From ffe6d597d9e3d4407cf8062b5d6505a80ce08f41 Mon Sep 17 00:00:00 2001 From: "Jason M. Bills" Date: Tue, 28 Sep 2021 12:04:51 -0700 Subject: Update to internal 0.75 Signed-off-by: Jason M. Bills --- .../ac-boot-check/ac-boot-check_git.bb | 6 +- .../at-scale-debug/at-scale-debug_git.bb | 8 +-- .../recipes-core/base-files/base-files_%.bbappend | 4 +- .../recipes-core/busybox/busybox_%.bbappend | 2 +- .../recipes-core/dropbear/dropbear_%.bbappend | 10 ++-- .../recipes-core/fw-update/intel-fw-update.bb | 10 ++-- ..._pthread_attr_copy-in-mq_notify-bug-27896.patch | 54 ------------------ ..._pthread_attr_copy-in-mq_notify-bug-27896.patch | 52 ------------------ ...e-overflow-in-positional-parameter-number.patch | 40 -------------- .../recipes-core/glibc/glibc_%.bbappend | 5 +- .../recipes-core/interfaces/libmctp_git.bb | 18 +++--- .../recipes-core/ipmi/intel-ipmi-oem_%.bbappend | 4 +- .../kernel-panic-check/kernel-panic-check.bb | 6 +- .../recipes-core/libxcrypt/libxcrypt_%.bbappend | 2 +- .../recipes-core/logger-systemd/logger-systemd.inc | 4 +- .../recipes-core/microsoft-gsl/microsoft-gsl.bb | 2 +- .../recipes-core/nv-sync/nv-sync/nv-syncd | 8 ++- .../recipes-core/nv-sync/nv-sync_git.bb | 6 +- .../recipes-core/os-release/os-release.bbappend | 8 +-- ...ackagegroup-core-standalone-sdk-target.bbappend | 2 +- .../recipes-core/readline/readline_%.bbappend | 4 +- .../recipes-core/safec/safec_%.bbappend | 4 +- .../meta-common/recipes-core/safec/safec_3.4.bb | 2 +- .../security-registers-check.bb | 6 +- .../recipes-core/systemd/obmc-targets.bbappend | 18 +++--- .../recipes-core/systemd/systemd-conf_%.bbappend | 6 +- ...ic-unit-name-do-not-use-strdupa-on-a-path.patch | 64 ---------------------- .../recipes-core/systemd/systemd_%.bbappend | 11 ++-- .../recipes-core/util-linux/util-linux_%.bbappend | 4 ++ 29 files changed, 83 insertions(+), 287 deletions(-) delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch delete mode 100644 meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch create mode 100644 meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend (limited to 'meta-openbmc-mods/meta-common/recipes-core') diff --git a/meta-openbmc-mods/meta-common/recipes-core/ac-boot-check/ac-boot-check_git.bb b/meta-openbmc-mods/meta-common/recipes-core/ac-boot-check/ac-boot-check_git.bb index 2a30696dc..10d2c6f29 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ac-boot-check/ac-boot-check_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/ac-boot-check/ac-boot-check_git.bb @@ -8,11 +8,11 @@ SRC_URI = "file://ac-boot-check.sh \ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" -RDEPENDS_${PN} += "bash" +RDEPENDS:${PN} += "bash" inherit systemd -FILES_${PN} += "${systemd_system_unitdir}/ac-boot-check.service" +FILES:${PN} += "${systemd_system_unitdir}/ac-boot-check.service" do_install() { install -d ${D}${systemd_system_unitdir} @@ -21,4 +21,4 @@ do_install() { install -m 0755 ${S}/ac-boot-check.sh ${D}/${bindir}/ac-boot-check.sh } -SYSTEMD_SERVICE_${PN} += " ac-boot-check.service" +SYSTEMD_SERVICE:${PN} += " ac-boot-check.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb index f35fee7ab..2c18cc0ec 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb @@ -20,14 +20,14 @@ inherit useradd USERADD_PACKAGES = "${PN}" # add a special user asdbg -USERADD_PARAM_${PN} = "-u 999 asdbg" +USERADD_PARAM:${PN} = "-u 999 asdbg" S = "${WORKDIR}/git" -SYSTEMD_SERVICE_${PN} += "com.intel.AtScaleDebug.service" +SYSTEMD_SERVICE:${PN} += "com.intel.AtScaleDebug.service" # Specify any options you want to pass to cmake using EXTRA_OECMAKE: EXTRA_OECMAKE = "-DBUILD_UT=OFF" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include/uapi" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include/" diff --git a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files_%.bbappend index 79e529179..799db92f3 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/base-files/base-files_%.bbappend @@ -1,2 +1,2 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI_append = " file://fstab" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" +SRC_URI:append = " file://fstab" diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend index c72975ccc..ee6330b69 