diff options
Diffstat (limited to 'yocto-poky/meta/recipes-extended')
54 files changed, 927 insertions, 136 deletions
diff --git a/yocto-poky/meta/recipes-extended/bash/bash.inc b/yocto-poky/meta/recipes-extended/bash/bash.inc index c06f157b8..020409fb6 100644 --- a/yocto-poky/meta/recipes-extended/bash/bash.inc +++ b/yocto-poky/meta/recipes-extended/bash/bash.inc @@ -7,7 +7,7 @@ DEPENDS = "ncurses bison-native" inherit autotools gettext texinfo update-alternatives ptest EXTRA_AUTORECONF += "--exclude=autoheader" -EXTRA_OECONF = "--enable-job-control" +EXTRA_OECONF = "--enable-job-control --without-bash-malloc" # If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the # startup files, even if they are not interactive. diff --git a/yocto-poky/meta/recipes-extended/byacc/byacc/byacc-open.patch b/yocto-poky/meta/recipes-extended/byacc/byacc/byacc-open.patch index 916054340..005831130 100644 --- a/yocto-poky/meta/recipes-extended/byacc/byacc/byacc-open.patch +++ b/yocto-poky/meta/recipes-extended/byacc/byacc/byacc-open.patch @@ -1,3 +1,15 @@ +Ubuntu defaults to passing _FORTIFY_SOURCE=2 which breaks byacc as it doesn't +pass enough arguments to open(): + + inlined from 'open_tmpfile' at byacc-20150711/main.c:588:5: + /usr/include/x86_64-linux-gnu/bits/fcntl2.h:50:24: error: call to '__open_missing_mode' declared with attribute error: + open with O_CREAT in second argument needs 3 arguments + +Add a mode of 0666 to fix this. + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> + diff --git a/main.c b/main.c index 620ce3f..82071a4 100644 --- a/main.c diff --git a/yocto-poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch b/yocto-poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch new file mode 100644 index 000000000..ece90d94e --- /dev/null +++ b/yocto-poky/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-bunzip2-qt-returns-0-for-corrupt-archives.patch @@ -0,0 +1,55 @@ +From 8068659388127e8e63f2d2297ba2348c72b20705 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong.fan@windriver.com> +Date: Mon, 12 Oct 2015 03:19:51 -0400 +Subject: [PATCH] bzip2: fix bunzip2 -qt returns 0 for corrupt archives + +"bzip2 -t FILE" returns 2 if FILE exists, but is not a valid bzip2 file. +"bzip2 -qt FILE" returns 0 when this happens, although it does print out +an error message as is does so. + +This has been fix by Debian, just port changes from Debian patch file +"20-legacy.patch". + +Debian defect: +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=279025 + +Fix item from changelog: +http://archive.debian.net/changelogs/pool/main/b/bzip2/bzip2_1.0.2-7/changelog + + * Fixed "bunzip2 -qt returns 0 for corrupt archives" (Closes: #279025). + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> +--- + bzip2.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/bzip2.c b/bzip2.c +index 6de9d1d..f2ce668 100644 +--- a/bzip2.c ++++ b/bzip2.c +@@ -2003,12 +2003,14 @@ IntNative main ( IntNative argc, Char *argv[] ) + testf ( aa->name ); + } + } +- if (testFailsExist && noisy) { +- fprintf ( stderr, +- "\n" +- "You can use the `bzip2recover' program to attempt to recover\n" +- "data from undamaged sections of corrupted files.\n\n" +- ); ++ if (testFailsExist) { ++ if (noisy) { ++ fprintf ( stderr, ++ "\n" ++ "You can use the `bzip2recover' program to attempt to recover\n" ++ "data from undamaged sections of corrupted files.\n\n" ++ ); ++ } + setExit(2); + exit(exitValue); + } +-- +1.9.1 + diff --git a/yocto-poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/yocto-poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb index 233fe4c33..d7b8c0655 100644 --- a/yocto-poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb +++ b/yocto-poky/meta/recipes-extended/bzip2/bzip2_1.0.6.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc PR = "r5" SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \ + file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \ file://configure.ac;subdir=${BP} \ file://Makefile.am;subdir=${BP} \ file://run-ptest" diff --git a/yocto-poky/meta/recipes-extended/cpio/cpio_v2.inc b/yocto-poky/meta/recipes-extended/cpio/cpio_v2.inc index 93de4bb92..8520ff267 100644 --- a/yocto-poky/meta/recipes-extended/cpio/cpio_v2.inc +++ b/yocto-poky/meta/recipes-extended/cpio/cpio_v2.inc @@ -18,9 +18,11 @@ EXTRA_OECONF += "DEFAULT_RMT_DIR=${base_sbindir}" do_install () { autotools_do_install - install -d ${D}${base_bindir}/ - mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio" - rmdir ${D}${bindir}/ + if [ "${base_bindir}" != "${bindir}" ]; then + install -d ${D}${base_bindir}/ + mv "${D}${bindir}/cpio" "${D}${base_bindir}/cpio" + rmdir ${D}${bindir}/ + fi } PACKAGES =+ "${PN}-rmt" diff --git a/yocto-poky/meta/recipes-extended/cronie/cronie_1.5.0.bb b/yocto-poky/meta/recipes-extended/cronie/cronie_1.5.0.bb index 38bd5935c..697501ac1 100644 --- a/yocto-poky/meta/recipes-extended/cronie/cronie_1.5.0.bb +++ b/yocto-poky/meta/recipes-extended/cronie/cronie_1.5.0.bb @@ -4,7 +4,7 @@ specified programs at scheduled times and related tools. It is based on the \ original cron and has security and configuration enhancements like the \ ability to use pam and SELinux." HOMEPAGE = "https://fedorahosted.org/cronie/" -BUGTRACKER = "mmaslano@redhat.com" +BUGTRACKER = "https://bugzilla.redhat.com" # Internet Systems Consortium License LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & GPLv2+" diff --git a/yocto-poky/meta/recipes-extended/cups/cups.inc b/yocto-poky/meta/recipes-extended/cups/cups.inc index 57cdf2650..2c34da98d 100644 --- a/yocto-poky/meta/recipes-extended/cups/cups.inc +++ b/yocto-poky/meta/recipes-extended/cups/cups.inc @@ -28,6 +28,7 @@ PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'avahi', PACKAGECONFIG[avahi] = "--enable-avahi,--disable-avahi,avahi" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl" PACKAGECONFIG[pam] = "--enable-pam, --disable-pam, libpam" +PACKAGECONFIG[xinetd] = "--with-xinetd=${sysconfdir}/xinetd.d,--without-xinetd,xinetd" EXTRA_OECONF = " \ --enable-gnutls \ @@ -64,6 +65,11 @@ do_install () { rm -fr ${D}/${localstatedir}/run rmdir ${D}/${libdir}/${BPN}/driver + # Fix the pam configuration file permissions + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + chmod 0644 ${D}${sysconfdir}/pam.d/cups + fi + # Remove sysinit script and symlinks if sysvinit is not in DISTRO_FEATURES if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','false','true',d)}; then rm -rf ${D}${sysconfdir}/init.d/ diff --git a/yocto-poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb b/yocto-poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb index 43ea3ce38..65a99fc28 100644 --- a/yocto-poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb +++ b/yocto-poky/meta/recipes-extended/cwautomacros/cwautomacros_20110201.bb @@ -14,6 +14,9 @@ do_configure() { do_install() { oe_runmake CWAUTOMACROSPREFIX=${D}${prefix} install + + # cleanup buildpaths in autogen.sh + sed -i -e 's,${D},,g' ${D}${prefix}/share/cwautomacros/scripts/autogen.sh } BBCLASSEXTEND = "native" diff --git a/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch new file mode 100644 index 000000000..aaedc88aa --- /dev/null +++ b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8327.patch @@ -0,0 +1,23 @@ +Upstream-Status: Backport + + +http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 + +Hand applied change to util.c. Fix was for cups-filters but also applied to foomatic-filters. + +CVE: CVE-2015-8327 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: util.c +=================================================================== +--- a/util.c ++++ b/util.c +@@ -31,7 +31,7 @@ + #include <assert.h> + + +-const char* shellescapes = "|;<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"`#*?