diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core')
19 files changed, 1076 insertions, 7 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf index 43967a28b..bce355ea1 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf +++ b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files/40-oom_reboot.conf @@ -1,4 +1,2 @@ # panic kernel on OOM vm.panic_on_oom=2 -# reboot after 10 sec on panic -kernel.panic=10 diff --git a/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.4.bb b/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.5.bb index 332dc0603..b81c72515 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.4.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/expat/expat_2.4.5.bb @@ -14,7 +14,7 @@ SRC_URI = "https://github.com/libexpat/libexpat/releases/download/R_${VERSION_TA UPSTREAM_CHECK_URI = "https://github.com/libexpat/libexpat/releases/" -SRC_URI[sha256sum] = "14c58c2a0b5b8b31836514dfab41bd191836db7aa7b84ae5c47bc0327a20d64a" +SRC_URI[sha256sum] = "fbb430f964c7a2db2626452b6769e6a8d5d23593a453ccbc21701b74deabedff" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" diff --git a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend index 4b0ce63f9..26e9a2ea5 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/host-error-monitor/host-error-monitor_%.bbappend @@ -1,4 +1,6 @@ -SRC_URI = "git://github.com/openbmc/host-error-monitor" -SRCREV = "1c208480e6de77a5a41b0733c595e8d4a99e5311" +# The URI is required for the autobump script but keep it commented +# to not override the upstream value +# SRC_URI = "git://github.com/openbmc/host-error-monitor;branch=master;protocol=https" +SRCREV = "ed6972aefe37a039d5b41d183eafc8c48549be67" EXTRA_OECMAKE = "-DYOCTO=1" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend index 26bbc34ee..1892a3d44 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend @@ -2,7 +2,7 @@ EXTRA_OECMAKE += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '-DINTEL_PF EXTRA_OECMAKE += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'validation-unsecure', '-DBMC_VALIDATION_UNSECURE_FEATURE=ON', '', d)}" EXTRA_OECMAKE += "-DUSING_ENTITY_MANAGER_DECORATORS=OFF" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem.git" -SRCREV = "a165038f0472459ae2ec0ae50b7e0c09969882c7" +SRCREV = "6346e98cd5f33be2328478f865b34edc7203a99d" FILESEXTRAPATHS:append := ":${THISDIR}/${PN}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend index cea8fd6ed..65e70c04e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/libpeci/libpeci_%.bbappend @@ -1,3 +1,9 @@ # Enable downstream autobump SRC_URI = "git://github.com/openbmc/libpeci" -SRCREV = "6a00e9aa72f75d66eb8b9572c7fd3894f91c6bba" +SRCREV = "bdefaa3c95d0a93928f8ebda1ce158172d3a4bcf" + +inherit pkgconfig systemd + +PACKAGECONFIG ??= "" +PACKAGECONFIG[dbus-raw-peci] = "-DDBUS_RAW_PECI=ON,-DDBUS_RAW_PECI=OFF,boost sdbusplus" +SYSTEMD_SERVICE:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'dbus-raw-peci', 'com.intel.peci.service', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch new file mode 100644 index 000000000..69cb57065 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2/CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch @@ -0,0 +1,207 @@ +From 652dd12a858989b14eed4e84e453059cd3ba340e Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Tue, 8 Feb 2022 03:29:24 +0100 +Subject: [PATCH] [CVE-2022-23308] Use-after-free of ID and IDREF attributes + +If a document is parsed with XML_PARSE_DTDVALID and without +XML_PARSE_NOENT, the value of ID attributes has to be normalized after +potentially expanding entities in xmlRemoveID. Otherwise, later calls +to xmlGetID can return a pointer to previously freed memory. + +ID attributes which are empty or contain only whitespace after +entity expansion are affected in a similar way. This is fixed by +not storing such attributes in the ID table. + +The test to detect streaming mode when validating against a DTD was +broken. In connection with the defects above, this could result in a +use-after-free when using the xmlReader interface with validation. +Fix detection of streaming mode to avoid similar issues. (This changes +the expected result of a test case. But as far as I can tell, using the +XML reader with XIncludes referencing the root document never worked +properly, anyway.) + +All of these issues can result in denial of service. Using xmlReader +with validation could result in disclosure of memory via the error +channel, typically stderr. The security impact of xmlGetID returning +a pointer to freed memory depends on the application. The typical use +case of calling xmlGetID on an unmodified document is not affected. +--- + result/XInclude/ns1.xml.rdr | 2 +- + valid.c | 88 +++++++++++++++++++++++-------------- + 2 files changed, 56 insertions(+), 34 deletions(-) + +diff --git a/result/XInclude/ns1.xml.rdr b/result/XInclude/ns1.xml.rdr +index f23702f57..9a3a5e76a 100644 +--- a/result/XInclude/ns1.xml.rdr ++++ b/result/XInclude/ns1.xml.rdr +@@ -1,7 +1,7 @@ + 0 1 doc 0 0 + 1 14 #text 0 1 + +-1 1 ns:elem 1 0 ++1 1 xi:include 1 0 + 1 14 #text 0 1 + + 1 1 elem 0 0 +diff --git a/valid.c b/valid.c +index 5ee391c04..8e596f1db 100644 +--- a/valid.c ++++ b/valid.c +@@ -479,6 +479,35 @@ nodeVPop(xmlValidCtxtPtr ctxt) + return (ret); + } + ++/** ++ * xmlValidNormalizeString: ++ * @str: a string ++ * ++ * Normalize a string in-place. ++ */ ++static void ++xmlValidNormalizeString(xmlChar *str) { ++ xmlChar *dst; ++ const xmlChar *src; ++ ++ if (str == NULL) ++ return; ++ src = str; ++ dst = str; ++ ++ while (*src == 0x20) src++; ++ while (*src != 0) { ++ if (*src == 0x20) { ++ while (*src == 0x20) src++; ++ if (*src != 0) ++ *dst++ = 0x20; ++ } else { ++ *dst++ = *src++; ++ } ++ } ++ *dst = 0; ++} ++ + #ifdef DEBUG_VALID_ALGO + static void + xmlValidPrintNode(xmlNodePtr cur) { +@@ -2607,6 +2636,24 @@ xmlDumpNotationTable(xmlBufferPtr buf, xmlNotationTablePtr table) { + (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ + xmlFree((char *)(str)); + ++static int ++xmlIsStreaming(xmlValidCtxtPtr ctxt) { ++ xmlParserCtxtPtr pctxt; ++ ++ if (ctxt == NULL) ++ return(0); ++ /* ++ * These magic values are also abused to detect whether we're validating ++ * while parsing a document. In this case, userData points to the parser ++ * context. ++ */ ++ if ((ctxt->finishDtd != XML_CTXT_FINISH_DTD_0) && ++ (ctxt->finishDtd != XML_CTXT_FINISH_DTD_1)) ++ return(0); ++ pctxt = ctxt->userData; ++ return(pctxt->parseMode == XML_PARSE_READER); ++} ++ + /** + * xmlFreeID: + * @not: A id +@@ -2650,7 +2697,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + if (doc == NULL) { + return(NULL); + } +- if (value == NULL) { ++ if ((value == NULL) || (value[0] == 0)) { + return(NULL); + } + if (attr == NULL) { +@@ -2681,7 +2728,7 @@ xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + */ + ret->value = xmlStrdup(value); + ret->doc = doc; +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -2820,6 +2867,7 @@ xmlRemoveID(xmlDocPtr doc, xmlAttrPtr attr) { + ID = xmlNodeListGetString(doc, attr->children, 1); + if (ID == NULL) + return(-1); ++ xmlValidNormalizeString(ID); + + id = xmlHashLookup(table, ID); + if (id == NULL || id->attr != attr) { +@@ -3009,7 +3057,7 @@ xmlAddRef(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value, + * fill the structure. + */ + ret->value = xmlStrdup(value); +- if ((ctxt != NULL) && (ctxt->vstateNr != 0)) { ++ if (xmlIsStreaming(ctxt)) { + /* + * Operating in streaming mode, attr is gonna disappear + */ +@@ -4028,8 +4076,7 @@ xmlValidateAttributeValue2(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlNodePtr elem, const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + int extsubset = 0; + +@@ -4070,19 +4117,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + if ((doc->standalone) && (extsubset == 1) && (!xmlStrEqual(value, ret))) { + xmlErrValidNode(ctxt, elem, XML_DTD_NOT_STANDALONE, + "standalone: %s on %s value had to be normalized based on external subset declaration\n", +@@ -4114,8 +4149,7 @@ xmlValidCtxtNormalizeAttributeValue(xmlValidCtxtPtr ctxt, xmlDocPtr doc, + xmlChar * + xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + const xmlChar *name, const xmlChar *value) { +- xmlChar *ret, *dst; +- const xmlChar *src; ++ xmlChar *ret; + xmlAttributePtr attrDecl = NULL; + + if (doc == NULL) return(NULL); +@@ -4145,19 +4179,7 @@ xmlValidNormalizeAttributeValue(xmlDocPtr doc, xmlNodePtr elem, + ret = xmlStrdup(value); + if (ret == NULL) + return(NULL); +- src = value; +- dst = ret; +- while (*src == 0x20) src++; +- while (*src != 0) { +- if (*src == 0x20) { +- while (*src == 0x20) src++; +- if (*src != 0) +- *dst++ = 0x20; +- } else { +- *dst++ = *src++; +- } +- } +- *dst = 0; ++ xmlValidNormalizeString(ret); + return(ret); + } + diff --git a/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend new file mode 100644 index 000000000..d26a47f4c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/libxml/libxml2_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://CVE-2022-23308-Use-after-free-of-ID-and-IDREF.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb new file mode 100644 index 000000000..5d759aed9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux-libuuid_2.37.4.bb @@ -0,0 +1,16 @@ +# To allow util-linux to optionally build-depend on cryptsetup, libuuid is +# split out of the main recipe, as it's needed by cryptsetup + +require util-linux.inc + +inherit autotools gettext pkgconfig + +S = "${WORKDIR}/util-linux-${PV}" +EXTRA_OECONF += "--disable-all-programs --enable-libuuid" +LICENSE = "BSD-3-Clause" + +do_install:append() { + rm -rf ${D}${datadir} ${D}${bindir} ${D}${base_bindir} ${D}${sbindir} ${D}${base_sbindir} ${D}${exec_prefix}/sbin +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc new file mode 100644 index 000000000..c48f9572f --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux.inc @@ -0,0 +1,40 @@ +SUMMARY = "A suite of basic system administration utilities" +HOMEPAGE = "https://en.wikipedia.org/wiki/Util-linux" +DESCRIPTION = "Util-linux includes a suite of basic system administration utilities \ +commonly found on most Linux systems. Some of the more important utilities include \ +disk partitioning, kernel message management, filesystem creation, and system login." + +SECTION = "base" + +LICENSE = "GPLv2+ & LGPLv2.1+ & BSD-3-Clause & BSD-4-Clause" +LICENSE:${PN}-libblkid = "LGPLv2.1+" +LICENSE:${PN}-libfdisk = "LGPLv2.1+" +LICENSE:${PN}-libmount = "LGPLv2.1+" +LICENSE:${PN}-libsmartcols = "LGPLv2.1+" + +LIC_FILES_CHKSUM = "file://README.licensing;md5=0fd5c050c6187d2bf0a4492b7f4e33da \ + file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://Documentation/licenses/COPYING.GPL-2.0-or-later;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://Documentation/licenses/COPYING.LGPL-2.1-or-later;md5=4fbd65380cdd255951079008b364516c \ + file://Documentation/licenses/COPYING.BSD-3-Clause;md5=58dcd8452651fc8b07d1f65ce07ca8af \ + file://Documentation/licenses/COPYING.BSD-4-Clause-UC;md5=263860f8968d8bafa5392cab74285262 \ + file://libuuid/COPYING;md5=6d2cafc999feb2c2de84d4d24b23290c \ + file://libmount/COPYING;md5=7c7e39fb7d70ffe5d693a643e29987c2 \ + file://libblkid/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ + file://libfdisk/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ + file://libsmartcols/COPYING;md5=693bcbbe16d3a4a4b37bc906bc01cc04 \ +" + +FILESEXTRAPATHS:prepend := "${THISDIR}/util-linux:" +MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-linux-${PV}.tar.xz \ + file://configure-sbindir.patch \ + file://runuser.pamd \ + file://runuser-l.pamd \ + file://ptest.patch \ + file://run-ptest \ + file://display_testname_for_subtest.patch \ + file://avoid_parallel_tests.patch \ + " + +SRC_URI[sha256sum] = "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch new file mode 100644 index 000000000..f1cbdb3be --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/avoid_parallel_tests.patch @@ -0,0 +1,29 @@ +From ee3c7812e1efa6719af68b994804f0e6caceabd8 Mon Sep 17 00:00:00 2001 +From: Tudor Florea <tudor.florea@enea.com> +Date: Mon, 14 Jun 2021 14:00:31 +0200 +Subject: [PATCH] util-linux: Add ptest + +Ptest needs buildtest-TESTS and runtest-TESTS targets. +serial-tests is required to generate those targets. +Revert run.sh script accordingly to serialize running tests + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Inappropriate + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5664f9f..075ef27 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -11,7 +11,7 @@ AC_CONFIG_MACRO_DIR([m4]) + dnl AC_USE_SYSTEM_EXTENSIONS must be called before any macros that run + dnl the compiler (like LT_INIT) to avoid autoconf errors. + AC_USE_SYSTEM_EXTENSIONS +-AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign 1.10 tar-pax no-dist-gzip dist-xz subdir-objects]) ++AM_INIT_AUTOMAKE([-Wall -Wno-portability foreign 1.10 tar-pax no-dist-gzip dist-xz subdir-objects serial-tests]) + + m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])], + [AC_SUBST([AM_DEFAULT_VERBOSITY], [1])]) diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch new file mode 100644 index 000000000..e475289f6 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/configure-sbindir.patch @@ -0,0 +1,23 @@ +util-linux: take ${sbindir} from the environment if it is set there +fix the test, the [ ] syntax was getting eaten by autoconf + +Signed-off-by: Phil Blundell <pb@pbcl.net> +Signed-off-by: Saul Wold <sgw@linux.intel.com +Upstream-Status: Inappropriate [configuration] + +Index: util-linux-2.31/configure.ac +=================================================================== +--- util-linux-2.31.orig/configure.ac ++++ util-linux-2.31/configure.ac +@@ -89,7 +89,10 @@ AC_SUBST([runstatedir]) + usrbin_execdir='${exec_prefix}/bin' + AC_SUBST([usrbin_execdir]) + +-usrsbin_execdir='${exec_prefix}/sbin' ++if test -z "$usrsbin_execdir" ; ++then ++ usrsbin_execdir='${exec_prefix}/sbin' ++fi + AC_SUBST([usrsbin_execdir]) + + AS_CASE([$libdir], diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch new file mode 100644 index 000000000..417ca1d98 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/display_testname_for_subtest.patch @@ -0,0 +1,25 @@ +Display testname for subtest + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Pending + +--- + tests/functions.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/functions.sh b/tests/functions.sh +index 5246605..b24dc15 100644 +--- a/tests/functions.sh ++++ b/tests/functions.sh +@@ -320,7 +320,7 @@ function ts_init_subtest { + + if [ "$TS_PARSABLE" != "yes" ]; then + [ $TS_NSUBTESTS -eq 1 ] && echo +- printf "%16s: %-27s ..." "" "$TS_SUBNAME" ++ printf "%13s: %-30s ..." "$TS_COMPONENT" "$TS_SUBNAME" + fi + } + +-- +2.8.3 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch new file mode 100644 index 000000000..ba2bd3f6a --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/ptest.patch @@ -0,0 +1,24 @@ +From af073c13ef184ca75811df688e0a0a25827b36c3 Mon Sep 17 00:00:00 2001 +From: Tudor Florea <tudor.florea@enea.com> +Date: Thu, 3 Dec 2015 04:08:00 +0100 +Subject: [PATCH] Define TESTS variable + +Signed-off-by: Tudor Florea <tudor.florea@enea.com> +Upstream-Status: Pending + +--- + Makefile.am | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile.am b/Makefile.am +index 886598d..1cf4346 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -57,6 +57,7 @@ systemdsystemunit_DATA = + dist_bashcompletion_DATA = + check_PROGRAMS = + dist_check_SCRIPTS = ++TESTS = $(check_PROGRAMS) + + PATHFILES = + ADOCFILES_COMMON = diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest new file mode 100644 index 000000000..3a910be12 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/run-ptest @@ -0,0 +1,24 @@ +#!/bin/sh + + +# When udevd (from eudev) is running most eject/mount tests will fail because +# of automount. We need to stop udevd before executing util-linux's tests. +# The systemd-udevd daemon doesn't change the outcome of util-linux's tests. +UDEV_PID="`pidof "@base_sbindir@/udevd"`" +if [ "x$UDEV_PID" != "x" ]; then + /etc/init.d/udev stop +fi + +current_path=$(readlink -f $0) +export bindir=$(dirname $current_path) +export PATH=$bindir/bin:$PATH + +./tests/run.sh --use-system-commands --parsable --show-diff | sed -u '{ + s/^\(.