diff options
Diffstat (limited to 'poky/meta/recipes-extended')
65 files changed, 670 insertions, 3584 deletions
diff --git a/poky/meta/recipes-extended/acpica/acpica_20180508.bb b/poky/meta/recipes-extended/acpica/acpica_20190405.bb index b5c89fafc..25ad7ce31 100644 --- a/poky/meta/recipes-extended/acpica/acpica_20180508.bb +++ b/poky/meta/recipes-extended/acpica/acpica_20190405.bb @@ -16,12 +16,9 @@ COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" DEPENDS = "bison flex bison-native" -SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz \ - file://rename-yy_scan_string-manually.patch \ - file://manipulate-fds-instead-of-FILE.patch \ - " -SRC_URI[md5sum] = "31691e2eb82b2064f78536a3423c18d6" -SRC_URI[sha256sum] = "5d8fc9d9db9e04830d40bec9add04b21c05d466e0187d354815006fdd823cf15" +SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz" +SRC_URI[md5sum] = "9ee30c8ff3012e213bc3b21a9d632215" +SRC_URI[sha256sum] = "7e144fd011c23a0a10be0b0d7448c527a4c0f621f1f835a271636e448bc96643" UPSTREAM_CHECK_URI = "https://acpica.org/downloads" S = "${WORKDIR}/acpica-unix2-${PV}" @@ -29,18 +26,18 @@ S = "${WORKDIR}/acpica-unix2-${PV}" inherit update-alternatives ALTERNATIVE_PRIORITY = "100" -ALTERNATIVE_${PN} = "acpixtract" +ALTERNATIVE_${PN} = "acpixtract acpidump" -EXTRA_OEMAKE = "CC='${CC}' 'OPT_CFLAGS=-Wall'" +EXTRA_OEMAKE = "CC='${CC}' \ + OPT_CFLAGS=-Wall \ + DESTDIR=${D} \ + PREFIX=${prefix} \ + INSTALLDIR=${bindir} \ + INSTALLFLAGS= \ + " do_install() { - install -D -p -m0755 generate/unix/bin*/iasl ${D}${bindir}/iasl - install -D -p -m0755 generate/unix/bin*/acpibin ${D}${bindir}/acpibin - install -D -p -m0755 generate/unix/bin*/acpiexec ${D}${bindir}/acpiexec - install -D -p -m0755 generate/unix/bin*/acpihelp ${D}${bindir}/acpihelp - install -D -p -m0755 generate/unix/bin*/acpinames ${D}${bindir}/acpinames - install -D -p -m0755 generate/unix/bin*/acpisrc ${D}${bindir}/acpisrc - install -D -p -m0755 generate/unix/bin*/acpixtract ${D}${bindir}/acpixtract + oe_runmake install } # iasl*.bb is a subset of this recipe, so RREPLACE it diff --git a/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch b/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch deleted file mode 100644 index d8b5f9aa8..000000000 --- a/poky/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 540d80469e6a7dce6baf7214df90e86daffc5175 Mon Sep 17 00:00:00 2001 -From: Fan Xin <fan.xin@jp.fujitsu.com> -Date: Mon, 5 Jun 2017 13:26:38 +0900 -Subject: [PATCH] aslfiles.c: manipulate fds instead of FILE - -Copying what stdout/stderr point to is not portable and fails with -musl because FILE is an undefined struct. - -Instead, use lower-level Unix functions to modify the file that stderr -writes into. This works on the platforms that Yocto targets. - -Upstream-Status: Inappropriate [embedded specific] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - -Rebase on acpica 20170303 - -Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> - ---- - source/compiler/aslfiles.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/source/compiler/aslfiles.c b/source/compiler/aslfiles.c -index 82865db..cc072dc 100644 ---- a/source/compiler/aslfiles.c -+++ b/source/compiler/aslfiles.c -@@ -43,6 +43,11 @@ - - #include "aslcompiler.h" - #include "acapps.h" -+#include "dtcompiler.h" -+#include <sys/types.h> -+#include <sys/stat.h> -+#include <fcntl.h> -+#include <unistd.h> - - #define _COMPONENT ACPI_COMPILER - ACPI_MODULE_NAME ("aslfiles") -@@ -606,6 +611,8 @@ FlOpenMiscOutputFiles ( - - if (Gbl_DebugFlag) - { -+ int fd; -+ - Filename = FlGenerateFilename (FilenamePrefix, FILE_SUFFIX_DEBUG); - if (!Filename) - { -@@ -617,10 +624,10 @@ FlOpenMiscOutputFiles ( - /* Open the debug file as STDERR, text mode */ - - Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Filename = Filename; -- Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle = -- freopen (Filename, "w+t", stderr); - -- if (!Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle) -+ fd = open(Filename, O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); -+ if (fd < 0 || -+ dup2(fd, fileno(stderr))) - { - /* - * A problem with freopen is that on error, we no longer -@@ -634,6 +641,8 @@ FlOpenMiscOutputFiles ( - exit (1); - } - -+ Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle = stderr; -+ - AslCompilerSignon (ASL_FILE_DEBUG_OUTPUT); - AslCompilerFileHeader (ASL_FILE_DEBUG_OUTPUT); - } diff --git a/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch b/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch deleted file mode 100644 index b62ca25ba..000000000 --- a/poky/meta/recipes-extended/acpica/files/rename-yy_scan_string-manually.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 2ab61e6ad5a9cfcde838379bc36babfaaa61afb8 Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Fri, 20 Jan 2017 13:50:17 +0100 -Subject: [PATCH] rename yy_scan_string manually - -flex 2.6.0 used to generate code where yy_scan_string was mapped -to <custom prefix>_scan_string directly in the generated .c code. - -For example, generate/unix/iasl/obj/prparserlex.c: - -int -PrInitLexer ( - char *String) -{ - - LexBuffer = PrParser_scan_string (String); - return (LexBuffer == NULL); -} - -flex 2.6.3 no longer does that, leading to a compiler warning -and link error about yy_scan_string(). - -Both versions generate a preamble in the beginning of prparserlex.c -that maps several yy_* names, but yy_scan_string is not among those: - -... -... - -Upstream-Status: Inappropriate [workaround for https://github.com/westes/flex/issues/164] -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> ---- - source/compiler/dtparser.l | 2 +- - source/compiler/prparser.l | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/source/compiler/dtparser.l b/source/compiler/dtparser.l -index 3f4c2f3..eaa43ff 100644 ---- a/source/compiler/dtparser.l -+++ b/source/compiler/dtparser.l -@@ -120,7 +120,7 @@ DtInitLexer ( - char *String) - { - -- LexBuffer = yy_scan_string (String); -+ LexBuffer = DtParser_scan_string (String); - return (LexBuffer == NULL); - } - -diff --git a/source/compiler/prparser.l b/source/compiler/prparser.l -index 10bd130..9cb3573 100644 ---- a/source/compiler/prparser.l -+++ b/source/compiler/prparser.l -@@ -127,7 +127,7 @@ PrInitLexer ( - char *String) - { - -- LexBuffer = yy_scan_string (String); -+ LexBuffer = PrParser_scan_string (String); - return (LexBuffer == NULL); - } - --- -2.11.0 - diff --git a/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch b/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch deleted file mode 100644 index 5405c84c7..000000000 --- a/poky/meta/recipes-extended/bash/bash/0001-help-fix-printf-format-security-warning.patch +++ /dev/null @@ -1,35 +0,0 @@ -From e5837a42f8f48a6a721805ff8f7fcd32861d09ca Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <adraszik@tycoint.com> -Date: Tue, 26 Jul 2016 13:09:47 +0100 -Subject: [PATCH] help: fix printf() format security warning -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def: In function 'help_builtin': -| ../../bash-4.3.30/builtins/../../bash-4.3.30/builtins/help.def:130:7: error: format not a string literal and no format arguments [-Werror=format-security] -| printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); -| ^~~~~~ - -Signed-off-by: AndrĂ© Draszik <adraszik@tycoint.com> ---- -Upstream-Status: Pending - builtins/help.def | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/builtins/help.def b/builtins/help.def -index 1894f17..cf624c6 100644 ---- a/builtins/help.def -+++ b/builtins/help.def -@@ -127,7 +127,7 @@ help_builtin (list) - - if (glob_pattern_p (list->word->word)) - { -- printf (ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); -+ printf ("%s", ngettext ("Shell commands matching keyword `", "Shell commands matching keywords `", (list->next ? 2 : 1))); - print_word_list (list, ", "); - printf ("'\n\n"); - } --- -2.8.1 - diff --git a/poky/meta/recipes-extended/bash/bash/build-tests.patch b/poky/meta/recipes-extended/bash/bash/build-tests.patch index 73a81b60d..5f2dae94a 100644 --- a/poky/meta/recipes-extended/bash/bash/build-tests.patch +++ b/poky/meta/recipes-extended/bash/bash/build-tests.patch @@ -2,15 +2,18 @@ Add 'ptest' target to Makefile, to run tests without checking dependencies. Upstream-Status: Pending Signed-off-by: Anders Roxell <anders.roxell@enea.com> + +Rebase to 5.0 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- Makefile.in | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Makefile.in b/Makefile.in +index 5fcb44b..de1c255 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -848,20 +848,34 @@ maybe-clean: +@@ -932,20 +932,34 @@ maybe-clean: fi recho$(EXEEXT): $(SUPPORT_SRC)recho.c @@ -51,5 +54,5 @@ diff --git a/Makefile.in b/Makefile.in PATH=$(BUILD_DIR)/tests:$$PATH THIS_SH=$(THIS_SH) $(SHELL) ${TESTSCRIPT} ) -- -1.8.1.2 +2.7.4 diff --git a/poky/meta/recipes-extended/bash/bash/execute_cmd.patch b/poky/meta/recipes-extended/bash/bash/execute_cmd.patch index 9970b4d8f..7a9e9a902 100644 --- a/poky/meta/recipes-extended/bash/bash/execute_cmd.patch +++ b/poky/meta/recipes-extended/bash/bash/execute_cmd.patch @@ -1,10 +1,16 @@ Upstream-Status: Inappropriate [embedded specific] -Index: execute_cmd.c -=================================================================== ---- execute_cmd.c.orig -+++ execute_cmd.c -@@ -2459,7 +2459,11 @@ execute_pipeline (command, asynchronous, +Rebase to 5.0 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + execute_cmd.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/execute_cmd.c b/execute_cmd.c +index f1d74bf..31674b4 100644 +--- a/execute_cmd.c ++++ b/execute_cmd.c +@@ -2567,7 +2567,11 @@ execute_pipeline (command, asynchronous, pipe_in, pipe_out, fds_to_close) /* If the `lastpipe' option is set with shopt, and job control is not enabled, execute the last element of non-async pipelines in the current shell environment. */ @@ -17,3 +23,6 @@ Index: execute_cmd.c { lstdin = move_to_high_fd (0, 1, -1); if (lstdin > 0) +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch b/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch deleted file mode 100644 index e05bbda31..000000000 --- a/poky/meta/recipes-extended/bash/bash/pathexp-dep.patch +++ /dev/null @@ -1,13 +0,0 @@ -pathexp includes libintl.h but doesn't depend on it, thus a build race can occur. - -Upstream-Status: Submitted (https://savannah.gnu.org/patch/index.php?9503) -Signed-off-by: Ross Burton <ross.burton@intel.com> - -diff --git a/Makefile.in b/Makefile.in -index c7b62bc0..241cbf12 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -1281,2 +1281,3 @@ nojobs.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h - y.tab.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h -+pathexp.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h - pcomplete.o: bashintl.h ${LIBINTL_H} $(BASHINCDIR)/gettext.h diff --git a/poky/meta/recipes-extended/bash/bash_4.4.18.bb b/poky/meta/recipes-extended/bash/bash_4.4.18.bb deleted file mode 100644 index 8fa0978d4..000000000 --- a/poky/meta/recipes-extended/bash/bash_4.4.18.bb +++ /dev/null @@ -1,41 +0,0 @@ -require bash.inc - -# GPLv2+ (< 4.0), GPLv3+ (>= 4.0) -LICENSE = "GPLv3+" -LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" - -SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-019;apply=yes;striplevel=0;name=patch019 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-020;apply=yes;striplevel=0;name=patch020 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-021;apply=yes;striplevel=0;name=patch021 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-022;apply=yes;striplevel=0;name=patch022 \ - ${GNU_MIRROR}/bash/bash-4.4-patches/bash44-023;apply=yes;striplevel=0;name=patch023 \ - file://execute_cmd.patch;striplevel=0 \ - file://mkbuiltins_have_stringize.patch \ - file://build-tests.patch \ - file://test-output.patch \ - file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ - file://run-ptest \ - file://fix-run-builtins.patch \ - file://0001-help-fix-printf-format-security-warning.patch \ - file://pathexp-dep.patch \ - " - -SRC_URI[tarball.md5sum] = "518e2c187cc11a17040f0915dddce54e" -SRC_URI[tarball.sha256sum] = "604d9eec5e4ed5fd2180ee44dd756ddca92e0b6aa4217bbab2b6227380317f23" - -SRC_URI[patch019.md5sum] = "8f43e1d277b02f3319a34c1cd4a4ff3e" -SRC_URI[patch019.sha256sum] = "27170d6edfe8819835407fdc08b401d2e161b1400fe9d0c5317a51104c89c11e" -SRC_URI[patch020.md5sum] = "5217ff08c444446ec306dce60437c288" -SRC_URI[patch020.sha256sum] = "1840e2cbf26ba822913662f74037594ed562361485390c52813b38156c99522c" -SRC_URI[patch021.md5sum] = "282c7d9b38da8005d25b4f816328a2f4" -SRC_URI[patch021.sha256sum] = "bd8f59054a763ec1c64179ad5cb607f558708a317c2bdb22b814e3da456374c1" -SRC_URI[patch022.md5sum] = "0b709c9d7f8e6cf267a8b863efb899f7" -SRC_URI[patch022.sha256sum] = "45331f0936e36ab91bfe44b936e33ed8a1b1848fa896e8a1d0f2ef74f297cb79" -SRC_URI[patch023.md5sum] = "fe2e0ca4cf9409ff0e9428e1236f983e" -SRC_URI[patch023.sha256sum] = "4fec236f3fbd3d0c47b893fdfa9122142a474f6ef66c20ffb6c0f4864dd591b6" - -DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" -DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" - -BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/bash/bash_5.0.bb b/poky/meta/recipes-extended/bash/bash_5.0.bb new file mode 100644 index 000000000..e60e5304a --- /dev/null +++ b/poky/meta/recipes-extended/bash/bash_5.0.bb @@ -0,0 +1,45 @@ +require bash.inc + +# GPLv2+ (< 4.0), GPLv3+ (>= 4.0) +LICENSE = "GPLv3+" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" + +SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-001;apply=yes;striplevel=0;name=patch001 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-002;apply=yes;striplevel=0;name=patch002 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-003;apply=yes;striplevel=0;name=patch003 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-004;apply=yes;striplevel=0;name=patch004 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-005;apply=yes;striplevel=0;name=patch005 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-006;apply=yes;striplevel=0;name=patch006 \ + ${GNU_MIRROR}/bash/bash-${PV}-patches/bash50-007;apply=yes;striplevel=0;name=patch007 \ + file://execute_cmd.patch \ + file://mkbuiltins_have_stringize.patch \ + file://build-tests.patch \ + file://test-output.patch \ + file://fix-run-coproc-run-heredoc-run-execscript-run-test-f.patch \ + file://run-ptest \ + file://fix-run-builtins.patch \ + " + +SRC_URI[tarball.md5sum] = "2b44b47b905be16f45709648f671820b" +SRC_URI[tarball.sha256sum] = "b4a80f2ac66170b2913efbfb9f2594f1f76c7b1afd11f799e22035d63077fb4d" + +SRC_URI[patch001.md5sum] = "b026862ab596a5883bb4f0d1077a3819" +SRC_URI[patch001.sha256sum] = "f2fe9e1f0faddf14ab9bfa88d450a75e5d028fedafad23b88716bd657c737289" +SRC_URI[patch002.md5sum] = "2f4a7787365790ae57f36b311701ea7e" +SRC_URI[patch002.sha256sum] = "87e87d3542e598799adb3e7e01c8165bc743e136a400ed0de015845f7ff68707" +SRC_URI[patch003.md5sum] = "af7f2dd93fd5429fb5e9a642ff74f87d" +SRC_URI[patch003.sha256sum] = "4eebcdc37b13793a232c5f2f498a5fcbf7da0ecb3da2059391c096db620ec85b" +SRC_URI[patch004.md5sum] = "b60545b273bfa4e00a760f2c648bed9c" +SRC_URI[patch004.sha256sum] = "14447ad832add8ecfafdce5384badd933697b559c4688d6b9e3d36ff36c62f08" +SRC_URI[patch005.md5sum] = "875a0bedf48b74e453e3997c84b5d8a4" +SRC_URI[patch005.sha256sum] = "5bf54dd9bd2c211d2bfb34a49e2c741f2ed5e338767e9ce9f4d41254bf9f8276" +SRC_URI[patch006.md5sum] = "4a8ee95adb72c3aba03d9e8c9f96ece6" +SRC_URI[patch006.sha256sum] = "d68529a6ff201b6ff5915318ab12fc16b8a0ebb77fda3308303fcc1e13398420" +SRC_URI[patch007.md5sum] = "411560d81fde2dc5b17b83c3f3b58c6f" +SRC_URI[patch007.sha256sum] = "17b41e7ee3673d8887dd25992417a398677533ab8827938aa41fad70df19af9b" + +DEBUG_OPTIMIZATION_append_armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" +DEBUG_OPTIMIZATION_append_armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" + +BBCLASSEXTEND = "nativesdk" diff --git a/poky/meta/recipes-extended/cpio/cpio_2.12.bb b/poky/meta/recipes-extended/cpio/cpio_2.12.bb index cb845c307..3713bf0b1 100644 --- a/poky/meta/recipes-extended/cpio/cpio_2.12.bb +++ b/poky/meta/recipes-extended/cpio/cpio_2.12.bb @@ -18,7 +18,7 @@ SRC_URI[sha256sum] = "08a35e92deb3c85d269a0059a27d4140a9667a6369459299d08c17f713 inherit autotools gettext texinfo -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" +EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" do_install () { autotools_do_install @@ -34,7 +34,7 @@ do_install () { PACKAGES =+ "${PN}-rmt" -FILES_${PN}-rmt = "${base_sbindir}/rmt*" +FILES_${PN}-rmt = "${sbindir}/rmt*" inherit update-alternatives @@ -46,6 +46,6 @@ ALTERNATIVE_${PN}-rmt = "rmt" ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" ALTERNATIVE_PRIORITY[rmt] = "50" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" +ALTERNATIVE_LINK_NAME[rmt] = "${sbindir}/rmt" BBCLASSEXTEND = "native" diff --git a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch index 6c928165c..c374790d1 100644 --- a/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch +++ b/poky/meta/recipes-extended/cronie/cronie/crond_pam_config.patch @@ -4,19 +4,19 @@ configure files instead. Upstream-Status: Pending Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -Index: cronie-1.5.1/pam/crond -=================================================================== ---- cronie-1.5.1.orig/pam/crond -+++ cronie-1.5.1/pam/crond +diff --git a/pam/crond b/pam/crond +index 560529d..95a6457 100644 +--- a/pam/crond ++++ b/pam/crond @@ -4,8 +4,8 @@ # # Although no PAM authentication is called, auth modules # are used for credential setting --auth include password-auth +-auth include system-auth +auth include common-auth account required pam_access.so --account include password-auth -+account include common-account +-account include system-auth ++account include common-auth session required pam_loginuid.so --session include password-auth +-session include system-auth +session include common-session-noninteractive diff --git a/poky/meta/recipes-extended/cronie/cronie_1.5.2.bb b/poky/meta/recipes-extended/cronie/cronie_1.5.4.bb index 3abca7f92..d35c6672c 100644 --- a/poky/meta/recipes-extended/cronie/cronie_1.5.2.bb +++ b/poky/meta/recipes-extended/cronie/cronie_1.5.4.bb @@ -16,7 +16,7 @@ SECTION = "utils" UPSTREAM_CHECK_URI = "https://github.com/cronie-crond/${BPN}/releases/" -SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV}/cronie-${PV}.tar.gz \ +SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV}-final/cronie-${PV}.tar.gz \ file://crond.init \ file://crontab \ file://crond.service \ @@ -25,8 +25,8 @@ SRC_URI = "https://github.com/cronie-crond/cronie/releases/download/cronie-${PV} PAM_SRC_URI = "file://crond_pam_config.patch" PAM_DEPS = "libpam libpam-runtime pam-plugin-access pam-plugin-loginuid" -SRC_URI[md5sum] = "703314f58a49ea136e9966d3937d9bf4" -SRC_URI[sha256sum] = "370bf34641691489330e708bd4cdbd779267296a030668a12f77b7e36872fd75" +SRC_URI[md5sum] = "20233b96997e17a142e1fbe0d7ce8223" +SRC_URI[sha256sum] = "af8970559cad4262f8ffd7ec72abf682d2dcce04fdfb8f206a71d96566aba882" inherit autotools update-rc.d useradd systemd diff --git a/poky/meta/recipes-extended/cups/cups_2.2.10.bb b/poky/meta/recipes-extended/cups/cups_2.2.10.bb deleted file mode 100644 index 490c84e2f..000000000 --- a/poky/meta/recipes-extended/cups/cups_2.2.10.bb +++ /dev/null @@ -1,6 +0,0 @@ -require cups.inc - -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460" - -SRC_URI[md5sum] = "3d22d747403ec5dcd0b66d1332564816" -SRC_URI[sha256sum] = "77c8b2b3bb7fe8b5fbfffc307f2c817b2d7ec67b657f261a1dd1c61ab81205bb" diff --git a/poky/meta/recipes-extended/cups/cups_2.2.11.bb b/poky/meta/recipes-extended/cups/cups_2.2.11.bb new file mode 100644 index 000000000..aeb2e14e3 --- /dev/null +++ b/poky/meta/recipes-extended/cups/cups_2.2.11.bb @@ -0,0 +1,6 @@ +require cups.inc + +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460" + +SRC_URI[md5sum] = "7afbbcd2497e7d742583c492f6de40cd" +SRC_URI[sha256sum] = "f58010813fd6903f690cdb0c0b91e4d1bc9e5b9570c28734229ba3ed2908b76c" diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch index beae5f98c..b145188d7 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch +++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch @@ -19,7 +19,7 @@ index e891d91..600f8a8 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script. - AC_INIT(ethtool, 4.19, netdev@vger.kernel.org) + AC_INIT(ethtool, 5.0, netdev@vger.kernel.org) AC_PREREQ(2.52) AC_CONFIG_SRCDIR([ethtool.c]) -AM_INIT_AUTOMAKE([gnu]) diff --git a/poky/meta/recipes-extended/ethtool/ethtool_4.19.bb b/poky/meta/recipes-extended/ethtool/ethtool_5.0.bb index 74e255c24..76cdf9c4e 100644 --- a/poky/meta/recipes-extended/ethtool/ethtool_4.19.bb +++ b/poky/meta/recipes-extended/ethtool/ethtool_5.0.bb @@ -11,8 +11,8 @@ SRC_URI = "${KERNELORG_MIRROR}/software/network/ethtool/ethtool-${PV}.tar.gz \ file://avoid_parallel_tests.patch \ " -SRC_URI[md5sum] = "a533db1d202724822c4ef297643fac12" -SRC_URI[sha256sum] = "e8e88f5a79c78e542cd84fee60b67dbf29cee63e4760e8d61544fea74c761ad1" +SRC_URI[md5sum] = "8998c9eb7e491b0aec420a807ce52ba6" +SRC_URI[sha256sum] = "cc53a6d4d5643f8993ef20d6b638f88d9035529a9e777e222073c3a5b9237178" inherit autotools ptest RDEPENDS_${PN}-ptest += "make" diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch deleted file mode 100644 index 30ce04a7b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch +++ /dev/null @@ -1,99 +0,0 @@ -From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Mon, 26 Nov 2018 18:01:25 +0000 -Subject: [PATCH] Have gs_cet.ps run from gs_init.ps - -Previously gs_cet.ps was run on the command line, to set up the interpreter -state so our output more closely matches the example output for the QL CET -tests. - -Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the -file directly. - -This works better for gpdl as it means the changes are made in the intial -interpreter state, rather than after initialisation is complete. - -This also means adding a definition of the default procedure for black -generation and under color removal (rather it being defined in-line in -.setdefaultbgucr - -Also, add a check so gs_cet.ps only runs once - if we try to run it a second -time, we'll just skip over the file, flushing through to the end. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 11 ++++++++++- - Resource/Init/gs_init.ps | 13 ++++++++++++- - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index d3e1686..75534bb 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,6 +1,11 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - -+systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq -+{ -+ (%END GS_CET) .skipeof -+} if -+ - % do this in the server level so it is persistent across jobs - //true 0 startjob not { - (*** Warning: CET startup is not in server default) = flush -@@ -25,7 +30,9 @@ currentglobal //true setglobal - - /UNROLLFORMS true def - --{ } bind dup -+(%.defaultbgrucrproc) cvn { } bind def -+ -+(%.defaultbgrucrproc) cvn load dup - setblackgeneration - setundercolorremoval - 0 array cvx readonly dup dup dup setcolortransfer -@@ -109,3 +116,5 @@ userdict /.smoothness currentsmoothness put - % end of slightly nasty hack to give consistent cluster results - - //false 0 startjob pop % re-enter encapsulated mode -+ -+%END GS_CET -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 45bebf4..e6b9cd2 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -1538,10 +1538,18 @@ setpacking - % any-part-of-pixel rule. - 0.5 .setfilladjust - } bind def -+ - % Set the default screen and BG/UCR. -+% We define the proc here, rather than inline in .setdefaultbgucr -+% for the benefit of gs_cet.ps so jobs that do anything that causes -+% .setdefaultbgucr to be called will still get the redefined proc -+% in gs_cet.ps -+(%.defaultbgrucrproc) cvn { pop 0 } def -+ - /.setdefaultbgucr { - systemdict /setblackgeneration known { -- { pop 0 } dup setblackgeneration setundercolorremoval -+ (%.defaultbgrucrproc) cvn load dup -+ setblackgeneration setundercolorremoval - } if - } bind def - /.useloresscreen { % - .useloresscreen <bool> -@@ -2491,4 +2499,7 @@ WRITESYSTEMDICT { - % be 'true' in some cases. - userdict /AGM_preserve_spots //false put - -+systemdict /CETMODE .knownget -+{ { (gs_cet.ps) runlibfile } if } if -+ - % The interpreter will run the initial procedure (start). --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch deleted file mode 100644 index 590b92e18..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch +++ /dev/null @@ -1,71 +0,0 @@ -From ba6dbd6e61dbb3cc6ee6db9dd3a4f70cc18f706e Mon Sep 17 00:00:00 2001 -From: Nancy Durgin <nancy.durgin@artifex.com> -Date: Thu, 14 Feb 2019 10:09:00 -0800 -Subject: [PATCH] Undef /odef in gs_init.ps - -Made a new temporary utility function in gs_cet.ps (.odef) to use instead -of /odef. This makes it fine to undef odef with all the other operators in -gs_init.ps - -This punts the bigger question of what to do with .makeoperator, but it -doesn't make the situation any worse than it already was. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 10 ++++++++-- - Resource/Init/gs_init.ps | 1 + - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index 75534bb..dbc5c4e 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,6 +1,10 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - -+/.odef { % <name> <proc> odef - -+ 1 index exch .makeoperator def -+} bind def -+ - systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq - { - (%END GS_CET) .skipeof -@@ -93,8 +97,8 @@ userdict /.smoothness currentsmoothness put - } { - /setsmoothness .systemvar /typecheck signalerror - } ifelse --} bind odef --/currentsmoothness { userdict /.smoothness get } bind odef % for 09-55.PS, 09-57.PS . -+} bind //.odef exec -+/currentsmoothness { userdict /.smoothness get } bind //.odef exec % for 09-55.PS, 09-57.PS . - - % slightly nasty hack to give consistent cluster results - /ofnfa systemdict /filenameforall get def -@@ -113,6 +117,8 @@ userdict /.smoothness currentsmoothness put - } ifelse - ofnfa - } bind def -+ -+currentdict /.odef undef - % end of slightly nasty hack to give consistent cluster results - - //false 0 startjob pop % re-enter encapsulated mode -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index e6b9cd2..80d9585 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2257,6 +2257,7 @@ SAFER { .setsafeglobal } if - /.systemvmSFD /.settrapparams /.currentsystemparams /.currentuserparams /.getsystemparam /.getuserparam /.setsystemparams /.setuserparams - /.checkpassword /.locale_to_utf8 /.currentglobal /.gcheck /.imagepath /.currentoutputdevice - /.type /.writecvs /.setSMask /.currentSMask /.needinput /.countexecstack /.execstack /.applypolicies -+ /odef - - % Used by a free user in the Library of Congress. Apparently this is used to - % draw a partial page, which is then filled in by the results of a barcode --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch deleted file mode 100644 index a339fa2f3..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch +++ /dev/null @@ -1,295 +0,0 @@ -From 4203e04ef9e6ca22ed68a1ab10a878aa9ceaeedc Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Thu, 14 Feb 2019 10:20:03 -0800 -Subject: [PATCH] Fix bug 700585: Restrict superexec and remove it from - internals and gs_cet.ps - -Also while changing things, restructure the CETMODE so that it will -work with -dSAFER. The gs_cet.ps is now run when we are still at save -level 0 with systemdict writeable. Allows us to undefine .makeoperator -and .setCPSImode internal operators after CETMODE is handled. - -Change previous uses of superexec to using .forceput (with the usual -.bind executeonly to hide it). - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_cet.ps | 38 ++++++++++++++------------------------ - Resource/Init/gs_dps1.ps | 2 +- - Resource/Init/gs_fonts.ps | 8 ++++---- - Resource/Init/gs_init.ps | 38 +++++++++++++++++++++++++++----------- - Resource/Init/gs_ttf.ps | 8 ++++---- - Resource/Init/gs_type1.ps | 6 +++--- - 6 files changed, 53 insertions(+), 47 deletions(-) - -diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps -index dbc5c4e..3cc6883 100644 ---- a/Resource/Init/gs_cet.ps -+++ b/Resource/Init/gs_cet.ps -@@ -1,37 +1,29 @@ - %!PS - % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET - --/.odef { % <name> <proc> odef - -- 1 index exch .makeoperator def --} bind def -- -+% skip if we've already run this -- based on fake "product" - systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq - { - (%END GS_CET) .skipeof - } if - --% do this in the server level so it is persistent across jobs --//true 0 startjob not { -- (*** Warning: CET startup is not in server default) = flush --} if -+% Note: this must be run at save level 0 and when systemdict is writeable -+currentglobal //true setglobal -+systemdict dup dup dup -+/version (3017.102) readonly .forceput % match CPSI 3017.102 -+/product (PhotoPRINT SE 5.0v2) readonly .forceput % match CPSI 3017.102 -+/revision 0 put % match CPSI 3017.103 Tek shows revision 5 -+/serialnumber dup {233640} readonly .makeoperator .forceput % match CPSI 3017.102 Tek shows serialnumber 1401788461 -+ -+systemdict /.odef { % <name> <proc> odef - -+ 1 index exch //.makeoperator def -+} .bind .forceput % this will be undefined at the end - - 300 .sethiresscreen % needed for language switch build since it - % processes gs_init.ps BEFORE setting the resolution - - 0 array 0 setdash % CET 09-08 wants local setdash - --currentglobal //true setglobal -- --{ -- systemdict dup dup dup -- /version (3017.102) readonly put % match CPSI 3017.102 -- /product (PhotoPRINT SE 5.0v2) readonly put % match CPSI 3017.102 -- /revision 0 put % match CPSI 3017.103 Tek shows revision 5 -- /serialnumber dup {233640} readonly .makeoperator put % match CPSI 3017.102 Tek shows serialnumber 1401788461 -- systemdict /deviceinfo undef % for CET 20-23-1 --% /UNROLLFORMS true put % CET files do unreasonable things inside forms --} 1183615869 internaldict /superexec get exec -- - /UNROLLFORMS true def - - (%.defaultbgrucrproc) cvn { } bind def -@@ -118,9 +110,7 @@ userdict /.smoothness currentsmoothness put - ofnfa - } bind def - --currentdict /.odef undef --% end of slightly nasty hack to give consistent cluster results -- --//false 0 startjob pop % re-enter encapsulated mode -+systemdict /.odef .undef - -+% end of slightly nasty hack to give consistent cluster results - %END GS_CET -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 3d2cf7a..c4fd839 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -89,7 +89,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll .forceput } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 0562235..f2b4e19 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -519,11 +519,11 @@ buildfontdict 3 /.buildfont3 cvx put - % the font in LocalFontDirectory. - .currentglobal - { //systemdict /LocalFontDirectory .knownget -- { 2 index 2 index { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { 2 index 2 index .forceput } % readonly - if - } - if -- dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll .forceput % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -1191,13 +1191,13 @@ $error /SubstituteFont { } put - //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll //.forceput exec % readonly - } { - pop - } ifelse - } forall - } forall -- } -+ } executeonly % hide .forceput - FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - - % Install initial fonts from Fontmap. -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 80d9585..0d5c4f7 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2188,9 +2188,6 @@ SAFER { .setsafeglobal } if - /.endtransparencygroup % transparency-example.ps - /.setdotlength % Bug687720.ps - /.sort /.setdebug /.mementolistnewblocks /getenv -- -- /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER -- - /unread - ] - {systemdict exch .forceundef} forall -@@ -2270,7 +2267,6 @@ SAFER { .setsafeglobal } if - - % Used by our own test suite files - %/.fileposition %image-qa.ps -- %/.makeoperator /.setCPSImode % gs_cet.ps - - % Either our code uses these in ways which mean they can't be undefined, or they are used directly by - % test files/utilities, or engineers expressed a desire to keep them visible. -@@ -2457,6 +2453,16 @@ end - /vmreclaim where - { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if - } if -+ -+% Do this before systemdict is locked (see below for additional CETMODE setup using gs_cet.ps) -+systemdict /CETMODE .knownget { -+ { -+ (gs_cet.ps) runlibfile -+ } if -+} if -+systemdict /.makeoperator .undef % must be after gs_cet.ps -+systemdict /.setCPSImode .undef % must be after gs_cet.ps -+ - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -@@ -2464,16 +2470,29 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. --systemdict /superexec .knownget { -- 1183615869 internaldict /superexec 3 -1 roll put -- systemdict /superexec .undef -+% Move superexec to internaldict if superexec is defined. (Level 2 or later) -+systemdict /superexec known { -+ % restrict superexec to single known use by PScript5.dll -+ % We could do this only for SAFER mode, but internaldict and superexec are -+ % not very well documented, and we don't want them to be used. -+ 1183615869 internaldict /superexec { -+ 2 index /Private eq % first check for typical use in PScript5.dll -+ 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -+ 1 index 0 get systemdict /put get eq and -+ { -+ //superexec exec % the only usage we allow -+ } { -+ /superexec load /invalidaccess signalerror -+ } ifelse -+ } bind cvx executeonly put -+ systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator - } if - - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef - } if -+ - WRITESYSTEMDICT { - SAFER { - (\n *** WARNING - you have selected SAFER, indicating you want Ghostscript\n) print -@@ -2500,7 +2519,4 @@ WRITESYSTEMDICT { - % be 'true' in some cases. - userdict /AGM_preserve_spots //false put - --systemdict /CETMODE .knownget --{ { (gs_cet.ps) runlibfile } if } if -- - % The interpreter will run the initial procedure (start). -diff --git a/Resource/Init/gs_ttf.ps b/Resource/Init/gs_ttf.ps -index 05943c5..da97afa 100644 ---- a/Resource/Init/gs_ttf.ps -+++ b/Resource/Init/gs_ttf.ps -@@ -1421,7 +1421,7 @@ mark - TTFDEBUG { (\n1 setting alias: ) print dup ==only - ( to be the same as ) print 2 index //== exec } if - -- 7 index 2 index 3 -1 roll exch //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 7 index 2 index 3 -1 roll exch .forceput - } forall - pop pop pop - } -@@ -1439,7 +1439,7 @@ mark - exch pop - TTFDEBUG { (\n2 setting alias: ) print 1 index ==only - ( to use glyph index: ) print dup //== exec } if -- 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 5 index 3 1 roll .forceput - //false - } - { -@@ -1456,7 +1456,7 @@ mark - { % CharStrings(dict) isunicode(boolean) cmap(dict) RAGL(dict) gname(name) codep(integer) gindex(integer) - TTFDEBUG { (\3 nsetting alias: ) print 1 index ==only - ( to be index: ) print dup //== exec } if -- exch pop 5 index 3 1 roll //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ exch pop 5 index 3 1 roll .forceput - } - { - pop pop -@@ -1486,7 +1486,7 @@ mark - } ifelse - ] - TTFDEBUG { (Encoding: ) print dup === flush } if --} bind def -+} .bind executeonly odef % hides .forceput - - % to be removed 9.09...... - currentdict /postalias undef -diff --git a/Resource/Init/gs_type1.ps b/Resource/Init/gs_type1.ps -index 96e1ced..61f5269 100644 ---- a/Resource/Init/gs_type1.ps -+++ b/Resource/Init/gs_type1.ps -@@ -116,7 +116,7 @@ - { % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname aglname - CFFDEBUG { (\nsetting alias: ) print dup ==only - ( to be the same as glyph: ) print 1 index //== exec } if -- 3 index exch 3 index //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ 3 index exch 3 index .forceput - % scratch(string) RAGL(dict) AGL(dict) CharStrings(dict) cstring gname - } - {pop} ifelse -@@ -135,7 +135,7 @@ - 3 1 roll pop pop - } if - pop -- dup /.AGLprocessed~GS //true //.growput systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse -+ dup /.AGLprocessed~GS //true .forceput - } if - - %% We need to excute the C .buildfont1 in a stopped context so that, if there -@@ -148,7 +148,7 @@ - {//.buildfont1} stopped - 4 3 roll .setglobal - {//.buildfont1 $error /errorname get signalerror} if -- } bind def -+ } .bind executeonly def % hide .forceput - - % If the diskfont feature isn't included, define a dummy .loadfontdict. - /.loadfontdict where --- -2.20.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch deleted file mode 100644 index 5228cace2..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 5845e667dda3c945ee793fbe6af021533cb4fbec Mon Sep 17 00:00:00 2001 -From: Ray Johnston <ray.johnston@artifex.com> -Date: Sun, 24 Feb 2019 22:01:04 -0800 -Subject: [PATCH] Bug 700585: Obliterate "superexec". We don't need it, nor - do any known apps. - -We were under the impression that the Windows driver 'PScript5.dll' used -superexec, but after testing with our extensive suite of PostScript file, -and analysis of the PScript5 "Adobe CoolType ProcSet, it does not appear -that this operator is needed anymore. Get rid of superexec and all of the -references to it, since it is a potential security hole. - -CVE: CVE-2019-3835 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_init.ps | 18 ------------------ - psi/icontext.c | 1 - - psi/icstate.h | 1 - - psi/zcontrol.c | 30 ------------------------------ - psi/zdict.c | 6 ++---- - psi/zgeneric.c | 3 +-- - 6 files changed, 3 insertions(+), 56 deletions(-) - -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 0d5c4f7..c5ac82a 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2470,24 +2470,6 @@ DELAYBIND not { - systemdict /.forceundef .undef % ditto - } if - --% Move superexec to internaldict if superexec is defined. (Level 2 or later) --systemdict /superexec known { -- % restrict superexec to single known use by PScript5.dll -- % We could do this only for SAFER mode, but internaldict and superexec are -- % not very well documented, and we don't want them to be used. -- 1183615869 internaldict /superexec { -- 2 index /Private eq % first check for typical use in PScript5.dll -- 1 index length 1 eq and % expected usage is: dict /Private <value> {put} superexec -- 1 index 0 get systemdict /put get eq and -- { -- //superexec exec % the only usage we allow -- } { -- /superexec load /invalidaccess signalerror -- } ifelse -- } bind cvx executeonly put -- systemdict /superexec .undef % get rid of the dangerous (unrestricted) operator --} if -- - % Can't remove this one until the last minute :-) - DELAYBIND not { - systemdict /.undef .undef -diff --git a/psi/icontext.c b/psi/icontext.c -index 1fbe486..7462ea3 100644 ---- a/psi/icontext.c -+++ b/psi/icontext.c -@@ -151,7 +151,6 @@ context_state_alloc(gs_context_state_t ** ppcst, - pcst->rand_state = rand_state_initial; - pcst->usertime_total = 0; - pcst->keep_usertime = false; -- pcst->in_superexec = 0; - pcst->plugin_list = 0; - make_t(&pcst->error_object, t__invalid); - { /* -diff --git a/psi/icstate.h b/psi/icstate.h -index 4c6a14d..1009d85 100644 ---- a/psi/icstate.h -+++ b/psi/icstate.h -@@ -54,7 +54,6 @@ struct gs_context_state_s { - long usertime_total; /* total accumulated usertime, */ - /* not counting current time if running */ - bool keep_usertime; /* true if context ever executed usertime */ -- int in_superexec; /* # of levels of superexec */ - /* View clipping is handled in the graphics state. */ - ref error_object; /* t__invalid or error object from operator */ - ref userparams; /* t_dictionary */ -diff --git a/psi/zcontrol.c b/psi/zcontrol.c -index 0362cf4..dc813e8 100644 ---- a/psi/zcontrol.c -+++ b/psi/zcontrol.c -@@ -158,34 +158,6 @@ zexecn(i_ctx_t *i_ctx_p) - return o_push_estack; - } - --/* <obj> superexec - */ --static int end_superexec(i_ctx_t *); --static int --zsuperexec(i_ctx_t *i_ctx_p) --{ -- os_ptr op = osp; -- es_ptr ep; -- -- check_op(1); -- if (!r_has_attr(op, a_executable)) -- return 0; /* literal object just gets pushed back */ -- check_estack(2); -- ep = esp += 3; -- make_mark_estack(ep - 2, es_other, end_superexec); /* error case */ -- make_op_estack(ep - 1, end_superexec); /* normal case */ -- ref_assign(ep, op); -- esfile_check_cache(); -- pop(1); -- i_ctx_p->in_superexec++; -- return o_push_estack; --} --static int --end_superexec(i_ctx_t *i_ctx_p) --{ -- i_ctx_p->in_superexec--; -- return 0; --} -- - /* <array> <executable> .runandhide <obj> */ - /* before executing <executable>, <array> is been removed from */ - /* the operand stack and placed on the execstack with attributes */ -@@ -971,8 +943,6 @@ const op_def zcontrol3_op_defs[] = { - {"0%loop_continue", loop_continue}, - {"0%repeat_continue", repeat_continue}, - {"0%stopped_push", stopped_push}, -- {"1superexec", zsuperexec}, -- {"0%end_superexec", end_superexec}, - {"2.runandhide", zrunandhide}, - {"0%end_runandhide", end_runandhide}, - op_def_end(0) -diff --git a/psi/zdict.c b/psi/zdict.c -index b0deaaa..e2e525d 100644 ---- a/psi/zdict.c -+++ b/psi/zdict.c -@@ -212,8 +212,7 @@ zundef(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - code = idict_undef(op1, op); - if (code < 0 && code != gs_error_undefined) /* ignore undefined error */ - return code; -@@ -504,8 +503,7 @@ zsetmaxlength(i_ctx_t *i_ctx_p) - int code; - - check_type(*op1, t_dictionary); -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op1); -+ check_dict_write(*op1); - check_type(*op, t_integer); - if (op->value.intval < 0) - return_error(gs_error_rangecheck); -diff --git a/psi/zgeneric.c b/psi/zgeneric.c -index 8048e28..d4edddb 100644 ---- a/psi/zgeneric.c -+++ b/psi/zgeneric.c -@@ -204,8 +204,7 @@ zput(i_ctx_t *i_ctx_p) - - switch (r_type(op2)) { - case t_dictionary: -- if (i_ctx_p->in_superexec == 0) -- check_dict_write(*op2); -+ check_dict_write(*op2); - { - int code = idict_put(op2, op1, op); - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch deleted file mode 100644 index 593109fb9..