diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:54:39 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2020-05-05 16:56:13 +0300 |
| commit | 4b740dc9fdbca604749cf15f7ea0e6ead345b5a0 (patch) | |
| tree | 32dd5f8dd157841cdc123f68651f11c9442b07e2 /poky/meta/recipes-support | |
| parent | e231d58c35aabcb38dcd6470d232a738291d90fe (diff) | |
| download | openbmc-4b740dc9fdbca604749cf15f7ea0e6ead345b5a0.tar.xz | |
poky: subtree update:a8544811d7..b5763b2f48
Alexander Kanavin (29):
rpm: upgrade to 4.15.1
libmodulemd: move from 1.x to 2.x version
libdnf: upgrade 0.28.1 -> 0.47.0
dnf: upgrade 4.2.2 -> 4.2.21
dnf: add a patch for base-files installation failures
logrotate: update to 3.16.0
rt-tests: further exclusion of development versions
kmscube: update to latest commit
xcb-proto: update to 1.14
libxcb: update to 1.14
ghostscript: do not hardcode version in SRC_URI
ghostscript: update 9.50 -> 9.52
webkitgtk: update to 2.28.2
python3-gitdb: update to 4.0.4
libevdev: update to 1.9.0
python3-dbusmock: add recipe from meta-oe
mc: update to 4.8.24
coreutils: update to 8.32
glib-2.0: update 2.62.4 -> 2.64.2
glib-networking: update to 2.64.2
gptfdisk: update to 1.0.5
clutter-1.0: update to 1.26.4
diffoscope: update to 143
wpe: update to 1.6.0
vte: update to 0.60.2
libnotify: update to 0.7.9
connman: update to 1.38
xkeyboard-config: update to 2.29
gcr: update to 3.36.0
Andreas M?ller (1):
libsecret: upgrade 0.20.1 -> 0.20.3 / port to meson
Anibal Limon (2):
ptest-runner: Bump to 2.4.0
oeqa/runtime: Use libdir to run ptest-runner
Bartłomiej Burdukiewicz (2):
libva: add PACKAGECONFIG and additonal rules for glx.
libva: removed opengl from REQUIRED_DISTRO_FEATURES.
Benjamin Fair (1):
util-linux: fix build error in kill
Bruce Ashfield (4):
linux-yocto/5.4: update to v5.4.28
linux-yocto/5.4: update to v5.4.32
linux-yocto-dev: bump to v5.7-rc
linux-yocto/5.4: update to v5.4.34
Frazer Clews (2):
bitbake: lib/toaster: fixup codebase so pydocstyle can parse
bitbake: lib/bs4/testing.py: fix bs4 testing
Jan Luebbe (1):
openssl: upgrade 1.1.1f -> 1.1.1g
Joshua Watt (1):
jquery: Upgrade 3.4.1 -> 3.5.0
Khem Raj (2):
dpkg: Add riscv32 CPU support
musl: Remove spurious unused patch
Mingli Yu (1):
iputils: Initialize libgcrypt
Peter Kjellerstedt (1):
libdnf: Use single-quotes around string literals used in SQL statements
Pierre-Jean Texier (3):
timezone: upgrade 2019c -> 2020a
curl: upgrade 7.69.1 -> 7.70.0
curl: support mqtt in PACKAGECONFIG
Richard Purdie (6):
sanity: Require gcc 6 or later
gcc-target: Ensure buildtools-extended-tarball doesn't use arch=native
abi_version/staging: Bump versions to force rebuild after sstate corruption
bitbake: bitdoc: Remove it
utils: Drop FILESPATHPKG usage
utils: Drop is_machine_specific()/machine_paths()
Robert P. J. Day (5):
ref-manual: fix excessive command indentation
ref-manual: IMAGE_TYPES, add tar.zst, delete elf
ref-manual: typo "SSTATE_MIRROR" -> "SSTATE_MIRRORS"
ref-manual: Remove long-dead PACKAGE_GROUP variable
bitbake: docs: delete reference to obsolete recipe-depends.dot
Sakib Sajal (1):
sqlite: backport CVE fixes
Tim Orling (2):
atk: upgrade 2.34.1 -> 2.36.0
at-spi2-core: upgrade 2.34.0 -> 2.36.0
Vyacheslav Yurkov (1):
os-release: sanitize required fields
Wang Mingyu (1):
icu: CVE-2020-10531
Change-Id: Iae5641be5ca6424275d2e0d63ba3a7a5ba90cde2
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-support')
14 files changed, 281 insertions, 70 deletions
