diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-05-16 04:57:59 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-05-16 05:15:53 +0300 |
commit | c342db356d4f451821781eb24eb9f3d39d6c0c5e (patch) | |
tree | 13ee73073b2cee7d49d389aead46dd210c693cae /poky/meta/recipes-extended | |
parent | 0dd04f33864280128a3d2869833d56fddad804d2 (diff) | |
download | openbmc-c342db356d4f451821781eb24eb9f3d39d6c0c5e.tar.xz |
subtree updates
poky: 4e511f0abc..a015ed7704:
Adrian Bunk (22):
gnutls: upgrade 3.6.5 -> 3.6.7
dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch
Set XZ_COMPRESSION_LEVEL to -9
gcc: Remove Java support variables
Use the best xz compression for the SDK
gnome-doc-utils: Remove stale patch
libxcrypt: Stop adding -std=gnu99 to CPPFLAGS
file: Stop adding -std=c99 to CFLAGS
gnu-efi: Remove support patch for gcc < 4.7
grub: Use -Wno-error instead of doing this on a per-warning basis
socat: upgrade 1.7.3.2 -> 1.7.3.3
bison: upgrade 3.0.4 -> 3.1
mmc-utils: update to the latest upstream code
cogl: upgrade 1.22.2 -> 1.22.4
cogl: remove -Werror=maybe-uninitialized workaround
libxcb: remove workaround patch for a bug that was fixed in gcc 5 in 2015
sysstat: inherit upstream-version-is-even
ccache: upgrade 3.6 -> 3.7.1
lttng-modules: upgrade 2.10.8 -> 2.10.9
iproute2: Remove bogus workaround patch for musl
openssl: Remove openssl10
Remove irda-utils and the irda feature
Alejandro Enedino Hernandez Samaniego (1):
run-postinsts: Fix full execution of scripts at first boot
Alejandro del Castillo (1):
opkg: add ptest
Alex Kiernan (12):
systemd-conf: simplify creation of machine-specific configuration
systemctl-native: Rewrite in Python supporting preset-all and mask
image: call systemctl preset-all for images
uboot-sign: Fix build when UBOOT_DTB_BINARY is empty
patchelf: Upgrade 0.9 -> 0.10
python3: Add ntpath.py to python core
go: Exclude vcs files when installing deps
recipetool: fix unbound variable when fixed SRCREV can't be found
systemd: Default to non-stateless images
systemd-systemctl: Restore support for enable command
systemd: Restore mask and preset targets, fix instance creation
shadow: Backport last change reproducibility
Alexander Kanavin (38):
python3: add a tr-tr locale for test_locale ptest
gobject-introspection: update to 1.60.1
dtc: upgrade 1.4.7 -> 1.5.0
webkitgtk: update to 2.24.0
libdazzle: update to 3.32.1
vala: update to 0.44.3
libdnf: update to 0.28.1
libcomps: upgrade 0.1.10 -> 0.1.11
dnf: upgrade 4.1.0 -> 4.2.2
btrfs-tools: upgrade 4.20.1 -> 4.20.2
meson: update to 0.50.0
libmodulemd: update to 2.2.3
at-spi2-core: fix meson 0.50 build
ffmpeg: update to 4.1.3
python: update to 2.7.16
python: update to 3.7.3
python-numpy: update to 1.16.2
icu: update to 64.1
epiphany: update to 3.32.1.2
python3: add another multilib fix
meson: do not try to substitute the prefix in python supplied paths
python3-pygobject: update to 3.32.0
meson: add missing Upstream-Status and SOB to a patch
acpica: update to 20190405
msmtp: fix upstream version check
python-scons: update to 3.0.5
python-setuptools: update to 41.0.1
python3-mako: update to 1.0.9
python3-pbr: update to 5.1.3
python3-pip: update to 19.0.3
buildhistory: call a dependency parser only on actual dependency lists
gtk-doc.bbclass: unify option setting for meson-based recipes
python3-pycairo: update to 1.18.1
maintainers.inc: take over as perl maintainer
xorg-lib: drop native overrides for REQUIRED_DISTRO_FEATURES
meson: update to 0.50.1
perl: update to 5.28.2
packagegroup-self-hosted: drop epiphany
Alistair Francis (5):
u-boot: Upgrade from 2019.01 to 2019.04
beaglebone-yocto: Update u-boot config to match u-boot 19.04
u-boot: Fix missing Python.h build failure
libsoup: Upgrade from 2.64.2 to 2.66.1
qemu: Upgrade from 3.1.0 to 4.0.0
Andre Rosa (1):
bitbake: utils: Let mkdirhier fail if existing path is not a folder
Andreas Müller (17):
gobject-introspection: auto-enable/-disable gobject-introspection for meson
libmodulemd: use gobject-introspection.bbclass on/off mechanism
gdk-pixbuf: use gobject-introspection.bbclass on/off mechanism
json-glib: use gobject-introspection.bbclass on/off mechanism
libdazzle: use gobject-introspection.bbclass on/off mechanism
clutter-gtk-1.0: use gobject-introspection.bbclass on/off mechanism
pango: use gobject-introspection.bbclass on/off mechanism
at-spi2-core: use gobject-introspection.bbclass on/off mechanism
atk: use gobject-introspection.bbclass on/off mechanism
libsoup-2.4: use gobject-introspection.bbclass on/off mechanism
glib-networking: upgrade 2.58.0 -> 2.60.1
gst-plugins: move 'inherit gobject-introspection' to recipes supporting GI
gstreamer1.0-python: rework gobject-introspection handling
insane.bbclass: Trigger unrecognzed configure option for meson
vte: upgrade 0.52.2 -> 0.56.1
vte: move shell auto scripts into seperate package
qemu: split out vte into seperate PACKAGECONFIG
Andreas Obergschwandtner (1):
uboot-sign: add support for different u-boot configurations
Andrej Valek (2):
dropbear: update to 2019.78
systemd: upgrade to 242
Angus Lees (1):
Revert "wic: Set a miniumum FAT16 volume size."
Anuj Mittal (4):
gcc: fix CVE-2018-18484
gdb: fix CVE-2017-9778
binutils: fix CVE-2019-9074 CVE-2019-9075 CVE-2019-9076 CVE-2019-9077
openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111
Armin Kuster (8):
resulttool: add ltp test support
logparser: Add decoding ltp logs
ltp: add runtime test
resulttool: add LTP compliance section
logparser: Add LTP compliance section
ltp_compliance: add new runtime
manual compliance: remove bits done at runtime
nss: cleanup recipe to match OE style
Beniamin Sandu (1):
kernel-devsrc: check for localversion files in the kernel source tree
Breno Leitao (3):
weston-init: Fix tab indentation
weston-init: Add support for non-root start
weston-init: Fix WESTON_USER typo
Bruce Ashfield (8):
linux-yocto/5.0: update to v5.0.5
linux-yocto-rt: update to 5.0.5-rt3
linux-yocto/5.0: update to v5.0.7
linux-yocto/4.19: update to v4.19.34
linux-yocto-rt/4.19: fix merge conflict in lru_drain
linux-yocto/5.0: port RAID configuration tweaks from master
linux-yocto/5.0: integrate TCP timeout / hang fix
linux-yocto/5.0: update TCP patch to mainline version
Changhyeok Bae (2):
iw: upgrade 4.14 -> 5.0.1
iptables: upgrade 1.6.2 -> 1.8.2
Changqing Li (11):
ruby: make ext module fiddle can compile success
ruby: add ptest
cogl: fix compile error caused by -Werror=maybe-uninitialized
systemd: change default locale from C.UTF-8 to C
m4: add ptest support
gettext: add ptest support
waffle: supprt build waffle without x11
piglit: support build piglit without x11
dbus: fix ptest failure
populate_sdk_base: provide options to set sdk type
python3: fix do_install fail for parallel buiild
Chee Yang Lee (1):
wic/bootimg-efi: replace hardcoded volume name with label
Chen Qi (9):
runqemu: do not check return code of tput
busybox: fix ptest failure about 'dc'
base-files: move hostname operations out of issue file settings
webkitgtk: set CVE_PRODUCT
dropbear: set CVE_PRODUCT
libsdl: set CVE_PRODUCT
ghostscript: set CVE_PRODUCT
flac: also add flac to CVE_PRODUCT
squashfs-tools: set CVE_PRODUCT
David Reyna (1):
bitbake: toaster: update to Warrior
Dengke Du (2):
perf: workaround the error cased by maybe-uninitialized warning
linux-yocto_5.0: set devicetree for armv5
Denys Dmytriyenko (1):
weston: upgrade 5.0.0 -> 6.0.0
Douglas Royds (2):
distutils: Run python from the PATH in the -native case as well
distutils: Tidy and simplify for readability
Fabio Berton (1):
mesa: Update 19.0.1 -> 19.0.3
He Zhe (2):
ltp: Fix setrlimit03 call succeeded unexpectedly
systemd: Bump up SRCREV to systemd-stable top to include the fix for shutdown now hang
Hongxu Jia (15):
image_types.bbclass: fix a race between the ubi and ubifs FSTYPES
cpio/tar/native.bbclass: move rmt to sbindir and add a prefix to avoid native clashing
acpica: use update-alternatives for acpidump
apr: upgrade 1.6.5 -> 1.7.0
man-pages: upgrade 4.16 -> 5.01
man-db: upgrade 2.8.4 -> 2.8.5
bash: upgrade 4.4.18 -> 5.0
ncurses: fix incorrect UPSTREAM_CHECK_GITTAGREGEX
gpgme: upgrade 1.12.0 -> 1.13.0
subversion: upgrade 1.11.1 -> 1.12.0
groff: upgrade 1.22.3 -> 1.22.4
libxml2: upgrade 2.9.8 -> 2.9.9
ghostscript: 9.26 -> 9.27
groff: imporve musl support
oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd
Jacob Kroon (3):
grub-efi-native: Install grub-editenv
bitbake: knotty: Pretty print task elapsed time
base-passwd: Add kvm group
Jaewon Lee (1):
Adding back wrapper and using OEPYTHON3HOME variable for python3
Jens Rehsack (1):
kernel-module-split.bbclass: support CONFIG_MODULE_COMPRESS=y
Jonas Bonn (3):
systemd: don't build firstboot by default
systemd: do not create machine-id
systemd: create preset files instead of installing in image
Joshua Watt (6):
classes/waf: Set WAFLOCK
resulttool: Load results from URL
resulttool: Add log subcommand
qemux86: Allow higher tunes
bitbake.conf: Account for older versions of bitbake
resulttool: Add option to dump all ptest logs
Kai Kang (5):
msmtp: 1.6.6 -> 1.8.3
cryptodev: fix module loading error
target-sdk-provides-dummy: resolve sstate conflict
bitbake.conf: set NO_RECOMMENDATIONS with weak assignment
webkitgtk: fix compile error for arm64
Kevin Hao (1):
meta-yocto-bsp: Bump to the latest stable kernel for all the BSP
Khem Raj (9):
gcc-cross-canadian: Make baremetal specific code generic
musl: Upgrade to master past 1.1.22
webkitgtk: Fix build with clang
mdadm: Disable Werror
gcc-target: Do not set --with-sysroot and gxx-include-dir paths
systemd: Add -Wno-error=format-overflow to fix build with gcc9
systemd: Backport patch to fix build with gcc9
libgfortan: Package target gcc include directory to fix
gcc-9: Add recipes for gcc 9.1 release
Lei Maohui (2):
dnf: Enable nativesdk
icu: Added armeb support.
Lei Yang (1):
recipetool: add missed module
Luca Boccassi (1):
systemd: add cgroupv2 PACKAGECONFIG
Mardegan, Alberto (1):
oeqa/core/runner: dump stdout and stderr of each test case
Mariano Lopez (5):
update-alternatives.bbclass: Add function to get metadata
ptest.bbclass: Add feature to populate a binary directory
util-linux: Use PTEST binary directory
busybox: Use PTEST binary directory
ptest.bbclass: Use d.getVar instead of os.environ
Martin Jansa (6):
connman: add PACKAGECONFIG for nfc, fix MACHINE_ARCH signature when l2tp is enabled
icecc.bbclass: stop causing everything to be effectivelly MACHINE_ARCH
glibc: always use bfd linker
opkg: fix ptest packaging when OPKGLIBDIR == libdir
kexec-tools: refresh patches with devtool
perf: make sure that the tools/include/uapi/asm-generic directory exists
Matthias Schiffer (1):
systemd: move "machines" symlinks to systemd-container
Max Kellermann (2):
useradd-staticids: print exception after parse_args() error
initrdscripts: merge multiple "mkdir" calls
Michael Scott (2):
kernel-fitimage: support RISC-V
procps: update legacy sysctl.conf to fix rp_filter sysctl issue
Mikko Rapeli (3):
elfutils: remove Elfutils-Exception and include GPLv2 for shared libraries
oeqa/sdk: use bash to execute SDK test commands
openssh: recommend rng-tools with sshd
Mingli Yu (6):
nettle: fix ptest failure
elfutils: add ptest support
elfutils: fix build failure with musl
gcc-sanitizers: fix -Werror=maybe-uninitialized issue
nettle: fix the Segmentation fault
nettle: fix ptest failure
Nathan Rossi (1):
ccmake.bbclass: Fix up un-escaped quotes in output formatting
Naveen Saini (5):
core-image-rt: make sure that we append to DEPENDS
core-image-rt-sdk: make sure that we append to DEPENDS
bitbake.conf: add git-lfs to HOSTTOOLS_NONFATAL
bitbake: bitbake: fetch2/git: git-lfs check
linux-yocto: update genericx86* SRCREV for 4.19
Oleksandr Kravchuk (52):
iproute2: update to 5.0.0
curl: update to 7.64.1
libxext: update to 1.3.4
x11perf: update to 1.6.1
libxdmcp: update to 1.1.3
libxkbfile: update 1.1.0
libxvmc: update to 1.0.11
libxrandr: update to 1.5.2
connman: update to 1.37
ethtool: update to 5.0
tar: update to 1.32
ffmpeg: update to 4.1.2
librepo: update to 1.9.6
libxmu: update to 1.1.3
libxcrypt: update to 4.4.4
wget: update to 1.20.2
libsecret: 0.18.8
createrepo-c: update to 0.12.2
libinput: update to 1.13.0
cronie: update to 1.5.4
libyaml: update to 0.2.2
fontconfig: update to 2.13.1
makedepend: update to 1.0.6
libdrm: update to 2.4.98
libinput: update to 1.13.1
libnotify: update to 0.7.8
libpng: update to 1.6.37
libcroco: update to 0.6.13
libpsl: update to 0.21.0
git: update to 2.21.0
quota: update to 4.05
gnupg: update to 2.2.15
lz4: update to 1.9.0
orc: update to 0.4.29
help2man-native: update to 1.47.10
cups: update to 2.2.11
pixman: update to 0.38.4
libcap: update to 2.27
ninja: add Upstream-Status and SOB for musl patch
python-numpy: update to 1.16.3
python3-pygobject: update to 3.32.1
wget: update to 1.20.3
libsolv: update to 0.7.4
ell: add recipe
sqlite3: update to 3.28.0
kmscube: update to latest revision
coreutils: update to 8.31
mtools: update to 4.0.23
msmtp: update to 1.8.4
wpa-supplicant: update to 2.8
bitbake.conf: use https instead of http
ell: update to 0.20
Paul Barker (3):
oe.path: Add copyhardlink() helper function
license_image: Use new oe.path.copyhardlink() helper
gdb: Fix aarch64 build with musl
Peter Kjellerstedt (1):
systemd: Use PACKAGECONFIG definition to depend on libnss-myhostname
Randy MacLeod (5):
valgrind: update from 3.14.0 to 3.15.0
valgrind: fix vg_regtest return code
valgrind: update the ptest subdirs list
valgrind: adjust test filters and expected output
valgrind: fix call/cachegrind ptests
Richard Purdie (52):
pseudo: Update to gain key bugfixes
python3: Avoid hanging tests
python3: Fix ptest output parsing
go.bbclass: Remove unused override
goarch.bbclass: Simplify logic
e2fsprogs: Skip slow ptest tests
bitbake: bitbake: Update version to 1.42.0
poky.conf: Bump version for 2.7 warrior release
build-appliance-image: Update to warrior head revision
bitbake: bitbake: Post release version bumnp to 1.43
poky.conf: Post release version bump
build-appliance-image: Update to master head revision
Revert "nettle: fix ptest failure"
core-image-sato-sdk-ptest: Try and keep image below 4GB limit
core-image-sato-ptest-fast: Add 'fast' ptest execution image
core-image-sato-sdk-ptest: Include more ptests in ptest image
core-image-sato-sdk-ptest: Add temporary PROVIDES core-image-sato-ptest
resultool/resultutils: Fix module import error
lttng-tools: Add missing patch Upstream-Status
utils/multiprocess_launch: Improve failing subprocess output
python3: Drop ptest hack
ptest-packagelists: Add m4 and gettext as 'fast' ptests
bitbake: knotty: Implement console 'keepalive' output
bitbake: build: Ensure warning for invalid task dependencies is useful
bitbake: build: Disable warning about dependent tasks for now
oeqa/ssh: Avoid unicode decode exceptions
elfutils: ptest fixes
elfutils: Fix ptest compile failures on musl
bitbake: bitbake: Add initial pass of SPDX license headers to source code
bitbake: bitbake: Drop duplicate license boilerplace text
bitbake: bitbake: Strip old editor directives from file headers
bitbake: HEADER: Drop it
openssh/systemd/python/qemu: Fix patch Upstream-Status
scripts/pybootchart: Fix mixed indentation
scripts/pybootchart: Port to python3
scripts/pybootchart/draw: Clarify some variable names
scripts/pybootchart/draw: Fix some bounding problems
coreutils: Fix patch upstream status field
oeqa: Drop OETestID
meta/lib+scripts: Convert to SPDX license headers
oeqa/core/runner: Handle unexpectedSucesses
oeqa/systemd_boot: Drop OETestID
oeqa/runner: Fix subunit setupClass/setupModule failure handling
oeqa/concurrenttest: Patch subunit module to handle classSetup failures
tcmode-default: Add PREFERRED_VERSION for libgfortran
oeqa/selftest: Automate manual pybootchart tests
openssh: Avoid PROVIDES warning from rng-tools dependency
oeqa/target/ssh: Replace suggogatepass with ignoring errors
core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit
valgrind: Include debugging symbols in ptests
dbus-test: Improve ptest dependencies dependencies
ptest: Add RDEPENDS frpm PN-ptest to PN package
Robert Joslyn (1):
qemu: Add PACKAGECONFIG for snappy
Robert Yang (6):
bitbake: bitbake-diffsigs: Use 4 spaces as indent for recursecb
bitbake: bb: siggen: Make dump_sigfile and compare_sigfiles print uuid4
bitbake: bb: siggen: Print more info when basehash are mis-matched
bitbake: BBHandler: Fix addtask and deltask
bitbake: build.py: check dependendent task for addtask
bitbake: tests/parse.py: Add testcase for addtask and deltask
Ross Burton (14):
lttng-tools: fix Upstream-Status
acpica: upgrade to 20190215
staging: add ${datadir}/gtk-doc/html to the sysroot blacklist
mpg123: port to use libsdl2
meta-poky: remove obsolete DISTRO_FEATURES_LIBC
m4: update patch status
packagegroup-core-full-cmdline: remove zlib
wic: change expand behaviour to match docs
wic: add global debug option
gtk-icon-cache: clean up DEPENDS
patch: add minver and maxver parameters
glib-2.0: fix locale handling
glib-2.0: add missing locales for the tests
glib-2.0: fix last failing ptest
Scott Rifenbark (34):
bitbake: poky.ent: Removed "ECLIPSE" entity variables.
bitbake: bitbake-user-manual: Added section on modifying variables
Makefile: Removed Eclipse support
Documentation: Removed customization.xsl files for Eclipse
mega-manual: Removed two Eclipse figures from tarball list
mega-manual, overview-manual: Added updated index releases figure
poky.ent: Removed Eclipse related variables.
mega-manual: Removed the Eclipse chapters
dev-manual: Removed all references to Eclipse.
overview-manual: Removed all references to Eclipse
profile-manual: Removed all references to Eclipse
ref-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
sdk-manual: Removed all references to Eclipse
dev-manual; brief-yoctoprojectqs: Updated checkout branch example
dev-manual: Added reasoning blurb to "Viewing Variables" section.
ref-manual: Inserted Migration 2.7 section.
ref-manual: Added Eclipse removal for migration section.
ref-manual: Added "License Value Corrections to migration.
ref-manual: Added Fedora 29 to the supported distros list.
poky.ent: changed 2.7 release variable date to "May 2019"
ref-manual: Review comments applied to 2.7 migration section.
documentation: Prepared for 2.8 release
bsp-guide: Removed inaccurate "container layer" references.
ref-manual: Updated the "Container Layer" term.
bsp-guide: Updated the "beaglebone-yocto.conf" example.
documentation: Cleaned up "plug-in"/"plugin" terminology.
bsp-guide: Updated the BSP kernel recipe example.
ref-manual: Updated PREFERRED_VERSION variable to use 5.0
bsp-guide: More corrections to the BSP Kernel Recipe example
dev-manual: Added cross-link to "Fetchers" section in BB manual.
bitbake: bitbake-user-manual: Added npm to other fetcher list.
overview-manual: Updated SMC section to link to fetchers
ref-manual: Added "npm" information to the SRC_URI variable.
