diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2020-06-06 02:00:41 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2020-06-11 01:09:50 +0300 |
| commit | 4ed12e16f882008388c007c6e86be3ce038d8751 (patch) | |
| tree | e47a1ec0a2595400db33f4aa34b14bc4d5d72ad2 /poky/meta/recipes-support | |
| parent | 8928e81ba673979d658b919717563a78e9d6d25d (diff) | |
| download | openbmc-4ed12e16f882008388c007c6e86be3ce038d8751.tar.xz | |
poky: subtree update:a35bf0e5d3..b66b9f7548
backport:
meson 0.54.2: backport upstream patch for boost libs
Adrian Bunk (1):
libubootenv: Remove the DEPENDS on mtd-utils
Alex Kiernan (2):
openssh: Upgrade 8.2p1 -> 8.3p1
systemd: upgrade v245.5 -> v245.6
Alexander Kanavin (68):
btrfs-tools: upgrade 5.4.1 -> 5.6.1
build-compare: upgrade to latest revision
ccache: upgrade 3.7.7 -> 3.7.9
createrepo-c: upgrade 0.15.7 -> 0.15.10
dpkg: upgrade 1.19.7 -> 1.20.0
librepo: upgrade 1.11.2 -> 1.11.3
python3-numpy: upgrade 1.18.3 -> 1.18.4
python3-cython: upgrade 0.29.16 -> 0.29.19
python3-gitdb: upgrade 4.0.4 -> 4.0.5
python3-mako: upgrade 1.1.1 -> 1.1.3
python3-pygments: upgrade 2.5.2 -> 2.6.1
python3-smmap: upgrade 2.0.5 -> 3.0.4
python3-subunit: upgrade 1.3.0 -> 1.4.0
python3-testtools: upgrade 2.3.0 -> 2.4.0
python3: upgrade 3.8.2 -> 3.8.3
strace: upgrade 5.5 -> 5.6
vala: upgrade 0.46.6 -> 0.48.6
cups: upgrade 2.3.1 -> 2.3.3
gawk: upgrade 5.0.1 -> 5.1.0
libsolv: upgrade 0.7.10 -> 0.7.14
man-pages: upgrade 5.05 -> 5.06
msmtp: upgrade 1.8.8 -> 1.8.10
stress-ng: upgrade 0.11.01 -> 0.11.12
stress-ng: mark as incompatible with musl
sudo: upgrade 1.8.31 -> 1.9.0
adwaita-icon-theme: upgrade 3.34.3 -> 3.36.1
gtk+3: upgrade 3.24.14 -> 3.24.20
cogl-1.0: upgrade 1.22.4 -> 1.22.6
mesa: upgrade 20.0.2 -> 20.0.7
mesa: merge the .bb content into .inc
piglit: upgrade to latest revision
waffle: upgrade 1.6.0 -> 1.6.1
pixman: upgrade 0.38.4 -> 0.40.0
kmod: upgrade 26 -> 27
powertop: upgrade 2.10 -> 2.12
alsa-plugins: upgrade 1.2.1 -> 1.2.2
alsa-tools: upgrade 1.1.7 -> 1.2.2
alsa-utils: split the content into .inc
alsa-topology/ucm-conf: update to 1.2.2
x264: upgrade to latest revision
puzzles: upgrade to latest revision
libcap: upgrade 2.33 -> 2.34
libical: upgrade 3.0.7 -> 3.0.8
libunwind: upgrade 1.3.1 -> 1.4.0
rng-tools: upgrade 6.9 -> 6.10
babeltrace: correct the git SRC_URI
libexif: update to 0.6.22
ppp: update 2.4.7 -> 2.4.8
gettext: update 0.20.1 -> 0.20.2
ptest-runner: fix upstream version check
automake: 1.16.1 -> 1.16.2
bison: 3.5.4 -> 3.6.2
cmake: update 3.16.5 -> 3.17.3
gnu-config: update to latest revision
jquery: update to 3.5.1
json-c: update 0.13.1 - > 0.14
libmodulemd: update 2.9.2 -> 2.9.4
meson: upgrade 0.53.2 -> 0.54.2
shared-mime-info: fix upstream version check
mpg123: fix upstream version check
ethtool: upgrade 5.4 -> 5.6
libcpre2: update 10.34 -> 10.35
help2man-native: update to 1.47.15
apt: update to 1.8.2.1
asciidoc: bump PV to 8.6.10
pulseaudio: exclude pre-releases from version checks
xinetd: switch to a maintained opensuse fork
lz4: disable static library
Andreas Müller (1):
vte: Pack ${libexecdir}/vte-urlencode-cwd to vte-prompt
Anuj Mittal (1):
linux-yocto: bump genericx86 kernel version to v5.4.40
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.42
linux-yocto-rt/5.4: update to rt24
linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
linux-yocto: gather reproducibility configs into a fragment
linux-yocto/5.4: update to v5.4.43
Christian Eggers (2):
librsvg: Extend for nativesdk
tiff: Extend for nativesdk
Hongxu Jia (1):
rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB
Jacob Kroon (1):
bitbake: doc: More explanation to tasks that recursively depend on themselves
Jan Luebbe (1):
classes/buildhistory: capture package config
Jens Rehsack (2):
initscripts/init-system-helpers: fix mountnfs.sh dependency
init-system-helpers: avoid superfluous update-rc.d
Joshua Watt (2):
layer.conf: Bump OE-Core layer version
wic: Add --offset argument for partitions
Junling Zheng (3):
buildstats.bbclass: Remove useless variables
buildstats.bbclass: Do not recalculate build start time
security_flags: Remove stack protector flag from LDFLAGS
Kai Kang (1):
bitbake: bitbake-user-manual-metadata.xml: fix a minor error
Khem Raj (4):
make-mod-scripts: Fix a rare build race condition
go-1.14: Update to 1.14.3 minor release
armv8/tunes: Set TUNE_PKGARCH_64 based on ARMPKGARCH
ltp: Disable sigwaitinfo tests relying on undefined behavior
Konrad Weihmann (8):
qemurunner: fix ip fallback detection
sysfsutils: rem leftover settings for libsysfs-dev
debianutils: whitespace fixes
libjpeg-turbo: whitespace fixes
cairo: remove trailing whitespace
gtk-doc: remove trailing whitespace
libxt: fix whitespaces
cogl: point to correct HOMEPAGE
Lee Chee Yang (4):
re2c: fix CVE-2020-11958
bind: fix CVE-2020-8616/7
glib-2.0: 2.64.2 -> 2.64.3
glib-networking: 2.64.2 -> 2.64.3
Marco Felsch (1):
util-linux: alternatify rtcwake
Mark Hatle (1):
sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors
Martin Jansa (6):
devtool: use -f and don't use --exclude-standard when adding files to workspace
meta-selftest: add test of .gitignore in tarball
lib/oe/patch: prevent applying patches without any subject
lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
Revert "lib/oe/patch: fix handling of patches with no header"
meta-selftest: add test for .patch file with long filename and without subject
Mauro Queirós (3):
bitbake: git.py: skip smudging if lfs=0 is set
bitbake: git.py: LFS bitbake note should not be printed if need_lfs is not set.
bitbake: git.py: Use the correct branch to check if the repository has LFS objects.