diff --git a/poky/meta/recipes-support/atk/at-spi2-core/0001-Fix-source-reproducibility.patch b/poky/meta/recipes-support/atk/at-spi2-core/0001-Fix-source-reproducibility.patch deleted file mode 100644 index 7631969cd..000000000 --- a/poky/meta/recipes-support/atk/at-spi2-core/0001-Fix-source-reproducibility.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b7fa0aa00b07e03e338dd02af564431bf2f2b185 Mon Sep 17 00:00:00 2001 -From: Joshua Watt <Joshua.Watt@garmin.com> -Date: Wed, 20 Nov 2019 15:24:02 -0600 -Subject: [PATCH] Fix source reproducibility - -The generated enum type files can be included in source packages meant -for debugging, and thus need to be reproducible. Replace the absolute -include of the header with the basename. This is sufficient because the -target include files are always in the include path anyway. - -Upstream-Status: Accepted [https://gitlab.gnome.org/GNOME/at-spi2-core/merge_requests/25] -Signed-off-by: Joshua Watt <Joshua.Watt@garmin.com> ---- - atspi/atspi-enum-types.c.template | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/atspi/atspi-enum-types.c.template b/atspi/atspi-enum-types.c.template -index 385d0ee..92e4937 100644 ---- a/atspi/atspi-enum-types.c.template -+++ b/atspi/atspi-enum-types.c.template -@@ -5,7 +5,7 @@ - - /*** BEGIN file-production ***/ - /* enumerations from "@basename@" */ --#include "@filename@" -+#include "@basename@" - - /*** END file-production ***/ - --- -2.23.0 - diff --git a/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb b/poky/meta/recipes-support/atk/at-spi2-core_2.36.0.bb index 84e05e77f..c5d01c929 100644 --- a/poky/meta/recipes-support/atk/at-spi2-core_2.34.0.bb +++ b/poky/meta/recipes-support/atk/at-spi2-core_2.36.0.bb @@ -5,11 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" MAJ_VER = "${@oe.utils.trim_version("${PV}", 2)}" -SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ - file://0001-Fix-source-reproducibility.patch" +SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz" -SRC_URI[md5sum] = "53c21565507105fb68031cd9c21a559b" -SRC_URI[sha256sum] = "d629cdbd674e539f8912028512af583990938c7b49e25184c126b00121ef11c6" +SRC_URI[md5sum] = "f101d111b06293d15738afc904c1d931" +SRC_URI[sha256sum] = "88da57de0a7e3c60bc341a974a80fdba091612db3547c410d6deab039ca5c05a" X11DEPENDS = "virtual/libx11 libxi libxtst" diff --git a/poky/meta/recipes-support/atk/atk_2.34.1.bb b/poky/meta/recipes-support/atk/atk_2.36.0.bb index 277397c69..0786eeebe 100644 --- a/poky/meta/recipes-support/atk/atk_2.34.1.bb +++ b/poky/meta/recipes-support/atk/atk_2.36.0.bb @@ -14,8 +14,8 @@ DEPENDS = "gettext-native glib-2.0" GNOMEBASEBUILDCLASS = "meson" inherit gnomebase gtk-doc gettext upstream-version-is-even gobject-introspection -SRC_URI[archive.md5sum] = "f60bbaf8bdd08b93d98736b54b2fc8e9" -SRC_URI[archive.sha256sum] = "d4f0e3b3d21265fcf2bc371e117da51c42ede1a71f6db1c834e6976bb20997cb" +SRC_URI[archive.md5sum] = "01aa5ec5138f5f8c9b3a4e3196ed2900" +SRC_URI[archive.sha256sum] = "fb76247e369402be23f1f5c65d38a9639c1164d934e40f6a9cf3c9e96b652788" BBCLASSEXTEND = "native nativesdk" diff --git a/poky/meta/recipes-support/curl/curl_7.69.1.bb b/poky/meta/recipes-support/curl/curl_7.70.0.bb index e854e8d4b..baf72f8e7 100644 --- a/poky/meta/recipes-support/curl/curl_7.69.1.bb +++ b/poky/meta/recipes-support/curl/curl_7.70.0.bb @@ -9,8 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ " -SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42" -SRC_URI[sha256sum] = "2ff5e5bd507adf6aa88ff4bbafd4c7af464867ffb688be93b9930717a56c4de8" +SRC_URI[md5sum] = "db69aa37476dfdf9abaa2fb01b8bbf1a" +SRC_URI[sha256sum] = "a50bfe62ad67a24f8b12dd7fd655ac43a0f0299f86ec45b11354f25fbb5829d0" CVE_PRODUCT = "curl libcurl" inherit autotools pkgconfig binconfig multilib_header @@ -34,6 +34,7 @@ PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps," PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2" PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2" PACKAGECONFIG[mbedtls] = "--with-mbedtls=${STAGING_DIR_TARGET},--without-mbedtls,mbedtls" +PACKAGECONFIG[mqtt] = "--enable-mqtt,--disable-mqtt," PACKAGECONFIG[nghttp2] = "--with-nghttp2,--without-nghttp2,nghttp2" PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3," PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy," diff --git a/poky/meta/recipes-support/diffoscope/diffoscope_136.bb b/poky/meta/recipes-support/diffoscope/diffoscope_143.bb index 3e3e1dfc0..4ba3832d1 100644 --- a/poky/meta/recipes-support/diffoscope/diffoscope_136.bb +++ b/poky/meta/recipes-support/diffoscope/diffoscope_143.bb @@ -7,8 +7,8 @@ PYPI_PACKAGE = "diffoscope" inherit pypi setuptools3 -SRC_URI[md5sum] = "c84d8d308a40176ba2f5dc4abdbf6f73" -SRC_URI[sha256sum] = "0d6486d6eb6e0445ba21fee2e8bdd3a366ce786bfac98e00e5a95038b7815f15" +SRC_URI[md5sum] = "a86cf8467a5dec99832d5c082928f937" +SRC_URI[sha256sum] = "a1fb4dd97af92bb8ce275d1caf465971726919e28efe5f043bd3ea9afb50574a" RDEPENDS_${PN} += "binutils vim squashfs-tools python3-libarchive-c python3-magic" diff --git a/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch new file mode 100644 index 000000000..6697b27dc --- /dev/null +++ b/poky/meta/recipes-support/icu/icu/CVE-2020-10531.patch @@ -0,0 +1,128 @@ +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 +From: Frank Tang <ftang@chromium.org> +Date: Sat, 1 Feb 2020 02:39:04 +0000 +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append + +See #971 + +Upstream-Status: Accepted +CVE: CVE-2020-10531 + +Reference to upstream patch: +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca + +--- + common/unistr.cpp | 6 ++- + test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++++++++ + test/intltest/ustrtest.h | 1 + + 3 files changed, 68 insertions(+), 1 deletion(-) + +diff --git a/common/unistr.cpp b/common/unistr.cpp +index 901bb33..6ea0915 100644 +--- a/common/unistr.cpp ++++ b/common/unistr.cpp +@@ -1563,7 +1563,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng + } + + int32_t oldLength = length(); +- int32_t newLength = oldLength + srcLength; ++ int32_t newLength; ++ if (uprv_add32_overflow(oldLength, srcLength, &newLength)) { ++ setToBogus(); ++ return *this; ++ } + + // Check for append onto ourself + const UChar* oldArray = getArrayStart(); +diff --git a/test/intltest/ustrtest.cpp b/test/intltest/ustrtest.cpp +index b6515ea..ad38bdf 100644 +--- a/test/intltest/ustrtest.cpp ++++ b/test/intltest/ustrtest.cpp +@@ -67,6 +67,7 @@ void UnicodeStringTest::runIndexedTest( int32_t index, UBool exec, const char* & + TESTCASE_AUTO(TestWCharPointers); + TESTCASE_AUTO(TestNullPointers); + TESTCASE_AUTO(TestUnicodeStringInsertAppendToSelf); ++ TESTCASE_AUTO(TestLargeAppend); + TESTCASE_AUTO_END; + } + +@@ -2310,3 +2311,64 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() { + str.insert(2, sub); + assertEquals("", u"abbcdcde", str); + } ++ ++void UnicodeStringTest::TestLargeAppend() { ++ if(quick) return; ++ ++ IcuTestErrorCode status(*this, "TestLargeAppend"); ++ // Make a large UnicodeString ++ int32_t len = 0xAFFFFFF; ++ UnicodeString str; ++ char16_t *buf = str.getBuffer(len); ++ // A fast way to set buffer to valid Unicode. ++ // 4E4E is a valid unicode character ++ uprv_memset(buf, 0x4e, len * 2); ++ str.releaseBuffer(len); ++ UnicodeString dest; ++ // Append it 16 times ++ // 0xAFFFFFF times 16 is 0xA4FFFFF1, ++ // which is greater than INT32_MAX, which is 0x7FFFFFFF. ++ int64_t total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++ dest.remove(); ++ total = 0; ++ for (int32_t i = 0; i < 16; i++) { ++ dest.append(str); ++ total += len; ++ if (total + len <= INT32_MAX) { ++ assertFalse("dest is not bogus", dest.isBogus()); ++ } else if (total <= INT32_MAX) { ++ // Check that a string of exactly the maximum size works ++ UnicodeString str2; ++ int32_t remain = INT32_MAX - total; ++ char16_t *buf2 = str2.getBuffer(remain); ++ if (buf2 == nullptr) { ++ // if somehow memory allocation fail, return the test ++ return; ++ } ++ uprv_memset(buf2, 0x4e, remain * 2); ++ str2.releaseBuffer(remain); ++ dest.append(str2); ++ total += remain; ++ assertEquals("When a string of exactly the maximum size works", (int64_t)INT32_MAX, total); ++ assertEquals("When a string of exactly the maximum size works", INT32_MAX, dest.length()); ++ assertFalse("dest is not bogus", dest.isBogus()); ++ ++ // Check that a string size+1 goes bogus ++ str2.truncate(1); ++ dest.append(str2); ++ total++; ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } else { ++ assertTrue("dest should be bogus", dest.isBogus()); ++ } ++ } ++} +diff --git a/test/intltest/ustrtest.h b/test/intltest/ustrtest.h +index 218befd..4a356a9 100644 +--- a/test/intltest/ustrtest.h ++++ b/test/intltest/ustrtest.h +@@ -97,6 +97,7 @@ public: + void TestWCharPointers(); + void TestNullPointers(); + void TestUnicodeStringInsertAppendToSelf(); ++ void TestLargeAppend(); + }; + + #endif +-- +2.17.1 + diff --git a/poky/meta/recipes-support/icu/icu_66.1.bb b/poky/meta/recipes-support/icu/icu_66.1.bb index f2bb344e3..a8096c184 100644 --- a/poky/meta/recipes-support/icu/icu_66.1.bb +++ b/poky/meta/recipes-support/icu/icu_66.1.bb @@ -26,6 +26,7 @@ SRC_URI = "${BASE_SRC_URI};name=code \ file://fix-install-manx.patch \ file://0001-Fix-big-endian-build.patch;apply=no \ file://0001-icu-Added-armeb-support.patch \ + file://CVE-2020-10531.patch \ " SRC_URI_append_class-target = "\ diff --git a/poky/meta/recipes-support/libevdev/libevdev/determinism.patch b/poky/meta/recipes-support/libevdev/libevdev/determinism.patch index 33a6076b7..f6b7fc82d 100644 --- a/poky/meta/recipes-support/libevdev/libevdev/determinism.patch +++ b/poky/meta/recipes-support/libevdev/libevdev/determinism.patch @@ -1,3 +1,8 @@ +From 4f196323aba5b0f49979826533c65633b8a9b6a2 Mon Sep 17 00:00:00 2001 +From: Richard Purdie <richard.purdie@linuxfoundation.org> +Date: Fri, 7 Feb 2020 12:29:56 +0000 +Subject: [PATCH] libevdev: Fix determinism issue + The order of dict values is not deterministic leading to differing header file generation. Sort to remove this inconsistency. @@ -6,29 +11,33 @@ RP 2020/2/7 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Upstream-Status: Pending -Index: a/libevdev/make-event-names.py -=================================================================== +--- + libevdev/make-event-names.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libevdev/make-event-names.py b/libevdev/make-event-names.py +index 88addd7..c973e2a 100755 --- a/libevdev/make-event-names.py +++ b/libevdev/make-event-names.py -@@ -67,10 +67,10 @@ def print_bits(bits, prefix): - if not hasattr(bits, prefix): - return - print("static const char * const %s_map[%s_MAX + 1] = {" % (prefix, prefix.upper())) -- for val, name in list(getattr(bits, prefix).items()): -+ for val, name in sorted(list(getattr(bits, prefix).items())): - print(" [%s] = \"%s\"," % (name, name)) - if prefix == "key": -- for val, name in list(getattr(bits, "btn").items()): -+ for val, name in sorted(list(getattr(bits, "btn").items())): - print(" [%s] = \"%s\"," % (name, name)) - print("};") - print("") -@@ -111,7 +111,7 @@ def print_lookup(bits, prefix): - if not hasattr(bits, prefix): - return +@@ -70,10 +70,10 @@ def print_bits(bits, prefix): + if not hasattr(bits, prefix): + return + print("static const char * const %s_map[%s_MAX + 1] = {" % (prefix, prefix.upper())) +- for val, name in list(getattr(bits, prefix).items()): ++ for val, name in sorted(list(getattr(bits, prefix).items())): + print(" [%s] = \"%s\"," % (name, name)) + if prefix == "key": +- for val, name in list(getattr(bits, "btn").items()): ++ for val, name in sorted(list(getattr(bits, "btn").items())): + print(" [%s] = \"%s\"," % (name, name)) + print("};") + print("") +@@ -118,7 +118,7 @@ def print_lookup(bits, prefix): + if not hasattr(bits, prefix): + return -- names = list(getattr(bits, prefix).items()) -+ names = sorted(list(getattr(bits, prefix).items())) - if prefix == "btn": - names = names + btn_additional; +- names = list(getattr(bits, prefix).items()) ++ names = sorted(list(getattr(bits, prefix).items())) + if prefix == "btn": + names = names + btn_additional diff --git a/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb b/poky/meta/recipes-support/libevdev/libevdev_1.9.0.bb index 3523dc096..a2116a492 100644 --- a/poky/meta/recipes-support/libevdev/libevdev_1.8.0.bb +++ b/poky/meta/recipes-support/libevdev/libevdev_1.9.0.bb @@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=75aae0d38feea6fda97ca381cb9132eb \ SRC_URI = "http://www.freedesktop.org/software/libevdev/${BP}.tar.xz \ file://determinism.patch" -SRC_URI[md5sum] = "879631080be18526737e33b63d848039" -SRC_URI[sha256sum] = "20d3cae4efd277f485abdf8f2a7c46588e539998b5a08c2c4d368218379d4211" +SRC_URI[md5sum] = "13c3f0911f9326d4b9fa103365f84421" +SRC_URI[sha256sum] = "e7e18a64264f2dea19b6c50a481f8c062529d42919ccda0bc861495bce28eb9e" inherit autotools pkgconfig diff --git a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.3.2.bb b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb index 187f22df0..09fabdeeb 100644 --- a/poky/meta/recipes-support/ptest-runner/ptest-runner_2.3.2.bb +++ b/poky/meta/recipes-support/ptest-runner/ptest-runner_2.4.0.bb @@ -7,8 +7,8 @@ HOMEPAGE = "http://git.yoctoproject.org/cgit/cgit.cgi/ptest-runner2/about/" LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://LICENSE;md5=751419260aa954499f7abaabaa882bbe" -SRCREV = "7015e9199ce748c0717addeebe7a8c47448bab03" -PV = "2.3.2+git${SRCPV}" +SRCREV = "1e9a84585909b970cc8850d3ea02a7215dcfa5a3" +PV = "2.4.0+git${SRCPV}" SRC_URI = "git://git.yoctoproject.org/ptest-runner2 \ " diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch new file mode 100644 index 000000000..e30c482bb --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch @@ -0,0 +1,32 @@ +From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001 +From: Sakib Sajal <sakib.sajal@windriver.com> +Date: Thu, 30 Apr 2020 10:46:16 -0700 +Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query, + early-out the resetAccumulator() function to prevent problems due to + incomplete or incorrect initialization of the AggInfo object. Fix for ticket + [af4556bb5c285c08]. + +FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 +Upstream Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718] + +CVE: CVE-2020-11655 +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + sqlite3.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sqlite3.c b/sqlite3.c +index 1df6633..726adf7 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ + struct AggInfo_func *pFunc; + int nReg = pAggInfo->nFunc + pAggInfo->nColumn; + if( nReg==0 ) return; ++ if( pParse->nErr ) return; + #ifdef SQLITE_DEBUG + /* Verify that all AggInfo registers are within the range specified by + ** AggInfo.mnReg..AggInfo.mxReg */ +-- +2.17.1 + diff --git a/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch new file mode 100644 index 000000000..b88a724e8 --- /dev/null +++ b/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch @@ -0,0 +1,70 @@ +From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001 +From: Sakib Sajal <sakib.sajal@windriver.com> +Date: Thu, 30 Apr 2020 10:14:36 -0700 +Subject: [PATCH 1/2] Fix a case when a pointer might be used after + being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. + +FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 +Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d] + +[PATCH 2/2] Do not suppress errors when resolving references in an ORDER + BY clause belonging to a compound SELECT within a view or trigger within + ALTER TABLE. Fix for ticket [a10a14e9b4ba2]. + +FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026 +Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae] + +The two patches were converted to amalgamation format. + +CVE: CVE-2020-11656 +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + sqlite3.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 64fae04..1df6633 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( + nc.nErr = 0; + db = pParse->db; + savedSuppErr = db->suppressErr; +- db->suppressErr = 1; ++ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; + rc = sqlite3ResolveExprNames(&nc, pE); + db->suppressErr = savedSuppErr; + if( rc ) return 0; +@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ + } + } + ++/* ++** Unmap all tokens in the IdList object passed as the second argument. ++*/ ++static void unmapColumnIdlistNames( ++ Parse *pParse, ++ IdList *pIdList ++){ ++ if( pIdList ){ ++ int ii; ++ for(ii=0; ii<pIdList->nId; ii++){ ++ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); ++ } ++ } ++} ++ + /* + ** Walker callback used by sqlite3RenameExprUnmap(). + */ +@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ + for(i=0; i<pSrc->nSrc; i++){ + sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); + if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; ++ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); + } + } + +-- +2.17.1 + diff --git a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb b/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index de564e269..57a791385 100644 --- a/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb +++ b/poky/meta/recipes-support/sqlite/sqlite3_3.31.1.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0 SRC_URI = "http://www.sqlite.org/2020/sqlite-autoconf-${SQLITE_PV}.tar.gz \ file://CVE-2020-9327.patch \ + file://CVE-2020-11656.patch \ + file://CVE-2020-11655.patch \ " SRC_URI[md5sum] = "2d0a553534c521504e3ac3ad3b90f125" SRC_URI[sha256sum] = "62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b51949ae" diff --git a/poky/meta/recipes-support/vte/vte_0.58.3.bb b/poky/meta/recipes-support/vte/vte_0.60.2.bb index 41dc2e77c..3891ff816 100644 --- a/poky/meta/recipes-support/vte/vte_0.58.3.bb +++ b/poky/meta/recipes-support/vte/vte_0.60.2.bb @@ -20,8 +20,8 @@ inherit gnomebase gtk-doc features_check upstream-version-is-even gobject-intros SRC_URI += "file://0001-app.cc-use-old-school-asignment-to-avoid-gcc-4.8-err.patch \ file://0002-Add-W_EXITCODE-macro-for-non-glibc-systems.patch \ " -SRC_URI[archive.md5sum] = "f59eb0784a361c0939c03d4566255916" -SRC_URI[archive.sha256sum] = "22dcb54ac2ad1a56ab0a745e16ccfeb383f0b5860b5bfa1784561216f98d4975" +SRC_URI[archive.md5sum] = "1a0b5395915d2f3c88484511b38cc584" +SRC_URI[archive.sha256sum] = "35a0280e3f12feeb3096da05699191373c47a4a20c55cb7081e828e6015f8ca5" ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" @@ -44,6 +44,7 @@ FILES_${PN}-dev += "${datadir}/vala/vapi/*" PACKAGECONFIG ??= "gnutls" PACKAGECONFIG[vala] = "-Dvapi=true,-Dvapi=false,vala-native vala" PACKAGECONFIG[gnutls] = "-Dgnutls=true,-Dgnutls=false,gnutls" +PACKAGECONFIG[systemd] = "-D_systemd=true,-D_systemd=false,systemd" # vala requires gir PACKAGECONFIG_remove_class-native = "vala" |