Stefan Kral (1):
bitbake: build: Add verbnote to shell log commands
Stefan Müller-Klieser (1):
cml1.bbclass: fix undefined behavior
Steven Hung (洪于玉) (1):
kernel.bbclass: convert base_do_unpack_append() to a task
Tom Rini (2):
vim: Rework to not rely on relative directories
vim: Update to 8.1.1240
Wenlin Kang (1):
systemd: install libnss-myhostname.so when myhostname be enabled
Yeoh Ee Peng (1):
resulttool/manualexecution: Refactor and remove duplicate code
Yi Zhao (2):
harfbuzz: update source checksums after upstream replaced the tarball
libyaml: update SRC_URI[md5sum] and SRC_URI[sha256sum]
Ying-Chun Liu (PaulLiu) (1):
uboot-sign: Fix u-boot-nodtb symlinks
Zang Ruochen (10):
libatomic-ops:upgrade 7.6.8 -> 7.6.10
libgpg-error:upgrade 1.35 -> 1.36
libxft:upgrade 2.3.2 -> 2.3.3
libxxf86dga:upgrade 1.1.4 -> 1.1.5
nss:upgrade 3.42.1 -> 3.43
sysprof:upgrade 3.30.2 -> 3.32.0
libtirpc:upgrade 1.0.3 -> 1.1.4
xtrans:upgrade 1.3.5 -> 1.4.0
harfbuzz:upgrade 2.3.1 -> 2.4.0
icu: Upgrade 64.1 -> 64.2
Zheng Ruoqin (1):
sanity: check_perl_modules bug fix
sangeeta jain (1):
resulttool/manualexecution: Enable test case configuration option
meta-openembedded: 4a9deabbc8..1ecd8b4364:
Adrian Bunk (34):
linux-atm: Remove DEPENDS on virtual/kernel and PACKAGE_ARCH
linux-atm: Replace bogus on_exit removal with musl-specific hack
ledmon: Mark as incompatible on musl instead of adding bogus patch
efivars: Drop workaround patch for host gcc < 4.7
sshfs-fuse: upgrade 2.8 -> 2.10
wv: upgrade 1.2.4 -> 1.2.9
caps: Upgrade 0.9.24 -> 0.9.26
dvb-apps: Remove dvb-fe-xc5000c-4.1.30.7.fw
schroedinger: Remove the obsolete DEPENDS on liboil
vlc: Remove workaround and patches for problems fixed upstream
Remove liboil
dnrd: Remove stale files of recipe removed 2 years ago
postfix: Upgrade 3.4.1 -> 3.4.5
pptp-linux: Upgrade 1.9.0 -> 1.10.0
dovecot: Upgrade 2.2.36 -> 2.2.36.3
postgresql: Upgrade 11.2 -> 11.3
rocksdb: Upgrade 5.18.2 -> 5.18.3
cloud9: Remove stale files of recipe removed 2 years ago
fluentbit: Upgrade 0.12.1 -> 0.12.19
libcec: Upgrade 4.0.2 -> 4.0.4
libqb: Upgrade 1.0.3 -> 1.0.5
openwsman: Upgrade 2.6.8 -> 2.6.9
glm: Upgrade 0.9.9.3 -> 0.9.9.5
fvwm: Upgrade 2.6.7 -> 2.6.8
augeas: Upgrade 1.11.0 -> 1.12.0
ccid: Upgrade 1.4.24 -> 1.4.30
daemonize: Upgrade 1.7.7 -> 1.7.8
inotify-tools: Upgrade 3.14 -> 3.20.1
liboop: Upgrade 1.0 -> 1.0.1
ode: Remove stale file of recipe removed 2 years ago
openwbem: Remove stale files of recipe removed 2 years ago
catch2: Upgrade 2.6.1 -> 2.7.2
geos: Upgrade 3.4.2 -> 3.4.3
rdfind: Upgrade 1.3.4 -> 1.4.1
Akshay Bhat (3):
python-urllib3: Set CVE_PRODUCT
python3-pillow: Set CVE_PRODUCT
python-requests: Set CVE_PRODUCT
Alistair Francis (3):
mycroft: Update the systemd service to ensure we are ready to start
mycroft: Bump from 19.2.2 to 19.2.3
python-obd: Add missing RDEPENDS
Andreas Müller (33):
gvfs: remove executable permission from systemd user services
udisks2: upgrade 2.8.1 -> 2.8.2
parole: upgrade 1.0.1 -> 1.0.2
ristretto: upgrade 0.8.3 -> 0.8.4
networkmanager: rework musl build
gvfs: remove systemd user unit executable permission adjustment
fltk: upgrade 1.3.4-2 -> 1.3.5
samba: install bundled libs into seperate packages
samba: rework localstatedir package split
fluidsynth: upgrade 2.0.4 -> 2.0.5
xfce4-vala: auto-detect vala api version
gnome-desktop3: set correct meson gtk doc option
vlc: rework qt PACKAGECONFIG
evince: add patch to fix build with recent gobject-introspection
xfce4-cpufreq-plugin: Fix memory leak and reduce CPU load
packagegroup-meta-networking: replace DISTRO_FEATURE by DISTRO_FEATURES
meta-xfce: add meta-networking to layer depends
gtksourceview4: initial add 4.2.0
gtksourceview-classic-light: extend to gtksourceview4
itstool: rework - it went out too early
fontforge: upgrade 20170731 -> 20190413
exo: upgrade 0.12.4 -> 0.12.5
xfce4-places-plugin: upgrade 1.7.0 -> 1.8.0
xfce4-datetime-plugin: upgrade 0.7.0 -> 0.7.1
xfce4-notifyd: upgrade 0.4.3 -> 0.4.4
desktop-file-utils: remove - a more recent version is in oe-core
libwnck3: upgrade 3.30.0 and move to meson build
xfce4-terminal: add vte-prompt to RRECOMMENDS
xfce4-session: get rid of machine-host
xfce4-session: remove strange entry in FILES_${PN}
libxfce4ui: Add PACKAGECONFIG 'gladeui2' for glade (gtk3) support
glade3: move to to meta-xfce
Remove me as maintainer
Andrej Valek (2):
squid: upgrade squid 3.5.28 -> 4.6
ntp: upgrade 4.2.8p12 -> 4.2.8p13
Ankit Navik (1):
libnfc: Initial recipe for Near Field Communication library.
Armin Kuster (1):
meta-filesystems: drop bitbake from README
Changqing Li (5):
gd: fix compile error caused by -Werror=maybe-uninitialized
apache2: add back patch for set perlbin
php: upgrade 7.3.2 -> 7.3.4
postgresql: fix compile error
php: correct httpd path
Chris Garren (1):
python-cryptography: Move linker flag to .inc
Denys Dmytriyenko (1):
v4l-utils: upgrade 1.16.0 -> 1.16.5
Gianfranco Costamagna (1):
cpprest: update to 2.10.13, drop 32bit build fix upstream
Hains van den Bosch (1):
libcdio: update to version 2.1.0
Hongxu Jia (1):
pmtools: use update-alternatives for acpidump
Hongzhi.Song (1):
lua: upgrade from v5.3.4 to v5.3.5
Ivan Maidanski (1):
bdwgc: upgrade 7.6.12 -> 8.0.4
Johannes Pointner (1):
samba: update to 4.8.11
Kai Kang (3):
gvfs: fix typo libexec
drbd: fix compile errors
drbd-utils: fix file conflict with base-files
Khem Raj (3):
redis: Upgrade to 4.0.14
squid: Link with libatomic on mips/ppc
cpupower: Inherit bash completion class
Leon Anavi (1):
openbox: Add python-shell as a runtime dependency
Liwei Song (1):
ledmon: control hard disk led for RAID arrays
Mark Asselstine (1):
xfconf: fix 'Failed to get connection to xfconfd' during do_rootfs
Martin Jansa (13):
ftgl: add x11 to required DISTRO_FEATURES like freeglut
libforms: add x11 to required DISTRO_FEATURES because of libx11
Revert "ell: remove recipe"
ne10: set NE10_TARGET_ARCH with an override instead of anonymous python
libopus: use armv7a, aarch64 overrides when adding ne10 dependency
esound: fix SRC_URI for multilib
opusfile: fix SRC_URI for multilib
miniupnpd: fix SRC_URI for multilib
zbar: fix SRC_URI for multilib
libvncserver: set PV in the recipe
efivar: prevent native efivar depending on target kernel
libdbi-perl: prevent native libdbi-perl depending on target perl
aufs-util: prevent native aufs-util depending on target kernel
Ming Liu (1):
libmodbus: add documentation PACKAGECONFIG
Mingli Yu (6):
indent: Upgrade to 2.2.12
hostapd: Upgrade to 2.8
hwdata: Upgrade to 0.322
rrdtool: Upgrade to 1.7.1
libdev-checklib-perl: add new recipe
libdbd-mysql-perl: Upgrade to 4.050
Nathan Rossi (1):
fatresize_1.0.2.bb: Add recipe for fatresize command line tool
Nicolas Dechesne (3):
cpupower: remove LIC_FILES_CHKSUM
bpftool: remove LIC_FILES_CHKSUM
cannelloni: move from meta-oe to meta-networking
Oleksandr Kravchuk (38):
smcroute: update to 2.4.4
phytool: update to v2
fwknop: update to 2.6.10
cifs-utils: update to 6.9
keepalived: update to 2.0.15
usbredir: update to 0.8.0
open-isns: update to 0.99
nanomsg: update to 1.1.5
stunnel: update to 5.51
babeld: update to 1.8.4
drbd-utils: update to 9.8.0
drbd: update to 9.0.17-1
macchanger: update to 1.7.0
wolfssl: update to 4.0.0
ell: remove recipe
analyze-suspend: update to 5.3
chrony: update to 3.4
nghttp2: update to 1.38
nano: update to 4.1
networkmanager-openvpn: update to 1.8.10
wpan-tools: update to 0.9
uftp: update to 4.9.9
vblade: add UPSTREAM_CHECK_URI
traceroute: add UPSTREAM_CHECK_URI
nuttcp: update to 8.2.2
nfacct: add UPSTREAM_CHECK_URI
nftables: add UPSTREAM_CHECK_URI
libnetfilter-queue: update to 1.0.3
arno-iptables-firewall: update to 2.0.3
ypbind-mt: update to 2.6
ebtables: add UPSTREAM_CHECK_URI
doxygen: replace ninja 1.9.0 fix with official one
libnetfilter-queue: fix update to 1.0.3
networkd-dispatcher: update to 2.0.1
opensaf: update to 5.19.01
libnetfilter-conntrack: update to 1.0.7
conntrack-tools: update to 1.4.5
openvpn: update to 2.4.7
Paolo Valente (1):
s-suite: push SRCREV to version 3.2
Parthiban Nallathambi (6):
python3-aiohttp: add version 3.5.4
python3-supervisor: add version 4.0.2
python3-websocket-client: add version 0.56.0
python3-tinyrecord: add version 0.1.5
python3-sentry-sdk: add version 0.7.14
python3-raven: add version 6.10.0
Pascal Bach (2):
paho-mqtt-c: 1.2.1 -> 1.3.0
thrift: update to 0.12.0
Pavel Modilaynen (1):
jsoncpp: add native BBCLASSEXTEND
Peter Kjellerstedt (2):
apache2: Correct appending to SYSROOT_PREPROCESS_FUNCS
apache2: Correct packaging of build and doc related files
Philip Balister (1):
sip: Update to 4.19.16.
Qi.Chen@windriver.com (4):
multipath-tools: fix up patch to avoid segfault
netkit-rsh: add tag to CVE patch
ipsec-tools: fix CVE tag in patch
gd: set CVE_PRODUCT
Randy MacLeod (1):
imagemagick: update from 7.0.8-35 to 7.0.8-43
Robert Joslyn (5):
gpm: Fix gpm path in unit file
gpm: Add PID file to systemd unit file
gpm: Generate documentation
gpm: Remove duplicate definition of _GNU_SOURCE
gpm: Recipe cleanup
Sean Nyekjaer (2):
cannelloni: new package, CAN to ethernet proxy
ser2net: upgrade to version 3.5.1
Vincent Prince (1):
mongodb: Fix build with gcc
Wenlin Kang (1):
samba: add PACKAGECONFIG for libunwind
Yi Zhao (7):
python-flask-socketio: move to meta-python directory
apache2: upgrade 2.4.34 -> 2.4.39
apache-websocket: upgrade to latest git rev
netkit-rsh: security fixes
openhpi: fix failure of ptest case ohpi_035
openhpi: update openhpi-fix-testfail-errors.patch
phpmyadmin: upgrade 4.8.3 -> 4.8.5
Zang Ruochen (43):
xlsatoms: upgrade 1.1.2 -> 1.1.3
xrdb: upgrade 1.1.1 -> 1.2.0
xrefresh: upgrade 1.0.5 -> 1.0.6
xsetroot: upgrade 1.1.1 -> 1.1.2
xstdcmap: upgrade 1.0.3 -> 1.0.4
xbitmaps: upgrade 1.1.1 -> 1.1.2
wireshark: upgrade 3.0.0 -> 3.0.1
python-cffi: upgrade 1.11.5 -> 1.12.2
python-attrs: upgrade 18.1.0 -> 19.1.0
python-certifi: upgrade 2018.8.13 -> 2019.3.9
python-beabutifulsoup4: upgrade 4.6.0 -> 4.7.1
python-dateutil: upgrade 2.7.3 -> 2.8.0
python-mako: upgrade 1.0.7 -> 1.0.9
python-msgpack: upgrade 0.6.0 -> 0.6.1
python-paste: upgrade 3.0.6 -> 3.0.8
python-psutil: upgrade 5.4.6 -> 5.6.1
python-py: upgrade 1.6.0 -> 1.8.0
python-pymongo: upgrade 3.7.1 -> 3.7.2
python-pyopenssl: upgrade 18.0.0 -> 19.0.0
python-pytz: upgrade 2018.5 -> 2019.1
python-stevedore: upgrade 1.29.0 -> 1.30.1
python-pbr: upgrade 4.2.0 -> 5.1.3
python-cython: upgrade 0.28.5 -> 0.29.6
python-editor: upgrade 1.0.3 -> 1.0.4
python-jinja2: upgrade 2.10 -> 2.10.1
python-lxml: upgrade 4.3.1 -> 4.3.3
python-alembic: upgrade 1.0.0 -> 1.0.9
python-cffi: upgrade 1.12.2 -> 1.12.3
python-hyperlink: upgrade 18.0.0 -> 19.0.0
python-twisted: upgrade 18.4.0 -> 19.2.0
python-zopeinterface: upgrade 4.5.0 -> 4.6.0
python-decorator: upgrade 4.3.0 -> 4.4.0
python-pip: upgrade 18.0 -> 19.1
python-pyasn1: upgrade 0.4.4 -> 0.4.5
libnet-dns-perl: upgrade 1.19 -> 1.20
python-alembic: upgrade 1.0.9 -> 1.0.10
python-cython: upgrade 0.29.6 -> 0.29.7
python-mock: upgrade 2.0.0 -> 3.0.5
python-pbr: upgrade 5.1.3 -> 5.2.0
python-psutil: upgrade 5.6.1 -> 5.6.2
python-pymongo: upgrade 3.7.2 -> 3.8.0
python-pyperclip: upgrade 1.6.2 -> 1.7.0
python-rfc3987: upgrade 1.3.7 -> 1.3.8
leimaohui (3):
To fix confilict error with python3-pbr.
python-pycodestyle: Fix conflict error with python3-pycodestyle during do_rootfs
mozjs: Make mozjs support arm32BE.
meta-raspberrypi: 9ceb84ee9e..7059c37451:
Francesco Giancane (1):
qtbase_%.bbappend: update PACKAGECONFIG name for xkbcommon
Gianluigi Tiesi (1):
psplash: Raise alternatives priority to 200
Martin Jansa (3):
linux_raspberrypi_4.19: Update to 4.19.34
bluez5: apply the same patches and pi-bluetooth dependency for all rpi MACHINEs
userland: use default PACKAGE_ARCH
Paul Barker (3):
linux-raspberrypi: Update 4.14.y kernel
linux-raspberrypi: Switch default back to 4.14.y
linux-raspberrypi 4.9: Drop old version
meta-security: 8a1f54a246..9f5cc2a7eb:
Alexander Kanavin (1):
apparmor: fetch from git
Armin Kuster (15):
clamav runtime: add resolve.conf support
clamav: fix llvm reference version
libldb: add waf-cross-answeres
clamav: runtime fix local routing
clamav: add clamav-cvd package for cvd db
clamav-native: fix new build issue
apparmor: fix fragment for 5.0 kernel
apparmor: add a few more runtime
smack: move patch to smack dir
smack-test: add smack tests from meta-intel-iot-security
samhain: add more tests and fix ret checks
libldb: add earlier version
libseccomp: update to 2.4.1
oe-selftest: add running cve checker
smack: kernel fragment update
Yi Zhao (2):
meta-tpm/conf/layer.conf: update layer dependencies
meta-tpm/README: update
Change-Id: I9e02cb75a779f25fca84395144025410bb609dfa
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-extended')
65 files changed, 670 insertions, 3584 deletions
diff --git a/poky/meta/recipes-extended/acpica/acpica_20180508.bb b/poky/meta/recipes-extended/acpica/acpica_20190405.bb index b5c89fafc..25ad7ce31 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20180508.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20190405.bb @@ -16,12 +16,9 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "bison flex bison-native" -SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz \ - file://rename-yy_scan_string-manually.patch \ - file://manipulate-fds-instead-of-FILE.patch \ - " -SRC_URI[md5sum] = "31691e2eb82b2064f78536a3423c18d6" -SRC_URI[sha256sum] = "5d8fc9d9db9e04830d40bec9add04b21c05d466e0187d354815006fdd823cf15" +SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz" +SRC_URI[md5sum] = "9ee30c8ff3012e213bc3b21a9d632215" +SRC_URI[sha256sum] = "7e144fd011c23a0a10be0b0d7448c527a4c0f621f1f835a271636e448bc96643" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" S = "${WORKDIR}/acpica-unix2-${PV}" @@ -29,18 +26,18 @@ S = "${WORKDIR}/acpica-unix2-${PV}" inherit update-alternatives ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "acpixtract" +ALTERNATIVE_${PN} = "acpixtract acpidump" -EXTRA_OEMAKE = "CC='${CC}' 'OPT_CFLAGS=-Wall'" +EXTRA_OEMAKE = "CC='${CC}' \ + OPT_CFLAGS=-Wall \ + DESTDIR=${D} \ + PREFIX=${prefix} \ + INSTALLDIR=${bindir} \ + INSTALLFLAGS= \ + " do_install() { - install -D -p -m0755 generate/unix/bin*/iasl ${D}${bindir}/iasl - install -D -p -m0755 generate/unix/bin*/acpibin ${D}${bindir}/acpibin - install -D -p -m0755 generate/unix/bin*/acpiexec ${D}${bindir}/acpiexec - install -D -p -m0755 generate/unix/bin*/acpihelp ${D}${bindir}/acpihelp - install -D -p -m0755 generate/unix/bin*/acpinames ${D}${bindir}/acpinames - install -D -p -m0755 generate/unix/bin*/acpisrc ${D}${bindir}/acpisrc - install -D -p -m0755 generate/unix/bin*/acpixtract ${D}${bindir}/acpixtract + oe_runmake install } # iasl*.bb is a subset of this recipe, so RREPLACE it diff --git a/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch b/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch deleted file mode 100644 index d8b5f9aa8..000000000 --- a/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 540d80469e6a7dce6baf7214df90e86daffc5175 Mon Sep 17 00:00:00 2001 -From: Fan Xin <fan.xin@jp.fujitsu.com> -Date: Mon, 5 Jun 2017 13:26:38 +0900 -Subject: [PATCH] aslfiles.c: manipulate fds instead of FILE - -Copying what stdout/stderr point to is not portable and fails with -musl because FILE is an undefined struct. - -Instead, use lower-level Unix functions to modify the file that stderr -writes into. This works on the platforms that Yocto targets. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - -Rebase on acpica 20170303 - -Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> - ---- - source/compiler/aslfiles.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/source/compiler/aslfiles.c b/source/compiler/aslfiles.c -index 82865db..cc072dc 100644 ---- a/source/compiler/aslfiles.c -+++ b/source/compiler/aslfiles.c -@@ -43,6 +43,11 @@ - - #include "aslcompiler.h" - #include "acapps.h" -+#include "dtcompiler.h" -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> - - #define _COMPONENT ACPI_COMPILER - ACPI_MODULE_NAME ("aslfiles") -@@ -606,6 +611,8 @@ FlOpenMiscOutputFiles ( - - if (Gbl_DebugFlag) - { -+ int fd; -+ - Filename = FlGenerateFilename (FilenamePrefix, FILE_SUFFIX_DEBUG); - if (!Filename) - { -@@ -617,10 +624,10 @@ FlOpenMiscOutputFiles ( - /* Open the debug file as STDERR, text mode */ - - Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Filename = Filename; -- Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle = -- freopen (Filename, "w+t", stderr); - -- if (!Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle) -+ fd = open(Filename, O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); -+ if (fd < 0 || -+ dup2(fd, fileno(stderr))) - { - /* - * A problem with freopen is that on error, we no longer -@@ -634,6 +641,8 @@ FlOpenMiscOutputFiles ( - exit (1); - } - -+ Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle = stderr; -+ - AslCompilerSignon (ASL_FILE_DEBUG_OUTPUT); - AslCompilerFileHeader (ASL_FILE_DEBUG_OUTPUT); - } diff --git a/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch b/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch deleted file mode 100644 index b62ca25ba..000000000 --- a/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 2ab61e6ad5a9cfcde838379bc36babfaaa61afb8 Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Fri, 20 Jan 2017 13:50:17 +0100 -Subject: [PATCH] rename yy_scan_string manually - -flex 2.6.0 used to generate code where yy_scan_string was mapped -to <custom prefix>_scan_string directly in the generated .c code. - -For example, generate/unix/iasl/obj/prparserlex.c: - -int -PrInitLexer ( - char *String) -{ - - LexBuffer = PrParser_scan_string (String); - return (LexBuffer == NULL); -} - -flex 2.6.3 no longer does that, leading to a compiler warning -and link error about yy_scan_string(). - -Both versions generate a preamble in the beginning of prparserlex.c -that maps several yy_* names, but yy_scan_string is not among those: - -... -... - -Upstream-Status: Inappropriate [workaround for https://github.com/westes/flex/issues/164] -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- - source/compiler/dtparser.l | 2 +- - source/compiler/prparser.l | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source/compiler/dtparser.l b/source/compiler/dtparser.l -index 3f4c2f3..eaa43ff 100644 ---- a/source/compiler/dtparser.l -+++ b/source/compiler/dtparser.l -@@ -120,7 +120,7 @@ DtInitLexer ( - char *String) - { - -- LexBuffer = yy_scan_string (String); -+ LexBuffer = DtParser_scan_string (String); - return (LexBuffer == NULL); - } - -diff --git a/source/compiler/prparser.l b/source/compiler/prparser.l -index 10bd130..9cb3573 100644 ---- a/source/compiler/prparser.l -+++ b/source/compiler/prparser.l -@@ -127,7 +127,7 @@ PrInitLexer ( - char *String) - { - -- LexBuffer = yy_scan_string (String); -+ LexBuffer = PrParser_scan_string (String); - return (LexBuffer == NULL); - } - --- -2.11.0 - diff --git a/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch b/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch deleted file mode 100644 index 5405c84c7..000000000 --- a/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e5837a42f8f48a6a721805ff8f7fcd32861d09ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com> -Date: Tue, 26 Jul 2016 13:09:47 +0100 -Subject: [PATCH] help: fix printf() format security warning -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def: In function 'help_builtin': -| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] -| printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); -| ^~~~~~ - -Signed-off-by: André Draszik <adraszik@tycoint.com> ---- -Upstream-Status: Pending - builtins/help.def | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/builtins/help.def b/builtins/help.def -index 1894f17..cf624c6 100644 ---- a/builtins/help.def -+++ b/builtins/help.def -@@ -127,7 +127,7 @@ help_builtin (list) - - if (glob_pattern_p (list->word->word)) - { -- printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); -+ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); - print_word_list (list, ", "); - printf ("'\n\n"); - } --- -2.8.1 - diff --git a/poky/meta/recipes-extended/bash/bash/build-tests.patch b/poky/meta/recipes-extended/bash/bash/build-tests.patch index 73a81b60d..5f2dae94a 100644 --- a/poky/meta/recipes-extended/bash/bash/build-tests.patch +++ b/poky/meta/recipes-extended/bash/bash/build-tests.patch @@ -2,15 +2,18 @@ Add 'ptest' target to Makefile, to run tests without checking dependencies. Upstream-Status: Pending Signed-off-by: Anders Roxell <anders.roxell@enea.com> + +Rebase to 5.0 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- Makefile.in | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in +index 5fcb44b..de1c255 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -848,20 +848,34 @@ maybe-clean: +@@ -932,20 +932,34 @@ maybe-clean: fi recho$(EXEEXT): $(SUPPORT_SRC)recho.c @@ -51,5 +54,5 @@ diff --git a/Makefile.in b/Makefile.in PATH=$(BUILD_DIR)/tests:$$PATH THIS_SH=$(THIS_SH) $(SHELL) ${TESTSCRIPT} ) -- -1.8.1.2 +2.7.4 diff --git a/poky/meta/recipes-extended/bash/bash/execute_cmd.patch b/poky/meta/recipes-extended/bash/bash/execute_cmd.patch index 9970b4d8f..7a9e9a902 100644 --- a/poky/meta/recipes-extended/bash/bash/execute_cmd.patch +++ b/poky/meta/recipes-extended/bash/bash/execute_cmd.patch @@ -1,10 +1,16 @@ Upstream-Status: Inappropriate [embedded specific] -Index: execute_cmd.c -=================================================================== ---- execute_cmd.c.orig -+++ execute_cmd.c -@@ -2459,7 +2459,11 @@ execute_pipeline (command, asynchronous, +Rebase to 5.0 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + execute_cmd.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/execute_cmd.c b/execute_cmd.c +index f1d74bf..31674b4 100644 +--- a/execute_cmd.c ++++ b/execute_cmd.c +@@ -2567,7 +2567,11 @@ execute_pipeline (command, asynchronous, pipe_in, pipe_out, fds_to_close) /* If the `lastpipe' option is set with shopt, and job control is not enabled, execute the last element of non-async pipelines in the current shell environment. */ @@ -17,3 +23,6 @@ Index: execute_cmd.c { lstdin = move_to_high_fd (0, 1, -1); if (lstdin > 0) +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch b/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch deleted file mode 100644 index e05bbda31..000000000 --- a/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch +++ /dev/null @@ -1,13 +0,0 @@ -pathexp includes libintl.h but doesn't depend on it, thus a build race can occur. - -Upstream-Status: Submitted (https://savannah.gnu.org/patch/index.php?9503) -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/Makefile.in b/Makefile.in -index c7b62bc0..241cbf12 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -1281,2 +1281,3 @@ nojobs.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h - y.tab.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h -+pathexp.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h - pcomplete.