()[]{}"; + + const char * temp_dir() + { diff --git a/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8560.patch b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8560.patch new file mode 100644 index 000000000..dc973c459 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters-4.0.17/CVE-2015-8560.patch @@ -0,0 +1,23 @@ +Upstream-Status: Backport + + +http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 + +Hand applied change to util.c. Fix was for cups-filters but also applied to foomatic-filters. + +CVE: CVE-2015-8560 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: util.c +=================================================================== +--- a/util.c ++++ b/util.c +@@ -31,7 +31,7 @@ + #include <assert.h> + + +-const char* shellescapes = "|<>&!$\'\"#*?()[]{}"; ++const char* shellescapes = "|;<>&!$\'\"#*?()[]{}"; + + const char * temp_dir() + { diff --git a/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb index 790c98138..58ef1f5b0 100644 --- a/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb +++ b/yocto-poky/meta/recipes-extended/foomatic/foomatic-filters_4.0.17.bb @@ -17,6 +17,10 @@ LIC_FILES_CHKSUM = "file://${WORKDIR}/foomatic-filters-${PV}/COPYING;md5=393a5ca SRC_URI = "http://www.openprinting.org/download/foomatic/foomatic-filters-${PV}.tar.gz" +SRC_URI += "file://CVE-2015-8560.patch \ + file://CVE-2015-8327.patch \ + " + SRC_URI[md5sum] = "b05f5dcbfe359f198eef3df5b283d896" SRC_URI[sha256sum] = "a2e2e53e502571e88eeb9010c45a0d54671f15707ee104f5c9c22b59ea7a33e3" diff --git a/yocto-poky/meta/recipes-extended/ghostscript/ghostscript/png_mak.patch b/yocto-poky/meta/recipes-extended/ghostscript/ghostscript/png_mak.patch new file mode 100644 index 000000000..da900ead3 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/ghostscript/ghostscript/png_mak.patch @@ -0,0 +1,21 @@ +ghostscript: add dependency for pnglibconf.h + +When using parallel make jobs, we need to be sure that +pnglibconf.h is created before we try to reference it, +so add a rule to png.mak. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater <jslater@windriver.com> + +--- a/base/png.mak ++++ b/base/png.mak +@@ -81,6 +81,8 @@ png.config-clean : + $(pnglibconf_h) : $(PNGSRC)scripts$(D)pnglibconf.h.prebuilt + $(CP_) $(PNGSRC)scripts$(D)pnglibconf.h.prebuilt $(pnglibconf_h) + ++$(MAKEDIRS) : $(pnglibconf_h) ++ + PDEP=$(AK) $(pnglibconf_h) $(MAKEDIRS) + + png_1=$(PNGOBJ)png.$(OBJ) $(PNGOBJ)pngmem.$(OBJ) $(PNGOBJ)pngerror.$(OBJ) $(PNGOBJ)pngset.$(OBJ) diff --git a/yocto-poky/meta/recipes-extended/ghostscript/ghostscript_9.16.bb b/yocto-poky/meta/recipes-extended/ghostscript/ghostscript_9.16.bb index ec4acc666..d584c49b0 100644 --- a/yocto-poky/meta/recipes-extended/ghostscript/ghostscript_9.16.bb +++ b/yocto-poky/meta/recipes-extended/ghostscript/ghostscript_9.16.bb @@ -19,6 +19,7 @@ DEPENDS_class-native = "" SRC_URI_BASE = "http://downloads.ghostscript.com/public/ghostscript-${PV}.tar.gz \ file://ghostscript-9.15-parallel-make.patch \ file://ghostscript-9.16-Werror-return-type.patch \ + file://png_mak.patch \ " SRC_URI = "${SRC_URI_BASE} \ diff --git a/yocto-poky/meta/recipes-extended/grep/grep_2.21.bb b/yocto-poky/meta/recipes-extended/grep/grep_2.21.bb index 3661098c5..c51147b57 100644 --- a/yocto-poky/meta/recipes-extended/grep/grep_2.21.bb +++ b/yocto-poky/meta/recipes-extended/grep/grep_2.21.bb @@ -23,11 +23,13 @@ do_configure_prepend () { do_install () { autotools_do_install - install -d ${D}${base_bindir} - mv ${D}${bindir}/grep ${D}${base_bindir}/grep - mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep - mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep - rmdir ${D}${bindir}/ + if [ "${base_bindir}" != "${bindir}" ]; then + install -d ${D}${base_bindir} + mv ${D}${bindir}/grep ${D}${base_bindir}/grep + mv ${D}${bindir}/egrep ${D}${base_bindir}/egrep + mv ${D}${bindir}/fgrep ${D}${base_bindir}/fgrep + rmdir ${D}${bindir}/ + fi } inherit update-alternatives diff --git a/yocto-poky/meta/recipes-extended/gzip/gzip.inc b/yocto-poky/meta/recipes-extended/gzip/gzip.inc index 94480ec53..58e5e0c53 100644 --- a/yocto-poky/meta/recipes-extended/gzip/gzip.inc +++ b/yocto-poky/meta/recipes-extended/gzip/gzip.inc @@ -10,12 +10,14 @@ inherit autotools texinfo EXTRA_OEMAKE_class-target = "GREP=${base_bindir}/grep" do_install_append () { - # Rename and move files into /bin (FHS), which is typical place for gzip - install -d ${D}${base_bindir} - mv ${D}${bindir}/gunzip ${D}${base_bindir}/gunzip - mv ${D}${bindir}/gzip ${D}${base_bindir}/gzip - mv ${D}${bindir}/zcat ${D}${base_bindir}/zcat - mv ${D}${bindir}/uncompress ${D}${base_bindir}/uncompress + if [ "${base_bindir}" != "${bindir}" ]; then + # Rename and move files into /bin (FHS), which is typical place for gzip + install -d ${D}${base_bindir} + mv ${D}${bindir}/gunzip ${D}${base_bindir}/gunzip + mv ${D}${bindir}/gzip ${D}${base_bindir}/gzip + mv ${D}${bindir}/zcat ${D}${base_bindir}/zcat + mv ${D}${bindir}/uncompress ${D}${base_bindir}/uncompress + fi } inherit update-alternatives diff --git a/yocto-poky/meta/recipes-extended/images/wic-image-minimal.bb b/yocto-poky/meta/recipes-extended/images/wic-image-minimal.bb deleted file mode 100644 index 073c569fe..000000000 --- a/yocto-poky/meta/recipes-extended/images/wic-image-minimal.bb +++ /dev/null @@ -1,14 +0,0 @@ -SUMMARY = "An example of partitioned image." - -IMAGE_INSTALL = "packagegroup-core-boot ${ROOTFS_PKGMANAGE_BOOTSTRAP}" - -IMAGE_FSTYPES = "wic.bz2" -RM_OLD_IMAGE = "1" - -# core-image-minimal is referenced in .wks, so we need its rootfs -# to be ready before our rootfs -do_rootfs[depends] += "core-image-minimal:do_rootfs" - -IMAGE_ROOTFS_EXTRA_SPACE = "2000" - -inherit image diff --git a/yocto-poky/meta/recipes-extended/images/wic-image-minimal.wks b/yocto-poky/meta/recipes-extended/images/wic-image-minimal.wks deleted file mode 100644 index 29cd8f2c8..000000000 --- a/yocto-poky/meta/recipes-extended/images/wic-image-minimal.wks +++ /dev/null @@ -1,10 +0,0 @@ -# short-description: Example of partitioned image with complex layout -# long-description: This image contains boot partition and 3 rootfs partitions -# created from core-image-minimal and wic-image-minimal image recipes. - -part /boot --source bootimg-pcbios --ondisk sda --label boot --active --align 1024 -part / --source rootfs --ondisk sda --fstype=ext2 --label platform --align 1024 -part /core --source rootfs --rootfs-dir=core-image-minimal --ondisk sda --fstype=ext2 --label core --align 1024 -part /backup --source rootfs --rootfs-dir=wic-image-minimal --ondisk sda --fstype=ext2 --label backup --align 1024 - -bootloader --timeout=0 --append="rootwait console=tty0" diff --git a/yocto-poky/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch b/yocto-poky/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch new file mode 100644 index 000000000..89ad8f666 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/iptables/iptables/0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch @@ -0,0 +1,34 @@ +Package libnetfilter-conntrack depends on package libnfnetlink. iptables +checks package libnetfilter-conntrack whatever its package config +libnfnetlink is enabled or not. When libnfnetlink is disabled but +package libnetfilter-conntrack exists, it fails randomly with: + +| In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0: +| .