*\):\(.*\) \.\.\. OK$/PASS: \1:\2/ + s/^\(.*\):\(.*\) \.\.\. FAILED \(.*\)$/FAIL: \1:\2 \3/ + s/^\(.*\):\(.*\) \.\.\. SKIPPED \(.*\)$/SKIP: \1:\2 \3/ + }' + +if [ "x$UDEV_PID" != "x" ]; then + /etc/init.d/udev start +fi diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd new file mode 100644 index 000000000..4b368ccf5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser-l.pamd @@ -0,0 +1,3 @@ +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd new file mode 100644 index 000000000..48d133b9e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/runuser.pamd @@ -0,0 +1,4 @@ +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb new file mode 100644 index 000000000..d609c3006 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_2.37.4.bb @@ -0,0 +1,320 @@ +require util-linux.inc + +#gtk-doc is not enabled as it requires xmlto which requires util-linux +inherit autotools gettext manpages pkgconfig systemd update-alternatives python3-dir bash-completion ptest +DEPENDS = "libcap-ng ncurses virtual/crypt zlib util-linux-libuuid" + +PACKAGES =+ "${PN}-swaponoff" +PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'pylibmount', '${PN}-pylibmount', '', d)}" + +python util_linux_binpackages () { + def pkg_hook(f, pkg, file_regex, output_pattern, modulename): + pn = d.getVar('PN') + d.appendVar('RRECOMMENDS:%s' % pn, ' %s' % pkg) + + if d.getVar('ALTERNATIVE:' + pkg): + return + if d.getVarFlag('ALTERNATIVE_LINK_NAME', modulename): + d.setVar('ALTERNATIVE:' + pkg, modulename) + + bindirs = sorted(list(set(d.expand("${base_sbindir} ${base_bindir} ${sbindir} ${bindir}").split()))) + for dir in bindirs: + do_split_packages(d, root=dir, + file_regex=r'(.*)', output_pattern='${PN}-%s', + description='${PN} %s', + hook=pkg_hook, extra_depends='') + + # There are some symlinks for some binaries which we have ignored + # above. Add them to the package owning the binary they are + # pointing to + extras = {} + dvar = d.getVar('PKGD') + for root in bindirs: + for walkroot, dirs, files in os.walk(dvar + root): + for f in files: + file = os.path.join(walkroot, f) + if not os.path.islink(file): + continue + + pkg = os.path.basename(os.readlink(file)) + extras.setdefault(pkg, []) + extras[pkg].append(file.replace(dvar, '', 1)) + + pn = d.getVar('PN') + for pkg, links in extras.items(): + of = d.getVar('FILES:' + pn + '-' + pkg) + links = of + " " + " ".join(sorted(links)) + d.setVar('FILES:' + pn + '-' + pkg, links) +} + +# we must execute before update-alternatives PACKAGE_PREPROCESS_FUNCS +PACKAGE_PREPROCESS_FUNCS =+ "util_linux_binpackages " + +# skip libuuid as it will be packaged by the util-linux-libuuid recipe +python util_linux_libpackages() { + do_split_packages(d, root=d.getVar('UTIL_LINUX_LIBDIR'), file_regex=r'^lib(?!uuid)(.*)\.so\..*$', + output_pattern='${PN}-lib%s', + description='${PN} lib%s', + extra_depends='', prepend=True, allow_links=True) +} + +PACKAGESPLITFUNCS =+ "util_linux_libpackages" + +PACKAGES_DYNAMIC = "^${PN}-.*" + +CACHED_CONFIGUREVARS += "scanf_cv_alloc_modifier=ms" +UTIL_LINUX_LIBDIR = "${libdir}" +UTIL_LINUX_LIBDIR:class-target = "${base_libdir}" +EXTRA_OECONF = "\ + --enable-libuuid --enable-libblkid \ + \ + --enable-fsck --enable-kill --enable-last --enable-mesg \ + --enable-mount --enable-partx --enable-raw --enable-rfkill \ + --enable-unshare --enable-write \ + \ + --disable-bfs --disable-login \ + --disable-makeinstall-chown --disable-minix --disable-newgrp \ + --disable-use-tty-group --disable-vipw --disable-raw \ + \ + --without-udev \ + \ + usrsbin_execdir='${sbindir}' \ + --libdir='${UTIL_LINUX_LIBDIR}' \ +" + +EXTRA_OECONF:append:class-target = " --enable-setpriv" +EXTRA_OECONF:append:class-native = " --without-cap-ng --disable-setpriv" +EXTRA_OECONF:append:class-nativesdk = " --without-cap-ng --disable-setpriv" +EXTRA_OECONF:append = " --disable-hwclock-gplv3" + +# enable pcre2 for native/nativesdk to match host distros +# this helps to keep same expectations when using the SDK or +# build host versions during development +# +PACKAGECONFIG ?= "pcre2" +PACKAGECONFIG:class-target ?= "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'chfn-chsh pam', '', d)}" +# inherit manpages requires this to be present, however util-linux does not have +# configuration options, and installs manpages always +PACKAGECONFIG[manpages] = "" +PACKAGECONFIG[pam] = "--enable-su --enable-runuser,--disable-su --disable-runuser, libpam," +# Respect the systemd feature for uuidd +PACKAGECONFIG[systemd] = "--with-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}, --without-systemd --without-systemdsystemunitdir,systemd" +# Build python bindings for libmount +PACKAGECONFIG[pylibmount] = "--with-python=3 --enable-pylibmount,--without-python --disable-pylibmount,python3" +# Readline support +PACKAGECONFIG[readline] = "--with-readline,--without-readline,readline" +# PCRE support in hardlink +PACKAGECONFIG[pcre2] = ",,libpcre2" +PACKAGECONFIG[cryptsetup] = "--with-cryptsetup,--without-cryptsetup,cryptsetup" +PACKAGECONFIG[chfn-chsh] = "--enable-chfn-chsh,--disable-chfn-chsh," + +EXTRA_OEMAKE = "ARCH=${TARGET_ARCH} CPU= CPUOPT= 'OPT=${CFLAGS}'" + +ALLOW_EMPTY:${PN} = "1" +FILES:${PN} = "" +FILES:${PN}-doc += "${datadir}/getopt/getopt-*.