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h diff --git a/poky/meta/recipes-extended/bash/bash_4.4.18.bb b/poky/meta/recipes-extended/bash/bash_4.4.18.bb deleted file mode 100644 index 8fa0978d4..000000000 --- a/poky/meta/recipes-extended/bash/bash_4.4.18.bb +++ /dev/null @@ -1,41 +0,0 @@ -require bash.inc - -# GPLv2+ (< 4.0), GPLv3+ (>= 4.0) -LICENSE = "GPLv3+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-019;apply=yes;striplevel=0;name=patch019 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-020;apply=yes;striplevel=0;name=patch020 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-021;apply=yes;striplevel=0;name=patch021 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-022;apply=yes;striplevel=0;name=patch022 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-023;apply=yes;striplevel=0;name=patch023 \ - file://execute_cmd.patch;striplevel=0 \ - file://mkbuiltins_have_stringize.patch \ - file://build-tests.patch \ - file://test-output.patch \ - file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ - file://run-ptest \ - file://fix-run-builtins.patch \ - file://0001-help-fix-printf-format-security-warning.patch \ - file://pathexp-dep.patch \ - " - -SRC_URI[tarball.md5sum] = "518e2c187cc11a17040f0915dddce54e" -SRC_URI[tarball.sha256sum] = "604d9eec5e4ed5fd2180ee44dd756ddca92e0b6aa4217bbab2b6227380317f23" - -SRC_URI[patch019.md5sum] = "8f43e1d277b02f3319a34c1cd4a4ff3e" -SRC_URI[patch019.sha256sum] = "27170d6edfe8819835407fdc08b401d2e161b1400fe9d0c5317a51104c89c11e" -SRC_URI[patch020.md5sum] = "5217ff08c444446ec306dce60437c288" -SRC_URI[patch020.sha256sum] = "1840e2cbf26ba822913662f74037594ed562361485390c52813b38156c99522c" -SRC_URI[patch021.md5sum] = "282c7d9b38da8005d25b4f816328a2f4" -SRC_URI[patch021.sha256sum] = "bd8f59054a763ec1c64179ad5cb607f558708a317c2bdb22b814e3da456374c1" -SRC_URI[patch022.md5sum] = "0b709c9d7f8e6cf267a8b863efb899f7" -SRC_URI[patch022.sha256sum] = "45331f0936e36ab91bfe44b936e33ed8a1b1848fa896e8a1d0f2ef74f297cb79" -SRC_URI[patch023.md5sum] = "fe2e0ca4cf9409ff0e9428e1236f983e" -SRC_URI[patch023.sha256sum] = "4fec236f3fbd3d0c47b893fdfa9122142a474f6ef66c20ffb6c0f4864dd591b6" - -DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" -DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" - -BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb new file mode 100644 index 000000000..e60e5304a --- /dev/null +++ b/poky/meta/recipes-extended/bash/bash_5.0.bb @@ -0,0 +1,45 @@ +require bash.inc + +# GPLv2+ (< 4.0), GPLv3+ (>= 4.0) +LICENSE = "GPLv3+" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-001;apply=yes;striplevel=0;name=patch001 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-002;apply=yes;striplevel=0;name=patch002 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-003;apply=yes;striplevel=0;name=patch003 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-004;apply=yes;striplevel=0;name=patch004 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-005;apply=yes;striplevel=0;name=patch005 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-006;apply=yes;striplevel=0;name=patch006 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-007;apply=yes;striplevel=0;name=patch007 \ + file://execute_cmd.patch \ + file://mkbuiltins_have_stringize.patch \ + file://build-tests.patch \ + file://test-output.patch \ + file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ + file://run-ptest \ + file://fix-run-builtins.patch \ + " + +SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b" +SRC_URI[tarball.sha256sum] = "b4a80f2ac66170b2913efbfb9f2594f1f76c7b1afd11f799e22035d63077fb4d" + +SRC_URI[patch001.md5sum] = "b026862ab596a5883bb4f0d1077a3819" +SRC_URI[patch001.sha256sum] = "f2fe9e1f0faddf14ab9bfa88d450a75e5d028fedafad23b88716bd657c737289" +SRC_URI[patch002.md5sum] = "2f4a7787365790ae57f36b311701ea7e" +SRC_URI[patch002.sha256sum] = "87e87d3542e598799adb3e7e01c8165bc743e136a400ed0de015845f7ff68707" +SRC_URI[patch003.md5sum] = "af7f2dd93fd5429fb5e9a642ff74f87d" +SRC_URI[patch003.sha256sum] = "4eebcdc37b13793a232c5f2f498a5fcbf7da0ecb3da2059391c096db620ec85b" +SRC_URI[patch004.md5sum] = "b60545b273bfa4e00a760f2c648bed9c" +SRC_URI[patch004.sha256sum] = "14447ad832add8ecfafdce5384badd933697b559c4688d6b9e3d36ff36c62f08" +SRC_URI[patch005.md5sum] = "875a0bedf48b74e453e3997c84b5d8a4" +SRC_URI[patch005.sha256sum] = "5bf54dd9bd2c211d2bfb34a49e2c741f2ed5e338767e9ce9f4d41254bf9f8276" +SRC_URI[patch006.md5sum] = "4a8ee95adb72c3aba03d9e8c9f96ece6" +SRC_URI[patch006.sha256sum] = "d68529a6ff201b6ff5915318ab12fc16b8a0ebb77fda3308303fcc1e13398420" +SRC_URI[patch007.md5sum] = "411560d81fde2dc5b17b83c3f3b58c6f" +SRC_URI[patch007.sha256sum] = "17b41e7ee3673d8887dd25992417a398677533ab8827938aa41fad70df19af9b" + +DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" +DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb index cb845c307..3713bf0b1 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb @@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713 inherit autotools gettext texinfo -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" +EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" do_install () { autotools_do_install @@ -34,7 +34,7 @@ do_install () { PACKAGES =+ "${PN}-rmt" -FILES_${PN}-rmt = "${base_sbindir}/rmt*" +FILES_${PN}-rmt = "${sbindir}/rmt*" inherit update-alternatives @@ -46,6 +46,6 @@ ALTERNATIVE_${PN}-rmt = "rmt" ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" ALTERNATIVE_PRIORITY[rmt] = "50" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" +ALTERNATIVE_LINK_NAME[rmt] = "${sbindir}/rmt" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch index 6c928165c..c374790d1 100644 --- a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch +++ b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch @@ -4,19 +4,19 @@ configure files instead. Upstream-Status: Pending Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -Index: cronie-1.5.1/pam/crond -=================================================================== ---- cronie-1.5.1.orig/pam/crond -+++ cronie-1.5.1/pam/crond +diff --git a/pam/crond b/pam/crond +index 560529d..95a6457 100644 +--- a/pam/crond ++++ b/pam/crond @@ -4,8 +4,8 @@ # # Although no PAM authentication is called, auth modules # are used for credential setting --auth include password-auth +-auth include system-auth +auth include common-auth account required pam_access.so --account include password-auth -+account include common-account +-account include system-auth ++account include common-auth session required pam_loginuid.so --session include password-auth +-session include system-auth +session include common-session-noninteractive diff --git a/poky/meta/recipes-extended/cronie/cronie_1.5.2.bb b/poky/meta/recipes-extended/cronie/cronie_1.5.4.bb index 3abca7f92..d35c6672c 100644 --- a/poky/meta/recipes-extended/cronie/cronie_1.5.2.bb +++ b/poky/meta/recipes-extended/cronie/cronie_1.5.4.bb @@ -16,7 +16,7 @@ SECTION = "utils" UPSTREAM_CHECK_URI = "https://github.com/cronie-crond/${BPN}/releases/" -SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV}/cronie-${PV}.tar.gz \ +SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV}-final/cronie-${PV}.tar.gz \ file://crond.init \ file://crontab \ file://crond.service \ @@ -25,8 +25,8 @@ SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV} PAM_SRC_URI = "file://crond_pam_config.patch" PAM_DEPS = "libpam libpam-runtime pam-plugin-access pam-plugin-loginuid" -SRC_URI[md5sum] = "703314f58a49ea136e9966d3937d9bf4" -SRC_URI[sha256sum] = "370bf34641691489330e708bd4cdbd779267296a030668a12f77b7e36872fd75" +SRC_URI[md5sum] = "20233b96997e17a142e1fbe0d7ce8223" +SRC_URI[sha256sum] = "af8970559cad4262f8ffd7ec72abf682d2dcce04fdfb8f206a71d96566aba882" inherit autotools update-rc.d useradd systemd diff --git a/poky/meta/recipes-extended/cups/cups_2.2.10.bb b/poky/meta/recipes-extended/cups/cups_2.2.10.bb deleted file mode 100644 index 490c84e2f..000000000 --- a/poky/meta/recipes-extended/cups/cups_2.2.10.bb +++ /dev/null @@ -1,6 +0,0 @@ -require cups.inc - -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460" - -SRC_URI[md5sum] = "3d22d747403ec5dcd0b66d1332564816" -SRC_URI[sha256sum] = "77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb" diff --git a/poky/meta/recipes-extended/cups/cups_2.2.11.bb b/poky/meta/recipes-extended/cups/cups_2.2.11.bb new file mode 100644 index 000000000..aeb2e14e3 --- /dev/null +++ b/poky/meta/recipes-extended/cups/cups_2.2.11.bb @@ -0,0 +1,6 @@ +require cups.inc + +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460" + +SRC_URI[md5sum] = "7afbbcd2497e7d742583c492f6de40cd" +SRC_URI[sha256sum] = "f58010813fd6903f690cdb0c0b91e4d1bc9e5b9570c28734229ba3ed2908b76c" diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch index beae5f98c..b145188d7 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch +++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch @@ -19,7 +19,7 @@ index e891d91..600f8a8 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. - AC_INIT(ethtool, 4.19, netdev@vger.kernel.org) + AC_INIT(ethtool, 5.0, netdev@vger.kernel.org) AC_PREREQ(2.52) AC_CONFIG_SRCDIR([ethtool.c]) -AM_INIT_AUTOMAKE([gnu]) diff --git a/poky/meta/recipes-extended/ethtool/ethtool_4.19.bb b/poky/meta/recipes-extended/ethtool/ethtool_5.0.bb index 74e255c24..76cdf9c4e 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool_4.19.bb +++ b/poky/meta/recipes-extended/ethtool/ethtool_5.0.bb @@ -11,8 +11,8 @@ SRC_URI = "${KERNELORG_MIRROR}/software/network/ethtool/ethtool-${PV}.tar.gz \ file://avoid_parallel_tests.patch \ " -SRC_URI[md5sum] = "a533db1d202724822c4ef297643fac12" -SRC_URI[sha256sum] = "e8e88f5a79c78e542cd84fee60b67dbf29cee63e4760e8d61544fea74c761ad1" +SRC_URI[md5sum] = "8998c9eb7e491b0aec420a807ce52ba6" +SRC_URI[sha256sum] = "cc53a6d4d5643f8993ef20d6b638f88d9035529a9e777e222073c3a5b9237178" inherit autotools ptest RDEPENDS_${PN}-ptest += "make" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch deleted file mode 100644 index 30ce04a7b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch +++ /dev/null @@ -1,99 +0,0 @@ -From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Mon, 26 Nov 2018 18:01:25 +0000 -Subject: [PATCH] Have gs_cet.ps run from gs_init.ps - -Previously gs_cet.ps was run on the command line, to set up the interpreter -state so our output more closely matches the example output for the QL CET -tests. - -Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the -file directly. - -This works better for gpdl as it means the changes are made in the intial -interpreter state, rather than after initialisation is complete. - -This also means adding a definition of the default procedure for black -generation and under color removal (rather it being defined in-line in -.setdefaultbgucr - -Also, add a check so gs_cet.ps only runs once - if we try to run it a second -time, we'll just skip over the file, flushing through to the end. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 11 ++++++++++- - Resource/Init/gs_init.ps | 13 ++++++++++++- - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index d3e1686..75534bb 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,6 +1,11 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - -+systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq -+{ -+ (%END GS_CET) .skipeof -+} if -+ - % do this in the server level so it is persistent across jobs - //true 0 startjob not { - (*** Warning: CET startup is not in server default) = flush -@@ -25,7 +30,9 @@ currentglobal //true setglobal - - /UNROLLFORMS true def - --{ } bind dup -+(%.defaultbgrucrproc) cvn { } bind def -+ -+(%.defaultbgrucrproc) cvn load dup - setblackgeneration - setundercolorremoval - 0 array cvx readonly dup dup dup setcolortransfer -@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put - % end of slightly nasty hack to give consistent cluster results - - //false 0 startjob pop % re-enter encapsulated mode -+ -+%END GS_CET -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 45bebf4..e6b9cd2 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -1538,10 +1538,18 @@ setpacking - % any-part-of-pixel rule. - 0.5 .setfilladjust - } bind def -+ - % Set the default screen and BG/UCR. -+% We define the proc here, rather than inline in .setdefaultbgucr -+% for the benefit of gs_cet.ps so jobs that do anything that causes -+% .setdefaultbgucr to be called will still get the redefined proc -+% in gs_cet.ps -+(%.defaultbgrucrproc) cvn { pop 0 } def -+ - /.setdefaultbgucr { - systemdict /setblackgeneration known { -- { pop 0 } dup setblackgeneration setundercolorremoval -+ (%.defaultbgrucrproc) cvn load dup -+ setblackgeneration setundercolorremoval - } if - } bind def - /.useloresscreen { % - .useloresscreen <bool> -@@ -2491,4 +2499,7 @@ WRITESYSTEMDICT { - % be 'true' in some cases. - userdict /AGM_preserve_spots //false put - -+systemdict /CETMODE .knownget -+{ { (gs_cet.ps) runlibfile } if } if -+ - % The interpreter will run the initial procedure (start). --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch deleted file mode 100644 index 590b92e18..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch +++ /dev/null @@ -1,71 +0,0 @@ -From ba6dbd6e61dbb3cc6ee6db9dd3a4f70cc18f706e Mon Sep 17 00:00:00 2001 -From: Nancy Durgin <nancy.durgin@artifex.com> -Date: Thu, 14 Feb 2019 10:09:00 -0800 -Subject: [PATCH] Undef /odef in gs_init.ps - -Made a new temporary utility function in gs_cet.ps (.odef) to use instead -of /odef. This makes it fine to undef odef with all the other operators in -gs_init.ps - -This punts the bigger question of what to do with .makeoperator, but it -doesn't make the situation any worse than it already was. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 10 ++++++++-- - Resource/Init/gs_init.ps | 1 + - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index 75534bb..dbc5c4e 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,6 +1,10 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - -+/.odef { % <name> <proc> odef - -+ 1 index exch .makeoperator def -+} bind def -+ - systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq - { - (%END GS_CET) .skipeof -@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put - } { - /setsmoothness .systemvar /typecheck signalerror - } ifelse --} bind odef --/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS . -+} bind //.odef exec -+/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS . - - % slightly nasty hack to give consistent cluster results - /ofnfa systemdict /filenameforall get def -@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put - } ifelse - ofnfa - } bind def -+ -+currentdict /.odef undef - % end of slightly nasty hack to give consistent cluster results - - //false 0 startjob pop % re-enter encapsulated mode -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index e6b9cd2..80d9585 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2257,6 +2257,7 @@ SAFER { .setsafeglobal } if - /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams - /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice - /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies -+ /odef - - % Used by a free user in the Library of Congress. Apparently this is used to - % draw a partial page, which is then filled in by the results of a barcode --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch deleted file mode 100644 index a339fa2f3..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 4203e04ef9e6ca22ed68a1ab10a878aa9ceaeedc Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Thu, 14 Feb 2019 10:20:03 -0800 -Subject: [PATCH] Fix bug 700585: Restrict superexec and remove it from - internals and gs_cet.ps - -Also while changing things, restructure the CETMODE so that it will -work with -dSAFER. The gs_cet.ps is now run when we are still at save -level 0 with systemdict writeable. Allows us to undefine .makeoperator -and .setCPSImode internal operators after CETMODE is handled. - -Change previous uses of superexec to using .forceput (with the usual -.bind executeonly to hide it). - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 38 ++++++++++++++------------------------ - Resource/Init/gs_dps1.ps | 2 +- - Resource/Init/gs_fonts.ps | 8 ++++---- - Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++----------- - Resource/Init/gs_ttf.ps | 8 ++++---- - Resource/Init/gs_type1.ps | 6 +++--- - 6 files changed, 53 insertions(+), 47 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index dbc5c4e..3cc6883 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,37 +1,29 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - --/.odef { % <name> <proc> odef - -- 1 index exch .makeoperator def --} bind def -- -+% skip if we've already run this -- based on fake "product" - systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq - { - (%END GS_CET) .skipeof - } if - --% do this in the server level so it is persistent across jobs --//true 0 startjob not { -- (*** Warning: CET startup is not in server default) = flush --} if -+% Note: this must be run at save level 0 and when systemdict is writeable -+currentglobal //true setglobal -+systemdict dup dup dup -+/version (3017.102) readonly .forceput % match CPSI 3017.102 -+/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102 -+/revision 0 put % match CPSI 3017.103 Tek shows revision 5 -+/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461 -+ -+systemdict /.odef { % <name> <proc> odef - -+ 1 index exch //.makeoperator def -+} .bind .forceput % this will be undefined at the end - - 300 .sethiresscreen % needed for language switch build since it - % processes gs_init.ps BEFORE setting the resolution - - 0 array 0 setdash % CET 09-08 wants local setdash - --currentglobal //true setglobal -- --{ -- systemdict dup dup dup -- /version (3017.102) readonly put % match CPSI 3017.102 -- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102 -- /revision 0 put % match CPSI 3017.103 Tek shows revision 5 -- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461 -- systemdict /deviceinfo undef % for CET 20-23-1 --% /UNROLLFORMS true put % CET files do unreasonable things inside forms --} 1183615869 internaldict /superexec get exec -- - /UNROLLFORMS true def - - (%.defaultbgrucrproc) cvn { } bind def -@@ -118,9 +110,7 @@ userdict /.smoothness currentsmoothness put - ofnfa - } bind def - --currentdict /.odef undef --% end of slightly nasty hack to give consistent cluster results -- --//false 0 startjob pop % re-enter encapsulated mode -+systemdict /.odef .undef - -+% end of slightly nasty hack to give consistent cluster results - %END GS_CET -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 3d2cf7a..c4fd839 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -89,7 +89,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 0562235..f2b4e19 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -519,11 +519,11 @@ buildfontdict 3 /.buildfont3 cvx put - % the font in LocalFontDirectory. - .currentglobal - { //systemdict /LocalFontDirectory .knownget -- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { 2 index 2 index .forceput } % readonly - if - } - if -- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll .forceput % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -1191,13 +1191,13 @@ $error /SubstituteFont { } put - //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll //.forceput exec % readonly - } { - pop - } ifelse - } forall - } forall -- } -+ } executeonly % hide .forceput - FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - - % Install initial fonts from Fontmap. -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 80d9585..0d5c4f7 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2188,9 +2188,6 @@ SAFER { .setsafeglobal } if - /.endtransparencygroup % transparency-example.ps - /.setdotlength % Bug687720.ps - /.sort /.setdebug /.mementolistnewblocks /getenv -- -- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER -- - /unread - ] - {systemdict exch .forceundef} forall -@@ -2270,7 +2267,6 @@ SAFER { .setsafeglobal } if - - % Used by our own test suite files - %/.fileposition %image-qa.ps -- %/.makeoperator /.setCPSImode % gs_cet.ps - - % Either our code uses these in ways which mean they can't be undefined, or they are used directly by - % test files/utilities, or engineers expressed a desire to keep them visible. -@@ -2457,6 +2453,16 @@ end - /vmreclaim where - { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if - } if -+ -+% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps) -+systemdict /CETMODE .knownget { -+ { -+ (gs_cet.ps) runlibfile -+ } if -+} if -+systemdict /.makeoperator .undef % must be after gs_cet.ps -+systemdict /.setCPSImode .undef % must be after gs_cet.ps -+ - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -@@ -2464,16 +2470,29 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. --systemdict /superexec .knownget { -- 1183615869 internaldict /superexec 3 -1 roll put -- systemdict /superexec .undef -+% Move superexec to internaldict if superexec is defined. (Level 2 or later) -+systemdict /superexec known { -+ % restrict superexec to single known use by PScript5.dll -+ % We could do this only for SAFER mode, but internaldict and superexec are -+ % not very well documented, and we don't want them to be used. -+ 1183615869 internaldict /superexec { -+ 2 index /Private eq % first check for typical use in PScript5.dll -+ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -+ 1 index 0 get systemdict /put get eq and -+ { -+ //superexec exec % the only usage we allow -+ } { -+ /superexec load /invalidaccess signalerror -+ } ifelse -+ } bind cvx executeonly put -+ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator - } if - - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef - } if -+ - WRITESYSTEMDICT { - SAFER { - (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print -@@ -2500,7 +2519,4 @@ WRITESYSTEMDICT { - % be 'true' in some cases. - userdict /AGM_preserve_spots //false put - --systemdict /CETMODE .knownget --{ { (gs_cet.ps) runlibfile } if } if -- - % The interpreter will run the initial procedure (start). -diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps -index 05943c5..da97afa 100644 ---- a/Resource/Init/gs_ttf.ps -+++ b/Resource/Init/gs_ttf.ps -@@ -1421,7 +1421,7 @@ mark - TTFDEBUG { (\n1 setting alias: ) print dup ==only - ( to be the same as ) print 2 index //== exec } if - -- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 7 index 2 index 3 -1 roll exch .forceput - } forall - pop pop pop - } -@@ -1439,7 +1439,7 @@ mark - exch pop - TTFDEBUG { (\n2 setting alias: ) print 1 index ==only - ( to use glyph index: ) print dup //== exec } if -- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 5 index 3 1 roll .forceput - //false - } - { -@@ -1456,7 +1456,7 @@ mark - { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) - TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only - ( to be index: ) print dup //== exec } if -- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ exch pop 5 index 3 1 roll .forceput - } - { - pop pop -@@ -1486,7 +1486,7 @@ mark - } ifelse - ] - TTFDEBUG { (Encoding: ) print dup === flush } if --} bind def -+} .bind executeonly odef % hides .forceput - - % to be removed 9.09...... - currentdict /postalias undef -diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps -index 96e1ced..61f5269 100644 ---- a/Resource/Init/gs_type1.ps -+++ b/Resource/Init/gs_type1.ps -@@ -116,7 +116,7 @@ - { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname - CFFDEBUG { (\nsetting alias: ) print dup ==only - ( to be the same as glyph: ) print 1 index //== exec } if -- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 3 index exch 3 index .forceput - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname - } - {pop} ifelse -@@ -135,7 +135,7 @@ - 3 1 roll pop pop - } if - pop -- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ dup /.AGLprocessed~GS //true .forceput - } if - - %% We need to excute the C .buildfont1 in a stopped context so that, if there -@@ -148,7 +148,7 @@ - {//.buildfont1} stopped - 4 3 roll .setglobal - {//.buildfont1 $error /errorname get signalerror} if -- } bind def -+ } .bind executeonly def % hide .forceput - - % If the diskfont feature isn't included, define a dummy .loadfontdict. - /.loadfontdict where --- -2.20.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch deleted file mode 100644 index 5228cace2..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 5845e667dda3c945ee793fbe6af021533cb4fbec Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Sun, 24 Feb 2019 22:01:04 -0800 -Subject: [PATCH] Bug 700585: Obliterate "superexec". We don't need it, nor - do any known apps. - -We were under the impression that the Windows driver 'PScript5.dll' used -superexec, but after testing with our extensive suite of PostScript file, -and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear -that this operator is needed anymore. Get rid of superexec and all of the -references to it, since it is a potential security hole. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_init.ps | 18 ------------------ - psi/icontext.c | 1 - - psi/icstate.h | 1 - - psi/zcontrol.c | 30 ------------------------------ - psi/zdict.c | 6 ++---- - psi/zgeneric.c | 3 +-- - 6 files changed, 3 insertions(+), 56 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 0d5c4f7..c5ac82a 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2470,24 +2470,6 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. (Level 2 or later) --systemdict /superexec known { -- % restrict superexec to single known use by PScript5.dll -- % We could do this only for SAFER mode, but internaldict and superexec are -- % not very well documented, and we don't want them to be used. -- 1183615869 internaldict /superexec { -- 2 index /Private eq % first check for typical use in PScript5.dll -- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -- 1 index 0 get systemdict /put get eq and -- { -- //superexec exec % the only usage we allow -- } { -- /superexec load /invalidaccess signalerror -- } ifelse -- } bind cvx executeonly put -- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator --} if -- - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef -diff --git a/psi/icontext.c b/psi/icontext.c -index 1fbe486..7462ea3 100644 ---- a/psi/icontext.c -+++ b/psi/icontext.c -@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst, - pcst->rand_state = rand_state_initial; - pcst->usertime_total = 0; - pcst->keep_usertime = false; -- pcst->in_superexec = 0; - pcst->plugin_list = 0; - make_t(&pcst->error_object, t__invalid); - { /* -diff --git a/psi/icstate.h b/psi/icstate.h -index 4c6a14d..1009d85 100644 ---- a/psi/icstate.h -+++ b/psi/icstate.h -@@ -54,7 +54,6 @@ struct gs_context_state_s { - long usertime_total; /* total accumulated usertime, */ - /* not counting current time if running */ - bool keep_usertime; /* true if context ever executed usertime */ -- int in_superexec; /* # of levels of superexec */ - /* View clipping is handled in the graphics state. */ - ref error_object; /* t__invalid or error object from operator */ - ref userparams; /* t_dictionary */ -diff --git a/psi/zcontrol.c b/psi/zcontrol.c -index 0362cf4..dc813e8 100644 ---- a/psi/zcontrol.c -+++ b/psi/zcontrol.c -@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p) - return o_push_estack; - } - --/* <obj> superexec - */ --static int end_superexec(i_ctx_t *); --static int --zsuperexec(i_ctx_t *i_ctx_p) --{ -- os_ptr op = osp; -- es_ptr ep; -- -- check_op(1); -- if (!r_has_attr(op, a_executable)) -- return 0; /* literal object just gets pushed back */ -- check_estack(2); -- ep = esp += 3; -- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */ -- make_op_estack(ep - 1, end_superexec); /* normal case */ -- ref_assign(ep, op); -- esfile_check_cache(); -- pop(1); -- i_ctx_p->in_superexec++; -- return o_push_estack; --} --static int --end_superexec(i_ctx_t *i_ctx_p) --{ -- i_ctx_p->in_superexec--; -- return 0; --} -- - /* <array> <executable> .runandhide <obj> */ - /* before executing <executable>, <array> is been removed from */ - /* the operand stack and placed on the execstack with attributes */ -@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = { - {"0%loop_continue", loop_continue}, - {"0%repeat_continue", repeat_continue}, - {"0%stopped_push", stopped_push}, -- {"1superexec", zsuperexec}, -- {"0%end_superexec", end_superexec}, - {"2.runandhide", zrunandhide}, - {"0%end_runandhide", end_runandhide}, - op_def_end(0) -diff --git a/psi/zdict.c b/psi/zdict.c -index b0deaaa..e2e525d 100644 ---- a/psi/zdict.c -+++ b/psi/zdict.c -@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - code = idict_undef(op1, op); - if (code < 0 && code != gs_error_undefined) /* ignore undefined error */ - return code; -@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - check_type(*op, t_integer); - if (op->value.intval < 0) - return_error(gs_error_rangecheck); -diff --git a/psi/zgeneric.c b/psi/zgeneric.c -index 8048e28..d4edddb 100644 ---- a/psi/zgeneric.c -+++ b/psi/zgeneric.c -@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p) - - switch (r_type(op2)) { - case t_dictionary: -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op2); -+ check_dict_write(*op2); - { - int code = idict_put(op2, op1, op); - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch deleted file mode 100644 index 593109fb9..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 20 Feb 2019 09:54:28 +0000 -Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in - DefineResource). - -This prevents access to .forceput - -Solution originally suggested by cbuissar@redhat.com. - -CVE: CVE-2019-3838 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 89c0ed6..a163541 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -426,7 +426,7 @@ status { - % so we have to use .forceput here. - currentdict /.Instances 2 index .forceput % Category dict is read-only - } executeonly if -- } -+ } executeonly - { .LocalInstances dup //.emptydict eq - { pop 3 dict localinstancedict Category 2 index put - } --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch deleted file mode 100644 index 921e5b687..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0cb5e967c0200559f946291b5b54f8da30c32cd6 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 22 Feb 2019 12:28:23 +0000 -Subject: [PATCH] Bug 700576(redux): an extra transient proc needs - executeonly'ed. - -CVE: CVE-2019-3838 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index a163541..8ce4ae3 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -438,7 +438,7 @@ status { - % Now make the resource value read-only. - 0 2 copy get { readonly } .internalstopped pop - dup 4 1 roll put exch pop exch pop -- } -+ } executeonly - { /defineresource cvx /typecheck signaloperror - } - ifelse --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch deleted file mode 100644 index b2c1ade4b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch +++ /dev/null @@ -1,177 +0,0 @@ -From c8c77690199b677f70093824382f0881e643e17b Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Dec 2018 12:22:13 +0000 -Subject: [PATCH 1/7] Sanitize op stack for error conditions - -We save the stacks to an array and store the array for the error handler to -access. - -For SAFER, we traverse the array, and deep copy any op arrays (procedures). As -we make these copies, we check for operators that do *not* exist in systemdict, -when we find one, we replace the operator with a name object (of the form -"/--opname--"). - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - psi/int.mak | 3 +- - psi/interp.c | 8 ++++++ - psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - psi/istack.h | 3 ++ - 4 files changed, 91 insertions(+), 1 deletion(-) - -diff --git a/psi/int.mak b/psi/int.mak -index 6ab5bf0..6b349cb 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\ - $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\ - $(ierrors_h) $(gsstruct_h) $(gsutil_h)\ - $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\ -- $(store_h) $(INT_MAK) $(MAKEDIRS) -+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \ -+ $(INT_MAK) $(MAKEDIRS) - $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c - - $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\ -diff --git a/psi/interp.c b/psi/interp.c -index 6dc0dda..aa5779c 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - uint size = ref_stack_count(pstack) - skip; - uint save_space = ialloc_space(idmemory); - int code, i; -+ ref *safety, *safe; - - if (size > 65535) - size = 65535; -@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - make_null(&arr->value.refs[i]); - } - } -+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 && -+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) && -+ safe->value.boolval == true) { -+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr); -+ if (code < 0) -+ return code; -+ } - ialloc_set_space(idmemory, save_space); - return code; - } -diff --git a/psi/istack.c b/psi/istack.c -index 8fe151f..f1a3e51 100644 ---- a/psi/istack.c -+++ b/psi/istack.c -@@ -27,6 +27,10 @@ - #include "iutil.h" - #include "ivmspace.h" /* for local/global test */ - #include "store.h" -+#include "icstate.h" -+#include "iname.h" -+#include "dstack.h" -+#include "idict.h" - - /* Forward references */ - static void init_block(ref_stack_t *pstack, const ref *pblock_array, -@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count, - return 0; - } - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr) -+{ -+ int i, code; -+ ref obj, arr2; -+ ref *pobj2; -+ gs_memory_t *mem = (gs_memory_t *)idmemory->current; -+ -+ if (!r_is_array(sarr) || !r_has_type(darr, t_array)) -+ return_error(gs_error_typecheck); -+ -+ for (i = 0; i < r_size(sarr); i++) { -+ code = array_get(mem, sarr, i, &obj); -+ if (code < 0) -+ make_null(&obj); -+ switch(r_type(&obj)) { -+ case t_operator: -+ { -+ int index = op_index(&obj); -+ -+ if (index > 0 && index < op_def_count) { -+ const byte *data = (const byte *)(op_index_def(index)->oname + 1); -+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) { -+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize"); -+ if (s) { -+ s[0] = '\0'; -+ strcpy((char *)s, "--"); -+ strcpy((char *)s + 2, (char *)data); -+ strcpy((char *)s + strlen((char *)data) + 2, "--"); -+ } -+ else { -+ s = (byte *)data; -+ } -+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1); -+ if (code < 0) make_null(&obj); -+ if (s != data) -+ gs_free_object(mem, s, "ref_stack_array_sanitize"); -+ } -+ } -+ else { -+ make_null(&obj); -+ } -+ ref_assign(darr->value.refs + i, &obj); -+ break; -+ } -+ case t_array: -+ case t_shortarray: -+ case t_mixedarray: -+ { -+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable); -+ /* We only want to copy executable arrays */ -+ if (attrs & (a_execute | a_executable)) { -+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize"); -+ if (code < 0) { -+ make_null(&arr2); -+ } -+ else { -+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2); -+ } -+ ref_assign(darr->value.refs + i, &arr2); -+ } -+ else { -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ break; -+ } -+ default: -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ } -+ return 0; -+} -+ -+ - /* - * Store the top 'count' elements of a stack, starting 'skip' elements below - * the top, into an array, with or without store/undo checking. age=-1 for -diff --git a/psi/istack.h b/psi/istack.h -index 051dcbe..54be405 100644 ---- a/psi/istack.h -+++ b/psi/istack.h -@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count, - uint skip, int age, bool check, - gs_dual_memory_t *idmem, client_name_t cname); - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr); -+ - /* - * Pop the top N elements off a stack. - * The number must not exceed the number of elements in use. --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch deleted file mode 100644 index 97c74e7e3..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch +++ /dev/null @@ -1,442 +0,0 @@ -From 20001d2bdf3cc60e76241a6ae72b1df01c5424c5 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 13 Dec 2018 15:28:34 +0000 -Subject: [PATCH 2/7] Any transient procedures that call .force* operators - -(i.e. for conditionals or loops) make them executeonly. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_diskn.ps | 2 +- - Resource/Init/gs_dps1.ps | 4 ++-- - Resource/Init/gs_fntem.ps | 4 ++-- - Resource/Init/gs_fonts.ps | 12 ++++++------ - Resource/Init/gs_init.ps | 4 ++-- - Resource/Init/gs_lev2.ps | 11 ++++++----- - Resource/Init/gs_pdfwr.ps | 2 +- - Resource/Init/gs_res.ps | 4 ++-- - Resource/Init/gs_setpd.ps | 2 +- - Resource/Init/pdf_base.ps | 13 ++++++++----- - Resource/Init/pdf_draw.ps | 16 +++++++++------- - Resource/Init/pdf_font.ps | 6 +++--- - Resource/Init/pdf_main.ps | 4 ++-- - Resource/Init/pdf_ops.ps | 7 ++++--- - 14 files changed, 49 insertions(+), 42 deletions(-) - -diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps -index fd694bc..8bf2054 100644 ---- a/Resource/Init/gs_diskn.ps -+++ b/Resource/Init/gs_diskn.ps -@@ -51,7 +51,7 @@ systemdict begin - mark 5 1 roll ] mark exch { { } forall } forall ] - //systemdict /.searchabledevs 2 index .forceput - exch .setglobal -- } -+ } executeonly - if - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index ec5db61..4fae283 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -78,7 +78,7 @@ level2dict begin - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -- { 1 index .forceundef } % LocalFontDirectory is readonly -+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly - if - } - { % Current mode is local; if there was a shadowed global -@@ -126,7 +126,7 @@ level2dict begin - } - ifelse - } forall -- pop counttomark 2 idiv { .forceundef } repeat pop % readonly -+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly - } - if - //SharedFontDirectory exch .forcecopynew pop -diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps -index c1f7651..6eb672a 100644 ---- a/Resource/Init/gs_fntem.ps -+++ b/Resource/Init/gs_fntem.ps -@@ -401,12 +401,12 @@ currentdict end def - .forceput % FontInfo can be read-only. - pop % bool <font> - exit -- } if -+ } executeonly if - dup /FontInfo get % bool <font> <FI> - /GlyphNames2Unicode /Unicode /Decoding findresource - .forceput % FontInfo can be read-only. - exit -- } loop -+ } executeonly loop - exch setglobal - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 803faca..290da0c 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /.setnativefontmapbuilt { % set whether we've been run - dup type /booleantype eq { - systemdict exch /.nativefontmapbuilt exch .forceput -- } -+ } executeonly - {pop} - ifelse - } .bind executeonly odef -@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put - { 2 index gcheck currentglobal - 2 copy eq { - pop pop .forceput -- } { -+ } executeonly { - 5 1 roll setglobal - dup length string copy - .forceput setglobal -- } ifelse -+ } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - - % Attempt to load a font from a file. -@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put - .FontDirectory 3 index .forceundef % readonly - 1 index (r) file .loadfont .FontDirectory exch - /.setglobal .systemvar exec -- } -+ } executeonly - { .loadfont .FontDirectory - } - ifelse -@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put - dup 3 index .fontknownget - { dup /PathLoad 4 index .putgstringcopy - 4 1 roll pop pop pop //true exit -- } if -+ } executeonly if - - % Maybe the file had a different FontName. - % See if we can get a FontName from the file, and if so, -@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put - ifelse % Stack: origfontname fontdict - exch pop //true exit - % Stack: fontdict -- } -+ } executeonly - if pop % Stack: origfontname fontdirectory path - } - if pop pop % Stack: origfontname -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index d733124..56c0bd2 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if - % Update the copy of the user parameters. - mark .currentuserparams counttomark 2 idiv { - userparams 3 1 roll .forceput % userparams is read-only -- } repeat pop -+ } executeonly repeat pop - % Turn on idiom recognition, if available. - currentuserparams /IdiomRecognition known { - /IdiomRecognition //true .definepsuserparam -@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if - % Remove real system params from pssystemparams. - mark .currentsystemparams counttomark 2 idiv { - pop pssystemparams exch .forceundef -- } repeat pop -+ } executeonly repeat pop - } if - - % Set up AlignToPixels : -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 44fe619..0f0d573 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -154,7 +154,8 @@ end - % protect top level of parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - /userparams .systemvar 3 1 roll .forceput % userparams is read-only -- } { -+ } executeonly -+ { - pop pop - } ifelse - } forall -@@ -224,7 +225,7 @@ end - % protect top level parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - //pssystemparams 3 1 roll .forceput % pssystemparams is read-only -- } -+ } executeonly - { pop pop - } - ifelse -@@ -934,7 +935,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - exec - }.bind odef - -@@ -958,7 +959,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not - %% [CTM] <<Form>> PaintProc .beginform - - { -@@ -1005,7 +1006,7 @@ mark - %% Form dictioanry using the /Implementation key). - 1 dict dup /FormID 4 -1 roll put - 1 index exch /Implementation exch .forceput readonly pop -- } -+ } executeonly - ifelse - } - { -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps -index 58e75d3..b425103 100644 ---- a/Resource/Init/gs_pdfwr.ps -+++ b/Resource/Init/gs_pdfwr.ps -@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef - } ifelse - } bind .makeoperator .forceput - systemdict /.pdf_hooked_DSC_Creator //true .forceput -- } if -+ } executeonly if - pop - } if - } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 8eb8bb0..d9b3459 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -152,7 +152,7 @@ setglobal - % use .forceput / .forcedef later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly -- } { -+ }{ - /defineresource cvx /typecheck signaloperror - } ifelse - } bind executeonly odef -@@ -424,7 +424,7 @@ status { - % As noted above, Category dictionaries are read-only, - % so we have to use .forcedef here. - /.Instances 1 index .forcedef % Category dict is read-only -- } if -+ } executeonly if - } - { .LocalInstances dup //.emptydict eq - { pop 3 dict localinstancedict Category 2 index put -diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps -index e22597e..7875d1f 100644 ---- a/Resource/Init/gs_setpd.ps -+++ b/Resource/Init/gs_setpd.ps -@@ -634,7 +634,7 @@ NOMEDIAATTRS { - SETPDDEBUG { (Rolling back.) = pstack flush } if - 3 index 2 index 3 -1 roll .forceput - 4 index 1 index .knownget -- { 4 index 3 1 roll .forceput } -+ { 4 index 3 1 roll .forceput } executeonly - { 3 index exch .undef } - ifelse - } bind executeonly odef -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps -index b45e980..7312729 100644 ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef - - /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ? - PDFDEBUG { -- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if -+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if - PDFSTEP { - pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput - PDFSTEPcount 1 gt { - pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput -- } { -+ } executeonly -+ { - dup ==only - ( step # ) print PDFtokencount =only - ( ? ) print flush 1 //false .outputpage - (%stdin) (r) file 255 string readline { - token { - exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput -- } { -+ } executeonly -+ { - pdfdict /PDFSTEPcount 1 .forceput -- } ifelse % token -+ } executeonly ifelse % token - } { - pop /PDFSTEP //false def % EOF on stdin - } ifelse % readline - } ifelse % PDFSTEPcount > 1 -- } { -+ } executeonly -+ { - dup ==only () = flush - } ifelse % PDFSTEP - } if % PDFDEBUG -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps -index 6b0ba93..40c6ac8 100644 ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -1118,14 +1118,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - end - } ifelse - } loop -@@ -1141,14 +1141,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - pop - -@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef - /IncrementAppearanceNumber { - pdfdict /AppearanceNumber .knownget { - 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput -- }{ -+ } executeonly -+ { - pdfdict /AppearanceNumber 0 .forceput -- } ifelse -+ } executeonly ifelse - }bind executeonly odef - - /MakeAppearanceName { -@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef - %% want to preserve it. - pdfdict /.PreservePDFForm false .forceput - /q cvx /execform cvx 5 -2 roll -- }{ -+ } executeonly -+ { - /q cvx /PDFexecform cvx 5 -2 roll - } ifelse - -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps -index bea9ea9..4cd62b9 100644 ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -714,7 +714,7 @@ currentdict end readonly def - pop pop pop - currentdict /.stackdepth .forceundef - currentdict /.dstackdepth .forceundef -- } -+ } executeonly - {pop pop pop} - ifelse - -@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef - (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - pdfformatwarning - pdfdict /.Qqwarning_issued //true .forceput -- } if -+ } executeonly if - Q - } repeat - Q -@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef - /CIDFallBack /CIDFont findresource - } if - exit -- } if -+ } executeonly if - } if - } if - -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps -index 00da47a..37e69b3 100644 ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } if - pop -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps -index 8672d61..aa09641 100644 ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } bind executeonly odef - -@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -- } { -+ } executeonly -+ { - .setSMask - }ifelse - }{ --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch deleted file mode 100644 index 02b1dc962..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 60b77b8bf8b6e4d30519c47724631012b530cf0e Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 15 Dec 2018 09:08:32 +0000 -Subject: [PATCH 3/7] Bug700317: Fix logic for an older change - -Unlike almost every other function in gs, dict_find_string() returns 1 on -success 0 or <0 on failure. The logic for this case was wrong. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - psi/interp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/psi/interp.c b/psi/interp.c -index aa5779c..f6c45bb 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -703,7 +703,7 @@ again: - * i.e. it's an internal operator we have hidden - */ - code = dict_find_string(systemdict, (const char *)bufptr, &tobj); -- if (code < 0) { -+ if (code <= 0) { - buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; - rlen += 4; - bufptr = buf; --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch deleted file mode 100644 index cc15453f0..