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 53f0cb4c54ac951697704cb87d24154ae08aecce Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 20 Feb 2019 09:54:28 +0000 -Subject: [PATCH] Bug 700576: Make a transient proc executeonly (in - DefineResource). - -This prevents access to .forceput - -Solution originally suggested by cbuissar@redhat.com. - -CVE: CVE-2019-3838 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 89c0ed6..a163541 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -426,7 +426,7 @@ status { - % so we have to use .forceput here. - currentdict /.Instances 2 index .forceput % Category dict is read-only - } executeonly if -- } -+ } executeonly - { .LocalInstances dup //.emptydict eq - { pop 3 dict localinstancedict Category 2 index put - } --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch deleted file mode 100644 index 921e5b687..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0cb5e967c0200559f946291b5b54f8da30c32cd6 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 22 Feb 2019 12:28:23 +0000 -Subject: [PATCH] Bug 700576(redux): an extra transient proc needs - executeonly'ed. - -CVE: CVE-2019-3838 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index a163541..8ce4ae3 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -438,7 +438,7 @@ status { - % Now make the resource value read-only. - 0 2 copy get { readonly } .internalstopped pop - dup 4 1 roll put exch pop exch pop -- } -+ } executeonly - { /defineresource cvx /typecheck signaloperror - } - ifelse --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch deleted file mode 100644 index b2c1ade4b..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0001.patch +++ /dev/null @@ -1,177 +0,0 @@ -From c8c77690199b677f70093824382f0881e643e17b Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 5 Dec 2018 12:22:13 +0000 -Subject: [PATCH 1/7] Sanitize op stack for error conditions - -We save the stacks to an array and store the array for the error handler to -access. - -For SAFER, we traverse the array, and deep copy any op arrays (procedures). As -we make these copies, we check for operators that do *not* exist in systemdict, -when we find one, we replace the operator with a name object (of the form -"/--opname--"). - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - psi/int.mak | 3 +- - psi/interp.c | 8 ++++++ - psi/istack.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - psi/istack.h | 3 ++ - 4 files changed, 91 insertions(+), 1 deletion(-) - -diff --git a/psi/int.mak b/psi/int.mak -index 6ab5bf0..6b349cb 100644 ---- a/psi/int.mak -+++ b/psi/int.mak -@@ -204,7 +204,8 @@ $(PSOBJ)iparam.$(OBJ) : $(PSSRC)iparam.c $(GH)\ - $(PSOBJ)istack.$(OBJ) : $(PSSRC)istack.c $(GH) $(memory__h)\ - $(ierrors_h) $(gsstruct_h) $(gsutil_h)\ - $(ialloc_h) $(istack_h) $(istkparm_h) $(istruct_h) $(iutil_h) $(ivmspace_h)\ -- $(store_h) $(INT_MAK) $(MAKEDIRS) -+ $(store_h) $(icstate_h) $(iname_h) $(dstack_h) $(idict_h) \ -+ $(INT_MAK) $(MAKEDIRS) - $(PSCC) $(PSO_)istack.$(OBJ) $(C_) $(PSSRC)istack.c - - $(PSOBJ)iutil.$(OBJ) : $(PSSRC)iutil.c $(GH) $(math__h) $(memory__h) $(string__h)\ -diff --git a/psi/interp.c b/psi/interp.c -index 6dc0dda..aa5779c 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -761,6 +761,7 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - uint size = ref_stack_count(pstack) - skip; - uint save_space = ialloc_space(idmemory); - int code, i; -+ ref *safety, *safe; - - if (size > 65535) - size = 65535; -@@ -778,6 +779,13 @@ copy_stack(i_ctx_t *i_ctx_p, const ref_stack_t * pstack, int skip, ref * arr) - make_null(&arr->value.refs[i]); - } - } -+ if (pstack == &o_stack && dict_find_string(systemdict, "SAFETY", &safety) > 0 && -+ dict_find_string(safety, "safe", &safe) > 0 && r_has_type(safe, t_boolean) && -+ safe->value.boolval == true) { -+ code = ref_stack_array_sanitize(i_ctx_p, arr, arr); -+ if (code < 0) -+ return code; -+ } - ialloc_set_space(idmemory, save_space); - return code; - } -diff --git a/psi/istack.c b/psi/istack.c -index 8fe151f..f1a3e51 100644 ---- a/psi/istack.c -+++ b/psi/istack.c -@@ -27,6 +27,10 @@ - #include "iutil.h" - #include "ivmspace.h" /* for local/global test */ - #include "store.h" -+#include "icstate.h" -+#include "iname.h" -+#include "dstack.h" -+#include "idict.h" - - /* Forward references */ - static void init_block(ref_stack_t *pstack, const ref *pblock_array, -@@ -294,6 +298,80 @@ ref_stack_store_check(const ref_stack_t *pstack, ref *parray, uint count, - return 0; - } - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr) -+{ -+ int i, code; -+ ref obj, arr2; -+ ref *pobj2; -+ gs_memory_t *mem = (gs_memory_t *)idmemory->current; -+ -+ if (!r_is_array(sarr) || !r_has_type(darr, t_array)) -+ return_error(gs_error_typecheck); -+ -+ for (i = 0; i < r_size(sarr); i++) { -+ code = array_get(mem, sarr, i, &obj); -+ if (code < 0) -+ make_null(&obj); -+ switch(r_type(&obj)) { -+ case t_operator: -+ { -+ int index = op_index(&obj); -+ -+ if (index > 0 && index < op_def_count) { -+ const byte *data = (const byte *)(op_index_def(index)->oname + 1); -+ if (dict_find_string(systemdict, (const char *)data, &pobj2) <= 0) { -+ byte *s = gs_alloc_bytes(mem, strlen((char *)data) + 5, "ref_stack_array_sanitize"); -+ if (s) { -+ s[0] = '\0'; -+ strcpy((char *)s, "--"); -+ strcpy((char *)s + 2, (char *)data); -+ strcpy((char *)s + strlen((char *)data) + 2, "--"); -+ } -+ else { -+ s = (byte *)data; -+ } -+ code = name_ref(imemory, s, strlen((char *)s), &obj, 1); -+ if (code < 0) make_null(&obj); -+ if (s != data) -+ gs_free_object(mem, s, "ref_stack_array_sanitize"); -+ } -+ } -+ else { -+ make_null(&obj); -+ } -+ ref_assign(darr->value.refs + i, &obj); -+ break; -+ } -+ case t_array: -+ case t_shortarray: -+ case t_mixedarray: -+ { -+ int attrs = r_type_attrs(&obj) & (a_write | a_read | a_execute | a_executable); -+ /* We only want to copy executable arrays */ -+ if (attrs & (a_execute | a_executable)) { -+ code = ialloc_ref_array(&arr2, attrs, r_size(&obj), "ref_stack_array_sanitize"); -+ if (code < 0) { -+ make_null(&arr2); -+ } -+ else { -+ code = ref_stack_array_sanitize(i_ctx_p, &obj, &arr2); -+ } -+ ref_assign(darr->value.refs + i, &arr2); -+ } -+ else { -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ break; -+ } -+ default: -+ ref_assign(darr->value.refs + i, &obj); -+ } -+ } -+ return 0; -+} -+ -+ - /* - * Store the top 'count' elements of a stack, starting 'skip' elements below - * the top, into an array, with or without store/undo checking. age=-1 for -diff --git a/psi/istack.h b/psi/istack.h -index 051dcbe..54be405 100644 ---- a/psi/istack.h -+++ b/psi/istack.h -@@ -129,6 +129,9 @@ int ref_stack_store(const ref_stack_t *pstack, ref *parray, uint count, - uint skip, int age, bool check, - gs_dual_memory_t *idmem, client_name_t cname); - -+int -+ref_stack_array_sanitize(i_ctx_t *i_ctx_p, ref *sarr, ref *darr); -+ - /* - * Pop the top N elements off a stack. - * The number must not exceed the number of elements in use. --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch deleted file mode 100644 index 97c74e7e3..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0002.patch +++ /dev/null @@ -1,442 +0,0 @@ -From 20001d2bdf3cc60e76241a6ae72b1df01c5424c5 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Thu, 13 Dec 2018 15:28:34 +0000 -Subject: [PATCH 2/7] Any transient procedures that call .force* operators - -(i.e. for conditionals or loops) make them executeonly. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_diskn.ps | 2 +- - Resource/Init/gs_dps1.ps | 4 ++-- - Resource/Init/gs_fntem.ps | 4 ++-- - Resource/Init/gs_fonts.ps | 12 ++++++------ - Resource/Init/gs_init.ps | 4 ++-- - Resource/Init/gs_lev2.ps | 11 ++++++----- - Resource/Init/gs_pdfwr.ps | 2 +- - Resource/Init/gs_res.ps | 4 ++-- - Resource/Init/gs_setpd.ps | 2 +- - Resource/Init/pdf_base.ps | 13 ++++++++----- - Resource/Init/pdf_draw.ps | 16 +++++++++------- - Resource/Init/pdf_font.ps | 6 +++--- - Resource/Init/pdf_main.ps | 4 ++-- - Resource/Init/pdf_ops.ps | 7 ++++--- - 14 files changed, 49 insertions(+), 42 deletions(-) - -diff --git a/Resource/Init/gs_diskn.ps b/Resource/Init/gs_diskn.ps -index fd694bc..8bf2054 100644 ---- a/Resource/Init/gs_diskn.ps -+++ b/Resource/Init/gs_diskn.ps -@@ -51,7 +51,7 @@ systemdict begin - mark 5 1 roll ] mark exch { { } forall } forall ] - //systemdict /.searchabledevs 2 index .forceput - exch .setglobal -- } -+ } executeonly - if - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index ec5db61..4fae283 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -78,7 +78,7 @@ level2dict begin - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -- { 1 index .forceundef } % LocalFontDirectory is readonly -+ { 1 index .forceundef } executeonly % LocalFontDirectory is readonly - if - } - { % Current mode is local; if there was a shadowed global -@@ -126,7 +126,7 @@ level2dict begin - } - ifelse - } forall -- pop counttomark 2 idiv { .forceundef } repeat pop % readonly -+ pop counttomark 2 idiv { .forceundef } executeonly repeat pop % readonly - } - if - //SharedFontDirectory exch .forcecopynew pop -diff --git a/Resource/Init/gs_fntem.ps b/Resource/Init/gs_fntem.ps -index c1f7651..6eb672a 100644 ---- a/Resource/Init/gs_fntem.ps -+++ b/Resource/Init/gs_fntem.ps -@@ -401,12 +401,12 @@ currentdict end def - .forceput % FontInfo can be read-only. - pop % bool <font> - exit -- } if -+ } executeonly if - dup /FontInfo get % bool <font> <FI> - /GlyphNames2Unicode /Unicode /Decoding findresource - .forceput % FontInfo can be read-only. - exit -- } loop -+ } executeonly loop - exch setglobal - } .bind executeonly odef % must be bound and hidden for .forceput - -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 803faca..290da0c 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -374,7 +374,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /.setnativefontmapbuilt { % set whether we've been run - dup type /booleantype eq { - systemdict exch /.nativefontmapbuilt exch .forceput -- } -+ } executeonly - {pop} - ifelse - } .bind executeonly odef -@@ -1007,11 +1007,11 @@ $error /SubstituteFont { } put - { 2 index gcheck currentglobal - 2 copy eq { - pop pop .forceput -- } { -+ } executeonly { - 5 1 roll setglobal - dup length string copy - .forceput setglobal -- } ifelse -+ } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - - % Attempt to load a font from a file. -@@ -1084,7 +1084,7 @@ $error /SubstituteFont { } put - .FontDirectory 3 index .forceundef % readonly - 1 index (r) file .loadfont .FontDirectory exch - /.setglobal .systemvar exec -- } -+ } executeonly - { .loadfont .FontDirectory - } - ifelse -@@ -1105,7 +1105,7 @@ $error /SubstituteFont { } put - dup 3 index .fontknownget - { dup /PathLoad 4 index .putgstringcopy - 4 1 roll pop pop pop //true exit -- } if -+ } executeonly if - - % Maybe the file had a different FontName. - % See if we can get a FontName from the file, and if so, -@@ -1134,7 +1134,7 @@ $error /SubstituteFont { } put - ifelse % Stack: origfontname fontdict - exch pop //true exit - % Stack: fontdict -- } -+ } executeonly - if pop % Stack: origfontname fontdirectory path - } - if pop pop % Stack: origfontname -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index d733124..56c0bd2 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -2357,7 +2357,7 @@ SAFER { .setsafeglobal } if - % Update the copy of the user parameters. - mark .currentuserparams counttomark 2 idiv { - userparams 3 1 roll .forceput % userparams is read-only -- } repeat pop -+ } executeonly repeat pop - % Turn on idiom recognition, if available. - currentuserparams /IdiomRecognition known { - /IdiomRecognition //true .definepsuserparam -@@ -2376,7 +2376,7 @@ SAFER { .setsafeglobal } if - % Remove real system params from pssystemparams. - mark .currentsystemparams counttomark 2 idiv { - pop pssystemparams exch .forceundef -- } repeat pop -+ } executeonly repeat pop - } if - - % Set up AlignToPixels : -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 44fe619..0f0d573 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -154,7 +154,8 @@ end - % protect top level of parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - /userparams .systemvar 3 1 roll .forceput % userparams is read-only -- } { -+ } executeonly -+ { - pop pop - } ifelse - } forall -@@ -224,7 +225,7 @@ end - % protect top level parameters that we copied - dup type dup /arraytype eq exch /stringtype eq or { readonly } if - //pssystemparams 3 1 roll .forceput % pssystemparams is read-only -- } -+ } executeonly - { pop pop - } - ifelse -@@ -934,7 +935,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - exec - }.bind odef - -@@ -958,7 +959,7 @@ mark - dup /PaintProc get - 1 index /Implementation known not { - 1 index dup /Implementation //null .forceput readonly pop -- } if -+ } executeonly if - /UNROLLFORMS where {/UNROLLFORMS get}{false}ifelse not - %% [CTM] <<Form>> PaintProc .beginform - - { -@@ -1005,7 +1006,7 @@ mark - %% Form dictioanry using the /Implementation key). - 1 dict dup /FormID 4 -1 roll put - 1 index exch /Implementation exch .forceput readonly pop -- } -+ } executeonly - ifelse - } - { -diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps -index 58e75d3..b425103 100644 ---- a/Resource/Init/gs_pdfwr.ps -+++ b/Resource/Init/gs_pdfwr.ps -@@ -650,7 +650,7 @@ currentdict /.pdfmarkparams .undef - } ifelse - } bind .makeoperator .forceput - systemdict /.pdf_hooked_DSC_Creator //true .forceput -- } if -+ } executeonly if - pop - } if - } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 8eb8bb0..d9b3459 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -152,7 +152,7 @@ setglobal - % use .forceput / .forcedef later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly -- } { -+ }{ - /defineresource cvx /typecheck signaloperror - } ifelse - } bind executeonly odef -@@ -424,7 +424,7 @@ status { - % As noted above, Category dictionaries are read-only, - % so we have to use .forcedef here. - /.Instances 1 index .forcedef % Category dict is read-only -- } if -+ } executeonly if - } - { .LocalInstances dup //.emptydict eq - { pop 3 dict localinstancedict Category 2 index put -diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps -index e22597e..7875d1f 100644 ---- a/Resource/Init/gs_setpd.ps -+++ b/Resource/Init/gs_setpd.ps -@@ -634,7 +634,7 @@ NOMEDIAATTRS { - SETPDDEBUG { (Rolling back.) = pstack flush } if - 3 index 2 index 3 -1 roll .forceput - 4 index 1 index .knownget -- { 4 index 3 1 roll .forceput } -+ { 4 index 3 1 roll .forceput } executeonly - { 3 index exch .undef } - ifelse - } bind executeonly odef -diff --git a/Resource/Init/pdf_base.ps b/Resource/Init/pdf_base.ps -index b45e980..7312729 100644 ---- a/Resource/Init/pdf_base.ps -+++ b/Resource/Init/pdf_base.ps -@@ -130,26 +130,29 @@ currentdict /num-chars-dict .undef - - /.pdfexectoken { % <count> <opdict> <exectoken> .pdfexectoken ? - PDFDEBUG { -- pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } if -+ pdfdict /PDFSTEPcount known not { pdfdict /PDFSTEPcount 1 .forceput } executeonly if - PDFSTEP { - pdfdict /PDFtokencount 2 copy .knownget { 1 add } { 1 } ifelse .forceput - PDFSTEPcount 1 gt { - pdfdict /PDFSTEPcount PDFSTEPcount 1 sub .forceput -- } { -+ } executeonly -+ { - dup ==only - ( step # ) print PDFtokencount =only - ( ? ) print flush 1 //false .outputpage - (%stdin) (r) file 255 string readline { - token { - exch pop pdfdict /PDFSTEPcount 3 -1 roll .forceput -- } { -+ } executeonly -+ { - pdfdict /PDFSTEPcount 1 .forceput -- } ifelse % token -+ } executeonly ifelse % token - } { - pop /PDFSTEP //false def % EOF on stdin - } ifelse % readline - } ifelse % PDFSTEPcount > 1 -- } { -+ } executeonly -+ { - dup ==only () = flush - } ifelse % PDFSTEP - } if % PDFDEBUG -diff --git a/Resource/Init/pdf_draw.ps b/Resource/Init/pdf_draw.ps -index 6b0ba93..40c6ac8 100644 ---- a/Resource/Init/pdf_draw.ps -+++ b/Resource/Init/pdf_draw.ps -@@ -1118,14 +1118,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - end - } ifelse - } loop -@@ -1141,14 +1141,14 @@ currentdict end readonly def - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - pop - -@@ -2350,9 +2350,10 @@ currentdict /last-ditch-bpc-csp undef - /IncrementAppearanceNumber { - pdfdict /AppearanceNumber .knownget { - 1 add pdfdict /AppearanceNumber 3 -1 roll .forceput -- }{ -+ } executeonly -+ { - pdfdict /AppearanceNumber 0 .forceput -- } ifelse -+ } executeonly ifelse - }bind executeonly odef - - /MakeAppearanceName { -@@ -2510,7 +2511,8 @@ currentdict /last-ditch-bpc-csp undef - %% want to preserve it. - pdfdict /.PreservePDFForm false .forceput - /q cvx /execform cvx 5 -2 roll -- }{ -+ } executeonly -+ { - /q cvx /PDFexecform cvx 5 -2 roll - } ifelse - -diff --git a/Resource/Init/pdf_font.ps b/Resource/Init/pdf_font.ps -index bea9ea9..4cd62b9 100644 ---- a/Resource/Init/pdf_font.ps -+++ b/Resource/Init/pdf_font.ps -@@ -714,7 +714,7 @@ currentdict end readonly def - pop pop pop - currentdict /.stackdepth .forceundef - currentdict /.dstackdepth .forceundef -- } -+ } executeonly - {pop pop pop} - ifelse - -@@ -1232,7 +1232,7 @@ currentdict /eexec_pdf_param_dict .undef - (\n **** Warning: Type 3 glyph has unbalanced q/Q operators \(too many q's\)\n Output may be incorrect.\n) - pdfformatwarning - pdfdict /.Qqwarning_issued //true .forceput -- } if -+ } executeonly if - Q - } repeat - Q -@@ -2016,7 +2016,7 @@ currentdict /CMap_read_dict undef - /CIDFallBack /CIDFont findresource - } if - exit -- } if -+ } executeonly if - } if - } if - -diff --git a/Resource/Init/pdf_main.ps b/Resource/Init/pdf_main.ps -index 00da47a..37e69b3 100644 ---- a/Resource/Init/pdf_main.ps -+++ b/Resource/Init/pdf_main.ps -@@ -2701,14 +2701,14 @@ currentdict /PDF2PS_matrix_key undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } if - pop -diff --git a/Resource/Init/pdf_ops.ps b/Resource/Init/pdf_ops.ps -index 8672d61..aa09641 100644 ---- a/Resource/Init/pdf_ops.ps -+++ b/Resource/Init/pdf_ops.ps -@@ -184,14 +184,14 @@ currentdict /gput_always_allow .undef - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } - { - currentglobal pdfdict gcheck .setglobal - pdfdict /.Qqwarning_issued //true .forceput - .setglobal - pdfformaterror -- } ifelse -+ } executeonly ifelse - } if - } bind executeonly odef - -@@ -439,7 +439,8 @@ currentdict /gput_always_allow .undef - dup type /booleantype eq { - .currentSMask type /dicttype eq { - .currentSMask /Processed 2 index .forceput -- } { -+ } executeonly -+ { - .setSMask - }ifelse - }{ --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch deleted file mode 100644 index 02b1dc962..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0003.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 60b77b8bf8b6e4d30519c47724631012b530cf0e Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Sat, 15 Dec 2018 09:08:32 +0000 -Subject: [PATCH 3/7] Bug700317: Fix logic for an older change - -Unlike almost every other function in gs, dict_find_string() returns 1 on -success 0 or <0 on failure. The logic for this case was wrong. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - psi/interp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/psi/interp.c b/psi/interp.c -index aa5779c..f6c45bb 100644 ---- a/psi/interp.c -+++ b/psi/interp.c -@@ -703,7 +703,7 @@ again: - * i.e. it's an internal operator we have hidden - */ - code = dict_find_string(systemdict, (const char *)bufptr, &tobj); -- if (code < 0) { -+ if (code <= 0) { - buf[0] = buf[1] = buf[rlen + 2] = buf[rlen + 3] = '-'; - rlen += 4; - bufptr = buf; --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch deleted file mode 100644 index cc15453f0..