Ming Liu (2):
u-boot.inc: fix some inconsistent coding style
u-boot: introduce UBOOT_INITIAL_ENV
Paul Barker (5):
archiver: Fix test case for srpm archiver mode
oe-selftest: Allow overriding the build directory used for tests
oe-selftest: Support verbose log output
oe-selftest: Recursively patch test case paths
bitbake: fetch2: Add the ability to list expanded URL data
Peter Kjellerstedt (1):
cairo: Do not try to remove nonexistent directories
Pierre-Jean Texier (1):
diffoscope: upgrade 144 -> 146
Ralph Siemsen (1):
cve-check: include epoch in product version output
Richard Purdie (7):
lib/classextend: Drop unneeded comment
poky.ent: Update UBUNTU_HOST_PACKAGES_ESSENTIAL to match recent changes
maintainers: Update Ross' email address
logrotate: Drop obsolete setting/comment
oeqa/targetcontrol: Rework exception handling to avoid warnings
patchelf: Add patch to address corrupt shared library issue
poky.ent: Update XXX_HOST_PACKAGES_ESSENTIAL to include mesa for other distros
Robert P. J. Day (1):
bitbake.conf: Remove unused DEPLOY_DIR_TOOLS variable
Tim Orling (1):
bitbake: toaster-requirements.txt: require Django 2.2
Trevor Gamblin (1):
qemuarm: check serial consoles vs /proc/consoles
Wang Mingyu (13):
less: upgrade 551 -> 562
liburcu: upgrade 0.12.0 -> 0.12.1
alsa-lib: upgrade 1.2.1.2 -> 1.2.2
alsa-utils: upgrade 1.2.1 -> 1.2.2
python3-six: upgrade 1.14.0 -> 1.15.0
util-linux: upgrade 2.35.1 -> 2.35.2
xf86-input-libinput: upgrade 0.29.0 -> 0.30.0
ca-certificates: upgrade 20190110 -> 20200601
dbus: upgrade 1.12.16 -> 1.12.18
libyaml: upgrade 0.2.4 -> 0.2.5
sqlite: upgrade 3.31.1 -> 3.32.1
valgrind: upgrade 3.15.0 -> 3.16.0
dbus-test: upgrade 1.12.16 -> 1.12.18
akuster (2):
poky.ent: Update OPENSUSE_HOST_PACKAGES_ESSENTIAL to include mesa-dri-devel
yocto-docs: Add SPDX headers in scripts and Makefile
hongxu (1):
core-image-minimal-initramfs: keep restriction with initramfs-module-install
zangrc (3):
python3-pycairo:upgrade 1.19.0 -> 1.19.1
python3-pygobject:upgrade 3.34.0 -> 3.36.1
python3-setuptools:upgrade 45.2.0 -> 47.1.1
zhengruoqin (2):
gdb: upgrade 9.1 -> 9.2
libyaml: upgrade 0.2.2 -> 0.2.4
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I60e616be0c30904f8cfc947089ed2e4f5e84bc60
Diffstat (limited to 'poky/meta/recipes-support')
30 files changed, 215 insertions, 632 deletions
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb index ce3cb217a..37ba51ce6 100644 --- a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb @@ -5,7 +5,7 @@ This derived from Debian's CA Certificates." HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" SECTION = "misc" LICENSE = "GPL-2.0+ & MPL-2.0" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" # This is needed to ensure we can run the postinst at image creation time DEPENDS = "" @@ -14,7 +14,7 @@ DEPENDS_class-nativesdk = "openssl-native" # Need rehash from openssl and run-parts from debianutils PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" -SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" +SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b" SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ file://0002-update-ca-certificates-use-SYSROOT.patch \ diff --git a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb index 904c52780..768f28906 100644 --- a/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb +++ b/poky/meta/recipes-support/debianutils/debianutils_4.9.1.bb @@ -35,7 +35,7 @@ FILES_${PN}-run-parts = "${base_bindir}/run-parts.debianutils" RDEPENDS_${PN} += "${PN}-run-parts" RDEPENDS_${PN}_class-native = "" -ALTERNATIVE_PRIORITY="30" +ALTERNATIVE_PRIORITY = "30" ALTERNATIVE_${PN} = "add-shell installkernel remove-shell savelog tempfile which" ALTERNATIVE_PRIORITY_${PN}-run-parts = "60" @@ -44,12 +44,12 @@ ALTERNATIVE_${PN}-run-parts = "run-parts" ALTERNATIVE_${PN}-doc = "which.1" ALTERNATIVE_LINK_NAME[which.1] = "${mandir}/man1/which.1" -ALTERNATIVE_LINK_NAME[add-shell]="${sbindir}/add-shell" -ALTERNATIVE_LINK_NAME[installkernel]="${sbindir}/installkernel" -ALTERNATIVE_LINK_NAME[remove-shell]="${sbindir}/remove-shell" -ALTERNATIVE_LINK_NAME[run-parts]="${base_bindir}/run-parts" -ALTERNATIVE_LINK_NAME[savelog]="${bindir}/savelog" -ALTERNATIVE_LINK_NAME[tempfile]="${base_bindir}/tempfile" -ALTERNATIVE_LINK_NAME[which]="${bindir}/which" +ALTERNATIVE_LINK_NAME[add-shell] = "${sbindir}/add-shell" +ALTERNATIVE_LINK_NAME[installkernel] = "${sbindir}/installkernel" +ALTERNATIVE_LINK_NAME[remove-shell] = "${sbindir}/remove-shell" +ALTERNATIVE_LINK_NAME[run-parts] = "${base_bindir}/run-parts" +ALTERNATIVE_LINK_NAME[savelog] = "${bindir}/savelog" +ALTERNATIVE_LINK_NAME[tempfile] = "${base_bindir}/tempfile" +ALTERNATIVE_LINK_NAME[which] = "${bindir}/which" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_144.bb b/poky/meta/recipes-support/diffoscope/diffoscope_146.bb index 3a877cae1..a3402d42d 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_144.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_146.bb @@ -7,8 +7,7 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[md5sum] = "4ee9d1a36086caa31ccbc6300ad31652" -SRC_URI[sha256sum] = "9a45464b7b7184fa1ad2af9c52ebac8f00b3dd5dcf9e15dfc00c653c26fcc345" +SRC_URI[sha256sum] = "a031605c043577c908052763e49b0bd9c1d4d8a169eaf41364900ff1d9566ee2" RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic" diff --git a/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch b/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch deleted file mode 100644 index 848ceb2c0..000000000 --- a/poky/meta/recipes-support/libcap/files/0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a2c4cdb05d0e382101b13944c09c4375e8d7de5f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 31 Mar 2020 13:39:28 +0200 -Subject: [PATCH] psx.c: replace pthread_yield() with standard sched_yield() - -This was causing failures when building with musl C library in -particular. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- -diff --git a/libcap/psx.c b/libcap/psx.c -index 04d250f..7e4ac10 100644 ---- a/libcap/psx.c -+++ b/libcap/psx.c -@@ -533,7 +533,7 @@ long int __psx_syscall(long int syscall_nr, ...) { - if (!waiting) { - break; - } -- pthread_yield(); -+ sched_yield(); - } - - errno = restore_errno; diff --git a/poky/meta/recipes-support/libcap/libcap_2.33.bb b/poky/meta/recipes-support/libcap/libcap_2.34.bb index bec492ca5..a3bd969d2 100644 --- a/poky/meta/recipes-support/libcap/libcap_2.33.bb +++ b/poky/meta/recipes-support/libcap/libcap_2.34.bb @@ -11,10 +11,9 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${ file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ file://0002-tests-do-not-run-target-executables.patch \ file://0001-tests-do-not-statically-link-a-test.patch \ - file://0004-psx.c-replace-pthread_yield-with-standard-sched_yiel.patch \ " -SRC_URI[md5sum] = "dcc6220b4a9bf260050b20c07edcddf4" -SRC_URI[sha256sum] = "08edeaba2757021aeec45c4eeec52566675e0e0f5d4f057284d729e04f2643d6" +SRC_URI[md5sum] = "66028a8080a0891c54b202bb5e749035" +SRC_URI[sha256sum] = "aecdd42015955068d3d94b7caa9590fcb2de5df53ce53c61a21b912bfc0b1611" UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" @@ -26,7 +25,7 @@ do_configure() { # libcap uses := for compilers, fortunately, it gives us a hint # on what should be replaced with ?= sed -e 's,:=,?=,g' -i Make.Rules - sed -e 's,^BUILD_CFLAGS ?= $(.*CFLAGS),BUILD_CFLAGS := $(BUILD_CFLAGS),' -i Make.Rules + sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules } PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch deleted file mode 100644 index a6f307439..000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2016-6328.patch +++ /dev/null @@ -1,64 +0,0 @@ -CVE: CVE-2016-6328 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001 -From: Marcus Meissner <marcus@jet.franken.de> -Date: Tue, 25 Jul 2017 23:44:44 +0200 -Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax - makernote entries. - -This should fix: -https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328 ---- - libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c -index d03d159..ea0429a 100644 ---- a/libexif/pentax/mnote-pentax-entry.c -+++ b/libexif/pentax/mnote-pentax-entry.c -@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - case EXIF_FORMAT_SHORT: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 2) -+ break; - vs = exif_get_short (data, entry->order); - snprintf (val+len, maxlen-len, "%i ", vs); - len = strlen(val); - data += 2; -+ sizeleft -= 2; - } - } - break; - case EXIF_FORMAT_LONG: - { - const unsigned char *data = entry->data; -- size_t k, len = strlen(val); -+ size_t k, len = strlen(val), sizeleft; -+ -+ sizeleft = entry->size; - for(k=0; k<entry->components; k++) { -+ if (sizeleft < 4) -+ break; - vl = exif_get_long (data, entry->order); - snprintf (val+len, maxlen-len, "%li", (long int) vl); - len = strlen(val); - data += 4; -+ sizeleft -= 4; - } - } - break; -@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry, - break; - } - -- return (val); -+ return val; - } diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch deleted file mode 100644 index e49481ff8..000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2017-7544.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8a92f964a66d476ca8907234359e92a70fc1325b Mon Sep 17 00:00:00 2001 -From: Changqing Li <changqing.li@windriver.com> -Date: Tue, 28 Aug 2018 15:12:10 +0800 -Subject: [PATCH] On saving makernotes, make sure the makernote container tags - has a type with 1 byte components. - -Fixes (at least): - https://sourceforge.net/p/libexif/bugs/130 - https://sourceforge.net/p/libexif/bugs/129 - -Upstream-Status: Backport[https://github.com/libexif/libexif/commit/ -c39acd1692023b26290778a02a9232c873f9d71a#diff-830e348923810f00726700b083ec00cd] - -CVE: CVE-2017-7544 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - libexif/exif-data.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index 67df4db..6bf89eb 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e, - exif_mnote_data_set_offset (data->priv->md, *ds - 6); - exif_mnote_data_save (data->priv->md, &e->data, &e->size); - e->components = e->size; -+ if (exif_format_get_size (e->format) != 1) { -+ /* e->format is taken from input code, -+ * but we need to make sure it is a 1 byte -+ * entity due to the multiplication below. */ -+ e->format = EXIF_FORMAT_UNDEFINED; -+ } - } - } - --- -2.7.4 - diff --git a/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch b/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch deleted file mode 100644 index 76233e6dc..000000000 --- a/poky/meta/recipes-support/libexif/libexif/CVE-2018-20030.patch +++ /dev/null @@ -1,115 +0,0 @@ -CVE: CVE-2018-20030 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@intel.com> - -From 6aa11df549114ebda520dde4cdaea2f9357b2c89 Mon Sep 17 00:00:00 2001 -From: Dan Fandrich <dan@coneharvesters.com> -Date: Fri, 12 Oct 2018 16:01:45 +0200 -Subject: [PATCH] Improve deep recursion detection in - exif_data_load_data_content. - -The existing detection was still vulnerable to pathological cases -causing DoS by wasting CPU. The new algorithm takes the number of tags -into account to make it harder to abuse by cases using shallow recursion -but with a very large number of tags. This improves on commit 5d28011c -which wasn't sufficient to counter this kind of case. - -The limitation in the previous fix was discovered by Laurent Delosieres, -Secunia Research at Flexera (Secunia Advisory SA84652) and is assigned -the identifier CVE-2018-20030. - -diff --git a/libexif/exif-data.c b/libexif/exif-data.c -index 67df4db..8d9897e 100644 ---- a/libexif/exif-data.c -+++ b/libexif/exif-data.c -@@ -35,6 +35,7 @@ - #include <libexif/olympus/exif-mnote-data-olympus.h> - #include <libexif/pentax/exif-mnote-data-pentax.h> - -+#include <math.h> - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -@@ -344,6 +345,20 @@ if (data->ifd[(i)]->count) { \ - break; \ - } - -+/*! Calculate the recursion cost added by one level of IFD loading. -+ * -+ * The work performed is related to the cost in the exponential relation -+ * work=1.1**cost -+ */ -+static unsigned int -+level_cost(unsigned int n) -+{ -+ static const double log_1_1 = 0.09531017980432493; -+ -+ /* Adding 0.1 protects against the case where n==1 */ -+ return ceil(log(n + 0.1)/log_1_1); -+} -+ - /*! Load data for an IFD. - * - * \param[in,out] data #ExifData -@@ -351,13 +366,13 @@ if (data->ifd[(i)]->count) { \ - * \param[in] d pointer to buffer containing raw IFD data - * \param[in] ds size of raw data in buffer at \c d - * \param[in] offset offset into buffer at \c d at which IFD starts -- * \param[in] recursion_depth number of times this function has been -- * recursively called without returning -+ * \param[in] recursion_cost factor indicating how expensive this recursive -+ * call could be - */ - static void - exif_data_load_data_content (ExifData *data, ExifIfd ifd, - const unsigned char *d, -- unsigned int ds, unsigned int offset, unsigned int recursion_depth) -+ unsigned int ds, unsigned int offset, unsigned int recursion_cost) - { - ExifLong o, thumbnail_offset = 0, thumbnail_length = 0; - ExifShort n; -@@ -372,9 +387,20 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT)) - return; - -- if (recursion_depth > 30) { -+ if (recursion_cost > 170) { -+ /* -+ * recursion_cost is a logarithmic-scale indicator of how expensive this -+ * recursive call might end up being. It is an indicator of the depth of -+ * recursion as well as the potential for worst-case future recursive -+ * calls. Since it's difficult to tell ahead of time how often recursion -+ * will occur, this assumes the worst by assuming every tag could end up -+ * causing recursion. -+ * The value of 170 was chosen to limit typical EXIF structures to a -+ * recursive depth of about 6, but pathological ones (those with very -+ * many tags) to only 2. -+ */ - exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", -- "Deep recursion detected!"); -+ "Deep/expensive recursion detected!"); - return; - } - -@@ -416,15 +442,18 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd, - switch (tag) { - case EXIF_TAG_EXIF_IFD_POINTER: - CHECK_REC (EXIF_IFD_EXIF); -- exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_GPS_INFO_IFD_POINTER: - CHECK_REC (EXIF_IFD_GPS); -- exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_INTEROPERABILITY_IFD_POINTER: - CHECK_REC (EXIF_IFD_INTEROPERABILITY); -- exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1); -+ exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, -+ recursion_cost + level_cost(n)); - break; - case EXIF_TAG_JPEG_INTERCHANGE_FORMAT: - thumbnail_offset = o; diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb b/poky/meta/recipes-support/libexif/libexif_0.6.21.bb deleted file mode 100644 index d847beab1..000000000 --- a/poky/meta/recipes-support/libexif/libexif_0.6.21.bb +++ /dev/null @@ -1,17 +0,0 @@ -SUMMARY = "Library for reading extended image information (EXIF) from JPEG files" -HOMEPAGE = "http://sourceforge.net/projects/libexif" -SECTION = "libs" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" - -SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \ - file://CVE-2017-7544.patch \ - file://CVE-2016-6328.patch \ - file://CVE-2018-20030.patch" - -SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27" -SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a" - -inherit autotools gettext - -EXTRA_OECONF += "--disable-docs" diff --git a/poky/meta/recipes-support/libexif/libexif_0.6.22.bb b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb new file mode 100644 index 000000000..a520d5c9f --- /dev/null +++ b/poky/meta/recipes-support/libexif/libexif_0.6.22.bb @@ -0,0 +1,19 @@ +SUMMARY = "Library for reading extended image information (EXIF) from JPEG files" +HOMEPAGE = "https://libexif.github.io/" +SECTION = "libs" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad" + +def version_underscore(v): + return "_".join(v.split(".")) + +SRC_URI = "https://github.com/libexif/libexif/releases/download/libexif-${@version_underscore("${PV}")}-release/libexif-${PV}.tar.xz \ + " + +SRC_URI[sha256sum] = "5048f1c8fc509cc636c2f97f4b40c293338b6041a5652082d5ee2cf54b530c56" + +UPSTREAM_CHECK_URI = "https://github.com/libexif/libexif/releases/" + +inherit autotools gettext + +EXTRA_OECONF += "--disable-docs" diff --git a/poky/meta/recipes-support/libical/libical_3.0.7.bb b/poky/meta/recipes-support/libical/libical_3.0.8.bb index a50473e9e..efb943341 100644 --- a/poky/meta/recipes-support/libical/libical_3.0.7.bb +++ b/poky/meta/recipes-support/libical/libical_3.0.8.bb @@ -12,8 +12,8 @@ SRC_URI = " \ https://github.com/${BPN}/${BPN}/releases/download/v${PV}/${BP}.tar.gz \ file://0001-Use-our-hand-build-native-src-generator.patch \ " -SRC_URI[md5sum] = "8a5d07a7fba9e73a85e67f76258bf042" -SRC_URI[sha256sum] = "0abe66df1ea826e57db7f281c704ede834c84139012e6c686ea7adafd4e763fc" +SRC_URI[md5sum] = "41bd1f1fcdcb4779cea478bb55cf07bf" +SRC_URI[sha256sum] = "09fecacaf75ba5a242159e3a9758a5446b5ce4d0ab684f98a7040864e1d1286f" UPSTREAM_CHECK_URI = "https://github.com/libical/libical/releases" inherit cmake pkgconfig diff --git a/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch b/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch deleted file mode 100644 index 871cdfcb7..000000000 --- a/poky/meta/recipes-support/libpcre/libpcre2/pcre-cross.patch +++ /dev/null @@ -1,65 +0,0 @@ -Fix for cross compiling - -Fixed: -| ./dftables src/pcre2_chartables.c -| make: ./dftables: Command not found -| make: *** [src/pcre2_chartables.c] Error 127 - -Upstream-Status: Pending - -Signed-off-by: Robert Yang <liezhi.yang@windriver.com> - -Index: pcre2-10.30/Makefile.am -=================================================================== ---- pcre2-10.30.orig/Makefile.am -+++ pcre2-10.30/Makefile.am -@@ -325,9 +325,21 @@ bin_SCRIPTS = pcre2-config - ## to copy a distributed set of tables that are defined for ASCII code. In this - ## case, dftables is not needed. - -+CC_FOR_BUILD = @CC_FOR_BUILD@ -+CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ -+CCLD_FOR_BUILD = @CCLD_FOR_BUILD@ -+LDFLAGS_FOR_BUILD = @LDFLAGS_FOR_BUILD@ -+ - if WITH_REBUILD_CHARTABLES - noinst_PROGRAMS += dftables - dftables_SOURCES = src/dftables.c -+ -+dftables_LINK = $(CCLD_FOR_BUILD) -o $@ -+dftables_LDFLAGS = $(LDFLAGS_FOR_BUILD) -+ -+src/dftables.o: $(srcdir)/src/dftables.c -+ $(CC_FOR_BUILD) -c $(CFLAGS_FOR_BUILD) -o $@ $(srcdir)/src/dftables.c -+ - src/pcre2_chartables.c: dftables$(EXEEXT) - rm -f $@ - ./dftables$(EXEEXT) $@ -Index: pcre2-10.30/configure.ac -=================================================================== ---- pcre2-10.30.orig/configure.ac -+++ pcre2-10.30/configure.ac -@@ -60,6 +60,23 @@ fi - # This is a new thing required to stop a warning from automake 1.12 - m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) - -+if test x"$cross_compiling" = xyes; then -+ CC_FOR_BUILD="${CC_FOR_BUILD-gcc}" -+ CCLD_FOR_BUILD="${CCLD_FOR_BUILD-gcc}" -+ CFLAGS_FOR_BUILD="${CFLAGS_FOR_BUILD}" -+ LDFLAGS_FOR_BUILD="${LDFLAGS_FOR_BUILD}" -+else -+ CC_FOR_BUILD="${CC_FOR_BUILD-\$(CC)}" -+ CCLD_FOR_BUILD="${CCLD_FOR_BUILD-\$(CCLD)}" -+ CFLAGS_FOR_BUILD="${CFLAGS_FOR_BUILD-\$(CFLAGS)}" -+ LDFLAGS_FOR_BUILD="${LDFLAGS_FOR_BUILD-\$(LDFLAGS)}" -+fi -+AC_ARG_VAR(CC_FOR_BUILD, [build system C compiler]) -+AC_ARG_VAR(CCLD_FOR_BUILD, [build system C linker frontend]) -+AC_ARG_VAR(CFLAGS_FOR_BUILD, [build system C compiler arguments]) -+AC_ARG_VAR(LDFLAGS_FOR_BUILD, [build system C linker frontend arguments]) -+ -+ - # Check for a 64-bit integer type - AC_TYPE_INT64_T - diff --git a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb b/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb index fa8655e02..35c019c10 100644 --- a/poky/meta/recipes-support/libpcre/libpcre2_10.34.bb +++ b/poky/meta/recipes-support/libpcre/libpcre2_10.35.bb @@ -8,14 +8,11 @@ SUMMARY = "Perl Compatible Regular Expressions version 2" HOMEPAGE = "http://www.pcre.org" SECTION = "devel" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENCE;md5=b1588d3bb4cb0e1f5a597d908f8c5b37" +LIC_FILES_CHKSUM = "file://LICENCE;md5=a06590e9bd4c229532364727aaeaf084" -SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \ - file://pcre-cross.patch \ -" +SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2" -SRC_URI[md5sum] = "d280b62ded13f9ccf2fac16ee5286366" -SRC_URI[sha256sum] = "74c473ffaba9e13db6951fd146e0143fe9887852ce73406a03277af1d9b798ca" +SRC_URI[sha256sum] = "9ccba8e02b0ce78046cdfb52e5c177f0f445e421059e43becca4359c669d4613" CVE_PRODUCT = "pcre2" @@ -30,20 +27,14 @@ inherit autotools binconfig-disabled EXTRA_OECONF = "\ --enable-newline-is-lf \ - --enable-rebuild-chartables \ --with-link-size=2 \ --with-match-limit=10000000 \ --enable-pcre2-16 \ --enable-pcre2-32 \ " -# Set LINK_SIZE in BUILD_CFLAGS given that the autotools bbclass use it to -# set CFLAGS_FOR_BUILD, required for the libpcre build. -BUILD_CFLAGS =+ "-DLINK_SIZE=2 -I${B}/src" CFLAGS += "-D_REENTRANT" CXXFLAGS_append_powerpc = " -lstdc++" -export CCLD_FOR_BUILD ="${BUILD_CCLD}" - PACKAGES =+ "libpcre2-16 libpcre2-32 pcre2grep pcre2grep-doc pcre2test pcre2test-doc" SUMMARY_pcre2grep = "grep utility that uses perl 5 compatible regexes" diff --git a/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch b/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch index 79f63fd84..63b78a8a3 100644 --- a/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch +++ b/poky/meta/recipes-support/libunwind/libunwind/musl-header-conflict.patch @@ -1,4 +1,7 @@ -If you: +From 49b21f0fe5fb93b30b94cc449429fd33de0652a7 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Thu, 18 Aug 2016 14:46:32 +0100 +Subject: [PATCH] If you: TCLIBC=musl bitbake unwind TCLIBC=musl bitbake gcc-runtime -c cleansstate @@ -6,12 +9,12 @@ TCLIBC=musl bitbake gcc-runtime you will see libstdc++ fail to build due to finding libunwind's header file. -Khem: "When we build any of gcc components they expect to use internal version -and that works with glibc based gcc since the search headers first look into gcc -headers, however with musl the gcc headers are searched after the standard +Khem: "When we build any of gcc components they expect to use internal version +and that works with glibc based gcc since the search headers first look into gcc +headers, however with musl the gcc headers are searched after the standard headers ( which is by design the right thing )." -This patch hacks around the issue by looking for a define used during gcc-runtime's +This patch hacks around the issue by looking for a define used during gcc-runtime's build and skipping to the internal header in that case. [YOCTO #10129] @@ -20,11 +23,15 @@ RP 2016/8/18 Upstream-Status: Inappropriate [really need to fix gcc] -Index: git/include/unwind.h -=================================================================== ---- git.orig/include/unwind.h -+++ git/include/unwind.h -@@ -23,6 +23,10 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER L +--- + include/unwind.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/include/unwind.h b/include/unwind.h +index 7cf128d..31c2871 100644 +--- a/include/unwind.h ++++ b/include/unwind.h +@@ -23,6 +23,10 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ diff --git a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb b/poky/meta/recipes-support/libunwind/libunwind_1.4.0.bb index 037e04c3c..f50205f1b 100644 --- a/poky/meta/recipes-support/libunwind/libunwind_1.3.1.bb +++ b/poky/meta/recipes-support/libunwind/libunwind_1.4.0.bb @@ -10,8 +10,8 @@ SRC_URI = "http://download.savannah.nongnu.org/releases/libunwind/libunwind-${PV " SRC_URI_append_libc-musl = " file://musl-header-conflict.patch" -SRC_URI[md5sum] = "a04f69d66d8e16f8bf3ab72a69112cd6" -SRC_URI[sha256sum] = "43997a3939b6ccdf2f669b50fdb8a4d3205374728c2923ddc2354c65260214f8" +SRC_URI[md5sum] = "5114504c74ac3992ac06aa551cd55678" +SRC_URI[sha256sum] = "df59c931bd4d7ebfd83ee481c943edf015138089b8e50abed8d9c57ba9338435" EXTRA_OECONF_append_libc-musl = " --disable-documentation --disable-tests --enable-static" diff --git a/poky/meta/recipes-support/liburcu/liburcu_0.12.0.bb b/poky/meta/recipes-support/liburcu/liburcu_0.12.1.bb index 0c20abe6d..3a5ecbcc2 100644 --- a/poky/meta/recipes-support/liburcu/liburcu_0.12.0.bb +++ b/poky/meta/recipes-support/liburcu/liburcu_0.12.1.bb @@ -9,8 +9,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e548d28737289d75a8f1e01ba2fd7825 \ SRC_URI = "http://lttng.org/files/urcu/userspace-rcu-${PV}.tar.bz2" -SRC_URI[md5sum] = "d923a42ce38e33e883313003c8afd559" -SRC_URI[sha256sum] = "409b1be506989e1d26543194df1a79212be990fe5d4fd84f34f019efed989f97" +SRC_URI[md5sum] = "5e419d7b30d0d98bffe0014c704ae936" +SRC_URI[sha256sum] = "bbfaead0345642b97e0de90f889dfbab4b2643a6a5e5c6bb59cd0d26fc0bcd0e" S = "${WORKDIR}/userspace-rcu-${PV}" inherit autotools multilib_header diff --git a/poky/meta/recipes-support/libyaml/libyaml_0.2.2.bb