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch +++ /dev/null @@ -1,136 +0,0 @@ -From d739565534e955c4336731e4ea4eebc895c09c5c Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 18 Dec 2018 10:42:10 +0000 -Subject: [PATCH 4/7] Harden some uses of .force* operators - -by adding a few immediate evalutions - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 4 ++-- - Resource/Init/gs_fonts.ps | 20 ++++++++++---------- - Resource/Init/gs_init.ps | 6 +++--- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 4fae283..b75ea14 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -74,7 +74,7 @@ level2dict begin - } odef - % undefinefont has to take local/global VM into account. - /undefinefont % <fontname> undefinefont - -- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly -+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -@@ -85,7 +85,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 290da0c..c13a2fc 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put - if - } - if -- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -943,7 +943,7 @@ $error /SubstituteFont { } put - % Try to find a font using only the present contents of Fontmap. - /.tryfindfont { % <fontname> .tryfindfont <font> true - % <fontname> .tryfindfont false -- .FontDirectory 1 index .fontknownget -+ //.FontDirectory 1 index .fontknownget - { % Already loaded - exch pop //true - } -@@ -975,7 +975,7 @@ $error /SubstituteFont { } put - { % Font with a procedural definition - exec % The procedure will load the font. - % Check to make sure this really happened. -- .FontDirectory 1 index .knownget -+ //.FontDirectory 1 index .knownget - { exch pop //true exit } - if - } -@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put - % because it's different depending on language level. - .currentglobal exch /.setglobal .systemvar exec - % Remove the fake definition, if any. -- .FontDirectory 3 index .forceundef % readonly -- 1 index (r) file .loadfont .FontDirectory exch -+ //.FontDirectory 3 index .forceundef % readonly -+ 1 index (r) file .loadfont //.FontDirectory exch - /.setglobal .systemvar exec - } executeonly -- { .loadfont .FontDirectory -+ { .loadfont //.FontDirectory - } - ifelse - % Stack: fontname fontfilename fontdirectory -@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put - % Stack: origfontname fontdirectory filefontname fontdict - 3 -1 roll pop - % Stack: origfontname filefontname fontdict -- dup /FontName get dup FontDirectory exch .forceundef -- GlobalFontDirectory exch .forceundef -+ dup /FontName get dup //.FontDirectory exch .forceundef -+ /GlobalFontDirectory .systemvar exch .forceundef - dup length dict .copydict dup 3 index /FontName exch put - 2 index exch definefont - exch -@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef - { - { - pop dup type /stringtype eq { cvn } if -- .FontDirectory 1 index known not { -+ //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - } { - pop - } ifelse -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 56c0bd2..d9a0829 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef - }ifelse - }forall - noaccess pop -- systemdict /.setsafeerrors .forceundef -- systemdict /.SAFERERRORLIST .forceundef -+ //systemdict /.setsafeerrors .forceundef -+ //systemdict /.SAFERERRORLIST .forceundef - } bind executeonly odef - - SAFERERRORS {.setsafererrors} if -@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef - - /.locksafe { - .locksafe_userparams -- systemdict /getenv {pop //false} .forceput -+ //systemdict /getenv {pop //false} .forceput - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch deleted file mode 100644 index db70bba21..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001 -From: Nancy Durgin <nancy.durgin@artifex.com> -Date: Tue, 27 Nov 2018 12:36:14 -0800 -Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++-------------- - Resource/Init/gs_resmp.ps | 4 +-- - 2 files changed, 49 insertions(+), 27 deletions(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index d9b3459..18d5452 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -197,7 +197,7 @@ setglobal - /.findresource { % <key> <category> findresource <instance> - 2 copy dup /Category eq - { pop //Category 0 get begin } { .findcategory } ifelse -- /FindResource .resourceexec exch pop exch pop -+ /FindResource //.resourceexec exec exch pop exch pop - } bind - end % .Instances of Category - def -@@ -223,7 +223,7 @@ def - not { /defineresource cvx /typecheck signaloperror } if - } if - } if -- /DefineResource .resourceexec -+ /DefineResource //.resourceexec exec - 4 1 roll pop pop pop - } .errorexec - } bind executeonly odef -@@ -252,7 +252,7 @@ def - % without the check. - /resourcestatus cvx /typecheck signalerror - } if -- 2 copy .findcategory /ResourceStatus .resourceexec -+ 2 copy .findcategory /ResourceStatus //.resourceexec exec - { 4 2 roll pop pop //true } { pop pop //false } ifelse - } stopped { - % Although resourcestatus is an operator, Adobe uses executable name -@@ -266,7 +266,7 @@ def - } if - 1 .argindex 1 index % catch stackunderflow - -- { .findcategory /UndefineResource .resourceexec pop pop -+ { .findcategory /UndefineResource //.resourceexec exec pop pop - } stopped { - % Although undefineresource is an operator, Adobe uses executable name - % here but uses operator for the errors above. CET 23-33 -@@ -315,10 +315,10 @@ currentdict /pssystemparams known not { - /pssystemparams 10 dict readonly def - } if - pssystemparams begin -- .default_resource_dir -- /FontResourceDir (Font) .resource_dir_name -+ //.default_resource_dir exec -+ /FontResourceDir (Font) //.resource_dir_name exec - readonly .forcedef % pssys'params is r-o -- /GenericResourceDir () .resource_dir_name -+ /GenericResourceDir () //.resource_dir_name exec - readonly .forcedef % pssys'params is r-o - pop % .default_resource_dir - /GenericResourcePathSep -@@ -387,13 +387,13 @@ status { - } bind def - /.localresourceforall { % <key> <value> <args> .localr'forall - - exch pop -- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse -+ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse - } bind def - /.globalresourceforall { % <key> <value> <args> .globalr'forall - - exch pop - 2 copy 0 get .stringmatch { - dup 3 get begin .LocalInstances end 2 index known not { -- .enumerateresource -+ //.enumerateresource exec - } { - pop pop - } ifelse -@@ -408,7 +408,7 @@ status { - 3 index known { - pop pop pop - } { -- 2 index known { pop pop } { .enumerateresource } ifelse -+ 2 index known { pop pop } { //.enumerateresource exec } ifelse - } ifelse - } bind def - -@@ -468,19 +468,19 @@ status { - % .knownget doesn't fail on null - /findresource cvx /typecheck signaloperror - } if -- dup .getvminstance { -+ dup //.getvminstance exec { - exch pop 0 get - } { - dup ResourceStatus { - pop 1 gt { -- .DoLoadResource .getvminstance not { -- /findresource cvx .undefinedresource -+ .DoLoadResource //.getvminstance exec not { -+ /findresource cvx //.undefinedresource exec - } if 0 get - } { - .GetInstance pop 0 get - } ifelse - } { -- /findresource cvx .undefinedresource -+ /findresource cvx //.undefinedresource exec - } ifelse - } ifelse - } bind executeonly -@@ -621,7 +621,7 @@ status { - .currentglobal not .setglobal - vmstatus pop exch pop add - } repeat --} bind def -+} bind executeonly odef - /.DoLoadResource { - % .LoadResource may push entries on the operand stack. - % It is an undocumented feature of Adobe implementations, -@@ -633,8 +633,8 @@ status { - {.LoadResource} 4 1 roll 4 .execn - % Stack: ... count key memused - .vmused exch sub -- 1 index .getvminstance not { -- pop dup .undefinedresource % didn't load -+ 1 index //.getvminstance exec not { -+ pop dup //.undefinedresource exec % didn't load - } if - dup 1 1 put - 2 3 -1 roll put -@@ -648,7 +648,7 @@ status { - { //true setglobal { .runresource } stopped //false setglobal { stop } if } - ifelse - } -- { dup .undefinedresource -+ { dup //.undefinedresource exec - } - ifelse - } bind -@@ -758,7 +758,7 @@ counttomark 2 idiv - /FindResource - { .Instances 1 index .knownget - { exch pop } -- { /findresource cvx .undefinedresource } -+ { /findresource cvx //.undefinedresource exec } - ifelse - } bind executeonly - /ResourceStatus -@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put - 2 copy /Generic /Category findresource /DefineResource get exec - exch pop - exch //.defaultcsnames exch .knownget { -- 1 index .definedefaultcs -+ 1 index //.definedefaultcs exec - currentglobal not { .userdict /.localcsdefaults //true put } if - } if - } bind executeonly -@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put - //.defaultcsnames 1 index .knownget { - % Stack: resname index - currentglobal { -- .undefinedefaultcs pop -+ //.undefinedefaultcs exec pop - } { - % We removed the local definition, but there might be a global one. - exch .GetInstance { -- 0 get .definedefaultcs -+ 0 get //.definedefaultcs exec - } { -- .undefinedefaultcs -+ //.undefinedefaultcs exec - } ifelse - % Recompute .localcsdefaults by scanning. This is rarely needed. - .userdict /.localcsdefaults //false //.defaultcsnames { -@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef - /Generic /Category findresource /UndefineResource get exec - } bind executeonly - /FindResource { -- dup .getvminstance { -+ dup //.getvminstance exec { - exch pop 0 get - } { - dup ResourceStatus { -@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef - % stack: name font vmused - % findfont has the prerogative of not calling definefont - % in certain obscure cases of font substitution. -- 2 index .getvminstance { -+ 2 index //.getvminstance exec { - dup 1 1 put - 2 3 -1 roll put - } { -@@ -1159,3 +1159,25 @@ end % level2dict - - %% Replace 1 (gs_resmp.ps) - (gs_resmp.ps) dup runlibfile VMDEBUG -+ -+[ -+ /.default_resource_dir -+ /.resource_dir_name -+] -+{systemdict exch .forceundef} forall -+ -+[ -+ /.definedefaultcs -+ /.undefinedefaultcs -+ /.defaultcsnames -+ /.enumerateresource -+ /.externalresourceforall -+ /.getvminstance -+ /.globalresourceforall -+ /.localresourceforall -+ /resourceforall1 -+ /.resourceexec -+ /.undefinedresource -+ /.vmused -+] -+{level2dict exch .forceundef} forall -diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps -index 9bb4263..cb948d1 100644 ---- a/Resource/Init/gs_resmp.ps -+++ b/Resource/Init/gs_resmp.ps -@@ -230,7 +230,7 @@ currentpacking //false setpacking - } { - dup dup .map exch .knownget { % /Name /Name <<record>> - dup dup /RecordVirtualMethods get /IsActive get exec { -- 1 index .getvminstance { % /Name /Name <<record>> holder -+ 1 index //.getvminstance exec { % /Name /Name <<record>> holder - 1 get 1 eq - } { - //true -@@ -242,7 +242,7 @@ currentpacking //false setpacking - DefineResource exec % size bStatusIs1 /Name Instance - % Make ResourceStatus to return correct values for this instance : - % Hack: we replace status values in the instance holder : -- exch .getvminstance pop % size bStatusIs1 Instance holder -+ exch //.getvminstance exec pop % size bStatusIs1 Instance holder - dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder - 3 2 roll { % Instance holder - 1 1 put % Instance --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch deleted file mode 100644 index 79e640b18..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch +++ /dev/null @@ -1,596 +0,0 @@ -From 97f9052ce49e6844b06a49ff9e4b8fc1eaf6bd10 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 9 Jan 2019 14:24:07 +0000 -Subject: [PATCH 6/7] Undefine a bunch of gs_fonts.ps specific procs - -Also reorder and add some immediate evaluation, so it still works with the -undefining. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 3 +- - Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++----------------- - Resource/Init/gs_res.ps | 7 +- - 3 files changed, 157 insertions(+), 128 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index b75ea14..8700c8c 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -67,7 +67,8 @@ level2dict begin - - /selectfont % <fontname> <size> selectfont - - { -- { 1 .argindex findfont -+ { -+ 1 .argindex findfont - 1 index dup type /arraytype eq { makefont } { scalefont } ifelse - setfont pop pop - } stopped { /selectfont .systemvar $error /errorname get signalerror } if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index c13a2fc..0562235 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put - { 2 index token not - { (Fontmap entry for ) print 1 index =only - ( ends prematurely! Giving up.) = flush -- {.loadFontmap} 0 get 1 .quit -+ {//.loadFontmap exec} 0 get 1 .quit - } if - dup /; eq { pop 3 index 3 1 roll .growput exit } if - pop -@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if - { pop } - { /FONTPATH (GS_FONTPATH) getenv not { () } if def } - ifelse -+ -+% The following are dummy definitions that, if we have a FONTPATH, will -+% be replaced in the following section. -+% They are here so immediately evaulation will work, and allow them to -+% undefined at the bottom of the file. -+/.scanfontbegin{} bind def -+/.scanfontdir {} bind def -+ - FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /FONTPATH [ FONTPATH .pathlist ] def - -@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /.scanfontbegin - { % Construct the table of all file names already in Fontmap. - currentglobal //true setglobal -- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength -+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength - Fontmap - { exch pop - { dup type /stringtype eq -- { .splitfilename pop .fonttempstring copy .lowerstring cvn -- .scanfontdict exch //true put -+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn -+ //.scanfontdict exch //true put - } - { pop - } -@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /txt //true - .dicttomark def - /.scan1fontstring 8192 string def --% %%BeginFont: is not per Adobe documentation, but a few fonts have it. -+% BeginFont: is not per Adobe documentation, but a few fonts have it. - /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def --0 .scanfontheaders { length .max } forall 6 add % extra for PFB header -+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header - /.scan1fontfirst exch string def - /.scanfontdir % <dirname> .scanfontdir - - { currentglobal exch //true setglobal -@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - 0 0 0 4 -1 roll % found scanned files - { % stack: <fontcount> <scancount> <filecount> <filename> - exch 1 add exch % increment filecount -- dup .splitfilename .fonttempstring copy .lowerstring -+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec - % stack: <fontcount> <scancount> <filecount+1> <filename> - % <BASE> <ext> -- .scanfontskip exch known exch .scanfontdict exch known or -+ //.scanfontskip exch known exch //.scanfontdict exch known or - { pop - % stack: <fontcount> <scancount> <filecount+1> - } -@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - % On some platforms, the file operator will open directories, - % but an error will occur if we try to read from one. - % Handle this possibility here. -- dup .scan1fontfirst { readstring } .internalstopped -+ dup //.scan1fontfirst { readstring } .internalstopped - { pop pop () } - { pop } - ifelse -@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - { dup length 6 sub 6 exch getinterval } - if - % Check for font file headers. -- //false .scanfontheaders -+ //false //.scanfontheaders - { 2 index exch .stringmatch or - } - forall exch pop -@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - { exch copystring exch - DEBUG { ( ) print dup =only flush } if - 1 index .definenativefontmap -- .splitfilename pop //true .scanfontdict 3 1 roll .growput -+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput - % Increment fontcount. - 3 -1 roll 1 add 3 1 roll - } -@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - } - ifelse - } -- .scan1fontstring filenameforall -+ //.scan1fontstring filenameforall - QUIET - { pop pop pop } - { ( ) print =only ( files, ) print =only ( scanned, ) print -@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt - //true .setnativefontmapbuilt - } ifelse - } bind def --currentdict /.setnativefontmapbuilt .forceundef - - % Create the dictionary that registers the .buildfont procedure - % (called by definefont) for each FontType. -@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put - % We use this only for explicitly aliased fonts, not substituted fonts: - % we think this matches the observed behavior of Adobe interpreters. - /.aliasfont % <name> <font> .aliasfont <newFont> -- { .currentglobal 3 1 roll dup .gcheck .setglobal -+ { -+ currentglobal 3 1 roll dup gcheck setglobal - % <bool> <name> <font> - dup length 2 add dict % <bool> <name> <font> <dict> - dup 3 -1 roll % <bool> <name> <dict> <dict> <font> -@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put - % whose FontName is a local non-string, if someone passed a - % garbage value to findfont. In this case, just don't - % call definefont at all. -- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or -+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or - { pop % <bool> <name> <dict> - 1 index dup type /stringtype eq { cvn } if - % <bool> <name> <dict> <name1> -@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put - % Don't bind in definefont, since Level 2 redefines it. - /definefont .systemvar exec - } -- { /findfont cvx {.completefont} .errorexec pop exch pop -+ { -+ /findfont cvx {.completefont} //.errorexec exec pop exch pop - } - ifelse -- exch .setglobal -+ exch setglobal - } odef % so findfont will bind it - - % Define .loadfontfile for loading a font. If we recognize Type 1 and/or -@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put - [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4] - [(Serif) 8] [(Sans) -8] - ] readonly def -+ -+/.fontnamestring { % <fontname> .fontnamestring <string|name> -+ dup type dup /nametype eq { -+ pop .namestring -+ } { -+ /stringtype ne { pop () } if -+ } ifelse -+} bind def -+ - /.fontnameproperties { % <int> <string|name> .fontnameproperties - % <int'> -- .fontnamestring -- .substituteproperties { -+ //.fontnamestring exec -+ //.substituteproperties { - 2 copy 0 get search { - pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch { - dup 0 ge { or } { neg not and } ifelse -@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put - % <other> .nametostring <other> - dup type /nametype eq { .namestring } if - } bind def --/.fontnamestring { % <fontname> .fontnamestring <string|name> -- dup type dup /nametype eq { -- pop .namestring -- } { -- /stringtype ne { pop () } if -- } ifelse --} bind def -+ - /.substitutefontname { % <fontname> <properties> .substitutefontname - % <altname|null> - % Look for properties and/or a face name in the font name. -@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put - % base font; otherwise, use the default font. - % Note that the "substituted" font name may be the same as - % the requested one; the caller must check this. -- exch .fontnamestring { -+ exch //.fontnamestring exec { - defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique - /Helvetica-Narrow /Helvetica-Narrow-Oblique - /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique -@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put - } 3 1 roll - % Stack: facelist properties fontname - % Look for a face name. -- .substitutefaces { -+ //.substitutefaces { - 2 copy 0 get search { - pop pop pop - % Stack: facelist properties fontname [(pattern) family properties] - dup 2 get 4 -1 roll or 3 1 roll -- 1 get .substitutefamilies exch get -+ 1 get //.substitutefamilies exch get - 4 -1 roll pop 3 1 roll - } { - pop pop -@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put - 1 index length mod get exec - } bind def - /.substitutefont { % <fontname> .substitutefont <altname> -- dup 0 exch .fontnameproperties .substitutefontname -+ dup 0 exch //.fontnameproperties exec .substitutefontname - % Only accept fonts known in the Fontmap. - Fontmap 1 index known not - { -@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if - counttomark 1 sub { .aliasfont } repeat end - % <fontname> mark <font> - exch pop exch pop --} odef -+} bind odef - /findfont { - .findfont - } bind def -@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if - } { - dup .substitutefont - 2 copy eq { pop defaultfontname } if -- .checkalias -+ //.checkalias exec - QUIET not { - SHORTERRORS { - (%%[) print 1 index =only -@@ -886,8 +898,8 @@ $error /SubstituteFont { } put - //null 0 1 FONTPATH length 1 sub { - FONTPATH 1 index get //null ne { exch pop exit } if pop - } for dup //null ne { -- dup 0 eq { .scanfontbegin } if -- FONTPATH 1 index get .scanfontdir -+ dup 0 eq { //.scanfontbegin exec} if -+ FONTPATH 1 index get //.scanfontdir exec - FONTPATH exch //null put //true - } { - pop //false -@@ -897,11 +909,10 @@ $error /SubstituteFont { } put - % scanning of FONTPATH. - /.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font> - .tryfindfont not { -- - % We didn't find the font. If we haven't scanned - % all the directories in FONTPATH, scan the next one - % now and look for the font again. -- .scannextfontdir { -+ //.scannextfontdir exec { - % Start over with an empty alias list. - counttomark 1 sub { pop } repeat % mark <fontname> - .dofindfont -@@ -927,6 +938,7 @@ $error /SubstituteFont { } put - } if - % Substitute for the font. Don't alias. - % Same stack as at the beginning of .dofindfont. -+ - $error /SubstituteFont get exec - % - % igorm: I guess the surrounding code assumes that .stdsubstfont -@@ -935,72 +947,11 @@ $error /SubstituteFont { } put - % used in .dofindfont and through .stdsubstfont - % just to represent a simple iteration, - % which accumulates the aliases after the mark. -- .stdsubstfont -+ //.stdsubstfont exec - } ifelse - } ifelse - } if - } bind def --% Try to find a font using only the present contents of Fontmap. --/.tryfindfont { % <fontname> .tryfindfont <font> true -- % <fontname> .tryfindfont false -- //.FontDirectory 1 index .fontknownget -- { % Already loaded -- exch pop //true -- } -- { -- dup Fontmap exch .knownget -- { //true //true } -- { % Unknown font name. Look for a file with the -- % same name as the requested font. -- dup .tryloadfont -- { exch pop //true //false } -- { -- % if we can't load by name check the native font map -- dup .nativeFontmap exch .knownget -- { //true //true } -- { //false //false } ifelse -- } ifelse -- } ifelse -- -- { % Try each element of the Fontmap in turn. -- pop -- //false exch % (in case we exhaust the list) -- % Stack: fontname false fontmaplist -- { exch pop -- dup type /nametype eq -- { % Font alias -- .checkalias .tryfindfont exit -- } -- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -- { % Font with a procedural definition -- exec % The procedure will load the font. -- % Check to make sure this really happened. -- //.FontDirectory 1 index .knownget -- { exch pop //true exit } -- if -- } -- { % Font file name -- //true .loadfontloop { //true exit } if -- } -- ifelse -- } -- ifelse //false -- } -- forall -- % Stack: font true -or- fontname false -- { //true -- } -- { % None of the Fontmap entries worked. -- % Try loading a file with the same name -- % as the requested font. -- .tryloadfont -- } -- ifelse -- } -- if -- } -- ifelse -- } bind def - - % any user of .putgstringcopy must use bind and executeonly - /.putgstringcopy % <dict> <name> <string> .putgstringcopy - -@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put - } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - --% Attempt to load a font from a file. --/.tryloadfont { % <fontname> .tryloadfont <font> true -- % <fontname> .tryloadfont false -- dup .nametostring -- % Hack: check for the presence of the resource machinery. -- /.genericrfn where { -- pop -- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -- {//false .loadfontloop} .internalstopped {//false} if { -- //true -- } { -- dup .nametostring -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse -- } { -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse --} bind def -- - /.