*" +FILES:${PN}-dev += "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.la" +FILES:${PN}-mount = "${sysconfdir}/default/mountall" +FILES:${PN}-runuser = "${sysconfdir}/pam.d/runuser*" +FILES:${PN}-su = "${sysconfdir}/pam.d/su-l" +CONFFILES:${PN}-su = "${sysconfdir}/pam.d/su-l" +FILES:${PN}-pylibmount = "${PYTHON_SITEPACKAGES_DIR}/libmount/pylibmount.so \ + ${PYTHON_SITEPACKAGES_DIR}/libmount/__init__.* \ + ${PYTHON_SITEPACKAGES_DIR}/libmount/__pycache__/*" + +# Util-linux' blkid replaces the e2fsprogs one +RCONFLICTS:${PN}-blkid = "${MLPREFIX}e2fsprogs-blkid" +RREPLACES:${PN}-blkid = "${MLPREFIX}e2fsprogs-blkid" + +RRECOMMENDS:${PN}:class-native = "" +RRECOMMENDS:${PN}:class-nativesdk = "" +RDEPENDS:${PN}:class-native = "" +RDEPENDS:${PN}:class-nativesdk = "" + +RDEPENDS:${PN} += " util-linux-libuuid" +RDEPENDS:${PN}-dev += " util-linux-libuuid-dev" + +RPROVIDES:${PN}-dev = "${PN}-libblkid-dev ${PN}-libmount-dev" + +RDEPENDS:${PN}-bash-completion += "${PN}-lsblk" +RDEPENDS:${PN}-ptest += "bash bc btrfs-tools coreutils e2fsprogs findutils grep iproute2 kmod mdadm procps sed socat which xz" +RRECOMMENDS:${PN}-ptest += "kernel-module-scsi-debug kernel-module-sd-mod kernel-module-loop" +RDEPENDS:${PN}-swaponoff = "${PN}-swapon ${PN}-swapoff" +ALLOW_EMPTY:${PN}-swaponoff = "1" + +#SYSTEMD_PACKAGES = "${PN}-uuidd ${PN}-fstrim" +SYSTEMD_SERVICE:${PN}-uuidd = "uuidd.socket uuidd.service" +SYSTEMD_AUTO_ENABLE:${PN}-uuidd = "disable" +SYSTEMD_SERVICE:${PN}-fstrim = "fstrim.timer fstrim.service" +SYSTEMD_AUTO_ENABLE:${PN}-fstrim = "disable" + +do_install () { + # with ccache the timestamps on compiled files may + # end up earlier than on their inputs, this allows + # for the resultant compilation in the install step. + oe_runmake 'CC=${CC}' 'LD=${LD}' \ + 'LDFLAGS=${LDFLAGS}' 'DESTDIR=${D}' install + + mkdir -p ${D}${base_bindir} + + sbinprogs="agetty ctrlaltdel cfdisk vipw vigr" + sbinprogs_a="pivot_root hwclock mkswap losetup swapon swapoff fdisk fsck blkid blockdev fstrim sulogin switch_root nologin" + binprogs_a="dmesg getopt kill more umount mount login su mountpoint" + + if [ "${base_sbindir}" != "${sbindir}" ]; then + mkdir -p ${D}${base_sbindir} + for p in $sbinprogs $sbinprogs_a; do + if [ -f "${D}${sbindir}/$p" ]; then + mv "${D}${sbindir}/$p" "${D}${base_sbindir}/$p" + fi + done + fi + + if [ "${base_bindir}" != "${bindir}" ]; then + mkdir -p ${D}${base_bindir} + for p in $binprogs_a; do + if [ -f "${D}${bindir}/$p" ]; then + mv "${D}${bindir}/$p" "${D}${base_bindir}/$p" + fi + done + fi + + install -d ${D}${sysconfdir}/default/ + echo 'MOUNTALL="-t nonfs,nosmbfs,noncpfs"' > ${D}${sysconfdir}/default/mountall + + rm -f ${D}${bindir}/chkdupexe +} + +do_install:append:class-target () { + if [ "${@bb.utils.filter('PACKAGECONFIG', 'pam', d)}" ]; then + install -d ${D}${sysconfdir}/pam.d + install -m 0644 ${WORKDIR}/runuser.pamd ${D}${sysconfdir}/pam.d/runuser + install -m 0644 ${WORKDIR}/runuser-l.pamd ${D}${sysconfdir}/pam.d/runuser-l + # Required for "su -" aka "su --login" because + # otherwise it uses "other", which has "auth pam_deny.so" + # and thus prevents the operation. + ln -s su ${D}${sysconfdir}/pam.d/su-l + fi +} +# nologin causes a conflict with shadow-native +# kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) +do_install:append:class-native () { + rm -f ${D}${base_sbindir}/nologin + rm -f ${D}${base_bindir}/kill +} + +# dm-verity support introduces a circular build dependency, so util-linux-libuuid is split out for target builds +# Need to build libuuid for uuidgen, but then delete it and let the other recipe ship it +do_install:append () { + rm -rf ${D}${includedir}/uuid ${D}${libdir}/pkgconfig/uuid.pc ${D}${libdir}/libuuid* ${D}${base_libdir}/libuuid* +} + +ALTERNATIVE_PRIORITY = "80" + +ALTERNATIVE_LINK_NAME[blkid] = "${base_sbindir}/blkid" +ALTERNATIVE_LINK_NAME[blockdev] = "${base_sbindir}/blockdev" +ALTERNATIVE_LINK_NAME[cal] = "${bindir}/cal" +ALTERNATIVE_LINK_NAME[chfn] = "${bindir}/chfn" +ALTERNATIVE_LINK_NAME[chsh] = "${bindir}/chsh" +ALTERNATIVE_LINK_NAME[chrt] = "${bindir}/chrt" +ALTERNATIVE_LINK_NAME[dmesg] = "${base_bindir}/dmesg" +ALTERNATIVE_LINK_NAME[eject] = "${bindir}/eject" +ALTERNATIVE_LINK_NAME[fallocate] = "${bindir}/fallocate" +ALTERNATIVE_LINK_NAME[fdisk] = "${base_sbindir}/fdisk" +ALTERNATIVE_LINK_NAME[flock] = "${bindir}/flock" +ALTERNATIVE_LINK_NAME[fsck] = "${base_sbindir}/fsck" +ALTERNATIVE_LINK_NAME[fsfreeze] = "${sbindir}/fsfreeze" +ALTERNATIVE_LINK_NAME[fstrim] = "${base_sbindir}/fstrim" +ALTERNATIVE_LINK_NAME[getopt] = "${base_bindir}/getopt" +ALTERNATIVE:${PN}-agetty = "getty" +ALTERNATIVE_LINK_NAME[getty] = "${base_sbindir}/getty" +ALTERNATIVE_TARGET[getty] = "${base_sbindir}/agetty" +ALTERNATIVE_LINK_NAME[hexdump] = "${bindir}/hexdump" +ALTERNATIVE_LINK_NAME[hwclock] = "${base_sbindir}/hwclock" +ALTERNATIVE_LINK_NAME[ionice] = "${bindir}/ionice" +ALTERNATIVE_LINK_NAME[kill] = "${base_bindir}/kill" +ALTERNATIVE:${PN}-last = "last