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0004.patch +++ /dev/null @@ -1,136 +0,0 @@ -From d739565534e955c4336731e4ea4eebc895c09c5c Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Tue, 18 Dec 2018 10:42:10 +0000 -Subject: [PATCH 4/7] Harden some uses of .force* operators - -by adding a few immediate evalutions - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 4 ++-- - Resource/Init/gs_fonts.ps | 20 ++++++++++---------- - Resource/Init/gs_init.ps | 6 +++--- - 3 files changed, 15 insertions(+), 15 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 4fae283..b75ea14 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -74,7 +74,7 @@ level2dict begin - } odef - % undefinefont has to take local/global VM into account. - /undefinefont % <fontname> undefinefont - -- { .FontDirectory 1 .argindex .forceundef % FontDirectory is readonly -+ { //.FontDirectory 1 .argindex .forceundef % FontDirectory is readonly - .currentglobal - { % Current mode is global; delete from local directory too. - //systemdict /LocalFontDirectory .knownget -@@ -85,7 +85,7 @@ level2dict begin - % definition, copy it into the local directory. - //systemdict /SharedFontDirectory .knownget - { 1 index .knownget -- { .FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly -+ { //.FontDirectory 2 index 3 -1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse } % readonly - if - } - if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index 290da0c..c13a2fc 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -516,7 +516,7 @@ buildfontdict 3 /.buildfont3 cvx put - if - } - if -- dup .FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ dup //.FontDirectory 4 -2 roll { .growput } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - % If the font originated as a resource, register it. - currentfile .currentresourcefile eq { dup .registerfont } if - readonly -@@ -943,7 +943,7 @@ $error /SubstituteFont { } put - % Try to find a font using only the present contents of Fontmap. - /.tryfindfont { % <fontname> .tryfindfont <font> true - % <fontname> .tryfindfont false -- .FontDirectory 1 index .fontknownget -+ //.FontDirectory 1 index .fontknownget - { % Already loaded - exch pop //true - } -@@ -975,7 +975,7 @@ $error /SubstituteFont { } put - { % Font with a procedural definition - exec % The procedure will load the font. - % Check to make sure this really happened. -- .FontDirectory 1 index .knownget -+ //.FontDirectory 1 index .knownget - { exch pop //true exit } - if - } -@@ -1081,11 +1081,11 @@ $error /SubstituteFont { } put - % because it's different depending on language level. - .currentglobal exch /.setglobal .systemvar exec - % Remove the fake definition, if any. -- .FontDirectory 3 index .forceundef % readonly -- 1 index (r) file .loadfont .FontDirectory exch -+ //.FontDirectory 3 index .forceundef % readonly -+ 1 index (r) file .loadfont //.FontDirectory exch - /.setglobal .systemvar exec - } executeonly -- { .loadfont .FontDirectory -+ { .loadfont //.FontDirectory - } - ifelse - % Stack: fontname fontfilename fontdirectory -@@ -1119,8 +1119,8 @@ $error /SubstituteFont { } put - % Stack: origfontname fontdirectory filefontname fontdict - 3 -1 roll pop - % Stack: origfontname filefontname fontdict -- dup /FontName get dup FontDirectory exch .forceundef -- GlobalFontDirectory exch .forceundef -+ dup /FontName get dup //.FontDirectory exch .forceundef -+ /GlobalFontDirectory .systemvar exch .forceundef - dup length dict .copydict dup 3 index /FontName exch put - 2 index exch definefont - exch -@@ -1176,10 +1176,10 @@ currentdict /.putgstringcopy .undef - { - { - pop dup type /stringtype eq { cvn } if -- .FontDirectory 1 index known not { -+ //.FontDirectory 1 index known not { - 2 dict dup /FontName 3 index put - dup /FontType 1 put -- .FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly -+ //.FontDirectory 3 1 roll { put } systemdict /superexec known {//superexec}{1183615869 internaldict /superexec get exec} ifelse % readonly - } { - pop - } ifelse -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index 56c0bd2..d9a0829 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -1168,8 +1168,8 @@ errordict /unknownerror .undef - }ifelse - }forall - noaccess pop -- systemdict /.setsafeerrors .forceundef -- systemdict /.SAFERERRORLIST .forceundef -+ //systemdict /.setsafeerrors .forceundef -+ //systemdict /.SAFERERRORLIST .forceundef - } bind executeonly odef - - SAFERERRORS {.setsafererrors} if -@@ -2114,7 +2114,7 @@ currentdict /tempfilepaths undef - - /.locksafe { - .locksafe_userparams -- systemdict /getenv {pop //false} .forceput -+ //systemdict /getenv {pop //false} .forceput - % setpagedevice has the side effect of clearing the page, but - % we will just document that. Using setpagedevice keeps the device - % properties and pagedevice .LockSafetyParams in agreement even --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch deleted file mode 100644 index db70bba21..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0005.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 1e830cafa56c6e3e1b08d246eaf5496fe81a0032 Mon Sep 17 00:00:00 2001 -From: Nancy Durgin <nancy.durgin@artifex.com> -Date: Tue, 27 Nov 2018 12:36:14 -0800 -Subject: [PATCH 5/7] Undef a bunch of internal things in gs_res.ps - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_res.ps | 72 +++++++++++++++++++++++++-------------- - Resource/Init/gs_resmp.ps | 4 +-- - 2 files changed, 49 insertions(+), 27 deletions(-) - -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index d9b3459..18d5452 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -197,7 +197,7 @@ setglobal - /.findresource { % <key> <category> findresource <instance> - 2 copy dup /Category eq - { pop //Category 0 get begin } { .findcategory } ifelse -- /FindResource .resourceexec exch pop exch pop -+ /FindResource //.resourceexec exec exch pop exch pop - } bind - end % .Instances of Category - def -@@ -223,7 +223,7 @@ def - not { /defineresource cvx /typecheck signaloperror } if - } if - } if -- /DefineResource .resourceexec -+ /DefineResource //.resourceexec exec - 4 1 roll pop pop pop - } .errorexec - } bind executeonly odef -@@ -252,7 +252,7 @@ def - % without the check. - /resourcestatus cvx /typecheck signalerror - } if -- 2 copy .findcategory /ResourceStatus .resourceexec -+ 2 copy .findcategory /ResourceStatus //.resourceexec exec - { 4 2 roll pop pop //true } { pop pop //false } ifelse - } stopped { - % Although resourcestatus is an operator, Adobe uses executable name -@@ -266,7 +266,7 @@ def - } if - 1 .argindex 1 index % catch stackunderflow - -- { .findcategory /UndefineResource .resourceexec pop pop -+ { .findcategory /UndefineResource //.resourceexec exec pop pop - } stopped { - % Although undefineresource is an operator, Adobe uses executable name - % here but uses operator for the errors above. CET 23-33 -@@ -315,10 +315,10 @@ currentdict /pssystemparams known not { - /pssystemparams 10 dict readonly def - } if - pssystemparams begin -- .default_resource_dir -- /FontResourceDir (Font) .resource_dir_name -+ //.default_resource_dir exec -+ /FontResourceDir (Font) //.resource_dir_name exec - readonly .forcedef % pssys'params is r-o -- /GenericResourceDir () .resource_dir_name -+ /GenericResourceDir () //.resource_dir_name exec - readonly .forcedef % pssys'params is r-o - pop % .default_resource_dir - /GenericResourcePathSep -@@ -387,13 +387,13 @@ status { - } bind def - /.localresourceforall { % <key> <value> <args> .localr'forall - - exch pop -- 2 copy 0 get .stringmatch { .enumerateresource } { pop pop } ifelse -+ 2 copy 0 get .stringmatch { //.enumerateresource exec } { pop pop } ifelse - } bind def - /.globalresourceforall { % <key> <value> <args> .globalr'forall - - exch pop - 2 copy 0 get .stringmatch { - dup 3 get begin .LocalInstances end 2 index known not { -- .enumerateresource -+ //.enumerateresource exec - } { - pop pop - } ifelse -@@ -408,7 +408,7 @@ status { - 3 index known { - pop pop pop - } { -- 2 index known { pop pop } { .enumerateresource } ifelse -+ 2 index known { pop pop } { //.enumerateresource exec } ifelse - } ifelse - } bind def - -@@ -468,19 +468,19 @@ status { - % .knownget doesn't fail on null - /findresource cvx /typecheck signaloperror - } if -- dup .getvminstance { -+ dup //.getvminstance exec { - exch pop 0 get - } { - dup ResourceStatus { - pop 1 gt { -- .DoLoadResource .getvminstance not { -- /findresource cvx .undefinedresource -+ .DoLoadResource //.getvminstance exec not { -+ /findresource cvx //.undefinedresource exec - } if 0 get - } { - .GetInstance pop 0 get - } ifelse - } { -- /findresource cvx .undefinedresource -+ /findresource cvx //.undefinedresource exec - } ifelse - } ifelse - } bind executeonly -@@ -621,7 +621,7 @@ status { - .currentglobal not .setglobal - vmstatus pop exch pop add - } repeat --} bind def -+} bind executeonly odef - /.DoLoadResource { - % .LoadResource may push entries on the operand stack. - % It is an undocumented feature of Adobe implementations, -@@ -633,8 +633,8 @@ status { - {.LoadResource} 4 1 roll 4 .execn - % Stack: ... count key memused - .vmused exch sub -- 1 index .getvminstance not { -- pop dup .undefinedresource % didn't load -+ 1 index //.getvminstance exec not { -+ pop dup //.undefinedresource exec % didn't load - } if - dup 1 1 put - 2 3 -1 roll put -@@ -648,7 +648,7 @@ status { - { //true setglobal { .runresource } stopped //false setglobal { stop } if } - ifelse - } -- { dup .undefinedresource -+ { dup //.undefinedresource exec - } - ifelse - } bind -@@ -758,7 +758,7 @@ counttomark 2 idiv - /FindResource - { .Instances 1 index .knownget - { exch pop } -- { /findresource cvx .undefinedresource } -+ { /findresource cvx //.undefinedresource exec } - ifelse - } bind executeonly - /ResourceStatus -@@ -862,7 +862,7 @@ userdict /.localcsdefaults //false put - 2 copy /Generic /Category findresource /DefineResource get exec - exch pop - exch //.defaultcsnames exch .knownget { -- 1 index .definedefaultcs -+ 1 index //.definedefaultcs exec - currentglobal not { .userdict /.localcsdefaults //true put } if - } if - } bind executeonly -@@ -872,13 +872,13 @@ userdict /.localcsdefaults //false put - //.defaultcsnames 1 index .knownget { - % Stack: resname index - currentglobal { -- .undefinedefaultcs pop -+ //.undefinedefaultcs exec pop - } { - % We removed the local definition, but there might be a global one. - exch .GetInstance { -- 0 get .definedefaultcs -+ 0 get //.definedefaultcs exec - } { -- .undefinedefaultcs -+ //.undefinedefaultcs exec - } ifelse - % Recompute .localcsdefaults by scanning. This is rarely needed. - .userdict /.localcsdefaults //false //.defaultcsnames { -@@ -997,7 +997,7 @@ currentdict /.fontstatusaux .undef - /Generic /Category findresource /UndefineResource get exec - } bind executeonly - /FindResource { -- dup .getvminstance { -+ dup //.getvminstance exec { - exch pop 0 get - } { - dup ResourceStatus { -@@ -1024,7 +1024,7 @@ currentdict /.fontstatusaux .undef - % stack: name font vmused - % findfont has the prerogative of not calling definefont - % in certain obscure cases of font substitution. -- 2 index .getvminstance { -+ 2 index //.getvminstance exec { - dup 1 1 put - 2 3 -1 roll put - } { -@@ -1159,3 +1159,25 @@ end % level2dict - - %% Replace 1 (gs_resmp.ps) - (gs_resmp.ps) dup runlibfile VMDEBUG -+ -+[ -+ /.default_resource_dir -+ /.resource_dir_name -+] -+{systemdict exch .forceundef} forall -+ -+[ -+ /.definedefaultcs -+ /.undefinedefaultcs -+ /.defaultcsnames -+ /.enumerateresource -+ /.externalresourceforall -+ /.getvminstance -+ /.globalresourceforall -+ /.localresourceforall -+ /resourceforall1 -+ /.resourceexec -+ /.undefinedresource -+ /.vmused -+] -+{level2dict exch .forceundef} forall -diff --git a/Resource/Init/gs_resmp.ps b/Resource/Init/gs_resmp.ps -index 9bb4263..cb948d1 100644 ---- a/Resource/Init/gs_resmp.ps -+++ b/Resource/Init/gs_resmp.ps -@@ -230,7 +230,7 @@ currentpacking //false setpacking - } { - dup dup .map exch .knownget { % /Name /Name <<record>> - dup dup /RecordVirtualMethods get /IsActive get exec { -- 1 index .getvminstance { % /Name /Name <<record>> holder -+ 1 index //.getvminstance exec { % /Name /Name <<record>> holder - 1 get 1 eq - } { - //true -@@ -242,7 +242,7 @@ currentpacking //false setpacking - DefineResource exec % size bStatusIs1 /Name Instance - % Make ResourceStatus to return correct values for this instance : - % Hack: we replace status values in the instance holder : -- exch .getvminstance pop % size bStatusIs1 Instance holder -+ exch //.getvminstance exec pop % size bStatusIs1 Instance holder - dup 5 -1 roll 2 exch put % bStatusIs1 Instance holder - 3 2 roll { % Instance holder - 1 1 put % Instance --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch deleted file mode 100644 index 79e640b18..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0006.patch +++ /dev/null @@ -1,596 +0,0 @@ -From 97f9052ce49e6844b06a49ff9e4b8fc1eaf6bd10 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Wed, 9 Jan 2019 14:24:07 +0000 -Subject: [PATCH 6/7] Undefine a bunch of gs_fonts.ps specific procs - -Also reorder and add some immediate evaluation, so it still works with the -undefining. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 3 +- - Resource/Init/gs_fonts.ps | 275 +++++++++++++++++++++----------------- - Resource/Init/gs_res.ps | 7 +- - 3 files changed, 157 insertions(+), 128 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index b75ea14..8700c8c 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -67,7 +67,8 @@ level2dict begin - - /selectfont % <fontname> <size> selectfont - - { -- { 1 .argindex findfont -+ { -+ 1 .argindex findfont - 1 index dup type /arraytype eq { makefont } { scalefont } ifelse - setfont pop pop - } stopped { /selectfont .systemvar $error /errorname get signalerror } if -diff --git a/Resource/Init/gs_fonts.ps b/Resource/Init/gs_fonts.ps -index c13a2fc..0562235 100644 ---- a/Resource/Init/gs_fonts.ps -+++ b/Resource/Init/gs_fonts.ps -@@ -100,7 +100,7 @@ userdict /.nativeFontmap .FontDirectory maxlength dict put - { 2 index token not - { (Fontmap entry for ) print 1 index =only - ( ends prematurely! Giving up.) = flush -- {.loadFontmap} 0 get 1 .quit -+ {//.loadFontmap exec} 0 get 1 .quit - } if - dup /; eq { pop 3 index 3 1 roll .growput exit } if - pop -@@ -202,6 +202,14 @@ NOFONTPATH { /FONTPATH () def } if - { pop } - { /FONTPATH (GS_FONTPATH) getenv not { () } if def } - ifelse -+ -+% The following are dummy definitions that, if we have a FONTPATH, will -+% be replaced in the following section. -+% They are here so immediately evaulation will work, and allow them to -+% undefined at the bottom of the file. -+/.scanfontbegin{} bind def -+/.scanfontdir {} bind def -+ - FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /FONTPATH [ FONTPATH .pathlist ] def - -@@ -242,12 +250,12 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /.scanfontbegin - { % Construct the table of all file names already in Fontmap. - currentglobal //true setglobal -- .scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength -+ //.scanfontdict dup maxlength Fontmap length 2 add .max .setmaxlength - Fontmap - { exch pop - { dup type /stringtype eq -- { .splitfilename pop .fonttempstring copy .lowerstring cvn -- .scanfontdict exch //true put -+ { //.splitfilename exec pop //.fonttempstring copy //.lowerstring exec cvn -+ //.scanfontdict exch //true put - } - { pop - } -@@ -280,9 +288,9 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - /txt //true - .dicttomark def - /.scan1fontstring 8192 string def --% %%BeginFont: is not per Adobe documentation, but a few fonts have it. -+% BeginFont: is not per Adobe documentation, but a few fonts have it. - /.scanfontheaders [(%!PS-Adobe*) (%!FontType*) (%%BeginFont:*)] def --0 .scanfontheaders { length .max } forall 6 add % extra for PFB header -+0 //.scanfontheaders { length .max } forall 6 add % extra for PFB header - /.scan1fontfirst exch string def - /.scanfontdir % <dirname> .scanfontdir - - { currentglobal exch //true setglobal -@@ -291,10 +299,10 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - 0 0 0 4 -1 roll % found scanned files - { % stack: <fontcount> <scancount> <filecount> <filename> - exch 1 add exch % increment filecount -- dup .splitfilename .fonttempstring copy .lowerstring -+ dup //.splitfilename exec //.fonttempstring copy //.lowerstring exec - % stack: <fontcount> <scancount> <filecount+1> <filename> - % <BASE> <ext> -- .scanfontskip exch known exch .scanfontdict exch known or -+ //.scanfontskip exch known exch //.scanfontdict exch known or - { pop - % stack: <fontcount> <scancount> <filecount+1> - } -@@ -309,7 +317,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - % On some platforms, the file operator will open directories, - % but an error will occur if we try to read from one. - % Handle this possibility here. -- dup .scan1fontfirst { readstring } .internalstopped -+ dup //.scan1fontfirst { readstring } .internalstopped - { pop pop () } - { pop } - ifelse -@@ -322,7 +330,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - { dup length 6 sub 6 exch getinterval } - if - % Check for font file headers. -- //false .scanfontheaders -+ //false //.scanfontheaders - { 2 index exch .stringmatch or - } - forall exch pop -@@ -335,7 +343,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - { exch copystring exch - DEBUG { ( ) print dup =only flush } if - 1 index .definenativefontmap -- .splitfilename pop //true .scanfontdict 3 1 roll .growput -+ //.splitfilename exec pop //true //.scanfontdict 3 1 roll .growput - % Increment fontcount. - 3 -1 roll 1 add 3 1 roll - } -@@ -352,7 +360,7 @@ FONTPATH length 0 eq { (%END FONTPATH) .skipeof } if - } - ifelse - } -- .scan1fontstring filenameforall -+ //.scan1fontstring filenameforall - QUIET - { pop pop pop } - { ( ) print =only ( files, ) print =only ( scanned, ) print -@@ -422,7 +430,6 @@ systemdict /NONATIVEFONTMAP known .setnativefontmapbuilt - //true .setnativefontmapbuilt - } ifelse - } bind def --currentdict /.setnativefontmapbuilt .forceundef - - % Create the dictionary that registers the .buildfont procedure - % (called by definefont) for each FontType. -@@ -526,7 +533,8 @@ buildfontdict 3 /.buildfont3 cvx put - % We use this only for explicitly aliased fonts, not substituted fonts: - % we think this matches the observed behavior of Adobe interpreters. - /.aliasfont % <name> <font> .aliasfont <newFont> -- { .currentglobal 3 1 roll dup .gcheck .setglobal -+ { -+ currentglobal 3 1 roll dup gcheck setglobal - % <bool> <name> <font> - dup length 2 add dict % <bool> <name> <font> <dict> - dup 3 -1 roll % <bool> <name> <dict> <dict> <font> -@@ -541,7 +549,7 @@ buildfontdict 3 /.buildfont3 cvx put - % whose FontName is a local non-string, if someone passed a - % garbage value to findfont. In this case, just don't - % call definefont at all. -- 2 index dup type /stringtype eq exch .gcheck or 1 index .gcheck not or -+ 2 index dup type /stringtype eq exch gcheck or 1 index gcheck not or - { pop % <bool> <name> <dict> - 1 index dup type /stringtype eq { cvn } if - % <bool> <name> <dict> <name1> -@@ -566,10 +574,11 @@ buildfontdict 3 /.buildfont3 cvx put - % Don't bind in definefont, since Level 2 redefines it. - /definefont .systemvar exec - } -- { /findfont cvx {.completefont} .errorexec pop exch pop -+ { -+ /findfont cvx {.completefont} //.errorexec exec pop exch pop - } - ifelse -- exch .setglobal -+ exch setglobal - } odef % so findfont will bind it - - % Define .loadfontfile for loading a font. If we recognize Type 1 and/or -@@ -669,10 +678,19 @@ buildfontdict 3 /.buildfont3 cvx put - [(Cn) 4] [(Cond) 4] [(Narrow) 4] [(Pkg) 4] [(Compr) 4] - [(Serif) 8] [(Sans) -8] - ] readonly def -+ -+/.fontnamestring { % <fontname> .fontnamestring <string|name> -+ dup type dup /nametype eq { -+ pop .namestring -+ } { -+ /stringtype ne { pop () } if -+ } ifelse -+} bind def -+ - /.fontnameproperties { % <int> <string|name> .fontnameproperties - % <int'> -- .fontnamestring -- .substituteproperties { -+ //.fontnamestring exec -+ //.substituteproperties { - 2 copy 0 get search { - pop pop pop dup length 1 sub 1 exch getinterval 3 -1 roll exch { - dup 0 ge { or } { neg not and } ifelse -@@ -710,13 +728,7 @@ buildfontdict 3 /.buildfont3 cvx put - % <other> .nametostring <other> - dup type /nametype eq { .namestring } if - } bind def --/.fontnamestring { % <fontname> .fontnamestring <string|name> -- dup type dup /nametype eq { -- pop .namestring -- } { -- /stringtype ne { pop () } if -- } ifelse --} bind def -+ - /.substitutefontname { % <fontname> <properties> .substitutefontname - % <altname|null> - % Look for properties and/or a face name in the font name. -@@ -724,7 +736,7 @@ buildfontdict 3 /.buildfont3 cvx put - % base font; otherwise, use the default font. - % Note that the "substituted" font name may be the same as - % the requested one; the caller must check this. -- exch .fontnamestring { -+ exch //.fontnamestring exec { - defaultfontname /Helvetica-Oblique /Helvetica-Bold /Helvetica-BoldOblique - /Helvetica-Narrow /Helvetica-Narrow-Oblique - /Helvetica-Narrow-Bold /Helvetica-Narrow-BoldOblique -@@ -734,12 +746,12 @@ buildfontdict 3 /.buildfont3 cvx put - } 3 1 roll - % Stack: facelist properties fontname - % Look for a face name. -- .substitutefaces { -+ //.substitutefaces { - 2 copy 0 get search { - pop pop pop - % Stack: facelist properties fontname [(pattern) family properties] - dup 2 get 4 -1 roll or 3 1 roll -- 1 get .substitutefamilies exch get -+ 1 get //.substitutefamilies exch get - 4 -1 roll pop 3 1 roll - } { - pop pop -@@ -748,7 +760,7 @@ buildfontdict 3 /.buildfont3 cvx put - 1 index length mod get exec - } bind def - /.substitutefont { % <fontname> .substitutefont <altname> -- dup 0 exch .fontnameproperties .substitutefontname -+ dup 0 exch //.fontnameproperties exec .substitutefontname - % Only accept fonts known in the Fontmap. - Fontmap 1 index known not - { -@@ -814,7 +826,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if - counttomark 1 sub { .aliasfont } repeat end - % <fontname> mark <font> - exch pop exch pop --} odef -+} bind odef - /findfont { - .findfont - } bind def -@@ -860,7 +872,7 @@ FAKEFONTS not { (%END FAKEFONTS) .skipeof } if - } { - dup .substitutefont - 2 copy eq { pop defaultfontname } if -- .checkalias -+ //.checkalias exec - QUIET not { - SHORTERRORS { - (%%[) print 1 index =only -@@ -886,8 +898,8 @@ $error /SubstituteFont { } put - //null 0 1 FONTPATH length 1 sub { - FONTPATH 1 index get //null ne { exch pop exit } if pop - } for dup //null ne { -- dup 0 eq { .scanfontbegin } if -- FONTPATH 1 index get .scanfontdir -+ dup 0 eq { //.scanfontbegin exec} if -+ FONTPATH 1 index get //.scanfontdir exec - FONTPATH exch //null put //true - } { - pop //false -@@ -897,11 +909,10 @@ $error /SubstituteFont { } put - % scanning of FONTPATH. - /.dofindfont { % mark <fontname> .dofindfont % mark <alias> ... <font> - .tryfindfont not { -- - % We didn't find the font. If we haven't scanned - % all the directories in FONTPATH, scan the next one - % now and look for the font again. -- .scannextfontdir { -+ //.scannextfontdir exec { - % Start over with an empty alias list. - counttomark 1 sub { pop } repeat % mark <fontname> - .dofindfont -@@ -927,6 +938,7 @@ $error /SubstituteFont { } put - } if - % Substitute for the font. Don't alias. - % Same stack as at the beginning of .dofindfont. -+ - $error /SubstituteFont get exec - % - % igorm: I guess the surrounding code assumes that .stdsubstfont -@@ -935,72 +947,11 @@ $error /SubstituteFont { } put - % used in .dofindfont and through .stdsubstfont - % just to represent a simple iteration, - % which accumulates the aliases after the mark. -- .stdsubstfont -+ //.stdsubstfont exec - } ifelse - } ifelse - } if - } bind def --% Try to find a font using only the present contents of Fontmap. --/.tryfindfont { % <fontname> .tryfindfont <font> true -- % <fontname> .tryfindfont false -- //.FontDirectory 1 index .fontknownget -- { % Already loaded -- exch pop //true -- } -- { -- dup Fontmap exch .knownget -- { //true //true } -- { % Unknown font name. Look for a file with the -- % same name as the requested font. -- dup .tryloadfont -- { exch pop //true //false } -- { -- % if we can't load by name check the native font map -- dup .nativeFontmap exch .knownget -- { //true //true } -- { //false //false } ifelse -- } ifelse -- } ifelse -- -- { % Try each element of the Fontmap in turn. -- pop -- //false exch % (in case we exhaust the list) -- % Stack: fontname false fontmaplist -- { exch pop -- dup type /nametype eq -- { % Font alias -- .checkalias .tryfindfont exit -- } -- { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -- { % Font with a procedural definition -- exec % The procedure will load the font. -- % Check to make sure this really happened. -- //.FontDirectory 1 index .knownget -- { exch pop //true exit } -- if -- } -- { % Font file name -- //true .loadfontloop { //true exit } if -- } -- ifelse -- } -- ifelse //false -- } -- forall -- % Stack: font true -or- fontname false -- { //true -- } -- { % None of the Fontmap entries worked. -- % Try loading a file with the same name -- % as the requested font. -- .tryloadfont -- } -- ifelse -- } -- if -- } -- ifelse -- } bind def - - % any user of .putgstringcopy must use bind and executeonly - /.putgstringcopy % <dict> <name> <string> .putgstringcopy - -@@ -1014,25 +965,6 @@ $error /SubstituteFont { } put - } executeonly ifelse - } .bind executeonly odef % must be bound and hidden for .forceput - --% Attempt to load a font from a file. --/.tryloadfont { % <fontname> .tryloadfont <font> true -- % <fontname> .tryloadfont false -- dup .nametostring -- % Hack: check for the presence of the resource machinery. -- /.genericrfn where { -- pop -- pop dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -- {//false .loadfontloop} .internalstopped {//false} if { -- //true -- } { -- dup .nametostring -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse -- } { -- {//true .loadfontloop} .internalstopped {//false} if -- } ifelse --} bind def -- - /.loadfontloop { % <fontname> <filename> <libflag> .loadfontloop - % <font> true - % -or- -@@ -1102,7 +1034,7 @@ $error /SubstituteFont { } put - } if - - % Check to make sure the font was actually loaded. -- dup 3 index .fontknownget -+ dup 3 index //.fontknownget exec - { dup /PathLoad 4 index .putgstringcopy - 4 1 roll pop pop pop //true exit - } executeonly if -@@ -1113,7 +1045,7 @@ $error /SubstituteFont { } put - exch dup % Stack: origfontname fontdirectory path path - (r) file .findfontname - { % Stack: origfontname fontdirectory path filefontname -- 2 index 1 index .fontknownget -+ 2 index 1 index //.fontknownget exec - { % Yes. Stack: origfontname fontdirectory path filefontname fontdict - dup 4 -1 roll /PathLoad exch .putgstringcopy - % Stack: origfontname fontdirectory filefontname fontdict -@@ -1136,7 +1068,7 @@ $error /SubstituteFont { } put - % Stack: fontdict - } executeonly - if pop % Stack: origfontname fontdirectory path -- } -+ } executeonly - if pop pop % Stack: origfontname - - % The font definitely did not load correctly. -@@ -1150,7 +1082,87 @@ $error /SubstituteFont { } put - - } bind executeonly odef % must be bound and hidden for .putgstringcopy - --currentdict /.putgstringcopy .undef -+% Attempt to load a font from a file. -+/.tryloadfont { % <fontname> .tryloadfont <font> true -+ % <fontname> .tryloadfont false -+ dup //.nametostring exec -+ % Hack: check for the presence of the resource machinery. -+ /.genericrfn where { -+ pop -+ pop dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn -+ {//false .loadfontloop} .internalstopped {//false} if { -+ //true -+ } { -+ dup //.nametostring exec -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+ } { -+ {//true .loadfontloop} .internalstopped {//false} if -+ } ifelse -+} bind def -+ -+% Try to find a font using only the present contents of Fontmap. -+/.tryfindfont { % <fontname> .tryfindfont <font> true -+ % <fontname> .tryfindfont false -+ //.FontDirectory 1 index //.fontknownget exec -+ { % Already loaded -+ exch pop //true -+ } -+ { -+ dup Fontmap exch .knownget -+ { //true //true } -+ { % Unknown font name. Look for a file with the -+ % same name as the requested font. -+ dup //.tryloadfont exec -+ { exch pop //true //false } -+ { -+ % if we can't load by name check the native font map -+ dup .nativeFontmap exch .knownget -+ { //true //true } -+ { //false //false } ifelse -+ } ifelse -+ } ifelse -+ -+ { % Try each element of the Fontmap in turn. -+ pop -+ //false exch % (in case we exhaust the list) -+ % Stack: fontname false fontmaplist -+ { exch pop -+ dup type /nametype eq -+ { % Font alias -+ //.checkalias exec -+ .tryfindfont exit -+ } -+ { dup dup type dup /arraytype eq exch /packedarraytype eq or exch xcheck and -+ { % Font with a procedural definition -+ exec % The procedure will load the font. -+ % Check to make sure this really happened. -+ //.FontDirectory 1 index .knownget -+ { exch pop //true exit } -+ if -+ } -+ { % Font file name -+ //true .loadfontloop { //true exit } if -+ } -+ ifelse -+ } -+ ifelse //false -+ } -+ forall -+ % Stack: font true -or- fontname false -+ { //true -+ } -+ { % None of the Fontmap entries worked. -+ % Try loading a file with the same name -+ % as the requested font. -+ //.tryloadfont exec -+ } -+ ifelse -+ } -+ if -+ } -+ ifelse -+ } bind def - - % Define a procedure to load all known fonts. - % This isn't likely to be very useful. -@@ -1192,9 +1204,9 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - /.loadinitialfonts - { NOFONTMAP not - { /FONTMAP where -- { pop [ FONTMAP .pathlist ] -+ { pop [ FONTMAP //.pathlist exec] - { dup VMDEBUG findlibfile -- { exch pop .loadFontmap } -+ { exch pop //.loadFontmap exec } - { /undefinedfilename signalerror } - ifelse - } -@@ -1208,7 +1220,7 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - pop pop - defaultfontmap_content { .definefontmap } forall - } { -- .loadFontmap -+ //.loadFontmap exec - } ifelse - } { - pop pop -@@ -1272,3 +1284,18 @@ FAKEFONTS { exch } if pop def % don't bind, .current/setglobal get redefined - { .makemodifiedfont - dup /FontName get exch definefont pop - } bind def -+ -+% Undef these, not needed outside this file -+[ -+ % /.fonttempstring /.scannextfontdir - are also used in gs_res.ps, so are undefined there -+ % /.fontnameproperties - is used in pdf_font.ps -+ % /.scanfontheaders - used in gs_cff.ps, gs_ttf.ps -+ /.loadfontloop /.tryloadfont /.findfont /.pathlist /.loadFontmap /.lowerstring -+ /.splitfilename /.scanfontdict /.scanfontbegin -+ /.scanfontskip /.scan1fontstring -+ /.scan1fontfirst /.scanfontdir -+ /.setnativefontmapbuilt /.aliasfont -+ /.setloadingfont /.substitutefaces /.substituteproperties /.substitutefamilies -+ /.nametostring /.fontnamestring /.checkalias /.fontknownget /.stdsubstfont -+ /.putgstringcopy -+] {systemdict exch .forceundef} forall -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index 18d5452..b016113 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -961,7 +961,7 @@ userdict /.localcsdefaults //false put - dup type /nametype eq { .namestring } if - dup type /stringtype ne { //false exit } if - % Check the resource directory. -- dup .fonttempstring /FontResourceDir getsystemparam .genericrfn -+ dup //.fonttempstring /FontResourceDir getsystemparam .genericrfn - status { - pop pop pop pop //true exit - } if -@@ -969,7 +969,7 @@ userdict /.localcsdefaults //false put - % as the font. - findlibfile { closefile //true exit } if - % Scan a FONTPATH directory and try again. -- .scannextfontdir not { //false exit } if -+ //.scannextfontdir exec not { //false exit } if - } loop - } bind def - -@@ -1008,7 +1008,7 @@ currentdict /.fontstatusaux .undef - } ifelse - } bind executeonly - /ResourceForAll { -- { .scannextfontdir not { exit } if } loop -+ { //.scannextfontdir exec not { exit } if } loop - /Generic /Category findresource /ResourceForAll get exec - } bind executeonly - /.ResourceFileStatus { -@@ -1163,6 +1163,7 @@ end % level2dict - [ - /.default_resource_dir - /.resource_dir_name -+ /.fonttempstring /.scannextfontdir % from gs_fonts.ps - ] - {systemdict exch .forceundef} forall - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch deleted file mode 100644 index 5c1f83959..000000000 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-6116-0007.patch +++ /dev/null @@ -1,346 +0,0 @@ -From 5c49efe24dda0f2dbd2a09b9159e683cce99b6d8 Mon Sep 17 00:00:00 2001 -From: Chris Liddell <chris.liddell@artifex.com> -Date: Fri, 11 Jan 2019 13:36:36 +0000 -Subject: [PATCH 7/7] Remove .forcedef, and harden .force* ops more - -Remove .forcedef and replace all uses with a direct call to .forceput instead. - -Ensure every procedure (named and trasient) that calls .forceput is -executeonly. - -CVE: CVE-2019-6116 -Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git] - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - Resource/Init/gs_dps1.ps | 15 +++++++----- - Resource/Init/gs_init.ps | 28 ++++++++------------- - Resource/Init/gs_lev2.ps | 51 +++++++++++++++++++-------------------- - Resource/Init/gs_ll3.ps | 5 ++-- - Resource/Init/gs_res.ps | 29 +++++++++++----------- - Resource/Init/gs_statd.ps | 4 +-- - 6 files changed, 63 insertions(+), 69 deletions(-) - -diff --git a/Resource/Init/gs_dps1.ps b/Resource/Init/gs_dps1.ps -index 8700c8c..3d2cf7a 100644 ---- a/Resource/Init/gs_dps1.ps -+++ b/Resource/Init/gs_dps1.ps -@@ -33,14 +33,17 @@ systemdict begin - - /SharedFontDirectory .FontDirectory .gcheck - { .currentglobal //false .setglobal -+ currentdict - /LocalFontDirectory .FontDirectory dup maxlength dict copy -- .forcedef % LocalFontDirectory is local, systemdict is global -+ .forceput % LocalFontDirectory is local, systemdict is global - .setglobal .FontDirectory -- } -- { /LocalFontDirectory .FontDirectory -- .forcedef % LocalFontDirectory is local, systemdict is global -+ } executeonly -+ { -+ currentdict -+ /LocalFontDirectory .FontDirectory -+ .forceput % LocalFontDirectory is local, systemdict is global - 50 dict -- } -+ }executeonly - ifelse def - - end % systemdict -@@ -55,7 +58,7 @@ level2dict begin - { //SharedFontDirectory } - { /LocalFontDirectory .systemvar } % can't embed ref to local VM - ifelse .forceput pop % LocalFontDirectory is local, systemdict is global -- } .bind odef -+ } .bind executeonly odef - % Don't just copy (load) the definition of .setglobal: - % it gets redefined for LL3. - /setshared { /.setglobal .systemvar exec } odef -diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps -index d9a0829..45bebf4 100644 ---- a/Resource/Init/gs_init.ps -+++ b/Resource/Init/gs_init.ps -@@ -54,7 +54,7 @@ systemdict exch - dup /userdict - currentdict dup 200 .setmaxlength % userdict - .forceput % userdict is local, systemdict is global -- } -+ } executeonly - if begin - - % Define dummy local/global operators if needed. -@@ -299,13 +299,6 @@ QUIET not { printgreeting flush } if - 1 index exch .makeoperator def - } .bind def - --% Define a special version of def for storing local objects into global --% dictionaries. Like .forceput, this exists only during initialization. --/.forcedef { % <key> <value> .forcedef - -- 1 .argindex pop % check # of args -- currentdict 3 1 roll .forceput --} .bind odef -- - % Define procedures for accessing variables in systemdict and userdict - % regardless of the contents of the dictionary stack. - /.systemvar { % <name> .systemvar <value> -@@ -347,7 +340,7 @@ DELAYBIND - } - ifelse - } .bind def --} if -+} executeonly if - - %**************** BACKWARD COMPATIBILITY **************** - /hwsizedict mark /HWSize //null .dicttomark readonly def -@@ -655,7 +648,7 @@ currentdict /.typenames .undef - /ifelse .systemvar - ] cvx executeonly - exch .setglobal --} odef -+} executeonly odef - systemdict /internaldict dup .makeinternaldict .makeoperator - .forceput % proc is local, systemdict is global - -@@ -1093,7 +1086,7 @@ def - - % Define $error. This must be in local VM. - .currentglobal //false .setglobal --/$error 40 dict .forcedef % $error is local, systemdict is global -+currentdict /$error 40 dict .forceput % $error is local, systemdict is global - % newerror, errorname, command, errorinfo, - % ostack, estack, dstack, recordstacks, - % binary, globalmode, -@@ -1112,8 +1105,8 @@ end - % Define errordict similarly. It has one entry per error name, - % plus handleerror. However, some astonishingly badly written PostScript - % files require it to have at least one empty slot. --/errordict ErrorNames length 3 add dict --.forcedef % errordict is local, systemdict is global -+currentdict /errordict ErrorNames length 3 add dict -+.forceput % errordict is local, systemdict is global - .setglobal % back to global VM - % gserrordict contains all the default error handling methods, but unlike - % errordict it is noaccess after creation (also it is in global VM). -@@ -1273,8 +1266,9 @@ end - (END PROCS) VMDEBUG - - % Define the font directory. -+currentdict - /FontDirectory //false .setglobal 100 dict //true .setglobal --.forcedef % FontDirectory is local, systemdict is global -+.forceput % FontDirectory is local, systemdict is global - - % Define the encoding dictionary. - /EncodingDirectory 16 dict def % enough for Level 2 + PDF standard encodings -@@ -2333,7 +2327,6 @@ SAFER { .setsafeglobal } if - //systemdict /UndefinePostScriptOperators get exec - //systemdict /UndefinePDFOperators get exec - //systemdict /.forcecopynew .forceundef % remove temptation -- //systemdict /.forcedef .forceundef % ditto - //systemdict /.forceput .forceundef % ditto - //systemdict /.undef .forceundef % ditto - //systemdict /.forceundef .forceundef % ditto -@@ -2368,9 +2361,9 @@ SAFER { .setsafeglobal } if - % (and, if implemented, context switching). - .currentglobal //false .setglobal - mark userparams { } forall .dicttomark readonly -- /userparams exch .forcedef % systemdict is read-only -+ currentdict exch /userparams exch .forceput % systemdict is read-only - .setglobal --} if -+} executeonly if - /.currentsystemparams where { - pop - % Remove real system params from pssystemparams. -@@ -2458,7 +2451,6 @@ end - DELAYBIND not { - systemdict /.bindnow .undef % We only need this for DELAYBIND - systemdict /.forcecopynew .undef % remove temptation -- systemdict /.forcedef .undef % ditto - systemdict /.forceput .undef % ditto - systemdict /.forceundef .undef % ditto - } if -diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps -index 0f0d573..9c0c3a6 100644 ---- a/Resource/Init/gs_lev2.ps -+++ b/Resource/Init/gs_lev2.ps -@@ -304,31 +304,30 @@ end - psuserparams exch /.checkFilePermitparams load put - .setglobal - --pssystemparams begin -- /CurDisplayList 0 .forcedef -- /CurFormCache 0 .forcedef -- /CurInputDevice () .forcedef -- /CurOutlineCache 0 .forcedef -- /CurOutputDevice () .forcedef -- /CurPatternCache 0 .forcedef -- /CurUPathCache 0 .forcedef -- /CurScreenStorage 0 .forcedef -- /CurSourceList 0 .forcedef -- /DoPrintErrors //false .forcedef -- /JobTimeout 0 .forcedef -- /LicenseID (LN-001) .forcedef % bogus -- /MaxDisplayList 140000 .forcedef -- /MaxFormCache 100000 .forcedef -- /MaxImageBuffer 524288 .forcedef -- /MaxOutlineCache 65000 .forcedef -- /MaxPatternCache 100000 .forcedef -- /MaxUPathCache 300000 .forcedef -- /MaxScreenStorage 84000 .forcedef -- /MaxSourceList 25000 .forcedef -- /PrinterName product .forcedef -- /RamSize 4194304 .forcedef -- /WaitTimeout 40 .forcedef --end -+pssystemparams -+dup /CurDisplayList 0 .forceput -+dup /CurFormCache 0 .forceput -+dup /CurInputDevice () .forceput -+dup /CurOutlineCache 0 .forceput -+dup /CurOutputDevice () .forceput -+dup /CurPatternCache 0 .forceput -+dup /CurUPathCache 0 .forceput -+dup /CurScreenStorage 0 .forceput -+dup /CurSourceList 0 .forceput -+dup /DoPrintErrors //false .forceput -+dup /JobTimeout 0 .forceput -+dup /LicenseID (LN-001) .forceput % bogus -+dup /MaxDisplayList 140000 .forceput -+dup /MaxFormCache 100000 .forceput -+dup /MaxImageBuffer 524288 .forceput -+dup /MaxOutlineCache 65000 .forceput -+dup /MaxPatternCache 100000 .forceput -+dup /MaxUPathCache 300000 .forceput -+dup /MaxScreenStorage 84000 .forceput -+dup /MaxSourceList 25000 .forceput -+dup /PrinterName product .forceput -+dup /RamSize 4194304 .forceput -+ /WaitTimeout 40 .forceput - - % Define the procedures for handling comment scanning. The names - % %ProcessComment and %ProcessDSCComment are known to the interpreter. -@@ -710,7 +709,7 @@ pop % currentsystemparams - /statusdict currentdict def - - currentdict end --/statusdict exch .forcedef % statusdict is local, systemdict is global -+currentdict exch /statusdict exch .forceput % statusdict is local, systemdict is global - - % The following compatibility operators are in systemdict. They are - % defined here, rather than in gs_init.ps, because they require the -diff --git a/Resource/Init/gs_ll3.ps b/Resource/Init/gs_ll3.ps -index c86721f..881af44 100644 ---- a/Resource/Init/gs_ll3.ps -+++ b/Resource/Init/gs_ll3.ps -@@ -521,9 +521,8 @@ end - % Define additional user and system parameters. - /HalftoneMode 0 .definepsuserparam - /MaxSuperScreen 1016 .definepsuserparam --pssystemparams begin % read-only, so use .forcedef -- /MaxDisplayAndSourceList 160000 .forcedef --end -+% read-only, so use .forceput -+pssystemparams /MaxDisplayAndSourceList 160000 .forceput - - % Define the IdiomSet resource category. - { /IdiomSet } { -diff --git a/Resource/Init/gs_res.ps b/Resource/Init/gs_res.ps -index b016113..89c0ed6 100644 ---- a/Resource/Init/gs_res.ps -+++ b/Resource/Init/gs_res.ps -@@ -41,10 +41,10 @@ level2dict begin - % However, Ed Taft of Adobe says their interpreters don't implement this - % either, so we aren't going to worry about it for a while. - --currentglobal //false setglobal systemdict begin -- /localinstancedict 5 dict -- .forcedef % localinstancedict is local, systemdict is global --end //true setglobal -+currentglobal //false setglobal -+ systemdict /localinstancedict 5 dict -+ .forceput % localinstancedict is local, systemdict is global -+//true setglobal - /.emptydict 0 dict readonly def - setglobal - -@@ -149,7 +149,7 @@ setglobal - dup [ exch 0 -1 ] exch - .Instances 4 2 roll put - % Make the Category dictionary read-only. We will have to -- % use .forceput / .forcedef later to replace the dummy, -+ % use .forceput / .forceput later to replace the dummy, - % empty .Instances dictionary with the real one later. - readonly - }{ -@@ -304,7 +304,8 @@ systemdict begin - dup () ne { - .file_name_directory_separator concatstrings - } if -- 2 index exch //false .file_name_combine not { -+ 2 index exch //false -+ .file_name_combine not { - (Error: .default_resource_dir returned ) print exch print ( that can't combine with ) print = - /.default_resource_dir cvx /configurationerror signalerror - } if -@@ -317,14 +318,14 @@ currentdict /pssystemparams known not { - pssystemparams begin - //.default_resource_dir exec - /FontResourceDir (Font) //.resource_dir_name exec -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - /GenericResourceDir () //.resource_dir_name exec -- readonly .forcedef % pssys'params is r-o -+ readonly currentdict 3 1 roll .forceput % pssys'params is r-o - pop % .default_resource_dir - /GenericResourcePathSep -- .file_name_separator readonly .forcedef % pssys'params is r-o -- (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forcedef % pssys'params is r-o -- (%diskGenericResourceDir) cvn (/Resource/) readonly .forcedef % pssys'params is r-o -+ .file_name_separator readonly currentdict 3 1 roll .forceput % pssys'params is r-o -+ currentdict (%diskFontResourceDir) cvn (/Resource/Font/) readonly .forceput % pssys'params is r-o -+ currentdict (%diskGenericResourceDir) cvn (/Resource/) readonly .forceput % pssys'params is r-o - end - end - -@@ -422,8 +423,8 @@ status { - .Instances dup //.emptydict eq { - pop 3 dict - % As noted above, Category dictionaries are read-only, -- % so we have to use .forcedef here. -- /.Instances 1 index .forcedef % Category dict is read-only -+ % so we have to use .forceput here. -+ currentdict /.Instances 2 index .forceput % Category dict is read-only - } executeonly if - } - { .LocalInstances dup //.emptydict eq -@@ -441,7 +442,7 @@ status { - { /defineresource cvx /typecheck signaloperror - } - ifelse --} .bind executeonly .makeoperator % executeonly to prevent access to .forcedef -+} .bind executeonly .makeoperator % executeonly to prevent access to .forceput - /UndefineResource - { { dup 2 index .knownget - { dup 1 get 1 ge -diff --git a/Resource/Init/gs_statd.ps b/Resource/Init/gs_statd.ps -index 20d4c96..b6a7659 100644 ---- a/Resource/Init/gs_statd.ps -+++ b/Resource/Init/gs_statd.ps -@@ -21,10 +21,10 @@ systemdict begin - % We make statusdict a little larger for Level 2 stuff. - % Note that it must be allocated in local VM. - .currentglobal //false .setglobal -- /statusdict 91 dict .forcedef % statusdict is local, sys'dict global -+ currentdict /statusdict 91 dict .forceput % statusdict is local, sys'dict global - % To support the Level 2 job control features, - % serverdict must also be in local VM. -- /serverdict 10 dict .forcedef % serverdict is local, sys'dict global -+ currentdict /serverdict 10 dict .forceput % serverdict is local, sys'dict global - .setglobal - end - --- -2.18.1 - diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch index fc144f625..7b70bb8e2 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch +++ b/poky/meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-genarch.patch @@ -1,7 +1,7 @@ -From 94850954b88440df6c41d2dd133c422ffc84d9aa Mon Sep 17 00:00:00 2001 +From c076d0fc970f190f723018258790c79b59daba2e Mon Sep 17 00:00:00 2001 From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Thu, 29 Mar 2018 16:12:48 +0800 -Subject: [PATCH 07/10] not generate objarch.h at compile time +Date: Sat, 11 May 2019 21:20:27 +0800 +Subject: [PATCH] not generate objarch.h at compile time Import patch from windriver linux for cross compilation, and split patches into oe way under different directories such as i586, powerpc etc @@ -12,19 +12,19 @@ Upstream-Status: Pending Signed-off-by: Kang Kai <kai.kang@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> -Rebase to 9.23 +Rebase to 9.27 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- base/lib.mak | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base/lib.mak b/base/lib.mak -index 0036d1e..302877e 100644 +index 3ed088a..5af2b43 100644 --- a/base/lib.mak +++ b/base/lib.mak @@ -87,8 +87,8 @@ arch_h=$(GLGEN)arch.h stdpre_h=$(GLSRC)stdpre.h - stdint__h=$(GLSRC)stdint_.h $(std_h) + stdint__h=$(GLSRC)stdint_.h -$(GLGEN)arch.h : $(GENARCH_XE) - $(EXP)$(GENARCH_XE) $(GLGEN)arch.h $(TARGET_ARCH_FILE) @@ -34,5 +34,5 @@ index 0036d1e..302877e 100644 # Platform interfaces -- -1.8.3.1 +2.7.4 diff --git a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb b/poky/meta/recipes-extended/ghostscript/ghostscript_9.27.bb index bb3234788..fcc9e0099 100644 --- a/poky/meta/recipes-extended/ghostscript/ghostscript_9.26.bb +++ b/poky/meta/recipes-extended/ghostscript/ghostscript_9.27.bb @@ -19,7 +19,7 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" -SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs926/${BPN}-${PV}.tar.gz \ +SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs927/${BPN}-${PV}.tar.gz \ file://ghostscript-9.15-parallel-make.patch \ file://ghostscript-9.16-Werror-return-type.patch \ file://do-not-check-local-libpng-source.patch \ @@ -32,19 +32,6 @@ SRC_URI = "${SRC_URI_BASE} \ file://ghostscript-9.02-genarch.patch \ file://objarch.h \ file://cups-no-gcrypt.patch \ - file://CVE-2019-6116-0001.patch \ - file://CVE-2019-6116-0002.patch \ - file://CVE-2019-6116-0003.patch \ - file://CVE-2019-6116-0004.patch \ - file://CVE-2019-6116-0005.patch \ - file://CVE-2019-6116-0006.patch \ - file://CVE-2019-6116-0007.patch \ - file://CVE-2019-3835-0001.patch \ - file://CVE-2019-3835-0002.patch \ - file://CVE-2019-3835-0003.patch \ - file://CVE-2019-3835-0004.patch \ - file://CVE-2019-3838-0001.patch \ - file://CVE-2019-3838-0002.patch \ " SRC_URI_class-native = "${SRC_URI_BASE} \ @@ -52,8 +39,8 @@ SRC_URI_class-native = "${SRC_URI_BASE} \ file://base-genht.c-add-a-preprocessor-define-to-allow-fope.patch \ " -SRC_URI[md5sum] = "806bc2dedbc7f69b003f536658e08d4a" -SRC_URI[sha256sum] = "831fc019bd477f7cc2d481dc5395ebfa4a593a95eb2fe1eb231a97e450d7540d" +SRC_URI[md5sum] = "c3990a504a3a23b9babe9de00ed6597d" +SRC_URI[sha256sum] = "9760e8bdd07a08dbd445188a6557cb70e60ccb6a5601f7dbfba0d225e28ce285" # Put something like # @@ -136,3 +123,6 @@ BBCLASSEXTEND = "native" # ghostscript does not supports "arc" COMPATIBLE_HOST = "^(?!arc).*" + +# some entries in NVD uses gpl_ghostscript +CVE_PRODUCT = "ghostscript gpl_ghostscript" diff --git a/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch b/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch new file mode 100644 index 000000000..1b94e8a93 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/0001-fix-shebang-for-taget.patch @@ -0,0 +1,31 @@ +From 54c795c8a3c7356294007b5a4eed1dd47ed6411d Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 19:19:27 +0800 +Subject: [PATCH] fix shebang for target + +... +|ERROR: groff-1.22.4-r0 do_package_qa: QA Issue: /usr/bin/gdiffmk contained in +package groff requires tmp-glibc/hosttools/bash, but no providers found in +RDEPENDS_groff? [file-rdeps] +... + +Upstream-Status: Inappropriate [oe-core specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + contrib/gdiffmk/gdiffmk.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/contrib/gdiffmk/gdiffmk.sh b/contrib/gdiffmk/gdiffmk.sh +index 5ce931e..10f2300 100644 +--- a/contrib/gdiffmk/gdiffmk.sh ++++ b/contrib/gdiffmk/gdiffmk.sh +@@ -1,4 +1,4 @@ +-#!@BASH_PROG@ ++#!/bin/sh + # Copyright (C) 2004-2018 Free Software Foundation, Inc. + # Written by Mike Bianchi <MBianchi@Foveal.com <mailto:MBianchi@Foveal.com>> + # Thanks to Peter Bray for debugging. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-replace-perl-w-with-use-warnings.patch b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch index f1db5b065..eda6a40f5 100644 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-replace-perl-w-with-use-warnings.patch +++ b/poky/meta/recipes-extended/groff/files/0001-replace-perl-w-with-use-warnings.patch @@ -1,7 +1,7 @@ -From 5b574542070db286c89b3827e8f15ed4b3b39034 Mon Sep 17 00:00:00 2001 +From 6821a23e6cf34df37c351b45be413a8da9115f9f Mon Sep 17 00:00:00 2001 From: Robert Yang <liezhi.yang@windriver.com> -Date: Thu, 6 Apr 2017 01:46:00 -0700 -Subject: [PATCH] replace "perl -w" with "use warnings" +Date: Sat, 11 May 2019 17:03:03 +0800 +Subject: [PATCH 1/2] replace "perl -w" with "use warnings" The shebang's max length is usually 128 as defined in /usr/include/linux/binfmts.h: @@ -18,6 +18,10 @@ So replace "perl -w" with "use warnings" to make it work. Upstream-Status: Pending Signed-off-by: Robert Yang <liezhi.yang@windriver.com> + +Rebase to 1.22.4. + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- font/devpdf/util/BuildFoundries.pl | 3 ++- src/devices/gropdf/gropdf.pl | 3 ++- @@ -26,7 +30,7 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/font/devpdf/util/BuildFoundries.pl b/font/devpdf/util/BuildFoundries.pl -index 39f2f0d..a2bfd8e 100644 +index f8af826..9584e28 100644 --- a/font/devpdf/util/BuildFoundries.pl +++ b/font/devpdf/util/BuildFoundries.pl @@ -1,4 +1,4 @@ @@ -36,15 +40,15 @@ index 39f2f0d..a2bfd8e 100644 # BuildFoundries : Given a Foundry file generate groff and download files # Deri James : Monday 07 Feb 2011 @@ -22,6 +22,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; + (my $progname = $0) =~s @.*/@@; my $where=shift||''; - my $devps=shift||'../devps'; diff --git a/src/devices/gropdf/gropdf.pl b/src/devices/gropdf/gropdf.pl -index 035d123..b933b32 100644 +index 2ec52d0..ce5a06f 100644 --- a/src/devices/gropdf/gropdf.pl +++ b/src/devices/gropdf/gropdf.pl @@ -1,4 +1,4 @@ @@ -59,10 +63,10 @@ index 035d123..b933b32 100644 use strict; +use warnings; use Getopt::Long qw(:config bundling); - use Compress::Zlib; + use constant diff --git a/src/devices/gropdf/pdfmom.pl b/src/devices/gropdf/pdfmom.pl -index beec820..4b46ea4 100644 +index c9b08b2..61124f3 100644 --- a/src/devices/gropdf/pdfmom.pl +++ b/src/devices/gropdf/pdfmom.pl @@ -1,4 +1,4 @@ @@ -71,8 +75,8 @@ index beec820..4b46ea4 100644 # # pdfmom : Frontend to run groff -mom to produce PDFs # Deri James : Friday 16 Mar 2012 -@@ -24,6 +24,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. +@@ -23,6 +23,7 @@ + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; @@ -80,17 +84,17 @@ index beec820..4b46ea4 100644 my @cmd; my $dev='pdf'; diff --git a/src/utils/afmtodit/afmtodit.pl b/src/utils/afmtodit/afmtodit.pl -index 4f2ce83..5c078ff 100644 +index 954c58e..81a6c97 100644 --- a/src/utils/afmtodit/afmtodit.pl +++ b/src/utils/afmtodit/afmtodit.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl -w +#! /usr/bin/perl # -*- Perl -*- - # Copyright (C) 1989-2014 Free Software Foundation, Inc. + # Copyright (C) 1989-2018 Free Software Foundation, Inc. # Written by James Clark (jjc@jclark.com) @@ -19,6 +19,7 @@ - # along with this program. If not, see <http://www.gnu.org/licenses/>. + # along with this program. If not, see <http://www.gnu.org/licenses/>. use strict; +use warnings; @@ -98,5 +102,5 @@ index 4f2ce83..5c078ff 100644 @afmtodit.tables@ -- -2.10.2 +2.7.4 diff --git a/poky/meta/recipes-extended/groff/files/0001-support-musl.patch b/poky/meta/recipes-extended/groff/files/0001-support-musl.patch new file mode 100644 index 000000000..a837b11b1 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/0001-support-musl.patch @@ -0,0 +1,41 @@ +From 695965c27be74acb5968f19d51af86065c4b71a9 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 13 May 2019 09:48:14 +0800 +Subject: [PATCH] support musl + +... +|./lib/math.h:2877:1: error: 'int signbit(float)' conflicts with a previous declaration +| _GL_MATH_CXX_REAL_FLOATING_DECL_2 (signbit) +| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +|In file included from recipe-sysroot/usr/include/c++/8.3.0/math.h:36, +| from ./lib/math.h:27, +| from ./src/include/driver.h:27, +| from src/devices/grodvi/dvi.cpp:20: +|recipe-sysroot/usr/include/c++/8.3.0/cmath:661:3: note: previous declaration 'constexpr bool std::signbit(float)' +| signbit(float __x) +| ^~~~~~~ +... + +Upstream-Status: Backport [http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=453ff940449bbbde9ec00f0bbf82a359c5598fc7] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + gnulib_m4/signbit.m4 | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/gnulib_m4/signbit.m4 b/gnulib_m4/signbit.m4 +index 9e7884d..8b9c70c 100644 +--- a/gnulib_m4/signbit.m4 ++++ b/gnulib_m4/signbit.m4 +@@ -31,6 +31,8 @@ AC_DEFUN([gl_SIGNBIT], + [case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_signbit="guessing yes" ;; ++ # Guess yes on musl systems. ++ *-musl*) gl_cv_func_signbit="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_signbit="guessing yes" ;; + # If we don't know, assume the worst. +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch b/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch new file mode 100644 index 000000000..c80a2a5c3 --- /dev/null +++ b/poky/meta/recipes-extended/groff/files/groff-not-search-fonts-on-build-host.patch @@ -0,0 +1,32 @@ +From 75761ae7adc88412de4379d1cf5484b055cd5f18 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Sat, 11 May 2019 17:06:29 +0800 +Subject: [PATCH 2/2] groff searchs fonts which are provided by ghostscript on + build host. It causes non-determinism issue. So not search font dirs on host. + +Upstream-Status: Inappropriate [cross build specific] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +Rebase to 1.22.4 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + font/devpdf/Foundry.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/font/devpdf/Foundry.in b/font/devpdf/Foundry.in +index 93e9b66..235b23b 100644 +--- a/font/devpdf/Foundry.in ++++ b/font/devpdf/Foundry.in +@@ -65,7 +65,7 @@ ZD|Y||||Dingbats!d050000l.pfb + #====================================================================== + + #Foundry|Name|Searchpath +-foundry|U|(gs):@urwfontsdir@ :/usr/share/fonts/type1/gsfonts :/opt/local/share/fonts/urw-fonts # the URW fonts delivered with ghostscript (may be different) ++foundry|U|(gs) # the URW fonts delivered with ghostscript (may be different) + #Define Flags for afmtodit + + r=-i 0 -m +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch deleted file mode 100644 index b61b43281..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/0001-Unset-need_charset_alias-when-building-for-musl.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 13 Apr 2015 17:02:13 -0700 -Subject: [PATCH] Unset need_charset_alias when building for musl - -localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4 -which actually shoudl be fixed in gnulib and then all downstream -projects will get it eventually. For now we apply the fix to -coreutils - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - lib/gnulib.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: groff-1.22.3/src/libs/gnulib/lib/Makefile.am -=================================================================== ---- groff-1.22.3.orig/src/libs/gnulib/lib/Makefile.am -+++ groff-1.22.3/src/libs/gnulib/lib/Makefile.am -@@ -113,7 +113,7 @@ install-exec-localcharset: all-local - case '$(host_os)' in \ - darwin[56]*) \ - need_charset_alias=true ;; \ -- darwin* | cygwin* | mingw* | pw32* | cegcc*) \ -+ darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \ - need_charset_alias=false ;; \ - *) \ - need_charset_alias=true ;; \ diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch deleted file mode 100644 index c73328a18..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-1.22.2-correct-man.local-install-path.patch +++ /dev/null @@ -1,34 +0,0 @@ -Correct the install path of man.local to fix following error: - /yocto/build/tmp/sysroots/x86_64-linux/usr/share/groff/1.22.2/tmac/an-old.tmac:690: warning: can't find macro file `man.local' - -Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com> -Upstream-Status: Pending - -diff --git a/tmac/Makefile.sub b/tmac/Makefile.sub -index 1506232..f1468c5 100644 ---- a/tmac/Makefile.sub -+++ b/tmac/Makefile.sub -@@ -121,9 +121,9 @@ install_data: $(NORMALFILES) $(SPECIALFILES) man.local \ - $(RM) $(DESTDIR)$(mdocdir)/$$f; \ - $(INSTALL_DATA) $$f-s $(DESTDIR)$(mdocdir)/$$f; \ - done -- -test -f $(DESTDIR)$(localtmacdir)/man.local \ -+ -test -f $(DESTDIR)$(tmacdir)/man.local \ - || $(INSTALL_DATA) $(srcdir)/man.local \ -- $(DESTDIR)$(localtmacdir)/man.local -+ $(DESTDIR)$(tmacdir)/man.local - -test -f $(DESTDIR)$(localtmacdir)/mdoc.local \ - || $(INSTALL_DATA) mdoc.local-s $(DESTDIR)$(localtmacdir)/mdoc.local - -@@ -164,9 +164,9 @@ uninstall_sub: - $(RM) $(DESTDIR)$(tmacdir)/$(tmac_s_prefix)s.tmac - $(RM) $(DESTDIR)$(tmacdir)/$(tmac_an_prefix)an.tmac - $(RM) $(DESTDIR)$(tmacdir)/www.tmac -- -if cmp -s $(DESTDIR)$(localtmacdir)/man.local \ -+ -if cmp -s $(DESTDIR)$(tmacdir)/man.local \ - $(srcdir)/man.local; then \ -- $(RM) $(DESTDIR)$(localtmacdir)/man.local; \ -+ $(RM) $(DESTDIR)$(tmacdir)/man.local; \ - fi - -if cmp -s $(DESTDIR)$(localtmacdir)/mdoc.local \ - $(srcdir)/mdoc.local; then \ diff --git a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch b/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch deleted file mode 100644 index ff8f32059..000000000 --- a/poky/meta/recipes-extended/groff/groff-1.22.3/groff-not-search-fonts-on-build-host.patch +++ /dev/null @@ -1,20 +0,0 @@ -groff searchs fonts which are provided by ghostscript on build host. -It causes non-determinism issue. So not search font dirs on host. - -Upstream-Status: Inappropriate [cross build specific] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -diff --git a/font/devpdf/Foundry.in b/font/devpdf/Foundry.in -index a6e968f..8094642 100644 ---- a/font/devpdf/Foundry.in -+++ b/font/devpdf/Foundry.in -@@ -65,7 +65,7 @@ ZD|Y||||Dingbats!d050000l.pfb - #====================================================================== - - #Foundry|Name|Searchpath --foundry|U|(gs):/usr/share/fonts/type1/gsfonts :/opt/local/share/fonts/urw-fonts # the URW fonts delivered with ghostscript (may be different) -+foundry|U|(gs) # the URW fonts delivered with ghostscript (may be different) - #Define Flags for afmtodit - - r=-i 0 -m diff --git a/poky/meta/recipes-extended/groff/groff_1.22.3.bb b/poky/meta/recipes-extended/groff/groff_1.22.4.bb index ba90cadd8..37eee9a6c 100644 --- a/poky/meta/recipes-extended/groff/groff_1.22.3.bb +++ b/poky/meta/recipes-extended/groff/groff_1.22.4.bb @@ -8,49 +8,27 @@ LICENSE = "GPLv3" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GNU_MIRROR}/groff/groff-${PV}.tar.gz \ - file://groff-1.22.2-correct-man.local-install-path.patch \ - file://0001-Unset-need_charset_alias-when-building-for-musl.patch \ file://0001-replace-perl-w-with-use-warnings.patch \ file://groff-not-search-fonts-on-build-host.patch \ + file://0001-fix-shebang-for-taget.patch \ + file://0001-support-musl.patch \ " -SRC_URI[md5sum] = "cc825fa64bc7306a885f2fb2268d3ec5" -SRC_URI[sha256sum] = "3a48a9d6c97750bfbd535feeb5be0111db6406ddb7bb79fc680809cda6d828a5" +SRC_URI[md5sum] = "08fb04335e2f5e73f23ea4c3adbf0c5f" +SRC_URI[sha256sum] = "e78e7b4cb7dec310849004fa88847c44701e8d133b5d4c13057d876c1bad0293" -DEPENDS = "groff-native" -DEPENDS_class-native = "" +DEPENDS = "bison-native" RDEPENDS_${PN} += "perl sed" -inherit autotools texinfo multilib_script +inherit autotools-brokensep texinfo multilib_script pkgconfig MULTILIB_SCRIPTS = "${PN}:${bindir}/gpinyin ${PN}:${bindir}/groffer ${PN}:${bindir}/grog" -EXTRA_OECONF = "--without-x" +EXTRA_OECONF = "--without-x --without-doc" PARALLEL_MAKE = "" CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'" -do_configure_prepend() { - if [ "${BUILD_SYS}" != "${HOST_SYS}" ]; then - sed -i \ - -e '/^GROFFBIN=/s:=.*:=${STAGING_BINDIR_NATIVE}/groff:' \ - -e '/^TROFFBIN=/s:=.*:=${STAGING_BINDIR_NATIVE}/troff:' \ - -e '/^GROFF_BIN_PATH=/s:=.*:=${STAGING_BINDIR_NATIVE}:' \ - -e '/^GROFF_BIN_DIR=/s:=.*:=${STAGING_BINDIR_NATIVE}:' \ - ${S}/contrib/*/Makefile.sub \ - ${S}/doc/Makefile.in \ - ${S}/doc/Makefile.sub - fi -} - -do_configure_append() { - # generate gnulib configure script - olddir=`pwd` - cd ${S}/src/libs/gnulib/ - ACLOCAL="$ACLOCAL" autoreconf -Wcross --verbose --install --force ${EXTRA_AUTORECONF} $acpaths || die "autoreconf execution failed." - cd ${olddir} -} - do_install_append() { # Some distros have both /bin/perl and /usr/bin/perl, but we set perl location # for target as /usr/bin/perl, so fix it to /usr/bin/perl. diff --git a/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch b/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch new file mode 100644 index 000000000..e26594d19 --- /dev/null +++ b/poky/meta/recipes-extended/iptables/iptables/0003-extensions-format-security-fixes-in-libipt_icmp.patch @@ -0,0 +1,61 @@ +From 907e429d7548157016cd51aba4adc5d0c7d9f816 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Adam=20Go=C5=82=C4=99biowski?