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop - % <font> true - % -or- -@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put - } if - - % Check to make sure the font was actually loaded. -- dup 3 index .fontknownget -+ dup 3 index //.fontknownget exec - { dup /PathLoad 4 index .putgstringcopy - 4 1 roll pop pop pop //true exit - } executeonly if -@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put - exch dup % Stack: origfontname fontdirectory path path - (r) file .findfontname - { % Stack: origfontname fontdirectory path filefontname -- 2 index 1 index .fontknownget -+ 2 index 1 index //.fontknownget exec - { % Yes. Stack: origfontname fontdirectory path filefontname fontdict - dup 4 -1 roll /PathLoad exch .putgstringcopy - % Stack: origfontname fontdirectory filefontname fontdict -@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put - % Stack: fontdict - } executeonly - if pop % Stack: origfontname fontdirectory path -- } -+ } executeonly - if pop pop % Stack: origfontname - - % The font definitely did not load correctly. -@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put - - } bind executeonly odef % must be bound and hidden for .putgstringcopy - --currentdict /.putgstringcopy .undef -+% Attempt to load a font from a file. -+/.tryloadfont { % <fontname> .tryloadfont <font> true -+ % <fontname> .tryloadfont false -+ dup //.nametostring exec -+ % Hack: check for the presence of the resource machinery. -+ /.genericrfn where { -+ pop -+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn -+ {//false .loadfontloop} .internalstopped {//false} if { -+ //true -+ } { -+ dup //.nametostring exec -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+ } { -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+} bind def -+ -+% Try to find a font using only the present contents of Fontmap. -+/.tryfindfont { % <fontname> .tryfindfont <font> true -+ % <fontname> .tryfindfont false -+ //.FontDirectory 1 index //.fontknownget exec -+ { % Already loaded -+ exch pop //true -+ } -+ { -+ dup Fontmap exch .knownget -+ { //true //true } -+ { % Unknown font name. Look for a file with the -+ % same name as the requested font. -+ dup //.tryloadfont exec -+ { exch pop //true //false } -+ { -+ % if we can't load by name check the native font map -+ dup .nativeFontmap exch .knownget -+ { //true //true } -+ { //false //false } ifelse -+ } ifelse -+ } ifelse -+ -+ { % Try each element of the Fontmap in turn. -+ pop -+ //false exch % (in case we exhaust the list) -+ % Stack: fontname false fontmaplist -+ { exch pop -+ dup type /nametype eq -+ { % Font alias -+ //.checkalias exec -+ .tryfindfont exit -+ } -+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -+ { % Font with a procedural definition -+ exec % The procedure will load the font. -+ % Check to make sure this really happened. -+ //.FontDirectory 1 index .knownget -+ { exch pop //true exit } -+ if -+ } -+ { % Font file name -+ //true .loadfontloop { //true exit } if -+ } -+ ifelse -+ } -+ ifelse //false -+ } -+ forall -+ % Stack: font true -or- fontname false -+ { //true -+ } -+ { % None of the Fontmap entries worked. -+ % Try loading a file with the same name -+ % as the requested font. -+ //.tryloadfont exec -+ } -+ ifelse -+ } -+ if -+ } -+ ifelse -+ } bind def - - % Define a procedure to load all known fonts. - % This isn't likely to be very useful. -@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - /.loadinitialfonts - { NOFONTMAP not - { /FONTMAP where -- { pop [ FONTMAP .pathlist ] -+ { pop [ FONTMAP //.pathlist exec] - { dup VMDEBUG findlibfile -- { exch pop .loadFontmap } -+ { exch pop //.loadFontmap exec } - { /undefinedfilename signalerror } - ifelse - } -@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - pop pop - defaultfontmap_content { .definefontmap } forall - } { -- .loadFontmap -+ //.loadFontmap exec - } ifelse - } { - pop pop -@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - { .makemodifiedfont - dup /FontName get exch definefont pop - } bind def -+ -+% Undef these, not needed outside this file -+[ -+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there -+ % /.fontnameproperties - is used in pdf_font.ps -+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps -+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring -+ /.splitfilename /.scanfontdict /.scanfontbegin -+ /.scanfontskip /.scan1fontstring -+ /.scan1fontfirst /.scanfontdir -+ /.setnativefontmapbuilt /.aliasfont -+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies -+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont -+ /.putgstringcopy -+] {systemdict exch .forceundef} forall -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 18d5452..b016113 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put - dup type /nametype eq { .namestring } if - dup type /stringtype ne { //false exit } if - % Check the resource directory. -- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn - status { - pop pop pop pop //true exit - } if -@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put - % as the font. - findlibfile { closefile //true exit } if - % Scan a FONTPATH directory and try again. -- .scannextfontdir not { //false exit } if -+ //.scannextfontdir exec not { //false exit } if - } loop - } bind def - -@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef - } ifelse - } bind executeonly - /ResourceForAll { -- { .scannextfontdir not { exit } if } loop -+ { //.scannextfontdir exec not { exit } if } loop - /Generic /Category findresource /ResourceForAll get exec - } bind executeonly - /.ResourceFileStatus { -@@ -1163,6 +1163,7 @@ end % level2dict - [ - /.default_resource_dir - /.resource_dir_name -+ /.fonttempstring /.scannextfontdir % from gs_fonts.ps - ] - {systemdict exch .forceundef} forall - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch deleted file mode 100644 index 5c1f83959..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch +++ /dev/null @@ -1,346 +0,0 @@ -From 5c49efe24dda0f2dbd2a09b9159e683cce99b6d8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 11 Jan 2019 13:36:36 +0000 -Subject: [PATCH 7/7] Remove .forcedef, and harden .force* ops more - -Remove .forcedef and replace all uses with a direct call to .forceput instead. - -Ensure every procedure (named and trasient) that calls .forceput is -executeonly. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 15 +++++++----- - Resource/Init/gs_init.ps | 28 ++++++++------------- - Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++-------------------- - Resource/Init/gs_ll3.ps | 5 ++-- - Resource/Init/gs_res.ps | 29 +++++++++++----------- - Resource/Init/gs_statd.ps | 4 +-- - 6 files changed, 63 insertions(+), 69 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 8700c8c..3d2cf7a 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -33,14 +33,17 @@ systemdict begin - - /SharedFontDirectory .FontDirectory .gcheck - { .currentglobal //false .setglobal -+ currentdict - /LocalFontDirectory .FontDirectory dup maxlength dict copy -- .forcedef % LocalFontDirectory is local, systemdict is global -+ .forceput % LocalFontDirectory is local, systemdict is global - .setglobal .FontDirectory -- } -- { /LocalFontDirectory .FontDirectory -- .forcedef % LocalFontDirectory is local, systemdict is global -+ } executeonly -+ { -+ currentdict -+ /LocalFontDirectory .FontDirectory -+ .forceput % LocalFontDirectory is local, systemdict is global - 50 dict -- } -+ }executeonly - ifelse def - - end % systemdict -@@ -55,7 +58,7 @@ level2dict begin - { //SharedFontDirectory } - { /LocalFontDirectory .systemvar } % can't embed ref to local VM - ifelse .forceput pop % LocalFontDirectory is local, systemdict is global -- } .bind odef -+ } .bind executeonly odef - % Don't just copy (load) the definition of .setglobal: - % it gets redefined for LL3. - /setshared { /.setglobal .systemvar exec } odef -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index d9a0829..45bebf4 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -54,7 +54,7 @@ systemdict exch - dup /userdict - currentdict dup 200 .setmaxlength % userdict - .forceput % userdict is local, systemdict is global -- } -+ } executeonly - if begin - - % Define dummy local/global operators if needed. -@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if - 1 index exch .makeoperator def - } .bind def - --% Define a special version of def for storing local objects into global --% dictionaries. Like .forceput, this exists only during initialization. --/.forcedef { % <key> <value> .forcedef - -- 1 .argindex pop % check # of args -- currentdict 3 1 roll .forceput --} .bind odef -- - % Define procedures for accessing variables in systemdict and userdict - % regardless of the contents of the dictionary stack. - /.systemvar { % <name> .systemvar <value> -@@ -347,7 +340,7 @@ DELAYBIND - } - ifelse - } .bind def --} if -+} executeonly if - - %**************** BACKWARD COMPATIBILITY **************** - /hwsizedict mark /HWSize //null .dicttomark readonly def -@@ -655,7 +648,7 @@ currentdict /.typenames .undef - /ifelse .systemvar - ] cvx executeonly - exch .setglobal --} odef -+} executeonly odef - systemdict /internaldict dup .makeinternaldict .makeoperator - .forceput % proc is local, systemdict is global - -@@ -1093,7 +1086,7 @@ def - - % Define $error. This must be in local VM. - .currentglobal //false .setglobal --/$error 40 dict .forcedef % $error is local, systemdict is global -+currentdict /$error 40 dict .forceput % $error is local, systemdict is global - % newerror, errorname, command, errorinfo, - % ostack, estack, dstack, recordstacks, - % binary, globalmode, -@@ -1112,8 +1105,8 @@ end - % Define errordict similarly. It has one entry per error name, - % plus handleerror. However, some astonishingly badly written PostScript - % files require it to have at least one empty slot. --/errordict ErrorNames length 3 add dict --.forcedef % errordict is local, systemdict is global -+currentdict /errordict ErrorNames length 3 add dict -+.forceput % errordict is local, systemdict is global - .setglobal % back to global VM - % gserrordict contains all the default error handling methods, but unlike - % errordict it is noaccess after creation (also it is in global VM). -@@ -1273,8 +1266,9 @@ end - (END PROCS) VMDEBUG - - % Define the font directory. -+currentdict - /FontDirectory //false .setglobal 100 dict //true .setglobal --.forcedef % FontDirectory is local, systemdict is global -+.forceput % FontDirectory is local, systemdict is global - - % Define the encoding dictionary. - /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings -@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if - //systemdict /UndefinePostScriptOperators get exec - //systemdict /UndefinePDFOperators get exec - //systemdict /.forcecopynew .forceundef % remove temptation -- //systemdict /.forcedef .forceundef % ditto - //systemdict /.forceput .forceundef % ditto - //systemdict /.undef .forceundef % ditto - //systemdict /.forceundef .forceundef % ditto -@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if - % (and, if implemented, context switching). - .currentglobal //false .setglobal - mark userparams { } forall .dicttomark readonly -- /userparams exch .forcedef % systemdict is read-only -+ currentdict exch /userparams exch .forceput % systemdict is read-only - .setglobal --} if -+} executeonly if - /.currentsystemparams where { - pop - % Remove real system params from pssystemparams. -@@ -2458,7 +2451,6 @@ end - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -- systemdict /.forcedef .undef % ditto - systemdict /.forceput .undef % ditto - systemdict /.forceundef .undef % ditto - } if -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 0f0d573..9c0c3a6 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -304,31 +304,30 @@ end - psuserparams exch /.checkFilePermitparams load put - .setglobal - --pssystemparams begin -- /CurDisplayList 0 .forcedef -- /CurFormCache 0 .forcedef -- /CurInputDevice () .forcedef -- /CurOutlineCache 0 .forcedef -- /CurOutputDevice () .forcedef -- /CurPatternCache 0 .forcedef -- /CurUPathCache 0 .forcedef -- /CurScreenStorage 0 .forcedef -- /CurSourceList 0 .forcedef -- /DoPrintErrors //false .forcedef -- /JobTimeout 0 .forcedef -- /LicenseID (LN-001) .forcedef % bogus -- /MaxDisplayList 140000 .forcedef -- /MaxFormCache 100000 .forcedef -- /MaxImageBuffer 524288 .forcedef -- /MaxOutlineCache 65000 .forcedef -- /MaxPatternCache 100000 .forcedef -- /MaxUPathCache 300000 .forcedef -- /MaxScreenStorage 84000 .forcedef -- /MaxSourceList 25000 .forcedef -- /PrinterName product .forcedef -- /RamSize 4194304 .forcedef -- /WaitTimeout 40 .forcedef --end -+pssystemparams -+dup /CurDisplayList 0 .forceput -+dup /CurFormCache 0 .forceput -+dup /CurInputDevice () .forceput -+dup /CurOutlineCache 0 .forceput -+dup /CurOutputDevice () .forceput -+dup /CurPatternCache 0 .forceput -+dup /CurUPathCache 0 .forceput -+dup /CurScreenStorage 0 .forceput -+dup /CurSourceList 0 .forceput -+dup /DoPrintErrors //false .forceput -+dup /JobTimeout 0 .forceput -+dup /LicenseID (LN-001) .forceput % bogus -+dup /MaxDisplayList 140000 .forceput -+dup /MaxFormCache 100000 .forceput -+dup /MaxImageBuffer 524288 .forceput -+dup /MaxOutlineCache 65000 .forceput -+dup /MaxPatternCache 100000 .forceput -+dup /MaxUPathCache 300000 .forceput -+dup /MaxScreenStorage 84000 .forceput -+dup /MaxSourceList 25000 .forceput -+dup /PrinterName product .forceput -+dup /RamSize 4194304 .forceput -+ /WaitTimeout 40 .forceput - - % Define the procedures for handling comment scanning. The names - % %ProcessComment and %ProcessDSCComment are known to the interpreter. -@@ -710,7 +709,7 @@ pop % currentsystemparams - /statusdict currentdict def - - currentdict end --/statusdict exch .forcedef % statusdict is local, systemdict is global -+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global - - % The following compatibility operators are in systemdict. They are - % defined here, rather than in gs_init.ps, because they require the -diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps -index c86721f..881af44 100644 ---- a/Resource/Init/gs_ll3.ps -+++ b/Resource/Init/gs_ll3.ps -@@ -521,9 +521,8 @@ end - % Define additional user and system parameters. - /HalftoneMode 0 .definepsuserparam - /MaxSuperScreen 1016 .definepsuserparam --pssystemparams begin % read-only, so use .forcedef -- /MaxDisplayAndSourceList 160000 .forcedef --end -+% read-only, so use .forceput -+pssystemparams /MaxDisplayAndSourceList 160000 .forceput - - % Define the IdiomSet resource category. - { /IdiomSet } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index b016113..89c0ed6 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -41,10 +41,10 @@ level2dict begin - % However, Ed Taft of Adobe says their interpreters don't implement this - % either, so we aren't going to worry about it for a while. - --currentglobal //false setglobal systemdict begin -- /localinstancedict 5 dict -- .forcedef % localinstancedict is local, systemdict is global --end //true setglobal -+currentglobal //false setglobal -+ systemdict /localinstancedict 5 dict -+ .forceput % localinstancedict is local, systemdict is global -+//true setglobal - /.emptydict 0 dict readonly def - setglobal - -@@ -149,7 +149,7 @@ setglobal - dup [ exch 0 -1 ] exch - .Instances 4 2 roll put - % Make the Category dictionary read-only. We will have to -- % use .forceput / .forcedef later to replace the dummy, -+ % use .forceput / .forceput later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly - }{ -@@ -304,7 +304,8 @@ systemdict begin - dup () ne { - .file_name_directory_separator concatstrings - } if -- 2 index exch //false .file_name_combine not { -+ 2 index exch //false -+ .file_name_combine not { - (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print = - /.default_resource_dir cvx /configurationerror signalerror - } if -@@ -317,14 +318,14 @@ currentdict /pssystemparams known not { - pssystemparams begin - //.default_resource_dir exec - /FontResourceDir (Font) //.resource_dir_name exec -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - /GenericResourceDir () //.resource_dir_name exec -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - pop % .default_resource_dir - /GenericResourcePathSep -- .file_name_separator readonly .forcedef % pssys'params is r-o -- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o -- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o -+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o -+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o -+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o - end - end - -@@ -422,8 +423,8 @@ status { - .Instances dup //.emptydict eq { - pop 3 dict - % As noted above, Category dictionaries are read-only, -- % so we have to use .forcedef here. -- /.Instances 1 index .forcedef % Category dict is read-only -+ % so we have to use .forceput here. -+ currentdict /.Instances 2 index .forceput % Category dict is read-only - } executeonly if - } - { .LocalInstances dup //.emptydict eq -@@ -441,7 +442,7 @@ status { - { /defineresource cvx /typecheck signaloperror - } - ifelse --} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef -+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput - /UndefineResource - { { dup 2 index .knownget - { dup 1 get 1 ge -diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps -index 20d4c96..b6a7659 100644 ---- a/Resource/Init/gs_statd.ps -+++ b/Resource/Init/gs_statd.ps -@@ -21,10 +21,10 @@ systemdict begin - % We make statusdict a little larger for Level 2 stuff. - % Note that it must be allocated in local VM. - .currentglobal //false .setglobal -- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global -+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global - % To support the Level 2 job control features, - % serverdict must also be in local VM. -- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global -+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global - .setglobal - end - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch index fc144f625..7b70bb8e2 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch @@ -1,7 +1,7 @@ -From 94850954b88440df6c41d2dd133c422ffc84d9aa Mon Sep 17 00:00:00 2001 +From c076d0fc970f190f723018258790c79b59daba2e Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Thu, 29 Mar 2018 16:12:48 +0800 -Subject: [PATCH 07/10] not generate objarch.h at compile time +Date: Sat, 11 May 2019 21:20:27 +0800 +Subject: [PATCH] not generate objarch.h at compile time Import patch from windriver linux for cross compilation, and split patches into oe way under different directories such as i586, powerpc etc @@ -12,19 +12,19 @@ Upstream-Status: Pending Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -Rebase to 9.23 +Rebase to 9.27 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- base/lib.mak | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/lib.mak b/base/lib.mak -index 0036d1e..302877e 100644 +index 3ed088a..5af2b43 100644 --- a/base/lib.mak +++ b/base/lib.mak @@ -87,8 +87,8 @@ arch_h=$(GLGEN)arch.h stdpre_h=$(GLSRC)stdpre.h - stdint__h=$(GLSRC)stdint_.h $(std_h) + stdint__h=$(GLSRC)stdint_.h -$(GLGEN)arch.h : $(GENARCH_XE) - $(EXP)$(GENARCH_XE) $(GLGEN)arch.h $(TARGET_ARCH_FILE) @@ -34,5 +34,5 @@ index 0036d1e..302877e 100644 # Platform interfaces -- -1.8.3.1 +2.7.4 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.27.bb index bb3234788..fcc9e0099 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.27.bb @@ -19,7 +19,7 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/${BPN}-${PV}.tar.gz \ +SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/${BPN}-${PV}.tar.gz \ file://ghostscript-9.15-parallel-make.patch \ file://ghostscript-9.16-Werror-return-type.patch \ file://do-not-check-local-libpng-source.patch \ @@ -32,19 +32,6 @@ SRC_URI = "${SRC_URI_BASE} \ file://ghostscript-9.02-genarch.patch \ file://objarch.h \ file://cups-no-gcrypt.patch \ - file://CVE-2019-6116-0001.patch \ - file://CVE-2019-6116-0002.patch \ - file://CVE-2019-6116-0003.patch \ - file://CVE-2019-6116-0004.patch \ - file://CVE-2019-6116-0005.patch \ - file://CVE-2019-6116-0006.patch \ - file://CVE-2019-6116-0007.patch \ - file://CVE-2019-3835-0001.patch \ - file://CVE-2019-3835-0002.patch \ - file://CVE-2019-3835-0003.patch \ - file://CVE-2019-3835-0004.patch \ - file://CVE-2019-3838-0001.patch \ - file://CVE-2019-3838-0002.patch \ " SRC_URI_class-native = "${SRC_URI_BASE} \ @@ -52,8 +39,8 @@ SRC_URI_class-native = "${SRC_URI_BASE} \ file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \ " -SRC_URI[md5sum] = "806bc2dedbc7f69b003f536658e08d4a" -SRC_URI[sha256sum] = "831fc019bd477f7cc2d481dc5395ebfa4a593a95eb2fe1eb231a97e450d7540d" +SRC_URI[md5sum] = "c3990a504a3a23b9babe9de00ed6597d" +SRC_URI[sha256sum] = "9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285" # Put something like # @@ -136,3 +123,6 @@ BBCLASSEXTEND = "native" # ghostscript does not supports "arc" COMPATIBLE_HOST = "^(?!arc).*" + +# some entries in NVD uses gpl_ghostscript +CVE_PRODUCT = "ghostscript gpl_ghostscript" diff --git a/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch b/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch new file mode 100644 index 000000000..1b94e8a93 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch @@ -0,0 +1,31 @@ +From 54c795c8a3c7356294007b5a4eed1dd47ed6411d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 19:19:27 +0800 +Subject: [PATCH] fix shebang for target + +... +|ERROR: groff-1.22.4-r0 do_package_qa: QA Issue: /usr/bin/gdiffmk contained in +package groff requires tmp-glibc/hosttools/bash, but no providers found in +RDEPENDS_groff? [file-rdeps] +... + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + contrib/gdiffmk/gdiffmk.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/gdiffmk/gdiffmk.sh b/contrib/gdiffmk/gdiffmk.sh +index 5ce931e..10f2300 100644 +--- a/contrib/gdiffmk/gdiffmk.sh ++++ b/contrib/gdiffmk/gdiffmk.sh +@@ -1,4 +1,4 @@ +-#!@BASH_PROG@ ++#!/bin/sh + # Copyright (C) 2004-2018 Free Software Foundation, Inc. + # Written by Mike Bianchi <MBianchi@Foveal.com <mailto:MBianchi@Foveal.com>> + # Thanks to Peter Bray for debugging. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch index f1db5b065..eda6a40f5 100644 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-replace-perl-w-with-use-warnings.patch +++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch @@ -1,7 +1,7 @@ -From 5b574542070db286c89b3827e8f15ed4b3b39034 Mon Sep 17 00:00:00 2001 +From 6821a23e6cf34df37c351b45be413a8da9115f9f Mon Sep 17 00:00:00 2001 From: Robert Yang <liezhi.yang@windriver.com> -Date: Thu, 6 Apr 2017 01:46:00 -0700 -Subject: [PATCH] replace "perl -w" with "use warnings" +Date: Sat, 11 May 2019 17:03:03 +0800 +Subject: [PATCH 1/2] replace "perl -w" with "use warnings" The shebang's max length is usually 128 as defined in /usr/include/linux/binfmts.h: @@ -18,6 +18,10 @@ So replace "perl -w" with "use warnings" to make it work. Upstream-Status: Pending Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +Rebase to 1.22.4. + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- font/devpdf/util/BuildFoundries.pl | 3 ++- src/devices/gropdf/gropdf.pl | 3 ++- @@ -26,7 +30,7 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/font/devpdf/util/BuildFoundries.pl b/font/devpdf/util/BuildFoundries.pl -index 39f2f0d..a2bfd8e 100644 +index f8af826..9584e28 100644 --- a/font/devpdf/util/BuildFoundries.pl +++ b/font/devpdf/util/BuildFoundries.pl @@ -1,4 +1,4 @@ @@ -36,15 +40,15 @@ index 39f2f0d..a2bfd8e 100644 # BuildFoundries : Given a Foundry file generate groff and download files # Deri James : Monday 07 Feb 2011 @@ -22,6 +22,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; + (my $progname = $0) =~s @.*/@@; my $where=shift||''; - my $devps=shift||'../devps'; diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl -index 035d123..b933b32 100644 +index 2ec52d0..ce5a06f 100644 --- a/src/devices/gropdf/gropdf.pl +++ b/src/devices/gropdf/gropdf.pl @@ -1,4 +1,4 @@ @@ -59,10 +63,10 @@ index 035d123..b933b32 100644 use strict; +use warnings; use Getopt::Long qw(:config bundling); - use Compress::Zlib; + use constant diff --git a/src/devices/gropdf/pdfmom.pl b/src/devices/gropdf/pdfmom.pl -index beec820..4b46ea4 100644 +index c9b08b2..61124f3 100644 --- a/src/devices/gropdf/pdfmom.pl +++ b/src/devices/gropdf/pdfmom.pl @@ -1,4 +1,4 @@ @@ -71,8 +75,8 @@ index beec820..4b46ea4 100644 # # pdfmom : Frontend to run groff -mom to produce PDFs # Deri James : Friday 16 Mar 2012 -@@ -24,6 +24,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. +@@ -23,6 +23,7 @@ + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; @@ -80,17 +84,17 @@ index beec820..4b46ea4 100644 my @cmd; my $dev='pdf'; diff --git a/src/utils/afmtodit/afmtodit.pl b/src/utils/afmtodit/afmtodit.pl -index 4f2ce83..5c078ff 100644 +index 954c58e..81a6c97 100644 --- a/src/utils/afmtodit/afmtodit.pl +++ b/src/utils/afmtodit/afmtodit.