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory +| compilation terminated. +| GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed + +Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it. + +Upstream-Status: Pending + +Signed-off-by: Kai Kang <kai.kang@windriver.com> + +diff --git a/configure.ac b/configure.ac +index 5d7e62b..e331ee7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -88,8 +88,12 @@ if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then + blacklist_modules="$blacklist_modules ipvs"; + fi; + +-PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4], ++nfconntrack=0 ++AS_IF([test "x$enable_libnfnetlink" = "xyes"], [ ++ PKG_CHECK_MODULES([libnetfilter_conntrack], [libnetfilter_conntrack >= 1.0.4], + [nfconntrack=1], [nfconntrack=0]) ++ ]) ++ + AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1]) + + if test "$nfconntrack" -ne 1; then diff --git a/yocto-poky/meta/recipes-extended/iptables/iptables_1.4.21.bb b/yocto-poky/meta/recipes-extended/iptables/iptables_1.4.21.bb index 31c017b2c..deea5e514 100644 --- a/yocto-poky/meta/recipes-extended/iptables/iptables_1.4.21.bb +++ b/yocto-poky/meta/recipes-extended/iptables/iptables_1.4.21.bb @@ -23,6 +23,7 @@ SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \ file://types.h-add-defines-that-are-required-for-if_packet.patch \ file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \ file://0001-fix-build-with-musl.patch \ + file://0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch \ " SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0" @@ -38,7 +39,7 @@ PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d) PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," # libnfnetlink recipe is in meta-networking layer -PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink" +PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack" do_configure_prepend() { # Remove some libtool m4 files diff --git a/yocto-poky/meta/recipes-extended/libaio/libaio/system-linkage.patch b/yocto-poky/meta/recipes-extended/libaio/libaio/system-linkage.patch new file mode 100644 index 000000000..0b1f47569 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/libaio/libaio/system-linkage.patch @@ -0,0 +1,37 @@ +From 94bba6880b1f10c6b3bf33a17ac40935d65a81ae Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@intel.com> +Date: Fri, 6 Nov 2015 15:19:46 +0000 +Subject: [PATCH] Don't remove the system libraries and startup files from + libaio, as in some build configurations these are required. For example, + including conf/include/security_flags.inc on PPC results in: + +io_queue_init.os: In function `io_queue_init': +tmp/work/ppce300c3-poky-linux/libaio/0.3.110-r0/libaio-0.3.110/src/io_queue_init.c:33: +undefined reference to `__stack_chk_fail_local' + +Upstream-Status: Pending +Signed-off-by: Ross Burton <ross.burton@intel.com> +--- + src/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/Makefile b/src/Makefile +index eadb336..56ab701 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -3,10 +3,10 @@ includedir=$(prefix)/include + libdir=$(prefix)/lib + + CFLAGS ?= -g -fomit-frame-pointer -O2 +-CFLAGS += -nostdlib -nostartfiles -Wall -I. -fPIC ++CFLAGS += -Wall -I. -fPIC + SO_CFLAGS=-shared $(CFLAGS) + L_CFLAGS=$(CFLAGS) +-LINK_FLAGS= ++LINK_FLAGS=$(LDFLAGS) + LINK_FLAGS+=$(LDFLAGS) + + soname=libaio.so.1 +-- +2.1.4 + diff --git a/yocto-poky/meta/recipes-extended/libaio/libaio_0.3.110.bb b/yocto-poky/meta/recipes-extended/libaio/libaio_0.3.110.bb index cbe29ce2a..2adfa0aa4 100644 --- a/yocto-poky/meta/recipes-extended/libaio/libaio_0.3.110.bb +++ b/yocto-poky/meta/recipes-extended/libaio/libaio_0.3.110.bb @@ -11,18 +11,13 @@ SRC_URI = "${DEBIAN_MIRROR}/main/liba/libaio/libaio_${PV}.orig.tar.gz \ file://destdir.patch \ file://libaio_fix_for_x32.patch \ file://libaio_fix_for_mips_syscalls.patch \ -" + file://system-linkage.patch \ + " SRC_URI[md5sum] = "2a35602e43778383e2f4907a4ca39ab8" SRC_URI[sha256sum] = "e019028e631725729376250e32b473012f7cb68e1f7275bfc1bbcdd0f8745f7e" EXTRA_OEMAKE =+ "prefix=${prefix} includedir=${includedir} libdir=${libdir}" -# Need libc for stack-protector's __stack_chk_fail_local() bounce function -LDFLAGS_append_x86 = " -lc" - -do_configure () { - sed -i 's#LINK_FLAGS=.*#LINK_FLAGS=$(LDFLAGS)#' src/Makefile -} do_install () { oe_runmake install DESTDIR=${D} diff --git a/yocto-poky/meta/recipes-extended/libarchive/libarchive/0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch b/yocto-poky/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch index 4ca779c40..4ca779c40 100644 --- a/yocto-poky/meta/recipes-extended/libarchive/libarchive/0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch +++ b/yocto-poky/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch diff --git a/yocto-poky/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/yocto-poky/meta/recipes-extended/libarchive/libarchive_3.1.2.bb index aaa325535..716db9aff 100644 --- a/yocto-poky/meta/recipes-extended/libarchive/libarchive_3.1.2.bb +++ b/yocto-poky/meta/recipes-extended/libarchive/libarchive_3.1.2.bb @@ -32,7 +32,7 @@ PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle," SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://libarchive-CVE-2013-0211.patch \ file://pkgconfig.patch \ - file://0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch \ + file://libarchive-CVE-2015-2304.patch \ file://mkdir.patch \ " diff --git a/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/remove-des-uclibc.patch b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/remove-des-uclibc.patch index d003348af..553b1ffb8 100644 --- a/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/remove-des-uclibc.patch +++ b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/remove-des-uclibc.patch @@ -3,11 +3,11 @@ uclibc does not provide des functionality unlike eglibc so lets disable ssl supp Upstream-Status: Inappropriate [uclibc specific] Signed-off-by: Khem Raj <raj.khem@gmail.com> -Index: libtirpc-0.2.3/src/rpc_soc.c +Index: libtirpc-0.2.5/src/rpc_soc.c =================================================================== ---- libtirpc-0.2.3.orig/src/rpc_soc.c 2013-03-10 16:00:51.355282153 -0700 -+++ libtirpc-0.2.3/src/rpc_soc.c 2013-03-10 16:00:51.703282148 -0700 -@@ -520,6 +520,7 @@ +--- libtirpc-0.2.5.orig/src/rpc_soc.c ++++ libtirpc-0.2.5/src/rpc_soc.c +@@ -520,6 +520,7 @@ clnt_broadcast(prog, vers, proc, xargs, (resultproc_t) rpc_wrap_bcast, "udp"); } @@ -15,7 +15,7 @@ Index: libtirpc-0.2.3/src/rpc_soc.c /* * Create the client des authentication object. Obsoleted by * authdes_seccreate(). -@@ -551,6 +552,7 @@ +@@ -551,6 +552,7 @@ fallback: dummy = authdes_seccreate(servername, window, NULL, ckey); return (dummy); } @@ -23,16 +23,16 @@ Index: libtirpc-0.2.3/src/rpc_soc.c /* * Create a client handle for a unix connection. Obsoleted by clnt_vc_create() -Index: libtirpc-0.2.3/src/Makefile.am +Index: libtirpc-0.2.5/src/Makefile.am =================================================================== ---- libtirpc-0.2.3.orig/src/Makefile.am 2013-03-10 16:00:51.355282153 -0700 -+++ libtirpc-0.2.3/src/Makefile.am 2013-03-10 16:00:51.703282148 -0700 -@@ -50,7 +50,7 @@ +--- libtirpc-0.2.5.orig/src/Makefile.am ++++ libtirpc-0.2.5/src/Makefile.am +@@ -51,7 +51,7 @@ libtirpc_la_SOURCES = auth_none.c auth_u rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \ rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \ svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \ -- auth_time.c auth_des.c authdes_prot.c -+ auth_time.c +- auth_time.c auth_des.c authdes_prot.c debug.c ++ auth_time.c debug.c ## XDR libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c diff --git a/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/va_list.patch b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/va_list.patch new file mode 100644 index 000000000..855d15b58 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc/va_list.patch @@ -0,0 +1,18 @@ +This patch is fixing build with uclibc where compiler ( gcc5 ) says it cant find va_list +the patch is right for upstreaming as well + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Upstream-Status: Pending + +Index: libtirpc-0.2.5/src/debug.h +=================================================================== +--- libtirpc-0.2.5.orig/src/debug.h ++++ libtirpc-0.2.5/src/debug.h +@@ -22,6 +22,7 @@ + #ifndef _DEBUG_H + #define _DEBUG_H + #include <syslog.h> ++#include <stdarg.h> + + extern int libtirpc_debug_level; + extern int log_stderr; diff --git a/yocto-poky/meta/recipes-extended/libtirpc/libtirpc_0.2.5.bb b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc_0.2.5.bb index 3edf00249..330b82991 100644 --- a/yocto-poky/meta/recipes-extended/libtirpc/libtirpc_0.2.5.bb +++ b/yocto-poky/meta/recipes-extended/libtirpc/libtirpc_0.2.5.bb @@ -15,7 +15,9 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \ file://libtirpc-0.2.1-fortify.patch \ " -SRC_URI_append_libc-uclibc = " file://remove-des-uclibc.patch" +SRC_URI_append_libc-uclibc = " file://remove-des-uclibc.patch \ + file://va_list.patch \ + " SRC_URI[libtirpc.md5sum] = "8cd41a5ef5a9b50d0fb6abb98af15368" SRC_URI[libtirpc.sha256sum] = "62f9de7c2c8686c568757730e1fef66502a0e00d6cacf33546d0267984e002db" diff --git a/yocto-poky/meta/recipes-extended/logrotate/logrotate_3.9.1.bb b/yocto-poky/meta/recipes-extended/logrotate/logrotate_3.9.1.bb index 7d0a15961..5f1a601ae 100644 --- a/yocto-poky/meta/recipes-extended/logrotate/logrotate_3.9.1.bb +++ b/yocto-poky/meta/recipes-extended/logrotate/logrotate_3.9.1.bb @@ -53,7 +53,7 @@ do_compile_prepend() { } do_install(){ - oe_runmake install DESTDIR=${D} PREFIX=${D} MANDIR=${mandir} BINDIR=${bindir} + oe_runmake install DESTDIR=${D} PREFIX=${D} MANDIR=${mandir} mkdir -p ${D}${sysconfdir}/logrotate.d mkdir -p ${D}${sysconfdir}/cron.daily mkdir -p ${D}${localstatedir}/lib diff --git a/yocto-poky/meta/recipes-extended/lsb/lsb_4.1.bb b/yocto-poky/meta/recipes-extended/lsb/lsb_4.1.bb index 6215b62d8..c9f6a8bd9 100644 --- a/yocto-poky/meta/recipes-extended/lsb/lsb_4.1.bb +++ b/yocto-poky/meta/recipes-extended/lsb/lsb_4.1.bb @@ -9,8 +9,8 @@ LSB_CORE_x86 = "lsb-core-ia32" LSB_CORE_x86-64 = "lsb-core-amd64" RPROVIDES_${PN} += "${LSB_CORE}" -# lsb_release needs getopt -RDEPENDS_${PN} += "${VIRTUAL-RUNTIME_getopt}" +# lsb_release needs getopt, lsbinitscripts +RDEPENDS_${PN} += "${VIRTUAL-RUNTIME_getopt} lsbinitscripts" LIC_FILES_CHKSUM = "file://README;md5=12da544b1a3a5a1795a21160b49471cf" diff --git a/yocto-poky/meta/recipes-extended/lsb/lsbinitscripts_9.64.bb b/yocto-poky/meta/recipes-extended/lsb/lsbinitscripts_9.64.bb index 6db667c13..150f6f230 100644 --- a/yocto-poky/meta/recipes-extended/lsb/lsbinitscripts_9.64.bb +++ b/yocto-poky/meta/recipes-extended/lsb/lsbinitscripts_9.64.bb @@ -3,6 +3,8 @@ SECTION = "base" LICENSE = "GPLv2" DEPENDS = "popt glib-2.0" +RDEPENDS_${PN} += "util-linux" + LIC_FILES_CHKSUM = "file://COPYING;md5=ebf4e8b49780ab187d51bd26aaa022c6" S="${WORKDIR}/initscripts-${PV}" diff --git a/yocto-poky/meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch b/yocto-poky/meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch new file mode 100644 index 000000000..0b594dc55 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch @@ -0,0 +1,69 @@ +Upstream-Status: Backport [From https://github.com/linux-test-project/ltp/commit/40a2457cb8ec42a05a2f96b0810057efdb2a55f5] + +gcc 5.x defaults to -std=gnu11 instead of -std=gnu89 which causes +semantics for inline functions changes. + +The standalone 'inline' causes error with gcc 5 such as: + +git/testcases/kernel/syscalls/kill/kill10.c:355: undefined reference to `k_sigaction' + +Replace inline with static inline to be compatible with both gcc 4 and 5. + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + testcases/kernel/controllers/libcontrollers/libcontrollers.c | 2 +- + testcases/kernel/controllers/libcontrollers/libcontrollers.h | 2 +- + testcases/kernel/syscalls/kill/kill10.c | 4 ++-- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/testcases/kernel/controllers/libcontrollers/libcontrollers.c b/testcases/kernel/controllers/libcontrollers/libcontrollers.c +index b01e1b8..8857bc9 100644 +--- a/testcases/kernel/controllers/libcontrollers/libcontrollers.c ++++ b/testcases/kernel/controllers/libcontrollers/libcontrollers.c +@@ -146,7 +146,7 @@ int read_file(char *filepath, int action, unsigned int *value) + * Prints error message and returns -1 + */ + +-inline int error_function(char *msg1, char *msg2) ++static inline int error_function(char *msg1, char *msg2) + { + fprintf(stdout, "ERROR: %s ", msg1); + fprintf(stdout, "%s\n", msg2); +diff --git a/testcases/kernel/controllers/libcontrollers/libcontrollers.h b/testcases/kernel/controllers/libcontrollers/libcontrollers.h +index 4001555..a1a0dfa 100644 +--- a/testcases/kernel/controllers/libcontrollers/libcontrollers.h ++++ b/testcases/kernel/controllers/libcontrollers/libcontrollers.h +@@ -70,7 +70,7 @@ enum{ + GET_TASKS + }; + +-inline int error_function(char *msg1, char *msg2); ++static inline int error_function(char *msg1, char *msg2); + + unsigned