b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb index 5105ce69d..e39a7b908 100644 --- a/poky/meta/recipes-support/libyaml/libyaml_0.2.2.bb +++ b/poky/meta/recipes-support/libyaml/libyaml_0.2.5.bb @@ -5,11 +5,11 @@ HOMEPAGE = "https://pyyaml.org/wiki/LibYAML" SECTION = "libs/devel" LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=a76b4c69bfcf82313bbdc0393b04438a" +LIC_FILES_CHKSUM = "file://License;md5=7bbd28caa69f81f5cd5f48647236663d" SRC_URI = "https://pyyaml.org/download/libyaml/yaml-${PV}.tar.gz" -SRC_URI[md5sum] = "54bf11ccb8bc488b5b3bec931f5b70dc" -SRC_URI[sha256sum] = "4a9100ab61047fd9bd395bcef3ce5403365cafd55c1e0d0299cde14958e47be9" +SRC_URI[md5sum] = "bb15429d8fb787e7d3f1c83ae129a999" +SRC_URI[sha256sum] = "c642ae9b75fee120b2d96c712538bd2cf283228d2337df2cf2988e3c02678ef4" S = "${WORKDIR}/yaml-${PV}" diff --git a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb index ed4452c82..6510156ed 100644 --- a/poky/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/poky/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -21,7 +21,7 @@ S = "${WORKDIR}/git" # Fixed in r118, which is larger than the current version. CVE_CHECK_WHITELIST += "CVE-2014-4715" -EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" +EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" do_install() { oe_runmake install diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb index 09fabdeeb..0a3186dac 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb @@ -12,6 +12,7 @@ PV = "2.4.0+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ " +UPSTREAM_VERSION_UNKNOWN = "1" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch b/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch new file mode 100644 index 000000000..43462e642 --- /dev/null +++ b/poky/meta/recipes-support/re2c/re2c/CVE-2020-11958.patch @@ -0,0 +1,41 @@ +From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001 +From: Ulya Trofimovich <skvadrik@gmail.com> +Date: Fri, 17 Apr 2020 22:47:14 +0100 +Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo). + +The crash happened in a rare case of a very long lexeme that doen't fit +into the buffer, forcing buffer reallocation. + +The crash was caused by an incorrect calculation of the shift offset +(it was smaller than necessary). As a consequence, the data from buffer +start and up to the beginning of the current lexeme was not discarded +(as it should have been), resulting in less free space for new data than +expected. + +Upstream-Status: Backport [https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a] +CVE: CVE-2020-11958 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + src/parse/scanner.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc +index 1d6e9efa..bd651314 100644 +--- a/src/parse/scanner.cc ++++ b/src/parse/scanner.cc +@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need) + if (!buf) fatal("out of memory"); + + memmove(buf, tok, copy); +- shift_ptrs_and_fpos(buf - bot); ++ shift_ptrs_and_fpos(buf - tok); + delete [] bot; + bot = buf; + + free = BSIZE - copy; + } + ++ DASSERT(lim + free <= bot + BSIZE); + if (!read(free)) { + eof = lim; + memset(lim, 0, YYMAXFILL); diff --git a/poky/meta/recipes-support/re2c/re2c_1.3.bb b/poky/meta/recipes-support/re2c/re2c_1.3.bb index 0e1d93874..e9053acdf 100644 --- a/poky/meta/recipes-support/re2c/re2c_1.3.bb +++ b/poky/meta/recipes-support/re2c/re2c_1.3.bb @@ -5,7 +5,9 @@ SECTION = "devel" LICENSE = "PD" LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d" -SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz" +SRC_URI = "https://github.com/skvadrik/re2c/releases/download/${PV}/${BPN}-${PV}.tar.xz \ + file://CVE-2020-11958.patch \ +" SRC_URI[sha256sum] = "f37f25ff760e90088e7d03d1232002c2c2672646d5844fdf8e0d51a5cd75a503" UPSTREAM_CHECK_URI = "https://github.com/skvadrik/re2c/releases" diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch new file mode 100644 index 000000000..96301617b --- /dev/null +++ b/poky/meta/recipes-support/rng-tools/rng-tools/a4b6d9ce64f132e463b9091d0536913ddaf11516.patch @@ -0,0 +1,42 @@ +From a4b6d9ce64f132e463b9091d0536913ddaf11516 Mon Sep 17 00:00:00 2001 +From: Neil Horman <nhorman@tuxdriver.com> +Date: Thu, 30 Apr 2020 16:57:35 -0400 +Subject: [PATCH] Remove name conflict with libc encrypt +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Forgot to fixup the funciton name conflict with libcs encrypt() function +on power systems + +Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/a4b6d9ce64f132e463b9091d0536913ddaf11516] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +Signed-off-by: Neil Horman <nhorman@tuxdriver.com> +Reported-by: Natanael Copa <ncopa@alpinelinux.org> +Reported-by: "Milan P. Stanić" <mps@arvanta.net> +--- + rngd_darn.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rngd_darn.c b/rngd_darn.c +index 35df7a1..9345895 100644 +--- a/rngd_darn.c ++++ b/rngd_darn.c +@@ -109,7 +109,7 @@ static int init_openssl(struct rng *ent_src) + return 0; + } + +-int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, ++static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + unsigned char *iv, unsigned char *ciphertext) + { + int len; +@@ -150,7 +150,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) + unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; + + /* Encrypt the plaintext */ +- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, ++ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, + ciphertext); + printf("Calling mangle with len %d\n", ciphertext_len); + if (!ciphertext_len) diff --git a/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch new file mode 100644 index 000000000..93103ef79 --- /dev/null +++ b/poky/meta/recipes-support/rng-tools/rng-tools/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch @@ -0,0 +1,51 @@ +From dab16a5fd4efde8ef569b358e19b1fcbc7d0d938 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine <fontaine.fabrice@gmail.com> +Date: Mon, 30 Mar 2020 00:10:46 +0200 +Subject: [PATCH] rngd_jitter: disambiguate call to encrypt + +Commit 0f184ea7e792427fb20afe81d471b565aee96f0b disambiguate the call to +encrypt in rngd_rdrand.c but did not update rngd_jitter.c. + +This raise the following build failure: + +rngd_jitter.c:75:12: error: conflicting types for 'encrypt' + static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + ^~~~~~~ +In file included from rngd_jitter.c:27: +/home/dawncrow/buildroot-test/scripts/instance-0/output-1/host/powerpc-buildroot-linux-uclibc/sysroot/usr/include/unistd.h:1132:13: note: previous declaration of 'encrypt' was here + extern void encrypt (char *__block, int __edflag) __THROW __nonnull ((1)); + ^~~~~~~ +Makefile:770: recipe for target 'rngd-rngd_jitter.o' failed + +Fixes: + - http://autobuild.buildroot.org/results/0ca6bf16e3acbc94065b88c4442d6595424b77cb + +Upstream-Status: Backport [https://github.com/nhorman/rng-tools/commit/dab16a5fd4efde8ef569b358e19b1fcbc7d0d938] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> +--- + rngd_jitter.