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += " \ file://disable.cfg \ file://enable.cfg \ diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend index cfa1d0711..9d5dcf6b0 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend @@ -1,4 +1,4 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" SRC_URI += "file://enable-ssh.sh" @@ -12,11 +12,11 @@ add_manual_ssh_enable() { rm ${D}/${systemd_unitdir}/system/dropbear.socket } -do_install_append() { +do_install:append() { # Add manual ssh enable script if debug-tweaks is disabled ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'add_manual_ssh_enable', d)} } -FILES_${PN} += "/usr/share/misc" -SYSTEMD_SERVICE_${PN} += "dropbearkey.service" -SYSTEMD_SERVICE_${PN}_remove += " ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'dropbear.socket', d)}" +FILES:${PN} += "/usr/share/misc" +SYSTEMD_SERVICE:${PN} += "dropbearkey.service" +SYSTEMD_SERVICE:${PN}:remove += " ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'dropbear.socket', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/fw-update/intel-fw-update.bb b/meta-openbmc-mods/meta-common/recipes-core/fw-update/intel-fw-update.bb index 118d6aab8..df7d6e7f1 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/fw-update/intel-fw-update.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/fw-update/intel-fw-update.bb @@ -3,13 +3,13 @@ DESCRIPTION = "At runtime, perform a firmware update and reboot" PR = "r1" # flash_eraseall -RDEPENDS_intel-fw-update += "mtd-utils" +RDEPENDS:intel-fw-update += "mtd-utils" # wget tftp scp -RDEPENDS_intel-fw-update += "busybox dropbear" +RDEPENDS:intel-fw-update += "busybox dropbear" # mkfs.vfat, parted -RDEPENDS_intel-fw-update += "dosfstools dtc" +RDEPENDS:intel-fw-update += "dosfstools dtc" -RDEPENDS_intel-fw-update += "bash" +RDEPENDS:intel-fw-update += "bash" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" @@ -18,7 +18,7 @@ PFR_EN = "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'pfr', '', d)}" SRC_URI += "file://fwupd.sh" SRC_URI += "file://usb-ctrl" -FILES_${PN} += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '${datadir}/pfr', '', d)}" +FILES:${PN} += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '${datadir}/pfr', '', d)}" do_install() { install -d ${D}${bindir} diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch deleted file mode 100644 index 5e1bc958b..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Thu, 27 May 2021 12:49:47 +0200 -Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) - -Make a deep copy of the pthread attribute object to remove a potential -use-after-free issue. ---- - sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c -index cc575a0cdd..f7ddfe5a6c 100644 ---- a/sysdeps/unix/sysv/linux/mq_notify.c -+++ b/sysdeps/unix/sysv/linux/mq_notify.c -@@ -133,8 +133,11 @@ helper_thread (void *arg) - (void) __pthread_barrier_wait (¬ify_barrier); - } - else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) -- /* The only state we keep is the copy of the thread attributes. */ -- free (data.attr); -+ { -+ /* The only state we keep is the copy of the thread attributes. */ -+ pthread_attr_destroy (data.attr); -+ free (data.attr); -+ } - } - return NULL; - } -@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) - if (data.attr == NULL) - return -1; - -- memcpy (data.attr, notification->sigev_notify_attributes, -- sizeof (pthread_attr_t)); -+ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); - } - - /* Construct the new request. */ -@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) - - /* If it failed, free the allocated memory. */ - if (__glibc_unlikely (retval != 0)) -- free (data.attr); -+ { -+ pthread_attr_destroy (data.attr); -+ free (data.attr); -+ } - - return retval; - } --- -2.27.0 - diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch deleted file mode 100644 index 447943a46..