int read_shares_file (char *filepath); + +diff --git a/testcases/kernel/syscalls/kill/kill10.c b/testcases/kernel/syscalls/kill/kill10.c +index 982d9da..33dbcd3 100644 +--- a/testcases/kernel/syscalls/kill/kill10.c ++++ b/testcases/kernel/syscalls/kill/kill10.c +@@ -185,7 +185,7 @@ int child_checklist_total = 0; + int checklist_cmp(const void *a, const void *b); + void checklist_reset(int bit); + +-inline int k_sigaction(int sig, struct sigaction *sa, struct sigaction *osa); ++static inline int k_sigaction(int sig, struct sigaction *sa, struct sigaction *osa); + + char *TCID = "kill10"; + int TST_TOTAL = 1; +@@ -756,7 +756,7 @@ void checklist_reset(int bit) + + } + +-inline int k_sigaction(int sig, struct sigaction *sa, struct sigaction *osa) ++static inline int k_sigaction(int sig, struct sigaction *sa, struct sigaction *osa) + { + int ret; + if ((ret = sigaction(sig, sa, osa)) == -1) { +--- +-1.9.1 +- diff --git a/yocto-poky/meta/recipes-extended/ltp/ltp_20150420.bb b/yocto-poky/meta/recipes-extended/ltp/ltp_20150420.bb index 108ebf1e6..ed46b5e09 100644 --- a/yocto-poky/meta/recipes-extended/ltp/ltp_20150420.bb +++ b/yocto-poky/meta/recipes-extended/ltp/ltp_20150420.bb @@ -29,6 +29,7 @@ SRC_URI = "git://github.com/linux-test-project/ltp.git \ file://add-knob-for-numa.patch \ file://add-knob-for-tirpc.patch \ file://0001-ltp-vma03-fix-the-alginment-of-page-size.patch \ + file://0001-replace-inline-with-static-inline-for-gcc-5.x.patch \ " S = "${WORKDIR}/git" diff --git a/yocto-poky/meta/recipes-extended/mailx/mailx_12.5-5.bb b/yocto-poky/meta/recipes-extended/mailx/mailx_12.5-5.bb index ffa90498b..c87c58258 100644 --- a/yocto-poky/meta/recipes-extended/mailx/mailx_12.5-5.bb +++ b/yocto-poky/meta/recipes-extended/mailx/mailx_12.5-5.bb @@ -41,3 +41,8 @@ EXTRA_OEMAKE = "SENDMAIL=${sbindir}/sendmail IPv6=-DHAVE_IPv6_FUNCS PREFIX=/usr # fio.c:56:17: fatal error: ssl.h: No such file or directory # #include <ssl.h> PARALLEL_MAKE = "" + +# Causes gcc to get stuck and eat all available memory in qemuarm builds +# http://errors.yoctoproject.org/Errors/Details/20488/ +ARM_INSTRUCTION_SET_armv4 = "arm" +ARM_INSTRUCTION_SET_armv5 = "arm" diff --git a/yocto-poky/meta/recipes-extended/pam/libpam/use-utmpx.patch b/yocto-poky/meta/recipes-extended/pam/libpam/use-utmpx.patch new file mode 100644 index 000000000..dd04bbb84 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/pam/libpam/use-utmpx.patch @@ -0,0 +1,233 @@ +utmp() may not be configured in and use posix compliant utmpx always +UTMP is SVID legacy, UTMPX is mandated by POSIX + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +Index: Linux-PAM-1.2.1/libpam/pam_modutil_getlogin.c +=================================================================== +--- Linux-PAM-1.2.1.orig/libpam/pam_modutil_getlogin.c ++++ Linux-PAM-1.2.1/libpam/pam_modutil_getlogin.c +@@ -10,8 +10,7 @@ + + #include <stdlib.h> + #include <unistd.h> +-#include <utmp.h> +- ++#include <utmpx.h> + #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" + + const char * +@@ -22,7 +21,7 @@ pam_modutil_getlogin(pam_handle_t *pamh) + const void *void_curr_tty; + const char *curr_tty; + char *curr_user; +- struct utmp *ut, line; ++ struct utmpx *ut, line; + + status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname); + if (status == PAM_SUCCESS) { +@@ -48,10 +47,10 @@ pam_modutil_getlogin(pam_handle_t *pamh) + } + logname = NULL; + +- setutent(); ++ setutxent(); + strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); + +- if ((ut = getutline(&line)) == NULL) { ++ if ((ut = getutxline(&line)) == NULL) { + goto clean_up_and_go_home; + } + +@@ -74,7 +73,7 @@ pam_modutil_getlogin(pam_handle_t *pamh) + + clean_up_and_go_home: + +- endutent(); ++ endutxent(); + + return logname; + } +Index: Linux-PAM-1.2.1/modules/pam_issue/pam_issue.c +=================================================================== +--- Linux-PAM-1.2.1.orig/modules/pam_issue/pam_issue.c ++++ Linux-PAM-1.2.1/modules/pam_issue/pam_issue.c +@@ -25,7 +25,7 @@ + #include <string.h> + #include <unistd.h> + #include <sys/utsname.h> +-#include <utmp.h> ++#include <utmpx.h> + #include <time.h> + #include <syslog.h> + +@@ -246,13 +246,13 @@ read_issue_quoted(pam_handle_t *pamh, FI + case 'U': + { + unsigned int users = 0; +- struct utmp *ut; +- setutent(); +- while ((ut = getutent())) { ++ struct utmpx *ut; ++ setutxent(); ++ while ((ut = getutxent())) { + if (ut->ut_type == USER_PROCESS) + ++users; + } +- endutent(); ++ endutxent(); + if (c == 'U') + snprintf (buf, sizeof buf, "%u %s", users, + (users == 1) ? "user" : "users"); +Index: Linux-PAM-1.2.1/modules/pam_lastlog/pam_lastlog.c +=================================================================== +--- Linux-PAM-1.2.1.orig/modules/pam_lastlog/pam_lastlog.c ++++ Linux-PAM-1.2.1/modules/pam_lastlog/pam_lastlog.c +@@ -15,8 +15,9 @@ + #include <errno.h> + #ifdef HAVE_UTMP_H + # include <utmp.h> +-#else +-# include <lastlog.h> ++#endif ++#ifdef HAVE_UTMPX_H ++# include <utmpx.h> + #endif + #include <pwd.h> + #include <stdlib.h> +@@ -27,6 +28,12 @@ + #include <syslog.h> + #include <unistd.h> + ++#ifndef HAVE_UTMP_H ++#define UT_LINESIZE 32 ++#define UT_HOSTSIZE 32 ++#define UT_NAMESIZE 256 ++#endif ++ + #if defined(hpux) || defined(sunos) || defined(solaris) + # ifndef _PATH_LASTLOG + # define _PATH_LASTLOG "/usr/adm/lastlog" +@@ -38,7 +45,7 @@ + # define UT_LINESIZE 12 + # endif /* UT_LINESIZE */ + #endif +-#if defined(hpux) ++#if defined(hpux) || !defined HAVE_UTMP_H + struct lastlog { + time_t ll_time; + char ll_line[UT_LINESIZE]; +@@ -447,8 +454,8 @@ last_login_failed(pam_handle_t *pamh, in + { + int retval; + int fd; +- struct utmp ut; +- struct utmp utuser; ++ struct utmpx ut; ++ struct utmpx utuser; + int failed = 0; + char the_time[256]; + char *date = NULL; +Index: Linux-PAM-1.2.1/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM-1.2.1.orig/modules/pam_limits/pam_limits.c ++++ Linux-PAM-1.2.1/modules/pam_limits/pam_limits.c +@@ -33,7 +33,7 @@ + #include <sys/resource.h> + #include <limits.h> + #include <glob.h> +-#include <utmp.h> ++#include <utmpx.h> + #ifndef UT_USER /* some systems have ut_name instead of ut_user */ + #define UT_USER ut_user + #endif +@@ -227,7 +227,7 @@ static int + check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + struct pam_limit_s *pl) + { +- struct utmp *ut; ++ struct utmpx *ut; + int count; + + if (ctrl & PAM_DEBUG_ARG) { +@@ -242,7 +242,7 @@ check_logins (pam_handle_t *pamh, const + return LOGIN_ERR; + } + +- setutent(); ++ setutxent(); + + /* Because there is no definition about when an application + actually adds a utmp entry, some applications bizarrely do the +@@ -260,7 +260,7 @@ check_logins (pam_handle_t *pamh, const + count = 1; + } + +- while((ut = getutent())) { ++ while((ut = getutxent())) { + #ifdef USER_PROCESS + if (ut->ut_type != USER_PROCESS) { + continue; +@@ -296,7 +296,7 @@ check_logins (pam_handle_t *pamh, const + break; + } + } +- endutent(); ++ endutxent(); + if (count > limit) { + if (name) { + pam_syslog(pamh, LOG_WARNING, +Index: Linux-PAM-1.2.1/modules/pam_timestamp/pam_timestamp.c +=================================================================== +--- Linux-PAM-1.2.1.orig/modules/pam_timestamp/pam_timestamp.c ++++ Linux-PAM-1.2.1/modules/pam_timestamp/pam_timestamp.c +@@ -56,7 +56,7 @@ + #include <time.h> + #include <sys/time.h> + #include <unistd.h> +-#include <utmp.h> ++#include <utmpx.h> + #include <syslog.h> + #include <paths.h> + #include "hmacsha1.h" +@@ -197,15 +197,15 @@ timestamp_good(time_t then, time_t now, + static int + check_login_time(const char *ruser, time_t timestamp) + { +- struct utmp utbuf, *ut; ++ struct utmpx utbuf, *ut; + time_t oldest_login = 0; + +- setutent(); ++ setutxent(); + while( + #ifdef HAVE_GETUTENT_R +- !getutent_r(&utbuf, &ut) ++ !getutxent_r(&utbuf, &ut) + #else +- (ut = getutent()) != NULL ++ (ut = getutxent()) != NULL + #endif + ) { + if (ut->ut_type != USER_PROCESS) { +@@ -218,7 +218,7 @@ check_login_time(const char *ruser, time + oldest_login = ut->ut_tv.tv_sec; + } + } +- endutent(); ++ endutxent(); + if(oldest_login == 0 || timestamp < oldest_login) { + return PAM_AUTH_ERR; + } +Index: Linux-PAM-1.2.1/modules/pam_unix/support.c +=================================================================== +--- Linux-PAM-1.2.1.orig/modules/pam_unix/support.c ++++ Linux-PAM-1.2.1/modules/pam_unix/support.c +@@ -13,7 +13,6 @@ + #include <pwd.h> + #include <shadow.h> + #include <limits.h> +-#include <utmp.h> + #include <errno.h> + #include <signal.h> + #include <ctype.h> diff --git a/yocto-poky/meta/recipes-extended/pam/libpam_1.2.1.bb b/yocto-poky/meta/recipes-extended/pam/libpam_1.2.1.bb index ac3097ef7..035335656 100644 --- a/yocto-poky/meta/recipes-extended/pam/libpam_1.2.1.bb +++ b/yocto-poky/meta/recipes-extended/pam/libpam_1.2.1.bb @@ -28,7 +28,9 @@ SRC_URI = "http://linux-pam.org/library/Linux-PAM-${PV}.tar.bz2 \ SRC_URI[md5sum] = "9dc53067556d2dd567808fd509519dd6" SRC_URI[sha256sum] = "342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9" -SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch" +SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch \ + file://use-utmpx.patch" + SRC_URI_append_libc-musl = " file://pam-no-innetgr.patch" DEPENDS = "bison flex flex-native cracklib" diff --git a/yocto-poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch b/yocto-poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch index 5442d9854..06ff13cb9 100644 --- a/yocto-poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch +++ b/yocto-poky/meta/recipes-extended/quota/quota/remove_non_posix_types.patch @@ -183,3 +183,16 @@ Index: quota-tools/quot.h } du_t; #define NDU 60000 +Index: quota-tools/rquota_server.c +=================================================================== +--- quota-tools.orig/rquota_server.c ++++ quota-tools/rquota_server.c +@@ -60,7 +60,7 @@ extern char nfs_pseudoroot[PATH_MAX]; + */ + extern struct authunix_parms *unix_cred; + +-int in_group(gid_t * gids, u_int len, gid_t gid) ++int in_group(gid_t * gids, uint32_t len, gid_t gid) + { + gid_t *gidsp = gids + len; + diff --git a/yocto-poky/meta/recipes-extended/quota/quota_4.02.bb b/yocto-poky/meta/recipes-extended/quota/quota_4.02.bb index 124b0a369..673d58428 100644 --- a/yocto-poky/meta/recipes-extended/quota/quota_4.02.bb +++ b/yocto-poky/meta/recipes-extended/quota/quota_4.02.bb @@ -23,7 +23,7 @@ DEPENDS = "gettext-native e2fsprogs" inherit autotools-brokensep gettext pkgconfig -CFLAGS += "-I=${includedir}/tirpc" +CFLAGS += "-I${STAGING_INCDIR}/tirpc" LDFLAGS += "-ltirpc" ASNEEDED = "" EXTRA_OEMAKE += 'STRIP=""' diff --git a/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/0001-uclibc-nss.patch b/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/0001-uclibc-nss.patch deleted file mode 100644 index afa55f3b7..000000000 --- a/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/0001-uclibc-nss.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Pending - -From b8f0d7b7318ba344c25785d6f5cf3f8de98012d4 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 2 Feb 2010 09:36:03 +0000 -Subject: [PATCH 1/2] uclibc-nss - ---- - src/rpcbind.c | 4 ++++ - 1 files changed, 4 insertions(+), 0 deletions(-) - -diff --git a/src/rpcbind.c b/src/rpcbind.c -index 525ffba..1fe1a60 100644 ---- a/src/rpcbind.c -+++ b/src/rpcbind.c -@@ -67,7 +67,11 @@ - #include <pwd.h> - #include <string.h> - #include <errno.h> -+#if defined(__UCLIBC__) -+#define __nss_configure_lookup(x,y) -+#else - #include <nss.h> -+#endif - #include "config.h" - #include "rpcbind.h" - --- -1.6.6.1 - diff --git a/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch new file mode 100644 index 000000000..f156290bf --- /dev/null +++ b/yocto-poky/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch @@ -0,0 +1,83 @@ +commit 06f7ebb1dade2f0dbf872ea2bedf17cff4734bdd +Author: Olaf Kirch <okir@...e.de> +Date: Thu Aug 6 16:27:20 2015 +0200 + + Fix memory corruption in PMAP_CALLIT code + + - A PMAP_CALLIT call comes in on IPv4 UDP + - rpcbind duplicates the caller's address to a netbuf and stores it in + FINFO[0].caller_addr. caller_addr->buf now points to a memory region A + with a size of 16 bytes + - rpcbind forwards the call to the local service, receives a reply + - when processing the reply, it does this in xprt_set_caller: + xprt->xp_rtaddr = *FINFO[0].caller_addr + It sends out the reply, and then frees the netbuf caller_addr and + caller_addr.buf. + However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers + to memory region A, which is free. + - When the next call comes in on the UDP/IPv4 socket, svc_dg_recv will + be called, which will set xp_rtaddr to the client's address. + It will reuse the buffer inside xp_rtaddr, ie it will write a + sockaddr_in to region A + + Some time down the road, an incoming TCP connection is accepted, + allocating a fresh SVCXPRT. The memory region A is inside the + new SVCXPRT + + - While processing the TCP call, another UDP call comes in, again + overwriting region A with the client's address + - TCP client closes connection. In svc_destroy, we now trip over + the garbage left in region A + + We ran into the case where a commercial scanner was triggering + occasional rpcbind segfaults. The core file that was captured showed + a corrupted xprt->xp_netid pointer that was really a sockaddr_in. + + Signed-off-by: Olaf Kirch <okir@...e.de> + + Upstream-Status: Backport + + Signed-off-by: Li Zhou <li.zhou@windriver.com> +--- + src/rpcb_svc_com.c | 23 ++++++++++++++++++++++- + 1 file changed, 22 insertions(+), 1 deletion(-) + +Index: rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +=================================================================== +--- rpcbind-0.1.6+git20080930.orig/src/rpcb_svc_com.c ++++ rpcbind-0.1.6+git20080930/src/rpcb_svc_com.c +@@ -1298,12 +1298,33 @@ check_rmtcalls(struct pollfd *pfds, int + return (ncallbacks_found); + } + ++/* ++ * This is really a helper function defined in libtirpc, but unfortunately, it hasn't ++ * been exported yet. ++ */ ++static struct netbuf * ++__rpc_set_netbuf(struct