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl -w +#! /usr/bin/perl # -*- Perl -*- - # Copyright (C) 1989-2014 Free Software Foundation, Inc. + # Copyright (C) 1989-2018 Free Software Foundation, Inc. # Written by James Clark (jjc@jclark.com) @@ -19,6 +19,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; @@ -98,5 +102,5 @@ index 4f2ce83..5c078ff 100644 @afmtodit.tables@ -- -2.10.2 +2.7.4 diff --git a/poky/meta/recipes-extended/groff/files/0001-support-musl.patch b/poky/meta/recipes-extended/groff/files/0001-support-musl.patch new file mode 100644 index 000000000..a837b11b1 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/0001-support-musl.patch @@ -0,0 +1,41 @@ +From 695965c27be74acb5968f19d51af86065c4b71a9 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 13 May 2019 09:48:14 +0800 +Subject: [PATCH] support musl + +... +|./lib/math.h:2877:1: error: 'int signbit(float)' conflicts with a previous declaration +| _GL_MATH_CXX_REAL_FLOATING_DECL_2 (signbit) +| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +|In file included from recipe-sysroot/usr/include/c++/8.3.0/math.h:36, +| from ./lib/math.h:27, +| from ./src/include/driver.h:27, +| from src/devices/grodvi/dvi.cpp:20: +|recipe-sysroot/usr/include/c++/8.3.0/cmath:661:3: note: previous declaration 'constexpr bool std::signbit(float)' +| signbit(float __x) +| ^~~~~~~ +... + +Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=453ff940449bbbde9ec00f0bbf82a359c5598fc7] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + gnulib_m4/signbit.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gnulib_m4/signbit.m4 b/gnulib_m4/signbit.m4 +index 9e7884d..8b9c70c 100644 +--- a/gnulib_m4/signbit.m4 ++++ b/gnulib_m4/signbit.m4 +@@ -31,6 +31,8 @@ AC_DEFUN([gl_SIGNBIT], + [case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_signbit="guessing yes" ;; ++ # Guess yes on musl systems. ++ *-musl*) gl_cv_func_signbit="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_signbit="guessing yes" ;; + # If we don't know, assume the worst. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch b/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch new file mode 100644 index 000000000..c80a2a5c3 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch @@ -0,0 +1,32 @@ +From 75761ae7adc88412de4379d1cf5484b055cd5f18 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 17:06:29 +0800 +Subject: [PATCH 2/2] groff searchs fonts which are provided by ghostscript on + build host. It causes non-determinism issue. So not search font dirs on host. + +Upstream-Status: Inappropriate [cross build specific] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Rebase to 1.22.4 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + font/devpdf/Foundry.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/font/devpdf/Foundry.in b/font/devpdf/Foundry.in +index 93e9b66..235b23b 100644 +--- a/font/devpdf/Foundry.in ++++ b/font/devpdf/Foundry.in +@@ -65,7 +65,7 @@ ZD|Y||||Dingbats!d050000l.pfb + #====================================================================== + + #Foundry|Name|Searchpath +-foundry|U|(gs):@urwfontsdir@ :/usr/share/fonts/type1/gsfonts :/opt/local/share/fonts/urw-fonts # the URW fonts delivered with ghostscript (may be different) ++foundry|U|(gs) # the URW fonts delivered with ghostscript (may be different) + #Define Flags for afmtodit + + r=-i 0 -m +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch deleted file mode 100644 index b61b43281..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 13 Apr 2015 17:02:13 -0700 -Subject: [PATCH] Unset need_charset_alias when building for musl - -localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4 -which actually shoudl be fixed in gnulib and then all downstream -projects will get it eventually. For now we apply the fix to -coreutils - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/gnulib.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: groff-1.22.3/src/libs/gnulib/lib/Makefile.am -=================================================================== ---- groff-1.22.3.orig/src/libs/gnulib/lib/Makefile.am -+++ groff-1.22.3/src/libs/gnulib/lib/Makefile.am -@@ -113,7 +113,7 @@ install-exec-localcharset: all-local - case '$(host_os)' in \ - darwin[56]*) \ - need_charset_alias=true ;; \ -- darwin* | cygwin* | mingw* | pw32* | cegcc*) \ -+ darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \ - need_charset_alias=false ;; \ - *) \ - need_charset_alias=true ;; \ diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch deleted file mode 100644 index c73328a18..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch +++ /dev/null @@ -1,34 +0,0 @@ -Correct the install path of man.local to fix following error: - /yocto/build/tmp/sysroots/x86_64-linux/usr/share/groff/1.22.2/tmac/an-old.tmac:690: warning: can't find macro file `man.local' - -Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> -Upstream-Status: Pending - -diff --git a/tmac/Makefile.sub b/tmac/Makefile.sub -index 1506232..f1468c5 100644 ---- a/tmac/Makefile.sub -+++ b/tmac/Makefile.sub -@@ -121,9 +121,9 @@ install_data: $(NORMALFILES) $(SPECIALFILES) man.local \ - $(RM) $(DESTDIR)$(mdocdir)/$$f; \ - $(INSTALL_DATA) $$f-s $(DESTDIR)$(mdocdir)/$$f; \ - done -- -test -f $(DESTDIR)$(localtmacdir)/man.local \ -+ -test -f $(DESTDIR)$(tmacdir)/man.local \ - || $(INSTALL_DATA) $(srcdir)/man.local \ -- $(DESTDIR)$(localtmacdir)/man.local -+ $(DESTDIR)$(tmacdir)/man.local - -test -f $(DESTDIR)$(localtmacdir)/mdoc.local \ - || $(INSTALL_DATA) mdoc.local-s $(DESTDIR)$(localtmacdir)/mdoc.local - -@@ -164,9 +164,9 @@ uninstall_sub: - $(RM) $(DESTDIR)$(tmacdir)/$(tmac_s_prefix)s.tmac - $(RM) $(DESTDIR)$(tmacdir)/$(tmac_an_prefix)an.tmac - $(RM) $(DESTDIR)$(tmacdir)/www.tmac -- -if cmp -s $(DESTDIR)$(localtmacdir)/man.local \ -+ -if cmp -s $(DESTDIR)$(tmacdir)/man.local \ - $(srcdir)/man.local; then \ -- $(RM) $(DESTDIR)$(localtmacdir)/man.local; \ -+ $(RM) $(DESTDIR)$(tmacdir)/man.local; \ - fi - -if cmp -s $(DESTDIR)$(localtmacdir)/mdoc.local \ - $(srcdir)/mdoc.local; then \ diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch deleted file mode 100644 index ff8f32059..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch +++ /dev/null @@ -1,20 +0,0 @@ -groff searchs fonts which are provided by ghostscript on build host. -It causes non-determinism issue. So not search font dirs on host. - -Upstream-Status: Inappropriate [cross build specific] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -diff --git a/font/devpdf/Foundry.in b/font/devpdf/Foundry.in -index a6e968f..8094642 100644 ---- a/font/devpdf/Foundry.in -+++ b/font/devpdf/Foundry.in -@@ -65,7 +65,7 @@ ZD|Y||||Dingbats!d050000l.pfb - #====================================================================== - - #Foundry|Name|Searchpath --foundry|U|(gs):/usr/share/fonts/type1/gsfonts :/opt/local/share/fonts/urw-fonts # the URW fonts delivered with ghostscript (may be different) -+foundry|U|(gs) # the URW fonts delivered with ghostscript (may be different) - #Define Flags for afmtodit - - r=-i 0 -m diff --git a/poky/meta/recipes-extended/groff/groff_1.22.3.bb b/poky/meta/recipes-extended/groff/groff_1.22.4.bb index ba90cadd8..37eee9a6c 100644 --- a/poky/meta/recipes-extended/groff/groff_1.22.3.bb +++ b/poky/meta/recipes-extended/groff/groff_1.22.4.bb @@ -8,49 +8,27 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GNU_MIRROR}/groff/groff-${PV}.tar.gz \ - file://groff-1.22.2-correct-man.local-install-path.patch \ - file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0001-replace-perl-w-with-use-warnings.patch \ file://groff-not-search-fonts-on-build-host.patch \ + file://0001-fix-shebang-for-taget.patch \ + file://0001-support-musl.patch \ " -SRC_URI[md5sum] = "cc825fa64bc7306a885f2fb2268d3ec5" -SRC_URI[sha256sum] = "3a48a9d6c97750bfbd535feeb5be0111db6406ddb7bb79fc680809cda6d828a5" +SRC_URI[md5sum] = "08fb04335e2f5e73f23ea4c3adbf0c5f" +SRC_URI[sha256sum] = "e78e7b4cb7dec310849004fa88847c44701e8d133b5d4c13057d876c1bad0293" -DEPENDS = "groff-native" -DEPENDS_class-native = "" +DEPENDS = "bison-native" RDEPENDS_${PN} += "perl sed" -inherit autotools texinfo multilib_script +inherit autotools-brokensep texinfo multilib_script pkgconfig MULTILIB_SCRIPTS = "${PN}:${bindir}/gpinyin ${PN}:${bindir}/groffer ${PN}:${bindir}/grog" -EXTRA_OECONF = "--without-x" +EXTRA_OECONF = "--without-x --without-doc" PARALLEL_MAKE = "" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" -do_configure_prepend() { - if [ "${BUILD_SYS}" != "${HOST_SYS}" ]; then - sed -i \ - -e '/^GROFFBIN=/s:=.*:=${STAGING_BINDIR_NATIVE}/groff:' \ - -e '/^TROFFBIN=/s:=.*:=${STAGING_BINDIR_NATIVE}/troff:' \ - -e '/^GROFF_BIN_PATH=/s:=.*:=${STAGING_BINDIR_NATIVE}:' \ - -e '/^GROFF_BIN_DIR=/s:=.*:=${STAGING_BINDIR_NATIVE}:' \ - ${S}/contrib/*/Makefile.sub \ - ${S}/doc/Makefile.in \ - ${S}/doc/Makefile.sub - fi -} - -do_configure_append() { - # generate gnulib configure script - olddir=`pwd` - cd ${S}/src/libs/gnulib/ - ACLOCAL="$ACLOCAL" autoreconf -Wcross --verbose --install --force ${EXTRA_AUTORECONF} $acpaths || die "autoreconf execution failed." - cd ${olddir} -} - do_install_append() { # Some distros have both /bin/perl and /usr/bin/perl, but we set perl location # for target as /usr/bin/perl, so fix it to /usr/bin/perl. diff --git a/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch b/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch new file mode 100644 index 000000000..e26594d19 --- /dev/null +++ b/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch @@ -0,0 +1,61 @@ +From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org> +Date: Wed, 14 Nov 2018 07:35:28 +0100 +Subject: extensions: format-security fixes in libip[6]t_icmp +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add") +introduced support for gcc feature to check format string against passed +argument. This commit adds missing bits to extenstions's libipt_icmp.c +and libip6t_icmp6.c that were causing build to fail. + +Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add") +Signed-off-by: Adam Gołębiowski <adamg@pld-linux.org> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + +Upstream-Status: Backport +--- + extensions/libip6t_icmp6.c | 4 ++-- + extensions/libipt_icmp.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c +index 45a71875..cc7bfaeb 100644 +--- a/extensions/libip6t_icmp6.c ++++ b/extensions/libip6t_icmp6.c +@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + type_name = icmp6_type_xlate(icmptype); + + if (type_name) { +- xt_xlate_add(xl, type_name); ++ xt_xlate_add(xl, "%s", type_name); + } else { + for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i) + if (icmpv6_codes[i].type == icmptype && +@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + break; + + if (i != ARRAY_SIZE(icmpv6_codes)) +- xt_xlate_add(xl, icmpv6_codes[i].name); ++ xt_xlate_add(xl, "%s", icmpv6_codes[i].name); + else + return 0; + } +diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c +index 54189976..e76257c5 100644 +--- a/extensions/libipt_icmp.c ++++ b/extensions/libipt_icmp.c +@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + if (icmp_codes[i].type == icmptype && + icmp_codes[i].code_min == code_min && + icmp_codes[i].code_max == code_max) { +- xt_xlate_add(xl, icmp_codes[i].name); ++ xt_xlate_add(xl, "%s", icmp_codes[i].name); + return 1; + } + } +-- +cgit v1.2.1 + diff --git a/poky/meta/recipes-extended/iptables/iptables_1.6.2.bb b/poky/meta/recipes-extended/iptables/iptables_1.8.2.bb index a57cac34e..ad2c1a6f8 100644 --- a/poky/meta/recipes-extended/iptables/iptables_1.6.2.bb +++ b/poky/meta/recipes-extended/iptables/iptables_1.8.2.bb @@ -10,10 +10,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ + file://0003-extensions-format-security-fixes-in-libipt_icmp.patch \ " -SRC_URI[md5sum] = "7d2b7847e4aa8832a18437b8a4c1873d" -SRC_URI[sha256sum] = "55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733" +SRC_URI[md5sum] = "944558e88ddcc3b9b0d9550070fa3599" +SRC_URI[sha256sum] = "a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch b/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch deleted file mode 100644 index 139613a0a..000000000 --- a/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 19d7cc87adba92d31d5fafdf7db00920d24a96a6 Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Wed, 6 Feb 2019 13:24:04 -0600 -Subject: [PATCH] solver_solve: only disfavor recommends if there are any - -In a repo that have pkg 'a' and 'b' available, and 'b' is disfavored, -but 'a' doesn't recommend 'b', libsolv segfaults on -solver_addrecommendsrules, since solv->recommendsruleq is null. Only -call solver_addrecommendsrules if there are recommends rules. - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> - -Upstream-Status: Accepted ---- - src/solver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/solver.c b/src/solver.c -index a80090d19..ad78327a8 100644 ---- a/src/solver.c -+++ b/src/solver.c -@@ -3920,7 +3920,7 @@ solver_solve(Solver *solv, Queue *job) - else - solv->yumobsrules = solv->yumobsrules_end = solv->nrules; - -- if (solv->havedisfavored && solv->strongrecommends) -+ if (solv->havedisfavored && solv->strongrecommends && solv->recommendsruleq) - solver_addrecommendsrules(solv); - else - solv->recommendsrules = solv->recommendsrules_end = solv->nrules; --- -2.20.1 - diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.3.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.4.bb index 70c8dbc2e..b8653adc0 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.3.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.4.bb @@ -8,11 +8,11 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8" DEPENDS = "expat zlib" SRC_URI = "git://github.com/openSUSE/libsolv.git \ - file://0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch \ file://0001-build-use-GNUInstallDirs.patch \ " -SRCREV = "dc7d0f1c3113f2c8217563166906bef3eb5d1ee1" +SRCREV = "51fc3b1214aa9677e972712fa1ce6916e438751f" + UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch b/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch deleted file mode 100644 index 6d40d3cce..000000000 --- a/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch +++ /dev/null @@ -1,103 +0,0 @@ -Patch from Fedora https://src.fedoraproject.org/rpms/libtirpc/raw/master/f/libtirpc-1.0.4-rc1.patch - -Upstream-Status: Backport -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -diff --git a/src/clnt_generic.c b/src/clnt_generic.c -index e5a314f..3f3dabf 100644 ---- a/src/clnt_generic.c -+++ b/src/clnt_generic.c -@@ -47,7 +47,6 @@ - - extern bool_t __rpc_is_local_host(const char *); - int __rpc_raise_fd(int); --extern int __binddynport(int fd); - - #ifndef NETIDLEN - #define NETIDLEN 32 -@@ -341,8 +340,7 @@ clnt_tli_create(int fd, const struct netconfig *nconf, - servtype = nconf->nc_semantics; - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - } else { - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index af6c482..5a6eeb7 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -67,8 +67,6 @@ - - extern mutex_t rpcsoc_lock; - --extern int __binddynport(int fd); -- - static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t, - int *, u_int, u_int, char *, int); - static SVCXPRT *svc_com_create(int, u_int, u_int, char *); -@@ -147,8 +145,7 @@ clnt_com_create(raddr, prog, vers, sockp, sendsz, recvsz, tp, flags) - bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in); - bindaddr.buf = raddr; - -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers, - sendsz, recvsz); - if (cl) { -diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c -index a94fc73..4b44364 100644 ---- a/src/rpcb_clnt.c -+++ b/src/rpcb_clnt.c -@@ -752,7 +752,7 @@ __try_protocol_version_2(program, version, nconf, host, tp) - - client = getpmaphandle(nconf, host, &parms.r_addr); - if (client == NULL) -- return (NULL); -+ goto error; - - /* - * Set retry timeout. -@@ -771,11 +771,11 @@ __try_protocol_version_2(program, version, nconf, host, tp) - if (clnt_st != RPC_SUCCESS) { - rpc_createerr.cf_stat = RPC_PMAPFAILURE; - clnt_geterr(client, &rpc_createerr.cf_error); -- return (NULL); -+ goto error; - } else if (port == 0) { - pmapaddress = NULL; - rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; -- return (NULL); -+ goto error; - } - port = htons(port); - CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote); -@@ -789,14 +789,24 @@ __try_protocol_version_2(program, version, nconf, host, tp) - free(pmapaddress); - pmapaddress = NULL; - } -- return (NULL); -+ goto error; - } - memcpy(pmapaddress->buf, remote.buf, remote.len); - memcpy(&((char *)pmapaddress->buf)[sizeof (short)], - (char *)(void *)&port, sizeof (short)); - pmapaddress->len = pmapaddress->maxlen = remote.len; - -+ CLNT_DESTROY(client); - return pmapaddress; -+ -+error: -+ if (client) { -+ CLNT_DESTROY(client); -+ client = NULL; -+ -+ } -+ return (NULL); -+ - } - #endif - diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.0.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb index f978c8c8a..9c480b825 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.0.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb @@ -10,13 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ PROVIDES = "virtual/librpc" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \ - file://libtirpc-1.0.4-rc1.patch \ file://musl.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" -SRC_URI[md5sum] = "f8403a10695348854e71d525c4db5931" -SRC_URI[sha256sum] = "86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e" +SRC_URI[md5sum] = "f5d2a623e9dfbd818d2f3f3a4a878e3a" +SRC_URI[sha256sum] = "2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch new file mode 100644 index 000000000..39623c37d --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch @@ -0,0 +1,70 @@ +From db57ddc1497e72947da2b14f471ab521478ef99d Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Thu, 31 Jan 2019 19:49:00 +0200 +Subject: [PATCH] syscalls/setrlimit03.c: read /proc/sys/fs/nr_open for + RLIMIT_NOFILE limit + +Since kernel v2.6.25 RLIMIT_NOFILE limit is no longer hardcoded to +NR_OPEN, but can be set via /proc/sys/fs/nr_open, see kernel commit +9cfe015aa424b3c003baba3841a60dd9b5ad319b ("get rid of NR_OPEN and +introduce a sysctl_nr_open"). + +nr_open default value is 1024*1024, so setrlimit03 has been passing fine +on new kernels, only "unexpectedly succeeding" if nr_open is set to some +larger value. + +Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> + +Upstream-Status: Backport [db57ddc1497e ("syscalls/setrlimit03.c: read /proc/sys/fs/nr_open for RLIMIT_NOFILE limit")] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + testcases/kernel/syscalls/setrlimit/setrlimit03.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/testcases/kernel/syscalls/setrlimit/setrlimit03.c b/testcases/kernel/syscalls/setrlimit/setrlimit03.c +index 29b52aa..12455fe 100644 +--- a/testcases/kernel/syscalls/setrlimit/setrlimit03.c ++++ b/testcases/kernel/syscalls/setrlimit/setrlimit03.c +@@ -35,7 +35,10 @@ + # define NR_OPEN (1024*1024) + #endif + ++#define NR_OPEN_PATH "/proc/sys/fs/nr_open" ++ + static struct rlimit rlim1, rlim2; ++static unsigned int nr_open = NR_OPEN; + + static struct tcase { + struct rlimit *rlimt; +@@ -51,7 +54,10 @@ static void verify_setrlimit(unsigned int n) + + TEST(setrlimit(RLIMIT_NOFILE, tc->rlimt)); + if (TST_RET != -1) { +- tst_res(TFAIL, "call succeeded unexpectedly"); ++ tst_res(TFAIL, "call succeeded unexpectedly " ++ "(nr_open=%u rlim_cur=%lu rlim_max=%lu)", nr_open, ++ (unsigned long)(tc->rlimt->rlim_cur), ++ (unsigned long)(tc->rlimt->rlim_max)); + return; + } + +@@ -65,10 +71,13 @@ static void verify_setrlimit(unsigned int n) + + static void setup(void) + { ++ if (!access(NR_OPEN_PATH, F_OK)) ++ SAFE_FILE_SCANF(NR_OPEN_PATH, "%u", &nr_open); ++ + SAFE_GETRLIMIT(RLIMIT_NOFILE, &rlim1); + rlim2.rlim_max = rlim1.rlim_cur; + rlim2.rlim_cur = rlim1.rlim_max + 1; +- rlim1.rlim_max = NR_OPEN + 1; ++ rlim1.rlim_max = nr_open + 1; + } + + static struct tst_test test = { +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20190115.bb b/poky/meta/recipes-extended/ltp/ltp_20190115.bb index ddf97e26c..1d0c00b64 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20190115.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20190115.bb @@ -49,6 +49,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://0001-open_posix_testsuite-mmap24-2-Relax-condition-a-bit.patch \ file://define-sigrtmin-and-sigrtmax-for-musl.patch \ file://setregid01-security-string-formatting.patch \ + file://0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/man-db/man-db_2.8.4.bb b/poky/meta/recipes-extended/man-db/man-db_2.8.5.bb index aa364659e..441e2f411 100644 --- a/poky/meta/recipes-extended/man-db/man-db_2.8.4.bb +++ b/poky/meta/recipes-extended/man-db/man-db_2.8.5.bb @@ -7,8 +7,8 @@ LIC_FILES_CHKSUM = "file://docs/COPYING.LIB;md5=a6f89e2100d9b6cdffcea4f398e37343 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \ file://99_mandb \ file://man_db.conf-avoid-multilib-install-file-conflict.patch" -SRC_URI[md5sum] = "ab41db551f500e4a595b11203b86c67a" -SRC_URI[sha256sum] = "103c185f9d8269b9ee3b8a4cb27912b3aa393e952731ef96fedc880723472bc3" +SRC_URI[md5sum] = "c5c6c3434be14a5527d43b5ad0f09a13" +SRC_URI[sha256sum] = "b64d52747534f1fe873b2876eb7f01319985309d5d7da319d2bc52ba1e73f6c1" DEPENDS = "libpipeline gdbm groff-native base-passwd" RDEPENDS_${PN} += "base-passwd" @@ -16,7 +16,7 @@ RDEPENDS_${PN} += "base-passwd" # | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr' USE_NLS_libc-musl = "no" -inherit gettext pkgconfig autotools +inherit gettext pkgconfig autotools systemd EXTRA_OECONF = "--with-pager=less" EXTRA_AUTORECONF += "-I ${S}/gl/m4" @@ -54,3 +54,6 @@ def compress_pkg(d): return "" RDEPENDS_${PN} += "${@compress_pkg(d)}" + +SYSTEMD_SERVICE_${PN} = "man-db.timer man-db.service" +SYSTEMD_AUTO_ENABLE ?= "disable" diff --git a/poky/meta/recipes-extended/man-pages/man-pages_4.16.bb b/poky/meta/recipes-extended/man-pages/man-pages_5.01.bb index 1f14c891b..28525f4ba 100644 --- a/poky/meta/recipes-extended/man-pages/man-pages_4.16.bb +++ b/poky/meta/recipes-extended/man-pages/man-pages_5.01.bb @@ -7,8 +7,8 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://README;md5=794f701617cc03fe50c53257660d8ec4" SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/Archive/${BP}.tar.gz" -SRC_URI[md5sum] = "d1fb8ba312a1c15e0bfda911a98c5544" -SRC_URI[sha256sum] = "d38b0460bf3f35c95faf7f8cf52dac1216d86a47866f5e5f2fda88c61da04960" +SRC_URI[md5sum] = "38abead776a506109e128ab96bcbbe58" +SRC_URI[sha256sum] = "070bef794c6826b3fb3965d1a2efdb46c25cb37c06c715987f88a50906cd5b6f" inherit manpages diff --git a/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch new file mode 100644 index 000000000..e66a15cd7 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch @@ -0,0 +1,25 @@ +From: martin f. krafft <madduck@debian.org> +Subject: Remove -Werror from compiler flags + +-Werror seems like a bad idea on released/packaged code because a toolchain +update (introducing new warnings) could break the build. We'll let upstream +use it to beautify the code, but remove it for out builds. + +Signed-off-by: martin f. krafft <madduck@debian.org> + +Upstream-Status: Pending +--- + Makefile | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -48,7 +48,7 @@ endif + + CC ?= $(CROSS_COMPILE)gcc + CXFLAGS ?= -ggdb +-CWFLAGS = -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter ++CWFLAGS = -Wall -Wstrict-prototypes -Wextra -Wno-unused-parameter + ifdef WARN_UNUSED + CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3 + endif diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb index 947706ff5..ef5ddf55d 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb @@ -17,6 +17,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch \ file://0001-Compute-abs-diff-in-a-standard-compliant-way.patch \ file://0001-fix-gcc-8-format-truncation-warning.patch \ + file://debian-no-Werror.patch \ file://mdadm.init \ file://mdmonitor.service \ " diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.6.6.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.4.bb index e1721936c..888c1bbb5 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.6.6.