lastb" +ALTERNATIVE_LINK_NAME[last] = "${bindir}/last" +ALTERNATIVE_LINK_NAME[lastb] = "${bindir}/lastb" +ALTERNATIVE_LINK_NAME[logger] = "${bindir}/logger" +ALTERNATIVE_LINK_NAME[losetup] = "${base_sbindir}/losetup" +ALTERNATIVE_LINK_NAME[mesg] = "${bindir}/mesg" +ALTERNATIVE_LINK_NAME[mkswap] = "${base_sbindir}/mkswap" +ALTERNATIVE_LINK_NAME[mcookie] = "${bindir}/mcookie" +ALTERNATIVE_LINK_NAME[more] = "${base_bindir}/more" +ALTERNATIVE_LINK_NAME[mount] = "${base_bindir}/mount" +ALTERNATIVE_LINK_NAME[mountpoint] = "${base_bindir}/mountpoint" +ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" +ALTERNATIVE_LINK_NAME[nsenter] = "${bindir}/nsenter" +ALTERNATIVE_LINK_NAME[pivot_root] = "${base_sbindir}/pivot_root" +ALTERNATIVE_LINK_NAME[prlimit] = "${bindir}/prlimit" +ALTERNATIVE_LINK_NAME[readprofile] = "${sbindir}/readprofile" +ALTERNATIVE_LINK_NAME[renice] = "${bindir}/renice" +ALTERNATIVE_LINK_NAME[rev] = "${bindir}/rev" +ALTERNATIVE_LINK_NAME[rfkill] = "${sbindir}/rfkill" +ALTERNATIVE_LINK_NAME[rtcwake] = "${sbindir}/rtcwake" +ALTERNATIVE_LINK_NAME[setpriv] = "${bindir}/setpriv" +ALTERNATIVE_LINK_NAME[setsid] = "${bindir}/setsid" +ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" +ALTERNATIVE_LINK_NAME[sulogin] = "${base_sbindir}/sulogin" +ALTERNATIVE_LINK_NAME[swapoff] = "${base_sbindir}/swapoff" +ALTERNATIVE_LINK_NAME[swapon] = "${base_sbindir}/swapon" +ALTERNATIVE_LINK_NAME[switch_root] = "${base_sbindir}/switch_root" +ALTERNATIVE_LINK_NAME[taskset] = "${bindir}/taskset" +ALTERNATIVE_LINK_NAME[umount] = "${base_bindir}/umount" +ALTERNATIVE_LINK_NAME[unshare] = "${bindir}/unshare" +ALTERNATIVE_LINK_NAME[utmpdump] = "${bindir}/utmpdump" +ALTERNATIVE_LINK_NAME[uuidgen] = "${bindir}/uuidgen" +ALTERNATIVE_LINK_NAME[wall] = "${bindir}/wall" + +ALTERNATIVE:${PN}-doc = "\ +blkid.8 eject.1 findfs.8 fsck.8 kill.1 last.1 lastb.1 libblkid.3 logger.1 mesg.1 \ +mountpoint.1 nologin.8 rfkill.8 sulogin.8 utmpdump.1 uuid.3 wall.1\ +" +ALTERNATIVE:${PN}-doc += "${@bb.utils.contains('PACKAGECONFIG', 'pam', 'su.1', '', d)}" + +ALTERNATIVE_LINK_NAME[blkid.8] = "${mandir}/man8/blkid.8" +ALTERNATIVE_LINK_NAME[eject.1] = "${mandir}/man1/eject.1" +ALTERNATIVE_LINK_NAME[findfs.8] = "${mandir}/man8/findfs.8" +ALTERNATIVE_LINK_NAME[fsck.8] = "${mandir}/man8/fsck.8" +ALTERNATIVE_LINK_NAME[kill.1] = "${mandir}/man1/kill.1" +ALTERNATIVE_LINK_NAME[last.1] = "${mandir}/man1/last.1" +ALTERNATIVE_LINK_NAME[lastb.1] = "${mandir}/man1/lastb.1" +ALTERNATIVE_LINK_NAME[libblkid.3] = "${mandir}/man3/libblkid.3" +ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1" +ALTERNATIVE_LINK_NAME[mesg.1] = "${mandir}/man1/mesg.1" +ALTERNATIVE_LINK_NAME[mountpoint.1] = "${mandir}/man1/mountpoint.1" +ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" +ALTERNATIVE_LINK_NAME[rfkill.8] = "${mandir}/man8/rfkill.8" +ALTERNATIVE_LINK_NAME[setpriv.1] = "${mandir}/man1/setpriv.1" +ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" +ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8" +ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" +ALTERNATIVE_LINK_NAME[uuid.3] = "${mandir}/man3/uuid.3" +ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" + +BBCLASSEXTEND = "native nativesdk" + +PTEST_BINDIR = "1" +do_compile_ptest() { + oe_runmake buildtest-TESTS +} + +do_install_ptest() { + mkdir -p ${D}${PTEST_PATH}/tests/ts + find . -name 'test*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + find ./.libs -name 'sample*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + find ./.libs -name 'test*' -maxdepth 1 -type f -perm -111 -exec cp {} ${D}${PTEST_PATH} \; + + cp ${S}/tests/*.sh ${D}${PTEST_PATH}/tests/ + cp -pR ${S}/tests/expected ${D}${PTEST_PATH}/tests/expected + cp -pR ${S}/tests/ts ${D}${PTEST_PATH}/tests/ + cp ${WORKDIR}/build/config.h ${D}${PTEST_PATH} + + sed -i 's|@base_sbindir@|${base_sbindir}|g' ${D}${PTEST_PATH}/run-ptest + + # chfn needs PAM + if ! ${@bb.utils.contains('PACKAGECONFIG', 'pam', 'true', 'false', d)}; then + rm -rf ${D}${PTEST_PATH}/tests/ts/chfn + fi +} diff --git a/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch new file mode 100644 index 000000000..9f37ba5c5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib/CVE-2018-25032.patch @@ -0,0 +1,343 @@ +From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001 +From: Mark Adler <madler@alumni.caltech.edu> +Date: Tue, 17 Apr 2018 22:09:22 -0700 +Subject: [PATCH] Fix a bug that can crash deflate on some input when using + Z_FIXED. + +This bug was reported by Danilo Ramos of Eideticom, Inc. It has +lain in wait 13 years before being found! The bug was introduced +in zlib 1.2.2.2, with the addition of the Z_FIXED option. That +option forces the use of fixed Huffman codes. For rare inputs with +a large number of distant matches, the pending buffer into which +the compressed data is written can overwrite the distance symbol +table which it overlays. That results in corrupted output due to +invalid distances, and can result in out-of-bound accesses, +crashing the application. + +The fix here combines the distance buffer and literal/length +buffers into a single symbol buffer. Now three bytes of pending +buffer space are opened up for each literal or length/distance +pair consumed, instead of the previous two bytes. This assures +that the pending buffer cannot overwrite the symbol table, since +the maximum fixed code compressed length/distance is 31 bits, and +since there are four bytes of pending space for every three bytes +of symbol space. +--- + deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++--------------- + deflate.h | 25 +++++++++---------- + trees.c | 50 +++++++++++-------------------------- + 3 files changed, 79 insertions(+), 70 deletions(-) + +diff --git a/deflate.c b/deflate.c +index 425babc00..19cba873a 100644 +--- a/deflate.c ++++ b/deflate.c +@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + int wrap = 1; + static