netbuf *nb, const void *ptr, size_t len) ++{ ++ if (nb->len != len) { ++ if (nb->len) ++ mem_free(nb->buf, nb->len); ++ nb->buf = mem_alloc(len); ++ if (nb->buf == NULL) ++ return NULL; ++ ++ nb->maxlen = nb->len = len; ++ } ++ memcpy(nb->buf, ptr, len); ++ return nb; ++} ++ + static void + xprt_set_caller(SVCXPRT *xprt, struct finfo *fi) + { ++ const struct netbuf *caller = fi->caller_addr; + u_int32_t *xidp; + +- *(svc_getrpccaller(xprt)) = *(fi->caller_addr); ++ __rpc_set_netbuf(svc_getrpccaller(xprt), caller->buf, caller->len); + xidp = __rpcb_get_dg_xidp(xprt); + *xidp = fi->caller_xid; + } diff --git a/yocto-poky/meta/recipes-extended/rpcbind/rpcbind_0.2.3.bb b/yocto-poky/meta/recipes-extended/rpcbind/rpcbind_0.2.3.bb index 333602185..ecd3ba8a5 100644 --- a/yocto-poky/meta/recipes-extended/rpcbind/rpcbind_0.2.3.bb +++ b/yocto-poky/meta/recipes-extended/rpcbind/rpcbind_0.2.3.bb @@ -19,11 +19,10 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/rpcbind/rpcbind-${PV}.tar.bz2 \ file://rpcbind.conf \ file://rpcbind.socket \ file://rpcbind.service \ + file://cve-2015-7236.patch \ " MUSLPATCHES_libc-musl = "file://musl-sunrpc.patch" -UCLIBCPATCHES_libc-uclibc = "file://0001-uclibc-nss.patch \ - " UCLIBCPATCHES ?= "" MUSLPATCHES ?= "" diff --git a/yocto-poky/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/yocto-poky/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch new file mode 100644 index 000000000..2bc9a59be --- /dev/null +++ b/yocto-poky/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch @@ -0,0 +1,57 @@ +Bug: 45713 + +How to reproduce: +Run this command inside screen +$ printf '\x1b[10000000T' + +screen will recursively call MScrollV to depth n/256. +This is time consuming and will overflow stack if n is huge. + +Fixes CVE-2015-6806 + +Upstream-Status: Backport + +Signed-off-by: Kuang-che Wu <kcwu@csie.org> +Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> +Signed-off-by: Maxin B. John <maxin.john@intel.com> +--- +diff -Naur screen-4.3.1-orig/ansi.c screen-4.3.1/ansi.c +--- screen-4.3.1-orig/ansi.c 2015-06-29 00:22:55.000000000 +0300 ++++ screen-4.3.1/ansi.c 2015-10-06 13:13:58.297648039 +0300 +@@ -2502,13 +2502,13 @@ + return; + if (n > 0) + { ++ if (ye - ys + 1 < n) ++ n = ye - ys + 1; + if (n > 256) + { + MScrollV(p, n - 256, ys, ye, bce); + n = 256; + } +- if (ye - ys + 1 < n) +- n = ye - ys + 1; + #ifdef COPY_PASTE + if (compacthist) + { +@@ -2562,15 +2562,15 @@ + } + else + { +- if (n < -256) +- { +- MScrollV(p, n + 256, ys, ye, bce); +- n = -256; +- } + n = -n; + if (ye - ys + 1 < n) + n = ye - ys + 1; + ++ if (n > 256) ++ { ++ MScrollV(p, - (n - 256), ys, ye, bce); ++ n = 256; ++ } + ml = p->w_mlines + ye; + /* Clear lines */ + for (i = ye; i > ye - n; i--, ml--) diff --git a/yocto-poky/meta/recipes-extended/screen/screen_4.3.1.bb b/yocto-poky/meta/recipes-extended/screen/screen_4.3.1.bb index 92457af17..00d878b2c 100644 --- a/yocto-poky/meta/recipes-extended/screen/screen_4.3.1.bb +++ b/yocto-poky/meta/recipes-extended/screen/screen_4.3.1.bb @@ -24,6 +24,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://Avoid-mis-identifying-systems-as-SVR4.patch \ file://0001-fix-for-multijob-build.patch \ file://0002-comm.h-now-depends-on-term.h.patch \ + file://0001-Fix-stack-overflow-due-to-too-deep-recursion.patch \ " SRC_URI[md5sum] = "5bb3b0ff2674e29378c31ad3411170ad" diff --git a/yocto-poky/meta/recipes-extended/sudo/sudo_1.8.14p3.bb b/yocto-poky/meta/recipes-extended/sudo/sudo_1.8.14p3.bb index 6b3cd6dbf..b93112fa3 100644 --- a/yocto-poky/meta/recipes-extended/sudo/sudo_1.8.14p3.bb +++ b/yocto-poky/meta/recipes-extended/sudo/sudo_1.8.14p3.bb @@ -22,7 +22,7 @@ EXTRA_OECONF += " \ do_install_append () { if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then - install -D -m 664 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo + install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo fi chmod 4111 ${D}${bindir}/sudo diff --git a/yocto-poky/meta/recipes-extended/sysstat/sysstat/0001-Include-needed-headers-explicitly.patch b/yocto-poky/meta/recipes-extended/sysstat/sysstat/0001-Include-needed-headers-explicitly.patch new file mode 100644 index 000000000..c12652307 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/sysstat/sysstat/0001-Include-needed-headers-explicitly.patch @@ -0,0 +1,62 @@ +From 42325faa88d64cce799977d611b2792beb154643 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 14 Sep 2015 08:36:59 +0000 +Subject: [PATCH] Include needed headers explicitly + +on glibc these headers get pulled in indirectly via other .h files +but right fix is to include them directly when used + +fixes + +error: use of undeclared identifier 'PATH_MAX' +error: called object type 'unsigned int' is not a function or function pointer +dm_major = major(aux.st_rdev); + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- +Upstream-Status: Pending + + common.c | 1 + + ioconf.c | 1 + + sa_common.c | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/common.c b/common.c +index a23155b..ad86446 100644 +--- a/common.c ++++ b/common.c +@@ -20,6 +20,7 @@ + */ + + #include <stdio.h> ++#include <limits.h> + #include <string.h> + #include <stdlib.h> + #include <time.h> +diff --git a/ioconf.c b/ioconf.c +index 7d88c5d..6d67691 100644 +--- a/ioconf.c ++++ b/ioconf.c +@@ -27,6 +27,7 @@ + #include <errno.h> + #include <dirent.h> + #include <sys/stat.h> ++#include <sys/types.h> + + #include "ioconf.h" + #include "common.h" +diff --git a/sa_common.c b/sa_common.c +index b7351d9..c9e3299 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -20,6 +20,7 @@ + */ + + #include <stdio.h> ++#include <limits.h> + #include <string.h> + #include <stdlib.h> + #include <time.h> +-- +2.5.2 + diff --git a/yocto-poky/meta/recipes-extended/sysstat/sysstat_11.1.5.bb b/yocto-poky/meta/recipes-extended/sysstat/sysstat_11.1.5.bb index 69d2ec26b..bff861617 100644 --- a/yocto-poky/meta/recipes-extended/sysstat/sysstat_11.1.5.bb +++ b/yocto-poky/meta/recipes-extended/sysstat/sysstat_11.1.5.bb @@ -2,6 +2,8 @@ require sysstat.inc LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" +SRC_URI += "file://0001-Include-needed-headers-explicitly.patch" + SRC_URI[md5sum] = "4d8e6e72d057189a1660462a678d9ada" SRC_URI[sha256sum] = "feb3a90d86ffd69cf5b88144a8876ae05bd42384f559676f08100671589fa2bb" diff --git a/yocto-poky/meta/recipes-extended/tar/tar.inc b/yocto-poky/meta/recipes-extended/tar/tar.inc index b339c4338..93e4da114 100644 --- a/yocto-poky/meta/recipes-extended/tar/tar.inc +++ b/yocto-poky/meta/recipes-extended/tar/tar.inc @@ -22,10 +22,12 @@ do_install () { } do_install_append_class-target() { - install -d ${D}${base_bindir} - mv ${D}${bindir}/tar ${D}${base_bindir}/tar - mv ${D}${bindir}/gtar ${D}${base_bindir}/gtar - rmdir ${D}${bindir}/ + if [ "${base_bindir}" != "${bindir}" ]; then + install -d ${D}${base_bindir} + mv ${D}${bindir}/tar ${D}${base_bindir}/tar + mv ${D}${bindir}/gtar ${D}${base_bindir}/gtar + rmdir ${D}${bindir}/ + fi } PACKAGES =+ "${PN}-rmt" diff --git a/yocto-poky/meta/recipes-extended/texinfo/texinfo_6.0.bb b/yocto-poky/meta/recipes-extended/texinfo/texinfo_6.0.bb index 8fb715a11..a8702cfca 100644 --- a/yocto-poky/meta/recipes-extended/texinfo/texinfo_6.0.bb +++ b/yocto-poky/meta/recipes-extended/texinfo/texinfo_6.0.