= <adamg@pld-linux.org> +Date: Wed, 14 Nov 2018 07:35:28 +0100 +Subject: extensions: format-security fixes in libip[6]t_icmp +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add") +introduced support for gcc feature to check format string against passed +argument. This commit adds missing bits to extenstions's libipt_icmp.c +and libip6t_icmp6.c that were causing build to fail. + +Fixes: 61d6c3834de3 ("xtables: add 'printf' attribute to xlate_add") +Signed-off-by: Adam GoÅ‚Ä™biowski <adamg@pld-linux.org> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + +Upstream-Status: Backport +--- + extensions/libip6t_icmp6.c | 4 ++-- + extensions/libipt_icmp.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/extensions/libip6t_icmp6.c b/extensions/libip6t_icmp6.c +index 45a71875..cc7bfaeb 100644 +--- a/extensions/libip6t_icmp6.c ++++ b/extensions/libip6t_icmp6.c +@@ -230,7 +230,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + type_name = icmp6_type_xlate(icmptype); + + if (type_name) { +- xt_xlate_add(xl, type_name); ++ xt_xlate_add(xl, "%s", type_name); + } else { + for (i = 0; i < ARRAY_SIZE(icmpv6_codes); ++i) + if (icmpv6_codes[i].type == icmptype && +@@ -239,7 +239,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + break; + + if (i != ARRAY_SIZE(icmpv6_codes)) +- xt_xlate_add(xl, icmpv6_codes[i].name); ++ xt_xlate_add(xl, "%s", icmpv6_codes[i].name); + else + return 0; + } +diff --git a/extensions/libipt_icmp.c b/extensions/libipt_icmp.c +index 54189976..e76257c5 100644 +--- a/extensions/libipt_icmp.c ++++ b/extensions/libipt_icmp.c +@@ -236,7 +236,7 @@ static unsigned int type_xlate_print(struct xt_xlate *xl, unsigned int icmptype, + if (icmp_codes[i].type == icmptype && + icmp_codes[i].code_min == code_min && + icmp_codes[i].code_max == code_max) { +- xt_xlate_add(xl, icmp_codes[i].name); ++ xt_xlate_add(xl, "%s", icmp_codes[i].name); + return 1; + } + } +-- +cgit v1.2.1 + diff --git a/poky/meta/recipes-extended/iptables/iptables_1.6.2.bb b/poky/meta/recipes-extended/iptables/iptables_1.8.2.bb index a57cac34e..ad2c1a6f8 100644 --- a/poky/meta/recipes-extended/iptables/iptables_1.6.2.bb +++ b/poky/meta/recipes-extended/iptables/iptables_1.8.2.bb @@ -10,10 +10,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ + file://0003-extensions-format-security-fixes-in-libipt_icmp.patch \ " -SRC_URI[md5sum] = "7d2b7847e4aa8832a18437b8a4c1873d" -SRC_URI[sha256sum] = "55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733" +SRC_URI[md5sum] = "944558e88ddcc3b9b0d9550070fa3599" +SRC_URI[sha256sum] = "a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch b/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch deleted file mode 100644 index 139613a0a..000000000 --- a/poky/meta/recipes-extended/libsolv/libsolv/0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 19d7cc87adba92d31d5fafdf7db00920d24a96a6 Mon Sep 17 00:00:00 2001 -From: Alejandro del Castillo <alejandro.delcastillo@ni.com> -Date: Wed, 6 Feb 2019 13:24:04 -0600 -Subject: [PATCH] solver_solve: only disfavor recommends if there are any - -In a repo that have pkg 'a' and 'b' available, and 'b' is disfavored, -but 'a' doesn't recommend 'b', libsolv segfaults on -solver_addrecommendsrules, since solv->recommendsruleq is null. Only -call solver_addrecommendsrules if there are recommends rules. - -Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> - -Upstream-Status: Accepted ---- - src/solver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/solver.c b/src/solver.c -index a80090d19..ad78327a8 100644 ---- a/src/solver.c -+++ b/src/solver.c -@@ -3920,7 +3920,7 @@ solver_solve(Solver *solv, Queue *job) - else - solv->yumobsrules = solv->yumobsrules_end = solv->nrules; - -- if (solv->havedisfavored && solv->strongrecommends) -+ if (solv->havedisfavored && solv->strongrecommends && solv->recommendsruleq) - solver_addrecommendsrules(solv); - else - solv->recommendsrules = solv->recommendsrules_end = solv->nrules; --- -2.20.1 - diff --git a/poky/meta/recipes-extended/libsolv/libsolv_0.7.3.bb b/poky/meta/recipes-extended/libsolv/libsolv_0.7.4.bb index 70c8dbc2e..b8653adc0 100644 --- a/poky/meta/recipes-extended/libsolv/libsolv_0.7.3.bb +++ b/poky/meta/recipes-extended/libsolv/libsolv_0.7.4.bb @@ -8,11 +8,11 @@ LIC_FILES_CHKSUM = "file://LICENSE.BSD;md5=62272bd11c97396d4aaf1c41bc11f7d8" DEPENDS = "expat zlib" SRC_URI = "git://github.com/openSUSE/libsolv.git \ - file://0001-solver_solve-only-disfavor-recommends-if-there-are-a.patch \ file://0001-build-use-GNUInstallDirs.patch \ " -SRCREV = "dc7d0f1c3113f2c8217563166906bef3eb5d1ee1" +SRCREV = "51fc3b1214aa9677e972712fa1ce6916e438751f" + UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)" S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch b/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch deleted file mode 100644 index 6d40d3cce..000000000 --- a/poky/meta/recipes-extended/libtirpc/libtirpc/libtirpc-1.0.4-rc1.patch +++ /dev/null @@ -1,103 +0,0 @@ -Patch from Fedora https://src.fedoraproject.org/rpms/libtirpc/raw/master/f/libtirpc-1.0.4-rc1.patch - -Upstream-Status: Backport -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -diff --git a/src/clnt_generic.c b/src/clnt_generic.c -index e5a314f..3f3dabf 100644 ---- a/src/clnt_generic.c -+++ b/src/clnt_generic.c -@@ -47,7 +47,6 @@ - - extern bool_t __rpc_is_local_host(const char *); - int __rpc_raise_fd(int); --extern int __binddynport(int fd); - - #ifndef NETIDLEN - #define NETIDLEN 32 -@@ -341,8 +340,7 @@ clnt_tli_create(int fd, const struct netconfig *nconf, - servtype = nconf->nc_semantics; - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - } else { - if (!__rpc_fd2sockinfo(fd, &si)) - goto err; -diff --git a/src/rpc_soc.c b/src/rpc_soc.c -index af6c482..5a6eeb7 100644 ---- a/src/rpc_soc.c -+++ b/src/rpc_soc.c -@@ -67,8 +67,6 @@ - - extern mutex_t rpcsoc_lock; - --extern int __binddynport(int fd); -- - static CLIENT *clnt_com_create(struct sockaddr_in *, rpcprog_t, rpcvers_t, - int *, u_int, u_int, char *, int); - static SVCXPRT *svc_com_create(int, u_int, u_int, char *); -@@ -147,8 +145,7 @@ clnt_com_create(raddr, prog, vers, sockp, sendsz, recvsz, tp, flags) - bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in); - bindaddr.buf = raddr; - -- if (__binddynport(fd) == -1) -- goto err; -+ bindresvport(fd, NULL); - cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers, - sendsz, recvsz); - if (cl) { -diff --git a/src/rpcb_clnt.c b/src/rpcb_clnt.c -index a94fc73..4b44364 100644 ---- a/src/rpcb_clnt.c -+++ b/src/rpcb_clnt.c -@@ -752,7 +752,7 @@ __try_protocol_version_2(program, version, nconf, host, tp) - - client = getpmaphandle(nconf, host, &parms.r_addr); - if (client == NULL) -- return (NULL); -+ goto error; - - /* - * Set retry timeout. -@@ -771,11 +771,11 @@ __try_protocol_version_2(program, version, nconf, host, tp) - if (clnt_st != RPC_SUCCESS) { - rpc_createerr.cf_stat = RPC_PMAPFAILURE; - clnt_geterr(client, &rpc_createerr.cf_error); -- return (NULL); -+ goto error; - } else if (port == 0) { - pmapaddress = NULL; - rpc_createerr.cf_stat = RPC_PROGNOTREGISTERED; -- return (NULL); -+ goto error; - } - port = htons(port); - CLNT_CONTROL(client, CLGET_SVC_ADDR, (char *)&remote); -@@ -789,14 +789,24 @@ __try_protocol_version_2(program, version, nconf, host, tp) - free(pmapaddress); - pmapaddress = NULL; - } -- return (NULL); -+ goto error; - } - memcpy(pmapaddress->buf, remote.buf, remote.len); - memcpy(&((char *)pmapaddress->buf)[sizeof (short)], - (char *)(void *)&port, sizeof (short)); - pmapaddress->len = pmapaddress->maxlen = remote.len; - -+ CLNT_DESTROY(client); - return pmapaddress; -+ -+error: -+ if (client) { -+ CLNT_DESTROY(client); -+ client = NULL; -+ -+ } -+ return (NULL); -+ - } - #endif - diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.0.3.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb index f978c8c8a..9c480b825 100644 --- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.0.3.bb +++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb @@ -10,13 +10,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \ PROVIDES = "virtual/librpc" SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \ - file://libtirpc-1.0.4-rc1.patch \ file://musl.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/" UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" -SRC_URI[md5sum] = "f8403a10695348854e71d525c4db5931" -SRC_URI[sha256sum] = "86c3a78fc1bddefa96111dd233124c703b22a78884203c55c3e06b3be6a0fd5e" +SRC_URI[md5sum] = "f5d2a623e9dfbd818d2f3f3a4a878e3a" +SRC_URI[sha256sum] = "2ca529f02292e10c158562295a1ffd95d2ce8af97820e3534fe1b0e3aec7561d" inherit autotools pkgconfig diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch new file mode 100644 index 000000000..39623c37d --- /dev/null +++ b/poky/meta/recipes-extended/ltp/ltp/0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch @@ -0,0 +1,70 @@ +From db57ddc1497e72947da2b14f471ab521478ef99d Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Thu, 31 Jan 2019 19:49:00 +0200 +Subject: [PATCH] syscalls/setrlimit03.c: read /proc/sys/fs/nr_open for + RLIMIT_NOFILE limit + +Since kernel v2.6.25 RLIMIT_NOFILE limit is no longer hardcoded to +NR_OPEN, but can be set via /proc/sys/fs/nr_open, see kernel commit +9cfe015aa424b3c003baba3841a60dd9b5ad319b ("get rid of NR_OPEN and +introduce a sysctl_nr_open"). + +nr_open default value is 1024*1024, so setrlimit03 has been passing fine +on new kernels, only "unexpectedly succeeding" if nr_open is set to some +larger value. + +Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com> +Reviewed-by: Cyril Hrubis <chrubis@suse.cz> + +Upstream-Status: Backport [db57ddc1497e ("syscalls/setrlimit03.c: read /proc/sys/fs/nr_open for RLIMIT_NOFILE limit")] + +Signed-off-by: He Zhe <zhe.he@windriver.com> +--- + testcases/kernel/syscalls/setrlimit/setrlimit03.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/testcases/kernel/syscalls/setrlimit/setrlimit03.c b/testcases/kernel/syscalls/setrlimit/setrlimit03.c +index 29b52aa..12455fe 100644 +--- a/testcases/kernel/syscalls/setrlimit/setrlimit03.c ++++ b/testcases/kernel/syscalls/setrlimit/setrlimit03.c +@@ -35,7 +35,10 @@ + # define NR_OPEN (1024*1024) + #endif + ++#define NR_OPEN_PATH "/proc/sys/fs/nr_open" ++ + static struct rlimit rlim1, rlim2; ++static unsigned int nr_open = NR_OPEN; + + static struct tcase { + struct rlimit *rlimt; +@@ -51,7 +54,10 @@ static void verify_setrlimit(unsigned int n) + + TEST(setrlimit(RLIMIT_NOFILE, tc->rlimt)); + if (TST_RET != -1) { +- tst_res(TFAIL, "call succeeded unexpectedly"); ++ tst_res(TFAIL, "call succeeded unexpectedly " ++ "(nr_open=%u rlim_cur=%lu rlim_max=%lu)", nr_open, ++ (unsigned long)(tc->rlimt->rlim_cur), ++ (unsigned long)(tc->rlimt->rlim_max)); + return; + } + +@@ -65,10 +71,13 @@ static void verify_setrlimit(unsigned int n) + + static void setup(void) + { ++ if (!access(NR_OPEN_PATH, F_OK)) ++ SAFE_FILE_SCANF(NR_OPEN_PATH, "%u", &nr_open); ++ + SAFE_GETRLIMIT(RLIMIT_NOFILE, &rlim1); + rlim2.rlim_max = rlim1.rlim_cur; + rlim2.rlim_cur = rlim1.rlim_max + 1; +- rlim1.rlim_max = NR_OPEN + 1; ++ rlim1.rlim_max = nr_open + 1; + } + + static struct tst_test test = { +-- +2.7.4 + diff --git a/poky/meta/recipes-extended/ltp/ltp_20190115.bb b/poky/meta/recipes-extended/ltp/ltp_20190115.bb index ddf97e26c..1d0c00b64 100644 --- a/poky/meta/recipes-extended/ltp/ltp_20190115.bb +++ b/poky/meta/recipes-extended/ltp/ltp_20190115.bb @@ -49,6 +49,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://0001-open_posix_testsuite-mmap24-2-Relax-condition-a-bit.patch \ file://define-sigrtmin-and-sigrtmax-for-musl.patch \ file://setregid01-security-string-formatting.patch \ + file://0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch \ " S = "${WORKDIR}/git" diff --git a/poky/meta/recipes-extended/man-db/man-db_2.8.4.bb b/poky/meta/recipes-extended/man-db/man-db_2.8.5.bb index aa364659e..441e2f411 100644 --- a/poky/meta/recipes-extended/man-db/man-db_2.8.4.bb +++ b/poky/meta/recipes-extended/man-db/man-db_2.8.5.bb @@ -7,8 +7,8 @@ LIC_FILES_CHKSUM = "file://docs/COPYING.LIB;md5=a6f89e2100d9b6cdffcea4f398e37343 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz \ file://99_mandb \ file://man_db.conf-avoid-multilib-install-file-conflict.patch" -SRC_URI[md5sum] = "ab41db551f500e4a595b11203b86c67a" -SRC_URI[sha256sum] = "103c185f9d8269b9ee3b8a4cb27912b3aa393e952731ef96fedc880723472bc3" +SRC_URI[md5sum] = "c5c6c3434be14a5527d43b5ad0f09a13" +SRC_URI[sha256sum] = "b64d52747534f1fe873b2876eb7f01319985309d5d7da319d2bc52ba1e73f6c1" DEPENDS = "libpipeline gdbm groff-native base-passwd" RDEPENDS_${PN} += "base-passwd" @@ -16,7 +16,7 @@ RDEPENDS_${PN} += "base-passwd" # | /usr/src/debug/man-db/2.8.0-r0/man-db-2.8.0/src/whatis.c:939: undefined reference to `_nl_msg_cat_cntr' USE_NLS_libc-musl = "no" -inherit gettext pkgconfig autotools +inherit gettext pkgconfig autotools systemd EXTRA_OECONF = "--with-pager=less" EXTRA_AUTORECONF += "-I ${S}/gl/m4" @@ -54,3 +54,6 @@ def compress_pkg(d): return "" RDEPENDS_${PN} += "${@compress_pkg(d)}" + +SYSTEMD_SERVICE_${PN} = "man-db.timer man-db.service" +SYSTEMD_AUTO_ENABLE ?= "disable" diff --git a/poky/meta/recipes-extended/man-pages/man-pages_4.16.bb b/poky/meta/recipes-extended/man-pages/man-pages_5.01.bb index 1f14c891b..28525f4ba 100644 --- a/poky/meta/recipes-extended/man-pages/man-pages_4.16.bb +++ b/poky/meta/recipes-extended/man-pages/man-pages_5.01.bb @@ -7,8 +7,8 @@ LICENSE = "GPLv2+" LIC_FILES_CHKSUM = "file://README;md5=794f701617cc03fe50c53257660d8ec4" SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/Archive/${BP}.tar.gz" -SRC_URI[md5sum] = "d1fb8ba312a1c15e0bfda911a98c5544" -SRC_URI[sha256sum] = "d38b0460bf3f35c95faf7f8cf52dac1216d86a47866f5e5f2fda88c61da04960" +SRC_URI[md5sum] = "38abead776a506109e128ab96bcbbe58" +SRC_URI[sha256sum] = "070bef794c6826b3fb3965d1a2efdb46c25cb37c06c715987f88a50906cd5b6f" inherit manpages diff --git a/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch new file mode 100644 index 000000000..e66a15cd7 --- /dev/null +++ b/poky/meta/recipes-extended/mdadm/files/debian-no-Werror.patch @@ -0,0 +1,25 @@ +From: martin f. krafft <madduck@debian.org> +Subject: Remove -Werror from compiler flags + +-Werror seems like a bad idea on released/packaged code because a toolchain +update (introducing new warnings) could break the build. We'll let upstream +use it to beautify the code, but remove it for out builds. + +Signed-off-by: martin f. krafft <madduck@debian.org> + +Upstream-Status: Pending +--- + Makefile | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -48,7 +48,7 @@ endif + + CC ?= $(CROSS_COMPILE)gcc + CXFLAGS ?= -ggdb +-CWFLAGS = -Wall -Werror -Wstrict-prototypes -Wextra -Wno-unused-parameter ++CWFLAGS = -Wall -Wstrict-prototypes -Wextra -Wno-unused-parameter + ifdef WARN_UNUSED + CWFLAGS += -Wp,-D_FORTIFY_SOURCE=2 -O3 + endif diff --git a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb index 947706ff5..ef5ddf55d 100644 --- a/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb +++ b/poky/meta/recipes-extended/mdadm/mdadm_4.1.bb @@ -17,6 +17,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \ file://0001-Use-CC-to-check-for-implicit-fallthrough-warning-sup.patch \ file://0001-Compute-abs-diff-in-a-standard-compliant-way.patch \ file://0001-fix-gcc-8-format-truncation-warning.patch \ + file://debian-no-Werror.patch \ file://mdadm.init \ file://mdmonitor.service \ " diff --git a/poky/meta/recipes-extended/msmtp/msmtp_1.6.6.bb b/poky/meta/recipes-extended/msmtp/msmtp_1.8.4.bb index e1721936c..888c1bbb5 100644 --- a/poky/meta/recipes-extended/msmtp/msmtp_1.6.6.bb +++ b/poky/meta/recipes-extended/msmtp/msmtp_1.8.4.bb @@ -1,19 +1,18 @@ SUMMARY = "msmtp is an SMTP client" DESCRIPTION = "A sendmail replacement for use in MTAs like mutt" -HOMEPAGE = "http://msmtp.sourceforge.net/" +HOMEPAGE = "https://marlam.de/msmtp/" SECTION = "console/network" LICENSE = "GPLv3" DEPENDS = "zlib gnutls" -#COPYING or Licence LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "http://sourceforge.net/projects/msmtp/files/msmtp/${PV}/${BPN}-${PV}.tar.xz \ - " +UPSTREAM_CHECK_URI = "https://marlam.de/msmtp/download/" -SRC_URI[md5sum] = "82b0520b57db4b2cf05333d11fb5974d" -SRC_URI[sha256sum] = "da15db1f62bd0201fce5310adb89c86188be91cd745b7cb3b62b81a501e7fb5e" +SRC_URI = "https://marlam.de/${BPN}/releases/${BP}.tar.xz" +SRC_URI[md5sum] = "abfabb92f0461137f3c09cd16d98fc9b" +SRC_URI[sha256sum] = "e5dd7fe95bc8e2f5eea3e4894ec9628252f30bd700a7fd1a568b10efa91129f7" inherit gettext autotools update-alternatives pkgconfig diff --git a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb index ffa838877..ec67f8d12 100644 --- a/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb +++ b/poky/meta/recipes-extended/packagegroups/packagegroup-core-full-cmdline.bb @@ -94,7 +94,6 @@ RDEPENDS_packagegroup-core-full-cmdline-utils = "\ tar \ time \ util-linux \ - zlib \ " RDEPENDS_packagegroup-core-full-cmdline-extended = "\ diff --git a/poky/meta/recipes-extended/procps/procps/sysctl.conf b/poky/meta/recipes-extended/procps/procps/sysctl.conf index 34e7488bf..253f3701b 100644 --- a/poky/meta/recipes-extended/procps/procps/sysctl.conf +++ b/poky/meta/recipes-extended/procps/procps/sysctl.conf @@ -1,64 +1,67 @@ -# This configuration file is taken from Debian. +# This configuration taken from procps v3.3.15 +# Commented out kernel/pid_max=10000 line # # /etc/sysctl.conf - Configuration file for setting system variables # See sysctl.conf (5) for information. -# -#kernel.domainname = example.com +# you can have the CD-ROM close when you use it, and open +# when you are done. +#dev.cdrom.autoeject = 1 +#dev.cdrom.autoclose = 1 -# Uncomment the following to stop low-level messages on console -#kernel.printk = 4 4 1 7 +# protection from the SYN flood attack +net/ipv4/tcp_syncookies=1 -##############################################################3 -# Functions previously found in netbase -# +# see the evil packets in your log files +net/ipv4/conf/all/log_martians=1 -# Uncomment the next two lines to enable Spoof protection (reverse-path filter) -# Turn on Source Address Verification in all interfaces to -# prevent some spoofing attacks -net.ipv4.conf.default.rp_filter=1 -net.ipv4.conf.all.rp_filter=1 +# makes you vulnerable or not :-) +net/ipv4/conf/all/accept_redirects=0 +net/ipv4/conf/all/accept_source_route=0 +net/ipv4/icmp_echo_ignore_broadcasts =1 -# Uncomment the next line to enable TCP/IP SYN cookies -#net.ipv4.tcp_syncookies=1 +# needed for routing, including masquerading or NAT +#net/ipv4/ip_forward=1 -# Uncomment the next line to enable packet forwarding for IPv4 -#net.ipv4.ip_forward=1 +# sets the port range used for outgoing connections +#net.ipv4.ip_local_port_range = 32768 61000 -# Uncomment the next line to enable packet forwarding for IPv6 -#net.ipv6.conf.all.forwarding=1 +# Broken routers and obsolete firewalls will corrupt the window scaling +# and ECN. Set these values to 0 to disable window scaling and ECN. +# This may, rarely, cause some performance loss when running high-speed +# TCP/IP over huge distances or running TCP/IP over connections with high +# packet loss and modern routers. This sure beats dropped connections. +#net.ipv4.tcp_ecn = 0 +# Swapping too much or not enough? Disks spinning up when you'd +# rather they didn't? Tweak these. +#vm.vfs_cache_pressure = 100 +#vm.laptop_mode = 0 +#vm.swappiness = 60 -################################################################### -# Additional settings - these settings can improve the network -# security of the host and prevent against some network attacks -# including spoofing attacks and man in the middle attacks through -# redirection. Some network environments, however, require that these -# settings are disabled so review and enable them as needed. -# -# Ignore ICMP broadcasts -#net.ipv4.icmp_echo_ignore_broadcasts = 1 -# -# Ignore bogus ICMP errors -#net.ipv4.icmp_ignore_bogus_error_responses = 1 -# -# Do not accept ICMP redirects (prevent MITM attacks) -#net.ipv4.conf.all.accept_redirects = 0 -#net.ipv6.conf.all.accept_redirects = 0 -# _or_ -# Accept ICMP redirects only for gateways listed in our default -# gateway list (enabled by default) -# net.ipv4.conf.all.secure_redirects = 1 -# -# Do not send ICMP redirects (we are not