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Tue, 1 Jun 2021 17:51:41 +0200 -Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896) - -__pthread_attr_copy can fail and does not initialize the attribute -structure in that case. - -If __pthread_attr_copy is never called and there is no allocated -attribute, pthread_attr_destroy should not be called, otherwise -there is a null pointer dereference in rt/tst-mqueue6. - -Fixes commit 42d359350510506b87101cf77202fefcbfc790cb -("Use __pthread_attr_copy in mq_notify (bug 27896)"). - -Reviewed-by: Siddhesh Poyarekar ---- - sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c -index f7ddfe5a6c..6f46d29d1d 100644 ---- a/sysdeps/unix/sysv/linux/mq_notify.c -+++ b/sysdeps/unix/sysv/linux/mq_notify.c -@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) - if (data.attr == NULL) - return -1; - -- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); -+ int ret = __pthread_attr_copy (data.attr, -+ notification->sigev_notify_attributes); -+ if (ret != 0) -+ { -+ free (data.attr); -+ __set_errno (ret); -+ return -1; -+ } - } - - /* Construct the new request. */ -@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) - int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); - - /* If it failed, free the allocated memory. */ -- if (__glibc_unlikely (retval != 0)) -+ if (retval != 0 && data.attr != NULL) - { - pthread_attr_destroy (data.attr); - free (data.attr); --- -2.27.0 - diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch deleted file mode 100644 index 4ad5da6da..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Fri, 25 Jun 2021 15:02:47 +0200 -Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug - 28011) - -Use strtoul instead of atoi so that overflow can be detected. ---- - posix/wordexp-test.c | 1 + - posix/wordexp.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c -index f93a546d7e..9df02dbbb3 100644 ---- a/posix/wordexp-test.c -+++ b/posix/wordexp-test.c -@@ -183,6 +183,7 @@ struct test_case_struct - { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, - { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, - { 0, NULL, "", 0, 0, { NULL, }, IFS }, -+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, - - /* Flags not already covered (testit() has special handling for these) */ - { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, -diff --git a/posix/wordexp.c b/posix/wordexp.c -index bcbe96e48d..1f3b09f721 100644 ---- a/posix/wordexp.c -+++ b/posix/wordexp.c -@@ -1399,7 +1399,7 @@ envsubst: - /* Is it a numeric parameter? */ - else if (isdigit (env[0])) - { -- int n = atoi (env); -+ unsigned long n = strtoul (env, NULL, 10); - - if (n >= __libc_argc) - /* Substitute NULL. */ --- -2.27.0 - diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend index a40461c62..19e136238 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend @@ -1,9 +1,6 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += " \ file://0035-Fix-build-error.patch \ file://0036-sunrpc-use-snprintf-to-guard-against-buffer-overflow.patch \ - file://0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ - file://0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ - file://0038-CVE-2021-35942-handle-overflow-in-positional-parameter-number.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb index 9a78fd9f8..5ca73964c 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/interfaces/libmctp_git.bb @@ -2,7 +2,7 @@ SUMMARY = "libmctp" DESCRIPTION = "Implementation of MCTP (DTMF DSP0236)" SRC_URI = "git://github.com/openbmc/libmctp.git" -SRCREV = "cfeaef8ecb0ab8c59ea4e145603523e599d60014" +SRCREV = "ae59f4fe3a3ceaf52a682ada2a2b54855fad2408" PV = "0.1+git${SRCPV}" @@ -15,10 +15,10 @@ S = "${WORKDIR}/git" DEPENDS += "i2c-tools" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include/uapi" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include" -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Smbus-changes-for-libmctp.patch \ file://0002-Fix-Memory-Leak.patch \ @@ -28,16 +28,16 @@ SRC_URI += "file://0001-Smbus-changes-for-libmctp.patch \ file://libmctp-smbus.h \ file://smbus.c" -do_configure_prepend() { +do_configure:prepend() { cp -f ${WORKDIR}/*.c ${S} cp -f ${WORKDIR}/*.h ${S} cp -f ${WORKDIR}/CMakeLists.txt ${S} } # linux-libc-headers guides this way to include custom uapi headers -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include/uapi" -CXXFLAGS_append = " -I ${STAGING_KERNEL_DIR}/include" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include/uapi" +CFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include" +CXXFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include/uapi" +CXXFLAGS:append = " -I ${STAGING_KERNEL_DIR}/include" do_configure[depends] += "virtual/kernel:do_shared_workdir" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend index 2e5c11158..9b5a06fc6 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem_%.bbappend @@ -2,7 +2,7 @@ EXTRA_OECMAKE += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', '-DINTEL_PF EXTRA_OECMAKE += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'validation-unsecure', '-DBMC_VALIDATION_UNSECURE_FEATURE=ON', '', d)}" EXTRA_OECMAKE += "-DUSING_ENTITY_MANAGER_DECORATORS=OFF" SRC_URI = "git://github.com/openbmc/intel-ipmi-oem.git" -SRCREV = "a87dbd4ee3ff53e7e53052c1663f85b390a0ab31" +SRCREV = "98cb6186e77fb820dd26666118964897d36730be" -FILESEXTRAPATHS_append := ":${THISDIR}/${PN}" +FILESEXTRAPATHS:append := ":${THISDIR}/${PN}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/kernel-panic-check/kernel-panic-check.bb b/meta-openbmc-mods/meta-common/recipes-core/kernel-panic-check/kernel-panic-check.bb index 955ed1921..b95f426c4 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/kernel-panic-check/kernel-panic-check.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/kernel-panic-check/kernel-panic-check.bb @@ -10,11 +10,11 @@ SRC_URI = "file://kernel-panic-check.sh \ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" -RDEPENDS_${PN} += "bash logger-systemd" +RDEPENDS:${PN} += "bash logger-systemd" inherit systemd -FILES_${PN} += "${systemd_system_unitdir}/kernel-panic-check.service" +FILES:${PN} += "${systemd_system_unitdir}/kernel-panic-check.service" do_install() { install -d ${D}${systemd_system_unitdir} @@ -23,4 +23,4 @@ do_install() { install -m 0755 ${S}/kernel-panic-check.sh ${D}/${bindir}/kernel-panic-check.sh } -SYSTEMD_SERVICE_${PN} += " kernel-panic-check.service" +SYSTEMD_SERVICE:${PN} += " kernel-panic-check.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/libxcrypt/libxcrypt_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/libxcrypt/libxcrypt_%.bbappend index f47a3c866..386bc8204 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/libxcrypt/libxcrypt_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/libxcrypt/libxcrypt_%.bbappend @@ -1,5 +1,5 @@ # libxcrypt fails to compile under gcc with the -Os flag. Because we want to # be able to compile the rest of the system with -Os, override the global # setting here to fall back to -O3 -CFLAGS_append = " --param max-inline-insns-single=1000" +CFLAGS:append = " --param max-inline-insns-single=1000" FULL_OPTIMIZATION = "-O3 -pipe ${DEBUG_FLAGS}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/logger-systemd/logger-systemd.inc b/meta-openbmc-mods/meta-common/recipes-core/logger-systemd/logger-systemd.inc index abad9d12d..d808801c3 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/logger-systemd/logger-systemd.inc +++ b/meta-openbmc-mods/meta-common/recipes-core/logger-systemd/logger-systemd.inc @@ -18,7 +18,7 @@ LIC_FILES_CHKSUM = "file://README.licensing;md5=972a134f1e14b2b060e365df2fab0099 inherit autotools gettext pkgconfig DEPENDS = "libcap-ng ncurses virtual/crypt zlib systemd " -#DEPENDS_intel-ast2500 += " systemd " +#DEPENDS:intel-ast2500 += " systemd " #RDEPENDS_${PN} += " libsystemd" MAJOR_VERSION = "${@'.'.join(d.getVar('PV').split('.')[0:2])}" @@ -34,7 +34,7 @@ EXTRA_OECONF = " --disable-nls --disable-all-programs \ --enable-logger \ " -do_install_append () { +do_install:append () { mv ${D}${bindir}/logger ${D}${bindir}/logger-systemd rm -rf ${D}${sbindir} rm -rf ${D}${base_libdir} diff --git a/meta-openbmc-mods/meta-common/recipes-core/microsoft-gsl/microsoft-gsl.bb b/meta-openbmc-mods/meta-common/recipes-core/microsoft-gsl/microsoft-gsl.bb index f8e5505ef..645811f09 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/microsoft-gsl/microsoft-gsl.