const char my_version[] = ZLIB_VERSION; + +- ushf *overlay; +- /* We overlay pending_buf and d_buf+l_buf. This works since the average +- * output size for (length,distance) codes is <= 24 bits. +- */ +- + if (version == Z_NULL || version[0] != my_version[0] || + stream_size != sizeof(z_stream)) { + return Z_VERSION_ERROR; +@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + + s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ + +- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); +- s->pending_buf = (uchf *) overlay; +- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); ++ /* We overlay pending_buf and sym_buf. This works since the average size ++ * for length/distance pairs over any compressed block is assured to be 31 ++ * bits or less. ++ * ++ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 ++ * extra bits, for lengths 131 to 257. The longest fixed distance codes are ++ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest ++ * possible fixed-codes length/distance pair is then 31 bits total. ++ * ++ * sym_buf starts one-fourth of the way into pending_buf. So there are ++ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol ++ * in sym_buf is three bytes -- two for the distance and one for the ++ * literal/length. As each symbol is consumed, the pointer to the next ++ * sym_buf value to read moves forward three bytes. From that symbol, up to ++ * 31 bits are written to pending_buf. The closest the written pending_buf ++ * bits gets to the next sym_buf symbol to read is just before the last ++ * code is written. At that time, 31*(n-2) bits have been written, just ++ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at ++ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 ++ * symbols are written.) The closest the writing gets to what is unread is ++ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and ++ * can range from 128 to 32768. ++ * ++ * Therefore, at a minimum, there are 142 bits of space between what is ++ * written and what is read in the overlain buffers, so the symbols cannot ++ * be overwritten by the compressed data. That space is actually 139 bits, ++ * due to the three-bit fixed-code block header. ++ * ++ * That covers the case where either Z_FIXED is specified, forcing fixed ++ * codes, or when the use of fixed codes is chosen, because that choice ++ * results in a smaller compressed block than dynamic codes. That latter ++ * condition then assures that the above analysis also covers all dynamic ++ * blocks. A dynamic-code block will only be chosen to be emitted if it has ++ * fewer bits than a fixed-code block would for the same set of symbols. ++ * Therefore its average symbol length is assured to be less than 31. So ++ * the compressed data for a dynamic block also cannot overwrite the ++ * symbols from which it is being constructed. ++ */ ++ ++ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); ++ s->pending_buf_size = (ulg)s->lit_bufsize * 4; + + if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || + s->pending_buf == Z_NULL) { +@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, + deflateEnd (strm); + return Z_MEM_ERROR; + } +- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); +- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; ++ s->sym_buf = s->pending_buf + s->lit_bufsize; ++ s->sym_end = (s->lit_bufsize - 1) * 3; ++ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K ++ * on 16 bit machines and because stored blocks are restricted to ++ * 64K-1 bytes. ++ */ + + s->level = level; + s->strategy = strategy; +@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value) + + if (deflateStateCheck(strm)) return Z_STREAM_ERROR; + s = strm->state; +- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) ++ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) + return Z_BUF_ERROR; + do { + put = Buf_size - s->bi_valid; +@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source) + #else + deflate_state *ds; + deflate_state *ss; +- ushf *overlay; + + + if (deflateStateCheck(source) || dest == Z_NULL) { +@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source) + ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); + ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); + ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); +- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); +- ds->pending_buf = (uchf *) overlay; ++ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); + + if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || + ds->pending_buf == Z_NULL) { +@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source) + zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); + + ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); +- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); +- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; ++ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; + + ds->l_desc.dyn_tree = ds->dyn_ltree; + ds->d_desc.dyn_tree = ds->dyn_dtree; +@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush) + FLUSH_BLOCK(s, 1); + return finish_done; + } +- if (s->last_lit) ++ if (s->sym_next) + FLUSH_BLOCK(s, 0); + return block_done; + } +diff --git a/deflate.h b/deflate.h +index 23ecdd312..d4cf1a98b 100644 +--- a/deflate.h ++++ b/deflate.h +@@ -217,7 +217,7 @@ typedef struct internal_state { + /* Depth of each subtree used as tie breaker for trees of equal frequency + */ + +- uchf *l_buf; /* buffer for literals or lengths */ ++ uchf *sym_buf; /* buffer for distances and literals/lengths */ + + uInt lit_bufsize; + /* Size of match buffer for literals/lengths. There are 4 reasons for +@@ -239,13 +239,8 @@ typedef struct internal_state { + * - I can't count above 4 + */ + +- uInt last_lit; /* running index in l_buf */ +- +- ushf *d_buf; +- /* Buffer for distances. To simplify the code, d_buf and l_buf have +- * the same number of elements. To use different lengths, an extra flag +- * array would be necessary. +- */ ++ uInt sym_next; /* running index in sym_buf */ ++ uInt sym_end; /* symbol table full when sym_next reaches this */ + + ulg opt_len; /* bit length of current block with optimal trees */ + ulg static_len; /* bit length of current block with static trees */ +@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, + + # define _tr_tally_lit(s, c, flush) \ + { uch cc = (c); \ +- s->d_buf[s->last_lit] = 0; \ +- s->l_buf[s->last_lit++] = cc; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = 0; \ ++ s->sym_buf[s->sym_next++] = cc; \ + s->dyn_ltree[cc].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + # define _tr_tally_dist(s, distance, length, flush) \ + { uch len = (uch)(length); \ + ush dist = (ush)(distance); \ +- s->d_buf[s->last_lit] = dist; \ +- s->l_buf[s->last_lit++] = len; \ ++ s->sym_buf[s->sym_next++] = dist; \ ++ s->sym_buf[s->sym_next++] = dist >> 8; \ ++ s->sym_buf[s->sym_next++] = len; \ + dist--; \ + s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ + s->dyn_dtree[d_code(dist)].Freq++; \ +- flush = (s->last_lit == s->lit_bufsize-1); \ ++ flush = (s->sym_next == s->sym_end); \ + } + #else + # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) +diff --git a/trees.c b/trees.c +index 4f4a65011..decaeb7c3 100644 +--- a/trees.c ++++ b/trees.c +@@ -416,7 +416,7 @@ local void init_block(s) + + s->dyn_ltree[END_BLOCK].Freq = 1; + s->opt_len = s->static_len = 0L; +- s->last_lit = s->matches = 0; ++ s->sym_next = s->matches = 0; + } + + #define SMALLEST 1 +@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) + + Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", + opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, +- s->last_lit)); ++ s->sym_next / 3)); + + if (static_lenb <= opt_lenb) opt_lenb = static_lenb; + +@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + unsigned dist; /* distance of matched string */ + unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ + { +- s->d_buf[s->last_lit] = (ush)dist; +- s->l_buf[s->last_lit++] = (uch)lc; ++ s->sym_buf[s->sym_next++] = dist; ++ s->sym_buf[s->sym_next++] = dist >> 8; ++ s->sym_buf[s->sym_next++] = lc; + if (dist == 0) { + /* lc is the unmatched char */ + s->dyn_ltree[lc].Freq++; +@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) + s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; + s->dyn_dtree[d_code(dist)].Freq++; + } +- +-#ifdef TRUNCATE_BLOCK +- /* Try to guess if it is profitable to stop the current block here */ +- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { +- /* Compute an upper bound for the compressed length */ +- ulg out_length = (ulg)s->last_lit*8L; +- ulg in_length = (ulg)((long)s->strstart - s->block_start); +- int dcode; +- for (dcode = 0; dcode < D_CODES; dcode++) { +- out_length += (ulg)s->dyn_dtree[dcode].Freq * +- (5L+extra_dbits[dcode]); +- } +- out_length >>= 3; +- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", +- s->last_lit, in_length, out_length, +- 100L - out_length*100L/in_length)); +- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; +- } +-#endif +- return (s->last_lit == s->lit_bufsize-1); +- /* We avoid equality with lit_bufsize because of wraparound at 64K +- * on 16 bit machines and because stored blocks are restricted to +- * 64K-1 bytes. +- */ ++ return (s->sym_next == s->sym_end); + } + + /* =========================================================================== +@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree) + { + unsigned dist; /* distance of matched string */ + int lc; /* match length or unmatched char (if dist == 0) */ +- unsigned lx = 0; /* running index in l_buf */ ++ unsigned sx = 0; /* running index in sym_buf */ + unsigned code; /* the code to send */ + int extra; /* number of extra bits to send */ + +- if (s->last_lit != 0) do { +- dist = s->d_buf[lx]; +- lc = s->l_buf[lx++]; ++ if (s->sym_next != 0) do { ++ dist = s->sym_buf[sx++] & 0xff; ++ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; ++ lc = s->sym_buf[sx++]; + if (dist == 0) { + send_code(s, lc, ltree); /* send a literal byte */ + Tracecv(isgraph(lc), (stderr," '%c' ", lc)); +@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree) + } + } /* literal or match pair ? */ + +- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ +- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, +- "pendingBuf overflow"); ++ /* Check that the overlay between pending_buf and sym_buf is ok: */ ++ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); + +- } while (lx < s->last_lit); ++ } while (sx < s->sym_next); + + send_code(s, END_BLOCK, ltree); + } diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib_%.bbappend index fa58d9726..09dea7c00 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/zlib/zlib_%.bbappend @@ -1,4 +1,5 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += " \ + file://CVE-2018-25032.patch \ " |