a router) -#net.ipv4.conf.all.send_redirects = 0 -# -# Do not accept IP source route packets (we are not a router) -#net.ipv4.conf.all.accept_source_route = 0 -#net.ipv6.conf.all.accept_source_route = 0 -# -# Log Martian Packets -#net.ipv4.conf.all.log_martians = 1 -# +#kernel.printk_ratelimit_burst = 10 +#kernel.printk_ratelimit = 5 +#kernel.panic_on_oops = 0 + +# Reboot 600 seconds after a panic +#kernel.panic = 600 + +# enable SysRq key (note: console security issues) +#kernel.sysrq = 1 + +# Change name of core file to start with the command name +# so you get things like: emacs.core mozilla-bin.core X.core +#kernel.core_pattern = %e.core + +# NIS/YP domain (not always equal to DNS domain) +#kernel.domainname = example.com +#kernel.hostname = darkstar + +# This limits PID values to 4 digits, which allows tools like ps +# to save screen space. +#kernel/pid_max=10000 -#kernel.shmmax = 141762560 +# Protects against creating or following links under certain conditions +# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt +#fs.protected_hardlinks = 1 +#fs.protected_symlinks = 1 diff --git a/poky/meta/recipes-extended/quota/quota/fcntl.patch b/poky/meta/recipes-extended/quota/quota/fcntl.patch index 2d3797132..51a770ce6 100644 --- a/poky/meta/recipes-extended/quota/quota/fcntl.patch +++ b/poky/meta/recipes-extended/quota/quota/fcntl.patch @@ -9,13 +9,11 @@ Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> -ndex: quota-tools/quota.h -=================================================================== -Index: quota-tools/quota.h -=================================================================== ---- quota-tools.orig/quota.h -+++ quota-tools/quota.h -@@ -165,6 +165,6 @@ enum { +diff --git a/quota.h b/quota.h +index 4c21411..d20c217 100644 +--- a/quota.h ++++ b/quota.h +@@ -182,6 +182,6 @@ enum { #endif #endif @@ -23,10 +21,10 @@ Index: quota-tools/quota.h +long quotactl (int, const char *, qid_t, caddr_t); #endif /* _QUOTA_ */ -Index: quota-tools/quotacheck.c -=================================================================== ---- quota-tools.orig/quotacheck.c -+++ quota-tools/quotacheck.c +diff --git a/quotacheck.c b/quotacheck.c +index 2cdf475..07c18a7 100644 +--- a/quotacheck.c ++++ b/quotacheck.c @@ -19,6 +19,7 @@ #include <unistd.h> #include <stdlib.h> @@ -35,10 +33,10 @@ Index: quota-tools/quotacheck.c #include <sys/stat.h> #include <sys/types.h> -Index: quota-tools/quotaio.c -=================================================================== ---- quota-tools.orig/quotaio.c -+++ quota-tools/quotaio.c +diff --git a/quotaio.c b/quotaio.c +index 94ae458..d57fc1a 100644 +--- a/quotaio.c ++++ b/quotaio.c @@ -12,6 +12,7 @@ #include <string.h> #include <unistd.h> @@ -47,22 +45,10 @@ Index: quota-tools/quotaio.c #include <sys/types.h> #include <sys/stat.h> #include <sys/file.h> -Index: quota-tools/dqblk_v2.h -=================================================================== ---- quota-tools.orig/dqblk_v2.h -+++ quota-tools/dqblk_v2.h -@@ -7,6 +7,7 @@ - #ifndef GUARD_DQBLK_V2_H - #define GUARD_DQBLK_V2_H - -+#include <fcntl.h> - #include <sys/types.h> - #include "quota_tree.h" - -Index: quota-tools/rquota_client.c -=================================================================== ---- quota-tools.orig/rquota_client.c -+++ quota-tools/rquota_client.c +diff --git a/rquota_client.c b/rquota_client.c +index a3a4ae3..0ffe7a9 100644 +--- a/rquota_client.c ++++ b/rquota_client.c @@ -19,7 +19,9 @@ #include "config.h" diff --git a/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch b/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch deleted file mode 100644 index 06ff13cb9..000000000 --- a/poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch +++ /dev/null @@ -1,198 +0,0 @@ -Use proper C99 integer types - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - -Index: quota-tools/bylabel.c -=================================================================== ---- quota-tools.orig/bylabel.c -+++ quota-tools/bylabel.c -@@ -20,6 +20,7 @@ - #include <ctype.h> - #include <fcntl.h> - #include <unistd.h> -+#include <stdint.h> - - #include "bylabel.h" - #include "common.h" -@@ -37,32 +38,32 @@ static struct uuidCache_s { - - #define EXT2_SUPER_MAGIC 0xEF53 - struct ext2_super_block { -- u_char s_dummy1[56]; -- u_char s_magic[2]; -- u_char s_dummy2[46]; -- u_char s_uuid[16]; -- u_char s_volume_name[16]; -+ uint8_t s_dummy1[56]; -+ uint8_t s_magic[2]; -+ uint8_t s_dummy2[46]; -+ uint8_t s_uuid[16]; -+ uint8_t s_volume_name[16]; - }; - --#define ext2magic(s) ((uint) s.s_magic[0] + (((uint) s.s_magic[1]) << 8)) -+#define ext2magic(s) ((uint32_t) s.s_magic[0] + (((uint32_t) s.s_magic[1]) << 8)) - - #define XFS_SUPER_MAGIC "XFSB" - #define XFS_SUPER_MAGIC2 "BSFX" - struct xfs_super_block { -- u_char s_magic[4]; -- u_char s_dummy[28]; -- u_char s_uuid[16]; -- u_char s_dummy2[60]; -- u_char s_fsname[12]; -+ uint8_t s_magic[4]; -+ uint8_t s_dummy[28]; -+ uint8_t s_uuid[16]; -+ uint8_t s_dummy2[60]; -+ uint8_t s_fsname[12]; - }; - - #define REISER_SUPER_MAGIC "ReIsEr2Fs" - struct reiserfs_super_block { -- u_char s_dummy1[52]; -- u_char s_magic[10]; -- u_char s_dummy2[22]; -- u_char s_uuid[16]; -- u_char s_volume_name[16]; -+ uint8_t s_dummy1[52]; -+ uint8_t s_magic[10]; -+ uint8_t s_dummy2[22]; -+ uint8_t s_uuid[16]; -+ uint8_t s_volume_name[16]; - }; - - static inline unsigned short swapped(unsigned short a) -@@ -222,7 +223,7 @@ static char *get_spec_by_x(int n, const - return NULL; - } - --static u_char fromhex(char c) -+static uint8_t fromhex(char c) - { - if (isdigit(c)) - return (c - '0'); -@@ -234,7 +235,7 @@ static u_char fromhex(char c) - - static char *get_spec_by_uuid(const char *s) - { -- u_char uuid[16]; -+ uint8_t uuid[16]; - int i; - - if (strlen(s) != 36 || s[8] != '-' || s[13] != '-' || s[18] != '-' || s[23] != '-') -Index: quota-tools/quot.c -=================================================================== ---- quota-tools.orig/quot.c -+++ quota-tools/quot.c -@@ -47,6 +47,7 @@ - #include <utmp.h> - #include <pwd.h> - #include <grp.h> -+#include <stdint.h> - - #include "pot.h" - #include "quot.h" -@@ -56,8 +57,8 @@ - #include "quotasys.h" - - #define TSIZE 500 --static __uint64_t sizes[TSIZE]; --static __uint64_t overflow; -+static uint64_t sizes[TSIZE]; -+static uint64_t overflow; - - static int aflag; - static int cflag; -@@ -72,7 +73,7 @@ static time_t now; - char *progname; - - static void mounttable(void); --static char *idname(__uint32_t, int); -+static char *idname(uint32_t, int); - static void report(const char *, const char *, int); - static void creport(const char *, const char *); - -@@ -173,7 +174,7 @@ static int qcmp(du_t * p1, du_t * p2) - static void creport(const char *file, const char *fsdir) - { - int i; -- __uint64_t t = 0; -+ uint64_t t = 0; - - printf(_("%s (%s):\n"), file, fsdir); - for (i = 0; i < TSIZE - 1; i++) -@@ -219,7 +220,7 @@ static void report(const char *file, con - } - } - --static idcache_t *getnextent(int type, __uint32_t id, int byid) -+static idcache_t *getnextent(int type, uint32_t id, int byid) - { - struct passwd *pw; - struct group *gr; -@@ -240,7 +241,7 @@ static idcache_t *getnextent(int type, _ - return &idc; - } - --static char *idname(__uint32_t id, int type) -+static char *idname(uint32_t id, int type) - { - idcache_t *ncp, *idp; - static idcache_t nc[2][NID]; -@@ -286,8 +287,8 @@ static void acctXFS(xfs_bstat_t *p) - { - register du_t *dp; - du_t **hp; -- __uint64_t size; -- __uint32_t i, id; -+ uint64_t size; -+ uint32_t i, id; - - if ((p->bs_mode & S_IFMT) == 0) - return; -Index: quota-tools/quot.h -=================================================================== ---- quota-tools.orig/quot.h -+++ quota-tools/quot.h -@@ -35,18 +35,18 @@ - #define SEC24HR (60*60*24) /* seconds per day */ - - typedef struct { -- __uint32_t id; -+ uint32_t id; - char name[UT_NAMESIZE + 1]; - } idcache_t; - - typedef struct du { - struct du *next; -- __uint64_t blocks; -- __uint64_t blocks30; -- __uint64_t blocks60; -- __uint64_t blocks90; -- __uint64_t nfiles; -- __uint32_t id; -+ uint64_t blocks; -+ uint64_t blocks30; -+ uint64_t blocks60; -+ uint64_t blocks90; -+ uint64_t nfiles; -+ uint32_t id; - } du_t; - - #define NDU 60000 -Index: quota-tools/rquota_server.c -=================================================================== ---- quota-tools.orig/rquota_server.c -+++ quota-tools/rquota_server.c -@@ -60,7 +60,7 @@ extern char nfs_pseudoroot[PATH_MAX]; - */ - extern struct authunix_parms *unix_cred; - --int in_group(gid_t * gids, u_int len, gid_t gid) -+int in_group(gid_t * gids, uint32_t len, gid_t gid) - { - gid_t *gidsp = gids + len; - diff --git a/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch b/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch deleted file mode 100644 index 4687ca06f..000000000 --- a/poky/meta/recipes-extended/quota/quota/replace_getrpcbynumber_r.patch +++ /dev/null @@ -1,32 +0,0 @@ -From a3808fd165847298d025971eb3c7be7d11caba9d Mon Sep 17 00:00:00 2001 -From: "Maxin B. John" <maxin.john@intel.com> -Date: Wed, 8 Nov 2017 11:56:55 +0200 -Subject: [PATCH] Replace getrpcbynumber_r with getrpcbynumber - -musl and uclibc dont implement it - -Upstream-Status: Pending - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - svc_socket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/svc_socket.c b/svc_socket.c -index 8a44604..5bdaaa0 100644 ---- a/svc_socket.c -+++ b/svc_socket.c -@@ -36,7 +36,8 @@ static int get_service_port(u_long number, const char *proto) - struct servent servbuf, *servp = NULL; - int ret; - -- ret = getrpcbynumber_r(number, &rpcbuf, rpcdata, sizeof(rpcdata), &rpcp); -+ rpcp = getrpcbynumber(number); -+ ret = 0; - if (ret == 0 && rpcp != NULL) { - /* First try name */ - ret = getservbyname_r(rpcp->r_name, proto, &servbuf, servdata, --- -2.4.0 - diff --git a/poky/meta/recipes-extended/quota/quota_4.04.bb b/poky/meta/recipes-extended/quota/quota_4.05.bb index 93f376286..c5da1e71e 100644 --- a/poky/meta/recipes-extended/quota/quota_4.04.bb +++ b/poky/meta/recipes-extended/quota/quota_4.05.bb @@ -3,18 +3,14 @@ SECTION = "base" HOMEPAGE = "http://sourceforge.net/projects/linuxquota/" BUGTRACKER = "http://sourceforge.net/tracker/?group_id=18136&atid=118136" LICENSE = "BSD & GPLv2+ & LGPLv2.1+" -LIC_FILES_CHKSUM = "file://quota.c;beginline=1;endline=33;md5=331c7d77744bfe0ad24027f0651028ec \ - file://rquota_server.c;beginline=1;endline=20;md5=fe7e0d7e11c6f820f8fa62a5af71230f \ +LIC_FILES_CHKSUM = "file://rquota_server.c;beginline=1;endline=20;md5=fe7e0d7e11c6f820f8fa62a5af71230f \ file://svc_socket.c;beginline=1;endline=17;md5=24d5a8792da45910786eeac750be8ceb" SRC_URI = "${SOURCEFORGE_MIRROR}/project/linuxquota/quota-tools/${PV}/quota-${PV}.tar.gz \ file://fcntl.patch \ - file://remove_non_posix_types.patch \ " -SRC_URI_append_libc-musl = " file://replace_getrpcbynumber_r.patch" - -SRC_URI[md5sum] = "f46f3b0b5141f032f25684005dac49d3" -SRC_URI[sha256sum] = "735be1887e7f51f54165e778ae43fc859c04e44d88834ecb2f470e91d4ef8edf" +SRC_URI[md5sum] = "1c1dbd2cd3d680ccac661239b067e147" +SRC_URI[sha256sum] = "ef3b5b5d1014ed1344b46c1826145e20cbef8db967b522403c9a060761cf7ab9" CVE_PRODUCT = "linux_diskquota" diff --git a/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch b/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch new file mode 100644 index 000000000..de0ba3ebb --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch @@ -0,0 +1,89 @@ +From fe34a2a0e44bc80ff213bfd185046a5f10c94997 Mon Sep 17 00:00:00 2001 +From: Chris Lamb <chris@chris-lamb.co.uk> +Date: Wed, 2 Jan 2019 18:06:16 +0000 +Subject: [PATCH 1/2] Make the sp_lstchg shadow field reproducible (re. #71) + +From <https://github.com/shadow-maint/shadow/pull/71>: + +``` +The third field in the /etc/shadow file (sp_lstchg) contains the date of +the last password change expressed as the number of days since Jan 1, 1970. +As this is a relative time, creating a user today will result in: + +username:17238:0:99999:7::: +whilst creating the same user tomorrow will result in: + +username:17239:0:99999:7::: +This has an impact for the Reproducible Builds[0] project where we aim to +be independent of as many elements the build environment as possible, +including the current date. + +This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1] +environment variable (instead of Jan 1, 1970) if valid. +``` + +This updated PR adds some missing calls to gettime (). This was originally +filed by Johannes Schauer in Debian as #917773 [2]. + +[0] https://reproducible-builds.org/ +[1] https://reproducible-builds.org/specs/source-date-epoch/ +[2] https://bugs.debian.org/917773 + +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + libmisc/pwd2spwd.c | 3 +-- + src/pwck.c | 2 +- + src/pwconv.c | 2 +- + 3 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/libmisc/pwd2spwd.c b/libmisc/pwd2spwd.c +index c1b9b29ac873..6799dd50d490 100644 +--- a/libmisc/pwd2spwd.c ++++ b/libmisc/pwd2spwd.c +@@ -40,7 +40,6 @@ + #include "prototypes.h" + #include "defines.h" + #include <pwd.h> +-extern time_t time (time_t *); + + /* + * pwd_to_spwd - create entries for new spwd structure +@@ -66,7 +65,7 @@ struct spwd *pwd_to_spwd (const struct passwd *pw) + */ + sp.sp_min = 0; + sp.sp_max = (10000L * DAY) / SCALE; +- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ sp.sp_lstchg = (long) gettime () / SCALE; + if (0 == sp.sp_lstchg) { + /* Better disable aging than requiring a password + * change */ +diff --git a/src/pwck.c b/src/pwck.c +index 0ffb711efb13..f70071b12500 100644 +--- a/src/pwck.c ++++ b/src/pwck.c +@@ -609,7 +609,7 @@ static void check_pw_file (int *errors, bool *changed) + sp.sp_inact = -1; + sp.sp_expire = -1; + sp.sp_flag = SHADOW_SP_FLAG_UNSET; +- sp.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ sp.sp_lstchg = (long) gettime () / SCALE; + if (0 == sp.sp_lstchg) { + /* Better disable aging than + * requiring a password change +diff --git a/src/pwconv.c b/src/pwconv.c +index 9c69fa131d8e..f932f266c59c 100644 +--- a/src/pwconv.c ++++ b/src/pwconv.c +@@ -267,7 +267,7 @@ int main (int argc, char **argv) + spent.sp_flag = SHADOW_SP_FLAG_UNSET; + } + spent.sp_pwdp = pw->pw_passwd; +- spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; ++ spent.sp_lstchg = (long) gettime () / SCALE; + if (0 == spent.sp_lstchg) { + /* Better disable aging than requiring a password + * change */ +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch b/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch new file mode 100644 index 000000000..8c8234d03 --- /dev/null +++ b/poky/meta/recipes-extended/shadow/files/0002-gettime-Use-secure_getenv-over-getenv.patch @@ -0,0 +1,71 @@ +From 3d921155e0a761f61c8f1ec37328724aee1e2eda Mon Sep 17 00:00:00 2001 +From: Chris Lamb <chris@chris-lamb.co.uk> +Date: Sun, 31 Mar 2019 15:59:45 +0100 +Subject: [PATCH 2/2] gettime: Use secure_getenv over getenv. + +Upstream-Status: Backport +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + README | 1 + + configure.ac | 3 +++ + lib/defines.h | 6 ++++++ + libmisc/gettime.c | 2 +- + 4 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index 952ac5787f06..26cfff1e8fa8 100644 +--- a/README ++++ b/README +@@ -51,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org> + Calle Karlsson <ckn@kash.se> + Chip Rosenthal <chip@unicom.com> + Chris Evans <lady0110@sable.ox.ac.uk> ++Chris Lamb <chris@chris-lamb.co.uk> + Cristian Gafton <gafton@sorosis.ro> + Dan Walsh <dwalsh@redhat.com> + Darcy Boese <possum@chardonnay.niagara.com> +diff --git a/configure.ac b/configure.ac +index da236722766b..a738ad662cc3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -110,6 +110,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent) + AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr) + + AC_CHECK_FUNC(setpgrp) ++AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV, ++ 1, ++ [Defined to 1 if you have the declaration of 'secure_getenv'])]) + + if test "$ac_cv_header_shadow_h" = "yes"; then + AC_CACHE_CHECK(for working shadow group support, +diff --git a/lib/defines.h b/lib/defines.h +index cded1417fd12..2fb1b56eca6b 100644 +--- a/lib/defines.h ++++ b/lib/defines.h +@@ -382,4 +382,10 @@ extern char *strerror (); + # endif + #endif + ++#ifdef HAVE_SECURE_GETENV ++# define shadow_getenv(name) secure_getenv(name) ++# else ++# define shadow_getenv(name) getenv(name) ++#endif ++ + #endif /* _DEFINES_H_ */ +diff --git a/libmisc/gettime.c b/libmisc/gettime.c +index 53eaf51670bb..0e25a4b75061 100644 +--- a/libmisc/gettime.c ++++ b/libmisc/gettime.c +@@ -52,7 +52,7 @@ + unsigned long long epoch; + + fallback = time (NULL); +- source_date_epoch = getenv ("SOURCE_DATE_EPOCH"); ++ source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH"); + + if (!source_date_epoch) + return fallback; +-- +2.17.1 + diff --git a/poky/meta/recipes-extended/shadow/shadow.inc b/poky/meta/recipes-extended/shadow/shadow.inc index 4de21acb7..831751d6d 100644 --- a/poky/meta/recipes-extended/shadow/shadow.inc +++ b/poky/meta/recipes-extended/shadow/shadow.inc @@ -11,6 +11,8 @@ DEPENDS = "virtual/crypt" UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ file://shadow-4.1.3-dots-in-usernames.patch \ + file://0001-Make-the-sp_lstchg-shadow-field-reproducible-re.-71.patch \ + file://0002-gettime-Use-secure_getenv-over-getenv.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " diff --git a/poky/meta/recipes-extended/sysstat/sysstat.inc b/poky/meta/recipes-extended/sysstat/sysstat.inc index 0bc7e14d3..9228fc29c 100644 --- a/poky/meta/recipes-extended/sysstat/sysstat.inc +++ b/poky/meta/recipes-extended/sysstat/sysstat.inc @@ -10,12 +10,11 @@ SRC_URI = "http://pagesperso-orange.fr/sebastien.godard/sysstat-${PV}.tar.xz \ " UPSTREAM_CHECK_URI = "http://sebastien.godard.pagesperso-orange.fr/download.html" -UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" DEPENDS += "base-passwd" # autotools-brokensep as this package doesn't use automake -inherit autotools-brokensep gettext systemd +inherit autotools-brokensep gettext systemd upstream-version-is-even PACKAGECONFIG ??= "" PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors" diff --git a/poky/meta/recipes-extended/tar/tar_1.31.bb b/poky/meta/recipes-extended/tar/tar_1.32.bb index a78504261..7240fdb7e 100644 --- a/poky/meta/recipes-extended/tar/tar_1.31.bb +++ b/poky/meta/recipes-extended/tar/tar_1.32.bb @@ -11,8 +11,8 @@ SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://musl_dirent.patch \ " -SRC_URI[md5sum] = "77afa35b696c8d760331fa0e12c2fac9" -SRC_URI[sha256sum] = "577bd4463eea103bdfc662fc385789e2228dbeb399a1d0b98571ed9ce044f763" +SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" +SRC_URI[sha256sum] = "e4bb9e08e12e7fa9f11fef544efc85e59ba34538593d9ad38148c7ca2bfbb566" inherit autotools gettext texinfo @@ -21,7 +21,7 @@ PACKAGECONFIG_append_class-target = " ${@bb.utils.filter('DISTRO_FEATURES', 'acl PACKAGECONFIG[acl] = "--with-posix-acls,--without-posix-acls,acl" -EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" +EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" # Let aclocal use the relative path for the m4 file rather than the # absolute since tar has a lot of m4 files, otherwise there might @@ -45,7 +45,7 @@ do_install_append_class-target() { PACKAGES =+ "${PN}-rmt" -FILES_${PN}-rmt = "${base_sbindir}/rmt*" +FILES_${PN}-rmt = "${sbindir}/rmt*" inherit update-alternatives @@ -57,7 +57,7 @@ ALTERNATIVE_${PN}_class-nativesdk = "" ALTERNATIVE_${PN}-rmt_class-nativesdk = "" ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar" -ALTERNATIVE_LINK_NAME[rmt] = "${base_sbindir}/rmt" +ALTERNATIVE_LINK_NAME[rmt] = "${sbindir}/rmt" PROVIDES_append_class-native = " tar-replacement-native" NATIVE_PACKAGE_PATH_SUFFIX = "/${PN}" diff --git a/poky/meta/recipes-extended/wget/wget_1.20.1.bb b/poky/meta/recipes-extended/wget/wget_1.20.1.bb deleted file mode 100644 index d176bd0ac..000000000 --- a/poky/meta/recipes-extended/wget/wget_1.20.1.bb +++ /dev/null @@ -1,8 +0,0 @@ -SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ - file://0002-improve-reproducibility.patch \ - " - -SRC_URI[md5sum] = "f6ebe9c7b375fc9832fb1b2028271fb7" -SRC_URI[sha256sum] = "b783b390cb571c837b392857945f5a1f00ec6b043177cc42abb8ee1b542ee1b3" - -require wget.inc diff --git a/poky/meta/recipes-extended/wget/wget_1.20.3.bb b/poky/meta/recipes-extended/wget/wget_1.20.3.bb new file mode 100644 index 000000000..4fa273d09 --- /dev/null +++ b/poky/meta/recipes-extended/wget/wget_1.20.3.bb @@ -0,0 +1,8 @@ +SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \ + file://0002-improve-reproducibility.patch \ + " + +SRC_URI[md5sum] = "db4e6dc7977cbddcd543b240079a4899" +SRC_URI[sha256sum] = "31cccfc6630528db1c8e3a06f6decf2a370060b982841cfab2b8677400a5092e" + +require wget.inc |