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rngd_jitter.c b/rngd_jitter.c +index c1b1aca..49a3825 100644 +--- a/rngd_jitter.c ++++ b/rngd_jitter.c +@@ -72,7 +72,7 @@ unsigned char *aes_buf; + char key[AES_BLOCK]; + static unsigned char iv_buf[CHUNK_SIZE] __attribute__((aligned(128))); + +-static int encrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, ++static int osslencrypt(unsigned char *plaintext, int plaintext_len, unsigned char *key, + unsigned char *iv, unsigned char *ciphertext) + { + EVP_CIPHER_CTX *ctx; +@@ -122,7 +122,7 @@ static inline int openssl_mangle(unsigned char *tmp, struct rng *ent_src) + unsigned char ciphertext[CHUNK_SIZE * RDRAND_ROUNDS]; + + /* Encrypt the plaintext */ +- ciphertext_len = encrypt (tmp, strlen(tmp), key, iv_buf, ++ ciphertext_len = osslencrypt (tmp, strlen(tmp), key, iv_buf, + ciphertext); + if (!ciphertext_len) + return -1; diff --git a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb b/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb index 8c98a9aa3..3f9720e40 100644 --- a/poky/meta/recipes-support/rng-tools/rng-tools_6.9.bb +++ b/poky/meta/recipes-support/rng-tools/rng-tools_6.10.bb @@ -6,25 +6,28 @@ HOMEPAGE = "https://github.com/nhorman/rng-tools" BUGTRACKER = "https://github.com/nhorman/rng-tools/issues" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -DEPENDS = "sysfsutils" +DEPENDS = "sysfsutils openssl" SRC_URI = "\ git://github.com/nhorman/rng-tools.git \ + file://a4b6d9ce64f132e463b9091d0536913ddaf11516.patch \ + file://dab16a5fd4efde8ef569b358e19b1fcbc7d0d938.patch \ file://init \ file://default \ file://rngd.service \ " -SRCREV = "4a865797a69dd38c64a86aa32884ecc9ba7b4d08" +SRCREV = "0be82200a66d9321451e0a0785bfae350b9cffdc" S = "${WORKDIR}/git" inherit autotools update-rc.d systemd pkgconfig -PACKAGECONFIG ??= "libgcrypt libjitterentropy" +EXTRA_OECONF = "--without-rtlsdr" + +PACKAGECONFIG ??= "libjitterentropy" PACKAGECONFIG_libc-musl = "libargp libjitterentropy" PACKAGECONFIG[libargp] = "--with-libargp,--without-libargp,argp-standalone," -PACKAGECONFIG[libgcrypt] = "--with-libgcrypt,--without-libgcrypt,libgcrypt," PACKAGECONFIG[libjitterentropy] = "--enable-jitterentropy,--disable-jitterentropy,libjitterentropy" PACKAGECONFIG[libp11] = "--with-pkcs11,--without-pkcs11,libp11 openssl" PACKAGECONFIG[nistbeacon] = "--with-nistbeacon,--without-nistbeacon,curl libxml2 openssl" diff --git a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb index 7a060b09a..f0d5bc62e 100644 --- a/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb +++ b/poky/meta/recipes-support/shared-mime-info/shared-mime-info_git.bb @@ -12,9 +12,6 @@ SRCREV = "829b26d85e7d89a0caee03046c3bce373f04c80a" PV = "1.15" S = "${WORKDIR}/git" -UPSTREAM_CHECK_GITTAGREGEX = "Release-(?P<pver>(\d+(\-\d+)+))" -UPSTREAM_VERSION_UNKNOWN = "1" - inherit autotools pkgconfig gettext python3native mime EXTRA_OECONF = "--disable-update-mimedb" diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch deleted file mode 100644 index e30c482bb..000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:46:16 -0700 -Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query, - early-out the resetAccumulator() function to prevent problems due to - incomplete or incorrect initialization of the AggInfo object. Fix for ticket - [af4556bb5c285c08]. - -FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 -Upstream Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718] - -CVE: CVE-2020-11655 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/sqlite3.c b/sqlite3.c -index 1df6633..726adf7 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ - struct AggInfo_func *pFunc; - int nReg = pAggInfo->nFunc + pAggInfo->nColumn; - if( nReg==0 ) return; -+ if( pParse->nErr ) return; - #ifdef SQLITE_DEBUG - /* Verify that all AggInfo registers are within the range specified by - ** AggInfo.mnReg..AggInfo.mxReg */ --- -2.17.1 - diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch deleted file mode 100644 index b88a724e8..000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001 -From: Sakib Sajal <sakib.sajal@windriver.com> -Date: Thu, 30 Apr 2020 10:14:36 -0700 -Subject: [PATCH 1/2] Fix a case when a pointer might be used after - being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. - -FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 -Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d] - -[PATCH 2/2] Do not suppress errors when resolving references in an ORDER - BY clause belonging to a compound SELECT within a view or trigger within - ALTER TABLE. Fix for ticket [a10a14e9b4ba2]. - -FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026 -Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae] - -The two patches were converted to amalgamation format. - -CVE: CVE-2020-11656 -Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> ---- - sqlite3.