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/microsoft-gsl/microsoft-gsl.bb @@ -21,4 +21,4 @@ do_install () { done } -ALLOW_EMPTY_${PN} = "1" +ALLOW_EMPTY:${PN} = "1" diff --git a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd index e2bb4bb0c..538c96875 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd +++ b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd @@ -3,8 +3,12 @@ NVMP=/tmp/.rwfs SOMP=/var/sofs +clean_var_volatile_tmp() { + rm -rf $NVMP/.overlay/var/volatile/tmp/* || : +} + do_sync() { - rsync -a --delete /tmp/.overlay/ $NVMP/.overlay + rsync -a --delete --exclude='**/var/volatile/tmp/**' /tmp/.overlay/ $NVMP/.overlay sync $NVMP/.overlay } @@ -25,6 +29,8 @@ trap stop_nv EXIT mount -o remount,rw $NVMP mount -o remount,rw $SOMP +clean_var_volatile_tmp + # Run rsync periodically to sync the overlay to NV storage while true; do do_sync diff --git a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync_git.bb b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync_git.bb index fa74149d4..a30df4dc6 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync_git.bb @@ -12,9 +12,9 @@ LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fe inherit systemd -RDEPENDS_${PN} += "bash" +RDEPENDS:${PN} += "bash" -FILES_${PN} += "${systemd_system_unitdir}/nv-sync.service \ +FILES:${PN} += "${systemd_system_unitdir}/nv-sync.service \ ${libdir}/tmpfiles.d/nv-sync-tmp.conf" do_install() { @@ -26,4 +26,4 @@ do_install() { install -m 0644 ${WORKDIR}/nv-sync-tmp.conf ${D}${libdir}/tmpfiles.d/ } -SYSTEMD_SERVICE_${PN} += " nv-sync.service" +SYSTEMD_SERVICE:${PN} += " nv-sync.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/os-release/os-release.bbappend b/meta-openbmc-mods/meta-common/recipes-core/os-release/os-release.bbappend index ba95727b4..65739f638 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/os-release/os-release.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/os-release/os-release.bbappend @@ -7,11 +7,11 @@ require version-vars.inc -OS_RELEASE_FIELDS_append = " OPENBMC_VERSION IPMI_MAJOR IPMI_MINOR IPMI_AUX13 IPMI_AUX14 IPMI_AUX15 IPMI_AUX16" +OS_RELEASE_FIELDS:append = " OPENBMC_VERSION IPMI_MAJOR IPMI_MINOR IPMI_AUX13 IPMI_AUX14 IPMI_AUX15 IPMI_AUX16" -OS_RELEASE_FIELDS_remove = "BUILD_ID" +OS_RELEASE_FIELDS:remove = "BUILD_ID" -python do_compile_append () { +python do_compile:append () { import glob with open(d.expand('${B}/os-release'), 'a') as f: corebase = d.getVar('COREBASE', True) @@ -33,4 +33,4 @@ python do_compile_append () { BB_DONT_CACHE = "1" # Make os-release available to other recipes. -SYSROOT_DIRS_append = " ${sysconfdir}" +SYSROOT_DIRS:append = " ${sysconfdir}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bbappend b/meta-openbmc-mods/meta-common/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bbappend index 87a4c8503..fc644c307 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/packagegroups/packagegroup-core-standalone-sdk-target.bbappend @@ -1 +1 @@ -RRECOMMENDS_${PN}_append = " vim cmake sdbusplus" +RRECOMMENDS:${PN}:append = " vim cmake sdbusplus" diff --git a/meta-openbmc-mods/meta-common/recipes-core/readline/readline_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/readline/readline_%.bbappend index c63a45dd4..a16994583 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/readline/readline_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/readline/readline_%.bbappend @@ -1,2 +1,2 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI_append = " file://inputrc" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" +SRC_URI:append = " file://inputrc" diff --git a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_%.bbappend index 4ce29534d..b8256e2b1 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_%.bbappend @@ -1,5 +1,5 @@ -RDEPENDS_${PN} = "" -do_install_append() { +RDEPENDS:${PN} = "" +do_install:append() { F=$(find ${D} -name check_for_unsafe_apis) if [ -n "${F}" ]; then # remove the unused perl script diff --git a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb index bc62305e8..92d0f7cd2 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/safec/safec_3.4.bb @@ -12,4 +12,4 @@ SRC_URI = "git://github.com/rurban/safeclib.git" COMPATIBLE_HOST = '(x86_64|i.86|powerpc|powerpc64|arm|aarch64).