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" PROVIDES_append_class-native = " texinfo-replacement-native" def compress_pkg(d): - if "compress_doc" in (d.getVar("INHERIT", True) or "").split(): + if bb.data.inherits_class('compress_doc', d): compress = d.getVar("DOC_COMPRESS", True) if compress == "gz": return "gzip" diff --git a/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2015f.bb b/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2015f.bb deleted file mode 100644 index a8865a316..000000000 --- a/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2015f.bb +++ /dev/null @@ -1,25 +0,0 @@ -# note that we allow for us to use data later than our code version -# -DESCRIPTION = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" -LICENSE = "PD & BSD" - -LIC_FILES_CHKSUM = "file://${WORKDIR}/README;md5=d0ff93a73dd5bc3c6e724bb4343760f6" - -SRC_URI =" ftp://ftp.iana.org/tz/releases/tzcode${PV}.tar.gz;name=tzcode \ - ftp://ftp.iana.org/tz/releases/tzdata2015f.tar.gz;name=tzdata" - -SRC_URI[tzcode.md5sum] = "19578d432ba8b92f73406a17a9bc268d" -SRC_URI[tzcode.sha256sum] = "0c95e0a42bb61141f790f4f5f204b954d7654c894aa54a594a215d6f38de84ae" -SRC_URI[tzdata.md5sum] = "e3b82732d20e973e48af1c6f13df9a1d" -SRC_URI[tzdata.sha256sum] = "959f81b541e042ecb13c50097d264ae92ff03a57979c478dbcf24d5da242531d" - -S = "${WORKDIR}" - -inherit native - -do_install () { - install -d ${D}${bindir}/ - install -m 755 zic ${D}${bindir}/ - install -m 755 zdump ${D}${bindir}/ - install -m 755 tzselect ${D}${bindir}/ -} diff --git a/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2016a.bb b/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2016a.bb new file mode 100644 index 000000000..76f97f0b5 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/tzcode/tzcode-native_2016a.bb @@ -0,0 +1,25 @@ +# note that we allow for us to use data later than our code version +# +SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect" +LICENSE = "PD & BSD & BSD-3-Clause" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=76ae2becfcb9a685041c6f166b44c2c2" + +SRC_URI =" ftp://ftp.iana.org/tz/releases/tzcode${PV}.tar.gz;name=tzcode \ + ftp://ftp.iana.org/tz/releases/tzdata${PV}.tar.gz;name=tzdata" + +SRC_URI[tzcode.md5sum] = "f5e0299925631da7cf82d8ce1205111d" +SRC_URI[tzcode.sha256sum] = "11ae66d59b844e8c6c81914c9dd73b666627bd7792855ba9de195eee4520c28d" +SRC_URI[tzdata.md5sum] = "0d3123eb1b453ec0620822bd65be4c42" +SRC_URI[tzdata.sha256sum] = "5efa6b324e64ef921ef700ac3273a51895f672684a30e342f68e47871c6a8cd1" + +S = "${WORKDIR}" + +inherit native + +do_install () { + install -d ${D}${bindir}/ + install -m 755 zic ${D}${bindir}/ + install -m 755 zdump ${D}${bindir}/ + install -m 755 tzselect ${D}${bindir}/ +} diff --git a/yocto-poky/meta/recipes-extended/tzdata/tzdata_2015f.bb b/yocto-poky/meta/recipes-extended/tzdata/tzdata_2016a.bb index 7cda40daf..6ba5f81b1 100644 --- a/yocto-poky/meta/recipes-extended/tzdata/tzdata_2015f.bb +++ b/yocto-poky/meta/recipes-extended/tzdata/tzdata_2016a.bb @@ -1,14 +1,15 @@ -DESCRIPTION = "Timezone data" +SUMMARY = "Timezone data" HOMEPAGE = "http://www.iana.org/time-zones" SECTION = "base" -LICENSE = "PD & BSD" -LIC_FILES_CHKSUM = "file://asia;beginline=2;endline=3;md5=996a9811747aa48db91ed239e5b355a1" +LICENSE = "PD & BSD & BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=76ae2becfcb9a685041c6f166b44c2c2" + DEPENDS = "tzcode-native" SRC_URI = "ftp://ftp.iana.org/tz/releases/tzdata${PV}.tar.gz;name=tzdata" -SRC_URI[tzdata.md5sum] = "e3b82732d20e973e48af1c6f13df9a1d" -SRC_URI[tzdata.sha256sum] = "959f81b541e042ecb13c50097d264ae92ff03a57979c478dbcf24d5da242531d" +SRC_URI[tzdata.md5sum] = "0d3123eb1b453ec0620822bd65be4c42" +SRC_URI[tzdata.sha256sum] = "5efa6b324e64ef921ef700ac3273a51895f672684a30e342f68e47871c6a8cd1" inherit allarch diff --git a/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch new file mode 100644 index 000000000..ea93823cb --- /dev/null +++ b/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch @@ -0,0 +1,38 @@ +Upstream-Status: Backport +Signed-off-by: Tudor Florea <tudor.flore@enea.com> + +From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: [PATCH 1/2] upstream fix for heap overflow + +https://bugzilla.redhat.com/attachment.cgi?id=1073002 +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/crypt.c b/crypt.c +index 784e411..a8975f2 100644 +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } +-- +2.4.6 diff --git a/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch new file mode 100644 index 000000000..da6898833 --- /dev/null +++ b/yocto-poky/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch @@ -0,0 +1,31 @@ +Upstream-Status: Backport +Signed-off-by: Tudor Florea <tudor.flore@enea.com> + +From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/extract.c b/extract.c +index 7134bfe..29db027 100644 +--- a/extract.c ++++ b/extract.c +@@ -2733,6 +2733,12 @@ __GDEF + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; +-- +2.4.6 diff --git a/yocto-poky/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff b/yocto-poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch index 0a0bfbbb1..0a0bfbbb1 100644 --- a/yocto-poky/meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff +++ b/yocto-poky/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch diff --git a/yocto-poky/meta/recipes-extended/unzip/unzip_6.0.bb b/yocto-poky/meta/recipes-extended/unzip/unzip_6.0.bb index 4a0a713a6..b38632378 100644 --- a/yocto-poky/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/yocto-poky/meta/recipes-extended/unzip/unzip_6.0.bb @@ -10,10 +10,12 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \ file://avoid-strip.patch \ file://define-ldflags.patch \ file://06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch \ - file://unzip-6.0_overflow3.diff \ + file://cve-2014-9636.patch \ file://09-cve-2014-8139-crc-overflow.patch \ file://10-cve-2014-8140-test-compr-eb.patch \ file://11-cve-2014-8141-getzip64data.patch \ + file://CVE-2015-7696.patch \ + file://CVE-2015-7697.patch \ " SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" diff --git a/yocto-poky/meta/recipes-extended/xz/xz_5.2.1.bb b/yocto-poky/meta/recipes-extended/xz/xz_5.2.1.bb index e0ae48fe4..cf7fba656 100644 --- a/yocto-poky/meta/recipes-extended/xz/xz_5.2.1.bb +++ b/yocto-poky/meta/recipes-extended/xz/xz_5.2.1.bb @@ -6,7 +6,7 @@ SECTION = "base" # which is GPLv3 is an m4 macro which isn't shipped in any of our packages, # and the LGPL bits are under lib/, which appears to be used for libgnu, which # appears to be used for DOS builds. So we're left with GPLv2+ and PD. -LICENSE = "GPLv2+ & GPLv3+ & LGPLv2.1+ & PD" +LICENSE = "GPLv2+ & GPL-3.0-with-autoconf-exception & LGPLv2.1+ & PD" LICENSE_${PN} = "GPLv2+" LICENSE_${PN}-dev = "GPLv2+" LICENSE_${PN}-staticdev = "GPLv2+" |