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 64fae04..1df6633 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( - nc.nErr = 0; - db = pParse->db; - savedSuppErr = db->suppressErr; -- db->suppressErr = 1; -+ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; - rc = sqlite3ResolveExprNames(&nc, pE); - db->suppressErr = savedSuppErr; - if( rc ) return 0; -@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ - } - } - -+/* -+** Unmap all tokens in the IdList object passed as the second argument. -+*/ -+static void unmapColumnIdlistNames( -+ Parse *pParse, -+ IdList *pIdList -+){ -+ if( pIdList ){ -+ int ii; -+ for(ii=0; ii<pIdList->nId; ii++){ -+ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); -+ } -+ } -+} -+ - /* - ** Walker callback used by sqlite3RenameExprUnmap(). - */ -@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ - for(i=0; i<pSrc->nSrc; i++){ - sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); - if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; -+ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); - } - } - --- -2.17.1 - diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch deleted file mode 100644 index fecbbabce..000000000 --- a/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 45d491851e1bca378de158a5e279fd584ce548e4 Mon Sep 17 00:00:00 2001 -From: "D. Richard Hipp" <drh@hwaci.com> -Date: Mon, 17 Feb 2020 00:12:04 +0000 -Subject: [PATCH] [PATCH 1/2] Take care when checking the table of a TK_COLUMN - expression node to see if the table is a virtual table to first ensure that - the Expr.y.pTab pointer is not null due to generated column optimizations. - Ticket [4374860b29383380]. - -FossilOrigin-Name: 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454 - -[PATCH 2/2] A better (smaller and faster) solution to ticket - [4374860b29383380]. - -FossilOrigin-Name: abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d - -The two patches were converted to amalgamation format - -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> -Upstream-Status: Backport -CVE: CVE-2020-9327 ---- - sqlite3.c | 35 ++++++++++++++++++++++++----------- - sqlite3.h | 2 +- - 2 files changed, 25 insertions(+), 12 deletions(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 55dc686..64fae04 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -1167,7 +1167,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers -@@ -17428,8 +17428,11 @@ struct Table { - */ - #ifndef SQLITE_OMIT_VIRTUALTABLE - # define IsVirtual(X) ((X)->nModuleArg) -+# define ExprIsVtab(X) \ -+ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) - #else - # define IsVirtual(X) 0 -+# define ExprIsVtab(X) 0 - #endif - - /* -@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){ - case TK_LT: - case TK_LE: - case TK_GT: -- case TK_GE: -+ case TK_GE: { -+ Expr *pLeft = pExpr->pLeft; -+ Expr *pRight = pExpr->pRight; - testcase( pExpr->op==TK_EQ ); - testcase( pExpr->op==TK_NE ); - testcase( pExpr->op==TK_LT ); - testcase( pExpr->op==TK_LE ); - testcase( pExpr->op==TK_GT ); - testcase( pExpr->op==TK_GE ); -- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) -- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) -+ /* The y.pTab=0 assignment in wherecode.c always happens after the -+ ** impliesNotNullRow() test */ -+ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) -+ && IsVirtual(pLeft->y.pTab)) -+ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) -+ && IsVirtual(pRight->y.pTab)) - ){ -- return WRC_Prune; -+ return WRC_Prune; - } -- -+ } - default: - return WRC_Continue; - } -@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator( - ** MATCH(expression,vtab_column) - */ - pCol = pList->a[1].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - for(i=0; i<ArraySize(aOp); i++){ - if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ - *peOp2 = aOp[i].eOp2; -@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator( - ** with function names in an arbitrary case. - */ - pCol = pList->a[0].pExpr; -- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ -+ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); -+ if( ExprIsVtab(pCol) ){ - sqlite3_vtab *pVtab; - sqlite3_module *pMod; - void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); -@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator( - int res = 0; - Expr *pLeft = pExpr->pLeft; - Expr *pRight = pExpr->pRight; -- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ -+ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); -+ if( ExprIsVtab(pLeft) ){ - res++; - } -- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ -+ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); -+ if( pRight && ExprIsVtab(pRight) ){ - res++; - SWAP(Expr*, pLeft, pRight); - } -@@ -228440,7 +228453,7 @@ SQLITE_API int sqlite3_stmt_init( - #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ - - /************** End of stmt.c ************************************************/ --#if __LINE__!=228443 -+#if __LINE__!=228456 - #undef SQLITE_SOURCE_ID - #define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt2" - #endif -diff --git a/sqlite3.h b/sqlite3.h -index cef6eea..5b9796c 100644 ---- a/sqlite3.h -+++ b/sqlite3.h -@@ -125,7 +125,7 @@ extern "C" { - */ - #define SQLITE_VERSION "3.31.1" - #define SQLITE_VERSION_NUMBER 3031001 --#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" -+#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" - - /* - ** CAPI3REF: Run-Time Library Version Numbers --- -2.25.1 - diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.32.1.bb index 57a791385..d6081f10a 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.32.1.bb @@ -3,13 +3,9 @@ require sqlite3.inc LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" -SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ - file://CVE-2020-9327.patch \ - file://CVE-2020-11656.patch \ - file://CVE-2020-11655.patch \ - " -SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" -SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" +SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz" +SRC_URI[md5sum] = "bc7afc06f1e30b09ac930957af68d723" +SRC_URI[sha256sum] = "486748abfb16abd8af664e3a5f03b228e5f124682b0c942e157644bf6fff7d10" # -19242 is only an issue in specific development branch commits CVE_CHECK_WHITELIST += "CVE-2019-19242" diff --git a/poky/meta/recipes-support/vte/vte_0.60.2.bb b/poky/meta/recipes-support/vte/vte_0.60.2.bb index 4a33f6e4d..8c7054913 100644 --- a/poky/meta/recipes-support/vte/vte_0.60.2.bb +++ b/poky/meta/recipes-support/vte/vte_0.60.2.bb @@ -52,6 +52,9 @@ CFLAGS += "-D_GNU_SOURCE" PACKAGES =+ "libvte ${PN}-prompt" FILES_libvte = "${libdir}/*.so.* ${libdir}/girepository-1.0/*" -FILES_${PN}-prompt = "${sysconfdir}/profile.d" +FILES_${PN}-prompt = " \ + ${sysconfdir}/profile.d \ + ${libexecdir}/vte-urlencode-cwd \ +" BBCLASSEXTEND = "native nativesdk" |