*-linux' -RDEPENDS_${PN} = "perl" +RDEPENDS:${PN} = "perl" diff --git a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb index cfea1a910..2c4770471 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/security-registers-check/security-registers-check.bb @@ -10,11 +10,11 @@ SRC_URI = "file://security-registers-check.sh \ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://${INTELBASE}/COPYING.apache-2.0;md5=34400b68072d710fecd0a2940a0d1658" -RDEPENDS_${PN} += "bash logger-systemd" +RDEPENDS:${PN} += "bash logger-systemd" inherit systemd -FILES_${PN} += "${systemd_system_unitdir}/security-registers-check.service" +FILES:${PN} += "${systemd_system_unitdir}/security-registers-check.service" do_install() { install -d ${D}${systemd_system_unitdir} @@ -23,4 +23,4 @@ do_install() { install -m 0755 ${S}/security-registers-check.sh ${D}/${bindir}/security-registers-check.sh } -SYSTEMD_SERVICE_${PN} += " security-registers-check.service" +SYSTEMD_SERVICE:${PN} += " security-registers-check.service" diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend index 3d4e594a4..adbdb0e6e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend @@ -1,10 +1,10 @@ # Remove these files since they are provided by obmc-intel-targets -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-start@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-stop@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-shutdown@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-reboot@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-startmin@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-poweron@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-poweroff@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-hard-poweroff@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-powerreset@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-start@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-stop@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-shutdown@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-reboot@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-startmin@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-poweron@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-poweroff@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-hard-poweroff@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-powerreset@.target" diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend index b3c318e15..b7bd6796c 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend @@ -1,11 +1,11 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += "file://journald.conf \ file://systemd-timesyncd-save-time.conf \ " -FILES_${PN} += " ${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf" +FILES:${PN} += " ${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf" -do_install_append() { +do_install:append() { install -m 644 -D ${WORKDIR}/systemd-timesyncd-save-time.conf ${D}${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf } diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch deleted file mode 100644 index a240d63d4..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 4a1c5f34bd3e1daed4490e9d97918e504d19733b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) -(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce) ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 85dcba6cb7..46b24f2d9e 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend index 3fe5ff5ac..50f82d21e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend @@ -2,20 +2,19 @@ LICENSE = "GPL-2.0" -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Modfiy-system.conf-DefaultTimeoutStopSec.patch \ file://systemd-time-wait-sync.service \ file://0002-Add-event-log-for-system-time-synchronization.patch \ - file://0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch \ " -USERADD_PACKAGES_remove = "${PN}-journal-gateway ${PN}-journal-upload ${PN}-journal-remote" +USERADD_PACKAGES:remove = "${PN}-journal-gateway ${PN}-journal-upload ${PN}-journal-remote" -do_install_append(){ +do_install:append(){ rm -rf ${D}/lib/udev/rules.d/80-drivers.rules cp -f ${WORKDIR}/systemd-time-wait-sync.service ${D}/lib/systemd/system/ } -PACKAGECONFIG_remove = " kmod" -PACKAGECONFIG_append = " logind" +PACKAGECONFIG:remove = " kmod" +PACKAGECONFIG:append = " logind" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend new file mode 100644 index 000000000..fa58d9726 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend @@ -0,0 +1,4 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += " \ + " -- cgit v1.2.3