevel=2 \ file://squashfs-tools-4.3-sysmacros.patch;striplevel=2 \ - file://fix-compat.patch \ - file://0001-squashfs-tools-patch-for-CVE-2015-4645-6.patch;striplevel=2 \ " UPSTREAM_CHECK_COMMITS = "1" SRC_URI[lzma.md5sum] = "29d5ffd03a5a3e51aef6a74e9eafb759" @@ -24,13 +21,15 @@ COMPATIBLE_HOST_libc-musl = 'null' EXTRA_OEMAKE = "${PACKAGECONFIG_CONFARGS}" -PACKAGECONFIG ??= "gzip xz lzo lz4 lzma xattr" +PACKAGECONFIG ??= "gzip xz lzo lz4 lzma xattr reproducible" PACKAGECONFIG[gzip] = "GZIP_SUPPORT=1,GZIP_SUPPORT=0,zlib" PACKAGECONFIG[xz] = "XZ_SUPPORT=1,XZ_SUPPORT=0,xz" PACKAGECONFIG[lzo] = "LZO_SUPPORT=1,LZO_SUPPORT=0,lzo" PACKAGECONFIG[lz4] = "LZ4_SUPPORT=1,LZ4_SUPPORT=0,lz4" PACKAGECONFIG[lzma] = "LZMA_XZ_SUPPORT=1,LZMA_XZ_SUPPORT=0,xz" PACKAGECONFIG[xattr] = "XATTR_SUPPORT=1,XATTR_SUPPORT=0,attr" +PACKAGECONFIG[zstd] = "ZSTD_SUPPORT=1,ZSTD_SUPPORT=0,zstd" +PACKAGECONFIG[reproducible] = "REPRODUCIBLE_DEFAULT=1,REPRODUCIBLE_DEFAULT=0," do_compile() { oe_runmake mksquashfs unsquashfs diff --git a/poky/meta/recipes-devtools/strace/strace_4.26.bb b/poky/meta/recipes-devtools/strace/strace_4.26.bb index 3b61fc3ee..2688724e6 100644 --- a/poky/meta/recipes-devtools/strace/strace_4.26.bb +++ b/poky/meta/recipes-devtools/strace/strace_4.26.bb @@ -20,13 +20,13 @@ SRC_URI = "https://strace.io/files/${PV}/strace-${PV}.tar.xz \ SRC_URI[md5sum] = "daa51acc0c7c696221ec03cf0b30a7af" SRC_URI[sha256sum] = "7c4d2ffeef4f7d1cdc71062ca78d1130eb52f947c2fca82f59f6a1183bfa1e1c" -inherit autotools ptest bluetooth +inherit autotools ptest PACKAGECONFIG_class-target ??= "\ ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \ " -PACKAGECONFIG[bluez] = "ac_cv_header_bluetooth_bluetooth_h=yes,ac_cv_header_bluetooth_bluetooth_h=no,${BLUEZ}" +PACKAGECONFIG[bluez] = "ac_cv_header_bluetooth_bluetooth_h=yes,ac_cv_header_bluetooth_bluetooth_h=no,bluez5" PACKAGECONFIG[libunwind] = "--with-libunwind,--without-libunwind,libunwind" EXTRA_OECONF += "--enable-mpers=no" diff --git a/poky/meta/recipes-devtools/subversion/subversion_1.12.0.bb b/poky/meta/recipes-devtools/subversion/subversion_1.12.0.bb index f059ff9ff..3d0f3e688 100644 --- a/poky/meta/recipes-devtools/subversion/subversion_1.12.0.bb +++ b/poky/meta/recipes-devtools/subversion/subversion_1.12.0.bb @@ -19,6 +19,8 @@ SRC_URI[sha256sum] = "7fae7c73d8a007c107c0ae5eb372bc0bb013dbfe966fcd5c59cd5a195a inherit autotools pkgconfig gettext +CVE_PRODUCT = "apache:subversion" + PACKAGECONFIG ?= "" PACKAGECONFIG[sasl] = "--with-sasl,--without-sasl,cyrus-sasl" diff --git a/poky/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb index 5a81a8fdb..a4ac46c68 100644 --- a/poky/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb +++ b/poky/meta/recipes-devtools/unfs3/unfs3_git.bb @@ -3,24 +3,14 @@ SECTION = "console/network" LICENSE = "unfs3" LIC_FILES_CHKSUM = "file://LICENSE;md5=9475885294e17c0cc0067820d042792e" -# SVN support for upstream version check isn't implemented yet -RECIPE_UPSTREAM_VERSION = "0.9.22.r497" -RECIPE_UPSTREAM_DATE = "Oct 08, 2015" -CHECK_DATE = "Dec 10, 2015" - DEPENDS = "flex-native bison-native flex" DEPENDS += "libtirpc" DEPENDS_append_class-nativesdk = " flex-nativesdk" ASNEEDED = "" -MOD_PV = "497" -S = "${WORKDIR}/trunk" -# Only subversion url left in OE-Core, use a mirror tarball instead since -# this rarely changes. -# svn://svn.code.sf.net/p/unfs3/code;module=trunk;rev=${MOD_PV};protocol=http -# rename the tarball in mirror to avoid clash with user local svn tarball -SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/unfs3-0.9.22.r497.tar.gz \ +S = "${WORKDIR}/git" +SRC_URI = "git://github.com/unfs3/unfs3.git;protocol=https \ file://unfs3_parallel_build.patch \ file://alternate_rpc_ports.patch \ file://fix_pid_race_parent_writes_child_pid.patch \ @@ -31,8 +21,10 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/unfs3-0.9.22.r497.ta file://0001-daemon.c-Libtirpc-porting-fixes.patch \ file://0001-attr-fix-utime-for-symlink.patch \ " -SRC_URI[md5sum] = "2e43e471c77ade0331901c40b8f8e9a3" -SRC_URI[sha256sum] = "21009468a9ba07b72ea93780d025a63ab4e55bf8fc3127803c296f0900fe1bac" +SRCREV = "c12a5c69a8d59be6916cbd0e0f41c159f1962425" +UPSTREAM_CHECK_GITTAGREGEX = "unfs3\-(?P<pver>.+)" + +PV = "0.9.22+${SRCPV}" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb b/poky/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb index 85f0ff756..4e89c604d 100644 --- a/poky/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb +++ b/poky/meta/recipes-devtools/valgrind/valgrind_3.15.0.bb @@ -7,8 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://include/valgrind.h;beginline=1;endline=56;md5=ad3b317f3286b6b704575d9efe6ca5df \ file://COPYING.DOCS;md5=24ea4c7092233849b4394699333b5c56" -X11DEPENDS = "virtual/libx11" -DEPENDS = "${@bb.utils.contains('DISTRO_FEATURES', 'x11', '${X11DEPENDS}', '', d)} \ +DEPENDS = " \ ${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'boost', '', d)} \ " |