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.4.bb @@ -1,19 +1,18 @@ SUMMARY = "msmtp is an SMTP client" DESCRIPTION = "A sendmail replacement for use in MTAs like mutt" -HOMEPAGE = "http://msmtp.sourceforge.net/" +HOMEPAGE = "https://marlam.de/msmtp/" SECTION = "console/network" LICENSE = "GPLv3" DEPENDS = "zlib gnutls" -#COPYING or Licence LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "http://sourceforge.net/projects/msmtp/files/msmtp/${PV}/${BPN}-${PV}.tar.xz \ - " +UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" -SRC_URI[md5sum] = "82b0520b57db4b2cf05333d11fb5974d" -SRC_URI[sha256sum] = "da15db1f62bd0201fce5310adb89c86188be91cd745b7cb3b62b81a501e7fb5e" +SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" +SRC_URI[md5sum] = "abfabb92f0461137f3c09cd16d98fc9b" +SRC_URI[sha256sum] = "e5dd7fe95bc8e2f5eea3e4894ec9628252f30bd700a7fd1a568b10efa91129f7" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb index ffa838877..ec67f8d12 100644 --- a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb +++ b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb @@ -94,7 +94,6 @@ RDEPENDS_packagegroup-core-full-cmdline-utils = "\ tar \ time \ util-linux \ - zlib \ " RDEPENDS_packagegroup-core-full-cmdline-extended = "\ diff --git a/poky/meta/recipes-extended/procps/procps/sysctl.conf b/poky/meta/recipes-extended/procps/procps/sysctl.conf index 34e7488bf..253f3701b 100644 --- a/poky/meta/recipes-extended/procps/procps/sysctl.conf +++ b/poky/meta/recipes-extended/procps/procps/sysctl.conf @@ -1,64 +1,67 @@ -# This configuration file is taken from Debian. +# This configuration taken from procps v3.3.15 +# Commented out kernel/pid_max=10000 line # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. -# -#kernel.domainname = example.com +# you can have the CD-ROM close when you use it, and open +# when you are done. +#dev.cdrom.autoeject = 1 +#dev.cdrom.autoclose = 1 -# Uncomment the following to stop low-level messages on console -#kernel.printk = 4 4 1 7 +# protection from the SYN flood attack +net/ipv4/tcp_syncookies=1 -##############################################################3 -# Functions previously found in netbase -# +# see the evil packets in your log files +net/ipv4/conf/all/log_martians=1 -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter=1 -net.ipv4.conf.all.rp_filter=1 +# makes you vulnerable or not :-) +net/ipv4/conf/all/accept_redirects=0 +net/ipv4/conf/all/accept_source_route=0 +net/ipv4/icmp_echo_ignore_broadcasts =1 -# Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 +# needed for routing, including masquerading or NAT +#net/ipv4/ip_forward=1 -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 +# sets the port range used for outgoing connections +#net.ipv4.ip_local_port_range = 32768 61000 -# Uncomment the next line to enable packet forwarding for IPv6 -#net.ipv6.conf.all.forwarding=1 +# Broken routers and obsolete firewalls will corrupt the window scaling +# and ECN. Set these values to 0 to disable window scaling and ECN. +# This may, rarely, cause some performance loss when running high-speed +# TCP/IP over huge distances or running TCP/IP over connections with high +# packet loss and modern routers. This sure beats dropped connections. +#net.ipv4.tcp_ecn = 0 +# Swapping too much or not enough? Disks spinning up when you'd +# rather they didn't? Tweak these. +#vm.vfs_cache_pressure = 100 +#vm.laptop_mode = 0 +#vm.swappiness = 60 -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 -# -# Ignore bogus ICMP errors -#net.ipv4.icmp_ignore_bogus_error_responses = 1 -# -# Do not accept ICMP redirects (prevent MITM attacks) -#net.ipv4.conf.all.accept_redirects = 0 -#net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# net.ipv4.conf.all.secure_redirects = 1 -# -# Do not send ICMP redirects (we are not a router) -#net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -#net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# +#kernel.printk_ratelimit_burst = 10 +#kernel.printk_ratelimit = 5 +#kernel.panic_on_oops = 0 + +# Reboot 600 seconds after a panic +#kernel.panic = 600 + +# enable SysRq key (note: console security issues) +#kernel.sysrq = 1 + +# Change name of core file to start with the command name +# so you get things like: emacs.core mozilla-bin.core X.core +#kernel.core_pattern = %e.core + +# NIS/YP domain (not always equal to DNS domain) +#kernel.domainname = example.com +#kernel.hostname = darkstar + +# This limits PID values to 4 digits, which allows tools like ps +# to save screen space. +#kernel/pid_max=10000 -#kernel.shmmax = 141762560 +# Protects against creating or following links under certain conditions +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks = 1 +#fs.protected_symlinks = 1 diff --git a/poky/meta/recipes-extended/quota/quota/fcntl.patch b/poky/meta/recipes-extended/quota/quota/fcntl.patch index 2d3797132..51a770ce6 100644 --- a/poky/meta/recipes-extended/quota/quota/fcntl.patch +++ b/poky/meta/recipes-extended/quota/quota/fcntl.patch @@ -9,13 +9,11 @@ Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> -ndex: quota-tools/quota.h -=================================================================== -Index: quota-tools/quota.h -=================================================================== ---- quota-tools.orig/quota.h -+++ quota-tools/quota.h -@@ -165,6 +165,6 @@ enum { +diff --git a/quota.h b/quota.h +index 4c21411..d20c217 100644 +--- a/quota.h ++++ b/quota.h +@@ -182,6 +182,6 @@ enum { #endif #endif @@ -23,10 +21,10 @@ Index: quota-tools/quota.h +long quotactl (int, const char *, qid_t, caddr_t); #endif /* _QUOTA_ */ -Index: quota-tools/quotacheck.c -=================================================================== ---- quota-tools.orig/quotacheck.c -+++ quota-tools/quotacheck.c +diff --git a/quotacheck.c b/quotacheck.c +index 2cdf475..07c18a7 100644 +--- a/quotacheck.c ++++ b/quotacheck.c @@ -19,6 +19,7 @@ #include <unistd.h> #include <stdlib.h> @@ -35,10 +33,10 @@ Index: quota-tools/quotacheck.c #include <sys/stat.h> #include <sys/types.h> -Index: quota-tools/quotaio.c -=================================================================== ---- quota-tools.orig/quotaio.c -+++ quota-tools/quotaio.c +diff --git a/quotaio.c b/quotaio.c +index 94ae458..d57fc1a 100644 +--- a/quotaio.c ++++ b/quotaio.c @@ -12,6 +12,7 @@ #include <string.h> #include <unistd.h> @@ -47,22 +45,10 @@ Index: quota-tools/quotaio.c #include <sys/types.h> #include <sys/stat.h> #include <sys/file.h> -Index: quota-tools/dqblk_v2.h -=================================================================== ---- quota-tools.orig/dqblk_v2.h -+++ quota-tools/dqblk_v2.h -@@ -7,6 +7,7 @@ - #ifndef GUARD_DQBLK_V2_H - #define GUARD_DQBLK_V2_H - -+#include <fcntl.h> - #include <sys/types.h> - #include "quota_tree.h" - -Index: quota-tools/rquota_client.c -=================================================================== ---- quota-tools.orig/rquota_client.c -+++ quota-tools/rquota_client.c +diff --git a/rquota_client.c b/rquota_client.c +index a3a4ae3..0ffe7a9 100644 +--- a/rquota_client.c ++++ b/rquota_client.c @@ -19,7 +19,9 @@ #include "config.h" diff --git a/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch b/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch deleted file mode 100644 index 06ff13cb9..000000000 --- a/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch +++ /dev/null @@ -1,198 +0,0 @@ -Use proper C99 integer types - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: quota-tools/bylabel.c -=================================================================== ---- quota-tools.orig/bylabel.c -+++ quota-tools/bylabel.c -@@ -20,6 +20,7 @@ - #include <ctype.h> - #include <fcntl.h> - #include <unistd.h> -+#include <stdint.h> - - #include "bylabel.h" - #include "common.h" -@@ -37,32 +38,32 @@ static struct uuidCache_s { - - #define EXT2_SUPER_MAGIC 0xEF53 - struct ext2_super_block { -- u_char s_dummy1[56]; -- u_char s_magic[2]; -- u_char s_dummy2[46]; -- u_char s_uuid[16]; -- u_char s_volume_name[16]; -+ uint8_t s_dummy1[56]; -+ uint8_t s_magic[2]; -+ uint8_t s_dummy2[46]; -+ uint8_t s_uuid[16]; -+ uint8_t s_volume_name[16]; - }; - --#define ext2magic(s) ((uint) s.s_magic[0] + (((uint) s.s_magic[1]) << 8)) -+#define ext2magic(s) ((uint32_t) s.s_magic[0] + (((uint32_t) s.s_magic[1]) << 8)) - - #define XFS_SUPER_MAGIC "XFSB" - #define XFS_SUPER_MAGIC2 "BSFX" - struct xfs_super_block { -- u_char s_magic[4]; -- u_char s_dummy[28]; -- u_char s_uuid[16]; -- u_char s_dummy2[60]; -- u_char s_fsname[12]; -+ uint8_t s_magic[4]; -+ uint8_t s_dummy[28]; -+ uint8_t s_uuid[16]; -+ uint8_t s_dummy2[60]; -+ uint8_t s_fsname[12]; - }; - - #define REISER_SUPER_MAGIC "ReIsEr2Fs" - struct reiserfs_super_block { -- u_char s_dummy1[52]; -- u_char s_magic[10]; -- u_char s_dummy2[22]; -- u_char s_uuid[16]; -- u_char s_volume_name[16]; -+ uint8_t s_dummy1[52]; -+ uint8_t s_magic[10]; -+ uint8_t s_dummy2[22]; -+ uint8_t s_uuid[16]; -+ uint8_t s_volume_name[16]; - }; - - static inline unsigned short swapped(unsigned short a) -@@ -222,7 +223,7 @@ static char *get_spec_by_x(int n, const - return NULL; - } - --static u_char fromhex(char c) -+static uint8_t fromhex(char c) - { - if (isdigit(c)) - return (c - '0'); -@@ -234,7 +235,7 @@ static u_char fromhex(char c) - - static char *get_spec_by_uuid(const char *s) - { -- u_char uuid[16]; -+ uint8_t uuid[16]; - int i; - - if (strlen(s) != 36 || s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-') -Index: quota-tools/quot.c -=================================================================== ---- quota-tools.orig/quot.c -+++ quota-tools/quot.c -@@ -47,6 +47,7 @@ - #include <utmp.h> - #include <pwd.h> - #include <grp.h> -+#include <stdint.h> - - #include "pot.h" - #include "quot.h" -@@ -56,8 +57,8 @@ - #include "quotasys.h" - - #define TSIZE 500 --static __uint64_t sizes[TSIZE]; --static __uint64_t overflow; -+static uint64_t sizes[TSIZE]; -+static uint64_t overflow; - - static int aflag; - static int cflag; -@@ -72,7 +73,7 @@ static time_t now; - char *progname; - - static void mounttable(void); --static char *idname(__uint32_t, int); -+static char *idname(uint32_t, int); - static void report(const char *, const char *, int); - static void creport(const char *, const char *); - -@@ -173,7 +174,7 @@ static int qcmp(du_t * p1, du_t * p2) - static void creport(const char *file, const char *fsdir) - { - int i; -- __uint64_t t = 0; -+ uint64_t t = 0; - - printf(_("%s (%s):\n"), file, fsdir); - for (i = 0; i < TSIZE - 1; i++) -@@ -219,7 +220,7 @@ static void report(const char *file, con - } - } - --static idcache_t *getnextent(int type, __uint32_t id, int byid) -+static idcache_t *getnextent(int type, uint32_t id, int byid) - { - struct passwd *pw; - struct group *gr; -@@ -240,7 +241,7 @@ static idcache_t *getnextent(int type, _ - return &idc; - } - --static char *idname(__uint32_t id, int type) -+static char *idname(uint32_t id, int type) - { - idcache_t *ncp, *idp; - static idcache_t nc[2][NID]; -@@ -286,8 +287,8 @@ static void acctXFS(xfs_bstat_t *p) - { - register du_t *dp; - du_t **hp; -- __uint64_t size; -- __uint32_t i, id; -+ uint64_t size; -+ uint32_t i, id; - - if ((p->bs_mode & S_IFMT) == 0) - return; -Index: quota-tools/quot.h -=================================================================== ---- quota-tools.orig/quot.h -+++ quota-tools/quot.h -@@ -35,18 +35,18 @@ - #define SEC24HR (60*60*24) /* seconds per day */ - - typedef struct { -- __uint32_t id; -+ uint32_t id; - char name[UT_NAMESIZE + 1]; - } idcache_t; - - typedef struct du { - struct du *next; -- __uint64_t blocks; -- __uint64_t blocks30; -- __uint64_t blocks60; -- __uint64_t blocks90; -- __uint64_t nfiles; -- __uint32_t id; -+ uint64_t blocks; -+ uint64_t blocks30; -+ uint64_t blocks60; -+ uint64_t blocks90; -+ uint64_t nfiles; -+ uint32_t id; - } du_t; - - #define NDU 60000 -Index: quota-tools/rquota_server.c -=================================================================== ---- quota-tools.orig/rquota_server.c -+++ quota-tools/rquota_server.c -@@ -60,7 +60,7 @@ extern char nfs_pseudoroot[PATH_MAX]; - */ - extern struct authunix_parms *unix_cred; - --int in_group(gid_t * gids, u_int len, gid_t gid) -+int in_group(gid_t * gids, uint32_t len, gid_t gid) - { - gid_t *gidsp = gids + len; - diff --git a/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch b/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch deleted file mode 100644 index 4687ca06f..000000000 --- a/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a3808fd165847298d025971eb3c7be7d11caba9d Mon Sep 17 00:00:00 2001 -From: "Maxin B. John" <maxin.john@intel.com> -Date: Wed, 8 Nov 2017 11:56:55 +0200 -Subject: [PATCH] Replace getrpcbynumber_r with getrpcbynumber - -musl and uclibc dont implement it - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - svc_socket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/svc_socket.c b/svc_socket.c -index 8a44604..5bdaaa0 100644 ---- a/svc_socket.c -+++ b/svc_socket.c -@@ -36,7 +36,8 @@ static int get_service_port(u_long number, const char *proto) - struct servent servbuf, *servp = NULL; - int ret; - -- ret = getrpcbynumber_r(number, &rpcbuf, rpcdata, sizeof(rpcdata), &rpcp); -+ rpcp = getrpcbynumber(number); -+ ret = 0; - if (ret == 0 && rpcp != NULL) { - /* First try name */ - ret = getservbyname_r(rpcp->r_name, proto, &servbuf, servdata, --- -2.4.0 - diff --git a/poky/meta/recipes-extended/quota/quota_4.04.bb b/poky/meta/recipes-extended/quota/quota_4.05.bb index 93f376286..c5da1e71e 100644 --- a/poky/meta/recipes-extended/quota/quota_4.04.bb +++ b/poky/meta/recipes-extended/quota/quota_4.05.bb @@ -3,18 +3,14 @@ SECTION = "base" HOMEPAGE = "http://sourceforge.net/projects/linuxquota/" BUGTRACKER = "http://sourceforge.net/tracker/?group_id=18136&atid=118136" LICENSE = "BSD & GPLv2+ & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://quota.c;beginline=1;endline=33;md5=331c7d77744bfe0ad24027f0651028ec \ - file://rquota_server.c;beginline=1;endline=20;md5=fe7e0d7e11c6f820f8fa62a5af71230f \ +LIC_FILES_CHKSUM = "file://rquota_server.c;beginline=1;endline=20;md5=fe7e0d7e11c6f820f8fa62a5af71230f \ file://svc_socket.c;beginline=1;endline=17;md5=24d5a8792da45910786eeac750be8ceb" SRC_URI = "${SOURCEFORGE_MIRROR}/project/linuxquota/quota-tools/${PV}/quota-${PV}.tar.gz \ file://fcntl.patch \ - file://remove_non_posix_types.patch \ " -SRC_URI_append_libc-musl = " file://replace_getrpcbynumber_r.patch" - -SRC_URI[md5sum] = "f46f3b0b5141f032f25684005dac49d3" -SRC_URI[sha256sum] = "735be1887e7f51f54165e778ae43fc859c04e44d88834ecb2f470e91d4ef8edf" +SRC_URI[md5sum] = "1c1dbd2cd3d680ccac661239b067e147" +SRC_URI[sha256sum] = "ef3b5b5d1014ed1344b46c1826145e20cbef8db967b522403c9a060761cf7ab9" CVE_PRODUCT = "linux_diskquota" diff --git a/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch b/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch new file mode 100644 index 000000000..de0ba3ebb --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch @@ -0,0 +1,89 @@ +From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001 +From: Chris Lamb <chris@chris-lamb.co.uk> +Date: Wed, 2 Jan 2019 18:06:16 +0000 +Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71) + +From <https://github.com/shadow-maint/shadow/pull/71>: + +``` +The third field in the /etc/shadow file (sp_lstchg) contains the date of +the last password change expressed as the number of days since Jan 1, 1970. +As this is a relative time, creating a user today will result in: + +username:17238:0:99999:7::: +whilst creating the same user tomorrow will result in: + +username:17239:0:99999:7::: +This has an impact for the Reproducible Builds[0] project where we aim to +be independent of as many elements the build environment as possible, +including the current date. + +This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1] +environment variable (instead of Jan 1, 1970) if valid. +``` + +This updated PR adds some missing calls to gettime (). This was originally +filed by Johannes Schauer in Debian as #917773 [2]. + +[0] https://reproducible-builds.org/ +[1] https://reproducible-builds.org/specs/source-date-epoch/ +[2] https://bugs.debian.org/917773 + +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + libmisc/pwd2spwd.c | 3 +-- + src/pwck.c | 2 +- + src/pwconv.c | 2 +- + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c +index c1b9b29ac873..6799dd50d490 100644 +--- a/libmisc/pwd2spwd.c ++++ b/libmisc/pwd2spwd.c +@@ -40,7 +40,6 @@ + #include "prototypes.h" + #include "defines.h" + #include <pwd.h> +-extern time_t time (time_t *); + + /* + * pwd_to_spwd - create entries for new spwd structure +@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw) + */ + sp.sp_min = 0; + sp.sp_max = (10000L * DAY) / SCALE; +- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ sp.sp_lstchg = (long) gettime () / SCALE; + if (0 == sp.sp_lstchg) { + /* Better disable aging than requiring a password + * change */ +diff --git a/src/pwck.c b/src/pwck.c +index 0ffb711efb13..f70071b12500 100644 +--- a/src/pwck.c ++++ b/src/pwck.c +@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed) + sp.sp_inact = -1; + sp.sp_expire = -1; + sp.sp_flag = SHADOW_SP_FLAG_UNSET; +- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ sp.sp_lstchg = (long) gettime () / SCALE; + if (0 == sp.sp_lstchg) { + /* Better disable aging than + * requiring a password change +diff --git a/src/pwconv.c b/src/pwconv.c +index 9c69fa131d8e..f932f266c59c 100644 +--- a/src/pwconv.c ++++ b/src/pwconv.c +@@ -267,7 +267,7 @@ int main (int argc, char **argv) + spent.sp_flag = SHADOW_SP_FLAG_UNSET; + } + spent.sp_pwdp = pw->pw_passwd; +- spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ spent.sp_lstchg = (long) gettime () / SCALE; + if (0 == spent.sp_lstchg) { + /* Better disable aging than requiring a password + * change */ +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch b/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch new file mode 100644 index 000000000..8c8234d03 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch @@ -0,0 +1,71 @@ +From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001 +From: Chris Lamb <chris@chris-lamb.co.uk> +Date: Sun, 31 Mar 2019 15:59:45 +0100 +Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv. + +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + README | 1 + + configure.ac | 3 +++ + lib/defines.h | 6 ++++++ + libmisc/gettime.c | 2 +- + 4 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index 952ac5787f06..26cfff1e8fa8 100644 +--- a/README ++++ b/README +@@ -51,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org> + Calle Karlsson <ckn@kash.se> + Chip Rosenthal <chip@unicom.com> + Chris Evans <lady0110@sable.ox.ac.uk> ++Chris Lamb <chris@chris-lamb.co.uk> + Cristian Gafton <gafton@sorosis.ro> + Dan Walsh <dwalsh@redhat.com> + Darcy Boese <possum@chardonnay.niagara.com> +diff --git a/configure.ac b/configure.ac +index da236722766b..a738ad662cc3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent) + AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr) + + AC_CHECK_FUNC(setpgrp) ++AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV, ++ 1, ++ [Defined to 1 if you have the declaration of 'secure_getenv'])]) + + if test "$ac_cv_header_shadow_h" = "yes"; then + AC_CACHE_CHECK(for working shadow group support, +diff --git a/lib/defines.h b/lib/defines.h +index cded1417fd12..2fb1b56eca6b 100644 +--- a/lib/defines.h ++++ b/lib/defines.h +@@ -382,4 +382,10 @@ extern char *strerror (); + # endif + #endif + ++#ifdef HAVE_SECURE_GETENV ++# define shadow_getenv(name) secure_getenv(name) ++# else ++# define shadow_getenv(name) getenv(name) ++#endif ++ + #endif /* _DEFINES_H_ */ +diff --git a/libmisc/gettime.c b/libmisc/gettime.c +index 53eaf51670bb..0e25a4b75061 100644 +--- a/libmisc/gettime.c ++++ b/libmisc/gettime.c +@@ -52,7 +52,7 @@ + unsigned long long epoch; + + fallback = time (NULL); +- source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); ++ source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH"); + + if (!source_date_epoch) + return fallback; +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 4de21acb7..831751d6d 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -11,6 +11,8 @@ DEPENDS = "virtual/crypt" UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ file://shadow-4.1.3-dots-in-usernames.patch \ + file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch \ + file://0002-gettime-Use-secure_getenv-over-getenv.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " diff --git a/poky/meta/recipes-extended/sysstat/sysstat.inc b/poky/meta/recipes-extended/sysstat/sysstat.inc index 0bc7e14d3..9228fc29c 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat.inc +++ b/poky/meta/recipes-extended/sysstat/sysstat.inc @@ -10,12 +10,11 @@ SRC_URI = "http://pagesperso-orange.fr/sebastien.godard/sysstat-${PV}.tar.xz \ " UPSTREAM_CHECK_URI = "http://sebastien.godard.pagesperso-orange.fr/download.html" -UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" DEPENDS += "base-passwd" # autotools-brokensep as this package doesn't use automake -inherit autotools-brokensep gettext systemd +inherit autotools-brokensep gettext systemd upstream-version-is-even PACKAGECONFIG ??= "" PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors" diff --git a/poky/meta/recipes-extended/tar/tar_1.31.bb b/poky/meta/recipes-extended/tar/tar_1.32.bb index a78504261..7240fdb7e 100644 --- a/poky/meta/recipes-extended/tar/tar_1.31.bb +++ b/poky/meta/recipes-extended/tar/tar_1.32.bb @@ -11,8 +11,8 @@ SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://musl_dirent.patch \ " -SRC_URI[md5sum] = "77afa35b696c8d760331fa0e12c2fac9" -SRC_URI[sha256sum] = "577bd4463eea103bdfc662fc385789e2228dbeb399a1d0b98571ed9ce044f763" +SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" +SRC_URI[sha256sum] = "e4bb9e08e12e7fa9f11fef544efc85e59ba34538593d9ad38148c7ca2bfbb566" inherit autotools gettext texinfo @@ -21,7 +21,7 @@ PACKAGECONFIG_append_class-target = " ${@bb.utils.filter('DISTRO_FEATURES', 'acl PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl" -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" +EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" # Let aclocal use the relative path for the m4 file rather than the # absolute since tar has a lot of m4 files, otherwise there might @@ -45,7 +45,7 @@ do_install_append_class-target() { PACKAGES =+ "${PN}-rmt" -FILES_${PN}-rmt = "${base_sbindir}/rmt*" +FILES_${PN}-rmt = "${sbindir}/rmt*" inherit update-alternatives @@ -57,7 +57,7 @@ ALTERNATIVE_${PN}_class-nativesdk = "" ALTERNATIVE_${PN}-rmt_class-nativesdk = "" ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" +ALTERNATIVE_LINK_NAME[rmt] = "${sbindir}/rmt" PROVIDES_append_class-native = " tar-replacement-native" NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" diff --git a/poky/meta/recipes-extended/wget/wget_1.20.1.bb b/poky/meta/recipes-extended/wget/wget_1.20.1.bb deleted file mode 100644 index d176bd0ac..000000000 --- a/poky/meta/recipes-extended/wget/wget_1.20.1.bb +++ /dev/null @@ -1,8 +0,0 @@ -SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ - file://0002-improve-reproducibility.patch \ - " - -SRC_URI[md5sum] = "f6ebe9c7b375fc9832fb1b2028271fb7" -SRC_URI[sha256sum] = "b783b390cb571c837b392857945f5a1f00ec6b043177cc42abb8ee1b542ee1b3" - -require wget.inc diff --git a/poky/meta/recipes-extended/wget/wget_1.20.3.bb b/poky/meta/recipes-extended/wget/wget_1.20.3.bb new file mode 100644 index 000000000..4fa273d09 --- /dev/null +++ b/poky/meta/recipes-extended/wget/wget_1.20.3.bb @@ -0,0 +1,8 @@ +SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ + file://0002-improve-reproducibility.patch \ + " + +SRC_URI[md5sum] = "db4e6dc7977cbddcd543b240079a4899" +SRC_URI[sha256sum] = "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e" + +require wget.inc |